+2

.tsk/archive/tsk-1.tsk

··· 0 0

··· 1 + Remove immich overlay 2 +

+2

.tsk/archive/tsk-2.tsk

··· 0 0

··· 1 + Remove plex overlay 2 +

+2

.tsk/archive/tsk-3.tsk

··· 0 0

··· 1 + finish migration to flake 2 +

+1

.tsk/index

··· 0

··· 1 + tsk-1 Remove immich overlay 1755227223

+1

.tsk/next

··· 0

··· 1 + 4

+1

.tsk/tasks/tsk-1.tsk

··· 0

··· 1 + ../archive/tsk-1.tsk

+6 -1

boot.nix

··· 1 - { ... }: { 0 2 # Use the systemd-boot EFI boot loader. 3 boot.loader.systemd-boot.enable = true; 4 boot.loader.efi.canTouchEfiVariables = true; 0 0 0 0 5 }

··· 1 + { ... }: 2 + { 3 # Use the systemd-boot EFI boot loader. 4 boot.loader.systemd-boot.enable = true; 5 boot.loader.efi.canTouchEfiVariables = true; 6 + 7 + boot.supportedFilesystems = [ "zfs" ]; 8 + boot.zfs.forceImportRoot = false; 9 + boot.zfs.extraPools = [ "shokuhou" "mentalout" ]; 10 }

+36 -29

configuration.nix

··· 1 # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 5 - # NixOS-WSL specific options are documented on the NixOS-WSL repository: 6 - # https://github.com/nix-community/NixOS-WSL 7 8 - { ... }: { 9 - imports = [ 10 - # WSL has no hardware configuration 11 - #./hardware-configuration.nix 12 - #./boot.nix 13 - ./networking.nix 14 - #./gui.nix 15 - ./users.nix 16 - ./packages.nix 17 - ./services.nix 18 - # include NixOS-WSL modules 19 - <nixos-wsl/modules> 20 - ]; 21 - wsl = { 22 - enable = true; 23 - defaultUser = "noah"; 24 - wslConf.network.hostname = "touma-wsl-nixos"; 25 - }; 26 - 27 # Set your time zone. 28 time.timeZone = "America/Chicago"; 29 ··· 38 # Copy the NixOS configuration file and link it from the resulting system 39 # (/run/current-system/configuration.nix). This is useful in case you 40 # accidentally delete configuration.nix. 41 - system.copySystemConfiguration = true; 42 43 # Automatic doc cache generation 44 documentation.man.generateCaches = true; ··· 50 randomizedDelaySec = "45min"; 51 }; 52 53 - # This value determines the NixOS release from which the default 54 - # settings for stateful data, like file locations and database versions 55 - # on your system were taken. It's perfectly fine and recommended to leave 56 - # this value at the release version of the first install of this system. 57 - # Before changing this value read the documentation for this option 58 - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 0 0 0 0 0 0 0 0 0 0 0 0 0 0 59 system.stateVersion = "23.11"; # Did you read the comment? 0 60 }

··· 1 # Edit this configuration file to define what should be installed on 2 + ## your system. Help is available in the configuration.nix(5) man page, on 3 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 5 + { ... }: 0 6 7 + { 8 + imports = 9 + [ 10 + # Include the results of the hardware scan. 11 + ./hardware-configuration.nix 12 + ./boot.nix 13 + ./networking.nix 14 + #./gui.nix 15 + ./users.nix 16 + ./packages.nix 17 + ./services.nix 18 + ]; 0 0 0 0 0 0 0 19 # Set your time zone. 20 time.timeZone = "America/Chicago"; 21 ··· 30 # Copy the NixOS configuration file and link it from the resulting system 31 # (/run/current-system/configuration.nix). This is useful in case you 32 # accidentally delete configuration.nix. 33 + #system.copySystemConfiguration = true; 34 35 # Automatic doc cache generation 36 documentation.man.generateCaches = true; ··· 42 randomizedDelaySec = "45min"; 43 }; 44 45 + # Automatic Garbage Collection 46 + nix.gc.automatic = true; 47 + nix.gc.options = "--delete-older-than 8d"; 48 + 49 + # This option defines the first version of NixOS you have installed on this particular machine, 50 + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. 51 + # 52 + # Most users should NEVER change this value after the initial install, for any reason, 53 + # even if you've upgraded your system to a new NixOS release. 54 + # 55 + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, 56 + # so changing it will NOT upgrade your system. 57 + # 58 + # This value being lower than the current NixOS release does NOT mean your system is 59 + # out of date, out of support, or vulnerable. 60 + # 61 + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, 62 + # and migrated your data accordingly. 63 + # 64 + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . 65 system.stateVersion = "23.11"; # Did you read the comment? 66 + 67 }

+1

coredns/localhost.hosts

··· 0

··· 1 + 127.0.0.1 *.localhost

+9

coredns/ngp.computer.hosts

··· 0 0 0 0 0 0 0 0 0

··· 1 + 192.168.1.3 img.ngp.computer 2 + 192.168.1.3 photos.ngp.computer 3 + 192.168.1.3 misaki.ngp.computer 4 + 192.168.1.3 files.ngp.computer 5 + 6 + fe80::9ab7:85ff:fe1e:dfe8 img.ngp.computer 7 + fe80::9ab7:85ff:fe1e:dfe8 photos.ngp.computer 8 + fe80::9ab7:85ff:fe1e:dfe8 misaki.ngp.computer 9 + fe80::9ab7:85ff:fe1e:dfe8 files.ngp.computer

+17

coredns/packetlost.dev.hosts

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + # Services 2 + 192.168.1.3 git.packetlost.dev 3 + 192.168.1.3 plex.packetlost.dev 4 + 192.168.1.3 jellyfin.packetlost.dev 5 + 192.168.1.3 nats.packetlost.dev 6 + 7 + # LAN Hosts 8 + 192.168.1.3 misaki.packetlost.dev misaki 9 + 192.168.1.3 cache.packetlost.dev cache 10 + 192.168.1.5 komoe.packetlost.dev komoe 11 + 192.168.1.6 rainbow.packetlost.dev rainbow 12 + 192.168.1.10 ichika.packetlost.dev ichika 13 + 192.168.1.11 futaba.packetlost.dev futaba 14 + 192.168.1.12 mitsumi.packetlost.dev mitsumi 15 + 192.168.1.13 orangepi5.packetlost.dev orangepi5 16 + 192.168.1.30 touma.packetlost.dev touma 17 + 192.168.1.33 kamijou.packetlost.dev kamijou

+16

default.nix

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + let 2 + nix-pre-commit-hooks = import (builtins.fetchTarball "https://github.com/cachix/pre-commit-hooks.nix/tarball/master"); 3 + in 4 + { 5 + # Configured with the module options defined in `modules/pre-commit.nix`: 6 + pre-commit-check = nix-pre-commit-hooks.run { 7 + src = ./.; 8 + # If your hooks are intrusive, avoid running on each commit with a default_states like this: 9 + # default_stages = ["manual" "push"]; 10 + hooks = { 11 + nixpkgs-fmt.enable = true; 12 + nil.enable = true; 13 + luacheck.enable = true; 14 + }; 15 + }; 16 + }

+5 -17

fish/config.fish

··· 17 abbr gd "git diff" 18 abbr ga "git add" 19 abbr glog "git log –graph –decorate –oneline –all" 20 - if type -q "emanote" 21 - abbr n "cd ~/repos/notes" 22 - abbr ne "cd ~/repos/notes; nvim" 23 - end 24 - 25 - abbr srhtclone "git clone git@git.sr.ht:~chiefnoah/" 26 - abbr ghclone "git clone git@github.com:chiefnoah/" 27 28 if test -d "~/repos" 29 alias r "cd ~/repos" 30 end 31 0 32 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 33 - # PATH stuff 34 35 - if test -z "(pgrep ssh-agent)" 36 - eval (ssh-agent -c) > /dev/null # no output 37 - set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 38 - set -Ux SSH_AGENT_PID $SSH_AGENT_PID 39 - set -Ux SSH_AUTH_SOCK $SSH_AUTH_SOCK 40 - end 41 42 - # Run ssh-agent 43 if type -q "direnv" 44 direnv hook fish | source 45 set -g direnv_fish_mode eval_on_arrow ··· 53 # NATS config 54 set -Ux NATS_URL tls://misaki.local 55 set -Ux NATS_CA /srv/nats/minica.pem 56 - set -Ux NATS_CERT /srv/nats/touma-nixos@packetlost.dev/cert.pem 57 - set -Ux NATS_KEY /srv/nats/touma-nixos@packetlost.dev/key.pem 0 58 59 # Keybindings 60 fish_default_key_bindings

··· 17 abbr gd "git diff" 18 abbr ga "git add" 19 abbr glog "git log –graph –decorate –oneline –all" 0 0 0 0 0 0 0 20 21 if test -d "~/repos" 22 alias r "cd ~/repos" 23 end 24 25 + # We start the ssh-agent in noah-home.nix, so we'll add the socket to the environment 26 set -Ux SSH_AUTH_SOCK /var/run/user/(id -u)/ssh-agent 0 27 28 + # PATH stuff 0 0 0 0 0 29 0 30 if type -q "direnv" 31 direnv hook fish | source 32 set -g direnv_fish_mode eval_on_arrow ··· 40 # NATS config 41 set -Ux NATS_URL tls://misaki.local 42 set -Ux NATS_CA /srv/nats/minica.pem 43 + set -Ux NATS_CERT /srv/nats/misaki.packetlost.dev/cert.pem 44 + set -Ux NATS_KEY /srv/nats/misaki.packetlost.dev/key.pem 45 + 46 47 # Keybindings 48 fish_default_key_bindings

+1 -1

fish/functions/lfcd.fish

··· 13 14 function lfcd 15 set tmp (mktemp) 16 - lf -last-dir-path=$tmp $argv 17 if test -f "$tmp" 18 set dir (cat $tmp) 19 rm -f $tmp

··· 13 14 function lfcd 15 set tmp (mktemp) 16 + yazi --cwd-file=$tmp $argv 17 if test -f "$tmp" 18 set dir (cat $tmp) 19 rm -f $tmp

+308 -22

flake.lock

··· 1 { 2 "nodes": { 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 "flake-compat": { 4 "flake": false, 5 "locked": { ··· 14 "owner": "edolstra", 15 "repo": "flake-compat", 16 "type": "github" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17 } 18 }, 19 "gitignore": { ··· 40 "home-manager": { 41 "inputs": { 42 "nixpkgs": [ 0 43 "nixpkgs" 44 ] 45 }, 46 "locked": { 47 - "lastModified": 1764776959, 48 - "narHash": "sha256-d+5CGloq7Lo1u2SkzhF8oiOdUc6Z5emh22nTXUB9CFA=", 49 "owner": "nix-community", 50 "repo": "home-manager", 51 - "rev": "e1680d594a9281651cbf7d126941a8c8e2396183", 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 52 "type": "github" 53 }, 54 "original": { ··· 58 "type": "github" 59 } 60 }, 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 61 "nixpkgs": { 62 "locked": { 63 - "lastModified": 1764522689, 64 - "narHash": "sha256-SqUuBFjhl/kpDiVaKLQBoD8TLD+/cTUzzgVFoaHrkqY=", 65 - "owner": "nixos", 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 66 "repo": "nixpkgs", 67 - "rev": "8bb5646e0bed5dbd3ab08c7a7cc15b75ab4e1d0f", 68 "type": "github" 69 }, 70 "original": { 71 - "owner": "nixos", 72 - "ref": "nixos-25.11", 73 "repo": "nixpkgs", 0 74 "type": "github" 75 } 76 }, 77 "nixpkgs-unstable": { 78 "locked": { 79 - "lastModified": 1744463964, 80 - "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", 81 "owner": "nixos", 82 "repo": "nixpkgs", 83 - "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", 84 "type": "github" 85 }, 86 "original": { ··· 92 }, 93 "nixpkgs_2": { 94 "locked": { 95 - "lastModified": 1730768919, 96 - "narHash": "sha256-8AKquNnnSaJRXZxc5YmF/WfmxiHX6MMZZasRP6RRQkE=", 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 97 "owner": "NixOS", 98 "repo": "nixpkgs", 99 - "rev": "a04d33c0c3f1a59a2c1cb0c6e34cd24500e5a1dc", 100 "type": "github" 101 }, 102 "original": { ··· 108 }, 109 "pre-commit-hooks": { 110 "inputs": { 111 - "flake-compat": "flake-compat", 112 "gitignore": "gitignore", 113 - "nixpkgs": "nixpkgs_2" 114 }, 115 "locked": { 116 - "lastModified": 1742649964, 117 - "narHash": "sha256-DwOTp7nvfi8mRfuL1escHDXabVXFGT1VlPD1JHrtrco=", 118 "owner": "cachix", 119 "repo": "git-hooks.nix", 120 - "rev": "dcf5072734cb576d2b0c59b2ac44f5050b5eac82", 121 "type": "github" 122 }, 123 "original": { ··· 128 }, 129 "root": { 130 "inputs": { 131 - "home-manager": "home-manager", 132 - "nixpkgs": "nixpkgs", 0 0 133 "nixpkgs-unstable": "nixpkgs-unstable", 134 "pre-commit-hooks": "pre-commit-hooks" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 135 } 136 } 137 },

