alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

..

10 commits
main ... framework

Author SHA1 Message Date
Antoine Martin beb366f9a5 home: individualise stateVersion 2024-03-01 13:34:33 +01:00
Antoine Martin 93764167e9 flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/a13f36255cf4ce99cc4236a34251c2e7106e101d' (2024-02-26)
  → 'github:nix-community/disko/bde7dd352c07d43bd5b8245e6c39074a391fdd46' (2024-03-01)
• Updated input 'home-manager':
    'github:nix-community/home-manager/1d085ea4444d26aa52297758b333b449b2aa6fca' (2024-02-26)
  → 'github:nix-community/home-manager/2f3367769a93b226c467551315e9e270c3f78b15' (2024-02-29)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/01467901ec51dd92774040f2b3dff4f21f4e1c45' (2024-02-28)
  → 'github:NixOS/nixos-hardware/33a97b5814d36ddd65ad678ad07ce43b1a67f159' (2024-02-28)
• Updated input 'nixpkgs':
    'github:NixOS/nixpkgs/13aff9b34cc32e59d35c62ac9356e4a41198a538' (2024-02-26)
  → 'github:NixOS/nixpkgs/9099616b93301d5cf84274b184a3a5ec69e94e08' (2024-02-28)
• Updated input 'nixpkgs-unstable-small':
    'github:NixOS/nixpkgs/c1fe227b486d4bfffb319fd225a95ea574d398bf' (2024-02-28)
  → 'github:NixOS/nixpkgs/09c1497ce5d4ed4a0edfdd44450d3048074cb300' (2024-03-01)
 2024-03-01 11:43:13 +01:00
Antoine Martin ae2c988bdb talos: switch sddm to wayland 2024-03-01 10:35:36 +01:00
Antoine Martin b05eec42c5 talos: enable some wayland window managers 2024-02-29 16:35:17 +01:00
Antoine Martin b28266d6ea talos: update systemd-boot settings 2024-02-29 10:58:36 +01:00
Antoine Martin 401ee0005a run formatter 2024-02-29 03:48:41 +01:00
Antoine Martin 2d420362ac base: remove driver config 
NVIDIA specific settings should just go to boreal
 2024-02-29 02:45:20 +01:00
Antoine Martin 79d60288aa base: update xkb option names 2024-02-29 02:44:24 +01:00
Antoine Martin 3e3f4331d2 talos: initial setup 2024-02-28 23:30:28 +01:00
Antoine Martin 2a2275a87a flake: update everything 2024-02-28 17:48:56 +01:00
65 changed files with 840 additions and 1164 deletions

22
.github/workflows/cachix.yaml vendored
View file

@ -15,10 +15,10 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v25
- name: Run alejandra - name: Run alejandra
run: nix develop --command alejandra --check . run: nix run nixpkgs#alejandra -- --check .
flake-check: flake-check:
name: Flake check name: Flake check
@ -26,9 +26,9 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v25
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v14
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
@ -46,6 +46,7 @@ jobs:
fail-fast: false fail-fast: false
matrix: matrix:
name: name:
- ansel
- grafanaDashboards/nginx - grafanaDashboards/nginx
- grafanaDashboards/node-exporter - grafanaDashboards/node-exporter
- kaleidoscope-udev-rules - kaleidoscope-udev-rules
@ -55,9 +56,9 @@ jobs:
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v25
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v14
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
@ -77,18 +78,15 @@ jobs:
name: name:
- boreal - boreal
- hades - hades
- talos - hephaestus
- thanatos - thanatos
steps: steps:
- name: Delete huge unnecessary tools folder
run: rm -rf /opt/hostedtoolcache
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v25
- uses: cachix/cachix-action@v16 - uses: cachix/cachix-action@v14
with: with:
name: alarsyo name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

1
.lohr
View file

@ -1,4 +1,3 @@
git@github.com:alarsyo/nixos-config git@github.com:alarsyo/nixos-config
git@gitlab.com:alarsyo/nixos-config git@gitlab.com:alarsyo/nixos-config
git@git.sr.ht:~alarsyo/nixos-config git@git.sr.ht:~alarsyo/nixos-config
git@codeberg.org:alarsyo/nixos-config

84
base/gui-programs.nix
View file

@ -23,47 +23,35 @@ in {
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt; pinentryFlavor = "qt";
}; };
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit windowManager.i3.enable = true;
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
xkb = { xkb = {
layout = "fr"; layout = "fr";
variant = "us"; variant = "us";
}; };
}; libinput = {
enable = true;
libinput = { touchpad = {
enable = true; naturalScrolling = true;
touchpad = { };
naturalScrolling = true;
}; };
}; };
logind.lidSwitch = "suspend"; logind.lidSwitch = "ignore";
printing = {
enable = true;
cups-pdf.enable = true;
};
udev.packages = [pkgs.chrysalis];
}; };
environment.systemPackages = builtins.attrValues { environment.systemPackages = builtins.attrValues {
inherit inherit
(pkgs) (pkgs)
arandr
chrysalis chrysalis
discord evince
feh feh
firefox
ffmpeg ffmpeg
gimp-with-plugins gimp-with-plugins
imagemagick imagemagick
@ -78,10 +66,58 @@ in {
zathura zathura
; ;
inherit (pkgs.kdePackages) okular; inherit (pkgs.gnome) nautilus;
inherit (pkgs.libsForQt5) okular;
discord = pkgs.discord.override {nss = pkgs.nss_latest;};
}; };
networking.networkmanager.enable = true; networking.networkmanager = {
enable = true;
dispatcherScripts = [
{
source = let
grep = "${pkgs.gnugrep}/bin/grep";
nmcli = "${pkgs.networkmanager}/bin/nmcli";
in
pkgs.writeShellScript "disable_wifi_on_ethernet" ''
export LC_ALL=C
date >> /tmp/disable_wifi_on_ethernet.log
echo START "$@" >> /tmp/disable_wifi_on_ethernet.log
beginswith() { case $2 in "$1"*) true;; *) false;; esac; }
is_ethernet_interface ()
{
local type="$(${nmcli} dev show "$1" | grep 'GENERAL\.TYPE:' | awk '{ print $2 }')"
test "$type" = "ethernet" || beginswith enp "$1"
}
hotspot_enabled ()
{
${nmcli} dev | ${grep} -q "hotspot"
}
if is_ethernet_interface "$1" && ! hotspot_enabled; then
echo "change in ethernet and not in hotspot mode" >> /tmp/disable_wifi_on_ethernet.log
if [ "$2" = "up" ]; then
echo "turning wifi off" >> /tmp/disable_wifi_on_ethernet.log
nmcli radio wifi off
fi
if [ "$2" = "down" ]; then
echo "turning wifi on" >> /tmp/disable_wifi_on_ethernet.log
nmcli radio wifi on
fi
fi
echo END "$@" >> /tmp/disable_wifi_on_ethernet.log
'';
type = "basic";
}
];
};
programs.nm-applet.enable = true; programs.nm-applet.enable = true;
programs.steam.enable = true; programs.steam.enable = true;

13
base/programs.nix
View file

@ -21,25 +21,36 @@
inherit inherit
(pkgs) (pkgs)
# shell usage # shell usage
bat bat
fd fd
file file
ripgrep ripgrep
sd
tokei
tree tree
wget wget
jq
pciutils pciutils
usbutils usbutils
# development # development
agenix
alejandra
git git
git-crypt git-crypt
git-lfs git-lfs
gnumake gnumake
gnupg gnupg
pinentry-qt
python3 python3
shellcheck
vim vim
# terminal utilities # terminal utilities
dogdns
du-dust
htop htop
ldns # drill
unzip unzip
zip zip
; ;

