Lillian-Violet/NixOS-Config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Lillian-Violet:main
Branches Tags
Lillian-Violet:main
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0
..
compare: Lillian-Violet:Desktop-changes
Branches Tags
Lillian-Violet:main
Lillian-Violet:Desktop-changes
Lillian-Violet:bcachefs-update-broken-queen
Lillian-Violet:fcast
Lillian-Violet:2.0
Lillian-Violet:v1.0

No commits in common. "main" and "Desktop-changes" have entirely different histories.
main ... Desktop-ch

46 changed files with 1682 additions and 2331 deletions
Show stats Expand all files Collapse all files

47
disko/wheatley/default.nix
View file

@ -1,47 +0,0 @@
{
disko = {
devices = {
disk = {
disk1 = {
imageSize = "20G";
type = "disk";
device = "/dev/mmcblk0";
content = {
type = "gpt";
partitions = {
firmware = {
size = "30M";
priority = 1;
type = "0700";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/firmware";
};
};
boot = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "filesystem";
extraArgs = [];
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
};
}

1195
flake.lock
View file

File diff suppressed because it is too large Load diff

195
flake.nix
View file

@ -34,10 +34,10 @@
catppuccin.url = "github:catppuccin/nix";
# Conduit fork without all the fuss and drama
# conduwuit = {
# url = "github:girlbossceo/conduwuit";
# inputs.nixpkgs.follows = "nixpkgs";
# };
conduwuit = {
url = "github:girlbossceo/conduwuit";
inputs.nixpkgs.follows = "nixpkgs";
};
# Nix index database files
nix-index-database.url = "github:nix-community/nix-index-database";
@ -78,8 +78,6 @@
# Add any other flake you might need
# hardware.url = "github:nixos/nixos-hardware";
# Stylix theming engine
stylix.url = "github:danth/stylix";
};
outputs = {
@ -99,8 +97,7 @@
jovian,
nixos-hardware,
nix-index-database,
# conduwuit,
stylix,
conduwuit,
...
} @ inputs: let
inherit (self) outputs;
@ -108,7 +105,6 @@
# Supported systems for your flake packages, shell, etc.
systems = [
"x86_64-linux"
"aarch64-linux"
];
# This is a function that generates an attribute by calling a function you
# pass to it, with each system as an argument
@ -120,32 +116,6 @@
allowUnfreePredicate = _: true;
};
};
sharedModules = [
./nixos/shared
sops-nix.nixosModules.sops
disko.nixosModules.disko
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
stylix.nixosModules.stylix
nix-index-database.nixosModules.nix-index
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
./home-manager/shared
];
}
];
desktopModules = [
./nixos/desktop
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
./home-manager/desktop
];
}
];
in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
@ -174,72 +144,129 @@
EDI = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
nixos-hardware.nixosModules.dell-xps-13-7390
lanzaboote.nixosModules.lanzaboote
# > Our main nixos configuration file <
./nixos/hosts/EDI/configuration.nix
];
modules = [
{_module.args = {inherit pkgs-edge;};}
nixos-hardware.nixosModules.dell-xps-13-7390
# > Our main nixos configuration file <
./nixos/hosts/EDI/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
GLaDOS = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ desktopModules
++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix
];
modules = [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/GLaDOS/configuration.nix
sops-nix.nixosModules.sops
#lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
queen = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ [
{_module.args = {inherit pkgs-edge;};}
simple-nixos-mailserver.nixosModule
# > Our main nixos configuration file <
./nixos/hosts/queen/configuration.nix
];
modules = [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/queen/configuration.nix
sops-nix.nixosModules.sops
disko.nixosModules.disko
simple-nixos-mailserver.nixosModule
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
];
}
];
};
shodan = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix
lanzaboote.nixosModules.lanzaboote
jovian.nixosModules.jovian
{
home-manager.sharedModules = [
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
modules = [
{_module.args = {inherit pkgs-edge;};}
# > Our main nixos configuration file <
./nixos/hosts/shodan/configuration.nix
sops-nix.nixosModules.sops
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
jovian.nixosModules.jovian
home-manager.nixosModules.home-manager
catppuccin.nixosModules.catppuccin
{
home-manager.sharedModules = [
inputs.catppuccin.homeManagerModules.catppuccin
inputs.plasma-manager.homeManagerModules.plasma-manager
];
}
];
};
wheatley = nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
specialArgs = {inherit inputs outputs;};
modules =
sharedModules
++ [
./nixos/hosts/wheatley/configuration.nix
];
};
# ISO = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules = [
# {_module.args = {inherit pkgs-edge;};}
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# ./nixos/hosts/iso/configuration.nix
# sops-nix.nixosModules.sops
# home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.plasma-manager.homeManagerModules.plasma-manager
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
# iso_server = nixpkgs.lib.nixosSystem {
# system = "x86_64-linux";
# specialArgs = {inherit inputs outputs;};
# modules = [
# {_module.args = {inherit pkgs-edge;};}
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
# ./nixos/hosts/iso_server/configuration.nix
# sops-nix.nixosModules.sops
# home-manager.nixosModules.home-manager
# nix-index-database.nixosModules.nix-index
# catppuccin.nixosModules.catppuccin
# {
# home-manager.sharedModules = [
# inputs.catppuccin.homeManagerModules.catppuccin
# ];
# }
# ];
# };
};
};
}

138
home-manager/desktop/default.nix
View file

@ -1,4 +1,11 @@
{pkgs, ...}: {
{
inputs,
outputs,
lib,
config,
pkgs,
...
}: {
# You can import other home-manager modules here
imports = [
# If you want to use modules your own flake exports (from modules/home-manager):
@ -13,10 +20,9 @@
./package-configs/firefox.nix
./package-configs/konsole
./package-configs/foot
./package-configs/freetube
./package-configs/vesktop
];
nixpkgs = {
config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"];
# You can add overlays here
overlays = [
# You can also add overlays exported from other flakes:
@ -55,10 +61,8 @@
});
})
];
# Configure your nixpkgs instance
config = {
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
# Configure your nixpkgs instance
# Disable if you don't want unfree packages
allowUnfree = true;
};
@ -72,6 +76,8 @@
# Add stuff for your user as you see fit:
# programs.neovim.enable = true;
# home.packages = with pkgs; [ steam ];
qt.style.catppuccin.apply = true;
programs.freetube.catppuccin.flavor = "macchiato";
home.packages = with pkgs; [
# Coding:
@ -85,7 +91,7 @@
# Chat applications:
signal-desktop
vesktop
# cinny-desktop
cinny-desktop
# Gaming:
prismlauncher
@ -95,8 +101,6 @@
# Multimedia:
freetube
vlc
fcast-receiver
fcast-client
# Office applications:
onlyoffice-bin
@ -135,69 +139,71 @@
firefoxpwa
ungoogled-chromium
];
programs = {
# vscode = {
# enable = true;
# package = pkgs.vscodium;
# extensions = with pkgs.vscode-extensions; [
# catppuccin.catppuccin-vsc
# catppuccin.catppuccin-vsc-icons
# charliermarsh.ruff
# eamodio.gitlens
# github.vscode-pull-request-github
# jnoortheen.nix-ide
# kamadorueda.alejandra
# mkhl.direnv
# ms-toolsai.jupyter
# ms-pyright.pyright
# oderwat.indent-rainbow
# rust-lang.rust-analyzer
# yzhang.markdown-all-in-one
# ];
# };
obs-studio.enable = true;
obs-studio.plugins = with pkgs.obs-studio-plugins; [
programs.vscode = {
enable = true;
package = pkgs.vscodium;
extensions = with pkgs.vscode-extensions; [
catppuccin.catppuccin-vsc
catppuccin.catppuccin-vsc-icons
charliermarsh.ruff
eamodio.gitlens
github.vscode-pull-request-github
jnoortheen.nix-ide
kamadorueda.alejandra
mkhl.direnv
ms-toolsai.jupyter
ms-pyright.pyright
oderwat.indent-rainbow
rust-lang.rust-analyzer
yzhang.markdown-all-in-one
];
};
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
obs-backgroundremoval
obs-pipewire-audio-capture
];
# Enable home-manager and git
home-manager.enable = true;
git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
extraConfig = {
init = {
defaultBranch = "main";
};
};
ignores = [
"*.direnv"
"*.vscode"
".envrc"
"venv"
"venv"
];
};
gpg.enable = true;
gpg.settings = {
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
default-recipient-self = true;
auto-key-locate = "local,wkd,keyserver";
keyserver = "hkps://keys.openpgp.org";
auto-key-retrieve = true;
auto-key-import = true;
keyserver-options = "honor-keyserver-url";
no-autostart = true;
};
};
services = {
kdeconnect.package = pkgs.kdePackages.kdeconnect-kde;
kdeconnect.enable = true;
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
extraConfig = {
init = {
defaultBranch = "main";
};
};
ignores = [
"*.direnv"
"*.vscode"
".envrc"
"venv"
"venv"
];
};
programs.gpg.enable = true;
programs.gpg.settings = {
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
default-recipient-self = true;
auto-key-locate = "local,wkd,keyserver";
keyserver = "hkps://keys.openpgp.org";
auto-key-retrieve = true;
auto-key-import = true;
keyserver-options = "honor-keyserver-url";
no-autostart = true;
};
services.kdeconnect = {
package = pkgs.kdePackages.kdeconnect-kde;
enable = true;
};
# Nicely reload system units when changing configs

