Compare commits
No commits in common. "main" and "Desktop-changes" have entirely different histories.
main
...
Desktop-ch
|
@ -1,47 +0,0 @@
|
|||
{
|
||||
disko = {
|
||||
devices = {
|
||||
disk = {
|
||||
disk1 = {
|
||||
imageSize = "20G";
|
||||
type = "disk";
|
||||
device = "/dev/mmcblk0";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
firmware = {
|
||||
size = "30M";
|
||||
priority = 1;
|
||||
type = "0700";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/firmware";
|
||||
};
|
||||
};
|
||||
boot = {
|
||||
size = "1G";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
extraArgs = [];
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
1195
flake.lock
1195
flake.lock
File diff suppressed because it is too large
Load diff
195
flake.nix
195
flake.nix
|
@ -34,10 +34,10 @@
|
|||
catppuccin.url = "github:catppuccin/nix";
|
||||
|
||||
# Conduit fork without all the fuss and drama
|
||||
# conduwuit = {
|
||||
# url = "github:girlbossceo/conduwuit";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
# };
|
||||
conduwuit = {
|
||||
url = "github:girlbossceo/conduwuit";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
# Nix index database files
|
||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||
|
@ -78,8 +78,6 @@
|
|||
|
||||
# Add any other flake you might need
|
||||
# hardware.url = "github:nixos/nixos-hardware";
|
||||
# Stylix theming engine
|
||||
stylix.url = "github:danth/stylix";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
|
@ -99,8 +97,7 @@
|
|||
jovian,
|
||||
nixos-hardware,
|
||||
nix-index-database,
|
||||
# conduwuit,
|
||||
stylix,
|
||||
conduwuit,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (self) outputs;
|
||||
|
@ -108,7 +105,6 @@
|
|||
# Supported systems for your flake packages, shell, etc.
|
||||
systems = [
|
||||
"x86_64-linux"
|
||||
"aarch64-linux"
|
||||
];
|
||||
# This is a function that generates an attribute by calling a function you
|
||||
# pass to it, with each system as an argument
|
||||
|
@ -120,32 +116,6 @@
|
|||
allowUnfreePredicate = _: true;
|
||||
};
|
||||
};
|
||||
|
||||
sharedModules = [
|
||||
./nixos/shared
|
||||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
catppuccin.nixosModules.catppuccin
|
||||
stylix.nixosModules.stylix
|
||||
nix-index-database.nixosModules.nix-index
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
./home-manager/shared
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
desktopModules = [
|
||||
./nixos/desktop
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
./home-manager/desktop
|
||||
];
|
||||
}
|
||||
];
|
||||
in {
|
||||
# Your custom packages
|
||||
# Accessible through 'nix build', 'nix shell', etc
|
||||
|
@ -174,72 +144,129 @@
|
|||
EDI = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/EDI/configuration.nix
|
||||
];
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
nixos-hardware.nixosModules.dell-xps-13-7390
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/EDI/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
nix-index-database.nixosModules.nix-index
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
GLaDOS = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ desktopModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/GLaDOS/configuration.nix
|
||||
];
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/GLaDOS/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
#lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
home-manager.nixosModules.home-manager
|
||||
nix-index-database.nixosModules.nix-index
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
queen = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
simple-nixos-mailserver.nixosModule
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/queen/configuration.nix
|
||||
];
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/queen/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
disko.nixosModules.disko
|
||||
simple-nixos-mailserver.nixosModule
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
shodan = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
jovian.nixosModules.jovian
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
modules = [
|
||||
{_module.args = {inherit pkgs-edge;};}
|
||||
# > Our main nixos configuration file <
|
||||
./nixos/hosts/shodan/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
lanzaboote.nixosModules.lanzaboote
|
||||
disko.nixosModules.disko
|
||||
jovian.nixosModules.jovian
|
||||
home-manager.nixosModules.home-manager
|
||||
catppuccin.nixosModules.catppuccin
|
||||
{
|
||||
home-manager.sharedModules = [
|
||||
inputs.catppuccin.homeManagerModules.catppuccin
|
||||
inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
wheatley = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
specialArgs = {inherit inputs outputs;};
|
||||
modules =
|
||||
sharedModules
|
||||
++ [
|
||||
./nixos/hosts/wheatley/configuration.nix
|
||||
];
|
||||
};
|
||||
# ISO = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# specialArgs = {inherit inputs outputs;};
|
||||
# modules = [
|
||||
# {_module.args = {inherit pkgs-edge;};}
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
# ./nixos/hosts/iso/configuration.nix
|
||||
# sops-nix.nixosModules.sops
|
||||
# home-manager.nixosModules.home-manager
|
||||
# nix-index-database.nixosModules.nix-index
|
||||
# catppuccin.nixosModules.catppuccin
|
||||
# {
|
||||
# home-manager.sharedModules = [
|
||||
# inputs.plasma-manager.homeManagerModules.plasma-manager
|
||||
# inputs.catppuccin.homeManagerModules.catppuccin
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
|
||||
# iso_server = nixpkgs.lib.nixosSystem {
|
||||
# system = "x86_64-linux";
|
||||
# specialArgs = {inherit inputs outputs;};
|
||||
# modules = [
|
||||
# {_module.args = {inherit pkgs-edge;};}
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
|
||||
# "${nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
|
||||
# ./nixos/hosts/iso_server/configuration.nix
|
||||
# sops-nix.nixosModules.sops
|
||||
# home-manager.nixosModules.home-manager
|
||||
# nix-index-database.nixosModules.nix-index
|
||||
# catppuccin.nixosModules.catppuccin
|
||||
# {
|
||||
# home-manager.sharedModules = [
|
||||
# inputs.catppuccin.homeManagerModules.catppuccin
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,11 @@
|
|||
{pkgs, ...}: {
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
# You can import other home-manager modules here
|
||||
imports = [
|
||||
# If you want to use modules your own flake exports (from modules/home-manager):
|
||||
|
@ -13,10 +20,9 @@
|
|||
./package-configs/firefox.nix
|
||||
./package-configs/konsole
|
||||
./package-configs/foot
|
||||
./package-configs/freetube
|
||||
./package-configs/vesktop
|
||||
];
|
||||
nixpkgs = {
|
||||
config.permittedInsecurePackages = ["cinny-4.2.2" "cinny-unwrapped-4.2.2" "cinny-4.2.1" "cinny-unwrapped-4.2.1"];
|
||||
# You can add overlays here
|
||||
overlays = [
|
||||
# You can also add overlays exported from other flakes:
|
||||
|
@ -55,10 +61,8 @@
|
|||
});
|
||||
})
|
||||
];
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
permittedInsecurePackages = ["cinny-4.2.3" "cinny-unwrapped-4.2.3" "cinny-4.2.2" "cinny-unwrapped-4.2.2"];
|
||||
# Configure your nixpkgs instance
|
||||
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
|
@ -72,6 +76,8 @@
|
|||
# Add stuff for your user as you see fit:
|
||||
# programs.neovim.enable = true;
|
||||
# home.packages = with pkgs; [ steam ];
|
||||
qt.style.catppuccin.apply = true;
|
||||
programs.freetube.catppuccin.flavor = "macchiato";
|
||||
|
||||
home.packages = with pkgs; [
|
||||
# Coding:
|
||||
|
@ -85,7 +91,7 @@
|
|||
# Chat applications:
|
||||
signal-desktop
|
||||
vesktop
|
||||
# cinny-desktop
|
||||
cinny-desktop
|
||||
|
||||
# Gaming:
|
||||
prismlauncher
|
||||
|
@ -95,8 +101,6 @@
|
|||
# Multimedia:
|
||||
freetube
|
||||
vlc
|
||||
fcast-receiver
|
||||
fcast-client
|
||||
|
||||
# Office applications:
|
||||
onlyoffice-bin
|
||||
|
@ -135,69 +139,71 @@
|
|||
firefoxpwa
|
||||
ungoogled-chromium
|
||||
];
|
||||
programs = {
|
||||
# vscode = {
|
||||
# enable = true;
|
||||
# package = pkgs.vscodium;
|
||||
# extensions = with pkgs.vscode-extensions; [
|
||||
# catppuccin.catppuccin-vsc
|
||||
# catppuccin.catppuccin-vsc-icons
|
||||
# charliermarsh.ruff
|
||||
# eamodio.gitlens
|
||||
# github.vscode-pull-request-github
|
||||
# jnoortheen.nix-ide
|
||||
# kamadorueda.alejandra
|
||||
# mkhl.direnv
|
||||
# ms-toolsai.jupyter
|
||||
# ms-pyright.pyright
|
||||
# oderwat.indent-rainbow
|
||||
# rust-lang.rust-analyzer
|
||||
# yzhang.markdown-all-in-one
|
||||
# ];
|
||||
# };
|
||||
|
||||
obs-studio.enable = true;
|
||||
obs-studio.plugins = with pkgs.obs-studio-plugins; [
|
||||
programs.vscode = {
|
||||
enable = true;
|
||||
package = pkgs.vscodium;
|
||||
extensions = with pkgs.vscode-extensions; [
|
||||
catppuccin.catppuccin-vsc
|
||||
catppuccin.catppuccin-vsc-icons
|
||||
charliermarsh.ruff
|
||||
eamodio.gitlens
|
||||
github.vscode-pull-request-github
|
||||
jnoortheen.nix-ide
|
||||
kamadorueda.alejandra
|
||||
mkhl.direnv
|
||||
ms-toolsai.jupyter
|
||||
ms-pyright.pyright
|
||||
oderwat.indent-rainbow
|
||||
rust-lang.rust-analyzer
|
||||
yzhang.markdown-all-in-one
|
||||
];
|
||||
};
|
||||
|
||||
programs.obs-studio = {
|
||||
enable = true;
|
||||
plugins = with pkgs.obs-studio-plugins; [
|
||||
wlrobs
|
||||
obs-backgroundremoval
|
||||
obs-pipewire-audio-capture
|
||||
];
|
||||
|
||||
# Enable home-manager and git
|
||||
home-manager.enable = true;
|
||||
git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
extraConfig = {
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
};
|
||||
ignores = [
|
||||
"*.direnv"
|
||||
"*.vscode"
|
||||
".envrc"
|
||||
"venv"
|
||||
"venv"
|
||||
];
|
||||
};
|
||||
|
||||
gpg.enable = true;
|
||||
gpg.settings = {
|
||||
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
|
||||
default-recipient-self = true;
|
||||
auto-key-locate = "local,wkd,keyserver";
|
||||
keyserver = "hkps://keys.openpgp.org";
|
||||
auto-key-retrieve = true;
|
||||
auto-key-import = true;
|
||||
keyserver-options = "honor-keyserver-url";
|
||||
no-autostart = true;
|
||||
};
|
||||
};
|
||||
services = {
|
||||
kdeconnect.package = pkgs.kdePackages.kdeconnect-kde;
|
||||
kdeconnect.enable = true;
|
||||
|
||||
# Enable home-manager and git
|
||||
programs.home-manager.enable = true;
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
extraConfig = {
|
||||
init = {
|
||||
defaultBranch = "main";
|
||||
};
|
||||
};
|
||||
ignores = [
|
||||
"*.direnv"
|
||||
"*.vscode"
|
||||
".envrc"
|
||||
"venv"
|
||||
"venv"
|
||||
];
|
||||
};
|
||||
|
||||
programs.gpg.enable = true;
|
||||
programs.gpg.settings = {
|
||||
default-key = "0d43 5407 034c 2ad9 2d42 799d 280e 061d ff60 0f0d";
|
||||
default-recipient-self = true;
|
||||
auto-key-locate = "local,wkd,keyserver";
|
||||
keyserver = "hkps://keys.openpgp.org";
|
||||
auto-key-retrieve = true;
|
||||
auto-key-import = true;
|
||||
keyserver-options = "honor-keyserver-url";
|
||||
no-autostart = true;
|
||||
};
|
||||
|
||||
services.kdeconnect = {
|
||||
package = pkgs.kdePackages.kdeconnect-kde;
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Nicely reload system units when changing configs
|
||||
|
|
|
@ -1,9 +1,10 @@
|
|||
{...}: {
|
||||
programs.foot = {
|
||||
enable = true;
|
||||
# catppuccin.enable = true;
|
||||
catppuccin.enable = true;
|
||||
settings = {
|
||||
main = {
|
||||
font = "Fira Code:size=11";
|
||||
};
|
||||
|
||||
mouse = {
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
home.file."settings.db" = {
|
||||
source = ./settings.db;
|
||||
target = ".config/freetube/settings.db";
|
||||
force = true;
|
||||
};
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{"_id":"allowDashAv1Formats","value":true}
|
||||
{"_id":"barColor","value":true}
|
||||
{"_id":"baseTheme","value":"catppuccinMocha"}
|
||||
{"_id":"bounds","value":{"x":0,"y":66,"width":2560,"height":1374,"maximized":true,"fullScreen":false}}
|
||||
{"_id":"defaultQuality","value":"1080"}
|
||||
{"_id":"fetchSubscriptionsAutomatically","value":false}
|
||||
{"_id":"generalAutoLoadMorePaginatedItemsEnabled","value":true}
|
||||
{"_id":"hideActiveSubscriptions","value":true}
|
||||
{"_id":"hidePopularVideos","value":true}
|
||||
{"_id":"hideRecommendedVideos","value":true}
|
||||
{"_id":"hideSubscriptionsCommunity","value":true}
|
||||
{"_id":"hideSubscriptionsLive","value":true}
|
||||
{"_id":"hideSubscriptionsShorts","value":true}
|
||||
{"_id":"hideSubscriptionsVideos","value":true}
|
||||
{"_id":"hideTrendingVideos","value":true}
|
||||
{"_id":"landingPage","value":"history"}
|
||||
{"_id":"mainColor","value":"CatppuccinMochaMauve"}
|
||||
{"_id":"playNextVideo","value":false}
|
||||
{"_id":"quickBookmarkTargetPlaylistId","value":"favorites"}
|
||||
{"_id":"secColor","value":"CatppuccinMochaMauve"}
|
||||
{"_id":"showDistractionFreeTitles","value":true}
|
||||
{"_id":"useDeArrowThumbnails","value":true}
|
||||
{"_id":"useDeArrowTitles","value":true}
|
||||
{"_id":"useSponsorBlock","value":true}
|
|
@ -1,15 +1,4 @@
|
|||
{osConfig, ...}: {
|
||||
home.file.".config/kdeconnect/config" = {
|
||||
text = ''
|
||||
[General]
|
||||
keyAlgorithm=EC
|
||||
name=${osConfig.networking.hostName}
|
||||
customDevices=10.0.0.2,10.0.0.3,10.0.0.4,10.0.0.5
|
||||
'';
|
||||
target = ".config/kdeconnect/config";
|
||||
force = true;
|
||||
};
|
||||
|
||||
{
|
||||
programs.plasma = {
|
||||
enable = true;
