jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: jawz:weekly-2025-10-06
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29
..
compare: jawz:weekly-2025-10-29
Branches Tags
jawz:main jawz:clean jawz:modules
jawz:weekly-2025-10-29 jawz:weekly-2025-10-11 jawz:weekly-2025-10-06 jawz:weekly-2025-10-04 jawz:weekly-2025-09-30 jawz:weekly-2025-09-29

33 Commits
weekly-202 ... weekly-202

Author SHA1 Message Date
NixOS Builder Bot
943d9f3329 Weekly flake update: 2025-10-29 17:38 UTC 2025-10-29 11:38:29 -06:00
Danilo Reyes
cad0288d68 lan login for schemes pipeline as well 2025-10-29 09:57:44 -06:00
Danilo Reyes
15f998179d lowered compression rate 2025-10-29 01:57:21 -06:00
Danilo Reyes
11075969f2 push attic throguh lan 2025-10-29 01:41:24 -06:00
Danilo Reyes
4c6d02ba55 using rmlint from nixpkgs 2025-10-29 00:39:51 -06:00
Danilo Reyes
2cce4376e5 ignore conflicting cache syncthing librewolf 2025-10-29 00:00:39 -06:00
Danilo Reyes
9f455ec19c change public listener url synapse 2025-10-28 18:51:11 -06:00
Danilo Reyes
0ef6b08c42 changed ip/config of new vps 2025-10-28 16:11:16 -06:00
Danilo Reyes
fd2962c306 nextcloud headers fix
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 2m4s
Details
2025-10-26 10:08:37 -06:00
Danilo Reyes
87cca163b0 updated collabora docker 2025-10-26 09:59:24 -06:00
Danilo Reyes
cf64ff1616 heartbeat is a boolean 2025-10-25 00:59:37 -06:00
Danilo Reyes
2f6d65b239 atticd fix 2025-10-25 00:52:22 -06:00
Danilo Reyes
6dc429e56c insecure package ughhhh 2025-10-25 00:00:28 -06:00
Danilo Reyes
28ef0d8108 fixes qbittorrent, nextcloud python update, firewall logic
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 1m55s
Details
2025-10-18 10:12:09 -06:00
Danilo Reyes
0e5e06bcb6 flake update
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m55s
Details
2025-10-13 10:08:02 -06:00
Danilo Reyes
cf4db411e0 Update SSH key paths in core.nix to use relative paths for improved consistency and maintainability.
Some checks failed
Weekly NixOS Build & Cache / build-and-cache (push) Failing after 18m30s
Details
2025-10-12 23:00:45 -06:00
Danilo Reyes
be82c5c477 Refactor configuration files to include 'inputs' parameter for improved modularity and consistency across hosts. 2025-10-12 22:57:24 -06:00
Danilo Reyes
de5ad541b8 Refactor SSH key management to use centralized key retrieval function for nixremote users across configurations. 2025-10-12 20:28:39 -06:00
Danilo Reyes
0f7e28abd0 more migration stuff 2025-10-12 20:24:42 -06:00
Danilo Reyes
30cff89a50 cleaned up duplicated code 2025-10-12 20:03:24 -06:00
Danilo Reyes
e393a4481b reverted server factory 2025-10-12 19:59:46 -06:00
Danilo Reyes
8664061145 further figration 2025-10-12 14:12:19 -06:00
Danilo Reyes
c3d20aa28f part 3 of the flake-parts migration 2025-10-12 14:02:09 -06:00
Danilo Reyes
11fd8e0440 refractor shell configurations with flake-parts 2025-10-12 13:51:45 -06:00
Danilo Reyes
6f97b24115 flake parts, migrated modules 2025-10-12 13:41:48 -06:00
Danilo Reyes
6497dede6f migration to flake-parts 2025-10-12 13:23:38 -06:00
Danilo Reyes
1b743f9fcc moved some emulators to retroarch cores 2025-10-12 12:58:02 -06:00
Danilo Reyes
6216d19d0b gonna give pop-shell a go 2025-10-12 12:57:50 -06:00
NixOS Builder Bot
360fe268f8 Weekly flake update: 2025-10-11 03:33 UTC 2025-10-10 21:33:27 -06:00
Danilo Reyes
efb98d6d54 sudo-rs
All checks were successful
Weekly NixOS Build & Cache / build-and-cache (push) Successful in 8m39s
Details
2025-10-09 23:42:38 -06:00
Danilo Reyes
d3ec0a04b7 gallery-dl reads secrets on runtime 2025-10-09 23:23:26 -06:00
Danilo Reyes
9eadbb08ab fixed indentation of secrets 2025-10-09 23:10:00 -06:00
Danilo Reyes
350fc82be9 new keyring isnt compatible with proton yet 2025-10-09 23:01:01 -06:00
80 changed files with 862 additions and 628 deletions
Expand all files Collapse all files

152
.github/workflows/build-schemes.yml vendored
View File

@@ -3,8 +3,8 @@ name: Build All Color Schemes
on:
push:
paths:
- 'config/schemes.nix'
- 'config/scheme-utils.nix'
- "config/schemes.nix"
- "config/scheme-utils.nix"
workflow_dispatch:
jobs:
@@ -12,81 +12,81 @@ jobs:
runs-on: nixos
env:
HOSTNAME: server
steps:
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
- uses: actions/checkout@v4
- name: Get available schemes
id: schemes
run: |
SCHEMES=$(nix eval --raw --impure --expr '
let
pkgs = import <nixpkgs> {};
inputs = {};
utils = import ./scripts/scheme-utils.nix { inherit pkgs inputs; };
in
builtins.concatStringsSep " " utils.availableSchemes
')
echo "schemes=$SCHEMES" >> $GITHUB_OUTPUT
echo "Available schemes: $SCHEMES"
- name: Configure Attic cache
run: |
# Configure attic client to use your cache server
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build and push all schemes
run: |
echo "Building and pushing all schemes..."
# Store original scheme
ORIGINAL_SCHEME=$(grep -oP "scheme = schemesFile\.schemes\.\K\w+" config/stylix.nix)
echo "Original scheme: $ORIGINAL_SCHEME"
# Build and push each scheme
for scheme in ${{ steps.schemes.outputs.schemes }}; do
echo "========================================="
echo "Processing scheme: $scheme"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "Processing scheme: $scheme"
echo "All schemes built and pushed successfully!"
echo "========================================="
# Update stylix.nix to use this scheme
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$scheme;/" config/stylix.nix
# Verify the change
grep "scheme = schemesFile.schemes" config/stylix.nix
# Build the configuration
echo "Building $scheme..."
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--out-link ./result-$scheme \
--quiet
# Push to cache
echo "Pushing $scheme to cache..."
attic push servidos:nixos ./result-$scheme
# Also push using print-out-paths for better cache coverage
nix build .#nixosConfigurations.${HOSTNAME}.config.system.build.toplevel \
--print-out-paths \
--quiet | attic push servidos:nixos --stdin
echo "✓ Completed $scheme"
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
done
# Restore original scheme
echo "Restoring original scheme: $ORIGINAL_SCHEME"
sed -i "s/scheme = schemesFile\.schemes\.\w\+;/scheme = schemesFile.schemes.$ORIGINAL_SCHEME;/" config/stylix.nix
echo "========================================="
echo "All schemes built and pushed successfully!"
echo "========================================="
- name: Summary
run: |
SCHEME_COUNT=$(echo "${{ steps.schemes.outputs.schemes }}" | wc -w)
echo "✅ Color scheme builds completed successfully!"
echo "- Built $SCHEME_COUNT schemes: ${{ steps.schemes.outputs.schemes }}"
echo "- Pushed all builds to Atticd cache"
echo ""
echo "You can now switch schemes quickly without waiting for builds!"
echo "You can now switch schemes quickly without waiting for builds!"

