Daholli/nixos-config
1
0
Fork 0
Code Issues 3 Pull requests Releases Packages Activity Actions

loptland #1

Closed
Daholli wants to merge 0 commits from loptland into main
pull from: loptland
merge into: Daholli:main
Conversation 0 Commits - Files changed 57 +717 -2278
57 changed files with 717 additions and 2278 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.envrc
View file

@ -1 +0,0 @@
export SOPS_AGE_KEY=$(ssh-to-age -i ~/.ssh/id_ed25519 -private-key)

22
.forgejo/workflows/nightly-update.yaml
View file

@ -1,22 +0,0 @@
on:
schedule:
- cron: 0 */6 * * *
jobs:
UpdateFlake:
runs-on: native
steps:
- name: Check out repository code
uses: actions/checkout@v4
- name: Update flake
run: |
cd ${{ gitea.workspace }}
nix flake update
- name: Commit new Flake.lock
run: |
git config --local user.email "christoph.hollizeck@hey.com"
git config --local user.name "forgjo-actions[bot]"
git commit -a -m "chore: update flake"
- name: Push changes
run: git push

7
.gitattributes vendored
View file

@ -1,4 +1,3 @@
# *.png filter=lfs diff=lfs merge=lfs -text
# *.webp filter=lfs diff=lfs merge=lfs -text
# *.jpg filter=lfs diff=lfs merge=lfs -text
* !text !filter !merge !diff
*.png filter=lfs diff=lfs merge=lfs -text
*.webp filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text

24
.github/templates/PULL_REQUEST_TEMPLATE.md vendored Normal file
View file

@ -0,0 +1,24 @@
<!--- Provide a general summary of your changes in the Title above -->
## Description
<!--- Describe your changes in detail -->
- Built on platform(s)
- [ ] x86_64-linux
- [ ] aarch64-linux
- [ ] x86_64-darwin
- [ ] aarch64-darwin
## Types of changes
<!--- What types of changes does your code introduce? Put an `x` in all the boxes that apply: -->
- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to change)
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! -->
- [ ] My change requires a change to the documentation.
- [ ] I have updated the documentation accordingly.
- [ ] I have added tests to cover my changes.
- [ ] All new and existing tests passed.

11
.sops.yaml
View file

@ -1,8 +1,5 @@
keys:
- &primary age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85
- &yggdrasil age1xxv54tzxz6n4cp4undmejl2lyd7k7s3yh9q0z6ed83evfuz6asqsqhaduv
- &loptland age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
- &nixberry age1ev7c7xfz0gmj6p5p8ugzz55y28lsn8fjlk0d8wc3w9drmw4e69ys6z5yg4
creation_rules:
- path_regex: secrets/secrets.yaml$
key_groups:
@ -13,16 +10,8 @@ creation_rules:
key_groups:
- age:
- *primary
- *yggdrasil
- path_regex: secrets/secrets-loptland.yaml$
key_groups:
- age:
- *primary
- *loptland
- path_regex: secrets/secrets-nixberry.yaml$
key_groups:
- age:
- *primary
- *nixberry

1098
flake.lock generated
View file

File diff suppressed because it is too large Load diff

61
flake.nix
View file

@ -2,12 +2,12 @@
description = "NixOs Config";
inputs = {
# nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs-latest-factorio.url = "github:Daholli/nixpkgs/1f36f691a2a05eb0785d35164ba03962607348bf";
nixpkgs-tuya-vacuum.url = "github:Daholli/nixpkgs/84b34e39e7a0879367189f34401191f6a0364bcf";
nixpkgs-latest-factorio.url = "github:Daholli/nixpkgs/d941e9aa2d89f377d45516c5edd765fef15ea90a";
home-manager = {
url = "github:nix-community/home-manager/master";
@ -30,7 +30,7 @@
###
# hyprland stuff
hyprland.url = "github:hyprwm/Hyprland";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprlock.url = "github:hyprwm/hyprlock";
hyprland-plugins = {
url = "github:hyprwm/hyprland-plugins";
@ -51,6 +51,17 @@
inputs.nixpkgs.follows = "nixpkgs";
};
snowfall-flake = {
url = "github:snowfallorg/flake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
# still not sure if I like helix or nvim more, for now helix does mostly everything I need it to
kickstartnvim = {
url = "github:Daholli/kickstart-nix-nvim";
inputs.nixpkgs.follows = "nixpkgs";
};
helix = {
url = "github:helix-editor/helix";
inputs.nixpkgs.follows = "nixpkgs";
@ -65,23 +76,7 @@
sops-nix.url = "github:Mic92/sops-nix";
## temporary
zen-browser.url = "github:0xc000022070/zen-browser-flake";
raspberry-pi-nix = {
url = "github:JamieMagee/raspberry-pi-nix/25118248489e047a7da43a21409b457aa2af315e";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/b4fbffe79c00f19be94b86b4144ff67541613659";
catppuccin.url = "github:catppuccin/nix";
###############
# homeassitant
tuya-vaccum-maps = {
url = "github:jaidenlabelle/tuya-vacuum-maps";
flake = false;
};
zen-browser.url = "github:ch4og/zen-browser-flake";
################
## inputs for dev shells
@ -118,39 +113,17 @@
outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; };
overlays = with inputs; [
snowfall-flake.overlays.default
kickstartnvim.overlays.default
hyprpanel.overlay
];
homes.modules = with inputs; [
sops-nix.homeManagerModules.sops
catppuccin.homeModules.catppuccin
];
systems.modules.nixos = with inputs; [
home-manager.nixosModules.home-manager
nix-ld.nixosModules.nix-ld
sops-nix.nixosModules.sops
catppuccin.nixosModules.catppuccin
];
systems.hosts.nixberry.modules = with inputs; [
raspberry-pi-nix.nixosModules.raspberry-pi
raspberry-pi-nix.nixosModules.sd-image
];
systems.hosts.loptland.modules = with inputs; [
simple-nixos-mailserver.nixosModules.default
];
systems.hosts.wsl.modules = with inputs; [ nixos-wsl.nixosModules.default ];
}
// rec {
self = inputs.self;
hydraJobs = {
hosts = lib.mapAttrs (_: cfg: cfg.config.system.build.toplevel) self.outputs.nixosConfigurations;
packages = self.packages;
};
};
}

22
homes/aarch64-linux/cholli@nixberry/default.nix
View file

@ -1,22 +0,0 @@
{
lib,
pkgs,
config,
osConfig ? { },
format ? "unknown",
...
}:
with lib.wyrdgard;
{
wyrdgard = {
apps = {
kitty = enabled;
};
tools = {
direnv = enabled;
};
};
home.stateVersion = "24.11";
}

2
homes/x86_64-linux/cholli@loptland/default.nix
View file

@ -17,4 +17,6 @@ with lib.wyrdgard;
direnv = enabled;
};
};
home.stateVersion = "24.11";
}