3
home-manager/desktop/package-configs/foot/default.nix
View file

@ -1,9 +1,10 @@
{...}: {
programs.foot = {
enable = true;
# catppuccin.enable = true;
catppuccin.enable = true;
settings = {
main = {
font = "Fira Code:size=11";
};
mouse = {

7
home-manager/desktop/package-configs/freetube/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
home.file."settings.db" = {
source = ./settings.db;
target = ".config/freetube/settings.db";
force = true;
};
}

24
home-manager/desktop/package-configs/freetube/settings.db
View file

@ -1,24 +0,0 @@
{"_id":"allowDashAv1Formats","value":true}
{"_id":"barColor","value":true}
{"_id":"baseTheme","value":"catppuccinMocha"}
{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}}
{"_id":"defaultQuality","value":"1080"}
{"_id":"fetchSubscriptionsAutomatically","value":false}
{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true}
{"_id":"hideActiveSubscriptions","value":true}
{"_id":"hidePopularVideos","value":true}
{"_id":"hideRecommendedVideos","value":true}
{"_id":"hideSubscriptionsCommunity","value":true}
{"_id":"hideSubscriptionsLive","value":true}
{"_id":"hideSubscriptionsShorts","value":true}
{"_id":"hideSubscriptionsVideos","value":true}
{"_id":"hideTrendingVideos","value":true}
{"_id":"landingPage","value":"history"}
{"_id":"mainColor","value":"CatppuccinMochaMauve"}
{"_id":"playNextVideo","value":false}
{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"}
{"_id":"secColor","value":"CatppuccinMochaMauve"}
{"_id":"showDistractionFreeTitles","value":true}
{"_id":"useDeArrowThumbnails","value":true}
{"_id":"useDeArrowTitles","value":true}
{"_id":"useSponsorBlock","value":true}

15
home-manager/desktop/package-configs/plasma-desktop.nix
View file

@ -1,15 +1,4 @@
{osConfig, ...}: {
home.file.".config/kdeconnect/config" = {
text = ''
[General]
keyAlgorithm=EC
name=${osConfig.networking.hostName}
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
'';
target = ".config/kdeconnect/config";
force = true;
};
{
programs.plasma = {
enable = true;
desktop.mouseActions.verticalScroll = "switchVirtualDesktop";
@ -99,7 +88,7 @@
"applications:steam.desktop"
"applications:noisetorch.desktop"
"applications:org.kde.plasma-systemmonitor.desktop"
"applications:foot.desktop"
"applications:org.codeberg.dnkl.foot.desktop"
"applications:nitrokey-app.desktop"
"applications:codium.desktop"
"applications:freetube.desktop"

7
home-manager/desktop/package-configs/vesktop/default.nix
View file

@ -1,7 +0,0 @@
{...}: {
home.file."settings.json" = {
source = ./settings.json;
target = ".config/vesktop/settings/settings.json";
force = true;
};
}

