cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

Compare commits

base: cnst:3b7e5665451d833c1e9598bcfc65b0c2ecdf3e6f
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken
..
compare: cnst:compare_broken
Branches Tags
cnst:main cnst:monitors cnst:working cnst:compare_broken cnst:revert cnst:broken

32 Commits
3b7e566545 ... compare_br

Author SHA1 Message Date
cnst
d53bf7546a broken 2 2025-10-05 10:02:39 +02:00
cnst
c9edc99a85 chore(revert): slowly introducing changes 2025-10-05 09:27:51 +02:00
cnst
67e83e3e4e feat(authentik): fixing some fail2ban things 2025-10-02 05:45:35 +02:00
cnst
923c810972 feat(authentik): fixing some fail2ban things 2025-10-01 18:00:55 +02:00
cnst
6ab35f4e91 feat(www): fixing fail2ban and other minor tweaks 2025-09-30 18:16:49 +02:00
cnst
593f0e619c chore(ded): remove dead code 2025-09-29 19:31:23 +02:00
cnst
688e23d229 feat(pstate): opt in changes and sooooo 2025-09-29 19:28:33 +02:00
cnst
725a3ed27e chore(niri): go to nixpkgs niri release 2025-09-29 17:10:38 +02:00
cnst
e45dc0d223 feat(homelab): fixing cf tunnels, authentik and tailscale! 2025-09-28 18:27:17 +02:00
cnst
bc78dd7302 chore(?): hm 2025-09-28 16:24:32 +02:00
cnst
94c34f8675 chore(update): flake lock 2025-09-28 08:03:38 +02:00
cnst
fda7d972c4 chore(age): adding bunk credentials to agenix 2025-09-27 19:54:03 +02:00
cnst
f6bb6672bb chore(agenix): refactor some secrets 2025-09-27 14:35:04 +02:00
cnst
68f1cb9b09 chore(misc): removing dead code and small insignificant changes 2025-09-26 20:41:26 +02:00
cnst
e721a2088b feat(homepage-dashboard): adding some disk info 2025-09-26 17:41:19 +02:00
cnst
551a47989c Merge pull request 'feat(swaybg) adding swaybg and some script' (#5) from wutwut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/5
 2025-09-25 17:30:37 +02:00
cnst
2cb07c45a7 Merge pull request 'feat(swaybg) adding bg script' (#4) from wut into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/4
 2025-09-25 17:26:09 +02:00
cnst
4666731676 feat(swaybg) adding swaybg and some script 2025-09-25 17:17:49 +02:00
cnst
8fe6382c48 feat(swaybg) adding bg script 2025-09-25 17:16:55 +02:00
cnst
068f47e9a2 chore(alacritty): fix cfg 2025-09-24 18:46:36 +02:00
cnst
27bd976a60 chore(alacritty): fix cfg 2025-09-24 06:30:48 +02:00
cnst
9adfb329af feat(theme): go to adwaita gtk theme 2025-09-23 20:04:08 +02:00
cnst
757c3081fd feat(alacritty): change theme and flake lock 2025-09-23 20:02:08 +02:00
cnst
1d2f934c98 chore(?): remove deader code 2025-09-23 18:14:43 +02:00
cnst
86624f362d feat(IP): migrate to traefik and authentik, remove dead code 2025-09-23 18:13:28 +02:00
cnst
b752781064 feat(nextcloud): switch from nginx to caddy 2025-09-21 13:27:02 +02:00
cnst
884b40c71d chore(?): remove dead code 2025-09-21 10:32:05 +02:00
cnst
f861d363ca feat(nextcloud): finishing touches and other chores 2025-09-21 10:28:54 +02:00
cnst
c63daec95c feat(nextcloud): tweaks to nextcloud 2025-09-20 12:31:12 +02:00
cnst
2e1d28450b Merge pull request 'feat(nextcloud): back to basics' (#3) from nextc into main 
Reviewed-on: https://git.cnix.dev/cnst/cnix/pulls/3
 2025-09-19 20:09:18 +02:00
cnst
1228c800a1 feat(nextcloud): back to basics 2025-09-19 20:08:45 +02:00
cnst
1c8ccb6405 feat(sh): niri spawning script for stacking two windows of same app vertically 2025-09-19 20:03:11 +02:00
73 changed files with 1766 additions and 1434 deletions
Expand all files Collapse all files

