Compare commits
125 commits
Desktop-ch
...
main
Author | SHA1 | Date | |
---|---|---|---|
Lillian Violet | 3abc86b29c | ||
Lillian Violet | d914cc541e | ||
Lillian Violet | c72c30a4be | ||
Lillian Violet | 8c454565d8 | ||
Lillian Violet | dbbe13b315 | ||
Lillian Violet | 45c12e8f37 | ||
Lillian Violet | 6c64a962f4 | ||
Lillian Violet | 7ee9d954ce | ||
Lillian Violet | e9323dbf28 | ||
Lillian Violet | 34bd6cca90 | ||
Lillian Violet | 745b72d6f5 | ||
Lillian Violet | 12a914b2f4 | ||
Lillian Violet | b294971ff3 | ||
Lillian Violet | 704c91ff20 | ||
Lillian Violet | 122a869e56 | ||
Lillian Violet | dcf850626d | ||
Lillian Violet | af630d4de1 | ||
Lillian Violet | 552f606563 | ||
Lillian Violet | 24b4b45907 | ||
Lillian Violet | 34247fccb9 | ||
Lillian Violet | 5f9e1ca575 | ||
Lillian Violet | b81f2902a5 | ||
Lillian Violet | dd559197f1 | ||
Lillian Violet | cdb1e80062 | ||
Lillian Violet | fb3291ec12 | ||
Lillian Violet | 8a33eb523f | ||
Lillian Violet | e9f54dd72f | ||
Lillian Violet | cb5d31e83d | ||
Lillian Violet | f109a2d078 | ||
Lillian Violet | 0bd46a5a21 | ||
Lillian Violet | c0d9fc440e | ||
Lillian Violet | 9c04783246 | ||
0c425f895d | |||
5f98efbacb | |||
Lillian Violet | 97ecd6fd7e | ||
Lillian Violet | 660df387a5 | ||
Lillian Violet | c60f7f6ee8 | ||
Lillian Violet | eedc40ed88 | ||
Lillian Violet | 225c066915 | ||
Lillian Violet | 7b84b43fc3 | ||
Lillian Violet | daa600e8bb | ||
Lillian Violet | c147ee631e | ||
Lillian Violet | a8f1fd4bc7 | ||
Lillian Violet | 11ed1c665a | ||
Lillian Violet | 72c9457a37 | ||
Lillian Violet | 47dc699ed1 | ||
Lillian Violet | 30a16e746e | ||
Lillian Violet | eb404ad3a2 | ||
Lillian Violet | b86a9496a3 | ||
Lillian Violet | e06d89ea13 | ||
Lillian Violet | 7f7175ca9d | ||
Lillian Violet | 2a29f5587a | ||
Lillian Violet | 733d98a446 | ||
Lillian Violet | 5966956e26 | ||
Lillian Violet | b88cb6f85e | ||
Lillian Violet | 9caddae553 | ||
Lillian Violet | 11ec2dddae | ||
Lillian Violet | 4967c8b802 | ||
Lillian Violet | 123d839f5e | ||
Lillian Violet | 46ed9c2180 | ||
Lillian Violet | 6f697b2b75 | ||
Lillian Violet | 7e59475cde | ||
Lillian Violet | f60c7bfce7 | ||
Lillian Violet | 241d2180a7 | ||
Lillian Violet | c430c04900 | ||
Lillian Violet | ccf6b5effc | ||
Lillian Violet | fdceea44d6 | ||
Lillian Violet | eebdbe7581 | ||
Lillian Violet | 816a34770c | ||
Lillian Violet | c124fc819a | ||
Lillian Violet | 11f1f5c60e | ||
Lillian Violet | 0962774501 | ||
Lillian Violet | 34fd796e7e | ||
Lillian Violet | 5e594142d6 | ||
Lillian Violet | daae2195f3 | ||
Lillian Violet | 0f16cdf855 | ||
Lillian Violet | 876ab671df | ||
Lillian Violet | a458bc8476 | ||
Lillian Violet | 66d0796c50 | ||
Lillian Violet | 18f4e75b7b | ||
Lillian Violet | 2269b01863 | ||
Lillian Violet | c494d89289 | ||
Lillian Violet | 6cf5aa600c | ||
Lillian Violet | 93b63910bb | ||
Lillian Violet | 09dffb5d93 | ||
Lillian Violet | f1474f22d1 | ||
Lillian Violet | d9bb2ffdb7 | ||
Lillian Violet | 852839b2c8 | ||
Lillian Violet | 68334d8f81 | ||
Lillian Violet | 9457729da3 | ||
Lillian Violet | f4325a2737 | ||
Lillian Violet | b949c72943 | ||
Lillian Violet | eebd56918d | ||
Lillian Violet | 766169ec50 | ||
Lillian Violet | ca7785c04b | ||
Lillian Violet | 2ebbd70657 | ||
Lillian Violet | 6e2e9a3b72 | ||
Lillian Violet | a3d085483d | ||
Lillian Violet | a974139862 | ||
Lillian Violet | 526097d53b | ||
Lillian Violet | ef6fd0bafd | ||
Lillian Violet | 965fbba1eb | ||
Lillian Violet | ba59542e97 | ||
Lillian Violet | db3d17f176 | ||
Lillian Violet | c3df26037e | ||
Lillian Violet | 7df4368f0f | ||
Lillian Violet | c9e368a1f0 | ||
Lillian Violet | ca68fbb144 | ||
Lillian Violet | 7be0954fc3 | ||
Lillian Violet | ddcdbda418 | ||
Lillian Violet | 573ad0a3ad | ||
Lillian Violet | 449845ca9c | ||
Lillian Violet | 6dacc744a4 | ||
Lillian Violet | 6695352632 | ||
Lillian Violet | 99cd42ce60 | ||
Lillian Violet | 382913f15d | ||
Lillian Violet | d61288b8c1 | ||
Lillian Violet | e8f1325d13 | ||
Lillian Violet | 0c0c841b27 | ||
Lillian Violet | 39136e1877 | ||
Lillian Violet | ac9891ee4e | ||
Lillian Violet | 1650e5a8a1 | ||
Lillian Violet | 3236096a81 | ||
4a36dff699 | |||
Lillian Violet | 02ae4f69a6 |
47
disko/wheatley/default.nix
Normal file
47
disko/wheatley/default.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{
|
||||
disko = {
|
||||
devices = {
|
||||
disk = {
|
||||
disk1 = {
|
||||
imageSize = "20G";
|
||||
type = "disk";
|
||||
device = "/dev/mmcblk0";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
firmware = {
|
||||
size = "30M";
|
||||
priority = 1;
|
||||
type = "0700";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/firmware";
|
||||
};
|
||||
};
|
||||
boot = {
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
extraArgs = [];
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
1195
flake.lock
1195
flake.lock
File diff suppressed because it is too large
Load diff
195
flake.nix
195
flake.nix
|
@ -34,10 +34,10 @@
|
|||
catppuccin.url = "github:catppuccin/nix";
|
||||
|
||||
# Conduit fork without all the fuss and drama
|
||||
conduwuit = {
|
||||
url = "github:girlbossceo/conduwuit";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
# conduwuit = {
|
||||
# url = "github:girlbossceo/conduwuit";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
# };
|
||||
|
||||
# Nix index database files
|
||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||
|
@ -78,6 +78,8 @@
|
|||
|
||||
# Add any other flake you might need
|
||||
# hardware.url = "github:nixos/nixos-hardware";
|
||||
# Stylix theming engine
|
||||
stylix.url = "github:danth/stylix";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
|
@ -97,7 +99,8 @@
|
|||
jovian,
|
||||
nixos-hardware,
|
||||
nix-index-database,
|
||||
conduwuit,
|
||||
# conduwuit,
|
||||
stylix,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (self) outputs;