602
home-manager/desktop/package-configs/vesktop/settings.json
View file

@ -1,602 +0,0 @@
{
"autoUpdate": true,
"autoUpdateNotification": false,
"useQuickCss": true,
"themeLinks": [],
"enabledThemes": [
"stylix.theme.css"
],
"enableReactDevtools": false,
"frameless": false,
"transparent": false,
"winCtrlQ": false,
"disableMinSize": false,
"winNativeTitleBar": false,
"plugins": {
"ChatInputButtonAPI": {
"enabled": true
},
"CommandsAPI": {
"enabled": true
},
"MemberListDecoratorsAPI": {
"enabled": false
},
"MessageAccessoriesAPI": {
"enabled": true
},
"MessageDecorationsAPI": {
"enabled": false
},
"MessageEventsAPI": {
"enabled": true
},
"MessagePopoverAPI": {
"enabled": false
},
"MessageUpdaterAPI": {
"enabled": false
},
"ServerListAPI": {
"enabled": false
},
"UserSettingsAPI": {
"enabled": true
},
"AccountPanelServerProfile": {
"enabled": false
},
"AlwaysAnimate": {
"enabled": false
},
"AlwaysExpandRoles": {
"enabled": false
},
"AlwaysTrust": {
"enabled": true,
"domain": true,
"file": true
},
"AnonymiseFileNames": {
"enabled": true,
"anonymiseByDefault": true,
"method": 0,
"randomisedLength": 7
},
"AppleMusicRichPresence": {
"enabled": false
},
"WebRichPresence (arRPC)": {
"enabled": false
},
"BANger": {
"enabled": false
},
"BetterFolders": {
"enabled": false
},
"BetterGifAltText": {
"enabled": false
},
"BetterGifPicker": {
"enabled": false
},
"BetterNotesBox": {
"enabled": false
},
"BetterRoleContext": {
"enabled": false
},
"BetterRoleDot": {
"enabled": false
},
"BetterSessions": {
"enabled": false
},
"BetterSettings": {
"enabled": false
},
"BetterUploadButton": {
"enabled": false
},
"BiggerStreamPreview": {
"enabled": false
},
"BlurNSFW": {
"enabled": false
},
"CallTimer": {
"enabled": false
},
"ClearURLs": {
"enabled": false
},
"ClientTheme": {
"enabled": false
},
"ColorSighted": {
"enabled": false
},
"ConsoleJanitor": {
"enabled": false
},
"ConsoleShortcuts": {
"enabled": false
},
"CopyEmojiMarkdown": {
"enabled": false
},
"CopyFileContents": {
"enabled": false
},
"CopyUserURLs": {
"enabled": false
},
"CrashHandler": {
"enabled": true
},
"CtrlEnterSend": {
"enabled": false
},
"CustomRPC": {
"enabled": false
},
"CustomIdle": {
"enabled": false
},
"Dearrow": {
"enabled": false
},
"Decor": {
"enabled": false
},
"DisableCallIdle": {
"enabled": false
},
"DontRoundMyTimestamps": {
"enabled": false
},
"EmoteCloner": {
"enabled": false
},
"Experiments": {
"enabled": false
},
"F8Break": {
"enabled": false
},
"FakeNitro": {
"enabled": true,
"enableEmojiBypass": true,
"emojiSize": 48,
"transformEmojis": true,
"enableStickerBypass": true,
"stickerSize": 160,
"transformStickers": true,
"transformCompoundSentence": false,
"enableStreamQualityBypass": true,
"useHyperLinks": true,
"hyperLinkText": "{{NAME}}",
"disableEmbedPermissionCheck": false
},
"FakeProfileThemes": {
"enabled": false
},
"FavoriteEmojiFirst": {
"enabled": false
},
"FavoriteGifSearch": {
"enabled": false
},
"FixCodeblockGap": {
"enabled": false
},
"FixSpotifyEmbeds": {
"enabled": false
},
"FixYoutubeEmbeds": {
"enabled": false
},
"ForceOwnerCrown": {
"enabled": false
},
"FriendInvites": {
"enabled": false
},
"FriendsSince": {
"enabled": false
},
"FullSearchContext": {
"enabled": false
},
"GameActivityToggle": {
"enabled": false
},
"GifPaste": {
"enabled": false
},
"GreetStickerPicker": {
"enabled": false
},
"HideAttachments": {
"enabled": false
},
"iLoveSpam": {
"enabled": false
},
"IgnoreActivities": {
"enabled": false
},
"ImageLink": {
"enabled": false
},
"ImageZoom": {
"enabled": false
},
"ImplicitRelationships": {
"enabled": false
},
"InvisibleChat": {
"enabled": false
},
"KeepCurrentChannel": {
"enabled": false
},
"LastFMRichPresence": {
"enabled": false
},
"LoadingQuotes": {
"enabled": false
},
"MemberCount": {
"enabled": true,
"memberList": true,
"toolTip": true
},
"MentionAvatars": {
"enabled": false
},
"MessageClickActions": {
"enabled": false
},
"MessageLatency": {
"enabled": false
},
"MessageLinkEmbeds": {
"enabled": false
},
"MessageLogger": {
"enabled": false
},
"MessageTags": {
"enabled": false
},
"MoreCommands": {
"enabled": false
},
"MoreKaomoji": {
"enabled": true
},
"MoreUserTags": {
"enabled": false
},
"Moyai": {
"enabled": false
},
"MutualGroupDMs": {
"enabled": false
},
"NewGuildSettings": {
"enabled": false
},
"NoBlockedMessages": {
"enabled": false
},
"NoDevtoolsWarning": {
"enabled": false
},
"NoF1": {
"enabled": false
},
"NoMaskedUrlPaste": {
"enabled": false
},
"NoMosaic": {
"enabled": false
},
"NoOnboardingDelay": {
"enabled": false
},
"NoPendingCount": {
"enabled": false
},
"NoProfileThemes": {
"enabled": false
},
"NoReplyMention": {
"enabled": false
},
"NoScreensharePreview": {
"enabled": false
},
"NoServerEmojis": {
"enabled": false
},
"NoTypingAnimation": {
"enabled": false
},
"NoUnblockToJump": {
"enabled": false
},
"NormalizeMessageLinks": {
"enabled": false
},
"NotificationVolume": {
"enabled": false
},
"NSFWGateBypass": {
"enabled": false
},
"OnePingPerDM": {
"enabled": false
},
"oneko": {
"enabled": false
},
"OpenInApp": {
"enabled": false
},
"OverrideForumDefaults": {
"enabled": false
},
"PartyMode": {
"enabled": false
},
"PauseInvitesForever": {
"enabled": false
},
"PermissionFreeWill": {
"enabled": false
},
"PermissionsViewer": {
"enabled": false
},
"petpet": {
"enabled": true
},
"PictureInPicture": {
"enabled": false
},
"PinDMs": {
"enabled": false
},
"PlainFolderIcon": {
"enabled": false
},
"PlatformIndicators": {
"enabled": false
},
"PreviewMessage": {
"enabled": false
},
"QuickMention": {
"enabled": false
},
"QuickReply": {
"enabled": false
},
"ReactErrorDecoder": {
"enabled": false
},
"ReadAllNotificationsButton": {
"enabled": false
},
"RelationshipNotifier": {
"enabled": false
},
"ReplaceGoogleSearch": {
"enabled": false
},
"ReplyTimestamp": {
"enabled": false
},
"RevealAllSpoilers": {
"enabled": false
},
"ReverseImageSearch": {
"enabled": false
},
"ReviewDB": {
"enabled": false
},
"RoleColorEverywhere": {
"enabled": false
},
"SecretRingToneEnabler": {
"enabled": false
},
"Summaries": {
"enabled": false
},
"SendTimestamps": {
"enabled": true,
"replaceMessageContents": true
},
"ServerInfo": {
"enabled": false
},
"ServerListIndicators": {
"enabled": false
},
"ShikiCodeblocks": {
"enabled": true,
"useDevIcon": "COLOR",
"theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json",
"tryHljs": "SECONDARY",
"bgOpacity": 100
},
"ShowAllMessageButtons": {
"enabled": false
},
"ShowConnections": {
"enabled": false
},
"ShowHiddenChannels": {
"enabled": false
},
"ShowHiddenThings": {
"enabled": false
},
"ShowMeYourName": {
"enabled": false
},
"ShowTimeoutDuration": {
"enabled": false
},
"SilentMessageToggle": {
"enabled": false
},
"SilentTyping": {
"enabled": false
},
"SortFriendRequests": {
"enabled": false
},
"SpotifyControls": {
"enabled": false
},
"SpotifyCrack": {
"enabled": false
},
"SpotifyShareCommands": {
"enabled": false
},
"StartupTimings": {
"enabled": false
},
"StickerPaste": {
"enabled": false
},
"StreamerModeOnStream": {
"enabled": false
},
"SuperReactionTweaks": {
"enabled": false
},
"TextReplace": {
"enabled": false
},
"ThemeAttributes": {
"enabled": false
},
"Translate": {
"enabled": false
},
"TypingIndicator": {
"enabled": false
},
"TypingTweaks": {
"enabled": false
},
"Unindent": {
"enabled": false
},
"UnlockedAvatarZoom": {
"enabled": false
},
"UnsuppressEmbeds": {
"enabled": false
},
"UserVoiceShow": {
"enabled": false
},
"USRBG": {
"enabled": false
},
"ValidReply": {
"enabled": false
},
"ValidUser": {
"enabled": false
},
"VoiceChatDoubleClick": {
"enabled": false
},
"VcNarrator": {
"enabled": false
},
"VencordToolbox": {
"enabled": false
},
"ViewIcons": {
"enabled": false
},
"ViewRaw": {
"enabled": false
},
"VoiceDownload": {
"enabled": false
},
"VoiceMessages": {
"enabled": false
},
"VolumeBooster": {
"enabled": false
},
"WebKeybinds": {
"enabled": true
},
"WebScreenShareFixes": {
"enabled": true
},
"WhoReacted": {
"enabled": false
},
"XSOverlay": {
"enabled": false
},
"YoutubeAdblock": {
"enabled": true
},
"NoTrack": {
"enabled": true,
"disableAnalytics": true
},
"WebContextMenus": {
"enabled": true,
"addBack": true
},
"Settings": {
"enabled": true,
"settingsLocation": "aboveNitro"
},
"SupportHelper": {
"enabled": true
},
"UserMessagesPronouns": {
"enabled": true,
"showInMessages": true,
"showSelf": true,
"pronounSource": 0,
"pronounsFormat": "LOWERCASE"
},
"DynamicImageModalAPI": {
"enabled": false
},
"FixImagesQuality": {
"enabled": false
}
},
"notifications": {
"timeout": 5000,
"position": "bottom-right",
"useNative": "not-focused",
"logLimit": 50
},
"cloud": {
"authenticated": false,
"url": "https://api.vencord.dev/",
"settingsSync": false,
"settingsSyncVersion": 1734993730812
}
}

1
home-manager/hosts/EDI/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI

1
home-manager/hosts/GLaDOS/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS

2
home-manager/hosts/GLaDOS/lillian.nix
View file

@ -18,8 +18,6 @@
home.packages = with pkgs; [
heroic
r2modman
ryujinx
lutris
];
programs.mangohud = {

1
home-manager/hosts/queen/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS

1
home-manager/hosts/shodan/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS

