jordan/nix-config
1
1
Fork 0
Code Issues 10 Pull Requests Actions Projects 3 Wiki Activity

Compare commits

base: jordan:helios-disko
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store
...
compare: jordan:34304b9e91d22ae777904f529a3afbb8c4a7a3a6
Branches Tags
jordan:master jordan:helios-disko jordan:hass jordan:immich jordan:zitadel jordan:skycam jordan:24.05 jordan:lunarvim jordan:matrix jordan:docs jordan:vps1 jordan:wallpapers jordan:fix-odyssey-nix-store

6 Commits
helios-dis ... 34304b9e91

Author SHA1 Message Date
Jordan Holt
34304b9e91 hosts/odyssey: add yubikey tools
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m20s
Details
2025-08-25 21:34:37 +01:00
Jordan Holt
c192217732 agenix-rekey: move to flake part 2025-08-25 21:34:10 +01:00
Jordan Holt
f4b0ae7fb8 flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m41s
Details 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/4073ff2f481f9ef3501678ff479ed81402caae6d?narHash=sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc%3D' (2025-08-18)
  → 'github:nix-community/disko/bafad29f89e83b2d861b493aa23034ea16595560?narHash=sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM%3D' (2025-08-25)
• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/99f0c72d0073f7c8057cd41b03aadec3af68fbeb?narHash=sha256-LnSZjUAXoQ6C4kw5PELOE1cmRzTF7pJ4fdi7E4NZl/E%3D' (2025-08-24)
  → 'github:rafaelmardojai/firefox-gnome-theme/b655eaf16d4cbec9c3472f62eee285d4b419a808?narHash=sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo%3D' (2025-08-25)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/ced38b1b0f46f9fbdf9d37644d27bdbd2a29af1d?narHash=sha256-BVYvquLQY3VjkqosOrLBPLUo2AwujQGS40DTuHYsYdg%3D' (2025-08-24)
  → 'github:hyprwm/Hyprland/0ed880f3f7dc2c746bf3590eee266c010d737558?narHash=sha256-LnlqoXiF%2BHfK2vU0hPwXB2BFy/Pkxtv86zIGdz2Ur9s%3D' (2025-08-24)
• Updated input 'hyprland/aquamarine':
    'github:hyprwm/aquamarine/be166e11d86ba4186db93e10c54a141058bdce49?narHash=sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk%3D' (2025-07-22)
  → 'github:hyprwm/aquamarine/50637ed23e962f0db294d6b0ef534f37b144644b?narHash=sha256-EjaD8%2Bd7AiAV2fGRN4NTMboWDwk8szDfwbzZ8DL1PhQ%3D' (2025-08-19)
• Updated input 'hyprland/hyprutils':
    'github:hyprwm/hyprutils/df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd?narHash=sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI%3D' (2025-08-06)
  → 'github:hyprwm/hyprutils/e631ea36ddba721eceda69bfee6dd01068416489?narHash=sha256-PosTxeL39YrLvCX5MqqPA6NNWQ4T5ea5K55nmN7ju9Q%3D' (2025-08-17)
• Updated input 'hyprland/hyprwayland-scanner':
    'github:hyprwm/hyprwayland-scanner/fcca0c61f988a9d092cbb33e906775014c61579d?narHash=sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao%3D' (2025-07-07)
  → 'github:hyprwm/hyprwayland-scanner/b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d?narHash=sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw%3D' (2025-08-14)
• Updated input 'hyprland/nixpkgs':
    'github:NixOS/nixpkgs/85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054?narHash=sha256-iAcj9T/Y%2B3DBy2J0N%2ByF9XQQQ8IEb5swLFzs23CdP88%3D' (2025-08-09)
  → 'github:NixOS/nixpkgs/fbcf476f790d8a217c3eab4e12033dc4a0f6d23c?narHash=sha256-wNO3%2BKs2jZJ4nTHMuks%2BcxAiVBGNuEBXsT29Bz6HASo%3D' (2025-08-14)
• Updated input 'hyprland/pre-commit-hooks':
    'github:cachix/git-hooks.nix/9c52372878df6911f9afc1e2a1391f55e4dfc864?narHash=sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef%2B6fRcofA%3D' (2025-08-05)
  → 'github:cachix/git-hooks.nix/4b04db83821b819bbbe32ed0a025b31e7971f22e?narHash=sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW%2B7uSsOUM%3D' (2025-08-17)
• Updated input 'hyprland/xdph':
    'github:hyprwm/xdg-desktop-portal-hyprland/371b96bd11ad2006ed4f21229dbd1be69bed3e8a?narHash=sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0%3D' (2025-07-27)
  → 'github:hyprwm/xdg-desktop-portal-hyprland/a10726d6a8d0ef1a0c645378f983b6278c42eaa0?narHash=sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4%3D' (2025-08-16)
 2025-08-25 18:59:58 +01:00
Jordan Holt
b1a693dec8 hosts/vps1: update README.md
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m21s
Details
2025-08-24 17:26:02 +01:00
Jordan Holt
f7624fa703 hosts/vps1: add vaultwarden
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m16s
Details
2025-08-24 17:24:56 +01:00
Jordan Holt
91aa798243 flake.lock: Update
All checks were successful
Check flake / build-amd64-linux (push) Successful in 1m21s
Details 
Flake lock file updates:

