ngp.computer / nixos
Configuration for my NixOS based systems and Home Manager
fork atom

Compare changes

Choose any two refs to compare.

+3511 -1104
unified split
+1 -2
boot.nix
··· 1 - { ... }: 2 - { 3 # Use the systemd-boot EFI boot loader. 4 boot.loader.systemd-boot.enable = true; 5 boot.loader.efi.canTouchEfiVariables = true;
··· 1 + { ... }: { 2 # Use the systemd-boot EFI boot loader. 3 boot.loader.systemd-boot.enable = true; 4 boot.loader.efi.canTouchEfiVariables = true;
+31
common.nix
···
··· 1 + { ... }: 2 + { 3 + # Set your time zone. 4 + time.timeZone = "America/Chicago"; 5 + 6 + # Select internationalisation properties. 7 + i18n.defaultLocale = "en_US.UTF-8"; 8 + # console = { 9 + # font = "Lat2-Terminus16"; 10 + # keyMap = "us"; 11 + # useXkbConfig = true; # use xkb.options in tty. 12 + # }; 13 + 14 + # Automatic doc cache generation 15 + documentation.man.generateCaches = true; 16 + 17 + # Automatic system upgrades 18 + system.autoUpgrade = { 19 + enable = true; 20 + dates = "09:00"; 21 + randomizedDelaySec = "45min"; 22 + }; 23 + 24 + # Automatic Garbage Collection 25 + nix.gc.automatic = true; 26 + nix.gc.options = "--delete-older-than 8d"; 27 + nix.settings.trusted-users = [ "@wheel" ]; 28 + 29 + # I don't care that much about free vs unfree 30 + nixpkgs.config.allowUnfree = true; 31 + }
-63
configuration.nix
··· 1 - # Edit this configuration file to define what should be installed on 2 - ## your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { ... }: 6 - { 7 - imports = [ 8 - # Include the results of the hardware scan. 9 - ./hardware-configuration.nix 10 - ./boot.nix 11 - ./networking.nix 12 - #./gui.nix 13 - ./users.nix 14 - ./packages.nix 15 - ./services.nix 16 - ]; 17 - 18 - nixpkgs.config.allowUnfree = true; 19 - 20 - # Set your time zone. 21 - time.timeZone = "America/Chicago"; 22 - 23 - # Select internationalisation properties. 24 - i18n.defaultLocale = "en_US.UTF-8"; 25 - # console = { 26 - # font = "Lat2-Terminus16"; 27 - # keyMap = "us"; 28 - # useXkbConfig = true; # use xkb.options in tty. 29 - # }; 30 - 31 - # Automatic doc cache generation 32 - documentation.man.generateCaches = true; 33 - 34 - # Automatic system upgrades 35 - system.autoUpgrade = { 36 - enable = true; 37 - dates = "09:00"; 38 - randomizedDelaySec = "45min"; 39 - }; 40 - 41 - # Automatic Garbage Collection 42 - nix.gc.automatic = true; 43 - nix.gc.options = "--delete-older-than 8d"; 44 - 45 - # This option defines the first version of NixOS you have installed on this particular machine, 46 - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 47 - # 48 - # Most users should NEVER change this value after the initial install, for any reason, 49 - # even if you've upgraded your system to a new NixOS release. 50 - # 51 - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 52 - # so changing it will NOT upgrade your system. 53 - # 54 - # This value being lower than the current NixOS release does NOT mean your system is 55 - # out of date, out of support, or vulnerable. 56 - # 57 - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 58 - # and migrated your data accordingly. 59 - # 60 - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 61 - system.stateVersion = "23.11"; # Did you read the comment? 62 - 63 - }
···
+254
default-home.nix
···
··· 1 + { 2 + pkgs, 3 + unstable, 4 + inputs, 5 + config, 6 + ... 7 + }: 8 + { 9 + imports = [ 10 + inputs.agenix.homeManagerModules.default 11 + ]; 12 + home.username = "noah"; 13 + home.homeDirectory = "/home/noah"; 14 + 15 + age.identityPaths = [ 16 + "${config.home.homeDirectory}/.ssh/id_rsa" 17 + "${config.home.homeDirectory}/.ssh/id_ed25519" 18 + "${config.home.homeDirectory}/.ssh/id_ed25519_age" 19 + ]; 20 + 21 + home.packages = with pkgs; [ 22 + inputs.agenix.packages."${system}".agenix 23 + # main tool 24 + direnv 25 + tree 26 + btop 27 + htop 28 + rsync 29 + unzip 30 + fd 31 + ripgrep 32 + catgirl 33 + netcat 34 + stunnel 35 + fzf 36 + iperf3 37 + entr 38 + lf 39 + #devenv # broken 40 + plan9port 41 + pwgen 42 + metastore 43 + isync 44 + pass 45 + tmux 46 + age 47 + 48 + # Dev tools 49 + gcc 50 + go 51 + unstable.gopls 52 + gnumake 53 + babashka 54 + # Babashka common aliases 55 + neil 56 + ccls 57 + clojure 58 + unstable.clj-kondo 59 + unstable.clojure-lsp 60 + unstable.janet 61 + unstable.jpm 62 + graalvmPackages.graalvm-ce 63 + cmake 64 + universal-ctags 65 + kotlin 66 + nodejs 67 + node2nix 68 + opam 69 + rustup 70 + zig 71 + scala_3 72 + scalafmt 73 + # scala LSP 74 + unstable.metals 75 + # Scala / Java build tool 76 + sbt 77 + luarocks 78 + luajit 79 + lua-language-server 80 + leiningen 81 + libressl 82 + erlang 83 + elixir 84 + ghc 85 + nil 86 + python3 87 + typescript 88 + #vscode-langservers-extracted 89 + scdoc 90 + #dockerfile-language-server-nodejs 91 + #yaml-language-server 92 + mkcert 93 + natscli 94 + poetry 95 + sqlite 96 + pandoc 97 + unstable.harec 98 + unstable.hare 99 + unstable.haredo 100 + unstable.haredoc 101 + unstable.gleam 102 + unstable.rebar3 103 + unstable.bun 104 + unstable.gh 105 + unstable.kraft 106 + #unstable.claude-code 107 + 108 + # Python dev tools 109 + pyright 110 + python313Packages.python-lsp-server 111 + python313Packages.python-lsp-ruff 112 + 113 + # Certificate Management 114 + minica 115 + mkcert 116 + step-cli 117 + 118 + ]; 119 + 120 + nix = { 121 + #package = pkgs.nix; 122 + settings = { 123 + experimental-features = [ 124 + "nix-command" 125 + "flakes" 126 + ]; 127 + extra-trusted-users = [ 128 + "noah" 129 + ]; 130 + extra-substituters = [ 131 + "https://cache.ngp.computer" 132 + ]; 133 + extra-trusted-public-keys = [ 134 + "misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=" 135 + ]; 136 + }; 137 + }; 138 + 139 + programs.fish = { 140 + enable = true; 141 + #package = unstable.fish; 142 + }; 143 + programs.neovim = { 144 + #package = unstable.neovim-unwrapped; 145 + enable = true; 146 + defaultEditor = true; 147 + withNodeJs = true; 148 + withPython3 = true; 149 + extraPackages = with pkgs; [ 150 + unstable.fzf 151 + unstable.ripgrep 152 + luarocks 153 + unstable.tree-sitter 154 + ]; 155 + }; 156 + programs.home-manager.enable = true; 157 + programs.helix.enable = true; 158 + programs.jujutsu = { 159 + enable = true; 160 + }; 161 + programs.git = { 162 + enable = true; 163 + lfs.enable = true; 164 + settings.user.name = "Noah Pederson"; 165 + settings.user.email = "noah@packetlost.dev"; 166 + extraConfig = { 167 + sendemail = { 168 + smtpserver = "smtp.migadu.com"; 169 + smtpuser = "noah@packetlost.dev"; 170 + smptencryption = "tls"; 171 + smtpserverport = 587; 172 + }; 173 + init = { 174 + defaultBranch = "master"; 175 + }; 176 + pull = { 177 + rebase = true; 178 + }; 179 + credential = { 180 + helper = "cache"; 181 + }; 182 + rerere.enable = true; 183 + }; 184 + ignores = [ 185 + ".direnv/" 186 + ".envrc" 187 + "flake.nix" 188 + "shell.nix" 189 + ".env/" 190 + ".clj-kondo/" 191 + ]; 192 + }; 193 + programs.aerc = { 194 + enable = true; 195 + package = unstable.aerc; 196 + }; 197 + programs.ssh = { 198 + enable = true; 199 + matchBlocks."*".addKeysToAgent = "yes"; 200 + }; 201 + 202 + services.ssh-agent.enable = true; 203 + services.mako.enable = false; 204 + 205 + programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 206 + services.gpg-agent = { 207 + enable = true; 208 + defaultCacheTtl = 1800; 209 + }; 210 + 211 + programs.direnv = { 212 + enable = true; 213 + nix-direnv.enable = true; 214 + }; 215 + 216 + xdg.enable = true; 217 + 218 + # Independent config files. 219 + xdg.configFile.nvim = { 220 + source = ./nvim; 221 + recursive = true; 222 + }; 223 + 224 + xdg.configFile.vis = { 225 + source = ./vis; 226 + recursive = true; 227 + }; 228 + 229 + xdg.configFile.fish = { 230 + source = ./fish; 231 + recursive = true; 232 + force = true; 233 + }; 234 + 235 + xdg.configFile.aerc = { 236 + source = ./aerc; 237 + recursive = true; 238 + }; 239 + 240 + home.file.".local/bin" = { 241 + source = ./scripts; 242 + recursive = true; 243 + }; 244 + age.secrets.catgirl-libera = { 245 + file = ./secrets/catgirl-libera.age; 246 + path = "${config.xdg.configHome}/catgirl/libera"; 247 + symlink = true; 248 + }; 249 + 250 + manual.manpages.enable = true; 251 + 252 + home.stateVersion = "23.11"; 253 + 254 + }
+11 -5
fish/config.fish
··· 29 alias r "cd ~/repos" 30 end 31 32 - # We start the ssh-agent in noah-home.nix, so we'll add the socket to the environment 33 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 34 - 35 # PATH stuff 36 37 if type -q "direnv" 38 direnv hook fish | source 39 set -g direnv_fish_mode eval_on_arrow ··· 45 end 46 47 # NATS config 48 - set -Ux NATS_URL tls://nats.packetlost.dev 49 set -Ux NATS_CA /srv/nats/minica.pem 50 - set -Ux NATS_CERT /srv/nats/odin.packetlost.dev/cert.pem 51 - set -Ux NATS_KEY /srv/nats/odin.packetlost.dev/key.pem 52 53 # Keybindings 54 fish_default_key_bindings
··· 29 alias r "cd ~/repos" 30 end 31 32 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 33 # PATH stuff 34 35 + if test -z "(pgrep ssh-agent)" 36 + eval (ssh-agent -c) > /dev/null # no output 37 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 38 + set -Ux SSH_AGENT_PID $SSH_AGENT_PID 39 + set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 40 + end 41 + 42 + # Run ssh-agent 43 if type -q "direnv" 44 direnv hook fish | source 45 set -g direnv_fish_mode eval_on_arrow ··· 51 end 52 53 # NATS config 54 + set -Ux NATS_URL tls://misaki.local 55 set -Ux NATS_CA /srv/nats/minica.pem 56 + set -Ux NATS_CERT /srv/nats/touma-nixos@packetlost.dev/cert.pem 57 + set -Ux NATS_KEY /srv/nats/touma-nixos@packetlost.dev/key.pem 58 59 # Keybindings 60 fish_default_key_bindings
+1 -1
fish/functions/lfcd.fish
··· 13 14 function lfcd 15 set tmp (mktemp) 16 - yazi --cwd-file=$tmp $argv 17 if test -f "$tmp" 18 set dir (cat $tmp) 19 rm -f $tmp
··· 13 14 function lfcd 15 set tmp (mktemp) 16 + lf -last-dir-path=$tmp $argv 17 if test -f "$tmp" 18 set dir (cat $tmp) 19 rm -f $tmp
-20
fish/functions/rfv.fish
··· 1 - # ripgrep->fzf->nvim [QUERY] 2 - # Ripped from: https://junegunn.github.io/fzf/tips/ripgrep-integration/ 3 - function rfv 4 - set -lx RELOAD 'reload:rg --column --color=always --smart-case {q} || :' 5 - set -lx OPENER 'if [[ $FZF_SELECT_COUNT -eq 0 ]]; then 6 - nvim {1} +{2} # No selection. Open the current line in Vim. 7 - else 8 - nvim +cw -q {+f} # Build quickfix list for the selected items. 9 - fi' 10 - fzf < /dev/null \ 11 - --disabled --ansi --multi \ 12 - --bind "start:$RELOAD" --bind "change:$RELOAD" \ 13 - --bind "enter:become:$OPENER" \ 14 - --bind "ctrl-o:execute:$OPENER" \ 15 - --bind 'alt-a:select-all,alt-d:deselect-all,ctrl-/:toggle-preview' \ 16 - --delimiter : \ 17 - --preview 'bat --style=full --color=always --highlight-line {2} {1}' \ 18 - --preview-window '~4,+{2}+4/3,<80(up)' \ 19 - --query "$argv" 20 - end
···
+89 -78
flake.lock
··· 4 "inputs": { 5 "darwin": "darwin", 6 "home-manager": "home-manager", 7 - "nixpkgs": "nixpkgs", 8 "systems": "systems" 9 }, 10 "locked": { ··· 46 "determinate-nixd-aarch64-darwin": { 47 "flake": false, 48 "locked": { 49 - "narHash": "sha256-vDaEQ5T4eA7kEPREmm68IVWGR6zT0aDL5slZxA6dkSc=", 50 "type": "file", 51 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/macOS" 52 }, 53 "original": { 54 "type": "file", 55 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/macOS" 56 } 57 }, 58 "determinate-nixd-aarch64-linux": { 59 "flake": false, 60 "locked": { 61 - "narHash": "sha256-Hf4JsIv5G3IR0Q0RHGLSNdmDzFv97sVQQKwzY6A0vV4=", 62 "type": "file", 63 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/aarch64-linux" 64 }, 65 "original": { 66 "type": "file", 67 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/aarch64-linux" 68 } 69 }, 70 "determinate-nixd-x86_64-linux": { 71 "flake": false, 72 "locked": { 73 - "narHash": "sha256-J+J4E02XpEl0ZkpzMbUmGCf6S4yk0gYCYmiGzZ058ik=", 74 "type": "file", 75 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/x86_64-linux" 76 }, 77 "original": { 78 "type": "file", 79 - "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.0/x86_64-linux" 80 } 81 }, 82 "determinite": { ··· 90 ] 91 }, 92 "locked": { 93 - "lastModified": 1766177528, 94 - "narHash": "sha256-Bl+p766mM7qNCZtMqmTz13RuUbOMKsFa+/vnGYoxgPk=", 95 - "rev": "b159c082f0f9bdefa6c386189a13c5fa0734d8d8", 96 - "revCount": 317, 97 "type": "tarball", 98 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.0/019b3865-57a1-7d80-98c5-962fac29c404/source.tar.gz" 99 }, 100 "original": { 101 "type": "tarball", ··· 121 "flake-compat_2": { 122 "flake": false, 123 "locked": { 124 - "lastModified": 1761588595, 125 - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", 126 "owner": "edolstra", 127 "repo": "flake-compat", 128 - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", 129 "type": "github" 130 }, 131 "original": { ··· 134 "type": "github" 135 } 136 }, 137 "flake-parts": { 138 "inputs": { 139 "nixpkgs-lib": [ ··· 230 ] 231 }, 232 "locked": { 233 - "lastModified": 1766292113, 234 - "narHash": "sha256-sWTtmkQujRpjWYCnZc8LWdDiCzrRlSBPrGovkZpLkBI=", 235 "owner": "nix-community", 236 "repo": "home-manager", 237 - "rev": "fdec8815a86db36f42fc9c8cb2931cd8485f5aed", 238 "type": "github" 239 }, 240 "original": { ··· 248 "inputs": { 249 "flake-parts": "flake-parts", 250 "git-hooks-nix": "git-hooks-nix", 251 - "nixpkgs": "nixpkgs_2", 252 "nixpkgs-23-11": "nixpkgs-23-11", 253 "nixpkgs-regression": "nixpkgs-regression" 254 }, 255 "locked": { 256 - "lastModified": 1766174426, 257 - "narHash": "sha256-0ZofAQZNgg5nfIKsVb7g4It6ufmIyLtfFRPOf+6WRkk=", 258 - "rev": "15d6091194b5b90d292e8d6283db77f09c303b1e", 259 - "revCount": 24285, 260 "type": "tarball", 261 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.0/019b3854-cca6-7298-a91c-0fd8551a7270/source.tar.gz" 262 }, 263 "original": { 264 "type": "tarball", 265 "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 266 } 267 }, 268 - "nixpkgs": { 269 "locked": { 270 - "lastModified": 1754028485, 271 - "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", 272 - "owner": "NixOS", 273 - "repo": "nixpkgs", 274 - "rev": "59e69648d345d6e8fef86158c555730fa12af9de", 275 "type": "github" 276 }, 277 "original": { 278 - "owner": "NixOS", 279 - "ref": "nixos-25.05", 280 - "repo": "nixpkgs", 281 "type": "github" 282 } 283 }, 284 "nixpkgs-23-11": { 285 "locked": { 286 "lastModified": 1717159533, ··· 315 }, 316 "nixpkgs-unstable": { 317 "locked": { 318 - "lastModified": 1766309749, 319 - "narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=", 320 "owner": "nixos", 321 "repo": "nixpkgs", 322 - "rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816", 323 "type": "github" 324 }, 325 "original": { ··· 331 }, 332 "nixpkgs_2": { 333 "locked": { 334 - "lastModified": 1761597516, 335 - "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 336 - "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 337 - "revCount": 811874, 338 - "type": "tarball", 339 - "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 340 - }, 341 - "original": { 342 - "type": "tarball", 343 - "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 344 - } 345 - }, 346 - "nixpkgs_3": { 347 - "locked": { 348 - "lastModified": 1766201043, 349 - "narHash": "sha256-eplAP+rorKKd0gNjV3rA6+0WMzb1X1i16F5m5pASnjA=", 350 "owner": "nixos", 351 "repo": "nixpkgs", 352 - "rev": "b3aad468604d3e488d627c0b43984eb60e75e782", 353 "type": "github" 354 }, 355 "original": { ··· 359 "type": "github" 360 } 361 }, 362 - "nixpkgs_4": { 363 - "locked": { 364 - "lastModified": 1764947035, 365 - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", 366 - "owner": "NixOS", 367 - "repo": "nixpkgs", 368 - "rev": "a672be65651c80d3f592a89b3945466584a22069", 369 - "type": "github" 370 - }, 371 - "original": { 372 - "owner": "NixOS", 373 - "ref": "nixpkgs-unstable", 374 - "repo": "nixpkgs", 375 - "type": "github" 376 - } 377 - }, 378 "pre-commit-hooks": { 379 "inputs": { 380 - "flake-compat": "flake-compat_2", 381 "gitignore": "gitignore", 382 - "nixpkgs": "nixpkgs_4" 383 }, 384 "locked": { 385 - "lastModified": 1765911976, 386 - "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", 387 "owner": "cachix", 388 "repo": "git-hooks.nix", 389 - "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", 390 "type": "github" 391 }, 392 "original": { ··· 400 "agenix": "agenix", 401 "determinite": "determinite", 402 "home-manager": "home-manager_2", 403 - "nixpkgs": "nixpkgs_3", 404 "nixpkgs-unstable": "nixpkgs-unstable", 405 "pre-commit-hooks": "pre-commit-hooks" 406 }
