Daholli/nixos-config
1
0
Fork 0
Code Issues 3 Pull requests 1 Releases Packages Activity Actions

Merge branch 'rewrite' into main-merge

Browse source
This commit is contained in:
Christoph Hollizeck 2025-10-31 01:11:51 +01:00
commit 1f0dab9667
Signed by: Daholli
GPG key ID: 249300664F2AF2C7
16 changed files with 522 additions and 183 deletions
Download patch file Download diff file Expand all files Collapse all files

84
flake.lock generated
View file

@ -110,11 +110,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1761686631,
"narHash": "sha256-OzyQkqtH4kenusXEquQvTHnAr/6lGVS2DqErIPlzCUs=",
"lastModified": 1761839147,
"narHash": "sha256-DXDb6AVCRPosOkQPyvVrHpO//VXqyzS3uLWiasTuENI=",
"owner": "cachix",
"repo": "devenv",
"rev": "b59500b629c08829825d4f4eca68169ea3a8821f",
"rev": "bb7849648b68035f6b910120252c22b28195cf54",
"type": "github"
},
"original": {
@ -131,11 +131,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1761720242,
"narHash": "sha256-Zi9nWw68oUDMVOhf/+Z97wVbNV2K7eEAGZugQKqU7xw=",
"lastModified": 1761806629,
"narHash": "sha256-3u8345VliQtbpOtCNYYpDTCsjS8A9osrpU03E8TaIBw=",
"owner": "nix-community",
"repo": "fenix",
"rev": "8e4d32f4cc12b3f106af6e4515b36ac046a1ec91",
"rev": "c7c690951af16e60912678fab6155fb120cc27b0",
"type": "github"
},
"original": {
@ -503,11 +503,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1761663476,
"narHash": "sha256-rMapt12HqMDVo91bqojbiOh+l7UuqJ738rk1iu980qs=",
"lastModified": 1761863388,
"narHash": "sha256-UwdHjEui1q4HGrkTekvIpwM/R+pD4fCh+vKlsvZSVyU=",
"owner": "helix-editor",
"repo": "helix",
"rev": "de0518d0e631f1984dc7229b76c2bdadf2bffe5d",
"rev": "9dcd19e664a9efe2d6960710ddba3bbd8fda12b6",
"type": "github"
},
"original": {
@ -523,11 +523,11 @@
]
},
"locked": {
"lastModified": 1761666354,
"narHash": "sha256-fHr+tIYBJccNF8QWqgowfRmEAtAMSt1deZIRNKL8A7c=",
"lastModified": 1761845621,
"narHash": "sha256-d+R4MHsGmdebvSMsYUFWONsZSlUbOo8Zq/wjMdMiIac=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ca2ab1d877a24d5a437dad62f56b8b2c02e964e9",
"rev": "97e3022a8d2c09313fa49847f6da4d76abcfc72d",
"type": "github"
},
"original": {
@ -683,11 +683,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1761733109,
"narHash": "sha256-sgZlcW1W6ioNFaMz+r4O52SLNywzRJiqRwBKRenvL6c=",
"lastModified": 1761780088,
"narHash": "sha256-ylKrWQeIAGyysfHbgZpcWUs9UsbiOBIVXTPqaiV3lf0=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "9eb82774e53dc02e4fa204a911cb4256cd21f429",
"rev": "6ade4d58cab67e18aa758ef664e36421cab4d8b2",
"type": "github"
},
"original": {
@ -713,11 +713,11 @@
]
},
"locked": {
"lastModified": 1761653710,
"narHash": "sha256-MhHSU9m/9HSckJ61OXcom/6F92NQf3s1QfLbRUApalc=",
"lastModified": 1761824067,
"narHash": "sha256-dB27qZRH2X5h2KM99UBYmksxb2ly2EGp5eSznTzRDe0=",
"owner": "hyprwm",
"repo": "hyprland-plugins",
"rev": "e689220b1740aa99ca67fa06055792f82fa9ed85",
"rev": "7a07883c4d3e7ec6726862586483ea119e20eb0f",
"type": "github"
},
"original": {
@ -1024,11 +1024,11 @@
]
},
"locked": {
"lastModified": 1761728397,
"narHash": "sha256-PyRcsly7w12wg6Vjzkn5eLvRQgX+nzHU80xBVnwE7Eg=",