560
flake.lock generated
View File

@@ -23,16 +23,17 @@
},
"anyrun": {
"inputs": {
"anyrun-provider": "anyrun-provider",
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2",
"systems": "systems_2"
},
"locked": {
"lastModified": 1758121794,
"narHash": "sha256-IlnFA/a9Clgbt+FuavIKWtauhtH4Fo/rGJIjJDDeYRs=",
"lastModified": 1758874004,
"narHash": "sha256-+RUCBtT01Z595NpGc6Tvms+dJ/C/cn1zdjT9+gE6dbU=",
"owner": "anyrun-org",
"repo": "anyrun",
"rev": "c787318f590102b68fbd2e5b02ea47e96f4ecb62",
"rev": "3c571bc1514c4211d1d6c011a1d482f97efd9c5f",
"type": "github"
},
"original": {
@@ -41,6 +42,27 @@
"type": "github"
}
},
"anyrun-provider": {
"inputs": {
"nixpkgs": [
"anyrun",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758817837,
"narHash": "sha256-J3Jl4Z8SJHj+ogyohPeypT5LmQtCupdBteFezwiEZ9E=",
"owner": "anyrun-org",
"repo": "anyrun-provider",
"rev": "b20650aa1bf80ae86b5bf5253d21fc0ddb7985c7",
"type": "github"
},
"original": {
"owner": "anyrun-org",
"repo": "anyrun-provider",
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
@@ -61,11 +83,11 @@
]
},
"locked": {
"lastModified": 1755946532,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=",
"lastModified": 1759499898,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"type": "github"
},
"original": {
@@ -74,6 +96,54 @@
"type": "github"
}
},
"authentik": {
"inputs": {
"authentik-src": "authentik-src",
"flake-compat": "flake-compat",
"flake-parts": [
"flake-parts"
],
"flake-utils": "flake-utils",
"napalm": "napalm",
"nixpkgs": [
"nixpkgs"
],
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"systems": "systems_3",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1759322529,
"narHash": "sha256-yiv/g/tiJI3PI95F7vhTnaf1TDsIkFLrmmFTjWfb6pQ=",
"owner": "nix-community",
"repo": "authentik-nix",
"rev": "69fac057b2e553ee17c9a09b822d735823d65a6c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "authentik-nix",
"type": "github"
}
},
"authentik-src": {
"flake": false,
"locked": {
"lastModified": 1759190535,
"narHash": "sha256-pIzDaoDWc58cY/XhsyweCwc4dfRvkaT/zqsV1gDSnCI=",
"owner": "goauthentik",
"repo": "authentik",
"rev": "8d3a289d12c7de2f244c76493af7880f70d08af2",
"type": "github"
},
"original": {
"owner": "goauthentik",
"ref": "version/2025.8.4",
"repo": "authentik",
"type": "github"
}
},
"chaotic": {
"inputs": {
"flake-schemas": "flake-schemas",
@@ -83,11 +153,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1758033778,
"narHash": "sha256-oQH2wLOWLFHXT3NE+gcsFOX+Pq40bKjlOH1xw0wcmT8=",
"lastModified": 1759532138,
"narHash": "sha256-sLQIlgDwMP3mEY2PwjGW+cL56QQ2n2WXoZ3GpG5QWOY=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "b3efa297b9c6a9e55a44f3b6905d55f80738704f",
"rev": "bad02bbca5b5c6d45539a0d740ad0e21b1ba9afc",
"type": "github"
},
"original": {
@@ -142,11 +212,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1758177713,
"narHash": "sha256-4Mesi0sOxCzrwnFHeAhL/vv1K1Wcwsl4D9duQ7ndYS8=",
"lastModified": 1759646430,
"narHash": "sha256-V8mjmGzi9nS7BZfhpzYAOUg3BcCsC6MrEh9xlKq3+7s=",
"owner": "nix-community",
"repo": "fenix",
"rev": "60316bdc00603b483992560baa14841e42e58a7b",
"rev": "b326bea4d58c9a58b346f17c710538eac00f71d1",
"type": "github"
},
"original": {
@@ -156,6 +226,7 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -171,7 +242,6 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
@@ -203,6 +273,22 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1751685974,
@@ -226,11 +312,11 @@
]
},
"locked": {
"lastModified": 1754487366,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=",
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"type": "github"
},
"original": {
@@ -246,11 +332,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -306,11 +392,11 @@
]
},
"locked": {
"lastModified": 1756770412,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=",
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"type": "github"
},
"original": {
@@ -354,6 +440,27 @@
"url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz"
}
},
"flake-utils": {
"inputs": {
"systems": [
"authentik",
"systems"
]
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fonts": {
"inputs": {
"flake-parts": "flake-parts_3",
@@ -384,11 +491,11 @@
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github"
},
"original": {
@@ -464,11 +571,11 @@
},
"hardware": {
"locked": {
"lastModified": 1757943327,
"narHash": "sha256-w6cDExPBqbq7fTLo4dZ1ozDGeq3yV6dSN4n/sAaS6OM=",
"lastModified": 1759582739,
"narHash": "sha256-spZegilADH0q5OngM86u6NmXxduCNv5eX9vCiUPhOYc=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "67a709cfe5d0643dafd798b0b613ed579de8be05",
"rev": "3441b5242af7577230a78ffb03542add264179ab",
"type": "github"
},
"original": {
@@ -483,11 +590,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1758204752,
"narHash": "sha256-tgblfdzdM3XAzYHHvA9GX9SR2P8NG2IzewmfnRmTUxg=",
"lastModified": 1759605748,
"narHash": "sha256-qALSaIE4fbTo0wbPjEp7RZKbtFk1cDhRZ0BYOHW0JwQ=",
"owner": "helix-editor",
"repo": "helix",
"rev": "0ae37dc52ba715100893c327414bcb1a1924a4c3",
"rev": "6fffaf6a7ded9a12fb2d5715a4eb83787a5e6402",
"type": "github"
},
"original": {
@@ -503,11 +610,11 @@
]
},
"locked": {
"lastModified": 1758207369,
"narHash": "sha256-BG7GlXo5moXtrFSCqnkIb1Q00szOZXTj5Dx7NmWgves=",
"lastModified": 1759573136,
"narHash": "sha256-ILSPD0Dm8p0w0fCVzOx98ZH8yFDrR75GmwmH3fS2VnE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b5698ed57db7ee7da5e93df2e6bbada91c88f3ce",
"rev": "5f06ceafc6c9b773a776b9195c3f47bbe1defa43",
"type": "github"
},
"original": {
@@ -545,11 +652,11 @@
]
},
"locked": {
"lastModified": 1757920978,
"narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=",
"lastModified": 1759337100,
"narHash": "sha256-CcT3QvZ74NGfM+lSOILcCEeU+SnqXRvl1XCRHenZ0Us=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8",
"rev": "004753ae6b04c4b18aa07192c1106800aaacf6c3",
"type": "github"
},
"original": {
@@ -603,11 +710,11 @@
]
},
"locked": {
"lastModified": 1757542864,
"narHash": "sha256-8i9tsVoOmLQDHJkNgzJWnmxYFGkJNsSndimYpCoqmoA=",
"lastModified": 1759490292,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "aa9d14963b94186934fd0715d9a7f0f2719e64bb",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"type": "github"
},
"original": {
@@ -692,15 +799,15 @@
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": "nixpkgs_6",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"systems": "systems_4",
"xdph": "xdph"
},
"locked": {
"lastModified": 1758198304,
"narHash": "sha256-UbPAu5MRqAaDT3/seC64GyVjUDsFhGaNZFMPtuE0RI4=",
"lastModified": 1759530922,
"narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=",
"owner": "hyprwm",
"repo": "hyprland",
"rev": "059ec60e9f32e4d7a21c0bc15b010bcb30a1303b",
"rev": "76d998743ac10e712238c1016db4d8e8d16f1049",
"type": "github"
},
"original": {
@@ -717,11 +824,11 @@
]
},
"locked": {
"lastModified": 1758055182,
"narHash": "sha256-0TCggLT5bUMpJYoA8+EXs8Qu+D9sTVe6eOmsNetH8OI=",
"lastModified": 1759613406,
"narHash": "sha256-PzgQJydp+RlKvwDi807pXPlURdIAVqLppZDga3DwPqg=",
"owner": "hyprwm",
"repo": "contrib",
"rev": "9e73a0e753251fbc6e987bd13324886dc6ca8f9a",
"rev": "32e1a75b65553daefb419f0906ce19e04815aa3a",
"type": "github"
},
"original": {
@@ -835,11 +942,11 @@
]
},
"locked": {
"lastModified": 1757508108,
"narHash": "sha256-bTYedtQFqqVBAh42scgX7+S3O6XKLnT6FTC6rpmyCCc=",
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "119bcb9aa742658107b326c50dcd24ab59b309b7",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
@@ -864,11 +971,11 @@
]
},
"locked": {
"lastModified": 1756810301,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=",
"lastModified": 1758927902,
"narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931",
"rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github"
},
"original": {
@@ -899,11 +1006,11 @@
]
},
"locked": {
"lastModified": 1758124489,
"narHash": "sha256-YiVF/8Me3vVKJBEgGpQhn0HF09EWfXZGaWLzAaJBrO4=",
"lastModified": 1759572448,
"narHash": "sha256-o+r44fqPQM+/hQdjFy9qV9C51Jhty6M4icFVYocyJfA=",
"owner": "hyprwm",
"repo": "hyprlock",
"rev": "7f769fa993cb492982d7bf25676c68ddbcc0268e",
"rev": "c8a6768dca626cf7d7cbc333095f048bc007b6d9",
"type": "github"
},
"original": {
@@ -962,11 +1069,11 @@
]
},
"locked": {
"lastModified": 1756117388,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=",
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"type": "github"
},
"original": {
@@ -1084,11 +1191,11 @@
]
},
"locked": {
"lastModified": 1757230583,
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=",
"lastModified": 1759387127,
"narHash": "sha256-uuwJAP92SkHmnI1zo7rrK/gEuHtb97vFZcMa5w+0SZA=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea",
"rev": "0cc290e05882745060fccfe6d7d073f913e0cce7",
"type": "github"
},
"original": {
@@ -1100,7 +1207,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_7",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
@@ -1122,11 +1229,11 @@
},
"mnw": {
"locked": {
"lastModified": 1756659871,
"narHash": "sha256-v6Rh4aQ6RKjM2N02kK9Usn0Ix7+OY66vNpeklc1MnGE=",
"lastModified": 1758834834,
"narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=",
"owner": "Gerg-L",
"repo": "mnw",
"rev": "ed6cc3e48557ba18266e598a5ebb6602499ada16",
"rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001",
"type": "github"
},
"original": {
@@ -1135,59 +1242,29 @@
"type": "github"
}
},
"niri": {
"napalm": {
"inputs": {
"niri-stable": "niri-stable",
"niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable",
"xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable"
"flake-utils": [
"authentik",
"flake-utils"
],
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758186479,
"narHash": "sha256-UdC6KXSnt1QfEigiP6TtS3R9TIqPEFJegPoTcjhC4SY=",
"owner": "sodiboo",
"repo": "niri-flake",
"rev": "b399b939d7b980b52cbd739a7d44f07017c8572e",
"lastModified": 1725806412,
"narHash": "sha256-lGZjkjds0p924QEhm/r0BhAxbHBJE1xMOldB/HmQH04=",
"owner": "willibutz",
"repo": "napalm",
"rev": "b492440d9e64ae20736d3bec5c7715ffcbde83f5",
"type": "github"
},
"original": {
"owner": "sodiboo",
"repo": "niri-flake",
"type": "github"
}
},
"niri-stable": {
"flake": false,
"locked": {
"lastModified": 1756556321,
"narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"ref": "v25.08",
"repo": "niri",
"type": "github"
}
},
"niri-unstable": {
"flake": false,
"locked": {
"lastModified": 1758183971,
"narHash": "sha256-rZpQqXa9LIwWulScUEHMqtcJqlidx5OfEfEr/iVC+AM=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "d9648e6bde1d2fc4a568dec93ba65c11073192a3",
"type": "github"
},
"original": {
"owner": "YaLTeR",
"repo": "niri",
"owner": "willibutz",
"ref": "avoid-foldl-stack-overflow",
"repo": "napalm",
"type": "github"
}
},
@@ -1201,11 +1278,11 @@
]
},
"locked": {
"lastModified": 1757814419,
"narHash": "sha256-wmlDAkOrwX9cvhXQa7wekGr/5G6SfE2D5KlvuvSEEXc=",
"lastModified": 1759629535,
"narHash": "sha256-VIXcJ2ahRgoqIUySwAz3r5mtITO2dp6tXGCVKVW6FmA=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "17db183a6a2ba1217bbfc123b47d4b5ee70b256a",
"rev": "df388c42b54714bd121796a9cec9322b7fa2894e",
"type": "github"
},
"original": {
@@ -1268,45 +1345,13 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1758070117,
"narHash": "sha256-uLwwHFCZnT1c3N3biVe/0hCkag2GSrf9+M56+Okf+WY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9b7f2ff62b35f711568b1f0866243c7c302028d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_10": {
"locked": {
"lastModified": 1756696532,
"narHash": "sha256-6FWagzm0b7I/IGigOv9pr6LL7NQ86mextfE8g8Q6HBg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "58dcbf1ec551914c3756c267b8b9c8c86baa1b2f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"lastModified": 1758690382,
"narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github"
},
"original": {
@@ -1318,11 +1363,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1758029758,
"narHash": "sha256-fKqsvznISxVSBo6aaiGGXMRiBG4IIuV3sSySxx80pcQ=",
"lastModified": 1759147044,
"narHash": "sha256-3ZPFytJOcLjTChljeaGgoaNj+tOqzgEpqZAvRe3bU90=",
"owner": "PedroHLC",
"repo": "nixpkgs",
"rev": "4eb5897225c3d7e78a0b9d1542197ee7c8d270a5",
"rev": "18e83bbe13aa50992777832b52bd0e0d8585fb3b",
"type": "github"
},
"original": {
@@ -1366,11 +1411,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1757487488,
"narHash": "sha256-zwE/e7CuPJUWKdvvTCB7iunV4E/+G0lKfv4kk/5Izdg=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ab0f3607a6c7486ea22229b92ed2d355f1482ee0",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1398,11 +1443,11 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1758035966,
"narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -1414,34 +1459,34 @@
},
"nixpkgs_9": {
"locked": {
"lastModified": 1758035966,
"narHash": "sha256-qqIJ3yxPiB0ZQTT9//nFGQYn8X/PBoJbofA7hRKZnmE=",
"owner": "NixOS",
"lastModified": 1759386674,
"narHash": "sha256-wg1Lz/1FC5Q13R+mM5a2oTV9TA9L/CHHTm3/PiLayfA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8d4ddb19d03c65a36ad8d189d001dc32ffb0306b",
"rev": "625ad6366178f03acd79f9e3822606dd7985b657",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvf": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_5",
"mnw": "mnw",
"nixpkgs": "nixpkgs_10",
"systems": "systems_4"
"nixpkgs": "nixpkgs_9",
"systems": "systems_5"
},
"locked": {
"lastModified": 1757955071,
"narHash": "sha256-owSpkt551cIqDDk5iHesdEus9REFeOIY3rY4C5ZPm/Y=",
"lastModified": 1759469269,
"narHash": "sha256-DP833ejGUNRRHsJOB3WRTaWWXLNucaDga2ju/fGe+sc=",
"owner": "notashelf",
"repo": "nvf",
"rev": "1bd9fc116420db4c1156819d61df5d5312e1bbea",
"rev": "e48638aef3a95377689de0ef940443c64f870a09",
"type": "github"
},
"original": {
@@ -1452,7 +1497,7 @@
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_2",
"nixpkgs": [
"hyprland",
@@ -1460,11 +1505,11 @@
]
},
"locked": {
"lastModified": 1757588530,
"narHash": "sha256-tJ7A8mID3ct69n9WCvZ3PzIIl3rXTdptn/lZmqSS95U=",
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "b084b2c2b6bc23e83bbfe583b03664eb0b18c411",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"type": "github"
},
"original": {
@@ -1499,13 +1544,64 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
],
"uv2nix": [
"authentik",
"uv2nix"
]
},
"locked": {
"lastModified": 1757296493,
"narHash": "sha256-6nzSZl28IwH2Vx8YSmd3t6TREHpDbKlDPK+dq1LKIZQ=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "5b8e37fe0077db5c1df3a5ee90a651345f085d38",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
]
},
"locked": {
"lastModified": 1757246327,
"narHash": "sha256-6pNlGhwOIMfhe/RLjHdpXveKS4FyLHvlGe+KtjDild4=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8d77f342d66ad1601cdb9d97e9388b69f64d4c8e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"anyrun": "anyrun",
"authentik": "authentik",
"chaotic": "chaotic",
"fenix": "fenix",
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts_2",
"fonts": "fonts",
"git-hooks": "git-hooks",
@@ -1518,11 +1614,10 @@
"hyprlock": "hyprlock",
"hyprpaper": "hyprpaper",
"lanzaboote": "lanzaboote",
"niri": "niri",
"nix-gaming": "nix-gaming",
"nixpkgs": "nixpkgs_9",
"nixpkgs": "nixpkgs_8",
"nvf": "nvf",
"systems": "systems_5",
"systems": "systems_6",
"treefmt-nix": "treefmt-nix",
"tuirun": "tuirun",
"zen-browser": "zen-browser"
@@ -1531,11 +1626,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1757362324,
"narHash": "sha256-/PAhxheUq4WBrW5i/JHzcCqK5fGWwLKdH6/Lu1tyS18=",
"lastModified": 1759601486,
"narHash": "sha256-ZywfLIFtRr907us1tONwUJLeg3ssO4D01XBFHx7RdAo=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "9edc9cbe5d8e832b5864e09854fa94861697d2fd",
"rev": "4ae99f0150c94f4bdf7192b4447f512ece3546fd",
"type": "github"
},
"original": {
@@ -1553,11 +1648,11 @@
]
},
"locked": {
"lastModified": 1757930296,
"narHash": "sha256-Z9u5VszKs8rfEvg2AsFucWEjl7wMtAln9l1b78cfBh4=",
"lastModified": 1759458749,
"narHash": "sha256-WKnbJnm1B2+TO2ZUudgS39EzecQeLl4/bnRtd3y46LI=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "09442765a05c2ca617c20ed68d9613da92a2d96b",
"rev": "bbc3a8ae797d1700e57a4f4bcc4e79af727d4138",
"type": "github"
},
"original": {
@@ -1654,6 +1749,21 @@
}
},
"systems_4": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@@ -1668,7 +1778,7 @@
"type": "github"
}
},
"systems_5": {
"systems_6": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1683,7 +1793,7 @@
"type": "github"
}
},
"systems_6": {
"systems_7": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@@ -1705,11 +1815,11 @@
]
},
"locked": {
"lastModified": 1758206697,
"narHash": "sha256-/DbPkh6PZOgfueCbs3uzlk4ASU2nPPsiVWhpMCNkAd0=",
"lastModified": 1758728421,
"narHash": "sha256-ySNJ008muQAds2JemiyrWYbwbG+V7S5wg3ZVKGHSFu8=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "128222dc911b8e2e18939537bed1762b7f3a04aa",
"rev": "5eda4ee8121f97b218f7cc73f5172098d458f1d1",
"type": "github"
},
"original": {
@@ -1724,7 +1834,7 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_6"
"systems": "systems_7"
},
"locked": {
"lastModified": 1735478319,
@@ -1740,6 +1850,31 @@
"url": "https://git.sr.ht/~canasta/tuirun"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"authentik",
"nixpkgs"
],
"pyproject-nix": [
"authentik",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1757925761,
"narHash": "sha256-7Hwz0vfHuFqCo5v7Q07GQgLBWuPvZCuf/5/pk4NoADg=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "780494c40895bb7419a73d942bee326291e80b3b",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
},
"xdph": {
"inputs": {
"hyprland-protocols": [
@@ -1781,39 +1916,6 @@
"type": "github"
}
},
"xwayland-satellite-stable": {
"flake": false,
"locked": {
"lastModified": 1755491097,
"narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "388d291e82ffbc73be18169d39470f340707edaa",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"ref": "v0.7",
"repo": "xwayland-satellite",
"type": "github"
}
},
"xwayland-satellite-unstable": {
"flake": false,
"locked": {
"lastModified": 1757179758,
"narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=",
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"rev": "970728d0d9d1eada342bb8860af214b601139e58",
"type": "github"
},
"original": {
"owner": "Supreeeme",
"repo": "xwayland-satellite",
"type": "github"
}
},
"zen-browser": {
"inputs": {
"nixpkgs": [
@@ -1821,11 +1923,11 @@
]
},
"locked": {
"lastModified": 1757279270,
"narHash": "sha256-q9XVkyORjd+5uZKuSbErz0nEzlKLR3TRwLtxPgkiJVI=",
"lastModified": 1759590499,
"narHash": "sha256-EBToRzqe5WMz4DQyxOp9/CP+rWjdaZ2EUwbItfNf3VI=",
"ref": "refs/heads/main",
"rev": "2a6161f5ef9c2c65ce1e324fa0d3e0adc12a9c95",
"revCount": 130,
"rev": "6e606c8bfa6a88209488790388b1005bc489fa66",
"revCount": 136,
"type": "git",
"url": "https://git.sr.ht/~canasta/zen-browser-flake"
},