··· 1 { 2 "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": "nixpkgs", 8 + "systems": "systems" 9 + }, 10 + "locked": { 11 + "lastModified": 1762618334, 12 + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", 13 + "owner": "ryantm", 14 + "repo": "agenix", 15 + "rev": "fcdea223397448d35d9b31f798479227e80183f6", 16 + "type": "github" 17 + }, 18 + "original": { 19 + "owner": "ryantm", 20 + "repo": "agenix", 21 + "type": "github" 22 + } 23 + }, 24 + "darwin": { 25 + "inputs": { 26 + "nixpkgs": [ 27 + "agenix", 28 + "nixpkgs" 29 + ] 30 + }, 31 + "locked": { 32 + "lastModified": 1744478979, 33 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 34 + "owner": "lnl7", 35 + "repo": "nix-darwin", 36 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 37 + "type": "github" 38 + }, 39 + "original": { 40 + "owner": "lnl7", 41 + "ref": "master", 42 + "repo": "nix-darwin", 43 + "type": "github" 44 + } 45 + }, 46 + "determinate-nixd-aarch64-darwin": { 47 + "flake": false, 48 + "locked": { 49 + "narHash": "sha256-uWDS94cAYprGj+AwuT42nuuDDicRLj1S0JwalZGeBRU=", 50 + "type": "file", 51 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 52 + }, 53 + "original": { 54 + "type": "file", 55 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/macOS" 56 + } 57 + }, 58 + "determinate-nixd-aarch64-linux": { 59 + "flake": false, 60 + "locked": { 61 + "narHash": "sha256-uHBcZCh2/Bj5/88TDihupA336tSQDk7s5lVP66IDAX0=", 62 + "type": "file", 63 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 64 + }, 65 + "original": { 66 + "type": "file", 67 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/aarch64-linux" 68 + } 69 + }, 70 + "determinate-nixd-x86_64-linux": { 71 + "flake": false, 72 + "locked": { 73 + "narHash": "sha256-y+l05H6GNv/1WcrMztDYem8VBWqjc9gNg4WjeQ1PQxo=", 74 + "type": "file", 75 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 76 + }, 77 + "original": { 78 + "type": "file", 79 + "url": "https://install.determinate.systems/determinate-nixd/tag/v3.15.1/x86_64-linux" 80 + } 81 + }, 82 + "determinite": { 83 + "inputs": { 84 + "determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin", 85 + "determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux", 86 + "determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux", 87 + "nix": "nix", 88 + "nixpkgs": [ 89 + "nixpkgs" 90 + ] 91 + }, 92 + "locked": { 93 + "lastModified": 1766549083, 94 + "narHash": "sha256-G1Hljg7vIBt8n9cxO382YAZWtZU/mYfQcg3icdNG8RQ=", 95 + "rev": "ba8999fac986e70f52b4cba15047be7bbb7b6346", 96 + "revCount": 318, 97 + "type": "tarball", 98 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.15.1/019b4e8a-dc22-75db-aef5-a447efbb1a13/source.tar.gz" 99 + }, 100 + "original": { 101 + "type": "tarball", 102 + "url": "https://flakehub.com/f/DeterminateSystems/determinate/3" 103 + } 104 + }, 105 "flake-compat": { 106 "flake": false, 107 "locked": { ··· 116 "owner": "edolstra", 117 "repo": "flake-compat", 118 "type": "github" 119 + } 120 + }, 121 + "flake-compat_2": { 122 + "flake": false, 123 + "locked": { 124 + "lastModified": 1761588595, 125 + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", 126 + "owner": "edolstra", 127 + "repo": "flake-compat", 128 + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", 129 + "type": "github" 130 + }, 131 + "original": { 132 + "owner": "edolstra", 133 + "repo": "flake-compat", 134 + "type": "github" 135 + } 136 + }, 137 + "flake-parts": { 138 + "inputs": { 139 + "nixpkgs-lib": [ 140 + "determinite", 141 + "nix", 142 + "nixpkgs" 143 + ] 144 + }, 145 + "locked": { 146 + "lastModified": 1748821116, 147 + "narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=", 148 + "rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1", 149 + "revCount": 377, 150 + "type": "tarball", 151 + "url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz" 152 + }, 153 + "original": { 154 + "type": "tarball", 155 + "url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1" 156 + } 157 + }, 158 + "git-hooks-nix": { 159 + "inputs": { 160 + "flake-compat": "flake-compat", 161 + "gitignore": [ 162 + "determinite", 163 + "nix" 164 + ], 165 + "nixpkgs": [ 166 + "determinite", 167 + "nix", 168 + "nixpkgs" 169 + ] 170 + }, 171 + "locked": { 172 + "lastModified": 1747372754, 173 + "narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=", 174 + "rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46", 175 + "revCount": 1026, 176 + "type": "tarball", 177 + "url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz" 178 + }, 179 + "original": { 180 + "type": "tarball", 181 + "url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941" 182 } 183 }, 184 "gitignore": { ··· 205 "home-manager": { 206 "inputs": { 207 "nixpkgs": [ 208 + "agenix", 209 "nixpkgs" 210 ] 211 }, 212 "locked": { 213 + "lastModified": 1745494811, 214 + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", 215 "owner": "nix-community", 216 "repo": "home-manager", 217 + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", 218 + "type": "github" 219 + }, 220 + "original": { 221 + "owner": "nix-community", 222 + "repo": "home-manager", 223 + "type": "github" 224 + } 225 + }, 226 + "home-manager_2": { 227 + "inputs": { 228 + "nixpkgs": [ 229 + "nixpkgs" 230 + ] 231 + }, 232 + "locked": { 233 + "lastModified": 1767024057, 234 + "narHash": "sha256-B1aycRjMRvb6QOGbnqDhiDzZwMebj5jxZ5qyJzaKvpI=", 235 + "owner": "nix-community", 236 + "repo": "home-manager", 237 + "rev": "34578a2fdfce4257ce5f5baf6e7efbd4e4e252b1", 238 "type": "github" 239 }, 240 "original": { ··· 244 "type": "github" 245 } 246 }, 247 + "nix": { 248 + "inputs": { 249 + "flake-parts": "flake-parts", 250 + "git-hooks-nix": "git-hooks-nix", 251 + "nixpkgs": "nixpkgs_2", 252 + "nixpkgs-23-11": "nixpkgs-23-11", 253 + "nixpkgs-regression": "nixpkgs-regression" 254 + }, 255 + "locked": { 256 + "lastModified": 1766546676, 257 + "narHash": "sha256-GsC52VFF9Gi2pgP/haQyPdQoF5Qe2myk1tsPcuJZI28=", 258 + "rev": "51dacdd248e8071cd0243a8245c8c42ac1f33307", 259 + "revCount": 24299, 260 + "type": "tarball", 261 + "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.15.1/019b4e84-d036-75db-b6c6-6bc2e2035c53/source.tar.gz" 262 + }, 263 + "original": { 264 + "type": "tarball", 265 + "url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A" 266 + } 267 + }, 268 "nixpkgs": { 269 "locked": { 270 + "lastModified": 1754028485, 271 + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", 272 + "owner": "NixOS", 273 + "repo": "nixpkgs", 274 + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", 275 + "type": "github" 276 + }, 277 + "original": { 278 + "owner": "NixOS", 279 + "ref": "nixos-25.05", 280 + "repo": "nixpkgs", 281 + "type": "github" 282 + } 283 + }, 284 + "nixpkgs-23-11": { 285 + "locked": { 286 + "lastModified": 1717159533, 287 + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", 288 + "owner": "NixOS", 289 + "repo": "nixpkgs", 290 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 291 + "type": "github" 292 + }, 293 + "original": { 294 + "owner": "NixOS", 295 + "repo": "nixpkgs", 296 + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", 297 + "type": "github" 298 + } 299 + }, 300 + "nixpkgs-regression": { 301 + "locked": { 302 + "lastModified": 1643052045, 303 + "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=", 304 + "owner": "NixOS", 305 "repo": "nixpkgs", 306 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 307 "type": "github" 308 }, 309 "original": { 310 + "owner": "NixOS", 0 311 "repo": "nixpkgs", 312 + "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2", 313 "type": "github" 314 } 315 }, 316 "nixpkgs-unstable": { 317 "locked": { 318 + "lastModified": 1766902085, 319 + "narHash": "sha256-coBu0ONtFzlwwVBzmjacUQwj3G+lybcZ1oeNSQkgC0M=", 320 "owner": "nixos", 321 "repo": "nixpkgs", 322 + "rev": "c0b0e0fddf73fd517c3471e546c0df87a42d53f4", 323 "type": "github" 324 }, 325 "original": { ··· 331 }, 332 "nixpkgs_2": { 333 "locked": { 334 + "lastModified": 1761597516, 335 + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", 336 + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", 337 + "revCount": 811874, 338 + "type": "tarball", 339 + "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz" 340 + }, 341 + "original": { 342 + "type": "tarball", 343 + "url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505" 344 + } 345 + }, 346 + "nixpkgs_3": { 347 + "locked": { 348 + "lastModified": 1767047869, 349 + "narHash": "sha256-tzYsEzXEVa7op1LTnrLSiPGrcCY6948iD0EcNLWcmzo=", 350 + "owner": "nixos", 351 + "repo": "nixpkgs", 352 + "rev": "89dbf01df72eb5ebe3b24a86334b12c27d68016a", 353 + "type": "github" 354 + }, 355 + "original": { 356 + "owner": "nixos", 357 + "ref": "nixos-25.11", 358 + "repo": "nixpkgs", 359 + "type": "github" 360 + } 361 + }, 362 + "nixpkgs_4": { 363 + "locked": { 364 + "lastModified": 1764947035, 365 + "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", 366 "owner": "NixOS", 367 "repo": "nixpkgs", 368 + "rev": "a672be65651c80d3f592a89b3945466584a22069", 369 "type": "github" 370 }, 371 "original": { ··· 377 }, 378 "pre-commit-hooks": { 379 "inputs": { 380 + "flake-compat": "flake-compat_2", 381 "gitignore": "gitignore", 382 + "nixpkgs": "nixpkgs_4" 383 }, 384 "locked": { 385 + "lastModified": 1765911976, 386 + "narHash": "sha256-t3T/xm8zstHRLx+pIHxVpQTiySbKqcQbK+r+01XVKc0=", 387 "owner": "cachix", 388 "repo": "git-hooks.nix", 389 + "rev": "b68b780b69702a090c8bb1b973bab13756cc7a27", 390 "type": "github" 391 }, 392 "original": { ··· 397 }, 398 "root": { 399 "inputs": { 400 + "agenix": "agenix", 401 + "determinite": "determinite", 402 + "home-manager": "home-manager_2", 403 + "nixpkgs": "nixpkgs_3", 404 "nixpkgs-unstable": "nixpkgs-unstable", 405 "pre-commit-hooks": "pre-commit-hooks" 406 + } 407 + }, 408 + "systems": { 409 + "locked": { 410 + "lastModified": 1681028828, 411 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 412 + "owner": "nix-systems", 413 + "repo": "default", 414 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 415 + "type": "github" 416 + }, 417 + "original": { 418 + "owner": "nix-systems", 419 + "repo": "default", 420 + "type": "github" 421 } 422 } 423 },

+81 -8

flake.nix

··· 1 { 2 - description = "Home Manager configuration of noah"; 3 4 inputs = { 5 # Specify the source of Home Manager and Nixpkgs. 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 0 0 0 0 8 home-manager = { 9 url = "github:nix-community/home-manager/release-25.11"; 10 inputs.nixpkgs.follows = "nixpkgs"; 11 }; 12 pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 0 13 }; 14 15 - outputs = { self, nixpkgs, nixpkgs-unstable, home-manager, pre-commit-hooks, ... }@inputs: 0 0 0 0 0 0 0 0 0 16 let 17 - system = "aarch64-darwin"; 18 - pkgs = nixpkgs.legacyPackages.${system}; 19 - unstable-pkgs = nixpkgs-unstable.legacyPackages.${system}; 20 - supportedSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 21 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 22 in 23 { 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 24 homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 25 inherit pkgs; 26 ··· 31 # Optionally use extraSpecialArgs 32 # to pass through arguments to home.nix 33 extraSpecialArgs = { 34 - unstable = unstable-pkgs; 35 }; 36 }; 37 checks = forAllSystems (system: { ··· 49 devShells = forAllSystems (system: { 50 default = nixpkgs.legacyPackages.${system}.mkShell { 51 inherit (self.checks.${system}.pre-commit-check) shellHook; 52 - buildInputs = self.checks.${system}.pre-commit-check.enabledPackages; 0 0 0 53 }; 54 }); 0 55 }; 56 }

