├── .envrc ├── .gitignore ├── home ├── profiles │ ├── default │ │ └── default.nix │ ├── default.nix │ ├── tsuki │ │ ├── stylix.nix │ │ └── default.nix │ └── ame │ │ └── default.nix ├── services │ ├── default.nix │ └── gpg.nix ├── programs │ ├── tealdeer.nix │ ├── media │ │ ├── easyeffects.nix │ │ ├── lutris.nix │ │ ├── cava.nix │ │ ├── mpv.nix │ │ ├── spicetify.nix │ │ └── zathura.nix │ ├── terminal │ │ ├── television │ │ │ ├── config.json │ │ │ └── default.nix │ │ ├── direnv.nix │ │ ├── zoxide.nix │ │ ├── nushell │ │ │ ├── default.nix │ │ │ └── env.nu │ │ ├── bat.nix │ │ ├── lazygit │ │ │ └── default.nix │ │ ├── atuin.nix │ │ ├── zellij │ │ │ ├── default.nix │ │ │ └── layouts.nix │ │ ├── bottom.nix │ │ ├── ghostty.nix │ │ ├── git.nix │ │ ├── yazi │ │ │ ├── default.nix │ │ │ ├── openers.nix │ │ │ └── init.lua │ │ └── starship.nix │ ├── vicinae.nix │ ├── editors │ │ ├── nvchad │ │ │ ├── default.nix │ │ │ ├── plugins.lua │ │ │ └── config.lua │ │ └── helix │ │ │ ├── default.nix │ │ │ └── languages.nix │ └── openvr.nix ├── wayland │ ├── hyprland │ │ ├── config │ │ │ ├── plugins.nix │ │ │ ├── binds.nix │ │ │ ├── rules.nix │ │ │ └── general.nix │ │ └── default.nix │ ├── services │ │ ├── ly.nix │ │ ├── hypridle.nix │ │ └── hyprpaper.nix │ ├── default.nix │ └── programs │ │ └── hyprlock.nix ├── default.nix └── README.md ├── statix.toml ├── overlays ├── default.nix └── gale.nix ├── hosts ├── tsuru │ ├── services │ │ ├── default.nix │ │ ├── woodpecker.nix │ │ └── tailscale.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── haru │ ├── services │ │ ├── default.nix │ │ └── unbound.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── ame │ ├── services │ │ ├── default.nix │ │ ├── syncthing.nix │ │ └── restic.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── sora │ ├── services │ │ ├── croc.nix │ │ ├── uptimekuma.nix │ │ ├── factorio.nix │ │ ├── default.nix │ │ ├── ntfy-sh.nix │ │ ├── redbot.nix │ │ ├── minecraft.nix │ │ ├── foundryvtt.nix │ │ ├── terraria.nix │ │ ├── restic.nix │ │ ├── attic.nix │ │ ├── tailscale.nix │ │ └── quakelive.nix │ ├── topology.nix │ ├── default.nix │ ├── networking.nix │ └── hardware.nix ├── arashi │ ├── services │ │ ├── default.nix │ │ ├── exporters.nix │ │ ├── restic.nix │ │ ├── valkey.nix │ │ └── postgresql.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── common │ ├── sops.nix │ ├── virtualisation.nix │ ├── users.nix │ ├── default.nix │ ├── openssh.nix │ ├── time.nix │ ├── fonts.nix │ ├── system.nix │ ├── prometheus.nix │ ├── README.md │ ├── security.nix │ └── nix.nix ├── tsuki │ ├── services │ │ ├── owncast.nix │ │ ├── default.nix │ │ ├── syncthing.nix │ │ ├── atticd.nix │ │ ├── twitch-miner.nix │ │ ├── immich-backup.nix │ │ ├── rnnoise.nix │ │ └── restic.nix │ ├── topology.nix │ ├── networking.nix │ ├── gaming.nix │ ├── hardware.nix │ └── default.nix ├── sakura │ ├── services │ │ ├── immich-proxy.nix │ │ ├── wastebin.nix │ │ ├── syncthing.nix │ │ ├── default.nix │ │ ├── hedgedoc.nix │ │ ├── rustypaste.nix │ │ ├── pocketid.nix │ │ ├── restic.nix │ │ ├── vaultwarden.nix │ │ ├── copyparty.nix │ │ ├── tailscale.nix │ │ ├── grafana.nix │ │ └── forgejo.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── yuki │ ├── services │ │ ├── jellyfin.nix │ │ ├── default.nix │ │ ├── anki-sync-server.nix │ │ ├── hass │ │ │ ├── config.nix │ │ │ ├── default.nix │ │ │ └── lovelace.nix │ │ ├── wallos.nix │ │ ├── immich.nix │ │ ├── stash.nix │ │ ├── restic.nix │ │ └── romm.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── kariru │ ├── services │ │ ├── syncthing.nix │ │ ├── restic.nix │ │ ├── torrent.nix │ │ └── default.nix │ ├── networking.nix │ ├── topology.nix │ ├── default.nix │ └── hardware.nix ├── README.md ├── deploy.nix └── default.nix ├── modules ├── default.nix ├── pre-commit.nix └── topology.nix ├── secrets ├── README.md ├── s3 │ └── secrets.yaml ├── tailscale │ └── secrets.yaml ├── restic │ └── secrets.yaml └── secrets.yaml ├── .editorconfig ├── justfile ├── pkgs ├── default.nix ├── README.md └── wayscriber │ └── default.nix ├── LICENSE ├── .sops.yaml ├── .woodpecker └── flake-lock-update.yml ├── flake.nix └── README.md /.envrc: -------------------------------------------------------------------------------- 1 | use flake -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | result 2 | .pre-commit-config.yaml 3 | .stfolder 4 | -------------------------------------------------------------------------------- /home/profiles/default/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ ]; 3 | } 4 | -------------------------------------------------------------------------------- /home/services/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | imports = [ ./gpg.nix ]; 3 | } 4 | -------------------------------------------------------------------------------- /statix.toml: -------------------------------------------------------------------------------- 1 | disabled = [] 2 | nix_version = '2.4' 3 | ignore = ['.direnv'] 4 | -------------------------------------------------------------------------------- /overlays/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./gale.nix 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /hosts/tsuru/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./woodpecker.nix 4 | ]; 5 | } 6 | -------------------------------------------------------------------------------- /modules/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./pre-commit.nix 4 | ./topology.nix 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/haru/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./blocky.nix 4 | ./unbound.nix 5 | ]; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/ame/services/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | imports = [ 4 | ./restic.nix 5 | ./syncthing.nix 6 | ]; 7 | } 8 | -------------------------------------------------------------------------------- /secrets/README.md: -------------------------------------------------------------------------------- 1 | # :lock: secrets 2 | 3 | houses my secrets, managed with [sops-nix](https://github.com/Mic92/sops-nix) 4 | -------------------------------------------------------------------------------- /home/programs/tealdeer.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.tealdeer = { 3 | enable = true; 4 | enableAutoUpdates = true; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/programs/media/easyeffects.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.easyeffects = { 3 | enable = true; 4 | preset = "chu2_eq"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /hosts/sora/services/croc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.croc = { 3 | enable = true; 4 | openFirewall = true; 5 | debug = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /hosts/arashi/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./restic.nix 4 | ./postgresql.nix 5 | ./valkey.nix 6 | ./exporters.nix 7 | ]; 8 | } 9 | -------------------------------------------------------------------------------- /home/programs/terminal/television/config.json: -------------------------------------------------------------------------------- 1 | { 2 | "indexes": ["nixpkgs", "home-manager", "nur"], 3 | "update_interval": "12h", 4 | "enable_waiting_message": true 5 | } 6 | -------------------------------------------------------------------------------- /hosts/common/sops.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops = { 3 | defaultSopsFile = ../../secrets/secrets.yaml; 4 | age.keyFile = "/home/notoh/.config/sops/age/keys.txt"; 5 | }; 6 | } 7 | -------------------------------------------------------------------------------- /home/programs/terminal/direnv.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.direnv = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | nix-direnv.enable = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/programs/terminal/zoxide.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zoxide = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | options = [ "--cmd cdd" ]; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /home/programs/terminal/nushell/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.nushell = { 3 | enable = true; 4 | configFile.source = ./config.nu; 5 | envFile.source = ./env.nu; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | root = true 2 | 3 | [*.nix] 4 | indent_style = tab 5 | indent_size = 2 6 | end_of_line = lf 7 | charset = utf-8 8 | trim_trailing_whitespace = true 9 | insert_final_newline = false 10 | -------------------------------------------------------------------------------- /hosts/sora/services/uptimekuma.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.uptime-kuma = { 3 | enable = true; 4 | settings = { 5 | HOST = "100.104.42.96"; 6 | PORT = "4000"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/tsuki/services/owncast.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.owncast = { 3 | enable = true; 4 | openFirewall = true; 5 | listen = "0.0.0.0"; 6 | port = 8100; 7 | rtmp-port = 1935; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/sakura/services/immich-proxy.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.immich-public-proxy = { 3 | enable = true; 4 | port = 2284; 5 | openFirewall = true; 6 | immichUrl = "https://immich.internal.flake.sh"; 7 | }; 8 | } 9 | -------------------------------------------------------------------------------- /home/programs/terminal/bat.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.bat = { 3 | enable = true; 4 | config = { 5 | pager = "--RAW-CONTROL-CHARS --quit-if-one-screen --mouse"; 6 | style = "plain"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /hosts/sakura/services/wastebin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.wastebin = { 3 | enable = true; 4 | settings = { 5 | WASTEBIN_TITLE = "wastebin"; 6 | WASTEBIN_BASE_URL = "https://paste.flake.sh"; 7 | }; 8 | }; 9 | } 10 | -------------------------------------------------------------------------------- /home/programs/terminal/lazygit/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.lazygit = { 3 | enable = true; 4 | settings = { 5 | windowSize = "normal"; 6 | showRandomTip = false; 7 | animateExplosion = true; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/tsuki/services/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | imports = [ 4 | ./restic.nix 5 | ./atticd.nix 6 | ./rnnoise.nix 7 | ./immich-backup.nix 8 | ./syncthing.nix 9 | ./twitch-miner.nix 10 | ./owncast.nix 11 | ]; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/yuki/services/jellyfin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services = { 3 | jellyfin = { 4 | enable = true; 5 | openFirewall = true; 6 | }; 7 | jellyseerr = { 8 | enable = true; 9 | openFirewall = true; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/yuki/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hass 4 | ./restic.nix 5 | ./traefik.nix 6 | ./jellyfin.nix 7 | ./wallos.nix 8 | ./anki-sync-server.nix 9 | ./immich.nix 10 | ./glance.nix 11 | ./romm.nix 12 | ./stash.nix 13 | ]; 14 | } 15 | -------------------------------------------------------------------------------- /home/services/gpg.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | services = { 4 | gpg-agent = { 5 | enable = true; 6 | defaultCacheTtl = 3600; 7 | pinentry.package = pkgs.pinentry-curses; 8 | enableSshSupport = true; 9 | enableNushellIntegration = true; 10 | }; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /hosts/arashi/services/exporters.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.prometheus.exporters.redis = { 3 | enable = true; 4 | openFirewall = true; 5 | port = 9002; 6 | }; 7 | 8 | services.prometheus.exporters.postgres = { 9 | enable = true; 10 | openFirewall = true; 11 | port = 9003; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/ame/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "localhost:8384"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/tsuki/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "localhost:8384"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/kariru/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "100.126.229.95:8386"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/sakura/services/syncthing.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.syncthing = { 3 | enable = true; 4 | openDefaultPorts = true; 5 | dataDir = "/home/notoh/sync"; 6 | configDir = "/home/notoh/.config/syncthing"; 7 | guiAddress = "100.121.201.47:8384"; 8 | user = "notoh"; 9 | group = "users"; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /hosts/sora/services/factorio.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | services.factorio = { 4 | enable = true; 5 | package = pkgs.factorio-headless; 6 | public = false; 7 | lan = false; 8 | openFirewall = true; 9 | admins = [ "notoh" ]; 10 | game-name = "forsen"; 11 | autosave-interval = 20; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/ame/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "ame"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 9.9.9.9 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/haru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "haru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/tsuru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "tsuru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/yuki/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "yuki"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/arashi/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "arashi"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/kariru/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "kariru"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sakura/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "sakura"; 5 | firewall = { 6 | enable = true; 7 | }; 8 | }; 9 | environment.etc = { 10 | "resolv.conf".text = '' 11 | nameserver 192.168.1.103 12 | nameserver 1.1.1.1 13 | ''; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sakura/services/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | imports = [ 4 | ./restic.nix 5 | ./forgejo.nix 6 | ./rustypaste.nix 7 | ./grafana.nix 8 | ./vaultwarden.nix 9 | ./tailscale.nix 10 | ./wastebin.nix 11 | ./immich-proxy.nix 12 | ./hedgedoc.nix 13 | ./copyparty.nix 14 | ./syncthing.nix 15 | ./pocketid.nix 16 | ]; 17 | } 18 | -------------------------------------------------------------------------------- /home/programs/terminal/television/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | home.packages = with pkgs; [ 4 | television 5 | nix-search-tv 6 | ]; 7 | xdg.configFile."television/config.toml".source = ./config.toml; 8 | # xdg.configFile."television/default_channels.toml".source = ./config.toml; 9 | xdg.configFile."nix-search-tv/config.json".source = ./config.json; 10 | } 11 | -------------------------------------------------------------------------------- /hosts/common/virtualisation.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | virtualisation = { 3 | oci-containers.backend = "docker"; 4 | docker = { 5 | enable = true; 6 | enableOnBoot = true; 7 | autoPrune = { 8 | enable = true; 9 | dates = "weekly"; 10 | flags = [ "--all" ]; 11 | }; 12 | listenOptions = [ "/run/docker.sock" ]; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /justfile: -------------------------------------------------------------------------------- 1 | set shell := ["nu", "-c"] 2 | 3 | default: 4 | @just --list\ 5 | 6 | up: 7 | nix flake update 8 | 9 | upp input: 10 | nix flake update {{input}} 11 | 12 | sw: 13 | nh os switch . 14 | 15 | bu: 16 | nh os boot . 17 | 18 | repl: 19 | nix repl -f flake:nixpkgs 20 | 21 | vuln: 22 | nix run github:nix-community/vulnix -- --system --json | nix run nixpkgs#jq '.[] .name' -------------------------------------------------------------------------------- /hosts/yuki/services/anki-sync-server.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | sops.secrets.anki-pwd = { }; 4 | services.anki-sync-server = { 5 | enable = true; 6 | openFirewall = true; 7 | address = "0.0.0.0"; 8 | port = 27701; 9 | users = [ 10 | { 11 | username = "notoh"; 12 | passwordFile = config.sops.secrets.anki-pwd.path; 13 | } 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /hosts/common/users.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | users = { 4 | defaultUserShell = pkgs.nushell; 5 | users.notoh = { 6 | isNormalUser = true; 7 | uid = 1000; 8 | description = "notoh"; 9 | extraGroups = [ 10 | "networkmanager" 11 | "wheel" 12 | "disk" 13 | "video" 14 | "docker" 15 | "input" 16 | ]; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/sora/services/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./restic.nix 4 | ./traefik.nix 5 | ./uptimekuma.nix 6 | ./ntfy-sh.nix 7 | ./attic.nix 8 | ./tailscale.nix 9 | ./croc.nix 10 | ./redbot.nix 11 | 12 | ### game servers 13 | # ./terraria.nix 14 | # ./factorio.nix 15 | # ./minecraft.nix 16 | # ./foundryvtt.nix 17 | # ./quakelive.nix 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/sora/services/ntfy-sh.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | environment.systemPackages = [ pkgs.ntfy-sh ]; 4 | services.ntfy-sh = { 5 | enable = true; 6 | settings = { 7 | listen-http = ":8090"; 8 | base-url = "https://ntfy.flake.sh"; 9 | upstream-base-url = "https://ntfy.sh"; 10 | behind-proxy = true; 11 | auth-default-access = "read-only"; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /pkgs/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ inputs.flake-parts.flakeModules.easyOverlay ]; 4 | 5 | perSystem = 6 | { config, pkgs, ... }: 7 | { 8 | overlayAttrs = { 9 | inherit (config.packages) 10 | wayscriber 11 | ; 12 | }; 13 | 14 | packages = { 15 | wayscriber = pkgs.callPackage ./wayscriber { }; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /home/programs/media/lutris.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | osConfig, 4 | ... 5 | }: 6 | { 7 | programs.lutris = { 8 | enable = true; 9 | extraPackages = with pkgs; [ 10 | mangohud 11 | wine-staging 12 | winetricks 13 | umu-launcher 14 | ]; 15 | protonPackages = [ 16 | pkgs.proton-ge-bin 17 | ]; 18 | steamPackage = osConfig.programs.steam.package; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /home/programs/media/cava.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.cava = { 3 | enable = true; 4 | settings = { 5 | general = { 6 | mode = "normal"; 7 | framerate = 144; 8 | bars = 0; 9 | bar_width = 2; 10 | bar_spacing = 3; 11 | }; 12 | smoothing = { 13 | monstercat = 1; 14 | waves = 1; 15 | gravity = 100; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /home/programs/terminal/atuin.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.atuin = { 3 | enable = true; 4 | enableNushellIntegration = true; 5 | settings = { 6 | auto_sync = true; 7 | update_check = true; 8 | sync_frequency = "1h"; 9 | sync_address = "http://100.104.42.96:8888"; 10 | secrets_filter = true; 11 | style = "full"; 12 | }; 13 | flags = [ "--disable-up-arrow" ]; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /home/programs/terminal/zellij/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./layouts.nix 4 | ]; 5 | 6 | programs.zellij = { 7 | enable = true; 8 | settings = { 9 | on_force_close = "quit"; 10 | simplified_ui = false; 11 | default_layout = "default"; 12 | copy_command = "wl-copy"; 13 | copy_clipboard = "primary"; 14 | ui.pane_frames.rounded_corners = true; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /home/programs/terminal/bottom.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.bottom = { 3 | enable = true; 4 | settings = { 5 | flags = { 6 | current_usage = true; 7 | group_processes = true; 8 | case_sensitive = false; 9 | mem_as_value = true; 10 | enable_gpu = true; 11 | disable_advanced_kill = true; 12 | unnormalized_cpu = false; 13 | temperature_type = "c"; 14 | }; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /hosts/sakura/services/hedgedoc.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.hedgedoc = { 3 | enable = true; 4 | settings = { 5 | port = 3300; 6 | domain = "scratch.flake.sh"; 7 | host = "100.121.201.47"; 8 | allowOrigin = [ "scratch.flake.sh" ]; 9 | allowAnonymous = true; 10 | allowFreeURL = true; 11 | allowEmailRegister = false; 12 | dbURL = "postgres://hedgedoc:hedgedoc@192.168.1.211:5432/hedgedoc"; 13 | }; 14 | }; 15 | } 16 | -------------------------------------------------------------------------------- /hosts/sora/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "sora"; 5 | hardware.info = "Hetzner VPS"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.104.42.96/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | eth0 = { 13 | network = "hetzner"; 14 | type = "ethernet"; 15 | }; 16 | }; 17 | }; 18 | }; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/sora/services/redbot.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.redbot-auth = { }; 3 | virtualisation.oci-containers.containers.redbot = { 4 | image = "phasecorex/red-discordbot"; 5 | environment = { 6 | OWNER = "155965294429470720"; 7 | PREFIX = "*"; 8 | TZ = "America/New_York"; 9 | PUID = "1000"; 10 | }; 11 | environmentFiles = [ 12 | /run/secrets/redbot-auth 13 | ]; 14 | volumes = [ "/home/notoh/docker/redbot:/data" ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/plugins.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: 6 | { 7 | wayland.windowManager.hyprland.plugins = [ 8 | inputs.hyprland-plugins.packages.${pkgs.stdenv.hostPlatform.system}.csgo-vulkan-fix 9 | ]; 10 | wayland.windowManager.hyprland.settings = { 11 | plugin = { 12 | csgo-vulkan-fix = { 13 | res_w = 1280; 14 | res_h = 1024; 15 | class = "cs2"; 16 | fix_mouse = true; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/config.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.home-assistant.config = { 3 | lovelace.mode = "yaml"; 4 | http = { 5 | server_host = [ "0.0.0.0" ]; 6 | server_port = 8123; 7 | }; 8 | homeassistant = { 9 | name = "Home"; 10 | time_zone = "America/New_York"; 11 | unit_system = "us_customary"; 12 | temperature_unit = "F"; 13 | currency = "USD"; 14 | country = "US"; 15 | }; 16 | default_config = { }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/yuki/services/wallos.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | virtualisation.oci-containers.containers.wallos = { 3 | image = "bellamy/wallos@sha256:9dd49af3c8839e561aa458411d90074f8d9da434bdd65a8a13657d5d19229f73"; # v3.3.0 4 | ports = [ "8282:80" ]; 5 | volumes = [ 6 | "/home/notoh/docker/wallos/db:/var/www/html/db" 7 | "/home/notoh/docker/wallos/logos:/var/www/html/images/uploads/logos" 8 | ]; 9 | environment = { 10 | TZ = "America/New_York"; 11 | }; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/ame/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "ame"; 5 | hardware.info = "Thinkpad T480"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.108.207.106/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | network = "home"; 14 | addresses = [ "" ]; 15 | type = "wifi"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/tsuki/services/atticd.