jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: jawz:clean
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29
...
pull from: jawz:main
Branches Tags
jawz:main
jawz:clean
jawz:modules
jawz:weekly-2025-10-29
jawz:weekly-2025-10-11
jawz:weekly-2025-10-06
jawz:weekly-2025-10-04
jawz:weekly-2025-09-30
jawz:weekly-2025-09-29

No commits in common. "clean" and "main" have entirely different histories.
clean ... main

104 changed files with 2195 additions and 1095 deletions
Show Stats Expand all files Collapse all files

92
.github/workflows/build-schemes.yml vendored Normal file
View File

@ -0,0 +1,92 @@
name: Build All Color Schemes
on:
push:
paths:
- "config/schemes.nix"
- "config/scheme-utils.nix"
workflow_dispatch:
jobs:
build-schemes:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"

2
.github/workflows/weekly-build-cache.yml vendored
View File

@ -38,7 +38,7 @@ jobs:
if: steps.check_changes.outputs.changes == 'true' if: steps.check_changes.outputs.changes == 'true'
run: | run: |
# Configure attic client to use your cache server # Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }} attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration - name: Build workstation configuration
if: steps.check_changes.outputs.changes == 'true' if: steps.check_changes.outputs.changes == 'true'

4
.gitignore vendored
View File

@ -2,3 +2,7 @@
config.el config.el
*.qcow2 *.qcow2
result result
# Prevent accidentally committing unencrypted secrets
**/secrets/*.yaml.dec
**/*-decrypted.*
**/temp-secrets.*

7
.sops.yaml
View File

@ -25,6 +25,13 @@ creation_rules:
- *workstation - *workstation
- *server - *server
- *miniserver - *miniserver
- path_regex: secrets/gallery.yaml$
key_groups:
- age:
- *devkey
- *workstation
- *server
- *miniserver
- path_regex: secrets/wireguard.yaml$ - path_regex: secrets/wireguard.yaml$
key_groups: key_groups:
- age: - age:

239
README.org Normal file
View File

@ -0,0 +1,239 @@
#+TITLE: JawZ NixOS Configuration
#+AUTHOR: JawZ
#+EMAIL: danilo.reyes.251@proton.me
#+OPTIONS: toc:t num:t
#+STARTUP: content
* Overview
This repository contains my personal NixOS configuration flake, managing
multiple hosts with a modular approach. Designed the configuration for a
self-hosted infrastructure with services and development environments.
* Architecture
** Hosts
- =workstation= :: Main development machine with GNOME desktop
- =server= :: Primary server with containerized services
- =miniserver= :: Secondary server for additional services
- =galaxy= :: Minimal configuration host
- =emacs= :: Development VM for Emacs configuration
** Key Features
- Modular configuration system
- SOPS-based secrets management
- Container orchestration with Podman
- Automated builds and caching
- Multi-language development environments
- Self-hosted service stack
* Quick Start
** Prerequisites
- NixOS 23.05 or later
- SOPS configured with age keys
- SSH keys for remote builds
** Initial Setup
#+BEGIN_SRC bash
# Clone the repository git clone <repository-url> /home/jawz/Development/NixOS
cd /home/jawz/Development/NixOS
# Install dependencies nix flake update
# Build and switch to configuration sudo nixos-rebuild switch --flake
.#<hostname>
#+END_SRC
** Development Environment
#+BEGIN_SRC bash
# Enter development shell for specific language nix develop .#<language>
# Available languages: python, rust, go, haskell, javascript, julia, zig, sh,
cc, nix
#+END_SRC
* Configuration Structure
** Core Configuration
- =config/base.nix= :: Common system configuration
- =config/jawz.nix= :: User and SSH configuration
- =config/stylix.nix= :: Theming configuration
- =config/schemes.nix= :: Color scheme definitions
** Host Configurations
- =hosts/<hostname>/configuration.nix= :: Host-specific settings
- =hosts/<hostname>/hardware-configuration.nix= :: Hardware-specific config
- =hosts/<hostname>/toggles.nix= :: Feature toggles
** Modules
- =modules/apps/= :: Application packages and configurations
- =modules/dev/= :: Development environment modules
- =modules/servers/= :: Self-hosted service configurations
- =modules/services/= :: System service configurations
- =modules/scripts/= :: Custom scripts and utilities
- =modules/shell/= :: Shell and terminal configurations
* Services
** Core Services
- PostgreSQL 17 :: Database backend
- Nginx :: Reverse proxy and web server
- Podman :: Container runtime
- Syncthing :: File synchronization
- WireGuard :: VPN connectivity
** Self-Hosted Applications
- Nextcloud :: File sharing and collaboration
- Gitea :: Git repository hosting
- Jellyfin :: Media server
- Plex :: Media streaming
- Sonarr/Radarr/Lidarr :: Media management
- Vaultwarden :: Password manager
- Homepage :: Service dashboard
- And more...
* Development
** Available Development Shells
The configuration provides development shells for my favorite programming
languages:
#+BEGIN_SRC bash
# Python development nix develop .#python
# Rust development nix develop .#rust
# Go development nix develop .#go
# JavaScript/Node.js development nix develop .#javascript
# Haskell development nix develop .#haskell
# Julia development nix develop .#julia
# Zig development nix develop .#zig
# Shell scripting nix develop .#sh
# C/C++ development nix develop .#cc
# Nix development nix develop .#nix
#+END_SRC
** Adding New Modules
1. Create module file in appropriate directory under =modules/=
2. Add module to =modules/modules.nix= if needed
3. Enable module in host configuration or toggles
** Adding New Hosts
1. Create host directory under =hosts/<hostname>/
2. Add =configuration.nix= and =hardware-configuration.nix=
3. Add host to =flake.nix= outputs
4. Create =toggles.nix= for feature management
* Secrets Management
** SOPS Configuration
Manage secrets using SOPS with age encryption:
- =secrets/secrets.yaml= :: Main secrets file
- =secrets/keys.yaml= :: SSH and encryption keys
- =secrets/env.yaml= :: Environment variables
- =secrets/wireguard.yaml= :: VPN configuration
- =secrets/certs.yaml= :: SSL certificates
** Adding New Secrets
#+BEGIN_SRC bash
# Edit secrets file sops secrets/secrets.yaml
# Add new secret sops -i -a 'new-secret: "value"' secrets/secrets.yaml
#+END_SRC
* CI/CD
** GitHub Actions
The repository includes automated workflows:
- =weekly-build-cache.yml= :: Weekly builds and cache updates
- =build-schemes.yml= :: Color scheme builds
** Build Cache
Builds are automatically cached using Atticd for faster rebuilds.
* Customization
** Theming
The configuration uses Stylix for theming. Define color schemes in
=config/schemes.nix= and can set them via the =config/stylix.nix= file.
** Adding New Services
1. Create service module in =modules/servers/=
2. Add service configuration
3. Enable service in host toggles
4. Add to homepage if needed
** Custom Scripts
Scripts are in =modules/scripts/= and toggle them per host.
* Troubleshooting
** Common Issues
*** Build Failures
- Check flake inputs are up to date: =nix flake update=
- Verify all required secrets are present
- Check host-specific configuration
*** Service Issues
- Check service status: =systemctl status <service>=
- View logs: =journalctl -u <service>=
- Verify firewall rules
*** Development Environment
- Rebuild development shell: =nix develop .#<language>=
- Check available packages: =nix search nixpkgs <package>=
** Getting Help
- Check NixOS documentation
- Review module documentation
- Check service-specific documentation
* Maintenance
** Regular Tasks
- Update flake inputs weekly
- Review and rotate secrets quarterly
- Update system packages monthly
- Clean old generations: =sudo nix-collect-garbage -d=
** Backup Strategy
- Configuration is version controlled
- Secrets are encrypted and backed up
- BTRFS snapshots for data protection
* Contributing
** Code Style
- Use consistent formatting
- Add comments for complex configurations
- Follow Nix conventions
** Pull Requests
- Test changes on development host first
- Update documentation as needed
- Ensure all secrets are properly managed
* License
This configuration is for personal use. Please respect the licenses of
individual packages and services used.
* Contact
For questions or issues, contact danilo.reyes.251@proton.me
---
*Last updated: 2025*

32
config/base.nix
View File

@ -47,7 +47,7 @@
}; };
security = { security = {
polkit.enable = true; polkit.enable = true;
sudo = { sudo-rs = {
enable = true; enable = true;
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
@ -75,9 +75,11 @@
"dotnet-runtime-6.0.36" "dotnet-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428" "dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428" "dotnet-sdk-6.0.428"
"mbedtls-2.28.10"
]; ];
}; };
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
distributedBuilds = true; distributedBuilds = true;
optimise.automatic = true; optimise.automatic = true;
settings = { settings = {
@ -123,33 +125,7 @@
sops sops
; ;
}; };
variables = variables = inputs.self.lib.xdgEnvironment;
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
# PATH
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
# OPTIONS
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
# WAYLAND
WLR_NO_HARDWARE_CURSORS = 1;
NIXOS_OZONE_WL = 1;
PATH = [ "\${HOME}/.local/bin" ];
NH_USE_DOAS = 1;
};
}; };
programs = { programs = {
nh = { nh = {

27
config/home-manager.nix
View File

@ -14,22 +14,10 @@ let
${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title ${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title
export command_timeout=60 export command_timeout=60
''; '';
commonAliases = { commonAliases = inputs.self.lib.commonAliases // {
cp = "cp -i"; open-gallery = ''
mv = "mv -i"; cd /srv/pool/scrapping/JawZ/gallery-dl &&
mkdir = "mkdir -p"; xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"'';
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
}; };
in in
{ {
@ -43,8 +31,13 @@ in
}; };
git = { git = {
enable = true; enable = true;
delta.enable = true;
userName = "Danilo Reyes"; userName = "Danilo Reyes";
userEmail = "CaptainJawZ@protonmail.com"; userEmail = osConfig.my.email;
extraConfig = {
init.defaultBranch = "main";
pull.rebase = true;
};
}; };
bash = lib.mkIf (shellType == "bash") { bash = lib.mkIf (shellType == "bash") {
enable = true; enable = true;

132
config/jawz.nix
View File

@ -1,11 +1,12 @@
{ config, lib, ... }: {
config,
lib,
inputs,
...
}:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
nixosHosts = nixosHosts = inputs.self.lib.getNixosHosts config.my.ips hostName lib;
lib.attrNames config.my.ips
|> lib.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
nixosHostsMatch = lib.concatStringsSep " " nixosHosts; nixosHostsMatch = lib.concatStringsSep " " nixosHosts;
in in
{ {
@ -23,9 +24,6 @@ in
jawz-password.neededForUsers = true; jawz-password.neededForUsers = true;
"private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}"; "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
"git_private_keys/${hostName}" = keyConfig "${baseDir}_git"; "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
"syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
"syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
"syncthing_password".sopsFile = ../secrets/keys.yaml;
} }
); );
home-manager.users.jawz = { home-manager.users.jawz = {
@ -35,7 +33,7 @@ in
matchBlocks = { matchBlocks = {
vps = { vps = {
hostname = config.my.ips.vps; hostname = config.my.ips.vps;
user = "fedora"; user = "jawz";
port = 3456; port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path; identityFile = config.sops.secrets."private_keys/${hostName}".path;
}; };
@ -48,103 +46,6 @@ in
}; };
}; };
}; };
services.syncthing = lib.mkIf config.my.secureHost {
enable = true;
user = "jawz";
group = "users";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
key = config.sops.secrets."syncthing_keys/${hostName}".path;
cert = config.sops.secrets."syncthing_certs/${hostName}".path;
guiAddress = "${config.my.ips."${hostName}"}:8384";
settings = {
options = {
natEnabled = false;
relaysEnabled = false;
globalAnnounceEnabled = false;
};
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
devices = {
server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
phone.id = "OSOX2VZ-AO2SA3C-BFB6NKF-K6CR6WX-64TDBKW-RRKEKJ4-FKZE5CV-J2RGJAJ";
wg-friend1 = {
id = "XBIYCD4-EFKS5SK-WFF73CU-P37GXVH-OMWEIA4-6KC5F3L-U5UQWSF-SYNNRQF";
addresses = [ "tcp://${config.my.ips.wg-friend1}:22000" ];
introducer = false;
autoAcceptFolders = false;
paused = false;
};
};
folders =
let
isMainHost = hostName == "workstation";
mkMobile =
path:
lib.mkIf isMainHost {
inherit path;
ignorePerms = false;
devices = [
"galaxy"
"phone"
];
};
in
{
cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/artist/friends/";
forme = mkMobile "~/Pictures/art for me/";
comfy = mkMobile "~/Development/AI/ComfyUI/output/";
gdl = {
path = "~/.config/jawz/";
ignorePerms = false;
devices = [
"server"
"miniserver"
"workstation"
];
};
librewolf = {
path = "~/.librewolf/";
ignorePerms = false;
copyOwnershipFromParent = true;
type = if isMainHost then "sendonly" else "receiveonly";
devices = [
"server"
"miniserver"
"workstation"
];
};
notes = {
path = "~/Documents/Notes";
ignorePerms = false;
devices = [
"galaxy"
"phone"
"server"
"miniserver"
"workstation"
];
};
friend_share = {
path = "~/Pictures/encrypted/friends";
ignorePerms = false;
type = "sendreceive";
devices = [
"server"
"workstation"
"wg-friend1"
];
};
};
};
};
users.users.jawz = { users.users.jawz = {
uid = 1000; uid = 1000;
linger = true; linger = true;
@ -167,14 +68,15 @@ in
"plugdev" "plugdev"
"bluetooth" "bluetooth"
]; ];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
../secrets/ssh/ed25519_deacero.pub "deacero"
../secrets/ssh/ed25519_workstation.pub "workstation"
../secrets/ssh/ed25519_server.pub "server"
../secrets/ssh/ed25519_miniserver.pub "miniserver"
../secrets/ssh/ed25519_galaxy.pub "galaxy"
../secrets/ssh/ed25519_phone.pub "phone"
../secrets/ssh/ed25519_vps.pub "vps"
"windows_vm"
]; ];
}; };
} }

