ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
fork atom

Compare changes

Choose any two refs to compare.

+3821 -1492
unified split
-2
.tsk/archive/tsk-1.tsk
··· 1 - Remove immich overlay 2 -
-2
.tsk/archive/tsk-2.tsk
··· 1 - Remove plex overlay 2 -
-2
.tsk/archive/tsk-3.tsk
··· 1 - finish migration to flake 2 -
-1
.tsk/index
··· 1 - tsk-1 Remove immich overlay 1755227223
-1
.tsk/next
··· 1 - 4
-1
.tsk/tasks/tsk-1.tsk
··· 1 - ../archive/tsk-1.tsk
+1 -6
boot.nix
··· 1 - { ... }: 2 - { 1 + { ... }: { 3 2 # Use the systemd-boot EFI boot loader. 4 3 boot.loader.systemd-boot.enable = true; 5 4 boot.loader.efi.canTouchEfiVariables = true; 6 - 7 - boot.supportedFilesystems = [ "zfs" ]; 8 - boot.zfs.forceImportRoot = false; 9 - boot.zfs.extraPools = [ "shokuhou" "mentalout" ]; 10 5 }
+31
common.nix
··· 1 + { ... }: 2 + { 3 + # Set your time zone. 4 + time.timeZone = "America/Chicago"; 5 + 6 + # Select internationalisation properties. 7 + i18n.defaultLocale = "en_US.UTF-8"; 8 + # console = { 9 + # font = "Lat2-Terminus16"; 10 + # keyMap = "us"; 11 + # useXkbConfig = true; # use xkb.options in tty. 12 + # }; 13 + 14 + # Automatic doc cache generation 15 + documentation.man.generateCaches = true; 16 + 17 + # Automatic system upgrades 18 + system.autoUpgrade = { 19 + enable = true; 20 + dates = "09:00"; 21 + randomizedDelaySec = "45min"; 22 + }; 23 + 24 + # Automatic Garbage Collection 25 + nix.gc.automatic = true; 26 + nix.gc.options = "--delete-older-than 8d"; 27 + nix.settings.trusted-users = [ "@wheel" ]; 28 + 29 + # I don't care that much about free vs unfree 30 + nixpkgs.config.allowUnfree = true; 31 + }
-67
configuration.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - ## your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { ... }: 6 - 7 - { 8 - imports = 9 - [ 10 - # Include the results of the hardware scan. 11 - ./hardware-configuration.nix 12 - ./boot.nix 13 - ./networking.nix 14 - #./gui.nix 15 - ./users.nix 16 - ./packages.nix 17 - ./services.nix 18 - ]; 19 - # Set your time zone. 20 - time.timeZone = "America/Chicago"; 21 - 22 - # Select internationalisation properties. 23 - i18n.defaultLocale = "en_US.UTF-8"; 24 - # console = { 25 - # font = "Lat2-Terminus16"; 26 - # keyMap = "us"; 27 - # useXkbConfig = true; # use xkb.options in tty. 28 - # }; 29 - 30 - # Copy the NixOS configuration file and link it from the resulting system 31 - # (/run/current-system/configuration.nix). This is useful in case you 32 - # accidentally delete configuration.nix. 33 - #system.copySystemConfiguration = true; 34 - 35 - # Automatic doc cache generation 36 - documentation.man.generateCaches = true; 37 - 38 - # Automatic system upgrades 39 - system.autoUpgrade = { 40 - enable = true; 41 - dates = "09:00"; 42 - randomizedDelaySec = "45min"; 43 - }; 44 - 45 - # Automatic Garbage Collection 46 - nix.gc.automatic = true; 47 - nix.gc.options = "--delete-older-than 8d"; 48 - 49 - # This option defines the first version of NixOS you have installed on this particular machine, 50 - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 51 - # 52 - # Most users should NEVER change this value after the initial install, for any reason, 53 - # even if you've upgraded your system to a new NixOS release. 54 - # 55 - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 56 - # so changing it will NOT upgrade your system. 57 - # 58 - # This value being lower than the current NixOS release does NOT mean your system is 59 - # out of date, out of support, or vulnerable. 60 - # 61 - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 62 - # and migrated your data accordingly. 63 - # 64 - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 65 - system.stateVersion = "23.11"; # Did you read the comment? 66 - 67 - }
-1
coredns/localhost.hosts
··· 1 - 127.0.0.1 *.localhost
-9
coredns/ngp.computer.hosts
··· 1 - 192.168.1.3 img.ngp.computer 2 - 192.168.1.3 photos.ngp.computer 3 - 192.168.1.3 misaki.ngp.computer 4 - 192.168.1.3 files.ngp.computer 5 - 6 - fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 7 - fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 8 - fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 9 - fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer
-17
coredns/packetlost.dev.hosts
··· 1 - # Services 2 - 192.168.1.3 git.packetlost.dev 3 - 192.168.1.3 plex.packetlost.dev 4 - 192.168.1.3 jellyfin.packetlost.dev 5 - 192.168.1.3 nats.packetlost.dev 6 - 7 - # LAN Hosts 8 - 192.168.1.3 misaki.packetlost.dev misaki 9 - 192.168.1.3 cache.packetlost.dev cache 10 - 192.168.1.5 komoe.packetlost.dev komoe 11 - 192.168.1.6 rainbow.packetlost.dev rainbow 12 - 192.168.1.10 ichika.packetlost.dev ichika 13 - 192.168.1.11 futaba.packetlost.dev futaba 14 - 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 - 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 - 192.168.1.30 touma.packetlost.dev touma 17 - 192.168.1.33 kamijou.packetlost.dev kamijou
+254
default-home.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + inputs, 5 + config, 6 + ... 7 + }: 8 + { 9 + imports = [ 10 + inputs.agenix.homeManagerModules.default 11 + ]; 12 + home.username = "noah"; 13 + home.homeDirectory = "/home/noah"; 14 + 15 + age.identityPaths = [ 16 + "${config.home.homeDirectory}/.ssh/id_rsa" 17 + "${config.home.homeDirectory}/.ssh/id_ed25519" 18 + "${config.home.homeDirectory}/.ssh/id_ed25519_age" 19 + ]; 20 + 21 + home.packages = with pkgs; [ 22 + inputs.agenix.packages."${system}".agenix 23 + # main tool 24 + direnv 25 + tree 26 + btop 27 + htop 28 + rsync 29 + unzip 30 + fd 31 + ripgrep 32 + catgirl 33 + netcat 34 + stunnel 35 + fzf 36 + iperf3 37 + entr 38 + lf 39 + #devenv # broken 40 + plan9port 41 + pwgen 42 + metastore 43 + isync 44 + pass 45 + tmux 46 + age 47 + 48 + # Dev tools 49 + gcc 50 + go 51 + unstable.gopls 52 + gnumake 53 + babashka 54 + # Babashka common aliases 55 + neil 56 + ccls 57 + clojure 58 + unstable.clj-kondo 59 + unstable.clojure-lsp 60 + unstable.janet 61 + unstable.jpm 62 + graalvmPackages.graalvm-ce 63 + cmake 64 + universal-ctags 65 + kotlin 66 + nodejs 67 + node2nix 68 + opam 69 + rustup 70 + zig 71 + scala_3 72 + scalafmt 73 + # scala LSP 74 + unstable.metals 75 + # Scala / Java build tool 76 + sbt 77 + luarocks 78 + luajit 79 + lua-language-server 80 + leiningen 81 + libressl 82 + erlang 83 + elixir 84 + ghc 85 + nil 86 + python3 87 + typescript 88 + #vscode-langservers-extracted 89 + scdoc 90 + #dockerfile-language-server-nodejs 91 + #yaml-language-server 92 + mkcert 93 + natscli 94 + poetry 95 + sqlite 96 + pandoc 97 + unstable.harec 98 + unstable.hare 99 + unstable.haredo 100 + unstable.haredoc 101 + unstable.gleam 102 + unstable.rebar3 103 + unstable.bun 104 + unstable.gh 105 + unstable.kraft 106 + #unstable.claude-code 107 + 108 + # Python dev tools 109 + pyright 110 + python313Packages.python-lsp-server 111 + python313Packages.python-lsp-ruff 112 + 113 + # Certificate Management 114 + minica 115 + mkcert 116 + step-cli 117 + 118 + ]; 119 + 120 + nix = { 121 + #package = pkgs.nix; 122 + settings = { 123 + experimental-features = [ 124 + "nix-command" 125 + "flakes" 126 + ]; 127 + extra-trusted-users = [ 128 + "noah" 129 + ]; 130 + extra-substituters = [ 131 + "https://cache.ngp.computer" 132 + ]; 133 + extra-trusted-public-keys = [ 134 + "misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=" 135 + ]; 136 + }; 137 + }; 138 + 139 + programs.fish = { 140 + enable = true; 141 + #package = unstable.fish; 142 + }; 143 + programs.neovim = { 144 + #package = unstable.neovim-unwrapped; 145 + enable = true; 146 + defaultEditor = true; 147 + withNodeJs = true; 148 + withPython3 = true; 149 + extraPackages = with pkgs; [ 150 + unstable.fzf 151 + unstable.ripgrep 152 + luarocks 153 + unstable.tree-sitter 154 + ]; 155 + }; 156 + programs.home-manager.enable = true; 157 + programs.helix.enable = true; 158 + programs.jujutsu = { 159 + enable = true; 160 + }; 161 + programs.git = { 162 + enable = true; 163 + lfs.enable = true; 164 + settings.user.name = "Noah Pederson"; 165 + settings.user.email = "noah@packetlost.dev"; 166 + extraConfig = { 167 + sendemail = { 168 + smtpserver = "smtp.migadu.com"; 169 + smtpuser = "noah@packetlost.dev"; 170 + smptencryption = "tls"; 171 + smtpserverport = 587; 172 + }; 173 + init = { 174 + defaultBranch = "master"; 175 + }; 176 + pull = { 177 + rebase = true; 178 + }; 179 + credential = { 180 + helper = "cache"; 181 + }; 182 + rerere.enable = true; 183 + }; 184 + ignores = [ 185 + ".direnv/" 186 + ".envrc" 187 + "flake.nix" 188 + "shell.nix" 189 + ".env/" 190 + ".clj-kondo/" 191 + ]; 192 + }; 193 + programs.aerc = { 194 + enable = true; 195 + package = unstable.aerc; 196 + }; 197 + programs.ssh = { 198 + enable = true; 199 + matchBlocks."*".addKeysToAgent = "yes"; 200 + }; 201 + 202 + services.ssh-agent.enable = true; 203 + services.mako.enable = false; 204 + 205 + programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 206 + services.gpg-agent = { 207 + enable = true; 208 + defaultCacheTtl = 1800; 209 + }; 210 + 211 + programs.direnv = { 212 + enable = true; 213 + nix-direnv.enable = true; 214 + }; 215 + 216 + xdg.enable = true; 217 + 218 + # Independent config files. 219 + xdg.configFile.nvim = { 220 + source = ./nvim; 221 + recursive = true; 222 + }; 223 + 224 + xdg.configFile.vis = { 225 + source = ./vis; 226 + recursive = true; 227 + }; 228 + 229 + xdg.configFile.fish = { 230 + source = ./fish; 231 + recursive = true; 232 + force = true; 233 + }; 234 + 235 + xdg.configFile.aerc = { 236 + source = ./aerc; 237 + recursive = true; 238 + }; 239 + 240 + home.file.".local/bin" = { 241 + source = ./scripts; 242 + recursive = true; 243 + }; 244 + age.secrets.catgirl-libera = { 245 + file = ./secrets/catgirl-libera.age; 246 + path = "${config.xdg.configHome}/catgirl/libera"; 247 + symlink = true; 248 + }; 249 + 250 + manual.manpages.enable = true; 251 + 252 + home.stateVersion = "23.11"; 253 + 254 + }
-16
default.nix
··· 1 - let 2 - nix-pre-commit-hooks = import (builtins.fetchTarball "https://github.com/cachix/pre-commit-hooks.nix/tarball/master"); 3 - in 4 - { 5 - # Configured with the module options defined in `modules/pre-commit.nix`: 6 - pre-commit-check = nix-pre-commit-hooks.run { 7 - src = ./.; 8 - # If your hooks are intrusive, avoid running on each commit with a default_states like this: 9 - # default_stages = ["manual" "push"]; 10 - hooks = { 11 - nixpkgs-fmt.enable = true; 12 - nil.enable = true; 13 - luacheck.enable = true; 14 - }; 15 - }; 16 - }
+17 -5
fish/config.fish
··· 17 17 abbr gd "git diff" 18 18 abbr ga "git add" 19 19 abbr glog "git log –graph –decorate –oneline –all" 20 + if type -q "emanote" 21 + abbr n "cd ~/repos/notes" 22 + abbr ne "cd ~/repos/notes; nvim" 23 + end 24 + 25 + abbr srhtclone "git clone git@git.sr.ht:~chiefnoah/" 26 + abbr ghclone "git clone git@github.com:chiefnoah/" 20 27 21 28 if test -d "~/repos" 22 29 alias r "cd ~/repos" 23 30 end 24 31 25 - # We start the ssh-agent in noah-home.nix, so we'll add the socket to the environment 26 32 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 27 - 28 33 # PATH stuff 29 34 35 + if test -z "(pgrep ssh-agent)" 36 + eval (ssh-agent -c) > /dev/null # no output 37 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 38 + set -Ux SSH_AGENT_PID $SSH_AGENT_PID 39 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 40 + end 41 + 42 + # Run ssh-agent 30 43 if type -q "direnv" 31 44 direnv hook fish | source 32 45 set -g direnv_fish_mode eval_on_arrow ··· 40 53 # NATS config 41 54 set -Ux NATS_URL tls://misaki.local 42 55 set -Ux NATS_CA /srv/nats/minica.pem 43 - set -Ux NATS_CERT /srv/nats/misaki.packetlost.dev/cert.pem 44 - set -Ux NATS_KEY /srv/nats/misaki.packetlost.dev/key.pem 45 - 56 + set -Ux NATS_CERT /srv/nats/touma-nixos@packetlost.dev/cert.pem 57 + set -Ux NATS_KEY /srv/nats/touma-nixos@packetlost.dev/key.pem 46 58 47 59 # Keybindings 48 60 fish_default_key_bindings
+1 -1
fish/functions/lfcd.fish
··· 13 13 14 14 function lfcd 15 15 set tmp (mktemp) 16 - yazi --cwd-file=$tmp $argv 16 + lf -last-dir-path=$tmp $argv 17 17 if test -f "$tmp" 18 18 set dir (cat $tmp) 19 19 rm -f $tmp
+89 -78
flake.lock
··· 4 4 "inputs": { 5 5 "darwin": "darwin", 6 6 "home-manager": "home-manager", 7 - "nixpkgs": "nixpkgs", 7 + "nixpkgs": [ 8 + "nixpkgs" 9 + ], 8 10 "systems": "systems" 9 11 }, 10 12 "locked": { ··· 46 48 "determinate-nixd-aarch64-darwin": { 47 49 "flake": false, 48 50 "locked": { 49 - "narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=", 51 + "narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=", 50 52 "type": "file", 51 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 53 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 52 54 }, 53 55 "original": { 54 56 "type": "file", 55 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 57 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 56 58 } 57 59 }, 58 60 "determinate-nixd-aarch64-linux": { 59 61 "flake": false, 60 62 "locked": { 61 - "narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=", 63 + "narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=", 62 64 "type": "file", 63 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 65 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 64 66 }, 65 67 "original": { 66 68 "type": "file", 67 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 69 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 68 70 } 69 71 }, 70 72 "determinate-nixd-x86_64-linux": { 71 73 "flake": false, 72 74 "locked": { 73 - "narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=", 75 + "narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=", 74 76 "type": "file", 75 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 77 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 76 78 }, 77 79 "original": { 78 80 "type": "file", 79 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 81 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 80 82 } 81 83 }, 82 84 "determinite": { ··· 90 92 ] 91 93 }, 92 94 "locked": { 93 - "lastModified": 1766549083, 94 - "narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=", 95 - "rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346", 96 - "revCount": 318, 95 + "lastModified": 1768964099, 96 + "narHash": "sha256-sV1OJYyktJRl7I3HxeBvWTWXjqm2uCTS3gS1p+DLn7c=", 97 + "rev": "a5469e9aa3870941320cb92d899b66e141c5a3cd", 98 + "revCount": 394, 97 99 "type": "tarball", 98 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz" 100 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz" 99 101 }, 100 102 "original": { 101 103 "type": "tarball", ··· 121 123 "flake-compat_2": { 122 124 "flake": false, 123 125 "locked": { 124 - "lastModified": 1761588595, 125 - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", 126 + "lastModified": 1767039857, 127 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 126 128 "owner": "edolstra", 127 129 "repo": "flake-compat", 128 - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", 130 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 129 131 "type": "github" 130 132 }, 131 133 "original": { ··· 134 136 "type": "github" 135 137 } 136 138 }, 139 + "flake-compat_3": { 140 + "flake": false, 141 + "locked": { 142 + "lastModified": 1767039857, 143 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 144 + "owner": "NixOS", 145 + "repo": "flake-compat", 146 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 147 + "type": "github" 148 + }, 149 + "original": { 150 + "owner": "NixOS", 151 + "repo": "flake-compat", 152 + "type": "github" 153 + } 154 + }, 137 155 "flake-parts": { 138 156 "inputs": { 139 157 "nixpkgs-lib": [ ··· 230 248 ] 231 249 }, 232 250 "locked": { 233 - "lastModified": 1767024057, 234 - "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=", 251 + "lastModified": 1768949235, 252 + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", 235 253 "owner": "nix-community", 236 254 "repo": "home-manager", 237 - "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1", 255 + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", 238 256 "type": "github" 239 257 }, 240 258 "original": { ··· 248 266 "inputs": { 249 267 "flake-parts": "flake-parts", 250 268 "git-hooks-nix": "git-hooks-nix", 251 - "nixpkgs": "nixpkgs_2", 269 + "nixpkgs": "nixpkgs", 252 270 "nixpkgs-23-11": "nixpkgs-23-11", 253 271 "nixpkgs-regression": "nixpkgs-regression" 254 272 }, 255 273 "locked": { 256 - "lastModified": 1766546676, 257 - "narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=", 258 - "rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307", 259 - "revCount": 24299, 274 + "lastModified": 1768960381, 275 + "narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=", 276 + "rev": "45ce621408cb8c9a724193d5fe858eb839662db8", 277 + "revCount": 24453, 260 278 "type": "tarball", 261 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz" 279 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz" 262 280 }, 263 281 "original": { 264 282 "type": "tarball", 265 283 "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 266 284 } 267 285 }, 268 - "nixpkgs": { 286 + "nixos-wsl": { 287 + "inputs": { 288 + "flake-compat": "flake-compat_2", 289 + "nixpkgs": [ 290 + "nixpkgs" 291 + ] 292 + }, 269 293 "locked": { 270 - "lastModified": 1754028485, 271 - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", 272 - "owner": "NixOS", 