jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: jawz:667b4c7a4614ea70c1b020df41bcc25437f51ded
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29
..
compare: jawz:main
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29

27 Commits
667b4c7a46 ... main

Author SHA1 Message Date
Danilo Reyes
5cf2369dd0 Update allowed and trusted users for Gitea actions runner 2025-11-09 01:04:39 -06:00
Danilo Reyes
11e70bd4b6 no compression for attic, faster? 2025-11-09 00:46:55 -06:00
Danilo Reyes
b473505a8a pre 25.11, but still master 2025-11-08 22:17:51 -06:00
Danilo Reyes
59c88ba905 rol vm + dev stuff for webref 2025-11-08 14:12:13 -06:00
Danilo Reyes
37dce91efa windows vm ssh key for rol
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 4m0s
Details
2025-11-06 20:49:54 -06:00
Danilo Reyes
41ced09790 single runner
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 10m43s
Details
2025-11-02 10:10:00 -06:00
Danilo Reyes
14d3e6b1ee action runner & webref stuff 2025-11-02 00:16:49 -06:00
Danilo Reyes
007744fb84 attic to the runner 2025-11-01 23:17:17 -06:00
Danilo Reyes
349495bea6 unsupported schema 2025-11-01 23:09:11 -06:00
Danilo Reyes
151ba68a35 webref runner 2025-11-01 22:39:40 -06:00
Danilo Reyes
78afe09dcb tailscale security 2025-11-01 17:19:44 -06:00
Danilo Reyes
4abb664cfe xterm name 2025-11-01 16:54:08 -06:00
Danilo Reyes
31cd975555 cursor wihtout fhs 2025-11-01 16:26:29 -06:00
Danilo Reyes
8d056ebd86 last flake update from master before 25.11 2025-11-01 12:15:51 -06:00
Danilo Reyes
5ae0facbf7 flake update 2025-11-01 11:38:17 -06:00
Danilo Reyes
310ea1d253 new vps ip, region dallas
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Has been cancelled
Details
2025-10-29 19:50:49 -06:00
Danilo Reyes
6d05270d09 new redirection 2025-10-29 14:06:29 -06:00
Danilo Reyes
6971bc9c9e secrets servidos.lat > lebubu.org 2025-10-29 13:20:35 -06:00
Danilo Reyes
0ec7fc1ec9 servidos.lat > lebubu.org 2025-10-29 13:12:31 -06:00
NixOS Builder Bot
943d9f3329 Weekly flake update: 2025-10-29 17:38 UTC 2025-10-29 11:38:29 -06:00
Danilo Reyes
cad0288d68 lan login for schemes pipeline as well 2025-10-29 09:57:44 -06:00
Danilo Reyes
15f998179d lowered compression rate 2025-10-29 01:57:21 -06:00
Danilo Reyes
11075969f2 push attic throguh lan 2025-10-29 01:41:24 -06:00
Danilo Reyes
4c6d02ba55 using rmlint from nixpkgs 2025-10-29 00:39:51 -06:00
Danilo Reyes
2cce4376e5 ignore conflicting cache syncthing librewolf 2025-10-29 00:00:39 -06:00
Danilo Reyes
9f455ec19c change public listener url synapse 2025-10-28 18:51:11 -06:00
Danilo Reyes
0ef6b08c42 changed ip/config of new vps 2025-10-28 16:11:16 -06:00
35 changed files with 447 additions and 535 deletions
Expand all files Collapse all files

152
.github/workflows/build-schemes.yml vendored
View File

@@ -3,8 +3,8 @@ name: Build All Color Schemes
on:
push:
paths:
- 'config/schemes.nix'
- 'config/scheme-utils.nix'
- "config/schemes.nix"
- "config/scheme-utils.nix"
workflow_dispatch:
jobs:
@@ -12,81 +12,81 @@ jobs:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "Processing scheme: $scheme"
echo "All schemes built and pushed successfully!"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"
echo "You can now switch schemes quickly without waiting for builds!"

2
.github/workflows/weekly-build-cache.yml vendored
View File

@@ -38,7 +38,7 @@ jobs:
if: steps.check_changes.outputs.changes == 'true'
run: |
# Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration
if: steps.check_changes.outputs.changes == 'true'

16
config/home-manager.nix
View File

@@ -31,14 +31,20 @@ in
};
git = {
enable = true;
delta.enable = true;
userName = "Danilo Reyes";
userEmail = osConfig.my.email;
extraConfig = {
init.defaultBranch = "main";
settings = {
pull.rebase = true;
init.defaultBranch = "main";
user = {
inherit (osConfig.my) email;
name = "Danilo Reyes";
};
};
};
delta = {
enable = true;
enableGitIntegration = true;
};
ssh.enableDefaultConfig = false;
bash = lib.mkIf (shellType == "bash") {
enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history";