··· 1 { 2 + description = "Home Manager configuration for noah"; 3 4 inputs = { 5 # Specify the source of Home Manager and Nixpkgs. 6 nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; 7 nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; 8 + determinite = { 9 + url = "https://flakehub.com/f/DeterminateSystems/determinate/3"; 10 + inputs.nixpkgs.follows = "nixpkgs"; 11 + }; 12 home-manager = { 13 url = "github:nix-community/home-manager/release-25.11"; 14 inputs.nixpkgs.follows = "nixpkgs"; 15 }; 16 pre-commit-hooks.url = "github:cachix/git-hooks.nix"; 17 + agenix.url = "github:ryantm/agenix"; 18 }; 19 20 + outputs = 21 + { self 22 + , nixpkgs 23 + , nixpkgs-unstable 24 + , determinite 25 + , home-manager 26 + , pre-commit-hooks 27 + , agenix 28 + , ... 29 + }@inputs: 30 let 31 + system = "x86_64-linux"; 32 + pkgs = import nixpkgs { 33 + inherit system; 34 + }; 35 + unstable = import nixpkgs-unstable { 36 + inherit system; 37 + config.allowUnfreePredicate = 38 + pkg: 39 + builtins.elem (pkgs.lib.getName pkg) [ 40 + "plexmediaserver" 41 + "teamspeak-server" 42 + ]; 43 + overlays = [ 44 + (final: prev: { 45 + # Override the version of Plex installed to be the latest 46 + plexRaw = prev.plexRaw.overrideAttrs rec { 47 + version = "1.43.0.10389-8be686aa6"; 48 + src = final.fetchurl { 49 + url = "https://downloads.plex.tv/plex-media-server-new/${version}/debian/plexmediaserver_${version}_amd64.deb"; 50 + sha256 = "0HjB8Ggekwl5dKwM1Kh51Ic25t3V6veKbuzM7czrpeg="; 51 + }; 52 + }; 53 + ## Override the json object that contains verions and hashes for Immich 54 + #immich = prev.immich.override { sourcesJSON = ./overrides/immich-sources.json; }; 55 + ## Fix errors wit numpy version failing to resolve in the immich ML package 56 + #immich-machine-learning = prev.immich-machine-learning.overrideAttrs 57 + # (finalAttrs: prevAttrs: { 58 + # pythonRelaxDeps = prevAttrs.pythonRelaxDeps ++ [ "numpy" ]; 59 + # }); 60 + }) 61 + ]; 62 + }; 63 + supportedSystems = [ 64 + "x86_64-linux" 65 + "aarch64-linux" 66 + "x86_64-darwin" 67 + "aarch64-darwin" 68 + ]; 69 forAllSystems = nixpkgs.lib.genAttrs supportedSystems; 70 in 71 { 72 + nixosConfigurations.misaki = inputs.nixpkgs.lib.nixosSystem { 73 + system = "x86_64-linux"; 74 + specialArgs = { inherit unstable inputs home-manager; }; 75 + modules = [ 76 + determinite.nixosModules.default 77 + ./configuration.nix 78 + agenix.nixosModules.default 79 + home-manager.nixosModules.home-manager 80 + { 81 + home-manager.useGlobalPkgs = true; 82 + home-manager.useUserPackages = true; 83 + home-manager.users.noah = ./home.nix; 84 + home-manager.extraSpecialArgs = { 85 + inherit unstable; 86 + }; 87 + 88 + # Optionally, use home-manager.extraSpecialArgs to pass 89 + # arguments to home.nix 90 + } 91 + ]; 92 + }; 93 homeConfigurations."noah" = home-manager.lib.homeManagerConfiguration { 94 inherit pkgs; 95 ··· 100 # Optionally use extraSpecialArgs 101 # to pass through arguments to home.nix 102 extraSpecialArgs = { 103 + inherit unstable; 104 }; 105 }; 106 checks = forAllSystems (system: { ··· 118 devShells = forAllSystems (system: { 119 default = nixpkgs.legacyPackages.${system}.mkShell { 120 inherit (self.checks.${system}.pre-commit-check) shellHook; 121 + buildInputs = [ 122 + pkgs.nixfmt-rfc-style 123 + ] 124 + ++ self.checks.${system}.pre-commit-check.enabledPackages; 125 }; 126 }); 127 + formatter.${system} = inputs.nixpkgs.legacyPackages.${system}.nixfmt-rfc-style; 128 }; 129 }

-79

gui.nix

··· 1 - { pkgs, ... }: 2 - let unstable = import <nixos-unstable> { }; 3 - in { 4 - # Enable the X11 windowing system. 5 - services.xserver.enable = true; 6 - 7 - # Configure keymap in X11 8 - # services.xserver.xkb.layout = "us"; 9 - # services.xserver.xkb.options = "eurosign:e,caps:escape"; 10 - 11 - # Enable CUPS to print documents. 12 - # services.printing.enable = true; 13 - 14 - # Enable sound. 15 - security.rtkit.enable = true; 16 - services.pipewire = { 17 - enable = true; 18 - alsa.enable = true; 19 - alsa.support32Bit = true; 20 - pulse.enable = true; 21 - wireplumber.enable = true; 22 - }; 23 - 24 - # Graphics and parallel compute configuration 25 - hardware.opengl.extraPackages = [ 26 - # TODO: figure out why this doesn't work 27 - # Looks like it requires unfree 28 - # rocmPackages.clr.icd 29 - pkgs.amdvlk 30 - pkgs.libva 31 - ]; 32 - 33 - # Enable touchpad support (enabled default in most desktopManager). 34 - # services.xserver.libinput.enable = true; 35 - 36 - # Fonts 37 - fonts.packages = with pkgs; [ 38 - fira-code 39 - fira-code-symbols 40 - noto-fonts 41 - noto-fonts-cjk 42 - noto-fonts-emoji 43 - noto-fonts-extra 44 - (nerdfonts.override { fonts = [ "FiraCode" ]; }) 45 - ]; 46 - 47 - # Polkit is a dependency of Sway. It's responsible for handling security policies 48 - security.polkit.enable = true; 49 - 50 - # Enable the sway window manager 51 - programs.sway = { 52 - enable = true; 53 - package = unstable.sway; 54 - wrapperFeatures.gtk = true; 55 - }; 56 - # Use greetd as the displaymanager 57 - #services.xserver.displayManager.greetd.enable = true; 58 - #services.xserver.displayManager.lightdm.enable = false; 59 - services.xserver.displayManager.sddm.enable = true; 60 - services.xserver.displayManager.defaultSession = "none+i3"; 61 - services.xserver.displayManager.autoLogin = { 62 - enable = true; 63 - user = "noah"; 64 - }; 65 - 66 - # i3, for when I need XOrg 67 - services.xserver.windowManager.i3 = { 68 - enable = true; 69 - extraPackages = with pkgs; [ dmenu i3status i3lock i3blocks ]; 70 - }; 71 - 72 - xdg.portal = { 73 - enable = true; 74 - wlr.enable = true; 75 - extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; 76 - }; 77 - services.dbus.enable = true; 78 - services.gnome.gnome-keyring.enable = true; 79 - }

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

+72

hardware-configuration.nix

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { config, lib, pkgs, modulesPath, ... }: 5 + 6 + { 7 + imports = 8 + [ 9 + (modulesPath + "/installer/scan/not-detected.nix") 10 + ]; 11 + 12 + boot.kernelPackages = pkgs.linuxPackages; 13 + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "dm-raid" "raid1" ]; 14 + boot.initrd.kernelModules = [ "dm-snapshot" "dm-raid" "raid1" ]; 15 + boot.kernelModules = [ "kvm-amd" "zfs" ]; 16 + boot.kernelParams = [ "i915.enable_guc=3" ]; 17 + boot.extraModulePackages = [ ]; 18 + 19 + fileSystems."/" = 20 + { 21 + device = "/dev/disk/by-uuid/1988fa0d-ff4a-44aa-a93e-7f0bf3cea5cf"; 22 + fsType = "ext4"; 23 + }; 24 + 25 + fileSystems."/boot" = 26 + { 27 + device = "/dev/disk/by-uuid/81D4-01CD"; 28 + fsType = "vfat"; 29 + }; 30 + 31 + swapDevices = [ ]; 32 + 33 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 34 + # (the default) this is the recommended approach. When using systemd-networkd it's 35 + # still possible to use this option, but it's recommended to use it in conjunction 36 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 37 + networking.useDHCP = lib.mkDefault true; 38 + # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true; 39 + # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true; 40 + # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true; 41 + 42 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 43 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 44 + 45 + #nixpkgs.config.packageOverrides = pkgs: { 46 + # vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 47 + #}; 48 + hardware.graphics = { 49 + enable = true; 50 + extraPackages = with pkgs; [ 51 + intel-media-driver 52 + #vaapiVdpau 53 + #libvdpau-va-gl # unmaintained, very old 54 + intel-compute-runtime 55 + vpl-gpu-rt 56 + ]; 57 + #extraPackages32 = with pkgs; [ 58 + # intel-media-driver 59 + # vaapiVdpau 60 + # #libvdpau-va-gl 61 + # intel-compute-runtime 62 + # vpl-gpu-rt 63 + #]; 64 + }; 65 + environment.variables = { 66 + VDPAU_DRIVER = "va_gl"; 67 + LIBVA_DRIVER_NAME = "iHD"; 68 + LIBVA_DRIVERS_PATH = "/run/opengl-driver/lib/dri"; 69 + GST_VAAPI_ALL_DRIVERS = "1"; 70 + }; 71 + #services.xserver.videoDrivers = [ "intel" ]; 72 + }

+112 -98

home.nix

··· 1 - { pkgs, ... }: 2 - let 3 - unstable = import <nixos-unstable> { }; 4 - in 5 { 6 home.packages = with pkgs; [ 7 # main tool 8 direnv 0 9 tree 10 btop 11 htop 0 0 0 0 0 12 rsync 13 unzip 14 fd 15 ripgrep 16 - catgirl 17 netcat 18 stunnel 19 fzf 20 iperf3 21 entr 22 - lf 23 - #devenv # broken 24 - plan9port 25 - pwgen 26 - metastore 0 0 0 0 27 isync 28 - pass 29 - tmux 30 - age 0 0 31 32 # Dev tools 0 33 gcc 34 go 35 - unstable.gopls 36 gnumake 37 - babashka 38 - # Babashka common aliases 39 - neil 40 ccls 41 - clojure 42 - unstable.clj-kondo 43 - unstable.clojure-lsp 44 - unstable.janet 45 - unstable.jpm 46 - graalvmPackages.graalvm-ce 47 - cmake 48 - universal-ctags 49 - kotlin 50 - nodejs 51 - node2nix 52 - opam 53 rustup 54 - zig 55 - scala_3 56 - scalafmt 57 - # scala LSP 58 - unstable.metals 59 - # Scala / Java build tool 60 - sbt 61 luarocks 62 luajit 63 lua-language-server 64 - leiningen 65 libressl 66 - erlang 67 - elixir 68 - ghc 69 nil 70 python3 71 - typescript 72 - #vscode-langservers-extracted 73 - scdoc 74 - #dockerfile-language-server-nodejs 75 - #yaml-language-server 76 - mkcert 77 - natscli 78 - poetry 79 - sqlite 80 - pandoc 81 - unstable.harec 82 - unstable.hare 83 - unstable.haredo 84 - unstable.haredoc 85 - unstable.gleam 86 - unstable.rebar3 87 - unstable.bun 88 - unstable.gh 89 - unstable.zed-editor 90 - unstable.kraft 91 92 - # Python dev tools 93 - pyright 94 - python313Packages.python-lsp-server 95 - python313Packages.python-lsp-ruff 96 97 - # Certificate Management 98 - minica 99 - mkcert 100 - step-cli 101 ]; 102 103 - nix = { 104 - settings.experimental-features = [ "nix-command" "flakes" ]; 105 - }; 106 107 - programs.fish = { 108 - enable = true; 109 - #package = unstable.fish; 110 - }; 111 programs.neovim = { 112 #package = unstable.neovim-unwrapped; 113 enable = true; 114 defaultEditor = true; 0 0 0 0 0 0 115 withNodeJs = true; 116 withPython3 = true; 117 - extraPackages = with pkgs; [ unstable.fzf unstable.ripgrep luarocks unstable.tree-sitter ]; 118 - }; 119 - programs.helix.enable = true; 120 - programs.jujutsu = { 121 - enable = true; 122 }; 123 programs.git = { 124 enable = true; 0 125 userName = "Noah Pederson"; 126 userEmail = "noah@packetlost.dev"; 127 extraConfig = { 128 sendemail = { 129 smtpserver = "smtp.migadu.com"; 130 smtpuser = "noah@packetlost.dev"; 131 - smptencryption = "tls"; 132 - smtpserverport = 587; 133 }; 134 init = { 135 defaultBranch = "master"; ··· 140 credential = { 141 helper = "cache"; 142 }; 143 - rerere.enable = true; 144 }; 145 ignores = [ 146 ".direnv/" ··· 151 ".clj-kondo/" 152 ]; 153 }; 0 0 0 0 0 0 0 154 programs.aerc = { 155 enable = true; 156 - package = unstable.aerc; 157 }; 0 158 programs.ssh = { 159 enable = true; 160 - addKeysToAgent = "yes"; 161 }; 162 - 163 services.ssh-agent.enable = true; 164 - services.mako.enable = false; 165 166 - programs.ssh.extraConfig = builtins.readFile ./ssh/extra; 167 - services.gpg-agent = { 168 enable = true; 169 - defaultCacheTtl = 1800; 170 }; 171 172 - programs.direnv = { 173 enable = true; 174 - nix-direnv.enable = true; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 175 }; 176 177 # Independent config files. ··· 180 recursive = true; 181 }; 182 183 - xdg.configFile.vis = { 184 - source = ./vis; 185 recursive = true; 186 }; 187 188 - xdg.configFile.fish = { 189 - source = ./fish; 190 recursive = true; 191 }; 192 ··· 195 recursive = true; 196 }; 197 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 198 home.file.".local/bin" = { 199 source = ./scripts; 200 recursive = true; 201 }; 202 - 203 - manual.manpages.enable = true; 204 205 home.stateVersion = "23.11"; 206