214
flake.lock
View file

@ -8,11 +8,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1723293904, "lastModified": 1707830867,
"narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -48,11 +48,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1732988076, "lastModified": 1709286488,
"narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=", "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1", "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -67,11 +67,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1709126324,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -81,57 +81,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -160,85 +109,27 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1742655702, "lastModified": 1709204054,
"narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=", "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "0948aeedc296f964140d9429223c7e4a0702a1ff", "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11", "ref": "master",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"jujutsu": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1741218530,
"narHash": "sha256-fBgJrSglH46+NHu3spk5mC51ASDHWnOoW6veKZ0R2YA=",
"owner": "jj-vcs",
"repo": "jj",
"rev": "6ce7a77da5a18343f4f3effef49b77428e43bc74",
"type": "github"
},
"original": {
"owner": "jj-vcs",
"ref": "v0.27.0",
"repo": "jj",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1741509550,
"narHash": "sha256-O7+c7MYOvKnGhE5qwRqV+q0NePEtiz6spM1Mfu/Heck=",
"rev": "0d1f794178d42bfa1ef40ecb80be514139779184",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/0d1f794178d42bfa1ef40ecb80be514139779184.tar.gz?rev=0d1f794178d42bfa1ef40ecb80be514139779184"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/release-2.92.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_3",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742943028,
"narHash": "sha256-fprwZKE1uMzO9tiWWOrmLWBW3GPkMayQfb0xOvVFIno=",
"rev": "868d97695bab9d21f6070b03957bcace249fbe3c",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/868d97695bab9d21f6070b03957bcace249fbe3c.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1742631601, "lastModified": 1709147990,
"narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", "narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "380ed15bcd6440606c6856db44a99140d422b46f", "rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -266,11 +157,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1742541432, "lastModified": 1709271102,
"narHash": "sha256-hPzDbmo3T64R1rt8i8WonR/4VrSbE8ZxY6wFIguC4sc=", "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fa6ab1d7fdf29a4ff0ac65f01ffdaea84f105280", "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -282,11 +173,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1732238832, "lastModified": 1708815994,
"narHash": "sha256-sQxuJm8rHY20xq6Ah+GwIUkF95tWjGRd1X8xF+Pkk38=", "narHash": "sha256-hL7N/ut2Xu0NaDxDMsw2HagAjgDskToGiyZOWriiLYM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8edf06bea5bcbee082df1b7369ff973b91618b8d", "rev": "9a9dae8f6319600fa9aebde37f340975cab4b8c0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -298,16 +189,16 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1742751704, "lastModified": 1709150264,
"narHash": "sha256-rBfc+H1dDBUQ2mgVITMGBPI1PGuCznf9rcWX/XIULyE=", "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f0946fa5f1fb876a9dc2e1850d9d3a4e3f914092", "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -318,34 +209,11 @@
"disko": "disko", "disko": "disko",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"jujutsu": "jujutsu",
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable-small": "nixpkgs-unstable-small" "nixpkgs-unstable-small": "nixpkgs-unstable-small"
} }
}, },
"rust-overlay": {
"inputs": {
"nixpkgs": [
"jujutsu",
"nixpkgs"
]
},
"locked": {
"lastModified": 1732242723,
"narHash": "sha256-NWI8csIK0ujFlFuEXKnoc+7hWoCiEtINK9r48LUUMeU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "a229311fcb45b88a95fdfa5cecd8349c809a272a",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -375,36 +243,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

60
flake.nix
View file

@ -5,7 +5,7 @@
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-24.11"; ref = "nixos-unstable";
}; };
nixpkgs-unstable-small = { nixpkgs-unstable-small = {
@ -25,7 +25,7 @@
type = "github"; type = "github";
owner = "nix-community"; owner = "nix-community";
repo = "home-manager"; repo = "home-manager";
ref = "release-24.11"; ref = "master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -49,19 +49,6 @@
repo = "disko"; repo = "disko";
ref = "master"; ref = "master";
}; };
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0-3.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
};
jujutsu = {
type = "github";
owner = "jj-vcs";
repo = "jj";
ref = "v0.27.0";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
@ -70,21 +57,25 @@
home-manager, home-manager,
agenix, agenix,
disko, disko,
lix-module,
... ...
} @ inputs: } @ inputs:
{ {
nixosModules = { nixosModules = {
home = { home = {
home-manager.backupFileExtension = "hm-backup";
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home; home-manager.users.alarsyo = import ./home;
home-manager.verbose = true; home-manager.verbose = true;
}; };
nix-registry = { nix-path = {
nix.registry.nixpkgs.flake = nixpkgs; nix = {
nix.registry.unstable.flake = inputs.nixpkgs-unstable-small; nixPath = [
"nixpkgs=${inputs.nixpkgs}"
];
registry = {
nixpkgs.flake = inputs.nixpkgs;
};
};
}; };
}; };
@ -105,14 +96,12 @@
}) })
agenix.overlays.default agenix.overlays.default
inputs.jujutsu.overlays.default
] ]
++ builtins.attrValues self.overlays; ++ builtins.attrValues self.overlays;
sharedModules = sharedModules =
[ [
agenix.nixosModules.default agenix.nixosModules.default
home-manager.nixosModules.default home-manager.nixosModules.default
lix-module.nixosModules.default
{ {
nixpkgs = { nixpkgs = {
overlays = shared_overlays; overlays = shared_overlays;
@ -152,6 +141,20 @@
++ sharedModules; ++ sharedModules;
}; };
hephaestus = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./hephaestus.nix
inputs.nixos-hardware.nixosModules.common-cpu-amd
inputs.nixos-hardware.nixosModules.common-gpu-amd
inputs.nixos-hardware.nixosModules.common-pc-laptop
inputs.nixos-hardware.nixosModules.common-pc-ssd
]
++ sharedModules;
};
talos = nixpkgs.lib.nixosSystem { talos = nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = modules =
@ -174,16 +177,11 @@
}; };
}; };
} }
// inputs.flake-utils.lib.eachDefaultSystem (system: let // inputs.flake-utils.lib.eachDefaultSystem (system: {
pkgs = nixpkgs.legacyPackages.${system};
in {
packages = packages =
inputs.flake-utils.lib.flattenTree inputs.flake-utils.lib.flattenTree
(import ./pkgs {inherit pkgs;}); (import ./pkgs {
devShells.default = pkgs.mkShellNoCC { pkgs = import nixpkgs {inherit system;};
buildInputs = [ });
pkgs.alejandra
];
};
}); });
} }

23
hephaestus.nix Normal file
View file

@ -0,0 +1,23 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/hephaestus
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

3
home/default.nix
View file

@ -2,7 +2,6 @@
imports = [ imports = [
./alacritty.nix ./alacritty.nix
./bat.nix ./bat.nix
./direnv.nix
./emacs.nix ./emacs.nix
./env.nix ./env.nix
./firefox.nix ./firefox.nix
@ -10,8 +9,8 @@
./flameshot.nix ./flameshot.nix
./git.nix ./git.nix
./gtk.nix ./gtk.nix
./jj.nix
./laptop.nix ./laptop.nix
./lorri.nix
./mail.nix ./mail.nix
./rbw.nix ./rbw.nix
./rofi.nix ./rofi.nix

9
home/emacs.nix
View file

@ -26,12 +26,9 @@ in {
sqlite # needed by org-roam sqlite # needed by org-roam
# fonts used by my config # fonts used by my config
emacs-all-the-icons-fonts
;
inherit emacs-all-the-icons-fonts
(pkgs.unstable.nerd-fonts) iosevka-bin
iosevka
; ;
}; };
# make sure above fonts are discoverable # make sure above fonts are discoverable
@ -46,7 +43,7 @@ in {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = pkgs.emacs30-pgtk; package = pkgs.emacs29;
extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e]; extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e];
}; };
}; };

5
home/fish/functions/nfl.fish
View file

@ -1,4 +1,7 @@
function nfl function nfl
set -l flags "--commit-lock-file" set -l flags "--commit-lock-file"
nix flake update $flags $argv for flake in $argv
set -a flags "--update-input" "$flake"
end
nix flake lock $flags
end end

10
home/gtk.nix
View file

@ -20,20 +20,16 @@ in {
gtk2 = { gtk2 = {
# No garbage polluting my $HOME # No garbage polluting my $HOME
# configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
# I had this enabled but some program somehow couldn't find my
# configuration there. I think it was nm-applet.
#
#configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
}; };
iconTheme = { iconTheme = {
package = pkgs.gnome-themes-extra; package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita"; name = "Adwaita";
}; };
theme = { theme = {
package = pkgs.gnome-themes-extra; package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita"; name = "Adwaita";
}; };
}; };

8
home/jj.nix
View file

@ -1,8 +0,0 @@
{pkgs, ...}: {
home.packages = [
pkgs.jujutsu
];
xdg.configFile = {
"jj/config.toml".source = ./jj/config.toml;
};
}

