alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: alarsyo:main
Branches Tags
alarsyo:main
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs
..
compare: alarsyo:matrix-synapse-auto-compress
Branches Tags
alarsyo:main
alarsyo:framework
alarsyo:matrix-synapse-auto-compress
alarsyo:tmux-thumbs

1 commit
main ... matrix-syn

Author SHA1 Message Date
Antoine Martin 471ad21c78 services: matrix: automatic room compress service 2021-06-17 11:27:10 +02:00
172 changed files with 15516 additions and 5517 deletions
Show stats Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/91FF02AD4EEBB9C7E08FF04D6BD29B53D3847632.gpg Normal file
View file

Binary file not shown.

4
.gitattributes vendored Normal file
View file

@ -0,0 +1,4 @@
secrets/**/*.secret filter=git-crypt diff=git-crypt
secrets/matrix-email-config.nix filter=git-crypt diff=git-crypt
secrets/wireguard.nix filter=git-crypt diff=git-crypt
home/secrets/*.secret filter=git-crypt diff=git-crypt

98
.github/workflows/cachix.yaml vendored
View file

@ -1,98 +0,0 @@
name: "Cachix"
on:
push:
paths:
- '**.nix'
- '**.age'
- 'pkgs/**'
- 'flake.nix'
- 'flake.lock'
- '.github/workflows/cachix.yaml'
jobs:
format-check:
name: Format check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- name: Run alejandra
run: nix develop --command alejandra --check .
flake-check:
name: Flake check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix flake check
build-pkgs:
name: Nix packages
runs-on: ubuntu-latest
needs: [ flake-check, format-check ]
strategy:
fail-fast: false
matrix:
name:
- grafanaDashboards/nginx
- grafanaDashboards/node-exporter
- kaleidoscope-udev-rules
- sddm-sugar-candy
- spot
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#"${{ matrix.name }}"
build-configs:
name: NixOS configs
runs-on: ubuntu-latest
needs: [ build-pkgs ]
strategy:
fail-fast: false
matrix:
name:
- boreal
- hades
- talos
- thanatos
steps:
- name: Delete huge unnecessary tools folder
run: rm -rf /opt/hostedtoolcache
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v27
- uses: cachix/cachix-action@v15
with:
name: alarsyo
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
extraPullNames: "nix-community"
- name: Build package
run: nix build -L .#nixosConfigurations."${{ matrix.name }}".config.system.build.toplevel

17
.github/workflows/nur-update.yaml vendored
View file

@ -1,17 +0,0 @@
name: "NUR"
on:
push:
branches:
- 'main'
paths:
- 'pkgs/**'
- '.github/workflows/nur-update.yaml'
jobs:
update-nur:
name: "Ping NUR repo hook"
runs-on: ubuntu-latest
steps:
- name: curl nur endpoint
run: |
curl -XPOST https://nur-update.nix-community.org/update?repo=alarsyo

1
.gitignore vendored
View file

@ -1 +0,0 @@
/result

53
README.org
View file

@ -1,25 +1,46 @@
#+title: NixOS configurations
#+title: NixOS deployment configuration
Configuration for my computers! You may find here system configurations for
various services I host, as well as my dotfiles for daily programs.
* Services
** Packages
** Bitwarden
Various packages of mine can be found in this repo. You can easily use these
packages from Nix by [[https://github.com/nix-community/NUR][setting up the Nix User Repository]].
Password manager, Rust lightweight version.
*** Flake
** Borg backup
If you prefer, theses packages are also exposed as a *flake* in this repo:
Creating daily backups to borgbase
- To list packages:
** fail2ban
#+begin_src sh
nix flake show
#+end_src
Keeping the bad guys away
- To install one of them:
** Gitea
#+begin_src sh
nix build github:alarsyo/nixos-config#$PACKAGE
#+end_src
Hosting for all my personal projects
** Jellyfin
Netflix but just for me
** Lohr
*** Setup
Needs manual SSH key and known hosts setup.
** Matrix
My Matrix homeserver at =alarsyo.net=. Also hosting an Element web client at
[[https://chat.alarsyo.net][chat.alarsyo.net]].
** Miniflux
RSS reader
** Monitoring
Grafana and Prometheus are currently used as a glorified =htop=.
** Nextcloud
** Wireguard VPN

4
base/default.nix
View file

@ -1,6 +1,6 @@
{...}: {
{ ... }:
{
imports = [
./gui-programs.nix
./networking.nix
./nix.nix
./programs.nix

92
base/gui-programs.nix
View file

@ -1,95 +1,27 @@
{ pkgs, ... }:
{
pkgs,
lib,
config,
options,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
optional
;
in {
options.my.gui = {
enable = mkEnableOption "System has some kind of screen attached";
isNvidia = mkEnableOption "System a NVIDIA GPU";
};
config = mkIf config.my.gui.enable {
my.displayManager.sddm.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
};
services = {
xserver = {
enable = true;
# NOTE: could use `mkOptionDefault` but this feels more explicit
videoDrivers =
if config.my.gui.isNvidia
then ["nvidia"]
else options.services.xserver.videoDrivers.default;
xkb = {
layout = "fr";
variant = "us";
};
};
libinput = {
enable = true;
touchpad = {
naturalScrolling = true;
};
};
logind.lidSwitch = "ignore";
printing = {
enable = true;
cups-pdf.enable = true;
};
udev.packages = [pkgs.chrysalis];
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
arandr
chrysalis
discord
environment.systemPackages = with pkgs; [
alacritty
feh
ffmpeg
gimp-with-plugins
imagemagick
gnome.nautilus
mpv
obs-studio
pavucontrol
spotify
tdesktop
thunderbird
virt-manager
xcolor
zathura
;
inherit (pkgs.libsForQt5) okular;
};
unstable.discord
unstable.firefox
unstable.element-desktop
unstable.slack
unstable.spotify
unstable.tdesktop
unstable.teams
];
networking.networkmanager.enable = true;
programs.nm-applet.enable = true;
programs.steam.enable = true;
# this is necessary to set GTK stuff in home manager
# FIXME: better interdependency between this and the home part
programs.dconf.enable = true;
# NOTE: needed for home emacs configuration
nixpkgs.config.input-fonts.acceptLicense = true;
};
}

11
base/networking.nix
View file

@ -1,11 +1,6 @@
{lib, ...}: let
inherit
(lib)
mkOption
types
;
in {
options.my.networking.externalInterface = mkOption {
{ lib, ... }:
{
options.my.networking.externalInterface = with lib; mkOption {
type = types.nullOr types.str;
default = null;
example = "eth0";

27
base/nix.nix
View file

@ -1,27 +1,28 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
nix = {
package = pkgs.nixStable;
package = pkgs.nixUnstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 60d";
persistent = true;
};
trustedUsers = [ "@wheel" ];
settings = {
experimental-features = ["nix-command" "flakes"];
trusted-users = ["@wheel"];
substituters = [
binaryCaches = [
"https://alarsyo.cachix.org"
"https://nix-community.cachix.org"
];
trusted-public-keys = [
binaryCachePublicKeys = [
"alarsyo.cachix.org-1:A6BmcaJek5+ZDWWv3fPteHhPm6U8liS9CbDbmegPfmk="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
gc = {
automatic = true;
dates = "03:15";
options = "--delete-older-than 30d";
};
};
}

53
base/programs.nix
View file

@ -1,49 +1,56 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs = {
fish.enable = true;
gnupg.agent = {
enable = true;
pinentryFlavor = "curses";
};
less.enable = true;
mosh.enable = true;
tmux.enable = true;
ssh = {
startAgent = true;
extraConfig = ''
AddKeysToAgent yes
'';
};
# setcap wrapper for network permissions
bandwhich.enable = true;
};
services.openssh = {
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = true;
};
};
environment.systemPackages = builtins.attrValues {
inherit
(pkgs)
environment.systemPackages = with pkgs; [
# shell usage
bat
fd
file
ripgrep
sd
tmux
tokei
tree
wget
pciutils
usbutils
# development
# development
git
git-crypt
git-lfs
gnumake
gnupg
pinentry-curses
python3
vim
# terminal utilities
clang_11
llvmPackages_11.bintools
# terminal utilities
bottom
dogdns
du-dust
htop
unzip
zip
;
};
stow
tealdeer
# nix pkgs lookup
nix-index
];
}

19
base/users.nix
View file

@ -1,29 +1,22 @@
{
config,
lib,
pkgs,
...
}: let
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in {
in
{
users.mutableUsers = false;
users.users.root = {
hashedPasswordFile = config.age.secrets."users/root-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-root;
};
users.users.alarsyo = {
hashedPasswordFile = config.age.secrets."users/alarsyo-hashed-password".path;
hashedPassword = secrets.shadow-hashed-password-alarsyo;
isNormalUser = true;
extraGroups = [
"media"
"networkmanager"
"video" # for `light` permissions
"docker"
"wheel" # Enable sudo for the user.
"libvirtd"
];
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMbf1C55Hgprm4Y7iNHae2UhZbLa6SNeurDTOyq2tr1G alarsyo@yubikey"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3rrF3VSWI4n4cpguvlmLAaU3uftuX4AVV/39S/8GO9 alarsyo@thinkpad"
];
};

7
boreal.nix
View file

@ -1,7 +1,9 @@
{...}: {
{ ... }:
{
imports = [
# Default configuration
./base
./base/gui-programs.nix
# Module definitions
./modules
@ -9,6 +11,9 @@
# Service definitions
./services
# Configuration secrets
./secrets
# Host-specific config
./hosts/boreal
];