··· 1 + { pkgs, lib, unstable, ... }: 0 0 0 2 { 3 home.packages = with pkgs; [ 4 # main tool 5 direnv 6 + fish 7 tree 8 btop 9 htop 10 + amdgpu_top 11 + tmux 12 + mtr 13 + pavucontrol 14 + moreutils 15 rsync 16 unzip 17 fd 18 ripgrep 0 19 netcat 20 stunnel 21 fzf 22 iperf3 23 entr 24 + step-cli 25 + natscli 26 + nkeys 27 + mkcert 28 + jq 29 + bat 30 + sqlite 31 + age 32 + just 33 isync 34 + unstable.catgirl 35 + unstable.zellij 36 + unstable.yt-dlp 37 + unstable.deno 38 + unstable.ffmpeg 39 40 # Dev tools 41 + git 42 gcc 43 go 0 44 gnumake 45 + #babashka 0 0 46 ccls 47 + #clojure 48 + #cmake 49 + ctags 50 + #kotlin 51 + #nodejs 52 + #node2nix 53 + #opam 0 0 0 0 0 54 rustup 55 + #zig 0 0 0 0 0 0 56 luarocks 57 luajit 58 lua-language-server 59 + #leiningen 60 libressl 61 + #erlang 62 + #elixir 63 + #ghc 64 nil 65 python3 66 + uv 67 + #unstable.harec 68 + #unstable.hare 69 + #unstable.haredo 70 + #unstable.gleam 71 + #unstable.rebar3 72 + #unstable.flyctl 73 + #unstable.bun 74 + #unstable.gh 75 + #unstable.kraft 76 + #unstable.doctl 0 0 0 0 0 0 0 0 0 77 78 + clinfo 0 0 0 79 80 + # Server-specific tools 81 + gocryptfs 82 + sftpgo 0 83 ]; 84 0 0 0 85 86 + programs.fish.enable = true; 0 0 0 87 programs.neovim = { 88 #package = unstable.neovim-unwrapped; 89 enable = true; 90 defaultEditor = true; 91 + extraPackages = with pkgs; [ 92 + fzf 93 + ripgrep 94 + luarocks 95 + unstable.tree-sitter 96 + ]; 97 withNodeJs = true; 98 withPython3 = true; 0 0 0 0 0 99 }; 100 programs.git = { 101 enable = true; 102 + lfs.enable = true; 103 userName = "Noah Pederson"; 104 userEmail = "noah@packetlost.dev"; 105 extraConfig = { 106 sendemail = { 107 smtpserver = "smtp.migadu.com"; 108 smtpuser = "noah@packetlost.dev"; 109 + smtpencryption = "ssl"; 110 + smtpserverport = 465; 111 }; 112 init = { 113 defaultBranch = "master"; ··· 118 credential = { 119 helper = "cache"; 120 }; 0 121 }; 122 ignores = [ 123 ".direnv/" ··· 128 ".clj-kondo/" 129 ]; 130 }; 131 + 132 + services.mbsync = { 133 + enable = true; 134 + frequency = "*:0/10"; 135 + #configFile = ./mbsyncrc; 136 + }; 137 + 138 programs.aerc = { 139 enable = true; 140 + #package = unstable.aerc; 141 }; 142 + 143 programs.ssh = { 144 enable = true; 145 + extraConfig = builtins.readFile ./ssh/extra; 146 }; 0 147 services.ssh-agent.enable = true; 0 148 149 + programs.direnv = { 0 150 enable = true; 151 + nix-direnv.enable = true; 152 }; 153 154 + programs.yazi = { 155 enable = true; 156 + package = unstable.yazi; 157 + enableFishIntegration = true; 158 + settings = { 159 + preview = { 160 + image_quality = 90; 161 + }; 162 + tasks = { 163 + image_bound = [ 0 0 ]; 164 + }; 165 + }; 166 + plugins = { 167 + rsync = unstable.yaziPlugins.rsync; 168 + piper = unstable.yaziPlugins.piper; 169 + nord = unstable.yaziPlugins.nord; 170 + mediainfo = unstable.yaziPlugins.mediainfo; 171 + glow = unstable.yaziPlugins.glow; 172 + git = unstable.yaziPlugins.git; 173 + diff = unstable.yaziPlugins.diff; 174 + duckdb = unstable.yaziPlugins.duckdb; 175 + }; 176 }; 177 178 # Independent config files. ··· 181 recursive = true; 182 }; 183 184 + xdg.configFile.fish = { 185 + source = ./fish; 186 recursive = true; 187 }; 188 189 + xdg.configFile.kitty = { 190 + source = ./kitty; 191 recursive = true; 192 }; 193 ··· 196 recursive = true; 197 }; 198 199 + xdg.configFile.sway = { 200 + source = ./sway; 201 + recursive = true; 202 + }; 203 + 204 + xdg.configFile.i3status = { 205 + source = ./i3status; 206 + recursive = true; 207 + }; 208 + 209 + xdg.configFile.vis = { 210 + source = ./vis; 211 + recursive = true; 212 + }; 213 + 214 home.file.".local/bin" = { 215 source = ./scripts; 216 recursive = true; 217 }; 0 0 218 219 home.stateVersion = "23.11"; 220

-196

i3/config

··· 1 - # This file has been auto-generated by i3-config-wizard(1). 2 - # It will not be overwritten, so edit it as you like. 3 - # 4 - # Should you change your keyboard layout some time, delete 5 - # this file and re-run i3-config-wizard(1). 6 - # 7 - 8 - # i3 config file (v4) 9 - # 10 - # Please see https://i3wm.org/docs/userguide.html for a complete reference! 11 - 12 - set $mod Mod4 13 - 14 - # Font for window titles. Will also be used by the bar unless a different font 15 - # is used in the bar {} block below. 16 - font pango:monospace 8 17 - 18 - # This font is widely installed, provides lots of unicode glyphs, right-to-left 19 - # text rendering and scalability on retina/hidpi displays (thanks to pango). 20 - #font pango:DejaVu Sans Mono 8 21 - 22 - # Start XDG autostart .desktop files using dex. See also 23 - # https://wiki.archlinux.org/index.php/XDG_Autostart 24 - exec --no-startup-id dex --autostart --environment i3 25 - 26 - # The combination of xss-lock, nm-applet and pactl is a popular choice, so 27 - # they are included here as an example. Modify as you see fit. 28 - 29 - # xss-lock grabs a logind suspend inhibit lock and will use i3lock to lock the 30 - # screen before suspend. Use loginctl lock-session to lock your screen. 31 - exec --no-startup-id xss-lock --transfer-sleep-lock -- i3lock --nofork 32 - 33 - # NetworkManager is the most popular way to manage wireless networks on Linux, 34 - # and nm-applet is a desktop environment-independent system tray GUI for it. 35 - exec --no-startup-id nm-applet 36 - 37 - # Use pactl to adjust volume in PulseAudio. 38 - set $refresh_i3status killall -SIGUSR1 i3status 39 - bindsym XF86AudioRaiseVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +10% && $refresh_i3status 40 - bindsym XF86AudioLowerVolume exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ -10% && $refresh_i3status 41 - bindsym XF86AudioMute exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle && $refresh_i3status 42 - bindsym XF86AudioMicMute exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle && $refresh_i3status 43 - 44 - # Use Mouse+$mod to drag floating windows to their wanted position 45 - floating_modifier $mod 46 - 47 - # move tiling windows via drag & drop by left-clicking into the title bar, 48 - # or left-clicking anywhere into the window while holding the floating modifier. 49 - tiling_drag modifier titlebar 50 - 51 - # start a terminal 52 - bindsym $mod+Return exec kitty 53 - 54 - # kill focused window 55 - bindsym $mod+Shift+q kill 56 - 57 - # start dmenu (a program launcher) 58 - bindsym $mod+d exec --no-startup-id dmenu_run 59 - # A more modern dmenu replacement is rofi: 60 - # bindcode $mod+40 exec "rofi -modi drun,run -show drun" 61 - # There also is i3-dmenu-desktop which only displays applications shipping a 62 - # .desktop file. It is a wrapper around dmenu, so you need that installed. 63 - # bindcode $mod+40 exec --no-startup-id i3-dmenu-desktop 64 - 65 - # change focus 66 - bindsym $mod+h focus left 67 - bindsym $mod+j focus down 68 - bindsym $mod+k focus up 69 - bindsym $mod+l focus right 70 - 71 - 72 - # alternatively, you can use the cursor keys: 73 - bindsym $mod+Left focus left 74 - bindsym $mod+Down focus down 75 - bindsym $mod+Up focus up 76 - bindsym $mod+Right focus right 77 - 78 - # move focused window 79 - bindsym $mod+Shift+h move left 80 - bindsym $mod+Shift+j move down 81 - bindsym $mod+Shift+k move up 82 - bindsym $mod+Shift+l move right 83 - 84 - # alternatively, you can use the cursor keys: 85 - bindsym $mod+Shift+Left move left 86 - bindsym $mod+Shift+Down move down 87 - bindsym $mod+Shift+Up move up 88 - bindsym $mod+Shift+Right move right 89 - 90 - # split in horizontal orientation 91 - bindsym $mod+g split h 92 - 93 - # split in vertical orientation 94 - bindsym $mod+v split v 95 - 96 - # enter fullscreen mode for the focused container 97 - bindsym $mod+f fullscreen toggle 98 - 99 - # change container layout (stacked, tabbed, toggle split) 100 - bindsym $mod+s layout stacking 101 - bindsym $mod+w layout tabbed 102 - bindsym $mod+e layout toggle split 103 - 104 - # toggle tiling / floating 105 - bindsym $mod+Shift+space floating toggle 106 - 107 - # change focus between tiling / floating windows 108 - bindsym $mod+space focus mode_toggle 109 - 110 - # focus the parent container 111 - bindsym $mod+a focus parent 112 - 113 - # focus the child container 114 - #bindsym $mod+d focus child 115 - 116 - # Define names for default workspaces for which we configure key bindings later on. 117 - # We use variables to avoid repeating the names in multiple places. 118 - set $ws1 "1" 119 - set $ws2 "2" 120 - set $ws3 "3" 121 - set $ws4 "4" 122 - set $ws5 "5" 123 - set $ws6 "6" 124 - set $ws7 "7" 125 - set $ws8 "8" 126 - set $ws9 "9" 127 - set $ws10 "10" 128 - 129 - # switch to workspace 130 - bindsym $mod+1 workspace number $ws1 131 - bindsym $mod+2 workspace number $ws2 132 - bindsym $mod+3 workspace number $ws3 133 - bindsym $mod+4 workspace number $ws4 134 - bindsym $mod+5 workspace number $ws5 135 - bindsym $mod+6 workspace number $ws6 136 - bindsym $mod+7 workspace number $ws7 137 - bindsym $mod+8 workspace number $ws8 138 - bindsym $mod+9 workspace number $ws9 139 - bindsym $mod+0 workspace number $ws10 140 - # Tab navigation 141 - bindsym $mod+Tab workspace next 142 - bindsym $mod+Shift+Tab workspace prev 143 - 144 - # move focused container to workspace 145 - bindsym $mod+Shift+1 move container to workspace number $ws1 146 - bindsym $mod+Shift+2 move container to workspace number $ws2 147 - bindsym $mod+Shift+3 move container to workspace number $ws3 148 - bindsym $mod+Shift+4 move container to workspace number $ws4 149 - bindsym $mod+Shift+5 move container to workspace number $ws5 150 - bindsym $mod+Shift+6 move container to workspace number $ws6 151 - bindsym $mod+Shift+7 move container to workspace number $ws7 152 - bindsym $mod+Shift+8 move container to workspace number $ws8 153 - bindsym $mod+Shift+9 move container to workspace number $ws9 154 - bindsym $mod+Shift+0 move container to workspace number $ws10 155 - 156 - # reload the configuration file 157 - bindsym $mod+Shift+c reload 158 - # restart i3 inplace (preserves your layout/session, can be used to upgrade i3) 159 - bindsym $mod+Shift+r restart 160 - # exit i3 (logs you out of your X session) 161 - bindsym $mod+Shift+e exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'" 162 - 163 - # resize window (you can also use the mouse for that) 164 - mode "resize" { 165 - # These bindings trigger as soon as you enter the resize mode 166 - 167 - # Pressing left will shrink the window’s width. 168 - # Pressing right will grow the window’s width. 169 - # Pressing up will shrink the window’s height. 170 - # Pressing down will grow the window’s height. 171 - bindsym h resize shrink width 10 px or 10 ppt 172 - bindsym j resize grow height 10 px or 10 ppt 173 - bindsym k resize shrink height 10 px or 10 ppt 174 - bindsym l resize grow width 10 px or 10 ppt 175 - 176 - # same bindings, but for the arrow keys 177 - bindsym Left resize shrink width 10 px or 10 ppt 178 - bindsym Down resize grow height 10 px or 10 ppt 179 - bindsym Up resize shrink height 10 px or 10 ppt 180 - bindsym Right resize grow width 10 px or 10 ppt 181 - 182 - # back to normal: Enter or Escape or $mod+r 183 - bindsym Return mode "default" 184 - bindsym Escape mode "default" 185 - bindsym $mod+r mode "default" 186 - } 187 - 188 - bindsym $mod+r mode "resize" 189 - 190 - # Start i3bar to display a workspace bar (plus the system information i3status 191 - # finds out, if available) 192 - bar { 193 - status_command i3status 194 - } 195 - 196 - exec barrier

