yemou.pink / nix-configs
Nix configurations for my homelab
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+420 -169
flake.lock
flake.nix
lily
config.nix
lutea
config.nix
hardware.nix
modules
cloud-storage.nix
creation.nix
editor.nix
electron.nix
email.nix
games.nix
gui.nix
im.nix
libreoffice.nix
media.nix
packages
buildConfig
buildConfig.sh
qbittorrent.nix
river.nix
scx.nix
secrets.nix
services
arr.nix
caddy
jellyfin.nix
jellyfin.nix
nextcloud.nix
openssh.nix
tangled.nix
uni.nix
vpn-container.nix
secrets
lily.yaml
lutea.yaml
+54 -54
flake.lock
··· 1 1 { 2 2 "nodes": { 3 + "actor-typeahead-src": { 4 + "flake": false, 5 + "locked": { 6 + "lastModified": 1762835797, 7 + "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=", 8 + "ref": "refs/heads/main", 9 + "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b", 10 + "revCount": 6, 11 + "type": "git", 12 + "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead" 13 + }, 14 + "original": { 15 + "type": "git", 16 + "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead" 17 + } 18 + }, 3 19 "flake-compat": { 4 20 "flake": false, 5 21 "locked": { ··· 95 111 ] 96 112 }, 97 113 "locked": { 98 - "lastModified": 1762447448, 99 - "narHash": "sha256-BFhoqL231hyTZ7piR+8FgDJby48oWRN8+g3b1uvvtX8=", 114 + "lastModified": 1767702900, 115 + "narHash": "sha256-xMzHmNytl7JgFRov2jHf2GYsLVp/sAfYO0JvbZt0uDo=", 100 116 "owner": "nix-community", 101 117 "repo": "home-manager", 102 - "rev": "2907788315a73d3292140b4d59b5d95796565625", 118 + "rev": "38e187fd2f9efac197e03be0c25f3ee215974144", 103 119 "type": "github" 104 120 }, 105 121 "original": { ··· 204 220 }, 205 221 "nixpkgs": { 206 222 "locked": { 207 - "lastModified": 1762406524, 208 - "narHash": "sha256-dKJcd9A4Qk/RH3c1awJW0bLngEJO6/TJlrwvGy6U1FA=", 223 + "lastModified": 1767678781, 224 + "narHash": "sha256-HlQWzu2drqK4ln54h/LKRJfpY+fhMJItZmNBm0qC+Fs=", 209 225 "owner": "NixOS", 210 226 "repo": "nixpkgs", 211 - "rev": "f7213c5cd417469224ae36fcaecc142f7a6a95c2", 227 + "rev": "b16188e3a1a4ede1e261573a95fbc445df67b784", 212 228 "type": "github" 213 229 }, 214 230 "original": { ··· 218 234 "type": "github" 219 235 } 220 236 }, 221 - "nixpkgs-pr432663-modrinth": { 222 - "locked": { 223 - "lastModified": 1754872276, 224 - "narHash": "sha256-nzo6NomrbeBK/p9Rh4koSb5EebX06QsdsouHIjHNO4s=", 225 - "owner": "getchoo-contrib", 226 - "repo": "nixpkgs", 227 - "rev": "537f5bab3bd0dc4677dfaa46d8a5f21bac9c435e", 228 - "type": "github" 229 - }, 230 - "original": { 231 - "owner": "getchoo-contrib", 232 - "ref": "pkgs/modrinth-app/0.10.3", 233 - "repo": "nixpkgs", 234 - "type": "github" 235 - } 236 - }, 237 237 "nixpkgs-stable": { 238 238 "locked": { 239 - "lastModified": 1762441858, 240 - "narHash": "sha256-+khq8nLrjoMd7rfHbR+vn5VbT9SEWYxkjFPt3SaNX20=", 239 + "lastModified": 1767313136, 240 + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", 241 241 "owner": "NixOS", 242 242 "repo": "nixpkgs", 243 - "rev": "c868b076f649419f586b985c6814a06d9580ce2c", 243 + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", 244 244 "type": "github" 245 245 }, 246 246 "original": { ··· 252 252 }, 253 253 "nixpkgs-unstable": { 254 254 "locked": { 255 - "lastModified": 1762111121, 256 - "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", 255 + "lastModified": 1767640445, 256 + "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", 257 257 "owner": "NixOS", 258 258 "repo": "nixpkgs", 259 - "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", 259 + "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", 260 260 "type": "github" 261 261 }, 262 262 "original": { ··· 284 284 }, 285 285 "nixpkgs_3": { 286 286 "locked": { 287 - "lastModified": 1760596604, 288 - "narHash": "sha256-J/i5K6AAz/y5dBePHQOuzC7MbhyTOKsd/GLezSbEFiM=", 287 + "lastModified": 1767364772, 288 + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", 289 289 "owner": "NixOS", 290 290 "repo": "nixpkgs", 291 - "rev": "3cbe716e2346710d6e1f7c559363d14e11c32a43", 291 + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", 292 292 "type": "github" 293 293 }, 294 294 "original": { ··· 