9
config/jawz.nix
View File

@@ -30,9 +30,11 @@ in
home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
programs.ssh = lib.mkIf config.my.secureHost {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
linode = {
hostname = config.my.ips.linode;
vps = {
hostname = config.my.ips.vps;
user = "jawz";
port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path;
};
@@ -74,7 +76,8 @@ in
"miniserver"
"galaxy"
"phone"
"linode"
"vps"
"windows_vm"
];
};
}

2
config/stylix.nix
View File

@@ -11,7 +11,7 @@ let
};
scheme = schemesFile.schemes.febroary;
cfg = config.my.stylix;
gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
gnomeEnabled = config.services.desktopManager.gnome.enable;
in
{
options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix";

1
dotfiles/stignore
View File

@@ -1,6 +1,7 @@
(?d)jawz/chrome/userChrome.css
(?d)jawz/chrome/userContent.css
(?d)jawz/lock
(?d)jawz/storage
(?d)jawz/user.js
(?d)native-messaging-hosts/org.gnome.browser_connector.json
(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json

12
environments/gnome.nix
View File

@@ -1,21 +1,13 @@
{
pkgs,
lib,
...
}:
{
qt.enable = true;
services = {
gvfs.enable = true;
libinput.enable = true;
xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
xterm.enable = lib.mkForce false;
};
};
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
environment.gnome.excludePackages = builtins.attrValues {
inherit (pkgs)