273
homes/x86_64-linux/cholli@yggdrasil/default.nix
View file

@ -2,12 +2,11 @@
lib,
pkgs,
config,
namespace,
osConfig ? { },
format ? "unknown",
...
}:
with lib.${namespace};
with lib.wyrdgard;
{
wyrdgard = {
apps = {
@ -19,273 +18,5 @@ with lib.${namespace};
};
};
services.easyeffects = {
enable = true;
preset = "jtrv-preset";
extraPresets = {
jtrv-preset = {
input = {
blocklist = [
];
"compressor#0" = {
attack = 5;
boost-amount = 6;
boost-threshold = -72;
bypass = false;
dry = -100;
hpf-frequency = 10;
hpf-mode = "off";
input-gain = 0;
knee = -6;
lpf-frequency = 20000;
lpf-mode = "off";
makeup = 0;
mode = "Downward";
output-gain = 0;
ratio = 4;
release = 75;
release-threshold = -40;
sidechain = {
lookahead = 0;
mode = "RMS";
preamp = 0;
reactivity = 10;
source = "Middle";
stereo-split-source = "Left/Right";
type = "Feed-forward";
};
stereo-split = false;
threshold = -20;
wet = 0;
};
"deesser#0" = {
bypass = false;
detection = "RMS";
f1-freq = 3000.0;
f1-level = -6.0;
f2-freq = 5000.0;
f2-level = -6.0;
f2-q = 1.5000000000000004;
input-gain = 0.0;
laxity = 15;
makeup = 0;
mode = "Wide";
output-gain = 0;
ratio = 5;
sc-listen = false;
threshold = -20;
};
"equalizer#0" = {
balance = 0;
bypass = false;
input-gain = 0;
left = {
band0 = {
frequency = 50;
gain = 3;
mode = "RLC (BT)";
mute = false;
q = 0.7;
slope = "x1";
solo = false;
type = "Hi-pass";
width = 4;
};
band1 = {
frequency = 90;
gain = 3;
mode = "RLC (MT)";
mute = false;
q = 0.7;
slope = "x1";
solo = false;
type = "Lo-shelf";
width = 4;
};
band2 = {
frequency = 425;
gain = -2;
mode = "BWC (MT)";
mute = false;
q = 0.9999999999999998;
slope = "x2";
solo = false;
type = "Bell";
width = 4;
};
band3 = {
frequency = 3500;
gain = 3;
mode = "BWC (BT)";
mute = false;
q = 0.7;
slope = "x2";
solo = false;
type = "Bell";
width = 4;
};
band4 = {
frequency = 9000;
gain = 2;
mode = "LRX (MT)";
mute = false;
q = 0.7;
slope = "x1";
solo = false;
type = "Hi-shelf";
width = 4;
};
};
mode = "IIR";
num-bands = 5;
output-gain = 0;
pitch-left = 0;
pitch-right = 0;
right = {
band0 = {
frequency = 50;
gain = 3;
mode = "RLC (BT)";
mute = false;
q = 0.7;
slope = "x1";
solo = false;
type = "Hi-pass";
width = 4;
};
band1 = {
frequency = 90;
gain = 3;
mode = "RLC (MT)";
mute = false;
q = 0.9999999999999998;
slope = "x1";
solo = false;
type = "Lo-shelf";
width = 4;
};
band2 = {
frequency = 425;
gain = -2;
mode = "BWC (MT)";
mute = false;
q = 0.7;
slope = "x2";
solo = false;
type = "Bell";
width = 4;
};
band3 = {
frequency = 3500;
gain = 3;
mode = "BWC (BT)";
mute = false;
q = 0.7;
slope = "x2";
solo = false;
type = "Bell";
width = 4;
};
band4 = {
frequency = 9000;
gain = 2;
mode = "LRX (MT)";
mute = false;
q = 0.7;
slope = "x1";
solo = false;
type = "Hi-shelf";
width = 4;
};
};
split-channels = false;
};
"gate#0" = {
attack = 1;
bypass = false;
curve-threshold = -50;
curve-zone = -2;
dry = -100;
hpf-frequency = 10;
hpf-mode = "off";
hysteresis = true;
hysteresis-threshold = -3;
hysteresis-zone = -1;
input-gain = 0;
lpf-frequency = 20000;
lpf-mode = "off";
makeup = 1;
output-gain = 0;
reduction = -15;
release = 200;
sidechain = {
input = "Internal";
lookahead = 0;
mode = "RMS";
preamp = 0;
reactivity = 10;
source = "Middle";
stereo-split-source = "Left/Right";
};
stereo-split = false;
wet = -1;
};
"limiter#0" = {
alr = false;
alr-attack = 5;
alr-knee = 0;
alr-release = 50;
attack = 1;
bypass = false;
dithering = "16bit";
external-sidechain = false;
gain-boost = true;
input-gain = 0;
lookahead = 5;
mode = "Herm Wide";
output-gain = 0;
oversampling = "Half x2(2L)";
release = 5;
sidechain-preamp = 0;
stereo-link = 100;
threshold = -1;
};
plugins_order = [
"rnnoise#0"
"gate#0"
"deesser#0"
"compressor#0"
"equalizer#0"
"speex#0"
"limiter#0"
];
"rnnoise#0" = {
bypass = false;
enable-vad = false;
input-gain = 0;
model-path = "";
output-gain = 0;
release = 20;
vad-thres = 50;
wet = 0;
};
"speex#0" = {
bypass = false;
enable-agc = false;
enable-denoise = false;
enable-dereverb = false;
input-gain = 0;
noise-suppression = -70;
output-gain = 0;
vad = {
enable = true;
probability-continue = 90;
probability-start = 95;
};
};
};
};
};
};
home.stateVersion = "23.11";
}

10
modules/home/apps/cli-apps/fish/default.nix
View file

@ -18,14 +18,13 @@ in
};
config = mkIf cfg.enable {
catppuccin.fish.enable = true;
programs = {
fish = {
enable = true;
shellInit = ''
zoxide init fish | source
direnv hook fish | source
source ~/.config/op/plugins.sh
set -x LESS_TERMCAP_mb \e'[01;32m'
set -x LESS_TERMCAP_md \e'[01;32m'
@ -39,14 +38,9 @@ in
'';
shellAliases = {
vim = "hx";
ls = "eza -lah --icons --git";
ls = "eza -lh --icons --git";
lss = "ls --total-size";
};
functions = {
checkHash = "nix hash to-sri --type sha256 $(nix-prefetch-url --unpack $argv)";
deployNixberry = "nixos-rebuild switch --flake .#nixberry --target-host nixberry --use-remote-sudo --fast";
deployLoptland = "nixos-rebuild switch --flake .#loptland --target-host christophhollizeck.dev --use-remote-sudo --fast";
};
plugins = with pkgs.fishPlugins; [
{
name = "forgit";

1
modules/home/apps/cli-apps/starship/default.nix
View file

@ -16,7 +16,6 @@ in
};
config = mkIf cfg.enable {
catppuccin.starship.enable = true;
programs = {
fish.shellInit = "
starship init fish | source

4
modules/home/apps/kitty/default.nix
View file

@ -19,8 +19,6 @@ in
home.sessionVariables.TERMINAL = "kitty";
catppuccin.kitty.enable = true;
# TODO: move this to a thunar specific module
home.file.".config/Thunar/uca.xml".text = ''
<?xml version="1.0" encoding="UTF-8"?>
@ -42,7 +40,7 @@ in
programs.kitty = {
enable = true;
# themeFile = "tokyo_night_night";
themeFile = "tokyo_night_night";
font = {
name = "Code New Roman";
size = 15;

3
modules/home/tools/git/default.nix
View file

@ -16,7 +16,7 @@ in
enable = mkBoolOpt true "Enable Git (Default true)";
userName = mkOpt types.str user.fullName "The name to configure git with.";
userEmail = mkOpt types.str user.email "The email to configure git with.";
signingKey = mkOpt types.str "ACCFA2DB47795D9E" "The pub key to sign commits with.";
signingKey = mkOpt types.str "6995A5FF33791B7B" "The pub key to sign commits with.";
signByDefault = mkOpt types.bool true "Whether to sign commits by default.";
};
@ -52,7 +52,6 @@ in
];
strategy = "incremental";
};
lfs."https://git.christophhollizeck.dev/Daholli/nixos-config.git/info/lfs".locksverify = true;
};
};
};

10
modules/nixos/apps/_1password/default.nix
View file

@ -11,10 +11,8 @@ let
inherit (lib.${namespace}) mkBoolOpt;
cfg = config.${namespace}.apps._1password;
username = config.${namespace}.user.name;
in
{
options.${namespace}.apps._1password = {
enable = mkBoolOpt true "Enable 1Password";
};
@ -24,14 +22,8 @@ in
_1password.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ username ];
polkitPolicyOwners = [ config.${namespace}.user.name ];
};
};
${namespace}.home.file.".ssh/config".text = ''
Host *
ForwardAgent yes
IdentityAgent /home/${username}/.1password/agent.sock
'';
};
}

33
modules/nixos/apps/cli-apps/helix/default.nix
View file

@ -8,7 +8,7 @@
...
}:
let
inherit (lib) mkIf mkEnableOption mkOption;
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.cli-apps.helix;
cachix-url = "https://helix.cachix.org";
@ -19,42 +19,27 @@ in
{
options.${namespace}.apps.cli-apps.helix = {
enable = mkEnableOption "Whether to enable helix or not";
pkg = mkOption {
type = lib.types.package;
default = helix-pkg;
description = "Which helix pacakge to use";
};
};
config = mkIf cfg.enable {
environment = {
systemPackages = [
cfg.pkg
helix-pkg
pkgs.wl-clipboard
];
};
${namespace} = {
home.extraOptions = {
home.file.".config/helix/ignore".text = ''
.idea/
!**/appsettings.json
.direnv/
.devenv/
'';
catppuccin.helix.enable = true;
programs.helix = {
enable = true;
package = helix-pkg;
defaultEditor = true;
settings = {
theme = "tokyonight";
editor = {
auto-format = true;
line-number = "relative";
file-picker = {
hidden = false;
};
lsp = {
display-inlay-hints = true;
@ -154,21 +139,11 @@ in
config.provideFormatter = true;
config.json.validate.enable = true;
};
vscode-html-language-server = {
command = "${pkgs.vscode-langservers-extracted}/bin/vscode-html-language-server";
args = [ "--stdio" ];
config.provideFormatter = true;
};
vscode-css-language-server = {
command = "${pkgs.vscode-langservers-extracted}/bin/vscode-css-language-server";
args = [ "--stdio" ];
config.provideFormatter = true;
};
vscode-eslint-language-server = {
command = "${pkgs.vscode-langservers-extracted}/bin/vscode-eslint-language-server";
args = [ "--stdio" ];
config.provideFormatter = true;
};
};
};
};

1
modules/nixos/apps/discord/default.nix
View file

@ -19,7 +19,6 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
discord
vesktop
];
};
}

23
modules/nixos/apps/starsector/default.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
namespace,
options,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.apps.starsector;
in
{
options.${namespace}.apps.starsector = {
enable = mkEnableOption "Whether or not to enable the game starsector.";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
starsector
];
};
}

7
modules/nixos/apps/zen-browser/default.nix
View file

@ -23,15 +23,12 @@ in
zenbrowser
];
environment.sessionVariables = {
DEFAULT_BROWSER = "${zenbrowser}/bin/zen-beta";
BROWSER = "zen-beta";
};
environment.sessionVariables.DEFAULT_BROWSER = "${zenbrowser}/bin/zen";
environment.etc = {
"1password/custom_allowed_browsers" = {
text = ''
zen
.zen-wrapped
'';
mode = "0755";
};

