jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:24.05
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
..
compare: jordan:lunarvim
Branches Tags
jordan:master jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

3 Commits
24.05 ... lunarvim

Author SHA1 Message Date
Jordan Holt
a1d4948bb3 Add nerdfonts 2024-03-09 21:35:42 +00:00
Jordan Holt
5d21d262fa Remove unused variable 2024-03-09 21:17:54 +00:00
Jordan Holt
1926dda49d Switch to lunarvim 2024-03-03 23:17:42 +00:00
37 changed files with 176 additions and 1620 deletions
Expand all files Collapse all files

15
.gitea/workflows/check.yml
View File

@ -1,15 +0,0 @@
name: Check flake
on:
push:
branches: ['master']
jobs:
build-amd64-linux:
runs-on: nix
steps:
- uses: actions/checkout@v4
with:
ref: master
- name: Check flake
run: |
echo "Checking flake at ${{ gitea.ref }}"
nix flake check

39
README.md
View File

@ -9,47 +9,16 @@ System and user configuration for NixOS-based systems.
| **Theme:** | adwaita | | **Theme:** | adwaita |
| **Terminal:** | Console | | **Terminal:** | Console |
## Provisioning a new host ## Provisioning
> [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used > [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) is the module used for provisioning
> for provisioning
Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass). Generate a new SSH host key in "$temp/etc/ssh" as per [this guide](https://nix-community.github.io/nixos-anywhere/howtos/secrets.html#example-decrypting-an-openssh-host-key-with-pass).
```
ssh-keygen -t ed25519 -f /tmp/ssh_host_ed25519_key
```
Update [nix-secrets](/jordan/nix-secrets) with the new host key to enable the system to decrypt Then run;
any relevant secrets.
In order to use the borgmatic module for backups, go to [borgbase.com](https://borgbase.com).
Add the generated SSH host key and create a new repository for the system.
Create a new directory under `hosts/` with a system configuration and disk layout.
Boot the NixOS installer (or any Linux distribution) on the target.
Then run:
``` ```
nix run github:nix-community/nixos-anywhere -- \ nix run github:nix-community/nixos-anywhere -- \
--disk-encryption-keys /tmp/secret.key /tmp/secret.key \ --disk-encryption-keys /tmp/secret.key /tmp/secret.key \
--extra-files "$temp" \ --extra-files "$temp" \
--flake .#<hostname> \ --flake .#<hostname> \
root@<target-ip> root@<ip>
``` ```
### Post install
If backups are configured, you'll need to run:
```
borgmatic init --encryption repokey-blake2
```
then restart `borgmatic`.
To join the Tailscale network, run:
```
tailscale up --login-server https://headscale.vimium.net
```
then visit the URL, SSH onto `vps1` and run `headscale --user mesh nodes register --key <key>`.
The new node can optionally be given a friendly name with `headscale node rename -i <index> <hostname>`.