327
flake.lock generated
View File

@@ -20,11 +20,11 @@
]
},
"locked": {
"lastModified": 1760101617,
"narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
"lastModified": 1762356719,
"narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
"rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7",
"type": "github"
},
"original": {
@@ -216,11 +216,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"lastModified": 1762440070,
"narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
"type": "github"
},
"original": {
@@ -234,11 +234,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1760813311,
"narHash": "sha256-lbHQ7FXGzt6/IygWvJ1lCq+Txcut3xYYd6VIpF1ojkg=",
"lastModified": 1762040540,
"narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "4e627ac2e1b8f1de7f5090064242de9a259dbbc8",
"rev": "0010412d62a25d959151790968765a70c436598b",
"type": "github"
},
"original": {
@@ -333,11 +333,11 @@
"rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f",
"revCount": 2,
"type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git"
"url": "https://git.lebubu.org/jawz/fonts.git"
},
"original": {
"type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git"
"url": "https://git.lebubu.org/jawz/fonts.git"
}
},
"fromYaml": {
@@ -381,16 +381,16 @@
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1744584021,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=",
"lastModified": 1748186689,
"narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae",
"rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "48.1",
"ref": "48.2",
"repo": "gnome-shell",
"type": "github"
}
@@ -402,16 +402,15 @@
]
},
"locked": {
"lastModified": 1758463745,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=",
"lastModified": 1762463325,
"narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3",
"rev": "0562fef070a1027325dd4ea10813d64d2c967b39",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
@@ -461,11 +460,11 @@
]
},
"locked": {
"lastModified": 1760445448,
"narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
"lastModified": 1762462052,
"narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
"rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162",
"type": "github"
},
"original": {
@@ -479,11 +478,11 @@
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": [
"nixpkgs"
],
@@ -492,11 +491,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1761340761,
"narHash": "sha256-j12amQpLU23PbblMzw8Tt4whr2PxjP6XXYH99uYGFGc=",
"lastModified": 1762542520,
"narHash": "sha256-hMWWVGEoJRNDaAJxHoL1YL+IXGxdQooEw8lABELVopg=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "da04afa44e7545771b08f8e0defd2cd1810f1613",
"rev": "522edc87126a48f3ce4891747b6a92a22385b1e7",
"type": "github"
},
"original": {
@@ -505,6 +504,48 @@
"type": "github"
}
},
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1762465111,
"narHash": "sha256-dS13YZdWjgGGLBjpT4FHB6xf8I/WiAU+mgNWXsZgDUs=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "a415eba866a953f3096d661318f771aa0082eb98",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": {
"inputs": {
"nixpkgs": [
@@ -530,74 +571,6 @@
"type": "github"
}
},
"hyprland-qt-support": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprland-qtutils",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"hyprland-qtutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-qtutils",
"systems"
]
},
"locked": {
"lastModified": 1749154592,
"narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=",
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"type": "github"
}
},
"hyprland-qtutils": {
"inputs": {
"hyprland-qt-support": "hyprland-qt-support",
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-qtutils",
"hyprlang",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"type": "github"
}
},
"hyprlang": {
"inputs": {
"hyprutils": [
@@ -627,6 +600,54 @@
"type": "github"
}
},
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1762463729,
"narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "88483bdee5329ec985f0c8f834c519cd18cfe532",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": {
"inputs": {
"nixpkgs": [
@@ -639,11 +660,11 @@
]
},
"locked": {
"lastModified": 1759619523,
"narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
"lastModified": 1762387740,
"narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
"rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7",
"type": "github"
},
"original": {
@@ -653,6 +674,35 @@
}
},
"hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"hyprtoolkit",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"hyprtoolkit",
"systems"
]
},
"locked": {
"lastModified": 1755184602,
"narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwayland-scanner_2": {
"inputs": {
"nixpkgs": [
"hyprland",
@@ -685,17 +735,17 @@
"sudoku-solver": "sudoku-solver"
},
"locked": {
"lastModified": 1760073554,
"narHash": "sha256-Ydqg/9lpoha2vgspjviqeRh6/tsWN+pZcUxn1ZyrFZM=",
"lastModified": 1762659856,
"narHash": "sha256-cyU8tuUPWZnkOnyWoH1x43+mmukaMoN+8vNxjWnVDv8=",
"ref": "refs/heads/master",
"rev": "5c13b806a094f3605e2da70e133551848ad8d9a9",
"revCount": 109,
"rev": "4e91264f0f2bee992231f91621c10f857fb37edd",
"revCount": 118,
"type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git"
"url": "https://git.lebubu.org/jawz/scripts.git"
},
"original": {
"type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git"
"url": "https://git.lebubu.org/jawz/scripts.git"
}
},
"nix-gaming": {
@@ -706,11 +756,11 @@
]
},
"locked": {
"lastModified": 1761356901,
"narHash": "sha256-YDySchURSJrS1P8zuzmFqypUS7shY6//0e0JiMZeLSI=",
"lastModified": 1762566515,
"narHash": "sha256-gIPh4l5MBs0/ETmF8ep7b6u6c2y2wyBBcD9Vk4l4p/Y=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "a8635e459ff96acbd156a8de613b99d9d6b3676a",
"rev": "9bb3ba9d192aeebc18a14c4c29140a78f0b28a7f",
"type": "github"
},
"original": {
@@ -773,11 +823,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"lastModified": 1761765539,
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
"type": "github"
},
"original": {
@@ -788,11 +838,11 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"lastModified": 1761765539,
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
"type": "github"
},
"original": {
@@ -821,27 +871,27 @@
},
"nixpkgs-small": {
"locked": {
"lastModified": 1761294158,
"narHash": "sha256-woFH58dy/EDeL1Li4IarZE9+0p0zdPmCsxCvKA7oYu4=",
"lastModified": 1762658878,
"narHash": "sha256-RG0StVygqNxDkAb0rRs+WvavmU1NOKpQcSFf+IZENgk=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e7b2e554a77018dec2f259b782d062500c133d49",
"rev": "268853f436c12f665c5d9c4d40caf5e0ccf182d9",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05-small",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1761114652,
"narHash": "sha256-f/QCJM/YhrV/lavyCVz8iU3rlZun6d+dAiC3H+CDle4=",
"lastModified": 1762363567,
"narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "01f116e4df6a15f4ccdffb1bcd41096869fb385c",
"rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
"type": "github"
},
"original": {
@@ -853,16 +903,16 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1761173472,
"narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=",
"lastModified": 1762631752,
"narHash": "sha256-svy+dTuq/qnfPZHH0Bo3QRYdv+S05ZZGf0vpXfQRd+U=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb",
"rev": "b6dff13a853160527ae3d111e2685df2468431f1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
@@ -896,11 +946,11 @@
]
},
"locked": {
"lastModified": 1761364085,
"narHash": "sha256-4BKMXhQ8SSYOo9NoK221fVYM86xMw5smoqHvwmLaDEo=",
"lastModified": 1762630843,
"narHash": "sha256-v9KMIzeHdIwdiItAuzZIkuEtoNng3wXNWVa7vSJAcpU=",
"owner": "nix-community",
"repo": "nur",
"rev": "e9f1e9e9cb027dd87785534261d0feb0097dfcfa",
"rev": "6dc13799694bfe61e1bedbcaf18200a762ea2d7a",
"type": "github"
},
"original": {
@@ -945,11 +995,11 @@
]
},
"locked": {
"lastModified": 1760663237,
"narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"lastModified": 1762441963,
"narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885",
"type": "github"
},
"original": {
@@ -1037,16 +1087,15 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1760478648,
"narHash": "sha256-Y4l+Y3zUvqIDbyLrtOrzNvp1o50Fp9TYK+iwtwweFU4=",
"lastModified": 1762264356,
"narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
"owner": "danth",
"repo": "stylix",
"rev": "1ec254101285777db13922303cc47ded06e10bb3",
"rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
"type": "github"
},
"original": {
"owner": "danth",
"ref": "release-25.05",
"repo": "stylix",
"type": "github"
}
@@ -1259,11 +1308,11 @@
"rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d",
"revCount": 2,
"type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git"
"url": "https://git.lebubu.org/jawz/wallpapers.git"
},
"original": {
"type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git"
"url": "https://git.lebubu.org/jawz/wallpapers.git"
}
},
"xdph": {
@@ -1294,11 +1343,11 @@
]
},
"locked": {
"lastModified": 1760713634,
"narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
"lastModified": 1761431178,
"narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
"rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
"type": "github"
},
"original": {