12
config/overlay.nix
View File

@ -8,6 +8,8 @@ let
pkgsU = mkpkgs inputs.nixpkgs-unstable; pkgsU = mkpkgs inputs.nixpkgs-unstable;
in in
_final: prev: { _final: prev: {
handbrake = prev.handbrake.override { useGtk = true; };
ripgrep = prev.ripgrep.override { withPCRE2 = true; };
nautilus = prev.nautilus.overrideAttrs (old: { nautilus = prev.nautilus.overrideAttrs (old: {
buildInputs = buildInputs =
old.buildInputs old.buildInputs
@ -29,8 +31,6 @@ _final: prev: {
wineWowPackages.stable wineWowPackages.stable
]); ]);
}; };
handbrake = prev.handbrake.override { useGtk = true; };
ripgrep = prev.ripgrep.override { withPCRE2 = true; };
discord = prev.discord.override { discord = prev.discord.override {
withVencord = true; withVencord = true;
withOpenASAR = true; withOpenASAR = true;
@ -38,5 +38,11 @@ _final: prev: {
waybar = prev.waybar.overrideAttrs (old: { waybar = prev.waybar.overrideAttrs (old: {
mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ]; mesonFlags = old.mesonFlags ++ [ "-Dexperimental=true" ];
}); });
inherit (pkgsU) symbola mealie flaresolver; inherit (pkgsU)
code-cursor
symbola
mealie
flaresolver
deadnix
;
} }

14
config/schemes.nix
View File

@ -56,6 +56,18 @@ in
polarity = "dark"; polarity = "dark";
image = "${wallpapers}/Waay-Ballerinas.jpeg"; image = "${wallpapers}/Waay-Ballerinas.jpeg";
}; };
febroary = mkScheme {
color = "yellow";
name = "gruvbox-light";
polarity = "light";
image = "${wallpapers}/febroary.jpg";
};
paul3 = mkScheme {
color = "bluegrey";
name = "mexico-light";
polarity = "light";
image = "${wallpapers}/paul3.jpg";
};
paul = mkScheme { paul = mkScheme {
color = "green"; color = "green";
name = "valua"; name = "valua";
@ -99,7 +111,7 @@ in
base0A = "#daa520"; # goldenrod base0A = "#daa520"; # goldenrod
base0B = "#228b22"; # forest green base0B = "#228b22"; # forest green
base0C = "#20b2aa"; # light sea green base0C = "#20b2aa"; # light sea green
base0D = "#4169e1"; # royal blue base0D = "#daa520"; # goldenrod
base0E = "#8b008b"; # dark magenta base0E = "#8b008b"; # dark magenta
base0F = "#dc143c"; # crimson base0F = "#dc143c"; # crimson
}; };

2
config/stylix.nix
View File

@ -9,7 +9,7 @@ let
schemesFile = import ./schemes.nix { schemesFile = import ./schemes.nix {
inherit pkgs inputs; inherit pkgs inputs;
}; };
scheme = schemesFile.schemes.cheems; scheme = schemesFile.schemes.febroary;
cfg = config.my.stylix; cfg = config.my.stylix;
gnomeEnabled = config.services.xserver.desktopManager.gnome.enable; gnomeEnabled = config.services.xserver.desktopManager.gnome.enable;
in in

100
dotfiles/gallery-dl.nix
View File

@ -12,6 +12,14 @@
filename = "{filename}.{extension}"; filename = "{filename}.{extension}";
directory = [ ]; directory = [ ];
}; };
bluesky = {
limit-rate = "400k-1M";
username = "blablablamagic.bsky.social";
reposts = false;
videos = true;
directory = [ "{author['handle']}" ];
include = [ "media" ];
};
twitter = { twitter = {
skip = "abort:1"; skip = "abort:1";
retweets = false; retweets = false;
@ -20,13 +28,28 @@
include = [ "media" ]; include = [ "media" ];
directory = [ "{user[name]}" ]; directory = [ "{user[name]}" ];
}; };
flickr = {
size-max = "Original";
directory = [
"{category}"
"{owner[username]}"
];
};
pinterest.directory = [ pinterest.directory = [
"{board[owner][username]}" "{board[owner][username]}"
"{board[name]}" "{board[name]}"
]; ];
wikifeet = {
page-reverse = true;
directory = [
"{category}"
"{celebrity}"
];
};
instagram = { instagram = {
limit-rate = "200k-300k";
browser = "firefox:linux"; browser = "firefox:linux";
user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"; user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0";
sleep = "66-123"; sleep = "66-123";
sleep-request = "66-123"; sleep-request = "66-123";
parent-directory = true; parent-directory = true;
@ -46,6 +69,38 @@
"{tagged_username}" "{tagged_username}"
]; ];
}; };
kemonoparty = {
limit-rate = "200k-300k";
retries = 10;
timeout = 5;
filename = "{id}_{filename}.{extension}";
directory = [
"{category}"
"{user}"
];
};
exhentai.directory = [
"{category}"
"{title}"
];
tumblr = {
external = true;
inline = true;
posts = "all";
reblogs = false;
parent-directory = true;
directory = [ "{blog_name}" ];
};
deviantart = {
limit-rate = "200k-300k";
include = "gallery,scraps";
flat = true;
original = true;
mature = true;
auto-watch = true;
auto-unwatch = true;
directory = [ "{username}" ];
};
furaffinity = { furaffinity = {
directory = [ directory = [
"{user}" "{user}"
@ -57,6 +112,7 @@
]; ];
}; };
patreon = { patreon = {
limit-rate = "400k-1M";
filename = "{filename}.{num}.{extension}"; filename = "{filename}.{num}.{extension}";
browser = "firefox"; browser = "firefox";
directory = [ directory = [
@ -78,6 +134,8 @@
}; };
gfycat.format = "webm"; gfycat.format = "webm";
reddit = { reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g";
parent-directory = true; parent-directory = true;
directory = [ "{author}" ]; directory = [ "{author}" ];
}; };
@ -86,6 +144,45 @@
directory = [ "{userName}" ]; directory = [ "{userName}" ];
}; };
imgur.mp4 = true; imgur.mp4 = true;
paheal.directory = [
"Husbands"
"{search_tags}"
];
rule34.directory = [
"Husbands"
"{search_tags}"
];
e621.directory = [
"Husbands"
"{search_tags}"
];
baraag.directory = [ "{account[username]}" ];
pixiv = {
directory = [ "{user[account]} - {user[id]}" ];
ugoira = true;
favorite.directory = [
"{user_bookmark[account]} - {user_bookmark[id]}"
"Bookmarks"
];
postprocessors = [
{
name = "ugoira";
extension = "webm";
keep-files = false;
whitelist = [ "pixiv" ];
ffmpeg-twopass = true;
ffmpeg-args = [
"-c:v"
"libvpx"
"-crf"
"4"
"-b:v"
"5000k"
"-an"
];
}
];
};
fanbox = { fanbox = {
embeds = true; embeds = true;
directory = [ directory = [
@ -94,6 +191,7 @@
]; ];
}; };
readcomiconline = { readcomiconline = {
limit-rate = "400k-1M";
chapter-reverse = true; chapter-reverse = true;
quality = "hq"; quality = "hq";
captcha = "wait"; captcha = "wait";

1
dotfiles/stignore
View File

@ -1,6 +1,7 @@
(?d)jawz/chrome/userChrome.css (?d)jawz/chrome/userChrome.css
(?d)jawz/chrome/userContent.css (?d)jawz/chrome/userContent.css
(?d)jawz/lock (?d)jawz/lock
(?d)jawz/storage
(?d)jawz/user.js (?d)jawz/user.js
(?d)native-messaging-hosts/org.gnome.browser_connector.json (?d)native-messaging-hosts/org.gnome.browser_connector.json
(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json (?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json

222
dotfiles/unpackerr.conf
View File

@ -1,222 +0,0 @@
## Unpackerr Example Configuration File ##
## The following values are application defaults. ##
## Environment Variables may override all values. ##
####################################################
# [true/false] Turn on debug messages in the output. Do not wrap this in quotes.
# Recommend trying this so you know what it looks like. I personally leave it on.
debug = false
# Disable writing messages to stdout. This silences the app. You should set a log
# file below if you set this to true. Recommended when starting with systemctl.
quiet = false
# Setting activity to true will silence all app queue log lines with only zeros.
# Set this to true when you want less log spam.
activity = false
# The application queue data is logged on an interval. Adjust that interval with this setting.
# Default is a minute. 2m, 5m, 10m, 30m, 1h are also perfectly acceptable.
log_queues = "1m"
# Write messages to a log file. This is the same data that is normally output to stdout.
# This setting is great for Docker users that want to export their logs to a file.
# The alternative is to use syslog to log the output of the application to a file.
# Default is no log file; this is unset. log_files=0 turns off auto-rotation.
# Default files is 10 and size(mb) is 10 Megabytes; both doubled if debug is true.
#log_file = '/downloads/unpackerr.log'
log_files = 10
log_file_mb = 10
# How often to poll sonarr and radarr.
# Recommend 1m-5m. Uses Go Duration.
interval = "5m"
# How long an item must be queued (download complete) before extraction will start.
# One minute is the historic default and works well. Set higher if your downloads
# take longer to finalize (or transfer locally). Uses Go Duration.
start_delay = "1m"
# How long to wait before removing the history for a failed extraction.
# Once the history is deleted the item will be recognized as new and
# extraction will start again. Uses Go Duration.
retry_delay = "5m"
# How many files may be extracted in parallel. 1 works fine.
# Do not wrap the number in quotes. Raise this only if you have fast disks and CPU.
parallel = 1
# Use these configurations to control the file modes used for newly extracted
# files and folders. Recommend 0644/0755 or 0666/0777.
file_mode = "0664"
dir_mode = "0775"
[webserver]
## The web server currently only supports metrics; set this to true if you wish to use it.
metrics = false
## This may be set to a port or an ip:port to bind a specific IP. 0.0.0.0 binds ALL IPs.
listen_addr = "0.0.0.0:5656"
## Recommend setting a log file for HTTP requests. Otherwise, they go with other logs.
log_file = ""
## This app automatically rotates logs. Set these to the size and number to keep.
log_files = 10
log_file_mb = 10
## Set both of these to valid file paths to enable HTTPS/TLS.
ssl_cert_file = ""
ssl_key_file = ""
## Base URL from which to serve content.
urlbase = "/"
## Upstreams should be set to the IP or CIDR of your trusted upstream proxy.
## Setting this correctly allows X-Forwarded-For to be used in logs.
## In the future it may control auth proxy trust. Must be a list of strings.
upstreams = [ ] # example: upstreams = [ "127.0.0.1/32", "10.1.2.0/24" ]
##-Notes-#######-READ THIS!!!-##################################################
## The following sections can be repeated if you have more than one Sonarr, ##
## Radarr or Lidarr, Readarr, Folder, Webhook, or Command Hook. ##
## You MUST uncomment the [[header]] and api_key at a minimum for Starr apps. ##
## ALL LINES BEGINNING WITH A HASH # ARE IGNORED ##
## REMOVE THE HASH # FROM CONFIG LINES YOU WANT TO CHANGE ##
################################################################################
[[sonarr]]
url = "http://localhost:8989"
api_key = "52869fe7bec4482dafb21c4053fe71e4"
## File system path where downloaded Sonarr items are located.
paths = ['/srv/pool/multimedia/downloads/torrent']
## Default protocols is torrent. Alternative: "torrent,usenet"
protocols = "torrent"
## How long to wait for a reply from the backend.
timeout = "10s"
## How long to wait after import before deleting the extracted items.
delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
[[radarr]]
url = "http://127.0.0.1:7878"
api_key = "a987ac45ca2c47bc88e762031ea33296"
## File system path where downloaded Radarr items are located.
paths = ['/srv/pool/multimedia/downloads/torrent']
## Default protocols is torrents. Alternative: "torrent,usenet"
protocols = "torrent"
## How long to wait for a reply from the backend.
timeout = "10s"
## How long to wait after import before deleting the extracted items.
delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
#[[lidarr]]
# url = "http://127.0.0.1:8686"
# api_key = "0123456789abcdef0123456789abcdef"
## File system path where downloaded Lidarr items are located.
# paths = ['/downloads']
## Default protocols is torrent. Alternative: "torrent,usenet"
# protocols = "torrent"
## How long to wait for a reply from the backend.
# timeout = "10s"
## How long to wait after import before deleting the extracted items.
# delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
#[[readarr]]
# url = "http://127.0.0.1:8787"
# api_key = "0123456789abcdef0123456789abc"
## File system path where downloaded Readarr items are located.
# paths = ['/downloads']
## Default protocols is torrent. Alternative: "torrent,usenet"
# protocols = "torrent"
## How long to wait for a reply from the backend.
# timeout = "10s"
## How long to wait after import before deleting the extracted items.
# delete_delay = "5m"
## If you use this app with NZB you may wish to delete archives after extraction.
## General recommendation is: do not enable this for torrent use.
## Setting this to true deletes the entire original download folder after import.
# delete_orig = false
## If you use Syncthing, setting this to true will make unpackerr wait for syncs to finish.
# syncthing = false
##################################################################################
### ### STOP HERE ### STOP HERE ### STOP HERE ### STOP HERE #### STOP HERE ### #
### Only using Starr apps? The things above. The below configs are OPTIONAL. ### #
##################################################################################
##-Folders-#######################################################################
## This application can also watch folders for things to extract. If you copy a ##
## subfolder into a watched folder (defined below) any extractable items in the ##
## folder will be decompressed. This has nothing to do with Starr applications. ##
##################################################################################
#[[folder]]
# path = '/some/folder/to/watch'
## Path to extract files to. The default (leaving this blank) is the same as `path` (above).
# extract_path = ""
## Delete extracted or original files this long after extraction.
## The default is 0. Set to 0 to disable all deletes. Uncomment it to enable deletes. Uses Go Duration.
# delete_after = "10m"
## Delete extracted files after successful extraction? true/false, no quotes. Honors delete_after.
# delete_files = false
## Delete original items after successful extraction? true/false, no quotes. Honors delete_after.
# delete_original = false
## Disable extraction log (unpackerred.txt) file creation? true/false, no quotes.
# disable_log = false
## Move extracted files into original folder? If false, files go into an _unpackerred folder.
# move_back = false
## Set this to true if you want this app to extract ISO files with .iso extension.
# extract_isos = false
################
### Webhooks ###
################
# Sends a webhook when an extraction queues, starts, finishes, and/or is deleted.
# Created to integrate with notifiarr.com.
# Also works natively with Discord.com, Telegram.org, and Slack.com webhooks.
# Can possibly be used with other services by providing a custom template_path.
###### Don't forget to uncomment [[webhook]] and url at a minimum !!!!
#[[webhook]]
# url = "https://notifiarr.com/api/v1/notification/unpackerr/api_key_from_notifiarr_com"
# name = "" # Set this to hide the URL in logs.
# silent = false # do not log success (less log spam)
# events = [0] # list of event ids to include, 0 == all.
## Advanced Optional Webhook Configuration
# nickname = "" # Used in Discord and Slack templates as bot name, in Telegram as chat_id.
# channel = "" # Also passed into templates. Used in Slack templates for destination channel.
# exclude = [] # list of apps to exclude, ie. ["radarr", "lidarr"]
# template_path = "" # Override internal webhook template for discord.com or other hooks.
# template = "" # Override automatic template detection. Values: notifiarr, discord, telegram, gotify, pushover, slack
# ignore_ssl = false # Set this to true to ignore the SSL certificate on the server.
# timeout = "10s" # You can adjust how long to wait for a server response.
# content_type = "application/json" # If your custom template uses another MIME type, set this.
#####################
### Command Hooks ###
#####################
# Executes a script or command when an extraction queues, starts, finishes, and/or is deleted.
# All data is passed in as environment variables. Try /usr/bin/env to see what variables are available.
###### Don't forget to uncomment [[cmdhook]] and url at a minimum !!!!
#[[cmdhook]]
# command = '/my/cool/app' # Path to command or script.
# shell = false # Runs the command inside /bin/sh ('nix) or cmd.exe (Windows).
# name = "" # Provide an optional name for logging.
# silent = false # Hides command output from logs.
# events = [0] # list of event ids to include, 0 == all.
## Optional Command Hook Configuration
# exclude = [] # list of apps to exclude, ie. ["radarr", "lidarr"]
# timeout = "10s" # You can adjust how long to wait for a server response.

