Compare commits

..

125 commits

Author SHA1 Message Date
Lillian Violet 3abc86b29c also add vesktop and freetube settings to shodan 2024-12-24 00:17:15 +01:00
Lillian Violet d914cc541e set freetube and vesktop settings with home manager files 2024-12-24 00:10:13 +01:00
Lillian Violet c72c30a4be generify the vpn setup 2024-12-23 19:22:28 +01:00
Lillian Violet 8c454565d8 generify more and disable onlyoffice 2024-12-23 01:32:34 +01:00
Lillian Violet dbbe13b315 add queen wg keys in case I ever want to do that 2024-12-23 01:04:27 +01:00
Lillian Violet 45c12e8f37 generified a lot of stuff and added SSH keys (EDI private key still needs adding) 2024-12-23 00:19:46 +01:00
Lillian Violet 6c64a962f4 big refactor of a lot of files 2024-12-22 22:48:13 +01:00
Lillian Violet 7ee9d954ce update flake lock 2024-12-22 20:48:49 +01:00
Lillian Violet e9323dbf28 disable grub in catppuccin too for queen 2024-12-21 00:24:11 +01:00
Lillian Violet 34bd6cca90 disable the git conduwuit and use the nixpkgs one 2024-12-21 00:21:27 +01:00
Lillian Violet 745b72d6f5 enable catppuccin sans home manager too 2024-12-20 23:59:54 +01:00
Lillian Violet 12a914b2f4 Enable catppuccin, disable legacy options, and disable the conflicting options with stylix 2024-12-20 21:48:16 +01:00
Lillian Violet b294971ff3 update flake lock 2024-12-20 21:31:05 +01:00
Lillian Violet 704c91ff20 undo the tls dns stuff it's clearly not working 2024-12-16 21:34:44 +01:00
Lillian Violet 122a869e56 rename ssh key to correct name 2024-12-16 21:18:37 +01:00
Lillian Violet dcf850626d set ssh key glados 2024-12-16 21:12:39 +01:00
Lillian Violet af630d4de1 disable overclocking gpu on glados (instability inc) 2024-12-16 21:02:08 +01:00
Lillian Violet 552f606563 Set up DNS over TLS for adguard 2024-12-15 15:22:29 +01:00
Lillian Violet 24b4b45907 update flake lock 2024-12-15 00:19:43 +01:00
Lillian Violet 34247fccb9 add autosave after delay in helix too 2024-12-14 21:41:01 +01:00
Lillian Violet 5f9e1ca575 set helix to autosave on focus lost 2024-12-14 21:37:13 +01:00
Lillian Violet b81f2902a5 set dns servers for wheatley to adguard 2024-12-13 23:01:45 +01:00
Lillian Violet dd559197f1 enable hdmi audio 2024-12-09 00:57:49 +01:00
Lillian Violet cdb1e80062 set correct uid for kodi 2024-12-08 22:53:08 +01:00
Lillian Violet fb3291ec12 re-enable kodi, it's the best option I think anywa 2024-12-08 22:45:39 +01:00
Lillian Violet 8a33eb523f fix the fonts 2024-12-08 22:18:58 +01:00
Lillian Violet e9f54dd72f disable fonts in shodan 2024-12-08 17:14:13 +01:00
Lillian Violet cb5d31e83d fix all the vpn stuff for shodan 2024-12-08 17:07:11 +01:00
Lillian Violet f109a2d078 disable all discovers for shodan 2024-12-08 16:44:36 +01:00
Lillian Violet 0bd46a5a21 set swapfile to correct path 2024-12-08 15:38:06 +01:00
Lillian Violet c0d9fc440e add swap file to wheatley 2024-12-08 15:09:10 +01:00
Lillian Violet 9c04783246 disable jellyfin 2024-12-07 22:06:14 +01:00
Lillian Violet 0c425f895d Undo the discover thing in Shodan main config 2024-12-07 20:37:55 +00:00
Lillian Violet 5f98efbacb Remove discover from home manager shodan 2024-12-07 20:36:36 +00:00
Lillian Violet 97ecd6fd7e disable discover in shodan since it fails on it 2024-12-07 18:49:01 +01:00
Lillian Violet 660df387a5 update flake lock, disable arr programmes because of vulnerability 2024-12-07 18:23:56 +01:00
Lillian Violet c60f7f6ee8 have the kde connect file automagically discover the other systems :) 2024-12-07 02:35:50 +01:00
Lillian Violet eedc40ed88 That does break it nvm 2024-12-07 02:14:25 +01:00
Lillian Violet 225c066915 re-enable proton 2024-12-07 02:07:36 +01:00
Lillian Violet 7b84b43fc3 aria2 option rename 2024-12-07 01:46:00 +01:00
Lillian Violet daa600e8bb set all ips right in wg 2024-12-07 01:38:31 +01:00
Lillian Violet c147ee631e added the ipv4 and ipv6 passthrough, I hope this works now 2024-12-07 01:30:03 +01:00
Lillian Violet a8f1fd4bc7 add comma to wheatley 2024-12-07 01:21:59 +01:00
Lillian Violet 11ed1c665a add iptables to wheatley 2024-12-07 01:09:57 +01:00
Lillian Violet 72c9457a37 disable protonvpn 2024-12-07 00:56:51 +01:00
Lillian Violet 47dc699ed1 changed a whole lot to comform to the article + dnsmasq is now not extraConfig but settings 2024-12-06 22:40:12 +01:00
Lillian Violet 30a16e746e used the wrong port this entire time, let's try again! 2024-12-06 22:10:12 +01:00
Lillian Violet eb404ad3a2 open port 7878 for testing the wireguard on wheatley 2024-12-06 20:19:41 +01:00
Lillian Violet b86a9496a3 set the allowed IPs to the subnet for the vpn 2024-12-06 20:15:20 +01:00
Lillian Violet e06d89ea13 open udp and tcp ports for wireguard 2024-12-06 19:58:32 +01:00
Lillian Violet 7f7175ca9d add masquerade to iptables to enable ip forwarding 2024-12-06 19:52:22 +01:00
Lillian Violet 2a29f5587a add wireguard config to all other hosts into wheatley and auto-enable 2024-12-06 19:42:52 +01:00
Lillian Violet 733d98a446 use a different port for this vpn maybe? 2024-12-06 19:21:21 +01:00
Lillian Violet 5966956e26 add wireguard vpn into wheatley 2024-12-06 19:16:11 +01:00
Lillian Violet b88cb6f85e re-enable wireguard, that wasn't the issue 2024-12-06 18:15:47 +01:00
Lillian Violet 9caddae553 Shouldn't rename the secret without doing it in sops too 2024-12-06 17:48:38 +01:00
Lillian Violet 11ec2dddae nextcloud.gladtherescake.eu not just gladtherescake.eu... 2024-12-06 17:44:58 +01:00
Lillian Violet 4967c8b802 try and set the davfs2 secret file in the user folder instead 2024-12-06 15:59:13 +01:00
Lillian Violet 123d839f5e add pull first to just push so the work is up to date before pushing 2024-12-06 15:44:49 +01:00
Lillian Violet 46ed9c2180 Merge branch 'main' of codeberg.org:Lillian-Violet/NixOS-Config 2024-12-06 15:43:44 +01:00
Lillian Violet 6f697b2b75 disable wireguard for now 2024-12-06 15:42:20 +01:00
Lillian Violet 7e59475cde seems jellyfinmediaplayer is group 990, maybe this will fix things? 2024-12-05 23:55:23 +01:00
Lillian Violet f60c7bfce7 add setup for the pre-commit hook to just setup 2024-12-05 23:50:16 +01:00
Lillian Violet 241d2180a7 force server side decorations for cage 2024-12-05 15:43:04 +01:00
