ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
fork atom

Compare changes

Choose any two refs to compare.

+1492 -3821
unified split
+2
.tsk/archive/tsk-1.tsk
··· 1 + Remove immich overlay 2 +
+2
.tsk/archive/tsk-2.tsk
··· 1 + Remove plex overlay 2 +
+2
.tsk/archive/tsk-3.tsk
··· 1 + finish migration to flake 2 +
+1
.tsk/index
··· 1 + tsk-1 Remove immich overlay 1755227223
+1
.tsk/next
··· 1 + 4
+1
.tsk/tasks/tsk-1.tsk
··· 1 + ../archive/tsk-1.tsk
+6 -1
boot.nix
··· 1 - { ... }: { 1 + { ... }: 2 + { 2 3 # Use the systemd-boot EFI boot loader. 3 4 boot.loader.systemd-boot.enable = true; 4 5 boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ "shokuhou" "mentalout" ]; 5 10 }
-31
common.nix
··· 1 - { ... }: 2 - { 3 - # Set your time zone. 4 - time.timeZone = "America/Chicago"; 5 - 6 - # Select internationalisation properties. 7 - i18n.defaultLocale = "en_US.UTF-8"; 8 - # console = { 9 - # font = "Lat2-Terminus16"; 10 - # keyMap = "us"; 11 - # useXkbConfig = true; # use xkb.options in tty. 12 - # }; 13 - 14 - # Automatic doc cache generation 15 - documentation.man.generateCaches = true; 16 - 17 - # Automatic system upgrades 18 - system.autoUpgrade = { 19 - enable = true; 20 - dates = "09:00"; 21 - randomizedDelaySec = "45min"; 22 - }; 23 - 24 - # Automatic Garbage Collection 25 - nix.gc.automatic = true; 26 - nix.gc.options = "--delete-older-than 8d"; 27 - nix.settings.trusted-users = [ "@wheel" ]; 28 - 29 - # I don't care that much about free vs unfree 30 - nixpkgs.config.allowUnfree = true; 31 - }
+67
configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { ... }: 6 + 7 + { 8 + imports = 9 + [ 10 + # Include the results of the hardware scan. 11 + ./hardware-configuration.nix 12 + ./boot.nix 13 + ./networking.nix 14 + #./gui.nix 15 + ./users.nix 16 + ./packages.nix 17 + ./services.nix 18 + ]; 19 + # Set your time zone. 20 + time.timeZone = "America/Chicago"; 21 + 22 + # Select internationalisation properties. 23 + i18n.defaultLocale = "en_US.UTF-8"; 24 + # console = { 25 + # font = "Lat2-Terminus16"; 26 + # keyMap = "us"; 27 + # useXkbConfig = true; # use xkb.options in tty. 28 + # }; 29 + 30 + # Copy the NixOS configuration file and link it from the resulting system 31 + # (/run/current-system/configuration.nix). This is useful in case you 32 + # accidentally delete configuration.nix. 33 + #system.copySystemConfiguration = true; 34 + 35 + # Automatic doc cache generation 36 + documentation.man.generateCaches = true; 37 + 38 + # Automatic system upgrades 39 + system.autoUpgrade = { 40 + enable = true; 41 + dates = "09:00"; 42 + randomizedDelaySec = "45min"; 43 + }; 44 + 45 + # Automatic Garbage Collection 46 + nix.gc.automatic = true; 47 + nix.gc.options = "--delete-older-than 8d"; 48 + 49 + # This option defines the first version of NixOS you have installed on this particular machine, 50 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 51 + # 52 + # Most users should NEVER change this value after the initial install, for any reason, 53 + # even if you've upgraded your system to a new NixOS release. 54 + # 55 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 56 + # so changing it will NOT upgrade your system. 57 + # 58 + # This value being lower than the current NixOS release does NOT mean your system is 59 + # out of date, out of support, or vulnerable. 60 + # 61 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 62 + # and migrated your data accordingly. 63 + # 64 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 65 + system.stateVersion = "23.11"; # Did you read the comment? 66 + 67 + }
+1
coredns/localhost.hosts
··· 1 + 127.0.0.1 *.localhost
+9
coredns/ngp.computer.hosts
··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 6 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 7 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer
+17
coredns/packetlost.dev.hosts
··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou
-254
default-home.nix
··· 1 - { 2 - pkgs, 3 - unstable, 4 - inputs, 5 - config, 6 - ... 7 - }: 8 - { 9 - imports = [ 10 - inputs.agenix.homeManagerModules.default 11 - ]; 12 - home.username = "noah"; 13 - home.homeDirectory = "/home/noah"; 14 - 15 - age.identityPaths = [ 16 - "${config.home.homeDirectory}/.ssh/id_rsa" 17 - "${config.home.homeDirectory}/.ssh/id_ed25519" 18 - "${config.home.homeDirectory}/.ssh/id_ed25519_age" 19 - ]; 20 - 21 - home.packages = with pkgs; [ 22 - inputs.agenix.packages."${system}".agenix 23 - # main tool 24 - direnv 25 - tree 26 - btop 27 - htop 28 - rsync 29 - unzip 30 - fd 31 - ripgrep 32 - catgirl 33 - netcat 34 - stunnel 35 - fzf 36 - iperf3 37 - entr 38 - lf 39 - #devenv # broken 40 - plan9port 41 - pwgen 42 - metastore 43 - isync 44 - pass 45 - tmux 46 - age 47 - 48 - # Dev tools 49 - gcc 50 - go 51 - unstable.gopls 52 - gnumake 53 - babashka 54 - # Babashka common aliases 55 - neil 56 - ccls 57 - clojure 58 - unstable.clj-kondo 59 - unstable.clojure-lsp 60 - unstable.janet 61 - unstable.jpm 62 - graalvmPackages.graalvm-ce 63 - cmake 64 - universal-ctags 65 - kotlin 66 - nodejs 67 - node2nix 68 - opam 69 - rustup 70 - zig 71 - scala_3 72 - scalafmt 73 - # scala LSP 74 - unstable.metals 75 - # Scala / Java build tool 76 - sbt 77 - luarocks 78 - luajit 79 - lua-language-server 80 - leiningen 81 - libressl 82 - erlang 83 - elixir 84 - ghc 85 - nil 86 - python3 87 - typescript 88 - #vscode-langservers-extracted 89 - scdoc 90 - #dockerfile-language-server-nodejs 91 - #yaml-language-server 92 - mkcert 93 - natscli 94 - poetry 95 - sqlite 96 - pandoc 97 - unstable.harec 98 - unstable.hare 99 - unstable.haredo 100 - unstable.haredoc 101 - unstable.gleam 102 - unstable.rebar3 103 - unstable.bun 104 - unstable.gh 105 - unstable.kraft 106 - #unstable.claude-code 107 - 108 - # Python dev tools 109 - pyright 110 - python313Packages.python-lsp-server 111 - python313Packages.python-lsp-ruff 112 - 113 - # Certificate Management 114 - minica 115 - mkcert 116 - step-cli 117 - 118 - ]; 119 - 120 - nix = { 121 - #package = pkgs.nix; 122 - settings = { 123 - experimental-features = [ 124 - "nix-command" 125 - "flakes" 126 - ]; 127 - extra-trusted-users = [ 128 - "noah" 129 - ]; 130 - extra-substituters = [ 131 - "https://cache.ngp.computer" 132 - ]; 133 - extra-trusted-public-keys = [ 134 - "misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=" 135 - ]; 136 - }; 137 - }; 138 - 139 - programs.fish = { 140 - enable = true; 141 - #package = unstable.fish; 142 - }; 143 - programs.neovim = { 144 - #package = unstable.neovim-unwrapped; 145 - enable = true; 146 - defaultEditor = true; 147 - withNodeJs = true; 148 - withPython3 = true; 149 - extraPackages = with pkgs; [ 150 - unstable.fzf 151 - unstable.ripgrep 152 - luarocks 153 - unstable.tree-sitter 154 - ]; 155 - }; 156 - programs.home-manager.enable = true; 157 - programs.helix.enable = true; 158 - programs.jujutsu = { 159 - enable = true; 160 - }; 161 - programs.git = { 162 - enable = true; 163 - lfs.enable = true; 164 - settings.user.name = "Noah Pederson"; 165 - settings.user.email = "noah@packetlost.dev"; 166 - extraConfig = { 167 - sendemail = { 168 - smtpserver = "smtp.migadu.com"; 169 - smtpuser = "noah@packetlost.dev"; 170 - smptencryption = "tls"; 171 - smtpserverport = 587; 172 - }; 173 - init = { 174 - defaultBranch = "master"; 175 - }; 176 - pull = { 177 - rebase = true; 178 - }; 179 - credential = { 180 - helper = "cache"; 181 - }; 182 - rerere.enable = true; 183 - }; 184 - ignores = [ 185 - ".direnv/" 186 - ".envrc" 187 - "flake.nix" 188 - "shell.nix" 189 - ".env/" 190 - ".clj-kondo/" 191 - ]; 192 - }; 193 - programs.aerc = { 194 - enable = true; 195 - package = unstable.aerc; 196 - }; 197 - programs.ssh = { 198 - enable = true; 199 - matchBlocks."*".addKeysToAgent = "yes"; 200 - }; 201 - 202 - services.ssh-agent.enable = true; 203 - services.mako.enable = false; 204 - 205 - programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 206 - services.gpg-agent = { 207 - enable = true; 208 - defaultCacheTtl = 1800; 209 - }; 210 - 211 - programs.direnv = { 212 - enable = true; 213 - nix-direnv.enable = true; 214 - }; 215 - 216 - xdg.enable = true; 217 - 218 - # Independent config files. 219 - xdg.configFile.nvim = { 220 - source = ./nvim; 221 - recursive = true; 222 - }; 223 - 224 - xdg.configFile.vis = { 225 - source = ./vis; 226 - recursive = true; 227 - }; 228 - 229 - xdg.configFile.fish = { 230 - source = ./fish; 231 - recursive = true; 232 - force = true; 233 - }; 234 - 235 - xdg.configFile.aerc = { 236 - source = ./aerc; 237 - recursive = true; 238 - }; 239 - 240 - home.file.".local/bin" = { 241 - source = ./scripts; 242 - recursive = true; 243 - }; 244 - age.secrets.catgirl-libera = { 245 - file = ./secrets/catgirl-libera.age; 246 - path = "${config.xdg.configHome}/catgirl/libera"; 247 - symlink = true; 248 - }; 249 - 250 - manual.manpages.enable = true; 251 - 252 - home.stateVersion = "23.11"; 253 - 254 - }
+16
default.nix
··· 1 + let 2 + nix-pre-commit-hooks = import (builtins.fetchTarball "https://github.com/cachix/pre-commit-hooks.nix/tarball/master"); 3 + in 4 + { 5 + # Configured with the module options defined in `modules/pre-commit.nix`: 6 + pre-commit-check = nix-pre-commit-hooks.run { 7 + src = ./.; 8 + # If your hooks are intrusive, avoid running on each commit with a default_states like this: 9 + # default_stages = ["manual" "push"]; 10 + hooks = { 11 + nixpkgs-fmt.enable = true; 12 + nil.enable = true; 13 + luacheck.enable = true; 14 + }; 15 + }; 16 + }
+5 -17
fish/config.fish
··· 17 17 abbr gd "git diff" 18 18 abbr ga "git add" 19 19 abbr glog "git log –graph –decorate –oneline –all" 20 - if type -q "emanote" 21 - abbr n "cd ~/repos/notes" 22 - abbr ne "cd ~/repos/notes; nvim" 23 - end 24 - 25 - abbr srhtclone "git clone git@git.sr.ht:~chiefnoah/" 26 - abbr ghclone "git clone git@github.com:chiefnoah/" 27 20 28 21 if test -d "~/repos" 29 22 alias r "cd ~/repos" 30 23 end 31 24 25 + # We start the ssh-agent in noah-home.nix, so we'll add the socket to the environment 32 26 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 33 - # PATH stuff 34 27 35 - if test -z "(pgrep ssh-agent)" 36 - eval (ssh-agent -c) > /dev/null # no output 37 - set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 38 - set -Ux SSH_AGENT_PID $SSH_AGENT_PID 39 - set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 40 - end 28 + # PATH stuff 41 29 42 - # Run ssh-agent 43 30 if type -q "direnv" 44 31 direnv hook fish | source 45 32 set -g direnv_fish_mode eval_on_arrow ··· 53 40 # NATS config 54 41 set -Ux NATS_URL tls://misaki.local 55 42 set -Ux NATS_CA /srv/nats/minica.pem 56 - set -Ux NATS_CERT /srv/nats/touma-nixos@packetlost.dev/cert.pem 57 - set -Ux NATS_KEY /srv/nats/touma-nixos@packetlost.dev/key.pem 43 + set -Ux NATS_CERT /srv/nats/misaki.packetlost.dev/cert.pem 44 + set -Ux NATS_KEY /srv/nats/misaki.packetlost.dev/key.pem 45 + 58 46 59 47 # Keybindings 60 48 fish_default_key_bindings
+1 -1
fish/functions/lfcd.fish
··· 13 13 14 14 function lfcd 15 15 set tmp (mktemp) 16 - lf -last-dir-path=$tmp $argv 16 + yazi --cwd-file=$tmp $argv 17 17 if test -f "$tmp" 18 18 set dir (cat $tmp) 19 19 rm -f $tmp
+78 -89
flake.lock
··· 4 4 "inputs": { 5 5 "darwin": "darwin", 6 6 "home-manager": "home-manager", 7 - "nixpkgs": [ 8 - "nixpkgs" 9 - ], 7 + "nixpkgs": "nixpkgs", 10 8 "systems": "systems" 11 9 }, 12 10 "locked": { ··· 48 46 "determinate-nixd-aarch64-darwin": { 49 47 "flake": false, 50 48 "locked": { 51 - "narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=", 49 + "narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=", 52 50 "type": "file", 53 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 51 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 54 52 }, 55 53 "original": { 56 54 "type": "file", 57 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 55 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 58 56 } 59 57 }, 60 58 "determinate-nixd-aarch64-linux": { 61 59 "flake": false, 62 60 "locked": { 63 - "narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=", 61 + "narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=", 64 62 "type": "file", 65 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 63 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 66 64 }, 67 65 "original": { 68 66 "type": "file", 69 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 67 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 70 68 } 71 69 }, 72 70 "determinate-nixd-x86_64-linux": { 73 71 "flake": false, 74 72 "locked": { 75 - "narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=", 73 + "narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=", 76 74 "type": "file", 77 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 75 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 78 76 }, 79 77 "original": { 80 78 "type": "file", 81 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 79 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 82 80 } 83 81 }, 84 82 "determinite": { ··· 92 90 ] 93 91 }, 94 92 "locked": { 95 - "lastModified": 1768964099, 96 - "narHash": "sha256-sV1OJYyktJRl7I3HxeBvWTWXjqm2uCTS3gS1p+DLn7c=", 97 - "rev": "a5469e9aa3870941320cb92d899b66e141c5a3cd", 98 - "revCount": 394, 93 + "lastModified": 1766549083, 94 + "narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=", 95 + "rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346", 96 + "revCount": 318, 99 97 "type": "tarball", 100 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz" 98 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz" 101 99 }, 102 100 "original": { 103 101 "type": "tarball", ··· 123 121 "flake-compat_2": { 124 122 "flake": false, 125 123 "locked": { 126 - "lastModified": 1767039857, 127 - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 124 + "lastModified": 1761588595, 125 + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", 128 126 "owner": "edolstra", 129 127 "repo": "flake-compat", 130 - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 128 + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", 131 129 "type": "github" 132 130 }, 133 131 "original": { ··· 136 134 "type": "github" 137 135 } 138 136 }, 139 - "flake-compat_3": { 140 - "flake": false, 141 - "locked": { 142 - "lastModified": 1767039857, 143 - "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 144 - "owner": "NixOS", 145 - "repo": "flake-compat", 146 - "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 147 - "type": "github" 148 - }, 149 - "original": { 150 - "owner": "NixOS", 151 - "repo": "flake-compat", 152 - "type": "github" 153 - } 154 - }, 155 137 "flake-parts": { 156 138 "inputs": { 157 139 "nixpkgs-lib": [ ··· 248 230 ] 249 231 }, 250 232 "locked": { 251 - "lastModified": 1768949235, 252 - "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", 233 + "lastModified": 1767024057, 234 + "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=", 253 235 "owner": "nix-community", 254 236 "repo": "home-manager", 255 - "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", 237 + "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1", 256 238 "type": "github" 257 239 }, 258 240 "original": { ··· 266 248 "inputs": { 267 249 "flake-parts": "flake-parts", 268 250 "git-hooks-nix": "git-hooks-nix", 269 - "nixpkgs": "nixpkgs", 251 + "nixpkgs": "nixpkgs_2", 270 252 "nixpkgs-23-11": "nixpkgs-23-11", 271 253 "nixpkgs-regression": "nixpkgs-regression" 272 254 }, 273 255 "locked": { 274 - "lastModified": 1768960381, 275 - "narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=", 276 - "rev": "45ce621408cb8c9a724193d5fe858eb839662db8", 277 - "revCount": 24453, 256 + "lastModified": 1766546676, 257 + "narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=", 258 + "rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307", 259 + "revCount": 24299, 278 260 "type": "tarball", 279 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz" 261 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz" 280 262 }, 281 263 "original": { 282 264 "type": "tarball", 283 265 "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 284 266 } 285 267 }, 286 - "nixos-wsl": { 287 - "inputs": { 288 - "flake-compat": "flake-compat_2", 289 - "nixpkgs": [ 290 - "nixpkgs" 291 - ] 292 - }, 268 + "nixpkgs": { 293 269 "locked": { 294 - "lastModified": 1769217863, 295 - "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", 296 - "owner": "nix-community", 297 - "repo": "NixOS-WSL", 298 - "rev": "38a5250e57f583662eac3b944830e4b9e169e965", 270 + "lastModified": 1754028485, 271 + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", 272 + "owner": "NixOS", 273 + "repo": "nixpkgs", 274 + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", 299 275 "type": "github" 300 276 }, 301 277 "original": { 302 - "owner": "nix-community", 303 - "ref": "main", 304 - "repo": "NixOS-WSL", 278 + "owner": "NixOS", 279 + "ref": "nixos-25.05", 280 + "repo": "nixpkgs", 305 281 "type": "github" 306 282 } 307 283 }, 308 - "nixpkgs": { 309 - "locked": { 310 - "lastModified": 1761597516, 311 - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 312 - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 313 - "revCount": 811874, 314 - "type": "tarball", 315 - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 316 - }, 317 - "original": { 318 - "type": "tarball", 319 - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 320 - } 321 - }, 322 284 "nixpkgs-23-11": { 323 285 "locked": { 324 286 "lastModified": 1717159533, ··· 353 315 }, 354 316 "nixpkgs-unstable": { 355 317 "locked": { 356 - "lastModified": 1769018530, 357 - "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", 318 + "lastModified": 1766902085, 319 + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", 358 320 "owner": "nixos", 359 321 "repo": "nixpkgs", 360 - "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", 322 + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", 361 323 "type": "github" 362 324 }, 363 325 "original": { ··· 369 331 }, 370 332 "nixpkgs_2": { 371 333 "locked": { 372 - "lastModified": 1769089682, 373 - "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", 334 + "lastModified": 1761597516, 335 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 336 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 337 + "revCount": 811874, 338 + "type": "tarball", 339 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 340 + }, 341 + "original": { 342 + "type": "tarball", 343 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 344 + } 345 + }, 346 + "nixpkgs_3": { 347 + "locked": { 348 + "lastModified": 1767047869, 349 + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", 374 350 "owner": "nixos", 375 351 "repo": "nixpkgs", 376 - "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", 352 + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", 377 353 "type": "github" 378 354 }, 379 355 "original": { ··· 383 359 "type": "github" 384 360 } 385 361 }, 362 + "nixpkgs_4": { 363 + "locked": { 364 + "lastModified": 1764947035, 365 + "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", 366 + "owner": "NixOS", 367 + "repo": "nixpkgs", 368 + "rev": "a672be65651c80d3f592a89b3945466584a22069", 369 + "type": "github" 370 + }, 371 + "original": { 372 + "owner": "NixOS", 373 + "ref": "nixpkgs-unstable", 374 + "repo": "nixpkgs", 375 + "type": "github" 376 + } 377 + }, 386 378 "pre-commit-hooks": { 387 379 "inputs": { 388 - "flake-compat": "flake-compat_3", 380 + "flake-compat": "flake-compat_2", 389 381 "gitignore": "gitignore", 390 - "nixpkgs": [ 391 - "nixpkgs" 392 - ] 382 + "nixpkgs": "nixpkgs_4" 393 383 }, 394 384 "locked": { 395 - "lastModified": 1769069492, 396 - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", 385 + "lastModified": 1765911976, 386 + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", 397 387 "owner": "cachix", 398 388 "repo": "git-hooks.nix", 399 - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", 389 + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", 400 390 "type": "github" 401 391 }, 402 392 "original": { ··· 410 400 "agenix": "agenix", 411 401 "determinite": "determinite", 412 402 "home-manager": "home-manager_2", 413 - "nixos-wsl": "nixos-wsl", 414 - "nixpkgs": "nixpkgs_2", 403 + "nixpkgs": "nixpkgs_3", 415 404 "nixpkgs-unstable": "nixpkgs-unstable", 416 405 "pre-commit-hooks": "pre-commit-hooks" 417 406 }
+57 -161
flake.nix
··· 5 5 # Specify the source of Home Manager and Nixpkgs. 6 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 - nixos-wsl = { 9 - url = "github:nix-community/NixOS-WSL/main"; 10 - inputs.nixpkgs.follows = "nixpkgs"; 11 - }; 12 8 determinite = { 13 9 url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 14 10 inputs.nixpkgs.follows = "nixpkgs"; ··· 17 13 url = "github:nix-community/home-manager/release-25.11"; 18 14 inputs.nixpkgs.follows = "nixpkgs"; 19 15 }; 20 - pre-commit-hooks = { 21 - url = "github:cachix/git-hooks.nix"; 22 - inputs.nixpkgs.follows = "nixpkgs"; 23 - }; 24 - agenix = { 25 - url = "github:ryantm/agenix"; 26 - inputs.nixpkgs.follows = "nixpkgs"; 27 - }; 16 + pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 17 + agenix.url = "github:ryantm/agenix"; 28 18 }; 29 19 30 20 outputs = 31 - { 32 - self, 33 - nixpkgs, 34 - nixpkgs-unstable, 35 - nixos-wsl, 36 - determinite, 37 - home-manager, 38 - pre-commit-hooks, 39 - agenix, 40 - ... 21 + { self 22 + , nixpkgs 23 + , nixpkgs-unstable 24 + , determinite 25 + , home-manager 26 + , pre-commit-hooks 27 + , agenix 28 + , ... 41 29 }@inputs: 42 30 let 43 - supportedSystems = [ 44 - "x86_64-linux" 45 - "aarch64-linux" 46 - "x86_64-darwin" 47 - "aarch64-darwin" 48 - ]; 49 - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 50 - basicSystem = 51 - { 52 - system ? "x86_64-linux", 53 - modules ? [ ], 54 - useUnstable ? false, 55 - extraGroups ? [ ], 56 - overlays ? [ ], 57 - enableNFTables ? true, 58 - }: 59 - let 60 - unstable = import nixpkgs-unstable { 61 - inherit system overlays; 62 - config.allowUnfree = true; 63 - }; 64 - in 65 - inputs.nixpkgs.lib.nixosSystem { 66 - inherit system; 67 - specialArgs = { 68 - inherit inputs extraGroups enableNFTables; 69 - } 70 - // nixpkgs.lib.optionalAttrs useUnstable { 71 - inherit unstable; 72 - }; 73 - modules = [ 74 - determinite.nixosModules.default 75 - ./common.nix 76 - ./users.nix 77 - ./services.nix 78 - agenix.nixosModules.default 79 - home-manager.nixosModules.home-manager 80 - { 81 - home-manager.useGlobalPkgs = true; 82 - home-manager.useUserPackages = true; 83 - home-manager.users.noah = ./default-home.nix; 84 - home-manager.extraSpecialArgs = { 85 - inherit inputs; 86 - } 87 - // nixpkgs.lib.optionalAttrs useUnstable { 88 - inherit unstable; 89 - }; 90 - } 91 - ] 92 - ++ modules; 93 - }; 94 - in 95 - { 96 - # incomplete 97 - nixosConfigurations.odin = basicSystem { 98 - extraGroups = [ 99 - "libvirtd" 100 - "qemu-libvirtd" 101 - "docker" 102 - ]; 103 - useUnstable = true; 104 - modules = [ 105 - ./host-specific/odin/configuration.nix 106 - ]; 31 + system = "x86_64-linux"; 32 + pkgs = import nixpkgs { 33 + inherit system; 107 34 }; 108 - nixosConfigurations.shizuri = basicSystem { 109 - useUnstable = true; 110 - modules = [ 111 - ./host-specific/shizuri/configuration.nix 112 - ]; 113 - }; 114 - nixosConfigurations.misaki = basicSystem { 115 - useUnstable = true; 116 - extraGroups = [ 117 - "render" 118 - "nats" 119 - "litterbox" 120 - "httpd" 121 - ]; 122 - modules = [ 123 - ./host-specific/misaki/configuration.nix 124 - ]; 35 + unstable = import nixpkgs-unstable { 36 + inherit system; 37 + config.allowUnfreePredicate = 38 + pkg: 39 + builtins.elem (pkgs.lib.getName pkg) [ 40 + "plexmediaserver" 41 + "teamspeak-server" 42 + ]; 125 43 overlays = [ 126 44 (final: prev: { 127 45 # Override the version of Plex installed to be the latest ··· 142 60 }) 143 61 ]; 144 62 }; 145 - nixosConfigurations.touma-wsl = basicSystem { 146 - useUnstable = true; 63 + supportedSystems = [ 64 + "x86_64-linux" 65 + "aarch64-linux" 66 + "x86_64-darwin" 67 + "aarch64-darwin" 68 + ]; 69 + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 70 + in 71 + { 72 + nixosConfigurations.misaki = inputs.nixpkgs.lib.nixosSystem { 73 + system = "x86_64-linux"; 74 + specialArgs = { inherit unstable inputs home-manager; }; 147 75 modules = [ 148 - ./host-specific/touma-wsl.nix 149 - nixos-wsl.nixosModules.default 76 + determinite.nixosModules.default 77 + ./configuration.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit unstable; 86 + }; 87 + 88 + # Optionally, use home-manager.extraSpecialArgs to pass 89 + # arguments to home.nix 90 + } 150 91 ]; 151 - enableNFTables = false; 152 92 }; 153 - nixosConfigurations.edge = basicSystem { 154 - useUnstable = true; 155 - modules = [ 156 - ./host-specific/edge/configuration.nix 157 - ]; 158 - }; 159 - homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 160 - pkgs = import nixpkgs { 161 - system = "aarch64-darwin"; 162 - config.allowUnfree = true; 163 - }; 93 + homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 94 + inherit pkgs; 95 + 164 96 # Specify your home configuration modules here, for example, 165 97 # the path to your home.nix. 166 - modules = [ 167 - ./host-specific/aleister-noah.nix 168 - agenix.homeManagerModules.default 169 - ]; 98 + modules = [ ./noah-home.nix ]; 170 99 171 100 # Optionally use extraSpecialArgs 172 101 # to pass through arguments to home.nix 173 102 extraSpecialArgs = { 174 - unstable = import nixpkgs-unstable { 175 - system = "aarch64-darwin"; 176 - config.allowUnfree = true; 177 - }; 103 + inherit unstable; 178 104 }; 179 105 }; 180 - homeConfigurations."noah" = 181 - let 182 - system = "x86_64-linux"; 183 - pkgs = import nixpkgs { 184 - inherit system; 185 - config.allowUnfree = true; 186 - }; 187 - unstable = import nixpkgs-unstable { 188 - inherit system; 189 - config.allowUnfree = true; 190 - }; 191 - in 192 - home-manager.lib.homeManagerConfiguration { 193 - inherit pkgs; 194 - # Specify your home configuration modules here, for example, 195 - # the path to your home.nix. 196 - modules = [ 197 - ./default-home.nix 198 - { 199 - nix.package = pkgs.nix; 200 - } 201 - ]; 202 - 203 - # Optionally use extraSpecialArgs 204 - # to pass through arguments to home.nix 205 - extraSpecialArgs = { 206 - inherit unstable; 207 - inputs = inputs; 208 - }; 209 - }; 210 106 checks = forAllSystems (system: { 211 - pre-commit-check = pre-commit-hooks.lib.${system}.run { 107 + pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { 212 108 src = ./.; 213 109 # If your hooks are intrusive, avoid running on each commit with a default_states like this: 214 110 # default_stages = ["manual" "push"]; 215 111 hooks = { 216 - nixfmt-rfc-style.enable = true; 112 + nixpkgs-fmt.enable = true; 217 113 nil.enable = true; 218 114 luacheck.enable = true; 219 115 }; ··· 223 119 default = nixpkgs.legacyPackages.${system}.mkShell { 224 120 inherit (self.checks.${system}.pre-commit-check) shellHook; 225 121 buildInputs = [ 226 - nixpkgs.legacyPackages.${system}.nixfmt-rfc-style 122 + pkgs.nixfmt-rfc-style 227 123 ] 228 124 ++ self.checks.${system}.pre-commit-check.enabledPackages; 229 125 }; 230 126 }); 231 - formatter = forAllSystems (system: inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); 127 + formatter.${system} = inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; 232 128 }; 233 129 }
-30
ghostty/config
··· 1 - #font-size = 13 2 - font-family = TX-02 Medium 3 - theme = flat-remix-light 4 - #theme = dark:catppuccin-frappe,light:catppuccin-latte 5 - shell-integration = fish 6 - link-url = true 7 - clipboard-read = allow 8 - 9 - #window-decoration = true 10 - 11 - font-feature = calt 12 - font-feature = ccmp 13 - font-feature = locl 14 - font-feature = ordn 15 - font-feature = mark 16 - font-feature = mkmk 17 - #font-feature = aalt 18 - #font-feature = ss01 19 - #font-feature = ss02 20 - #font-feature = ss03 21 - #font-feature = ss04 22 - #font-feature = ss05 23 - #font-feature = ss06 24 - #font-feature = ss07 25 - #font-feature = ss08 26 - 27 - custom-shader = ~/.config/ghostty/shaders/galaxy.glsl 28 - #custom-shader = ~/.config/ghostty/shaders/tft.glsl 29 - #custom-shader = ~/.config/ghostty/shaders/retro-terminal.glsl 30 - #custom-shader = ~/.config/ghostty/shaders/bettercrt.glsl
-42
ghostty/themes/flat-remix-light
··· 1 - # standard colors 2 - # black 3 - palette = 0=#404040 4 - # red 5 - palette = 1=#d41919 6 - # green 7 - palette = 2=#12715f 8 - # yellow 9 - palette = 3=#fea44c 10 - # blue 11 - palette = 4=#367bf0 12 - # purple 13 - palette = 5=#8c42ab 14 - # cyan 15 - palette = 6=#4aaee6 16 - # white 17 - palette = 7=#ffffff 18 - 19 - # intense colors 20 - # black (grey) 21 - palette = 8=#737680 22 - # red 23 - palette = 9=#811035 24 - # green 25 - palette = 10=#23bac2 26 - # yellow 27 - palette = 11=#fe7171 28 - # blue 29 - palette = 12=#54bd8e 30 - # purple 31 - palette = 13=#d41919 32 - # cyan 33 - palette = 14=#367bf0 34 - # white 35 - palette = 15=#aaaaaa 36 - 37 - background = #e4e4e7 38 - foreground = #404040 39 - cursor-color = #272a34 40 - cursor-text = #b8174c 41 - selection-background = #737680 42 - selection-foreground = #ffffff
-79
gui.nix
··· 1 - { pkgs, unstable, ... }: 2 - { 3 - # Enable the X11 windowing system. 4 - services.xserver.enable = true; 5 - 6 - # Configure keymap in X11 7 - # services.xserver.xkb.layout = "us"; 8 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 9 - 10 - # Enable CUPS to print documents. 11 - # services.printing.enable = true; 12 - 13 - # Enable sound. 14 - security.rtkit.enable = true; 15 - services.pipewire = { 16 - enable = true; 17 - alsa.enable = true; 18 - alsa.support32Bit = true; 19 - pulse.enable = true; 20 - wireplumber.enable = true; 21 - }; 22 - 23 - # Graphics and parallel compute configuration 24 - hardware.opengl.extraPackages = [ 25 - pkgs.libva 26 - ]; 27 - 28 - # Enable touchpad support (enabled default in most desktopManager). 29 - # services.xserver.libinput.enable = true; 30 - 31 - # Fonts 32 - fonts.packages = with pkgs; [ 33 - fira-code 34 - fira-code-symbols 35 - noto-fonts 36 - noto-fonts-cjk 37 - noto-fonts-emoji 38 - noto-fonts-extra 39 - (nerdfonts.override { fonts = [ "FiraCode" ]; }) 40 - ]; 41 - 42 - # Polkit is a dependency of Sway. It's responsible for handling security policies 43 - security.polkit.enable = true; 44 - 45 - # Enable the sway window manager 46 - programs.sway = { 47 - enable = true; 48 - package = unstable.sway; 49 - wrapperFeatures.gtk = true; 50 - }; 51 - # Use greetd as the displaymanager 52 - #services.xserver.displayManager.greetd.enable = true; 53 - #services.xserver.displayManager.lightdm.enable = false; 54 - services.xserver.displayManager.sddm.enable = true; 55 - services.xserver.displayManager.defaultSession = "none+i3"; 56 - services.xserver.displayManager.autoLogin = { 57 - enable = true; 58 - user = "noah"; 59 - }; 60 - 61 - # i3, for when I need XOrg 62 - services.xserver.windowManager.i3 = { 63 - enable = true; 64 - extraPackages = with pkgs; [ 65 - dmenu 66 - i3status 67 - i3lock 68 - i3blocks 69 - ]; 70 - }; 71 - 72 - xdg.portal = { 73 - enable = true; 74 - wlr.enable = true; 75 - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 76 - }; 77 - services.dbus.enable = true; 78 - services.gnome.gnome-keyring.enable = true; 79 - }
+72
hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ 9 + (modulesPath + "/installer/scan/not-detected.nix") 10 + ]; 11 + 12 + boot.kernelPackages = pkgs.linuxPackages; 13 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "dm-raid" "raid1" ]; 14 + boot.initrd.kernelModules = [ "dm-snapshot" "dm-raid" "raid1" ]; 15 + boot.kernelModules = [ "kvm-amd" "zfs" ]; 16 + boot.kernelParams = [ "i915.enable_guc=3" ]; 17 + boot.extraModulePackages = [ ]; 18 + 19 + fileSystems."/" = 20 + { 21 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 22 + fsType = "ext4"; 23 + }; 24 + 25 + fileSystems."/boot" = 26 + { 27 + device = "/dev/disk/by-uuid/81D4-01CD"; 28 + fsType = "vfat"; 29 + }; 30 + 31 + swapDevices = [ ]; 32 + 33 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 34 + # (the default) this is the recommended approach. When using systemd-networkd it's 35 + # still possible to use this option, but it's recommended to use it in conjunction 36 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 37 + networking.useDHCP = lib.mkDefault true; 38 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 39 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 40 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 41 + 42 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 43 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 44 + 45 + #nixpkgs.config.packageOverrides = pkgs: { 46 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 47 + #}; 48 + hardware.graphics = { 49 + enable = true; 50 + extraPackages = with pkgs; [ 51 + intel-media-driver 52 + #vaapiVdpau 53 + #libvdpau-va-gl # unmaintained, very old 54 + intel-compute-runtime 55 + vpl-gpu-rt 56 + ]; 57 + #extraPackages32 = with pkgs; [ 58 + # intel-media-driver 59 + # vaapiVdpau 60 + # #libvdpau-va-gl 61 + # intel-compute-runtime 62 + # vpl-gpu-rt 63 + #]; 64 + }; 65 + environment.variables = { 66 + VDPAU_DRIVER = "va_gl"; 67 + LIBVA_DRIVER_NAME = "iHD"; 68 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 69 + GST_VAAPI_ALL_DRIVERS = "1"; 70 + }; 71 + #services.xserver.videoDrivers = [ "intel" ]; 72 + }
+221
home.nix
