jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: jawz:weekly-2025-10-04
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29
...
compare: jawz:main
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29

60 Commits
weekly-202 ... main

Author SHA1 Message Date
Danilo Reyes
90e2c13e63 dockerfile lsp moved to pkgs
All checks were successful
Build on Push / build-configurations (push) Successful in 3m32s
Details
2025-11-09 10:48:03 -06:00
Danilo Reyes
d78917b868 vm renames for 25.11
Some checks failed
Build on Push / build-configurations (push) Failing after 2m52s
Details
2025-11-09 10:38:58 -06:00
Danilo Reyes
586746a881 push pipeline 2025-11-09 10:30:03 -06:00
Danilo Reyes
35008216bd rename github workflows to gitea 2025-11-09 10:28:42 -06:00
Danilo Reyes
5cf2369dd0 Update allowed and trusted users for Gitea actions runner 2025-11-09 01:04:39 -06:00
Danilo Reyes
11e70bd4b6 no compression for attic, faster? 2025-11-09 00:46:55 -06:00
Danilo Reyes
b473505a8a pre 25.11, but still master 2025-11-08 22:17:51 -06:00
Danilo Reyes
59c88ba905 rol vm + dev stuff for webref 2025-11-08 14:12:13 -06:00
Danilo Reyes
37dce91efa windows vm ssh key for rol
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 4m0s
Details
2025-11-06 20:49:54 -06:00
Danilo Reyes
41ced09790 single runner
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 10m43s
Details
2025-11-02 10:10:00 -06:00
Danilo Reyes
14d3e6b1ee action runner & webref stuff 2025-11-02 00:16:49 -06:00
Danilo Reyes
007744fb84 attic to the runner 2025-11-01 23:17:17 -06:00
Danilo Reyes
349495bea6 unsupported schema 2025-11-01 23:09:11 -06:00
Danilo Reyes
151ba68a35 webref runner 2025-11-01 22:39:40 -06:00
Danilo Reyes
78afe09dcb tailscale security 2025-11-01 17:19:44 -06:00
Danilo Reyes
4abb664cfe xterm name 2025-11-01 16:54:08 -06:00
Danilo Reyes
31cd975555 cursor wihtout fhs 2025-11-01 16:26:29 -06:00
Danilo Reyes
8d056ebd86 last flake update from master before 25.11 2025-11-01 12:15:51 -06:00
Danilo Reyes
5ae0facbf7 flake update 2025-11-01 11:38:17 -06:00
Danilo Reyes
310ea1d253 new vps ip, region dallas
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Has been cancelled
Details
2025-10-29 19:50:49 -06:00
Danilo Reyes
6d05270d09 new redirection 2025-10-29 14:06:29 -06:00
Danilo Reyes
6971bc9c9e secrets servidos.lat > lebubu.org 2025-10-29 13:20:35 -06:00
Danilo Reyes
0ec7fc1ec9 servidos.lat > lebubu.org 2025-10-29 13:12:31 -06:00
NixOS Builder Bot
943d9f3329 Weekly flake update: 2025-10-29 17:38 UTC 2025-10-29 11:38:29 -06:00
Danilo Reyes
cad0288d68 lan login for schemes pipeline as well 2025-10-29 09:57:44 -06:00
Danilo Reyes
15f998179d lowered compression rate 2025-10-29 01:57:21 -06:00
Danilo Reyes
11075969f2 push attic throguh lan 2025-10-29 01:41:24 -06:00
Danilo Reyes
4c6d02ba55 using rmlint from nixpkgs 2025-10-29 00:39:51 -06:00
Danilo Reyes
2cce4376e5 ignore conflicting cache syncthing librewolf 2025-10-29 00:00:39 -06:00
Danilo Reyes
9f455ec19c change public listener url synapse 2025-10-28 18:51:11 -06:00
Danilo Reyes
0ef6b08c42 changed ip/config of new vps 2025-10-28 16:11:16 -06:00
Danilo Reyes
fd2962c306 nextcloud headers fix
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 2m4s
Details
2025-10-26 10:08:37 -06:00
Danilo Reyes
87cca163b0 updated collabora docker 2025-10-26 09:59:24 -06:00
Danilo Reyes
cf64ff1616 heartbeat is a boolean 2025-10-25 00:59:37 -06:00
Danilo Reyes
2f6d65b239 atticd fix 2025-10-25 00:52:22 -06:00
Danilo Reyes
6dc429e56c insecure package ughhhh 2025-10-25 00:00:28 -06:00
Danilo Reyes
28ef0d8108 fixes qbittorrent, nextcloud python update, firewall logic
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 1m55s
Details
2025-10-18 10:12:09 -06:00
Danilo Reyes
0e5e06bcb6 flake update
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m55s
Details
2025-10-13 10:08:02 -06:00
Danilo Reyes
cf4db411e0 Update SSH key paths in core.nix to use relative paths for improved consistency and maintainability.
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m30s
Details
2025-10-12 23:00:45 -06:00
Danilo Reyes
be82c5c477 Refactor configuration files to include 'inputs' parameter for improved modularity and consistency across hosts. 2025-10-12 22:57:24 -06:00
Danilo Reyes
de5ad541b8 Refactor SSH key management to use centralized key retrieval function for nixremote users across configurations. 2025-10-12 20:28:39 -06:00
Danilo Reyes
0f7e28abd0 more migration stuff 2025-10-12 20:24:42 -06:00
Danilo Reyes
30cff89a50 cleaned up duplicated code 2025-10-12 20:03:24 -06:00
Danilo Reyes
e393a4481b reverted server factory 2025-10-12 19:59:46 -06:00
Danilo Reyes
8664061145 further figration 2025-10-12 14:12:19 -06:00
Danilo Reyes
c3d20aa28f part 3 of the flake-parts migration 2025-10-12 14:02:09 -06:00
Danilo Reyes
11fd8e0440 refractor shell configurations with flake-parts 2025-10-12 13:51:45 -06:00
Danilo Reyes
6f97b24115 flake parts, migrated modules 2025-10-12 13:41:48 -06:00
Danilo Reyes
6497dede6f migration to flake-parts 2025-10-12 13:23:38 -06:00
Danilo Reyes
1b743f9fcc moved some emulators to retroarch cores 2025-10-12 12:58:02 -06:00
Danilo Reyes
6216d19d0b gonna give pop-shell a go 2025-10-12 12:57:50 -06:00
NixOS Builder Bot
360fe268f8 Weekly flake update: 2025-10-11 03:33 UTC 2025-10-10 21:33:27 -06:00
Danilo Reyes
efb98d6d54 sudo-rs
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 8m39s
Details
2025-10-09 23:42:38 -06:00
Danilo Reyes
d3ec0a04b7 gallery-dl reads secrets on runtime 2025-10-09 23:23:26 -06:00
Danilo Reyes
9eadbb08ab fixed indentation of secrets 2025-10-09 23:10:00 -06:00
Danilo Reyes
350fc82be9 new keyring isnt compatible with proton yet 2025-10-09 23:01:01 -06:00
NixOS Builder Bot
823c4be1e7 Weekly flake update: 2025-10-06 09:54 UTC 2025-10-06 03:54:05 -06:00
Danilo Reyes
a09d10ab90 replaced stash readonly paths with normal binds
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 23m49s
Details
2025-10-05 13:12:07 -06:00
Danilo Reyes
84737df99b fix to have stash plugins work 2025-10-04 19:46:04 -06:00
Danilo Reyes
3746abd6ec rate limits + reverted keyring 2025-10-04 11:14:31 -06:00
93 changed files with 1278 additions and 843 deletions
Expand all files Collapse all files

54
.gitea/workflows/build-on-push.yml Normal file
View File

@@ -0,0 +1,54 @@
name: Build on Push
on:
push:
branches:
- main
workflow_dispatch: # Allow manual trigger
jobs:
build-configurations:
runs-on: nixos
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration
run: |
echo "Building workstation configuration..."
nix build .#nixosConfigurations.workstation.config.system.build.toplevel --quiet
- name: Build server configuration
run: |
echo "Building server configuration..."
nix build .#nixosConfigurations.server.config.system.build.toplevel --quiet
- name: Build emacs-vm configuration
run: |
echo "Building emacs-vm configuration..."
nix build .#emacs-vm --quiet
- name: Push to cache
run: |
echo "Pushing builds to cache..."
# Push all built derivations to cache
if ls result* 1> /dev/null 2>&1; then
attic push servidos:nixos result*
fi
# Push the specific system derivations we just built
nix build .#nixosConfigurations.workstation.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
nix build .#nixosConfigurations.server.config.system.build.toplevel --print-out-paths | attic push servidos:nixos --stdin
nix build .#emacs-vm --print-out-paths | attic push servidos:nixos --stdin
- name: Summary
run: |
echo "✅ Build on push completed successfully!"
echo "- Built workstation, server, and emacs-vm configurations"
echo "- Pushed all builds to Atticd cache"

92
.gitea/workflows/build-schemes.yml Normal file
View File

@@ -0,0 +1,92 @@
name: Build All Color Schemes
on:
push:
paths:
- "config/schemes.nix"
- "config/scheme-utils.nix"
workflow_dispatch:
jobs:
build-schemes:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITEA_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"

8
.github/workflows/weekly-build-cache.yml → .gitea/workflows/weekly-build-cache.yml
View File

@@ -12,7 +12,7 @@ jobs:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v4 uses: actions/checkout@v4
with: with:
token: ${{ secrets.GITHUB_TOKEN }} token: ${{ secrets.GITEA_TOKEN }}
- name: Configure Git for automated commits - name: Configure Git for automated commits
run: | run: |
@@ -27,10 +27,10 @@ jobs:
id: check_changes id: check_changes
run: | run: |
if git diff --quiet flake.lock; then if git diff --quiet flake.lock; then
echo "changes=false" >> $GITHUB_OUTPUT echo "changes=false" >> $GITEA_OUTPUT
echo "No changes in flake.lock" echo "No changes in flake.lock"
else else
echo "changes=true" >> $GITHUB_OUTPUT echo "changes=true" >> $GITEA_OUTPUT
echo "Changes detected in flake.lock" echo "Changes detected in flake.lock"
fi fi
@@ -38,7 +38,7 @@ jobs:
if: steps.check_changes.outputs.changes == 'true' if: steps.check_changes.outputs.changes == 'true'
run: | run: |
# Configure attic client to use your cache server # Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }} attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration - name: Build workstation configuration
if: steps.check_changes.outputs.changes == 'true' if: steps.check_changes.outputs.changes == 'true'

92
.github/workflows/build-schemes.yml vendored
View File

@@ -1,92 +0,0 @@
name: Build All Color Schemes
on:
push:
paths:
- 'config/schemes.nix'
- 'config/scheme-utils.nix'
workflow_dispatch:
jobs:
build-schemes:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"

27
config/base.nix
View File

@@ -47,7 +47,7 @@
}; };
security = { security = {
polkit.enable = true; polkit.enable = true;
sudo = { sudo-rs = {
enable = true; enable = true;
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
@@ -75,6 +75,7 @@
"dotnet-runtime-6.0.36" "dotnet-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428" "dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428" "dotnet-sdk-6.0.428"
"mbedtls-2.28.10"
]; ];
}; };
nix = { nix = {
@@ -124,29 +125,7 @@
sops sops
; ;
}; };
variables = variables = inputs.self.lib.xdgEnvironment;
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
# PATH
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
# OPTIONS
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
PATH = [ "\${HOME}/.local/bin" ];
};
}; };
programs = { programs = {
nh = { nh = {