16
flake.nix
View File

@@ -18,7 +18,11 @@
];
perSystem =
{ config, pkgs, ... }:
{
config,
pkgs,
...
}:
{
devShells.default = pkgs.mkShell {
packages = [
@@ -51,6 +55,14 @@
inputs.nixpkgs-lib.follows = "nixpkgs";
};
authentik = {
url = "github:nix-community/authentik-nix";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-parts.follows = "flake-parts";
};
};
flake-compat.url = "github:edolstra/flake-compat";
# Hyprland environment
@@ -135,8 +147,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
niri.url = "github:sodiboo/niri-flake";
# Custom
tuirun = {
url = "git+https://git.sr.ht/~canasta/tuirun";

1
hosts/default.nix
View File

@@ -82,6 +82,7 @@
self.nixosModules.settings
self.nixosModules.server
inputs.agenix.nixosModules.default
inputs.authentik.nixosModules.default
];
};
ziggy = nixosSystem {

4
hosts/kima/modules.nix
View File

@@ -5,6 +5,7 @@
variant = "latest";
hardware = [ "amd" ];
extraKernelParams = [ ];
amdOverdrive.enable = true;
};
loader = {
default = {
@@ -214,6 +215,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

12
hosts/sobotka/default.nix
View File

@@ -3,11 +3,9 @@
config,
pkgs,
...
}:
let
}: let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
in {
users.users.cnst = {
isNormalUser = true;
shell = pkgs.fish;
@@ -41,6 +39,7 @@ in
"share"
"jellyfin"
"render"
"traefik"
];
};
@@ -51,8 +50,7 @@ in
./server.nix
];
boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device =
"/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
boot.initrd.luks.devices."luks-47b35d4b-467a-4637-a5f9-45177da62897".device = "/dev/disk/by-uuid/47b35d4b-467a-4637-a5f9-45177da62897";
networking = {
hostName = "sobotka";
@@ -78,6 +76,8 @@ in
autoScrub.enable = true;
};
environment.etc."nextcloud-admin-pass".text = "DeHKor3x8^eqqnBXjqhQ&QBl*3!sOLg8agfzOILihju#^0!2AfJ9W*vn";
environment.variables.NH_FLAKE = "/home/cnst/.nix-config";
# # https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

3
hosts/sobotka/modules.nix
View File

@@ -213,6 +213,9 @@
scheduler = "scx_lavd";
flags = "--performance";
};
tailscale = {
enable = false;
};
udisks = {
enable = true;
};

39
hosts/sobotka/server.nix
View File

@@ -8,16 +8,19 @@
uid = 994;
gid = 993;
traefik = {
enable = true;
};
gitea = {
enable = true;
};
unbound = {
enable = true;
};
caddy = {
homepage-dashboard = {
enable = true;
};
homepage-dashboard = {
n8n = {
enable = true;
};
bazarr = {
@@ -44,15 +47,6 @@
uptime-kuma = {
enable = true;
};
keycloak = {
enable = true;
url = "login.cnst.dev";
dbPasswordFile = config.age.secrets.keycloakDbPasswordFile.path;
cloudflared = {
tunnelId = "590f60f8-baaa-4106-b2d1-43740c79531e";
credentialsFile = config.age.secrets.keycloakCloudflared.path;
};
};
vaultwarden = {
enable = true;
url = "vault.cnst.dev";
@@ -61,22 +55,31 @@
credentialsFile = config.age.secrets.vaultwardenCloudflared.path;
};
};
ocis = {
www = {
enable = true;
url = "cloud.cnst.dev";
url = "cnst.dev";
cloudflared = {
tunnelId = "8871dad0-e6ff-424c-9a6b-222ef0f492df";
credentialsFile = config.age.secrets.ocisCloudflared.path;
tunnelId = "e5076186-efb7-405a-998c-6155af7fb221";
credentialsFile = config.age.secrets.wwwCloudflared.path;
};
};
authentik = {
enable = true;
url = "auth.cnst.dev";
cloudflared = {
tunnelId = "b66f9368-db9e-4302-8b48-527cda34a635";
credentialsFile = config.age.secrets.authentikCloudflared.path;
};
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets.nextcloudAdminPass.path;
};
fail2ban = {
enable = true;
apiKeyFile = config.age.secrets.cloudflareFirewallApiKey.path;
zoneId = "0027acdfb8bbe010f55b676ad8698dfb";
};
syncthing = {
enable = false;
};
keepalived = {
enable = true;
interface = "enp6s0";

6
hosts/ziggy/server.nix
View File

@@ -1,5 +1,4 @@
{ config, ... }:
{
{config, ...}: {
server = {
enable = true;
email = "adam@cnst.dev";
@@ -12,9 +11,6 @@
unbound = {
enable = true;
};
caddy = {
enable = true;
};
homepage-dashboard = {
enable = false;
};

10
lib/theme/bgs.nix
View File

@@ -1,11 +1,11 @@
lib: {
bgs = rec {
files = {
wallpaper_1 = "~/media/images/bg_1.jpg";
wallpaper_2 = "~/media/images/bg_2.jpg";
wallpaper_3 = "~/media/images/bg_3.jpg";
wallpaper_4 = "~/media/images/waterwindow.jpg";
wallpaper_5 = "~/media/images/barngreet.png";
wallpaper_1 = "~/media/images/bgs/bg_1.jpg";
wallpaper_2 = "~/media/images/bgs/bg_2.jpg";
wallpaper_3 = "~/media/images/bgs/bg_3.jpg";
wallpaper_4 = "~/media/images/bgs/waterwindow.jpg";
wallpaper_5 = "~/media/images/bgs/barngreet.png";
};
list = builtins.attrNames files;

11
modules/default.nix
View File

@@ -100,7 +100,6 @@
./nixos/services/virtualisation
./nixos/services/locate
./nixos/services/mullvad
./nixos/services/mullvad-netns
./nixos/services/nfs
./nixos/services/nix-ld
./nixos/services/openssh
@@ -114,6 +113,7 @@
./nixos/services/udisks
./nixos/services/xserver
./nixos/services/zram
./nixos/services/tailscale
./nixos/system/fonts
./nixos/system/locale
@@ -123,26 +123,27 @@
server = {
imports = [
./server
./server/caddy
./server/fail2ban
./server/homepage-dashboard
./server/ocis
./server/keycloak
./server/nextcloud
./server/vaultwarden
./server/bazarr
./server/prowlarr
./server/lidarr
./server/radarr
./server/sonarr
./server/syncthing
./server/jellyseerr
./server/jellyfin
./server/n8n
./server/podman
./server/unbound
./server/uptime-kuma
./server/keepalived
./server/gitea
./server/postgres
./server/traefik
./server/www
./server/authentik
];
};
settings = {

59
modules/home/programs/alacritty/default.nix
View File

@@ -14,36 +14,37 @@ in
config = mkIf cfg.enable {
programs.alacritty = {
enable = true;
theme = "gruvbox_material_hard_dark";
settings = {
# Default colors
colors.primary = {
background = "#282828";
foreground = "#d4be98";
};
colors = {
# Normal colors
normal = {
black = "#3c3836";
red = "#ea6962";
green = "#a9b665";
yellow = "#d8a657";
blue = "#7daea3";
magenta = "#d3869b";
cyan = "#89b482";
white = "#d4be98";
};
# Bright colors (same as normal colors)
bright = {
black = "#3c3836";
red = "#ea6962";
green = "#a9b665";
yellow = "#d8a657";
blue = "#7daea3";
magenta = "#d3869b";
cyan = "#89b482";
white = "#d4be98";
};
};
# colors = {
# primary = {
# background = "#282828";
# foreground = "#d4be98";
# };
# # Normal colors
# normal = {
# black = "#3c3836";
# red = "#ea6962";
# green = "#a9b665";
# yellow = "#d8a657";
# blue = "#7daea3";
# magenta = "#d3869b";
# cyan = "#89b482";
# white = "#d4be98";
# };
# # Bright colors (same as normal colors)
# bright = {
# black = "#3c3836";
# red = "#ea6962";
# green = "#a9b665";
# yellow = "#d8a657";
# blue = "#7daea3";
# magenta = "#d3869b";
# cyan = "#89b482";
# white = "#d4be98";
# };
# };
font = {
size = 12;
normal = {
@@ -73,7 +74,7 @@ in
];
window = {
dynamic_title = true;
opacity = 0.9;
opacity = 0.95;
padding = {
x = 5;
y = 5;

70
modules/home/programs/mpv/default.nix
View File

@@ -7,6 +7,9 @@
let
inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.mpv;
inherit (config.xdg.userDirs) videos;
inherit (config.home) homeDirectory;
shaders_dir = "${pkgs.mpv-shim-default-shaders}/share/mpv-shim-default-shaders/shaders";
in
{
options = {
@@ -15,8 +18,71 @@ in
config = mkIf cfg.enable {
programs.mpv = {
enable = true;
defaultProfiles = [ "gpu-hq" ];
scripts = [ pkgs.mpvScripts.mpris ];
config = {
profile = "gpu-hq";
gpu-context = "wayland";
vo = "gpu-next";
video-sync = "display-resample";
interpolation = true;
tscale = "oversample";
fullscreen = false;
keep-open = true;
sub-auto = "fuzzy";
sub-font = "Noto Sans Medium";
sub-blur = 10;
screenshot-format = "png";
title = "\${filename} - mpv";
script-opts = "osc-title=\${filename},osc-boxalpha=150,osc-visibility=never,osc-boxvideo=yes";
ytdl-format = "bestvideo[height<=?1440]+bestaudio/best";
ao = "pipewire";
alang = "eng,en";
slang = "eng,en,enUS";
glsl-shader = "${homeDirectory}/.config/mpv/shaders/FSR.glsl";
scale = "lanczos";
cscale = "lanczos";
dscale = "mitchell";
deband = "yes";
scale-antiring = 1;
osc = "no";
osd-on-seek = "no";
osd-bar = "no";
osd-bar-w = 30;
osd-bar-h = "0.2";
osd-duration = 750;
really-quiet = "yes";
autofit = "65%";
};
bindings = {
"ctrl+a" = "script-message osc-visibility cycle";
};
scripts = with pkgs.mpvScripts; [
mpris
uosc
thumbfast
sponsorblock
autocrop
];
};
programs.yt-dlp = {
enable = true;
extraConfig = ''
-o ${videos}/youtube/%(title)s.%(ext)s
'';
};
home = {
file = {
".config/mpv/shaders/FSR.glsl".source = "${shaders_dir}/FSR.glsl";
};
packages = with pkgs; [
jellyfin-mpv-shim
];
};
};
}

8
modules/home/services/gtk/default.nix
View File

@@ -27,10 +27,10 @@ in
};
gtk = {
enable = true;
theme = {
package = pkgs.orchis-theme;
name = "Orchis-Grey-Dark-Compact";
};
# theme = {
# package = pkgs.orchis-theme;
# name = "Orchis-Grey-Dark-Compact";
# };
iconTheme = {
# package = pkgs.adwaita-icon-theme;
package = pkgs.papirus-icon-theme;

13
modules/nixos/boot/kernel/default.nix
View File

@@ -5,7 +5,12 @@
...
}:
let
inherit (lib) mkOption types;
inherit (lib)
mkOption
types
mkEnableOption
mkIf
;
cfg = config.nixos.boot.kernel;
hasHardware = hw: builtins.elem hw cfg.hardware;
@@ -37,8 +42,11 @@ in
);
default = [ ];
description = "List of hardware types (e.g. GPU and CPU vendors) to configure kernel settings for.";
};
amdOverdrive.enable = mkEnableOption "Enable AMD pstate/overdrive";
extraKernelParams = mkOption {
type = types.listOf types.str;
default = [ ];
@@ -74,7 +82,7 @@ in
"quiet"
"splash"
]
++ (if hasHardware "amd" then [ "amd_pstate=active" ] else [ ])
++ (if hasHardware "amd" then [ ] else [ ])
++ (if hasHardware "intel" then [ ] else [ ])
++ (if hasHardware "nvidia" then [ ] else [ ])
++ cfg.extraKernelParams;
@@ -85,5 +93,6 @@ in
++ (if hasHardware "nvidia" then [ "nouveau" ] else [ ])
++ cfg.extraBlacklistedModules;
};
hardware.amdgpu.overdrive.enable = mkIf cfg.amdOverdrive.enable true;
};
}