273 - "repo": "nixpkgs", 274 - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", 294 + "lastModified": 1769217863, 295 + "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", 296 + "owner": "nix-community", 297 + "repo": "NixOS-WSL", 298 + "rev": "38a5250e57f583662eac3b944830e4b9e169e965", 275 299 "type": "github" 276 300 }, 277 301 "original": { 278 - "owner": "NixOS", 279 - "ref": "nixos-25.05", 280 - "repo": "nixpkgs", 302 + "owner": "nix-community", 303 + "ref": "main", 304 + "repo": "NixOS-WSL", 281 305 "type": "github" 282 306 } 283 307 }, 308 + "nixpkgs": { 309 + "locked": { 310 + "lastModified": 1761597516, 311 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 312 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 313 + "revCount": 811874, 314 + "type": "tarball", 315 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 316 + }, 317 + "original": { 318 + "type": "tarball", 319 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 320 + } 321 + }, 284 322 "nixpkgs-23-11": { 285 323 "locked": { 286 324 "lastModified": 1717159533, ··· 315 353 }, 316 354 "nixpkgs-unstable": { 317 355 "locked": { 318 - "lastModified": 1766902085, 319 - "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", 356 + "lastModified": 1769018530, 357 + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", 320 358 "owner": "nixos", 321 359 "repo": "nixpkgs", 322 - "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", 360 + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", 323 361 "type": "github" 324 362 }, 325 363 "original": { ··· 331 369 }, 332 370 "nixpkgs_2": { 333 371 "locked": { 334 - "lastModified": 1761597516, 335 - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 336 - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 337 - "revCount": 811874, 338 - "type": "tarball", 339 - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 340 - }, 341 - "original": { 342 - "type": "tarball", 343 - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 344 - } 345 - }, 346 - "nixpkgs_3": { 347 - "locked": { 348 - "lastModified": 1767047869, 349 - "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", 372 + "lastModified": 1769089682, 373 + "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", 350 374 "owner": "nixos", 351 375 "repo": "nixpkgs", 352 - "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", 376 + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", 353 377 "type": "github" 354 378 }, 355 379 "original": { ··· 359 383 "type": "github" 360 384 } 361 385 }, 362 - "nixpkgs_4": { 363 - "locked": { 364 - "lastModified": 1764947035, 365 - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", 366 - "owner": "NixOS", 367 - "repo": "nixpkgs", 368 - "rev": "a672be65651c80d3f592a89b3945466584a22069", 369 - "type": "github" 370 - }, 371 - "original": { 372 - "owner": "NixOS", 373 - "ref": "nixpkgs-unstable", 374 - "repo": "nixpkgs", 375 - "type": "github" 376 - } 377 - }, 378 386 "pre-commit-hooks": { 379 387 "inputs": { 380 - "flake-compat": "flake-compat_2", 388 + "flake-compat": "flake-compat_3", 381 389 "gitignore": "gitignore", 382 - "nixpkgs": "nixpkgs_4" 390 + "nixpkgs": [ 391 + "nixpkgs" 392 + ] 383 393 }, 384 394 "locked": { 385 - "lastModified": 1765911976, 386 - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", 395 + "lastModified": 1769069492, 396 + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", 387 397 "owner": "cachix", 388 398 "repo": "git-hooks.nix", 389 - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", 399 + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", 390 400 "type": "github" 391 401 }, 392 402 "original": { ··· 400 410 "agenix": "agenix", 401 411 "determinite": "determinite", 402 412 "home-manager": "home-manager_2", 403 - "nixpkgs": "nixpkgs_3", 413 + "nixos-wsl": "nixos-wsl", 414 + "nixpkgs": "nixpkgs_2", 404 415 "nixpkgs-unstable": "nixpkgs-unstable", 405 416 "pre-commit-hooks": "pre-commit-hooks" 406 417 }
+161 -57
flake.nix
··· 5 5 # Specify the source of Home Manager and Nixpkgs. 6 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 + nixos-wsl = { 9 + url = "github:nix-community/NixOS-WSL/main"; 10 + inputs.nixpkgs.follows = "nixpkgs"; 11 + }; 8 12 determinite = { 9 13 url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 10 14 inputs.nixpkgs.follows = "nixpkgs"; ··· 13 17 url = "github:nix-community/home-manager/release-25.11"; 14 18 inputs.nixpkgs.follows = "nixpkgs"; 15 19 }; 16 - pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 17 - agenix.url = "github:ryantm/agenix"; 20 + pre-commit-hooks = { 21 + url = "github:cachix/git-hooks.nix"; 22 + inputs.nixpkgs.follows = "nixpkgs"; 23 + }; 24 + agenix = { 25 + url = "github:ryantm/agenix"; 26 + inputs.nixpkgs.follows = "nixpkgs"; 27 + }; 18 28 }; 19 29 20 30 outputs = 21 - { self 22 - , nixpkgs 23 - , nixpkgs-unstable 24 - , determinite 25 - , home-manager 26 - , pre-commit-hooks 27 - , agenix 28 - , ... 31 + { 32 + self, 33 + nixpkgs, 34 + nixpkgs-unstable, 35 + nixos-wsl, 36 + determinite, 37 + home-manager, 38 + pre-commit-hooks, 39 + agenix, 40 + ... 29 41 }@inputs: 30 42 let 31 - system = "x86_64-linux"; 32 - pkgs = import nixpkgs { 33 - inherit system; 43 + supportedSystems = [ 44 + "x86_64-linux" 45 + "aarch64-linux" 46 + "x86_64-darwin" 47 + "aarch64-darwin" 48 + ]; 49 + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 50 + basicSystem = 51 + { 52 + system ? "x86_64-linux", 53 + modules ? [ ], 54 + useUnstable ? false, 55 + extraGroups ? [ ], 56 + overlays ? [ ], 57 + enableNFTables ? true, 58 + }: 59 + let 60 + unstable = import nixpkgs-unstable { 61 + inherit system overlays; 62 + config.allowUnfree = true; 63 + }; 64 + in 65 + inputs.nixpkgs.lib.nixosSystem { 66 + inherit system; 67 + specialArgs = { 68 + inherit inputs extraGroups enableNFTables; 69 + } 70 + // nixpkgs.lib.optionalAttrs useUnstable { 71 + inherit unstable; 72 + }; 73 + modules = [ 74 + determinite.nixosModules.default 75 + ./common.nix 76 + ./users.nix 77 + ./services.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./default-home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit inputs; 86 + } 87 + // nixpkgs.lib.optionalAttrs useUnstable { 88 + inherit unstable; 89 + }; 90 + } 91 + ] 92 + ++ modules; 93 + }; 94 + in 95 + { 96 + # incomplete 97 + nixosConfigurations.odin = basicSystem { 98 + extraGroups = [ 99 + "libvirtd" 100 + "qemu-libvirtd" 101 + "docker" 102 + ]; 103 + useUnstable = true; 104 + modules = [ 105 + ./host-specific/odin/configuration.nix 106 + ]; 34 107 }; 35 - unstable = import nixpkgs-unstable { 36 - inherit system; 37 - config.allowUnfreePredicate = 38 - pkg: 39 - builtins.elem (pkgs.lib.getName pkg) [ 40 - "plexmediaserver" 41 - "teamspeak-server" 42 - ]; 108 + nixosConfigurations.shizuri = basicSystem { 109 + useUnstable = true; 110 + modules = [ 111 + ./host-specific/shizuri/configuration.nix 112 + ]; 113 + }; 114 + nixosConfigurations.misaki = basicSystem { 115 + useUnstable = true; 116 + extraGroups = [ 117 + "render" 118 + "nats" 119 + "litterbox" 120 + "httpd" 121 + ]; 122 + modules = [ 123 + ./host-specific/misaki/configuration.nix 124 + ]; 43 125 overlays = [ 44 126 (final: prev: { 45 127 # Override the version of Plex installed to be the latest ··· 60 142 }) 61 143 ]; 62 144 }; 63 - supportedSystems = [ 64 - "x86_64-linux" 65 - "aarch64-linux" 66 - "x86_64-darwin" 67 - "aarch64-darwin" 68 - ]; 69 - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 70 - in 71 - { 72 - nixosConfigurations.misaki = inputs.nixpkgs.lib.nixosSystem { 73 - system = "x86_64-linux"; 74 - specialArgs = { inherit unstable inputs home-manager; }; 145 + nixosConfigurations.touma-wsl = basicSystem { 146 + useUnstable = true; 147 + modules = [ 148 + ./host-specific/touma-wsl.nix 149 + nixos-wsl.nixosModules.default 150 + ]; 151 + enableNFTables = false; 152 + }; 153 + nixosConfigurations.edge = basicSystem { 154 + useUnstable = true; 75 155 modules = [ 76 - determinite.nixosModules.default 77 - ./configuration.nix 78 - agenix.nixosModules.default 79 - home-manager.nixosModules.home-manager 80 - { 81 - home-manager.useGlobalPkgs = true; 82 - home-manager.useUserPackages = true; 83 - home-manager.users.noah = ./home.nix; 84 - home-manager.extraSpecialArgs = { 85 - inherit unstable; 86 - }; 87 - 88 - # Optionally, use home-manager.extraSpecialArgs to pass 89 - # arguments to home.nix 90 - } 156 + ./host-specific/edge/configuration.nix 91 157 ]; 92 158 }; 93 - homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 94 - inherit pkgs; 95 - 159 + homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 160 + pkgs = import nixpkgs { 161 + system = "aarch64-darwin"; 162 + config.allowUnfree = true; 163 + }; 96 164 # Specify your home configuration modules here, for example, 97 165 # the path to your home.nix. 98 - modules = [ ./noah-home.nix ]; 166 + modules = [ 167 + ./host-specific/aleister-noah.nix 168 + agenix.homeManagerModules.default 169 + ]; 99 170 100 171 # Optionally use extraSpecialArgs 101 172 # to pass through arguments to home.nix 102 173 extraSpecialArgs = { 103 - inherit unstable; 174 + unstable = import nixpkgs-unstable { 175 + system = "aarch64-darwin"; 176 + config.allowUnfree = true; 177 + }; 104 178 }; 105 179 }; 180 + homeConfigurations."noah" = 181 + let 182 + system = "x86_64-linux"; 183 + pkgs = import nixpkgs { 184 + inherit system; 185 + config.allowUnfree = true; 186 + }; 187 + unstable = import nixpkgs-unstable { 188 + inherit system; 189 + config.allowUnfree = true; 190 + }; 191 + in 192 + home-manager.lib.homeManagerConfiguration { 193 + inherit pkgs; 194 + # Specify your home configuration modules here, for example, 195 + # the path to your home.nix. 196 + modules = [ 197 + ./default-home.nix 198 + { 199 + nix.package = pkgs.nix; 200 + } 201 + ]; 202 + 203 + # Optionally use extraSpecialArgs 204 + # to pass through arguments to home.nix 205 + extraSpecialArgs = { 206 + inherit unstable; 207 + inputs = inputs; 208 + }; 209 + }; 106 210 checks = forAllSystems (system: { 107 - pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { 211 + pre-commit-check = pre-commit-hooks.lib.${system}.run { 108 212 src = ./.; 109 213 # If your hooks are intrusive, avoid running on each commit with a default_states like this: 110 214 # default_stages = ["manual" "push"]; 111 215 hooks = { 112 - nixpkgs-fmt.enable = true; 216 + nixfmt-rfc-style.enable = true; 113 217 nil.enable = true; 114 218 luacheck.enable = true; 115 219 }; ··· 119 223 default = nixpkgs.legacyPackages.${system}.mkShell { 120 224 inherit (self.checks.${system}.pre-commit-check) shellHook; 121 225 buildInputs = [ 122 - pkgs.nixfmt-rfc-style 226 + nixpkgs.legacyPackages.${system}.nixfmt-rfc-style 123 227 ] 124 228 ++ self.checks.${system}.pre-commit-check.enabledPackages; 125 229 }; 126 230 }); 127 - formatter.${system} = inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; 231 + formatter = forAllSystems (system: inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); 128 232 }; 129 233 }
+30
ghostty/config
··· 1 + #font-size = 13 2 + font-family = TX-02 Medium 3 + theme = flat-remix-light 4 + #theme = dark:catppuccin-frappe,light:catppuccin-latte 5 + shell-integration = fish 6 + link-url = true 7 + clipboard-read = allow 8 + 9 + #window-decoration = true 10 + 11 + font-feature = calt 12 + font-feature = ccmp 13 + font-feature = locl 14 + font-feature = ordn 15 + font-feature = mark 16 + font-feature = mkmk 17 + #font-feature = aalt 18 + #font-feature = ss01 19 + #font-feature = ss02 20 + #font-feature = ss03 21 + #font-feature = ss04 22 + #font-feature = ss05 23 + #font-feature = ss06 24 + #font-feature = ss07 25 + #font-feature = ss08 26 + 27 + custom-shader = ~/.config/ghostty/shaders/galaxy.glsl 28 + #custom-shader = ~/.config/ghostty/shaders/tft.glsl 29 + #custom-shader = ~/.config/ghostty/shaders/retro-terminal.glsl 30 + #custom-shader = ~/.config/ghostty/shaders/bettercrt.glsl
+42
ghostty/themes/flat-remix-light
··· 1 + # standard colors 2 + # black 3 + palette = 0=#404040 4 + # red 5 + palette = 1=#d41919 6 + # green 7 + palette = 2=#12715f 8 + # yellow 9 + palette = 3=#fea44c 10 + # blue 11 + palette = 4=#367bf0 12 + # purple 13 + palette = 5=#8c42ab 14 + # cyan 15 + palette = 6=#4aaee6 16 + # white 17 + palette = 7=#ffffff 18 + 19 + # intense colors 20 + # black (grey) 21 + palette = 8=#737680 22 + # red 23 + palette = 9=#811035 24 + # green 25 + palette = 10=#23bac2 26 + # yellow 27 + palette = 11=#fe7171 28 + # blue 29 + palette = 12=#54bd8e 30 + # purple 31 + palette = 13=#d41919 32 + # cyan 33 + palette = 14=#367bf0 34 + # white 35 + palette = 15=#aaaaaa 36 + 37 + background = #e4e4e7 38 + foreground = #404040 39 + cursor-color = #272a34 40 + cursor-text = #b8174c 41 + selection-background = #737680 42 + selection-foreground = #ffffff
+79
gui.nix
··· 1 + { pkgs, unstable, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver.enable = true; 5 + 6 + # Configure keymap in X11 7 + # services.xserver.xkb.layout = "us"; 8 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 9 + 10 + # Enable CUPS to print documents. 11 + # services.printing.enable = true; 12 + 13 + # Enable sound. 14 + security.rtkit.enable = true; 15 + services.pipewire = { 16 + enable = true; 17 + alsa.enable = true; 18 + alsa.support32Bit = true; 19 + pulse.enable = true; 20 + wireplumber.enable = true; 21 + }; 22 + 23 + # Graphics and parallel compute configuration 24 + hardware.opengl.extraPackages = [ 25 + pkgs.libva 26 + ]; 27 + 28 + # Enable touchpad support (enabled default in most desktopManager). 29 + # services.xserver.libinput.enable = true; 30 + 31 + # Fonts 32 + fonts.packages = with pkgs; [ 33 + fira-code 34 + fira-code-symbols 35 + noto-fonts 36 + noto-fonts-cjk 37 + noto-fonts-emoji 38 + noto-fonts-extra 39 + (nerdfonts.override { fonts = [ "FiraCode" ]; }) 40 + ]; 41 + 42 + # Polkit is a dependency of Sway. It's responsible for handling security policies 43 + security.polkit.enable = true; 44 + 45 + # Enable the sway window manager 46 + programs.sway = { 47 + enable = true; 48 + package = unstable.sway; 49 + wrapperFeatures.gtk = true; 50 + }; 51 + # Use greetd as the displaymanager 52 + #services.xserver.displayManager.greetd.enable = true; 53 + #services.xserver.displayManager.lightdm.enable = false; 54 + services.xserver.displayManager.sddm.enable = true; 55 + services.xserver.displayManager.defaultSession = "none+i3"; 56 + services.xserver.displayManager.autoLogin = { 57 + enable = true; 58 + user = "noah"; 59 + }; 60 + 61 + # i3, for when I need XOrg 62 + services.xserver.windowManager.i3 = { 63 + enable = true; 64 + extraPackages = with pkgs; [ 65 + dmenu 66 + i3status 67 + i3lock 68 + i3blocks 69 + ]; 70 + }; 71 + 72 + xdg.portal = { 73 + enable = true; 74 + wlr.enable = true; 75 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 76 + }; 77 + services.dbus.enable = true; 78 + services.gnome.gnome-keyring.enable = true; 79 + }
-72
hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 5 - 6 - { 7 - imports = 8 - [ 9 - (modulesPath + "/installer/scan/not-detected.nix") 10 - ]; 11 - 12 - boot.kernelPackages = pkgs.linuxPackages; 13 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "dm-raid" "raid1" ]; 14 - boot.initrd.kernelModules = [ "dm-snapshot" "dm-raid" "raid1" ]; 15 - boot.kernelModules = [ "kvm-amd" "zfs" ]; 16 - boot.kernelParams = [ "i915.enable_guc=3" ]; 17 - boot.extraModulePackages = [ ]; 18 - 19 - fileSystems."/" = 20 - { 21 - device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 22 - fsType = "ext4"; 23 - }; 24 - 25 - fileSystems."/boot" = 26 - { 27 - device = "/dev/disk/by-uuid/81D4-01CD"; 28 - fsType = "vfat"; 29 - }; 30 - 31 - swapDevices = [ ]; 32 - 33 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 34 - # (the default) this is the recommended approach. When using systemd-networkd it's 35 - # still possible to use this option, but it's recommended to use it in conjunction 36 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 37 - networking.useDHCP = lib.mkDefault true; 38 - # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 39 - # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 40 - # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 41 - 42 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 43 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 44 - 45 - #nixpkgs.config.packageOverrides = pkgs: { 46 - # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 47 - #}; 48 - hardware.graphics = { 49 - enable = true; 50 - extraPackages = with pkgs; [ 51 - intel-media-driver 52 - #vaapiVdpau 53 - #libvdpau-va-gl # unmaintained, very old 54 - intel-compute-runtime 55 - vpl-gpu-rt 56 - ]; 57 - #extraPackages32 = with pkgs; [ 58 - # intel-media-driver 59 - # vaapiVdpau 60 - # #libvdpau-va-gl 61 - # intel-compute-runtime 62 - # vpl-gpu-rt 63 - #]; 64 - }; 65 - environment.variables = { 66 - VDPAU_DRIVER = "va_gl"; 67 - LIBVA_DRIVER_NAME = "iHD"; 68 - LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 69 - GST_VAAPI_ALL_DRIVERS = "1"; 70 - }; 71 - #services.xserver.videoDrivers = [ "intel" ]; 72 - }
-221
home.nix