33
config/home-manager.nix
View File

@@ -14,22 +14,7 @@ let
${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title ${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title
export command_timeout=60 export command_timeout=60
''; '';
commonAliases = { commonAliases = inputs.self.lib.commonAliases // {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
open-gallery = '' open-gallery = ''
cd /srv/pool/scrapping/JawZ/gallery-dl && cd /srv/pool/scrapping/JawZ/gallery-dl &&
xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"''; xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"'';
@@ -46,14 +31,20 @@ in
}; };
git = { git = {
enable = true; enable = true;
delta.enable = true; settings = {
userName = "Danilo Reyes";
userEmail = osConfig.my.email;
extraConfig = {
init.defaultBranch = "main";
pull.rebase = true; pull.rebase = true;
init.defaultBranch = "main";
user = {
inherit (osConfig.my) email;
name = "Danilo Reyes";
};
}; };
}; };
delta = {
enable = true;
enableGitIntegration = true;
};
ssh.enableDefaultConfig = false;
bash = lib.mkIf (shellType == "bash") { bash = lib.mkIf (shellType == "bash") {
enable = true; enable = true;
historyFile = "\${XDG_STATE_HOME}/bash/history"; historyFile = "\${XDG_STATE_HOME}/bash/history";

33
config/jawz.nix
View File

@@ -1,11 +1,12 @@
{ config, lib, ... }: {
config,
lib,
inputs,
...
}:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
nixosHosts = nixosHosts = inputs.self.lib.getNixosHosts config.my.ips hostName lib;
lib.attrNames config.my.ips
|> lib.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
nixosHostsMatch = lib.concatStringsSep " " nixosHosts; nixosHostsMatch = lib.concatStringsSep " " nixosHosts;
in in
{ {
@@ -29,10 +30,11 @@ in
home.file.".librewolf/.stignore".source = ../dotfiles/stignore; home.file.".librewolf/.stignore".source = ../dotfiles/stignore;
programs.ssh = lib.mkIf config.my.secureHost { programs.ssh = lib.mkIf config.my.secureHost {
enable = true; enable = true;
enableDefaultConfig = false;
matchBlocks = { matchBlocks = {
vps = { vps = {
hostname = config.my.ips.vps; hostname = config.my.ips.vps;
user = "fedora"; user = "jawz";
port = 3456; port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path; identityFile = config.sops.secrets."private_keys/${hostName}".path;
}; };
@@ -67,14 +69,15 @@ in
"plugdev" "plugdev"
"bluetooth" "bluetooth"
]; ];
openssh.authorizedKeys.keyFiles = [ openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
../secrets/ssh/ed25519_deacero.pub "deacero"
../secrets/ssh/ed25519_workstation.pub "workstation"
../secrets/ssh/ed25519_server.pub "server"
../secrets/ssh/ed25519_miniserver.pub "miniserver"
../secrets/ssh/ed25519_galaxy.pub "galaxy"
../secrets/ssh/ed25519_phone.pub "phone"
../secrets/ssh/ed25519_vps.pub "vps"
"windows_vm"
]; ];
}; };
} }

2
config/stylix.nix
View File

@@ -11,7 +11,7 @@ let
}; };
scheme = schemesFile.schemes.febroary; scheme = schemesFile.schemes.febroary;
cfg = config.my.stylix; cfg = config.my.stylix;
gnomeEnabled = config.services.xserver.desktopManager.gnome.enable; gnomeEnabled = config.services.desktopManager.gnome.enable;
in in
{ {
options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix"; options.my.stylix.enable = lib.mkEnableOption "system-wide theming with Stylix";

20
dotfiles/gallery-dl.nix
View File

@@ -4,7 +4,7 @@
cookies = [ cookies = [
"firefox" "firefox"
"/home/jawz/.librewolf/jawz" "/home/jawz/.librewolf/jawz"
"gcr_4" "gnomekeyring"
]; ];
retries = 10; retries = 10;
sleep-request = 0; sleep-request = 0;
@@ -13,8 +13,8 @@
directory = [ ]; directory = [ ];
}; };
bluesky = { bluesky = {
limit-rate = "400k-1M";
username = "blablablamagic.bsky.social"; username = "blablablamagic.bsky.social";
password = "{env[GALLERY_DL_BLUESKY_PASSWORD]}";
reposts = false; reposts = false;
videos = true; videos = true;
directory = [ "{author['handle']}" ]; directory = [ "{author['handle']}" ];
@@ -30,8 +30,6 @@
}; };
flickr = { flickr = {
size-max = "Original"; size-max = "Original";
access-token = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN]}";
access-token-secret = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN_SECRET]}";
directory = [ directory = [
"{category}" "{category}"
"{owner[username]}" "{owner[username]}"
@@ -49,8 +47,9 @@
]; ];
}; };
instagram = { instagram = {
limit-rate = "200k-300k";
browser = "firefox:linux"; browser = "firefox:linux";
user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0"; user-agent = "Mozilla/5.0 (X11; Linux x86_64; rv:143.0) Gecko/20100101 Firefox/143.0";
sleep = "66-123"; sleep = "66-123";
sleep-request = "66-123"; sleep-request = "66-123";
parent-directory = true; parent-directory = true;
@@ -71,6 +70,7 @@
]; ];
}; };
kemonoparty = { kemonoparty = {
limit-rate = "200k-300k";
retries = 10; retries = 10;
timeout = 5; timeout = 5;
filename = "{id}_{filename}.{extension}"; filename = "{id}_{filename}.{extension}";
@@ -84,19 +84,15 @@
"{title}" "{title}"
]; ];
tumblr = { tumblr = {
access-token = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN]}";
access-token-secret = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN_SECRET]}";
external = true; external = true;
inline = true; inline = true;
posts = "all"; posts = "all";
reblogs = false; reblogs = false;
parent-directory = true; parent-directory = true;
api-key = "{env[GALLERY_DL_TUMBLR_API_KEY]}";
api-secret = "{env[GALLERY_DL_TUMBLR_API_SECRET]}";
directory = [ "{blog_name}" ]; directory = [ "{blog_name}" ];
}; };
deviantart = { deviantart = {
refresh-token = "{env[GALLERY_DL_DEVIANTART_REFRESH_TOKEN]}"; limit-rate = "200k-300k";
include = "gallery,scraps"; include = "gallery,scraps";
flat = true; flat = true;
original = true; original = true;
@@ -116,6 +112,7 @@
]; ];
}; };
patreon = { patreon = {
limit-rate = "400k-1M";
filename = "{filename}.{num}.{extension}"; filename = "{filename}.{num}.{extension}";
browser = "firefox"; browser = "firefox";
directory = [ directory = [
@@ -139,7 +136,6 @@
reddit = { reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)"; user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g"; client-id = "T7nZ6WZ3_onJWBhLP8r08g";
refresh-token = "{env[GALLERY_DL_REDDIT_REFRESH_TOKEN]}";
parent-directory = true; parent-directory = true;
directory = [ "{author}" ]; directory = [ "{author}" ];
}; };
@@ -162,7 +158,6 @@
]; ];
baraag.directory = [ "{account[username]}" ]; baraag.directory = [ "{account[username]}" ];
pixiv = { pixiv = {
refresh-token = "{env[GALLERY_DL_PIXIV_REFRESH_TOKEN]}";
directory = [ "{user[account]} - {user[id]}" ]; directory = [ "{user[account]} - {user[id]}" ];
ugoira = true; ugoira = true;
favorite.directory = [ favorite.directory = [
@@ -196,6 +191,7 @@
]; ];
}; };
readcomiconline = { readcomiconline = {
limit-rate = "400k-1M";
chapter-reverse = true; chapter-reverse = true;
quality = "hq"; quality = "hq";
captcha = "wait"; captcha = "wait";

1
dotfiles/stignore
View File

@@ -1,6 +1,7 @@
(?d)jawz/chrome/userChrome.css (?d)jawz/chrome/userChrome.css
(?d)jawz/chrome/userContent.css (?d)jawz/chrome/userContent.css
(?d)jawz/lock (?d)jawz/lock
(?d)jawz/storage
(?d)jawz/user.js (?d)jawz/user.js
(?d)native-messaging-hosts/org.gnome.browser_connector.json (?d)native-messaging-hosts/org.gnome.browser_connector.json
(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json (?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json

13
environments/gnome.nix
View File

@@ -1,21 +1,13 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
qt.enable = true; qt.enable = true;
services = { services = {
gvfs.enable = true; gvfs.enable = true;
libinput.enable = true; displayManager.gdm.enable = true;
xserver = { desktopManager.gnome.enable = true;
enable = true;
displayManager.gdm.enable = true;
desktopManager = {
gnome.enable = true;
xterm.enable = lib.mkForce false;
};
};
}; };
environment.gnome.excludePackages = builtins.attrValues { environment.gnome.excludePackages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
@@ -40,6 +32,7 @@
gamemode-shell-extension # I guess I'm a gamer now? gamemode-shell-extension # I guess I'm a gamer now?
burn-my-windows # special effects for when closing windows burn-my-windows # special effects for when closing windows
pano # clipboard manager pano # clipboard manager
pop-shell
; ;
}; };
} }

12
environments/hyprland.nix
View File

@@ -13,7 +13,7 @@ in
services.greetd = { services.greetd = {
enable = true; enable = true;
settings.default_session = { settings.default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd Hyprland"; command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd Hyprland";
user = "greeter"; user = "greeter";
}; };
}; };
@@ -23,13 +23,11 @@ in
wl-clipboard-rs wl-clipboard-rs
wf-recorder wf-recorder
grimblast # screenshots grimblast # screenshots
mako # notification daemon mako # notification daemon
libnotify # dependency of mako libnotify # dependency of mako
swaylock-effects # screen locker swaylock-effects # screen locker
yazi # file manager yazi # file manager
imv # images imv # images
playerctl # media player control playerctl # media player control
; ;
}; };
@@ -78,27 +76,22 @@ in
"${mod}, bracketright, changegroupactive, f" "${mod}, bracketright, changegroupactive, f"
"${mod}, S, exec, wofi --show drun icons" "${mod}, S, exec, wofi --show drun icons"
"${mod}, P, pin, active" "${mod}, P, pin, active"
"${mod}, left, movefocus, l" "${mod}, left, movefocus, l"
"${mod}, right, movefocus, r" "${mod}, right, movefocus, r"
"${mod}, up, movefocus, u" "${mod}, up, movefocus, u"
"${mod}, down, movefocus, d" "${mod}, down, movefocus, d"
"${mod}, h, movefocus, l" "${mod}, h, movefocus, l"
"${mod}, l, movefocus, r" "${mod}, l, movefocus, r"
"${mod}, k, movefocus, u" "${mod}, k, movefocus, u"
"${mod}, j, movefocus, d" "${mod}, j, movefocus, d"
"${mod} SHIFT, left, movewindow, l" "${mod} SHIFT, left, movewindow, l"
"${mod} SHIFT, right, movewindow, r" "${mod} SHIFT, right, movewindow, r"
"${mod} SHIFT, up, movewindow, u" "${mod} SHIFT, up, movewindow, u"
"${mod} SHIFT, down, movewindow, d" "${mod} SHIFT, down, movewindow, d"
"${mod} SHIFT, h, movewindow, l" "${mod} SHIFT, h, movewindow, l"
"${mod} SHIFT, l, movewindow, r" "${mod} SHIFT, l, movewindow, r"
"${mod} SHIFT, k, movewindow, u" "${mod} SHIFT, k, movewindow, u"
"${mod} SHIFT, j, movewindow, d" "${mod} SHIFT, j, movewindow, d"
"${mod}, 1, workspace, 1" "${mod}, 1, workspace, 1"
"${mod}, 2, workspace, 2" "${mod}, 2, workspace, 2"
"${mod}, 3, workspace, 3" "${mod}, 3, workspace, 3"
@@ -119,7 +112,6 @@ in
"${mod} SHIFT, 8, movetoworkspace, 8" "${mod} SHIFT, 8, movetoworkspace, 8"
"${mod} SHIFT, 9, movetoworkspace, 9" "${mod} SHIFT, 9, movetoworkspace, 9"
"${mod} SHIFT, 0, movetoworkspace, 10" "${mod} SHIFT, 0, movetoworkspace, 10"
"${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png" "${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
"${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png" "${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
]; ];
@@ -128,12 +120,10 @@ in
"${mod} SHIFT, l, moveactive, 20 0" "${mod} SHIFT, l, moveactive, 20 0"
"${mod} SHIFT, k, moveactive, 0 -20" "${mod} SHIFT, k, moveactive, 0 -20"
"${mod} SHIFT, j, moveactive, 0 20" "${mod} SHIFT, j, moveactive, 0 20"
"${mod} CTRL, l, resizeactive, 30 0" "${mod} CTRL, l, resizeactive, 30 0"
"${mod} CTRL, h, resizeactive, -30 0" "${mod} CTRL, h, resizeactive, -30 0"
"${mod} CTRL, k, resizeactive, 0 -10" "${mod} CTRL, k, resizeactive, 0 -10"
"${mod} CTRL, j, resizeactive, 0 10" "${mod} CTRL, j, resizeactive, 0 10"
",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+" ",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-" ",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-"
]; ];