··· 4 "inputs": { 5 "darwin": "darwin", 6 "home-manager": "home-manager", 7 + "nixpkgs": [ 8 + "nixpkgs" 9 + ], 10 "systems": "systems" 11 }, 12 "locked": { ··· 48 "determinate-nixd-aarch64-darwin": { 49 "flake": false, 50 "locked": { 51 + "narHash": "sha256-zK2dgNHh/p92rk5jN+Y1LOMn0HEdTsS+7XXwb2g52oM=", 52 "type": "file", 53 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 54 }, 55 "original": { 56 "type": "file", 57 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/macOS" 58 } 59 }, 60 "determinate-nixd-aarch64-linux": { 61 "flake": false, 62 "locked": { 63 + "narHash": "sha256-ckvZP0zFcbzLXWYOJUqYXkKBt0b2IZcQEr7YjEVtwOI=", 64 "type": "file", 65 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 66 }, 67 "original": { 68 "type": "file", 69 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/aarch64-linux" 70 } 71 }, 72 "determinate-nixd-x86_64-linux": { 73 "flake": false, 74 "locked": { 75 + "narHash": "sha256-8dLtm8FJrpyBmrNpspJj30/6I5HGEfjjXuFqURcZ8pk=", 76 "type": "file", 77 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 78 }, 79 "original": { 80 "type": "file", 81 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.2/x86_64-linux" 82 } 83 }, 84 "determinite": { ··· 92 ] 93 }, 94 "locked": { 95 + "lastModified": 1768964099, 96 + "narHash": "sha256-sV1OJYyktJRl7I3HxeBvWTWXjqm2uCTS3gS1p+DLn7c=", 97 + "rev": "a5469e9aa3870941320cb92d899b66e141c5a3cd", 98 + "revCount": 394, 99 "type": "tarball", 100 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.2/019bde7d-0725-73ef-9705-498c50ef6e00/source.tar.gz" 101 }, 102 "original": { 103 "type": "tarball", ··· 123 "flake-compat_2": { 124 "flake": false, 125 "locked": { 126 + "lastModified": 1767039857, 127 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 128 "owner": "edolstra", 129 "repo": "flake-compat", 130 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 131 "type": "github" 132 }, 133 "original": { ··· 136 "type": "github" 137 } 138 }, 139 + "flake-compat_3": { 140 + "flake": false, 141 + "locked": { 142 + "lastModified": 1767039857, 143 + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", 144 + "owner": "NixOS", 145 + "repo": "flake-compat", 146 + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", 147 + "type": "github" 148 + }, 149 + "original": { 150 + "owner": "NixOS", 151 + "repo": "flake-compat", 152 + "type": "github" 153 + } 154 + }, 155 "flake-parts": { 156 "inputs": { 157 "nixpkgs-lib": [ ··· 248 ] 249 }, 250 "locked": { 251 + "lastModified": 1768949235, 252 + "narHash": "sha256-TtjKgXyg1lMfh374w5uxutd6Vx2P/hU81aEhTxrO2cg=", 253 "owner": "nix-community", 254 "repo": "home-manager", 255 + "rev": "75ed713570ca17427119e7e204ab3590cc3bf2a5", 256 "type": "github" 257 }, 258 "original": { ··· 266 "inputs": { 267 "flake-parts": "flake-parts", 268 "git-hooks-nix": "git-hooks-nix", 269 + "nixpkgs": "nixpkgs", 270 "nixpkgs-23-11": "nixpkgs-23-11", 271 "nixpkgs-regression": "nixpkgs-regression" 272 }, 273 "locked": { 274 + "lastModified": 1768960381, 275 + "narHash": "sha256-32oMe1y+kwvIJNiJsIvozTuSmDxcwST06i+0ak+L4AU=", 276 + "rev": "45ce621408cb8c9a724193d5fe858eb839662db8", 277 + "revCount": 24453, 278 "type": "tarball", 279 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.2/019bde75-b4ee-74b2-a812-28dc2ee83d58/source.tar.gz" 280 }, 281 "original": { 282 "type": "tarball", 283 "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 284 } 285 }, 286 + "nixos-wsl": { 287 + "inputs": { 288 + "flake-compat": "flake-compat_2", 289 + "nixpkgs": [ 290 + "nixpkgs" 291 + ] 292 + }, 293 "locked": { 294 + "lastModified": 1769217863, 295 + "narHash": "sha256-RY9kJDXD6+2Td/59LkZ0PFSereCXHdBX9wIkbYjRKCY=", 296 + "owner": "nix-community", 297 + "repo": "NixOS-WSL", 298 + "rev": "38a5250e57f583662eac3b944830e4b9e169e965", 299 "type": "github" 300 }, 301 "original": { 302 + "owner": "nix-community", 303 + "ref": "main", 304 + "repo": "NixOS-WSL", 305 "type": "github" 306 } 307 }, 308 + "nixpkgs": { 309 + "locked": { 310 + "lastModified": 1761597516, 311 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 312 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 313 + "revCount": 811874, 314 + "type": "tarball", 315 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 316 + }, 317 + "original": { 318 + "type": "tarball", 319 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 320 + } 321 + }, 322 "nixpkgs-23-11": { 323 "locked": { 324 "lastModified": 1717159533, ··· 353 }, 354 "nixpkgs-unstable": { 355 "locked": { 356 + "lastModified": 1769018530, 357 + "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", 358 "owner": "nixos", 359 "repo": "nixpkgs", 360 + "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", 361 "type": "github" 362 }, 363 "original": { ··· 369 }, 370 "nixpkgs_2": { 371 "locked": { 372 + "lastModified": 1769089682, 373 + "narHash": "sha256-9yA/LIuAVQq0lXelrZPjLuLVuZdm03p8tfmHhnDIkms=", 374 "owner": "nixos", 375 "repo": "nixpkgs", 376 + "rev": "078d69f03934859a181e81ba987c2bb033eebfc5", 377 "type": "github" 378 }, 379 "original": { ··· 383 "type": "github" 384 } 385 }, 386 "pre-commit-hooks": { 387 "inputs": { 388 + "flake-compat": "flake-compat_3", 389 "gitignore": "gitignore", 390 + "nixpkgs": [ 391 + "nixpkgs" 392 + ] 393 }, 394 "locked": { 395 + "lastModified": 1769069492, 396 + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", 397 "owner": "cachix", 398 "repo": "git-hooks.nix", 399 + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", 400 "type": "github" 401 }, 402 "original": { ··· 410 "agenix": "agenix", 411 "determinite": "determinite", 412 "home-manager": "home-manager_2", 413 + "nixos-wsl": "nixos-wsl", 414 + "nixpkgs": "nixpkgs_2", 415 "nixpkgs-unstable": "nixpkgs-unstable", 416 "pre-commit-hooks": "pre-commit-hooks" 417 }
+169 -37
flake.nix
··· 5 # Specify the source of Home Manager and Nixpkgs. 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 determinite = { 9 url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 10 inputs.nixpkgs.follows = "nixpkgs"; ··· 13 url = "github:nix-community/home-manager/release-25.11"; 14 inputs.nixpkgs.follows = "nixpkgs"; 15 }; 16 - pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 17 - agenix.url = "github:ryantm/agenix"; 18 }; 19 20 outputs = ··· 22 self, 23 nixpkgs, 24 nixpkgs-unstable, 25 determinite, 26 home-manager, 27 pre-commit-hooks, ··· 36 "aarch64-darwin" 37 ]; 38 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 39 in 40 { 41 - nixosConfigurations.odin = inputs.nixpkgs.lib.nixosSystem rec { 42 - system = "x86_64-linux"; 43 - specialArgs = { 44 - inherit inputs; 45 - unstable = nixpkgs-unstable.legacyPackages.${system}; 46 - }; 47 modules = [ 48 - determinite.nixosModules.default 49 - ./configuration.nix 50 - agenix.nixosModules.default 51 - home-manager.nixosModules.home-manager 52 - { 53 - home-manager.useGlobalPkgs = true; 54 - home-manager.useUserPackages = true; 55 - home-manager.users.noah = ./home.nix; 56 - home-manager.extraSpecialArgs = { 57 - inherit inputs; 58 - unstable = nixpkgs-unstable.legacyPackages.x86_64-linux; 59 }; 60 61 - # Optionally, use home-manager.extraSpecialArgs to pass 62 - # arguments to home.nix 63 - } 64 - ]; 65 }; 66 - #homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 67 - # # Specify your home configuration modules here, for example, 68 - # # the path to your home.nix. 69 - # modules = [ ./home.nix ]; 70 - # # Optionally use extraSpecialArgs 71 - # # to pass through arguments to home.nix 72 - # extraSpecialArgs = { 73 - # inherit inputs; 74 - # # TODO(ngp): figure out how to avoid double speccifying the platform here 75 - # unstable = nixpkgs-unstable.legacyPackages.x86_64-linux; 76 - # }; 77 - #}; 78 checks = forAllSystems (system: { 79 - pre-commit-check = inputs.pre-commit-hooks.lib.${system}.run { 80 src = ./.; 81 # If your hooks are intrusive, avoid running on each commit with a default_states like this: 82 # default_stages = ["manual" "push"]; 83 hooks = { 84 - nixfmt.enable = true; 85 nil.enable = true; 86 luacheck.enable = true; 87 };
··· 5 # Specify the source of Home Manager and Nixpkgs. 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 + nixos-wsl = { 9 + url = "github:nix-community/NixOS-WSL/main"; 10 + inputs.nixpkgs.follows = "nixpkgs"; 11 + }; 12 determinite = { 13 url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 14 inputs.nixpkgs.follows = "nixpkgs"; ··· 17 url = "github:nix-community/home-manager/release-25.11"; 18 inputs.nixpkgs.follows = "nixpkgs"; 19 }; 20 + pre-commit-hooks = { 21 + url = "github:cachix/git-hooks.nix"; 22 + inputs.nixpkgs.follows = "nixpkgs"; 23 + }; 24 + agenix = { 25 + url = "github:ryantm/agenix"; 26 + inputs.nixpkgs.follows = "nixpkgs"; 27 + }; 28 }; 29 30 outputs = ··· 32 self, 33 nixpkgs, 34 nixpkgs-unstable, 35 + nixos-wsl, 36 determinite, 37 home-manager, 38 pre-commit-hooks, ··· 47 "aarch64-darwin" 48 ]; 49 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 50 + basicSystem = 51 + { 52 + system ? "x86_64-linux", 53 + modules ? [ ], 54 + useUnstable ? false, 55 + extraGroups ? [ ], 56 + overlays ? [ ], 57 + enableNFTables ? true, 58 + }: 59 + let 60 + unstable = import nixpkgs-unstable { 61 + inherit system overlays; 62 + config.allowUnfree = true; 63 + }; 64 + in 65 + inputs.nixpkgs.lib.nixosSystem { 66 + inherit system; 67 + specialArgs = { 68 + inherit inputs extraGroups enableNFTables; 69 + } 70 + // nixpkgs.lib.optionalAttrs useUnstable { 71 + inherit unstable; 72 + }; 73 + modules = [ 74 + determinite.nixosModules.default 75 + ./common.nix 76 + ./users.nix 77 + ./services.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./default-home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit inputs; 86 + } 87 + // nixpkgs.lib.optionalAttrs useUnstable { 88 + inherit unstable; 89 + }; 90 + } 91 + ] 92 + ++ modules; 93 + }; 94 in 95 { 96 + # incomplete 97 + nixosConfigurations.odin = basicSystem { 98 + extraGroups = [ 99 + "libvirtd" 100 + "qemu-libvirtd" 101 + "docker" 102 + ]; 103 + useUnstable = true; 104 + modules = [ 105 + ./host-specific/odin/configuration.nix 106 + ]; 107 + }; 108 + nixosConfigurations.shizuri = basicSystem { 109 + useUnstable = true; 110 + modules = [ 111 + ./host-specific/shizuri/configuration.nix 112 + ]; 113 + }; 114 + nixosConfigurations.misaki = basicSystem { 115 + useUnstable = true; 116 + extraGroups = [ 117 + "render" 118 + "nats" 119 + "litterbox" 120 + "httpd" 121 + ]; 122 modules = [ 123 + ./host-specific/misaki/configuration.nix 124 + ]; 125 + overlays = [ 126 + (final: prev: { 127 + # Override the version of Plex installed to be the latest 128 + plexRaw = prev.plexRaw.overrideAttrs rec { 129 + version = "1.43.0.10389-8be686aa6"; 130 + src = final.fetchurl { 131 + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; 132 + sha256 = "0HjB8Ggekwl5dKwM1Kh51Ic25t3V6veKbuzM7czrpeg="; 133 + }; 134 }; 135 + ## Override the json object that contains verions and hashes for Immich 136 + #immich = prev.immich.override { sourcesJSON = ./overrides/immich-sources.json; }; 137 + ## Fix errors wit numpy version failing to resolve in the immich ML package 138 + #immich-machine-learning = prev.immich-machine-learning.overrideAttrs 139 + # (finalAttrs: prevAttrs: { 140 + # pythonRelaxDeps = prevAttrs.pythonRelaxDeps ++ [ "numpy" ]; 141 + # }); 142 + }) 143 + ]; 144 + }; 145 + nixosConfigurations.touma-wsl = basicSystem { 146 + useUnstable = true; 147 + modules = [ 148 + ./host-specific/touma-wsl.nix 149 + nixos-wsl.nixosModules.default 150 + ]; 151 + enableNFTables = false; 152 + }; 153 + nixosConfigurations.edge = basicSystem { 154 + useUnstable = true; 155 + modules = [ 156 + ./host-specific/edge/configuration.nix 157 + ]; 158 + }; 159 + homeConfigurations."noah-aleister" = home-manager.lib.homeManagerConfiguration { 160 + pkgs = import nixpkgs { 161 + system = "aarch64-darwin"; 162 + config.allowUnfree = true; 163 + }; 164 + # Specify your home configuration modules here, for example, 165 + # the path to your home.nix. 166 + modules = [ 167 + ./host-specific/aleister-noah.nix 168 + agenix.homeManagerModules.default 169 + ]; 170 171 + # Optionally use extraSpecialArgs 172 + # to pass through arguments to home.nix 173 + extraSpecialArgs = { 174 + unstable = import nixpkgs-unstable { 175 + system = "aarch64-darwin"; 176 + config.allowUnfree = true; 177 + }; 178 + }; 179 }; 180 + homeConfigurations."noah" = 181 + let 182 + system = "x86_64-linux"; 183 + pkgs = import nixpkgs { 184 + inherit system; 185 + config.allowUnfree = true; 186 + }; 187 + unstable = import nixpkgs-unstable { 188 + inherit system; 189 + config.allowUnfree = true; 190 + }; 191 + in 192 + home-manager.lib.homeManagerConfiguration { 193 + inherit pkgs; 194 + # Specify your home configuration modules here, for example, 195 + # the path to your home.nix. 196 + modules = [ 197 + ./default-home.nix 198 + { 199 + nix.package = pkgs.nix; 200 + } 201 + ]; 202 + 203 + # Optionally use extraSpecialArgs 204 + # to pass through arguments to home.nix 205 + extraSpecialArgs = { 206 + inherit unstable; 207 + inputs = inputs; 208 + }; 209 + }; 210 checks = forAllSystems (system: { 211 + pre-commit-check = pre-commit-hooks.lib.${system}.run { 212 src = ./.; 213 # If your hooks are intrusive, avoid running on each commit with a default_states like this: 214 # default_stages = ["manual" "push"]; 215 hooks = { 216 + nixfmt-rfc-style.enable = true; 217 nil.enable = true; 218 luacheck.enable = true; 219 };
+12 -4
ghostty/config
··· 1 - font-size = 13 2 - font-family = Berkeley Mono 3 - theme = catppuccin-macchiato 4 shell-integration = fish 5 6 - window-decoration = false 7 8 font-feature = calt 9 font-feature = ccmp ··· 20 #font-feature = ss06 21 #font-feature = ss07 22 #font-feature = ss08
··· 1 + #font-size = 13 2 + font-family = TX-02 Medium 3 + theme = flat-remix-light 4 + #theme = dark:catppuccin-frappe,light:catppuccin-latte 5 shell-integration = fish 6 + link-url = true 7 + clipboard-read = allow 8 9 + #window-decoration = true 10 11 font-feature = calt 12 font-feature = ccmp ··· 23 #font-feature = ss06 24 #font-feature = ss07 25 #font-feature = ss08 26 + 27 + custom-shader = ~/.config/ghostty/shaders/galaxy.glsl 28 + #custom-shader = ~/.config/ghostty/shaders/tft.glsl 29 + #custom-shader = ~/.config/ghostty/shaders/retro-terminal.glsl 30 + #custom-shader = ~/.config/ghostty/shaders/bettercrt.glsl
+42
ghostty/themes/flat-remix-light
···
··· 1 + # standard colors 2 + # black 3 + palette = 0=#404040 4 + # red 5 + palette = 1=#d41919 6 + # green 7 + palette = 2=#12715f 8 + # yellow 9 + palette = 3=#fea44c 10 + # blue 11 + palette = 4=#367bf0 12 + # purple 13 + palette = 5=#8c42ab 14 + # cyan 15 + palette = 6=#4aaee6 16 + # white 17 + palette = 7=#ffffff 18 + 19 + # intense colors 20 + # black (grey) 21 + palette = 8=#737680 22 + # red 23 + palette = 9=#811035 24 + # green 25 + palette = 10=#23bac2 26 + # yellow 27 + palette = 11=#fe7171 28 + # blue 29 + palette = 12=#54bd8e 30 + # purple 31 + palette = 13=#d41919 32 + # cyan 33 + palette = 14=#367bf0 34 + # white 35 + palette = 15=#aaaaaa 36 + 37 + background = #e4e4e7 38 + foreground = #404040 39 + cursor-color = #272a34 40 + cursor-text = #b8174c 41 + selection-background = #737680 42 + selection-foreground = #ffffff
+13 -32
gui.nix