8
modules/nixos/hardware/graphics/default.nix
View File

@@ -89,7 +89,8 @@ in
config = mkIf cfg.enable (mkMerge [
{
hardware.graphics = {
hardware = {
graphics = {
enable = true;
enable32Bit = true;
extraPackages = flatten (
@@ -121,6 +122,7 @@ in
extraPackages32 = flatten (concatMap (_: commonPackages32) cfg.vendors);
};
};
environment.systemPackages = flatten (
concatMap (
@@ -145,10 +147,6 @@ in
);
}
(mkIf (hasVendor "amd") {
hardware.amdgpu.overdrive.enable = true;
})
(mkIf (hasVendor "nvidia") {
hardware.nvidia = {
package =

7
modules/nixos/programs/niri/default.nix
View File

@@ -1,6 +1,5 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -14,22 +13,22 @@ in
nixos.programs.niri.enable = mkEnableOption "Enables niri";
};
config = mkIf cfg.enable {
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
environment = {
variables = {
DISPLAY = ":0";
NIXOS_OZONE_WL = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
};
systemPackages = with pkgs; [
xwayland-satellite-unstable
xwayland-satellite
wl-clipboard
wayland-utils
xdg-utils
];
};
systemd.user.services.niri-flake-polkit.enable = false;
programs.niri = {
enable = true;
package = pkgs.niri-unstable;
};
};
}

10
modules/nixos/services/agenix/default.nix
View File

@@ -74,21 +74,11 @@ in {
wgCredentials.file = "${self}/secrets/wgCredentials.age";
wgSobotkaPrivateKey.file = "${self}/secrets/wgSobotkaPrivateKey.age";
gluetunEnvironment.file = "${self}/secrets/gluetunEnvironment.age";
keycloakCloudflared.file = "${self}/secrets/keycloakCloudflared.age";
keycloakDbPasswordFile.file = "${self}/secrets/keycloakDbPasswordFile.age";
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
ocisCloudflared.file = "${self}/secrets/ocisCloudflared.age";
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
homepageEnvironment.file = "${self}/secrets/homepageEnvironment.age";
pihole.file = "${self}/secrets/pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
})
(mkIf cfg.ziggy.enable {
secrets = {
cloudflareDnsCredentialsZiggy.file = "${self}/secrets/cloudflareDnsCredentialsZiggy.age";
piholeZiggy.file = "${self}/secrets/piholeZiggy.age";
};
})
(mkIf cfg.toothpc.enable {

2
modules/nixos/services/greetd/default.nix
View File

@@ -63,7 +63,7 @@ in
settings = rec {
tuigreet_session =
let
session = "${pkgs.niri-unstable}/bin/niri-session";
session = "${pkgs.niri}/bin/niri-session";
tuigreet = "${lib.getExe pkgs.tuigreet}";
in
{

50
modules/nixos/services/mullvad-netns/default.nix
View File

@@ -1,50 +0,0 @@
{ self, pkgs, ... }:
{
age.secrets.wgCredentials = {
file = "${self}/secrets/wgCredentials.age";
mode = "0400";
owner = "root";
group = "root";
path = "/etc/wireguard/mullvad.conf";
};
systemd.services.mullvad-netns = {
description = "WireGuard Mullvad netns for VMs";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.writeShellScript "mullvad-netns-up" ''
set -euo pipefail
ip netns add mullvad || true
ip link add veth0 type veth peer name veth1 || true
ip link set veth1 netns mullvad
ip addr add 10.250.0.1/24 dev veth0 || true
ip link set veth0 up
ip netns exec mullvad ip addr add 10.250.0.2/24 dev veth1 || true
ip netns exec mullvad ip link set veth1 up
ip netns exec mullvad wg-quick up /etc/wireguard/mullvad.conf
ip netns exec mullvad ip route add default dev wg0 || true
nft add table ip mullvad-nat || true
nft add chain ip mullvad-nat postrouting { type nat hook postrouting priority 100 \; } || true
nft add rule ip mullvad-nat postrouting ip saddr 10.250.0.0/24 oif "wg0" masquerade || true
''}";
ExecStop = "${pkgs.writeShellScript "mullvad-netns-down" ''
set -euo pipefail
ip netns exec mullvad wg-quick down /etc/wireguard/mullvad.conf || true
ip link delete veth0 || true
ip netns delete mullvad || true
nft delete table ip mullvad-nat || true
''}";
};
# no wantedBy here -> won't start at boot
};
}

16
modules/nixos/services/tailscale/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.nixos.services.tailscale;
in {
options.nixos.services.tailscale = {
enable = mkEnableOption "Enable tailscale";
};
config = mkIf cfg.enable {
services.tailscale.enable = true;
};
}

10
modules/nixos/system/xdg/default.nix
View File

@@ -30,13 +30,19 @@ in
enable = true;
xdgOpenUsePortal = cfg.xdgOpenUsePortal;
config = {
common.default = [ "gtk" ];
common.default = [
"gtk"
"gnome"
];
hyprland.default = [
"gtk"
"hyprland"
];
};
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-gnome
];
};
};
}

148
modules/server/authentik/default.nix Normal file
View File

@@ -0,0 +1,148 @@
{
config,
lib,
pkgs,
self,
...
}: let
unit = "authentik";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "auth.${srv.www.domain}";
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Authentik";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "An open-source IdP for modern SSO";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "authentik.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
authentikEnv = {
file = "${self}/secrets/authentikEnv.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
authentikCloudflared = {
file = "${self}/secrets/authentikCloudflared.age";
owner = "authentik";
group = "authentik";
mode = "0400";
};
};
server = {
fail2ban = lib.mkIf cfg.enable {
jails = {
authentik = {
serviceName = "authentik";
failRegex = "^.*Username or password is incorrect.*IP:\s*<HOST>";
};
};
};
};
services = {
authentik = {
enable = true;
environmentFile = config.age.secrets.authentikEnv.path;
settings = {
email = {
};
disable_startup_analytics = true;
avatars = "initials";
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:9000";
};
};
traefik = {
dynamicConfigOptions = {
http = {
middlewares = {
authentik = {
forwardAuth = {
# tls.insecureSkipVerify = true;
address = "https://localhost:9443/outpost.goauthentik.io/auth/traefik";
trustForwardHeader = true;
authResponseHeaders = [
"X-authentik-username"
"X-authentik-groups"
"X-authentik-email"
"X-authentik-name"
"X-authentik-uid"
"X-authentik-jwt"
"X-authentik-meta-jwks"
"X-authentik-meta-outpost"
"X-authentik-meta-provider"
"X-authentik-meta-app"
"X-authentik-meta-version"
];
timeout = "10s";
};
};
};
services = {
auth.loadBalancer.servers = [
{
url = "http://localhost:9000";
}
];
};
routers = {
auth = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`) || HostRegexp(`{subdomain:[a-z0-9]+}.${srv.www.url}`) && PathPrefix(`/outpost.goauthentik.io/`)";
service = "auth";
tls.certResolver = "letsencrypt";
};
};
};
};
};
};
};
}

26
modules/server/bazarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "bazarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.bazarr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}];
routers = {
bazarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "bazarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

63
modules/server/caddy/default.nix
View File

@@ -1,63 +0,0 @@
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.server.caddy;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options = {
server.caddy.enable = mkEnableOption "Enables caddy";
};
config = mkIf cfg.enable {
networking.firewall = let
ports = [
80
443
];
in {
allowedTCPPorts = ports;
};
security.acme = {
acceptTerms = true;
defaults.email = config.server.email;
certs.${config.server.domain} = {
reloadServices = ["caddy.service"];
domain = "${config.server.domain}";
extraDomainNames = ["*.${config.server.domain}"];
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
group = config.services.caddy.group;
environmentFile = getCloudflareCredentials config.networking.hostName;
};
};
services.caddy = {
enable = true;
globalConfig = ''
auto_https off
'';
virtualHosts = {
"http://${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
"http://*.${config.server.domain}" = {
extraConfig = ''
redir https://{host}{uri}
'';
};
};
};
};
}

12
modules/server/default.nix
View File

@@ -1,14 +1,16 @@
{
lib,
config,
pkgs,
...
}:
let
}: let
hardDrives = [
"/dev/disk/by-label/data"
];
inherit (lib) mkOption types;
cfg = config.server;
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
in {
options.server = {
enable = lib.mkEnableOption "The server services and configuration variables";
email = mkOption {
@@ -90,6 +92,8 @@ in
"share"
"render"
"input"
"authentik"
"traefik"
];
};
};

30
modules/server/fail2ban/default.nix
View File

@@ -4,11 +4,9 @@
config,
pkgs,
...
}:
let
}: let
cfg = config.server.fail2ban;
in
{
in {
options.server.fail2ban = {
enable = lib.mkEnableOption {
description = "Enable cloudflare fail2ban";
@@ -17,7 +15,7 @@ in
description = "File containing your API key, scoped to Firewall Rules: Edit";
type = lib.types.str;
example = lib.literalExpression ''
Authorization: Bearer Qj06My1wXJEzcW46QCyjFbSMgVtwIGfX63Ki3NOj79o=
Authorization: Bearer vH6-p0y=i4w3n7TjKqZ@x8D_lR!A9b2cOezXgUuJdE5F
'''
'';
};
@@ -57,10 +55,11 @@ in
pkgs.jq
];
jails = lib.attrsets.mapAttrs (name: value: {
jails =
lib.attrsets.mapAttrs (name: value: {
settings = {
bantime = "30d";
findtime = "1h";
bantime = "24h";
findtime = "10m";
enabled = true;
backend = "systemd";
journalmatch = "_SYSTEMD_UNIT=${value.serviceName}.service";
@@ -69,27 +68,26 @@ in
maxretry = 3;
action = "cloudflare-token-agenix";
};
}) cfg.jails;
})
cfg.jails;
};
environment.etc = lib.attrsets.mergeAttrsList [
(lib.attrsets.mapAttrs' (
name: value:
(lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
name: value: (lib.nameValuePair "fail2ban/filter.d/${name}.conf" {
text = ''
[Definition]
failregex = ${value.failRegex}
ignoreregex = ${value.ignoreRegex}
'';
})
) cfg.jails)
)
cfg.jails)
{
"fail2ban/action.d/cloudflare-token-agenix.conf".text =
let
"fail2ban/action.d/cloudflare-token-agenix.conf".text = let
notes = "Fail2Ban on ${config.networking.hostName}";
cfapi = "https://api.cloudflare.com/client/v4/zones/${cfg.zoneId}/firewall/access_rules/rules";
in
''
in ''
[Definition]
actionstart =
actionstop =

26
modules/server/gitea/default.nix
View File

@@ -3,13 +3,11 @@
config,
lib,
...
}:
let
}: let
unit = "gitea";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -101,11 +99,21 @@ in
};
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:5003
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.gitea.loadBalancer.servers = [{url = "http://127.0.0.1:5003";}];
routers = {
gitea = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "gitea";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
server.postgresql.databases = [

77
modules/server/homepage-dashboard/default.nix
View File

@@ -1,14 +1,13 @@
{
config,
lib,
self,
...
}:
let
}: let
unit = "homepage-dashboard";
cfg = config.server.homepage-dashboard;
srv = config.server;
in
{
in {
options.server.homepage-dashboard = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -38,10 +37,16 @@ in
};
};
config = lib.mkIf cfg.enable {
services.glances.enable = true;
services.${unit} = {
age.secrets = {
homepageEnvironment = {
file = "${self}/secrets/homepageEnvironment.age";
};
};
services = {
glances.enable = true;
${unit} = {
enable = true;
allowedHosts = srv.domain;
environmentFile = config.age.secrets.homepageEnvironment.path;
settings = {
layout = [
{
@@ -80,7 +85,6 @@ in
statusStyle = "dot";
hideVersion = "true";
};
widgets = [
{
openmeteo = {
@@ -92,41 +96,28 @@ in
longitude = 16.324541;
};
}
{
datetime = {
text_size = "x1";
format = {
hour12 = false;
timeStyle = "short";
dateStyle = "long";
};
};
}
{
resources = {
label = "";
label = "SYSTEM";
memory = true;
disk = [ "/" ];
cpu = true;
uptime = true;
};
}
];
services =
let
services = let
homepageCategories = [
"Arr"
"Media"
"Downloads"
"Services"
"Smart Home"
];
hl = config.server;
mergedServices = hl // hl.podman;
homepageServices =
x:
(lib.attrsets.filterAttrs (
homepageServices = x: (lib.attrsets.filterAttrs (
name: value: value ? homepage && value.homepage.category == x
) mergedServices);
)
mergedServices);
in
lib.lists.forEach homepageCategories (cat: {
"${cat}" =
@@ -148,11 +139,9 @@ in
++ [{Misc = cfg.misc;}]
++ [
{
Glances =
let
Glances = let
port = toString config.services.glances.port;
in
[
in [
{
Info = {
widget = {
@@ -223,11 +212,25 @@ in
}
];
};
services.caddy.virtualHosts."${srv.domain}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString config.services.${unit}.listenPort}
'';
traefik = {
dynamicConfigOptions = {
http = {
services.homepage.loadBalancer.servers = [
{url = "http://127.0.0.1:${toString config.services.${unit}.listenPort}";}
];
routers = {
homepage = {
entryPoints = ["websecure"];
rule = "Host(`cnix.dev`)";
service = "homepage";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