322 322 "rust-overlay": "rust-overlay" 323 323 }, 324 324 "locked": { 325 - "lastModified": 1762401448, 326 - "narHash": "sha256-wnS6LRR1oa7RAKk64gH3itrrCGYrkQyyMhQnMvVuC3Q=", 325 + "lastModified": 1767582569, 326 + "narHash": "sha256-C9QFu5ujrIIY+EyJ6y7dSdSTJxTvBnoKy6L5Ug0Q/Kk=", 327 327 "owner": "roc-lang", 328 328 "repo": "roc", 329 - "rev": "26ee6ab54e592476f7ded9efe82d84ce7bbc5128", 329 + "rev": "2b7565979a5263d4eebdf7ab25fd407a8c97eb6f", 330 330 "type": "github" 331 331 }, 332 332 "original": { ··· 340 340 "home-manager": "home-manager", 341 341 "impermanence": "impermanence", 342 342 "nixpkgs": "nixpkgs", 343 - "nixpkgs-pr432663-modrinth": "nixpkgs-pr432663-modrinth", 344 343 "nixpkgs-stable": "nixpkgs-stable", 345 344 "nixpkgs-unstable": "nixpkgs-unstable", 346 345 "roc-lang": "roc-lang", ··· 376 375 "nixpkgs": "nixpkgs_3" 377 376 }, 378 377 "locked": { 379 - "lastModified": 1760998189, 380 - "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=", 378 + "lastModified": 1767499857, 379 + "narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=", 381 380 "owner": "Mic92", 382 381 "repo": "sops-nix", 383 - "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3", 382 + "rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190", 384 383 "type": "github" 385 384 }, 386 385 "original": { ··· 434 433 }, 435 434 "tangled": { 436 435 "inputs": { 436 + "actor-typeahead-src": "actor-typeahead-src", 437 437 "flake-compat": "flake-compat_2", 438 438 "gomod2nix": "gomod2nix", 439 439 "htmx-src": "htmx-src", ··· 446 446 "sqlite-lib-src": "sqlite-lib-src" 447 447 }, 448 448 "locked": { 449 - "lastModified": 1760875893, 450 - "narHash": "sha256-t6OWN+7N4oeYhnfclOPyw0ZVsFrsWPXbXTGseyCKVMg=", 451 - "ref": "refs/tags/v1.10.0-alpha", 452 - "rev": "71d46921a8891ddf80417980d954b145be6cd213", 453 - "revCount": 1546, 449 + "lastModified": 1763627666, 450 + "narHash": "sha256-t8UQ85/bPXrbFs3V/paFtQvv4lSrr2lszrdcgspuAaA=", 451 + "ref": "refs/tags/v1.11.0-alpha", 452 + "rev": "12ef7f8f63ee4a14a552ebed603802c79e4d72f8", 453 + "revCount": 1678, 454 454 "type": "git", 455 - "url": "https://tangled.org/@tangled.org/core" 455 + "url": "https://tangled.org/tangled.org/core" 456 456 }, 457 457 "original": { 458 - "ref": "refs/tags/v1.10.0-alpha", 458 + "ref": "refs/tags/v1.11.0-alpha", 459 459 "type": "git", 460 - "url": "https://tangled.org/@tangled.org/core" 460 + "url": "https://tangled.org/tangled.org/core" 461 461 } 462 462 }, 463 463 "yemou-dotfiles": { 464 464 "flake": false, 465 465 "locked": { 466 - "lastModified": 1754330523, 467 - "narHash": "sha256-K2VZlNCtPdYpirf8EFYNqbM3I226OfEH6VJZ/TVJinc=", 466 + "lastModified": 1767528128, 467 + "narHash": "sha256-JaAjRLeidiCGJj+mFWLGkvWj3/XAermFEFfuXkIQiSM=", 468 468 "ref": "refs/heads/main", 469 - "rev": "e707438e1157ac7b085c48c44bab3948d07825a6", 470 - "revCount": 102, 469 + "rev": "a60a8302e1ec4e13b711be89ca029f7ee071d4f0", 470 + "revCount": 108, 471 471 "type": "git", 472 - "url": "https://tangled.org/@yemou.pink/dotfiles" 472 + "url": "https://tangled.org/yemou.pink/dotfiles" 473 473 }, 474 474 "original": { 475 475 "type": "git", 476 - "url": "https://tangled.org/@yemou.pink/dotfiles" 476 + "url": "https://tangled.org/yemou.pink/dotfiles" 477 477 } 478 478 }, 479 479 "yemou-scripts": { ··· 489 489 "rev": "a0196a345c63894e8ce671ef660c34ce44890150", 490 490 "revCount": 30, 491 491 "type": "git", 492 - "url": "https://tangled.org/@yemou.pink/scripts" 492 + "url": "https://tangled.org/yemou.pink/scripts" 493 493 }, 494 494 "original": { 495 495 "type": "git", 496 - "url": "https://tangled.org/@yemou.pink/scripts" 496 + "url": "https://tangled.org/yemou.pink/scripts" 497 497 } 498 498 } 499 499 },
+3 -5
flake.nix