··· 1 - { pkgs, ... }: 2 { 3 # Enable the X11 windowing system. 4 - services.xserver = { 5 - enable = true; 6 - videoDrivers = [ "amdgpu" ]; 7 - }; 8 - 9 - # Fix for HIP libraries 10 - systemd.tmpfiles.rules = [ 11 - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 - ]; 13 14 # Configure keymap in X11 15 # services.xserver.xkb.layout = "us"; ··· 29 }; 30 31 # Graphics and parallel compute configuration 32 - hardware.graphics = { 33 - enable = true; 34 - extraPackages = with pkgs; [ 35 - libva 36 - mesa 37 - rocmPackages.clr.icd 38 - ]; 39 - }; 40 41 # Enable touchpad support (enabled default in most desktopManager). 42 # services.xserver.libinput.enable = true; ··· 46 fira-code 47 fira-code-symbols 48 noto-fonts 49 - noto-fonts-cjk-sans 50 - noto-fonts-color-emoji 51 - nerd-fonts.fira-code 52 ]; 53 54 # Polkit is a dependency of Sway. It's responsible for handling security policies ··· 57 # Enable the sway window manager 58 programs.sway = { 59 enable = true; 60 - #package = unstable.sway; 61 wrapperFeatures.gtk = true; 62 }; 63 # Use greetd as the displaymanager 64 #services.xserver.displayManager.greetd.enable = true; 65 #services.xserver.displayManager.lightdm.enable = false; 66 - services.displayManager.sddm.enable = true; 67 - services.displayManager.defaultSession = "sway"; 68 - services.displayManager.autoLogin = { 69 enable = true; 70 user = "noah"; 71 }; ··· 85 enable = true; 86 wlr.enable = true; 87 extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 - }; 89 - xdg.mime = { 90 - enable = true; 91 - defaultApplications = { 92 - "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 - "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 - }; 95 }; 96 services.dbus.enable = true; 97 services.gnome.gnome-keyring.enable = true;
··· 1 + { pkgs, unstable, ... }: 2 { 3 # Enable the X11 windowing system. 4 + services.xserver.enable = true; 5 6 # Configure keymap in X11 7 # services.xserver.xkb.layout = "us"; ··· 21 }; 22 23 # Graphics and parallel compute configuration 24 + hardware.opengl.extraPackages = [ 25 + pkgs.libva 26 + ]; 27 28 # Enable touchpad support (enabled default in most desktopManager). 29 # services.xserver.libinput.enable = true; ··· 33 fira-code 34 fira-code-symbols 35 noto-fonts 36 + noto-fonts-cjk 37 + noto-fonts-emoji 38 + noto-fonts-extra 39 + (nerdfonts.override { fonts = [ "FiraCode" ]; }) 40 ]; 41 42 # Polkit is a dependency of Sway. It's responsible for handling security policies ··· 45 # Enable the sway window manager 46 programs.sway = { 47 enable = true; 48 + package = unstable.sway; 49 wrapperFeatures.gtk = true; 50 }; 51 # Use greetd as the displaymanager 52 #services.xserver.displayManager.greetd.enable = true; 53 #services.xserver.displayManager.lightdm.enable = false; 54 + services.xserver.displayManager.sddm.enable = true; 55 + services.xserver.displayManager.defaultSession = "none+i3"; 56 + services.xserver.displayManager.autoLogin = { 57 enable = true; 58 user = "noah"; 59 }; ··· 73 enable = true; 74 wlr.enable = true; 75 extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 76 }; 77 services.dbus.enable = true; 78 services.gnome.gnome-keyring.enable = true;
-93
hardware-configuration.nix
··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { 5 - config, 6 - lib, 7 - modulesPath, 8 - pkgs, 9 - ... 10 - }: 11 - 12 - { 13 - imports = [ 14 - (modulesPath + "/installer/scan/not-detected.nix") 15 - ]; 16 - 17 - boot.kernelPackages = pkgs.linuxPackages_latest; 18 - boot.initrd.availableKernelModules = [ 19 - "nvme" 20 - "xhci_pci" 21 - "thunderbolt" 22 - "usb_storage" 23 - "usbhid" 24 - "sd_mod" 25 - "sdhci_pci" 26 - ]; 27 - boot.initrd.kernelModules = [ 28 - "kvm-amd" 29 - "amdgpu" 30 - "nvme" 31 - "xhci_pci" 32 - "thunderbolt" 33 - "usb_storage" 34 - "usbhid" 35 - "sd_mod" 36 - "sdhci_pci" 37 - ]; 38 - boot.kernelModules = [ 39 - "kvm-amd" 40 - "amdgpu" 41 - "nvme" 42 - "xhci_pci" 43 - "thunderbolt" 44 - "usb_storage" 45 - "usbhid" 46 - "sd_mod" 47 - "sdhci_pci" 48 - ]; 49 - virtualisation.libvirtd = { 50 - enable = true; 51 - qemu = { 52 - runAsRoot = false; 53 - }; 54 - }; 55 - #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 - boot.kernelParams = [ ]; 57 - 58 - hardware.enableRedistributableFirmware = true; 59 - 60 - fileSystems."/" = { 61 - device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 - fsType = "ext4"; 63 - }; 64 - 65 - fileSystems."/boot" = { 66 - device = "/dev/disk/by-uuid/4B85-C90A"; 67 - fsType = "vfat"; 68 - }; 69 - 70 - swapDevices = [ 71 - { 72 - device = "/swapfile"; 73 - size = 32 * 1024; 74 - } 75 - ]; 76 - 77 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 - # (the default) this is the recommended approach. When using systemd-networkd it's 79 - # still possible to use this option, but it's recommended to use it in conjunction 80 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 - networking.useDHCP = lib.mkDefault true; 82 - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 - # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 - 85 - nixpkgs.hostPlatform = { 86 - #gcc.arch = "znver2"; 87 - #gcc.tune = "znver2"; 88 - system = "x86_64-linux"; 89 - #gcc.arch = "x86-64-v3"; 90 - }; 91 - #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 - }
···
-298
home.nix
··· 1 - { 2 - pkgs, 3 - unstable, 4 - ... 5 - }: 6 - { 7 - home.sessionVariables = { 8 - NIXOS_OZONE_WL = "1"; 9 - }; 10 - 11 - home.packages = with pkgs; [ 12 - # main tool 13 - # TODO: re-enable this ASAP. Why is it broken??? 14 - #firefox-devedition 15 - direnv 16 - fish 17 - tree 18 - btop 19 - htop 20 - mtr 21 - pavucontrol 22 - moreutils 23 - picocom 24 - # Disabled because even unstable is too out-of-date 25 - # unstable.logseq 26 - #element-desktop 27 - rsync 28 - unzip 29 - fd 30 - jq 31 - ripgrep 32 - bat 33 - netcat 34 - stunnel 35 - fzf 36 - iperf3 37 - entr 38 - bitwarden-cli 39 - # Previewer for LF 40 - unstable.pistol 41 - sqlite 42 - age 43 - just 44 - unstable.catgirl 45 - #devenv 46 - plan9port 47 - killall 48 - 49 - # Dev tools 50 - git 51 - gcc 52 - go 53 - gopls 54 - gnumake 55 - babashka 56 - ccls 57 - unstable.clojure 58 - unstable.cljfmt 59 - unstable.clojure-lsp 60 - unstable.janet 61 - unstable.jpm 62 - unstable.fennel-ls 63 - graalvmPackages.graalvm-ce 64 - cmake 65 - ctags 66 - kotlin 67 - nodejs 68 - node2nix 69 - opam 70 - unstable.rustup # includes rust-analyzer 71 - # Scala stuff 72 - #scala_3 73 - #scalafmt 74 - #metals 75 - # Scala / Java build tool 76 - #sbt 77 - # Haskell 78 - #cabal-install 79 - luarocks 80 - luajit 81 - lua-language-server 82 - luaformatter 83 - #leiningen 84 - libressl 85 - erlang 86 - elixir 87 - #ghc 88 - nil # nix language server 89 - typescript 90 - # This is currently broken 91 - #vscode-langservers-extracted 92 - scdoc 93 - dockerfile-language-server-nodejs 94 - yaml-language-server 95 - mkcert 96 - natscli 97 - sqlite 98 - unstable.gleam 99 - unstable.rebar3 100 - #unstable.flyctl 101 - unstable.bun 102 - unstable.gh 103 - unstable.kraft 104 - unstable.doctl 105 - 106 - # GUI tools 107 - i3status 108 - i3lock 109 - maim 110 - slurp 111 - grim 112 - wl-clipboard 113 - playerctl 114 - xclip 115 - zathura 116 - fuzzel 117 - thunderbird 118 - ghostty 119 - slack 120 - 121 - # Python dev tools 122 - #pyright 123 - python314 124 - #python314Packages.pip 125 - # These are broken right now for some reason 126 - #python314Packages.python-lsp-server 127 - #python314Packages.python-lsp-ruff 128 - 129 - # Certificate Management 130 - minica 131 - mkcert 132 - step-cli 133 - #unstable.ollama 134 - 135 - # Unfree 136 - #discord 137 - #spotify 138 - #telegram-desktop 139 - #unstable.google-chrome 140 - #unstable.jetbrains-toolbox 141 - (pkgs.callPackage ./packages/foks.nix { }) 142 - (pkgs.callPackage ./packages/foks-server.nix { }) 143 - ]; 144 - 145 - nix = { 146 - settings.experimental-features = [ 147 - "nix-command" 148 - "flakes" 149 - ]; 150 - }; 151 - 152 - programs.fish = { 153 - enable = true; 154 - #package = unstable.fish; 155 - }; 156 - programs.neovim = { 157 - #package = unstable.neovim-unwrapped; 158 - enable = true; 159 - defaultEditor = true; 160 - withNodeJs = true; 161 - withPython3 = true; 162 - extraPackages = with pkgs; [ 163 - fzf 164 - ripgrep 165 - luarocks 166 - unstable.tree-sitter 167 - ]; 168 - }; 169 - programs.git = { 170 - enable = true; 171 - lfs.enable = true; 172 - userName = "Noah Pederson"; 173 - userEmail = "noah@packetlost.dev"; 174 - extraConfig = { 175 - sendemail = { 176 - smtpserver = "smtp.migadu.com"; 177 - smtpuser = "noah@packetlost.dev"; 178 - smtpencryption = "ssl"; 179 - smtpserverport = 465; 180 - }; 181 - init = { 182 - defaultBranch = "master"; 183 - }; 184 - pull = { 185 - rebase = true; 186 - }; 187 - credential = { 188 - helper = "cache"; 189 - }; 190 - }; 191 - ignores = [ 192 - ".direnv/" 193 - ".envrc" 194 - "flake.nix" 195 - "shell.nix" 196 - ".env/" 197 - ".clj-kondo/" 198 - ]; 199 - }; 200 - 201 - programs.aerc = { 202 - enable = true; 203 - package = unstable.aerc; 204 - }; 205 - 206 - programs.ssh = { 207 - enable = true; 208 - extraConfig = builtins.readFile ./ssh/extra; 209 - addKeysToAgent = "yes"; 210 - }; 211 - 212 - programs.yazi = { 213 - enable = true; 214 - package = unstable.yazi; 215 - enableFishIntegration = true; 216 - settings = { 217 - preview = { 218 - image_quality = 90; 219 - }; 220 - tasks = { 221 - image_bound = [ 222 - 0 223 - 0 224 - ]; 225 - }; 226 - }; 227 - plugins = { 228 - rsync = unstable.yaziPlugins.rsync; 229 - piper = unstable.yaziPlugins.piper; 230 - nord = unstable.yaziPlugins.nord; 231 - mediainfo = unstable.yaziPlugins.mediainfo; 232 - glow = unstable.yaziPlugins.glow; 233 - git = unstable.yaziPlugins.git; 234 - diff = unstable.yaziPlugins.diff; 235 - duckdb = unstable.yaziPlugins.duckdb; 236 - }; 237 - }; 238 - 239 - services.ssh-agent.enable = true; 240 - 241 - programs.direnv = { 242 - enable = true; 243 - nix-direnv.enable = true; 244 - }; 245 - 246 - # Independent config files. 247 - xdg.configFile.nvim = { 248 - source = ./nvim; 249 - recursive = true; 250 - }; 251 - 252 - xdg.configFile.vis = { 253 - source = ./vis; 254 - recursive = true; 255 - }; 256 - 257 - xdg.configFile.fish = { 258 - source = ./fish; 259 - recursive = true; 260 - }; 261 - 262 - xdg.configFile.kitty = { 263 - source = ./kitty; 264 - recursive = true; 265 - }; 266 - 267 - xdg.configFile.aerc = { 268 - source = ./aerc; 269 - recursive = true; 270 - }; 271 - 272 - xdg.configFile.sway = { 273 - source = ./sway; 274 - recursive = true; 275 - }; 276 - 277 - xdg.configFile.i3 = { 278 - source = ./i3; 279 - recursive = true; 280 - }; 281 - xdg.configFile.i3status = { 282 - source = ./i3status; 283 - recursive = true; 284 - }; 285 - 286 - xdg.configFile.ghostty = { 287 - source = ./ghostty; 288 - recursive = true; 289 - }; 290 - 291 - home.file.".local/bin" = { 292 - source = ./scripts; 293 - recursive = true; 294 - }; 295 - 296 - home.stateVersion = "23.11"; 297 - 298 - }
···
+397
host-specific/aleister-noah.nix
···
··· 1 + { 2 + pkgs, 3 + unstable, 4 + lib, 5 + inputs, 6 + ... 7 + }: 8 + { 9 + # Home Manager needs a bit of information about you and the paths it should 10 + # manage. 11 + home.username = "noah"; 12 + home.homeDirectory = "/Users/noah"; 13 + imports = [ 14 + inputs.agenix.homeManagerModules.default 15 + ]; 16 + nix = { 17 + package = pkgs.nix; 18 + settings = { 19 + experimental-features = [ 20 + "nix-command" 21 + "flakes" 22 + ]; 23 + }; 24 + }; 25 + 26 + # I generally don't care about unfree stuff 27 + nixpkgs.config.allowUnfree = true; 28 + nixpkgs.config.allowUnfreePredicte = _: true; 29 + 30 + home.packages = with pkgs; [ 31 + # main tool 32 + direnv 33 + #fish 34 + tree 35 + btop 36 + # Apple Silicon top monitoring 37 + macpm 38 + htop 39 + mtr 40 + moreutils 41 + rsync 42 + bash 43 + tmux 44 + coreutils 45 + util-linux 46 + p7zip 47 + unar 48 + watch 49 + 50 + unzip 51 + fd 52 + jq 53 + ripgrep 54 + bat 55 + netcat 56 + stunnel 57 + iperf3 58 + entr 59 + ncdu 60 + # broken? 61 + #unstable.bitwarden-cli 62 + sqlite 63 + age 64 + just 65 + mdr 66 + unstable.catgirl 67 + plan9port 68 + unstable.rc 69 + unstable.glow 70 + unstable.vis 71 + # Tcl/Tk 72 + #unstable.tcl 73 + #unstable.tk 74 + #unstable.tclPackages.tclx 75 + nodejs 76 + 77 + # Dev tools 78 + git 79 + git-filter-repo 80 + unstable.ruff 81 + # Rust REPL 82 + evcxr 83 + #unstable.gcc 84 + #unstable.clang 85 + # Swift stuff 86 + #swift 87 + #swift-format 88 + # Swift LSP 89 + #sourcekit-lsp 90 + unstable.go 91 + unstable.gopls 92 + gnumake 93 + #unstable.babashka 94 + #unstable.ccls 95 + unstable.clojure 96 + unstable.cljfmt 97 + unstable.clojure-lsp 98 + unstable.janet 99 + unstable.jpm 100 + unstable.fennel-ls 101 + unstable.graalvmPackages.graalvm-ce 102 + unstable.crystal 103 + unstable.crystalline 104 + cmake 105 + ctags 106 + #kotlin 107 + #nodejs 108 + #yarn 109 + #node2nix 110 + #opam 111 + # Scala stuff 112 + #unstable.scala_3 113 + #unstable.scalafmt 114 + #unstable.metals 115 + # Scala / Java build tool 116 + #unstable.sbt 117 + # Haskell 118 + #cabal-install 119 + #ghc 120 + 121 + # Lua 122 + luarocks 123 + luajit 124 + unstable.lua-language-server 125 + luaformatter 126 + libressl 127 + # Erlang 128 + #erlang 129 + #elixir 130 + unstable.nil # nix language server 131 + unstable.nixd 132 + #typescript 133 + # This is currently broken 134 + #vscode-langservers-extracted 135 + scdoc 136 + #dockerfile-language-server-nodejs 137 + # BROKEN 138 + #yaml-language-server 139 + mkcert 140 + natscli 141 + python314 142 + unstable.uv 143 + sqlite 144 + #unstable.gleam 145 + #unstable.rebar3 146 + #unstable.flyctl 147 + unstable.bun 148 + unstable.gh 149 + unstable.kraft 150 + unstable.doctl 151 + 152 + # GUI tools 153 + zathura 154 + unstable.opencode 155 + 156 + # Python dev tools 157 + #unstable.pyright 158 + unstable.basedpyright 159 + unstable.python313Packages.python-lsp-server 160 + unstable.python313Packages.python-lsp-ruff 161 + 162 + # JavaScript tools 163 + #typescript-language-server 164 + 165 + # Certificate Management 166 + minica 167 + mkcert 168 + step-cli 169 + unstable.claude-code 170 + 171 + # Fish Plugins 172 + #fishPlugins.fzf 173 + #fishPlugins.pure 174 + 175 + # Libraries because MacOS is kinda stupid 176 + ncurses 177 + ]; 178 + 179 + #programs.fish = { 180 + # enable = true; 181 + # package = unstable.fish; 182 + #}; 183 + programs.fzf = { 184 + enable = true; 185 + enableFishIntegration = true; 186 + }; 187 + programs.pistol.enable = true; 188 + programs.home-manager.enable = true; 189 + programs.neovim = { 190 + package = unstable.neovim-unwrapped; 191 + enable = true; 192 + defaultEditor = true; 193 + withNodeJs = false; 194 + withPython3 = true; 195 + extraPackages = with pkgs; [ 196 + fzf 197 + ripgrep 198 + luarocks 199 + tree-sitter 200 + ]; 201 + }; 202 + programs.git = { 203 + enable = true; 204 + lfs.enable = true; 205 + userName = "Noah Pederson"; 206 + userEmail = "noah@packetlost.dev"; 207 + extraConfig = { 208 + sendemail = { 209 + smtpserver = "smtp.migadu.com"; 210 + smtpuser = "noah@packetlost.dev"; 211 + smtpauth = "plain"; 212 + smtpencryption = "tls"; 213 + smtpserverport = 465; 214 + }; 215 + init = { 216 + defaultBranch = "master"; 217 + }; 218 + pull = { 219 + rebase = true; 220 + }; 221 + push = { 222 + default = "simple"; 223 + autoSetupRemote = true; 224 + followTags = true; 225 + }; 226 + credential = { 227 + helper = "cache"; 228 + }; 229 + alias = { 230 + out = "log @{u}.."; 231 + }; 232 + column = { 233 + ui = "auto"; 234 + }; 235 + branch = { 236 + sort = "-committerdate"; 237 + }; 238 + tag = { 239 + sort = "version:refname"; 240 + }; 241 + diff = { 242 + algorithm = "histogram"; 243 + colorMoved = "plain"; 244 + mnemonicPrefix = true; 245 + renames = true; 246 + }; 247 + fetch = { 248 + prune = true; 249 + pruneTags = true; 250 + all = true; 251 + }; 252 + help = { 253 + autocorrect = "prompt"; 254 + }; 255 + commit = { 256 + verbose = true; 257 + }; 258 + rerere = { 259 + enabled = true; 260 + autoupdate = true; 261 + }; 262 + rebase = { 263 + autoSquash = true; 264 + autoStash = true; 265 + updateRefs = true; 266 + }; 267 + merge = { 268 + conflictStyle = "zdiff3"; 269 + }; 270 + }; 271 + ignores = [ 272 + ".direnv/" 273 + ".envrc" 274 + ".env/" 275 + ".clj-kondo/" 276 + ]; 277 + }; 278 + programs.aerc = { 279 + enable = true; 280 + }; 281 + programs.ssh = { 282 + enable = true; 283 + extraConfig = builtins.readFile ../ssh/extra; 284 + addKeysToAgent = "yes"; 285 + forwardAgent = true; 286 + }; 287 + 288 + programs.yazi = 289 + let 290 + localPkgs = pkgs; 291 + yaziPlugins = localPkgs.yaziPlugins; 292 + plugins = lib.attrsets.getAttrs [ 293 + "rsync" 294 + "piper" 295 + "nord" 296 + "mediainfo" 297 + "glow" 298 + "git" 299 + "diff" 300 + "duckdb" 301 + ] yaziPlugins; 302 + in 303 + { 304 + inherit plugins; 305 + enable = true; 306 + package = localPkgs.yazi; 307 + enableFishIntegration = true; 308 + settings = { 309 + preview = { 310 + image_quality = 90; 311 + }; 312 + tasks = { 313 + image_bound = [ 314 + 0 315 + 0 316 + ]; 317 + }; 318 + }; 319 + }; 320 + 321 + programs.direnv = { 322 + enable = true; 323 + nix-direnv.enable = true; 324 + }; 325 + 326 + programs.nix-index = { 327 + enable = true; 328 + enableFishIntegration = true; 329 + }; 330 + programs.helix = { 331 + enable = true; 332 + settings = { 333 + theme = "everforest_dark"; 334 + editor.cursor-shape = { 335 + normal = "block"; 336 + insert = "bar"; 337 + select = "underline"; 338 + }; 339 + }; 340 + languages.language = [ 341 + { 342 + name = "nix"; 343 + auto-format = true; 344 + formatter.command = "${pkgs.nixfmt}/bin/nixfmt"; 345 + } 346 + { 347 + name = "rust"; 348 + auto-format = true; 349 + formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; 350 + } 351 + ]; 352 + }; 353 + 354 + # Independent config files. 355 + xdg.configFile.nvim = { 356 + source = ../nvim; 357 + recursive = true; 358 + }; 359 + 360 + xdg.configFile.vis = { 361 + source = ../vis; 362 + recursive = true; 363 + }; 364 + 365 + xdg.configFile.fish = { 366 + source = ../fish; 367 + recursive = true; 368 + }; 369 + xdg.configFile."fish/completions/nix.fish".source = 370 + "${pkgs.nix}/share/fish/vendor_completions.d/nix.fish"; 371 + 372 + xdg.configFile.aerc = { 373 + source = ../aerc; 374 + recursive = true; 375 + }; 376 + 377 + xdg.configFile.ghostty = { 378 + source = ../ghostty; 379 + recursive = true; 380 + }; 381 + 382 + home.file.".local/bin" = { 383 + source = ../scripts; 384 + recursive = true; 385 + }; 386 + home.file.".luacheckrc" = { 387 + text = '' 388 + globals = { 389 + "vim", 390 + "vis", 391 + } 392 + ''; 393 + }; 394 + 395 + home.stateVersion = "24.11"; 396 + 397 + }