2
environments/waybar-style.nix
View File

@@ -30,12 +30,10 @@ in
border: none; border: none;
min-width: 20px; min-width: 20px;
} }
#workspaces button.active { #workspaces button.active {
background: #${colors.base02}; background: #${colors.base02};
color: #${colors.base05}; color: #${colors.base05};
} }
#workspaces button:hover { #workspaces button:hover {
background: #${colors.base01}; background: #${colors.base01};
color: #${colors.base04}; color: #${colors.base04};

380
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759499898, "lastModified": 1762356719,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=", "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798", "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -54,16 +54,17 @@
"base16-fish": { "base16-fish": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1754405784,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
} }
}, },
@@ -215,11 +216,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1756770412, "lastModified": 1762440070,
"narHash": "sha256-+uWLQZccFHwqpGqr2Yt5VsW/PbeJVTn9Dk6SHWhNRPw=", "narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4524271976b625a4a605beefd893f270620fd751", "rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -232,6 +233,24 @@
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": {
"lastModified": 1762040540,
"narHash": "sha256-z5PlZ47j50VNF3R+IMS9LmzI5fYRGY/Z5O5tol1c9I4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0010412d62a25d959151790968765a70c436598b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": { "locked": {
"lastModified": 1712014858, "lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=", "narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
@@ -245,7 +264,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts_3": { "flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nur", "nur",
@@ -266,7 +285,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_4": { "flake-parts_5": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"stylix", "stylix",
@@ -314,11 +333,11 @@
"rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f", "rev": "edea9d2aaf2f4e0481fbbb8e26f68a9f39248e3f",
"revCount": 2, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git" "url": "https://git.lebubu.org/jawz/fonts.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/fonts.git" "url": "https://git.lebubu.org/jawz/fonts.git"
} }
}, },
"fromYaml": { "fromYaml": {
@@ -362,16 +381,16 @@
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1744584021, "lastModified": 1748186689,
"narHash": "sha256-0RJ4mJzf+klKF4Fuoc8VN8dpQQtZnKksFmR2jhWE1Ew=", "narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "52c517c8f6c199a1d6f5118fae500ef69ea845ae", "rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "GNOME", "owner": "GNOME",
"ref": "48.1", "ref": "48.2",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "github"
} }
@@ -383,16 +402,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758463745, "lastModified": 1762463325,
"narHash": "sha256-uhzsV0Q0I9j2y/rfweWeGif5AWe0MGrgZ/3TjpDYdGA=", "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3b955f5f0a942f9f60cdc9cacb7844335d0f21c3", "rev": "0562fef070a1027325dd4ea10813d64d2c967b39",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
@@ -442,11 +460,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759490292, "lastModified": 1762462052,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=", "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a", "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -460,11 +478,11 @@
"aquamarine": "aquamarine", "aquamarine": "aquamarine",
"hyprcursor": "hyprcursor", "hyprcursor": "hyprcursor",
"hyprgraphics": "hyprgraphics", "hyprgraphics": "hyprgraphics",
"hyprland-guiutils": "hyprland-guiutils",
"hyprland-protocols": "hyprland-protocols", "hyprland-protocols": "hyprland-protocols",
"hyprland-qtutils": "hyprland-qtutils",
"hyprlang": "hyprlang", "hyprlang": "hyprlang",
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -473,11 +491,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1759530922, "lastModified": 1762542520,
"narHash": "sha256-9NgZKpibALekGTPDc2O8lP8vFealQSZkXe+L+S7MMZU=", "narHash": "sha256-hMWWVGEoJRNDaAJxHoL1YL+IXGxdQooEw8lABELVopg=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "Hyprland", "repo": "Hyprland",
"rev": "76d998743ac10e712238c1016db4d8e8d16f1049", "rev": "522edc87126a48f3ce4891747b6a92a22385b1e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -486,6 +504,48 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-guiutils": {
"inputs": {
"aquamarine": [
"hyprland",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprtoolkit": "hyprtoolkit",
"hyprutils": [
"hyprland",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1762465111,
"narHash": "sha256-dS13YZdWjgGGLBjpT4FHB6xf8I/WiAU+mgNWXsZgDUs=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "a415eba866a953f3096d661318f771aa0082eb98",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"type": "github"
}
},
"hyprland-protocols": { "hyprland-protocols": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -498,11 +558,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1749046714, "lastModified": 1759610243,
"narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=", "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330", "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -511,74 +571,6 @@
"type": "github" "type": "github"
} }
}, },
"hyprland-qt-support": {
"inputs": {
"hyprlang": [
"hyprland",
"hyprland-qtutils",
"hyprlang"
],
"nixpkgs": [
"hyprland",
"hyprland-qtutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-qtutils",
"systems"
]
},
"locked": {
"lastModified": 1749154592,
"narHash": "sha256-DO7z5CeT/ddSGDEnK9mAXm1qlGL47L3VAHLlLXoCjhE=",
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"rev": "4c8053c3c888138a30c3a6c45c2e45f5484f2074",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qt-support",
"type": "github"
}
},
"hyprland-qtutils": {
"inputs": {
"hyprland-qt-support": "hyprland-qt-support",
"hyprlang": [
"hyprland",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-qtutils",
"hyprlang",
"hyprutils"
],
"nixpkgs": [
"hyprland",
"nixpkgs"
],
"systems": [
"hyprland",
"systems"
]
},
"locked": {
"lastModified": 1759080228,
"narHash": "sha256-RgDoAja0T1hnF0pTc56xPfLfFOO8Utol2iITwYbUhTk=",
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"rev": "629b15c19fa4082e4ce6be09fdb89e8c3312aed7",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprland-qtutils",
"type": "github"
}
},
"hyprlang": { "hyprlang": {
"inputs": { "inputs": {
"hyprutils": [ "hyprutils": [
@@ -608,6 +600,54 @@
"type": "github" "type": "github"
} }
}, },
"hyprtoolkit": {
"inputs": {
"aquamarine": [
"hyprland",
"hyprland-guiutils",
"aquamarine"
],
"hyprgraphics": [
"hyprland",
"hyprland-guiutils",
"hyprgraphics"
],
"hyprlang": [
"hyprland",
"hyprland-guiutils",
"hyprlang"
],
"hyprutils": [
"hyprland",
"hyprland-guiutils",
"hyprutils"
],
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"systems"
]
},
"locked": {
"lastModified": 1762463729,
"narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=",
"owner": "hyprwm",
"repo": "hyprtoolkit",
"rev": "88483bdee5329ec985f0c8f834c519cd18cfe532",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprtoolkit",
"type": "github"
}
},
"hyprutils": { "hyprutils": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -620,11 +660,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759490926, "lastModified": 1762387740,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=", "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3", "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -634,6 +674,35 @@
} }
}, },
"hyprwayland-scanner": { "hyprwayland-scanner": {
"inputs": {
"nixpkgs": [
"hyprland",
"hyprland-guiutils",
"hyprtoolkit",
"nixpkgs"
],
"systems": [
"hyprland",
"hyprland-guiutils",
"hyprtoolkit",
"systems"
]
},
"locked": {
"lastModified": 1755184602,
"narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d",
"type": "github"
},
"original": {
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"type": "github"
}
},
"hyprwayland-scanner_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
@@ -666,32 +735,32 @@
"sudoku-solver": "sudoku-solver" "sudoku-solver": "sudoku-solver"
}, },
"locked": { "locked": {
"lastModified": 1759462273, "lastModified": 1762659856,
"narHash": "sha256-eQVmWzWE9gzLSqEkvURyYoqLmDeiokGbQGkYvQ58kVc=", "narHash": "sha256-cyU8tuUPWZnkOnyWoH1x43+mmukaMoN+8vNxjWnVDv8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "9ab256ded797f78c9e411fe186dde9410be3049d", "rev": "4e91264f0f2bee992231f91621c10f857fb37edd",
"revCount": 107, "revCount": 118,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git" "url": "https://git.lebubu.org/jawz/scripts.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git" "url": "https://git.lebubu.org/jawz/scripts.git"
} }
}, },
"nix-gaming": { "nix-gaming": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759455985, "lastModified": 1762566515,
"narHash": "sha256-8qDv7NXH3fj1CDXed7c7vJLtrRKDZSo0x6TaWSfelVg=", "narHash": "sha256-gIPh4l5MBs0/ETmF8ep7b6u6c2y2wyBBcD9Vk4l4p/Y=",
"owner": "fufexan", "owner": "fufexan",
"repo": "nix-gaming", "repo": "nix-gaming",
"rev": "eb5ab503cbd3cb386e8d85a55a9faed73ec7dc37", "rev": "9bb3ba9d192aeebc18a14c4c29140a78f0b28a7f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -754,11 +823,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1754788789, "lastModified": 1761765539,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=", "narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6", "rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -768,6 +837,21 @@
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": {
"lastModified": 1761765539,
"narHash": "sha256-b0yj6kfvO8ApcSE+QmA6mUfu8IYG6/uU28OFn4PaC8M=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "719359f4562934ae99f5443f20aa06c2ffff91fc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1711703276, "lastModified": 1711703276,
@@ -787,27 +871,27 @@
}, },
"nixpkgs-small": { "nixpkgs-small": {
"locked": { "locked": {
"lastModified": 1759499817, "lastModified": 1762658878,
"narHash": "sha256-a4OoPmarWnVUfroI/ZFFtybpwnxjfL3rO5lNCEOVK5E=", "narHash": "sha256-RG0StVygqNxDkAb0rRs+WvavmU1NOKpQcSFf+IZENgk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b160419b1b40637913ff7204b375e259319c42d9", "rev": "268853f436c12f665c5d9c4d40caf5e0ccf182d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05-small", "ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1759381078, "lastModified": 1762363567,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -819,23 +903,23 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1759439645, "lastModified": 1762631752,
"narHash": "sha256-oiAyQaRilPk525Z5aTtTNWNzSrcdJ7IXM0/PL3CGlbI=", "narHash": "sha256-svy+dTuq/qnfPZHH0Bo3QRYdv+S05ZZGf0vpXfQRd+U=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "879bd460b3d3e8571354ce172128fbcbac1ed633", "rev": "b6dff13a853160527ae3d111e2685df2468431f1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05", "ref": "master",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixtendo-switch": { "nixtendo-switch": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
@@ -856,17 +940,17 @@
}, },
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759591752, "lastModified": 1762630843,
"narHash": "sha256-jp1vZ+XKusYThPr2fBD+eqNACAXUDKyiC/M3tB8NNPc=", "narHash": "sha256-v9KMIzeHdIwdiItAuzZIkuEtoNng3wXNWVa7vSJAcpU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "38a31b2183210fe4aebf48c232ed89cc624456d5", "rev": "6dc13799694bfe61e1bedbcaf18200a762ea2d7a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -911,11 +995,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758108966, "lastModified": 1762441963,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -943,6 +1027,7 @@
"root": { "root": {
"inputs": { "inputs": {
"doom-emacs": "doom-emacs", "doom-emacs": "doom-emacs",
"flake-parts": "flake-parts",
"fonts": "fonts", "fonts": "fonts",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
@@ -968,11 +1053,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759188042, "lastModified": 1760998189,
"narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -988,7 +1073,7 @@
"base16-helix": "base16-helix", "base16-helix": "base16-helix",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_5",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@@ -1002,16 +1087,15 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1759596342, "lastModified": 1762264356,
"narHash": "sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk=", "narHash": "sha256-QVfC53Ri+8n3e7Ujx9kq6all3+TLBRRPRnc6No5qY5w=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "4d065856e936fc6a99ba55d39ac2df9ded6bedbe", "rev": "647bb8dd96a206a1b79c4fd714affc88b409e10b",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "danth", "owner": "danth",
"ref": "release-25.05",
"repo": "stylix", "repo": "stylix",
"type": "github" "type": "github"
} }
@@ -1224,11 +1308,11 @@
"rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d", "rev": "0212af5b70347f0721cfe88c25e1efb77b645a2d",
"revCount": 2, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git" "url": "https://git.lebubu.org/jawz/wallpapers.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.servidos.lat/jawz/wallpapers.git" "url": "https://git.lebubu.org/jawz/wallpapers.git"
} }
}, },
"xdph": { "xdph": {
@@ -1259,11 +1343,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1755354946, "lastModified": 1761431178,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=", "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0", "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9",
"type": "github" "type": "github"
}, },
"original": { "original": {

