├── .envrc ├── .gitignore ├── .sops.yaml ├── .woodpecker └── flake-lock-update.yml ├── LICENSE ├── README.md ├── flake.lock ├── flake.nix ├── home ├── README.md ├── default.nix ├── profiles │ ├── ame │ │ └── default.nix │ ├── default.nix │ ├── default │ │ └── default.nix │ └── tsuki │ │ └── default.nix ├── programs │ ├── anyrun │ │ ├── default.nix │ │ └── style.scss │ ├── browsers │ │ ├── chromium │ │ │ └── default.nix │ │ └── firefox │ │ │ ├── default.nix │ │ │ └── user.js │ │ │ ├── .prettierrc.json │ │ │ └── betterfox.js │ ├── editors │ │ ├── helix │ │ │ ├── default.nix │ │ │ ├── languages.nix │ │ │ └── themes │ │ │ │ ├── catppuccin_mocha.nix │ │ │ │ ├── onedark.nix │ │ │ │ └── tokyonight.nix │ │ └── zed │ │ │ ├── default.nix │ │ │ ├── userkeymap.nix │ │ │ └── usersettings.nix │ ├── git.nix │ ├── hyprpanel │ │ ├── default.nix │ │ └── settings.nix │ ├── media │ │ ├── cava.nix │ │ ├── easyeffects.nix │ │ ├── jellyfin-mpv-shim.nix │ │ ├── mpv.nix │ │ ├── spicetify.nix │ │ └── zathura.nix │ ├── opencomposite.nix │ ├── terminal │ │ ├── atuin.nix │ │ ├── bat.nix │ │ ├── bottom.nix │ │ ├── direnv.nix │ │ ├── lazygit │ │ │ └── default.nix │ │ ├── nushell │ │ │ ├── config.nu │ │ │ ├── default.nix │ │ │ └── env.nu │ │ ├── starship.nix │ │ ├── television │ │ │ ├── config.json │ │ │ ├── config.toml │ │ │ └── default.nix │ │ ├── wezterm │ │ │ ├── config.lua │ │ │ └── default.nix │ │ ├── yazi │ │ │ ├── default.nix │ │ │ ├── init.lua │ │ │ ├── keymap.nix │ │ │ └── openers.nix │ │ ├── zellij │ │ │ ├── default.nix │ │ │ └── layouts.nix │ │ └── zoxide.nix │ └── themes.nix ├── services │ ├── default.nix │ └── gpg.nix └── wayland │ ├── default.nix │ ├── hyprland │ ├── config │ │ ├── binds.nix │ │ ├── general.nix │ │ ├── plugins.nix │ │ └── rules.nix │ └── default.nix │ ├── programs │ └── hyprlock.nix │ └── services │ ├── hypridle.nix │ ├── hyprpaper.nix │ └── ly.nix ├── hosts ├── README.md ├── ame │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── default.nix │ │ ├── restic.nix │ │ └── syncthing.nix │ └── topology.nix ├── arashi │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── default.nix │ │ ├── exporters.nix │ │ ├── postgresql.nix │ │ ├── redis.nix │ │ └── restic.nix │ └── topology.nix ├── common │ ├── README.md │ ├── default.nix │ ├── fonts.nix │ ├── nix.nix │ ├── openssh.nix │ ├── prometheus.nix │ ├── security.nix │ ├── sops.nix │ ├── system.nix │ ├── time.nix │ ├── users.nix │ └── virtualisation.nix ├── default.nix ├── deploy.nix ├── haru │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── blocky.nix │ │ ├── default.nix │ │ └── unbound.nix │ └── topology.nix ├── kariru │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── default.nix │ │ ├── restic.nix │ │ ├── syncthing.nix │ │ └── torrent.nix │ └── topology.nix ├── sakura │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── default.nix │ │ ├── forgejo.nix │ │ ├── ganymede.nix │ │ ├── grafana.nix │ │ ├── hedgedoc.nix │ │ ├── immich-proxy.nix │ │ ├── restic.nix │ │ ├── rustlog.nix │ │ ├── rustypaste.nix │ │ ├── tailscale.nix │ │ ├── vaultwarden.nix │ │ └── wastebin.nix │ └── topology.nix ├── sora │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── attic.nix │ │ ├── croc.nix │ │ ├── default.nix │ │ ├── factorio.nix │ │ ├── foundryvtt.nix │ │ ├── minecraft.nix │ │ ├── ntfy-sh.nix │ │ ├── restic.nix │ │ ├── tailscale.nix │ │ ├── terraria.nix │ │ ├── traefik.nix │ │ └── uptimekuma.nix │ └── topology.nix ├── tsuki │ ├── default.nix │ ├── gaming.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── atticd.nix │ │ ├── default.nix │ │ ├── hydroxide.nix │ │ ├── immich-backup.nix │ │ ├── restic.nix │ │ ├── rnnoise.nix │ │ └── syncthing.nix │ └── topology.nix ├── tsuru │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ │ ├── default.nix │ │ ├── tailscale.nix │ │ └── woodpecker.nix │ └── topology.nix └── yuki │ ├── default.nix │ ├── hardware.nix │ ├── networking.nix │ ├── services │ ├── anki-sync-server.nix │ ├── botoh.nix │ ├── default.nix │ ├── glance.nix │ ├── hass │ │ ├── config.nix │ │ ├── default.nix │ │ └── lovelace.nix │ ├── hoarder.nix │ ├── immich.nix │ ├── jellyfin.nix │ ├── komga.nix │ ├── restic.nix │ ├── stash.nix │ ├── traefik.nix │ └── wallos.nix │ └── topology.nix ├── modules ├── default.nix ├── pre-commit.nix └── topology.nix ├── overlays ├── default.nix └── technorino.nix ├── pkgs ├── README.md ├── cpm │ └── default.nix ├── forex │ └── default.nix ├── jellyfin-rpc │ └── default.nix └── passgen │ └── default.nix ├── secrets ├── README.md ├── restic │ └── secrets.yaml ├── s3 │ └── secrets.yaml ├── secrets.yaml └── tailscale │ └── secrets.yaml └── statix.toml /.envrc: -------------------------------------------------------------------------------- 1 | use flake -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | result 2 | .pre-commit-config.yaml 3 | .stfolder 4 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | - &users 3 | - ¬oh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 4 | 5 | creation_rules: 6 | - path_regex: secrets/[^/]+\.yaml$ 7 | key_groups: 8 | - age: 9 | - *notoh 10 | - path_regex: secrets/s3/[^/]+\.yaml$ 11 | key_groups: 12 | - age: 13 | - *notoh 14 | - path_regex: secrets/restic/[^/]+\.yaml$ 15 | key_groups: 16 | - age: 17 | - *notoh 18 | - path_regex: secrets/tailscale/[^/]+\.yaml$ 19 | key_groups: 20 | - age: 21 | - *notoh 22 | -------------------------------------------------------------------------------- /.woodpecker/flake-lock-update.yml: -------------------------------------------------------------------------------- 1 | clone: 2 | git: 3 | image: woodpeckerci/plugin-git 4 | settings: 5 | branch: flake-lock-update 6 | when: 7 | - event: cron 8 | cron: flake-lock-update 9 | 10 | steps: 11 | update: 12 | image: nixos/nix 13 | commands: | 14 | echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf 15 | echo "access-tokens = github.com=$${GH_PAT}" >> /etc/nix/nix.conf 16 | nix flake update 17 | secrets: [gh_pat] 18 | push-changes: 19 | image: appleboy/drone-git-push 20 | settings: 21 | remote: ssh://forgejo@git.flake.sh:2222/notohh/snowflake.git 22 | branch: flake-lock-update 23 | local_ref: flake-lock-update 24 | ssh_key: 25 | from_secret: forgejo_ssh_key 26 | commit: true 27 | commit_message: "flake.lock: update" 28 | author_name: "WoodpeckerCI" 29 | author_email: "woodpecker@flake.sh" 30 | make-pr: 31 | image: johnwalkerx/gitea-pull-request-create-plugin:latest 32 | pull: true 33 | settings: 34 | gitea_address: https://git.flake.sh/ 35 | gitea_token: 36 | from_secret: forgejo_token 37 | owner: ${CI_REPO_OWNER} 38 | repo: ${CI_REPO_NAME} 39 | branch: flake-lock-update 40 | base_branch: master 41 | pr_title: "flake.lock: update" 42 | pr_body: PR automatically created by Woodpecker CI 43 | skip_on_missing_branch: false 44 | close_pr_if_empty: true 45 | delete_branch_if_pr_empty: true 46 | merge_when_checks_succeed: false 47 | delete_branch_after_merge: true 48 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2004 notohh 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 |

3 |
4 | snowflake 5 |

6 | 7 |

8 | 9 | 10 | 11 |

12 | 13 | 14 | status-badge 15 | 16 |

17 | 18 | 19 |

20 | Screenshots updated: 2025-02-09 21 |

22 |

23 | :warning: this config is a constant WIP, 24 | and will change constantly as i continue to learn about nix. stuff will be updated, restructed, added, and removed quite often. please also note that everything hosted here is what works best for me, and could totally be ineffecient, or just a dead wrong way of doing something.

25 |
26 | 27 | ## :open_book: Table of contents 28 | 29 | - :house_with_garden: [home](home) 30 | - :computer: [hosts](hosts) 31 | - :cloud_with_rain: [ame](hosts/ame) 32 | - :cloud_with_lightning_and_rain: [arashi](hosts/arashi) 33 | - :hibiscus: [haru](hosts/haru) 34 | - :satellite: [kariru](hosts/kariru) 35 | - :wind_chime: [kaze](hosts/kaze) 36 | - :cherry_blossom: [sakura](hosts/sakura) 37 | - :milky_way: [sora](hosts/sora) 38 | - :full_moon: [tsuki](hosts/tsuki) 39 | - :building_construction: [tsuru](hosts/tsuru) 40 | - :snowflake: [yuki](hosts/yuki) 41 | - :electric_plug: [modules](modules) 42 | - :airplane: [overlays](overlays) 43 | - :package: [pkgs](pkgs) 44 | - :lock: [secrets](secrets) 45 | 46 | ## :spiral_notepad: Features 47 | 48 | - multi-config repo, with configs for servers, laptop, and desktop 49 | - multi-system home-manager setup 50 | - secrets provisioning with [sops-nix](https://github.com/Mic92/sops-nix) 51 | - multiple fully declarative self hosted services (and some containerized ones, with a docker backend) 52 | - wayland config for hyprland 53 | - custom packages not found in nixpkgs 54 | - linted & styled with [alejandra](https://github.com/kamadorueda/alejandra), [deadnix](https://github.com/astro/deadnix), and [statix](https://github.com/nerdypepper/statix) 55 | 56 | ## :busts_in_silhouette: Credit 57 | 58 | #### people who've inspired me to dive into nix, and i've stolen stuff from (you guys are awesome!) 59 | 60 | - [fufexan](https://github.com/fufexan) - a ton of home manager, hyprland stuff, and some gh workflows 61 | - [Misterio77](https://github.com/Misterio77) - flake, and some other boilerplate 62 | - [NobbZ](https://github.com/NobbZ) - general nix assistance 63 | - [MatthiasBenaets](https://github.com/MatthiasBenaets) - amazing nixos introduction video 64 | - [sioodmy](https://github.com/sioodmy) - general dotfile, readme badges, and hyprland stuff 65 | - [MatthewCroughan](https://github.com/MatthewCroughan) - traefik config used as reference 66 | - [seqizz](https://github.com/seqizz/nixos-config/blob/3ee51f406a8c7aa3afde9cdee97a43641b2ed2ef/modules/server/rustypaste.nix) - rustypaste config 67 | - [Yavko](https://github.com/yavko) - ironbar config used as reference 68 | - [hlissner](https://github.com/hlissner) - [security.nix](modules/security.nix) 69 | - [noc](https://git.flake.sh/noc) - networking diagram + a ton of other stuff 70 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "snowflake"; 3 | 4 | outputs = inputs: 5 | inputs.flake-parts.lib.mkFlake {inherit inputs;} { 6 | imports = [ 7 | ./hosts 8 | ./overlays 9 | ./modules 10 | ./home/profiles 11 | ]; 12 | systems = ["x86_64-linux"]; 13 | perSystem = { 14 | config, 15 | pkgs, 16 | ... 17 | }: { 18 | devShells.default = pkgs.mkShell { 19 | name = "snowflake"; 20 | shellHook = config.pre-commit.installationScript; 21 | packages = with pkgs; [ 22 | git 23 | sops 24 | alejandra 25 | yaml-language-server 26 | lua-language-server 27 | ]; 28 | }; 29 | formatter = pkgs.alejandra; 30 | }; 31 | }; 32 | 33 | inputs = { 34 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; 35 | 36 | ### hypr 37 | hyprland-plugins = { 38 | url = "github:hyprwm/hyprland-plugins"; 39 | inputs.hyprland.follows = "hyprland"; 40 | }; 41 | hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; 42 | hypridle.url = "github:hyprwm/hypridle"; 43 | hyprlock.url = "github:hyprwm/hyprlock"; 44 | hyprpicker.url = "github:hyprwm/hyprpicker"; 45 | hyprpaper.url = "github:hyprwm/hyprpaper"; 46 | hyprsunset.url = "github:hyprwm/hyprsunset"; 47 | 48 | ### everything else 49 | home-manager = { 50 | url = "github:nix-community/home-manager"; 51 | inputs.nixpkgs.follows = "nixpkgs"; 52 | }; 53 | deploy-rs.url = "github:serokell/deploy-rs"; 54 | sops-nix.url = "github:Mic92/sops-nix"; 55 | hyprpanel.url = "github:jas-singhfsu/hyprpanel"; 56 | zen.url = "github:youwen5/zen-browser-flake"; 57 | scls.url = "github:estin/simple-completion-language-server"; 58 | nix-gaming.url = "github:fufexan/nix-gaming"; 59 | nur.url = "github:nix-community/NUR"; 60 | yazi.url = "github:sxyazi/yazi"; 61 | helix.url = "github:helix-editor/helix"; 62 | pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; 63 | nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 64 | flake-parts.url = "github:hercules-ci/flake-parts"; 65 | anyrun.url = "github:Kirottu/anyrun"; 66 | botoh.url = "git+https://git.flake.sh/notohh/botoh"; 67 | catppuccin.url = "github:catppuccin/nix"; 68 | nixpkgs-xr.url = "github:nix-community/nixpkgs-xr"; 69 | prismlauncher.url = "github:PrismLauncher/PrismLauncher"; 70 | manga-tui.url = "github:josueBarretogit/manga-tui"; 71 | spicetify-nix.url = "github:Gerg-L/spicetify-nix"; 72 | nix-topology.url = "github:oddlama/nix-topology"; 73 | nix-flatpak.url = "github:gmodena/nix-flatpak"; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /home/README.md: -------------------------------------------------------------------------------- 1 | # :house_with_garden: home 2 | 3 | the home of my dotfiles. configured in, and managed by home-manager. 4 | 5 | | name | description | 6 | | ---------------- | -------------------------------------------------------------------------- | 7 | | `ags` | aylurs gtk shell | 8 | | `anyrun` | wayland native application launcher | 9 | | `cava` | terminal audio visualizer | 10 | | `direnv` | a shell extension, that loads environment variables in certain directories | 11 | | `editors` | houses my main editors, helix and nvim | 12 | | `default` | used for commonly shared modules, for multiple home-manager configs | 13 | | `git` | version control system | 14 | | `gtk` | themes | 15 | | `helix` | modal text editor | 16 | | `ironbar` | wayland specific bar, written in Rust | 17 | | `lazygit` | terminal based git command system | 18 | | `mako` | a lightweight wayland notification daemon | 19 | | `neofetch` | fetch program | 20 | | `nushell` | my shell of choice | 21 | | `spotify-player` | terminal music player for spotify | 22 | | `starship` | shell prompt | 23 | | `wayland` | has my hyprland config, along with session variables for wayland | 24 | | `wezterm` | my terminal of choice | 25 | | `yazi` | terminal file manager | 26 | | `zathura` | pdf viewer | 27 | | `zellij` | terminal multiplexer | 28 | | `zoxide` | a smarter cd command | 29 | -------------------------------------------------------------------------------- /home/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | systemd.user.startServices = "sd-switch"; 3 | programs.home-manager.enable = true; 4 | 5 | imports = [ 6 | ./programs/editors/helix 7 | ./programs/terminal/lazygit 8 | ./programs/terminal/nushell 9 | ./programs/terminal/yazi 10 | ./programs/terminal/atuin.nix 11 | ./programs/terminal/bat.nix 12 | ./programs/terminal/bottom.nix 13 | ./programs/terminal/starship.nix 14 | ./programs/terminal/zoxide.nix 15 | ./programs/terminal/direnv.nix 16 | ./programs/git.nix 17 | ]; 18 | 19 | home = { 20 | username = "notoh"; 21 | homeDirectory = "/home/notoh"; 22 | packages = with pkgs; [ 23 | wget 24 | croc 25 | eza 26 | eva 27 | fd 28 | du-dust 29 | gnupg 30 | ripgrep 31 | lazydocker 32 | ffmpeg 33 | yt-dlp 34 | nfs-utils 35 | dig 36 | tailspin 37 | nitch 38 | unzip 39 | unrar 40 | p7zip 41 | procs 42 | navi 43 | ]; 44 | stateVersion = "23.05"; 45 | }; 46 | } 47 | -------------------------------------------------------------------------------- /home/profiles/ame/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.catppuccin.homeModules.catppuccin 8 | ../../services 9 | ../../programs/terminal/wezterm 10 | ../../programs/terminal/zellij 11 | ../../programs/media/spicetify.nix 12 | ../../programs/editors/zed 13 | ../../programs/media/jellyfin-mpv-shim.nix 14 | ../../programs/media/mpv.nix 15 | ../../programs/media/easyeffects.nix 16 | ]; 17 | 18 | home.packages = with pkgs; [ 19 | discord-canary 20 | pavucontrol 21 | wayland 22 | glib 23 | jellyfin-media-player 24 | technorino 25 | anki-bin 26 | tutanota-desktop 27 | moonlight-qt 28 | signal-desktop 29 | bolt-launcher 30 | inputs.zen.packages.${pkgs.system}.default 31 | ]; 32 | catppuccin = { 33 | enable = true; 34 | flavor = "mocha"; 35 | accent = "pink"; 36 | }; 37 | programs.ssh = { 38 | enable = true; 39 | extraConfig = '' 40 | Host sakura 41 | Hostname 100.121.201.47 42 | User notoh 43 | IdentityFile ~/.ssh/sakura 44 | Host kariru 45 | Hostname 100.126.229.95 46 | User notoh 47 | IdentityFile ~/.ssh/kariru 48 | Host yuki 49 | Hostname 100.108.113.89 50 | User notoh 51 | IdentityFile ~/.ssh/yuki 52 | Host arashi 53 | Hostname 100.94.214.100 54 | User notoh 55 | IdentityFile ~/.ssh/arashi 56 | Host sora 57 | Hostname 100.104.42.96 58 | User notoh 59 | IdentityFile ~/.ssh/sora 60 | Host daphbot 61 | Hostname 100.109.118.139 62 | User root 63 | IdentityFile ~/.ssh/daphbot 64 | Host tsuru 65 | Hostname 100.82.146.40 66 | User notoh 67 | IdentityFile ~/.ssh/tsuru 68 | Host haru 69 | Hostname 100.73.192.45 70 | User notoh 71 | IdentityFile ~/.ssh/haru 72 | Host basegbot 73 | HostName 100.83.81.116 74 | User basegbot 75 | IdentityFile ~/.ssh/basegbot 76 | Host rpi4 77 | Hostname 100.92.145.147 78 | User notoh 79 | IdentityFile ~/.ssh/rpi4 80 | Host pve 81 | Hostname 100.115.234.69 82 | User root 83 | Host truenas 84 | Hostname 192.168.1.199 85 | User root 86 | IdentityFile ~/.ssh/truenas 87 | Host git.flake.sh 88 | Hostname git.flake.sh 89 | User notohh 90 | IdentityFile ~/.ssh/notohh-git 91 | Port 2222 92 | Host github.com 93 | Hostname github.com 94 | User notohh 95 | IdentityFile ~/.ssh/notohh-git 96 | ''; 97 | }; 98 | } 99 | -------------------------------------------------------------------------------- /home/profiles/default.nix: -------------------------------------------------------------------------------- 1 | # stolen from fufexan 2 | { 3 | inputs, 4 | self, 5 | ... 6 | }: let 7 | extraSpecialArgs = {inherit inputs self;}; 8 | 9 | homeImports = { 10 | "notoh@tsuki" = [ 11 | ../. 12 | ./tsuki 13 | ]; 14 | "notoh@ame" = [ 15 | ../. 16 | ./ame 17 | ]; 18 | default = [ 19 | ../. 20 | ./default 21 | ]; 22 | }; 23 | 24 | inherit (inputs.hm.lib) homeManagerConfiguration; 25 | 26 | pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; 27 | in { 28 | _module.args = {inherit homeImports;}; 29 | 30 | flake = { 31 | homeConfigurations = { 32 | "notoh_tsuki" = homeManagerConfiguration { 33 | modules = homeImports."notoh@tsuki"; 34 | inherit pkgs extraSpecialArgs; 35 | }; 36 | 37 | "notoh_ame" = homeManagerConfiguration { 38 | modules = homeImports."notoh@ame"; 39 | inherit pkgs extraSpecialArgs; 40 | }; 41 | 42 | default = homeManagerConfiguration { 43 | modules = homeImports.default; 44 | inherit pkgs extraSpecialArgs; 45 | }; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /home/profiles/default/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = []; 3 | } 4 | -------------------------------------------------------------------------------- /home/profiles/tsuki/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.catppuccin.homeModules.catppuccin 8 | ../../services 9 | ../../programs/anyrun 10 | ../../programs/hyprpanel 11 | ../../programs/browsers/firefox 12 | ../../programs/terminal/wezterm 13 | ../../programs/terminal/zellij 14 | ../../programs/terminal/television 15 | ../../programs/editors/zed 16 | ../../programs/media/cava.nix 17 | ../../programs/media/spicetify.nix 18 | ../../programs/themes.nix 19 | ../../programs/opencomposite.nix 20 | ../../programs/media/zathura.nix 21 | ../../programs/media/easyeffects.nix 22 | ../../programs/media/mpv.nix 23 | ../../programs/media/jellyfin-mpv-shim.nix 24 | ../../wayland/hyprland 25 | ../../wayland/services/hypridle.nix 26 | ../../wayland/services/hyprpaper.nix 27 | ../../wayland/programs/hyprlock.nix 28 | ]; 29 | home.packages = with pkgs; [ 30 | chromium 31 | vesktop 32 | discord-canary 33 | technorino 34 | signal-desktop 35 | obs-studio 36 | pavucontrol 37 | anki-bin 38 | virt-manager 39 | qbittorrent 40 | imv 41 | rustypaste-cli 42 | cryptomator 43 | ventoy-bin-full 44 | wine 45 | bottles 46 | lutris 47 | moonlight-qt 48 | tokei 49 | jellyfin-media-player 50 | jellyfin-rpc 51 | wlx-overlay-s 52 | losslesscut-bin 53 | mangohud 54 | uxplay 55 | drawio 56 | postman 57 | gale 58 | krita 59 | bolt-launcher 60 | cinny-desktop 61 | tutanota-desktop 62 | inputs.zen.packages.${pkgs.system}.default 63 | inputs.nix-gaming.packages.${pkgs.system}.osu-lazer-bin 64 | inputs.manga-tui.packages.${pkgs.system}.manga-tui 65 | inputs.prismlauncher.packages.${pkgs.system}.prismlauncher 66 | ]; 67 | catppuccin = { 68 | mako.enable = false; 69 | enable = true; 70 | flavor = "mocha"; 71 | accent = "pink"; 72 | }; 73 | programs.ssh = { 74 | enable = true; 75 | extraConfig = '' 76 | Host sakura 77 | Hostname 100.121.201.47 78 | User notoh 79 | IdentityFile ~/.ssh/sakura 80 | Host kariru 81 | Hostname 100.126.229.95 82 | User notoh 83 | IdentityFile ~/.ssh/kariru 84 | Host yuki 85 | Hostname 100.108.113.89 86 | User notoh 87 | IdentityFile ~/.ssh/yuki 88 | Host arashi 89 | Hostname 100.94.214.100 90 | User notoh 91 | IdentityFile ~/.ssh/arashi 92 | Host sora 93 | Hostname 100.104.42.96 94 | User notoh 95 | IdentityFile ~/.ssh/sora 96 | Host daphbot 97 | Hostname 100.109.118.139 98 | User root 99 | IdentityFile ~/.ssh/daphbot 100 | Host tsuru 101 | Hostname 100.82.146.40 102 | User notoh 103 | IdentityFile ~/.ssh/tsuru 104 | Host haru 105 | Hostname 100.73.192.45 106 | User notoh 107 | IdentityFile ~/.ssh/haru 108 | Host basegbot 109 | HostName 100.83.81.116 110 | User basegbot 111 | IdentityFile ~/.ssh/basegbot 112 | Host rpi4 113 | Hostname 100.92.145.147 114 | User notoh 115 | IdentityFile ~/.ssh/rpi4 116 | Host rennypaste 117 | Hostname 5.78.112.206 118 | User notohh 119 | IdentityFile ~/.ssh/renny-key 120 | Host pve 121 | Hostname 100.115.234.69 122 | User root 123 | Host truenas 124 | Hostname 192.168.1.199 125 | User root 126 | IdentityFile ~/.ssh/truenas 127 | Host git.flake.sh 128 | Hostname git.flake.sh 129 | User notohh 130 | IdentityFile ~/.ssh/notohh-git 131 | Port 2222 132 | Host github.com 133 | Hostname github.com 134 | User notohh 135 | IdentityFile ~/.ssh/notohh-git 136 | ''; 137 | }; 138 | } 139 | -------------------------------------------------------------------------------- /home/programs/anyrun/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | lib, 5 | ... 6 | }: let 7 | compileSCSS = name: source: "${pkgs.runCommandLocal name {} '' 8 | mkdir -p $out 9 | ${lib.getExe pkgs.sassc} -t expanded '${source}' > $out/${name}.css 10 | ''}/${name}.css"; 11 | in { 12 | programs.anyrun = { 13 | enable = true; 14 | package = inputs.anyrun.packages.${pkgs.system}.default; 15 | config = { 16 | plugins = with inputs.anyrun.packages.