+207
host-specific/edge/configuration.nix
···
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { 6 + config, 7 + lib, 8 + pkgs, 9 + inputs, 10 + ... 11 + }: 12 + let 13 + system = pkgs.stdenv.targetPlatform.system; 14 + agave = (builtins.getFlake "/home/noah/repos/agave"); 15 + in 16 + { 17 + imports = [ 18 + # Include the results of the hardware scan. 19 + ./hardware-configuration.nix 20 + agave.nixosModules.default 21 + ]; 22 + 23 + nix.settings.experimental-features = [ 24 + "nix-command" 25 + "flakes" 26 + ]; 27 + 28 + # Use the systemd-boot EFI boot loader. 29 + boot.loader.systemd-boot.enable = true; 30 + #boot.loader.grub.device = "nodev"; 31 + #boot.loader.grub.efiSupport = true; 32 + #boot.loader.grub.useOSProber = true; 33 + boot.loader.efi.canTouchEfiVariables = true; 34 + 35 + # Use latest kernel. 36 + boot.kernelPackages = pkgs.linuxPackages_latest; 37 + 38 + networking.hostName = "edge"; # Define your hostname. 39 + 40 + # Configure network connections interactively with nmcli or nmtui. 41 + networking.networkmanager.enable = true; 42 + 43 + # Set your time zone. 44 + # time.timeZone = "Europe/Amsterdam"; 45 + 46 + # Configure network proxy if necessary 47 + # networking.proxy.default = "http://user:password@proxy:port/"; 48 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 49 + 50 + # Select internationalisation properties. 51 + i18n.defaultLocale = "en_US.UTF-8"; 52 + console = { 53 + font = "Lat2-Terminus16"; 54 + keyMap = "us"; 55 + #useXkbConfig = true; # use xkb.options in tty. 56 + }; 57 + 58 + # Enable the X11 windowing system. 59 + # services.xserver.enable = true; 60 + 61 + # Configure keymap in X11 62 + # services.xserver.xkb.layout = "us"; 63 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 64 + 65 + # Enable CUPS to print documents. 66 + # services.printing.enable = true; 67 + 68 + # Enable sound. 69 + # services.pulseaudio.enable = true; 70 + # OR 71 + # services.pipewire = { 72 + # enable = true; 73 + # pulse.enable = true; 74 + # }; 75 + 76 + # Enable touchpad support (enabled default in most desktopManager). 77 + # services.libinput.enable = true; 78 + 79 + # Define a user account. Don't forget to set a password with ‘passwd’. 80 + # users.users.alice = { 81 + # isNormalUser = true; 82 + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 83 + # packages = with pkgs; [ 84 + # tree 85 + # ]; 86 + # }; 87 + 88 + # programs.firefox.enable = true; 89 + 90 + # List packages installed in system profile. 91 + # You can use https://search.nixos.org/ to find more packages (and options). 92 + environment.systemPackages = with pkgs; [ 93 + neovim 94 + wget 95 + git 96 + htop 97 + inputs.agenix.packages."${system}".agenix 98 + agave.packages.${system}.solana 99 + agave.packages.${system}.solana-keygen 100 + ]; 101 + 102 + services.tailscale.useRoutingFeatures = "both"; 103 + 104 + # Some programs need SUID wrappers, can be configured further or are 105 + # started in user sessions. 106 + # programs.mtr.enable = true; 107 + # programs.gnupg.agent = { 108 + # enable = true; 109 + # enableSSHSupport = true; 110 + # }; 111 + 112 + # List services that you want to enable: 113 + 114 + # Enable the OpenSSH daemon. 115 + services.openssh.enable = true; 116 + services.openssh.openFirewall = true; 117 + 118 + # Open ports in the firewall. 119 + # networking.firewall.allowedTCPPorts = [ ... ]; 120 + # networking.firewall.allowedUDPPorts = [ ... ]; 121 + # Or disable the firewall altogether. 122 + networking.firewall.enable = true; 123 + networking.firewall = { 124 + allowPing = true; 125 + allowedUDPPorts = [ ]; 126 + allowedUDPPortRanges = [ 127 + # Agave 128 + { 129 + from = 8000; 130 + to = 8020; 131 + } 132 + ]; 133 + allowedTCPPorts = [ 134 + 2375 135 + 3000 136 + # Agave 137 + 8001 138 + 8899 139 + 8900 140 + 10000 141 + ]; 142 + }; 143 + security.pam.loginLimits = [ 144 + { 145 + domain = "*"; 146 + type = "soft"; 147 + item = "nofile"; 148 + value = "100000"; 149 + } 150 + { 151 + domain = "*"; 152 + type = "hard"; 153 + item = "nofile"; 154 + value = "1000000"; 155 + } 156 + ]; 157 + 158 + age.secrets.validator-identity = { 159 + file = ../../secrets/validator-identity.age; 160 + owner = "sol"; 161 + group = "sol"; 162 + }; 163 + services.ambient-validator = { 164 + enable = true; 165 + package = agave.packages.${system}.ambient-validator; 166 + # this needs to be a secret 167 + identityKeypair = config.age.secrets.validator-identity.path; 168 + rpcBindAddress = "0.0.0.0"; 169 + geyserPluginConfig = { 170 + libpath = "${agave.packages.${system}.yellowstone-geyser}/lib/libyellowstone_grpc_geyser.so"; 171 + log = { 172 + level = "info"; 173 + }; 174 + tokio = { 175 + worker_threads = 4; 176 + affinity = null; 177 + }; 178 + grpc = { 179 + address = "0.0.0.0:10000"; 180 + }; 181 + }; 182 + }; 183 + # Copy the NixOS configuration file and link it from the resulting system 184 + # (/run/current-system/configuration.nix). This is useful in case you 185 + # accidentally delete configuration.nix. 186 + # system.copySystemConfiguration = true; 187 + 188 + # This option defines the first version of NixOS you have installed on this particular machine, 189 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 190 + # 191 + # Most users should NEVER change this value after the initial install, for any reason, 192 + # even if you've upgraded your system to a new NixOS release. 193 + # 194 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 195 + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how 196 + # to actually do that. 197 + # 198 + # This value being lower than the current NixOS release does NOT mean your system is 199 + # out of date, out of support, or vulnerable. 200 + # 201 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 202 + # and migrated your data accordingly. 203 + # 204 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 205 + system.stateVersion = "25.11"; # Did you read the comment? 206 + 207 + }
+46
host-specific/edge/hardware-configuration.nix
···
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ (modulesPath + "/installer/scan/not-detected.nix") 9 + ]; 10 + 11 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" ]; 12 + boot.initrd.kernelModules = [ ]; 13 + boot.kernelModules = [ "kvm-amd" ]; 14 + boot.extraModulePackages = [ ]; 15 + 16 + fileSystems."/" = 17 + { device = "/dev/disk/by-uuid/8101a0a8-a8c6-4083-85b6-c136d3c80f2e"; 18 + fsType = "ext4"; 19 + }; 20 + 21 + fileSystems."/boot" = 22 + { device = "/dev/disk/by-uuid/E7AD-32DA"; 23 + fsType = "vfat"; 24 + options = [ "fmask=0077" "dmask=0077" ]; 25 + }; 26 + 27 + swapDevices = [ ]; 28 + 29 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 30 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 31 + boot.swraid = { 32 + enable = true; 33 + #mdadmConf = '' 34 + # ARRAY /dev/md126 metadata=1.2 UUID=27cd6eab:f0304d07:b859f0f2:1a8f29b7 35 + # MAILADDR noah 36 + #''; 37 + }; 38 + 39 + # stuff for Agave 40 + boot.kernel.sysctl."net.core.rmem_default" = 134217728; 41 + boot.kernel.sysctl."net.core.rmem_max" = 134217728; 42 + boot.kernel.sysctl."net.core.wmem_default" = 134217728; 43 + boot.kernel.sysctl."net.core.wmem_max" = 134217728; 44 + boot.kernel.sysctl."vm.max_map_count" = 1000000; 45 + boot.kernel.sysctl."fs.nr_open" = 1000000; 46 + }
+13
host-specific/misaki/boot.nix
···
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ 10 + "shokuhou" 11 + "mentalout" 12 + ]; 13 + }
+13
host-specific/misaki/configuration.nix
···
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./boot.nix 5 + ./users.nix 6 + ./hardware-configuration.nix 7 + ./networking.nix 8 + ./packages.nix 9 + ./services.nix 10 + ]; 11 + nixpkgs.config.allowUnfree = true; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+1
host-specific/misaki/coredns/localhost.hosts
···
··· 1 + 127.0.0.1 *.localhost
+11
host-specific/misaki/coredns/ngp.computer.hosts
···
··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 192.168.1.3 cache.ngp.computer 6 + 7 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 10 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer 11 + fe80::9ab7:85ff:fe1e:dfe8 cache.ngp.computer
+17
host-specific/misaki/coredns/packetlost.dev.hosts
···
··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou
+91
host-specific/misaki/hardware-configuration.nix
···
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "ahci" 22 + "usbhid" 23 + "usb_storage" 24 + "sd_mod" 25 + "dm-raid" 26 + "raid1" 27 + ]; 28 + boot.initrd.kernelModules = [ 29 + "dm-snapshot" 30 + "dm-raid" 31 + "raid1" 32 + ]; 33 + boot.kernelModules = [ 34 + "kvm-amd" 35 + "zfs" 36 + ]; 37 + boot.kernelParams = [ "i915.enable_guc=3" ]; 38 + boot.extraModulePackages = [ ]; 39 + 40 + fileSystems."/" = { 41 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 42 + fsType = "ext4"; 43 + }; 44 + 45 + fileSystems."/boot" = { 46 + device = "/dev/disk/by-uuid/81D4-01CD"; 47 + fsType = "vfat"; 48 + }; 49 + 50 + swapDevices = [ ]; 51 + 52 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 53 + # (the default) this is the recommended approach. When using systemd-networkd it's 54 + # still possible to use this option, but it's recommended to use it in conjunction 55 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 56 + networking.useDHCP = lib.mkDefault true; 57 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 58 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 59 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 60 + 61 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 62 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 63 + 64 + #nixpkgs.config.packageOverrides = pkgs: { 65 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 66 + #}; 67 + hardware.graphics = { 68 + enable = true; 69 + extraPackages = with pkgs; [ 70 + intel-media-driver 71 + #vaapiVdpau 72 + #libvdpau-va-gl # unmaintained, very old 73 + intel-compute-runtime 74 + vpl-gpu-rt 75 + ]; 76 + #extraPackages32 = with pkgs; [ 77 + # intel-media-driver 78 + # vaapiVdpau 79 + # #libvdpau-va-gl 80 + # intel-compute-runtime 81 + # vpl-gpu-rt 82 + #]; 83 + }; 84 + environment.variables = { 85 + VDPAU_DRIVER = "va_gl"; 86 + LIBVA_DRIVER_NAME = "iHD"; 87 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 88 + GST_VAAPI_ALL_DRIVERS = "1"; 89 + }; 90 + #services.xserver.videoDrivers = [ "intel" ]; 91 + }
+115
host-specific/misaki/networking.nix
···
··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [ 21 + { 22 + address = "192.168.1.3"; 23 + prefixLength = 24; 24 + } 25 + ]; 26 + }; 27 + }; 28 + networking.defaultGateway = { 29 + address = "192.168.1.1"; 30 + interface = "enp4s0f1"; 31 + }; 32 + 33 + networking.defaultGateway6 = { 34 + address = "fe80::2870:4eff:fe84:d884"; 35 + interface = "enp4s0f1"; 36 + }; 37 + 38 + networking.nameservers = [ 39 + "192.168.1.3" 40 + "45.90.28.93" 41 + "45.90.30.93" 42 + ]; 43 + 44 + # This is necessary for ZFS 45 + networking.hostId = "5beebabe"; 46 + 47 + networking.useNetworkd = true; 48 + # TODO: static IP @ 192.168.1.2 49 + 50 + # Configure network proxy if necessary 51 + # networking.proxy.default = "http://user:password@proxy:port/"; 52 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 53 + # Open ports in the firewall. 54 + # networking.firewall.allowedTCPPorts = [ ... ]; 55 + # networking.firewall.allowedUDPPorts = [ ... ]; 56 + # Or disable the firewall altogether. 57 + # TODO: allow some ports 58 + networking.firewall = { 59 + enable = true; 60 + allowPing = true; 61 + trustedInterfaces = [ 62 + "tailscale0" 63 + ]; 64 + allowedUDPPorts = [ 65 + # DNS 66 + 53 67 + config.services.tailscale.port 68 + ]; 69 + allowedTCPPorts = [ 70 + # DNS over TCP 71 + 53 72 + # NFSv4 73 + 2049 74 + # HTTP(s) 75 + 443 76 + 80 77 + # iperf3 78 + 5201 79 + 5301 80 + 5401 81 + # NATS 82 + 4222 83 + # Prometheus 84 + 9001 85 + # Minio 86 + 9003 87 + # Minio web 88 + 9004 89 + # AFP via Netatalk 90 + 548 91 + #9p 92 + 564 93 + # Misc development 94 + 3000 95 + ]; 96 + }; 97 + 98 + services.tailscale.useRoutingFeatures = "both"; 99 + 100 + services.avahi = { 101 + enable = true; 102 + nssmdns4 = true; 103 + nssmdns6 = true; 104 + ipv6 = true; 105 + openFirewall = true; 106 + publish = { 107 + enable = true; 108 + addresses = true; 109 + workstation = true; 110 + userServices = true; 111 + domain = true; 112 + }; 113 + }; 114 + 115 + }
+67
host-specific/misaki/packages.nix
···
··· 1 + { 2 + pkgs, 3 + lib, 4 + inputs, 5 + ... 6 + }: 7 + { 8 + 9 + # List packages installed in system profile. To search, run: 10 + # $ nix search wget 11 + environment.systemPackages = with pkgs; [ 12 + neovim 13 + appimage-run 14 + wget 15 + kitty 16 + w3m 17 + fishPlugins.fzf-fish 18 + fzf 19 + qemu 20 + OVMF 21 + metastore 22 + # 9p 23 + diod 24 + plan9port 25 + vis 26 + rc 27 + ncdu 28 + inputs.agenix.packages."${system}".agenix 29 + 30 + # ZFS / filesystem stuff 31 + zfs 32 + 33 + # GPU stuff 34 + intel-gpu-tools 35 + #(ffmpeg-full.override { 36 + # withUnfree = true; 37 + # withMfx = false; 38 + # withSmallBuild = false; 39 + # withTensorflow = false; 40 + #}) 41 + libva 42 + libva-utils 43 + nvtopPackages.intel 44 + ]; 45 + 46 + # Fix dynamically linked libraries for unpackaged binaries 47 + programs.nix-ld = { 48 + enable = true; 49 + libraries = with pkgs; [ 50 + # Add missing dynamic libraries for unpackaged programs HERE 51 + # NOT in environment.systemPackages 52 + zlib 53 + ]; 54 + }; 55 + 56 + programs.fuse.userAllowOther = true; 57 + 58 + # Whitelist some unfree packages 59 + #nixpkgs.config.allowUnfreePredicate = 60 + # pkg: 61 + # builtins.elem (lib.getName pkg) [ 62 + # "tailscale" 63 + # "plexmediaserver" 64 + # "teamspeak-server" 65 + # "ffmpeg-full" 66 + # ]; 67 + }
+3
host-specific/misaki/scripts/fix-jpeg-raw-duplicates-immich.rcsh
···
··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG
+13
host-specific/misaki/scripts/nr
···
··· 1 + #!/usr/bin/env rc 2 + 3 + flag x + 4 + 5 + if(~ $1 -x) { 6 + flake e + 7 + shift 8 + } 9 + 10 + pkg=$1 11 + shift 12 + 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*
+8
host-specific/misaki/scripts/oclip
···
··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data
+14
host-specific/misaki/scripts/update-src
···
··· 1 + #!/usr/bin/env rc 2 + 3 + background=() 4 + for(repo in `{cat downstream}) { 5 + echo Updating $repo 6 + git -C $repo fetch --all --tags --prune --force & 7 + background=($apid $background) 8 + } 9 + 10 + for (i in $background) { 11 + wait $i 12 + } 13 + 14 + echo Done!