2
.github/workflows/weekly-build-cache.yml vendored
View File

@@ -38,7 +38,7 @@ jobs:
if: steps.check_changes.outputs.changes == 'true'
run: |
# Configure attic client to use your cache server
attic login servidos https://cache.servidos.lat ${{ secrets.ATTIC_TOKEN }}
attic login servidos http://127.0.0.1:2343 ${{ secrets.ATTIC_TOKEN }}
- name: Build workstation configuration
if: steps.check_changes.outputs.changes == 'true'

27
config/base.nix
View File

@@ -47,7 +47,7 @@
};
security = {
polkit.enable = true;
sudo = {
sudo-rs = {
enable = true;
wheelNeedsPassword = false;
};
@@ -75,6 +75,7 @@
"dotnet-runtime-6.0.36"
"dotnet-sdk-wrapped-6.0.428"
"dotnet-sdk-6.0.428"
"mbedtls-2.28.10"
];
};
nix = {
@@ -124,29 +125,7 @@
sops
;
};
variables =
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
# PATH
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
# DEV PATH
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
# OPTIONS
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
PATH = [ "\${HOME}/.local/bin" ];
};
variables = inputs.self.lib.xdgEnvironment;
};
programs = {
nh = {

17
config/home-manager.nix
View File

@@ -14,22 +14,7 @@ let
${pokemon-colorscripts}/bin/pokemon-colorscripts -r --no-title
export command_timeout=60
'';
commonAliases = {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
commonAliases = inputs.self.lib.commonAliases // {
open-gallery = ''
cd /srv/pool/scrapping/JawZ/gallery-dl &&
xdg-open "$(${fd}/bin/fd . ./ Husbands wikifeet -tdirectory -d 1 | ${fzf}/bin/fzf -i)"'';

31
config/jawz.nix
View File

@@ -1,11 +1,12 @@
{ config, lib, ... }:
{
config,
lib,
inputs,
...
}:
let
inherit (config.networking) hostName;
nixosHosts =
lib.attrNames config.my.ips
|> lib.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
nixosHosts = inputs.self.lib.getNixosHosts config.my.ips hostName lib;
nixosHostsMatch = lib.concatStringsSep " " nixosHosts;
in
{
@@ -32,7 +33,7 @@ in
matchBlocks = {
vps = {
hostname = config.my.ips.vps;
user = "fedora";
user = "jawz";
port = 3456;
identityFile = config.sops.secrets."private_keys/${hostName}".path;
};
@@ -67,14 +68,14 @@ in
"plugdev"
"bluetooth"
];
openssh.authorizedKeys.keyFiles = [
../secrets/ssh/ed25519_deacero.pub
../secrets/ssh/ed25519_workstation.pub
../secrets/ssh/ed25519_server.pub
../secrets/ssh/ed25519_miniserver.pub
../secrets/ssh/ed25519_galaxy.pub
../secrets/ssh/ed25519_phone.pub
../secrets/ssh/ed25519_vps.pub
openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
"deacero"
"workstation"
"server"
"miniserver"
"galaxy"
"phone"
"vps"
];
};
}

10
dotfiles/gallery-dl.nix
View File

@@ -15,7 +15,6 @@
bluesky = {
limit-rate = "400k-1M";
username = "blablablamagic.bsky.social";
password = "{env[GALLERY_DL_BLUESKY_PASSWORD]}";
reposts = false;
videos = true;
directory = [ "{author['handle']}" ];
@@ -31,8 +30,6 @@
};
flickr = {
size-max = "Original";
access-token = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN]}";
access-token-secret = "{env[GALLERY_DL_FLICKR_ACCESS_TOKEN_SECRET]}";
directory = [
"{category}"
"{owner[username]}"
@@ -87,20 +84,15 @@
"{title}"
];
tumblr = {
access-token = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN]}";
access-token-secret = "{env[GALLERY_DL_TUMBLR_ACCESS_TOKEN_SECRET]}";
external = true;
inline = true;
posts = "all";
reblogs = false;
parent-directory = true;
api-key = "{env[GALLERY_DL_TUMBLR_API_KEY]}";
api-secret = "{env[GALLERY_DL_TUMBLR_API_SECRET]}";
directory = [ "{blog_name}" ];
};
deviantart = {
limit-rate = "200k-300k";
refresh-token = "{env[GALLERY_DL_DEVIANTART_REFRESH_TOKEN]}";
include = "gallery,scraps";
flat = true;
original = true;
@@ -144,7 +136,6 @@
reddit = {
user-agent = "Python:gallery-dl:v1.0 (by /u/captainjawz)";
client-id = "T7nZ6WZ3_onJWBhLP8r08g";
refresh-token = "{env[GALLERY_DL_REDDIT_REFRESH_TOKEN]}";
parent-directory = true;
directory = [ "{author}" ];
};
@@ -167,7 +158,6 @@
];
baraag.directory = [ "{account[username]}" ];
pixiv = {
refresh-token = "{env[GALLERY_DL_PIXIV_REFRESH_TOKEN]}";
directory = [ "{user[account]} - {user[id]}" ];
ugoira = true;
favorite.directory = [

1
dotfiles/stignore
View File

@@ -1,6 +1,7 @@
(?d)jawz/chrome/userChrome.css
(?d)jawz/chrome/userContent.css
(?d)jawz/lock
(?d)jawz/storage
(?d)jawz/user.js
(?d)native-messaging-hosts/org.gnome.browser_connector.json
(?d)native-messaging-hosts/org.gnome.chrome_gnome_shell.json

1
environments/gnome.nix
View File

@@ -40,6 +40,7 @@
gamemode-shell-extension # I guess I'm a gamer now?
burn-my-windows # special effects for when closing windows
pano # clipboard manager
pop-shell
;
};
}

10
environments/hyprland.nix
View File

@@ -23,13 +23,11 @@ in
wl-clipboard-rs
wf-recorder
grimblast # screenshots
mako # notification daemon
libnotify # dependency of mako
swaylock-effects # screen locker
yazi # file manager
imv # images
playerctl # media player control
;
};
@@ -78,27 +76,22 @@ in
"${mod}, bracketright, changegroupactive, f"
"${mod}, S, exec, wofi --show drun icons"
"${mod}, P, pin, active"
"${mod}, left, movefocus, l"
"${mod}, right, movefocus, r"
"${mod}, up, movefocus, u"
"${mod}, down, movefocus, d"
"${mod}, h, movefocus, l"
"${mod}, l, movefocus, r"
"${mod}, k, movefocus, u"
"${mod}, j, movefocus, d"
"${mod} SHIFT, left, movewindow, l"
"${mod} SHIFT, right, movewindow, r"
"${mod} SHIFT, up, movewindow, u"
"${mod} SHIFT, down, movewindow, d"
"${mod} SHIFT, h, movewindow, l"
"${mod} SHIFT, l, movewindow, r"
"${mod} SHIFT, k, movewindow, u"
"${mod} SHIFT, j, movewindow, d"
"${mod}, 1, workspace, 1"
"${mod}, 2, workspace, 2"
"${mod}, 3, workspace, 3"
@@ -119,7 +112,6 @@ in
"${mod} SHIFT, 8, movetoworkspace, 8"
"${mod} SHIFT, 9, movetoworkspace, 9"
"${mod} SHIFT, 0, movetoworkspace, 10"
"${mod}, F3, exec, grimblast save area ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
"${mod} SHIFT, F3, exec, grimblast save screen ~/Pictures/screenshots/$(date +'%Y-%m-%d_%H-%M-%S').png"
];
@@ -128,12 +120,10 @@ in
"${mod} SHIFT, l, moveactive, 20 0"
"${mod} SHIFT, k, moveactive, 0 -20"
"${mod} SHIFT, j, moveactive, 0 20"
"${mod} CTRL, l, resizeactive, 30 0"
"${mod} CTRL, h, resizeactive, -30 0"
"${mod} CTRL, k, resizeactive, 0 -10"
"${mod} CTRL, j, resizeactive, 0 10"
",XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume, exec, wpctl set-volume -l 1.4 @DEFAULT_AUDIO_SINK@ 5%-"
];

2
environments/waybar-style.nix
View File

@@ -30,12 +30,10 @@ in
border: none;
min-width: 20px;
}
#workspaces button.active {
background: #${colors.base02};
color: #${colors.base05};
}
#workspaces button:hover {
background: #${colors.base01};
color: #${colors.base04};