36
home-manager/hosts/shodan/lillian.nix
View file

@ -16,8 +16,6 @@
../../desktop/package-configs/firefox.nix
../../desktop/package-configs/konsole
../../desktop/package-configs/foot
../../desktop/package-configs/freetube
../../desktop/package-configs/vesktop
../../shared
];
nixpkgs = {
@ -58,11 +56,10 @@
freetube
obs-studio
vlc
fcast-receiver
fcast-client
# System tools:
rage
discover
flameshot
fzf
nextcloud-client
@ -86,23 +83,22 @@
firefox
ungoogled-chromium
];
programs = {
# # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
# enable = true;
# automount = true;
# notify = false;
# tray = "never";
# };
# Enable home-manager and git
home-manager.enable = true;
git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
};
# # Automount services for user
# programs.bashmount.enable = true;
# services.udiskie = {
# enable = true;
# automount = true;
# notify = false;
# tray = "never";
# };
# Enable home-manager and git
programs.home-manager.enable = true;
programs.git = {
enable = true;
userEmail = "git@lillianviolet.dev";
userName = "Lillian-Violet";
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

1
home-manager/hosts/wheatley/id_ed25519.pub
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS

5
home-manager/hosts/wheatley/lillian.nix
View file

@ -11,7 +11,8 @@
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
../../shared
../../package-configs/zsh.nix
../../package-configs/helix.nix
];
nixpkgs = {
@ -35,5 +36,5 @@
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
home.stateVersion = "25.05";
home.stateVersion = "24.05";
}

46
home-manager/kde-connect-commands.json
View file

@ -1,46 +0,0 @@
[
{
"command": "systemctl poweroff",
"name": "shutdown"
},
{
"command": "systemctl reboot",
"name": "reboot"
},
{
"command": "systemctl suspend",
"name": "suspend"
},
{
"command": "systemctl hibernate",
"name": "hibernate"
},
{
"command": "loginctl lock-session",
"name": "lock"
},
{
"command": "loginctl unlock-session",
"name": "unlock"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
"name": "mute"
},
{
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
"name": "mute mic"
},
{
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "screenshot to phone"
},
{
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
"name": "webcam to phone"
},
{
"command": "",
"name": ""
}
]

53
home-manager/shared/default.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
osConfig,
...
}: {
{pkgs, ...}: {
imports = [
./shell/helix
./shell/zellij
@ -14,19 +10,11 @@
home = {
username = "lillian";
homeDirectory = "/home/lillian";
file."id_ed25519.pub" = {
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
target = ".ssh/id_ed25519.pub";
force = true;
};
};
catppuccin = {
enable = true;
flavor = "macchiato";
foot.enable = false;
helix.enable = false;
yazi.enable = false;
};
home.packages = with pkgs; [
@ -39,43 +27,8 @@
broot
lazygit
navi
yazi
nil
];
programs = {
navi.enable = true;
yazi = {
enable = true;
package = pkgs.yazi.override {
_7zz = pkgs._7zz.override {useUasm = true;};
};
};
};
stylix.enable = true;
# stylix = {
# enable = true;
# autoEnable = true;
# base16Scheme = {
# scheme = "Catppuccin Macchiato";
# author = "https://github.com/catppuccin/catppuccin";
# base00 = "24273a";
# base01 = "1e2030";
# base02 = "363a4f";
# base03 = "494d64";
# base04 = "5b6078";
# base05 = "cad3f5";
# base06 = "f4dbd6";
# base07 = "b7bdf8";
# base08 = "ed8796";
# base09 = "f5a97f";
# base0A = "eed49f";
# base0B = "a6da95";
# base0C = "8bd5ca";
# base0D = "8aadf4";
# base0E = "c6a0f6";
# base0F = "f0c6c6";
# };
# image = ./background.jpg;
# cursor.package = pkgs.catppuccin-cursors;
# cursor.name = "macchiatoMauve";
# };
programs.navi.enable = true;
}

2
home-manager/shared/shell/bat.nix
View file

@ -2,6 +2,6 @@
programs.bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch];
# catppuccin.enable = true;
catppuccin.enable = true;
};
}

34
home-manager/shared/shell/helix/default.nix
View file

@ -16,21 +16,24 @@
''
#! ~/.nix-profile/bin/zsh
is_new() {
new=0;
mkdir -p /tmp/rjh;
if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then
new=1
fi
return $new
new=1;
touch /tmp/rjh;
while IFS="" read -r p || [ -n "$p" ]; do
if [ $(pwd) = $p ]; then
new=0;
fi
done < /tmp/rjh
return $new
}
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3
rm -f /tmp/pipe-rjh
mkfifo /tmp/pipe-rjh
cat > /tmp/pipe-rjh
zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh
rm /tmp/pipe-rjh
send_to_jupyter() {
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17
pwd >> /tmp/rjh
zellij action write 29 25
zellij action write 17
cat | just send
}
send_to_jupyter
'';
in {
programs.helix = {
@ -48,11 +51,6 @@ in {
j = ":pipe-to just jupyter";
};
editor = {
auto-save = {
focus-lost = true;
after-delay.enable = true;
after-delay.timeout = 3000;
};
line-number = "relative";
lsp.display-messages = true;
lsp.display-inlay-hints = true;

45
home-manager/shared/shell/helix/helix.nix
View file

@ -1,45 +0,0 @@
{
fetchzip,
lib,
rustPlatform,
git,
installShellFiles,
}:
rustPlatform.buildRustPackage rec {
pname = "helix";
version = "24.07";
# This release tarball includes source code for the tree-sitter grammars,
# which is not ordinarily part of the repository.
src = fetchzip {
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
hash = "";
stripRoot = false;
};
cargoHash = "";
nativeBuildInputs = [git installShellFiles];
env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
postInstall = ''
# not needed at runtime
rm -r runtime/grammars/sources
mkdir -p $out/lib
cp -r runtime $out/lib
installShellCompletion contrib/completion/hx.{bash,fish,zsh}
mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
cp contrib/Helix.desktop $out/share/applications
cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
'';
meta = with lib; {
description = "Post-modern modal text editor";
homepage = "https://helix-editor.com";
license = licenses.mpl20;
mainProgram = "hx";
maintainers = with maintainers; [danth yusdacra zowoq];
};
}

6
home-manager/shared/shell/zellij/default.nix
View file

@ -174,7 +174,7 @@ in {
enableZshIntegration = true;
settings = {
session_serialization = true;
# theme = "catppuccin-macchiato";
theme = "catppuccin-macchiato";
themes = {
catppuccin-mocha = {
@ -206,12 +206,14 @@ in {
};
};
};
home.file = {
"layout" = {
source = "${layout}";
target = ".config/zellij/layouts/default.kdl";
};
};
home.file = {
"helix_zellij" = {
source = "${helix_zellij}";
target = ".config/zellij/layouts/helix.kdl";

125
home-manager/shared/shell/zsh.nix
View file

@ -1,71 +1,70 @@
{pkgs, ...}: {
programs = {
zoxide = {
enable = true;
programs.zoxide = {
enable = true;
};
programs.zsh = {
enable = true;
shellAliases = {
cd = "z";
code = "codium ./";
ls = "eza";
lh = "ls -lah";
cat = "bat";
tree = "tre";
neofetch = "hyfetch";
shutdown = "shutdown 0";
reboot = "reboot 0";
};
zsh = {
plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.8.0";
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
};
}
{
name = "terraform";
src = pkgs.fetchFromGitHub {
owner = "macunha1";
repo = "zsh-terraform";
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
];
autosuggestion.enable = true;
enableCompletion = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;
#zsh-abbr.enable = true;
oh-my-zsh = {
enable = true;
shellAliases = {
cd = "z";
code = "codium ./";
ls = "eza";
lh = "ls -lah";
cat = "bat";
tree = "tre";
neofetch = "hyfetch";
shutdown = "shutdown 0";
reboot = "reboot 0";
};
plugins = [
{
name = "zsh-nix-shell";
file = "nix-shell.plugin.zsh";
src = pkgs.fetchFromGitHub {
owner = "chisui";
repo = "zsh-nix-shell";
rev = "v0.8.0";
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
};
}
{
name = "terraform";
src = pkgs.fetchFromGitHub {
owner = "macunha1";
repo = "zsh-terraform";
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
};
}
"git"
"colored-man-pages"
"colorize"
"dirhistory"
"dirpersist"
"history"
"history-substring-search"
"fancy-ctrl-z"
"git-flow"
"isodate"
"z"
"zsh-interactive-cd"
"zsh-navigation-tools"
];
autosuggestion.enable = true;
enableCompletion = true;
historySubstringSearch.enable = true;
syntaxHighlighting.enable = true;
#zsh-abbr.enable = true;
oh-my-zsh = {
enable = true;
plugins = [
"git"
"colored-man-pages"
"colorize"
"dirhistory"
"dirpersist"
"history"
"history-substring-search"
"fancy-ctrl-z"
"git-flow"
"isodate"
"z"
"zsh-interactive-cd"
"zsh-navigation-tools"
];
};
# Extra commands that take more complex forms
initExtra = ''
eval "$(zoxide init --cmd cd zsh)"
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
'';
};
# Extra commands that take more complex forms
initExtra = ''
eval "$(zoxide init --cmd cd zsh)"
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
'';
};
}