107
flake.nix
View File

@@ -1,16 +1,28 @@
{ {
description = "JawZ NixOS flake setup"; description = "JawZ NixOS flake setup";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05"; flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small"; nixpkgs.url = "github:nixos/nixpkgs?ref=master";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=master";
# nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720"; ucodenix.url = "github:e-tho/ucodenix/ba7f0a366460e0fbea9622fc770cb982be0e4720";
home-manager = {
# url = "github:nix-community/home-manager?ref=release-25.05";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
# url = "github:danth/stylix/release-25.05";
url = "github:danth/stylix";
inputs.nixpkgs.follows = "nixpkgs";
};
doom-emacs = { doom-emacs = {
url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8"; url = "github:marienz/nix-doom-emacs-unstraightened/ad01165af00765af07989b6ad14115960ac675f8";
inputs.nixpkgs.follows = ""; inputs.nixpkgs.follows = "";
}; };
jawz-scripts = { jawz-scripts = {
url = "git+https://git.servidos.lat/jawz/scripts.git"; url = "git+https://git.lebubu.org/jawz/scripts.git";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur = { nur = {
@@ -25,18 +37,10 @@
url = "github:hyprwm/Hyprland"; url = "github:hyprwm/Hyprland";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager = {
url = "github:nix-community/home-manager?ref=release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix = {
url = "github:danth/stylix/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nixtendo-switch = { nixtendo-switch = {
url = "github:nyawox/nixtendo-switch"; url = "github:nyawox/nixtendo-switch";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -46,11 +50,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
wallpapers = { wallpapers = {
url = "git+https://git.servidos.lat/jawz/wallpapers.git"; url = "git+https://git.lebubu.org/jawz/wallpapers.git";
flake = false; flake = false;
}; };
fonts = { fonts = {
url = "git+https://git.servidos.lat/jawz/fonts.git"; url = "git+https://git.lebubu.org/jawz/fonts.git";
flake = false; flake = false;
}; };
qbit_manage = { qbit_manage = {
@@ -59,76 +63,13 @@
}; };
}; };
outputs = outputs =
{ self, jawz-scripts, ... }@inputs: inputs:
let inputs.flake-parts.lib.mkFlake { inherit inputs; } {
inherit (self) outputs; imports = [
system = "x86_64-linux"; ./parts/core.nix
mkpkgs = ./parts/hosts.nix
repo: ./parts/packages.nix
import repo { ./parts/devshells.nix
inherit system;
config.allowUnfree = true;
};
langList = builtins.filter (name: name != "emacs") (
builtins.map (file: builtins.replaceStrings [ ".nix" ] [ "" ] (baseNameOf file)) (
builtins.attrNames (builtins.readDir ./modules/dev)
)
);
commonModules = name: [
{
nixpkgs.overlays = [
(import ./config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
];
}
{
nix.registry = {
jawz.flake = self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
./hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
]; ];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules name;
};
in
{
nixosConfigurations = {
workstation = createConfig "workstation" inputs.nixpkgs;
miniserver = createConfig "miniserver" inputs.nixpkgs-small;
server = createConfig "server" inputs.nixpkgs-small;
galaxy = createConfig "galaxy" inputs.nixpkgs-small;
emacs = createConfig "emacs" inputs.nixpkgs;
};
packages.${system} = (jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules "emacs";
format = "vm";
};
};
devShells.${system} = builtins.listToAttrs (
map (name: {
inherit name;
value = self.nixosConfigurations.emacs.config.devShells.${name};
}) langList
);
}; };
} }

10
hosts/miniserver/configuration.nix
View File

@@ -1,17 +1,17 @@
{ config, ... }: { config, inputs, ... }:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3; nix.cores = 3;
nix.maxJobs = 8; nix.maxJobs = 8;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
]; ];
}; };
nix.buildMachines = nix.buildMachines =

14
hosts/miniserver/toggles.nix
View File

@@ -1,16 +1,6 @@
{ inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
emacs.enable = true; emacs.enable = true;

9
hosts/server/configuration.nix
View File

@@ -2,6 +2,7 @@
pkgs, pkgs,
config, config,
lib, lib,
inputs,
... ...
}: }:
{ {
@@ -10,12 +11,12 @@
../../config/base.nix ../../config/base.nix
../../config/stylix.nix ../../config/stylix.nix
]; ];
my = import ./toggles.nix { inherit config; } // { my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6; nix.cores = 6;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
network.firewall.enabledServicePorts = true; network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [ network.firewall.additionalPorts = [

16
hosts/server/toggles.nix
View File

@@ -1,17 +1,7 @@
{ config }: { config, inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled enableList;
inherit name; mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
value.enable = true;
};
mkEnabledIp = name: {
inherit name;
value = {
enable = true;
ip = config.my.ips.wg-server;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
mainServer = "server"; mainServer = "server";

85
hosts/workstation/configuration.nix
View File

@@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
config, config,
inputs,
... ...
}: }:
let let
@@ -22,29 +23,28 @@ in
../../config/stylix.nix ../../config/stylix.nix
../../environments/gnome.nix ../../environments/gnome.nix
]; ];
my = import ./toggles.nix // { my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8; nix.cores = 8;
nix.maxJobs = 8; nix.maxJobs = 8;
users.nixremote.enable = true; users.nixremote.enable = true;
users.nixremote.authorizedKeys = [ users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
}; };
home-manager.users.jawz = { home-manager.users.jawz.programs = {
programs = { vscode = {
vscode = { enable = true;
enable = true; package = pkgs.code-cursor;
package = pkgs.code-cursor-fhs; };
}; ghostty = {
ghostty = { enable = true;
enable = true; package = pkgs.ghostty;
package = pkgs.ghostty; enableBashIntegration = shellType == "bash";
enableBashIntegration = shellType == "bash"; enableZshIntegration = shellType == "zsh";
enableZshIntegration = shellType == "zsh"; installBatSyntax = true;
installBatSyntax = true; installVimSyntax = true;
installVimSyntax = true; settings.term = "xterm-256color";
};
}; };
}; };
networking = { networking = {
@@ -124,9 +124,9 @@ in
../../secrets/ssh/root-private-ca.pem ../../secrets/ssh/root-private-ca.pem
]; ];
services = { services = {
minio.enable = true;
flatpak.enable = true; flatpak.enable = true;
open-webui.enable = true; open-webui.enable = true;
tailscale.enable = true;
scx = { scx = {
enable = true; enable = true;
scheduler = "scx_lavd"; scheduler = "scx_lavd";
@@ -137,18 +137,55 @@ in
}; };
protonmail-bridge = { protonmail-bridge = {
enable = true; enable = true;
path = [ pkgs.gcr_4 ]; path = [ pkgs.gnome-keyring ];
}; };
ollama = { ollama = {
enable = true; enable = true;
acceleration = "cuda"; acceleration = "cuda";
models = "/srv/ai/ollama"; models = "/srv/ai/ollama";
}; };
sunshine = { postgresql = {
enable = true; enable = true;
autoStart = false; package = pkgs.postgresql_17;
capSysAdmin = true; enableTCPIP = true;
openFirewall = true; authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all ${config.my.localhost}/32 trust
host all all ::1/128 trust
'';
ensureDatabases = [ "webref" ];
ensureUsers = [
{
name = "webref";
ensureDBOwnership = true;
}
];
}; };
}; };
programs.virt-manager.enable = true;
users.groups.libvirtd.members = [ "jawz" ];
virtualisation.libvirtd.enable = true;
systemd.services.minio-init = {
description = "Initialize MinIO buckets";
after = [ "minio.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
# Wait for MinIO to be ready
until ${pkgs.curl}/bin/curl -sf http://localhost:9000/minio/health/live > /dev/null 2>&1; do
echo "Waiting for MinIO..."
sleep 1
done
# Configure mc alias and create bucket
${pkgs.minio-client}/bin/mc alias set local http://localhost:9000 minioadmin minioadmin || true
${pkgs.minio-client}/bin/mc mb local/webref || true
${pkgs.minio-client}/bin/mc anonymous set public local/webref || true
echo "MinIO initialized with webref bucket"
'';
};
} }

7
hosts/workstation/toggles.nix
View File

@@ -1,9 +1,6 @@
{ inputs }:
let let
mkEnabled = name: { inherit (inputs.self.lib) mkEnabled enableList;
inherit name;
value.enable = true;
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
in in
{ {
stylix.enable = true; stylix.enable = true;

20
modules/apps/gaming.nix
View File

@@ -5,6 +5,21 @@
pkgs, pkgs,
... ...
}: }:
let
retroarchWithCores = pkgs.retroarch.withCores (
cores:
builtins.attrValues {
inherit (cores)
mgba # gba
pcsx2 # ps2
dolphin # wii / gamecube
snes9x2010 # snes
desmume # nintendo ds
citra # 3ds
;
}
);
in
{ {
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ]; imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = { options.my.apps = {
@@ -36,6 +51,7 @@
# }; # };
}; };
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit retroarchWithCores;
inherit (pkgs) inherit (pkgs)
shipwright # zelda OoT port shipwright # zelda OoT port
mangohud # fps & stats overlay mangohud # fps & stats overlay
@@ -47,12 +63,8 @@
ns-usbloader # load games into my switch ns-usbloader # load games into my switch
# emulators # emulators
rpcs3 # ps3 rpcs3 # ps3
pcsx2 # ps2
cemu # wii u cemu # wii u
dolphin-emu # wii
snes9x-gtk # snes
ryubing # switch ryubing # switch
azahar # 3Ds
prismlauncher # minecraft launcher with jdk overlays prismlauncher # minecraft launcher with jdk overlays
; ;
}; };