Lillian Violet c430c04900 remove timeout and use gid 100 for webmount wheatley 2024-12-05 15:15:29 +01:00
Lillian Violet ccf6b5effc set automatic timezone for wheatley 2024-12-05 15:05:34 +01:00
Lillian Violet fdceea44d6 add just push to justfile for more git automation 2024-12-05 14:55:32 +01:00
Lillian Violet eebdbe7581 accidentally removed davfs, re-added it 2024-12-05 14:46:52 +01:00
Lillian Violet 816a34770c try systemd mount that I found on a blog instead of this way from reddit 2024-12-05 14:16:40 +01:00
Lillian Violet c124fc819a fix the nextcloud webdav url 2024-12-05 00:25:19 +01:00
Lillian Violet 11f1f5c60e add the jellyfinmediaplayer group, maybe this will help? 2024-12-05 00:16:04 +01:00
Lillian Violet 0962774501 make mount user group, maybe that'll make it not root? 2024-12-05 00:03:14 +01:00
Lillian Violet 34fd796e7e fix the mount location and permissions 2024-12-04 23:53:36 +01:00
Lillian Violet 5e594142d6 let's mount the server's webdav for storage on wheatley 2024-12-04 23:45:48 +01:00
Lillian Violet daae2195f3 use different user for the jellyfin frontend so it can be a regular user 2024-12-04 23:03:49 +01:00
Lillian Violet 0f16cdf855 renamed aria2 option changed 2024-12-04 22:48:28 +01:00
Lillian Violet 876ab671df use jellyfin instead and add all the services for that 2024-12-04 22:44:35 +01:00
Lillian Violet a458bc8476 add commit-hook to shared 2024-12-04 20:34:59 +01:00
Lillian Violet 66d0796c50 typo in invidious 2024-12-04 20:28:56 +01:00
Lillian Violet 18f4e75b7b let's try kodi instead and see if that's better 2024-12-04 20:26:40 +01:00
Lillian Violet 2269b01863 guess it's root 2024-12-04 18:05:50 +01:00
Lillian Violet c494d89289 can't find wireguard user, maybe have to enable it first? 2024-12-04 18:03:17 +01:00
Lillian Violet 6cf5aa600c address not ip there 2024-12-04 18:01:06 +01:00
Lillian Violet 93b63910bb let's try wg-quick 2024-12-04 17:59:39 +01:00
Lillian Violet 09dffb5d93 added protonvpn to wheatley 2024-12-04 17:56:37 +01:00
Lillian Violet f1474f22d1 add cage to kiosk stremio on its own user 2024-12-04 16:58:55 +01:00
Lillian Violet d9bb2ffdb7 add nix-index-database to wheatley too 2024-12-04 16:49:33 +01:00
Lillian Violet 852839b2c8 add comma to wheatley 2024-12-04 16:38:18 +01:00
Lillian Violet 68334d8f81 remove zfs from filesystems because it breaks all the god damn time 2024-12-04 16:11:59 +01:00
Lillian Violet 9457729da3 gotta do this to keep the SD config happy 2024-12-04 16:02:12 +01:00
Lillian Violet f4325a2737 hardware and configuration are in the same folder d'oh, wheatley should compile now 2024-12-04 16:00:43 +01:00
Lillian Violet b949c72943 forgot to commit the hardware configuration for wheatley, here it is 2024-12-04 15:59:23 +01:00
Lillian Violet eebd56918d add the fixes k900 told me about, let's see if this works eh 2024-12-04 15:58:23 +01:00
Lillian Violet 766169ec50 Let's try making an SD image directly? 2024-12-04 00:58:44 +01:00
Lillian Violet ca7785c04b Update state version home manager, and update hardware for wheatley 2024-12-03 14:46:55 +01:00
Lillian Violet 2ebbd70657 fix the things I don't want from the example config 2024-12-03 01:16:25 +01:00
Lillian Violet 6e2e9a3b72 swapDevices is a list not a single entry 2024-12-03 01:11:03 +01:00
Lillian Violet a3d085483d typo rasberrt > raspberry fixed 2024-12-03 01:05:20 +01:00
Lillian Violet a974139862 add the raspberry pi 4 configuration things to wheatley 2024-12-03 00:33:20 +01:00
Lillian Violet 526097d53b change hardware config for wheatley to be more correct 2024-12-03 00:28:51 +01:00
Lillian Violet ef6fd0bafd add wheatley stuff, and aarch64 emulation on GLaDOS 2024-12-02 20:44:03 +01:00
Lillian Violet 965fbba1eb renamed apparently 2024-12-01 01:42:34 +01:00
Lillian Violet ba59542e97 add and enable avahi 2024-12-01 01:40:11 +01:00
Lillian Violet db3d17f176 add fcast stuff to shodan 2024-12-01 01:02:32 +01:00
Lillian Violet c3df26037e update flake lock 2024-11-26 15:49:25 +01:00
Lillian Violet 7df4368f0f update flake lock 2024-11-23 23:41:42 +01:00
Lillian Violet c9e368a1f0 This compiles now thank god, but had to disable cinny... 2024-11-22 16:13:41 +01:00
Lillian Violet ca68fbb144 just have it be broken, home manager breaks otherwise, I don't care 2024-11-18 21:38:36 +01:00
Lillian Violet 7be0954fc3 don't make that unstable but the normal one 2024-11-18 21:35:00 +01:00
Lillian Violet ddcdbda418 update nixpkgs to specific version for now 2024-11-18 21:34:19 +01:00
Lillian Violet 573ad0a3ad update flake lock and allow new cinny 2024-11-18 21:28:49 +01:00
Lillian Violet 449845ca9c update flake lock 2024-11-15 20:14:47 +01:00
Lillian Violet 6dacc744a4 add qjackctl to shodan 2024-11-14 21:41:27 +01:00
Lillian Violet 6695352632 add kdrc and krfb to desktops and shodan 2024-11-10 16:26:52 +01:00
Lillian Violet 99cd42ce60 change the theming to stylix, set a background image, and set cursors automagically 2024-11-09 18:00:23 +01:00
Lillian Violet 382913f15d Update flake lock 2024-11-04 14:05:41 +01:00
Lillian Violet d61288b8c1 fix yazi bug with 7zz 2024-11-04 14:04:32 +01:00
Lillian Violet e8f1325d13 update flake lock 2024-11-03 13:49:03 +01:00
Lillian Violet 0c0c841b27 add ryujinx and re-add conduwuit 2024-11-03 13:46:18 +01:00
Lillian Violet 39136e1877 update flake lock 2024-11-01 13:03:44 +01:00
Lillian Violet ac9891ee4e Merge branch 'main' of codeberg.org:Lillian-Violet/NixOS-Config 2024-11-01 13:02:26 +01:00
Lillian Violet 1650e5a8a1 update flake lock and change foot's desktop shortcut since the name changed 2024-11-01 13:01:25 +01:00
Lillian Violet 3236096a81 Let's try disabling all this conduwuit stuff? It's still querying the binary cache for some reason 2024-10-30 10:26:47 +01:00
Lillian Violet 4a36dff699 Merge pull request 'Merge changes made on GLaDOS to changes made on laptop' (#1) from Desktop-changes into main
Reviewed-on: https://codeberg.org/Lillian-Violet/NixOS-Config/pulls/1
2024-10-30 09:19:57 +00:00
Lillian Violet 02ae4f69a6 Remove the binary cache for conduwuit for now as it seems to be down 2024-10-30 10:16:13 +01:00
46 changed files with 2332 additions and 1683 deletions