3
environments/gnome.nix
View File

@ -4,6 +4,7 @@
... ...
}: }:
{ {
qt.enable = true;
services = { services = {
gvfs.enable = true; gvfs.enable = true;
libinput.enable = true; libinput.enable = true;
@ -32,7 +33,6 @@
totem totem
; ;
}; };
qt.enable = true;
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs.gnomeExtensions) inherit (pkgs.gnomeExtensions)
tactile # window manager tactile # window manager
@ -40,6 +40,7 @@
gamemode-shell-extension # I guess I'm a gamer now? gamemode-shell-extension # I guess I'm a gamer now?
burn-my-windows # special effects for when closing windows burn-my-windows # special effects for when closing windows
pano # clipboard manager pano # clipboard manager
pop-shell
; ;
}; };
} }

154
environments/hyprland.nix
View File

@ -1,13 +1,12 @@
{ {
pkgs, pkgs,
config,
... ...
}: }:
let let
startupScript = pkgs.pkgs.writeShellScriptBin "start" '' mod = "SUPER";
${pkgs.waybar}/bin/waybar & waybarConfig = import ./waybar-config.nix { inherit pkgs config; };
${pkgs.swww}/bin/swww init & waybarStyle = import ./waybar-style.nix { inherit config; };
sleep 1
'';
in in
{ {
programs.hyprland.enable = true; programs.hyprland.enable = true;
@ -18,90 +17,119 @@ in
user = "greeter"; user = "greeter";
}; };
}; };
xdg.portal = {
enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-hyprland
# pkgs.xdg-desktop-portal-gtk
];
};
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
# Wayland utilities # Wayland utilities
wl-clipboard wl-clipboard-rs
wf-recorder wf-recorder
grim grimblast # screenshots
slurp mako # notification daemon
wofi # Application launcher
mako # Notification daemon
libnotify # dependency of mako libnotify # dependency of mako
swaylock-effects # Screen locker swaylock-effects # screen locker
# nautilus # File manager yazi # file manager
imv # images
playerctl # media player control
; ;
}; };
home-manager.users.jawz = { home-manager.users.jawz = {
programs.kitty.enable = true; programs = {
wofi = {
enable = true;
settings = {
allow_images = true;
allow_markup = true;
insensitive = true;
width = "30%";
};
};
waybar = waybarConfig.programs.waybar // {
style = waybarStyle;
};
};
wayland.windowManager.hyprland = { wayland.windowManager.hyprland = {
enable = true; enable = true;
settings = { settings = {
"$mainMod" = "SUPER";
exec-once = "${startupScript}/bin/start";
general = { general = {
gaps_in = 5; gaps_in = 5;
gaps_out = 10; gaps_out = 10;
border_size = 2; border_size = 3;
layout = "dwindle"; layout = "dwindle";
}; };
misc = {
disable_hyprland_logo = true;
disable_splash_rendering = true;
force_default_wallpaper = 0;
};
dwindle = { dwindle = {
pseudotile = true; pseudotile = true;
preserve_split = true; preserve_split = true;
force_split = 2; force_split = 2;
}; };
bind = [ bind = [
"$mainMod, return, exec, kitty" "${mod}, return, exec, ghostty"
"$mainMod, Q, killactive," "${mod}, Q, killactive,"
"$mainMod SHIFT, F, togglefloating," "${mod} SHIFT, F, togglefloating,"
"$mainMod, F, fullscreen," "${mod}, F, fullscreen,"
"$mainMod, T, pin," "${mod}, T, pin,"
"$mainMod, G, togglegroup," "${mod}, G, togglegroup,"
"$mainMod, bracketleft, changegroupactive, b" "${mod}, bracketleft, changegroupactive, b"
"$mainMod, bracketright, changegroupactive, f" "${mod}, bracketright, changegroupactive, f"
"$mainMod, S, exec, wofi --show drun icons" "${mod}, S, exec, wofi --show drun icons"
"$mainMod, P, pin, active" "${mod}, P, pin, active"
"${mod}, left, movefocus, l"
",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+" "${mod}, right, movefocus, r"
",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-" "${mod}, up, movefocus, u"
"${mod}, down, movefocus, d"
"$mainMod, left, movefocus, l" "${mod}, h, movefocus, l"
"$mainMod, right, movefocus, r" "${mod}, l, movefocus, r"
"$mainMod, up, movefocus, u" "${mod}, k, movefocus, u"
"$mainMod, down, movefocus, d" "${mod}, j, movefocus, d"
"${mod} SHIFT, left, movewindow, l"
"$mainMod, h, movefocus, l" "${mod} SHIFT, right, movewindow, r"
"$mainMod, l, movefocus, r" "${mod} SHIFT, up, movewindow, u"
"$mainMod, k, movefocus, u" "${mod} SHIFT, down, movewindow, d"
"$mainMod, j, movefocus, d" "${mod} SHIFT, h, movewindow, l"
"${mod} SHIFT, l, movewindow, r"
"$mainMod SHIFT, h, movewindow, l" "${mod} SHIFT, k, movewindow, u"
"$mainMod SHIFT, l, movewindow, r" "${mod} SHIFT, j, movewindow, d"
"$mainMod SHIFT, k, movewindow, u" "${mod}, 1, workspace, 1"
"$mainMod SHIFT, j, movewindow, d" "${mod}, 2, workspace, 2"
"${mod}, 3, workspace, 3"
"${mod}, 4, workspace, 4"
"${mod}, 5, workspace, 5"
"${mod}, 6, workspace, 6"
"${mod}, 7, workspace, 7"
"${mod}, 8, workspace, 8"
"${mod}, 9, workspace, 9"
"${mod}, 0, workspace, 10"
"${mod} SHIFT, 1, movetoworkspace, 1"
"${mod} SHIFT, 2, movetoworkspace, 2"
"${mod} SHIFT, 3, movetoworkspace, 3"
"${mod} SHIFT, 4, movetoworkspace, 4"
"${mod} SHIFT, 5, movetoworkspace, 5"
"${mod} SHIFT, 6, movetoworkspace, 6"
"${mod} SHIFT, 7, movetoworkspace, 7"
"${mod} SHIFT, 8, movetoworkspace, 8"
"${mod} SHIFT, 9, movetoworkspace, 9"
"${mod} SHIFT, 0, movetoworkspace, 10"
"${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
"${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
]; ];
binde = [ binde = [
"$mainMod SHIFT, h, moveactive, -20 0" "${mod} SHIFT, h, moveactive, -20 0"
"$mainMod SHIFT, l, moveactive, 20 0" "${mod} SHIFT, l, moveactive, 20 0"
"$mainMod SHIFT, k, moveactive, 0 -20" "${mod} SHIFT, k, moveactive, 0 -20"
"$mainMod SHIFT, j, moveactive, 0 20" "${mod} SHIFT, j, moveactive, 0 20"
"${mod} CTRL, l, resizeactive, 30 0"
"$mainMod CTRL, l, resizeactive, 30 0" "${mod} CTRL, h, resizeactive, -30 0"
"$mainMod CTRL, h, resizeactive, -30 0" "${mod} CTRL, k, resizeactive, 0 -10"
"$mainMod CTRL, k, resizeactive, 0 -10" "${mod} CTRL, j, resizeactive, 0 10"
"$mainMod CTRL, j, resizeactive, 0 10" ",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-"
]; ];
bindm = [ bindm = [
"$mainMod, mouse:272, movewindow" "${mod}, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow" "${mod}, mouse:273, resizewindow"
]; ];
}; };
}; };

113
environments/waybar-config.nix Normal file
View File

@ -0,0 +1,113 @@
_: {
programs.waybar = {
enable = true;
systemd.enable = true;
settings.main-bar = {
layer = "top";
height = 18;
tray.spacing = 5;
clock = {
format = "{:%a %b %d %I:%M %p}";
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
};
modules-left = [
"hyprland/workspaces"
"custom/separator"
"temperature#cpu"
"custom/gpu-temp"
];
modules-center = [
"clock"
];
modules-right = [
"tray"
"mpris"
"wireplumber"
"wireplumber#microphone"
];
"hyprland/workspaces" = {
format = "{icon}";
active-only = true;
on-scroll-up = "hyprctl dispatch workspace e-1";
on-scroll-down = "hyprctl dispatch workspace e+1";
persistent-workspaces."*" = 10; # Show 5 workspaces on all monitors
};
"custom/separator" = {
format = "|";
tooltip = false;
};
cava = {
bars = 14;
method = "pulse";
framerate = 20;
bar_delimiter = 0;
stereo = false;
format-icons.default = [
""
""
""
""
""
""
""
""
];
};
"temperature#cpu" = {
interval = 2;
format = " {temperatureC}°C";
critical-threshold = 80;
hwmon-path = "/sys/class/hwmon/hwmon1/temp1_input";
tooltip-format = "CPU: {temperatureC}°C";
};
"custom/gpu-temp" = {
exec = "nvidia-smi --query-gpu=temperature.gpu --format=csv,noheader,nounits";
format = "󰢮 {}°C";
interval = 2;
tooltip-format = "GPU: {}°C";
};
mpris = {
interval = 2;
format = "{player_icon} {dynamic}";
format-paused = "{status_icon} {dynamic}";
dynamic-len = 40;
on-click = "playerctl play-pause";
on-scroll-up = "playerctl next";
on-scroll-down = "playerctl previous";
dynamic-order = [
"title"
"artist"
];
player-icons = {
default = "🎵";
firefox = "🦊";
librewolf = "🦊";
};
status-icons = {
paused = "";
playing = "";
};
};
wireplumber = {
format = "{icon} {volume}%";
format-muted = "󰝟 muted";
scroll-step = 5;
on-click = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
format-icons.default = [
"󰕿"
"󰖀"
"󰕾"
];
};
"wireplumber#microphone" = {
format = "{format_source}";
format-source = " {volume}%";
format-source-muted = "";
on-click = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
on-scroll-up = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%+";
on-scroll-down = "wpctl set-volume @DEFAULT_AUDIO_SOURCE@ 5%-";
tooltip-format = "{source_desc}";
};
};
};
}

41
environments/waybar-style.nix Normal file
View File

@ -0,0 +1,41 @@
{
config,
...
}:
let
inherit (config.lib.stylix) colors;
in
''
* {
border: none;
font-family: "${config.stylix.fonts.monospace.name}";
font-size: ${toString config.stylix.fonts.sizes.desktop}pt;
color: #${colors.base04};
}
window#waybar {
background: #${colors.base00};
min-height: 18px;
}
.module {
background: #${colors.base00};
margin: 0px 3px 0px 3px;
padding: 4px 6px 4px 6px;
}
#workspaces button {
padding: 2px 8px;
margin: 2px;
border-radius: 8px;
background: transparent;
color: #${colors.base03};
border: none;
min-width: 20px;
}
#workspaces button.active {
background: #${colors.base02};
color: #${colors.base05};
}
#workspaces button:hover {
background: #${colors.base01};
color: #${colors.base04};
}
''