10
modules/nixos/desktop/addons/hypridle/default.nix
View file

@ -2,12 +2,14 @@
config,
lib,
namespace,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.desktop.addons.hypridle;
username = config.${namespace}.user.name;
in
{
options.${namespace}.desktop.addons.hypridle = {
@ -15,19 +17,19 @@ in
};
config = mkIf cfg.enable {
${namespace}.home.extraOptions = {
snowfallorg.users.${username}.home.config = {
services.hypridle = {
enable = true;
settings = {
general = {
after_sleep_cmd = "hyprctl dispatch dpms on";
ignore_dbus_inhibit = false;
lock_cmd = "hyprlock-blur";
lock_cmd = "hyprlock";
};
listener = [
{
timeout = 600;
timeout = 900;
on-timeout = "loginctl lock-session";
}
{

4
modules/nixos/desktop/addons/hyprlock/default.nix
View file

@ -31,11 +31,9 @@ in
config = mkIf cfg.enable {
security.pam.services.hyprlock = { };
environment.systemPackages = [ hyprlock-blur ];
${namespace}.desktop.hyprland.settings = {
bind = [
"$mod CTRL, l, exec, hyprlock-blur"
"$mod CTRL, l, exec, ${hyprlock-blur}/bin/hyprlock-blur"
];
};

BIN
modules/nixos/desktop/addons/hyprlock/hyprlock_preview.png
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 3.7 MiB

After

Width:  |  Height:  |  Size: 132 B

Before After
Before After

4
modules/nixos/desktop/addons/hyprpanel/default.nix
View file

@ -610,9 +610,5 @@ in
text = builtins.toJSON settings;
};
};
environment.systemPackages = with pkgs.nerd-fonts; [
jetbrains-mono
];
};
}

BIN
modules/nixos/desktop/addons/hyprpaper/firewatch.jpg
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.1 MiB

After

Width:  |  Height:  |  Size: 132 B

Before After
Before After

13
modules/nixos/desktop/default.nix
View file

@ -17,15 +17,11 @@ in
};
config = mkIf cfg.enable {
catppuccin.flavor = "mocha";
catppuccin.enable = true;
${namespace}.home.extraOptions = {
catppuccin.flavor = "mocha";
catppuccin.enable = true;
dconf = {
settings."org/gnome/desktop/interface".color-scheme = "prefer-dark";
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
gtk = {
@ -44,5 +40,6 @@ in
platformTheme = "gnome";
style = "adwaita-dark";
};
};
}

88
modules/nixos/desktop/hyprland/default.nix
View file

@ -31,51 +31,9 @@ let
else
# always open on w/space 4
hyprctl dispatch workspace 9
ELECTRON_OZONE_PLATFORM_HINT=x11 1password&
1password&
fi
'';
# clipsync = pkgs.writeShellScriptBin "clipsync" ''
# insert() {
# # Read all the piped input into variable.
# value=$(cat)
# wValue="$(wl-paste)"
# xValue="$(xclip -o -selection clipboard)"
# notify() {
# notify-send -u low -c clipboard "$1" "$value"
# }
# if [ "$value" != "$wValue" ]; then
# notify "Wayland"
# echo -n "$value" | wl-copy
# fi
# if [ "$value" != "$xValue" ]; then
# notify "X11"
# echo -n "$value" | xclip -selection clipboard
# fi
# }
# watch() {
# # Wayland -> X11
# wl-paste --type text --watch clipsync insert &
# # X11 -> Wayland
# while clipnotify; do
# xclip -o -selection clipboard | clipsync insert
# done &
# }
# kill() {
# pkill wl-paste
# pkill clipnotify
# pkill xclip
# pkill clipsync
# }
# "$@"
# '';
in
{
options.${namespace}.desktop.hyprland = {
@ -96,13 +54,8 @@ in
libnotify
# Wayland Utilities
wlr-randr
# Clipboard Stuff
wl-clipboard
xclip
clipnotify
# clipsync
wlr-randr
# Screenshot Utility
grimblast
@ -128,15 +81,11 @@ in
};
};
services.greetd = {
services = {
xserver = enabled;
displayManager.sddm = {
enable = true;
settings = rec {
initial_session = {
command = "${hyprland-package}/bin/Hyprland";
user = "cholli";
};
default_session = initial_session;
theme = "Elegant";
};
};
@ -168,15 +117,19 @@ in
{
"$mod" = "SUPER";
env = [
"QT_AUTO_SCREEN_SCALE_FACTOR,1"
"QT_QPA_PLATFORM,wayland;xcb"
"QT_WAYLAND_DISABLE_WINDOWDECORATION,1"
];
exec-once = [
"systemctl --user start hyprpolkitagent"
"[workspace 2 silent] steam --disable-gpu-compositing" # nvidia pls let me have nice things
"[workspace 8 silent] discord"
"[workspace 9 silent] ELECTRON_OZONE_PLATFORM_HINT=x11 1password" # fix for promts not showing up anymore
"[workspace 1 silent] zen-beta"
"${pkgs.xorg.xhost}/bin/xhost +"
"[workspace 8 silent] discord --disable-gpu-compositing"
"[workspace 9 silent] 1password"
"[workspace 1 silent] zen"
];
windowrulev2 = [
@ -263,6 +216,7 @@ in
"$mod SHIFT, P, changegroupactive, b"
"$mod, R, togglesplit,"
"$mod, T, togglefloating,"
"$mod, P, pseudo,"
"$mod ALT, ,resizeactive,"
"$mod CTRL, left, movecurrentworkspacetomonitor, l"
@ -290,6 +244,7 @@ in
#run important programs
"$mod, Return, exec, kitty"
"$mod, Z, exec, zen"
"$mod, D, exec, rofi -show drun"
"$mod, P, exec, focus-or-open-1pass"
# "$mod, D, exec, rofi -show combi"
@ -361,14 +316,7 @@ in
};
environment.sessionVariables = {
NIXOS_OZONE_WL = "1"; # Hint electron apps to use wayland
ELECTRON_OZONE_PLATFORM_HINT = "auto";
XDG_SESSION_TYPE = "wayland";
QT_AUTO_SCREEN_SCALE_FACTOR = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
QT_QPA_PLATFORM = "wayland;xcb";
NIXOS_OZONE_WL = "1";
};
};
}

10
modules/nixos/home/default.nix
View file

@ -20,15 +20,15 @@ in
};
config = {
snowfallorg.users.${config.${namespace}.user.name}.home.config = mkMerge [
{
${namespace}.home.extraOptions = {
home.stateVersion = config.system.stateVersion;
home.file = mkAliasDefinitions options.${namespace}.home.file;
xdg.enable = true;
xdg.configFile = mkAliasDefinitions options.${namespace}.home.configFile;
}
config.${namespace}.home.extraOptions
];
};
snowfallorg.users.${config.${namespace}.user.name}.home.config =
config.${namespace}.home.extraOptions;
home-manager = {
useUserPackages = true;

9
modules/nixos/nix/default.nix
View file

@ -41,13 +41,10 @@ in
}) cfg.extra-substituters;
environment.systemPackages = with pkgs; [
snowfallorg.flake
nixfmt-rfc-style
nix-prefetch-git
nix-du
nix-weather
nix-index
nix-output-monitor
];
nix =
@ -55,8 +52,7 @@ in
users = [
"root"
config.${namespace}.user.name
"gitea-runner"
] ++ optional config.services.hydra.enable "hydra hydra-www hydra-evaluator hydra-queue-runner";
];
in
{
package = cfg.package;
@ -71,7 +67,6 @@ in
auto-optimise-store = true;
trusted-users = users;
allowed-users = users;
allowed-uris = "github: https://github.com/ git+https://github.com/ gitlab: https://gitlab.com/ git+https://gitlab.com/";
substituters = [
cfg.default-substituter.url
] ++ (mapAttrsToList (name: value: name) cfg.extra-substituters);

12
modules/nixos/security/acme/default.nix
View file

@ -26,15 +26,15 @@ in
config = mkIf cfg.enable {
sops = {
secrets = {
"netcup/customer_number" = {
netcup_customer_number = {
inherit (cfg) sopsFile;
};
"netcup/api/key" = {
netcup_api_key = {
inherit (cfg) sopsFile;
};
"netcup/api/password" = {
netcup_api_password = {
inherit (cfg) sopsFile;
};
};
@ -42,9 +42,9 @@ in
templates = {
"netcup.env" = {
content = ''
NETCUP_CUSTOMER_NUMBER=${config.sops.placeholder."netcup/customer_number"}
NETCUP_API_KEY=${config.sops.placeholder."netcup/api/key"}
NETCUP_API_PASSWORD=${config.sops.placeholder."netcup/api/password"}
NETCUP_CUSTOMER_NUMBER=${config.sops.placeholder.netcup_customer_number}
NETCUP_API_KEY=${config.sops.placeholder.netcup_api_key}
NETCUP_API_PASSWORD=${config.sops.placeholder.netcup_api_password}
NETCUP_PROPAGATION_TIMEOUT=1200
'';
};

