jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:1e605c6e589a9fd212bfff480b6523d508d62b48
Branches Tags
jordan:master jordan:niri jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:helios-disko
Branches Tags
jordan:master jordan:niri jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

1 Commits
1e605c6e58 ... helios-dis

Author SHA1 Message Date
Jordan Holt
2cbacf93b6 hosts/helios: add initial disko config 2025-08-23 21:39:28 +01:00
104 changed files with 772 additions and 2371 deletions
Expand all files Collapse all files

4
README.md
View File

@@ -5,9 +5,9 @@ System and user configuration for NixOS-based systems.
| | | | | |
|-|-| |-|-|
| **Shell:** | zsh | | **Shell:** | zsh |
| **WM:** | Hyprland | | **DE:** | GNOME |
| **Theme:** | Adwaita | | **Theme:** | Adwaita |
| **Terminal:** | kitty | | **Terminal:** | Ghostty |
## Provisioning a new host ## Provisioning a new host

742
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

25
flake.nix
View File

@@ -30,7 +30,7 @@
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.11"; url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -60,37 +60,28 @@
flake = false; flake = false;
}; };
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-mailserver = { nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11"; url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "nixpkgs/nixos-25.11"; nixpkgs.url = "nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# nixpkgs-master.url = "nixpkgs"; # nixpkgs-master.url = "nixpkgs";
nixvim = { nixvim = {
url = "github:nix-community/nixvim/nixos-25.11"; url = "github:nix-community/nixvim/nixos-25.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-topology = { nix-topology = {
url = "github:oddlama/nix-topology"; url = "github:oddlama/nix-topology";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; inputs.pre-commit-hooks.follows = "pre-commit-hooks";
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
}; };
pre-commit-hooks = { pre-commit-hooks = {
@@ -122,10 +113,10 @@
}: }:
flake-parts.lib.mkFlake { inherit inputs; } { flake-parts.lib.mkFlake { inherit inputs; } {
imports = [ imports = [
inputs.agenix-rekey.flakeModule
inputs.pre-commit-hooks.flakeModule inputs.pre-commit-hooks.flakeModule
inputs.nix-topology.flakeModule inputs.nix-topology.flakeModule
inputs.treefmt-nix.flakeModule inputs.treefmt-nix.flakeModule
./nix/agenix-rekey.nix
./nix/devshell.nix ./nix/devshell.nix
./nix/hosts.nix ./nix/hosts.nix
]; ];
@@ -145,7 +136,7 @@
perSystem = perSystem =
{ pkgs, ... }: { pkgs, ... }:
{ {
formatter = pkgs.nixfmt; formatter = pkgs.nixfmt-rfc-style;
legacyPackages = pkgs.lib.packagesFromDirectoryRecursive { legacyPackages = pkgs.lib.packagesFromDirectoryRecursive {
callPackage = pkgs.callPackage; callPackage = pkgs.callPackage;
@@ -177,7 +168,7 @@
no-lambda-arg = true; no-lambda-arg = true;
}; };
mdformat.enable = true; mdformat.enable = true;
nixfmt.enable = true; nixfmt-rfc-style.enable = true;
shellcheck.enable = true; shellcheck.enable = true;
}; };
}; };

7
hosts/artemis/default.nix
View File

@@ -23,13 +23,8 @@ in
nixpkgs = { nixpkgs = {
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
config.permittedInsecurePackages = [
"qtwebengine-5.15.19"
];
}; };
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot.loader = { boot.loader = {
systemd-boot = { systemd-boot = {
enable = true; enable = true;
@@ -105,7 +100,7 @@ in
}; };
desktop = { desktop = {
gnome.enable = lib.mkForce false; gnome.enable = lib.mkForce false;
hyprland.enable = false; hyprland.enable = true;
}; };
}; };
}; };

3
hosts/artemis/hardware-configuration.nix
View File

@@ -68,9 +68,8 @@ in
"amdgpu.sched_hw_submission=4" "amdgpu.sched_hw_submission=4"
"audit=0" "audit=0"
]; ];
kernelPackages = pkgs.linuxPackages_6_18; kernelPackages = pkgs.linuxPackages_6_15;
supportedFilesystems = [ "ntfs" ]; supportedFilesystems = [ "ntfs" ];
zfs.package = pkgs.zfs_2_4;
}; };
hardware = { hardware = {

1
hosts/artemis/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDXJmnp4LUE9AFjGHwvxAu4m/3PB2uYQ69F7wYv7cGGT

2
hosts/atlas/default.nix
View File

@@ -9,8 +9,6 @@
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

1
hosts/atlas/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPddvpZeCUelUGsnFvx87WOqKKc+MGPU6+rx6s1ReWQl

18
hosts/common.nix
View File

@@ -6,34 +6,25 @@
}: }:
{ {
imports = [ imports = [
inputs.agenix.nixosModules.default inputs.agenix.nixosModules.age
inputs.agenix-rekey.nixosModules.default
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
../modules/nixos ../modules/nixos
../modules/nixos/impermanence.nix ../modules/nixos/impermanence.nix
]; ];
age.rekey = {
masterIdentities = [ ../secrets/yubikey-nix-primary.pub ];
storageMode = "local";
generatedSecretsDir = inputs.self.outPath + "/secrets/generated/${config.networking.hostName}";
localStorageDir = inputs.self.outPath + "/secrets/rekeyed/${config.networking.hostName}";
};
nixpkgs = { nixpkgs = {
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ overlays = [
inputs.agenix.overlays.default inputs.agenix.overlays.default
inputs.niri.overlays.niri (import ../overlays/default.nix)
(final: prev: { (final: prev: {
unstable = import inputs.nixpkgs-unstable { unstable = import inputs.nixpkgs-unstable {
config = { config = {
allowUnfree = true; allowUnfree = true;
}; };
system = final.stdenv.hostPlatform.system; system = final.system;
}; };
}) })
(import ../overlays/default.nix)
]; ];
}; };
@@ -118,14 +109,13 @@
dates = "weekly"; dates = "weekly";
options = "-d --delete-older-than 7d"; options = "-d --delete-older-than 7d";
}; };
registry.unstable.flake = inputs.nixpkgs-unstable;
}; };
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
sharedModules = [ sharedModules = [
inputs.nixvim.homeModules.nixvim inputs.nixvim.homeManagerModules.nixvim
{ {
home.stateVersion = config.system.stateVersion; home.stateVersion = config.system.stateVersion;
} }

2
hosts/desktop.nix
View File

@@ -40,7 +40,7 @@
}; };
system.autoUpgrade = { system.autoUpgrade = {
enable = false; enable = true;
flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git"; flake = "git+ssh://git@git.vimium.com/jordan/nix-config.git";
randomizedDelaySec = "10min"; randomizedDelaySec = "10min";
}; };

5
hosts/helios/default.nix
View File

@@ -1,4 +1,5 @@
{ {
inputs,
pkgs, pkgs,
lib, lib,
... ...
@@ -9,15 +10,15 @@ let
in in
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix ./hardware-configuration.nix
./disko-config.nix
../desktop.nix ../desktop.nix
../../users/jordan ../../users/jordan
]; ];
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot = { boot = {
loader.grub = { loader.grub = {
enable = true; enable = true;

101
hosts/helios/disko-config.nix Normal file
View File

@@ -0,0 +1,101 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-SanDisk_Ultra_II_480GB_162224802391";
content = {
type = "gpt";
partitions = {
MBR = {
size = "1M";
type = "EF02"; # For GRUB MBR
};
boot = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
};
zpool = {
rpool = {
type = "zpool";
options = {
ashift = "12";
};
rootFsOptions = {
compression = "zstd";
acltype = "posix";
atime = "off";
xattr = "sa";
dnodesize = "auto";
mountpoint = "none";
canmount = "off";
devices = "off";
exec = "off";
setuid = "off";
};
datasets = {
"local" = {
type = "zfs_fs";
};
"local/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "noauto";
mountpoint = "/";
exec = "on";
setuid = "on";
};
postCreateHook = "zfs snapshot rpool/local/root@blank";
};
"local/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
canmount = "noauto";
mountpoint = "/nix";
exec = "on";
setuid = "on";
};
};
"local/state" = {
type = "zfs_fs";
mountpoint = "/state";
options = {
canmount = "noauto";
mountpoint = "/state";
};
};
"safe" = {
type = "zfs_fs";
};
"safe/persist" = {
type = "zfs_fs";
mountpoint = "/persist";
options = {
canmount = "noauto";
mountpoint = "/persist";
};
};
};
};
};
};
}

1
hosts/helios/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2tDij7eTDbljl6Crz4i7qrM0lgp8U2T9ZMXt7VQPT/

2
hosts/hypnos/default.nix
View File

@@ -22,8 +22,6 @@
}; };
}; };
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot.loader = { boot.loader = {
systemd-boot.enable = true; systemd-boot.enable = true;
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;

1
hosts/hypnos/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGlbvy+4QHbveFbS6r9S0JWUVHeI/MgYLyGtfpZqJ/3

34
hosts/library/ai.nix
View File

@@ -1,22 +1,19 @@
{ {
inputs,
config, config,
pkgs, pkgs,
... ...
}: }:
let
stateDir = "/var/lib/open-webui";
in
{ {
age.secrets.open-webui-env = { age.secrets."files/services/open-webui/envfile" = {
rekeyFile = ./secrets/open-webui-env.age; file = "${inputs.secrets}/files/services/open-webui/envfile.age";
}; };
services.open-webui = { services.open-webui = {
enable = true; enable = true;
package = pkgs.unstable.open-webui; package = pkgs.unstable.open-webui;
port = 8081; port = 8081;
host = "0.0.0.0";
environment = environment =
let let
clientId = "open-webui"; clientId = "open-webui";
@@ -32,33 +29,10 @@ in
OFFLINE_MODE = "True"; OFFLINE_MODE = "True";
OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration"; OPENID_PROVIDER_URL = "https://auth.vimium.com/oauth2/openid/${clientId}/.well-known/openid-configuration";
OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback"; OPENID_REDIRECT_URI = "${publicUrl}/oauth/oidc/callback";
# Fix from https://github.com/NixOS/nixpkgs/pull/431395
STATIC_DIR = "${stateDir}/static";
DATA_DIR = "${stateDir}/data";
HF_HOME = "${stateDir}/hf_home";
SENTENCE_TRANSFORMERS_HOME = "${stateDir}/transformers_home";
}; };
environmentFile = config.age.secrets.open-webui-env.path; environmentFile = config.age.secrets."files/services/open-webui/envfile".path;
}; };
# Fix from https://github.com/NixOS/nixpkgs/pull/432897
systemd.services.open-webui.preStart = ''
if [ -d "${stateDir}/data" ] && [ -n "$(ls -A "${stateDir}/data" 2>/dev/null)" ]; then
exit 0
fi
mkdir -p "${stateDir}/data"
[ -f "${stateDir}/webui.db" ] && mv "${stateDir}/webui.db" "${stateDir}/data/"
for dir in cache uploads vector_db; do
[ -d "${stateDir}/$dir" ] && mv "${stateDir}/$dir" "${stateDir}/data/"
done
exit 0
'';
modules.services.borgmatic.directories = [ modules.services.borgmatic.directories = [
"/var/lib/private/open-webui" "/var/lib/private/open-webui"
]; ];

2
hosts/library/default.nix
View File

@@ -17,8 +17,6 @@
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;

2
hosts/library/jellyfin.nix
View File

@@ -8,7 +8,7 @@
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
libva-vdpau-driver vaapiVdpau
]; ];
}; };

2
hosts/library/jellysearch.nix
View File

@@ -13,7 +13,7 @@
services.meilisearch = { services.meilisearch = {
enable = true; enable = true;
package = pkgs.meilisearch; package = pkgs.meilisearch;
masterKeyFile = config.age.secrets."files/services/meilisearch/envfile".path; masterKeyEnvironmentFile = config.age.secrets."files/services/meilisearch/envfile".path;
}; };
users.users.jellysearch = { users.users.jellysearch = {

19
hosts/library/nginx.nix
View File

@@ -33,6 +33,25 @@
''; '';
}; };
}; };
"chat.ai.vimium.com" = {
listen = [
{
addr = "127.0.0.1";
port = 8001;
}
];
locations."/" = {
proxyPass = "http://localhost:8081";
extraConfig = proxyConfig + ''
# Disable proxy buffering for better streaming response from models
proxy_buffering off;
# Increase max request size for large attachments and long audio messages
client_max_body_size 20M;
proxy_read_timeout 10m;
'';
};
};
"jellyfin.vimium.com" = { "jellyfin.vimium.com" = {
default = true; default = true;
listen = [ listen = [