|
||||
desktop.mouseActions.verticalScroll = "switchVirtualDesktop";
|
||||
|
@ -99,7 +88,7 @@
|
|||
"applications:steam.desktop"
|
||||
"applications:noisetorch.desktop"
|
||||
"applications:org.kde.plasma-systemmonitor.desktop"
|
||||
"applications:foot.desktop"
|
||||
"applications:org.codeberg.dnkl.foot.desktop"
|
||||
"applications:nitrokey-app.desktop"
|
||||
"applications:codium.desktop"
|
||||
"applications:freetube.desktop"
|
||||
|
|
|
@ -1,7 +0,0 @@
|
|||
{...}: {
|
||||
home.file."settings.json" = {
|
||||
source = ./settings.json;
|
||||
target = ".config/vesktop/settings/settings.json";
|
||||
force = true;
|
||||
};
|
||||
}
|
|
@ -1,602 +0,0 @@
|
|||
{
|
||||
"autoUpdate": true,
|
||||
"autoUpdateNotification": false,
|
||||
"useQuickCss": true,
|
||||
"themeLinks": [],
|
||||
"enabledThemes": [
|
||||
"stylix.theme.css"
|
||||
],
|
||||
"enableReactDevtools": false,
|
||||
"frameless": false,
|
||||
"transparent": false,
|
||||
"winCtrlQ": false,
|
||||
"disableMinSize": false,
|
||||
"winNativeTitleBar": false,
|
||||
"plugins": {
|
||||
"ChatInputButtonAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"CommandsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MemberListDecoratorsAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageAccessoriesAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MessageDecorationsAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageEventsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"MessagePopoverAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageUpdaterAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"ServerListAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"UserSettingsAPI": {
|
||||
"enabled": true
|
||||
},
|
||||
"AccountPanelServerProfile": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysAnimate": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysExpandRoles": {
|
||||
"enabled": false
|
||||
},
|
||||
"AlwaysTrust": {
|
||||
"enabled": true,
|
||||
"domain": true,
|
||||
"file": true
|
||||
},
|
||||
"AnonymiseFileNames": {
|
||||
"enabled": true,
|
||||
"anonymiseByDefault": true,
|
||||
"method": 0,
|
||||
"randomisedLength": 7
|
||||
},
|
||||
"AppleMusicRichPresence": {
|
||||
"enabled": false
|
||||
},
|
||||
"WebRichPresence (arRPC)": {
|
||||
"enabled": false
|
||||
},
|
||||
"BANger": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterFolders": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterGifAltText": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterGifPicker": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterNotesBox": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterRoleContext": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterRoleDot": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterSessions": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterSettings": {
|
||||
"enabled": false
|
||||
},
|
||||
"BetterUploadButton": {
|
||||
"enabled": false
|
||||
},
|
||||
"BiggerStreamPreview": {
|
||||
"enabled": false
|
||||
},
|
||||
"BlurNSFW": {
|
||||
"enabled": false
|
||||
},
|
||||
"CallTimer": {
|
||||
"enabled": false
|
||||
},
|
||||
"ClearURLs": {
|
||||
"enabled": false
|
||||
},
|
||||
"ClientTheme": {
|
||||
"enabled": false
|
||||
},
|
||||
"ColorSighted": {
|
||||
"enabled": false
|
||||
},
|
||||
"ConsoleJanitor": {
|
||||
"enabled": false
|
||||
},
|
||||
"ConsoleShortcuts": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyEmojiMarkdown": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyFileContents": {
|
||||
"enabled": false
|
||||
},
|
||||
"CopyUserURLs": {
|
||||
"enabled": false
|
||||
},
|
||||
"CrashHandler": {
|
||||
"enabled": true
|
||||
},
|
||||
"CtrlEnterSend": {
|
||||
"enabled": false
|
||||
},
|
||||
"CustomRPC": {
|
||||
"enabled": false
|
||||
},
|
||||
"CustomIdle": {
|
||||
"enabled": false
|
||||
},
|
||||
"Dearrow": {
|
||||
"enabled": false
|
||||
},
|
||||
"Decor": {
|
||||
"enabled": false
|
||||
},
|
||||
"DisableCallIdle": {
|
||||
"enabled": false
|
||||
},
|
||||
"DontRoundMyTimestamps": {
|
||||
"enabled": false
|
||||
},
|
||||
"EmoteCloner": {
|
||||
"enabled": false
|
||||
},
|
||||
"Experiments": {
|
||||
"enabled": false
|
||||
},
|
||||
"F8Break": {
|
||||
"enabled": false
|
||||
},
|
||||
"FakeNitro": {
|
||||
"enabled": true,
|
||||
"enableEmojiBypass": true,
|
||||
"emojiSize": 48,
|
||||
"transformEmojis": true,
|
||||
"enableStickerBypass": true,
|
||||
"stickerSize": 160,
|
||||
"transformStickers": true,
|
||||
"transformCompoundSentence": false,
|
||||
"enableStreamQualityBypass": true,
|
||||
"useHyperLinks": true,
|
||||
"hyperLinkText": "{{NAME}}",
|
||||
"disableEmbedPermissionCheck": false
|
||||
},
|
||||
"FakeProfileThemes": {
|
||||
"enabled": false
|
||||
},
|
||||
"FavoriteEmojiFirst": {
|
||||
"enabled": false
|
||||
},
|
||||
"FavoriteGifSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixCodeblockGap": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixSpotifyEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixYoutubeEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"ForceOwnerCrown": {
|
||||
"enabled": false
|
||||
},
|
||||
"FriendInvites": {
|
||||
"enabled": false
|
||||
},
|
||||
"FriendsSince": {
|
||||
"enabled": false
|
||||
},
|
||||
"FullSearchContext": {
|
||||
"enabled": false
|
||||
},
|
||||
"GameActivityToggle": {
|
||||
"enabled": false
|
||||
},
|
||||
"GifPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"GreetStickerPicker": {
|
||||
"enabled": false
|
||||
},
|
||||
"HideAttachments": {
|
||||
"enabled": false
|
||||
},
|
||||
"iLoveSpam": {
|
||||
"enabled": false
|
||||
},
|
||||
"IgnoreActivities": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImageLink": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImageZoom": {
|
||||
"enabled": false
|
||||
},
|
||||
"ImplicitRelationships": {
|
||||
"enabled": false
|
||||
},
|
||||
"InvisibleChat": {
|
||||
"enabled": false
|
||||
},
|
||||
"KeepCurrentChannel": {
|
||||
"enabled": false
|
||||
},
|
||||
"LastFMRichPresence": {
|
||||
"enabled": false
|
||||
},
|
||||
"LoadingQuotes": {
|
||||
"enabled": false
|
||||
},
|
||||
"MemberCount": {
|
||||
"enabled": true,
|
||||
"memberList": true,
|
||||
"toolTip": true
|
||||
},
|
||||
"MentionAvatars": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageClickActions": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLatency": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLinkEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageLogger": {
|
||||
"enabled": false
|
||||
},
|
||||
"MessageTags": {
|
||||
"enabled": false
|
||||
},
|
||||
"MoreCommands": {
|
||||
"enabled": false
|
||||
},
|
||||
"MoreKaomoji": {
|
||||
"enabled": true
|
||||
},
|
||||
"MoreUserTags": {
|
||||
"enabled": false
|
||||
},
|
||||
"Moyai": {
|
||||
"enabled": false
|
||||
},
|
||||
"MutualGroupDMs": {
|
||||
"enabled": false
|
||||
},
|
||||
"NewGuildSettings": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoBlockedMessages": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoDevtoolsWarning": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoF1": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoMaskedUrlPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoMosaic": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoOnboardingDelay": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoPendingCount": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoProfileThemes": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoReplyMention": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoScreensharePreview": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoServerEmojis": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoTypingAnimation": {
|
||||
"enabled": false
|
||||
},
|
||||
"NoUnblockToJump": {
|
||||
"enabled": false
|
||||
},
|
||||
"NormalizeMessageLinks": {
|
||||
"enabled": false
|
||||
},
|
||||
"NotificationVolume": {
|
||||
"enabled": false
|
||||
},
|
||||
"NSFWGateBypass": {
|
||||
"enabled": false
|
||||
},
|
||||
"OnePingPerDM": {
|
||||
"enabled": false
|
||||
},
|
||||
"oneko": {
|
||||
"enabled": false
|
||||
},
|
||||
"OpenInApp": {
|
||||
"enabled": false
|
||||
},
|
||||
"OverrideForumDefaults": {
|
||||
"enabled": false
|
||||
},
|
||||
"PartyMode": {
|
||||
"enabled": false
|
||||
},
|
||||
"PauseInvitesForever": {
|
||||
"enabled": false
|
||||
},
|
||||
"PermissionFreeWill": {
|
||||
"enabled": false
|
||||
},
|
||||
"PermissionsViewer": {
|
||||
"enabled": false
|
||||
},
|
||||
"petpet": {
|
||||
"enabled": true
|
||||
},
|
||||
"PictureInPicture": {
|
||||
"enabled": false
|
||||
},
|
||||
"PinDMs": {
|
||||
"enabled": false
|
||||
},
|
||||
"PlainFolderIcon": {
|
||||
"enabled": false
|
||||
},
|
||||
"PlatformIndicators": {
|
||||
"enabled": false
|
||||
},
|
||||
"PreviewMessage": {
|
||||
"enabled": false
|
||||
},
|
||||
"QuickMention": {
|
||||
"enabled": false
|
||||
},
|
||||
"QuickReply": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReactErrorDecoder": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReadAllNotificationsButton": {
|
||||
"enabled": false
|
||||
},
|
||||
"RelationshipNotifier": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReplaceGoogleSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReplyTimestamp": {
|
||||
"enabled": false
|
||||
},
|
||||
"RevealAllSpoilers": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReverseImageSearch": {
|
||||
"enabled": false
|
||||
},
|
||||
"ReviewDB": {
|
||||
"enabled": false
|
||||
},
|
||||
"RoleColorEverywhere": {
|
||||
"enabled": false
|
||||
},
|
||||
"SecretRingToneEnabler": {
|
||||
"enabled": false
|
||||
},
|
||||
"Summaries": {
|
||||
"enabled": false
|
||||
},
|
||||
"SendTimestamps": {
|
||||
"enabled": true,
|
||||
"replaceMessageContents": true
|
||||
},
|
||||
"ServerInfo": {
|
||||
"enabled": false
|
||||
},
|
||||
"ServerListIndicators": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShikiCodeblocks": {
|
||||
"enabled": true,
|
||||
"useDevIcon": "COLOR",
|
||||
"theme": "https://raw.githubusercontent.com/shikijs/shiki/0b28ad8ccfbf2615f2d9d38ea8255416b8ac3043/packages/shiki/themes/dracula.json",
|
||||
"tryHljs": "SECONDARY",
|
||||
"bgOpacity": 100
|
||||
},
|
||||
"ShowAllMessageButtons": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowConnections": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowHiddenChannels": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowHiddenThings": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowMeYourName": {
|
||||
"enabled": false
|
||||
},
|
||||
"ShowTimeoutDuration": {
|
||||
"enabled": false
|
||||
},
|
||||
"SilentMessageToggle": {
|
||||
"enabled": false
|
||||
},
|
||||
"SilentTyping": {
|
||||
"enabled": false
|
||||
},
|
||||
"SortFriendRequests": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyControls": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyCrack": {
|
||||
"enabled": false
|
||||
},
|
||||
"SpotifyShareCommands": {
|
||||
"enabled": false
|
||||
},
|
||||
"StartupTimings": {
|
||||
"enabled": false
|
||||
},
|
||||
"StickerPaste": {
|
||||
"enabled": false
|
||||
},
|
||||
"StreamerModeOnStream": {
|
||||
"enabled": false
|
||||
},
|
||||
"SuperReactionTweaks": {
|
||||
"enabled": false
|
||||
},
|
||||
"TextReplace": {
|
||||
"enabled": false
|
||||
},
|
||||
"ThemeAttributes": {
|
||||
"enabled": false
|
||||
},
|
||||
"Translate": {
|
||||
"enabled": false
|
||||
},
|
||||
"TypingIndicator": {
|
||||
"enabled": false
|
||||
},
|
||||
"TypingTweaks": {
|
||||
"enabled": false
|
||||
},
|
||||
"Unindent": {
|
||||
"enabled": false
|
||||
},
|
||||
"UnlockedAvatarZoom": {
|
||||
"enabled": false
|
||||
},
|
||||
"UnsuppressEmbeds": {
|
||||
"enabled": false
|
||||
},
|
||||
"UserVoiceShow": {
|
||||
"enabled": false
|
||||
},
|
||||
"USRBG": {
|
||||
"enabled": false
|
||||
},
|
||||
"ValidReply": {
|
||||
"enabled": false
|
||||
},
|
||||
"ValidUser": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceChatDoubleClick": {
|
||||
"enabled": false
|
||||
},
|
||||
"VcNarrator": {
|
||||
"enabled": false
|
||||
},
|
||||
"VencordToolbox": {
|
||||
"enabled": false
|
||||
},
|
||||
"ViewIcons": {
|
||||
"enabled": false
|
||||
},
|
||||
"ViewRaw": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceDownload": {
|
||||
"enabled": false
|
||||
},
|
||||
"VoiceMessages": {
|
||||
"enabled": false
|
||||
},
|
||||
"VolumeBooster": {
|
||||
"enabled": false
|
||||
},
|
||||
"WebKeybinds": {
|
||||
"enabled": true
|
||||
},
|
||||
"WebScreenShareFixes": {
|
||||
"enabled": true
|
||||
},
|
||||
"WhoReacted": {
|
||||
"enabled": false
|
||||
},
|
||||
"XSOverlay": {
|
||||
"enabled": false
|
||||
},
|
||||
"YoutubeAdblock": {
|
||||
"enabled": true
|
||||
},
|
||||
"NoTrack": {
|
||||
"enabled": true,
|
||||
"disableAnalytics": true
|
||||
},
|
||||
"WebContextMenus": {
|
||||
"enabled": true,
|
||||
"addBack": true
|
||||
},
|
||||
"Settings": {
|
||||
"enabled": true,
|
||||
"settingsLocation": "aboveNitro"
|
||||
},
|
||||
"SupportHelper": {
|
||||
"enabled": true
|
||||
},
|
||||
"UserMessagesPronouns": {
|
||||
"enabled": true,
|
||||
"showInMessages": true,
|
||||
"showSelf": true,
|
||||
"pronounSource": 0,
|
||||
"pronounsFormat": "LOWERCASE"
|
||||
},
|
||||
"DynamicImageModalAPI": {
|
||||
"enabled": false
|
||||
},
|
||||
"FixImagesQuality": {
|
||||
"enabled": false
|
||||
}
|
||||
},
|
||||
"notifications": {
|
||||
"timeout": 5000,
|
||||
"position": "bottom-right",
|
||||