26
modules/server/jellyfin/default.nix
View File

@@ -3,13 +3,11 @@
lib,
pkgs,
...
}:
let
}: let
service = "jellyfin";
cfg = config.server.${service};
srv = config.server;
in
{
in {
options.server.${service} = {
enable = lib.mkEnableOption {
description = "Enable ${service}";
@@ -48,11 +46,21 @@ in
environment.systemPackages = with pkgs; [
jellyfin-ffmpeg
];
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8096
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.jellyfin.loadBalancer.servers = [{url = "http://127.0.0.1:8096";}];
routers = {
jellyfin = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyfin";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

26
modules/server/jellyseerr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
service = "jellyseerr";
srv = config.server;
cfg = config.server.${service};
in
{
in {
options.server.${service} = {
enable = lib.mkEnableOption {
description = "Enable ${service}";
@@ -43,11 +41,21 @@ in
enable = true;
port = cfg.port;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.port}
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.jellyseerr.loadBalancer.servers = [{url = "http://127.0.0.1:${toString cfg.port}";}];
routers = {
jellyseerr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "jellyseerr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

100
modules/server/keycloak/default.nix
View File

@@ -1,100 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
unit = "keycloak";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "login.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Keycloak";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Open Source Identity and Access Management";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "keycloak.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
dbPasswordFile = lib.mkOption {
type = lib.types.path;
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = lib.mkIf cfg.enable {
server.postgresql.databases = [
{
database = "keycloak";
}
];
services.cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:${
toString config.services.${unit}.settings.http-port
}";
};
};
environment.systemPackages = [
pkgs.keycloak
];
services.${unit} = {
enable = true;
initialAdminPassword = "pwpwpw";
database = {
type = "postgresql";
host = "127.0.0.1";
port = 5432;
name = "keycloak";
username = "keycloak";
passwordFile = cfg.dbPasswordFile;
useSSL = false;
};
settings = {
spi-theme-static-max-age = "-1";
spi-theme-cache-themes = false;
spi-theme-cache-templates = false;
http-port = 8821;
hostname = cfg.url;
hostname-strict = false;
hostname-strict-https = false;
proxy-headers = "xforwarded";
http-enabled = true;
};
};
};
}

26
modules/server/lidarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "lidarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8686
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.lidarr.loadBalancer.servers = [{url = "http://127.0.0.1:8686";}];
routers = {
lidarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "lidarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

64
modules/server/n8n/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
...
}: let
unit = "n8n";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "n8n";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A workflow automation platform";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "n8n.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
services = {
n8n = {
enable = true;
openFirewall = true;
};
traefik = {
dynamicConfigOptions = {
http = {
services.n8n.loadBalancer.servers = [{url = "http://127.0.0.1:5678";}];
routers = {
n8n = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "n8n";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

147
modules/server/nextcloud/default.nix Normal file
View File

@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
self,
...
}: let
unit = "nextcloud";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
adminpassFile = lib.mkOption {
type = lib.types.path;
};
adminuser = lib.mkOption {
type = lib.types.str;
default = "cnst";
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "cloud.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Nextcloud";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A safe home for all your data";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "nextcloud.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
nextcloudAdminPass.file = "${self}/secrets/nextcloudAdminPass.age";
nextcloudCloudflared.file = "${self}/secrets/nextcloudCloudflared.age";
};
server.fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {
nextcloud = {
serviceName = "phpfpm-nextcloud";
failRegex = "^.*Login failed:.*(Remote IP: <HOST>).*$";
};
};
};
services = {
${unit} = {
enable = true;
package = pkgs.nextcloud31;
hostName = "nextcloud";
configureRedis = true;
caching = {
redis = true;
};
phpOptions = {
"opcache.interned_strings_buffer" = "32";
};
maxUploadSize = "50G";
settings = {
maintenance_window_start = "1";
trusted_proxies = [
"127.0.0.1"
"::1"
];
trusted_domains = ["cloud.${srv.domain}"];
overwriteprotocol = "https";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
"OC\\Preview\\HEIC"
];
};
config = {
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql";
dbname = "nextcloud";
adminuser = "cnst";
adminpassFile = cfg.adminpassFile;
};
};
nginx = {
defaultListen = [
{
addr = "127.0.0.1";
port = 8182;
}
{
addr = "127.0.0.1";
port = 8482;
}
];
virtualHosts.nextcloud = {
forceSSL = false;
};
};
traefik.dynamicConfigOptions.http = {
routers.nextcloud = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "nextcloud";
tls.certResolver = "letsencrypt";
};
services.nextcloud.loadBalancer.servers = [
{url = "http://127.0.0.1:8182";}
];
};
};
server.postgresql.databases = [
{
database = "nextcloud";
}
];
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
};
}

154
modules/server/ocis/default.nix
View File

@@ -1,154 +0,0 @@
{
config,
pkgs,
lib,
...
}: let
unit = "ocis";
cfg = config.server.${unit};
srv = config.server;
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
adminUser = lib.mkOption {
type = lib.types.str;
default = "cnst";
};
adminPass = lib.mkOption {
type = lib.types.path;
};
configDir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "cloud.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "OCIS";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "A safe home for all your data";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "owncloud.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = lib.mkIf cfg.enable {
server = {
postgresql.databases = [
{
database = "ocis";
}
];
fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {
nextcloud = {
serviceName = "phpfm-nextcloud";
failRegex = "^.*Login failed:.*(Remote IP: <HOST>).*$";
};
};
};
};
systemd.services.ocis.preStart = ''
${lib.getExe pkgs.ocis} init || true
'';
services = {
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://${config.services.ocis.address}:${toString config.services.ocis.port}";
};
};
${unit} = {
enable = true;
url = "https://${cfg.url}";
environment = let
cspFormat = pkgs.formats.yaml {};
cspConfig = {
directives = {
child-src = ["'self'"];
connect-src = [
"'self'"
"blob:"
"https://${srv.keycloak.url}"
];
default-src = ["'none'"];
font-src = ["'self'"];
frame-ancestors = ["'none'"];
frame-src = [
"'self'"
"blob:"
"https://embed.diagrams.net"
];
img-src = [
"'self'"
"data:"
"blob:"
];
manifest-src = ["'self'"];
media-src = ["'self'"];
object-src = [
"'self'"
"blob:"
];
script-src = [
"'self'"
"'unsafe-inline'"
];
style-src = [
"'self'"
"'unsafe-inline'"
];
};
};
in {
PROXY_AUTOPROVISION_ACCOUNTS = "true";
PROXY_ROLE_ASSIGNMENT_DRIVER = "oidc";
OCIS_OIDC_ISSUER = "https://${srv.keycloak.url}/realms/OpenCloud";
PROXY_OIDC_REWRITE_WELLKNOWN = "true";
WEB_OIDC_CLIENT_ID = "ocis";
OCIS_LOG_LEVEL = "error";
PROXY_TLS = "false";
PROXY_USER_OIDC_CLAIM = "preferred_username";
PROXY_USER_CS3_CLAIM = "username";
OCIS_ADMIN_USER_ID = "";
OCIS_INSECURE = "false";
OCIS_EXCLUDE_RUN_SERVICES = "idp";
GRAPH_ASSIGN_DEFAULT_USER_ROLE = "false";
PROXY_CSP_CONFIG_FILE_LOCATION = toString (cspFormat.generate "csp.yaml" cspConfig);
GRAPH_USERNAME_MATCH = "none";
PROXY_ROLE_ASSIGNMENT_ENABLED = "true";
PROXY_ROLE_ASSIGNMENT_OIDC_CLAIM = "realm_access.roles";
PROXY_ROLE_ASSIGNMENT_MAPPING = "ocisAdmin:admin,ocisUser:user";
};
};
};
};
}

74
modules/server/podman/default.nix
View File

@@ -2,6 +2,7 @@
config,
lib,
pkgs,
self,
...
}: let
srv = config.server;
@@ -121,6 +122,11 @@ in {
};
config = lib.mkIf cfg.enable {
age.secrets = {
pihole.file = "${self}/secrets/${config.networking.hostName}Pihole.age";
slskd.file = "${self}/secrets/slskd.age";
};
virtualisation = {
containers.enable = true;
podman.enable = true;
@@ -137,31 +143,58 @@ in {
];
};
services.caddy.virtualHosts = lib.mkMerge [
services.traefik = lib.mkMerge [
(lib.mkIf cfg.pihole.enable {
dynamicConfigOptions = {
http = {
services = {
pihole.loadBalancer.servers = [{url = "http://localhost:${toString cfg.pihole.port}";}];
};
routers = {
pihole = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.pihole.url}`)";
service = "pihole";
tls.certResolver = "letsencrypt";
};
};
};
};
})
(lib.mkIf cfg.qbittorrent.enable {
"${cfg.qbittorrent.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.qbittorrent.port}
'';
dynamicConfigOptions = {
http = {
services = {
qbittorrent.loadBalancer.servers = [{url = "http://localhost:${toString cfg.qbittorrent.port}";}];
};
routers = {
qbittorrent = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.qbittorrent.url}`)";
service = "qbittorrent";
tls.certResolver = "letsencrypt";
};
};
};
};
})
(lib.mkIf cfg.slskd.enable {
"${cfg.slskd.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.slskd.port}
'';
dynamicConfigOptions = {
http = {
services = {
slskd.loadBalancer.servers = [{url = "http://localhost:${toString cfg.slskd.port}";}];
};
routers = {
slskd = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.slskd.url}`)";
service = "slskd";
tls.certResolver = "letsencrypt";
};
};
};
})
(lib.mkIf cfg.pihole.enable {
"${cfg.pihole.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:${toString cfg.pihole.port}
'';
};
})
];
@@ -268,9 +301,6 @@ in {
environment = {
TZ = "Europe/Stockholm";
CUSTOM_CACHE_SIZE = "0";
# PIHOLE_DNS_ = "10.88.0.1#5335";
# DNSSEC = "false";
# REV_SERVER = "true";
WEBTHEME = "default-darker";
};
environmentFiles = getPiholeSecret config.networking.hostName;

44
modules/server/prowlarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "prowlarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -47,18 +45,34 @@ in
enable = true;
};
caddy = {
virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:9696
'';
traefik = {
dynamicConfigOptions = {
http = {
services = {
prowlarr = {
loadBalancer.servers = [{url = "http://127.0.0.1:9696";}];
};
flaresolverr = {
loadBalancer.servers = [{url = "http://127.0.0.1:8191";}];
};
};
routers = {
prowlarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "prowlarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
flaresolverr = {
entryPoints = ["websecure"];
rule = "Host(`flaresolverr.${srv.domain}`)";
service = "flaresolverr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
virtualHosts."flaresolverr.${srv.domain}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8191
'';
};
};
};

26
modules/server/radarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "radarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:7878
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.radarr.loadBalancer.servers = [{url = "http://127.0.0.1:7878";}];
routers = {
radarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "radarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

26
modules/server/sonarr/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "sonarr";
srv = config.server;
cfg = config.server.${unit};
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -44,11 +42,21 @@ in
user = srv.user;
group = srv.group;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8989
'';
services.traefik = {
dynamicConfigOptions = {
http = {
services.sonarr.loadBalancer.servers = [{url = "http://127.0.0.1:8989";}];
routers = {
sonarr = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "sonarr";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
}

62
modules/server/syncthing/default.nix
View File

@@ -1,62 +0,0 @@
{
config,
lib,
...
}: let
unit = "syncthing";
srv = config.server;
cfg = config.server.${unit};
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${unit}.${srv.domain}";
};
homepage.name = lib.mkOption {
type = lib.types.str;
default = "Syncthing";
};
homepage.description = lib.mkOption {
type = lib.types.str;
default = "Continuous file synchronization program";
};
homepage.icon = lib.mkOption {
type = lib.types.str;
default = "syncthing.svg";
};
homepage.category = lib.mkOption {
type = lib.types.str;
default = "Services";
};
};
config = lib.mkIf cfg.enable {
networking.firewall = {
allowedTCPPorts = [
8384
22000
];
allowedUDPPorts = [
22000
21027
];
};
services.${unit} = {
enable = true;
user = srv.user;
guiAddress = "0.0.0.0:8384";
overrideFolders = false;
overrideDevices = false;
dataDir = "/home/${srv.user}/syncthing";
configDir = "/home/${srv.user}/syncthing/.config/syncthing";
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:8384
'';
};
};
}

