nico/dots
2
2
Fork 1
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: nico:main
Branches Tags
nico:main
causalhonk:main
..
compare: causalhonk:main
Branches Tags
causalhonk:main
nico:main

1 commit
main ... main

Author SHA1 Message Date
Nicolai
9460650e57 rename bocchi hosts folder to miki 2025-05-25 01:27:44 +10:00
161 changed files with 1589 additions and 3189 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored
View file

@ -1,2 +1 @@
.DS_Store
result

90
README.md
View file

@ -1,54 +1,46 @@
# dots
## overview
<img width="60%" align="right" src="assets/linux-oneshot-launcher.webp">
# my little nix system
my dotfiles for NixOS, macOS or POSIX systems. primarily for systems that support [Nix](https://nixos.org) since they have declarative configuration. although dotfiles (in the stow directory) are made to keep them portable without the need for nix necessarily.
- OS: [NixOS](https://nixos.org) and macOS
- Shell: [fish](https://fishshell.com/)
- Terminal: [Ghostty](https://ghostty.org/)
- Browser: Firefox
## installation
### linux - desktop
1. Boot up NixOS live iso on a system.
2. Clone flake
3. Make a folder for the system under hosts/
4. Run `nixos-generate-config --dir hosts/HOSTNAME`
6. Set LUKS encryption passphrase via `sudo nano /tmp/secret.key`
7. Run disko `sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount /path/to/disko-config.nix`
8. Copy over flake directory to new system
9. Install system with `sudo nixos-install --flake .#HOSTNAME` - set a password for root
10. Reboot into new system.
11. Open a terminal and run `passwd`
12. Log into normal user and configure networking via `nmtui`
13. Apply dotfiles via `stow stow` in the base of the dotfiles directory.
14. Download a wallpaper and apply it via `matugen image`
linux specific:
- Desktop: [Hyprland](https://hyprland.org/) and [Niri](https://github.com/YaLTeR/niri)
- Status Bar: [Waybar](https://github.com/Alexays/Waybar)
- Launcher: [Vicinae](https://github.com/vicinaehq/vicinae)
#### Secure boot
If a system has a secure boot, install the system WITHOUT the secureboot module. Once the steps above have been completed return here.
macOS specific:
- Launcher: [Raycast](https://www.raycast.com/)
- Application Firewall: [Lulu](https://objective-see.org/products/lulu.html)
1. Generate secureboot signing keys with `sudo nix run nixpkgs#sbctl create-keys`
2. Rebuild the system WITH the secureboot module.
3. Run `sudo sbctl verify` to check if SOME of the files are signed.
4. Reboot your system, in the UEFI enable onboarding secureboot keys, usually a setting called 'Reset to setup mode'.
5. Boot into your NixOS system and run `sudo sbctl enroll-keys --microsoft` to enroll your keys.
6. Reboot into your UEFI again and enable secure boot.
# showcase
<table>
<tr>
<td>NixOS</td>
<td>macOS</td>
</tr>
<tr>
<td><img src="assets/linux-bocchi-fastfetch.webp"></td>
<td><img src="assets/macos-bocchi-fastfetch.webp"></td>
</tr>
<tr>
<td><img src="assets/linux-oneshot-launcher.webp"></td>
<td><img src="assets/macos-oneshot-light.webp"></td>
</tr>
<tr>
<td><img src="assets/linux-mafuyu.webp"></td>
<td><img src="assets/macos-nene.webp"></td>
</tr>
</table>
# license
all content in this repository is licensed under the BSD0 license aka 0-Clause BSD license.
```
Permission to use, copy, modify, and/or distribute this software for
any purpose with or without fee is hereby granted.
THE SOFTWARE IS PROVIDED “AS IS” AND THE AUTHOR DISCLAIMS ALL
WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE
FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
### macOS
1. Install xcode developer tools, determinate nix and brew.
```sh
xcode-select --install
curl -fsSL https://install.determinate.systems/nix | sh -s -- install --determinate
/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
```
2. Install Nix flake to system. `nix run nix-darwin/master#darwin-rebuild -- switch`
3. Reboot
4. Install OpenUTAU `https://github.com/stakira/OpenUtau/releases/latest/download/OpenUtau-osx-x64.dmg`
5. Configure non-automated settings
- set accent colour
- set display to be spacious
- customise spotlight settings
- disable bluetooth
- enable firewall
- set wallpaper
- enable switching workspace keybinds

BIN
assets/linux-bocchi-fastfetch.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 235 KiB

BIN
assets/linux-mafuyu.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 324 KiB

BIN
assets/linux-oneshot-launcher.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 102 KiB

BIN
assets/macos-bocchi-fastfetch.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 174 KiB

BIN
assets/macos-nene.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 124 KiB

BIN
assets/macos-oneshot-light.webp
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 73 KiB

59
backup.sh
View file

@ -1,59 +0,0 @@
#!/bin/sh
# stops the script immediately if any error is encountered
set -e
PINK="\033[35m"
RESET="\033[0m"
kanidm_backup() {
# $1 = out path
echo -e "$PINK kanidm: backing up database$RESET"
DATABASE_DUMP_PATH="$(mktemp)"
chown kanidm:kanidm "$DATABASE_DUMP_PATH"
run0 -u kanidm --unit=kanidmd sh -c "kanidmd database backup \"$DATABASE_DUMP_PATH\""
rsync "$DATABASE_DUMP_PATH" "$1"
rm "$DATABASE_DUMP_PATH"
echo -e "$PINK kanidm: DONE$RESET"
}
postgres_backup() {
# $1 = database to backup
# $2 = location to put backup
echo -e "$PINK postgres($1): backing up database $1 to stdout$RESET"
run0 -u postgres pg_dump --dbname="$1" > "$2"
echo -e "$PINK postgres($1): DONE$RESET"
}
if [ "$1" = "" ]; then
echo "$0: [BACKUP_DIR]"
exit 1
elif [ "$USER" != "root" ]; then
echo "$0: rerun the script as root"
exit 1
fi
case "$1" in
/*) echo " ";;
*) echo "$0: use absolute path for backup dir"; exit 1;;
esac
BACKUP_DIR="$1"
echo -e "$PINK using folder $BACKUP_DIR$RESET"
mkdir --parents "$BACKUP_DIR"
SERVICES="jellyfin radarr sonarr prowlarr uptime-kuma deluged forgejo karakeep-web karakeep-workers karakeep-browser"
systemctl stop $SERVICES
rsync -avP /media/ --exclude "media" --exclude "secrets" --exclude "torrents" --include "torrents/files/*" "$BACKUP_DIR"
kanidm_backup "$BACKUP_DIR"/apps/kanidm.bak
postgres_backup miniflux "$BACKUP_DIR"/apps/miniflux.sql
systemctl start $SERVICES
echo -e "\n\nBACKUP COMPLETED!"

139
flake.lock generated
View file

@ -2,11 +2,11 @@
"nodes": {
"crane": {
"locked": {
"lastModified": 1754269165,
"narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=",
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "444e81206df3f7d92780680e45858e31d2f07a08",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
@ -15,14 +15,35 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746728054,
"narHash": "sha256-eDoSOhxGEm2PykZFa/x9QG5eTH0MJdiJ9aR00VAofXE=",
"owner": "nix-community",
"repo": "disko",
"rev": "ff442f5d1425feb86344c028298548024f21256d",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "latest",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -34,11 +55,11 @@
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
@ -55,11 +76,11 @@
]
},
"locked": {
"lastModified": 1754091436,
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@ -68,6 +89,24 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@ -98,11 +137,11 @@
]
},
"locked": {
"lastModified": 1771587792,
"narHash": "sha256-XGFLdlLOez7f0rmjlF+1TLXyBguy8gx2aBHx/Q5JXxs=",
"lastModified": 1747990026,
"narHash": "sha256-sG5VbID+x5+xUC+jjgHibnzg8IllVcH+K2TLmYHLPME=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "b49fc54950e251f166a2240799315033ab7a8916",
"rev": "e2f4ced874406541a7957f7e2b8f05a0d59a0f00",
"type": "github"
},
"original": {
@ -123,16 +162,16 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1762205063,
"narHash": "sha256-If6vQ+KvtKs3ARBO9G3l+4wFSCYtRBrwX1z+I+B61wQ=",
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "88b8a563ff5704f4e8d8e5118fb911fa2110ca05",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.3",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
@ -144,11 +183,11 @@
]
},
"locked": {
"lastModified": 1771520882,
"narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=",
"lastModified": 1748004251,
"narHash": "sha256-XodjkVWTth3A2JpBqGBkdLD9kkWn94rnv98l3xwKukg=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf",
"rev": "33220d4791784e4dd4739edd3f6c028020082f91",
"type": "github"
},
"original": {
@ -182,15 +221,15 @@
"nix-minecraft": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs",
"systems": "systems"
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1771641457,
"narHash": "sha256-TIekRGfeCwuEmYcWex40RTx0Gd46pqmyUtxdFKb5juI=",
"lastModified": 1748051893,
"narHash": "sha256-KV6bgVHPzb9ymVk9WDRX1lkkeoZETMbS/MyPpIOUWVo=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "c4e2b8969e09067da9d44b6b5762e1e896418f40",
"rev": "a600d058c19e1668db6ba759ecc4cfd154079ab5",
"type": "github"
},
"original": {
@ -201,11 +240,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"lastModified": 1742889210,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d",
"type": "github"
},
"original": {
@ -215,13 +254,29 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1771369470,
"narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0182a361324364ae3f436a63005877674cf45efb",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1747744144,
"narHash": "sha256-W7lqHp0qZiENCDwUZ5EX/lNhxjMdNapFnbErcbnP11Q=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2795c506fe8fb7b03c36ccb51f75b6df0ab2553f",
"type": "github"
},
"original": {
@ -241,14 +296,15 @@
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
@ -259,6 +315,7 @@
},
"root": {
"inputs": {
"disko": "disko",
"jovian": "jovian",
"lanzaboote": "lanzaboote",
"nix-darwin": "nix-darwin",
@ -274,11 +331,11 @@
]
},
"locked": {
"lastModified": 1761791894,
"narHash": "sha256-myRIDh+PxaREz+z9LzbqBJF+SnTFJwkthKDX9zMyddY=",
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "59c45eb69d9222a4362673141e00ff77842cd219",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {

83
flake.nix
View file

@ -4,79 +4,54 @@
inputs = {
# NixOS official package source, using the unstable branch here
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.3";
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
nix-darwin.url = "github:LnL7/nix-darwin";
nix-darwin.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";
jovian.url = "github:Jovian-Experiments/Jovian-NixOS";
jovian.inputs.nixpkgs.follows = "nixpkgs";
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
};
outputs = { self, nixpkgs, lanzaboote, nix-darwin, jovian, nix-minecraft, ... }@inputs: {
outputs = { self, nixpkgs, lanzaboote, nix-darwin, disko, jovian, nix-minecraft, ... }@inputs: {
nixosConfigurations.nijika = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/nixos-common.nix