9
justfile
View file

@ -13,12 +13,3 @@ update:
clean:
sudo nix-collect-garbage
sudo nix-store --optimise
setup:
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
push:
git pull
git add *
read -p "Commit message: " -r message && git commit -m "$message"
git push

3
modules/nixos/default.nix
View file

@ -1,5 +1,6 @@
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
# These should be stuff you would like to share with others, not your personal configurations.
{
vpn-ip = import ./vpn-ip;
# List your module files here
contabo.wan = import ./contabo/wan;
}

14
modules/nixos/vpn-ip/default.nix
View file

@ -1,14 +0,0 @@
{lib, ...}:
with lib; {
# Declare what settings a user of this "hello.nix" module CAN SET.
options.services.vpn-ip = {
ip = mkOption {
type = types.str;
default = "0";
};
publicKey = mkOption {
type = types.str;
default = "";
};
};
}

186
nixos/desktop/default.nix
View file

@ -29,6 +29,11 @@
};
};
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
programs.command-not-found.enable = lib.mkForce false;
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
environment.systemPackages =
(with pkgs; [
# Custom tools
@ -78,8 +83,6 @@
kdePackages.sddm-kcm
kdePackages.dolphin-plugins
kdePackages.qtstyleplugin-kvantum
kdePackages.krdc
kdePackages.krfb
libportal-qt5
libportal
@ -93,124 +96,101 @@
# list of latest packages from nixpkgs master
# Can be used to install latest version of some packages
]);
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
nix-index.enable = true;
nix-index-database.comma.enable = true;
direnv = {
enable = true;
};
steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
kdeconnect.enable = true;
noisetorch = {
enable = true;
};
programs.direnv = {
enable = true;
};
# Enable networking
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
networking.networkmanager.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
services = {
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
displayManager.defaultSession = "plasma";
desktopManager.plasma6.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable flatpak support
flatpak.enable = true;
packagekit.enable = true;
# Configure keymap in X11
xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable CUPS to print documents.
printing.enable = true;
# Enable fwupd daemon and user space client
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
avahi = {
nssmdns4 = true;
enable = true;
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
# Enable the KDE Plasma Desktop Environment.
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
hardware = {
graphics.enable32Bit = true;
services.displayManager.defaultSession = "plasma";
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
# Enable bluetooth hardware
bluetooth.enable = true;
# Enable flatpak support
services.flatpak.enable = true;
services.packagekit.enable = true;
# Enable sound with pipewire.
pulseaudio.enable = false;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
wireplumber.enable = true;
};
programs.noisetorch = {
enable = true;
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
security.tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"];
boot = {
# tss group has access to TPM devices
bootspec.enable = true;
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
#boot.supportedFilesystems = ["bcachefs"];
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
kernelModules = [
# Virtual Camera
"v4l2loopback"
# Virtual Microphone, built-in
"snd-aloop"
];
# Set initial kernel module settings
extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
loader.systemd-boot.configurationLimit = 3;
loader.efi.canTouchEfiVariables = true;
};
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
# FIXME: re-enable virtual camera loopback when it build again.
boot.bootspec.enable = true;
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
#boot.supportedFilesystems = ["bcachefs"];
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
boot.kernelModules = [
# Virtual Camera
"v4l2loopback"
# Virtual Microphone, built-in
"snd-aloop"
];
# Set initial kernel module settings
boot.extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
}

42
nixos/hosts/EDI/configuration.nix
View file

@ -1,6 +1,7 @@
# This is your system's configuration file.
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
{
inputs,
outputs,
lib,
pkgs,
@ -8,6 +9,8 @@
}: {
# You can import other NixOS modules here
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -18,32 +21,39 @@
# You can also split up your configuration and import pieces of it here:
# ./users.nix
outputs.nixosModules.vpn-ip
../../desktop
../../../disko/EDI
# Import your generated (nixos-generate-config) hardware configuration
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/sops.yaml;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/EDI;
};
};
environment.systemPackages = with pkgs; [
];
services.vpn-ip = {
ip = "3";
};
networking.hostName = "EDI";
boot = {
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
loader.systemd-boot.enable = lib.mkForce false;
initrd.systemd.enable = true;
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion

7
nixos/hosts/EDI/secrets/sops.yaml
View file

@ -1,5 +1,4 @@
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -15,8 +14,8 @@ sops:
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-06T18:01:20Z"
mac: ENC[AES256_GCM,data:UTzeVEUolw6oBrRL8NMEcb5WmJYUdKnnxKYTrV0AowX6B5Jk8e6hSHqMiEmY9yPdS0HGA0i+DirGvrW3TmsOk2XehsiNO9puXb0/6KiaTge4y3/ueVASAPs/qB9RR6EAdBiE1ZUKVy2vpL+x9xp5XY2F8aHIp22DmJ5Xg5oyWJc=,iv:1/Fj2xAKHUebsj1FLmmGAmvHXNYsLXIfP6F7PJ7EH9M=,tag:XvFBu2vCNj7UMbWVPgo94Q==,type:str]
lastmodified: "2024-02-21T10:15:11Z"
mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.8.1

64
nixos/hosts/GLaDOS/configuration.nix
View file

@ -10,7 +10,6 @@
imports = [
# Import home-manager's NixOS module
inputs.home-manager.nixosModules.home-manager
outputs.nixosModules.vpn-ip
# If you want to use modules your own flake exports (from modules/nixos):
# outputs.nixosModules.example
@ -21,7 +20,7 @@
# You can also split up your configuration and import pieces of it here:
# ./users.nix
# ../../desktop
../../desktop
../../../disko/GLaDOS
@ -29,39 +28,35 @@
./hardware-configuration.nix
];
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
];
services.vpn-ip = {
ip = "2";
};
networking.hostName = "GLaDOS";
services.xserver.videoDrivers = ["amdgpu"];
hardware = {
# Add vulkan support to GPU
graphics.extraPackages = with pkgs; [
amdvlk
];
# For 32 bit applications
graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
};
programs = {
gamemode.enable = true;
gamemode.settings = {
# Add vulkan support to GPU
hardware.graphics.extraPackages = with pkgs; [
amdvlk
];
# For 32 bit applications
hardware.graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
];
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
# Warning: GPU optimisations have the potential to damage hardware
# gpu = {
# apply_gpu_optimisations = "accept-responsibility";
# gpu_device = 0;
# amd_performance_level = "high";
# };
gpu = {
apply_gpu_optimisations = "accept-responsibility";
gpu_device = 0;
amd_performance_level = "high";
};
custom = {
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
@ -69,10 +64,8 @@
};
};
};
boot = {
loader.systemd-boot.enable = true;
binfmt.emulatedSystems = ["aarch64-linux"];
};
boot.loader.systemd-boot.enable = true;
# boot.lanzaboote = {
# enable = true;
@ -81,6 +74,17 @@
users.users.lillian.extraGroups = ["gamemode"];
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/GLaDOS;
};
};
# virtualisation.waydroid.enable = false;
networking.hostName = "GLaDOS";
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

8
nixos/hosts/GLaDOS/secrets/sops.yaml
View file

@ -1,6 +1,4 @@
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str]
sops:
kms: []
gcp_kms: []
@ -16,8 +14,8 @@ sops:
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-22T22:09:35Z"
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
lastmodified: "2024-02-22T11:58:42Z"
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.8.1