435
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1716561646, "lastModified": 1707830867,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=", "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9", "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -21,22 +21,6 @@
"type": "github" "type": "github"
} }
}, },
"blobs": {
"flake": false,
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"type": "gitlab"
}
},
"darwin": { "darwin": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -66,11 +50,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1715699772, "lastModified": 1708091384,
"narHash": "sha256-sKhqIgucN5sI/7UQgBwsonzR4fONjfMr9OcHK/vPits=", "narHash": "sha256-dTGGw2y8wvfjr+J9CjQbfdulOq72hUG17HXVNxpH1yE=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "b3ea6f333f9057b77efd9091119ba67089399ced", "rev": "0a0187794ac7f7a1e62cda3dabf8dc041f868790",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -79,28 +63,6 @@
"type": "github" "type": "github"
} }
}, },
"devshell": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1713532798,
"narHash": "sha256-wtBhsdMJA3Wa32Wtm1eeo84GejtI43pMrFrmwLXrsEc=",
"owner": "numtide",
"repo": "devshell",
"rev": "12e914740a25ea1891ec619bb53cf5e6ca922e40",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -108,11 +70,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717177033, "lastModified": 1709439398,
"narHash": "sha256-G3CZJafCO8WDy3dyA2EhpUJEmzd5gMJ2IdItAg0Hijw=", "narHash": "sha256-MW0zp3ta7SvdpjvhVCbtP20ewRwQZX2vRFn14gTc4Kg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0274af4c92531ebfba4a5bd493251a143bc51f3c", "rev": "1f76b318aa11170c8ca8c225a9b4c458a5fcbb57",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -124,11 +86,11 @@
"firefox-gnome-theme": { "firefox-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716813977, "lastModified": 1708965002,
"narHash": "sha256-8fabA8OY1n2OcJFbbE03+bMydVANSBrNGo8hkzhXxxU=", "narHash": "sha256-gIBZCPB0sA8Gagrxd8w4+y9uUkWBnXJBmq9Ur5BYTQU=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "firefox-gnome-theme", "repo": "firefox-gnome-theme",
"rev": "8171c0578feb835ce66d49edba7429f46b7ac3f6", "rev": "4e966509c180f93ba8665cd73cad8456bf44baab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -153,172 +115,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"revCount": 57,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.0.1/018afb31-abd1-7bff-a5e4-cff7e18efb7a/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715865404,
"narHash": "sha256-/GJvTdTpuDjNn84j82cU6bXztE0MSkdnTWClUCRub78=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8dc45382d5206bd292f9c2768b8058a8fd8311d9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1713493429,
"narHash": "sha256-ztz8JQkI08tjKnsTpfLqzWoKFQF4JGu2LRz8bkdnYUk=",
"owner": "srid",
"repo": "flake-root",
"rev": "bc748b93b86ee76e2032eecda33440ceb2532fcd",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_4",
"gitignore": "gitignore",
"nixpkgs": [
"nixvim",
"nixpkgs"
],
"nixpkgs-stable": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716213921,
"narHash": "sha256-xrsYFST8ij4QWaV6HEokCUNIZLjjLP1bYC60K8XiBVA=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "0e8fcc54b842ad8428c9e705cb5994eaf05c26a0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitea-github-theme": {
"flake": false,
"locked": {
"lastModified": 1715978309,
"narHash": "sha256-L9FYLtrK8Lm/wBeafb6eTRL5l2BYov6X6nJOL6rYZvY=",
"ref": "main",
"rev": "1b61f3f5cb38a1198d0a525d059a5a1905f2cfca",
"revCount": 96,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/gitea-github-theme.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/gitea-github-theme.git"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nixvim",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -347,69 +143,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1716736833, "lastModified": 1706981411,
"narHash": "sha256-rNObca6dm7Qs524O4st8VJH6pZ/Xe1gxl+Rx6mcWYo0=", "narHash": "sha256-cLbLPTL1CDmETVh4p0nQtvoF+FSEjsnJTFpTxhXywhQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a631666f5ec18271e86a5cde998cba68c33d9ac6", "rev": "652fda4ca6dafeb090943422c34ae9145787af37",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.05", "ref": "release-23.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717052710,
"narHash": "sha256-LRhOxzXmOza5SymhOgnEzA8EAQp+94kkeUYWKKpLJ/U=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "29c69d9a466e41d46fd3a7a9d0591ef9c113c2ae",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-darwin": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1716993688,
"narHash": "sha256-vo5k2wQekfeoq/2aleQkBN41dQiQHNTniZeVONWiWLs=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "c0d5b8c54d6828516c97f6be9f2d00c63a363df4",
"type": "github"
},
"original": {
"owner": "lnl7",
"repo": "nix-darwin",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1716987116, "lastModified": 1709410583,
"narHash": "sha256-uuEkErFVsFdg2K0cKbNQ9JlFSAm/xYqPr4rbPLI91Y8=", "narHash": "sha256-esOSUoQ7mblwcsSea0K17McZuwAIjoS6dq/4b83+lvw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "8251761f93d6f5b91cee45ac09edb6e382641009", "rev": "59e37017b9ed31dee303dbbd4531c594df95cfbc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -418,29 +172,6 @@
"type": "github" "type": "github"
} }
}, },
"nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_2"
},
"locked": {
"lastModified": 1714720456,
"narHash": "sha256-e0WFe1BHqX23ADpGBc4ZRu38Mg+GICCZCqyS6EWCbHc=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "41059fc548088e49e3ddb3a2b4faeb5de018e60f",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1703013332, "lastModified": 1703013332,
@ -459,11 +190,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1716948383, "lastModified": 1709237383,
"narHash": "sha256-SzDKxseEcHR5KzPXLwsemyTR/kaM9whxeiJohbL04rs=", "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ad57eef4ef0659193044870c731987a6df5cf56b", "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -490,60 +221,29 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1717144377, "lastModified": 1709309926,
"narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "805a384895c696f802a9bf5bf4720f37385df547", "rev": "79baff8812a0d68e24a836df0a364c678089e2c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"type": "indirect" "type": "indirect"
} }
}, },
"nixvim": {
"inputs": {
"devshell": "devshell",
"flake-compat": "flake-compat_3",
"flake-parts": "flake-parts",
"flake-root": "flake-root",
"git-hooks": "git-hooks",
"home-manager": "home-manager_3",
"nix-darwin": "nix-darwin",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1717188043,
"narHash": "sha256-qg8Tq7OcKtc0BS4RVUYrMZ+KofgMv6DiXOnqz7TN8CA=",
"owner": "nix-community",
"repo": "nixvim",
"rev": "1bbd58b6b293840716355e63fb3d5aa5af00d389",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixvim",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"deploy-rs": "deploy-rs", "deploy-rs": "deploy-rs",
"disko": "disko", "disko": "disko",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"gitea-github-theme": "gitea-github-theme",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixvim": "nixvim",
"secrets": "secrets", "secrets": "secrets",
"thunderbird-gnome-theme": "thunderbird-gnome-theme" "thunderbird-gnome-theme": "thunderbird-gnome-theme"
} }
@ -551,11 +251,11 @@
"secrets": { "secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716018239, "lastModified": 1709495020,
"narHash": "sha256-Ai13Sbj4DzuQSIrX2rjO0PG6PPpmvfwbCpTxX0kB7FI=", "narHash": "sha256-eiz0qUjUbdeb6m28XPY7OVnrGMZ45JiT2dZZ0Bmq2X0=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c2adb575ca3a816287c7d8f3c23cde6dfd316e6f", "rev": "d135b4d6d5f0079999188895f8b5f35e821b0d4b",
"revCount": 19, "revCount": 14,
"type": "git", "type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git" "url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
}, },
@ -594,44 +294,14 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"thunderbird-gnome-theme": { "thunderbird-gnome-theme": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1710774977, "lastModified": 1701889124,
"narHash": "sha256-nQBz2PW3YF3+RTflPzDoAcs6vH1PTozESIYUGAwvSdA=", "narHash": "sha256-K+6oh7+J6RDBFkxphY/pzf0B+q5+IY54ZMKZrFSKXlc=",
"owner": "rafaelmardojai", "owner": "rafaelmardojai",
"repo": "thunderbird-gnome-theme", "repo": "thunderbird-gnome-theme",
"rev": "65d5c03fc9172d549a3ea72fd366d544981a002b", "rev": "966e9dd54bd2ce9d36d51cd6af8c3bac7a764a68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -640,27 +310,6 @@
"type": "github" "type": "github"
} }
}, },
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1715940852,
"narHash": "sha256-wJqHMg/K6X3JGAE9YLM0LsuKrKb4XiBeVaoeMNlReZg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "2fba33a182602b9d49f0b2440513e5ee091d838b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": { "utils": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_2"
@ -678,24 +327,6 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

28
flake.nix
View File

@ -2,7 +2,7 @@
description = "NixOS system configuration"; description = "NixOS system configuration";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.05"; nixpkgs.url = "nixpkgs/nixos-23.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
# nixpkgs-master.url = "nixpkgs"; # nixpkgs-master.url = "nixpkgs";
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix";
@ -12,26 +12,14 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-24.05"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
firefox-gnome-theme = { firefox-gnome-theme = {
url = "github:rafaelmardojai/firefox-gnome-theme"; url = "github:rafaelmardojai/firefox-gnome-theme";
flake = false; flake = false;
}; };
gitea-github-theme = {
url = "git+ssh://git@git.vimium.com/jordan/gitea-github-theme.git?ref=main";
flake = false;
};
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
secrets = { secrets = {
url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git"; url = "git+ssh://git@git.vimium.com/jordan/nix-secrets.git";
flake = false; flake = false;
@ -42,7 +30,7 @@
}; };
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, nixos-mailserver, secrets, ... }: outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, agenix, deploy-rs, disko, home-manager, nixos-hardware, secrets, ... }:
let let
mkPkgsForSystem = system: inputs.nixpkgs; mkPkgsForSystem = system: inputs.nixpkgs;
overlays = [ overlays = [
@ -58,7 +46,6 @@
commonModules = [ commonModules = [
agenix.nixosModules.age agenix.nixosModules.age
disko.nixosModules.disko disko.nixosModules.disko
nixos-mailserver.nixosModule
home-manager.nixosModule home-manager.nixosModule
./modules ./modules
]; ];
@ -91,7 +78,6 @@
helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; }; helios = mkNixosSystem { system = "x86_64-linux"; name = "helios"; };
hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; }; hypnos = mkNixosSystem { system = "x86_64-linux"; name = "hypnos"; };
library = mkNixosSystem { system = "x86_64-linux"; name = "library"; }; library = mkNixosSystem { system = "x86_64-linux"; name = "library"; };
mail = mkNixosSystem { system = "x86_64-linux"; name = "mail"; };
odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; }; odyssey = mkNixosSystem { system = "x86_64-linux"; name = "odyssey"; };
pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; }; pi = mkNixosSystem { system = "aarch64-linux"; name = "pi"; extraModules = [ nixos-hardware.nixosModules.raspberry-pi-4 ]; };
vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; }; vps1 = mkNixosSystem { system = "x86_64-linux"; name = "vps1"; };
@ -108,14 +94,6 @@
autoRollback = true; autoRollback = true;
sshUser = "root"; sshUser = "root";
nodes = { nodes = {
mail = {
hostname = "mail.mesh.vimium.net";
profiles.system = {
user = "root";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mail;
};
};
vps1 = { vps1 = {
hostname = "vps1.mesh.vimium.net"; hostname = "vps1.mesh.vimium.net";