106
home/jj/config.toml
View file

@ -1,106 +0,0 @@
[user]
name = "Antoine Martin"
email = "antoine@alarsyo.net"
[ui]
diff-editor = ":builtin"
paginate = "auto"
editor = "vim"
pager = "less -FRX"
default-command = "logstatus"
[ui.movement]
edit = false
[git]
subprocess = true
[snapshot]
auto-track = "none()"
[aliases]
pdiff = ["diff", "-r", "@-"]
tug = ["bookmark", "move", "--from", "closest_bookmark(@-)", "--to", "@-"]
ll = ["log", "-T", "builtin_log_detailed"]
l = ["log", "-T", "builtin_log_compact"]
logstatus = ["util", "exec", "--", "sh", "-c", "jj status && jj log"]
[revset-aliases]
'closest_bookmark(to)' = 'heads(::to & bookmarks())'
[templates]
log = "builtin_log_comfortable"
log_node = '''
coalesce(
if(!self, label("elided", "~")),
label(
separate(" ",
if(current_working_copy, "working_copy"),
if(immutable, "immutable"),
if(conflict, "conflict"),
if(description.starts_with("wip:"), "wip"),
if(description.starts_with("private:"), "private"),
),
coalesce(
if(current_working_copy, "@"),
if(immutable, "◆"),
if(conflict, "×"),
if(description.starts_with("wip:"), "!"),
if(description.starts_with("private:"), "!"),
"○",
)
)
)
'''
draft_commit_description = "commit_description_verbose(self)"
[template-aliases]
"commit_description_verbose(commit)" = '''
concat(
commit_description(commit),
"JJ: ignore-rest\n",
diff.git(),
)
'''
"changelog_entry(file)" = '''
concat(
"* ",
f.path(),
":\n",
)
'''
"commit_description_changelog(commit)" = '''
concat(
commit.description(), "\n",
surround("", "\n", diff.files().map(|f| if(!commit.description().contains(f.path()),
changelog_entry(f)
)
).join("")),
"JJ: This commit contains the following changes:\n",
indent("JJ: ", diff.stat(72)),
)
'''
"commit_description(commit)" = '''
concat(
commit.description(), "\n",
"JJ: This commit contains the following changes:\n",
indent("JJ: ", diff.stat(72)),
)
'''
[[--scope]]
--when.repositories = ["~/work/lrde/"]
[--scope.user]
email = "amartin@lrde.epita.fr"
[[--scope]]
--when.repositories = ["~/work/prologin/"]
[--scope.user]
email = "antoine.martin@prologin.org"
[[--scope]]
--when.repositories = ["~/work/epita/"]
[--scope.user]
email = "antoine4.martin@epita.fr"

8
home/direnv.nix → home/lorri.nix
View file

@ -9,15 +9,17 @@
mkIf mkIf
; ;
cfg = config.my.home.direnv; cfg = config.my.home.lorri;
in { in {
options.my.home.direnv = { options.my.home.lorri = {
enable = (mkEnableOption "setup direnv usage") // {default = true;}; enable = (mkEnableOption "lorri daemon setup") // {default = true;};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.lorri.enable = true;
programs.direnv = { programs.direnv = {
enable = true; enable = true;
# FIXME: proper file, not lorri.nix
nix-direnv = { nix-direnv = {
enable = true; enable = true;
}; };

1
home/mail.nix
View file

@ -81,7 +81,6 @@ in {
aliases = [ aliases = [
"alarsyo@alarsyo.net" "alarsyo@alarsyo.net"
"antoine@amartin.email" "antoine@amartin.email"
"mail@antoinemartin.fr"
]; ];
flavor = "plain"; # default setting flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}"; passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}";

6
home/tmux.nix
View file

@ -19,7 +19,6 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.tmux = { programs.tmux = {
enable = true; enable = true;
escapeTime = 0;
baseIndex = 1; baseIndex = 1;
terminal = "screen-256color"; terminal = "screen-256color";
clock24 = true; clock24 = true;
@ -34,10 +33,9 @@ in {
''; '';
} }
{ {
plugin = pkgs.tmuxPlugins.catppuccin; plugin = tmuxPlugins.tmux-colors-solarized;
extraConfig = '' extraConfig = ''
set -g @catppuccin_flavor 'latte' set -g @colors-solarized 'light'
set -g @catppuccin_window_status_style "rounded"
''; '';
} }
]; ];

15
home/tridactylrc
View file

@ -5,11 +5,6 @@
" as an enforced single point of truth for Tridactyl's configuration. " as an enforced single point of truth for Tridactyl's configuration.
sanitize tridactyllocal tridactylsync sanitize tridactyllocal tridactylsync
" Ergo-L chars, alternating between right and left hand. I also omitted
" punctuation like `-` and `,`. Tridactyl supports it but the visual hints won't
" look as good.
set hintchars rnteisualfhvdockzgxyq
" Ctrl-F should use the browser's native 'find' functionality. " Ctrl-F should use the browser's native 'find' functionality.
unbind <C-f> unbind <C-f>
@ -23,10 +18,8 @@ bind ,<Space> nohlsearch
" case insensitive if lowercase, case sensitive if using some uppercase letters " case insensitive if lowercase, case sensitive if using some uppercase letters
set findcase smart set findcase smart
set modeindicatormodes {"ignore": "false"}
" New reddit is bad " New reddit is bad
" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old") autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Orange site / Reddit / Lobste.rs specific hints to toggle comments " Orange site / Reddit / Lobste.rs specific hints to toggle comments
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"] bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
@ -38,14 +31,8 @@ set editorcmd emacsclient -c
set yankto both set yankto both
blacklistadd calendar.google.com blacklistadd calendar.google.com
blacklistadd keybr.com
blacklistadd ergol.org
blacklistadd monkeytype.com
blacklistadd jellyfin.alarsyo.net blacklistadd jellyfin.alarsyo.net
blacklistadd localhost blacklistadd localhost
blacklistadd netflix.com blacklistadd netflix.com
blacklistadd primevideo.com blacklistadd primevideo.com
blacklistadd youtube.com blacklistadd youtube.com
" prevent teams from crashing
seturl teams.microsoft.com superignore true

14
home/x/cursor.nix
View file

@ -16,16 +16,12 @@ in {
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.pointerCursor = { home.pointerCursor = {
#package = pkgs.capitaine-cursors; package = pkgs.capitaine-cursors;
#name = "capitaine-cursors"; name = "capitaine-cursors";
#package = pkgs.catppuccin-cursors.frappeDark; # available sizes for capitaine-cursors are:
#name = "catppuccin-frappe-dark-cursors"; # 24, 30, 36, 48, 60, 72
package = pkgs.bibata-cursors; size = 30;
name = "Bibata-Modern-Classic";
# https://unix.stackexchange.com/a/743543
size = 24;
x11.enable = true; x11.enable = true;
gtk.enable = true;
}; };
}; };
} }

7
home/x/i3.nix
View file

@ -6,12 +6,11 @@
}: let }: let
inherit inherit
(lib) (lib)
mkEnableOption
mkIf mkIf
mkOptionDefault mkOptionDefault
; ;
isEnabled = config.my.home.x.i3.enable; isEnabled = config.my.home.x.enable;
myTerminal = myTerminal =
# FIXME: fix when terminal is setup in home # FIXME: fix when terminal is setup in home
@ -27,10 +26,6 @@
i3Theme = config.my.theme.i3Theme; i3Theme = config.my.theme.i3Theme;
in { in {
options.my.home.x.i3 = {
enable = mkEnableOption "i3wm configuration";
};
config = mkIf isEnabled { config = mkIf isEnabled {
my.home = { my.home = {
flameshot.enable = true; flameshot.enable = true;

3
home/x/i3bar.nix
View file

@ -13,7 +13,7 @@
types types
; ;
isEnabled = config.my.home.x.i3.enable; isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme; i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar; cfg = config.my.home.x.i3bar;
in { in {
@ -41,6 +41,7 @@ in {
inherit inherit
(pkgs) (pkgs)
# FIXME: is this useful? # FIXME: is this useful?
font-awesome font-awesome
; ;
}; };

42
hosts/boreal/default.nix
View file

@ -24,12 +24,10 @@
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
boot.supportedFilesystems = { boot.supportedFilesystems = [
btrfs = true; "btrfs"
ntfs = true; "ntfs"
}; ];
services.xserver.windowManager.i3.enable = true;
services.btrfs = { services.btrfs = {
autoScrub = { autoScrub = {
@ -86,6 +84,7 @@
services = { services = {
openssh = { openssh = {
enable = true; enable = true;
forwardX11 = true;
}; };
}; };
my.gui = { my.gui = {
@ -93,23 +92,18 @@
isNvidia = true; isNvidia = true;
}; };
hardware = { my.wakeonwlan.interfaces.phy0.methods = [
bluetooth = { "magic-packet"
enable = true; "disconnect"
powerOnBoot = false; "gtk-rekey-failure"
}; "eap-identity-request"
nvidia = { "rfkill-release"
open = true; ];
modesetting.enable = true;
}; services.udev.packages = [pkgs.chrysalis];
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
}; };
environment.systemPackages = with pkgs; [foot waybar wofi];
programs.hyprland.enable = true;
programs.hyprlock.enable = true;
programs.waybar.enable = true;
programs.foot.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.power-profiles-daemon.enable = true;
} }