10
hosts/library/secrets/open-webui-env.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA AqHsJTdBE6LT9QJK7Dek6b3zA/PaqAmma7uRdKHdQQym
KMB+yq8M+eej5pg7MHFBqzYhQhVnrPpTevDVo1RZn5Q
-> m;#M[T-grease > G>`e0C&G OS
ichBG8145Jl9vthZfVHcznJmi+c81HHZfd7UGzdfP7TR1wp9ub6IXiqK9KRe7ga7
N3osvWzwiwCI5oN0NA
--- ILq3bk5+xuZ4CV7J/rQkYBMz5wG2dHzn+G+cvEqUSRw
j
æìXÖ+âÊrýá±jÏüÃZW ¢¡p¶Âñk‡%Ç—xdC5mͧ '[ˆæwÂxáé¸ã#ÃûËO<18>Ì7<C38C>bC'8ÑÖ3÷bñ{_Ç%_êês&„žªÑ¹rrÚÁ¦ž,
5L8yCØOÅ6oîÆÙk}ˆÏ_®Üižm¾u3|Šf 5°Õ5ãêA¾Vê>¢+âúªóE=¹»è«E²ÇaE¿-ÉÔ<>^•»Q¬j…ƒš•7¯6Pì»böàE8*4ß„

1
hosts/library/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBP+SH4lzFTE29y9HfjkaO7Ino5OqEws5UXcnBFoo76C

2
hosts/mail/default.nix
View File

@@ -14,8 +14,6 @@
nixpkgs.hostPlatform = "x86_64-linux"; nixpkgs.hostPlatform = "x86_64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
networking = { networking = {
hostId = "08ac2f14"; hostId = "08ac2f14";
firewall = { firewall = {

1
hosts/mail/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGLHtC0JmFfct+lYl0EjgphutmeYY8BWDctY3+/TsO6L

1
hosts/odyssey/aws.env
View File

@@ -1 +0,0 @@
AWS_REGION=us-east-1

35
hosts/odyssey/comfyui-docker.nix
View File

@@ -1,35 +0,0 @@
{
hardware.graphics.enable32Bit = true;
hardware.nvidia-container-toolkit.enable = true;
virtualisation.docker.enable = true;
virtualisation.oci-containers = {
backend = "docker";
containers = {
comfyui = {
image = "ghcr.io/clsferguson/comfyui-docker:latest";
autoStart = true;
ports = [ "8188:8188" ];
extraOptions = [
"--device=nvidia.com/gpu=all"
"--ipc=host"
];
volumes = [
"/home/jordan/ComfyUI/user:/app/ComfyUI/user"
"/home/jordan/ComfyUI/custom_nodes:/app/ComfyUI/custom_nodes"
"/home/jordan/ComfyUI/models:/app/ComfyUI/models:rw"
"/home/jordan/ComfyUI/input:/app/ComfyUI/input:rw"
"/home/jordan/ComfyUI/output:/app/ComfyUI/output:rw"
];
environment = {
TZ = "Europe/London";
PUID = "1000";
PGID = "1000";
COMFY_AUTO_INSTALL = "1";
FORCE_SAGE_ATTENTION = "1";
};
};
};
};
}

41
hosts/odyssey/default.nix
View File

@@ -7,9 +7,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./comfyui-docker.nix
./gitea-runner.nix ./gitea-runner.nix
./home-assistant
./nix-serve.nix ./nix-serve.nix
../desktop.nix ../desktop.nix
../../users/jordan ../../users/jordan
@@ -22,8 +20,6 @@
}; };
}; };
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
boot.loader = { boot.loader = {
systemd-boot = { systemd-boot = {
enable = true; enable = true;
@@ -54,41 +50,6 @@
capSysAdmin = true; capSysAdmin = true;
}; };
environment.systemPackages = with pkgs; [
yubikey-manager
age-plugin-yubikey
];
services.udev.packages = with pkgs; [
libfido2
];
services.pcscd.enable = true;
security.acme = {
acceptTerms = true;
defaults = {
email = "hostmaster@vimium.com";
dnsProvider = "route53";
dnsResolver = "9.9.9.9";
credentialFiles = {
AWS_SHARED_CREDENTIALS_FILE = "/home/jordan/projects/vimium/infra/credentials";
};
environmentFile = ./aws.env;
};
certs = {
"vimium.com" = {
extraDomainNames = [ "*.vimium.com" ];
};
};
};
# We actually use the home-manager module to add the actual portal config,
# but need this so relevant implementations are found
environment.pathsToLink = [
"/share/xdg-desktop-portal"
];
modules = { modules = {
hardware.presonus-studio.enable = true; hardware.presonus-studio.enable = true;
services = { services = {
@@ -108,7 +69,7 @@
}; };
system.desktop = { system.desktop = {
gnome.enable = lib.mkForce false; gnome.enable = lib.mkForce false;
hyprland.enable = lib.mkForce false; hyprland.enable = true;
}; };
}; };

1
hosts/odyssey/hardware-configuration.nix
View File

@@ -44,7 +44,6 @@
powerManagement.enable = true; powerManagement.enable = true;
nvidiaSettings = false; nvidiaSettings = false;
}; };
nvidia-container-toolkit.enable = true;
}; };
powerManagement.cpuFreqGovernor = "schedutil"; powerManagement.cpuFreqGovernor = "schedutil";

63
hosts/odyssey/home-assistant/dashboards.nix
View File

@@ -1,63 +0,0 @@
{
...
}:
{
/**
*******************
- Service Dashboard for stats (energy usage, bandwidth etc.)
- Dashboard fragment per room
- Tablet in each room can display just its associated fragment
- Per user dynamic dashboard that shows the dashboard fragment for the room
you are in using Bluetooth presence detection
Rooms: [Auto, Bedroom, Kitchen, Living Room, Office]
Shared: Date/time, Guest Override action, Weather, Air quality
Bedroom:
- Temperature
- Minimal Lights action
- Individual light cards
- Sheets last changed
- Plant last watered
Kitchen:
- Temperature
- Individual light cards
- Water filter age
Living Room:
- Temperature
- Turn TV on action
* dynamic card to start Movie Mode
- Individual light cards
- Plant last watered
Office:
- Temperature
- Individual light cards
- Bandwidth usage
- Computer stats
Primary IEEE address: 00:12:4B:00:29:E8:B1:9E
Random inspiration words:
- "Temp Disable Office Motion"
- "Main Lights {Bright,Dim,Warm}"
- "Robot Vacuum"
- "Living Room TV"
- "Morning wakeup"
- "Going to sleep early"
- "Take out bins"
- "Video Conference"
- "Gaming"
- Monitor power usage to tell when something has started/stopped
- Vibration sensor for kitchen drawer
- Todo list for dinner schedule
- Air quality sensor in kitchen
- Notification to close vents when outdoor air quality is bad
- "TV Lights Lock" - don't auto dim-lights on play/pause
*********************
*/
}

1
hosts/odyssey/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJre8/cjdoUnbTu0x4ClTITcq4lq+FjpEyJBbLbOlox7

1
hosts/pi/README.md
View File

@@ -27,4 +27,3 @@ SD card | `/dev/mmcblk0` (ext4, NixOS Root)
- HDMI to ONKYO HT-R990 - HDMI to ONKYO HT-R990
- S/PDIF to ONKYO HT-R990 - S/PDIF to ONKYO HT-R990
- Ethernet to ONKYO HT-R990 - Ethernet to ONKYO HT-R990
- Ethernet to LG TV

32
hosts/pi/default.nix
View File

@@ -8,14 +8,13 @@
imports = [ imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4 inputs.nixos-hardware.nixosModules.raspberry-pi-4
./hardware-configuration.nix ./hardware-configuration.nix
./home-assistant
./snapcast.nix ./snapcast.nix
../server.nix ../server.nix
]; ];
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
hardware = { hardware = {
raspberry-pi."4" = { raspberry-pi."4" = {
apply-overlays-dtmerge.enable = true; apply-overlays-dtmerge.enable = true;
@@ -100,7 +99,7 @@
]; ];
}; };
firmware = with pkgs; [ firmware = with pkgs; [
linux-firmware firmwareLinuxNonfree
wireless-regdb wireless-regdb
]; ];
}; };
@@ -130,25 +129,14 @@
}; };
}; };
networking.interfaces = { # Connection to ONKYO HT-R990
# Connection to ONKYO HT-R990 networking.interfaces.end0 = {
end0 = { ipv4.addresses = [
ipv4.addresses = [ {
{ address = "172.16.0.1";
address = "172.16.0.1"; prefixLength = 30;
prefixLength = 30; }
} ];
];
};
# Connection to LG TV
enp1s0u2 = {
ipv4.addresses = [
{
address = "172.16.1.1";
prefixLength = 30;
}
];
};
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

5
hosts/odyssey/home-assistant/default.nix → hosts/pi/home-assistant/default.nix
View File

@@ -124,13 +124,13 @@
"folder_watcher" "folder_watcher"
"forecast_solar" "forecast_solar"
"frontend" "frontend"
# "gdacs" "gdacs"
"generic" "generic"
"generic_hygrostat" "generic_hygrostat"
"generic_thermostat" "generic_thermostat"
"geo_json_events" "geo_json_events"
"geo_location" "geo_location"
# "geo_rss_events" "geo_rss_events"
"github" "github"
"group" "group"
"hardware" "hardware"
@@ -244,7 +244,6 @@
"wake_on_lan" "wake_on_lan"
"water_heater" "water_heater"
"weather" "weather"
"webostv"
"websocket_api" "websocket_api"
"wled" "wled"
"workday" "workday"

0
hosts/odyssey/home-assistant/floorplan/default.nix → hosts/pi/home-assistant/floorplan/default.nix
View File

0
hosts/odyssey/home-assistant/floorplan/style.css → hosts/pi/home-assistant/floorplan/style.css
View File

0
hosts/odyssey/home-assistant/mqtt.nix → hosts/pi/home-assistant/mqtt.nix
View File

10
hosts/pi/snapcast.nix
View File

@@ -18,7 +18,15 @@
}; };
services.snapserver = { services.snapserver = {
enable = false; enable = true;
streams = {
default = {
type = "file";
location = "/var/lib/snapserver/test.wav";
sampleFormat = "44100:16:2";
codec = "flac";
};
};
}; };
systemd.services.snapclient = { systemd.services.snapclient = {

1
hosts/pi/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFYv5V6Lr1Er1dljwmunurIz1Q3Ce5FsFSxtUOW6aO9J

2
hosts/skycam/default.nix
View File

@@ -11,8 +11,6 @@
nixpkgs.hostPlatform = "aarch64-linux"; nixpkgs.hostPlatform = "aarch64-linux";
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
networking = { networking = {
hostId = "731d1660"; hostId = "731d1660";
firewall = { firewall = {

2
hosts/skycam/hardware-configuration.nix
View File

@@ -78,7 +78,7 @@
]; ];
}; };
firmware = with pkgs; [ firmware = with pkgs; [
linux-firmware firmwareLinuxNonfree
]; ];
}; };

1
hosts/skycam/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHv5+HwcRetBxtQZXpGbYv22S4prJu9bYCzKTSoMCl8D

4
hosts/vps1/README.md
View File

@@ -6,8 +6,8 @@ VPS hosted in OVH.
## Specs ## Specs
- CPU - 4 vCores - CPU - ??
- Memory - 4 GB - Memory - ??
### Disks ### Disks

3
hosts/vps1/default.nix
View File

@@ -12,7 +12,6 @@
./matrix.nix ./matrix.nix
./nginx.nix ./nginx.nix
./photoprism.nix ./photoprism.nix
./vaultwarden.nix
../server.nix ../server.nix
]; ];
@@ -20,8 +19,6 @@
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
}; };
age.rekey.hostPubkey = ./ssh_host_ed25519_key.pub;
networking = { networking = {
hostId = "08bf6db3"; hostId = "08bf6db3";
firewall = { firewall = {

4
hosts/vps1/headscale.nix
View File

@@ -36,7 +36,7 @@ in
{ {
name = "home.mesh.vimium.net"; name = "home.mesh.vimium.net";
type = "A"; type = "A";
value = "100.64.0.5"; value = "100.64.0.7";
} }
]; ];
magic_dns = true; magic_dns = true;
@@ -60,7 +60,7 @@ in
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}"; proxyPass = "http://localhost:${toString config.services.headscale.port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };

99
hosts/vps1/kanidm.nix
View File

@@ -6,27 +6,14 @@
let let
baseDomain = "vimium.com"; baseDomain = "vimium.com";
domain = "auth.${baseDomain}"; domain = "auth.${baseDomain}";
mkRandomSecret = {
generator.script = "alnum";
mode = "440";
group = "kanidm";
};
in in
{ {
age.secrets.kanidm-admin-password = mkRandomSecret;
age.secrets.kanidm-idm-admin-password = mkRandomSecret;
age.secrets.kanidm-oauth2-gitea = mkRandomSecret;
age.secrets.kanidm-oauth2-open-webui = mkRandomSecret;
age.secrets.kanidm-oauth2-vaultwarden = mkRandomSecret;
services.kanidm = services.kanidm =
let let
uri = "https://${domain}"; uri = "https://${domain}";
in in
{ {
package = pkgs.unstable.kanidmWithSecretProvisioning_1_7; package = pkgs.unstable.kanidm;
enableClient = true; enableClient = true;
enableServer = true; enableServer = true;
clientSettings = { clientSettings = {
@@ -41,92 +28,8 @@ in
tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem"; tls_key = "${config.security.acme.certs.${domain}.directory}/key.pem";
version = "2"; version = "2";
}; };
provision = {
enable = true;
adminPasswordFile = config.age.secrets.kanidm-admin-password.path;
idmAdminPasswordFile = config.age.secrets.kanidm-idm-admin-password.path;
persons.jordan = {
displayName = "Jordan Holt";
legalName = "Jordan Holt";
mailAddresses = [
"jordan@vimium.com"
];
groups = [
"gitea_admins"
"gitea_users"
"jellyfin_admins"
"jellyfin_users"
"open-webui_admins"
"open-webui_users"
"vaultwarden_users"
];
};
groups."gitea_admins" = { };
groups."gitea_users" = { };
systems.oauth2.gitea = {
displayName = "Gitea";
originUrl = "https://git.vimium.com/user/oauth2/Vimium/callback";
originLanding = "https://git.vimium.com/";
basicSecretFile = config.age.secrets.kanidm-oauth2-gitea.path;
scopeMaps."gitea_users" = [
"openid"
"email"
"profile"
];
allowInsecureClientDisablePkce = true;
preferShortUsername = true;
claimMaps.groups = {
joinType = "array";
valuesByGroup."gitea_admins" = [ "admin" ];
};
};
groups."jellyfin_admins" = { };
groups."jellyfin_users" = { };
groups."open-webui_admins" = { };
groups."open-webui_users" = { };
systems.oauth2.open-webui = {
displayName = "Open WebUI";
originUrl = "https://chat.ai.vimium.com/oauth/oidc/callback";
originLanding = "https://chat.ai.vimium.com/";
basicSecretFile = config.age.secrets.kanidm-oauth2-open-webui.path;
scopeMaps."open-webui_users" = [
"openid"
"email"
"profile"
];
allowInsecureClientDisablePkce = true;
claimMaps.groups = {
joinType = "array";
valuesByGroup."open-webui_admins" = [ "admin" ];
};
};
groups."vaultwarden_users" = { };
systems.oauth2.vaultwarden = {
displayName = "Vaultwarden";
originUrl = "https://vaultwarden.vimium.com/identity/connect/oidc-signin";
originLanding = "https://vaultwarden.vimium.com/";
basicSecretFile = config.age.secrets.kanidm-oauth2-vaultwarden.path;
scopeMaps."vaultwarden_users" = [
"openid"
"email"
"profile"
];
};
};
}; };
# LDAP server binds to tailscale network interface
systemd.services.kanidm = {
requires = [ "tailscaled.service" ];
after = [ "tailscaled.service" ];
serviceConfig.RestartSec = "60";
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${domain}" = { "${domain}" = {
useACMEHost = "${domain}"; useACMEHost = "${domain}";

105
hosts/vps1/matrix.nix
View File

@@ -1,5 +1,4 @@
{ {
inputs,
config, config,
lib, lib,
pkgs, pkgs,
@@ -27,69 +26,33 @@ let
}; };
matrixServerConfig."m.server" = "${matrixSubdomain}:443"; matrixServerConfig."m.server" = "${matrixSubdomain}:443";
commonBridgeSettings = bridge: { commonBridgeSettings = bridge: {
database = lib.mkIf usePostgresql { appservice = {
type = "postgres"; database = lib.mkIf usePostgresql {
uri = "postgresql:///${bridge}?host=/run/postgresql"; type = "postgres";
uri = "postgresql:///${bridge}?host=/run/postgresql";
};
}; };
bridge = { bridge = {
encryption = {
allow = true;
default = true;
require = true;
};
permissions = { permissions = {
"${serverName}" = "user"; "${serverName}" = "user";
"@jordan:${serverName}" = "admin"; "@jordan:${serverName}" = "admin";
}; };
}; provisioning = {
encryption = { shared_secret = "disable";
allow = true; };
default = true;
require = true;
};
provisioning = {
shared_secret = "disable";
}; };
homeserver = { homeserver = {
address = "https://${matrixSubdomain}"; address = "https://${matrixSubdomain}";
domain = serverName; domain = serverName;
}; };
double_puppet.secrets = {
"${serverName}" = "as_token:$MAUTRIX_DOUBLEPUPPET_TOKEN";
};
}; };
proxyConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
in in
{ {
# Backport new options from https://github.com/NixOS/nixpkgs/pull/446155
disabledModules = [
"services/matrix/mautrix-whatsapp.nix"
];
imports = [
(inputs.nixpkgs-unstable + /nixos/modules/services/matrix/mautrix-whatsapp.nix)
];
age.secrets = {
mautrix-doublepuppet-registration = {
rekeyFile = ./secrets/mautrix-doublepuppet-registration.age;
mode = "0440";
group = "matrix-synapse";
};
mautrix-signal-env = {
rekeyFile = ./secrets/mautrix-signal-env.age;
mode = "0440";
group = "mautrix-signal";
};
mautrix-whatsapp-env = {
rekeyFile = ./secrets/mautrix-whatsapp-env.age;
mode = "0440";
group = "mautrix-whatsapp";
};
};
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
8448 # Matrix federation 8448 # Matrix federation
]; ];
@@ -136,16 +99,19 @@ in
]; ];
locations = { locations = {
"/" = { "/" = {
proxyPass = "http://127.0.0.1:8008"; proxyPass = "http://localhost:8008";
extraConfig = proxyConfig; extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
'';
}; };
"/_matrix" = { "/_matrix" = {
proxyPass = "http://127.0.0.1:8008"; proxyPass = "http://localhost:8008";
extraConfig = proxyConfig + '' extraConfig = ''
proxy_set_header X-Forwarded-For $remote_addr;
client_max_body_size 50M; client_max_body_size 50M;
''; '';
}; };
"/_synapse/client".proxyPass = "http://127.0.0.1:8008"; "/_synapse/client".proxyPass = "http://localhost:8008";
}; };
}; };
"${serverName}" = "${serverName}" =
@@ -196,9 +162,6 @@ in
enable = true; enable = true;
enableRegistrationScript = true; enableRegistrationScript = true;
settings = { settings = {
app_service_config_files = [
config.age.secrets.mautrix-doublepuppet-registration.path
];
database.name = (if usePostgresql then "psycopg2" else "sqlite3"); database.name = (if usePostgresql then "psycopg2" else "sqlite3");
enable_metrics = false; enable_metrics = false;
enable_registration = false; enable_registration = false;
@@ -235,33 +198,23 @@ in
services.mautrix-signal = lib.mkIf bridges.signal { services.mautrix-signal = lib.mkIf bridges.signal {
enable = true; enable = true;
environmentFile = config.age.secrets.mautrix-signal-env.path; settings = commonBridgeSettings "mautrix-signal";
settings = lib.recursiveUpdate {
encryption = {
pickle_key = "$MAUTRIX_SIGNAL_ENCRYPTION_PICKLE_KEY";
};
} (commonBridgeSettings "mautrix-signal");
}; };
services.mautrix-whatsapp = lib.mkIf bridges.whatsapp { services.mautrix-whatsapp = lib.mkIf bridges.whatsapp {
enable = true; enable = true;
environmentFile = config.age.secrets.mautrix-whatsapp-env.path; settings = {
settings = lib.recursiveUpdate { bridge = {
backfill = {
enabled = true;
max_initial_messags = 50;
};
encryption = {
pickle_key = "$MAUTRIX_WHATSAPP_ENCRYPTION_PICKLE_KEY";
};
network = {
mute_status_broadcast = true;
history_sync = { history_sync = {
backfill = true;
max_initial_conversations = -1; max_initial_conversations = -1;
message_count = 50;
request_full_sync = true; request_full_sync = true;
}; };
mute_bridging = true;
}; };
} (commonBridgeSettings "mautrix-whatsapp"); }
// commonBridgeSettings "mautrix-whatsapp";
}; };
environment.persistence."/persist".directories = [ environment.persistence."/persist".directories = [

49
hosts/vps1/nginx.nix
View File

@@ -17,7 +17,7 @@ let
add_header Expect-CT max-age=30 always; add_header Expect-CT max-age=30 always;
add_header Referrer-Policy strict-origin-when-cross-origin always; add_header Referrer-Policy strict-origin-when-cross-origin always;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
add_header Vimium-Responding-Instance edge-lhr-a0 always; add_header Vimium-Responding-Instance $hostname;
add_header X-XSS-Protection "1; mode=block" always; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options nosniff always; add_header X-Content-Type-Options nosniff always;
''; '';
@@ -82,33 +82,14 @@ in
maxSize = "100m"; maxSize = "100m";
}; };
}; };
proxyResolveWhileRunning = true;
resolver.addresses = [ "100.100.100.100" ];
upstreams = {
jellyfin.servers = {
"library.mesh.vimium.net:8096" = {
fail_timeout = "30s";
};
};
open-webui.servers = {
"library.mesh.vimium.net:8081" = {
fail_timeout = "30s";
};
};
skycam.servers = {
"skycam.mesh.vimium.net:1984" = {
fail_timeout = "30s";
};
};
};
virtualHosts = { virtualHosts = {
## Proxied sites ## Static sites
"chat.ai.vimium.com" = { "chat.ai.vimium.com" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = { locations."/" = {
proxyPass = "http://open-webui"; proxyPass = "http://localhost:8001";
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
@@ -133,7 +114,7 @@ in
enableACME = true; enableACME = true;
extraConfig = nginxErrorPages + nginxEdgeHeaders; extraConfig = nginxErrorPages + nginxEdgeHeaders;
locations."/" = { locations."/" = {
proxyPass = "http://jellyfin"; proxyPass = "http://localhost:8000";
extraConfig = '' extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
@@ -148,12 +129,7 @@ in
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
''; '';
}; };
locations."/metrics" = {
return = "404";
};
}; };
## Static sites
"jdholt.com" = { "jdholt.com" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@@ -164,8 +140,11 @@ in
}; };
locations."/skycam/snapshot.jpg" = { locations."/skycam/snapshot.jpg" = {
extraConfig = '' extraConfig = ''
set $args ""; set $backend "skycam.mesh.vimium.net:1984";
proxy_pass http://skycam/api/frame.jpeg?src=rpicam;
resolver 100.100.100.100;
proxy_pass http://$backend/api/frame.jpeg?src=rpicam;
proxy_cache skycam_cache; proxy_cache skycam_cache;
proxy_cache_valid any 10s; proxy_cache_valid any 10s;
proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_ignore_headers Cache-Control Expires Set-Cookie;
@@ -185,6 +164,15 @@ in
root = "/var/www/pki.vimium.com"; root = "/var/www/pki.vimium.com";
}; };
}; };
"suhailhussain.com" = {
forceSSL = true;
enableACME = true;
serverAliases = [ "www.suhailhussain.com" ];
extraConfig = nginxErrorPages + nginxEdgeHeaders + nginxStrictHeaders;
locations."/" = {
root = "/var/www/suhailhussain.com";
};
};
"vimium.com" = { "vimium.com" = {
default = true; default = true;
forceSSL = true; forceSSL = true;
@@ -202,7 +190,6 @@ in
}; };
}; };
} }
## Redirects ## Redirects
// (mkRedirect "h0lt.com" "jdholt.com") // (mkRedirect "h0lt.com" "jdholt.com")
// (mkRedirect "jordanholt.xyz" "jdholt.com") // (mkRedirect "jordanholt.xyz" "jdholt.com")

BIN
hosts/vps1/secrets/mautrix-doublepuppet-registration.age
View File

Binary file not shown.

9
hosts/vps1/secrets/mautrix-signal-env.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA AuFF7Zqic+KNiU82xDS8ItdNSnr1045DpKOyYHZgq3kE
qNK+p6I6kR2A41d/gVyCp2b3xu7g0/rCXIL22Gal3IA
-> R.kR/-r-grease 5Q54Z B.x PMjy\
3ajY8AoJzUB9fiDnHoFVSIPEfvgAk2VtJeHNOno9cxeK6uZ+Ve22pUWBN2cp+2Qz
J7J9U1zQWVSOum3dDmscAVBzf4Hw2hUBZcAnZA
--- hZ4N9mXSCS3zT9R/Axb9dWVx5Lr+mLxxXuR45oehok4
§½z󩃢âJ%ÓÍwþèðÍœŸùcÛ' “«ÀK 39¦´Ë¯ÀqªGøbX6<58>6±Ìšƒ¶p˜mG<6D>æÕá¤ãŒÄ
ꇿë`¿8

BIN
hosts/vps1/secrets/mautrix-whatsapp-env.age
View File

Binary file not shown.