143
nixos/hosts/queen/configuration.nix
View file

@ -13,8 +13,6 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# You can also split up your configuration and import pieces of it here:
# ./nvim.nix
./hardware-configuration.nix
@ -28,17 +26,16 @@
# Import disko
# ../../../disko/queen
];
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
services = {
openssh = {
enable = true;
settings = {
# require public key authentication for better security
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
};
};
networking.domain = "";
services.openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
nixpkgs = {
@ -53,6 +50,9 @@
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
fzf
matrix-conduit
@ -88,66 +88,58 @@
sqlite
rocksdb
];
networking = {
domain = "";
# Create an auto-update systemd service that runs every day
# system.autoUpgrade = {
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
# dates = "daily";
# enable = true;
# };
# Create an auto-update systemd service that runs every day
# system.autoUpgrade = {
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
# dates = "daily";
# enable = true;
# };
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# Enable networking
# networking.networkmanager.enable = true;
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
enableIPv6 = lib.mkForce true;
nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
# Enable networking
# networking.networkmanager.enable = true;
# networking.nat.enable = true;
# networking.nat.internalInterfaces = ["ve-+"];
# networking.nat.externalInterface = "ens18";
networking.enableIPv6 = lib.mkForce true;
networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
# networking.interfaces.ens18.ipv4.addresses = [
# {
# address = "62.171.160.195";
# prefixLength = 32;
# }
# ];
# networking.interfaces.ens18.ipv4.addresses = [
# {
# address = "62.171.160.195";
# prefixLength = 32;
# }
# ];
interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
networking.interfaces.ens18.ipv6.addresses = [
{
address = "2a02:c207:2063:2448::1";
prefixLength = 64;
}
];
networking.defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
# Open ports in the firewall.
networking.firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
defaultGateway6 = {
address = "fe80::1";
interface = "ens18";
};
firewall = {
# Open ports in the firewall.
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
];
allowedUDPPortRanges = [
{
from = 49152;
to = 49999;
} # TURN relay
];
};
hostName = "queen";
# Disable the server going through wireguard vpn for now
wireguard.enable = lib.mkForce false;
};
# networking.useNetworkd = true;
@ -180,15 +172,20 @@
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
boot = {
tmp.cleanOnBoot = true;
loader.grub = {
enable = true;
configurationLimit = 3;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/queen;
};
loader.efi.canTouchEfiVariables = true;
};
networking.hostName = "queen";
boot.loader.grub.enable = true;
boot.loader.grub.configurationLimit = 3;
boot.loader.efi.canTouchEfiVariables = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

9
nixos/hosts/queen/secrets/sops.yaml
View file

@ -6,14 +6,13 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str]
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
sops:
kms: []
gcp_kms: []
@ -29,8 +28,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-23T00:03:37Z"
mac: ENC[AES256_GCM,data:uRXXG8sDFqMyuhSSJrD3gDmZd2uGdrV/vHxfrAzTHYa+rtq7EjsIynxa9obpBKEbCSHa5UHgNxoP9VpSd9n9ENaRDxKFdaANcREjUihTDv0rFoMyaiBPcjWjj5/W8rA2ki7V4M0tgERUmq+UOcW5uZg01jPrHm7TFgdwZezFPfI=,iv:FX7DrwjA2DYKRif4EdhQ7rQKfQdk4NrQBIA+LB/3xkI=,tag:swckRXnUoVVdBsx8tDqIKA==,type:str]
lastmodified: "2024-08-16T13:34:43Z"
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.9.0

231
nixos/hosts/shodan/configuration.nix
View file

@ -14,9 +14,8 @@
# Or modules exported from other flakes (such as nix-colors):
# inputs.nix-colors.homeManagerModules.default
outputs.nixosModules.vpn-ip
# Import the shared settings
../../shared
../../desktop/package-configs/firefox
# You can also split up your configuration and import pieces of it here:
@ -27,101 +26,11 @@
./auto-mount.nix
];
boot = {
tmp.cleanOnBoot = true;
loader = {
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
systemd-boot.enable = lib.mkForce false;
systemd-boot.configurationLimit = 3;
timeout = 0;
efi.canTouchEfiVariables = true;
};
initrd.systemd.enable = true;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
consoleLogLevel = 0;
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
plymouth.enable = true;
};
boot.tmp.cleanOnBoot = true;
zramSwap.enable = false;
networking = {
domain = "";
# Enable networking
networkmanager.enable = true;
firewall.enable = true;
firewall.allowedTCPPorts = [22];
hostName = "shodan";
};
services.vpn-ip = {
ip = "4";
};
services = {
openssh.enable = true; # Enables support for 32bit libs that steam uses
# Enable the X11 windowing system.
xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
desktopManager.plasma6.enable = true;
avahi = {
nssmdns4 = true;
enable = true;
ipv4 = true;
ipv6 = true;
publish = {
enable = true;
addresses = true;
workstation = true;
};
};
displayManager = {
defaultSession = "plasma";
sddm.wayland.enable = lib.mkForce true;
sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
};
# Enable flatpak support
flatpak.enable = true;
packagekit.enable = true;
# Configure keymap in X11
xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable CUPS to print documents.
printing.enable = true;
# Enable fwupd daemon and user space client
fwupd.enable = true;
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
networking.domain = "";
services.openssh.enable = true;
nixpkgs = {
# You can add overlays here
@ -133,6 +42,10 @@
allowUnfree = true;
};
};
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
sops.defaultSopsFile = ./secrets/sops.yaml;
environment.systemPackages = with pkgs; [
# Custom tools
auto-mount
@ -142,11 +55,9 @@
decky-loader
efitools
jq
# noto-fonts
# noto-fonts-emoji-blob-bin
# noto-fonts-emoji
qjackctl
noto-fonts
noto-fonts-emoji-blob-bin
noto-fonts-emoji
#rustdesk
sbctl
udisks
@ -157,7 +68,7 @@
#KDE:
krunner-translator
# kdePackages.discover
kdePackages.discover
kdePackages.kcalc
kdePackages.kdepim-addons
kdePackages.kirigami
@ -166,8 +77,6 @@
# kdePackages.krunner-symbols
kdePackages.qtvirtualkeyboard
kdePackages.packagekit-qt
kdePackages.krdc
kdePackages.krfb
libportal
#Gaming:
@ -195,24 +104,48 @@
enableGyroDsuService = true;
};
};
programs = {
steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
kdeconnect.enable = true;
noisetorch = {
enable = true;
};
programs.steam = lib.mkForce {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
extest.enable = true;
};
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
git = {
enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true;
programs.kdeconnect.enable = true;
services.displayManager.defaultSession = "plasma";
services.displayManager.sddm.wayland.enable = lib.mkForce true;
services.displayManager.sddm.settings = {
Autologin = {
Session = "plasma.desktop";
User = "lillian";
};
};
# Enable flatpak support
services.flatpak.enable = true;
services.packagekit.enable = true;
# Configure keymap in X11
services.xserver = {
xkb.layout = "us";
xkb.variant = "";
};
# Enable networking
networking.networkmanager.enable = true;
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [22];
# # Enable automounting of removable media
# services.udisks2.enable = true;
# services.devmon.enable = true;
@ -221,14 +154,32 @@
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
hardware = {
graphics.enable32Bit = true;
# Enable bluetooth hardware
bluetooth.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
pulseaudio.enable = false;
# Enable bluetooth hardware
hardware.bluetooth.enable = true;
# Enable fwupd daemon and user space client
services.fwupd.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
programs.noisetorch = {
enable = true;
};
programs.git = {
enable = true;
};
users.users.lillian.extraGroups = ["decky" "tss" "input"];
@ -236,15 +187,39 @@
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
security = {
rtkit.enable = true;
tpm2 = {
enable = true;
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
tctiEnvironment.enable = true;
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/shodan;
};
};
networking.hostName = "shodan";
security.tpm2.enable = true;
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
# tss group has access to TPM devices
# Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false
# for now.
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.initrd.systemd.enable = true;
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.timeout = 0;
boot.loader.efi.canTouchEfiVariables = true;
boot.consoleLogLevel = 0;
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
boot.plymouth.enable = true;
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "24.11";
}