6
hosts/boreal/home.nix
View file

@ -4,11 +4,11 @@
... ...
}: { }: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "20.09"; # TODO: can probably upgrade me
home.stateVersion = "21.05";
# Keyboard settings & i3 settings # Keyboard settings & i3 settings
my.home.x.enable = true; my.home.x.enable = true;
my.home.x.i3.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*"; my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"]; my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"]; my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
@ -20,11 +20,13 @@
inherit inherit
(pkgs) (pkgs)
# some websites only work there :( # some websites only work there :(
chromium chromium
darktable darktable
hugin hugin
enblend-enfuse enblend-enfuse
# dev # dev
rustup rustup
; ;

60
hosts/hades/default.nix
View file

@ -57,7 +57,7 @@ in {
my.services = { my.services = {
fail2ban.enable = true; fail2ban.enable = true;
forgejo = { gitea = {
enable = true; enable = true;
privatePort = 8082; privatePort = 8082;
}; };
@ -81,12 +81,6 @@ in {
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path; secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
}; };
mealie = {
enable = true;
port = 8090;
credentialsFile = config.age.secrets."mealie/secret-config".path;
};
microbin = { microbin = {
enable = true; enable = true;
privatePort = 8088; privatePort = 8088;
@ -118,6 +112,11 @@ in {
secretKeyFile = config.age.secrets."paperless/secret-key".path; secretKeyFile = config.age.secrets."paperless/secret-key".path;
}; };
photoprism = {
enable = true;
port = 8084;
};
pleroma = { pleroma = {
enable = true; enable = true;
port = 8086; port = 8086;
@ -157,53 +156,6 @@ in {
services = { services = {
openssh.enable = true; openssh.enable = true;
vnstat.enable = true; vnstat.enable = true;
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/hades-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
};
};
}; };
virtualisation.docker.enable = true; virtualisation.docker.enable = true;

4
hosts/hades/home.nix
View file

@ -1,6 +1,8 @@
{config, ...}: { {config, ...}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "22.05"; # TODO: can probably upgrade me
home.stateVersion = "21.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };
} }

6
hosts/hades/secrets.nix
View file

@ -13,7 +13,7 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"gitlab-runner/hades-nix-runner-env" = {}; "gandi/api-key" = {};
"lohr/shared-secret" = {}; "lohr/shared-secret" = {};
@ -21,8 +21,6 @@
owner = "matrix-synapse"; owner = "matrix-synapse";
}; };
"mealie/secret-config" = {};
"microbin/secret-config" = {}; "microbin/secret-config" = {};
"miniflux/admin-credentials" = {}; "miniflux/admin-credentials" = {};
@ -31,8 +29,6 @@
owner = "nextcloud"; owner = "nextcloud";
}; };
"ovh/credentials" = {};
"paperless/admin-password" = {}; "paperless/admin-password" = {};
"paperless/secret-key" = {}; "paperless/secret-key" = {};

246
hosts/hephaestus/default.nix Normal file
View file

@ -0,0 +1,246 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
hardware.amdgpu.opencl = false;
boot.kernelPackages = pkgs.linuxPackages;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# boot.initrd.systemd.enable = true;
# boot.plymouth.enable = true;
# boot.kernelParams = ["quiet"];
boot.initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "hephaestus"; # Define your hostname.
networking.domain = "alarsyo.net";
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:hephaestus-backup";
passwordFile = config.age.secrets."restic-backup/hephaestus-password".path;
environmentFile = config.age.secrets."restic-backup/hephaestus-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
virtualisation.docker.enable = true;
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
services = {
tlp = {
enable = true;
settings = {
START_CHARGE_THRESH_BAT0 = 70;
STOP_CHARGE_THRESH_BAT0 = 80;
};
};
fwupd.enable = true;
openssh.enable = true;
};
my.gui.enable = true;
my.displayManager.sddm.enable = lib.mkForce false;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
};
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
services.power-profiles-daemon.enable = false;
services.autorandr = {
enable = true;
profiles = {
default = {
fingerprint = {
"eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018";
};
config = {
"eDP-1" = {
enable = true;
crtc = 0;
primary = true;
position = "0x0";
mode = "1920x1080";
};
};
};
dock = {
fingerprint = {
"eDP-1" = "00ffffffffffff0030e42c0600000000001c0104a51f117802aa95955e598e271b5054000000010101010101010101010101010101012e3680a070381f403020350035ae1000001ab62c80f4703816403020350035ae1000001a000000fe004c4720446973706c61790a2020000000fe004c503134305746412d535044340018";
"DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1";
"DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035";
};
config = {
"eDP-1" = {
enable = true;
primary = false;
position = "3000x840";
mode = "1920x1080";
};
"DP-4" = {
enable = true;
primary = true;
position = "0x420";
mode = "1920x1080";
};
"DP-5" = {
enable = true;
primary = false;
position = "1920x0";
mode = "1920x1080";
rotate = "left";
};
};
};
dock-lid-closed = {
fingerprint = {
"DP-4" = "00ffffffffffff0026cd4161fb060000021e0104a5351e783aee35a656529d280b5054b74f00714f818081c081009500b300d1c0d1cf023a801871382d40582c45000f282100001e000000fd00374c1e5512000a202020202020000000ff0031313634383030323031373837000000fc00504c32343933480a202020202001c9020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000182a4480a070382740302035000f282100001a00000000000000000000000000a1";
"DP-5" = "00ffffffffffff0026cd4561990000001f1c0104a5351e783ace65a657519f270f5054b30c00714f818081c081009500b300d1c00101023a801871382d40582c45000f282100001e000000fd00374c1e5311000a202020202020000000ff0031313634384238383030313533000000fc00504c32343933480a202020202001d3020318f14b9002030411121305141f012309070183010000023a801871382d40582c45000f282100001e8c0ad08a20e02d10103e96000f2821000018011d007251d01e206e2855000f282100001e8c0ad090204031200c4055000f28210000180000000000000000000000000000000000000000000000000000000000000035";
};
config = {
"DP-4" = {
enable = true;
primary = true;
position = "0x420";
mode = "1920x1080";
};
"DP-5" = {
enable = true;
primary = false;
position = "1920x0";
mode = "1920x1080";
rotate = "left";
};
};
};
};
};
systemd.services.autorandr-lid-listener = {
wantedBy = ["multi-user.target"];
description = "Listening for lid events to invoke autorandr";
serviceConfig = {
Type = "simple";
ExecStart = let
stdbufExe = lib.getExe' pkgs.coreutils "stdbuf";
libinputExe = lib.getExe' pkgs.libinput "libinput";
grepExe = lib.getExe pkgs.gnugrep;
autorandrExe = lib.getExe pkgs.autorandr;
in
pkgs.writeShellScript "lid-listener.sh" ''
${stdbufExe} -oL ${libinputExe} debug-events |
${grepExe} -E --line-buffered '^[[:space:]-]+event[0-9]+[[:space:]]+SWITCH_TOGGLE[[:space:]]' |
while read line; do
${pkgs.systemd}/bin/systemctl start --no-block autorandr.service
done
'';
Restart = "always";
RestartSec = "30";
};
};
# Configure console keymap
console.keyMap = "us";
programs.light.enable = true;
}

45
hosts/hephaestus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,45 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/54ded736-367c-4081-9978-9e2d8f61cb1b";
fsType = "btrfs";
options = ["subvol=@"];
};
boot.initrd.luks.devices."luks-df96458d-45a1-4a30-8633-58feeff603f8".device = "/dev/disk/by-uuid/df96458d-45a1-4a30-8633-58feeff603f8";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/826A-23F7";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

49
hosts/hephaestus/home.nix Normal file
View file

@ -0,0 +1,49 @@
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
# TODO: can probably upgrade me
home.stateVersion = "21.05";
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tctl"];
my.home.x.i3bar.networking.throughput_interfaces = ["wlp3s0" "enp6s0f3u1u1"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
# TODO: place in global home conf
services.dunst.enable = true;
home.packages = builtins.attrValues {
inherit
(pkgs)
# some websites only work there :(
chromium
darktable
# dev
rustup
gdb
valgrind
arandr
zotero
;
inherit
(pkgs.packages)
ansel
spot
;
inherit (pkgs.wineWowPackages) stable;
};
};
}