··· 1 + { pkgs, lib, unstable, ... }: 2 + { 3 + home.packages = with pkgs; [ 4 + # main tool 5 + direnv 6 + fish 7 + tree 8 + btop 9 + htop 10 + amdgpu_top 11 + tmux 12 + mtr 13 + pavucontrol 14 + moreutils 15 + rsync 16 + unzip 17 + fd 18 + ripgrep 19 + netcat 20 + stunnel 21 + fzf 22 + iperf3 23 + entr 24 + step-cli 25 + natscli 26 + nkeys 27 + mkcert 28 + jq 29 + bat 30 + sqlite 31 + age 32 + just 33 + isync 34 + unstable.catgirl 35 + unstable.zellij 36 + unstable.yt-dlp 37 + unstable.deno 38 + unstable.ffmpeg 39 + 40 + # Dev tools 41 + git 42 + gcc 43 + go 44 + gnumake 45 + #babashka 46 + ccls 47 + #clojure 48 + #cmake 49 + ctags 50 + #kotlin 51 + #nodejs 52 + #node2nix 53 + #opam 54 + rustup 55 + #zig 56 + luarocks 57 + luajit 58 + lua-language-server 59 + #leiningen 60 + libressl 61 + #erlang 62 + #elixir 63 + #ghc 64 + nil 65 + python3 66 + uv 67 + #unstable.harec 68 + #unstable.hare 69 + #unstable.haredo 70 + #unstable.gleam 71 + #unstable.rebar3 72 + #unstable.flyctl 73 + #unstable.bun 74 + #unstable.gh 75 + #unstable.kraft 76 + #unstable.doctl 77 + 78 + clinfo 79 + 80 + # Server-specific tools 81 + gocryptfs 82 + sftpgo 83 + ]; 84 + 85 + 86 + programs.fish.enable = true; 87 + programs.neovim = { 88 + #package = unstable.neovim-unwrapped; 89 + enable = true; 90 + defaultEditor = true; 91 + extraPackages = with pkgs; [ 92 + fzf 93 + ripgrep 94 + luarocks 95 + unstable.tree-sitter 96 + ]; 97 + withNodeJs = true; 98 + withPython3 = true; 99 + }; 100 + programs.git = { 101 + enable = true; 102 + lfs.enable = true; 103 + userName = "Noah Pederson"; 104 + userEmail = "noah@packetlost.dev"; 105 + extraConfig = { 106 + sendemail = { 107 + smtpserver = "smtp.migadu.com"; 108 + smtpuser = "noah@packetlost.dev"; 109 + smtpencryption = "ssl"; 110 + smtpserverport = 465; 111 + }; 112 + init = { 113 + defaultBranch = "master"; 114 + }; 115 + pull = { 116 + rebase = true; 117 + }; 118 + credential = { 119 + helper = "cache"; 120 + }; 121 + }; 122 + ignores = [ 123 + ".direnv/" 124 + ".envrc" 125 + "flake.nix" 126 + "shell.nix" 127 + ".env/" 128 + ".clj-kondo/" 129 + ]; 130 + }; 131 + 132 + services.mbsync = { 133 + enable = true; 134 + frequency = "*:0/10"; 135 + #configFile = ./mbsyncrc; 136 + }; 137 + 138 + programs.aerc = { 139 + enable = true; 140 + #package = unstable.aerc; 141 + }; 142 + 143 + programs.ssh = { 144 + enable = true; 145 + extraConfig = builtins.readFile ./ssh/extra; 146 + }; 147 + services.ssh-agent.enable = true; 148 + 149 + programs.direnv = { 150 + enable = true; 151 + nix-direnv.enable = true; 152 + }; 153 + 154 + programs.yazi = { 155 + enable = true; 156 + package = unstable.yazi; 157 + enableFishIntegration = true; 158 + settings = { 159 + preview = { 160 + image_quality = 90; 161 + }; 162 + tasks = { 163 + image_bound = [ 0 0 ]; 164 + }; 165 + }; 166 + plugins = { 167 + rsync = unstable.yaziPlugins.rsync; 168 + piper = unstable.yaziPlugins.piper; 169 + nord = unstable.yaziPlugins.nord; 170 + mediainfo = unstable.yaziPlugins.mediainfo; 171 + glow = unstable.yaziPlugins.glow; 172 + git = unstable.yaziPlugins.git; 173 + diff = unstable.yaziPlugins.diff; 174 + duckdb = unstable.yaziPlugins.duckdb; 175 + }; 176 + }; 177 + 178 + # Independent config files. 179 + xdg.configFile.nvim = { 180 + source = ./nvim; 181 + recursive = true; 182 + }; 183 + 184 + xdg.configFile.fish = { 185 + source = ./fish; 186 + recursive = true; 187 + }; 188 + 189 + xdg.configFile.kitty = { 190 + source = ./kitty; 191 + recursive = true; 192 + }; 193 + 194 + xdg.configFile.aerc = { 195 + source = ./aerc; 196 + recursive = true; 197 + }; 198 + 199 + xdg.configFile.sway = { 200 + source = ./sway; 201 + recursive = true; 202 + }; 203 + 204 + xdg.configFile.i3status = { 205 + source = ./i3status; 206 + recursive = true; 207 + }; 208 + 209 + xdg.configFile.vis = { 210 + source = ./vis; 211 + recursive = true; 212 + }; 213 + 214 + home.file.".local/bin" = { 215 + source = ./scripts; 216 + recursive = true; 217 + }; 218 + 219 + home.stateVersion = "23.11"; 220 + 221 + }
-397
host-specific/aleister-noah.nix
··· 1 - { 2 - pkgs, 3 - unstable, 4 - lib, 5 - inputs, 6 - ... 7 - }: 8 - { 9 - # Home Manager needs a bit of information about you and the paths it should 10 - # manage. 11 - home.username = "noah"; 12 - home.homeDirectory = "/Users/noah"; 13 - imports = [ 14 - inputs.agenix.homeManagerModules.default 15 - ]; 16 - nix = { 17 - package = pkgs.nix; 18 - settings = { 19 - experimental-features = [ 20 - "nix-command" 21 - "flakes" 22 - ]; 23 - }; 24 - }; 25 - 26 - # I generally don't care about unfree stuff 27 - nixpkgs.config.allowUnfree = true; 28 - nixpkgs.config.allowUnfreePredicte = _: true; 29 - 30 - home.packages = with pkgs; [ 31 - # main tool 32 - direnv 33 - #fish 34 - tree 35 - btop 36 - # Apple Silicon top monitoring 37 - macpm 38 - htop 39 - mtr 40 - moreutils 41 - rsync 42 - bash 43 - tmux 44 - coreutils 45 - util-linux 46 - p7zip 47 - unar 48 - watch 49 - 50 - unzip 51 - fd 52 - jq 53 - ripgrep 54 - bat 55 - netcat 56 - stunnel 57 - iperf3 58 - entr 59 - ncdu 60 - # broken? 61 - #unstable.bitwarden-cli 62 - sqlite 63 - age 64 - just 65 - mdr 66 - unstable.catgirl 67 - plan9port 68 - unstable.rc 69 - unstable.glow 70 - unstable.vis 71 - # Tcl/Tk 72 - #unstable.tcl 73 - #unstable.tk 74 - #unstable.tclPackages.tclx 75 - nodejs 76 - 77 - # Dev tools 78 - git 79 - git-filter-repo 80 - unstable.ruff 81 - # Rust REPL 82 - evcxr 83 - #unstable.gcc 84 - #unstable.clang 85 - # Swift stuff 86 - #swift 87 - #swift-format 88 - # Swift LSP 89 - #sourcekit-lsp 90 - unstable.go 91 - unstable.gopls 92 - gnumake 93 - #unstable.babashka 94 - #unstable.ccls 95 - unstable.clojure 96 - unstable.cljfmt 97 - unstable.clojure-lsp 98 - unstable.janet 99 - unstable.jpm 100 - unstable.fennel-ls 101 - unstable.graalvmPackages.graalvm-ce 102 - unstable.crystal 103 - unstable.crystalline 104 - cmake 105 - ctags 106 - #kotlin 107 - #nodejs 108 - #yarn 109 - #node2nix 110 - #opam 111 - # Scala stuff 112 - #unstable.scala_3 113 - #unstable.scalafmt 114 - #unstable.metals 115 - # Scala / Java build tool 116 - #unstable.sbt 117 - # Haskell 118 - #cabal-install 119 - #ghc 120 - 121 - # Lua 122 - luarocks 123 - luajit 124 - unstable.lua-language-server 125 - luaformatter 126 - libressl 127 - # Erlang 128 - #erlang 129 - #elixir 130 - unstable.nil # nix language server 131 - unstable.nixd 132 - #typescript 133 - # This is currently broken 134 - #vscode-langservers-extracted 135 - scdoc 136 - #dockerfile-language-server-nodejs 137 - # BROKEN 138 - #yaml-language-server 139 - mkcert 140 - natscli 141 - python314 142 - unstable.uv 143 - sqlite 144 - #unstable.gleam 145 - #unstable.rebar3 146 - #unstable.flyctl 147 - unstable.bun 148 - unstable.gh 149 - unstable.kraft 150 - unstable.doctl 151 - 152 - # GUI tools 153 - zathura 154 - unstable.opencode 155 - 156 - # Python dev tools 157 - #unstable.pyright 158 - unstable.basedpyright 159 - unstable.python313Packages.python-lsp-server 160 - unstable.python313Packages.python-lsp-ruff 161 - 162 - # JavaScript tools 163 - #typescript-language-server 164 - 165 - # Certificate Management 166 - minica 167 - mkcert 168 - step-cli 169 - unstable.claude-code 170 - 171 - # Fish Plugins 172 - #fishPlugins.fzf 173 - #fishPlugins.pure 174 - 175 - # Libraries because MacOS is kinda stupid 176 - ncurses 177 - ]; 178 - 179 - #programs.fish = { 180 - # enable = true; 181 - # package = unstable.fish; 182 - #}; 183 - programs.fzf = { 184 - enable = true; 185 - enableFishIntegration = true; 186 - }; 187 - programs.pistol.enable = true; 188 - programs.home-manager.enable = true; 189 - programs.neovim = { 190 - package = unstable.neovim-unwrapped; 191 - enable = true; 192 - defaultEditor = true; 193 - withNodeJs = false; 194 - withPython3 = true; 195 - extraPackages = with pkgs; [ 196 - fzf 197 - ripgrep 198 - luarocks 199 - tree-sitter 200 - ]; 201 - }; 202 - programs.git = { 203 - enable = true; 204 - lfs.enable = true; 205 - userName = "Noah Pederson"; 206 - userEmail = "noah@packetlost.dev"; 207 - extraConfig = { 208 - sendemail = { 209 - smtpserver = "smtp.migadu.com"; 210 - smtpuser = "noah@packetlost.dev"; 211 - smtpauth = "plain"; 212 - smtpencryption = "tls"; 213 - smtpserverport = 465; 214 - }; 215 - init = { 216 - defaultBranch = "master"; 217 - }; 218 - pull = { 219 - rebase = true; 220 - }; 221 - push = { 222 - default = "simple"; 223 - autoSetupRemote = true; 224 - followTags = true; 225 - }; 226 - credential = { 227 - helper = "cache"; 228 - }; 229 - alias = { 230 - out = "log @{u}.."; 231 - }; 232 - column = { 233 - ui = "auto"; 234 - }; 235 - branch = { 236 - sort = "-committerdate"; 237 - }; 238 - tag = { 239 - sort = "version:refname"; 240 - }; 241 - diff = { 242 - algorithm = "histogram"; 243 - colorMoved = "plain"; 244 - mnemonicPrefix = true; 245 - renames = true; 246 - }; 247 - fetch = { 248 - prune = true; 249 - pruneTags = true; 250 - all = true; 251 - }; 252 - help = { 253 - autocorrect = "prompt"; 254 - }; 255 - commit = { 256 - verbose = true; 257 - }; 258 - rerere = { 259 - enabled = true; 260 - autoupdate = true; 261 - }; 262 - rebase = { 263 - autoSquash = true; 264 - autoStash = true; 265 - updateRefs = true; 266 - }; 267 - merge = { 268 - conflictStyle = "zdiff3"; 269 - }; 270 - }; 271 - ignores = [ 272 - ".direnv/" 273 - ".envrc" 274 - ".env/" 275 - ".clj-kondo/" 276 - ]; 277 - }; 278 - programs.aerc = { 279 - enable = true; 280 - }; 281 - programs.ssh = { 282 - enable = true; 283 - extraConfig = builtins.readFile ../ssh/extra; 284 - addKeysToAgent = "yes"; 285 - forwardAgent = true; 286 - }; 287 - 288 - programs.yazi = 289 - let 290 - localPkgs = pkgs; 291 - yaziPlugins = localPkgs.yaziPlugins; 292 - plugins = lib.attrsets.getAttrs [ 293 - "rsync" 294 - "piper" 295 - "nord" 296 - "mediainfo" 297 - "glow" 298 - "git" 299 - "diff" 300 - "duckdb" 301 - ] yaziPlugins; 302 - in 303 - { 304 - inherit plugins; 305 - enable = true; 306 - package = localPkgs.yazi; 307 - enableFishIntegration = true; 308 - settings = { 309 - preview = { 310 - image_quality = 90; 311 - }; 312 - tasks = { 313 - image_bound = [ 314 - 0 315 - 0 316 - ]; 317 - }; 318 - }; 319 - }; 320 - 321 - programs.direnv = { 322 - enable = true; 323 - nix-direnv.enable = true; 324 - }; 325 - 326 - programs.nix-index = { 327 - enable = true; 328 - enableFishIntegration = true; 329 - }; 330 - programs.helix = { 331 - enable = true; 332 - settings = { 333 - theme = "everforest_dark"; 334 - editor.cursor-shape = { 335 - normal = "block"; 336 - insert = "bar"; 337 - select = "underline"; 338 - }; 339 - }; 340 - languages.language = [ 341 - { 342 - name = "nix"; 343 - auto-format = true; 344 - formatter.command = "${pkgs.nixfmt}/bin/nixfmt"; 345 - } 346 - { 347 - name = "rust"; 348 - auto-format = true; 349 - formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; 350 - } 351 - ]; 352 - }; 353 - 354 - # Independent config files. 355 - xdg.configFile.nvim = { 356 - source = ../nvim; 357 - recursive = true; 358 - }; 359 - 360 - xdg.configFile.vis = { 361 - source = ../vis; 362 - recursive = true; 363 - }; 364 - 365 - xdg.configFile.fish = { 366 - source = ../fish; 367 - recursive = true; 368 - }; 369 - xdg.configFile."fish/completions/nix.fish".source = 370 - "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 371 - 372 - xdg.configFile.aerc = { 373 - source = ../aerc; 374 - recursive = true; 375 - }; 376 - 377 - xdg.configFile.ghostty = { 378 - source = ../ghostty; 379 - recursive = true; 380 - }; 381 - 382 - home.file.".local/bin" = { 383 - source = ../scripts; 384 - recursive = true; 385 - }; 386 - home.file.".luacheckrc" = { 387 - text = '' 388 - globals = { 389 - "vim", 390 - "vis", 391 - } 392 - ''; 393 - }; 394 - 395 - home.stateVersion = "24.11"; 396 - 397 - }
-207
host-specific/edge/configuration.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { 6 - config, 7 - lib, 8 - pkgs, 9 - inputs, 10 - ... 11 - }: 12 - let 13 - system = pkgs.stdenv.targetPlatform.system; 14 - agave = (builtins.getFlake "/home/noah/repos/agave"); 15 - in 16 - { 17 - imports = [ 18 - # Include the results of the hardware scan. 19 - ./hardware-configuration.nix 20 - agave.nixosModules.default 21 - ]; 22 - 23 - nix.settings.experimental-features = [ 24 - "nix-command" 25 - "flakes" 26 - ]; 27 - 28 - # Use the systemd-boot EFI boot loader. 29 - boot.loader.systemd-boot.enable = true; 30 - #boot.loader.grub.device = "nodev"; 31 - #boot.loader.grub.efiSupport = true; 32 - #boot.loader.grub.useOSProber = true; 33 - boot.loader.efi.canTouchEfiVariables = true; 34 - 35 - # Use latest kernel. 36 - boot.kernelPackages = pkgs.linuxPackages_latest; 37 - 38 - networking.hostName = "edge"; # Define your hostname. 39 - 40 - # Configure network connections interactively with nmcli or nmtui. 41 - networking.networkmanager.enable = true; 42 - 43 - # Set your time zone. 44 - # time.timeZone = "Europe/Amsterdam"; 45 - 46 - # Configure network proxy if necessary 47 - # networking.proxy.default = "http://user:password@proxy:port/"; 48 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 - 50 - # Select internationalisation properties. 51 - i18n.defaultLocale = "en_US.UTF-8"; 52 - console = { 53 - font = "Lat2-Terminus16"; 54 - keyMap = "us"; 55 - #useXkbConfig = true; # use xkb.options in tty. 56 - }; 57 - 58 - # Enable the X11 windowing system. 59 - # services.xserver.enable = true; 60 - 61 - # Configure keymap in X11 62 - # services.xserver.xkb.layout = "us"; 63 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 - 65 - # Enable CUPS to print documents. 66 - # services.printing.enable = true; 67 - 68 - # Enable sound. 69 - # services.pulseaudio.enable = true; 70 - # OR 71 - # services.pipewire = { 72 - # enable = true; 73 - # pulse.enable = true; 74 - # }; 75 - 76 - # Enable touchpad support (enabled default in most desktopManager). 77 - # services.libinput.enable = true; 78 - 79 - # Define a user account. Don't forget to set a password with ‘passwd’. 80 - # users.users.alice = { 81 - # isNormalUser = true; 82 - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 - # packages = with pkgs; [ 84 - # tree 85 - # ]; 86 - # }; 87 - 88 - # programs.firefox.enable = true; 89 - 90 - # List packages installed in system profile. 91 - # You can use https://search.nixos.org/ to find more packages (and options). 92 - environment.systemPackages = with pkgs; [ 93 - neovim 94 - wget 95 - git 96 - htop 97 - inputs.agenix.packages."${system}".agenix 98 - agave.packages.${system}.solana 99 - agave.packages.${system}.solana-keygen 100 - ]; 101 - 102 - services.tailscale.useRoutingFeatures = "both"; 103 - 104 - # Some programs need SUID wrappers, can be configured further or are 105 - # started in user sessions. 106 - # programs.mtr.enable = true; 107 - # programs.gnupg.agent = { 108 - # enable = true; 109 - # enableSSHSupport = true; 110 - # }; 111 - 112 - # List services that you want to enable: 113 - 114 - # Enable the OpenSSH daemon. 115 - services.openssh.enable = true; 116 - services.openssh.openFirewall = true; 117 - 118 - # Open ports in the firewall. 119 - # networking.firewall.allowedTCPPorts = [ ... ]; 120 - # networking.firewall.allowedUDPPorts = [ ... ]; 121 - # Or disable the firewall altogether. 122 - networking.firewall.enable = true; 123 - networking.firewall = { 124 - allowPing = true; 125 - allowedUDPPorts = [ ]; 126 - allowedUDPPortRanges = [ 127 - # Agave 128 - { 129 - from = 8000; 130 - to = 8020; 131 - } 132 - ]; 133 - allowedTCPPorts = [ 134 - 2375 135 - 3000 136 - # Agave 137 - 8001 138 - 8899 139 - 8900 140 - 10000 141 - ]; 142 - }; 143 - security.pam.loginLimits = [ 144 - { 145 - domain = "*"; 146 - type = "soft"; 147 - item = "nofile"; 148 - value = "100000"; 149 - } 150 - { 151 - domain = "*"; 152 - type = "hard"; 153 - item = "nofile"; 154 - value = "1000000"; 155 - } 156 - ]; 157 - 158 - age.secrets.validator-identity = { 159 - file = ../../secrets/validator-identity.age; 160 - owner = "sol"; 161 - group = "sol"; 162 - }; 163 - services.ambient-validator = { 164 - enable = true; 165 - package = agave.packages.${system}.ambient-validator; 166 - # this needs to be a secret 167 - identityKeypair = config.age.secrets.validator-identity.path; 168 - rpcBindAddress = "0.0.0.0"; 169 - geyserPluginConfig = { 170 - libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 - log = { 172 - level = "info"; 173 - }; 174 - tokio = { 175 - worker_threads = 4; 176 - affinity = null; 177 - }; 178 - grpc = { 179 - address = "0.0.0.0:10000"; 180 - }; 181 - }; 182 - }; 183 - # Copy the NixOS configuration file and link it from the resulting system 184 - # (/run/current-system/configuration.nix). This is useful in case you 185 - # accidentally delete configuration.nix. 186 - # system.copySystemConfiguration = true; 187 - 188 - # This option defines the first version of NixOS you have installed on this particular machine, 189 - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 - # 191 - # Most users should NEVER change this value after the initial install, for any reason, 192 - # even if you've upgraded your system to a new NixOS release. 193 - # 194 - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 - # to actually do that. 197 - # 198 - # This value being lower than the current NixOS release does NOT mean your system is 199 - # out of date, out of support, or vulnerable. 200 - # 201 - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 - # and migrated your data accordingly. 203 - # 204 - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 - system.stateVersion = "25.11"; # Did you read the comment? 206 - 207 - }
-46
host-specific/edge/hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 5 - 6 - { 7 - imports = 8 - [ (modulesPath + "/installer/scan/not-detected.nix") 9 - ]; 10 - 11 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ "kvm-amd" ]; 14 - boot.extraModulePackages = [ ]; 15 - 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 18 - fsType = "ext4"; 19 - }; 20 - 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/E7AD-32DA"; 23 - fsType = "vfat"; 24 - options = [ "fmask=0077" "dmask=0077" ]; 25 - }; 26 - 27 - swapDevices = [ ]; 28 - 29 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 31 - boot.swraid = { 32 - enable = true; 33 - #mdadmConf = '' 34 - # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 35 - # MAILADDR noah 36 - #''; 37 - }; 38 - 39 - # stuff for Agave 40 - boot.kernel.sysctl."net.core.rmem_default" = 134217728; 41 - boot.kernel.sysctl."net.core.rmem_max" = 134217728; 42 - boot.kernel.sysctl."net.core.wmem_default" = 134217728; 43 - boot.kernel.sysctl."net.core.wmem_max" = 134217728; 44 - boot.kernel.sysctl."vm.max_map_count" = 1000000; 45 - boot.kernel.sysctl."fs.nr_open" = 1000000; 46 - }
-13
host-specific/misaki/boot.nix
··· 1 - { ... }: 2 - { 3 - # Use the systemd-boot EFI boot loader. 4 - boot.loader.systemd-boot.enable = true; 5 - boot.loader.efi.canTouchEfiVariables = true; 6 - 7 - boot.supportedFilesystems = [ "zfs" ]; 8 - boot.zfs.forceImportRoot = false; 9 - boot.zfs.extraPools = [ 10 - "shokuhou" 11 - "mentalout" 12 - ]; 13 - }
-13
host-specific/misaki/configuration.nix
··· 1 - { ... }: 2 - { 3 - imports = [ 4 - ./boot.nix 5 - ./users.nix 6 - ./hardware-configuration.nix 7 - ./networking.nix 8 - ./packages.nix 9 - ./services.nix 10 - ]; 11 - nixpkgs.config.allowUnfree = true; 12 - system.stateVersion = "23.11"; # Did you read the comment? 13 - }