• Updated input 'firefox-gnome-theme':
    'github:rafaelmardojai/firefox-gnome-theme/6fafa0409ad451b90db466f900b7549a1890bf1a?narHash=sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY%3D' (2025-08-22)
  → 'github:rafaelmardojai/firefox-gnome-theme/99f0c72d0073f7c8057cd41b03aadec3af68fbeb?narHash=sha256-LnSZjUAXoQ6C4kw5PELOE1cmRzTF7pJ4fdi7E4NZl/E%3D' (2025-08-24)
• Updated input 'hyprland':
    'github:hyprwm/Hyprland/0d45b277d6c750377b336034b8adc53eae238d91?narHash=sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y%3D' (2025-08-22)
  → 'github:hyprwm/Hyprland/ced38b1b0f46f9fbdf9d37644d27bdbd2a29af1d?narHash=sha256-BVYvquLQY3VjkqosOrLBPLUo2AwujQGS40DTuHYsYdg%3D' (2025-08-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/9cb344e96d5b6918e94e1bca2d9f3ea1e9615545?narHash=sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A%3D' (2025-08-20)
  → 'github:NixOS/nixpkgs/b1b3291469652d5a2edb0becc4ef0246fff97a7c?narHash=sha256-wY1%2B2JPH0ZZC4BQefoZw/k%2B3%2BDowFyfOxv17CN/idKs%3D' (2025-08-23)
• Updated input 'pre-commit-hooks':
    'github:cachix/git-hooks.nix/3ff4596663c8cbbffe06d863ee4c950bce2c3b78?narHash=sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc%3D' (2025-08-22)
  → 'github:cachix/git-hooks.nix/e891a93b193fcaf2fc8012d890dc7f0befe86ec2?narHash=sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs%3D' (2025-08-23)
 2025-08-24 10:45:31 +01:00
8 changed files with 155 additions and 41 deletions
Expand all files Collapse all files