295
flake.lock
View file

@ -1,235 +1,65 @@
{
"nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"systems": "systems"
},
"emacs-overlay": {
"locked": {
"lastModified": 1716561646,
"narHash": "sha256-UIGtLO89RxKt7RF2iEgPikSdU53r6v/6WYB0RW3k89I=",
"owner": "ryantm",
"repo": "agenix",
"rev": "c2fc0762bbe8feb06a2e59a364fa81b3a57671c9",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1717032306,
"narHash": "sha256-s3Sis+M1qTSVIehHrEKBzHBpqprIFJli5V6WojkJnYE=",
"lastModified": 1623609074,
"narHash": "sha256-5r7rpljW3Ck/8I6UFt1QlPUiB7Fa8E2KtRW9u83YC4Y=",
"owner": "nix-community",
"repo": "disko",
"rev": "8ea5bcccc03111bdedaeaae9380dfab61e9deb33",
"repo": "emacs-overlay",
"rev": "d9baacb691afe81a61b5b9f5fd42473710c59581",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "disko",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"repo": "emacs-overlay",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"lastModified": 1622917919,
"narHash": "sha256-9gAIwbQyLhK78bEV648k4tfLK6JkYiPk9QdTECpLuOE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"rev": "148d85ee8303444fb0116943787aa0b1b25f94df",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-21.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1726989464,
"narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.05",
"repo": "home-manager",
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1729298361,
"narHash": "sha256-hiGtfzxFkDc9TSYsb96Whg0vnqBVV7CUxyscZNhed0U=",
"rev": "ad9d06f7838a25beec425ff406fe68721fef73be",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/ad9d06f7838a25beec425ff406fe68721fef73be.tar.gz?rev=ad9d06f7838a25beec425ff406fe68721fef73be"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/lix/archive/2.91.1.tar.gz"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729360442,
"narHash": "sha256-6U0CyPycIBc04hbYy2hBINnVso58n/ZyywY2BD3hu+s=",
"rev": "9098ac95768f7006d7e070b88bae76939f6034e6",
"type": "tarball",
"url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/9098ac95768f7006d7e070b88bae76939f6034e6.tar.gz?rev=9098ac95768f7006d7e070b88bae76939f6034e6"
},
"original": {
"type": "tarball",
"url": "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1731797098,
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1623576761,
"narHash": "sha256-krXZQ0lObduC95f40K3JwIT//VIBpXBwVNclqh5njtE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "1f91fd1040667e9265a760b0347f8bc416249da7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-21.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"nixpkgs-unstable": {
"locked": {
"lastModified": 1729493358,
"narHash": "sha256-Ti+Y9nWt5Fcs3JlarxLPgIOVlbqQo7jobz/qOwOaziM=",
"lastModified": 1623589201,
"narHash": "sha256-f29Rp2XFmfjtwldUyRvMz0X93/Nf6J8i4WBvVVKqCHs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a5e6a9e979367ee14f65d9c38119c30272f8455f",
"rev": "6aa2bb6a818d12d4cf296f736263011611cf2610",
"type": "github"
},
"original": {
@ -239,93 +69,12 @@
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1716914467,
"narHash": "sha256-KkT6YM/yNQqirtYj/frn6RRakliB8RDvGqVGGaNhdcU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4a3fc4cf736b7d2d288d7a8bf775ac8d4c0920b4",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1731797254,
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"disko": "disko",
"flake-utils": "flake-utils",
"home-manager": "home-manager_2",
"lix-module": "lix-module",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
"emacs-overlay": "emacs-overlay",
"home-manager": "home-manager",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable"
}
}
},

170
flake.nix
View file

@ -5,128 +5,91 @@
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-24.05";
ref = "nixos-21.05";
};
nixpkgs-unstable-small = {
nixpkgs-unstable = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable-small";
};
agenix = {
emacs-overlay = {
type = "github";
owner = "ryantm";
repo = "agenix";
owner = "nix-community";
repo = "emacs-overlay";
ref = "master";
};
home-manager = {
type = "github";
owner = "nix-community";
repo = "home-manager";
ref = "release-24.05";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
nixos-hardware = {
type = "github";
owner = "NixOS";
repo = "nixos-hardware";
ref = "master";
};
disko = {
type = "github";
owner = "nix-community";
repo = "disko";
ref = "master";
};
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
ref = "release-21.05";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
outputs = { self,
nixpkgs,
home-manager,
agenix,
disko,
lix-module,
...
} @ inputs:
nixpkgs-unstable,
emacs-overlay,
home-manager }: {
nixosConfigurations.poseidon = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
./poseidon.nix
home-manager.nixosModules.home-manager
{
nixosModules = {
home = {
home-manager.backupFileExtension = "hm-backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
};
};
overlays = import ./overlays;
nixosConfigurations = let
system = "x86_64-linux";
shared_overlays =
[
(self: super: {
packages = import ./pkgs {pkgs = super;};
}
{
nixpkgs.overlays = [
(final: prev: {
# packages accessible through pkgs.unstable.package
unstable = import inputs.nixpkgs-unstable-small {
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
})
agenix.overlays.default
]
++ builtins.attrValues self.overlays;
sharedModules =
[
agenix.nixosModules.default
home-manager.nixosModules.default
lix-module.nixosModules.default
{
nixpkgs = {
overlays = shared_overlays;
config.permittedInsecurePackages = [];
};
hardware.enableRedistributableFirmware = true;
];
}
]
++ (nixpkgs.lib.attrValues self.nixosModules);
in {
hades = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
./hades.nix
]
++ sharedModules;
];
};
boreal = nixpkgs.lib.nixosSystem rec {
inherit system;
modules =
[
nixosConfigurations.boreal = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
./boreal.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.alarsyo = import ./home;
home-manager.verbose = true;
}
{
nixpkgs.overlays = [
emacs-overlay.overlay
(self: super: {
packages = import ./pkgs { pkgs = super; };
unstable = import nixpkgs-unstable {
inherit system;
config.allowUnfree = true;
};
steam = self.unstable.steam;
})
# uncomment this to build everything from scratch, fun but takes a
# while
#
@ -135,42 +98,7 @@
# })
];
}
]
++ sharedModules;
};
talos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
disko.nixosModules.default
./talos.nix
]
++ sharedModules;
};
thanatos = nixpkgs.lib.nixosSystem {
inherit system;
modules =
[
disko.nixosModules.default
./thanatos.nix
]
++ sharedModules;
};
};
}
// inputs.flake-utils.lib.eachDefaultSystem (system: let
pkgs = nixpkgs.legacyPackages.${system};
in {
packages =
inputs.flake-utils.lib.flattenTree
(import ./pkgs {inherit pkgs;});
devShells.default = pkgs.mkShellNoCC {
buildInputs = [
pkgs.alejandra
];
};
});
};
}

23
hades.nix
View file

@ -1,23 +0,0 @@
{...}: {
imports = [
# Default configuration
./base
# Module definitions
./modules
# Service definitions
./services
# Host-specific config
./hosts/hades
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

30
home/alacritty.nix
View file

@ -1,29 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.alacritty;
alacrittyTheme = config.my.theme.alacrittyTheme;
in {
options.my.home.alacritty.enable = (mkEnableOption "Alacritty terminal") // {default = config.my.home.x.enable;};
in
{
options.my.home.alacritty.enable = lib.mkEnableOption "Alacritty terminal";
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
programs.alacritty = {
enable = true;
settings = {
env = {
WINIT_X11_SCALE_FACTOR = "1.0";
};
window = {
padding = {
x = 8;
@ -43,8 +30,9 @@ in {
};
};
home.packages = [pkgs.iosevka-bin];
home.packages = with pkgs; [
iosevka-bin
];
# make sure font is discoverable
fonts.fontconfig.enable = true;
};

28
home/bat.nix
View file

@ -1,28 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.bat;
batTheme = config.my.theme.batTheme;
in {
options.my.home.bat = {
enable = (mkEnableOption "bat code display tool") // {default = true;};
};
config = mkIf cfg.enable {
programs.bat = {
enable = true;
config = {
theme = batTheme.name;
};
};
};
}

27
home/default.nix
View file

@ -1,34 +1,19 @@
{config, ...}: {
{ ... }:
{
imports = [
./alacritty.nix
./bat.nix
./direnv.nix
./emacs.nix
./env.nix
./firefox.nix
./fish
./flameshot.nix
./git.nix
./gtk.nix
./laptop.nix
./mail.nix
./rbw.nix
./rofi.nix
./ssh.nix
./secrets
./starship.nix
./themes
./tmux.nix
./tridactyl.nix
./x
];
home.username = "alarsyo";
home.stateVersion = "20.09";
home.sessionVariables = let
gpgPackage = config.programs.gpg.package;
in {
BROWSER = "firefox";
# FIXME: only set if gpg-agent not in use, otherwise home manager already does that
SSH_AUTH_SOCK = "$(${gpgPackage}/bin/gpgconf --list-dirs agent-ssh-socket)";
XDG_DATA_HOME = "$HOME/.local/share";
};
home.username = "alarsyo";
}

26
home/direnv.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.direnv;
in {
options.my.home.direnv = {
enable = (mkEnableOption "setup direnv usage") // {default = true;};
};
config = mkIf cfg.enable {
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
};
}

33
home/emacs.nix
View file

@ -1,36 +1,17 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
in {
options.my.home.emacs = {
options.my.home.emacs = with lib; {
enable = mkEnableOption "Emacs daemon configuration";
};
config = mkIf config.my.home.emacs.enable {
home.sessionPath = ["${config.xdg.configHome}/emacs/bin"];
home.sessionVariables = {
EDITOR = "emacsclient -t";
};
home.packages = builtins.attrValues {
inherit
(pkgs)
config = lib.mkIf config.my.home.emacs.enable {
home.packages = with pkgs; [
sqlite # needed by org-roam
# fonts used by my config
emacs-all-the-icons-fonts
iosevka-bin
;
};
];
# make sure above fonts are discoverable
fonts.fontconfig.enable = true;
@ -38,13 +19,11 @@ in {
enable = true;
# generate emacsclient desktop file
client.enable = true;
socketActivation.enable = true;
};
programs.emacs = {
enable = true;
package = pkgs.emacs29-pgtk;
extraPackages = epkgs: [epkgs.vterm epkgs.pdf-tools pkgs.lilypond epkgs.mu4e];
package = pkgs.emacsPgtkGcc;
};
};
}

4
home/env.nix
View file

@ -1,5 +1,7 @@
{config, ...}: {
{ config, ... }:
{
home.sessionPath = [
"${config.xdg.configHome}/emacs/bin"
"${config.home.homeDirectory}/.cargo/bin"
"${config.home.homeDirectory}/.local/bin"
];