|
||||
|
@ -105,6 +108,7 @@
|
|||
# Supported systems for your flake packages, shell, etc.
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
# This is a function that generates an attribute by calling a function you
|
||||
# pass to it, with each system as an argument
|
||||
|
@ -116,6 +120,32 @@
|
|||
allowUnfreePredicate = _: true;
|
||||
};
|
||||
};
|
||||
|
||||
sharedModules = [
|
||||
./nixos/shared
|
||||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
catppuccin.nixosModules.catppuccin
|
||||
stylix.nixosModules.stylix
|
||||
nix-index-database.nixosModules.nix-index
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
./home-manager/shared
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
desktopModules = [
|
||||
./nixos/desktop
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
./home-manager/desktop
|
||||
];
|
||||
}
|
||||
];
|
||||
in {
|
||||
# Your custom packages
|
||||
# Accessible through 'nix build', 'nix shell', etc
|
||||
|
@ -144,129 +174,72 @@
|
|||
EDI = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/EDI/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
nix-index-database.nixosModules.nix-index
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
modules =
|
||||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/EDI/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
GLaDOS = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/GLaDOS/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
#lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
nix-index-database.nixosModules.nix-index
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
modules =
|
||||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/GLaDOS/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
queen = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/queen/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
simple-nixos-mailserver.nixosModule
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
];
|
||||
}
|
||||
];
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
simple-nixos-mailserver.nixosModule
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/queen/configuration.nix
|
||||
];
|
||||
};
|
||||
|
||||
shodan = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
jovian.nixosModules.jovian
|
||||
home-manager.nixosModules.home-manager
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
jovian.nixosModules.jovian
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
# ISO = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# specialArgs = {inherit inputs outputs;};
|
||||
# modules = [
|
||||
# {_module.args = {inherit pkgs-edge;};}
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
# ./nixos/hosts/iso/configuration.nix
|
||||
# sops-nix.nixosModules.sops
|
||||
# home-manager.nixosModules.home-manager
|
||||
# nix-index-database.nixosModules.nix-index
|
||||
# catppuccin.nixosModules.catppuccin
|
||||
# {
|
||||
# home-manager.sharedModules = [
|
||||
# inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
# inputs.catppuccin.homeManagerModules.catppuccin
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
|
||||
# iso_server = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# specialArgs = {inherit inputs outputs;};
|
||||
# modules = [
|
||||
# {_module.args = {inherit pkgs-edge;};}
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
# ./nixos/hosts/iso_server/configuration.nix
|
||||
# sops-nix.nixosModules.sops
|
||||
# home-manager.nixosModules.home-manager
|
||||
# nix-index-database.nixosModules.nix-index
|
||||
# catppuccin.nixosModules.catppuccin
|
||||
# {
|
||||
# home-manager.sharedModules = [
|
||||
# inputs.catppuccin.homeManagerModules.catppuccin
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
wheatley = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
./nixos/hosts/wheatley/configuration.nix
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,11 +1,4 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
{pkgs, ...}: {
|
||||
# You can import other home-manager modules here
|
||||
imports = [
|
||||
# If you want to use modules your own flake exports (from modules/home-manager):
|
||||
|
@ -20,9 +13,10 @@
|
|||
./package-configs/firefox.nix
|
||||
./package-configs/konsole
|
||||
./package-configs/foot
|
||||
./package-configs/freetube
|
||||
./package-configs/vesktop
|
||||
];
|
||||
nixpkgs = {
|
||||
config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"];
|
||||
# You can add overlays here
|
||||
overlays = [
|
||||
# You can also add overlays exported from other flakes:
|
||||
|
@ -61,8 +55,10 @@
|
|||
});
|
||||
})
|
||||
];
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
|
||||
# Configure your nixpkgs instance
|
||||
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
|
@ -76,8 +72,6 @@
|
|||
# Add stuff for your user as you see fit:
|
||||
# programs.neovim.enable = true;
|
||||
# home.packages = with pkgs; [ steam ];
|
||||
qt.style.catppuccin.apply = true;
|
||||
programs.freetube.catppuccin.flavor = "macchiato";
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# Coding:
|
||||
|
@ -91,7 +85,7 @@
|
|||
# Chat applications:
|
||||
signal-desktop
|
||||
vesktop
|
||||
cinny-desktop
|
||||
# cinny-desktop
|
||||
|
||||
# Gaming:
|
||||
prismlauncher
|
||||
|
@ -101,6 +95,8 @@
|
|||
# Multimedia:
|
||||
freetube
|
||||
vlc
|
||||
fcast-receiver
|
||||
fcast-client
|
||||
|
||||
# Office applications:
|
||||
onlyoffice-bin
|
||||
|
@ -139,71 +135,69 @@
|
|||
firefoxpwa
|
||||
ungoogled-chromium
|
||||
];
|
||||
programs = {
|
||||
# vscode = {
|
||||
# enable = true;
|
||||
# package = pkgs.vscodium;
|
||||
# extensions = with pkgs.vscode-extensions; [
|
||||
# catppuccin.catppuccin-vsc
|
||||
# catppuccin.catppuccin-vsc-icons
|
||||
# charliermarsh.ruff
|
||||
# eamodio.gitlens
|
||||
# github.vscode-pull-request-github
|
||||
# jnoortheen.nix-ide
|
||||
# kamadorueda.alejandra
|
||||
# mkhl.direnv
|
||||
# ms-toolsai.jupyter
|
||||
# ms-pyright.pyright
|
||||
# oderwat.indent-rainbow
|
||||
# rust-lang.rust-analyzer
|
||||
# yzhang.markdown-all-in-one
|
||||
# ];
|
||||
# };
|
||||
|
||||
programs.vscode = {
|
||||
enable = true;
|
||||
package = pkgs.vscodium;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
catppuccin.catppuccin-vsc
|
||||
catppuccin.catppuccin-vsc-icons
|
||||
charliermarsh.ruff
|
||||
eamodio.gitlens
|
||||
github.vscode-pull-request-github
|
||||
jnoortheen.nix-ide
|
||||
kamadorueda.alejandra
|
||||
mkhl.direnv
|
||||
ms-toolsai.jupyter
|
||||
ms-pyright.pyright
|
||||
oderwat.indent-rainbow
|
||||
rust-lang.rust-analyzer
|
||||
yzhang.markdown-all-in-one
|
||||
];
|
||||
};
|
||||
|
||||
programs.obs-studio = {
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
obs-studio.enable = true;
|
||||
obs-studio.plugins = with pkgs.obs-studio-plugins; [
|
||||
wlrobs
|
||||
obs-backgroundremoval
|
||||
obs-pipewire-audio-capture
|
||||
];
|
||||
};
|
||||
|
||||
# Enable home-manager and git
|
||||
programs.home-manager.enable = true;
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
extraConfig = {
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
# Enable home-manager and git
|
||||
home-manager.enable = true;
|
||||
git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
extraConfig = {
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
};
|
||||
ignores = [
|
||||
"*.direnv"
|
||||
"*.vscode"
|
||||
".envrc"
|
||||
"venv"
|
||||
"venv"
|
||||
];
|
||||
};
|
||||
ignores = [
|
||||
"*.direnv"
|
||||
"*.vscode"
|
||||
".envrc"
|
||||
"venv"
|
||||
"venv"
|
||||
];
|
||||
};
|
||||
|
||||
programs.gpg.enable = true;
|
||||
programs.gpg.settings = {
|
||||
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
|
||||
default-recipient-self = true;
|
||||
auto-key-locate = "local,wkd,keyserver";
|
||||
keyserver = "hkps://keys.openpgp.org";
|
||||
auto-key-retrieve = true;
|
||||
auto-key-import = true;
|
||||
keyserver-options = "honor-keyserver-url";
|
||||
no-autostart = true;
|
||||
gpg.enable = true;
|
||||
gpg.settings = {
|
||||
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
|
||||
default-recipient-self = true;
|
||||
auto-key-locate = "local,wkd,keyserver";
|
||||
keyserver = "hkps://keys.openpgp.org";
|
||||
auto-key-retrieve = true;
|
||||
auto-key-import = true;
|
||||
keyserver-options = "honor-keyserver-url";
|
||||
no-autostart = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.kdeconnect = {
|
||||
package = pkgs.kdePackages.kdeconnect-kde;
|
||||
enable = true;
|
||||
services = {
|
||||
kdeconnect.package = pkgs.kdePackages.kdeconnect-kde;
|
||||
kdeconnect.enable = true;
|
||||
};
|
||||
|
||||
# Nicely reload system units when changing configs
|
||||
|
|
|
@ -1,10 +1,9 @@
|
|||
{...}: {
|
||||
programs.foot = {
|
||||
enable = true;
|
||||
catppuccin.enable = true;
|
||||
# catppuccin.enable = true;
|
||||
settings = {
|
||||
main = {
|
||||
font = "Fira Code:size=11";
|
||||
};
|
||||
|
||||
mouse = {
|
||||
|
|
|
@ -0,0 +1,7 @@
|
|||
{...}: {
|
||||
home.file."settings.db" = {
|
||||
source = ./settings.db;
|
||||
target = ".config/freetube/settings.db";
|
||||
force = true;
|
||||
};
|
||||
}
|
24
home-manager/desktop/package-configs/freetube/settings.db
Normal file
24
home-manager/desktop/package-configs/freetube/settings.db
Normal file
|
@ -0,0 +1,24 @@
|
|||
{"_id":"allowDashAv1Formats","value":true}
|
||||
{"_id":"barColor","value":true}
|
||||
{"_id":"baseTheme","value":"catppuccinMocha"}
|
||||
{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}}
|
||||
{"_id":"defaultQuality","value":"1080"}
|
||||
{"_id":"fetchSubscriptionsAutomatically","value":false}
|
||||
{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true}
|
||||
{"_id":"hideActiveSubscriptions","value":true}
|
||||
{"_id":"hidePopularVideos","value":true}
|
||||
{"_id":"hideRecommendedVideos","value":true}
|
||||
{"_id":"hideSubscriptionsCommunity","value":true}
|
||||
{"_id":"hideSubscriptionsLive","value":true}
|
||||
{"_id":"hideSubscriptionsShorts","value":true}
|
||||
{"_id":"hideSubscriptionsVideos","value":true}
|
||||
{"_id":"hideTrendingVideos","value":true}
|
||||
{"_id":"landingPage","value":"history"}
|
||||
{"_id":"mainColor","value":"CatppuccinMochaMauve"}
|
||||
{"_id":"playNextVideo","value":false}
|
||||
{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"}
|
||||
{"_id":"secColor","value":"CatppuccinMochaMauve"}
|
||||
{"_id":"showDistractionFreeTitles","value":true}
|
||||
{"_id":"useDeArrowThumbnails","value":true}
|
||||
{"_id":"useDeArrowTitles","value":true}
|
||||
{"_id":"useSponsorBlock","value":true}
|
|
@ -1,4 +1,15 @@
|
|||
{
|
||||
{osConfig, ...}: {
|
||||
home.file.".config/kdeconnect/config" = {
|
||||
text = ''
|
||||
[General]
|
||||
keyAlgorithm=EC
|
||||
name=${osConfig.networking.hostName}
|
||||
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
|
||||
'';
|
||||
