Compare commits

..

137 commits

Author SHA1 Message Date
Antoine Martin e13a9125d8 thanatos: add Nix runner 2024-11-20 13:37:38 +01:00
Antoine Martin c88a7c2475 thanatos: setup gitlab-runner 2024-11-20 11:17:24 +01:00
Antoine Martin 92174a888f home: tridactyl: add ignore for teams 2024-11-19 16:49:23 +01:00
Antoine Martin 3b309371cd boreal: disable X11 SSH forwarding 2024-11-18 14:52:14 +01:00
Antoine Martin cf336faa2d base: gui: add chrysalis globally 2024-11-18 14:52:14 +01:00
Antoine Martin 4a318041de ci: try to improve disk space 2024-11-18 12:54:27 +01:00
Antoine Martin 8f88dc7a38 pkgs: spot: bump to 2.12.1 2024-11-18 12:16:35 +01:00
Antoine Martin e7c8757962 ci: bump cachix actions 2024-11-18 12:13:46 +01:00
Antoine Martin 259c930098 talos: restart sway setup 2024-11-18 12:12:06 +01:00
Antoine Martin a7204f7cf4 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
  → 'github:NixOS/nixos-hardware/672ac2ac86f7dff2f6f3406405bddecf960e0db6' (2024-11-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12)
  → 'github:NixOS/nixpkgs/e8c38b73aeb218e27163376a2d617e61a2ad9b59' (2024-11-16)
2024-11-18 12:01:10 +01:00
Antoine Martin cd6295ff6b ci: use flake devshell to check formatting
This should fix the alejandra version mismatch failures
2024-11-18 12:00:57 +01:00
Antoine Martin 18dcb10313 flake: remove old commented out line 2024-11-15 14:28:39 +01:00
Antoine Martin 9d05ec3f40 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06)
  → 'github:NixOS/nixos-hardware/f6581f1c3b137086e42a08a906bdada63045f991' (2024-11-12)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06)
  → 'github:NixOS/nixpkgs/689fed12a013f56d4c4d3f612489634267d86529' (2024-11-12)
2024-11-15 13:40:24 +01:00
Antoine Martin 4e91ecee7b talos: switch back to default sddm setup 2024-11-08 17:48:30 +01:00
Antoine Martin 36f51a94c2 modules: sddm: switch to catppuccin theme 2024-11-08 17:23:32 +01:00
Antoine Martin 1daa246ecd modules: sddm: enable wayland by default 2024-11-08 17:23:02 +01:00
Antoine Martin 954fd0f8dc flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29)
  → 'github:NixOS/nixos-hardware/e1cc1f6483393634aee94514186d21a4871e78d7' (2024-11-06)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28)
  → 'github:NixOS/nixpkgs/dba414932936fde69f0606b4f1d87c5bc0003ede' (2024-11-06)
2024-11-08 17:01:34 +01:00
Antoine Martin 4ebe512e27 boreal: nvidia driver changes
Use the open source driver, and enable modesetting (a requirement for
wayland)
2024-11-07 15:20:15 +01:00
Antoine Martin 8e6ecd3b62 boreal: disable unused wakeonlan
it sometimes errors out if interface isn't up anyway
2024-11-07 15:19:13 +01:00
Antoine Martin 632f7a19bb boreal: fix i3 disappearing from login manager
hadn't updated the desktop in a while
2024-11-06 12:57:29 +01:00
Antoine Martin 0088a8f7e0 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24)
  → 'github:NixOS/nixos-hardware/07d15e8990d5d86a631641b4c429bc0a7400cfb8' (2024-10-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26)
  → 'github:NixOS/nixpkgs/64b80bfb316b57cdb8919a9110ef63393d74382a' (2024-10-28)
2024-10-30 14:55:58 +01:00
Antoine Martin 8dae794e11 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21)
  → 'github:NixOS/nixos-hardware/e8a2f6d5513fe7b7d15701b2d05404ffdc3b6dda' (2024-10-24)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a9b86fc2290b69375c5542b622088eb6eca2a7c3' (2024-10-19)
  → 'github:NixOS/nixpkgs/cd3e8833d70618c4eea8df06f95b364b016d4950' (2024-10-26)
2024-10-27 17:45:09 +01:00
Antoine Martin e12f7feefc talos: enable v4l2 virtual camera module 2024-10-27 17:37:31 +01:00
Antoine Martin 2776dce09c talos: bump kernel to 6.11 2024-10-27 17:35:38 +01:00
Antoine Martin 5c72051f71 flake: upgrade lix to 2.91.1 2024-10-25 15:00:32 +02:00
Antoine Martin 096dadc821 services: immich: increase upload max size 2024-10-25 14:31:51 +02:00
Antoine Martin 6fa6efc8bb services: mealie: use unstable module 2024-10-21 16:56:09 +02:00
Antoine Martin 5835387f06 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/bf3faad723ca984fc4ea95c1cee1d975a8ca2a28' (2024-06-07)
  → 'github:NixOS/nixpkgs/a5e6a9e979367ee14f65d9c38119c30272f8455f' (2024-10-21)
2024-10-21 14:12:45 +02:00
Antoine Martin eef9ae1ba5 services: mealie: format 2024-10-21 14:07:40 +02:00
Antoine Martin 7dd83a2501 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
  → 'github:NixOS/nixos-hardware/cc2d3c0e060f981905d52337340ee6ec8b8eb037' (2024-10-21)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07)
  → 'github:NixOS/nixpkgs/a9b86fc2290b69375c5542b622088eb6eca2a7c3' (2024-10-19)
2024-10-21 13:38:02 +02:00
Antoine Martin 7ebd52c578 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
  → 'github:NixOS/nixos-hardware/ecfcd787f373f43307d764762e139a7cdeb9c22b' (2024-10-07)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed' (2024-09-28)
  → 'github:NixOS/nixpkgs/1bfbbbe5bbf888d675397c66bfdb275d0b99361c' (2024-10-07)
2024-10-09 14:48:37 +02:00
Antoine Martin c39768bfbc flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/208df2e558b73b6a1f0faec98493cb59a25f62ba' (2024-09-07)
  → 'github:nix-community/home-manager/2f23fa308a7c067e52dfcc30a0758f47043ec176' (2024-09-22)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/b9ab7e57c5d1d456cdeef252d345f3bca9c55851' (2024-09-16)
  → 'github:NixOS/nixos-hardware/11c43c830e533dad1be527ecce379fcf994fbbb5' (2024-09-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49' (2024-09-14)
  → 'github:NixOS/nixpkgs/fbca5e745367ae7632731639de5c21f29c8744ed' (2024-09-28)
2024-09-30 14:26:10 +02:00
Antoine Martin fdc9ea7c03 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
  → 'github:NixOS/nixos-hardware/b9ab7e57c5d1d456cdeef252d345f3bca9c55851' (2024-09-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9' (2024-09-08)
  → 'github:NixOS/nixpkgs/8f7492cce28977fbf8bd12c72af08b1f6c7c3e49' (2024-09-14)
2024-09-16 11:48:35 +02:00
Antoine Martin d6b7ff5419 home: fish: update nfl alias 2024-09-16 11:47:29 +02:00
Antoine Martin 714938ef60 flake: add lix to configuration 2024-09-16 11:45:49 +02:00
Antoine Martin 8f0fd28934 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
  → 'github:nix-community/home-manager/208df2e558b73b6a1f0faec98493cb59a25f62ba' (2024-09-07)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28)
  → 'github:NixOS/nixos-hardware/166dee4f88a7e3ba1b7a243edb1aca822f00680e' (2024-09-09)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30)
  → 'github:NixOS/nixpkgs/f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9' (2024-09-08)
2024-09-10 14:21:02 +02:00
Antoine Martin 6224155e9c pkgs: remove ansel
It's in NixOS 24.05!
2024-09-02 19:04:59 +02:00
Antoine Martin 0b5f4c1dbe flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
  → 'github:NixOS/nixos-hardware/95c3dfe6ef2e96ddc1ccdd7194e3cda02ca9a8ef' (2024-08-28)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a731b45590a5169542990c36ffcde6cebd9a3356' (2024-08-11)
  → 'github:NixOS/nixpkgs/6e99f2a27d600612004fbd2c3282d614bfee6421' (2024-08-30)
2024-09-02 18:52:25 +02:00
Antoine Martin fbe837f191 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30)
  → 'github:NixOS/nixos-hardware/c54cf53e022b0b3c1d3b8207aa0f9b194c24f0cf' (2024-08-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8b5b6723aca5a51edf075936439d9cd3947b7b2c' (2024-08-04)
  → 'github:NixOS/nixpkgs/a731b45590a5169542990c36ffcde6cebd9a3356' (2024-08-11)
2024-08-13 16:14:17 +02:00
Antoine Martin 596b022018 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27)
  → 'github:NixOS/nixpkgs/8b5b6723aca5a51edf075936439d9cd3947b7b2c' (2024-08-04)
2024-08-05 21:49:11 +02:00
Antoine Martin aba4f6a7f9 talos: switch to 6.10 kernel 2024-07-30 16:35:04 +02:00
Antoine Martin 2a26eb16e2 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19)
  → 'github:NixOS/nixos-hardware/14c333162ba53c02853add87a0000cbd7aa230c2' (2024-07-30)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a' (2024-07-21)
  → 'github:NixOS/nixpkgs/8c50662509100d53229d4be607f1a3a31157fa12' (2024-07-27)
2024-07-30 15:53:47 +02:00
Antoine Martin d4c1334731 flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11)
  → 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11)
  → 'github:NixOS/nixpkgs/63d37ccd2d178d54e7fb691d7ec76000740ea24a' (2024-07-21)
2024-07-22 20:03:54 +02:00
Antoine Martin 3d5ad2420c flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01)
  → 'github:nix-community/home-manager/e1391fb22e18a36f57e6999c7a9f966dc80ac073' (2024-07-03)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29)
  → 'github:NixOS/nixos-hardware/c5013aa7ce2c7ec90acee5d965d950c8348db751' (2024-07-11)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30)
  → 'github:NixOS/nixpkgs/a046c1202e11b62cbede5385ba64908feb7bfac4' (2024-07-11)
2024-07-12 13:24:19 +02:00
Antoine Martin 639303c2bf services: mealie: switch to unstable 2024-07-05 18:08:16 +02:00
Antoine Martin 0ed148eb66 services: mealie: use postgres 2024-07-03 21:29:29 +02:00
Antoine Martin 93b6c20e41 services: mealie: don't allow signups 2024-07-03 21:16:59 +02:00
Antoine Martin 4f3e655072 acme: switch to OVH API 2024-07-03 21:08:56 +02:00
Antoine Martin 4357075394 services: bump max body size for photo services 2024-07-03 20:51:17 +02:00
Antoine Martin 78907fe130 hades: enable mealie 2024-07-03 20:39:24 +02:00
Antoine Martin dedbbed14b services: add mealie 2024-07-03 20:27:35 +02:00
Antoine Martin 59f24701a3 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
  → 'github:nix-community/home-manager/391ca6e950c2525b4f853cbe29922452c14eda82' (2024-07-01)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/c3e48cbd88414f583ff08804eb57b0da4c194f9e' (2024-06-23)
  → 'github:NixOS/nixos-hardware/a59f00f5ac65b19382617ba00f360f8bc07ed3ac' (2024-06-29)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23)
  → 'github:NixOS/nixpkgs/7dca15289a1c2990efbe4680f0923ce14139b042' (2024-06-30)
2024-07-01 15:59:07 +02:00
Antoine Martin b83f110fa7 talos: virtualbox things 2024-06-28 22:26:34 +02:00
Antoine Martin f3356d17da flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
  → 'github:NixOS/nixos-hardware/c3e48cbd88414f583ff08804eb57b0da4c194f9e' (2024-06-23)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
  → 'github:NixOS/nixpkgs/e4509b3a560c87a8d4cb6f9992b8915abf9e36d8' (2024-06-23)
2024-06-24 15:09:23 +02:00
Antoine Martin 9941433a8d talos: disable amdgpu 2024-06-20 18:51:07 +02:00
Antoine Martin 505e16bc0c flake.lock: Update
Flake lock file updates:

• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/8251761f93d6f5b91cee45ac09edb6e382641009' (2024-05-29)
  → 'github:NixOS/nixos-hardware/083823b7904e43a4fc1c7229781417e875359a42' (2024-06-20)
2024-06-20 18:44:02 +02:00
Antoine Martin 77e3d8a0f8 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
  → 'github:nix-community/home-manager/a1fddf0967c33754271761d91a3d921772b30d0e' (2024-06-16)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
  → 'github:NixOS/nixpkgs/938aa157bbd6e3c6fd7dcb77998b1f92c2ad1631' (2024-06-18)
2024-06-20 18:39:23 +02:00
Antoine Martin ffb3f7c128 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05)
  → 'github:NixOS/nixpkgs/cc54fb41d13736e92229c21627ea4f22199fee6b' (2024-06-12)
2024-06-14 12:12:29 +02:00
Antoine Martin acad12b95a flake: add backup extension to home-manager 2024-06-07 16:40:37 +02:00
Antoine Martin f278b7a5c5 talos: bump linux kernel 2024-06-07 16:37:32 +02:00
Antoine Martin 9dedcc4ced flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/a631666f5ec18271e86a5cde998cba68c33d9ac6' (2024-05-26)
  → 'github:nix-community/home-manager/845a5c4c073f74105022533907703441e0464bc3' (2024-06-04)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1' (2024-06-01)
  → 'github:NixOS/nixpkgs/0b8e7a1ae5a94da2e1ee3f3030a32020f6254105' (2024-06-05)
2024-06-07 16:34:29 +02:00
Antoine Martin 6c2c9f1869 services: paperless: switch to new settings 2024-06-07 16:19:20 +02:00
Antoine Martin 6a0f69e5c1 services: nextcloud: switch to new settings 2024-06-07 16:18:42 +02:00
Antoine Martin b6b246f6f4 boreal: use new option syntax for supported FS 2024-06-07 15:54:35 +02:00
Antoine Martin 36ff0da789 hephaestus: phase out host 2024-06-07 15:51:01 +02:00
Antoine Martin 87435ca138 flake: remove nix-path module, obsolete in 24.05 2024-06-07 15:45:48 +02:00
Antoine Martin a3926692d4 talos: framework-tool is added by nixos-hardware 2024-06-07 15:35:17 +02:00
Antoine Martin b8bb582c14 talos: use unstable for zed 2024-06-07 15:34:58 +02:00
Antoine Martin 6a4b7790fd flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/1f1bda965c8e6e19d7656caf4821632b7e77d317' (2024-05-29)
  → 'github:NixOS/nixpkgs/bf3faad723ca984fc4ea95c1cee1d975a8ca2a28' (2024-06-07)
2024-06-07 15:32:24 +02:00
Antoine Martin f80fcd4a55 talos: try out zed 2024-06-07 09:49:57 +02:00
Antoine Martin 6b7f821e7d talos: switch to Plasma 6 2024-06-04 16:53:37 +02:00
Antoine Martin 19dcc7ea01 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8' (2024-05-30)
  → 'github:NixOS/nixpkgs/b3b2b28c1daa04fe2ae47c21bb76fd226eac4ca1' (2024-06-01)
2024-06-04 15:00:28 +02:00
Antoine Martin 29a0fa6a25 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/fafeae3d248c41c6c8a2ab5e09f9e2d3de706ef8' (2024-05-29)
  → 'github:NixOS/nixpkgs/d24e7fdcfaecdca496ddd426cae98c9e2d12dfe8' (2024-05-30)
2024-05-31 16:16:21 +02:00
Antoine Martin b7dc2ce532 flake.lock: Update
Flake lock file updates:

• Updated input 'agenix':
    'github:ryantm/agenix/8cb01a0e717311680e0cbca06a76cbceba6f3ed6' (2024-02-13)
  → 'github:ryantm/agenix/c2fc0762bbe8feb06a2e59a364fa81b3a57671c9' (2024-05-24)
• Updated input 'disko':
    'github:nix-community/disko/611c9ea53250f7bb22286b3d26872280a0e608f9' (2024-04-01)
  → 'github:nix-community/disko/8ea5bcccc03111bdedaeaae9380dfab61e9deb33' (2024-05-30)
• Updated input 'disko/nixpkgs':
    'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
  → 'github:NixOS/nixpkgs/4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4' (2024-05-28)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/9a763a7acc4cfbb8603bb0231fec3eda864f81c0' (2024-03-25)
  → 'github:NixOS/nixos-hardware/8251761f93d6f5b91cee45ac09edb6e382641009' (2024-05-29)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c' (2024-04-01)
  → 'github:NixOS/nixpkgs/1f1bda965c8e6e19d7656caf4821632b7e77d317' (2024-05-29)
2024-05-30 13:08:30 +02:00
Antoine Martin 3225652d57 adapt xserver options 2024-05-30 01:56:11 +02:00
Antoine Martin 0438a91039 adapt displayManager options 2024-05-30 01:56:11 +02:00
Antoine Martin 8bfdb62a52 base: update pinentry option 2024-05-30 01:56:11 +02:00
Antoine Martin db03c81eeb flake: bump NixOS to 24.05 2024-05-30 01:56:02 +02:00
Antoine Martin da83517ab0 home: hide ignore mode in tridactyl 2024-05-30 01:32:49 +02:00
Antoine Martin b89709199e services: nextcloud: bump to 29 2024-05-26 23:56:00 +02:00
Antoine Martin 4bc82f655d services: nextcloud: bump to 28 2024-05-26 23:44:27 +02:00
Antoine Martin d98e2611c5 hades: switch from gitea to forgejo 2024-05-26 22:51:48 +02:00
Antoine Martin d75eb9d028 services: forgejo: show version in footer 2024-05-26 22:48:08 +02:00
Antoine Martin 1059d52334 services: forgejo: use new appName setting 2024-05-26 22:47:55 +02:00
Antoine Martin a4a025b939 forgejo: use user name for stateDir 2024-05-26 22:19:06 +02:00
Antoine Martin 443b76f235 services: forgejo: init 2024-05-26 21:38:21 +02:00
Antoine Martin 298dd249f5 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/71bae31b7dbc335528ca7e96f479ec93462323ff' (2024-05-11)
  → 'github:NixOS/nixpkgs/46397778ef1f73414b03ed553a3368f0e7e33c2f' (2024-05-22)
2024-05-24 16:25:06 +02:00
Antoine Martin e7f29e5f17 pkgs: spot: bump to 2.12 2024-05-24 16:24:48 +02:00
Antoine Martin 0274ad73e0 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25)
  → 'github:nix-community/home-manager/ab5542e9dbd13d0100f8baae2bc2d68af901f4b4' (2024-05-10)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/0638fe2715d998fa81d173aad264eb671ce2ebc1' (2024-05-01)
  → 'github:NixOS/nixpkgs/71bae31b7dbc335528ca7e96f479ec93462323ff' (2024-05-11)
2024-05-13 01:03:32 +02:00
Antoine Martin b12753161b flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06)
  → 'github:nix-community/home-manager/86853e31dc1b62c6eeed11c667e8cdd0285d4411' (2024-04-25)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21)
  → 'github:NixOS/nixpkgs/0638fe2715d998fa81d173aad264eb671ce2ebc1' (2024-05-01)
2024-05-02 14:20:53 +02:00
Antoine Martin 0bb8be31a1 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15)
  → 'github:NixOS/nixpkgs/a5e4bbcb4780c63c79c87d29ea409abf097de3f7' (2024-04-21)
2024-04-22 17:05:44 +02:00
Antoine Martin 279fecb93b talos: set default sddm session 2024-04-16 19:38:44 +02:00
Antoine Martin f794c86483 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
  → 'github:NixOS/nixpkgs/53a2c32bc66f5ae41a28d7a9a49d321172af621e' (2024-04-15)
2024-04-16 17:25:48 +02:00
Antoine Martin 4307b6d9a8 talos: switch to Linux 6.8 2024-04-12 10:47:50 +02:00
Antoine Martin 3b942d0625 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
  → 'github:nix-community/home-manager/d6bb9f934f2870e5cbc5b94c79e9db22246141ff' (2024-04-06)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/219951b495fc2eac67b1456824cc1ec1fd2ee659' (2024-03-28)
  → 'github:NixOS/nixpkgs/e38d7cb66ea4f7a0eb6681920615dfcc30fc2920' (2024-04-06)
2024-04-08 10:25:21 +02:00
Antoine Martin 2e93dc6f77 hades: disable photoprism 2024-04-03 17:38:13 +02:00
Antoine Martin 9967ba273c flake.lock: Update
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/bde7dd352c07d43bd5b8245e6c39074a391fdd46' (2024-03-01)
  → 'github:nix-community/disko/611c9ea53250f7bb22286b3d26872280a0e608f9' (2024-04-01)
• Updated input 'disko/nixpkgs':
    'github:NixOS/nixpkgs/9a9dae8f6319600fa9aebde37f340975cab4b8c0' (2024-02-24)
  → 'github:NixOS/nixpkgs/807c549feabce7eddbf259dbdcec9e0600a0660d' (2024-03-29)
• Updated input 'flake-utils':
    'github:numtide/flake-utils/d465f4819400de7c8d874d50b982301f28a84605' (2024-02-28)
  → 'github:numtide/flake-utils/b1d9ab70662946ef0850d488da1c9019f3a9752a' (2024-03-11)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/59e37017b9ed31dee303dbbd4531c594df95cfbc' (2024-03-02)
  → 'github:NixOS/nixos-hardware/9a763a7acc4cfbb8603bb0231fec3eda864f81c0' (2024-03-25)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26)
  → 'github:NixOS/nixpkgs/219951b495fc2eac67b1456824cc1ec1fd2ee659' (2024-03-28)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/b8698cd8d62c42cf3e2b3a95224c57173b73e494' (2024-03-02)
  → 'github:NixOS/nixpkgs/8bea75f6bdceecb9a349e7425ae2ca5c91c01b9c' (2024-04-01)
2024-04-01 22:30:54 +02:00
Antoine Martin 0dd641b580 flake.lock: Update
Flake lock file updates:

• Updated input 'home-manager':
    'github:nix-community/home-manager/652fda4ca6dafeb090943422c34ae9145787af37' (2024-02-03)
  → 'github:nix-community/home-manager/f33900124c23c4eca5831b9b5eb32ea5894375ce' (2024-03-19)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17)
  → 'github:NixOS/nixpkgs/44733514b72e732bd49f5511bd0203dea9b9a434' (2024-03-26)
2024-03-27 18:07:20 +01:00
Antoine Martin 24f78a96c3 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/51063ed4f2343a59fdeebb279bb81d87d453942b' (2024-03-12)
  → 'github:NixOS/nixpkgs/614b4613980a522ba49f0d194531beddbb7220d3' (2024-03-17)
2024-03-19 18:05:55 +01:00
Antoine Martin b6d7aae971 talos: don't need virtualisation right now 2024-03-14 11:49:27 +01:00
Antoine Martin 8c86cafd96 flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/b94a96839afcc56de3551aa7472b8d9a3e77e05d' (2024-03-09)
  → 'github:NixOS/nixpkgs/51063ed4f2343a59fdeebb279bb81d87d453942b' (2024-03-12)
2024-03-14 11:39:36 +01:00
Antoine Martin 9243f630de talos: fix disko-config 2024-03-14 02:34:36 +01:00
Antoine Martin 752362fc8b talos: make room in partition table 2024-03-13 14:37:40 +01:00
Antoine Martin 9f7ed34392 talos: add framework-tool to packages 2024-03-11 19:45:30 +01:00
Antoine Martin db4ed090c0 todo: add todo file for long term planning 2024-03-11 17:23:34 +01:00
Antoine Martin 9d50cbd67b flake.lock: Update
Flake lock file updates:

• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/79baff8812a0d68e24a836df0a364c678089e2c7' (2024-03-01)
  → 'github:NixOS/nixpkgs/b94a96839afcc56de3551aa7472b8d9a3e77e05d' (2024-03-09)
2024-03-11 17:23:34 +01:00
Antoine Martin 4a8f736cdb hephaestus: switch to latest kernel LTS 2024-03-08 21:40:47 +01:00
Antoine Martin d660110cec hephaestus: re-enable i3wm 2024-03-08 21:40:08 +01:00
Antoine Martin e84c66e812 flake: add unstable nixpkgs to registry 2024-03-07 00:13:30 +01:00
Antoine Martin 9e98e96c31 services: restic: tone down the verbosity 2024-03-05 05:19:57 +01:00
Antoine Martin 6c32b3f262 base: enable cups for GUI hosts 2024-03-05 05:08:09 +01:00
Antoine Martin cd715f1a03 talos: setup restic backups 2024-03-05 05:07:46 +01:00
Antoine Martin 7be4514da3 emacs: use Pure GTK build 2024-03-04 22:43:28 +01:00
Antoine Martin 95c116c2e8 flake: disable power-profiles-daemon override
It seems to conflict with some KDE settings UI, let's revisit when I got
rid of Plasma
2024-03-04 19:56:08 +01:00
Antoine Martin 4985d670bb flake: avoid one evaluation of nixpkgs 2024-03-04 19:35:15 +01:00
Antoine Martin 226e726551 home: move lorri file to direnv 2024-03-04 19:21:50 +01:00
Antoine Martin f18238cd5c talos: remove unneeded stuff from home packages 2024-03-04 18:53:50 +01:00
Antoine Martin a8e243365e base: place arandr in gui programs 2024-03-04 18:53:00 +01:00
Antoine Martin 847b50a841 flake: add alejandra to devShell 2024-03-04 16:32:56 +01:00
Antoine Martin 3e23486ecb talos: explicitely enable wifi powersave
this way I know what to toggle if I want to switch it off in the future
2024-03-04 16:32:56 +01:00
Antoine Martin 3d10eef3ac flake: override power-profiles-daemon
0.20 from unstable brings a lot of improvements over 0.13 from 23.11 for
newer AMD laptops
2024-03-04 16:05:01 +01:00
Antoine Martin 2ec0602006 talos: set Wi-Fi regulatory domain 2024-03-04 16:04:50 +01:00
Antoine Martin 6e8253fd89 talos: switch to kernel 6.7 2024-03-04 14:23:27 +01:00
Antoine Martin c47c084a55 base: remove unused programs 2024-03-03 04:11:59 +01:00
Antoine Martin 47e47488bc talos: remove darktable 2024-03-03 04:02:31 +01:00
Antoine Martin 8b7ae65494 base: remove dodgy networkmanager script 2024-03-03 03:29:14 +01:00
Antoine Martin bb0ea0a5c8 talos: dconf already enabled globally 2024-03-03 03:29:01 +01:00
Antoine Martin 2b77681552 home: don't enable i3 by default 2024-03-03 03:03:03 +01:00
Antoine Martin 69674b104e base: remove firefox
it's installed from home-manager anyway
2024-03-03 03:02:09 +01:00
Antoine Martin 524e575975 base: remove a few programs from list 2024-03-03 02:58:38 +01:00
Antoine Martin cafcdc89d7 base: remove unneeded discord override 2024-03-03 02:58:06 +01:00
Antoine Martin fad2af4451 talos: install various home software 2024-03-03 02:44:38 +01:00
Antoine Martin 33aca9d297 home: don't hardcode stateversion 2024-03-03 02:42:30 +01:00
Antoine Martin 92d370a10a flake: bump all inputs 2024-03-03 02:01:42 +01:00
Antoine Martin 4a8dee38f8 ci: add talos to hosts 2024-03-03 02:01:20 +01:00
Antoine Martin 09ed731496 hosts: add talos 2024-03-03 02:01:20 +01:00
Antoine Martin b18652a73d home: tridactyl: disable redirection to old reddit 2024-02-29 16:34:22 +01:00
52 changed files with 770 additions and 813 deletions

View file

@ -15,10 +15,10 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25 - uses: cachix/install-nix-action@v27
- name: Run alejandra - name: Run alejandra
run: nix run nixpkgs#alejandra -- --check . run: nix develop --command alejandra --check .
flake-check: flake-check:
name: Flake check name: Flake check
@ -26,9 +26,9 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25 - uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14 - uses: cachix/cachix-action@v15
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
@ -46,7 +46,6 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
name: name:
- ansel
- grafanaDashboards/nginx - grafanaDashboards/nginx
- grafanaDashboards/node-exporter - grafanaDashboards/node-exporter
- kaleidoscope-udev-rules - kaleidoscope-udev-rules
@ -56,9 +55,9 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25 - uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14 - uses: cachix/cachix-action@v15
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
@ -78,15 +77,18 @@ jobs:
name: name:
- boreal - boreal
- hades - hades
- hephaestus - talos
- thanatos - thanatos
steps: steps:
- name: Delete huge unnecessary tools folder
run: rm -rf /opt/hostedtoolcache
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v25 - uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v14 - uses: cachix/cachix-action@v15
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

View file

@ -23,35 +23,47 @@ in {
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryFlavor = "qt"; pinentryPackage = pkgs.pinentry-qt;
}; };
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
windowManager.i3.enable = true; # NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
xkb = { xkb = {
layout = "fr"; layout = "fr";
variant = "us"; variant = "us";
}; };
libinput = { };
enable = true;
touchpad = { libinput = {
naturalScrolling = true; enable = true;
}; touchpad = {
naturalScrolling = true;
}; };
}; };
logind.lidSwitch = "ignore"; logind.lidSwitch = "ignore";
printing = {
enable = true;
cups-pdf.enable = true;
};
udev.packages = [pkgs.chrysalis];
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit inherit
(pkgs) (pkgs)
arandr
chrysalis chrysalis
evince discord
feh feh
firefox
ffmpeg ffmpeg
gimp-with-plugins gimp-with-plugins
imagemagick imagemagick
@ -66,58 +78,10 @@ in {
zathura zathura
; ;
inherit (pkgs.gnome) nautilus;
inherit (pkgs.libsForQt5) okular; inherit (pkgs.libsForQt5) okular;
discord = pkgs.discord.override {nss = pkgs.nss_latest;};
}; };
networking.networkmanager = { networking.networkmanager.enable = true;
enable = true;
dispatcherScripts = [
{
source = let
grep = "${pkgs.gnugrep}/bin/grep";
nmcli = "${pkgs.networkmanager}/bin/nmcli";
in
pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C
date >> /tmp/disable_wifi_on_ethernet.log
echo START "$@" >> /tmp/disable_wifi_on_ethernet.log
beginswith() { case $2 in "$1"*) true;; *) false;; esac; }
is_ethernet_interface ()
{
local type="$(${nmcli} dev show "$1" | grep 'GENERAL\.TYPE:' | awk '{ print $2 }')"
test "$type" = "ethernet" || beginswith enp "$1"
}
hotspot_enabled ()
{
${nmcli} dev | ${grep} -q "hotspot"
}
if is_ethernet_interface "$1" && ! hotspot_enabled; then
echo "change in ethernet and not in hotspot mode" >> /tmp/disable_wifi_on_ethernet.log
if [ "$2" = "up" ]; then
echo "turning wifi off" >> /tmp/disable_wifi_on_ethernet.log
nmcli radio wifi off
fi
if [ "$2" = "down" ]; then
echo "turning wifi on" >> /tmp/disable_wifi_on_ethernet.log
nmcli radio wifi on
fi
fi
echo END "$@" >> /tmp/disable_wifi_on_ethernet.log
'';
type = "basic";
}
];
};
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
programs.steam.enable = true; programs.steam.enable = true;

View file

@ -26,31 +26,22 @@
fd fd
file file
ripgrep ripgrep
sd
tokei
tree tree
wget wget
jq
pciutils pciutils
usbutils usbutils
# development # development
agenix
alejandra
git git
git-crypt git-crypt
git-lfs git-lfs
gnumake gnumake
gnupg gnupg
pinentry-qt
python3 python3
vim vim
# terminal utilities # terminal utilities
dogdns
du-dust
htop htop
ldns # drill
unzip unzip
zip zip
; ;

