Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Merge branch 'main' of git.lillianviolet.dev:Lillian-Violet/NixOS-Config

Browse source
This commit is contained in:
Lillian Violet 2024-04-05 23:05:47 +02:00
parent c003bac9b6 157247ecf1
commit a49e8c5332
39 changed files with 2069 additions and 845 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
disko/EDI/default.nix
View file

@ -67,5 +67,13 @@
};
};
};
nodev = {
"/home/lillian/Downloads" = {
fsType = "tmpfs";
mountOptions = [
"size=4G"
];
};
};
};
}

8
disko/GLaDOS/default.nix
View file

@ -67,5 +67,13 @@
};
};
};
nodev = {
"/home/lillian/Downloads" = {
fsType = "tmpfs";
mountOptions = [
"size=4G"
];
};
};
};
}

79
disko/shodan/default.nix Normal file
View file

@ -0,0 +1,79 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/disk/by-path/pci-0000:01:00.0-nvme-1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
extraOpenArgs = [];
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
#keyFile = "/tmp/secret.key";
allowDiscards = true;
};
#additionalKeyFiles = ["/tmp/additionalSecret.key"];
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
swap = {
size = "16G";
content = {
type = "swap";
resumeDevice = true; # resume from hiberation from this device
};
};
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
nodev = {
"/home/lillian/Downloads" = {
fsType = "tmpfs";
mountOptions = [
"size=4G"
];
};
};
};
}