1
hosts/atlas/default.nix
View File

@ -36,6 +36,7 @@
}; };
editors = { editors = {
neovim.enable = true; neovim.enable = true;
vscode.enable = true;
}; };
security = { security = {
gpg.enable = true; gpg.enable = true;

2
hosts/common.nix
View File

@ -48,7 +48,7 @@
min-free = 128000000; min-free = 128000000;
max-free = 1000000000; max-free = 1000000000;
fallback = true; fallback = true;
trusted-users = [ "@wheel" ]; allowed-users = [ "@wheel" ];
auto-optimise-store = true; auto-optimise-store = true;
substituters = [ substituters = [
"http://odyssey.mesh.vimium.net" "http://odyssey.mesh.vimium.net"

39
hosts/desktop.nix
View File

@ -21,17 +21,7 @@
fileSystems."/mnt/library" = { fileSystems."/mnt/library" = {
device = "library.mesh.vimium.net:/mnt/library"; device = "library.mesh.vimium.net:/mnt/library";
fsType = "nfs"; fsType = "nfs";
options = [ options = [ "nfsvers=4.2" "soft" "nocto" "ro" "x-systemd.automount" "noauto" ];
"nfsvers=4.2"
"bg"
"soft"
"timeo=20"
"retry=5"
"nocto"
"ro"
"x-systemd.automount"
"noauto"
];
}; };
system.autoUpgrade = { system.autoUpgrade = {
@ -40,35 +30,8 @@
randomizedDelaySec = "10min"; randomizedDelaySec = "10min";
}; };
systemd.services.NetworkManager-wait-online.enable = false;
fonts.packages = with pkgs; [
noto-fonts
(nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "Terminus" "UbuntuMono" ]; })
];
modules = { modules = {
desktop.gnome.enable = true; desktop.gnome.enable = true;
networking.tailscale.enable = true; networking.tailscale.enable = true;
}; };
environment.systemPackages = with pkgs; [
bind
bmon
fd
ffmpeg
iotop
unstable.nix-du
# unstable.nix-melt
unstable.nix-tree
unstable.nix-visualize
ripgrep
rsync
tcpdump
tokei
tree
wl-clipboard
];
environment.sessionVariables.NIXOS_OZONE_WL = "1";
} }

102
hosts/hypnos/0001-Add-apple_set_os-EFI-boot-service.patch
View File

@ -1,102 +0,0 @@
From d310ddee0fb8e7a5a8b89668c6cb8f9dc863ce94 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 28 Apr 2024 15:59:52 +0100
Subject: [PATCH] Add apple_set_os EFI boot service
---
drivers/firmware/efi/libstub/x86-stub.c | 59 +++++++++++++++++++++++++
include/linux/efi.h | 1 +
2 files changed, 60 insertions(+)
diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c
index d5a8182cf..be722c43a 100644
--- a/drivers/firmware/efi/libstub/x86-stub.c
+++ b/drivers/firmware/efi/libstub/x86-stub.c
@@ -449,6 +449,63 @@ static void setup_graphics(struct boot_params *boot_params)
}
}
+typedef struct {
+ u64 version;
+ void (*set_os_version) (const char *os_version);
+ void (*set_os_vendor) (const char *os_vendor);
+} apple_set_os_interface_t;
+
+static efi_status_t apple_set_os()
+{
+ apple_set_os_interface_t *set_os;
+ efi_guid_t set_os_guid = APPLE_SET_OS_PROTOCOL_GUID;
+ efi_status_t status;
+ void **handles;
+ unsigned long i, nr_handles, size = 0;
+
+ status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL,
+ &set_os_guid, NULL, &size, handles);
+
+ if (status == EFI_BUFFER_TOO_SMALL) {
+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA,
+ size, &handles);
+
+ if (status != EFI_SUCCESS)
+ return status;
+
+ status = efi_bs_call(locate_handle, EFI_LOCATE_BY_PROTOCOL,
+ &set_os_guid, NULL, &size, handles);
+ }
+
+ if (status != EFI_SUCCESS)
+ goto free_handle;
+
+ nr_handles = size / sizeof(void *);
+ for (i = 0; i < nr_handles; i++) {
+ void *h = handles[i];
+
+ status = efi_bs_call(handle_protocol, h,
+ &set_os_guid, &set_os);
+
+ if (status != EFI_SUCCESS || !set_os)
+ continue;
+
+ if (set_os->version > 0) {
+ efi_bs_call((unsigned long)set_os->set_os_version,
+ "Mac OS X 10.9");
+ }
+
+ if (set_os->version >= 2) {
+ efi_bs_call((unsigned long)set_os->set_os_vendor,
+ "Apple Inc.");
+ }
+ }
+
+free_handle:
+ efi_bs_call(free_pool, uga_handle);
+
+ return status;
+}
static void __noreturn efi_exit(efi_handle_t handle, efi_status_t status)
{
@@ -951,6 +1008,8 @@ void __noreturn efi_stub_entry(efi_handle_t handle,
setup_unaccepted_memory();
+ apple_set_os();
+
status = exit_boot(boot_params, handle);
if (status != EFI_SUCCESS) {
efi_err("exit_boot() failed!\n");
diff --git a/include/linux/efi.h b/include/linux/efi.h
index d59b0947f..81158014f 100644
--- a/include/linux/efi.h
+++ b/include/linux/efi.h
@@ -385,6 +385,7 @@ void efi_native_runtime_setup(void);
#define EFI_MEMORY_ATTRIBUTES_TABLE_GUID EFI_GUID(0xdcfa911d, 0x26eb, 0x469f, 0xa2, 0x20, 0x38, 0xb7, 0xdc, 0x46, 0x12, 0x20)
#define EFI_CONSOLE_OUT_DEVICE_GUID EFI_GUID(0xd3b36f2c, 0xd551, 0x11d4, 0x9a, 0x46, 0x00, 0x90, 0x27, 0x3f, 0xc1, 0x4d)
#define APPLE_PROPERTIES_PROTOCOL_GUID EFI_GUID(0x91bd12fe, 0xf6c3, 0x44fb, 0xa5, 0xb7, 0x51, 0x22, 0xab, 0x30, 0x3a, 0xe0)
+#define APPLE_SET_OS_PROTOCOL_GUID EFI_GUID(0xc5c5da95, 0x7d5c, 0x45e6, 0xb2, 0xf1, 0x3f, 0xd5, 0x2b, 0xb1, 0x00, 0x77)
#define EFI_TCG2_PROTOCOL_GUID EFI_GUID(0x607f766c, 0x7455, 0x42be, 0x93, 0x0b, 0xe4, 0xd7, 0x6d, 0xb2, 0x72, 0x0f)
#define EFI_TCG2_FINAL_EVENTS_TABLE_GUID EFI_GUID(0x1e2ed096, 0x30e2, 0x4254, 0xbd, 0x89, 0x86, 0x3b, 0xbe, 0xf8, 0x23, 0x25)
#define EFI_LOAD_FILE_PROTOCOL_GUID EFI_GUID(0x56ec3091, 0x954c, 0x11d2, 0x8e, 0x3f, 0x00, 0xa0, 0xc9, 0x69, 0x72, 0x3b)
--
2.42.0