8
hosts/vps1/secrets/vaultwarden-env.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA A+JTQrgN4xxrQpLhyMtfq82/26DwsudKmxyE8gx9PlJU
oZjXRvr2mza+28asKcXzSDU0em5edPpazk5dOLXrvZ8
-> )z\cT7C|-grease v>P/r|O s\(zEXaF Q ,!Y2g+NM
ZAEVPuF8OEWWNKFP+7IUrpaDydZDAFCRnj1vOdGiBf6BzgbicAAmIF4XgBQqpE5M
JoCzgjdKB1kLOQB2PWRfJ02L93/zFQXm
--- vcFS71G0ZZ1bU8dKgMmLMv5sUIi/TYjOu41EuDpJyXw
:żöźŚç÷!ä-<ˇě:”śđËrg?ŻN-i†Ş?ŤdĺZ2hÍ3ţ Ž]

1
hosts/vps1/ssh_host_ed25519_key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII9NBbTqjs709LTRgeBV306s3SI7WuQMbor195QprBFc

78
hosts/vps1/vaultwarden.nix
View File

@@ -1,78 +0,0 @@
{
config,
lib,
...
}:
let
inherit (lib)
mkForce
;
baseDomain = "vimium.com";
domain = "vaultwarden.${baseDomain}";
in
{
age.secrets.vaultwarden-env = {
rekeyFile = ./secrets/vaultwarden-env.age;
mode = "0440";
group = "vaultwarden";
};
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/cache/vaultwarden-backup";
config = {
dataFolder = mkForce "/var/lib/vaultwarden";
useSysLog = true;
webVaultEnabled = true;
rocketPort = 8222;
ssoEnabled = true;
ssoOnly = true;
ssoAuthority = "https://auth.vimium.com/oauth2/openid/vaultwarden";
ssoClientId = "vaultwarden";
signupsAllowed = false;
passwordIterations = 1000000;
invitationsAllowed = true;
invitationOrgName = "Vimium";
domain = "https://${domain}";
};
environmentFile = config.age.secrets.vaultwarden-env.path;
};
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
proxyWebsockets = true;
};
};
};
systemd.services.backup-vaultwarden.environment.DATA_FOLDER = mkForce "/var/lib/vaultwarden";
systemd.services.vaultwarden.serviceConfig = {
StateDirectory = mkForce "vaultwarden";
RestartSec = "60";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/vaultwarden";
user = "vaultwarden";
group = "vaultwarden";
mode = "0700";
}
];
environment.persistence."/state".directories = [
{
directory = config.services.vaultwarden.backupDir;
user = "vaultwarden";
group = "vaultwarden";
mode = "0700";
}
];
}

31
hosts/vps2/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
inputs,
...
}:
{
imports = [
inputs.disko.nixosModules.disko
./hardware-configuration.nix
./disko-config.nix
../server.nix
];
nixpkgs = {
hostPlatform = "x86_64-linux";
};
networking = {
hostId = "60de4af8";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
modules.services.tailscale.isExitNode = true;
system.stateVersion = "25.05";
}

55
hosts/vps2/disko-config.nix Normal file
View File

@@ -0,0 +1,55 @@
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "2M";
type = "EF02";
};
esp = {
name = "ESP";
size = "300M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

29
hosts/vps2/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,29 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
kernelModules = [ "nvme" ];
};
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
}

67
modules/nixos/impermanence.nix
View File

@@ -1,14 +1,21 @@
{ {
config, config,
pkgs,
lib, lib,
... ...
}: }:
let let
inherit (lib) inherit (lib)
attrNames
flip
isAttrs
mapAttrs
mkIf mkIf
mkMerge
mkOption
optionals optionals
types
; ;
zfsPkg = config.boot.zfs.package;
in in
{ {
boot.zfs.forceImportRoot = false; boot.zfs.forceImportRoot = false;
@@ -24,7 +31,7 @@ in
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
ExecStart = "${zfsPkg}/bin/zfs rollback -r rpool/local/root@blank"; ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
}; };
}; };
@@ -81,4 +88,60 @@ in
}; };
users.mutableUsers = !config.environment.persistence."/persist".enable; users.mutableUsers = !config.environment.persistence."/persist".enable;
# For each user that has a home-manager config, merge the locally defined
# persistence options that we defined above.
imports =
let
mkUserFiles = map (
x: { parentDirectory.mode = "700"; } // (if isAttrs x then x else { file = x; })
);
mkUserDirs = map (x: { mode = "700"; } // (if isAttrs x then x else { directory = x; }));
in
[
{
environment.persistence = mkMerge (
flip map (attrNames config.home-manager.users) (
user:
let
hmUserCfg = config.home-manager.users.${user};
in
flip mapAttrs hmUserCfg.home.persistence (
_: sourceCfg: {
users.${user} = {
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};
}
)
)
);
}
];
home-manager.sharedModules = [
{
options.home.persistence = mkOption {
description = "Additional persistence config for the given source path";
default = { };
type = types.attrsOf (
types.submodule {
options = {
files = mkOption {
description = "Additional files to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
directories = mkOption {
description = "Additional directories to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [ ];
};
};
}
);
};
}
];
} }

4
modules/nixos/podman.nix
View File

@@ -1,4 +1,5 @@
{ {
pkgs,
lib, lib,
config, config,
... ...
@@ -8,7 +9,6 @@ with lib;
let let
cfg = config.modules.podman; cfg = config.modules.podman;
zfsPkg = config.boot.zfs.package;
in in
{ {
options.modules.podman = { options.modules.podman = {
@@ -29,7 +29,7 @@ in
dates = "weekly"; dates = "weekly";
flags = [ "--all" ]; flags = [ "--all" ];
}; };
extraPackages = [ zfsPkg ]; extraPackages = [ pkgs.zfs ];
}; };
containers.storage.settings.storage = { containers.storage.settings.storage = {

1
modules/nixos/system/desktop/gnome.nix
View File

@@ -47,6 +47,7 @@ in
gnomeExtensions.dash-to-panel gnomeExtensions.dash-to-panel
gnomeExtensions.desktop-cube gnomeExtensions.desktop-cube
gnomeExtensions.easyScreenCast gnomeExtensions.easyScreenCast
gnomeExtensions.espresso
gnomeExtensions.fly-pie gnomeExtensions.fly-pie
gnomeExtensions.forge gnomeExtensions.forge
gnomeExtensions.gsconnect gnomeExtensions.gsconnect

29
nix/agenix-rekey.nix
View File

@@ -1,29 +0,0 @@
{
inputs,
...
}:
{
imports = [
inputs.agenix-rekey.flakeModule
];
perSystem =
{ config, ... }:
{
agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations;
devshells.default = {
commands = [
{
inherit (config.agenix-rekey) package;
help = "Edit, generate, and rekey secrets";
}
];
env = [
{
name = "AGENIX_REKEY_ADD_TO_GIT";
value = "true";
}
];
};
};
}

1
nix/hosts.nix
View File

@@ -54,6 +54,7 @@
"pi" "pi"
"skycam" "skycam"
"vps1" "vps1"
"vps2"
] mkDeployNode; ] mkDeployNode;
}; };
}; };

2
overlays/default.nix
View File

@@ -31,8 +31,6 @@ lib.mapAttrs (
else else
# Namespaced package sets in regular attrsets. # Namespaced package sets in regular attrsets.
prev.${name} // value prev.${name} // value
else if name == "vaultwarden" then
final.callPackage value { rustPlatform = final.unstable.rustPlatform; }
else else
final.callPackage value { } final.callPackage value { }
) pkgs ) pkgs

65
pkgs/vaultwarden/package.nix
View File

@@ -1,65 +0,0 @@
{
lib,
stdenv,
callPackage,
rustPlatform,
fetchFromGitHub,
nixosTests,
pkg-config,
openssl,
libiconv,
dbBackend ? "sqlite",
libmysqlclient,
libpq,
}:
let
webvault = callPackage ./webvault.nix { };
in
rustPlatform.buildRustPackage rec {
pname = "vaultwarden";
version = "git-" + builtins.substring 0 7 src.rev;
src = fetchFromGitHub {
owner = "dani-garcia";
repo = "vaultwarden";
rev = "a2ad1dc7c3d28834749d4b14206838d795236c27";
sha256 = "sha256-6Qmp/Uv8hdKuL9e3tPMKgNq1ZdvRQbzM65ifmS2Z3UY=";
};
cargoHash = "sha256-F7we9rurJ7srz54lsuSrdoIZpkGE+4ncW3+wjEwaD7M=";
# used for "Server Installed" version in admin panel
env.VW_VERSION = version;
nativeBuildInputs = [ pkg-config ];
buildInputs = [
openssl
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
libiconv
]
++ lib.optional (dbBackend == "mysql") libmysqlclient
++ lib.optional (dbBackend == "postgresql") libpq;
buildFeatures = dbBackend;
passthru = {
inherit webvault;
tests = nixosTests.vaultwarden;
updateScript = callPackage ./update.nix { };
};
meta = with lib; {
description = "Unofficial Bitwarden compatible server written in Rust";
homepage = "https://github.com/dani-garcia/vaultwarden";
changelog = "https://github.com/dani-garcia/vaultwarden/releases/tag/${version}";
license = licenses.agpl3Only;
maintainers = with maintainers; [
dotlambda
SuperSandro2000
];
mainProgram = "vaultwarden";
};
}

83
pkgs/vaultwarden/webvault.nix
View File

@@ -1,83 +0,0 @@
{
lib,
buildNpmPackage,
fetchFromGitHub,
nixosTests,
python3,
vaultwarden,
}:
let
version = "2025.8.0";
bw_web_builds = fetchFromGitHub {
owner = "dani-garcia";
repo = "bw_web_builds";
rev = "v${version}";
hash = "sha256-93acGKO3Fq81M1wKPvIynvkTFXPQXypcMb+c4aEtxJc=";
};
in
buildNpmPackage rec {
pname = "vaultwarden-webvault";
inherit version;
src = fetchFromGitHub {
owner = "vaultwarden";
repo = "vw_web_builds";
rev = bw_web_builds.rev;
hash = "sha256-u51EP4I+bUcTeMqfzx1gbZMxpjalt3bpK3QGp5QEpYU=";
};
npmDepsHash = "sha256-wi7ZDgGKXrtueLob5OVNKCpnzC00UW9zo8KwuoyL1Bo=";
postPatch = ''
ln -s ${bw_web_builds}/{patches,resources} ..
'';
nativeBuildInputs = [
python3
];
makeCacheWritable = true;
env = {
ELECTRON_SKIP_BINARY_DOWNLOAD = "1";
npm_config_build_from_source = "true";
};
npmRebuildFlags = [
# FIXME one of the esbuild versions fails to download @esbuild/linux-x64
"--ignore-scripts"
];
npmBuildScript = "dist:oss:selfhost";
npmBuildFlags = [
"--workspace"
"apps/web"
];
npmFlags = [ "--legacy-peer-deps" ];
installPhase = ''
runHook preInstall
mkdir -p $out/share/vaultwarden
mv apps/web/build $out/share/vaultwarden/vault
runHook postInstall
'';
passthru = {
inherit bw_web_builds;
tests = nixosTests.vaultwarden;
};
meta = with lib; {
description = "Integrates the web vault into vaultwarden";
homepage = "https://github.com/dani-garcia/bw_web_builds";
changelog = "https://github.com/dani-garcia/bw_web_builds/releases/tag/v${version}";
platforms = platforms.all;
license = licenses.gpl3Plus;
inherit (vaultwarden.meta) maintainers;
};
}

7
secrets/generated/vps1/kanidm-admin-password.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA A54fi3eKkgTq6VOnMm2ze+aHVpJ0NNsqT+w7nvYoznbM
t/dRpZzqO/mX7iHLxbvzVxdmTECkRFPA5jmYfZwbMR0
-> O_h4MVE-grease {- v~ 05B3
Clwo0RqQmOGC24XDUIA+4MfDLlWnc3SjR8Kk0Wokqf6R5QFobU4
--- loq7Xutgff/pptwqLMmjVA1uZwtDE1z6wsORzSgY80w
"¯2ÑQœ`D„ $ÐNÑÃ<å<>Ä.•Ò=5ŸÊ8%g†±E¶òl[T˜Iùy

8
secrets/generated/vps1/kanidm-idm-admin-password.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA Aul2Rho3PfWaREBYYJr5FpyV5+eQ18GY5DT1dB9QcAH8
wDHmswR1WRsqCrqRv6imy2oeo+FP3Z1kDpWvr/IzcUY
-> 4-grease x K>#G$!
WbQ2yy2Pkkn0BYBR+y0tPLCFTN6cKEYGEp4B+nagPf42XONM3Q4ewp5UJF25rAiJ
LsUecsY7dvX1n9HAz6uBwMm6Xt4
--- iPJfeOsee5HmeCB5NRHSPIywjhUrjdhsoEx9aTxbrZs
^ɽ$jFP ®ä@¦ÈÆ銿[|Òÿ«N´p2Æåà–|[ðÞI>>‡%f ©ç„Ö§´l¡W!Av`¬ß2‰¨Ù8³jVffÀJÎÛ