View file

@ -0,0 +1,47 @@
{
disko = {
devices = {
disk = {
disk1 = {
imageSize = "20G";
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
firmware = {
size = "30M";
priority = 1;
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/firmware";
};
};
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
extraArgs = [];
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

1195
flake.lock

File diff suppressed because it is too large Load diff

147
flake.nix
View file

@ -34,10 +34,10 @@
catppuccin.url = "github:catppuccin/nix";
# Conduit fork without all the fuss and drama
conduwuit = {
url = "github:girlbossceo/conduwuit";
inputs.nixpkgs.follows = "nixpkgs";
};
# conduwuit = {
# url = "github:girlbossceo/conduwuit";
# inputs.nixpkgs.follows = "nixpkgs";
# };
# Nix index database files
nix-index-database.url = "github:nix-community/nix-index-database";
@ -78,6 +78,8 @@
# Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware";
# Stylix theming engine
stylix.url = "github:danth/stylix";
};
outputs = {
@ -97,7 +99,8 @@
jovian,
nixos-hardware,
nix-index-database,
conduwuit,
# conduwuit,
stylix,
...
} @ inputs: let
inherit (self) outputs;
@ -105,6 +108,7 @@
# Supported systems for your flake packages, shell, etc.
systems = [
"x86_64-linux"
"aarch64-linux"
];
# This is a function that generates an attribute by calling a function you
# pass to it, with each system as an argument
@ -116,6 +120,32 @@
allowUnfreePredicate = _: true;
};
};
sharedModules = [
./nixos/shared
sops-nix.nixosModules.sops
disko.nixosModules.disko
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
stylix.nixosModules.stylix
nix-index-database.nixosModules.nix-index
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
./home-manager/shared
];
}
];
desktopModules = [
./nixos/desktop
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
./home-manager/desktop
];
}
];
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
@ -144,129 +174,72 @@
EDI = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
modules =
sharedModules
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
nixos-hardware.nixosModules.dell-xps-13-7390
lanzaboote.nixosModules.lanzaboote
# > Our main nixos configuration file <
./nixos/hosts/EDI/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
GLaDOS = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
modules =
sharedModules
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix
sops-nix.nixosModules.sops
#lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
queen = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
modules =
sharedModules
++ [
{_module.args = {inherit pkgs-edge;};}
simple-nixos-mailserver.nixosModule
# > Our main nixos configuration file <
./nixos/hosts/queen/configuration.nix
sops-nix.nixosModules.sops
disko.nixosModules.disko
simple-nixos-mailserver.nixosModule
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};
shodan = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules = [
modules =
sharedModules
++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
jovian.nixosModules.jovian
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
# ISO = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules = [
# {_module.args = {inherit pkgs-edge;};}
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# ./nixos/hosts/iso/configuration.nix
# sops-nix.nixosModules.sops
# home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.plasma-manager.homeManagerModules.plasma-manager
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
# iso_server = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules = [
# {_module.args = {inherit pkgs-edge;};}
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# ./nixos/hosts/iso_server/configuration.nix
# sops-nix.nixosModules.sops
# home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
wheatley = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ [
./nixos/hosts/wheatley/configuration.nix
];
};
};
};
}

View file

@ -1,11 +1,4 @@
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
{pkgs, ...}: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
@ -20,9 +13,10 @@
./package-configs/firefox.nix
./package-configs/konsole
./package-configs/foot
./package-configs/freetube
./package-configs/vesktop
];
nixpkgs = {
config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"];
# You can add overlays here
overlays = [
# You can also add overlays exported from other flakes:
@ -61,8 +55,10 @@
});
})
];
# Configure your nixpkgs instance
config = {
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
# Configure your nixpkgs instance
# Disable if you don't want unfree packages
allowUnfree = true;
};
@ -76,8 +72,6 @@
# Add stuff for your user as you see fit:
# programs.neovim.enable = true;
# home.packages = with pkgs; [ steam ];
qt.style.catppuccin.apply = true;
programs.freetube.catppuccin.flavor = "macchiato";
home.packages = with pkgs; [
# Coding:
@ -91,7 +85,7 @@
# Chat applications:
signal-desktop
vesktop
cinny-desktop
# cinny-desktop
# Gaming:
prismlauncher
@ -101,6 +95,8 @@
# Multimedia:
freetube
vlc
fcast-receiver
fcast-client
# Office applications:
onlyoffice-bin
@ -139,39 +135,37 @@
firefoxpwa
ungoogled-chromium
];
programs = {
# vscode = {
# enable = true;
# package = pkgs.vscodium;
# extensions = with pkgs.vscode-extensions; [
# catppuccin.catppuccin-vsc
# catppuccin.catppuccin-vsc-icons
# charliermarsh.ruff
# eamodio.gitlens
# github.vscode-pull-request-github
# jnoortheen.nix-ide
# kamadorueda.alejandra
# mkhl.direnv
# ms-toolsai.jupyter
# ms-pyright.pyright
# oderwat.indent-rainbow
# rust-lang.rust-analyzer
# yzhang.markdown-all-in-one
# ];
# };
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
charliermarsh.ruff
eamodio.gitlens
github.vscode-pull-request-github
jnoortheen.nix-ide
kamadorueda.alejandra
mkhl.direnv
ms-toolsai.jupyter
ms-pyright.pyright
oderwat.indent-rainbow
rust-lang.rust-analyzer
yzhang.markdown-all-in-one
];
};
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
obs-studio.enable = true;
obs-studio.plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-backgroundremoval
obs-pipewire-audio-capture
];
};
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {
home-manager.enable = true;
git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
@ -189,8 +183,8 @@
];
};
programs.gpg.enable = true;
programs.gpg.settings = {
gpg.enable = true;
gpg.settings = {
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
default-recipient-self = true;
auto-key-locate = "local,wkd,keyserver";
@ -200,10 +194,10 @@
keyserver-options = "honor-keyserver-url";
no-autostart = true;
};
services.kdeconnect = {
package = pkgs.kdePackages.kdeconnect-kde;
enable = true;
};
services = {
kdeconnect.package = pkgs.kdePackages.kdeconnect-kde;
kdeconnect.enable = true;
};
# Nicely reload system units when changing configs

View file

@ -1,10 +1,9 @@
{...}: {
programs.foot = {
enable = true;
catppuccin.enable = true;
# catppuccin.enable = true;
settings = {
main = {
font = "Fira Code:size=11";
};
mouse = {

View file

@ -0,0 +1,7 @@
{...}: {
home.file."settings.db" = {
source = ./settings.db;
target = ".config/freetube/settings.db";
force = true;
};
}

View file

@ -0,0 +1,24 @@
{"_id":"allowDashAv1Formats","value":true}
{"_id":"barColor","value":true}
{"_id":"baseTheme","value":"catppuccinMocha"}
{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}}
{"_id":"defaultQuality","value":"1080"}
{"_id":"fetchSubscriptionsAutomatically","value":false}
{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true}
{"_id":"hideActiveSubscriptions","value":true}
{"_id":"hidePopularVideos","value":true}
{"_id":"hideRecommendedVideos","value":true}
{"_id":"hideSubscriptionsCommunity","value":true}
{"_id":"hideSubscriptionsLive","value":true}
{"_id":"hideSubscriptionsShorts","value":true}
{"_id":"hideSubscriptionsVideos","value":true}
{"_id":"hideTrendingVideos","value":true}
{"_id":"landingPage","value":"history"}
{"_id":"mainColor","value":"CatppuccinMochaMauve"}
{"_id":"playNextVideo","value":false}
{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"}
{"_id":"secColor","value":"CatppuccinMochaMauve"}
{"_id":"showDistractionFreeTitles","value":true}
{"_id":"useDeArrowThumbnails","value":true}
{"_id":"useDeArrowTitles","value":true}
{"_id":"useSponsorBlock","value":true}

View file

@ -1,4 +1,15 @@
{
{osConfig, ...}: {
home.file.".config/kdeconnect/config" = {
text = ''
[General]
keyAlgorithm=EC
name=${osConfig.networking.hostName}
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
'';
target = ".config/kdeconnect/config";
force = true;
};
programs.plasma = {
enable = true;
desktop.mouseActions.verticalScroll = "switchVirtualDesktop";
@ -88,7 +99,7 @@
"applications:steam.desktop"
"applications:noisetorch.desktop"
"applications:org.kde.plasma-systemmonitor.desktop"
"applications:org.codeberg.dnkl.foot.desktop"
"applications:foot.desktop"
"applications:nitrokey-app.desktop"
"applications:codium.desktop"
"applications:freetube.desktop"