2
hosts/hypnos/default.nix
View File

@ -19,8 +19,6 @@
browsers = { browsers = {
firefox.enable = true; firefox.enable = true;
}; };
gnome.enable = lib.mkForce false;
kde.enable = true;
media.recording = { media.recording = {
audio.enable = true; audio.enable = true;
}; };

22
hosts/hypnos/hardware-configuration.nix
View File

@ -7,13 +7,8 @@
boot = { boot = {
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
initrd.kernelModules = [ ];
kernelModules = [ "applesmc" "kvm-intel" "wl" ]; kernelModules = [ "applesmc" "kvm-intel" "wl" ];
kernelPatches = [
{
name = "spoof-mac-os-x";
patch = ./0001-Add-apple_set_os-EFI-boot-service.patch;
}
];
extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ];
}; };
@ -23,19 +18,10 @@
hardware = { hardware = {
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
opengl = { nvidia = {
enable = true; modesetting.enable = true;
extraPackages = with pkgs; [ powerManagement.enable = true;
intel-vaapi-driver
intel-media-driver
libvdpau-va-gl
];
driSupport = true;
}; };
}; };
environment.variables = {
VDPAU_DRIVER = "va_gl";
};
} }

5
hosts/library/default.nix
View File

@ -21,6 +21,10 @@ with lib.my;
allowedTCPPorts = [ allowedTCPPorts = [
22 # SSH 22 # SSH
]; ];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
}; };
networkmanager.enable = true; networkmanager.enable = true;
}; };
@ -149,7 +153,6 @@ with lib.my;
services.jellyfin.enable = true; services.jellyfin.enable = true;
modules = { modules = {
podman.enable = true;
security = { security = {
gpg.enable = true; gpg.enable = true;
}; };

18
hosts/mail/README.md
View File

@ -1,18 +0,0 @@
# Mail server
## Overview
Mail server hosted in OVH.
## Specs
* CPU - ??
* Memory - ??
### Disks
Device | Partitions _(filesystem, usage)_
--- | ---
NVMe | `/dev/sda1` (ext4, NixOS Root)
### Networks
- DHCP on `10.0.1.0/24` subnet.
- Tailscale on `100.64.0.0/10` subnet. FQDN: `mail.mesh.vimium.net`.

49
hosts/mail/default.nix
View File

@ -1,49 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
{
imports = [
./hardware-configuration.nix
./disko-config.nix
../server.nix
];
networking = {
hostId = "08ac2f14";
domain = "mesh.vimium.net";
firewall = {
enable = true;
allowedTCPPorts = [
22 # SSH
];
};
};
users = {
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
];
};
};
};
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
modules = {
services = {
borgmatic = {
enable = true;
directories = [
"/var/dkim"
"/var/lib"
"/var/vmail"
];
repoPath = "ssh://kg2mpt28@kg2mpt28.repo.borgbase.com/./repo";
};
mail.enable = true;
};
};
system.stateVersion = "22.11";
}

55
hosts/mail/disko-config.nix
View File

@ -1,55 +0,0 @@
{ lib, ... }:
{
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "2M";
type = "EF02";
};
esp = {
name = "ESP";
size = "300M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

22
hosts/mail/hardware-configuration.nix
View File

@ -1,22 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot = {
initrd = {
availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
kernelModules = [ "nvme" ];
};
loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
tmp.cleanOnBoot = true;
};
zramSwap.enable = true;
}

25
hosts/odyssey/default.nix
View File

@ -47,16 +47,13 @@
browsers = { browsers = {
firefox.enable = true; firefox.enable = true;
}; };
gaming = { gaming.emulators = {
emulators = { gamecube.enable = true;
gamecube.enable = true; ps2.enable = true;
ps2.enable = true; ps3.enable = true;
ps3.enable = true; psp.enable = true;
psp.enable = true; wii.enable = true;
wii.enable = true; xbox.enable = true;
xbox.enable = true;
};
lutris.enable = true;
}; };
media.graphics = { media.graphics = {
modeling.enable = true; modeling.enable = true;
@ -73,6 +70,7 @@
}; };
editors = { editors = {
neovim.enable = true; neovim.enable = true;
vscode.enable = true;
}; };
hardware.presonus-studio.enable = true; hardware.presonus-studio.enable = true;
security = { security = {
@ -84,16 +82,9 @@
enable = true; enable = true;
directories = [ directories = [
"/home/jordan/Documents" "/home/jordan/Documents"
"/home/jordan/Downloads"
"/home/jordan/Music"
"/home/jordan/Pictures"
"/home/jordan/projects"
"/home/jordan/Videos"
"/home/jordan/.mozilla"
]; ];
repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo"; repoPath = "ssh://iqwu22oq@iqwu22oq.repo.borgbase.com/./repo";
}; };
gitea-runner.enable = true;
}; };
shell = { shell = {
git.enable = true; git.enable = true;

38
hosts/server.nix
View File

@ -7,17 +7,8 @@
documentation.enable = false; documentation.enable = false;
fonts.fontconfig.enable = false;
security = { security = {
acme = { acme.acceptTerms = true;
acceptTerms = true;
defaults = {
email = "hostmaster@vimium.com";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
};
};
auditd.enable = true; auditd.enable = true;
audit = { audit = {
enable = true; enable = true;
@ -27,33 +18,6 @@
}; };
}; };
systemd = {
enableEmergencyMode = false;
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
watchdog = {
runtimeTime = "20s";
rebootTime = "30s";
};
};
services.fail2ban = {
enable = true;
bantime = "1h";
bantime-increment = {
enable = true;
maxtime = "24h";
rndtime = "7m";
};
ignoreIP = [
"100.64.0.0/10"
];
};
modules.networking.tailscale = { modules.networking.tailscale = {
enable = true; enable = true;
restrictSSH = false; restrictSSH = false;

7
hosts/vps1/default.nix
View File

@ -40,6 +40,12 @@
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
security.acme.defaults = {
email = "hostmaster@vimium.com";
group = "nginx";
webroot = "/var/lib/acme/acme-challenge";
};
modules = { modules = {
services = { services = {
borgmatic = { borgmatic = {
@ -56,7 +62,6 @@
headscale.enable = true; headscale.enable = true;
matrix-synapse.enable = true; matrix-synapse.enable = true;
nginx.enable = true; nginx.enable = true;
photoprism.enable = true;
}; };
}; };

7
modules/default.nix
View File

@ -1,10 +1,7 @@
{ {
imports = [ imports = [
./options.nix ./options.nix
./podman.nix
./desktop/gnome.nix ./desktop/gnome.nix
./desktop/hyprland.nix
./desktop/kde.nix
./desktop/mimeapps.nix ./desktop/mimeapps.nix
./desktop/apps/qbittorrent.nix ./desktop/apps/qbittorrent.nix
./desktop/apps/slack.nix ./desktop/apps/slack.nix
@ -34,15 +31,11 @@
./security/gpg.nix ./security/gpg.nix
./security/pass.nix ./security/pass.nix
./services/borgmatic ./services/borgmatic
./services/chrony
./services/coturn ./services/coturn
./services/gitea ./services/gitea
./services/gitea-runner
./services/headscale ./services/headscale
./services/mail
./services/matrix-synapse ./services/matrix-synapse
./services/nginx ./services/nginx
./services/photoprism
./shell/git ./shell/git
./shell/zsh ./shell/zsh
]; ];