-1
host-specific/misaki/coredns/localhost.hosts
··· 1 - 127.0.0.1 *.localhost
-11
host-specific/misaki/coredns/ngp.computer.hosts
··· 1 - 192.168.1.3 img.ngp.computer 2 - 192.168.1.3 photos.ngp.computer 3 - 192.168.1.3 misaki.ngp.computer 4 - 192.168.1.3 files.ngp.computer 5 - 192.168.1.3 cache.ngp.computer 6 - 7 - fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 8 - fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 9 - fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 10 - fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer 11 - fe80::9ab7:85ff:fe1e:dfe8 cache.ngp.computer
-17
host-specific/misaki/coredns/packetlost.dev.hosts
··· 1 - # Services 2 - 192.168.1.3 git.packetlost.dev 3 - 192.168.1.3 plex.packetlost.dev 4 - 192.168.1.3 jellyfin.packetlost.dev 5 - 192.168.1.3 nats.packetlost.dev 6 - 7 - # LAN Hosts 8 - 192.168.1.3 misaki.packetlost.dev misaki 9 - 192.168.1.3 cache.packetlost.dev cache 10 - 192.168.1.5 komoe.packetlost.dev komoe 11 - 192.168.1.6 rainbow.packetlost.dev rainbow 12 - 192.168.1.10 ichika.packetlost.dev ichika 13 - 192.168.1.11 futaba.packetlost.dev futaba 14 - 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 - 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 - 192.168.1.30 touma.packetlost.dev touma 17 - 192.168.1.33 kamijou.packetlost.dev kamijou
-91
host-specific/misaki/hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - pkgs, 8 - modulesPath, 9 - ... 10 - }: 11 - 12 - { 13 - imports = [ 14 - (modulesPath + "/installer/scan/not-detected.nix") 15 - ]; 16 - 17 - boot.kernelPackages = pkgs.linuxPackages; 18 - boot.initrd.availableKernelModules = [ 19 - "nvme" 20 - "xhci_pci" 21 - "ahci" 22 - "usbhid" 23 - "usb_storage" 24 - "sd_mod" 25 - "dm-raid" 26 - "raid1" 27 - ]; 28 - boot.initrd.kernelModules = [ 29 - "dm-snapshot" 30 - "dm-raid" 31 - "raid1" 32 - ]; 33 - boot.kernelModules = [ 34 - "kvm-amd" 35 - "zfs" 36 - ]; 37 - boot.kernelParams = [ "i915.enable_guc=3" ]; 38 - boot.extraModulePackages = [ ]; 39 - 40 - fileSystems."/" = { 41 - device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 42 - fsType = "ext4"; 43 - }; 44 - 45 - fileSystems."/boot" = { 46 - device = "/dev/disk/by-uuid/81D4-01CD"; 47 - fsType = "vfat"; 48 - }; 49 - 50 - swapDevices = [ ]; 51 - 52 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 53 - # (the default) this is the recommended approach. When using systemd-networkd it's 54 - # still possible to use this option, but it's recommended to use it in conjunction 55 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 56 - networking.useDHCP = lib.mkDefault true; 57 - # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 58 - # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 59 - # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 60 - 61 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 62 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 63 - 64 - #nixpkgs.config.packageOverrides = pkgs: { 65 - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 66 - #}; 67 - hardware.graphics = { 68 - enable = true; 69 - extraPackages = with pkgs; [ 70 - intel-media-driver 71 - #vaapiVdpau 72 - #libvdpau-va-gl # unmaintained, very old 73 - intel-compute-runtime 74 - vpl-gpu-rt 75 - ]; 76 - #extraPackages32 = with pkgs; [ 77 - # intel-media-driver 78 - # vaapiVdpau 79 - # #libvdpau-va-gl 80 - # intel-compute-runtime 81 - # vpl-gpu-rt 82 - #]; 83 - }; 84 - environment.variables = { 85 - VDPAU_DRIVER = "va_gl"; 86 - LIBVA_DRIVER_NAME = "iHD"; 87 - LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 88 - GST_VAAPI_ALL_DRIVERS = "1"; 89 - }; 90 - #services.xserver.videoDrivers = [ "intel" ]; 91 - }
-115
host-specific/misaki/networking.nix
··· 1 - { config, ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "misaki"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.interfaces = { 19 - enp4s0f1 = { 20 - ipv4.addresses = [ 21 - { 22 - address = "192.168.1.3"; 23 - prefixLength = 24; 24 - } 25 - ]; 26 - }; 27 - }; 28 - networking.defaultGateway = { 29 - address = "192.168.1.1"; 30 - interface = "enp4s0f1"; 31 - }; 32 - 33 - networking.defaultGateway6 = { 34 - address = "fe80::2870:4eff:fe84:d884"; 35 - interface = "enp4s0f1"; 36 - }; 37 - 38 - networking.nameservers = [ 39 - "192.168.1.3" 40 - "45.90.28.93" 41 - "45.90.30.93" 42 - ]; 43 - 44 - # This is necessary for ZFS 45 - networking.hostId = "5beebabe"; 46 - 47 - networking.useNetworkd = true; 48 - # TODO: static IP @ 192.168.1.2 49 - 50 - # Configure network proxy if necessary 51 - # networking.proxy.default = "http://user:password@proxy:port/"; 52 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 53 - # Open ports in the firewall. 54 - # networking.firewall.allowedTCPPorts = [ ... ]; 55 - # networking.firewall.allowedUDPPorts = [ ... ]; 56 - # Or disable the firewall altogether. 57 - # TODO: allow some ports 58 - networking.firewall = { 59 - enable = true; 60 - allowPing = true; 61 - trustedInterfaces = [ 62 - "tailscale0" 63 - ]; 64 - allowedUDPPorts = [ 65 - # DNS 66 - 53 67 - config.services.tailscale.port 68 - ]; 69 - allowedTCPPorts = [ 70 - # DNS over TCP 71 - 53 72 - # NFSv4 73 - 2049 74 - # HTTP(s) 75 - 443 76 - 80 77 - # iperf3 78 - 5201 79 - 5301 80 - 5401 81 - # NATS 82 - 4222 83 - # Prometheus 84 - 9001 85 - # Minio 86 - 9003 87 - # Minio web 88 - 9004 89 - # AFP via Netatalk 90 - 548 91 - #9p 92 - 564 93 - # Misc development 94 - 3000 95 - ]; 96 - }; 97 - 98 - services.tailscale.useRoutingFeatures = "both"; 99 - 100 - services.avahi = { 101 - enable = true; 102 - nssmdns4 = true; 103 - nssmdns6 = true; 104 - ipv6 = true; 105 - openFirewall = true; 106 - publish = { 107 - enable = true; 108 - addresses = true; 109 - workstation = true; 110 - userServices = true; 111 - domain = true; 112 - }; 113 - }; 114 - 115 - }
-67
host-specific/misaki/packages.nix
··· 1 - { 2 - pkgs, 3 - lib, 4 - inputs, 5 - ... 6 - }: 7 - { 8 - 9 - # List packages installed in system profile. To search, run: 10 - # $ nix search wget 11 - environment.systemPackages = with pkgs; [ 12 - neovim 13 - appimage-run 14 - wget 15 - kitty 16 - w3m 17 - fishPlugins.fzf-fish 18 - fzf 19 - qemu 20 - OVMF 21 - metastore 22 - # 9p 23 - diod 24 - plan9port 25 - vis 26 - rc 27 - ncdu 28 - inputs.agenix.packages."${system}".agenix 29 - 30 - # ZFS / filesystem stuff 31 - zfs 32 - 33 - # GPU stuff 34 - intel-gpu-tools 35 - #(ffmpeg-full.override { 36 - # withUnfree = true; 37 - # withMfx = false; 38 - # withSmallBuild = false; 39 - # withTensorflow = false; 40 - #}) 41 - libva 42 - libva-utils 43 - nvtopPackages.intel 44 - ]; 45 - 46 - # Fix dynamically linked libraries for unpackaged binaries 47 - programs.nix-ld = { 48 - enable = true; 49 - libraries = with pkgs; [ 50 - # Add missing dynamic libraries for unpackaged programs HERE 51 - # NOT in environment.systemPackages 52 - zlib 53 - ]; 54 - }; 55 - 56 - programs.fuse.userAllowOther = true; 57 - 58 - # Whitelist some unfree packages 59 - #nixpkgs.config.allowUnfreePredicate = 60 - # pkg: 61 - # builtins.elem (lib.getName pkg) [ 62 - # "tailscale" 63 - # "plexmediaserver" 64 - # "teamspeak-server" 65 - # "ffmpeg-full" 66 - # ]; 67 - }
-3
host-specific/misaki/scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 - #!/usr/bin/env rc 2 - 3 - nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
-13
host-specific/misaki/scripts/nr
··· 1 - #!/usr/bin/env rc 2 - 3 - flag x + 4 - 5 - if(~ $1 -x) { 6 - flake e + 7 - shift 8 - } 9 - 10 - pkg=$1 11 - shift 12 - 13 - exec nix run --impure 'nixpkgs#'^$pkg -- $*
-8
host-specific/misaki/scripts/oclip
··· 1 - #!/usr/bin/env rc 2 - flag e + 3 - 4 - if (~ $1 -x) { 5 - flag x + 6 - } 7 - data=`{base64 <[0=0]} 8 - printf '\033]52;c;%s\007' $"data
-14
host-specific/misaki/scripts/update-src
··· 1 - #!/usr/bin/env rc 2 - 3 - background=() 4 - for(repo in `{cat downstream}) { 5 - echo Updating $repo 6 - git -C $repo fetch --all --tags --prune --force & 7 - background=($apid $background) 8 - } 9 - 10 - for (i in $background) { 11 - wait $i 12 - } 13 - 14 - echo Done!
-578
host-specific/misaki/services.nix
··· 1 - { 2 - config, 3 - pkgs, 4 - unstable, 5 - ... 6 - }: 7 - { 8 - 9 - services.zfs = { 10 - autoScrub.enable = true; 11 - }; 12 - services.nfs.server.enable = true; 13 - # Some programs need SUID wrappers, can be configured further or are 14 - # started in user sessions. 15 - # programs.mtr.enable = true; 16 - programs.gnupg.agent = { 17 - enable = true; 18 - enableSSHSupport = false; 19 - }; 20 - 21 - # Fish shell, the best 22 - programs.fish.enable = true; 23 - 24 - # MOSH, SSH over flakey connections 25 - programs.mosh.enable = true; 26 - 27 - # List services that you want to enable: 28 - 29 - # Enable the OpenSSH daemon. 30 - services.openssh = { 31 - enable = true; 32 - openFirewall = true; 33 - settings.PasswordAuthentication = false; 34 - }; 35 - 36 - # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 37 - services.hardware.bolt.enable = true; 38 - 39 - services.ergochat.enable = true; 40 - 41 - # Containers and VMs 42 - virtualisation = { 43 - podman = { 44 - enable = true; 45 - dockerCompat = true; 46 - defaultNetwork.settings.dns_enabled = true; 47 - }; 48 - }; 49 - 50 - # Samba, for shares 51 - # TODO 52 - services.samba = { 53 - enable = true; 54 - openFirewall = true; 55 - nmbd.enable = true; 56 - winbindd.enable = true; 57 - settings = { 58 - global = { 59 - workgroup = "WORKGROUP"; 60 - "server string" = "misaki"; 61 - security = "user"; 62 - "use sendfile" = "yes"; 63 - "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 64 - "hosts deny" = "0.0.0.0/0"; 65 - "guest account" = "nobody"; 66 - "map to guest" = "bad user"; 67 - deadtime = 30; 68 - }; 69 - shokuhou = { 70 - path = "/srv/shokuhou"; 71 - browseable = "yes"; 72 - "read only" = "no"; 73 - "guest ok" = "no"; 74 - "create mask" = "0644"; 75 - "directory mask" = "0755"; 76 - "force user" = "noah"; 77 - "force group" = "nas"; 78 - }; 79 - mentalout = { 80 - path = "/srv/mentalout"; 81 - browseable = "yes"; 82 - "read only" = "no"; 83 - "guest ok" = "no"; 84 - "create mask" = "0644"; 85 - "directory mask" = "0755"; 86 - "force user" = "noah"; 87 - "force group" = "nas"; 88 - }; 89 - }; 90 - }; 91 - services.samba-wsdd = { 92 - enable = true; 93 - openFirewall = true; 94 - }; 95 - 96 - services.coredns = { 97 - enable = true; 98 - config = '' 99 - packetlost.dev { 100 - hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 101 - fallthrough 102 - } 103 - bind enp4s0f1 104 - } 105 - ngp.computer { 106 - hosts ${./coredns/ngp.computer.hosts} ngp.computer { 107 - fallthrough 108 - } 109 - bind enp4s0f1 110 - } 111 - localhost { 112 - hosts ${./coredns/localhost.hosts} localhost { 113 - fallthrough 114 - } 115 - bind enp4s0f1 116 - } 117 - . { 118 - # NextDNS 119 - forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 120 - tls_servername dd2feb.dns.nextdns.io 121 - health_check 5s 122 - } 123 - bind enp4s0f1 124 - cache 125 - errors 126 - log 127 - } 128 - ''; 129 - }; 130 - 131 - services.nats = { 132 - enable = true; 133 - jetstream = true; 134 - user = "nats"; 135 - group = "nats"; 136 - serverName = "misaki"; 137 - dataDir = "/srv/shokuhou/applications/nats"; 138 - validateConfig = false; 139 - settings = { 140 - authorization = { 141 - users = [ 142 - { 143 - user = "seedbox@packetlost.dev"; 144 - permissions = { 145 - publish = [ 146 - "torrents" 147 - "torrents.>" 148 - "$JS.API.INFO" 149 - #"$JS.API.STREAM.INFO.>" 150 - "$KV.torrents.>" 151 - #"$JS.API.STREAM.*.*.OBJ_torrents" 152 - "$JS.API.*.*.OBJ_torrents" 153 - "$JS.API.STREAM.MSG.GET.OBJ_torrents" 154 - "$JS.API.*.*.OBJ_torrents.>" 155 - "$O.torrents.>" 156 - ]; 157 - subscribe = [ 158 - "torrents.>" 159 - "_INBOX.>" 160 - ]; 161 - allow_responses = false; 162 - }; 163 - } 164 - { user = "odin@packetlost.dev"; } 165 - { user = "misaki@packetlost.dev"; } 166 - { user = "noah@packetlost.dev"; } 167 - { user = "touma-nixos@packetlost.dev"; } 168 - ]; 169 - }; 170 - tls = { 171 - cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 172 - key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 173 - ca_file = "/srv/nats/minica.pem"; 174 - verify_and_map = true; 175 - }; 176 - jetstream = { 177 - # 50GB 178 - max_file_store = 53687091200; 179 - max_mem = 8589934592; 180 - }; 181 - }; 182 - }; 183 - 184 - # Minio's object storage has been mostly replaced with NATS. If I specifically need a 185 - # S3-like API, this will be revived. 186 - services.minio = { 187 - enable = false; 188 - listenAddress = ":9003"; 189 - consoleAddress = ":9004"; 190 - dataDir = [ 191 - /srv/shokuhou/applications/minio 192 - ]; 193 - }; 194 - 195 - services.netatalk = { 196 - enable = true; 197 - settings = { 198 - time-machine = { 199 - path = "/srv/shokuhou/backup/timemachine"; 200 - "valid users" = "noah"; 201 - "time machine" = true; 202 - }; 203 - }; 204 - }; 205 - 206 - services.webdav.enable = false; 207 - services.sftpgo = { 208 - enable = false; 209 - dataDir = /srv/shokuhou/documents/sftpgo; 210 - group = "nas"; 211 - }; 212 - services.syncthing = { 213 - enable = false; 214 - openDefaultPorts = true; 215 - # disable the sync folder creation 216 - extraFlags = [ "--no-default-folder" ]; 217 - settings = { 218 - folders = { 219 - "Sync" = { 220 - path = "/srv/shokuhou/documents/sync"; 221 - }; 222 - }; 223 - }; 224 - }; 225 - 226 - services.grafana = { 227 - enable = false; 228 - settings.server.http_port = 2342; 229 - settings.server.domain = "grafana.packetlost.dev"; 230 - settings.server.http_addr = "127.0.0.1"; 231 - }; 232 - 233 - services.prometheus = { 234 - enable = false; 235 - port = 9001; 236 - exporters = { 237 - node = { 238 - enable = true; 239 - enabledCollectors = [ "systemd" ]; 240 - port = 9002; 241 - }; 242 - }; 243 - 244 - scrapeConfigs = [ 245 - { 246 - job_name = "chrysalis"; 247 - static_configs = [ 248 - { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 249 - ]; 250 - } 251 - ]; 252 - }; 253 - 254 - # TODO: figure out how to appropriately configure this 255 - services.step-ca = { 256 - enable = false; 257 - openFirewall = true; 258 - port = 8443; 259 - address = "0.0.0.0"; 260 - intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 261 - settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 262 - }; 263 - 264 - age.secrets.acme = { 265 - file = ../../secrets/porkbun-api-key.age; 266 - owner = "root"; 267 - group = "acme"; 268 - }; 269 - 270 - security.acme = { 271 - acceptTerms = true; 272 - defaults.email = "noah@packetlost.dev"; 273 - certs."plex.packetlost.dev" = { 274 - group = "httpd"; 275 - dnsProvider = "porkbun"; 276 - environmentFile = config.age.secrets.acme.path; 277 - }; 278 - certs."img.ngp.computer" = { 279 - group = "httpd"; 280 - dnsProvider = "porkbun"; 281 - environmentFile = config.age.secrets.acme.path; 282 - }; 283 - certs."files.ngp.computer" = { 284 - group = "httpd"; 285 - dnsProvider = "porkbun"; 286 - environmentFile = config.age.secrets.acme.path; 287 - }; 288 - certs."cache.ngp.computer" = { 289 - group = "httpd"; 290 - dnsProvider = "porkbun"; 291 - environmentFile = config.age.secrets.acme.path; 292 - }; 293 - certs."photos.ngp.computer" = { 294 - group = "httpd"; 295 - dnsProvider = "porkbun"; 296 - environmentFile = config.age.secrets.acme.path; 297 - }; 298 - certs."jellyfin.packetlost.dev" = { 299 - group = "httpd"; 300 - dnsProvider = "porkbun"; 301 - environmentFile = config.age.secrets.acme.path; 302 - }; 303 - }; 304 - 305 - # A test email server that only works on LAN 306 - services.maddy = { 307 - enable = true; 308 - openFirewall = true; 309 - primaryDomain = "misaki.local"; 310 - ensureAccounts = [ 311 - "noah@misaki.local" 312 - "postmaster@misaki.local" 313 - "test@misaki.local" 314 - ]; 315 - ensureCredentials = { 316 - "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 - "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 318 - "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 319 - }; 320 - }; 321 - 322 - age.secrets.nix-serve = { 323 - file = ../../secrets/nix-serve-secret-key.age; 324 - owner = "root"; 325 - group = "root"; 326 - }; 327 - services.nix-serve = { 328 - enable = true; 329 - package = unstable.nix-serve-ng; 330 - secretKeyFile = config.age.secrets.nix-serve.path; 331 - openFirewall = true; 332 - }; 333 - 334 - services.plex = { 335 - enable = true; 336 - openFirewall = false; # we proxy this with nginx 337 - group = "nas"; 338 - user = "noah"; 339 - package = unstable.plex; 340 - }; 341 - 342 - services.jellyfin = { 343 - enable = true; 344 - openFirewall = true; 345 - user = "noah"; 346 - group = "nas"; 347 - logDir = "/srv/shokuhou/applications/jellyfin/log"; 348 - cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 349 - dataDir = "/srv/shokuhou/applications/jellyfin/data"; 350 - configDir = "/srv/shokuhou/applications/jellyfin/config"; 351 - }; 352 - 353 - services.gitea = { 354 - enable = false; 355 - user = "git"; 356 - domain = "git.packetlost.dev"; 357 - }; 358 - 359 - # Litterbox, collect my IRC logs 360 - systemd = { 361 - services = { 362 - "litterbox@" = { 363 - path = [ pkgs.litterbox ]; 364 - serviceConfig = { 365 - StartLimitIntervalSec = 5; 366 - StartLimitBurst = 10; 367 - Restart = "on-failure"; 368 - RestartSec = "10s"; 369 - Type = "simple"; 370 - ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 371 - ExecReload = "kill -USR1 $MAINPID"; 372 - User = "noah"; 373 - Group = "litterbox"; 374 - }; 375 - }; 376 - 377 - #"litterbox@libera.irc.packetlost.dev" = { 378 - # overrideStrategy = "asDropin"; 379 - # wantedBy = [ "multi-user.target" ]; 380 - #}; 381 - "update-downstream-src" = { 382 - path = with pkgs; [ 383 - rc 384 - coreutils 385 - git 386 - openssh 387 - ]; 388 - script = "exec ${./scripts/update-src}"; 389 - serviceConfig = { 390 - Type = "oneshot"; 391 - User = "noah"; 392 - WorkingDirectory = "/srv/src"; 393 - }; 394 - }; 395 - }; 396 - timers = { 397 - "update-downstream-src" = { 398 - wantedBy = [ "timers.target" ]; 399 - timerConfig = { 400 - OnCalendar = "daily"; 401 - Persistent = true; 402 - }; 403 - }; 404 - }; 405 - }; 406 - 407 - services.teamspeak3 = { 408 - enable = true; 409 - openFirewall = true; 410 - }; 411 - 412 - services.immich = { 413 - enable = true; 414 - package = unstable.immich; 415 - accelerationDevices = [ "/dev/dri/renderD128" ]; 416 - mediaLocation = "/srv/shokuhou/pictures/immich"; 417 - }; 418 - users.users.immich.extraGroups = [ 419 - "video" 420 - "render" 421 - "nas" 422 - ]; 423 - 424 - # Nginx Reverse SSL Proxy 425 - services.nginx = { 426 - enable = true; 427 - group = "nas"; 428 - user = "noah"; 429 - recommendedGzipSettings = true; 430 - recommendedOptimisation = true; 431 - #recommendedProxySettings = true; 432 - recommendedTlsSettings = true; 433 - 434 - virtualHosts."photos.ngp.computer" = { 435 - enableACME = true; 436 - acmeRoot = null; 437 - forceSSL = true; 438 - locations."