"lastModified": 1761733523,
"narHash": "sha256-Z0i6J9KaMZW7bBwQOj4XZ4mZFfegvaAtvnT3suUMhPc=",
"owner": "nix-community",
"repo": "nh",
"rev": "149022d8973798f5ebb819fb2977b0260f049816",
"rev": "78494d6b8587c8cb36e51949f1177a4ee42a41f8",
"type": "github"
},
"original": {
@ -1045,11 +1045,11 @@
"rust-overlay": []
},
"locked": {
"lastModified": 1761721311,
"narHash": "sha256-fXBALdA4CKAYslcuamjzQZLUTCNBIKWybj+/2rwe3Z0=",
"lastModified": 1761800210,
"narHash": "sha256-v9/VHMISSjYpj5RgaN9qqsuC4OPVklLpN1l33HBXSE4=",
"owner": "YaLTeR",
"repo": "niri",
"rev": "6e8fd153395036c2daa7c214695ed9baf2409a2e",
"rev": "7c0dcddee782d2ca68620ec423d08d932ef059df",
"type": "github"
},
"original": {
@ -1163,11 +1163,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1761669189,
"narHash": "sha256-INBZnPA9JzyDn+Fnni2250PbRzKx7Eafz0T2c7NhXiQ=",
"lastModified": 1761827175,
"narHash": "sha256-XdPVSYyIBK4/ruoqujaQmmSGg3J2/EenexV9IEXhr6o=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "9c0ee5dfa186e10efe9b53505b65d22c81860fde",
"rev": "43ffe9ac82567512abb83187cb673de1091bdfa8",
"type": "github"
},
"original": {
@ -1278,11 +1278,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1761373498,
"narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"type": "github"
},
"original": {
@ -1310,11 +1310,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1761373498,
"narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
"lastModified": 1761672384,
"narHash": "sha256-o9KF3DJL7g7iYMZq9SWgfS1BFlNbsm6xplRjVlOCkXI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
"rev": "08dacfca559e1d7da38f3cf05f1f45ee9bfd213c",
"type": "github"
},
"original": {
@ -1447,11 +1447,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1761686505,
"narHash": "sha256-jX6UrGS/hABDaM4jdx3+xgH3KCHP2zKHeTa8CD5myEo=",
"lastModified": 1761739801,
"narHash": "sha256-ONUpb+l5oEIb9iOGkmUhze5YjRexZ6sc3mwQyLXlcms=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "d08d54f3c10dfa41033eb780c3bddb50e09d30fc",
"rev": "769ebafdc66559d620bdc414743f32bb28180c58",
"type": "github"
},
"original": {
@ -1680,11 +1680,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1761712008,
"narHash": "sha256-Nf2s59dLg6KDUV0omZqIlOGNUxw/Rl/KKXEXQGFCAlo=",
"lastModified": 1761859061,
"narHash": "sha256-5C2x+ZQQZAAy0LowYgacT1KG83nXxjcYKMzedx89Wtw=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "1383ed38745d12f3896c996848d24c451643db58",
"rev": "26142b84460636c55bd612ae67225056c7faf134",
"type": "github"
},
"original": {
@ -1702,11 +1702,11 @@
]
},
"locked": {
"lastModified": 1760747435,
"narHash": "sha256-wNB/W3x+or4mdNxFPNOH5/WFckNpKgFRZk7OnOsLtm0=",
"lastModified": 1761826449,
"narHash": "sha256-4cbXup+ilfZZwyPcNYhUcVsoA0qtbnAEopuPItZ2DEc=",
"owner": "mitchellh",
"repo": "zig-overlay",
"rev": "d0f239b887b1ac736c0f3dde91bf5bf2ecf3a420",
"rev": "ed15dd96c4dcecc69e6c13523af38504944a3794",
"type": "github"
},
"original": {

1
modules/base/starship.nix
View file

@ -2,7 +2,6 @@
flake.modules.homeManager.cholli =
{ ... }:
{
catppuccin.starship.enable = false;
programs = {
starship = {
enable = true;