30
flake.nix
View File

@@ -2,16 +2,27 @@
description = "JawZ NixOS flake setup";
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs.url = "github:nixos/nixpkgs?ref=master";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=master";
# nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
home-manager = {
# url = "github:nix-community/home-manager?ref=release-25.05";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
# url = "github:danth/stylix/release-25.05";
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
doom-emacs = {
url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
inputs.nixpkgs.follows = "";
};
jawz-scripts = {
url = "git+https://git.servidos.lat/jawz/scripts.git";
url = "git+https://git.lebubu.org/jawz/scripts.git";
inputs.nixpkgs.follows = "nixpkgs";
};
nur = {
@@ -26,18 +37,10 @@
url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager?ref=release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:danth/stylix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixtendo-switch = {
url = "github:nyawox/nixtendo-switch";
inputs.nixpkgs.follows = "nixpkgs";
@@ -47,11 +50,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
wallpapers = {
url = "git+https://git.servidos.lat/jawz/wallpapers.git";
url = "git+https://git.lebubu.org/jawz/wallpapers.git";
flake = false;
};
fonts = {
url = "git+https://git.servidos.lat/jawz/fonts.git";
url = "git+https://git.lebubu.org/jawz/fonts.git";
flake = false;
};
qbit_manage = {
@@ -67,7 +70,6 @@
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
./parts/images.nix
];
};
}

47
hosts/linode/configuration.nix
View File

@@ -1,47 +0,0 @@
{
lib,
pkgs,
config,
inputs,
...
}:
{
imports = [
./hardware-configuration.nix
./wireguard-linode.nix
../../config/base.nix
inputs.nixos-generators.nixosModules.linode
];
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 2;
users.nixremote.enable = false;
network.firewall = {
enabledServicePorts = true;
additionalPorts = [ ];
};
};
networking.hostName = "linode";
services.openssh = {
enable = true;
openFirewall = true;
startWhenNeeded = lib.mkForce false;
settings = {
PasswordAuthentication = false;
PermitRootLogin = "prohibit-password";
KbdInteractiveAuthentication = false;
};
};
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
htop
iotop
tcpdump
wireguard-tools
;
};
system.autoUpgrade = {
enable = true;
dates = "weekly";
allowReboot = true;
};
}

43
hosts/linode/hardware-configuration.nix
View File

@@ -1,43 +0,0 @@
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
tmp.cleanOnBoot = true;
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
"net.ipv4.conf.all.rp_filter" = 1;
"net.ipv4.conf.default.rp_filter" = 1;
"net.ipv4.icmp_echo_ignore_broadcasts" = 1;
"net.ipv4.conf.all.accept_source_route" = 0;
"net.ipv6.conf.all.accept_source_route" = 0;
"net.ipv4.conf.all.send_redirects" = 0;
"net.ipv4.tcp_syncookies" = 1;
};
kernelModules = [
"virtio_pci"
"virtio_blk"
"virtio_net"
];
initrd = {
availableKernelModules = [
"virtio_pci"
"virtio_scsi"
"virtio_blk"
"virtio_net"
"9p"
"9pnet_virtio"
];
kernelModules = [ ];
};
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/sda";
fsType = "ext4";
};
swapDevices = [ { device = "/dev/sdb"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableRedistributableFirmware = true;
}

16
hosts/linode/toggles.nix
View File

@@ -1,16 +0,0 @@
_: {
timeZone = "America/Mexico_City";
services = {
network.enable = true;
wireguard.enable = true;
};
secureHost = false;
interfaces.linode = "eth0";
ips = {
linode = "51.222.141.104";
wg-linode = "10.77.0.1";
wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2";
wg-friends = "10.8.0.0";
};
}

76
hosts/linode/wireguard-linode.nix
View File

@@ -1,76 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
config = lib.mkIf config.my.services.wireguard.enable {
sops.secrets."linode/linode/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
};
networking = {
nat = {
enable = true;
externalInterface = config.my.interfaces.${config.networking.hostName};
internalInterfaces = [ "wg0" ];
};
firewall = {
allowedUDPPorts = [ 51820 ];
extraCommands = ''
iptables -I FORWARD 1 -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT
iptables -I FORWARD 2 -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I FORWARD 3 -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP
iptables -I FORWARD 4 -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP
iptables -A FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
'';
extraStopCommands = ''
iptables -D FORWARD -s ${config.my.ips.wg-friend1} -d ${config.my.ips.wg-server} -p tcp --dport 22000 -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-server} -d ${config.my.ips.wg-friend1} -p tcp --sport 22000 -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -d 10.77.0.0/24 -j DROP 2>/dev/null || true
iptables -D FORWARD -s 10.77.0.0/24 -d ${config.my.ips.wg-friends}/24 -j DROP 2>/dev/null || true
iptables -D FORWARD -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j ACCEPT 2>/dev/null || true
iptables -D FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT 2>/dev/null || true
'';
};
wireguard.interfaces.wg0 = {
ips = [
"${config.my.ips.wg-linode}/24"
"${config.my.ips.wg-friends}/24"
];
listenPort = 51820;
privateKeyFile =
if config.my.secureHost then
config.sops.secrets."linode/linode/private".path
else
"/var/lib/wireguard/private.key";
postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j MASQUERADE";
postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${config.my.ips.wg-friends}/24 -o ${
config.my.interfaces.${config.networking.hostName}
} -j MASQUERADE 2>/dev/null || true";
peers = [
{
publicKey = "OUiqluRaS4hmGvLJ3csQrnIM3Zzet50gsqtTABaUkH4=";
allowedIPs = [ "${config.my.ips.wg-server}/32" ];
}
{
publicKey = "rFgT6TXzRazK6GMazMNGjtOvzAAPST0LvCfN7QXsLho=";
allowedIPs = [ "${config.my.ips.wg-friend1}/32" ];
}
];
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
};
environment.systemPackages = [ pkgs.wireguard-tools ];
};
}