220
flake.lock generated
View File

@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755946532, "lastModified": 1760101617,
"narHash": "sha256-POePremlUY5GyA1zfbtic6XLxDaQcqHN6l+bIxdT5gc=", "narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "81584dae2df6ac79f6b6dae0ecb7705e95129ada", "rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -54,16 +54,17 @@
"base16-fish": { "base16-fish": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1754405784,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
} }
}, },
@ -125,27 +126,28 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1759221805, "lastModified": 1757147654,
"narHash": "sha256-gKne7A7DWffiqdfUPdX4TK1/a4FU942LM7e6E8ORsTY=", "narHash": "sha256-mGoonbnnd38MZS/H80/vbXCHCxl6KlFup/XKK+zcAuY=",
"owner": "marienz", "owner": "marienz",
"repo": "nix-doom-emacs-unstraightened", "repo": "nix-doom-emacs-unstraightened",
"rev": "5697968fa38469d12012706d9322211de10309c9", "rev": "ad01165af00765af07989b6ad14115960ac675f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "marienz", "owner": "marienz",
"repo": "nix-doom-emacs-unstraightened", "repo": "nix-doom-emacs-unstraightened",
"rev": "ad01165af00765af07989b6ad14115960ac675f8",
"type": "github" "type": "github"
} }
}, },
"doomemacs": { "doomemacs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1759180402, "lastModified": 1757106921,
"narHash": "sha256-Y67ooUjDMWjPk+/IjMRnhe+OPn19Q0wF73prtExwyiI=", "narHash": "sha256-vHwgENjip2+AFzs4oZfnKEAJKwf5Zid7fakImvxxQUw=",
"owner": "doomemacs", "owner": "doomemacs",
"repo": "doomemacs", "repo": "doomemacs",
"rev": "5e7e93beb9f2b5a81768aaf4950203ceea21c4f6", "rev": "8f55404781edacf66fa330205533b002de3fb5ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,11 +166,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759221279, "lastModified": 1757124175,
"narHash": "sha256-7EAByrl70kQ2gV0opDiNhySsk9KcJiRpnnL+BEaNOhc=", "narHash": "sha256-drA0+kWXGrTgvhlsCiEE7VJ+vFsPi74p32n/7L5L5aU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "emacs-overlay", "repo": "emacs-overlay",
"rev": "6bbda1ce5dc002b22c95323b01d40518e843a00d", "rev": "802b82be7856f6350d5e9ccb536fb4e20cb82069",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -214,11 +216,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1756770412, "lastModified": 1760948891,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751", "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -231,6 +233,24 @@
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": {
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": { "locked": {
"lastModified": 1712014858, "lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
@ -244,7 +264,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts_3": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@ -265,7 +285,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_5": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
@ -313,11 +333,11 @@
"rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f", "rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f",
"revCount": 2, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git" "url": "https://git.lebubu.org/jawz/fonts.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git" "url": "https://git.lebubu.org/jawz/fonts.git"
} }
}, },
"fromYaml": { "fromYaml": {
@ -441,11 +461,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758192433, "lastModified": 1760445448,
"narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=", "narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7", "rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -472,11 +492,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1759169434, "lastModified": 1761869718,
"narHash": "sha256-1u6kq88ICeE9IiJPditYa248ZoEqo00kz6iUR+jLvBQ=", "narHash": "sha256-jLfwwlPGpnGRAtVDyoGj9FgH2D9hWwyEu0yHkflG2EI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "38c1e72c9d81fcdad8f173e06102a5da18836230", "rev": "8e9add2afda58d233a75e4c5ce8503b24fa59ceb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -497,11 +517,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749046714, "lastModified": 1759610243,
"narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -565,11 +585,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757694755, "lastModified": 1759080228,
"narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=", "narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-qtutils", "repo": "hyprland-qtutils",
"rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c", "rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -594,11 +614,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756810301, "lastModified": 1758927902,
"narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=", "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931", "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -619,11 +639,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756117388, "lastModified": 1759619523,
"narHash": "sha256-oRDel6pNl/T2tI+nc/USU9ZP9w08dxtl7hiZxa0C/Wc=", "narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "b2ae3204845f5f2f79b4703b441252d8ad2ecfd0", "rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -665,32 +685,32 @@
"sudoku-solver": "sudoku-solver" "sudoku-solver": "sudoku-solver"
}, },
"locked": { "locked": {
"lastModified": 1759213850, "lastModified": 1761720517,
"narHash": "sha256-KnFUzXjSOtSG9U4U4OJonCTZaMWqJjXvHL1PQW994A4=", "narHash": "sha256-YWKeZsstuJMEOlC31pyveuLT9525YW+wzTAMHDawgZ0=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "38959dc37b09d1cb037df02086e4d07b9ef30b80", "rev": "07daae7770da1201de6825de9b65eab0fcd81ca8",
"revCount": 105, "revCount": 116,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git" "url": "https://git.lebubu.org/jawz/scripts.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git" "url": "https://git.lebubu.org/jawz/scripts.git"
} }
}, },
"nix-gaming": { "nix-gaming": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759110900, "lastModified": 1761962248,
"narHash": "sha256-fcu/r0ijvaYT2VHGkZGr0wq9uBMNFkiftVBy43/2oig=", "narHash": "sha256-tJROzIa21Ser5k12Hvd1W2M5ZQ4DiqROE3+c54zBbLk=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "2ac6a49266e9159ccb001b4c8cb1f50f67d502ae", "rev": "537f1d446238a6bb490e1765d39938166f1fb446",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -767,6 +787,21 @@
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1711703276, "lastModified": 1711703276,
@ -786,11 +821,11 @@
}, },
"nixpkgs-small": { "nixpkgs-small": {
"locked": { "locked": {
"lastModified": 1759250113, "lastModified": 1761999846,
"narHash": "sha256-apF3ww4pPkxHI5c424Z6VYdImge1iZSP6TOH45lIqxU=", "narHash": "sha256-IYlYnp4O4dzEpL77BD/lj5NnJy2J8qbHkNSFiPBCbqo=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f579c51fd27e9f66c8236b26a47ed78b315f785d", "rev": "3de8f8d73e35724bf9abef41f1bdbedda1e14a31",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -802,11 +837,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1759036355, "lastModified": 1761907660,
"narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "narHash": "sha256-kJ8lIZsiPOmbkJypG+B5sReDXSD1KGu2VEPNqhRa/ew=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "rev": "2fb006b87f04c4d3bdf08cfdbc7fab9c13d94a15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -818,11 +853,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1759143472, "lastModified": 1761597516,
"narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -834,7 +869,7 @@
}, },
"nixtendo-switch": { "nixtendo-switch": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@ -855,17 +890,17 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759260470, "lastModified": 1762014848,
"narHash": "sha256-7KFWm6l+qJl+b1XAx9D8isjCb2kluJEGzquZxmJPEL4=", "narHash": "sha256-QQVea2dTUs+rOUju0ySleLtZcO/m+3Rw2c2mRasFIhc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "2b8508603232941676978619d6d4b34fc9e0b486", "rev": "c76c2f11f638c4333bfe750c2867aa0d646229e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -910,11 +945,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758108966, "lastModified": 1760663237,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -923,9 +958,26 @@
"type": "github" "type": "github"
} }
}, },
"qbit_manage": {
"flake": false,
"locked": {
"lastModified": 1758160887,
"narHash": "sha256-cTxM3nHQQto7lpoNjShYcCbJCSYiwS9bKqw0DWAjw6A=",
"owner": "StuffAnThings",
"repo": "qbit_manage",
"rev": "21812368bc5366f3388dfb21769fee1da48083c5",
"type": "github"
},
"original": {
"owner": "StuffAnThings",
"repo": "qbit_manage",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"doom-emacs": "doom-emacs", "doom-emacs": "doom-emacs",
"flake-parts": "flake-parts",
"fonts": "fonts", "fonts": "fonts",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
@ -937,6 +989,7 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixtendo-switch": "nixtendo-switch", "nixtendo-switch": "nixtendo-switch",
"nur": "nur", "nur": "nur",
"qbit_manage": "qbit_manage",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "stylix": "stylix",
"ucodenix": "ucodenix", "ucodenix": "ucodenix",
@ -950,11 +1003,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759188042, "lastModified": 1760998189,
"narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -970,7 +1023,7 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_5",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -984,11 +1037,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1759050585, "lastModified": 1761668239,
"narHash": "sha256-Mj99rGy+K9jaQ85U2YWydZ9OKCIAdkxClrJlfG04GxU=", "narHash": "sha256-b0+7/5hBUsLjd/gMY9/LSEsvuWFFolHdpUAOlG73zmw=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "3f71498ed14405aea347b9f5b7f56d97e64e904c", "rev": "a149a557dc306e76d53e7dd488826e61ef9c6289",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1193,23 +1246,24 @@
"original": { "original": {
"owner": "e-tho", "owner": "e-tho",
"repo": "ucodenix", "repo": "ucodenix",
"rev": "ba7f0a366460e0fbea9622fc770cb982be0e4720",
"type": "github" "type": "github"
} }
}, },
"wallpapers": { "wallpapers": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1759117171, "lastModified": 1759463031,
"narHash": "sha256-Oyp4MKcld+tlZISm2HvuRErgHUb2mztpOH6v3g8B9uA=", "narHash": "sha256-9goyp+g9N4+9PA9V2QerTsxlVy9MA4LXufJaruj2MMs=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "0bc27e282a4c13d43139c4794e80a5951e4787b8", "rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d",
"revCount": 1, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git" "url": "https://git.lebubu.org/jawz/wallpapers.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git" "url": "https://git.lebubu.org/jawz/wallpapers.git"
} }
}, },
"xdph": { "xdph": {
@ -1240,11 +1294,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755354946, "lastModified": 1760713634,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", "narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", "rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
"type": "github" "type": "github"
}, },
"original": { "original": {

104
flake.nix
View File

@ -1,26 +1,19 @@
{ {
description = "JawZ NixOS flake setup"; description = "JawZ NixOS flake setup";
inputs = { inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05"; nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small"; nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
ucodenix.url = "github:e-tho/ucodenix"; ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
doom-emacs = { doom-emacs = {
url = "github:marienz/nix-doom-emacs-unstraightened"; url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
inputs.nixpkgs.follows = ""; inputs.nixpkgs.follows = "";
}; };
jawz-scripts = { jawz-scripts = {
url = "git+https://git.servidos.lat/jawz/scripts.git"; url = "git+https://git.lebubu.org/jawz/scripts.git";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
wallpapers = {
url = "git+https://git.servidos.lat/jawz/wallpapers.git";
flake = false;
};
fonts = {
url = "git+https://git.servidos.lat/jawz/fonts.git";
flake = false;
};
nur = { nur = {
url = "github:nix-community/nur"; url = "github:nix-community/nur";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -53,78 +46,27 @@
url = "github:nix-community/nixos-generators"; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
wallpapers = {
url = "git+https://git.lebubu.org/jawz/wallpapers.git";
flake = false;
};
fonts = {
url = "git+https://git.lebubu.org/jawz/fonts.git";
flake = false;
};
qbit_manage = {
url = "github:StuffAnThings/qbit_manage";
flake = false;
};
}; };
outputs = outputs =
{ self, jawz-scripts, ... }@inputs: inputs:
let inputs.flake-parts.lib.mkFlake { inherit inputs; } {
inherit (self) outputs; imports = [
system = "x86_64-linux"; ./parts/core.nix
mkpkgs = ./parts/hosts.nix
repo: ./parts/packages.nix
import repo { ./parts/devshells.nix
inherit system;
config.allowUnfree = true;
};
langList = builtins.filter (name: name != "emacs") (
builtins.map (file: builtins.replaceStrings [ ".nix" ] [ "" ] (baseNameOf file)) (
builtins.attrNames (builtins.readDir ./modules/dev)
)
);
commonModules = name: [
{
nixpkgs.overlays = [
(import ./config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
]; ];
}
{
nix.registry = {
jawz.flake = self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
./hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules name;
};
in
{
nixosConfigurations = {
workstation = createConfig "workstation" inputs.nixpkgs;
miniserver = createConfig "miniserver" inputs.nixpkgs-small;
server = createConfig "server" inputs.nixpkgs-small;
galaxy = createConfig "galaxy" inputs.nixpkgs-small;
emacs = createConfig "emacs" inputs.nixpkgs;
};
packages.${system} = (jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules "emacs";
format = "vm";
};
};
devShells.${system} = builtins.listToAttrs (
map (name: {
inherit name;
value = self.nixosConfigurations.emacs.config.devShells.${name};
}) langList
);
}; };
} }

10
hosts/miniserver/configuration.nix
View File

@ -1,17 +1,17 @@
{ config, ... }: { config, inputs, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3; nix.cores = 3;
nix.maxJobs = 8; nix.maxJobs = 8;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
]; ];
}; };
nix.buildMachines = nix.buildMachines =

14
hosts/miniserver/toggles.nix
View File

@ -1,16 +1,6 @@
{ inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
emacs.enable = true; emacs.enable = true;

9
hosts/server/configuration.nix
View File

@ -2,6 +2,7 @@
pkgs, pkgs,
config, config,
lib, lib,
inputs,
... ...
}: }:
{ {
@ -10,12 +11,12 @@
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix { inherit config; } // { my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6; nix.cores = 6;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
network.firewall.enabledServicePorts = true; network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [ network.firewall.additionalPorts = [

18
hosts/server/toggles.nix
View File

@ -1,17 +1,7 @@
{ config }: { config, inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled enableList;
inherit name; mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
value.enable = true;
};
mkEnabledIp = name: {
inherit name;
value = {
enable = true;
ip = config.my.ips.wg-server;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
mainServer = "server"; mainServer = "server";
@ -27,6 +17,7 @@ in
services = enableList mkEnabled [ services = enableList mkEnabled [
"network" "network"
"nvidia" "nvidia"
"syncthing"
]; ];
dev = enableList mkEnabled [ dev = enableList mkEnabled [
"nix" "nix"
@ -64,6 +55,7 @@ in
"unpackerr" "unpackerr"
"postgres" "postgres"
"paperless" "paperless"
"stash"
"bazarr" "bazarr"
"collabora" "collabora"
"homepage" "homepage"

102
hosts/workstation/configuration.nix
View File

@ -1,7 +1,7 @@
{ {
lib,
pkgs, pkgs,
config, config,
inputs,
... ...
}: }:
let let
@ -21,21 +21,21 @@ in
./hardware-configuration.nix ./hardware-configuration.nix
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
../../environments/gnome.nix
]; ];
my = import ./toggles.nix // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8; nix.cores = 8;
nix.maxJobs = 8; nix.maxJobs = 8;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
}; };
home-manager.users.jawz = { home-manager.users.jawz.programs = {
programs = {
vscode = { vscode = {
enable = true; enable = true;
package = pkgs.vscode; package = pkgs.code-cursor;
}; };
ghostty = { ghostty = {
enable = true; enable = true;
@ -44,40 +44,22 @@ in
enableZshIntegration = shellType == "zsh"; enableZshIntegration = shellType == "zsh";
installBatSyntax = true; installBatSyntax = true;
installVimSyntax = true; installVimSyntax = true;
}; settings.term = "xterm-256color";
};
};
specialisation = {
gnome.configuration = {
imports = [ ../../environments/gnome.nix ];
services.flatpak.enable = true;
};
hyprland.configuration = {
imports = [ ../../environments/hyprland.nix ];
services.flatpak.enable = true;
}; };
}; };
networking = { networking = {
hostName = "workstation"; hostName = "workstation";
firewall = firewall = {
let allowedTCPPorts = [
kdeconnectPortRange = { 6674 # ns-usbloader
8384 # syncthing
];
allowedTCPPortRanges = [
{
from = 1714; from = 1714;
to = 1764; to = 1764;
}; }
ns-usbloaderPort = 6674;
syncthingPort = 8384;
openPorts = [
ns-usbloaderPort
syncthingPort
]; ];
openPortRanges = [ kdeconnectPortRange ];
in
{
allowedTCPPorts = openPorts;
allowedUDPPorts = openPorts;
allowedTCPPortRanges = openPortRanges;
allowedUDPPortRanges = openPortRanges;
}; };
}; };
users.users.jawz.packages = [ users.users.jawz.packages = [
@ -105,7 +87,6 @@ in
bign-handheld-thumbnailer bign-handheld-thumbnailer
gnome-epub-thumbnailer gnome-epub-thumbnailer
podman-compose podman-compose
code-cursor
scrcpy scrcpy
; ;
inherit (pkgs.libheif) out; inherit (pkgs.libheif) out;
@ -143,7 +124,8 @@ in
../../secrets/ssh/root-private-ca.pem ../../secrets/ssh/root-private-ca.pem
]; ];
services = { services = {
flatpak.enable = lib.mkDefault false; minio.enable = true;
flatpak.enable = true;
open-webui.enable = true; open-webui.enable = true;
scx = { scx = {
enable = true; enable = true;
@ -162,12 +144,48 @@ in
acceleration = "cuda"; acceleration = "cuda";
models = "/srv/ai/ollama"; models = "/srv/ai/ollama";
}; };
sunshine = { postgresql = {
enable = true; enable = true;
autoStart = true; package = pkgs.postgresql_17;
capSysAdmin = true; enableTCPIP = true;
openFirewall = true; authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ${config.my.localhost}/32 trust
host all all ::1/128 trust
'';
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
}; };
tailscale.enable = true; };
programs.virt-manager.enable = true;
users.groups.libvirtd.members = [ "jawz" ];
virtualisation.libvirtd.enable = true;
systemd.services.minio-init = {
description = "Initialize MinIO buckets";
after = [ "minio.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
# Wait for MinIO to be ready
until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
echo "Waiting for MinIO..."
sleep 1
done
# Configure mc alias and create bucket
${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
${pkgs.minio-client}/bin/mc mb local/webref || true
${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
echo "MinIO initialized with webref bucket"
'';
}; };
} }