/" = { 439 - proxyPass = "http://[::1]:${toString config.services.immich.port}"; 440 - proxyWebsockets = true; 441 - recommendedProxySettings = true; 442 - extraConfig = '' 443 - client_max_body_size 50000M; 444 - proxy_read_timeout 600s; 445 - proxy_send_timeout 600s; 446 - send_timeout 600s; 447 - ''; 448 - }; 449 - }; 450 - virtualHosts."img.ngp.computer" = { 451 - forceSSL = true; 452 - enableACME = true; 453 - acmeRoot = null; 454 - root = "/srv/shokuhou/pictures/public"; 455 - extraConfig = '' 456 - sendfile on; 457 - autoindex_exact_size on; 458 - tcp_nopush on; 459 - ''; 460 - locations."/" = { 461 - extraConfig = '' 462 - autoindex on; 463 - autoindex_exact_size on; 464 - alias /srv/shokuhou/pictures/public/$1; 465 - ''; 466 - }; 467 - }; 468 - virtualHosts."files.ngp.computer" = { 469 - forceSSL = true; 470 - enableACME = true; 471 - acmeRoot = null; 472 - root = null; 473 - extraConfig = '' 474 - sendfile on; 475 - tcp_nopush on; 476 - ''; 477 - locations."/books/" = { 478 - extraConfig = '' 479 - autoindex on; 480 - autoindex_exact_size on; 481 - alias /srv/shokuhou/books/sync/$1; 482 - ''; 483 - }; 484 - }; 485 - virtualHosts."jellyfin.packetlost.dev" = { 486 - forceSSL = true; 487 - enableACME = true; 488 - acmeRoot = null; 489 - http2 = true; 490 - locations."/" = { 491 - proxyPass = "http://localhost:8096/"; 492 - }; 493 - }; 494 - virtualHosts."cache.ngp.computer" = { 495 - forceSSL = true; 496 - enableACME = true; 497 - acmeRoot = null; 498 - http2 = true; 499 - locations."/".proxyPass = 500 - "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 501 - }; 502 - 503 - # give a name to the virtual host. It also becomes the server name. 504 - virtualHosts."plex.packetlost.dev" = { 505 - # Since we want a secure connection, we force SSL 506 - forceSSL = true; 507 - enableACME = true; 508 - acmeRoot = null; 509 - 510 - # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 511 - http2 = true; 512 - 513 - # Provide the ssl cert and key for the vhost 514 - # These are filled in automatically with ACME 515 - extraConfig = '' 516 - 517 - #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 518 - send_timeout 100m; 519 - 520 - # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 521 - ssl_stapling on; 522 - ssl_stapling_verify on; 523 - 524 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 525 - ssl_prefer_server_ciphers on; 526 - #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 527 - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 528 - 529 - # Forward real ip and host to Plex 530 - proxy_set_header X-Real-IP $remote_addr; 531 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 532 - proxy_set_header X-Forwarded-Proto $scheme; 533 - proxy_set_header Host $server_addr; 534 - proxy_set_header Referer $server_addr; 535 - proxy_set_header Origin $server_addr; 536 - 537 - # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 538 - gzip on; 539 - gzip_vary on; 540 - gzip_min_length 1000; 541 - gzip_proxied any; 542 - gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 543 - gzip_disable "MSIE [1-6]\."; 544 - 545 - # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 546 - # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 547 - client_max_body_size 100M; 548 - 549 - # Plex headers 550 - proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 551 - proxy_set_header X-Plex-Device $http_x_plex_device; 552 - proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 553 - proxy_set_header X-Plex-Platform $http_x_plex_platform; 554 - proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 555 - proxy_set_header X-Plex-Product $http_x_plex_product; 556 - proxy_set_header X-Plex-Token $http_x_plex_token; 557 - proxy_set_header X-Plex-Version $http_x_plex_version; 558 - proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 559 - proxy_set_header X-Plex-Provides $http_x_plex_provides; 560 - proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 561 - proxy_set_header X-Plex-Model $http_x_plex_model; 562 - 563 - # Websockets 564 - proxy_http_version 1.1; 565 - proxy_set_header Upgrade $http_upgrade; 566 - proxy_set_header Connection "upgrade"; 567 - 568 - # Buffering off send to the client as soon as the data is received from Plex. 569 - proxy_redirect off; 570 - proxy_buffering off; 571 - ''; 572 - 573 - locations."/" = { 574 - proxyPass = "http://localhost:32400/"; 575 - }; 576 - }; 577 - }; 578 - }
-6
host-specific/misaki/users.nix
··· 1 - { ... }: 2 - { 3 - users.groups.nas.gid = 1001; 4 - users.groups.httpd.gid = 1002; 5 - users.groups.litterbox.gid = 1003; 6 - }
-6
host-specific/odin/boot.nix
··· 1 - { ... }: 2 - { 3 - # Use the systemd-boot EFI boot loader. 4 - boot.loader.systemd-boot.enable = true; 5 - boot.loader.efi.canTouchEfiVariables = true; 6 - }
-62
host-specific/odin/configuration.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - ## your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { ... }: 6 - { 7 - imports = [ 8 - # Include the results of the hardware scan. 9 - ./hardware-configuration.nix 10 - ./boot.nix 11 - ./networking.nix 12 - #./gui.nix 13 - ./packages.nix 14 - ./services.nix 15 - ]; 16 - 17 - nixpkgs.config.allowUnfree = true; 18 - 19 - # Set your time zone. 20 - time.timeZone = "America/Chicago"; 21 - 22 - # Select internationalisation properties. 23 - i18n.defaultLocale = "en_US.UTF-8"; 24 - # console = { 25 - # font = "Lat2-Terminus16"; 26 - # keyMap = "us"; 27 - # useXkbConfig = true; # use xkb.options in tty. 28 - # }; 29 - 30 - # Automatic doc cache generation 31 - documentation.man.generateCaches = true; 32 - 33 - # Automatic system upgrades 34 - system.autoUpgrade = { 35 - enable = true; 36 - dates = "09:00"; 37 - randomizedDelaySec = "45min"; 38 - }; 39 - 40 - # Automatic Garbage Collection 41 - nix.gc.automatic = true; 42 - nix.gc.options = "--delete-older-than 8d"; 43 - 44 - # This option defines the first version of NixOS you have installed on this particular machine, 45 - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 46 - # 47 - # Most users should NEVER change this value after the initial install, for any reason, 48 - # even if you've upgraded your system to a new NixOS release. 49 - # 50 - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 51 - # so changing it will NOT upgrade your system. 52 - # 53 - # This value being lower than the current NixOS release does NOT mean your system is 54 - # out of date, out of support, or vulnerable. 55 - # 56 - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 57 - # and migrated your data accordingly. 58 - # 59 - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 60 - system.stateVersion = "23.11"; # Did you read the comment? 61 - 62 - }
-9
host-specific/odin/default.nix
··· 1 - { ... }: 2 - { 3 - imports = [ 4 - ./hardware-configuration.nix 5 - ./networking.nix 6 - ./packages.nix 7 - ./services.nix 8 - ]; 9 - }
-98
host-specific/odin/gui.nix
··· 1 - { pkgs, ... }: 2 - { 3 - # Enable the X11 windowing system. 4 - services.xserver = { 5 - enable = true; 6 - videoDrivers = [ "amdgpu" ]; 7 - }; 8 - 9 - # Fix for HIP libraries 10 - systemd.tmpfiles.rules = [ 11 - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 - ]; 13 - 14 - # Configure keymap in X11 15 - # services.xserver.xkb.layout = "us"; 16 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 17 - 18 - # Enable CUPS to print documents. 19 - # services.printing.enable = true; 20 - 21 - # Enable sound. 22 - security.rtkit.enable = true; 23 - services.pipewire = { 24 - enable = true; 25 - alsa.enable = true; 26 - alsa.support32Bit = true; 27 - pulse.enable = true; 28 - wireplumber.enable = true; 29 - }; 30 - 31 - # Graphics and parallel compute configuration 32 - hardware.graphics = { 33 - enable = true; 34 - extraPackages = with pkgs; [ 35 - libva 36 - mesa 37 - rocmPackages.clr.icd 38 - ]; 39 - }; 40 - 41 - # Enable touchpad support (enabled default in most desktopManager). 42 - # services.xserver.libinput.enable = true; 43 - 44 - # Fonts 45 - fonts.packages = with pkgs; [ 46 - fira-code 47 - fira-code-symbols 48 - noto-fonts 49 - noto-fonts-cjk-sans 50 - noto-fonts-color-emoji 51 - nerd-fonts.fira-code 52 - ]; 53 - 54 - # Polkit is a dependency of Sway. It's responsible for handling security policies 55 - security.polkit.enable = true; 56 - 57 - # Enable the sway window manager 58 - programs.sway = { 59 - enable = true; 60 - #package = unstable.sway; 61 - wrapperFeatures.gtk = true; 62 - }; 63 - # Use greetd as the displaymanager 64 - #services.xserver.displayManager.greetd.enable = true; 65 - #services.xserver.displayManager.lightdm.enable = false; 66 - services.displayManager.sddm.enable = true; 67 - services.displayManager.defaultSession = "sway"; 68 - services.displayManager.autoLogin = { 69 - enable = true; 70 - user = "noah"; 71 - }; 72 - 73 - # i3, for when I need XOrg 74 - services.xserver.windowManager.i3 = { 75 - enable = true; 76 - extraPackages = with pkgs; [ 77 - dmenu 78 - i3status 79 - i3lock 80 - i3blocks 81 - ]; 82 - }; 83 - 84 - xdg.portal = { 85 - enable = true; 86 - wlr.enable = true; 87 - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 - }; 89 - xdg.mime = { 90 - enable = true; 91 - defaultApplications = { 92 - "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 - "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 - }; 95 - }; 96 - services.dbus.enable = true; 97 - services.gnome.gnome-keyring.enable = true; 98 - }
-93
host-specific/odin/hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - modulesPath, 8 - pkgs, 9 - ... 10 - }: 11 - 12 - { 13 - imports = [ 14 - (modulesPath + "/installer/scan/not-detected.nix") 15 - ]; 16 - 17 - boot.kernelPackages = pkgs.linuxPackages_latest; 18 - boot.initrd.availableKernelModules = [ 19 - "nvme" 20 - "xhci_pci" 21 - "thunderbolt" 22 - "usb_storage" 23 - "usbhid" 24 - "sd_mod" 25 - "sdhci_pci" 26 - ]; 27 - boot.initrd.kernelModules = [ 28 - "kvm-amd" 29 - "amdgpu" 30 - "nvme" 31 - "xhci_pci" 32 - "thunderbolt" 33 - "usb_storage" 34 - "usbhid" 35 - "sd_mod" 36 - "sdhci_pci" 37 - ]; 38 - boot.kernelModules = [ 39 - "kvm-amd" 40 - "amdgpu" 41 - "nvme" 42 - "xhci_pci" 43 - "thunderbolt" 44 - "usb_storage" 45 - "usbhid" 46 - "sd_mod" 47 - "sdhci_pci" 48 - ]; 49 - virtualisation.libvirtd = { 50 - enable = true; 51 - qemu = { 52 - runAsRoot = false; 53 - }; 54 - }; 55 - #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 - boot.kernelParams = [ ]; 57 - 58 - hardware.enableRedistributableFirmware = true; 59 - 60 - fileSystems."/" = { 61 - device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 - fsType = "ext4"; 63 - }; 64 - 65 - fileSystems."/boot" = { 66 - device = "/dev/disk/by-uuid/4B85-C90A"; 67 - fsType = "vfat"; 68 - }; 69 - 70 - swapDevices = [ 71 - { 72 - device = "/swapfile"; 73 - size = 32 * 1024; 74 - } 75 - ]; 76 - 77 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 - # (the default) this is the recommended approach. When using systemd-networkd it's 79 - # still possible to use this option, but it's recommended to use it in conjunction 80 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 - networking.useDHCP = lib.mkDefault true; 82 - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 - 85 - nixpkgs.hostPlatform = { 86 - #gcc.arch = "znver2"; 87 - #gcc.tune = "znver2"; 88 - system = "x86_64-linux"; 89 - #gcc.arch = "x86-64-v3"; 90 - }; 91 - #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 - }
-78
host-specific/odin/networking.nix
··· 1 - { ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "odin"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.useNetworkd = true; 19 - # TODO: static IP @ 192.168.1.6 20 - 21 - # Configure network proxy if necessary 22 - # networking.proxy.default = "http://user:password@proxy:port/"; 23 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 - # Open ports in the firewall. 25 - # networking.firewall.allowedTCPPorts = [ ... ]; 26 - # networking.firewall.allowedUDPPorts = [ ... ]; 27 - # Or disable the firewall altogether. 28 - networking.firewall = { 29 - enable = true; 30 - allowPing = true; 31 - allowedUDPPorts = [ ]; 32 - allowedUDPPortRanges = [ ]; 33 - allowedTCPPorts = [ 34 - 2375 35 - 3000 36 - ]; 37 - }; 38 - 39 - services.avahi = { 40 - enable = true; 41 - nssmdns4 = true; 42 - nssmdns6 = true; 43 - ipv6 = true; 44 - openFirewall = true; 45 - publish = { 46 - enable = true; 47 - addresses = true; 48 - workstation = true; 49 - userServices = true; 50 - domain = true; 51 - }; 52 - }; 53 - 54 - # NFS mounts 55 - 56 - fileSystems = { 57 - "/srv/shokuhou" = { 58 - device = "192.168.1.3:/srv/shokuhou"; 59 - fsType = "nfs"; 60 - options = [ 61 - "nfsvers=4" 62 - "user" 63 - "x-system.automount" 64 - "x-system.idle-timeout=600" 65 - ]; 66 - }; 67 - "/srv/mentalout" = { 68 - device = "192.168.1.3:/srv/mentalout"; 69 - fsType = "nfs"; 70 - options = [ 71 - "nfsvers=4" 72 - "user" 73 - "x-system.automount" 74 - "x-system.idle-timeout=600" 75 - ]; 76 - }; 77 - }; 78 - }
-129
host-specific/odin/packages.nix
··· 1 - { pkgs, lib, ... }: 2 - let # bash script to let dbus know about important env variables and 3 - # propagate them to relevent services run at the end of sway config 4 - # see 5 - # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 - # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 - # some user services to make sure they have the correct environment variables 8 - dbus-sway-environment = pkgs.writeTextFile { 9 - name = "dbus-sway-environment"; 10 - destination = "/bin/dbus-sway-environment"; 11 - executable = true; 12 - 13 - text = '' 14 - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 - systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 - systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 - ''; 18 - }; 19 - 20 - # currently, there is some friction between sway and gtk: 21 - # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 - # the suggested way to set gtk settings is with gsettings 23 - # for gsettings to work, we need to tell it where the schemas are 24 - # using the XDG_DATA_DIR environment variable 25 - # run at the end of sway config 26 - configure-gtk = pkgs.writeTextFile { 27 - name = "configure-gtk"; 28 - destination = "/bin/configure-gtk"; 29 - executable = true; 30 - text = 31 - let 32 - # TODO: figure out why these bindings exist or where they're used 33 - schema = pkgs.gsettings-desktop-schemas; 34 - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 - in 36 - '' 37 - 6 gnome_schema=org.gnome.desktop.interface 38 - gsettings set $gnome_schema gtk-theme 'Dracula' 39 - ''; 40 - }; 41 - in 42 - { 43 - 44 - # List packages installed in system profile. To search, run: 45 - # $ nix search wget 46 - environment.systemPackages = with pkgs; [ 47 - neovim 48 - appimage-run 49 - tzdata 50 - wget 51 - kitty 52 - file 53 - w3m 54 - fishPlugins.fzf-fish 55 - fzf 56 - qemu 57 - qemu-user 58 - qemu-utils 59 - qemu_full 60 - OVMF 61 - #9p stuff 62 - diod 63 - plan9port 64 - vis 65 - rc 66 - ncdu 67 - 68 - smartmontools 69 - 70 - # Sway stuff 71 - wdisplays 72 - mako 73 - bemenu 74 - wl-clipboard 75 - slurp 76 - grim 77 - swayidle 78 - swaylock 79 - adwaita-icon-theme 80 - dracula-theme 81 - glib 82 - xdg-utils 83 - wayland 84 - configure-gtk 85 - dbus-sway-environment 86 - dbus 87 - pkg-config 88 - zlib 89 - # why wouldn't I want documentation on my system 90 - man-pages 91 - man-pages-posix 92 - perf 93 - ]; 94 - documentation.dev.enable = true; 95 - 96 - # Fix dynamically linked libraries for unpackaged binaries 97 - programs.nix-ld = { 98 - enable = true; 99 - libraries = with pkgs; [ 100 - # Add missing dynamic libraries for unpackaged programs HERE 101 - # NOT in environment.systemPackages 102 - zlib 103 - openssl 104 - sqlite 105 - libunwind 106 - libglvnd 107 - libclang 108 - systemdLibs 109 - ]; 110 - }; 111 - programs.nix-index = { 112 - enable = true; 113 - enableFishIntegration = true; 114 - enableBashIntegration = false; 115 - enableZshIntegration = false; 116 - }; 117 - 118 - # Run other bins in QEMU 119 - boot.binfmt.emulatedSystems = [ 120 - "aarch64-linux" 121 - "riscv64-linux" 122 - ]; 123 - # UEFI firmware support for QEMU 124 - systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 - 126 - # Logseq uses an ancient version of Electron, so we enable that 127 - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 - nixpkgs.config.allowUnfree = true; 129 - }