"useNative": "not-focused",
|
||||
"logLimit": 50
|
||||
},
|
||||
"cloud": {
|
||||
"authenticated": false,
|
||||
"url": "https://api.vencord.dev/",
|
||||
"settingsSync": false,
|
||||
"settingsSyncVersion": 1734993730812
|
||||
}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS
|
|
@ -18,8 +18,6 @@
|
|||
home.packages = with pkgs; [
|
||||
heroic
|
||||
r2modman
|
||||
ryujinx
|
||||
lutris
|
||||
];
|
||||
|
||||
programs.mangohud = {
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINl+QRyKBYm+sx0hUiD2u6FBdT7aXsZBGUxm4cb7r24k lillian@GLaDOS
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKRT5MqPrYUhhD5rJFp0PQbkTRtGcNaCaTxEkZw9RiVT lillian@GLaDOS
|
|
@ -16,8 +16,6 @@
|
|||
../../desktop/package-configs/firefox.nix
|
||||
../../desktop/package-configs/konsole
|
||||
../../desktop/package-configs/foot
|
||||
../../desktop/package-configs/freetube
|
||||
../../desktop/package-configs/vesktop
|
||||
../../shared
|
||||
];
|
||||
nixpkgs = {
|
||||
|
@ -58,11 +56,10 @@
|
|||
freetube
|
||||
obs-studio
|
||||
vlc
|
||||
fcast-receiver
|
||||
fcast-client
|
||||
|
||||
# System tools:
|
||||
rage
|
||||
discover
|
||||
flameshot
|
||||
fzf
|
||||
nextcloud-client
|
||||
|
@ -86,23 +83,22 @@
|
|||
firefox
|
||||
ungoogled-chromium
|
||||
];
|
||||
programs = {
|
||||
# # Automount services for user
|
||||
# programs.bashmount.enable = true;
|
||||
# services.udiskie = {
|
||||
# enable = true;
|
||||
# automount = true;
|
||||
# notify = false;
|
||||
# tray = "never";
|
||||
# };
|
||||
|
||||
# Enable home-manager and git
|
||||
home-manager.enable = true;
|
||||
git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
};
|
||||
# # Automount services for user
|
||||
# programs.bashmount.enable = true;
|
||||
# services.udiskie = {
|
||||
# enable = true;
|
||||
# automount = true;
|
||||
# notify = false;
|
||||
# tray = "never";
|
||||
# };
|
||||
|
||||
# Enable home-manager and git
|
||||
programs.home-manager.enable = true;
|
||||
programs.git = {
|
||||
enable = true;
|
||||
userEmail = "git@lillianviolet.dev";
|
||||
userName = "Lillian-Violet";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrmRjLF2tVkWeV7EOgUiF77Q9t+rBziRAdOPo92pyvF lillian@GLaDOS
|
|
@ -11,7 +11,8 @@
|
|||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./nvim.nix
|
||||
../../shared
|
||||
../../package-configs/zsh.nix
|
||||
../../package-configs/helix.nix
|
||||
];
|
||||
|
||||
nixpkgs = {
|
||||
|
@ -35,5 +36,5 @@
|
|||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
home.stateVersion = "25.05";
|
||||
home.stateVersion = "24.05";
|
||||
}
|
||||
|
|
|
@ -1,46 +0,0 @@
|
|||
[
|
||||
{
|
||||
"command": "systemctl poweroff",
|
||||
"name": "shutdown"
|
||||
},
|
||||
{
|
||||
"command": "systemctl reboot",
|
||||
"name": "reboot"
|
||||
},
|
||||
{
|
||||
"command": "systemctl suspend",
|
||||
"name": "suspend"
|
||||
},
|
||||
{
|
||||
"command": "systemctl hibernate",
|
||||
"name": "hibernate"
|
||||
},
|
||||
{
|
||||
"command": "loginctl lock-session",
|
||||
"name": "lock"
|
||||
},
|
||||
{
|
||||
"command": "loginctl unlock-session",
|
||||
"name": "unlock"
|
||||
},
|
||||
{
|
||||
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mute\"",
|
||||
"name": "mute"
|
||||
},
|
||||
{
|
||||
"command": "qdbus org.kde.kglobalaccel /component/kmix invokeShortcut \"mic_mute\"",
|
||||
"name": "mute mic"
|
||||
},
|
||||
{
|
||||
"command": "file=/tmp/$(hostname)_$(date \"+%Y%m%d_%H%M%S\").png; spectacle -bo \"${file}\" && while ! [ -f \"${file}\" ]; do sleep 0.5; done && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
|
||||
"name": "screenshot to phone"
|
||||
},
|
||||
{
|
||||
"command": "file=\"$HOME/Images/WebcamImage_$(date \"+%Y%m%d_%H%M%S\").jpg\"; ffmpeg -f video4linux2 -s 1280x720 -i /dev/video0 -ss 0:0:2 -frames 1 \"${file}\" && kdeconnect-cli -d $(kdeconnect-cli -a --id-only) --share \"${file}\"",
|
||||
"name": "webcam to phone"
|
||||
},
|
||||
{
|
||||
"command": "",
|
||||
"name": ""
|
||||
}
|
||||
]
|
|
@ -1,8 +1,4 @@
|
|||
{
|
||||
pkgs,
|
||||
osConfig,
|
||||
...
|
||||
}: {
|
||||
{pkgs, ...}: {
|
||||
imports = [
|
||||
./shell/helix
|
||||
./shell/zellij
|
||||
|
@ -14,19 +10,11 @@
|
|||
home = {
|
||||
username = "lillian";
|
||||
homeDirectory = "/home/lillian";
|
||||
file."id_ed25519.pub" = {
|
||||
source = ../hosts/${osConfig.networking.hostName}/id_ed25519.pub;
|
||||
target = ".ssh/id_ed25519.pub";
|
||||
force = true;
|
||||
};
|
||||
};
|
||||
|
||||
catppuccin = {
|
||||
enable = true;
|
||||
flavor = "macchiato";
|
||||
foot.enable = false;
|
||||
helix.enable = false;
|
||||
yazi.enable = false;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [
|
||||
|
@ -39,43 +27,8 @@
|
|||
broot
|
||||
lazygit
|
||||
navi
|
||||
yazi
|
||||
nil
|
||||
];
|
||||
programs = {
|
||||
navi.enable = true;
|
||||
yazi = {
|
||||
enable = true;
|
||||
package = pkgs.yazi.override {
|
||||
_7zz = pkgs._7zz.override {useUasm = true;};
|
||||
};
|
||||
};
|
||||
};
|
||||
stylix.enable = true;
|
||||
# stylix = {
|
||||
# enable = true;
|
||||
# autoEnable = true;
|
||||
# base16Scheme = {
|
||||
# scheme = "Catppuccin Macchiato";
|
||||
# author = "https://github.com/catppuccin/catppuccin";
|
||||
# base00 = "24273a";
|
||||
# base01 = "1e2030";
|
||||
# base02 = "363a4f";
|
||||
# base03 = "494d64";
|
||||
# base04 = "5b6078";
|
||||
# base05 = "cad3f5";
|
||||
# base06 = "f4dbd6";
|
||||
# base07 = "b7bdf8";
|
||||
# base08 = "ed8796";
|
||||
# base09 = "f5a97f";
|
||||
# base0A = "eed49f";
|
||||
# base0B = "a6da95";
|
||||
# base0C = "8bd5ca";
|
||||
# base0D = "8aadf4";
|
||||
# base0E = "c6a0f6";
|
||||
# base0F = "f0c6c6";
|
||||
# };
|
||||
# image = ./background.jpg;
|
||||
# cursor.package = pkgs.catppuccin-cursors;
|
||||
# cursor.name = "macchiatoMauve";
|
||||
# };
|
||||
programs.navi.enable = true;
|
||||
}
|
||||
|
|
|
@ -2,6 +2,6 @@
|
|||
programs.bat = {
|
||||
enable = true;
|
||||
extraPackages = with pkgs.bat-extras; [batdiff batman batgrep batwatch];
|
||||
# catppuccin.enable = true;
|
||||
catppuccin.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -16,21 +16,24 @@
|
|||
''
|
||||
#! ~/.nix-profile/bin/zsh
|
||||
is_new() {
|
||||
new=0;
|
||||
mkdir -p /tmp/rjh;
|
||||
if [[ -a "/tmp/rjh/$(pwd | tr \"/\" -).json" ]]; then
|
||||
new=1
|
||||
fi
|
||||
return $new
|
||||
new=1;
|
||||
touch /tmp/rjh;
|
||||
while IFS="" read -r p || [ -n "$p" ]; do
|
||||
if [ $(pwd) = $p ]; then
|
||||
new=0;
|
||||
fi
|
||||
done < /tmp/rjh
|
||||
return $new
|
||||
}
|
||||
|
||||
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh/$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && sleep 3
|
||||
rm -f /tmp/pipe-rjh
|
||||
mkfifo /tmp/pipe-rjh
|
||||
cat > /tmp/pipe-rjh
|
||||
zellij run -f -n "REPL" -- direnv exec . just send < /tmp/pipe-rjh
|
||||
rm /tmp/pipe-rjh
|
||||
|
||||
send_to_jupyter() {
|
||||
is_new && zellij run -f -n "jupyter console" -- direnv exec . jupyter console --kernel="$1" -f="/tmp/rjh-$(pwd | tr \"/\" -).json" --ZMQTerminalInteractiveShell.include_other_output=True --ZMQTerminalInteractiveShell.other_output_prefix=''' && zellij action write 29 25 && zellij action write 17
|
||||
pwd >> /tmp/rjh
|
||||
zellij action write 29 25
|
||||
zellij action write 17
|
||||
cat | just send
|
||||
}
|
||||
send_to_jupyter
|
||||
'';
|
||||
in {
|
||||
programs.helix = {
|
||||
|
@ -48,11 +51,6 @@ in {
|
|||
j = ":pipe-to just jupyter";
|
||||
};
|
||||
editor = {
|
||||
auto-save = {
|
||||
focus-lost = true;
|
||||
after-delay.enable = true;
|
||||
after-delay.timeout = 3000;
|
||||
};
|
||||
line-number = "relative";
|
||||
lsp.display-messages = true;
|
||||
lsp.display-inlay-hints = true;
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
{
|
||||
fetchzip,
|
||||
lib,
|
||||
rustPlatform,
|
||||
git,
|
||||
installShellFiles,
|
||||
}:
|
||||
rustPlatform.buildRustPackage rec {
|
||||
pname = "helix";
|
||||
version = "24.07";
|
||||
|
||||
# This release tarball includes source code for the tree-sitter grammars,
|
||||
# which is not ordinarily part of the repository.
|
||||
src = fetchzip {
|
||||
url = "https://github.com/helix-editor/helix/releases/download/${version}/helix-${version}-source.tar.xz";
|
||||
hash = "";
|
||||
stripRoot = false;
|
||||
};
|
||||
|
||||
cargoHash = "";
|
||||
|
||||
nativeBuildInputs = [git installShellFiles];
|
||||
|
||||
env.HELIX_DEFAULT_RUNTIME = "${placeholder "out"}/lib/runtime";
|
||||
|
||||
postInstall = ''
|
||||
# not needed at runtime
|
||||
rm -r runtime/grammars/sources
|
||||
|
||||
mkdir -p $out/lib
|
||||
cp -r runtime $out/lib
|
||||
installShellCompletion contrib/completion/hx.{bash,fish,zsh}
|
||||
mkdir -p $out/share/{applications,icons/hicolor/256x256/apps}
|
||||
cp contrib/Helix.desktop $out/share/applications
|
||||
cp contrib/helix.png $out/share/icons/hicolor/256x256/apps
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
description = "Post-modern modal text editor";
|
||||
homepage = "https://helix-editor.com";
|
||||
license = licenses.mpl20;
|
||||
mainProgram = "hx";
|
||||
maintainers = with maintainers; [danth yusdacra zowoq];
|
||||
};
|
||||
}
|
|
@ -174,7 +174,7 @@ in {
|
|||
enableZshIntegration = true;
|
||||
settings = {
|
||||
session_serialization = true;
|
||||
# theme = "catppuccin-macchiato";
|
||||
theme = "catppuccin-macchiato";
|
||||
|
||||
themes = {
|
||||
catppuccin-mocha = {
|
||||
|
@ -206,12 +206,14 @@ in {
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
home.file = {
|
||||
"layout" = {
|
||||
source = "${layout}";
|
||||
target = ".config/zellij/layouts/default.kdl";
|
||||
};
|
||||
|
||||
};
|
||||
home.file = {
|
||||
"helix_zellij" = {
|
||||
source = "${helix_zellij}";
|
||||
target = ".config/zellij/layouts/helix.kdl";
|
||||
|
|
|
@ -1,71 +1,70 @@
|
|||
{pkgs, ...}: {
|
||||
programs = {
|
||||
zoxide = {
|
||||
enable = true;
|
||||
programs.zoxide = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
cd = "z";
|
||||
code = "codium ./";
|
||||
ls = "eza";
|
||||
lh = "ls -lah";
|
||||
cat = "bat";
|
||||
tree = "tre";
|
||||
neofetch = "hyfetch";
|
||||
shutdown = "shutdown 0";
|
||||
reboot = "reboot 0";
|
||||
};
|
||||
zsh = {
|
||||
plugins = [
|
||||
{
|
||||
name = "zsh-nix-shell";
|
||||
file = "nix-shell.plugin.zsh";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "chisui";
|
||||
repo = "zsh-nix-shell";
|
||||
rev = "v0.8.0";
|
||||
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "terraform";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "macunha1";
|
||||
repo = "zsh-terraform";
|
||||
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
|
||||
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
|
||||
};
|
||||
}
|
||||
];
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
historySubstringSearch.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
#zsh-abbr.enable = true;
|
||||
oh-my-zsh = {
|
||||
enable = true;
|
||||
shellAliases = {
|
||||
cd = "z";
|
||||
code = "codium ./";
|
||||
ls = "eza";
|
||||
lh = "ls -lah";
|
||||
cat = "bat";
|
||||
tree = "tre";
|
||||
neofetch = "hyfetch";
|
||||
shutdown = "shutdown 0";
|
||||
reboot = "reboot 0";
|
||||
};
|
||||
plugins = [
|
||||
{
|
||||
name = "zsh-nix-shell";
|
||||
file = "nix-shell.plugin.zsh";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "chisui";
|
||||
repo = "zsh-nix-shell";
|
||||
rev = "v0.8.0";
|
||||
sha256 = "sha256-Z6EYQdasvpl1P78poj9efnnLj7QQg13Me8x1Ryyw+dM=";
|
||||
};
|
||||
}
|
||||
{
|
||||
name = "terraform";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "macunha1";
|
||||
repo = "zsh-terraform";
|
||||
rev = "fd1471d3757f8ed13f56c4426f88616111de2a87";
|
||||
sha256 = "0z6i9wjjklb4lvr7zjhbphibsyx51psv50gm07mbb0kj9058j6kc";
|
||||
};
|
||||
}
|
||||
"git"
|
||||
"colored-man-pages"
|
||||
"colorize"
|
||||
"dirhistory"
|
||||
"dirpersist"
|
||||
"history"
|
||||
"history-substring-search"
|
||||
"fancy-ctrl-z"
|
||||
"git-flow"
|
||||
"isodate"
|
||||
"z"
|
||||
"zsh-interactive-cd"
|
||||
"zsh-navigation-tools"
|
||||
];
|
||||
autosuggestion.enable = true;
|
||||
enableCompletion = true;
|
||||
historySubstringSearch.enable = true;
|
||||
syntaxHighlighting.enable = true;
|
||||
#zsh-abbr.enable = true;
|
||||
oh-my-zsh = {
|
||||
enable = true;
|
||||
plugins = [
|
||||
"git"
|
||||
"colored-man-pages"
|
||||
"colorize"
|
||||
"dirhistory"
|
||||
"dirpersist"
|
||||
"history"
|
||||
"history-substring-search"
|
||||
"fancy-ctrl-z"
|
||||
"git-flow"
|
||||
"isodate"
|
||||
"z"
|
||||
"zsh-interactive-cd"
|
||||
"zsh-navigation-tools"
|
||||
];
|
||||
};
|
||||
# Extra commands that take more complex forms
|
||||
initExtra = ''
|
||||
eval "$(zoxide init --cmd cd zsh)"
|
||||
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
|
||||
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
|
||||
'';
|
||||
};
|
||||
# Extra commands that take more complex forms
|
||||
initExtra = ''
|
||||
eval "$(zoxide init --cmd cd zsh)"
|
||||
tre() { command tre "$@" -e && source "/tmp/tre_aliases_$USER" 2>/dev/null; }
|
||||
zhx() { command zellij action new-tab --layout $HOME/.config/zellij/layouts/helix.kdl; }
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
9
justfile
9
justfile
|
@ -13,12 +13,3 @@ update:
|
|||
clean:
|
||||
sudo nix-collect-garbage
|
||||
sudo nix-store --optimise
|
||||
|
||||
setup:
|
||||
echo "just test" >> ./.git/hooks/pre-commit && chmod +x ./.git/hooks/pre-commit
|
||||
|
||||
push:
|
||||
git pull
|
||||
git add *
|
||||
read -p "Commit message: " -r message && git commit -m "$message"