29
home/firefox.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.firefox;
in {
options.my.home.firefox = {
enable = (mkEnableOption "firefox config") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.firefox = {
enable = true;
package = pkgs.firefox.override {
nativeMessagingHosts = [
pkgs.tridactyl-native
];
};
};
};
}

36
home/fish/default.nix
View file

@ -1,37 +1,13 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, ... }:
let
cfg = config.my.home.fish;
in {
options.my.home.fish.enable = (mkEnableOption "Fish shell") // {default = true;};
config = mkIf cfg.enable {
home.sessionVariables = {
# automatically prompt to run program in nix-shell if it's not installed
NIX_AUTO_RUN = "1";
NIX_AUTO_RUN_INTERACTIVE = "1";
};
in
{
options.my.home.fish.enable = lib.mkEnableOption "Fish shell";
config = lib.mkIf cfg.enable {
programs.fish = {
enable = true;
shellAliases = {
"bt" = "bluetoothctl";
};
shellAbbrs = {
"bton" = "bluetoothctl power on";
"btoff" = "bluetoothctl power off";
"btcon" = "bluetoothctl connect";
"btdis" = "bluetoothctl disconnect";
"btinfo" = "bluetoothctl info";
};
};
xdg.configFile."fish/functions" = { source = ./. + "/functions"; };

23
home/fish/functions/dock.fish
View file

@ -1,23 +0,0 @@
function dock
xrandr \
--output eDP-1 --mode 1920x1080 --pos 0x120 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --primary --mode 1920x1200 --pos 1920x0 --rotate normal \
--output DP-4 --mode 1920x1200 --pos 3840x0 --rotate normal \
--output DP-4 --off \
--output DP-5 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="5"]' move workspace to output DP-3 2>/dev/null
i3-msg -q '[workspace="7"]' move workspace to output eDP-1 2>/dev/null
i3-msg -q '[workspace="8"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-4 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output DP-4 2>/dev/null
end

16
home/fish/functions/dock2.fish
View file

@ -1,16 +0,0 @@
function dock2
xrandr \
--output eDP-1 --mode 1920x1080 --pos 2560x0 --rotate normal \
--output DP-1 --primary --mode 2560x1440 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
i3-msg -q '[workspace="1"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="2"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="3"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="4"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="9"]' move workspace to output DP-1 2>/dev/null
i3-msg -q '[workspace="10"]' move workspace to output eDP-1 2>/dev/null
end

3
home/fish/functions/magit.fish
View file

@ -1,3 +0,0 @@
function magit
emacsclient --tty --eval '(magit-status)' --suppress-output
end

5
home/fish/functions/nfl.fish
View file

@ -1,4 +1,7 @@
function nfl
set -l flags "--commit-lock-file"
nix flake update $flags $argv
for flake in $argv
set -a flags "--update-input" "$flake"
end
nix flake lock $flags
end

10
home/fish/functions/undock.fish
View file

@ -1,10 +0,0 @@
function undock
xrandr \
--output eDP-1 --primary --mode 1920x1080 --pos 0x0 --rotate normal \
--output HDMI-1 --off \
--output DP-1 --off \
--output DP-2 --off \
--output DP-3 --off \
--output DP-4 --off \
--output DP-5 --off
end

8
home/fish/functions/undock2.fish
View file

@ -1,8 +0,0 @@
function undock2
xrandr \
--output eDP-1 --primary --mode 1920x1080 --rotate normal \
--output DP-1 --off \
--output HDMI-1 --off \
--output DP-2 --off \
--output HDMI-2 --off
end

14
home/fish/functions/wake.fish
View file

@ -1,14 +0,0 @@
function wake -d "Wake-on-WiFi shortcut" -a host
if not set -q host[1]
echo "Usage: wake HOSTNAME"
return 1
end
switch $host
case boreal
ssh -t pi@pi.alarsyo.net "bash -ic wakywaky"
case *
echo "Unknown host!"
return 1
end
end

20
home/flameshot.nix
View file

@ -1,21 +1,13 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, ... }:
let
cfg = config.my.home.flameshot;
in {
options.my.home.flameshot = {
in
{
options.my.home.flameshot = with lib; {
enable = mkEnableOption "flameshot autolaunch";
};
config.services.flameshot = mkIf cfg.enable {
config.services.flameshot = lib.mkIf cfg.enable {
enable = true;
};
}

68
home/git.nix
View file

@ -1,68 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.git;
in {
options.my.home.git.enable = (mkEnableOption "Git configuration") // {default = true;};
config = mkIf cfg.enable {
programs.git = {
enable = true;
delta = {
enable = true;
options = {
syntax-theme = "Solarized (light)";
};
};
lfs.enable = true;
userEmail = "antoine@alarsyo.net";
userName = "Antoine Martin";
extraConfig = {
commit = {verbose = true;};
core = {editor = "vim";};
init = {defaultBranch = "main";};
pull = {rebase = true;};
rerere = {enabled = true;};
maintenance.prefetch.enabled = false;
};
aliases = {
push-wip = "push -o ci.skip";
push-merge = "push -o merge_request.create -o merge_request.merge_when_pipeline_succeeds -o merge_request.remove_source_branch";
push-mr = "push -o merge_request.create -o merge_request.remove_source_branch";
};
includes = [
{
condition = "gitdir:~/work/lrde/";
contents = {user = {email = "amartin@lrde.epita.fr";};};
}
{
condition = "gitdir:~/work/prologin/";
contents = {user = {email = "antoine.martin@prologin.org";};};
}
{
condition = "gitdir:~/work/epita/";
contents = {user = {email = "antoine4.martin@epita.fr";};};
}
];
ignores = [
"/.direnv/"
"/.envrc"
];
};
};
}

36
home/gtk.nix
View file

@ -1,36 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
cfg = config.my.home.gtk;
in {
options.my.home.gtk = with lib; {
enable = (mkEnableOption "GTK configuration") // {default = config.my.home.x.enable;};
};
config.gtk = lib.mkIf cfg.enable {
enable = true;
font = {
package = pkgs.dejavu_fonts;
name = "DejaVu Sans";
};
gtk2 = {
# No garbage polluting my $HOME
configLocation = "${config.xdg.configHome}/gtk-2.0/gtkrc";
};
iconTheme = {
package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita";
};
theme = {
package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita";
};
};
}

14
home/laptop.nix
View file

@ -1,14 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
options.my.home.laptop = {
enable = mkEnableOption "Laptop settings";
};
}

189
home/mail.nix
View file

@ -1,189 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mapAttrs
mkEnableOption
mkIf
;
inherit
(builtins)
typeOf
;
myName = "Antoine Martin";
email_perso = "antoine@alarsyo.net";
email_lrde = "amartin@lrde.epita.fr";
email_prologin = "antoine.martin@prologin.org";
cfg = config.my.home.mail;
make_mbsync_channel = patterns:
(
if (typeOf patterns) == "list"
then {
inherit patterns;
}
else {
farPattern = patterns.far;
nearPattern = patterns.near;
}
)
// {
extraConfig = {
Create = "Both";
Expunge = "Both";
Remove = "None";
SyncState = "*";
};
};
make_mbsync_channels = mapAttrs (_: value: make_mbsync_channel value);
gmail_far_near_patterns = {
sent = {
far = "[Gmail]/Sent Mail";
near = "Sent";
};
drafts = {
far = "[Gmail]/Drafts";
near = "Drafts";
};
junk = {
far = "[Gmail]/Spam";
near = "Junk";
};
trash = {
far = "[Gmail]/Trash";
near = "Trash";
};
};
gmail_mbsync_channels = make_mbsync_channels gmail_far_near_patterns;
in {
options.my.home.mail = {
# I *could* read email in a terminal emacs client on a server, but in
# practice I don't think it'll happen very often, so let's enable this only
# when I'm on a machine with a Xorg server.
enable = (mkEnableOption "email configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
accounts.email = {
maildirBasePath = "${config.home.homeDirectory}/.mail";
accounts = {
alarsyo = {
address = email_perso;
userName = email_perso;
realName = myName;
aliases = [
"alarsyo@alarsyo.net"
"antoine@amartin.email"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get webmail.migadu.com ${email_perso}";
primary = true;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
alarsyo-main.channels = make_mbsync_channels {
main = ["INBOX" "Sent" "Drafts" "Junk" "Trash"];
};
alarsyo-full.channels = make_mbsync_channels {
full = ["*" "!INBOX" "!Sent" "!Drafts" "!Junk" "!Trash"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.migadu.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.migadu.com";
port = 465;
tls.enable = true;
};
};
lrde = {
address = email_lrde;
userName = "amartin";
realName = myName;
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get lrde.epita.fr amartin";
mbsync = {
enable = true;
create = "both";
expunge = "both";
patterns = ["*" "!Archives*"];
extraConfig.account = {
# otherwise mbsync tries GSSAPI, but I don't have Kerberos setup
# on this machine
AuthMechs = "LOGIN";
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.lrde.epita.fr";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.lrde.epita.fr";
port = 465;
tls.enable = true;
};
};
prologin = {
address = email_prologin;
userName = email_prologin;
realName = myName;
aliases = [
"alarsyo@prologin.org"
];
flavor = "plain"; # default setting
passwordCommand = "${pkgs.rbw}/bin/rbw get google.com ${email_prologin}-mailpass";
primary = false;
mbsync = {
enable = true;
create = "both";
expunge = "both";
groups = {
prologin-main.channels =
(make_mbsync_channels {
main = ["INBOX" "membres@"];
})
// gmail_mbsync_channels;
prologin-info.channels = make_mbsync_channels {
info = ["info@" "info@gcc"];
};
};
};
msmtp.enable = true;
mu.enable = true;
imap = {
host = "imap.gmail.com";
port = 993;
tls.enable = true;
};
smtp = {
host = "smtp.gmail.com";
port = 465;
tls.enable = true;
};
};
};
};
programs.mbsync.enable = true;
programs.msmtp.enable = true;
programs.mu.enable = true;
};
}