target = ".config/kdeconnect/config";
|
||||
force = true;
|
||||
};
|
||||
|
||||
programs.plasma = {
|
||||
enable = true;
|
||||
desktop.mouseActions.verticalScroll = "switchVirtualDesktop";
|
||||
|
@ -88,7 +99,7 @@
|
|||
"applications:steam.desktop"
|
||||
"applications:noisetorch.desktop"
|
||||
"applications:org.kde.plasma-systemmonitor.desktop"
|
||||
"applications:org.codeberg.dnkl.foot.desktop"
|
||||
"applications:foot.desktop"
|
||||
"applications:nitrokey-app.desktop"
|
||||
"applications:codium.desktop"
|
||||
"applications:freetube.desktop"
|
||||
|
|
7
home-manager/desktop/package-configs/vesktop/default.nix
Normal file
7
home-manager/desktop/package-configs/vesktop/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{...}: {
|
||||
home.file."settings.json" = {
|
||||
source = ./settings.json;
|
||||
target = ".config/vesktop/settings/settings.json";
|
||||
force = true;
|
||||
};
|
||||
}
|
602
home-manager/desktop/package-configs/vesktop/settings.json
Normal file
602
home-manager/desktop/package-configs/vesktop/settings.json
Normal file
|
@ -0,0 +1,602 @@
|
|||
{
|
||||
"autoUpdate": true,
|
||||
"autoUpdateNotification": false,
|
||||
"useQuickCss": true,
|
||||
"themeLinks": [],
|
||||
"enabledThemes": [
|
||||
"stylix.theme.css"
|
||||
],
|
||||
"enableReactDevtools": false,
|
||||
"frameless": false,
|
||||
"transparent": false,
|
||||
"winCtrlQ": false,
|
||||
"disableMinSize": false,
|
||||
"winNativeTitleBar": false,
|
||||
"plugins": {
|
||||
"ChatInputButtonAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"CommandsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MemberListDecoratorsAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageAccessoriesAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MessageDecorationsAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageEventsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MessagePopoverAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageUpdaterAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"ServerListAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"UserSettingsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"AccountPanelServerProfile": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysAnimate": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysExpandRoles": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysTrust": {
|
||||
"enabled": true,
|
||||
"domain": true,
|
||||
"file": true
|
||||
},
|
||||
"AnonymiseFileNames": {
|
||||
"enabled": true,
|
||||
"anonymiseByDefault": true,
|
||||
"method": 0,
|
||||
"randomisedLength": 7
|
||||
},
|
||||
"AppleMusicRichPresence": {
|
||||
"enabled": false
|
||||
},
|
||||
"WebRichPresence (arRPC)": {
|
||||
"enabled": false
|
||||
},
|
||||
"BANger": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterFolders": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterGifAltText": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterGifPicker": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterNotesBox": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterRoleContext": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterRoleDot": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterSessions": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterSettings": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterUploadButton": {
|
||||
"enabled": false
|
||||
},
|
||||
"BiggerStreamPreview": {
|
||||
"enabled": false
|
||||
},
|
||||
"BlurNSFW": {
|
||||
"enabled": false
|
||||
},
|
||||
"CallTimer": {
|
||||
"enabled": false
|
||||
},
|
||||
"ClearURLs": {
|
||||
"enabled": false
|
||||
},
|
||||
"ClientTheme": {
|
||||
"enabled": false
|
||||
},
|
||||
"ColorSighted": {
|
||||
"enabled": false
|
||||
},
|
||||
"ConsoleJanitor": {
|
||||
"enabled": false
|
||||
},
|
||||
"ConsoleShortcuts": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyEmojiMarkdown": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyFileContents": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyUserURLs": {
|
||||
"enabled": false
|
||||
},
|
||||
"CrashHandler": {
|
||||
"enabled": true
|
||||
},
|
||||
"CtrlEnterSend": {
|
||||
"enabled": false
|
||||
},
|
||||
"CustomRPC": {
|
||||
"enabled": false
|
||||
},
|
||||
"CustomIdle": {
|
||||
"enabled": false
|
||||
},
|
||||
"Dearrow": {
|
||||
"enabled": false
|
||||
},
|
||||
"Decor": {
|
||||
"enabled": false
|
||||
},
|
||||
"DisableCallIdle": {
|
||||
"enabled": false
|
||||
},
|
||||
"DontRoundMyTimestamps": {
|
||||
"enabled": false
|
||||
},
|
||||
"EmoteCloner": {
|
||||
"enabled": false
|
||||
},
|
||||
"Experiments": {
|
||||
"enabled": false
|
||||
},
|
||||
"F8Break": {
|
||||
"enabled": false
|
||||
},
|
||||
"FakeNitro": {
|
||||
"enabled": true,
|
||||
"enableEmojiBypass": true,
|
||||
"emojiSize": 48,
|
||||
"transformEmojis": true,
|
||||
"enableStickerBypass": true,
|
||||
"stickerSize": 160,
|
||||
"transformStickers": true,
|
||||
"transformCompoundSentence": false,
|
||||
"enableStreamQualityBypass": true,
|
||||
"useHyperLinks": true,
|
||||
"hyperLinkText": "{{NAME}}",
|
||||
"disableEmbedPermissionCheck": false
|
||||
},
|
||||
"FakeProfileThemes": {
|
||||
"enabled": false
|
||||
},
|
||||
"FavoriteEmojiFirst": {
|
||||
"enabled": false
|
||||
},
|
||||
"FavoriteGifSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixCodeblockGap": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixSpotifyEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixYoutubeEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"ForceOwnerCrown": {
|
||||
"enabled": false
|
||||
},
|
||||
"FriendInvites": {
|
||||
"enabled": false
|
||||
},
|
||||
"FriendsSince": {
|
||||
"enabled": false
|
||||
},
|
||||
"FullSearchContext": {
|
||||
"enabled": false
|
||||
},
|
||||
"GameActivityToggle": {
|
||||
"enabled": false
|
||||
},
|
||||
"GifPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"GreetStickerPicker": {
|
||||
"enabled": false
|
||||
},
|
||||
"HideAttachments": {
|
||||
"enabled": false
|
||||
},
|
||||
"iLoveSpam": {
|
||||
"enabled": false
|
||||
},
|
||||
"IgnoreActivities": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImageLink": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImageZoom": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImplicitRelationships": {
|
||||
"enabled": false
|
||||
},
|
||||
"InvisibleChat": {
|
||||
"enabled": false
|
||||
},
|
||||
"KeepCurrentChannel": {
|
||||
"enabled": false
|
||||
},
|
||||
"LastFMRichPresence": {
|
||||
"enabled": false
|
||||
},
|
||||
"LoadingQuotes": {
|
||||
"enabled": false
|
||||
},
|
||||
"MemberCount": {
|
||||
"enabled": true,
|
||||
"memberList": true,
|
||||
"toolTip": true
|
||||
},
|
||||
"MentionAvatars": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageClickActions": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLatency": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLinkEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLogger": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageTags": {
|
||||
"enabled": false
|
||||
},
|
||||
"MoreCommands": {
|
||||
"enabled": false
|
||||
},
|
||||
"MoreKaomoji": {
|
||||
"enabled": true
|
||||
},
|
||||
"MoreUserTags": {
|
||||
"enabled": false
|
||||
},
|
||||
"Moyai": {
|
||||
"enabled": false
|
||||
},
|
||||
"MutualGroupDMs": {
|
||||
"enabled": false
|
||||
},
|
||||
"NewGuildSettings": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoBlockedMessages": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoDevtoolsWarning": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoF1": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoMaskedUrlPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoMosaic": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoOnboardingDelay": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoPendingCount": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoProfileThemes": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoReplyMention": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoScreensharePreview": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoServerEmojis": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoTypingAnimation": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoUnblockToJump": {
|
||||
"enabled": false
|
||||
},
|
||||
"NormalizeMessageLinks": {
|
||||
"enabled": false
|
||||
},
|
||||
"NotificationVolume": {
|
||||
"enabled": false
|
||||
},
|
||||
"NSFWGateBypass": {
|
||||
"enabled": false
|
||||
},
|
||||
"OnePingPerDM": {
|
||||
"enabled": false
|
||||
},
|
||||
"oneko": {
|
||||
"enabled": false
|
||||
},
|
||||
"OpenInApp": {
|
||||
"enabled": false
|
||||
},
|
||||
"OverrideForumDefaults": {
|
||||
"enabled": false
|
||||
},
|
||||
"PartyMode": {
|
||||
"enabled": false
|
||||
},
|
||||
"PauseInvitesForever": {
|
||||
"enabled": false
|
||||
},
|
||||
"PermissionFreeWill": {
|
||||
"enabled": false
|
||||
},
|
||||
"PermissionsViewer": {
|
||||
"enabled": false
|
||||
},
|
||||
"petpet": {
|
||||
"enabled": true
|
||||
},
|
||||
"PictureInPicture": {
|
||||
"enabled": false
|
||||
},
|
||||
"PinDMs": {
|
||||
"enabled": false
|
||||
},
|
||||
"PlainFolderIcon": {
|
||||
"enabled": false
|
||||
},
|
||||
"PlatformIndicators": {
|
||||
"enabled": false
|
||||
},
|
||||
"PreviewMessage": {
|
||||
"enabled": false
|
||||
},
|
||||
"QuickMention": {
|
||||
"enabled": false
|
||||
},
|
||||
"QuickReply": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReactErrorDecoder": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReadAllNotificationsButton": {
|
||||
"enabled": false
|
||||
},
|
||||
"RelationshipNotifier": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReplaceGoogleSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReplyTimestamp": {
|
||||
"enabled": false
|
||||
},
|
||||
"RevealAllSpoilers": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReverseImageSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReviewDB": {
|
||||
"enabled": false
|
||||
},
|
||||
"RoleColorEverywhere": {
|
||||
"enabled": false
|
||||
},
|
||||
"SecretRingToneEnabler": {
|
||||
"enabled": false
|
||||
},
|
||||
"Summaries": {
|
||||
"enabled": false
|
||||
},
|
||||
"SendTimestamps": {
|
||||
"enabled": true,
|
||||
"replaceMessageContents": true
|
||||
},
|
||||
"ServerInfo": {
|
||||
"enabled": false
|
||||
},
|
||||
"ServerListIndicators": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShikiCodeblocks": {
|
||||
"enabled": true,
|
||||
"useDevIcon": "COLOR",
|
||||
"theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json",
|
||||
"tryHljs": "SECONDARY",
|
||||
"bgOpacity": 100
|
||||
},
|
||||
"ShowAllMessageButtons": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowConnections": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowHiddenChannels": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowHiddenThings": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowMeYourName": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowTimeoutDuration": {