45
modules/apps/internet.nix
View File

@@ -5,29 +5,26 @@
... ...
}: }:
let let
krisp-patcher = krisp-settings = {
pkgs.writers.writePython3Bin "krisp-patcher" libraries = builtins.attrValues {
{ inherit (pkgs.python3Packages)
libraries = builtins.attrValues { capstone
inherit (pkgs.python3Packages) pyelftools
capstone ;
pyelftools };
; flakeIgnore = [
}; "E501" # line too long (82 > 79 characters)
flakeIgnore = [ "F403" # 'from module import *' used; unable to detect undefined names
"E501" # line too long (82 > 79 characters) "F405" # name may be undefined, or defined from star imports: module
"F403" # 'from module import *' used; unable to detect undefined names ];
"F405" # name may be undefined, or defined from star imports: module };
]; krisp-patch = builtins.readFile (
} pkgs.fetchurl {
( url = "https://pastebin.com/raw/8tQDsMVd";
builtins.readFile ( sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8=";
pkgs.fetchurl { }
url = "https://pastebin.com/raw/8tQDsMVd"; );
sha256 = "sha256-IdXv0MfRG1/1pAAwHLS2+1NESFEz2uXrbSdvU9OvdJ8="; krisp-patcher = pkgs.writers.writePython3Bin "krisp-patcher" krisp-settings krisp-patch;
}
)
);
in in
{ {
options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps"; options.my.apps.internet.enable = lib.mkEnableOption "internet browsers and communication apps";
@@ -42,7 +39,7 @@ in
warp # transfer files with based ppl warp # transfer files with based ppl
nextcloud-client # self-hosted google-drive alternative nextcloud-client # self-hosted google-drive alternative
fragments # beautiful torrent client fragments # beautiful torrent client
tor-browser-bundle-bin # dark web, so dark! tor-browser # dark web, so dark!
telegram-desktop # furry chat telegram-desktop # furry chat
nicotine-plus # remember Ares? nicotine-plus # remember Ares?
discord # :3 discord # :3

6
modules/dev/docker.nix
View File

@@ -6,9 +6,9 @@
}: }:
let let
packages = builtins.attrValues { packages = builtins.attrValues {
inherit (pkgs) dockfmt; # Format Dockerfiles inherit (pkgs)
inherit (pkgs.nodePackages) dockfmt # Format Dockerfiles
dockerfile-language-server-nodejs # LSP for Dockerfiles dockerfile-language-server # LSP for Dockerfiles
; ;
}; };
in in

11
modules/dev/emacs.nix
View File

@@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@@ -14,10 +15,12 @@
"doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org; "doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org;
}; };
services.lorri.enable = true; services.lorri.enable = true;
programs.${config.my.shell.type}.shellAliases = { programs.${config.my.shell.type}.shellAliases =
edit = "emacsclient -t"; inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
e = "edit"; {
}; edit = "emacsclient -t";
e = "edit";
};
}; };
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs.xorg) xwininfo; inherit (pkgs.xorg) xwininfo;

17
modules/dev/nix.nix
View File

@@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@@ -33,12 +34,14 @@ in
}; };
config = lib.mkIf config.my.dev.nix.enable { config = lib.mkIf config.my.dev.nix.enable {
users.users.jawz = { inherit packages; }; users.users.jawz = { inherit packages; };
home-manager.users.jawz.programs.${shellType}.shellAliases = { home-manager.users.jawz.programs.${shellType}.shellAliases =
nixformat = '' inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
deadnix -e && \ {
nix run nixpkgs#nixfmt-tree && \ nixformat = ''
statix fix deadnix -e && \
''; nix run nixpkgs#nixfmt-tree && \
}; statix fix
'';
};
}; };
} }

1
modules/dev/sh.nix
View File

@@ -7,7 +7,6 @@
let let
packages = builtins.attrValues { packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
bashdb # Debugger and completion support
shellcheck # Shell script linter shellcheck # Shell script linter
shfmt # Shell parser and formatter shfmt # Shell parser and formatter
; ;

54
modules/factories/mkserver.nix
View File

@@ -53,58 +53,8 @@ let
default = null; default = null;
}; };
}; };
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == config.networking.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
in in
{ {
inherit inherit mkOptions;
mkOptions mkServerOptions = mkOptions;
proxy
proxyReverse
proxyReverseFix
proxyReversePrivate
;
} }

156
modules/modules.nix
View File

@@ -1,23 +1,23 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
filterNames = file: file != "librewolf.nix"; filterNames = file: file != "librewolf.nix";
autoImport =
dir:
builtins.readDir ./${dir}
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterNames file)
|> map (file: ./${dir}/${file});
in in
{ {
imports = imports =
autoImport "apps" inputs.self.lib.autoImport ./apps filterNames
++ autoImport "dev" ++ inputs.self.lib.autoImport ./dev filterNames
++ autoImport "scripts" ++ inputs.self.lib.autoImport ./scripts filterNames
++ autoImport "servers" ++ inputs.self.lib.autoImport ./servers filterNames
++ autoImport "services" ++ inputs.self.lib.autoImport ./services filterNames
++ autoImport "shell" ++ inputs.self.lib.autoImport ./shell filterNames
++ autoImport "network" ++ inputs.self.lib.autoImport ./network filterNames
++ [ ++ [
./factories/mkscript.nix
./nix/build.nix ./nix/build.nix
./users/nixremote.nix ./users/nixremote.nix
]; ];
@@ -39,7 +39,7 @@ in
}; };
domain = lib.mkOption { domain = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "servidos.lat"; default = "lebubu.org";
description = "The domain name."; description = "The domain name.";
}; };
ips = lib.mkOption { ips = lib.mkOption {
@@ -49,7 +49,7 @@ in
server = "192.168.100.15"; server = "192.168.100.15";
miniserver = "192.168.1.100"; miniserver = "192.168.1.100";
workstation = "192.168.100.18"; workstation = "192.168.100.18";
vps = "51.222.141.104"; vps = "45.79.25.87";
wg-vps = "10.77.0.1"; wg-vps = "10.77.0.1";
wg-server = "10.77.0.2"; wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2"; wg-friend1 = "10.8.0.2";
@@ -105,65 +105,71 @@ in
enableProxy = lib.mkEnableOption "nginx reverse proxy for services"; enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
}; };
config = { config = {
assertions = [ assertions =
{ # PostgreSQL dependency assertions
assertion = config.my.servers.nextcloud.enable -> config.my.servers.postgres.enable; inputs.self.lib.mkPostgresDependencies config [
message = "Nextcloud requires PostgreSQL to be enabled"; {
} service = "nextcloud";
{ name = "Nextcloud";
assertion = config.my.servers.vaultwarden.enable -> config.my.servers.postgres.enable; }
message = "Vaultwarden requires PostgreSQL to be enabled"; {
} service = "vaultwarden";
{ name = "Vaultwarden";
assertion = config.my.servers.firefly-iii.enable -> config.my.servers.postgres.enable; }
message = "Firefly III requires PostgreSQL to be enabled"; {
} service = "firefly-iii";
{ name = "Firefly III";
assertion = config.my.servers.mealie.enable -> config.my.servers.postgres.enable; }
message = "Mealie requires PostgreSQL to be enabled"; {
} service = "mealie";
{ name = "Mealie";
assertion = config.my.servers.shiori.enable -> config.my.servers.postgres.enable; }
message = "Shiori requires PostgreSQL to be enabled"; {
} service = "shiori";
{ name = "Shiori";
assertion = config.my.servers.ryot.enable -> config.my.servers.postgres.enable; }
message = "Ryot requires PostgreSQL to be enabled"; {
} service = "ryot";
{ name = "Ryot";
assertion = config.my.servers.synapse.enable -> config.my.servers.postgres.enable; }
message = "Matrix Synapse requires PostgreSQL to be enabled"; {
} service = "synapse";
{ name = "Matrix Synapse";
assertion = config.my.servers.gitea.enable -> config.my.servers.postgres.enable; }
message = "Gitea requires PostgreSQL to be enabled"; {
} service = "gitea";
{ name = "Gitea";
assertion = }
config.my.enableProxy ]
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers)); ++
message = "enableProxy is true but no services have enableProxy enabled"; # Other assertions
} [
{ {
assertion = assertion =
config.my.enableContainers config.my.enableProxy
|| !(builtins.any (opt: opt) [ -> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
config.my.servers.ryot.enable message = "enableProxy is true but no services have enableProxy enabled";
config.my.servers.lidarr.enable }
config.my.servers.prowlarr.enable {
config.my.servers.maloja.enable assertion =
config.my.servers.multi-scrobbler.enable config.my.enableContainers
config.my.servers.flame.enable || !(builtins.any (opt: opt) [
config.my.servers.flameSecret.enable config.my.servers.ryot.enable
config.my.servers.metube.enable config.my.servers.lidarr.enable
config.my.servers.go-vod.enable config.my.servers.prowlarr.enable
config.my.servers.tranga.enable config.my.servers.maloja.enable
config.my.servers.drpp.enable config.my.servers.multi-scrobbler.enable
config.my.servers.plex-discord-bot.enable config.my.servers.flame.enable
]); config.my.servers.flameSecret.enable
message = "Container services are enabled but enableContainers is false"; config.my.servers.metube.enable
} config.my.servers.go-vod.enable
]; config.my.servers.tranga.enable
config.my.servers.drpp.enable
config.my.servers.plex-discord-bot.enable
]);
message = "Container services are enabled but enableContainers is false";
}
];
virtualisation = { virtualisation = {
containers.enable = true; containers.enable = true;
oci-containers.backend = "podman"; oci-containers.backend = "podman";

44
modules/network/firewall.nix
View File

@@ -1,18 +1,24 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
nativeServicesWithOpenFirewall = [ firewallBlacklist = [
"adguardhome" "sabnzbd"
"plex" "lidarr"
"nix-serve" "maloja"
"radarr" "tranga"
"sonarr" "flame"
"jellyfin" "flameSecret"
"prowlarr" "ryot"
"bazarr" "drpp"
"stash" "metube"
"ombi" "multi-scrobbler"
"flaresolverr" "plex-discord-bot"
]; ];
nativeServicesWithOpenFirewall = inputs.self.lib.getServicesWithNativeFirewall config firewallBlacklist;
servicesConfig = lib.listToAttrs ( servicesConfig = lib.listToAttrs (
map (serviceName: { map (serviceName: {
name = serviceName; name = serviceName;
@@ -37,17 +43,7 @@ in
config = lib.mkIf config.my.network.firewall.enabledServicePorts { config = lib.mkIf config.my.network.firewall.enabledServicePorts {
services = servicesConfig; services = servicesConfig;
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts =
config.my.network.firewall.staticPorts inputs.self.lib.generateFirewallPorts config nativeServicesWithOpenFirewall lib
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv:
(srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServicesWithOpenFirewall)
)
|> lib.attrValues
|> map (srv: srv.port)
)
++ (lib.optionals config.services.nginx.enable [ ++ (lib.optionals config.services.nginx.enable [
config.services.nginx.defaultHTTPListenPort config.services.nginx.defaultHTTPListenPort
config.services.nginx.defaultSSLListenPort config.services.nginx.defaultSSLListenPort

14
modules/network/nginx.nix
View File

@@ -1,6 +1,10 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
proxyReverseServices = [ proxyReverseServices = [
"firefox-syncserver" "firefox-syncserver"
"readeck" "readeck"
@@ -44,11 +48,11 @@ let
cfg = config.my.servers.${serviceName}; cfg = config.my.servers.${serviceName};
proxyFunc = proxyFunc =
if serviceConfig.type == "proxyReverse" then if serviceConfig.type == "proxyReverse" then
setup.proxyReverse inputs.self.lib.proxyReverse
else if serviceConfig.type == "proxyReverseFix" then else if serviceConfig.type == "proxyReverseFix" then
setup.proxyReverseFix inputs.self.lib.proxyReverseFix
else if serviceConfig.type == "proxyReversePrivate" then else if serviceConfig.type == "proxyReversePrivate" then
setup.proxyReversePrivate inputs.self.lib.proxyReversePrivate
else else
throw "Unknown proxy type: ${serviceConfig.type}"; throw "Unknown proxy type: ${serviceConfig.type}";
in in