56
home/rbw.nix
View file

@ -1,56 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.mail;
in {
options.my.home.rbw = {
enable = mkEnableOption "rbw configuration";
};
config = mkIf cfg.enable {
programs.rbw = {
enable = true;
settings = {
email = "antoine@alarsyo.net";
base_url = "https://pass.alarsyo.net";
lock_timeout = 60 * 60 * 12;
pinentry = pkgs.pinentry-qt;
};
};
# `rbw-agent` should be launched on first call to `rbw`, so this shouldn't
# be necessary.
#
# However, if for instance `rbw` if first called by the emacs-daemon (when
# accessing an IMAP account password), then restarting the user service
# associated to the emacs daemon also kills the rbw-agent it spawned,
# resetting the lock status and prompting for a passphrase again.
#
# This user service makes sure the rbw-agent is started when the user
# session launches.
systemd.user.services.rbw = {
Unit = {
Description = "rbw agent autostart";
After = "graphical-session.target";
PartOf = "graphical-session.target";
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.rbw}/bin/rbw-agent";
Restart = "on-abort";
Type = "forking";
PIDFile = "%t/rbw/pidfile";
};
};
};
}

26
home/rofi.nix
View file

@ -1,26 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.rofi;
in {
options.my.home.rofi = {
enable = (mkEnableOption "rofi configuration") // {default = config.my.home.x.enable;};
};
config = mkIf cfg.enable {
programs.rofi = {
enable = true;
terminal = "${pkgs.alacritty}/bin/alacritty";
};
};
}

BIN
home/secrets/bluetooth-mouse-mac-address.secret Normal file
View file

Binary file not shown.

13
home/secrets/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, ... }:
with lib;
{
options.my.secrets = mkOption {
type = types.attrs;
};
config.my.secrets = {
# I'm not sure hiding this is very important, but it *seems* like a bad idea
# to expose this
bluetooth-mouse-mac-address = fileContents ./bluetooth-mouse-mac-address.secret;
};
}

62
home/ssh.nix
View file

@ -1,62 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.ssh;
in {
options.my.home.ssh = {
enable = (mkEnableOption "ssh configuration") // {default = true;};
};
config = mkIf cfg.enable {
programs.ssh = {
enable = true;
matchBlocks = let
addGPGAgentForwarding = hostConf:
{
remoteForwards = [
{
# shhhh this is a path but it works
bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
}
];
}
// hostConf;
in {
boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";};
hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";};
thanatos = addGPGAgentForwarding {hostname = "thanatos.alarsyo.net";};
pi = addGPGAgentForwarding {
hostname = "pi.alarsyo.net";
user = "pi";
};
"thanatos.lrde.epita.fr" =
lib.hm.dag.entryBefore ["*.lrde.epita.fr"]
(addGPGAgentForwarding {
user = "alarsyo";
});
"*.lrde.epita.fr" = {
user = "amartin";
};
lrde-proxyjump = {
host = "*.lrde.epita.fr !ssh.lrde.epita.fr";
proxyJump = "ssh.lrde.epita.fr";
};
};
includes = ["prologin_config"];
};
};
}

17
home/starship.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, lib, ... }:
let
cfg = config.my.home.starship;
in
{
options.my.home.starship.enable = lib.mkEnableOption "Starship.rs prompt";
config = lib.mkIf cfg.enable {
programs.starship = {
enable = true;
enableFishIntegration = true;
settings = {
add_newline = false;
};
};
};
}

10
home/themes/alacritty.nix
View file

@ -1,10 +1,6 @@
{lib}: let
inherit
(lib)
mkOption
types
;
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
primaryColorModule = types.submodule {

15
home/themes/bat.nix
View file

@ -1,15 +0,0 @@
{lib}: let
inherit
(lib)
mkOption
types
;
in
types.submodule {
options = {
name = mkOption {
type = types.str;
default = "";
};
};
}

15
home/themes/color.nix
View file

@ -1,15 +1,6 @@
{lib}: let
inherit
(lib)
mkOption
types
;
mkColorOption = {
default ? "#000000",
description ? "",
}:
mkOption {
{ lib }:
let
mkColorOption = with lib; {default ? "#000000", description ? "" }: mkOption {
inherit description default;
example = "#abcdef";
type = types.strMatching "#[0-9a-f]{6}";

23
home/themes/default.nix
View file

@ -1,24 +1,12 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkOption
types
;
{ config, lib, ... }:
with lib;
let
themeType = types.submodule {
options = {
alacrittyTheme = mkOption {
type = import ./alacritty.nix { inherit lib; };
default = {};
};
batTheme = mkOption {
type = import ./bat.nix {inherit lib;};
default = {};
};
i3Theme = mkOption {
type = import ./i3.nix { inherit lib; };
default = {};
@ -29,14 +17,15 @@
};
};
};
in {
in
{
options.my.theme = mkOption {
type = themeType;
default = {};
};
options.my.themes = mkOption {
type = types.attrsOf themeType;
type = with types; attrsOf themeType;
};
config.my.themes = {

13
home/themes/i3.nix
View file

@ -1,10 +1,6 @@
{lib}: let
inherit
(lib)
mkOption
types
;
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
barColorSetModule = types.submodule {
@ -102,7 +98,8 @@ in
background = "#900000";
text = "#ffffff";
};
description = "Border, background and text color for the binding mode indicator";
description =
"Border, background and text color for the binding mode indicator";
};
};
};

10
home/themes/i3bar.nix
View file

@ -1,10 +1,6 @@
{lib}: let
inherit
(lib)
mkOption
types
;
{ lib }:
with lib;
let
mkColorOption = import ./color.nix { inherit lib; };
in
types.submodule {

24
home/themes/solarizedLight/alacritty.nix
View file

@ -1,24 +1,8 @@
let
inherit
(import ./colors.nix)
base0
base00
base01
base02
base03
base1
base2
base3
blue
cyan
green
magenta
orange
red
violet
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
primary = {
background = base3;
foreground = base00;

3
home/themes/solarizedLight/bat.nix
View file

@ -1,3 +0,0 @@
{
name = "Solarized (light)";
}

3
home/themes/solarizedLight/default.nix
View file

@ -1,6 +1,5 @@
{
alacrittyTheme = import ./alacritty.nix;
batTheme = import ./bat.nix;
i3Theme = import ./i3.nix;
i3BarTheme = import ./i3bar.nix;
alacrittyTheme = import ./alacritty.nix;
}

16
home/themes/solarizedLight/i3.nix
View file

@ -1,16 +1,8 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
magenta
orange
red
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
bar = {
background = base3;
statusline = yellow;

15
home/themes/solarizedLight/i3bar.nix
View file

@ -1,15 +1,8 @@
let
inherit
(import ./colors.nix)
base00
base2
base3
blue
green
red
yellow
;
in {
colors = import ./colors.nix;
in
with colors;
{
theme = {
name = "solarized-light";
overrides = {

43
home/tmux.nix
View file

@ -1,44 +1,15 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.tmux;
in {
options.my.home.tmux = {
enable = (mkEnableOption "tmux dotfiles") // {default = true;};
in
{
options.my.home.tmux = with lib; {
enable = mkEnableOption "tmux dotfiles";
};
config = mkIf cfg.enable {
programs.tmux = {
config.programs.tmux = lib.mkIf cfg.enable {
enable = true;
baseIndex = 1;
terminal = "screen-256color";
clock24 = true;
plugins = let
inherit (pkgs) tmuxPlugins;
in [
{
plugin = tmuxPlugins.cpu;
extraConfig = ''
set -g status-right 'CPU: #{cpu_percentage} | %a %d-%h %H:%M '
'';
}
{
plugin = tmuxPlugins.tmux-colors-solarized;
extraConfig = ''
set -g @colors-solarized 'light'
'';
}
];
};
};
}

21
home/tridactyl.nix
View file

@ -1,21 +0,0 @@
{
config,
lib,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
cfg = config.my.home.tridactyl;
in {
options.my.home.tridactyl = {
enable = (mkEnableOption "tridactyl code display tool") // {default = config.my.home.firefox.enable;};
};
config = mkIf cfg.enable {
xdg.configFile."tridactyl/tridactylrc".source = ./tridactylrc;
};
}

43
home/tridactylrc
View file

@ -1,43 +0,0 @@
" -*- tridactylrc -*-
" This wipes all existing settings. This means that if a setting in this file is
" removed, then it will return to default. In other words, this file serves as
" as an enforced single point of truth for Tridactyl's configuration.
sanitize tridactyllocal tridactylsync
" Ctrl-F should use the browser's native 'find' functionality.
unbind <C-f>
" Tridactyl has an incomplete find mode
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
bind ,<Space> nohlsearch
" case insensitive if lowercase, case sensitive if using some uppercase letters
set findcase smart
set modeindicatormodes {"ignore": "false"}
" New reddit is bad
" autocmd DocStart ^http(s?)://www.reddit.com js tri.excmds.urlmodify("-t", "www", "old")
" Orange site / Reddit / Lobste.rs specific hints to toggle comments
bind ;c hint -Jc [class*="expand"],[class="togg"],[class="comment_folder"]
" Use emacs as editor
set editorcmd emacsclient -c
" copy all the things
set yankto both
blacklistadd calendar.google.com
blacklistadd jellyfin.alarsyo.net
blacklistadd localhost
blacklistadd netflix.com
blacklistadd primevideo.com
blacklistadd youtube.com
" prevent teams from crashing
seturl teams.microsoft.com superignore true

24
home/x/cursor.nix
View file

@ -1,27 +1,17 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.home.x.cursor;
in {
options.my.home.x.cursor.enable = (mkEnableOption "X cursor") // {default = config.my.home.x.enable;};
in
{
options.my.home.x.cursor.enable = lib.mkEnableOption "X cursor";
config = mkIf cfg.enable {
home.pointerCursor = {
config = lib.mkIf cfg.enable {
xsession.pointerCursor = {
package = pkgs.capitaine-cursors;
name = "capitaine-cursors";
# available sizes for capitaine-cursors are:
# 24, 30, 36, 48, 60, 72
size = 30;
x11.enable = true;
};
};
}