10
hosts/server/configuration.nix
View File

@@ -37,7 +37,7 @@
supportedFeatures = config.my.nix.features;
}
];
sops.secrets."linode/server/private" = lib.mkIf config.my.secureHost {
sops.secrets."vps/home/private" = lib.mkIf config.my.secureHost {
sopsFile = ../../secrets/wireguard.yaml;
};
networking = {
@@ -48,14 +48,14 @@
};
wireguard.interfaces.wg0 = lib.mkIf config.my.secureHost {
ips = [ "${config.my.ips.wg-server}/32" ];
privateKeyFile = config.sops.secrets."linode/server/private".path;
privateKeyFile = config.sops.secrets."vps/home/private".path;
peers = [
{
publicKey = "dFbiSekBwnZomarcS31o5+w6imHjMPNCipkfc2fZ3GY=";
endpoint = "${config.my.ips.linode}:51820";
endpoint = "${config.my.ips.vps}:51820";
allowedIPs = [
"${config.my.ips.wg-linode}/32"
"${config.my.ips.wg-friends}/24"
"${config.my.ips.wg-vps}/32"
"${config.my.ips.wg-friends}/24" # all friends
];
persistentKeepalive = 25;
}

74
hosts/workstation/configuration.nix
View File

@@ -32,20 +32,19 @@ in
"nixminiserver"
];
};
home-manager.users.jawz = {
programs = {
vscode = {
enable = true;
package = pkgs.code-cursor-fhs;
};
ghostty = {
enable = true;
package = pkgs.ghostty;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
installBatSyntax = true;
installVimSyntax = true;
};
home-manager.users.jawz.programs = {
vscode = {
enable = true;
package = pkgs.code-cursor;
};
ghostty = {
enable = true;
package = pkgs.ghostty;
enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh";
installBatSyntax = true;
installVimSyntax = true;
settings.term = "xterm-256color";
};
};
networking = {
@@ -125,9 +124,9 @@ in
../../secrets/ssh/root-private-ca.pem
];
services = {
minio.enable = true;
flatpak.enable = true;
open-webui.enable = true;
tailscale.enable = true;
scx = {
enable = true;
scheduler = "scx_lavd";
@@ -145,11 +144,48 @@ in
acceleration = "cuda";
models = "/srv/ai/ollama";
};
sunshine = {
postgresql = {
enable = true;
autoStart = false;
capSysAdmin = true;
openFirewall = true;
package = pkgs.postgresql_17;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ${config.my.localhost}/32 trust
host all all ::1/128 trust
'';
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
};
};
programs.virt-manager.enable = true;
users.groups.libvirtd.members = [ "jawz" ];
virtualisation.libvirtd.enable = true;
systemd.services.minio-init = {
description = "Initialize MinIO buckets";
after = [ "minio.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
# Wait for MinIO to be ready
until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
echo "Waiting for MinIO..."
sleep 1
done
# Configure mc alias and create bucket
${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
${pkgs.minio-client}/bin/mc mb local/webref || true
${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
echo "MinIO initialized with webref bucket"
'';
};
}

45
modules/apps/internet.nix
View File

@@ -5,29 +5,26 @@
...
}:
let
krisp-patcher =
pkgs.writers.writePython3Bin "krisp-patcher"
{
libraries = builtins.attrValues {
inherit (pkgs.python3Packages)
capstone
pyelftools
;
};
flakeIgnore = [
"E501" # line too long (82 > 79 characters)
"F403" # 'from module import *' used; unable to detect undefined names
"F405" # name may be undefined, or defined from star imports: module
];
}
(
builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
)
);
krisp-settings = {
libraries = builtins.attrValues {
inherit (pkgs.python3Packages)
capstone
pyelftools
;
};
flakeIgnore = [
"E501" # line too long (82 > 79 characters)
"F403" # 'from module import *' used; unable to detect undefined names
"F405" # name may be undefined, or defined from star imports: module
];
};
krisp-patch = builtins.readFile (
pkgs.fetchurl {
url = "https://pastebin.com/raw/8tQDsMVd";
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
}
);
krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
in
{
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
@@ -42,7 +39,7 @@ in
warp # transfer files with based ppl
nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent client
tor-browser-bundle-bin # dark web, so dark!
tor-browser # dark web, so dark!
telegram-desktop # furry chat
nicotine-plus # remember Ares?
discord # :3