3
modules/nixos/security/gpg/default.nix
View file

@ -43,7 +43,7 @@ in
pinentry-qt
yubikey-manager
yubioath-flutter
yubikey-manager-qt
reload-yubikey
];
@ -64,6 +64,7 @@ in
".gnupg/gpg.conf".source = gpgConf;
".gnupg/gpg-agent.conf".text = gpgAgentConf;
".gnupg/scdeamon.conf".text = "disable-ccid";
# YUBIKEYCERTIFYPASSWORD
};
};
};

1
modules/nixos/security/keyring/default.nix
View file

@ -18,6 +18,5 @@ in
config = mkIf cfg.enable {
services.gnome.gnome-keyring.enable = true;
security.pam.services.sddm.enableGnomeKeyring = true;
security.pam.services.greetd.enableGnomeKeyring = true;
};
}

4
modules/nixos/security/sops/default.nix
View file

@ -19,15 +19,13 @@ in
environment.systemPackages = with pkgs; [
sops
age
ssh-to-age
];
sops = {
defaultSopsFile = lib.snowfall.fs.get-file "secrets/secrets.yaml";
defaultSopsFormat = "yaml";
# age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
age.keyFile = "/home/cholli/.config/sops/age/keys.txt";
};
};
}

24
modules/nixos/services/factorio-server/default.nix
View file

@ -24,50 +24,44 @@ in
environment.systemPackages = [ pkgs.factorio-headless ];
sops = {
secrets = {
"factorio/token" = {
factorio_token = {
restartUnits = [ "factorio.service" ];
inherit (cfg) sopsFile;
};
"factorio/username" = {
factorio_username = {
restartUnits = [ "factorio.service" ];
inherit (cfg) sopsFile;
};
"factorio/game_password" = {
factorio_game_password = {
restartUnits = [ "factorio.service" ];
inherit (cfg) sopsFile;
};
};
templates."extraSettingsFile.json".content = ''
{
"name": "Pyanodons Holli",
"name": "SpaceAgeHolli",
"description": "Trying to run a factorio-headless-server on my nix system",
"tags": ["vanilla"],
"max_players": 10,
"game_password": "${config.sops.placeholder."factorio/game_password"}",
"game_password": "${config.sops.placeholder.factorio_game_password}",
"allow_commands": "admins-only",
"autosave_slots": 5,
"ignore_player_limit_for_returning_players": true,
"username" : "${config.sops.placeholder."factorio/username"}",
"token": "${config.sops.placeholder."factorio/token"}"
"username" : "${config.sops.placeholder.factorio_username}",
"token": "${config.sops.placeholder.factorio_token}"
}
'';
templates."extraSettingsFile.json".mode = "0444";
};
systemd.tmpfiles.rules = [
"Z /var/lib/factorio/mods 770 65400 65400 - -"
"Z /var/lib/factorio/saves 770 65400 65400 - -"
];
services.factorio = {
enable = true;
openFirewall = true;
public = true;
lan = true;
nonBlockingSaving = true;
autosave-interval = 5;
saveName = "Pyanodons";
loadLatestSave = true;
autosave-interval = 15;
saveName = "SpaceAge";
admins = [
"daholli"
"galbrain"

182
modules/nixos/services/gitea-runner/default.nix
View file

@ -1,182 +0,0 @@
{
lib,
config,
namespace,
pkgs,
...
}:
with lib.${namespace};
let
cfg = config.${namespace}.services.gitea-runner;
inherit (lib) mkIf mkOption mkEnableOption;
inherit (lib.types)
attrsOf
package
path
submodule
str
;
in
{
options.${namespace}.services.gitea-runner = {
enable = mkEnableOption "Enable gitea/forgejo runner";
git-url = mkOption {
type = str;
default = "https://git.christophhollizeck.dev";
};
sopsFile = mkOption {
type = path;
default = lib.snowfall.fs.get-file "secrets/secrets.yaml";
description = "SecretFile";
};
runner-package = mkOption {
type = package;
default = pkgs.forgejo-actions-runner;
description = "Which runner to use Gitea/Forgjo";
};
## taken from nixos/modules/services/continuous-integration/gitea-actions-runner.nix
runner-instances = mkOption {
default = { };
description = ''
Gitea Actions Runner instances.
'';
type = attrsOf (submodule {
options = {
enable = mkEnableOption "Gitea Actions Runner instance";
name = mkOption {
type = str;
example = literalExpression "config.networking.hostName";
description = ''
The name identifying the runner instance towards the Gitea/Forgejo instance.
'';
};
url = mkOption {
type = str;
example = "https://forge.example.com";
description = ''
Base URL of your Gitea/Forgejo instance.
'';
};
tokenFile = mkOption {
type = nullOr (either str path);
default = null;
description = ''
Path to an environment file, containing the `TOKEN` environment
variable, that holds a token to register at the configured
Gitea/Forgejo instance.
'';
};
labels = mkOption {
type = listOf str;
example = literalExpression ''
[
# provide a debian base with nodejs for actions
"debian-latest:docker://node:18-bullseye"
# fake the ubuntu name, because node provides no ubuntu builds
"ubuntu-latest:docker://node:18-bullseye"
# provide native execution on the host
#"native:host"
]
'';
description = ''
Labels used to map jobs to their runtime environment. Changing these
labels currently requires a new registration token.
Many common actions require bash, git and nodejs, as well as a filesystem
that follows the filesystem hierarchy standard.
'';
};
settings = mkOption {
description = ''
Configuration for `act_runner daemon`.
See https://gitea.com/gitea/act_runner/src/branch/main/internal/pkg/config/config.example.yaml for an example configuration
'';
type = types.submodule {
freeformType = settingsFormat.type;
};
default = { };
};
hostPackages = mkOption {
type = listOf package;
default = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
];
defaultText = literalExpression ''
with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
]
'';
description = ''
List of packages, that are available to actions, when the runner is configured
with a host execution label.
'';
};
};
});
};
};
config = mkIf cfg.enable {
sops = {
secrets = {
"forgejo/runner/token" = {
inherit (cfg) sopsFile;
};
};
};
services.gitea-actions-runner = {
package = cfg.runner-package;
instances = {
native = {
enable = true;
name = "monolith";
url = cfg.git-url;
tokenFile = config.sops.secrets."forgejo/runner/token".path;
labels = [
"native:host"
];
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
lix
];
settings = {
log.level = "info";
runner = {
capacity = 1;
timeout = "3h";
shutdown_timeout = "5s";
fetch_timeout = "10s";
fetch_inteval = "5s";
};
};
};
} // cfg.runner-instances;
};
};
}

37
modules/nixos/services/hydra/default.nix
View file

@ -1,37 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
cfg = config.${namespace}.services.hydra;
inherit (lib) mkIf mkOption mkEnableOption;
in
{
options.${namespace}.services.hydra = {
enable = mkEnableOption "Enable Hydra CI";
httpPort = mkOption {
type = lib.types.int;
default = 2000;
description = "The path to host the http server on, relevant for nginx forwarding";
};
enableCache = mkEnableOption "Enable cache using nix-server";
};
config = mkIf cfg.enable {
services.nix-serve = mkIf cfg.enableCache {
enable = true;
secretKeyFile = "/var/cache-priv-key.pem";
};
services.hydra = {
enable = true;
hydraURL = "http://localhost:${toString cfg.httpPort}";
port = cfg.httpPort;
notificationSender = "hydra@localhost";
useSubstitutes = true;
};
};
}

29
modules/nixos/services/openssh/default.nix
View file

@ -1,29 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
cfg = config.${namespace}.services.openssh;
inherit (lib) mkIf mkEnableOption;
in
{
options.${namespace}.services.openssh = {
enable = mkEnableOption "Enable SSH";
};
config = mkIf cfg.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
services.fail2ban = {
enable = true;
};
};
}

48
modules/nixos/services/remotebuild/default.nix
View file

@ -1,48 +0,0 @@
{
lib,
config,
namespace,
...
}:
let
cfg = config.${namespace}.services.remotebuild;
inherit (lib) mkIf mkEnableOption;
in
{
options.${namespace}.services.remotebuild = {
enable = mkEnableOption "Enable remotebuild";
};
config = mkIf cfg.enable {
users.users.remotebuild = {
isNormalUser = true;
createHome = false;
group = "remotebuild";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil"
];
};
users.groups.remotebuild = { };
nix = {
nrBuildUsers = 64;
settings = {
trusted-users = [ "remotebuild" ];
min-free = 10 * 1024 * 1024;
max-free = 200 * 1024 * 1024;
max-jobs = "auto";
cores = 0;
};
};
systemd.services.nix-daemon.serviceConfig = {
MemoryAccounting = true;
MemoryMax = "90%";
OOMScoreAdjust = 500;
};
};
}

21
modules/nixos/submodules/basics-wsl/default.nix
View file

@ -17,7 +17,7 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
fastfetch
neofetch
fd
tree
@ -27,27 +27,10 @@ in
wslu
wsl-open
zip
unzip
];
${namespace} = {
nix = {
enable = true;
extra-substituters = {
"https://cache.lix.systems" = {
key = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=";
};
"https://nix-community.cachix.org" = {
key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
};
"https://nixcache.christophhollizeck.dev" = {
key = "christophhollizeck.dev:7pPAvm9xqFQB8FDApVNL6Tii1Jsv+Sj/LjEIkdeGhbA=";
};
};
};
nix = enabled;
apps.cli-apps.helix = enabled;