+578
host-specific/misaki/services.nix
···
··· 1 + { 2 + config, 3 + pkgs, 4 + unstable, 5 + ... 6 + }: 7 + { 8 + 9 + services.zfs = { 10 + autoScrub.enable = true; 11 + }; 12 + services.nfs.server.enable = true; 13 + # Some programs need SUID wrappers, can be configured further or are 14 + # started in user sessions. 15 + # programs.mtr.enable = true; 16 + programs.gnupg.agent = { 17 + enable = true; 18 + enableSSHSupport = false; 19 + }; 20 + 21 + # Fish shell, the best 22 + programs.fish.enable = true; 23 + 24 + # MOSH, SSH over flakey connections 25 + programs.mosh.enable = true; 26 + 27 + # List services that you want to enable: 28 + 29 + # Enable the OpenSSH daemon. 30 + services.openssh = { 31 + enable = true; 32 + openFirewall = true; 33 + settings.PasswordAuthentication = false; 34 + }; 35 + 36 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 37 + services.hardware.bolt.enable = true; 38 + 39 + services.ergochat.enable = true; 40 + 41 + # Containers and VMs 42 + virtualisation = { 43 + podman = { 44 + enable = true; 45 + dockerCompat = true; 46 + defaultNetwork.settings.dns_enabled = true; 47 + }; 48 + }; 49 + 50 + # Samba, for shares 51 + # TODO 52 + services.samba = { 53 + enable = true; 54 + openFirewall = true; 55 + nmbd.enable = true; 56 + winbindd.enable = true; 57 + settings = { 58 + global = { 59 + workgroup = "WORKGROUP"; 60 + "server string" = "misaki"; 61 + security = "user"; 62 + "use sendfile" = "yes"; 63 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 64 + "hosts deny" = "0.0.0.0/0"; 65 + "guest account" = "nobody"; 66 + "map to guest" = "bad user"; 67 + deadtime = 30; 68 + }; 69 + shokuhou = { 70 + path = "/srv/shokuhou"; 71 + browseable = "yes"; 72 + "read only" = "no"; 73 + "guest ok" = "no"; 74 + "create mask" = "0644"; 75 + "directory mask" = "0755"; 76 + "force user" = "noah"; 77 + "force group" = "nas"; 78 + }; 79 + mentalout = { 80 + path = "/srv/mentalout"; 81 + browseable = "yes"; 82 + "read only" = "no"; 83 + "guest ok" = "no"; 84 + "create mask" = "0644"; 85 + "directory mask" = "0755"; 86 + "force user" = "noah"; 87 + "force group" = "nas"; 88 + }; 89 + }; 90 + }; 91 + services.samba-wsdd = { 92 + enable = true; 93 + openFirewall = true; 94 + }; 95 + 96 + services.coredns = { 97 + enable = true; 98 + config = '' 99 + packetlost.dev { 100 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 101 + fallthrough 102 + } 103 + bind enp4s0f1 104 + } 105 + ngp.computer { 106 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 107 + fallthrough 108 + } 109 + bind enp4s0f1 110 + } 111 + localhost { 112 + hosts ${./coredns/localhost.hosts} localhost { 113 + fallthrough 114 + } 115 + bind enp4s0f1 116 + } 117 + . { 118 + # NextDNS 119 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 120 + tls_servername dd2feb.dns.nextdns.io 121 + health_check 5s 122 + } 123 + bind enp4s0f1 124 + cache 125 + errors 126 + log 127 + } 128 + ''; 129 + }; 130 + 131 + services.nats = { 132 + enable = true; 133 + jetstream = true; 134 + user = "nats"; 135 + group = "nats"; 136 + serverName = "misaki"; 137 + dataDir = "/srv/shokuhou/applications/nats"; 138 + validateConfig = false; 139 + settings = { 140 + authorization = { 141 + users = [ 142 + { 143 + user = "seedbox@packetlost.dev"; 144 + permissions = { 145 + publish = [ 146 + "torrents" 147 + "torrents.>" 148 + "$JS.API.INFO" 149 + #"$JS.API.STREAM.INFO.>" 150 + "$KV.torrents.>" 151 + #"$JS.API.STREAM.*.*.OBJ_torrents" 152 + "$JS.API.*.*.OBJ_torrents" 153 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 154 + "$JS.API.*.*.OBJ_torrents.>" 155 + "$O.torrents.>" 156 + ]; 157 + subscribe = [ 158 + "torrents.>" 159 + "_INBOX.>" 160 + ]; 161 + allow_responses = false; 162 + }; 163 + } 164 + { user = "odin@packetlost.dev"; } 165 + { user = "misaki@packetlost.dev"; } 166 + { user = "noah@packetlost.dev"; } 167 + { user = "touma-nixos@packetlost.dev"; } 168 + ]; 169 + }; 170 + tls = { 171 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 172 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 173 + ca_file = "/srv/nats/minica.pem"; 174 + verify_and_map = true; 175 + }; 176 + jetstream = { 177 + # 50GB 178 + max_file_store = 53687091200; 179 + max_mem = 8589934592; 180 + }; 181 + }; 182 + }; 183 + 184 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 185 + # S3-like API, this will be revived. 186 + services.minio = { 187 + enable = false; 188 + listenAddress = ":9003"; 189 + consoleAddress = ":9004"; 190 + dataDir = [ 191 + /srv/shokuhou/applications/minio 192 + ]; 193 + }; 194 + 195 + services.netatalk = { 196 + enable = true; 197 + settings = { 198 + time-machine = { 199 + path = "/srv/shokuhou/backup/timemachine"; 200 + "valid users" = "noah"; 201 + "time machine" = true; 202 + }; 203 + }; 204 + }; 205 + 206 + services.webdav.enable = false; 207 + services.sftpgo = { 208 + enable = false; 209 + dataDir = /srv/shokuhou/documents/sftpgo; 210 + group = "nas"; 211 + }; 212 + services.syncthing = { 213 + enable = false; 214 + openDefaultPorts = true; 215 + # disable the sync folder creation 216 + extraFlags = [ "--no-default-folder" ]; 217 + settings = { 218 + folders = { 219 + "Sync" = { 220 + path = "/srv/shokuhou/documents/sync"; 221 + }; 222 + }; 223 + }; 224 + }; 225 + 226 + services.grafana = { 227 + enable = false; 228 + settings.server.http_port = 2342; 229 + settings.server.domain = "grafana.packetlost.dev"; 230 + settings.server.http_addr = "127.0.0.1"; 231 + }; 232 + 233 + services.prometheus = { 234 + enable = false; 235 + port = 9001; 236 + exporters = { 237 + node = { 238 + enable = true; 239 + enabledCollectors = [ "systemd" ]; 240 + port = 9002; 241 + }; 242 + }; 243 + 244 + scrapeConfigs = [ 245 + { 246 + job_name = "chrysalis"; 247 + static_configs = [ 248 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 249 + ]; 250 + } 251 + ]; 252 + }; 253 + 254 + # TODO: figure out how to appropriately configure this 255 + services.step-ca = { 256 + enable = false; 257 + openFirewall = true; 258 + port = 8443; 259 + address = "0.0.0.0"; 260 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 261 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 262 + }; 263 + 264 + age.secrets.acme = { 265 + file = ../../secrets/porkbun-api-key.age; 266 + owner = "root"; 267 + group = "acme"; 268 + }; 269 + 270 + security.acme = { 271 + acceptTerms = true; 272 + defaults.email = "noah@packetlost.dev"; 273 + certs."plex.packetlost.dev" = { 274 + group = "httpd"; 275 + dnsProvider = "porkbun"; 276 + environmentFile = config.age.secrets.acme.path; 277 + }; 278 + certs."img.ngp.computer" = { 279 + group = "httpd"; 280 + dnsProvider = "porkbun"; 281 + environmentFile = config.age.secrets.acme.path; 282 + }; 283 + certs."files.ngp.computer" = { 284 + group = "httpd"; 285 + dnsProvider = "porkbun"; 286 + environmentFile = config.age.secrets.acme.path; 287 + }; 288 + certs."cache.ngp.computer" = { 289 + group = "httpd"; 290 + dnsProvider = "porkbun"; 291 + environmentFile = config.age.secrets.acme.path; 292 + }; 293 + certs."photos.ngp.computer" = { 294 + group = "httpd"; 295 + dnsProvider = "porkbun"; 296 + environmentFile = config.age.secrets.acme.path; 297 + }; 298 + certs."jellyfin.packetlost.dev" = { 299 + group = "httpd"; 300 + dnsProvider = "porkbun"; 301 + environmentFile = config.age.secrets.acme.path; 302 + }; 303 + }; 304 + 305 + # A test email server that only works on LAN 306 + services.maddy = { 307 + enable = true; 308 + openFirewall = true; 309 + primaryDomain = "misaki.local"; 310 + ensureAccounts = [ 311 + "noah@misaki.local" 312 + "postmaster@misaki.local" 313 + "test@misaki.local" 314 + ]; 315 + ensureCredentials = { 316 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 318 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 319 + }; 320 + }; 321 + 322 + age.secrets.nix-serve = { 323 + file = ../../secrets/nix-serve-secret-key.age; 324 + owner = "root"; 325 + group = "root"; 326 + }; 327 + services.nix-serve = { 328 + enable = true; 329 + package = unstable.nix-serve-ng; 330 + secretKeyFile = config.age.secrets.nix-serve.path; 331 + openFirewall = true; 332 + }; 333 + 334 + services.plex = { 335 + enable = true; 336 + openFirewall = false; # we proxy this with nginx 337 + group = "nas"; 338 + user = "noah"; 339 + package = unstable.plex; 340 + }; 341 + 342 + services.jellyfin = { 343 + enable = true; 344 + openFirewall = true; 345 + user = "noah"; 346 + group = "nas"; 347 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 348 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 349 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 350 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 351 + }; 352 + 353 + services.gitea = { 354 + enable = false; 355 + user = "git"; 356 + domain = "git.packetlost.dev"; 357 + }; 358 + 359 + # Litterbox, collect my IRC logs 360 + systemd = { 361 + services = { 362 + "litterbox@" = { 363 + path = [ pkgs.litterbox ]; 364 + serviceConfig = { 365 + StartLimitIntervalSec = 5; 366 + StartLimitBurst = 10; 367 + Restart = "on-failure"; 368 + RestartSec = "10s"; 369 + Type = "simple"; 370 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 371 + ExecReload = "kill -USR1 $MAINPID"; 372 + User = "noah"; 373 + Group = "litterbox"; 374 + }; 375 + }; 376 + 377 + #"litterbox@libera.irc.packetlost.dev" = { 378 + # overrideStrategy = "asDropin"; 379 + # wantedBy = [ "multi-user.target" ]; 380 + #}; 381 + "update-downstream-src" = { 382 + path = with pkgs; [ 383 + rc 384 + coreutils 385 + git 386 + openssh 387 + ]; 388 + script = "exec ${./scripts/update-src}"; 389 + serviceConfig = { 390 + Type = "oneshot"; 391 + User = "noah"; 392 + WorkingDirectory = "/srv/src"; 393 + }; 394 + }; 395 + }; 396 + timers = { 397 + "update-downstream-src" = { 398 + wantedBy = [ "timers.target" ]; 399 + timerConfig = { 400 + OnCalendar = "daily"; 401 + Persistent = true; 402 + }; 403 + }; 404 + }; 405 + }; 406 + 407 + services.teamspeak3 = { 408 + enable = true; 409 + openFirewall = true; 410 + }; 411 + 412 + services.immich = { 413 + enable = true; 414 + package = unstable.immich; 415 + accelerationDevices = [ "/dev/dri/renderD128" ]; 416 + mediaLocation = "/srv/shokuhou/pictures/immich"; 417 + }; 418 + users.users.immich.extraGroups = [ 419 + "video" 420 + "render" 421 + "nas" 422 + ]; 423 + 424 + # Nginx Reverse SSL Proxy 425 + services.nginx = { 426 + enable = true; 427 + group = "nas"; 428 + user = "noah"; 429 + recommendedGzipSettings = true; 430 + recommendedOptimisation = true; 431 + #recommendedProxySettings = true; 432 + recommendedTlsSettings = true; 433 + 434 + virtualHosts."photos.ngp.computer" = { 435 + enableACME = true; 436 + acmeRoot = null; 437 + forceSSL = true; 438 + locations."/" = { 439 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 440 + proxyWebsockets = true; 441 + recommendedProxySettings = true; 442 + extraConfig = '' 443 + client_max_body_size 50000M; 444 + proxy_read_timeout 600s; 445 + proxy_send_timeout 600s; 446 + send_timeout 600s; 447 + ''; 448 + }; 449 + }; 450 + virtualHosts."img.ngp.computer" = { 451 + forceSSL = true; 452 + enableACME = true; 453 + acmeRoot = null; 454 + root = "/srv/shokuhou/pictures/public"; 455 + extraConfig = '' 456 + sendfile on; 457 + autoindex_exact_size on; 458 + tcp_nopush on; 459 + ''; 460 + locations."/" = { 461 + extraConfig = '' 462 + autoindex on; 463 + autoindex_exact_size on; 464 + alias /srv/shokuhou/pictures/public/$1; 465 + ''; 466 + }; 467 + }; 468 + virtualHosts."files.ngp.computer" = { 469 + forceSSL = true; 470 + enableACME = true; 471 + acmeRoot = null; 472 + root = null; 473 + extraConfig = '' 474 + sendfile on; 475 + tcp_nopush on; 476 + ''; 477 + locations."/books/" = { 478 + extraConfig = '' 479 + autoindex on; 480 + autoindex_exact_size on; 481 + alias /srv/shokuhou/books/sync/$1; 482 + ''; 483 + }; 484 + }; 485 + virtualHosts."jellyfin.packetlost.dev" = { 486 + forceSSL = true; 487 + enableACME = true; 488 + acmeRoot = null; 489 + http2 = true; 490 + locations."/" = { 491 + proxyPass = "http://localhost:8096/"; 492 + }; 493 + }; 494 + virtualHosts."cache.ngp.computer" = { 495 + forceSSL = true; 496 + enableACME = true; 497 + acmeRoot = null; 498 + http2 = true; 499 + locations."/".proxyPass = 500 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 501 + }; 502 + 503 + # give a name to the virtual host. It also becomes the server name. 504 + virtualHosts."plex.packetlost.dev" = { 505 + # Since we want a secure connection, we force SSL 506 + forceSSL = true; 507 + enableACME = true; 508 + acmeRoot = null; 509 + 510 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 511 + http2 = true; 512 + 513 + # Provide the ssl cert and key for the vhost 514 + # These are filled in automatically with ACME 515 + extraConfig = '' 516 + 517 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 518 + send_timeout 100m; 519 + 520 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 521 + ssl_stapling on; 522 + ssl_stapling_verify on; 523 + 524 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 525 + ssl_prefer_server_ciphers on; 526 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 527 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 528 + 529 + # Forward real ip and host to Plex 530 + proxy_set_header X-Real-IP $remote_addr; 531 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 532 + proxy_set_header X-Forwarded-Proto $scheme; 533 + proxy_set_header Host $server_addr; 534 + proxy_set_header Referer $server_addr; 535 + proxy_set_header Origin $server_addr; 536 + 537 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 538 + gzip on; 539 + gzip_vary on; 540 + gzip_min_length 1000; 541 + gzip_proxied any; 542 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 543 + gzip_disable "MSIE [1-6]\."; 544 + 545 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 546 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 547 + client_max_body_size 100M; 548 + 549 + # Plex headers 550 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 551 + proxy_set_header X-Plex-Device $http_x_plex_device; 552 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 553 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 554 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 555 + proxy_set_header X-Plex-Product $http_x_plex_product; 556 + proxy_set_header X-Plex-Token $http_x_plex_token; 557 + proxy_set_header X-Plex-Version $http_x_plex_version; 558 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 559 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 560 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 561 + proxy_set_header X-Plex-Model $http_x_plex_model; 562 + 563 + # Websockets 564 + proxy_http_version 1.1; 565 + proxy_set_header Upgrade $http_upgrade; 566 + proxy_set_header Connection "upgrade"; 567 + 568 + # Buffering off send to the client as soon as the data is received from Plex. 569 + proxy_redirect off; 570 + proxy_buffering off; 571 + ''; 572 + 573 + locations."/" = { 574 + proxyPass = "http://localhost:32400/"; 575 + }; 576 + }; 577 + }; 578 + }
+6
host-specific/misaki/users.nix
···
··· 1 + { ... }: 2 + { 3 + users.groups.nas.gid = 1001; 4 + users.groups.httpd.gid = 1002; 5 + users.groups.litterbox.gid = 1003; 6 + }
+6
host-specific/odin/boot.nix
···
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+62
host-specific/odin/configuration.nix
···
··· 1 + # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { ... }: 6 + { 7 + imports = [ 8 + # Include the results of the hardware scan. 9 + ./hardware-configuration.nix 10 + ./boot.nix 11 + ./networking.nix 12 + #./gui.nix 13 + ./packages.nix 14 + ./services.nix 15 + ]; 16 + 17 + nixpkgs.config.allowUnfree = true; 18 + 19 + # Set your time zone. 20 + time.timeZone = "America/Chicago"; 21 + 22 + # Select internationalisation properties. 23 + i18n.defaultLocale = "en_US.UTF-8"; 24 + # console = { 25 + # font = "Lat2-Terminus16"; 26 + # keyMap = "us"; 27 + # useXkbConfig = true; # use xkb.options in tty. 28 + # }; 29 + 30 + # Automatic doc cache generation 31 + documentation.man.generateCaches = true; 32 + 33 + # Automatic system upgrades 34 + system.autoUpgrade = { 35 + enable = true; 36 + dates = "09:00"; 37 + randomizedDelaySec = "45min"; 38 + }; 39 + 40 + # Automatic Garbage Collection 41 + nix.gc.automatic = true; 42 + nix.gc.options = "--delete-older-than 8d"; 43 + 44 + # This option defines the first version of NixOS you have installed on this particular machine, 45 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 46 + # 47 + # Most users should NEVER change this value after the initial install, for any reason, 48 + # even if you've upgraded your system to a new NixOS release. 49 + # 50 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 51 + # so changing it will NOT upgrade your system. 52 + # 53 + # This value being lower than the current NixOS release does NOT mean your system is 54 + # out of date, out of support, or vulnerable. 55 + # 56 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 57 + # and migrated your data accordingly. 58 + # 59 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 60 + system.stateVersion = "23.11"; # Did you read the comment? 61 + 62 + }