|
||||
git push
|
||||
|
|
|
@ -1,5 +1,6 @@
|
|||
# Add your reusable NixOS modules to this directory, on their own file (https://nixos.wiki/wiki/Module).
|
||||
# These should be stuff you would like to share with others, not your personal configurations.
|
||||
{
|
||||
vpn-ip = import ./vpn-ip;
|
||||
# List your module files here
|
||||
contabo.wan = import ./contabo/wan;
|
||||
}
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
{lib, ...}:
|
||||
with lib; {
|
||||
# Declare what settings a user of this "hello.nix" module CAN SET.
|
||||
options.services.vpn-ip = {
|
||||
ip = mkOption {
|
||||
type = types.str;
|
||||
default = "0";
|
||||
};
|
||||
publicKey = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -29,6 +29,11 @@
|
|||
};
|
||||
};
|
||||
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
programs.command-not-found.enable = lib.mkForce false;
|
||||
programs.nix-index.enable = true;
|
||||
programs.nix-index-database.comma.enable = true;
|
||||
|
||||
environment.systemPackages =
|
||||
(with pkgs; [
|
||||
# Custom tools
|
||||
|
@ -78,8 +83,6 @@
|
|||
kdePackages.sddm-kcm
|
||||
kdePackages.dolphin-plugins
|
||||
kdePackages.qtstyleplugin-kvantum
|
||||
kdePackages.krdc
|
||||
kdePackages.krfb
|
||||
libportal-qt5
|
||||
libportal
|
||||
|
||||
|
@ -93,124 +96,101 @@
|
|||
# list of latest packages from nixpkgs master
|
||||
# Can be used to install latest version of some packages
|
||||
]);
|
||||
programs = {
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
command-not-found.enable = lib.mkForce false;
|
||||
nix-index.enable = true;
|
||||
nix-index-database.comma.enable = true;
|
||||
|
||||
direnv = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
kdeconnect.enable = true;
|
||||
|
||||
noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true; # Enables support for 32bit libs that steam uses
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
programs.steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
services = {
|
||||
# Enable the X11 windowing system.
|
||||
xserver.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
};
|
||||
displayManager.defaultSession = "plasma";
|
||||
desktopManager.plasma6.enable = true;
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
|
||||
# Enable flatpak support
|
||||
flatpak.enable = true;
|
||||
packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
xserver.xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
printing.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
fwupd.enable = true;
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
wireplumber.enable = true;
|
||||
};
|
||||
|
||||
avahi = {
|
||||
nssmdns4 = true;
|
||||
enable = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
};
|
||||
};
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
services.displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
};
|
||||
hardware = {
|
||||
graphics.enable32Bit = true;
|
||||
services.displayManager.defaultSession = "plasma";
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
# Enable bluetooth hardware
|
||||
bluetooth.enable = true;
|
||||
# Enable flatpak support
|
||||
services.flatpak.enable = true;
|
||||
services.packagekit.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
pulseaudio.enable = false;
|
||||
# Configure keymap in X11
|
||||
services.xserver.xkb = {
|
||||
layout = "us";
|
||||
variant = "";
|
||||
options = "terminate:ctrl_alt_bksp,compose:caps_toggle";
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable bluetooth hardware
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
jack.enable = true;
|
||||
wireplumber.enable = true;
|
||||
};
|
||||
|
||||
programs.noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
dockerCompat = true;
|
||||
};
|
||||
security.tpm2 = {
|
||||
enable = true;
|
||||
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
tctiEnvironment.enable = true;
|
||||
}; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
users.users.lillian.extraGroups = ["tss"];
|
||||
boot = {
|
||||
# tss group has access to TPM devices
|
||||
bootspec.enable = true;
|
||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
#boot.supportedFilesystems = ["bcachefs"];
|
||||
extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
|
||||
kernelModules = [
|
||||
# Virtual Camera
|
||||
"v4l2loopback"
|
||||
# Virtual Microphone, built-in
|
||||
"snd-aloop"
|
||||
];
|
||||
# Set initial kernel module settings
|
||||
extraModprobeConfig = ''
|
||||
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
|
||||
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
|
||||
# https://github.com/umlaeute/v4l2loopback
|
||||
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
|
||||
'';
|
||||
loader.systemd-boot.configurationLimit = 3;
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
security.tpm2.enable = true;
|
||||
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
users.users.lillian.extraGroups = ["tss"]; # tss group has access to TPM devices
|
||||
|
||||
# FIXME: re-enable virtual camera loopback when it build again.
|
||||
boot.bootspec.enable = true;
|
||||
#boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
#boot.supportedFilesystems = ["bcachefs"];
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out];
|
||||
boot.kernelModules = [
|
||||
# Virtual Camera
|
||||
"v4l2loopback"
|
||||
# Virtual Microphone, built-in
|
||||
"snd-aloop"
|
||||
];
|
||||
# Set initial kernel module settings
|
||||
boot.extraModprobeConfig = ''
|
||||
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
|
||||
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
|
||||
# https://github.com/umlaeute/v4l2loopback
|
||||
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
|
||||
'';
|
||||
boot.loader.systemd-boot.configurationLimit = 3;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
}
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
# This is your system's configuration file.
|
||||
# Use this to configure your system environment (it replaces /etc/nixos/configuration.nix)
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
|
@ -8,6 +9,8 @@
|
|||
}: {
|
||||
# You can import other NixOS modules here
|
||||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -18,32 +21,39 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
../../desktop
|
||||
|
||||
../../../disko/EDI
|
||||
|
||||
# Import your generated (nixos-generate-config) hardware configuration
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/EDI;
|
||||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services.vpn-ip = {
|
||||
ip = "3";
|
||||
};
|
||||
|
||||
networking.hostName = "EDI";
|
||||
|
||||
boot = {
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
loader.systemd-boot.enable = lib.mkForce false;
|
||||
initrd.systemd.enable = true;
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
lillian-password: ENC[AES256_GCM,data:0mwqnvA+xrDD/m6uQtPbo9MpcFsOoqHE+Cg2gF6xZzNsqM3i/OmvAe7syp+mGBacZ3avoIHowLSWgXUkMcuFPeYa6XRkrX4LhA==,iv:f1kB54k6ZYWKlZ0Zowu8fOD0cf2WvNlX3GSpy1sUMdA=,tag:dsusc45E1BmYsNmiPzNccg==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:CqXlIN0gKzMrZRJycAf96LUVNw9yCZpHtE8XP+JwV2Ftip46iUksg1uExxQ=,iv:LdcopSz8Hx5hO1M00B8r+C7XViwpjGOpvmoXUHIkFtc=,tag:rbskx98YjcYV1lB8OO2VxQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -15,8 +14,8 @@ sops:
|
|||
eUZ6b09pYlRVWFBuUm1Ua2l6Z0dacW8KeQdAVsxXsDiDMtFA2koSpDsw7Ib63vA0
|
||||
GE/ubWDwwRc7wMPFGuofIe6TaDSFgtVXza+yo+i4y51+BOpwqxlYYA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-06T18:01:20Z"
|
||||
mac: ENC[AES256_GCM,data:UTzeVEUolw6oBrRL8NMEcb5WmJYUdKnnxKYTrV0AowX6B5Jk8e6hSHqMiEmY9yPdS0HGA0i+DirGvrW3TmsOk2XehsiNO9puXb0/6KiaTge4y3/ueVASAPs/qB9RR6EAdBiE1ZUKVy2vpL+x9xp5XY2F8aHIp22DmJ5Xg5oyWJc=,iv:1/Fj2xAKHUebsj1FLmmGAmvHXNYsLXIfP6F7PJ7EH9M=,tag:XvFBu2vCNj7UMbWVPgo94Q==,type:str]
|
||||
lastmodified: "2024-02-21T10:15:11Z"
|
||||
mac: ENC[AES256_GCM,data:AnQfufrAVvN2f2kr2KLM8toFj4BUxM1xvwH48DE1OcoenBlzQHu76R35cc9q0rJjOBWXYnZPLEHncE46XyXt56HPboH/blIEZwa9aL1pwDOV5UwbaqZTuSy7/Ylnn0ZoZtcD4gFnavWBT9iUgu3VjRso1i6eXm0Lc1mvwRbH63M=,iv:zJW4Bzm+IGzgxsFE7QP+E4RY5UoPWTUeo9RfoLpbSt8=,tag:E29Pnjtp0w05hdEQCmkj7A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
||||
version: 3.8.1
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
imports = [
|
||||
# Import home-manager's NixOS module
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
outputs.nixosModules.vpn-ip
|
||||
# If you want to use modules your own flake exports (from modules/nixos):
|
||||
# outputs.nixosModules.example
|
||||
|
||||
|
@ -21,7 +20,7 @@
|
|||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./users.nix
|
||||
|
||||
# ../../desktop
|
||||
../../desktop
|
||||
|
||||
../../../disko/GLaDOS
|
||||
|
||||
|
@ -29,39 +28,35 @@
|
|||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
services.vpn-ip = {
|
||||
ip = "2";
|
||||
};
|
||||
|
||||
networking.hostName = "GLaDOS";
|
||||
|
||||
services.xserver.videoDrivers = ["amdgpu"];
|
||||
hardware = {
|
||||
# Add vulkan support to GPU
|
||||
graphics.extraPackages = with pkgs; [
|
||||
amdvlk
|
||||
];
|
||||
# For 32 bit applications
|
||||
graphics.extraPackages32 = with pkgs; [
|
||||
driversi686Linux.amdvlk
|
||||
];
|
||||
};
|
||||
programs = {
|
||||
gamemode.enable = true;
|
||||
gamemode.settings = {
|
||||
|
||||
# Add vulkan support to GPU
|
||||
hardware.graphics.extraPackages = with pkgs; [
|
||||
amdvlk
|
||||
];
|
||||
# For 32 bit applications
|
||||
hardware.graphics.extraPackages32 = with pkgs; [
|
||||
driversi686Linux.amdvlk
|
||||
];
|
||||
|
||||
programs.gamemode = {
|
||||
enable = true;
|
||||
settings = {
|
||||
general = {
|
||||
renice = 10;
|
||||
};
|
||||
|
||||
# Warning: GPU optimisations have the potential to damage hardware
|
||||
# gpu = {
|
||||
# apply_gpu_optimisations = "accept-responsibility";
|
||||
# gpu_device = 0;
|
||||
# amd_performance_level = "high";
|
||||
# };
|
||||
gpu = {
|
||||
apply_gpu_optimisations = "accept-responsibility";
|
||||
gpu_device = 0;
|
||||
amd_performance_level = "high";
|
||||
};
|
||||
|
||||
custom = {
|
||||
start = "${pkgs.libnotify}/bin/notify-send 'GameMode started'";
|
||||
|
@ -69,10 +64,8 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
boot = {
|
||||
loader.systemd-boot.enable = true;
|
||||
binfmt.emulatedSystems = ["aarch64-linux"];
|
||||
};
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
||||
# boot.lanzaboote = {
|
||||
# enable = true;
|
||||
|
@ -81,6 +74,17 @@
|
|||
|
||||
users.users.lillian.extraGroups = ["gamemode"];
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/GLaDOS;
|
||||
};
|
||||
};
|
||||
|
||||
# virtualisation.waydroid.enable = false;
|
||||
networking.hostName = "GLaDOS";
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