151
flake.lock generated
View File

@@ -20,11 +20,11 @@
]
},
"locked": {
"lastModified": 1759499898,
"narHash": "sha256-UNzYHLWfkSzLHDep5Ckb5tXc0fdxwPIrT+MY4kpQttM=",
"lastModified": 1760101617,
"narHash": "sha256-8jf/3ZCi+B7zYpIyV04+3wm72BD7Z801IlOzsOACR7I=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "655e067f96fd44b3f5685e17f566b0e4d535d798",
"rev": "1826a9923881320306231b1c2090379ebf9fa4f8",
"type": "github"
},
"original": {
@@ -54,16 +54,17 @@
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"lastModified": 1754405784,
"narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github"
}
},
@@ -215,11 +216,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1759362264,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=",
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
@@ -232,6 +233,24 @@
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1760948891,
"narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
@@ -245,7 +264,7 @@
"type": "indirect"
}
},
"flake-parts_3": {
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"nur",
@@ -266,7 +285,7 @@
"type": "github"
}
},
"flake-parts_4": {
"flake-parts_5": {
"inputs": {
"nixpkgs-lib": [
"stylix",
@@ -442,11 +461,11 @@
]
},
"locked": {
"lastModified": 1759490292,
"narHash": "sha256-T6iWzDOXp8Wv0KQOCTHpBcmAOdHJ6zc/l9xaztW6Ivc=",
"lastModified": 1760445448,
"narHash": "sha256-fXGjL6dw31FPFRrmIemzGiNSlfvEJTJNsmadZi+qNhI=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "9431db625cd9bb66ac55525479dce694101d6d7a",
"rev": "50fb9f069219f338a11cf0bcccb9e58357d67757",
"type": "github"
},
"original": {
@@ -473,11 +492,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1759674289,
"narHash": "sha256-k5rLyuqOpiks2nKINgPmzui1cpi03tMdabQFmITI7/w=",
"lastModified": 1761758444,
"narHash": "sha256-m05lvxm5qhUoAWB5vkyt9llmGcQ05Q7Km8d6QvMVfVA=",
"owner": "hyprwm",
"repo": "Hyprland",
"rev": "cfac27251af5df4352f747c4539ea9f65450f05a",
"rev": "83a0a62004ee915921ac36a96760944ad6550e1e",
"type": "github"
},
"original": {
@@ -498,11 +517,11 @@
]
},
"locked": {
"lastModified": 1749046714,
"narHash": "sha256-kymV5FMnddYGI+UjwIw8ceDjdeg7ToDVjbHCvUlhn14=",
"lastModified": 1759610243,
"narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "613878cb6f459c5e323aaafe1e6f388ac8a36330",
"rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622",
"type": "github"
},
"original": {
@@ -620,11 +639,11 @@
]
},
"locked": {
"lastModified": 1759490926,
"narHash": "sha256-7IbZGJ5qAAfZsGhBHIsP8MBsfuFYS0hsxYHVkkeDG5Q=",
"lastModified": 1759619523,
"narHash": "sha256-r1ed7AR2ZEb2U8gy321/Xcp1ho2tzn+gG1te/Wxsj1A=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "94cce794344538c4d865e38682684ec2bbdb2ef3",
"rev": "3df7bde01efb3a3e8e678d1155f2aa3f19e177ef",
"type": "github"
},
"original": {
@@ -666,11 +685,11 @@
"sudoku-solver": "sudoku-solver"
},
"locked": {
"lastModified": 1759620370,
"narHash": "sha256-GTyxqIhtDTySs8f2l8N1zoS2wEBVFfF60nMJ7jEIWn0=",
"lastModified": 1761720517,
"narHash": "sha256-YWKeZsstuJMEOlC31pyveuLT9525YW+wzTAMHDawgZ0=",
"ref": "refs/heads/master",
"rev": "6aea10172155c10e63d2efb454e28b9c1e50e3a6",
"revCount": 108,
"rev": "07daae7770da1201de6825de9b65eab0fcd81ca8",
"revCount": 116,
"type": "git",
"url": "https://git.servidos.lat/jawz/scripts.git"
},
@@ -681,17 +700,17 @@
},
"nix-gaming": {
"inputs": {
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759692973,
"narHash": "sha256-5evwJEYP5clwnDy+vX4MfAnGepxi0NaHjka7igXDU94=",
"lastModified": 1761703070,
"narHash": "sha256-KAsGjetWzPdUYqGuOu1Vu95d8i+L7JqwG7o3hLJ7DD8=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "5958a54eed219604b8a0ddeef6ab48fe4029f083",
"rev": "30854a5ad380aa93b18c254bca4b5d7b6f3dc968",
"type": "github"
},
"original": {
@@ -768,6 +787,21 @@
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1754788789,
"narHash": "sha256-x2rJ+Ovzq0sCMpgfgGaaqgBSwY+LST+WbZ6TytnT9Rk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "a73b9c743612e4244d865a2fdee11865283c04e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": {
"dir": "lib",
"lastModified": 1711703276,
@@ -787,11 +821,11 @@
},
"nixpkgs-small": {
"locked": {
"lastModified": 1759652726,
"narHash": "sha256-2VjnimOYDRb3DZHyQ2WH2KCouFqYm9h0Rr007Al/WSA=",
"lastModified": 1761706708,
"narHash": "sha256-zgrEi11Ok83JI2U11GQqSiE0TddvdHfnE8jI0iE4Vms=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "06b2985f0cc9eb4318bf607168f4b15af1e5e81d",
"rev": "1f12c8011e59aca25db5cbf000735089a51874ea",
"type": "github"
},
"original": {
@@ -803,11 +837,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"lastModified": 1761373498,
"narHash": "sha256-Q/uhWNvd7V7k1H1ZPMy/vkx3F8C13ZcdrKjO7Jv7v0c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"rev": "6a08e6bb4e46ff7fcbb53d409b253f6bad8a28ce",
"type": "github"
},
"original": {
@@ -819,11 +853,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1759580034,
"narHash": "sha256-YWo57PL7mGZU7D4WeKFMiW4ex/O6ZolUS6UNBHTZfkI=",
"lastModified": 1761468971,
"narHash": "sha256-vY2OLVg5ZTobdroQKQQSipSIkHlxOTrIF1fsMzPh8w8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3bcc93c5f7a4b30335d31f21e2f1281cba68c318",
"rev": "78e34d1667d32d8a0ffc3eba4591ff256e80576e",
"type": "github"
},
"original": {
@@ -835,7 +869,7 @@
},
"nixtendo-switch": {
"inputs": {
"flake-parts": "flake-parts_2",
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
]
@@ -856,17 +890,17 @@
},
"nur": {
"inputs": {
"flake-parts": "flake-parts_3",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1759742154,
"narHash": "sha256-0a89URcJm+UW01/Wooum0GZWpk0uRkp7IrNyAlZh3XY=",
"lastModified": 1761756571,
"narHash": "sha256-Ryt/9e3t+KEo9BT1TJqpi8hnkGOQrG1ddsOPf12zwBM=",
"owner": "nix-community",
"repo": "nur",
"rev": "76c75e5077c704dcf29da0cef840a9c5818abc32",
"rev": "14ea3a540e215ee60d970038f56c26ffb205b843",
"type": "github"
},
"original": {
@@ -911,11 +945,11 @@
]
},
"locked": {
"lastModified": 1758108966,
"narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=",
"lastModified": 1760663237,
"narHash": "sha256-BflA6U4AM1bzuRMR8QqzPXqh8sWVCNDzOdsxXEguJIc=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b",
"rev": "ca5b894d3e3e151ffc1db040b6ce4dcc75d31c37",
"type": "github"
},
"original": {
@@ -943,6 +977,7 @@
"root": {
"inputs": {
"doom-emacs": "doom-emacs",
"flake-parts": "flake-parts",
"fonts": "fonts",
"home-manager": "home-manager",
"hyprland": "hyprland",
@@ -968,11 +1003,11 @@
]
},
"locked": {
"lastModified": 1759635238,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
"lastModified": 1760998189,
"narHash": "sha256-ee2e1/AeGL5X8oy/HXsZQvZnae6XfEVdstGopKucYLY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
"rev": "5a7d18b5c55642df5c432aadb757140edfeb70b3",
"type": "github"
},
"original": {
@@ -988,7 +1023,7 @@
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_4",
"flake-parts": "flake-parts_5",
"gnome-shell": "gnome-shell",
"nixpkgs": [
"nixpkgs"
@@ -1002,11 +1037,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1759596342,
"narHash": "sha256-1Eda1V8pjpviMdBTdDXrFp7jkaUokIgXgBYTZyzDODk=",
"lastModified": 1761668239,
"narHash": "sha256-b0+7/5hBUsLjd/gMY9/LSEsvuWFFolHdpUAOlG73zmw=",
"owner": "danth",
"repo": "stylix",
"rev": "4d065856e936fc6a99ba55d39ac2df9ded6bedbe",
"rev": "a149a557dc306e76d53e7dd488826e61ef9c6289",
"type": "github"
},
"original": {
@@ -1259,11 +1294,11 @@
]
},
"locked": {
"lastModified": 1755354946,
"narHash": "sha256-zdov5f/GcoLQc9qYIS1dUTqtJMeDqmBmo59PAxze6e4=",
"lastModified": 1760713634,
"narHash": "sha256-5HXelmz2x/uO26lvW7MudnadbAfoBnve4tRBiDVLtOM=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "a10726d6a8d0ef1a0c645378f983b6278c42eaa0",
"rev": "753bbbdf6a052994da94062e5b753288cef28dfb",
"type": "github"
},
"original": {