23
hosts/hephaestus/secrets.nix Normal file
View file

@ -0,0 +1,23 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/hephaestus-credentials" = {};
"restic-backup/hephaestus-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

97
hosts/talos/default.nix
View file

@ -16,16 +16,9 @@
./secrets.nix ./secrets.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages_6_12; hardware.amdgpu.opencl = false;
# Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could
# lead to bad Wi-Fi performance boot.kernelPackages = pkgs.linuxPackages_6_6;
boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = { boot.loader.systemd-boot = {
@ -48,10 +41,7 @@
networking.domain = "alarsyo.net"; networking.domain = "alarsyo.net";
# Pick only one of the below networking options. # Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager = { networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
enable = true;
wifi.powersave = true;
};
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Paris"; time.timeZone = "Europe/Paris";
@ -61,6 +51,7 @@
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
programs = { programs = {
dconf.enable = true;
light.enable = true; light.enable = true;
}; };
services = { services = {
@ -69,10 +60,7 @@
}; };
virtualisation = { virtualisation = {
docker.enable = true; docker.enable = true;
libvirtd.enable = false; libvirtd.enable = true;
virtualbox.host = {
enable = false;
};
}; };
my.services = { my.services = {
@ -82,54 +70,10 @@
}; };
pipewire.enable = true; pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
"*.vbox"
"*.vdi"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
}; };
my.gui.enable = true; my.gui.enable = true;
my.displayManager.sddm.enable = lib.mkForce false;
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -137,7 +81,6 @@
settings.General.Experimental = true; settings.General.Experimental = true;
}; };
hardware.keyboard.qmk.enable = true;
# Configure console keymap # Configure console keymap
console.keyMap = "us"; console.keyMap = "us";
@ -153,30 +96,22 @@
LC_TELEPHONE = "fr_FR.UTF-8"; LC_TELEPHONE = "fr_FR.UTF-8";
}; };
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment. # Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true; services.xserver.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
services.xserver.desktopManager.plasma5.enable = true;
services.power-profiles-daemon.enable = true; services.power-profiles-daemon.enable = true;
environment.systemPackages = [ programs.hyprland.enable = true;
pkgs.foot
# FIXME: is this needed?
pkgs.darkman
];
#programs.hyprland.enable = true;
programs.sway = { programs.sway = {
enable = true; enable = true;
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
}; };
# TODO: These are overriden by files from
# ~/.config/xdg-desktop-portal/sway-portals.conf so they should be moved to
# home
xdg.portal.config.sway = {
"org.freedesktop.impl.portal.Settings" = "darkman";
"org.freedesktop.impl.portal.Inhibit" = "none";
};
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix. # accidentally delete configuration.nix.

15
hosts/talos/disko-config.nix
View file

@ -20,7 +20,7 @@
}; };
}; };
luks = { luks = {
size = "600G"; size = "100%";
content = { content = {
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
@ -35,24 +35,19 @@
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"@" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"@home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"@nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"@persist" = { "/swap" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
"@snapshots" = {};
"@swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";
swap.swapfile.size = "8G"; swap.swapfile.size = "8G";
}; };

202
hosts/talos/home.nix
View file

@ -1,16 +1,10 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: let }: {
inherit
(lib)
mkOptionDefault
;
in {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "23.11"; home.stateVersion = "24.05";
my.home.laptop.enable = true; my.home.laptop.enable = true;
@ -23,186 +17,32 @@ in {
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
services = { # TODO: place in global home conf
# TODO: place in global home conf services.dunst.enable = true;
dunst.enable = true;
wlsunset = {
enable = true;
latitude = 48.9;
longitude = 2.3;
temperature = {
day = 6500;
night = 3500;
};
};
darkman = {
enable = true;
settings = {
lat = 48.9;
lng = 2.3;
};
};
};
home.packages = builtins.attrValues { home.packages = builtins.attrValues {
inherit inherit
(pkgs) (pkgs)
ansel # some websites only work there :(
chromium # some websites only work there :(
font-awesome # for pretty icons chromium
gnome-solanum darktable
nwg-displays # dev
shikane # output autoconfig
swaybg rustup
gdb
valgrind
arandr
zotero zotero
; ;
inherit #inherit
(pkgs.packages) # (pkgs.packages)
spot # ansel
; # spot
# ;
inherit (pkgs.wineWowPackages) stable;
}; };
wayland.windowManager.sway = let
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
lock = "swaylock --daemonize --image ~/.wallpaper --scaling fill";
in {
enable = true;
swaynag.enable = true;
wrapperFeatures.gtk = true;
config = {
modifier = "Mod4";
input = {
"type:keyboard" = {
xkb_layout = "fr";
xkb_variant = "us";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
};
};
output = {
"eDP-1" = {
scale = "1.5";
};
};
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
bars = [];
keybindings = mkOptionDefault {
"Mod4+Shift+a" = "exec shikanectl reload";
"Mod4+Shift+e" = ''mode "${logoutMode}"'';
"Mod4+i" = "exec emacsclient --create-frame";
"Mod4+Control+l" = "exec ${lock}";
"XF86AudioMute" = "exec wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86AudioLowerVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%- -l 1.2";
"XF86AudioRaiseVolume" = "exec wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+ -l 1.2";
"XF86MonBrightnessUp" = "exec light -A 5";
"XF86MonBrightnessDown" = "exec light -U 5";
};
modes = mkOptionDefault {
"${logoutMode}" = {
"l" = "exec --no-startup-id swaymsg exit, mode default";
"s" = "exec --no-startup-id systemctl suspend, mode default";
"p" = "exec --no-startup-id systemctl poweroff, mode default";
"r" = "exec --no-startup-id systemctl reboot, mode default";
"Escape" = "mode default";
"Return" = "mode default";
};
};
menu = "fuzzel --list-executables-in-path";
startup = [
{command = "shikane";}
{command = "waybar";}
{
command = "swaybg --image ~/.wallpaper --mode fill";
always = true;
}
{command = "swayidle -w idlehint 1 before-sleep \"${lock}\"";}
];
};
extraConfig = ''
bindswitch --reload --locked lid:off output eDP-1 enable;
bindswitch --reload --locked lid:on output eDP-1 disable;
bindgesture swipe:right workspace prev
bindgesture swipe:left workspace next
set $rosewater #dc8a78
set $flamingo #dd7878
set $pink #ea76cb
set $mauve #8839ef
set $red #d20f39
set $maroon #e64553
set $peach #fe640b
set $yellow #df8e1d
set $green #40a02b
set $teal #179299
set $sky #04a5e5
set $sapphire #209fb5
set $blue #1e66f5
set $lavender #7287fd
set $text #4c4f69
set $subtext1 #5c5f77
set $subtext0 #6c6f85
set $overlay2 #7c7f93
set $overlay1 #8c8fa1
set $overlay0 #9ca0b0
set $surface2 #acb0be
set $surface1 #bcc0cc
set $surface0 #ccd0da
set $base #eff1f5
set $mantle #e6e9ef
set $crust #dce0e8
# target title bg text indicator border
client.focused $lavender $lavender $base $rosewater $lavender
client.focused_inactive $overlay0 $base $text $rosewater $overlay0
client.unfocused $overlay0 $base $text $rosewater $overlay0
client.urgent $peach $base $peach $overlay0 $peach
client.placeholder $overlay0 $base $text $overlay0 $overlay0
client.background $base
smart_borders on
default_border pixel 3
gaps inner 5
gaps outer 3
'';
};
programs = {
fuzzel.enable = true;
swaylock.enable = true;
waybar = {
enable = true;
};
};
home.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
};
# FIXME: belongs elsewhere
services = {
logind = {
lidSwitch = "suspend";
lidSwitchExternalPower = "ignore";
extraConfig = ''
IdleAction=suspend
IdleActionSec=10min
'';
};
upower.enable = true;
}; };
} }

4
hosts/talos/secrets.nix
View file

@ -13,8 +13,8 @@
// attrs; // attrs;
in in
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"restic-backup/talos-credentials" = {}; #"restic-backup/hephaestus-credentials" = {};
"restic-backup/talos-password" = {}; #"restic-backup/hephaestus-password" = {};
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};

52
hosts/thanatos/default.nix
View file

@ -35,56 +35,6 @@ in {
}; };
services = { services = {
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
default = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
dockerImage = "debian:stable";
};
};
};
openssh.enable = true; openssh.enable = true;
}; };
@ -93,6 +43,4 @@ in {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
docker-compose docker-compose
]; ];
nix.gc.automatic = lib.mkForce false;
} }