··· 8 8 sops-nix.url = "github:Mic92/sops-nix"; 9 9 10 10 yemou-dotfiles = { 11 - url = "git+https://tangled.org/@yemou.pink/dotfiles"; 11 + url = "git+https://tangled.org/yemou.pink/dotfiles"; 12 12 flake = false; 13 13 }; 14 14 yemou-scripts = { 15 - url = "git+https://tangled.org/@yemou.pink/scripts"; 15 + url = "git+https://tangled.org/yemou.pink/scripts"; 16 16 inputs.nixpkgs.follows = "nixpkgs"; 17 17 }; 18 18 home-manager = { ··· 21 21 }; 22 22 23 23 roc-lang.url = "github:roc-lang/roc"; 24 - tangled.url = "git+https://tangled.org/@tangled.org/core?ref=refs/tags/v1.10.0-alpha"; 25 - 26 - nixpkgs-pr432663-modrinth.url = "github:getchoo-contrib/nixpkgs?ref=pkgs/modrinth-app/0.10.3"; 24 + tangled.url = "git+https://tangled.org/tangled.org/core?ref=refs/tags/v1.11.0-alpha"; 27 25 }; 28 26 29 27 outputs =
+5 -1
lily/config.nix
··· 8 8 ../modules/caddy.nix 9 9 ../modules/editor.nix 10 10 ../modules/fail2ban.nix 11 + ../modules/fwupd.nix 11 12 ../modules/machine-id.nix 12 13 ../modules/machine-info.nix 13 14 ../modules/netbird.nix ··· 23 24 ../modules/services/caddy 24 25 ../modules/services/caddy/atproto-did.nix 25 26 ../modules/services/caddy/cp-certs.nix 27 + ../modules/services/caddy/jellyfin.nix 26 28 ../modules/services/caddy/mumble.nix 27 29 ../modules/services/caddy/nextcloud.nix 28 30 ../modules/services/caddy/pds.nix ··· 36 38 ../modules/services/caddy/websites/pink-meyou.nix 37 39 ../modules/services/caddy/websites/pink-yemou.nix 38 40 41 + ../modules/services/arr.nix 42 + ../modules/services/jellyfin.nix 39 43 ../modules/services/murmur.nix 40 44 ../modules/services/nextcloud.nix 41 45 ../modules/services/openssh.nix ··· 50 54 "github.com/mholt/caddy-events-exec@v0.1.0" 51 55 "github.com/mholt/caddy-l4@v0.0.0-20250825142355-52451c524d96" 52 56 ]; 53 - hash = "sha256-K/HtgdbdfeV/aHCRIXDvgfb2AL06YHh6+rLL15wUtmA="; 57 + hash = "sha256-VBfSLG0TInEYoj4fS7hnNqKn267N6jjuA38TsgyL/Sw="; 54 58 }; 55 59 info.host.server = true; 56 60 };
+4 -9
lutea/config.nix
··· 9 9 ../modules/cloud-storage.nix 10 10 ../modules/creation.nix 11 11 ../modules/editor.nix 12 - ../modules/email.nix 12 + ../modules/electron.nix 13 + # ../modules/email.nix 13 14 ../modules/flatpak.nix 14 15 ../modules/fonts.nix 15 16 ../modules/fwupd.nix ··· 17 18 ../modules/gui.nix 18 19 ../modules/hardware-keys.nix 19 20 ../modules/im.nix 20 - # ../modules/libreoffice.nix 21 21 ../modules/machine-id.nix 22 22 ../modules/machine-info.nix 23 + ../modules/media.nix 23 24 ../modules/netbird.nix 24 25 ../modules/network-info.nix 25 26 ../modules/nix.nix ··· 27 28 ../modules/qbittorrent.nix 28 29 ../modules/remote-builder.nix 29 30 ../modules/river.nix 31 + ../modules/secrets.nix 30 32 ../modules/smartd.nix 31 33 ../modules/tools.nix 32 34 ../modules/typst.nix ··· 137 139 }; 138 140 139 141 systemd.tmpfiles.settings."home-files" = { 140 - "/home/mou/.cache".d = { 141 - user = "mou"; 142 - group = "mou"; 143 - age = "14d"; 144 - }; 145 - "/home/mou/.cache/nix/gitv3/*".x = { }; 146 - "/home/mou/.cache/nix/tarball-cache/.git/*".x = { }; 147 142 "/home/mou/.barony".L.argument = "/home/mou/misc/games/barony"; 148 143 "/home/mou/.mozilla".L.argument = "/home/mou/misc/.app-data/mozilla"; 149 144 "/home/mou/.ssh".L.argument = "/home/mou/misc/.app-data/ssh";
+5 -2
lutea/hardware.nix
··· 31 31 }; 32 32 }; 33 33 kernelModules = [ "kvm-intel" ]; 34 - # kernelPackages = pkgs.linuxPackages_latest; 34 + kernelPackages = pkgs.linuxPackages_latest; 35 35 kernelPatches = [ ]; 36 36 loader = { 37 37 efi.canTouchEfiVariables = true; ··· 105 105 106 106 swapDevices = [ { device = "/swap/swapfile"; } ]; 107 107 108 + nixpkgs.config.rocmSupport = true; 108 109 hardware = { 109 - enableRedistributableFirmware = true; 110 + amdgpu.opencl.enable = true; 111 + block.defaultScheduler = "kyber"; 110 112 bluetooth = { 111 113 enable = true; 112 114 powerOnBoot = true; 113 115 }; 114 116 cpu.intel.updateMicrocode = true; 117 + enableRedistributableFirmware = true; 115 118 uinput.enable = true; 116 119 graphics = { 117 120 enable = true;
+64 -2
modules/cloud-storage.nix