13
home/x/default.nix
View file

@ -1,21 +1,12 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
;
in {
imports = [
./cursor.nix
./i3.nix
./i3bar.nix
];
options.my.home.x = {
options.my.home.x = with lib; {
enable = mkEnableOption "X server configuration";
};
}

138
home/x/i3.nix
View file

@ -1,17 +1,6 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
mkOptionDefault
;
isEnabled = config.my.home.x.i3.enable;
{ config, lib, pkgs, ... }:
let
isEnabled = config.my.home.x.enable;
myTerminal =
# FIXME: fix when terminal is setup in home
@ -26,20 +15,16 @@
logoutMode = "[L]ogout, [S]uspend, [P]oweroff, [R]eboot";
i3Theme = config.my.theme.i3Theme;
in {
options.my.home.x.i3 = {
enable = mkEnableOption "i3wm configuration";
};
config = mkIf isEnabled {
in
{
config = lib.mkIf isEnabled {
my.home = {
flameshot.enable = true;
};
home.packages = [pkgs.betterlockscreen pkgs.playerctl];
# used to control music
services.playerctld.enable = true;
home.packages = with pkgs; [
betterlockscreen
];
xsession.windowManager.i3 = {
enable = true;
@ -47,22 +32,22 @@ in {
config = {
inherit modifier;
bars = let
bars =
let
barConfigPath =
config.xdg.configFile."i3status-rust/config-top.toml".target;
in [
in
[
{
statusCommand = "i3status-rs ~/${barConfigPath}";
statusCommand = "i3status-rs ${barConfigPath}";
position = "top";
fonts = {
names = ["DejaVuSansMono" "FontAwesome6Free"];
names = [ "DejaVuSansMono" "FontAwesome5Free" ];
size = 9.0;
};
colors = i3Theme.bar;
trayOutput = "primary";
# disable mouse scroll wheel in bar
extraConfig = ''
bindsym button4 nop
@ -72,8 +57,7 @@ in {
];
colors = {
inherit
(i3Theme)
inherit (i3Theme)
focused
focusedInactive
unfocused
@ -93,11 +77,9 @@ in {
size = 8.0;
};
keybindings = mkOptionDefault {
keybindings = lib.mkOptionDefault {
"${modifier}+Shift+e" = ''mode "${logoutMode}"'';
"${modifier}+b" = "exec --no-startup-id bluetoothctl power on";
"${modifier}+i" = "exec emacsclient --create-frame";
"${modifier}+o" = "exec emacsclient --create-frame --eval '(load \"${config.xdg.configHome}/doom/launch-agenda.el\")'";
"${modifier}+i" = "exec emacsclient -c";
# Volume handling
"XF86AudioRaiseVolume" = "exec --no-startup-id pactl set-sink-volume @DEFAULT_SINK@ +5%";
@ -105,34 +87,17 @@ in {
"XF86AudioMute" = "exec --no-startup-id pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec --no-startup-id pactl set-source-mute @DEFAULT_SOURCE@ toggle";
# I need play-pause everywhere because somehow, keycode 172 seems to
# be interpreted as pause everytime when sent by my keyboard. Ugh,
# computers.
"XF86AudioPlay" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPause" = "exec --no-startup-id playerctl play-pause";
"XF86AudioPrev" = "exec --no-startup-id playerctl previous";
"XF86AudioNext" = "exec --no-startup-id playerctl next";
"XF86MonBrightnessDown" = "exec --no-startup-id light -U 5";
"XF86MonBrightnessUp" = "exec --no-startup-id light -A 5";
"${modifier}+XF86MonBrightnessDown" = "exec --no-startup-id light -U 0.1";
"${modifier}+XF86MonBrightnessUp" = "exec --no-startup-id light -A 0.1";
"${modifier}+l" = "exec --no-startup-id betterlockscreen --lock";
"${modifier}+d" = "exec ${pkgs.rofi}/bin/rofi -show run";
"${modifier}+Shift+a" = ''exec --no-startup-id autorandr --change'';
};
modes = let
makeModeBindings = attrs:
attrs
// {
modes =
let
makeModeBindings = attrs: attrs // {
"Escape" = "mode default";
"Return" = "mode default";
};
in
mkOptionDefault {
lib.mkOptionDefault {
"${logoutMode}" = makeModeBindings {
"l" = "exec --no-startup-id i3-msg exit, mode default";
"s" = "exec --no-startup-id betterlockscreen --suspend, mode default";
@ -141,6 +106,14 @@ in {
};
};
startup = [
# FIXME: make it conditional on "nvidia" being part of video drivers
{
command = "nvidia-settings -a '[gpu:0]/GPUPowerMizerMode=1'";
notification = false;
}
];
terminal = myTerminal;
assigns = {
@ -150,57 +123,8 @@ in {
];
};
# TODO: make it configurable per machine
workspaceOutputAssign = [
{
workspace = "1";
output = ["DP-4" "eDP-1"];
}
{
workspace = "2";
output = ["DP-4" "eDP-1"];
}
{
workspace = "3";
output = ["DP-5" "eDP-1"];
}
{
workspace = "4";
output = ["DP-5" "eDP-1"];
}
{
workspace = "5";
output = ["DP-5" "eDP-1"];
}
{
workspace = "6";
output = ["eDP-1"];
}
{
workspace = "7";
output = ["eDP-1"];
}
{
workspace = "8";
output = ["DP-4" "eDP-1"];
}
{
workspace = "9";
output = ["DP-4" "eDP-1"];
}
{
workspace = "10";
output = ["DP-4" "eDP-1"];
}
];
window.commands = [
{
command = "border pixel 2";
criteria = {class = "Alacritty";};
}
{ command = "border pixel 2"; criteria = { class = "Alacritty"; }; }
# NOTE: should be done with an assign command, but Spotify doesn't set
# its class until after initialization, so has to be done this way.

140
home/x/i3bar.nix
View file

@ -1,50 +1,16 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
lists
mkIf
mkOption
optional
types
;
{ config, lib, pkgs, ... }:
let
isEnabled = config.my.home.x.enable;
i3BarTheme = config.my.theme.i3BarTheme;
cfg = config.my.home.x.i3bar;
in {
options.my.home.x.i3bar = {
temperature.chip = mkOption {
type = types.str;
example = "coretemp-isa-*";
default = "";
};
temperature.inputs = mkOption {
type = types.listOf types.str;
example = ["Core 0" "Core 1" "Core 2" "Core 3"];
default = "";
};
networking.throughput_interfaces = mkOption {
type = types.listOf types.str;
example = ["wlp1s0"];
default = [];
};
};
config = mkIf isEnabled {
home.packages = builtins.attrValues {
inherit
(pkgs)
# FIXME: is this useful?
in
{
config = lib.mkIf isEnabled {
home.packages = with pkgs; [
iw # Used by `net` block
lm_sensors # Used by `temperature` block
font-awesome
;
};
];
programs.i3status-rust = {
enable = true;
@ -52,102 +18,78 @@ in {
bars = {
top = {
icons = "awesome5";
settings.theme = {
theme = i3BarTheme.theme.name;
overrides = i3BarTheme.theme.overrides;
};
settings = i3BarTheme;
blocks =
[
blocks = [
{
block = "pomodoro";
notify_cmd = "i3nag";
blocking_cmd = true;
length = 60;
break_length = 10;
use_nag = true;
}
{
block = "disk_space";
path = "/";
alias = "/";
info_type = "available";
unit = "GB";
interval = 60;
warning = 20.0;
alert = 10.0;
alert_unit = "GB";
}
{
block = "memory";
format = " $icon $mem_used.eng(prefix:G)/$mem_total.eng(prefix:G) ";
display_type = "memory";
format_mem = "{mem_used;G}/{mem_total;G}";
warning_mem = 70.0;
critical_mem = 90.0;
# don't show swap
clickable = false;
}
{
block = "cpu";
interval = 1;
format = " $icon $barchart ";
format = "{barchart}";
}
{
block = "temperature";
collapsed = false;
interval = 10;
format = " $icon $max ";
chip = cfg.temperature.chip;
inputs = cfg.temperature.inputs;
format = "{max}";
# FIXME: specific to my AMD Ryzen CPU. Make this depend on
# hostname or something else
chip = "k10temp-pci-*";
inputs = [ "Tccd1" ];
}
{
block = "custom";
# TODO: get service name programmatically somehow
command = let
systemctl = lib.getExe' pkgs.systemd "systemctl";
in
pkgs.writeShellScript "check-restic.sh" ''
BACKUP_STATUS=Good
if ${systemctl} is-failed --quiet restic-backups-backblaze.service; then
BACKUP_STATUS=Critical
fi
echo "{\"state\": \"$BACKUP_STATUS\", \"text\": \"Backup\"}"
'';
json = true;
interval = 60;
block = "networkmanager";
primary_only = true;
}
]
++ (
lists.optionals ((builtins.length cfg.networking.throughput_interfaces) != 0)
(map
(interface: {
block = "net";
device = interface;
interval = 1;
missing_format = "";
})
cfg.networking.throughput_interfaces)
)
++ [
{
block = "net";
format = " $icon {$ip|} {SSID: $ssid|}";
theme_overrides = {
idle_bg = {link = "good_bg";};
idle_fg = {link = "good_fg";};
};
block = "bluetooth";
mac = config.my.secrets.bluetooth-mouse-mac-address;
hide_disconnected = true;
format = "{percentage}";
}
{
block = "music";
player = "spotify";
buttons = ["prev" "play" "next"];
hide_when_empty = true;
}
{
block = "sound";
driver = "pulseaudio";
}
]
++ (
optional config.my.home.laptop.enable
{
block = "battery";
format = " $icon $percentage ($power) ";
}
)
++ [
# {
# block = "notify";
# }
{
block = "time";
interval = 5;
format = " $icon $timestamp.datetime(f:'%a %d/%m %T', l:fr_FR) ";
format = "%a %d/%m %T";
locale = "fr_FR";
timezone = "Europe/Paris";
}
];