1
modules/dev/sh.nix
View File

@@ -7,7 +7,6 @@
let
packages = builtins.attrValues {
inherit (pkgs)
bashdb # Debugger and completion support
shellcheck # Shell script linter
shfmt # Shell parser and formatter
;

7
modules/modules.nix
View File

@@ -39,7 +39,7 @@ in
};
domain = lib.mkOption {
type = lib.types.str;
default = "servidos.lat";
default = "lebubu.org";
description = "The domain name.";
};
ips = lib.mkOption {
@@ -49,8 +49,8 @@ in
server = "192.168.100.15";
miniserver = "192.168.1.100";
workstation = "192.168.100.18";
linode = "51.222.141.104";
wg-linode = "10.77.0.1";
vps = "45.79.25.87";
wg-vps = "10.77.0.1";
wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2";
wg-friends = "10.8.0.0";
@@ -63,7 +63,6 @@ in
server = "enp0s31f6";
miniserver = "enp2s0";
workstation = "enp5s0";
linode = "eth0";
};
description = "Set of network interface names for all my computers.";
};

24
modules/nix/gitea-actions-runners/nixos.nix
View File

@@ -9,22 +9,40 @@ let
in
{
config = lib.mkIf (cfg.enable && config.my.secureHost) {
users.groups.gitea-runner = { };
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
extraGroups = [
"docker"
"podman"
];
};
nix.settings = {
allowed-users = [ "gitea" "gitea-runner" ];
trusted-users = [ "gitea" "gitea-runner" ];
};
services.gitea-actions-runner.instances.nixos = {
inherit (cfg) url enable;
name = "${config.networking.hostName}-nixos";
tokenFile = config.sops.secrets.gitea.path;
labels = [
"nix:host"
"nixos:host"
];
hostPackages = builtins.attrValues {
inherit (pkgs)
bash
curl
coreutils
gitMinimal
nix
attic-client
nodejs # Required for GitHub Actions
openssh # Required for SSH git operations
podman
podman-compose
nix
nodejs
openssh
python3
;
};
};

4
modules/servers/atticd.nix
View File

@@ -24,10 +24,6 @@ in
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
compression = {
type = "zstd";
level = 8;
};
garbage-collection = {
interval = "7 days";
default-retention-period = "7 days";

1
modules/servers/gitea.nix
View File

@@ -10,7 +10,6 @@ let
in
{
imports = [
../nix/gitea-actions-runners/ryujinx.nix
../nix/gitea-actions-runners/nixos.nix
];
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;

12
modules/servers/homepage/bookmarks/servers.nix
View File

@@ -4,7 +4,7 @@
readeck = [
{
abbr = "RD";
href = "https://laters.servidos.lat/";
href = "https://laters.lebubu.org/";
description = "";
}
];
@@ -13,7 +13,7 @@
maloja = [
{
abbr = "ML";
href = "https://maloja.servidos.lat/";
href = "https://maloja.lebubu.org/";
description = "";
}
];
@@ -22,7 +22,7 @@
microbin = [
{
abbr = "CP";
href = "https://copy.servidos.lat/";
href = "https://copy.lebubu.org/";
description = "";
}
];
@@ -31,7 +31,7 @@
multi-scrobbler = [
{
abbr = "MS";
href = "https://scrobble.servidos.lat/";
href = "https://scrobble.lebubu.org/";
description = "";
}
];
@@ -40,7 +40,7 @@
ryot = [
{
abbr = "RT";
href = "https://tracker.servidos.lat/";
href = "https://tracker.lebubu.org/";
description = "";
}
];
@@ -49,7 +49,7 @@
vaultwarden = [
{
abbr = "VW";
href = "https://vault.servidos.lat";
href = "https://vault.lebubu.org";
description = "";
}
];

2
modules/servers/synapse.nix
View File

@@ -58,7 +58,7 @@ in
];
settings = {
server_name = cfg.domain;
public_baseurl = cfg.url;
public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
federation_domain_whitelist = [ ];
allow_public_rooms_without_auth = false;
allow_public_rooms_over_federation = false;

6
modules/services/network.nix
View File

@@ -13,7 +13,8 @@
hosts = config.my.ips |> lib.mapAttrs' (hostname: ip: lib.nameValuePair ip [ hostname ]);
interfaces."${config.my.interfaces.${config.networking.hostName}}".wakeOnLan.enable = true;
};
services.dnscrypt-proxy2 = {
systemd.services.dnscrypt-proxy.serviceConfig.StateDirectory = "dnscrypt-proxy";
services.dnscrypt-proxy = {
enable = true;
settings = {
ipv6_servers = true;
@@ -43,8 +44,5 @@
];
};
};
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
};
}

2
modules/services/nvidia.nix
View File

@@ -17,7 +17,7 @@
extraPackages = builtins.attrValues {
inherit (pkgs)
nvidia-vaapi-driver
vaapiVdpau
libva-vdpau-driver
libvdpau-va-gl
vulkan-loader
mesa