|
||||
"enabled": false
|
||||
},
|
||||
"SilentMessageToggle": {
|
||||
"enabled": false
|
||||
},
|
||||
"SilentTyping": {
|
||||
"enabled": false
|
||||
},
|
||||
"SortFriendRequests": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyControls": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyCrack": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyShareCommands": {
|
||||
"enabled": false
|
||||
},
|
||||
"StartupTimings": {
|
||||
"enabled": false
|
||||
},
|
||||
"StickerPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"StreamerModeOnStream": {
|
||||
"enabled": false
|
||||
},
|
||||
"SuperReactionTweaks": {
|
||||
"enabled": false
|
||||
},
|
||||
"TextReplace": {
|
||||
"enabled": false
|
||||
},
|
||||
"ThemeAttributes": {
|
||||
"enabled": false
|
||||
},
|
||||
"Translate": {
|
||||
"enabled": false
|
||||
},
|
||||
"TypingIndicator": {
|
||||
"enabled": false
|
||||
},
|
||||
"TypingTweaks": {
|
||||
"enabled": false
|
||||
},
|
||||
"Unindent": {
|
||||
"enabled": false
|
||||
},
|
||||
"UnlockedAvatarZoom": {
|
||||
"enabled": false
|
||||
},
|
||||
"UnsuppressEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"UserVoiceShow": {
|
||||
"enabled": false
|
||||
},
|
||||
"USRBG": {
|
||||
"enabled": false
|
||||
},
|
||||
"ValidReply": {
|
||||
"enabled": false
|
||||
},
|
||||
"ValidUser": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceChatDoubleClick": {
|
||||
"enabled": false
|
||||
},
|
||||
"VcNarrator": {
|
||||
"enabled": false
|
||||
},
|
||||
"VencordToolbox": {
|
||||
"enabled": false
|
||||
},
|
||||
"ViewIcons": {
|
||||
"enabled": false
|
||||
},
|
||||
"ViewRaw": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceDownload": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceMessages": {
|
||||
"enabled": false
|
||||
},
|
||||
"VolumeBooster": {
|
||||
"enabled": false
|
||||
},
|
||||
"WebKeybinds": {
|
||||
"enabled": true
|
||||
},
|
||||
"WebScreenShareFixes": {
|
||||
"enabled": true
|
||||
},
|
||||
"WhoReacted": {
|
||||
"enabled": false
|
||||
},
|
||||
"XSOverlay": {
|
||||
"enabled": false
|
||||
},
|
||||
"YoutubeAdblock": {
|
||||
"enabled": true
|
||||
},
|
||||
"NoTrack": {
|
||||
"enabled": true,
|
||||
"disableAnalytics": true
|
||||
},
|
||||
"WebContextMenus": {
|
||||
"enabled": true,
|
||||
"addBack": true
|
||||
},
|
||||
"Settings": {
|
||||
"enabled": true,
|
||||
"settingsLocation": "aboveNitro"
|
||||
},
|
||||
"SupportHelper": {
|
||||
"enabled": true
|
||||
},
|
||||
"UserMessagesPronouns": {
|
||||
"enabled": true,
|
||||
"showInMessages": true,
|
||||
"showSelf": true,
|
||||
"pronounSource": 0,
|
||||
"pronounsFormat": "LOWERCASE"
|
||||
},
|
||||
"DynamicImageModalAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixImagesQuality": {
|
||||
"enabled": false
|
||||
}
|
||||
},
|
||||
"notifications": {
|
||||
"timeout": 5000,
|
||||
"position": "bottom-right",
|
||||
"useNative": "not-focused",
|
||||
"logLimit": 50
|
||||
},
|
||||
"cloud": {
|
||||
"authenticated": false,
|
||||
"url": "https://api.vencord.dev/",
|
||||
"settingsSync": false,
|
||||
"settingsSyncVersion": 1734993730812
|
||||
}
|
||||
}
|
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
1
home-manager/hosts/EDI/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI
|
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
1
home-manager/hosts/GLaDOS/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS
|
|
@ -18,6 +18,8 @@
|
|||
home.packages = with pkgs; [
|
||||
heroic
|
||||
r2modman
|
||||
ryujinx
|
||||
lutris
|
||||
];
|
||||
|
||||
programs.mangohud = {
|
||||
|
|
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
1
home-manager/hosts/queen/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS
|
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
1
home-manager/hosts/shodan/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS
|
|
@ -16,6 +16,8 @@
|
|||
../../desktop/package-configs/firefox.nix
|
||||
../../desktop/package-configs/konsole
|
||||
../../desktop/package-configs/foot
|
||||
../../desktop/package-configs/freetube
|
||||
../../desktop/package-configs/vesktop
|
||||
../../shared
|
||||
];
|
||||
nixpkgs = {
|
||||
|
@ -56,10 +58,11 @@
|
|||
freetube
|
||||
obs-studio
|
||||
vlc
|
||||
fcast-receiver
|
||||
fcast-client
|
||||
|
||||
# System tools:
|
||||
rage
|
||||
discover
|
||||
flameshot
|
||||
fzf
|
||||
nextcloud-client
|
||||
|
@ -83,22 +86,23 @@
|
|||
firefox
|
||||
ungoogled-chromium
|
||||
];
|
||||
programs = {
|
||||
# # Automount services for user
|
||||
# programs.bashmount.enable = true;
|
||||
# services.udiskie = {
|
||||
# enable = true;
|
||||
# automount = true;
|
||||
# notify = false;
|
||||
# tray = "never";
|
||||
# };
|
||||
|
||||
# # Automount services for user
|
||||
# programs.bashmount.enable = true;
|
||||
# services.udiskie = {
|
||||
# enable = true;
|
||||
# automount = true;
|
||||
# notify = false;
|
||||
# tray = "never";
|
||||
# };
|
||||
|
||||
# Enable home-manager and git
|
||||
programs.home-manager.enable = true;
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
# Enable home-manager and git
|
||||
home-manager.enable = true;
|
||||
git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
};
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
|
|
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
1
home-manager/hosts/wheatley/id_ed25519.pub
Normal file
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS
|
|
@ -11,8 +11,7 @@
|
|||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./nvim.nix
|
||||
../../package-configs/zsh.nix
|
||||
../../package-configs/helix.nix
|
||||
../../shared
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
|
@ -36,5 +35,5 @@
|
|||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
home.stateVersion = "24.05";
|
||||
home.stateVersion = "25.05";
|
||||
}
|
||||
|
|
46
home-manager/kde-connect-commands.json
Normal file
46
home-manager/kde-connect-commands.json
Normal file
|
@ -0,0 +1,46 @@
|
|||
[
|
||||
{
|
||||
"command": "systemctl poweroff",
|
||||
"name": "shutdown"
|
||||
},
|
||||
{
|
||||
"command": "systemctl reboot",
|
||||
"name": "reboot"
|
||||
},
|
||||
{
|
||||
"command": "systemctl suspend",
|
||||
"name": "suspend"
|
||||
},
|
||||
{
|
||||
"command": "systemctl hibernate",
|
||||
"name": "hibernate"
|
||||
},
|
||||
{
|
||||
"command": "loginctl lock-session",
|
||||
"name": "lock"
|
||||
},
|
||||
{
|
||||
"command": "loginctl unlock-session",
|
||||
"name": "unlock"
|
||||
},
|
||||
{
|
||||
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
|
||||
"name": "mute"
|
||||
},
|
||||
{
|
||||
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
|
||||
"name": "mute mic"
|
||||
},
|
||||
{
|
||||
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
|
||||
"name": "screenshot to phone"
|
||||
},
|
||||
{
|
||||
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
|
||||
"name": "webcam to phone"
|
||||
},
|
||||
{
|
||||
"command": "",
|
||||
"name": ""
|
||||
}
|
||||
]
|
|
@ -1,4 +1,8 @@
|
|||
{pkgs, ...}: {
|
||||
{
|
||||
pkgs,
|
||||
osConfig,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./shell/helix
|
||||
./shell/zellij
|
||||
|
@ -10,11 +14,19 @@
|
|||
home = {
|
||||
username = "lillian";
|
||||
homeDirectory = "/home/lillian";
|
||||
file."id_ed25519.pub" = {
|
||||
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
|
||||
target = ".ssh/id_ed25519.pub";
|
||||
force = true;
|
||||
};
|
||||
};
|
||||
|
||||
catppuccin = {
|
||||
enable = true;
|
||||
flavor = "macchiato";
|
||||
foot.enable = false;
|
||||
helix.enable = false;
|
||||
yazi.enable = false;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
|
@ -27,8 +39,43 @@
|
|||
broot
|
||||
lazygit
|
||||
navi
|
||||
yazi
|
||||
nil
|
||||
];
|
||||
programs.navi.enable = true;
|
||||
programs = {
|
||||
navi.enable = true;
|
||||
yazi = {
|
||||
enable = true;
|
||||
package = pkgs.yazi.override {
|
||||
_7zz = pkgs._7zz.override {useUasm = true;};
|
||||
};
|
||||
};
|
||||
};
|
||||
stylix.enable = true;
|
||||
# stylix = {
|
||||
# enable = true;
|
||||
# autoEnable = true;
|
||||
# base16Scheme = {
|
||||
# scheme = "Catppuccin Macchiato";
|
||||
# author = "https://github.com/catppuccin/catppuccin";
|
||||
# base00 = "24273a";
|
||||
# base01 = "1e2030";
|
||||
# base02 = "363a4f";
|
||||
# base03 = "494d64";
|
||||
# base04 = "5b6078";
|
||||
# base05 = "cad3f5";
|
||||
# base06 = "f4dbd6";
|
||||
# base07 = "b7bdf8";
|
||||
# base08 = "ed8796";
|
||||
# base09 = "f5a97f";
|
||||
# base0A = "eed49f";
|
||||
# base0B = "a6da95";
|
||||
# base0C = "8bd5ca";
|
||||
# base0D = "8aadf4";
|
||||
# base0E = "c6a0f6";
|
||||
# base0F = "f0c6c6";
|
||||
# };
|
||||
# image = ./background.jpg;
|
||||
# cursor.package = pkgs.catppuccin-cursors;
|
||||
# cursor.name = "macchiatoMauve";
|
||||
# };
|
||||
}
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
programs.bat = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch];
|
||||
catppuccin.enable = true;
|
||||
# catppuccin.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -16,24 +16,21 @@
|
|||
''
|
||||
#! ~/.nix-profile/bin/zsh
|
||||
is_new() {
|
||||
new=1;
|
||||
touch /tmp/rjh;
|
||||
while IFS="" read -r p || [ -n "$p" ]; do
|
||||
if [ $(pwd) = $p ]; then
|
||||
new=0;
|
||||
fi
|
||||
done < /tmp/rjh
|
||||
return $new
|
||||
new=0;
|
||||
mkdir -p /tmp/rjh;
|
||||
if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then
|
||||
new=1
|
||||
fi
|
||||
return $new
|
||||
}
|
||||
|
||||
send_to_jupyter() {
|
||||
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17
|
||||
pwd >> /tmp/rjh
|
||||
zellij action write 29 25
|
||||
zellij action write 17
|
||||
cat | just send
|
||||
}
|
||||
send_to_jupyter
|
||||
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3
|
||||
rm -f /tmp/pipe-rjh
|
||||
mkfifo /tmp/pipe-rjh
|
||||
cat > /tmp/pipe-rjh
|
||||
zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh
|
||||
rm /tmp/pipe-rjh
|
||||
|
||||
'';
|
||||
in {
|
||||
programs.helix = {
|
||||
|
@ -51,6 +48,11 @@ in {
|
|||
j = ":pipe-to just jupyter";
|
||||
};
|
||||
editor = {
|
||||
auto-save = {
|
||||
focus-lost = true;
|
||||
after-delay.enable = true;
|
||||
after-delay.timeout = 3000;
|
||||
};
|
||||
line-number = "relative";
|
||||
lsp.display-messages = true;
|
||||
lsp.display-inlay-hints = true;
|
||||
|
|
45
home-manager/shared/shell/helix/helix.nix
Normal file
45
home-manager/shared/shell/helix/helix.nix
Normal file
|
@ -0,0 +1,45 @@
|
|||
{
|
||||
fetchzip,
|
||||
lib,
|
||||
rustPlatform,
|
||||
git,
|
||||
installShellFiles,
|
||||
}:
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "helix";
|
||||
version = "24.07";