./modules/desktop/default.nix
./modules/desktop/de/hyprland.nix
./modules/desktop/japanese-input.nix
./modules/desktop/login/autologin.nix
./modules/applications/default.nix
./modules/applications/keepassxc.nix
./modules/games/linux.nix
./modules/browser/firefox.nix
./modules/nix/linux.nix
./modules/shell.nix
./modules/network/avahi.nix
nix-minecraft.nixosModules.minecraft-servers
{ nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; }
./modules/games/server/minecraft/default.nix
./modules/services/uptime-kuma.nix
./modules/services/pocketid.nix
./modules/services/auth/kanidm.nix
./modules/services/caddy.nix
./modules/services/forgejo.nix
./modules/services/miniflux.nix
./modules/services/media/arr.nix
./modules/services/media/jellyfin.nix
./modules/services/ssh.nix
./modules/services/glance.nix
./modules/network/avahi.nix
./modules/network/firewall/opensnitch.nix
./modules/network/vpn/tailscale.nix
./modules/users/nico.nix
./modules/hardware/secureboot.nix
./modules/hardware/bootloader/systemd-boot.nix
lanzaboote.nixosModules.lanzaboote
./hosts/nijika/configuration.nix
disko.nixosModules.disko
];
};
nixosConfigurations.seika = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/nixos-common.nix
./modules/services/uptime-kuma.nix
./modules/services/auth/kanidm.nix
./modules/services/auth/tinyauth.nix
./modules/services/caddy.nix
./modules/services/forgejo.nix
./modules/services/miniflux.nix
./modules/services/karakeep.nix
./modules/services/media/arr.nix
./modules/services/media/jellyfin.nix
./modules/services/archiveteam-warrior.nix
./modules/services/samba.nix
./modules/hardware/restic.nix
./modules/network/avahi.nix
./modules/services/ssh.nix
./modules/services/dns/coredns.nix
./modules/services/dns/ddns-updater.nix
./modules/network/vpn/tailscale.nix
./modules/nix/linux.nix
./modules/shell.nix
./modules/users/nico.nix
./modules/hardware/bootloader/systemd-boot.nix
./hosts/seika/configuration.nix
];
};
nixosConfigurations.miki = nixpkgs.lib.nixosSystem {
nixosConfigurations.bocchi = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
./hosts/nixos-common.nix
@ -84,20 +59,20 @@
./modules/nix/linux.nix
./modules/shell.nix
./modules/services/caddy.nix
./modules/services/media/jellyfin.nix
./modules/services/media/arr.nix
./modules/services/auth/tinyauth.nix
./modules/services/ssh.nix
./modules/network/vpn/tailscale.nix
nix-minecraft.nixosModules.minecraft-servers
{ nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; }
./modules/games/server/minecraft/default.nix
./modules/games/server/minecraft/neoforge-1.21.1.nix
./modules/users/nico.nix
./modules/users/rhys.nix
./hosts/miki/configuration.nix
./modules/hardware/bootloader/systemd-boot.nix
./hosts/bocchi/configuration.nix
./hosts/nixos-common.nix
disko.nixosModules.disko
];
};
@ -111,8 +86,6 @@
./modules/games/darwin.nix
./modules/applications/darwin.nix
./modules/desktop/de/darwin.nix
./modules/desktop/de/yabai.nix
./modules/desktop/programs/sketchybar.nix
./modules/hardware/darwin.nix
./modules/nix/darwin.nix
./modules/network/vpn/tailscale-darwin.nix

22
hosts/miki/configuration.nix
View file

@ -5,24 +5,12 @@
./hardware-configuration.nix
];
networking.hostName = "miki";
# gpu drivers
networking.hostName = "bocchi";
hardware.graphics.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470;
hardware.nvidia.open = false;
nixpkgs.config.allowUnfree = true;
nixpkgs.config.nvidia.acceptLicense = true;
# game servers
services.minecraft-servers.servers.velocity.enable = lib.mkForce false;
virtualisation.oci-containers.containers.neoforge-1-21-1.ports = [ "25565:25565" ];
virtualisation.oci-containers.containers.neoforge-1-21-1.environment.SERVER_PORT = lib.mkForce "25565";
swapDevices = [{
device = "/swapfile";
size = 8*1024; # 8 GB
}];
# so safe!!!!
nixpkgs.config.permittedInsecurePackages = [
"broadcom-sta-6.30.223.271-59-6.12.65"
];
}

4
hosts/nijika/configuration.nix
View file

@ -2,6 +2,7 @@
{
imports = [
./disko.nix
./hardware-configuration.nix
];
@ -17,6 +18,9 @@
# see: https://github.com/NixOS/nixpkgs/issues/356535
# intel-compute-runtime-legacy1
vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
intel-ocl # OpenCL support
];
services.logind.lidSwitchExternalPower = "ignore";
}

61
hosts/nijika/disko.nix Normal file
View file

@ -0,0 +1,61 @@
{ ... }:
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "root";
passwordFile = "/tmp/secret.key";
settings = {
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "1G";
};
};
};
};
};
};
};
};
};
};
}

41
hosts/nijika/hardware-configuration.nix
View file

@ -8,44 +8,17 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "uas" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/4a0361b6-b3b4-48dd-a089-babdfa072fc2";
fileSystems."/nix" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=nix" ];
};
fileSystems."/.swapvol" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=swap" ];
};
fileSystems."/home" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CF57-9CF0";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

1
hosts/nixos-common.nix
View file

@ -6,6 +6,7 @@
{
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# Networking

19
hosts/seika/configuration.nix
View file

@ -1,19 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
];
networking.hostName = "seika";
hardware.graphics.enable = true;
environment.sessionVariables.LIBVA_DRIVER_NAME = "iHD";
hardware.graphics.extraPackages = with pkgs; [
intel-media-driver # For Broadwell (2014) or newer processors. LIBVA_DRIVER_NAME=iHD
libva-vdpau-driver # Previously vaapiVdpau
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
];
services.logind.settings.Login.HandleLidSwitchExternalPower = "ignore";
}

56
hosts/seika/hardware-configuration.nix
View file

@ -1,56 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/120b2057-ed32-40c0-b838-25e5713cc5d6";
fsType = "btrfs";
options = [ "subvol=@root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/120b2057-ed32-40c0-b838-25e5713cc5d6";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/120b2057-ed32-40c0-b838-25e5713cc5d6";
fsType = "btrfs";
options = [ "subvol=@nix" ];
};
fileSystems."/media" =
{ device = "/dev/disk/by-uuid/120b2057-ed32-40c0-b838-25e5713cc5d6";
fsType = "btrfs";
options = [ "subvol=@media" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/120b2057-ed32-40c0-b838-25e5713cc5d6";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/E89A-EECA";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
modules/applications/1password.nix
View file

@ -1,19 +0,0 @@
{ config, ...}:
{
programs._1password.enable = true;
programs._1password-gui = {
enable = true;
polkitPolicyOwners = [ "nico" ];
};
# browser extensions
programs.firefox.policies.ExtensionSettings."{d634138d-c276-4fc8-924b-40a0ea21d284}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/1password-x-password-manager/latest.xpi";
};
programs.chromium.extensions = [
"aeblfdkhhhdcdjpifhhbdiojplfjncoa" # 1Password
];
}

46
modules/applications/darwin.nix
View file

@ -5,30 +5,27 @@
# dock
system.defaults.dock.persistent-apps = [
"/Applications/Zen.app"
"/Applications/Firefox.app"
"/Applications/Ghostty.app"
"/System/Applications/Music.app"
"/Applications/Nix Apps/KeePassXC.app"
{ spacer.small = true; }
"/Applications/Nix Apps/Spotify.app"
"/Applications/Grayjay.app"
"/Applications/Infuse.app"
"/System/Applications/Messages.app"
"/Applications/Signal.app"
"/Applications/Nix Apps/Discord.app"
"/Applications/Nix Apps/Vesktop.app"
"/Applications/Nix Apps/UTM.app"
"/System/Applications/Mail.app"
{ spacer.small = true; }
"/Applications/Nix Apps/Obsidian.app"
"/Applications/Nix Apps/Anki.app"
"/Applications/Reeder.app"
{ spacer.small = true; }
"/Applications/1Password.app"
"/Applications/OBS.app"
"/Applications/Nix Apps/Audacity.app"
"/Applications/Affinity.app"
"/Applications/GIMP.app"
"/Applications/Krita.app"
# "/Applications/Blender.app"
# "/Applications/OpenUTAU.app"
{ spacer.small = true; }
"/Applications/Blender.app"
"/Applications/OpenUTAU.app"
];
# homebrew pkgs
@ -36,27 +33,28 @@
enable = true;
onActivation.cleanup = "zap";
casks = [
"zen"
"firefox"
"ghostty"
"krita"
"blender"
"obs"
"grayjay"
"gimp"
"signal"
"soulseek"
"musicbrainz-picard"
"affinity"
"1password"
"the-unarchiver"
"battery"
"linearmouse"
"alt-tab"
"easy-move+resize"
"lulu"
];
brews = [
"mas"
"rectangle"
];
masApps = {
"Infuse" = 1136220934;
"Reeder Classic" = 1529448980;
};
};
# hotkey daemon
services.skhd.enable = true;
}

20
modules/applications/default.nix
View file

@ -2,31 +2,25 @@
{
environment.systemPackages = with pkgs; [
spotify
audacity
obsidian
ani-cli
(discord.override {
withVencord = true;
})
yt-dlp
vesktop
_1password-cli
] ++ lib.optionals pkgs.stdenv.isLinux (with pkgs; [
mpv
ghostty
thunderbird
krita
openutau
obs-studio
blender
gimp3
signal-desktop-bin
anki
newsflash
nicotine-plus
picard
whipper
gimp
_1password-gui
]) ++ lib.optionals pkgs.stdenv.isDarwin (with pkgs; [
iina
utm
raycast
anki-bin
keepassxc
]);
}

16
modules/applications/keepassxc.nix
View file

@ -1,16 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
keepassxc
];
# browser extensions
programs.firefox.policies.ExtensionSettings."keepassxc-browser@keepassxc.org" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi";
};
programs.chromium.extensions = [
"oboonakemofpalcgghocfoadofidjkkk" # KeePassXC
];
}

19
modules/browser/chromium.nix
View file

@ -1,19 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.chromium # not enabled through programs.chromium.enable
];
programs.chromium = {
enable = true;
enablePlasmaBrowserIntegration = if (config.services.desktopManager.plasma6.enable == true) then true else false;
extensions = [
"ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock origin lite
"eimadpbcbfnmbkopoojfekhnkhdbieeh" # dark reader
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock
"fnaicdffflnofjppbagibeoednhnbjhg" # floccus bookmark sync
];
};
}

30
modules/browser/firefox.nix
View file

@ -8,18 +8,6 @@
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
};
"gdpr@cavi.au.dk" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/consent-o-matic/latest.xpi";
};
"{cb31ec5d-c49a-4e5a-b240-16c767444f62}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/indie-wiki-buddy/latest.xpi";
};
"myallychou@gmail.com" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/youtube-recommended-videos/latest.xpi";
};
"@testpilot-containers" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/multi-account-containers/latest.xpi";
@ -32,9 +20,13 @@
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/temporarytabcontainer/latest.xpi";
};
"sponsorBlocker@ajay.app" = {
"keepassxc-browser@keepassxc.org" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorblock/latest.xpi";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/keepassxc-browser/latest.xpi";