12
modules/services/wireguard.nix
View File

@@ -11,7 +11,7 @@ in
{
options.my.services.wireguard.enable = lib.mkEnableOption "WireGuard VPN configuration";
config = lib.mkIf (config.my.services.wireguard.enable && config.my.secureHost) {
sops.secrets."server/private".sopsFile = ../../secrets/wireguard.yaml;
sops.secrets."wireguard/private".sopsFile = ../../secrets/wireguard.yaml;
networking = {
firewall.allowedUDPPorts = [ port ];
nat = {
@@ -22,9 +22,13 @@ in
wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" ];
listenPort = port;
postSetup = "${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
postShutdown = "${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE";
privateKeyFile = config.sops.secrets."server/private".path;
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ${interface} -j MASQUERADE
'';
privateKeyFile = config.sops.secrets."wireguard/private".path;
peers = [
{
publicKey = "ciupBjCcIpd3K5vlzNMJC8iiyNqB9xXwkSC6UXPKP3g=";

4
modules/shell/tools.nix
View File

@@ -97,7 +97,7 @@ in
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs)
ripgrep # modern grep
du-dust # rusty du similar to gdu
dust # rusty du similar to gdu
fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful
gdu # disk-space utility checker, somewhat useful
@@ -106,8 +106,6 @@ in
jq # json parser
yq # yaml parser
smartmontools # check hard drie health
;
inherit (inputs.jawz-scripts.packages.x86_64-linux)
rmlint # amazing dupe finder that integrates well with BTRFS
;
};

6
parts/core.nix
View File

@@ -141,7 +141,7 @@ in
ips: hostName: lib:
builtins.attrNames ips
|> builtins.filter (
name: !(lib.hasPrefix "wg-" name) && name != "linode" && name != "router" && name != hostName
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
shellConditional =
shellType: bashContent: zshContent:
@@ -204,11 +204,13 @@ in
miniserver = ../secrets/ssh/ed25519_miniserver.pub;
galaxy = ../secrets/ssh/ed25519_galaxy.pub;
phone = ../secrets/ssh/ed25519_phone.pub;
linode = ../secrets/ssh/ed25519_linode.pub;
vps = ../secrets/ssh/ed25519_vps.pub;
emacs = ../secrets/ssh/ed25519_emacs.pub;
# Build user keys (nixremote)
nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
nixserver = ../secrets/ssh/ed25519_nixserver.pub;
nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
};
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
};

1
parts/hosts.nix
View File

@@ -6,6 +6,5 @@
server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
linode = inputs.self.lib.createConfig "linode" inputs.nixpkgs-small;
};
}

5
parts/images.nix
View File

@@ -1,5 +0,0 @@
{ inputs, ... }:
{
flake.packages.x86_64-linux.linode-image =
inputs.self.nixosConfigurations.linode.config.system.build.linodeImage;
}

2
scripts/push-to-cache.sh
View File

@@ -11,7 +11,7 @@ NC='\033[0m' # No Color
# Configuration
CACHE_NAME="servidos:nixos"
CACHE_URL="https://cache.servidos.lat"
CACHE_URL="https://cache.lebubu.org"
echo -e "${BLUE}=========================================${NC}"
echo -e "${BLUE}NixOS Build Cache Pusher${NC}"

8
secrets/homepage.yaml
View File

File diff suppressed because one or more lines are too long

0
secrets/ssh/ed25519_linode.pub → secrets/ssh/ed25519_vps.pub
View File

1
secrets/ssh/ed25519_windows_vm.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYwRyCCOXaq7PO1aK58XLRcbuvY6j8rvjZmgTwUKTIZ capta@DESKTOP-JJLTF62