${pkgs.system}; [ 17 | applications 18 | dictionary 19 | websearch 20 | ]; 21 | width = {fraction = 0.3;}; 22 | hideIcons = false; 23 | ignoreExclusiveZones = false; 24 | layer = "overlay"; 25 | hidePluginInfo = false; 26 | closeOnClick = false; 27 | showResultsImmediately = false; 28 | }; 29 | extraCss = builtins.readFile (compileSCSS "style" ./style.scss); 30 | extraConfigFiles = { 31 | "dictionary.ron".text = '' 32 | Config( 33 | prefix: ":def", 34 | ) 35 | ''; 36 | "applications.ron".text = '' 37 | Config( 38 | desktop_actions: false, 39 | max_entries: 10, 40 | ) 41 | ''; 42 | "websearch.ron".text = '' 43 | Config( 44 | prefix: "?", 45 | engines: [ 46 | Custom( 47 | name: "SearXNG", 48 | url: "100.121.201.47:8100/search?q={}", 49 | ), 50 | Custom( 51 | name: "nix packages", 52 | url: "search.nixos.org/packages?query={}&channel=unstable", 53 | ), 54 | ], 55 | ) 56 | ''; 57 | }; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /home/programs/anyrun/style.scss: -------------------------------------------------------------------------------- 1 | * { 2 | all: unset; 3 | transition: 200ms ease-out; 4 | color: #c0caf5; 5 | font-family: Maple Mono NF; 6 | font-size: 1.1rem; 7 | } 8 | 9 | #window, 10 | #match, 11 | #entry, 12 | #plugin, 13 | #main { 14 | background: transparent; 15 | } 16 | 17 | #main { 18 | margin-top: 0.5rem; 19 | } 20 | 21 | #match { 22 | padding: 3px; 23 | border-radius: 12px; 24 | } 25 | 26 | #match:hover, 27 | #match:selected { 28 | background: #45475a; 29 | padding: 0.6rem; 30 | } 31 | 32 | entry#entry { 33 | border-color: transparent; 34 | margin-top: 0.5rem; 35 | } 36 | 37 | box#main { 38 | background: #1a1b26; 39 | border: 3px solid #7dcfff; 40 | border-radius: 10px; 41 | padding: 0.3rem; 42 | } 43 | -------------------------------------------------------------------------------- /home/programs/browsers/chromium/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.chromium = { 3 | enable = true; 4 | }; 5 | } 6 | -------------------------------------------------------------------------------- /home/programs/browsers/firefox/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.firefox = { 3 | enable = false; 4 | policies = { 5 | DisablePocket = true; 6 | DisplayBookmarksToolbar = true; 7 | DontCheckDefaultBrowser = true; 8 | OfferToSaveLogins = false; 9 | NoDefaultBookmarks = true; 10 | PasswordManagerEnable = false; 11 | DNSOverHTTPS = { 12 | Enabled = true; 13 | }; 14 | }; 15 | profiles.notohh = { 16 | id = 0; 17 | isDefault = true; 18 | name = "notohh"; 19 | settings = { 20 | "browser.search.separatePrivateDefault" = false; 21 | "browser.search.separatePrivateDefault.ui.enabled" = true; 22 | "browser.startup.homepage" = "http://dashboard.internal.flake.sh/"; 23 | "network.trr.mode" = 5; 24 | "dom.security.https_first" = true; 25 | "dom.security.https_only_mode" = true; 26 | "dom.security.https_only_mode_ever_enabled" = true; 27 | }; 28 | extraConfig = builtins.readFile ./user.js/betterfox.js; 29 | search = { 30 | default = "DuckDuckGo"; 31 | force = true; 32 | engines = { 33 | "Kagi" = { 34 | urls = [ 35 | { 36 | template = "https://kagi.com/search"; 37 | params = [ 38 | { 39 | name = "q"; 40 | value = "{searchTerms}"; 41 | } 42 | ]; 43 | } 44 | ]; 45 | definedAliases = ["@g"]; 46 | }; 47 | "SearXNG" = { 48 | urls = [ 49 | { 50 | template = "http://100.108.113.89:8100"; 51 | params = [ 52 | { 53 | name = "q"; 54 | value = "{searchTerms}"; 55 | } 56 | ]; 57 | } 58 | ]; 59 | definedAliases = ["@sx"]; 60 | }; 61 | "Nix Packages" = { 62 | urls = [ 63 | { 64 | template = "https://search.nixos.org/packages"; 65 | params = [ 66 | { 67 | name = "type"; 68 | value = "packages"; 69 | } 70 | { 71 | name = "query"; 72 | value = "{searchTerms}"; 73 | } 74 | ]; 75 | } 76 | ]; 77 | icon = "''${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 78 | definedAliases = ["@np"]; 79 | }; 80 | "Bing".metaData.hidden = true; 81 | "Google".metaData.hidden = true; 82 | "Amazon.com".metaData.hidden = true; 83 | "eBay".metaData.hidden = true; 84 | "DuckDuckGo".metaData.hidden = false; 85 | }; 86 | }; 87 | extensions = with pkgs.nur.repos.rycee.firefox-addons; [ 88 | # security 89 | bitwarden 90 | ublock-origin 91 | 92 | #leisure 93 | darkreader 94 | mal-sync 95 | stylus 96 | 97 | #utility 98 | new-tab-override 99 | sponsorblock 100 | return-youtube-dislikes 101 | violentmonkey 102 | ]; 103 | }; 104 | }; 105 | xdg = { 106 | configFile."mimeapps.list".force = true; 107 | mimeApps = { 108 | enable = true; 109 | defaultApplications = { 110 | "x-scheme-handler/discord-409416265891971072" = ["discord-409416265891971072.desktop"]; 111 | "x-scheme-handler/discord-402572971681644545" = ["discord-402572971681644545.desktop"]; 112 | "x-scheme-handler/discord-696343075731144724" = ["discord-696343075731144724.desktop"]; 113 | "x-scheme-handler/http" = ["zen.desktop"]; 114 | "x-scheme-handler/https" = ["zen.desktop"]; 115 | "x-scheme-handler/chrome" = ["zen.desktop"]; 116 | "text/html" = ["zen.desktop"]; 117 | "application/x-extension-htm" = ["zen.desktop"]; 118 | "application/x-extension-html" = ["zen.desktop"]; 119 | "application/x-extension-shtml" = ["zen.desktop"]; 120 | "application/xhtml+xml" = ["zen.desktop"]; 121 | "application/x-extension-xhtml" = ["zen.desktop"]; 122 | "application/x-extension-xht" = ["zen.desktop"]; 123 | }; 124 | }; 125 | }; 126 | } 127 | -------------------------------------------------------------------------------- /home/programs/browsers/firefox/user.js/.prettierrc.json: -------------------------------------------------------------------------------- 1 | { 2 | "trailingComma": "none" 3 | } 4 | -------------------------------------------------------------------------------- /home/programs/editors/helix/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./languages.nix 4 | ./themes/tokyonight.nix 5 | ./themes/onedark.nix 6 | ./themes/catppuccin_mocha.nix 7 | ]; 8 | 9 | programs.helix = { 10 | enable = true; 11 | defaultEditor = true; 12 | settings = { 13 | editor = { 14 | auto-save = true; 15 | true-color = true; 16 | color-modes = true; 17 | cursorline = true; 18 | completion-replace = true; 19 | soft-wrap.enable = true; 20 | idle-timeout = 1; 21 | gutters = ["diff" "diagnostics" "line-numbers" "spacer"]; 22 | statusline = { 23 | left = ["mode" "spinner"]; 24 | center = ["file-name"]; 25 | right = ["diagnostics" "selections" "position" "file-line-ending" "file-type" "version-control"]; 26 | separator = "|"; 27 | mode = { 28 | normal = "NOR"; 29 | insert = "INS"; 30 | select = "SEL"; 31 | }; 32 | }; 33 | inline-diagnostics = { 34 | cursor-line = "hint"; 35 | other-lines = "error"; 36 | }; 37 | cursor-shape = { 38 | insert = "bar"; 39 | normal = "block"; 40 | select = "underline"; 41 | }; 42 | indent-guides = { 43 | render = true; 44 | rainbow = "dim"; 45 | character = "┆"; 46 | }; 47 | whitespace = { 48 | characters = { 49 | space = "·"; 50 | nbsp = "⍽"; 51 | tab = "→"; 52 | newline = "⏎"; 53 | tabpad = "·"; 54 | }; 55 | }; 56 | lsp = { 57 | display-messages = true; 58 | display-inlay-hints = true; 59 | }; 60 | }; 61 | }; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /home/programs/editors/helix/languages.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | inputs, 5 | ... 6 | }: { 7 | home.packages = [inputs.scls.defaultPackage.${pkgs.system}]; 8 | programs.helix.languages = { 9 | language = with pkgs; [ 10 | { 11 | name = "nix"; 12 | auto-format = true; 13 | language-servers = ["scls" "nil"]; 14 | formatter = { 15 | command = lib.getExe alejandra; 16 | args = ["-q"]; 17 | }; 18 | } 19 | { 20 | name = "rust"; 21 | auto-format = true; 22 | language-servers = ["scls" "rust-analyzer"]; 23 | formatter = { 24 | command = lib.getExe rustfmt; 25 | args = ["--edition" "2021"]; 26 | }; 27 | } 28 | { 29 | name = "lua"; 30 | auto-format = true; 31 | language-servers = ["scls" "lua-language-server"]; 32 | formatter = { 33 | command = lib.getExe stylua; 34 | }; 35 | } 36 | { 37 | name = "python"; 38 | auto-format = true; 39 | language-servers = ["scls" "ruff"]; 40 | formatter = with pkgs; { 41 | command = lib.getExe ruff; 42 | args = ["format" "-q"]; 43 | }; 44 | } 45 | { 46 | name = "typescript"; 47 | auto-format = true; 48 | language-servers = [ 49 | "scls" 50 | { 51 | name = "typescript-language-server"; 52 | except-features = ["format"]; 53 | } 54 | ]; 55 | formatter = with pkgs; { 56 | command = lib.getExe deno; 57 | args = [ 58 | "fmt" 59 | "-" 60 | "--ext" 61 | "ts" 62 | ]; 63 | }; 64 | } 65 | { 66 | name = "toml"; 67 | auto-format = true; 68 | language-servers = ["scls" "taplo"]; 69 | formatter = with pkgs; { 70 | command = lib.getExe taplo; 71 | args = ["fmt" "-"]; 72 | }; 73 | } 74 | { 75 | name = "json"; 76 | auto-format = true; 77 | language-servers = ["scls" "biome"]; 78 | formatter = with pkgs; { 79 | command = lib.getExe biome; 80 | args = ["format"]; 81 | }; 82 | } 83 | ]; 84 | language-server = with pkgs; { 85 | scls = { 86 | command = "simple-completion-language-server"; 87 | config = { 88 | feature_snippets = true; 89 | feature_paths = true; 90 | }; 91 | }; 92 | rust-analyzer.config = { 93 | checkOnSave.command = "clippy"; 94 | inlayHints = { 95 | closingBraceHints.enable = false; 96 | parameterHints.enable = false; 97 | typeHints.enable = true; 98 | }; 99 | }; 100 | nil = { 101 | command = lib.getExe nil; 102 | }; 103 | typescript-language-server = with pkgs.nodePackages; { 104 | command = lib.getExe typescript-language-server; 105 | args = ["--stdio"]; 106 | }; 107 | lua = { 108 | command = lib.getExe lua-language-server; 109 | }; 110 | taplo = { 111 | command = lib.getExe taplo; 112 | args = ["lsp" "stdio"]; 113 | }; 114 | ruff = { 115 | command = lib.getExe ruff; 116 | args = ["server" "--preview"]; 117 | }; 118 | }; 119 | }; 120 | } 121 | -------------------------------------------------------------------------------- /home/programs/editors/helix/themes/tokyonight.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.helix = { 3 | themes.tokyonight = let 4 | red = "#f7768e"; 5 | orange = "#ff9e64"; 6 | yellow = "#e0af68"; 7 | light-green = "#9ece6a"; 8 | green = "#73daca"; 9 | turquoise = "#89ddff"; 10 | teal = "#2ac3de"; 11 | cyan = "#7dcfff"; 12 | blue = "#7aa2f7"; 13 | magenta = "#bb9af7"; 14 | white = "#c0caf5"; 15 | light-gray = "#9aa5ce"; 16 | comment = "#565f89"; 17 | black = "#414868"; 18 | foreground = "#a9b1d6"; 19 | foreground_gutter = "#363b54"; 20 | background_highlight = "#30374b"; 21 | background_menu = "#16161e"; 22 | in { 23 | "comment" = { 24 | fg = comment; 25 | modifiers = ["italic"]; 26 | }; 27 | "constant" = {fg = orange;}; 28 | "constant.character.escape" = {fg = magenta;}; 29 | "function" = { 30 | fg = blue; 31 | modifiers = ["italic"]; 32 | }; 33 | "function.macro" = {fg = cyan;}; 34 | "keyword" = { 35 | fg = cyan; 36 | modifiers = ["italic"]; 37 | }; 38 | "keyword.control" = {fg = magenta;}; 39 | "keyword.control.import" = {fg = cyan;}; 40 | "keyword.operator" = {fg = turquoise;}; 41 | "keyword.function" = { 42 | fg = magenta; 43 | modifiers = ["italic"]; 44 | }; 45 | "operator" = {fg = turquoise;}; 46 | "punctuation" = {fg = turquoise;}; 47 | "string" = {fg = light-green;}; 48 | "string.regexp" = {fg = "light-blue";}; 49 | "tag" = {fg = red;}; 50 | "type" = {fg = teal;}; 51 | "namespace" = {fg = blue;}; 52 | "variable" = {fg = white;}; 53 | "variable.builtin" = {fg = red;}; 54 | "variable.other.member" = {fg = green;}; 55 | "variable.parameter" = { 56 | fg = yellow; 57 | modifiers = ["italic"]; 58 | }; 59 | 60 | "diff.plus" = {fg = green;}; 61 | "diff.delta" = {fg = orange;}; 62 | "diff.minus" = {fg = red;}; 63 | 64 | # "ui.background" = {fg = foreground;}; 65 | 66 | "ui.cursor" = {modifiers = ["reversed"];}; 67 | "ui.cursor.match" = { 68 | fg = orange; 69 | modifiers = ["bold"]; 70 | }; 71 | "ui.cursor.primary" = {modifiers = ["reversed"];}; 72 | # "ui.cursorline.primary" = {bg = background_menu;}; 73 | "ui.help" = { 74 | fg = foreground; 75 | # bg = background_menu; 76 | }; 77 | "ui.linenr" = {fg = foreground_gutter;}; 78 | "ui.linenr.selected" = {fg = foreground;}; 79 | "ui.menu" = { 80 | fg = foreground; 81 | # bg = background_menu; 82 | }; 83 | "ui.menu.selected" = {bg = background_highlight;}; 84 | "ui.popup" = { 85 | fg = foreground; 86 | # bg = background_menu; 87 | }; 88 | "ui.selection" = {bg = background_highlight;}; 89 | "ui.selection.primary" = {bg = background_highlight;}; 90 | "ui.statusline" = { 91 | fg = foreground; 92 | # bg = background_menu; 93 | }; 94 | "ui.statusline.inactive" = { 95 | fg = foreground_gutter; 96 | bg = background_menu; 97 | }; 98 | "ui.statusline.normal" = { 99 | fg = black; 100 | bg = blue; 101 | }; 102 | "ui.statusline.insert" = { 103 | fg = black; 104 | bg = green; 105 | }; 106 | "ui.statusline.select" = { 107 | fg = black; 108 | bg = magenta; 109 | }; 110 | "ui.text" = {fg = foreground;}; 111 | "ui.text.focus" = {fg = cyan;}; 112 | "ui.virtual.ruler" = {bg = foreground_gutter;}; 113 | "ui.virtual.whitespace" = {fg = foreground_gutter;}; 114 | "ui.virtual.inlay-hint" = {fg = comment;}; 115 | "ui.window" = {fg = black;}; 116 | 117 | "error" = {fg = red;}; 118 | "warning" = {fg = yellow;}; 119 | "info" = {fg = blue;}; 120 | "hint" = {fg = teal;}; 121 | "diagnostic.error" = { 122 | underline = { 123 | style = "curl"; 124 | color = red; 125 | }; 126 | }; 127 | "diagnostic.warning" = { 128 | underline = { 129 | style = "curl"; 130 | color = yellow; 131 | }; 132 | }; 133 | "diagnostic.info" = { 134 | underline = { 135 | style = "curl"; 136 | color = blue; 137 | }; 138 | }; 139 | "diagnostic.hint" = { 140 | underline = { 141 | style = "curl"; 142 | color = teal; 143 | }; 144 | }; 145 | "special" = {fg = orange;}; 146 | 147 | "markup.heading" = { 148 | fg = cyan; 149 | modifiers = ["bold"]; 150 | }; 151 | "markup.list" = {fg = cyan;}; 152 | "markup.bold" = { 153 | fg = orange; 154 | modifiers = ["bold"]; 155 | }; 156 | "markup.italic" = { 157 | fg = yellow; 158 | modifiers = ["italic"]; 159 | }; 160 | "markup.strikethrough" = {modifiers = ["crossed_out"];}; 161 | "markup.link.url" = {fg = green;}; 162 | "markup.link.text" = {fg = light-gray;}; 163 | "markup.quote" = { 164 | fg = yellow; 165 | modifiers = ["italic"]; 166 | }; 167 | "markup.raw" = {fg = cyan;}; 168 | }; 169 | }; 170 | } 171 | -------------------------------------------------------------------------------- /home/programs/editors/zed/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./usersettings.nix ./userkeymap.nix]; 3 | programs.zed-editor = { 4 | enable = true; 5 | package = pkgs.zed-editor.fhsWithPackages (pkgs: [pkgs.zlib pkgs.openssl]); 6 | extensions = [ 7 | # langs 8 | "html" 9 | "toml" 10 | "git-firefly" 11 | "latex" 12 | "svelte" 13 | "scss" 14 | "nix" 15 | "nu" 16 | "gosum" 17 | "scls" 18 | "lua" 19 | "mermaid" 20 | 21 | # misc 22 | "env" 23 | "discord-presence" 24 | "wakatime" 25 | 26 | # themes 27 | "catppuccin" 28 | "material-icon-theme" 29 | ]; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /home/programs/editors/zed/userkeymap.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zed-editor.userKeymaps = [ 3 | { 4 | context = "Workspace"; 5 | bindings = { 6 | ctrl-shift-t = "workspace::NewTerminal"; 7 | }; 8 | } 9 | { 10 | context = "Editor"; 11 | bindings = { 12 | }; 13 | } 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /home/programs/editors/zed/usersettings.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zed-editor.userSettings = { 3 | ui_font_size = 16; 4 | ui_font_family = "Maple Mono NF"; 5 | buffer_font_size = 16; 6 | buffer_font_family = "Maple Mono NF"; 7 | relative_line_numbers = true; 8 | hour_format = "hour24"; 9 | shell = "nu"; 10 | theme = { 11 | dark = "Catppuccin Mocha (pink)"; 12 | light = "Catppuccin Mocha (pink)"; 13 | }; 14 | tabs = { 15 | file_icons = true; 16 | git_status = true; 17 | }; 18 | indent_guides = { 19 | enable = true; 20 | }; 21 | inlay_hints = { 22 | enable = true; 23 | }; 24 | telemetry = { 25 | diagnostics = false; 26 | metrics = false; 27 | }; 28 | assistant = { 29 | default_model = { 30 | provider = "copilot_chat"; 31 | model = "gpt-4o"; 32 | }; 33 | version = "2"; 34 | }; 35 | diagnostics = { 36 | inline = { 37 | enabled = true; 38 | update_debounce_ms = 150; 39 | padding = 4; 40 | max_severity = null; 41 | }; 42 | }; 43 | languages = { 44 | Nix = { 45 | language_servers = ["nil"]; 46 | formatter = { 47 | external = { 48 | command = "alejandra"; 49 | arguments = ["--quiet" "--"]; 50 | }; 51 | }; 52 | }; 53 | lsp = { 54 | discord_presence = { 55 | initialization_options = { 56 | git_integration = false; 57 | rules = { 58 | mode = "blacklist"; 59 | paths = ["/home/notoh/dev/ec" "/home/notoh/dev/yamilol"]; 60 | }; 61 | }; 62 | }; 63 | }; 64 | }; 65 | }; 66 | } 67 | -------------------------------------------------------------------------------- /home/programs/git.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs = { 3 | git = { 4 | enable = true; 5 | delta.enable = true; 6 | userEmail = "github@notohh.dev"; 7 | userName = "notohh"; 8 | signing = { 9 | key = "BD47506D475EE86D"; 10 | signByDefault = true; 11 | }; 12 | ignores = ["*result*" ".direnv" "node_modules"]; 13 | }; 14 | gh = { 15 | enable = true; 16 | gitCredentialHelper.enable = true; 17 | settings = { 18 | git_protocol = "ssh"; 19 | editor = "hx"; 20 | prompt = "enabled"; 21 | }; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /home/programs/hyprpanel/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.hyprpanel.homeManagerModules.hyprpanel 4 | inputs.sops-nix.homeManagerModules.sops 5 | ./settings.nix 6 | ]; 7 | 8 | programs.hyprpanel = { 9 | enable = true; 10 | hyprland.enable = false; 11 | overwrite.enable = true; 12 | override = { 13 | "theme.bar.buttons.workspaces.hover" = "#7f849c"; 14 | "theme.bar.buttons.workspaces.active" = "#f5c2e7"; 15 | "theme.bar.buttons.workspaces.occupied" = "#f5c2e7"; 16 | "theme.bar.buttons.workspaces.available" = "#585b70"; 17 | "theme.bar.buttons.workspaces.border" = "#f9e2af"; 18 | "theme.bar.buttons.dashboard.icon" = "#74c7ec"; 19 | "theme.bar.buttons.media.icon" = "#1ED760"; 20 | "bar.customModules.cava.showIcon" = false; 21 | }; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /home/programs/hyprpanel/settings.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | programs.hyprpanel.settings = { 7 | layout = { 8 | "bar.layouts" = { 9 | "0" = { 10 | left = ["dashboard" "workspaces" "cava" "hyprsunset"]; 11 | middle = ["media"]; 12 | right = ["cpu" "ram" "volume" "clock" "weather" "systray" "notifications"]; 13 | }; 14 | "1" = { 15 | left = []; 16 | middle = []; 17 | right = []; 18 | }; 19 | "2" = { 20 | left = []; 21 | middle = []; 22 | right = []; 23 | }; 24 | "3" = { 25 | left = []; 26 | middle = []; 27 | right = []; 28 | }; 29 | }; 30 | }; 31 | bar = { 32 | autoHide = "fullscreen"; 33 | launcher.autoDetectIcon = true; 34 | clock = { 35 | format = "%m/%d/%y %H:%M"; 36 | }; 37 | media = { 38 | truncation = true; 39 | truncation_size = 40; 40 | }; 41 | workspaces = { 42 | workspaces = 4; 43 | show_icons = true; 44 | showWsIcons = false; 45 | showApplicationIcons = false; 46 | monitorSpecific = false; 47 | }; 48 | customModules = { 49 | hyprsunset = { 50 | temperature = "3000k"; 51 | }; 52 | weather.unit = "metric"; 53 | }; 54 | }; 55 | notifications = { 56 | monitor = 0; 57 | active_monitor = false; 58 | }; 59 | menus = { 60 | clock = { 61 | time = { 62 | military = true; 63 | hideSeconds = false; 64 | }; 65 | weather = { 66 | enabled = false; 67 | key = "13b77bbcf0dc420782005246250902"; 68 | unit = "metric"; 69 | location = "New York"; 70 | }; 71 | }; 72 | media = { 73 | displayTime = true; 74 | }; 75 | dashboard = { 76 | stats.enable_gpu = false; 77 | directories.enabled = false; 78 | shortcuts.enabled = false; 79 | powermenu = { 80 | sleep = "${inputs.hyprland.packages.${pkgs.system}.hyprland}/bin/hyprctl dispatch dpms off"; 81 | avatar = { 82 | image = "/home/notoh/dev/assets/pfps/pfp2.jpg"; 83 | name = "notohh"; 84 | }; 85 | }; 86 | }; 87 | }; 88 | theme = { 89 | bar.transparent = false; 90 | osd = { 91 | monitor = 0; 92 | active_monitor = false; 93 | }; 94 | font = { 95 | name = "Inter"; 96 | size = "17px"; 97 | }; 98 | }; 99 | }; 100 | } 101 | -------------------------------------------------------------------------------- /home/programs/media/cava.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.cava = { 3 | enable = true; 4 | settings = { 5 | general = { 6 | mode = "normal"; 7 | framerate = 144; 8 | bars = 0; 9 | bar_width = 2; 10 | bar_spacing = 3; 11 | }; 12 | smoothing = { 13 | monstercat = 1; 14 | waves = 1; 15 | gravity = 100; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /home/programs/media/easyeffects.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.easyeffects = { 3 | enable = true; 4 | preset = "chu2_eq"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/programs/media/jellyfin-mpv-shim.