+9
host-specific/odin/default.nix
···
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + ./hardware-configuration.nix 5 + ./networking.nix 6 + ./packages.nix 7 + ./services.nix 8 + ]; 9 + }
+98
host-specific/odin/gui.nix
···
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + # services.xserver.xkb.layout = "us"; 16 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 17 + 18 + # Enable CUPS to print documents. 19 + # services.printing.enable = true; 20 + 21 + # Enable sound. 22 + security.rtkit.enable = true; 23 + services.pipewire = { 24 + enable = true; 25 + alsa.enable = true; 26 + alsa.support32Bit = true; 27 + pulse.enable = true; 28 + wireplumber.enable = true; 29 + }; 30 + 31 + # Graphics and parallel compute configuration 32 + hardware.graphics = { 33 + enable = true; 34 + extraPackages = with pkgs; [ 35 + libva 36 + mesa 37 + rocmPackages.clr.icd 38 + ]; 39 + }; 40 + 41 + # Enable touchpad support (enabled default in most desktopManager). 42 + # services.xserver.libinput.enable = true; 43 + 44 + # Fonts 45 + fonts.packages = with pkgs; [ 46 + fira-code 47 + fira-code-symbols 48 + noto-fonts 49 + noto-fonts-cjk-sans 50 + noto-fonts-color-emoji 51 + nerd-fonts.fira-code 52 + ]; 53 + 54 + # Polkit is a dependency of Sway. It's responsible for handling security policies 55 + security.polkit.enable = true; 56 + 57 + # Enable the sway window manager 58 + programs.sway = { 59 + enable = true; 60 + #package = unstable.sway; 61 + wrapperFeatures.gtk = true; 62 + }; 63 + # Use greetd as the displaymanager 64 + #services.xserver.displayManager.greetd.enable = true; 65 + #services.xserver.displayManager.lightdm.enable = false; 66 + services.displayManager.sddm.enable = true; 67 + services.displayManager.defaultSession = "sway"; 68 + services.displayManager.autoLogin = { 69 + enable = true; 70 + user = "noah"; 71 + }; 72 + 73 + # i3, for when I need XOrg 74 + services.xserver.windowManager.i3 = { 75 + enable = true; 76 + extraPackages = with pkgs; [ 77 + dmenu 78 + i3status 79 + i3lock 80 + i3blocks 81 + ]; 82 + }; 83 + 84 + xdg.portal = { 85 + enable = true; 86 + wlr.enable = true; 87 + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 88 + }; 89 + xdg.mime = { 90 + enable = true; 91 + defaultApplications = { 92 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 93 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 94 + }; 95 + }; 96 + services.dbus.enable = true; 97 + services.gnome.gnome-keyring.enable = true; 98 + }
+93
host-specific/odin/hardware-configuration.nix
···
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + modulesPath, 8 + pkgs, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "sd_mod" 25 + "sdhci_pci" 26 + ]; 27 + boot.initrd.kernelModules = [ 28 + "kvm-amd" 29 + "amdgpu" 30 + "nvme" 31 + "xhci_pci" 32 + "thunderbolt" 33 + "usb_storage" 34 + "usbhid" 35 + "sd_mod" 36 + "sdhci_pci" 37 + ]; 38 + boot.kernelModules = [ 39 + "kvm-amd" 40 + "amdgpu" 41 + "nvme" 42 + "xhci_pci" 43 + "thunderbolt" 44 + "usb_storage" 45 + "usbhid" 46 + "sd_mod" 47 + "sdhci_pci" 48 + ]; 49 + virtualisation.libvirtd = { 50 + enable = true; 51 + qemu = { 52 + runAsRoot = false; 53 + }; 54 + }; 55 + #boot.extraModulePackages = with config.boot.kernelPackages; [ ]; 56 + boot.kernelParams = [ ]; 57 + 58 + hardware.enableRedistributableFirmware = true; 59 + 60 + fileSystems."/" = { 61 + device = "/dev/disk/by-uuid/07019c69-2597-410d-a8a0-a8ffb0f58883"; 62 + fsType = "ext4"; 63 + }; 64 + 65 + fileSystems."/boot" = { 66 + device = "/dev/disk/by-uuid/4B85-C90A"; 67 + fsType = "vfat"; 68 + }; 69 + 70 + swapDevices = [ 71 + { 72 + device = "/swapfile"; 73 + size = 32 * 1024; 74 + } 75 + ]; 76 + 77 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 78 + # (the default) this is the recommended approach. When using systemd-networkd it's 79 + # still possible to use this option, but it's recommended to use it in conjunction 80 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 81 + networking.useDHCP = lib.mkDefault true; 82 + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 83 + # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; 84 + 85 + nixpkgs.hostPlatform = { 86 + #gcc.arch = "znver2"; 87 + #gcc.tune = "znver2"; 88 + system = "x86_64-linux"; 89 + #gcc.arch = "x86-64-v3"; 90 + }; 91 + #nix.settings.system-features = ["gccarch-znver2" "big-parallel" "nixos-test" "benchmark" "kvm"]; 92 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 93 + }
+78
host-specific/odin/networking.nix
···
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "odin"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.6 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + networking.firewall = { 29 + enable = true; 30 + allowPing = true; 31 + allowedUDPPorts = [ ]; 32 + allowedUDPPortRanges = [ ]; 33 + allowedTCPPorts = [ 34 + 2375 35 + 3000 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+129
host-specific/odin/packages.nix
···
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + neovim 48 + appimage-run 49 + tzdata 50 + wget 51 + kitty 52 + file 53 + w3m 54 + fishPlugins.fzf-fish 55 + fzf 56 + qemu 57 + qemu-user 58 + qemu-utils 59 + qemu_full 60 + OVMF 61 + #9p stuff 62 + diod 63 + plan9port 64 + vis 65 + rc 66 + ncdu 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + wayland 84 + configure-gtk 85 + dbus-sway-environment 86 + dbus 87 + pkg-config 88 + zlib 89 + # why wouldn't I want documentation on my system 90 + man-pages 91 + man-pages-posix 92 + perf 93 + ]; 94 + documentation.dev.enable = true; 95 + 96 + # Fix dynamically linked libraries for unpackaged binaries 97 + programs.nix-ld = { 98 + enable = true; 99 + libraries = with pkgs; [ 100 + # Add missing dynamic libraries for unpackaged programs HERE 101 + # NOT in environment.systemPackages 102 + zlib 103 + openssl 104 + sqlite 105 + libunwind 106 + libglvnd 107 + libclang 108 + systemdLibs 109 + ]; 110 + }; 111 + programs.nix-index = { 112 + enable = true; 113 + enableFishIntegration = true; 114 + enableBashIntegration = false; 115 + enableZshIntegration = false; 116 + }; 117 + 118 + # Run other bins in QEMU 119 + boot.binfmt.emulatedSystems = [ 120 + "aarch64-linux" 121 + "riscv64-linux" 122 + ]; 123 + # UEFI firmware support for QEMU 124 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 + 126 + # Logseq uses an ancient version of Electron, so we enable that 127 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 + nixpkgs.config.allowUnfree = true; 129 + }
+33
host-specific/odin/services.nix
···
··· 1 + { ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Fish shell, the best 12 + programs.fish.enable = true; 13 + 14 + services.tailscale.useRoutingFeatures = "client"; 15 + 16 + services.redis.servers."" = { 17 + enable = true; 18 + }; 19 + 20 + # Containers and VMs 21 + virtualisation = { 22 + podman = { 23 + enable = false; 24 + dockerCompat = true; 25 + defaultNetwork.settings.dns_enabled = true; 26 + dockerSocket.enable = true; 27 + }; 28 + docker = { 29 + enable = true; 30 + storageDriver = "overlay2"; 31 + }; 32 + }; 33 + }
+6
host-specific/shizuri/boot.nix
···
··· 1 + { ... }: 2 + { 3 + # Use the systemd-boot EFI boot loader. 4 + boot.loader.systemd-boot.enable = true; 5 + boot.loader.efi.canTouchEfiVariables = true; 6 + }
+13
host-specific/shizuri/configuration.nix
···
··· 1 + { ... }: 2 + { 3 + imports = [ 4 + # Include the results of the hardware scan. 5 + ./hardware-configuration.nix 6 + ./boot.nix 7 + ./networking.nix 8 + ./gui.nix 9 + ./packages.nix 10 + ./services.nix 11 + ]; 12 + system.stateVersion = "23.11"; # Did you read the comment? 13 + }
+27
host-specific/shizuri/gs.sh
···
··· 1 + #!/usr/bin/env bash 2 + set -xeuo pipefail 3 + 4 + gamescopeArgs=( 5 + --adaptive-sync # VRR support 6 + --hdr-enabled 7 + --mangoapp # performance overlay 8 + --rt 9 + --steam 10 + ) 11 + steamArgs=( 12 + -pipewire-dmabuf 13 + -tenfoot 14 + ) 15 + mangoConfig=( 16 + cpu_temp 17 + gpu_temp 18 + ram 19 + vram 20 + ) 21 + mangoVars=( 22 + MANGOHUD=1 23 + MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")" 24 + ) 25 + 26 + export "${mangoVars[@]}" 27 + exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
+115
host-specific/shizuri/gui.nix
···
··· 1 + { pkgs, ... }: 2 + { 3 + # Enable the X11 windowing system. 4 + services.xserver = { 5 + enable = true; 6 + videoDrivers = [ "amdgpu" ]; 7 + }; 8 + 9 + # Fix for HIP libraries 10 + systemd.tmpfiles.rules = [ 11 + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 12 + ]; 13 + 14 + # Configure keymap in X11 15 + services.xserver.xkb = { 16 + layout = "us"; 17 + variant = ""; 18 + }; 19 + # services.xserver.xkb.options = "eurosign:e,caps:escape"; 20 + 21 + # Enable CUPS to print documents. 22 + # services.printing.enable = true; 23 + 24 + # Enable sound. 25 + security.rtkit.enable = true; 26 + services.pipewire = { 27 + enable = true; 28 + alsa.enable = true; 29 + alsa.support32Bit = true; 30 + pulse.enable = true; 31 + wireplumber.enable = true; 32 + }; 33 + 34 + # Graphics and parallel compute configuration 35 + hardware.graphics = { 36 + enable = true; 37 + extraPackages = with pkgs; [ 38 + libva 39 + mesa 40 + rocmPackages.clr.icd 41 + ]; 42 + }; 43 + 44 + # Enable touchpad support (enabled default in most desktopManager). 45 + # services.xserver.libinput.enable = true; 46 + 47 + # Fonts 48 + fonts.packages = with pkgs; [ 49 + fira-code 50 + fira-code-symbols 51 + noto-fonts 52 + noto-fonts-cjk-sans 53 + noto-fonts-color-emoji 54 + nerd-fonts.fira-code 55 + ]; 56 + 57 + # Polkit is a dependency of Sway. It's responsible for handling security policies 58 + security.polkit.enable = true; 59 + 60 + # Enable the sway window manager 61 + programs.sway = { 62 + enable = false; 63 + #package = unstable.sway; 64 + wrapperFeatures.gtk = true; 65 + }; 66 + # Use greetd as the displaymanager 67 + #services.xserver.displayManager.greetd.enable = true; 68 + 69 + services.xserver.displayManager.lightdm.enable = false; 70 + 71 + #services.displayManager.sddm.enable = true; 72 + #services.displayManager.defaultSession = "sway"; 73 + #services.displayManager.autoLogin = { 74 + # enable = true; 75 + # user = "noah"; 76 + #}; 77 + services.xserver.desktopManager.xfce.enable = false; 78 + services.xserver.desktopManager.lxqt = { 79 + enable = true; 80 + }; 81 + services.xscreensaver.enable = true; 82 + security.pam.services.xscreensaver.enable = true; 83 + 84 + # i3, for when I need XOrg 85 + services.xserver.windowManager.i3 = { 86 + enable = false; 87 + extraPackages = with pkgs; [ 88 + dmenu 89 + i3status 90 + i3lock 91 + i3blocks 92 + ]; 93 + }; 94 + 95 + xdg.portal = { 96 + enable = true; 97 + wlr.enable = true; 98 + extraPortals = [ 99 + pkgs.xdg-desktop-portal 100 + pkgs.xdg-desktop-portal-wlr 101 + pkgs.xdg-desktop-portal-gtk 102 + pkgs.xdg-desktop-portal-termfilechooser 103 + pkgs.lxqt.xdg-desktop-portal-lxqt 104 + ]; 105 + }; 106 + xdg.mime = { 107 + enable = true; 108 + defaultApplications = { 109 + "x-scheme-handler/http" = "org.firefox.firefox.desktop"; 110 + "x-scheme-handler/https" = "org.firefox.firefox.desktop"; 111 + }; 112 + }; 113 + services.dbus.enable = true; 114 + services.gnome.gnome-keyring.enable = true; 115 + }
+84
host-specific/shizuri/hardware-configuration.nix
···
··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/installer/scan/not-detected.nix") 15 + ]; 16 + 17 + boot.kernelPackages = pkgs.linuxPackages_latest; 18 + boot.initrd.availableKernelModules = [ 19 + "nvme" 20 + "xhci_pci" 21 + "thunderbolt" 22 + "usb_storage" 23 + "usbhid" 24 + "uas" 25 + "sd_mod" 26 + ]; 27 + boot.initrd.kernelModules = [ ]; 28 + boot.kernelModules = [ "kvm-amd" ]; 29 + boot.extraModulePackages = [ ]; 30 + 31 + # Bluetooth / wireless configuration 32 + hardware.bluetooth = { 33 + enable = true; 34 + powerOnBoot = true; 35 + settings = { 36 + General = { 37 + # Shows battery charge of connected devices on supported 38 + # Bluetooth adapters. Defaults to 'false'. 39 + Experimental = true; 40 + # When enabled other devices can connect faster to us, however 41 + # the tradeoff is increased power consumption. Defaults to 42 + # 'false'. 43 + FastConnectable = true; 44 + }; 45 + Policy = { 46 + # Enable all controllers when they are found. This includes 47 + # adapters present on start as well as adapters that are plugged 48 + # in later on. Defaults to 'true'. 49 + AutoEnable = true; 50 + }; 51 + }; 52 + }; 53 + 54 + fileSystems."/" = { 55 + device = "/dev/disk/by-uuid/9a7cbffe-6c10-4220-bb99-4dcea8181dcc"; 56 + fsType = "ext4"; 57 + }; 58 + 59 + fileSystems."/boot" = { 60 + device = "/dev/disk/by-uuid/9AC5-62C3"; 61 + fsType = "vfat"; 62 + options = [ 63 + "fmask=0077" 64 + "dmask=0077" 65 + ]; 66 + }; 67 + 68 + swapDevices = [ { device = "/dev/disk/by-uuid/a19d8fad-d8d2-4bbe-a233-e645020419ff"; } ]; 69 + fileSystems."/srv/mugino" = { 70 + device = "/dev/disk/by-uuid/d832dd9f-1fbb-4ca7-9097-0ba329b838af"; 71 + fsType = "ext4"; 72 + }; 73 + 74 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 75 + # (the default) this is the recommended approach. When using systemd-networkd it's 76 + # still possible to use this option, but it's recommended to use it in conjunction 77 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 78 + networking.useDHCP = lib.mkDefault true; 79 + # networking.interfaces.enp191s0.useDHCP = lib.mkDefault true; 80 + # networking.interfaces.wlp192s0.useDHCP = lib.mkDefault true; 81 + 82 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 83 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 84 + }
+78
host-specific/shizuri/networking.nix
···
··· 1 + { ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "shizuri"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.useNetworkd = true; 19 + # TODO: static IP @ 192.168.1.2 20 + 21 + # Configure network proxy if necessary 22 + # networking.proxy.default = "http://user:password@proxy:port/"; 23 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 + # Open ports in the firewall. 25 + # networking.firewall.allowedTCPPorts = [ ... ]; 26 + # networking.firewall.allowedUDPPorts = [ ... ]; 27 + # Or disable the firewall altogether. 28 + # TODO: allow some ports 29 + networking.firewall = { 30 + enable = false; 31 + allowPing = true; 32 + allowedUDPPorts = [ ]; 33 + allowedTCPPorts = [ 34 + 1234 35 + 2375 36 + ]; 37 + }; 38 + 39 + services.avahi = { 40 + enable = true; 41 + nssmdns4 = true; 42 + nssmdns6 = true; 43 + ipv6 = true; 44 + openFirewall = true; 45 + publish = { 46 + enable = true; 47 + addresses = true; 48 + workstation = true; 49 + userServices = true; 50 + domain = true; 51 + }; 52 + }; 53 + 54 + # NFS mounts 55 + 56 + fileSystems = { 57 + "/srv/shokuhou" = { 58 + device = "192.168.1.3:/srv/shokuhou"; 59 + fsType = "nfs"; 60 + options = [ 61 + "nfsvers=4" 62 + "user" 63 + "x-system.automount" 64 + "x-system.idle-timeout=600" 65 + ]; 66 + }; 67 + "/srv/mentalout" = { 68 + device = "192.168.1.3:/srv/mentalout"; 69 + fsType = "nfs"; 70 + options = [ 71 + "nfsvers=4" 72 + "user" 73 + "x-system.automount" 74 + "x-system.idle-timeout=600" 75 + ]; 76 + }; 77 + }; 78 + }
+173
host-specific/shizuri/packages.nix
···
··· 1 + { pkgs, lib, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 + { 43 + 44 + # List packages installed in system profile. To search, run: 45 + # $ nix search wget 46 + environment.systemPackages = with pkgs; [ 47 + mangohud 48 + neovim 49 + appimage-run 50 + tzdata 51 + wget 52 + kitty 53 + file 54 + w3m 55 + fishPlugins.fzf-fish 56 + fzf 57 + qemu 58 + qemu-user 59 + qemu-utils 60 + qemu_full 61 + OVMF 62 + #9p stuff 63 + diod 64 + plan9port 65 + vis 66 + rc 67 + 68 + smartmontools 69 + 70 + # Sway stuff 71 + wdisplays 72 + mako 73 + bemenu 74 + wl-clipboard 75 + slurp 76 + grim 77 + swayidle 78 + swaylock 79 + adwaita-icon-theme 80 + dracula-theme 81 + glib 82 + xdg-utils 83 + xdg-desktop-portal 84 + wayland 85 + configure-gtk 86 + lxqt.lxqt-menu-data # for lxqt 87 + dbus-sway-environment 88 + dbus 89 + pkg-config 90 + zlib 91 + # why wouldn't I want documentation on my system 92 + man-pages 93 + man-pages-posix 94 + linuxPackages_latest.perf 95 + ]; 96 + 97 + environment.loginShellInit = '' 98 + [[ "$(tty)" = "/dev/tty1" ]] && /home/noah/repos/nixos/gs.sh 99 + ''; 100 + 101 + documentation.dev.enable = true; 102 + 103 + # Fix dynamically linked libraries for unpackaged binaries 104 + programs.nix-ld = { 105 + enable = true; 106 + libraries = with pkgs; [ 107 + # Add missing dynamic libraries for unpackaged programs HERE 108 + # NOT in environment.systemPackages 109 + zlib 110 + openssl 111 + sqlite 112 + libunwind 113 + libglvnd 114 + libclang 115 + systemdLibs 116 + ]; 117 + }; 118 + programs.nix-index = { 119 + enable = true; 120 + enableFishIntegration = true; 121 + enableBashIntegration = false; 122 + enableZshIntegration = false; 123 + }; 124 + 125 + programs.steam = { 126 + enable = true; 127 + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play 128 + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server 129 + localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers 130 + gamescopeSession.enable = true; 131 + }; 132 + programs.gamescope = { 133 + enable = true; 134 + capSysNice = true; 135 + }; 136 + # Boot to bigpicture 137 + services.getty.autologinUser = "noah"; 138 + 139 + programs.appimage = { 140 + enable = true; 141 + binfmt = true; 142 + }; 143 + 144 + # Run other bins in QEMU 145 + boot.binfmt.emulatedSystems = [ 146 + "aarch64-linux" 147 + "riscv64-linux" 148 + ]; 149 + # UEFI firmware support for QEMU 150 + systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 151 + 152 + # Logseq uses an ancient version of Electron, so we enable that 153 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 154 + 155 + # I don't care too much about unfree 156 + nixpkgs.config.allowUnfree = true; 157 + # Whitelist some unfree packages 158 + nixpkgs.config.allowUnfreePredicate = 159 + pkg: 160 + builtins.elem (lib.getName pkg) [ 161 + "discord" 162 + "spotify" 163 + "obsidian" 164 + "unstable.obsidian" 165 + "tailscale" 166 + "google-chrome" 167 + "slack" 168 + "steam" 169 + "steam-original" 170 + "steam-unwrapped" 171 + "steam-run" 172 + ]; 173 + }