-33
host-specific/odin/services.nix
··· 1 - { ... }: 2 - { 3 - # Some programs need SUID wrappers, can be configured further or are 4 - # started in user sessions. 5 - # programs.mtr.enable = true; 6 - programs.gnupg.agent = { 7 - enable = true; 8 - enableSSHSupport = false; 9 - }; 10 - 11 - # Fish shell, the best 12 - programs.fish.enable = true; 13 - 14 - services.tailscale.useRoutingFeatures = "client"; 15 - 16 - services.redis.servers."" = { 17 - enable = true; 18 - }; 19 - 20 - # Containers and VMs 21 - virtualisation = { 22 - podman = { 23 - enable = false; 24 - dockerCompat = true; 25 - defaultNetwork.settings.dns_enabled = true; 26 - dockerSocket.enable = true; 27 - }; 28 - docker = { 29 - enable = true; 30 - storageDriver = "overlay2"; 31 - }; 32 - }; 33 - }
-6
host-specific/shizuri/boot.nix
··· 1 - { ... }: 2 - { 3 - # Use the systemd-boot EFI boot loader. 4 - boot.loader.systemd-boot.enable = true; 5 - boot.loader.efi.canTouchEfiVariables = true; 6 - }
-13
host-specific/shizuri/configuration.nix
··· 1 - { ... }: 2 - { 3 - imports = [ 4 - # Include the results of the hardware scan. 5 - ./hardware-configuration.nix 6 - ./boot.nix 7 - ./networking.nix 8 - ./gui.nix 9 - ./packages.nix 10 - ./services.nix 11 - ]; 12 - system.stateVersion = "23.11"; # Did you read the comment? 13 - }
-27
host-specific/shizuri/gs.sh
··· 1 - #!/usr/bin/env bash 2 - set -xeuo pipefail 3 - 4 - gamescopeArgs=( 5 - --adaptive-sync # VRR support 6 - --hdr-enabled 7 - --mangoapp # performance overlay 8 - --rt 9 - --steam 10 - ) 11 - steamArgs=( 12 - -pipewire-dmabuf 13 - -tenfoot 14 - ) 15 - mangoConfig=( 16 - cpu_temp 17 - gpu_temp 18 - ram 19 - vram 20 - ) 21 - mangoVars=( 22 - MANGOHUD=1 23 - MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")" 24 - ) 25 - 26 - export "${mangoVars[@]}" 27 - exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
-115
host-specific/shizuri/gui.nix
··· 1 - { pkgs, ... }: 2 - { 3 - # Enable the X11 windowing system. 4 - services.xserver = { 5 - enable = true; 6 - videoDrivers = [ "amdgpu" ]; 7 - }; 8 - 9 - # Fix for HIP libraries 10 - systemd.tmpfiles.rules = [ 11 - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 - ]; 13 - 14 - # Configure keymap in X11 15 - services.xserver.xkb = { 16 - layout = "us"; 17 - variant = ""; 18 - }; 19 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 20 - 21 - # Enable CUPS to print documents. 22 - # services.printing.enable = true; 23 - 24 - # Enable sound. 25 - security.rtkit.enable = true; 26 - services.pipewire = { 27 - enable = true; 28 - alsa.enable = true; 29 - alsa.support32Bit = true; 30 - pulse.enable = true; 31 - wireplumber.enable = true; 32 - }; 33 - 34 - # Graphics and parallel compute configuration 35 - hardware.graphics = { 36 - enable = true; 37 - extraPackages = with pkgs; [ 38 - libva 39 - mesa 40 - rocmPackages.clr.icd 41 - ]; 42 - }; 43 - 44 - # Enable touchpad support (enabled default in most desktopManager). 45 - # services.xserver.libinput.enable = true; 46 - 47 - # Fonts 48 - fonts.packages = with pkgs; [ 49 - fira-code 50 - fira-code-symbols 51 - noto-fonts 52 - noto-fonts-cjk-sans 53 - noto-fonts-color-emoji 54 - nerd-fonts.fira-code 55 - ]; 56 - 57 - # Polkit is a dependency of Sway. It's responsible for handling security policies 58 - security.polkit.enable = true; 59 - 60 - # Enable the sway window manager 61 - programs.sway = { 62 - enable = false; 63 - #package = unstable.sway; 64 - wrapperFeatures.gtk = true; 65 - }; 66 - # Use greetd as the displaymanager 67 - #services.xserver.displayManager.greetd.enable = true; 68 - 69 - services.xserver.displayManager.lightdm.enable = false; 70 - 71 - #services.displayManager.sddm.enable = true; 72 - #services.displayManager.defaultSession = "sway"; 73 - #services.displayManager.autoLogin = { 74 - # enable = true; 75 - # user = "noah"; 76 - #}; 77 - services.xserver.desktopManager.xfce.enable = false; 78 - services.xserver.desktopManager.lxqt = { 79 - enable = true; 80 - }; 81 - services.xscreensaver.enable = true; 82 - security.pam.services.xscreensaver.enable = true; 83 - 84 - # i3, for when I need XOrg 85 - services.xserver.windowManager.i3 = { 86 - enable = false; 87 - extraPackages = with pkgs; [ 88 - dmenu 89 - i3status 90 - i3lock 91 - i3blocks 92 - ]; 93 - }; 94 - 95 - xdg.portal = { 96 - enable = true; 97 - wlr.enable = true; 98 - extraPortals = [ 99 - pkgs.xdg-desktop-portal 100 - pkgs.xdg-desktop-portal-wlr 101 - pkgs.xdg-desktop-portal-gtk 102 - pkgs.xdg-desktop-portal-termfilechooser 103 - pkgs.lxqt.xdg-desktop-portal-lxqt 104 - ]; 105 - }; 106 - xdg.mime = { 107 - enable = true; 108 - defaultApplications = { 109 - "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 110 - "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 111 - }; 112 - }; 113 - services.dbus.enable = true; 114 - services.gnome.gnome-keyring.enable = true; 115 - }
-84
host-specific/shizuri/hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - pkgs, 8 - modulesPath, 9 - ... 10 - }: 11 - 12 - { 13 - imports = [ 14 - (modulesPath + "/installer/scan/not-detected.nix") 15 - ]; 16 - 17 - boot.kernelPackages = pkgs.linuxPackages_latest; 18 - boot.initrd.availableKernelModules = [ 19 - "nvme" 20 - "xhci_pci" 21 - "thunderbolt" 22 - "usb_storage" 23 - "usbhid" 24 - "uas" 25 - "sd_mod" 26 - ]; 27 - boot.initrd.kernelModules = [ ]; 28 - boot.kernelModules = [ "kvm-amd" ]; 29 - boot.extraModulePackages = [ ]; 30 - 31 - # Bluetooth / wireless configuration 32 - hardware.bluetooth = { 33 - enable = true; 34 - powerOnBoot = true; 35 - settings = { 36 - General = { 37 - # Shows battery charge of connected devices on supported 38 - # Bluetooth adapters. Defaults to 'false'. 39 - Experimental = true; 40 - # When enabled other devices can connect faster to us, however 41 - # the tradeoff is increased power consumption. Defaults to 42 - # 'false'. 43 - FastConnectable = true; 44 - }; 45 - Policy = { 46 - # Enable all controllers when they are found. This includes 47 - # adapters present on start as well as adapters that are plugged 48 - # in later on. Defaults to 'true'. 49 - AutoEnable = true; 50 - }; 51 - }; 52 - }; 53 - 54 - fileSystems."/" = { 55 - device = "/dev/disk/by-uuid/9a7cbffe-6c10-4220-bb99-4dcea8181dcc"; 56 - fsType = "ext4"; 57 - }; 58 - 59 - fileSystems."/boot" = { 60 - device = "/dev/disk/by-uuid/9AC5-62C3"; 61 - fsType = "vfat"; 62 - options = [ 63 - "fmask=0077" 64 - "dmask=0077" 65 - ]; 66 - }; 67 - 68 - swapDevices = [ { device = "/dev/disk/by-uuid/a19d8fad-d8d2-4bbe-a233-e645020419ff"; } ]; 69 - fileSystems."/srv/mugino" = { 70 - device = "/dev/disk/by-uuid/d832dd9f-1fbb-4ca7-9097-0ba329b838af"; 71 - fsType = "ext4"; 72 - }; 73 - 74 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 75 - # (the default) this is the recommended approach. When using systemd-networkd it's 76 - # still possible to use this option, but it's recommended to use it in conjunction 77 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 78 - networking.useDHCP = lib.mkDefault true; 79 - # networking.interfaces.enp191s0.useDHCP = lib.mkDefault true; 80 - # networking.interfaces.wlp192s0.useDHCP = lib.mkDefault true; 81 - 82 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 83 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 84 - }
-78
host-specific/shizuri/networking.nix
··· 1 - { ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "shizuri"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.useNetworkd = true; 19 - # TODO: static IP @ 192.168.1.2 20 - 21 - # Configure network proxy if necessary 22 - # networking.proxy.default = "http://user:password@proxy:port/"; 23 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 - # Open ports in the firewall. 25 - # networking.firewall.allowedTCPPorts = [ ... ]; 26 - # networking.firewall.allowedUDPPorts = [ ... ]; 27 - # Or disable the firewall altogether. 28 - # TODO: allow some ports 29 - networking.firewall = { 30 - enable = false; 31 - allowPing = true; 32 - allowedUDPPorts = [ ]; 33 - allowedTCPPorts = [ 34 - 1234 35 - 2375 36 - ]; 37 - }; 38 - 39 - services.avahi = { 40 - enable = true; 41 - nssmdns4 = true; 42 - nssmdns6 = true; 43 - ipv6 = true; 44 - openFirewall = true; 45 - publish = { 46 - enable = true; 47 - addresses = true; 48 - workstation = true; 49 - userServices = true; 50 - domain = true; 51 - }; 52 - }; 53 - 54 - # NFS mounts 55 - 56 - fileSystems = { 57 - "/srv/shokuhou" = { 58 - device = "192.168.1.3:/srv/shokuhou"; 59 - fsType = "nfs"; 60 - options = [ 61 - "nfsvers=4" 62 - "user" 63 - "x-system.automount" 64 - "x-system.idle-timeout=600" 65 - ]; 66 - }; 67 - "/srv/mentalout" = { 68 - device = "192.168.1.3:/srv/mentalout"; 69 - fsType = "nfs"; 70 - options = [ 71 - "nfsvers=4" 72 - "user" 73 - "x-system.automount" 74 - "x-system.idle-timeout=600" 75 - ]; 76 - }; 77 - }; 78 - }
-173
host-specific/shizuri/packages.nix
··· 1 - { pkgs, lib, ... }: 2 - let # bash script to let dbus know about important env variables and 3 - # propagate them to relevent services run at the end of sway config 4 - # see 5 - # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 - # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 - # some user services to make sure they have the correct environment variables 8 - dbus-sway-environment = pkgs.writeTextFile { 9 - name = "dbus-sway-environment"; 10 - destination = "/bin/dbus-sway-environment"; 11 - executable = true; 12 - 13 - text = '' 14 - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 - systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 - systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 - ''; 18 - }; 19 - 20 - # currently, there is some friction between sway and gtk: 21 - # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 - # the suggested way to set gtk settings is with gsettings 23 - # for gsettings to work, we need to tell it where the schemas are 24 - # using the XDG_DATA_DIR environment variable 25 - # run at the end of sway config 26 - configure-gtk = pkgs.writeTextFile { 27 - name = "configure-gtk"; 28 - destination = "/bin/configure-gtk"; 29 - executable = true; 30 - text = 31 - let 32 - # TODO: figure out why these bindings exist or where they're used 33 - schema = pkgs.gsettings-desktop-schemas; 34 - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 - in 36 - '' 37 - 6 gnome_schema=org.gnome.desktop.interface 38 - gsettings set $gnome_schema gtk-theme 'Dracula' 39 - ''; 40 - }; 41 - in 42 - { 43 - 44 - # List packages installed in system profile. To search, run: 45 - # $ nix search wget 46 - environment.systemPackages = with pkgs; [ 47 - mangohud 48 - neovim 49 - appimage-run 50 - tzdata 51 - wget 52 - kitty 53 - file 54 - w3m 55 - fishPlugins.fzf-fish 56 - fzf 57 - qemu 58 - qemu-user 59 - qemu-utils 60 - qemu_full 61 - OVMF 62 - #9p stuff 63 - diod 64 - plan9port 65 - vis 66 - rc 67 - 68 - smartmontools 69 - 70 - # Sway stuff 71 - wdisplays 72 - mako 73 - bemenu 74 - wl-clipboard 75 - slurp 76 - grim 77 - swayidle 78 - swaylock 79 - adwaita-icon-theme 80 - dracula-theme 81 - glib 82 - xdg-utils 83 - xdg-desktop-portal 84 - wayland 85 - configure-gtk 86 - lxqt.lxqt-menu-data # for lxqt 87 - dbus-sway-environment 88 - dbus 89 - pkg-config 90 - zlib 91 - # why wouldn't I want documentation on my system 92 - man-pages 93 - man-pages-posix 94 - linuxPackages_latest.perf 95 - ]; 96 - 97 - environment.loginShellInit = '' 98 - [[ "$(tty)" = "/dev/tty1" ]] && /home/noah/repos/nixos/gs.sh 99 - ''; 100 - 101 - documentation.dev.enable = true; 102 - 103 - # Fix dynamically linked libraries for unpackaged binaries 104 - programs.nix-ld = { 105 - enable = true; 106 - libraries = with pkgs; [ 107 - # Add missing dynamic libraries for unpackaged programs HERE 108 - # NOT in environment.systemPackages 109 - zlib 110 - openssl 111 - sqlite 112 - libunwind 113 - libglvnd 114 - libclang 115 - systemdLibs 116 - ]; 117 - }; 118 - programs.nix-index = { 119 - enable = true; 120 - enableFishIntegration = true; 121 - enableBashIntegration = false; 122 - enableZshIntegration = false; 123 - }; 124 - 125 - programs.steam = { 126 - enable = true; 127 - remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play 128 - dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server 129 - localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers 130 - gamescopeSession.enable = true; 131 - }; 132 - programs.gamescope = { 133 - enable = true; 134 - capSysNice = true; 135 - }; 136 - # Boot to bigpicture 137 - services.getty.autologinUser = "noah"; 138 - 139 - programs.appimage = { 140 - enable = true; 141 - binfmt = true; 142 - }; 143 - 144 - # Run other bins in QEMU 145 - boot.binfmt.emulatedSystems = [ 146 - "aarch64-linux" 147 - "riscv64-linux" 148 - ]; 149 - # UEFI firmware support for QEMU 150 - systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 151 - 152 - # Logseq uses an ancient version of Electron, so we enable that 153 - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 154 - 155 - # I don't care too much about unfree 156 - nixpkgs.config.allowUnfree = true; 157 - # Whitelist some unfree packages 158 - nixpkgs.config.allowUnfreePredicate = 159 - pkg: 160 - builtins.elem (lib.getName pkg) [ 161 - "discord" 162 - "spotify" 163 - "obsidian" 164 - "unstable.obsidian" 165 - "tailscale" 166 - "google-chrome" 167 - "slack" 168 - "steam" 169 - "steam-original" 170 - "steam-unwrapped" 171 - "steam-run" 172 - ]; 173 - }
-44
host-specific/shizuri/services.nix
··· 1 - { pkgs, ... }: 2 - { 3 - # Some programs need SUID wrappers, can be configured further or are 4 - # started in user sessions. 5 - # programs.mtr.enable = true; 6 - programs.gnupg.agent = { 7 - enable = true; 8 - enableSSHSupport = false; 9 - }; 10 - 11 - # Enable the OpenSSH daemon. 12 - services.openssh = { 13 - enable = true; 14 - settings.X11Forwarding = true; 15 - }; 16 - 17 - # Smart Card daemon 18 - services.pcscd.enable = true; 19 - 20 - # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 21 - services.hardware.bolt.enable = true; 22 - 23 - services.fwupd.enable = true; 24 - 25 - services.xrdp = { 26 - enable = true; 27 - openFirewall = true; 28 - defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/lxqt-session"; 29 - }; 30 - 31 - # Containers and VMs 32 - virtualisation = { 33 - podman = { 34 - enable = false; 35 - dockerCompat = true; 36 - defaultNetwork.settings.dns_enabled = true; 37 - dockerSocket.enable = true; 38 - }; 39 - docker = { 40 - enable = true; 41 - storageDriver = "overlay2"; 42 - }; 43 - }; 44 - }
-55
host-specific/touma-wsl.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 - # https://github.com/nix-community/NixOS-WSL 7 - 8 - { pkgs, inputs, ... }: 9 - { 10 - imports = [ 11 - # WSL has no hardware configuration 12 - ../users.nix 13 - ../services.nix 14 - ]; 15 - wsl = { 16 - enable = true; 17 - defaultUser = "noah"; 18 - wslConf.network.hostname = "touma-wsl-nixos"; 19 - }; 20 - # List packages installed in system profile. To search, run: 21 - # $ nix search wget 22 - environment.systemPackages = with pkgs; [ 23 - neovim 24 - appimage-run 25 - wget 26 - kitty 27 - w3m 28 - fishPlugins.fzf-fish 29 - fzf 30 - qemu 31 - OVMF 32 - gitFull 33 - # plan9 34 - diod 35 - plan9port 36 - vis 37 - rc 38 - 39 - xdg-utils 40 - inputs.agenix.packages."${system}".agenix 41 - ]; 42 - services.openssh.enable = true; 43 - 44 - # Fix dynamically linked libraries for unpackaged binaries 45 - programs.nix-ld = { 46 - enable = true; 47 - libraries = with pkgs; [ 48 - # Add missing dynamic libraries for unpackaged programs HERE 49 - # NOT in environment.systemPackages 50 - zlib 51 - fuse3 52 - ]; 53 - }; 54 - system.stateVersion = "24.11"; 55 - }
-196
i3/config