2
modules/base/system/default.nix
View file

@ -30,6 +30,7 @@
{
imports = [
inputs.sops-nix.nixosModules.sops
inputs.niri-flake.nixosModules.niri
];
environment.systemPackages = with pkgs; [
@ -49,7 +50,6 @@
defaultSopsFile = ../../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
# age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
};

42
modules/desktop/addons/hypridle.nix
View file

@ -1,27 +1,29 @@
{
flake.modules.homeManager.cholli =
{ ... }:
{ lib, osConfig, ... }:
{
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
lock_cmd = "hyprlock-blur";
};
config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") {
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
lock_cmd = "hyprlock-blur";
};
listener = [
{
timeout = 600;
on-timeout = "loginctl lock-session";
}
{
timeout = 1200;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
listener = [
{
timeout = 600;
on-timeout = "loginctl lock-session";
}
{
timeout = 1200;
on-timeout = "hyprctl dispatch dpms off";
on-resume = "hyprctl dispatch dpms on";
}
];
};
};
};
};

152
modules/desktop/addons/hyprlock.nix
View file

@ -25,91 +25,99 @@
};
homeManager.cholli =
{ inputs, pkgs, ... }:
{
inputs,
lib,
pkgs,
osConfig,
...
}:
let
hyprlock-package = inputs.hyprlock.packages.${pkgs.system}.hyprlock;
in
{
programs.hyprlock = {
enable = true;
package = hyprlock-package;
settings = {
# inspiration from https://github.com/justinmdickey/publicdots/blob/main/.config/hypr/hyprlock.conf
background = [
{
config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") {
programs.hyprlock = {
enable = true;
package = hyprlock-package;
settings = {
# inspiration from https://github.com/justinmdickey/publicdots/blob/main/.config/hypr/hyprlock.conf
background = [
{
monitor = "DP-1";
path = "/tmp/screenshot1.png";
blur_passes = 1; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
}
{
monitor = "HDMI-A-1";
path = "/tmp/screenshot2.png";
blur_passes = 2; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
}
];
label = [
{
monitor = "DP-1";
text = "$TIME";
color = "rgba(242, 243, 244, 0.75)";
font_size = 95;
font_family = "JetBrains Mono";
position = "0, 300";
halign = "center";
valign = "center";
}
{
monitor = "DP-1";
text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 22;
font_family = "JetBrains Mono";
position = "0, 200";
halign = "center";
valign = "center";
}
];
image = {
monitor = "DP-1";
path = "/tmp/screenshot1.png";
path = "/home/cholli/Pictures/profile.png";
blur_passes = 1; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
}
{
monitor = "HDMI-A-1";
path = "/tmp/screenshot2.png";
blur_passes = 2; # 0 disables blurring
blur_size = 7;
noise = 1.17e-2;
}
];
label = [
{
monitor = "DP-1";
text = "$TIME";
color = "rgba(242, 243, 244, 0.75)";
font_size = 95;
font_family = "JetBrains Mono";
position = "0, 300";
position = "0, 50";
halign = "center";
valign = "center";
}
{
};
input-field = {
monitor = "DP-1";
text = ''cmd[update:1000] echo $(date +"%A, %B %d")'';
color = "rgba(242, 243, 244, 0.75)";
font_size = 22;
font_family = "JetBrains Mono";
position = "0, 200";
size = "200,50";
outline_thickness = 2;
dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.35; # Scale of dots' absolute size, 0.0 - 1.0
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.2)";
font_color = "rgb(111, 45, 104)";
fade_on_empty = false;
rounding = -1;
check_color = "rgb(30, 107, 204)";
placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
hide_input = false;
position = "0, -100";
halign = "center";
valign = "center";
};
}
];
image = {
monitor = "DP-1";
path = "/home/cholli/Pictures/profile.png";
position = "0, 50";
halign = "center";
valign = "center";
};
input-field = {
monitor = "DP-1";
size = "200,50";
outline_thickness = 2;
dots_size = 0.2; # Scale of input-field height, 0.2 - 0.8
dots_spacing = 0.35; # Scale of dots' absolute size, 0.0 - 1.0
dots_center = true;
outer_color = "rgba(0, 0, 0, 0)";
inner_color = "rgba(0, 0, 0, 0.2)";
font_color = "rgb(111, 45, 104)";
fade_on_empty = false;
rounding = -1;
check_color = "rgb(30, 107, 204)";
placeholder_text = ''<i><span foreground="##cdd6f4">Input Password...</span></i>'';
hide_input = false;
position = "0, -100";
halign = "center";
valign = "center";
};
general = {
auth_method = "pam";
general = {
auth_method = "pam";
};
};
};
};