30
modules/nix/gitea-actions-runners/nixos.nix
View File

@@ -9,22 +9,46 @@ let
in in
{ {
config = lib.mkIf (cfg.enable && config.my.secureHost) { config = lib.mkIf (cfg.enable && config.my.secureHost) {
users.groups.gitea-runner = { };
users.users.gitea-runner = {
isSystemUser = true;
group = "gitea-runner";
extraGroups = [
"docker"
"podman"
];
};
nix.settings = {
allowed-users = [
"gitea"
"gitea-runner"
];
trusted-users = [
"gitea"
"gitea-runner"
];
};
services.gitea-actions-runner.instances.nixos = { services.gitea-actions-runner.instances.nixos = {
inherit (cfg) url enable; inherit (cfg) url enable;
name = "${config.networking.hostName}-nixos"; name = "${config.networking.hostName}-nixos";
tokenFile = config.sops.secrets.gitea.path; tokenFile = config.sops.secrets.gitea.path;
labels = [ labels = [
"nix:host"
"nixos:host" "nixos:host"
]; ];
hostPackages = builtins.attrValues { hostPackages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
bash bash
curl
coreutils coreutils
gitMinimal gitMinimal
nix
attic-client attic-client
nodejs # Required for GitHub Actions podman
openssh # Required for SSH git operations podman-compose
nix
nodejs
openssh
python3
; ;
}; };
}; };

37
modules/scripts/download.nix
View File

@@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
options.my.units = { options.my.units = {
download.enable = lib.mkEnableOption "media download automation scripts"; download.enable = lib.mkEnableOption "media download automation scripts";
downloadManga.enable = lib.mkEnableOption "manga download automation"; downloadManga.enable = lib.mkEnableOption "manga download automation";
@@ -17,32 +16,26 @@
in in
{ {
home-manager.users.jawz.programs.${config.my.shell.type} = { home-manager.users.jawz.programs.${config.my.shell.type} = {
shellAliases = { shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
dl = "${download}/bin/download -u jawz -i"; dl = "${download}/bin/download -u jawz -i";
comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"''; comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"'';
gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"''; gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"'';
}; };
} }
// ( //
if config.my.shell.type == "bash" then inputs.self.lib.shellConditional config.my.shell.type
{ ''
initExtra = '' list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz export LW=$list_root/watch.txt
export LW=$list_root/watch.txt export LI=$list_root/instant.txt
export LI=$list_root/instant.txt export LC=$list_root/comic.txt
export LC=$list_root/comic.txt ''
''; ''
} list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
else export LW=$list_root/watch.txt
{ export LI=$list_root/instant.txt
initContent = '' export LC=$list_root/comic.txt
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz '';
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
}
);
systemd.user = { systemd.user = {
services = services =
let let

1
modules/scripts/ffmpeg4discord.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpeg4discord = { config.my.scripts.ffmpeg4discord = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/ffmpreg.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpreg = { config.my.scripts.ffmpreg = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/find-dup-episode.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.find-dup-episodes = { config.my.scripts.find-dup-episodes = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/library-report.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.library-report = { config.my.scripts.library-report = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/manage-library.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.manage-library = { config.my.scripts.manage-library = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/pika-list.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.pika-list = { config.my.scripts.pika-list = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/run.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.run = { config.my.scripts.run = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/split-dir.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.split-dir = { config.my.scripts.split-dir = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/stream-dl.nix
View File

@@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service"; options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
config = config =
let let

1
modules/scripts/tasks.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tasks = { config.my.scripts.tasks = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/tuh-activity-logger.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }: { inputs, lib, ... }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tuh-activity-logger = { config.my.scripts.tuh-activity-logger = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = true; install = true;

1
modules/scripts/update-dns.nix
View File

@@ -6,7 +6,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
config = lib.mkIf config.my.secureHost { config = lib.mkIf config.my.secureHost {
sops.secrets = { sops.secrets = {
cloudflare-api.sopsFile = ../../secrets/env.yaml; cloudflare-api.sopsFile = ../../secrets/env.yaml;

1
modules/scripts/update-org-agenda-cache.nix
View File

@@ -5,7 +5,6 @@
... ...
}: }:
{ {
imports = [ ../factories/mkscript.nix ];
config.my.scripts.update-org-agenda-cache = { config.my.scripts.update-org-agenda-cache = {
enable = lib.mkDefault false; enable = lib.mkDefault false;
install = config.my.emacs.enable; install = config.my.emacs.enable;

20
modules/servers/atticd.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.atticd;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.atticd;
in in
{ {
options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343; options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
@@ -13,21 +17,25 @@ in
settings = { settings = {
listen = "[::]:${toString cfg.port}"; listen = "[::]:${toString cfg.port}";
jwt = { }; jwt = { };
database.heartbeat = true; # 5 minutes
chunking = { chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB max-size = 256 * 1024; # 256 KiB
}; };
compression = {
type = "zstd";
level = 8;
};
garbage-collection = { garbage-collection = {
interval = "7 days"; interval = "7 days";
default-retention-period = "7 days"; default-retention-period = "7 days";
}; };
}; };
}; };
systemd.services.atticd = {
serviceConfig = {
TimeoutStartSec = "15min";
TimeoutStopSec = "5min";
MemoryMax = "4G";
};
};
}; };
} }

8
modules/servers/audiobookshelf.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.audiobookshelf;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.audiobookshelf;
in in
{ {
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687; options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;

8
modules/servers/bazarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.bazarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.bazarr;
in in
{ {
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort; options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;

8
modules/servers/drpp.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.drpp;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.drpp;
in in
{ {
options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0; options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;

8
modules/servers/firefox-syncserver.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.firefox-syncserver;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.firefox-syncserver;
in in
{ {
options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233; options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;

6
modules/servers/flame.nix
View File

@@ -1,4 +1,8 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.flame; cfg = config.my.servers.flame;
cfgS = config.my.servers.flameSecret; cfgS = config.my.servers.flameSecret;

3
modules/servers/gitea.nix
View File

@@ -5,12 +5,11 @@
... ...
}: }:
let let
cfg = config.my.servers.gitea;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.gitea;
in in
{ {
imports = [ imports = [
../nix/gitea-actions-runners/ryujinx.nix
../nix/gitea-actions-runners/nixos.nix ../nix/gitea-actions-runners/nixos.nix
]; ];
options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083; options.my.servers.gitea = setup.mkOptions "gitea" "git" 9083;

8
modules/servers/homepage.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.homepage;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.homepage;
in in
{ {
options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082; options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;

12
modules/servers/homepage/bookmarks/servers.nix
View File

@@ -4,7 +4,7 @@
readeck = [ readeck = [
{ {
abbr = "RD"; abbr = "RD";
href = "https://laters.servidos.lat/"; href = "https://laters.lebubu.org/";
description = ""; description = "";
} }
]; ];
@@ -13,7 +13,7 @@
maloja = [ maloja = [
{ {
abbr = "ML"; abbr = "ML";
href = "https://maloja.servidos.lat/"; href = "https://maloja.lebubu.org/";
description = ""; description = "";
} }
]; ];
@@ -22,7 +22,7 @@
microbin = [ microbin = [
{ {
abbr = "CP"; abbr = "CP";
href = "https://copy.servidos.lat/"; href = "https://copy.lebubu.org/";
description = ""; description = "";
} }
]; ];
@@ -31,7 +31,7 @@
multi-scrobbler = [ multi-scrobbler = [
{ {
abbr = "MS"; abbr = "MS";
href = "https://scrobble.servidos.lat/"; href = "https://scrobble.lebubu.org/";
description = ""; description = "";
} }
]; ];
@@ -40,7 +40,7 @@
ryot = [ ryot = [
{ {
abbr = "RT"; abbr = "RT";
href = "https://tracker.servidos.lat/"; href = "https://tracker.lebubu.org/";
description = ""; description = "";
} }
]; ];
@@ -49,7 +49,7 @@
vaultwarden = [ vaultwarden = [
{ {
abbr = "VW"; abbr = "VW";
href = "https://vault.servidos.lat"; href = "https://vault.lebubu.org";
description = ""; description = "";
} }
]; ];

2
modules/servers/jellyfin.nix
View File

@@ -8,6 +8,7 @@
let let
cfg = config.my.servers.jellyfin; cfg = config.my.servers.jellyfin;
inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync; inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync;
setup = import ../factories/mkserver.nix { inherit lib config; };
sub-sync-path = [ sub-sync-path = [
pkgs.nix pkgs.nix
pkgs.bash pkgs.bash
@@ -19,7 +20,6 @@ let
pkgs.gum pkgs.gum
sub-sync sub-sync
]; ];
setup = import ../factories/mkserver.nix { inherit lib config; };
in in
{ {
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096; options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;

8
modules/servers/kavita.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.kavita;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.kavita;
in in
{ {
options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port; options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;

8
modules/servers/lidarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.lidarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.lidarr;
in in
{ {
options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686; options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;

8
modules/servers/maloja.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.maloja;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.maloja;
in in
{ {
options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010; options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;

8
modules/servers/mealie.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.mealie;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.mealie;
in in
{ {
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925; options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;

8
modules/servers/metube.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.metube;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.metube;
in in
{ {
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881; options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;

8
modules/servers/microbin.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.microbin;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.microbin;
in in
{ {
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086; options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;

8
modules/servers/multi-scrobbler.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.multi-scrobbler;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.multi-scrobbler;
in in
{ {
options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078; options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;

43
modules/servers/nextcloud.nix
View File

@@ -6,6 +6,7 @@
... ...
}: }:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
commonProxyConfig = '' commonProxyConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
''; '';
@@ -28,10 +29,9 @@ let
}; };
} }
); );
pytensorflow = pkgs.python311.withPackages (ps: [ ps.tensorflow ]); pytensorflow = pkgs.python3.withPackages (ps: [ ps.tensorflow ]);
cfg = config.my.servers.nextcloud; cfg = config.my.servers.nextcloud;
cfgC = config.my.servers.collabora; cfgC = config.my.servers.collabora;
setup = import ../factories/mkserver.nix { inherit lib config; };
in in
{ {
options.my.servers = { options.my.servers = {
@@ -175,6 +175,14 @@ in
]; ];
#vps #vps
serverAliases = [ "cloud.rotehaare.art" ]; serverAliases = [ "cloud.rotehaare.art" ];
extraConfig = ''
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
'';
locations = { locations = {
"/".proxyWebsockets = true; "/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" = "~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
@@ -187,6 +195,11 @@ in
http2 = true; http2 = true;
locations = { locations = {
# static files # static files
"^~ /browser" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Legacy static files (for compatibility)
"^~ /loleaflet" = { "^~ /loleaflet" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
@@ -202,11 +215,21 @@ in
extraConfig = commonProxyConfig; extraConfig = commonProxyConfig;
}; };
# download, presentation, image upload and websocket # download, presentation, image upload and websocket
"~ ^/cool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy websocket (for compatibility)
"~ ^/lool" = { "~ ^/lool" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
}; };
# Admin Console websocket # Admin Console websocket
"^~ /cool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy Admin Console websocket (for compatibility)
"^~ /lool/adminws" = { "^~ /lool/adminws" = {
proxyPass = cfgC.local; proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig; extraConfig = commonWebsocketConfig;
@@ -231,23 +254,23 @@ in
}; };
collabora = lib.mkIf cfgC.enable { collabora = lib.mkIf cfgC.enable {
autoStart = true; autoStart = true;
image = "collabora/code"; image = "collabora/code:latest";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
ports = [ "9980:9980" ]; ports = [ "9980:9980" ];
environment = { environment = {
TZ = config.my.timeZone; TZ = config.my.timeZone;
domain = cfg.host; domain = cfg.host;
aliasgroup1 = "${cfg.host}:443"; aliasgroup1 = "${cfg.url}:443";
aliasgroup2 = "cloud.rotehaare.art:443"; aliasgroup2 = "https://cloud.rotehaare.art:443";
server_name = cfgC.host;
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru"; dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = '' extra_params = ''
--o:ssl.enable=false --o:ssl.enable=false
--o:ssl.termination=true --o:ssl.termination=true
--o:remote_font_config.url=${cfg.url}/apps/richdocuments/settings/fonts.json
--o:logging.level=information
''; '';
DONT_GEN_SSL_CERT = "1";
SLEEPFORDEBUGGER = "0";
}; };
extraOptions = [ extraOptions = [
"--cap-add" "--cap-add"