9
secrets/generated/vps1/kanidm-oauth2-gitea.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA A5Gj5hu1YQbUrm3IK35oDUHhnohr594lykadF+Smf+LB
grnVZatvY80rTTQR8bZphg/25aa1cKJYUGh+jYGqi7A
-> 0-grease 6#aWp kp fD7ks3KL -)qyQ
FH1L4t8VAxZIOeP6bPJV3qdaBXPXGkuroABtMs7D88WzHduNjBoETZH47zekRDVM
BAGAdcqSHuGyCp7EA4lgttN/vfA+8fAbcit/p98TTiGQbXZ4YYg
--- KB5apFUmA/vu8OLpReNzr2zeDyig5NZ8iBXdy5XDbXM
ƒ€æÔ<EFBFBD>rŧ)NäSð•8óXÒsÏÇçàGÌx<C38C>qÀ%®éν²<C2BD>ˆ¿ëéCoÚ
©S6óÀÜ<EFBFBD>³L\U˜ðÙz<ûHª\ÖaÉ;Q%Ú

8
secrets/generated/vps1/kanidm-oauth2-open-webui.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> piv-p256 a1N2XA Ah6buspw/yLQJuiyWr0t3Phy+U3HhRY2t0SofqISzHmJ
pVYmmBoqXD9l55DUIad9D/0h/vhXmeMauK+xaBpX0cM
-> M)*gn$-grease _b3%6l sH|2-zq P%h
CWIfvXf9R5QvRXzv8wv+vB8nXLk0eTxy/htCUSm2ujjw
--- 1t/2tU8qFo9C2yH3ZtsZIp8ZMNEjrecLh2HkDVnKTx4
Û\ePŽŽ,<2C>üÏtª¨V—xûý“è¤Ke´}üÆÍ\
âÛ÷`<Çÿb;y GÛë‰À

BIN
secrets/generated/vps1/kanidm-oauth2-vaultwarden.age
View File

Binary file not shown.

9
secrets/rekeyed/atlas/9f3916fc5285b691931e572afdc8ac22-open-webui-api-key.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 mV4Rog gj6NT+DEVJbKeGArVcbzNphmMXoXFmVPHlo+zWuI1Ek
Wt0saIoq6RnQR1jVLHI84JMDP0rCvc1kfjSQoSHly/4
-> t-grease <a`) :34)]ad /J) =]!RB~HB
m7JCE0PP2H9DkOdbj/dhZATaXfIoPmocKnGkYUXnjyo99nVMMy2FSmNdZyE0KGCR
eVkIGwJbH3HNimXst62gIxvSrFQ4a4IcO1Cv8UaMK9UjGfy731BRpg
--- bEP7E9Ajvw0pIWFF7+QakdFigo0B+0aa0ha9/Y/OADA
ZrÕ«ö‰0/^´2µB
oÒÀ@3±¡~qSò‰–û¥H fa ¤¨Sœ0Àˆ•Ÿr«ÑB+¿

8
secrets/rekeyed/helios/e09d8370465eb4038d032d0d84b700b1-open-webui-api-key.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 3xQa4Q 3I7Mpt3/StzFpy8/egW+PleMsKV/YFsw1lpzt0057ns
Plc2u/sza/Fga8lnCMj4rH8midPdaFP+FZ1J8+pwRP8
-> .-grease !Yk9l62 H3@'J 9Klw
2fJgCUF22ciTm8EfYemHjA1uN1jkVGLGfcTllU8m08Ya2fUPig7ZK4fNLV3ttMc4
uLthrVZFo1HKF2wQSMeDq+ITZItvxHg2NFxqkWRCJv4
--- r3Fao3CQxFocTu4+9/Nh0zcCvTYQWpmRQD112YiAIwU
[µXG¹àÞŒ¡ÑÝ€aFa K|Å' øËdOµX§ ¨éúùGÁLHÿ€©<><34>

9
secrets/rekeyed/hypnos/c12ed3579ec35228529211b0f518d0fe-open-webui-api-key.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 5PDipg Eic12F37CNvDBqlFV17aMYXTS/eFKEd8SYfOvKV2CGY
Co7whyv5vxJnlELVyIZJiNmj+hATpw1/QpK2t8CtcvE
-> >e`c+0-grease D[m[ *0=DB?=
uPUY90BUNR6Hm0F2Q0F+dXWkUOe4cLjrAvkcxaR79km0qMgJ/C7ribHeWpK3siOe
2zz5YA
--- XoQX1p09n36Cqyc0sEShbtcn4wbX68ULdGNrDzX5w04
üš»AñXÖÓÄÝf’³(ã=<3D>†ÒeÈuϘÆz@ V.ù~Ê_Ié#å<>¤#2Q;9DÅ$e­l®H<C2AE>Ã;
`5âÂ

9
secrets/rekeyed/library/0a21efefa75a30ace89a3b082e980952-open-webui-env.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 QjbOZQ uJRXV06taQiHq9Um5E2FNNYo5oZP4M1mmY3OBRK7NSk
4rcF2AJ5hsnTM1yUD37yWYtU2E7zAzHBKNVagfRgVGQ
-> z[Ud1L%*-grease ]j 7_ ?+5
pVP4JA8o5o5kWHoxuttfOdd2GLhCiANBrdbNXWhe7fMZy74Gsj0IX7caHcL/rNkM
p/DF/V4Y5QUvgQ5y7F95tc36uvNzmcsKaKauk3yIdzp6+9nuu+hQ6Qbvr0liWkuR
0pQB
--- LeXXxszTuVoj2OE6m3yPEQe6hsQAFZkhPVXpspa40vo
.GËî®7m¨­m=Æ2vªúùɼ®[÷ÿá.ο'ro­ù¢9kõNy½TúuB¢èlnkJ]¶=N^3 QJà:7]YëþG¬ ˆ€¿tš€¿cNÑSžvÕ×wÿw`fT¤¸¸Ýö—«ÍX¯ÈÊý4ï`èoí<6F>(—ÇKê^”ÅI3ógPð”7²r`V<*êí9ïya ¼PÒJ<C392>Þ ¬ä©<C3A4>‡Ñ³éi6ÃT¯þ>Þnâ"QzƒÅ`š…ù|èÌ;冼¸Í¾™Ïý)‡>Ü<> ÿßòEâ1ªˆNKJ‡ejªI<C2AA>

8
secrets/rekeyed/odyssey/c8231a45d0bb912d87bc291481a583cd-open-webui-api-key.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 jqV4bA 9vHES4DslQIplaJN4M+TnWzQxPwO0WOWnusIQxrQqh8
oLran53jiS0hjirGdMD/akpaNCNvKY5M0+i/6ky5HNM
-> 2ZC`)9-grease W G
ZW4ghYvlO1xs0GHJldTD1ZdM+wXYQ4dNdZsg81dTE7VxIona+puaHU9MBq/v2+Sg
qmqbacPFykJqeBG/uhJHYHgjbuHT8c0gTvWH3RCIQEPq
--- fS6Rtw7zUkvtwfx1/GIHT40nzsmh5Nfj7/SG9svMXAQ
käE8ÙÏ<EFBFBD>Eƒrhé”@ìZ•U9ën¡teiŸËW6YèbjCÄ•·PÍ.rÝÁË­<C2AD>÷Ìæ>

10
secrets/rekeyed/vps1/297ecb1d48e44e0f309958a6b43f58d4-mautrix-doublepuppet-registration.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA LfDvF0kXFmP4yGPz9A5uov9DbRfMeLniWQhgnYE3ZA0
9GkGo/twG1cfOHZgRGAmAcfQlrgQ86QvgehbkleKyz0
-> GEv|{-grease c)B+5+, \v$ piek
hwIw75OzOhfdScMKrNZ5i+WWh5zcfMryQXdbz81yUkEjWm9P4UVOYee+zz4/PU+t
6nEKEqvPf6RwBOzAlzx72Yi0l+onxh1CHOWRlfU
--- dkZlSoaBUqLnMu25ocR0VwgPr190ZOmcMdxQ3KApFS0
ƒþ<Ù²õŒ}M9Gdhœú³0[ù¹ú¡²¯Ì®È¼ažjÅg–…¨:JÀ»Æ$:^èä€OÓeêø@÷žoé‡1
¤r]I>†tü?°XãQٕى¡„A¯r)ab §’”Ü$8e“ˆ<E2809C>½f¥Å<C2A5>zÍ7ÓÜÁlf)Õ|jl“%öâ
v-òá!ª‘•(ÕÙ.qR…ÚÙ*yŽÁ¿¿XªÙµ

BIN
secrets/rekeyed/vps1/3c5deb9c71bac734f22226832529aa8c-kanidm-oauth2-gitea.age
View File

Binary file not shown.

BIN
secrets/rekeyed/vps1/4cbaed0c22d9da1e2cb1a12dea1953f4-mautrix-signal-env.age
View File

Binary file not shown.

8
secrets/rekeyed/vps1/6a6726d70ccca930f798a32691ce17eb-mautrix-whatsapp-env.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA ZQWnreUg4ob9RmEKNrdJKWGRCC1k0HWc8op8ycG5uXU
U6SEQWo1DoLxclnhkXJy3D93nuijiD4kk9qjMk61Yis
-> b(/|-grease
CUalICYuF4P5Ipe5C6gdrw
--- OmIGQ6VJYZcCIkTPapXNIMJswGczS/1bp8A+AeAj0yU
¡MÜlànYKÝG·^\Žõêèk(—ZØþ•˜·Z$-=(<28>¢å¨·ÅßHú¤Õ=4ŸÌÙ#ƒYÑ7òø‡tnÝ<6E>gØp>`ÄÈE©B$ Â÷0Œ<30>¥ž8BWOá°Ù<C2B0>) (ŸüU®"Ͻî54U²Gþ‰oÈ¥?¯ðu§Aôâ
z`¥d3Ij`†Ò€¬SK¤Û} $ì×ã®<03>8%Ž·Á—ë9ÈÙÀ÷½?1tZ¤Av´+ê¢Jœ”Ï<E2809D>Z¥u˜lsôkJ+-Îhœµ

7
secrets/rekeyed/vps1/80ea265ad53ef54ed48c4e1d842774b1-kanidm-admin-password.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA OQXbnkBzK8DL7wJkbHWo/XUlLQHjBEVu1xMzmhB78Xc
vGcN1v+YxXidGs7Z3hvZypklIZVF1/J6DZpx8JId/hw
-> mfI^2]-grease ,
2C8Bs6nnhfatjdqc/Wc
--- tuwRBOHiF0e6lgo4bK4Ui+bjjuTf5uZJgDJnpqf1seU
½J´\gù;ü†èòV ½·qFNq[7ÏålŒ¯ðÅf¢˜°w æã<C3A6>¯•<C2AF>i|RDLóR#œÀ%u-A1š£–âþ=€A†ÿöºW„c

10
secrets/rekeyed/vps1/87759af7d4ddc9e7d805487478d2f53e-vaultwarden-env.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA Tyyx5kyLTN9MI+Bc66Rh7RbQ+qZF0S5Y2HCTvUFRqBo
lzPjwPDXjg8ioc4XAJewTDdzXN5QO3BeGbTVxGW1B0U
-> *-grease >|vs MPFf.c. nm=m ^
OHDKbCO9uIoRv9Ar2kbIENz1NLY8iUlzmV07SouSJcxNWyEAqsVzxAkLsIeQKYn5
XbtjLv88wHhf2w
--- 7kHTJevOeZdsk2v9qP1V7wL4/Qz8wmFgoQiPMcx56WU
ÀLòÖȼamèüé°w½B]Ðý
¦ÔmÁÚ¾Ú<EFBFBD>ÌåOdøL%ÐPó¿IÎÐ'•X·<koÞ>OFÏj¥8ÿÇ8[€(Á¢CàlTd ¦HÖ[9ýÐ …§$AÊl¦Pf¹}äÁjCo]`ÏÙÊÁ nÝ¢õjw*ÔY <iùMOç¨Dš×À[!T#¼§È•X<E280A2>Ù¿KëXà-ƒè×{fÃ$%«<>¤g­T}<7D>Ók•R1ºQ?þƒ?Ù­Q¾®h­eÍà||zï—Xe‡rD3\';° jFÙþËhY
¨øRùH1 ÄRê±/*w 3Ç·Y"¼{§îLNÙs"«ˆÖ7Bô