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

+95 -6

networking.nix

··· 1 - { ... }: { 2 - #networking.hostName = "touma-wsl-nixos"; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 3 4 - #systemd.network.enable = true; 5 - #networking.useNetworkd = true; 6 - #services.resolved.enable = false; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 7 8 services.avahi = { 9 enable = true; ··· 15 enable = true; 16 addresses = true; 17 workstation = true; 0 18 domain = true; 19 - hinfo = true; 20 }; 21 }; 0 22 }

··· 1 + { config, ... }: 2 + { 3 + # networking.hostName = "nixos"; # Define your hostname. 4 + # Pick only one of the below networking options. 5 + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 6 + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 7 + networking.hostName = "misaki"; 8 + # I like systemd-networkd 9 + systemd.network.enable = true; 10 + systemd.network.networks."50-wlp2s0" = { 11 + matchConfig.name = "wlp2s0"; 12 + networkConfig.DHCP = "yes"; 13 + linkConfig.RequiredForOnline = "no"; 14 + }; 15 + 16 + networking.tempAddresses = "disabled"; 17 + 18 + networking.interfaces = { 19 + enp4s0f1 = { 20 + ipv4.addresses = [{ 21 + address = "192.168.1.3"; 22 + prefixLength = 24; 23 + }]; 24 + }; 25 + }; 26 + networking.defaultGateway = { 27 + address = "192.168.1.1"; 28 + interface = "enp4s0f1"; 29 + }; 30 + 31 + networking.defaultGateway6 = { 32 + address = "fe80::2870:4eff:fe84:d884"; 33 + interface = "enp4s0f1"; 34 + }; 35 + 36 + networking.nameservers = [ 37 + "192.168.1.3" 38 + "45.90.28.93" 39 + "45.90.30.93" 40 + ]; 41 + 42 + # This is necessary for ZFS 43 + networking.hostId = "5beebabe"; 44 45 + networking.useNetworkd = true; 46 + # TODO: static IP @ 192.168.1.2 47 + 48 + # Configure network proxy if necessary 49 + # networking.proxy.default = "http://user:password@proxy:port/"; 50 + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 51 + # Open ports in the firewall. 52 + # networking.firewall.allowedTCPPorts = [ ... ]; 53 + # networking.firewall.allowedUDPPorts = [ ... ]; 54 + # Or disable the firewall altogether. 55 + # TODO: allow some ports 56 + networking.firewall = { 57 + enable = true; 58 + allowPing = true; 59 + trustedInterfaces = [ 60 + "tailscale0" 61 + ]; 62 + allowedUDPPorts = [ 63 + # DNS 64 + 53 65 + config.services.tailscale.port 66 + ]; 67 + allowedTCPPorts = [ 68 + # DNS over TCP 69 + 53 70 + # NFSv4 71 + 2049 72 + # HTTP(s) 73 + 443 74 + 80 75 + # iperf3 76 + 5201 77 + 5301 78 + 5401 79 + # NATS 80 + 4222 81 + # Prometheus 82 + 9001 83 + # Minio 84 + 9003 85 + # Minio web 86 + 9004 87 + # AFP via Netatalk 88 + 548 89 + #9p 90 + 564 91 + # Misc development 92 + 3000 93 + ]; 94 + }; 95 96 services.avahi = { 97 enable = true; ··· 103 enable = true; 104 addresses = true; 105 workstation = true; 106 + userServices = true; 107 domain = true; 0 108 }; 109 }; 110 + 111 }

-2

nvim/after/ftplugin/janet.lua

··· 1 - vim.o.tabstop = 2 2 - vim.o.shiftwidth = 2

··· 0 0

+1 -1

nvim/lua/lsp/janet_lsp.lua

··· 2 cmd = { 3 "janet", 4 "-i", 5 - "/Users/noah/repos/janet-lsp/build/janet-lsp.jimage", 6 "--stdio", 7 } 8 }

··· 2 cmd = { 3 "janet", 4 "-i", 5 + "/home/noah/repos/janet-lsp/jpm_tree/lib/janet-lsp.jimage", 6 "--stdio", 7 } 8 }

+3 -3

nvim/lua/lsp.lua

··· 44 end, opts) 45 vim.keymap.set("n", "<space>D", vim.lsp.buf.type_definition, opts) 46 vim.keymap.set("n", "<space>rn", vim.lsp.buf.rename, opts) 47 - vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts) 48 vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) 49 vim.keymap.set("n", "<space>e", vim.diagnostic.open_float, opts) 50 - vim.keymap.set("n", "[d", function () vim.diagnostic.jump {count = -1, float = true} end, opts) 51 - vim.keymap.set("n", "]d", function () vim.diagnostic.jump {count = 1, float = true} end, opts) 52 vim.keymap.set("n", "<space>q", vim.diagnostic.setloclist, opts) 53 vim.keymap.set("n", "<space>f", 54 function() vim.lsp.buf.format { async = true } end, opts)

··· 44 end, opts) 45 vim.keymap.set("n", "<space>D", vim.lsp.buf.type_definition, opts) 46 vim.keymap.set("n", "<space>rn", vim.lsp.buf.rename, opts) 47 + vim.keymap.set("n", "<space>ca", vim.lsp.buf.code_action, opts) 48 vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) 49 vim.keymap.set("n", "<space>e", vim.diagnostic.open_float, opts) 50 + vim.keymap.set("n", "[d", vim.diagnostic.goto_prev, opts) 51 + vim.keymap.set("n", "]d", vim.diagnostic.goto_next, opts) 52 vim.keymap.set("n", "<space>q", vim.diagnostic.setloclist, opts) 53 vim.keymap.set("n", "<space>f", 54 function() vim.lsp.buf.format { async = true } end, opts)

+22 -4

nvim/lua/plugins.lua

··· 121 }, 122 }, -- Git stuff 123 -- GitGutter, shows inline difs 124 - --"airblade/vim-gitgutter", 125 { 126 "NeogitOrg/neogit", 127 dependencies = { ··· 277 { "rktjmp/hotpot.nvim", lazy = true, ft = "fennel", config = true }, 278 { "Olical/nfnl", lazy = true, ft = "fennel", config = true }, -- Rust stuff 279 { 280 - "mrcjkb/rustaceanvim", 281 - lazy = false, 282 - version = "^6" 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 283 }, 284 { "mfussenegger/nvim-dap", lazy = true, ft = { "c", "rust" } }, 285 {

··· 121 }, 122 }, -- Git stuff 123 -- GitGutter, shows inline difs 124 + "airblade/vim-gitgutter", 125 { 126 "NeogitOrg/neogit", 127 dependencies = { ··· 277 { "rktjmp/hotpot.nvim", lazy = true, ft = "fennel", config = true }, 278 { "Olical/nfnl", lazy = true, ft = "fennel", config = true }, -- Rust stuff 279 { 280 + "simrat39/rust-tools.nvim", 281 + lazy = true, 282 + ft = { "rust" }, 283 + config = function() 284 + local rt = require("rust-tools") 285 + rt.setup({ 286 + server = { 287 + on_attach = function(_, bufnr) 288 + -- Hover actions 289 + vim.keymap.set("n", "<C-space>", 290 + rt.hover_actions.hover_actions, 291 + { buffer = bufnr }) 292 + -- Code action groups 293 + vim.keymap.set("n", "<Leader>a", 294 + rt.code_action_group.code_action_group, 295 + { buffer = bufnr }) 296 + end 297 + } 298 + }) 299 + end, 300 + dependencies = { "nvim-lua/plenary.nvim" } 301 }, 302 { "mfussenegger/nvim-dap", lazy = true, ft = { "c", "rust" } }, 303 {

+26

overrides/immich-sources.json

··· 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

··· 1 + { 2 + "version": "1.138.1", 3 + "hash": "sha256-oaZN0kF82mS25bDSTXRjYnWG9RAMSbCUhXn9t0am96U=", 4 + "components": { 5 + "cli": { 6 + "npmDepsHash": "sha256-6k83QOdKh+FlVnYvA9j60115oohUMDc2YvGaj/GMukE=", 7 + "version": "2.2.79" 8 + }, 9 + "server": { 10 + "npmDepsHash": "sha256-4sqWIIGQ8ZW7TvJoNjNNliriuV6Su0askAN6pAq9VFc=", 11 + "version": "1.138.1" 12 + }, 13 + "web": { 14 + "npmDepsHash": "sha256-+W8cDgy3qe6RDen8SEdHPNADkKb4zZH8C/Am/bdU42c=", 15 + "version": "1.138.1" 16 + }, 17 + "open-api/typescript-sdk": { 18 + "npmDepsHash": "sha256-GfmFPsnFu7l4EsnPDv4nj5KLkOz8nEJvMT1BE7zIQ3k=", 19 + "version": "1.138.1" 20 + }, 21 + "geonames": { 22 + "timestamp": "20250818205425", 23 + "hash": "sha256-ceYdHKPxVzmqVIcA5odqPAnjeB0sR7GW2k/Csp0nepY=" 24 + } 25 + } 26 + }

+96 -13

packages.nix

··· 1 - { pkgs, lib, ... }: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 { 0 3 # List packages installed in system profile. To search, run: 4 # $ nix search wget 5 environment.systemPackages = with pkgs; [ ··· 12 fzf 13 qemu 14 OVMF 15 - gitFull 16 - # plan9 17 diod 18 plan9port 19 vis 20 rc 0 0 21 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 22 xdg-utils 0 0 0 0 23 ]; 24 25 # Fix dynamically linked libraries for unpackaged binaries 26 programs.nix-ld = { 27 enable = true; 28 - libraries = with pkgs; 29 - [ 30 - # Add missing dynamic libraries for unpackaged programs HERE 31 - # NOT in environment.systemPackages 32 - zlib 33 - fuse3 34 - ]; 35 }; 36 0 0 0 37 # Logseq uses an ancient version of Electron, so we enable that 38 - #nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 39 40 # Whitelist some unfree packages 41 - nixpkgs.config.allowUnfreePredicate = pkg: 42 - builtins.elem (lib.getName pkg) [ ]; 0 0 0 0 0 0 0 0 43 }