2
hosts/workstation/hardware-configuration.nix
View File

@ -34,7 +34,7 @@ in
boot = { boot = {
plymouth.enable = true; plymouth.enable = true;
consoleLogLevel = 0; consoleLogLevel = 0;
loader.timeout = 5; loader.timeout = 3;
kernelParams = [ kernelParams = [
"splash" "splash"
"boot.shell_on_fail" "boot.shell_on_fail"

10
hosts/workstation/toggles.nix
View File

@ -1,9 +1,6 @@
{ inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled enableList;
inherit name;
value.enable = true;
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
stylix.enable = true; stylix.enable = true;
@ -12,7 +9,6 @@ in
servers.drpp.enable = true; servers.drpp.enable = true;
apps = enableList mkEnabled [ apps = enableList mkEnabled [
"art" "art"
"piano"
"dictionaries" "dictionaries"
"fonts" "fonts"
"gaming" "gaming"
@ -25,7 +21,6 @@ in
dev = enableList mkEnabled [ dev = enableList mkEnabled [
"nix" "nix"
"python" "python"
"gameDev"
"sh" "sh"
]; ];
shell = enableList mkEnabled [ shell = enableList mkEnabled [
@ -38,6 +33,7 @@ in
"nvidia" "nvidia"
"printing" "printing"
"sound" "sound"
"syncthing"
]; ];
scripts = enableList mkEnabled [ scripts = enableList mkEnabled [
"tasks" "tasks"

1
modules/apps/art.nix
View File

@ -24,7 +24,6 @@ let
mypaint-brushes # but it's got some mypaint-brushes # but it's got some
mypaint-brushes1 # nice damn brushes mypaint-brushes1 # nice damn brushes
blender # cgi animation and sculpting blender # cgi animation and sculpting
drawpile # arty party with friends!!
pureref # create inspiration/reference boards pureref # create inspiration/reference boards
; ;
}; };

20
modules/apps/gaming.nix
View File

@ -5,6 +5,21 @@
pkgs, pkgs,
... ...
}: }:
let
retroarchWithCores = pkgs.retroarch.withCores (
cores:
builtins.attrValues {
inherit (cores)
mgba # gba
pcsx2 # ps2
dolphin # wii / gamecube
snes9x2010 # snes
desmume # nintendo ds
citra # 3ds
;
}
);
in
{ {
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ]; imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = { options.my.apps = {
@ -36,6 +51,7 @@
# }; # };
}; };
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit retroarchWithCores;
inherit (pkgs) inherit (pkgs)
shipwright # zelda OoT port shipwright # zelda OoT port
mangohud # fps & stats overlay mangohud # fps & stats overlay
@ -47,12 +63,8 @@
ns-usbloader # load games into my switch ns-usbloader # load games into my switch
# emulators # emulators
rpcs3 # ps3 rpcs3 # ps3
pcsx2 # ps2
cemu # wii u cemu # wii u
dolphin-emu # wii
snes9x-gtk # snes
ryubing # switch ryubing # switch
azahar # 3Ds
prismlauncher # minecraft launcher with jdk overlays prismlauncher # minecraft launcher with jdk overlays
; ;
}; };

1
modules/apps/internet.nix
View File

@ -40,7 +40,6 @@ in
inherit (pkgs) inherit (pkgs)
# thunderbird # email client # thunderbird # email client
warp # transfer files with based ppl warp # transfer files with based ppl
brave # crypto-browser that at least somewhat integrates with gtk
nextcloud-client # self-hosted google-drive alternative nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent client fragments # beautiful torrent client
tor-browser-bundle-bin # dark web, so dark! tor-browser-bundle-bin # dark web, so dark!

21
modules/apps/librewolf.nix
View File

@ -7,6 +7,24 @@
]; ];
policies.DisabledFirefoxAccounts = false; policies.DisabledFirefoxAccounts = false;
profiles.jawz = { profiles.jawz = {
containersForce = true;
containers = {
Private = {
id = 1;
icon = "chill";
color = "purple";
};
Work = {
id = 2;
icon = "briefcase";
color = "orange";
};
Banking = {
id = 3;
icon = "dollar";
color = "green";
};
};
id = 0; id = 0;
name = "jawz"; name = "jawz";
path = "jawz"; path = "jawz";
@ -74,6 +92,9 @@
"browser.safebrowsing.downloads.remote.block_uncommon" = false; "browser.safebrowsing.downloads.remote.block_uncommon" = false;
# Enable anti-cookie tracking + purge trackers # Enable anti-cookie tracking + purge trackers
"privacy.annotate_channels.strict_list.enabled" = true; "privacy.annotate_channels.strict_list.enabled" = true;
# Enable Multi-Account Containers
"privacy.userContext.enabled" = true;
"privacy.userContext.ui.enabled" = true;
}; };
}; };
} }

1
modules/apps/misc.nix
View File

@ -9,7 +9,6 @@
config = lib.mkIf config.my.apps.misc.enable { config = lib.mkIf config.my.apps.misc.enable {
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
collector # stores things and throws them anywhere
blanket # background noise blanket # background noise
metadata-cleaner # remove any metadata and geolocation from files metadata-cleaner # remove any metadata and geolocation from files
pika-backup # backups pika-backup # backups

2
modules/apps/multimedia.nix
View File

@ -10,11 +10,9 @@
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
recordbox # libadwaita music player recordbox # libadwaita music player
pitivi # video editor
celluloid # video player celluloid # video player
curtail # image compressor curtail # image compressor
easyeffects # equalizer easyeffects # equalizer
handbrake # video converter, may be unnecessary
identity # compare images or videos identity # compare images or videos
mousai # poor man shazam mousai # poor man shazam
shortwave # listen to world radio shortwave # listen to world radio

5
modules/dev/emacs.nix
View File

@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@ -14,7 +15,9 @@
"doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org; "doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org;
}; };
services.lorri.enable = true; services.lorri.enable = true;
programs.${config.my.shell.type}.shellAliases = { programs.${config.my.shell.type}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
edit = "emacsclient -t"; edit = "emacsclient -t";
e = "edit"; e = "edit";
}; };

12
modules/dev/nix.nix
View File

@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@ -11,6 +12,7 @@ let
nixfmt-rfc-style # formatting nixfmt-rfc-style # formatting
cachix # binary cache management cachix # binary cache management
nixd # language server for Nix nixd # language server for Nix
deadnix # detext unused/uneeded dependencies
statix # linter for Nix expressions statix # linter for Nix expressions
; ;
}; };
@ -32,11 +34,13 @@ in
}; };
config = lib.mkIf config.my.dev.nix.enable { config = lib.mkIf config.my.dev.nix.enable {
users.users.jawz = { inherit packages; }; users.users.jawz = { inherit packages; };
home-manager.users.jawz.programs.${shellType}.shellAliases = { home-manager.users.jawz.programs.${shellType}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
nixformat = '' nixformat = ''
nix run unstable#deadnix -- -e && \ deadnix -e && \
nix run unstable#nixfmt-tree && \ nix run nixpkgs#nixfmt-tree && \
nix run unstable#statix fix statix fix
''; '';
}; };
}; };

54
modules/factories/mkserver.nix
View File

@ -53,58 +53,8 @@ let
default = null; default = null;
}; };
}; };
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == config.networking.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
in in
{ {
inherit inherit mkOptions;
mkOptions mkServerOptions = mkOptions;
proxy
proxyReverse
proxyReverseFix
proxyReversePrivate
;
} }

74
modules/modules.nix
View File

@ -1,23 +1,23 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
filterNames = file: file != "librewolf.nix"; filterNames = file: file != "librewolf.nix";
autoImport =
dir:
builtins.readDir ./${dir}
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterNames file)
|> map (file: ./${dir}/${file});
in in
{ {
imports = imports =
autoImport "apps" inputs.self.lib.autoImport ./apps filterNames
++ autoImport "dev" ++ inputs.self.lib.autoImport ./dev filterNames
++ autoImport "scripts" ++ inputs.self.lib.autoImport ./scripts filterNames
++ autoImport "servers" ++ inputs.self.lib.autoImport ./servers filterNames
++ autoImport "services" ++ inputs.self.lib.autoImport ./services filterNames
++ autoImport "shell" ++ inputs.self.lib.autoImport ./shell filterNames
++ autoImport "network" ++ inputs.self.lib.autoImport ./network filterNames
++ [ ++ [
./factories/mkscript.nix
./nix/build.nix ./nix/build.nix
./users/nixremote.nix ./users/nixremote.nix
]; ];
@ -39,7 +39,7 @@ in
}; };
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "servidos.lat"; default = "lebubu.org";
description = "The domain name."; description = "The domain name.";
}; };
ips = lib.mkOption { ips = lib.mkOption {
@ -49,7 +49,7 @@ in
server = "192.168.100.15"; server = "192.168.100.15";
miniserver = "192.168.1.100"; miniserver = "192.168.1.100";
workstation = "192.168.100.18"; workstation = "192.168.100.18";
vps = "51.222.141.104"; vps = "45.79.25.87";
wg-vps = "10.77.0.1"; wg-vps = "10.77.0.1";
wg-server = "10.77.0.2"; wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2"; wg-friend1 = "10.8.0.2";
@ -93,7 +93,7 @@ in
}; };
email = lib.mkOption { email = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "CaptainJawZ@protonmail.com"; default = "danilo.reyes.251@proton.me";
description = "localhost smtp email"; description = "localhost smtp email";
}; };
timeZone = lib.mkOption { timeZone = lib.mkOption {
@ -105,39 +105,45 @@ in
enableProxy = lib.mkEnableOption "nginx reverse proxy for services"; enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
}; };
config = { config = {
assertions = [ assertions =
# PostgreSQL dependency assertions
inputs.self.lib.mkPostgresDependencies config [
{ {
assertion = config.my.servers.nextcloud.enable -> config.my.servers.postgres.enable; service = "nextcloud";
message = "Nextcloud requires PostgreSQL to be enabled"; name = "Nextcloud";
} }
{ {
assertion = config.my.servers.vaultwarden.enable -> config.my.servers.postgres.enable; service = "vaultwarden";
message = "Vaultwarden requires PostgreSQL to be enabled"; name = "Vaultwarden";
} }
{ {
assertion = config.my.servers.firefly-iii.enable -> config.my.servers.postgres.enable; service = "firefly-iii";
message = "Firefly III requires PostgreSQL to be enabled"; name = "Firefly III";
} }
{ {
assertion = config.my.servers.mealie.enable -> config.my.servers.postgres.enable; service = "mealie";
message = "Mealie requires PostgreSQL to be enabled"; name = "Mealie";
} }
{ {
assertion = config.my.servers.shiori.enable -> config.my.servers.postgres.enable; service = "shiori";
message = "Shiori requires PostgreSQL to be enabled"; name = "Shiori";
} }
{ {
assertion = config.my.servers.ryot.enable -> config.my.servers.postgres.enable; service = "ryot";
message = "Ryot requires PostgreSQL to be enabled"; name = "Ryot";
} }
{ {
assertion = config.my.servers.synapse.enable -> config.my.servers.postgres.enable; service = "synapse";
message = "Matrix Synapse requires PostgreSQL to be enabled"; name = "Matrix Synapse";
} }
{ {
assertion = config.my.servers.gitea.enable -> config.my.servers.postgres.enable; service = "gitea";
message = "Gitea requires PostgreSQL to be enabled"; name = "Gitea";
} }
]
++
# Other assertions
[
{ {
assertion = assertion =
config.my.enableProxy config.my.enableProxy

43
modules/network/firewall.nix
View File

@ -1,17 +1,24 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
nativeServicesWithOpenFirewall = [ firewallBlacklist = [
"adguardhome" "sabnzbd"
"plex" "lidarr"
"nix-serve" "maloja"
"radarr" "tranga"
"sonarr" "flame"
"jellyfin" "flameSecret"
"prowlarr" "ryot"
"bazarr" "drpp"
"ombi" "metube"
"flaresolverr" "multi-scrobbler"
"plex-discord-bot"
]; ];
nativeServicesWithOpenFirewall = inputs.self.lib.getServicesWithNativeFirewall config firewallBlacklist;
servicesConfig = lib.listToAttrs ( servicesConfig = lib.listToAttrs (
map (serviceName: { map (serviceName: {
name = serviceName; name = serviceName;
@ -36,17 +43,7 @@ in
config = lib.mkIf config.my.network.firewall.enabledServicePorts { config = lib.mkIf config.my.network.firewall.enabledServicePorts {
services = servicesConfig; services = servicesConfig;
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts =
config.my.network.firewall.staticPorts inputs.self.lib.generateFirewallPorts config nativeServicesWithOpenFirewall lib
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv:
(srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServicesWithOpenFirewall)
)
|> lib.attrValues
|> map (srv: srv.port)
)
++ (lib.optionals config.services.nginx.enable [ ++ (lib.optionals config.services.nginx.enable [
config.services.nginx.defaultHTTPListenPort config.services.nginx.defaultHTTPListenPort
config.services.nginx.defaultSSLListenPort config.services.nginx.defaultSSLListenPort