8
modules/desktop/gaming/emulators.nix
View File

@ -54,11 +54,11 @@ in {
}; };
config = { config = {
user.packages = with pkgs; [ user.packages = with pkgs.unstable; [
(lib.mkIf cfg.ps1.enable duckstation) (lib.mkIf cfg.ps1.enable duckstation)
(lib.mkIf cfg.ps2.enable unstable.pcsx2) (lib.mkIf cfg.ps2.enable pcsx2)
(lib.mkIf cfg.ps3.enable rpcs3) (lib.mkIf cfg.ps3.enable rpcs3)
(lib.mkIf cfg.psp.enable unstable.ppsspp) (lib.mkIf cfg.psp.enable ppsspp)
(lib.mkIf cfg.ds.enable desmume) (lib.mkIf cfg.ds.enable desmume)
(lib.mkIf (cfg.gba.enable || (lib.mkIf (cfg.gba.enable ||
cfg.gb.enable || cfg.gb.enable ||
@ -68,7 +68,7 @@ in {
(lib.mkIf (cfg.wii.enable || (lib.mkIf (cfg.wii.enable ||
cfg.gamecube.enable) cfg.gamecube.enable)
dolphin-emu) dolphin-emu)
(lib.mkIf cfg.xbox.enable unstable.xemu) (lib.mkIf cfg.xbox.enable xemu)
]; ];
}; };
} }

9
modules/desktop/gaming/lutris.nix
View File

@ -10,13 +10,8 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ user.packages = with pkgs; [
(lutris.override { lutris
extraPkgs = pkgs: [
winePackages.staging
wine64Packages.staging
];
})
vulkan-loader vulkan-loader
vulkan-tools vulkan-tools
]; ];

42
modules/desktop/gnome.nix
View File

@ -100,8 +100,8 @@ in {
window-gap = 8; window-gap = 8;
}; };
"org/gnome/desktop/background" = { "org/gnome/desktop/background" = {
picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jxl"; picture-uri = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-l.jpg";
picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jxl"; picture-uri-dark = "file://${pkgs.gnome.gnome-backgrounds}/share/backgrounds/gnome/adwaita-d.jpg";
}; };
"org/gnome/desktop/peripherals/touchpad" = { "org/gnome/desktop/peripherals/touchpad" = {
tap-to-click = true; tap-to-click = true;
@ -135,8 +135,6 @@ in {
}; };
"org/gnome/Console" = { "org/gnome/Console" = {
font-scale = 1.4; font-scale = 1.4;
use-system-font = false;
custom-font = "ComicShannsMono Nerd Font 10";
}; };
"org/gnome/mutter" = { "org/gnome/mutter" = {
center-new-windows = true; center-new-windows = true;
@ -144,8 +142,8 @@ in {
experimental-features = [ "scale-monitor-framebuffer" ]; experimental-features = [ "scale-monitor-framebuffer" ];
}; };
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false; enable-hot-corners = false;
icon-theme = "MoreWaita";
monospace-font-name = "UbuntuMono Nerd Font 11"; monospace-font-name = "UbuntuMono Nerd Font 11";
}; };
"org/gnome/desktop/wm/keybindings" = { "org/gnome/desktop/wm/keybindings" = {
@ -157,30 +155,39 @@ in {
}; };
}; };
fonts.packages = with pkgs; [
noto-fonts
(nerdfonts.override { fonts = [ "BigBlueTerminal" "ComicShannsMono" "UbuntuMono" ]; })
];
user.packages = with pkgs; [ user.packages = with pkgs; [
authenticator authenticator
# bottles bottles
# bustle bustle
celluloid celluloid
# d-spy d-spy
# drawing drawing
# fragments fragments
gnome.ghex gnome.ghex
# gnome-builder # gnome-builder
gnome-decoder gnome-decoder
gnome-firmware gnome-firmware
gnome-frog gnome-frog
# gnome-obfuscate gnome-obfuscate
gnome-podcasts gnome-podcasts
identity identity
mission-center mission-center
newsflash newsflash
# schemes schemes
shortwave shortwave
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
adw-gtk3 adw-gtk3
bind
bmon
fd
ffmpeg
gnome.gnome-boxes gnome.gnome-boxes
gnomeExtensions.another-window-session-manager gnomeExtensions.another-window-session-manager
# gnomeExtensions.bifocals # gnomeExtensions.bifocals
@ -188,7 +195,7 @@ in {
gnomeExtensions.browser-tabs gnomeExtensions.browser-tabs
gnomeExtensions.burn-my-windows gnomeExtensions.burn-my-windows
gnomeExtensions.desktop-cube gnomeExtensions.desktop-cube
# gnomeExtensions.desktop-zoom gnomeExtensions.desktop-zoom
gnomeExtensions.espresso gnomeExtensions.espresso
gnome44Extensions."flypie@schneegans.github.com" gnome44Extensions."flypie@schneegans.github.com"
# gnomeExtensions.forge # gnomeExtensions.forge
@ -211,11 +218,18 @@ in {
# gnomeExtensions.window-is-ready-remover # gnomeExtensions.window-is-ready-remover
# gnomeExtensions.worksets # gnomeExtensions.worksets
# gnomeExtensions.workspace-matrix # gnomeExtensions.workspace-matrix
iotop
unstable.morewaita-icon-theme unstable.morewaita-icon-theme
ripgrep
rsync
tcpdump
tokei
tree
wl-clipboard
] ++ (if config.virtualisation.podman.enable then [ ] ++ (if config.virtualisation.podman.enable then [
pods pods
] else []); ] else []);
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3; home.services.gpg-agent.pinentryFlavor = "gnome3";
}; };
} }

27
modules/desktop/hyprland.nix
View File

@ -1,27 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.hyprland;
in {
options.modules.desktop.hyprland = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
programs.hyprland.enable = true;
networking.networkmanager.enable = true;
user.packages = with pkgs; [
mpv
];
environment.systemPackages = with pkgs; [
adw-gtk3
];
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-gnome3;
};
}

35
modules/desktop/kde.nix
View File

@ -1,35 +0,0 @@
{ config, lib, pkgs, ... }:
let cfg = config.modules.desktop.kde;
in {
options.modules.desktop.kde = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.xserver = {
enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
desktopManager.plasma5.enable = true;
};
networking.networkmanager.enable = true;
user.packages = with pkgs; [
kmail
mpv
];
environment.systemPackages = with pkgs; [
adw-gtk3
];
home.services.gpg-agent.pinentryPackage = pkgs.pinentry-qt;
};
}

5
modules/desktop/office/libreoffice.nix
View File

@ -11,10 +11,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
user.packages = with pkgs; [ user.packages = with pkgs; [
(if config.modules.desktop.kde.enable == true then libreoffice-qt else libreoffice) libreoffice
hunspell
hunspellDicts.en-gb-large
hunspellDicts.en-us-large
]; ];
}; };
} }