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | environment.systemPackages = [ pkgs.attic-client ]; 8 | 9 | systemd.services.atticd = { 10 | enable = true; 11 | wantedBy = [ "multi-user.target" ]; 12 | description = "atticd"; 13 | 14 | serviceConfig = { 15 | User = "notoh"; 16 | ExecStart = "${lib.getExe pkgs.attic-client} watch-store kyasshu"; 17 | Restart = "always"; 18 | RestartSec = 30; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /hosts/haru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "haru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.73.192.45/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.103/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/tsuki/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "tsuki"; 5 | hardware.info = "Desktop"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.127.30.116/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.47/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/yuki/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "yuki"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.108.113.89/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.98/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/arashi/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "arashi"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.94.214.100/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.211/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/common/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ 4 | inputs.sops-nix.nixosModules.sops 5 | inputs.home-manager.nixosModules.home-manager 6 | inputs.nur.modules.nixos.default 7 | inputs.nix-topology.nixosModules.default 8 | inputs.nix-flatpak.nixosModules.nix-flatpak 9 | ./prometheus.nix 10 | ./security.nix 11 | ./users.nix 12 | ./nix.nix 13 | ./system.nix 14 | ./openssh.nix 15 | ./virtualisation.nix 16 | ./sops.nix 17 | ./time.nix 18 | ]; 19 | } 20 | -------------------------------------------------------------------------------- /hosts/kariru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "kariru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.126.229.95/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.54/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/sakura/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "sakura"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.121.201.47/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.25/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/tsuru/topology.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | topology = { 3 | self = { 4 | name = "tsuru"; 5 | hardware.info = "Proxmox VM"; 6 | interfaces = { 7 | tailscale0 = { 8 | addresses = [ "100.82.146.40/32" ]; 9 | network = "tailscale0"; 10 | type = "wireguard"; 11 | }; 12 | home = { 13 | addresses = [ "192.168.1.99/24" ]; 14 | network = "home"; 15 | type = "ethernet"; 16 | }; 17 | }; 18 | }; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /pkgs/README.md: -------------------------------------------------------------------------------- 1 | # :package: pkgs 2 | 3 | this directory hosts derivations of packages not found in nixpkgs, and overrides. 4 | 5 | | name | description | 6 | | -------------- | ---------------------------------------------------------------------------- | 7 | | `jellyfin-rpc` | [discord rpc client](https://github.com/Radiicall/jellyfin-rpc) for jellyfin | 8 | | `overlays.nix` | has overlays that i use | 9 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 2 | Version 2, December 2004 3 | 4 | Copyright (C) 2004 notohh 5 | 6 | Everyone is permitted to copy and distribute verbatim or modified 7 | copies of this license document, and changing it is allowed as long 8 | as the name is changed. 9 | 10 | DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE 11 | TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 12 | 13 | 0. You just DO WHAT THE FUCK YOU WANT TO. 14 | -------------------------------------------------------------------------------- /home/programs/vicinae.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ inputs.vicinae.homeManagerModules.default ]; 4 | 5 | services.vicinae = { 6 | enable = true; 7 | autoStart = true; 8 | settings = { 9 | faviconService = "twenty"; 10 | font.size = 11; 11 | popToRootOnClose = false; 12 | rootSearch.searchFiles = false; 13 | theme.name = "vicinae-dark"; 14 | window = { 15 | csd = true; 16 | opacity = 0.95; 17 | rounding = 10; 18 | }; 19 | }; 20 | }; 21 | } 22 | -------------------------------------------------------------------------------- /home/programs/editors/nvchad/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.nix4nvchad.homeManagerModule 9 | ]; 10 | programs.nvchad = { 11 | enable = true; 12 | extraPackages = with pkgs; [ 13 | nodePackages.bash-language-server 14 | marksman 15 | nil 16 | nixfmt 17 | ]; 18 | extraPlugins = builtins.readFile ./plugins.lua; 19 | extraConfig = builtins.readFile ./config.lua; 20 | hm-activation = true; 21 | backup = true; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /home/programs/terminal/ghostty.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.ghostty = { 3 | enable = true; 4 | settings = { 5 | theme = "Atom One Dark"; 6 | font-family = "Maple Mono NF"; 7 | background-opacity = 1; 8 | window-padding-x = 16; 9 | window-padding-y = 16; 10 | window-padding-balance = true; 11 | resize-overlay = "never"; 12 | clipboard-read = "allow"; 13 | clipboard-write = "allow"; 14 | clipboard-trim-trailing-spaces = true; 15 | background = "#1E222A"; 16 | }; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/sora/services/minecraft.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [ 25565 ]; 3 | networking.firewall.allowedUDPPorts = [ 24454 ]; 4 | virtualisation.oci-containers.containers.minecraft = { 5 | image = "itzg/minecraft-server"; 6 | ports = [ 7 | "25565:25565" 8 | "24454:24454/udp" 9 | ]; 10 | environment = { 11 | EULA = "TRUE"; 12 | VERSION = "1.21.1"; 13 | MEMORY = "6G"; 14 | TYPE = "NEOFORGE"; 15 | }; 16 | volumes = [ "/home/notoh/docker/modded-mc:/data:rw" ]; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /hosts/yuki/services/immich.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.immich = { }; 3 | services.immich = { 4 | enable = true; 5 | openFirewall = true; 6 | host = "0.0.0.0"; 7 | mediaLocation = "/var/lib/immich"; 8 | secretsFile = "/run/secrets/immich"; 9 | machine-learning.enable = true; 10 | redis = { 11 | enable = true; 12 | }; 13 | database = { 14 | createDB = true; 15 | }; 16 | settings = { 17 | server = { 18 | externalDomain = "https://immich.flake.sh"; 19 | }; 20 | }; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /.sops.yaml: -------------------------------------------------------------------------------- 1 | keys: 2 | - &users 3 | - ¬oh age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 4 | 5 | creation_rules: 6 | - path_regex: secrets/[^/]+\.yaml$ 7 | key_groups: 8 | - age: 9 | - *notoh 10 | - path_regex: secrets/s3/[^/]+\.yaml$ 11 | key_groups: 12 | - age: 13 | - *notoh 14 | - path_regex: secrets/restic/[^/]+\.yaml$ 15 | key_groups: 16 | - age: 17 | - *notoh 18 | - path_regex: secrets/tailscale/[^/]+\.yaml$ 19 | key_groups: 20 | - age: 21 | - *notoh 22 | -------------------------------------------------------------------------------- /hosts/common/openssh.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | services.openssh = { 4 | enable = true; 5 | settings = { 6 | KbdInteractiveAuthentication = false; 7 | PasswordAuthentication = lib.mkForce false; 8 | PubkeyAuthentication = lib.mkForce true; 9 | PermitRootLogin = lib.mkForce "yes"; 10 | StreamLocalBindUnlink = "yes"; 11 | GatewayPorts = "clientspecified"; 12 | }; 13 | hostKeys = [ 14 | { 15 | path = "/etc/ssh/ssh_host_ed25519_key"; 16 | type = "ed25519"; 17 | } 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /hosts/common/time.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | time.timeZone = "America/New_York"; 3 | 4 | services = { 5 | chrony = { 6 | enable = true; 7 | servers = [ 8 | # 0.us.pool.ntp.org 9 | "134.215.114.62" 10 | "192.189.65.187" 11 | "96.245.170.99" 12 | "192.92.6.30" 13 | ]; 14 | }; 15 | timesyncd = { 16 | enable = true; 17 | servers = [ 18 | # 0.us.pool.ntp.org 19 | "134.215.114.62" 20 | "192.189.65.187" 21 | "96.245.170.99" 22 | "192.92.6.30" 23 | ]; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /home/programs/media/mpv.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | programs.mpv = { 4 | enable = true; 5 | scripts = with pkgs; [ 6 | mpvScripts.uosc 7 | mpvScripts.mpris 8 | mpvScripts.smartskip 9 | mpvScripts.thumbfast 10 | mpvScripts.videoclip 11 | ]; 12 | scriptOpts = { 13 | thumbfast = { 14 | spawn_first = true; 15 | network = true; 16 | hwdec = true; 17 | }; 18 | }; 19 | config = { 20 | osc = false; 21 | osd-bar = false; 22 | volume = 60; 23 | save-position-on-quit = true; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /hosts/sora/services/foundryvtt.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | sops.secrets.foundry-username = { }; 3 | sops.secrets.foundry-password = { }; 4 | virtualisation.oci-containers.containers.foundryvtt = { 5 | image = "felddy/foundryvtt@sha256:d85dab9704d771f3a33f21439f1bf34748fb5bf1987668ff402b5b17d1973f5a"; 6 | volumes = [ "/home/notoh/docker/foundryvtt:/data" ]; 7 | environment = { 8 | CONTAINER_PRESERVE_CONFIG = "true"; 9 | }; 10 | environmentFiles = [ 11 | /run/secrets/foundry-username 12 | /run/secrets/foundry-password 13 | ]; 14 | ports = [ "30000:30000" ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /hosts/haru/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdSO5g6IZQUzeH0Xf7hEVjKZ4cAWn/DjN+GQ2Ujd+qD haru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/tsuki/services/twitch-miner.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | virtualisation.oci-containers.containers.twitch-miner = { 3 | image = "rdavidoff/twitch-channel-points-miner-v2@sha256:03a46627173caab35afeba99451f55bb74229a732ccbf8458d3aa5016503d5cd"; # 2.0.0 4 | hostname = "twitch-miner"; 5 | volumes = [ 6 | "/home/notoh/twitch-miner/analytics:/usr/src/app/analytics" 7 | "/home/notoh/twitch-miner/cookies:/usr/src/app/cookies" 8 | "/home/notoh/twitch-miner/logs:/usr/src/app/logs" 9 | "/home/notoh/twitch-miner/run.py:/usr/src/app/run.py:ro" 10 | ]; 11 | ports = [ "5000:5000" ]; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./lovelace.nix 4 | ./config.nix 5 | ]; 6 | 7 | nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; 8 | 9 | services.home-assistant = { 10 | enable = true; 11 | openFirewall = true; 12 | extraComponents = [ 13 | "default_config" 14 | "met" 15 | "openweathermap" 16 | "esphome" 17 | "google_translate" 18 | "radio_browser" 19 | "sonarr" 20 | "radarr" 21 | "glances" 22 | "epson" 23 | "eufy" 24 | "hue" 25 | "nanoleaf" 26 | ]; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/arashi/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/kariru/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/sakura/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/tsuru/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | users = { 11 | users.notoh.openssh.authorizedKeys.keys = [ 12 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru" 13 | ]; 14 | users.root.openssh.authorizedKeys.keys = [ 15 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 16 | ]; 17 | }; 18 | system = { 19 | autoUpgrade.enable = false; 20 | stateVersion = "23.05"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /home/wayland/hyprland/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.hyprland.homeManagerModules.default 9 | ./config/general.nix 10 | ./config/binds.nix 11 | ./config/rules.nix 12 | ./config/plugins.nix 13 | ]; 14 | wayland.windowManager.hyprland = { 15 | enable = true; 16 | systemd.enable = true; 17 | xwayland.enable = true; 18 | package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; 19 | portalPackage = 20 | inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /hosts/yuki/default.nix: -------------------------------------------------------------------------------- 1 | { ... }: 2 | { 3 | imports = [ 4 | ./hardware.nix 5 | ./services 6 | ./networking.nix 7 | ./topology.nix 8 | ../common 9 | ]; 10 | 11 | users = { 12 | users.notoh.openssh.authorizedKeys.keys = [ 13 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki" 14 | ]; 15 | users.root.openssh.authorizedKeys.keys = [ 16 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 17 | ]; 18 | }; 19 | system = { 20 | autoUpgrade.enable = false; 21 | stateVersion = "23.05"; 22 | }; 23 | } 24 | -------------------------------------------------------------------------------- /hosts/tsuki/networking.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking = { 3 | networkmanager.enable = true; 4 | hostName = "tsuki"; 5 | firewall = { 6 | enable = true; 7 | allowedTCPPorts = [ 8 | 7000 # uxplay 9 | 7100 # uxplay 10 | 7001 # uxplay 11 | 5173 12 | 5000 # twitch miner 13 | ]; 14 | allowedUDPPorts = [ 15 | 7011 # uxplay 16 | 6001 # uxplay 17 | 6000 # uxplay 18 | ]; 19 | }; 20 | }; 21 | environment.etc = { 22 | "resolv.conf".text = '' 23 | nameserver 192.168.1.103 24 | nameserver 1.1.1.1 25 | options edns0 26 | ''; 27 | }; 28 | } 29 | -------------------------------------------------------------------------------- /hosts/sora/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./networking.nix 5 | ./services 6 | ./topology.nix 7 | ../common 8 | ]; 9 | 10 | services.snowflake-proxy.enable = true; 11 | 12 | users = { 13 | users.notoh.openssh.authorizedKeys.keys = [ 14 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora" 15 | ]; 16 | users.root.openssh.authorizedKeys.keys = [ 17 | "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo" 18 | ]; 19 | }; 20 | system = { 21 | autoUpgrade.enable = false; 22 | stateVersion = "23.05"; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /modules/pre-commit.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | imports = [ 4 | inputs.pre-commit-hooks.flakeModule 5 | ]; 6 | perSystem.pre-commit = { 7 | check.enable = true; 8 | settings = { 9 | excludes = [ "flake.lock" ]; 10 | hooks = { 11 | stylua.enable = true; 12 | statix.enable = true; 13 | nixfmt-rfc-style.enable = true; 14 | flake-checker.enable = true; 15 | deadnix.enable = true; 16 | prettier = { 17 | enable = true; 18 | files = "\\.(js|ts|md|json)$"; 19 | settings = { 20 | trailing-comma = "none"; 21 | }; 22 | }; 23 | }; 24 | }; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /home/programs/openvr.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | ... 6 | }: 7 | { 8 | xdg.configFile."openxr/1/active_runtime.json".source = 9 | "${pkgs.wivrn}/share/openxr/1/openxr_wivrn.json"; 10 | 11 | xdg.configFile."openvr/openvrpaths.vrpath".text = with pkgs; '' 12 | { 13 | "config" : 14 | [ 15 | "${config.xdg.dataHome}/Steam/config" 16 | ], 17 | "external_drivers" : null, 18 | "jsonid" : "vrpathreg", 19 | "log" : 20 | [ 21 | "${config.xdg.dataHome}/Steam/logs" 22 | ], 23 | "runtime" : 24 | [ 25 | "${lib.getExe xrizer}" 26 | ], 27 | "version" : 1 28 | } 29 | ''; 30 | } 31 | -------------------------------------------------------------------------------- /home/programs/terminal/git.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs = { 3 | delta = { 4 | enable = true; 5 | enableGitIntegration = true; 6 | }; 7 | git = { 8 | enable = true; 9 | settings = { 10 | user.email = "github@notohh.dev"; 11 | user.name = "notohh"; 12 | }; 13 | signing = { 14 | key = "BD47506D475EE86D"; 15 | signByDefault = true; 16 | }; 17 | ignores = [ 18 | "*result*" 19 | ".direnv" 20 | "node_modules" 21 | ]; 22 | }; 23 | gh = { 24 | enable = true; 25 | gitCredentialHelper.enable = true; 26 | settings = { 27 | git_protocol = "ssh"; 28 | editor = "hx"; 29 | prompt = "enabled"; 30 | }; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/sakura/services/rustypaste.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | environment.systemPackages = with pkgs; [ rustypaste ]; 4 | 5 | users = { 6 | users.rustypaste = { 7 | isSystemUser = true; 8 | group = "rustypaste"; 9 | }; 10 | groups.rustypaste = { 11 | name = "rustypaste"; 12 | }; 13 | }; 14 | 15 | systemd.services.rustypaste = { 16 | enable = true; 17 | wantedBy = [ "multi-user.target" ]; 18 | description = "A minimal file upload/pastebin service."; 19 | environment = { 20 | CONFIG = "/var/lib/rustypaste/config.toml"; 21 | }; 22 | serviceConfig = { 23 | User = "rustypaste"; 24 | ExecStart = "${pkgs.rustypaste}/bin/rustypaste"; 25 | Restart = "always"; 26 | RestartSec = 30; 27 | WorkingDirectory = "/var/lib/rustypaste"; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/arashi/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-arashi = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | environment.systemPackages = [ pkgs.restic ]; 11 | services.restic = { 12 | backups = { 13 | arashi = { 14 | user = "root"; 15 | paths = [ 16 | "/var/backup/" 17 | ]; 18 | pruneOpts = [ 19 | "--keep-daily=7" 20 | "--keep-weekly=6" 21 | "--keep-monthly=5" 22 | ]; 23 | initialize = true; 24 | repository = "/nas/restic"; 25 | passwordFile = config.sops.secrets.restic-arashi.path; 26 | timerConfig = { 27 | OnCalendar = "daily"; 28 | RandomizedDelaySec = "20m"; 29 | Persistent = true; 30 | }; 31 | }; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/sora/networking.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | { 3 | networking = { 4 | hostName = "sora"; 5 | nameservers = [ 6 | "1.1.1.1" 7 | "149.112.112.112" 8 | ]; 9 | defaultGateway = "172.31.1.1"; 10 | defaultGateway6 = { 11 | address = ""; 12 | interface = "eth0"; 13 | }; 14 | dhcpcd.enable = false; 15 | usePredictableInterfaceNames = lib.mkForce false; 16 | interfaces = { 17 | eth0 = { 18 | ipv4.addresses = [ 19 | { 20 | address = "5.161.102.107"; 21 | prefixLength = 32; 22 | } 23 | ]; 24 | ipv4.routes = [ 25 | { 26 | address = "172.31.1.1"; 27 | prefixLength = 32; 28 | } 29 | ]; 30 | }; 31 | }; 32 | }; 33 | services.udev.extraRules = '' 34 | ATTR{address}=="96:00:02:c2:dc:83", NAME="eth0" 35 | ''; 36 | } 37 | -------------------------------------------------------------------------------- /home/wayland/services/ly.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | # oneshot service to resize the main monitor 8 | systemd.services.fbset = { 9 | enable = true; 10 | wantedBy = [ "multi-user.target" ]; 11 | unitConfig = { 12 | Description = "Framebuffer resolution"; 13 | Before = "display-manager.service"; 14 | }; 15 | serviceConfig = { 16 | User = "root"; 17 | Type = "oneshot"; 18 | ExecStart = "${lib.getExe pkgs.fbset} -xres 2560 -yres 1440 -match --all"; 19 | RemainAfterExit = "yes"; 20 | StandardOutput = "journal"; 21 | StandardError = "journal"; 22 | }; 23 | }; 24 | services.displayManager.ly = { 25 | enable = true; 26 | settings = { 27 | load = true; 28 | save = true; 29 | animation = "matrix"; 30 | clear_password = true; 31 | vi_mode = true; 32 | }; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /home/wayland/services/hypridle.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | inputs, 6 | ... 7 | }: 8 | { 9 | services.hypridle = { 10 | enable = true; 11 | package = inputs.hypridle.packages.${pkgs.stdenv.hostPlatform.system}.default; 12 | settings = { 13 | general = { 14 | ignore_dbus_inhibit = false; 15 | lock_cmd = lib.getExe config.programs.hyprlock.package; 16 | before_sleep_cmd = "${pkgs.systemd}/bin/loginctl lock-session"; 17 | }; 18 | listener = [ 19 | { 20 | timeout = 400; 21 | on-timeout = "${lib.getExe config.programs.hyprlock.package}"; 22 | } 23 | { 24 | timeout = 450; 25 | on-timeout = "${ 26 | inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland 27 | }/bin/hyprctl dispatch dpms off"; 28 | } 29 | ]; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /home/wayland/services/hyprpaper.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | config, 5 | ... 6 | }: 7 | { 8 | home.packages = [ config.services.hyprpaper.package ]; 9 | 10 | services.hyprpaper = 11 | let 12 | verticalWallpaper = "~/dev/assets/wallpapers/miku/miku2.png"; 13 | horizontalWallpaper = "~/dev/assets/wallpapers/miku/miku.png"; 14 | in 15 | { 16 | enable = true; 17 | package = inputs.hyprpaper.packages.${pkgs.stdenv.hostPlatform.system}.default; 18 | settings = { 19 | ipc = true; 20 | splash = false; 21 | preload = [ 22 | verticalWallpaper 23 | horizontalWallpaper 24 | ]; 25 | wallpaper = [ 26 | "HDMI-A-1,${verticalWallpaper}" 27 | "DP-1,${horizontalWallpaper}" 28 | "DP-2,${horizontalWallpaper}" 29 | "DP-3,${verticalWallpaper}" 30 | ]; 31 | }; 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /hosts/ame/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./hardware.nix 4 | ./services 5 | ./networking.nix 6 | ./topology.nix 7 | ../common 8 | ../common/fonts.nix 9 | ]; 10 | 11 | services = { 12 | pulseaudio.enable = false; 13 | desktopManager.plasma6.enable = true; 14 | displayManager.sddm.enable = true; 15 | pipewire = { 16 | enable = true; 17 | alsa.enable = true; 18 | alsa.support32Bit = true; 19 | pulse.enable = true; 20 | }; 21 | scx = { 22 | enable = true; 23 | scheduler = "scx_lavd"; 24 | }; 25 | xserver = { 26 | enable = true; 27 | xkb = { 28 | layout = "us"; 29 | variant = ""; 30 | }; 31 | }; 32 | fprintd = { 33 | enable = true; 34 | }; 35 | }; 36 | 37 | hardware.bluetooth.enable = true; 38 | 39 | system.stateVersion = "23.05"; 40 | security.rtkit.enable = true; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/yuki/services/stash.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | let 3 | storagePath = "/var/lib/stash"; 4 | in 5 | { 6 | environment.systemPackages = [ pkgs.gallery-dl ]; 7 | virtualisation.oci-containers.containers.stash = { 8 | image = "stashapp/stash@sha256:a62f2d8afadbe029403777d18f54b2455b209a223aa28c6d3985c3cf9df2e08a"; # v0.29.3 9 | ports = [ "9999:9999" ]; 10 | environment = { 11 | STASH_STASH = "/data/"; 12 | STASH_GENERATED = "/generated/"; 13 | STASH_METADATA = "/metadata/"; 14 | STASH_CACHE = "/cache/"; 15 | STASH_PORT = "9999"; 16 | }; 17 | volumes = [ 18 | "/etc/localtime:/etc/localtime:ro" 19 | "/stash-media:/data" 20 | "${storagePath}/.config:/root/.stash" 21 | "${storagePath}/.metadata:/metadata" 22 | "${storagePath}/cache:/cache" 23 | "${storagePath}/generated:/generated" 24 | "${storagePath}/blobs:/blobs" 25 | ]; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /hosts/common/fonts.