78
flake.nix
View File

@@ -1,6 +1,7 @@
{
description = "JawZ NixOS flake setup";
inputs = {
flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-25.05";
nixpkgs-small.url = "github:nixos/nixpkgs?ref=nixos-25.05-small";
nixpkgs-unstable.url = "github:nixos/nixpkgs?ref=nixos-unstable";
@@ -59,76 +60,13 @@
};
};
outputs =
{ self, jawz-scripts, ... }@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
mkpkgs =
repo:
import repo {
inherit system;
config.allowUnfree = true;
};
langList = builtins.filter (name: name != "emacs") (
builtins.map (file: builtins.replaceStrings [ ".nix" ] [ "" ] (baseNameOf file)) (
builtins.attrNames (builtins.readDir ./modules/dev)
)
);
commonModules = name: [
{
nixpkgs.overlays = [
(import ./config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
];
}
{
nix.registry = {
jawz.flake = self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
./hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
imports = [
./parts/core.nix
./parts/hosts.nix
./parts/packages.nix
./parts/devshells.nix
];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules name;
};
in
{
nixosConfigurations = {
workstation = createConfig "workstation" inputs.nixpkgs;
miniserver = createConfig "miniserver" inputs.nixpkgs-small;
server = createConfig "server" inputs.nixpkgs-small;
galaxy = createConfig "galaxy" inputs.nixpkgs-small;
emacs = createConfig "emacs" inputs.nixpkgs;
};
packages.${system} = (jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
specialArgs = {
inherit inputs outputs;
};
modules = commonModules "emacs";
format = "vm";
};
};
devShells.${system} = builtins.listToAttrs (
map (name: {
inherit name;
value = self.nixosConfigurations.emacs.config.devShells.${name};
}) langList
);
};
}

10
hosts/miniserver/configuration.nix
View File

@@ -1,17 +1,17 @@
{ config, ... }:
{ config, inputs, ... }:
{
imports = [
./hardware-configuration.nix
../../config/base.nix
../../config/stylix.nix
];
my = import ./toggles.nix // {
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 3;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = [
../../secrets/ssh/ed25519_nixworkstation.pub
../../secrets/ssh/ed25519_nixserver.pub
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
];
};
nix.buildMachines =

14
hosts/miniserver/toggles.nix
View File

@@ -1,16 +1,6 @@
{ inputs }:
let
mkEnabled = name: {
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
inherit (inputs.self.lib) mkEnabled mkEnabledWithProxy enableList;
in
{
emacs.enable = true;

9
hosts/server/configuration.nix
View File

@@ -2,6 +2,7 @@
pkgs,
config,
lib,
inputs,
...
}:
{
@@ -10,12 +11,12 @@
../../config/base.nix
../../config/stylix.nix
];
my = import ./toggles.nix { inherit config; } // {
my = import ./toggles.nix { inherit config inputs; } // {
nix.cores = 6;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = [
../../secrets/ssh/ed25519_nixworkstation.pub
../../secrets/ssh/ed25519_nixminiserver.pub
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixminiserver"
];
network.firewall.enabledServicePorts = true;
network.firewall.additionalPorts = [

16
hosts/server/toggles.nix
View File

@@ -1,17 +1,7 @@
{ config }:
{ config, inputs }:
let
mkEnabled = name: {
inherit name;
value.enable = true;
};
mkEnabledIp = name: {
inherit name;
value = {
enable = true;
ip = config.my.ips.wg-server;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
inherit (inputs.self.lib) mkEnabled enableList;
mkEnabledIp = inputs.self.lib.mkEnabledIp config.my.ips.wg-server;
in
{
mainServer = "server";

11
hosts/workstation/configuration.nix
View File

@@ -1,6 +1,7 @@
{
pkgs,
config,
inputs,
...
}:
let
@@ -22,13 +23,13 @@ in
../../config/stylix.nix
../../environments/gnome.nix
];
my = import ./toggles.nix // {
my = import ./toggles.nix { inherit inputs; } // {
nix.cores = 8;
nix.maxJobs = 8;
users.nixremote.enable = true;
users.nixremote.authorizedKeys = [
../../secrets/ssh/ed25519_nixserver.pub
../../secrets/ssh/ed25519_nixminiserver.pub
users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
"nixserver"
"nixminiserver"
];
};
home-manager.users.jawz = {
@@ -137,7 +138,7 @@ in
};
protonmail-bridge = {
enable = true;
path = [ pkgs.gcr_4 ];
path = [ pkgs.gnome-keyring ];
};
ollama = {
enable = true;

7
hosts/workstation/toggles.nix
View File

@@ -1,9 +1,6 @@
{ inputs }:
let
mkEnabled = name: {
inherit name;
value.enable = true;
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
inherit (inputs.self.lib) mkEnabled enableList;
in
{
stylix.enable = true;

20
modules/apps/gaming.nix
View File

@@ -5,6 +5,21 @@
pkgs,
...
}:
let
retroarchWithCores = pkgs.retroarch.withCores (
cores:
builtins.attrValues {
inherit (cores)
mgba # gba
pcsx2 # ps2
dolphin # wii / gamecube
snes9x2010 # snes
desmume # nintendo ds
citra # 3ds
;
}
);
in
{
imports = [ inputs.nix-gaming.nixosModules.platformOptimizations ];
options.my.apps = {
@@ -36,6 +51,7 @@
# };
};
users.users.jawz.packages = builtins.attrValues {
inherit retroarchWithCores;
inherit (pkgs)
shipwright # zelda OoT port
mangohud # fps & stats overlay
@@ -47,12 +63,8 @@
ns-usbloader # load games into my switch
# emulators
rpcs3 # ps3
pcsx2 # ps2
cemu # wii u
dolphin-emu # wii
snes9x-gtk # snes
ryubing # switch
azahar # 3Ds
prismlauncher # minecraft launcher with jdk overlays
;
};

11
modules/dev/emacs.nix
View File

@@ -1,5 +1,6 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -14,10 +15,12 @@
"doom/templates/programming.org".source = ../../dotfiles/doom/templates/programming.org;
};
services.lorri.enable = true;
programs.${config.my.shell.type}.shellAliases = {
edit = "emacsclient -t";
e = "edit";
};
programs.${config.my.shell.type}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
edit = "emacsclient -t";
e = "edit";
};
};
users.users.jawz.packages = builtins.attrValues {
inherit (pkgs.xorg) xwininfo;

17
modules/dev/nix.nix
View File

@@ -1,5 +1,6 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -33,12 +34,14 @@ in
};
config = lib.mkIf config.my.dev.nix.enable {
users.users.jawz = { inherit packages; };
home-manager.users.jawz.programs.${shellType}.shellAliases = {
nixformat = ''
deadnix -e && \
nix run nixpkgs#nixfmt-tree && \
statix fix
'';
};
home-manager.users.jawz.programs.${shellType}.shellAliases =
inputs.self.lib.mergeAliases inputs.self.lib.commonAliases
{
nixformat = ''
deadnix -e && \
nix run nixpkgs#nixfmt-tree && \
statix fix
'';
};
};
}

54
modules/factories/mkserver.nix
View File

@@ -53,58 +53,8 @@ let
default = null;
};
};
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == config.networking.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
in
{
inherit
mkOptions
proxy
proxyReverse
proxyReverseFix
proxyReversePrivate
;
inherit mkOptions;
mkServerOptions = mkOptions;
}