109
hosts/boreal/default.nix
View file

@ -1,35 +1,29 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages;
boot.kernelPackages = pkgs.linuxPackages_latest;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
boot.supportedFilesystems = {
btrfs = true;
ntfs = true;
};
services.xserver.windowManager.i3.enable = true;
boot.supportedFilesystems = [
"btrfs"
"ntfs"
];
services.btrfs = {
autoScrub = {
@ -44,14 +38,25 @@
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.interfaces.enp7s0.useDHCP = true;
networking.interfaces.wlp3s0.useDHCP = true;
# List services that you want to enable:
my.services = {
restic-backup = {
borg-backup = {
enable = true;
repo = "b2:boreal-backup";
passwordFile = config.age.secrets."restic-backup/boreal-password".path;
environmentFile = config.age.secrets."restic-backup/boreal-credentials".path;
repo = secrets.borg-backup.boreal-repo;
# for a workstation, having backups spanning the last month should be
# enough
prune = {
keep = {
daily = 7;
weekly = 4;
};
};
paths = [
"/home/alarsyo"
];
@ -59,11 +64,7 @@
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/*/target"
# C build crap
"*.a"
@ -71,36 +72,58 @@
"*.so"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
"re:^/home/alarsyo/\\."
];
};
pipewire.enable = true;
tailscale = {
enable = true;
useRoutingFeatures = "both";
wireguard = {
enable = false;
iface = "wg";
port = 51820;
net = {
v4 = {
subnet = "10.0.0";
mask = 24;
};
v6 = {
subnet = "fd42:42:42";
mask = 64;
};
};
};
};
services = {
openssh = {
enable = true;
};
};
my.gui = {
enable = true;
isNvidia = true;
permitRootLogin = "no";
passwordAuthentication = false;
};
hardware = {
bluetooth = {
xserver = {
enable = true;
powerOnBoot = false;
videoDrivers = [ "nvidia" ];
windowManager.i3.enable = true;
layout = "fr";
xkbVariant = "us";
libinput.enable = true;
};
nvidia = {
open = true;
modesetting.enable = true;
};
my.displayManager.sddm.enable = true;
environment.systemPackages = with pkgs; [
chrysalis
];
services.udev.packages = with pkgs; [
packages.kaleidoscope-udev-rules
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
}

20
hosts/boreal/hardware-configuration.nix
View file

@ -1,15 +1,11 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@ -17,14 +13,14 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1a942915-c1ae-4058-b99d-09d12d40dbd3";
fsType = "btrfs";
options = [ "subvol=nixos" "compress=zstd:1" "noatime" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/17C7-368D";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/17C7-368D";
fsType = "vfat";
};

34
hosts/boreal/home.nix
View file

@ -1,36 +1,28 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
home-manager.users.alarsyo = {
home.stateVersion = "20.09";
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tccd1"];
my.home.x.i3bar.networking.throughput_interfaces = ["enp8s0" "wlp4s0"];
my.home.x.cursor.enable = true;
my.home.alacritty.enable = true;
my.home.emacs.enable = true;
my.home.tmux.enable = true;
my.home.starship.enable = false;
my.home.fish.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
home.packages = builtins.attrValues {
inherit
(pkgs)
home.packages = with pkgs; [
blender
# some websites only work there :(
chromium
darktable
hugin
enblend-enfuse
# dev
rustup
;
inherit (pkgs.packages) spot;
};
unstable.beancount
unstable.fava
];
};
}

23
hosts/boreal/secrets.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/boreal-credentials" = {};
"restic-backup/boreal-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

169
hosts/hades/default.nix
View file

@ -1,169 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
devices = ["/dev/sda" "/dev/sdb"];
};
boot.tmp.useTmpfs = true;
networking.hostName = "hades"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
networking.useDHCP = false;
networking.interfaces.enp35s0.ipv4.addresses = [
{
address = "95.217.121.60";
prefixLength = 26;
}
];
networking.interfaces.enp35s0.ipv6.addresses = [
{
address = "2a01:4f9:4a:3649::2";
prefixLength = 64;
}
];
networking.defaultGateway = "95.217.121.1";
networking.defaultGateway6 = {
address = "fe80::1";
interface = "enp35s0";
};
networking.nameservers = ["1.1.1.1" "1.0.0.1"];
my.networking.externalInterface = "enp35s0";
# List services that you want to enable:
my.services = {
fail2ban.enable = true;
forgejo = {
enable = true;
privatePort = 8082;
};
immich = {
enable = true;
port = 8089;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
matrix = {
enable = true;
secretConfigFile = config.age.secrets."matrix-synapse/secret-config".path;
};
mealie = {
enable = true;
port = 8090;
};
microbin = {
enable = true;
privatePort = 8088;
passwordFile = config.age.secrets."microbin/secret-config".path;
};
miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets."miniflux/admin-credentials".path;
privatePort = 8080;
};
navidrome = {
enable = true;
musicFolder.path = "${config.services.nextcloud.home}/data/alarsyo/files/Musique/Songs";
};
nextcloud = {
enable = true;
adminpassFile = config.age.secrets."nextcloud/admin-pass".path;
};
nginx.enable = true;
paperless = {
enable = true;
port = 8085;
passwordFile = config.age.secrets."paperless/admin-password".path;
secretKeyFile = config.age.secrets."paperless/secret-key".path;
};
pleroma = {
enable = true;
port = 8086;
secretConfigFile = config.age.secrets."pleroma/pleroma-config".path;
};
restic-backup = {
enable = true;
repo = "b2:hades-backup-alarsyo";
passwordFile = config.age.secrets."restic-backup/hades-password".path;
environmentFile = config.age.secrets."restic-backup/hades-credentials".path;
paths = ["/home/alarsyo"];
};
scribe = {
enable = true;
port = 8087;
};
tailscale = {
enable = true;
useRoutingFeatures = "server";
};
transmission = {
enable = true;
username = "alarsyo";
};
vaultwarden = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
};
services = {
openssh.enable = true;
vnstat.enable = true;
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
# Takes a long while to build
documentation.nixos.enable = false;
}

29
hosts/hades/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["ahci" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/2a24010c-14bd-439b-b30b-d0e18db69952";
fsType = "ext4";
};
swapDevices = [];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

6
hosts/hades/home.nix
View file

@ -1,6 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "22.05";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

46
hosts/hades/secrets.nix
View file

@ -1,46 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"lohr/shared-secret" = {};
"matrix-synapse/secret-config" = {
owner = "matrix-synapse";
};
"microbin/secret-config" = {};
"miniflux/admin-credentials" = {};
"nextcloud/admin-pass" = {
owner = "nextcloud";
};
"ovh/credentials" = {};
"paperless/admin-password" = {};
"paperless/secret-key" = {};
"pleroma/pleroma-config" = {
owner = "pleroma";
};
"restic-backup/hades-credentials" = {};
"restic-backup/hades-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

152
hosts/poseidon/default.nix Normal file
View file

@ -0,0 +1,152 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, ... }:
let
secrets = config.my.secrets;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
./home.nix
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
boot.supportedFilesystems = [ "btrfs" ];
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = [ "/" ];
};
};
networking.hostName = "poseidon"; # Define your hostname.
networking.domain = "alarsyo.net";
# Set your time zone.
time.timeZone = "Europe/Paris";
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.ipv4.addresses = [
{
address = "163.172.11.110";
prefixLength = 24;
}
];
networking.defaultGateway = {
address = "163.172.11.1";
interface = "eno1";
};
networking.nameservers = [
"62.210.16.6"
"62.210.16.7"
];
my.networking.externalInterface = "eno1";
# List services that you want to enable:
my.services = {
bitwarden_rs = {
enable = true;
privatePort = 8081;
websocketPort = 3012;
};
borg-backup = {
enable = true;
repo = secrets.borg-backup.poseidon-repo;
};
fail2ban = {
enable = true;
};
gitea = {
enable = true;
privatePort = 8082;
};
jellyfin = {
enable = true;
};
lohr = {
enable = true;
port = 8083;
};
miniflux = {
enable = true;
adminCredentialsFile = "${../../secrets/miniflux-admin-credentials.secret}";
privatePort = 8080;
};
matrix = {
enable = true;
registration_shared_secret = secrets.matrix-registration-shared-secret;
emailConfig = secrets.matrixEmailConfig;
};
monitoring = {
enable = true;
useACME = true;
domain = "monitoring.${config.networking.domain}";
};
nextcloud = {
enable = true;
};
postgresql-backup = {
enable = true;
};
tgv = {
enable = true;
};
transmission = {
enable = true;
username = "alarsyo";
password = secrets.transmission-password;
};
wireguard = {
enable = true;
iface = "wg";
port = 51820;
net = {
v4 = {
subnet = "10.0.0";
mask = 24;
};
v6 = {
subnet = "fd42:42:42";
mask = 64;
};
};
};
};
security.acme.acceptTerms = true;
security.acme.email = "antoine97.martin@gmail.com";
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.permitRootLogin = "no";
services.openssh.passwordAuthentication = false;
# Takes a long while to build
documentation.nixos.enable = false;
}

36
hosts/poseidon/hardware-configuration.nix Normal file
View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "usbhid" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/adcf0158-edfb-402f-82e7-61e4902af989";
fsType = "btrfs";
options = [
"subvol=@nixos"
"compress=zstd"
"noatime"
];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/ff54b622-0e26-4c6e-aa0c-ac2c1e12699a";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/381a9c5e-4d71-45b4-ac62-e7414b3768fc"; }
];
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}

7
hosts/poseidon/home.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, ... }:
{
home-manager.users.alarsyo = {
my.home.tmux.enable = true;
my.home.fish.enable = true;
};
}