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | fonts = { 4 | enableDefaultPackages = false; 5 | fontDir.enable = true; 6 | packages = with pkgs; [ 7 | corefonts 8 | nerd-fonts.jetbrains-mono 9 | noto-fonts 10 | noto-fonts-cjk-sans 11 | twitter-color-emoji 12 | maple-mono.NF 13 | ]; 14 | 15 | fontconfig = { 16 | enable = true; 17 | allowBitmaps = true; 18 | defaultFonts = { 19 | monospace = [ 20 | "Maple Mono NF" 21 | "Twitter Color Emoji" 22 | ]; 23 | serif = [ 24 | "Noto Serif" 25 | "Twitter Color Emoji" 26 | ]; 27 | sansSerif = [ 28 | "Noto Sans" 29 | "Twitter Color Emoji" 30 | ]; 31 | emoji = [ "Twitter Color Emoji" ]; 32 | }; 33 | hinting = { 34 | enable = true; 35 | style = "full"; 36 | }; 37 | }; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | config, 5 | ... 6 | }: 7 | { 8 | # xdg.configFile."yazi/init.lua".source = ./init.lua; 9 | imports = [ 10 | ./keymap.nix 11 | ./openers.nix 12 | ]; 13 | 14 | programs.yazi = { 15 | enable = true; 16 | package = inputs.yazi.packages.${pkgs.stdenv.hostPlatform.system}.default; 17 | enableNushellIntegration = true; 18 | settings = { 19 | manager = { 20 | ratio = [ 21 | 1 22 | 3 23 | 3 24 | ]; 25 | sort_by = "natural"; 26 | sort_reverse = false; 27 | sort_dir_first = true; 28 | show_hidden = true; 29 | show_symlink = true; 30 | linemode = "size"; 31 | }; 32 | preview = { 33 | cache_dir = "${config.xdg.cacheHome}"; 34 | max_height = 900; 35 | max_width = 600; 36 | }; 37 | log.enable = false; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /hosts/sora/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | modulesPath, 3 | lib, 4 | ... 5 | }: 6 | { 7 | imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; 8 | 9 | boot = { 10 | tmp.cleanOnBoot = true; 11 | loader.grub = { 12 | efiSupport = true; 13 | efiInstallAsRemovable = true; 14 | device = "nodev"; 15 | }; 16 | initrd = { 17 | availableKernelModules = [ 18 | "ata_piix" 19 | "uhci_hcd" 20 | "xen_blkfront" 21 | "vmw_pvscsi" 22 | ]; 23 | kernelModules = [ "nvme" ]; 24 | }; 25 | }; 26 | 27 | fileSystems = { 28 | "/" = { 29 | device = "/dev/sda1"; 30 | fsType = "ext4"; 31 | }; 32 | "/boot" = { 33 | device = "/dev/disk/by-uuid/B793-1B2C"; 34 | fsType = "vfat"; 35 | }; 36 | 37 | }; 38 | 39 | zramSwap = { 40 | enable = true; 41 | swapDevices = 1; 42 | algorithm = "zstd"; 43 | }; 44 | 45 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 46 | } 47 | -------------------------------------------------------------------------------- /hosts/kariru/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-kariru = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | environment.systemPackages = [ pkgs.restic ]; 11 | services.restic = { 12 | backups = { 13 | kariru = { 14 | user = "root"; 15 | paths = [ 16 | "/var/lib/radarr" 17 | "/var/lib/sonarr" 18 | "/var/lib/whisparr" 19 | "/var/lib/private/prowlarr" 20 | ]; 21 | pruneOpts = [ 22 | "--keep-daily=7" 23 | "--keep-weekly=6" 24 | "--keep-monthly=5" 25 | ]; 26 | initialize = true; 27 | repository = "/nas/restic"; 28 | passwordFile = config.sops.secrets.restic-kariru.path; 29 | timerConfig = { 30 | OnCalendar = "daily"; 31 | RandomizedDelaySec = "20m"; 32 | Persistent = true; 33 | }; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /overlays/gale.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | flake.overlays.gale = _: prev: { 3 | gale = prev.gale.overrideAttrs ( 4 | n: _: 5 | let 6 | version = "1.10.0"; 7 | in 8 | { 9 | src = prev.fetchFromGitHub { 10 | inherit version; 11 | owner = "Kesomannen"; 12 | repo = "gale"; 13 | rev = version; 14 | hash = "sha256-SnPYuMYdoY69CWMztuDxw0ohRDU2uECNhBs46hLg+eA="; 15 | }; 16 | pnpmDeps = prev.pnpm_10.fetchDeps { 17 | hash = "sha256-DYhPe59qfsSjyMIN31RL0mrHfmE6/I1SF+XutettkO8="; 18 | fetcherVersion = 1; 19 | inherit (n) pname version src; 20 | }; 21 | cargoDeps = prev.rustPlatform.fetchCargoVendor { 22 | inherit (n) 23 | pname 24 | version 25 | src 26 | cargoRoot 27 | ; 28 | hash = "sha256-tWQRYD6hMU7cvtelGryLdpfoEnUKYt7yYNwHTFZ4pLw="; 29 | }; 30 | } 31 | ); 32 | }; 33 | } 34 | -------------------------------------------------------------------------------- /home/wayland/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | imports = [ ./services/ly.nix ]; 4 | environment = { 5 | systemPackages = with pkgs; [ 6 | wayland 7 | glib 8 | wl-clipboard-rs 9 | ]; 10 | sessionVariables = { 11 | __GL_GSYNC_ALLOWED = "0"; 12 | __GL_VRR_ALLOWED = "0"; 13 | WLR_DRM_NO_ATOMIC = "1"; 14 | XDG_SESSION_TYPE = "wayland"; 15 | _JAVA_AWT_WM_NONREPARENTING = "1"; 16 | QT_QPA_PLATFORM = "wayland"; 17 | QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; 18 | GDK_BACKEND = "wayland"; 19 | MOZ_ENABLE_WAYLAND = "1"; 20 | XCURSOR_SIZE = "24"; 21 | NIXOS_OZONE_WL = "1"; 22 | EDITOR = "hx"; 23 | TERMINAL = "wezterm"; 24 | }; 25 | }; 26 | 27 | services.dbus.enable = true; 28 | xdg.portal = { 29 | enable = true; 30 | extraPortals = with pkgs; [ 31 | xdg-desktop-portal 32 | xdg-desktop-portal-gtk 33 | ]; 34 | config = { 35 | common.default = "*"; 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /hosts/haru/services/unbound.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.unbound = { 3 | enable = true; 4 | resolveLocalQueries = false; 5 | enableRootTrustAnchor = true; 6 | settings = { 7 | server = { 8 | verbosity = 0; 9 | interface = "0.0.0.0"; 10 | port = 5335; 11 | do-ip4 = true; 12 | do-udp = true; 13 | do-tcp = true; 14 | harden-glue = true; 15 | harden-dnssec-stripped = true; 16 | use-caps-for-id = false; 17 | edns-buffer-size = 1232; 18 | prefetch = true; 19 | num-threads = 2; 20 | so-rcvbuf = "1m"; 21 | access-control = [ 22 | "10.0.0.0/8 allow" 23 | "172.16.0.0/12 allow" 24 | "192.168.0.0/16 allow" 25 | ]; 26 | private-address = [ 27 | "192.168.0.0/16" 28 | "169.254.0.0/16" 29 | "172.16.0.0/12" 30 | "10.0.0.0/8" 31 | "fd00::/8" 32 | "fe80::/10" 33 | ]; 34 | }; 35 | }; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/sora/services/terraria.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [ 7777 ]; 3 | virtualisation.oci-containers.containers.terraria = { 4 | image = "jacobsmile/tmodloader1.4:v2023.11.3.3"; 5 | ports = [ "7777:7777" ]; 6 | volumes = [ "/var/lib/terraria/tmodloader:/data" ]; 7 | environment = { 8 | TMOD_MOTD = "forsen"; 9 | TMOD_PASS = "forsen"; 10 | TMOD_AUTOSAVE_INTERVAL = "10"; 11 | TMOD_SHUTDOWN_MESSAGE = "Server is shutting down NOW!"; 12 | TMOD_AUTODOWNLOAD = "2824688072,2824688266,2669644269,2563309347,2619954303,2687866031,2563851005,2908170107"; 13 | TMOD_ENABLEDMODS = "2824688072,2824688266,2669644269,2563309347,2619954303,2687866031,2563851005,2908170107"; 14 | TMOD_MAXPLAYERS = "10"; 15 | TMOD_WORLDNAME = "forsenv2"; 16 | TMOD_WORLDSIZE = "3"; 17 | TMOD_DIFFICULTY = "2"; 18 | TMOD_NPCSTREAM = "60"; 19 | TMOD_WORLDSEED = "random"; 20 | TMOD_LANGUAGE = "en-US"; 21 | TMOD_UPNP = "1"; 22 | }; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /hosts/yuki/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-yuki = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | environment.systemPackages = [ pkgs.restic ]; 11 | services.restic = { 12 | backups = { 13 | yuki = { 14 | user = "root"; 15 | paths = [ 16 | "/home/notoh/docker" 17 | "/var/lib/jellyfin" 18 | "/var/lib/private/jellyseerr" 19 | ]; 20 | exclude = [ 21 | "/home/notoh/docker/stash/data" 22 | ]; 23 | pruneOpts = [ 24 | "--keep-daily=7" 25 | "--keep-weekly=6" 26 | "--keep-monthly=5" 27 | ]; 28 | initialize = true; 29 | repository = "/nas/restic"; 30 | passwordFile = config.sops.secrets.restic-yuki.path; 31 | timerConfig = { 32 | OnCalendar = "daily"; 33 | RandomizedDelaySec = "20m"; 34 | Persistent = true; 35 | }; 36 | }; 37 | }; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /home/programs/media/spicetify.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | let 7 | spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.system}; 8 | in 9 | { 10 | imports = [ inputs.spicetify-nix.homeManagerModules.default ]; 11 | programs.spicetify = { 12 | enable = true; 13 | experimentalFeatures = true; 14 | wayland = true; 15 | theme = { 16 | name = "Blackout"; 17 | src = "${ 18 | pkgs.fetchFromGitHub { 19 | owner = "spicetify"; 20 | repo = "spicetify-themes"; 21 | rev = "726097a544172523cdae15da8d3c84032aec8c3b"; 22 | sha256 = "sha256-mQgkmbkgzfWlT1iv4jB/cw95v4q0/+57B9rgmezAY34="; 23 | } 24 | }/Blackout"; 25 | }; 26 | colorScheme = "def"; 27 | enabledExtensions = with spicePkgs.extensions; [ 28 | beautifulLyrics 29 | shuffle 30 | fullAlbumDate 31 | showQueueDuration 32 | history 33 | hidePodcasts 34 | playNext 35 | volumePercentage 36 | lastfm 37 | ]; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /hosts/yuki/services/romm.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | sops.secrets = { 4 | romm-env = { }; 5 | }; 6 | virtualisation.oci-containers.containers = 7 | let 8 | rommDir = "/var/lib/romm"; 9 | in 10 | { 11 | romm = { 12 | image = "rommapp/romm@sha256:1895c339b3c7ca62d52f809f5e4c747d78fc8291ea5ee88b3b57df84acf33449"; 13 | ports = [ "8080:8080" ]; 14 | environmentFiles = [ config.sops.secrets.romm-env.path ]; 15 | environment = { 16 | ROMM_DB_DRIVER = "postgresql"; 17 | DB_HOST = "192.168.1.211"; 18 | DB_PORT = "5432"; 19 | DB_NAME = "romm"; 20 | DB_USER = "romm"; 21 | }; 22 | volumes = [ 23 | "${rommDir}/resources:/romm/resources" 24 | "${rommDir}/redis-data:/redis-data" 25 | "${rommDir}/library:/romm/library" 26 | "${rommDir}/assets:/romm/assets" 27 | "${rommDir}/config:/romm/config" 28 | ]; 29 | extraOptions = [ "--network=host" ]; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /hosts/haru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | extraModulePackages = [ ]; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = [ 22 | "ata_piix" 23 | "uhci_hcd" 24 | "virtio_pci" 25 | "virtio_scsi" 26 | "sd_mod" 27 | "sr_mod" 28 | ]; 29 | kernelModules = [ ]; 30 | }; 31 | }; 32 | 33 | fileSystems = { 34 | "/" = { 35 | device = "/dev/disk/by-uuid/06177115-2e39-493b-81fb-5a1980ae0534"; 36 | fsType = "ext4"; 37 | }; 38 | }; 39 | 40 | zramSwap = { 41 | enable = true; 42 | swapDevices = 1; 43 | algorithm = "zstd"; 44 | }; 45 | 46 | networking.useDHCP = lib.mkDefault true; 47 | 48 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 49 | } 50 | -------------------------------------------------------------------------------- /hosts/sakura/services/pocketid.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | sops.secrets.pocketid-env = { 4 | owner = "pocket-id"; 5 | }; 6 | services.pocket-id = { 7 | enable = true; 8 | user = "pocket-id"; 9 | environmentFile = config.sops.secrets.pocketid-env.path; 10 | settings = { 11 | TRUST_PROXY = true; 12 | APP_URL = "https://passport.notohh.dev"; 13 | ANALYTICS_DISABLED = true; 14 | ALLOW_USER_SIGNUPS = "disabled"; 15 | UI_CONFIG_DISABLED = true; 16 | ALLOW_OWN_ACCOUNT_EDIT = true; 17 | DB_PROVIDER = "postgres"; 18 | DB_CONNECTION_STRING = "postgres://pocketid:pocketid@192.168.1.211:5432/pocketid"; 19 | KEYS_STORAGE = "database"; 20 | SMTP_HOST = "mail.smtp2go.com"; 21 | SMTP_PORT = 587; 22 | SMTP_FROM = "passport@flake.sh"; 23 | SMTP_USER = "pocketid-mailer"; 24 | SMTP_TLS = "starttls"; 25 | EMAIL_LOGIN_NOTIFICATION_ENABLED = true; 26 | EMAIL_API_KEY_EXPIRATION_ENABLED = true; 27 | EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED = true; 28 | }; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /hosts/tsuru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | extraModulePackages = [ ]; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = [ 22 | "ata_piix" 23 | "uhci_hcd" 24 | "virtio_pci" 25 | "virtio_scsi" 26 | "sd_mod" 27 | "sr_mod" 28 | ]; 29 | kernelModules = [ ]; 30 | }; 31 | }; 32 | 33 | fileSystems = { 34 | "/" = { 35 | device = "/dev/disk/by-uuid/625f557a-99a0-4e2d-9aef-f3aed7cea1c8"; 36 | fsType = "ext4"; 37 | }; 38 | }; 39 | 40 | zramSwap = { 41 | enable = true; 42 | swapDevices = 1; 43 | algorithm = "zstd"; 44 | }; 45 | 46 | networking.useDHCP = lib.mkDefault true; 47 | 48 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 49 | } 50 | -------------------------------------------------------------------------------- /hosts/sakura/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-sakura = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | environment.systemPackages = [ pkgs.restic ]; 11 | services.restic = { 12 | backups = { 13 | sakura = { 14 | user = "root"; 15 | paths = [ 16 | "/home/notoh/justlog" 17 | "/var/lib/rustypaste" 18 | "/var/lib/forgejo" 19 | ]; 20 | exclude = [ 21 | "/home/notoh/justlog/logs" 22 | "/var/lib/rustypaste/uploads" 23 | ]; 24 | pruneOpts = [ 25 | "--keep-daily=7" 26 | "--keep-weekly=6" 27 | "--keep-monthly=5" 28 | ]; 29 | initialize = true; 30 | repository = "/nas/restic"; 31 | passwordFile = config.sops.secrets.restic-sakura.path; 32 | timerConfig = { 33 | OnCalendar = "daily"; 34 | RandomizedDelaySec = "20m"; 35 | Persistent = true; 36 | }; 37 | }; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /hosts/sora/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets = { 8 | restic-sora = { 9 | sopsFile = ../../../secrets/restic/secrets.yaml; 10 | }; 11 | sora-s3 = { 12 | sopsFile = ../../../secrets/s3/secrets.yaml; 13 | }; 14 | }; 15 | environment.systemPackages = [ pkgs.restic ]; 16 | services.restic = { 17 | backups = { 18 | sora = { 19 | user = "root"; 20 | paths = [ 21 | "/var/lib/private/uptime-kuma" 22 | "/var/lib/private/ntfy-sh" 23 | ]; 24 | pruneOpts = [ 25 | "--keep-daily=7" 26 | "--keep-weekly=6" 27 | "--keep-monthly=5" 28 | ]; 29 | repository = "s3:https://s3.wasabisys.com/sora-restic"; 30 | initialize = true; 31 | passwordFile = config.sops.secrets.restic-sora.path; 32 | environmentFile = config.sops.secrets.sora-s3.path; 33 | timerConfig = { 34 | OnCalendar = "daily"; 35 | Persistent = true; 36 | }; 37 | }; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /hosts/common/system.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | documentation = { 4 | enable = true; 5 | doc.enable = false; 6 | man.enable = true; 7 | dev.enable = false; 8 | }; 9 | 10 | services = { 11 | fstrim = { 12 | enable = true; 13 | }; 14 | tailscale.enable = true; 15 | }; 16 | 17 | i18n = { 18 | defaultLocale = "en_US.UTF-8"; 19 | extraLocaleSettings = { 20 | LC_ADDRESS = "en_US.UTF-8"; 21 | LC_IDENTIFICATION = "en_US.UTF-8"; 22 | LC_MEASUREMENT = "en_US.UTF-8"; 23 | LC_MONETARY = "en_US.UTF-8"; 24 | LC_NAME = "en_US.UTF-8"; 25 | LC_NUMERIC = "en_US.UTF-8"; 26 | LC_PAPER = "en_US.UTF-8"; 27 | LC_TELEPHONE = "en_US.UTF-8"; 28 | LC_TIME = "en_US.UTF-8"; 29 | }; 30 | }; 31 | 32 | environment.etc."mdadm.conf".text = '' 33 | MAILADDR root 34 | ''; 35 | 36 | boot.kernelPackages = pkgs.linuxPackages_latest; 37 | 38 | systemd = { 39 | services.systemd-udevd.restartIfChanged = false; 40 | settings.Manager = { 41 | DefaultTimeoutStopSec = "5s"; 42 | }; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /pkgs/wayscriber/default.nix: -------------------------------------------------------------------------------- 1 | # will be removed for upstream nixpkgs version eventually 2 | { 3 | pkgs, 4 | rustPlatform, 5 | fetchFromGitHub, 6 | lib, 7 | ... 8 | }: 9 | rustPlatform.buildRustPackage rec { 10 | pname = "wayscriber"; 11 | version = "v0.8.7"; 12 | src = fetchFromGitHub { 13 | owner = "devmobasa"; 14 | repo = "wayscriber"; 15 | rev = version; 16 | sha256 = "sha256-CJ3UleMFk033zuz507KIhHkVRRayh6Z+OdaREhFs0GM="; 17 | }; 18 | 19 | nativeBuildInputs = [ pkgs.pkg-config ]; 20 | buildInputs = with pkgs; [ 21 | pango 22 | libxkbcommon 23 | ]; 24 | 25 | cargoHash = "sha256-cLV7NRQGK2jjCBOeTNe86ESV4TG0vTYJu3K5aQHQrXo="; 26 | 27 | meta = with lib; { 28 | description = '' 29 | Live overlay for drawing, annotating, hiding text, 30 | and capturing screenshots on Wayland. Can be used as whiteboard or blackboard. 31 | Highly customisable. 32 | ''; 33 | mainProgram = "wayscriber"; 34 | homepage = "https://github.com/devmobasa/wayscriber"; 35 | license = licenses.mit; 36 | maintainers = with maintainers; [ notohh ]; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /home/profiles/default.nix: -------------------------------------------------------------------------------- 1 | # stolen from fufexan 2 | { 3 | inputs, 4 | self, 5 | ... 6 | }: 7 | let 8 | extraSpecialArgs = { inherit inputs self; }; 9 | 10 | homeImports = { 11 | "notoh@tsuki" = [ 12 | ../. 13 | ./tsuki 14 | ]; 15 | "notoh@ame" = [ 16 | ../. 17 | ./ame 18 | ]; 19 | default = [ 20 | ../. 21 | ./default 22 | ]; 23 | }; 24 | 25 | inherit (inputs.hm.lib) homeManagerConfiguration; 26 | 27 | pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; 28 | in 29 | { 30 | _module.args = { inherit homeImports; }; 31 | 32 | flake = { 33 | homeConfigurations = { 34 | "notoh_tsuki" = homeManagerConfiguration { 35 | modules = homeImports."notoh@tsuki"; 36 | inherit pkgs extraSpecialArgs; 37 | }; 38 | 39 | "notoh_ame" = homeManagerConfiguration { 40 | modules = homeImports."notoh@ame"; 41 | inherit pkgs extraSpecialArgs; 42 | }; 43 | 44 | default = homeManagerConfiguration { 45 | modules = homeImports.default; 46 | inherit pkgs extraSpecialArgs; 47 | }; 48 | }; 49 | }; 50 | } 51 | -------------------------------------------------------------------------------- /home/programs/editors/nvchad/plugins.lua: -------------------------------------------------------------------------------- 1 | return { 2 | { "vyfor/cord.nvim", lazy = false }, 3 | { "stevearc/conform.nvim", lazy = false }, 4 | { "wakatime/vim-wakatime", lazy = false }, 5 | { 6 | "folke/trouble.nvim", 7 | opts = {}, 8 | cmd = "Trouble", 9 | keys = { 10 | { 11 | "xx", 12 | "Trouble diagnostics toggle", 13 | desc = "Diagnostics (Trouble)", 14 | }, 15 | { 16 | "xX", 17 | "Trouble diagnostics toggle filter.buf=0", 18 | desc = "Buffer Diagnostics (Trouble)", 19 | }, 20 | { 21 | "cs", 22 | "Trouble symbols toggle focus=false", 23 | desc = "Symbols (Trouble)", 24 | }, 25 | { 26 | "cl", 27 | "Trouble lsp toggle focus=false win.position=right", 28 | desc = "LSP Definitions / references / ... (Trouble)", 29 | }, 30 | { 31 | "xL", 32 | "Trouble loclist toggle", 33 | desc = "Location List (Trouble)", 34 | }, 35 | { 36 | "xQ", 37 | "Trouble qflist toggle", 38 | desc = "Quickfix List (Trouble)", 39 | }, 40 | }, 41 | }, 42 | } 43 | -------------------------------------------------------------------------------- /hosts/sakura/services/vaultwarden.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.vaultwarden-env = { }; 8 | services.vaultwarden = { 9 | enable = true; 10 | package = pkgs.vaultwarden-postgresql; 11 | dbBackend = "postgresql"; 12 | config = { 13 | DOMAIN = "https://vault.flake.sh/"; 14 | SIGNUPS_ALLOWED = false; 15 | SIGNUPS_VERIFY = true; 16 | SIGNUPS_VERIFY_RESEND_TIME = 3600; 17 | DATABASE_URL = "postgresql://vaultwarden:vaultwarden@192.168.1.211:5432/vaultwarden"; 18 | LOG_LEVEL = "Info"; 19 | ROCKET_ADDRESS = "0.0.0.0"; 20 | ROCKET_PORT = 8222; 21 | ROCKET_LOG = "critical"; 22 | # mailer 23 | SMTP_HOST = "mail.smtp2go.com"; 24 | SMTP_PORT = 587; 25 | SMTP_SECURITY = "starttls"; 26 | SMTP_FROM = "vault@flake.sh"; 27 | SMTP_FROM_NAME = "Vaultwarden"; 28 | SMTP_USERNAME = "vaultwarden-mailer"; 29 | SMTP_TIMEOUT = 15; 30 | EXPERIMENTAL_CLIENT_FEATURE_FLAGS = "autofill-v2,extension-refresh,ssh-key-vault-item,ssh-agent"; 31 | }; 32 | environmentFile = config.sops.secrets.vaultwarden-env.path; 33 | }; 34 | } 35 | -------------------------------------------------------------------------------- /hosts/arashi/services/valkey.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | environment.systemPackages = [ pkgs.redis-dump ]; 4 | services.redis = { 5 | package = pkgs.valkey; 6 | servers = { 7 | forgejo = { 8 | enable = true; 9 | openFirewall = true; 10 | port = 6379; 11 | bind = null; 12 | databases = 1; 13 | logLevel = "debug"; 14 | requirePass = "forgejo"; 15 | settings = { 16 | protected-mode = "no"; 17 | }; 18 | }; 19 | vikunja = { 20 | enable = true; 21 | openFirewall = true; 22 | port = 6380; 23 | bind = null; 24 | databases = 1; 25 | logLevel = "debug"; 26 | requirePass = "vikunja"; 27 | settings = { 28 | protected-mode = "no"; 29 | }; 30 | }; 31 | blocky = { 32 | enable = true; 33 | openFirewall = true; 34 | port = 6381; 35 | bind = null; 36 | databases = 1; 37 | logLevel = "debug"; 38 | requirePass = "blocky"; 39 | settings = { 40 | protected-mode = "no"; 41 | }; 42 | }; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /home/default.nix: -------------------------------------------------------------------------------- 1 | { inputs, pkgs, ... }: 2 | { 3 | systemd.user.startServices = "sd-switch"; 4 | programs.home-manager.enable = true; 5 | 6 | imports = [ 7 | inputs.nix-index-database.homeModules.nix-index 8 | ./programs/editors/helix 9 | ./programs/terminal/lazygit 10 | ./programs/terminal/nushell 11 | ./programs/terminal/yazi 12 | ./programs/terminal/atuin.nix 13 | ./programs/terminal/bat.nix 14 | ./programs/terminal/bottom.nix 15 | ./programs/terminal/starship.nix 16 | ./programs/terminal/zoxide.nix 17 | ./programs/terminal/direnv.nix 18 | ./programs/terminal/git.nix 19 | ./programs/tealdeer.nix 20 | ]; 21 | 22 | home = { 23 | username = "notoh"; 24 | homeDirectory = "/home/notoh"; 25 | packages = with pkgs; [ 26 | wget 27 | croc 28 | eza 29 | eva 30 | fd 31 | dust 32 | gnupg 33 | ripgrep 34 | lazydocker 35 | ffmpeg 36 | yt-dlp 37 | nfs-utils 38 | dig 39 | tailspin 40 | nitch 41 | unzip 42 | unrar 43 | p7zip 44 | procs 45 | ]; 46 | stateVersion = "23.05"; 47 | }; 48 | programs.nix-index-database.comma.enable = true; 49 | } 50 | -------------------------------------------------------------------------------- /hosts/sora/services/attic.