2
modules/servers/nix-serve.nix
View File

@@ -5,8 +5,8 @@
... ...
}: }:
let let
cfg = config.my.servers.nix-serve;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.nix-serve;
in in
{ {
options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000; options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;

8
modules/servers/ombi.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.ombi;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ombi;
in in
{ {
options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425; options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;

8
modules/servers/plex-discord-bot.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.plex-discord-bot;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex-discord-bot;
name = "plex-discord-bot"; name = "plex-discord-bot";
in in
{ {

2
modules/servers/plex.nix
View File

@@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.servers.plex;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex;
in in
{ {
options.my.servers.plex = setup.mkOptions "plex" "plex" 32400; options.my.servers.plex = setup.mkOptions "plex" "plex" 32400;

2
modules/servers/portfolio.nix
View File

@@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.websites.portfolio;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.websites.portfolio;
in in
{ {
options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0; options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0;

2
modules/servers/prowlarr.nix
View File

@@ -4,8 +4,8 @@
... ...
}: }:
let let
cfg = config.my.servers.prowlarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.prowlarr;
in in
{ {
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696; options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;

12
modules/servers/qbittorrent.nix
View File

@@ -1,8 +1,8 @@
{ {
inputs,
lib, lib,
config, config,
pkgs, pkgs,
inputs,
... ...
}: }:
let let
@@ -36,6 +36,10 @@ let
; ;
} }
); );
torrentCompletionScript = pkgs.writeShellScript "qbit-torrent-completion" ''
chown jawz:piracy -R "$1"
chmod -R 775 "$1"
'';
in in
{ {
options.my.servers = { options.my.servers = {
@@ -50,6 +54,7 @@ in
}; };
}; };
config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) { config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent; home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
sops.secrets = sops.secrets =
let let
@@ -72,7 +77,10 @@ in
"unpackerr/radarr-api" = mkUnpackerrSecret; "unpackerr/radarr-api" = mkUnpackerrSecret;
}; };
systemd = { systemd = {
packages = [ pkgs.qbittorrent-nox ]; packages = [
pkgs.qbittorrent-nox
torrentCompletionScript
];
services."qbittorrent-nox@jawz" = { services."qbittorrent-nox@jawz" = {
enable = true; enable = true;
overrideStrategy = "asDropin"; overrideStrategy = "asDropin";

8
modules/servers/radarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.radarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.radarr;
in in
{ {
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878; options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;

8
modules/servers/readeck.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.readeck;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.readeck;
in in
{ {
options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546; options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546;

8
modules/servers/ryot.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.ryot;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ryot;
in in
{ {
options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765; options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;

1
modules/servers/sabnzbd.nix
View File

@@ -12,6 +12,7 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
my.network.firewall.additionalPorts = [ cfg.port ];
services.sabnzbd = { services.sabnzbd = {
inherit (cfg) enable; inherit (cfg) enable;
group = "piracy"; group = "piracy";

8
modules/servers/shiori.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.shiori;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.shiori;
in in
{ {
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368; options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;

8
modules/servers/sonarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }: {
lib,
config,
...
}:
let let
cfg = config.my.servers.sonarr;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.sonarr;
in in
{ {
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989; options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;

42
modules/servers/stash.nix
View File

@@ -1,7 +1,31 @@
{ lib, config, ... }: {
lib,
config,
pkgs,
...
}:
let let
cfg = config.my.servers.stash;
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.stash;
cfgS = config.services.stash;
stashPythonFHS = pkgs.buildFHSEnv {
name = "stash-python-fhs";
targetPkgs =
pkgs:
builtins.attrValues {
inherit (pkgs)
python3
gcc
glibc
;
inherit (pkgs.python3Packages)
pip
virtualenv
;
inherit (pkgs.stdenv.cc.cc) lib;
};
runScript = "bash";
};
in in
{ {
options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999; options.my.servers.stash = setup.mkOptions "stash" "xxx" 9999;
@@ -29,5 +53,19 @@ in
]; ];
}; };
}; };
systemd.services.stash = {
environment = {
PYTHONPATH = "/var/lib/stash/venv/lib/python3.12/site-packages";
LD_LIBRARY_PATH = "${pkgs.stdenv.cc.cc.lib}/lib:${pkgs.glibc}/lib:${pkgs.zlib}/lib:${pkgs.libffi}/lib:${pkgs.openssl}/lib";
};
serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ ];
BindPaths = lib.mkIf (cfgS.settings != { }) (map (stash: "${stash.path}") cfgS.settings.stash);
};
};
users.users.stash = {
isSystemUser = true;
packages = [ stashPythonFHS ];
};
}; };
} }

4
modules/servers/synapse.nix
View File

@@ -5,10 +5,10 @@
... ...
}: }:
let let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.synapse; cfg = config.my.servers.synapse;
cfgE = config.my.servers.element; cfgE = config.my.servers.element;
domain = "wedsgk5ac2qcaf9yb.click"; domain = "wedsgk5ac2qcaf9yb.click";
setup = import ../factories/mkserver.nix { inherit lib config; };
clientConfig."m.homeserver".base_url = cfg.url; clientConfig."m.homeserver".base_url = cfg.url;
serverConfig."m.server" = "${cfg.host}:443"; serverConfig."m.server" = "${cfg.host}:443";
mkWellKnown = data: '' mkWellKnown = data: ''
@@ -58,7 +58,7 @@ in
]; ];
settings = { settings = {
server_name = cfg.domain; server_name = cfg.domain;
public_baseurl = cfg.url; public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
federation_domain_whitelist = [ ]; federation_domain_whitelist = [ ];
allow_public_rooms_without_auth = false; allow_public_rooms_without_auth = false;
allow_public_rooms_over_federation = false; allow_public_rooms_over_federation = false;

6
modules/servers/tranga.nix
View File

@@ -1,4 +1,8 @@
{ config, lib, ... }: {
config,
lib,
...
}:
let let
setup = import ../factories/mkserver.nix { inherit lib config; }; setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.tranga; cfg = config.my.servers.tranga;

6
modules/services/network.nix
View File

@@ -13,7 +13,8 @@
hosts = config.my.ips |> lib.mapAttrs' (hostname: ip: lib.nameValuePair ip [ hostname ]); hosts = config.my.ips |> lib.mapAttrs' (hostname: ip: lib.nameValuePair ip [ hostname ]);
interfaces."${config.my.interfaces.${config.networking.hostName}}".wakeOnLan.enable = true; interfaces."${config.my.interfaces.${config.networking.hostName}}".wakeOnLan.enable = true;
}; };
services.dnscrypt-proxy2 = { systemd.services.dnscrypt-proxy.serviceConfig.StateDirectory = "dnscrypt-proxy";
services.dnscrypt-proxy = {
enable = true; enable = true;
settings = { settings = {
ipv6_servers = true; ipv6_servers = true;
@@ -43,8 +44,5 @@
]; ];
}; };
}; };
systemd.services.dnscrypt-proxy2.serviceConfig = {
StateDirectory = "dnscrypt-proxy";
};
}; };
} }

2
modules/services/nvidia.nix
View File

@@ -17,7 +17,7 @@
extraPackages = builtins.attrValues { extraPackages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
nvidia-vaapi-driver nvidia-vaapi-driver
vaapiVdpau libva-vdpau-driver
libvdpau-va-gl libvdpau-va-gl
vulkan-loader vulkan-loader
mesa mesa

5
modules/shell/multimedia.nix
View File

@@ -1,5 +1,6 @@
{ {
config, config,
inputs,
lib, lib,
pkgs, pkgs,
... ...
@@ -19,12 +20,12 @@
embed-thumbnail = true; embed-thumbnail = true;
embed-subs = true; embed-subs = true;
sub-langs = "all"; sub-langs = "all";
cookies-from-browser = "firefox+gcr_4:/home/jawz/.librewolf/jawz"; cookies-from-browser = "firefox+gnomekeyring:/home/jawz/.librewolf/jawz";
}; };
}; };
gallery-dl = { gallery-dl = {
enable = true; enable = true;
settings = import ../../dotfiles/gallery-dl.nix; settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
}; };
${config.my.shell.type} = { ${config.my.shell.type} = {
initExtra = lib.mkAfter '' initExtra = lib.mkAfter ''

40
modules/shell/tools.nix
View File

@@ -57,7 +57,7 @@ in
}; };
}; };
${shellType} = { ${shellType} = {
shellAliases = { shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
cd = "z"; cd = "z";
hh = "hstr"; hh = "hstr";
ls = "eza --icons --group-directories-first"; ls = "eza --icons --group-directories-first";
@@ -70,26 +70,20 @@ in
uniq --count | sort -rn''; uniq --count | sort -rn'';
}; };
} }
// ( //
if shellType == "bash" then inputs.self.lib.shellConditional shellType
{ ''
initExtra = '' if command -v fzf-share >/dev/null; then
if command -v fzf-share >/dev/null; then source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/key-bindings.bash" source "$(fzf-share)/completion.bash"
source "$(fzf-share)/completion.bash" fi
fi ''
''; ''
} if command -v fzf-share >/dev/null; then
else source "$(fzf-share)/key-bindings.bash"
{ source "$(fzf-share)/completion.bash"
initContent = '' fi
if command -v fzf-share >/dev/null; then '';
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}
);
}; };
programs = { programs = {
starship.enable = true; starship.enable = true;
@@ -103,7 +97,7 @@ in
users.users.jawz.packages = builtins.attrValues { users.users.jawz.packages = builtins.attrValues {
inherit (pkgs) inherit (pkgs)
ripgrep # modern grep ripgrep # modern grep
du-dust # rusty du similar to gdu dust # rusty du similar to gdu
fd # modern find, faster searches fd # modern find, faster searches
fzf # fuzzy finder! super cool and useful fzf # fuzzy finder! super cool and useful
gdu # disk-space utility checker, somewhat useful gdu # disk-space utility checker, somewhat useful
@@ -112,8 +106,6 @@ in
jq # json parser jq # json parser
yq # yaml parser yq # yaml parser
smartmontools # check hard drie health smartmontools # check hard drie health
;
inherit (inputs.jawz-scripts.packages.x86_64-linux)
rmlint # amazing dupe finder that integrates well with BTRFS rmlint # amazing dupe finder that integrates well with BTRFS
; ;
}; };

15
modules/users/nixremote.nix
View File

@@ -1,13 +1,18 @@
{ lib, config, ... }: {
lib,
config,
inputs,
...
}:
{ {
options.my.users.nixremote = { options.my.users.nixremote = {
enable = lib.mkEnableOption "nixremote user for distributed builds"; enable = lib.mkEnableOption "nixremote user for distributed builds";
authorizedKeys = lib.mkOption { authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.path; type = lib.types.listOf lib.types.path;
default = [ default = inputs.self.lib.getSshKeys [
../../secrets/ssh/ed25519_nixworkstation.pub "nixworkstation"
../../secrets/ssh/ed25519_nixserver.pub "nixserver"
../../secrets/ssh/ed25519_nixminiserver.pub "nixminiserver"
]; ];
description = "List of SSH public key files to authorize for nixremote user"; description = "List of SSH public key files to authorize for nixremote user";
}; };