100
modules/server/traefik/default.nix Normal file
View File

@@ -0,0 +1,100 @@
{
lib,
config,
pkgs,
self,
...
}: let
inherit (lib) mkEnableOption mkIf types;
cfg = config.server.traefik;
getCloudflareCredentials = hostname:
if hostname == "ziggy"
then config.age.secrets.cloudflareDnsCredentialsZiggy.path
else if hostname == "sobotka"
then config.age.secrets.cloudflareDnsCredentials.path
else throw "Unknown hostname: ${hostname}";
in {
options.server.traefik = {
enable = mkEnableOption "Enable global Traefik reverse proxy with ACME";
};
config = mkIf cfg.enable {
age.secrets.traefikEnv = {
file = "${self}/secrets/traefikEnv.age";
mode = "640";
owner = "root";
group = "traefik";
};
systemd.services.traefik = {
serviceConfig = {
EnvironmentFile = [config.age.secrets.traefikEnv.path];
};
};
networking.firewall.allowedTCPPorts = [80 443];
services = {
tailscale.permitCertUid = "traefik";
traefik = {
enable = true;
staticConfigOptions = {
log = {
level = "DEBUG";
};
tracing = {};
api = {
dashboard = true;
};
certificatesResolvers = {
tailscale.tailscale = {};
letsencrypt = {
acme = {
email = "adam@cnst.dev";
storage = "/var/lib/traefik/cert.json";
dnsChallenge = {
provider = "cloudflare";
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
};
};
};
};
entryPoints = {
redis = {
address = "0.0.0.0:6381";
};
postgres = {
address = "0.0.0.0:5433";
};
web = {
address = "0.0.0.0:80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
permanent = true;
};
};
websecure = {
address = "0.0.0.0:443";
http.tls = {
certResolver = "letsencrypt";
domains = [
{
main = "cnix.dev";
sans = ["*.cnix.dev"];
}
];
};
};
};
};
};
};
};
}

30
modules/server/uptime-kuma/default.nix
View File

@@ -2,13 +2,11 @@
config,
lib,
...
}:
let
}: let
unit = "uptime-kuma";
cfg = config.server.${unit};
srv = config.server;
in
{
in {
options.server.${unit} = {
enable = lib.mkEnableOption {
description = "Enable ${unit}";
@@ -39,14 +37,26 @@ in
};
};
config = lib.mkIf cfg.enable {
services.${unit} = {
services = {
${unit} = {
enable = true;
};
services.caddy.virtualHosts."${cfg.url}" = {
useACMEHost = srv.domain;
extraConfig = ''
reverse_proxy http://127.0.0.1:3001
'';
traefik = {
dynamicConfigOptions = {
http = {
services.uptime-kuma.loadBalancer.servers = [{url = "http://127.0.0.1:3001";}];
routers = {
uptime-kuma = {
entryPoints = ["websecure"];
rule = "Host(`${cfg.url}`)";
service = "uptime-kuma";
tls.certResolver = "letsencrypt";
# middlewares = ["authentik"];
};
};
};
};
};
};
};
}

12
modules/server/vaultwarden/default.nix
View File

@@ -2,14 +2,13 @@
{
config,
lib,
self,
...
}:
let
}: let
inherit (lib) mkIf mkEnableOption;
vcfg = config.services.vaultwarden.config;
cfg = config.server.vaultwarden;
in
{
in {
options = {
server.vaultwarden = {
enable = mkEnableOption "Enables vaultwarden";
@@ -35,6 +34,11 @@ in
};
config = mkIf cfg.enable {
age.secrets = {
vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
vaultwardenEnvironment.file = "${self}/secrets/vaultwardenEnvironment.age";
};
server = {
fail2ban = lib.mkIf config.server.fail2ban.enable {
jails = {

138
modules/server/www/default.nix Normal file
View File

@@ -0,0 +1,138 @@
{
lib,
config,
pkgs,
self,
...
}:
let
inherit (lib)
mkOption
mkEnableOption
mkIf
types
;
cfg = config.server.www;
srv = config.server;
in
{
options.server.www = {
enable = mkEnableOption {
description = "Enable personal website";
};
url = mkOption {
default = "";
type = types.str;
description = ''
Public domain name to be used to access the server services via Traefik reverse proxy
'';
};
cloudflared = {
credentialsFile = lib.mkOption {
type = lib.types.str;
example = lib.literalExpression ''
pkgs.writeText "cloudflare-credentials.json" '''
{"AccountTag":"secret"."TunnelSecret":"secret","TunnelID":"secret"}
'''
'';
};
tunnelId = lib.mkOption {
type = lib.types.str;
example = "00000000-0000-0000-0000-000000000000";
};
};
};
config = mkIf cfg.enable {
age.secrets = {
wwwCloudflared.file = "${self}/secrets/wwwCloudflared.age";
};
server = {
fail2ban = lib.mkIf config.server.www.enable {
jails = {
nginx-404 = {
serviceName = "nginx";
failRegex = ''^.*\[error\].*directory index of.* is forbidden.*client: <HOST>.*$'';
ignoreRegex = "";
maxRetry = 5;
};
};
};
};
services = {
nginx = {
enable = true;
defaultListen = [
{
addr = "127.0.0.1";
port = 8283;
}
];
virtualHosts."webfinger" = {
forceSSL = false;
serverName = cfg.url;
root = "/var/www/webfinger";
locations."= /.well-known/webfinger" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type application/jrd+json;
try_files /.well-known/webfinger =404;
'';
};
locations."= /robots.txt" = {
root = "/var/www/webfinger";
extraConfig = ''
default_type text/plain;
try_files /robots.txt =404;
'';
};
};
};
cloudflared = {
enable = true;
tunnels.${cfg.cloudflared.tunnelId} = {
credentialsFile = cfg.cloudflared.credentialsFile;
default = "http_status:404";
ingress."${cfg.url}".service = "http://127.0.0.1:8283";
};
};
};
environment.etc = {
"webfinger/.well-known/webfinger".text = ''
{
"subject": "acct:adam@${cfg.url}",
"links": [
{
"rel": "http://openid.net/specs/connect/1.0/issuer",
"href": "https://auth.${cfg.url}/application/o/tailscale/"
}
]
}
'';
"webfinger/robots.txt".text = ''
User-agent: *
Disallow: /
'';
};
services.traefik.dynamicConfigOptions.http = {
routers.webfinger = {
entryPoints = [ "websecure" ];
rule = "Host(`${cfg.url}`) && Path(`/.well-known/webfinger`)";
service = "webfinger";
tls.certResolver = "letsencrypt";
};
services.webfinger.loadBalancer.servers = [
{ url = "http://127.0.0.1:8283"; }
];
};
};
}

5
scripts/bin/choosepaper.sh Normal file
View File

@@ -0,0 +1,5 @@
export bg_dir="$HOME/media/images/bgs/"
find "$bg_dir" -type f | fzf --reverse --preview 'pistol {}' | while read -r img; do
pkill swaybg || true
swaybg -m fill -o '*' -i "$img" &
done

82
scripts/bin/spawn.sh Normal file
View File

@@ -0,0 +1,82 @@
# Spawn-or-focus logic for Niri:
# If no "app" windows exist, spawn one.
# If focused window is not "app", focus the first "app" instance.
# If "app" is focused and only one instance exists, spawn + consume into stack.
# If "app" is focused and two instances already exist, spawn a new separate one.
# Cycle repeats: focus first > allow stack of 2 > reset on 3rd.
if [ $# -lt 1 ]; then
echo "Usage: $0 <APP_ID> [APP_CMD]" >&2
exit 1
fi
APP_ID="$1"
APP_CMD="${2:-$1}"
WINDOW_DATA=$(niri msg -j windows)
readarray -t APP_IDS < <(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
COUNT=${#APP_IDS[@]}
FOCUSED_IS_APP=$(
echo "$WINDOW_DATA" | jq -r --arg app_id "$APP_ID" '
any(.[]; .app_id == $app_id and .is_focused)
'
)
spawn_normal() {
"$APP_CMD" &
}
spawn_and_consume() {
local initial_ids=("$@")
"$APP_CMD" &
local pid=$!
for _ in {1..50}; do
readarray -t after_ids < <(
niri msg -j windows | jq -r --arg app_id "$APP_ID" '
[ .[] | select(.app_id == $app_id) ]
| sort_by(.layout.pos_in_scrolling_layout // [0,0])
| .[].id
'
)
NEW_ID=""
for id in "${after_ids[@]}"; do
[[ " ${initial_ids[*]} " == *" $id "* ]] || NEW_ID="$id"
done
if [ -n "$NEW_ID" ]; then
niri msg action focus-window --id "${initial_ids[$((${#initial_ids[@]} - 1))]}"
niri msg action consume-window-into-column
break
fi
sleep 0.05
done
wait "$pid" 2>/dev/null || true
}
if ((COUNT == 0)); then
spawn_normal
exit 0
fi
if [ "$FOCUSED_IS_APP" != "true" ]; then
niri msg action focus-window --id "${APP_IDS[0]}"
exit 0
fi
if ((COUNT % 2 == 0)); then
spawn_normal
else
spawn_and_consume "${APP_IDS[@]}"
fi

41
scripts/bin/tuirun-debug.sh
View File

@@ -1,41 +0,0 @@
# Log file location
LOGFILE="/home/$USER/.cache/tuirun/tuirun-toggle.log"
# Redirect all output and errors to the log file
exec >>"$LOGFILE" 2>&1
# Enable command tracing
set -x
echo "Script started at $(date)"
# Log the environment variables
echo "Environment variables:"
env
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
echo "TERMINAL is set to: $TERMINAL"
# Ensure USER is set
USER="${USER:-$(whoami)}"
echo "USER is set to: $USER"
# Path to the tuirun executable
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
echo "TUIRUN_PATH is set to: $TUIRUN_PATH"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
echo "Checking if tuirun is already running..."
if "$PGREP" -f "$TERMINAL --title tuirun" >/dev/null; then
echo "Found existing tuirun process. Terminating..."
"$PKILL" -f "$TERMINAL --title tuirun"
else
echo "No existing tuirun process. Starting a new one..."
"$HYPRCTL" dispatch exec "$TERMINAL --title tuirun -e $TUIRUN_PATH"
fi
echo "Script finished at $(date)"

37
scripts/bin/tuirun-toggle.sh
View File

@@ -1,37 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
UWSM="/run/current-system/sw/bin/uwsm"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
echo "$(date): Killing existing process"
"$PKILL" -f "$MATCH_PATTERN"
else
# Log the environment for debugging
env >/tmp/script_env.txt
# Construct the command as an array for proper argument handling
CMD=("$TERMINAL" "--title" "tuirun")
if [ -n "$OPTIONS" ]; then
CMD+=("$OPTIONS")
fi
CMD+=("-e" "$TUIRUN_PATH")
echo "$(date): Executing command: ${CMD[*]}"
# Use eval to expand the command or pass the arguments directly
"$UWSM" app -- "${CMD[@]}"
fi

33
scripts/bin/tuirun-toggle.shbak
View File

@@ -1,33 +0,0 @@
# Define TERMINAL if not set
TERMINAL="${TERMINAL:-foot}"
# Use absolute paths for commands
PGREP="/run/current-system/sw/bin/pgrep"
PKILL="/run/current-system/sw/bin/pkill"
HYPRCTL="/etc/profiles/per-user/$USER/bin/hyprctl"
TUIRUN_PATH="/etc/profiles/per-user/$USER/bin/tuirun"
# Determine OPTIONS based on TERMINAL
if [ "$TERMINAL" = "foot" ]; then
OPTIONS="--override=main.pad=0x0"
elif [ "$TERMINAL" = "alacritty" ]; then
OPTIONS="--option window.padding.x=0 --option window.padding.y=0"
else
OPTIONS=""
fi
# Matching pattern for the process
MATCH_PATTERN="$TERMINAL --title tuirun"
if "$PGREP" -f "$MATCH_PATTERN" >/dev/null; then
"$PKILL" -f "$MATCH_PATTERN"
else
# Construct the command
CMD="$TERMINAL --title tuirun"
if [ -n "$OPTIONS" ]; then
CMD="$CMD $OPTIONS"
fi
# Use login shell to ensure proper environment
CMD="$CMD -e $SHELL -l -c '$TUIRUN_PATH'"
# Launch the terminal with OPTIONS
"$HYPRCTL" dispatch exec "$CMD"
fi