33
modules/desktop/addons/hyprpaper.nix
View file

@ -1,26 +1,29 @@
{
flake.modules.homeManager.cholli =
{ ... }:
{ lib, osConfig, ... }:
let
picture-path = "/home/cholli/Pictures/firewatch.jpg";
in
{
home.file = {
# https://www.reddit.com/r/WidescreenWallpaper/comments/13hib3t/purple_firewatch_3840x1620/
"Pictures/firewatch.jpg".source = ./firewatch.jpg;
};
config = lib.mkIf (osConfig.networking.hostName == "yggdrasil") {
wayland.windowManager.hyprland.settings.exec-once = [
''hyprctl hyprpaper wallpaper "DP-1,${picture-path}"''
];
services.hyprpaper = {
enable = true;
settings = {
preload = [ picture-path ];
wallpaper = "DP-1,${picture-path}";
home.file = {
# https://www.reddit.com/r/WidescreenWallpaper/comments/13hib3t/purple_firewatch_3840x1620/
"Pictures/firewatch.jpg".source = ./firewatch.jpg;
};
};
wayland.windowManager.hyprland.settings.exec-once = [
''hyprctl hyprpaper wallpaper "DP-1,${picture-path}"''
];
services.hyprpaper = {
enable = true;
settings = {
preload = [ picture-path ];
wallpaper = "DP-1,${picture-path}";
};
};
};
};
}

39
modules/desktop/addons/waybar.css Normal file
View file

@ -0,0 +1,39 @@
@define-color foreground #eeeeee;
@define-color foreground-inactive #aaaaaa;
@define-color background #000000;
* {
font-family: JetBrainsMono Nerd Font;
font-size: 17px;
padding: 0;
margin: 0;
}
#waybar {
color: @foreground;
background-color: @background;
}
#workspaces button {
color: @foreground;
padding-right: .5em
}
#workspaces button.empty {
color: @foreground-inactive;
}
#memory,
#custom-platform-profile {
padding-left: 1em
}
#wireplumber,
#battery,
#idle_inhibitor,
#language,
#network,
#bluetooth,
#tray {
padding-right: 1em
}

73
modules/desktop/addons/waybar.nix
View file

@ -1,3 +1,76 @@
{
flake.modules.homeManager.cholli =
{ lib, osConfig, ... }:
{
config = lib.mkIf osConfig.programs.niri.enable {
programs.waybar = {
enable = true;
style = ./waybar.css;
settings = {
topBar = {
layer = "top";
position = "top";
output = "DP-1";
height = 30;
spacing = 2;
modules-left = [ "niri/workspaces" ];
modules-center = [ "clock" ];
modules-right = [
"idle_inhibitor"
"bluetooth"
"wireplumber"
"cpu"
"memory"
"tray"
];
"niri/workspaces" = {
"format" = "<span size='larger'>{icon}</span>";
"on-click" = "activate";
"format-icons" = {
"active" = "";
"default" = "";
};
"icon-size" = 10;
"sort-by-number" = true;
};
"clock" = {
"format" = "{:%d.%m.%Y | %H:%M}";
};
"wireplumber" = {
"format" = " {volume}%";
"max-volume" = 100;
"scroll-step" = 5;
};
"cpu" = {
"format" = " {usage}%";
};
"memory" = {
"interval" = 30;
"format" = " {used:0.1f}G ";
};
"bluetooth" = {
"format" = "";
"format-disabled" = "󰂲";
"format-connected" = "󰂱";
"tooltip-format" = "{controller_alias}\t{controller_address}";
"tooltip-format-connected" = "{controller_alias}\t{controller_address}\n\n{device_enumerate}";
"tooltip-format-enumerate-connected" = "{device_alias}\t{device_address}";
};
"tray" = {
"icon-size" = 16;
"spacing" = 16;
};
"idle_inhibitor" = {
"format" = "{icon}";
"format-icons" = {
"activated" = "";
"deactivated" = "󰒲";
};
};
};
};
};
};
};
}