15
modules/network/nginx.nix
View File

@ -1,6 +1,10 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
proxyReverseServices = [ proxyReverseServices = [
"firefox-syncserver" "firefox-syncserver"
"readeck" "readeck"
@ -26,6 +30,7 @@ let
"ombi" "ombi"
"radarr" "radarr"
"sonarr" "sonarr"
"stash"
"atticd" "atticd"
]; ];
proxyReversePrivateServices = [ proxyReversePrivateServices = [
@ -43,11 +48,11 @@ let
cfg = config.my.servers.${serviceName}; cfg = config.my.servers.${serviceName};
proxyFunc = proxyFunc =
if serviceConfig.type == "proxyReverse" then if serviceConfig.type == "proxyReverse" then
setup.proxyReverse inputs.self.lib.proxyReverse
else if serviceConfig.type == "proxyReverseFix" then else if serviceConfig.type == "proxyReverseFix" then
setup.proxyReverseFix inputs.self.lib.proxyReverseFix
else if serviceConfig.type == "proxyReversePrivate" then else if serviceConfig.type == "proxyReversePrivate" then
setup.proxyReversePrivate inputs.self.lib.proxyReversePrivate
else else
throw "Unknown proxy type: ${serviceConfig.type}"; throw "Unknown proxy type: ${serviceConfig.type}";
in in

24
modules/nix/gitea-actions-runners/nixos.nix
View File

@ -9,22 +9,40 @@ let
in in
{ {
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
users.groups.gitea-runner = { };
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
extraGroups = [
"docker"
"podman"
];
};
nix.settings = {
allowed-users = [ "gitea-runner" ];
trusted-users = [ "gitea-runner" ];
};
services.gitea-actions-runner.instances.nixos = { services.gitea-actions-runner.instances.nixos = {
inherit (cfg) url enable; inherit (cfg) url enable;
name = "${config.networking.hostName}-nixos"; name = "${config.networking.hostName}-nixos";
tokenFile = config.sops.secrets.gitea.path; tokenFile = config.sops.secrets.gitea.path;
labels = [ labels = [
"nix:host"
"nixos:host" "nixos:host"
]; ];
hostPackages = builtins.attrValues { hostPackages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
bash bash
curl
coreutils coreutils
gitMinimal gitMinimal
nix
attic-client attic-client
nodejs # Required for GitHub Actions podman
openssh # Required for SSH git operations podman-compose
nix
nodejs
openssh
python3
; ;
}; };
}; };

27
modules/scripts/download.nix
View File

@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
options.my.units = { options.my.units = {
download.enable = lib.mkEnableOption "media download automation scripts"; download.enable = lib.mkEnableOption "media download automation scripts";
downloadManga.enable = lib.mkEnableOption "manga download automation"; downloadManga.enable = lib.mkEnableOption "manga download automation";
@ -17,32 +16,26 @@
in in
{ {
home-manager.users.jawz.programs.${config.my.shell.type} = { home-manager.users.jawz.programs.${config.my.shell.type} = {
shellAliases = { shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
dl = "${download}/bin/download -u jawz -i"; dl = "${download}/bin/download -u jawz -i";
comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"''; comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"'';
gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"''; gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"'';
}; };
} }
// ( //
if config.my.shell.type == "bash" then inputs.self.lib.shellConditional config.my.shell.type
{ ''
initExtra = '' list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
''
''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt export LW=$list_root/watch.txt
export LI=$list_root/instant.txt export LI=$list_root/instant.txt
export LC=$list_root/comic.txt export LC=$list_root/comic.txt
''; '';
}
else
{
initContent = ''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
}
);
systemd.user = { systemd.user = {
services = services =
let let

1
modules/scripts/ffmpeg4discord.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpeg4discord = { config.my.scripts.ffmpeg4discord = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/ffmpreg.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpreg = { config.my.scripts.ffmpreg = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/find-dup-episode.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.find-dup-episodes = { config.my.scripts.find-dup-episodes = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/library-report.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.library-report = { config.my.scripts.library-report = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/manage-library.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.manage-library = { config.my.scripts.manage-library = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/pika-list.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.pika-list = { config.my.scripts.pika-list = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/run.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.run = { config.my.scripts.run = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/split-dir.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.split-dir = { config.my.scripts.split-dir = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/stream-dl.nix
View File

@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service"; options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
config = config =
let let

1
modules/scripts/tasks.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tasks = { config.my.scripts.tasks = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/tuh-activity-logger.nix
View File

@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tuh-activity-logger = { config.my.scripts.tuh-activity-logger = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/update-dns.nix
View File

@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
config = lib.mkIf config.my.secureHost { config = lib.mkIf config.my.secureHost {
sops.secrets = { sops.secrets = {
cloudflare-api.sopsFile = ../../secrets/env.yaml; cloudflare-api.sopsFile = ../../secrets/env.yaml;

1
modules/scripts/update-org-agenda-cache.nix
View File

@ -5,7 +5,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.update-org-agenda-cache = { config.my.scripts.update-org-agenda-cache = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = config.my.emacs.enable; install = config.my.emacs.enable;

18
modules/servers/atticd.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.atticd;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.atticd;
in in
{ {
options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343; options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
@ -13,6 +17,7 @@ in
settings = { settings = {
listen = "[::]:${toString cfg.port}"; listen = "[::]:${toString cfg.port}";
jwt = { }; jwt = { };
database.heartbeat = true; # 5 minutes
chunking = { chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB min-size = 16 * 1024; # 16 KiB
@ -21,7 +26,7 @@ in
}; };
compression = { compression = {
type = "zstd"; type = "zstd";
level = 8; level = 3;
}; };
garbage-collection = { garbage-collection = {
interval = "7 days"; interval = "7 days";
@ -29,5 +34,12 @@ in
}; };
}; };
}; };
systemd.services.atticd = {
serviceConfig = {
TimeoutStartSec = "15min";
TimeoutStopSec = "5min";
MemoryMax = "4G";
};
};
}; };
} }

8
modules/servers/audiobookshelf.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.audiobookshelf;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.audiobookshelf;
in in
{ {
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;

8
modules/servers/bazarr.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.bazarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.bazarr;
in in
{ {
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;

8
modules/servers/drpp.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.drpp;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.drpp;
in in
{ {
options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0; options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;

8
modules/servers/firefox-syncserver.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.firefox-syncserver;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.firefox-syncserver;
in in
{ {
options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;

6
modules/servers/flame.nix
View File

@ -1,4 +1,8 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.flame; cfg = config.my.servers.flame;
cfgS = config.my.servers.flameSecret; cfgS = config.my.servers.flameSecret;

3
modules/servers/gitea.nix
View File

@ -5,12 +5,11 @@
... ...
}: }:
let let
cfg = config.my.servers.gitea;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.gitea;
in in
{ {
imports = [ imports = [
../nix/gitea-actions-runners/ryujinx.nix
../nix/gitea-actions-runners/nixos.nix ../nix/gitea-actions-runners/nixos.nix
]; ];
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;

8
modules/servers/homepage.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.homepage;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.homepage;
in in
{ {
options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082; options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;

12
modules/servers/homepage/bookmarks/servers.nix
View File

@ -4,7 +4,7 @@
readeck = [ readeck = [
{ {
abbr = "RD"; abbr = "RD";
href = "https://laters.servidos.lat/"; href = "https://laters.lebubu.org/";
description = ""; description = "";
} }
]; ];
@ -13,7 +13,7 @@
maloja = [ maloja = [
{ {
abbr = "ML"; abbr = "ML";
href = "https://maloja.servidos.lat/"; href = "https://maloja.lebubu.org/";
description = ""; description = "";
} }
]; ];
@ -22,7 +22,7 @@
microbin = [ microbin = [
{ {
abbr = "CP"; abbr = "CP";
href = "https://copy.servidos.lat/"; href = "https://copy.lebubu.org/";
description = ""; description = "";
} }
]; ];
@ -31,7 +31,7 @@
multi-scrobbler = [ multi-scrobbler = [
{ {
abbr = "MS"; abbr = "MS";
href = "https://scrobble.servidos.lat/"; href = "https://scrobble.lebubu.org/";
description = ""; description = "";
} }
]; ];
@ -40,7 +40,7 @@
ryot = [ ryot = [
{ {
abbr = "RT"; abbr = "RT";
href = "https://tracker.servidos.lat/"; href = "https://tracker.lebubu.org/";
description = ""; description = "";
} }
]; ];
@ -49,7 +49,7 @@
vaultwarden = [ vaultwarden = [
{ {
abbr = "VW"; abbr = "VW";
href = "https://vault.servidos.lat"; href = "https://vault.lebubu.org";
description = ""; description = "";
} }
]; ];

2
modules/servers/jellyfin.nix
View File

@ -8,6 +8,7 @@
let let
cfg = config.my.servers.jellyfin; cfg = config.my.servers.jellyfin;
inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync; inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync;
setup = import ../factories/mkserver.nix { inherit lib config; };
sub-sync-path = [ sub-sync-path = [
pkgs.nix pkgs.nix
pkgs.bash pkgs.bash
@ -19,7 +20,6 @@ let
pkgs.gum pkgs.gum
sub-sync sub-sync
]; ];
setup = import ../factories/mkserver.nix { inherit lib config; };
in in
{ {
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;

8
modules/servers/kavita.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.kavita;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.kavita;
in in
{ {
options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port; options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;

8
modules/servers/lidarr.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.lidarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.lidarr;
in in
{ {
options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686; options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;

8
modules/servers/maloja.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.maloja;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.maloja;
in in
{ {
options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010; options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;

8
modules/servers/mealie.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.mealie;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.mealie;
in in
{ {
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925; options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;

8
modules/servers/metube.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.metube;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.metube;
in in
{ {
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881; options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;

8
modules/servers/microbin.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.microbin;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.microbin;
in in
{ {
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;

8
modules/servers/multi-scrobbler.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.multi-scrobbler;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.multi-scrobbler;
in in
{ {
options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078; options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;

43
modules/servers/nextcloud.nix
View File

@ -6,6 +6,7 @@
... ...
}: }:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
commonProxyConfig = '' commonProxyConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
''; '';
@ -28,10 +29,9 @@ let
}; };
} }
); );
pytensorflow = pkgs.python311.withPackages (ps: [ ps.tensorflow ]); pytensorflow = pkgs.python3.withPackages (ps: [ ps.tensorflow ]);
cfg = config.my.servers.nextcloud; cfg = config.my.servers.nextcloud;
cfgC = config.my.servers.collabora; cfgC = config.my.servers.collabora;
setup = import ../factories/mkserver.nix { inherit lib config; };
in in
{ {
options.my.servers = { options.my.servers = {
@ -175,6 +175,14 @@ in
]; ];
#vps #vps
serverAliases = [ "cloud.rotehaare.art" ]; serverAliases = [ "cloud.rotehaare.art" ];
extraConfig = ''
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
'';
locations = { locations = {
"/".proxyWebsockets = true; "/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" = "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
@ -187,6 +195,11 @@ in
http2 = true; http2 = true;
locations = { locations = {
# static files # static files
"^~ /browser" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Legacy static files (for compatibility)
"^~ /loleaflet" = { "^~ /loleaflet" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
@ -202,11 +215,21 @@ in
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
}; };
# download, presentation, image upload and websocket # download, presentation, image upload and websocket
"~ ^/cool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy websocket (for compatibility)
"~ ^/lool" = { "~ ^/lool" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
}; };
# Admin Console websocket # Admin Console websocket
"^~ /cool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy Admin Console websocket (for compatibility)
"^~ /lool/adminws" = { "^~ /lool/adminws" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
@ -231,23 +254,23 @@ in
}; };
collabora = lib.mkIf cfgC.enable { collabora = lib.mkIf cfgC.enable {
autoStart = true; autoStart = true;
image = "collabora/code"; image = "collabora/code:latest";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
ports = [ "9980:9980" ]; ports = [ "9980:9980" ];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
domain = cfg.host; domain = cfg.host;
aliasgroup1 = "${cfg.host}:443"; aliasgroup1 = "${cfg.url}:443";
aliasgroup2 = "cloud.rotehaare.art:443"; aliasgroup2 = "https://cloud.rotehaare.art:443";
server_name = cfgC.host;
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = '' extra_params = ''
--o:ssl.enable=false --o:ssl.enable=false
--o:ssl.termination=true --o:ssl.termination=true
--o:remote_font_config.url=${cfg.url}/apps/richdocuments/settings/fonts.json
--o:logging.level=information
''; '';
DONT_GEN_SSL_CERT = "1";
SLEEPFORDEBUGGER = "0";
}; };
extraOptions = [ extraOptions = [
"--cap-add" "--cap-add"

2
modules/servers/nix-serve.nix
View File

@ -5,8 +5,8 @@
... ...
}: }:
let let
cfg = config.my.servers.nix-serve;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.nix-serve;
in in
{ {
options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000; options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;

8
modules/servers/ombi.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.ombi;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ombi;
in in
{ {
options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;

8
modules/servers/plex-discord-bot.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.plex-discord-bot;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex-discord-bot;
name = "plex-discord-bot"; name = "plex-discord-bot";
in in
{ {

2
modules/servers/plex.nix
View File

@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.servers.plex;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex;
in in
{ {
options.my.servers.plex = setup.mkOptions "plex" "plex" 32400; options.my.servers.plex = setup.mkOptions "plex" "plex" 32400;

2
modules/servers/portfolio.nix
View File

@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.websites.portfolio;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.websites.portfolio;
in in
{ {
options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0; options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0;

2
modules/servers/prowlarr.nix
View File

@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.servers.prowlarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.prowlarr;
in in
{ {
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696; options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;