3
hosts/thanatos/home.nix
View file

@ -1,6 +1,7 @@
{config, ...}: { {config, ...}: {
home-manager.users.alarsyo = { home-manager.users.alarsyo = {
home.stateVersion = "23.11"; # TODO: can probably upgrade me
home.stateVersion = "21.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight; my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
}; };

2
hosts/thanatos/secrets.nix
View file

@ -15,8 +15,6 @@
lib.mapAttrs toSecret { lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {}; "users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {}; "users/root-hashed-password" = {};
"gitlab-runner/thanatos-runner-env" = {};
"gitlab-runner/thanatos-nix-runner-env" = {};
}; };
}; };
} }

24
modules/sddm.nix
View file

@ -15,17 +15,23 @@ in {
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup"; options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
config = mkIf cfg.enable { config = mkIf cfg.enable {
services.displayManager.sddm = { services.xserver.displayManager.sddm = {
enable = true; enable = true;
theme = "catppuccin-latte"; theme = "sugar-candy";
wayland.enable = true;
}; };
environment.systemPackages = [ environment.systemPackages = builtins.attrValues {
(pkgs.catppuccin-sddm.override inherit
{ (pkgs.packages)
flavor = "latte"; sddm-sugar-candy
}) ;
];
inherit
(pkgs.libsForQt5.qt5)
qtgraphicaleffects
qtquickcontrols2
qtsvg
;
};
}; };
} }

8
modules/secrets/gitlab-runner/hades-nix-runner-env.age
View file

@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw 0Qkzquxwa8PSNg6yq+CsfC4JfPLfxEIBKq1krrynlxg
QOHmNCQsV10zSnYvEeSpK95oXXlS+J4pw6EIR1KzxoU
-> ssh-ed25519 pX8y2g YbFzF2/mWizY4SOnNKzkcBEEsHYc1mTCpzWZ5vf6Zy0
p2E9Uh0rWa8qbf2SvB5e4lxS+MEx5KGumKd28UHW0/0
--- naIsBkYqZMgekqmxTgESGMuFIKoagS68mfXbid7k9e0
U´<"Œ°´{24>—eµ^ûˆ™ÎÇ*C³†íg f†{ÊúÞvѨËIÈå_Á¬Fúoe3.6,cFÕK
<EFBFBD>»$ª9]¦@Ñê{<ÃáºÅAsªÿp!v¼ תîí‰ÌÇ•C<E280A2>çãrÄ0iVìö8ý>~L

BIN
modules/secrets/gitlab-runner/thanatos-nix-runner-env.age
View file

Binary file not shown.

7
modules/secrets/gitlab-runner/thanatos-runner-env.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
YMZÓíî:ú{R­^n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>ÝXx=7”‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ540ÞGâŒ÷ðÌŸ­±Q<C2B1>Êë·±Ÿw¡

BIN
modules/secrets/mealie/secret-config.age
View file

Binary file not shown.

7
modules/secrets/ovh/credentials.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8
ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo
-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM
SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8
--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M
ÁXª¨àeéˆaLQ H2*ZÅTé¿ ®P;Ý(jCÌ€k‡ viäµû<C2B5>ÿħ¡à†kæ`™ô]mò<6D>ÿBñ ,³±,ü÷?!¶{àŠ%­eÙì(„Su¿-SŸD¢¾“=H#‡„¼Þq=ï<>Uùí;=OÍ <÷R¼ÇÎE±“<+&­èdÂæ<18>>G+_oP¥Þ]ÿê¦RÄßL$Ö³\š°ü0ø¤N!þ"Áã&÷%Nž à<ËÃ,òv°1ÿÊÚj1

9
modules/secrets/restic-backup/hephaestus-credentials.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw tTdHZJpSocTHlznYH9eRzeZkrYBbsdT4F8jV1FKw/yk
xKIkYhL/A8wTy6LqDkTuUvm4rhDI6+DXwjzl43PcR8E
-> ssh-ed25519 SYm+hA vzQCZWYdgG0yxUEyGJ4Q8EAh1Kzw5CutDa6q6XSaels
Y7VqpvLfrUvWZcXqGeulRld9kff03kgzz22UBW77AOw
-> j-c8-grease
WeQ
--- KHLA1KlfWM432GDbPIiKInzZeqVRJZ2YCKtF3qClfgs
 ü8Êâ5œ¢|<7C>ŒòQx_5':Á½È ´A?îÎÚ¡ÄÛ ­ØŠ¾þèoAx‰)rýd!Š(´®”èѨ5£¸ìô~ý\†ŽLd"^ÑZ¨Z^®…Vï/‡§5Ë•¶¢¨Ý¦<C39D>a诲áḷo]O/®Eueà†

9
modules/secrets/restic-backup/hephaestus-password.age Normal file
View file

@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw 2/spllcr7Fo+1sQ4VJW/MywBVUcpKEbicv4vZQyre0c
Vc2Wugxc5M4i73UKMFXWA2PeHgUOm/+HekoeYt9ycro
-> ssh-ed25519 SYm+hA KFjo2JVxpdOey8A7GAKeZci+ezE0RYBRKR8vNtloU3M
SAzpTjF/RGOgjawT2Sk5H7TNnk/SdbksuAcZZqakJOs
-> !!6BS-grease Gs<Om0
d7WvJNMg3OX9CwWvGNWCuViu1X+e9oFE5vZQixfaJI3xKax2lTNh
--- QICRX2ve/1CFNHjnVXDpue3DRlFbTftu9yrWw745gVk
|†`F…3Þ°˜¤VEû²ÊósßK³ÞQwÿÙ$ùÉŒ{‘¨¯†>¹Hˆ7Þh™î”Ä©Û2ÅïÂÈÆcH^¸×÷Ÿ© X_ñæzv'¢ÄÐ!Zkš_„þÉ0Ë}Yo•je§¼<icé{SkÁ|1Ÿalé*ü7ÓÖŒF«Þ9j¬\§X{¢¾#H7ÑŒ¢!><.^¸¿[ï£q4åpP

7
modules/secrets/restic-backup/talos-credentials.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw WWJQxqfxQzLmBFPpTzuKBMhAl+ZxnQdvnaDvfpwxR00
tEsf6xSw/MP/qJnr/SyLlkEEf/LaI7IxjVzaxRwh5FI
-> ssh-ed25519 nh0dAQ yRu0VZqx+DuB3SSQaVtg+txuRu9OyJDfLDNCKg9XYk0
xTpucapaejG2EMrZLIDt46JD3QYM4XXT1Y2F77HPQO8
--- uZjO0dDIFesU2B/GkjpqrOJas1+K6hGbQAdFV/t1GOk
BV͵Ç\Õ 8 Û‘¾ºý[%<25>½l^>9<>\Eö5¹šþ¿Új(6èÜgå;(I7CS4èv6ièÉÐþSªÐXïC»ï`OòT™ŒÓÚ\ô;I·Ýœò6ƒ<36>_k˜éy-‡±¹½qKl†¾ôKþÓ hŠ?tô

BIN
modules/secrets/restic-backup/talos-password.age
View file

Binary file not shown.