··· 1 - { pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 - users.users.mou.packages = with pkgs; [ nextcloud-client ]; 8 + sops = { 9 + secrets = { 10 + "rclone-nextcloud/url" = { }; 11 + "rclone-nextcloud/user" = { }; 12 + "rclone-nextcloud/password" = { }; 13 + }; 14 + templates.rclone-nextcloud-config.content = lib.generators.toINI { } { 15 + nextcloud = { 16 + type = "webdav"; 17 + url = config.sops.placeholder."rclone-nextcloud/url"; 18 + vendor = "nextcloud"; 19 + user = config.sops.placeholder."rclone-nextcloud/user"; 20 + pass = config.sops.placeholder."rclone-nextcloud/password"; 21 + }; 22 + }; 23 + }; 24 + 25 + environment.persistence."/data/persistent".directories = [ 26 + { 27 + directory = "/var/cache/rclone"; 28 + mode = "0700"; 29 + } 30 + ]; 31 + 32 + systemd.services.rclone-nextcloud = { 33 + enable = true; 34 + description = "NextCloud VFS (rclone)"; 35 + after = [ "network-online.target" ]; 36 + wants = [ "network-online.target" ]; 37 + wantedBy = [ "multi-user.target" ]; 38 + serviceConfig = { 39 + Type = "notify"; 40 + ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/nextcloud"; 41 + ExecStart = 42 + let 43 + args = [ 44 + "--config ${config.sops.templates.rclone-nextcloud-config.path}" 45 + "--cache-dir /var/cache/rclone/nextcloud" 46 + # "--dir-cache-time 5m" # This is the default 47 + # "--poll-interval 1m" # This is the default 48 + "--vfs-cache-mode writes" 49 + "--webdav-nextcloud-chunk-size 2Gi" 50 + "--checksum" 51 + "--track-renames" 52 + "--allow-other" 53 + "--uid 1000" 54 + "--gid 1000" 55 + "--dir-perms 0770" 56 + "--file-perms 0660" 57 + "--umask 007" 58 + ]; 59 + in 60 + "${pkgs.rclone}/bin/rclone mount nextcloud:/ /media/nextcloud ${lib.strings.join " " args}"; 61 + ExecStop = "${pkgs.fuse3}/bin/fusermount3 -z /media/nextcloud"; 62 + Restart = "on-failure"; 63 + }; 64 + restartTriggers = [ config.sops.secrets."rclone-nextcloud/password".sopsFileHash ]; 65 + }; 4 66 }
+1 -1
modules/creation.nix
··· 2 2 { 3 3 users.users.mou.packages = with pkgs; [ 4 4 audacity 5 - blender 6 5 blockbench 7 6 inkscape 7 + blender 8 8 ]; 9 9 }
+58
modules/editor.nix
··· 1 1 { pkgs, ... }: 2 2 { 3 + nixpkgs.overlays = [ 4 + (final: prev: { 5 + kakoune-unwrapped = prev.kakoune-unwrapped.overrideAttrs ( 6 + finalAttrs: prevAttrs: { 7 + patches = [ 8 + (prev.writeText "escript.patch" '' 9 + diff --git a/rc/filetype/erlang.kak b/rc/filetype/erlang.kak 10 + index 35b60cf2..3e42263d 100644 11 + --- a/rc/filetype/erlang.kak 12 + +++ b/rc/filetype/erlang.kak 13 + @@ -6,7 +6,7 @@ 14 + 15 + # Detection 16 + # โ€พโ€พโ€พโ€พโ€พโ€พโ€พโ€พโ€พ 17 + -hook global BufCreate .*[.](erl|hrl) %{ 18 + +hook global BufCreate .*[.](erl|escript|hrl) %{ 19 + set-option buffer filetype erlang 20 + } 21 + 22 + @@ -31,6 +31,7 @@ provide-module erlang %[ 23 + add-highlighter shared/erlang regions 24 + add-highlighter shared/erlang/default default-region group 25 + 26 + +add-highlighter shared/erlang/shebang region ^#! $ fill meta 27 + add-highlighter shared/erlang/comment region '(?<!\$)%' '$' fill comment 28 + add-highlighter shared/erlang/attribute_atom_single_quoted region %{-'} %{(?<!\\)(?:\\\\)*'(?=[\( \.])} fill builtin 29 + add-highlighter shared/erlang/attribute region '\b-[a-z][\w@]*(?=[\( \.])' '\K' fill builtin 30 + '') 31 + ]; 32 + } 33 + ); 34 + kakoune-lsp = prev.kakoune-lsp.overrideAttrs ( 35 + finalAttrs: prevAttrs: { 36 + patches = prevAttrs.patches ++ [ 37 + (prev.writeText "erlang-elp" '' 38 + diff --git a/rc/servers.kak b/rc/servers.kak 39 + index afedb57..8d961e7 100644 40 + --- a/rc/servers.kak 41 + +++ b/rc/servers.kak 42 + @@ -124,10 +124,9 @@ hook -group lsp-filetype-elvish global BufSetOption filetype=elvish %{ 43 + 44 + hook -group lsp-filetype-erlang global BufSetOption filetype=erlang %{ 45 + set-option buffer lsp_servers %{ 46 + - [erlang_ls] 47 + + [elp] 48 + root_globs = ["rebar.config", "erlang.mk", ".git", ".hg"] 49 + - # See https://github.com/erlang-ls/erlang_ls.git for more information and 50 + - # how to configure. This default config should work in most cases though. 51 + + args = [ "server" ] 52 + } 53 + } 54 + '') 55 + ]; 56 + } 57 + ); 58 + }) 59 + ]; 60 + 3 61 environment = { 4 62 sessionVariables = { 5 63 EDITOR = "kak";
+4
modules/electron.nix
··· 1 + { ... }: 2 + { 3 + nixpkgs.overlays = [ (final: prev: { electron = final.electron-bin; }) ]; 4 + }
-6
modules/email.nix