232
flake.lock
View file

@ -52,11 +52,11 @@
]
},
"locked": {
"lastModified": 1710090208,
"narHash": "sha256-1W7yDW+kqCr/9SygZwygBayE8HwLnzJq48fMAOZQLAY=",
"lastModified": 1712163166,
"narHash": "sha256-Al0RdDZF8DM1uZ5m1tmOxtPNvFrRpoczHWGbJ57KfuI=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "e888a0a745ac979abe6a687ff24b8c5e7b7b79ed",
"rev": "bd69d9b565fb403fc78fbeb633fb374ec3f4b49c",
"type": "github"
},
"original": {
@ -117,11 +117,11 @@
]
},
"locked": {
"lastModified": 1710003968,
"narHash": "sha256-g8+K+mLiNG5uch35Oy9oDQBAmGSkCcqrd0Jjme7xiG0=",
"lastModified": 1711299236,
"narHash": "sha256-6/JsyozOMKN8LUGqWMopKTSiK8N79T8Q+hcxu2KkTXg=",
"owner": "ipetkov",
"repo": "crane",
"rev": "10484f86201bb94bd61ecc5335b1496794fedb78",
"rev": "880573f80d09e18a11713f402b9e6172a085449f",
"type": "github"
},
"original": {
@ -137,11 +137,11 @@
]
},
"locked": {
"lastModified": 1710379155,
"narHash": "sha256-zdHEsOOnfBTO1ymL6gd9etR+iNS6HowbJM4Llqxy+Uc=",
"lastModified": 1711934712,
"narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=",
"owner": "nix-community",
"repo": "disko",
"rev": "cc69c2340b59e290982ec7e6238471d470c839d0",
"rev": "611c9ea53250f7bb22286b3d26872280a0e608f9",
"type": "github"
},
"original": {
@ -194,11 +194,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1709619709,
"narHash": "sha256-l6EPVJfwfelWST7qWQeP6t/TDK3HHv5uUB1b2vw4mOQ=",
"lastModified": 1711606966,
"narHash": "sha256-nTaO7ZDL4D02dVC5ktqnXNiNuODBUHyE4qEcFjAUCQY=",
"owner": "nix-community",
"repo": "fenix",
"rev": "c8943ea9e98d41325ff57d4ec14736d330b321b2",
"rev": "aa45c3e901ea42d6633af083c0c555efaf948b17",
"type": "github"
},
"original": {
@ -258,11 +258,11 @@
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -312,11 +312,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -348,11 +348,11 @@
"systems": "systems_3"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -370,11 +370,11 @@
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
@ -390,11 +390,11 @@
]
},
"locked": {
"lastModified": 1710401383,
"narHash": "sha256-jskq7uDpKXrRoY4hDpNqykmSSKHUXYlo7ZFc/se7fus=",
"lastModified": 1712093955,
"narHash": "sha256-94I0sXz6fiVBvUAk2tg6t3UpM5rOImj4JTSTNFbg64s=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1ab3cec3a1bbb065b2d52b913d1431366028d5b5",
"rev": "80546b220e95a575c66c213af1b09fe255299438",
"type": "github"
},
"original": {
@ -410,11 +410,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1710404304,
"narHash": "sha256-tYsUAsZgt9TT7d+r1KRYHWyBRWedJ39SXNBVSCQVsGQ=",
"lastModified": 1711231487,
"narHash": "sha256-dRdFjStMA7GeuD/V4vzKblzuHwxMPgzEboRleVdZlUM=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "ffa51458aec4d53aac85b6dee1ee2ec29f4e953f",
"rev": "1171169117f63f1de9ef2ea36efd8dcf377c6d5a",
"type": "github"
},
"original": {
@ -434,11 +434,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1710171982,
"narHash": "sha256-WFMB+Yohcvego1/vOtaq+MJ8Wvp5meOANfNifg26Ie4=",
"lastModified": 1711442573,
"narHash": "sha256-/A3YzcY5erYOPojp5Ffwgxv4X5MTnRiWwuaXfgXbK2g=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "19ad7fd5724f30868748b8156ff25be838cd2bc5",
"rev": "df7ac26bd24fac8baa94d60a02c3e0f0d4d16368",
"type": "github"
},
"original": {
@ -469,11 +469,11 @@
},
"nix-filter": {
"locked": {
"lastModified": 1705332318,
"narHash": "sha256-kcw1yFeJe9N4PjQji9ZeX47jg0p9A0DuU4djKvg1a7I=",
"lastModified": 1710156097,
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "3449dc925982ad46246cfc36469baf66e1b64f17",
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
"type": "github"
},
"original": {
@ -506,11 +506,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1710031547,
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
"lastModified": 1711846064,
"narHash": "sha256-cqfX0QJNEnge3a77VnytM0Q6QZZ0DziFXt6tSCV8ZSc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
"rev": "90b1a963ff84dc532db92f678296ff2499a60a87",
"type": "github"
},
"original": {
@ -527,11 +527,11 @@
]
},
"locked": {
"lastModified": 1710398463,
"narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
"lastModified": 1711932680,
"narHash": "sha256-CEpVtyB7uyRprTuiG+lpWWMvM/C0CbY/dbBuxT5BDwM=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
"rev": "1f4c32ca4295bb7cca1e48a2f39b65490b249b0b",
"type": "github"
},
"original": {
@ -542,11 +542,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1710123225,
"narHash": "sha256-j3oWlxRZxB7cFsgEntpH3rosjFHRkAo/dhX9H3OfxtY=",
"lastModified": 1711352745,
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "ad2fd7b978d5e462048729a6c635c45d3d33c9ba",
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
"type": "github"
},
"original": {
@ -572,36 +572,6 @@
"type": "github"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702780907,
@ -620,11 +590,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"type": "github"
},
"original": {
@ -636,11 +606,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1710033658,
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
"lastModified": 1711819797,
"narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
"rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c",
"type": "github"
},
"original": {
@ -652,11 +622,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"lastModified": 1712122226,
"narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"rev": "08b9151ed40350725eb40b1fe96b0b86304a654b",
"type": "github"
},
"original": {
@ -668,11 +638,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710377395,
"narHash": "sha256-KMubsUWtVr7L55pXMBibBDBdmk3xrjbBPduc0E8z28c=",
"lastModified": 1712059183,
"narHash": "sha256-I/xinxexiKuaIsGBaHstfm8Y51lmKdTAvDwzB2CmACc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "db001797591bf76f7b8d4c4ed3b49233391e0c97",
"rev": "4b455dc2048f73a79eb3713f342369ff58f93e0b",
"type": "github"
},
"original": {
@ -700,11 +670,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1710078301,
"narHash": "sha256-BQ3v+XPPz5dLiw2AqUEga++yfKRhqJANUqzqNL518pk=",
"lastModified": 1711297276,
"narHash": "sha256-KtHBr73Z729krfueBV6pUsEyq/4vILGP77DPmrKOTrI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "73d699a6ff1e83df3fd6c1e60931e13667b8ae14",
"rev": "3d41d1087707826b3a90685ab69147f8dc8145d5",
"type": "github"
},
"original": {
@ -716,11 +686,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
"lastModified": 1712122226,
"narHash": "sha256-pmgwKs8Thu1WETMqCrWUm0CkN1nmCKX3b51+EXsAZyY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0ad13a6833440b8e238947e47bea7f11071dc2b2",
"rev": "08b9151ed40350725eb40b1fe96b0b86304a654b",
"type": "github"
},
"original": {
@ -732,11 +702,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1705856552,
"narHash": "sha256-JXfnuEf5Yd6bhMs/uvM67/joxYKoysyE3M2k6T3eWbg=",
"lastModified": 1709703039,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "612f97239e2cc474c13c9dafa0df378058c5ad8d",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"type": "github"
},
"original": {
@ -747,11 +717,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1709968316,
"narHash": "sha256-4rZEtEDT6jcgRaqxsatBeds7x1PoEiEjb6QNGb4mNrk=",
"lastModified": 1711715736,
"narHash": "sha256-9slQ609YqT9bT/MNX9+5k5jltL9zgpn36DpFB7TkttM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0e7f98a5f30166cbed344569426850b21e4091d4",
"rev": "807c549feabce7eddbf259dbdcec9e0600a0660d",
"type": "github"
},
"original": {
@ -797,11 +767,11 @@
]
},
"locked": {
"lastModified": 1709982472,
"narHash": "sha256-cMPHIV7yWbve+nwiQDhVt7BBkxrGTLzSTAslv7u6HZo=",
"lastModified": 1712081763,
"narHash": "sha256-+xImkX19gde0Qac6kbJtJAXKXTOgcUE5z3RsBxVtseo=",
"owner": "pjones",
"repo": "plasma-manager",
"rev": "26acf8f5880ae7d6e5de4ca953c8ad161b7903eb",
"rev": "96a90a7f5ce6b29e01d7da83d082e870e4462174",
"type": "github"
},
"original": {
@ -828,11 +798,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1708018599,
"narHash": "sha256-M+Ng6+SePmA8g06CmUZWi1AjG2tFBX9WCXElBHEKnyM=",
"lastModified": 1710923068,
"narHash": "sha256-6hOpUiuxuwpXXc/xfJsBUJeqqgGI+JMJuLo45aG3cKc=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "5df5a70ad7575f6601d91f0efec95dd9bc619431",
"rev": "e611897ddfdde3ed3eaac4758635d7177ff78673",
"type": "github"
},
"original": {
@ -864,11 +834,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1709571018,
"narHash": "sha256-ISFrxHxE0J5g7lDAscbK88hwaT5uewvWoma9TlFmRzM=",
"lastModified": 1711562745,
"narHash": "sha256-s/YOyBM0vumhkqCFi8CnV5imFlC5JJrGia8CmEXyQkM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "9f14343f9ee24f53f17492c5f9b653427e2ad15e",
"rev": "ad51a17c627b4ca57f83f0dc1f3bb5f3f17e6d0b",
"type": "github"
},
"original": {
@ -890,11 +860,11 @@
]
},
"locked": {
"lastModified": 1710036830,
"narHash": "sha256-pnV4gO3N/7/GzyRSKTRlSfS/19KJiPSvYcL4apnSkoQ=",
"lastModified": 1711246447,
"narHash": "sha256-g9TOluObcOEKewFo2fR4cn51Y/jSKhRRo4QZckHLop0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "d09dac6a63a2ac4b74ac2ecdc19acd8c46c2da2c",
"rev": "dcc802a6ec4e9cc6a1c8c393327f0c42666f22e4",
"type": "github"
},
"original": {
@ -908,16 +878,14 @@
"blobs": "blobs",
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_6",
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils"
},
"locked": {
"lastModified": 1709905972,
"narHash": "sha256-18OF2/ypr0n4Lp6Fk5SLHPu12ok6jM+Hv3sC0PCim0Q=",
"lastModified": 1710449465,
"narHash": "sha256-2orO8nfplp6uQJBFqKkj1iyNMC6TysmwbWwbb4osTag=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "572c1b4d69deea1093ac231c37927cfa8ccad477",
"rev": "79c8cfcd5873a85559da6201b116fb38b490d030",
"type": "gitlab"
},
"original": {
@ -933,11 +901,11 @@
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1710417151,
"narHash": "sha256-3aDzAo0+jURqop+XL8EwVMmS3zkslGiPT2JXWOe9W+4=",
"lastModified": 1711855048,
"narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "804157eb75a4312df25a9a144d3807c40ade72b6",
"rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
"type": "github"
},
"original": {
@ -991,13 +959,31 @@
"type": "github"
}
},
"utils": {
"systems_4": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {

33
flake.nix
View file

@ -84,6 +84,7 @@
linger,
pihole,
lanzaboote,
jovian,
nixos-hardware,
conduit,
...
@ -100,7 +101,11 @@
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
packages = forAllSystems (system:
import ./pkgs (import nixpkgs {
inherit system;
config.allowUnfree = true;
}));
# Formatter for your nix files, available through 'nix fmt'
# Other options beside 'alejandra' include 'nixpkgs-fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
@ -134,9 +139,7 @@
}
];
};
};
nixosConfigurations = {
GLaDOS = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -152,9 +155,7 @@
}
];
};
};
nixosConfigurations = {
queen = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -166,9 +167,7 @@
simple-nixos-mailserver.nixosModule
];
};
};
nixosConfigurations = {
shodan = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
@ -176,15 +175,31 @@
# > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
jovian.nixosModules.jovian
home-manager.nixosModules.home-manager
{
home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager];
}
];
};
ISO = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
"${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
./nixos/hosts/iso/configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.sharedModules = [inputs.plasma-manager.homeManagerModules.plasma-manager];
}
];
};
};
nixosConfigurations = {
wheatley = nixpkgs.lib.nixosSystem {
system = "armv7l-linux";
specialArgs = {inherit inputs outputs;};

5
home-manager/desktop/default.nix
View file

@ -56,7 +56,7 @@
kate
# Chat applications:
element-desktop
cinny-desktop
signal-desktop
webcord-vencord
@ -88,7 +88,8 @@
zsh
# Web browsing:
firefox
(firefox.override {nativeMessagingHosts = [pkgs.firefoxpwa];})
firefoxpwa
librewolf
ungoogled-chromium
];

1343
home-manager/desktop/plasma-desktop/default.nix
View file

File diff suppressed because it is too large Load diff

13
home-manager/hosts/iso/default.nix Normal file
View file

@ -0,0 +1,13 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
./lillian.nix
];
}

29
home-manager/hosts/iso/lillian.nix Normal file
View file

@ -0,0 +1,29 @@
# This is your home-manager configuration file
# Use this to configure your home environment (it replaces ~/.config/nixpkgs/home.nix)
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../desktop
];
home.packages = with pkgs; [
];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "24.05";
}

9
home-manager/hosts/shodan/lillian.nix
View file

@ -78,6 +78,15 @@
ungoogled-chromium
];
# # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
# enable = true;
# automount = true;
# notify = false;
# tray = "never";
# };
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {

2
home-manager/package-configs/zsh.nix
View file

@ -34,7 +34,7 @@
};
}
];
enableAutosuggestions = true;
autosuggestion.enable = true;
enableCompletion = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;

9
nixos/desktop/default.nix
View file

@ -34,6 +34,8 @@
# System tools
aha
bcachefs-tools
clinfo
direnv
git-filter-repo
gnupg
@ -43,7 +45,10 @@
sbctl
tpm2-tools
tpm2-tss
virtualgl
vulkan-tools
waydroid
wayland-utils
xwaylandvideobridge
yubikey-personalization
zsh
@ -58,6 +63,9 @@
# kdePackages.krunner-ssh
# kdePackages.krunner-symbols
kdePackages.packagekit-qt
kdePackages.plasma-pa
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
libportal-qt5
libportal
@ -89,6 +97,7 @@
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.wayland.enable = true;
services.xserver.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;
services.xserver.displayManager.defaultSession = "plasma";

150
nixos/hosts/iso/configuration.nix Normal file
View file

@ -0,0 +1,150 @@
{
inputs,
outputs,
lib,
config,
pkgs,
nixpkgs-stable,
...
}: {
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
# outputs.homeManagerModules.example
# outputs.nixosModules.contabo.wan
inputs.home-manager.nixosModules.home-manager
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.defaults
# Import shared settings
../../shared
];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.domain = "";
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
nixpkgs = {
# You can add overlays here
overlays = [
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
services.desktopManager.plasma6.enable = true;
environment.systemPackages = with pkgs; [
# Custom tools
dvd
dvt
servo
restart
install-nix
# System tools
aha
direnv
efitools
git-filter-repo
gnupg
pciutils
sbctl
tpm2-tools
tpm2-tss
waydroid
zsh
# KDE/QT
krunner-translator
kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
kdePackages.kdeconnect-kde
# kdePackages.krunner-ssh
# kdePackages.krunner-symbols
kdePackages.packagekit-qt
kdePackages.plasma-pa
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
libportal-qt5
libportal
];
# Enable networking
networking.networkmanager.enable = true;
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
programs.kdeconnect.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.git = {
enable = true;
};
programs.direnv = {
enable = true;
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
# kde power settings do not turn off screen
systemd = {
services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"];
targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
};
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/iso;
};
};
boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
boot.supportedFilesystems = lib.mkForce ["bcachefs" "btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "unstable";
}