15
modules/secrets/secrets.nix
View file

@ -4,33 +4,26 @@ let
boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal"; boreal = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAagal1aqZh52wEmgsw7fkCzO41o4Cx+nV4wJGZuX1RP root@boreal";
hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades"; hades = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMxw8CtKUPAiPdKDEnuS7UyRrZN5BkUwsy5UPVF8V+lt root@hades";
hephaestus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7Cp+n5+huof68QlAoJV8bVf5h5p9kEZFAVpltWopdL root@hephaestus";
talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos"; talos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMBYcmL9HZJ9SqB9OJwQ0Nt6ZbvHZTS+fzM8A6D5MPZs root@talos";
thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos"; thanatos = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID8JEAWk/8iSl8fN6/f76JkmVFwtyixTpLol4zSVsnVw root@thanatos";
machines = [boreal hades talos thanatos]; machines = [boreal hades hephaestus talos thanatos];
all = users ++ machines; all = users ++ machines;
in { in {
"gandi/api-key.age".publicKeys = [alarsyo hades]; "gandi/api-key.age".publicKeys = [alarsyo hades];
"gitlab-runner/hades-nix-runner-env.age".publicKeys = [alarsyo hades];
"gitlab-runner/thanatos-runner-env.age".publicKeys = [alarsyo thanatos];
"gitlab-runner/thanatos-nix-runner-env.age".publicKeys = [alarsyo thanatos];
"lohr/shared-secret.age".publicKeys = [alarsyo hades]; "lohr/shared-secret.age".publicKeys = [alarsyo hades];
"matrix-synapse/secret-config.age".publicKeys = [alarsyo hades]; "matrix-synapse/secret-config.age".publicKeys = [alarsyo hades];
"mealie/secret-config.age".publicKeys = [alarsyo hades];
"microbin/secret-config.age".publicKeys = [alarsyo hades]; "microbin/secret-config.age".publicKeys = [alarsyo hades];
"miniflux/admin-credentials.age".publicKeys = [alarsyo hades]; "miniflux/admin-credentials.age".publicKeys = [alarsyo hades];
"nextcloud/admin-pass.age".publicKeys = [alarsyo hades]; "nextcloud/admin-pass.age".publicKeys = [alarsyo hades];
"ovh/credentials.age".publicKeys = [alarsyo hades];
"paperless/admin-password.age".publicKeys = [alarsyo hades]; "paperless/admin-password.age".publicKeys = [alarsyo hades];
"paperless/secret-key.age".publicKeys = [alarsyo hades]; "paperless/secret-key.age".publicKeys = [alarsyo hades];
@ -40,8 +33,8 @@ in {
"restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal]; "restic-backup/boreal-credentials.age".publicKeys = [alarsyo boreal];
"restic-backup/hades-password.age".publicKeys = [alarsyo hades]; "restic-backup/hades-password.age".publicKeys = [alarsyo hades];
"restic-backup/hades-credentials.age".publicKeys = [alarsyo hades]; "restic-backup/hades-credentials.age".publicKeys = [alarsyo hades];
"restic-backup/talos-password.age".publicKeys = [alarsyo talos]; "restic-backup/hephaestus-password.age".publicKeys = [alarsyo hephaestus];
"restic-backup/talos-credentials.age".publicKeys = [alarsyo talos]; "restic-backup/hephaestus-credentials.age".publicKeys = [alarsyo hephaestus];
"users/root-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/root-hashed-password.age".publicKeys = machines ++ [alarsyo];
"users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo]; "users/alarsyo-hashed-password.age".publicKeys = machines ++ [alarsyo];

155
pkgs/ansel/default.nix Normal file
View file

@ -0,0 +1,155 @@
{
cmake,
colord,
colord-gtk,
curl,
dav1d,
desktop-file-utils,
exiftool,
exiv2,
fetchFromGitHub,
glib,
gmic,
graphicsmagick,
gtk3,
icu,
intltool,
isocodes,
jasper,
json-glib,
lcms,
lensfun,
lib,
libXdmcp,
libXtst,
libaom,
libavif,
libdatrie,
libde265,
libepoxy,
libffi,
libgcrypt,
libgpg-error,
libheif,
libjpeg,
libpsl,
librsvg,
libsecret,
libselinux,
libsepol,
libsoup,
libsysprof-capture,
libthai,
libwebp,
libxkbcommon,
libxml2,
libxslt,
llvmPackages,
openexr_3,
openjpeg,
osm-gps-map,
pcre,
pcre2,
perlPackages,
pkg-config,
pugixml,
python3Packages,
rav1e,
sqlite,
stdenv,
util-linux,
wrapGAppsHook,
x265,
}:
stdenv.mkDerivation {
pname = "ansel";
version = "unstable-2024-01-05";
src = fetchFromGitHub {
owner = "aurelienpierreeng";
repo = "ansel";
rev = "e2c4a0a60cd80f741dd3d3c6ab72be9ac11234fb";
hash = "sha256-Kg020MHy9fn1drCk+66f25twqczvD/5evutDODqOjYM=";
fetchSubmodules = true;
};
nativeBuildInputs = [
cmake
desktop-file-utils
exiftool
intltool
libxml2
llvmPackages.clang
llvmPackages.llvm
pkg-config
perlPackages.perl
python3Packages.jsonschema
wrapGAppsHook
];
buildInputs = [
colord
colord-gtk
curl
dav1d
exiv2
json-glib
glib
gmic
graphicsmagick
gtk3
icu
isocodes
jasper
lcms
lensfun
libaom
libavif
libdatrie
libde265
libepoxy
libffi
libgcrypt
libgpg-error
libheif
libjpeg
libpsl
librsvg
libsecret
libselinux
libsepol
libsoup
libsysprof-capture
libthai
libwebp
libXdmcp
libxkbcommon
libxslt
libXtst
openexr_3
openjpeg
osm-gps-map
pcre
pcre2
perlPackages.Po4a
pugixml
rav1e
sqlite
util-linux
x265
];
preFixup = ''
gappsWrapperArgs+=(
--prefix LD_LIBRARY_PATH ":" "$out/lib/ansel"
)
'';
meta = {
description = "A darktable fork minus the bloat plus some design vision";
homepage = "https://ansel.photos/";
license = lib.licenses.gpl3Plus;
mainProgram = "ansel";
platforms = lib.platforms.linux;
};
}

1
pkgs/default.nix
View file

@ -1,4 +1,5 @@
{pkgs}: { {pkgs}: {
ansel = pkgs.callPackage ./ansel {};
sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {}; sddm-sugar-candy = pkgs.callPackage ./sddm-sugar-candy {};
kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {}; kaleidoscope-udev-rules = pkgs.callPackage ./kaleidoscope-udev-rules {};
grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {}); grafanaDashboards = pkgs.recurseIntoAttrs (pkgs.callPackage ./grafana-dashboards {});

4
pkgs/spot/default.nix
View file

@ -3,7 +3,7 @@
fetchurl, fetchurl,
python3, python3,
}: let }: let
version = "2.12.2"; version = "2.11.6";
in in
stdenv.mkDerivation { stdenv.mkDerivation {
inherit version; inherit version;
@ -15,6 +15,6 @@ in
src = fetchurl { src = fetchurl {
url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz"; url = "https://www.lrde.epita.fr/dload/spot/spot-${version}.tar.gz";
sha256 = "sha256-NhMOU23GqH+twsRLSrL2tBfVpP8879GZy+TqUbogdyQ"; sha256 = "sha256-ppJ5T4nA2zlWulkZvdUxPjcuDeNAAKkCLynhxukcU4o=";
}; };
} }

2
services/default.nix
View file

@ -3,13 +3,11 @@
./vaultwarden.nix ./vaultwarden.nix
./fail2ban.nix ./fail2ban.nix
./fava.nix ./fava.nix
./forgejo
./gitea ./gitea
./immich.nix ./immich.nix
./jellyfin.nix ./jellyfin.nix
./lohr.nix ./lohr.nix
./matrix.nix ./matrix.nix
./mealie.nix
./media.nix ./media.nix
./microbin.nix ./microbin.nix
./miniflux.nix ./miniflux.nix

129
services/forgejo/default.nix
View file

@ -1,129 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.forgejo;
my = config.my;
domain = config.networking.domain;
hostname = config.networking.hostName;
fqdn = "${hostname}.${domain}";
forgejoUser = "git";
in {
options.my.services.forgejo = let
inherit (lib) types;
in {
enable = mkEnableOption "Personal Git hosting with Forgejo";
privatePort = mkOption {
type = types.port;
default = 8082;
example = 8082;
description = "Port to serve the app";
};
};
config = mkIf cfg.enable {
# use git as user to have `git clone git@git.domain`
users.users.${forgejoUser} = {
description = "Forgejo Service";
home = config.services.forgejo.stateDir;
useDefaultShell = true;
group = forgejoUser;
# the systemd service for the forgejo module seems to hardcode the group as
# forgejo, so, uh, just in case?
extraGroups = ["forgejo"];
isSystemUser = true;
};
users.groups.${forgejoUser} = {};
services.forgejo = {
enable = true;
user = forgejoUser;
group = config.users.users.${forgejoUser}.group;
stateDir = "/var/lib/${forgejoUser}";
lfs.enable = true;
settings = {
server = {
ROOT_URL = "https://git.${domain}/";
DOMAIN = "git.${domain}";
HTTP_ADDR = "127.0.0.1";
HTTP_PORT = cfg.privatePort;
};
log.LEVEL = "Warn"; # [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ]
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_BRANCH = "main";
};
# NOTE: temporarily remove this for initial setup
service.DISABLE_REGISTRATION = true;
# only send cookies via HTTPS
session.COOKIE_SECURE = true;
DEFAULT.APP_NAME = "Personal Forge";
};
# NixOS module uses `forgejo dump` to backup repositories and the database,
# but it produces a single .zip file that's not very restic friendly.
# I configure my backup system manually below.
dump.enable = false;
database = {
type = "postgres";
# user needs to be the same as forgejo user
user = forgejoUser;
name = forgejoUser;
};
};
# FIXME: Borg *could* be backing up files while they're being edited by
# forgejo, so it may produce corrupt files in the snapshot if I push stuff
# around midnight. I'm not sure how `forgejo dump` handles this either,
# though.
my.services.restic-backup = {
paths = [
config.services.forgejo.lfs.contentDir
config.services.forgejo.repositoryRoot
];
};
# NOTE: no need to use postgresql.ensureDatabases because the forgejo module
# takes care of this automatically
services.postgresqlBackup = {
databases = [config.services.forgejo.database.name];
};
services.nginx = {
virtualHosts = {
"git.${domain}" = {
forceSSL = true;
useACMEHost = fqdn;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
};
};
};
};
security.acme.certs.${fqdn}.extraDomainNames = ["git.${domain}"];
systemd.services.forgejo.preStart = "${pkgs.coreutils}/bin/ln -sfT ${./templates} ${config.services.forgejo.stateDir}/custom/templates";
};
}