··· 1 - { pkgs, lib, unstable, ... }: 2 - { 3 - home.packages = with pkgs; [ 4 - # main tool 5 - direnv 6 - fish 7 - tree 8 - btop 9 - htop 10 - amdgpu_top 11 - tmux 12 - mtr 13 - pavucontrol 14 - moreutils 15 - rsync 16 - unzip 17 - fd 18 - ripgrep 19 - netcat 20 - stunnel 21 - fzf 22 - iperf3 23 - entr 24 - step-cli 25 - natscli 26 - nkeys 27 - mkcert 28 - jq 29 - bat 30 - sqlite 31 - age 32 - just 33 - isync 34 - unstable.catgirl 35 - unstable.zellij 36 - unstable.yt-dlp 37 - unstable.deno 38 - unstable.ffmpeg 39 - 40 - # Dev tools 41 - git 42 - gcc 43 - go 44 - gnumake 45 - #babashka 46 - ccls 47 - #clojure 48 - #cmake 49 - ctags 50 - #kotlin 51 - #nodejs 52 - #node2nix 53 - #opam 54 - rustup 55 - #zig 56 - luarocks 57 - luajit 58 - lua-language-server 59 - #leiningen 60 - libressl 61 - #erlang 62 - #elixir 63 - #ghc 64 - nil 65 - python3 66 - uv 67 - #unstable.harec 68 - #unstable.hare 69 - #unstable.haredo 70 - #unstable.gleam 71 - #unstable.rebar3 72 - #unstable.flyctl 73 - #unstable.bun 74 - #unstable.gh 75 - #unstable.kraft 76 - #unstable.doctl 77 - 78 - clinfo 79 - 80 - # Server-specific tools 81 - gocryptfs 82 - sftpgo 83 - ]; 84 - 85 - 86 - programs.fish.enable = true; 87 - programs.neovim = { 88 - #package = unstable.neovim-unwrapped; 89 - enable = true; 90 - defaultEditor = true; 91 - extraPackages = with pkgs; [ 92 - fzf 93 - ripgrep 94 - luarocks 95 - unstable.tree-sitter 96 - ]; 97 - withNodeJs = true; 98 - withPython3 = true; 99 - }; 100 - programs.git = { 101 - enable = true; 102 - lfs.enable = true; 103 - userName = "Noah Pederson"; 104 - userEmail = "noah@packetlost.dev"; 105 - extraConfig = { 106 - sendemail = { 107 - smtpserver = "smtp.migadu.com"; 108 - smtpuser = "noah@packetlost.dev"; 109 - smtpencryption = "ssl"; 110 - smtpserverport = 465; 111 - }; 112 - init = { 113 - defaultBranch = "master"; 114 - }; 115 - pull = { 116 - rebase = true; 117 - }; 118 - credential = { 119 - helper = "cache"; 120 - }; 121 - }; 122 - ignores = [ 123 - ".direnv/" 124 - ".envrc" 125 - "flake.nix" 126 - "shell.nix" 127 - ".env/" 128 - ".clj-kondo/" 129 - ]; 130 - }; 131 - 132 - services.mbsync = { 133 - enable = true; 134 - frequency = "*:0/10"; 135 - #configFile = ./mbsyncrc; 136 - }; 137 - 138 - programs.aerc = { 139 - enable = true; 140 - #package = unstable.aerc; 141 - }; 142 - 143 - programs.ssh = { 144 - enable = true; 145 - extraConfig = builtins.readFile ./ssh/extra; 146 - }; 147 - services.ssh-agent.enable = true; 148 - 149 - programs.direnv = { 150 - enable = true; 151 - nix-direnv.enable = true; 152 - }; 153 - 154 - programs.yazi = { 155 - enable = true; 156 - package = unstable.yazi; 157 - enableFishIntegration = true; 158 - settings = { 159 - preview = { 160 - image_quality = 90; 161 - }; 162 - tasks = { 163 - image_bound = [ 0 0 ]; 164 - }; 165 - }; 166 - plugins = { 167 - rsync = unstable.yaziPlugins.rsync; 168 - piper = unstable.yaziPlugins.piper; 169 - nord = unstable.yaziPlugins.nord; 170 - mediainfo = unstable.yaziPlugins.mediainfo; 171 - glow = unstable.yaziPlugins.glow; 172 - git = unstable.yaziPlugins.git; 173 - diff = unstable.yaziPlugins.diff; 174 - duckdb = unstable.yaziPlugins.duckdb; 175 - }; 176 - }; 177 - 178 - # Independent config files. 179 - xdg.configFile.nvim = { 180 - source = ./nvim; 181 - recursive = true; 182 - }; 183 - 184 - xdg.configFile.fish = { 185 - source = ./fish; 186 - recursive = true; 187 - }; 188 - 189 - xdg.configFile.kitty = { 190 - source = ./kitty; 191 - recursive = true; 192 - }; 193 - 194 - xdg.configFile.aerc = { 195 - source = ./aerc; 196 - recursive = true; 197 - }; 198 - 199 - xdg.configFile.sway = { 200 - source = ./sway; 201 - recursive = true; 202 - }; 203 - 204 - xdg.configFile.i3status = { 205 - source = ./i3status; 206 - recursive = true; 207 - }; 208 - 209 - xdg.configFile.vis = { 210 - source = ./vis; 211 - recursive = true; 212 - }; 213 - 214 - home.file.".local/bin" = { 215 - source = ./scripts; 216 - recursive = true; 217 - }; 218 - 219 - home.stateVersion = "23.11"; 220 - 221 - }
+397
host-specific/aleister-noah.nix
··· 1 + { 2 + pkgs, 3 + unstable, 4 + lib, 5 + inputs, 6 + ... 7 + }: 8 + { 9 + # Home Manager needs a bit of information about you and the paths it should 10 + # manage. 11 + home.username = "noah"; 12 + home.homeDirectory = "/Users/noah"; 13 + imports = [ 14 + inputs.agenix.homeManagerModules.default 15 + ]; 16 + nix = { 17 + package = pkgs.nix; 18 + settings = { 19 + experimental-features = [ 20 + "nix-command" 21 + "flakes" 22 + ]; 23 + }; 24 + }; 25 + 26 + # I generally don't care about unfree stuff 27 + nixpkgs.config.allowUnfree = true; 28 + nixpkgs.config.allowUnfreePredicte = _: true; 29 + 30 + home.packages = with pkgs; [ 31 + # main tool 32 + direnv 33 + #fish 34 + tree 35 + btop 36 + # Apple Silicon top monitoring 37 + macpm 38 + htop 39 + mtr 40 + moreutils 41 + rsync 42 + bash 43 + tmux 44 + coreutils 45 + util-linux 46 + p7zip 47 + unar 48 + watch 49 + 50 + unzip 51 + fd 52 + jq 53 + ripgrep 54 + bat 55 + netcat 56 + stunnel 57 + iperf3 58 + entr 59 + ncdu 60 + # broken? 61 + #unstable.bitwarden-cli 62 + sqlite 63 + age 64 + just 65 + mdr 66 + unstable.catgirl 67 + plan9port 68 + unstable.rc 69 + unstable.glow 70 + unstable.vis 71 + # Tcl/Tk 72 + #unstable.tcl 73 + #unstable.tk 74 + #unstable.tclPackages.tclx 75 + nodejs 76 + 77 + # Dev tools 78 + git 79 + git-filter-repo 80 + unstable.ruff 81 + # Rust REPL 82 + evcxr 83 + #unstable.gcc 84 + #unstable.clang 85 + # Swift stuff 86 + #swift 87 + #swift-format 88 + # Swift LSP 89 + #sourcekit-lsp 90 + unstable.go 91 + unstable.gopls 92 + gnumake 93 + #unstable.babashka 94 + #unstable.ccls 95 + unstable.clojure 96 + unstable.cljfmt 97 + unstable.clojure-lsp 98 + unstable.janet 99 + unstable.jpm 100 + unstable.fennel-ls 101 + unstable.graalvmPackages.graalvm-ce 102 + unstable.crystal 103 + unstable.crystalline 104 + cmake 105 + ctags 106 + #kotlin 107 + #nodejs 108 + #yarn 109 + #node2nix 110 + #opam 111 + # Scala stuff 112 + #unstable.scala_3 113 + #unstable.scalafmt 114 + #unstable.metals 115 + # Scala / Java build tool 116 + #unstable.sbt 117 + # Haskell 118 + #cabal-install 119 + #ghc 120 + 121 + # Lua 122 + luarocks 123 + luajit 124 + unstable.lua-language-server 125 + luaformatter 126 + libressl 127 + # Erlang 128 + #erlang 129 + #elixir 130 + unstable.nil # nix language server 131 + unstable.nixd 132 + #typescript 133 + # This is currently broken 134 + #vscode-langservers-extracted 135 + scdoc 136 + #dockerfile-language-server-nodejs 137 + # BROKEN 138 + #yaml-language-server 139 + mkcert 140 + natscli 141 + python314 142 + unstable.uv 143 + sqlite 144 + #unstable.gleam 145 + #unstable.rebar3 146 + #unstable.flyctl 147 + unstable.bun 148 + unstable.gh 149 + unstable.kraft 150 + unstable.doctl 151 + 152 + # GUI tools 153 + zathura 154 + unstable.opencode 155 + 156 + # Python dev tools 157 + #unstable.pyright 158 + unstable.basedpyright 159 + unstable.python313Packages.python-lsp-server 160 + unstable.python313Packages.python-lsp-ruff 161 + 162 + # JavaScript tools 163 + #typescript-language-server 164 + 165 + # Certificate Management 166 + minica 167 + mkcert 168 + step-cli 169 + unstable.claude-code 170 + 171 + # Fish Plugins 172 + #fishPlugins.fzf 173 + #fishPlugins.pure 174 + 175 + # Libraries because MacOS is kinda stupid 176 + ncurses 177 + ]; 178 + 179 + #programs.fish = { 180 + # enable = true; 181 + # package = unstable.fish; 182 + #}; 183 + programs.fzf = { 184 + enable = true; 185 + enableFishIntegration = true; 186 + }; 187 + programs.pistol.enable = true; 188 + programs.home-manager.enable = true; 189 + programs.neovim = { 190 + package = unstable.neovim-unwrapped; 191 + enable = true; 192 + defaultEditor = true; 193 + withNodeJs = false; 194 + withPython3 = true; 195 + extraPackages = with pkgs; [ 196 + fzf 197 + ripgrep 198 + luarocks 199 + tree-sitter 200 + ]; 201 + }; 202 + programs.git = { 203 + enable = true; 204 + lfs.enable = true; 205 + userName = "Noah Pederson"; 206 + userEmail = "noah@packetlost.dev"; 207 + extraConfig = { 208 + sendemail = { 209 + smtpserver = "smtp.migadu.com"; 210 + smtpuser = "noah@packetlost.dev"; 211 + smtpauth = "plain"; 212 + smtpencryption = "tls"; 213 + smtpserverport = 465; 214 + }; 215 + init = { 216 + defaultBranch = "master"; 217 + }; 218 + pull = { 219 + rebase = true; 220 + }; 221 + push = { 222 + default = "simple"; 223 + autoSetupRemote = true; 224 + followTags = true; 225 + }; 226 + credential = { 227 + helper = "cache"; 228 + }; 229 + alias = { 230 + out = "log @{u}.."; 231 + }; 232 + column = { 233 + ui = "auto"; 234 + }; 235 + branch = { 236 + sort = "-committerdate"; 237 + }; 238 + tag = { 239 + sort = "version:refname"; 240 + }; 241 + diff = { 242 + algorithm = "histogram"; 243 + colorMoved = "plain"; 244 + mnemonicPrefix = true; 245 + renames = true; 246 + }; 247 + fetch = { 248 + prune = true; 249 + pruneTags = true; 250 + all = true; 251 + }; 252 + help = { 253 + autocorrect = "prompt"; 254 + }; 255 + commit = { 256 + verbose = true; 257 + }; 258 + rerere = { 259 + enabled = true; 260 + autoupdate = true; 261 + }; 262 + rebase = { 263 + autoSquash = true; 264 + autoStash = true; 265 + updateRefs = true; 266 + }; 267 + merge = { 268 + conflictStyle = "zdiff3"; 269 + }; 270 + }; 271 + ignores = [ 272 + ".direnv/" 273 + ".envrc" 274 + ".env/" 275 + ".clj-kondo/" 276 + ]; 277 + }; 278 + programs.aerc = { 279 + enable = true; 280 + }; 281 + programs.ssh = { 282 + enable = true; 283 + extraConfig = builtins.readFile ../ssh/extra; 284 + addKeysToAgent = "yes"; 285 + forwardAgent = true; 286 + }; 287 + 288 + programs.yazi = 289 + let 290 + localPkgs = pkgs; 291 + yaziPlugins = localPkgs.yaziPlugins; 292 + plugins = lib.attrsets.getAttrs [ 293 + "rsync" 294 + "piper" 295 + "nord" 296 + "mediainfo" 297 + "glow" 298 + "git" 299 + "diff" 300 + "duckdb" 301 + ] yaziPlugins; 302 + in 303 + { 304 + inherit plugins; 305 + enable = true; 306 + package = localPkgs.yazi; 307 + enableFishIntegration = true; 308 + settings = { 309 + preview = { 310 + image_quality = 90; 311 + }; 312 + tasks = { 313 + image_bound = [ 314 + 0 315 + 0 316 + ]; 317 + }; 318 + }; 319 + }; 320 + 321 + programs.direnv = { 322 + enable = true; 323 + nix-direnv.enable = true; 324 + }; 325 + 326 + programs.nix-index = { 327 + enable = true; 328 + enableFishIntegration = true; 329 + }; 330 + programs.helix = { 331 + enable = true; 332 + settings = { 333 + theme = "everforest_dark"; 334 + editor.cursor-shape = { 335 + normal = "block"; 336 + insert = "bar"; 337 + select = "underline"; 338 + }; 339 + }; 340 + languages.language = [ 341 + { 342 + name = "nix"; 343 + auto-format = true; 344 + formatter.command = "${pkgs.nixfmt}/bin/nixfmt"; 345 + } 346 + { 347 + name = "rust"; 348 + auto-format = true; 349 + formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; 350 + } 351 + ]; 352 + }; 353 + 354 + # Independent config files. 355 + xdg.configFile.nvim = { 356 + source = ../nvim; 357 + recursive = true; 358 + }; 359 + 360 + xdg.configFile.vis = { 361 + source = ../vis; 362 + recursive = true; 363 + }; 364 + 365 + xdg.configFile.fish = { 366 + source = ../fish; 367 + recursive = true; 368 + }; 369 + xdg.configFile."fish/completions/nix.fish".source = 370 + "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 371 + 372 + xdg.configFile.aerc = { 373 + source = ../aerc; 374 + recursive = true; 375 + }; 376 + 377 + xdg.configFile.ghostty = { 378 + source = ../ghostty; 379 + recursive = true; 380 + }; 381 + 382 + home.file.".local/bin" = { 383 + source = ../scripts; 384 + recursive = true; 385 + }; 386 + home.file.".luacheckrc" = { 387 + text = '' 388 + globals = { 389 + "vim", 390 + "vis", 391 + } 392 + ''; 393 + }; 394 + 395 + home.stateVersion = "24.11"; 396 + 397 + }
+207
host-specific/edge/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { 6 + config, 7 + lib, 8 + pkgs, 9 + inputs, 10 + ... 11 + }: 12 + let 13 + system = pkgs.stdenv.targetPlatform.system; 14 + agave = (builtins.getFlake "/home/noah/repos/agave"); 15 + in 16 + { 17 + imports = [ 18 + # Include the results of the hardware scan. 19 + ./hardware-configuration.nix 20 + agave.nixosModules.default 21 + ]; 22 + 23 + nix.settings.experimental-features = [ 24 + "nix-command" 25 + "flakes" 26 + ]; 27 + 28 + # Use the systemd-boot EFI boot loader. 29 + boot.loader.systemd-boot.enable = true; 30 + #boot.loader.grub.device = "nodev"; 31 + #boot.loader.grub.efiSupport = true; 32 + #boot.loader.grub.useOSProber = true; 33 + boot.loader.efi.canTouchEfiVariables = true; 34 + 35 + # Use latest kernel. 36 + boot.kernelPackages = pkgs.linuxPackages_latest; 37 + 38 + networking.hostName = "edge"; # Define your hostname. 39 + 40 + # Configure network connections interactively with nmcli or nmtui. 41 + networking.networkmanager.enable = true; 42 + 43 + # Set your time zone. 44 + # time.timeZone = "Europe/Amsterdam"; 45 + 46 + # Configure network proxy if necessary 47 + # networking.proxy.default = "http://user:password@proxy:port/"; 48 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 + 50 + # Select internationalisation properties. 51 + i18n.defaultLocale = "en_US.UTF-8"; 52 + console = { 53 + font = "Lat2-Terminus16"; 54 + keyMap = "us"; 55 + #useXkbConfig = true; # use xkb.options in tty. 56 + }; 57 + 58 + # Enable the X11 windowing system. 59 + # services.xserver.enable = true; 60 + 61 + # Configure keymap in X11 62 + # services.xserver.xkb.layout = "us"; 63 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 + 65 + # Enable CUPS to print documents. 66 + # services.printing.enable = true; 67 + 68 + # Enable sound. 69 + # services.pulseaudio.enable = true; 70 + # OR 71 + # services.pipewire = { 72 + # enable = true; 73 + # pulse.enable = true; 74 + # }; 75 + 76 + # Enable touchpad support (enabled default in most desktopManager). 77 + # services.libinput.enable = true; 78 + 79 + # Define a user account. Don't forget to set a password with ‘passwd’. 80 + # users.users.alice = { 81 + # isNormalUser = true; 82 + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 + # packages = with pkgs; [ 84 + # tree 85 + # ]; 86 + # }; 87 + 88 + # programs.firefox.enable = true; 89 + 90 + # List packages installed in system profile. 91 + # You can use https://search.nixos.org/ to find more packages (and options). 92 + environment.systemPackages = with pkgs; [ 93 + neovim 94 + wget 95 + git 96 + htop 97 + inputs.agenix.packages."${system}".agenix 98 + agave.packages.${system}.solana 99 + agave.packages.${system}.solana-keygen 100 + ]; 101 + 102 + services.tailscale.useRoutingFeatures = "both"; 103 + 104 + # Some programs need SUID wrappers, can be configured further or are 105 + # started in user sessions. 106 + # programs.mtr.enable = true; 107 + # programs.gnupg.agent = { 108 + # enable = true; 109 + # enableSSHSupport = true; 110 + # }; 111 + 112 + # List services that you want to enable: 113 + 114 + # Enable the OpenSSH daemon. 115 + services.openssh.enable = true; 116 + services.openssh.openFirewall = true; 117 + 118 + # Open ports in the firewall. 119 + # networking.firewall.allowedTCPPorts = [ ... ]; 120 + # networking.firewall.allowedUDPPorts = [ ... ]; 121 + # Or disable the firewall altogether. 122 + networking.firewall.enable = true; 123 + networking.firewall = { 124 + allowPing = true; 125 + allowedUDPPorts = [ ]; 126 + allowedUDPPortRanges = [ 127 + # Agave 128 + { 129 + from = 8000; 130 + to = 8020; 131 + } 132 + ]; 133 + allowedTCPPorts = [ 134 + 2375 135 + 3000 136 + # Agave 137 + 8001 138 + 8899 139 + 8900 140 + 10000 141 + ]; 142 + }; 143 + security.pam.loginLimits = [ 144 + { 145 + domain = "*"; 146 + type = "soft"; 147 + item = "nofile"; 148 + value = "100000"; 149 + } 150 + { 151 + domain = "*"; 152 + type = "hard"; 153 + item = "nofile"; 154 + value = "1000000"; 155 + } 156 + ]; 157 + 158 + age.secrets.validator-identity = { 159 + file = ../../secrets/validator-identity.age; 160 + owner = "sol"; 161 + group = "sol"; 162 + }; 163 + services.ambient-validator = { 164 + enable = true; 165 + package = agave.packages.${system}.ambient-validator; 166 + # this needs to be a secret 167 + identityKeypair = config.age.secrets.validator-identity.path; 168 + rpcBindAddress = "0.0.0.0"; 169 + geyserPluginConfig = { 170 + libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 + log = { 172 + level = "info"; 173 + }; 174 + tokio = { 175 + worker_threads = 4; 176 + affinity = null; 177 + }; 178 + grpc = { 179 + address = "0.0.0.0:10000"; 180 + }; 181 + }; 182 + }; 183 + # Copy the NixOS configuration file and link it from the resulting system 184 + # (/run/current-system/configuration.nix). This is useful in case you 185 + # accidentally delete configuration.nix. 186 + # system.copySystemConfiguration = true; 187 + 188 + # This option defines the first version of NixOS you have installed on this particular machine, 189 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 + # 191 + # Most users should NEVER change this value after the initial install, for any reason, 192 + # even if you've upgraded your system to a new NixOS release. 193 + # 194 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 + # to actually do that. 197 + # 198 + # This value being lower than the current NixOS release does NOT mean your system is 199 + # out of date, out of support, or vulnerable. 200 + # 201 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 + # and migrated your data accordingly. 203 + # 204 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 + system.stateVersion = "25.11"; # Did you read the comment? 206 + 207 + }
+46