66
modules/servers/qbittorrent.nix
View File

@ -1,11 +1,12 @@
{ {
inputs,
lib, lib,
config, config,
pkgs, pkgs,
inputs,
... ...
}: }:
let let
inherit (inputs) qbit_manage;
pkgsU = import inputs.nixpkgs-unstable { pkgsU = import inputs.nixpkgs-unstable {
system = "x86_64-linux"; system = "x86_64-linux";
config.allowUnfree = true; config.allowUnfree = true;
@ -35,6 +36,10 @@ let
; ;
} }
); );
torrentCompletionScript = pkgs.writeShellScript "qbit-torrent-completion" ''
chown jawz:piracy -R "$1"
chmod -R 775 "$1"
'';
in in
{ {
options.my.servers = { options.my.servers = {
@ -49,14 +54,8 @@ in
}; };
}; };
config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) { config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
home-manager.users.jawz = { my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
xdg = { home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
dataFile.vuetorrent.source = vuetorrent;
configFile."unpackerr.conf" = lib.mkIf config.my.servers.unpackerr.enable {
source = ../../dotfiles/unpackerr.conf;
};
};
};
sops.secrets = sops.secrets =
let let
mkQbitSecret = file: mode: { mkQbitSecret = file: mode: {
@ -66,34 +65,37 @@ in
owner = config.users.users.jawz.name; owner = config.users.users.jawz.name;
path = "/home/jawz/.config/qBittorrent/ssl/${file}"; path = "/home/jawz/.config/qBittorrent/ssl/${file}";
}; };
mkUnpackerrSecret = {
sopsFile = ../../secrets/secrets.yaml;
owner = config.users.users.jawz.name;
};
in in
{ {
"certificates/qbit_cert" = mkQbitSecret "server.crt" "0644"; "certificates/qbit_cert" = mkQbitSecret "server.crt" "0644";
"certificates/qbit_key" = mkQbitSecret "server.key" "0600"; "certificates/qbit_key" = mkQbitSecret "server.key" "0600";
"unpackerr/sonarr-api" = mkUnpackerrSecret;
"unpackerr/radarr-api" = mkUnpackerrSecret;
}; };
systemd = { systemd = {
packages = [ pkgs.qbittorrent-nox ]; packages = [
services = { pkgs.qbittorrent-nox
"qbittorrent-nox@jawz" = { torrentCompletionScript
];
services."qbittorrent-nox@jawz" = {
enable = true; enable = true;
overrideStrategy = "asDropin"; overrideStrategy = "asDropin";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
};
user = { user = {
services = { services = {
qbit_manage = { qbit_manage = {
restartIfChanged = true; restartIfChanged = true;
description = "Tidy up my torrents"; description = "Tidy up my torrents";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
serviceConfig = serviceConfig = {
let
env = "/home/jawz/Development/Git/qbit_manage";
in
{
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 30; RestartSec = 30;
ExecStart = "${qbit_manageEnv}/bin/python ${env}/qbit_manage.py -r -c ${env}/config.yml"; ExecStart = "${qbit_manageEnv}/bin/python ${qbit_manage}/qbit_manage.py -r -c /home/jawz/.config/qbit_manage/config.yml";
}; };
}; };
unpackerr = lib.mkIf config.my.servers.unpackerr.enable { unpackerr = lib.mkIf config.my.servers.unpackerr.enable {
@ -101,12 +103,20 @@ in
restartIfChanged = true; restartIfChanged = true;
description = "Run unpackerr"; description = "Run unpackerr";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
environment = {
UN_FILE_MODE = "0664";
UN_DIR_MODE = "0775";
UN_SONARR_0_URL = config.my.servers.sonarr.local;
UN_SONARR_0_API_KEY = "filepath:${config.sops.secrets."unpackerr/sonarr-api".path}";
UN_SONARR_0_PATHS = "/srv/pool/multimedia/downloads/torrent";
UN_RADARR_0_URL = config.my.servers.radarr.local;
UN_RADARR_0_API_KEY = "filepath:${config.sops.secrets."unpackerr/radarr-api".path}";
UN_RADARR_0_PATHS = "/srv/pool/multimedia/downloads/torrent";
};
serviceConfig = { serviceConfig = {
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 30; RestartSec = 30;
ExecStart = '' ExecStart = "${pkgs.unpackerr}/bin/unpackerr";
${pkgs.unpackerr}/bin/unpackerr \
-c /home/jawz/.config/unpackerr.conf'';
}; };
}; };
}; };
@ -118,17 +128,5 @@ in
}; };
}; };
}; };
networking.firewall =
let
ports = [
51411
51412
51413
];
in
{
allowedTCPPorts = ports ++ [ config.my.servers.qbittorrent.port ];
allowedUDPPorts = ports;
};
}; };
} }

8
modules/servers/radarr.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.radarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.radarr;
in in
{ {
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;

8
modules/servers/readeck.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.readeck;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.readeck;
in in
{ {
options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546; options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546;

8
modules/servers/ryot.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.ryot;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ryot;
in in
{ {
options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765; options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;

1
modules/servers/sabnzbd.nix
View File

@ -12,6 +12,7 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
my.network.firewall.additionalPorts = [ cfg.port ];
services.sabnzbd = { services.sabnzbd = {
inherit (cfg) enable; inherit (cfg) enable;
group = "piracy"; group = "piracy";

8
modules/servers/shiori.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.shiori;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.shiori;
in in
{ {
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;

8
modules/servers/sonarr.nix
View File

@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.sonarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.sonarr;
in in
{ {
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;

71
modules/servers/stash.nix Normal file
View File

@ -0,0 +1,71 @@
{
lib,
config,
pkgs,
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.stash;
cfgS = config.services.stash;
stashPythonFHS = pkgs.buildFHSEnv {
name = "stash-python-fhs";
targetPkgs =
pkgs:
builtins.attrValues {
inherit (pkgs)
python3
gcc
glibc
;
inherit (pkgs.python3Packages)
pip
virtualenv
;
inherit (pkgs.stdenv.cc.cc) lib;
};
runScript = "bash";
};
in
{
options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
config = lib.mkIf (cfg.enable && config.my.secureHost) {
sops.secrets = {
"stash/password".sopsFile = ../../secrets/secrets.yaml;
"stash/jwt".sopsFile = ../../secrets/secrets.yaml;
"stash/session".sopsFile = ../../secrets/secrets.yaml;
};
services.stash = {
inherit (cfg) enable;
group = "piracy";
mutableSettings = true;
username = "Suing8150";
passwordFile = config.sops.secrets."stash/password".path;
jwtSecretKeyFile = config.sops.secrets."stash/jwt".path;
sessionStoreKeyFile = config.sops.secrets."stash/session".path;
settings = {
inherit (cfg) port;
host = "0.0.0.0";
stash = [
{
path = "/srv/pool/glue/";
}
];
};
};
systemd.services.stash = {
environment = {
PYTHONPATH = "/var/lib/stash/venv/lib/python3.12/site-packages";
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.glibc}/lib:${pkgs.zlib}/lib:${pkgs.libffi}/lib:${pkgs.openssl}/lib";
};
serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ ];
BindPaths = lib.mkIf (cfgS.settings != { }) (map (stash: "${stash.path}") cfgS.settings.stash);
};
};
users.users.stash = {
isSystemUser = true;
packages = [ stashPythonFHS ];
};
};
}

4
modules/servers/synapse.nix
View File

@ -5,10 +5,10 @@
... ...
}: }:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.synapse; cfg = config.my.servers.synapse;
cfgE = config.my.servers.element; cfgE = config.my.servers.element;
domain = "wedsgk5ac2qcaf9yb.click"; domain = "wedsgk5ac2qcaf9yb.click";
setup = import ../factories/mkserver.nix { inherit lib config; };
clientConfig."m.homeserver".base_url = cfg.url; clientConfig."m.homeserver".base_url = cfg.url;
serverConfig."m.server" = "${cfg.host}:443"; serverConfig."m.server" = "${cfg.host}:443";
mkWellKnown = data: '' mkWellKnown = data: ''
@ -58,7 +58,7 @@ in
]; ];
settings = { settings = {
server_name = cfg.domain; server_name = cfg.domain;
public_baseurl = cfg.url; public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
federation_domain_whitelist = [ ]; federation_domain_whitelist = [ ];
allow_public_rooms_without_auth = false; allow_public_rooms_without_auth = false;
allow_public_rooms_over_federation = false; allow_public_rooms_over_federation = false;

6
modules/servers/tranga.nix
View File

@ -1,4 +1,8 @@
{ config, lib, ... }: {
config,
lib,
...
}:
let let
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.tranga; cfg = config.my.servers.tranga;

120
modules/services/syncthing.nix Normal file
View File

@ -0,0 +1,120 @@
{ config, lib, ... }:
let
inherit (config.networking) hostName;
isMainHost = hostName == "workstation";
mkMobile =
path:
lib.mkIf isMainHost {
inherit path;
ignorePerms = false;
devices = [
"galaxy"
"phone"
];
};
in
{
options.my.services.syncthing.enable = lib.mkEnableOption "Syncthing file synchronization";
config = lib.mkIf (config.my.services.syncthing.enable && config.my.secureHost) {
sops.secrets = {
"syncthing_keys/${hostName}" = {
sopsFile = ../../secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.config/syncthing/key.pem";
};
"syncthing_certs/${hostName}" = {
sopsFile = ../../secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.config/syncthing/cert.pem";
};
"syncthing_password" = {
sopsFile = ../../secrets/keys.yaml;
};
};
services.syncthing = {
enable = true;
user = "jawz";
group = "users";
overrideDevices = true;
overrideFolders = true;
openDefaultPorts = true;
key = config.sops.secrets."syncthing_keys/${hostName}".path;
cert = config.sops.secrets."syncthing_certs/${hostName}".path;
guiAddress = "${config.my.ips."${hostName}"}:8384";
settings = {
options = {
natEnabled = false;
relaysEnabled = false;
globalAnnounceEnabled = false;
};
gui = {
user = "jawz";
password = config.sops.secrets.syncthing_password.path;
};
devices = {
server.id = "BG6PF7S-KATABWO-7WAZFMX-6YO7IS3-WQTMR3M-VSOSV7V-HFFMNNH-BFX2EQ4";
miniserver.id = "HDYEGIR-GFU7ONK-MOOJUFH-N3L3XHX-SXWN3FI-O23K6LD-BJENQK5-VIPV2AT";
workstation.id = "4E4KJ6M-MSTNBVF-D7CNHDW-DUTB3VR-SXKZ4NH-ZKAOMF5-V24JECJ-4STSZAA";
galaxy.id = "UAZ5YDV-YUFBXOY-QMS6S6R-WPIIKZI-4OPPW5L-G4OVUPO-YW5KFYY-YASRAAV";
phone.id = "OSOX2VZ-AO2SA3C-BFB6NKF-K6CR6WX-64TDBKW-RRKEKJ4-FKZE5CV-J2RGJAJ";
wg-friend1 = {
id = "XBIYCD4-EFKS5SK-WFF73CU-P37GXVH-OMWEIA4-6KC5F3L-U5UQWSF-SYNNRQF";
addresses = [ "tcp://${config.my.ips.wg-friend1}:22000" ];
introducer = false;
autoAcceptFolders = false;
paused = false;
};
};
folders = {
cache = mkMobile "~/Downloads/cache/";
friends = mkMobile "~/Pictures/artist/friends/";
forme = mkMobile "~/Pictures/art for me/";
comfy = mkMobile "~/Development/AI/ComfyUI/output/";
gdl = {
path = "~/.config/jawz/";
ignorePerms = false;
devices = [
"server"
"miniserver"
"workstation"
];
};
librewolf = {
path = "~/.librewolf/";
ignorePerms = false;
copyOwnershipFromParent = true;
type = if isMainHost then "sendonly" else "receiveonly";
devices = [
"server"
"miniserver"
"workstation"
];
};
notes = {
path = "~/Documents/Notes";
ignorePerms = false;
devices = [
"galaxy"
"phone"
"server"
"miniserver"
"workstation"
];
};
friend_share = {
path = "~/Pictures/encrypted/friends";
ignorePerms = false;
type = "sendreceive";
devices = [
"server"
"workstation"
"wg-friend1"
];
};
};
};
};
};
}

17
modules/shell/multimedia.nix
View File

@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@ -7,6 +8,11 @@
{ {
options.my.shell.multimedia.enable = lib.mkEnableOption "multimedia CLI tools and codecs"; options.my.shell.multimedia.enable = lib.mkEnableOption "multimedia CLI tools and codecs";
config = lib.mkIf config.my.shell.multimedia.enable { config = lib.mkIf config.my.shell.multimedia.enable {
sops.secrets."gallery-dl/secrets" = {
sopsFile = ../../secrets/gallery.yaml;
owner = "jawz";
mode = "0400";
};
home-manager.users.jawz.programs = { home-manager.users.jawz.programs = {
yt-dlp = { yt-dlp = {
enable = true; enable = true;
@ -19,7 +25,16 @@
}; };
gallery-dl = { gallery-dl = {
enable = true; enable = true;
settings = import ../../dotfiles/gallery-dl.nix; settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
};
${config.my.shell.type} = {
initExtra = lib.mkAfter ''
if [ -r "${config.sops.secrets."gallery-dl/secrets".path}" ]; then
set -a # automatically export all variables
source "${config.sops.secrets."gallery-dl/secrets".path}"
set +a # stop automatically exporting
fi
'';
}; };
}; };
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {

70
modules/shell/tools.nix
View File

@ -17,45 +17,16 @@ in
enable = true; enable = true;
package = pkgs.htop-vim; package = pkgs.htop-vim;
}; };
eza = {
enable = true;
git = true;
icons = "auto";
};
zoxide = { zoxide = {
enable = true; enable = true;
enableBashIntegration = shellType == "bash"; enableBashIntegration = shellType == "bash";
enableZshIntegration = shellType == "zsh"; enableZshIntegration = shellType == "zsh";
}; };
${shellType} = {
shellAliases = {
cd = "z";
hh = "hstr";
ls = "eza --icons --group-directories-first";
rm = "trash";
b = "bat";
f = "fzf --multi --exact -i";
unique-extensions = ''
fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn'';
};
}
// (
if shellType == "bash" then
{
initExtra = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}
else
{
initContent = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}
);
bat = { bat = {
enable = true; enable = true;
config.pager = "less -FR"; config.pager = "less -FR";
@ -85,6 +56,34 @@ in
PASSWORD_STORE_SAFECONTENT = "true"; PASSWORD_STORE_SAFECONTENT = "true";
}; };
}; };
${shellType} = {
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
cd = "z";
hh = "hstr";
ls = "eza --icons --group-directories-first";
rm = "trash";
b = "bat";
f = "fzf --multi --exact -i";
unique-extensions = ''
fd -tf | rev | cut -d. -f1 | rev |
tr '[:upper:]' '[:lower:]' | sort |
uniq --count | sort -rn'';
};
}
//
inputs.self.lib.shellConditional shellType
''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
''
''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}; };
programs = { programs = {
starship.enable = true; starship.enable = true;
@ -99,7 +98,6 @@ in
inherit (pkgs) inherit (pkgs)
ripgrep # modern grep ripgrep # modern grep
du-dust # rusty du similar to gdu du-dust # rusty du similar to gdu
eza # like ls but with colors
fd # modern find, faster searches fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful fzf # fuzzy finder! super cool and useful
gdu # disk-space utility checker, somewhat useful gdu # disk-space utility checker, somewhat useful
@ -108,8 +106,6 @@ in
jq # json parser jq # json parser
yq # yaml parser yq # yaml parser
smartmontools # check hard drie health smartmontools # check hard drie health
;
inherit (inputs.jawz-scripts.packages.x86_64-linux)
rmlint # amazing dupe finder that integrates well with BTRFS rmlint # amazing dupe finder that integrates well with BTRFS
; ;
}; };