View file

@ -0,0 +1,7 @@
{...}: {
home.file."settings.json" = {
source = ./settings.json;
target = ".config/vesktop/settings/settings.json";
force = true;
};
}

View file

@ -0,0 +1,602 @@
{
"autoUpdate": true,
"autoUpdateNotification": false,
"useQuickCss": true,
"themeLinks": [],
"enabledThemes": [
"stylix.theme.css"
],
"enableReactDevtools": false,
"frameless": false,
"transparent": false,
"winCtrlQ": false,
"disableMinSize": false,
"winNativeTitleBar": false,
"plugins": {
"ChatInputButtonAPI": {
"enabled": true
},
"CommandsAPI": {
"enabled": true
},
"MemberListDecoratorsAPI": {
"enabled": false
},
"MessageAccessoriesAPI": {
"enabled": true
},
"MessageDecorationsAPI": {
"enabled": false
},
"MessageEventsAPI": {
"enabled": true
},
"MessagePopoverAPI": {
"enabled": false
},
"MessageUpdaterAPI": {
"enabled": false
},
"ServerListAPI": {
"enabled": false
},
"UserSettingsAPI": {
"enabled": true
},
"AccountPanelServerProfile": {
"enabled": false
},
"AlwaysAnimate": {
"enabled": false
},
"AlwaysExpandRoles": {
"enabled": false
},
"AlwaysTrust": {
"enabled": true,
"domain": true,
"file": true
},
"AnonymiseFileNames": {
"enabled": true,
"anonymiseByDefault": true,
"method": 0,
"randomisedLength": 7
},
"AppleMusicRichPresence": {
"enabled": false
},
"WebRichPresence (arRPC)": {
"enabled": false
},
"BANger": {
"enabled": false
},
"BetterFolders": {
"enabled": false
},
"BetterGifAltText": {
"enabled": false
},
"BetterGifPicker": {
"enabled": false
},
"BetterNotesBox": {
"enabled": false
},
"BetterRoleContext": {
"enabled": false
},
"BetterRoleDot": {
"enabled": false
},
"BetterSessions": {
"enabled": false
},
"BetterSettings": {
"enabled": false
},
"BetterUploadButton": {
"enabled": false
},
"BiggerStreamPreview": {
"enabled": false
},
"BlurNSFW": {
"enabled": false
},
"CallTimer": {
"enabled": false
},
"ClearURLs": {
"enabled": false
},
"ClientTheme": {
"enabled": false
},
"ColorSighted": {
"enabled": false
},
"ConsoleJanitor": {
"enabled": false
},
"ConsoleShortcuts": {
"enabled": false
},
"CopyEmojiMarkdown": {
"enabled": false
},
"CopyFileContents": {
"enabled": false
},
"CopyUserURLs": {
"enabled": false
},
"CrashHandler": {
"enabled": true
},
"CtrlEnterSend": {
"enabled": false
},
"CustomRPC": {
"enabled": false
},
"CustomIdle": {
"enabled": false
},
"Dearrow": {
"enabled": false
},
"Decor": {
"enabled": false
},
"DisableCallIdle": {
"enabled": false
},
"DontRoundMyTimestamps": {
"enabled": false
},
"EmoteCloner": {
"enabled": false
},
"Experiments": {
"enabled": false
},
"F8Break": {
"enabled": false
},
"FakeNitro": {
"enabled": true,
"enableEmojiBypass": true,
"emojiSize": 48,
"transformEmojis": true,
"enableStickerBypass": true,
"stickerSize": 160,
"transformStickers": true,
"transformCompoundSentence": false,
"enableStreamQualityBypass": true,
"useHyperLinks": true,
"hyperLinkText": "{{NAME}}",
"disableEmbedPermissionCheck": false
},
"FakeProfileThemes": {
"enabled": false
},
"FavoriteEmojiFirst": {
"enabled": false
},
"FavoriteGifSearch": {
"enabled": false
},
"FixCodeblockGap": {
"enabled": false
},
"FixSpotifyEmbeds": {
"enabled": false
},
"FixYoutubeEmbeds": {
"enabled": false
},
"ForceOwnerCrown": {
"enabled": false
},
"FriendInvites": {
"enabled": false
},
"FriendsSince": {
"enabled": false
},
"FullSearchContext": {
"enabled": false
},
"GameActivityToggle": {
"enabled": false
},
"GifPaste": {
"enabled": false
},
"GreetStickerPicker": {
"enabled": false
},
"HideAttachments": {
"enabled": false
},
"iLoveSpam": {
"enabled": false
},
"IgnoreActivities": {
"enabled": false
},
"ImageLink": {
"enabled": false
},
"ImageZoom": {
"enabled": false
},
"ImplicitRelationships": {
"enabled": false
},
"InvisibleChat": {
"enabled": false
},
"KeepCurrentChannel": {
"enabled": false
},
"LastFMRichPresence": {
"enabled": false
},
"LoadingQuotes": {
"enabled": false
},
"MemberCount": {
"enabled": true,
"memberList": true,
"toolTip": true
},
"MentionAvatars": {
"enabled": false
},
"MessageClickActions": {
"enabled": false
},
"MessageLatency": {
"enabled": false
},
"MessageLinkEmbeds": {
"enabled": false
},
"MessageLogger": {
"enabled": false
},
"MessageTags": {
"enabled": false
},
"MoreCommands": {
"enabled": false
},
"MoreKaomoji": {
"enabled": true
},
"MoreUserTags": {
"enabled": false
},
"Moyai": {
"enabled": false
},
"MutualGroupDMs": {
"enabled": false
},
"NewGuildSettings": {
"enabled": false
},
"NoBlockedMessages": {
"enabled": false
},
"NoDevtoolsWarning": {
"enabled": false
},
"NoF1": {
"enabled": false
},
"NoMaskedUrlPaste": {
"enabled": false
},
"NoMosaic": {
"enabled": false
},
"NoOnboardingDelay": {
"enabled": false
},
"NoPendingCount": {
"enabled": false
},
"NoProfileThemes": {
"enabled": false
},
"NoReplyMention": {
"enabled": false
},
"NoScreensharePreview": {
"enabled": false
},
"NoServerEmojis": {
"enabled": false
},
"NoTypingAnimation": {
"enabled": false
},
"NoUnblockToJump": {
"enabled": false
},
"NormalizeMessageLinks": {
"enabled": false
},
"NotificationVolume": {
"enabled": false
},
"NSFWGateBypass": {
"enabled": false
},
"OnePingPerDM": {
"enabled": false
},
"oneko": {
"enabled": false
},
"OpenInApp": {
"enabled": false
},
"OverrideForumDefaults": {
"enabled": false
},
"PartyMode": {
"enabled": false
},
"PauseInvitesForever": {
"enabled": false
},
"PermissionFreeWill": {
"enabled": false
},
"PermissionsViewer": {
"enabled": false
},
"petpet": {
"enabled": true
},
"PictureInPicture": {
"enabled": false
},
"PinDMs": {
"enabled": false
},
"PlainFolderIcon": {
"enabled": false
},
"PlatformIndicators": {
"enabled": false
},
"PreviewMessage": {
"enabled": false
},
"QuickMention": {
"enabled": false
},
"QuickReply": {
"enabled": false
},
"ReactErrorDecoder": {
"enabled": false
},
"ReadAllNotificationsButton": {
"enabled": false
},
"RelationshipNotifier": {
"enabled": false
},
"ReplaceGoogleSearch": {
"enabled": false
},
"ReplyTimestamp": {
"enabled": false
},
"RevealAllSpoilers": {
"enabled": false
},
"ReverseImageSearch": {
"enabled": false
},
"ReviewDB": {
"enabled": false
},
"RoleColorEverywhere": {
"enabled": false
},
"SecretRingToneEnabler": {
"enabled": false
},
"Summaries": {
"enabled": false
},
"SendTimestamps": {
"enabled": true,
"replaceMessageContents": true
},
"ServerInfo": {
"enabled": false
},
"ServerListIndicators": {
"enabled": false
},
"ShikiCodeblocks": {
"enabled": true,
"useDevIcon": "COLOR",
"theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json",
"tryHljs": "SECONDARY",
"bgOpacity": 100
},
"ShowAllMessageButtons": {
"enabled": false
},
"ShowConnections": {
"enabled": false
},
"ShowHiddenChannels": {
"enabled": false
},
"ShowHiddenThings": {
"enabled": false
},
"ShowMeYourName": {
"enabled": false
},
"ShowTimeoutDuration": {
"enabled": false
},
"SilentMessageToggle": {
"enabled": false
},
"SilentTyping": {
"enabled": false
},
"SortFriendRequests": {
"enabled": false
},
"SpotifyControls": {
"enabled": false
},
"SpotifyCrack": {
"enabled": false
},
"SpotifyShareCommands": {
"enabled": false
},
"StartupTimings": {
"enabled": false
},
"StickerPaste": {
"enabled": false
},
"StreamerModeOnStream": {
"enabled": false
},
"SuperReactionTweaks": {
"enabled": false
},
"TextReplace": {
"enabled": false
},
"ThemeAttributes": {
"enabled": false
},
"Translate": {
"enabled": false
},
"TypingIndicator": {
"enabled": false
},
"TypingTweaks": {
"enabled": false
},
"Unindent": {
"enabled": false
},
"UnlockedAvatarZoom": {
"enabled": false
},
"UnsuppressEmbeds": {
"enabled": false
},
"UserVoiceShow": {
"enabled": false
},
"USRBG": {
"enabled": false
},
"ValidReply": {
"enabled": false
},
"ValidUser": {
"enabled": false
},
"VoiceChatDoubleClick": {
"enabled": false
},
"VcNarrator": {
"enabled": false
},
"VencordToolbox": {
"enabled": false
},
"ViewIcons": {
"enabled": false
},
"ViewRaw": {
"enabled": false
},
"VoiceDownload": {
"enabled": false
},
"VoiceMessages": {
"enabled": false
},
"VolumeBooster": {
"enabled": false
},
"WebKeybinds": {
"enabled": true
},
"WebScreenShareFixes": {
"enabled": true
},
"WhoReacted": {
"enabled": false
},
"XSOverlay": {
"enabled": false
},
"YoutubeAdblock": {
"enabled": true
},
"NoTrack": {
"enabled": true,
"disableAnalytics": true
},
"WebContextMenus": {
"enabled": true,
"addBack": true
},
"Settings": {
"enabled": true,
"settingsLocation": "aboveNitro"
},
"SupportHelper": {
"enabled": true
},
"UserMessagesPronouns": {
"enabled": true,
"showInMessages": true,
"showSelf": true,
"pronounSource": 0,
"pronounsFormat": "LOWERCASE"
},
"DynamicImageModalAPI": {
"enabled": false
},
"FixImagesQuality": {
"enabled": false
}
},
"notifications": {
"timeout": 5000,
"position": "bottom-right",
"useNative": "not-focused",
"logLimit": 50
},
"cloud": {
"authenticated": false,
"url": "https://api.vencord.dev/",
"settingsSync": false,
"settingsSyncVersion": 1734993730812
}
}