host-specific/edge/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ (modulesPath + "/installer/scan/not-detected.nix") 9 + ]; 10 + 11 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; 12 + boot.initrd.kernelModules = [ ]; 13 + boot.kernelModules = [ "kvm-amd" ]; 14 + boot.extraModulePackages = [ ]; 15 + 16 + fileSystems."/" = 17 + { device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 18 + fsType = "ext4"; 19 + }; 20 + 21 + fileSystems."/boot" = 22 + { device = "/dev/disk/by-uuid/E7AD-32DA"; 23 + fsType = "vfat"; 24 + options = [ "fmask=0077" "dmask=0077" ]; 25 + }; 26 + 27 + swapDevices = [ ]; 28 + 29 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 31 + boot.swraid = { 32 + enable = true; 33 + #mdadmConf = '' 34 + # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 35 + # MAILADDR noah 36 + #''; 37 + }; 38 + 39 + # stuff for Agave 40 + boot.kernel.sysctl."net.core.rmem_default" = 134217728; 41 + boot.kernel.sysctl."net.core.rmem_max" = 134217728; 42 + boot.kernel.sysctl."net.core.wmem_default" = 134217728; 43 + boot.kernel.sysctl."net.core.wmem_max" = 134217728; 44 + boot.kernel.sysctl."vm.max_map_count" = 1000000; 45 + boot.kernel.sysctl."fs.nr_open" = 1000000; 46 + }
+13
host-specific/misaki/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ 10 + "shokuhou" 11 + "mentalout" 12 + ]; 13 + }
+13
host-specific/misaki/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./boot.nix 5 + ./users.nix 6 + ./hardware-configuration.nix 7 + ./networking.nix 8 + ./packages.nix 9 + ./services.nix 10 + ]; 11 + nixpkgs.config.allowUnfree = true; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+1
host-specific/misaki/coredns/localhost.hosts
··· 1 + 127.0.0.1 *.localhost
+11
host-specific/misaki/coredns/ngp.computer.hosts
··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 192.168.1.3 cache.ngp.computer 6 + 7 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 10 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer 11 + fe80::9ab7:85ff:fe1e:dfe8 cache.ngp.computer
+17
host-specific/misaki/coredns/packetlost.dev.hosts
··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou
+91
host-specific/misaki/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "ahci" 22 + "usbhid" 23 + "usb_storage" 24 + "sd_mod" 25 + "dm-raid" 26 + "raid1" 27 + ]; 28 + boot.initrd.kernelModules = [ 29 + "dm-snapshot" 30 + "dm-raid" 31 + "raid1" 32 + ]; 33 + boot.kernelModules = [ 34 + "kvm-amd" 35 + "zfs" 36 + ]; 37 + boot.kernelParams = [ "i915.enable_guc=3" ]; 38 + boot.extraModulePackages = [ ]; 39 + 40 + fileSystems."/" = { 41 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 42 + fsType = "ext4"; 43 + }; 44 + 45 + fileSystems."/boot" = { 46 + device = "/dev/disk/by-uuid/81D4-01CD"; 47 + fsType = "vfat"; 48 + }; 49 + 50 + swapDevices = [ ]; 51 + 52 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 53 + # (the default) this is the recommended approach. When using systemd-networkd it's 54 + # still possible to use this option, but it's recommended to use it in conjunction 55 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 56 + networking.useDHCP = lib.mkDefault true; 57 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 58 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 59 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 60 + 61 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 62 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 63 + 64 + #nixpkgs.config.packageOverrides = pkgs: { 65 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 66 + #}; 67 + hardware.graphics = { 68 + enable = true; 69 + extraPackages = with pkgs; [ 70 + intel-media-driver 71 + #vaapiVdpau 72 + #libvdpau-va-gl # unmaintained, very old 73 + intel-compute-runtime 74 + vpl-gpu-rt 75 + ]; 76 + #extraPackages32 = with pkgs; [ 77 + # intel-media-driver 78 + # vaapiVdpau 79 + # #libvdpau-va-gl 80 + # intel-compute-runtime 81 + # vpl-gpu-rt 82 + #]; 83 + }; 84 + environment.variables = { 85 + VDPAU_DRIVER = "va_gl"; 86 + LIBVA_DRIVER_NAME = "iHD"; 87 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 88 + GST_VAAPI_ALL_DRIVERS = "1"; 89 + }; 90 + #services.xserver.videoDrivers = [ "intel" ]; 91 + }
+115
host-specific/misaki/networking.nix
··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [ 21 + { 22 + address = "192.168.1.3"; 23 + prefixLength = 24; 24 + } 25 + ]; 26 + }; 27 + }; 28 + networking.defaultGateway = { 29 + address = "192.168.1.1"; 30 + interface = "enp4s0f1"; 31 + }; 32 + 33 + networking.defaultGateway6 = { 34 + address = "fe80::2870:4eff:fe84:d884"; 35 + interface = "enp4s0f1"; 36 + }; 37 + 38 + networking.nameservers = [ 39 + "192.168.1.3" 40 + "45.90.28.93" 41 + "45.90.30.93" 42 + ]; 43 + 44 + # This is necessary for ZFS 45 + networking.hostId = "5beebabe"; 46 + 47 + networking.useNetworkd = true; 48 + # TODO: static IP @ 192.168.1.2 49 + 50 + # Configure network proxy if necessary 51 + # networking.proxy.default = "http://user:password@proxy:port/"; 52 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 53 + # Open ports in the firewall. 54 + # networking.firewall.allowedTCPPorts = [ ... ]; 55 + # networking.firewall.allowedUDPPorts = [ ... ]; 56 + # Or disable the firewall altogether. 57 + # TODO: allow some ports 58 + networking.firewall = { 59 + enable = true; 60 + allowPing = true; 61 + trustedInterfaces = [ 62 + "tailscale0" 63 + ]; 64 + allowedUDPPorts = [ 65 + # DNS 66 + 53 67 + config.services.tailscale.port 68 + ]; 69 + allowedTCPPorts = [ 70 + # DNS over TCP 71 + 53 72 + # NFSv4 73 + 2049 74 + # HTTP(s) 75 + 443 76 + 80 77 + # iperf3 78 + 5201 79 + 5301 80 + 5401 81 + # NATS 82 + 4222 83 + # Prometheus 84 + 9001 85 + # Minio 86 + 9003 87 + # Minio web 88 + 9004 89 + # AFP via Netatalk 90 + 548 91 + #9p 92 + 564 93 + # Misc development 94 + 3000 95 + ]; 96 + }; 97 + 98 + services.tailscale.useRoutingFeatures = "both"; 99 + 100 + services.avahi = { 101 + enable = true; 102 + nssmdns4 = true; 103 + nssmdns6 = true; 104 + ipv6 = true; 105 + openFirewall = true; 106 + publish = { 107 + enable = true; 108 + addresses = true; 109 + workstation = true; 110 + userServices = true; 111 + domain = true; 112 + }; 113 + }; 114 + 115 + }
+67
host-specific/misaki/packages.nix
··· 1 + { 2 + pkgs, 3 + lib, 4 + inputs, 5 + ... 6 + }: 7 + { 8 + 9 + # List packages installed in system profile. To search, run: 10 + # $ nix search wget 11 + environment.systemPackages = with pkgs; [ 12 + neovim 13 + appimage-run 14 + wget 15 + kitty 16 + w3m 17 + fishPlugins.fzf-fish 18 + fzf 19 + qemu 20 + OVMF 21 + metastore 22 + # 9p 23 + diod 24 + plan9port 25 + vis 26 + rc 27 + ncdu 28 + inputs.agenix.packages."${system}".agenix 29 + 30 + # ZFS / filesystem stuff 31 + zfs 32 + 33 + # GPU stuff 34 + intel-gpu-tools 35 + #(ffmpeg-full.override { 36 + # withUnfree = true; 37 + # withMfx = false; 38 + # withSmallBuild = false; 39 + # withTensorflow = false; 40 + #}) 41 + libva 42 + libva-utils 43 + nvtopPackages.intel 44 + ]; 45 + 46 + # Fix dynamically linked libraries for unpackaged binaries 47 + programs.nix-ld = { 48 + enable = true; 49 + libraries = with pkgs; [ 50 + # Add missing dynamic libraries for unpackaged programs HERE 51 + # NOT in environment.systemPackages 52 + zlib 53 + ]; 54 + }; 55 + 56 + programs.fuse.userAllowOther = true; 57 + 58 + # Whitelist some unfree packages 59 + #nixpkgs.config.allowUnfreePredicate = 60 + # pkg: 61 + # builtins.elem (lib.getName pkg) [ 62 + # "tailscale" 63 + # "plexmediaserver" 64 + # "teamspeak-server" 65 + # "ffmpeg-full" 66 + # ]; 67 + }
+3
host-specific/misaki/scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+13
host-specific/misaki/scripts/nr
··· 1 + #!/usr/bin/env rc 2 + 3 + flag x + 4 + 5 + if(~ $1 -x) { 6 + flake e + 7 + shift 8 + } 9 + 10 + pkg=$1 11 + shift 12 + 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*
+8
host-specific/misaki/scripts/oclip
··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data
+14
host-specific/misaki/scripts/update-src
··· 1 + #!/usr/bin/env rc 2 + 3 + background=() 4 + for(repo in `{cat downstream}) { 5 + echo Updating $repo 6 + git -C $repo fetch --all --tags --prune --force & 7 + background=($apid $background) 8 + } 9 + 10 + for (i in $background) { 11 + wait $i 12 + } 13 + 14 + echo Done!
+578
host-specific/misaki/services.nix
··· 1 + { 2 + config, 3 + pkgs, 4 + unstable, 5 + ... 6 + }: 7 + { 8 + 9 + services.zfs = { 10 + autoScrub.enable = true; 11 + }; 12 + services.nfs.server.enable = true; 13 + # Some programs need SUID wrappers, can be configured further or are 14 + # started in user sessions. 15 + # programs.mtr.enable = true; 16 + programs.gnupg.agent = { 17 + enable = true; 18 + enableSSHSupport = false; 19 + }; 20 + 21 + # Fish shell, the best 22 + programs.fish.enable = true; 23 + 24 + # MOSH, SSH over flakey connections 25 + programs.mosh.enable = true; 26 + 27 + # List services that you want to enable: 28 + 29 + # Enable the OpenSSH daemon. 30 + services.openssh = { 31 + enable = true; 32 + openFirewall = true; 33 + settings.PasswordAuthentication = false; 34 + }; 35 + 36 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 37 + services.hardware.bolt.enable = true; 38 + 39 + services.ergochat.enable = true; 40 + 41 + # Containers and VMs 42 + virtualisation = { 43 + podman = { 44 + enable = true; 45 + dockerCompat = true; 46 + defaultNetwork.settings.dns_enabled = true; 47 + }; 48 + }; 49 + 50 + # Samba, for shares 51 + # TODO 52 + services.samba = { 53 + enable = true; 54 + openFirewall = true; 55 + nmbd.enable = true; 56 + winbindd.enable = true; 57 + settings = { 58 + global = { 59 + workgroup = "WORKGROUP"; 60 + "server string" = "misaki"; 61 + security = "user"; 62 + "use sendfile" = "yes"; 63 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 64 + "hosts deny" = "0.0.0.0/0"; 65 + "guest account" = "nobody"; 66 + "map to guest" = "bad user"; 67 + deadtime = 30; 68 + }; 69 + shokuhou = { 70 + path = "/srv/shokuhou"; 71 + browseable = "yes"; 72 + "read only" = "no"; 73 + "guest ok" = "no"; 74 + "create mask" = "0644"; 75 + "directory mask" = "0755"; 76 + "force user" = "noah"; 77 + "force group" = "nas"; 78 + }; 79 + mentalout = { 80 + path = "/srv/mentalout"; 81 + browseable = "yes"; 82 + "read only" = "no"; 83 + "guest ok" = "no"; 84 + "create mask" = "0644"; 85 + "directory mask" = "0755"; 86 + "force user" = "noah"; 87 + "force group" = "nas"; 88 + }; 89 + }; 90 + }; 91 + services.samba-wsdd = { 92 + enable = true; 93 + openFirewall = true; 94 + }; 95 + 96 + services.coredns = { 97 + enable = true; 98 + config = '' 99 + packetlost.dev { 100 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 101 + fallthrough 102 + } 103 + bind enp4s0f1 104 + } 105 + ngp.computer { 106 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 107 + fallthrough 108 + } 109 + bind enp4s0f1 110 + } 111 + localhost { 112 + hosts ${./coredns/localhost.hosts} localhost { 113 + fallthrough 114 + } 115 + bind enp4s0f1 116 + } 117 + . { 118 + # NextDNS 119 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 120 + tls_servername dd2feb.dns.nextdns.io 121 + health_check 5s 122 + } 123 + bind enp4s0f1 124 + cache 125 + errors 126 + log 127 + } 128 + ''; 129 + }; 130 + 131 + services.nats = { 132 + enable = true; 133 + jetstream = true; 134 + user = "nats"; 135 + group = "nats"; 136 + serverName = "misaki"; 137 + dataDir = "/srv/shokuhou/applications/nats"; 138 + validateConfig = false; 139 + settings = { 140 + authorization = { 141 + users = [ 142 + { 143 + user = "seedbox@packetlost.dev"; 144 + permissions = { 145 + publish = [ 146 + "torrents" 147 + "torrents.>" 148 + "$JS.API.INFO" 149 + #"$JS.API.STREAM.INFO.>" 150 + "$KV.torrents.>" 151 + #"$JS.API.STREAM.*.*.OBJ_torrents" 152 + "$JS.API.*.*.OBJ_torrents" 153 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 154 + "$JS.API.*.*.OBJ_torrents.>" 155 + "$O.torrents.>" 156 + ]; 157 + subscribe = [ 158 + "torrents.>" 159 + "_INBOX.>" 160 + ]; 161 + allow_responses = false; 162 + }; 163 + } 164 + { user = "odin@packetlost.dev"; } 165 + { user = "misaki@packetlost.dev"; } 166 + { user = "noah@packetlost.dev"; } 167 + { user = "touma-nixos@packetlost.dev"; } 168 + ]; 169 + }; 170 + tls = { 171 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 172 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 173 + ca_file = "/srv/nats/minica.pem"; 174 + verify_and_map = true; 175 + }; 176 + jetstream = { 177 + # 50GB 178 + max_file_store = 53687091200; 179 + max_mem = 8589934592; 180 + }; 181 + }; 182 + }; 183 + 184 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 185 + # S3-like API, this will be revived. 186 + services.minio = { 187 + enable = false; 188 + listenAddress = ":9003"; 189 + consoleAddress = ":9004"; 190 + dataDir = [ 191 + /srv/shokuhou/applications/minio 192 + ]; 193 + }; 194 + 195 + services.netatalk = { 196 + enable = true; 197 + settings = { 198 + time-machine = { 199 + path = "/srv/shokuhou/backup/timemachine"; 200 + "valid users" = "noah"; 201 + "time machine" = true; 202 + }; 203 + }; 204 + }; 205 + 206 + services.webdav.enable = false; 207 + services.sftpgo = { 208 + enable = false; 209 + dataDir = /srv/shokuhou/documents/sftpgo; 210 + group = "nas"; 211 + }; 212 + services.syncthing = { 213 + enable = false; 214 + openDefaultPorts = true; 215 + # disable the sync folder creation 216 + extraFlags = [ "--no-default-folder" ]; 217 + settings = { 218 + folders = { 219 + "Sync" = { 220 + path = "/srv/shokuhou/documents/sync"; 221 + }; 222 + }; 223 + }; 224 + }; 225 + 226 + services.grafana = { 227 + enable = false; 228 + settings.server.http_port = 2342; 229 + settings.server.domain = "grafana.packetlost.dev"; 230 + settings.server.http_addr = "127.0.0.1"; 231 + }; 232 + 233 + services.prometheus = { 234 + enable = false; 235 + port = 9001; 236 + exporters = { 237 + node = { 238 + enable = true; 239 + enabledCollectors = [ "systemd" ]; 240 + port = 9002; 241 + }; 242 + }; 243 + 244 + scrapeConfigs = [ 245 + { 246 + job_name = "chrysalis"; 247 + static_configs = [ 248 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 249 + ]; 250 + } 251 + ]; 252 + }; 253 + 254 + # TODO: figure out how to appropriately configure this 255 + services.step-ca = { 256 + enable = false; 257 + openFirewall = true; 258 + port = 8443; 259 + address = "0.0.0.0"; 260 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 261 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 262 + }; 263 + 264 + age.secrets.acme = { 265 + file = ../../secrets/porkbun-api-key.age; 266 + owner = "root"; 267 + group = "acme"; 268 + }; 269 + 270 + security.acme = { 271 + acceptTerms = true; 272 + defaults.email = "noah@packetlost.dev"; 273 + certs."plex.packetlost.dev" = { 274 + group = "httpd"; 275 + dnsProvider = "porkbun"; 276 + environmentFile = config.age.secrets.acme.path; 277 + }; 278 + certs."img.ngp.computer" = { 279 + group = "httpd"; 280 + dnsProvider = "porkbun"; 281 + environmentFile = config.age.secrets.acme.path; 282 + }; 283 + certs."files.ngp.computer" = { 284 + group = "httpd"; 285 + dnsProvider = "porkbun"; 286 + environmentFile = config.age.secrets.acme.path; 287 + }; 288 + certs."cache.ngp.computer" = { 289 + group = "httpd"; 290 + dnsProvider = "porkbun"; 291 + environmentFile = config.age.secrets.acme.path; 292 + }; 293 + certs."photos.ngp.computer" = { 294 + group = "httpd"; 295 + dnsProvider = "porkbun"; 296 + environmentFile = config.age.secrets.acme.path; 297 + }; 298 + certs."jellyfin.packetlost.dev" = { 299 + group = "httpd"; 300 + dnsProvider = "porkbun"; 301 + environmentFile = config.age.secrets.acme.path; 302 + }; 303 + }; 304 + 305 + # A test email server that only works on LAN 306 + services.maddy = { 307 + enable = true; 308 + openFirewall = true; 309 + primaryDomain = "misaki.local"; 310 + ensureAccounts = [ 311 + "noah@misaki.local" 312 + "postmaster@misaki.local" 313 + "test@misaki.local" 314 + ]; 315 + ensureCredentials = { 316 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 318 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 319 + }; 320 + }; 321 + 322 + age.secrets.nix-serve = { 323 + file = ../../secrets/nix-serve-secret-key.age; 324 + owner = "root"; 325 + group = "root"; 326 + }; 327 + services.nix-serve = { 328 + enable = true; 329 + package = unstable.nix-serve-ng; 330 + secretKeyFile = config.age.secrets.nix-serve.path; 331 + openFirewall = true; 332 + }; 333 + 334 + services.plex = { 335 + enable = true; 336 + openFirewall = false; # we proxy this with nginx 337 + group = "nas"; 338 + user = "noah"; 339 + package = unstable.plex; 340 + }; 341 + 342 + services.jellyfin = { 343 + enable = true; 344 + openFirewall = true; 345 + user = "noah"; 346 + group = "nas"; 347 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 348 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 349 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 350 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 351 + }; 352 + 353 + services.gitea = { 354 + enable = false; 355 + user = "git"; 356 + domain = "git.packetlost.dev"; 357 + }; 358 + 359 + # Litterbox, collect my IRC logs 360 + systemd = { 361 + services = { 362 + "litterbox@" = { 363 + path = [ pkgs.litterbox ]; 364 + serviceConfig = { 365 + StartLimitIntervalSec = 5; 366 + StartLimitBurst = 10; 367 + Restart = "on-failure"; 368 + RestartSec = "10s"; 369 + Type = "simple"; 370 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 371 + ExecReload = "kill -USR1 $MAINPID"; 372 + User = "noah"; 373 + Group = "litterbox"; 374 + }; 375 + }; 376 + 377 + #"litterbox@libera.irc.packetlost.dev" = { 378 + # overrideStrategy = "asDropin"; 379 + # wantedBy = [ "multi-user.target" ]; 380 + #}; 381 + "update-downstream-src" = { 382 + path = with pkgs; [ 383 + rc 384 + coreutils 385 + git 386 + openssh 387 + ]; 388 + script = "exec ${./scripts/update-src}"; 389 + serviceConfig = { 390 + Type = "oneshot"; 391 + User = "noah"; 392 + WorkingDirectory = "/srv/src"; 393 + }; 394 + }; 395 + }; 396 + timers = { 397 + "update-downstream-src" = { 398 + wantedBy = [ "timers.target" ]; 399 + timerConfig = { 400 + OnCalendar = "daily"; 401 + Persistent = true; 402 + }; 403 + }; 404 + }; 405 + }; 406 + 407 + services.teamspeak3 = { 408 + enable = true; 409 + openFirewall = true; 410 + }; 411 + 412 + services.immich = { 413 + enable = true; 414 + package = unstable.immich; 415 + accelerationDevices = [ "/dev/dri/renderD128" ]; 416 + mediaLocation = "/srv/shokuhou/pictures/immich"; 417 + }; 418 + users.users.immich.extraGroups = [ 419 + "video" 420 + "render" 421 + "nas" 422 + ]; 423 + 424 + # Nginx Reverse SSL Proxy 425 + services.nginx = { 426 + enable = true; 427 + group = "nas"; 428 + user = "noah"; 429 + recommendedGzipSettings = true; 430 + recommendedOptimisation = true; 431 + #recommendedProxySettings = true; 432 + recommendedTlsSettings = true; 433 + 434 + virtualHosts."photos.ngp.computer" = { 435 + enableACME = true; 436 + acmeRoot = null; 437 + forceSSL = true; 438 + locations."