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = [pkgs.jellyfin-mpv-shim]; 3 | xdg.configFile."jellyfin-mpv-shim/conf.json".text = '' 4 | { 5 | "allow_transcode_to_h265": false, 6 | "always_transcode": false, 7 | "audio_output": "hdmi", 8 | "auto_play": true, 9 | "check_updates": false, 10 | "client_uuid": "a4204cae-4a0a-47cb-8147-6f3e92efdefb", 11 | "connect_retry_mins": 0, 12 | "direct_paths": false, 13 | "discord_presence": false, 14 | "display_mirroring": false, 15 | "enable_gui": false, 16 | "enable_osc": false, 17 | "force_audio_codec": null, 18 | "force_set_played": false, 19 | "force_video_codec": null, 20 | "fullscreen": true, 21 | "health_check_interval": 300, 22 | "idle_cmd": null, 23 | "idle_cmd_delay": 60, 24 | "idle_ended_cmd": null, 25 | "idle_when_paused": false, 26 | "ignore_ssl_cert": false, 27 | "kb_debug": "~", 28 | "kb_fullscreen": "f", 29 | "kb_kill_shader": "k", 30 | "kb_menu": "c", 31 | "kb_menu_down": "down", 32 | "kb_menu_esc": "esc", 33 | "kb_menu_left": "left", 34 | "kb_menu_ok": "enter", 35 | "kb_menu_right": "right", 36 | "kb_menu_up": "up", 37 | "kb_next": ">", 38 | "kb_pause": "space", 39 | "kb_prev": "<", 40 | "kb_stop": "q", 41 | "kb_unwatched": "u", 42 | "kb_watched": "w", 43 | "lang": null, 44 | "lang_filter": "und,eng,jpn,mis,mul,zxx", 45 | "lang_filter_audio": false, 46 | "lang_filter_sub": false, 47 | "local_kbps": 2147483, 48 | "log_decisions": false, 49 | "media_ended_cmd": null, 50 | "media_key_seek": false, 51 | "media_keys": true, 52 | "menu_mouse": true, 53 | "mpv_ext": true, 54 | "mpv_ext_ipc": false, 55 | "mpv_ext_no_ovr": true, 56 | "mpv_ext_path": "${pkgs.mpv}", 57 | "mpv_ext_start": true, 58 | "mpv_log_level": "info", 59 | "notify_updates": false, 60 | "play_cmd": null, 61 | "playback_timeout": 30, 62 | "player_name": "tsuki", 63 | "pre_media_cmd": null, 64 | "prefer_transcode_to_h265": false, 65 | "raise_mpv": true, 66 | "remote_direct_paths": false, 67 | "remote_kbps": 10000, 68 | "sanitize_output": true, 69 | "screenshot_dir": null, 70 | "screenshot_menu": true, 71 | "seek_down": -60, 72 | "seek_h_exact": false, 73 | "seek_left": -5, 74 | "seek_right": 5, 75 | "seek_up": 60, 76 | "seek_v_exact": false, 77 | "shader_pack_custom": false, 78 | "shader_pack_enable": true, 79 | "shader_pack_profile": null, 80 | "shader_pack_remember": true, 81 | "shader_pack_subtype": "lq", 82 | "skip_credits_always": false, 83 | "skip_credits_prompt": false, 84 | "skip_intro_always": false, 85 | "skip_intro_prompt": true, 86 | "stop_cmd": null, 87 | "stop_idle": false, 88 | "subtitle_color": "#FFFFFFFF", 89 | "subtitle_position": "bottom", 90 | "subtitle_size": 100, 91 | "svp_enable": false, 92 | "svp_socket": null, 93 | "svp_url": "http://127.0.0.1:9901/", 94 | "sync_attempts": 5, 95 | "sync_max_delay_skip": 300, 96 | "sync_max_delay_speed": 50, 97 | "sync_method_thresh": 2000, 98 | "sync_osd_message": true, 99 | "sync_revert_seek": true, 100 | "sync_speed_attempts": 3, 101 | "sync_speed_time": 1000, 102 | "thumbnail_enable": true, 103 | "thumbnail_osc_builtin": true, 104 | "thumbnail_preferred_size": 320, 105 | "transcode_4k": false, 106 | "transcode_av1": false, 107 | "transcode_dolby_vision": true, 108 | "transcode_hdr": false, 109 | "transcode_hevc": false, 110 | "transcode_hi10p": false, 111 | "transcode_warning": true, 112 | "use_web_seek": false, 113 | "write_logs": false 114 | } 115 | ''; 116 | } 117 | -------------------------------------------------------------------------------- /home/programs/media/mpv.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.mpv = { 3 | enable = true; 4 | scripts = with pkgs; [ 5 | mpvScripts.uosc 6 | mpvScripts.mpris 7 | mpvScripts.smartskip 8 | mpvScripts.thumbfast 9 | mpvScripts.videoclip 10 | ]; 11 | scriptOpts = { 12 | thumbfast = { 13 | spawn_first = true; 14 | network = true; 15 | hwdec = true; 16 | }; 17 | }; 18 | config = { 19 | osc = false; 20 | osd-bar = false; 21 | volume = 60; 22 | save-position-on-quit = true; 23 | }; 24 | }; 25 | } 26 | -------------------------------------------------------------------------------- /home/programs/media/spicetify.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: let 6 | spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.system}; 7 | in { 8 | imports = [inputs.spicetify-nix.homeManagerModules.default]; 9 | programs.spicetify = { 10 | enable = true; 11 | experimentalFeatures = true; 12 | wayland = true; 13 | colorScheme = "mocha"; 14 | enabledExtensions = with spicePkgs.extensions; [ 15 | beautifulLyrics 16 | hidePodcasts 17 | fullAlbumDate 18 | shuffle 19 | ]; 20 | theme = spicePkgs.themes.catppuccin; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /home/programs/media/zathura.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zathura = { 3 | enable = true; 4 | extraConfig = '' 5 | set notification-error-bg "#f7768e" 6 | set notification-error-fg "#c0caf5" 7 | set notification-warning-bg "#e0af68" 8 | set notification-warning-fg "#414868" 9 | set notification-bg "#1a1b26" 10 | set notification-fg "#c0caf5" 11 | set completion-bg "#1a1b26" 12 | set completion-fg "#a9b1d6" 13 | set completion-group-bg "#1a1b26" 14 | set completion-group-fg "#a9b1d6" 15 | set completion-highlight-bg "#414868" 16 | set completion-highlight-fg "#c0caf5" 17 | set index-bg "#1a1b26" 18 | set index-fg "#c0caf5" 19 | set index-active-bg "#414868" 20 | set index-active-fg "#c0caf5" 21 | set inputbar-bg "#1a1b26" 22 | set inputbar-fg "#c0caf5" 23 | set statusbar-bg "#1a1b26" 24 | set statusbar-fg "#c0caf5" 25 | set highlight-color "#e0af68" 26 | set highlight-active-color "#9ece6a" 27 | set default-bg "#1a1b26" 28 | set default-fg "#c0caf5" 29 | set render-loading true 30 | set render-loading-fg "#1a1b26" 31 | set render-loading-bg "#c0caf5" 32 | set recolor-lightcolor "#1a1b26" 33 | set recolor-darkcolor "#c0caf5" 34 | ''; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /home/programs/opencomposite.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | xdg.configFile."openxr/1/active_runtime.json".source = "${pkgs.wivrn}/share/openxr/1/openxr_wivrn.json"; 7 | 8 | xdg.configFile."openvr/openvrpaths.vrpath".text = '' 9 | { 10 | "config" : 11 | [ 12 | "${config.xdg.dataHome}/Steam/config" 13 | ], 14 | "external_drivers" : null, 15 | "jsonid" : "vrpathreg", 16 | "log" : 17 | [ 18 | "${config.xdg.dataHome}/Steam/logs" 19 | ], 20 | "runtime" : 21 | [ 22 | "${pkgs.opencomposite}/lib/opencomposite" 23 | ], 24 | "version" : 1 25 | } 26 | ''; 27 | } 28 | -------------------------------------------------------------------------------- /home/programs/terminal/atuin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.atuin = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | settings = { 6 | auto_sync = true; 7 | update_check = true; 8 | sync_frequency = "1h"; 9 | sync_address = "http://100.104.42.96:8888"; 10 | secrets_filter = true; 11 | style = "full"; 12 | }; 13 | flags = ["--disable-up-arrow"]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /home/programs/terminal/bat.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.bat = { 3 | enable = true; 4 | config = { 5 | pager = "--RAW-CONTROL-CHARS --quit-if-one-screen --mouse"; 6 | style = "plain"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /home/programs/terminal/bottom.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.bottom = { 3 | enable = true; 4 | settings = { 5 | flags = { 6 | current_usage = true; 7 | group_processes = true; 8 | case_sensitive = false; 9 | mem_as_value = true; 10 | enable_gpu = true; 11 | disable_advanced_kill = true; 12 | unnormalized_cpu = false; 13 | temperature_type = "c"; 14 | }; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /home/programs/terminal/direnv.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.direnv = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | nix-direnv.enable = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/programs/terminal/lazygit/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.lazygit = { 3 | enable = true; 4 | settings = { 5 | windowSize = "normal"; 6 | gui.theme = { 7 | lightTheme = false; 8 | activeBorderColor = ["#c0caf5" "bold"]; 9 | inactiveBorderColor = ["#f7768e"]; 10 | optionsTextColor = ["#f7768e"]; 11 | selectedLineBgColor = ["#565f89"]; 12 | selectedRangeByColor = ["#24283b"]; 13 | cherryPickedCommitBgColor = ["#94e2d5"]; 14 | cherryPickedCommitFgColor = ["#89b4fa"]; 15 | unstagedChangesColor = ["red"]; 16 | showRandomTip = false; 17 | animateExplosion = true; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /home/programs/terminal/nushell/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.nushell = { 3 | enable = true; 4 | configFile.source = ./config.nu; 5 | envFile.source = ./env.nu; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/programs/terminal/nushell/env.nu: -------------------------------------------------------------------------------- 1 | def create_left_prompt [] { 2 | let path_segment = if (is-admin) { 3 | $"(ansi red_bold)($env.PWD)" 4 | } else { 5 | $"(ansi green_bold)($env.PWD)" 6 | } 7 | 8 | $path_segment 9 | } 10 | 11 | def create_right_prompt [] { 12 | let time_segment = ([ 13 | (date now | format date '%m/%d/%Y %r') 14 | ] | str join) 15 | 16 | $time_segment 17 | } 18 | 19 | $env.PROMPT_COMMAND = {|| create_left_prompt } 20 | $env.PROMPT_COMMAND_RIGHT = {|| create_right_prompt } 21 | $env.PROMPT_INDICATOR = {|| "" } 22 | $env.PROMPT_INDICATOR_VI_INSERT = {|| "" } 23 | $env.PROMPT_INDICATOR_VI_NORMAL = {|| "" } 24 | $env.PROMPT_MULTILINE_INDICATOR = {|| "" } 25 | $env.ENV_CONVERSIONS = { 26 | "PATH": { 27 | from_string: { |s| $s | split row (char esep) | path expand -n } 28 | to_string: { |v| $v | path expand -n | str join (char esep) } 29 | } 30 | "Path": { 31 | from_string: { |s| $s | split row (char esep) | path expand -n } 32 | to_string: { |v| $v | path expand -n | str join (char esep) } 33 | } 34 | } 35 | 36 | $env.NU_LIB_DIRS = [ 37 | ($nu.config-path | path dirname | path join 'scripts') 38 | ] 39 | 40 | $env.NU_PLUGIN_DIRS = [ 41 | ($nu.config-path | path dirname | path join 'plugins') 42 | ] 43 | -------------------------------------------------------------------------------- /home/programs/terminal/starship.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: { 6 | home.sessionVariables.STARSHIP_CACHE = "${config.xdg.cacheHome}/starship"; 7 | 8 | programs.starship = { 9 | enable = true; 10 | enableNushellIntegration = true; 11 | settings = { 12 | command_timeout = 2000; 13 | add_newline = false; 14 | format = lib.concatStrings [ 15 | "$character" 16 | "$hostname" 17 | "$directory" 18 | "$git_branch" 19 | "$git_status" 20 | "$rust" 21 | "$golang" 22 | ]; 23 | right_format = lib.concatStrings [ 24 | "$direnv" 25 | "$nix_shell" 26 | ]; 27 | character = { 28 | error_symbol = "[](bold red)"; 29 | success_symbol = "[](bold white)"; 30 | }; 31 | username = { 32 | show_always = false; 33 | format = "[$user]($style)"; 34 | style_user = "red"; 35 | }; 36 | hostname = { 37 | ssh_symbol = "🌐"; 38 | format = "[$hostname $ssh_symbol]($style)"; 39 | ssh_only = true; 40 | disabled = false; 41 | }; 42 | directory = { 43 | format = "[$path ]($style)"; 44 | truncation_length = 3; 45 | truncation_symbol = "…/"; 46 | read_only = "🔒"; 47 | style = "red"; 48 | home_symbol = ""; 49 | }; 50 | directory.substitutions = { 51 | "Documents" = " "; 52 | "Downloads" = " "; 53 | "Music" = " "; 54 | "Pictures" = " "; 55 | }; 56 | nix_shell = { 57 | disabled = false; 58 | impure_msg = "[impure shell](bold red)"; 59 | pure_msg = "[pure shell](bold green)"; 60 | unknown_msg = "[unknown shell](bold yellow)"; 61 | format = "[$state( \($name\))](bold white)"; 62 | }; 63 | direnv = { 64 | disabled = false; 65 | detect_files = [".envrc"]; 66 | style = "bold turquoise"; 67 | }; 68 | git_branch = { 69 | symbol = ""; 70 | format = "[$symbol $branch ]($style)"; 71 | style = "turquoise"; 72 | }; 73 | git_status = { 74 | format = "[$all_status$ahead_behind ]($style)"; 75 | style = "red"; 76 | }; 77 | golang = { 78 | symbol = ""; 79 | format = "[$symbol ($version) ]($style)"; 80 | style = "teal"; 81 | }; 82 | rust = { 83 | symbol = ""; 84 | format = "[$symbol ($version) ]($style)"; 85 | style = "orange"; 86 | }; 87 | time = { 88 | disabled = false; 89 | time_format = "%R"; 90 | format = "[ $time ]($style)"; 91 | style = "red"; 92 | }; 93 | }; 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /home/programs/terminal/television/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "indexes": ["nixpkgs", "home-manager", "nur"], 3 | "update_interval": "12h", 4 | "enable_waiting_message": true 5 | } 6 | -------------------------------------------------------------------------------- /home/programs/terminal/television/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | home.packages = with pkgs; [ 3 | television 4 | nix-search-tv 5 | ]; 6 | xdg.configFile."television/config.toml".source = ./config.toml; 7 | # xdg.configFile."television/default_channels.toml".source = ./config.toml; 8 | xdg.configFile."nix-search-tv/config.json".source = ./config.json; 9 | } 10 | -------------------------------------------------------------------------------- /home/programs/terminal/wezterm/config.lua: -------------------------------------------------------------------------------- 1 | local wezterm = require("wezterm") 2 | 3 | local config = { 4 | front_end = "WebGpu", 5 | webgpu_preferred_adapter = { 6 | backend = "Vulkan", 7 | device_type = "DiscreteGpu", 8 | name = "AMD Radeon RX 6750 XT (RADV NAVI22)", 9 | }, 10 | color_scheme = "Tokyo Night", 11 | enable_wayland = false, 12 | font = wezterm.font_with_fallback({ "Maple Mono NF", "Comic Code Ligatures Medium" }), 13 | font_size = 12.0, 14 | window_background_opacity = 0.4, 15 | text_background_opacity = 1.0, 16 | enable_tab_bar = false, 17 | max_fps = 144, 18 | window_padding = { top = 20, bottom = 20, left = 20, right = 20 }, 19 | } 20 | 21 | return config 22 | -------------------------------------------------------------------------------- /home/programs/terminal/wezterm/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.wezterm = { 3 | enable = true; 4 | extraConfig = builtins.readFile ./config.lua; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | config, 5 | ... 6 | }: { 7 | # xdg.configFile."yazi/init.lua".source = ./init.lua; 8 | imports = [./keymap.nix ./openers.nix]; 9 | 10 | programs.yazi = { 11 | enable = true; 12 | package = inputs.yazi.packages.${pkgs.system}.default; 13 | enableNushellIntegration = true; 14 | settings = { 15 | manager = { 16 | ratio = [1 3 3]; 17 | sort_by = "natural"; 18 | sort_reverse = false; 19 | sort_dir_first = true; 20 | show_hidden = true; 21 | show_symlink = true; 22 | linemode = "size"; 23 | }; 24 | preview = { 25 | cache_dir = "${config.xdg.cacheHome}"; 26 | max_height = 900; 27 | max_width = 600; 28 | }; 29 | log.enable = false; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/init.lua: -------------------------------------------------------------------------------- 1 | function Manager:render(area) 2 | self.area = area 3 | 4 | local chunks = ui.Layout() 5 | :direction(ui.Layout.HORIZONTAL) 6 | :constraints({ 7 | ui.Constraint.Ratio(MANAGER.ratio.parent, MANAGER.ratio.all), 8 | ui.Constraint.Ratio(MANAGER.ratio.current, MANAGER.ratio.all), 9 | ui.Constraint.Ratio(MANAGER.ratio.preview, MANAGER.ratio.all), 10 | }) 11 | :split(area) 12 | 13 | local bar = function(c, x, y) 14 | return ui.Bar( 15 | ui.Rect({ 16 | x = math.max(0, x), 17 | y = math.max(0, y), 18 | w = math.min(1, area.w), 19 | h = math.min(1, area.h), 20 | }), 21 | ui.Bar.TOP 22 | ):symbol(c) 23 | end 24 | 25 | return ya.flat({ 26 | -- Borders 27 | ui.Border(area, ui.Border.ALL):type(ui.Border.ROUNDED), 28 | ui.Bar(chunks[1], ui.Bar.RIGHT), 29 | ui.Bar(chunks[3], ui.Bar.LEFT), 30 | 31 | bar("┬", chunks[1].right - 1, chunks[1].y), 32 | bar("┴", chunks[1].right - 1, chunks[1].bottom - 1), 33 | bar("┬", chunks[2].right, chunks[2].y), 34 | bar("┴", chunks[2].right, chunks[1].bottom - 1), -- Parent 35 | Parent:render(chunks[1]:padding(ui.Padding.xy(1))), -- Current 36 | Current:render(chunks[2]:padding(ui.Padding.y(1))), -- Preview 37 | Preview:render(chunks[3]:padding(ui.Padding.xy(1))), 38 | }) 39 | end 40 | 41 | Status = { area = ui.Rect.default } 42 | 43 | function Status.style() 44 | if cx.active.mode.is_select then 45 | return THEME.status.mode_select 46 | elseif cx.active.mode.is_unset then 47 | return THEME.status.mode_unset 48 | else 49 | return THEME.status.mode_normal 50 | end 51 | end 52 | 53 | function Status:mode() 54 | local mode = tostring(cx.active.mode):upper() 55 | if mode == "UNSET" then 56 | mode = "UN-SET" 57 | end 58 | 59 | local style = self.style() 60 | return ui.Line({ 61 | ui.Span(THEME.status.separator_open):fg(style.bg), 62 | ui.Span(" " .. mode .. " "):style(style), 63 | }) 64 | end 65 | 66 | function Status:size() 67 | local h = cx.active.current.hovered 68 | if h == nil then 69 | return ui.Line({}) 70 | end 71 | 72 | local style = self.style() 73 | return ui.Line({ 74 | ui.Span(" " .. ya.readable_size(h:size() or h.cha.length) .. " ") 75 | :fg(style.bg) 76 | :bg(THEME.status.separator_style.bg), 77 | ui.Span(THEME.status.separator_close):fg(THEME.status.separator_style.fg), 78 | }) 79 | end 80 | 81 | function Status:name() 82 | local h = cx.active.current.hovered 83 | if h == nil then 84 | return ui.Span("") 85 | end 86 | local linked = "" 87 | if h.link_to ~= nil then 88 | linked = " -> " .. tostring(h.link_to) 89 | end 90 | return ui.Span(" " .. h.name .. linked) 91 | end 92 | 93 | function Status:permissions() 94 | local h = cx.active.current.hovered 95 | if h == nil then 96 | return ui.Line({}) 97 | end 98 | 99 | local perm = h.cha:permissions() 100 | if perm == nil then 101 | return ui.Line({}) 102 | end 103 | 104 | local spans = {} 105 | for i = 1, #perm do 106 | local c = perm:sub(i, i) 107 | local style = THEME.status.permissions_t 108 | if c == "-" then 109 | style = THEME.status.permissions_s 110 | elseif c == "r" then 111 | style = THEME.status.permissions_r 112 | elseif c == "w" then 113 | style = THEME.status.permissions_w 114 | elseif c == "x" or c == "s" or c == "S" or c == "t" or c == "T" then 115 | style = THEME.status.permissions_x 116 | end 117 | spans[i] = ui.Span(c):style(style) 118 | end 119 | return ui.Line(spans) 120 | end 121 | 122 | function Status:percentage() 123 | local percent = 0 124 | local cursor = cx.active.current.cursor 125 | local length = #cx.active.current.files 126 | if cursor ~= 0 and length ~= 0 then 127 | percent = math.floor((cursor + 1) * 100 / length) 128 | end 129 | 130 | if percent == 0 then 131 | percent = " Top " 132 | else 133 | percent = string.format(" %3d%% ", percent) 134 | end 135 | 136 | local style = self.style() 137 | return ui.Line({ 138 | ui.Span(" " .. THEME.status.separator_open):fg(THEME.status.separator_style.fg), 139 | ui.Span(percent):fg(style.bg):bg(THEME.status.separator_style.bg), 140 | }) 141 | end 142 | 143 | function Status:position() 144 | local cursor = cx.active.current.cursor 145 | local length = #cx.active.current.files 146 | 147 | local style = self.style() 148 | return ui.Line({ 149 | ui.Span(string.format(" %2d/%-2d ", cursor + 1, length)):style(style), 150 | ui.Span(THEME.status.separator_close):fg(style.bg), 151 | }) 152 | end 153 | 154 | function Status:render(area) 155 | self.area = area 156 | 157 | local left = ui.Line({ self:mode(), self:size(), self:name() }) 158 | local right = ui.Line({ 159 | self:owner(), 160 | self:permissions(), 161 | self:percentage(), 162 | self:position(), 163 | }) 164 | return { 165 | ui.Paragraph(area, { left }), 166 | ui.Paragraph(area, { right }):align(ui.Paragraph.RIGHT), 167 | table.unpack(Progress:render(area, right:width())), 168 | } 169 | end 170 | 171 | function Status:owner() 172 | local h = cx.active.current.hovered 173 | if h == nil or ya.target_family() ~= "unix" then 174 | return ui.Line({}) 175 | end 176 | 177 | return ui.Line({ 178 | ui.Span(ya.user_name(h.cha.uid) or tostring(h.cha.uid)):fg("magenta"), 179 | ui.Span(":"), 180 | ui.Span(ya.group_name(h.cha.gid) or tostring(h.cha.gid)):fg("magenta"), 181 | ui.Span(" "), 182 | }) 183 | end 184 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/openers.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | programs.yazi.settings = { 3 | open.rules = [ 4 | { 5 | mime = "text/*"; 6 | use = ["edit" "reveal"]; 7 | } 8 | { 9 | mime = "image/*"; 10 | use = ["image" "reveal"]; 11 | } 12 | { 13 | mime = "video/*"; 14 | use = ["play" "reveal"]; 15 | } 16 | { 17 | mime = "application/json"; 18 | use = ["edit" "reveal"]; 19 | } 20 | { 21 | mime = "*"; 22 | use = ["edit" "open" "reveal"]; 23 | } 24 | ]; 25 | opener = { 26 | text = [ 27 | { 28 | run = ''hx "$@" ''; 29 | for = "linux"; 30 | } 31 | ]; 32 | image = [ 33 | { 34 | run = ''imv "$@" ''; 35 | block = true; 36 | for = "linux"; 37 | } 38 | ]; 39 | video = [ 40 | { 41 | run = ''mpv "$@" ''; 42 | block = true; 43 | for = "linux"; 44 | } 45 | ]; 46 | reveal = [ 47 | { 48 | run = ''${pkgs.exiftool}/bin/exiftool "$1";''; 49 | block = true; 50 | } 51 | ]; 52 | }; 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /home/programs/terminal/zellij/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./layouts.nix 4 | ]; 5 | 6 | programs.zellij = { 7 | enable = true; 8 | settings = { 9 | on_force_close = "quit"; 10 | simplified_ui = false; 11 | default_layout = "default"; 12 | copy_command = "wl-copy"; 13 | copy_clipboard = "primary"; 14 | ui.pane_frames.rounded_corners = true; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /home/programs/terminal/zellij/layouts.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home.file.".config/zellij/snowflake.kdl".text = '' 3 | layout { 4 | tab name="main" { 5 | pane size=1 borderless=true { 6 | plugin location="zellij:tab-bar" 7 | } 8 | pane split_direction="vertical" { 9 | pane size="110" 10 | pane split_direction="horizontal" { 11 | pane 12 | pane 13 | } 14 | } 15 | pane size=2 borderless=true { 16 | plugin location="zellij:status-bar" 17 | } 18 | } 19 | tab name="lazygit" { 20 | pane size=1 borderless=true { 21 | plugin location="zellij:tab-bar" 22 | } 23 | pane command="lazygit" 24 | pane size=2 borderless=true { 25 | plugin location="zellij:status-bar" 26 | } 27 | } 28 | tab name="spotify" { 29 | pane size=1 borderless=true { 30 | plugin location="zellij:tab-bar" 31 | } 32 | pane command="spotify_player" 33 | pane size=2 borderless=true { 34 | plugin location="zellij:status-bar" 35 | } 36 | } 37 | } 38 | 39 | ''; 40 | 41 | home.file."./.config/zellij/ssh.kdl".text = '' 42 | layout { 43 | tab name="ssh" { 44 | pane size=1 borderless=true { 45 | plugin location="zellij:tab-bar" 46 | } 47 | pane split_direction="vertical" { 48 | pane 49 | pane split_direction="horizontal" { 50 | pane command="ssh" { 51 | args "oh@100.117.178.88" 52 | } 53 | pane command="ssh" { 54 | args "oh@100.103.228.56" 55 | } 56 | } 57 | } 58 | pane size=2 borderless=true { 59 | plugin location="zellij:status-bar" 60 | } 61 | } 62 | } 63 | 64 | ''; 65 | } 66 | -------------------------------------------------------------------------------- /home/programs/terminal/zoxide.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zoxide = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | options = ["--cmd cdd"]; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/programs/themes.