lillian-password: ENC[AES256_GCM,data:aHJCYmnpGIWJMsNZ8aw51Rquuv4F7kgGvfIxHMELuDlEqgjkg+SAhh+UQEpv16F0WVxrYZ/EwxKFMBpfPv9M2NLZC98bav0D9g==,iv:uzYLfmxG46ubmgeFsfW7aqXZbcL+TQw0VdDcklV0/ZI=,tag:Ozcf5qXC7xh0VcsBzhyo2g==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:em6sci3eefw5TJHpzgTaGGuQp8UuvOmkHRsQltg0TKpMb1Lrcxicb23cQxo=,iv:VEeGmzncHyAgP5toTOwDK6qw0OT4/6Etxh8Zr4uYQD4=,tag:nvse11zMhzukzClx5ub4dw==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:YM8GTH6EEXLt1ZC1ZdyLWVJyGUykS0DulTL0QgOFCTztRA+5JoA6Af42MIEMm4sMSatOt9pbGE9BXh5T53uNkx87cS8pfb714N8EKrMTYmtWi2M2TatEM6+qMRpP777GalB3v2HnfTfwhx+TfQ+iSCEo45Unsumzr+/9uZ/b4vYBxbd82UKO1tmlTw3R7aEpesJuJe/I3sAg0ZXTWti0e2MYfFawlSXtgQo382bFnV/mi9JkNx62AUFI6Q0a09V2C3FU4e4qP9jeP+COfCuCjRuaf8eu0VYczy4vVkN5NNBhkuLCZl0xANfqM5tDt8q+meYHmYWq1ceyeZ9OdZhKA7lMJi2K1DgTmgbD356itEtjXb7KF7VWIVnR0Gm+vVHx90Bv6eQp4n2I5mWbCVy8wqiIlacxuH8PO6jAPUM1Q8E+SVJb2HcLPdlURHyyK0fLVWaFhtFH4rwyKAv/2yEO2iNfZd9zFqvX5/JdyUPRCpMKkjxQgZN+raVHok0SwvPfXA9wvRpQyYSD4SUqCYsRcs6JugW8a14bZrvg,iv:L9ACOUFtAxkWsXW+tDKGwKn1ZHYNv7WmBty5krayVu8=,tag:hbrgscOczukqLBU/Y+6aLA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,8 +14,8 @@ sops:
|
|||
MUZWTVh0dVdMZlRzelJ4WlROUlIyNmcKphNuMN9Wh8h/gvmtUxQWjPKtgjWriLRD
|
||||
+DpEEVGrmu0RJ8/wUqjxGoL4GzLAlZm4EnKlyUyA0tw8sbLZ2Lnl/w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-22T22:09:35Z"
|
||||
mac: ENC[AES256_GCM,data:yjUFBgTLQI9Nh2tjiNNV2bsPJsDRQChPEptO8Gmt2vLEK/Kuwl0bZ9J+OmOTe4NOpwq5b/lYt0Lj7itEeOWWW5nnz2Jq0/dLMEu0mSxoWv1rOKylhoeG8oIEx0ui7VKfst72UW/jqqm9TUkDzuskVND1pd4DV3/GQRmy16WPkyo=,iv:the5XkB13jRuNP8Kj9Jmn4csIaDPt1NnScXbxPt7Dk4=,tag:aY4hU9v66/AwrtvcLAT/mA==,type:str]
|
||||
lastmodified: "2024-02-22T11:58:42Z"
|
||||
mac: ENC[AES256_GCM,data:TuNvE51hpHvOjB3G2y7UCT8BvlI1ulc8aeeBihtnGiGDjwU1Eze1bdA47hZYCZsCYdo3Tow1gY0gCkJACKeWqUXMLT8jxcUfiUWqQicQhBm/TT9m+oqLQiAqJCkh1Ez8XuaftqIg+oJstyy4wZyvMK8Bg+9EsSYiBnMrKfrgLBs=,iv:GXy93l1BBkkeKXJ1ntFI6Rw6QZmSbzDlWClJ16/Csv4=,tag:jBYynl6tLL/xN61ypMwvrw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.8.1
|
||||
|
|
|
@ -13,8 +13,6 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
# ./nvim.nix
|
||||
./hardware-configuration.nix
|
||||
|
@ -28,17 +26,16 @@
|
|||
# Import disko
|
||||
# ../../../disko/queen
|
||||
];
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = false;
|
||||
services = {
|
||||
openssh = {
|
||||
enable = true;
|
||||
settings = {
|
||||
# require public key authentication for better security
|
||||
PasswordAuthentication = false;
|
||||
KbdInteractiveAuthentication = false;
|
||||
PermitRootLogin = "no";
|
||||
};
|
||||
};
|
||||
networking.domain = "";
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "no";
|
||||
};
|
||||
|
||||
nixpkgs = {
|
||||
|
@ -53,6 +50,9 @@
|
|||
};
|
||||
};
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
fzf
|
||||
matrix-conduit
|
||||
|
@ -88,66 +88,58 @@
|
|||
sqlite
|
||||
rocksdb
|
||||
];
|
||||
networking = {
|
||||
domain = "";
|
||||
|
||||
# Create an auto-update systemd service that runs every day
|
||||
# system.autoUpgrade = {
|
||||
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
|
||||
# dates = "daily";
|
||||
# enable = true;
|
||||
# };
|
||||
# Create an auto-update systemd service that runs every day
|
||||
# system.autoUpgrade = {
|
||||
# flake = "git+https://git.lillianviolet.dev/Lillian-Violet/NixOS-Config.git";
|
||||
# dates = "daily";
|
||||
# enable = true;
|
||||
# };
|
||||
|
||||
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
|
||||
# Enable networking
|
||||
# networking.networkmanager.enable = true;
|
||||
# networking.nat.enable = true;
|
||||
# networking.nat.internalInterfaces = ["ve-+"];
|
||||
# networking.nat.externalInterface = "ens18";
|
||||
enableIPv6 = lib.mkForce true;
|
||||
nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
|
||||
# systemd.services.systemd-networkd.serviceConfig.Environment = "SYSTEMD_LOG_LEVEL=debug";
|
||||
# Enable networking
|
||||
# networking.networkmanager.enable = true;
|
||||
# networking.nat.enable = true;
|
||||
# networking.nat.internalInterfaces = ["ve-+"];
|
||||
# networking.nat.externalInterface = "ens18";
|
||||
networking.enableIPv6 = lib.mkForce true;
|
||||
networking.nameservers = ["2a02:c207::1:53" "2a02:c207::2:53"];
|
||||
|
||||
# networking.interfaces.ens18.ipv4.addresses = [
|
||||
# {
|
||||
# address = "62.171.160.195";
|
||||
# prefixLength = 32;
|
||||
# }
|
||||
# ];
|
||||
# networking.interfaces.ens18.ipv4.addresses = [
|
||||
# {
|
||||
# address = "62.171.160.195";
|
||||
# prefixLength = 32;
|
||||
# }
|
||||
# ];
|
||||
|
||||
interfaces.ens18.ipv6.addresses = [
|
||||
{
|
||||
address = "2a02:c207:2063:2448::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
networking.interfaces.ens18.ipv6.addresses = [
|
||||
{
|
||||
address = "2a02:c207:2063:2448::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
networking.defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
defaultGateway6 = {
|
||||
address = "fe80::1";
|
||||
interface = "ens18";
|
||||
};
|
||||
firewall = {
|
||||
# Open ports in the firewall.
|
||||
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
};
|
||||
|
||||
hostName = "queen";
|
||||
|
||||
# Disable the server going through wireguard vpn for now
|
||||
wireguard.enable = lib.mkForce false;
|
||||
};
|
||||
|
||||
# networking.useNetworkd = true;
|
||||
|
@ -180,15 +172,20 @@
|
|||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
configurationLimit = 3;
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/queen;
|
||||
};
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
};
|
||||
|
||||
networking.hostName = "queen";
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.configurationLimit = 3;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -6,14 +6,13 @@ releaseCookie: ENC[AES256_GCM,data:oG8DcUP+gIm5xPzIJdmjrtX/TdrcS8IgeGJeu0oOmZb0/
|
|||
mssqlpass: ENC[AES256_GCM,data:XEu4bQC5qM5Cm8UDVX3qAzTuL/t3xbx+qcEbZM4h3Hg=,iv:jgpZ93THYBlUvJDC5+YZiIxu/14e7nFSy76J0vc8Hek=,tag:iKsEDp/KZ5juqzmUgtP8iA==,type:str]
|
||||
mailpassunhash: ENC[AES256_GCM,data:q/P3nrNLy3hCISDmalw94nzWIFhoCdCTyflj27D2Ltr8,iv:oAFna87l3sL/42ljUF1QsRL0xBrP82uYdKLxK/8HcQE=,tag:liFFGHbNPOpOHyMsjnvMOQ==,type:str]
|
||||
rpcSecret: ENC[AES256_GCM,data:gOuQSY2RI6rnSnG1,iv:xz1ueq4/UOKYBs5r9Tk4jL0+GyX8uo8I8ZymVgIMKLI=,tag:Fr8rWIttLz7X8Pri6FBJBQ==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:mq8QWoQ4tE4eYaFbwCzQnRREUFI2qrnmDnwurKMu6qdKkDylqc65E7jgGDI=,iv:r5RdcmfW4OaKlbbzUCPahONvpLcfZ7X7KcEEYFIYFDk=,tag:e93C4lByJV75JMHLJ02PfA==,type:str]
|
||||
wg-private: ENC[AES256_GCM,data:6BEuNqqG//p5UhRmQ4RPEze6jZdvzK4PEXxlbX2ANYIhFpacj0aZnCr9o/A=,iv:tPlwYdV4I5oA8qG+bfVi1Dpbf7xedByantqsmylZXKQ=,tag:k1BqKqlayOWz5QW1XiAjqQ==,type:str]
|
||||
lillian-password: ENC[AES256_GCM,data:tc+Romv2fL+tdqLLmbwqaF4IHrNZ0VEpnECmW/66FW7IUpjHMyS7YP+pmmvDCzM9afIXMxyPFHGNRwiCmxqstiiNeSeLdo6rDw==,iv:sGeu9aNTgdpThv+0Z/nZKIrat1xNgM0t/KTGPaFbsdI=,tag:kZBHF4X0KO9znog61NwU+Q==,type:str]
|
||||
coturn-auth-secret: ENC[AES256_GCM,data:RYxyATuYIcrGd8h8Gc4CP9ZQ80ekuuwHehnOPYisHejmycgT8a2mWpk+5r3HkFmBNcLDeNlfnhIif5oLHGuHyw==,iv:M2GdNDxP4xpP35FJPTgljbcKpOm6DmEEnIYRItAxDVI=,tag:IiiNXeTi6Yja5PrnKRkhdA==,type:str]
|
||||
grafana-telegraf-key: ENC[AES256_GCM,data:agpUzG1/n2NAKDt45IgelmDf0CUlC82fmD4f7JdcszNuUg7uCNA7XeaJ6PZtHQ==,iv:keo3i+qSbtXkA5fyCr2S5z9nJS9bXUn5WDiPgWocPU8=,tag:p/nDff10PRhi9pOszp1PnA==,type:str]
|
||||
sync-secrets: ENC[AES256_GCM,data:AwCgqfSXmYVGnCV5PJ5Ql44IiutTS76F1H7Ow7gB4mQQ8PtiAsmArzpAXd7LzsXedm55X04U+GvkcbM9cwPcF+psyb3Zi8EnI/mjnI9MgFyySSEcosJZVAtCpXGIMyYgRXtF5OBh5CzupAG059d1TDAqrSpLXMuSDdypTaOMHxnlq5q1swfpzhhY3PVgUKVFXdjZLX8aF3JTE9ceVxFsB+traLzOQsl+QKty0x0mpuqR97zkMCchX7bTwgUgbl7phzTvmwV8Qw==,iv:gkZs5NB9+CLfz4kfV4ha2llZQPP81uuXRKqUlASgpiA=,tag:DXkiG0ZFHLHlVhwLwtv/XQ==,type:str]
|
||||
writefreely: ENC[AES256_GCM,data:QOj5h/rHCxmgpPNhu3IS4eyruhQokHTJxW6yQM9YDgQ=,iv:qAd+/rAAanzL9FTIX22M+2kwI0WI2d3i86cJrn8MFBo=,tag:3zvpqnovDEoJdvK/qcFDuQ==,type:str]
|
||||
writefreelymysql: ENC[AES256_GCM,data:1JZwIX04O3DBAo7JvEkeNrFcSdcmk/u4WUf/kkbr2JA=,iv:8H8MR8w1iLfl2r62EbxPnLzs4qWFmwB5gNKEaly8q6c=,tag:K01oKMXkeMOFs3u7frMs0Q==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:DK/ggskAyhvotRkf36oZBoPw3hGvVlXneqaJZRPwX2a3YVMy4zgDE3iN65UeR6mfkp9J3OmLejOHeWFB/bRCHY3oTW6GUuZljTe2rI1/x/d2s4zX5UPPEWcy3cXH25d72DzElQBEMDKuZyDe0OZ0/NkR//vEeXgoA2Nr/NKHlTWrq/t26DMD2Vt+kQ+S9b0hh4tgh3OP1lwRu9/mTJOmInd/86gKB9+aD9V0oFvNbMEmgbwIah+ZjQBHB7GEIwjUc/lLmc+3RSn9J0rICIhnhL7NTzHUDHkYd93Tm0L9UHIyi9Oco2sK8tuV5mTDM1OK8CbDg/5FICTQ0H4sstCrDNZd2wE4E1kaZuwYOyxpzQpWJY8jOxxw5oIE0IccvvptM/9vp+0f1F2RIDrkIdHSLpFbGZGvXNVAWlXyv+0qOYS7BGzD0KAh9f74GcAvULq36vdzBahb5e+CqT3JXESne8qhkpsP0G9Z1I1Fy0xpADx/9cTnAm5RmXTw/KBPmBA5IZYZBRbR/C+N7Xyxr7u9RcwFJdIbSpAeT/ew,iv:pHT7DtX1ab7boPboXRaSg9w/4sMgNraEswtEf2tBPkw=,tag:Fbw2/Evf4ZsLFMBPflf9CA==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -29,8 +28,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-23T00:03:37Z"
|
||||
mac: ENC[AES256_GCM,data:uRXXG8sDFqMyuhSSJrD3gDmZd2uGdrV/vHxfrAzTHYa+rtq7EjsIynxa9obpBKEbCSHa5UHgNxoP9VpSd9n9ENaRDxKFdaANcREjUihTDv0rFoMyaiBPcjWjj5/W8rA2ki7V4M0tgERUmq+UOcW5uZg01jPrHm7TFgdwZezFPfI=,iv:FX7DrwjA2DYKRif4EdhQ7rQKfQdk4NrQBIA+LB/3xkI=,tag:swckRXnUoVVdBsx8tDqIKA==,type:str]
|
||||
lastmodified: "2024-08-16T13:34:43Z"
|
||||
mac: ENC[AES256_GCM,data:IdQmx7/Y2fdQ9gBgKYCUZQuAVRqbP5KWG4EplO6pYqA8b5xzGnmCSCwyYIXU+3NExEZCEKEfX68mdYlWPRTKUdamOBdN+fQrGXwr5lw5dpKe03ccGw7Hayi0B4O8WbLEjw1RU50v2eoK9MpD5FPrUu1AzGz3+txxzV3hoxg6Sp0=,iv:WXvxAvg+sAKYbzjaz1QKDgVrnMraO3EtIgC12zb9Xi0=,tag:FmH84rGBotouvjCOq+xL8w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.9.0
|
||||
|
|
|
@ -14,9 +14,8 @@
|
|||
# Or modules exported from other flakes (such as nix-colors):
|
||||
# inputs.nix-colors.homeManagerModules.default
|
||||
|
||||
outputs.nixosModules.vpn-ip
|
||||
|
||||
# Import the shared settings
|
||||
../../shared
|
||||
../../desktop/package-configs/firefox
|
||||
|
||||
# You can also split up your configuration and import pieces of it here:
|
||||
|
@ -27,101 +26,11 @@
|
|||
|
||||
./auto-mount.nix
|
||||
];
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
loader = {
|
||||
# TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
# tss group has access to TPM devices
|
||||
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
systemd-boot.enable = lib.mkForce false;
|
||||
systemd-boot.configurationLimit = 3;
|
||||
timeout = 0;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
initrd.systemd.enable = true;
|
||||
|
||||
lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
consoleLogLevel = 0;
|
||||
kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
|
||||
plymouth.enable = true;
|
||||
};
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = false;
|
||||
networking = {
|
||||
domain = "";
|
||||
|
||||
# Enable networking
|
||||
networkmanager.enable = true;
|
||||
|
||||
firewall.enable = true;
|
||||
|
||||
firewall.allowedTCPPorts = [22];
|
||||
|
||||
hostName = "shodan";
|
||||
};
|
||||
services.vpn-ip = {
|
||||
ip = "4";
|
||||
};