··· 1 1 { pkgs, ... }: 2 2 { 3 - nixpkgs.overlays = [ 4 - (final: prev: { 5 - sieve-editor-gui = prev.sieve-editor-gui.override { electron = final.electron-bin; }; 6 - }) 7 - ]; 8 - 9 3 users.users.mou.packages = with pkgs; [ 10 4 check-sieve 11 5 sieve-editor-gui
+24 -39
modules/games.nix
··· 1 - { nixpkgs-pr432663-modrinth, pkgs, ... }: 1 + { pkgs, ... }: 2 2 { 3 3 imports = [ ./unfree.nix ]; 4 4 ··· 12 12 ]; 13 13 14 14 nixpkgs.overlays = [ 15 - ( 16 - final: prev: 17 - let 18 - pkgs-modrinth = import nixpkgs-pr432663-modrinth { 19 - system = prev.system; 20 - config.allowUnfree = true; 21 - }; 22 - in 23 - { 24 - modrinth-app = pkgs-modrinth.modrinth-app; 25 - modrinth-app-unwrapped = pkgs-modrinth.modrinth-app-unwrapped; 15 + (final: prev: { 16 + extest = prev.extest.overrideAttrs ( 17 + finalAttrs: prevAttrs: { 18 + version = "1.0.3"; 26 19 27 - extest = prev.extest.overrideAttrs ( 28 - finalAttrs: prevAttrs: { 29 - version = "1.0.3"; 20 + src = prev.fetchFromGitHub { 21 + owner = "Supreeeme"; 22 + repo = "extest"; 23 + rev = "0d068672fdaefd6f6565036ddd8e6949ee82eb63"; 24 + hash = "sha256-4SVZD0aHKsn97B5bhCf7URR6iQhJlYGALKWhDg+lGhU="; 25 + }; 30 26 31 - src = prev.fetchFromGitHub { 32 - owner = "Supreeeme"; 33 - repo = "extest"; 34 - rev = "1a419a1691c6accaafef6cfc962a06712d4658e9"; 35 - hash = "sha256-q0BqvdIdcUARGmaPOnzPVLtcWFHJeZ9t2jcfYxS0KTk="; 36 - }; 37 - 38 - cargoDeps = prev.rustPlatform.fetchCargoVendor { 39 - src = finalAttrs.src; 40 - hash = "sha256-J9HuZwZ3UYyW2unFxBeap80yPCvdVGQ7pfsdI9qU3QE="; 41 - }; 42 - } 43 - ); 44 - 45 - r2modman = prev.r2modman.override { electron = prev.electron-bin; }; 46 - } 47 - ) 27 + cargoDeps = prev.rustPlatform.fetchCargoVendor { 28 + src = finalAttrs.src; 29 + hash = "sha256-OBWgNQ3OfqztaQwbK4fjOp7Lbu58U6j8tbStJ17bIko="; 30 + }; 31 + } 32 + ); 33 + }) 48 34 ]; 49 35 50 36 services.udev.packages = with pkgs; [ game-devices-udev-rules ]; ··· 56 42 protontricks.enable = true; 57 43 }; 58 44 59 - users.users.mou = { 60 - packages = with pkgs; [ 61 - modrinth-app 62 - r2modman 63 - superTuxKart 64 - ]; 65 - }; 45 + users.users.mou.packages = with pkgs; [ 46 + modrinth-app 47 + r2modman 48 + rpcs3 49 + superTuxKart 50 + ]; 66 51 }
-3
modules/gui.nix
··· 38 38 users.users.mou.packages = with pkgs; [ 39 39 anki-bin 40 40 foot 41 - keepassxc 42 - libsecret 43 - mpv 44 41 pavucontrol 45 42 thm 46 43 wl-clipboard
+2 -1
modules/im.nix
··· 1 1 { pkgs, ... }: 2 2 { 3 3 users.users.mou.packages = with pkgs; [ 4 + halloy 4 5 mumble 5 6 senpai 6 - signal-desktop-bin 7 + signal-desktop 7 8 ]; 8 9 }
-4
modules/libreoffice.nix
··· 1 - { pkgs, ... }: 2 - { 3 - users.users.mou.packages = with pkgs; [ libreoffice ]; 4 - }
+7
modules/media.nix
··· 1 + { pkgs, ... }: 2 + { 3 + users.users.mou.packages = with pkgs; [ 4 + jellyfin-desktop 5 + mpv 6 + ]; 7 + }
+7 -1
modules/packages/buildConfig/buildConfig.sh
··· 24 24 do SOPS_AGE_KEY_FILE=${SOPS_AGE_KEY_FILE:=/data/keys.txt} sops decrypt --in-place "$json" 25 25 done 26 26 27 - nixos-rebuild switch --flake "$temp_dir#$hostname" "$@" 27 + rebuild_type="" 28 + case "${1:-}" in 29 + switch) rebuild_type="switch"; shift 1;; 30 + boot) rebuild_type="boot"; shift 1;; 31 + esac 32 + 33 + nixos-rebuild "${rebuild_type:=switch}" --flake "$temp_dir#$hostname" "$@" 28 34 rm -r "$temp_dir"
+13 -3
modules/qbittorrent.nix
··· 86 86 Interface = "vpn"; 87 87 InterfaceName = "vpn"; 88 88 TorrentContentLayout = "Subfolder"; 89 + Preallocation = true; 90 + QueueingSystemEnabled = false; 91 + GlobalMaxInactiveSeedingMinutes = 43200; 92 + GlobalMaxSeedingMinutes = 43200; 93 + MaxUploads = 25; 94 + MaxUploadsPerTorrent = 25; 95 + ShareLimitAction = "RemoveWithContent"; # TODO: For some reason this gets overridden at start up 89 96 }; 90 97 Network.PortForwardingEnabled = false; 91 98 Preferences = { 92 - General.StatusbarExternalIPDisplayed = true; 99 + General = { 100 + DeleteTorrentsFilesAsDefault = true; 101 + StatusbarExternalIPDisplayed = true; 102 + }; 93 103 WebUI = { 94 104 LocalHostAuth = false; 95 105 AuthSubnetWhitelistEnabled = true; 96 106 AuthSubnetWhitelist = lib.strings.join ", " [ 97 - "192.168.2.1" 98 - (lib.optionalString (config.networking.hostName == "lily") config.garden.info.network.lutea.netbird-ip) 107 + "192.168.2.1/32" 108 + (lib.optionalString (config.networking.hostName == "lily") "${config.garden.info.network.lutea.netbird-ip}/32") 99 109 ]; 100 110 }; 101 111 };