|
||||
|
||||
# This release tarball includes source code for the tree-sitter grammars,
|
||||
# which is not ordinarily part of the repository.
|
||||
src = fetchzip {
|
||||
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
|
||||
hash = "";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
cargoHash = "";
|
||||
|
||||
nativeBuildInputs = [git installShellFiles];
|
||||
|
||||
env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
|
||||
|
||||
postInstall = ''
|
||||
# not needed at runtime
|
||||
rm -r runtime/grammars/sources
|
||||
|
||||
mkdir -p $out/lib
|
||||
cp -r runtime $out/lib
|
||||
installShellCompletion contrib/completion/hx.{bash,fish,zsh}
|
||||
mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
|
||||
cp contrib/Helix.desktop $out/share/applications
|
||||
cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Post-modern modal text editor";
|
||||
homepage = "https://helix-editor.com";
|
||||
license = licenses.mpl20;
|
||||
mainProgram = "hx";
|
||||
maintainers = with maintainers; [danth yusdacra zowoq];
|
||||
};
|
||||
}
|
|
@ -174,7 +174,7 @@ in {
|
|||
enableZshIntegration = true;
|
||||
settings = {
|
||||
session_serialization = true;
|
||||
theme = "catppuccin-macchiato";
|
||||
# theme = "catppuccin-macchiato";
|
||||
|
||||
themes = {
|
||||
catppuccin-mocha = {
|
||||
|
@ -206,14 +206,12 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
home.file = {
|
||||
"layout" = {
|
||||
source = "${layout}";
|
||||
target = ".config/zellij/layouts/default.kdl";
|
||||
};
|
||||
};
|
||||
home.file = {
|
||||
|
||||
"helix_zellij" = {
|
||||
source = "${helix_zellij}";
|
||||
target = ".config/zellij/layouts/helix.kdl";
|
||||
|
|
|
@ -1,70 +1,71 @@
|
|||
{pkgs, ...}: {
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
cd = "z";
|
||||
code = "codium ./";
|
||||
ls = "eza";
|
||||
lh = "ls -lah";
|
||||
cat = "bat";
|
||||
tree = "tre";
|
||||
neofetch = "hyfetch";
|
||||
shutdown = "shutdown 0";
|
||||
reboot = "reboot 0";
|
||||
};
|
||||
plugins = [
|
||||
{
|
||||
name = "zsh-nix-shell";
|
||||
file = "nix-shell.plugin.zsh";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "chisui";
|
||||
repo = "zsh-nix-shell";
|
||||
rev = "v0.8.0";
|
||||
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "terraform";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "macunha1";
|
||||
repo = "zsh-terraform";
|
||||
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
|
||||
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
|
||||
};
|
||||
}
|
||||
];
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
historySubstringSearch.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
#zsh-abbr.enable = true;
|
||||
oh-my-zsh = {
|
||||
programs = {
|
||||
zoxide = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
"git"
|
||||
"colored-man-pages"
|
||||
"colorize"
|
||||
"dirhistory"
|
||||
"dirpersist"
|
||||
"history"
|
||||
"history-substring-search"
|
||||
"fancy-ctrl-z"
|
||||
"git-flow"
|
||||
"isodate"
|
||||
"z"
|
||||
"zsh-interactive-cd"
|
||||
"zsh-navigation-tools"
|
||||
];
|
||||
};
|
||||
# Extra commands that take more complex forms
|
||||
initExtra = ''
|
||||
eval "$(zoxide init --cmd cd zsh)"
|
||||
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
|
||||
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
|
||||
'';
|
||||
zsh = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
cd = "z";
|
||||
code = "codium ./";
|
||||
ls = "eza";
|
||||
lh = "ls -lah";
|
||||
cat = "bat";
|
||||
tree = "tre";
|
||||
neofetch = "hyfetch";
|
||||
shutdown = "shutdown 0";
|
||||
reboot = "reboot 0";
|
||||
};
|
||||
plugins = [
|
||||
{
|
||||
name = "zsh-nix-shell";
|
||||
file = "nix-shell.plugin.zsh";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "chisui";
|
||||
repo = "zsh-nix-shell";
|
||||
rev = "v0.8.0";
|
||||
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "terraform";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "macunha1";
|
||||
repo = "zsh-terraform";
|
||||
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
|
||||
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
|
||||
};
|
||||
}
|
||||
];
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
historySubstringSearch.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
#zsh-abbr.enable = true;
|
||||
oh-my-zsh = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
"git"
|
||||
"colored-man-pages"
|
||||
"colorize"
|
||||
"dirhistory"
|
||||
"dirpersist"
|
||||
"history"
|
||||
"history-substring-search"
|
||||
"fancy-ctrl-z"
|
||||
"git-flow"
|
||||
"isodate"
|
||||
"z"
|
||||
"zsh-interactive-cd"
|
||||
"zsh-navigation-tools"
|
||||
];
|
||||
};
|
||||
# Extra commands that take more complex forms
|
||||
initExtra = ''
|
||||
eval "$(zoxide init --cmd cd zsh)"
|
||||
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
|
||||
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
9
justfile
9
justfile
|
@ -13,3 +13,12 @@ update:
|
|||
clean:
|
||||
sudo nix-collect-garbage
|
||||
sudo nix-store --optimise
|
||||
|
||||
setup:
|
||||
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
|
||||
|
||||
push:
|
||||
git pull
|
||||
git add *
|
||||
read -p "Commit message: " -r message && git commit -m "$message"
|
||||
git push
|
||||
|
|
|
@ -1,6 +1,5 @@
|
|||
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
|
||||
# These should be stuff you would like to share with others, not your personal configurations.
|
||||
{
|
||||
# List your module files here
|
||||
contabo.wan = import ./contabo/wan;
|
||||
vpn-ip = import ./vpn-ip;
|
||||
}
|
||||
|
|
14
modules/nixos/vpn-ip/default.nix
Normal file
14
modules/nixos/vpn-ip/default.nix
Normal file
|
@ -0,0 +1,14 @@
|
|||
{lib, ...}:
|
||||
with lib; {
|
||||
# Declare what settings a user of this "hello.nix" module CAN SET.
|
||||
options.services.vpn-ip = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -29,11 +29,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
programs.command-not-found.enable = lib.mkForce false;
|
||||
programs.nix-index.enable = true;
|
||||
programs.nix-index-database.comma.enable = true;
|
||||
|
||||
environment.systemPackages =
|
||||
(with pkgs; [
|
||||
# Custom tools
|
||||
|
@ -83,6 +78,8 @@
|
|||
kdePackages.sddm-kcm
|
||||
kdePackages.dolphin-plugins
|
||||
kdePackages.qtstyleplugin-kvantum
|
||||
kdePackages.krdc
|
||||
kdePackages.krfb
|
||||
libportal-qt5
|
||||
libportal
|
||||
|
||||
|
@ -96,101 +93,124 @@
|
|||
# list of latest packages from nixpkgs master
|
||||
# Can be used to install latest version of some packages
|
||||
]);
|
||||
programs = {
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
command-not-found.enable = lib.mkForce false;
|
||||
nix-index.enable = true;
|
||||
nix-index-database.comma.enable = true;
|
||||
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
direnv = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
kdeconnect.enable = true;
|
||||
|
||||
noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
|
||||
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
services = {
|
||||
# Enable the X11 windowing system.
|
||||
xserver.enable = true;
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
};
|
||||
displayManager.defaultSession = "plasma";
|
||||
desktopManager.plasma6.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
services.displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
# Enable flatpak support
|
||||
flatpak.enable = true;
|
||||
packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
xserver.xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
printing.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
fwupd.enable = true;
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
wireplumber.enable = true;
|
||||
};
|
||||
|
||||
avahi = {
|
||||
nssmdns4 = true;
|
||||
enable = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
services.displayManager.defaultSession = "plasma";
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
programs.kdeconnect.enable = true;
|
||||
hardware = {
|
||||
graphics.enable32Bit = true;
|
||||
|
||||
# Enable flatpak support
|
||||
services.flatpak.enable = true;
|
||||
services.packagekit.enable = true;
|
||||
# Enable bluetooth hardware
|
||||
bluetooth.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
services.xserver.xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
|
||||
# Enable sound with pipewire.
|
||||
pulseaudio.enable = false;
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable bluetooth hardware
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
wireplumber.enable = true;
|
||||
};
|
||||
|
||||
programs.noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
};
|
||||
|
||||
security.tpm2.enable = true;
|
||||
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
|
||||
|
||||
# FIXME: re-enable virtual camera loopback when it build again.
|
||||
boot.bootspec.enable = true;
|
||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
#boot.supportedFilesystems = ["bcachefs"];
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
|
||||
boot.kernelModules = [
|
||||
# Virtual Camera
|
||||
"v4l2loopback"
|
||||
# Virtual Microphone, built-in
|
||||
"snd-aloop"
|
||||
];
|
||||
# Set initial kernel module settings
|
||||
boot.extraModprobeConfig = ''
|
||||
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
|
||||
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
|
||||
# https://github.com/umlaeute/v4l2loopback
|
||||
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
|
||||
'';
|
||||
boot.loader.systemd-boot.configurationLimit = 3;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
security.tpm2 = {
|
||||
enable = true;
|
||||
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
tctiEnvironment.enable = true;
|
||||
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
users.users.lillian.extraGroups = ["tss"];
|
||||
boot = {
|
||||
# tss group has access to TPM devices
|
||||
bootspec.enable = true;
|
||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
#boot.supportedFilesystems = ["bcachefs"];
|
||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
|
||||
kernelModules = [
|
||||
# Virtual Camera
|
||||
"v4l2loopback"
|
||||
# Virtual Microphone, built-in
|
||||
"snd-aloop"
|
||||
];
|
||||
# Set initial kernel module settings
|
||||
extraModprobeConfig = ''
|
||||
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
|
||||
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
|
||||
# https://github.com/umlaeute/v4l2loopback
|
||||
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
|
||||
'';
|
||||
loader.systemd-boot.configurationLimit = 3;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