|
||||
|
||||
services = {
|
||||
openssh.enable = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
# Enable the X11 windowing system.
|
||||
xserver.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
desktopManager.plasma6.enable = true;
|
||||
|
||||
avahi = {
|
||||
nssmdns4 = true;
|
||||
enable = true;
|
||||
ipv4 = true;
|
||||
ipv6 = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
addresses = true;
|
||||
workstation = true;
|
||||
};
|
||||
};
|
||||
displayManager = {
|
||||
defaultSession = "plasma";
|
||||
sddm.wayland.enable = lib.mkForce true;
|
||||
sddm.settings = {
|
||||
Autologin = {
|
||||
Session = "plasma.desktop";
|
||||
User = "lillian";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable flatpak support
|
||||
flatpak.enable = true;
|
||||
packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
xserver = {
|
||||
xkb.layout = "us";
|
||||
xkb.variant = "";
|
||||
};
|
||||
|
||||
# Enable CUPS to print documents.
|
||||
printing.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
fwupd.enable = true;
|
||||
pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
};
|
||||
networking.domain = "";
|
||||
services.openssh.enable = true;
|
||||
|
||||
nixpkgs = {
|
||||
# You can add overlays here
|
||||
|
@ -133,6 +42,10 @@
|
|||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
|
||||
#Set up sops config, and configure where the keyfile is, then set the mode for the unencrypted keys
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Custom tools
|
||||
auto-mount
|
||||
|
@ -142,11 +55,9 @@
|
|||
decky-loader
|
||||
efitools
|
||||
jq
|
||||
# noto-fonts
|
||||
# noto-fonts-emoji-blob-bin
|
||||
# noto-fonts-emoji
|
||||
qjackctl
|
||||
|
||||
noto-fonts
|
||||
noto-fonts-emoji-blob-bin
|
||||
noto-fonts-emoji
|
||||
#rustdesk
|
||||
sbctl
|
||||
udisks
|
||||
|
@ -157,7 +68,7 @@
|
|||
|
||||
#KDE:
|
||||
krunner-translator
|
||||
# kdePackages.discover
|
||||
kdePackages.discover
|
||||
kdePackages.kcalc
|
||||
kdePackages.kdepim-addons
|
||||
kdePackages.kirigami
|
||||
|
@ -166,8 +77,6 @@
|
|||
# kdePackages.krunner-symbols
|
||||
kdePackages.qtvirtualkeyboard
|
||||
kdePackages.packagekit-qt
|
||||
kdePackages.krdc
|
||||
kdePackages.krfb
|
||||
libportal
|
||||
|
||||
#Gaming:
|
||||
|
@ -195,24 +104,48 @@
|
|||
enableGyroDsuService = true;
|
||||
};
|
||||
};
|
||||
programs = {
|
||||
steam = lib.mkForce {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
kdeconnect.enable = true;
|
||||
|
||||
noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
programs.steam = lib.mkForce {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
|
||||
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
|
||||
extest.enable = true;
|
||||
};
|
||||
hardware.graphics.enable32Bit = true; # Enables support for 32bit libs that steam uses
|
||||
|
||||
git = {
|
||||
enable = true;
|
||||
# Enable the X11 windowing system.
|
||||
services.xserver.enable = true;
|
||||
|
||||
# Enable the KDE Plasma Desktop Environment.
|
||||
services.desktopManager.plasma6.enable = true;
|
||||
programs.kdeconnect.enable = true;
|
||||
|
||||
services.displayManager.defaultSession = "plasma";
|
||||
services.displayManager.sddm.wayland.enable = lib.mkForce true;
|
||||
services.displayManager.sddm.settings = {
|
||||
Autologin = {
|
||||
Session = "plasma.desktop";
|
||||
User = "lillian";
|
||||
};
|
||||
};
|
||||
|
||||
# Enable flatpak support
|
||||
services.flatpak.enable = true;
|
||||
services.packagekit.enable = true;
|
||||
|
||||
# Configure keymap in X11
|
||||
services.xserver = {
|
||||
xkb.layout = "us";
|
||||
xkb.variant = "";
|
||||
};
|
||||
|
||||
# Enable networking
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
|
||||
# # Enable automounting of removable media
|
||||
# services.udisks2.enable = true;
|
||||
# services.devmon.enable = true;
|
||||
|
@ -221,14 +154,32 @@
|
|||
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
hardware = {
|
||||
graphics.enable32Bit = true;
|
||||
|
||||
# Enable bluetooth hardware
|
||||
bluetooth.enable = true;
|
||||
# Enable CUPS to print documents.
|
||||
services.printing.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
pulseaudio.enable = false;
|
||||
# Enable bluetooth hardware
|
||||
hardware.bluetooth.enable = true;
|
||||
|
||||
# Enable fwupd daemon and user space client
|
||||
services.fwupd.enable = true;
|
||||
|
||||
# Enable sound with pipewire.
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
alsa.enable = true;
|
||||
alsa.support32Bit = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
|
||||
programs.noisetorch = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
users.users.lillian.extraGroups = ["decky" "tss" "input"];
|
||||
|
@ -236,15 +187,39 @@
|
|||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
security = {
|
||||
rtkit.enable = true;
|
||||
tpm2 = {
|
||||
enable = true;
|
||||
pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
tctiEnvironment.enable = true;
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/shodan;
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "shodan";
|
||||
|
||||
security.tpm2.enable = true;
|
||||
security.tpm2.pkcs11.enable = true; # expose /run/current-system/sw/lib/libtpm2_pkcs11.so
|
||||
security.tpm2.tctiEnvironment.enable = true; # TPM2TOOLS_TCTI and TPM2_PKCS11_TCTI env variables
|
||||
# tss group has access to TPM devices
|
||||
|
||||
# Lanzaboote currently replaces the systemd-boot module.
|
||||
# This setting is usually set to true in configuration.nix
|
||||
# generated at installation time. So we force it to false
|
||||
# for now.
|
||||
boot.loader.systemd-boot.enable = lib.mkForce false;
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
boot.lanzaboote = {
|
||||
enable = true;
|
||||
pkiBundle = "/etc/secureboot";
|
||||
};
|
||||
boot.loader.systemd-boot.configurationLimit = 3;
|
||||
boot.loader.timeout = 0;
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.consoleLogLevel = 0;
|
||||
boot.kernelParams = ["quiet" "udev.log_priority=0" "fbcon=vc:2-6" "console=tty0"];
|
||||
boot.plymouth.enable = true;
|
||||
|
||||
# https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion
|
||||
system.stateVersion = "24.11";
|
||||
}
|
||||
|
|
|
@ -1,6 +1,4 @@
|
|||
lillian-password: ENC[AES256_GCM,data:uPNBvMyhkiX3eedduFlsFUIcas/VBVSYrsmGTlgGUOzTQST59CYZRoq0ArphIJ3+Usy6KbR5tA5FCp4PoB3qVYBfjlAq6dhZIw==,iv:TiUIo2lvdL6SiDuW4gWn0TeJXkz5MldzqGxuK3MNPnE=,tag:d3p/h+q50JxygDtk2qxIeQ==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:PeuKeYRHfOzGlekLI95EH3qq+blntZrrboPKaKC0ghD5zIyaCYrFHYWLkug=,iv:BcugGYW7+i7d04H4EKn+BdJJPqwMVVvlHBETO0x0kQM=,tag:Z/ammSrFpWTIbVfi4VJZ9w==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:7K3p6Lu4je2fNmvtKpLY2z7MG5E0gg3486PCLTlm/NzWpiH0FO8KO2yPkPPVurXfUWj7ig3eiP+bc6+kufRQ8+MCHaR+JA056cdMch0MMK92FyPvJjNKzwB4W3BpdvOKipaZvuvSfgdrEdpz6rWRwBb9KaUW5aHBjW5eQNm+q0yP2uZjW6Ncp/zrdevjlRJyXGnNJD8CBDQgLILvqlvziRO4xBnSZOmFpdCKM9jMkxwHIQUND4ic71G6cheN+kIsgsa67DlJjfrngGWxKrlC3Q2DC+30vHtW8f18oa+g7eu9eTz8+bSLxYJf9TADwE+UYe2Hakib1ju67yxBkcomIjBvqgo+zEr0jC2qYmOvlKfqn64gSbAE7zEVCbavz6gA2EMb0g47twtAdgGUyzppGQ4LXjZXv6lyYov2gdXP7bzAcXXfzDh92BuTUOp9HXOTsLh7XC7cPKziowwwT+oUeOaSujMT9tgqkazgcVR3ne+PjxduptV75gxOwxeu6F2Zm+4Y4xJBdJeyP1Baq0yj4HNY/gv3pxEEXgU5,iv:TJ3AsSvXeUmBsKd6xy+Kc1ws+Yc9ZQ5Q4A8UFHI7Wsg=,tag:egCYoe3Mkbvkup0itszm4w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -16,8 +14,8 @@ sops:
|
|||
KzNBMCtUaS9sU21Xc1JUd1FSR29tSkEKyqaDM/WUWjK2l+ahE6sIFYsQ6Qtkf7yz
|
||||
NWFTzsDZBmm9kpSIjchf+PuBuoRHeEKbEH8jnMlYB3J8boEnUnXMlw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-22T22:35:15Z"
|
||||
mac: ENC[AES256_GCM,data:olqDdjgOF7MsYXibawEn4bou6LPof25j231+Vwr+pSGCO19Sj44OkZpS0YmNBi+Uym+X6RGM5uV3fg4JYVgThnALI9JFyFuZ41gjPRyNBXJ16RnogKykHK5XNjQEogYho5bgLA8DTDeOvSfFHW2ENM052z6lJyAaPWJLa4ADlEY=,iv:YXGKcHQfqZCnK9Z3Nw/JxcTmZR++0iKUc7PDbLBqahY=,tag:UbHZvFZjaYjrC51Q1f/oyg==,type:str]
|
||||
lastmodified: "2024-03-19T00:42:59Z"
|
||||
mac: ENC[AES256_GCM,data:WuwpvgM5WCmtsb9WH6us1dn0+qQuV/6+ooI8K7Wp+VFlMWLA4g509TgOFHG+cxWJeN2cRtilnHM1INv1U6uadjWis0LrjrqbHaMRJ5aAr3/zKoTXWTG4pRNykoYmCkwHLnx0gJi6hm4PbKOIFVM+6V5m9JCLKRVO6eqyW15SVww=,iv:xVR5ZGs2Ww+J57qreIlHSW8A+ADAOjzM7B+KLRFrRLw=,tag:6KTaeX8+Txz4j1UJUWRj+w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,346 +1,127 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
modulesPath,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# inputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
|
||||
./armv7l.nix
|
||||
./hardware-configuration.nix
|
||||
|
||||
# Import shared settings
|
||||
# Import shared configurations
|
||||
../../shared
|
||||
];
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(final: super: {
|
||||
makeModulesClosure = x:
|
||||
super.makeModulesClosure (x // {allowMissing = true;});
|
||||
})
|
||||
];
|
||||
programs = {
|
||||
# Allow executing of anything on the system with a , eg: , python executes python from the nix store even if not in $PATH currently
|
||||
command-not-found.enable = lib.mkForce false;
|
||||
nix-index.enable = true;
|
||||
nix-index-database.comma.enable = true;
|
||||
};
|
||||
services = {
|
||||
automatic-timezoned.enable = true;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.generic-extlinux-compatible.configurationLimit = 5;
|
||||
boot.loader.grub.enable = false;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
|
||||
# stubby = {
|
||||
# enable = true;
|
||||
# settings =
|
||||
# pkgs.stubby.passthru.settingsExample
|
||||
# // {
|
||||
# upstream_recursive_servers = [
|
||||
# {
|
||||
# address_data = "94.140.14.49";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "94.140.14.59";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "2a10:50c0:0:0:0:0:ded:ff";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# address_data = "2a10:50c0:0:0:0:0:dad:ff";
|
||||
# tls_auth_name = "4b921896.d.adguard-dns.com";
|
||||
# tls_pubkey_pinset = [
|
||||
# {
|
||||
# digest = "sha256";
|
||||
# value = "19HOzAWb2bgl7bo/b4Soag+5luf7bo6vlDN8W812k4U=";
|
||||
# }
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
openssh = {
|
||||
enable = true;
|
||||
# require public key authentication for better security
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.KbdInteractiveAuthentication = false;
|
||||
settings.PermitRootLogin = "no";
|
||||
};
|
||||
|
||||
davfs2.enable = true;
|
||||
|
||||
aria2 = {
|
||||
enable = true;
|
||||
settings = {
|
||||
dir = "/var/lib/media";
|
||||
rpc-listen-port = 6969;
|
||||
};
|
||||
rpcSecretFile = config.sops.secrets."rpcSecret".path;
|
||||
};
|
||||
|
||||
dnsmasq = {
|
||||
enable = true;
|
||||
settings = {
|
||||
interface = "wg1";
|
||||
};
|
||||
};
|
||||
};
|
||||
sops = {
|
||||
# users.users = {
|
||||
# ombi.extraGroups = ["radarr" "sonarr" "aria2"];
|
||||
# };
|
||||
# services.ombi = {
|
||||
# enable = true;
|
||||
# port = 2368;
|
||||
# };
|
||||
|
||||
# users.users = {
|
||||
# radarr.extraGroups = ["aria2"];
|
||||
# sonarr.extraGroups = ["aria2"];
|
||||
# };
|
||||
|
||||
# services = {
|
||||
# #uses port 7878
|
||||
# radarr.enable = true;
|
||||
# #uses port 8989
|
||||
# sonarr.enable = true;
|
||||
# prowlarr.enable = true;
|
||||
# };
|
||||
|
||||
secrets."webdav-secret" = {
|
||||
mode = "0600";
|
||||
path = "/etc/davfs2/secrets";
|
||||
};
|
||||
|
||||
secrets."rpcSecret".mode = "0440";
|
||||
secrets."rpcSecret".owner = config.users.users.aria2.name;
|
||||
|
||||
secrets."protonvpn-priv-key".mode = "0440";
|
||||
secrets."protonvpn-priv-key".owner = config.users.users.root.name;
|
||||
};
|
||||
boot = {
|
||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
||||
|
||||
initrd.kernelModules = ["vc4" "bcm2835_dma" "i2c_bcm2835" "cma=256M" "console=tty0"];
|
||||
|
||||
kernel.sysctl = {
|
||||
"net.ipv4.ip_forward" = 1;
|
||||
"net.ipv6.conf.all.forwarding" = 1;
|
||||
};
|
||||
};
|
||||
|
||||
sdImage.compressImage = false;
|
||||
|
||||
networking = {
|
||||
hostName = "wheatley";
|
||||
|
||||
networkmanager.enable = true;
|
||||
|
||||
# Disable NetworkManager's internal DNS resolution
|
||||
networkmanager.dns = "none";
|
||||
|
||||
# These options are unnecessary when managing DNS ourselves
|
||||
useDHCP = false;
|
||||
dhcpcd.enable = false;