+44
host-specific/shizuri/services.nix
···
··· 1 + { pkgs, ... }: 2 + { 3 + # Some programs need SUID wrappers, can be configured further or are 4 + # started in user sessions. 5 + # programs.mtr.enable = true; 6 + programs.gnupg.agent = { 7 + enable = true; 8 + enableSSHSupport = false; 9 + }; 10 + 11 + # Enable the OpenSSH daemon. 12 + services.openssh = { 13 + enable = true; 14 + settings.X11Forwarding = true; 15 + }; 16 + 17 + # Smart Card daemon 18 + services.pcscd.enable = true; 19 + 20 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 21 + services.hardware.bolt.enable = true; 22 + 23 + services.fwupd.enable = true; 24 + 25 + services.xrdp = { 26 + enable = true; 27 + openFirewall = true; 28 + defaultWindowManager = "${pkgs.lxqt.lxqt-session}/bin/lxqt-session"; 29 + }; 30 + 31 + # Containers and VMs 32 + virtualisation = { 33 + podman = { 34 + enable = false; 35 + dockerCompat = true; 36 + defaultNetwork.settings.dns_enabled = true; 37 + dockerSocket.enable = true; 38 + }; 39 + docker = { 40 + enable = true; 41 + storageDriver = "overlay2"; 42 + }; 43 + }; 44 + }
+55
host-specific/touma-wsl.nix
···
··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 + # https://github.com/nix-community/NixOS-WSL 7 + 8 + { pkgs, inputs, ... }: 9 + { 10 + imports = [ 11 + # WSL has no hardware configuration 12 + ../users.nix 13 + ../services.nix 14 + ]; 15 + wsl = { 16 + enable = true; 17 + defaultUser = "noah"; 18 + wslConf.network.hostname = "touma-wsl-nixos"; 19 + }; 20 + # List packages installed in system profile. To search, run: 21 + # $ nix search wget 22 + environment.systemPackages = with pkgs; [ 23 + neovim 24 + appimage-run 25 + wget 26 + kitty 27 + w3m 28 + fishPlugins.fzf-fish 29 + fzf 30 + qemu 31 + OVMF 32 + gitFull 33 + # plan9 34 + diod 35 + plan9port 36 + vis 37 + rc 38 + 39 + xdg-utils 40 + inputs.agenix.packages."${system}".agenix 41 + ]; 42 + services.openssh.enable = true; 43 + 44 + # Fix dynamically linked libraries for unpackaged binaries 45 + programs.nix-ld = { 46 + enable = true; 47 + libraries = with pkgs; [ 48 + # Add missing dynamic libraries for unpackaged programs HERE 49 + # NOT in environment.systemPackages 50 + zlib 51 + fuse3 52 + ]; 53 + }; 54 + system.stateVersion = "24.11"; 55 + }
+2
i3/config
··· 192 bar { 193 status_command i3status 194 }
··· 192 bar { 193 status_command i3status 194 } 195 + 196 + exec barrier
+4 -4
kitty/kitty.conf
··· 1 - font_family Berkeley Mono Regular 2 #font_family CommitMono Variable Regular 3 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 JetBrains Mono Bold 4 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 Fira Code Bold 5 symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 FiraCode Nerd Font Bold 6 - bold_font Berkeley Mono Bold 7 - italic_font Berkeley Mono Italic 8 - bold_italic_font Berkeley Mono BoldItalic 9 font_size 13.0 10 #font_size 12.0 11
··· 1 + font_family Berkeley Mono Variable Regular 2 #font_family CommitMono Variable Regular 3 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 JetBrains Mono Bold 4 #symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 Fira Code Bold 5 symbol_map U+E0A0-U+E0A3,U+E0C0-U+E0C7 FiraCode Nerd Font Bold 6 + bold_font auto 7 + italic_font auto 8 + bold_italic_font auto 9 font_size 13.0 10 #font_size 12.0 11
-78
networking.nix
··· 1 - { ... }: 2 - { 3 - # networking.hostName = "nixos"; # Define your hostname. 4 - # Pick only one of the below networking options. 5 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 - networking.hostName = "odin"; 8 - # I like systemd-networkd 9 - systemd.network.enable = true; 10 - systemd.network.networks."50-wlp2s0" = { 11 - matchConfig.name = "wlp2s0"; 12 - networkConfig.DHCP = "yes"; 13 - linkConfig.RequiredForOnline = "no"; 14 - }; 15 - 16 - networking.tempAddresses = "disabled"; 17 - 18 - networking.useNetworkd = true; 19 - # TODO: static IP @ 192.168.1.6 20 - 21 - # Configure network proxy if necessary 22 - # networking.proxy.default = "http://user:password@proxy:port/"; 23 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 24 - # Open ports in the firewall. 25 - # networking.firewall.allowedTCPPorts = [ ... ]; 26 - # networking.firewall.allowedUDPPorts = [ ... ]; 27 - # Or disable the firewall altogether. 28 - networking.firewall = { 29 - enable = true; 30 - allowPing = true; 31 - allowedUDPPorts = [ ]; 32 - allowedUDPPortRanges = [ ]; 33 - allowedTCPPorts = [ 34 - 2375 35 - 3000 36 - ]; 37 - }; 38 - 39 - services.avahi = { 40 - enable = true; 41 - nssmdns4 = true; 42 - nssmdns6 = true; 43 - ipv6 = true; 44 - openFirewall = true; 45 - publish = { 46 - enable = true; 47 - addresses = true; 48 - workstation = true; 49 - userServices = true; 50 - domain = true; 51 - }; 52 - }; 53 - 54 - # NFS mounts 55 - 56 - fileSystems = { 57 - "/srv/shokuhou" = { 58 - device = "192.168.1.3:/srv/shokuhou"; 59 - fsType = "nfs"; 60 - options = [ 61 - "nfsvers=4" 62 - "user" 63 - "x-system.automount" 64 - "x-system.idle-timeout=600" 65 - ]; 66 - }; 67 - "/srv/mentalout" = { 68 - device = "192.168.1.3:/srv/mentalout"; 69 - fsType = "nfs"; 70 - options = [ 71 - "nfsvers=4" 72 - "user" 73 - "x-system.automount" 74 - "x-system.idle-timeout=600" 75 - ]; 76 - }; 77 - }; 78 - }
···
+2
nvim/after/ftplugin/janet.lua
···
··· 1 + vim.o.tabstop = 2 2 + vim.o.shiftwidth = 2
+11 -2
nvim/init.lua
··· 7 -- Config for Nord, which I usually use 8 -- vim.g.nord_italic = false 9 -- vim.g.nord_bold = false 10 - --vim.opt.background = "light" 11 - vim.opt.background = "dark" 12 13 -- Formatting and vim config 14 vim.opt.expandtab = true
··· 7 -- Config for Nord, which I usually use 8 -- vim.g.nord_italic = false 9 -- vim.g.nord_bold = false 10 + local known_hosts = { 11 + ["aleister.packetlost.dev"] = "light", 12 + ["aleister.local"] = "light", 13 + ["accelerator"] = "light" 14 + } 15 + local background = known_hosts[vim.loop.os_gethostname()] 16 + if not background then 17 + background = "dark" 18 + end 19 + vim.opt.background = background 20 + --vim.opt.background = "dark" 21 22 -- Formatting and vim config 23 vim.opt.expandtab = true
+7
nvim/lua/plugins.lua
··· 335 end 336 }, 337 { "lewis6991/gitsigns.nvim", config = true }, 338 339 } 340 })
··· 335 end 336 }, 337 { "lewis6991/gitsigns.nvim", config = true }, 338 + { 339 + "greggh/claude-code.nvim", 340 + dependencies = { 341 + "nvim-lua/plenary.nvim" 342 + }, 343 + config = true 344 + } 345 346 } 347 })
-107
packages/foks-server.nix
··· 1 - { 2 - lib, 3 - buildGoModule, 4 - fetchFromGitHub, 5 - buildNpmPackage, 6 - pcsclite, 7 - pkg-config, 8 - nix-update-script, 9 - stdenv, 10 - tailwindcss_4, 11 - templ, 12 - uglify-js, 13 - versionCheckHook, 14 - }: 15 - 16 - let 17 - src = fetchFromGitHub { 18 - owner = "foks-proj"; 19 - repo = "go-foks"; 20 - tag = "v${version}"; 21 - hash = "sha256-/+Z/afzj5y4CVU3qRymSIUzCabT2jAEBlKKoYgKlPRE="; 22 - }; 23 - version = "0.1.5"; 24 - templFoks = templ.overrideAttrs (old: { 25 - pname = "templ-foks"; 26 - version = "0.3.833"; 27 - src = old.src.override { 28 - hash = "sha256-4K1MpsM3OuamXRYOllDsxxgpMRseFGviC4RJzNA7Cu8="; 29 - }; 30 - vendorHash = "sha256-OPADot7Lkn9IBjFCfbrqs3es3F6QnWNjSOHxONjG4MM="; 31 - }); 32 - foksNodeModules = buildNpmPackage { 33 - pname = "foks-node-modules"; 34 - inherit version src; 35 - npmDepsHash = "sha256-mASu3taprCYP+muRh4b+qUTce7YTdISf/QnmSvUy6Mo="; 36 - dontNpmBuild = true; 37 - sourceRoot = "${src.name}/server/web/frontend"; 38 - installPhase = '' 39 - mkdir -p $out 40 - cp -r node_modules $out/node_modules 41 - ''; 42 - }; 43 - in 44 - buildGoModule (finalAttrs: { 45 - pname = "foks-server"; 46 - inherit version src; 47 - 48 - vendorHash = "sha256-nTHsYMQjVaQM+g2MM++/BDVYfzIM4CaMM6eK5GQE6Cc="; 49 - 50 - postPatch = 51 - # Generate templates 52 - '' 53 - pushd ./server/web/templates 54 - ${templFoks}/bin/templ generate 55 - popd 56 - '' 57 - # Generate tailwind 58 - + '' 59 - pushd ./server/web/frontend 60 - mkdir -p ../static/css 61 - ${lib.getExe tailwindcss_4} -i ./css/input.css -o ../static/css/style.min.css --minify 62 - ${lib.getExe tailwindcss_4} -i ./css/input.css -o ../static/css/style.css 63 - ${lib.getExe uglify-js} -c < ../static/js/foks.js > ../static/js/foks.min.js 64 - popd 65 - '' 66 - # Copy htmx dependency from node modules 67 - + '' 68 - pushd ./server/web/static 69 - mkdir -p ./js 70 - cp ${foksNodeModules}/node_modules/htmx.org/dist/htmx.js ./js/htmx.js 71 - cp ${foksNodeModules}/node_modules/htmx.org/dist/htmx.min.js ./js/htmx.min.js 72 - popd 73 - ''; 74 - subPackages = [ 75 - "server/foks-server" 76 - "server/foks-tool" 77 - ]; 78 - excludedPackages = [ "client" ]; 79 - 80 - buildInputs = lib.optionals (stdenv.hostPlatform.isLinux) [ pcsclite ]; 81 - nativeBuildInputs = [ 82 - pkg-config 83 - ]; 84 - ldflags = [ 85 - "-X main.LinkerVersion=v${finalAttrs.version}" 86 - ]; 87 - 88 - nativeInstallCheckInputs = [ 89 - versionCheckHook 90 - ]; 91 - versionCheckProgramArg = "version"; 92 - doInstallCheck = true; 93 - 94 - passthru = { 95 - updateScript = nix-update-script { }; 96 - }; 97 - 98 - meta = { 99 - description = "Federated key management and distribution system"; 100 - homepage = "https://foks.pub"; 101 - downloadPage = "https://github.com/foks-proj/go-foks"; 102 - changelog = "https://github.com/foks-proj/go-foks/releases/tag/${finalAttrs.src.tag}"; 103 - license = lib.licenses.mit; 104 - maintainers = with lib.maintainers; [ poptart ]; 105 - mainProgram = "foks-server"; 106 - }; 107 - })
···
-55
packages/foks.nix
··· 1 - { 2 - lib, 3 - buildGoModule, 4 - fetchFromGitHub, 5 - pcsclite, 6 - pkg-config, 7 - stdenv, 8 - buildPackages, 9 - }: 10 - let 11 - templFoks = buildPackages.templ.overrideAttrs (old: { 12 - pname = "templ-foks"; 13 - version = "0.3.833"; 14 - src = old.src.override { 15 - hash = "sha256-4K1MpsM3OuamXRYOllDsxxgpMRseFGviC4RJzNA7Cu8="; 16 - }; 17 - vendorHash = "sha256-OPADot7Lkn9IBjFCfbrqs3es3F6QnWNjSOHxONjG4MM="; 18 - }); 19 - in 20 - buildGoModule (finalAttrs: { 21 - pname = "foks"; 22 - version = "0.1.5"; 23 - 24 - src = fetchFromGitHub { 25 - owner = "foks-proj"; 26 - repo = "go-foks"; 27 - tag = "v${finalAttrs.version}"; 28 - hash = "sha256-/+Z/afzj5y4CVU3qRymSIUzCabT2jAEBlKKoYgKlPRE="; 29 - }; 30 - 31 - vendorHash = "sha256-nTHsYMQjVaQM+g2MM++/BDVYfzIM4CaMM6eK5GQE6Cc="; 32 - 33 - postPatch = '' 34 - cd ./server/web/templates 35 - ${templFoks}/bin/templ generate 36 - cd - 37 - ''; 38 - subPackages = [ "client/foks" ]; 39 - excludedPackages = [ "server" ]; 40 - 41 - buildInputs = lib.optionals (stdenv.hostPlatform.isLinux) [ pcsclite ]; 42 - nativeBuildInputs = [ 43 - pkg-config 44 - ]; 45 - 46 - meta = { 47 - description = "Federated key management and distribution system"; 48 - homepage = "https://foks.pub"; 49 - downloadPage = "https://github.com/foks-proj/go-foks"; 50 - changelog = "https://github.com/foks-proj/go-foks/releases/tag/${finalAttrs.src.tag}"; 51 - license = lib.licenses.mit; 52 - maintainers = with lib.maintainers; [ poptart ]; 53 - mainProgram = "foks"; 54 - }; 55 - })
···
-141
packages.nix
··· 1 - { pkgs, lib, ... }: 2 - let # bash script to let dbus know about important env variables and 3 - # propagate them to relevent services run at the end of sway config 4 - # see 5 - # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 - # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 - # some user services to make sure they have the correct environment variables 8 - dbus-sway-environment = pkgs.writeTextFile { 9 - name = "dbus-sway-environment"; 10 - destination = "/bin/dbus-sway-environment"; 11 - executable = true; 12 - 13 - text = '' 14 - dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 - systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 - systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 - ''; 18 - }; 19 - 20 - # currently, there is some friction between sway and gtk: 21 - # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 - # the suggested way to set gtk settings is with gsettings 23 - # for gsettings to work, we need to tell it where the schemas are 24 - # using the XDG_DATA_DIR environment variable 25 - # run at the end of sway config 26 - configure-gtk = pkgs.writeTextFile { 27 - name = "configure-gtk"; 28 - destination = "/bin/configure-gtk"; 29 - executable = true; 30 - text = 31 - let 32 - # TODO: figure out why these bindings exist or where they're used 33 - schema = pkgs.gsettings-desktop-schemas; 34 - datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 - in 36 - '' 37 - 6 gnome_schema=org.gnome.desktop.interface 38 - gsettings set $gnome_schema gtk-theme 'Dracula' 39 - ''; 40 - }; 41 - in 42 - { 43 - 44 - # List packages installed in system profile. To search, run: 45 - # $ nix search wget 46 - environment.systemPackages = with pkgs; [ 47 - neovim 48 - appimage-run 49 - tzdata 50 - wget 51 - kitty 52 - file 53 - w3m 54 - fishPlugins.fzf-fish 55 - fzf 56 - qemu 57 - qemu-user 58 - qemu-utils 59 - qemu_full 60 - OVMF 61 - #9p stuff 62 - diod 63 - plan9port 64 - vis 65 - rc 66 - ncdu 67 - 68 - smartmontools 69 - 70 - # Sway stuff 71 - wdisplays 72 - mako 73 - bemenu 74 - wl-clipboard 75 - slurp 76 - grim 77 - swayidle 78 - swaylock 79 - adwaita-icon-theme 80 - dracula-theme 81 - glib 82 - xdg-utils 83 - wayland 84 - configure-gtk 85 - dbus-sway-environment 86 - dbus 87 - pkg-config 88 - zlib 89 - # why wouldn't I want documentation on my system 90 - man-pages 91 - man-pages-posix 92 - linuxPackages_latest.perf 93 - ]; 94 - documentation.dev.enable = true; 95 - 96 - # Fix dynamically linked libraries for unpackaged binaries 97 - programs.nix-ld = { 98 - enable = true; 99 - libraries = with pkgs; [ 100 - # Add missing dynamic libraries for unpackaged programs HERE 101 - # NOT in environment.systemPackages 102 - zlib 103 - openssl 104 - sqlite 105 - libunwind 106 - libglvnd 107 - libclang 108 - systemdLibs 109 - ]; 110 - }; 111 - programs.nix-index = { 112 - enable = true; 113 - enableFishIntegration = true; 114 - enableBashIntegration = false; 115 - enableZshIntegration = false; 116 - }; 117 - 118 - # Run other bins in QEMU 119 - boot.binfmt.emulatedSystems = [ 120 - "aarch64-linux" 121 - "riscv64-linux" 122 - ]; 123 - # UEFI firmware support for QEMU 124 - systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; 125 - 126 - # Logseq uses an ancient version of Electron, so we enable that 127 - nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 128 - 129 - # Whitelist some unfree packages 130 - nixpkgs.config.allowUnfreePredicate = 131 - pkg: 132 - builtins.elem (lib.getName pkg) [ 133 - "discord" 134 - "spotify" 135 - "obsidian" 136 - "unstable.obsidian" 137 - "tailscale" 138 - "google-chrome" 139 - "slack" 140 - ]; 141 - }
···
+5 -2
scripts/nr
··· 1 #!/usr/bin/env rc 2 3 flag e + 4 - flag x + 5 6 pkg=$1 7 - 8 shift 9 10 exec nix run 'nixpkgs#'^$pkg -- $*
··· 1 #!/usr/bin/env rc 2 3 flag e + 4 + 5 + if(~ $1 -x) { 6 + flag x + 7 + shift 8 + } 9 10 pkg=$1 11 shift 12 13 exec nix run 'nixpkgs#'^$pkg -- $*
-8
scripts/oclip
··· 1 - #!/usr/bin/env rc 2 - flag e + 3 - 4 - if (~ $1 -x) { 5 - flag x + 6 - } 7 - data=`{base64 <[0=0]} 8 - printf '\033]52;c;%s\007' $"data
···
+3
scripts/ocopy
···
··· 1 + #!/usr/bin/env sh 2 + 3 + printf "\033]52;c;%s\007" "$(base64 <&0)"
+1
secrets/cache-pub-key.pem
···
··· 1 + misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=
+10
secrets/catgirl-libera.age
···
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 QBbeMw PrgR2RT7HMRapTw8QcRtBU1vfOdrvOdFR+dxlaTMSH4 3 + 2oG68+hYV5W90Beaqpi/VonPwXzB52NTwwJGKmV8YM0 4 + -> ssh-ed25519 Wv0Urw LvqWE5p2G3QnxbqOQMSd631mCqfhJvE9P/yRuwTTkFk 5 + 3jGowP4TKe3T92NXcZjmqU+QFGcyuT2+H3EU/nqTF8s 6 + -> ssh-ed25519 WVNCXA YGX6M8E4JGpJNeZIhiN/t+tx1NQNc+Ewy9HC2dxm3yY 7 + mhxXrgnbh4ng2tIeQrYfxlnlSCk/fTEBDDOg2MEVP2g 8 + --- JpMgqNty36r0OAyDTaLY8yiFHGXzQLm8gh6XXmJQ094 9 + E~�ƿ ׭ #2%%��`Ϳ�~��~�Si<�3� 10 + 7k��b�+OMr�3GxžhG�WY9.�xU1�Re�*%���v�!����������2�wJ_B�)�"��I� �k��[u�jvV5��8n�D��2���H�|
secrets/nix-serve-secret-key.age

This is a binary file and will not be displayed.