/" = { 439 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 440 + proxyWebsockets = true; 441 + recommendedProxySettings = true; 442 + extraConfig = '' 443 + client_max_body_size 50000M; 444 + proxy_read_timeout 600s; 445 + proxy_send_timeout 600s; 446 + send_timeout 600s; 447 + ''; 448 + }; 449 + }; 450 + virtualHosts."img.ngp.computer" = { 451 + forceSSL = true; 452 + enableACME = true; 453 + acmeRoot = null; 454 + root = "/srv/shokuhou/pictures/public"; 455 + extraConfig = '' 456 + sendfile on; 457 + autoindex_exact_size on; 458 + tcp_nopush on; 459 + ''; 460 + locations."/" = { 461 + extraConfig = '' 462 + autoindex on; 463 + autoindex_exact_size on; 464 + alias /srv/shokuhou/pictures/public/$1; 465 + ''; 466 + }; 467 + }; 468 + virtualHosts."files.ngp.computer" = { 469 + forceSSL = true; 470 + enableACME = true; 471 + acmeRoot = null; 472 + root = null; 473 + extraConfig = '' 474 + sendfile on; 475 + tcp_nopush on; 476 + ''; 477 + locations."/books/" = { 478 + extraConfig = '' 479 + autoindex on; 480 + autoindex_exact_size on; 481 + alias /srv/shokuhou/books/sync/$1; 482 + ''; 483 + }; 484 + }; 485 + virtualHosts."jellyfin.packetlost.dev" = { 486 + forceSSL = true; 487 + enableACME = true; 488 + acmeRoot = null; 489 + http2 = true; 490 + locations."/" = { 491 + proxyPass = "http://localhost:8096/"; 492 + }; 493 + }; 494 + virtualHosts."cache.ngp.computer" = { 495 + forceSSL = true; 496 + enableACME = true; 497 + acmeRoot = null; 498 + http2 = true; 499 + locations."/".proxyPass = 500 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 501 + }; 502 + 503 + # give a name to the virtual host. It also becomes the server name. 504 + virtualHosts."plex.packetlost.dev" = { 505 + # Since we want a secure connection, we force SSL 506 + forceSSL = true; 507 + enableACME = true; 508 + acmeRoot = null; 509 + 510 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 511 + http2 = true; 512 + 513 + # Provide the ssl cert and key for the vhost 514 + # These are filled in automatically with ACME 515 + extraConfig = '' 516 + 517 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 518 + send_timeout 100m; 519 + 520 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 521 + ssl_stapling on; 522 + ssl_stapling_verify on; 523 + 524 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 525 + ssl_prefer_server_ciphers on; 526 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 527 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 528 + 529 + # Forward real ip and host to Plex 530 + proxy_set_header X-Real-IP $remote_addr; 531 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 532 + proxy_set_header X-Forwarded-Proto $scheme; 533 + proxy_set_header Host $server_addr; 534 + proxy_set_header Referer $server_addr; 535 + proxy_set_header Origin $server_addr; 536 + 537 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 538 + gzip on; 539 + gzip_vary on; 540 + gzip_min_length 1000; 541 + gzip_proxied any; 542 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 543 + gzip_disable "MSIE [1-6]\."; 544 + 545 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 546 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 547 + client_max_body_size 100M; 548 + 549 + # Plex headers 550 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 551 + proxy_set_header X-Plex-Device $http_x_plex_device; 552 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 553 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 554 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 555 + proxy_set_header X-Plex-Product $http_x_plex_product; 556 + proxy_set_header X-Plex-Token $http_x_plex_token; 557 + proxy_set_header X-Plex-Version $http_x_plex_version; 558 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 559 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 560 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 561 + proxy_set_header X-Plex-Model $http_x_plex_model; 562 + 563 + # Websockets 564 + proxy_http_version 1.1; 565 + proxy_set_header Upgrade $http_upgrade; 566 + proxy_set_header Connection "upgrade"; 567 + 568 + # Buffering off send to the client as soon as the data is received from Plex. 569 + proxy_redirect off; 570 + proxy_buffering off; 571 + ''; 572 + 573 + locations."/" = { 574 + proxyPass = "http://localhost:32400/"; 575 + }; 576 + }; 577 + }; 578 + }
+6
host-specific/misaki/users.nix
··· 1 + { ... }: 2 + { 3 + users.groups.nas.gid = 1001; 4 + users.groups.httpd.gid = 1002; 5 + users.groups.litterbox.gid = 1003; 6 + }
+6
host-specific/odin/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+62
host-specific/odin/configuration.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { ... }: 6 + { 7 + imports = [ 8 + # Include the results of the hardware scan. 9 + ./hardware-configuration.nix 10 + ./boot.nix 11 + ./networking.nix 12 + #./gui.nix 13 + ./packages.nix 14 + ./services.nix 15 + ]; 16 + 17 + nixpkgs.config.allowUnfree = true; 18 + 19 + # Set your time zone. 20 + time.timeZone = "America/Chicago"; 21 + 22 + # Select internationalisation properties. 23 + i18n.defaultLocale = "en_US.UTF-8"; 24 + # console = { 25 + # font = "Lat2-Terminus16"; 26 + # keyMap = "us"; 27 + # useXkbConfig = true; # use xkb.options in tty. 28 + # }; 29 + 30 + # Automatic doc cache generation 31 + documentation.man.generateCaches = true; 32 + 33 + # Automatic system upgrades 34 + system.autoUpgrade = { 35 + enable = true; 36 + dates = "09:00"; 37 + randomizedDelaySec = "45min"; 38 + }; 39 + 40 + # Automatic Garbage Collection 41 + nix.gc.automatic = true; 42 + nix.gc.options = "--delete-older-than 8d"; 43 + 44 + # This option defines the first version of NixOS you have installed on this particular machine, 45 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 46 + # 47 + # Most users should NEVER change this value after the initial install, for any reason, 48 + # even if you've upgraded your system to a new NixOS release. 49 + # 50 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 51 + # so changing it will NOT upgrade your system. 52 + # 53 + # This value being lower than the current NixOS release does NOT mean your system is 54 + # out of date, out of support, or vulnerable. 55 + # 56 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 57 + # and migrated your data accordingly. 58 + # 59 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 60 + system.stateVersion = "23.11"; # Did you read the comment? 61 + 62 + }
+9
host-specific/odin/default.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./hardware-configuration.nix 5 + ./networking.nix 6 + ./packages.nix 7 + ./services.nix 8 + ]; 9 + }
+98
host-specific/odin/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + # services.xserver.xkb.layout = "us"; 16 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 17 + 18 + # Enable CUPS to print documents. 19 + # services.printing.enable = true; 20 + 21 + # Enable sound. 22 + security.rtkit.enable = true; 23 + services.pipewire = { 24 + enable = true; 25 + alsa.enable = true; 26 + alsa.support32Bit = true; 27 + pulse.enable = true; 28 + wireplumber.enable = true; 29 + }; 30 + 31 + # Graphics and parallel compute configuration 32 + hardware.graphics = { 33 + enable = true; 34 + extraPackages = with pkgs; [ 35 + libva 36 + mesa 37 + rocmPackages.clr.icd 38 + ]; 39 + }; 40 + 41 + # Enable touchpad support (enabled default in most desktopManager). 42 + # services.xserver.libinput.enable = true; 43 + 44 + # Fonts 45 + fonts.packages = with pkgs; [ 46 + fira-code 47 + fira-code-symbols 48 + noto-fonts 49 + noto-fonts-cjk-sans 50 + noto-fonts-color-emoji 51 + nerd-fonts.fira-code 52 + ]; 53 + 54 + # Polkit is a dependency of Sway. It's responsible for handling security policies 55 + security.polkit.enable = true; 56 + 57 + # Enable the sway window manager 58 + programs.sway = { 59 + enable = true; 60 + #package = unstable.sway; 61 + wrapperFeatures.gtk = true; 62 + }; 63 + # Use greetd as the displaymanager 64 + #services.xserver.displayManager.greetd.enable = true; 65 + #services.xserver.displayManager.lightdm.enable = false; 66 + services.displayManager.sddm.enable = true; 67 + services.displayManager.defaultSession = "sway"; 68 + services.displayManager.autoLogin = { 69 + enable = true; 70 + user = "noah"; 71 + }; 72 + 73 + # i3, for when I need XOrg 74 + services.xserver.windowManager.i3 = { 75 + enable = true; 76 + extraPackages = with pkgs; [ 77 + dmenu 78 + i3status 79 + i3lock 80 + i3blocks 81 + ]; 82 + }; 83 + 84 + xdg.portal = { 85 + enable = true; 86 + wlr.enable = true; 87 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 + }; 89 + xdg.mime = { 90 + enable = true; 91 + defaultApplications = { 92 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 + }; 95 + }; 96 + services.dbus.enable = true; 97 + services.gnome.gnome-keyring.enable = true; 98 + }
+93
host-specific/odin/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + modulesPath, 8 + pkgs, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "sd_mod" 25 + "sdhci_pci" 26 + ]; 27 + boot.initrd.kernelModules = [ 28 + "kvm-amd" 29 + "amdgpu" 30 + "nvme" 31 + "xhci_pci" 32 + "thunderbolt" 33 + "usb_storage" 34 + "usbhid" 35 + "sd_mod" 36 + "sdhci_pci" 37 + ]; 38 + boot.kernelModules = [ 39 + "kvm-amd" 40 + "amdgpu" 41 + "nvme" 42 + "xhci_pci" 43 + "thunderbolt" 44 + "usb_storage" 45 + "usbhid" 46 + "sd_mod" 47 + "sdhci_pci" 48 + ]; 49 + virtualisation.libvirtd = { 50 + enable = true; 51 + qemu = { 52 + runAsRoot = false; 53 + }; 54 + }; 55 + #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 + boot.kernelParams = [ ]; 57 + 58 + hardware.enableRedistributableFirmware = true; 59 + 60 + fileSystems."/" = { 61 + device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 + fsType = "ext4"; 63 + }; 64 + 65 + fileSystems."/boot" = { 66 + device = "/dev/disk/by-uuid/4B85-C90A"; 67 + fsType = "vfat"; 68 + }; 69 + 70 + swapDevices = [ 71 + { 72 + device = "/swapfile"; 73 + size = 32 * 1024; 74 + } 75 + ]; 76 + 77 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 + # (the default) this is the recommended approach. When using systemd-networkd it's 79 + # still possible to use this option, but it's recommended to use it in conjunction 80 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 + networking.useDHCP = lib.mkDefault true; 82 + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 + 85 + nixpkgs.hostPlatform = { 86 + #gcc.arch = "znver2"; 87 + #gcc.tune = "znver2"; 88 + system = "x86_64-linux"; 89 + #gcc.arch = "x86-64-v3"; 90 + }; 91 + #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 + }
+78
host-specific/odin/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "odin"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.6 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + networking.firewall = { 29 + enable = true; 30 + allowPing = true; 31 + allowedUDPPorts = [ ]; 32 + allowedUDPPortRanges = [ ]; 33 + allowedTCPPorts = [ 34 + 2375 35 + 3000 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+129
host-specific/odin/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + neovim 48 + appimage-run 49 + tzdata 50 + wget 51 + kitty 52 + file 53 + w3m 54 + fishPlugins.fzf-fish 55 + fzf 56 + qemu 57 + qemu-user 58 + qemu-utils 59 + qemu_full 60 + OVMF 61 + #9p stuff 62 + diod 63 + plan9port 64 + vis 65 + rc 66 + ncdu 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + wayland 84 + configure-gtk 85 + dbus-sway-environment 86 + dbus 87 + pkg-config 88 + zlib 89 + # why wouldn't I want documentation on my system 90 + man-pages 91 + man-pages-posix 92 + perf 93 + ]; 94 + documentation.dev.enable = true; 95 + 96 + # Fix dynamically linked libraries for unpackaged binaries 97 + programs.nix-ld = { 98 + enable = true; 99 + libraries = with pkgs; [ 100 + # Add missing dynamic libraries for unpackaged programs HERE 101 + # NOT in environment.systemPackages 102 + zlib 103 + openssl 104 + sqlite 105 + libunwind 106 + libglvnd 107 + libclang 108 + systemdLibs 109 + ]; 110 + }; 111 + programs.nix-index = { 112 + enable = true; 113 + enableFishIntegration = true; 114 + enableBashIntegration = false; 115 + enableZshIntegration = false; 116 + }; 117 + 118 + # Run other bins in QEMU 119 + boot.binfmt.emulatedSystems = [ 120 + "aarch64-linux" 121 + "riscv64-linux" 122 + ]; 123 + # UEFI firmware support for QEMU 124 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 + 126 + # Logseq uses an ancient version of Electron, so we enable that 127 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 + nixpkgs.config.allowUnfree = true; 129 + }
+33
host-specific/odin/services.nix
··· 1 + { ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Fish shell, the best 12 + programs.fish.enable = true; 13 + 14 + services.tailscale.useRoutingFeatures = "client"; 15 + 16 + services.redis.servers."" = { 17 + enable = true; 18 + }; 19 + 20 + # Containers and VMs 21 + virtualisation = { 22 + podman = { 23 + enable = false; 24 + dockerCompat = true; 25 + defaultNetwork.settings.dns_enabled = true; 26 + dockerSocket.enable = true; 27 + }; 28 + docker = { 29 + enable = true; 30 + storageDriver = "overlay2"; 31 + }; 32 + }; 33 + }
+6
host-specific/shizuri/boot.nix
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+13
host-specific/shizuri/configuration.nix
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + # Include the results of the hardware scan. 5 + ./hardware-configuration.nix 6 + ./boot.nix 7 + ./networking.nix 8 + ./gui.nix 9 + ./packages.nix 10 + ./services.nix 11 + ]; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+27
host-specific/shizuri/gs.sh
··· 1 + #!/usr/bin/env bash 2 + set -xeuo pipefail 3 + 4 + gamescopeArgs=( 5 + --adaptive-sync # VRR support 6 + --hdr-enabled 7 + --mangoapp # performance overlay 8 + --rt 9 + --steam 10 + ) 11 + steamArgs=( 12 + -pipewire-dmabuf 13 + -tenfoot 14 + ) 15 + mangoConfig=( 16 + cpu_temp 17 + gpu_temp 18 + ram 19 + vram 20 + ) 21 + mangoVars=( 22 + MANGOHUD=1 23 + MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")" 24 + ) 25 + 26 + export "${mangoVars[@]}" 27 + exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
+115
host-specific/shizuri/gui.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + services.xserver.xkb = { 16 + layout = "us"; 17 + variant = ""; 18 + }; 19 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 20 + 21 + # Enable CUPS to print documents. 22 + # services.printing.enable = true; 23 + 24 + # Enable sound. 25 + security.rtkit.enable = true; 26 + services.pipewire = { 27 + enable = true; 28 + alsa.enable = true; 29 + alsa.support32Bit = true; 30 + pulse.enable = true; 31 + wireplumber.enable = true; 32 + }; 33 + 34 + # Graphics and parallel compute configuration 35 + hardware.graphics = { 36 + enable = true; 37 + extraPackages = with pkgs; [ 38 + libva 39 + mesa 40 + rocmPackages.clr.icd 41 + ]; 42 + }; 43 + 44 + # Enable touchpad support (enabled default in most desktopManager). 45 + # services.xserver.libinput.enable = true; 46 + 47 + # Fonts 48 + fonts.packages = with pkgs; [ 49 + fira-code 50 + fira-code-symbols 51 + noto-fonts 52 + noto-fonts-cjk-sans 53 + noto-fonts-color-emoji 54 + nerd-fonts.fira-code 55 + ]; 56 + 57 + # Polkit is a dependency of Sway. It's responsible for handling security policies 58 + security.polkit.enable = true; 59 + 60 + # Enable the sway window manager 61 + programs.sway = { 62 + enable = false; 63 + #package = unstable.sway; 64 + wrapperFeatures.gtk = true; 65 + }; 66 + # Use greetd as the displaymanager 67 + #services.xserver.displayManager.greetd.enable = true; 68 + 69 + services.xserver.displayManager.lightdm.enable = false; 70 + 71 + #services.displayManager.sddm.enable = true; 72 + #services.displayManager.defaultSession = "sway"; 73 + #services.displayManager.autoLogin = { 74 + # enable = true; 75 + # user = "noah"; 76 + #}; 77 + services.xserver.desktopManager.xfce.enable = false; 78 + services.xserver.desktopManager.lxqt = { 79 + enable = true; 80 + }; 81 + services.xscreensaver.enable = true; 82 + security.pam.services.xscreensaver.enable = true; 83 + 84 + # i3, for when I need XOrg 85 + services.xserver.windowManager.i3 = { 86 + enable = false; 87 + extraPackages = with pkgs; [ 88 + dmenu 89 + i3status 90 + i3lock 91 + i3blocks 92 + ]; 93 + }; 94 + 95 + xdg.portal = { 96 + enable = true; 97 + wlr.enable = true; 98 + extraPortals = [ 99 + pkgs.xdg-desktop-portal 100 + pkgs.xdg-desktop-portal-wlr 101 + pkgs.xdg-desktop-portal-gtk 102 + pkgs.xdg-desktop-portal-termfilechooser 103 + pkgs.lxqt.xdg-desktop-portal-lxqt 104 + ]; 105 + }; 106 + xdg.mime = { 107 + enable = true; 108 + defaultApplications = { 109 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 110 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 111 + }; 112 + }; 113 + services.dbus.enable = true; 114 + services.gnome.gnome-keyring.enable = true; 115 + }