53
scripts/default.nix
View File

@@ -12,8 +12,17 @@ in
{
home = {
sessionPath = [ "${config.home.homeDirectory}/.local/bin" ];
file = {
".local/bin/spawn.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [ niri ];
text = readFile ./bin/spawn.sh;
}
);
};
".local/bin/spawn-or-focus.sh" = {
source = getExe (
pkgs.writeShellApplication {
@@ -24,6 +33,20 @@ in
);
};
".local/bin/choosepaper.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "spawn";
runtimeInputs = with pkgs; [
fzf
swaybg
pistol
];
text = readFile ./bin/choosepaper.sh;
}
);
};
".local/bin/pavucontrol-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {
@@ -34,34 +57,6 @@ in
);
};
".local/bin/tuirun-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-toggle";
runtimeInputs = with pkgs; [
hyprland
uwsm
];
text = readFile ./bin/tuirun-toggle.sh;
}
);
};
".local/bin/tuirun-debugger.sh" = {
source = getExe (
pkgs.writeShellApplication {
name = "tuirun-debugger";
runtimeInputs = with pkgs; [ hyprland ];
text = ''
# Save environment to file
env > /tmp/tuirun-env.txt
# Run tuirun
/etc/profiles/per-user/cnst/bin/tuirun
'';
}
);
};
".local/bin/calcurse-toggle.sh" = {
source = getExe (
pkgs.writeShellApplication {

14
secrets/authentikCloudflared.age Normal file
View File

@@ -0,0 +1,14 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg 2oTh42u4hxJGAypwwLJwDCPMngauHB8BhKA83xAXr1M
Sr6Hbfnd52F0dUk5RO3wxxJ7RGi3+NUCBq/MzDbKR7s
-> ssh-ed25519 KUYMFA O2j6gYY1QR1ZlFiWw+7y6nKUeE658Wp3PdV6dsMqwTU
NYwnTkZX5PHnNtL1vqJqIsYzIFUY43AVso8ecMAHvWs
-> ssh-ed25519 76RhUQ VTzoQh0fHrG41Gr0YnPY7Jz7yFFugigm/DpUUE/Ny18
SITvKJf5+ql4DhpJoPVvEXdLGIBeKnlLlm8u4QPr0RY
-> ssh-ed25519 Jf8sqw oVI2y3zqpswvyZoNwklrKI1ZbxMJ5a1kzc43RErkbD8
aHNuHMH2XNQ7+9sfsA8LMhBSgTDmvmI1wY26V2j+lsE
--- 0UL0vxM2f5IeVhDO1Cg7SUmhuvpFh+GsEEW4g5JEORU
<EFBFBD>)q<>$*<2A><><EFBFBD>b<10>X<EFBFBD><58><EFBFBD>`<60> %f
_<EFBFBD>%%1ݗ<><DD97><EFBFBD>)<29><>fT<66>٧&<26>`+<2B>K<EFBFBD><4B>q<EFBFBD><71>I<><EEADBE><EFBFBD><EFBFBD><EFBFBD><19><><03>\=<3D>M<EFBFBD><4D><18>
!<21><>7<EFBFBD>b<EFBFBD>]<5D>X<>_lri<72>_<EFBFBD><03><>;<3B>R
<EFBFBD>)<29><>c<EFBFBD>H<><48>5. p<> :m<>_<EFBFBD>&Vj/<2F><01><>Ra|MU<4D><55>b<EFBFBD><62><02>y<EFBFBD><79><EFBFBD><EFBFBD>El<45>nS<6E>9"<11><>گ+<<3C>

BIN
secrets/authentikEnv.age Normal file
View File

Binary file not shown.

BIN
secrets/cloudflareDnsApiToken.age
View File

Binary file not shown.

20
secrets/cloudflareDnsCredentials.age
View File

@@ -1,11 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg QY+660BNebZu+onRxjUCOqQ4iqCySPWfw9eCLXdFsl8
AP1XZcDAY4/hrtyTnVXEpybPgEh38PcMaiiBPTlkDZ8
-> ssh-ed25519 KUYMFA nCLslugBChJUP4e6XXxV5GGUZdM/YHcOqSQEzgBnpnk
9Y/N0Clq/qSGa/XHGKr5Yg6iz40fb+5Rti+6RvEoiXs
-> ssh-ed25519 76RhUQ ZeJds5ce27IAjkBpECnQY73Y0g2eB8lI5g2K3wn3STQ
IQ8TZ/jrTme1cUxzSDNYN6hfHKXJV9aKNXFP7jNWlgs
-> ssh-ed25519 Jf8sqw 6o1aN6NB+YgDM/q1DyTwRGbE85oOvyyGGNGIrd+P31Q
QpL1gGnfLs2Xm7Sx0jVE3Cx4J7aIzcUOXUp9Yt/Ztt0
--- DR/KkJALCKIdMQvWi1abl8Q9UWJVPSv/a3sAoxY/t2Q
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>gPm<EFBFBD>?\<5C><><EFBFBD>}v/[
-> ssh-ed25519 t9iOEg EO9wY72yR1e+1vy7G+bSpm2Rcv6bv/Df0D1i/SO+zA0
pmABveIZ53zQOoJ27P4zqb0jtaDJoYkhclMP6wcl+ZM
-> ssh-ed25519 KUYMFA h02lppvPUe8eJLAfIEkGQqgdNWqvFYpJ2eZjJGHJ+SA
5+T4ytKUXPdIIDXfcc/LUnQsOMlmck2Ug32MKNuCh2Q
-> ssh-ed25519 76RhUQ E/ng+K+F+iaNZ0QjSyo2JuAz717aoygNguzon798dlI
CPJV+mjKX1ZtmWvBroFHVyuRnnUI5ymfEw6OqnQa2kI
-> ssh-ed25519 Jf8sqw yrWSLSAjsIfyd+DYUyojy0k6GwMa3ZmVjyIz36gLin0
ly8wMETBPdaF5dM5r//UCdfSqTMEfnodffgIAUGydcE
--- kNDVEUJATIeuOYNXY/Bl++PfDEn/lCo4nBiTEFntOw0
<EFBFBD>g<EFBFBD><EFBFBD>Q=[g<><16>?_<><5F>|<7C><>7[<5B><>-<2D><>CngڡǗ<01>+<2B>m<><6D><r<01><>bv?i<><69>S<EFBFBD>2W<32>f<EFBFBD><66>51<11><>P<>x~<13><>_c<5F>"m<><01>)<29><>h"I<>

BIN
secrets/homepageEnvironment.age
View File

Binary file not shown.

BIN
secrets/keycloakCloudflared.age
View File

Binary file not shown.

11
secrets/keycloakDbPasswordFile.age
View File

@@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg JGPsdwpo+QYwoEtQp5O7esvdpxDmBtSaAFa42xUrziA
O/fLTeyC+01JM0Iqc3PfW0LTEW1CTSCXvnzcTpGhiZs
-> ssh-ed25519 KUYMFA ELcXHREdinnJGyLmGP52mCe6wT6FPBAh6STAmphI1gM
UEAyd9Pl4GqxfgRvX4TkNjX+iCoPbIaBe4jZRgfxtKM
-> ssh-ed25519 76RhUQ iLb/XlmQRU7NBJ0qACMWzdcekWLJdewuY8XK88QMgho
cwydjm9RJ3Oj36OhBCCpdN1nIZICqpVcm/Icl+1buC8
-> ssh-ed25519 Jf8sqw /VcINacatv58hd3KxVjVWm6Jg6ZZszbrA7xMuScfMwE
e5GHPaF3oXfmRKrcII3w48XH+nvvEJGdORUnfJR/jE0
--- HxSA44rqWWFjoHeJaGi7VCsPdmksyMCytkv75TaTGfU
<EFBFBD><EFBFBD><EFBFBD>Muމ<EFBFBD><<3C>(<28>~82<38><32>a<><1A><><EFBFBD>pfI<66>I<EFBFBD><49>^L<>%<25>2㛔<32>b<EFBFBD>q<EFBFBD><71><EFBFBD><EFBFBD>/As:B<>]<5D>]<5D>Ż<EFBFBD>

20
secrets/nextcloudAdminPass.age
View File

@@ -1,11 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg PQ9P0XIzZ/u/gSgdOlfQXFVW1GemJxDaVCtqJkBYsBY
KOw543xyHFcTzkCyOAB40bbArhQW+cGPySfFB4ceMn4
-> ssh-ed25519 KUYMFA GdUikncmoMYip/ASuwLKXwv+Wa3qyfT/CBjQxaptIRY
vnHv5sJVDcce02IaKwPFefNzIzvlwgIKi1ZVo+2tq+0
-> ssh-ed25519 76RhUQ xLBZfVIBGSuEqGlV8ny+uDhDnHZrHv0b7PVOCyiFdRs
gK3tkiaZmHBTpwYImlftYgcyNc7k6kRl1dyOaEN/zls
-> ssh-ed25519 Jf8sqw YFwHA8v2BZvppparLQ1ts75lBCuS1exwNbLt4vRLuQY
qV/PXIouLPAx0amjeeS8aQx3tqgG7VqHhSjqIu+kOF4
--- SAbSjt7w+XOwUQI+1saRnttNRuC9NOUvQXWu/+MdLn0
3<EFBFBD>U<EFBFBD>\'<27><>UUK<>UQ<55>g<EFBFBD><67>k<><6B><EFBFBD>"P<>R<EFBFBD>L<EFBFBD>'r<>*<1B>rA<72><41>c<EFBFBD>Oy{%A<><41><EFBFBD>bL<62>KM9<4D>'<27>
-> ssh-ed25519 t9iOEg 5z2kiVAol78mM42O1Jf9ndeBwElB0x4BectRt+R8GkM
gE89nfzfPZ7dcQDG57xdJAcrq565V+rbWDUEtNuBEwA
-> ssh-ed25519 KUYMFA 7aaMHpHzTC3U/7zol+LWE5IXrXm98ORcQpXkC3SNBBw
i4cyBlQrGmPiosCaCjv/7GUUikP2c/I8tA93Qz0o3cI
-> ssh-ed25519 76RhUQ 7Jppe6oBvuXqxoB4LNU+725b6ZeopHxgXq3WWDZlbhg
f+8GtX9dsCrnQ+kN0Swhq5LLNZrlzEVYJhwn+oN7yG8
-> ssh-ed25519 Jf8sqw qBlvp6ZCHVkr37lfE+HrBNNEGcqQ8++GbMYBKhpr1Dk
9CoVJgvPZyIQOdTOFQWMotZaohFUmt953pivSVx6C9Q
--- ZSaeUcQ9T8TdcDXXNOWgTRAAG5+lRsl4sOFIOYgMISQ
Ua<55><61>`<60><><1A>'<27>^n<02>eP<65>=<3D><12>b<EFBFBD><62><EFBFBD>><3E><>~<7E>ؑ RV<52><05><><EFBFBD>n<05>g0Z<30><5A><EFBFBD><EFBFBD><EFBFBD>E<EFBFBD><45><EFBFBD>k<1E><1D><1C><>ml<6D>w<08>`<60>ҝ<EFBFBD><D29D><EFBFBD> <20>/<2F>x<EFBFBD><78>~

11
secrets/nextcloudCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg tCTVBy/ZypZ8DjzMhp6MsG0OUSmY/Z7nprs6OgMXiRs
GXMwQ7THAvuh9SpM12ck84R86Qvs+Db62ybohItDloE
-> ssh-ed25519 KUYMFA EwdbsocHYlzEJ2JLiI6oD6wkhaN+llPghPuO50oNLmY
NYQmMaeBM511yQeeEczVEW9Hx6y8/5NiQJ4PGtytBlw
-> ssh-ed25519 76RhUQ 3zs9rA1RoMUahExIGTBXV6i815jrK9UDrh6ZKi4gXQk
lWRnELDu+qd+MHBnYoSkBZblJoNcBXIeIW7phdZb7fg
-> ssh-ed25519 Jf8sqw zDqvIhlZ5TMP5l4Ymc0VUccb0EZHu6nzT0zAz0n/yiA
2C6PIEpv7dsDV7u87B991XRHIDcYRIfi60cvHK0Bkgo
--- TzhNfeAGrl1ggKFbSWgQw+R0xpKU+VOod/iEJlgLPOA
uGe<47><65><EFBFBD>R H<10><><EFBFBD>=<3D><>of<6F>|t'e <09>L뉱l<EB89B1>w<1D><><EFBFBD>fMG"<22><>}@\<5C>e *R<>7j<37>%<25><><EFBFBD>=?<3F><>v<EFBFBD>%i<><10>\<5C><>'<27><><03>0Qyj <04><>8<><38><EFBFBD><EFBFBD>x<EFBFBD>yj<79><04><><05>&EB<45>T<EFBFBD>ɥ#<23>H<EFBFBD><48>u<EFBFBD>E%5uLҐy<D290>Ć5<C486><35>K<EFBFBD>><3E>t<><03><><EFBFBD><EFBFBD>0<EFBFBD><30><EFBFBD><EFBFBD><EFBFBD>0 <0C>q<EFBFBD>V ŵ>_j<5F>U<EFBFBD>D<><1A><><EFBFBD>JWꂿ<0F>>@<40><><EFBFBD><EFBFBD>w :<3A><>CJEb,5U