··· 1 - # This file has been auto-generated by i3-config-wizard(1). 2 - # It will not be overwritten, so edit it as you like. 3 - # 4 - # Should you change your keyboard layout some time, delete 5 - # this file and re-run i3-config-wizard(1). 6 - # 7 - 8 - # i3 config file (v4) 9 - # 10 - # Please see https://i3wm.org/docs/userguide.html for a complete reference! 11 - 12 - set $mod Mod4 13 - 14 - # Font for window titles. Will also be used by the bar unless a different font 15 - # is used in the bar {} block below. 16 - font pango:monospace 8 17 - 18 - # This font is widely installed, provides lots of unicode glyphs, right-to-left 19 - # text rendering and scalability on retina/hidpi displays (thanks to pango). 20 - #font pango:DejaVu Sans Mono 8 21 - 22 - # Start XDG autostart .desktop files using dex. See also 23 - # https://wiki.archlinux.org/index.php/XDG_Autostart 24 - exec --no-startup-id dex --autostart --environment i3 25 - 26 - # The combination of xss-lock, nm-applet and pactl is a popular choice, so 27 - # they are included here as an example. Modify as you see fit. 28 - 29 - # xss-lock grabs a logind suspend inhibit lock and will use i3lock to lock the 30 - # screen before suspend. Use loginctl lock-session to lock your screen. 31 - exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock --nofork 32 - 33 - # NetworkManager is the most popular way to manage wireless networks on Linux, 34 - # and nm-applet is a desktop environment-independent system tray GUI for it. 35 - exec --no-startup-id nm-applet 36 - 37 - # Use pactl to adjust volume in PulseAudio. 38 - set $refresh_i3status killall -SIGUSR1 i3status 39 - bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +10% && $refresh_i3status 40 - bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -10% && $refresh_i3status 41 - bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle && $refresh_i3status 42 - bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle && $refresh_i3status 43 - 44 - # Use Mouse+$mod to drag floating windows to their wanted position 45 - floating_modifier $mod 46 - 47 - # move tiling windows via drag & drop by left-clicking into the title bar, 48 - # or left-clicking anywhere into the window while holding the floating modifier. 49 - tiling_drag modifier titlebar 50 - 51 - # start a terminal 52 - bindsym $mod+Return exec kitty 53 - 54 - # kill focused window 55 - bindsym $mod+Shift+q kill 56 - 57 - # start dmenu (a program launcher) 58 - bindsym $mod+d exec --no-startup-id dmenu_run 59 - # A more modern dmenu replacement is rofi: 60 - # bindcode $mod+40 exec "rofi -modi drun,run -show drun" 61 - # There also is i3-dmenu-desktop which only displays applications shipping a 62 - # .desktop file. It is a wrapper around dmenu, so you need that installed. 63 - # bindcode $mod+40 exec --no-startup-id i3-dmenu-desktop 64 - 65 - # change focus 66 - bindsym $mod+h focus left 67 - bindsym $mod+j focus down 68 - bindsym $mod+k focus up 69 - bindsym $mod+l focus right 70 - 71 - 72 - # alternatively, you can use the cursor keys: 73 - bindsym $mod+Left focus left 74 - bindsym $mod+Down focus down 75 - bindsym $mod+Up focus up 76 - bindsym $mod+Right focus right 77 - 78 - # move focused window 79 - bindsym $mod+Shift+h move left 80 - bindsym $mod+Shift+j move down 81 - bindsym $mod+Shift+k move up 82 - bindsym $mod+Shift+l move right 83 - 84 - # alternatively, you can use the cursor keys: 85 - bindsym $mod+Shift+Left move left 86 - bindsym $mod+Shift+Down move down 87 - bindsym $mod+Shift+Up move up 88 - bindsym $mod+Shift+Right move right 89 - 90 - # split in horizontal orientation 91 - bindsym $mod+g split h 92 - 93 - # split in vertical orientation 94 - bindsym $mod+v split v 95 - 96 - # enter fullscreen mode for the focused container 97 - bindsym $mod+f fullscreen toggle 98 - 99 - # change container layout (stacked, tabbed, toggle split) 100 - bindsym $mod+s layout stacking 101 - bindsym $mod+w layout tabbed 102 - bindsym $mod+e layout toggle split 103 - 104 - # toggle tiling / floating 105 - bindsym $mod+Shift+space floating toggle 106 - 107 - # change focus between tiling / floating windows 108 - bindsym $mod+space focus mode_toggle 109 - 110 - # focus the parent container 111 - bindsym $mod+a focus parent 112 - 113 - # focus the child container 114 - #bindsym $mod+d focus child 115 - 116 - # Define names for default workspaces for which we configure key bindings later on. 117 - # We use variables to avoid repeating the names in multiple places. 118 - set $ws1 "1" 119 - set $ws2 "2" 120 - set $ws3 "3" 121 - set $ws4 "4" 122 - set $ws5 "5" 123 - set $ws6 "6" 124 - set $ws7 "7" 125 - set $ws8 "8" 126 - set $ws9 "9" 127 - set $ws10 "10" 128 - 129 - # switch to workspace 130 - bindsym $mod+1 workspace number $ws1 131 - bindsym $mod+2 workspace number $ws2 132 - bindsym $mod+3 workspace number $ws3 133 - bindsym $mod+4 workspace number $ws4 134 - bindsym $mod+5 workspace number $ws5 135 - bindsym $mod+6 workspace number $ws6 136 - bindsym $mod+7 workspace number $ws7 137 - bindsym $mod+8 workspace number $ws8 138 - bindsym $mod+9 workspace number $ws9 139 - bindsym $mod+0 workspace number $ws10 140 - # Tab navigation 141 - bindsym $mod+Tab workspace next 142 - bindsym $mod+Shift+Tab workspace prev 143 - 144 - # move focused container to workspace 145 - bindsym $mod+Shift+1 move container to workspace number $ws1 146 - bindsym $mod+Shift+2 move container to workspace number $ws2 147 - bindsym $mod+Shift+3 move container to workspace number $ws3 148 - bindsym $mod+Shift+4 move container to workspace number $ws4 149 - bindsym $mod+Shift+5 move container to workspace number $ws5 150 - bindsym $mod+Shift+6 move container to workspace number $ws6 151 - bindsym $mod+Shift+7 move container to workspace number $ws7 152 - bindsym $mod+Shift+8 move container to workspace number $ws8 153 - bindsym $mod+Shift+9 move container to workspace number $ws9 154 - bindsym $mod+Shift+0 move container to workspace number $ws10 155 - 156 - # reload the configuration file 157 - bindsym $mod+Shift+c reload 158 - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) 159 - bindsym $mod+Shift+r restart 160 - # exit i3 (logs you out of your X session) 161 - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" 162 - 163 - # resize window (you can also use the mouse for that) 164 - mode "resize" { 165 - # These bindings trigger as soon as you enter the resize mode 166 - 167 - # Pressing left will shrink the window’s width. 168 - # Pressing right will grow the window’s width. 169 - # Pressing up will shrink the window’s height. 170 - # Pressing down will grow the window’s height. 171 - bindsym h resize shrink width 10 px or 10 ppt 172 - bindsym j resize grow height 10 px or 10 ppt 173 - bindsym k resize shrink height 10 px or 10 ppt 174 - bindsym l resize grow width 10 px or 10 ppt 175 - 176 - # same bindings, but for the arrow keys 177 - bindsym Left resize shrink width 10 px or 10 ppt 178 - bindsym Down resize grow height 10 px or 10 ppt 179 - bindsym Up resize shrink height 10 px or 10 ppt 180 - bindsym Right resize grow width 10 px or 10 ppt 181 - 182 - # back to normal: Enter or Escape or $mod+r 183 - bindsym Return mode "default" 184 - bindsym Escape mode "default" 185 - bindsym $mod+r mode "default" 186 - } 187 - 188 - bindsym $mod+r mode "resize" 189 - 190 - # Start i3bar to display a workspace bar (plus the system information i3status 191 - # finds out, if available) 192 - bar { 193 - status_command i3status 194 - } 195 - 196 - exec barrier
+111
networking.nix
··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [{ 21 + address = "192.168.1.3"; 22 + prefixLength = 24; 23 + }]; 24 + }; 25 + }; 26 + networking.defaultGateway = { 27 + address = "192.168.1.1"; 28 + interface = "enp4s0f1"; 29 + }; 30 + 31 + networking.defaultGateway6 = { 32 + address = "fe80::2870:4eff:fe84:d884"; 33 + interface = "enp4s0f1"; 34 + }; 35 + 36 + networking.nameservers = [ 37 + "192.168.1.3" 38 + "45.90.28.93" 39 + "45.90.30.93" 40 + ]; 41 + 42 + # This is necessary for ZFS 43 + networking.hostId = "5beebabe"; 44 + 45 + networking.useNetworkd = true; 46 + # TODO: static IP @ 192.168.1.2 47 + 48 + # Configure network proxy if necessary 49 + # networking.proxy.default = "http://user:password@proxy:port/"; 50 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 51 + # Open ports in the firewall. 52 + # networking.firewall.allowedTCPPorts = [ ... ]; 53 + # networking.firewall.allowedUDPPorts = [ ... ]; 54 + # Or disable the firewall altogether. 55 + # TODO: allow some ports 56 + networking.firewall = { 57 + enable = true; 58 + allowPing = true; 59 + trustedInterfaces = [ 60 + "tailscale0" 61 + ]; 62 + allowedUDPPorts = [ 63 + # DNS 64 + 53 65 + config.services.tailscale.port 66 + ]; 67 + allowedTCPPorts = [ 68 + # DNS over TCP 69 + 53 70 + # NFSv4 71 + 2049 72 + # HTTP(s) 73 + 443 74 + 80 75 + # iperf3 76 + 5201 77 + 5301 78 + 5401 79 + # NATS 80 + 4222 81 + # Prometheus 82 + 9001 83 + # Minio 84 + 9003 85 + # Minio web 86 + 9004 87 + # AFP via Netatalk 88 + 548 89 + #9p 90 + 564 91 + # Misc development 92 + 3000 93 + ]; 94 + }; 95 + 96 + services.avahi = { 97 + enable = true; 98 + nssmdns4 = true; 99 + nssmdns6 = true; 100 + ipv6 = true; 101 + openFirewall = true; 102 + publish = { 103 + enable = true; 104 + addresses = true; 105 + workstation = true; 106 + userServices = true; 107 + domain = true; 108 + }; 109 + }; 110 + 111 + }
-2
nvim/after/ftplugin/janet.lua
··· 1 - vim.o.tabstop = 2 2 - vim.o.shiftwidth = 2
+2 -11
nvim/init.lua
··· 7 7 -- Config for Nord, which I usually use 8 8 -- vim.g.nord_italic = false 9 9 -- vim.g.nord_bold = false 10 - local known_hosts = { 11 - ["aleister.packetlost.dev"] = "light", 12 - ["aleister.local"] = "light", 13 - ["accelerator"] = "light" 14 - } 15 - local background = known_hosts[vim.loop.os_gethostname()] 16 - if not background then 17 - background = "dark" 18 - end 19 - vim.opt.background = background 20 - --vim.opt.background = "dark" 10 + --vim.opt.background = "light" 11 + vim.opt.background = "dark" 21 12 22 13 -- Formatting and vim config 23 14 vim.opt.expandtab = true
+1 -1
nvim/lua/lsp/janet_lsp.lua
··· 2 2 cmd = { 3 3 "janet", 4 4 "-i", 5 - "/Users/noah/repos/janet-lsp/build/janet-lsp.jimage", 5 + "/home/noah/repos/janet-lsp/jpm_tree/lib/janet-lsp.jimage", 6 6 "--stdio", 7 7 } 8 8 }
+3 -3
nvim/lua/lsp.lua
··· 44 44 end, opts) 45 45 vim.keymap.set("n", "<space>D", vim.lsp.buf.type_definition, opts) 46 46 vim.keymap.set("n", "<space>rn", vim.lsp.buf.rename, opts) 47 - vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts) 47 + vim.keymap.set("n", "<space>ca", vim.lsp.buf.code_action, opts) 48 48 vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) 49 49 vim.keymap.set("n", "<space>e", vim.diagnostic.open_float, opts) 50 - vim.keymap.set("n", "[d", function () vim.diagnostic.jump {count = -1, float = true} end, opts) 51 - vim.keymap.set("n", "]d", function () vim.diagnostic.jump {count = 1, float = true} end, opts) 50 + vim.keymap.set("n", "[d", vim.diagnostic.goto_prev, opts) 51 + vim.keymap.set("n", "]d", vim.diagnostic.goto_next, opts) 52 52 vim.keymap.set("n", "<space>q", vim.diagnostic.setloclist, opts) 53 53 vim.keymap.set("n", "<space>f", 54 54 function() vim.lsp.buf.format { async = true } end, opts)
+22 -11
nvim/lua/plugins.lua
··· 121 121 }, 122 122 }, -- Git stuff 123 123 -- GitGutter, shows inline difs 124 - --"airblade/vim-gitgutter", 124 + "airblade/vim-gitgutter", 125 125 { 126 126 "NeogitOrg/neogit", 127 127 dependencies = { ··· 277 277 { "rktjmp/hotpot.nvim", lazy = true, ft = "fennel", config = true }, 278 278 { "Olical/nfnl", lazy = true, ft = "fennel", config = true }, -- Rust stuff 279 279 { 280 - "mrcjkb/rustaceanvim", 281 - lazy = false, 282 - version = "^6" 280 + "simrat39/rust-tools.nvim", 281 + lazy = true, 282 + ft = { "rust" }, 283 + config = function() 284 + local rt = require("rust-tools") 285 + rt.setup({ 286 + server = { 287 + on_attach = function(_, bufnr) 288 + -- Hover actions 289 + vim.keymap.set("n", "<C-space>", 290 + rt.hover_actions.hover_actions, 291 + { buffer = bufnr }) 292 + -- Code action groups 293 + vim.keymap.set("n", "<Leader>a", 294 + rt.code_action_group.code_action_group, 295 + { buffer = bufnr }) 296 + end 297 + } 298 + }) 299 + end, 300 + dependencies = { "nvim-lua/plenary.nvim" } 283 301 }, 284 302 { "mfussenegger/nvim-dap", lazy = true, ft = { "c", "rust" } }, 285 303 { ··· 335 353 end 336 354 }, 337 355 { "lewis6991/gitsigns.nvim", config = true }, 338 - { 339 - "greggh/claude-code.nvim", 340 - dependencies = { 341 - "nvim-lua/plenary.nvim" 342 - }, 343 - config = true 344 - } 345 356 346 357 } 347 358 })
+26
overrides/immich-sources.json
··· 1 + { 2 + "version": "1.138.1", 3 + "hash": "sha256-oaZN0kF82mS25bDSTXRjYnWG9RAMSbCUhXn9t0am96U=", 4 + "components": { 5 + "cli": { 6 + "npmDepsHash": "sha256-6k83QOdKh+FlVnYvA9j60115oohUMDc2YvGaj/GMukE=", 7 + "version": "2.2.79" 8 + }, 9 + "server": { 10 + "npmDepsHash": "sha256-4sqWIIGQ8ZW7TvJoNjNNliriuV6Su0askAN6pAq9VFc=", 11 + "version": "1.138.1" 12 + }, 13 + "web": { 14 + "npmDepsHash": "sha256-+W8cDgy3qe6RDen8SEdHPNADkKb4zZH8C/Am/bdU42c=", 15 + "version": "1.138.1" 16 + }, 17 + "open-api/typescript-sdk": { 18 + "npmDepsHash": "sha256-GfmFPsnFu7l4EsnPDv4nj5KLkOz8nEJvMT1BE7zIQ3k=", 19 + "version": "1.138.1" 20 + }, 21 + "geonames": { 22 + "timestamp": "20250818205425", 23 + "hash": "sha256-ceYdHKPxVzmqVIcA5odqPAnjeB0sR7GW2k/Csp0nepY=" 24 + } 25 + } 26 + }
+126
packages.nix
··· 1 + { pkgs, lib, inputs, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + neovim 48 + appimage-run 49 + wget 50 + kitty 51 + w3m 52 + fishPlugins.fzf-fish 53 + fzf 54 + qemu 55 + OVMF 56 + metastore 57 + # 9p 58 + diod 59 + plan9port 60 + vis 61 + rc 62 + ncdu 63 + inputs.agenix.packages."${system}".agenix 64 + 65 + # ZFS / filesystem stuff 66 + zfs 67 + 68 + # GPU stuff 69 + intel-gpu-tools 70 + #(ffmpeg-full.override { 71 + # withUnfree = true; 72 + # withMfx = false; 73 + # withSmallBuild = false; 74 + # withTensorflow = false; 75 + #}) 76 + libva 77 + libva-utils 78 + nvtopPackages.intel 79 + 80 + # Sway stuff 81 + wdisplays 82 + mako 83 + bemenu 84 + wl-clipboard 85 + slurp 86 + grim 87 + swayidle 88 + swaylock 89 + adwaita-icon-theme 90 + dracula-theme 91 + glib 92 + xdg-utils 93 + wayland 94 + configure-gtk 95 + dbus-sway-environment 96 + dbus 97 + ]; 98 + 99 + # Fix dynamically linked libraries for unpackaged binaries 100 + programs.nix-ld = { 101 + enable = true; 102 + libraries = with pkgs; [ 103 + # Add missing dynamic libraries for unpackaged programs HERE 104 + # NOT in environment.systemPackages 105 + zlib 106 + ]; 107 + }; 108 + 109 + programs.fuse.userAllowOther = true; 110 + 111 + 112 + # Logseq uses an ancient version of Electron, so we enable that 113 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 114 + 115 + # Whitelist some unfree packages 116 + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ 117 + "discord" 118 + "spotify" 119 + "obsidian" 120 + "tailscale" 121 + "plexmediaserver" 122 + "sftpgo" 123 + "teamspeak-server" 124 + "ffmpeg-full" 125 + ]; 126 + }
+3
scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+3 -3
scripts/nr
··· 1 1 #!/usr/bin/env rc 2 2 3 - flag e + 3 + flag x + 4 4 5 5 if(~ $1 -x) { 6 - flag x + 6 + flake e + 7 7 shift 8 8 } 9 9 10 10 pkg=$1 11 11 shift 12 12 13 - exec nix run 'nixpkgs#'^$pkg -- $* 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*
+8
scripts/oclip
··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data
-3
scripts/ocopy
··· 1 - #!/usr/bin/env sh 2 - 3 - printf "\033]52;c;%s\007" "$(base64 <&0)"
-10
secrets/catgirl-libera.age
··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 QBbeMw PrgR2RT7HMRapTw8QcRtBU1vfOdrvOdFR+dxlaTMSH4 3 - 2oG68+hYV5W90Beaqpi/VonPwXzB52NTwwJGKmV8YM0 4 - -> ssh-ed25519 Wv0Urw LvqWE5p2G3QnxbqOQMSd631mCqfhJvE9P/yRuwTTkFk 5 - 3jGowP4TKe3T92NXcZjmqU+QFGcyuT2+H3EU/nqTF8s 6 - -> ssh-ed25519 WVNCXA YGX6M8E4JGpJNeZIhiN/t+tx1NQNc+Ewy9HC2dxm3yY 7 - mhxXrgnbh4ng2tIeQrYfxlnlSCk/fTEBDDOg2MEVP2g 8 - --- JpMgqNty36r0OAyDTaLY8yiFHGXzQLm8gh6XXmJQ094 9 - E~�ƿ ׭ #2%%��`Ϳ�~��~�Si<�3� 10 - 7k��b�+OMr�3GxžhG�WY9.�xU1�Re�*%���v�!����������2�wJ_B�)�"��I� �k��[u�jvV5��8n�D��2���H�|
secrets/nix-serve-secret-key.age

This is a binary file and will not be displayed.

-13
secrets/noah-hashed-password.age
··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 e6zq8g Y6AKrd+CWu2+QqPEslYof/XQTTSMf/WNlW9t8FagYgQ 3 - +hiVmTdBt2w/CUusGWOmHgPB3/A3NlcVJ6a4hieWKaE 4 - -> ssh-ed25519 FcROng uBO/aCTSS5JU9ZTkyRgFeYhmkcXdifUycQk8CEGADx0 5 - LZE8JNFrlOeySFamABnZuZHdXdLPYB8/X4gic3stCuw 6 - -> ssh-ed25519 OV+2QQ m13opn5yD0oMLSR8j1jiI9CkzwDSZI37UhJdLQ/KzjE 7 - 6arhn/OFKiGrFabcFCF/yTtTSQImORJX5Ohq50I3xpU 8 - -> ssh-ed25519 h/Fm0A HfM3i56ldP9EvwYTNorzdtkwn21zvFd6cEqUINsg8hg 9 - RJo7z0Nk179ZiazofToA+0KOD3CWfpzaFcZWrSeVsuo 10 - -> ssh-ed25519 Aoo1Gg DKY2avQ+UMyIytEefP6C3LTXTT7QaDBDguxu4G3j/iY 11 - EqCq0BeV+rToFnOCbD9ru9KroXxGcYKRnryKF7N8Uoo 12 - --- L0JkNEz2vJ0m7+8PQELugzzhQAKV/6z/JrU2qeTDPWI 13 - /g�DQ�ӳ`�����< �S��U���p}E+(��2H�'��͖�������Av6p.P#,����l �����@��7���|F�;;�Dޓ,�8@���E{
+5 -8
secrets/porkbun-api-key.age
··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 e6zq8g x6PGKDva9Uj/rVaeOiWSBKTgNsi6ZT1XtHdUEAPn7Wo 3 - hziH64vy2Dx0dMEEKphhw54hzyzhgAYONxaSqDgguP0 4 - -> ssh-ed25519 QBbeMw G775f6PEJrogzi+h0cDKhCmfZ4t8uaJSsGqSuLdwq1M 5 - TR9UfYVljeb+DtttBpMlinZjbPNKL7+omEasEo0nEjE 6 - -> ssh-ed25519 Wv0Urw jXwjCKuCW6z7ZGu0hp/igks4vgCcGGng0VGXeHakJRI 7 - b6fciWjygpGMI83E3C3JBjJZ7X5tDXRPRKgn1Uy/1P0 8 - --- X67NLqQNueHXFrw9Z2SBA880xnUEPLbKRjADgdiBfIs 9 - &u&6�=�ڌ5�!,B[��e������F�[��9�� "lU����<�9�D$m̆��6`JU �dB~S�A6D;s��љ: M��p g�Y��@pBj�6���f����p�;��{�H�y�2{�?���#Pl�D@#ye��3��jD��tץ����6���=�A�������lJڊQ'���..>�(񵑅|wn��Zf<= _ 2 + -> ssh-ed25519 e6zq8g CdLTZ6uXiJB+xaD+I5NVHD5OxLSH+yAz99j04GiKukU 3 + kQTUR4yK23wHV9QGMlmTmIlMh63nP49g1NrS+sJKfBY 4 + --- H6/xHryPPKmAWW/bDXUN4YBXMKrsFpUAveKxWsT0SH0 5 + �E����,�ήS��P)A.������9O\�����2n��U�!���X�a��� l�Z�4*(G�[��>�Zl� 6 + :QՅ���������o����$=��& ڍ�w�t^�<<E�0p�8��:���� G�̉����J#�QR�����p�򘐞�kA,�=!��5�KK��0o��nQ��)�\\�ĘN�����wQ�҉
+4 -24
secrets/secrets.nix
··· 1 1 let 2 - noah = [ 3 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki" 4 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin" 5 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 - ]; 2 + noah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki"; 7 3 misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 8 - edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 - odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 - touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 - shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 - hosts = [ 13 - misaki 14 - edge 15 - odin 16 - touma-wsl 17 - shizuri 18 - ]; 4 + #users = [noah]; 19 5 in 20 6 { 21 - "porkbun-api-key.age".publicKeys = [ misaki ] ++ noah; 22 - "noah-hashed-password.age".publicKeys = hosts; 23 - "nix-serve-secret-key.age".publicKeys = [ 24 - misaki 25 - noah 26 - ]; 27 - "validator-identity.age".publicKeys = [ edge ]; 28 - "catgirl-libera.age".publicKeys = noah; 7 + "porkbun-api-key.age".publicKeys = [ noah misaki ]; 8 + "nix-serve-secret-key.age".publicKeys = [ misaki noah ]; 29 9 }
secrets/validator-identity.age

This is a binary file and will not be displayed.