+84
host-specific/shizuri/hardware-configuration.nix
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "uas" 25 + "sd_mod" 26 + ]; 27 + boot.initrd.kernelModules = [ ]; 28 + boot.kernelModules = [ "kvm-amd" ]; 29 + boot.extraModulePackages = [ ]; 30 + 31 + # Bluetooth / wireless configuration 32 + hardware.bluetooth = { 33 + enable = true; 34 + powerOnBoot = true; 35 + settings = { 36 + General = { 37 + # Shows battery charge of connected devices on supported 38 + # Bluetooth adapters. Defaults to 'false'. 39 + Experimental = true; 40 + # When enabled other devices can connect faster to us, however 41 + # the tradeoff is increased power consumption. Defaults to 42 + # 'false'. 43 + FastConnectable = true; 44 + }; 45 + Policy = { 46 + # Enable all controllers when they are found. This includes 47 + # adapters present on start as well as adapters that are plugged 48 + # in later on. Defaults to 'true'. 49 + AutoEnable = true; 50 + }; 51 + }; 52 + }; 53 + 54 + fileSystems."/" = { 55 + device = "/dev/disk/by-uuid/9a7cbffe-6c10-4220-bb99-4dcea8181dcc"; 56 + fsType = "ext4"; 57 + }; 58 + 59 + fileSystems."/boot" = { 60 + device = "/dev/disk/by-uuid/9AC5-62C3"; 61 + fsType = "vfat"; 62 + options = [ 63 + "fmask=0077" 64 + "dmask=0077" 65 + ]; 66 + }; 67 + 68 + swapDevices = [ { device = "/dev/disk/by-uuid/a19d8fad-d8d2-4bbe-a233-e645020419ff"; } ]; 69 + fileSystems."/srv/mugino" = { 70 + device = "/dev/disk/by-uuid/d832dd9f-1fbb-4ca7-9097-0ba329b838af"; 71 + fsType = "ext4"; 72 + }; 73 + 74 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 75 + # (the default) this is the recommended approach. When using systemd-networkd it's 76 + # still possible to use this option, but it's recommended to use it in conjunction 77 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 78 + networking.useDHCP = lib.mkDefault true; 79 + # networking.interfaces.enp191s0.useDHCP = lib.mkDefault true; 80 + # networking.interfaces.wlp192s0.useDHCP = lib.mkDefault true; 81 + 82 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 83 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 84 + }
+78
host-specific/shizuri/networking.nix
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "shizuri"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.2 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + # TODO: allow some ports 29 + networking.firewall = { 30 + enable = false; 31 + allowPing = true; 32 + allowedUDPPorts = [ ]; 33 + allowedTCPPorts = [ 34 + 1234 35 + 2375 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+173
host-specific/shizuri/packages.nix
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + mangohud 48 + neovim 49 + appimage-run 50 + tzdata 51 + wget 52 + kitty 53 + file 54 + w3m 55 + fishPlugins.fzf-fish 56 + fzf 57 + qemu 58 + qemu-user 59 + qemu-utils 60 + qemu_full 61 + OVMF 62 + #9p stuff 63 + diod 64 + plan9port 65 + vis 66 + rc 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + xdg-desktop-portal 84 + wayland 85 + configure-gtk 86 + lxqt.lxqt-menu-data # for lxqt 87 + dbus-sway-environment 88 + dbus 89 + pkg-config 90 + zlib 91 + # why wouldn't I want documentation on my system 92 + man-pages 93 + man-pages-posix 94 + linuxPackages_latest.perf 95 + ]; 96 + 97 + environment.loginShellInit = '' 98 + [[ "$(tty)" = "/dev/tty1" ]] && /home/noah/repos/nixos/gs.sh 99 + ''; 100 + 101 + documentation.dev.enable = true; 102 + 103 + # Fix dynamically linked libraries for unpackaged binaries 104 + programs.nix-ld = { 105 + enable = true; 106 + libraries = with pkgs; [ 107 + # Add missing dynamic libraries for unpackaged programs HERE 108 + # NOT in environment.systemPackages 109 + zlib 110 + openssl 111 + sqlite 112 + libunwind 113 + libglvnd 114 + libclang 115 + systemdLibs 116 + ]; 117 + }; 118 + programs.nix-index = { 119 + enable = true; 120 + enableFishIntegration = true; 121 + enableBashIntegration = false; 122 + enableZshIntegration = false; 123 + }; 124 + 125 + programs.steam = { 126 + enable = true; 127 + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play 128 + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server 129 + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers 130 + gamescopeSession.enable = true; 131 + }; 132 + programs.gamescope = { 133 + enable = true; 134 + capSysNice = true; 135 + }; 136 + # Boot to bigpicture 137 + services.getty.autologinUser = "noah"; 138 + 139 + programs.appimage = { 140 + enable = true; 141 + binfmt = true; 142 + }; 143 + 144 + # Run other bins in QEMU 145 + boot.binfmt.emulatedSystems = [ 146 + "aarch64-linux" 147 + "riscv64-linux" 148 + ]; 149 + # UEFI firmware support for QEMU 150 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 151 + 152 + # Logseq uses an ancient version of Electron, so we enable that 153 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 154 + 155 + # I don't care too much about unfree 156 + nixpkgs.config.allowUnfree = true; 157 + # Whitelist some unfree packages 158 + nixpkgs.config.allowUnfreePredicate = 159 + pkg: 160 + builtins.elem (lib.getName pkg) [ 161 + "discord" 162 + "spotify" 163 + "obsidian" 164 + "unstable.obsidian" 165 + "tailscale" 166 + "google-chrome" 167 + "slack" 168 + "steam" 169 + "steam-original" 170 + "steam-unwrapped" 171 + "steam-run" 172 + ]; 173 + }
+44
host-specific/shizuri/services.nix
··· 1 + { pkgs, ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Enable the OpenSSH daemon. 12 + services.openssh = { 13 + enable = true; 14 + settings.X11Forwarding = true; 15 + }; 16 + 17 + # Smart Card daemon 18 + services.pcscd.enable = true; 19 + 20 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 21 + services.hardware.bolt.enable = true; 22 + 23 + services.fwupd.enable = true; 24 + 25 + services.xrdp = { 26 + enable = true; 27 + openFirewall = true; 28 + defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/lxqt-session"; 29 + }; 30 + 31 + # Containers and VMs 32 + virtualisation = { 33 + podman = { 34 + enable = false; 35 + dockerCompat = true; 36 + defaultNetwork.settings.dns_enabled = true; 37 + dockerSocket.enable = true; 38 + }; 39 + docker = { 40 + enable = true; 41 + storageDriver = "overlay2"; 42 + }; 43 + }; 44 + }
+55
host-specific/touma-wsl.nix
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 + # https://github.com/nix-community/NixOS-WSL 7 + 8 + { pkgs, inputs, ... }: 9 + { 10 + imports = [ 11 + # WSL has no hardware configuration 12 + ../users.nix 13 + ../services.nix 14 + ]; 15 + wsl = { 16 + enable = true; 17 + defaultUser = "noah"; 18 + wslConf.network.hostname = "touma-wsl-nixos"; 19 + }; 20 + # List packages installed in system profile. To search, run: 21 + # $ nix search wget 22 + environment.systemPackages = with pkgs; [ 23 + neovim 24 + appimage-run 25 + wget 26 + kitty 27 + w3m 28 + fishPlugins.fzf-fish 29 + fzf 30 + qemu 31 + OVMF 32 + gitFull 33 + # plan9 34 + diod 35 + plan9port 36 + vis 37 + rc 38 + 39 + xdg-utils 40 + inputs.agenix.packages."${system}".agenix 41 + ]; 42 + services.openssh.enable = true; 43 + 44 + # Fix dynamically linked libraries for unpackaged binaries 45 + programs.nix-ld = { 46 + enable = true; 47 + libraries = with pkgs; [ 48 + # Add missing dynamic libraries for unpackaged programs HERE 49 + # NOT in environment.systemPackages 50 + zlib 51 + fuse3 52 + ]; 53 + }; 54 + system.stateVersion = "24.11"; 55 + }
+196
i3/config
··· 1 + # This file has been auto-generated by i3-config-wizard(1). 2 + # It will not be overwritten, so edit it as you like. 3 + # 4 + # Should you change your keyboard layout some time, delete 5 + # this file and re-run i3-config-wizard(1). 6 + # 7 + 8 + # i3 config file (v4) 9 + # 10 + # Please see https://i3wm.org/docs/userguide.html for a complete reference! 11 + 12 + set $mod Mod4 13 + 14 + # Font for window titles. Will also be used by the bar unless a different font 15 + # is used in the bar {} block below. 16 + font pango:monospace 8 17 + 18 + # This font is widely installed, provides lots of unicode glyphs, right-to-left 19 + # text rendering and scalability on retina/hidpi displays (thanks to pango). 20 + #font pango:DejaVu Sans Mono 8 21 + 22 + # Start XDG autostart .desktop files using dex. See also 23 + # https://wiki.archlinux.org/index.php/XDG_Autostart 24 + exec --no-startup-id dex --autostart --environment i3 25 + 26 + # The combination of xss-lock, nm-applet and pactl is a popular choice, so 27 + # they are included here as an example. Modify as you see fit. 28 + 29 + # xss-lock grabs a logind suspend inhibit lock and will use i3lock to lock the 30 + # screen before suspend. Use loginctl lock-session to lock your screen. 31 + exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock --nofork 32 + 33 + # NetworkManager is the most popular way to manage wireless networks on Linux, 34 + # and nm-applet is a desktop environment-independent system tray GUI for it. 35 + exec --no-startup-id nm-applet 36 + 37 + # Use pactl to adjust volume in PulseAudio. 38 + set $refresh_i3status killall -SIGUSR1 i3status 39 + bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +10% && $refresh_i3status 40 + bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -10% && $refresh_i3status 41 + bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle && $refresh_i3status 42 + bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle && $refresh_i3status 43 + 44 + # Use Mouse+$mod to drag floating windows to their wanted position 45 + floating_modifier $mod 46 + 47 + # move tiling windows via drag & drop by left-clicking into the title bar, 48 + # or left-clicking anywhere into the window while holding the floating modifier. 49 + tiling_drag modifier titlebar 50 + 51 + # start a terminal 52 + bindsym $mod+Return exec kitty 53 + 54 + # kill focused window 55 + bindsym $mod+Shift+q kill 56 + 57 + # start dmenu (a program launcher) 58 + bindsym $mod+d exec --no-startup-id dmenu_run 59 + # A more modern dmenu replacement is rofi: 60 + # bindcode $mod+40 exec "rofi -modi drun,run -show drun" 61 + # There also is i3-dmenu-desktop which only displays applications shipping a 62 + # .desktop file. It is a wrapper around dmenu, so you need that installed. 63 + # bindcode $mod+40 exec --no-startup-id i3-dmenu-desktop 64 + 65 + # change focus 66 + bindsym $mod+h focus left 67 + bindsym $mod+j focus down 68 + bindsym $mod+k focus up 69 + bindsym $mod+l focus right 70 + 71 + 72 + # alternatively, you can use the cursor keys: 73 + bindsym $mod+Left focus left 74 + bindsym $mod+Down focus down 75 + bindsym $mod+Up focus up 76 + bindsym $mod+Right focus right 77 + 78 + # move focused window 79 + bindsym $mod+Shift+h move left 80 + bindsym $mod+Shift+j move down 81 + bindsym $mod+Shift+k move up 82 + bindsym $mod+Shift+l move right 83 + 84 + # alternatively, you can use the cursor keys: 85 + bindsym $mod+Shift+Left move left 86 + bindsym $mod+Shift+Down move down 87 + bindsym $mod+Shift+Up move up 88 + bindsym $mod+Shift+Right move right 89 + 90 + # split in horizontal orientation 91 + bindsym $mod+g split h 92 + 93 + # split in vertical orientation 94 + bindsym $mod+v split v 95 + 96 + # enter fullscreen mode for the focused container 97 + bindsym $mod+f fullscreen toggle 98 + 99 + # change container layout (stacked, tabbed, toggle split) 100 + bindsym $mod+s layout stacking 101 + bindsym $mod+w layout tabbed 102 + bindsym $mod+e layout toggle split 103 + 104 + # toggle tiling / floating 105 + bindsym $mod+Shift+space floating toggle 106 + 107 + # change focus between tiling / floating windows 108 + bindsym $mod+space focus mode_toggle 109 + 110 + # focus the parent container 111 + bindsym $mod+a focus parent 112 + 113 + # focus the child container 114 + #bindsym $mod+d focus child 115 + 116 + # Define names for default workspaces for which we configure key bindings later on. 117 + # We use variables to avoid repeating the names in multiple places. 118 + set $ws1 "1" 119 + set $ws2 "2" 120 + set $ws3 "3" 121 + set $ws4 "4" 122 + set $ws5 "5" 123 + set $ws6 "6" 124 + set $ws7 "7" 125 + set $ws8 "8" 126 + set $ws9 "9" 127 + set $ws10 "10" 128 + 129 + # switch to workspace 130 + bindsym $mod+1 workspace number $ws1 131 + bindsym $mod+2 workspace number $ws2 132 + bindsym $mod+3 workspace number $ws3 133 + bindsym $mod+4 workspace number $ws4 134 + bindsym $mod+5 workspace number $ws5 135 + bindsym $mod+6 workspace number $ws6 136 + bindsym $mod+7 workspace number $ws7 137 + bindsym $mod+8 workspace number $ws8 138 + bindsym $mod+9 workspace number $ws9 139 + bindsym $mod+0 workspace number $ws10 140 + # Tab navigation 141 + bindsym $mod+Tab workspace next 142 + bindsym $mod+Shift+Tab workspace prev 143 + 144 + # move focused container to workspace 145 + bindsym $mod+Shift+1 move container to workspace number $ws1 146 + bindsym $mod+Shift+2 move container to workspace number $ws2 147 + bindsym $mod+Shift+3 move container to workspace number $ws3 148 + bindsym $mod+Shift+4 move container to workspace number $ws4 149 + bindsym $mod+Shift+5 move container to workspace number $ws5 150 + bindsym $mod+Shift+6 move container to workspace number $ws6 151 + bindsym $mod+Shift+7 move container to workspace number $ws7 152 + bindsym $mod+Shift+8 move container to workspace number $ws8 153 + bindsym $mod+Shift+9 move container to workspace number $ws9 154 + bindsym $mod+Shift+0 move container to workspace number $ws10 155 + 156 + # reload the configuration file 157 + bindsym $mod+Shift+c reload 158 + # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) 159 + bindsym $mod+Shift+r restart 160 + # exit i3 (logs you out of your X session) 161 + bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" 162 + 163 + # resize window (you can also use the mouse for that) 164 + mode "resize" { 165 + # These bindings trigger as soon as you enter the resize mode 166 + 167 + # Pressing left will shrink the window’s width. 168 + # Pressing right will grow the window’s width. 169 + # Pressing up will shrink the window’s height. 170 + # Pressing down will grow the window’s height. 171 + bindsym h resize shrink width 10 px or 10 ppt 172 + bindsym j resize grow height 10 px or 10 ppt 173 + bindsym k resize shrink height 10 px or 10 ppt 174 + bindsym l resize grow width 10 px or 10 ppt 175 + 176 + # same bindings, but for the arrow keys 177 + bindsym Left resize shrink width 10 px or 10 ppt 178 + bindsym Down resize grow height 10 px or 10 ppt 179 + bindsym Up resize shrink height 10 px or 10 ppt 180 + bindsym Right resize grow width 10 px or 10 ppt 181 + 182 + # back to normal: Enter or Escape or $mod+r 183 + bindsym Return mode "default" 184 + bindsym Escape mode "default" 185 + bindsym $mod+r mode "default" 186 + } 187 + 188 + bindsym $mod+r mode "resize" 189 + 190 + # Start i3bar to display a workspace bar (plus the system information i3status 191 + # finds out, if available) 192 + bar { 193 + status_command i3status 194 + } 195 + 196 + exec barrier
-111
networking.nix
··· 1 - { config, ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "misaki"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.interfaces = { 19 - enp4s0f1 = { 20 - ipv4.addresses = [{ 21 - address = "192.168.1.3"; 22 - prefixLength = 24; 23 - }]; 24 - }; 25 - }; 26 - networking.defaultGateway = { 27 - address = "192.168.1.1"; 28 - interface = "enp4s0f1"; 29 - }; 30 - 31 - networking.defaultGateway6 = { 32 - address = "fe80::2870:4eff:fe84:d884"; 33 - interface = "enp4s0f1"; 34 - }; 35 - 36 - networking.nameservers = [ 37 - "192.168.1.3" 38 - "45.90.28.93" 39 - "45.90.30.93" 40 - ]; 41 - 42 - # This is necessary for ZFS 43 - networking.hostId = "5beebabe"; 44 - 45 - networking.useNetworkd = true; 46 - # TODO: static IP @ 192.168.1.2 47 - 48 - # Configure network proxy if necessary 49 - # networking.proxy.default = "http://user:password@proxy:port/"; 50 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 51 - # Open ports in the firewall. 52 - # networking.firewall.allowedTCPPorts = [ ... ]; 53 - # networking.firewall.allowedUDPPorts = [ ... ]; 54 - # Or disable the firewall altogether. 55 - # TODO: allow some ports 56 - networking.firewall = { 57 - enable = true; 58 - allowPing = true; 59 - trustedInterfaces = [ 60 - "tailscale0" 61 - ]; 62 - allowedUDPPorts = [ 63 - # DNS 64 - 53 65 - config.services.tailscale.port 66 - ]; 67 - allowedTCPPorts = [ 68 - # DNS over TCP 69 - 53 70 - # NFSv4 71 - 2049 72 - # HTTP(s) 73 - 443 74 - 80 75 - # iperf3 76 - 5201 77 - 5301 78 - 5401 79 - # NATS 80 - 4222 81 - # Prometheus 82 - 9001 83 - # Minio 84 - 9003 85 - # Minio web 86 - 9004 87 - # AFP via Netatalk 88 - 548 89 - #9p 90 - 564 91 - # Misc development 92 - 3000 93 - ]; 94 - }; 95 - 96 - services.avahi = { 97 - enable = true; 98 - nssmdns4 = true; 99 - nssmdns6 = true; 100 - ipv6 = true; 101 - openFirewall = true; 102 - publish = { 103 - enable = true; 104 - addresses = true; 105 - workstation = true; 106 - userServices = true; 107 - domain = true; 108 - }; 109 - }; 110 - 111 - }