65
modules/desktop/niri.nix
View file

@ -3,9 +3,6 @@
nixos.niri =
{ inputs, pkgs, ... }:
{
imports = [
inputs.niri-flake.nixosModules.niri
];
programs.niri = {
enable = true;
@ -14,14 +11,12 @@
environment.systemPackages = with pkgs; [
kitty
fuzzel
inputs.niri-flake.packages.${pkgs.system}.xwayland-satellite-unstable
wl-clipboard
xsel
waybar
libnotify
];
@ -76,15 +71,33 @@
}:
{
config = lib.mkIf (osConfig.networking.hostName == "yggdrasil" && osConfig.programs.niri.enable) {
catppuccin = {
flavor = "mocha";
accent = "lavender";
cursors = {
enable = true;
};
fuzzel = {
enable = true;
};
mako = {
enable = true;
};
};
services.mako = {
enable = true;
settings = {
border-radius = 15;
border-color = "#505050";
background-color = "#00000070";
};
};
programs.fuzzel = {
enable = true;
};
programs.niri.settings = {
prefer-no-csd = true;
@ -144,6 +157,11 @@
};
};
cursor = {
hide-when-typing = true;
hide-after-inactive-ms = 10000;
};
hotkey-overlay.skip-at-startup = true;
screenshot-path = "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png";
@ -207,12 +225,25 @@
{
matches = [
{
app-id = "1password";
# This matches any subwindow of 1password e.g. the confirmation window for ssh keys
app-id = "1Password";
title = "1Password";
is-floating = true;
is-focused = false;
}
];
# this works, the border is drawn correctly
border = {
enable = true;
width = 2;
active.color = "#3a9657";
inactive.color = "#dbd11c";
};
#this does not seem to work
open-focused = true;
open-on-output = "DP-1";
}
{
matches = [
@ -225,6 +256,18 @@
open-on-workspace = "02-steam";
open-maximized = true;
}
{
matches = [
{
app-id = "obsidian";
}
{
app-id = "teams-for-linux";
}
];
open-on-workspace = "03-work";
}
{
matches = [
{
@ -259,6 +302,7 @@
matches = [
{
app-id = "1Password";
at-startup = true;
}
];
@ -460,12 +504,11 @@
spawn-at-startup = [
{ argv = [ "waybar" ]; }
{ argv = [ "zen-beta" ]; }
{ argv = [ "steam" ]; }
{ argv = [ "obsidian" ]; }
{ argv = [ "discord" ]; }
{ argv = [ "1password" ]; }
{ sh = "steam"; }
];
};
};

4
modules/games/various-games.nix
View file

@ -5,6 +5,10 @@
environment.systemPackages = with pkgs; [
prismlauncher
starsector
# gaming tools
pyfa
path-of-building
];
};
}

68
modules/hosts/loptland/default.nix
View file

@ -14,13 +14,16 @@ in
...
}:
let
domainName = "christophhollizeck.dev";
sopsFile = ../../../secrets/secrets-loptland.yaml;
in
{
nixpkgs.config.allowUnfree = true;
services.qemuGuest.enable = true;
# TODO: dunno why I need this packge
environment.systemPackages = [ pkgs.dconf ];
imports =
with config.flake.modules.nixos;
[
@ -30,7 +33,10 @@ in
# System modules
base
server
dev
hydra
factorio-server
forgejo
forgejo-runner
# apps
@ -45,7 +51,6 @@ in
# components
base
dev
# Activate all user based config
cholli
@ -55,18 +60,51 @@ in
];
sops = {
secrets = {
"forgejo/db/password" = {
inherit sopsFile;
};
"forgejo/mail/password" = {
inherit sopsFile;
};
"forgejo/mail/passwordHash" = {
inherit sopsFile;
};
};
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
networking.firewall.allowedTCPPorts = [
3000
80
443
];
nix = {
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [
{
hostName = "localhost";
protocol = null;
system = "x86_64-linux";
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
}
{
hostName = "100.86.23.74";
sshUser = "remotebuild";
sshKey = "/root/.ssh/remotebuild";
systems = [ "aarch64-linux" ];
protocol = "ssh";
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
];
}
];
};
};