154
modules/modules.nix
View File

@@ -1,23 +1,23 @@
{ lib, config, ... }:
{
lib,
config,
inputs,
...
}:
let
filterNames = file: file != "librewolf.nix";
autoImport =
dir:
builtins.readDir ./${dir}
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterNames file)
|> map (file: ./${dir}/${file});
in
{
imports =
autoImport "apps"
++ autoImport "dev"
++ autoImport "scripts"
++ autoImport "servers"
++ autoImport "services"
++ autoImport "shell"
++ autoImport "network"
inputs.self.lib.autoImport ./apps filterNames
++ inputs.self.lib.autoImport ./dev filterNames
++ inputs.self.lib.autoImport ./scripts filterNames
++ inputs.self.lib.autoImport ./servers filterNames
++ inputs.self.lib.autoImport ./services filterNames
++ inputs.self.lib.autoImport ./shell filterNames
++ inputs.self.lib.autoImport ./network filterNames
++ [
./factories/mkscript.nix
./nix/build.nix
./users/nixremote.nix
];
@@ -49,7 +49,7 @@ in
server = "192.168.100.15";
miniserver = "192.168.1.100";
workstation = "192.168.100.18";
vps = "51.222.141.104";
vps = "172.236.243.182";
wg-vps = "10.77.0.1";
wg-server = "10.77.0.2";
wg-friend1 = "10.8.0.2";
@@ -105,65 +105,71 @@ in
enableProxy = lib.mkEnableOption "nginx reverse proxy for services";
};
config = {
assertions = [
{
assertion = config.my.servers.nextcloud.enable -> config.my.servers.postgres.enable;
message = "Nextcloud requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.vaultwarden.enable -> config.my.servers.postgres.enable;
message = "Vaultwarden requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.firefly-iii.enable -> config.my.servers.postgres.enable;
message = "Firefly III requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.mealie.enable -> config.my.servers.postgres.enable;
message = "Mealie requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.shiori.enable -> config.my.servers.postgres.enable;
message = "Shiori requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.ryot.enable -> config.my.servers.postgres.enable;
message = "Ryot requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.synapse.enable -> config.my.servers.postgres.enable;
message = "Matrix Synapse requires PostgreSQL to be enabled";
}
{
assertion = config.my.servers.gitea.enable -> config.my.servers.postgres.enable;
message = "Gitea requires PostgreSQL to be enabled";
}
{
assertion =
config.my.enableProxy
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
message = "enableProxy is true but no services have enableProxy enabled";
}
{
assertion =
config.my.enableContainers
|| !(builtins.any (opt: opt) [
config.my.servers.ryot.enable
config.my.servers.lidarr.enable
config.my.servers.prowlarr.enable
config.my.servers.maloja.enable
config.my.servers.multi-scrobbler.enable
config.my.servers.flame.enable
config.my.servers.flameSecret.enable
config.my.servers.metube.enable
config.my.servers.go-vod.enable
config.my.servers.tranga.enable
config.my.servers.drpp.enable
config.my.servers.plex-discord-bot.enable
]);
message = "Container services are enabled but enableContainers is false";
}
];
assertions =
# PostgreSQL dependency assertions
inputs.self.lib.mkPostgresDependencies config [
{
service = "nextcloud";
name = "Nextcloud";
}
{
service = "vaultwarden";
name = "Vaultwarden";
}
{
service = "firefly-iii";
name = "Firefly III";
}
{
service = "mealie";
name = "Mealie";
}
{
service = "shiori";
name = "Shiori";
}
{
service = "ryot";
name = "Ryot";
}
{
service = "synapse";
name = "Matrix Synapse";
}
{
service = "gitea";
name = "Gitea";
}
]
++
# Other assertions
[
{
assertion =
config.my.enableProxy
-> (builtins.any (s: s.enableProxy or false) (builtins.attrValues config.my.servers));
message = "enableProxy is true but no services have enableProxy enabled";
}
{
assertion =
config.my.enableContainers
|| !(builtins.any (opt: opt) [
config.my.servers.ryot.enable
config.my.servers.lidarr.enable
config.my.servers.prowlarr.enable
config.my.servers.maloja.enable
config.my.servers.multi-scrobbler.enable
config.my.servers.flame.enable
config.my.servers.flameSecret.enable
config.my.servers.metube.enable
config.my.servers.go-vod.enable
config.my.servers.tranga.enable
config.my.servers.drpp.enable
config.my.servers.plex-discord-bot.enable
]);
message = "Container services are enabled but enableContainers is false";
}
];
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";

44
modules/network/firewall.nix
View File

@@ -1,18 +1,24 @@
{ lib, config, ... }:
{
lib,
config,
inputs,
...
}:
let
nativeServicesWithOpenFirewall = [
"adguardhome"
"plex"
"nix-serve"
"radarr"
"sonarr"
"jellyfin"
"prowlarr"
"bazarr"
"stash"
"ombi"
"flaresolverr"
firewallBlacklist = [
"sabnzbd"
"lidarr"
"maloja"
"tranga"
"flame"
"flameSecret"
"ryot"
"drpp"
"metube"
"multi-scrobbler"
"plex-discord-bot"
];
nativeServicesWithOpenFirewall = inputs.self.lib.getServicesWithNativeFirewall config firewallBlacklist;
servicesConfig = lib.listToAttrs (
map (serviceName: {
name = serviceName;
@@ -37,17 +43,7 @@ in
config = lib.mkIf config.my.network.firewall.enabledServicePorts {
services = servicesConfig;
networking.firewall.allowedTCPPorts =
config.my.network.firewall.staticPorts
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv:
(srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServicesWithOpenFirewall)
)
|> lib.attrValues
|> map (srv: srv.port)
)
inputs.self.lib.generateFirewallPorts config nativeServicesWithOpenFirewall lib
++ (lib.optionals config.services.nginx.enable [
config.services.nginx.defaultHTTPListenPort
config.services.nginx.defaultSSLListenPort

14
modules/network/nginx.nix
View File

@@ -1,6 +1,10 @@
{ lib, config, ... }:
{
lib,
config,
inputs,
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
proxyReverseServices = [
"firefox-syncserver"
"readeck"
@@ -44,11 +48,11 @@ let
cfg = config.my.servers.${serviceName};
proxyFunc =
if serviceConfig.type == "proxyReverse" then
setup.proxyReverse
inputs.self.lib.proxyReverse
else if serviceConfig.type == "proxyReverseFix" then
setup.proxyReverseFix
inputs.self.lib.proxyReverseFix
else if serviceConfig.type == "proxyReversePrivate" then
setup.proxyReversePrivate
inputs.self.lib.proxyReversePrivate
else
throw "Unknown proxy type: ${serviceConfig.type}";
in

37
modules/scripts/download.nix
View File

@@ -6,7 +6,6 @@
...
}:
{
imports = [ ../factories/mkscript.nix ];
options.my.units = {
download.enable = lib.mkEnableOption "media download automation scripts";
downloadManga.enable = lib.mkEnableOption "manga download automation";
@@ -17,32 +16,26 @@
in
{
home-manager.users.jawz.programs.${config.my.shell.type} = {
shellAliases = {
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
dl = "${download}/bin/download -u jawz -i";
comic = ''dl "$(cat "$LC" | fzf --multi --exact -i)"'';
gallery = ''dl "$(cat "$LW" | fzf --multi --exact -i)"'';
};
}
// (
if config.my.shell.type == "bash" then
{
initExtra = ''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
}
else
{
initContent = ''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
}
);
//
inputs.self.lib.shellConditional config.my.shell.type
''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
''
''
list_root=$XDG_CONFIG_HOME/jawz/lists/jawz
export LW=$list_root/watch.txt
export LI=$list_root/instant.txt
export LC=$list_root/comic.txt
'';
systemd.user = {
services =
let

1
modules/scripts/ffmpeg4discord.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpeg4discord = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/ffmpreg.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.ffmpreg = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/find-dup-episode.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.find-dup-episodes = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/library-report.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.library-report = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/manage-library.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.manage-library = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/pika-list.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.pika-list = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/run.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.run = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/split-dir.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.split-dir = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/stream-dl.nix
View File

@@ -6,7 +6,6 @@
...
}:
{
imports = [ ../factories/mkscript.nix ];
options.my.units.stream-dl.enable = lib.mkEnableOption "streaming media download service";
config =
let

1
modules/scripts/tasks.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tasks = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/tuh-activity-logger.nix
View File

@@ -1,6 +1,5 @@
{ inputs, lib, ... }:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.tuh-activity-logger = {
enable = lib.mkDefault false;
install = true;

1
modules/scripts/update-dns.nix
View File

@@ -6,7 +6,6 @@
...
}:
{
imports = [ ../factories/mkscript.nix ];
config = lib.mkIf config.my.secureHost {
sops.secrets = {
cloudflare-api.sopsFile = ../../secrets/env.yaml;

1
modules/scripts/update-org-agenda-cache.nix
View File

@@ -5,7 +5,6 @@
...
}:
{
imports = [ ../factories/mkscript.nix ];
config.my.scripts.update-org-agenda-cache = {
enable = lib.mkDefault false;
install = config.my.emacs.enable;

18
modules/servers/atticd.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.atticd;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.atticd;
in
{
options.my.servers.atticd = setup.mkOptions "atticd" "cache" 2343;
@@ -13,6 +17,7 @@ in
settings = {
listen = "[::]:${toString cfg.port}";
jwt = { };
database.heartbeat = true; # 5 minutes
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
@@ -21,7 +26,7 @@ in
};
compression = {
type = "zstd";
level = 8;
level = 3;
};
garbage-collection = {
interval = "7 days";
@@ -29,5 +34,12 @@ in
};
};
};
systemd.services.atticd = {
serviceConfig = {
TimeoutStartSec = "15min";
TimeoutStopSec = "5min";
MemoryMax = "4G";
};
};
};
}

8
modules/servers/audiobookshelf.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.audiobookshelf;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.audiobookshelf;
in
{
options.my.servers.audiobookshelf = setup.mkOptions "audiobookshelf" "audiobooks" 5687;

8
modules/servers/bazarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.bazarr;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.bazarr;
in
{
options.my.servers.bazarr = setup.mkOptions "bazarr" "subs" config.services.bazarr.listenPort;

8
modules/servers/drpp.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.drpp;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.drpp;
in
{
options.my.servers.drpp = setup.mkOptions "drpp" "drpp" 0;

8
modules/servers/firefox-syncserver.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.firefox-syncserver;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.firefox-syncserver;
in
{
options.my.servers.firefox-syncserver = setup.mkOptions "firefox-syncserver" "sync" 4233;

6
modules/servers/flame.nix
View File

@@ -1,4 +1,8 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.flame;
cfgS = config.my.servers.flameSecret;

2
modules/servers/gitea.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
cfg = config.my.servers.gitea;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.gitea;
in
{
imports = [

8
modules/servers/homepage.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.homepage;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.homepage;
in
{
options.my.servers.homepage = setup.mkOptions "homepage" "home" 8082;