8
nixos/hosts/shodan/secrets/sops.yaml
View file

@ -1,6 +1,4 @@
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
sops:
kms: []
gcp_kms: []
@ -16,8 +14,8 @@ sops:
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-22T22:35:15Z"
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
lastmodified: "2024-03-19T00:42:59Z"
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.8.1

425
nixos/hosts/wheatley/configuration.nix
View file

@ -1,346 +1,127 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
inputs,
outputs,
lib,
pkgs,
config,
modulesPath,
pkgs,
...
}: {
imports = [
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
inputs.home-manager.nixosModules.home-manager
./armv7l.nix
./hardware-configuration.nix
# Import shared settings
# Import shared configurations
../../shared
];
nixpkgs.overlays = [
(final: super: {
makeModulesClosure = x:
super.makeModulesClosure (x // {allowMissing = true;});
})
];
programs = {
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
command-not-found.enable = lib.mkForce false;
nix-index.enable = true;
nix-index-database.comma.enable = true;
};
services = {
automatic-timezoned.enable = true;
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.generic-extlinux-compatible.configurationLimit = 5;
boot.loader.grub.enable = false;
boot.tmp.cleanOnBoot = true;
# stubby = {
# enable = true;
# settings =
# pkgs.stubby.passthru.settingsExample
# // {
# upstream_recursive_servers = [
# {
# address_data = "94.140.14.49";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "94.140.14.59";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:ded:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# {
# address_data = "2a10:50c0:0:0:0:0:dad:ff";
# tls_auth_name = "4b921896.d.adguard-dns.com";
# tls_pubkey_pinset = [
# {
# digest = "sha256";
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
# }
# ];
# }
# ];
# };
# };
openssh = {
enable = true;
# require public key authentication for better security
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
settings.PermitRootLogin = "no";
};
davfs2.enable = true;
aria2 = {
enable = true;
settings = {
dir = "/var/lib/media";
rpc-listen-port = 6969;
};
rpcSecretFile = config.sops.secrets."rpcSecret".path;
};
dnsmasq = {
enable = true;
settings = {
interface = "wg1";
};
};
};
sops = {
# users.users = {
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
# };
# services.ombi = {
# enable = true;
# port = 2368;
# };
# users.users = {
# radarr.extraGroups = ["aria2"];
# sonarr.extraGroups = ["aria2"];
# };
# services = {
# #uses port 7878
# radarr.enable = true;
# #uses port 8989
# sonarr.enable = true;
# prowlarr.enable = true;
# };
secrets."webdav-secret" = {
mode = "0600";
path = "/etc/davfs2/secrets";
};
secrets."rpcSecret".mode = "0440";
secrets."rpcSecret".owner = config.users.users.aria2.name;
secrets."protonvpn-priv-key".mode = "0440";
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
};
sdImage.compressImage = false;
networking = {
hostName = "wheatley";
networkmanager.enable = true;
# Disable NetworkManager's internal DNS resolution
networkmanager.dns = "none";
# These options are unnecessary when managing DNS ourselves
useDHCP = false;
dhcpcd.enable = false;
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
# IPv6 DNS servers can be used here as well.
nameservers = [
# "127.0.0.1"
# "::1"
"94.140.14.49"
"94.140.14.59"
"2a10:50c0:0:0:0:0:ded:ff"
"2a10:50c0:0:0:0:0:ded:ff"
# boot.extraModulePackages = [
# (pkgs.callPackage ./rtl8189es.nix {
# kernel = config.boot.kernelPackages.kernel;
# })
# ];
nixpkgs = {
# You can add overlays here
overlays = [
];
wireguard.enable = true;
wg-quick.interfaces = {
# # "wg0" is the network interface name. You can name the interface arbitrarily.
# wg0 = {
# autostart = true;
# # Determines the IP address and subnet of the server's end of the tunnel interface.
# address = ["10.2.0.2/32"];
# # The port that WireGuard listens to. Must be accessible by the client.
# listenPort = 51820;
# dns = ["10.2.0.1"];
# # Path to the private key file.
# #
# # Note: The private key can also be included inline via the privateKey option,
# # but this makes the private key world-readable; thus, using privateKeyFile is
# # recommended.
# privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
# peers = [
# # List of allowed peers.
# {
# # Feel free to give a meaning full name
# # Public key of the peer (not a file path).
# publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
# allowedIPs = ["0.0.0.0/0"];
# endpoint = "146.70.86.114:51820";
# }
# ];
# };
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
# TODO: generate this dynamically based on other hosts
wg0 = lib.mkForce {
# Determines the IP address and subnet of the server's end of the tunnel interface.
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
# The port that WireGuard listens to. Must be accessible by the client.
listenPort = 51821;
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
postUp = ''
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
# Undo the above
preDown = ''
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
#GLaDOS public key
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
}
{
#EDI public key
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#Shodan public key
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"];
}
{
#ADA public key
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"];
}
#Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04=
];
};
};
nat = {
# enable NAT
enable = true;
externalInterface = "end0";
internalInterfaces = ["wg1"];
};
firewall = {
enable = true;
allowPing = false;
allowedTCPPorts = [
22 # SSH
5349 # STUN tls
5350 # STUN tls alt
80 # http
443 # https
51821 # wg
7878
53 # dnsmasq
];
allowedUDPPorts = [
53 #dnsmasq
];
allowedUDPPortRanges = [
{
from = 51820;
to = 51822; # wg
}
{
from = 49152;
to = 49999;
} # TURN relay
];
# Configure your nixpkgs instance
config = {
# Disable if you don't want unfree packages
allowUnfree = true;
};
};
systemd.mounts = [
{
enable = true;
description = "Webdav mount point";
after = ["network-online.target"];
wants = ["network-online.target"];
what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake";
where = "/home/jellyfinmediaplayer/nextcloud";
options = "uid=1003,gid=100,file_mode=0664,dir_mode=2775";
type = "davfs";
}
sops.defaultSopsFile = ./secrets/sops.yaml;
sops.secrets."wireless.env".mode = "0440";
sops.secrets."wireless.env".owner = config.users.users.root.name;
environment.systemPackages = with pkgs; [
age
git
htop
];
users = {
users.aria2 = {
# #uses port 8096
# services.jellyfin.enable = true;
# users.groups.jellyfinmediaplayer = {};
# users.users.jellyfinmediaplayer.group = "jellyfinmediaplayer";
# users.users.jellyfin.extraGroups = ["jellyfinmediaplayer"];
# # Add stremio kiosk on wayland :)
# users.extraUsers.jellyfinmediaplayer.isNormalUser = true;
# services.cage.user = "jellyfinmediaplayer";
# services.cage.program = "${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer";
# services.cage.enable = true;
# services.cage.extraArguments = ["-f"];
boot.kernelParams = [
"console=ttyS0,115200n8"
];
group = "aria2";
isSystemUser = true;
nix = {
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
# This will add each flake input as a registry
# To make nix3 commands consistent with your flake
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
# This will additionally add your inputs to the system's legacy channels
# Making legacy nix commands consistent as well, awesome!
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
settings = {
# Enable flakes and new 'nix' command
experimental-features = "nix-command flakes";
# Deduplicate and optimize nix store
auto-optimise-store = true;
};
groups.aria2 = {};
};
environment.systemPackages = [
# (pkgs.kodi.withPackages (kodiPkgs:
# with kodiPkgs; [
# steam-controller
# invidious
# netflix
# upnext
# sponsorblock
# sendtokodi
# jellyfin
# ]))
pkgs.iptables
];
networking.wireless.enable = true;
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
networking.wireless.networks."KPNAA6306" = {
hidden = true;
auth = ''
key_mgmt=WPA-PSK
password="@PSK_HOME@"
'';
};
system.stateVersion = "25.05";
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
networking.firewall.enable = true;
networking.firewall = {
allowedTCPPorts = [22 80 443 5335 8080];
allowedUDPPorts = [5335];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
programs.zsh = {
enable = true;
};
programs.git = {
enable = true;
};
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users = {
# Import your home-manager configuration
lillian = import ../../../home-manager/hosts/wheatley;
};
};
networking.hostName = "wheatley"; # Define your hostname
networking.wireless.interfaces = ["enu1u1"];
# powerManagement.cpuFreqGovernor = "powersave";
powerManagement.cpufreq.max = 648000;
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "unstable"; # Did you read the comment?
}