|
||||
|
||||
# Configure DNS servers manually (this example uses Cloudflare and Google DNS)
|
||||
# IPv6 DNS servers can be used here as well.
|
||||
nameservers = [
|
||||
# "127.0.0.1"
|
||||
# "::1"
|
||||
"94.140.14.49"
|
||||
"94.140.14.59"
|
||||
"2a10:50c0:0:0:0:0:ded:ff"
|
||||
"2a10:50c0:0:0:0:0:ded:ff"
|
||||
# boot.extraModulePackages = [
|
||||
# (pkgs.callPackage ./rtl8189es.nix {
|
||||
# kernel = config.boot.kernelPackages.kernel;
|
||||
# })
|
||||
# ];
|
||||
nixpkgs = {
|
||||
# You can add overlays here
|
||||
overlays = [
|
||||
];
|
||||
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
# # "wg0" is the network interface name. You can name the interface arbitrarily.
|
||||
# wg0 = {
|
||||
# autostart = true;
|
||||
# # Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
# address = ["10.2.0.2/32"];
|
||||
|
||||
# # The port that WireGuard listens to. Must be accessible by the client.
|
||||
# listenPort = 51820;
|
||||
|
||||
# dns = ["10.2.0.1"];
|
||||
# # Path to the private key file.
|
||||
# #
|
||||
# # Note: The private key can also be included inline via the privateKey option,
|
||||
# # but this makes the private key world-readable; thus, using privateKeyFile is
|
||||
# # recommended.
|
||||
# privateKeyFile = config.sops.secrets."protonvpn-priv-key".path;
|
||||
|
||||
# peers = [
|
||||
# # List of allowed peers.
|
||||
# {
|
||||
# # Feel free to give a meaning full name
|
||||
# # Public key of the peer (not a file path).
|
||||
# publicKey = "/i7jCNpcqVBUkY07gVlILN4nFdvZHmxvreAOgLGoZGg=";
|
||||
# # List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
|
||||
# allowedIPs = ["0.0.0.0/0"];
|
||||
# endpoint = "146.70.86.114:51820";
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
|
||||
# wg public key for host: A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=
|
||||
# TODO: generate this dynamically based on other hosts
|
||||
wg0 = lib.mkForce {
|
||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
||||
address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
|
||||
|
||||
# The port that WireGuard listens to. Must be accessible by the client.
|
||||
listenPort = 51821;
|
||||
|
||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
||||
postUp = ''
|
||||
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
|
||||
${pkgs.iptables}/bin/ip6tables -A FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/ip6tables -t nat -A POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
# Undo the above
|
||||
preDown = ''
|
||||
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.1/24 -o eth0 -j MASQUERADE
|
||||
${pkgs.iptables}/bin/ip6tables -D FORWARD -i wg0 -j ACCEPT
|
||||
${pkgs.iptables}/bin/ip6tables -t nat -D POSTROUTING -s fdc9:281f:04d7:9ee9::1/64 -o eth0 -j MASQUERADE
|
||||
'';
|
||||
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
|
||||
peers = [
|
||||
{
|
||||
#GLaDOS public key
|
||||
publicKey = "yieF2yQptaE3jStoaGytUnN+HLxyVhFBZIUOGUNAV38=";
|
||||
allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
|
||||
}
|
||||
{
|
||||
#EDI public key
|
||||
publicKey = "i4nDZbU+a2k5C20tFJRNPVE1vhYKJwhoqGHEdeC4704=";
|
||||
allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
{
|
||||
#Shodan public key
|
||||
publicKey = "Zah2nZDaHF8jpP5AtMA5bhE7t38fMB2UHzbXAc96/jw=";
|
||||
allowedIPs = ["10.0.0.4/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
{
|
||||
#ADA public key
|
||||
publicKey = "SHu7xxRVWuqp4U4uipMoITKrFPWZATGsJevUeqBSzWo=";
|
||||
allowedIPs = ["10.0.0.5/32" "fdc9:281f:04d7:9ee9::3/128"];
|
||||
}
|
||||
#Queen public key: FVTrYM7S2Ev2rGrYrHsG2et1/SU3UjEBQH2AOen4+04=
|
||||
];
|
||||
};
|
||||
};
|
||||
nat = {
|
||||
# enable NAT
|
||||
enable = true;
|
||||
externalInterface = "end0";
|
||||
internalInterfaces = ["wg1"];
|
||||
};
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = [
|
||||
22 # SSH
|
||||
5349 # STUN tls
|
||||
5350 # STUN tls alt
|
||||
80 # http
|
||||
443 # https
|
||||
51821 # wg
|
||||
7878
|
||||
53 # dnsmasq
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
53 #dnsmasq
|
||||
];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 51820;
|
||||
to = 51822; # wg
|
||||
}
|
||||
{
|
||||
from = 49152;
|
||||
to = 49999;
|
||||
} # TURN relay
|
||||
];
|
||||
# Configure your nixpkgs instance
|
||||
config = {
|
||||
# Disable if you don't want unfree packages
|
||||
allowUnfree = true;
|
||||
};
|
||||
};
|
||||
systemd.mounts = [
|
||||
{
|
||||
enable = true;
|
||||
description = "Webdav mount point";
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
|
||||
what = "https://nextcloud.gladtherescake.eu/remote.php/dav/files/GLaDTheresCake";
|
||||
where = "/home/jellyfinmediaplayer/nextcloud";
|
||||
options = "uid=1003,gid=100,file_mode=0664,dir_mode=2775";
|
||||
type = "davfs";
|
||||
}
|
||||
sops.defaultSopsFile = ./secrets/sops.yaml;
|
||||
|
||||
sops.secrets."wireless.env".mode = "0440";
|
||||
sops.secrets."wireless.env".owner = config.users.users.root.name;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
age
|
||||
git
|
||||
htop
|
||||
];
|
||||
users = {
|
||||
users.aria2 = {
|
||||
# #uses port 8096
|
||||
# services.jellyfin.enable = true;
|
||||
# users.groups.jellyfinmediaplayer = {};
|
||||
# users.users.jellyfinmediaplayer.group = "jellyfinmediaplayer";
|
||||
# users.users.jellyfin.extraGroups = ["jellyfinmediaplayer"];
|
||||
|
||||
# # Add stremio kiosk on wayland :)
|
||||
# users.extraUsers.jellyfinmediaplayer.isNormalUser = true;
|
||||
# services.cage.user = "jellyfinmediaplayer";
|
||||
# services.cage.program = "${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer";
|
||||
# services.cage.enable = true;
|
||||
# services.cage.extraArguments = ["-f"];
|
||||
boot.kernelParams = [
|
||||
"console=ttyS0,115200n8"
|
||||
];
|
||||
|
||||
group = "aria2";
|
||||
isSystemUser = true;
|
||||
nix = {
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
# This will add each flake input as a registry
|
||||
# To make nix3 commands consistent with your flake
|
||||
registry = lib.mapAttrs (_: value: {flake = value;}) inputs;
|
||||
|
||||
# This will additionally add your inputs to the system's legacy channels
|
||||
# Making legacy nix commands consistent as well, awesome!
|
||||
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
|
||||
|
||||
settings = {
|
||||
# Enable flakes and new 'nix' command
|
||||
experimental-features = "nix-command flakes";
|
||||
# Deduplicate and optimize nix store
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
groups.aria2 = {};
|
||||
};
|
||||
|
||||
environment.systemPackages = [
|
||||
# (pkgs.kodi.withPackages (kodiPkgs:
|
||||
# with kodiPkgs; [
|
||||
# steam-controller
|
||||
# invidious
|
||||
# netflix
|
||||
# upnext
|
||||
# sponsorblock
|
||||
# sendtokodi
|
||||
# jellyfin
|
||||
# ]))
|
||||
pkgs.iptables
|
||||
];
|
||||
networking.wireless.enable = true;
|
||||
networking.wireless.environmentFile = config.sops.secrets."wireless.env".path;
|
||||
networking.wireless.networks."KPNAA6306" = {
|
||||
hidden = true;
|
||||
auth = ''
|
||||
key_mgmt=WPA-PSK
|
||||
password="@PSK_HOME@"
|
||||
'';
|
||||
};
|
||||
|
||||
system.stateVersion = "25.05";
|
||||
nixpkgs.hostPlatform = lib.mkForce "aarch64-linux";
|
||||
networking.firewall.enable = true;
|
||||
|
||||
networking.firewall = {
|
||||
allowedTCPPorts = [22 80 443 5335 8080];
|
||||
allowedUDPPorts = [5335];
|
||||
};
|
||||
# Set your time zone.
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.git = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
home-manager = {
|
||||
extraSpecialArgs = {inherit inputs outputs;};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../../home-manager/hosts/wheatley;
|
||||
};
|
||||
};
|
||||
|
||||
networking.hostName = "wheatley"; # Define your hostname
|
||||
|
||||
networking.wireless.interfaces = ["enu1u1"];
|
||||
|
||||
# powerManagement.cpuFreqGovernor = "powersave";
|
||||
powerManagement.cpufreq.max = 648000;
|
||||
|
||||
# This value determines the NixOS release with which your system is to be
|
||||
# compatible, in order to avoid breaking some software such as database
|
||||
# servers. You should change this only after NixOS release notes say you
|
||||
# should.
|
||||
system.stateVersion = "unstable"; # Did you read the comment?
|
||||
}
|
||||
|
|
|
@ -10,26 +10,40 @@
|
|||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci"];
|
||||
boot.initrd.availableKernelModules = ["usbhid"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
boot.supportedFilesystems = lib.mkForce ["btrfs" "cifs" "f2fs" "jfs" "ntfs" "reiserfs" "vfat" "xfs"];
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/swapfile";
|
||||
size = 16 * 1024;
|
||||
}
|
||||
];