# This is your system's configuration file.
|
||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
|
@ -9,8 +8,6 @@
|
|||
}: {
|
||||
# You can import other NixOS modules here
|
||||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -21,39 +18,32 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
../../desktop
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
../../../disko/EDI
|
||||
|
||||
# Import your generated (nixos-generate-config) hardware configuration
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/EDI;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services.vpn-ip = {
|
||||
ip = "3";
|
||||
};
|
||||
|
||||
networking.hostName = "EDI";
|
||||
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot = {
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
loader.systemd-boot.enable = lib.mkForce false;
|
||||
initrd.systemd.enable = true;
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,8 +15,8 @@ sops:
|
|||
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
|
||||
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-21T10:15:11Z"
|
||||
mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
|
||||
lastmodified: "2024-12-06T18:01:20Z"
|
||||
mac: ENC[AES256_GCM,data:UTzeVEUolw6oBrRL8NMEcb5WmJYUdKnnxKYTrV0AowX6B5Jk8e6hSHqMiEmY9yPdS0HGA0i+DirGvrW3TmsOk2XehsiNO9puXb0/6KiaTge4y3/ueVASAPs/qB9RR6EAdBiE1ZUKVy2vpL+x9xp5XY2F8aHIp22DmJ5Xg5oyWJc=,iv:1/Fj2xAKHUebsj1FLmmGAmvHXNYsLXIfP6F7PJ7EH9M=,tag:XvFBu2vCNj7UMbWVPgo94Q==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.1
|
||||
|
|
|
@ -10,6 +10,7 @@
|
|||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
outputs.nixosModules.vpn-ip
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -20,7 +21,7 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
../../desktop
|
||||
# ../../desktop
|
||||
|
||||
../../../disko/GLaDOS
|
||||
|
||||
|
@ -28,35 +29,39 @@
|
|||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services.vpn-ip = {
|
||||
ip = "2";
|
||||
};
|
||||
|
||||
networking.hostName = "GLaDOS";
|
||||
|
||||
services.xserver.videoDrivers = ["amdgpu"];
|
||||
|
||||
# Add vulkan support to GPU
|
||||
hardware.graphics.extraPackages = with pkgs; [
|
||||
amdvlk
|
||||
];
|
||||
# For 32 bit applications
|
||||
hardware.graphics.extraPackages32 = with pkgs; [
|
||||
driversi686Linux.amdvlk
|
||||
];
|
||||
|
||||
programs.gamemode = {
|
||||
enable = true;
|
||||
settings = {
|
||||
hardware = {
|
||||
# Add vulkan support to GPU
|
||||
graphics.extraPackages = with pkgs; [
|
||||
amdvlk
|
||||
];
|
||||
# For 32 bit applications
|
||||
graphics.extraPackages32 = with pkgs; [
|
||||
driversi686Linux.amdvlk
|
||||
];
|
||||
};
|
||||
programs = {
|
||||
gamemode.enable = true;
|
||||
gamemode.settings = {
|
||||
general = {
|
||||
renice = 10;
|
||||
};
|
||||
|
||||
# Warning: GPU optimisations have the potential to damage hardware
|
||||
gpu = {
|
||||
apply_gpu_optimisations = "accept-responsibility";
|
||||
gpu_device = 0;
|
||||
amd_performance_level = "high";
|
||||
};
|
||||
# gpu = {
|
||||
# apply_gpu_optimisations = "accept-responsibility";
|
||||
# gpu_device = 0;
|
||||
# amd_performance_level = "high";
|
||||
# };
|
||||
|
||||
custom = {
|
||||
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
|
||||
|
@ -64,8 +69,10 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
};
|
||||
|
||||
# boot.lanzaboote = {
|
||||
# enable = true;
|
||||
|
@ -74,17 +81,6 @@
|
|||
|
||||
users.users.lillian.extraGroups = ["gamemode"];
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/GLaDOS;
|
||||
};
|
||||
};
|
||||
|
||||
# virtualisation.waydroid.enable = false;
|
||||
networking.hostName = "GLaDOS";
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,8 +16,8 @@ sops:
|
|||
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
||||
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-22T11:58:42Z"
|
||||
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
|
||||
lastmodified: "2024-12-22T22:09:35Z"
|
||||
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.2
|
||||
|
|
|
@ -13,6 +13,8 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./nvim.nix
|
||||
./hardware-configuration.nix
|
||||
|
@ -26,16 +28,17 @@
|
|||
# Import disko
|
||||
# ../../../disko/queen
|
||||
];
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = false;
|
||||
networking.domain = "";
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "no";
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# require public key authentication for better security
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
|
@ -50,9 +53,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fzf
|
||||
matrix-conduit
|
||||
|
@ -88,58 +88,66 @@
|
|||
sqlite
|
||||
rocksdb
|
||||
];
|
||||
networking = {
|
||||
domain = "";
|
||||
|
||||
# Create an auto-update systemd service that runs every day
|
||||
# system.autoUpgrade = {
|
||||
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
|
||||
# dates = "daily";
|
||||
# enable = true;
|
||||
# };
|
||||
# Create an auto-update systemd service that runs every day
|
||||
# system.autoUpgrade = {
|
||||
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
|
||||
# dates = "daily";
|
||||
# enable = true;
|
||||
# };
|
||||
|
||||
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
|
||||
# Enable networking
|
||||
# networking.networkmanager.enable = true;
|
||||
# networking.nat.enable = true;
|
||||
# networking.nat.internalInterfaces = ["ve-+"];
|
||||
# networking.nat.externalInterface = "ens18";
|
||||
networking.enableIPv6 = lib.mkForce true;
|
||||
networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
|
||||
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
|
||||
# Enable networking
|
||||
# networking.networkmanager.enable = true;
|
||||
# networking.nat.enable = true;
|
||||
# networking.nat.internalInterfaces = ["ve-+"];
|
||||
# networking.nat.externalInterface = "ens18";
|
||||
enableIPv6 = lib.mkForce true;
|
||||
nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
|
||||
|
||||
# networking.interfaces.ens18.ipv4.addresses = [
|
||||
# {
|
||||
# address = "62.171.160.195";
|
||||
# prefixLength = 32;
|
||||
# }
|
||||
# ];
|
||||
# networking.interfaces.ens18.ipv4.addresses = [
|
||||
# {
|
||||
# address = "62.171.160.195";
|
||||
# prefixLength = 32;
|
||||
# }
|
||||
# ];
|
||||
|
||||
networking.interfaces.ens18.ipv6.addresses = [
|
||||
{
|
||||
address = "2a02:c207:2063:2448::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
interfaces.ens18.ipv6.addresses = [
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
address = "2a02:c207:2063:2448::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
firewall = {
|
||||
# Open ports in the firewall.
|
||||
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
};
|
||||
|
||||
hostName = "queen";
|
||||
|
||||
# Disable the server going through wireguard vpn for now
|
||||
wireguard.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
# networking.useNetworkd = true;
|
||||
|
@ -172,20 +180,15 @@
|
|||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/queen;
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
configurationLimit = 3;
|
||||
};
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
networking.hostName = "queen";
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.configurationLimit = 3;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -6,13 +6,14 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
|
|||
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
|
||||
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
|
||||
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
|
||||
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str]
|
||||
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
|
||||
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
|
||||
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
|
||||
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
|
||||
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
||||
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -28,8 +29,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-16T13:34:43Z"
|
||||
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
|
||||
lastmodified: "2024-12-23T00:03:37Z"
|
||||
mac: ENC[AES256_GCM,data:uRXXG8sDFqMyuhSSJrD3gDmZd2uGdrV/vHxfrAzTHYa+rtq7EjsIynxa9obpBKEbCSHa5UHgNxoP9VpSd9n9ENaRDxKFdaANcREjUihTDv0rFoMyaiBPcjWjj5/W8rA2ki7V4M0tgERUmq+UOcW5uZg01jPrHm7TFgdwZezFPfI=,iv:FX7DrwjA2DYKRif4EdhQ7rQKfQdk4NrQBIA+LB/3xkI=,tag:swckRXnUoVVdBsx8tDqIKA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.0
|
||||
version: 3.9.2
|
||||
|
|
|
@ -14,8 +14,9 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# Import the shared settings
|
||||
../../shared
|
||||
../../desktop/package-configs/firefox
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
|
@ -26,11 +27,101 @@
|
|||
|
||||
./auto-mount.nix
|
||||
];
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
loader = {
|
||||
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
# tss group has access to TPM devices
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
systemd-boot.configurationLimit = 3;
|
||||
timeout = 0;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd.systemd.enable = true;
|
||||
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
consoleLogLevel = 0;
|
||||
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
|
||||
plymouth.enable = true;
|
||||
};
|
||||
zramSwap.enable = false;
|
||||
networking.domain = "";
|
||||
services.openssh.enable = true;
|
||||
networking = {
|
||||
domain = "";
|
||||
|
||||
# Enable networking
|
||||
networkmanager.enable = true;
|
||||
|
||||
firewall.enable = true;
|
||||
|
||||
firewall.allowedTCPPorts = [22];
|
||||
|
||||
hostName = "shodan";
|
||||
};
|
||||
services.vpn-ip = {
|
||||
ip = "4";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh.enable = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
xserver.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
desktopManager.plasma6.enable = true;
|
||||
|
||||
avahi = {
|
||||
nssmdns4 = true;
|
||||
enable = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
};
|
||||
};
|
||||
displayManager = {
|
||||
defaultSession = "plasma";
|
||||
sddm.wayland.enable = lib.mkForce true;
|
||||
sddm.settings = {
|
||||
Autologin = {
|
||||
Session = "plasma.desktop";
|
||||
User = "lillian";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable flatpak support
|
||||
flatpak.enable = true;
|
||||
packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
xserver = {
|
||||
xkb.layout = "us";
|
||||
xkb.variant = "";
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
printing.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
fwupd.enable = true;
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
# You can add overlays here
|
||||
|
@ -42,10 +133,6 @@
|
|||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Custom tools
|
||||
auto-mount
|
||||
|
@ -55,9 +142,11 @@
|
|||
decky-loader
|
||||
efitools
|
||||
jq
|
||||
noto-fonts
|
||||
noto-fonts-emoji-blob-bin
|
||||
noto-fonts-emoji
|
||||
# noto-fonts
|
||||
# noto-fonts-emoji-blob-bin
|
||||
# noto-fonts-emoji
|
||||
qjackctl
|
||||
|
||||
#rustdesk
|
||||
sbctl
|
||||
udisks
|
||||
|
@ -68,7 +157,7 @@
|
|||
|
||||
#KDE:
|
||||
krunner-translator
|
||||
kdePackages.discover
|
||||
# kdePackages.discover
|
||||
kdePackages.kcalc
|
||||
kdePackages.kdepim-addons
|
||||
kdePackages.kirigami
|
||||
|
@ -77,6 +166,8 @@
|
|||
# kdePackages.krunner-symbols
|
||||
kdePackages.qtvirtualkeyboard
|
||||
kdePackages.packagekit-qt
|
||||
kdePackages.krdc
|
||||
kdePackages.krfb
|
||||
libportal
|
||||
|
||||
#Gaming:
|
||||
|
@ -104,48 +195,24 @@
|
|||
enableGyroDsuService = true;
|
||||
};
|
||||
};
|
||||
programs = {
|
||||
steam = lib.mkForce {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
kdeconnect.enable = true;
|
||||
|
||||
programs.steam = lib.mkForce {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
|
||||
noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
services.displayManager.defaultSession = "plasma";
|
||||
services.displayManager.sddm.wayland.enable = lib.mkForce true;
|
||||
services.displayManager.sddm.settings = {
|
||||
Autologin = {
|
||||
Session = "plasma.desktop";
|
||||
User = "lillian";
|
||||
git = {
|
||||
enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
# Enable flatpak support
|
||||
services.flatpak.enable = true;
|
||||
services.packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
services.xserver = {
|
||||
xkb.layout = "us";
|
||||
xkb.variant = "";
|
||||
};
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
|
||||
# # Enable automounting of removable media
|
||||
# services.udisks2.enable = true;
|
||||
# services.devmon.enable = true;
|
||||
|
@ -154,32 +221,14 @@
|
|||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
hardware = {
|
||||
graphics.enable32Bit = true;
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
# Enable bluetooth hardware
|
||||
bluetooth.enable = true;