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | catppuccin.kvantum = { 3 | enable = true; 4 | apply = true; 5 | flavor = "mocha"; 6 | accent = "pink"; 7 | }; 8 | 9 | qt = { 10 | enable = true; 11 | platformTheme.name = "kvantum"; 12 | style.name = "kvantum"; 13 | }; 14 | 15 | catppuccin.gtk = { 16 | enable = false; 17 | flavor = "mocha"; 18 | accent = "pink"; 19 | gnomeShellTheme = false; 20 | icon = { 21 | enable = true; 22 | flavor = "mocha"; 23 | accent = "pink"; 24 | }; 25 | }; 26 | 27 | gtk = { 28 | enable = true; 29 | font = { 30 | name = "Inter"; 31 | package = pkgs.google-fonts.override {fonts = ["Inter"];}; 32 | size = 12; 33 | }; 34 | }; 35 | 36 | dconf.settings = { 37 | "org/gnome/desktop/interface" = { 38 | color-scheme = "prefer-dark"; 39 | }; 40 | }; 41 | 42 | home.pointerCursor = { 43 | package = pkgs.bibata-cursors; 44 | name = "Bibata-Modern-Classic"; 45 | size = 24; 46 | gtk.enable = true; 47 | x11.enable = true; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /home/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [./gpg.nix]; 3 | } 4 | -------------------------------------------------------------------------------- /home/services/gpg.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services = { 3 | gpg-agent = { 4 | enable = true; 5 | defaultCacheTtl = 3600; 6 | pinentry.package = pkgs.pinentry-curses; 7 | enableSshSupport = true; 8 | enableNushellIntegration = true; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /home/wayland/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | imports = [./services/ly.nix]; 3 | environment = { 4 | systemPackages = with pkgs; [ 5 | wayland 6 | glib 7 | wl-clipboard 8 | ]; 9 | sessionVariables = { 10 | __GL_GSYNC_ALLOWED = "0"; 11 | __GL_VRR_ALLOWED = "0"; 12 | WLR_DRM_NO_ATOMIC = "1"; 13 | XDG_SESSION_TYPE = "wayland"; 14 | _JAVA_AWT_WM_NONREPARENTING = "1"; 15 | QT_QPA_PLATFORM = "wayland"; 16 | QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; 17 | GDK_BACKEND = "wayland"; 18 | MOZ_ENABLE_WAYLAND = "1"; 19 | XCURSOR_SIZE = "24"; 20 | NIXOS_OZONE_WL = "1"; 21 | EDITOR = "hx"; 22 | TERMINAL = "wezterm"; 23 | # SDL_VIDEODRIVER = "wayland"; 24 | }; 25 | }; 26 | 27 | services.dbus.enable = true; 28 | xdg.portal = { 29 | enable = true; 30 | extraPortals = with pkgs; [ 31 | xdg-desktop-portal 32 | xdg-desktop-portal-gtk 33 | ]; 34 | config = { 35 | common.default = "*"; 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/binds.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | lib, 5 | ... 6 | }: { 7 | wayland.windowManager.hyprland.settings = with pkgs; { 8 | "$mainMod" = "SUPER"; 9 | bind = [ 10 | "$mainMod, Return, exec, wezterm" 11 | "$mainMod, Q, killactive," 12 | "$mainMod, V, togglefloating," 13 | "$mainMod, F, fullscreen," 14 | "$mainMod, R, exec, anyrun" 15 | "$mainMod, P, pseudo," 16 | "$mainMod, J, togglesplit," 17 | "$mainMod, C, exec, ${lib.getExe inputs.hyprpicker.packages.${system}.default} | wl-copy" 18 | "$mainMod, left, movefocus, l" 19 | "$mainMod, right, movefocus, r" 20 | "$mainMod, up, movefocus, u" 21 | "$mainMod, down, movefocus, d" 22 | '', Print, exec, ${lib.getExe grim} -g "$(${lib.getExe slurp})" - | ${lib.getExe satty} -f - --fullscreen --output-filename ~/Pictures/screenshots/$(date '+%Y%m%d-%H:%M:%S').png'' 23 | "$mainMod, 1, workspace, 1" 24 | "$mainMod, 2, workspace, 2" 25 | "$mainMod, 3, workspace, 3" 26 | "$mainMod, 4, workspace, 4" 27 | "$mainMod, 5, workspace, 5" 28 | "$mainMod, 6, workspace, 6" 29 | "$mainMod, 7, workspace, 7" 30 | "$mainMod, 8, workspace, 8" 31 | "$mainMod, 9, workspace, 9" 32 | "$mainMod, 0, workspace, 10" 33 | "$mainMod SHIFT, 1, movetoworkspace, 1" 34 | "$mainMod SHIFT, 2, movetoworkspace, 2" 35 | "$mainMod SHIFT, 3, movetoworkspace, 3" 36 | "$mainMod SHIFT, 4, movetoworkspace, 4" 37 | "$mainMod SHIFT, 5, movetoworkspace, 5" 38 | "$mainMod SHIFT, 6, movetoworkspace, 6" 39 | "$mainMod SHIFT, 7, movetoworkspace, 7" 40 | "$mainMod SHIFT, 8, movetoworkspace, 8" 41 | "$mainMod SHIFT, 9, movetoworkspace, 9" 42 | "$mainMod SHIFT, 0, movetoworkspace, 10" 43 | ]; 44 | bindm = [ 45 | "$mainMod, mouse:272, movewindow" 46 | "$mainMod, mouse:273, resizewindow" 47 | ]; 48 | }; 49 | } 50 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/general.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | wayland.windowManager.hyprland = { 3 | settings = { 4 | monitor = [ 5 | "HDMI-A-1,1920x1080@60, 3640x560, auto, transform, 3" #right 6 | "DP-3,1920x1080@60, 0x560, auto, transform, 1" #left 7 | "DP-2,1920x1080@144, 1400x0, auto" #top 8 | "DP-1,2560x1440@144, 1080x1080, auto" #middle 9 | ]; 10 | exec-once = [ 11 | "hyprpanel" 12 | "hyprpaper" 13 | "chatterino" 14 | "vesktop" 15 | "dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP" 16 | "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1" 17 | ]; 18 | input = { 19 | kb_layout = "us"; 20 | follow_mouse = 1; 21 | sensitivity = "-0.5"; 22 | force_no_accel = true; 23 | }; 24 | general = { 25 | gaps_in = 10; 26 | gaps_out = 15; 27 | border_size = 0; 28 | "col.active_border" = "rgb(7dcfff) rgb(c0caf5)"; 29 | "col.inactive_border" = "rgb(24283b)"; 30 | 31 | layout = "dwindle"; 32 | }; 33 | decoration = { 34 | rounding = 10; 35 | blur = { 36 | enabled = true; 37 | size = 6; 38 | passes = 3; 39 | new_optimizations = true; 40 | }; 41 | shadow = { 42 | enabled = true; 43 | range = 60; 44 | offset = "0 5"; 45 | render_power = 4; 46 | color = "rgba(00000099)"; 47 | }; 48 | inactive_opacity = 1.0; 49 | active_opacity = 1.0; 50 | fullscreen_opacity = 1.0; 51 | }; 52 | animations = { 53 | enabled = true; 54 | bezier = [ 55 | "fastBezier, 0.05, 1.1, 0.2, 1.0" 56 | "linear, 0.0, 0.0, 1.0, 1.0" 57 | "liner, 1, 1, 1, 1" 58 | ]; 59 | animation = [ 60 | "windows, 1, 7, fastBezier, slide" 61 | "windowsOut, 1, 7, fastBezier, slide" 62 | "border, 1, 10, fastBezier" 63 | "fade, 1, 7, fastBezier" 64 | "workspaces, 1, 6, fastBezier" 65 | "border, 1, 1, liner" 66 | "borderangle, 1, 40, liner, loop" 67 | "borderangle, 1, 100, linear, loop" 68 | ]; 69 | }; 70 | dwindle = { 71 | pseudotile = true; 72 | preserve_split = true; 73 | }; 74 | master = { 75 | new_status = "master"; 76 | }; 77 | gestures = { 78 | workspace_swipe = false; 79 | }; 80 | device = { 81 | name = "glorious-model-o-wireless"; 82 | sensitivity = "-0.5"; 83 | }; 84 | render = { 85 | explicit_sync = 1; 86 | explicit_sync_kms = 1; 87 | direct_scanout = false; 88 | }; 89 | misc = { 90 | disable_hyprland_logo = true; 91 | mouse_move_enables_dpms = true; 92 | key_press_enables_dpms = false; 93 | }; 94 | ecosystem = { 95 | no_update_news = true; 96 | no_donation_nag = true; 97 | }; 98 | }; 99 | }; 100 | } 101 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/plugins.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | wayland.windowManager.hyprland.plugins = [ 7 | inputs.hyprland-plugins.packages.${pkgs.system}.csgo-vulkan-fix 8 | ]; 9 | wayland.windowManager.hyprland.settings = { 10 | plugin = { 11 | csgo-vulkan-fix = { 12 | res_w = 1280; 13 | res_h = 1024; 14 | class = "cs2"; 15 | fix_mouse = true; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/rules.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | wayland.windowManager.hyprland.settings = { 3 | windowrule = [ 4 | "noshadow, floating:0" 5 | "float, title:^(Volume Control)$" 6 | "float, title:^(Picture in picture)$" 7 | "float, title:^(Friends List)$" 8 | "float, title:^(Cryptomator)$" 9 | "float, title:^(RuneLite)$" 10 | "float, title:^(Lutris)$" 11 | "float, title:^(satty)$" 12 | "float, title:^(Postman)$" 13 | "move 850 360, title:^(RuneLite)$" 14 | # "size 800 560, title:^(RuneLite)$" 15 | "size 1200 600, title:^(satty)$" 16 | "idleinhibit focus, class:^(mpv)$" 17 | "idleinhibit always, class:^(firefox)$, title:^(.*YouTube.*|.*Twitch.*)$" 18 | "idleinhibit always, class:^(OBS Studio)$" 19 | "idleinhibit always, class:^(Moonlight)$" 20 | "idleinhibit always, class:^(VRChat)$" 21 | "idleinhibit fullscreen, class:^(firefox)$" 22 | ]; 23 | layerrule = [ 24 | "blur, ^(gtk-layer-shell|anyrun|eww|music-widget)$" 25 | ]; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /home/wayland/hyprland/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.hyprland.homeManagerModules.default 4 | ./config/general.nix 5 | ./config/binds.nix 6 | ./config/rules.nix 7 | # ./config/plugins.nix 8 | ]; 9 | wayland.windowManager.hyprland = { 10 | enable = true; 11 | systemd.enable = true; 12 | xwayland.enable = true; 13 | package = null; 14 | portalPackage = null; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/wayland/programs/hyprlock.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | programs.hyprlock = { 7 | enable = true; 8 | package = inputs.hyprlock.packages.${pkgs.system}.default; 9 | settings = { 10 | background = let 11 | verticalWallpaper = "/home/notoh/dev/assets/wallpapers/miku/miku2.png"; 12 | horizontalWallpaper = "/home/notoh/dev/assets/wallpapers/miku/miku.png"; 13 | in [ 14 | { 15 | monitor = "HDMI-A-1"; 16 | path = verticalWallpaper; 17 | blur_passes = 3; 18 | blur_size = 4; 19 | brightness = 0.5; 20 | } 21 | { 22 | monitor = "DP-3"; 23 | path = verticalWallpaper; 24 | blur_passes = 3; 25 | blur_size = 4; 26 | brightness = 0.5; 27 | } 28 | { 29 | monitor = "DP-1"; 30 | path = horizontalWallpaper; 31 | blur_passes = 3; 32 | blur_size = 4; 33 | brightness = 0.5; 34 | } 35 | { 36 | monitor = "DP-2"; 37 | path = horizontalWallpaper; 38 | blur_passes = 3; 39 | blur_size = 4; 40 | brightness = 0.5; 41 | } 42 | ]; 43 | general = { 44 | grace = 5; 45 | disable_loading_bar = false; 46 | hide_cursor = false; 47 | no_fade_in = false; 48 | ignore_empty_input = true; 49 | }; 50 | animations = { 51 | enabled = true; 52 | }; 53 | input-field = [ 54 | { 55 | monitor = "DP-1"; 56 | size = "350, 50"; 57 | outline_thickness = 2; 58 | outer_color = "rgb(f5c2e7)"; 59 | inner_color = "rgb(1a1b26)"; 60 | font_color = "rgb(c0caf5)"; 61 | fail_color = "rgb(f7768e)"; 62 | fail_text = "$FAIL ($ATTEMPTS)"; 63 | check_color = "rgb(ff9e64)"; 64 | swap_font_color = false; 65 | placeholder_text = '' 66 | Password... 67 | ''; 68 | fade_on_empty = false; 69 | dots_spacing = 0.5; 70 | dots_center = true; 71 | shadow_passes = 3; 72 | shadow_size = 1; 73 | shadow_color = "rgba(00000099)"; 74 | shadow_boost = 1.0; 75 | } 76 | ]; 77 | label = [ 78 | { 79 | monitor = "DP-1"; 80 | text = '' 81 | Hi, $USER 82 | ''; 83 | color = "rgb(c0caf5)"; 84 | position = "0, 60"; 85 | valign = "center"; 86 | halign = "center"; 87 | shadow_passes = 3; 88 | shadow_size = 1; 89 | shadow_color = "rgba(00000099)"; 90 | shadow_boost = 1.0; 91 | } 92 | { 93 | monitor = "DP-1"; 94 | text = "$TIME"; 95 | color = "rgb(c0caf5)"; 96 | position = "0, 120"; 97 | valign = "center"; 98 | halign = "center"; 99 | shadow_passes = 3; 100 | shadow_size = 1; 101 | shadow_color = "rgba(00000099)"; 102 | shadow_boost = 0.6; 103 | } 104 | ]; 105 | }; 106 | }; 107 | } 108 | -------------------------------------------------------------------------------- /home/wayland/services/hypridle.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | inputs, 6 | ... 7 | }: { 8 | services.hypridle = { 9 | enable = true; 10 | package = inputs.hypridle.packages.${pkgs.system}.default; 11 | settings = { 12 | general = { 13 | ignore_dbus_inhibit = false; 14 | lock_cmd = lib.getExe config.programs.hyprlock.package; 15 | before_sleep_cmd = "${pkgs.systemd}/bin/loginctl lock-session"; 16 | }; 17 | listener = [ 18 | { 19 | timeout = 400; 20 | on-timeout = "${lib.getExe config.programs.hyprlock.package}"; 21 | } 22 | { 23 | timeout = 450; 24 | on-timeout = "${inputs.hyprland.packages.${pkgs.system}.hyprland}/bin/hyprctl dispatch dpms off"; 25 | } 26 | ]; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /home/wayland/services/hyprpaper.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | home.packages = [pkgs.hyprpaper]; 7 | 8 | services.hyprpaper = let 9 | verticalWallpaper = "~/dev/assets/wallpapers/miku/miku2.png"; 10 | horizontalWallpaper = "~/dev/assets/wallpapers/miku/miku.png"; 11 | in { 12 | enable = true; 13 | package = inputs.hyprpaper.packages.${pkgs.system}.default; 14 | settings = { 15 | ipc = true; 16 | splash = false; 17 | preload = [ 18 | verticalWallpaper 19 | horizontalWallpaper 20 | ]; 21 | wallpaper = [ 22 | "HDMI-A-1,${verticalWallpaper}" 23 | "DP-1,${horizontalWallpaper}" 24 | "DP-2,${horizontalWallpaper}" 25 | "DP-3,${verticalWallpaper}" 26 | ]; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /home/wayland/services/ly.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: { 6 | # oneshot service to resize the main monitor 7 | systemd.services.fbset = { 8 | enable = true; 9 | wantedBy = ["multi-user.target"]; 10 | unitConfig = { 11 | Description = "Framebuffer resolution"; 12 | Before = "display-manager.service"; 13 | }; 14 | serviceConfig = { 15 | User = "root"; 16 | Type = "oneshot"; 17 | ExecStart = "${lib.getExe pkgs.fbset} -xres 2560 -yres 1440 -match --all"; 18 | RemainAfterExit = "yes"; 19 | StandardOutput = "journal"; 20 | StandardError = "journal"; 21 | }; 22 | }; 23 | services.displayManager.ly = { 24 | enable = true; 25 | settings = { 26 | load = true; 27 | save = true; 28 | animation = "matrix"; 29 | clear_password = true; 30 | vi_mode = true; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/README.md: -------------------------------------------------------------------------------- 1 | # :computer: hosts 2 | 3 | my different hosts, each with their own unique configurations and purposes. 4 | 5 | | Name | Description | 6 | | --------- | --------------------------------------------------------------------------------------------------------------- | 7 | | `ame` | T480 laptop, mainly used for experimenting atm | 8 | | `arashi` | postgres / redis vm | 9 | | `haru` | adblocker / DNS proxy vm | 10 | | `kariru` | \*arr stack / seedbox vm | 11 | | `kaze` | s3 storage ran on a [buyvm slice](https://buyvm.net/kvm-dedicated-server-slices/), with block storage attached. | 12 | | `sakura` | main vm, hosting most internet connected services | 13 | | `sora` | hetzner vps | 14 | | `tsuki` | main machine running hyprland | 15 | | `tsuru` | vm for ci/cd runners, and (potentially) a binary cache | 16 | | `yuki` | my old proxmox machine, now running pure nix | 17 | | `default` | defines `nixosConfigurations` | 18 | | `deploy` | defines deployment nodes for deploy-rs | 19 | -------------------------------------------------------------------------------- /hosts/ame/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ../common/fonts.nix 9 | ]; 10 | 11 | services = { 12 | pulseaudio.enable = false; 13 | desktopManager.plasma6.enable = true; 14 | displayManager.sddm.enable = true; 15 | pipewire = { 16 | enable = true; 17 | alsa.enable = true; 18 | alsa.support32Bit = true; 19 | pulse.enable = true; 20 | }; 21 | scx = { 22 | enable = true; 23 | scheduler = "scx_lavd"; 24 | }; 25 | xserver = { 26 | enable = true; 27 | xkb = { 28 | layout = "us"; 29 | variant = ""; 30 | }; 31 | }; 32 | fprintd = { 33 | enable = true; 34 | }; 35 | }; 36 | 37 | system.stateVersion = "23.05"; 38 | security.rtkit.enable = true; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/ame/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | lib, 5 | modulesPath, 6 | ... 7 | }: { 8 | imports = [ 9 | (modulesPath + "/installer/scan/not-detected.nix") 10 | inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t480 11 | ]; 12 | 13 | boot = { 14 | kernelModules = ["kvm-intel"]; 15 | extraModulePackages = []; 16 | loader = { 17 | systemd-boot = { 18 | enable = true; 19 | configurationLimit = 8; 20 | }; 21 | efi = { 22 | canTouchEfiVariables = true; 23 | efiSysMountPoint = "/boot/efi"; 24 | }; 25 | }; 26 | initrd = { 27 | availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"]; 28 | kernelModules = []; 29 | }; 30 | }; 31 | 32 | fileSystems = { 33 | "/" = { 34 | device = "/dev/disk/by-uuid/825f1188-82bd-4a1d-9434-6b5dd29041c3"; 35 | fsType = "ext4"; 36 | }; 37 | "/boot/efi" = { 38 | device = "/dev/disk/by-uuid/59C2-1D06"; 39 | fsType = "vfat"; 40 | }; 41 | }; 42 | 43 | swapDevices = [ 44 | {device = "/dev/disk/by-uuid/d62dbf49-e51e-4823-a9cb-f2af486cd0f7";} 45 | ]; 46 | 47 | networking.useDHCP = lib.mkDefault true; 48 | 49 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 50 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 51 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 52 | } 53 | -------------------------------------------------------------------------------- /hosts/ame/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "ame"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 9.9.9.9 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/ame/services/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./restic.nix 4 | ./syncthing.nix 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/ame/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-ame = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | sops.secrets.ame-s3 = {sopsFile = ../../../secrets/s3/secrets.yaml;}; 8 | environment.systemPackages = [pkgs.restic]; 9 | services.restic = { 10 | backups = { 11 | ame = { 12 | paths = [ 13 | "/home" 14 | ]; 15 | exclude = [ 16 | "*.qcow2" 17 | "*.iso" 18 | "/home/*/Downloads" 19 | "/home/*/Videos" 20 | "/home/*/.cache" 21 | "/home/*/.rustup" 22 | "/home/*/.cargo" 23 | "/home/*/.mplayer" 24 | "/home/*/.local/share/Trash" 25 | "/home/*/.local/share/.var" 26 | ]; 27 | pruneOpts = [ 28 | "--keep-daily=7" 29 | "--keep-weekly=6" 30 | "--keep-monthly=5" 31 | ]; 32 | initialize = true; 33 | repository = "s3:https://s3.flake.sh/restic-ame"; 34 | passwordFile = config.sops.secrets.restic-ame.path; 35 | environmentFile = config.sops.secrets.ame-s3.path; 36 | timerConfig = { 37 | OnCalendar = "daily"; 38 | Persistent = true; 39 | }; 40 | }; 41 | }; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /hosts/ame/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "localhost:8384"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/ame/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "ame"; 5 | hardware.info = "Thinkpad T480"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.108.207.106/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | network = "home"; 14 | addresses = [""]; 15 | type = "wifi"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/arashi/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/arashi/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | kernel.sysctl = {"kernel.shmmax" = 100663296;}; 13 | extraModulePackages = []; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 22 | kernelModules = []; 23 | }; 24 | }; 25 | 26 | fileSystems = { 27 | "/" = { 28 | device = "/dev/disk/by-uuid/3fd88f1f-cec3-4737-b9d0-6c8f026c3927"; 29 | fsType = "ext4"; 30 | }; 31 | "/nas/restic" = { 32 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/arashi"; 33 | fsType = "nfs"; 34 | }; 35 | }; 36 | 37 | swapDevices = [ 38 | {device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";} 39 | ]; 40 | 41 | networking.useDHCP = lib.mkDefault true; 42 | 43 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 44 | } 45 | -------------------------------------------------------------------------------- /hosts/arashi/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "arashi"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/arashi/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./restic.nix 4 | ./postgresql.nix 5 | ./redis.nix 6 | ./exporters.nix 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/arashi/services/exporters.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.prometheus.exporters.redis = { 3 | enable = true; 4 | openFirewall = true; 5 | port = 9002; 6 | }; 7 | 8 | services.prometheus.exporters.postgres = { 9 | enable = true; 10 | openFirewall = true; 11 | port = 9003; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/arashi/services/postgresql.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: { 6 | networking.firewall.allowedTCPPorts = [5432]; 7 | services.postgresql = { 8 | enable = true; 9 | enableTCPIP = true; 10 | package = pkgs.postgresql_14; 11 | settings = { 12 | listen_addresses = lib.mkForce "*"; 13 | port = 5432; 14 | max_connections = "300"; 15 | shared_buffers = "80MB"; 16 | }; 17 | authentication = '' 18 | local all all trust 19 | host replication all 127.0.0.1/32 trust 20 | host all all all trust 21 | ''; 22 | ensureUsers = [ 23 | { 24 | name = "hedgedoc"; 25 | ensureDBOwnership = true; 26 | } 27 | { 28 | name = "forgejo"; 29 | ensureDBOwnership = true; 30 | } 31 | { 32 | name = "grafana"; 33 | ensureDBOwnership = true; 34 | } 35 | { 36 | name = "authelia"; 37 | ensureDBOwnership = true; 38 | } 39 | { 40 | name = "vaultwarden"; 41 | ensureDBOwnership = true; 42 | } 43 | { 44 | name = "attic"; 45 | ensureDBOwnership = true; 46 | } 47 | { 48 | name = "miniflux"; 49 | ensureDBOwnership = true; 50 | } 51 | { 52 | name = "atuin"; 53 | ensureDBOwnership = true; 54 | } 55 | { 56 | name = "ec"; 57 | ensureDBOwnership = true; 58 | } 59 | { 60 | name = "botoh"; 61 | ensureDBOwnership = true; 62 | } 63 | { 64 | name = "ganymede"; 65 | ensureDBOwnership = true; 66 | } 67 | ]; 68 | ensureDatabases = [ 69 | "forgejo" 70 | "hedgedoc" 71 | "grafana" 72 | "authelia" 73 | "vaultwarden" 74 | "attic" 75 | "miniflux" 76 | "atuin" 77 | "ec" 78 | "botoh" 79 | "ganymede" 80 | ]; 81 | }; 82 | services.postgresqlBackup = { 83 | enable = true; 84 | databases = [ 85 | "forgejo" 86 | "hedgedoc" 87 | "grafana" 88 | "authelia" 89 | "vaultwarden" 90 | "attic" 91 | "miniflux" 92 | "atuin" 93 | "botoh" 94 | "ganymede" 95 | ]; 96 | compression = "zstd"; 97 | compressionLevel = 4; 98 | startAt = "*-*-* 23:00:00"; 99 | }; 100 | } 101 | -------------------------------------------------------------------------------- /hosts/arashi/services/redis.