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS

View file

@ -18,6 +18,8 @@
home.packages = with pkgs; [
heroic
r2modman
ryujinx
lutris
];
programs.mangohud = {

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS

View file

@ -16,6 +16,8 @@
../../desktop/package-configs/firefox.nix
../../desktop/package-configs/konsole
../../desktop/package-configs/foot
../../desktop/package-configs/freetube
../../desktop/package-configs/vesktop
../../shared
];
nixpkgs = {
@ -56,10 +58,11 @@
freetube
obs-studio
vlc
fcast-receiver
fcast-client
# System tools:
rage
discover
flameshot
fzf
nextcloud-client
@ -83,7 +86,7 @@
firefox
ungoogled-chromium
];
programs = {
# # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
@ -94,12 +97,13 @@
# };
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {
home-manager.enable = true;
git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "24.11";

View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS

View file

@ -11,8 +11,7 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../package-configs/zsh.nix
../../package-configs/helix.nix
../../shared
];
nixpkgs = {
@ -36,5 +35,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "24.05";
home.stateVersion = "25.05";
}

View file

@ -0,0 +1,46 @@
[
{
"command": "systemctl poweroff",
"name": "shutdown"
},
{
"command": "systemctl reboot",
"name": "reboot"
},
{
"command": "systemctl suspend",
"name": "suspend"
},
{
"command": "systemctl hibernate",
"name": "hibernate"
},
{
"command": "loginctl lock-session",
"name": "lock"
},
{
"command": "loginctl unlock-session",
"name": "unlock"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
"name": "mute"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
"name": "mute mic"
},
{
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "screenshot to phone"
},
{
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "webcam to phone"
},
{
"command": "",
"name": ""
}
]

View file

@ -1,4 +1,8 @@
{pkgs, ...}: {
{
pkgs,
osConfig,
...
}: {
imports = [
./shell/helix
./shell/zellij
@ -10,11 +14,19 @@
home = {
username = "lillian";
homeDirectory = "/home/lillian";
file."id_ed25519.pub" = {
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
target = ".ssh/id_ed25519.pub";
force = true;
};
};
catppuccin = {
enable = true;
flavor = "macchiato";
foot.enable = false;
helix.enable = false;
yazi.enable = false;
};
home.packages = with pkgs; [
@ -27,8 +39,43 @@
broot
lazygit
navi
yazi
nil
];
programs.navi.enable = true;
programs = {
navi.enable = true;
yazi = {
enable = true;
package = pkgs.yazi.override {
_7zz = pkgs._7zz.override {useUasm = true;};
};
};
};
stylix.enable = true;
# stylix = {
# enable = true;
# autoEnable = true;
# base16Scheme = {
# scheme = "Catppuccin Macchiato";
# author = "https://github.com/catppuccin/catppuccin";
# base00 = "24273a";
# base01 = "1e2030";
# base02 = "363a4f";
# base03 = "494d64";
# base04 = "5b6078";
# base05 = "cad3f5";
# base06 = "f4dbd6";
# base07 = "b7bdf8";
# base08 = "ed8796";
# base09 = "f5a97f";
# base0A = "eed49f";
# base0B = "a6da95";
# base0C = "8bd5ca";
# base0D = "8aadf4";
# base0E = "c6a0f6";
# base0F = "f0c6c6";
# };
# image = ./background.jpg;
# cursor.package = pkgs.catppuccin-cursors;
# cursor.name = "macchiatoMauve";
# };
}

View file

@ -2,6 +2,6 @@
programs.bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch];
catppuccin.enable = true;
# catppuccin.enable = true;
};
}

View file

@ -16,24 +16,21 @@
''
#! ~/.nix-profile/bin/zsh
is_new() {
new=1;
touch /tmp/rjh;
while IFS="" read -r p || [ -n "$p" ]; do
if [ $(pwd) = $p ]; then
new=0;
mkdir -p /tmp/rjh;
if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then
new=1
fi
done < /tmp/rjh
return $new
}
send_to_jupyter() {
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17
pwd >> /tmp/rjh
zellij action write 29 25
zellij action write 17
cat | just send
}
send_to_jupyter
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3
rm -f /tmp/pipe-rjh
mkfifo /tmp/pipe-rjh
cat > /tmp/pipe-rjh
zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh
rm /tmp/pipe-rjh
'';
in {
programs.helix = {
@ -51,6 +48,11 @@ in {
j = ":pipe-to just jupyter";
};
editor = {
auto-save = {
focus-lost = true;
after-delay.enable = true;
after-delay.timeout = 3000;
};
line-number = "relative";
lsp.display-messages = true;
lsp.display-inlay-hints = true;