+2
nvim/after/ftplugin/janet.lua
··· 1 + vim.o.tabstop = 2 2 + vim.o.shiftwidth = 2
+11 -2
nvim/init.lua
··· 7 7 -- Config for Nord, which I usually use 8 8 -- vim.g.nord_italic = false 9 9 -- vim.g.nord_bold = false 10 - --vim.opt.background = "light" 11 - vim.opt.background = "dark" 10 + local known_hosts = { 11 + ["aleister.packetlost.dev"] = "light", 12 + ["aleister.local"] = "light", 13 + ["accelerator"] = "light" 14 + } 15 + local background = known_hosts[vim.loop.os_gethostname()] 16 + if not background then 17 + background = "dark" 18 + end 19 + vim.opt.background = background 20 + --vim.opt.background = "dark" 12 21 13 22 -- Formatting and vim config 14 23 vim.opt.expandtab = true
+1 -1
nvim/lua/lsp/janet_lsp.lua
··· 2 2 cmd = { 3 3 "janet", 4 4 "-i", 5 - "/home/noah/repos/janet-lsp/jpm_tree/lib/janet-lsp.jimage", 5 + "/Users/noah/repos/janet-lsp/build/janet-lsp.jimage", 6 6 "--stdio", 7 7 } 8 8 }
+3 -3
nvim/lua/lsp.lua
··· 44 44 end, opts) 45 45 vim.keymap.set("n", "<space>D", vim.lsp.buf.type_definition, opts) 46 46 vim.keymap.set("n", "<space>rn", vim.lsp.buf.rename, opts) 47 - vim.keymap.set("n", "<space>ca", vim.lsp.buf.code_action, opts) 47 + vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts) 48 48 vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) 49 49 vim.keymap.set("n", "<space>e", vim.diagnostic.open_float, opts) 50 - vim.keymap.set("n", "[d", vim.diagnostic.goto_prev, opts) 51 - vim.keymap.set("n", "]d", vim.diagnostic.goto_next, opts) 50 + vim.keymap.set("n", "[d", function () vim.diagnostic.jump {count = -1, float = true} end, opts) 51 + vim.keymap.set("n", "]d", function () vim.diagnostic.jump {count = 1, float = true} end, opts) 52 52 vim.keymap.set("n", "<space>q", vim.diagnostic.setloclist, opts) 53 53 vim.keymap.set("n", "<space>f", 54 54 function() vim.lsp.buf.format { async = true } end, opts)
+11 -22
nvim/lua/plugins.lua
··· 121 121 }, 122 122 }, -- Git stuff 123 123 -- GitGutter, shows inline difs 124 - "airblade/vim-gitgutter", 124 + --"airblade/vim-gitgutter", 125 125 { 126 126 "NeogitOrg/neogit", 127 127 dependencies = { ··· 277 277 { "rktjmp/hotpot.nvim", lazy = true, ft = "fennel", config = true }, 278 278 { "Olical/nfnl", lazy = true, ft = "fennel", config = true }, -- Rust stuff 279 279 { 280 - "simrat39/rust-tools.nvim", 281 - lazy = true, 282 - ft = { "rust" }, 283 - config = function() 284 - local rt = require("rust-tools") 285 - rt.setup({ 286 - server = { 287 - on_attach = function(_, bufnr) 288 - -- Hover actions 289 - vim.keymap.set("n", "<C-space>", 290 - rt.hover_actions.hover_actions, 291 - { buffer = bufnr }) 292 - -- Code action groups 293 - vim.keymap.set("n", "<Leader>a", 294 - rt.code_action_group.code_action_group, 295 - { buffer = bufnr }) 296 - end 297 - } 298 - }) 299 - end, 300 - dependencies = { "nvim-lua/plenary.nvim" } 280 + "mrcjkb/rustaceanvim", 281 + lazy = false, 282 + version = "^6" 301 283 }, 302 284 { "mfussenegger/nvim-dap", lazy = true, ft = { "c", "rust" } }, 303 285 { ··· 353 335 end 354 336 }, 355 337 { "lewis6991/gitsigns.nvim", config = true }, 338 + { 339 + "greggh/claude-code.nvim", 340 + dependencies = { 341 + "nvim-lua/plenary.nvim" 342 + }, 343 + config = true 344 + } 356 345 357 346 } 358 347 })
-26
overrides/immich-sources.json
··· 1 - { 2 - "version": "1.138.1", 3 - "hash": "sha256-oaZN0kF82mS25bDSTXRjYnWG9RAMSbCUhXn9t0am96U=", 4 - "components": { 5 - "cli": { 6 - "npmDepsHash": "sha256-6k83QOdKh+FlVnYvA9j60115oohUMDc2YvGaj/GMukE=", 7 - "version": "2.2.79" 8 - }, 9 - "server": { 10 - "npmDepsHash": "sha256-4sqWIIGQ8ZW7TvJoNjNNliriuV6Su0askAN6pAq9VFc=", 11 - "version": "1.138.1" 12 - }, 13 - "web": { 14 - "npmDepsHash": "sha256-+W8cDgy3qe6RDen8SEdHPNADkKb4zZH8C/Am/bdU42c=", 15 - "version": "1.138.1" 16 - }, 17 - "open-api/typescript-sdk": { 18 - "npmDepsHash": "sha256-GfmFPsnFu7l4EsnPDv4nj5KLkOz8nEJvMT1BE7zIQ3k=", 19 - "version": "1.138.1" 20 - }, 21 - "geonames": { 22 - "timestamp": "20250818205425", 23 - "hash": "sha256-ceYdHKPxVzmqVIcA5odqPAnjeB0sR7GW2k/Csp0nepY=" 24 - } 25 - } 26 - }
-126
packages.nix
··· 1 - { pkgs, lib, inputs, ... }: 2 - let # bash script to let dbus know about important env variables and 3 - # propagate them to relevent services run at the end of sway config 4 - # see 5 - # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 - # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 - # some user services to make sure they have the correct environment variables 8 - dbus-sway-environment = pkgs.writeTextFile { 9 - name = "dbus-sway-environment"; 10 - destination = "/bin/dbus-sway-environment"; 11 - executable = true; 12 - 13 - text = '' 14 - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 - systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 - systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 - ''; 18 - }; 19 - 20 - # currently, there is some friction between sway and gtk: 21 - # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 - # the suggested way to set gtk settings is with gsettings 23 - # for gsettings to work, we need to tell it where the schemas are 24 - # using the XDG_DATA_DIR environment variable 25 - # run at the end of sway config 26 - configure-gtk = pkgs.writeTextFile { 27 - name = "configure-gtk"; 28 - destination = "/bin/configure-gtk"; 29 - executable = true; 30 - text = 31 - let 32 - # TODO: figure out why these bindings exist or where they're used 33 - schema = pkgs.gsettings-desktop-schemas; 34 - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 - in 36 - '' 37 - 6 gnome_schema=org.gnome.desktop.interface 38 - gsettings set $gnome_schema gtk-theme 'Dracula' 39 - ''; 40 - }; 41 - in 42 - { 43 - 44 - # List packages installed in system profile. To search, run: 45 - # $ nix search wget 46 - environment.systemPackages = with pkgs; [ 47 - neovim 48 - appimage-run 49 - wget 50 - kitty 51 - w3m 52 - fishPlugins.fzf-fish 53 - fzf 54 - qemu 55 - OVMF 56 - metastore 57 - # 9p 58 - diod 59 - plan9port 60 - vis 61 - rc 62 - ncdu 63 - inputs.agenix.packages."${system}".agenix 64 - 65 - # ZFS / filesystem stuff 66 - zfs 67 - 68 - # GPU stuff 69 - intel-gpu-tools 70 - #(ffmpeg-full.override { 71 - # withUnfree = true; 72 - # withMfx = false; 73 - # withSmallBuild = false; 74 - # withTensorflow = false; 75 - #}) 76 - libva 77 - libva-utils 78 - nvtopPackages.intel 79 - 80 - # Sway stuff 81 - wdisplays 82 - mako 83 - bemenu 84 - wl-clipboard 85 - slurp 86 - grim 87 - swayidle 88 - swaylock 89 - adwaita-icon-theme 90 - dracula-theme 91 - glib 92 - xdg-utils 93 - wayland 94 - configure-gtk 95 - dbus-sway-environment 96 - dbus 97 - ]; 98 - 99 - # Fix dynamically linked libraries for unpackaged binaries 100 - programs.nix-ld = { 101 - enable = true; 102 - libraries = with pkgs; [ 103 - # Add missing dynamic libraries for unpackaged programs HERE 104 - # NOT in environment.systemPackages 105 - zlib 106 - ]; 107 - }; 108 - 109 - programs.fuse.userAllowOther = true; 110 - 111 - 112 - # Logseq uses an ancient version of Electron, so we enable that 113 - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 114 - 115 - # Whitelist some unfree packages 116 - nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ 117 - "discord" 118 - "spotify" 119 - "obsidian" 120 - "tailscale" 121 - "plexmediaserver" 122 - "sftpgo" 123 - "teamspeak-server" 124 - "ffmpeg-full" 125 - ]; 126 - }
-3
scripts/fix-jpeg-raw-duplicates-immich.rcsh
··· 1 - #!/usr/bin/env rc 2 - 3 - nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+3 -3
scripts/nr
··· 1 1 #!/usr/bin/env rc 2 2 3 - flag x + 3 + flag e + 4 4 5 5 if(~ $1 -x) { 6 - flake e + 6 + flag x + 7 7 shift 8 8 } 9 9 10 10 pkg=$1 11 11 shift 12 12 13 - exec nix run --impure 'nixpkgs#'^$pkg -- $* 13 + exec nix run 'nixpkgs#'^$pkg -- $*
-8
scripts/oclip
··· 1 - #!/usr/bin/env rc 2 - flag e + 3 - 4 - if (~ $1 -x) { 5 - flag x + 6 - } 7 - data=`{base64 <[0=0]} 8 - printf '\033]52;c;%s\007' $"data
+3
scripts/ocopy
··· 1 + #!/usr/bin/env sh 2 + 3 + printf "\033]52;c;%s\007" "$(base64 <&0)"
+10
secrets/catgirl-libera.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 QBbeMw PrgR2RT7HMRapTw8QcRtBU1vfOdrvOdFR+dxlaTMSH4 3 + 2oG68+hYV5W90Beaqpi/VonPwXzB52NTwwJGKmV8YM0 4 + -> ssh-ed25519 Wv0Urw LvqWE5p2G3QnxbqOQMSd631mCqfhJvE9P/yRuwTTkFk 5 + 3jGowP4TKe3T92NXcZjmqU+QFGcyuT2+H3EU/nqTF8s 6 + -> ssh-ed25519 WVNCXA YGX6M8E4JGpJNeZIhiN/t+tx1NQNc+Ewy9HC2dxm3yY 7 + mhxXrgnbh4ng2tIeQrYfxlnlSCk/fTEBDDOg2MEVP2g 8 + --- JpMgqNty36r0OAyDTaLY8yiFHGXzQLm8gh6XXmJQ094 9 + E~�ƿ ׭ #2%%��`Ϳ�~��~�Si<�3� 10 + 7k��b�+OMr�3GxžhG�WY9.�xU1�Re�*%���v�!����������2�wJ_B�)�"��I� �k��[u�jvV5��8n�D��2���H�|
secrets/nix-serve-secret-key.age

This is a binary file and will not be displayed.

+13
secrets/noah-hashed-password.age
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g Y6AKrd+CWu2+QqPEslYof/XQTTSMf/WNlW9t8FagYgQ 3 + +hiVmTdBt2w/CUusGWOmHgPB3/A3NlcVJ6a4hieWKaE 4 + -> ssh-ed25519 FcROng uBO/aCTSS5JU9ZTkyRgFeYhmkcXdifUycQk8CEGADx0 5 + LZE8JNFrlOeySFamABnZuZHdXdLPYB8/X4gic3stCuw 6 + -> ssh-ed25519 OV+2QQ m13opn5yD0oMLSR8j1jiI9CkzwDSZI37UhJdLQ/KzjE 7 + 6arhn/OFKiGrFabcFCF/yTtTSQImORJX5Ohq50I3xpU 8 + -> ssh-ed25519 h/Fm0A HfM3i56ldP9EvwYTNorzdtkwn21zvFd6cEqUINsg8hg 9 + RJo7z0Nk179ZiazofToA+0KOD3CWfpzaFcZWrSeVsuo 10 + -> ssh-ed25519 Aoo1Gg DKY2avQ+UMyIytEefP6C3LTXTT7QaDBDguxu4G3j/iY 11 + EqCq0BeV+rToFnOCbD9ru9KroXxGcYKRnryKF7N8Uoo 12 + --- L0JkNEz2vJ0m7+8PQELugzzhQAKV/6z/JrU2qeTDPWI 13 + /g�DQ�ӳ`�����< �S��U���p}E+(��2H�'��͖�������Av6p.P#,����l �����@��7���|F�;;�Dޓ,�8@���E{
+8 -5
secrets/porkbun-api-key.age
··· 1 1 age-encryption.org/v1 2 - -> ssh-ed25519 e6zq8g CdLTZ6uXiJB+xaD+I5NVHD5OxLSH+yAz99j04GiKukU 3 - kQTUR4yK23wHV9QGMlmTmIlMh63nP49g1NrS+sJKfBY 4 - --- H6/xHryPPKmAWW/bDXUN4YBXMKrsFpUAveKxWsT0SH0 5 - �E����,�ήS��P)A.������9O\�����2n��U�!���X�a��� l�Z�4*(G�[��>�Zl� 6 - :QՅ���������o����$=��& ڍ�w�t^�<<E�0p�8��:���� G�̉����J#�QR�����p�򘐞�kA,�=!��5�KK��0o��nQ��)�\\�ĘN�����wQ�҉ 2 + -> ssh-ed25519 e6zq8g x6PGKDva9Uj/rVaeOiWSBKTgNsi6ZT1XtHdUEAPn7Wo 3 + hziH64vy2Dx0dMEEKphhw54hzyzhgAYONxaSqDgguP0 4 + -> ssh-ed25519 QBbeMw G775f6PEJrogzi+h0cDKhCmfZ4t8uaJSsGqSuLdwq1M 5 + TR9UfYVljeb+DtttBpMlinZjbPNKL7+omEasEo0nEjE 6 + -> ssh-ed25519 Wv0Urw jXwjCKuCW6z7ZGu0hp/igks4vgCcGGng0VGXeHakJRI 7 + b6fciWjygpGMI83E3C3JBjJZ7X5tDXRPRKgn1Uy/1P0 8 + --- X67NLqQNueHXFrw9Z2SBA880xnUEPLbKRjADgdiBfIs 9 + &u&6�=�ڌ5�!,B[��e������F�[��9�� "lU����<�9�D$m̆��6`JU �dB~S�A6D;s��љ: M��p g�Y��@pBj�6���f����p�;��{�H�y�2{�?���#Pl�D@#ye��3��jD��tץ����6���=�A�������lJڊQ'���..>�(񵑅|wn��Zf<= _
+24 -4
secrets/secrets.nix
··· 1 1 let 2 - noah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki"; 2 + noah = [ 3 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki" 4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin" 5 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 + ]; 3 7 misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 4 - #users = [noah]; 8 + edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 + odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 + touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 + shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 + hosts = [ 13 + misaki 14 + edge 15 + odin 16 + touma-wsl 17 + shizuri 18 + ]; 5 19 in 6 20 { 7 - "porkbun-api-key.age".publicKeys = [ noah misaki ]; 8 - "nix-serve-secret-key.age".publicKeys = [ misaki noah ]; 21 + "porkbun-api-key.age".publicKeys = [ misaki ] ++ noah; 22 + "noah-hashed-password.age".publicKeys = hosts; 23 + "nix-serve-secret-key.age".publicKeys = [ 24 + misaki 25 + noah 26 + ]; 27 + "validator-identity.age".publicKeys = [ edge ]; 28 + "catgirl-libera.age".publicKeys = noah; 9 29 }
secrets/validator-identity.age

This is a binary file and will not be displayed.

+18 -562
services.nix
··· 1 - { config 2 - , pkgs 3 - , unstable 4 - , ... 5 - }: 1 + { enableNFTables, lib, ... }: 6 2 { 7 3 8 - services.zfs = { 9 - autoScrub.enable = true; 10 - }; 11 - services.nfs.server.enable = true; 12 4 # Some programs need SUID wrappers, can be configured further or are 13 5 # started in user sessions. 14 - # programs.mtr.enable = true; 15 - programs.gnupg.agent = { 16 - enable = true; 17 - enableSSHSupport = false; 18 - }; 6 + programs.mtr.enable = true; 19 7 20 8 # Fish shell, the best 21 9 programs.fish.enable = true; 22 10 23 - # MOSH, SSH over flakey connections 24 - programs.mosh.enable = true; 25 - 26 - # List services that you want to enable: 27 - 28 - # Enable the OpenSSH daemon. 29 - services.openssh = { 30 - enable = true; 31 - openFirewall = true; 32 - settings.PasswordAuthentication = false; 33 - }; 34 - 35 - # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 36 - services.hardware.bolt.enable = true; 37 - 38 11 # Tailscale 39 12 services.tailscale = { 40 13 enable = true; 41 - useRoutingFeatures = "client"; 42 - }; 43 - 44 - # Containers and VMs 45 - virtualisation = { 46 - podman = { 47 - enable = true; 48 - dockerCompat = true; 49 - defaultNetwork.settings.dns_enabled = true; 50 - }; 51 - }; 52 - 53 - # Samba, for shares 54 - # TODO 55 - services.samba = { 56 - enable = true; 57 14 openFirewall = true; 58 - nmbd.enable = true; 59 - winbindd.enable = true; 60 - settings = { 61 - global = { 62 - workgroup = "WORKGROUP"; 63 - "server string" = "misaki"; 64 - security = "user"; 65 - "use sendfile" = "yes"; 66 - "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 67 - "hosts deny" = "0.0.0.0/0"; 68 - "guest account" = "nobody"; 69 - "map to guest" = "bad user"; 70 - deadtime = 30; 71 - }; 72 - shokuhou = { 73 - path = "/srv/shokuhou"; 74 - browseable = "yes"; 75 - "read only" = "no"; 76 - "guest ok" = "no"; 77 - "create mask" = "0644"; 78 - "directory mask" = "0755"; 79 - "force user" = "noah"; 80 - "force group" = "nas"; 81 - }; 82 - mentalout = { 83 - path = "/srv/mentalout"; 84 - browseable = "yes"; 85 - "read only" = "no"; 86 - "guest ok" = "no"; 87 - "create mask" = "0644"; 88 - "directory mask" = "0755"; 89 - "force user" = "noah"; 90 - "force group" = "nas"; 91 - }; 92 - }; 93 15 }; 94 - services.samba-wsdd = { 95 - enable = true; 96 - openFirewall = true; 97 - }; 98 - 99 - services.coredns = { 100 - enable = true; 101 - config = '' 102 - packetlost.dev { 103 - hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 104 - fallthrough 105 - } 106 - bind enp4s0f1 107 - } 108 - ngp.computer { 109 - hosts ${./coredns/ngp.computer.hosts} ngp.computer { 110 - fallthrough 111 - } 112 - bind enp4s0f1 113 - } 114 - localhost { 115 - hosts ${./coredns/localhost.hosts} localhost { 116 - fallthrough 117 - } 118 - bind enp4s0f1 119 - } 120 - . { 121 - # NextDNS 122 - forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 123 - tls_servername dd2feb.dns.nextdns.io 124 - health_check 5s 125 - } 126 - bind enp4s0f1 127 - cache 128 - errors 129 - log 130 - } 131 - ''; 132 - }; 133 - 134 - services.nats = { 135 - enable = true; 136 - jetstream = true; 137 - user = "nats"; 138 - group = "nats"; 139 - serverName = "misaki"; 140 - dataDir = "/srv/shokuhou/applications/nats"; 141 - validateConfig = false; 142 - settings = { 143 - authorization = { 144 - users = [ 145 - { 146 - user = "seedbox@packetlost.dev"; 147 - permissions = { 148 - publish = [ 149 - "torrents" 150 - "torrents.>" 151 - "$JS.API.INFO" 152 - #"$JS.API.STREAM.INFO.>" 153 - "$KV.torrents.>" 154 - #"$JS.API.STREAM.*.*.OBJ_torrents" 155 - "$JS.API.*.*.OBJ_torrents" 156 - "$JS.API.STREAM.MSG.GET.OBJ_torrents" 157 - "$JS.API.*.*.OBJ_torrents.>" 158 - "$O.torrents.>" 159 - ]; 160 - subscribe = [ 161 - "torrents.>" 162 - "_INBOX.>" 163 - ]; 164 - allow_responses = false; 165 - }; 166 - } 167 - { user = "odin@packetlost.dev"; } 168 - { user = "misaki@packetlost.dev"; } 169 - { user = "noah@packetlost.dev"; } 170 - { user = "touma-nixos@packetlost.dev"; } 171 - ]; 172 - }; 173 - tls = { 174 - cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 175 - key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 176 - ca_file = "/srv/nats/minica.pem"; 177 - verify_and_map = true; 178 - }; 179 - jetstream = { 180 - # 50GB 181 - max_file_store = 53687091200; 182 - max_mem = 8589934592; 183 - }; 184 - }; 185 - }; 186 - 187 - # Minio's object storage has been mostly replaced with NATS. If I specifically need a 188 - # S3-like API, this will be revived. 