174
hosts/talos/default.nix
View file

@ -1,174 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-config.nix
./home.nix
./secrets.nix
];
boot.kernelPackages = pkgs.linuxPackages_6_11;
# Set Wi-Fi regulatory domain. Currently always set to '00' (world), and could
# lead to bad Wi-Fi performance
boot.kernelParams = ["cfg80211.ieee80211_regdom=FR"];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
boot.extraModprobeConfig = ''
options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
'';
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot = {
enable = true;
editor = false;
consoleMode = "auto";
};
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
services.btrfs = {
autoScrub = {
enable = true;
fileSystems = ["/"];
};
};
networking.hostName = "talos"; # Define your hostname.
networking.domain = "alarsyo.net";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager = {
enable = true;
wifi.powersave = true;
};
# Set your time zone.
time.timeZone = "Europe/Paris";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
programs = {
light.enable = true;
};
services = {
fwupd.enable = true;
openssh.enable = true;
};
virtualisation = {
docker.enable = true;
libvirtd.enable = false;
virtualbox.host = {
enable = false;
};
};
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
pipewire.enable = true;
restic-backup = {
enable = true;
repo = "b2:talos-backup";
passwordFile = config.age.secrets."restic-backup/talos-password".path;
environmentFile = config.age.secrets."restic-backup/talos-credentials".path;
timerConfig = {
OnCalendar = "*-*-* 13:00:00"; # laptop only gets used during the day
};
paths = [
"/home/alarsyo"
];
exclude = [
"/home/alarsyo/Downloads"
# Rust builds using half my storage capacity
"/home/alarsyo/**/target"
"/home/alarsyo/work/rust/build"
# don't backup nixpkgs
"/home/alarsyo/work/nixpkgs"
"/home/alarsyo/go"
# C build crap
"*.a"
"*.o"
"*.so"
".direnv"
# test vms
"*.qcow2"
"*.vbox"
"*.vdi"
# secrets stay offline
"/home/alarsyo/**/secrets"
# ignore all dotfiles as .config and .cache can become quite big
"/home/alarsyo/.*"
];
};
};
my.gui.enable = true;
hardware.bluetooth = {
enable = true;
powerOnBoot = false;
settings.General.Experimental = true;
};
# Configure console keymap
console.keyMap = "us";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "fr_FR.UTF-8";
LC_IDENTIFICATION = "fr_FR.UTF-8";
LC_MEASUREMENT = "fr_FR.UTF-8";
LC_MONETARY = "fr_FR.UTF-8";
LC_NAME = "fr_FR.UTF-8";
LC_PAPER = "fr_FR.UTF-8";
LC_TELEPHONE = "fr_FR.UTF-8";
};
# Enable the KDE Plasma Desktop Environment.
services.desktopManager.plasma6.enable = true;
services.power-profiles-daemon.enable = true;
environment.systemPackages = [
pkgs.unstable.zed-editor
pkgs.foot
];
#programs.hyprland.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
}

68
hosts/talos/disko-config.nix
View file

@ -1,68 +0,0 @@
{
disko.devices = {
disk = {
nvme0n1 = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "600G";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"@" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"@home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"@persist" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
"@snapshots" = {};
"@swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
};
}

29
hosts/talos/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

129
hosts/talos/home.nix
View file

@ -1,129 +0,0 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkOptionDefault
;
in {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.home.laptop.enable = true;
# Keyboard settings & i3 settings
my.home.x.enable = true;
my.home.x.i3bar.temperature.chip = "k10temp-pci-*";
my.home.x.i3bar.temperature.inputs = ["Tctl"];
my.home.x.i3bar.networking.throughput_interfaces = ["wlp1s0"];
my.home.emacs.enable = true;
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
# TODO: place in global home conf
services.dunst.enable = true;
home.packages = builtins.attrValues {
inherit
(pkgs)
ansel
chromium # some websites only work there :(
zotero
;
inherit
(pkgs.packages)
spot
;
};
wayland.windowManager.sway = {
enable = true;
swaynag.enable = true;
wrapperFeatures.gtk = true;
config = {
modifier = "Mod4";
input = {
"type:keyboard" = {
xkb_layout = "fr";
xkb_variant = "us";
};
"type:touchpad" = {
dwt = "enabled";
tap = "enabled";
middle_emulation = "enabled";
natural_scroll = "enabled";
};
};
output = {
"eDP-1" = {
scale = "1.5";
};
};
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
bars = [
{
mode = "dock";
hiddenState = "hide";
position = "top";
workspaceButtons = true;
workspaceNumbers = true;
statusCommand = "${pkgs.i3status}/bin/i3status";
fonts = {
names = ["Iosevka Fixed" "FontAwesome6Free"];
size = 9.0;
};
trayOutput = "primary";
colors = {
background = "#000000";
statusline = "#ffffff";
separator = "#666666";
focusedWorkspace = {
border = "#4c7899";
background = "#285577";
text = "#ffffff";
};
activeWorkspace = {
border = "#333333";
background = "#5f676a";
text = "#ffffff";
};
inactiveWorkspace = {
border = "#333333";
background = "#222222";
text = "#888888";
};
urgentWorkspace = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
bindingMode = {
border = "#2f343a";
background = "#900000";
text = "#ffffff";
};
};
}
];
keybindings = mkOptionDefault {
"Mod4+i" = "exec emacsclient --create-frame";
};
};
};
programs = {
fuzzel.enable = true;
swaylock.enable = true;
waybar = {
enable = true;
};
};
};
}

23
hosts/talos/secrets.nix
View file

@ -1,23 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"restic-backup/talos-credentials" = {};
"restic-backup/talos-password" = {};
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
};
};
}

96
hosts/thanatos/default.nix
View file

@ -1,96 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}: let
secrets = config.my.secrets;
in {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./disko-configuration.nix
./home.nix
./secrets.nix
];
boot.loader.grub.enable = true;
boot.tmp.useTmpfs = true;
networking.hostName = "thanatos"; # Define your hostname.
networking.domain = "lrde.epita.fr";
# Set your time zone.
time.timeZone = "Europe/Paris";
# List services that you want to enable:
my.services = {
tailscale = {
enable = true;
useRoutingFeatures = "both";
};
};
services = {
gitlab-runner = {
enable = true;
settings = {
concurrent = 4;
};
services = {
nix = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-nix-runner-env".path;
dockerImage = "alpine";
dockerVolumes = [
"/nix/store:/nix/store:ro"
"/nix/var/nix/db:/nix/var/nix/db:ro"
"/nix/var/nix/daemon-socket:/nix/var/nix/daemon-socket:ro"
];
dockerDisableCache = true;
preBuildScript = pkgs.writeScript "setup-container" ''
mkdir -p -m 0755 /nix/var/log/nix/drvs
mkdir -p -m 0755 /nix/var/nix/gcroots
mkdir -p -m 0755 /nix/var/nix/profiles
mkdir -p -m 0755 /nix/var/nix/temproots
mkdir -p -m 0755 /nix/var/nix/userpool
mkdir -p -m 1777 /nix/var/nix/gcroots/per-user
mkdir -p -m 1777 /nix/var/nix/profiles/per-user
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix.sh
${pkgs.nix}/bin/nix-env -i ${lib.concatStringsSep " " (with pkgs; [nix cacert git openssh])}
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixpkgs-unstable
${pkgs.nix}/bin/nix-channel --update nixpkgs
mkdir -p ~/.config/nix
echo "experimental-features = nix-command flakes" > ~/.config/nix/nix.conf
'';
environmentVariables = {
ENV = "/etc/profile";
USER = "root";
NIX_REMOTE = "daemon";
PATH = "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/bin:/sbin:/usr/bin:/usr/sbin";
NIX_SSL_CERT_FILE = "/nix/var/nix/profiles/default/etc/ssl/certs/ca-bundle.crt";
};
};
default = {
authenticationTokenConfigFile = config.age.secrets."gitlab-runner/thanatos-runner-env".path;
dockerImage = "debian:stable";
};
};
};
openssh.enable = true;
};
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker-compose
];
}

52
hosts/thanatos/disko-configuration.nix
View file

@ -1,52 +0,0 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/ata-CT250MX500SSD1_2301E69A20C4";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "btrfs";
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "8G";
};
};
};
};
};
};
};
};
};
}

29
hosts/thanatos/hardware-configuration.nix
View file

@ -1,29 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

7
hosts/thanatos/home.nix
View file

@ -1,7 +0,0 @@
{config, ...}: {
home-manager.users.alarsyo = {
home.stateVersion = "23.11";
my.theme = config.home-manager.users.alarsyo.my.themes.solarizedLight;
};
}

22
hosts/thanatos/secrets.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
options,
...
}: {
config.age = {
secrets = let
toSecret = name: {...} @ attrs:
{
file = ./../../modules/secrets + "/${name}.age";
}
// attrs;
in
lib.mapAttrs toSecret {
"users/alarsyo-hashed-password" = {};
"users/root-hashed-password" = {};
"gitlab-runner/thanatos-runner-env" = {};
"gitlab-runner/thanatos-nix-runner-env" = {};
};
};
}

5
modules/default.nix
View file

@ -1,7 +1,6 @@
{...}: {
{ ... }:
{
imports = [
./sddm.nix
./secrets
./wakeonwlan.nix
];
}

38
modules/sddm.nix
View file

@ -1,31 +1,23 @@
{
config,
lib,
pkgs,
...
}: let
inherit
(lib)
mkEnableOption
mkIf
;
{ config, lib, pkgs, ... }:
let
cfg = config.my.displayManager.sddm;
in {
options.my.displayManager.sddm.enable = mkEnableOption "SDDM setup";
in
{
options.my.displayManager.sddm.enable = lib.mkEnableOption "SDDM setup";
config = mkIf cfg.enable {
services.displayManager.sddm = {
config = lib.mkIf cfg.enable {
services.xserver.displayManager.sddm = {
enable = true;
theme = "catppuccin-latte";
wayland.enable = true;
theme = "sugar-candy";
};
environment.systemPackages = [
(pkgs.catppuccin-sddm.override
{
flavor = "latte";
})
environment.systemPackages = with pkgs; [
packages.sddm-sugar-candy
# dependencies for sugar-candy theme
libsForQt5.qt5.qtgraphicaleffects
libsForQt5.qt5.qtquickcontrols2
libsForQt5.qt5.qtsvg
];
};
}

7
modules/secrets/default.nix
View file

@ -1,7 +0,0 @@
{
config,
lib,
options,
...
}: {
}

12
modules/secrets/gandi/api-key.age
View file

@ -1,12 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw E972A3kem7+3ul2Ai8TV8EVkF9upClr46y1pbN+AfDY
qZdZuv+F9c46uxKWYdBKp6AGkTA5IEjcBwDlBHpEbCU
-> ssh-ed25519 pX8y2g WEBknhwaTqfVzaLQRg1tfEY/aGZDFnH0PvXOZ3pC1k8
A23ELihRVsx8jhTcJAy3a1/saKWPc6ojf8HhPHj0niw
-> ssh-ed25519 z6Eu8Q IsN3L8xlk8VwrqUByYiUhthAk06KCn6hcYlZrodk/Vg
lX/SjRJIZEt1/Q6iLKFiUTHB4eH8ig4WJN79mU/AVUw
-> &r29]-grease #}
100ULy2nfLIOODMNPyvq0ATuGdVBAgwcXAs
--- VkOZ7Vy9R4QPqvgAveJae/L4/nuDnQ/bAoN7UEKzxyw
wQ{3ɔ3
m2eÞ?×ò¥. M„<19>:Df)ïˆ;t {zR½ªo ñ²‡òE#c·çáéTE…Ú9¹H67ÊqAÜ_Lb}

BIN
modules/secrets/gitlab-runner/thanatos-nix-runner-env.age
View file

Binary file not shown.