21
nixos/hosts/iso/secrets/sops.yaml Normal file
View file

@ -0,0 +1,21 @@
lillian-password: ENC[AES256_GCM,data:eQzZwGxK9Lw2gc8HDNw57odxPzTH4sa/2O97h3VAghRwLClmCYKT91kxj2F3kQ4iEctBl0GxdS4WoL3H9eE4/CAPffXdTmkdYg==,iv:2ezB4DNHFv5ceJ2gtATV12Azm3vFFDLX1qSSy+cKuMY=,tag:zxb5agUCDpi92bYV7+DmoA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12e00qvf4shtmsfq3ujamyaa72pjvad2qhrxkvpl9hryrjvgxev4sjhmkxz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArbVd5bkxmV2FSNDVCWXN1
RGxwdVZ5ZEROQTZ1d2ptU1RJc0dTUVlVOTE4CjhjeklubEhwUFgydkFWbDJkcU1U
VnowU29NSG10a3VKbXk3RWNWY0FwZ1EKLS0tIDJYMXhGeXArRnZ1NmQwQ3NqVHdM
dXlaN3dWOUl4Mys2V0x3Z3F6UVU4MVUKEJYpX8XhSNcM+7aUuxnIwrokY0/29Cnh
yz0HAZkaj8FwvnPnafo5jmwVyi6WXECvX5E0NZfjKH4AF5vTu6Wukg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-20T18:17:48Z"
mac: ENC[AES256_GCM,data:3UHIoYPHC6n56CHguOVuoFd9VwCjGiD9VCYy2d5W+4XQEZpjnONX8fhwwWRm42COymz89tmqDmpDp88BnSU8uE14IaCIUoxfCaRiZtjAiHjouua2jr50aUV56pwyan8ZiiOjP8oP1VY/tsv1w0jWI9TjSTHvCdNLR8XEcf6bCrk=,iv:/lBJdkQgwZyiztQ9vSoHgY+WxXJKHFI93dxtOSunHNo=,tag:lLwrSdzoN9CzmyIdLOe5ig==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

35
nixos/hosts/queen/configuration.nix
View file

@ -100,13 +100,40 @@
networking.nat.internalInterfaces = ["ve-+"];
networking.nat.externalInterface = "ens18";
networking.enableIPv6 = lib.mkForce true;
networking.nameservers = ["1.1.1.1"];
networking.nameservers = ["79.143.183.251" "79.143.183.252" "2a02:c207::1:53" "2a02:c207::2:53"];
# Contabo ipv6 nameservers: "2a02:c207::1:53" "2a02:c207::2:53"
networking.interfaces.ens18.ipv4.addresses = [
{
address = "62.171.160.195";
prefixLength = 32;
}
];
networking.firewall.enable = true;
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
];
networking.firewall.allowedTCPPorts = [22 80 443];
# Open ports in the firewall.
networking.firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
};
# networking.useNetworkd = true;

7
nixos/hosts/queen/secrets/sops.yaml
View file

@ -8,6 +8,9 @@ mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -23,8 +26,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T11:53:17Z"
mac: ENC[AES256_GCM,data:bOrEW/yQIgJy7Jqfj/95jtXoIeEX2JNTvsnodkrtmtUQoY8Lczb47rTLpS0CM9Gh1Do38dvoNgWY08jXj3PVPO6s7Yy995ZbtgaR8n/G190PZ+p+i7EInv/OAJe/Xw4WcZlLs1XeKPashJmoX7qZi2fVPmu5UpYD1YiCMzZsWkQ=,iv:vjEJCDX8D4relmBJs569d+sklY1bUptWBjJVS7pKB70=,tag:xsQM3cDBkHymS9t9Qyyitg==,type:str]
lastmodified: "2024-04-04T16:38:10Z"
mac: ENC[AES256_GCM,data:KqkNjZe/rMhiWNS3SeYHm+b23u1LD1jq3f0+jB/BVmy6pDQDTNgA/wWHF/HcorU2Z7TOdjofJPuvRuF6C8ec4RCtTxX2ubIYWV4H3BynYxrEuEsIN8EnPJDcFFc92n9PKzoWnHo2NK1a4ZX+DxYVjDDdjhOMWj/kqWRWZRU+qEw=,iv:rarq3mCSfDFzbIdSIe+3mTNTnoZwFZ2uPkYMGt/xqos=,tag:rCD6SUpwOktRo7fM3Irv7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

28
nixos/hosts/shodan/auto-mount.nix Normal file
View file

@ -0,0 +1,28 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
services.udev.extraRules = ''
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service"
KERNEL=="sd[a-z]|sd[a-z][0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
KERNEL=="mmcblk0|mmcblk0p[0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service"
KERNEL=="mmcblk0|mmcblk0p[0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
KERNEL=="nvme0n1p9|nvme0n1p1[0-9]", ACTION=="add", RUN+="${pkgs.systemd}/bin/systemctl start --no-block external-drive-mount@%k.service"
KERNEL=="nvme0n1p9|nvme0n1p1[0-9]", ACTION=="remove", RUN+="${pkgs.systemd}/bin/systemctl stop --no-block external-drive-mount@%k.service"
'';
systemd.services."external-drive-mount@" = {
path = with pkgs; [jq coreutils udisks bash util-linux toybox auto-mount steam];
enable = true;
serviceConfig = {
ExecStart = "${pkgs.auto-mount}/bin/auto-mount add %i";
ExecStop = "${pkgs.auto-mount}/bin/auto-mount remove %i";
Type = "oneshot";
RemainAfterExit = true;
};
};
}

49
nixos/hosts/shodan/configuration.nix
View file

@ -21,6 +21,10 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
./hardware-configuration.nix
../../../disko/shodan
./auto-mount.nix
];
boot.tmp.cleanOnBoot = true;
@ -44,19 +48,29 @@
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
# Custom tools
auto-mount
#System:
alejandra
btrfs-progs
efitools
extest
git
git-filter-repo
home-manager
htop
jq
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
oh-my-zsh
rsync
rustdesk
sbctl
steam
udisks
util-linux
wget
zsh
@ -86,7 +100,7 @@
jovian.steam.autoStart = true;
#What desktop to start when switching to desktop session
jovian.steam.desktopSession = "plasma";
jovian.steam.desktopSession = "plasmax11";
jovian.steam.user = "lillian";
@ -103,7 +117,7 @@
jovian.hardware.has.amd.gpu = true;
programs.steam = {
programs.steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
@ -120,9 +134,11 @@
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
services.xserver.displayManager.defaultSession = "plasmax11";
services.xserver.displayManager.sddm.wayland.enable = lib.mkForce false;
services.xserver.displayManager.sddm.settings = {
Autologin = {
Session = "plasma.desktop";
Session = "plasmax11.desktop";
User = "lillian";
};
};
@ -144,6 +160,12 @@
networking.firewall.allowedTCPPorts = [22];
# # Enable automounting of removable media
# services.udisks2.enable = true;
# services.devmon.enable = true;
# services.gvfs.enable = true;
# environment.variables.GIO_EXTRA_MODULES = lib.mkForce ["${pkgs.gvfs}/lib/gio/modules"];
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
@ -175,7 +197,7 @@
enable = true;
};
users.users.lillian.extraGroups = ["decky"];
users.users.lillian.extraGroups = ["decky" "tss" "input"];
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
@ -190,12 +212,27 @@
networking.hostName = "shodan";
boot.loader.systemd-boot.enable = true;
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.consoleLogLevel = 0;
boot.kernelParams = ["quiet" "udev.log_priority=0"];
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
boot.plymouth.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