218
parts/core.nix Normal file
View File

@@ -0,0 +1,218 @@
{ inputs, ... }:
let
system = "x86_64-linux";
mkpkgs =
repo:
import repo {
inherit system;
config.allowUnfree = true;
};
in
{
systems = [ system ];
flake = {
lib = {
commonModules = name: [
../hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
{
nixpkgs.overlays = [
(import ../config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
];
}
{
nix.registry = {
jawz.flake = inputs.self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
modules = inputs.self.lib.commonModules name;
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
langList =
builtins.readDir ../modules/dev
|> builtins.attrNames
|> map (file: baseNameOf file |> builtins.replaceStrings [ ".nix" ] [ "" ])
|> builtins.filter (name: name != "emacs");
autoImport =
dir: filterFn:
builtins.readDir dir
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterFn file)
|> map (file: dir + "/${file}");
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
inputs.self.lib.proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket or false;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == cfg.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
commonAliases = {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
};
xdgEnvironment =
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
PATH = [ "\${HOME}/.local/bin" ];
};
getNixosHosts =
ips: hostName: lib:
builtins.attrNames ips
|> builtins.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
shellConditional =
shellType: bashContent: zshContent:
if shellType == "bash" then { initExtra = bashContent; } else { initContent = zshContent; };
mergeAliases = baseAliases: extraAliases: baseAliases // extraAliases;
importDotfile = path: import path;
getServicesWithNativeFirewall =
config: blacklist:
config.my.servers
|> builtins.attrNames
|> builtins.filter (
name:
(config.my.servers.${name}.enable or false)
&& !(builtins.elem name blacklist)
&& builtins.hasAttr name config.services
&& (config.services.${name} ? openFirewall)
);
generateFirewallPorts =
config: nativeServices: lib:
config.my.network.firewall.staticPorts
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv: (srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServices)
)
|> lib.attrValues
|> map (srv: srv.port)
);
mkEnabled = name: {
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
mkEnabledIp = ip: name: {
inherit name;
value = {
enable = true;
inherit ip;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
mkPostgresDependency = config: serviceName: displayName: {
assertion = config.my.servers.${serviceName}.enable -> config.my.servers.postgres.enable;
message = "${displayName} requires PostgreSQL to be enabled";
};
mkPostgresDependencies =
config: serviceMap:
serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
sshKeys = {
deacero = ../secrets/ssh/ed25519_deacero.pub;
workstation = ../secrets/ssh/ed25519_workstation.pub;
server = ../secrets/ssh/ed25519_server.pub;
miniserver = ../secrets/ssh/ed25519_miniserver.pub;
galaxy = ../secrets/ssh/ed25519_galaxy.pub;
phone = ../secrets/ssh/ed25519_phone.pub;
vps = ../secrets/ssh/ed25519_vps.pub;
emacs = ../secrets/ssh/ed25519_emacs.pub;
# Build user keys (nixremote)
nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
nixserver = ../secrets/ssh/ed25519_nixserver.pub;
nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
windows_vm = ../secrets/ssh/ed25519_windows_vm.pub;
};
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
};
};
}

12
parts/devshells.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }:
{
perSystem = _: {
devShells =
inputs.self.lib.langList
|> map (name: {
inherit name;
value = inputs.self.nixosConfigurations.emacs.config.devShells.${name};
})
|> builtins.listToAttrs;
};
}

10
parts/hosts.nix Normal file
View File

@@ -0,0 +1,10 @@
{ inputs, ... }:
{
flake.nixosConfigurations = {
workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
};
}

18
parts/packages.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
{
packages = (inputs.jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = inputs.self.lib.commonModules "emacs";
format = "vm";
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
};
};
}

2
scripts/push-to-cache.sh
View File

@@ -11,7 +11,7 @@ NC='\033[0m' # No Color
# Configuration # Configuration
CACHE_NAME="servidos:nixos" CACHE_NAME="servidos:nixos"
CACHE_URL="https://cache.servidos.lat" CACHE_URL="https://cache.lebubu.org"
echo -e "${BLUE}=========================================${NC}" echo -e "${BLUE}=========================================${NC}"
echo -e "${BLUE}NixOS Build Cache Pusher${NC}" echo -e "${BLUE}NixOS Build Cache Pusher${NC}"

8
secrets/gallery.yaml
View File

@@ -1,5 +1,5 @@
gallery-dl: gallery-dl:
secrets: ENC[AES256_GCM,data:5K9B7XZ3dOL1BIXLUvlE5D9xLkKkagvh2mMkFtd+6gJUJqPDwerp9QDcATeqiJLz54DGB1JI6podlCm8N3qVbA3aMHroSiAd2YaldqvLkh76vGDhfI6pAfYWmjLYR7KR/Qy5sy7qhkNmvhwV34JiqXMdfDaWDE9y9Zgqq3lyS/8mYixNh0sz9Pc7ohcIHpwVNcESxaPW9BCpzHOwhtZKqqgLTUrHCyO14YR1+hB+nGXnmtaFcFVDjb0ctHsgL8+R5Kw1oAE7s8fM+ghnKNqPusSVomTaNIQI8VMbk0YQyPsHn9zKEocjUEpwX7WdWmNLNjuYl29+NnJS7VCSOsZmqhNlKJMIvQ3v19UNIQG5/hB3QlBIlEr615W8l5q8jdD+twzufGkEnCIfZzn+T9UDijNlmZhK19lhOpF+mdi7vpzyJFrIK0JfFfRYnyvXOHIcDKK4rsMFTT8U04WM9PpYrUxWDmMMlAZsJ+Jj6d0jpRYsoB4C5ODKRa5V27wnhp9DQiQOAqvfYnUtCAFnFEqVu7qaa5WcQhG211Nhdcpvtyp/8sDXgZBTT/E8JTtG8YbSNUZxw3xE7fyp4Bdnb+bxbdcgVRGkFwZShu2qWF1Ckj4Lr2xzaBu+fGtUDqPnMq0PgQeRIVP/NsbtavrlISWhB5Ctw4QSRvGMTi5JqvhmLEWi5wvimYzt91aGj2tm/k8AOTtwwjK4iZyWKxE1PsjwmKwiEJZvTRKLTySxomqHDg1TOKGmAcJK/wCG7kO9ETp+yZxv1Sv3L7ZeCfyzM4fupRiPytbIMfeJsq6PxTpJGlD7lDC0EXUjRKV8JD8vnP91F0HXoZQ3tyb27/1BmZ/nSx3iGcmXhlV7eLgLS3MIpBChjget8d7oE4NnxBGrX8YoVFJzAUH5UawVNFHa3y/rKqUsS51vn0Q0Wxl+uK3KtK90TdML6VNW8HywWiNer5tbIY+Kl6I=,iv:4Sa8LyNhp2EyarQpQ19jJZFUAINmfuw3EnUVhiYGCJg=,tag:o5rLdUbGjao+SJ9Cqtr+jA==,type:str] secrets: ENC[AES256_GCM,data:mU3qzDzrn2Q0AhMnrJAsxvpz3FECLl45RFmyvoWEMaoW52vKE62o8gUl2rWmihNrsR0YTxmjmxj2Ey0eoRHbH+SSg78GbveKxwqGS/SWxEY3Nr45p4h/rdgDFUcFBqSIOKuJxGSMLHiprAjET7h0NWbRAUL9QPVnAPT41YeZyiaZS5Y1hpvpMxlQF1XrPYgrBR35ZnraTdcYDhPf/UBnhWxQLsOLs4SKD6Bzy1OEjk6tkajhv3ZKrcbp3S1BGrirTm/WNZTEHqiTGiXQAirmY2BmF0YkkDCVWgTMCRc9o54k7KDw8WDRuZcGso7Gh6h0jkgppnjuRGyfUkFXa3bsfni47Ct0XFhUyJvzcG3juRYAAEdOj8Pgc2tF483hxmfzE19TEYC+4hxVpCfmJb//v8M01bsRLIR4eP0EMl5IkvomC7xSiUq1TqBhD6AMgmz2LthFoTIpCEgMNxzhpMf+zppxjfnDPDPZhkzed317HLEAuxAcLfzc+6ZV1gDZ+HUArR3+I3Z/dSwi5wh247c74Qi/sc41fZuhqtPTjeO6Ag2sn5zw28QF/vTkRMWyVqARiBHGkeE5MJjc24eMqZceWSGDwtxqX22kNTyU0ELUeNq94Mynqq4YcCp4bdk/2R/3eRM9ZQLGC0KvdmIizeVq5PI0t1RfdRupLHm8U0AWOpnB1Osxz1Xoab/1npOQABdEEPm+wWq3jIPyDOxtWUjW3EjrYaOnz/6GF0Wme9g7sMkfGC80Uvz3nxNVAT7eqp6bVcnlpGW/zTAbZe8UXBdmL7rjkO/CR5GhI+VOczVobzkkZPLFU5Fi4HqfPyQjXRufFWYjw5XO3hFs9T4hO3z5tl601B/TxGmV+hL0JOJQyZpYEryWxU5ScANAfHdZyPAJVoIm3udj5K1Ry4CIVBE0ltCZ489Kr4KjP4ZhvPMdb3KlNYuR6MJwwi6O85OTqaQAujeKeqk=,iv:eNSqKEW5kxINC4MKuWos1OLQ7f7821ot5JoN7fMFZXw=,tag:JkppEJr3O4aQR415MM5fqg==,type:str]
sops: sops:
age: age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37 - recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -38,7 +38,7 @@ sops:
d0YvYk8vNitDbzNCQ1VqS20xUWx6ZDgK+kIRATTtC0Vd7/uPf8E4pIans79Ksh6J d0YvYk8vNitDbzNCQ1VqS20xUWx6ZDgK+kIRATTtC0Vd7/uPf8E4pIans79Ksh6J
Y77+owFFw1AvQ3KvaI7QVfKW61MzxI+S1bWqI3ZNOJ19Qv4ZoVhnVg== Y77+owFFw1AvQ3KvaI7QVfKW61MzxI+S1bWqI3ZNOJ19Qv4ZoVhnVg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-02T18:11:48Z" lastmodified: "2025-10-10T05:09:54Z"
mac: ENC[AES256_GCM,data:qKoRMXroUtMaH1yrgNQxUPX8FpUmLmNU29zyzfnKkmiLoPsWNsogHxNVkqosyvbW0y0w6XnQh4OrSd4FF3fi8ZuJfk54jDWO7jlXFRk+07OobPgngYvNXLw76BNkXnAtxcduV2cTuSY6XwnwE0LtxFDmkM8N/AxIC8jhKkGQtwY=,iv:n3yBotpOggFvSUnboAG1L7pJMMi1PfV8KsSHN3/Li8c=,tag:4D5TqqroQBZNKUYol/ZCHg==,type:str] mac: ENC[AES256_GCM,data:N/BwfrwWcnot36Kn6RFZjjpUIluzq5Upy5iVVV4XSs+/0PYdlZGytjoAB+E3gXyPsLZ93UqI0A9/5KbfXBuR2oY2F7iKsu5puzgyYWa0Gl2z9YcPnyDnk1dj7Ne77xJlqR9YquGzFKF8QdqFXFA9cdE3b/1usTFhP26oxofMXs0=,iv:Iz/LzS8yeKQgDiGchYdKNymBeekhopJtBWaQGOwRZlE=,tag:hMRwxJlKR21W7otW01GmGw==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0

8
secrets/homepage.yaml
View File

File diff suppressed because one or more lines are too long

1
secrets/ssh/ed25519_windows_vm.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYwRyCCOXaq7PO1aK58XLRcbuvY6j8rvjZmgTwUKTIZ capta@DESKTOP-JJLTF62