7
modules/secrets/gitlab-runner/thanatos-runner-env.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw naNq55qkAm47KXPJpYFDjVQuxPz2Ffpima5z1WEqRSA
ETC3Hh4gglwYpiJCu/EGOUzjN3BJYk8yJshMeMkgYug
-> ssh-ed25519 6UUuZw Azk9jDbUL/nO20lvzs0s36q/4ZcWSpkUbt1J/PE7A2M
kPKHGLoWHDpFhsRr+CBteWKYsDw0dn/+IKbrh/5qMoE
--- g1akMn28voSQByQR9/ArJ4CsQehcwJ7MfCco+k2fPWo
YMZÓíî:ú{R­^n~ó½±ã¢ÊwPaª§h£8<C2A3>T'hcmªe(<28>ÝXx=7”‡Ë¢[äË4@b=“&ª®æYÅ;‘€Ü[„ª¹ØÁˆß¿kôk>ˆ540ÞGâŒ÷ðÌŸ­±Q<C2B1>Êë·±Ÿw¡

10
modules/secrets/lohr/shared-secret.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw R7jnkS7fFFSouPgvjrCnyfWNHOanOWKVUDp4Fd2xqFU
MdWD5E8dWfDHqFNTDCqOlyMhwpfEtqhlpnx3opft70w
-> ssh-ed25519 pX8y2g /CAWr94ucfxWKLWQPSQD2fl09TuUZELywWoZgHZS0AY
NeDHZc2ooKl2Bp0nAEY9P/Apdramb2TpHWpx0jkceyk
-> bzN-grease F &,%3jl~w &]8&d*N6 5UJ
58BUbsIwRkkUrNoSbgbMo/o1tKttXP2YWIJs9cbfXrT6XcO+Km0g90LPbYCmsqTZ
pr8TINM2Wd8RQw
--- 7K7sEw2zIWhuR3intlPGFipaVhHli+tWHqmyobRjLYo
oÔèÛ„Å[\ñ²û¸©lN/X•ô:<03>±Œu¥N¾Öó ƒ{ ïÁmeÿ0A=,h_¤÷è,œ4S&‰ù<E280B0>9œhÙ1/ÄÍž’¥é÷ypa³öz2Ñ€†íTº,©Réâ€U

BIN
modules/secrets/matrix-synapse/secret-config.age
View file

Binary file not shown.

BIN
modules/secrets/microbin/secret-config.age
View file

Binary file not shown.

BIN
modules/secrets/miniflux/admin-credentials.age
View file

Binary file not shown.

9
modules/secrets/nextcloud/admin-pass.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw md0WbIE3MSWLqqerCD4ljh4U+4fWaOhKZxl9RQt+HDo
8Wj+hn5wwzgA6D1zQEaP1WIfmmK6pXVy2ZX5OQ/N0pU
-> ssh-ed25519 pX8y2g ByOhNTkxCHFkOQAOrID+bZEQzwesbnKluY6G5sSUhlg
AybKPZKzELtvWTT/Kmc+zs7KC4GB9214GUdnWMhGnmo
-> QK!x#/y-grease c|K1% \ug . >WFn:bI
Cgx9qaPIUk1hGKtQYJ6kNk/+bHTJ
--- YwtEWMiVxfvMGE1ngDiy/dALw/Y9YAxduaqlVgPNqdk
ÿ¿zîóÑF(Ã8§?VÁJýæávH(kÔ9o\!£Ê¿ˆÐÓN7é@«àY#ÕÓ19êümùV¢}ŸZðضQWEÇ’þ}v/éƒ<® õ»æh‰­¶T3†vN ®”1

7
modules/secrets/ovh/credentials.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw XED7gkKAp1ioBegA7ryqULRF1BORpW74esfIGp9zPE8
ANxnQN+tox9KYdZvNZFZvQxOymckldPQMhFnz6fSIBo
-> ssh-ed25519 pX8y2g 9wgPqL6GoOxad5AAUmDAYj0h/57AEM8VsQKq1pGTtjM
SxD++XJioZLpt6C8Xse5Nmz4wtL0Fb5NKWo5ijKpyv8
--- 3qOJnkY3Uc4fIex9mgz2+w+su5dS7K7Tmtk1hiqkn9M
ÁXª¨àeéˆaLQ H2*ZÅTé¿ ®P;Ý(jCÌ€k‡ viäµû<C2B5>ÿħ¡à†kæ`™ô]mò<6D>ÿBñ ,³±,ü÷?!¶{àŠ%­eÙì(„Su¿-SŸD¢¾“=H#‡„¼Þq=ï<>Uùí;=OÍ <÷R¼ÇÎE±“<+&­èdÂæ<18>>G+_oP¥Þ]ÿê¦RÄßL$Ö³\š°ü0ø¤N!þ"Áã&÷%Nž à<ËÃ,òv°1ÿÊÚj1

11
modules/secrets/paperless/admin-password.age
View file

@ -1,11 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw Cnh9E+IbDcTnJT0AmN1pFJ9PrT/bWswps3viYITN2yo
DwsFW60Su9sble5QFEjX5QoWVl/lMBsqAPWK+AB9epw
-> ssh-ed25519 pX8y2g fMdWosCSxRpJSA3VGDEyWzeQfTJD5sPnu38MrcJJ1A8
g16EuuS95pIeUuLZfqXR4Mey2GKiXRlxA2KRLD1RVns
-> s*.sKB4H-grease V9A)DG( T<yeD0a<
kaz3Ejq54nizMyMabG2TBzJ/oy8VIUKxQcXgWjM6CZp+8j36y5LtnR7osDZRzs27
Yf+Y52QuZWswmD+tC+VxaQUpdd+3xvv2MH7D5ih2tTXy9/wZFKWTvIsvKBKz7dOQ
--- Y6f3eO8mQAb/gAG4CnbxZa7L+FVBCd3v33tXf01pKLg
«Ø<fÂÇEGuñ‰x#ô;ZÔ/@%:ºì(&&ºXVøø¹Û"ö¾Î‘ñö,y`~n]BÅïî=Š\v8Œø´Ç¸”ŸþcO(7˜ú<CB9C>¡eÍXÝ0éÎ

9
modules/secrets/paperless/secret-key.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 k2gHjw CoGvifgWo1JvHjx3PKJa3jR3lKrvgvKnTTui1w6UR0I
gcadr6WbTzyrPD3h3oDifFj/pMZKIzUfDXL6e6610Is
-> ssh-ed25519 pX8y2g MBFa4xDU6CaH6amzlGTmFXIcAXLq2xykRd0WkeUEkQo
91jV5LUuhvOVKSg2cz3TMKI2SaZvCTzXL/xyUWbYJAg
-> lkH}'\W;-grease nZ K\MP7 HUsh
vWwsKxuBXKwpTBkYERd7kPo
--- xohFX48WGxRFVYQzdbSl7l2Go90FSUPH5ml6OalKJwQ
ÍsüÈùÁòÆ€ã·Õ<12>¡ŸhÝÝõ¦!è,(ÒQlÁök¶þV×ä¬ÛóË~éýÔÍU !ÂûB0 ~ÃÏA!2Ùnp€`²‹’ÕÍìL&¯±³{†}„3%{[)<18>t…®/nÊjb^{<7B>ƒ1Gû[G0ß ¿×‘ò mo˜Ÿˆ« È:naŸ¨Q®¥\âæômfG¾;ù(Sþ¶ŸÉÎå

BIN
modules/secrets/pleroma/pleroma-config.age
View file

Binary file not shown.

10
modules/secrets/restic-backup/boreal-credentials.age
View file

@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YWMQkg B5tQXcUdu751YYA4Y8uRH/DgGDi24AsXEAKkCVfg+Ro
21Gz0MsMCtWzUdVuaWdNwEU9Ts8lOQWCd7Ejf2tkxks
-> ssh-ed25519 k2gHjw NIG04WnNgq5bnSl9KmvFyvpGdFlmOFtXzuYtrsFOKXM
ZYZVyIM0jnhguRmfIpRtFg0StgYTlu/P9bgxBy9dbOg
-> u5-grease
MTgqDb6tqCuvdlXj9c2Y3XX1X7JfrdeKLM0EQ75ZJe+Hrntnpvn4fSlBr8QoOahm
fg
--- VzgNZ3/IBQVeYfOMGjnHPDRKoBDdxHth61pevk5+fLw
ŒÙúDíï° ´&…<QØ+¨úþéJoTÇ;US9.©âu'v¸œ,‘Ä@“úÿQKcëÛzÑ>v¢€ÃN1±tòÚ8w<˜Îò“w­°d<C2B0><64>>sG_øæÆšyø„u,þÅ%@J hñ"†Ev‡ÙX

BIN
modules/secrets/restic-backup/boreal-password.age
View file

Binary file not shown.

BIN
modules/secrets/restic-backup/hades-credentials.age
View file

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show more