20
modules/nixos/submodules/basics/default.nix
View file

@ -18,7 +18,7 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
fastfetch
neofetch
fd
tree
@ -30,26 +30,10 @@ in
pciutils
usbutils
btop
zip
unzip
];
${namespace} = {
nix = {
enable = true;
extra-substituters = {
"https://cache.lix.systems" = {
key = "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=";
};
"https://nix-community.cachix.org" = {
key = "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=";
};
"https://nixcache.christophhollizeck.dev" = {
key = "christophhollizeck.dev:7pPAvm9xqFQB8FDApVNL6Tii1Jsv+Sj/LjEIkdeGhbA=";
};
};
};
nix = enabled;
apps.cli-apps.helix = enabled;

84
modules/nixos/submodules/games/EVE_bottles.yml
View file

@ -1,84 +0,0 @@
Arch: win64
CompatData: ''
Creation_Date: '2024-11-12 18:24:45.924771'
Custom_Path: false
DLL_Overrides: {}
DXVK: dxvk-2.4.1
Environment: Custom
Environment_Variables: {}
External_Programs:
b8ae3872-d1d4-435f-ba7f-1cd829b4da81:
executable: eve-online-latest+Setup.exe
folder: /home/cholli/Downloads
id: b8ae3872-d1d4-435f-ba7f-1cd829b4da81
name: eve-online-latest+Setup
path: /home/cholli/Downloads/eve-online-latest+Setup.exe
Installed_Dependencies:
- dotnet40
- dotnet48
- vcredist2022
Language: sys
LatencyFleX: latencyflex-v0.1.1
NVAPI: dxvk-nvapi-v0.7.1
Name: EVE
Parameters:
custom_dpi: 96
decorated: true
discrete_gpu: false
dxvk: true
dxvk_nvapi: false
fixme_logs: false
fsr: false
fsr_quality_mode: none
fsr_sharpening_strength: 2
fullscreen_capture: false
gamemode: false
gamescope: false
gamescope_borderless: false
gamescope_fps: 0
gamescope_fps_no_focus: 0
gamescope_fullscreen: true
gamescope_game_height: 0
gamescope_game_width: 0
gamescope_scaling: false
gamescope_window_height: 0
gamescope_window_width: 0
latencyflex: false
mangohud: false
mouse_warp: true
obsvkc: false
pulseaudio_latency: false
renderer: gl
sandbox: false
sync: wine
take_focus: false
use_be_runtime: true
use_eac_runtime: true
use_runtime: false
use_steam_runtime: false
versioning_automatic: false
versioning_compression: false
versioning_exclusion_patterns: false
virtual_desktop: false
virtual_desktop_res: 1280x720
vkbasalt: false
vkd3d: true
vmtouch: false
vmtouch_cache_cwd: false
Path: EVE
Runner: caffe-9.7
RunnerPath: ''
Sandbox:
share_net: false
share_sound: false
State: 0
Uninstallers: {}
Update_Date: '2024-11-12 18:36:11.134986'
VKD3D: vkd3d-proton-2.13
Versioning: false
Versioning_Exclusion_Patterns: []
Windows: win10
WorkingDir: /storage/home/bottles
data: {}
run_in_terminal: false
session_arguments: ''

8
modules/nixos/system/fonts/default.nix
View file

@ -28,11 +28,15 @@ in
fonts.packages =
with pkgs;
[
(nerdfonts.override {
fonts = [
"CodeNewRoman"
"NerdFontsSymbolsOnly"
];
})
font-awesome
powerline-fonts
powerline-symbols
nerd-fonts.code-new-roman
nerd-fonts.symbols-only
]
++ cfg.fonts;
};

6
modules/nixos/system/hardware/audio/default.nix
View file

@ -18,11 +18,13 @@ in
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
noisetorch
pavucontrol
easyeffects
];
services.pulseaudio = disabled;
programs.noisetorch.enable = true;
hardware.pulseaudio = disabled;
security.rtkit.enable = true;
services.pipewire = {

13
modules/nixos/system/hardware/gpu/nvidia/default.nix
View file

@ -28,20 +28,9 @@ in
powerManagement.enable = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.beta; # stable, beta
package = config.boot.kernelPackages.nvidiaPackages.stable; # stable, beta
};
services.xserver.videoDrivers = [ "nvidia" ];
boot.kernelParams = [
"nvidia.NVreg_PreserveVideoMemoryAllocations=1"
"nvidia_drm.fbdev=1"
];
environment.sessionVariables = {
GBM_BACKEND = "nvidia-drm";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
LIBVA_DRIVER_NAME = "nvidia";
NVD_BACKEND = "direct";
};
};
}

23
modules/nixos/tools/devenv/default.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
namespace,
pkgs,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.${namespace}.tools.devenv;
in
{
options.${namespace}.tools.devenv = {
enable = mkEnableOption "Whether or not to enable direnv.";
};
config = mkIf cfg.enable {
environment.systemPackages = [
pkgs.devenv
];
};
}

5
modules/nixos/tools/git/default.nix
View file

@ -17,7 +17,7 @@ in
enable = mkBoolOpt true "Wether or not to enable git (Default enabled)";
userName = mkOpt types.str user.fullName "The name to use git with";
userEmail = mkOpt types.str user.email "The email to use git with";
signingKey = mkOpt types.str "ACCFA2DB47795D9E" "The key ID to sign commits with.";
signingKey = mkOpt types.str "6995A5FF33791B7B" "The key ID to sign commits with.";
};
config = mkIf cfg.enable {
@ -34,7 +34,7 @@ in
lfs.enable = true;
signing = {
key = cfg.signingKey;
signByDefault = true;
signByDefault = mkIf gpg.enable true;
};
extraConfig = {
init = {
@ -49,7 +49,6 @@ in
safe = {
directory = "${config.users.users.${user.name}.home}/projects/config";
};
lfs."https://git.christophhollizeck.dev/Daholli/nixos-config.git/info/lfs".locksverify = true;
};
};
};

32
modules/nixos/user/default.nix
View file

@ -2,6 +2,7 @@
config,
lib,
namespace,
options,
pkgs,
...
}:
@ -10,6 +11,33 @@ with lib.${namespace};
let
cfg = config.${namespace}.user;
defaultIconFileName = "profile.png";
defaultIcon = pkgs.stdenvNoCC.mkDerivation {
name = "default-icon";
src = ./. + "/${defaultIconFileName}";
dontUnpack = true;
installPhase = ''
cp $src $out
'';
passthru = {
fileName = defaultIconFileName;
};
};
propagatedIcon =
pkgs.runCommandNoCC "propagated-icon"
{
passthru = {
inherit (fileName) ;
};
}
''
local target="$out/share/${namespace}-icons/user/${cfg.name}"
mkdir -p "$target"
cp ${cfg.icon} "$target/${cfg.icon.fileName}"
'';
in
{
options.${namespace}.user = with types; {
@ -17,7 +45,7 @@ in
fullName = mkOpt str "Christoph Hollizeck" "The full name of the user.";
email = mkOpt str "christoph.hollizeck@hey.com" "The email of the user.";
initialPassword = mkOpt str "asdf" "The initial password to use when the user is first created.";
icon = mkOpt (nullOr path) ./${defaultIconFileName} "The profile picture to use for the user.";
icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user.";
extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned.";
extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
trustedPublicKeys = mkOption {
@ -50,7 +78,7 @@ in
"Videos/.keep".text = "";
"projects/.keep".text = "";
".face".source = cfg.icon;
"Pictures/${defaultIconFileName}".source = cfg.icon;
"Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon;
};
};

9
overlays/discord/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
final: prev: {
discord = prev.discord.overrideAttrs (oldAttrs: {
commandLineArgs = ''
--disable-gpu-compositing
'';
});
}

8
overlays/starsector/default.nix
View file

@ -1,8 +0,0 @@
{ ... }:
final: prev: {
starsector = prev.starsector.overrideAttrs (prevAttrs: {
postInstall = ''
wrapProgram $out/bin/starsector --set __GL_THREADED_OPTIMIZATIONS 0
'';
});
}

5
overlays/tuya-vacuum/default.nix
View file

@ -1,5 +0,0 @@
{ channels, ... }:
final: prev: {
tuya-vacuum = channels.nixpkgs-tuya-vacuum.python3Packages.tuya-vacuum;
}