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = [pkgs.redis-dump]; 3 | services.redis = { 4 | package = pkgs.valkey; 5 | servers = { 6 | forgejo = { 7 | enable = true; 8 | openFirewall = true; 9 | port = 6379; 10 | bind = null; 11 | databases = 1; 12 | logLevel = "debug"; 13 | requirePass = "forgejo"; 14 | settings = { 15 | protected-mode = "no"; 16 | }; 17 | }; 18 | searxng = { 19 | enable = false; 20 | openFirewall = true; 21 | port = 6380; 22 | bind = null; 23 | databases = 1; 24 | logLevel = "debug"; 25 | requirePass = "searxng"; 26 | settings = { 27 | protected-mode = "no"; 28 | }; 29 | }; 30 | blocky = { 31 | enable = true; 32 | openFirewall = true; 33 | port = 6381; 34 | bind = null; 35 | databases = 1; 36 | logLevel = "debug"; 37 | requirePass = "blocky"; 38 | settings = { 39 | protected-mode = "no"; 40 | }; 41 | }; 42 | paperless-ngx = { 43 | enable = false; 44 | openFirewall = true; 45 | port = 6382; 46 | bind = null; 47 | databases = 1; 48 | logLevel = "debug"; 49 | requirePass = "paperless-ngx"; 50 | settings = { 51 | protected-mode = "no"; 52 | }; 53 | }; 54 | }; 55 | }; 56 | } 57 | -------------------------------------------------------------------------------- /hosts/arashi/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-arashi = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | environment.systemPackages = [pkgs.restic]; 8 | services.restic = { 9 | backups = { 10 | arashi = { 11 | user = "root"; 12 | paths = [ 13 | "/var/backup/" 14 | ]; 15 | pruneOpts = [ 16 | "--keep-daily=7" 17 | "--keep-weekly=6" 18 | "--keep-monthly=5" 19 | ]; 20 | initialize = true; 21 | repository = "/nas/restic"; 22 | passwordFile = config.sops.secrets.restic-arashi.path; 23 | timerConfig = { 24 | OnCalendar = "daily"; 25 | RandomizedDelaySec = "20m"; 26 | Persistent = true; 27 | }; 28 | }; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /hosts/arashi/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "arashi"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.94.214.100/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.211/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/common/README.md: -------------------------------------------------------------------------------- 1 | # :electric_plug: modules 2 | 3 | this directory hosts some common modules / services / security tweaks used on (most) hosts. 4 | 5 | | name | description | 6 | | ---------------- | ---------------------------------------------------------------------------------- | 7 | | `prometheus` | has default prometheus config for all hosts, along with exporters for select hosts | 8 | | `default` | used for commonly shared modules | 9 | | `fonts` | font handling | 10 | | `nix` | common nix configuration | 11 | | `openssh` | configures openssh options | 12 | | `security` | stolen from [hlissner](https://github.com/hlissner) | 13 | | `sops` | configures sops-nix | 14 | | `system` | commonly shared system settings | 15 | | `time` | force sets the time on all systems | 16 | | `users` | defines all hosts users & groups | 17 | | `virtualisation` | basic docker configuration | 18 | -------------------------------------------------------------------------------- /hosts/common/default.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.sops-nix.nixosModules.sops 4 | inputs.home-manager.nixosModules.home-manager 5 | inputs.nur.modules.nixos.default 6 | inputs.nix-topology.nixosModules.default 7 | inputs.nix-flatpak.nixosModules.nix-flatpak 8 | ./prometheus.nix 9 | ./security.nix 10 | ./users.nix 11 | ./nix.nix 12 | ./system.nix 13 | ./openssh.nix 14 | ./virtualisation.nix 15 | ./sops.nix 16 | ./time.nix 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/common/fonts.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | fonts = { 3 | enableDefaultPackages = false; 4 | fontDir.enable = true; 5 | packages = with pkgs; [ 6 | corefonts 7 | nerd-fonts.jetbrains-mono 8 | noto-fonts 9 | noto-fonts-cjk-sans 10 | twitter-color-emoji 11 | maple-mono.NF 12 | ]; 13 | 14 | fontconfig = { 15 | enable = true; 16 | allowBitmaps = true; 17 | defaultFonts = { 18 | monospace = ["Maple Mono NF" "Twitter Color Emoji"]; 19 | serif = ["Noto Serif" "Twitter Color Emoji"]; 20 | sansSerif = ["Noto Sans" "Twitter Color Emoji"]; 21 | emoji = ["Twitter Color Emoji"]; 22 | }; 23 | hinting = { 24 | enable = true; 25 | style = "full"; 26 | }; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/common/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.github-token = {}; 7 | nixpkgs = { 8 | overlays = [ 9 | inputs.self.overlays.technorino 10 | inputs.nur.overlays.default 11 | inputs.helix.overlays.default 12 | inputs.hyprpanel.overlay 13 | ]; 14 | config = { 15 | allowUnfree = true; 16 | permittedInsecurePackages = [ 17 | # for sonarr 18 | "dotnet-sdk-6.0.428" 19 | "aspnetcore-runtime-6.0.36" 20 | ]; 21 | }; 22 | }; 23 | 24 | nix = { 25 | channel.enable = true; 26 | settings = { 27 | extra-experimental-features = ["flakes" "nix-command"]; 28 | warn-dirty = false; 29 | auto-optimise-store = true; 30 | builders-use-substitutes = true; 31 | download-buffer-size = 536870912; 32 | keep-outputs = true; 33 | keep-derivations = true; 34 | allowed-users = ["@wheel"]; 35 | trusted-users = ["root" "@wheel"]; 36 | substituters = [ 37 | "https://cache.nixos.org?priority=10" 38 | "https://cache.flake.sh/kyasshu" 39 | "https://hyprland.cachix.org" 40 | "https://nix-gaming.cachix.org" 41 | "https://anyrun.cachix.org" 42 | "https://viperml.cachix.org" 43 | "https://nix-community.cachix.org" 44 | "https://prismlauncher.cachix.org" 45 | "https://cosmic.cachix.org" 46 | "https://yazi.cachix.org" 47 | "https://helix.cachix.org" 48 | "https://catppuccin.cachix.org" 49 | ]; 50 | trusted-public-keys = [ 51 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 52 | "kyasshu:g1heIgCgG7M4San6nRsz/omcVQ1GTc7+zKKm3L9Co7o=" 53 | "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" 54 | "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" 55 | "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 56 | "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8=" 57 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 58 | "prismlauncher.cachix.org-1:9/n/FGyABA2jLUVfY+DEp4hKds/rwO+SCOtbOkDzd+c=" 59 | "cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE=" 60 | "yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k=" 61 | "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs=" 62 | "catppuccin.cachix.org-1:noG/4HkbhJb+lUAdKrph6LaozJvAeEEZj4N732IysmU=" 63 | ]; 64 | }; 65 | extraOptions = '' 66 | !include ${config.sops.secrets.github-token.path} 67 | ''; 68 | }; 69 | 70 | programs.nh = { 71 | enable = true; 72 | clean = { 73 | enable = true; 74 | dates = "weekly"; 75 | extraArgs = "--keep-since 3d --keep 5"; 76 | }; 77 | }; 78 | } 79 | -------------------------------------------------------------------------------- /hosts/common/openssh.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | services.openssh = { 3 | enable = true; 4 | settings = { 5 | KbdInteractiveAuthentication = false; 6 | PasswordAuthentication = lib.mkForce false; 7 | PubkeyAuthentication = lib.mkForce true; 8 | PermitRootLogin = lib.mkForce "yes"; 9 | StreamLocalBindUnlink = "yes"; 10 | GatewayPorts = "clientspecified"; 11 | }; 12 | hostKeys = [ 13 | { 14 | path = "/etc/ssh/ssh_host_ed25519_key"; 15 | type = "ed25519"; 16 | } 17 | ]; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/common/prometheus.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [9090]; 3 | services.prometheus = { 4 | enable = true; 5 | globalConfig = { 6 | scrape_interval = "15s"; 7 | evaluation_interval = "15s"; 8 | }; 9 | scrapeConfigs = [ 10 | { 11 | job_name = "prometheus"; 12 | static_configs = [{targets = ["localhost:9090"];}]; 13 | } 14 | { 15 | job_name = "node"; 16 | static_configs = [{targets = ["localhost:9100"];}]; 17 | } 18 | { 19 | job_name = "traefik"; 20 | static_configs = [{targets = ["100.104.42.96:8080"];}]; 21 | } 22 | { 23 | job_name = "postgres"; 24 | static_configs = [{targets = ["100.94.214.100:9003"];}]; 25 | } 26 | { 27 | job_name = "blocky"; 28 | static_configs = [{targets = ["100.73.192.45:4000"];}]; 29 | } 30 | { 31 | job_name = "redis_exporter"; 32 | static_configs = [{targets = ["100.94.214.100:9002"];}]; 33 | } 34 | ]; 35 | exporters = { 36 | node = { 37 | enable = true; 38 | enabledCollectors = ["systemd" "cpu"]; 39 | }; 40 | }; 41 | }; 42 | } 43 | -------------------------------------------------------------------------------- /hosts/common/security.nix: -------------------------------------------------------------------------------- 1 | # security tweaks borrowed from @hlissner 2 | { 3 | boot.kernel.sysctl = { 4 | # The Magic SysRq key is a key combo that allows users connected to the 5 | # system console of a Linux kernel to perform some low-level commands. 6 | # Disable it, since we don't need it, and is a potential security concern. 7 | "kernel.sysrq" = 0; 8 | 9 | ## TCP hardening 10 | # Prevent bogus ICMP errors from filling up logs. 11 | "net.ipv4.icmp_ignore_bogus_error_responses" = 1; 12 | # Reverse path filtering causes the kernel to do source validation of 13 | # packets received from all interfaces. This can mitigate IP spoofing. 14 | "net.ipv4.conf.default.rp_filter" = 1; 15 | "net.ipv4.conf.all.rp_filter" = 1; 16 | # Do not accept IP source route packets (we're not a router) 17 | "net.ipv4.conf.all.accept_source_route" = 0; 18 | "net.ipv6.conf.all.accept_source_route" = 0; 19 | # Don't send ICMP redirects (again, we're on a router) 20 | "net.ipv4.conf.all.send_redirects" = 0; 21 | "net.ipv4.conf.default.send_redirects" = 0; 22 | # Refuse ICMP redirects (MITM mitigations) 23 | "net.ipv4.conf.all.accept_redirects" = 0; 24 | "net.ipv4.conf.default.accept_redirects" = 0; 25 | "net.ipv4.conf.all.secure_redirects" = 0; 26 | "net.ipv4.conf.default.secure_redirects" = 0; 27 | "net.ipv6.conf.all.accept_redirects" = 0; 28 | "net.ipv6.conf.default.accept_redirects" = 0; 29 | # Protects against SYN flood attacks 30 | "net.ipv4.tcp_syncookies" = 1; 31 | # Incomplete protection again TIME-WAIT assassination 32 | "net.ipv4.tcp_rfc1337" = 1; 33 | 34 | ## TCP optimization 35 | # TCP Fast Open is a TCP extension that reduces network latency by packing 36 | # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for 37 | # both incoming and outgoing connections: 38 | "net.ipv4.tcp_fastopen" = 3; 39 | # Bufferbloat mitigations + slight improvement in throughput & latency 40 | "net.ipv4.tcp_congestion_control" = "bbr"; 41 | "net.core.default_qdisc" = "cake"; 42 | }; 43 | 44 | boot.kernelModules = ["tcp_bbr"]; 45 | 46 | security.acme = { 47 | acceptTerms = true; 48 | defaults.email = "github@notohh.dev"; 49 | }; 50 | 51 | services = { 52 | openssh.settings.LogLevel = "VERBOSE"; 53 | fail2ban = { 54 | enable = true; 55 | bantime = "1h"; 56 | maxretry = 1; 57 | ignoreIP = [ 58 | "192.168.0.0/16" 59 | "172.16.0.0/12" 60 | "10.0.0.0/8" 61 | "5.161.102.107/32" 62 | "100.71.49.65/10" 63 | "100.82.146.40/10" 64 | ]; 65 | jails = { 66 | DEFAULT = { 67 | settings = { 68 | findtime = 100000; 69 | mode = "aggressive"; 70 | }; 71 | }; 72 | }; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /hosts/common/sops.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops = { 3 | defaultSopsFile = ../../secrets/secrets.yaml; 4 | age.keyFile = "/home/notoh/.config/sops/age/keys.txt"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/common/system.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | documentation = { 3 | enable = true; 4 | doc.enable = false; 5 | man.enable = true; 6 | dev.enable = false; 7 | }; 8 | 9 | services = { 10 | fstrim = { 11 | enable = true; 12 | }; 13 | tailscale.enable = true; 14 | }; 15 | 16 | i18n = { 17 | defaultLocale = "en_US.UTF-8"; 18 | extraLocaleSettings = { 19 | LC_ADDRESS = "en_US.UTF-8"; 20 | LC_IDENTIFICATION = "en_US.UTF-8"; 21 | LC_MEASUREMENT = "en_US.UTF-8"; 22 | LC_MONETARY = "en_US.UTF-8"; 23 | LC_NAME = "en_US.UTF-8"; 24 | LC_NUMERIC = "en_US.UTF-8"; 25 | LC_PAPER = "en_US.UTF-8"; 26 | LC_TELEPHONE = "en_US.UTF-8"; 27 | LC_TIME = "en_US.UTF-8"; 28 | }; 29 | }; 30 | 31 | environment.etc."mdadm.conf".text = '' 32 | MAILADDR root 33 | ''; 34 | 35 | boot.kernelPackages = pkgs.linuxPackages_latest; 36 | 37 | systemd = { 38 | services.systemd-udevd.restartIfChanged = false; 39 | extraConfig = '' 40 | DefaultTimeoutStopSec=5s 41 | ''; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /hosts/common/time.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | time.timeZone = "America/New_York"; 3 | 4 | services = { 5 | chrony = { 6 | enable = true; 7 | servers = [ 8 | # 0.us.pool.ntp.org 9 | "134.215.114.62" 10 | "192.189.65.187" 11 | "96.245.170.99" 12 | "192.92.6.30" 13 | ]; 14 | }; 15 | timesyncd = { 16 | enable = true; 17 | servers = [ 18 | # 0.us.pool.ntp.org 19 | "134.215.114.62" 20 | "192.189.65.187" 21 | "96.245.170.99" 22 | "192.92.6.30" 23 | ]; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /hosts/common/users.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | users = { 3 | defaultUserShell = pkgs.nushell; 4 | users.notoh = { 5 | isNormalUser = true; 6 | uid = 1000; 7 | description = "notoh"; 8 | extraGroups = [ 9 | "networkmanager" 10 | "wheel" 11 | "disk" 12 | "video" 13 | "docker" 14 | "input" 15 | ]; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/common/virtualisation.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | virtualisation = { 3 | oci-containers.backend = "docker"; 4 | docker = { 5 | enable = true; 6 | enableOnBoot = true; 7 | autoPrune = { 8 | enable = true; 9 | dates = "weekly"; 10 | flags = ["--all"]; 11 | }; 12 | listenOptions = ["/run/docker.sock"]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | homeImports, 4 | ... 5 | }: { 6 | imports = [./deploy.nix]; 7 | flake.nixosConfigurations = let 8 | inherit (inputs.nixpkgs.lib) nixosSystem; 9 | specialArgs = {inherit inputs;}; 10 | in { 11 | tsuki = nixosSystem { 12 | inherit specialArgs; 13 | modules = [ 14 | ./tsuki 15 | { 16 | home-manager = { 17 | useGlobalPkgs = true; 18 | useUserPackages = true; 19 | extraSpecialArgs = specialArgs; 20 | users.notoh = { 21 | imports = homeImports."notoh@tsuki"; 22 | }; 23 | }; 24 | } 25 | ]; 26 | }; 27 | ame = nixosSystem { 28 | inherit specialArgs; 29 | modules = [ 30 | ./ame 31 | { 32 | home-manager = { 33 | useGlobalPkgs = true; 34 | useUserPackages = true; 35 | extraSpecialArgs = specialArgs; 36 | users.notoh = { 37 | imports = homeImports."notoh@ame"; 38 | }; 39 | }; 40 | } 41 | ]; 42 | }; 43 | sakura = nixosSystem { 44 | inherit specialArgs; 45 | modules = [ 46 | ./sakura 47 | { 48 | home-manager = { 49 | useGlobalPkgs = true; 50 | useUserPackages = true; 51 | extraSpecialArgs = specialArgs; 52 | users.notoh = { 53 | imports = homeImports."default"; 54 | }; 55 | }; 56 | } 57 | ]; 58 | }; 59 | kariru = nixosSystem { 60 | inherit specialArgs; 61 | modules = [ 62 | ./kariru 63 | { 64 | home-manager = { 65 | useGlobalPkgs = true; 66 | useUserPackages = true; 67 | extraSpecialArgs = specialArgs; 68 | users.notoh = { 69 | imports = homeImports."default"; 70 | }; 71 | }; 72 | } 73 | ]; 74 | }; 75 | yuki = nixosSystem { 76 | inherit specialArgs; 77 | modules = [ 78 | ./yuki 79 | { 80 | home-manager = { 81 | useGlobalPkgs = true; 82 | useUserPackages = true; 83 | extraSpecialArgs = specialArgs; 84 | users.notoh = { 85 | imports = homeImports."default"; 86 | }; 87 | }; 88 | } 89 | ]; 90 | }; 91 | arashi = nixosSystem { 92 | inherit specialArgs; 93 | modules = [ 94 | ./arashi 95 | { 96 | home-manager = { 97 | useGlobalPkgs = true; 98 | useUserPackages = true; 99 | extraSpecialArgs = specialArgs; 100 | users.notoh = { 101 | imports = homeImports."default"; 102 | }; 103 | }; 104 | } 105 | ]; 106 | }; 107 | sora = nixosSystem { 108 | inherit specialArgs; 109 | modules = [ 110 | ./sora 111 | { 112 | home-manager = { 113 | useGlobalPkgs = true; 114 | useUserPackages = true; 115 | extraSpecialArgs = specialArgs; 116 | users.notoh = { 117 | imports = homeImports."default"; 118 | }; 119 | }; 120 | } 121 | ]; 122 | }; 123 | tsuru = nixosSystem { 124 | inherit specialArgs; 125 | modules = [ 126 | ./tsuru 127 | { 128 | home-manager = { 129 | useGlobalPkgs = true; 130 | useUserPackages = true; 131 | extraSpecialArgs = specialArgs; 132 | users.notoh = { 133 | imports = homeImports."default"; 134 | }; 135 | }; 136 | } 137 | ]; 138 | }; 139 | haru = nixosSystem { 140 | inherit specialArgs; 141 | modules = [ 142 | ./haru 143 | { 144 | home-manager = { 145 | useGlobalPkgs = true; 146 | useUserPackages = true; 147 | extraSpecialArgs = specialArgs; 148 | users.notoh = { 149 | imports = homeImports."default"; 150 | }; 151 | }; 152 | } 153 | ]; 154 | }; 155 | }; 156 | } 157 | -------------------------------------------------------------------------------- /hosts/deploy.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | flake.deploy = { 3 | nodes = with inputs.deploy-rs.lib.x86_64-linux; { 4 | sakura = { 5 | hostname = "100.121.201.47"; 6 | profiles.system = { 7 | user = "root"; 8 | path = activate.nixos inputs.self.nixosConfigurations.sakura; 9 | }; 10 | sshUser = "root"; 11 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 12 | magicRollback = true; 13 | }; 14 | kariru = { 15 | hostname = "100.126.229.95"; 16 | profiles.system = { 17 | user = "root"; 18 | path = activate.nixos inputs.self.nixosConfigurations.kariru; 19 | }; 20 | sshUser = "root"; 21 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 22 | magicRollback = true; 23 | }; 24 | yuki = { 25 | hostname = "100.108.113.89"; 26 | profiles.system = { 27 | user = "root"; 28 | path = activate.nixos inputs.self.nixosConfigurations.yuki; 29 | }; 30 | sshUser = "root"; 31 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 32 | magicRollback = true; 33 | }; 34 | arashi = { 35 | hostname = "100.94.214.100"; 36 | profiles.system = { 37 | user = "root"; 38 | path = activate.nixos inputs.self.nixosConfigurations.arashi; 39 | }; 40 | sshUser = "root"; 41 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 42 | magicRollback = true; 43 | }; 44 | sora = { 45 | hostname = "100.104.42.96"; 46 | profiles.system = { 47 | user = "root"; 48 | path = activate.nixos inputs.self.nixosConfigurations.sora; 49 | }; 50 | sshUser = "root"; 51 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 52 | magicRollback = true; 53 | }; 54 | tsuru = { 55 | hostname = "100.82.146.40"; 56 | profiles.system = { 57 | user = "root"; 58 | path = activate.nixos inputs.self.nixosConfigurations.tsuru; 59 | }; 60 | sshUser = "root"; 61 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 62 | magicRollback = true; 63 | }; 64 | haru = { 65 | hostname = "100.73.192.45"; 66 | profiles.system = { 67 | user = "root"; 68 | path = activate.nixos inputs.self.nixosConfigurations.haru; 69 | }; 70 | sshUser = "root"; 71 | sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; 72 | magicRollback = true; 73 | }; 74 | }; 75 | }; 76 | } 77 | -------------------------------------------------------------------------------- /hosts/haru/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdSO5g6IZQUzeH0Xf7hEVjKZ4cAWn/DjN+GQ2Ujd+qD haru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/haru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | extraModulePackages = []; 13 | loader.grub = { 14 | enable = true; 15 | configurationLimit = 5; 16 | device = "/dev/sda"; 17 | useOSProber = false; 18 | }; 19 | initrd = { 20 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 21 | kernelModules = []; 22 | }; 23 | }; 24 | 25 | fileSystems = { 26 | "/" = { 27 | device = "/dev/disk/by-uuid/06177115-2e39-493b-81fb-5a1980ae0534"; 28 | fsType = "ext4"; 29 | }; 30 | }; 31 | 32 | swapDevices = [ 33 | {device = "/dev/disk/by-uuid/c879fa21-fd80-422c-9aef-0becce5ff19c";} 34 | ]; 35 | 36 | networking.useDHCP = lib.mkDefault true; 37 | 38 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/haru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "haru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/haru/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./blocky.nix 4 | ./unbound.nix 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/haru/services/unbound.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.unbound = { 3 | enable = true; 4 | resolveLocalQueries = false; 5 | enableRootTrustAnchor = true; 6 | settings = { 7 | server = { 8 | verbosity = 0; 9 | interface = "0.0.0.0"; 10 | port = 5335; 11 | do-ip4 = true; 12 | do-udp = true; 13 | do-tcp = true; 14 | harden-glue = true; 15 | harden-dnssec-stripped = true; 16 | use-caps-for-id = false; 17 | edns-buffer-size = 1232; 18 | prefetch = true; 19 | num-threads = 2; 20 | so-rcvbuf = "1m"; 21 | access-control = [ 22 | "10.0.0.0/8 allow" 23 | "172.16.0.0/12 allow" 24 | "192.168.0.0/16 allow" 25 | ]; 26 | private-address = [ 27 | "192.168.0.0/16" 28 | "169.254.0.0/16" 29 | "172.16.0.0/12" 30 | "10.0.0.0/8" 31 | "fd00::/8" 32 | "fe80::/10" 33 | ]; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/haru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "haru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.73.192.45/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.103/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/kariru/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/kariru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | extraModulePackages = []; 13 | loader.grub = { 14 | enable = true; 15 | configurationLimit = 5; 16 | device = "/dev/sda"; 17 | useOSProber = false; 18 | }; 19 | initrd = { 20 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 21 | kernelModules = []; 22 | }; 23 | }; 24 | 25 | fileSystems = { 26 | "/" = { 27 | device = "/dev/disk/by-uuid/f5a0738c-d027-4ffb-82ec-9901ca6b310b"; 28 | fsType = "ext4"; 29 | }; 30 | "/media" = { 31 | device = "192.168.1.199:/mnt/Sutoreji/media"; 32 | fsType = "nfs"; 33 | }; 34 | "/stash" = { 35 | device = "192.168.1.199:/mnt/Sutoreji/stash"; 36 | fsType = "nfs"; 37 | }; 38 | "/nas/restic" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/kariru"; 40 | fsType = "nfs"; 41 | }; 42 | }; 43 | 44 | swapDevices = [ 45 | {device = "/dev/disk/by-uuid/f28bad28-ae14-4aa7-85c5-47abe46bae56";} 46 | ]; 47 | 48 | networking.useDHCP = lib.mkDefault true; 49 | 50 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/kariru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "kariru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/kariru/services/default.