128
modules/editors/neovim/default.nix
View File

@ -11,129 +11,15 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
home.programs.nixvim = { user.packages = with pkgs.unstable; [
enable = true; lunarvim
defaultEditor = true; ];
viAlias = true; env.EDITOR = "lvim";
vimAlias = true;
options = { environment.shellAliases = {
number = true; vim = "lvim";
tabstop = 2; v = "lvim";
shiftwidth = 2;
expandtab = true;
foldlevel = 99;
splitbelow = true;
splitright = true;
undofile = true;
updatetime = 100;
list = true;
};
globals = {
mapleader = ",";
maplocalleader = ",";
};
clipboard = {
register = "unnamedplus";
providers.wl-copy.enable = true;
};
plugins.comment.enable = true;
plugins.hmts.enable = true;
plugins.lightline.enable = true;
plugins.luasnip.enable = true;
plugins.lsp = {
enable = true;
servers = {
bashls.enable = true;
ccls.enable = true;
cssls.enable = true;
eslint.enable = true;
gopls.enable = true;
html.enable = true;
lua-ls.enable = true;
pylsp.enable = true;
nixd.enable = true;
rust-analyzer = {
enable = true;
installCargo = true;
installRustc = true;
};
tsserver.enable = true;
};
};
plugins.nvim-autopairs.enable = true;
plugins.cmp = {
enable = true;
autoEnableSources = true;
settings = {
sources = [
{ name = "nvim_lsp"; }
{ name = "path"; }
{ name = "buffer"; }
];
mapping = {
"<Tab>" = "cmp.mapping(cmp.mapping.select_next_item(), {'i', 's'})";
"<S-Tab>" = "cmp.mapping(cmp.mapping.select_prev_item(), {'i', 's'})";
"<CR>" = "cmp.mapping.confirm({ select = true })";
};
};
};
plugins.telescope = {
enable = true;
keymaps = {
"<leader>ff" = "find_files";
"<leader>fg" = "live_grep";
"<leader>b" = "buffers";
"<leader>fh" = "help_tags";
"<C-p>" = "git_files";
"<C-f>" = "live_grep";
};
};
plugins.treesitter = {
enable = true;
nixvimInjections = true;
folding = true;
indent = true;
};
plugins.treesitter-refactor = {
enable = true;
highlightDefinitions = {
enable = true;
clearOnCursorMove = false;
};
};
plugins.undotree.enable = true;
# plugins.gitsigns.enable = true;
# plugins.gitgutter.enable = true;
# plugins.goyo.enable = true;
# plugins.fugitive.enable = true;
# plugins.fzf-lua.enable = true;
# plugins.neo-tree.enable = true;
# plugins.none-ls.enable = true;
# plugins.nvim-tree.enable = true;
# plugins.oil.enable = true;
# plugins.project-nvim.enable = true;
# plugins.surround.enable = true;
}; };
env.EDITOR = "nvim";
}; };
} }

101
modules/hardware/presonus-studio.nix
View File

@ -7,12 +7,12 @@ let
patched = snd-usb-audio-module.overrideAttrs (prev: { patched = snd-usb-audio-module.overrideAttrs (prev: {
patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ]; patches = [ ./0001-Update-device-ID-for-PreSonus-1824c.patch ];
}); });
upmixConfig = { upmixConfig = ''
"stream.properties" = { stream.properties = {
"channelmix.upmix" = true; channelmix.upmix = true
"channelmix.upmix-method" = "psd"; channelmix.upmix-method = psd
}; }
}; '';
in { in {
options.modules.hardware.presonus-studio = { options.modules.hardware.presonus-studio = {
enable = lib.mkOption { enable = lib.mkOption {
@ -27,62 +27,43 @@ in {
(patched) (patched)
]; ];
# Workaround for mainline module loading instead of patched module environment.etc = {
systemd.services.reload-snd-usb-audio = { "pipewire/pipewire.conf.d/10-network.conf".text = ''
description = "Reload snd_usb_audio kernel module"; context.modules = [
wantedBy = [ "sound.target" ]; {
serviceConfig.Type = "oneshot"; name = libpipewire-module-rtp-session
path = with pkgs; [ args = {
kmod stream.props = {
]; node.name = "rtp-source"
script = '' }
# Only reload if device hasn't been initialised }
if ! cat /proc/asound/card*/usbmixer | grep -q "Mute Main Out Switch"; then }
rmmod snd_usb_audio ]
insmod /run/booted-system/kernel-modules/lib/modules/$(uname -r)/extra/snd-usb-audio.ko.xz
fi
''; '';
}; "pipewire/pipewire.conf.d/surround.conf".text = ''
context.modules = [
services.pipewire.extraConfig = { {
pipewire = { name = libpipewire-module-loopback
"10-network" = { args = {
"context.modules" = [ node.description = "Genelec 4.1 Surround"
{ capture.props = {
"name" = "libpipewire-module-rtp-session"; node.name = "Genelec_Speakers"
"args" = { media.class = "Audio/Sink"
"stream.props" = { audio.position = [ FL FR SL SR LFE ]
"node.name" = "rtp-source"; }
}; playback.props = {
}; node.name = "playback.Genelec_Speakers"
audio.position = [ AUX0 AUX1 AUX3 AUX4 AUX5 ]
target.object = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output"
stream.dont-remix = true
node.passive = true
}
} }
]; }
}; ]
"surround" = { '';
"context.modules" = [ "pipewire/pipewire-pulse.conf.d/40-upmix.conf".text = upmixConfig;
{ "pipewire/client-rt.conf.d/40-upmix.conf".text = upmixConfig;
"name" = "libpipewire-module-loopback";
"args" = {
"node.description" = "Genelec 4.1 Surround";
"capture.props" = {
"node.name" = "Genelec_Speakers";
"media.class" = "Audio/Sink";
"audio.position" = [ "FL" "FR" "SL" "SR" "LFE" ];
};
"playback.props" = {
"node.name" = "playback.Genelec_Speakers";
"audio.position" = [ "AUX0" "AUX1" "AUX3" "AUX4" "AUX5" ];
"target.object" = "alsa_output.usb-PreSonus_Studio_1824c_SC4E21110775-00.multichannel-output";
"stream.dont-remix" = true;
"node.passive" = true;
};
};
}
];
};
};
pipewire-pulse."40-upmix" = upmixConfig;
client-rt."40-upmix" = upmixConfig;
}; };
}; };
} }

25
modules/networking/tailscale.nix
View File

@ -1,9 +1,6 @@
{ config, inputs, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let cfg = config.modules.networking.tailscale;
cfg = config.modules.networking.tailscale;
headscale = "https://headscale.vimium.net";
hostname = config.networking.hostName;
in { in {
options.modules.networking.tailscale = { options.modules.networking.tailscale = {
enable = lib.mkOption { enable = lib.mkOption {
@ -17,24 +14,8 @@ in {
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
age.secrets."passwords/services/tailscale/${hostname}-authkey" = { services.tailscale.enable = true;
file = "${inputs.secrets}/passwords/services/tailscale/${hostname}-authkey.age";
};
environment.systemPackages = [ pkgs.tailscale ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets."passwords/services/tailscale/${hostname}-authkey".path;
extraUpFlags = [
"--login-server"
headscale
];
};
services.openssh.openFirewall = !cfg.restrictSSH; services.openssh.openFirewall = !cfg.restrictSSH;
networking.firewall = { networking.firewall = {
checkReversePath = "loose"; checkReversePath = "loose";
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "tailscale0" ];