+19 -3
modules/river.nix
··· 21 21 ''; 22 22 } 23 23 ); 24 - roc = roc-lang.packages.${prev.system}.default; 25 - roc-lang-server = roc-lang.packages.${prev.system}.lang-server; 24 + roc = roc-lang.packages.${prev.stdenv.hostPlatform.system}.default; 25 + roc-lang-server = roc-lang.packages.${prev.stdenv.hostPlatform.system}.lang-server; 26 + xdg-desktop-portal-wlr = prev.xdg-desktop-portal-wlr.overrideAttrs ( 27 + finalAttrs: prevAttrs: { 28 + version = "0.7.1"; 29 + 30 + src = prev.fetchFromGitHub { 31 + owner = "emersion"; 32 + repo = "xdg-desktop-portal-wlr"; 33 + rev = "v${finalAttrs.version}"; 34 + sha256 = "sha256-GIIDeZMIGUiZV0IUhcclRVThE5LKaqVc5VwnNT8beNU="; 35 + }; 36 + } 37 + ); 26 38 }) 27 39 ]; 28 40 ··· 57 69 swaylock 58 70 wlopm 59 71 wlsunset 72 + xrandr # Needed to set xwayland primary output 60 73 ]; 61 74 }; 62 75 ··· 78 91 }; 79 92 80 93 xdg.portal = { 81 - wlr.enable = true; 94 + wlr = { 95 + enable = true; 96 + settings.screencast.max_fps = 60; 97 + }; 82 98 extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; 83 99 config.river = { 84 100 default = lib.mkForce "gtk";
+8
modules/scx.nix
··· 1 + { ... }: 2 + { 3 + services.scx = { 4 + enable = true; 5 + scheduler = "scx_lavd"; 6 + extraArgs = [ "--performance" ]; 7 + }; 8 + }
+7
modules/secrets.nix
··· 1 + { pkgs, ... }: 2 + { 3 + users.users.mou.packages = with pkgs; [ 4 + keepassxc 5 + libsecret 6 + ]; 7 + }
+64
modules/services/arr.nix
··· 1 + { config, nixpkgs-unstable, ... }: 2 + { 3 + environment.persistence."/data/persistent".directories = [ 4 + # NOTE: Prowlarr isn't here since it uses /var/lib/private/prowlarr as its directory regardless and this directory 5 + # is already in nixos-impermanence 6 + { 7 + directory = "/var/lib/radarr"; 8 + mode = "0700"; 9 + user = config.services.radarr.user; 10 + group = config.services.radarr.group; 11 + } 12 + { 13 + directory = "/var/lib/sonarr"; 14 + mode = "0700"; 15 + user = config.services.sonarr.user; 16 + group = config.services.sonarr.group; 17 + } 18 + ]; 19 + 20 + sops = { 21 + secrets = { 22 + "prowlarr-apikey" = { }; 23 + "radarr-apikey" = { }; 24 + "sonarr-apikey" = { }; 25 + }; 26 + templates = { 27 + prowlarr-env.content = "PROWLARR__AUTH__APIKEY=${config.sops.placeholder."prowlarr-apikey"}"; 28 + radarr-env.content = "RADARR__AUTH__APIKEY=${config.sops.placeholder."radarr-apikey"}"; 29 + sonarr-env.content = "SONARR__AUTH__APIKEY=${config.sops.placeholder."sonarr-apikey"}"; 30 + }; 31 + }; 32 + 33 + # Help prevent from rebuilding chromium all the time 34 + nixpkgs.overlays = [ 35 + (final: prev: { inherit (nixpkgs-unstable.legacyPackages.${prev.stdenv.hostPlatform.system}) chromium; }) 36 + ]; 37 + 38 + networking.firewall.interfaces.${config.services.netbird.clients.homelab.interface}.allowedTCPPorts = [ 39 + config.services.prowlarr.settings.server.port 40 + config.services.radarr.settings.server.port 41 + config.services.sonarr.settings.server.port 42 + ]; 43 + 44 + services = { 45 + flaresolverr.enable = true; 46 + prowlarr = { 47 + enable = true; 48 + environmentFiles = [ config.sops.templates.prowlarr-env.path ]; 49 + settings.log.level = "info"; 50 + }; 51 + radarr = { 52 + enable = true; 53 + environmentFiles = [ config.sops.templates.radarr-env.path ]; 54 + settings.log.level = "info"; 55 + }; 56 + sonarr = { 57 + enable = true; 58 + environmentFiles = [ config.sops.templates.sonarr-env.path ]; 59 + settings.log.level = "info"; 60 + }; 61 + }; 62 + 63 + systemd.services.flaresolverr.serviceConfig.RestrictAddressFamilies = [ "~AF_INET6" ]; 64 + }
+7
modules/services/caddy/jellyfin.nix
··· 1 + { ... }: 2 + { 3 + services.caddy.virtualHosts."jellyfin.lilac.pink".extraConfig = '' 4 + encode 5 + reverse_proxy [::1]:8096 6 + ''; 7 + }
+35
modules/services/jellyfin.nix