|
||||
fileSystems = {
|
||||
# Prior to 19.09, the boot partition was hosted on the smaller first partition
|
||||
# Starting with 19.09, the /boot folder is on the main bigger partition.
|
||||
# The following is to be used only with older images. Note such old images should not be considered supported anymore whatsoever, but if you installed back then, this might be needed
|
||||
|
||||
# "/boot" = {
|
||||
# device = "/dev/disk/by-label/FIRMWARE";
|
||||
# fsType = "vfat";
|
||||
# };
|
||||
|
||||
"/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [{device = "/dev/disk/by-uuid/b299ad0d-37a0-43d6-9647-5f717aca7b3";}];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enu1u1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ip6tnl0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.sit0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
|
||||
nixpkgs.hostPlatform = lib.mkDefault "armv7l-linux";
|
||||
|
||||
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
|
||||
}
|
||||
|
|
|
@ -1,10 +1,5 @@
|
|||
wireless.env: ENC[AES256_GCM,data:a5sUW0Lc4GRd9aUJwHbmQvzvRB8WaRjMSQ==,iv:+3ncL38E3aqbejoCzzeBtMukLk4n/AQBJELlqhXDqSA=,tag:buY9Mp10DAEEEKqSyHwB3g==,type:str]
|
||||
lillian-password: ENC[AES256_GCM,data:GY7WyfLRc/q4fecnazWzfoZsruN/F0ar7mJ9RaqTHSb9K6xhEmifmJeqpR5xGIJYW6MYciCsZ9YmRsJbuSHTIlo9PrCTYBGvXg==,iv:bzml3abPox3RdvtKBQiBAcVXHUdGAn0ETMsDpBtT8T0=,tag:2iaBJ4hFFBUbonslTvQH5Q==,type:str]
|
||||
protonvpn-priv-key: ENC[AES256_GCM,data:s4LAq1Rqm+jGaK3OKcjIBCQYXPs3oEuTKJMAM+gFxIpZdwcJCIU7uyoCy6c=,iv:zoWv5u0xgJHldwdRGRv3bXI1kasaWQz1YD7wt0J890I=,tag:cFXnayZRq13UqP+XWuHnWw==,type:str]
|
||||
rpcSecret: ENC[AES256_GCM,data:3tCZk2csB/ofxPc6,iv:NwT6k1hh73moH6eErT23/Dvwgb1wP/qIuoxXnCgNSao=,tag:nh0mFsh9I4R1baCL1oH+AA==,type:str]
|
||||
webdav-secret: ENC[AES256_GCM,data:SDFyHaE+HprkguOmDfnzwQ/n5OYgbTpxcVl4FGiLcsItefbSDOIQg5l01fqVB8zv+rRGlPcyRrIn7KTPrTpBx7X4RNHfFK4FKKvAANt6z0e5pu1+wnoObWxTShCFjfFoRCLkoh/j/CmLFyFIafrI7rzZUhs=,iv:stygLmNVWXkZL5A0J83CKPefRr7TqXeygQVLszr28eY=,tag:9hss2c77JELSASnwUyAF4w==,type:str]
|
||||
wg-private-key: ENC[AES256_GCM,data:5WGAAst0qVqn1siX3snkAhsSDhZaS33XHT44BfViWLZqvzw+OhPB/jkSr4U=,iv:yXfN50SM3OWdycINB8iWXtvCSS01NBTrGBs1kxd1j0M=,tag:yhjDY1AM5aQ6DFeFEjo2Mw==,type:str]
|
||||
ssh-private-key: ENC[AES256_GCM,data:zbCR/+REHSN4BIQIXSOQjSRKYWhaXutdn4AE2zxmN44qHPzMI98c7/aX2KFhHOL+vKpgyhhR6JAGVTF5Jk72lmIHwDvwvwx+gLXgpZH1KEK3nTUdwUVcqBDsVB4Na5rTsHMWmRH+NxV7n+3nSQo/Byi0Jb602IPXRNREL+0toCbHon27/o2uIy4uzbsEWZu6N2hadzQCtXmHJM2dqmbKvpADt04TQ4wAcZ6wB0538g5WdtOSU6T1xcBBSDU7MNEVP7e7dUPKJWK79cI+RrzpGIh/da7cM6exSBRas711oL6woH4Hi3G6Yjd1rPxBPt1+/qq45gm/4UvjQywn/1s7BInCe9/5vJLn3TEzuUd96CsT36vEsxMeOekXf50Ntu6Xr02bnFRwUBm76BVGAggwGf/khRNJuLw0xHsCdeKzHsPD0efe5mHTJw8mB3M6vDhO6e3g6E3uRjjBaDnrPuHuD4NE1kCjQTTJh3NbuT2Ab55lhpSOEK+f0Ik2qZgKzALvJhn+MILjXSfP/hXgiwBeP4dkTY3fOcpmnPyS,iv:ojh2hzVzJFy1kvvo/WvaIpMpGT+b9aSC+L8L0iwhF1o=,tag:bHOj/fxDn/qUmp1eijLPuw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -20,8 +15,8 @@ sops:
|
|||
Vm9mWk5JRGtZNVVhN1JQWTBlb2kySkEKoLI1MzS3uGNUbyn7kI5DylKZiPtc1div
|
||||
bKIboWoobTfDt0EURfmZ5+JrX6DlZxRyNQyl9dsKmZT6pLdaIppStA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-12-22T22:37:02Z"
|
||||
mac: ENC[AES256_GCM,data:T31z1/pngI6Wa3HMyOxS5ofb2Y5YqK0v5m96mn7n5dQ0d992ooEpoNyE7r8qHsD+tXiHvLIybWUMiMlDLI7Gq8op9GLEYYnFNDfc24k7lQPPuQK/iraJFUQwiRBbK063Rmfa6q6S3P2YN58+oxUJUiKuAy4yUIJTNaHeCCH8HMc=,iv:uLbAtSNbUcsejWdE1oBvCQVOtuaHL7A3R0sT/ispjhU=,tag:t3D7h0B0dDDZ18qo8G8wiA==,type:str]
|
||||
lastmodified: "2024-02-22T11:57:45Z"
|
||||
mac: ENC[AES256_GCM,data:V9vscu55woZjJGFV3aDgdHKqmIopYw6cajdOHG1/45Qel6l5YJkt8VyLMzYlUOlFGatXBlfTB7VC9zhhaY4lduww2XLrARcTk61BT+GSHp5sawND+RIDghY6CJBuoPUbtsfmmlmg+J2DljBlSbrcVmvfjMV12Ql6Zb8PEPM9K68=,iv:TFrDt1XpuIFLUyDN6+8n+0OypBkr1OrZOmXWvnY9ApI=,tag:EfsFhToEGFCZJSXh0WBrIw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.2
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: let
|
||||
# You'll need to edit these values
|
||||
|
@ -34,8 +35,7 @@ in {
|
|||
|
||||
# This causes NixOS to use the flake defined in this repository instead of
|
||||
# the build of Conduit built into nixpkgs.
|
||||
# package = inputs.conduwuit.packages.${pkgs.system}.default;
|
||||
package = pkgs.conduwuit;
|
||||
package = inputs.conduwuit.packages.${pkgs.system}.default;
|
||||
|
||||
settings.global = {
|
||||
inherit server_name;
|
||||
|
|
|
@ -7,14 +7,13 @@
|
|||
sops.secrets."nextcloudadmin".owner = config.users.users.nextcloud.name;
|
||||
sops.secrets."nextclouddb".mode = "0440";
|
||||
sops.secrets."nextclouddb".owner = config.users.users.nextcloud.name;
|
||||
# sops.secrets."local.json".mode = "0440";
|
||||
# sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
|
||||
sops.secrets."local.json".mode = "0440";
|
||||
sops.secrets."local.json".owner = config.users.users.onlyoffice.name;
|
||||
|
||||
users.users = {
|
||||
# nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
|
||||
nextcloud.extraGroups = [config.users.groups.keys.name];
|
||||
nextcloud.extraGroups = [config.users.groups.keys.name config.users.users.onlyoffice.name];
|
||||
#aria2.extraGroups = ["nextcloud"];
|
||||
# onlyoffice.extraGroups = [config.users.users.nextcloud.name];
|
||||
onlyoffice.extraGroups = [config.users.users.nextcloud.name];
|
||||
};
|
||||
|
||||
# Enable Nginx
|
||||
|
@ -91,15 +90,15 @@
|
|||
};
|
||||
};
|
||||
|
||||
# services.onlyoffice = {
|
||||
# port = 16783;
|
||||
# enable = true;
|
||||
# hostname = "onlyoffice.gladtherescake.eu";
|
||||
# #postgresHost = "/run/postgesql";
|
||||
# #postgresUser = "onlyoffice";
|
||||
# #postgresName = "onlyoffice";
|
||||
# #jwtSecretFile = config.sops.secrets."local.json".path;
|
||||
# };
|
||||
services.onlyoffice = {
|
||||
port = 16783;
|
||||
enable = true;
|
||||
hostname = "onlyoffice.gladtherescake.eu";
|
||||
#postgresHost = "/run/postgesql";
|
||||
#postgresUser = "onlyoffice";
|
||||
#postgresName = "onlyoffice";
|
||||
#jwtSecretFile = config.sops.secrets."local.json".path;
|
||||
};
|
||||
|
||||
services.rabbitmq = {
|
||||
enable = true;
|
||||
|
|
Binary file not shown.
Before Width: | Height: | Size: 158 KiB |
|
@ -1,6 +1,5 @@
|
|||
{
|
||||
inputs,
|
||||
outputs,
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
|
@ -9,24 +8,9 @@
|
|||
imports = [
|
||||
./locale
|
||||
./packages
|
||||
inputs.home-manager.nixosModules.home-manager
|
||||
#../hosts/${config.networking.hostName}/hardware-configuration.nix
|
||||
];
|
||||
sops = {
|
||||
age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
secrets."lillian-password".neededForUsers = true;
|
||||
|
||||
defaultSopsFile = ../hosts/${config.networking.hostName}/secrets/sops.yaml;
|
||||
|
||||
secrets."wg-private-key".mode = "0440";
|
||||
secrets."wg-private-key".owner = config.users.users.root.name;
|
||||
|
||||
secrets."ssh-private-key" = {
|
||||
mode = "0600";
|
||||
owner = config.users.users.lillian.name;
|
||||
path = "/home/lillian/.ssh/id_ed25519";
|
||||
};
|
||||
};
|
||||
sops.age.keyFile = ../../../../../../var/secrets/keys.txt;
|
||||
sops.secrets."lillian-password".neededForUsers = true;
|
||||
|
||||
#TODO: remove this when unneeded for freetube
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
|
@ -57,136 +41,46 @@
|
|||
"https://nix-community.cachix.org"
|
||||
"https://nixpkgs-unfree.cachix.org"
|
||||
"https://0uptime.cachix.org"
|
||||
"https://attic.kennel.juneis.dog/conduit"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
"nixpkgs-unfree.cachix.org-1:hqvoInulhbV4nJ9yJOEr+4wxhDV4xq2d1DK7S6Nj6rs="
|
||||
"0uptime.cachix.org-1:ctw8yknBLg9cZBdqss+5krAem0sHYdISkw/IFdRbYdE="
|
||||
"conduit:eEKoUwlQGDdYmAI/Q/0slVlegqh/QmAvQd7HBSm21Wk="
|
||||
];
|
||||
};
|
||||
};
|
||||
catppuccin = {
|
||||
flavor = "macchiato";
|
||||
enable = true;
|
||||
plymouth.enable = false;
|
||||
grub.enable = false;
|
||||
};
|
||||
|
||||
# console.catppuccin.enable = true;
|
||||
catppuccin.flavor = "macchiato";
|
||||
catppuccin.enable = true;
|
||||
|
||||
console.catppuccin.enable = true;
|
||||
|
||||
home-manager.backupFileExtension = "backup";
|
||||
|
||||
users.users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
};
|
||||
|
||||
programs.zsh = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
stylix = {
|
||||
enable = true;
|
||||
autoEnable = true;
|
||||
base16Scheme = {
|
||||
scheme = "Catppuccin Macchiato";
|
||||
author = "https://github.com/catppuccin/catppuccin";
|
||||
base00 = "24273a";
|
||||
base01 = "1e2030";
|
||||
base02 = "363a4f";
|
||||
base03 = "494d64";
|
||||
base04 = "5b6078";
|
||||
base05 = "cad3f5";
|
||||
base06 = "f4dbd6";
|
||||
base07 = "b7bdf8";
|
||||
base08 = "ed8796";
|
||||
base09 = "f5a97f";
|
||||
base0A = "eed49f";
|
||||
base0B = "a6da95";
|
||||
base0C = "8bd5ca";
|
||||
base0D = "8aadf4";
|
||||
base0E = "c6a0f6";
|
||||
base0F = "f0c6c6";
|
||||
};
|
||||
image = ./background.jpg;
|
||||
cursor.package = pkgs.catppuccin-cursors.macchiatoMauve;
|
||||
cursor.name = "catppuccin-macchiato-mauve-cursors";
|
||||
homeManagerIntegration.followSystem = true;
|
||||
fonts = {
|
||||
serif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Serif";
|
||||
};
|
||||
|
||||
monospace = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Sans Mono";
|
||||
};
|
||||
|
||||
sansSerif = {
|
||||
package = pkgs.dejavu_fonts;
|
||||
name = "DejaVu Sans";
|
||||
};
|
||||
|
||||
emoji = {
|
||||
package = pkgs.noto-fonts-emoji-blob-bin;
|
||||
name = "Blobmoji";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fonts.packages = [
|
||||
pkgs.dejavu_fonts
|
||||
pkgs.noto-fonts
|
||||
pkgs.nerd-fonts.fira-mono
|
||||
];
|
||||
|
||||
networking = {
|
||||
wireguard.enable = true;
|
||||
|
||||
wg-quick.interfaces = {
|
||||
wg0 = {
|
||||
autostart = true;
|
||||
address = ["10.0.0.${config.services.vpn-ip.ip}/24" "fdc9:281f:04d7:9ee9::${config.services.vpn-ip.ip}/64"];
|
||||
dns = ["10.0.0.1" "fdc9:281f:04d7:9ee9::1"];
|
||||
listenPort = 51821;
|
||||
privateKeyFile = config.sops.secrets."wg-private-key".path;
|
||||
peers = [
|
||||
{
|
||||
publicKey = "A02sO7uLdgflhPIRd0cbJONIaPP4z8HTxDkmX4NegFg=";
|
||||
endpoint = "84.87.146.85:51821";
|
||||
allowedIPs = ["0.0.0.0/0" "::/0"];
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Enable completion of system packages by zsh
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
home-manager = {
|
||||
backupFileExtension = "backup";
|
||||
extraSpecialArgs = {
|
||||
inputs = inputs;
|
||||
outputs = outputs;
|
||||
};
|
||||
users = {
|
||||
# Import your home-manager configuration
|
||||
lillian = import ../../home-manager/hosts/${config.networking.hostName};
|
||||
};
|
||||
};
|
||||
users.mutableUsers = false;
|
||||
|
||||
users = {
|
||||
users.lillian = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["sudo" "networkmanager" "wheel" "vboxsf" "docker"];
|
||||
shell = pkgs.zsh;
|
||||
hashedPasswordFile = config.sops.secrets."lillian-password".path;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhwA+ZdP2tEBYQNdzLHZzFHxocyeqzhXI6tFpaZA3PZ lillian@EDI"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH30G2PJOnI6jnAtxOQV0SpLFUva0adarLZLvaoZvjGE lillian@GLaDOS"
|
||||
];
|
||||
};
|
||||
mutableUsers = false;
|
||||
|
||||
users.root = {
|
||||
hashedPassword = "*";
|
||||
};
|
||||
users.users.root = {
|
||||
hashedPassword = "*";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,7 +30,6 @@
|
|||
e2fsprogs
|
||||
git
|
||||
git-filter-repo
|
||||
pre-commit
|
||||
helix
|
||||
home-manager
|
||||
htop
|
||||
|
@ -50,24 +49,24 @@
|
|||
# Can be used to install latest version of some packages
|
||||
]);
|
||||
|
||||
# fonts = {
|
||||
# packages = with pkgs; [
|
||||
# noto-fonts-emoji-blob-bin
|
||||
# cantarell-fonts
|
||||
# dejavu_fonts
|
||||
# fira-code
|
||||
# noto-fonts
|
||||
# noto-fonts-cjk-sans
|
||||
# noto-fonts-cjk-serif
|
||||
# paratype-pt-sans
|
||||
# paratype-pt-mono
|
||||
# paratype-pt-serif
|
||||
# roboto
|
||||
# twemoji-color-font
|
||||
# font-awesome
|
||||
# atkinson-hyperlegible
|
||||
# fira-code-nerdfont
|
||||
# ];
|
||||
# enableDefaultPackages = false;
|
||||
# };
|
||||
fonts = {
|
||||
packages = with pkgs; [
|
||||
noto-fonts-emoji-blob-bin
|
||||
cantarell-fonts
|
||||
dejavu_fonts
|
||||
fira-code
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-cjk-serif
|
||||
paratype-pt-sans
|
||||
paratype-pt-mono
|
||||
paratype-pt-serif
|
||||
roboto
|
||||
twemoji-color-font
|
||||
font-awesome
|
||||
atkinson-hyperlegible
|
||||
fira-code-nerdfont
|
||||
];
|
||||
enableDefaultPackages = false;
|
||||
};
|
||||
}
|
||||
|
|
1
pkgs/simple-completion-language-server/result
Symbolic link
1
pkgs/simple-completion-language-server/result
Symbolic link
|
@ -0,0 +1 @@
|
|||
/nix/store/3l0wgxsvf5sz2q9sgyj0blc1ivzg808b-simple-completion-language-server-ff9f90bc96c347f284571bc6310bc31f95508d55
|
Loading…
Reference in a new issue