View file

@ -0,0 +1,45 @@
{
fetchzip,
lib,
rustPlatform,
git,
installShellFiles,
}:
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "24.07";
# This release tarball includes source code for the tree-sitter grammars,
# which is not ordinarily part of the repository.
src = fetchzip {
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
hash = "";
stripRoot = false;
};
cargoHash = "";
nativeBuildInputs = [git installShellFiles];
env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
postInstall = ''
# not needed at runtime
rm -r runtime/grammars/sources
mkdir -p $out/lib
cp -r runtime $out/lib
installShellCompletion contrib/completion/hx.{bash,fish,zsh}
mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
cp contrib/Helix.desktop $out/share/applications
cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
'';
meta = with lib; {
description = "Post-modern modal text editor";
homepage = "https://helix-editor.com";
license = licenses.mpl20;
mainProgram = "hx";
maintainers = with maintainers; [danth yusdacra zowoq];
};
}

View file

@ -174,7 +174,7 @@ in {
enableZshIntegration = true;
settings = {
session_serialization = true;
theme = "catppuccin-macchiato";
# theme = "catppuccin-macchiato";
themes = {
catppuccin-mocha = {
@ -206,14 +206,12 @@ in {
};
};
};
home.file = {
"layout" = {
source = "${layout}";
target = ".config/zellij/layouts/default.kdl";
};
};
home.file = {
"helix_zellij" = {
source = "${helix_zellij}";
target = ".config/zellij/layouts/helix.kdl";

View file

@ -1,9 +1,9 @@
{pkgs, ...}: {
programs.zoxide = {
programs = {
zoxide = {
enable = true;
};
programs.zsh = {
zsh = {
enable = true;
shellAliases = {
cd = "z";
@ -67,4 +67,5 @@
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
'';
};
};
}

View file

@ -13,3 +13,12 @@ update:
clean:
sudo nix-collect-garbage
sudo nix-store --optimise
setup:
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
push:
git pull
git add *
read -p "Commit message: " -r message && git commit -m "$message"
git push

View file

@ -1,6 +1,5 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations.
{
# List your module files here
contabo.wan = import ./contabo/wan;
vpn-ip = import ./vpn-ip;
}

View file

@ -0,0 +1,14 @@
{lib, ...}:
with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = {
ip = mkOption {
type = types.str;
default = "0";
};
publicKey = mkOption {
type = types.str;
default = "";
};
};
}

View file

@ -29,11 +29,6 @@
};
};
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
programs.command-not-found.enable = lib.mkForce false;
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
environment.systemPackages =
(with pkgs; [
# Custom tools
@ -83,6 +78,8 @@
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
kdePackages.qtstyleplugin-kvantum
kdePackages.krdc
kdePackages.krfb
libportal-qt5
libportal
@ -96,61 +93,63 @@
# list of latest packages from nixpkgs master
# Can be used to install latest version of some packages
]);
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
nix-index.enable = true;
nix-index-database.comma.enable = true;
programs.direnv = {
direnv = {
enable = true;
};
# Enable networking
networking.networkmanager.enable = true;
programs.steam = {
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
kdeconnect.enable = true;
noisetorch = {
enable = true;
};
};
# Enable networking
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
services = {
# Enable the X11 windowing system.
services.xserver.enable = true;
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
# Enable flatpak support
services.flatpak.enable = true;
services.packagekit.enable = true;
flatpak.enable = true;
packagekit.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
printing.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
@ -159,38 +158,59 @@
wireplumber.enable = true;
};
programs.noisetorch = {
avahi = {
nssmdns4 = true;
enable = true;
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
};
hardware = {
graphics.enable32Bit = true;
# Enable bluetooth hardware
bluetooth.enable = true;
# Enable sound with pipewire.
pulseaudio.enable = false;
};
security.rtkit.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# FIXME: re-enable virtual camera loopback when it build again.
boot.bootspec.enable = true;
security.tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"];
boot = {
# tss group has access to TPM devices
bootspec.enable = true;
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
#boot.supportedFilesystems = ["bcachefs"];
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
boot.kernelModules = [
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
kernelModules = [
# Virtual Camera
"v4l2loopback"
# Virtual Microphone, built-in
"snd-aloop"
];
# Set initial kernel module settings
boot.extraModprobeConfig = ''
extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
loader.systemd-boot.configurationLimit = 3;
loader.efi.canTouchEfiVariables = true;
};
}

View file

@ -1,7 +1,6 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
lib,
pkgs,
@ -9,8 +8,6 @@
}: {
# You can import other NixOS modules here
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -21,40 +18,33 @@
# You can also split up your configuration and import pieces of it here:
# ./users.nix
../../desktop
outputs.nixosModules.vpn-ip
../../../disko/EDI
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/sops.yaml;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/EDI;
};
};
environment.systemPackages = with pkgs; [
];
services.vpn-ip = {
ip = "3";
};
networking.hostName = "EDI";
boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
loader.systemd-boot.enable = lib.mkForce false;
initrd.systemd.enable = true;
boot.lanzaboote = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";

View file

@ -1,4 +1,5 @@
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +15,8 @@ sops:
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-21T10:15:11Z"
mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
lastmodified: "2024-12-06T18:01:20Z"
mac: ENC[AES256_GCM,data:UTzeVEUolw6oBrRL8NMEcb5WmJYUdKnnxKYTrV0AowX6B5Jk8e6hSHqMiEmY9yPdS0HGA0i+DirGvrW3TmsOk2XehsiNO9puXb0/6KiaTge4y3/ueVASAPs/qB9RR6EAdBiE1ZUKVy2vpL+x9xp5XY2F8aHIp22DmJ5Xg5oyWJc=,iv:1/Fj2xAKHUebsj1FLmmGAmvHXNYsLXIfP6F7PJ7EH9M=,tag:XvFBu2vCNj7UMbWVPgo94Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.1

View file

@ -10,6 +10,7 @@
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -20,7 +21,7 @@
# You can also split up your configuration and import pieces of it here:
# ./users.nix
../../desktop
# ../../desktop
../../../disko/GLaDOS
@ -28,35 +29,39 @@
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
];
services.xserver.videoDrivers = ["amdgpu"];
services.vpn-ip = {
ip = "2";
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
hardware = {
# Add vulkan support to GPU
hardware.graphics.extraPackages = with pkgs; [
graphics.extraPackages = with pkgs; [
amdvlk
];
# For 32 bit applications
hardware.graphics.extraPackages32 = with pkgs; [
graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
programs.gamemode = {
enable = true;
settings = {
};
programs = {
gamemode.enable = true;
gamemode.settings = {
general = {
renice = 10;
};
# Warning: GPU optimisations have the potential to damage hardware
gpu = {
apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0;
amd_performance_level = "high";
};
# gpu = {
# apply_gpu_optimisations = "accept-responsibility";
# gpu_device = 0;
# amd_performance_level = "high";
# };
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
@ -64,8 +69,10 @@
};
};
};
boot.loader.systemd-boot.enable = true;
boot = {
loader.systemd-boot.enable = true;
binfmt.emulatedSystems = ["aarch64-linux"];
};
# boot.lanzaboote = {
# enable = true;
@ -74,17 +81,6 @@
users.users.lillian.extraGroups = ["gamemode"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/GLaDOS;
};
};
# virtualisation.waydroid.enable = false;
networking.hostName = "GLaDOS";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

View file

@ -1,4 +1,6 @@
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +16,8 @@ sops:
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T11:58:42Z"
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
lastmodified: "2024-12-22T22:09:35Z"
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.2