··· 1 + { pkgs, ... }: 2 + { 3 + imports = [ ../unfree.nix ]; 4 + 5 + environment.persistence."/data/persistent".directories = [ 6 + { 7 + directory = "/var/cache/jellyfin"; 8 + mode = "0700"; 9 + user = "jellyfin"; 10 + group = "jellyfin"; 11 + } 12 + { 13 + directory = "/var/lib/jellyfin"; 14 + mode = "0700"; 15 + user = "jellyfin"; 16 + group = "jellyfin"; 17 + } 18 + ]; 19 + 20 + hardware.graphics = { 21 + enable = true; 22 + extraPackages = with pkgs; [ 23 + intel-compute-runtime 24 + intel-media-driver 25 + vpl-gpu-rt 26 + ]; 27 + }; 28 + 29 + users.users.jellyfin.extraGroups = [ 30 + "render" 31 + "video" 32 + ]; 33 + 34 + services.jellyfin.enable = true; 35 + }
+2 -1
modules/services/nextcloud.nix
··· 78 78 extraAppsEnable = false; 79 79 hostName = "cloud.lilac.pink"; 80 80 https = true; 81 - maxUploadSize = "1G"; 81 + maxUploadSize = "50G"; 82 82 notify_push = { 83 83 enable = true; 84 84 nextcloudUrl = "http://[::1]:8080"; ··· 110 110 }; 111 111 "simpleSignUpLink.shown" = false; 112 112 trusted_proxies = [ "::1" ]; 113 + "files.chunked_upload.max_size" = 2147483648; 113 114 }; 114 115 }; 115 116 };
+1
modules/services/openssh.nix
··· 8 8 9 9 services.openssh.settings.AllowUsers = [ 10 10 "mou@${config.garden.info.network.lutea.netbird-ip}" 11 + (lib.mkIf (config.networking.hostName == "lily") "mou@${config.garden.info.network.lutea.ipv6}") 11 12 (lib.mkIf (config.networking.hostName == "lily") "mou@${config.garden.info.network.lutea.ipv4-local}") 12 13 ]; 13 14 }
+11 -7
modules/services/tangled.nix
··· 4 4 5 5 environment.persistence."/data/persistent".directories = [ 6 6 { 7 - directory = "/var/lib/tangled"; 7 + directory = config.services.tangled.knot.stateDir; 8 8 mode = "0700"; 9 - user = config.services.tangled-knot.gitUser; 10 - group = config.services.tangled-knot.gitUser; 9 + user = config.services.tangled.knot.gitUser; 10 + group = config.services.tangled.knot.gitUser; 11 11 } 12 12 ]; 13 13 14 14 services.openssh = { 15 15 ports = [ 22 ]; 16 - settings.AllowUsers = [ "${config.services.tangled-knot.gitUser}" ]; 16 + settings.AllowUsers = [ "${config.services.tangled.knot.gitUser}" ]; 17 17 }; 18 18 19 19 networking.firewall.allowedTCPPorts = [ 22 ]; 20 20 21 - services.tangled-knot = { 21 + services.tangled.knot = { 22 22 enable = true; 23 23 openFirewall = false; 24 - stateDir = "/var/lib/tangled"; 25 - repo.scanPath = "/var/lib/tangled/repos"; 24 + stateDir = "/var/lib/tangled/knot"; 25 + repo.scanPath = "${config.services.tangled.knot.stateDir}/repos"; 26 + git = { 27 + userName = "knot.butwho.org"; 28 + userEmail = "noreply@butwho.org"; 29 + }; 26 30 server = { 27 31 hostname = "knot.butwho.org"; 28 32 owner = "did:plc:3sk3ef72ac36w44kvr3ki5q7"; # at://yemou.pink
+1 -20
modules/uni.nix
··· 1 - { pkgs, ... }: 2 - { 3 - garden.unfree = [ "Oracle_VirtualBox_Extension_Pack" ]; 4 - 5 - users.users.mou.extraGroups = [ "wireshark" ]; 6 - 7 - programs.wireshark = { 8 - enable = true; 9 - package = pkgs.wireshark; 10 - dumpcap.enable = true; 11 - usbmon.enable = true; 12 - }; 13 - 14 - virtualisation.virtualbox.host = { 15 - enable = true; 16 - enableExtensionPack = true; 17 - enableKvm = true; 18 - addNetworkInterface = false; 19 - }; 20 - } 1 + { ... }: { }
+1 -1
modules/vpn-container.nix
··· 18 18 internalInterfaces = [ "ve-vpn" ]; 19 19 externalInterface = 20 20 if (config.networking.hostName == "lutea") then 21 - "enp5s0" 21 + "enp7s0" 22 22 else if (config.networking.hostName == "lily") then 23 23 "enp0s31f6" 24 24 else
+7 -4
secrets/lily.yaml