14
nixos/hosts/shodan/hardware-configuration.nix
View file

@ -17,20 +17,6 @@
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b29d5a9c-a4a6-4321-a767-27ed928cfa94";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/ABC6-B031";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/c0c87d80-b6be-444a-a76f-b32d35c38994";}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction

5
nixos/hosts/shodan/secrets/sops.yaml
View file

@ -1,4 +1,3 @@
pass: ENC[AES256_GCM,data:M7V75Q7I,iv:d59fWvFsEOOu8A+BSK0f2ZskX1SXHN1wA3EfGGsHp70=,tag:FLTogvUgI3HdKYWCJc/M1Q==,type:int]
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
sops:
kms: []
@ -15,8 +14,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T12:17:27Z"
mac: ENC[AES256_GCM,data:JYOxnbBK2Uj/TH9Pc6gFf0xE82lD726Jm2R7fz4WYM3pAeYoeauRVU0YoxKhOHmAjAq9ZyHZVdWg3bSMMEz9ONz/F6LZiI5qegT+SO3uAPaTRwUa639G6RGO5b86LIRPuXBw5sdePeoxDt62rOiT6UhySK5XiEysEv5NyQFijlw=,iv:1pbuTtnRbaNKRn73NLZ+s3ZW2sGAc80tRd2QWTR4688=,tag:YndVhpjQC1aUBhmv7d/4+A==,type:str]
lastmodified: "2024-03-19T00:42:59Z"
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

45
nixos/server/package-configs/cinny/default.nix Normal file
View file

@ -0,0 +1,45 @@
{
config,
pkgs,
inputs,
lib,
...
}: let
port = 2143;
configFile =
pkgs.writeText "config.json"
''
{
"defaultHomeserver": 0,
"homeserverList": [
"matrix.gladtherescake.eu"
],
"allowCustomHomeservers": false
}
'';
in {
virtualisation.oci-containers.containers."cinny" = {
autoStart = true;
ports = ["${toString port}:80"];
volumes = [
"${configFile}:/app/config.json"
];
image = "ajbura/cinny:latest";
};
services.nginx = {
enable = true;
virtualHosts = {
"cinny.gladtherescake.eu" = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString port}";
proxyWebsockets = true;
};
};
};
};
}

5
nixos/server/package-configs/conduit/default.nix
View file

@ -40,7 +40,10 @@ in {
settings.global = {
inherit server_name;
database_backend = "sqlite";
database_backend = "rocksdb";
allow_registration = false;
turn_uris = ["turn:turn.gladtherescake.eu.url?transport=udp" "turn:turn.gladtherescake.eu?transport=tcp"];
turn_secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
};
};

48
nixos/server/package-configs/coturn/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
pkgs,
...
}: {
sops.secrets."coturn-auth-secret".mode = "0440";
sops.secrets."coturn-auth-secret".owner = config.users.users.turnserver.name;
users.users.nginx.extraGroups = ["turnserver"];
services.coturn = {
enable = true;
use-auth-secret = true;
static-auth-secret = "cPKWEn4Fo5TAJoE7iX3xeVOaMVE4afeRN1iRGWYfbkWbkaZMxTpnmazHyH6c6yXT";
realm = "turn.gladtherescake.eu";
relay-ips = [
"62.171.160.195"
"2a02:c207:2063:2448::1"
];
extraConfig = "
cipher-list=\"HIGH\"
no-loopback-peers
no-multicast-peers
";
secure-stun = true;
cert = "/var/lib/acme/turn.gladtherescake.eu/fullchain.pem";
pkey = "/var/lib/acme/turn.gladtherescake.eu/key.pem";
min-port = 49152;
max-port = 49999;
};
# setup certs
services.nginx = {
enable = true;
virtualHosts = {
"turn.gladtherescake.eu" = {
forceSSL = true;
enableACME = true;
};
};
};
# share certs with coturn and restart on renewal
security.acme.certs = {
"turn.gladtherescake.eu" = {
group = "turnserver";
postRun = "systemctl reload nginx.service; systemctl restart coturn.service";
};
};
}

15
nixos/server/package-configs/dashboard/default.nix Normal file
View file

@ -0,0 +1,15 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
imports = [
./grafana
#./loki
./prometheus
./telegraf
];
}

48
nixos/server/package-configs/dashboard/grafana/default.nix Normal file
View file

@ -0,0 +1,48 @@
{
config,
pkgs,
...
}: {
# grafana configuration
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.lillianviolet.dev";
http_port = 2342;
http_addr = "127.0.0.1";
};
provision = {
datasources.settings = {
apiVersion = 1;
datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:${toString config.services.prometheus.port}";
isDefault = true;
}
# {
# name = "Loki";
# type = "loki";
# access = "proxy";
# url = "http://localhost:${config.services.loki.port}";
# isDefault = true;
# }
];
};
};
};
# nginx reverse proxy
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
## Force HTTP redirect to HTTPS
forceSSL = true;
## LetsEncrypt
enableACME = true;
locations."/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
}

10
nixos/server/package-configs/dashboard/loki/default.nix Normal file
View file

@ -0,0 +1,10 @@
{
config,
pkgs,
...
}: {
services.loki = {
enable = true;
configFile = ./loki.yaml;
};
}

40
nixos/server/package-configs/dashboard/loki/loki.yaml Normal file
View file

@ -0,0 +1,40 @@
# Enables authentication through the X-Scope-OrgID header, which must be present
# if true. If false, the OrgID will always be set to "fake".
auth_enabled: false
server:
http_listen_address: "0.0.0.0"
http_listen_port: 3100
ingester:
lifecycler:
address: "127.0.0.1"
ring:
kvstore:
store: inmemory
replication_factor: 1
final_sleep: 0s
chunk_idle_period: 5m
chunk_retain_period: 30s
schema_config:
configs:
- from: 2020-05-15
store: boltdb
object_store: filesystem
schema: v11
index:
prefix: index_
period: 168h
storage_config:
boltdb:
directory: /tmp/loki/index
filesystem:
directory: /tmp/loki/chunks
limits_config:
enforce_metric_name: false
reject_old_samples: true
reject_old_samples_max_age: 168h

