WIP: rewrite config #618
548 changed files with 5342 additions and 40432 deletions
2
.envrc
2
.envrc
|
@ -1 +1 @@
|
|||
use flake
|
||||
use flake
|
11
.github/dependabot.yml
vendored
11
.github/dependabot.yml
vendored
|
@ -1,11 +0,0 @@
|
|||
# To get started with Dependabot version updates, you'll need to specify which
|
||||
# package ecosystems to update and where the package manifests are located.
|
||||
# Please see the documentation for all configuration options:
|
||||
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
|
||||
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions" # See documentation for possible values
|
||||
directory: "/" # Location of package manifests
|
||||
schedule:
|
||||
interval: "weekly"
|
24
.github/workflows/update-riscv.yaml
vendored
24
.github/workflows/update-riscv.yaml
vendored
|
@ -1,24 +0,0 @@
|
|||
name: update-riscv
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
jobs:
|
||||
pr:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
- name: Create update pull request
|
||||
run: |
|
||||
curl -X 'POST' \
|
||||
'https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/pulls' \
|
||||
-H 'Authorization: Bearer ${{secrets.GITHUB_TOKEN}}' \
|
||||
-H 'accept: application/json' \
|
||||
-H 'Content-Type: application/json' \
|
||||
-d '{
|
||||
"base": "main-riscv",
|
||||
"body": "Keeping main-riscv up to date",
|
||||
"head": "main",
|
||||
"title": "Update RISC-V config"
|
||||
}'
|
5
.gitignore
vendored
5
.gitignore
vendored
|
@ -1,5 +1,2 @@
|
|||
result
|
||||
*.qcow2
|
||||
*.fd
|
||||
.direnv
|
||||
/efi/secret
|
||||
.direnv/
|
105
.sops.yaml
105
.sops.yaml
|
@ -1,75 +1,72 @@
|
|||
keys:
|
||||
- &lotte age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- &nixos-8gb-fsn1-1 age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
|
||||
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
|
||||
- &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
|
||||
- &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc
|
||||
- &vf2 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
- &base age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
- &darkkirb age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||
- ¬522 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
|
||||
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
|
||||
- &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
|
||||
- &devterm age1sqvl2cwvzeztuelpwppaestqufzeap8uf0vgy7t5mzr9rwc3dpxqhx8ly9
|
||||
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
|
||||
creation_rules:
|
||||
- path_regex: secrets/shared\.yaml$
|
||||
- path_regex: machine/not522/secrets\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nixos-8gb-fsn1-1
|
||||
- *base
|
||||
- *not522
|
||||
- path_regex: services/tailscale\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *not522
|
||||
- *rainbow-resort
|
||||
- *thinkrac
|
||||
- *nas
|
||||
- *instance-20221213-1915
|
||||
- *vf2
|
||||
- path_regex: services/restic\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *not522
|
||||
- *rainbow-resort
|
||||
- *lotte
|
||||
- *devterm
|
||||
- path_regex: secrets/nixos-8gb-fsn1-1\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nixos-8gb-fsn1-1
|
||||
- *lotte
|
||||
- path_regex: secrets/thinkrac\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *thinkrac
|
||||
- *lotte
|
||||
- path_regex: secrets/nixos\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *lotte
|
||||
- path_regex: secrets/nas\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nas
|
||||
- *lotte
|
||||
- path_regex: secrets/desktop\.yaml$
|
||||
- path_regex: users/root/system\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *not522
|
||||
- *pc-installer
|
||||
- *rainbow-resort
|
||||
- *thinkrac
|
||||
- path_regex: users/darkkirb/system\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *not522
|
||||
- *pc-installer
|
||||
- *rainbow-resort
|
||||
- *lotte
|
||||
- *devterm
|
||||
- path_regex: secrets/instance-20221213-1915\.yaml$
|
||||
- *thinkrac
|
||||
- path_regex: users/darkkirb/home-manager/keys.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *instance-20221213-1915
|
||||
- *lotte
|
||||
- path_regex: secrets/vf2\.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *vf2
|
||||
- *lotte
|
||||
- path_regex: secrets/rainbow-resort\.yaml$
|
||||
- *base
|
||||
- *darkkirb
|
||||
- path_regex: programs/ssh/shared-keys.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *darkkirb
|
||||
- *not522
|
||||
- *pc-installer
|
||||
- *rainbow-resort
|
||||
- *lotte
|
||||
- path_regex: secrets/devterm\.yaml$
|
||||
- *thinkrac
|
||||
- path_regex: programs/desktop/pim/secrets.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *devterm
|
||||
- *lotte
|
||||
- path_regex: secrets/kubernetes\.yaml$
|