60
secrets/secrets-loptland.yaml
View file

@ -1,44 +1,30 @@
factorio:
username: ENC[AES256_GCM,data:aFRsUMsoaw==,iv:8EGn99WbgJxUyEKuOcwV6U8awOl7bDfmui+M3mDBoCg=,tag:BzMvGS3lfTsXToI/I5dguQ==,type:str]
token: ENC[AES256_GCM,data:WP6FTOBOBuNF6+pzi090wXsXpL2XsU34dQ2ZMzmw,iv:uKM4hLyx3vdyk9F0SyKu4x+2sl442GWXwEKbdgo/Dug=,tag:Xw3BJ7wxuft6hOG9cGtW0g==,type:str]
game_password: ENC[AES256_GCM,data:GtLNoCdQH1M=,iv:dxOMtXscLeMdsQxWjNgrIMb08vL2wAswvd1oM6pEWPA=,tag:a55ciDtw9mjLM9x5YQBTwQ==,type:str]
forgejo:
db:
password: ENC[AES256_GCM,data:CicLsCG2WCtiKMcz3DF5eVVaT8A=,iv:SPO1H4AZwo5FjJWkf1OS7aPOrpTGxqsAj4q3cuuWAbA=,tag:0snK8RyAd8heNvui2sbSNw==,type:str]
mail:
password: ENC[AES256_GCM,data:XgQZM0MBUEELyhH7UvyyMEiUABs=,iv:m3Wzs2SAPQ2w6UC02lpTvwd83Dt0LEzqdIj65HeOrbU=,tag:3cr5dnjeyoJ4ze9RFd9K5g==,type:str]
passwordHash: ENC[AES256_GCM,data:hHGJBUEtCi/gErZ5vm0gsEFqyIDNkED4scR4NAOSzbiiZAYTMg++yqf3hfjjwWV3wTPswNpzzw+gYKEH,iv:wDM5IOOamopFpMEkUit4y7LBZi8CJff3+Tc08lK4IXI=,tag:FaaaohtA+vBFwjDugoemQw==,type:str]
runner:
token: ENC[AES256_GCM,data:mnKLrRPsh3l8jVOCxBrZvSoELR+Bbf8iWBbb8fFmO+0tVniV87M3/0CDneXkuA==,iv:jdySCO3mB+Kz236IBuz8SMGBI6dtFjvcaQLb0zOxW/w=,tag:h+HGLRnbDYLHrTd5dnMIYw==,type:str]
netcup:
customer_number: ENC[AES256_GCM,data:9+QboNg1,iv:Tg9ylJUM8L/kzqFmk2uIsD9noqnp5wIxr5GVXMsZwB8=,tag:2qRggSIkPHuCQYDWCfka5Q==,type:str]
api:
key: ENC[AES256_GCM,data:eYTKtJSSXmZfkRjlj65OHi99mpD3Iom8dPc8v34pwJIQSBbxVaqdgb7Gqzhse1c9L+U=,iv:9gmsBwlJ+NQIGY5NBA6Fi/1EQium2pcfQkF7x/fHyFU=,tag:v25eeqT6/WEMG9za7LVWAg==,type:str]
password: ENC[AES256_GCM,data:VTW4XGDg19AbE4EM6kS0u89Sz6718vHXvZZmQlkhGJe/4/LQJHmF1FetAClxkLZ9Za0=,iv:sWHvjHEsMXBbtFmkEdAOeSlQ6VTabRJ28kH3iP3GDaY=,tag:5k6NXFXwXHorUGKe+sAbbg==,type:str]
hydra:
cachix:
token: ENC[AES256_GCM,data:FqlJMfw7d1VfWhC+vI4SEMWzzADXK/np33fCsihq3wgC6nWNeTurNn1vDRLIRH+s6iT1C8Ni8iAAlndfUS5SPH6Ymswix9KuJCvYc8Jy+c8pPchYePtMQfv3dVe5a1i06b8I5c+MX8V7j2kaCijYDirnhiD0qlc8SW/mIyB5RNpAgKPTzLjLKJNSUkTGOWUnww==,iv:H2yQ5ioBVnezmhGHbJ7sAlXvUb2MUmHpQpS7f+nIph4=,tag:qvqsbgf2Y/PAd3s9ZFuxWA==,type:str]
#ENC[AES256_GCM,data:Cgp+gOU81+rvdlY=,iv:8DxJxnCslDoEu0bxtlTjmNiAUCdiAV/8VYKTb4yqQ50=,tag:ZTkK7WCOBh1It6GuKPUXdg==,type:comment]
factorio_username: ENC[AES256_GCM,data:egV5kXtAiw==,iv:Hay0PC2yol5FAJGcWxLkxzNdwpD1V4UfDDnkhsjvjVQ=,tag:QBDS6eAeOswQoHBoi4Gj6A==,type:str]
factorio_token: ENC[AES256_GCM,data:whruEJQCNIqqfMA0A3yQdwwrzpIJBt815Lvex4Au,iv:hh3zZt+UxV9ltSHIAjpTRwtDvPgPU5APrB/1bXtKUkE=,tag:AgUmBYWp+Oyxm8O7yD8vlA==,type:str]
factorio_game_password: ENC[AES256_GCM,data:Gu/p0+Sbd6Y=,iv:6AB1T3JdleiUnusU7hw/0wOFNSBsAsBgP2yD9FB7zXk=,tag:DMgD4csthynuBon+KNZtOw==,type:str]
#ENC[AES256_GCM,data:15i2BBxM4iM=,iv:JV6Lsk8jUZl/eIJWkH/w5I2NraB9J9+0ggsENBGgbdI=,tag:HDwGheUv7dFIztQoJBjGmQ==,type:comment]
forgejo_db_password: ENC[AES256_GCM,data:CFsvko1AXRymDBC6WiOBs98rvFM=,iv:Wemhu8URxA6HsWQyYcPSwJzuMP4myrDC3rU3GEDVt7c=,tag:6wcNlDFVdnjez8hzi4E2cw==,type:str]
#ENC[AES256_GCM,data:nQnLBl7v,iv:HORr/Uvw4eUXfW5uS6rWr+6FkFF9bTNpMYGaRpVITRY=,tag:/r4n/xpqp7EPecGxDj4N+w==,type:comment]
netcup_customer_number: ENC[AES256_GCM,data:pRooJa3O,iv:0U/ONcWa2eqcsT1UpgXmLpAvJndaU8zln2g1HMbBQYE=,tag:+pu8EBl/dnm6DoLAtrjZBQ==,type:str]
netcup_api_key: ENC[AES256_GCM,data:nlkDz1VV2NIXxv/tIROWDHN9DLI0lVq9n9l2FlDwt+3H4G4gg6yCeZjGtR+pTCNfwio=,iv:x8HLL10ww52UJDkz7Yi02KBg7jbuLFHAlG0iMYDd8hk=,tag:pcuka4/Hu/QFIwS0b8GlxQ==,type:str]
netcup_api_password: ENC[AES256_GCM,data:k2mdQp57x5ZTypRCHbVlq1fembJ0uj5D0rb72K5rac43p888y3TFyiYVuDTosxR66mo=,iv:0OhtKWD/LWeV5ZWN9fbPozebSxvaFRdSn1AkX97ffAM=,tag:uY6A4jBL/9mtGy7++Yvn0A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBleDhiRlplSndCcUhaMXV3
ZUR5QXVyemQ2VlhaQ1JjampwaWV5emhnVGt3ClBWRlJJbmx4cldDWmI3cUd2M0Z5
YTl5ODVTbmZjM2UxQkhGZ3hvRWVqWmMKLS0tIFlDZXJTQi9wTGxRWElvcDRPVStj
MGV3VDBEMWkxNkV4TGV6dTFWaDhLWXMKg2Xt5PJe7etU1yp+IgnwTnLl7AXaN1MA
5RymeKYjdNipJtxSNxzTjkNpENtHyXLcjVEBTH3IjGujtyGPMpk3eg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NFlTd2hOTHBtUDhuT0lF
amtLclY2ZTN0SStZQjFSNkZUd1RmMkdJZ0dJCnB2WU04dk41Qk45aGphMW9GQVJ4
b2VWQVlOVFFLaGJWaU9FVU5ZUWtlRncKLS0tIGVPYW5DQnJMeW1qdWtINDNlQWFo
NmhrdXhpbVlmUFNsT1VaQjZyYkZkdzgKhL2BKXfPWNWUbFavpmtBQpnNEm/x0xH6
NsjiV05AcrqPmGjj2kjvTv4ULPSoHiHiC5McUMfFTYIrCJgNvUbmMg==
-----END AGE ENCRYPTED FILE-----
- recipient: age13xshg5e6ucvnu3vqgn344mxpk5kcqutv2lf4gdffvwadq0ku5ewqy4cck6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRTBLR09YS0tuM212a25G
cWV5bnR5ZytjQWIvd2txSmdEWjExeWRSbTNvClQwMjc4VnhtdnpKQmQ3Z0JOTEFW
OEtEZ0h2bDlPb3UrNTZFVFdCajdzSGcKLS0tIG16UFNqRVpWOHJNTE03TkFTUDF1
UllqSDR1YWl6aU1jSnY2WE9oczg5Q28KfN15tFxXHrJmOHySK+cyLi2bFqArg244
bNTYyuBUtBW1Y/EuNpbyLjSNQpKZWFz7grE64uxrNQHP865N3wv0gg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-30T16:13:29Z"
mac: ENC[AES256_GCM,data:KBJJJc30KARd79w7iTZ4DPwpgcZGTf3oE85xVO//KX8uq/rPPWuXBSwDGcIKlWGVpwiNbCqVvoH3DhKxJfKnuGKadK96xjv3KyIR2H8KMvhTQDXodt61ZyNERDEpa1HcuOemYpAe8W1cUzJkm1wxNublNYBdKz1kQKMQ43tgalk=,iv:wr+nqXKB5wW4VgIr1z61f+LXsw76mMs4kFAOYAkV+tk=,tag:m8uLg6HQhIL1oN1pWQoTAg==,type:str]
lastmodified: "2024-11-07T14:40:34Z"
mac: ENC[AES256_GCM,data:uk2AeOA9pnhekuofIjXavCGy9ZaO0ObprkvnGhJg5lPr/hyT9l7YcZtMQ7wckKDLS03I1hCAcNg0w/EmSUeU2+EHLb6Z1IUj3l0HBUPtPIJwJZifkrzp9iQwGwlK+i6nfREEgPGeuNMj/rnD67MECO4NRHTzGBzH7ZImoDpu0Us=,iv:ss8Q7i75UOQDMJfw4dQCT0qxPUGwfHizX0c/TUej+vc=,tag:iufeO6sfaToNcJg6E8tuxA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.9.1