74
flake.lock generated
View File

@@ -71,11 +71,11 @@
]
},
"locked": {
"lastModified": 1753216019,
"narHash": "sha256-zik7WISrR1ks2l6T1MZqZHb/OqroHdJnSnAehkE0kCk=",
"lastModified": 1755632680,
"narHash": "sha256-EjaD8+d7AiAV2fGRN4NTMboWDwk8szDfwbzZ8DL1PhQ=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "be166e11d86ba4186db93e10c54a141058bdce49",
"rev": "50637ed23e962f0db294d6b0ef534f37b144644b",
"type": "github"
},
"original": {
@@ -213,11 +213,11 @@
]
},
"locked": {
"lastModified": 1755519972,
"narHash": "sha256-bU4nqi3IpsUZJeyS8Jk85ytlX61i4b0KCxXX9YcOgVc=",
"lastModified": 1756115622,
"narHash": "sha256-iv8xVtmLMNLWFcDM/HcAPLRGONyTRpzL9NS09RnryRM=",
"owner": "nix-community",
"repo": "disko",
"rev": "4073ff2f481f9ef3501678ff479ed81402caae6d",
"rev": "bafad29f89e83b2d861b493aa23034ea16595560",
"type": "github"
},
"original": {
@@ -229,11 +229,11 @@
"firefox-gnome-theme": {
"flake": false,
"locked": {
"lastModified": 1755874650,
"narHash": "sha256-ClHCtrzwU6TIfK0qOzAsfPY4swrpbZ8SwUpBpVwphaY=",
"lastModified": 1756083905,
"narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=",
"owner": "rafaelmardojai",
"repo": "firefox-gnome-theme",
"rev": "6fafa0409ad451b90db466f900b7549a1890bf1a",
"rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808",
"type": "github"
},
"original": {
@@ -605,11 +605,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1755883465,
"narHash": "sha256-/yviTS9piazXoZAmnN0dXnYjDAFvooBnzJfPw2Gi30Y=",
"lastModified": 1756069181,
"narHash": "sha256-LnlqoXiF+HfK2vU0hPwXB2BFy/Pkxtv86zIGdz2Ur9s=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "0d45b277d6c750377b336034b8adc53eae238d91",
"rev": "0ed880f3f7dc2c746bf3590eee266c010d737558",
"type": "github"
},
"original": {
@@ -782,11 +782,11 @@
]
},
"locked": {
"lastModified": 1754481650,
"narHash": "sha256-6u6HdEFJh5gY6VfyMQbhP7zDdVcqOrCDTkbiHJmAtMI=",
"lastModified": 1755416120,
"narHash": "sha256-PosTxeL39YrLvCX5MqqPA6NNWQ4T5ea5K55nmN7ju9Q=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "df6b8820c4a0835d83d0c7c7be86fbc555f1f7fd",
"rev": "e631ea36ddba721eceda69bfee6dd01068416489",
"type": "github"
},
"original": {
@@ -807,11 +807,11 @@
]
},
"locked": {
"lastModified": 1751897909,
"narHash": "sha256-FnhBENxihITZldThvbO7883PdXC/2dzW4eiNvtoV5Ao=",
"lastModified": 1755184602,
"narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "fcca0c61f988a9d092cbb33e906775014c61579d",
"rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
"type": "github"
},
"original": {
@@ -946,11 +946,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1754725699,
"narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@@ -1008,11 +1008,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755704039,
"narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
"lastModified": 1755922037,
"narHash": "sha256-wY1+2JPH0ZZC4BQefoZw/k+3+DowFyfOxv17CN/idKs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
"rev": "b1b3291469652d5a2edb0becc4ef0246fff97a7c",
"type": "github"
},
"original": {
@@ -1078,11 +1078,11 @@
]
},
"locked": {
"lastModified": 1754416808,
"narHash": "sha256-c6yg0EQ9xVESx6HGDOCMcyRSjaTpNJP10ef+6fRcofA=",
"lastModified": 1755446520,
"narHash": "sha256-I0Ok1OGDwc1jPd8cs2VvAYZsHriUVFGIUqW+7uSsOUM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9c52372878df6911f9afc1e2a1391f55e4dfc864",
"rev": "4b04db83821b819bbbe32ed0a025b31e7971f22e",
"type": "github"
},
"original": {
@@ -1100,11 +1100,11 @@
]
},
"locked": {
"lastModified": 1755879220,
"narHash": "sha256-2KZl6cU5rzEwXKMW369kLTzinJXXkF3TRExA6qEeVbc=",
"lastModified": 1755960406,
"narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "3ff4596663c8cbbffe06d863ee4c950bce2c3b78",
"rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2",
"type": "github"
},
"original": {
@@ -1143,11 +1143,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1755887038,
"narHash": "sha256-HoEMwFfR3rwNxwJjFCbj3rfW8k6EabHuMJAZOwsT95c=",
"lastModified": 1756051653,
"narHash": "sha256-JJkQliqI7zn+esLnKQP82eQEuolNz8IELm/BYGPTvEw=",
"ref": "refs/heads/master",
"rev": "9e47b557087ebde3a30c9f97189d110c29d144fd",
"revCount": 40,
"rev": "01cf200f61946ac9f259f9163933ea1749cb3531",
"revCount": 41,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},
@@ -1349,11 +1349,11 @@
]
},
"locked": {
"lastModified": 1753633878,
"narHash": "sha256-js2sLRtsOUA/aT10OCDaTjO80yplqwOIaLUqEe0nMx0=",
"lastModified": 1755354946,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "371b96bd11ad2006ed4f21229dbd1be69bed3e8a",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
"type": "github"
},
"original": {