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | networking.firewall.allowedTCPPorts = [9292 8111]; 3 | 4 | imports = [ 5 | ./restic.nix 6 | ./torrent.nix 7 | ./syncthing.nix 8 | ]; 9 | 10 | environment.systemPackages = [pkgs.recyclarr]; 11 | services = { 12 | radarr = { 13 | enable = true; 14 | openFirewall = true; 15 | }; 16 | sonarr = { 17 | enable = true; 18 | openFirewall = true; 19 | }; 20 | prowlarr = { 21 | enable = true; 22 | openFirewall = true; 23 | }; 24 | }; 25 | 26 | virtualisation.oci-containers.containers = { 27 | byparr = { 28 | image = "ghcr.io/thephaseless/byparr@sha256:9f83a6f5e5cec22a70abf3401a23164295a4b2e1ced37264907c3512981e527a"; # v3.3.21 29 | ports = ["8191:8191"]; 30 | extraOptions = ["--network=host"]; 31 | }; 32 | shoko = { 33 | image = "ghcr.io/shokoanime/server@sha256:dde0c5a8bddc226ae368827fd7df382602ad312a2337ebade8e5cc63fa0c4dac"; # v5.1.0 34 | ports = ["8111:8111"]; 35 | environment = { 36 | PUID = "1000"; 37 | PGID = "1000"; 38 | TZ = "Etc/UTC"; 39 | }; 40 | volumes = [ 41 | "/var/lib/shoko:/home/shoko/.shoko" 42 | "/media/anime:/media/anime" 43 | "/media/anime-movies:/media/anime-movies" 44 | ]; 45 | extraOptions = ["--network=host"]; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/kariru/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-kariru = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | environment.systemPackages = [pkgs.restic]; 8 | services.restic = { 9 | backups = { 10 | kariru = { 11 | user = "root"; 12 | paths = [ 13 | "/var/lib/radarr" 14 | "/var/lib/sonarr" 15 | "/var/lib/whisparr" 16 | "/var/lib/private/prowlarr" 17 | ]; 18 | pruneOpts = [ 19 | "--keep-daily=7" 20 | "--keep-weekly=6" 21 | "--keep-monthly=5" 22 | ]; 23 | initialize = true; 24 | repository = "/nas/restic"; 25 | passwordFile = config.sops.secrets.restic-kariru.path; 26 | timerConfig = { 27 | OnCalendar = "daily"; 28 | RandomizedDelaySec = "20m"; 29 | Persistent = true; 30 | }; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/kariru/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "100.126.229.95:8386"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/kariru/services/torrent.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.gluetun = {}; 3 | virtualisation.oci-containers.containers = { 4 | gluetun = { 5 | image = "qmcgaw/gluetun@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00"; #v3.40 6 | hostname = "gluetun"; 7 | ports = [ 8 | "8000:8000/tcp" # HTTP control server 9 | "8888:8888/tcp" # HTTP proxy 10 | "8388:8388/tcp" # Shadowsocks 11 | "8388:8388/udp" # Shadowsocks 12 | "8080:8080" #qb 13 | "6881:6881" #qb 14 | "6881:6881/udp" #qb 15 | ]; 16 | volumes = ["/srv/gluetun:/tmp/gluetun"]; 17 | environmentFiles = [config.sops.secrets.gluetun.path]; 18 | extraOptions = ["--cap-add=NET_ADMIN" "--device=/dev/net/tun:/dev/net/tun"]; 19 | }; 20 | qbittorrent = { 21 | image = "linuxserver/qbittorrent@sha256:50f490770308d0351e12618422e74e0613721b080f5db0bf840cf66a7281eea8"; # v5.0.4 22 | dependsOn = ["gluetun"]; 23 | environment = { 24 | PUID = "1001"; 25 | PGID = "2001"; 26 | TZ = "Etc/UTC"; 27 | WEBUI_PORT = "8080"; 28 | }; 29 | volumes = [ 30 | "/home/notoh/qbittorrent/config:/config" 31 | "/media/downloads:/downloads" 32 | "/media/incomplete-downloads:/incomplete-downloads" 33 | ]; 34 | extraOptions = ["--network=container:gluetun"]; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/kariru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "kariru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.126.229.95/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.54/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/sakura/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/sakura/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | extraModulePackages = []; 13 | loader.grub = { 14 | enable = true; 15 | configurationLimit = 5; 16 | device = "/dev/sda"; 17 | useOSProber = false; 18 | }; 19 | initrd = { 20 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 21 | kernelModules = []; 22 | }; 23 | }; 24 | 25 | fileSystems = { 26 | "/" = { 27 | device = "/dev/disk/by-uuid/db3e4722-35a6-44fb-8e4d-a75166b845cb"; 28 | fsType = "ext4"; 29 | }; 30 | "/home/notoh/rustlog/clickhouse" = { 31 | device = "192.168.1.199:/mnt/Sutoreji/twitchlogs-rustlog"; 32 | fsType = "nfs"; 33 | }; 34 | "/nas/restic" = { 35 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/sakura"; 36 | fsType = "nfs"; 37 | }; 38 | "/nas/vods" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/vods"; 40 | fsType = "nfs"; 41 | }; 42 | }; 43 | 44 | swapDevices = [ 45 | {device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc";} 46 | ]; 47 | 48 | networking.useDHCP = lib.mkDefault true; 49 | 50 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/sakura/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "sakura"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sakura/services/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./restic.nix 4 | ./forgejo.nix 5 | ./rustypaste.nix 6 | ./grafana.nix 7 | ./vaultwarden.nix 8 | ./tailscale.nix 9 | ./rustlog.nix 10 | ./wastebin.nix 11 | ./ganymede.nix 12 | ./immich-proxy.nix 13 | ./hedgedoc.nix 14 | ]; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sakura/services/forgejo.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: let 7 | sshPort = 2222; 8 | dbHost = "192.168.1.211"; 9 | dbLogin = "forgejo"; 10 | in { 11 | sops.secrets.smtp2go-pwd = {owner = "forgejo";}; 12 | networking.firewall.allowedTCPPorts = [2222]; 13 | services.forgejo = { 14 | enable = true; 15 | package = pkgs.forgejo; 16 | stateDir = "/var/lib/forgejo"; 17 | lfs.enable = true; 18 | secrets = { 19 | mailer.PASSWD = config.sops.secrets.smtp2go-pwd.path; 20 | }; 21 | settings = { 22 | service.DISABLE_REGISTRATION = true; 23 | DEFAULT.APP_NAME = "forgejo"; 24 | log.LEVEL = "Debug"; 25 | packages.ENABLED = true; 26 | federation.ENABLED = true; 27 | ui = { 28 | DEFAULT_THEME = "forgejo-dark"; 29 | SHOW_USER_EMAIL = true; 30 | }; 31 | actions = { 32 | ENABLED = false; 33 | DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; 34 | }; 35 | server = { 36 | HTTP_PORT = 3200; 37 | DOMAIN = "git.flake.sh"; 38 | ROOT_URL = "https://git.flake.sh"; 39 | LANDING_PAGE = "/explore/repos"; 40 | START_SSH_SERVER = true; 41 | SSH_DOMAIN = "git.flake.sh"; 42 | SSH_PORT = sshPort; 43 | SSH_LISTEN_PORT = sshPort; 44 | SSH_LISTEN_HOST = "100.121.201.47"; 45 | }; 46 | "git.timeout" = { 47 | DEFAULT = 3600; 48 | MIGRATE = 3600; 49 | MIRROR = 3600; 50 | CLONE = 3600; 51 | }; 52 | session = { 53 | PROVIDER = "redis"; 54 | PROVIDER_CONFIG = "redis://:forgejo@${dbHost}:6379"; 55 | }; 56 | security = { 57 | LOGIN_REMEMBER_DAYS = 14; 58 | }; 59 | database = { 60 | DB_TYPE = lib.mkForce "postgres"; 61 | HOST = "${dbHost}:5432"; 62 | NAME = dbLogin; 63 | USER = dbLogin; 64 | PASSWD = dbLogin; 65 | }; 66 | cache = { 67 | ENABLED = true; 68 | ADAPTER = lib.mkForce "redis"; 69 | HOST = "redis://:forgejo@${dbHost}:6379"; 70 | }; 71 | metrics = { 72 | ENABLED = true; 73 | ENABLED_ISSUE_BY_REPOSITORY = true; 74 | ENABLED_ISSUE_BY_LABEL = true; 75 | }; 76 | mailer = { 77 | ENABLED = true; 78 | FROM = "forgejo@flake.sh"; 79 | PROTOCOL = "smtp+starttls"; 80 | SMTP_ADDR = "mail.smtp2go.com"; 81 | SMTP_PORT = 587; 82 | USER = "forgejo-mailer"; 83 | }; 84 | }; 85 | }; 86 | services.fail2ban.jails.forgejo = { 87 | settings = { 88 | filter = "forgejo"; 89 | action = ''iptables-allports''; 90 | mode = "aggressive"; 91 | maxretry = 3; 92 | findtime = 3600; 93 | bantime = 900; 94 | }; 95 | }; 96 | environment.etc = { 97 | "fail2ban/filter.d/forgejo.conf".text = '' 98 | [Definition] 99 | failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ 100 | journalmatch = _SYSTEMD_UNIT=forgejo.service 101 | ''; 102 | }; 103 | } 104 | -------------------------------------------------------------------------------- /hosts/sakura/services/ganymede.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [4800]; 3 | 4 | sops.secrets.ganymede-auth = {}; 5 | virtualisation.oci-containers.containers = { 6 | ganymede = { 7 | hostname = "ganymede"; 8 | image = "ghcr.io/zibbp/ganymede@sha256:4654c1aafb98e53a619d24e2ea3b31d231242d7f7753a780931799ac7f6c2d2a"; # 4.0.4 9 | ports = ["4800:4800"]; 10 | environment = { 11 | VIDEOS_DIR = "/data/videos"; 12 | TEMP_DIR = "/data/temp"; 13 | TZ = "America/New_York"; 14 | MAX_CHAT_DOWNLOAD_EXECUTIONS = "3"; 15 | MAX_CHAT_RENDER_EXECUTIONS = "2"; 16 | MAX_VIDEO_DOWNLOAD_EXECUTIONS = "2"; 17 | MAX_VIDEO_CONVERT_EXECUTIONS = "3"; 18 | MAX_VIDEO_SPRITE_THUMBNAIL_EXECUTIONS = "2"; 19 | }; 20 | environmentFiles = [ 21 | /run/secrets/ganymede-auth # stores db creds && twitch creds 22 | ]; 23 | volumes = [ 24 | "/nas/vods:/data/videos" 25 | "/nas/vods/docker/ganymede:/data/temp" 26 | "/nas/vods/docker/ganymede/logs:/data/logs" 27 | "/nas/vods/docker/ganymede/config:/data/config" 28 | ]; 29 | extraOptions = ["--network=host"]; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /hosts/sakura/services/grafana.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | prometheusPort = "9090"; 3 | dbLogin = "grafana"; 4 | in { 5 | services.grafana = { 6 | enable = true; 7 | settings = { 8 | "auth.anonymous".enabled = true; 9 | "auth.basic".enabled = false; 10 | server = { 11 | root_url = "https://metrics.flake.sh"; 12 | domain = "metrics.flake.sh"; 13 | enforce_domain = true; 14 | http_addr = "0.0.0.0"; 15 | http_port = 3100; 16 | }; 17 | users = { 18 | allow_signup = false; 19 | }; 20 | database = { 21 | type = "postgres"; 22 | host = "192.168.1.211:5432"; 23 | name = dbLogin; 24 | user = dbLogin; 25 | ssl_mode = "disable"; 26 | }; 27 | panels = { 28 | disable_sanitize_html = true; 29 | enable_alpha = true; 30 | }; 31 | }; 32 | provision = { 33 | datasources.settings = { 34 | datasources = [ 35 | { 36 | name = "Prometheus"; 37 | type = "prometheus"; 38 | url = "http://localhost:${prometheusPort}"; 39 | orgId = 1; 40 | } 41 | { 42 | name = "Prometheus-kariru"; 43 | type = "prometheus"; 44 | url = "http://100.126.229.95:${prometheusPort}"; 45 | orgId = 1; 46 | } 47 | { 48 | name = "Prometheus-yuki"; 49 | type = "prometheus"; 50 | url = "http://100.108.113.89:${prometheusPort}"; 51 | orgId = 1; 52 | } 53 | { 54 | name = "Prometheus-arashi"; 55 | type = "prometheus"; 56 | url = "http://100.94.214.100:${prometheusPort}"; 57 | orgId = 1; 58 | } 59 | { 60 | name = "Prometheus-sora"; 61 | type = "prometheus"; 62 | url = "http://100.104.42.96:${prometheusPort}"; 63 | orgId = 1; 64 | } 65 | { 66 | name = "Prometheus-tsuru"; 67 | type = "prometheus"; 68 | url = "http://100.82.146.40:${prometheusPort}"; 69 | orgId = 1; 70 | } 71 | { 72 | name = "Prometheus-haru"; 73 | type = "prometheus"; 74 | url = "http://100.73.192.45:${prometheusPort}"; 75 | orgId = 1; 76 | jsonData = { 77 | graphiteVersion = "1.1"; 78 | tlsAuth = false; 79 | tlsAuthWithCACert = false; 80 | }; 81 | } 82 | ]; 83 | }; 84 | }; 85 | }; 86 | } 87 | -------------------------------------------------------------------------------- /hosts/sakura/services/hedgedoc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.hedgedoc = { 3 | enable = true; 4 | settings = { 5 | port = 3300; 6 | domain = "scratch.flake.sh"; 7 | host = "100.121.201.47"; 8 | allowOrigin = ["scratch.flake.sh"]; 9 | allowAnonymous = true; 10 | allowFreeURL = true; 11 | allowEmailRegister = false; 12 | dbURL = "postgres://hedgedoc:hedgedoc@192.168.1.211:5432/hedgedoc"; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sakura/services/immich-proxy.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.immich-public-proxy = { 3 | enable = true; 4 | port = 2284; 5 | openFirewall = true; 6 | immichUrl = "https://immich.internal.flake.sh"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /hosts/sakura/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-sakura = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | environment.systemPackages = [pkgs.restic]; 8 | services.restic = { 9 | backups = { 10 | sakura = { 11 | user = "root"; 12 | paths = [ 13 | "/home/notoh/justlog" 14 | "/var/lib/rustypaste" 15 | "/var/lib/forgejo" 16 | ]; 17 | exclude = [ 18 | "/home/notoh/justlog/logs" 19 | "/var/lib/rustypaste/uploads" 20 | ]; 21 | pruneOpts = [ 22 | "--keep-daily=7" 23 | "--keep-weekly=6" 24 | "--keep-monthly=5" 25 | ]; 26 | initialize = true; 27 | repository = "/nas/restic"; 28 | passwordFile = config.sops.secrets.restic-sakura.path; 29 | timerConfig = { 30 | OnCalendar = "daily"; 31 | RandomizedDelaySec = "20m"; 32 | Persistent = true; 33 | }; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/sakura/services/rustlog.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | networking.firewall.allowedTCPPorts = [8025 8123]; 3 | 4 | systemd.services = { 5 | docker-rustlog.serviceConfig = {PrivateNetwork = lib.mkForce false;}; 6 | }; 7 | 8 | virtualisation.oci-containers.containers = { 9 | clickhouse = { 10 | image = "clickhouse/clickhouse-server:latest"; 11 | environment = { 12 | CLICKHOUSE_DB = "rustlog"; 13 | CLICKHOUSE_HOST = "192.168.1.25"; 14 | }; 15 | extraOptions = ["--network=host"]; 16 | volumes = [ 17 | "/home/notoh/rustlog/clickhouse:/var/lib/clickhouse:rw" 18 | ]; 19 | }; 20 | rustlog = { 21 | hostname = "rustlog"; 22 | image = "ghcr.io/boring-nick/rustlog@sha256:49700b543dd89076e422de78be02cf38b1a8ad68f53874bc9223cb39821921f8"; 23 | ports = ["8025:8025"]; 24 | volumes = [ 25 | "/home/notoh/rustlog/config.json:/config.json" 26 | ]; 27 | dependsOn = ["clickhouse"]; 28 | extraOptions = ["--network=host"]; 29 | }; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /hosts/sakura/services/rustypaste.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = with pkgs; [rustypaste]; 3 | 4 | users = { 5 | users.rustypaste = { 6 | isSystemUser = true; 7 | group = "rustypaste"; 8 | }; 9 | groups.rustypaste = { 10 | name = "rustypaste"; 11 | }; 12 | }; 13 | 14 | systemd.services.rustypaste = { 15 | enable = true; 16 | wantedBy = ["multi-user.target"]; 17 | description = "A minimal file upload/pastebin service."; 18 | environment = { 19 | CONFIG = "/var/lib/rustypaste/config.toml"; 20 | }; 21 | serviceConfig = { 22 | User = "rustypaste"; 23 | ExecStart = "${pkgs.rustypaste}/bin/rustypaste"; 24 | Restart = "always"; 25 | RestartSec = 30; 26 | WorkingDirectory = "/var/lib/rustypaste"; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /hosts/sakura/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: { 7 | sops.secrets.tsauth-sakura = {sopsFile = ../../../secrets/tailscale/secrets.yaml;}; 8 | environment.systemPackages = [pkgs.jq pkgs.tailscale]; 9 | services.tailscale = { 10 | useRoutingFeatures = lib.mkDefault "client"; 11 | }; 12 | networking.firewall.allowedUDPPorts = [config.services.tailscale.port]; 13 | networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; 14 | 15 | systemd.services.tailscale-autoconnect = { 16 | description = "Automatic connection to Tailscale"; 17 | 18 | # make sure tailscale is running before trying to connect to tailscale 19 | after = ["network-pre.target" "tailscale.service"]; 20 | wants = ["network-pre.target" "tailscale.service"]; 21 | wantedBy = ["multi-user.target"]; 22 | 23 | # set this service as a oneshot job 24 | serviceConfig.Type = "oneshot"; 25 | 26 | # have the job run this shell script 27 | script = with pkgs; '' 28 | # wait for tailscaled to settle 29 | sleep 2 30 | 31 | # check if we are already authenticated to tailscale 32 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 33 | if [ $status = "Running" ]; then # if so, then do nothing 34 | exit 0 35 | fi 36 | 37 | # otherwise authenticate with tailscale 38 | ${tailscale}/bin/tailscale up -authkey file:${config.sops.secrets.tsauth-sakura.path} --exit-node=100.104.42.96 --exit-node-allow-lan-access=true --accept-dns=false 39 | ''; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/sakura/services/vaultwarden.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.vaultwarden-env = {}; 7 | services.vaultwarden = { 8 | enable = true; 9 | package = pkgs.vaultwarden-postgresql; 10 | dbBackend = "postgresql"; 11 | config = { 12 | DOMAIN = "https://vault.flake.sh/"; 13 | SIGNUPS_ALLOWED = false; 14 | SIGNUPS_VERIFY = true; 15 | SIGNUPS_VERIFY_RESEND_TIME = 3600; 16 | DATABASE_URL = "postgresql://vaultwarden:vaultwarden@192.168.1.211:5432/vaultwarden"; 17 | LOG_LEVEL = "Info"; 18 | ROCKET_ADDRESS = "0.0.0.0"; 19 | ROCKET_PORT = 8222; 20 | ROCKET_LOG = "critical"; 21 | # mailer 22 | SMTP_HOST = "mail.smtp2go.com"; 23 | SMTP_PORT = 587; 24 | SMTP_SECURITY = "starttls"; 25 | SMTP_FROM = "vault@flake.sh"; 26 | SMTP_FROM_NAME = "Vaultwarden"; 27 | SMTP_USERNAME = "vaultwarden-mailer"; 28 | SMTP_TIMEOUT = 15; 29 | EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "autofill-v2,extension-refresh,ssh-key-vault-item,ssh-agent"; 30 | }; 31 | environmentFile = config.sops.secrets.vaultwarden-env.path; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/sakura/services/wastebin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.wastebin = { 3 | enable = true; 4 | settings = { 5 | WASTEBIN_TITLE = "wastebin"; 6 | WASTEBIN_BASE_URL = "https://paste.flake.sh"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/sakura/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "sakura"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.121.201.47/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.25/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/sora/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./networking.nix 5 | ./services 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | services.snowflake-proxy.enable = true; 11 | 12 | users = { 13 | users.notoh.openssh.authorizedKeys.keys = [ 14 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora" 15 | ]; 16 | users.root.openssh.authorizedKeys.keys = [ 17 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 18 | ]; 19 | }; 20 | system = { 21 | autoUpgrade.enable = false; 22 | stateVersion = "23.05"; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/sora/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | modulesPath, 3 | lib, 4 | ... 5 | }: { 6 | imports = [(modulesPath + "/profiles/qemu-guest.nix")]; 7 | 8 | zramSwap.enable = true; 9 | 10 | boot = { 11 | tmp.cleanOnBoot = true; 12 | loader.grub = { 13 | efiSupport = true; 14 | efiInstallAsRemovable = true; 15 | device = "nodev"; 16 | }; 17 | initrd = { 18 | availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; 19 | kernelModules = ["nvme"]; 20 | }; 21 | }; 22 | 23 | fileSystems = { 24 | "/" = { 25 | device = "/dev/sda1"; 26 | fsType = "ext4"; 27 | }; 28 | "/boot" = { 29 | device = "/dev/disk/by-uuid/B793-1B2C"; 30 | fsType = "vfat"; 31 | }; 32 | }; 33 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/sora/networking.nix: -------------------------------------------------------------------------------- 1 | {lib, ...}: { 2 | networking = { 3 | hostName = "sora"; 4 | nameservers = [ 5 | "1.1.1.1" 6 | "149.112.112.112" 7 | ]; 8 | defaultGateway = "172.31.1.1"; 9 | defaultGateway6 = { 10 | address = ""; 11 | interface = "eth0"; 12 | }; 13 | dhcpcd.enable = false; 14 | usePredictableInterfaceNames = lib.mkForce false; 15 | interfaces = { 16 | eth0 = { 17 | ipv4.addresses = [ 18 | { 19 | address = "5.161.102.107"; 20 | prefixLength = 32; 21 | } 22 | ]; 23 | ipv4.routes = [ 24 | { 25 | address = "172.31.1.1"; 26 | prefixLength = 32; 27 | } 28 | ]; 29 | }; 30 | }; 31 | }; 32 | services.udev.extraRules = '' 33 | ATTR{address}=="96:00:02:c2:dc:83", NAME="eth0" 34 | ''; 35 | } 36 | -------------------------------------------------------------------------------- /hosts/sora/services/attic.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: { 6 | sops.secrets.attic = {}; 7 | 8 | environment.systemPackages = [pkgs.attic-client]; 9 | 10 | services.atticd = { 11 | enable = true; 12 | environmentFile = config.sops.secrets.attic.path; 13 | settings = { 14 | listen = "[::]:8200"; 15 | allowed-hosts = ["cache.flake.sh"]; 16 | database.url = "postgres://attic:attic@100.94.214.100:5432/attic"; 17 | api-endpoint = "https://cache.flake.sh/"; 18 | require-proof-of-possession = false; 19 | chunking = { 20 | nar-size-threshold = 0; 21 | 22 | min-size = 16 * 1024; # 16 KiB 23 | 24 | avg-size = 64 * 1024; # 64 KiB 25 | 26 | max-size = 256 * 1024; # 256 KiB 27 | }; 28 | garbage-collection = { 29 | interval = "12 hours"; 30 | default-retention-period = "36 weeks"; 31 | }; 32 | compression = { 33 | type = "zstd"; 34 | level = 9; 35 | }; 36 | storage = { 37 | type = "s3"; 38 | region = "us-east-1"; 39 | bucket = "kyasshu"; 40 | endpoint = "https://s3.wasabisys.com"; 41 | }; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /hosts/sora/services/croc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.croc = { 3 | enable = true; 4 | openFirewall = true; 5 | debug = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/sora/services/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./restic.nix 4 | ./traefik.nix 5 | ./uptimekuma.nix 6 | ./ntfy-sh.nix 7 | ./attic.nix 8 | ./tailscale.nix 9 | ./croc.nix 10 | 11 | ### game servers 12 | # ./terraria.nix 13 | # ./factorio.nix 14 | ./minecraft.nix 15 | # ./foundryvtt.nix 16 | ]; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/sora/services/factorio.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.factorio = { 3 | enable = true; 4 | package = pkgs.factorio-headless; 5 | public = false; 6 | lan = false; 7 | openFirewall = true; 8 | admins = ["notoh"]; 9 | game-name = "forsen"; 10 | autosave-interval = 20; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/sora/services/foundryvtt.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.foundry-username = {}; 3 | sops.secrets.foundry-password = {}; 4 | virtualisation.oci-containers.containers.foundryvtt = { 5 | image = "felddy/foundryvtt@sha256:d85dab9704d771f3a33f21439f1bf34748fb5bf1987668ff402b5b17d1973f5a"; 6 | volumes = ["/home/notoh/docker/foundryvtt:/data"]; 7 | environment = { 8 | CONTAINER_PRESERVE_CONFIG = "true"; 9 | }; 10 | environmentFiles = [ 11 | /run/secrets/foundry-username 12 | /run/secrets/foundry-password 13 | ]; 14 | ports = ["30000:30000"]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /hosts/sora/services/minecraft.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [25565]; 3 | networking.firewall.allowedUDPPorts = [24454]; 4 | virtualisation.oci-containers.containers.minecraft = { 5 | image = "itzg/minecraft-server"; 6 | ports = ["25565:25565" "24454:24454/udp"]; 7 | environment = { 8 | EULA = "TRUE"; 9 | VERSION = "1.21.1"; 10 | MEMORY = "6G"; 11 | TYPE = "NEOFORGE"; 12 | }; 13 | volumes = ["/home/notoh/docker/modded-mc:/data:rw"]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sora/services/ntfy-sh.