4
modules/options.nix
View File

@ -66,10 +66,6 @@ with lib;
}; };
dconf.settings = mkAliasDefinitions options.dconf.settings; dconf.settings = mkAliasDefinitions options.dconf.settings;
}; };
sharedModules = [
inputs.nixvim.homeManagerModules.nixvim
];
}; };
users.users.${config.user.name} = mkAliasDefinitions options.user; users.users.${config.user.name} = mkAliasDefinitions options.user;

45
modules/podman.nix
View File

@ -1,45 +0,0 @@
{ pkgs, lib, config, ... }:
with lib;
let
cfg = config.modules.podman;
in {
options.modules.podman = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable podman on this host";
};
};
config = mkIf cfg.enable {
virtualisation = {
docker.enable = false;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
autoPrune = {
enable = true;
dates = "weekly";
flags = [ "--all" ];
};
extraPackages = [ pkgs.zfs ];
};
containers.storage.settings.storage = {
driver = "zfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
oci-containers.backend = "podman";
};
networking.firewall.interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
}

41
modules/services/chrony/default.nix
View File

@ -1,41 +0,0 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.modules.services.chrony;
in {
options.modules.services.chrony = {
enable = mkOption {
default = false;
example = true;
description = "Enable chrony NTP deamon";
};
config = mkIf cfg.enable {
services.chrony = {
enable = true;
servers = [
"uk.pool.ntp.org"
"time.cloudflare.com"
];
extraConfig = ''
makestep 1.0 3
bindaddress 0.0.0.0
port 123
allow
'';
};
services.timesyncd.enable = mkForce false;
networking.firewall = {
allowedUDPPorts = [ 123 ];
allowedTCPPorts = [ 123 ];
};
};
};
}

226
modules/services/gitea-runner/default.nix
View File

@ -1,226 +0,0 @@
{ pkgs, config, lib, inputs, ... }:
# Based on: https://git.clan.lol/clan/clan-infra/src/branch/main/modules/web01/gitea/actions-runner.nix
with lib;
let
cfg = config.modules.services.gitea-runner;
hostname = config.networking.hostName;
giteaUrl = "https://git.vimium.com";
storeDepsBins = with pkgs; [
coreutils
findutils
gnugrep
gawk
git
nix
nix-update
bash
jq
nodejs
];
storeDeps = pkgs.runCommand "store-deps" { } ''
mkdir -p $out/bin
for dir in ${toString storeDepsBins}; do
for bin in "$dir"/bin/*; do
ln -s "$bin" "$out/bin/$(basename "$bin")"
done
done
# Add SSL CA certs
mkdir -p $out/etc/ssl/certs
cp -a "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" $out/etc/ssl/certs/ca-bundle.crt
'';
in
{
options.modules.services.gitea-runner = {
enable = mkOption {
default = false;
example = true;
description = mdDoc "Enable a runner for Gitea Actions on this host";
};
};
config = mkIf cfg.enable {
modules.podman.enable = true;
systemd.services = {
gitea-runner-nix-image = {
wantedBy = [ "multi-user.target" ];
after = [ "podman.service" ];
requires = [ "podman.service" ];
path = [ config.virtualisation.podman.package pkgs.gnutar pkgs.shadow pkgs.getent ];
script = ''
set -eux -o pipefail
mkdir -p etc/nix
# Create an unpriveleged user that we can use also without the run-as-user.sh script
touch etc/passwd etc/group
groupid=$(cut -d: -f3 < <(getent group nix-ci-user))
userid=$(cut -d: -f3 < <(getent passwd nix-ci-user))
groupadd --prefix $(pwd) --gid "$groupid" nix-ci-user
emptypassword='$6$1ero.LwbisiU.h3D$GGmnmECbPotJoPQ5eoSTD6tTjKnSWZcjHoVTkxFLZP17W9hRi/XkmCiAMOfWruUwy8gMjINrBMNODc7cYEo4K.'
useradd --prefix $(pwd) -p "$emptypassword" -m -d /tmp -u "$userid" -g "$groupid" -G nix-ci-user nix-ci-user
cat <<NIX_CONFIG > etc/nix/nix.conf
accept-flake-config = true
experimental-features = nix-command flakes
NIX_CONFIG
cat <<NSSWITCH > etc/nsswitch.conf
passwd: files mymachines systemd
group: files mymachines systemd
shadow: files
hosts: files mymachines dns myhostname
networks: files
ethers: files
services: files
protocols: files
rpc: files
NSSWITCH
# list the content as it will be imported into the container
tar -cv . | tar -tvf -
tar -cv . | podman import - gitea-runner-nix
'';
serviceConfig = {
RuntimeDirectory = "gitea-runner-nix-image";
WorkingDirectory = "/run/gitea-runner-nix-image";
Type = "oneshot";
RemainAfterExit = true;
};
};
gitea-runner-nix = {
after = [ "gitea-runner-nix-image.service" ];
requires = [ "gitea-runner-nix-image.service" ];
serviceConfig = {
# Hardening (may overlap with DynamicUser=)
# The following options are only for optimizing output of systemd-analyze
AmbientCapabilities = "";
CapabilityBoundingSet = "";
# ProtectClock= adds DeviceAllow=char-rtc r
DeviceAllow = "";
NoNewPrivileges = true;
PrivateDevices = true;
PrivateMounts = true;
PrivateTmp = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
UMask = "0066";
ProtectProc = "invisible";
SystemCallFilter = [
"~@clock"
"~@cpu-emulation"
"~@module"
"~@mount"
"~@obsolete"
"~@raw-io"
"~@reboot"
"~@swap"
# needed by go?
#"~@resources"
"~@privileged"
"~capset"
"~setdomainname"
"~sethostname"
];
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" "AF_UNIX" "AF_NETLINK" ];
# Needs network access
PrivateNetwork = false;
# Cannot be true due to Node
MemoryDenyWriteExecute = false;
# The more restrictive "pid" option makes `nix` commands in CI emit
# "GC Warning: Couldn't read /proc/stat"
# You may want to set this to "pid" if not using `nix` commands
ProcSubset = "all";
# Coverage programs for compiled code such as `cargo-tarpaulin` disable
# ASLR (address space layout randomization) which requires the
# `personality` syscall
# You may want to set this to `true` if not using coverage tooling on
# compiled code
LockPersonality = false;
# Note that this has some interactions with the User setting; so you may
# want to consult the systemd docs if using both.
DynamicUser = true;
};
};
};
users.users.nix-ci-user = {
group = "nix-ci-user";
description = "Used for running nix-based CI jobs";
home = "/var/empty";
isSystemUser = true;
};
users.groups.nix-ci-user = { };
age.secrets."files/services/gitea-runner/${hostname}-token" = {
file = "${inputs.secrets}/files/services/gitea-runner/${hostname}-token.age";
group = "podman";
};
services.gitea-actions-runner.instances = {
act = {
enable = true;
url = giteaUrl;
name = "act-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
runner.capacity = 4;
};
labels = [
"debian-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
"ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"
];
};
nix = {
enable = true;
url = giteaUrl;
name = "nix-runner-${hostname}";
tokenFile = config.age.secrets."files/services/gitea-runner/${hostname}-token".path;
settings = {
cache.enabled = true;
container = {
options = "-e NIX_BUILD_SHELL=/bin/bash -e PAGER=cat -e PATH=/bin -e SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt --device /dev/kvm -v /nix:/nix -v ${storeDeps}/bin:/bin -v ${storeDeps}/etc/ssl:/etc/ssl --user nix-ci-user";
network = "host";
valid_volumes = [
"/nix"
"${storeDeps}/bin"
"${storeDeps}/etc/ssl"
];
};
runner.capacity = 4;
};
labels = [
"nix:docker://gitea-runner-nix"
];
};
};
};
}