··· 1 + { pkgs, lib, inputs, ... }: 2 + let # bash script to let dbus know about important env variables and 3 + # propagate them to relevent services run at the end of sway config 4 + # see 5 + # https://github.com/emersion/xdg-desktop-portal-wlr/wiki/"It-doesn't-work"-Troubleshooting-Checklist 6 + # note: this is pretty much the same as /etc/sway/config.d/nixos.conf but also restarts 7 + # some user services to make sure they have the correct environment variables 8 + dbus-sway-environment = pkgs.writeTextFile { 9 + name = "dbus-sway-environment"; 10 + destination = "/bin/dbus-sway-environment"; 11 + executable = true; 12 + 13 + text = '' 14 + dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway 15 + systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 16 + systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr 17 + ''; 18 + }; 19 + 20 + # currently, there is some friction between sway and gtk: 21 + # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland 22 + # the suggested way to set gtk settings is with gsettings 23 + # for gsettings to work, we need to tell it where the schemas are 24 + # using the XDG_DATA_DIR environment variable 25 + # run at the end of sway config 26 + configure-gtk = pkgs.writeTextFile { 27 + name = "configure-gtk"; 28 + destination = "/bin/configure-gtk"; 29 + executable = true; 30 + text = 31 + let 32 + # TODO: figure out why these bindings exist or where they're used 33 + schema = pkgs.gsettings-desktop-schemas; 34 + datadir = "${schema}/share/gsettings-schemas/${schema.name}"; 35 + in 36 + '' 37 + 6 gnome_schema=org.gnome.desktop.interface 38 + gsettings set $gnome_schema gtk-theme 'Dracula' 39 + ''; 40 + }; 41 + in 42 { 43 + 44 # List packages installed in system profile. To search, run: 45 # $ nix search wget 46 environment.systemPackages = with pkgs; [ ··· 53 fzf 54 qemu 55 OVMF 56 + metastore 57 + # 9p 58 diod 59 plan9port 60 vis 61 rc 62 + ncdu 63 + inputs.agenix.packages."${system}".agenix 64 65 + # ZFS / filesystem stuff 66 + zfs 67 + 68 + # GPU stuff 69 + intel-gpu-tools 70 + #(ffmpeg-full.override { 71 + # withUnfree = true; 72 + # withMfx = false; 73 + # withSmallBuild = false; 74 + # withTensorflow = false; 75 + #}) 76 + libva 77 + libva-utils 78 + nvtopPackages.intel 79 + 80 + # Sway stuff 81 + wdisplays 82 + mako 83 + bemenu 84 + wl-clipboard 85 + slurp 86 + grim 87 + swayidle 88 + swaylock 89 + adwaita-icon-theme 90 + dracula-theme 91 + glib 92 xdg-utils 93 + wayland 94 + configure-gtk 95 + dbus-sway-environment 96 + dbus 97 ]; 98 99 # Fix dynamically linked libraries for unpackaged binaries 100 programs.nix-ld = { 101 enable = true; 102 + libraries = with pkgs; [ 103 + # Add missing dynamic libraries for unpackaged programs HERE 104 + # NOT in environment.systemPackages 105 + zlib 106 + ]; 0 0 107 }; 108 109 + programs.fuse.userAllowOther = true; 110 + 111 + 112 # Logseq uses an ancient version of Electron, so we enable that 113 + nixpkgs.config.permittedInsecurePackages = [ "electron-25.9.0" ]; 114 115 # Whitelist some unfree packages 116 + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ 117 + "discord" 118 + "spotify" 119 + "obsidian" 120 + "tailscale" 121 + "plexmediaserver" 122 + "sftpgo" 123 + "teamspeak-server" 124 + "ffmpeg-full" 125 + ]; 126 }

+3

scripts/fix-jpeg-raw-duplicates-immich.rcsh

··· 0 0 0

··· 1 + #!/usr/bin/env rc 2 + 3 + nix run 'github:nixos/nixpkgs?ref=nixos-unstable-small#immich-go' -- stack -k `{pa show immich-api} -s 'https://photos.ngp.computer' --manage-raw-jpeg StackCoverJPG

+3 -3

scripts/nr

··· 1 #!/usr/bin/env rc 2 3 - flag e + 4 5 if(~ $1 -x) { 6 - flag x + 7 shift 8 } 9 10 pkg=$1 11 shift 12 13 - exec nix run 'nixpkgs#'^$pkg -- $*

··· 1 #!/usr/bin/env rc 2 3 + flag x + 4 5 if(~ $1 -x) { 6 + flake e + 7 shift 8 } 9 10 pkg=$1 11 shift 12 13 + exec nix run --impure 'nixpkgs#'^$pkg -- $*

+8

scripts/oclip

··· 0 0 0 0 0 0 0 0

··· 1 + #!/usr/bin/env rc 2 + flag e + 3 + 4 + if (~ $1 -x) { 5 + flag x + 6 + } 7 + data=`{base64 <[0=0]} 8 + printf '\033]52;c;%s\007' $"data

-3

scripts/ocopy

··· 1 - #!/usr/bin/env sh 2 - 3 - printf "\033]52;c;%s\007" "$(base64 <&0)"

··· 0 0 0

+1

secrets/cache-pub-key.pem

··· 0

··· 1 + misaki.packetlost.dev:y5Z/utaVBozpL0UAbUQDWLjpm2sVMOoKzyG76n/167A=

+7

secrets/nix-serve-secret-key.age

··· 0 0 0 0 0 0 0

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g l39Xz9AifFdYzu1lY0X6+lRSf9YCSwVvKpkY2yIltDY 3 + vnYucN1xNAb+KmrT5zJQlq8cz8GV+ZL915g0fZeIai4 4 + -> ssh-ed25519 QBbeMw cXXePretHJG85V9IXnwmEII5eGS//QsGdYpZvWzPvHo 5 + e/B9cP88ehm+R4hOhlrzuqIdg5BMGUD19U9ieD/H2Z8 6 + --- YlswbYIQdog/Qep02v7L35jN2cZZ1IVCK1jOYAvF7hc 7 + �A�[�(���W
�聠�{����+��)�Y�f���b�8cn��%�ۀBx�)���z 5�|��Կ]���2| �"���
j7A�t^��z �G�� �K$B��!Xu}@"�R�Y�Ym���NY}JP�O|��

+6

secrets/porkbun-api-key.age

··· 0 0 0 0 0 0

··· 1 + age-encryption.org/v1 2 + -> ssh-ed25519 e6zq8g CdLTZ6uXiJB+xaD+I5NVHD5OxLSH+yAz99j04GiKukU 3 + kQTUR4yK23wHV9QGMlmTmIlMh63nP49g1NrS+sJKfBY 4 + --- H6/xHryPPKmAWW/bDXUN4YBXMKrsFpUAveKxWsT0SH0 5 + �E����,�ήS��P)A.������9O\�����2n��U�!���X�a���l�Z�4*(G�[��>�Zl� 6 + :QՅ���������o����$=��& ڍ�w�t^�<<E�0p�8��:����G�̉����J#�QR�����p�򘐞�kA,�=!��5�KK��0o��nQ��)�\\�ĘN�����wQ�҉

+9

secrets/secrets.nix

··· 0 0 0 0 0 0 0 0 0

··· 1 + let 2 + noah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDQFlX3hhXxsqAUYLvF+IX1YWQ+k22OHlqMOjgyNBe9e noah@misaki"; 3 + misaki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO+Rcf4Lr+JPWGKQol6eAml6SMgERkGJWgN7y1qYUUvX root@nixos"; 4 + #users = [noah]; 5 + in 6 + { 7 + "porkbun-api-key.age".publicKeys = [ noah misaki ]; 8 + "nix-serve-secret-key.age".publicKeys = [ misaki noah ]; 9 + }

+566 -3

services.nix

··· 1 - { ... }: { 0 0 0 0 0 0 0 0 0 0 2 # Some programs need SUID wrappers, can be configured further or are 3 # started in user sessions. 4 - programs.mtr.enable = true; 0 0 0 0 5 6 # Fish shell, the best 7 programs.fish.enable = true; 8 0 0 0 9 # List services that you want to enable: 10 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 11 # Containers and VMs 12 virtualisation = { 13 podman = { 14 - enable = false; 15 dockerCompat = true; 16 defaultNetwork.settings.dns_enabled = true; 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 17 }; 18 }; 19 }