|
||||
|
||||
# Enable bluetooth hardware
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
programs.noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
# Enable sound with pipewire.
|
||||
pulseaudio.enable = false;
|
||||
};
|
||||
|
||||
users.users.lillian.extraGroups = ["decky" "tss" "input"];
|
||||
|
@ -187,39 +236,15 @@
|
|||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/shodan;
|
||||
security = {
|
||||
rtkit.enable = true;
|
||||
tpm2 = {
|
||||
enable = true;
|
||||
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
tctiEnvironment.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "shodan";
|
||||
|
||||
security.tpm2.enable = true;
|
||||
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
# tss group has access to TPM devices
|
||||
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
boot.loader.systemd-boot.configurationLimit = 3;
|
||||
boot.loader.timeout = 0;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.consoleLogLevel = 0;
|
||||
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,6 @@
|
|||
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -14,8 +16,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-03-19T00:42:59Z"
|
||||
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
|
||||
lastmodified: "2024-12-22T22:35:15Z"
|
||||
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.2
|
||||
|
|
|
@ -1,127 +1,346 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
config,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
||||
|
||||
./armv7l.nix
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import shared configurations
|
||||
../../shared
|
||||
# Import shared settings
|
||||
];
|
||||
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.generic-extlinux-compatible.configurationLimit = 5;
|
||||
boot.loader.grub.enable = false;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
nixpkgs.overlays = [
|
||||
(final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // {allowMissing = true;});
|
||||
})
|
||||
];
|
||||
programs = {
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
command-not-found.enable = lib.mkForce false;
|
||||
nix-index.enable = true;
|
||||
nix-index-database.comma.enable = true;
|
||||
};
|
||||
services = {
|
||||
automatic-timezoned.enable = true;
|
||||
|
||||
# boot.extraModulePackages = [
|
||||
# (pkgs.callPackage ./rtl8189es.nix {
|
||||
# kernel = config.boot.kernelPackages.kernel;
|
||||
# })
|
||||
# ];
|
||||
nixpkgs = {
|
||||
# You can add overlays here
|
||||
overlays = [
|
||||
# stubby = {
|
||||
# enable = true;
|
||||
# settings =
|
||||
# pkgs.stubby.passthru.settingsExample
|
||||
# // {
|
||||
# upstream_recursive_servers = [
|
||||
# {
|
||||
# address_data = "94.140.14.49";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "94.140.14.59";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "2a10:50c0:0:0:0:0:ded:ff";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "2a10:50c0:0:0:0:0:dad:ff";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "no";
|
||||
};
|
||||
|
||||
davfs2.enable = true;
|
||||
|
||||
aria2 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
dir = "/var/lib/media";
|
||||
rpc-listen-port = 6969;
|
||||
};
|
||||
rpcSecretFile = config.sops.secrets."rpcSecret".path;
|
||||
};
|
||||
|
||||
dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interface = "wg1";
|
||||
};
|
||||
};
|
||||
};
|
||||
sops = {
|
||||
# users.users = {
|
||||
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
|
||||
# };
|
||||
# services.ombi = {
|
||||
# enable = true;
|
||||
# port = 2368;
|
||||
# };
|
||||
|
||||
# users.users = {
|
||||
# radarr.extraGroups = ["aria2"];
|
||||
# sonarr.extraGroups = ["aria2"];
|
||||
# };
|
||||
|
||||
# services = {
|
||||
# #uses port 7878
|
||||
# radarr.enable = true;
|
||||
# #uses port 8989
|
||||
# sonarr.enable = true;
|
||||
# prowlarr.enable = true;
|
||||
# };
|
||||
|
||||
secrets."webdav-secret" = {
|
||||
mode = "0600";
|
||||
path = "/etc/davfs2/secrets";
|
||||
};
|
||||
|
||||
secrets."rpcSecret".mode = "0440";
|
||||
secrets."rpcSecret".owner = config.users.users.aria2.name;
|
||||
|
||||
secrets."protonvpn-priv-key".mode = "0440";
|
||||
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||
};
|
||||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
|
||||
initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = 1;
|
||||
"net.ipv6.conf.all.forwarding" = 1;
|
||||
};
|
||||
};
|
||||
|
||||
sdImage.compressImage = false;
|
||||
|
||||
networking = {
|
||||
hostName = "wheatley";
|
||||
|
||||
networkmanager.enable = true;
|
||||
|
||||
# Disable NetworkManager's internal DNS resolution
|
||||
networkmanager.dns = "none";
|
||||
|
||||
# These options are unnecessary when managing DNS ourselves
|
||||
useDHCP = false;
|
||||
dhcpcd.enable = false;
|
||||
|
||||
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
|
||||
# IPv6 DNS servers can be used here as well.
|
||||
nameservers = [
|
||||
# "127.0.0.1"
|
||||
# "::1"
|
||||
"94.140.14.49"
|
||||
"94.140.14.59"
|
||||
"2a10:50c0:0:0:0:0:ded:ff"
|
||||
"2a10:50c0:0:0:0:0:ded:ff"
|
||||
];
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
# # "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||
# wg0 = {
|
||||
# autostart = true;
|
||||
# # Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
# address = ["10.2.0.2/32"];
|
||||
|
||||
# # The port that WireGuard listens to. Must be accessible by the client.
|
||||
# listenPort = 51820;
|
||||
|
||||
# dns = ["10.2.0.1"];
|
||||
# # Path to the private key file.
|
||||
# #
|
||||
# # Note: The private key can also be included inline via the privateKey option,
|
||||
# # but this makes the private key world-readable; thus, using privateKeyFile is
|
||||
# # recommended.
|
||||
# privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
|
||||
|
||||
# peers = [
|
||||
# # List of allowed peers.
|
||||
# {
|
||||
# # Feel free to give a meaning full name
|
||||
# # Public key of the peer (not a file path).
|
||||
# publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
|
||||
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
||||
# allowedIPs = ["0.0.0.0/0"];
|
||||
# endpoint = "146.70.86.114:51820";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
|
||||
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||
# TODO: generate this dynamically based on other hosts
|
||||
wg0 = lib.mkForce {
|
||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
|
||||
|
||||
# The port that WireGuard listens to. Must be accessible by the client.
|
||||
listenPort = 51821;
|
||||
|
||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||
postUp = ''
|
||||
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
|
||||
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
# Undo the above
|
||||
preDown = ''
|
||||
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
|
||||
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
|
||||
peers = [
|
||||
{
|
||||
#GLaDOS public key
|
||||
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
|
||||
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
|
||||
}
|
||||
{
|
||||
#EDI public key
|
||||
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
|
||||
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
{
|
||||
#Shodan public key
|
||||
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
|
||||
allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
{
|
||||
#ADA public key
|
||||
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
|
||||
allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
#Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04=
|
||||
];
|
||||
};
|
||||
};
|
||||
nat = {
|
||||
# enable NAT
|
||||
enable = true;
|
||||
externalInterface = "end0";
|
||||
internalInterfaces = ["wg1"];
|
||||
};
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
51821 # wg
|
||||
7878
|
||||
53 # dnsmasq
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
53 #dnsmasq
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 51820;
|
||||
to = 51822; # wg
|
||||
}
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
};
|
||||
};
|
||||
systemd.mounts = [
|
||||
{
|
||||
enable = true;
|
||||
description = "Webdav mount point";
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake";
|
||||
where = "/home/jellyfinmediaplayer/nextcloud";
|
||||
options = "uid=1003,gid=100,file_mode=0664,dir_mode=2775";
|
||||
type = "davfs";
|
||||
}
|
||||
];
|
||||
users = {
|
||||
users.aria2 = {
|
||||
# #uses port 8096
|
||||
# services.jellyfin.enable = true;
|
||||
# users.groups.jellyfinmediaplayer = {};
|
||||
# users.users.jellyfinmediaplayer.group = "jellyfinmediaplayer";
|
||||
# users.users.jellyfin.extraGroups = ["jellyfinmediaplayer"];
|
||||
|
||||
sops.secrets."wireless.env".mode = "0440";
|
||||
sops.secrets."wireless.env".owner = config.users.users.root.name;
|
||||
# # Add stremio kiosk on wayland :)
|
||||
# users.extraUsers.jellyfinmediaplayer.isNormalUser = true;
|
||||
# services.cage.user = "jellyfinmediaplayer";
|
||||
# services.cage.program = "${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer";
|
||||
# services.cage.enable = true;
|
||||
# services.cage.extraArguments = ["-f"];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
age
|
||||
git
|
||||
htop
|
||||
group = "aria2";
|
||||
isSystemUser = true;
|
||||
};
|
||||
groups.aria2 = {};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
# (pkgs.kodi.withPackages (kodiPkgs:
|
||||
# with kodiPkgs; [
|
||||
# steam-controller
|
||||
# invidious
|
||||
# netflix
|
||||
# upnext
|
||||
# sponsorblock
|
||||
# sendtokodi
|
||||
# jellyfin
|
||||
# ]))
|
||||
pkgs.iptables
|
||||
];
|
||||
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200n8"
|
||||
];
|
||||
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
# This will add each flake input as a registry
|
||||
# To make nix3 commands consistent with your flake
|
||||
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
||||
|
||||
# This will additionally add your inputs to the system's legacy channels
|
||||
# Making legacy nix commands consistent as well, awesome!
|
||||
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
||||
|
||||
settings = {
|
||||
# Enable flakes and new 'nix' command
|
||||
experimental-features = "nix-command flakes";
|
||||
# Deduplicate and optimize nix store
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
};
|
||||
|
||||
networking.wireless.enable = true;
|
||||
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
|
||||
networking.wireless.networks."KPNAA6306" = {
|
||||
hidden = true;
|
||||
auth = ''
|
||||
key_mgmt=WPA-PSK
|
||||
password="@PSK_HOME@"
|
||||
'';
|
||||
};
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [22 80 443 5335 8080];
|
||||
allowedUDPPorts = [5335];
|
||||
};
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/wheatley;
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "wheatley"; # Define your hostname
|
||||
|
||||
networking.wireless.interfaces = ["enu1u1"];
|
||||
|
||||
# powerManagement.cpuFreqGovernor = "powersave";
|
||||
powerManagement.cpufreq.max = 648000;
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "unstable"; # Did you read the comment?