View file

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1707830867, "lastModified": 1716561646,
"narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", "narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", "rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -48,11 +48,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1709286488, "lastModified": 1717032306,
"narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,11 +67,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1709126324, "lastModified": 1710146030,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605", "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -81,6 +81,39 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -109,27 +142,62 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1709204054, "lastModified": 1726989464,
"narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2f3367769a93b226c467551315e9e270c3f78b15", "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "master", "ref": "release-24.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1709147990, "lastModified": 1731797098,
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=", "narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159", "rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -157,11 +225,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1709271102, "lastModified": 1729493358,
"narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", "narHash": "sha256-Ti+Y9nWt5Fcs3JlarxLPgIOVlbqQo7jobz/qOwOaziM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", "rev": "a5e6a9e979367ee14f65d9c38119c30272f8455f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -173,11 +241,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1708815994, "lastModified": 1716914467,
"narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=", "narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0", "rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -189,16 +257,16 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1709150264, "lastModified": 1731797254,
"narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=", "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9099616b93301d5cf84274b184a3a5ec69e94e08", "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -209,6 +277,7 @@
"disko": "disko", "disko": "disko",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable-small": "nixpkgs-unstable-small" "nixpkgs-unstable-small": "nixpkgs-unstable-small"
@ -243,6 +312,21 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

View file

@ -5,7 +5,7 @@
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-unstable"; ref = "nixos-24.05";
}; };
nixpkgs-unstable-small = { nixpkgs-unstable-small = {
@ -25,7 +25,7 @@
type = "github"; type = "github";
owner = "nix-community"; owner = "nix-community";
repo = "home-manager"; repo = "home-manager";
ref = "master"; ref = "release-24.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -49,6 +49,11 @@
repo = "disko"; repo = "disko";
ref = "master"; ref = "master";
}; };
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -57,26 +62,18 @@
home-manager, home-manager,
agenix, agenix,
disko, disko,
lix-module,
... ...
} @ inputs: } @ inputs:
{ {
nixosModules = { nixosModules = {
home = { home = {
home-manager.backupFileExtension = "hm-backup";
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home; home-manager.users.alarsyo = import ./home;
home-manager.verbose = true; home-manager.verbose = true;
}; };
nix-path = {
nix = {
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
registry = {
nixpkgs.flake = inputs.nixpkgs;
};
};
};
}; };
overlays = import ./overlays; overlays = import ./overlays;
@ -102,6 +99,7 @@
[ [
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModules.default home-manager.nixosModules.default
lix-module.nixosModules.default
{ {
nixpkgs = { nixpkgs = {
overlays = shared_overlays; overlays = shared_overlays;
@ -141,20 +139,6 @@
++ sharedModules; ++ sharedModules;
}; };
hephaestus = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./hephaestus.nix
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd
]
++ sharedModules;
};
talos = nixpkgs.lib.nixosSystem { talos = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = modules =
@ -177,11 +161,16 @@
}; };
}; };
} }
// inputs.flake-utils.lib.eachDefaultSystem (system: { // inputs.flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
packages = packages =
inputs.flake-utils.lib.flattenTree inputs.flake-utils.lib.flattenTree
(import ./pkgs { (import ./pkgs {inherit pkgs;});
pkgs = import nixpkgs {inherit system;}; devShells.default = pkgs.mkShellNoCC {
}); buildInputs = [
pkgs.alejandra
];
};
}); });
} }

View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/hephaestus
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

View file

@ -2,6 +2,7 @@
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./bat.nix ./bat.nix
./direnv.nix
./emacs.nix ./emacs.nix
./env.nix ./env.nix
./firefox.nix ./firefox.nix
@ -10,7 +11,6 @@
./git.nix ./git.nix
./gtk.nix ./gtk.nix
./laptop.nix ./laptop.nix
./lorri.nix
./mail.nix ./mail.nix
./rbw.nix ./rbw.nix
./rofi.nix ./rofi.nix

View file

@ -9,17 +9,15 @@
mkIf mkIf
; ;
cfg = config.my.home.lorri; cfg = config.my.home.direnv;
in { in {
options.my.home.lorri = { options.my.home.direnv = {
enable = (mkEnableOption "lorri daemon setup") // {default = true;}; enable = (mkEnableOption "setup direnv usage") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.lorri.enable = true;
programs.direnv = { programs.direnv = {
enable = true; enable = true;
# FIXME: proper file, not lorri.nix
nix-direnv = { nix-direnv = {
enable = true; enable = true;
}; };

View file

@ -43,7 +43,7 @@ in {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = pkgs.emacs29; package = pkgs.emacs29-pgtk;
extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e];
}; };
}; };

View file

@ -1,7 +1,4 @@
function nfl function nfl
set -l flags "--commit-lock-file" set -l flags "--commit-lock-file"
for flake in $argv nix flake update $flags $argv
set -a flags "--update-input" "$flake"
end
nix flake lock $flags
end end

View file

@ -18,8 +18,10 @@ bind ,<Space> nohlsearch
" case insensitive if lowercase, case sensitive if using some uppercase letters " case insensitive if lowercase, case sensitive if using some uppercase letters
set findcase smart set findcase smart
set modeindicatormodes {"ignore": "false"}
" New reddit is bad " New reddit is bad
autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") " autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Orange site / Reddit / Lobste.rs specific hints to toggle comments " Orange site / Reddit / Lobste.rs specific hints to toggle comments
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
@ -36,3 +38,6 @@ blacklistadd localhost
blacklistadd netflix.com blacklistadd netflix.com
blacklistadd primevideo.com blacklistadd primevideo.com
blacklistadd youtube.com blacklistadd youtube.com
" prevent teams from crashing
seturl teams.microsoft.com superignore true

View file

@ -6,11 +6,12 @@
}: let }: let
inherit inherit
(lib) (lib)
mkEnableOption
mkIf mkIf
mkOptionDefault mkOptionDefault
; ;
isEnabled = config.my.home.x.enable; isEnabled = config.my.home.x.i3.enable;
myTerminal = myTerminal =
# FIXME: fix when terminal is setup in home # FIXME: fix when terminal is setup in home
@ -26,6 +27,10 @@
i3Theme = config.my.theme.i3Theme; i3Theme = config.my.theme.i3Theme;
in { in {
options.my.home.x.i3 = {
enable = mkEnableOption "i3wm configuration";
};
config = mkIf isEnabled { config = mkIf isEnabled {
my.home = { my.home = {
flameshot.enable = true; flameshot.enable = true;

View file

@ -24,10 +24,12 @@
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ boot.supportedFilesystems = {
"btrfs" btrfs = true;
"ntfs" ntfs = true;
]; };
services.xserver.windowManager.i3.enable = true;
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
@ -84,7 +86,6 @@
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
forwardX11 = true;
}; };
}; };
my.gui = { my.gui = {
@ -92,18 +93,14 @@
isNvidia = true; isNvidia = true;
}; };
my.wakeonwlan.interfaces.phy0.methods = [ hardware = {
"magic-packet" bluetooth = {
"disconnect" enable = true;
"gtk-rekey-failure" powerOnBoot = false;
"eap-identity-request" };
"rfkill-release" nvidia = {
]; open = true;
modesetting.enable = true;
services.udev.packages = [pkgs.chrysalis]; };
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
}; };
} }

View file

@ -4,11 +4,11 @@
... ...
}: { }: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
# TODO: can probably upgrade me home.stateVersion = "20.09";
home.stateVersion = "21.05";
# Keyboard settings & i3 settings # Keyboard settings & i3 settings
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"]; my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];

View file

@ -57,7 +57,7 @@ in {
my.services = { my.services = {
fail2ban.enable = true; fail2ban.enable = true;
gitea = { forgejo = {
enable = true; enable = true;
privatePort = 8082; privatePort = 8082;
}; };
@ -81,6 +81,11 @@ in {
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
}; };
mealie = {
enable = true;
port = 8090;
};
microbin = { microbin = {
enable = true; enable = true;
privatePort = 8088; privatePort = 8088;
@ -112,11 +117,6 @@ in {
secretKeyFile = config.age.secrets."paperless/secret-key".path; secretKeyFile = config.age.secrets."paperless/secret-key".path;
}; };
photoprism = {
enable = true;
port = 8084;
};
pleroma = { pleroma = {
enable = true; enable = true;
port = 8086; port = 8086;

View file

@ -1,8 +1,6 @@
{config, ...}: { {config, ...}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
# TODO: can probably upgrade me home.stateVersion = "22.05";
home.stateVersion = "21.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };
} }