43
secrets/secrets-nixberry.yaml
View file

@ -1,43 +0,0 @@
hello: ENC[AES256_GCM,data:Chu3BJw5FUpcyFL0pstHML2ASUFZE/vByvPOLlx7/FB+/TlY0ZOS75XvOLobuw==,iv:FVQkNRCDehby6EmNVIY+qRsHdIxTvVtNeGQrkmlTLPc=,tag:fUS0Ntsn2U3NBT0Jz7NbqQ==,type:str]
example_key: ENC[AES256_GCM,data:JzNQOxeTJW1CACce9Q==,iv:KNpw2AcMallVJRJgM045QVZ1NJhuDPGAq0GS/ffHF9Q=,tag:xe8nGrG8TJeNBRHG4XfJfQ==,type:str]
#ENC[AES256_GCM,data:hF5EESbtBCCkSEhlo7sZhw==,iv:nwEOaph9RXiDPYpFJMFe8xQLg/geF+/uZbh/7OS6pQI=,tag:2VE8ThB2AGhGfcrSv8IMEw==,type:comment]
example_array:
- ENC[AES256_GCM,data:wo1Bhh1uS2YRTUsO/o4=,iv:gexmBvW6Pzllqjy476Bz+k9QGKFwVu5A28QRJ/4kMag=,tag:PTshms817ZQ/q4AKmfShsg==,type:str]
- ENC[AES256_GCM,data:yzAukUqZvAyetJT909w=,iv:yI8DuCL+5UDg68x3DAN90u491HLBBzloRj1MXtyNmGg=,tag:18SuyRpTSKHAVUgs3yeOig==,type:str]
example_number: ENC[AES256_GCM,data:6nVMpQYOEGAyOw==,iv:GdAPLzbtX2+WGebca69WWFp/MDxpn35slcKuVV35RpA=,tag:3CpIbId/k/rkjDRb/Zb+sw==,type:float]
example_booleans:
- ENC[AES256_GCM,data:XSKOGQ==,iv:sGMyrxXDziwegrAesHClLUnUo0pI8s3zFeufTfTqB44=,tag:0AHWfkCFDAHeSZcrQUw42Q==,type:bool]
- ENC[AES256_GCM,data:6zfyErQ=,iv:2XqbeLNj1wMgiX4F0uPykiieR5HiVEsxL0DrgGd1Gao=,tag:ZiB4P71l/vrqllo8mXEp9g==,type:bool]
homeassistant:
location:
latitude: ENC[AES256_GCM,data:BWIGR74SOTQydeREhDFLMAU=,iv:oqCyFzp1ZFzvHIHm1httPgO6mYjRVi456/xw2wyDkxk=,tag:fBak58KkIXLUpBorosZ3jw==,type:float]
longitude: ENC[AES256_GCM,data:ocU0OeFeNk6UX3AT9daYnQw=,iv:nGPYr+ee3QOxX2Tq7H8Qt/ghY2ygt0ztpaAgTyMsLOs=,tag:jIvO1ZLsGCiRFRxoHKzWDA==,type:float]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1amdd4hu6k0czf3mtlhd03yj3yzkdaynl7q5fdlqmjzpe9pwgxfjs3j0c85
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlTzF0TlpYeVFkNGUwM3g1
SmRjMUJaVkhwSzN1ckE3WCthaFU0OVhFc0hzCmFjd0lhRlhYMGRKRVMvUTBiRkoy
NUc0amFTWEtkMEp6WHZ5VkM0ODVNM2sKLS0tIHRGTDdkRmtsZFNVQTd1YUhpMkxQ
U2RUUjY5cnBwcEhtRE0wRkxGMWIrYkkKtV692BxbjxbAqyssbh5Whqkytg4LN91x
ZPwVv2s5TuZl7OG0p2qt4rbKg8WCrjK2K0TF2l1Hwdcpbrswf1H1ng==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ev7c7xfz0gmj6p5p8ugzz55y28lsn8fjlk0d8wc3w9drmw4e69ys6z5yg4
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMVGZudDd5VDlqZERQOVNE
S21PSC9zOFltTHQ1dW9qZ1grem1RdUlBRG5NClZzMEZvVlZ3L0d3MjVvQ1NxQXAz
VGJ1STdsdDVmNzVmbkhQWkt3V0k1QVUKLS0tIHhOTlJ5ZnYzZitEZFNoU2xGdHBx
N1hma0VrbE5HR0xNWVV2NHdMSW0yL1kKrrPaslz+pejsNy/jwopBqi3I9J1PCk+Y
hRgQt4mWfd7ua3Ja+Cq/Rm/pRZFX40g4pImaYdsWL8VNwAJid1WuKQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-28T12:52:52Z"
mac: ENC[AES256_GCM,data:X/noJJr/L1PfvfIdSoVULpvtH2JDIHnkQBhFqM6k3DR+x+cN+ReLXN/uBQyAKd5uSgsmtl9QjlidzByDqRQaOpqEDIk4o9qbchMLWxceAFZyj+7nFB4e50mu9pyCT2ibumuP5X8kscn4U9x5oiKfoMXB11yqioBtQES4B4mOBsw=,iv:CQcIiNKnzLz5ibGub1hqRkW5m0CjLcWVTyDA2hTJM+M=,tag:7/T1p1ouYTZjYz0+RGG6pg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4

13
shells/java/default.nix
View file

@ -1,13 +0,0 @@
{
pkgs,
mkShell,
...
}:
mkShell {
# Create your shell
nativeBuildInputs = with pkgs; [
jdt-language-server
zulu8
zulu21
];
}

264
systems/aarch64-linux/nixberry/default.nix
View file

@ -1,264 +0,0 @@
{
config,
inputs,
lib,
namespace,
pkgs,
system,
...
}:
with lib.${namespace};
let
inherit (lib) mkForce;
ipAddress = "192.168.178.2";
sopsFile = lib.snowfall.fs.get-file "secrets/secrets-nixberry.yaml";
in
{
nixpkgs.hostPlatform = {
system = "aarch64-linux";
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
networking = {
interfaces.end0 = {
ipv4.addresses = [
{
address = ipAddress;
prefixLength = 24;
}
];
useDHCP = true;
};
interfaces.wlan0 = {
ipv4.addresses = [
{
address = "192.168.178.3";
prefixLength = 24;
}
];
useDHCP = true;
};
defaultGateway = {
address = "192.168.178.1";
interface = "wlan0";
};
wireless = {
enable = true;
networks = {
"Slow Internet" = {
pskRaw = "521b6d766b27276c29c7b6bec5b495b1c52bf88b0682277e65b37dc649b630de";
};
};
};
firewall = {
allowedTCPPorts = [
443
53
80
];
allowedUDPPorts = [
53
];
};
};
services.adguardhome = {
enable = true;
host = ipAddress;
port = 80;
settings = {
http = {
address = "0.0.0.0:80";
};
dns = {
ratelimit = 0;
bind_hosts = [ "0.0.0.0" ];
upstream_dns = [
"1.1.1.1"
"1.0.0.1"
"8.8.8.8"
"8.8.4.4"
];
};
filtering = {
protection_enabled = true;
filtering_enabled = true;
};
filters =
map
(url: {
enabled = true;
url = url;
})
[
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" # AdGuard Dns filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" # AdGuard Dns PopupHosts filter
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_18.txt" # Phishing
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt"
"https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt"
];
statistics = {
enabled = true;
interval = "8760h";
};
};
};
systemd.tmpfiles.rules = [
# "C+ /var/lib/hass/custom_components/tuya_vacuum_maps - - - - ${inputs.tuya-vaccum-maps}/custom_components/tuya_vacuum_maps"
# "Z /var/lib/hass/custom_components 770 hass hass - -"
"f ${config.services.home-assistant.configDir}/automations.yaml 0755 hass hass"
];
services.home-assistant = {
enable = true;
configWritable = true;
extraComponents = [
"default_config"
"analytics"
"shopping_list"
"fritzbox"
"met"
"esphome"
"rpi_power"
"tuya"
];
customComponents = with pkgs.home-assistant-custom-components; [
smartthinq-sensors
sleep_as_android
];
extraPackages =
python3Packages: with python3Packages; [
ical
];
customLovelaceModules = with pkgs.home-assistant-custom-lovelace-modules; [
mushroom
bubble-card
clock-weather-card
vacuum-card
];
config = {
homeassistant = {
latitude = 49.4;
longitude = 8.6;
temperature_unit = "C";
unit_system = "metric";
external_url = "https://ha.christophhollizeck.dev";
internal_url = "http://192.168.178.2:8123";
};
mobile_app = "";
recorder = "";
lovelace = {
# mode = "yaml";
resources = [
{
url = "/local/nixos-lovelace-modules/vacuum-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/bubble-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/clock-weather-card.js";
type = "module";
}
{
url = "/local/nixos-lovelace-modules/mushroom.js";
type = "module";
}
];
};
http = {
use_x_forwarded_for = true;
trusted_proxies = [
"100.86.250.97" # loptland tailscale
];
};
};
openFirewall = true;
};
# Pi specific stuff
raspberry-pi-nix = {
board = "bcm2712";
# kernel-build-system = "x86_64-linux";
};
hardware = {
raspberry-pi = {
config = {
all = {
base-dt-params = {
BOOT_UART = {
value = 1;
enable = true;
};
uart_2ndstage = {
value = 1;
enable = true;
};
};
dt-overlays = {
disable-bt = {
enable = true;
params = { };
};
};
};
};
};
};
${namespace} = {
submodules.basics = enabled;
services = {
openssh = enabled;
remotebuild = enabled;
};
apps.cli-apps.helix.pkg = pkgs.helix;
system = {
# cachemiss for webkit gtk
hardware.networking.enable = mkForce false;
# rasberry pi uses alternative boot settings
boot.enable = mkForce false;
};
user.trustedPublicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0"
];
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.11"; # Did you read the comment?
}