};
"pywalfox@frewacom.org" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/pywalfox/latest.xpi";
};
};
@ -132,5 +124,15 @@
// use same search engine (duckduckgo) for private browsing
lockPref("browser.search.separatePrivateDefault", false);
// stop extensions connecting to the internet
lockPref(
"extensions.webextensions.base-content-security-policy",
"default-src 'none'; script-src 'none'; object-src 'none';"
);
lockPref(
"extensions.webextensions.base-content-security-policy.v3",
"default-src 'none'; script-src 'none'; object-src 'none';"
);
'';
}

13
modules/desktop/de/aerospace.nix
View file

@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
services.aerospace.enable = true;
services.aerospace.settings = ( builtins.fromTOML ( builtins.readFile ../../../stow/.config/aerospace/aerospace.toml ));
homebrew.brews = [
"FelixKratz/formulae/borders"
];
environment.systemPackages = with pkgs; [
matugen
];
}

4
modules/desktop/de/darwin.nix
View file

@ -11,9 +11,6 @@
system.defaults.NSGlobalDomain.NSDisableAutomaticTermination = true;
system.defaults.NSGlobalDomain.NSDocumentSaveNewDocumentsToCloud = false;
# enable ctrl+cmd to drag windows anywhere
system.defaults.NSGlobalDomain.NSWindowShouldDragOnGesture = true;
# hot corners
system.defaults.dock = {
wvous-bl-corner = 1;
@ -25,6 +22,7 @@
# login
system.defaults.loginwindow.GuestEnabled = false;
system.defaults.screensaver.askForPassword = true;
system.defaults.loginwindow.SHOWFULLNAME = true; # user needs to enter username and password to login
# control center
system.defaults.controlcenter = {

28
modules/desktop/de/hyprland.nix
View file

@ -5,8 +5,11 @@
# Optional, hint electron apps to use wayland:
environment.sessionVariables.NIXOS_OZONE_WL = "1";
# have portals
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs.hyprlock.enable = true;
services.hypridle.enable = true;
environment.systemPackages = with pkgs; [
ghostty
@ -18,15 +21,32 @@
wl-clipboard
brightnessctl
helvum
vicinae
walker
playerctl
swaynotificationcenter
hyprshot
matugen
glib
pywalfox-native
hyprshade
hyprpolkitagent
];
programs.ssh.startAgent = true;
# enable polkit
security.polkit.enable = true;
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

21
modules/desktop/de/kde.nix
View file

@ -4,23 +4,26 @@
services.desktopManager.plasma6.enable = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [
plasma-browser-integration
konsole
(lib.getBin qttools) # Expose qdbus in PATH
ark
elisa
gwenview
okular
kate
khelpcenter
#dolphin
baloo-widgets # baloo information in Dolphin
dolphin-plugins
spectacle
ffmpegthumbs
krdp
# gwenview
# dolphin
# spectacle
# xwaylandvideobridge
# kate
# gwenview
# ark
# plasma-browser-integration
gwenview
#xwaylandvideobridge
];
}

20
modules/desktop/de/yabai.nix
View file

@ -1,20 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.yabai = {
enable = true;
enableScriptingAddition = true;
extraConfig = builtins.readFile ../../../stow/.config/yabai/yabairc;
};
system.defaults.spaces.spans-displays = lib.mkForce false;
environment.systemPackages = with pkgs; [
skhd
matugen
];
homebrew.brews = [
"FelixKratz/formulae/borders"
];
}

6
modules/desktop/default.nix
View file

@ -5,14 +5,8 @@
./pipewire.nix
./flatpak.nix
./fonts.nix
./printing.nix
];
# Enable font dir for compatability
fonts.fontDir.enable = true;
# enable desktop portals
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}

2
modules/desktop/fonts.nix
View file

@ -8,8 +8,6 @@
noto-fonts-cjk-sans # gets japanese and chinese langs
nerd-fonts.comic-shanns-mono # programming fonts
corefonts # basic web fonts
comic-neue
];
};
}

24
modules/desktop/japanese-input.nix
View file

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
{
i18n.inputMethod = {
enable = true;
type = "fcitx5";
fcitx5.waylandFrontend = true;
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-gtk
];
};
i18n.inputMethod.fcitx5.settings.inputMethod = {
GroupOrder."0" = "Default";
"Groups/0" = {
Name = "Default";
"Default Layout" = "au";
DefaultIM = "mozc";
};
"Groups/0/Items/0".Name = "keyboard-au";
"Groups/0/Items/1".Name = "mozc";
};
}

4
modules/desktop/login/autologin.nix
View file

@ -6,11 +6,11 @@
enable = true;
settings = {
initial_session = {
command = if (config.programs.niri.enable == true) then "${pkgs.niri}/bin/niri-session" else if (config.programs.hyprland.enable == true) then "${pkgs.hyprland}/bin/start-hyprland" else "${pkgs.zsh}/bin/zsh";
command = if (config.programs.niri.enable == true) then "${pkgs.niri}/bin/niri-session" else if (config.programs.hyprland.enable == true) then "${pkgs.hyprland}/bin/Hyprland" else "${pkgs.zsh}/bin/zsh";
user = "nico";
};
default_session = {
command = "${lib.getExe pkgs.tuigreet} --asterisks --time --greeting 'nyaaa~~'";
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --asterisks --time --greeting 'nyaaa~~'";
};
};
};

20
modules/desktop/login/plymouth.nix
View file

@ -1,20 +0,0 @@
{ pkgs, ... }: {
boot = {
plymouth = {
enable = true;
theme = "bgrt";
};
# Enable "Silent boot"
consoleLogLevel = 3;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
};
}

6
modules/desktop/login/sddm.nix
View file

@ -1,6 +0,0 @@
{ config, ... }:
{
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
}

21
modules/desktop/polkit-gtk.nix
View file

@ -1,21 +0,0 @@
{ config, pkgs, ... }:
{
# enable polkit
security.polkit.enable = true;
systemd = {
user.services.polkit-gnome-authentication-agent-1 = {
description = "polkit-gnome-authentication-agent-1";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
}

10
modules/desktop/printing.nix
View file

@ -1,10 +0,0 @@
{ config, ... }:
{
imports = [
../network/avahi.nix
];
services.printing.enable = true;
services.avahi.openFirewall = true;
}

6
modules/desktop/programs/sketchybar.nix
View file

@ -1,9 +1,7 @@
{ config, lib, pkgs, ... }:
{
services.skhd.enable = true;
services.sketchybar.enable = true;
system.defaults.NSGlobalDomain._HIHideMenuBar = true;
homebrew.brews = [
"FelixKratz/formulae/sketchybar"
];
}

6
modules/games/darwin.nix
View file

@ -4,14 +4,16 @@
imports = [ ./default.nix ];
homebrew.casks = [
"whisky"
"steam"
"roblox"
"heroic"
];
system.defaults.dock.persistent-apps = [
"/Applications/Steam.app"
"/Applications/Heroic.app"
"/Applications/Whisky.app"
"${pkgs.prismlauncher}/Applications/PrismLauncher.app"
"${pkgs.osu-lazer-bin}/Applications/osu!.app"
{ spacer.small = true; }
];
}

8
modules/games/server/minecraft/building.nix
View file

@ -3,9 +3,9 @@
{
services.minecraft-servers.servers.building = {
enable = true;
package = pkgs.paperServers.paper-1_21_11;
package = pkgs.paperServers.paper-1_21_5;
autoStart = true;
jvmOpts = "-Xms1024M -Xmx4096M";
jvmOpts = "-Xms4096M -Xmx4096M";
serverProperties = {
server-port = 30002;
@ -16,8 +16,8 @@
};
symlinks = {
"plugins/Worldedit.jar" = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/1u6JkXh5/versions/qYMNQYjH/worldedit-bukkit-7.3.18-beta-01.jar"; sha256 = "sha256-/TRUrwHhjnyBuCVyS34IWzvILz79RhZjS6k2DLwkUk0="; };
"plugins/EssentialsX.jar" = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/hXiIvTyT/versions/Oa9ZDzZq/EssentialsX-2.21.2.jar"; sha256 = "sha256-C3WQJvAvPFR8MohvNmbbPB+Uz/c+FBrlZIMT/Q0L38Y="; };
"plugins/Worldedit.jar" = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/1u6JkXh5/versions/NhJaettg/worldedit-bukkit-7.3.12-beta-01.jar"; sha256 = "sha256-NP5ALYQe6DVVAeTeDGxySKZ8sjQnLjQc8PTbDS+Lbd4="; };
"plugins/EssentialsX.jar" = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/hXiIvTyT/versions/SKQwLLoQ/EssentialsX-2.21.0.jar"; sha256 = "sha256-VwQyKlSDa5hLEQ9+Igi67RiGwu/tREa0l+Z+US/skMU="; };
};
};

19
modules/games/server/minecraft/fabric-modless.nix
View file

@ -3,9 +3,9 @@
{
services.minecraft-servers.servers.fabric-modless = {
enable = true;
package = pkgs.fabricServers.fabric-1_21_11;
package = pkgs.fabricServers.fabric-1_21_5;
autoStart = true;
jvmOpts = "-Xms1024M -Xmx4096M";
jvmOpts = "-Xms4096M -Xmx4096M";
serverProperties = {
server-port = 30001;
@ -15,11 +15,11 @@
symlinks = {
mods = pkgs.linkFarmFromDrvs "mods" (builtins.attrValues {
FabricAPI = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/KhCFoeip/fabric-api-0.139.5%2B1.21.11.jar"; sha512 = "hSyedhdbLVHOoZG/zAAFuCTeQz8abeAdZyuegsocq4R4sYBnC8bEgRdE70q+yL0v86sPnBqlZEcT0G8/vMJ48A=="; };
Chunky = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/fALzjamp/versions/bk9YUabA/Chunky-Fabric-1.4.54.jar"; sha512 = "vxX9sMDiBMKUdmxrkvDcidlulM5PcLmKxC6qRrh4Aq9Wz+tlSHePSUWx/cL+VholR39xGTfb85DiC5TBvQBsrg=="; };
Ferritecore = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/uXXizFIs/versions/eRLwt73x/ferritecore-8.0.3-fabric.jar"; sha512 = "vmAFQ+SZtZKG+UCfRkl1cK3FGTmuY+qhKsKeZ3jaJ9jHxs0LM0DYvMocyZzmF3mxqPUrmQ+eTpqTqpxkgpBSMQ=="; };
NoChatReports = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/qQyHxfxd/versions/78RjC1gi/NoChatReports-FABRIC-1.21.10-v2.16.0.jar"; sha512 = "ObLyhPc/gpABK4ucxwCF1ZZoVH/HtOxDqzTkvKazmmaR++MrwzJuQDU7qcFqBjIOUoGDFb53eZparVJjcMvHcw=="; };
FabricProxyLite = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/8dI2tmqs/versions/nR8AIdvx/FabricProxy-Lite-2.11.0.jar"; sha512 = "wuHZJ59vGaVh+TS4RlQLKKAzWGtLQZucGqJ6xD/8j60s5g4hKhVAbl+jkH/17L5a96XtsYOp7mc3pB5GSuwTdQ=="; };
FabricAPI = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/FZ4q3wQK/fabric-api-0.119.9%2B1.21.5.jar"; sha512 = "4eec629514cba71e4792c1ebf357e574713e5fdb3c01c6e7d132ed631bdeaab0b38bcab84d4ade14c6966c24f9938026da2e65c25b58cde4ce9710c49d147e87"; };
Chunky = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/fALzjamp/versions/mhLtMoLk/Chunky-Fabric-1.4.36.jar"; sha512 = "65a201c246c95f6189a16e715d944e4a7ca7f44a8c4a39c8e6523d8c58e331d6611c78deff050cb4a2a2d80c5b8d84e3593a9b8ff961f7aee3d171a4ef7af2c7"; };
Ferritecore = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/uXXizFIs/versions/CtMpt7Jr/ferritecore-8.0.0-fabric.jar"; sha512 = "131b82d1d366f0966435bfcb38c362d604d68ecf30c106d31a6261bfc868ca3a82425bb3faebaa2e5ea17d8eed5c92843810eb2df4790f2f8b1e6c1bdc9b7745"; };
NoChatReports = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/qQyHxfxd/versions/CHlHxkvf/NoChatReports-FABRIC-1.21.5-v2.12.0.jar"; sha512 = "c0825db25672cf8b50face51ec8a6bedb4be50b374a2537640a433c98817bc07c177485e93ab8cee9e3f7bfb1d2eb1460309e818b411764c92426b552487a9f7"; };
FabricProxyLite = pkgs.fetchurl { url = "https://cdn.modrinth.com/data/8dI2tmqs/versions/AQhF7kvw/FabricProxy-Lite-2.9.0.jar"; sha512 = "3044f36df7e83021210a7c318def18a95b5dbf5e3230bb72a3ddb42ebdda33f248c6d12efcee1240ff0c54600d68d147afa105d04ee37a90acb9409619c89848"; };
});
};
};
@ -27,6 +27,11 @@
services.minecraft-servers.servers.velocity.symlinks."velocity.toml".value = {
servers = {
fabric-modless = "127.0.0.1:30001";