+13
secrets/noah-hashed-password.age
···
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g Y6AKrd+CWu2+QqPEslYof/XQTTSMf/WNlW9t8FagYgQ 3 + +hiVmTdBt2w/CUusGWOmHgPB3/A3NlcVJ6a4hieWKaE 4 + -> ssh-ed25519 FcROng uBO/aCTSS5JU9ZTkyRgFeYhmkcXdifUycQk8CEGADx0 5 + LZE8JNFrlOeySFamABnZuZHdXdLPYB8/X4gic3stCuw 6 + -> ssh-ed25519 OV+2QQ m13opn5yD0oMLSR8j1jiI9CkzwDSZI37UhJdLQ/KzjE 7 + 6arhn/OFKiGrFabcFCF/yTtTSQImORJX5Ohq50I3xpU 8 + -> ssh-ed25519 h/Fm0A HfM3i56ldP9EvwYTNorzdtkwn21zvFd6cEqUINsg8hg 9 + RJo7z0Nk179ZiazofToA+0KOD3CWfpzaFcZWrSeVsuo 10 + -> ssh-ed25519 Aoo1Gg DKY2avQ+UMyIytEefP6C3LTXTT7QaDBDguxu4G3j/iY 11 + EqCq0BeV+rToFnOCbD9ru9KroXxGcYKRnryKF7N8Uoo 12 + --- L0JkNEz2vJ0m7+8PQELugzzhQAKV/6z/JrU2qeTDPWI 13 + /g�DQ�ӳ`�����< �S��U���p}E+(��2H�'��͖�������Av6p.P#,����l �����@��7���|F�;;�Dޓ,�8@���E{
+9
secrets/porkbun-api-key.age
···
··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g x6PGKDva9Uj/rVaeOiWSBKTgNsi6ZT1XtHdUEAPn7Wo 3 + hziH64vy2Dx0dMEEKphhw54hzyzhgAYONxaSqDgguP0 4 + -> ssh-ed25519 QBbeMw G775f6PEJrogzi+h0cDKhCmfZ4t8uaJSsGqSuLdwq1M 5 + TR9UfYVljeb+DtttBpMlinZjbPNKL7+omEasEo0nEjE 6 + -> ssh-ed25519 Wv0Urw jXwjCKuCW6z7ZGu0hp/igks4vgCcGGng0VGXeHakJRI 7 + b6fciWjygpGMI83E3C3JBjJZ7X5tDXRPRKgn1Uy/1P0 8 + --- X67NLqQNueHXFrw9Z2SBA880xnUEPLbKRjADgdiBfIs 9 + &u&6�=�ڌ5�!,B[��e������F�[��9�� "lU����<�9�D$m̆��6`JU �dB~S�A6D;s��љ: M��p g�Y��@pBj�6���f����p�;��{�H�y�2{�?���#Pl�D@#ye��3��jD��tץ����6���=�A�������lJڊQ'���..>�(񵑅|wn��Zf<= _
+29
secrets/secrets.nix
···
··· 1 + let 2 + noah = [ 3 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki" 4 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC/cXL1cV6QUW5z2bJp1mCu0CXrcc0Dntdxaeo3fg60N noah@odin" 5 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIChbA8oSqYgmjIGYjlpAPLf+Nl6IlcSb2Zmh/Hl6xm88 noah@accelerator" 6 + ]; 7 + misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 8 + edge = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINCmFKYXpQf1E8E7fj5s+3R33HPRjPhXrv++FCKYBCd4 root@nixos"; 9 + odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJIuvOXEK7M2i/Q8FeableBS+L20zwQpLetOuFGUhba2 root@nixos"; 10 + touma-wsl = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFeyj52bQ/nf5k4HwDckeHy8wU3weDtY6IF6VlUJ/hAH root@nixos"; 11 + shizuri = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIaMdVtl8UlDa9kI/PO62Glu/PeJXfgXNsVg92b+BibE root@nixos"; 12 + hosts = [ 13 + misaki 14 + edge 15 + odin 16 + touma-wsl 17 + shizuri 18 + ]; 19 + in 20 + { 21 + "porkbun-api-key.age".publicKeys = [ misaki ] ++ noah; 22 + "noah-hashed-password.age".publicKeys = hosts; 23 + "nix-serve-secret-key.age".publicKeys = [ 24 + misaki 25 + noah 26 + ]; 27 + "validator-identity.age".publicKeys = [ edge ]; 28 + "catgirl-libera.age".publicKeys = noah; 29 + }
secrets/validator-identity.age

This is a binary file and will not be displayed.

+22 -32
services.nix
··· 1 - { ... }: 2 { 3 # Some programs need SUID wrappers, can be configured further or are 4 # started in user sessions. 5 - # programs.mtr.enable = true; 6 - programs.gnupg.agent = { 7 - enable = true; 8 - enableSSHSupport = false; 9 - }; 10 11 # Fish shell, the best 12 programs.fish.enable = true; 13 14 - # List services that you want to enable: 15 - 16 - # Enable the OpenSSH daemon. 17 - services.openssh.enable = true; 18 - 19 - # Smart Card daemon 20 - services.pcscd.enable = true; 21 - 22 - # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 23 - services.hardware.bolt.enable = true; 24 - 25 # Tailscale 26 services.tailscale = { 27 enable = true; 28 - useRoutingFeatures = "client"; 29 }; 30 31 - services.redis.servers."" = { 32 enable = true; 33 }; 34 35 - # Containers and VMs 36 - virtualisation = { 37 - podman = { 38 - enable = false; 39 - dockerCompat = true; 40 - defaultNetwork.settings.dns_enabled = true; 41 - dockerSocket.enable = true; 42 - }; 43 - docker = { 44 - enable = true; 45 - storageDriver = "overlay2"; 46 - }; 47 - }; 48 }
··· 1 + { enableNFTables, lib, ... }: 2 { 3 + 4 # Some programs need SUID wrappers, can be configured further or are 5 # started in user sessions. 6 + programs.mtr.enable = true; 7 8 # Fish shell, the best 9 programs.fish.enable = true; 10 11 # Tailscale 12 services.tailscale = { 13 enable = true; 14 + openFirewall = true; 15 }; 16 + # Don't wait for networks on boot, should speed up boot 17 + systemd.network.wait-online.enable = false; 18 + boot.initrd.systemd.network.wait-online.enable = false; 19 + networking.firewall.trustedInterfaces = [ "tailscale0" ]; 20 21 + # Enable the OpenSSH daemon. 22 + services.openssh = { 23 enable = true; 24 + openFirewall = true; 25 + settings.PasswordAuthentication = false; 26 }; 27 28 + # MOSH, SSH over flakey connections 29 + programs.mosh.enable = true; 30 + } 31 + // lib.optionalAttrs enableNFTables { 32 + # Use nftables 33 + networking.nftables.enable = true; 34 + # Support native nftables in tailscale 35 + systemd.services.tailscaled.serviceConfig.Environment = [ 36 + "TS_DEBUG_FIREWALL_MODE=nftables" 37 + ]; 38 }
+2
shell.nix
···
··· 1 + { pkgs ? import <nixos-unstable> { } }: 2 + pkgs.mkShell { packages = with pkgs; [ nil lua-language-server ]; }
+46 -22
ssh/extra
··· 1 AddKeysToAgent yes 2 ServerAliveInterval 60 3 - ForwardAgent no 4 ControlMaster auto 5 ControlPath ~/.ssh/master-%r@%h:%p 6 7 - Host 192.168.1.* 8 - ForwardAgent yes 9 - 10 - Host *.local 11 - ForwardAgent yes 12 - 13 Host home 14 Hostname packetlostandfound.us 15 User noah 16 IdentityFile ~/.ssh/id_ed25519 17 IdentitiesOnly yes 18 - ForwardAgent yes 19 20 Host git.sr.ht 21 HostName git.sr.ht ··· 33 IdentityFile ~/.ssh/id_ed25519 34 ForwardAgent yes 35 36 Host komoe 37 HostName 192.168.1.5 38 User noah 39 IdentityFile ~/.ssh/id_ed25519 40 ForwardAgent yes 41 42 Host sdf 43 HostName tty.sdf.org 44 User ngp 45 IdentityFile ~/.ssh/id_ed25519 46 - ForwardAgent yes 47 48 Host tildeclub 49 HostName tilde.club 50 User ngp 51 IdentityFile ~/.ssh/id_ed25519 52 - ForwardAgent yes 53 54 Host envs 55 HostName envs.net 56 User ngp 57 IdentityFile ~/.ssh/id_ed25519 58 - ForwardAgent yes 59 60 Host tildeteam 61 HostName tilde.team 62 User ngp 63 IdentityFile ~/.ssh/id_ed25519 64 - ForwardAgent yes 65 66 Host ctrl-c 67 HostName ctrl-c.club 68 User ngp 69 IdentityFile ~/.ssh/id_ed25519 70 - ForwardAgent yes 71 72 Host tildetown 73 HostName tilde.town 74 User ngp 75 IdentityFile ~/.ssh/id_ed25519 76 - ForwardAgent yes 77 78 Host yourtilde 79 HostName yourtilde.com 80 User ngp 81 IdentityFile ~/.ssh/id_ed25519 82 - ForwardAgent yes 83 84 Host hashbang 85 - HostName to1.hashbang.sh 86 - IdentitiesOnly yes 87 - User ngp 88 - IdentityFile ~/.ssh/id_ed25519 89 - ForwardAgent yes 90 91 Host tiny 92 HostName tiny.packetlost.dev 93 User noah 94 IdentityFile ~/.ssh/id_ed25519 95 - ForwardAgent yes 96 97 Host seedbox 98 HostName canopus.usbx.me 99 User ngp 100 IdentityFile ~/.ssh/id_ed25519 101 - ForwardAgent no 102 103 Host launchpad 104 HostName git.launchpad.net
··· 1 AddKeysToAgent yes 2 ServerAliveInterval 60 3 + ForwardAgent yes 4 ControlMaster auto 5 ControlPath ~/.ssh/master-%r@%h:%p 6 7 Host home 8 Hostname packetlostandfound.us 9 User noah 10 IdentityFile ~/.ssh/id_ed25519 11 IdentitiesOnly yes 12 13 Host git.sr.ht 14 HostName git.sr.ht ··· 26 IdentityFile ~/.ssh/id_ed25519 27 ForwardAgent yes 28 29 + Host aleister 30 + HostName 192.168.1.16 31 + User noah 32 + IdentityFile ~/.ssh/id_ed25519 33 + ForwardAgent yes 34 + 35 Host komoe 36 HostName 192.168.1.5 37 User noah 38 IdentityFile ~/.ssh/id_ed25519 39 ForwardAgent yes 40 41 + Host othinus 42 + HostName 192.168.1.4 43 + User noah 44 + IdentityFile ~/.ssh/id_ed25519 45 + ForwardAgent yes 46 + 47 + Host odin 48 + HostName 192.168.1.6 49 + User noah 50 + IdentityFile ~/.ssh/id_ed25519 51 + ForwardAgent yes 52 + 53 + Host accelerator 54 + HostName 192.168.1.7 55 + User noah 56 + IdentityFile ~/.ssh/id_ed25519 57 + ForwardAgent yes 58 + 59 + Host shizuri 60 + HostName 192.168.1.15 61 + User noah 62 + IdentityFile ~/.ssh/id_ed25519 63 + ForwardAgent yes 64 + ForwardX11 yes 65 + 66 Host sdf 67 HostName tty.sdf.org 68 User ngp 69 IdentityFile ~/.ssh/id_ed25519 70 71 Host tildeclub 72 HostName tilde.club 73 User ngp 74 IdentityFile ~/.ssh/id_ed25519 75 76 Host envs 77 HostName envs.net 78 User ngp 79 IdentityFile ~/.ssh/id_ed25519 80 81 Host tildeteam 82 HostName tilde.team 83 User ngp 84 IdentityFile ~/.ssh/id_ed25519 85 86 Host ctrl-c 87 HostName ctrl-c.club 88 User ngp 89 IdentityFile ~/.ssh/id_ed25519 90 91 Host tildetown 92 HostName tilde.town 93 User ngp 94 IdentityFile ~/.ssh/id_ed25519 95 96 Host yourtilde 97 HostName yourtilde.com 98 User ngp 99 IdentityFile ~/.ssh/id_ed25519 100 101 Host hashbang 102 + HostName to1.hashbang.sh 103 + IdentitiesOnly yes 104 + User ngp 105 + IdentityFile ~/.ssh/id_ed25519 106 107 Host tiny 108 HostName tiny.packetlost.dev 109 User noah 110 IdentityFile ~/.ssh/id_ed25519 111 + 112 + Host tinybsd 113 + HostName tinybsd.packetlost.dev 114 + User noah 115 + IdentityFile ~/.ssh/id_ed25519 116 117 Host seedbox 118 HostName canopus.usbx.me 119 User ngp 120 IdentityFile ~/.ssh/id_ed25519 121 + 122 + Host saten 123 + HostName saten.packetlost.dev 124 + User noah 125 + IdentityFile ~/.ssh/id_ed25519 126 127 Host launchpad 128 HostName git.launchpad.net
+4 -11
sway/config
··· 14 set $right l 15 16 # Your preferred terminal emulator 17 - set $term ghostty 18 # Your preferred application launcher 19 # Note: it's recommended that you pass the final command to sway 20 #set $menu dmenu_path | dmenu | xargs swaymsg exec -- 21 22 - #set $menu exec kitty --class 'launcher' sh -c 'compgen -c | sort -u | fzf | xargs -r swaymsg -t command exec' 23 - #for_window [app_id="^launcher$"] floating enable, border none, resize set width 25 ppt height 100 ppt, move position 0 px 0 px 24 - 25 - set $menu exec fuzzel 26 27 # Lockscreen 28 set $lock swaylock -c 892243 -e ··· 45 ### Idle configuration 46 set $idle swayidle -w \ 47 timeout 300 '$lock' \ 48 - timeout 360 'swaymsg "output * dpms off"' \ 49 timeout 15 'if pgrep -x swaylock; then swaymsg "output * dpms off"; fi' \ 50 resume 'swaymsg "output * dpms on"' \ 51 before-sleep '$lock' ··· 73 74 input "1133:45081:MX_Master_2S_Mouse" { 75 pointer_accel 0 76 - accel_profile flat 77 - } 78 - 79 - input "1133:50504:Logitech_USB_Receiver_Mouse" { 80 - pointer_accel 0.2 81 accel_profile flat 82 } 83
··· 14 set $right l 15 16 # Your preferred terminal emulator 17 + set $term kitty 18 # Your preferred application launcher 19 # Note: it's recommended that you pass the final command to sway 20 #set $menu dmenu_path | dmenu | xargs swaymsg exec -- 21 22 + set $menu exec kitty --class 'launcher' sh -c 'compgen -c | sort -u | fzf | xargs -r swaymsg -t command exec' 23 + for_window [app_id="^launcher$"] floating enable, border none, resize set width 25 ppt height 100 ppt, move position 0 px 0 px 24 25 # Lockscreen 26 set $lock swaylock -c 892243 -e ··· 43 ### Idle configuration 44 set $idle swayidle -w \ 45 timeout 300 '$lock' \ 46 + timeout 600 'swaymsg "output * dpms off"' \ 47 timeout 15 'if pgrep -x swaylock; then swaymsg "output * dpms off"; fi' \ 48 resume 'swaymsg "output * dpms on"' \ 49 before-sleep '$lock' ··· 71 72 input "1133:45081:MX_Master_2S_Mouse" { 73 pointer_accel 0 74 accel_profile flat 75 } 76
+2 -2
sway/odin
··· 2 #workspace $ws1 output DP-6 3 #workspace $ws2 output HDMI-A-1 4 5 - output "Acer Technologies XV272U 0x8520810C" { 6 mode 2560x1440@143.999Hz 7 pos 440 0 8 transform normal ··· 17 transform normal 18 scale 1.0 19 scale_filter nearest 20 - adaptive_sync off 21 dpms on 22 }
··· 2 #workspace $ws1 output DP-6 3 #workspace $ws2 output HDMI-A-1 4 5 + output "Acer Technologies XV272U 0x0000A50C" { 6 mode 2560x1440@143.999Hz 7 pos 440 0 8 transform normal ··· 17 transform normal 18 scale 1.0 19 scale_filter nearest 20 + adaptive_sync on 21 dpms on 22 }
+11 -5
users.nix
··· 1 { 2 pkgs, 3 lib, 4 ... 5 }: 6 { ··· 9 # I don't want to allow ad-hoc modifying users on the system. 10 # Users must be declared either as part of a package or in this file. 11 users.mutableUsers = false; 12 13 # Define a user account. Don't forget to set a password with ‘passwd’. 14 users.users.noah = { ··· 18 "wheel" 19 "video" 20 "nas" 21 - "libvirtd" 22 - "qemu-libvirtd" 23 - "docker" 24 - ]; # Enable ‘sudo’ for the user. 25 - hashedPasswordFile = "/etc/nixos/noah-password"; 26 openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 27 builtins.readFile ( 28 builtins.fetchurl {
··· 1 { 2 pkgs, 3 lib, 4 + config, 5 + extraGroups ? [ ], 6 ... 7 }: 8 { ··· 11 # I don't want to allow ad-hoc modifying users on the system. 12 # Users must be declared either as part of a package or in this file. 13 users.mutableUsers = false; 14 + 15 + age.secrets.noah-password = { 16 + file = ./secrets/noah-hashed-password.age; 17 + owner = "root"; 18 + group = "root"; 19 + }; 20 21 # Define a user account. Don't forget to set a password with ‘passwd’. 22 users.users.noah = { ··· 26 "wheel" 27 "video" 28 "nas" 29 + ] 30 + ++ extraGroups; # Enable ‘sudo’ for the user. 31 + hashedPasswordFile = config.age.secrets.noah-password.path; 32 openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 33 builtins.readFile ( 34 builtins.fetchurl {
+2 -2
vis/visrc.lua
··· 1 require('vis') 2 local plugin_manager = 'plugins/vis-plug' 3 local plugins = { 4 - { 'timoha/vis-acme', theme = true, file = 'acme' }, 5 { 'milhnl/vis-format' }, 6 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 7 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, ··· 56 --per-window configuration-- 57 --vis:command('set number') 58 --vis:command('set showtab on') 59 - vis:command('set showspace off') 60 vis:command('set autoindent on') 61 vis:command('set cursorline on') 62 vis:command('set tabwidth 4')
··· 1 require('vis') 2 local plugin_manager = 'plugins/vis-plug' 3 local plugins = { 4 + --{ 'timoha/vis-acme', theme = true, file = 'acme' }, 5 { 'milhnl/vis-format' }, 6 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 7 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, ··· 56 --per-window configuration-- 57 --vis:command('set number') 58 --vis:command('set showtab on') 59 + --vis:command('set showspace off') 60 vis:command('set autoindent on') 61 vis:command('set cursorline on') 62 vis:command('set tabwidth 4')