View file

@ -13,8 +13,6 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"gandi/api-key" = {};
"lohr/shared-secret" = {}; "lohr/shared-secret" = {};
"matrix-synapse/secret-config" = { "matrix-synapse/secret-config" = {
@ -29,6 +27,8 @@
owner = "nextcloud"; owner = "nextcloud";
}; };
"ovh/credentials" = {};
"paperless/admin-password" = {}; "paperless/admin-password" = {};
"paperless/secret-key" = {}; "paperless/secret-key" = {};

View file

@ -1,246 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
hardware.amdgpu.opencl = false;
boot.kernelPackages = pkgs.linuxPackages;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# boot.initrd.systemd.enable = true;
# boot.plymouth.enable = true;
# boot.kernelParams = ["quiet"];
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "hephaestus"; # Define your hostname.
networking.domain = "alarsyo.net";
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:hephaestus-backup";
passwordFile = config.age.secrets."restic-backup/hephaestus-password".path;
environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
services = {
tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 70;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
fwupd.enable = true;
openssh.enable = true;
};
my.gui.enable = true;
my.displayManager.sddm.enable = lib.mkForce false;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.power-profiles-daemon.enable = false;
services.autorandr = {
enable = true;
profiles = {
default = {
fingerprint = {
"eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018";
};
config = {
"eDP-1" = {
enable = true;
crtc = 0;
primary = true;
position = "0x0";
mode = "1920x1080";
};
};
};
dock = {
fingerprint = {
"eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018";
"DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1";
"DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035";
};
config = {
"eDP-1" = {
enable = true;
primary = false;
position = "3000x840";
mode = "1920x1080";
};
"DP-4" = {
enable = true;
primary = true;
position = "0x420";
mode = "1920x1080";
};
"DP-5" = {
enable = true;
primary = false;
position = "1920x0";
mode = "1920x1080";
rotate = "left";
};
};
};
dock-lid-closed = {
fingerprint = {
"DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1";
"DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035";
};
config = {
"DP-4" = {
enable = true;
primary = true;
position = "0x420";
mode = "1920x1080";
};
"DP-5" = {
enable = true;
primary = false;
position = "1920x0";
mode = "1920x1080";
rotate = "left";
};
};
};
};
};
systemd.services.autorandr-lid-listener = {
wantedBy = ["multi-user.target"];
description = "Listening for lid events to invoke autorandr";
serviceConfig = {
Type = "simple";
ExecStart = let
stdbufExe = lib.getExe' pkgs.coreutils "stdbuf";
libinputExe = lib.getExe' pkgs.libinput "libinput";
grepExe = lib.getExe pkgs.gnugrep;
autorandrExe = lib.getExe pkgs.autorandr;
in
pkgs.writeShellScript "lid-listener.sh" ''
${stdbufExe} -oL ${libinputExe} debug-events |
${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' |
while read line; do
${pkgs.systemd}/bin/systemctl start --no-block autorandr.service
done
'';
Restart = "always";
RestartSec = "30";
};
};
# Configure console keymap
console.keyMap = "us";
programs.light.enable = true;
}

View file

@ -1,45 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b";
fsType = "btrfs";
options = ["subvol=@"];
};
boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/826A-23F7";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,49 +0,0 @@
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
# TODO: can probably upgrade me
home.stateVersion = "21.05";
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tctl"];
my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
# TODO: place in global home conf
services.dunst.enable = true;
home.packages = builtins.attrValues {
inherit
(pkgs)
# some websites only work there :(
chromium
darktable
# dev
rustup
gdb
valgrind
arandr
zotero
;
inherit
(pkgs.packages)
ansel
spot
;
inherit (pkgs.wineWowPackages) stable;
};
};
}

View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/hephaestus-credentials" = {};
"restic-backup/hephaestus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

View file

@ -16,9 +16,16 @@
./secrets.nix ./secrets.nix
]; ];
hardware.amdgpu.opencl = false; boot.kernelPackages = pkgs.linuxPackages_6_11;
# Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could
boot.kernelPackages = pkgs.linuxPackages_6_6; # lead to bad Wi-Fi performance
boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = { boot.loader.systemd-boot = {
@ -41,7 +48,10 @@
networking.domain = "alarsyo.net"; networking.domain = "alarsyo.net";
# Pick only one of the below networking options. # Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.networkmanager = {
enable = true;
wifi.powersave = true;
};
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
@ -51,7 +61,6 @@
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
programs = { programs = {
dconf.enable = true;
light.enable = true; light.enable = true;
}; };
services = { services = {
@ -60,7 +69,10 @@
}; };
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
libvirtd.enable = true; libvirtd.enable = false;
virtualbox.host = {
enable = false;
};
}; };
my.services = { my.services = {
@ -70,10 +82,54 @@
}; };
pipewire.enable = true; pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
"*.vbox"
"*.vdi"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
}; };
my.gui.enable = true; my.gui.enable = true;
my.displayManager.sddm.enable = lib.mkForce false;
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -96,22 +152,21 @@
LC_TELEPHONE = "fr_FR.UTF-8"; LC_TELEPHONE = "fr_FR.UTF-8";
}; };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment. # Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm = { services.desktopManager.plasma6.enable = true;
enable = true;
wayland.enable = true;
};
services.xserver.desktopManager.plasma5.enable = true;
services.power-profiles-daemon.enable = true; services.power-profiles-daemon.enable = true;
programs.hyprland.enable = true; environment.systemPackages = [
pkgs.unstable.zed-editor
pkgs.foot
];
#programs.hyprland.enable = true;
programs.sway = { programs.sway = {
enable = true; enable = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
}; };
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix. # accidentally delete configuration.nix.

View file

@ -20,7 +20,7 @@
}; };
}; };
luks = { luks = {
size = "100%"; size = "600G";
content = { content = {
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
@ -35,19 +35,24 @@
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"/root" = { "@" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/nix" = { "@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/swap" = { "@persist" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
"@snapshots" = {};
"@swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";
swap.swapfile.size = "8G"; swap.swapfile.size = "8G";
}; };

View file

@ -1,10 +1,16 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: { }: let
inherit
(lib)
mkOptionDefault
;
in {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "24.05"; home.stateVersion = "23.11";
my.home.laptop.enable = true; my.home.laptop.enable = true;
@ -23,26 +29,101 @@
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit
(pkgs) (pkgs)
# some websites only work there :( ansel
chromium # some websites only work there :(
chromium
darktable
# dev
rustup
gdb
valgrind
arandr
zotero zotero
; ;
#inherit inherit
# (pkgs.packages) (pkgs.packages)
# ansel spot
# spot ;
# ; };
inherit (pkgs.wineWowPackages) stable; wayland.windowManager.sway = {
enable = true;
swaynag.enable = true;
wrapperFeatures.gtk = true;
config = {
modifier = "Mod4";
input = {
"type:keyboard" = {
xkb_layout = "fr";
xkb_variant = "us";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
};
};
output = {
"eDP-1" = {
scale = "1.5";
};
};
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
bars = [
{
mode = "dock";
hiddenState = "hide";
position = "top";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
trayOutput = "primary";
colors = {
background = "#000000";
statusline = "#ffffff";
separator = "#666666";
focusedWorkspace = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
activeWorkspace = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
inactiveWorkspace = {
border = "#333333";
background = "#222222";
text = "#888888";
};
urgentWorkspace = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
bindingMode = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
};
}
];
keybindings = mkOptionDefault {
"Mod4+i" = "exec emacsclient --create-frame";
};
};
};
programs = {
fuzzel.enable = true;
swaylock.enable = true;
waybar = {
enable = true;
};
}; };
}; };
} }

View file

@ -13,8 +13,8 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
#"restic-backup/hephaestus-credentials" = {}; "restic-backup/talos-credentials" = {};
#"restic-backup/hephaestus-password" = {}; "restic-backup/talos-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};

View file

@ -35,6 +35,56 @@ in {
}; };
services = { services = {
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
default = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
dockerImage = "debian:stable";
};
};
};
openssh.enable = true; openssh.enable = true;
}; };

View file

@ -1,7 +1,6 @@
{config, ...}: { {config, ...}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
# TODO: can probably upgrade me home.stateVersion = "23.11";
home.stateVersion = "21.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };

View file

@ -15,6 +15,8 @@
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
"gitlab-runner/thanatos-runner-env" = {};
"gitlab-runner/thanatos-nix-runner-env" = {};
}; };
}; };
} }

View file

@ -15,23 +15,17 @@ in {
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.xserver.displayManager.sddm = { services.displayManager.sddm = {
enable = true; enable = true;
theme = "sugar-candy"; theme = "catppuccin-latte";
wayland.enable = true;
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = [
inherit (pkgs.catppuccin-sddm.override
(pkgs.packages) {
sddm-sugar-candy flavor = "latte";
; })
];
inherit
(pkgs.libsForQt5.qt5)
qtgraphicaleffects
qtquickcontrols2
qtsvg
;
};
}; };
} }

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
YMZÓíî:ú{R­^n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>ÝXx=7”‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ540ÞGâŒ÷ðÌŸ­±Q<C2B1>Êë·±Ÿw¡

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8
ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo
-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM
SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8
--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M
ÁXª¨àeéˆaLQ H2*ZÅTé¿ ®P;Ý(jCÌ€k‡ viäµû<C2B5>ÿħ¡à†kæ`™ô]mò<6D>ÿBñ ,³±,ü÷?!¶{àŠ%­eÙì(„Su¿-SŸD¢¾“=H#‡„¼Þq=ï<>Uùí;=OÍ <÷R¼ÇÎE±“<+&­èdÂæ<18>>G+_oP¥Þ]ÿê¦RÄßL$Ö³\š°ü0ø¤N!þ"Áã&÷%Nž à<ËÃ,òv°1ÿÊÚj1

View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk
xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E
-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels
Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw
-> j-c8-grease
WeQ
--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs
 ü8Êâ5œ¢|<7C>ŒòQx_5':Á½È ´A?îÎÚ¡ÄÛ ­ØŠ¾þèoAx‰)rýd!Š(´®”èѨ5£¸ìô~ý\†ŽLd"^ÑZ¨Z^®…Vï/‡§5Ë•¶¢¨Ý¦<C39D>a诲áḷo]O/®Eueà†

View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c
Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro
-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M
SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs
-> !!6BS-grease Gs<Om0
d7WvJNMg3OX9CwWvGNWCuViu1X+e9oFE5vZQixfaJI3xKax2lTNh
--- QICRX2ve/1CFNHjnVXDpue3DRlFbTftu9yrWw745gVk
|†`F…3Þ°˜¤VEû²ÊósßK³ÞQwÿÙ$ùÉŒ{‘¨¯†>¹Hˆ7Þh™î”Ä©Û2ÅïÂÈÆcH^¸×÷Ÿ© X_ñæzv'¢ÄÐ!Zkš_„þÉ0Ë}Yo•je§¼<icé{SkÁ|1Ÿalé*ü7ÓÖŒF«Þ9j¬\§X{¢¾#H7ÑŒ¢!><.^¸¿[ï£q4åpP

View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00
tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI
-> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0
xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8
--- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk
BV͵Ç\Õ 8 Û‘¾ºý[%<25>½l^>9<>\Eö5¹šþ¿Új(6èÜgå;(I7CS4èv6ièÉÐþSªÐXïC»ï`OòT™ŒÓÚ\ô;I·Ýœò6ƒ<36>_k˜éy-‡±¹½qKl†¾ôKþÓ hŠ?tô

Binary file not shown.

View file

@ -4,16 +4,18 @@ let
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos";
thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos";
machines = [boreal hades hephaestus talos thanatos]; machines = [boreal hades talos thanatos];
all = users ++ machines; all = users ++ machines;
in { in {
"gandi/api-key.age".publicKeys = [alarsyo hades]; "gandi/api-key.age".publicKeys = [alarsyo hades];
"gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
"gitlab-runner/thanatos-nix-runner-env.age".publicKeys = [alarsyo thanatos];
"lohr/shared-secret.age".publicKeys = [alarsyo hades]; "lohr/shared-secret.age".publicKeys = [alarsyo hades];
"matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];
@ -24,6 +26,8 @@ in {
"nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; "nextcloud/admin-pass.age".publicKeys = [alarsyo hades];
"ovh/credentials.age".publicKeys = [alarsyo hades];
"paperless/admin-password.age".publicKeys = [alarsyo hades]; "paperless/admin-password.age".publicKeys = [alarsyo hades];
"paperless/secret-key.age".publicKeys = [alarsyo hades]; "paperless/secret-key.age".publicKeys = [alarsyo hades];
@ -33,8 +37,8 @@ in {
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades];
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus]; "restic-backup/talos-password.age".publicKeys = [alarsyo talos];
"restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus]; "restic-backup/talos-credentials.age".publicKeys = [alarsyo talos];
"users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo];
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];

View file

@ -1,155 +0,0 @@
{
cmake,
colord,
colord-gtk,
curl,
dav1d,
desktop-file-utils,
exiftool,
exiv2,
fetchFromGitHub,
glib,
gmic,
graphicsmagick,
gtk3,
icu,
intltool,
isocodes,
jasper,
json-glib,
lcms,
lensfun,
lib,
libXdmcp,
libXtst,
libaom,
libavif,
libdatrie,
libde265,
libepoxy,
libffi,
libgcrypt,
libgpg-error,
libheif,
libjpeg,
libpsl,
librsvg,
libsecret,
libselinux,
libsepol,
libsoup,
libsysprof-capture,
libthai,
libwebp,
libxkbcommon,
libxml2,
libxslt,
llvmPackages,
openexr_3,
openjpeg,
osm-gps-map,
pcre,
pcre2,
perlPackages,
pkg-config,
pugixml,
python3Packages,
rav1e,
sqlite,
stdenv,
util-linux,
wrapGAppsHook,
x265,
}:
stdenv.mkDerivation {
pname = "ansel";
version = "unstable-2024-01-05";
src = fetchFromGitHub {
owner = "aurelienpierreeng";
repo = "ansel";
rev = "e2c4a0a60cd80f741dd3d3c6ab72be9ac11234fb";
hash = "sha256-Kg020MHy9fn1drCk+66f25twqczvD/5evutDODqOjYM=";
fetchSubmodules = true;
};
nativeBuildInputs = [
cmake
desktop-file-utils
exiftool
intltool
libxml2
llvmPackages.clang
llvmPackages.llvm
pkg-config
perlPackages.perl
python3Packages.jsonschema
wrapGAppsHook
];
buildInputs = [
colord
colord-gtk
curl
dav1d
exiv2
json-glib
glib
gmic
graphicsmagick
gtk3
icu
isocodes
jasper
lcms
lensfun
libaom
libavif
libdatrie
libde265
libepoxy
libffi
libgcrypt
libgpg-error
libheif
libjpeg
libpsl
librsvg
libsecret
libselinux
libsepol
libsoup
libsysprof-capture
libthai
libwebp
libXdmcp
libxkbcommon
libxslt
libXtst
openexr_3
openjpeg
osm-gps-map
pcre
pcre2
perlPackages.Po4a
pugixml
rav1e
sqlite
util-linux
x265
];
preFixup = ''
gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH ":" "$out/lib/ansel"
)
'';
meta = {
description = "A darktable fork minus the bloat plus some design vision";
homepage = "https://ansel.photos/";
license = lib.licenses.gpl3Plus;
mainProgram = "ansel";
platforms = lib.platforms.linux;
};
}

View file

@ -1,5 +1,4 @@
{pkgs}: { {pkgs}: {
ansel = pkgs.callPackage ./ansel {};
sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {};
kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {};
grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {});

View file

@ -3,7 +3,7 @@
fetchurl, fetchurl,
python3, python3,
}: let }: let
version = "2.11.6"; version = "2.12.1";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
@ -15,6 +15,6 @@ in
src = fetchurl { src = fetchurl {
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-ppJ5T4nA2zlWulkZvdUxPjcuDeNAAKkCLynhxukcU4o="; sha256 = "sha256-VHfAjU4dBi8WTC5IaoNVaSXQfXDyGA3nBq96qUnG/1w=";
}; };
} }