# In what order we should try servers when a player logs in or is kicked from a server.
try = [
"fabric-modless"
];
};
};
}

5
modules/games/server/minecraft/forge-1.19.2.nix
View file

@ -22,6 +22,11 @@
services.minecraft-servers.servers.velocity.symlinks."velocity.toml".value = {
servers = {
forge-1-19-2 = "127.0.0.1:30004";
# In what order we should try servers when a player logs in or is kicked from a server.
try = [
"forge-1-19-2"
];
};
};
}

8
modules/games/server/minecraft/neoforge-1.21.1.nix
View file

@ -10,8 +10,7 @@
TYPE = "NEOFORGE";
VERSION = "1.21.1";
EULA = "TRUE";
INIT_MEMORY = "1G";
MAX_MEMORY = "6G";
MEMORY = "4G";
SERVER_PORT = "30005";
UID = "992";
@ -22,6 +21,11 @@
services.minecraft-servers.servers.velocity.symlinks."velocity.toml".value = {
servers = {
neoforge-1-21-1 = "127.0.0.1:30005";
# In what order we should try servers when a player logs in or is kicked from a server.
try = [
"neoforge-1-21-1"
];
};
};
}

11
modules/games/server/minecraft/velocity.nix
View file

@ -6,10 +6,10 @@
package = pkgs.velocityServers.velocity;
autoStart = true;
openFirewall = true;
jvmOpts = "-Xms128M -Xmx1024M";
jvmOpts = "-Xms256M -Xmx1024M";
symlinks = {
"plugins/Luckperms.jar" = pkgs.fetchurl { url = "https://download.luckperms.net/1610/velocity/LuckPerms-Velocity-5.5.21.jar"; sha512 = "xAUogBzYUF71CuutcUPM1QJLVel/6Ihzui1Ksbdrd5qeGDqecULdHJtMNsLCM6XQJndGgBTrGv4xljLzVQsx7A=="; };
"plugins/Velocitab.jar" = pkgs.fetchurl { url = "https://hangarcdn.papermc.io/plugins/William278/Velocitab/versions/1.7.9/VELOCITY/Velocitab-1.7.9.jar"; sha512 = "2okGzE0QJz8RTOmVCZHBizokEuTwVvKRPwr6JhJUg5kpsWWhkF+k+XCMzI5aMwSbDy7+2W3NE1qvbfFZHAKdsw=="; };
"plugins/Luckperms.jar" = pkgs.fetchurl { url = "https://download.luckperms.net/1575/velocity/LuckPerms-Velocity-5.4.158.jar"; sha512 = "07b649db2d2c9f16791d706621dcb606d05bbc1125fa65765e7d4cf4b45778a84f65ca4ad8e461ff146646805072852322cfbd91d66699af5e895d00b233648f"; };
"plugins/Velocitab.jar" = pkgs.fetchurl { url = "https://hangarcdn.papermc.io/plugins/William278/Velocitab/versions/1.7.5/VELOCITY/Velocitab-1.7.5.jar"; sha512 = "ExyxRVbkzgVRTOZC9yRrwJbNpRnD1aFZa/QlMmBHAjLMXYmM/Q7lRMGtQs3dyrjBI06Z9e01ZaOmTTa2RbtNew=="; };
"plugins/Message.jar" = pkgs.fetchurl { url = "https://hangarcdn.papermc.io/plugins/OskarsMC-Plugins/message/versions/1.4.0/VELOCITY/message-1.4.0-all.jar"; sha512 = "62503339714d7d26d71a98b2036cd04e91c9049567a033441d904a5f3190177bdc41dcd5183e6c51eb083a143edbfaf50642d44c99c1b83e7a3546a3654305c8"; };
"plugins/Send.jar" = pkgs.fetchurl { url = "https://github.com/OskarsMC-Plugins/send/releases/download/3.0.0/send-3.0.0.jar"; sha512 = "aff03bb13804cd01ecd649d283bfdb0b3411cb4df045670328a43f53a05f7386a76a536c4fcbbd3cdc718aa300f2ab2940c7437a181e31fa9f1c9c0e591896ab"; };
@ -21,7 +21,7 @@
config-version = "2.7";
bind = "0.0.0.0:25565";
motd = "<gray>A velocity server.\n<gray>hosted on <light_purple>${config.networking.hostName}<gray>.";
motd = "<#09add3>A Velocity Server";
show-max-players = 500; # displayed maximum players, not an actual cap
online-mode = true;
force-key-authentication = true;
@ -42,7 +42,6 @@
headers = [ "<gray>" ];
footers = [ "<gray>connected to <light_purple>%server%<gray>" ];
format = "<white>%prefix%%username% <gray>%server%";
send_scoreboard_packets = true;
nametag.prefix = "%prefix%";
nametag.suffix = "";
sorting_placeholders = [
@ -64,7 +63,7 @@
messages = {
message-sent = "<light_purple></light_purple> <gray><sender></gray> <dark_gray></dark_gray> <gray><receiver></gray> <white><message></white>";
message-received = "<light_purple></light_purple> <gray><sender></gray> <dark_gray></dark_gray> <gray><receiver></gray> <white><message></white>";
message-received = "<light_purple></light_purple> <gray><receiver></gray> <dark_gray></dark_gray> <gray><sender></gray> <white><message></white>";
message-socialspy = "<light_purple> spy</light_purple> <gray><sender></gray> <dark_gray></dark_gray> <gray><receiver></gray> <white><message></white>";
};

23
modules/hardware/bootloader/limine.nix
View file

@ -1,23 +0,0 @@
{ config, pkgs, ... }:
{
boot.loader.limine = {
enable = true;
validateChecksums = true;
panicOnChecksumMismatch = true;
enableEditor = false;
extraEntries =
''
/memtest86
protocol: chainload
path: boot():///efi/memtest86/memtest86.efi
'';
additionalFiles = {
"efi/memtest86/memtest86.efi" = "${pkgs.memtest86-efi}/BOOTX64.efi";
};
secureBoot.enable = true;
};
}

9
modules/hardware/bootloader/systemd-boot.nix
View file

@ -1,9 +0,0 @@
{ config, ... }:
{
boot.loader.systemd-boot = {
enable = true;
};
boot.loader.timeout = 0;
}

4
modules/hardware/darwin.nix
View file

@ -14,6 +14,10 @@
"Ethernet Adaptor"
"Thunderbolt Ethernet"
];
dns = [
"1.1.1.1"
];
};
# keyboard

66
modules/hardware/restic.nix
View file

@ -1,66 +0,0 @@
{ config, lib, pkgs, ... }:
{
services.restic.backups."${config.networking.hostName}-server" = {
initialize = false;
paths = [
"/media"
];
exclude = [
"/media/secrets"
"/media/torrents"
"/media/media"
".cache*"
".DS_Store"
"logs"
];
checkOpts = [
"--with-cache" # just to make checks faster
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 10"
];
timerConfig = {
OnBootSec = "5m"; # lets wifi connect before starting backups
OnCalendar = "daily";
Persistent = true;
};
# backup postgres databases, kind of hacky but
# i think its the only way to do it without needing
# another backup repo
backupPrepareCommand = ''
rm -f /media/apps/postgres # -f doesn't error if doesn't exist
touch /media/apps/postgres
chmod 600 /media/apps/postgres
${lib.getExe pkgs.sudo} -u postgres ${config.services.postgresql.package}/bin/pg_dumpall > /media/apps/postgres
'';
backupCleanupCommand = ''
rm /media/apps/postgres
'';
# https://restic.readthedocs.io/en/stable/030_preparing_a_new_repo.html#other-services-via-rclone
# put something like : "rclone:onedrive:restic" to use as the remote
#
# sudo nix run nixpkgs#rclone -- config
repositoryFile = "/media/secrets/restic-repo";
# the passphrase used
passwordFile = "/media/secrets/restic-password";
};
systemd.tmpfiles.rules = [
"f /media/secrets/restic-repo 0400 root root"
"f /media/secrets/restic-password 0400 root root"
];
}

3
modules/network/avahi.nix
View file

@ -3,7 +3,6 @@
{
services.avahi = {
enable = true;
nssmdns4 = true;
nssmdns6 = true;
nssmdns = true;
};
}

8
modules/network/ddclient.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
services.ddclient = {
enable = true;
configFile = "/root/nixos/secrets/ddclient.conf";
};
}

157
modules/network/firewall/opensnitch.nix
View file

@ -10,8 +10,6 @@
};
rules = {
#
# system services
"systemd-timesyncd" = {
"name" = "systemd-timesyncd";
"enabled" = true;
@ -20,8 +18,8 @@
"operator" = {
"type" = "simple";
"sensitive" = false;
"operand" = "lists.domains";
"data" = builtins.toFile "systemd-timesyncd-opensnitch-rules" (lib.strings.concatStringsSep "\n" config.networking.timeServers);
"operand" = "process.path";
"data" = "${pkgs.systemd}/lib/systemd/systemd-timesyncd";
};
};
"nsncd" = {
@ -36,157 +34,6 @@
"data" = "${pkgs.nsncd}/bin/nsncd";
};
};
"tailscale" = {
"name" = "tailscale";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.tailscale}/bin/.tailscaled-wrapped";
};
};
"avahi-daemon" = {
"name" = "avahi-daemon";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.avahi}/bin/avahi-daemon";
};
};
#
# services
"prowlarr" = {
"name" = "prowlarr";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" = "list";
"operand" = "list";
"list" = [
{
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.prowlarr}/lib/prowlarr/Prowlarr";
}
{
"operand" = "user.name";
"type" = "simple";
"sensitive" = false;
"data" = "prowlarr";
}
];
};
};
"sonarr" = {