+562 -18
services.nix
··· 1 - { enableNFTables, lib, ... }: 1 + { config 2 + , pkgs 3 + , unstable 4 + , ... 5 + }: 2 6 { 3 7 8 + services.zfs = { 9 + autoScrub.enable = true; 10 + }; 11 + services.nfs.server.enable = true; 4 12 # Some programs need SUID wrappers, can be configured further or are 5 13 # started in user sessions. 6 - programs.mtr.enable = true; 14 + # programs.mtr.enable = true; 15 + programs.gnupg.agent = { 16 + enable = true; 17 + enableSSHSupport = false; 18 + }; 7 19 8 20 # Fish shell, the best 9 21 programs.fish.enable = true; 10 22 23 + # MOSH, SSH over flakey connections 24 + programs.mosh.enable = true; 25 + 26 + # List services that you want to enable: 27 + 28 + # Enable the OpenSSH daemon. 29 + services.openssh = { 30 + enable = true; 31 + openFirewall = true; 32 + settings.PasswordAuthentication = false; 33 + }; 34 + 35 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 36 + services.hardware.bolt.enable = true; 37 + 11 38 # Tailscale 12 39 services.tailscale = { 13 40 enable = true; 41 + useRoutingFeatures = "client"; 42 + }; 43 + 44 + # Containers and VMs 45 + virtualisation = { 46 + podman = { 47 + enable = true; 48 + dockerCompat = true; 49 + defaultNetwork.settings.dns_enabled = true; 50 + }; 51 + }; 52 + 53 + # Samba, for shares 54 + # TODO 55 + services.samba = { 56 + enable = true; 14 57 openFirewall = true; 58 + nmbd.enable = true; 59 + winbindd.enable = true; 60 + settings = { 61 + global = { 62 + workgroup = "WORKGROUP"; 63 + "server string" = "misaki"; 64 + security = "user"; 65 + "use sendfile" = "yes"; 66 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 67 + "hosts deny" = "0.0.0.0/0"; 68 + "guest account" = "nobody"; 69 + "map to guest" = "bad user"; 70 + deadtime = 30; 71 + }; 72 + shokuhou = { 73 + path = "/srv/shokuhou"; 74 + browseable = "yes"; 75 + "read only" = "no"; 76 + "guest ok" = "no"; 77 + "create mask" = "0644"; 78 + "directory mask" = "0755"; 79 + "force user" = "noah"; 80 + "force group" = "nas"; 81 + }; 82 + mentalout = { 83 + path = "/srv/mentalout"; 84 + browseable = "yes"; 85 + "read only" = "no"; 86 + "guest ok" = "no"; 87 + "create mask" = "0644"; 88 + "directory mask" = "0755"; 89 + "force user" = "noah"; 90 + "force group" = "nas"; 91 + }; 92 + }; 15 93 }; 16 - # Don't wait for networks on boot, should speed up boot 17 - systemd.network.wait-online.enable = false; 18 - boot.initrd.systemd.network.wait-online.enable = false; 19 - networking.firewall.trustedInterfaces = [ "tailscale0" ]; 94 + services.samba-wsdd = { 95 + enable = true; 96 + openFirewall = true; 97 + }; 20 98 21 - # Enable the OpenSSH daemon. 22 - services.openssh = { 99 + services.coredns = { 23 100 enable = true; 101 + config = '' 102 + packetlost.dev { 103 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 104 + fallthrough 105 + } 106 + bind enp4s0f1 107 + } 108 + ngp.computer { 109 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 110 + fallthrough 111 + } 112 + bind enp4s0f1 113 + } 114 + localhost { 115 + hosts ${./coredns/localhost.hosts} localhost { 116 + fallthrough 117 + } 118 + bind enp4s0f1 119 + } 120 + . { 121 + # NextDNS 122 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 123 + tls_servername dd2feb.dns.nextdns.io 124 + health_check 5s 125 + } 126 + bind enp4s0f1 127 + cache 128 + errors 129 + log 130 + } 131 + ''; 132 + }; 133 + 134 + services.nats = { 135 + enable = true; 136 + jetstream = true; 137 + user = "nats"; 138 + group = "nats"; 139 + serverName = "misaki"; 140 + dataDir = "/srv/shokuhou/applications/nats"; 141 + validateConfig = false; 142 + settings = { 143 + authorization = { 144 + users = [ 145 + { 146 + user = "seedbox@packetlost.dev"; 147 + permissions = { 148 + publish = [ 149 + "torrents" 150 + "torrents.>" 151 + "$JS.API.INFO" 152 + #"$JS.API.STREAM.INFO.>" 153 + "$KV.torrents.>" 154 + #"$JS.API.STREAM.*.*.OBJ_torrents" 155 + "$JS.API.*.*.OBJ_torrents" 156 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 157 + "$JS.API.*.*.OBJ_torrents.>" 158 + "$O.torrents.>" 159 + ]; 160 + subscribe = [ 161 + "torrents.>" 162 + "_INBOX.>" 163 + ]; 164 + allow_responses = false; 165 + }; 166 + } 167 + { user = "odin@packetlost.dev"; } 168 + { user = "misaki@packetlost.dev"; } 169 + { user = "noah@packetlost.dev"; } 170 + { user = "touma-nixos@packetlost.dev"; } 171 + ]; 172 + }; 173 + tls = { 174 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 175 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 176 + ca_file = "/srv/nats/minica.pem"; 177 + verify_and_map = true; 178 + }; 179 + jetstream = { 180 + # 50GB 181 + max_file_store = 53687091200; 182 + max_mem = 8589934592; 183 + }; 184 + }; 185 + }; 186 + 187 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 188 + # S3-like API, this will be revived. 189 + services.minio = { 190 + enable = false; 191 + listenAddress = ":9003"; 192 + consoleAddress = ":9004"; 193 + dataDir = [ 194 + /srv/shokuhou/applications/minio 195 + ]; 196 + }; 197 + 198 + services.netatalk = { 199 + enable = true; 200 + settings = { 201 + time-machine = { 202 + path = "/srv/shokuhou/backup/timemachine"; 203 + "valid users" = "noah"; 204 + "time machine" = true; 205 + }; 206 + }; 207 + }; 208 + 209 + services.webdav.enable = false; 210 + services.sftpgo = { 211 + enable = false; 212 + dataDir = /srv/shokuhou/documents/sftpgo; 213 + group = "nas"; 214 + }; 215 + services.syncthing = { 216 + enable = false; 217 + openDefaultPorts = true; 218 + # disable the sync folder creation 219 + extraFlags = [ "--no-default-folder" ]; 220 + settings = { 221 + folders = { 222 + "Sync" = { 223 + path = "/srv/shokuhou/documents/sync"; 224 + }; 225 + }; 226 + }; 227 + }; 228 + 229 + services.grafana = { 230 + enable = false; 231 + settings.server.http_port = 2342; 232 + settings.server.domain = "grafana.packetlost.dev"; 233 + settings.server.http_addr = "127.0.0.1"; 234 + }; 235 + 236 + services.prometheus = { 237 + enable = false; 238 + port = 9001; 239 + exporters = { 240 + node = { 241 + enable = true; 242 + enabledCollectors = [ "systemd" ]; 243 + port = 9002; 244 + }; 245 + }; 246 + 247 + scrapeConfigs = [ 248 + { 249 + job_name = "chrysalis"; 250 + static_configs = [ 251 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 252 + ]; 253 + } 254 + ]; 255 + }; 256 + 257 + # TODO: figure out how to appropriately configure this 258 + services.step-ca = { 259 + enable = false; 24 260 openFirewall = true; 25 - settings.PasswordAuthentication = false; 261 + port = 8443; 262 + address = "0.0.0.0"; 263 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 264 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 26 265 }; 27 266 28 - # MOSH, SSH over flakey connections 29 - programs.mosh.enable = true; 30 - } 31 - // lib.optionalAttrs enableNFTables { 32 - # Use nftables 33 - networking.nftables.enable = true; 34 - # Support native nftables in tailscale 35 - systemd.services.tailscaled.serviceConfig.Environment = [ 36 - "TS_DEBUG_FIREWALL_MODE=nftables" 267 + age.secrets.acme = { 268 + file = ./secrets/porkbun-api-key.age; 269 + owner = "root"; 270 + group = "acme"; 271 + }; 272 + 273 + # TODO: re-enable this once Agenix is set up 274 + security.acme = { 275 + acceptTerms = true; 276 + defaults.email = "noah@packetlost.dev"; 277 + certs."plex.packetlost.dev" = { 278 + dnsProvider = "porkbun"; 279 + group = "httpd"; 280 + environmentFile = config.age.secrets.acme.path; 281 + }; 282 + certs."img.ngp.computer" = { 283 + group = "httpd"; 284 + dnsProvider = "porkbun"; 285 + environmentFile = config.age.secrets.acme.path; 286 + }; 287 + certs."files.ngp.computer" = { 288 + group = "httpd"; 289 + dnsProvider = "porkbun"; 290 + environmentFile = config.age.secrets.acme.path; 291 + }; 292 + certs."photos.ngp.computer" = { 293 + group = "httpd"; 294 + dnsProvider = "porkbun"; 295 + environmentFile = config.age.secrets.acme.path; 296 + }; 297 + certs."jellyfin.packetlost.dev" = { 298 + group = "httpd"; 299 + dnsProvider = "porkbun"; 300 + environmentFile = config.age.secrets.acme.path; 301 + }; 302 + }; 303 + 304 + # A test email server that only works on LAN 305 + services.maddy = { 306 + enable = true; 307 + openFirewall = true; 308 + primaryDomain = "misaki.local"; 309 + ensureAccounts = [ 310 + "noah@misaki.local" 311 + "postmaster@misaki.local" 312 + "test@misaki.local" 313 + ]; 314 + ensureCredentials = { 315 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 316 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 318 + }; 319 + }; 320 + 321 + age.secrets.nix-serve = { 322 + file = ./secrets/nix-serve-secret-key.age; 323 + owner = "root"; 324 + group = "root"; 325 + }; 326 + services.nix-serve = { 327 + enable = true; 328 + package = unstable.nix-serve-ng; 329 + secretKeyFile = config.age.secrets.nix-serve.path; 330 + openFirewall = true; 331 + }; 332 + 333 + services.plex = { 334 + enable = true; 335 + openFirewall = false; # we proxy this with nginx 336 + group = "nas"; 337 + user = "noah"; 338 + package = unstable.plex; 339 + }; 340 + 341 + services.jellyfin = { 342 + enable = true; 343 + openFirewall = true; 344 + user = "noah"; 345 + group = "nas"; 346 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 347 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 348 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 349 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 350 + }; 351 + 352 + # services.gitea = { 353 + # enable = true; 354 + # user = "git"; 355 + # domain = "git.packetlost.dev"; 356 + # }; 357 + 358 + # Litterbox, collect my IRC logs 359 + systemd = { 360 + services = { 361 + "litterbox@" = { 362 + path = [ pkgs.litterbox ]; 363 + serviceConfig = { 364 + StartLimitIntervalSec = 5; 365 + StartLimitBurst = 10; 366 + Restart = "on-failure"; 367 + RestartSec = "10s"; 368 + Type = "simple"; 369 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 370 + ExecReload = "kill -USR1 $MAINPID"; 371 + User = "noah"; 372 + Group = "litterbox"; 373 + }; 374 + }; 375 + 376 + #"litterbox@libera.irc.packetlost.dev" = { 377 + # overrideStrategy = "asDropin"; 378 + # wantedBy = [ "multi-user.target" ]; 379 + #}; 380 + "update-downstream-src" = { 381 + path = with pkgs; [ 382 + rc 383 + coreutils 384 + git 385 + openssh 386 + ]; 387 + script = "exec ${./scripts/update-src}"; 388 + serviceConfig = { 389 + Type = "oneshot"; 390 + User = "noah"; 391 + WorkingDirectory = "/srv/src"; 392 + }; 393 + }; 394 + }; 395 + timers = { 396 + "update-downstream-src" = { 397 + wantedBy = [ "timers.target" ]; 398 + timerConfig = { 399 + OnCalendar = "daily"; 400 + Persistent = true; 401 + }; 402 + }; 403 + }; 404 + }; 405 + 406 + services.teamspeak3 = { 407 + enable = true; 408 + openFirewall = true; 409 + }; 410 + 411 + services.immich = { 412 + enable = true; 413 + package = unstable.immich; 414 + accelerationDevices = [ "/dev/dri/renderD128" ]; 415 + mediaLocation = "/srv/shokuhou/pictures/immich"; 416 + }; 417 + users.users.immich.extraGroups = [ 418 + "video" 419 + "render" 420 + "nas" 37 421 ]; 422 + 423 + # Nginx Reverse SSL Proxy 424 + services.nginx = { 425 + enable = true; 426 + group = "nas"; 427 + user = "noah"; 428 + 429 + # This is disabled for now 430 + #virtualHosts."${config.services.grafana.settings.server.domain}" = { 431 + # locations."/" = { 432 + # proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}"; 433 + # proxyWebsockets = true; 434 + # }; 435 + #}; 436 + 437 + virtualHosts."cache.packetlost.dev" = { 438 + locations."/".proxyPass = 439 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 440 + }; 441 + virtualHosts."photos.ngp.computer" = { 442 + enableACME = false; 443 + useACMEHost = "photos.ngp.computer"; 444 + acmeRoot = null; 445 + forceSSL = true; 446 + locations."/" = { 447 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 448 + proxyWebsockets = true; 449 + recommendedProxySettings = true; 450 + extraConfig = '' 451 + client_max_body_size 50000M; 452 + proxy_read_timeout 600s; 453 + proxy_send_timeout 600s; 454 + send_timeout 600s; 455 + ''; 456 + }; 457 + }; 458 + virtualHosts."img.ngp.computer" = { 459 + forceSSL = true; 460 + enableACME = false; 461 + useACMEHost = "img.ngp.computer"; 462 + acmeRoot = null; 463 + root = "/srv/shokuhou/pictures/public"; 464 + extraConfig = '' 465 + sendfile on; 466 + autoindex_exact_size on; 467 + tcp_nopush on; 468 + ''; 469 + locations."/" = { 470 + extraConfig = '' 471 + autoindex on; 472 + autoindex_exact_size on; 473 + alias /srv/shokuhou/pictures/public/$1; 474 + ''; 475 + }; 476 + }; 477 + virtualHosts."files.ngp.computer" = { 478 + forceSSL = true; 479 + enableACME = false; 480 + useACMEHost = "files.ngp.computer"; 481 + acmeRoot = null; 482 + root = null; 483 + extraConfig = '' 484 + sendfile on; 485 + tcp_nopush on; 486 + ''; 487 + locations."/books/" = { 488 + extraConfig = '' 489 + autoindex on; 490 + autoindex_exact_size on; 491 + alias /srv/shokuhou/books/sync/$1; 492 + ''; 493 + }; 494 + }; 495 + virtualHosts."jellyfin.packetlost.dev" = { 496 + forceSSL = true; 497 + enableACME = false; 498 + useACMEHost = "jellyfin.packetlost.dev"; 499 + acmeRoot = null; 500 + http2 = true; 501 + locations."/" = { 502 + proxyPass = "http://localhost:8096/"; 503 + }; 504 + }; 505 + 506 + # give a name to the virtual host. It also becomes the server name. 507 + virtualHosts."plex.packetlost.dev" = { 508 + # Since we want a secure connection, we force SSL 509 + forceSSL = true; 510 + enableACME = false; 511 + useACMEHost = "plex.packetlost.dev"; 512 + acmeRoot = null; 513 + 514 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 515 + http2 = true; 516 + 517 + # Provide the ssl cert and key for the vhost 518 + # These are filled in automatically with ACME 519 + extraConfig = '' 520 + 521 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 522 + send_timeout 100m; 523 + 524 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 525 + ssl_stapling on; 526 + ssl_stapling_verify on; 527 + 528 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 529 + ssl_prefer_server_ciphers on; 530 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 531 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 532 + 533 + # Forward real ip and host to Plex 534 + proxy_set_header X-Real-IP $remote_addr; 535 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 536 + proxy_set_header X-Forwarded-Proto $scheme; 537 + proxy_set_header Host $server_addr; 538 + proxy_set_header Referer $server_addr; 539 + proxy_set_header Origin $server_addr; 540 + 541 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 542 + gzip on; 543 + gzip_vary on; 544 + gzip_min_length 1000; 545 + gzip_proxied any; 546 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 547 + gzip_disable "MSIE [1-6]\."; 548 + 549 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 550 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 551 + client_max_body_size 100M; 552 + 553 + # Plex headers 554 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 555 + proxy_set_header X-Plex-Device $http_x_plex_device; 556 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 557 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 558 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 559 + proxy_set_header X-Plex-Product $http_x_plex_product; 560 + proxy_set_header X-Plex-Token $http_x_plex_token; 561 + proxy_set_header X-Plex-Version $http_x_plex_version; 562 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 563 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 564 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 565 + proxy_set_header X-Plex-Model $http_x_plex_model; 566 + 567 + # Websockets 568 + proxy_http_version 1.1; 569 + proxy_set_header Upgrade $http_upgrade; 570 + proxy_set_header Connection "upgrade"; 571 + 572 + # Buffering off send to the client as soon as the data is received from Plex. 573 + proxy_redirect off; 574 + proxy_buffering off; 575 + ''; 576 + 577 + locations."/" = { 578 + proxyPass = "http://localhost:32400/"; 579 + }; 580 + }; 581 + }; 38 582 }
+6 -1
shell.nix
··· 1 1 { pkgs ? import <nixos-unstable> { } }: 2 - pkgs.mkShell { packages = with pkgs; [ nil lua-language-server ]; } 2 + pkgs.mkShell { 3 + packages = with pkgs; [ nil lua-language-server nixpkgs-fmt ]; 4 + shellHook = '' 5 + ${(import ./default.nix).pre-commit-check.shellHook} 6 + ''; 7 + }
-32
ssh/extra
··· 1 1 AddKeysToAgent yes 2 2 ServerAliveInterval 60 3 - ForwardAgent yes 4 3 ControlMaster auto 5 4 ControlPath ~/.ssh/master-%r@%h:%p 6 5 ··· 26 25 IdentityFile ~/.ssh/id_ed25519 27 26 ForwardAgent yes 28 27 29 - Host aleister 30 - HostName 192.168.1.16 31 - User noah 32 - IdentityFile ~/.ssh/id_ed25519 33 - ForwardAgent yes 34 - 35 28 Host komoe 36 29 HostName 192.168.1.5 37 30 User noah 38 31 IdentityFile ~/.ssh/id_ed25519 39 32 ForwardAgent yes 40 - 41 - Host othinus 42 - HostName 192.168.1.4 43 - User noah 44 - IdentityFile ~/.ssh/id_ed25519 45 - ForwardAgent yes 46 - 47 - Host odin 48 - HostName 192.168.1.6 49 - User noah 50 - IdentityFile ~/.ssh/id_ed25519 51 - ForwardAgent yes 52 - 53 - Host accelerator 54 - HostName 192.168.1.7 55 - User noah 56 - IdentityFile ~/.ssh/id_ed25519 57 - ForwardAgent yes 58 - 59 - Host shizuri 60 - HostName 192.168.1.15 61 - User noah 62 - IdentityFile ~/.ssh/id_ed25519 63 - ForwardAgent yes 64 - ForwardX11 yes 65 33 66 34 Host sdf 67 35 HostName tty.sdf.org
+13 -18
sway/odin
··· 2 2 #workspace $ws1 output DP-6 3 3 #workspace $ws2 output HDMI-A-1 4 4 5 - output "Acer Technologies XV272U 0x0000A50C" { 6 - mode 2560x1440@143.999Hz 7 - pos 440 0 8 - transform normal 9 - scale 1.0 10 - scale_filter nearest 11 - adaptive_sync off 12 - dpms on 13 - } 14 - output "LG Electronics LG ULTRAGEAR 307NTPC58464" { 15 - mode 3440x1440@85.0Hz 16 - pos 0 1440 17 - transform normal 18 - scale 1.0 19 - scale_filter nearest 20 - adaptive_sync on 21 - dpms on 22 - } 5 + # HDMI is the main output 6 + output HDMI-A-1 pos 0 0 7 + output HDMI-A-1 adaptive_sync off 8 + output DP-9 pos -430 1440 9 + output DP-9 adaptive_sync on 10 + # Sometimes the DP identifier changes for some reason 11 + output DP-6 pos -430 1440 12 + output DP-6 adaptive_sync on 13 + output DP-10 pos -430 1440 14 + output DP-10 adaptive_sync on 15 + # The HDMI gets messed up too :( 16 + output HDMI-A-2 pos 0 0 17 + output HDMI-A-2 adaptive_sync off
+10 -17
users.nix
··· 1 - { 2 - pkgs, 3 - lib, 4 - config, 5 - extraGroups ? [ ], 6 - ... 7 - }: 1 + { pkgs, lib, ... }: 8 2 { 9 - 10 3 # Declarative only optoins. 11 4 # I don't want to allow ad-hoc modifying users on the system. 12 5 # Users must be declared either as part of a package or in this file. 13 6 users.mutableUsers = false; 14 7 15 - age.secrets.noah-password = { 16 - file = ./secrets/noah-hashed-password.age; 17 - owner = "root"; 18 - group = "root"; 19 - }; 20 - 21 8 # Define a user account. Don't forget to set a password with ‘passwd’. 22 9 users.users.noah = { 23 10 isNormalUser = true; ··· 25 12 extraGroups = [ 26 13 "wheel" 27 14 "video" 15 + "render" 28 16 "nas" 29 - ] 30 - ++ extraGroups; # Enable ‘sudo’ for the user. 31 - hashedPasswordFile = config.age.secrets.noah-password.path; 17 + "nats" 18 + "litterbox" 19 + "httpd" 20 + ]; # Enable ‘sudo’ for the user. 21 + hashedPasswordFile = "/etc/nixos/noah-password"; 32 22 openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 33 23 builtins.readFile ( 34 24 builtins.fetchurl { ··· 41 31 ) 42 32 ); 43 33 }; 34 + 44 35 users.groups.nas.gid = 1001; 36 + users.groups.httpd.gid = 1002; 37 + users.groups.litterbox.gid = 1003; 45 38 }
+28 -42
vis/visrc.lua
··· 1 1 require('vis') 2 - local plugin_manager = 'plugins/vis-plug' 2 + 3 + local plug = require('plugins/vis-plug') 4 + 3 5 local plugins = { 4 - --{ 'timoha/vis-acme', theme = true, file = 'acme' }, 6 + { 'timoha/vis-acme', theme = true, file = 'acme' }, 5 7 { 'milhnl/vis-format' }, 6 8 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 7 9 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, 8 10 { url = 'https://repo.or.cz/vis-parkour.git', alias = 'vis-parkour' } 9 11 } 10 12 11 - function setup_plug() 12 - if not pcall(require, 'plugins/vis-plug') then 13 - os.execute('git clone --quiet https://github.com/erf/vis-plug ' .. 14 - (os.getenv('XDG_CONFIG_HOME') or os.getenv('HOME') .. '/.config') 15 - .. '/vis/plugins/vis-plug') 16 - end 17 - return require('plugins/vis-plug') 18 - end 19 - local plug = setup_plug() 13 + plug.init(plugins, true) 14 + 15 + 16 + 20 17 21 - plug.init(plugins, true) 22 18 23 - function configure_plugin(name, config) 24 - if vis:module_exist(name) then 25 - local module = require(name) 26 - config(module) 27 - end 28 - end 29 19 30 20 vis.events.subscribe(vis.events.INIT, function() 31 - configure_plugin('plugins/vis-format', function(format) 32 - vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 33 - vis:map(vis.modes.NORMAL, '=', format.apply) 34 - end) 35 - configure_plugin('plugins/vis-lspc', function(lspc) 36 - if next(lspc) then 37 - lspc.logging = true 38 - lspc.log_file = "/tmp/lspc.log" 21 + local format = require('plugins/vis-format') 22 + vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 23 + vis:map(vis.modes.NORMAL, '=', format.apply) 24 + local lspc = require('plugins/vis-lspc') 25 + if next(lspc) then 26 + lspc.logging = true 27 + lspc.log_file = "/tmp/lspc.log" 39 28 40 - lspc.ls_map.rust = { 41 - name = "rust", 42 - cmd = "rust-analyzer", 43 - formatting_options = {tabSize = 4, insertSpaces = true} 44 - } 45 - lspc.ls_map.lua = { 46 - name = "lua", 47 - cmd = "lua-language-server", 48 - formatting_options = { insertSpaces = false } 49 - } 50 - end 51 - end) 29 + lspc.ls_map.rust = { 30 + name = "rust", 31 + cmd = "rust-analyzer", 32 + formatting_options = {tabSize = 4, insertSpaces = true} 33 + } 34 + end 52 35 end) 53 36 54 37 55 - vis.events.subscribe(vis.events.WIN_OPEN, function() 38 + vis.events.subscribe(vis.events.WIN_OPEN, function(win) 56 39 --per-window configuration-- 57 40 --vis:command('set number') 58 - --vis:command('set showtab on') 59 - --vis:command('set showspace off') 41 + vis:command('set showtab on') 42 + vis:command('set showspace on') 60 43 vis:command('set autoindent on') 61 44 vis:command('set cursorline on') 62 45 vis:command('set tabwidth 4') 63 46 end) 64 - return nil 47 + 48 + 49 + 50 +