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | sops.secrets.attic = { }; 8 | 9 | environment.systemPackages = [ pkgs.attic-client ]; 10 | 11 | services.atticd = { 12 | enable = true; 13 | environmentFile = config.sops.secrets.attic.path; 14 | settings = { 15 | listen = "[::]:8200"; 16 | allowed-hosts = [ "cache.flake.sh" ]; 17 | database.url = "postgres://attic:attic@100.94.214.100:5432/attic"; 18 | api-endpoint = "https://cache.flake.sh/"; 19 | require-proof-of-possession = false; 20 | chunking = { 21 | nar-size-threshold = 0; 22 | 23 | min-size = 16 * 1024; # 16 KiB 24 | 25 | avg-size = 64 * 1024; # 64 KiB 26 | 27 | max-size = 256 * 1024; # 256 KiB 28 | }; 29 | garbage-collection = { 30 | interval = "12 hours"; 31 | default-retention-period = "36 weeks"; 32 | }; 33 | compression = { 34 | type = "zstd"; 35 | level = 9; 36 | }; 37 | storage = { 38 | type = "s3"; 39 | region = "us-east-1"; 40 | bucket = "kyasshu"; 41 | endpoint = "https://s3.wasabisys.com"; 42 | }; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/arashi/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | kernel.sysctl = { 14 | "kernel.shmmax" = 100663296; 15 | }; 16 | extraModulePackages = [ ]; 17 | loader.grub = { 18 | enable = true; 19 | configurationLimit = 5; 20 | device = "/dev/sda"; 21 | useOSProber = false; 22 | }; 23 | initrd = { 24 | availableKernelModules = [ 25 | "ata_piix" 26 | "uhci_hcd" 27 | "virtio_pci" 28 | "virtio_scsi" 29 | "sd_mod" 30 | "sr_mod" 31 | ]; 32 | kernelModules = [ ]; 33 | }; 34 | }; 35 | 36 | fileSystems = { 37 | "/" = { 38 | device = "/dev/disk/by-uuid/3fd88f1f-cec3-4737-b9d0-6c8f026c3927"; 39 | fsType = "ext4"; 40 | }; 41 | "/nas/restic" = { 42 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/arashi"; 43 | fsType = "nfs"; 44 | }; 45 | }; 46 | 47 | zramSwap = { 48 | enable = true; 49 | swapDevices = 1; 50 | algorithm = "zstd"; 51 | }; 52 | 53 | networking.useDHCP = lib.mkDefault true; 54 | 55 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 56 | } 57 | -------------------------------------------------------------------------------- /hosts/common/prometheus.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | networking.firewall.allowedTCPPorts = [ 9090 ]; 3 | services.prometheus = { 4 | enable = true; 5 | globalConfig = { 6 | scrape_interval = "15s"; 7 | evaluation_interval = "15s"; 8 | }; 9 | scrapeConfigs = [ 10 | { 11 | job_name = "prometheus"; 12 | static_configs = [ { targets = [ "localhost:9090" ]; } ]; 13 | } 14 | { 15 | job_name = "node"; 16 | static_configs = [ { targets = [ "localhost:9100" ]; } ]; 17 | } 18 | { 19 | job_name = "traefik"; 20 | static_configs = [ { targets = [ "100.104.42.96:8080" ]; } ]; 21 | } 22 | { 23 | job_name = "postgres"; 24 | static_configs = [ { targets = [ "100.94.214.100:9003" ]; } ]; 25 | } 26 | { 27 | job_name = "blocky"; 28 | static_configs = [ { targets = [ "100.73.192.45:4000" ]; } ]; 29 | } 30 | { 31 | job_name = "redis_exporter"; 32 | static_configs = [ { targets = [ "100.94.214.100:9002" ]; } ]; 33 | } 34 | ]; 35 | exporters = { 36 | node = { 37 | enable = true; 38 | enabledCollectors = [ 39 | "systemd" 40 | "cpu" 41 | ]; 42 | }; 43 | }; 44 | }; 45 | } 46 | -------------------------------------------------------------------------------- /hosts/tsuki/gaming.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.nix-gaming.nixosModules.platformOptimizations 9 | ]; 10 | environment.systemPackages = [ 11 | pkgs.android-tools # for wired wivrn 12 | ]; 13 | services = { 14 | wivrn = { 15 | enable = true; 16 | defaultRuntime = true; 17 | openFirewall = true; 18 | autoStart = true; 19 | monadoEnvironment = { 20 | U_PACING_COMP_MIN_TIME_MS = "8"; 21 | XRT_COMPOSITOR_COMPUTE = "1"; 22 | }; 23 | }; 24 | sunshine = { 25 | enable = true; 26 | autoStart = false; 27 | openFirewall = true; 28 | capSysAdmin = true; 29 | }; 30 | ananicy = { 31 | enable = true; 32 | package = pkgs.ananicy-cpp; 33 | rulesProvider = pkgs.ananicy-cpp; 34 | extraRules = [ 35 | { 36 | "name" = "gamescope"; 37 | "nice" = -20; 38 | } 39 | ]; 40 | }; 41 | }; 42 | programs = { 43 | steam = { 44 | enable = true; 45 | package = pkgs.steam-millennium; 46 | platformOptimizations.enable = true; 47 | gamescopeSession.enable = true; 48 | extraCompatPackages = [ 49 | pkgs.proton-ge-bin 50 | ]; 51 | }; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /home/programs/terminal/nushell/env.nu: -------------------------------------------------------------------------------- 1 | def create_left_prompt [] { 2 | let path_segment = if (is-admin) { 3 | $"(ansi red_bold)($env.PWD)" 4 | } else { 5 | $"(ansi green_bold)($env.PWD)" 6 | } 7 | 8 | $path_segment 9 | } 10 | 11 | def create_right_prompt [] { 12 | let time_segment = ([ 13 | (date now | format date '%m/%d/%Y %r') 14 | ] | str join) 15 | 16 | $time_segment 17 | } 18 | 19 | $env.PROMPT_COMMAND = {|| create_left_prompt } 20 | $env.PROMPT_COMMAND_RIGHT = {|| create_right_prompt } 21 | $env.PROMPT_INDICATOR = {|| "" } 22 | $env.PROMPT_INDICATOR_VI_INSERT = {|| "" } 23 | $env.PROMPT_INDICATOR_VI_NORMAL = {|| "" } 24 | $env.PROMPT_MULTILINE_INDICATOR = {|| "" } 25 | $env.ENV_CONVERSIONS = { 26 | "PATH": { 27 | from_string: { |s| $s | split row (char esep) | path expand -n } 28 | to_string: { |v| $v | path expand -n | str join (char esep) } 29 | } 30 | "Path": { 31 | from_string: { |s| $s | split row (char esep) | path expand -n } 32 | to_string: { |v| $v | path expand -n | str join (char esep) } 33 | } 34 | } 35 | 36 | $env.NU_LIB_DIRS = [ 37 | ($nu.config-path | path dirname | path join 'scripts') 38 | ] 39 | 40 | $env.NU_PLUGIN_DIRS = [ 41 | ($nu.config-path | path dirname | path join 'plugins') 42 | ] 43 | -------------------------------------------------------------------------------- /home/programs/media/zathura.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | programs.zathura = { 3 | enable = true; 4 | extraConfig = '' 5 | set notification-error-bg "#f7768e" 6 | set notification-error-fg "#c0caf5" 7 | set notification-warning-bg "#e0af68" 8 | set notification-warning-fg "#414868" 9 | set notification-bg "#1a1b26" 10 | set notification-fg "#c0caf5" 11 | set completion-bg "#1a1b26" 12 | set completion-fg "#a9b1d6" 13 | set completion-group-bg "#1a1b26" 14 | set completion-group-fg "#a9b1d6" 15 | set completion-highlight-bg "#414868" 16 | set completion-highlight-fg "#c0caf5" 17 | set index-bg "#1a1b26" 18 | set index-fg "#c0caf5" 19 | set index-active-bg "#414868" 20 | set index-active-fg "#c0caf5" 21 | set inputbar-bg "#1a1b26" 22 | set inputbar-fg "#c0caf5" 23 | set statusbar-bg "#1a1b26" 24 | set statusbar-fg "#c0caf5" 25 | set highlight-color "#e0af68" 26 | set highlight-active-color "#9ece6a" 27 | set default-bg "#1a1b26" 28 | set default-fg "#c0caf5" 29 | set render-loading true 30 | set render-loading-fg "#1a1b26" 31 | set render-loading-bg "#c0caf5" 32 | set recolor-lightcolor "#1a1b26" 33 | set recolor-darkcolor "#c0caf5" 34 | ''; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /hosts/kariru/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | extraModulePackages = [ ]; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = [ 22 | "ata_piix" 23 | "uhci_hcd" 24 | "virtio_pci" 25 | "virtio_scsi" 26 | "sd_mod" 27 | "sr_mod" 28 | ]; 29 | kernelModules = [ ]; 30 | }; 31 | }; 32 | 33 | fileSystems = { 34 | "/" = { 35 | device = "/dev/disk/by-uuid/f5a0738c-d027-4ffb-82ec-9901ca6b310b"; 36 | fsType = "ext4"; 37 | }; 38 | "/media" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/media"; 40 | fsType = "nfs"; 41 | }; 42 | "/nas/restic" = { 43 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/kariru"; 44 | fsType = "nfs"; 45 | }; 46 | }; 47 | 48 | zramSwap = { 49 | enable = true; 50 | swapDevices = 1; 51 | algorithm = "zstd"; 52 | }; 53 | 54 | networking.useDHCP = lib.mkDefault true; 55 | 56 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 57 | } 58 | -------------------------------------------------------------------------------- /hosts/ame/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-ame = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | sops.secrets.ame-s3 = { 11 | sopsFile = ../../../secrets/s3/secrets.yaml; 12 | }; 13 | environment.systemPackages = [ pkgs.restic ]; 14 | services.restic = { 15 | backups = { 16 | ame = { 17 | paths = [ 18 | "/home" 19 | ]; 20 | exclude = [ 21 | "*.qcow2" 22 | "*.iso" 23 | "/home/*/Downloads" 24 | "/home/*/Videos" 25 | "/home/*/.cache" 26 | "/home/*/.rustup" 27 | "/home/*/.cargo" 28 | "/home/*/.mplayer" 29 | "/home/*/.local/share/Trash" 30 | "/home/*/.local/share/.var" 31 | ]; 32 | pruneOpts = [ 33 | "--keep-daily=7" 34 | "--keep-weekly=6" 35 | "--keep-monthly=5" 36 | ]; 37 | initialize = true; 38 | repository = "s3:https://s3.flake.sh/restic-ame"; 39 | passwordFile = config.sops.secrets.restic-ame.path; 40 | environmentFile = config.sops.secrets.ame-s3.path; 41 | timerConfig = { 42 | OnCalendar = "daily"; 43 | Persistent = true; 44 | }; 45 | }; 46 | }; 47 | }; 48 | } 49 | -------------------------------------------------------------------------------- /hosts/sakura/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | extraModulePackages = [ ]; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = [ 22 | "ata_piix" 23 | "uhci_hcd" 24 | "virtio_pci" 25 | "virtio_scsi" 26 | "sd_mod" 27 | "sr_mod" 28 | ]; 29 | kernelModules = [ ]; 30 | }; 31 | }; 32 | 33 | fileSystems = { 34 | "/" = { 35 | device = "/dev/disk/by-uuid/db3e4722-35a6-44fb-8e4d-a75166b845cb"; 36 | fsType = "ext4"; 37 | }; 38 | "/nas/restic" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/sakura"; 40 | fsType = "nfs"; 41 | }; 42 | "/nas/copyparty" = { 43 | device = "192.168.1.199:/mnt/Sutoreji/copyparty"; 44 | fsType = "nfs"; 45 | }; 46 | }; 47 | 48 | zramSwap = { 49 | enable = true; 50 | swapDevices = 1; 51 | algorithm = "zstd"; 52 | }; 53 | 54 | networking.useDHCP = lib.mkDefault true; 55 | 56 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 57 | } 58 | -------------------------------------------------------------------------------- /hosts/tsuki/services/immich-backup.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | systemd = { 8 | services.immich-backup = 9 | let 10 | homeDir = "/home/notoh"; 11 | in 12 | { 13 | script = with pkgs; '' 14 | echo $DISPLAY 15 | export DISPLAY=:0.0 16 | echo $DISPLAY 17 | export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1000/bus 18 | ${lib.getExe immich-cli} upload --album-name "desktop screenshots" --recursive ${homeDir}/Pictures/screenshots 19 | ${lib.getExe immich-cli} upload --album-name "folderv2" --recursive ${homeDir}/Pictures/folderv2 20 | ${lib.getExe libnotify} --app-name "immich-backup" --urgency=low --icon=dialog-information "immich backup completed" 21 | ''; 22 | serviceConfig = { 23 | Type = "oneshot"; 24 | User = "notoh"; 25 | }; 26 | environment = { 27 | IMMICH_CONFIG_DIR = "${homeDir}/.config/immich"; 28 | }; 29 | }; 30 | timers.immich-backup = { 31 | wantedBy = [ "timers.target" ]; 32 | description = "immich backup timer"; 33 | timerConfig = { 34 | OnCalendar = "*-*-* 00:00:00"; 35 | Persistent = true; 36 | Unit = "immich-backup.service"; 37 | }; 38 | unitConfig = { 39 | Description = "immich backup timer"; 40 | }; 41 | }; 42 | }; 43 | } 44 | -------------------------------------------------------------------------------- /hosts/tsuru/services/woodpecker.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | sops.secrets.woodpecker-server = { }; 4 | sops.secrets.woodpecker-agent-secret = { }; 5 | services.woodpecker-server = { 6 | enable = true; 7 | environment = { 8 | WOODPECKER_SERVER_ADDR = ":8200"; 9 | WOODPECKER_GRPC_ADDR = ":8300"; 10 | WOODPECKER_HOST = "https://ci.flake.sh"; 11 | WOODPECKER_OPEN = "false"; 12 | WOODPECKER_GITEA = "true"; 13 | WOODPECKER_GITEA_URL = "https://git.flake.sh"; 14 | WOODPECKER_ADMIN = "notohh"; 15 | WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; 16 | WOODPECKER_LOG_LEVEL = "debug"; 17 | WOODPECKER_DEBUG_PRETTY = "true"; 18 | WOODPECKER_KEEPALIVE_MIN_TIME = "10s"; 19 | }; 20 | environmentFile = config.sops.secrets.woodpecker-server.path; 21 | }; 22 | 23 | services.woodpecker-agents.agents.nix = { 24 | enable = true; 25 | environment = { 26 | DOCKER_HOST = "unix:///var/run/docker.sock"; 27 | WOODPECKER_BACKEND = "docker"; 28 | WOODPECKER_SERVER = "localhost:8300"; 29 | WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path; 30 | WOODPECKER_LOG_LEVEL = "debug"; 31 | WOODPECKER_DEBUG_PRETTY = "true"; 32 | WOODPECKER_KEEPALIVE_MIN_TIME = "10s"; 33 | WOODPECKER_HEALTHCHECK = "true"; 34 | }; 35 | extraGroups = [ "docker" ]; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /hosts/sakura/services/copyparty.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | networking.firewall.allowedTCPPorts = [ 4 | 3210 5 | 3211 6 | ]; 7 | sops.secrets = { 8 | copyparty-passwd = { 9 | owner = "copyparty"; 10 | }; 11 | copyparty-catsh-passwd = { 12 | owner = "copyparty"; 13 | }; 14 | }; 15 | imports = [ 16 | inputs.copyparty.nixosModules.default 17 | ]; 18 | services.copyparty = { 19 | enable = true; 20 | settings = { 21 | i = "0.0.0.0"; 22 | p = [ 23 | 3210 24 | 3211 25 | ]; 26 | no-robots = true; 27 | xff-hdr = "x-forwarded-for"; 28 | xff-src = "100.104.42.96"; 29 | rproxy = 1; 30 | shr = "/shared"; 31 | shr-adm = "notohh, catsh"; 32 | theme = 2; 33 | }; 34 | accounts = { 35 | notohh = { 36 | passwordFile = "/run/secrets/copyparty-passwd"; 37 | }; 38 | catsh = { 39 | passwordFile = "/run/secrets/copyparty-catsh-passwd"; 40 | }; 41 | }; 42 | volumes = { 43 | "/" = { 44 | path = "/nas/copyparty/root"; 45 | access = { 46 | A = [ "notohh, catsh" ]; 47 | rg = "*"; 48 | }; 49 | flags = { 50 | fk = 4; 51 | scan = 60; 52 | e2d = true; 53 | d2t = true; 54 | nohash = "\.iso$"; 55 | v = 3; 56 | }; 57 | }; 58 | }; 59 | openFilesLimit = 8192; 60 | }; 61 | } 62 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/openers.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | programs.yazi.settings = { 4 | open.rules = [ 5 | { 6 | mime = "text/*"; 7 | use = [ 8 | "edit" 9 | "reveal" 10 | ]; 11 | } 12 | { 13 | mime = "image/*"; 14 | use = [ 15 | "image" 16 | "reveal" 17 | ]; 18 | } 19 | { 20 | mime = "video/*"; 21 | use = [ 22 | "play" 23 | "reveal" 24 | ]; 25 | } 26 | { 27 | mime = "application/json"; 28 | use = [ 29 | "edit" 30 | "reveal" 31 | ]; 32 | } 33 | { 34 | mime = "*"; 35 | use = [ 36 | "edit" 37 | "open" 38 | "reveal" 39 | ]; 40 | } 41 | ]; 42 | opener = { 43 | text = [ 44 | { 45 | run = ''hx "$@" ''; 46 | for = "linux"; 47 | } 48 | ]; 49 | image = [ 50 | { 51 | run = ''imv "$@" ''; 52 | block = true; 53 | for = "linux"; 54 | } 55 | ]; 56 | video = [ 57 | { 58 | run = ''mpv "$@" ''; 59 | block = true; 60 | for = "linux"; 61 | } 62 | ]; 63 | reveal = [ 64 | { 65 | run = ''${pkgs.exiftool}/bin/exiftool "$1";''; 66 | block = true; 67 | } 68 | ]; 69 | }; 70 | }; 71 | } 72 | -------------------------------------------------------------------------------- /hosts/kariru/services/torrent.nix: -------------------------------------------------------------------------------- 1 | { config, ... }: 2 | { 3 | sops.secrets.gluetun = { }; 4 | virtualisation.oci-containers.containers = { 5 | gluetun = { 6 | image = "qmcgaw/gluetun@sha256:2b42bfa046757145a5155acece417b65b4443c8033fb88661a8e9dcf7fda5a00"; # v3.40 7 | hostname = "gluetun"; 8 | ports = [ 9 | "8000:8000/tcp" # HTTP control server 10 | "8888:8888/tcp" # HTTP proxy 11 | "8388:8388/tcp" # Shadowsocks 12 | "8388:8388/udp" # Shadowsocks 13 | "8080:8080" # qb 14 | "6881:6881" # qb 15 | "6881:6881/udp" # qb 16 | ]; 17 | volumes = [ "/srv/gluetun:/tmp/gluetun" ]; 18 | environmentFiles = [ config.sops.secrets.gluetun.path ]; 19 | extraOptions = [ 20 | "--cap-add=NET_ADMIN" 21 | "--device=/dev/net/tun:/dev/net/tun" 22 | ]; 23 | }; 24 | qbittorrent = { 25 | image = "linuxserver/qbittorrent@sha256:50f490770308d0351e12618422e74e0613721b080f5db0bf840cf66a7281eea8"; # v5.0.4 26 | dependsOn = [ "gluetun" ]; 27 | environment = { 28 | PUID = "1001"; 29 | PGID = "2001"; 30 | TZ = "Etc/UTC"; 31 | WEBUI_PORT = "8080"; 32 | }; 33 | volumes = [ 34 | "/home/notoh/qbittorrent/config:/config" 35 | "/media/downloads:/downloads" 36 | "/media/incomplete-downloads:/incomplete-downloads" 37 | ]; 38 | extraOptions = [ "--network=container:gluetun" ]; 39 | }; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /hosts/kariru/services/default.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | networking.firewall.allowedTCPPorts = [ 4 | 9292 5 | 8111 6 | 8085 7 | 8181 8 | ]; 9 | 10 | imports = [ 11 | ./restic.nix 12 | ./torrent.nix 13 | ./syncthing.nix 14 | ]; 15 | 16 | environment.systemPackages = [ pkgs.recyclarr ]; 17 | services = { 18 | radarr = { 19 | enable = true; 20 | openFirewall = true; 21 | }; 22 | sonarr = { 23 | enable = true; 24 | openFirewall = true; 25 | }; 26 | prowlarr = { 27 | enable = true; 28 | openFirewall = true; 29 | }; 30 | sabnzbd.enable = true; 31 | }; 32 | 33 | virtualisation.oci-containers.containers = { 34 | byparr = { 35 | image = "ghcr.io/thephaseless/byparr@sha256:453ddd73debc110f42290d6d3b2bbe9b53c3ca7fed03beedd34538efdab46ea0"; # 2.0.0 36 | ports = [ "8191:8191" ]; 37 | extraOptions = [ "--network=host" ]; 38 | }; 39 | shoko = { 40 | image = "ghcr.io/shokoanime/server@sha256:dde0c5a8bddc226ae368827fd7df382602ad312a2337ebade8e5cc63fa0c4dac"; # v5.1.0 41 | ports = [ "8111:8111" ]; 42 | environment = { 43 | PUID = "1000"; 44 | PGID = "1000"; 45 | TZ = "Etc/UTC"; 46 | }; 47 | volumes = [ 48 | "/var/lib/shoko:/home/shoko/.shoko" 49 | "/media/anime:/media/anime" 50 | "/media/anime-movies:/media/anime-movies" 51 | ]; 52 | extraOptions = [ "--network=host" ]; 53 | }; 54 | }; 55 | } 56 | -------------------------------------------------------------------------------- /hosts/ame/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | lib, 5 | modulesPath, 6 | ... 7 | }: 8 | { 9 | imports = [ 10 | (modulesPath + "/installer/scan/not-detected.nix") 11 | inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t480 12 | ]; 13 | 14 | boot = { 15 | kernelModules = [ "kvm-intel" ]; 16 | extraModulePackages = [ ]; 17 | loader = { 18 | systemd-boot = { 19 | enable = true; 20 | configurationLimit = 8; 21 | }; 22 | efi = { 23 | canTouchEfiVariables = true; 24 | efiSysMountPoint = "/boot/efi"; 25 | }; 26 | }; 27 | initrd = { 28 | availableKernelModules = [ 29 | "xhci_pci" 30 | "ahci" 31 | "usb_storage" 32 | "sd_mod" 33 | ]; 34 | kernelModules = [ ]; 35 | }; 36 | }; 37 | 38 | fileSystems = { 39 | "/" = { 40 | device = "/dev/disk/by-uuid/825f1188-82bd-4a1d-9434-6b5dd29041c3"; 41 | fsType = "ext4"; 42 | }; 43 | "/boot/efi" = { 44 | device = "/dev/disk/by-uuid/59C2-1D06"; 45 | fsType = "vfat"; 46 | }; 47 | }; 48 | 49 | zramSwap = { 50 | enable = true; 51 | swapDevices = 1; 52 | algorithm = "zstd"; 53 | }; 54 | 55 | networking.useDHCP = lib.mkDefault true; 56 | 57 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 58 | powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; 59 | hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 60 | } 61 | -------------------------------------------------------------------------------- /hosts/tsuki/services/rnnoise.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | services.pipewire.extraConfig.pipewire."00-rnnoise.conf" = { 4 | "context.modules" = [ 5 | { 6 | "name" = "libpipewire-module-filter-chain"; 7 | "args" = { 8 | "node.description" = "Noise Cancelling source"; 9 | "media.name" = "Noise Cancelling source"; 10 | "filter.graph" = { 11 | "nodes" = [ 12 | { 13 | "type" = "ladspa"; 14 | "name" = "rnnoise"; 15 | "plugin" = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"; 16 | "label" = "noise_suppressor_stereo"; 17 | "control" = { 18 | "VAD Threshold (%)" = 50.0; 19 | "VAD Grace Period (ms)" = 1000; 20 | "Retroactive VAD Grace (ms)" = 100; 21 | }; 22 | } 23 | ]; 24 | }; 25 | "audio.position" = [ 26 | "FL" 27 | "FR" 28 | ]; 29 | "capture.props" = { 30 | "node.name" = "capture.rnnoise_source"; 31 | "node.passive" = true; 32 | "audio.rate" = 48000; 33 | }; 34 | "playback.props" = { 35 | "node.name" = "rnnoise_source"; 36 | "media.class" = "Audio/Source"; 37 | "media.role" = "Communication"; 38 | "audio.rate" = 48000; 39 | }; 40 | }; 41 | } 42 | ]; 43 | }; 44 | } 45 | -------------------------------------------------------------------------------- /home/profiles/tsuki/stylix.nix: -------------------------------------------------------------------------------- 1 | { inputs, pkgs, ... }: 2 | { 3 | imports = [ inputs.stylix.homeModules.stylix ]; 4 | stylix = { 5 | enable = true; 6 | autoEnable = false; 7 | polarity = "dark"; 8 | enableReleaseChecks = false; 9 | base16Scheme = "${pkgs.base16-schemes}/share/themes/onedark-dark.yaml"; 10 | fonts = { 11 | monospace = { 12 | name = "Maple Mono NF"; 13 | package = pkgs.maple-mono.NF; 14 | }; 15 | serif = { 16 | name = "Noto Serif"; 17 | package = pkgs.noto-fonts; 18 | }; 19 | sansSerif = { 20 | name = "Noto Sans"; 21 | package = pkgs.noto-fonts; 22 | }; 23 | emoji = { 24 | name = "Twitter Color Emoji"; 25 | package = pkgs.twitter-color-emoji; 26 | }; 27 | sizes = { 28 | applications = 12; 29 | desktop = 12; 30 | popups = 12; 31 | terminal = 12; 32 | }; 33 | }; 34 | cursor = { 35 | name = "Bibata-Modern-Classic"; 36 | package = pkgs.bibata-cursors; 37 | size = 24; 38 | }; 39 | opacity = { 40 | terminal = 0.6; 41 | }; 42 | targets = { 43 | fontconfig.enable = true; 44 | gtk.enable = true; 45 | qt.enable = true; 46 | lazygit.enable = true; 47 | nushell.enable = true; 48 | yazi.enable = true; 49 | zellij.enable = true; 50 | bat.enable = true; 51 | ghostty.enable = false; 52 | starship.enable = true; 53 | }; 54 | }; 55 | } 56 | -------------------------------------------------------------------------------- /hosts/common/README.md: -------------------------------------------------------------------------------- 1 | # :electric_plug: modules 2 | 3 | this directory hosts some common modules / services / security tweaks used on (most) hosts. 