"name" = "sonarr";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" = "list";
"operand" = "list";
"list" = [
{
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.sonarr}/lib/sonarr/Sonarr";
}
{
"operand" = "user.name";
"type" = "simple";
"sensitive" = false;
"data" = "${config.services.sonarr.user}";
}
];
};
};
"radarr" = {
"name" = "radarr";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" = "list";
"operand" = "list";
"list" = [
{
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.radarr}/lib/radarr/Radarr";
}
{
"operand" = "user.name";
"type" = "simple";
"sensitive" = false;
"data" = "${config.services.radarr.user}";
}
];
};
};
"forgejo" = {
"name" = "forgejo";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" = "list";
"operand" = "list";
"list" = [
{
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.forgejo-lts}/bin/.forgejo-wrapped";
}
{
"operand" = "user.name";
"type" = "simple";
"sensitive" = false;
"data" = "${config.services.forgejo.user}";
}
];
};
};
"caddy" = {
"name" = "caddy";
"enabled" = true;
"action" = "allow";
"duration" = "always";
"operator" = {
"type" = "list";
"operand" = "list";
"list" = [
{
"operand" = "process.path";
"type" = "simple";
"sensitive" = false;
"data" = "${pkgs.caddy}/bin/caddy";
}
{
"operand" = "user.name";
"type" = "simple";
"sensitive" = false;
"data" = "${config.services.caddy.user}";
}
];
};
};
#
# desktop applications
"firefox" = {
"name" = "firefox";
"enabled" = true;

6
modules/network/vpn/tailscale-darwin.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{
homebrew.masApps = {
"Tailscale" = 1475387142;
};
homebrew.casks = [
"tailscale"
];
}

4
modules/network/vpn/tailscale.nix
View file

@ -2,8 +2,4 @@
{
services.tailscale.enable = true;
services.tailscale.extraSetFlags = [
"--advertise-exit-node"
];
services.tailscale.useRoutingFeatures = "server";
}

13
modules/services/dns/adguardhome.nix → modules/services/adguardhome.nix
View file

@ -3,7 +3,7 @@
{
services.adguardhome = {
enable = true;
mutableSettings = false;
mutableSettings = true;
extraArgs = [ "--web-addr" "0.0.0.0:3003" ];
settings = {
@ -27,17 +27,6 @@
filtering = {
protection_enabled = true;
filtering_enabled = true;
rewrites = [
{
domain = "nijika.astolfo.org";
answer = "100.105.94.30";
}
{
domain = "*.nijika.astolfo.org";
answer = "100.105.94.30";
}
];
};
# The following notation uses map

14
modules/services/archiveteam-warrior.nix
View file

@ -1,14 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers.archiveteam-warrior = {
image = "atdr.meo.ws/archiveteam/warrior-dockerfile";
ports = [ "8001:8001" ];
environment = {
"CONCURRENT_ITEMS" = "5";
"DOWNLOADER" = "astolfo";
"SELECTED_PROJECT" = "auto";
};
};
}

17
modules/services/auth/kanidm.nix
View file

@ -2,11 +2,11 @@
{
services.kanidm = {
server.enable = true;
unix.enable = false;
package = pkgs.kanidm_1_9;
enableServer = true;
enablePam = false;
package = pkgs.kanidm_1_5;
server.settings = {
serverSettings = {
bindaddress = "127.0.0.1:8443";
ldapbindaddress = "0.0.0.0:636";
domain = "${config.homelab.authDomain}";
@ -14,12 +14,6 @@
tls_chain = "${config.security.acme.certs.${config.homelab.authDomain}.directory}/cert.pem";
tls_key = "${config.security.acme.certs.${config.homelab.authDomain}.directory}/key.pem";
online_backup = {
schedule = "00 22 * * *";
path = "/media/apps/kanidm";
versions = 14;
};
};
};
@ -30,10 +24,11 @@
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
environmentFile = /var/lib/caddy/secret;
};
services.caddy.virtualHosts."${config.homelab.authDomain}" = {
useACMEHost = config.services.kanidm.server.settings.domain;
useACMEHost = config.services.kanidm.serverSettings.domain;
extraConfig = ''
reverse_proxy https://localhost:8443 {
header_up Host "${config.homelab.authDomain}:8443"

47
modules/services/auth/tinyauth.nix
View file

@ -1,47 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.oci-containers.backend = "podman";
virtualisation.oci-containers.containers.tinyauth = {
image = "ghcr.io/steveiliop56/tinyauth:v4";
ports = [
"3009:3000"
];
environment = {
"APP_URL" = "https://tinyauth.${config.homelab.domain}";
"PROVIDERS_KANIDM_CLIENT_ID" = "tinyauth";
"PROVIDERS_KANIDM_AUTH_URL" = "https://${config.homelab.authDomain}/ui/oauth2";
"PROVIDERS_KANIDM_TOKEN_URL" = "https://${config.homelab.authDomain}/oauth2/token";
"PROVIDERS_KANIDM_USER_INFO_URL" = "https://${config.homelab.authDomain}/oauth2/openid/tinyauth/userinfo";
"PROVIDERS_KANIDM_REDIRECT_URL" = "https://tinyauth.${config.homelab.domain}/api/oauth/callback/kanidm";
"PROVIDERS_KANIDM_SCOPES" = "openid email profile groups";
"PROVIDERS_KANIDM_NAME" = "${config.homelab.authDomain}";
};
environmentFiles = [
# set variable PROVIDERS_KANIDM_CLIENT_SECRET here
/media/secrets/tinyauth
];
};
systemd.tmpfiles.rules = [
"f /media/secrets/tinyauth 0400 root root"
];
services.caddy.extraConfig = ''
(tinyauth_forwarder) {
forward_auth 127.0.0.1:3009 {
uri /api/auth/caddy
}
}
'';
services.caddy.virtualHosts."tinyauth.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:3009
'';
};
}

13
modules/services/caddy.nix
View file

@ -22,19 +22,11 @@
services.caddy = {
enable = true;
extraConfig = ''
(block_non_private_ips) {
@non_private_ips not remote_ip 100.64.0.0/10 fd7a:115c:a1e0::/48 private_ranges
abort @non_private_ips
}
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "hello@astolfo.org";
defaults.environmentFile = /media/secrets/acme;
defaults.profile = "shortlived";
certs."${config.homelab.domain}" = {
group = config.services.caddy.group;
@ -44,11 +36,8 @@
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
environmentFile = /var/lib/caddy/secret;
};
};
systemd.tmpfiles.rules = [
"f /media/secrets/acme 0400 acme acme"
];
};
}

25
modules/services/dns/coredns.nix
View file

@ -1,25 +0,0 @@
{ config, ... }:
{
services.coredns = {
enable = true;
config = ''
.:53 {
hosts {
100.100.144.4 seika.astolfo.org
fallthrough
}
# rewrite the CNAME to itself so hosts rule apply
rewrite cname exact seika.astolfo.org. seika.astolfo.org.
forward . 1.1.1.1
log
errors
}
'';
};
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];
}

16
modules/services/dns/ddns-updater.nix
View file

@ -1,16 +0,0 @@
{ config, ... }:
{
services.ddns-updater = {
enable = true;
environment = {
SERVER_ENABLED="no";
# setup dynamic dns provider here
# https://wiki.nixos.org/wiki/Dynamic_DNS
# https://github.com/qdm12/ddns-updater/blob/master/docs/cloudflare.md
CONFIG_FILEPATH = "/media/secrets/ddns-updater.json";
PERIOD = "5m";
};
};
}

31
modules/services/forgejo.nix
View file

@ -3,20 +3,22 @@
{
services.forgejo = {
enable = true;
stateDir = "/media/apps/git";
repositoryRoot = "${config.services.forgejo.stateDir}/repos";
stateDir = "/var/lib/forgejo";
repositoryRoot = "${config.services.forgejo.stateDir}/repositories";
database.createDatabase = true;
settings = {
session.COOKIE_SECURE = true;
server = {
DOMAIN = "git.${config.homelab.publicDomain}";
DOMAIN = "git.${config.homelab.domain}";
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}";
SSH_PORT = 22;
# PROTOCOL = "https";
HTTP_PORT = 3000;
};
security.REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
service = {
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
@ -25,11 +27,15 @@
};
};
security.acme.certs."${config.services.forgejo.settings.server.DOMAIN}" = {
domain = "${config.services.forgejo.settings.server.DOMAIN}";
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
dnsPropagationCheck = true;
# configure anubis to prevent AI scrapers from overloading the git server.
services.anubis.instances.forgejo = {
enable = true;
settings = {
TARGET = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";
SERVE_ROBOTS_TXT = true;
BIND_NETWORK = "tcp";
BIND = ":3333";
};
};