··· 1 + { config 2 + , pkgs 3 + , unstable 4 + , ... 5 + }: 6 + { 7 + 8 + services.zfs = { 9 + autoScrub.enable = true; 10 + }; 11 + services.nfs.server.enable = true; 12 # Some programs need SUID wrappers, can be configured further or are 13 # started in user sessions. 14 + # programs.mtr.enable = true; 15 + programs.gnupg.agent = { 16 + enable = true; 17 + enableSSHSupport = false; 18 + }; 19 20 # Fish shell, the best 21 programs.fish.enable = true; 22 23 + # MOSH, SSH over flakey connections 24 + programs.mosh.enable = true; 25 + 26 # List services that you want to enable: 27 28 + # Enable the OpenSSH daemon. 29 + services.openssh = { 30 + enable = true; 31 + openFirewall = true; 32 + settings.PasswordAuthentication = false; 33 + }; 34 + 35 + # This option is for enabling the bolt daemon for managing Thunderbolt/USB4 Devices. 36 + services.hardware.bolt.enable = true; 37 + 38 + # Tailscale 39 + services.tailscale = { 40 + enable = true; 41 + useRoutingFeatures = "client"; 42 + }; 43 + 44 # Containers and VMs 45 virtualisation = { 46 podman = { 47 + enable = true; 48 dockerCompat = true; 49 defaultNetwork.settings.dns_enabled = true; 50 + }; 51 + }; 52 + 53 + # Samba, for shares 54 + # TODO 55 + services.samba = { 56 + enable = true; 57 + openFirewall = true; 58 + nmbd.enable = true; 59 + winbindd.enable = true; 60 + settings = { 61 + global = { 62 + workgroup = "WORKGROUP"; 63 + "server string" = "misaki"; 64 + security = "user"; 65 + "use sendfile" = "yes"; 66 + "hosts allow" = "192.168.1. 127.0.0.1 localhost"; 67 + "hosts deny" = "0.0.0.0/0"; 68 + "guest account" = "nobody"; 69 + "map to guest" = "bad user"; 70 + deadtime = 30; 71 + }; 72 + shokuhou = { 73 + path = "/srv/shokuhou"; 74 + browseable = "yes"; 75 + "read only" = "no"; 76 + "guest ok" = "no"; 77 + "create mask" = "0644"; 78 + "directory mask" = "0755"; 79 + "force user" = "noah"; 80 + "force group" = "nas"; 81 + }; 82 + mentalout = { 83 + path = "/srv/mentalout"; 84 + browseable = "yes"; 85 + "read only" = "no"; 86 + "guest ok" = "no"; 87 + "create mask" = "0644"; 88 + "directory mask" = "0755"; 89 + "force user" = "noah"; 90 + "force group" = "nas"; 91 + }; 92 + }; 93 + }; 94 + services.samba-wsdd = { 95 + enable = true; 96 + openFirewall = true; 97 + }; 98 + 99 + services.coredns = { 100 + enable = true; 101 + config = '' 102 + packetlost.dev { 103 + hosts ${./coredns/packetlost.dev.hosts} packetlost.dev { 104 + fallthrough 105 + } 106 + bind enp4s0f1 107 + } 108 + ngp.computer { 109 + hosts ${./coredns/ngp.computer.hosts} ngp.computer { 110 + fallthrough 111 + } 112 + bind enp4s0f1 113 + } 114 + localhost { 115 + hosts ${./coredns/localhost.hosts} localhost { 116 + fallthrough 117 + } 118 + bind enp4s0f1 119 + } 120 + . { 121 + # NextDNS 122 + forward . tls://2a07:a8c0::dd:2feb:853 tls://2a07:a8c1::dd:2feb:853 tls://45.90.28.93:853 tls://45.90.30.93:853 { 123 + tls_servername dd2feb.dns.nextdns.io 124 + health_check 5s 125 + } 126 + bind enp4s0f1 127 + cache 128 + errors 129 + log 130 + } 131 + ''; 132 + }; 133 + 134 + services.nats = { 135 + enable = true; 136 + jetstream = true; 137 + user = "nats"; 138 + group = "nats"; 139 + serverName = "misaki"; 140 + dataDir = "/srv/shokuhou/applications/nats"; 141 + validateConfig = false; 142 + settings = { 143 + authorization = { 144 + users = [ 145 + { 146 + user = "seedbox@packetlost.dev"; 147 + permissions = { 148 + publish = [ 149 + "torrents" 150 + "torrents.>" 151 + "$JS.API.INFO" 152 + #"$JS.API.STREAM.INFO.>" 153 + "$KV.torrents.>" 154 + #"$JS.API.STREAM.*.*.OBJ_torrents" 155 + "$JS.API.*.*.OBJ_torrents" 156 + "$JS.API.STREAM.MSG.GET.OBJ_torrents" 157 + "$JS.API.*.*.OBJ_torrents.>" 158 + "$O.torrents.>" 159 + ]; 160 + subscribe = [ 161 + "torrents.>" 162 + "_INBOX.>" 163 + ]; 164 + allow_responses = false; 165 + }; 166 + } 167 + { user = "odin@packetlost.dev"; } 168 + { user = "misaki@packetlost.dev"; } 169 + { user = "noah@packetlost.dev"; } 170 + { user = "touma-nixos@packetlost.dev"; } 171 + ]; 172 + }; 173 + tls = { 174 + cert_file = "/srv/nats/nats.packetlost.dev/cert.pem"; 175 + key_file = "/srv/nats/nats.packetlost.dev/key.pem"; 176 + ca_file = "/srv/nats/minica.pem"; 177 + verify_and_map = true; 178 + }; 179 + jetstream = { 180 + # 50GB 181 + max_file_store = 53687091200; 182 + max_mem = 8589934592; 183 + }; 184 + }; 185 + }; 186 + 187 + # Minio's object storage has been mostly replaced with NATS. If I specifically need a 188 + # S3-like API, this will be revived. 189 + services.minio = { 190 + enable = false; 191 + listenAddress = ":9003"; 192 + consoleAddress = ":9004"; 193 + dataDir = [ 194 + /srv/shokuhou/applications/minio 195 + ]; 196 + }; 197 + 198 + services.netatalk = { 199 + enable = true; 200 + settings = { 201 + time-machine = { 202 + path = "/srv/shokuhou/backup/timemachine"; 203 + "valid users" = "noah"; 204 + "time machine" = true; 205 + }; 206 + }; 207 + }; 208 + 209 + services.webdav.enable = false; 210 + services.sftpgo = { 211 + enable = false; 212 + dataDir = /srv/shokuhou/documents/sftpgo; 213 + group = "nas"; 214 + }; 215 + services.syncthing = { 216 + enable = false; 217 + openDefaultPorts = true; 218 + # disable the sync folder creation 219 + extraFlags = [ "--no-default-folder" ]; 220 + settings = { 221 + folders = { 222 + "Sync" = { 223 + path = "/srv/shokuhou/documents/sync"; 224 + }; 225 + }; 226 + }; 227 + }; 228 + 229 + services.grafana = { 230 + enable = false; 231 + settings.server.http_port = 2342; 232 + settings.server.domain = "grafana.packetlost.dev"; 233 + settings.server.http_addr = "127.0.0.1"; 234 + }; 235 + 236 + services.prometheus = { 237 + enable = false; 238 + port = 9001; 239 + exporters = { 240 + node = { 241 + enable = true; 242 + enabledCollectors = [ "systemd" ]; 243 + port = 9002; 244 + }; 245 + }; 246 + 247 + scrapeConfigs = [ 248 + { 249 + job_name = "chrysalis"; 250 + static_configs = [ 251 + { targets = [ "127.0.0.1:${builtins.toString config.services.prometheus.exporters.node.port}" ]; } 252 + ]; 253 + } 254 + ]; 255 + }; 256 + 257 + # TODO: figure out how to appropriately configure this 258 + services.step-ca = { 259 + enable = false; 260 + openFirewall = true; 261 + port = 8443; 262 + address = "0.0.0.0"; 263 + intermediatePasswordFile = /etc/nixos/step-ca-intermediate-ca-password; 264 + settings = builtins.fromJSON (builtins.readFile /home/noah/.step/config/ca.json); 265 + }; 266 + 267 + age.secrets.acme = { 268 + file = ./secrets/porkbun-api-key.age; 269 + owner = "root"; 270 + group = "acme"; 271 + }; 272 + 273 + # TODO: re-enable this once Agenix is set up 274 + security.acme = { 275 + acceptTerms = true; 276 + defaults.email = "noah@packetlost.dev"; 277 + certs."plex.packetlost.dev" = { 278 + dnsProvider = "porkbun"; 279 + group = "httpd"; 280 + environmentFile = config.age.secrets.acme.path; 281 + }; 282 + certs."img.ngp.computer" = { 283 + group = "httpd"; 284 + dnsProvider = "porkbun"; 285 + environmentFile = config.age.secrets.acme.path; 286 + }; 287 + certs."files.ngp.computer" = { 288 + group = "httpd"; 289 + dnsProvider = "porkbun"; 290 + environmentFile = config.age.secrets.acme.path; 291 + }; 292 + certs."photos.ngp.computer" = { 293 + group = "httpd"; 294 + dnsProvider = "porkbun"; 295 + environmentFile = config.age.secrets.acme.path; 296 + }; 297 + certs."jellyfin.packetlost.dev" = { 298 + group = "httpd"; 299 + dnsProvider = "porkbun"; 300 + environmentFile = config.age.secrets.acme.path; 301 + }; 302 + }; 303 + 304 + # A test email server that only works on LAN 305 + services.maddy = { 306 + enable = true; 307 + openFirewall = true; 308 + primaryDomain = "misaki.local"; 309 + ensureAccounts = [ 310 + "noah@misaki.local" 311 + "postmaster@misaki.local" 312 + "test@misaki.local" 313 + ]; 314 + ensureCredentials = { 315 + "noah@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 316 + "postmaster@misaki.local".passwordFile = "${pkgs.writeText "noah" "Password123"}"; 317 + "test@misaki.local".passwordFile = "${pkgs.writeText "test" "Password123"}"; 318 + }; 319 + }; 320 + 321 + age.secrets.nix-serve = { 322 + file = ./secrets/nix-serve-secret-key.age; 323 + owner = "root"; 324 + group = "root"; 325 + }; 326 + services.nix-serve = { 327 + enable = true; 328 + package = unstable.nix-serve-ng; 329 + secretKeyFile = config.age.secrets.nix-serve.path; 330 + openFirewall = true; 331 + }; 332 + 333 + services.plex = { 334 + enable = true; 335 + openFirewall = false; # we proxy this with nginx 336 + group = "nas"; 337 + user = "noah"; 338 + package = unstable.plex; 339 + }; 340 + 341 + services.jellyfin = { 342 + enable = true; 343 + openFirewall = true; 344 + user = "noah"; 345 + group = "nas"; 346 + logDir = "/srv/shokuhou/applications/jellyfin/log"; 347 + cacheDir = "/srv/shokuhou/applications/jellyfin/cache"; 348 + dataDir = "/srv/shokuhou/applications/jellyfin/data"; 349 + configDir = "/srv/shokuhou/applications/jellyfin/config"; 350 + }; 351 + 352 + # services.gitea = { 353 + # enable = true; 354 + # user = "git"; 355 + # domain = "git.packetlost.dev"; 356 + # }; 357 + 358 + # Litterbox, collect my IRC logs 359 + systemd = { 360 + services = { 361 + "litterbox@" = { 362 + path = [ pkgs.litterbox ]; 363 + serviceConfig = { 364 + StartLimitIntervalSec = 5; 365 + StartLimitBurst = 10; 366 + Restart = "on-failure"; 367 + RestartSec = "10s"; 368 + Type = "simple"; 369 + ExecStart = "${pkgs.litterbox}/bin/litterbox /srv/litterbox/%i.conf"; 370 + ExecReload = "kill -USR1 $MAINPID"; 371 + User = "noah"; 372 + Group = "litterbox"; 373 + }; 374 + }; 375 + 376 + #"litterbox@libera.irc.packetlost.dev" = { 377 + # overrideStrategy = "asDropin"; 378 + # wantedBy = [ "multi-user.target" ]; 379 + #}; 380 + "update-downstream-src" = { 381 + path = with pkgs; [ 382 + rc 383 + coreutils 384 + git 385 + openssh 386 + ]; 387 + script = "exec ${./scripts/update-src}"; 388 + serviceConfig = { 389 + Type = "oneshot"; 390 + User = "noah"; 391 + WorkingDirectory = "/srv/src"; 392 + }; 393 + }; 394 + }; 395 + timers = { 396 + "update-downstream-src" = { 397 + wantedBy = [ "timers.target" ]; 398 + timerConfig = { 399 + OnCalendar = "daily"; 400 + Persistent = true; 401 + }; 402 + }; 403 + }; 404 + }; 405 + 406 + services.teamspeak3 = { 407 + enable = true; 408 + openFirewall = true; 409 + }; 410 + 411 + services.immich = { 412 + enable = true; 413 + package = unstable.immich; 414 + accelerationDevices = [ "/dev/dri/renderD128" ]; 415 + mediaLocation = "/srv/shokuhou/pictures/immich"; 416 + }; 417 + users.users.immich.extraGroups = [ 418 + "video" 419 + "render" 420 + "nas" 421 + ]; 422 + 423 + # Nginx Reverse SSL Proxy 424 + services.nginx = { 425 + enable = true; 426 + group = "nas"; 427 + user = "noah"; 428 + 429 + # This is disabled for now 430 + #virtualHosts."${config.services.grafana.settings.server.domain}" = { 431 + # locations."/" = { 432 + # proxyPass = "http://127.0.0.1:${builtins.toString config.services.grafana.settings.server.http_port}"; 433 + # proxyWebsockets = true; 434 + # }; 435 + #}; 436 + 437 + virtualHosts."cache.packetlost.dev" = { 438 + locations."/".proxyPass = 439 + "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}"; 440 + }; 441 + virtualHosts."photos.ngp.computer" = { 442 + enableACME = false; 443 + useACMEHost = "photos.ngp.computer"; 444 + acmeRoot = null; 445 + forceSSL = true; 446 + locations."/" = { 447 + proxyPass = "http://[::1]:${toString config.services.immich.port}"; 448 + proxyWebsockets = true; 449 + recommendedProxySettings = true; 450 + extraConfig = '' 451 + client_max_body_size 50000M; 452 + proxy_read_timeout 600s; 453 + proxy_send_timeout 600s; 454 + send_timeout 600s; 455 + ''; 456 + }; 457 + }; 458 + virtualHosts."img.ngp.computer" = { 459 + forceSSL = true; 460 + enableACME = false; 461 + useACMEHost = "img.ngp.computer"; 462 + acmeRoot = null; 463 + root = "/srv/shokuhou/pictures/public"; 464 + extraConfig = '' 465 + sendfile on; 466 + autoindex_exact_size on; 467 + tcp_nopush on; 468 + ''; 469 + locations."/" = { 470 + extraConfig = '' 471 + autoindex on; 472 + autoindex_exact_size on; 473 + alias /srv/shokuhou/pictures/public/$1; 474 + ''; 475 + }; 476 + }; 477 + virtualHosts."files.ngp.computer" = { 478 + forceSSL = true; 479 + enableACME = false; 480 + useACMEHost = "files.ngp.computer"; 481 + acmeRoot = null; 482 + root = null; 483 + extraConfig = '' 484 + sendfile on; 485 + tcp_nopush on; 486 + ''; 487 + locations."/books/" = { 488 + extraConfig = '' 489 + autoindex on; 490 + autoindex_exact_size on; 491 + alias /srv/shokuhou/books/sync/$1; 492 + ''; 493 + }; 494 + }; 495 + virtualHosts."jellyfin.packetlost.dev" = { 496 + forceSSL = true; 497 + enableACME = false; 498 + useACMEHost = "jellyfin.packetlost.dev"; 499 + acmeRoot = null; 500 + http2 = true; 501 + locations."/" = { 502 + proxyPass = "http://localhost:8096/"; 503 + }; 504 + }; 505 + 506 + # give a name to the virtual host. It also becomes the server name. 507 + virtualHosts."plex.packetlost.dev" = { 508 + # Since we want a secure connection, we force SSL 509 + forceSSL = true; 510 + enableACME = false; 511 + useACMEHost = "plex.packetlost.dev"; 512 + acmeRoot = null; 513 + 514 + # http2 can more performant for streaming: https://blog.cloudflare.com/introducing-http2/ 515 + http2 = true; 516 + 517 + # Provide the ssl cert and key for the vhost 518 + # These are filled in automatically with ACME 519 + extraConfig = '' 520 + 521 + #Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause 522 + send_timeout 100m; 523 + 524 + # Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/ 525 + ssl_stapling on; 526 + ssl_stapling_verify on; 527 + 528 + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 529 + ssl_prefer_server_ciphers on; 530 + #Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384. 531 + ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 532 + 533 + # Forward real ip and host to Plex 534 + proxy_set_header X-Real-IP $remote_addr; 535 + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 536 + proxy_set_header X-Forwarded-Proto $scheme; 537 + proxy_set_header Host $server_addr; 538 + proxy_set_header Referer $server_addr; 539 + proxy_set_header Origin $server_addr; 540 + 541 + # Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off. 542 + gzip on; 543 + gzip_vary on; 544 + gzip_min_length 1000; 545 + gzip_proxied any; 546 + gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml; 547 + gzip_disable "MSIE [1-6]\."; 548 + 549 + # Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones. 550 + # Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more 551 + client_max_body_size 100M; 552 + 553 + # Plex headers 554 + proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier; 555 + proxy_set_header X-Plex-Device $http_x_plex_device; 556 + proxy_set_header X-Plex-Device-Name $http_x_plex_device_name; 557 + proxy_set_header X-Plex-Platform $http_x_plex_platform; 558 + proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version; 559 + proxy_set_header X-Plex-Product $http_x_plex_product; 560 + proxy_set_header X-Plex-Token $http_x_plex_token; 561 + proxy_set_header X-Plex-Version $http_x_plex_version; 562 + proxy_set_header X-Plex-Nocache $http_x_plex_nocache; 563 + proxy_set_header X-Plex-Provides $http_x_plex_provides; 564 + proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor; 565 + proxy_set_header X-Plex-Model $http_x_plex_model; 566 + 567 + # Websockets 568 + proxy_http_version 1.1; 569 + proxy_set_header Upgrade $http_upgrade; 570 + proxy_set_header Connection "upgrade"; 571 + 572 + # Buffering off send to the client as soon as the data is received from Plex. 573 + proxy_redirect off; 574 + proxy_buffering off; 575 + ''; 576 + 577 + locations."/" = { 578 + proxyPass = "http://localhost:32400/"; 579 + }; 580 }; 581 }; 582 }