4 | 5 | | name | description | 6 | | ---------------- | ---------------------------------------------------------------------------------- | 7 | | `prometheus` | has default prometheus config for all hosts, along with exporters for select hosts | 8 | | `default` | used for commonly shared modules | 9 | | `fonts` | font handling | 10 | | `nix` | common nix configuration | 11 | | `openssh` | configures openssh options | 12 | | `security` | stolen from [hlissner](https://github.com/hlissner) | 13 | | `sops` | configures sops-nix | 14 | | `system` | commonly shared system settings | 15 | | `time` | force sets the time on all systems | 16 | | `users` | defines all hosts users & groups | 17 | | `virtualisation` | basic docker configuration | 18 | -------------------------------------------------------------------------------- /.woodpecker/flake-lock-update.yml: -------------------------------------------------------------------------------- 1 | clone: 2 | git: 3 | image: woodpeckerci/plugin-git 4 | settings: 5 | branch: flake-lock-update 6 | when: 7 | - event: cron 8 | cron: flake-lock-update 9 | 10 | steps: 11 | update: 12 | image: nixos/nix 13 | commands: | 14 | echo 'experimental-features = flakes nix-command' >> /etc/nix/nix.conf 15 | echo "access-tokens = github.com=$${GH_PAT}" >> /etc/nix/nix.conf 16 | nix flake update 17 | secrets: [gh_pat] 18 | push-changes: 19 | image: appleboy/drone-git-push 20 | settings: 21 | remote: ssh://forgejo@git.flake.sh:2222/notohh/snowflake.git 22 | branch: flake-lock-update 23 | local_ref: flake-lock-update 24 | ssh_key: 25 | from_secret: forgejo_ssh_key 26 | commit: true 27 | commit_message: "flake.lock: update" 28 | author_name: "WoodpeckerCI" 29 | author_email: "woodpecker@flake.sh" 30 | make-pr: 31 | image: johnwalkerx/gitea-pull-request-create-plugin:latest 32 | pull: true 33 | settings: 34 | gitea_address: https://git.flake.sh/ 35 | gitea_token: 36 | from_secret: forgejo_token 37 | owner: ${CI_REPO_OWNER} 38 | repo: ${CI_REPO_NAME} 39 | branch: flake-lock-update 40 | base_branch: master 41 | pr_title: "flake.lock: update" 42 | pr_body: PR automatically created by Woodpecker CI 43 | skip_on_missing_branch: false 44 | close_pr_if_empty: true 45 | delete_branch_if_pr_empty: true 46 | merge_when_checks_succeed: false 47 | delete_branch_after_merge: true 48 | -------------------------------------------------------------------------------- /secrets/s3/secrets.yaml: -------------------------------------------------------------------------------- 1 | sora-s3: ENC[AES256_GCM,data:uSfqakVboOuPf0liaeKj0QF95fM3ySqhakUOishzmHC2e2noftgdT3HNP+dnyXkKXvceLM+Ap++DRlIpGP0gCq49nHV0NjcD7vhKtO1RkNLKnGxMhDiQ82y8xTyUuUELQ8mRcbHg,iv:w54sLvA1WlrWnOnY8VKNSuqjlago4PwLKfSSjMEA8DM=,tag:9+42lJXSWDxGfgk8S2eiSg==,type:str] 2 | ame-s3: ENC[AES256_GCM,data:LftDLOs82cZG+2dBEtMp7eFws8bR788U6Aw5E6AVBvEVm0VEAIcfY2j9dToIkKOaxhqTYlFwyNTg8r+zG3DXDrgl2hersK6upljlddMjnAIUs0rVO3Gu5eoEzturuWT76tE9k+08,iv:IOutZJoomSWL23/wuukSPU4DnisNYxsODfoQXzlaTwY=,tag:elyitUxdcQK0GGslZulf9Q==,type:str] 3 | sops: 4 | kms: [] 5 | gcp_kms: [] 6 | azure_kv: [] 7 | hc_vault: [] 8 | age: 9 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 10 | enc: | 11 | -----BEGIN AGE ENCRYPTED FILE----- 12 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyK1BKNjcwZWFxVU9EeXRR 13 | c1FvVi9uT1NGajMrZzRaSFIwK0ZadUE5UGxJCnVCR3kycU02aHVMajJQUzJVeEt4 14 | VmhSMWZrSmtFK1RQMTZ2M0ZsSVBlZGMKLS0tIDVTWmlUN3p0dFNESGpmUlZMYVRo 15 | bE85dXI2VVN1Z2c0ZFQvdkQwM3FGbUkKWy5O+mqHTokLVV5FQ4UziVBadxpymX9D 16 | BHUoDve8WgKFkRCY46ibnYofIumJqYRiHXPSUN46QQMg0GDma3jWRA== 17 | -----END AGE ENCRYPTED FILE----- 18 | lastmodified: "2025-02-12T23:52:26Z" 19 | mac: ENC[AES256_GCM,data:ZrDrtuo+iygALZ2k2VZqfBg2UgPwabtduItJdyeQcZT6Sksg74LX2TVjpOul+/1acbjgvXVnXCUcfp0EGRkdjPkNsJk63KKbER+p5EX0dVqj1FHNDNg20OWyy+/WnbeWETj/vr15x+sodHtQjZFqSQLbgWdpsa+BzhNvzEBkSig=,iv:A+aPu+lWPZ/p+gcGTvMZSA9RNdp5DiWJDFs3gkuBrXU=,tag:2g91F1VyeVZ36G79py1NeQ==,type:str] 20 | pgp: [] 21 | unencrypted_suffix: _unencrypted 22 | version: 3.9.4 23 | -------------------------------------------------------------------------------- /secrets/tailscale/secrets.yaml: -------------------------------------------------------------------------------- 1 | tsauth-sora: ENC[AES256_GCM,data:GAgCIpYMS5e4t2RW4t6w9jI2mfJQdBq2eRBDAKt6HJ/JaZyv983bx5xojTStqOWYUIKaFZ5IL30=,iv:AQTKdSPr2G9tow/hbgFKSrh/i4D9JaFrc7/JFOvP1Bo=,tag:4ss1dNK0Z//JIWnds/hMKQ==,type:str] 2 | tsauth-sakura: ENC[AES256_GCM,data:YwZBqD1MoKzGUC4VgQXiNurPEZVvC0y7maY+1civrer4j8Cwp4m/N+aNyKy158D/FJjJLruq+qsI8kg1Cw==,iv:fJYLKsVZp754rRlgY/Y9LgIPJR/RX1Irjxi2V6usnm8=,tag:k9VFCxqOmCoJasQvnZWmcA==,type:str] 3 | tsauth-tsuru: ENC[AES256_GCM,data:xwKUF50aAFzgqgHB0dpnIW0893eBM5izRTbkoinfBYPpM53f5LGyt3nhIkPErVNV2XLg1WcLmxN8,iv:Os1yh1q1/00FLU46jekyvxR0qGdICyqoZKOZMU0hP40=,tag:/kbVkz/Fl0pmTe4Fq8m97w==,type:str] 4 | sops: 5 | age: 6 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 7 | enc: | 8 | -----BEGIN AGE ENCRYPTED FILE----- 9 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSXF1aHNHUSszd2hRSEc1 10 | OTh5WWhrYkN5alpncEYxQ1h4Skh3OS96dlI4Ck9LaTZkZHBhMitVNWdvcnhybU9T 11 | UUJsRmYwNU5iNi8zK3IxY0pjeGFzNFEKLS0tIHhNMG1QY2kyQlpYLy82Vk9WWCtU 12 | S2doM1FiZkRFT0dCckx4Tzd1b2pZRHMKEIsD+AjBcHOFSQiXrCuLv+IBcF+4vUYB 13 | YeHe81lcjqWO2TEcP1fdBh0JWUtDVXQbZiBDxs5Vlz35x/OnA9fwPQ== 14 | -----END AGE ENCRYPTED FILE----- 15 | lastmodified: "2025-11-21T23:20:54Z" 16 | mac: ENC[AES256_GCM,data:luuoY/pqZXfvmhBzW97z4DsTIaduDFE8Z6wQPaorwtN0JezuCtogXbZUoIUtvgT+RxQq6eovHpkYYlinjlzDYrN4ybY88c2On701vV3eshoulJEZOH5H1c3h+6j+ZPkO8y1C5lB6tTBt22COFaMSwaJ0eCq7Mypkxtcw2M0q3DE=,iv:nFqBzuHeHHhwbaNPTPwlvZQyUwrXW5t2s4UbXUv6njA=,tag:WvVG4Yc16rPukn7IcVk3Iw==,type:str] 17 | unencrypted_suffix: _unencrypted 18 | version: 3.11.0 19 | -------------------------------------------------------------------------------- /hosts/sakura/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | { 8 | sops.secrets.tsauth-sakura = { 9 | sopsFile = ../../../secrets/tailscale/secrets.yaml; 10 | }; 11 | environment.systemPackages = [ 12 | pkgs.jq 13 | pkgs.tailscale 14 | ]; 15 | services.tailscale = { 16 | useRoutingFeatures = lib.mkDefault "client"; 17 | }; 18 | networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; 19 | networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; 20 | 21 | systemd.services.tailscale-autoconnect = { 22 | description = "Automatic connection to Tailscale"; 23 | 24 | # make sure tailscale is running before trying to connect to tailscale 25 | after = [ 26 | "network-pre.target" 27 | "tailscale.service" 28 | ]; 29 | wants = [ 30 | "network-pre.target" 31 | "tailscale.service" 32 | ]; 33 | wantedBy = [ "multi-user.target" ]; 34 | 35 | # set this service as a oneshot job 36 | serviceConfig.Type = "oneshot"; 37 | 38 | # have the job run this shell script 39 | script = with pkgs; '' 40 | # wait for tailscaled to settle 41 | sleep 2 42 | 43 | # check if we are already authenticated to tailscale 44 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 45 | if [ $status = "Running" ]; then # if so, then do nothing 46 | exit 0 47 | fi 48 | 49 | # otherwise authenticate with tailscale 50 | ${tailscale}/bin/tailscale up -authkey file:${config.sops.secrets.tsauth-sakura.path} --exit-node=100.104.42.96 --exit-node-allow-lan-access=true --accept-dns=false 51 | ''; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /hosts/tsuru/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | { 8 | sops.secrets.tsauth-tsuru = { 9 | sopsFile = ../../../secrets/tailscale/secrets.yaml; 10 | }; 11 | environment.systemPackages = [ 12 | pkgs.jq 13 | pkgs.tailscale 14 | ]; 15 | services.tailscale = { 16 | useRoutingFeatures = lib.mkDefault "client"; 17 | }; 18 | networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; 19 | networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; 20 | 21 | systemd.services.tailscale-autoconnect = { 22 | description = "Automatic connection to Tailscale"; 23 | 24 | # make sure tailscale is running before trying to connect to tailscale 25 | after = [ 26 | "network-pre.target" 27 | "tailscale.service" 28 | ]; 29 | wants = [ 30 | "network-pre.target" 31 | "tailscale.service" 32 | ]; 33 | wantedBy = [ "multi-user.target" ]; 34 | 35 | # set this service as a oneshot job 36 | serviceConfig.Type = "oneshot"; 37 | 38 | # have the job run this shell script 39 | script = with pkgs; '' 40 | # wait for tailscaled to settle 41 | sleep 2 42 | 43 | # check if we are already authenticated to tailscale 44 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 45 | if [ $status = "Running" ]; then # if so, then do nothing 46 | exit 0 47 | fi 48 | 49 | # otherwise authenticate with tailscale 50 | ${tailscale}/bin/tailscale up -authkey file:${config.sops.secrets.tsauth-tsuru.path} --exit-node=100.104.42.96 --exit-node-allow-lan-access=true --accept-dns=false 51 | ''; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /hosts/sora/services/tailscale.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | pkgs, 5 | ... 6 | }: 7 | { 8 | sops.secrets.tsauth-sora = { 9 | sopsFile = ../../../secrets/tailscale/secrets.yaml; 10 | }; 11 | environment.systemPackages = [ 12 | pkgs.jq 13 | pkgs.tailscale 14 | ]; 15 | services.tailscale = { 16 | useRoutingFeatures = lib.mkDefault "server"; # important to make it a server, it sets sysctl for ip forwarding without intervention and reboot 17 | }; 18 | networking.firewall.allowedUDPPorts = [ config.services.tailscale.port ]; 19 | networking.firewall.trustedInterfaces = [ config.services.tailscale.interfaceName ]; 20 | 21 | systemd.services.tailscale-autoconnect = { 22 | description = "Automatic connection to Tailscale"; 23 | 24 | # make sure tailscale is running before trying to connect to tailscale 25 | after = [ 26 | "network-pre.target" 27 | "tailscale.service" 28 | ]; 29 | wants = [ 30 | "network-pre.target" 31 | "tailscale.service" 32 | ]; 33 | wantedBy = [ "multi-user.target" ]; 34 | 35 | # set this service as a oneshot job 36 | serviceConfig.Type = "oneshot"; 37 | 38 | # have the job run this shell script 39 | script = with pkgs; '' 40 | # wait for tailscaled to settle 41 | sleep 2 42 | 43 | # check if we are already authenticated to tailscale 44 | status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)" 45 | if [ $status = "Running" ]; then # if so, then do nothing 46 | exit 0 47 | fi 48 | 49 | # otherwise authenticate with tailscale 50 | ${tailscale}/bin/tailscale up --authkey file:${config.sops.secrets.tsauth-sora.path} --advertise-exit-node=true --accept-dns=false 51 | ''; 52 | }; 53 | } 54 | -------------------------------------------------------------------------------- /hosts/yuki/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | lib, 3 | modulesPath, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | (modulesPath + "/profiles/qemu-guest.nix") 9 | ]; 10 | 11 | boot = { 12 | kernelModules = [ ]; 13 | extraModulePackages = [ ]; 14 | loader.grub = { 15 | enable = true; 16 | configurationLimit = 5; 17 | device = "/dev/sda"; 18 | useOSProber = false; 19 | }; 20 | initrd = { 21 | availableKernelModules = [ 22 | "ata_piix" 23 | "uhci_hcd" 24 | "virtio_pci" 25 | "virtio_scsi" 26 | "sd_mod" 27 | "sr_mod" 28 | ]; 29 | kernelModules = [ ]; 30 | }; 31 | }; 32 | 33 | fileSystems = { 34 | "/" = { 35 | device = "/dev/disk/by-uuid/833959fb-de9d-4820-aa22-e6ce8bce6f6c"; 36 | fsType = "ext4"; 37 | }; 38 | "/media" = { 39 | device = "192.168.1.199:/mnt/Sutoreji/media"; 40 | fsType = "nfs"; 41 | }; 42 | "/stash-media" = { 43 | device = "192.168.1.199:/mnt/Sutoreji/stash"; 44 | fsType = "nfs"; 45 | }; 46 | "/nas/restic" = { 47 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/yuki"; 48 | fsType = "nfs"; 49 | }; 50 | "/var/lib/immich" = { 51 | device = "192.168.1.199:/mnt/Sutoreji/immich"; 52 | fsType = "nfs"; 53 | }; 54 | "/var/lib/romm" = { 55 | device = "192.168.1.199:/mnt/Sutoreji/romm"; 56 | fsType = "nfs"; 57 | }; 58 | "/var/lib/stash" = { 59 | device = "192.168.1.199:/mnt/Sutoreji/stash-data"; 60 | fsType = "nfs"; 61 | }; 62 | }; 63 | 64 | zramSwap = { 65 | enable = true; 66 | swapDevices = 1; 67 | algorithm = "zstd"; 68 | }; 69 | 70 | networking.useDHCP = lib.mkDefault true; 71 | 72 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 73 | } 74 | -------------------------------------------------------------------------------- /hosts/README.md: -------------------------------------------------------------------------------- 1 | # :computer: hosts 2 | 3 | my different hosts, each with their own unique configurations and purposes. 4 | 5 | | Name | Description | 6 | | --------- | --------------------------------------------------------------------------------------------------------------- | 7 | | `ame` | T480 laptop, mainly used for experimenting atm | 8 | | `arashi` | postgres / redis vm | 9 | | `haru` | adblocker / DNS proxy vm | 10 | | `kariru` | \*arr stack / seedbox vm | 11 | | `kaze` | s3 storage ran on a [buyvm slice](https://buyvm.net/kvm-dedicated-server-slices/), with block storage attached. | 12 | | `sakura` | main vm, hosting most internet connected services | 13 | | `sora` | hetzner vps | 14 | | `tsuki` | main machine running hyprland | 15 | | `tsuru` | vm for ci/cd runners, and (potentially) a binary cache | 16 | | `yuki` | my old proxmox machine, now running pure nix | 17 | | `default` | defines `nixosConfigurations` | 18 | | `deploy` | defines deployment nodes for deploy-rs | 19 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/binds.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | lib, 5 | ... 6 | }: 7 | { 8 | wayland.windowManager.hyprland.settings = with pkgs; { 9 | "$mainMod" = "SUPER"; 10 | bind = [ 11 | "$mainMod, Return, exec, ghostty" 12 | "$mainMod, Q, killactive," 13 | "$mainMod, V, togglefloating," 14 | "$mainMod, F, fullscreen," 15 | "$mainMod, R, exec, vicinae toggle" 16 | "$mainMod, P, pseudo," 17 | "$mainMod, J, togglesplit," 18 | "$mainMod, C, exec, ${lib.getExe inputs.hyprpicker.packages.${system}.default} | wl-copy" 19 | "$mainMod, Tab, exec, wayscriber -a" 20 | "$mainMod, left, movefocus, l" 21 | "$mainMod, right, movefocus, r" 22 | "$mainMod, up, movefocus, u" 23 | "$mainMod, down, movefocus, d" 24 | '', Print, exec, ${lib.getExe grim} -g "$(${lib.getExe slurp})" - | ${lib.getExe satty} -f - --fullscreen --output-filename ~/Pictures/screenshots/$(date '+%Y%m%d-%H:%M:%S').png'' 25 | "$mainMod, 1, workspace, 1" 26 | "$mainMod, 2, workspace, 2" 27 | "$mainMod, 3, workspace, 3" 28 | "$mainMod, 4, workspace, 4" 29 | "$mainMod, 5, workspace, 5" 30 | "$mainMod, 6, workspace, 6" 31 | "$mainMod, 7, workspace, 7" 32 | "$mainMod, 8, workspace, 8" 33 | "$mainMod, 9, workspace, 9" 34 | "$mainMod, 0, workspace, 10" 35 | "$mainMod SHIFT, 1, movetoworkspace, 1" 36 | "$mainMod SHIFT, 2, movetoworkspace, 2" 37 | "$mainMod SHIFT, 3, movetoworkspace, 3" 38 | "$mainMod SHIFT, 4, movetoworkspace, 4" 39 | "$mainMod SHIFT, 5, movetoworkspace, 5" 40 | "$mainMod SHIFT, 6, movetoworkspace, 6" 41 | "$mainMod SHIFT, 7, movetoworkspace, 7" 42 | "$mainMod SHIFT, 8, movetoworkspace, 8" 43 | "$mainMod SHIFT, 9, movetoworkspace, 9" 44 | "$mainMod SHIFT, 0, movetoworkspace, 10" 45 | ]; 46 | bindm = [ 47 | "$mainMod, mouse:272, movewindow" 48 | "$mainMod, mouse:273, resizewindow" 49 | ]; 50 | }; 51 | } 52 | -------------------------------------------------------------------------------- /hosts/tsuki/services/restic.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.restic-tsuki = { 8 | sopsFile = ../../../secrets/restic/secrets.yaml; 9 | }; 10 | sops.secrets.restic-osu = { 11 | sopsFile = ../../../secrets/restic/secrets.yaml; 12 | }; 13 | environment.systemPackages = [ pkgs.restic ]; 14 | services.restic = { 15 | backups = { 16 | tsuki = { 17 | user = "root"; 18 | paths = [ "/home" ]; 19 | exclude = [ 20 | "*.qcow2" 21 | "*.iso" 22 | "/home/*/Downloads" 23 | "/home/*/Games" 24 | "/home/*/Videos" 25 | "/home/*/osu!" 26 | "/home/*/.cache" 27 | "/home/*/.wine" 28 | "/home/*/.rustup" 29 | "/home/*/.cargo" 30 | "/home/*/.factorio" 31 | "/home/*/.mplayer" 32 | "/home/*/.steam" 33 | "/home/*/.eclipse" 34 | "/home/*/.bundle" 35 | "/home/*/.local/share/Trash" 36 | "/home/*/.local/share/Steam" 37 | "/home/*/.local/share/.var" 38 | ]; 39 | pruneOpts = [ 40 | "--keep-daily=7" 41 | "--keep-weekly=6" 42 | "--keep-monthly=5" 43 | ]; 44 | initialize = true; 45 | repository = "/nas/restic"; 46 | passwordFile = config.sops.secrets.restic-tsuki.path; 47 | timerConfig = { 48 | OnCalendar = "daily"; 49 | RandomizedDelaySec = "10m"; 50 | Persistent = true; 51 | }; 52 | }; 53 | osu = { 54 | user = "root"; 55 | paths = [ "/home/*/osu!" ]; 56 | pruneOpts = [ "--keep-last=2" ]; 57 | initialize = true; 58 | repository = "/nas/osu-backups"; 59 | passwordFile = config.sops.secrets.restic-osu.path; 60 | timerConfig = { 61 | OnCalendar = "weekly"; 62 | RandomizedDelaySec = "30m"; 63 | Persistent = true; 64 | }; 65 | }; 66 | }; 67 | }; 68 | } 69 | -------------------------------------------------------------------------------- /home/programs/terminal/zellij/layouts.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | home.file.".config/zellij/snowflake.kdl".text = '' 3 | layout { 4 | tab name="main" { 5 | pane size=1 borderless=true { 6 | plugin location="zellij:tab-bar" 7 | } 8 | pane split_direction="vertical" { 9 | pane size="110" 10 | pane split_direction="horizontal" { 11 | pane 12 | pane 13 | } 14 | } 15 | pane size=2 borderless=true { 16 | plugin location="zellij:status-bar" 17 | } 18 | } 19 | tab name="lazygit" { 20 | pane size=1 borderless=true { 21 | plugin location="zellij:tab-bar" 22 | } 23 | pane command="lazygit" 24 | pane size=2 borderless=true { 25 | plugin location="zellij:status-bar" 26 | } 27 | } 28 | tab name="spotify" { 29 | pane size=1 borderless=true { 30 | plugin location="zellij:tab-bar" 31 | } 32 | pane command="spotify_player" 33 | pane size=2 borderless=true { 34 | plugin location="zellij:status-bar" 35 | } 36 | } 37 | } 38 | 39 | ''; 40 | 41 | home.file."./.config/zellij/ssh.kdl".text = '' 42 | layout { 43 | tab name="ssh" { 44 | pane size=1 borderless=true { 45 | plugin location="zellij:tab-bar" 46 | } 47 | pane split_direction="vertical" { 48 | pane 49 | pane split_direction="horizontal" { 50 | pane command="ssh" { 51 | args "oh@100.117.178.88" 52 | } 53 | pane command="ssh" { 54 | args "oh@100.103.228.56" 55 | } 56 | } 57 | } 58 | pane size=2 borderless=true { 59 | plugin location="zellij:status-bar" 60 | } 61 | } 62 | } 63 | 64 | ''; 65 | } 66 | -------------------------------------------------------------------------------- /home/programs/editors/helix/default.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | imports = [ 3 | ./languages.nix 4 | ./themes/tokyonight.nix 5 | ./themes/onedark.nix 6 | ./themes/catppuccin_mocha.nix 7 | ]; 8 | 9 | programs.helix = { 10 | enable = true; 11 | defaultEditor = true; 12 | settings = { 13 | theme = "onedark"; 14 | editor = { 15 | auto-save = true; 16 | true-color = true; 17 | color-modes = true; 18 | cursorline = true; 19 | completion-replace = true; 20 | soft-wrap.enable = true; 21 | idle-timeout = 1; 22 | gutters = [ 23 | "diff" 24 | "diagnostics" 25 | "line-numbers" 26 | "spacer" 27 | ]; 28 | statusline = { 29 | left = [ 30 | "mode" 31 | "spinner" 32 | ]; 33 | center = [ "file-name" ]; 34 | right = [ 35 | "diagnostics" 36 | "selections" 37 | "position" 38 | "file-line-ending" 39 | "file-type" 40 | "version-control" 41 | ]; 42 | separator = "|"; 43 | mode = { 44 | normal = "NOR"; 45 | insert = "INS"; 46 | select = "SEL"; 47 | }; 48 | }; 49 | inline-diagnostics = { 50 | cursor-line = "hint"; 51 | other-lines = "error"; 52 | }; 53 | cursor-shape = { 54 | insert = "bar"; 55 | normal = "block"; 56 | select = "underline"; 57 | }; 58 | indent-guides = { 59 | render = true; 60 | rainbow = "dim"; 61 | character = "┆"; 62 | }; 63 | whitespace = { 64 | characters = { 65 | space = "·"; 66 | nbsp = "⍽"; 67 | tab = "→"; 68 | newline = "⏎"; 69 | tabpad = "·"; 70 | }; 71 | }; 72 | lsp = { 73 | display-messages = true; 74 | display-inlay-hints = true; 75 | }; 76 | }; 77 | }; 78 | }; 79 | } 80 | -------------------------------------------------------------------------------- /hosts/arashi/services/postgresql.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | networking.firewall.allowedTCPPorts = [ 5432 ]; 8 | services.postgresql = { 9 | enable = true; 10 | enableTCPIP = true; 11 | package = pkgs.postgresql_14; 12 | settings = { 13 | listen_addresses = lib.mkForce "*"; 14 | port = 5432; 15 | max_connections = "300"; 16 | shared_buffers = "80MB"; 17 | }; 18 | authentication = '' 19 | local all all trust 20 | host replication all 127.0.0.1/32 trust 21 | host all all all trust 22 | ''; 23 | ensureUsers = [ 24 | { 25 | name = "hedgedoc"; 26 | ensureDBOwnership = true; 27 | } 28 | { 29 | name = "forgejo"; 30 | ensureDBOwnership = true; 31 | } 32 | { 33 | name = "grafana"; 34 | ensureDBOwnership = true; 35 | } 36 | { 37 | name = "authelia"; 38 | ensureDBOwnership = true; 39 | } 40 | { 41 | name = "vaultwarden"; 42 | ensureDBOwnership = true; 43 | } 44 | { 45 | name = "attic"; 46 | ensureDBOwnership = true; 47 | } 48 | { 49 | name = "atuin"; 50 | ensureDBOwnership = true; 51 | } 52 | { 53 | name = "romm"; 54 | ensureDBOwnership = true; 55 | } 56 | { 57 | name = "pocketid"; 58 | ensureDBOwnership = true; 59 | } 60 | ]; 61 | ensureDatabases = [ 62 | "forgejo" 63 | "hedgedoc" 64 | "grafana" 65 | "authelia" 66 | "vaultwarden" 67 | "attic" 68 | "atuin" 69 | "romm" 70 | "pocketid" 71 | ]; 72 | }; 73 | services.postgresqlBackup = { 74 | enable = true; 75 | databases = [ 76 | "forgejo" 77 | "hedgedoc" 78 | "grafana" 79 | "authelia" 80 | "vaultwarden" 81 | "attic" 82 | "miniflux" 83 | "atuin" 84 | "romm" 85 | "pocketid" 86 | ]; 87 | compression = "zstd"; 88 | compressionLevel = 4; 89 | startAt = "*-*-* 23:00:00"; 90 | }; 91 | } 92 | -------------------------------------------------------------------------------- /home/programs/editors/nvchad/config.lua: -------------------------------------------------------------------------------- 1 | require("cord").setup({ 2 | text = { 3 | editing = function(opts) 4 | return string.format("Editing %s %s:%s", opts.filename, opts.cursor_line, opts.cursor_char) 5 | end, 6 | }, 7 | buttons = { 8 | { 9 | label = "View Repository", 10 | url = function(opts) 11 | return opts.repo_url 12 | end, 13 | }, 14 | }, 15 | }) 16 | require("conform").setup({ 17 | formatters_by_ft = { 18 | lua = { "stylua" }, 19 | nix = { "nixfmt" }, 20 | rust = { "rustfmt" }, 21 | }, 22 | format_on_save = { 23 | timeout_ms = 1000, 24 | lsp_fallback = true, 25 | }, 26 | }) 27 | require("trouble").setup({ 28 | { 29 | modes = { 30 | preview_float = { 31 | mode = "diagnostics", 32 | preview = { 33 | type = "float", 34 | relative = "editor", 35 | border = "rounded", 36 | title = "Preview", 37 | title_pos = "center", 38 | position = { 0, -2 }, 39 | size = { width = 0.3, height = 0.3 }, 40 | zindex = 200, 41 | }, 42 | }, 43 | }, 44 | }, 45 | }) 46 | 47 | require("nvchad.configs.lspconfig").defaults() 48 | 49 | local servers = { "nil_ls", "lua_ls", "rust_analyzer", "qmlls", "marksman" } 50 | 51 | vim.lsp.config("lua_ls", { 52 | cmd = { "lua-language-server" }, 53 | filetypes = { "lua" }, 54 | settings = { 55 | Lua = { 56 | workspace = { 57 | ignoreDir = { 58 | ".direnv", 59 | }, 60 | runtime = { 61 | version = "LuaJIT", 62 | }, 63 | }, 64 | }, 65 | }, 66 | }) 67 | 68 | vim.lsp.enable(servers) 69 | 70 | vim.api.nvim_create_autocmd("BufWritePre", { 71 | pattern = "*", 72 | callback = function(args) 73 | require("conform").format({ bufnr = args.buf }) 74 | end, 75 | }) 76 | 77 | local function open_nvim_tree(data) 78 | local directory = vim.fn.isdirectory(data.file) == 1 79 | 80 | if directory then 81 | vim.cmd.cd(data.file) 82 | require("nvim-tree.api").tree.open() 83 | return 84 | end 85 | 86 | require("nvim-tree.api").tree.open() 87 | end 88 | 89 | vim.api.nvim_create_autocmd({ "VimEnter" }, { callback = open_nvim_tree }) 90 | 91 | vim.diagnostic.config({ 92 | update_in_insert = true, 93 | }) 94 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/rules.