# forgejo has user keys under its own .ssh/authorizedKeys file.
@ -37,10 +43,13 @@
# in order to only allow that to the forgejo user as it has "/var"
services.openssh.authorizedKeysInHomedir = lib.mkForce true;
services.caddy.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
useACMEHost = config.services.forgejo.settings.server.DOMAIN;
services.caddy.virtualHosts."git.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
reverse_proxy http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND} {
header_up X-Real-Ip {remote_host}
header_up X-Http-Version {http.request.proto}
}
'';
};
}

1
modules/services/glance.nix
View file

@ -107,7 +107,6 @@
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8888
import block_non_private_ips
'';
};
}

31
modules/services/karakeep.nix
View file

@ -1,38 +1,35 @@
{ config, ... }:
{
services.karakeep = {
enable = true;
extraEnvironment = {
PORT = "8023";
virtualisation.oci-containers.containers.karakeep = {
image = "ghcr.io/karakeep-app/karakeep:release";
volumes = [ "/var/lib/karakeep/data:/data" ];
ports = [ "8023:3000" ];
environment = {
DATA_DIR = "/data"; # dont change
OAUTH_WELLKNOWN_URL = "https://${config.homelab.authDomain}/oauth2/openid/karakeep/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "${config.homelab.domain}";
OAUTH_WELLKNOWN_URL = "https://auth.${config.homelab.domain}/.well-known/openid-configuration";
OAUTH_PROVIDER_NAME = "PocketID";
NEXTAUTH_URL = "https://karakeep.${config.homelab.domain}";
DISABLE_PASSWORD_AUTH = "true";
OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING = "true";
};
# put OAUTH_CLIENT_SECRET and OAUTH_CLIENT_ID in file
# https://docs.karakeep.app/configuration/environment-variables#authentication--signup
environmentFile = "/media/secrets/karakeep";
};
environmentFiles = [
# put the environment variable NEXTAUTH_SECRET in here
# with a randomly generated string. gen with `openssl rand -base64 36`
/var/lib/karakeep/nextauth-secret
systemd.tmpfiles.rules = [
"f /media/secrets/karakeep 0400 karakeep karakeep"
# https://pocket-id.org/docs/client-examples/hoarder
/var/lib/karakeep/oidc
];
fileSystems."/var/lib/karakeep" = {
device = "/media/apps/karakeep";
options = [ "bind" ];
};
services.caddy.virtualHosts."karakeep.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8023
import block_non_private_ips
'';
};
}

61
modules/services/linkding.nix
View file

@ -1,61 +0,0 @@
{ config, ... }:
{
virtualisation.oci-containers.containers.linkding = {
image = "sissbruecker/linkding:latest";
ports = [ "9090:9090" ];
volumes = [ "/var/lib/linkding/data:/data" ];
environmentFiles = [
# create superuser account before initially signing in
# https://linkding.link/options/#oidc-and-ld_superuser_name
# include following environment variables:
# OIDC_RP_CLIENT_SECRET - set to oidc client secret
/var/lib/linkding/oidc
];
environment = {
# Can be used to run linkding under a context path, for example: linkding/
# Must end with a slash `/`
"LD_CONTEXT_PATH"="";
# Username of the initial superuser to create, leave empty to not create one
"LD_SUPERUSER_NAME"="";
# Option to disable background tasks
"LD_DISABLE_BACKGROUND_TASKS"="False";
# Option to disable URL validation for bookmarks completely
"LD_DISABLE_URL_VALIDATION"="False";
# List of trusted origins from which to accept POST requests
# See docs/Options.md for more details
"LD_CSRF_TRUSTED_ORIGINS"="";
# OIDC
"LD_ENABLE_OIDC" = "True";
"OIDC_OP_AUTHORIZATION_ENDPOINT"="https://${config.homelab.authDomain}/ui/oauth2";
"OIDC_OP_TOKEN_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/token";
"OIDC_OP_USER_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/openid/linkding/userinfo";
"OIDC_OP_JWKS_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/openid/linkding/public_key.jwk";
"OIDC_RP_SIGN_ALGO"="ES256";
"OIDC_RP_CLIENT_ID"="linkding";
# Database settings
# These are currently only required for configuring PostreSQL.
# By default, linkding uses SQLite for which you don't need to configure anything.
# Database engine, can be sqlite (default) or postgres
"LD_DB_ENGINE"="sqlite";
# Database name (default: linkding)
"LD_DB_DATABASE"="";
# Username to connect to the database server (default: linkding)
"LD_DB_USER"="";
# Password to connect to the database server
"LD_DB_PASSWORD"="";
};
};
services.caddy.virtualHosts."bookmark.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9090
import block_non_private_ips
'';
};
}

106
modules/services/media/arr.nix
View file

@ -3,95 +3,83 @@
{
users.groups.media = {};
#
# Downloading movies
# Finding/Requesting downloading
services.radarr = {
enable = true;
openFirewall = false;
dataDir = "/media/apps/radarr";
dataDir = "/var/lib/radarr";
group = "media";
};
services.caddy.virtualHosts."radarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
# For tinyauth
reverse_proxy http://localhost:7878 {
header_up -X-Forwarded-For
}
import block_non_private_ips
import tinyauth_forwarder *
'';
};
#
# Downloading shows
services.sonarr = {
enable = true;
openFirewall = false;
dataDir = "/media/apps/sonarr";
dataDir = "/var/lib/sonarr";
group = "media";
};
services.caddy.virtualHosts."sonarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8989 {
header_up -X-Forwarded-For
}
import block_non_private_ips
import tinyauth_forwarder *
'';
};
#
# Managing Torrent sources
services.prowlarr = {
enable = true;
openFirewall = false;
dataDir = "/media/apps/prowlarr";
};
services.caddy.virtualHosts."prowlarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9696 {
header_up -X-Forwarded-For
}
import tinyauth_forwarder *
import block_non_private_ips
'';
services.bazarr = {
enable = true;
openFirewall = false;
group = "media";
};
#
# Downloading torrents
# Downloading files
services.deluge = {
enable = true;
dataDir = "/media/apps/deluge";
web.enable = true;
web.openFirewall = false;
group = "media";
};
# Requesting Frontend
services.jellyseerr = {
enable = true;
port = 5055;
openFirewall = false;
package = pkgs.jellyseerr;
};
services.caddy.virtualHosts."radarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:7878
'';
};
services.caddy.virtualHosts."sonarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8989
'';
};
services.caddy.virtualHosts."prowlarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:9696
'';
};
services.caddy.virtualHosts."bazarr.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:6767
'';
};
services.caddy.virtualHosts."deluge.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8112 {
header_up -X-Forwarded-For
}
import tinyauth_forwarder *
import block_non_private_ips
reverse_proxy http://localhost:8112
'';
};
# setup network samba share
services.samba.settings = {
"media" = {
"path" = "/media/media";
"valid users" = "@users";
"force user" = "nobody";
"public" = "no";
"read only" = "yes";
};
services.caddy.virtualHosts."jellyseer.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:5055
'';
};
}

2
modules/services/media/jellyfin.nix
View file

@ -6,7 +6,6 @@
enable = true;
openFirewall = false;
group = "media";
dataDir = "/media/apps/jellyfin";
};
users.users.jellyfin.extraGroups = [ "render" "video" ];
@ -15,7 +14,6 @@
# useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8096
import block_non_private_ips
'';
};
}

9
modules/services/miniflux.nix
View file

@ -10,7 +10,7 @@
# OAUTH2_CLIENT_ID = "<client ID>";
# OAUTH2_CLIENT_SECRET = "<client secret>";
# https://pocket-id.org/docs/client-examples/miniflux/
adminCredentialsFile = /media/secrets/miniflux;
adminCredentialsFile = /var/lib/miniflux/oidc;
config = {
LISTEN_ADDR = "0.0.0.0:8021";
@ -33,7 +33,7 @@
FILTER_ENTRY_MAX_AGE_DAYS = 1825; # 5 years
FORCE_REFRESH_INTERVAL = 30;
POLLING_FREQUENCY = 180;
POLLING_FREQUENCY = 60;
OAUTH2_PROVIDER = "oidc";
OAUTH2_REDIRECT_URL = "https://rss.${config.homelab.domain}/oauth2/oidc/callback";
@ -44,15 +44,10 @@
};
};
systemd.tmpfiles.rules = [
"f /media/secrets/miniflux 0400 root root"
];
services.caddy.virtualHosts."rss.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8021
import block_non_private_ips
'';
};
}

1
modules/services/pocketid.nix
View file

@ -19,7 +19,6 @@
useACMEHost = config.homelab.domain;
extraConfig = ''
reverse_proxy http://localhost:8025
import block_non_private_ips
'';
};
}

17
modules/services/samba.nix
View file

@ -1,17 +0,0 @@
{ config, ... }:
{
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "${config.networking.hostName}";
"netbios name" = "${config.networking.hostName}";
"security" = "user";
};
};
};
}

1
modules/services/ssh.nix
View file

@ -6,6 +6,7 @@
enable = true;
allowSFTP = true;
openFirewall = true;
authorizedKeysInHomedir = false;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;

9
modules/services/uptime-kuma.nix
View file

@ -9,15 +9,6 @@
};
};
systemd.tmpfiles.rules = [
"d /media/apps/uptime-kuma 0700 root root"
];
fileSystems."/var/lib/private/uptime-kuma" = {
device = "/media/apps/uptime-kuma";
options = [ "bind" ];
};
services.caddy.virtualHosts."status.${config.homelab.domain}" = {
useACMEHost = config.homelab.domain;
extraConfig = ''

3
modules/shell.nix
View file

@ -4,11 +4,8 @@
programs.zsh.enable = true;
programs.zsh.promptInit = ( builtins.readFile ../stow/.zshrc );
programs.fish.enable = true;
environment.systemPackages = with pkgs; [
neovim
yazi
git
zoxide
tlrc

9
modules/users/alex.nix
View file

@ -1,9 +0,0 @@
{ config, lib, pkgs, ...}:
{
users.users.alex = {
description = "Alexander";
isNormalUser = true;
extraGroups = [ ];
};
}

4
modules/users/nico.nix
View file

@ -4,10 +4,10 @@
users.users.nico = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.fish;
shell = pkgs.zsh;
};
users.users.nico.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFs7CxmkYo58hRm9bGdg7J3500tChjMz/KaDBs0fw975"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHzUJnqCpbRxggjyIZo4KWnTyHobPdi/xXkN1/n/yIMD"
];
}

2
modules/users/rhys.nix
View file

@ -9,6 +9,6 @@
users.users.rhys.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0Pce0wQKV+wI7rCIiUZgqqkiodTXZ6fMiZezLy9uZk" # laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmLm9HwZXDbySVupNHPlGMtm6Vwx4nxVp2tsGvuSLUr" # phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+HNs1/r4LMQsfpqXhU7396q5zL9hvfcNdiQSUTIl4R" # phone
];
}

8
modules/virtualisation/virt-manager.nix
View file

@ -1,8 +0,0 @@
{ config, ... }:
{
virtualisation.libvirtd.enable = true;
programs.virt-manager.enable = true;
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true; # enable copy and paste between host and guest
}

172
stow/.config/aerospace/aerospace.toml
View file