··· 12 12 jwtSecret: ENC[AES256_GCM,data:Ueday7XtlsxHC+/Nbx5T+FWwXABvV8Z+M+6PEGpypQU=,iv:+7o5cjW+3Xi+LhiBLdijEHwXiEZ4UnYW9qmOejQzCsM=,tag:7Fic+08fBOam8+gakM6iEg==,type:str] 13 13 plcRotationKeyK256PrivateKeyHex: ENC[AES256_GCM,data:2tpAI5RGc2fz09KoOeMr9OVheo34zhttaiYwhQHVPKvRz9p/PLtSxnkSHdiKyeqPT046kgq0+GJphxATRDweGA==,iv:ETfC1h10k2QS9tCO2t0874UNw57kJIwECJp8AH0bWWI=,tag:Chd1nRVE75jakFL2Uw/frA==,type:str] 14 14 protonvpn-torrent: 15 - private-key: ENC[AES256_GCM,data:trGHNbt68+Io4gX73lFB/TIKhkspn30Gzv80PP5VZaZlCSXO79GO6XDJNh8=,iv:lqBJf9k/ZayXYynYIbUookM72sCwQwzLoPc//092/S0=,tag:kazt/mvUe9sXlbvqVmNjYA==,type:str] 16 - public-key: ENC[AES256_GCM,data:dtdaavrVu7u6skDHETewiIactzqFJLNfzjndzagPIuld890aheevdpbfyj8=,iv:zf+B9w7qZxhB0oSKCG/k0KIqZReJ/KmHiN3C8TXUvn0=,tag:McaVvqwWcSgcYdXHKRTHuw==,type:str] 15 + private-key: ENC[AES256_GCM,data:TH+OewaIzba5Ysyu0tHiS8LnftPB1dJt+BDvkgA7l0PnbBjPt4HCwib+Vjo=,iv:AGQ2S7Sjl6SD/SzsX8bv9yavlPOlgwxuR56VBovt5vE=,tag:pT/C5u81Ws0+DbO+ffW4SQ==,type:str] 16 + public-key: ENC[AES256_GCM,data:RIh3I7STHUx+N8sBSW9z1b1CTPIflDBNY4TqWRpNPAn9SJIB76UrVXVYzC4=,iv:QT4a+JHK6TN6BWQlv/d26Yx/fH+S3T9G8RnYgWCHlkY=,tag:YRqXSXCuDyfy71bczyfMjg==,type:str] 17 + radarr-apikey: ENC[AES256_GCM,data:7FLygsV20gXqnT/T7fxW8kajcDN6OiA/LIIrYUYx8y8=,iv:YreEg2rnm+ghAH3FiabqdRx7lYfZLO6uEhKqDAA4gA4=,tag:n/xCQAHF1b5a0lIfkfI3CQ==,type:str] 18 + sonarr-apikey: ENC[AES256_GCM,data:CTmGQN0k2iQknPOSxfyckBemY1Bp1SPLeHTuUBwxH6E=,iv:gtQ0hZQ+YKEYDEDOyQUG58xAxyjSHZU9CVanyh/1bL8=,tag:cRPIb9nUZYxvtFnoqAxwRQ==,type:str] 19 + prowlarr-apikey: ENC[AES256_GCM,data:w5pQjQed4qbqLWI4STNvqCi6p0VMy8LvzenPsKZRMmk=,iv:BbZGwTUjFh3XI47mUi3ctZhvQsqhD65HNiXJlrcTL0o=,tag:UWCn3Zy49AC0/O0nsAOLnw==,type:str] 17 20 sops: 18 21 age: 19 22 - recipient: age1amaa55e7nusv904a9ucfvtnjlw4srtet42suehey6u3yc4t2xc5sdldepj ··· 25 28 cHlWQjF3ZkU5NUs0Y1hodUlabkxpdzAK91EV34EhJMrxxdVrRCwZlGKuRs7AU7v3 26 29 dU8XRhjAzJs2Vu5UnCVOGB5Zl6w7FkXICYY0IP2dA0b477dI5rXNBg== 27 30 -----END AGE ENCRYPTED FILE----- 28 - lastmodified: "2025-10-25T02:25:30Z" 29 - mac: ENC[AES256_GCM,data:HHMLS2fp9oo4URY5D0BA/z1LRvF7tFzyURYOOkz22TuMSyJYPJdZ9JIWPGwvlI9DwvmPdggwuOxSK7Xit6EK6wIgYUQ33k1WaOmElXqp3BaTtPkvL5sgMgL7+sYAocfZnE03hXvHQ/LBHpa+/PuO4p2EQRMphkJmV6rWShJMpZ8=,iv:ud9d1iJBI3EJAe8NDqe1RhoFxxr3ZgDl1flLX5iLUqw=,tag:vDtsrnFjh2JdJ3c2O5brSw==,type:str] 31 + lastmodified: "2025-12-07T06:49:15Z" 32 + mac: ENC[AES256_GCM,data:ptj1uTNOu6g1VykpoeoltS0L6di8dVvVzXeIY7LEvCvqo+u74DlGQXJPvpVZPif3t9tHg65aqJShQeu461AMZBbCDOzImTMY23KABpBCaXvN8C+krTynPMan3C1fHrJmHFOXXFBT4V5ecdowopIdybUsoJ3H18jPZ629VngPgjE=,iv:q9+6Aa6LYg3TeRZZf0kRr3ssNB2igMhLg6MweDbQv3A=,tag:Lb7E/RT/tPJE1TyQf6dnyA==,type:str] 30 33 unencrypted_suffix: _unencrypted 31 34 version: 3.11.0
+6 -2
secrets/lutea.yaml
··· 5 5 protonvpn-torrent: 6 6 private-key: ENC[AES256_GCM,data:RrXsojuB1y2cFD8yHWvK6NxoANfwPrRA0m+AL/5tmwcLtSWWgxoirucx7M8=,iv:GKUz7QIWeTZmN5G7nFHsn68rJNpG+hqPDL+JNUqLJGA=,tag:lJACT6FYjQEXQylsTd3OTA==,type:str] 7 7 public-key: ENC[AES256_GCM,data:nXscOyxUTkXQN/fuHn6FxmAiNDXANBv2UPBOhiknGYN3xH9HK68psdS/yNA=,iv:5OEd8qo1ITTgyOGL1zCjk7ard2mO9k5BXuabZ8GDyfI=,tag:2oUui7PS2R5tFfhmRoazvQ==,type:str] 8 + rclone-nextcloud: 9 + url: ENC[AES256_GCM,data:rKYE/vwUHXCDXvYBP2DLPS7Ua83FOY3Pajas7/ue2Gzag9ALvT4+Bl/WUeBl0K+kbiWy,iv:JupnQYmT0mWuJ5DP5HH77CCfJ7JGB7vzs84ZyM4OAFE=,tag:x6bRgrN8e1LHVEMI40hveg==,type:str] 10 + user: ENC[AES256_GCM,data:hGfcQ14=,iv:GA9zY8QmNYuj/DRPEWl4OWxY8IQ9bw+OzZg/j9JcnXc=,tag:0grJZ75HbsRpeOTlPjzFbg==,type:str] 11 + password: ENC[AES256_GCM,data:AP6JhAreTu7hORjZR5qFcO+3GQAZMIj+OZposHX8CYbFqFGHpQiC5GvVsQBmWffx8vYg3x+3qsyia6me,iv:TVei1Xpn52fq+rBr5hKpHCFstJowqabLrlOw/jiRUd0=,tag:Imm+2C2gmlMjZJXqnxropg==,type:str] 8 12 sops: 9 13 age: 10 14 - recipient: age1p55em5e3uk3fprj2mpum7ulrslcqgly63pjsyw2yv6hx99trdsnsvvv9ex ··· 16 20 ZWI2RWEwZllOUDRYV2tCNXZnZFpBS1kKYktM+w+tQbJMcmZBUpuKpeiioChqrWzd 17 21 FU4qWfJw3tEZKdTWECGYaQuCUQm7s+PJBc1HQlxd+eFm8YZMPwoa/Q== 18 22 -----END AGE ENCRYPTED FILE----- 19 - lastmodified: "2025-11-06T18:18:05Z" 20 - mac: ENC[AES256_GCM,data:UVTm4DIK+qN+VpmoDYMOPAEunSu7r7i/qP42lbxS7157Tjt1g5+jziS5s5Jmyvu4XZ+zIKcOorfm5/18XbIYLSQJdSKKNbCh6vahSqOSludzXv89evTJx8gyw9W2uDLEpRYWWSl+llqsf6PkTaIfut4+6XqDWHUl6+cJAAvMNRM=,iv:JKD2RW0i1hLgekPXPAT8YlFxkietNN6DilKLCo6ilUI=,tag:7Oma9whDvpV+wwucAwqydw==,type:str] 23 + lastmodified: "2025-12-02T07:06:57Z" 24 + mac: ENC[AES256_GCM,data:7pymCS0iXDcCgkYNd15K7n0bfgX+DgGO81bAAHNciIAsuk2mxzBc4+pBbeBjoo5X8Pgrinhj26Od3xRJ+RpCqM20dYOkHqnBZ8KbX3Q3ZxnRJ2yACeMuTQHbnHNrWrHL0ZwqB7Rq6CYDrrpVyy/LdGZORu+vFaLQPK1GQKmozPM=,iv:YNtrhULRWU3SiNhndci04R7u13ZomTIl4MXQuu+8LXo=,tag:okZ7bSWlZYPaHl03Ynlfjg==,type:str] 21 25 unencrypted_suffix: _unencrypted 22 26 version: 3.11.0