2
flake.nix
View File

@@ -113,10 +113,10 @@
}:
flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
inputs.agenix-rekey.flakeModule
inputs.pre-commit-hooks.flakeModule
inputs.nix-topology.flakeModule
inputs.treefmt-nix.flakeModule
./nix/agenix-rekey.nix
./nix/devshell.nix
./nix/hosts.nix
];

2
hosts/common.nix
View File

@@ -6,7 +6,7 @@
}:
{
imports = [
inputs.agenix.nixosModules.age
inputs.agenix.nixosModules.default
inputs.home-manager.nixosModules.home-manager
../modules/nixos
../modules/nixos/impermanence.nix

11
hosts/odyssey/default.nix
View File

@@ -50,6 +50,17 @@
capSysAdmin = true;
};
environment.systemPackages = with pkgs; [
yubikey-manager
age-plugin-yubikey
];
services.udev.packages = with pkgs; [
libfido2
];
services.pcscd.enable = true;
modules = {
hardware.presonus-studio.enable = true;
services = {

4
hosts/vps1/README.md
View File

@@ -6,8 +6,8 @@ VPS hosted in OVH.
## Specs
- CPU - ??
- Memory - ??
- CPU - 4 vCores
- Memory - 4 GB
### Disks

1
hosts/vps1/default.nix
View File

@@ -12,6 +12,7 @@
./matrix.nix
./nginx.nix
./photoprism.nix
./vaultwarden.nix
../server.nix
];

73
hosts/vps1/vaultwarden.nix Normal file
View File

@@ -0,0 +1,73 @@
{
inputs,
config,
lib,
...
}:
let
inherit (lib)
mkForce
;
baseDomain = "vimium.com";
domain = "vaultwarden.${baseDomain}";
in
{
age.secrets."files/services/vaultwarden/envfile" = {
file = "${inputs.secrets}/files/services/vaultwarden/envfile.age";
};
services.vaultwarden = {
enable = true;
dbBackend = "sqlite";
backupDir = "/var/cache/vaultwarden-backup";
config = {
dataFolder = mkForce "/var/lib/vaultwarden";
useSysLog = true;
webVaultEnabled = true;
rocketPort = 8222;
signupsAllowed = false;
passwordIterations = 1000000;
invitationsAllowed = true;
invitationOrgName = "Vaultwarden";
domain = "https://${domain}";
};
environmentFile = config.age.secrets."files/services/vaultwarden/envfile".path;
};
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.rocketPort}";
proxyWebsockets = true;
};
};
};
systemd.services.backup-vaultwarden.environment.DATA_FOLDER = mkForce "/var/lib/vaultwarden";
systemd.services.vaultwarden.serviceConfig = {
StateDirectory = mkForce "vaultwarden";
RestartSec = "60";
};
environment.persistence."/persist".directories = [
{
directory = "/var/lib/vaultwarden";
user = "vaultwarden";
group = "vaultwarden";
mode = "0700";
}
];
environment.persistence."/state".directories = [
{
directory = config.services.vaultwarden.backupDir;
user = "vaultwarden";
group = "vaultwarden";
mode = "0700";
}
];
}

29
nix/agenix-rekey.nix Normal file
View File

@@ -0,0 +1,29 @@
{
inputs,
...
}:
{
imports = [
inputs.agenix-rekey.flakeModule
];
perSystem =
{ config, ... }:
{
agenix-rekey.nixosConfigurations = inputs.self.nixosConfigurations;
devshells.default = {
commands = [
{
inherit (config.agenix-rekey) package;
help = "Edit, generate, and rekey secrets";
}
];
env = [
{
name = "AGENIX_REKEY_ADD_TO_GIT";
value = "true";
}
];
};
};
}