34
nixos/hosts/wheatley/hardware-configuration.nix
View file

@ -10,26 +10,40 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci"];
boot.initrd.availableKernelModules = ["usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
swapDevices = [
{
device = "/swapfile";
size = 16 * 1024;
}
];
fileSystems = {
# Prior to 19.09, the boot partition was hosted on the smaller first partition
# Starting with 19.09, the /boot folder is on the main bigger partition.
# The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed
# "/boot" = {
# device = "/dev/disk/by-label/FIRMWARE";
# fsType = "vfat";
# };
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
};
swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true;
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

11
nixos/hosts/wheatley/secrets/sops.yaml
View file

@ -1,10 +1,5 @@
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
sops:
kms: []
gcp_kms: []
@ -20,8 +15,8 @@ sops:
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-22T22:37:02Z"
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
lastmodified: "2024-02-22T11:57:45Z"
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2
version: 3.8.1

4
nixos/server/package-configs/conduit/default.nix
View file

@ -1,6 +1,7 @@
{
config,
pkgs,
inputs,
...
}: let
# You'll need to edit these values
@ -34,8 +35,7 @@ in {
# This causes NixOS to use the flake defined in this repository instead of
# the build of Conduit built into nixpkgs.
# package = inputs.conduwuit.packages.${pkgs.system}.default;
package = pkgs.conduwuit;
package = inputs.conduwuit.packages.${pkgs.system}.default;
settings.global = {
inherit server_name;

27
nixos/server/package-configs/nextcloud/default.nix
View file

@ -7,14 +7,13 @@
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
sops.secrets."nextclouddb".mode = "0440";
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
# sops.secrets."local.json".mode = "0440";
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
sops.secrets."local.json".mode = "0440";
sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
users.users = {
# nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
nextcloud.extraGroups = [config.users.groups.keys.name];
nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
#aria2.extraGroups = ["nextcloud"];
# onlyoffice.extraGroups = [config.users.users.nextcloud.name];
onlyoffice.extraGroups = [config.users.users.nextcloud.name];
};
# Enable Nginx
@ -91,15 +90,15 @@
};
};
# services.onlyoffice = {
# port = 16783;
# enable = true;
# hostname = "onlyoffice.gladtherescake.eu";
# #postgresHost = "/run/postgesql";
# #postgresUser = "onlyoffice";
# #postgresName = "onlyoffice";
# #jwtSecretFile = config.sops.secrets."local.json".path;
# };
services.onlyoffice = {
port = 16783;
enable = true;
hostname = "onlyoffice.gladtherescake.eu";
#postgresHost = "/run/postgesql";
#postgresUser = "onlyoffice";
#postgresName = "onlyoffice";
#jwtSecretFile = config.sops.secrets."local.json".path;
};
services.rabbitmq = {
enable = true;

BIN
nixos/shared/background.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 158 KiB

154
nixos/shared/default.nix
View file

@ -1,6 +1,5 @@
{
inputs,
outputs,
lib,
config,
pkgs,
@ -9,24 +8,9 @@
imports = [
./locale
./packages
inputs.home-manager.nixosModules.home-manager
#../hosts/${config.networking.hostName}/hardware-configuration.nix
];
sops = {
age.keyFile = ../../../../../../var/secrets/keys.txt;
secrets."lillian-password".neededForUsers = true;
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
secrets."wg-private-key".mode = "0440";
secrets."wg-private-key".owner = config.users.users.root.name;
secrets."ssh-private-key" = {
mode = "0600";
owner = config.users.users.lillian.name;
path = "/home/lillian/.ssh/id_ed25519";
};
};
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
sops.secrets."lillian-password".neededForUsers = true;
#TODO: remove this when unneeded for freetube
nixpkgs.config.permittedInsecurePackages = [
@ -57,136 +41,46 @@
"https://nix-community.cachix.org"
"https://nixpkgs-unfree.cachix.org"
"https://0uptime.cachix.org"
"https://attic.kennel.juneis.dog/conduit"
];
trusted-public-keys = [
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
"conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk="
];
};
};
catppuccin = {
flavor = "macchiato";
enable = true;
plymouth.enable = false;
grub.enable = false;
};
# console.catppuccin.enable = true;
catppuccin.flavor = "macchiato";
catppuccin.enable = true;
console.catppuccin.enable = true;
home-manager.backupFileExtension = "backup";
users.users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
programs.zsh = {
enable = true;
};
stylix = {
enable = true;
autoEnable = true;
base16Scheme = {
scheme = "Catppuccin Macchiato";
author = "https://github.com/catppuccin/catppuccin";
base00 = "24273a";
base01 = "1e2030";
base02 = "363a4f";
base03 = "494d64";
base04 = "5b6078";
base05 = "cad3f5";
base06 = "f4dbd6";
base07 = "b7bdf8";
base08 = "ed8796";
base09 = "f5a97f";
base0A = "eed49f";
base0B = "a6da95";
base0C = "8bd5ca";
base0D = "8aadf4";
base0E = "c6a0f6";
base0F = "f0c6c6";
};
image = ./background.jpg;
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
cursor.name = "catppuccin-macchiato-mauve-cursors";
homeManagerIntegration.followSystem = true;
fonts = {
serif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Serif";
};
monospace = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans Mono";
};
sansSerif = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
emoji = {
package = pkgs.noto-fonts-emoji-blob-bin;
name = "Blobmoji";
};
};
};
fonts.packages = [
pkgs.dejavu_fonts
pkgs.noto-fonts
pkgs.nerd-fonts.fira-mono
];
networking = {
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
autostart = true;
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
listenPort = 51821;
privateKeyFile = config.sops.secrets."wg-private-key".path;
peers = [
{
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
endpoint = "84.87.146.85:51821";
allowedIPs = ["0.0.0.0/0" "::/0"];
persistentKeepalive = 25;
}
];
};
};
};
# Enable completion of system packages by zsh
environment.pathsToLink = ["/share/zsh"];
home-manager = {
backupFileExtension = "backup";
extraSpecialArgs = {
inputs = inputs;
outputs = outputs;
};
users = {
# Import your home-manager configuration
lillian = import ../../home-manager/hosts/${config.networking.hostName};
};
};
users.mutableUsers = false;
users = {
users.lillian = {
isNormalUser = true;
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
shell = pkgs.zsh;
hashedPasswordFile = config.sops.secrets."lillian-password".path;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
];
};
mutableUsers = false;
users.root = {
hashedPassword = "*";
};
users.users.root = {
hashedPassword = "*";
};
}

41
nixos/shared/packages/default.nix
View file

@ -30,7 +30,6 @@
e2fsprogs
git
git-filter-repo
pre-commit
helix
home-manager
htop
@ -50,24 +49,24 @@
# Can be used to install latest version of some packages
]);
# fonts = {
# packages = with pkgs; [
# noto-fonts-emoji-blob-bin
# cantarell-fonts
# dejavu_fonts
# fira-code
# noto-fonts
# noto-fonts-cjk-sans
# noto-fonts-cjk-serif
# paratype-pt-sans
# paratype-pt-mono
# paratype-pt-serif
# roboto
# twemoji-color-font
# font-awesome
# atkinson-hyperlegible
# fira-code-nerdfont
# ];
# enableDefaultPackages = false;
# };
fonts = {
packages = with pkgs; [
noto-fonts-emoji-blob-bin
cantarell-fonts
dejavu_fonts
fira-code
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
paratype-pt-sans
paratype-pt-mono
paratype-pt-serif
roboto
twemoji-color-font
font-awesome
atkinson-hyperlegible
fira-code-nerdfont
];
enableDefaultPackages = false;
};
}

1
pkgs/simple-completion-language-server/result Symbolic link
View file

@ -0,0 +1 @@
/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55