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = [pkgs.ntfy-sh]; 3 | services.ntfy-sh = { 4 | enable = true; 5 | settings = { 6 | listen-http = ":8090"; 7 | base-url = "https://ntfy.flake.sh"; 8 | upstream-base-url = "https://ntfy.sh"; 9 | behind-proxy = true; 10 | auth-default-access = "read-only"; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/sora/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets = { 7 | restic-sora = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 8 | sora-s3 = {sopsFile = ../../../secrets/s3/secrets.yaml;}; 9 | }; 10 | environment.systemPackages = [pkgs.restic]; 11 | services.restic = { 12 | backups = { 13 | sora = { 14 | user = "root"; 15 | paths = [ 16 | "/var/lib/private/uptime-kuma" 17 | "/var/lib/private/ntfy-sh" 18 | ]; 19 | pruneOpts = [ 20 | "--keep-daily=7" 21 | "--keep-weekly=6" 22 | "--keep-monthly=5" 23 | ]; 24 | repository = "s3:https://s3.wasabisys.com/sora-restic"; 25 | initialize = true; 26 | passwordFile = config.sops.secrets.restic-sora.path; 27 | environmentFile = config.sops.secrets.sora-s3.path; 28 | timerConfig = { 29 | OnCalendar = "daily"; 30 | Persistent = true; 31 | }; 32 | }; 33 | }; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /hosts/sora/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: { 7 | sops.secrets.tsauth-sora = {sopsFile = ../../../secrets/tailscale/secrets.yaml;}; 8 | environment.systemPackages = [pkgs.jq pkgs.tailscale]; 9 | services.tailscale = { 10 | useRoutingFeatures = lib.mkDefault "server"; # important to make it a server, it sets sysctl for ip forwarding without intervention and reboot 11 | }; 12 | networking.firewall.allowedUDPPorts = [config.services.tailscale.port]; 13 | networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; 14 | 15 | systemd.services.tailscale-autoconnect = { 16 | description = "Automatic connection to Tailscale"; 17 | 18 | # make sure tailscale is running before trying to connect to tailscale 19 | after = ["network-pre.target" "tailscale.service"]; 20 | wants = ["network-pre.target" "tailscale.service"]; 21 | wantedBy = ["multi-user.target"]; 22 | 23 | # set this service as a oneshot job 24 | serviceConfig.Type = "oneshot"; 25 | 26 | # have the job run this shell script 27 | script = with pkgs; '' 28 | # wait for tailscaled to settle 29 | sleep 2 30 | 31 | # check if we are already authenticated to tailscale 32 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 33 | if [ $status = "Running" ]; then # if so, then do nothing 34 | exit 0 35 | fi 36 | 37 | # otherwise authenticate with tailscale 38 | ${tailscale}/bin/tailscale up --authkey file:${config.sops.secrets.tsauth-sora.path} --advertise-exit-node=true --accept-dns=false 39 | ''; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/sora/services/terraria.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [7777]; 3 | virtualisation.oci-containers.containers.terraria = { 4 | image = "jacobsmile/tmodloader1.4:v2023.11.3.3"; 5 | ports = ["7777:7777"]; 6 | volumes = ["/var/lib/terraria/tmodloader:/data"]; 7 | environment = { 8 | TMOD_MOTD = "forsen"; 9 | TMOD_PASS = "forsen"; 10 | TMOD_AUTOSAVE_INTERVAL = "10"; 11 | TMOD_SHUTDOWN_MESSAGE = "Server is shutting down NOW!"; 12 | TMOD_AUTODOWNLOAD = "2824688072,2824688266,2669644269,2563309347,2619954303,2687866031,2563851005,2908170107"; 13 | TMOD_ENABLEDMODS = "2824688072,2824688266,2669644269,2563309347,2619954303,2687866031,2563851005,2908170107"; 14 | TMOD_MAXPLAYERS = "10"; 15 | TMOD_WORLDNAME = "forsenv2"; 16 | TMOD_WORLDSIZE = "3"; 17 | TMOD_DIFFICULTY = "2"; 18 | TMOD_NPCSTREAM = "60"; 19 | TMOD_WORLDSEED = "random"; 20 | TMOD_LANGUAGE = "en-US"; 21 | TMOD_UPNP = "1"; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/sora/services/uptimekuma.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.uptime-kuma = { 3 | enable = true; 4 | settings = { 5 | HOST = "100.104.42.96"; 6 | PORT = "4000"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/sora/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "sora"; 5 | hardware.info = "Hetzner VPS"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.104.42.96/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | eth0 = { 13 | network = "hetzner"; 14 | type = "ethernet"; 15 | }; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/tsuki/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.nix-gaming.nixosModules.pipewireLowLatency 8 | inputs.hyprland.nixosModules.default 9 | ./hardware.nix 10 | ./services 11 | ./networking.nix 12 | ./gaming.nix 13 | ./topology.nix 14 | ../common 15 | ../common/fonts.nix 16 | ../../home/wayland 17 | ]; 18 | 19 | virtualisation = { 20 | libvirtd.enable = true; 21 | }; 22 | services = { 23 | pulseaudio.enable = false; 24 | pcscd.enable = true; 25 | flatpak = { 26 | enable = true; 27 | packages = [ 28 | "io.github.Soundux" 29 | "com.github.tchx84.Flatseal" 30 | ]; 31 | }; 32 | avahi = { 33 | enable = true; 34 | nssmdns4 = true; 35 | publish = { 36 | enable = true; 37 | userServices = true; 38 | domain = true; 39 | }; 40 | }; 41 | pipewire = { 42 | enable = true; 43 | alsa.enable = true; 44 | alsa.support32Bit = true; 45 | pulse.enable = true; 46 | wireplumber.enable = true; 47 | lowLatency = { 48 | enable = true; 49 | quantum = 64; 50 | rate = 48000; 51 | }; 52 | }; 53 | xserver = { 54 | enable = true; 55 | videoDrivers = ["amdgpu"]; 56 | xkb = { 57 | layout = "us"; 58 | variant = ""; 59 | }; 60 | }; 61 | }; 62 | security = { 63 | rtkit.enable = true; 64 | polkit.enable = true; 65 | pam = { 66 | services.hyprlock = {}; 67 | }; 68 | }; 69 | programs = { 70 | hyprland = { 71 | enable = true; 72 | withUWSM = false; 73 | package = inputs.hyprland.packages.${pkgs.system}.hyprland; 74 | portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; 75 | }; 76 | corectrl.enable = true; 77 | dconf.enable = true; 78 | appimage = { 79 | enable = true; 80 | binfmt = true; 81 | }; 82 | }; 83 | hardware = { 84 | graphics = { 85 | enable = true; 86 | enable32Bit = true; 87 | }; 88 | opentabletdriver = { 89 | enable = true; 90 | daemon.enable = true; 91 | }; 92 | }; 93 | environment.systemPackages = with pkgs; [ 94 | nil 95 | libvirt 96 | qemu_kvm 97 | zulu 98 | zulu17 99 | ]; 100 | 101 | system = { 102 | autoUpgrade.enable = false; 103 | stateVersion = "23.05"; 104 | }; 105 | } 106 | -------------------------------------------------------------------------------- /hosts/tsuki/gaming.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.nix-gaming.nixosModules.platformOptimizations 8 | inputs.nixpkgs-xr.nixosModules.nixpkgs-xr 9 | ]; 10 | environment.systemPackages = [ 11 | pkgs.android-tools # for wired wivrn 12 | ]; 13 | services = { 14 | wivrn = { 15 | enable = true; 16 | defaultRuntime = true; 17 | openFirewall = true; 18 | autoStart = true; 19 | monadoEnvironment = { 20 | U_PACING_COMP_MIN_TIME_MS = "8"; 21 | XRT_COMPOSITOR_COMPUTE = "1"; 22 | }; 23 | }; 24 | monado = { 25 | enable = false; 26 | highPriority = true; 27 | }; 28 | sunshine = { 29 | enable = true; 30 | autoStart = false; 31 | openFirewall = true; 32 | capSysAdmin = true; 33 | }; 34 | ananicy = { 35 | enable = true; 36 | package = pkgs.ananicy-cpp; 37 | rulesProvider = pkgs.ananicy-cpp; 38 | extraRules = [ 39 | { 40 | "name" = "gamescope"; 41 | "nice" = -20; 42 | } 43 | ]; 44 | }; 45 | }; 46 | programs = { 47 | gamescope = { 48 | enable = true; 49 | capSysNice = false; 50 | args = [ 51 | "--expose-wayland" 52 | "--framerate-limit 144" 53 | ]; 54 | }; 55 | steam = { 56 | enable = true; 57 | platformOptimizations.enable = true; 58 | extraCompatPackages = [ 59 | pkgs.proton-ge-bin 60 | pkgs.proton-ge-rtsp-bin 61 | ]; 62 | }; 63 | }; 64 | } 65 | -------------------------------------------------------------------------------- /hosts/tsuki/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | modulesPath, 5 | ... 6 | }: { 7 | imports = [ 8 | (modulesPath + "/installer/scan/not-detected.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = ["kvm-amd"]; 13 | kernelParams = [ 14 | "preempt=full" 15 | "threadirqs" 16 | "mitigations=off" 17 | ]; 18 | extraModulePackages = with config.boot.kernelPackages; [v4l2loopback.out]; 19 | loader = { 20 | systemd-boot = { 21 | enable = true; 22 | configurationLimit = 10; 23 | }; 24 | efi = { 25 | canTouchEfiVariables = true; 26 | efiSysMountPoint = "/boot/efi"; 27 | }; 28 | }; 29 | initrd = { 30 | availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"]; 31 | kernelModules = []; 32 | }; 33 | }; 34 | 35 | services.scx = { 36 | enable = true; 37 | scheduler = "scx_lavd"; 38 | }; 39 | 40 | hardware.wooting.enable = true; 41 | 42 | fileSystems = { 43 | "/" = { 44 | device = "/dev/disk/by-uuid/a423d32f-ac5d-4ea2-82fb-f94b05afce29"; 45 | fsType = "ext4"; 46 | }; 47 | "/boot/efi" = { 48 | device = "/dev/disk/by-uuid/FEAF-138A"; 49 | fsType = "vfat"; 50 | }; 51 | "/nas/restic" = { 52 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/tsuki"; 53 | fsType = "nfs"; 54 | }; 55 | "/nas/osu-backups" = { 56 | device = "192.168.1.199:/mnt/Sutoreji/osu-backups"; 57 | fsType = "nfs"; 58 | }; 59 | }; 60 | 61 | zramSwap = { 62 | enable = true; 63 | swapDevices = 1; 64 | algorithm = "zstd"; 65 | }; 66 | 67 | networking.useDHCP = lib.mkDefault true; 68 | 69 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 70 | powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; 71 | hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 72 | } 73 | -------------------------------------------------------------------------------- /hosts/tsuki/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "tsuki"; 5 | firewall = { 6 | enable = true; 7 | allowedTCPPorts = [ 8 | 7000 # uxplay 9 | 7100 # uxplay 10 | 7001 # uxplay 11 | 5173 12 | ]; 13 | allowedUDPPorts = [ 14 | 7011 # uxplay 15 | 6001 # uxplay 16 | 6000 # uxplay 17 | ]; 18 | }; 19 | }; 20 | environment.etc = { 21 | "resolv.conf".text = '' 22 | nameserver 192.168.1.103 23 | nameserver 1.1.1.1 24 | options edns0 25 | ''; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /hosts/tsuki/services/atticd.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: { 6 | environment.systemPackages = [pkgs.attic-client]; 7 | 8 | systemd.services.atticd = { 9 | enable = true; 10 | wantedBy = ["multi-user.target"]; 11 | description = "atticd"; 12 | 13 | serviceConfig = { 14 | User = "notoh"; 15 | ExecStart = "${lib.getExe pkgs.attic-client} watch-store kyasshu"; 16 | Restart = "always"; 17 | RestartSec = 30; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/tsuki/services/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./restic.nix 4 | ./atticd.nix 5 | ./hydroxide.nix 6 | ./rnnoise.nix 7 | ./immich-backup.nix 8 | ./syncthing.nix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/tsuki/services/hydroxide.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | environment.systemPackages = [pkgs.hydroxide]; 3 | networking.firewall.allowedTCPPorts = [1025 1143]; 4 | 5 | systemd.services.hydroxide = { 6 | enable = true; 7 | wantedBy = ["multi-user.target"]; 8 | description = "A third-party, open-source ProtonMail bridge"; 9 | 10 | serviceConfig = { 11 | User = "notoh"; 12 | ExecStart = "${pkgs.hydroxide}/bin/hydroxide -disable-carddav serve"; 13 | Restart = "always"; 14 | RestartSec = 30; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/tsuki/services/immich-backup.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: { 6 | systemd = { 7 | services.immich-backup = let 8 | homeDir = "/home/notoh"; 9 | in { 10 | script = with pkgs; '' 11 | echo $DISPLAY 12 | export DISPLAY=:0.0 13 | echo $DISPLAY 14 | export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 15 | ${lib.getExe immich-cli} upload --album-name "desktop screenshots" --recursive ${homeDir}/Pictures/screenshots 16 | ${lib.getExe libnotify} --app-name "immich-backup" --urgency=low --icon=dialog-information "immich backup completed" 17 | ''; 18 | serviceConfig = { 19 | Type = "oneshot"; 20 | User = "notoh"; 21 | }; 22 | environment = { 23 | IMMICH_CONFIG_DIR = "${homeDir}/.config/immich"; 24 | }; 25 | }; 26 | timers.immich-backup = { 27 | wantedBy = ["timers.target"]; 28 | description = "immich backup timer"; 29 | timerConfig = { 30 | OnCalendar = "*-*-* 00:00:00"; 31 | Persistent = true; 32 | Unit = "immich-backup.service"; 33 | }; 34 | unitConfig = { 35 | Description = "immich backup timer"; 36 | }; 37 | }; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/tsuki/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-tsuki = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | sops.secrets.restic-osu = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 8 | environment.systemPackages = [pkgs.restic]; 9 | services.restic = { 10 | backups = { 11 | tsuki = { 12 | user = "root"; 13 | paths = ["/home"]; 14 | exclude = [ 15 | "*.qcow2" 16 | "*.iso" 17 | "/home/*/Downloads" 18 | "/home/*/Games" 19 | "/home/*/Videos" 20 | "/home/*/osu!" 21 | "/home/*/.cache" 22 | "/home/*/.wine" 23 | "/home/*/.rustup" 24 | "/home/*/.cargo" 25 | "/home/*/.factorio" 26 | "/home/*/.mplayer" 27 | "/home/*/.steam" 28 | "/home/*/.eclipse" 29 | "/home/*/.bundle" 30 | "/home/*/.local/share/Trash" 31 | "/home/*/.local/share/Steam" 32 | "/home/*/.local/share/.var" 33 | ]; 34 | pruneOpts = [ 35 | "--keep-daily=7" 36 | "--keep-weekly=6" 37 | "--keep-monthly=5" 38 | ]; 39 | initialize = true; 40 | repository = "/nas/restic"; 41 | passwordFile = config.sops.secrets.restic-tsuki.path; 42 | timerConfig = { 43 | OnCalendar = "daily"; 44 | RandomizedDelaySec = "10m"; 45 | Persistent = true; 46 | }; 47 | }; 48 | osu = { 49 | user = "root"; 50 | paths = ["/home/*/osu!"]; 51 | pruneOpts = ["--keep-last=2"]; 52 | initialize = true; 53 | repository = "/nas/osu-backups"; 54 | passwordFile = config.sops.secrets.restic-osu.path; 55 | timerConfig = { 56 | OnCalendar = "weekly"; 57 | RandomizedDelaySec = "30m"; 58 | Persistent = true; 59 | }; 60 | }; 61 | }; 62 | }; 63 | } 64 | -------------------------------------------------------------------------------- /hosts/tsuki/services/rnnoise.nix: -------------------------------------------------------------------------------- 1 | {pkgs, ...}: { 2 | services.pipewire.extraConfig.pipewire."00-rnnoise.conf" = { 3 | "context.modules" = [ 4 | { 5 | "name" = "libpipewire-module-filter-chain"; 6 | "args" = { 7 | "node.description" = "Noise Cancelling source"; 8 | "media.name" = "Noise Cancelling source"; 9 | "filter.graph" = { 10 | "nodes" = [ 11 | { 12 | "type" = "ladspa"; 13 | "name" = "rnnoise"; 14 | "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; 15 | "label" = "noise_suppressor_stereo"; 16 | "control" = { 17 | "VAD Threshold (%)" = 50.0; 18 | "VAD Grace Period (ms)" = 1000; 19 | "Retroactive VAD Grace (ms)" = 100; 20 | }; 21 | } 22 | ]; 23 | }; 24 | "audio.position" = ["FL" "FR"]; 25 | "capture.props" = { 26 | "node.name" = "capture.rnnoise_source"; 27 | "node.passive" = true; 28 | "audio.rate" = 48000; 29 | }; 30 | "playback.props" = { 31 | "node.name" = "rnnoise_source"; 32 | "media.class" = "Audio/Source"; 33 | "media.role" = "Communication"; 34 | "audio.rate" = 48000; 35 | }; 36 | }; 37 | } 38 | ]; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /hosts/tsuki/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "localhost:8384"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/tsuki/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "tsuki"; 5 | hardware.info = "Desktop"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.127.30.116/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.47/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/tsuru/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/tsuru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | extraModulePackages = []; 13 | loader.grub = { 14 | enable = true; 15 | configurationLimit = 5; 16 | device = "/dev/sda"; 17 | useOSProber = false; 18 | }; 19 | initrd = { 20 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 21 | kernelModules = []; 22 | }; 23 | }; 24 | 25 | fileSystems = { 26 | "/" = { 27 | device = "/dev/disk/by-uuid/625f557a-99a0-4e2d-9aef-f3aed7cea1c8"; 28 | fsType = "ext4"; 29 | }; 30 | }; 31 | 32 | swapDevices = [ 33 | {device = "/dev/disk/by-uuid/5be1a83b-5b40-4068-ade3-fcf28ff07e35";} 34 | ]; 35 | 36 | networking.useDHCP = lib.mkDefault true; 37 | 38 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/tsuru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "tsuru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/tsuru/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./woodpecker.nix 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/tsuru/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: { 7 | sops.secrets.tsauth-tsuru = {sopsFile = ../../../secrets/tailscale/secrets.yaml;}; 8 | environment.systemPackages = [pkgs.jq pkgs.tailscale]; 9 | services.tailscale = { 10 | useRoutingFeatures = lib.mkDefault "client"; 11 | }; 12 | networking.firewall.allowedUDPPorts = [config.services.tailscale.port]; 13 | networking.firewall.trustedInterfaces = [config.services.tailscale.interfaceName]; 14 | 15 | systemd.services.tailscale-autoconnect = { 16 | description = "Automatic connection to Tailscale"; 17 | 18 | # make sure tailscale is running before trying to connect to tailscale 19 | after = ["network-pre.target" "tailscale.service"]; 20 | wants = ["network-pre.target" "tailscale.service"]; 21 | wantedBy = ["multi-user.target"]; 22 | 23 | # set this service as a oneshot job 24 | serviceConfig.Type = "oneshot"; 25 | 26 | # have the job run this shell script 27 | script = with pkgs; '' 28 | # wait for tailscaled to settle 29 | sleep 2 30 | 31 | # check if we are already authenticated to tailscale 32 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 33 | if [ $status = "Running" ]; then # if so, then do nothing 34 | exit 0 35 | fi 36 | 37 | # otherwise authenticate with tailscale 38 | ${tailscale}/bin/tailscale up -authkey file:${config.sops.secrets.tsauth-tsuru.path} --exit-node=100.104.42.96 --exit-node-allow-lan-access=true --accept-dns=false 39 | ''; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/tsuru/services/woodpecker.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.woodpecker-server = {}; 3 | sops.secrets.woodpecker-agent-secret = {}; 4 | services.woodpecker-server = { 5 | enable = true; 6 | environment = { 7 | WOODPECKER_SERVER_ADDR = ":8200"; 8 | WOODPECKER_GRPC_ADDR = ":8300"; 9 | WOODPECKER_HOST = "https://ci.flake.sh"; 10 | WOODPECKER_OPEN = "false"; 11 | WOODPECKER_GITEA = "true"; 12 | WOODPECKER_GITEA_URL = "https://git.flake.sh"; 13 | WOODPECKER_ADMIN = "notohh"; 14 | WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; 15 | WOODPECKER_LOG_LEVEL = "debug"; 16 | WOODPECKER_DEBUG_PRETTY = "true"; 17 | WOODPECKER_KEEPALIVE_MIN_TIME = "10s"; 18 | }; 19 | environmentFile = config.sops.secrets.woodpecker-server.path; 20 | }; 21 | 22 | services.woodpecker-agents.agents.nix = { 23 | enable = true; 24 | environment = { 25 | DOCKER_HOST = "unix:///var/run/docker.sock"; 26 | WOODPECKER_BACKEND = "docker"; 27 | WOODPECKER_SERVER = "localhost:8300"; 28 | WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; 29 | WOODPECKER_LOG_LEVEL = "debug"; 30 | WOODPECKER_DEBUG_PRETTY = "true"; 31 | WOODPECKER_KEEPALIVE_MIN_TIME = "10s"; 32 | WOODPECKER_HEALTHCHECK = "true"; 33 | }; 34 | extraGroups = ["docker"]; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /hosts/tsuru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "tsuru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.82.146.40/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.99/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/yuki/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/yuki/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: { 6 | imports = [ 7 | (modulesPath + "/profiles/qemu-guest.nix") 8 | ]; 9 | 10 | boot = { 11 | kernelModules = []; 12 | extraModulePackages = []; 13 | loader.grub = { 14 | enable = true; 15 | configurationLimit = 5; 16 | device = "/dev/sda"; 17 | useOSProber = false; 18 | }; 19 | initrd = { 20 | availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; 21 | kernelModules = []; 22 | }; 23 | }; 24 | 25 | fileSystems = { 26 | "/" = { 27 | device = "/dev/disk/by-uuid/833959fb-de9d-4820-aa22-e6ce8bce6f6c"; 28 | fsType = "ext4"; 29 | }; 30 | "/home/notoh/docker/stash/data" = { 31 | device = "192.168.1.199:/mnt/Sutoreji/stash"; 32 | fsType = "nfs"; 33 | }; 34 | "/media" = { 35 | device = "192.168.1.199:/mnt/Sutoreji/media"; 36 | fsType = "nfs"; 37 | }; 38 | "/nas/restic" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/yuki"; 40 | fsType = "nfs"; 41 | }; 42 | "/var/lib/paperless-ngx/media" = { 43 | device = "192.168.1.199:/mnt/Sutoreji/paperless-ngx/paperless-media "; 44 | fsType = "nfs"; 45 | }; 46 | "/var/lib/hoarder" = { 47 | device = "192.168.1.199:/mnt/Sutoreji/hoarder "; 48 | fsType = "nfs"; 49 | }; 50 | "/var/lib/immich" = { 51 | device = "192.168.1.199:/mnt/Sutoreji/immich "; 52 | fsType = "nfs"; 53 | }; 54 | }; 55 | 56 | swapDevices = [ 57 | {device = "/dev/disk/by-uuid/bd7ccb73-6f85-4b3d-b37f-5cff58a6ab59";} 58 | ]; 59 | 60 | networking.useDHCP = lib.mkDefault true; 61 | 62 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 63 | } 64 | -------------------------------------------------------------------------------- /hosts/yuki/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "yuki"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/yuki/services/anki-sync-server.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.anki-pwd = {}; 3 | services.anki-sync-server = { 4 | enable = true; 5 | openFirewall = true; 6 | address = "0.0.0.0"; 7 | port = 27701; 8 | users = [ 9 | { 10 | username = "notoh"; 11 | passwordFile = config.sops.secrets.anki-pwd.path; 12 | } 13 | ]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/yuki/services/botoh.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [inputs.botoh.nixosModules.default]; 3 | sops.secrets = { 4 | twitch_auth = {}; 5 | }; 6 | services.botoh = { 7 | enable = true; 8 | log_level = "info"; 9 | environmentFiles = ["/run/secrets/twitch_auth"]; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/yuki/services/default.nix: -------------------------------------------------------------------------------- 1 | {...