38
nixos/server/package-configs/dashboard/prometheus/default.nix Normal file
View file

@ -0,0 +1,38 @@
{
config,
pkgs,
...
}: {
services.prometheus = {
enable = true;
port = 9001;
# Export the current system metrics
exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9002;
};
};
scrapeConfigs = [
# Scrape the current system
{
job_name = "GrafanaService system";
static_configs = [
{
targets = ["127.0.0.1:9002"];
}
];
}
# Scrape the Loki service
# {
# job_name = "Loki service";
# static_configs = [
# {
# targets = ["127.0.0.1:3100"];
# }
# ];
# }
];
};
}

56
nixos/server/package-configs/dashboard/telegraf/default.nix Normal file
View file

@ -0,0 +1,56 @@
{
inputs,
lib,
config,
pkgs,
user,
...
}: {
sops.secrets."grafana-telegraf-key".mode = "0440";
sops.secrets."grafana-telegraf-key".owner = config.users.users.telegraf.name;
services.telegraf = {
enable = true;
extraConfig = {
agent = {
interval = "10s";
round_interval = true;
metric_batch_size = 1000;
metric_buffer_limit = 10000;
collection_jitter = "0s";
flush_interval = "10s";
flush_jitter = "0s";
precision = "";
debug = false;
quiet = false;
logfile = "";
hostname = "queen";
omit_hostname = false;
};
inputs = {
cpu = {
percpu = true;
totalcpu = true;
collect_cpu_time = false;
report_active = false;
core_tags = false;
};
disk = {
ignore_fs = ["tmpfs" "devtmpfs" "devfs" "overlay" "aufs" "squashfs"];
};
diskio = {};
kernel = {};
mem = {};
system = {};
};
outputs = {
websocket = {
url = "ws://localhost:${toString config.services.prometheus.port}/api/live/push/telegraf";
data_format = "influx";
headers = {
Authorisation = "Bearer glsa_lqpcKV34Pp0d7eIhKN79E2HTwzWWwN4m_fe64e398";
};
};
};
};
};
}

4
nixos/server/package-configs/default.nix
View file

@ -14,5 +14,9 @@
./nextcloud
./postgres
./roundcube
./coturn
./dashboard
./cinny
./firefox-sync
];
}

30
nixos/server/package-configs/firefox-sync/default.nix Normal file
View file

@ -0,0 +1,30 @@
{
config,
pkgs,
...
}: let
port = 5126;
in {
sops.secrets."sync-secrets".mode = "0440";
sops.secrets."sync-secrets".owner = config.users.users.firefox-syncserver.name;
users.groups.firefox-syncserver = {};
users.users.firefox-syncserver = {
isSystemUser = true;
group = "firefox-syncserver";
extraGroups = [config.users.groups.keys.name];
};
services.mysql.package = pkgs.mariadb;
services.firefox-syncserver = {
enable = true;
secrets = config.sops.secrets."sync-secrets".path;
singleNode = {
enable = true;
hostname = "sync.gladtherescake.eu";
url = "http://localhost:${toString port}";
enableNginx = true;
enableTLS = true;
};
};
}

1
nixos/shared/packages/default.nix
View file

@ -26,6 +26,7 @@
# System tools
age
alejandra
e2fsprogs
git
git-filter-repo
home-manager

18
overlays/default.nix
View file

@ -1,5 +1,14 @@
# This file defines overlays
{inputs, ...}: {
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
steam = prev.steam.override {
extraProfile = ''export LD_PRELOAD=${inputs.extest}/lib/libextest.so:$LD_PRELOAD'';
};
};
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev:
import ../pkgs {
@ -7,15 +16,6 @@
pkgs = final;
};
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
# https://nixos.wiki/wiki/Overlays
modifications = final: prev: {
# example = prev.example.overrideAttrs (oldAttrs: rec {
# ...
# });
};
# When applied, the stable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.stable'
pkg-sets = (