21
modules/services/gitea/default.nix
View File

@ -39,13 +39,6 @@ in {
}; };
}; };
systemd.tmpfiles.rules = [
"d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css"
"L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css"
];
services.gitea = rec { services.gitea = rec {
package = pkgs.unstable.gitea; package = pkgs.unstable.gitea;
enable = true; enable = true;
@ -64,23 +57,19 @@ in {
}; };
settings = { settings = {
server = { server = {
DOMAIN = config.networking.domain;
LANDING_PAGE = "explore";
OFFLINE_MODE = true;
PROTOCOL = "http+unix";
SSH_USER = "git"; SSH_USER = "git";
SSH_DOMAIN = "git.vimium.com"; SSH_DOMAIN = "git.vimium.com";
SSH_PORT = lib.head config.services.openssh.ports; SSH_PORT = lib.head config.services.openssh.ports;
OFFLINE_MODE = true;
PROTOCOL = "http+unix";
DOMAIN = config.networking.domain;
ROOT_URL = "https://git.vimium.com/"; ROOT_URL = "https://git.vimium.com/";
}; };
service.DISABLE_REGISTRATION = true; service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
log = { log.ROOT_PATH = "${stateDir}/log";
ROOT_PATH = "${stateDir}/log";
DISABLE_ROUTER_LOG = true;
};
ui = { ui = {
THEMES = "gitea,arc-green,github,github-auto,github-dark"; THEMES = "gitea,arc-green,github-dark,bthree-dark";
DEFAULT_THEME = "github-dark"; DEFAULT_THEME = "github-dark";
}; };
actions.ENABLED = true; actions.ENABLED = true;

38
modules/services/headscale/default.nix
View File

@ -4,7 +4,6 @@ with lib;
let let
cfg = config.modules.services.headscale; cfg = config.modules.services.headscale;
fqdn = "headscale.vimium.net";
in { in {
options.modules.services.headscale = { options.modules.services.headscale = {
enable = mkOption { enable = mkOption {
@ -14,27 +13,8 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.headscale ];
services.headscale = {
enable = true;
port = 8080;
settings = {
ip_prefixes = [
"100.64.0.0/10"
];
server_url = "https://${fqdn}";
dns_config = {
base_domain = "vimium.net";
};
logtail.enabled = false;
};
};
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"${fqdn}" = { "headscale.vimium.net" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
@ -43,5 +23,21 @@ in {
}; };
}; };
}; };
services.headscale = {
enable = true;
port = 8080;
settings = {
server_url = "https://headscale.vimium.net";
dns_config = {
base_domain = "vimium.net";
};
logtail.enabled = false;
};
};
environment.systemPackages = with pkgs; [
config.services.headscale.package
];
}; };
} }

69
modules/services/mail/default.nix
View File

@ -1,69 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.modules.services.mail;
domains = [
"h0lt.com"
"jdholt.com"
"jordanholt.xyz"
"vimium.co"
"vimium.com"
"vimium.co.uk"
"vimium.info"
"vimium.net"
"vimium.org"
"vimium.xyz"
];
in {
options.modules.services.mail = {
enable = lib.mkOption {
default = false;
example = true;
};
};
config = lib.mkIf cfg.enable {
services.roundcube = {
enable = true;
hostName = config.mailserver.fqdn;
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
mailserver = {
enable = true;
fqdn = "mail.vimium.com";
domains = domains;
indexDir = "/var/lib/dovecot/indices";
certificateDomains = [
"imap.vimium.com"
"smtp.vimium.com"
];
certificateScheme = "acme-nginx";
fullTextSearch.enable = true;
loginAccounts = {
"jordan@vimium.com" = {
hashedPasswordFile = config.users.users.jordan.hashedPasswordFile;
catchAll = domains;
};
};
extraVirtualAliases = {
"hostmaster@vimium.com" = "jordan@vimium.com";
"postmaster@vimium.com" = "jordan@vimium.com";
"webmaster@vimium.com" = "jordan@vimium.com";
"abuse@vimium.com" = "jordan@vimium.com";
};
};
};
}

57
modules/services/photoprism/default.nix
View File

@ -1,57 +0,0 @@
{ config, lib, pkgs, inputs, ... }:
with lib;
let cfg = config.modules.services.photoprism;
in {
options.modules.services.photoprism = {
enable = mkOption {
default = false;
example = true;
};
};
config = mkIf cfg.enable {
services.nginx = {
virtualHosts = {
"gallery.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.photoprism.port}";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_buffering off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
};
};
age.secrets."passwords/services/photoprism/admin" = {
file = "${inputs.secrets}/passwords/services/photoprism/admin.age";
};
services.photoprism = {
enable = true;
address = "localhost";
passwordFile = config.age.secrets."passwords/services/photoprism/admin".path;
originalsPath = "${config.services.photoprism.storagePath}/originals";
settings = {
PHOTOPRISM_APP_NAME = "Vimium Gallery";
PHOTOPRISM_SITE_AUTHOR = "Vimium";
PHOTOPRISM_SITE_TITLE = "Vimium Gallery";
PHOTOPRISM_SITE_CAPTION = "Vimium Gallery";
PHOTOPRISM_DISABLE_TLS = "true";
PHOTOPRISM_SPONSOR = "true";
};
};
};
}

4
overlays/gnome.nix
View File

@ -3,8 +3,8 @@ self: super:
gnome = super.gnome.overrideScope' (gself: gsuper: { gnome = super.gnome.overrideScope' (gself: gsuper: {
mutter = gsuper.mutter.overrideAttrs (oldAttrs: { mutter = gsuper.mutter.overrideAttrs (oldAttrs: {
src = super.fetchurl { src = super.fetchurl {
url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-46/mutter-triple-buffering-v4-46.tar.gz"; url = "https://gitlab.gnome.org/Community/Ubuntu/mutter/-/archive/triple-buffering-v4-45/mutter-triple-buffering-v4-45.tar.gz";
sha256 = "Rdao3TR6wG7YcpoD+nFFiCaE+97G0MreBgwsQJa3GCE="; sha256 = "tN+zQ5brk+hc+louIipqPV/Bqft42ghKOzjZZMj5Q8A=";
}; };
}); });
}); });