17
services/forgejo/templates/home.tmpl
View file

@ -1,17 +0,0 @@
{{template "base/head" .}}
<div class="page-content home">
<div class="ui stackable middle very relaxed page grid">
<div class="sixteen wide center aligned centered column">
<div>
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg"/>
</div>
<div class="hero">
<h1 class="ui icon header title">
{{AppName}}
</h1>
<h2>alarsyo's personal projects are hosted here</h2>
</div>
</div>
</div>
</div>
{{template "base/footer" .}}

2
services/immich.nix
View file

@ -74,7 +74,7 @@ in {
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
client_max_body_size 1000m; client_max_body_size 100m;
access_log syslog:server=unix:/dev/log,tag=immich; access_log syslog:server=unix:/dev/log,tag=immich;
''; '';
}; };

2
services/lohr.nix
View file

@ -20,7 +20,7 @@
secrets = config.my.secrets; secrets = config.my.secrets;
lohrPkg = let lohrPkg = let
flake = builtins.getFlake "github:alarsyo/lohr?rev=cdb5808c0ced349c027aa203fda52afe95782b26"; flake = builtins.getFlake "github:alarsyo/lohr?rev=58503cc8b95c8b627f6ae7e56740609e91f323cd";
in in
flake.defaultPackage."x86_64-linux"; # FIXME: use correct system flake.defaultPackage."x86_64-linux"; # FIXME: use correct system
in { in {

100
services/mealie.nix
View file

@ -1,100 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.mealie;
my = config.my;
domain = config.networking.domain;
hostname = config.networking.hostName;
fqdn = "${hostname}.${domain}";
pkg = pkgs.unstable.mealie;
listenAddress = "127.0.0.1";
in {
options.my.services.mealie = let
inherit (lib) types;
in {
enable = mkEnableOption "Mealie";
port = mkOption {
type = types.port;
example = 8080;
description = "Internal port for Mealie webapp";
};
credentialsFile = lib.mkOption {
type = types.nullOr types.path;
default = null;
example = "/run/secrets/mealie-credentials.env";
description = ''
File containing credentials used in mealie such as {env}`POSTGRES_PASSWORD`
or sensitive LDAP options.
Expects the format of an `EnvironmentFile=`, as described by {manpage}`systemd.exec(5)`.
'';
};
};
config = mkIf cfg.enable {
services.mealie = {
inherit listenAddress;
inherit (cfg) credentialsFile;
enable = true;
package = pkgs.unstable.mealie;
port = cfg.port;
settings = {
ALLOW_SIGNUP = "false";
BASE_URL = "https://mealie.${domain}";
TZ = config.time.timeZone;
DB_ENGINE = "postgres";
POSTGRES_URL_OVERRIDE = "postgresql://mealie:@/mealie?host=/run/postgresql";
};
};
systemd.services.mealie = {
after = ["postgresql.service"];
requires = ["postgresql.service"];
};
# Set-up database
services.postgresql = {
enable = true;
ensureDatabases = ["mealie"];
ensureUsers = [
{
name = "mealie";
ensureDBOwnership = true;
}
];
};
services.postgresqlBackup = {
databases = ["mealie"];
};
services.nginx.virtualHosts."mealie.${domain}" = {
forceSSL = true;
useACMEHost = fqdn;
locations."/" = {
proxyPass = "http://${listenAddress}:${toString cfg.port}/";
proxyWebsockets = true;
};
};
security.acme.certs.${fqdn}.extraDomainNames = ["mealie.${domain}"];
my.services.restic-backup = {
paths = ["/var/lib/mealie"];
};
};
}

11
services/nextcloud.nix
View file

@ -62,11 +62,15 @@ in {
hostName = "cloud.${domain}"; hostName = "cloud.${domain}";
https = true; https = true;
package = pkgs.nextcloud30; package = pkgs.nextcloud27;
maxUploadSize = "1G"; maxUploadSize = "1G";
config = { config = {
overwriteProtocol = "https";
defaultPhoneRegion = "FR";
dbtype = "pgsql"; dbtype = "pgsql";
dbuser = "nextcloud"; dbuser = "nextcloud";
dbname = dbName; dbname = dbName;
@ -75,11 +79,6 @@ in {
adminuser = "admin"; adminuser = "admin";
adminpassFile = cfg.adminpassFile; adminpassFile = cfg.adminpassFile;
}; };
settings = {
default_phone_region = "FR";
overwriteprotocol = "https";
};
}; };
users.groups.media.members = ["nextcloud"]; users.groups.media.members = ["nextcloud"];

4
services/nginx.nix
View file

@ -66,8 +66,8 @@ in {
gandiKey = config.my.secrets.gandiKey; gandiKey = config.my.secrets.gandiKey;
in { in {
"${fqdn}" = { "${fqdn}" = {
dnsProvider = "ovh"; dnsProvider = "gandiv5";
credentialsFile = config.age.secrets."ovh/credentials".path; credentialsFile = config.age.secrets."gandi/api-key".path;
group = "nginx"; group = "nginx";
}; };
}; };

2
services/paperless.nix
View file

@ -50,7 +50,7 @@ in {
enable = true; enable = true;
port = cfg.port; port = cfg.port;
passwordFile = cfg.passwordFile; passwordFile = cfg.passwordFile;
settings = { extraConfig = {
# Postgres settings # Postgres settings
PAPERLESS_DBHOST = "/run/postgresql"; PAPERLESS_DBHOST = "/run/postgresql";
PAPERLESS_DBUSER = "paperless"; PAPERLESS_DBUSER = "paperless";

2
services/photoprism.nix
View file

@ -61,7 +61,7 @@ in {
proxy_connect_timeout 600; proxy_connect_timeout 600;
proxy_read_timeout 600; proxy_read_timeout 600;
proxy_send_timeout 600; proxy_send_timeout 600;
client_max_body_size 500m; client_max_body_size 100m;
access_log syslog:server=unix:/dev/log,tag=photoprism; access_log syslog:server=unix:/dev/log,tag=photoprism;
''; '';
}; };

2
services/pipewire.nix
View file

@ -22,6 +22,8 @@ in {
# HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this # HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this
# config (my 20.09 machine is a server anyway) # config (my 20.09 machine is a server anyway)
config = optionalAttrs (options ? services.pipewire.alsa) (mkIf cfg.enable { config = optionalAttrs (options ? services.pipewire.alsa) (mkIf cfg.enable {
# from NixOS wiki, causes conflicts with pipewire
sound.enable = false;
# recommended for pipewire as well # recommended for pipewire as well
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {

3
services/postgresql.nix
View file

@ -1,11 +1,10 @@
{ {
config, config,
pkgs, pkgs,
lib,
... ...
}: { }: {
# set postgresql version so we don't get any bad surprise # set postgresql version so we don't get any bad surprise
config.services.postgresql = { config.services.postgresql = {
package = pkgs.postgresql_16; package = pkgs.postgresql_15;
}; };
} }

2
services/restic-backup.nix
View file

@ -98,7 +98,7 @@ in {
environmentFile = cfg.environmentFile; environmentFile = cfg.environmentFile;
extraBackupArgs = extraBackupArgs =
["--verbose=1"] ["--verbose=2"]
++ optional (builtins.length cfg.exclude != 0) excludeArg; ++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = cfg.timerConfig; timerConfig = cfg.timerConfig;

2
talos.nix
View file

@ -19,5 +19,5 @@
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "24.05"; # Did you read the comment?
} }

8
todo.org
View file

@ -1,8 +0,0 @@
* TODO Take a look at goldwarden when 24.05 releases
https://github.com/quexten/goldwarden
* TODO Setup sway correctly
** TODO This includes moving it to a proper module
* TODO Create an adwaita package with symlinks for nm-applet icons