247
pkgs/auto-mount/default.nix Normal file
View file

@ -0,0 +1,247 @@
{
lib,
stdenv,
system,
pkgs,
jq,
coreutils,
udisks,
toybox,
util-linux,
writeShellApplication,
}:
writeShellApplication
{
# Originally from: https://github.com/scawp/Steam-Deck.Mount-External-Drive/
name = "auto-mount";
runtimeInputs = [jq coreutils udisks util-linux toybox pkgs.steam pkgs.extest];
text = ''
set -euo pipefail
# Originally from https://serverfault.com/a/767079
# This script is called from our systemd unit file to mount or unmount
# a USB drive.
usage()
{
echo "Usage: $0 {add|remove} device_name (e.g. sdb1)"
exit 1
}
if [[ $# -ne 2 ]]; then
usage
fi
ACTION=$1
DEVBASE=$2
DEVICE="/dev/''${DEVBASE}"
# Shared between this and the auto-mount script to ensure we're not double-triggering nor automounting while formatting
# or vice-versa.
MOUNT_LOCK="/home/lillian/lock/jupiter-automount-''${DEVBASE//\/_}.lock"
# Obtain lock
exec 9<>"$MOUNT_LOCK"
if ! flock -n 9; then
echo "$MOUNT_LOCK is active: ignoring action $ACTION"
# Do not return a success exit code: it could end up putting the service in 'started' state without doing the mount
# work (further start commands will be ignored after that)
exit 1
fi
# Wait N seconds for steam
wait_steam()
{
local i=0
local wait=$1
echo "Waiting up to $wait seconds for steam to load"
while ! pgrep -x steamwebhelper &>/dev/null && (( i++ < wait )); do
sleep 1
done
}
send_steam_url()
{
local command
command="$1"
local arg
arg="$2"
local encoded
encoded=$(urlencode "$arg")
if pgrep -x "steam" > /dev/null; then
# TODO use -ifrunning and check return value - if there was a steam process and it returns -1, the message wasn't sent
# need to retry until either steam process is gone or -ifrunning returns 0, or timeout i guess
echo "Sent URL to steam: steam://''${command}/''${arg} (steam://''${command}/''${encoded})" >> /home/lillian/steam.txt
systemd-run -M 1000@ --user --collect --wait sh -c "export LD_PRELOAD=${pkgs.extest}/lib/libextest.so:$LD_PRELOAD ${pkgs.steam}/bin/steam steam://''${command}/''${encoded@Q}"
else
echo "Could not send steam URL steam://''${command}/''${arg} (steam://''${command}/''${encoded}) -- steam not running"
fi
}
# From https://gist.github.com/HazCod/da9ec610c3d50ebff7dd5e7cac76de05
urlencode()
{
[ -z "$1" ] || echo -n "$@" | hexdump -v -e '/1 "%02x"' | sed 's/\(..\)/%\1/g'
}
do_mount()
{
declare -i ret
# NOTE: these values are ABI, since they are sent to the Steam client
# shellcheck disable=SC2034
readonly FSCK_ERROR=1
# shellcheck disable=SC2034
readonly MOUNT_ERROR=2
# Get info for this drive: $ID_FS_LABEL, and $ID_FS_TYPE
dev_json=$(lsblk -o PATH,LABEL,FSTYPE --json -- "$DEVICE" | jq '.blockdevices[0]')
ID_FS_LABEL=$(jq -r '.label | select(type == "string")' <<< "$dev_json")
ID_FS_TYPE=$(jq -r '.fstype | select(type == "string")' <<< "$dev_json")
# Global mount options
OPTS="rw,noatime"
# File system type specific mount options
#if [[ ''${ID_FS_TYPE} == "vfat" ]]; then
# OPTS+=",users,gid=100,umask=000,shortname=mixed,utf8=1,flush"
#fi
case "''${ID_FS_TYPE}" in
"ntfs")
echo "FSType is NTFS"
#Extra Opts don't seem necessary anymore? add if required
#OPTS+=""
;;
"exfat")
echo "FSType is exFat"
#OPTS+=",users,gid=100,umask=000,shortname=mixed,utf8=1,flush"
;;
"btrfs")
echo "FSType is btrfs"
;;
"ext4")
echo "FSType is ext4"
#exit 2
;;
*)
echo "Error mounting ''${DEVICE}: unsupported fstype: ''${ID_FS_TYPE} - ''${dev_json}"
rm "''${MOUNT_LOCK}"
exit 2
;;
esac
# Prior to talking to udisks, we need all udev hooks (we were started by one) to finish, so we know it has knowledge
# of the drive. Our own rule starts us as a service with --no-block, so we can wait for rules to settle here
# safely.
#if ! udevadm settle; then
# echo "Failed to wait for \`udevadm settle\`"
# exit 1
#fi
# Ask udisks to auto-mount. This needs a version of udisks that supports the 'as-user' option.
ret=0
reply=$(busctl call --allow-interactive-authorization=false --expect-reply=true --json=short \
org.freedesktop.UDisks2 \
/org/freedesktop/UDisks2/block_devices/"''${DEVBASE}" \
org.freedesktop.UDisks2.Filesystem \
Mount 'a{sv}' 3 \
as-user s lillian \
auth.no_user_interaction b true \
options s "$OPTS") || ret=$?
if (( ret != 0 )); then
# send_steam_url "system/devicemountresult" "''${DEVBASE}/''${MOUNT_ERROR}"
echo "Error mounting ''${DEVICE} (status = $ret)"
exit 1
fi
# Expected reply is of the format
# {"type":"s","data":["/run/media/lillian/home"]}
mount_point=$(jq -r '.data[0] | select(type == "string")' <<< "$reply" || true)
if [[ -z $mount_point ]]; then
echo "Error when mounting ''${DEVICE}: udisks returned success but could not parse reply:"
echo "---"$'\n'"$reply"$'\n'"---"
exit 1
fi
if [[ ''${ID_FS_TYPE} == "exfat" ]]; then
echo "exFat does not support symlinks, do not add library to Steam"
exit 0
fi
# Create a symlink from /run/media to keep compatibility with apps
# that use the older mount point (for SD cards only).
case "''${DEVBASE}" in
mmcblk0p*)
if [[ -z "''${ID_FS_LABEL}" ]]; then
old_mount_point="/run/media/''${DEVBASE}"
else
old_mount_point="/run/media/''${mount_point##*/}"
fi
if [[ ! -d "''${old_mount_point}" ]]; then
rm -f -- "''${old_mount_point}"
ln -s -- "''${mount_point}" "''${old_mount_point}"
fi
;;
esac
echo "**** Mounted ''${DEVICE} at ''${mount_point} ****"
if [ -f "''${mount_point}/libraryfolder.vdf" ]; then
echo " send_steam_url \"addlibraryfolder\" \"''${mount_point}\""
# send_steam_url "addlibraryfolder" "''${mount_point}"
else
#TODO check permissions are 1000 when creating new SteamLibrary
mkdir -p "''${mount_point}/SteamLibrary"
chown lillian:users "''${mount_point}/SteamLibrary"
# send_steam_url "addlibraryfolder" "''${mount_point}/SteamLibrary"
fi
}
do_unmount()
{
local mount_point
mount_point=$(findmnt -fno TARGET "''${DEVICE}" || true)
if [[ -n $mount_point ]]; then
# Remove symlink to the mount point that we're unmounting
find /run/media -maxdepth 1 -xdev -type l -lname "''${mount_point}" -exec rm -- {} \;
else
# If we don't know the mount point then remove all broken symlinks
find /run/media -maxdepth 1 -xdev -xtype l -exec rm -- {} \;
fi
}
do_retrigger()
{
local mount_point
mount_point=$(findmnt -fno TARGET "''${DEVICE}" || true)
[[ -n $mount_point ]] || return 0
# In retrigger mode, we want to wait a bit for steam as the common pattern is starting in parallel with a retrigger
wait_steam 10
# This is a truly gnarly way to ensure steam is ready for commands.
# TODO literally anything else
sleep 6
# send_steam_url "addlibraryfolder" "''${mount_point}"
}
case "''${ACTION}" in
add)
do_mount
;;
remove)
do_unmount
;;
retrigger)
do_retrigger
;;
*)
usage
;;
esac
'';
}

1
pkgs/default.nix
View file

@ -12,4 +12,5 @@ pkgs: {
upgrade = pkgs.callPackage ./upgrade {};
restart = pkgs.callPackage ./restart {};
phanpy = pkgs.callPackage ./phanpy {};
auto-mount = pkgs.callPackage ./auto-mount {};
}