@ -1,172 +0,0 @@
# You can use it to add commands that run after AeroSpace startup.
# Available commands : https://nikitabobko.github.io/AeroSpace/commands
after-startup-command = [
'exec-and-forget borders active_color=0xfff74f9e inactive_color=0xffffa8f1 width=6.0',
'exec-and-forget sh ~/.cache/matugen-jankyborders.sh',
'exec-and-forget sketchybar'
]
# Notify Sketchybar about workspace change
exec-on-workspace-change = ['/bin/bash', '-c',
'sketchybar --trigger aerospace_workspace_change FOCUSED_WORKSPACE=$AEROSPACE_FOCUSED_WORKSPACE'
]
# Start AeroSpace at login - breaks nix darwin
start-at-login = false
# Normalizations. See: https://nikitabobko.github.io/AeroSpace/guide#normalization
enable-normalization-flatten-containers = true
enable-normalization-opposite-orientation-for-nested-containers = true
# See: https://nikitabobko.github.io/AeroSpace/guide#layouts
# The 'accordion-padding' specifies the size of accordion padding
# You can set 0 to disable the padding feature
accordion-padding = 30
# Possible values: tiles|accordion
default-root-container-layout = 'tiles'
# Possible values: horizontal|vertical|auto
# 'auto' means: wide monitor (anything wider than high) gets horizontal orientation,
# tall monitor (anything higher than wide) gets vertical orientation
default-root-container-orientation = 'auto'
# Mouse follows focus when focused monitor changes
# Drop it from your config, if you don't like this behavior
# See https://nikitabobko.github.io/AeroSpace/guide#on-focus-changed-callbacks
# See https://nikitabobko.github.io/AeroSpace/commands#move-mouse
# Fallback value (if you omit the key): on-focused-monitor-changed = []
on-focused-monitor-changed = ['move-mouse monitor-lazy-center']
# You can effectively turn off macOS "Hide application" (cmd-h) feature by toggling this flag
# Useful if you don't use this macOS feature, but accidentally hit cmd-h or cmd-alt-h key
# Also see: https://nikitabobko.github.io/AeroSpace/goodies#disable-hide-app
automatically-unhide-macos-hidden-apps = true
# Possible values: (qwerty|dvorak|colemak)
# See https://nikitabobko.github.io/AeroSpace/guide#key-mapping
[key-mapping]
preset = 'qwerty'
# Gaps between windows (inner-*) and between monitor edges (outer-*).
# Possible values:
# - Constant: gaps.outer.top = 8
# - Per monitor: gaps.outer.top = [{ monitor.main = 16 }, { monitor."some-pattern" = 32 }, 24]
# In this example, 24 is a default value when there is no match.
# Monitor pattern is the same as for 'workspace-to-monitor-force-assignment'.
# See:
# https://nikitabobko.github.io/AeroSpace/guide#assign-workspaces-to-monitors
[gaps]
inner.horizontal = 12
inner.vertical = 12
outer.left = 12
outer.bottom = 12
outer.top = 6
outer.right = 12
[[on-window-detected]]
if.app-id = 'com.objective-see.lulu.app'
check-further-callbacks = true
run = 'layout floating'
[mode.main.binding]
# All possible keys:
# - Letters. a, b, c, ..., z
# - Numbers. 0, 1, 2, ..., 9
# - Keypad numbers. keypad0, keypad1, keypad2, ..., keypad9
# - F-keys. f1, f2, ..., f20
# - Special keys. minus, equal, period, comma, slash, backslash, quote, semicolon,
# backtick, leftSquareBracket, rightSquareBracket, space, enter, esc,
# backspace, tab, pageUp, pageDown, home, end, forwardDelete,
# sectionSign (ISO keyboards only, european keyboards only)
# - Keypad special. keypadClear, keypadDecimalMark, keypadDivide, keypadEnter, keypadEqual,
# keypadMinus, keypadMultiply, keypadPlus
# - Arrows. left, down, up, right
# All possible modifiers: cmd, alt, ctrl, shift
# All possible commands: https://nikitabobko.github.io/AeroSpace/commands
# App keybinds
alt-shift-f = 'exec-and-forget open ~'
alt-shift-b = 'exec-and-forget /Applications/Zen.app/Contents/MacOS/zen --new-window'
alt-s = 'exec-and-forget screencapture -i -c'
alt-shift-w = 'exec-and-forget $HOME/.config/aerospace/toggle-tiling.sh off'
# Layout
# See: https://nikitabobko.github.io/AeroSpace/commands#layout
alt-c = 'layout tiles horizontal vertical'
alt-comma = 'layout accordion horizontal vertical'
alt-space = 'layout floating tiling'
alt-f = 'fullscreen'
# Moving Focus
# See: https://nikitabobko.github.io/AeroSpace/commands#focus
alt-h = 'focus left'
alt-j = 'focus down'
alt-k = 'focus up'
alt-l = 'focus right'
# Moving windows
# See: https://nikitabobko.github.io/AeroSpace/commands#move
alt-shift-h = 'move left'
alt-shift-j = 'move down'
alt-shift-k = 'move up'
alt-shift-l = 'move right'
alt-ctrl-h = 'join-with left'
alt-ctrl-j = 'join-with down'
alt-ctrl-k = 'join-with up'
alt-ctrl-l = 'join-with right'
# Resizing Windows
# See: https://nikitabobko.github.io/AeroSpace/commands#resize
alt-minus = 'resize smart -50'
alt-equal = 'resize smart +50'
# See: https://nikitabobko.github.io/AeroSpace/commands#workspace
alt-1 = 'workspace 1'
alt-2 = 'workspace 2'
alt-3 = 'workspace 3'
alt-4 = 'workspace 4'
alt-5 = 'workspace 5'
alt-6 = 'workspace 6'
alt-7 = 'workspace 7'
alt-8 = 'workspace 8'
alt-9 = 'workspace 9'
# See: https://nikitabobko.github.io/AeroSpace/commands#move-node-to-workspace
alt-shift-1 = 'move-node-to-workspace --focus-follows-window 1'
alt-shift-2 = 'move-node-to-workspace --focus-follows-window 2'
alt-shift-3 = 'move-node-to-workspace --focus-follows-window 3'
alt-shift-4 = 'move-node-to-workspace --focus-follows-window 4'
alt-shift-5 = 'move-node-to-workspace --focus-follows-window 5'
alt-shift-6 = 'move-node-to-workspace --focus-follows-window 6'
alt-shift-7 = 'move-node-to-workspace --focus-follows-window 7'
alt-shift-8 = 'move-node-to-workspace --focus-follows-window 8'
alt-shift-9 = 'move-node-to-workspace --focus-follows-window 9'
# See: https://nikitabobko.github.io/AeroSpace/commands#workspace-back-and-forth
alt-tab = 'workspace-back-and-forth'
# See: https://nikitabobko.github.io/AeroSpace/commands#mode
# See: https://nikitabobko.github.io/AeroSpace/guide#binding-modes
alt-shift-semicolon = 'mode service'
[mode.service.binding]
esc = ['reload-config', 'mode main']
r = ['flatten-workspace-tree', 'mode main'] # reset layout
f = ['layout floating tiling', 'mode main'] # Toggle between floating and tiling layout
backspace = ['close-all-windows-but-current', 'mode main']
alt-shift-h = ['join-with left', 'mode main']
alt-shift-j = ['join-with down', 'mode main']
alt-shift-k = ['join-with up', 'mode main']
alt-shift-l = ['join-with right', 'mode main']
down = 'volume down'
up = 'volume up'
shift-down = ['volume set 0', 'mode main']

45
stow/.config/aerospace/toggle-tiling.sh
View file

@ -1,45 +0,0 @@
#!/bin/sh
disableTiling () {
defaults write com.apple.dock orientation bottom
defaults write com.apple.dock autohide -bool FALSE
defaults write com.apple.finder CreateDesktop true
killall Finder Dock sketchybar borders
aerospace enable off # fails when script called from aerospace directly, bin not in path
/run/current-system/sw/bin/aerospace enable off
osascript -e 'tell application "System Events"
tell dock preferences
set properties to {autohide menu bar:false, autohide:false}
end tell
end tell' -e 'tell application "System Events" to set visible of (every application process whose visible is true and name is not "Finder") to false'
}
enableTiling () {
aerospace enable on
sketchybar & disown
sh ~/.cache/matugen-jankyborders.sh & disown
defaults write com.apple.dock orientation right
defaults write com.apple.dock autohide -bool FALSE
defaults write com.apple.finder CreateDesktop false
killall Dock Finder
osascript -e '