8
secrets/rekeyed/vps1/a8f9724475694d2a470fc175c5a6d38e-kanidm-idm-admin-password.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA XbDvpING9Qe/x3sNWrqn2vqEw2SvgP79ApCrJTTGuiM
cOaoXvYgPH7egMF1MT4gtaMHnoHWgeKeEjkwCoOQf74
-> y''zjcK-grease J y ,CxRN3
2kaqVO6qm24DPq5fhEN+AM+hPvW3VPHKlzuMy8SLeW/3um8bXNmFdxwzfkDoFSf3
viYrDFmlY7+RTFt6JADBs67eYlQblBgZwTo
--- NwBzcAYM5hOyvIsRVLYH8ez6gn8Z3yxmX8Tfz1hETz0
¡g­>ð@ÉýlÖægè[RÙ½„ó™€XvŽÊ9ßµ"<22>ë\ÒhÛºU…y¬ÁÚ4ÜžO¼½ =zˆÃxBé@DzIJÆåO•åÑü«M„ LH<

8
secrets/rekeyed/vps1/d4527fa57d6907c78335cdabd3e84d46-kanidm-oauth2-open-webui.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA VsJu05NEZogLfeKJ8f9PiUH9RZn2RKJ+/FYOTzUOIyY
Zd5ze/ijrlRs948f6fhCR+IN6uXpck6ejMlpyGugOfQ
-> z+o-grease +J< ey N"
uAedOA+JGje0EKhTuQJj+RDh98H6dqryAUe7nC2iF6t7wAT1NHFLWWfRqw3nNtMb
Cb0pH7hECmbW0vygVD67NusZOvleB2RHng
--- KcTuAfeh0NIBLRmtXZFlbsAAmH9Eu2KmswfZzWgaeZ8
íƒ9EœQÞªF¡`iÝÙ´oŠä~éõ/þV<*{°'A~”nÕ ôø'@œKý¿<øxǽ'AJMFN®ûÁ#»$CÜŠ=$ZH¼AØ

7
secrets/rekeyed/vps1/fca01dd09f0ae4a1ffdc7a24a884ae5a-kanidm-oauth2-vaultwarden.age
View File

@@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 lOyIlA lN4CAdRzmrQqTaI75QwSyhPF34tXWvnyT3EF+wYp5H0
z9b9Rm/zk4PHrw35EeLtx4Gyp6Nlv55SWM/OxuuqOcA
-> CJNg-grease ^p}Pf r@D 94/&
eM0eWh2/4FSBoFvqSvVI
--- y0Tsd45+A1Q8XwnUee6RZJPkYiazusnxYkmBeHqru0E
W`.)"<22>(¸ƒÖYs·²ãóûrœ¡²0Ê“ ƒŸrÇgY‰‡»6®P=;[YÞì±bŒR¿ð6WvÑèÇ ¿÷Æsö&» <C2BB>=U

7
secrets/yubikey-nix-primary.pub
View File

@@ -1,7 +0,0 @@
# Serial: 24187788, Slot: 1
# Name: YubiKey Nix Primary
# Created: Mon, 25 Aug 2025 21:00:00 +0000
# PIN policy: Once (A PIN is required once per session, if set)
# Touch policy: Cached (A physical touch is required for decryption, and is cached for 15 seconds)
# Recipient: age1yubikey1qwwyem3502gqenzet20xdpjnuhhv2cezvzk590jdta9wqkw48p8gj7n4x96
AGE-PLUGIN-YUBIKEY-13SFHZQVZDDFHVHQGGYPC3

20
users/guest/common/optional/graphical/jellyfin.nix
View File

@@ -1,20 +0,0 @@
{
pkgs,
...
}:
{
home.packages = with pkgs; [
gamescope
jellyfin-media-player
];
home.persistence."/state".directories = [
".cache/jellyfin.org"
];
home.persistence."/persist".directories = [
".config/jellyfin.org"
".local/share/jellyfinmediaplayer"
".local/share/Jellyfin Media Player"
];
}

25
users/guest/common/optional/graphical/steam.nix
View File

@@ -8,10 +8,23 @@
steam steam
]; ];
home.persistence."/persist".directories = [ systemd.user.services.steam-big-picture = {
".config/gamescope" Unit = {
".local/share/Steam" Description = "Steam Big Picture in Gamescope";
".local/share/vulkan" After = [
".steam" "graphical.target"
]; "default.target"
];
};
Service = {
ExecStart = ''
${pkgs.gamescope}/bin/gamescope --rt --backend drm --steam -- \
${pkgs.steam}/bin/steam -pipewire-dmabuf -tenfoot
'';
Restart = "always";
};
Install = {
WantedBy = [ "default.target" ];
};
};
} }

135
users/guest/default.nix
View File

@@ -22,13 +22,11 @@ in
]; ];
group = "users"; group = "users";
isNormalUser = true; isNormalUser = true;
password = "";
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
home-manager.users.${name} = { home-manager.users.${name} = {
imports = [ imports = [
./common/optional/graphical/jellyfin.nix
./common/optional/graphical/steam.nix ./common/optional/graphical/steam.nix
{ {
home.persistence."/state" = { home.persistence."/state" = {
@@ -38,7 +36,11 @@ in
}; };
home.persistence."/persist" = { home.persistence."/persist" = {
directories = [ directories = [
".config/gamescope"
".local/share/icons" ".local/share/icons"
".local/share/Steam"
".local/share/vulkan"
".steam"
]; ];
}; };
} }
@@ -46,140 +48,17 @@ in
++ optional (builtins.pathExists hostFile) hostFile; ++ optional (builtins.pathExists hostFile) hostFile;
home = { home = {
packages = with pkgs; [
adwaita-fonts
];
username = name; username = name;
sessionVariables = {
ZDOTDIR = "~/.config/zsh";
};
pointerCursor = {
enable = true;
size = 64;
name = "macOS";
package = pkgs.apple-cursor;
gtk.enable = true;
x11.enable = true;
};
};
fonts.fontconfig.enable = true;
programs.firefox = {
enable = true;
profiles.Default = {
search = {
default = "ddg";
privateDefault = "ddg";
force = true;
};
settings = {
"layout.css.devPixelsPerPx" = 1.5;
};
};
};
programs.zsh = {
enable = true;
enableCompletion = true;
}; };
xdg.enable = true; xdg.enable = true;
}; };
services.displayManager = { services.getty = {
enable = true; autologinOnce = true;
sessionPackages = autologinUser = "guest";
let
firefoxDesktopFile = pkgs.writeTextFile {
name = "firefox-desktop-entry";
destination = "/share/wayland-sessions/firefox.desktop";
text = ''
[Desktop Entry]
Name=Firefox
Comment=Desktop session for web browsing
Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm --expose-wayland -W 3840 -H 2160 -- MOZ_ENABLE_WAYLAND=1 ${pkgs.firefox}/bin/firefox https://www.youtube.com/
Type=Application
'';
};
jellyfinDesktopFile = pkgs.writeTextFile {
name = "jellyfin-desktop-entry";
destination = "/share/wayland-sessions/jellyfin.desktop";
text = ''
[Desktop Entry]
Name=Jellyfin
Comment=Desktop session for music, movies, and TV
Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm -W 3840 -H 2160 -- ${pkgs.jellyfin-media-player}/bin/jellyfinmediaplayer --scale-factor 2 --tv --fullscreen
Type=Application
'';
};
steamDesktopFile = pkgs.writeTextFile {
name = "steam-desktop-entry";
destination = "/share/wayland-sessions/steam.desktop";
text = ''
[Desktop Entry]
Name=Steam
Comment=Desktop session for gaming
Exec=${pkgs.gamescope}/bin/gamescope --rt --backend drm --steam -- ${pkgs.steam}/bin/steam -pipewire-dmabuf -tenfoot
Type=Application
'';
};
firefoxSession = pkgs.symlinkJoin {
name = "firefox-session";
paths = [ firefoxDesktopFile ];
passthru.providedSessions = [ "firefox" ];
};
jellyfinSession = pkgs.symlinkJoin {
name = "jellyfin-session";
paths = [ jellyfinDesktopFile ];
passthru.providedSessions = [ "jellyfin" ];
};
steamSession = pkgs.symlinkJoin {
name = "steam-session";
paths = [ steamDesktopFile ];
passthru.providedSessions = [ "steam" ];
};
in
[
firefoxSession
jellyfinSession
steamSession
];
}; };
services.greetd =
let
desktops = config.services.displayManager.sessionData.desktops;
in
{
enable = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --sessions ${desktops}/share/xsessions:${desktops}/share/wayland-sessions";
};
};
};
# security.pam.services = {
# greetd.text = ''
# auth requisite pam_nologin.so
# auth sufficient pam_succeed_if.so user = ${name} quiet_success
# auth required pam_unix.so
#
# account sufficient pam_unix.so
#
# password required pam_deny.so
#
# session optional pam_keyinit.so revoke
# session include login
# '';
# };
# Workaround: https://github.com/nix-community/home-manager/issues/7166 # Workaround: https://github.com/nix-community/home-manager/issues/7166
systemd.services."home-manager-${name}".serviceConfig = { systemd.services."home-manager-${name}".serviceConfig = {
RemainAfterExit = "yes"; RemainAfterExit = "yes";

6
users/jordan/artemis.nix
View File

@@ -12,9 +12,9 @@
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
# jellyfin-media-player jellyfin-media-player
unstable.lutris lutris
pcsx2 unstable.pcsx2
xemu xemu
]; ];
} }

2
users/jordan/atlas.nix
View File

@@ -10,7 +10,7 @@
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
# jellyfin-media-player jellyfin-media-player
qbittorrent qbittorrent
]; ];
} }

28
users/jordan/common/git.nix
View File

@@ -5,21 +5,12 @@
{ {
programs.git = { programs.git = {
enable = true; enable = true;
settings = { aliases = {
aliases = { amend = "commit --amend";
amend = "commit --amend"; lg = "log --color --graph --abbrev-commit --";
lg = "log --color --graph --abbrev-commit --"; ls = "ls-files";
ls = "ls-files"; unadd = "reset HEAD";
unadd = "reset HEAD"; undo-commit = "reset --soft \"HEAD^\"";
undo-commit = "reset --soft \"HEAD^\"";
};
user = {
email = "jordan@vimium.com";
name = "Jordan Holt";
};
rebase.autosquash = true;
push.default = "current";
pull.rebase = true;
}; };
ignores = [ ignores = [
".Trash-*" ".Trash-*"
@@ -36,9 +27,16 @@
"[._]*.un~" "[._]*.un~"
"cmake-build-*/" "cmake-build-*/"
]; ];
userEmail = "jordan@vimium.com";
userName = "Jordan Holt";
signing = { signing = {
key = "B8CFFF61F1CCF520"; key = "B8CFFF61F1CCF520";
signByDefault = true; signByDefault = true;
}; };
extraConfig = {
rebase.autosquash = true;
push.default = "current";
pull.rebase = true;
};
}; };
} }

1
users/jordan/common/gpg.nix
View File

@@ -9,6 +9,7 @@
services.gpg-agent = { services.gpg-agent = {
enable = true; enable = true;
enableSshSupport = true;
}; };
home.persistence."/persist".directories = [ home.persistence."/persist".directories = [