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | wayland.windowManager.hyprland.settings = { 3 | windowrule = [ 4 | # float 5 | "float on, match:title ^(Volume Control)$" 6 | "float on, match:title ^(Picture in picture)" 7 | "float on, match:title ^(Friends List)" 8 | "float on, match:title ^(Cryptomator)" 9 | "float on, match:title ^(RuneLite)$" 10 | "float on, match:title ^(Lutris)$" 11 | "float on, match:title ^(satty)$" 12 | "float on, match:title ^(Postman)$" 13 | 14 | # idle_inhibit 15 | 16 | "idle_inhibit focus, match:class ^(mpv)$" 17 | "idle_inhibit always, match:class ^(firefox)$, match:title ^(.*YouTube.*|.*Twitch.*)$" 18 | "idle_inhibit always, match:class ^(com.obsproject.Studio)$" 19 | "idle_inhibit always, match:class ^(com.moonlight_stream.Moonlight)$" 20 | "idle_inhibit always, match:class ^(steam_app_)(.*)$" 21 | 22 | # immediate 23 | 24 | "immediate on, match:class ^(steam_app_)(.*)$" 25 | "immediate on, match:class ^(cs2)$" 26 | "immediate on, match:class ^(osu!)$" 27 | 28 | # misc 29 | 30 | "move 850 360, match:title ^(RuneLite)$" 31 | "size 1200 600, match:title ^(satty)$" 32 | "no_screen_share on, match:class ^(Signal)" 33 | 34 | # poe 35 | 36 | "tag +poe, match:class ^(steam_app_238960|steam_app_2694490) " 37 | "tag +apt, match:title ^(Awakened PoE Trade|Exiled Exchange 2)$" 38 | 39 | "fullscreen on, match:tag poe" 40 | "monitor DP-1, match:tag poe" 41 | 42 | "float on, match:tag apt" 43 | "no_blur on, match:tag apt" 44 | "no_anim on, match:tag apt" 45 | "no_shadow on, match:tag apt" 46 | "no_focus on, match:tag apt" 47 | "no_initial_focus on, match:tag apt" 48 | "center on, match:tag apt" 49 | "monitor DP-1, match:tag apt" 50 | "pin on, match:tag apt" 51 | "render_unfocused on, match:tag apt" 52 | "size 100% 100%, match:tag apt" 53 | ]; 54 | layerrule = [ 55 | "blur on, match:namespace ^(gtk-layer-shell)$" 56 | "blur off, match:namespace ^(wayscriber|selection|satty)$" 57 | ]; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /hosts/sora/services/quakelive.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | networking.firewall.allowedUDPPorts = [ 27960 ]; 4 | services.redis = { 5 | package = pkgs.valkey; 6 | servers = { 7 | minqlx = { 8 | enable = true; 9 | openFirewall = true; 10 | port = 6379; 11 | bind = "100.104.42.96"; 12 | databases = 1; 13 | logLevel = "debug"; 14 | requirePass = "minqlx"; 15 | settings = { 16 | protected-mode = "no"; 17 | }; 18 | }; 19 | }; 20 | }; 21 | virtualisation.oci-containers.containers.quakelive = { 22 | image = "jamesla/quakelive:latest"; 23 | ports = [ "27960:27960/udp" ]; 24 | environment = { 25 | ACCESS = '' 26 | 76561198058253495|admin 27 | ''; 28 | SERVER_CFG = '' 29 | set serverstartup "startrandommap" 30 | set sv_maxClients "12" 31 | set g_password "forsen" 32 | set g_floodprot_maxcount "10" 33 | set g_floodprot_decay "1000" 34 | set g_itemTimers "0" 35 | set sv_hostname "quake gooners" 36 | set sv_tags "Dedicated, private, glhf, forsen" 37 | set sv_floodprotect "10" 38 | set sv_idleExit "120" 39 | set qlx_owner "76561198058253495" 40 | set qlx_redisAddress "100.104.42.96" 41 | set qlx_database "Redis" 42 | set qlx_redisPassword "minqlx" 43 | set qlx_setmotd "forsen" 44 | set qlx_plugins "balance, plugin_manager, essentials, motd, permission, ban, silence, clan, log, fun, names" 45 | set com_hunkMegs "90" 46 | ''; 47 | MAP_POOL = '' 48 | campgrounds|duel 49 | campgrounds|ffa 50 | battleforged|duel 51 | battleforged|ffa 52 | aerowalk|duel 53 | aerowalk|ffa 54 | toxicity|duel 55 | toxicity|ffa 56 | sinister|duel 57 | sinister|ffa 58 | hektik|duel 59 | elder|duel 60 | elder|ffa 61 | cure|duel 62 | cure|ffa 63 | bloodrun|duel 64 | bloodrun|ffa 65 | houseofdecay|duel 66 | houseofdecay|ffa 67 | lostworld|duel 68 | lostworld|ffa 69 | furiousheights|duel 70 | furiousheights|ffa 71 | ''; 72 | }; 73 | }; 74 | } 75 | -------------------------------------------------------------------------------- /secrets/restic/secrets.yaml: -------------------------------------------------------------------------------- 1 | restic-tsuki: ENC[AES256_GCM,data:MPCPYbFm4SR8CJvEjmmt+vPSJu3w4SUlXRRkijW01po=,iv:FClVeZGKlPD8MXqQm2zj2cTBJGLJSv3ZlmdQEocJG5Q=,tag:YQzuhQAKAd/9GXihKOSQQw==,type:str] 2 | restic-sakura: ENC[AES256_GCM,data:KCv4kj0G8eUIo7vhe8TUmuL0m35J9NnxKcBiJh0VC6Q=,iv:C8XgTJfjvAM4bV1SMgmx8QWzhKln9nV4nYZUkopuz4w=,tag:zBREioxOV8U9ujeBAuHV9Q==,type:str] 3 | restic-sora: ENC[AES256_GCM,data:frxiGhrodKFn9gfHYCz0AUDik5hdjGW3McJNFerMFWU=,iv:Gek/eBEqFB9llsUveSgSHiz5YQsFPfepMuWMFspiwb4=,tag:XrLAAEtgjr/UH3JTvFOV8Q==,type:str] 4 | restic-yuki: ENC[AES256_GCM,data:fvGrVXKQ5cLXVfgb1nCWhxV9yuRG6FdyE2WvB1rlOyA=,iv:CQ1LkIthrh9iPg4dJJr4fKceMc0/w25rlRzo0So+5GU=,tag:/LrWhz/dtGoVOPnpXrV2yw==,type:str] 5 | restic-arashi: ENC[AES256_GCM,data:L2GuxUCfbUlWg9un3h6cSp9UAtA5auYiQiIIS0TvWRE=,iv:XJZBGrNurnLDmZyQaePaRUu6ahjqgwUap/vP9bPKHmE=,tag:Dk2Ior6IDt9HbM2IRwKe+A==,type:str] 6 | restic-kariru: ENC[AES256_GCM,data:ghG6DnPdt6j1A6qZdmcaG5HGDGSHiAU7CJAiA7GLoAU=,iv:+6/vu7lPYPbVndSlrv9yLlOTGM9dzP+7lkIqBodQMWw=,tag:70yx7peJSmE6H8rtrloiaw==,type:str] 7 | restic-ame: ENC[AES256_GCM,data:NO91+uNkkmBaQNFoeLeytYQPb+Sm0l9eg2tseGveQN0=,iv:QdIB7QLq1CGfIn+BwP/RR2m4Zc0PwDT+ourCROk2KdM=,tag:8I0oH/9/4HTd8vxS4+105Q==,type:str] 8 | restic-osu: ENC[AES256_GCM,data:0bb72Wq0FyFgClYzPo9O5IfZ9/7oWl3QDONU8yijs1Q=,iv:1X2IgwLyMETlkLKTWA/cGofplH4YRgc+PhXbIMP7gTY=,tag:wov3PolwQN3ZMGXuLLheNA==,type:str] 9 | sops: 10 | kms: [] 11 | gcp_kms: [] 12 | azure_kv: [] 13 | hc_vault: [] 14 | age: 15 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 16 | enc: | 17 | -----BEGIN AGE ENCRYPTED FILE----- 18 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuTDQ5R1Z1eTZtSnJvNjJN 19 | NjF3R2JGZTIvU1Y5N1cwWEg4UFl3ZkF3N1NJCkZzT0dQcGFyVWhlWkU1anhwSHcy 20 | dGJTaWh6QUduS1ZvT2I4UmlSVWdUQVkKLS0tIDRkakMxd0hveHRqaG43SUZtNEw3 21 | NmQ4UythUU03bWMvRmZMaVJGM1FkMU0Km33/zUXSLWuEQqxIFklI0JToLXARlV3m 22 | EB18XYH+m/9VoYy2sN5dMoUdSflPqjGgxAPxuX5TU+F7MAsVkpdOVg== 23 | -----END AGE ENCRYPTED FILE----- 24 | lastmodified: "2024-02-03T15:30:07Z" 25 | mac: ENC[AES256_GCM,data:enaMzp3+xNgyZkOHq2wtvgEFU60TYt76667AyA+Fznyt8hnErbIr1g9KzAGBvaxSixPrCTN0GVRWsSGu3RNXjJxyQWdR9QBqGbCQ5PAAMz1U39f9OM/xfNDkwoJdZcHW3HOZkCf7bgORrhkOk+f9nhbeAnKMAexAVpHtgTyZVsQ=,iv:JS27uYA5IPbVyP8TO2SYyUj2Z6NTXC4On/REJHvthc0=,tag:EFO+GYlAgaztg+HBEvCXyA==,type:str] 26 | pgp: [] 27 | unencrypted_suffix: _unencrypted 28 | version: 3.8.1 29 | -------------------------------------------------------------------------------- /home/README.md: -------------------------------------------------------------------------------- 1 | # :house_with_garden: home 2 | 3 | the home of my dotfiles. configured in, and managed by home-manager. 4 | 5 | | name | description | 6 | | ---------------- | -------------------------------------------------------------------------- | 7 | | `ags` | aylurs gtk shell | 8 | | `anyrun` | wayland native application launcher | 9 | | `cava` | terminal audio visualizer | 10 | | `direnv` | a shell extension, that loads environment variables in certain directories | 11 | | `editors` | houses my main editors, helix and nvim | 12 | | `default` | used for commonly shared modules, for multiple home-manager configs | 13 | | `git` | version control system | 14 | | `gtk` | themes | 15 | | `helix` | modal text editor | 16 | | `ironbar` | wayland specific bar, written in Rust | 17 | | `lazygit` | terminal based git command system | 18 | | `mako` | a lightweight wayland notification daemon | 19 | | `neofetch` | fetch program | 20 | | `nushell` | my shell of choice | 21 | | `spotify-player` | terminal music player for spotify | 22 | | `starship` | shell prompt | 23 | | `wayland` | has my hyprland config, along with session variables for wayland | 24 | | `wezterm` | my terminal of choice | 25 | | `yazi` | terminal file manager | 26 | | `zathura` | pdf viewer | 27 | | `zellij` | terminal multiplexer | 28 | | `zoxide` | a smarter cd command | 29 | -------------------------------------------------------------------------------- /modules/topology.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | self, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.nix-topology.flakeModule 9 | ]; 10 | perSystem = _: { 11 | topology.modules = [ 12 | { inherit (self) nixosConfigurations; } 13 | ( 14 | { config, ... }: 15 | let 16 | inherit (config.lib.topology) 17 | mkConnection 18 | mkInternet 19 | mkRouter 20 | ; 21 | in 22 | { 23 | networks = { 24 | home = { 25 | name = "home"; 26 | cidrv4 = "192.168.0.0/24"; 27 | }; 28 | tailscale0 = { 29 | name = "tailscale"; 30 | cidrv4 = "100.0.0.0/32"; 31 | }; 32 | hetzner = { 33 | name = "hetzner"; 34 | cidrv4 = "5.161.102.107/24"; 35 | }; 36 | }; 37 | 38 | nodes = { 39 | internet = mkInternet { 40 | connections = [ 41 | (mkConnection "hetzner" "wan0") 42 | (mkConnection "router" "lan0") 43 | ]; 44 | }; 45 | router = mkRouter "UDM-SE" { 46 | info = "UDM-SE"; 47 | interfaceGroups = [ 48 | [ 49 | "eth0" 50 | "eth1" 51 | "eth2" 52 | "eth4" 53 | "eth5" 54 | "eth6" 55 | "eth7" 56 | ] 57 | [ "lan0" ] 58 | ]; 59 | connections = { 60 | eth0 = mkConnection "ame" "home"; 61 | eth1 = mkConnection "arashi" "home"; 62 | eth2 = mkConnection "haru" "home"; 63 | eth3 = mkConnection "kariru" "home"; 64 | eth4 = mkConnection "sakura" "home"; 65 | eth5 = mkConnection "tsuki" "home"; 66 | eth6 = mkConnection "tsuru" "home"; 67 | eth7 = mkConnection "yuki" "home"; 68 | }; 69 | }; 70 | hetzner = mkRouter "Hetzner" { 71 | info = "hetzner edge router"; 72 | interfaceGroups = [ 73 | [ 74 | "eth0" 75 | "eth1" 76 | ] 77 | [ "wan0" ] 78 | ]; 79 | connections = { 80 | eth0 = mkConnection "sora" "eth0"; 81 | }; 82 | }; 83 | }; 84 | } 85 | ) 86 | ]; 87 | }; 88 | } 89 | -------------------------------------------------------------------------------- /hosts/sakura/services/grafana.nix: -------------------------------------------------------------------------------- 1 | _: 2 | let 3 | prometheusPort = "9090"; 4 | dbLogin = "grafana"; 5 | in 6 | { 7 | services.grafana = { 8 | enable = true; 9 | settings = { 10 | "auth.anonymous".enabled = true; 11 | "auth.basic".enabled = false; 12 | server = { 13 | root_url = "https://metrics.flake.sh"; 14 | domain = "metrics.flake.sh"; 15 | enforce_domain = true; 16 | http_addr = "0.0.0.0"; 17 | http_port = 3100; 18 | }; 19 | users = { 20 | allow_signup = false; 21 | }; 22 | database = { 23 | type = "postgres"; 24 | host = "192.168.1.211:5432"; 25 | name = dbLogin; 26 | user = dbLogin; 27 | ssl_mode = "disable"; 28 | }; 29 | panels = { 30 | disable_sanitize_html = true; 31 | enable_alpha = true; 32 | }; 33 | }; 34 | provision = { 35 | datasources.settings = { 36 | datasources = [ 37 | { 38 | name = "Prometheus"; 39 | type = "prometheus"; 40 | url = "http://localhost:${prometheusPort}"; 41 | orgId = 1; 42 | } 43 | { 44 | name = "Prometheus-kariru"; 45 | type = "prometheus"; 46 | url = "http://100.126.229.95:${prometheusPort}"; 47 | orgId = 1; 48 | } 49 | { 50 | name = "Prometheus-yuki"; 51 | type = "prometheus"; 52 | url = "http://100.108.113.89:${prometheusPort}"; 53 | orgId = 1; 54 | } 55 | { 56 | name = "Prometheus-arashi"; 57 | type = "prometheus"; 58 | url = "http://100.94.214.100:${prometheusPort}"; 59 | orgId = 1; 60 | } 61 | { 62 | name = "Prometheus-sora"; 63 | type = "prometheus"; 64 | url = "http://100.104.42.96:${prometheusPort}"; 65 | orgId = 1; 66 | } 67 | { 68 | name = "Prometheus-tsuru"; 69 | type = "prometheus"; 70 | url = "http://100.82.146.40:${prometheusPort}"; 71 | orgId = 1; 72 | } 73 | { 74 | name = "Prometheus-haru"; 75 | type = "prometheus"; 76 | url = "http://100.73.192.45:${prometheusPort}"; 77 | orgId = 1; 78 | jsonData = { 79 | graphiteVersion = "1.1"; 80 | tlsAuth = false; 81 | tlsAuthWithCACert = false; 82 | }; 83 | } 84 | ]; 85 | }; 86 | }; 87 | }; 88 | } 89 | -------------------------------------------------------------------------------- /home/programs/terminal/starship.nix: -------------------------------------------------------------------------------- 1 | { 2 | config, 3 | lib, 4 | ... 5 | }: 6 | { 7 | home.sessionVariables.STARSHIP_CACHE = "${config.xdg.cacheHome}/starship"; 8 | 9 | programs.starship = { 10 | enable = true; 11 | enableNushellIntegration = true; 12 | settings = { 13 | command_timeout = 2000; 14 | add_newline = false; 15 | format = lib.concatStrings [ 16 | "$character" 17 | "$hostname" 18 | "$directory" 19 | "$git_branch" 20 | "$git_status" 21 | "$rust" 22 | "$golang" 23 | ]; 24 | right_format = lib.concatStrings [ 25 | "$direnv" 26 | "$nix_shell" 27 | ]; 28 | character = { 29 | error_symbol = "[](bold red)"; 30 | success_symbol = "[](bold white)"; 31 | }; 32 | username = { 33 | show_always = false; 34 | format = "[$user]($style)"; 35 | style_user = "red"; 36 | }; 37 | hostname = { 38 | ssh_symbol = "🌐"; 39 | format = "[$hostname $ssh_symbol]($style)"; 40 | ssh_only = true; 41 | disabled = false; 42 | }; 43 | directory = { 44 | format = "[$path ]($style)"; 45 | truncation_length = 3; 46 | truncation_symbol = "…/"; 47 | read_only = "🔒"; 48 | style = "red"; 49 | home_symbol = ""; 50 | }; 51 | directory.substitutions = { 52 | "Documents" = " "; 53 | "Downloads" = " "; 54 | "Music" = " "; 55 | "Pictures" = " "; 56 | }; 57 | nix_shell = { 58 | disabled = false; 59 | impure_msg = "[impure shell](bold red)"; 60 | pure_msg = "[pure shell](bold green)"; 61 | unknown_msg = "[unknown shell](bold yellow)"; 62 | format = "[$state( \($name\))](bold white)"; 63 | }; 64 | direnv = { 65 | disabled = false; 66 | detect_files = [ ".envrc" ]; 67 | style = "bold turquoise"; 68 | }; 69 | git_branch = { 70 | symbol = ""; 71 | format = "[$symbol $branch ]($style)"; 72 | style = "turquoise"; 73 | }; 74 | git_status = { 75 | format = "[$all_status$ahead_behind ]($style)"; 76 | style = "red"; 77 | }; 78 | golang = { 79 | symbol = ""; 80 | format = "[$symbol ($version) ]($style)"; 81 | style = "teal"; 82 | }; 83 | rust = { 84 | symbol = ""; 85 | format = "[$symbol ($version) ]($style)"; 86 | style = "orange"; 87 | }; 88 | time = { 89 | disabled = false; 90 | time_format = "%R"; 91 | format = "[ $time ]($style)"; 92 | style = "red"; 93 | }; 94 | }; 95 | }; 96 | } 97 | -------------------------------------------------------------------------------- /hosts/tsuki/hardware.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | config, 4 | lib, 5 | modulesPath, 6 | ... 7 | }: 8 | { 9 | imports = [ 10 | (modulesPath + "/installer/scan/not-detected.nix") 11 | ]; 12 | 13 | boot = { 14 | kernelPackages = lib.mkForce pkgs.linuxPackages_xanmod_latest; 15 | kernelModules = [ "kvm-amd" ]; 16 | consoleLogLevel = 3; 17 | kernelParams = [ 18 | "quiet" 19 | "splash" 20 | "preempt=full" 21 | "threadirqs" 22 | "mitigations=off" 23 | "boot.shell_on_fail" 24 | "loglevel=3" 25 | "rd.systemd.show_status=false" 26 | "rd.udev.log_level=3" 27 | "udev.log_priority=3" 28 | ]; 29 | extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ]; 30 | loader = { 31 | systemd-boot = { 32 | enable = true; 33 | configurationLimit = 10; 34 | }; 35 | efi = { 36 | canTouchEfiVariables = true; 37 | efiSysMountPoint = "/boot/efi"; 38 | }; 39 | }; 40 | initrd = { 41 | verbose = false; 42 | availableKernelModules = [ 43 | "xhci_pci" 44 | "ahci" 45 | "nvme" 46 | "usb_storage" 47 | "usbhid" 48 | "sd_mod" 49 | ]; 50 | kernelModules = [ ]; 51 | }; 52 | plymouth = { 53 | enable = true; 54 | theme = "liquid"; 55 | themePackages = with pkgs; [ 56 | (adi1090x-plymouth-themes.override { 57 | selected_themes = [ "liquid" ]; 58 | }) 59 | ]; 60 | extraConfig = '' 61 | DeviceScale=0 62 | ShowDelay=0 63 | ''; 64 | }; 65 | }; 66 | hardware = { 67 | wooting.enable = true; 68 | cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 69 | amdgpu.overdrive.enable = true; 70 | }; 71 | 72 | fileSystems = { 73 | "/" = { 74 | device = "/dev/disk/by-uuid/a423d32f-ac5d-4ea2-82fb-f94b05afce29"; 75 | fsType = "ext4"; 76 | }; 77 | "/boot/efi" = { 78 | device = "/dev/disk/by-uuid/FEAF-138A"; 79 | fsType = "vfat"; 80 | }; 81 | "/nas/restic" = { 82 | device = "192.168.1.199:/mnt/Sutoreji/nix-restic-data/tsuki"; 83 | fsType = "nfs"; 84 | }; 85 | "/nas/osu-backups" = { 86 | device = "192.168.1.199:/mnt/Sutoreji/osu-backups"; 87 | fsType = "nfs"; 88 | }; 89 | }; 90 | 91 | zramSwap = { 92 | enable = true; 93 | swapDevices = 1; 94 | algorithm = "zstd"; 95 | }; 96 | 97 | networking.useDHCP = lib.mkDefault true; 98 | 99 | nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 100 | powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; 101 | } 102 | -------------------------------------------------------------------------------- /hosts/common/security.nix: -------------------------------------------------------------------------------- 1 | # security tweaks borrowed from @hlissner 2 | { 3 | boot.kernel.sysctl = { 4 | # The Magic SysRq key is a key combo that allows users connected to the 5 | # system console of a Linux kernel to perform some low-level commands. 6 | # Disable it, since we don't need it, and is a potential security concern. 7 | "kernel.sysrq" = 0; 8 | 9 | ## TCP hardening 10 | # Prevent bogus ICMP errors from filling up logs. 11 | "net.ipv4.icmp_ignore_bogus_error_responses" = 1; 12 | # Reverse path filtering causes the kernel to do source validation of 13 | # packets received from all interfaces. This can mitigate IP spoofing. 14 | "net.ipv4.conf.default.rp_filter" = 1; 15 | "net.ipv4.conf.all.rp_filter" = 1; 16 | # Do not accept IP source route packets (we're not a router) 17 | "net.ipv4.conf.all.accept_source_route" = 0; 18 | "net.ipv6.conf.all.accept_source_route" = 0; 19 | # Don't send ICMP redirects (again, we're on a router) 20 | "net.ipv4.conf.all.send_redirects" = 0; 21 | "net.ipv4.conf.default.send_redirects" = 0; 22 | # Refuse ICMP redirects (MITM mitigations) 23 | "net.ipv4.conf.all.accept_redirects" = 0; 24 | "net.ipv4.conf.default.accept_redirects" = 0; 25 | "net.ipv4.conf.all.secure_redirects" = 0; 26 | "net.ipv4.conf.default.secure_redirects" = 0; 27 | "net.ipv6.conf.all.accept_redirects" = 0; 28 | "net.ipv6.conf.default.accept_redirects" = 0; 29 | # Protects against SYN flood attacks 30 | "net.ipv4.tcp_syncookies" = 1; 31 | # Incomplete protection again TIME-WAIT assassination 32 | "net.ipv4.tcp_rfc1337" = 1; 33 | 34 | ## TCP optimization 35 | # TCP Fast Open is a TCP extension that reduces network latency by packing 36 | # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for 37 | # both incoming and outgoing connections: 38 | "net.ipv4.tcp_fastopen" = 3; 39 | # Bufferbloat mitigations + slight improvement in throughput & latency 40 | "net.ipv4.tcp_congestion_control" = "bbr"; 41 | "net.core.default_qdisc" = "cake"; 42 | }; 43 | 44 | boot.kernelModules = [ "tcp_bbr" ]; 45 | 46 | security.acme = { 47 | acceptTerms = true; 48 | defaults.email = "github@notohh.dev"; 49 | }; 50 | 51 | services = { 52 | openssh.settings.LogLevel = "VERBOSE"; 53 | fail2ban = { 54 | enable = true; 55 | bantime = "1h"; 56 | maxretry = 1; 57 | ignoreIP = [ 58 | "192.168.0.0/16" 59 | "172.16.0.0/12" 60 | "10.0.0.0/8" 61 | "5.161.102.107/32" 62 | "100.71.49.65/10" 63 | "100.82.146.40/10" 64 | ]; 65 | jails = { 66 | DEFAULT = { 67 | settings = { 68 | findtime = 100000; 69 | mode = "aggressive"; 70 | }; 71 | }; 72 | }; 73 | }; 74 | }; 75 | } 76 | -------------------------------------------------------------------------------- /hosts/common/nix.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | config, 4 | ... 5 | }: 6 | { 7 | sops.secrets.github-token = { }; 8 | nixpkgs = { 9 | overlays = [ 10 | inputs.self.overlays.gale 11 | inputs.self.overlays.default 12 | inputs.nur.overlays.default 13 | inputs.helix.overlays.default 14 | inputs.copyparty.overlays.default 15 | inputs.millennium.overlays.default 16 | ]; 17 | config = { 18 | allowUnfree = true; 19 | permittedInsecurePackages = [ 20 | "qtwebengine-5.15.19" 21 | ]; 22 | }; 23 | }; 24 | 25 | nix = { 26 | channel.enable = true; 27 | settings = { 28 | extra-experimental-features = [ 29 | "flakes" 30 | "nix-command" 31 | ]; 32 | warn-dirty = false; 33 | auto-optimise-store = true; 34 | builders-use-substitutes = true; 35 | download-buffer-size = 536870912; 36 | keep-outputs = true; 37 | keep-derivations = true; 38 | allowed-users = [ "@wheel" ]; 39 | trusted-users = [ 40 | "root" 41 | "@wheel" 42 | ]; 43 | substituters = [ 44 | "https://cache.nixos.org?priority=10" 45 | "https://cache.flake.sh/kyasshu" 46 | "https://hyprland.cachix.org" 47 | "https://nix-gaming.cachix.org" 48 | "https://anyrun.cachix.org" 49 | "https://viperml.cachix.org" 50 | "https://nix-community.cachix.org" 51 | "https://prismlauncher.cachix.org" 52 | "https://yazi.cachix.org" 53 | "https://helix.cachix.org" 54 | "https://walker-git.cachix.org" 55 | ]; 56 | trusted-public-keys = [ 57 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 58 | "kyasshu:g1heIgCgG7M4San6nRsz/omcVQ1GTc7+zKKm3L9Co7o=" 59 | "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" 60 | "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" 61 | "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" 62 | "viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8=" 63 | "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" 64 | "prismlauncher.cachix.org-1:9/n/FGyABA2jLUVfY+DEp4hKds/rwO+SCOtbOkDzd+c=" 65 | "yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k=" 66 | "helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs=" 67 | "walker-git.cachix.org-1:vmC0ocfPWh0S/vRAQGtChuiZBTAe4wiKDeyyXM0/7pM=" 68 | ]; 69 | }; 70 | extraOptions = '' 71 | !include ${config.sops.secrets.github-token.path} 72 | ''; 73 | }; 74 | 75 | programs.nh = { 76 | enable = true; 77 | flake = "/home/notoh/snowflake"; 78 | clean = { 79 | enable = true; 80 | dates = "weekly"; 81 | extraArgs = "--keep-since 3d --keep 5"; 82 | }; 83 | }; 84 | } 85 | -------------------------------------------------------------------------------- /home/wayland/hyprland/config/general.