202
pkgs/fcast/default.nix Normal file
View file

@ -0,0 +1,202 @@
{
lib,
buildNpmPackage,
cargo,
copyDesktopItems,
dbus,
electron_28,
fetchFromGitLab,
glib,
gnome,
gtk3,
jq,
libsecret,
makeDesktopItem,
makeWrapper,
moreutils,
napi-rs-cli,
nodejs_18,
patchutils_0_4_2,
pkg-config,
python3,
runCommand,
rustc,
rustPlatform,
}: let
description = "A secure and free password manager for all of your devices";
icon = "bitwarden";
electron = electron_28;
in
buildNpmPackage rec {
pname = "bitwarden-desktop";
version = "2024.3.0";
src = fetchFromGitLab {
owner = "videostreaming";
repo = "fcast";
rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539";
hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g=";
};
patches = [
./electron-builder-package-lock.patch
];
# The nested package-lock.json from upstream is out-of-date, so copy the
# lock metadata from the root package-lock.json.
postPatch = ''
cat {,apps/desktop/src/}package-lock.json \
| ${lib.getExe jq} -s '
.[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2
| .[0].packages."" = .[1].packages.""
| .[1].packages = .[0].packages
| .[1]
' \
| ${moreutils}/bin/sponge apps/desktop/src/package-lock.json
'';
nodejs = nodejs_18;
makeCacheWritable = true;
npmFlags = ["--legacy-peer-deps"];
npmWorkspace = "apps/desktop";
npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc=";
cargoDeps = rustPlatform.fetchCargoTarball {
name = "${pname}-${version}";
inherit src;
patches =
map
(
patch:
runCommand
(builtins.baseNameOf patch)
{nativeBuildInputs = [patchutils_0_4_2];}
''
< ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out
''
)
patches;
patchFlags = ["-p4"];
sourceRoot = "${src.name}/${cargoRoot}";
hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI=";
};
cargoRoot = "apps/desktop/desktop_native";
env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
nativeBuildInputs = [
cargo
copyDesktopItems
jq
makeWrapper
moreutils
napi-rs-cli
pkg-config
python3
rustc
rustPlatform.cargoCheckHook
rustPlatform.cargoSetupHook
];
buildInputs = [
glib
gtk3
libsecret
];
preBuild = ''
if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then
echo 'ERROR: electron version mismatch'
exit 1
fi
'';
postBuild = ''
pushd apps/desktop
# desktop_native/index.js loads a file of that name regarldess of the libc being used
mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node
npm exec electron-builder -- \
--dir \
-c.electronDist=${electron}/libexec/electron \
-c.electronVersion=${electron.version}
popd
'';
doCheck = true;
nativeCheckInputs = [
dbus
(gnome.gnome-keyring.override {useWrappedDaemon = false;})
];
checkFlags = [
"--skip=password::password::tests::test"
];
checkPhase = ''
runHook preCheck
pushd ${cargoRoot}
export HOME=$(mktemp -d)
export -f cargoCheckHook runHook _eval _callImplicitHook
export cargoCheckType=release
dbus-run-session \
--config-file=${dbus}/share/dbus-1/session.conf \
-- bash -e -c cargoCheckHook
popd
runHook postCheck
'';
installPhase = ''
runHook preInstall
mkdir $out
pushd apps/desktop/dist/linux-unpacked
mkdir -p $out/opt/Bitwarden
cp -r locales resources{,.pak} $out/opt/Bitwarden
popd
makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \
--add-flags $out/opt/Bitwarden/resources/app.asar \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--set-default ELECTRON_IS_DEV 0 \
--inherit-argv0
pushd apps/desktop/resources/icons
for icon in *.png; do
dir=$out/share/icons/hicolor/"''${icon%.png}"/apps
mkdir -p "$dir"
cp "$icon" "$dir"/${icon}.png
done
popd
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "bitwarden";
exec = "bitwarden %U";
inherit icon;
comment = description;
desktopName = "Bitwarden";
categories = ["Utility"];
})
];
meta = {
changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}";
inherit description;
homepage = "https://bitwarden.com";
license = lib.licenses.gpl3;
maintainers = with lib.maintainers; [amarshall kiwi];
platforms = ["x86_64-linux"];
mainProgram = "bitwarden";
};
}

22
pkgs/install-nix-no-inhibit/default.nix
View file

@ -1,20 +1,22 @@
{
lib,
stdenv,
git,
gum,
writeShellApplication,
}:
writeShellApplication
{
name = "install-nix-no-inhibit";
runtimeInputs = [];
runtimeInputs = [git gum];
text = ''
# An install script for NixOS installation to /tmp
set -e
pushd /tmp > /dev/null
systemd-inhibit --what=idle rm -rf ./install-nix
systemd-inhibit --what=idle git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./install-nix
rm -rf ./install-nix
git clone https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git ./install-nix
pushd ./install-nix/nixos/hosts > /dev/null
echo "Please choose the hostname you are installing to from the following list:"
i=1
@ -25,11 +27,21 @@ writeShellApplication
select dir in "''${dirs[@]}"; do echo "you selected ''${dir}"; break; done
popd > /dev/null
pushd ./install-nix > /dev/null
gum confirm --default=false \
"🔥 🔥 🔥 WARNING!!!! This will ERASE ALL DATA on the disk for ''${dir}. Are you sure you want to continue?"
echo "Partitioning Disks"
sudo nix run github:nix-community/disko \
--extra-experimental-features "nix-command flakes" \
--no-write-lock-file \
-- \
--mode zap_create_mount \
"./disko/''${dir}/default.nix"
echo "NixOS Installing..."
systemd-inhibit --what=idle sudo nixos-install --flake .#"''${dir}"
sudo nixos-install --flake .#"''${dir}"
popd > /dev/null
echo "Cleaning up repository in '/tmp/install-nix'..."
systemd-inhibit --what=idle rm -rf ./install-nix
rm -rf ./install-nix
popd > /dev/null
echo "NixOS Install Succeeded!"
'';

4
pkgs/update/default.nix
View file

@ -18,9 +18,9 @@ writeShellApplication
pushd ./update > /dev/null
echo "Updating flake lock..."
nix flake update
git add flake.lock
sudo nix flake check
git stage ./flake.lock
git commit -m "update flake lock"
sudo nix flake check
git push
popd > /dev/null
echo "Cleaning up repository in '/tmp/update'..."

1
result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/a9kdf62qv1r5s0nb40a1ij9lm2vsh418-nixos-24.05.20240319.b06025f-x86_64-linux.iso