|
||||
system.stateVersion = "25.05";
|
||||
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
|
||||
}
|
||||
|
|
|
@ -10,40 +10,26 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["usbhid"];
|
||||
boot.initrd.availableKernelModules = ["xhci_pci"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
|
||||
|
||||
fileSystems = {
|
||||
# Prior to 19.09, the boot partition was hosted on the smaller first partition
|
||||
# Starting with 19.09, the /boot folder is on the main bigger partition.
|
||||
# The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed
|
||||
|
||||
# "/boot" = {
|
||||
# device = "/dev/disk/by-label/FIRMWARE";
|
||||
# fsType = "vfat";
|
||||
# };
|
||||
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}];
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/swapfile";
|
||||
size = 16 * 1024;
|
||||
}
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux";
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
}
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
|
||||
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
|
||||
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
|
||||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -15,8 +20,8 @@ sops:
|
|||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-22T11:57:45Z"
|
||||
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
|
||||
lastmodified: "2024-12-22T22:37:02Z"
|
||||
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
version: 3.9.2
|
||||
|
|
|
@ -1,7 +1,6 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
# You'll need to edit these values
|
||||
|
@ -35,7 +34,8 @@ in {
|
|||
|
||||
# This causes NixOS to use the flake defined in this repository instead of
|
||||
# the build of Conduit built into nixpkgs.
|
||||
package = inputs.conduwuit.packages.${pkgs.system}.default;
|
||||
# package = inputs.conduwuit.packages.${pkgs.system}.default;
|
||||
package = pkgs.conduwuit;
|
||||
|
||||
settings.global = {
|
||||
inherit server_name;
|
||||
|
|
|
@ -7,13 +7,14 @@
|
|||
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
|
||||
sops.secrets."nextclouddb".mode = "0440";
|
||||
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
|
||||
sops.secrets."local.json".mode = "0440";
|
||||
sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
|
||||
# sops.secrets."local.json".mode = "0440";
|
||||
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
|
||||
|
||||
users.users = {
|
||||
nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
|
||||
# nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
|
||||
nextcloud.extraGroups = [config.users.groups.keys.name];
|
||||
#aria2.extraGroups = ["nextcloud"];
|
||||
onlyoffice.extraGroups = [config.users.users.nextcloud.name];
|
||||
# onlyoffice.extraGroups = [config.users.users.nextcloud.name];
|
||||
};
|
||||
|
||||
# Enable Nginx
|
||||
|
@ -90,15 +91,15 @@
|
|||
};
|
||||
};
|
||||
|
||||
services.onlyoffice = {
|
||||
port = 16783;
|
||||
enable = true;
|
||||
hostname = "onlyoffice.gladtherescake.eu";
|
||||
#postgresHost = "/run/postgesql";
|
||||
#postgresUser = "onlyoffice";
|
||||
#postgresName = "onlyoffice";
|
||||
#jwtSecretFile = config.sops.secrets."local.json".path;
|
||||
};
|
||||
# services.onlyoffice = {
|
||||
# port = 16783;
|
||||
# enable = true;
|
||||
# hostname = "onlyoffice.gladtherescake.eu";
|
||||
# #postgresHost = "/run/postgesql";
|
||||
# #postgresUser = "onlyoffice";
|
||||
# #postgresName = "onlyoffice";
|
||||
# #jwtSecretFile = config.sops.secrets."local.json".path;
|
||||
# };
|
||||
|
||||
services.rabbitmq = {
|
||||
enable = true;
|
||||
|
|
BIN
nixos/shared/background.jpg
Normal file
BIN
nixos/shared/background.jpg
Normal file
Binary file not shown.
After Width: | Height: | Size: 158 KiB |
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
|
@ -8,9 +9,24 @@
|
|||
imports = [
|
||||
./locale
|
||||
./packages
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
#../hosts/${config.networking.hostName}/hardware-configuration.nix
|
||||
];
|
||||
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
sops.secrets."lillian-password".neededForUsers = true;
|
||||
sops = {
|
||||
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
secrets."lillian-password".neededForUsers = true;
|
||||
|
||||
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
|
||||
secrets."ssh-private-key" = {
|
||||
mode = "0600";
|
||||
owner = config.users.users.lillian.name;
|
||||
path = "/home/lillian/.ssh/id_ed25519";
|
||||
};
|
||||
};
|
||||
|
||||
#TODO: remove this when unneeded for freetube
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
|
@ -41,46 +57,136 @@
|
|||
"https://nix-community.cachix.org"
|
||||
"https://nixpkgs-unfree.cachix.org"
|
||||
"https://0uptime.cachix.org"
|
||||
"https://attic.kennel.juneis.dog/conduit"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
|
||||
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
|
||||
"conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk="
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
catppuccin.flavor = "macchiato";
|
||||
catppuccin.enable = true;
|
||||
|
||||
console.catppuccin.enable = true;
|
||||
|
||||
home-manager.backupFileExtension = "backup";
|
||||
|
||||
users.users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
catppuccin = {
|
||||
flavor = "macchiato";
|
||||
enable = true;
|
||||
plymouth.enable = false;
|
||||
grub.enable = false;
|
||||
};
|
||||
|
||||
# console.catppuccin.enable = true;
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
stylix = {
|
||||
enable = true;
|
||||
autoEnable = true;
|
||||
base16Scheme = {
|
||||
scheme = "Catppuccin Macchiato";
|
||||
author = "https://github.com/catppuccin/catppuccin";
|
||||
base00 = "24273a";
|
||||
base01 = "1e2030";
|
||||
base02 = "363a4f";
|
||||
base03 = "494d64";
|
||||
base04 = "5b6078";
|
||||
base05 = "cad3f5";
|
||||
base06 = "f4dbd6";
|
||||
base07 = "b7bdf8";
|
||||
base08 = "ed8796";
|
||||
base09 = "f5a97f";
|
||||
base0A = "eed49f";
|
||||
base0B = "a6da95";
|
||||
base0C = "8bd5ca";
|
||||
base0D = "8aadf4";
|
||||
base0E = "c6a0f6";
|
||||
base0F = "f0c6c6";
|
||||
};
|
||||
image = ./background.jpg;
|
||||
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
|
||||
cursor.name = "catppuccin-macchiato-mauve-cursors";
|
||||
homeManagerIntegration.followSystem = true;
|
||||
fonts = {
|
||||
serif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Serif";
|
||||
};
|
||||
|
||||
monospace = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Sans Mono";
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Sans";
|
||||
};
|
||||
|
||||
emoji = {
|
||||
package = pkgs.noto-fonts-emoji-blob-bin;
|
||||
name = "Blobmoji";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fonts.packages = [
|
||||
pkgs.dejavu_fonts
|
||||
pkgs.noto-fonts
|
||||
pkgs.nerd-fonts.fira-mono
|
||||
];
|
||||
|
||||
networking = {
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
users.mutableUsers = false;
|
||||
home-manager = {
|
||||
backupFileExtension = "backup";
|
||||
extraSpecialArgs = {
|
||||
inputs = inputs;
|
||||
outputs = outputs;
|
||||
};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../home-manager/hosts/${config.networking.hostName};
|
||||
};
|
||||
};
|
||||
|
||||
users.users.root = {
|
||||
hashedPassword = "*";
|
||||
users = {
|
||||
users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
};
|
||||
mutableUsers = false;
|
||||
|
||||
users.root = {
|
||||
hashedPassword = "*";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
e2fsprogs
|
||||
git
|
||||
git-filter-repo
|
||||
pre-commit
|
||||
helix
|
||||
home-manager
|
||||
htop
|
||||
|
@ -49,24 +50,24 @@
|
|||
# Can be used to install latest version of some packages
|
||||
]);
|
||||
|
||||
fonts = {
|
||||
packages = with pkgs; [
|
||||
noto-fonts-emoji-blob-bin
|
||||
cantarell-fonts
|
||||
dejavu_fonts
|
||||
fira-code
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
paratype-pt-sans
|
||||
paratype-pt-mono
|
||||
paratype-pt-serif
|
||||
roboto
|
||||
twemoji-color-font
|
||||
font-awesome
|
||||
atkinson-hyperlegible
|
||||
fira-code-nerdfont
|
||||
];
|
||||
enableDefaultPackages = false;
|
||||
};
|
||||
# fonts = {
|
||||
# packages = with pkgs; [
|
||||
# noto-fonts-emoji-blob-bin
|
||||
# cantarell-fonts
|
||||
# dejavu_fonts
|
||||
# fira-code
|
||||
# noto-fonts
|
||||
# noto-fonts-cjk-sans
|
||||
# noto-fonts-cjk-serif
|
||||
# paratype-pt-sans
|
||||
# paratype-pt-mono
|
||||
# paratype-pt-serif
|
||||
# roboto
|
||||
# twemoji-color-font
|
||||
# font-awesome
|
||||
# atkinson-hyperlegible
|
||||
# fira-code-nerdfont
|
||||
# ];
|
||||
# enableDefaultPackages = false;
|
||||
# };
|
||||
}
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55
|
Loading…
Reference in a new issue