22
secrets/wireguard.yaml
View File

@@ -1,13 +1,13 @@
server:
private: ENC[AES256_GCM,data:8/wwIn29F5DxRIjFz51GgBUmAdaOeyS4cDN/vFzypagyNyOJ1VygiT1NXMA=,iv:uUk55wrayGJ6YRNC67z51T4DW6r/LVOol39/JJKYZxg=,tag:uuAuAqzTUOJjkLsDrZig2A==,type:str]
public: ENC[AES256_GCM,data:J3j3AlG2liVRZERvlpClWekGa4AZWBfACe9J5YegzG1liU5/ZkPzMOzdf4I=,iv:8o9IpQWh0QtdwDj1knpsEOrPLorSZPQKiO8QJxBlPco=,tag:QDHai1bzFXS7vuTpIJqClA==,type:str]
linode:
wireguard:
private: ENC[AES256_GCM,data:wwggc9T88gK/EMmjPauf14DZGUnfipBpfN3FnlPhsO6FtVmK2aad/D0/Rqw=,iv:Q15iiEOFRa3bPf7NfZcEZOgEqnjIJPenYgE6c6HRYI8=,tag:x+auLhc/FDhxZxzWmcrX9Q==,type:str]
public: ENC[AES256_GCM,data:uelp1opnLR5EfvNBSA3Sk33ktMoG6+Pvj7oKYtdlCpXMZel9O8G7P4X5S2M=,iv:AQECJmnXSc2MM0pT8ZJtA51pn+tvhhyAxFDMBH/H6wA=,tag:yWsnQbHaeiXyPLbpxMZwsg==,type:str]
vps:
server:
private: ENC[AES256_GCM,data:ReI4nnGcR4GbLuQOkosYG9CtQWc/YSV/BVVwY2lfM9miskRIh+aw4kudSNM=,iv:B2JrRpD7tYF+PtdQddyzUl0kp36VVXSNFrHOAoUgwA4=,tag:GV3joCZbl85tvlMAq/Kqug==,type:str]
public: ENC[AES256_GCM,data:VKYak059lumcQy3QtCanYwBwmsKkkSVEQilOu+KUYmMykirV+DUpI23jloY=,iv:5NYbyrMQTlC8qp/fmGToK+ZpKhDcP8UWbmRNoWzn64k=,tag:fi46BRJAksrUuDYP+5Nvmw==,type:str]
private: ENC[AES256_GCM,data:wrP/069tuQs3ObYE8Q0MNVxe3+4vZ2HIImoIdZpj1uPgdBknboX1wmANv/k=,iv:FJL5KumHos8PoXra+BB2Uc6YedsF6MD3wWyuugXzJ+E=,tag:nVuTrW2P7JvnWnv6H1SmdQ==,type:str]
public: ENC[AES256_GCM,data:YnKOf9725v9FkzdNPDVf/iinMbY/YWn6ksqEz+mpB4KHVlOvpbV6vLSKRcs=,iv:aWQNy6mT4sxVbzaXKgRzZ9XVsiBCRsOlLORRqC+uiKE=,tag:mLWv6mr3VVfw0J5BrqByXg==,type:str]
home:
private: ENC[AES256_GCM,data:Bo3Hzd9Xh4kufO8G4J6Gm2znsUcBc25OlB+ECI4u2roeo7QgQpRXxa8RamM=,iv:0D+FmQxqyZZeCA+iA/gMp0soZ2LtM9fNTP6hGIVrNaM=,tag:Bk18KYKZEDWBBEK5dHKO6w==,type:str]
public: ENC[AES256_GCM,data:sHXh/i9nBHgpgsBVPgvpiEJIHIXzlCa3EhG/eFYL1tKz6Iabcr4bnAUbe08=,iv:V6eSlQRenSCz5VRJMQTXafIb2TTB33p7jzOkixSwIM0=,tag:tjutVj+K6CdtN/FOZqqaHw==,type:str]
private: ENC[AES256_GCM,data:YZ0jvBzkMv8Bwc9u3LDJzwSqQvPj8wPUxTIeBFiLYVQQIBjm8aS1dTYuPvo=,iv:mXuW7TVERxOMmGIit3a7Spmbk/EgYuGkO66AWJUnMF0=,tag:xM7C3F3JCiud/A9yPD5ydQ==,type:str]
public: ENC[AES256_GCM,data:DcwAHhHjIxFqRL5h7p/0nkFnWiI/iqR8Fws6AuFaxjgUHKYd/6l3D6q/O/0=,iv:bBJ0bsKRiGQUSlRmHqeLQWkOIUNfG5VVpuV6MOtKZO0=,tag:harMG6GDIfclmSq3D36bTw==,type:str]
sops:
age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -46,7 +46,7 @@ sops:
KzZFSWprL0l0MDdVdEVKbEV5eklZdTAK/1ZyGvElfp+LVloSR6aJUtvrgU0CrzaJ
SQtO7vc4oDedkiTz6LKySta+uyn3e17Jzdyy9nU2D/Q5X+CpKGP3cg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-28T19:42:02Z"
mac: ENC[AES256_GCM,data:b6/AkxnYppuHIU2oOqOZFizfqhwGjHquzhaeKnBhinXUqmAwoYRgHH54w951HR0Qp9IXu4P7BmlmqET2IhtIXjTtfkDOz9LUUJT0kRmpW5uyXcgiaPQWFFT1r3FnUNPla1O3mBpaT8FD1LVZunEGJ7o3smHJ8aXStbV3RIwdUsQ=,iv:4yCLwkTxW9wMFyoUK9WvaRR+GI1r884uGRKLvmzVF2I=,tag:wLk0v/f06rLczCX+/UN4Ng==,type:str]
lastmodified: "2025-09-08T00:14:52Z"
mac: ENC[AES256_GCM,data:O2herKRy4k9ZMuPzzPF5QlBC2isXdRoIsbYLJ/6X7esxtxxgNuAljx4SCR6UMT7pl3G2E33cnnBEkuAIy6SMXOaZNfOuAEJXaCwpRwCXu26lrcTf6n7UdP36GWfIRsR4utD5/vv66ch6MqmQWkW7E5zydy5dOv+BJ4XS/50OUQs=,iv:TscYNQaeI+mBxyobxI1O4wUzRtA27pvjXz27kqMJhA0=,tag:zx/xrYAWJCxYz5HRTKzYfQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.10.2