View file

@ -13,6 +13,8 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
./hardware-configuration.nix
@ -26,16 +28,17 @@
# Import disko
# ../../../disko/queen
];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking.domain = "";
services.openssh = {
services = {
openssh = {
enable = true;
settings = {
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
};
nixpkgs = {
@ -50,9 +53,6 @@
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
fzf
matrix-conduit
@ -88,6 +88,8 @@
sqlite
rocksdb
];
networking = {
domain = "";
# Create an auto-update systemd service that runs every day
# system.autoUpgrade = {
@ -102,8 +104,8 @@
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
networking.enableIPv6 = lib.mkForce true;
networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
enableIPv6 = lib.mkForce true;
nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
# networking.interfaces.ens18.ipv4.addresses = [
# {
@ -112,19 +114,19 @@
# }
# ];
networking.interfaces.ens18.ipv6.addresses = [
interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
# Open ports in the firewall.
networking.firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
@ -142,6 +144,12 @@
];
};
hostName = "queen";
# Disable the server going through wireguard vpn for now
wireguard.enable = lib.mkForce false;
};
# networking.useNetworkd = true;
# networking.useDHCP = false;
@ -172,20 +180,15 @@
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/queen;
boot = {
tmp.cleanOnBoot = true;
loader.grub = {
enable = true;
configurationLimit = 3;
};
loader.efi.canTouchEfiVariables = true;
};
networking.hostName = "queen";
boot.loader.grub.enable = true;
boot.loader.grub.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

View file

@ -6,13 +6,14 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
sops:
kms: []
gcp_kms: []
@ -28,8 +29,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-16T13:34:43Z"
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
lastmodified: "2024-12-23T00:03:37Z"
mac: ENC[AES256_GCM,data:uRXXG8sDFqMyuhSSJrD3gDmZd2uGdrV/vHxfrAzTHYa+rtq7EjsIynxa9obpBKEbCSHa5UHgNxoP9VpSd9n9ENaRDxKFdaANcREjUihTDv0rFoMyaiBPcjWjj5/W8rA2ki7V4M0tgERUmq+UOcW5uZg01jPrHm7TFgdwZezFPfI=,iv:FX7DrwjA2DYKRif4EdhQ7rQKfQdk4NrQBIA+LB/3xkI=,tag:swckRXnUoVVdBsx8tDqIKA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0
version: 3.9.2

View file

@ -14,8 +14,9 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# Import the shared settings
../../shared
../../desktop/package-configs/firefox
# You can also split up your configuration and import pieces of it here:
@ -26,11 +27,101 @@
./auto-mount.nix
];
boot = {
tmp.cleanOnBoot = true;
loader = {
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
boot.tmp.cleanOnBoot = true;
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
systemd-boot.enable = lib.mkForce false;
systemd-boot.configurationLimit = 3;
timeout = 0;
efi.canTouchEfiVariables = true;
};
initrd.systemd.enable = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
consoleLogLevel = 0;
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true;
};
zramSwap.enable = false;
networking.domain = "";
services.openssh.enable = true;
networking = {
domain = "";
# Enable networking
networkmanager.enable = true;
firewall.enable = true;
firewall.allowedTCPPorts = [22];
hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
services = {
openssh.enable = true; # Enables support for 32bit libs that steam uses
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
desktopManager.plasma6.enable = true;
avahi = {
nssmdns4 = true;
enable = true;
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
displayManager = {
defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
# Enable flatpak support
flatpak.enable = true;
packagekit.enable = true;
# Configure keymap in X11
xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable CUPS to print documents.
printing.enable = true;
# Enable fwupd daemon and user space client
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
nixpkgs = {
# You can add overlays here
@ -42,10 +133,6 @@
allowUnfree = true;
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
# Custom tools
auto-mount
@ -55,9 +142,11 @@
decky-loader
efitools
jq
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
# noto-fonts
# noto-fonts-emoji-blob-bin
# noto-fonts-emoji
qjackctl
#rustdesk
sbctl
udisks
@ -68,7 +157,7 @@
#KDE:
krunner-translator
kdePackages.discover
# kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
@ -77,6 +166,8 @@
# kdePackages.krunner-symbols
kdePackages.qtvirtualkeyboard
kdePackages.packagekit-qt
kdePackages.krdc
kdePackages.krfb
libportal
#Gaming:
@ -104,47 +195,23 @@
enableGyroDsuService = true;
};
};
programs.steam = lib.mkForce {
programs = {
steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
kdeconnect.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.wayland.enable = lib.mkForce true;
services.displayManager.sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
noisetorch = {
enable = true;
};
# Enable flatpak support
services.flatpak.enable = true;
services.packagekit.enable = true;
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
git = {
enable = true;
};
};
# Enable networking
networking.networkmanager.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
# # Enable automounting of removable media
# services.udisks2.enable = true;
@ -154,32 +221,14 @@
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Enable CUPS to print documents.
services.printing.enable = true;
hardware = {
graphics.enable32Bit = true;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
bluetooth.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs.noisetorch = {
enable = true;
};
programs.git = {
enable = true;
pulseaudio.enable = false;
};
users.users.lillian.extraGroups = ["decky" "tss" "input"];
@ -187,38 +236,14 @@
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/shodan;
};
};
networking.hostName = "shodan";
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
security = {
rtkit.enable = true;
tpm2 = {
enable = true;
pkiBundle = "/etc/secureboot";
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
};
};
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.consoleLogLevel = 0;
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
boot.plymouth.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";

View file

@ -1,4 +1,6 @@
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
sops:
kms: []
gcp_kms: []
@ -14,8 +16,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-19T00:42:59Z"
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
lastmodified: "2024-12-22T22:35:15Z"
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.2