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | { 3 | wayland.windowManager.hyprland = { 4 | settings = { 5 | monitor = [ 6 | "HDMI-A-1,1920x1080@60, 3640x560, auto, transform, 3" # right 7 | "DP-3,1920x1080@60, 0x560, auto, transform, 1" # left 8 | "DP-2,1920x1080@144, 1400x0, auto" # top 9 | "DP-1,2560x1440@144, 1080x1080, auto" # middle 10 | ]; 11 | exec-once = [ 12 | "hyprpaper" 13 | "chatterino" 14 | "DiscordCanary" 15 | "dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP" 16 | "music-discord-rpc" 17 | "jellyfin-rpc" 18 | "${pkgs.hyprpolkitagent}/libexec/hyprpolkitagent" 19 | ]; 20 | input = { 21 | kb_layout = "us"; 22 | follow_mouse = 1; 23 | sensitivity = "-0.5"; 24 | force_no_accel = true; 25 | }; 26 | general = { 27 | gaps_in = 10; 28 | gaps_out = 15; 29 | border_size = 0; 30 | "col.active_border" = "rgb(7dcfff) rgb(c0caf5)"; 31 | "col.inactive_border" = "rgb(24283b)"; 32 | 33 | layout = "dwindle"; 34 | allow_tearing = true; 35 | }; 36 | decoration = { 37 | rounding = 10; 38 | blur = { 39 | enabled = true; 40 | size = 6; 41 | passes = 3; 42 | new_optimizations = true; 43 | }; 44 | shadow = { 45 | enabled = true; 46 | range = 60; 47 | offset = "0 5"; 48 | render_power = 4; 49 | color = "rgba(00000099)"; 50 | }; 51 | inactive_opacity = 1.0; 52 | active_opacity = 1.0; 53 | fullscreen_opacity = 1.0; 54 | }; 55 | animations = { 56 | enabled = true; 57 | bezier = [ 58 | "fastBezier, 0.05, 1.1, 0.2, 1.0" 59 | "linear, 0.0, 0.0, 1.0, 1.0" 60 | "liner, 1, 1, 1, 1" 61 | ]; 62 | animation = [ 63 | "windows, 1, 7, fastBezier, slide" 64 | "windowsOut, 1, 7, fastBezier, slide" 65 | "border, 1, 10, fastBezier" 66 | "fade, 1, 7, fastBezier" 67 | "workspaces, 1, 6, fastBezier" 68 | "border, 1, 1, liner" 69 | "borderangle, 1, 40, liner, loop" 70 | "borderangle, 1, 100, linear, loop" 71 | ]; 72 | }; 73 | dwindle = { 74 | pseudotile = true; 75 | preserve_split = true; 76 | }; 77 | master = { 78 | new_status = "master"; 79 | }; 80 | render = { 81 | direct_scanout = 0; 82 | }; 83 | misc = { 84 | disable_hyprland_logo = true; 85 | mouse_move_enables_dpms = true; 86 | key_press_enables_dpms = false; 87 | }; 88 | ecosystem = { 89 | no_update_news = true; 90 | no_donation_nag = true; 91 | }; 92 | debug = { 93 | disable_logs = false; 94 | }; 95 | }; 96 | }; 97 | } 98 | -------------------------------------------------------------------------------- /hosts/deploy.nix: -------------------------------------------------------------------------------- 1 | { inputs, ... }: 2 | { 3 | flake.deploy = { 4 | nodes = with inputs.deploy-rs.lib.x86_64-linux; { 5 | sakura = { 6 | hostname = "100.121.201.47"; 7 | profiles.system = { 8 | user = "root"; 9 | path = activate.nixos inputs.self.nixosConfigurations.sakura; 10 | }; 11 | sshUser = "root"; 12 | sshOpts = [ 13 | "-t" 14 | "-i" 15 | "~/.ssh/forgejo" 16 | ]; 17 | magicRollback = true; 18 | }; 19 | kariru = { 20 | hostname = "100.126.229.95"; 21 | profiles.system = { 22 | user = "root"; 23 | path = activate.nixos inputs.self.nixosConfigurations.kariru; 24 | }; 25 | sshUser = "root"; 26 | sshOpts = [ 27 | "-t" 28 | "-i" 29 | "~/.ssh/forgejo" 30 | ]; 31 | magicRollback = true; 32 | }; 33 | yuki = { 34 | hostname = "100.108.113.89"; 35 | profiles.system = { 36 | user = "root"; 37 | path = activate.nixos inputs.self.nixosConfigurations.yuki; 38 | }; 39 | sshUser = "root"; 40 | sshOpts = [ 41 | "-t" 42 | "-i" 43 | "~/.ssh/forgejo" 44 | ]; 45 | magicRollback = true; 46 | }; 47 | arashi = { 48 | hostname = "100.94.214.100"; 49 | profiles.system = { 50 | user = "root"; 51 | path = activate.nixos inputs.self.nixosConfigurations.arashi; 52 | }; 53 | sshUser = "root"; 54 | sshOpts = [ 55 | "-t" 56 | "-i" 57 | "~/.ssh/forgejo" 58 | ]; 59 | magicRollback = true; 60 | }; 61 | sora = { 62 | hostname = "100.104.42.96"; 63 | profiles.system = { 64 | user = "root"; 65 | path = activate.nixos inputs.self.nixosConfigurations.sora; 66 | }; 67 | sshUser = "root"; 68 | sshOpts = [ 69 | "-t" 70 | "-i" 71 | "~/.ssh/forgejo" 72 | ]; 73 | magicRollback = true; 74 | }; 75 | tsuru = { 76 | hostname = "100.82.146.40"; 77 | profiles.system = { 78 | user = "root"; 79 | path = activate.nixos inputs.self.nixosConfigurations.tsuru; 80 | }; 81 | sshUser = "root"; 82 | sshOpts = [ 83 | "-t" 84 | "-i" 85 | "~/.ssh/forgejo" 86 | ]; 87 | magicRollback = true; 88 | }; 89 | haru = { 90 | hostname = "100.73.192.45"; 91 | profiles.system = { 92 | user = "root"; 93 | path = activate.nixos inputs.self.nixosConfigurations.haru; 94 | }; 95 | sshUser = "root"; 96 | sshOpts = [ 97 | "-t" 98 | "-i" 99 | "~/.ssh/forgejo" 100 | ]; 101 | magicRollback = true; 102 | }; 103 | }; 104 | }; 105 | } 106 | -------------------------------------------------------------------------------- /hosts/tsuki/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | inputs.hyprland.nixosModules.default 9 | ./hardware.nix 10 | ./services 11 | ./networking.nix 12 | ./gaming.nix 13 | ./topology.nix 14 | ../common 15 | ../common/fonts.nix 16 | ../../home/wayland 17 | ]; 18 | 19 | virtualisation = { 20 | libvirtd.enable = true; 21 | }; 22 | services = { 23 | pulseaudio.enable = false; 24 | lact.enable = true; 25 | pcscd.enable = true; 26 | scx = { 27 | enable = true; 28 | package = pkgs.scx.rustscheds; 29 | scheduler = "scx_lavd"; 30 | }; 31 | flatpak = { 32 | enable = true; 33 | packages = [ 34 | "io.github.Soundux" 35 | "com.github.tchx84.Flatseal" 36 | "org.vinegarhq.Sober" 37 | "dev.goats.xivlauncher" 38 | ]; 39 | }; 40 | avahi = { 41 | enable = true; 42 | nssmdns4 = true; 43 | publish = { 44 | enable = true; 45 | userServices = true; 46 | domain = true; 47 | }; 48 | }; 49 | pipewire = { 50 | enable = true; 51 | alsa.enable = true; 52 | alsa.support32Bit = true; 53 | pulse.enable = true; 54 | wireplumber.enable = true; 55 | }; 56 | xserver = { 57 | enable = true; 58 | videoDrivers = [ "amdgpu" ]; 59 | xkb = { 60 | layout = "us"; 61 | variant = ""; 62 | }; 63 | }; 64 | }; 65 | security = { 66 | rtkit.enable = true; 67 | polkit.enable = true; 68 | pam = { 69 | services.hyprlock = { }; 70 | }; 71 | }; 72 | programs = { 73 | dconf.enable = true; 74 | corectrl.enable = true; 75 | nix-ld = { 76 | # for zed patching 77 | enable = true; 78 | libraries = with pkgs; [ 79 | zlib 80 | openssl 81 | ]; 82 | }; 83 | hyprland = { 84 | enable = true; 85 | withUWSM = false; 86 | package = inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.hyprland; 87 | portalPackage = 88 | inputs.hyprland.packages.${pkgs.stdenv.hostPlatform.system}.xdg-desktop-portal-hyprland; 89 | }; 90 | appimage = { 91 | enable = true; 92 | binfmt = true; 93 | }; 94 | obs-studio = { 95 | enable = true; 96 | enableVirtualCamera = true; 97 | plugins = with pkgs.obs-studio-plugins; [ 98 | obs-pipewire-audio-capture 99 | obs-vaapi 100 | obs-vkcapture 101 | ]; 102 | }; 103 | }; 104 | hardware = { 105 | graphics = { 106 | enable = true; 107 | enable32Bit = true; 108 | }; 109 | opentabletdriver = { 110 | enable = true; 111 | daemon.enable = true; 112 | }; 113 | }; 114 | environment.systemPackages = with pkgs; [ 115 | nil 116 | libvirt 117 | qemu_kvm 118 | zulu 119 | ]; 120 | system = { 121 | autoUpgrade.enable = false; 122 | stateVersion = "23.05"; 123 | }; 124 | } 125 | -------------------------------------------------------------------------------- /home/profiles/ame/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | ../../services 9 | ../../programs/ghostty.nix 10 | ../../programs/terminal/zellij 11 | ../../programs/media/spicetify.nix 12 | ../../programs/media/mpv.nix 13 | ../../programs/media/easyeffects.nix 14 | ]; 15 | 16 | home.packages = with pkgs; [ 17 | (discord-canary.override { 18 | withOpenASAR = true; 19 | withVencord = true; 20 | }) 21 | pwvucontrol 22 | wayland 23 | glib 24 | anki-bin 25 | tutanota-desktop 26 | moonlight-qt 27 | signal-desktop 28 | bolt-launcher 29 | inputs.zen.packages.${pkgs.stdenv.hostPlatform.system}.default 30 | inputs.technorino.packages.${pkgs.stdenv.hostPlatform.system}.package 31 | ]; 32 | programs.ssh = { 33 | enable = true; 34 | enableDefaultConfig = false; 35 | matchBlocks."*" = { 36 | forwardAgent = false; 37 | addKeysToAgent = "no"; 38 | compression = false; 39 | serverAliveInterval = 0; 40 | serverAliveCountMax = 3; 41 | hashKnownHosts = false; 42 | userKnownHostsFile = "~/.ssh/known_hosts"; 43 | controlMaster = "no"; 44 | controlPath = "~/.ssh/master-%r@%n:%p"; 45 | controlPersist = "no"; 46 | }; 47 | extraConfig = '' 48 | Host sakura 49 | Hostname 100.121.201.47 50 | User notoh 51 | IdentityFile ~/.ssh/sakura 52 | Host kariru 53 | Hostname 100.126.229.95 54 | User notoh 55 | IdentityFile ~/.ssh/kariru 56 | Host yuki 57 | Hostname 100.108.113.89 58 | User notoh 59 | IdentityFile ~/.ssh/yuki 60 | Host arashi 61 | Hostname 100.94.214.100 62 | User notoh 63 | IdentityFile ~/.ssh/arashi 64 | Host sora 65 | Hostname 100.104.42.96 66 | User notoh 67 | IdentityFile ~/.ssh/sora 68 | Host daphbot 69 | Hostname 100.109.118.139 70 | User root 71 | IdentityFile ~/.ssh/daphbot 72 | Host tsuru 73 | Hostname 100.82.146.40 74 | User notoh 75 | IdentityFile ~/.ssh/tsuru 76 | Host haru 77 | Hostname 100.73.192.45 78 | User notoh 79 | IdentityFile ~/.ssh/haru 80 | Host basegbot 81 | HostName 100.83.81.116 82 | User basegbot 83 | IdentityFile ~/.ssh/basegbot 84 | Host rpi4 85 | Hostname 100.92.145.147 86 | User notoh 87 | IdentityFile ~/.ssh/rpi4 88 | Host pve 89 | Hostname 100.115.234.69 90 | User root 91 | Host truenas 92 | Hostname 192.168.1.199 93 | User root 94 | IdentityFile ~/.ssh/truenas 95 | Host git.flake.sh 96 | Hostname git.flake.sh 97 | User notohh 98 | IdentityFile ~/.ssh/notohh-git 99 | Port 2222 100 | Host github.com 101 | Hostname github.com 102 | User notohh 103 | IdentityFile ~/.ssh/notohh-git 104 | ''; 105 | }; 106 | } 107 | -------------------------------------------------------------------------------- /hosts/sakura/services/forgejo.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | config, 5 | ... 6 | }: 7 | let 8 | sshPort = 2222; 9 | dbHost = "192.168.1.211"; 10 | dbLogin = "forgejo"; 11 | in 12 | { 13 | sops.secrets.smtp2go-pwd = { 14 | owner = "forgejo"; 15 | }; 16 | networking.firewall.allowedTCPPorts = [ 2222 ]; 17 | services.forgejo = { 18 | enable = true; 19 | package = pkgs.forgejo; 20 | stateDir = "/var/lib/forgejo"; 21 | lfs.enable = true; 22 | secrets = { 23 | mailer.PASSWD = config.sops.secrets.smtp2go-pwd.path; 24 | }; 25 | settings = { 26 | service.DISABLE_REGISTRATION = true; 27 | DEFAULT.APP_NAME = "forgejo"; 28 | log.LEVEL = "Debug"; 29 | packages.ENABLED = true; 30 | federation.ENABLED = true; 31 | ui = { 32 | DEFAULT_THEME = "forgejo-dark"; 33 | SHOW_USER_EMAIL = true; 34 | }; 35 | actions = { 36 | ENABLED = false; 37 | DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; 38 | }; 39 | server = { 40 | HTTP_PORT = 3200; 41 | DOMAIN = "git.flake.sh"; 42 | ROOT_URL = "https://git.flake.sh"; 43 | LANDING_PAGE = "/explore/repos"; 44 | START_SSH_SERVER = true; 45 | SSH_DOMAIN = "git.flake.sh"; 46 | SSH_PORT = sshPort; 47 | SSH_LISTEN_PORT = sshPort; 48 | SSH_LISTEN_HOST = "100.121.201.47"; 49 | }; 50 | "git.timeout" = { 51 | DEFAULT = 3600; 52 | MIGRATE = 3600; 53 | MIRROR = 3600; 54 | CLONE = 3600; 55 | }; 56 | session = { 57 | PROVIDER = "redis"; 58 | PROVIDER_CONFIG = "redis://:forgejo@${dbHost}:6379"; 59 | }; 60 | security = { 61 | LOGIN_REMEMBER_DAYS = 14; 62 | }; 63 | database = { 64 | DB_TYPE = lib.mkForce "postgres"; 65 | HOST = "${dbHost}:5432"; 66 | NAME = dbLogin; 67 | USER = dbLogin; 68 | PASSWD = dbLogin; 69 | }; 70 | cache = { 71 | ENABLED = true; 72 | ADAPTER = lib.mkForce "redis"; 73 | HOST = "redis://:forgejo@${dbHost}:6379"; 74 | }; 75 | metrics = { 76 | ENABLED = true; 77 | ENABLED_ISSUE_BY_REPOSITORY = true; 78 | ENABLED_ISSUE_BY_LABEL = true; 79 | }; 80 | mailer = { 81 | ENABLED = true; 82 | FROM = "forgejo@flake.sh"; 83 | PROTOCOL = "smtp+starttls"; 84 | SMTP_ADDR = "mail.smtp2go.com"; 85 | SMTP_PORT = 587; 86 | USER = "forgejo-mailer"; 87 | }; 88 | }; 89 | }; 90 | services.fail2ban.jails.forgejo = { 91 | settings = { 92 | filter = "forgejo"; 93 | action = ''iptables-allports''; 94 | mode = "aggressive"; 95 | maxretry = 3; 96 | findtime = 3600; 97 | bantime = 900; 98 | }; 99 | }; 100 | environment.etc = { 101 | "fail2ban/filter.d/forgejo.conf".text = '' 102 | [Definition] 103 | failregex = ^.*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from $ 104 | journalmatch = _SYSTEMD_UNIT=forgejo.service 105 | ''; 106 | }; 107 | } 108 | -------------------------------------------------------------------------------- /flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "snowflake"; 3 | 4 | outputs = 5 | inputs: 6 | inputs.flake-parts.lib.mkFlake { inherit inputs; } { 7 | imports = [ 8 | ./hosts 9 | ./overlays 10 | ./modules 11 | ./pkgs 12 | ./home/profiles 13 | ]; 14 | systems = [ "x86_64-linux" ]; 15 | perSystem = 16 | { 17 | config, 18 | pkgs, 19 | ... 20 | }: 21 | { 22 | devShells.default = pkgs.mkShell { 23 | name = "snowflake"; 24 | shellHook = config.pre-commit.installationScript; 25 | packages = with pkgs; [ 26 | sops 27 | statix 28 | just 29 | yaml-language-server 30 | lua-language-server 31 | stylua 32 | kdePackages.qtdeclarative 33 | ]; 34 | }; 35 | formatter = pkgs.nixfmt; 36 | }; 37 | }; 38 | 39 | inputs = { 40 | nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; 41 | 42 | ### hypr 43 | hyprland-plugins = { 44 | url = "github:hyprwm/hyprland-plugins"; 45 | inputs.hyprland.follows = "hyprland"; 46 | }; 47 | hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; 48 | hypridle.url = "github:hyprwm/hypridle"; 49 | hyprlock.url = "github:hyprwm/hyprlock"; 50 | hyprpicker.url = "github:hyprwm/hyprpicker"; 51 | hyprpaper.url = "github:hyprwm/hyprpaper"; 52 | 53 | ### everything else 54 | home-manager = { 55 | url = "github:nix-community/home-manager"; 56 | inputs.nixpkgs.follows = "nixpkgs"; 57 | }; 58 | nix-index-database = { 59 | url = "github:nix-community/nix-index-database"; 60 | inputs.nixpkgs.follows = "nixpkgs"; 61 | }; 62 | zen = { 63 | url = "github:0xc000022070/zen-browser-flake/beta"; 64 | inputs.nixpkgs.follows = "nixpkgs"; 65 | }; 66 | technorino = { 67 | url = "git+https://github.com/2547techno/technorino"; 68 | inputs.nixpkgs.follows = "nixpkgs"; 69 | }; 70 | helix = { 71 | url = "github:helix-editor/helix"; 72 | inputs.nixpkgs.follows = "nixpkgs"; 73 | }; 74 | nix4nvchad = { 75 | url = "github:nix-community/nix4nvchad"; 76 | inputs.nixpkgs.follows = "nixpkgs"; 77 | }; 78 | deploy-rs.url = "github:serokell/deploy-rs"; 79 | sops-nix.url = "github:Mic92/sops-nix"; 80 | nix-gaming.url = "github:fufexan/nix-gaming"; 81 | nur.url = "github:nix-community/NUR"; 82 | yazi.url = "github:sxyazi/yazi"; 83 | pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix"; 84 | nixos-hardware.url = "github:NixOS/nixos-hardware/master"; 85 | flake-parts.url = "github:hercules-ci/flake-parts"; 86 | nixpkgs-xr.url = "github:nix-community/nixpkgs-xr"; 87 | prismlauncher.url = "github:PrismLauncher/PrismLauncher"; 88 | spicetify-nix.url = "github:Gerg-L/spicetify-nix"; 89 | nix-topology.url = "github:oddlama/nix-topology"; 90 | nix-flatpak.url = "github:gmodena/nix-flatpak"; 91 | copyparty.url = "github:9001/copyparty"; 92 | stylix.url = "github:nix-community/stylix"; 93 | millennium.url = "git+https://github.com/SteamClientHomebrew/Millennium"; 94 | vicinae.url = "github:vicinaehq/vicinae"; 95 | awakened-poe-flake.url = "git+https://git.flake.sh/notohh/awakened-poe-flake"; 96 | }; 97 | } 98 | -------------------------------------------------------------------------------- /home/wayland/programs/hyprlock.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | pkgs, 4 | ... 5 | }: 6 | { 7 | programs.hyprlock = { 8 | enable = false; 9 | package = inputs.hyprlock.packages.${pkgs.stdenv.hostPlatform.system}.default; 10 | settings = { 11 | background = 12 | let 13 | verticalWallpaper = "/home/notoh/dev/assets/wallpapers/miku/miku2.png"; 14 | horizontalWallpaper = "/home/notoh/dev/assets/wallpapers/miku/miku.png"; 15 | in 16 | [ 17 | { 18 | monitor = "HDMI-A-1"; 19 | path = verticalWallpaper; 20 | blur_passes = 3; 21 | blur_size = 4; 22 | brightness = 0.5; 23 | } 24 | { 25 | monitor = "DP-3"; 26 | path = verticalWallpaper; 27 | blur_passes = 3; 28 | blur_size = 4; 29 | brightness = 0.5; 30 | } 31 | { 32 | monitor = "DP-1"; 33 | path = horizontalWallpaper; 34 | blur_passes = 3; 35 | blur_size = 4; 36 | brightness = 0.5; 37 | } 38 | { 39 | monitor = "DP-2"; 40 | path = horizontalWallpaper; 41 | blur_passes = 3; 42 | blur_size = 4; 43 | brightness = 0.5; 44 | } 45 | ]; 46 | general = { 47 | disable_loading_bar = false; 48 | hide_cursor = false; 49 | no_fade_in = false; 50 | ignore_empty_input = true; 51 | }; 52 | animations = { 53 | enabled = true; 54 | }; 55 | input-field = [ 56 | { 57 | monitor = "DP-1"; 58 | size = "350, 50"; 59 | outline_thickness = 2; 60 | outer_color = "rgb(f5c2e7)"; 61 | inner_color = "rgb(1a1b26)"; 62 | font_color = "rgb(c0caf5)"; 63 | fail_color = "rgb(f7768e)"; 64 | fail_text = "$FAIL ($ATTEMPTS)"; 65 | check_color = "rgb(ff9e64)"; 66 | swap_font_color = false; 67 | placeholder_text = '' 68 | Password... 69 | ''; 70 | fade_on_empty = false; 71 | dots_spacing = 0.5; 72 | dots_center = true; 73 | shadow_passes = 3; 74 | shadow_size = 1; 75 | shadow_color = "rgba(00000099)"; 76 | shadow_boost = 1.0; 77 | } 78 | ]; 79 | label = [ 80 | { 81 | monitor = "DP-1"; 82 | text = '' 83 | Hi, $USER 84 | ''; 85 | color = "rgb(c0caf5)"; 86 | position = "0, 60"; 87 | valign = "center"; 88 | halign = "center"; 89 | shadow_passes = 3; 90 | shadow_size = 1; 91 | shadow_color = "rgba(00000099)"; 92 | shadow_boost = 1.0; 93 | } 94 | { 95 | monitor = "DP-1"; 96 | text = "$TIME"; 97 | color = "rgb(c0caf5)"; 98 | position = "0, 120"; 99 | valign = "center"; 100 | halign = "center"; 101 | shadow_passes = 3; 102 | shadow_size = 1; 103 | shadow_color = "rgba(00000099)"; 104 | shadow_boost = 0.6; 105 | } 106 | ]; 107 | }; 108 | }; 109 | } 110 | -------------------------------------------------------------------------------- /home/programs/editors/helix/languages.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | lib, 4 | ... 5 | }: 6 | { 7 | programs.helix.languages = { 8 | language = with pkgs; [ 9 | { 10 | name = "nix"; 11 | auto-format = true; 12 | language-servers = [ 13 | "nil" 14 | ]; 15 | formatter = { 16 | command = lib.getExe nixfmt; 17 | args = [ "-q" ]; 18 | }; 19 | } 20 | { 21 | name = "rust"; 22 | auto-format = true; 23 | language-servers = [ 24 | "rust-analyzer" 25 | ]; 26 | formatter = { 27 | command = lib.getExe rustfmt; 28 | args = [ 29 | "--edition" 30 | "2021" 31 | ]; 32 | }; 33 | } 34 | { 35 | name = "lua"; 36 | auto-format = true; 37 | language-servers = [ 38 | "lua-language-server" 39 | ]; 40 | formatter = { 41 | command = lib.getExe stylua; 42 | }; 43 | } 44 | { 45 | name = "python"; 46 | auto-format = true; 47 | language-servers = [ 48 | "ruff" 49 | ]; 50 | formatter = with pkgs; { 51 | command = lib.getExe ruff; 52 | args = [ 53 | "format" 54 | "-q" 55 | ]; 56 | }; 57 | } 58 | { 59 | name = "typescript"; 60 | auto-format = true; 61 | language-servers = [ 62 | { 63 | name = "typescript-language-server"; 64 | except-features = [ "format" ]; 65 | } 66 | ]; 67 | formatter = with pkgs; { 68 | command = lib.getExe deno; 69 | args = [ 70 | "fmt" 71 | "-" 72 | "--ext" 73 | "ts" 74 | ]; 75 | }; 76 | } 77 | { 78 | name = "toml"; 79 | auto-format = true; 80 | language-servers = [ 81 | "taplo" 82 | ]; 83 | formatter = with pkgs; { 84 | command = lib.getExe taplo; 85 | args = [ 86 | "fmt" 87 | "-" 88 | ]; 89 | }; 90 | } 91 | { 92 | name = "json"; 93 | auto-format = true; 94 | language-servers = [ 95 | "biome" 96 | ]; 97 | formatter = with pkgs; { 98 | command = lib.getExe biome; 99 | args = [ "format" ]; 100 | }; 101 | } 102 | ]; 103 | language-server = with pkgs; { 104 | rust-analyzer.config = { 105 | checkOnSave.command = "clippy"; 106 | inlayHints = { 107 | closingBraceHints.enable = false; 108 | parameterHints.enable = false; 109 | typeHints.enable = true; 110 | }; 111 | }; 112 | nil = { 113 | command = lib.getExe nil; 114 | }; 115 | typescript-language-server = with pkgs.nodePackages; { 116 | command = lib.getExe typescript-language-server; 117 | args = [ "--stdio" ]; 118 | }; 119 | lua = { 120 | command = lib.getExe lua-language-server; 121 | }; 122 | taplo = { 123 | command = lib.getExe taplo; 124 | args = [ 125 | "lsp" 126 | "stdio" 127 | ]; 128 | }; 129 | ruff = { 130 | command = lib.getExe ruff; 131 | args = [ 132 | "server" 133 | "--preview" 134 | ]; 135 | }; 136 | }; 137 | }; 138 | } 139 | -------------------------------------------------------------------------------- /hosts/yuki/services/hass/lovelace.nix: -------------------------------------------------------------------------------- 1 | _: { 2 | services.home-assistant.lovelaceConfig = { 3 | title = "Home"; 4 | views = [ 5 | { 6 | title = "Home"; 7 | icon = "mdi:home"; 8 | cards = [ 9 | { 10 | type = "markdown"; 11 | title = "Lovelace"; 12 | content = "Welcome home!"; 13 | } 14 | { 15 | type = "weather-forecast"; 16 | entity = "weather.openweathermap"; 17 | forecast_type = "hourly"; 18 | } 19 | ]; 20 | } 21 | { 22 | title = "Living Room"; 23 | cards = [ 24 | { 25 | type = "light"; 26 | entity = "light.living_room"; 27 | tap_action = { 28 | action = "toggle"; 29 | }; 30 | hold_action = { 31 | action = "Default action"; 32 | }; 33 | style = { 34 | top = "72.8%"; 35 | left = "75.3%"; 36 | }; 37 | } 38 | { 39 | type = "light"; 40 | entity = "light.hall_light"; 41 | tap_action = { 42 | action = "toggle"; 43 | }; 44 | hold_action = { 45 | action = "Default action"; 46 | }; 47 | style = { 48 | top = "72.8%"; 49 | left = "75.3%"; 50 | }; 51 | } 52 | ]; 53 | } 54 | { 55 | title = "Master Bedroom"; 56 | cards = [ 57 | { 58 | type = "light"; 59 | entity = "light.master_bedroom_lamp"; 60 | tap_action = { 61 | action = "toggle"; 62 | }; 63 | hold_action = { 64 | action = "Default action"; 65 | }; 66 | style = { 67 | top = "72.8%"; 68 | left = "75.3%"; 69 | }; 70 | } 71 | ]; 72 | } 73 | { 74 | title = "Bedroom 1"; 75 | cards = [ 76 | { 77 | type = "light"; 78 | entity = "light.bedroom_1"; 79 | show_state = true; 80 | show_icon = true; 81 | tap_action = { 82 | action = "toggle"; 83 | }; 84 | hold_action = { 85 | action = "Default action"; 86 | }; 87 | style = { 88 | top = "72.8%"; 89 | left = "75.3%"; 90 | }; 91 | } 92 | { 93 | type = "light"; 94 | entity = "light.light_panels_58_6c_84"; 95 | show_state = true; 96 | show_icon = true; 97 | tap_action = { 98 | action = "toggle"; 99 | }; 100 | hold_action = { 101 | action = "Default action"; 102 | }; 103 | style = { 104 | top = "72.8%"; 105 | left = "75.3%"; 106 | }; 107 | } 108 | { 109 | type = "entities"; 110 | entities = [ 111 | "light.hue_color_lamp_1" 112 | "light.hue_color_lamp_2" 113 | "light.hue_lightstrip_plus_1" 114 | "light.light_panels_58_6c_84" 115 | ]; 116 | style = { 117 | top = "72.8%"; 118 | left = "75.3%"; 119 | }; 120 | } 121 | ]; 122 | } 123 | { 124 | title = "Bedroom 2"; 125 | cards = [ 126 | ]; 127 | } 128 | ]; 129 | }; 130 | } 131 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 |
2 |

3 |
4 | snowflake 5 |

6 | 7 |

8 | 9 | 10 | 11 |

12 | 13 | 14 | status-badge 15 | 16 |

17 | 18 | 19 |

20 | Screenshots updated: 2025-02-09 21 |

22 |

23 | :warning: this config is a constant WIP, 24 | and will change constantly as i continue to learn about nix. stuff will be updated, restructed, added, and removed quite often. please also note that everything hosted here is what works best for me, and could totally be ineffecient, or just a dead wrong way of doing something.