2
modules/servers/jellyfin.nix
View File

@@ -8,6 +8,7 @@
let
cfg = config.my.servers.jellyfin;
inherit (inputs.jawz-scripts.packages.x86_64-linux) sub-sync;
setup = import ../factories/mkserver.nix { inherit lib config; };
sub-sync-path = [
pkgs.nix
pkgs.bash
@@ -19,7 +20,6 @@ let
pkgs.gum
sub-sync
];
setup = import ../factories/mkserver.nix { inherit lib config; };
in
{
options.my.servers.jellyfin = setup.mkOptions "jellyfin" "flix" 8096;

8
modules/servers/kavita.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.kavita;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.kavita;
in
{
options.my.servers.kavita = setup.mkOptions "kavita" "library" config.services.kavita.settings.Port;

8
modules/servers/lidarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.lidarr;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.lidarr;
in
{
options.my.servers.lidarr = setup.mkOptions "lidarr" "music" 8686;

8
modules/servers/maloja.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.maloja;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.maloja;
in
{
options.my.servers.maloja = setup.mkOptions "maloja" "maloja" 42010;

8
modules/servers/mealie.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.mealie;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.mealie;
in
{
options.my.servers.mealie = setup.mkOptions "mealie" "mealie" 9925;

8
modules/servers/metube.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.metube;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.metube;
in
{
options.my.servers.metube = setup.mkOptions "metube" "bajameesta" 8881;

8
modules/servers/microbin.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.microbin;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.microbin;
in
{
options.my.servers.microbin = setup.mkOptions "microbin" "copy" 8086;

8
modules/servers/multi-scrobbler.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.multi-scrobbler;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.multi-scrobbler;
in
{
options.my.servers.multi-scrobbler = setup.mkOptions "multi-scrobbler" "scrobble" 9078;

43
modules/servers/nextcloud.nix
View File

@@ -6,6 +6,7 @@
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
commonProxyConfig = ''
proxy_set_header Host $host;
'';
@@ -28,10 +29,9 @@ let
};
}
);
pytensorflow = pkgs.python311.withPackages (ps: [ ps.tensorflow ]);
pytensorflow = pkgs.python3.withPackages (ps: [ ps.tensorflow ]);
cfg = config.my.servers.nextcloud;
cfgC = config.my.servers.collabora;
setup = import ../factories/mkserver.nix { inherit lib config; };
in
{
options.my.servers = {
@@ -175,6 +175,14 @@ in
];
#vps
serverAliases = [ "cloud.rotehaare.art" ];
extraConfig = ''
add_header X-XSS-Protection "1; mode=block" always;
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header X-Permitted-Cross-Domain-Policies "none" always;
'';
locations = {
"/".proxyWebsockets = true;
"~ ^/nextcloud/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|oc[ms]-provider/.+|.+/richdocumentscode/proxy).php(?:$|/)" =
@@ -187,6 +195,11 @@ in
http2 = true;
locations = {
# static files
"^~ /browser" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
};
# Legacy static files (for compatibility)
"^~ /loleaflet" = {
proxyPass = cfgC.local;
extraConfig = commonProxyConfig;
@@ -202,11 +215,21 @@ in
extraConfig = commonProxyConfig;
};
# download, presentation, image upload and websocket
"~ ^/cool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy websocket (for compatibility)
"~ ^/lool" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Admin Console websocket
"^~ /cool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
};
# Legacy Admin Console websocket (for compatibility)
"^~ /lool/adminws" = {
proxyPass = cfgC.local;
extraConfig = commonWebsocketConfig;
@@ -231,23 +254,23 @@ in
};
collabora = lib.mkIf cfgC.enable {
autoStart = true;
image = "collabora/code";
imageFile = pkgs.dockerTools.pullImage {
imageName = "collabora/code";
imageDigest = "sha256:aab41379baf5652832e9237fcc06a768096a5a7fccc66cf8bd4fdb06d2cbba7f";
sha256 = "sha256-M66lynhzaOEFnE15Sy1N6lBbGDxwNw6ap+IUJAvoCLs=";
};
image = "collabora/code:latest";
ports = [ "9980:9980" ];
environment = {
TZ = config.my.timeZone;
domain = cfg.host;
aliasgroup1 = "${cfg.host}:443";
aliasgroup2 = "cloud.rotehaare.art:443";
aliasgroup1 = "${cfg.url}:443";
aliasgroup2 = "https://cloud.rotehaare.art:443";
server_name = cfgC.host;
dictionaries = "en_CA en_US es_MX es_ES fr_FR it pt_BR ru";
extra_params = ''
--o:ssl.enable=false
--o:ssl.termination=true
--o:remote_font_config.url=${cfg.url}/apps/richdocuments/settings/fonts.json
--o:logging.level=information
'';
DONT_GEN_SSL_CERT = "1";
SLEEPFORDEBUGGER = "0";
};
extraOptions = [
"--cap-add"

2
modules/servers/nix-serve.nix
View File

@@ -5,8 +5,8 @@
...
}:
let
cfg = config.my.servers.nix-serve;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.nix-serve;
in
{
options.my.servers.nix-serve = setup.mkOptions "nix-serve" "cache" 5000;

8
modules/servers/ombi.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.ombi;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ombi;
in
{
options.my.servers.ombi = setup.mkOptions "ombi" "requests" 3425;

8
modules/servers/plex-discord-bot.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.plex-discord-bot;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex-discord-bot;
name = "plex-discord-bot";
in
{

2
modules/servers/plex.nix
View File

@@ -4,8 +4,8 @@
...
}:
let
cfg = config.my.servers.plex;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.plex;
in
{
options.my.servers.plex = setup.mkOptions "plex" "plex" 32400;

2
modules/servers/portfolio.nix
View File

@@ -4,8 +4,8 @@
...
}:
let
cfg = config.my.websites.portfolio;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.websites.portfolio;
in
{
options.my.websites.portfolio = setup.mkOptions "portfolio" "portfolio" 0;

2
modules/servers/prowlarr.nix
View File

@@ -4,8 +4,8 @@
...
}:
let
cfg = config.my.servers.prowlarr;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.prowlarr;
in
{
options.my.servers.prowlarr = setup.mkOptions "prowlarr" "indexer" 9696;

12
modules/servers/qbittorrent.nix
View File

@@ -1,8 +1,8 @@
{
inputs,
lib,
config,
pkgs,
inputs,
...
}:
let
@@ -36,6 +36,10 @@ let
;
}
);
torrentCompletionScript = pkgs.writeShellScript "qbit-torrent-completion" ''
chown jawz:piracy -R "$1"
chmod -R 775 "$1"
'';
in
{
options.my.servers = {
@@ -50,6 +54,7 @@ in
};
};
config = lib.mkIf (config.my.servers.qbittorrent.enable && config.my.secureHost) {
my.network.firewall.additionalPorts = [ config.my.servers.qbittorrent.port ];
home-manager.users.jawz.xdg.dataFile.vuetorrent.source = vuetorrent;
sops.secrets =
let
@@ -72,7 +77,10 @@ in
"unpackerr/radarr-api" = mkUnpackerrSecret;
};
systemd = {
packages = [ pkgs.qbittorrent-nox ];
packages = [
pkgs.qbittorrent-nox
torrentCompletionScript
];
services."qbittorrent-nox@jawz" = {
enable = true;
overrideStrategy = "asDropin";

8
modules/servers/radarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.radarr;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.radarr;
in
{
options.my.servers.radarr = setup.mkOptions "radarr" "movies" 7878;

8
modules/servers/readeck.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.readeck;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.readeck;
in
{
options.my.servers.readeck = setup.mkOptions "readeck" "laters" 9546;

8
modules/servers/ryot.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.ryot;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.ryot;
in
{
options.my.servers.ryot = setup.mkOptions "ryot" "tracker" 8765;

1
modules/servers/sabnzbd.nix
View File

@@ -12,6 +12,7 @@ in
};
};
config = lib.mkIf cfg.enable {
my.network.firewall.additionalPorts = [ cfg.port ];
services.sabnzbd = {
inherit (cfg) enable;
group = "piracy";

8
modules/servers/shiori.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.shiori;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.shiori;
in
{
options.my.servers.shiori = setup.mkOptions "shiori" "bookmarks" 4368;

8
modules/servers/sonarr.nix
View File

@@ -1,7 +1,11 @@
{ lib, config, ... }:
{
lib,
config,
...
}:
let
cfg = config.my.servers.sonarr;
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.sonarr;
in
{
options.my.servers.sonarr = setup.mkOptions "sonarr" "series" 8989;

2
modules/servers/stash.nix
View File

@@ -5,9 +5,9 @@
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.stash;
cfgS = config.services.stash;
setup = import ../factories/mkserver.nix { inherit lib config; };
stashPythonFHS = pkgs.buildFHSEnv {
name = "stash-python-fhs";
targetPkgs =