View file

@ -1,127 +1,346 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
outputs,
lib,
config,
pkgs,
config,
modulesPath,
...
}: {
imports = [
inputs.home-manager.nixosModules.home-manager
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
./armv7l.nix
./hardware-configuration.nix
# Import shared configurations
../../shared
# Import shared settings
];
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.generic-extlinux-compatible.configurationLimit = 5;
boot.loader.grub.enable = false;
boot.tmp.cleanOnBoot = true;
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // {allowMissing = true;});
})
];
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
nix-index.enable = true;
nix-index-database.comma.enable = true;
};
services = {
automatic-timezoned.enable = true;
# boot.extraModulePackages = [
# (pkgs.callPackage ./rtl8189es.nix {
# kernel = config.boot.kernelPackages.kernel;
# })
# stubby = {
# enable = true;
# settings =
# pkgs.stubby.passthru.settingsExample
# // {
# upstream_recursive_servers = [
# {
# address_data = "94.140.14.49";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
nixpkgs = {
# You can add overlays here
overlays = [
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
# }
# {
# address_data = "94.140.14.59";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:ded:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:dad:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# ];
# };
# };
openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.secrets."wireless.env".mode = "0440";
sops.secrets."wireless.env".owner = config.users.users.root.name;
environment.systemPackages = with pkgs; [
age
git
htop
];
boot.kernelParams = [
"console=ttyS0,115200n8"
];
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
davfs2.enable = true;
aria2 = {
enable = true;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
dir = "/var/lib/media";
rpc-listen-port = 6969;
};
rpcSecretFile = config.sops.secrets."rpcSecret".path;
};
dnsmasq = {
enable = true;
settings = {
interface = "wg1";
};
};
};
sops = {
# users.users = {
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
# };
# services.ombi = {
# enable = true;
# port = 2368;
# };
# users.users = {
# radarr.extraGroups = ["aria2"];
# sonarr.extraGroups = ["aria2"];
# };
# services = {
# #uses port 7878
# radarr.enable = true;
# #uses port 8989
# sonarr.enable = true;
# prowlarr.enable = true;
# };
secrets."webdav-secret" = {
mode = "0600";
path = "/etc/davfs2/secrets";
};
secrets."rpcSecret".mode = "0440";
secrets."rpcSecret".owner = config.users.users.aria2.name;
secrets."protonvpn-priv-key".mode = "0440";
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
networking.wireless.enable = true;
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
networking.wireless.networks."KPNAA6306" = {
hidden = true;
auth = ''
key_mgmt=WPA-PSK
password="@PSK_HOME@"
sdImage.compressImage = false;
networking = {
hostName = "wheatley";
networkmanager.enable = true;
# Disable NetworkManager's internal DNS resolution
networkmanager.dns = "none";
# These options are unnecessary when managing DNS ourselves
useDHCP = false;
dhcpcd.enable = false;
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well.
nameservers = [
# "127.0.0.1"
# "::1"
"94.140.14.49"
"94.140.14.59"
"2a10:50c0:0:0:0:0:ded:ff"
"2a10:50c0:0:0:0:0:ded:ff"
];
wireguard.enable = true;
wg-quick.interfaces = {
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# autostart = true;
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# address = ["10.2.0.2/32"];
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# dns = ["10.2.0.1"];
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
# peers = [
# # List of allowed peers.
# {
# # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = ["0.0.0.0/0"];
# endpoint = "146.70.86.114:51820";
# }
# ];
# };
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts
wg0 = lib.mkForce {
# Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51821;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
#GLaDOS public key
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
}
{
#EDI public key
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#Shodan public key
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#ADA public key
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"];
}
#Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04=
];
};
networking.firewall.enable = true;
networking.firewall = {
allowedTCPPorts = [22 80 443 5335 8080];
allowedUDPPorts = [5335];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.zsh = {
nat = {
# enable NAT
enable = true;
externalInterface = "end0";
internalInterfaces = ["wg1"];
};
programs.git = {
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
51821 # wg
7878
53 # dnsmasq
];
allowedUDPPorts = [
53 #dnsmasq
];
allowedUDPPortRanges = [
{
from = 51820;
to = 51822; # wg
}
{
from = 49152;
to = 49999;
} # TURN relay
];
};
};
systemd.mounts = [
{
enable = true;
description = "Webdav mount point";
after = ["network-online.target"];
wants = ["network-online.target"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake";
where = "/home/jellyfinmediaplayer/nextcloud";
options = "uid=1003,gid=100,file_mode=0664,dir_mode=2775";
type = "davfs";
}
];
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/wheatley;
users.aria2 = {
# #uses port 8096
# services.jellyfin.enable = true;
# users.groups.jellyfinmediaplayer = {};
# users.users.jellyfinmediaplayer.group = "jellyfinmediaplayer";
# users.users.jellyfin.extraGroups = ["jellyfinmediaplayer"];
# # Add stremio kiosk on wayland :)
# users.extraUsers.jellyfinmediaplayer.isNormalUser = true;
# services.cage.user = "jellyfinmediaplayer";
# services.cage.program = "${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer";
# services.cage.enable = true;
# services.cage.extraArguments = ["-f"];
group = "aria2";
isSystemUser = true;
};
groups.aria2 = {};
};
networking.hostName = "wheatley"; # Define your hostname
environment.systemPackages = [
# (pkgs.kodi.withPackages (kodiPkgs:
# with kodiPkgs; [
# steam-controller
# invidious
# netflix
# upnext
# sponsorblock
# sendtokodi
# jellyfin
# ]))
pkgs.iptables
];
networking.wireless.interfaces = ["enu1u1"];
# powerManagement.cpuFreqGovernor = "powersave";
powerManagement.cpufreq.max = 648000;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "unstable"; # Did you read the comment?
system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
}

View file

@ -10,40 +10,26 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["usbhid"];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
fileSystems = {
# Prior to 19.09, the boot partition was hosted on the smaller first partition
# Starting with 19.09, the /boot folder is on the main bigger partition.
# The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed
# "/boot" = {
# device = "/dev/disk/by-label/FIRMWARE";
# fsType = "vfat";
# };
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}];
swapDevices = [
{
device = "/swapfile";
size = 16 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true;
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

View file

@ -1,5 +1,10 @@
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +20,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-22T11:57:45Z"
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
lastmodified: "2024-12-22T22:37:02Z"
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.9.2

View file

@ -1,7 +1,6 @@
{
config,
pkgs,
inputs,
...
}: let
# You'll need to edit these values
@ -35,7 +34,8 @@ in {
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
package = inputs.conduwuit.packages.${pkgs.system}.default;
# package = inputs.conduwuit.packages.${pkgs.system}.default;
package = pkgs.conduwuit;
settings.global = {
inherit server_name;

View file

@ -7,13 +7,14 @@
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
sops.secrets."nextclouddb".mode = "0440";
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
sops.secrets."local.json".mode = "0440";
sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
# sops.secrets."local.json".mode = "0440";
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
users.users = {
nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
# nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
nextcloud.extraGroups = [config.users.groups.keys.name];
#aria2.extraGroups = ["nextcloud"];
onlyoffice.extraGroups = [config.users.users.nextcloud.name];
# onlyoffice.extraGroups = [config.users.users.nextcloud.name];
};
# Enable Nginx
@ -90,15 +91,15 @@
};
};
services.onlyoffice = {
port = 16783;
enable = true;
hostname = "onlyoffice.gladtherescake.eu";
#postgresHost = "/run/postgesql";
#postgresUser = "onlyoffice";
#postgresName = "onlyoffice";
#jwtSecretFile = config.sops.secrets."local.json".path;
};
# services.onlyoffice = {
# port = 16783;
# enable = true;
# hostname = "onlyoffice.gladtherescake.eu";
# #postgresHost = "/run/postgesql";
# #postgresUser = "onlyoffice";
# #postgresName = "onlyoffice";
# #jwtSecretFile = config.sops.secrets."local.json".path;
# };
services.rabbitmq = {
enable = true;

BIN
nixos/shared/background.jpg Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 158 KiB

View file

@ -1,5 +1,6 @@
{
inputs,
outputs,
lib,
config,
pkgs,
@ -8,9 +9,24 @@
imports = [
./locale
./packages
inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
];
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
sops.secrets."lillian-password".neededForUsers = true;
sops = {
age.keyFile = ../../../../../../var/secrets/keys.txt;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
#TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [
@ -41,26 +57,123 @@
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://0uptime.cachix.org"
"https://attic.kennel.juneis.dog/conduit"
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
"conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk="
];
};
};
catppuccin = {
flavor = "macchiato";
enable = true;
plymouth.enable = false;
grub.enable = false;
};
catppuccin.flavor = "macchiato";
catppuccin.enable = true;
# console.catppuccin.enable = true;
console.catppuccin.enable = true;
programs.zsh = {
enable = true;
};
home-manager.backupFileExtension = "backup";
stylix = {
enable = true;
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "8aadf4";
base0E = "c6a0f6";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
users.users.lillian = {
monospace = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
};
};
fonts.packages = [
pkgs.dejavu_fonts
pkgs.noto-fonts
pkgs.nerd-fonts.fira-mono
];
networking = {
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {
inputs = inputs;
outputs = outputs;
};
users = {
# Import your home-manager configuration
lillian = import ../../home-manager/hosts/${config.networking.hostName};
};
};
users = {
users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
@ -70,17 +183,10 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
mutableUsers = false;
programs.zsh = {
enable = true;
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
users.mutableUsers = false;
users.users.root = {
users.root = {
hashedPassword = "*";
};
};
}

View file

@ -30,6 +30,7 @@
e2fsprogs
git
git-filter-repo
pre-commit
helix
home-manager
htop
@ -49,24 +50,24 @@
# Can be used to install latest version of some packages
]);
fonts = {
packages = with pkgs; [
noto-fonts-emoji-blob-bin
cantarell-fonts
dejavu_fonts
fira-code
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
paratype-pt-sans
paratype-pt-mono
paratype-pt-serif
roboto
twemoji-color-font
font-awesome
atkinson-hyperlegible
fira-code-nerdfont
];
enableDefaultPackages = false;
};
# fonts = {
# packages = with pkgs; [
# noto-fonts-emoji-blob-bin
# cantarell-fonts
# dejavu_fonts
# fira-code
# noto-fonts
# noto-fonts-cjk-sans
# noto-fonts-cjk-serif
# paratype-pt-sans
# paratype-pt-mono
# paratype-pt-serif
# roboto
# twemoji-color-font
# font-awesome
# atkinson-hyperlegible
# fira-code-nerdfont
# ];
# enableDefaultPackages = false;
# };
}

View file

@ -1 +0,0 @@
/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55