144
users/jordan/common/neovim.nix
View File

@@ -1,5 +1,4 @@
{ {
osConfig,
... ...
}: }:
@@ -11,17 +10,6 @@
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
extraConfigLua = ''
if vim.g.neovide then
vim.g.neovide_opacity = 0.8
vim.g.neovide_normal_opacity = 0.8
-- vim.g.neovide_cursor_vfx_mode = "pixiedust"
vim.g.neovide_floating_blur_amount_x = 2.0
vim.g.neovide_floating_blur_amount_y = 2.0
vim.g.neovide_floating_corner_radius = 0.2
end
'';
opts = { opts = {
number = true; number = true;
tabstop = 2; tabstop = 2;
@@ -46,88 +34,14 @@
providers.wl-copy.enable = true; providers.wl-copy.enable = true;
}; };
colorschemes.onedark = {
enable = true;
settings = {
style = "darker";
transparent = true;
};
};
plugins.cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
};
};
};
plugins.codecompanion = {
enable = true;
settings = {
adapters = {
http.opts.show_defaults = false;
http.openwebui.__raw = ''
function()
return require("codecompanion.adapters").extend("openai_compatible", {
name = "openwebui",
formatted_name = "Open WebUI",
opts = {
stream = true,
tools = true,
vision = false,
},
url = "''${url}''${chat_endpoint}",
env = {
api_key = "cmd:cat ${osConfig.age.secrets.open-webui-api-key.path}",
url = "https://chat.ai.vimium.com",
chat_endpoint = "/api/chat/completions",
models_endpoint = "/api/models",
},
headers = {
["Content-Type"] = "application/json",
Authorization = "Bearer ''${api_key}",
},
schema = {
model = {
default = "openai/gpt-5-chat",
},
},
})
end
'';
};
strategies = {
chat = {
adapter = "openwebui";
};
inline = {
adapter = "openwebui";
};
cmd = {
adapter = "openwebui";
};
};
};
};
plugins.comment.enable = true; plugins.comment.enable = true;
plugins.hmts.enable = true; plugins.hmts.enable = true;
plugins.lightline.enable = true; plugins.lightline.enable = true;
plugins.luasnip.enable = true;
plugins.lsp = { plugins.lsp = {
enable = true; enable = true;
servers = { servers = {
@@ -149,10 +63,25 @@
}; };
}; };
plugins.luasnip.enable = true;
plugins.nvim-autopairs.enable = true; plugins.nvim-autopairs.enable = true;
plugins.cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
};
};
};
plugins.telescope = { plugins.telescope = {
enable = true; enable = true;
keymaps = { keymaps = {
@@ -176,9 +105,9 @@
plugins.treesitter-refactor = { plugins.treesitter-refactor = {
enable = true; enable = true;
settings.highlight_definitions = { highlightDefinitions = {
enable = true; enable = true;
clear_on_cursor_move = false; clearOnCursorMove = false;
}; };
}; };
@@ -186,41 +115,18 @@
plugins.vim-surround.enable = true; plugins.vim-surround.enable = true;
plugins.visual-multi.enable = true;
plugins.web-devicons.enable = true; plugins.web-devicons.enable = true;
plugins.yazi.enable = true;
plugins.zen-mode.enable = true;
# plugins.actions-preview.enable = true;
# plugins.aerial.enable = true;
# plugins.arrow.enable = true;
# plugins.blink.enable = true;
# plugins.bufferline.enable = true;
# plugins.fidget.enable = true;
# plugins.flash.enable = true;
# plugins.fugitive.enable = true;
# plugins.fzf-lua.enable = true;
# plugins.gitsigns.enable = true; # plugins.gitsigns.enable = true;
# plugins.gitgutter.enable = true; # plugins.gitgutter.enable = true;
# plugins.glance.enable = true; # plugins.goyo.enable = true;
# plugins.hop.enable = true; # plugins.fugitive.enable = true;
# plugins.improved-search.enable = true; # plugins.fzf-lua.enable = true;
# plugins.goto-preview.enable = true;
# plugins.kulala.enable = true;
# plugins.neo-tree.enable = true; # plugins.neo-tree.enable = true;
# plugins.none-ls.enable = true; # plugins.none-ls.enable = true;
# plugins.nvim-dap.enable = true; # plugins.nvim-tree.enable = true;
# plugins.nvim-dbee.enable = true;
# plugins.nvim-neoclip.enable = true;
# plugins.oil.enable = true; # plugins.oil.enable = true;
# plugins.persisted.enable = true;
# plugins.precognition.enable = true;
# plugins.project-nvim.enable = true; # plugins.project-nvim.enable = true;
# plugins.tardis.enable = true;
# plugins.typescript-tools.enable = true;
}; };
home.sessionVariables.EDITOR = "nvim"; home.sessionVariables.EDITOR = "nvim";

69
users/jordan/common/optional/graphical/firefox.nix
View File

@@ -8,39 +8,6 @@
programs.firefox = { programs.firefox = {
enable = true; enable = true;
policies = {
DisableFirefoxAccounts = true;
DisableFirefoxStudies = true;
DisableTelemetry = true;
DisableFeedbackCommands = true;
DisablePocket = true;
DisableSetDesktopBackground = true;
DontCheckDefaultBrowser = true;
NoDefaultBookmarks = true;
SkipTermsOfUse = true;
GenerativeAI = {
Chatbot = false;
LinkPreviews = false;
TabGroups = false;
};
ExtensionSettings = {
"uBlock0@raymondhill.net" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
private_browsing = true;
};
};
SearchEngines = {
Default = "DuckDuckGo";
Remove = [
"Amazon.com"
"Bing"
"eBay"
"Google"
"Perplexity"
];
};
};
profiles.Default = { profiles.Default = {
search = { search = {
default = "ddg"; default = "ddg";
@@ -80,9 +47,6 @@
"browser.urlbar.suggest.calculator" = true; "browser.urlbar.suggest.calculator" = true;
"browser.urlbar.trending.featureGate" = false; "browser.urlbar.trending.featureGate" = false;
"browser.urlbar.unitConversion.enabled" = true; "browser.urlbar.unitConversion.enabled" = true;
"browser.aboutConfig.showWarning" = false;
"browser.aboutwelcome.enabled" = false;
"browser.shell.checkDefaultBrowser" = false;
"cookiebanners.service.mode" = 1; "cookiebanners.service.mode" = 1;
"cookiebanners.service.mode.privateBrowsing" = 1; "cookiebanners.service.mode.privateBrowsing" = 1;
"network.IDN_show_punycode" = true; "network.IDN_show_punycode" = true;
@@ -135,7 +99,6 @@
## Privacy ## Privacy
"dom.private-attribution.submission.enabled" = false; "dom.private-attribution.submission.enabled" = false;
# "privacy.resistFingerprinting" = true; # "privacy.resistFingerprinting" = true;
"privacy.resistFingerprinting.randomization.daily_reset.enabled" = true;
"privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false; "privacy.resistFingerprinting.autoDeclineNoUserInputCanvasPrompts" = false;
"privacy.trackingprotection.enabled" = true; "privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.pbmode.enabled" = true; "privacy.trackingprotection.pbmode.enabled" = true;
@@ -172,13 +135,6 @@
"dom.webnotifications.serviceworker.enabled" = false; "dom.webnotifications.serviceworker.enabled" = false;
"permissions.default.desktop-notification" = 2; "permissions.default.desktop-notification" = 2;
## ML
"browser.ml.enable" = false;
"browser.ml.chat.enable" = false;
"browser.ml.chat.menu" = false;
"browser.ml.linkPreview.enable" = false;
"browser.tabs.groups.smart.enabled" = false;
## DOM / JavaScript ## DOM / JavaScript
# "dom.event.clipboardevents.enabled" = false; # "dom.event.clipboardevents.enabled" = false;
"middlemouse.paste" = false; "middlemouse.paste" = false;
@@ -246,31 +202,6 @@
"plugin.state.flash" = 0; "plugin.state.flash" = 0;
"plugin.state.java" = 0; "plugin.state.java" = 0;
# Fullscreen
"full-screen-api.transition-duration.enter" = "0 0";
"full-screen-api.transition-duration.leave" = "0";
"full-screen-api.warning.timeout" = 0;
# Update management
"app.update.auto" = false;
"app.update.background.enabled" = false;
"app.update.url" = "";
# Sync
"services.sync.engine.addresses" = false;
"services.sync.engine.creditcards" = false;
"services.sync.engine.addons" = false;
"services.sync.engine.bookmarks" = false;
"services.sync.engine.history" = false;
"services.sync.engine.passwords" = false;
"services.sync.engine.prefs" = false;
"services.sync.engine.tabs" = false;
"identity.fxaccounts.enabled" = false;
# Notifications and CFR
"browser.messaging-system.whatsNewPanel.enabled" = false;
"browser.cfr.enabled" = false;
## Misc ## Misc
"browser.selfsupport.url" = ""; "browser.selfsupport.url" = "";
}; };

24
users/jordan/common/optional/graphical/hyprland/default.nix
View File

@@ -61,13 +61,13 @@ in
portalPackage = portalPackage =
inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland;
plugins = [ plugins = [
# pkgs.unstable.hyprlandPlugins.hyprbars pkgs.unstable.hyprlandPlugins.hyprbars
# pkgs.unstable.hyprlandPlugins.hypr-dynamic-cursors pkgs.unstable.hyprlandPlugins.hypr-dynamic-cursors
]; ];
settings = { settings = {
general = { general = {
gaps_in = 0; gaps_in = 5;
gaps_out = 0; gaps_out = 20;
border_size = 2; border_size = 2;
@@ -77,7 +77,7 @@ in
plugin = { plugin = {
dynamic-cursors = { dynamic-cursors = {
enabled = false; enabled = true;
mode = "none"; mode = "none";
shake = { shake = {
enabled = true; enabled = true;
@@ -85,7 +85,7 @@ in
}; };
hyprbars = { hyprbars = {
enabled = false; enabled = true;
bar_height = 20; bar_height = 20;
bar_blur = true; bar_blur = true;
}; };
@@ -115,7 +115,7 @@ in
}; };
decoration = { decoration = {
rounding = 0; rounding = 10;
active_opacity = 1.0; active_opacity = 1.0;
inactive_opacity = 1.0; inactive_opacity = 1.0;
@@ -299,15 +299,7 @@ in
enable = true; enable = true;
settings = { settings = {
background = "#000000"; background = "#000000";
background_opacity = 0.8; background_opacity = 0.7;
};
};
programs.neovide = {
enable = true;
package = pkgs.unstable.neovide;
settings = {
font.size = 16.0;
}; };
}; };

83
users/jordan/common/optional/graphical/hyprland/waybar.css
View File

@@ -3,88 +3,7 @@
} }
window#waybar { window#waybar {
background: linear-gradient( border-radius: 1em;
to bottom,
rgba(118, 118, 118, 0.78) 0%,
rgba(50, 50, 50, 0.78) 50%,
rgba(0, 0, 0, 0.74) 50%,
rgba(0, 0, 0, 0.76) 100%
);
border-top: 1px solid rgba(71, 71, 71, 0.90);
border-bottom: 1px solid rgba(0, 0, 0, 0.97);
box-shadow: inset 0px 1px 0px 0px rgba(158, 158, 158, 0.90);
text-shadow: black 0px 0px 2px;
color: white;
}
#workspaces button {
margin: 2px;
background: linear-gradient(
to bottom,
rgba(255, 255, 255, 0.35) 0%,
rgba(255, 255, 255, 0.11) 50%,
rgba(255, 255, 255, 0) 50%
);
border: 1px solid rgba(0, 0, 0, 0.37);
border-radius: 4px;
box-shadow: inset 0px 1px 0px 0px rgba(255, 255, 255, 0.25);
text-shadow: black 0px 0px 2px;
color: white;
}
#workspaces button:hover {
background:
linear-gradient(
to bottom,
rgba(255, 255, 255, 0.35) 0%,
rgba(255, 255, 255, 0.17) 50%,
rgba(255, 255, 255, 0) 50%
),
radial-gradient(
ellipse 80% 80% at 50% 110%,
rgba(44, 126, 204, 1) 0%,
rgba(44, 126, 204, 0) 80%
);
}
#workspaces button.active {
background: linear-gradient(
to bottom,
rgba(0, 0, 0, 0.40) 0%,
rgba(0, 0, 0, 0.38) 50%,
rgba(0, 0, 0, 0.55) 50%
);
box-shadow: inset 0px 1px 0px 0px rgb(0, 0, 0);
}
#workspaces button.active:hover {
background:
linear-gradient(
to bottom,
rgba(0, 0, 0, 0.40) 0%,
rgba(0, 0, 0, 0.38) 50%,
rgba(0, 0, 0, 0.55) 50%
),
radial-gradient(
ellipse 80% 80% at 50% 120%,
rgba(43, 143, 189, 1) 0%,
rgba(43, 143, 189, 0) 80%
);
}
#workspaces button.urgent {
background:
linear-gradient(
to bottom,
rgba(255, 255, 255, 0.35) 0%,
rgba(255, 255, 255, 0.11) 50%,
rgba(255, 255, 255, 0) 50%
),
radial-gradient(
ellipse 80% 80% at 50% 100%,
rgba(199, 128, 14, 1) 0%,
rgba(170, 75, 12, 0) 100%
);
} }
.modules-left { .modules-left {

3
users/jordan/common/optional/graphical/hyprland/waybar.nix
View File

@@ -8,8 +8,9 @@
settings = [ settings = [
{ {
layer = "top"; layer = "top";
position = "bottom"; position = "top";
height = 30; height = 30;
margin = "10 20 0 20";
spacing = 10; spacing = 10;
modules-left = [ modules-left = [