4
modules/servers/synapse.nix
View File

@@ -5,10 +5,10 @@
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.synapse;
cfgE = config.my.servers.element;
domain = "wedsgk5ac2qcaf9yb.click";
setup = import ../factories/mkserver.nix { inherit lib config; };
clientConfig."m.homeserver".base_url = cfg.url;
serverConfig."m.server" = "${cfg.host}:443";
mkWellKnown = data: ''
@@ -58,7 +58,7 @@ in
];
settings = {
server_name = cfg.domain;
public_baseurl = cfg.url;
public_baseurl = "http://${config.my.ips.wg-server}:${toString cfg.port}";
federation_domain_whitelist = [ ];
allow_public_rooms_without_auth = false;
allow_public_rooms_over_federation = false;

6
modules/servers/tranga.nix
View File

@@ -1,4 +1,8 @@
{ config, lib, ... }:
{
config,
lib,
...
}:
let
setup = import ../factories/mkserver.nix { inherit lib config; };
cfg = config.my.servers.tranga;

3
modules/shell/multimedia.nix
View File

@@ -1,5 +1,6 @@
{
config,
inputs,
lib,
pkgs,
...
@@ -24,7 +25,7 @@
};
gallery-dl = {
enable = true;
settings = import ../../dotfiles/gallery-dl.nix;
settings = inputs.self.lib.importDotfile ../../dotfiles/gallery-dl.nix;
};
${config.my.shell.type} = {
initExtra = lib.mkAfter ''

38
modules/shell/tools.nix
View File

@@ -57,7 +57,7 @@ in
};
};
${shellType} = {
shellAliases = {
shellAliases = inputs.self.lib.mergeAliases inputs.self.lib.commonAliases {
cd = "z";
hh = "hstr";
ls = "eza --icons --group-directories-first";
@@ -70,26 +70,20 @@ in
uniq --count | sort -rn'';
};
}
// (
if shellType == "bash" then
{
initExtra = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}
else
{
initContent = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
}
);
//
inputs.self.lib.shellConditional shellType
''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
''
''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
};
programs = {
starship.enable = true;
@@ -112,8 +106,6 @@ in
jq # json parser
yq # yaml parser
smartmontools # check hard drie health
;
inherit (inputs.jawz-scripts.packages.x86_64-linux)
rmlint # amazing dupe finder that integrates well with BTRFS
;
};

15
modules/users/nixremote.nix
View File

@@ -1,13 +1,18 @@
{ lib, config, ... }:
{
lib,
config,
inputs,
...
}:
{
options.my.users.nixremote = {
enable = lib.mkEnableOption "nixremote user for distributed builds";
authorizedKeys = lib.mkOption {
type = lib.types.listOf lib.types.path;
default = [
../../secrets/ssh/ed25519_nixworkstation.pub
../../secrets/ssh/ed25519_nixserver.pub
../../secrets/ssh/ed25519_nixminiserver.pub
default = inputs.self.lib.getSshKeys [
"nixworkstation"
"nixserver"
"nixminiserver"
];
description = "List of SSH public key files to authorize for nixremote user";
};

217
parts/core.nix Normal file
View File

@@ -0,0 +1,217 @@
{ inputs, ... }:
let
system = "x86_64-linux";
mkpkgs =
repo:
import repo {
inherit system;
config.allowUnfree = true;
};
in
{
systems = [ system ];
flake = {
lib = {
commonModules = name: [
../hosts/${name}/configuration.nix
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.nixtendo-switch.nixosModules.nixtendo-switch
{
nixpkgs.overlays = [
(import ../config/overlay.nix { inherit mkpkgs inputs; })
inputs.doom-emacs.overlays.default
];
}
{
nix.registry = {
jawz.flake = inputs.self;
unstable.flake = inputs.nixpkgs-unstable;
};
}
];
createConfig =
name: local-nixpkgs:
let
lib = local-nixpkgs.lib // inputs.home-manager.lib;
in
lib.nixosSystem {
inherit system;
modules = inputs.self.lib.commonModules name;
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
langList =
builtins.readDir ../modules/dev
|> builtins.attrNames
|> map (file: baseNameOf file |> builtins.replaceStrings [ ".nix" ] [ "" ])
|> builtins.filter (name: name != "emacs");
autoImport =
dir: filterFn:
builtins.readDir dir
|> builtins.attrNames
|> builtins.filter (file: builtins.match ".*\\.nix" file != null && filterFn file)
|> map (file: dir + "/${file}");
proxy = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
http2 = true;
};
proxyReverse =
cfg:
inputs.self.lib.proxy {
"/" = {
proxyPass = "http://${cfg.ip}:${toString cfg.port}/";
proxyWebsockets = cfg.enableSocket or false;
};
};
proxyReverseFix =
cfg:
let
useLocalhost = cfg.hostName == cfg.hostName;
localHeaders = ''
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
in
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
${if useLocalhost then localHeaders else ""}
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_redirect off;
proxy_http_version 1.1;
'';
};
proxyReversePrivate =
cfg:
inputs.self.lib.proxyReverse cfg
// {
extraConfig = ''
ssl_verify_client on;
ssl_client_certificate ${cfg.certPath};
error_page 403 /403.html;
'';
};
commonAliases = {
cp = "cp -i";
mv = "mv -i";
mkdir = "mkdir -p";
mkcd = "(){ mkdir -p \"$1\" && cd \"$1\" }";
copy = "xclip -selection clipboard";
cdp = "pwd | copy";
cfp = "(){ readlink -f \"$1\" | copy }";
".." = "cd ..";
"..." = "cd ../..";
".3" = "cd ../../..";
".4" = "cd ../../../..";
".5" = "cd ../../../../..";
c = "cat";
sc = "systemctl --user";
jc = "journalctl --user -xefu";
};
xdgEnvironment =
let
XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_CACHE_HOME = "\${HOME}/.cache";
in
{
inherit XDG_DATA_HOME XDG_CONFIG_HOME XDG_CACHE_HOME;
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_STATE_HOME = "\${HOME}/.local/state";
PSQL_HISTORY = "${XDG_DATA_HOME}/psql_history";
REDISCLI_HISTFILE = "${XDG_DATA_HOME}/redis/rediscli_history";
WINEPREFIX = "${XDG_DATA_HOME}/wine";
ELECTRUMDIR = "${XDG_DATA_HOME}/electrum";
WGETRC = "${XDG_CONFIG_HOME}/wgetrc";
XCOMPOSECACHE = "${XDG_CACHE_HOME}/X11/xcompose";
"_JAVA_OPTIONS" = "-Djava.util.prefs.userRoot=${XDG_CONFIG_HOME}/java";
ORG_DEVICE = "workstation";
PATH = [ "\${HOME}/.local/bin" ];
};
getNixosHosts =
ips: hostName: lib:
builtins.attrNames ips
|> builtins.filter (
name: !(lib.hasPrefix "wg-" name) && name != "vps" && name != "router" && name != hostName
);
shellConditional =
shellType: bashContent: zshContent:
if shellType == "bash" then { initExtra = bashContent; } else { initContent = zshContent; };
mergeAliases = baseAliases: extraAliases: baseAliases // extraAliases;
importDotfile = path: import path;
getServicesWithNativeFirewall =
config: blacklist:
config.my.servers
|> builtins.attrNames
|> builtins.filter (
name:
(config.my.servers.${name}.enable or false)
&& !(builtins.elem name blacklist)
&& builtins.hasAttr name config.services
&& (config.services.${name} ? openFirewall)
);
generateFirewallPorts =
config: nativeServices: lib:
config.my.network.firewall.staticPorts
++ config.my.network.firewall.additionalPorts
++ (
config.my.servers
|> lib.filterAttrs (
name: srv: (srv.enable or false) && (srv ? port) && !(builtins.elem name nativeServices)
)
|> lib.attrValues
|> map (srv: srv.port)
);
mkEnabled = name: {
inherit name;
value.enable = true;
};
mkEnabledWithProxy = name: {
inherit name;
value = {
enable = true;
enableProxy = true;
};
};
mkEnabledIp = ip: name: {
inherit name;
value = {
enable = true;
inherit ip;
};
};
enableList = func: list: list |> map func |> builtins.listToAttrs;
mkPostgresDependency = config: serviceName: displayName: {
assertion = config.my.servers.${serviceName}.enable -> config.my.servers.postgres.enable;
message = "${displayName} requires PostgreSQL to be enabled";
};
mkPostgresDependencies =
config: serviceMap:
serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
sshKeys = {
deacero = ../secrets/ssh/ed25519_deacero.pub;
workstation = ../secrets/ssh/ed25519_workstation.pub;
server = ../secrets/ssh/ed25519_server.pub;
miniserver = ../secrets/ssh/ed25519_miniserver.pub;
galaxy = ../secrets/ssh/ed25519_galaxy.pub;
phone = ../secrets/ssh/ed25519_phone.pub;
vps = ../secrets/ssh/ed25519_vps.pub;
emacs = ../secrets/ssh/ed25519_emacs.pub;
# Build user keys (nixremote)
nixworkstation = ../secrets/ssh/ed25519_nixworkstation.pub;
nixserver = ../secrets/ssh/ed25519_nixserver.pub;
nixminiserver = ../secrets/ssh/ed25519_nixminiserver.pub;
};
getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
};
};
}