}: { 2 | imports = [ 3 | ./hass 4 | ./restic.nix 5 | ./traefik.nix 6 | ./stash.nix 7 | ./jellyfin.nix 8 | ./wallos.nix 9 | ./anki-sync-server.nix 10 | ./hoarder.nix 11 | ./immich.nix 12 | ./komga.nix 13 | ./glance.nix 14 | # ./botoh.nix 15 | ]; 16 | } 17 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.home-assistant.config = { 3 | lovelace.mode = "yaml"; 4 | http = { 5 | server_host = ["0.0.0.0"]; 6 | server_port = 8123; 7 | }; 8 | homeassistant = { 9 | name = "Home"; 10 | time_zone = "America/New_York"; 11 | unit_system = "us_customary"; 12 | temperature_unit = "F"; 13 | currency = "USD"; 14 | country = "US"; 15 | }; 16 | default_config = {}; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./lovelace.nix 4 | ./config.nix 5 | ]; 6 | 7 | nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; 8 | 9 | services.home-assistant = { 10 | enable = true; 11 | openFirewall = true; 12 | extraComponents = [ 13 | "default_config" 14 | "met" 15 | "openweathermap" 16 | "esphome" 17 | "google_translate" 18 | "radio_browser" 19 | "sonarr" 20 | "radarr" 21 | "glances" 22 | "epson" 23 | "eufy" 24 | "hue" 25 | "nanoleaf" 26 | ]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/lovelace.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.home-assistant.lovelaceConfig = { 3 | title = "Home"; 4 | views = [ 5 | { 6 | title = "Home"; 7 | icon = "mdi:home"; 8 | cards = [ 9 | { 10 | type = "markdown"; 11 | title = "Lovelace"; 12 | content = "Welcome home!"; 13 | } 14 | { 15 | type = "weather-forecast"; 16 | entity = "weather.openweathermap"; 17 | forecast_type = "hourly"; 18 | } 19 | ]; 20 | } 21 | { 22 | title = "Living Room"; 23 | cards = [ 24 | { 25 | type = "light"; 26 | entity = "light.living_room"; 27 | tap_action = {action = "toggle";}; 28 | hold_action = {action = "Default action";}; 29 | style = { 30 | top = "72.8%"; 31 | left = "75.3%"; 32 | }; 33 | } 34 | { 35 | type = "light"; 36 | entity = "light.hall_light"; 37 | tap_action = {action = "toggle";}; 38 | hold_action = {action = "Default action";}; 39 | style = { 40 | top = "72.8%"; 41 | left = "75.3%"; 42 | }; 43 | } 44 | ]; 45 | } 46 | { 47 | title = "Master Bedroom"; 48 | cards = [ 49 | { 50 | type = "light"; 51 | entity = "light.master_bedroom_lamp"; 52 | tap_action = {action = "toggle";}; 53 | hold_action = {action = "Default action";}; 54 | style = { 55 | top = "72.8%"; 56 | left = "75.3%"; 57 | }; 58 | } 59 | ]; 60 | } 61 | { 62 | title = "Bedroom 1"; 63 | cards = [ 64 | { 65 | type = "light"; 66 | entity = "light.bedroom_1"; 67 | show_state = true; 68 | show_icon = true; 69 | tap_action = {action = "toggle";}; 70 | hold_action = {action = "Default action";}; 71 | style = { 72 | top = "72.8%"; 73 | left = "75.3%"; 74 | }; 75 | } 76 | { 77 | type = "light"; 78 | entity = "light.light_panels_58_6c_84"; 79 | show_state = true; 80 | show_icon = true; 81 | tap_action = {action = "toggle";}; 82 | hold_action = {action = "Default action";}; 83 | style = { 84 | top = "72.8%"; 85 | left = "75.3%"; 86 | }; 87 | } 88 | { 89 | type = "entities"; 90 | entities = [ 91 | "light.hue_color_lamp_1" 92 | "light.hue_color_lamp_2" 93 | "light.hue_lightstrip_plus_1" 94 | "light.light_panels_58_6c_84" 95 | ]; 96 | style = { 97 | top = "72.8%"; 98 | left = "75.3%"; 99 | }; 100 | } 101 | ]; 102 | } 103 | { 104 | title = "Bedroom 2"; 105 | cards = [ 106 | ]; 107 | } 108 | ]; 109 | }; 110 | } 111 | -------------------------------------------------------------------------------- /hosts/yuki/services/hoarder.nix: -------------------------------------------------------------------------------- 1 | {config, ...}: { 2 | sops.secrets.hoarder = {}; 3 | services.meilisearch = { 4 | enable = true; 5 | listenAddress = "0.0.0.0"; 6 | }; 7 | virtualisation.oci-containers.containers = { 8 | hoarder-web = { 9 | image = "ghcr.io/hoarder-app/hoarder@sha256:e2156f3de4a1eafc53afb6e682f20857be4449d7e9d24240afe6d9ccd280ed3b"; 10 | ports = ["3000:3000"]; 11 | environment = { 12 | BROWSER_WEB_URL = "http://localhost:9222"; 13 | DATA_DIR = "/data"; 14 | DISABLE_SIGNUPS = "true"; 15 | MEILI_ADDR = "http://localhost:${toString config.services.meilisearch.listenPort}"; 16 | OCR_LANGS = "eng"; 17 | }; 18 | volumes = ["/var/lib/hoarder:/data"]; 19 | environmentFiles = [/run/secrets/hoarder]; 20 | extraOptions = ["--network=host"]; 21 | }; 22 | hoarder-chrome = { 23 | image = "gcr.io/zenika-hub/alpine-chrome"; 24 | cmd = [ 25 | "--no-sandbox" 26 | "--disable-gpu" 27 | "--disable-dev-shm-usage" 28 | "--remote-debugging-address=0.0.0.0" 29 | "--remote-debugging-port=9222" 30 | "--hide-scrollbars" 31 | ]; 32 | ports = ["9222:9222"]; 33 | extraOptions = ["--network=host"]; 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /hosts/yuki/services/immich.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.immich = {}; 3 | services.immich = { 4 | enable = true; 5 | openFirewall = true; 6 | host = "0.0.0.0"; 7 | mediaLocation = "/var/lib/immich"; 8 | secretsFile = "/run/secrets/immich"; 9 | machine-learning.enable = true; 10 | redis = { 11 | enable = true; 12 | }; 13 | database = { 14 | createDB = true; 15 | }; 16 | settings = { 17 | server = { 18 | externalDomain = "https://immich.flake.sh"; 19 | }; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/yuki/services/jellyfin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services = { 3 | jellyfin = { 4 | enable = true; 5 | openFirewall = true; 6 | }; 7 | jellyseerr = { 8 | enable = true; 9 | openFirewall = true; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/yuki/services/komga.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.komga = { 3 | enable = true; 4 | openFirewall = true; 5 | settings = { 6 | server = { 7 | port = 8081; 8 | }; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/yuki/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: { 6 | sops.secrets.restic-yuki = {sopsFile = ../../../secrets/restic/secrets.yaml;}; 7 | environment.systemPackages = [pkgs.restic]; 8 | services.restic = { 9 | backups = { 10 | yuki = { 11 | user = "root"; 12 | paths = [ 13 | "/home/notoh/docker" 14 | "/var/lib/jellyfin" 15 | "/var/lib/private/jellyseerr" 16 | "/var/lib/private/homepage-dashboard" 17 | ]; 18 | exclude = [ 19 | "/home/notoh/docker/stash/data" 20 | ]; 21 | pruneOpts = [ 22 | "--keep-daily=7" 23 | "--keep-weekly=6" 24 | "--keep-monthly=5" 25 | ]; 26 | initialize = true; 27 | repository = "/nas/restic"; 28 | passwordFile = config.sops.secrets.restic-yuki.path; 29 | timerConfig = { 30 | OnCalendar = "daily"; 31 | RandomizedDelaySec = "20m"; 32 | Persistent = true; 33 | }; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/yuki/services/stash.nix: -------------------------------------------------------------------------------- 1 | _: let 2 | storagePath = "/home/notoh/docker/stash"; 3 | in { 4 | virtualisation.oci-containers.containers.stash = { 5 | image = "stashapp/stash@sha256:645f6c15b079410d50d488dbeb247c92f25534094dad4e15d886e47648b897f7"; # v0.28.1 6 | ports = ["9999:9999"]; 7 | environment = { 8 | STASH_STASH = "/data/"; 9 | STASH_GENERATED = "/generated/"; 10 | STASH_METADATA = "/metadata/"; 11 | STASH_CACHE = "/cache/"; 12 | STASH_PORT = "9999"; 13 | }; 14 | volumes = [ 15 | "/etc/localtime:/etc/localtime:ro" 16 | "${storagePath}/.config:/root/.stash" 17 | "${storagePath}/data:/data" 18 | "${storagePath}/.metadata:/metadata" 19 | "${storagePath}/cache:/cache" 20 | "${storagePath}/generated:/generated" 21 | "${storagePath}/blobs:/blobs" 22 | ]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/yuki/services/wallos.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | virtualisation.oci-containers.containers.wallos = { 3 | image = "bellamy/wallos@sha256:34d1a92083bc4da561607d2b83bf58565754efed714bfe28196b6c3c9ba84031"; #v2.46.1 4 | ports = ["8282:80"]; 5 | volumes = [ 6 | "/home/notoh/docker/wallos/db:/var/www/html/db" 7 | "/home/notoh/docker/wallos/logos:/var/www/html/images/uploads/logos" 8 | ]; 9 | environment = {TZ = "America/New_York";}; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/yuki/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "yuki"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = ["100.108.113.89/32"]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = ["192.168.1.98/24"]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./pre-commit.nix 4 | ./topology.nix 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /modules/pre-commit.nix: -------------------------------------------------------------------------------- 1 | {inputs, ...}: { 2 | imports = [ 3 | inputs.pre-commit-hooks.flakeModule 4 | ]; 5 | perSystem.pre-commit = { 6 | check.enable = true; 7 | settings = { 8 | excludes = ["flake.lock"]; 9 | hooks = { 10 | stylua.enable = true; 11 | statix.enable = true; 12 | alejandra.enable = true; 13 | flake-checker.enable = true; 14 | deadnix = { 15 | enable = true; 16 | excludes = ["technorino.nix"]; 17 | }; 18 | prettier = { 19 | enable = true; 20 | files = "\\.(js|ts|md|json)$"; 21 | settings = { 22 | trailing-comma = "none"; 23 | }; 24 | }; 25 | }; 26 | }; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /modules/topology.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | self, 4 | ... 5 | }: { 6 | imports = [ 7 | inputs.nix-topology.flakeModule 8 | ]; 9 | perSystem = _: { 10 | topology.modules = [ 11 | {inherit (self) nixosConfigurations;} 12 | ({config, ...}: let 13 | inherit 14 | (config.lib.topology) 15 | mkConnection 16 | mkInternet 17 | mkRouter 18 | ; 19 | in { 20 | networks = { 21 | home = { 22 | name = "home"; 23 | cidrv4 = "192.168.0.0/24"; 24 | }; 25 | tailscale0 = { 26 | name = "tailscale"; 27 | cidrv4 = "100.0.0.0/32"; 28 | }; 29 | hetzner = { 30 | name = "hetzner"; 31 | cidrv4 = "5.161.102.107/24"; 32 | }; 33 | }; 34 | 35 | nodes = { 36 | internet = mkInternet { 37 | connections = [ 38 | (mkConnection "hetzner" "wan0") 39 | (mkConnection "router" "lan0") 40 | ]; 41 | }; 42 | router = mkRouter "UDM-SE" { 43 | info = "UDM-SE"; 44 | interfaceGroups = [ 45 | [ 46 | "eth0" 47 | "eth1" 48 | "eth2" 49 | "eth4" 50 | "eth5" 51 | "eth6" 52 | "eth7" 53 | ] 54 | ["lan0"] 55 | ]; 56 | connections = { 57 | eth0 = mkConnection "ame" "home"; 58 | eth1 = mkConnection "arashi" "home"; 59 | eth2 = mkConnection "haru" "home"; 60 | eth3 = mkConnection "kariru" "home"; 61 | eth4 = mkConnection "sakura" "home"; 62 | eth5 = mkConnection "tsuki" "home"; 63 | eth6 = mkConnection "tsuru" "home"; 64 | eth7 = mkConnection "yuki" "home"; 65 | }; 66 | }; 67 | hetzner = mkRouter "Hetzner" { 68 | info = "hetzner edge router"; 69 | interfaceGroups = [ 70 | [ 71 | "eth0" 72 | "eth1" 73 | ] 74 | ["wan0"] 75 | ]; 76 | connections = { 77 | eth0 = mkConnection "sora" "eth0"; 78 | eth1 = mkConnection "kaze" "eth0"; 79 | }; 80 | }; 81 | }; 82 | }) 83 | ]; 84 | }; 85 | } 86 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [./technorino.nix]; 3 | } 4 | -------------------------------------------------------------------------------- /overlays/technorino.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | flake.overlays.technorino = final: prev: { 3 | technorino = 4 | prev.chatterino2.overrideAttrs 5 | (old: { 6 | nativeBuildInputs = with prev; [cmake pkg-config]; 7 | buildInputs = with prev; [qt6.wrapQtAppsHook qt6.qtbase qt6.qtsvg qt6.qtimageformats qt6.qttools qt6.qt5compat qt6.qtwayland boost openssl libnotify]; 8 | cmakeFlags = ["-DBUILD_WITH_QT6=ON" "-DBUILD_WITH_QTKEYCHAIN=OFF"]; 9 | src = prev.chatterino2.src.override { 10 | owner = "2547techno"; 11 | repo = "technorino"; 12 | rev = "92c4d27e19a19ebc0621946f09d04759bd141b8f"; 13 | tag = null; 14 | hash = "sha256-jaO0kacV2Xd3AWF3ZKbp0feS+UQVLe+rVHrU+yjQ4q0="; 15 | }; 16 | }); 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /pkgs/README.md: -------------------------------------------------------------------------------- 1 | # :package: pkgs 2 | 3 | this directory hosts derivations of packages not found in nixpkgs, and overrides. 4 | 5 | | name | description | 6 | | -------------- | ---------------------------------------------------------------------------- | 7 | | `jellyfin-rpc` | [discord rpc client](https://github.com/Radiicall/jellyfin-rpc) for jellyfin | 8 | | `overlays.nix` | has overlays that i use | 9 | -------------------------------------------------------------------------------- /pkgs/cpm/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | rustPlatform, 4 | fetchFromGitHub, 5 | lib, 6 | ... 7 | }: 8 | rustPlatform.buildRustPackage { 9 | name = "cpm"; 10 | src = fetchFromGitHub { 11 | owner = "2547techno"; 12 | repo = "cpm"; 13 | rev = "bc7a70a606ea83300aed8d100df2985de785aa83"; 14 | sha256 = "sha256-uk2ltAPx8HxmVUhIIzAcQ6s4cTmsFmPOq0h/kSHMUzw="; 15 | }; 16 | 17 | nativeBuildInputs = [pkgs.pkg-config]; 18 | buildInputs = [pkgs.openssl]; 19 | 20 | cargoHash = "sha256-j3FtsrxAvPX2UhMjtLXyWsmLEEn/ZQ6R9nH6PSG844c="; 21 | 22 | meta = with lib; { 23 | description = "Chatterino Plugin Manager "; 24 | mainProgram = "cpm"; 25 | homepage = "https://github.com/2547techno/cpm"; 26 | license = licenses.gpl3; 27 | maintainers = with maintainers; [notohh]; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /pkgs/forex/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | rustPlatform, 5 | fetchFromGitea, 6 | ... 7 | }: 8 | rustPlatform.buildRustPackage { 9 | name = "forex"; 10 | src = fetchFromGitea { 11 | domain = "git.flake.sh"; 12 | owner = "notohh"; 13 | repo = "forex"; 14 | rev = "de4b32b0d5bf0631404dd11c5878058bc7fd4a56"; 15 | sha256 = "sha256-d/iyg/tFF3N0I6LCSFU4U1vBzpz60s2FnT0GB4AuihE="; 16 | }; 17 | 18 | nativeBuildInputs = [pkgs.pkg-config]; 19 | buildInputs = [pkgs.openssl]; 20 | 21 | cargoHash = "sha256-COWFG766DVWXbGm8raVSH1nBpsS5HdTat5BHzv7QR4o="; 22 | 23 | meta = with lib; { 24 | description = "a CLI currency converter, written in rust, for practice"; 25 | mainProgram = "forex"; 26 | homepage = "https://git.flake.sh/notohh/forex"; 27 | license = licenses.mit; 28 | maintainers = with maintainers; [notohh]; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /pkgs/jellyfin-rpc/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | fetchFromGitHub, 4 | rustPlatform, 5 | }: 6 | rustPlatform.buildRustPackage { 7 | pname = "jellyfin-rpc"; 8 | version = "0.15.5"; 9 | 10 | src = fetchFromGitHub { 11 | owner = "Radiicall"; 12 | repo = "jellyfin-rpc"; 13 | rev = "fcb13733e049153a111d8d4116324c3b02be9530"; 14 | sha256 = "sha256-LQFXG5P4V2M6TVPyvCl2XMM70K61Z1sCyyLc05Twl4M="; 15 | }; 16 | cargoHash = "sha256-uswD0PAoJ6x6bu7766QPdWB0CnINBaRAlkeEdNrC9xw="; 17 | 18 | meta = with lib; { 19 | description = "Displays the content you're currently watching on Discord!"; 20 | homepage = "https://github.com/Radiicall/jellyfin-rpc"; 21 | license = licenses.gpl3; 22 | maintainers = with maintainers; [notohh]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /pkgs/passgen/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | rustPlatform, 3 | fetchFromGitea, 4 | lib, 5 | ... 6 | }: 7 | rustPlatform.buildRustPackage { 8 | name = "passgen"; 9 | src = fetchFromGitea { 10 | domain = "git.flake.sh"; 11 | owner = "notohh"; 12 | repo = "passgen"; 13 | rev = "4a01bd5faae893682e7011632bdda8f12c96ef49"; 14 | sha256 = "sha256-+a1B1Z/N7OsGTVmIBp/JJZYdvTerClHo7y1Bn419dlg="; 15 | }; 16 | 17 | cargoHash = "sha256-A8W7Qz+8cy6sPjLBC5a4Brz+cCyGPeNM1f7oZ6pmfe0="; 18 | 19 | meta = with lib; { 20 | description = "password generator for rust practice"; 21 | mainProgram = "passgen"; 22 | homepage = "https://git.flake.sh/notohh/passgen"; 23 | license = licenses.mit; 24 | maintainers = with maintainers; [notohh]; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /secrets/README.md: -------------------------------------------------------------------------------- 1 | # :lock: secrets 2 | 3 | houses my secrets, managed with [sops-nix](https://github.com/Mic92/sops-nix) 4 | -------------------------------------------------------------------------------- /secrets/restic/secrets.yaml: -------------------------------------------------------------------------------- 1 | restic-tsuki: ENC[AES256_GCM,data:MPCPYbFm4SR8CJvEjmmt+vPSJu3w4SUlXRRkijW01po=,iv:FClVeZGKlPD8MXqQm2zj2cTBJGLJSv3ZlmdQEocJG5Q=,tag:YQzuhQAKAd/9GXihKOSQQw==,type:str] 2 | restic-sakura: ENC[AES256_GCM,data:KCv4kj0G8eUIo7vhe8TUmuL0m35J9NnxKcBiJh0VC6Q=,iv:C8XgTJfjvAM4bV1SMgmx8QWzhKln9nV4nYZUkopuz4w=,tag:zBREioxOV8U9ujeBAuHV9Q==,type:str] 3 | restic-sora: ENC[AES256_GCM,data:frxiGhrodKFn9gfHYCz0AUDik5hdjGW3McJNFerMFWU=,iv:Gek/eBEqFB9llsUveSgSHiz5YQsFPfepMuWMFspiwb4=,tag:XrLAAEtgjr/UH3JTvFOV8Q==,type:str] 4 | restic-yuki: ENC[AES256_GCM,data:fvGrVXKQ5cLXVfgb1nCWhxV9yuRG6FdyE2WvB1rlOyA=,iv:CQ1LkIthrh9iPg4dJJr4fKceMc0/w25rlRzo0So+5GU=,tag:/LrWhz/dtGoVOPnpXrV2yw==,type:str] 5 | restic-arashi: ENC[AES256_GCM,data:L2GuxUCfbUlWg9un3h6cSp9UAtA5auYiQiIIS0TvWRE=,iv:XJZBGrNurnLDmZyQaePaRUu6ahjqgwUap/vP9bPKHmE=,tag:Dk2Ior6IDt9HbM2IRwKe+A==,type:str] 6 | restic-kariru: ENC[AES256_GCM,data:ghG6DnPdt6j1A6qZdmcaG5HGDGSHiAU7CJAiA7GLoAU=,iv:+6/vu7lPYPbVndSlrv9yLlOTGM9dzP+7lkIqBodQMWw=,tag:70yx7peJSmE6H8rtrloiaw==,type:str] 7 | restic-ame: ENC[AES256_GCM,data:NO91+uNkkmBaQNFoeLeytYQPb+Sm0l9eg2tseGveQN0=,iv:QdIB7QLq1CGfIn+BwP/RR2m4Zc0PwDT+ourCROk2KdM=,tag:8I0oH/9/4HTd8vxS4+105Q==,type:str] 8 | restic-osu: ENC[AES256_GCM,data:0bb72Wq0FyFgClYzPo9O5IfZ9/7oWl3QDONU8yijs1Q=,iv:1X2IgwLyMETlkLKTWA/cGofplH4YRgc+PhXbIMP7gTY=,tag:wov3PolwQN3ZMGXuLLheNA==,type:str] 9 | sops: 10 | kms: [] 11 | gcp_kms: [] 12 | azure_kv: [] 13 | hc_vault: [] 14 | age: 15 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 16 | enc: | 17 | -----BEGIN AGE ENCRYPTED FILE----- 18 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTDQ5R1Z1eTZtSnJvNjJN 19 | NjF3R2JGZTIvU1Y5N1cwWEg4UFl3ZkF3N1NJCkZzT0dQcGFyVWhlWkU1anhwSHcy 20 | dGJTaWh6QUduS1ZvT2I4UmlSVWdUQVkKLS0tIDRkakMxd0hveHRqaG43SUZtNEw3 21 | NmQ4UythUU03bWMvRmZMaVJGM1FkMU0Km33/zUXSLWuEQqxIFklI0JToLXARlV3m 22 | EB18XYH+m/9VoYy2sN5dMoUdSflPqjGgxAPxuX5TU+F7MAsVkpdOVg== 23 | -----END AGE ENCRYPTED FILE----- 24 | lastmodified: "2024-02-03T15:30:07Z" 25 | mac: ENC[AES256_GCM,data:enaMzp3+xNgyZkOHq2wtvgEFU60TYt76667AyA+Fznyt8hnErbIr1g9KzAGBvaxSixPrCTN0GVRWsSGu3RNXjJxyQWdR9QBqGbCQ5PAAMz1U39f9OM/xfNDkwoJdZcHW3HOZkCf7bgORrhkOk+f9nhbeAnKMAexAVpHtgTyZVsQ=,iv:JS27uYA5IPbVyP8TO2SYyUj2Z6NTXC4On/REJHvthc0=,tag:EFO+GYlAgaztg+HBEvCXyA==,type:str] 26 | pgp: [] 27 | unencrypted_suffix: _unencrypted 28 | version: 3.8.1 29 | -------------------------------------------------------------------------------- /secrets/s3/secrets.yaml: -------------------------------------------------------------------------------- 1 | sora-s3: ENC[AES256_GCM,data:uSfqakVboOuPf0liaeKj0QF95fM3ySqhakUOishzmHC2e2noftgdT3HNP+dnyXkKXvceLM+Ap++DRlIpGP0gCq49nHV0NjcD7vhKtO1RkNLKnGxMhDiQ82y8xTyUuUELQ8mRcbHg,iv:w54sLvA1WlrWnOnY8VKNSuqjlago4PwLKfSSjMEA8DM=,tag:9+42lJXSWDxGfgk8S2eiSg==,type:str] 2 | ame-s3: ENC[AES256_GCM,data:LftDLOs82cZG+2dBEtMp7eFws8bR788U6Aw5E6AVBvEVm0VEAIcfY2j9dToIkKOaxhqTYlFwyNTg8r+zG3DXDrgl2hersK6upljlddMjnAIUs0rVO3Gu5eoEzturuWT76tE9k+08,iv:IOutZJoomSWL23/wuukSPU4DnisNYxsODfoQXzlaTwY=,tag:elyitUxdcQK0GGslZulf9Q==,type:str] 3 | sops: 4 | kms: [] 5 | gcp_kms: [] 6 | azure_kv: [] 7 | hc_vault: [] 8 | age: 9 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 10 | enc: | 11 | -----BEGIN AGE ENCRYPTED FILE----- 12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK1BKNjcwZWFxVU9EeXRR 13 | c1FvVi9uT1NGajMrZzRaSFIwK0ZadUE5UGxJCnVCR3kycU02aHVMajJQUzJVeEt4 14 | VmhSMWZrSmtFK1RQMTZ2M0ZsSVBlZGMKLS0tIDVTWmlUN3p0dFNESGpmUlZMYVRo 15 | bE85dXI2VVN1Z2c0ZFQvdkQwM3FGbUkKWy5O+mqHTokLVV5FQ4UziVBadxpymX9D 16 | BHUoDve8WgKFkRCY46ibnYofIumJqYRiHXPSUN46QQMg0GDma3jWRA== 17 | -----END AGE ENCRYPTED FILE----- 18 | lastmodified: "2025-02-12T23:52:26Z" 19 | mac: ENC[AES256_GCM,data:ZrDrtuo+iygALZ2k2VZqfBg2UgPwabtduItJdyeQcZT6Sksg74LX2TVjpOul+/1acbjgvXVnXCUcfp0EGRkdjPkNsJk63KKbER+p5EX0dVqj1FHNDNg20OWyy+/WnbeWETj/vr15x+sodHtQjZFqSQLbgWdpsa+BzhNvzEBkSig=,iv:A+aPu+lWPZ/p+gcGTvMZSA9RNdp5DiWJDFs3gkuBrXU=,tag:2g91F1VyeVZ36G79py1NeQ==,type:str] 20 | pgp: [] 21 | unencrypted_suffix: _unencrypted 22 | version: 3.9.4 23 | -------------------------------------------------------------------------------- /secrets/tailscale/secrets.yaml: -------------------------------------------------------------------------------- 1 | tsauth-sora: ENC[AES256_GCM,data:GAgCIpYMS5e4t2RW4t6w9jI2mfJQdBq2eRBDAKt6HJ/JaZyv983bx5xojTStqOWYUIKaFZ5IL30=,iv:AQTKdSPr2G9tow/hbgFKSrh/i4D9JaFrc7/JFOvP1Bo=,tag:4ss1dNK0Z//JIWnds/hMKQ==,type:str] 2 | tsauth-sakura: ENC[AES256_GCM,data:35SN+Tu9pGXYu/i/VbBFHMwJmAttjLrE5JrcQXUuwqkUbv/jnFuELtwC6jsO9hSllD6vGJJsYoJ3,iv:C3Tl2T6SOrUEdUAFs3Ly8/RPaqj0SKOPwFppeGZf3XI=,tag:o3vtwxMvHUpXpKbXtSqhzQ==,type:str] 3 | tsauth-tsuru: ENC[AES256_GCM,data:xwKUF50aAFzgqgHB0dpnIW0893eBM5izRTbkoinfBYPpM53f5LGyt3nhIkPErVNV2XLg1WcLmxN8,iv:Os1yh1q1/00FLU46jekyvxR0qGdICyqoZKOZMU0hP40=,tag:/kbVkz/Fl0pmTe4Fq8m97w==,type:str] 4 | sops: 5 | kms: [] 6 | gcp_kms: [] 7 | azure_kv: [] 8 | hc_vault: [] 9 | age: 10 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 11 | enc: | 12 | -----BEGIN AGE ENCRYPTED FILE----- 13 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSXF1aHNHUSszd2hRSEc1 14 | OTh5WWhrYkN5alpncEYxQ1h4Skh3OS96dlI4Ck9LaTZkZHBhMitVNWdvcnhybU9T 15 | UUJsRmYwNU5iNi8zK3IxY0pjeGFzNFEKLS0tIHhNMG1QY2kyQlpYLy82Vk9WWCtU 16 | S2doM1FiZkRFT0dCckx4Tzd1b2pZRHMKEIsD+AjBcHOFSQiXrCuLv+IBcF+4vUYB 17 | YeHe81lcjqWO2TEcP1fdBh0JWUtDVXQbZiBDxs5Vlz35x/OnA9fwPQ== 18 | -----END AGE ENCRYPTED FILE----- 19 | lastmodified: "2025-02-22T03:02:59Z" 20 | mac: ENC[AES256_GCM,data:0fFXdU8AVRPHwm3puhFmFKz3H3M2ccGfwVYPZNWcjsnvJph9I2O5k5xDJ2YDewhQ+kbNtswHaIsMH9ws9nomM8SMWxgETpDZ8NAyS9JIvtbcmBXegns+ka6pgu8+ZUADjGY9vsOw33d/ZcfjAG9C8Ul7c6N3xMCfS4QPB9DuCAc=,iv:ZuT84k3jsZcEYP6KNtFb8iqrlDzqFhJQ3uUsUTiW8Lc=,tag:bxIdH7hOX6qn5KdXqiGoVg==,type:str] 21 | pgp: [] 22 | unencrypted_suffix: _unencrypted 23 | version: 3.9.4 24 | -------------------------------------------------------------------------------- /statix.toml: -------------------------------------------------------------------------------- 1 | disabled = [] 2 | nix_version = '2.4' 3 | ignore = ['.direnv'] 4 | --------------------------------------------------------------------------------