View file

@ -3,11 +3,13 @@
./vaultwarden.nix ./vaultwarden.nix
./fail2ban.nix ./fail2ban.nix
./fava.nix ./fava.nix
./forgejo
./gitea ./gitea
./immich.nix ./immich.nix
./jellyfin.nix ./jellyfin.nix
./lohr.nix ./lohr.nix
./matrix.nix ./matrix.nix
./mealie.nix
./media.nix ./media.nix
./microbin.nix ./microbin.nix
./miniflux.nix ./miniflux.nix

View file

@ -0,0 +1,129 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.forgejo;
my = config.my;
domain = config.networking.domain;
hostname = config.networking.hostName;
fqdn = "${hostname}.${domain}";
forgejoUser = "git";
in {
options.my.services.forgejo = let
inherit (lib) types;
in {
enable = mkEnableOption "Personal Git hosting with Forgejo";
privatePort = mkOption {
type = types.port;
default = 8082;
example = 8082;
description = "Port to serve the app";
};
};
config = mkIf cfg.enable {
# use git as user to have `git clone git@git.domain`
users.users.${forgejoUser} = {
description = "Forgejo Service";
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = forgejoUser;
# the systemd service for the forgejo module seems to hardcode the group as
# forgejo, so, uh, just in case?
extraGroups = ["forgejo"];
isSystemUser = true;
};
users.groups.${forgejoUser} = {};
services.forgejo = {
enable = true;
user = forgejoUser;
group = config.users.users.${forgejoUser}.group;
stateDir = "/var/lib/${forgejoUser}";
lfs.enable = true;
settings = {
server = {
ROOT_URL = "https://git.${domain}/";
DOMAIN = "git.${domain}";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = cfg.privatePort;
};
log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ]
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_BRANCH = "main";
};
# NOTE: temporarily remove this for initial setup
service.DISABLE_REGISTRATION = true;
# only send cookies via HTTPS
session.COOKIE_SECURE = true;
DEFAULT.APP_NAME = "Personal Forge";
};
# NixOS module uses `forgejo dump` to backup repositories and the database,
# but it produces a single .zip file that's not very restic friendly.
# I configure my backup system manually below.
dump.enable = false;
database = {
type = "postgres";
# user needs to be the same as forgejo user
user = forgejoUser;
name = forgejoUser;
};
};
# FIXME: Borg *could* be backing up files while they're being edited by
# forgejo, so it may produce corrupt files in the snapshot if I push stuff
# around midnight. I'm not sure how `forgejo dump` handles this either,
# though.
my.services.restic-backup = {
paths = [
config.services.forgejo.lfs.contentDir
config.services.forgejo.repositoryRoot
];
};
# NOTE: no need to use postgresql.ensureDatabases because the forgejo module
# takes care of this automatically
services.postgresqlBackup = {
databases = [config.services.forgejo.database.name];
};
services.nginx = {
virtualHosts = {
"git.${domain}" = {
forceSSL = true;
useACMEHost = fqdn;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
};
};
};
};
security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"];
systemd.services.forgejo.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.forgejo.stateDir}/custom/templates";
};
}

View file

@ -0,0 +1,17 @@
{{template "base/head" .}}
<div class="page-content home">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg"/>
</div>
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<h2>alarsyo's personal projects are hosted here</h2>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

View file

@ -74,7 +74,7 @@ in {
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
client_max_body_size 100m; client_max_body_size 1000m;
access_log syslog:server=unix:/dev/log,tag=immich; access_log syslog:server=unix:/dev/log,tag=immich;
''; '';
}; };

122
services/mealie.nix Normal file
View file

@ -0,0 +1,122 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.mealie;
my = config.my;
domain = config.networking.domain;
hostname = config.networking.hostName;
fqdn = "${hostname}.${domain}";
pkg = pkgs.unstable.mealie;
listenAddress = "127.0.0.1";
in {
options.my.services.mealie = let
inherit (lib) types;
in {
enable = mkEnableOption "Mealie";
port = mkOption {
type = types.port;
example = 8080;
description = "Internal port for Mealie webapp";
};
credentialsFile = lib.mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/secrets/mealie-credentials.env";
description = ''
File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`
or sensitive LDAP options.
Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.
'';
};
};
# FIXME(NixOS 24.11) Copy pasted from nixpkgs master module, because some needed changes weren't in stable yet.
config = mkIf cfg.enable (let
settings = {
ALLOW_SIGNUP = "false";
BASE_URL = "https://mealie.${domain}";
TZ = config.time.timeZone;
# Use PostgreSQL
DB_ENGINE = "postgres";
# Settings for Mealie 1.7+
POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
};
in {
systemd.services = {
mealie = {
after = ["network-online.target" "postgresql.service"];
requires = ["postgresql.service"];
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
description = "Mealie, a self hosted recipe manager and meal planner";
environment =
{
PRODUCTION = "true";
API_PORT = toString cfg.port;
BASE_URL = "http://localhost:${toString cfg.port}";
DATA_DIR = "/var/lib/mealie";
CRF_MODEL_PATH = "/var/lib/mealie/model.crfmodel";
}
// (builtins.mapAttrs (_: val: toString val) settings);
serviceConfig = {
DynamicUser = true;
User = "mealie";
ExecStartPre = "${pkg}/libexec/init_db";
ExecStart = "${lib.getExe pkg} -b ${listenAddress}:${builtins.toString cfg.port}";
EnvironmentFile = lib.mkIf (cfg.credentialsFile != null) cfg.credentialsFile;
StateDirectory = "mealie";
StandardOutput = "journal";
};
};
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = ["mealie"];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
services.postgresqlBackup = {
databases = ["mealie"];
};
services.nginx.virtualHosts."mealie.${domain}" = {
forceSSL = true;
useACMEHost = fqdn;
locations."/" = {
proxyPass = "http://${listenAddress}:${toString cfg.port}/";
proxyWebsockets = true;
};
};
security.acme.certs.${fqdn}.extraDomainNames = ["mealie.${domain}"];
my.services.restic-backup = {
paths = ["/var/lib/mealie"];
};
});
}

View file

@ -62,15 +62,11 @@ in {
hostName = "cloud.${domain}"; hostName = "cloud.${domain}";
https = true; https = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud29;
maxUploadSize = "1G"; maxUploadSize = "1G";
config = { config = {
overwriteProtocol = "https";
defaultPhoneRegion = "FR";
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbname = dbName; dbname = dbName;
@ -79,6 +75,11 @@ in {
adminuser = "admin"; adminuser = "admin";
adminpassFile = cfg.adminpassFile; adminpassFile = cfg.adminpassFile;
}; };
settings = {
default_phone_region = "FR";
overwriteprotocol = "https";
};
}; };
users.groups.media.members = ["nextcloud"]; users.groups.media.members = ["nextcloud"];

View file

@ -66,8 +66,8 @@ in {
gandiKey = config.my.secrets.gandiKey; gandiKey = config.my.secrets.gandiKey;
in { in {
"${fqdn}" = { "${fqdn}" = {
dnsProvider = "gandiv5"; dnsProvider = "ovh";
credentialsFile = config.age.secrets."gandi/api-key".path; credentialsFile = config.age.secrets."ovh/credentials".path;
group = "nginx"; group = "nginx";
}; };
}; };

View file

@ -50,7 +50,7 @@ in {
enable = true; enable = true;
port = cfg.port; port = cfg.port;
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
extraConfig = { settings = {
# Postgres settings # Postgres settings
PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless"; PAPERLESS_DBUSER = "paperless";

View file

@ -61,7 +61,7 @@ in {
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
client_max_body_size 100m; client_max_body_size 500m;
access_log syslog:server=unix:/dev/log,tag=photoprism; access_log syslog:server=unix:/dev/log,tag=photoprism;
''; '';
}; };

View file

@ -98,7 +98,7 @@ in {
environmentFile = cfg.environmentFile; environmentFile = cfg.environmentFile;
extraBackupArgs = extraBackupArgs =
["--verbose=2"] ["--verbose=1"]
++ optional (builtins.length cfg.exclude != 0) excludeArg; ++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;

View file

@ -19,5 +19,5 @@
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
} }

5
todo.org Normal file
View file

@ -0,0 +1,5 @@
* TODO Take a look at goldwarden when 24.05 releases
https://github.com/quexten/goldwarden
* TODO Setup sway correctly