15
modules/users/nixremote.nix
View File

@ -1,13 +1,18 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
{ {
options.my.users.nixremote = { options.my.users.nixremote = {
enable = lib.mkEnableOption "nixremote user for distributed builds"; enable = lib.mkEnableOption "nixremote user for distributed builds";
authorizedKeys = lib.mkOption { authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.path; type = lib.types.listOf lib.types.path;
default = [ default = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
description = "List of SSH public key files to authorize for nixremote user"; description = "List of SSH public key files to authorize for nixremote user";
}; };

218
parts/core.nix Normal file
View File

@ -0,0 +1,218 @@
{ inputs, ... }:
let
system = "x86_64-linux";
mkpkgs =
repo:
import repo {
inherit system;
config.allowUnfree = true;
};
in
{
systems = [ system ];
flake = {
lib = {
commonModules = name: [
../hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
{
nixpkgs.overlays = [
(import ../config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
];
}
{
nix.registry = {
jawz.flake = inputs.self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
modules = inputs.self.lib.commonModules name;
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
langList =
builtins.readDir ../modules/dev
|> builtins.attrNames
|> map (file: baseNameOf file |> builtins.replaceStrings [ ".nix" ] [ "" ])
|> builtins.filter (name: name != "emacs");
autoImport =
dir: filterFn:
builtins.readDir dir
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterFn file)
|> map (file: dir + "/${file}");
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
inputs.self.lib.proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket or false;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == cfg.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
commonAliases = {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
};
xdgEnvironment =
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
PATH = [ "\${HOME}/.local/bin" ];
};
getNixosHosts =
ips: hostName: lib:
builtins.attrNames ips
|> builtins.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
shellConditional =
shellType: bashContent: zshContent:
if shellType == "bash" then { initExtra = bashContent; } else { initContent = zshContent; };
mergeAliases = baseAliases: extraAliases: baseAliases // extraAliases;
importDotfile = path: import path;
getServicesWithNativeFirewall =
config: blacklist:
config.my.servers
|> builtins.attrNames
|> builtins.filter (
name:
(config.my.servers.${name}.enable or false)
&& !(builtins.elem name blacklist)
&& builtins.hasAttr name config.services
&& (config.services.${name} ? openFirewall)
);
generateFirewallPorts =
config: nativeServices: lib:
config.my.network.firewall.staticPorts
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv: (srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServices)
)
|> lib.attrValues
|> map (srv: srv.port)
);
mkEnabled = name: {
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
mkEnabledIp = ip: name: {
inherit name;
value = {
enable = true;
inherit ip;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
mkPostgresDependency = config: serviceName: displayName: {
assertion = config.my.servers.${serviceName}.enable -> config.my.servers.postgres.enable;
message = "${displayName} requires PostgreSQL to be enabled";
};
mkPostgresDependencies =
config: serviceMap:
serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
sshKeys = {
deacero = ../secrets/ssh/ed25519_deacero.pub;
workstation = ../secrets/ssh/ed25519_workstation.pub;
server = ../secrets/ssh/ed25519_server.pub;
miniserver = ../secrets/ssh/ed25519_miniserver.pub;
galaxy = ../secrets/ssh/ed25519_galaxy.pub;
phone = ../secrets/ssh/ed25519_phone.pub;
vps = ../secrets/ssh/ed25519_vps.pub;
emacs = ../secrets/ssh/ed25519_emacs.pub;
# Build user keys (nixremote)
nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
nixserver = ../secrets/ssh/ed25519_nixserver.pub;
nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
};
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
};
};
}

12
parts/devshells.nix Normal file
View File

@ -0,0 +1,12 @@
{ inputs, ... }:
{
perSystem = _: {
devShells =
inputs.self.lib.langList
|> map (name: {
inherit name;
value = inputs.self.nixosConfigurations.emacs.config.devShells.${name};
})
|> builtins.listToAttrs;
};
}

10
parts/hosts.nix Normal file
View File

@ -0,0 +1,10 @@
{ inputs, ... }:
{
flake.nixosConfigurations = {
workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
};
}

18
parts/packages.nix Normal file
View File

@ -0,0 +1,18 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
{
packages = (inputs.jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = inputs.self.lib.commonModules "emacs";
format = "vm";
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
};
};
}

47
scripts/list-schemes.sh Executable file
View File

@ -0,0 +1,47 @@
#!/usr/bin/env bash
# Script to list all available schemes from schemes.nix
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
echo "Available schemes:"
nix eval --raw --impure --expr "
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep \"\n\" utils.availableSchemes
"
echo -e "\nLight schemes:"
nix eval --raw --impure --expr "
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep \"\n\" utils.lightSchemes
"
echo -e "\nDark schemes:"
nix eval --raw --impure --expr "
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep \"\n\" utils.darkSchemes
"
echo -e "\nAvailable colors:"
nix eval --raw --impure --expr "
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep \"\n\" utils.availableColors
"

125
scripts/push-to-cache.sh Executable file
View File

@ -0,0 +1,125 @@
#!/usr/bin/env bash
# Script to push NixOS builds to Atticd cache
set -euo pipefail
# Colors for output
GREEN='\033[0;32m'
BLUE='\033[0;34m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Configuration
CACHE_NAME="servidos:nixos"
CACHE_URL="https://cache.lebubu.org"
echo -e "${BLUE}=========================================${NC}"
echo -e "${BLUE}NixOS Build Cache Pusher${NC}"
echo -e "${BLUE}=========================================${NC}"
echo ""
# Check if attic is available
if ! command -v attic &> /dev/null; then
echo -e "${YELLOW}Error: attic is not installed or not in PATH${NC}"
exit 1
fi
# Check if ATTIC_TOKEN is set
if [ -z "${ATTIC_TOKEN:-}" ]; then
echo -e "${YELLOW}Warning: ATTIC_TOKEN environment variable is not set${NC}"
echo "Please set it with: export ATTIC_TOKEN=your_token_here"
exit 1
fi
# Login to cache
echo -e "${GREEN}→ Logging into cache...${NC}"
attic login servidos "$CACHE_URL" "$ATTIC_TOKEN"
# Determine what to push
if [ $# -eq 0 ]; then
# No arguments - push all result* symlinks
if ls result* 1> /dev/null 2>&1; then
echo -e "${GREEN}→ Found result symlinks, pushing to cache...${NC}"
attic push "$CACHE_NAME" result*
echo -e "${GREEN}✓ Successfully pushed all results to cache!${NC}"
else
echo -e "${YELLOW}No result symlinks found. Build something first!${NC}"
echo ""
echo "Usage examples:"
echo " 1. Push all results: $0"
echo " 2. Push specific path: $0 /nix/store/xxxxx-nixos-system-xxx"
echo " 3. Push current config: $0 --current [hostname]"
exit 1
fi
elif [ "$1" = "--current" ]; then
# Push current system configuration
HOSTNAME="${2:-$(hostname)}"
echo -e "${GREEN}→ Building current configuration for $HOSTNAME...${NC}"
nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" --print-out-paths | \
attic push "$CACHE_NAME" --stdin
echo -e "${GREEN}✓ Successfully pushed $HOSTNAME configuration to cache!${NC}"
elif [ "$1" = "--all-schemes" ]; then
# Build and push all schemes
HOSTNAME="${2:-server}"
# Get current directory
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")"
cd "$PROJECT_ROOT"
# Get available schemes
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo -e "${GREEN}→ Building and pushing all schemes for $HOSTNAME...${NC}"
echo -e "Schemes: $SCHEMES"
echo ""
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo -e "Original scheme: $ORIGINAL_SCHEME"
echo ""
# Build and push each scheme
for scheme in $SCHEMES; do
echo -e "${BLUE}→ Processing $scheme...${NC}"
# Update stylix.nix
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Build and push
nix build ".#nixosConfigurations.$HOSTNAME.config.system.build.toplevel" \
--out-link "./result-$scheme"
attic push "$CACHE_NAME" "./result-$scheme"
echo -e "${GREEN}✓ Completed $scheme${NC}"
echo ""
done
# Restore original scheme
echo -e "${BLUE}→ Restoring original scheme: $ORIGINAL_SCHEME${NC}"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo -e "${GREEN}✓ All schemes pushed successfully!${NC}"
else
# Push specific store path(s)
echo -e "${GREEN}→ Pushing specified path(s) to cache...${NC}"
for path in "$@"; do
echo " - $path"
echo "$path" | attic push "$CACHE_NAME" --stdin
done
echo -e "${GREEN}✓ Successfully pushed to cache!${NC}"
fi
echo ""
echo -e "${BLUE}=========================================${NC}"
echo -e "${GREEN}Cache push completed!${NC}"
echo -e "${BLUE}=========================================${NC}"

28
scripts/scheme-utils.nix Normal file
View File

@ -0,0 +1,28 @@
{ pkgs, inputs }:
let
schemesConfig = import ../config/schemes.nix { inherit pkgs inputs; };
availableSchemes = builtins.attrNames schemesConfig.schemes;
in
{
inherit availableSchemes;
lightSchemes = builtins.filter (
name: schemesConfig.schemes.${name}.polarity == "light"
) availableSchemes;
darkSchemes = builtins.filter (
name: schemesConfig.schemes.${name}.polarity == "dark"
) availableSchemes;
schemesByColor =
color: builtins.filter (name: schemesConfig.schemes.${name}.color == color) availableSchemes;
getScheme = name: schemesConfig.schemes.${name};
isValidScheme = name: builtins.hasAttr name schemesConfig.schemes;
availableColors = pkgs.lib.unique (
builtins.filter (color: color != null) (
builtins.map (name: schemesConfig.schemes.${name}.color) availableSchemes
)
);
availableBase16Schemes = pkgs.lib.unique (
builtins.filter (name: name != null) (
builtins.map (name: schemesConfig.schemes.${name}.name) availableSchemes
)
);
}

8
secrets/env.yaml
View File

@ -1,7 +1,3 @@
stash:
password: ENC[AES256_GCM,data:DVtKQmtOQA/jS3ZncbuPKMukJyo=,iv:FSLl4Qbq58X0WNjqz8LLOW6XpBQxE5W7L9yOTBQkBOA=,tag:Qun+5Vf193Qt8n+Yp9lBJg==,type:str]
jwt: ENC[AES256_GCM,data:C1RcyQn3j5LaCSDGPjBAm6RYsqvVn1HIFxxBP4FNx7NVCroju4VEtkV98Ve0D6Z60L3mB1yOqi8OrEgXNJv+vw==,iv:t8pmLzXwg1g9kkiL98ql9YLaSitaXoJiiLiUf3G1cWk=,tag:D3mdFIe3m3219E4V8yhmpg==,type:str]
session: ENC[AES256_GCM,data:ifUXaGIO7xKPgtTVEeERx0OyBDni2eoWo7dFxazQ4W2DBrnzQfJ7Plqt8EYLhQQRP4I6e33+oEKNzpuiG+XJCw==,iv:AOI0lMcTT02GpOCQuX74hPBKth3WdFN2W2wlqKgrKJM=,tag:1I+brf4G2oKE7o2E90q/CQ==,type:str]
gitea: ENC[AES256_GCM,data:8o+U4qFdyIhCPNlYyflQIuLHsQHtbT6G/a0OyCUeg9DtIeABXNVFhiy4iFRuIF0=,iv:AYwqDRNML1XuzwQnD4VmI4rKWYfTJjOjibrAbI5qgcA=,tag:UPL3UlETdkoFXLihEIGcSw==,type:str] gitea: ENC[AES256_GCM,data:8o+U4qFdyIhCPNlYyflQIuLHsQHtbT6G/a0OyCUeg9DtIeABXNVFhiy4iFRuIF0=,iv:AYwqDRNML1XuzwQnD4VmI4rKWYfTJjOjibrAbI5qgcA=,tag:UPL3UlETdkoFXLihEIGcSw==,type:str]
shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str] shiori: ENC[AES256_GCM,data:tV7+1GusZvcli8dM86xOD71dc2mzcyfQwMeTh//LDb0=,iv:ED9wR6QjQgwd9Ll/UC5FK3CyYK3b0RniC/D6Y0nGEOI=,tag:X/aopMc2vhnRW2iTphFflQ==,type:str]
flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str] flame: ENC[AES256_GCM,data:XsYRsA2xs+juWje2Od2Yl2xIvU0OS8xMrtwtcK/0NyyRrg==,iv:FR8lHsNQNCaOy4P+7BsIjNCz+H38i5RlwLYQ4fpB2+w=,tag:61EV7H04pcr1bSX4nSvlpw==,type:str]
@ -52,7 +48,7 @@ sops:
QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb QXRUYWtGcWZCVW11U3VYRktuUjlCbDgKsTK4WhUza/JuoDTU3uATa6fq/8eYzxtb
9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q== 9BUK1ddzx9Mghea9XBMS17YGtGmW800OsLBomb3SINnOFvejcnKf8Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-28T03:54:20Z" lastmodified: "2025-10-02T19:58:54Z"
mac: ENC[AES256_GCM,data:nPA5SF8fw+x0t5O1aqR7bZk2dpSjf37KKWJ976vx+TjaxWDz8DQVBUNuQmy6d3uX0TT6ysmsA8S4VqjgyRKli1vdEXWXPyULyUwPv3jtR4/NS2hnFabglOn0BhjfNrcArUkdyaQBm02Y96u2XIa0LcCyPOpJauIl5SbSSHaULQs=,iv:Qh7p70oFZbp4mAzDX87hkbPW22S4SoTY/CDzJabQQ0M=,tag:2YGmN2E3y1dcqW5M8WDvUQ==,type:str] mac: ENC[AES256_GCM,data:xplk6z63m35V1IL/PpvnjNU1+bUrrplGg60SufnGV6307V520Ajo63dKkQ5yMuiGq/JQETc+sdm9GLQrmOflwhl92YwK2+/11MlMp0vMkC91mAJsobLUmNt3WXVml54CiCbvH+c8fH0T0pIaLGK3MxSRFX//hrfLjSCAvwQagsE=,iv:oE6g0WPM4Rf3YrdgkIdE8qWfiWQxbZ62Axa56ZQYWSA=,tag:QMaWvCD3sbHTv1NFctIBZA==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2

Some files were not shown because too many files have changed in this diff Show More