11
secrets/ocisCloudflared.age
View File

@@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg v2avJ6U6RgP+ZxIa1QzzqxB48cslbdB0TlDlcz4F0RE
JTyOfbyFWOh9Br07l2SZpDH/2xk5+Cnz3BEl+1DdQdA
-> ssh-ed25519 KUYMFA pGewUt3eOluT+v/+Yuf8zsuQtZVRSbYQPVw6CkbrOUk
H3G8Gxug7dww1fkfpuErLCndsD0HHcEQkndIkkZaW4I
-> ssh-ed25519 76RhUQ o0kqSfuXPVvPGk3snfUGdAZqJG1I5KOhbEK21XUcCXs
ZKFxlayTAQptEgfNdPawCB1EYSphO6CzgVOxP56n71U
-> ssh-ed25519 Jf8sqw uor01IOxnc3p9iRi2019HjkZzs1ph9G+oiYIPKrXb3A
Q2uxuYsSmMc3N2g7IQ/87YHXNdcgF2MpIz8P53kPBSs
--- 3JvyOSSYzDA6OPnYq45RUKdgGE6EgzkP1kDyu1nRbww
`<60>l<EFBFBD>0<EFBFBD>n˵ 8y<10><>i<EFBFBD>ĕKn<4B><6E>P&G<><47><EFBFBD><EFBFBD><EFBFBD>2<EFBFBD>O <0C><15>`Yw<59>H<EFBFBD>+:<3A><>(q<18><>po<70><6F><EFBFBD>A<>|<7C>͸dz<64>g<EFBFBD><67> <0C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <0B><><EFBFBD>\K<><4B><EFBFBD>h<EFBFBD><68>/<2F><07>+2hq1x6g<36>ǒ<EFBFBD>5<EFBFBD><35>6Fz<46><17><><19>$Z<><5A><EFBFBD>28<32>ߏ<EFBFBD>U<EFBFBD>f<EFBFBD><66>OQ<4F><51>[<5B>8ua<75>А<EFBFBD><D090>uo-<2D><><EFBFBD>:<3A>&<26><><EFBFBD>P<EFBFBD><50> <14><> <20>49Q?b<08>li<6C><69><EFBFBD>f-Ox<4F><78>s<EFBFBD><73><EFBFBD>j<EFBFBD>USf[

74
secrets/secrets.nix
View File

@@ -1,7 +1,11 @@
let
# --- Users ---
cnst = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
kima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
ukima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEUub8vbzUn2f39ILhAJ2QeH8xxLSjiyUuo8xvHGx/VB adam@cnst.dev";
rkima = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix";
# --- Hosts: bunk ---
ubunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXCjkKouZrsMoswMIeueO8X/c3kuY3Gb0E9emvkqwUv cnst@cnixpad";
rbunk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH72llEVDSHH/FZnjLVCe6zfdkdJRRVg2QL+ifHiPXXk root@cnix";
# --- Hosts: sobotka ---
usobotka = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5ydTeaWcowmNXdDNqIa/lb5l9w5CAzyF2Kg6U5PSSu cnst@sobotka";
@@ -12,9 +16,13 @@ let
rziggy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHnca8xg1MZ4Hx5k5SVFSxcPnWc1O6r7w7JGYzX9aQm8 root@nixos";
# --- Groups ---
core = [
cnst
kima
kima = [
ukima
rkima
];
bunk = [
ubunk
rbunk
];
sobotka = [
usobotka
@@ -24,38 +32,40 @@ let
uziggy
rziggy
];
all = core ++ sobotka ++ ziggy;
all = kima ++ bunk ++ sobotka ++ ziggy;
in {
# Generic
"cnstssh.age".publicKeys = core;
"cnixssh.age".publicKeys = core;
"certpem.age".publicKeys = core;
"keypem.age".publicKeys = core;
"mailpwd.age".publicKeys = core;
"gcapi.age".publicKeys = core;
"cnstssh.age".publicKeys = kima;
"cnixssh.age".publicKeys = kima;
"certpem.age".publicKeys = kima;
"keypem.age".publicKeys = kima;
"mailpwd.age".publicKeys = kima;
"gcapi.age".publicKeys = kima;
# Shared between core + sobotka
"cloudflareEnvironment.age".publicKeys = core ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = core ++ sobotka;
"homepageEnvironment.age".publicKeys = core ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = core ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = core ++ sobotka;
"keycloakDbPasswordFile.age".publicKeys = core ++ sobotka;
"keycloakCloudflared.age".publicKeys = core ++ sobotka;
"ocisCloudflared.age".publicKeys = core ++ sobotka;
"ocisAdminPass.age".publicKeys = core ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = core ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = core ++ sobotka;
"wgCredentials.age".publicKeys = core ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = core ++ sobotka;
"gluetunEnvironment.age".publicKeys = core ++ sobotka;
"pihole.age".publicKeys = core ++ sobotka;
"slskd.age".publicKeys = core ++ sobotka;
# Shared between kima + sobotka
"cloudflareEnvironment.age".publicKeys = kima ++ sobotka;
"vaultwardenEnvironment.age".publicKeys = kima ++ sobotka;
"homepageEnvironment.age".publicKeys = kima ++ sobotka;
"cloudflareFirewallApiKey.age".publicKeys = kima ++ sobotka;
"vaultwardenCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudCloudflared.age".publicKeys = kima ++ sobotka;
"nextcloudAdminPass.age".publicKeys = kima ++ sobotka;
"cloudflareDnsApiToken.age".publicKeys = kima ++ sobotka;
"cloudflareDnsCredentials.age".publicKeys = kima ++ sobotka;
"wgCredentials.age".publicKeys = kima ++ sobotka;
"wgSobotkaPrivateKey.age".publicKeys = kima ++ sobotka;
"gluetunEnvironment.age".publicKeys = kima ++ sobotka;
"sobotkaPihole.age".publicKeys = kima ++ sobotka;
"slskd.age".publicKeys = kima ++ sobotka;
"authentikEnv.age".publicKeys = kima ++ sobotka;
"traefikEnv.age".publicKeys = kima ++ sobotka;
"wwwCloudflared.age".publicKeys = kima ++ sobotka;
"authentikCloudflared.age".publicKeys = kima ++ sobotka;
# Ziggy-specific
"cloudflareDnsCredentialsZiggy.age".publicKeys = core ++ ziggy;
"piholeZiggy.age".publicKeys = core ++ ziggy;
"cloudflareDnsCredentialsZiggy.age".publicKeys = kima ++ ziggy;
"ziggyPihole.age".publicKeys = kima ++ ziggy;
# Both sobotka + ziggy (for HA stuff like keepalived)
"keepalived.age".publicKeys = core ++ sobotka ++ ziggy;
"keepalived.age".publicKeys = kima ++ sobotka ++ ziggy;
}

0
secrets/pihole.age → secrets/sobotkaPihole.age
View File

BIN
secrets/sslCert.age Normal file
View File

Binary file not shown.

BIN
secrets/sslKey.age Normal file
View File

Binary file not shown.

BIN
secrets/traefikEnv.age Normal file
View File

Binary file not shown.

11
secrets/wwwCloudflared.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 t9iOEg CWarcJM8RPjJW+e3BQ99KEUnOZQUDEIIeygeh/8MZUw
xux60KMmyOVvgiuEqyEPXM1Wr2ne8AyHT6CAWKMOcKo
-> ssh-ed25519 KUYMFA AThOlxHT41vsczkSGzJmT+VmWC2dAnLiIcTJP+YySkc
Jy8HyRuzIFtGYMimxsQNm2NnbluVwS6ZuXhq4uRfabY
-> ssh-ed25519 76RhUQ dKyDJ4DCNtYWQ2+cC7gwa+14aw99S+mU38tpQrlOmFc
0mD5Qcv8b8Bh1e4mbqdH26UtCJaUe7C7dDDSXJd1iRY
-> ssh-ed25519 Jf8sqw To2I/347gMqYx0PxMgYqbGekUpfqWOQwtgJ+0AFilTw
nIo4dH9JnOuWo48a17Kjyee5sQV8HN+PNXCWDT4fjIg
--- SuE6Z9ipbuWhxoaULMf6OGtG3BNkQ1BpWXkgfAI7Y6Y
<EFBFBD>R<EFBFBD>u1<12><><16><><EFBFBD>d<EFBFBD>ژdʋ(s <0B>)<29>M0v<30>ѹ<EFBFBD><D1B9><EFBFBD>Z<EFBFBD>V<EFBFBD><56><10>q<05>i<EFBFBD>i<EFBFBD><69>Ec* <09>{<7B>~teP<65><50><EFBFBD>{<1C>D<>mA~Ŭ<><1B>c.<2E>TbƝ<62>}<<3C><><EFBFBD><EFBFBD><EFBFBD>e0<65>Vq <0C><><EFBFBD>k<EFBFBD><6B><EFBFBD> b<>T<1F><>*Y<><59>$<24><>t<EFBFBD><74>:<3A><>^<1C><>+<2B><1D><>;<3B>1<EFBFBD><31><EFBFBD>ۤ<EFBFBD><DBA4>Ӎ<12>X<EFBFBD>H<EFBFBD><03><>u<EFBFBD><75><EFBFBD>g<EFBFBD>߄<EFBFBD>o<EFBFBD>/<2F>G<EFBFBD><0E><><16>Kl<4B>I<EFBFBD>C<EFBFBD><43>==A<><11><>Y<EFBFBD><59><EFBFBD>U<EFBFBD><55><EFBFBD><EFBFBD>

0
secrets/piholeZiggy.age → secrets/ziggyPihole.age
View File

1
users/cnst/default.nix
View File

@@ -23,6 +23,5 @@
json.enable = false;
manpages.enable = false;
};
programs.home-manager.enable = true;
}

2
users/cnst/modules/bunkmod.nix
View File

@@ -131,7 +131,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

4
users/cnst/modules/kimamod.nix
View File

@@ -11,7 +11,7 @@
enable = true;
};
chromium = {
enable = true;
enable = false;
};
discord = {
enable = true;
@@ -132,7 +132,7 @@
enable = true;
};
syncthing = {
enable = true;
enable = false;
};
udiskie = {
enable = true;

154
users/cnst/modules/sobotkamod.nix
View File

@@ -1,154 +0,0 @@
{
home = {
programs = {
aerc = {
enable = false;
};
alacritty = {
enable = false;
};
bash = {
enable = true;
};
chromium = {
enable = false;
};
discord = {
enable = false;
};
eza = {
enable = true;
};
floorp = {
enable = false;
};
firefox = {
enable = false;
};
fish = {
enable = true;
};
foot = {
enable = false;
};
fuzzel = {
enable = false;
};
git = {
enable = true;
};
ghostty = {
enable = false;
};
helix = {
enable = true;
};
hyprlock = {
enable = false;
};
jujutsu = {
enable = false;
};
kitty = {
enable = false;
};
mpv = {
enable = false;
};
neovim = {
enable = false;
};
nvf = {
enable = false;
};
nwg-bar = {
enable = false;
};
pkgs = {
enable = true;
};
rofi = {
enable = false;
};
ssh = {
enable = true;
};
tuirun = {
enable = false;
};
vscode = {
enable = false;
};
waybar = {
enable = false;
};
wezterm = {
enable = false;
};
yazi = {
enable = false;
};
zathura = {
enable = false;
};
zed-editor = {
enable = false;
};
zellij = {
enable = false;
};
zen = {
enable = false;
};
zsh = {
enable = false;
};
};
services = {
blueman-applet = {
enable = false;
};
copyq = {
enable = false;
};
dconf = {
settings = {
color-scheme = "prefer-dark";
};
};
dunst = {
enable = false;
};
gpg = {
enable = true;
};
gtk = {
enable = false;
};
hypridle = {
enable = false;
};
hyprpaper = {
enable = false;
};
mako = {
enable = false;
};
nix-index = {
enable = true;
};
protonmail-bridge = {
enable = false;
};
syncthing = {
enable = false;
};
udiskie = {
enable = false;
};
xdg = {
enable = false;
};
};
};
}

4
users/cnst/variables/default.nix
View File

@@ -14,8 +14,8 @@ let
BROWSER = "zen";
EDITOR = "hx";
TERM = "xterm-256color";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
# VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json";
# STEAM_EXTRA_COMPAT_TOOLS_PATHS = "/home/cnst/.steam/root/compatibilitytools.d";
QT_QPA_PLATFORM = "wayland";
XDG_SESSION_TYPE = "wayland";
};