+6 -1

shell.nix

··· 1 { pkgs ? import <nixos-unstable> { } }: 2 - pkgs.mkShell { packages = with pkgs; [ nil lua-language-server ]; } 0 0 0 0 0

··· 1 { pkgs ? import <nixos-unstable> { } }: 2 + pkgs.mkShell { 3 + packages = with pkgs; [ nil lua-language-server nixpkgs-fmt ]; 4 + shellHook = '' 5 + ${(import ./default.nix).pre-commit-check.shellHook} 6 + ''; 7 + }

-32

ssh/extra

··· 1 AddKeysToAgent yes 2 ServerAliveInterval 60 3 - ForwardAgent yes 4 ControlMaster auto 5 ControlPath ~/.ssh/master-%r@%h:%p 6 ··· 26 IdentityFile ~/.ssh/id_ed25519 27 ForwardAgent yes 28 29 - Host aleister 30 - HostName 192.168.1.16 31 - User noah 32 - IdentityFile ~/.ssh/id_ed25519 33 - ForwardAgent yes 34 - 35 Host komoe 36 HostName 192.168.1.5 37 User noah 38 IdentityFile ~/.ssh/id_ed25519 39 ForwardAgent yes 40 - 41 - Host othinus 42 - HostName 192.168.1.4 43 - User noah 44 - IdentityFile ~/.ssh/id_ed25519 45 - ForwardAgent yes 46 - 47 - Host odin 48 - HostName 192.168.1.6 49 - User noah 50 - IdentityFile ~/.ssh/id_ed25519 51 - ForwardAgent yes 52 - 53 - Host accelerator 54 - HostName 192.168.1.7 55 - User noah 56 - IdentityFile ~/.ssh/id_ed25519 57 - ForwardAgent yes 58 - 59 - Host shizuri 60 - HostName 192.168.1.15 61 - User noah 62 - IdentityFile ~/.ssh/id_ed25519 63 - ForwardAgent yes 64 - ForwardX11 yes 65 66 Host sdf 67 HostName tty.sdf.org

··· 1 AddKeysToAgent yes 2 ServerAliveInterval 60 0 3 ControlMaster auto 4 ControlPath ~/.ssh/master-%r@%h:%p 5 ··· 25 IdentityFile ~/.ssh/id_ed25519 26 ForwardAgent yes 27 0 0 0 0 0 0 28 Host komoe 29 HostName 192.168.1.5 30 User noah 31 IdentityFile ~/.ssh/id_ed25519 32 ForwardAgent yes 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 33 34 Host sdf 35 HostName tty.sdf.org

+13 -18

sway/odin

··· 2 #workspace $ws1 output DP-6 3 #workspace $ws2 output HDMI-A-1 4 5 - output "Acer Technologies XV272U 0x0000A50C" { 6 - mode 2560x1440@143.999Hz 7 - pos 440 0 8 - transform normal 9 - scale 1.0 10 - scale_filter nearest 11 - adaptive_sync off 12 - dpms on 13 - } 14 - output "LG Electronics LG ULTRAGEAR 307NTPC58464" { 15 - mode 3440x1440@85.0Hz 16 - pos 0 1440 17 - transform normal 18 - scale 1.0 19 - scale_filter nearest 20 - adaptive_sync on 21 - dpms on 22 - }

··· 2 #workspace $ws1 output DP-6 3 #workspace $ws2 output HDMI-A-1 4 5 + # HDMI is the main output 6 + output HDMI-A-1 pos 0 0 7 + output HDMI-A-1 adaptive_sync off 8 + output DP-9 pos -430 1440 9 + output DP-9 adaptive_sync on 10 + # Sometimes the DP identifier changes for some reason 11 + output DP-6 pos -430 1440 12 + output DP-6 adaptive_sync on 13 + output DP-10 pos -430 1440 14 + output DP-10 adaptive_sync on 15 + # The HDMI gets messed up too :( 16 + output HDMI-A-2 pos 0 0 17 + output HDMI-A-2 adaptive_sync off 0 0 0 0 0

+23 -26

users.nix

··· 1 { pkgs, lib, ... }: 2 - let 3 - home-manager = builtins.fetchTarball 4 - "https://github.com/nix-community/home-manager/archive/release-25.11.tar.gz"; 5 - in 6 { 7 - 8 - imports = [ 9 - # Import home-manager first, it's required for other modules 10 - (import "${home-manager}/nixos") 11 - ]; 12 - 13 # Declarative only optoins. 14 # I don't want to allow ad-hoc modifying users on the system. 15 # Users must be declared either as part of a package or in this file. ··· 19 users.users.noah = { 20 isNormalUser = true; 21 shell = pkgs.fish; 22 - extraGroups = [ "wheel" "video" "nas" ]; # Enable ‘sudo’ for the user. 0 0 0 0 0 0 0 0 23 hashedPasswordFile = "/etc/nixos/noah-password"; 24 - openssh.authorizedKeys.keys = 25 - lib.strings.splitString "\n" (builtins.readFile (builtins.fetchurl { 26 - url = "https://meta.sr.ht/~chiefnoah.keys"; 27 - name = "chiefnoah.keys"; 28 - # Update this with: 29 - # `curl https://meta.sr.ht/~chiefnoah.keys | sha256sum` 30 - sha256 = "b07f29019f0fcf2d7e217637fce6c7f9476468cc47cb8eaf36a0cd646aa4a8a7"; 31 - })); 0 0 0 32 }; 33 - users.groups.nas.gid = 1001; 34 - # I manage my home with home-manager 35 - # Don't store packages in ~/.nix-profile, use /etc/profiles so we can build-vm 36 - home-manager.useUserPackages = true; 37 - # No more NIX_PATH, use system pkgs 38 - home-manager.useGlobalPkgs = true; 39 40 - home-manager.users.noah = import ./home.nix; 0 0 41 }

··· 1 { pkgs, lib, ... }: 0 0 0 0 2 { 0 0 0 0 0 0 3 # Declarative only optoins. 4 # I don't want to allow ad-hoc modifying users on the system. 5 # Users must be declared either as part of a package or in this file. ··· 9 users.users.noah = { 10 isNormalUser = true; 11 shell = pkgs.fish; 12 + extraGroups = [ 13 + "wheel" 14 + "video" 15 + "render" 16 + "nas" 17 + "nats" 18 + "litterbox" 19 + "httpd" 20 + ]; # Enable ‘sudo’ for the user. 21 hashedPasswordFile = "/etc/nixos/noah-password"; 22 + openssh.authorizedKeys.keys = lib.strings.splitString "\n" ( 23 + builtins.readFile ( 24 + builtins.fetchurl { 25 + url = "https://meta.sr.ht/~chiefnoah.keys"; 26 + name = "chiefnoah.keys"; 27 + # Update this with: 28 + # `curl https://meta.sr.ht/~chiefnoah.keys | sha256sum` 29 + sha256 = "0wdnx25blqihbgaa0hzd39mjqwki92ambar097hjfmlrxg1s4lk7"; 30 + } 31 + ) 32 + ); 33 }; 0 0 0 0 0 0 34 35 + users.groups.nas.gid = 1001; 36 + users.groups.httpd.gid = 1002; 37 + users.groups.litterbox.gid = 1003; 38 }

+28 -42

vis/visrc.lua

··· 1 require('vis') 2 - local plugin_manager = 'plugins/vis-plug' 0 0 3 local plugins = { 4 - --{ 'timoha/vis-acme', theme = true, file = 'acme' }, 5 { 'milhnl/vis-format' }, 6 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 7 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, 8 { url = 'https://repo.or.cz/vis-parkour.git', alias = 'vis-parkour' } 9 } 10 11 - function setup_plug() 12 - if not pcall(require, 'plugins/vis-plug') then 13 - os.execute('git clone --quiet https://github.com/erf/vis-plug ' .. 14 - (os.getenv('XDG_CONFIG_HOME') or os.getenv('HOME') .. '/.config') 15 - .. '/vis/plugins/vis-plug') 16 - end 17 - return require('plugins/vis-plug') 18 - end 19 - local plug = setup_plug() 20 21 - plug.init(plugins, true) 22 23 - function configure_plugin(name, config) 24 - if vis:module_exist(name) then 25 - local module = require(name) 26 - config(module) 27 - end 28 - end 29 30 vis.events.subscribe(vis.events.INIT, function() 31 - configure_plugin('plugins/vis-format', function(format) 32 - vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 33 - vis:map(vis.modes.NORMAL, '=', format.apply) 34 - end) 35 - configure_plugin('plugins/vis-lspc', function(lspc) 36 - if next(lspc) then 37 - lspc.logging = true 38 - lspc.log_file = "/tmp/lspc.log" 39 40 - lspc.ls_map.rust = { 41 - name = "rust", 42 - cmd = "rust-analyzer", 43 - formatting_options = {tabSize = 4, insertSpaces = true} 44 - } 45 - lspc.ls_map.lua = { 46 - name = "lua", 47 - cmd = "lua-language-server", 48 - formatting_options = { insertSpaces = false } 49 - } 50 - end 51 - end) 52 end) 53 54 55 - vis.events.subscribe(vis.events.WIN_OPEN, function() 56 --per-window configuration-- 57 --vis:command('set number') 58 - --vis:command('set showtab on') 59 - --vis:command('set showspace off') 60 vis:command('set autoindent on') 61 vis:command('set cursorline on') 62 vis:command('set tabwidth 4') 63 end) 64 - return nil 0 0 0

··· 1 require('vis') 2 + 3 + local plug = require('plugins/vis-plug') 4 + 5 local plugins = { 6 + { 'timoha/vis-acme', theme = true, file = 'acme' }, 7 { 'milhnl/vis-format' }, 8 { url = 'https://git.cepl.eu/cgit/vis/vis-fzf-open' }, 9 { url = 'https://gitlab.com/muhq/vis-lspc.git' }, 10 { url = 'https://repo.or.cz/vis-parkour.git', alias = 'vis-parkour' } 11 } 12 13 + plug.init(plugins, true) 14 + 15 + 16 + 0 0 0 0 0 17 0 18 0 0 0 0 0 0 19 20 vis.events.subscribe(vis.events.INIT, function() 21 + local format = require('plugins/vis-format') 22 + vis:map(vis.modes.NORMAL, '<C-p>', ':fzf<Enter>') 23 + vis:map(vis.modes.NORMAL, '=', format.apply) 24 + local lspc = require('plugins/vis-lspc') 25 + if next(lspc) then 26 + lspc.logging = true 27 + lspc.log_file = "/tmp/lspc.log" 0 28 29 + lspc.ls_map.rust = { 30 + name = "rust", 31 + cmd = "rust-analyzer", 32 + formatting_options = {tabSize = 4, insertSpaces = true} 33 + } 34 + end 0 0 0 0 0 0 35 end) 36 37 38 + vis.events.subscribe(vis.events.WIN_OPEN, function(win) 39 --per-window configuration-- 40 --vis:command('set number') 41 + vis:command('set showtab on') 42 + vis:command('set showspace on') 43 vis:command('set autoindent on') 44 vis:command('set cursorline on') 45 vis:command('set tabwidth 4') 46 end) 47 + 48 + 49 + 50 +