8
modules/hosts/loptland/nginx.nix
View file

@ -8,8 +8,6 @@
}:
let
domainName = "christophhollizeck.dev";
forgejoPort = 3000;
hydraPort = 2000;
in
{
services.nginx = {
@ -17,7 +15,7 @@
recommendedProxySettings = true;
virtualHosts = {
"git.${domainName}" = {
"git.${domainName}" = lib.mkIf config.services.forgejo.enable {
forceSSL = true;
useACMEHost = domainName;
@ -25,7 +23,7 @@
extraConfig = ''
client_max_body_size 200M;
'';
proxyPass = "http://localhost:${toString forgejoPort}/";
proxyPass = "http://localhost:${toString 3000}/";
};
};
@ -34,7 +32,7 @@
useACMEHost = domainName;
locations."/" = {
proxyPass = "http://localhost:${toString hydraPort}/";
proxyPass = "http://localhost:${toString config.services.hydra.port}/";
};
};

52
modules/server/forgejo-runner.nix Normal file
View file

@ -0,0 +1,52 @@
{
flake.modules.nixos.forgejo-runner =
{ config, pkgs, ... }:
let
sopsFile = ../../secrets/secrets-loptland.yaml;
in
{
sops = {
secrets = {
"forgejo/runner/token" = {
inherit sopsFile;
};
};
};
services.gitea-actions-runner = {
package = pkgs.forgejo-runner;
instances = {
native = {
enable = true;
name = "monolith";
url = "https://git.christophhollizeck.dev";
tokenFile = config.sops.secrets."forgejo/runner/token".path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
lix
];
settings = {
log.level = "info";
runner = {
capacity = 1;
timeout = "3h";
shutdown_timeout = "5s";
fetch_timeout = "10s";
fetch_inteval = "5s";
};
};
};
};
};
};
}

76
modules/server/forgejo.nix Normal file
View file

@ -0,0 +1,76 @@
{
flake.modules.nixos.forgejo =
{ config, inputs, ... }:
let
domainName = "christophhollizeck.dev";
forgejoPort = 3000;
sopsFile = ../../secrets/secrets-loptland.yaml;
in
{
imports = [
inputs.simple-nixos-mailserver.nixosModules.default
];
sops = {
secrets = {
"forgejo/db/password" = {
inherit sopsFile;
};
"forgejo/mail/password" = {
inherit sopsFile;
};
"forgejo/mail/passwordHash" = {
inherit sopsFile;
};
};
};
services.forgejo = {
enable = true;
database.type = "postgres";
lfs.enable = true;
database = {
passwordFile = config.sops.secrets."forgejo/db/password".path;
};
settings = {
server = {
DOMAIN = "git.${domainName}";
ROOT_URL = "https://git.${domainName}";
HTTP_PORT = forgejoPort;
};
mailer = {
ENABLED = true;
PROTOCOL = "smtps";
FROM = "no-reply@${domainName}";
SMTP_ADDR = "mail.${domainName}";
USER = "forgejo@${domainName}";
};
service.DISABLE_REGISTRATION = true;
};
secrets = {
mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path;
};
};
mailserver = {
enable = true;
fqdn = "mail.${domainName}";
domains = [ domainName ];
loginAccounts = {
"forgejo@${domainName}" = {
hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
aliases = [ "no-reply@${domainName}" ];
};
};
certificateScheme = "acme-nginx";
stateVersion = 3;
};
};
}

4
modules/systems/bluetooth.nix
View file

@ -1,7 +1,9 @@
{
flake.modules.nixos.bluetooth =
{ ... }:
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.bluetui ];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;

2
modules/users/cholli/default.nix
View file

@ -41,6 +41,8 @@
shell = pkgs.fish;
# TODO: fix this with sops
initialPassword = "asdf";
openssh.authorizedKeys.keys = config.flake.meta.users.cholli.authorizedKeys;
};
nix.settings.trusted-users = [ config.flake.meta.users.cholli.username ];