189 - services.minio = { 190 - enable = false; 191 - listenAddress = ":9003"; 192 - consoleAddress = ":9004"; 193 - dataDir = [ 194 - /srv/shokuhou/applications/minio 195 - ]; 196 - }; 197 - 198 - services.netatalk = { 199 - enable = true; 200 - settings = { 201 - time-machine = { 202 - path = "/srv/shokuhou/backup/timemachine"; 203 - "valid users" = "noah"; 204 - "time machine" = true; 205 - }; 206 - }; 207 - }; 208 - 209 - services.webdav.enable = false; 210 - services.sftpgo = { 211 - enable = false; 212 - dataDir = /srv/shokuhou/documents/sftpgo; 213 - group = "nas"; 214 - }; 215 - services.syncthing = { 216 - enable = false; 217 - openDefaultPorts = true; 218 - # disable the sync folder creation 219 - extraFlags = [ "--no-default-folder" ]; 220 - settings = { 221 - folders = { 222 - "Sync" = { 223 - path = "/srv/shokuhou/documents/sync"; 224 - }; 225 - }; 226 - }; 227 - }; 228 - 229 - services.grafana = { 230 - enable = false; 231 - settings.server.http_port = 2342; 232 - settings.server.domain = "grafana.packetlost.dev"; 233 - settings.server.http_addr = "127.0.0.1"; 234 - }; 235 - 236 - services.prometheus = { 237 - enable = false; 238 - port = 9001; 239 - exporters = { 240 - node = { 241 - enable = true; 242 - enabledCollectors = [ "systemd" ]; 243 - port = 9002; 244 - }; 245 - }; 246 - 247 - scrapeConfigs = [ 248 - { 249 - job_name = "chrysalis"; 250 - static_configs = [ 251 - { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 252 - ]; 253 - } 254 - ]; 255 - }; 256 - 257 - # TODO: figure out how to appropriately configure this 258 - services.step-ca = { 259 - enable = false; 260 - openFirewall = true; 261 - port = 8443; 262 - address = "0.0.0.0"; 263 - intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 264 - settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 265 - }; 266 - 267 - age.secrets.acme = { 268 - file = ./secrets/porkbun-api-key.age; 269 - owner = "root"; 270 - group = "acme"; 271 - }; 272 - 273 - # TODO: re-enable this once Agenix is set up 274 - security.acme = { 275 - acceptTerms = true; 276 - defaults.email = "noah@packetlost.dev"; 277 - certs."plex.packetlost.dev" = { 278 - dnsProvider = "porkbun"; 279 - group = "httpd"; 280 - environmentFile = config.age.secrets.acme.path; 281 - }; 282 - certs."img.ngp.computer" = { 283 - group = "httpd"; 284 - dnsProvider = "porkbun"; 285 - environmentFile = config.age.secrets.acme.path; 286 - }; 287 - certs."files.ngp.computer" = { 288 - group = "httpd"; 289 - dnsProvider = "porkbun"; 290 - environmentFile = config.age.secrets.acme.path; 291 - }; 292 - certs."photos.ngp.computer" = { 293 - group = "httpd"; 294 - dnsProvider = "porkbun"; 295 - environmentFile = config.age.secrets.acme.path; 296 - }; 297 - certs."jellyfin.packetlost.dev" = { 298 - group = "httpd"; 299 - dnsProvider = "porkbun"; 300 - environmentFile = config.age.secrets.acme.path; 301 - }; 302 - }; 16 + # Don't wait for networks on boot, should speed up boot 17 + systemd.network.wait-online.enable = false; 18 + boot.initrd.systemd.network.wait-online.enable = false; 19 + networking.firewall.trustedInterfaces = [ "tailscale0" ]; 303 20 304 - # A test email server that only works on LAN 305 - services.maddy = { 21 + # Enable the OpenSSH daemon. 22 + services.openssh = { 306 23 enable = true; 307 24 openFirewall = true; 308 - primaryDomain = "misaki.local"; 309 - ensureAccounts = [ 310 - "noah@misaki.local" 311 - "postmaster@misaki.local" 312 - "test@misaki.local" 313 - ]; 314 - ensureCredentials = { 315 - "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 316 - "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 - "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 318 - }; 25 + settings.PasswordAuthentication = false; 319 26 }; 320 27 321 - age.secrets.nix-serve = { 322 - file = ./secrets/nix-serve-secret-key.age; 323 - owner = "root"; 324 - group = "root"; 325 - }; 326 - services.nix-serve = { 327 - enable = true; 328 - package = unstable.nix-serve-ng; 329 - secretKeyFile = config.age.secrets.nix-serve.path; 330 - openFirewall = true; 331 - }; 332 - 333 - services.plex = { 334 - enable = true; 335 - openFirewall = false; # we proxy this with nginx 336 - group = "nas"; 337 - user = "noah"; 338 - package = unstable.plex; 339 - }; 340 - 341 - services.jellyfin = { 342 - enable = true; 343 - openFirewall = true; 344 - user = "noah"; 345 - group = "nas"; 346 - logDir = "/srv/shokuhou/applications/jellyfin/log"; 347 - cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 348 - dataDir = "/srv/shokuhou/applications/jellyfin/data"; 349 - configDir = "/srv/shokuhou/applications/jellyfin/config"; 350 - }; 351 - 352 - # services.gitea = { 353 - # enable = true; 354 - # user = "git"; 355 - # domain = "git.packetlost.dev"; 356 - # }; 357 - 358 - # Litterbox, collect my IRC logs 359 - systemd = { 360 - services = { 361 - "litterbox@" = { 362 - path = [ pkgs.litterbox ]; 363 - serviceConfig = { 364 - StartLimitIntervalSec = 5; 365 - StartLimitBurst = 10; 366 - Restart = "on-failure"; 367 - RestartSec = "10s"; 368 - Type = "simple"; 369 - ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 370 - ExecReload = "kill -USR1 $MAINPID"; 371 - User = "noah"; 372 - Group = "litterbox"; 373 - }; 374 - }; 375 - 376 - #"litterbox@libera.irc.packetlost.dev" = { 377 - # overrideStrategy = "asDropin"; 378 - # wantedBy = [ "multi-user.target" ]; 379 - #}; 380 - "update-downstream-src" = { 381 - path = with pkgs; [ 382 - rc 383 - coreutils 384 - git 385 - openssh 386 - ]; 387 - script = "exec ${./scripts/update-src}"; 388 - serviceConfig = { 389 - Type = "oneshot"; 390 - User = "noah"; 391 - WorkingDirectory = "/srv/src"; 392 - }; 393 - }; 394 - }; 395 - timers = { 396 - "update-downstream-src" = { 397 - wantedBy = [ "timers.target" ]; 398 - timerConfig = { 399 - OnCalendar = "daily"; 400 - Persistent = true; 401 - }; 402 - }; 403 - }; 404 - }; 405 - 406 - services.teamspeak3 = { 407 - enable = true; 408 - openFirewall = true; 409 - }; 410 - 411 - services.immich = { 412 - enable = true; 413 - package = unstable.immich; 414 - accelerationDevices = [ "/dev/dri/renderD128" ]; 415 - mediaLocation = "/srv/shokuhou/pictures/immich"; 416 - }; 417 - users.users.immich.extraGroups = [ 418 - "video" 419 - "render" 420 - "nas" 28 + # MOSH, SSH over flakey connections 29 + programs.mosh.enable = true; 30 + } 31 + // lib.optionalAttrs enableNFTables { 32 + # Use nftables 33 + networking.nftables.enable = true; 34 + # Support native nftables in tailscale 35 + systemd.services.tailscaled.serviceConfig.Environment = [ 36 + "TS_DEBUG_FIREWALL_MODE=nftables" 421 37 ]; 422 - 423 - # Nginx Reverse SSL Proxy 424 - services.nginx = { 425 - enable = true; 426 - group = "nas"; 427 - user = "noah"; 428 - 429 - # This is disabled for now 430 - #virtualHosts."${config.services.grafana.settings.server.domain}" = { 431 - # locations."/" = { 432 - # proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}"; 433 - # proxyWebsockets = true; 434 - # }; 435 - #}; 436 - 437 - virtualHosts."cache.packetlost.dev" = { 438 - locations."/".proxyPass = 439 - "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 440 - }; 441 - virtualHosts."photos.ngp.computer" = { 442 - enableACME = false; 443 - useACMEHost = "photos.ngp.computer"; 444 - acmeRoot = null; 445 - forceSSL = true; 446 - locations."/" = { 447 - proxyPass = "http://[::1]:${toString config.services.immich.port}"; 448 - proxyWebsockets = true; 449 - recommendedProxySettings = true; 450 - extraConfig = '' 451 - client_max_body_size 50000M; 452 - proxy_read_timeout 600s; 453 - proxy_send_timeout 600s; 454 - send_timeout 600s; 455 - ''; 456 - }; 457 - }; 458 - virtualHosts."img.ngp.computer" = { 459 - forceSSL = true; 460 - enableACME = false; 461 - useACMEHost = "img.ngp.computer"; 462 - acmeRoot = null; 463 - root = "/srv/shokuhou/pictures/public"; 464 - extraConfig = '' 465 - sendfile on; 466 - autoindex_exact_size on; 467 - tcp_nopush on; 468 - ''; 469 - locations."/" = { 470 - extraConfig = '' 471 - autoindex on; 472 - autoindex_exact_size on; 473 - alias /srv/shokuhou/pictures/public/$1; 474 - ''; 475 - }; 476 - }; 477 - virtualHosts."files.ngp.computer" = { 478 - forceSSL = true; 479 - enableACME = false; 480 - useACMEHost = "files.ngp.computer"; 481 - acmeRoot = null; 482 - root = null; 483 - extraConfig = '' 484 - sendfile on; 485 - tcp_nopush on; 486 - ''; 487 - locations."/books/" = { 488 - extraConfig = '' 489 - autoindex on; 490 - autoindex_exact_size on; 491 - alias /srv/shokuhou/books/sync/$1; 492 - ''; 493 - }; 494 - }; 495 - virtualHosts."jellyfin.packetlost.dev" = { 496 - forceSSL = true; 497 - enableACME = false; 498 - useACMEHost = "jellyfin.packetlost.dev"; 499 - acmeRoot = null; 500 - http2 = true; 501 - locations."/" = { 502 - proxyPass = "http://localhost:8096/"; 503 - }; 504 - }; 505 - 506 - # give a name to the virtual host. It also becomes the server name. 507 - virtualHosts."plex.packetlost.dev" = { 508 - # Since we want a secure connection, we force SSL 509 - forceSSL = true; 510 - enableACME = false; 511 - useACMEHost = "plex.packetlost.dev"; 512 - acmeRoot = null; 513 - 514 - # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 515 - http2 = true; 516 - 517 - # Provide the ssl cert and key for the vhost 518 - # These are filled in automatically with ACME 519 - extraConfig = '' 520 - 521 - #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 522 - send_timeout 100m; 523 - 524 - # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 525 - ssl_stapling on; 526 - ssl_stapling_verify on; 527 - 528 - ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 529 - ssl_prefer_server_ciphers on; 530 - #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 531 - ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 532 - 533 - # Forward real ip and host to Plex 534 - proxy_set_header X-Real-IP $remote_addr; 535 - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 536 - proxy_set_header X-Forwarded-Proto $scheme; 537 - proxy_set_header Host $server_addr; 538 - proxy_set_header Referer $server_addr; 539 - proxy_set_header Origin $server_addr; 540 - 541 - # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 542 - gzip on; 543 - gzip_vary on; 544 - gzip_min_length 1000; 545 - gzip_proxied any; 546 - gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 547 - gzip_disable "MSIE [1-6]\."; 548 - 549 - # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 550 - # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 551 - client_max_body_size 100M; 552 - 553 - # Plex headers 554 - proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 555 - proxy_set_header X-Plex-Device $http_x_plex_device; 556 - proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 557 - proxy_set_header X-Plex-Platform $http_x_plex_platform; 558 - proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 559 - proxy_set_header X-Plex-Product $http_x_plex_product; 560 - proxy_set_header X-Plex-Token $http_x_plex_token; 561 - proxy_set_header X-Plex-Version $http_x_plex_version; 562 - proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 563 - proxy_set_header X-Plex-Provides $http_x_plex_provides; 564 - proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 565 - proxy_set_header X-Plex-Model $http_x_plex_model; 566 - 567 - # Websockets 568 - proxy_http_version 1.1; 569 - proxy_set_header Upgrade $http_upgrade; 570 - proxy_set_header Connection "upgrade"; 571 - 572 - # Buffering off send to the client as soon as the data is received from Plex. 573 - proxy_redirect off; 574 - proxy_buffering off; 575 - ''; 576 - 577 - locations."/" = { 578 - proxyPass = "http://localhost:32400/"; 579 - }; 580 - }; 581 - }; 582 38 }
+1 -6
shell.nix
··· 1 1 { pkgs ? import <nixos-unstable> { } }: 2 - pkgs.mkShell { 3 - packages = with pkgs; [ nil lua-language-server nixpkgs-fmt ]; 4 - shellHook = '' 5 - ${(import ./default.nix).pre-commit-check.shellHook} 6 - ''; 7 - } 2 + pkgs.mkShell { packages = with pkgs; [ nil lua-language-server ]; }
+32
ssh/extra
··· 1 1 AddKeysToAgent yes 2 2 ServerAliveInterval 60 3 + ForwardAgent yes 3 4 ControlMaster auto 4 5 ControlPath ~/.ssh/master-%r@%h:%p 5 6 ··· 25 26 IdentityFile ~/.ssh/id_ed25519 26 27 ForwardAgent yes 27 28 29 + Host aleister 30 + HostName 192.168.1.16 31 + User noah 32 + IdentityFile ~/.ssh/id_ed25519 33 + ForwardAgent yes 34 + 28 35 Host komoe 29 36 HostName 192.168.1.5 30 37 User noah 31 38 IdentityFile ~/.ssh/id_ed25519 32 39 ForwardAgent yes 40 + 41 + Host othinus 42 + HostName 192.168.1.4 43 + User noah 44 + IdentityFile ~/.ssh/id_ed25519 45 + ForwardAgent yes 46 + 47 + Host odin 48 + HostName 192.168.1.6 49 + User noah 50 + IdentityFile ~/.ssh/id_ed25519 51 + ForwardAgent yes 52 + 53 + Host accelerator 54 + HostName 192.168.1.7 55 + User noah 56 + IdentityFile ~/.ssh/id_ed25519 57 + ForwardAgent yes 58 + 59 + Host shizuri 60 + HostName 192.168.1.15 61 + User noah 62 + IdentityFile ~/.ssh/id_ed25519 63 + ForwardAgent yes 64 + ForwardX11 yes 33 65 34 66 Host sdf 35 67 HostName tty.sdf.org
+18 -13
sway/odin
··· 2 2 #workspace $ws1 output DP-6 3 3 #workspace $ws2 output HDMI-A-1 4 4 5 - # HDMI is the main output 6 - output HDMI-A-1 pos 0 0 7 - output HDMI-A-1 adaptive_sync off 8 - output DP-9 pos -430 1440 9 - output DP-9 adaptive_sync on 10 - # Sometimes the DP identifier changes for some reason 11 - output DP-6 pos -430 1440 12 - output DP-6 adaptive_sync on 13 - output DP-10 pos -430 1440 14 - output DP-10 adaptive_sync on 15 - # The HDMI gets messed up too :( 16 - output HDMI-A-2 pos 0 0 17 - output HDMI-A-2 adaptive_sync off 5 + output "Acer Technologies XV272U 0x0000A50C" { 6 + mode 2560x1440@143.999Hz 7 + pos 440 0 8 + transform normal 9 + scale 1.0 10 + scale_filter nearest 11 + adaptive_sync off 12 + dpms on 13 + } 14 + output "LG Electronics LG ULTRAGEAR 307NTPC58464" { 15 + mode 3440x1440@85.0Hz 16 + pos 0 1440 17 + transform normal 18 + scale 1.0 19 + scale_filter nearest 20 + adaptive_sync on 21 + dpms on 22 + }
+17 -10
users.nix
··· 1 - { pkgs, lib, ... }: 2 1 { 2 + pkgs, 3 + lib, 4 + config, 5 + extraGroups ? [ ], 6 + ... 7 + }: 8 + { 9 + 3 10 # Declarative only optoins. 4 11 # I don't want to allow ad-hoc modifying users on the system. 5 12 # Users must be declared either as part of a package or in this file. 6 13 users.mutableUsers = false; 7 14 15 + age.secrets.noah-password = { 16 + file = ./secrets/noah-hashed-password.age; 17 + owner = "root"; 18 + group = "root"; 19 + }; 20 + 8 21 # Define a user account. Don't forget to set a password with ‘passwd’. 9 22 users.users.noah = { 10 23 isNormalUser = true; ··· 12 25 extraGroups = [ 13 26 "wheel" 14 27 "video" 15 - "render" 16 28 "nas" 17 - "nats" 18 - "litterbox" 19 - "httpd" 20 - ]; # Enable ‘sudo’ for the user. 21 - hashedPasswordFile = "/etc/nixos/noah-password"; 29 + ] 30 + ++ extraGroups; # Enable ‘sudo’ for the user. 31 + hashedPasswordFile = config.age.secrets.noah-password.path; 22 32 openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 23 33 builtins.readFile ( 24 34 builtins.fetchurl { ··· 31 41 ) 32 42 ); 33 43 }; 34 - 35 44 users.groups.nas.gid = 1001; 36 - users.groups.httpd.gid = 1002; 37 - users.groups.litterbox.gid = 1003; 38 45 }
+42 -28
vis/visrc.lua
··· 1 1 require('vis') 2 - 3 - local plug = require('plugins/vis-plug') 4 - 2 + local plugin_manager = 'plugins/vis-plug' 5 3 local plugins = { 6 - { 'timoha/vis-acme', theme = true, file = 'acme' }, 4 + --{ 'timoha/vis-acme', theme = true, file = 'acme' }, 7 5 { 'milhnl/vis-format' }, 8 6 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 9 7 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, 10 8 { url = 'https://repo.or.cz/vis-parkour.git', alias = 'vis-parkour' } 11 9 } 12 10 11 + function setup_plug() 12 + if not pcall(require, 'plugins/vis-plug') then 13 + os.execute('git clone --quiet https://github.com/erf/vis-plug ' .. 14 + (os.getenv('XDG_CONFIG_HOME') or os.getenv('HOME') .. '/.config') 15 + .. '/vis/plugins/vis-plug') 16 + end 17 + return require('plugins/vis-plug') 18 + end 19 + local plug = setup_plug() 20 + 13 21 plug.init(plugins, true) 14 22 15 - 16 - 17 - 18 - 23 + function configure_plugin(name, config) 24 + if vis:module_exist(name) then 25 + local module = require(name) 26 + config(module) 27 + end 28 + end 19 29 20 30 vis.events.subscribe(vis.events.INIT, function() 21 - local format = require('plugins/vis-format') 22 - vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 23 - vis:map(vis.modes.NORMAL, '=', format.apply) 24 - local lspc = require('plugins/vis-lspc') 25 - if next(lspc) then 26 - lspc.logging = true 27 - lspc.log_file = "/tmp/lspc.log" 31 + configure_plugin('plugins/vis-format', function(format) 32 + vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 33 + vis:map(vis.modes.NORMAL, '=', format.apply) 34 + end) 35 + configure_plugin('plugins/vis-lspc', function(lspc) 36 + if next(lspc) then 37 + lspc.logging = true 38 + lspc.log_file = "/tmp/lspc.log" 28 39 29 - lspc.ls_map.rust = { 30 - name = "rust", 31 - cmd = "rust-analyzer", 32 - formatting_options = {tabSize = 4, insertSpaces = true} 33 - } 34 - end 40 + lspc.ls_map.rust = { 41 + name = "rust", 42 + cmd = "rust-analyzer", 43 + formatting_options = {tabSize = 4, insertSpaces = true} 44 + } 45 + lspc.ls_map.lua = { 46 + name = "lua", 47 + cmd = "lua-language-server", 48 + formatting_options = { insertSpaces = false } 49 + } 50 + end 51 + end) 35 52 end) 36 53 37 54 38 - vis.events.subscribe(vis.events.WIN_OPEN, function(win) 55 + vis.events.subscribe(vis.events.WIN_OPEN, function() 39 56 --per-window configuration-- 40 57 --vis:command('set number') 41 - vis:command('set showtab on') 42 - vis:command('set showspace on') 58 + --vis:command('set showtab on') 59 + --vis:command('set showspace off') 43 60 vis:command('set autoindent on') 44 61 vis:command('set cursorline on') 45 62 vis:command('set tabwidth 4') 46 63 end) 47 - 48 - 49 - 50 - 64 + return nil