25 |
26 | 27 | ## :open_book: Table of contents 28 | 29 | - :house_with_garden: [home](home) 30 | - :computer: [hosts](hosts) 31 | - :cloud_with_rain: [ame](hosts/ame) 32 | - :cloud_with_lightning_and_rain: [arashi](hosts/arashi) 33 | - :hibiscus: [haru](hosts/haru) 34 | - :satellite: [kariru](hosts/kariru) 35 | - :cherry_blossom: [sakura](hosts/sakura) 36 | - :milky_way: [sora](hosts/sora) 37 | - :full_moon: [tsuki](hosts/tsuki) 38 | - :building_construction: [tsuru](hosts/tsuru) 39 | - :snowflake: [yuki](hosts/yuki) 40 | - :electric_plug: [modules](modules) 41 | - :airplane: [overlays](overlays) 42 | - :package: [pkgs](pkgs) 43 | - :lock: [secrets](secrets) 44 | 45 | ## :spiral_notepad: Features 46 | 47 | - multi-config repo, with configs for servers, laptop, and desktop 48 | - multi-system home-manager setup 49 | - secrets provisioning with [sops-nix](https://github.com/Mic92/sops-nix) 50 | - multiple fully declarative self hosted services (and some containerized ones, with a docker backend) 51 | - wayland config for hyprland 52 | - custom packages not found in nixpkgs 53 | - linted & styled with [nixfmt](https://github.com/NixOS/nixfmt), [deadnix](https://github.com/astro/deadnix), and [statix](https://github.com/nerdypepper/statix) 54 | 55 | ## :busts_in_silhouette: Credit 56 | 57 | #### people who've inspired me to dive into nix, and i've stolen stuff from (you guys are awesome!) 58 | 59 | - [fufexan](https://github.com/fufexan) - a ton of home manager, hyprland stuff, and some gh workflows 60 | - [Misterio77](https://github.com/Misterio77) - flake, and some other boilerplate 61 | - [NobbZ](https://github.com/NobbZ) - general nix assistance 62 | - [MatthiasBenaets](https://github.com/MatthiasBenaets) - amazing nixos introduction video 63 | - [sioodmy](https://github.com/sioodmy) - general dotfile, readme badges, and hyprland stuff 64 | - [MatthewCroughan](https://github.com/MatthewCroughan) - traefik config used as reference 65 | - [seqizz](https://github.com/seqizz/nixos-config/blob/3ee51f406a8c7aa3afde9cdee97a43641b2ed2ef/modules/server/rustypaste.nix) - rustypaste config 66 | - [Yavko](https://github.com/yavko) - ironbar config used as reference 67 | - [hlissner](https://github.com/hlissner) - [security.nix](modules/security.nix) 68 | - [noc](https://git.flake.sh/noc) - networking diagram + a ton of other stuff 69 | -------------------------------------------------------------------------------- /hosts/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | inputs, 3 | homeImports, 4 | ... 5 | }: 6 | { 7 | imports = [ ./deploy.nix ]; 8 | flake.nixosConfigurations = 9 | let 10 | inherit (inputs.nixpkgs.lib) nixosSystem; 11 | specialArgs = { inherit inputs; }; 12 | in 13 | { 14 | tsuki = nixosSystem { 15 | inherit specialArgs; 16 | modules = [ 17 | ./tsuki 18 | { 19 | home-manager = { 20 | useGlobalPkgs = true; 21 | useUserPackages = true; 22 | extraSpecialArgs = specialArgs; 23 | users.notoh = { 24 | imports = homeImports."notoh@tsuki"; 25 | }; 26 | }; 27 | } 28 | ]; 29 | }; 30 | ame = nixosSystem { 31 | inherit specialArgs; 32 | modules = [ 33 | ./ame 34 | { 35 | home-manager = { 36 | useGlobalPkgs = true; 37 | useUserPackages = true; 38 | extraSpecialArgs = specialArgs; 39 | users.notoh = { 40 | imports = homeImports."notoh@ame"; 41 | }; 42 | }; 43 | } 44 | ]; 45 | }; 46 | sakura = nixosSystem { 47 | inherit specialArgs; 48 | modules = [ 49 | ./sakura 50 | { 51 | home-manager = { 52 | useGlobalPkgs = true; 53 | useUserPackages = true; 54 | extraSpecialArgs = specialArgs; 55 | users.notoh = { 56 | imports = homeImports."default"; 57 | }; 58 | }; 59 | } 60 | ]; 61 | }; 62 | kariru = nixosSystem { 63 | inherit specialArgs; 64 | modules = [ 65 | ./kariru 66 | { 67 | home-manager = { 68 | useGlobalPkgs = true; 69 | useUserPackages = true; 70 | extraSpecialArgs = specialArgs; 71 | users.notoh = { 72 | imports = homeImports."default"; 73 | }; 74 | }; 75 | } 76 | ]; 77 | }; 78 | yuki = nixosSystem { 79 | inherit specialArgs; 80 | modules = [ 81 | ./yuki 82 | { 83 | home-manager = { 84 | useGlobalPkgs = true; 85 | useUserPackages = true; 86 | extraSpecialArgs = specialArgs; 87 | users.notoh = { 88 | imports = homeImports."default"; 89 | }; 90 | }; 91 | } 92 | ]; 93 | }; 94 | arashi = nixosSystem { 95 | inherit specialArgs; 96 | modules = [ 97 | ./arashi 98 | { 99 | home-manager = { 100 | useGlobalPkgs = true; 101 | useUserPackages = true; 102 | extraSpecialArgs = specialArgs; 103 | users.notoh = { 104 | imports = homeImports."default"; 105 | }; 106 | }; 107 | } 108 | ]; 109 | }; 110 | sora = nixosSystem { 111 | inherit specialArgs; 112 | modules = [ 113 | ./sora 114 | { 115 | home-manager = { 116 | useGlobalPkgs = true; 117 | useUserPackages = true; 118 | extraSpecialArgs = specialArgs; 119 | users.notoh = { 120 | imports = homeImports."default"; 121 | }; 122 | }; 123 | } 124 | ]; 125 | }; 126 | tsuru = nixosSystem { 127 | inherit specialArgs; 128 | modules = [ 129 | ./tsuru 130 | { 131 | home-manager = { 132 | useGlobalPkgs = true; 133 | useUserPackages = true; 134 | extraSpecialArgs = specialArgs; 135 | users.notoh = { 136 | imports = homeImports."default"; 137 | }; 138 | }; 139 | } 140 | ]; 141 | }; 142 | haru = nixosSystem { 143 | inherit specialArgs; 144 | modules = [ 145 | ./haru 146 | { 147 | home-manager = { 148 | useGlobalPkgs = true; 149 | useUserPackages = true; 150 | extraSpecialArgs = specialArgs; 151 | users.notoh = { 152 | imports = homeImports."default"; 153 | }; 154 | }; 155 | } 156 | ]; 157 | }; 158 | }; 159 | } 160 | -------------------------------------------------------------------------------- /home/programs/terminal/yazi/init.lua: -------------------------------------------------------------------------------- 1 | function Manager:render(area) 2 | self.area = area 3 | 4 | local chunks = ui.Layout() 5 | :direction(ui.Layout.HORIZONTAL) 6 | :constraints({ 7 | ui.Constraint.Ratio(MANAGER.ratio.parent, MANAGER.ratio.all), 8 | ui.Constraint.Ratio(MANAGER.ratio.current, MANAGER.ratio.all), 9 | ui.Constraint.Ratio(MANAGER.ratio.preview, MANAGER.ratio.all), 10 | }) 11 | :split(area) 12 | 13 | local bar = function(c, x, y) 14 | return ui.Bar( 15 | ui.Rect({ 16 | x = math.max(0, x), 17 | y = math.max(0, y), 18 | w = math.min(1, area.w), 19 | h = math.min(1, area.h), 20 | }), 21 | ui.Bar.TOP 22 | ):symbol(c) 23 | end 24 | 25 | return ya.flat({ 26 | -- Borders 27 | ui.Border(area, ui.Border.ALL):type(ui.Border.ROUNDED), 28 | ui.Bar(chunks[1], ui.Bar.RIGHT), 29 | ui.Bar(chunks[3], ui.Bar.LEFT), 30 | 31 | bar("┬", chunks[1].right - 1, chunks[1].y), 32 | bar("┴", chunks[1].right - 1, chunks[1].bottom - 1), 33 | bar("┬", chunks[2].right, chunks[2].y), 34 | bar("┴", chunks[2].right, chunks[1].bottom - 1), -- Parent 35 | Parent:render(chunks[1]:padding(ui.Padding.xy(1))), -- Current 36 | Current:render(chunks[2]:padding(ui.Padding.y(1))), -- Preview 37 | Preview:render(chunks[3]:padding(ui.Padding.xy(1))), 38 | }) 39 | end 40 | 41 | Status = { area = ui.Rect.default } 42 | 43 | function Status.style() 44 | if cx.active.mode.is_select then 45 | return THEME.status.mode_select 46 | elseif cx.active.mode.is_unset then 47 | return THEME.status.mode_unset 48 | else 49 | return THEME.status.mode_normal 50 | end 51 | end 52 | 53 | function Status:mode() 54 | local mode = tostring(cx.active.mode):upper() 55 | if mode == "UNSET" then 56 | mode = "UN-SET" 57 | end 58 | 59 | local style = self.style() 60 | return ui.Line({ 61 | ui.Span(THEME.status.separator_open):fg(style.bg), 62 | ui.Span(" " .. mode .. " "):style(style), 63 | }) 64 | end 65 | 66 | function Status:size() 67 | local h = cx.active.current.hovered 68 | if h == nil then 69 | return ui.Line({}) 70 | end 71 | 72 | local style = self.style() 73 | return ui.Line({ 74 | ui.Span(" " .. ya.readable_size(h:size() or h.cha.length) .. " "):fg(style.bg):bg(THEME.status.separator_style.bg), 75 | ui.Span(THEME.status.separator_close):fg(THEME.status.separator_style.fg), 76 | }) 77 | end 78 | 79 | function Status:name() 80 | local h = cx.active.current.hovered 81 | if h == nil then 82 | return ui.Span("") 83 | end 84 | local linked = "" 85 | if h.link_to ~= nil then 86 | linked = " -> " .. tostring(h.link_to) 87 | end 88 | return ui.Span(" " .. h.name .. linked) 89 | end 90 | 91 | function Status:permissions() 92 | local h = cx.active.current.hovered 93 | if h == nil then 94 | return ui.Line({}) 95 | end 96 | 97 | local perm = h.cha:permissions() 98 | if perm == nil then 99 | return ui.Line({}) 100 | end 101 | 102 | local spans = {} 103 | for i = 1, #perm do 104 | local c = perm:sub(i, i) 105 | local style = THEME.status.permissions_t 106 | if c == "-" then 107 | style = THEME.status.permissions_s 108 | elseif c == "r" then 109 | style = THEME.status.permissions_r 110 | elseif c == "w" then 111 | style = THEME.status.permissions_w 112 | elseif c == "x" or c == "s" or c == "S" or c == "t" or c == "T" then 113 | style = THEME.status.permissions_x 114 | end 115 | spans[i] = ui.Span(c):style(style) 116 | end 117 | return ui.Line(spans) 118 | end 119 | 120 | function Status:percentage() 121 | local percent = 0 122 | local cursor = cx.active.current.cursor 123 | local length = #cx.active.current.files 124 | if cursor ~= 0 and length ~= 0 then 125 | percent = math.floor((cursor + 1) * 100 / length) 126 | end 127 | 128 | if percent == 0 then 129 | percent = " Top " 130 | else 131 | percent = string.format(" %3d%% ", percent) 132 | end 133 | 134 | local style = self.style() 135 | return ui.Line({ 136 | ui.Span(" " .. THEME.status.separator_open):fg(THEME.status.separator_style.fg), 137 | ui.Span(percent):fg(style.bg):bg(THEME.status.separator_style.bg), 138 | }) 139 | end 140 | 141 | function Status:position() 142 | local cursor = cx.active.current.cursor 143 | local length = #cx.active.current.files 144 | 145 | local style = self.style() 146 | return ui.Line({ 147 | ui.Span(string.format(" %2d/%-2d ", cursor + 1, length)):style(style), 148 | ui.Span(THEME.status.separator_close):fg(style.bg), 149 | }) 150 | end 151 | 152 | function Status:render(area) 153 | self.area = area 154 | 155 | local left = ui.Line({ self:mode(), self:size(), self:name() }) 156 | local right = ui.Line({ 157 | self:owner(), 158 | self:permissions(), 159 | self:percentage(), 160 | self:position(), 161 | }) 162 | return { 163 | ui.Paragraph(area, { left }), 164 | ui.Paragraph(area, { right }):align(ui.Paragraph.RIGHT), 165 | table.unpack(Progress:render(area, right:width())), 166 | } 167 | end 168 | 169 | function Status:owner() 170 | local h = cx.active.current.hovered 171 | if h == nil or ya.target_family() ~= "unix" then 172 | return ui.Line({}) 173 | end 174 | 175 | return ui.Line({ 176 | ui.Span(ya.user_name(h.cha.uid) or tostring(h.cha.uid)):fg("magenta"), 177 | ui.Span(":"), 178 | ui.Span(ya.group_name(h.cha.gid) or tostring(h.cha.gid)):fg("magenta"), 179 | ui.Span(" "), 180 | }) 181 | end 182 | -------------------------------------------------------------------------------- /home/profiles/tsuki/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | pkgs, 3 | inputs, 4 | ... 5 | }: 6 | { 7 | imports = [ 8 | ./stylix.nix 9 | ../../services 10 | ../../programs/vicinae.nix 11 | ../../programs/openvr.nix 12 | ../../programs/editors/nvchad 13 | ../../programs/terminal/zellij 14 | ../../programs/terminal/ghostty.nix 15 | ../../programs/terminal/television 16 | ../../programs/media/cava.nix 17 | ../../programs/media/spicetify.nix 18 | ../../programs/media/zathura.nix 19 | ../../programs/media/mpv.nix 20 | ../../programs/media/lutris.nix 21 | ../../wayland/hyprland 22 | ../../wayland/services/hypridle.nix 23 | ../../wayland/services/hyprpaper.nix 24 | ../../wayland/programs/hyprlock.nix 25 | ]; 26 | home.packages = 27 | with pkgs; 28 | let 29 | inherit (pkgs.stdenv.hostPlatform) system; 30 | inherit (inputs.prismlauncher.packages.${system}) prismlauncher; 31 | inherit (inputs.awakened-poe-flake.packages.${system}) awakened-poe-trade; 32 | inherit (inputs.awakened-poe-flake.packages.${system}) exiled-exchange-2; 33 | zen = inputs.zen.packages.${system}.default; 34 | osu = inputs.nix-gaming.packages.${system}.osu-lazer-tachyon-bin; 35 | technorino = inputs.technorino.packages.${system}.package; 36 | in 37 | [ 38 | chromium 39 | zen 40 | (discord-canary.override { 41 | withOpenASAR = true; 42 | withVencord = true; 43 | }) 44 | signal-desktop 45 | pwvucontrol 46 | helvum 47 | anki-bin 48 | virt-manager 49 | imv 50 | rustypaste-cli 51 | cryptomator 52 | moonlight-qt 53 | tokei 54 | jellyfin-rpc 55 | losslesscut-bin 56 | uxplay 57 | postman 58 | # gale 59 | bolt-launcher 60 | tutanota-desktop 61 | obsidian 62 | osu 63 | prismlauncher 64 | technorino 65 | krita 66 | music-discord-rpc 67 | coppwr 68 | wayscriber 69 | rusty-path-of-building 70 | awakened-poe-trade 71 | exiled-exchange-2 72 | ]; 73 | programs.ssh = { 74 | enable = true; 75 | enableDefaultConfig = false; 76 | matchBlocks."*" = { 77 | forwardAgent = false; 78 | addKeysToAgent = "no"; 79 | compression = false; 80 | serverAliveInterval = 0; 81 | serverAliveCountMax = 3; 82 | hashKnownHosts = false; 83 | userKnownHostsFile = "~/.ssh/known_hosts"; 84 | controlMaster = "no"; 85 | controlPath = "~/.ssh/master-%r@%n:%p"; 86 | controlPersist = "no"; 87 | }; 88 | extraConfig = '' 89 | Host sakura 90 | Hostname 100.121.201.47 91 | User notoh 92 | IdentityFile ~/.ssh/sakura 93 | Host kariru 94 | Hostname 100.126.229.95 95 | User notoh 96 | IdentityFile ~/.ssh/kariru 97 | Host yuki 98 | Hostname 100.108.113.89 99 | User notoh 100 | IdentityFile ~/.ssh/yuki 101 | Host arashi 102 | Hostname 100.94.214.100 103 | User notoh 104 | IdentityFile ~/.ssh/arashi 105 | Host sora 106 | Hostname 100.104.42.96 107 | User notoh 108 | IdentityFile ~/.ssh/sora 109 | Host daphbot 110 | Hostname 100.109.118.139 111 | User root 112 | IdentityFile ~/.ssh/daphbot 113 | Host tsuru 114 | Hostname 100.82.146.40 115 | User notoh 116 | IdentityFile ~/.ssh/tsuru 117 | Host haru 118 | Hostname 100.73.192.45 119 | User notoh 120 | IdentityFile ~/.ssh/haru 121 | Host basegbot 122 | HostName 100.83.81.116 123 | User basegbot 124 | IdentityFile ~/.ssh/basegbot 125 | Host rpi4 126 | Hostname 100.92.145.147 127 | User notoh 128 | IdentityFile ~/.ssh/rpi4 129 | Host rennypaste 130 | Hostname 5.78.112.206 131 | User notohh 132 | IdentityFile ~/.ssh/renny-key 133 | Host pve 134 | Hostname 100.115.234.69 135 | User root 136 | Host truenas 137 | Hostname 192.168.1.199 138 | User root 139 | IdentityFile ~/.ssh/truenas 140 | Host gemu 141 | Hostname 100.93.189.27 142 | User notohh 143 | IdentityFile ~/.ssh/gemu 144 | Host git.flake.sh 145 | Hostname git.flake.sh 146 | User notohh 147 | IdentityFile ~/.ssh/notohh-git 148 | Port 2222 149 | Host github.com 150 | Hostname github.com 151 | User notohh 152 | IdentityFile ~/.ssh/notohh-git 153 | ''; 154 | }; 155 | xdg.mimeApps = 156 | let 157 | value = 158 | let 159 | zen = inputs.zen.packages.${pkgs.stdenv.hostPlatform.system}.default; 160 | in 161 | zen.meta.desktopFileName; 162 | 163 | associations = builtins.listToAttrs ( 164 | map 165 | (name: { 166 | inherit name value; 167 | }) 168 | [ 169 | "application/x-extension-shtml" 170 | "application/x-extension-xhtml" 171 | "application/x-extension-html" 172 | "application/x-extension-xht" 173 | "application/x-extension-htm" 174 | "x-scheme-handler/unknown" 175 | "x-scheme-handler/mailto" 176 | "x-scheme-handler/chrome" 177 | "x-scheme-handler/about" 178 | "x-scheme-handler/https" 179 | "x-scheme-handler/http" 180 | "application/xhtml+xml" 181 | "application/json" 182 | "text/plain" 183 | "text/html" 184 | ] 185 | ); 186 | in 187 | { 188 | enable = true; 189 | associations.added = associations; 190 | defaultApplications = associations; 191 | }; 192 | } 193 | -------------------------------------------------------------------------------- /secrets/secrets.yaml: -------------------------------------------------------------------------------- 1 | foundry-username: ENC[AES256_GCM,data:YYZ5Q6UlWPqbH8iYhqoR6pYFmQ3NAjY=,iv:pRjblo74gqbYYJTy/edn1bOsEKjHyvmXPwp6D/t6vxE=,tag:G5Xt+dVT51pU6kYdDra0Rw==,type:str] 2 | foundry-password: ENC[AES256_GCM,data:c6cO1vV/thC7U1ha/1FiVVzk0KtvUnTRgJ9ysyO35uYhVK2ggyLUMAqBaXUduf4CXQ==,iv:jdnuyZyoaLN4waGI9MlU0coWg1adDIShrQykfuBq3UM=,tag:HNkaY/8k7JKQVCjjPlkO/w==,type:str] 3 | cloudflare-api-key: ENC[AES256_GCM,data:ZEYzFht24xogGov/Dkk9MQm0CZ/GPHvVgC7manQ2hOp1ljUOPrlHlShnNZnXctkv0VSwkQUARddCFQbAno79bUM=,iv:V54QifTBvy+5Q5JErfv2IRW0wpBn7q9KozAogy94gwU=,tag:1tz/0lNHLUTiYOH4V1jkDA==,type:str] 4 | gluetun: ENC[AES256_GCM,data:s5yLsBzbhaoI3oAD2STTY2NSbj3c9hMf/ADdG7b8Ut9KDeWui8/ezvGJfCx+Vjhpw3Jo+SH2EK9TjQQatVXRJiy7MGauBF4BuR/H2Ed5oXVx4vNvyOI/aAUU3ely2KDmuKWbshUhtKmvJQ7yu/QgFUNQp4oVYbaP0QEwDLxkpSt/Dqyna+aTI1ILpNRVdIS8d/dtvqPL8Y6rd8KCbikdCZwRMFpvtuLLtlt0fY+v5a54Tepqma/5spTtIk3Ks7BrqzNBWyjKtVnxMk8PKbYaeNnXt/Ud9iWhMf/rBpKt9/f+YpUTvNMz1kW5PUMEBXXq3Wz6fCB3EkhXJM0GAp9S+SslyZfXOFI1HeBWL85Ns7XDihjzLfbrZELDDFP2INa0FL7nHor602KP+wOO0+s/J3BqSLoLRq2XMEys4dkY19FnAZ5yEHK12cN83AuZnzDSkl+YcUg=,iv:GVwRFKXQIZ5KFXyiG1D7mXZS82I9VQX5h4be5Ad1scg=,tag:zdMHOGaiFeHAFxHBbf3k+g==,type:str] 5 | authelia-jwt: ENC[AES256_GCM,data:cAn2uZeSGjG2FqTFgZkupcSutCZLvZXCNBsxuUQvGX4=,iv:1OTDQzQwaPTmnTEB4TfnxU6l8CdBAlHfqFThE8QZa6A=,tag:KJ6aYDczHFajhLJHemfIQw==,type:str] 6 | authelia-sek: ENC[AES256_GCM,data:yWhAvl1AuEcrUCFAv2vcz6A8BLEIMIz9sqbFRAriHpw=,iv:i887EZgqGtRfFs6mHHAJry0XfQzvrTaDliz8PRh7oLs=,tag:dmn2GSG8gZk9CVXMNmH1Dw==,type:str] 7 | smtp2go-pwd: ENC[AES256_GCM,data:03OCDnG73T8B2Q3TJLt1kg==,iv:QFI34ZoM88AuGvOwVmxsplkNKWFgwqBn1AFdHNREses=,tag:9YABs0nAh7Cx2vybuIW9sA==,type:str] 8 | attic: ENC[AES256_GCM,data:w2ZCtOusAN1WfHa0SMjiZs0LfsswTr+ADkmO9NcIBwHOLyIK75H6hO9g3tZGNtwTwl4z0v34Jk9NGqUkOn2tpb9ibKQrwf33NLOm0zaPJYgU1+eYVzGLB7Sc34tmRMzxU8gHReMeYjvQemyKY6j2SaninRcV5/Ct8rlpV+Naa8AQyzgRXIKKm1UbcLb91xQMEYcg+21hFxr5obYCzXH/EtrzK21XT/uxRkGCo7qZFn6hWTuPKITn6/m2C+hYxc6YybJF3QFkvGiEAN9nIjT4P74r3pA22pp6mUrTmelwv0tr0wmIW2Y=,iv:MYGfCAV0Z9uodev3LQ8rm+DssAZieY+GU7tPcqAlS1g=,tag:n6mkC1IJB+7GSq0o0UkmBQ==,type:str] 9 | woodpecker-server: ENC[AES256_GCM,data:rI6Su65xSXGwy+wI9koVi1oL4RCSr5VEf8txJohzaPQRlyg03wZZzLCe1SSzEFsivYlL5B2XKAuVdYrkW5n5/XUENwxgPwrv7Vm3ufRfItj6+44VjV1mK8STmGnzkqglY7j71uX/+aVeqQwDM8uwWHCiT89kNTSd5ebrWzjIQ01DZ/ojPRZOZBLRE0rafA==,iv:1CuaRP0d9t8WkvMbUhDTi0hn+MqVL428Bu3r/fobK40=,tag:8KlR5EWU+cdDV5oLB8hHpA==,type:str] 10 | woodpecker-agent-secret: ENC[AES256_GCM,data:DQoIOciEqDcaUYTTYFeIocmUUFB+ASstMA0ver4QiM/1n8G3udFL0OR6QRO1wx3bAlPCD4rrfiw1vYgAFj8xFg==,iv:X4goTnTQof1+OHj8nq6VAyCe+M7p2hLa4nDvm/hXw7U=,tag:3KbuBYTqU2hD3GB3r1siZw==,type:str] 11 | anki-pwd: ENC[AES256_GCM,data:g3HNzilSVAsRkqOPdQHr0MZZkwOKz4gdDDBvhRZbD1w=,iv:49UNCpA6WLPKp2Y85Vpdgk/Eu47NyLGxXWDl5Qmkn8Y=,tag:n7hEcd908mkQbOr73qlYSw==,type:str] 12 | vaultwarden-env: ENC[AES256_GCM,data:db5b1dqvHs86t1exBaymKU3bLh4JYy4oHwgU5kjrsaybe+FzvevepngPIuXBvB1gduqaeiUP6iwaRNDMJG1NVEr7Wz3+IpMvLlcSnIPSWpjEXtuo1b5Bh4fSpl+TEAaTHK21jNWoaKJoQLE6CabTUed1lR1S7L+UdEII6CbY+4VnF4BH63viPEaG7Od3M/tbRtTlRWoLZuCydEo3cnbcfx37A1MpKDJEdFbqUwZ79oyV7Q==,iv:gfJwMfCMrJYzeKOeaSnvYH2pgiLMAD9o255U6+oaPp0=,tag:a1IV56uhTPTLj62SAkzlSw==,type:str] 13 | github-token: ENC[AES256_GCM,data:UkHqWyRX8Y3yjSuFehPCPfldT5/fWrh1Ssr8Tiv5Tj5Ce31C4nMZ1KOQXgXVEsh2yT+sBZKGhua+RxoCyKXup1LcEw==,iv:OjLk5Qgfx9Dw85oc18Rgr2SnMzK+vSvHpijt4/fweoY=,tag:8koHj5p4W53BUkJsgPtChw==,type:str] 14 | immich: ENC[AES256_GCM,data:e+z2Jkx6Ntt/lxZVmSZRRMReMQ==,iv:rfykNZ0lp3TTogmF2XRmf6yo2MEqtoDqwMcntVDnEZo=,tag:1+wHR3WP+yWAVI7PSwV7Mw==,type:str] 15 | redbot-auth: ENC[AES256_GCM,data:rTVE5ld4Gtm9yPMZeOaYLdWDXO8OF7JzIKVHFlKaOkMmWHckfDUf2y0mwMA9P3c1WDlUvvTP8gJNXNV0SeMPqGO9nLtymVi0ZdVErAg8,iv:i/RdPDwLXGusIauL6pYzCM7FM2nScH1HgSw18m4T7yI=,tag:YhF1YNuGcdxjHqFbUeH3Ww==,type:str] 16 | copyparty-passwd: ENC[AES256_GCM,data:fSEhZEoUEhqMXCoBAM/AlTuqUHQ=,iv:g3g2UJH0tqaMCBy39MMgGfArI9QsTWoPFnM/ol4/ziI=,tag:9Xb4Fov+x3iFmuI0G7lFIw==,type:str] 17 | copyparty-catsh-passwd: ENC[AES256_GCM,data:TVOjqRz33AsXRJ8q9y4FCVcPG0/x2GKbFdkaSYmnE6cVqSDrXqhnDg==,iv:QqCRvjsY/a6+k/xYcWoOkkOISisxXcpNmRu5mnRDElM=,tag:GTw9JL+H6pV8RqYZr1mLBw==,type:str] 18 | romm-env: ENC[AES256_GCM,data:c2AetkIRiaFE4ezprSOXdypRpmaI7AZ/gpX8awmA2FbOr0/uNJ0k1jizVqeWsn31MJxUWrZNiB3rLdz85ylyGhRuXNfbM9tn+RBLjR+FfaEra1M2kG/RTmNJr202NOFrIyyfA5K5uqwtzRyHxe0uj8eiF75jrrL+uHZsRekh+NGOcywKcoY/l2YPlK1wAucesaNj2JtP25Pk09oI4H6a+GykIA2O21I2N0qYfsyrW4tnskDmoh/zS2C8AuYoo8sk5nptzPzY2CBrGh2s6RL6+WcR+jPcK8WLIJtah3g8xPkA9rTKVlv74DDHxTFvTWpv9t/0qlTkZZ+oJx6JUOj4+MLD1/KPdGJUBgM0aVMX,iv:+4yvTujlptT1Hy8RtE1La1MtG3ae1WfI2T4U3f4G8c8=,tag:8iPyOaIrI+4qtoPAtp8yKw==,type:str] 19 | pocketid-env: ENC[AES256_GCM,data:nM6aoHHcL5f0TAvwksi4T+4w5n5g7ll19lFu/7dCocCBH3Lktrj+wO0xXfaeZMmKY+RLxi9p7irvyb75ucqQm/yeNt5EC9ZMJ+6i2M74qqYZID5x0HU50nHwdeHiL1E=,iv:8EhjFj4YjhDSq9LCN6HE3OFj7MK3+2OgKbhRrK8DNE8=,tag:oUO2VZOewAsZz7lKZSaY5g==,type:str] 20 | traefik-oidc-id: ENC[AES256_GCM,data:HDG738lHxOlhhECNr5Wd8m825PifpFowdLcy6q+sV1c3AI8G,iv:7PRteuVFYq/BOrme8Dz0Cw7DrpHAB51PmQ56dgnAVuQ=,tag:qnpmXOLT//cOzIotp9m+cA==,type:str] 21 | traefik-oidc-secret: ENC[AES256_GCM,data:HtXjaODeT92P+VXTUGFT3aSpb0OxoDNbUEpLyndhxqk=,iv:oMOF+8tG0g9WnFr4V4DELEZGyuubNBp5e9ubSXJqPVU=,tag:jo1W8+Coy5+JS/T4WUr65Q==,type:str] 22 | sops: 23 | age: 24 | - recipient: age1ckvmyqkwk69j64ev3fmckytz6k2dv79z4gn5qf6gxqyevp5yjfesdfkxmn 25 | enc: | 26 | -----BEGIN AGE ENCRYPTED FILE----- 27 | YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyRyt5K0FUSDBjVnY3NTZz 28 | T0NmeE9HREUrSTR5WWtLTzA5TWtndlpBd0FrClBZbzB5bGFxTFYrcEljd1NIZm9K 29 | V3pOZldWTmx6WG4vQU44ZXJDQ29oNTAKLS0tIFhqa1RmeVcwbnhlaWdpOEFJeFBX 30 | YWNQcURKMSs2U0pOa3E0cTdCZ3RnalkKGayA7DBUQS+kn+6OYVBc6oTunF0qeZdt 31 | 5b9DLHgh0HRWFm09XGSOog8K315d93Wzblw1My1/dXeEQX/ryinqUQ== 32 | -----END AGE ENCRYPTED FILE----- 33 | lastmodified: "2025-11-22T14:49:15Z" 34 | mac: ENC[AES256_GCM,data:6TfsWFMmFYvY4NsFTj+3ArwRaNlAhPwpgdFrztJ/0NWMHTJtEFKvXFUYVysenKs6XCDRjea41Hc7BYciXiZBV6G9Zuiyvo75tfBUHCwXZ0YZqMLuyYPsZb7h5ol5O0Gak4q/VLIuJ4dEuDltvcnUx8mk22FUNrDrPah7XH3erhs=,iv:eqamDYyARWOXg4o7jYcDR7CpF9IJI5uJPg8GdNchGvQ=,tag:Vtvt/4fmE3lehglYJBNp0w==,type:str] 35 | unencrypted_suffix: _unencrypted 36 | version: 3.11.0 37 | --------------------------------------------------------------------------------