12
parts/devshells.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }:
{
perSystem = _: {
devShells =
inputs.self.lib.langList
|> map (name: {
inherit name;
value = inputs.self.nixosConfigurations.emacs.config.devShells.${name};
})
|> builtins.listToAttrs;
};
}

10
parts/hosts.nix Normal file
View File

@@ -0,0 +1,10 @@
{ inputs, ... }:
{
flake.nixosConfigurations = {
workstation = inputs.self.lib.createConfig "workstation" inputs.nixpkgs;
miniserver = inputs.self.lib.createConfig "miniserver" inputs.nixpkgs-small;
server = inputs.self.lib.createConfig "server" inputs.nixpkgs-small;
galaxy = inputs.self.lib.createConfig "galaxy" inputs.nixpkgs-small;
emacs = inputs.self.lib.createConfig "emacs" inputs.nixpkgs;
};
}

18
parts/packages.nix Normal file
View File

@@ -0,0 +1,18 @@
{ inputs, ... }:
{
perSystem =
{ system, ... }:
{
packages = (inputs.jawz-scripts.packages.${system} or { }) // {
emacs-vm = inputs.nixos-generators.nixosGenerate {
inherit system;
modules = inputs.self.lib.commonModules "emacs";
format = "vm";
specialArgs = {
inherit inputs;
outputs = inputs.self;
};
};
};
};
}

8
secrets/gallery.yaml
View File

@@ -1,5 +1,5 @@
gallery-dl:
secrets: ENC[AES256_GCM,data:5K9B7XZ3dOL1BIXLUvlE5D9xLkKkagvh2mMkFtd+6gJUJqPDwerp9QDcATeqiJLz54DGB1JI6podlCm8N3qVbA3aMHroSiAd2YaldqvLkh76vGDhfI6pAfYWmjLYR7KR/Qy5sy7qhkNmvhwV34JiqXMdfDaWDE9y9Zgqq3lyS/8mYixNh0sz9Pc7ohcIHpwVNcESxaPW9BCpzHOwhtZKqqgLTUrHCyO14YR1+hB+nGXnmtaFcFVDjb0ctHsgL8+R5Kw1oAE7s8fM+ghnKNqPusSVomTaNIQI8VMbk0YQyPsHn9zKEocjUEpwX7WdWmNLNjuYl29+NnJS7VCSOsZmqhNlKJMIvQ3v19UNIQG5/hB3QlBIlEr615W8l5q8jdD+twzufGkEnCIfZzn+T9UDijNlmZhK19lhOpF+mdi7vpzyJFrIK0JfFfRYnyvXOHIcDKK4rsMFTT8U04WM9PpYrUxWDmMMlAZsJ+Jj6d0jpRYsoB4C5ODKRa5V27wnhp9DQiQOAqvfYnUtCAFnFEqVu7qaa5WcQhG211Nhdcpvtyp/8sDXgZBTT/E8JTtG8YbSNUZxw3xE7fyp4Bdnb+bxbdcgVRGkFwZShu2qWF1Ckj4Lr2xzaBu+fGtUDqPnMq0PgQeRIVP/NsbtavrlISWhB5Ctw4QSRvGMTi5JqvhmLEWi5wvimYzt91aGj2tm/k8AOTtwwjK4iZyWKxE1PsjwmKwiEJZvTRKLTySxomqHDg1TOKGmAcJK/wCG7kO9ETp+yZxv1Sv3L7ZeCfyzM4fupRiPytbIMfeJsq6PxTpJGlD7lDC0EXUjRKV8JD8vnP91F0HXoZQ3tyb27/1BmZ/nSx3iGcmXhlV7eLgLS3MIpBChjget8d7oE4NnxBGrX8YoVFJzAUH5UawVNFHa3y/rKqUsS51vn0Q0Wxl+uK3KtK90TdML6VNW8HywWiNer5tbIY+Kl6I=,iv:4Sa8LyNhp2EyarQpQ19jJZFUAINmfuw3EnUVhiYGCJg=,tag:o5rLdUbGjao+SJ9Cqtr+jA==,type:str]
secrets: ENC[AES256_GCM,data:mU3qzDzrn2Q0AhMnrJAsxvpz3FECLl45RFmyvoWEMaoW52vKE62o8gUl2rWmihNrsR0YTxmjmxj2Ey0eoRHbH+SSg78GbveKxwqGS/SWxEY3Nr45p4h/rdgDFUcFBqSIOKuJxGSMLHiprAjET7h0NWbRAUL9QPVnAPT41YeZyiaZS5Y1hpvpMxlQF1XrPYgrBR35ZnraTdcYDhPf/UBnhWxQLsOLs4SKD6Bzy1OEjk6tkajhv3ZKrcbp3S1BGrirTm/WNZTEHqiTGiXQAirmY2BmF0YkkDCVWgTMCRc9o54k7KDw8WDRuZcGso7Gh6h0jkgppnjuRGyfUkFXa3bsfni47Ct0XFhUyJvzcG3juRYAAEdOj8Pgc2tF483hxmfzE19TEYC+4hxVpCfmJb//v8M01bsRLIR4eP0EMl5IkvomC7xSiUq1TqBhD6AMgmz2LthFoTIpCEgMNxzhpMf+zppxjfnDPDPZhkzed317HLEAuxAcLfzc+6ZV1gDZ+HUArR3+I3Z/dSwi5wh247c74Qi/sc41fZuhqtPTjeO6Ag2sn5zw28QF/vTkRMWyVqARiBHGkeE5MJjc24eMqZceWSGDwtxqX22kNTyU0ELUeNq94Mynqq4YcCp4bdk/2R/3eRM9ZQLGC0KvdmIizeVq5PI0t1RfdRupLHm8U0AWOpnB1Osxz1Xoab/1npOQABdEEPm+wWq3jIPyDOxtWUjW3EjrYaOnz/6GF0Wme9g7sMkfGC80Uvz3nxNVAT7eqp6bVcnlpGW/zTAbZe8UXBdmL7rjkO/CR5GhI+VOczVobzkkZPLFU5Fi4HqfPyQjXRufFWYjw5XO3hFs9T4hO3z5tl601B/TxGmV+hL0JOJQyZpYEryWxU5ScANAfHdZyPAJVoIm3udj5K1Ry4CIVBE0ltCZ489Kr4KjP4ZhvPMdb3KlNYuR6MJwwi6O85OTqaQAujeKeqk=,iv:eNSqKEW5kxINC4MKuWos1OLQ7f7821ot5JoN7fMFZXw=,tag:JkppEJr3O4aQR415MM5fqg==,type:str]
sops:
age:
- recipient: age1lufn6t35gs4wgevyr2gud4eec7lvkn7pgnnv4tja64ww3hef7gqq8fas37
@@ -38,7 +38,7 @@ sops:
d0YvYk8vNitDbzNCQ1VqS20xUWx6ZDgK+kIRATTtC0Vd7/uPf8E4pIans79Ksh6J
Y77+owFFw1AvQ3KvaI7QVfKW61MzxI+S1bWqI3ZNOJ19Qv4ZoVhnVg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-02T18:11:48Z"
mac: ENC[AES256_GCM,data:qKoRMXroUtMaH1yrgNQxUPX8FpUmLmNU29zyzfnKkmiLoPsWNsogHxNVkqosyvbW0y0w6XnQh4OrSd4FF3fi8ZuJfk54jDWO7jlXFRk+07OobPgngYvNXLw76BNkXnAtxcduV2cTuSY6XwnwE0LtxFDmkM8N/AxIC8jhKkGQtwY=,iv:n3yBotpOggFvSUnboAG1L7pJMMi1PfV8KsSHN3/Li8c=,tag:4D5TqqroQBZNKUYol/ZCHg==,type:str]
lastmodified: "2025-10-10T05:09:54Z"
mac: ENC[AES256_GCM,data:N/BwfrwWcnot36Kn6RFZjjpUIluzq5Upy5iVVV4XSs+/0PYdlZGytjoAB+E3gXyPsLZ93UqI0A9/5KbfXBuR2oY2F7iKsu5puzgyYWa0Gl2z9YcPnyDnk1dj7Ne77xJlqR9YquGzFKF8QdqFXFA9cdE3b/1usTFhP26oxofMXs0=,iv:Iz/LzS8yeKQgDiGchYdKNymBeekhopJtBWaQGOwRZlE=,tag:hMRwxJlKR21W7otW01GmGw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0