143
systems/x86_64-linux/loptland/default.nix
View file

@ -11,7 +11,6 @@ let
domainName = "christophhollizeck.dev";
forgejoPort = 3000;
hydraPort = 2000;
cfg.enableAcme = true;
@ -22,19 +21,19 @@ in
environment.systemPackages = [ ];
services.qemuGuest.enable = true;
sops = {
secrets = {
"forgejo/db/password" = {
forgejo_db_password = {
inherit sopsFile;
};
"forgejo/mail/password" = {
inherit sopsFile;
};
"forgejo/mail/passwordHash" = {
inherit sopsFile;
};
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
@ -52,44 +51,12 @@ in
};
};
"hydra.${domainName}" = mkIf config.${namespace}.services.hydra.enable {
"${domainName}" = {
forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName;
locations."/" = {
proxyPass = "http://localhost:${toString hydraPort}/";
};
};
"ha.${domainName}" = {
forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName;
locations."/" = {
# tailscale ip
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
proxyPass = "http://100.86.23.74:8123";
};
};
"nixcache.${domainName}" = mkIf config.${namespace}.services.hydra.enableCache {
forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName;
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
};
"_" = {
forceSSL = cfg.enableAcme;
useACMEHost = mkIf cfg.enableAcme domainName;
locations."/" = {
proxyPass = "https://${domainName}";
return = "404";
};
};
};
@ -100,86 +67,18 @@ in
database.type = "postgres";
lfs.enable = true;
database = {
passwordFile = config.sops.secrets."forgejo/db/password".path;
passwordFile = config.sops.secrets.forgejo_db_password.path;
};
settings = {
server = {
DOMAIN = "git.${domainName}";
ROOT_URL = "https://git.${domainName}";
ROOT_URL = "http://git.${domainName}:${toString forgejoPort}";
HTTP_PORT = forgejoPort;
};
mailer = {
ENABLED = true;
PROTOCOL = "smtps";
FROM = "no-reply@${domainName}";
SMTP_ADDR = "mail.${domainName}";
USER = "forgejo@${domainName}";
};
service.DISABLE_REGISTRATION = true;
};
secrets = {
mailer.PASSWD = config.sops.secrets."forgejo/mail/password".path;
};
};
mailserver = {
enable = true;
fqdn = "mail.${domainName}";
domains = [ domainName ];
loginAccounts = {
"forgejo@${domainName}" = {
hashedPasswordFile = config.sops.secrets."forgejo/mail/passwordHash".path;
aliases = [ "no-reply@${domainName}" ];
};
};
certificateScheme = "acme-nginx";
};
nix = {
distributedBuilds = true;
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [
{
hostName = "localhost";
protocol = null;
system = "x86_64-linux";
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
];
}
{
hostName = "100.86.23.74";
sshUser = "remotebuild";
sshKey = "/root/.ssh/remotebuild";
systems = [ "aarch64-linux" ];
protocol = "ssh";
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
];
}
];
};
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
};
networking.firewall.allowedTCPPorts = [
@ -198,16 +97,6 @@ in
enable = true;
inherit sopsFile;
};
openssh = enabled;
hydra = {
enable = true;
httpPort = hydraPort;
enableCache = true;
};
gitea-runner = {
enable = true;
inherit sopsFile;
};
};
security = {
@ -218,10 +107,16 @@ in
};
user.trustedPublicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0" # yggdrasil
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Pr7p0jizrvIl0UhcvrmL5SHRQQQWIcHLAnRFyUZS6" # Phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHFrDiO5+vMfD5MimkzN32iw3MnSMLZ0mHvOrHVVmLD0"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII4Pr7p0jizrvIl0UhcvrmL5SHRQQQWIcHLAnRFyUZS6"
];
};
snowfallorg.users.${config.${namespace}.user.name}.home.config = {
programs.fish.shellInit = ''
eval $(op signin)
'';
};
system.stateVersion = "24.11";
}

5
systems/x86_64-linux/wsl/default.nix
View file

@ -10,11 +10,6 @@ with lib.wyrdgard;
wsl = {
enable = true;
defaultUser = config.wyrdgard.user.name;
usbip = {
enable = true;
autoAttach = [ "3-1" ];
};
};
wyrdgard = {

78
systems/x86_64-linux/yggdrasil/default.nix
View file

@ -1,5 +1,4 @@
{
inputs,
lib,
namespace,
pkgs,
@ -9,20 +8,13 @@ let
inherit (lib.${namespace}) enabled disabled;
in
{
imports = [
./hardware.nix
./hyprland_config.nix
];
imports = [ ./hardware.nix ];
environment.systemPackages = with pkgs; [
path-of-building
teams-for-linux
obsidian
zed-editor
# eve
bottles
pyfa
];
environment.pathsToLink = [ "/libexec" ];
@ -32,29 +24,6 @@ in
programs.ssh.extraConfig = ''
AddressFamily inet
'';
home-manager = {
backupFileExtension = ".bak";
};
nix = {
distributedBuilds = true;
settings.builders-use-substitutes = true;
buildMachines = [
{
hostName = "nixberry";
sshUser = "remotebuild";
sshKey = "/root/.ssh/remotebuild";
systems = [ "aarch64-linux" ];
protocol = "ssh-ng";
supportedFeatures = [
"nixos-test"
"big-parallel"
"kvm"
];
}
];
};
${namespace} = {
archetypes = {
@ -65,19 +34,58 @@ in
_1password = enabled;
obs-studio = enabled;
cli-apps.helix = enabled;
starsector = enabled;
};
desktop.hyprland = {
enable = true;
settings = {
monitor = [
#Ultrawide
"DP-2,3440x1440@144, 0x0, 1"
#Vertical
"HDMI-A-1, 1920x1080@144, auto-right, 1, transform, 1"
# nividia kernel issues
"Unknown-1, disable"
];
env = [
"LIBVA_DRIVER_NAME,nvidia"
"XDG_SESSION_TYPE,wayland"
"GBM_BACKEND,nvidia-drm"
"__GLX_VENDOR_LIBRARY_NAME,nvidia"
"NVD_BACKEND,direct"
];
cursor = {
no_hardware_cursors = true;
};
exec-once = [
"xrandr --output DP-2 --primary"
"[workspace 1 silent] obsidian --disabled-gpu"
"[workspace 9 silent] git-butler"
];
workspace = [
"1, monitor:DP-2"
"2, monitor:DP-2"
"3, monitor:DP-2"
"4, monitor:DP-2"
"8, monitor:HDMI-A-1"
"9, monitor:HDMI-A-1"
];
windowrulev2 = [
"workspace 8 silent, class:^(steam)$, title:^(Friends List)"
"workspace 8 silent, class:^(discord)$, title:^(Discord)"
];
};
};
services = {
factorio-server = disabled;
};
tools.devenv = enabled;
system = {
hardware = {
bluetooth = enabled;

48
systems/x86_64-linux/yggdrasil/hyprland_config.nix
View file

@ -1,48 +0,0 @@
{
lib,
namespace,
pkgs,
...
}:
let
in
{
${namespace}.desktop.hyprland.settings = {
monitor = [
#Ultrawide
"DP-2,3440x1440@144, 0x0, 1"
#Vertical
"HDMI-A-1, 1920x1080@144, auto-right, 1, transform, 1"
# nividia kernel issues
"Unknown-1, disable"
];
cursor = {
no_hardware_cursors = true;
};
exec-once = [
"[workspace 7 silent] obsidian"
"${lib.getExe pkgs.xorg.xrandr} --output DP-2 --primary"
];
workspace = [
"1, monitor:DP-2"
"2, monitor:DP-2"
"3, monitor:DP-2"
"4, monitor:DP-2"
"5, monitor:DP-2"
"6, monitor:DP-2"
"7, monitor:HDMI-A-1"
"8, monitor:HDMI-A-1"
"9, monitor:HDMI-A-1"
];
windowrulev2 = [
"workspace 8 silent, class:^(steam)$, title:^(Friends List)"
"workspace 8 silent, class:^(discord)$, title:^(Discord)"
"workspace 7 silent, class:^(com.obsproject.Studio)$"
];
};
}