tell application "System Events"
tell dock preferences
set properties to {autohide menu bar:true, autohide:true}
end tell
end tell
'
}
if [ "$1" = "on" ]; then
enableTiling
elif [ "$1" = "off" ]; then
disableTiling
else
echo "$0: [on|off]"
fi

19
stow/.config/fastfetch/ascii.txt Normal file
View file

@ -0,0 +1,19 @@
$4$3⡀$4 ⡣⠨⡂⠄⠠⠠⠠⡀⡂⠄⠄⠄⢄⢀⢀⠀⡀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
$4⢀⠠⠨ $3⡡$4⢪⠂⡃⠔⡨⠨⡨⠨⡐⠌⠌⢌⠊⠔⡐⡐⡡⢂⢑⢐⠄⠠
$4⠄⠄⢆⠁⡀⠨⠨⡐⡐$3⢅$4⠊⠄⠕⡐⠡⡂⡑⠄⢅⠅⠕⡨⢈⢂⢂⠢⢂⠅⡂⡪⠨$3⡀$4⠂⠠⢠⠠⢒⠆
$4⡠⠊⢄⠅⢅⢂⠎⡐$3⡡$4⢑⠡⠊⢔⠐⡌⢌⢂⠪⢐⠌⠔⡐⡡⠨⠂⠌⡂⡂$3⠅$4⢌⠢⠐⠐⠣⡘⣸⢈⠢⠐
$4⠠⢁⠢⡡⠡⢊⢐⠔⡡⢂$3⠊$4⠔⡨⢌⢂⠕⡨⠐⠄⢕⢐⠜⠌⠔⡐⡡⠕⠡⠠$3⠠$4⡈⢀⠈⢀⠐⠈⠄⡇⠢⡡⢑⠒⠐
$4⠠⡁⡪⢐⠌⢌⢂⢆⡇⡢⢂⠕⡁⡪⢂⢢⢑⢐⠅⡕⠕⠁⢕⠡⢑⢐⠒⢱⠡⢑$3⠡$4⠨⢂⠌⠢⢐⠄⠘⡌⢌⢂⠅⢪⢀
$4⡢⢊⠔⢡⠪⡐⠔⡮⣺⢐⢐⠌⠔⠅⠕⢕⢐⢅$1⠘⠁⡀⠂$4⡇⠌⡂⠎$1⡀$4⡌⢌⢂⠅$3⠕$4⠡⠨⢊⠔⡈⡂⡰⢐⢐⠅⠅⡀⠁⠄
$4⢐⠌⡂⢮⡫⢂⠪⡰⣝⢮⡣⢂⠅⢍⠈⡰$2⣖⣵⡗⠣$1⠁$4⢀⠇⠅⡊$1⢀⠁$4⠒⡰⡈⣎⢌⢊⠔⢔⠨⡐⢵⡐⡡⠨⡊⡀
$4⠕⠌⠂⢸⠐⢅⢊⠎⠊⡗⣱⢐⠡⡂⣜⠁$2⣜⢷⣳⢂$1⠐$4⠠⠨$1⠈⡀⢀$2⠨⣫⣖⢦$4⢊⢨⢂⢂⠇⢅⠊⢜⡮⡺⡌⢌⡖⡐
$4⠈⠈⠆⢕⠡⢢⠸⢨⢚⢄⢑$1⠠⠐$2⠣⣱⠑$1⠄⠈⠄⠂⡀$2⢰⣗⣧⡉⢧$4⢐⠢⢭⠃⢅⢊⢇⠫⡫$5⡎⡢⢏⢆
$4⢕⠡⢊⢮⡂⢊⠪⡢⢢$1⠄⠂⢀⠄⠁⡀⢈⠄⠐⡀$2⢇⠗⡵⠁⢵$4⡽⣱⠡⡑⡌⠆⡆$5⠫⡎⡄⢸⡐
$4⡃⡊⡢⡗⢂⢕$1⠄⠂⠄⠐⡀⠠⠆⢀⠁⢀⠄⠂$4⡸⡝⡮$5⡂⡲⠘⠈⠁⠘⠑⢀⢠⠇
$4⢐⢑⠜⠂$1⠈⠠⢀⢁⠂⠁⢀⠠⠐⡀⠄⠐⡀⢁⠐⢢$4⡫⡳$5⡱⡈$3⢀⢄⠅$5⠈⠠
$4⢅⠅$1⠂⣄⡁⡀⠄⠂⢀⠠⠐⢄⢠⡰⡸$4⣜⠮$5⡃⡆$3⠁⠁$5⠈⢀⠄⠠
$5 ⡖⡌⢣⡒⡖⡆⡎⡏⡍⠔ $5⣅⠐⡈$3⠸⣪$5⢠⠉⢪⠪⡱⠐
$6$6⡀⣄⣼⣿⣿⡌⡆⡣⢣⡱⡣⢣⠩⡊⢆⢑⠌⢀⠝⡌$5⠌⢇⢧⢓⢄⠁⡀⠠⡀⢨⢊⠈
$6⠠⠁$6⢮⣟⣔⢮⣖⢽$7⣝⢮⡢⡓⢜⣜⢮$6⢬⣀⢶⠈⠑⡀⠂⢱⠁$5⡔⢔⢑⢄⢅⢀⡀⠠⡠⠐⠁⠁⠁
$6⠠⠁⡀⠈⡀$6⣟⣞⣞⢞⡮$7⡷⡽$8⣿⣿⣿⣿⣿$7⡽⣕$6⢷⢝⣖⡌⠠⠁⠠$5⠨⠢⠃⠑⠨⠢
$6⣠⣡⣾⡀⠄⠐$6⢗⡷⣝⣗$7⡯⡯$8⣿⣿⣿⣿⣿⣿⣿$7⢽⢽$6⣕⣗⠄⠈⢀

51
stow/.config/fastfetch/config.jsonc
View file

@ -1,8 +1,32 @@
{
"logo": {
"source": "$HOME/.config/fastfetch/ascii.txt",
"padding": {
"top": 2,
"right": 6
},
"color": {
"1": "38;5;231", // skin
"4": "38;5;217", // hair
"2": "38;5;206", // eyes
"3": "38;5;196", // hair tie
"5": "38;5;15", // kyubey
"6": "38;5;212", // clothes
"7": "38;5;241", // gem border
"8": "38;5;219", // gem inside
"9": "white",
},
},
"display": {
"separator": " ",
"color": {
"title": "38;5;206",
"keys": "38;5;219",
},
},
"modules": [
"break",
"break",
{
"type": "title",
"keyWidth": 10,
@ -17,12 +41,8 @@
"key": " ",
},
{
"type": "wm",
"key": " ",
},
{
"type": "shell",
"key": " ",
"type": "packages",
"key": " ",
},
"break",
{
@ -39,18 +59,27 @@
},
"break",
{
"type": "packages",
"key": " ",
"type": "shell",
"key": " ",
},
{
"type": "media",
"key": "󰝚 ",
"type": "terminal",
"key": " ",
},
{
"type": "wm",
"key": " ",
},
{
"type": "uptime",
"key": " ",
},
{
"type": "media",
"key": "󰝚 ",
},
"break",
"colors",
"break",
"colors"
]
}

1
stow/.config/fish/.gitignore vendored
View file

@ -1 +0,0 @@
fish_variables

92
stow/.config/fish/config.fish
View file

@ -1,92 +0,0 @@
if status is-interactive
# Commands to run in interactive sessions can go here
#
# shell prompt
#
# match prompt symbol to OS logo
if test -e /etc/os-release
posix-source /etc/os-release
end
if test -e /System
set os_icon ""
eval "$(/opt/homebrew/bin/brew shellenv)"
else if [ "$ID" = "nixos" ]
set os_icon ""
else if [ "$ID" = "debian" ]
set os_icon ""
else if [ "$ID" = "fedora" ]
set os_icon ""
else if [ "$ID" = "arch" ]
set os_icon "󰣇"
else
set os_icon "\$"
end
# set prompt colours
if test -e ~/.cache/zsh_colours.sh
posix-source-universal (string replace -fra "{|}|#|\"" "" (cat ~/.cache/zsh_colours.sh) | psub)
else
set -Ux PRIMARY_COLOUR blue
set -Ux SECONDARY_COLOUR purple
end
# construct final prompt
function fish_prompt
# turn os_icon red if an error occurs
set -l prompt_icon
if test $status -ne 0
set prompt_icon (set_color red)"$os_icon"(set_color normal)
else
set prompt_icon "$os_icon"
end
# set ssh status
set -l ssh_status
if set -q SSH_CONNECTION
set ssh_status (prompt_login)
end
# concatenate $HOME to a ~ eg. /home/user to ~
set shorten_path (string replace -r "^$HOME" "~" "$PWD")
echo (set_color $PRIMARY_COLOUR)$shorten_path $ssh_status (set_color $SECONDARY_COLOUR)$prompt_icon (set_color normal)
end
#
# shell intergration
#
zoxide init fish | source
#
# environment variables
#
set -gx EDITOR nvim
set fish_greeting ""
set HOMEBREW_AUTO_UPDATE_SECS 86400
# xdg variables
set -gx XDG_CONFIG_HOME "$HOME/.config" # config
set -gx XDG_CACHE_HOME "$HOME/.cache" # cache
set -gx XDG_DATA_HOME "$HOME/.local/share" # data files eg. /usr/share
set -gx XDG_STATE_HOME "$HOME/.local/state" # state files eg. /var/lib
# make apps use XDG folders
set -gx PYTHON_HISTORY "$XDG_STATE_HOME"/python_history
set -gx PYTHONPYCACHEPREFIX "$XDG_CACHE_HOME"/python
set -gx PYTHONUSERBASE "$XDG_DATA_HOME"/python
set -gx GOPATH "$XDG_STATE_HOME"/go
set -gx GOMODCACHE "$XDG_CACHE_HOME"/go/mod
set -gx NPM_CONFIG_USERCONFIG "$XDG_CONFIG_HOME"/npm/npmrc
function wget --wraps=wget
wget --hsts-file="$XDG_STATE_HOME/wget-hsts" $argv
end
end

4
stow/.config/fish/functions/cat.fish
View file

@ -1,4 +0,0 @@
function cat --wraps=bat --description 'alias cat bat'
bat $argv
end

4
stow/.config/fish/functions/ff.fish
View file

@ -1,4 +0,0 @@
function ff --wraps=fastfetch --description 'alias ff=fastfetch'
fastfetch $argv
end

4
stow/.config/fish/functions/ga.fish
View file

@ -1,4 +0,0 @@
function ga --wraps='git add' --description 'alias ga=git add'
git add $argv
end

4
stow/.config/fish/functions/gc.fish
View file

@ -1,4 +0,0 @@
function gc --wraps='git commit' --description 'alias gc=git commit'
git commit $argv
end

4
stow/.config/fish/functions/glo.fish
View file

@ -1,4 +0,0 @@
function glo --wraps='git log' --description 'alias glo=git log'
git log $argv
end

4
stow/.config/fish/functions/gph.fish
View file

@ -1,4 +0,0 @@
function gph --wraps='git push' --description 'alias gph=git push'
git push $argv
end

4
stow/.config/fish/functions/gpl.fish
View file

@ -1,4 +0,0 @@
function gpl --wraps='git pull' --description 'alias gpl=git pull'
git pull $argv
end

4
stow/.config/fish/functions/gs.fish
View file

@ -1,4 +0,0 @@
function gs --wraps='git status' --description 'alias gs=git status'
git status $argv
end

4
stow/.config/fish/functions/la.fish
View file

@ -1,4 +0,0 @@
function la --wraps='ls -ah --color=auto' --description 'alias la=ls -ah --color=auto'
ls -ah --color=auto $argv
end

4
stow/.config/fish/functions/ll.fish
View file

@ -1,4 +0,0 @@
function ll --wraps='ls -l' --wraps='ls -ahl --color=auto' --description 'alias ll=ls -ahl --color=auto'
ls -ahl --color=auto $argv
end

4
stow/.config/fish/functions/ls.fish
View file

@ -1,4 +0,0 @@
function ls --description 'alias ls=ls -h --color=auto'
command ls -h --color=auto $argv
end

6
stow/.config/fish/functions/posix-source-universal.fish
View file

@ -1,6 +0,0 @@
function posix-source-universal
for i in (cat $argv)
set arr (echo $i |tr = \n)
set -Ux $arr[1] $arr[2]
end
end

6
stow/.config/fish/functions/posix-source.fish
View file

@ -1,6 +0,0 @@
function posix-source
for i in (cat $argv)
set arr (echo $i |tr = \n)
set -gx $arr[1] $arr[2]
end
end

4
stow/.config/fish/functions/rm.fish
View file

@ -1,4 +0,0 @@
function rm --wraps=trash --description 'alias rm trash'
trash $argv
end

4
stow/.config/fish/functions/v.fish
View file

@ -1,4 +0,0 @@
function v --wraps=nvim --description 'alias v nvim'
nvim $argv
end

4
stow/.config/fish/functions/vi.fish
View file

@ -1,4 +0,0 @@
function vi --wraps=nvim --description 'alias vi nvim'
nvim $argv
end

4
stow/.config/fish/functions/vim.fish
View file

@ -1,4 +0,0 @@
function vim --wraps=nvim --description 'alias vim nvim'
nvim $argv
end

8
stow/.config/fish/functions/y.fish
View file

@ -1,8 +0,0 @@
function y
set tmp (mktemp -t "yazi-cwd.XXXXXX")
command yazi $argv --cwd-file="$tmp"
if read -z cwd < "$tmp"; and [ -n "$cwd" ]; and [ "$cwd" != "$PWD" ]
builtin cd -- "$cwd"
end
command rm -f -- "$tmp"
end

Some files were not shown because too many files have changed in this diff Show more