325
users/jordan/common/optional/graphical/niri.nix
View File

@@ -1,325 +0,0 @@
{
lib,
pkgs,
config,
inputs,
...
}:
let
inherit (lib)
getExe
;
in
{
imports = [
inputs.niri.homeModules.niri
];
services.gnome-keyring.enable = true;
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
config.niri = {
default = [
"gtk"
"gnome"
];
"org.freedesktop.impl.portal.Access" = [ "gtk" ];
"org.freedesktop.impl.portal.Notification" = [ "gtk" ];
"org.freedesktop.impl.portal.Secret" = [ "gnome-keyring" ];
"org.freedesktop.impl.portal.FileChooser" = [ "gtk" ];
"org.freedesktop.impl.portal.ScreenCast" = [ "xdg-desktop-portal-gnome" ];
"org.freedesktop.impl.portal.Screenshot" = [ "xdg-desktop-portal-gnome" ];
};
extraPortals = [
pkgs.gnome-keyring
pkgs.xdg-desktop-portal-gtk
pkgs.xdg-desktop-portal-gnome
];
};
programs.zsh.initContent = lib.mkOrder 9999 ''
if [[ -t 0 && "$(tty || true)" == /dev/tty1 && -z "$DISPLAY" && -z "$WAYLAND_DISPLAY" ]]; then
echo "Login shell detected. Starting wayland..."
niri-session
fi
'';
programs.niri = {
enable = true;
package = pkgs.niri-unstable;
settings = {
xwayland-satellite.path = getExe pkgs.xwayland-satellite-stable;
environment = {
"QT_QPA_PLATFORM" = "wayland";
"XDG_SESSION_TYPE" = "wayland";
"NIXOS_OZONE_WL" = "1";
"MOZ_ENABLE_WAYLAND" = "1";
"MOZ_WEBRENDER" = "1";
"_JAVA_AWT_WM_NONREPARENTING" = "1";
"QT_WAYLAND_DISABLE_WINDOWDECORATION" = "1";
"GDK_BACKEND" = "wayland";
"GBM_BACKEND" = "nvidia-drm";
"GSK_RENDERER" = "vulkan";
"LIBVA_DRIVER_NAME" = "nvidia";
};
input = {
keyboard = {
xkb = {
layout = "us";
options = "ctrl:nocaps";
};
repeat-delay = 235;
repeat-rate = 60;
};
touchpad = {
tap = true;
dwt = true;
dwtp = true;
natural-scroll = true;
accel-profile = "flat";
};
mouse = {
accel-speed = 0.2;
accel-profile = "flat";
};
power-key-handling.enable = false;
workspace-auto-back-and-forth = true;
};
gestures.hot-corners.enable = false;
debug.honor-xdg-activation-with-invalid-serial = true;
binds = with config.lib.niri.actions; {
"Mod+T".action = spawn "kitty";
"Mod+b".action = spawn "firefox";
"Super+Alt+L".action = spawn "systemctl suspend";
XF86AudioRaiseVolume = {
action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1+";
allow-when-locked = true;
};
XF86AudioLowerVolume = {
action = spawn "wpctl" "set-volume" "@DEFAULT_AUDIO_SINK@" "0.1-";
allow-when-locked = true;
};
XF86AudioMute = {
action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle";
allow-when-locked = true;
};
XF86AudioMicMute = {
action = spawn "wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle";
allow-when-locked = true;
};
"Mod+Q".action = close-window;
"Mod+Space".action = spawn "noctalia-shell" "ipc" "call" "launcher" "toggle";
"Mod+n".action = focus-column-left;
"Mod+left".action = focus-column-left;
"Mod+Shift+n".action = move-column-left;
"Mod+Shift+left".action = move-column-left;
"Mod+r".action = focus-window-or-workspace-down;
"Mod+down".action = focus-window-or-workspace-down;
"Mod+Shift+r".action = move-window-down;
"Mod+Shift+down".action = move-window-down;
"Mod+l".action = focus-window-or-workspace-up;
"Mod+up".action = focus-window-or-workspace-up;
"Mod+Shift+l".action = move-window-up;
"Mod+Shift+up".action = move-window-up;
"Mod+s".action = focus-column-right;
"Mod+right".action = focus-column-right;
"Mod+Shift+s".action = move-column-right;
"Mod+Shift+right".action = move-column-right;
"Mod+h".action = focus-column-first;
"Mod+Shift+h".action = consume-or-expel-window-left;
"Mod+m".action = focus-column-last;
"Mod+Shift+m".action = consume-or-expel-window-right;
"Mod+Ctrl+n".action = focus-monitor-left;
"Mod+Shift+Ctrl+n".action = move-column-to-monitor-left;
"Mod+Ctrl+r".action = focus-monitor-down;
"Mod+Shift+Ctrl+r".action = move-column-to-monitor-down;
"Mod+Ctrl+l".action = focus-monitor-up;
"Mod+Shift+Ctrl+l".action = move-column-to-monitor-up;
"Mod+Ctrl+s".action = focus-monitor-right;
"Mod+Shift+Ctrl+s".action = move-column-to-monitor-right;
"Mod+Period".action = focus-workspace-down;
"Mod+Shift+Period".action = move-column-to-workspace-down;
"Mod+Ctrl+Period".action = move-workspace-down;
"Mod+comma".action = focus-workspace-up;
"Mod+Shift+comma".action = move-column-to-workspace-up;
"Mod+Ctrl+comma".action = move-workspace-up;
"Mod+WheelScrollDown" = {
action = focus-workspace-down;
cooldown-ms = 150;
};
"Mod+WheelScrollUp" = {
action = focus-workspace-up;
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollDown" = {
action = move-column-to-workspace-down;
cooldown-ms = 150;
};
"Mod+Ctrl+WheelScrollUp" = {
action = move-column-to-workspace-up;
cooldown-ms = 150;
};
"Mod+WheelScrollRight".action = focus-column-right;
"Mod+WheelScrollLeft".action = focus-column-left;
"Mod+Ctrl+WheelScrollRight".action = move-column-right;
"Mod+Ctrl+WheelScrollLeft".action = move-column-left;
"Mod+Shift+WheelScrollDown".action = focus-column-right;
"Mod+Shift+WheelScrollUp".action = focus-column-left;
"Mod+Ctrl+Shift+WheelScrollDown".action = move-column-right;
"Mod+Ctrl+Shift+WheelScrollUp".action = move-column-left;
"Mod+V".action = maximize-column;
"Mod+Ctrl+V".action = expand-column-to-available-width;
"Mod+return".action = fullscreen-window;
"Mod+Minus".action = set-column-width "-10%";
"Mod+Shift+0".action = set-column-width "+10%";
"Mod+F".action = toggle-window-floating;
"Mod+Ctrl+F".action = switch-focus-between-floating-and-tiling;
"Mod+y".action = toggle-column-tabbed-display;
"Print".action.screenshot = { };
"Ctrl+Print".action.screenshot-screen = {
show-pointer = false;
};
"Alt+Print".action.screenshot-window = { };
"Mod+Escape" = {
action = toggle-keyboard-shortcuts-inhibit;
allow-inhibiting = false;
};
"Mod+Ctrl+Escape".action = quit;
"Mod+Shift+P".action = power-off-monitors;
};
spawn-at-startup = [
{ command = [ "firefox" ]; }
];
prefer-no-csd = true;
hotkey-overlay = {
skip-at-startup = true;
};
layout = {
gaps = 1;
center-focused-column = "never";
empty-workspace-above-first = true;
preset-column-widths = [
{ proportion = 0.33333; }
{ proportion = 0.5; }
{ proportion = 0.66667; }
];
default-column-width = {
proportion = 0.5;
};
preset-window-heights = [
{ proportion = 0.33333; }
{ proportion = 0.5; }
{ proportion = 0.66667; }
];
focus-ring = {
enable = true;
width = 2;
active.color = "#7fc8ff";
inactive.color = "#505050";
};
border = {
enable = false;
width = 2;
active.color = "#ffc87f";
inactive.color = "#505050";
};
shadow = {
softness = 30;
spread = 5;
offset = {
x = 0;
y = 5;
};
draw-behind-window = true;
color = "#00000070";
};
tab-indicator = {
hide-when-single-tab = true;
place-within-column = true;
gap = 5;
width = 4;
length = {
total-proportion = 1.0;
};
position = "right";
gaps-between-tabs = 2;
corner-radius = 8;
active.color = "red";
inactive.color = "gray";
};
insert-hint = {
display.color = "#ffc87f80";
};
};
};
};
home.packages = [
pkgs.dconf
];
home.pointerCursor = {
enable = true;
gtk.enable = true;
name = "macOS";
package = pkgs.apple-cursor;
size = 28;
};
gtk = {
enable = true;
iconTheme = {
name = "MoreWaita";
package = pkgs.unstable.morewaita-icon-theme;
};
};
fonts.fontconfig = {
enable = true;
defaultFonts = {
sansSerif = [
"Adwaita Sans"
];
emoji = [
"Apple Color Emoji"
];
};
};
programs.kitty = {
enable = true;
settings = {
background = "#000000";
background_opacity = 0.8;
};
};
services.gpg-agent.pinentry.package = pkgs.pinentry-gnome3;
}

172
users/jordan/common/optional/graphical/noctalia.nix
View File

@@ -1,172 +0,0 @@
{
inputs,
...
}:
{
imports = [
inputs.noctalia.homeModules.default
];
programs.niri.settings = {
overview.workspace-shadow.enable = false;
};
programs.noctalia-shell = {
enable = true;
systemd.enable = true;
settings = {
audio = {
cavaFrameRate = 60;
volumeOverdrive = true;
};
bar = {
density = "compact";
marginHorizontal = 0.2;
marginVertical = 0.1;
position = "bottom";
showCapsule = false;
showOutline = false;
transparent = false;
outerCorners = false;
widgets = {
center = [
{
id = "Tray";
blacklist = [ ];
colorizeIcons = false;
drawerEnabled = false;
hidePassive = false;
pinned = [ ];
}
{
id = "Workspace";
characterCount = 10;
colorizeIcons = false;
enableScrollWheel = false;
followFocusedScreen = false;
hideUnoccupied = false;
labelMode = "name";
showApplications = false;
showLabelsOnlyWhenOccupied = false;
}
];
left = [
{
id = "ControlCenter";
colorizeDistroLogo = false;
colorizeSystemIcon = "none";
customIconPath = "";
enableColorization = false;
icon = "noctalia";
useDistroLogo = true;
}
{ id = "WallpaperSelector"; }
{
id = "Spacer";
width = 20;
}
{
id = "SystemMonitor";
diskPath = "/persist";
showCpuTemp = true;
showCpuUsage = true;
showDiskUsage = true;
showGpuTemp = true;
showMemoryAsPercent = true;
showMemoryUsage = true;
showNetworkStats = true;
usePrimaryColor = false;
}
{
id = "AudioVisualizer";
colorName = "primary";
hideWhenIdle = false;
width = 200;
}
];
right = [
{
id = "MediaMini";
hideMode = "hidden";
hideWhenIdle = false;
maxWidth = 145;
scrollingMode = "hover";
showAlbumArt = false;
showArtistFirst = true;
showProgressRing = true;
showVisualizer = false;
useFixedWidth = false;
visualizerType = "linear";
}
{
id = "Spacer";
width = 20;
}
{
id = "Microphone";
displayMode = "alwaysShow";
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "Brightness";
displayMode = "alwaysShow";
}
{
id = "Spacer";
width = 20;
}
{
id = "Battery";
displayMode = "alwaysShow";
showNoctaliaPerformance = false;
showPowerProfiles = false;
warningThreshold = 20;
}
{
id = "NotificationHistory";
hideWhenZero = true;
showUnreadBadge = true;
}
{
id = "Clock";
customFont = "";
formatHorizontal = "ddd dd.MM. HH:mm:ss";
formatVertical = "HH mm - dd MM";
useCustomFont = false;
usePrimaryColor = false;
}
];
};
};
colorSchemes = {
predefinedScheme = "Ayu";
};
general = {
animationSpeed = 1.5;
radiusRatio = 0.4;
shadowDirection = "center";
shadowOffsetX = 0;
shadowOffsetY = 0;
showSessionButtonsOnLockScreen = false;
};
location = {
firstDayOfWeek = 0;
name = "Manchester, UK";
};
systemMonitor = {
enableNvidiaGpu = true;
};
ui = {
fontDefault = "Adwaita Sans";
fontFixed = "Adwaita Mono";
panelBackgroundOpacity = 1;
};
notifications.enabled = true;
dock.enabled = false;
};
};
}

8
users/jordan/common/shell.nix
View File

@@ -1,7 +1,6 @@
{ {
lib, lib,
pkgs, pkgs,
config,
... ...
}: }:
let let
@@ -20,7 +19,7 @@ in
strategy = [ "completion" ]; strategy = [ "completion" ];
}; };
defaultKeymap = "viins"; defaultKeymap = "viins";
dotDir = "${config.xdg.configHome}/zsh"; dotDir = ".config/zsh";
enableCompletion = true; enableCompletion = true;
enableVteIntegration = true; enableVteIntegration = true;
@@ -175,7 +174,6 @@ in
mcfly.enable = true; mcfly.enable = true;
navi.enable = true; navi.enable = true;
nix-index.enable = true; nix-index.enable = true;
yazi.enable = true;
}; };
home.persistence."/persist" = { home.persistence."/persist" = {
@@ -191,12 +189,10 @@ in
bat bat
btop btop
fd fd
file
jq jq
ncdu ncdu
nix-zsh-completions nix-zsh-completions
p7zip-rar nnn
ripgrep ripgrep
unzip
]; ];
} }

21
users/jordan/common/ssh.nix
View File

@@ -3,26 +3,11 @@
}: }:
{ {
services.ssh-agent.enable = true;
programs.ssh = { programs.ssh = {
enable = true; enable = true;
enableDefaultConfig = false; addKeysToAgent = "yes";
matchBlocks."*" = {
forwardAgent = false;
addKeysToAgent = "yes";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
};
services.ssh-agent = {
enable = true;
enableZshIntegration = true;
}; };
home.persistence."/state".files = [ home.persistence."/state".files = [

Some files were not shown because too many files have changed in this diff Show More