||||
- *base
|
||||
- *darkkirb
|
||||
- path_regex: config/kde/krdp.yaml$
|
||||
key_groups:
|
||||
- age:
|
||||
- *nixos-8gb-fsn1-1
|
||||
- *nas
|
||||
- *instance-20221213-1915
|
||||
- *rainbow-resort
|
||||
- *lotte
|
||||
- *base
|
||||
- *darkkirb
|
||||
- path_regex: services/desktop/gpg/privkey.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *base
|
||||
- *darkkirb
|
18
.vscode/settings.json
vendored
18
.vscode/settings.json
vendored
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
"python.formatting.provider": "yapf",
|
||||
"conventionalCommits.scopes": ["thinkrac", "aarch64"],
|
||||
"files.associations": {
|
||||
"*.hujson": "jsonc"
|
||||
},
|
||||
"json.schemas": [
|
||||
{
|
||||
"fileMatch": ["*.hujson"],
|
||||
"schema": {
|
||||
"allowTrailingCommas": true
|
||||
}
|
||||
}
|
||||
],
|
||||
"files.watcherExclude": {
|
||||
"**/target": true
|
||||
}
|
||||
}
|
3
README.md
Normal file
3
README.md
Normal file
|
@ -0,0 +1,3 @@
|
|||
# Lotte’s New Nix configuration
|
||||
|
||||
Very WIP rewrite
|
|
@ -1,50 +0,0 @@
|
|||
_: {
|
||||
networking.firewall.extraCommands = ''
|
||||
# Taken from https://gist.github.com/rampageX/5cbe95be43ca3165f4d963629e3bb946
|
||||
# Block Torrent algo string using Boyer-Moore (bm)
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "BitTorrent" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "BitTorrent protocol" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "peer_id=" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string ".torrent" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "announce.php?passkey=" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "torrent" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "announce" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "info_hash" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string "/default.ida?" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string ".exe?/c+dir" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo bm --string ".exe?/c_tftp" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "BitTorrent" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "BitTorrent protocol" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "peer_id=" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string ".torrent" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "announce.php?passkey=" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "torrent" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "announce" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "info_hash" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string "/default.ida?" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string ".exe?/c+dir" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo bm --string ".exe?/c_tftp" -j DROP
|
||||
# Block Torrent keys
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "peer_id" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "BitTorrent" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "BitTorrent protocol" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "bittorrent-announce" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "announce.php?passkey=" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "peer_id" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "BitTorrent" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "BitTorrent protocol" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "bittorrent-announce" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce.php?passkey=" -j DROP
|
||||
# Block Distributed Hash Table (DHT) keywords
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "find_node" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "info_hash" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "get_peers" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "announce" -j DROP
|
||||
iptables -I FORWARD 1 -m string --algo kmp --string "announce_peers" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "find_node" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "info_hash" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "get_peers" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce" -j DROP
|
||||
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce_peers" -j DROP
|
||||
'';
|
||||
}
|
|
@ -1,91 +1,18 @@
|
|||
{ pkgs, nixos-config, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
system,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./users/darkkirb.nix
|
||||
./users/root.nix
|
||||
./nix.nix
|
||||
./sops.nix
|
||||
./home.nix
|
||||
./services/restic.nix
|
||||
./specialization.nix
|
||||
./services/promtail.nix
|
||||
./env.nix
|
||||
./tailscale.nix
|
||||
./services/otel.nix
|
||||
];
|
||||
services.openssh.enable = true;
|
||||
environment.systemPackages = with pkgs;
|
||||
[
|
||||
git
|
||||
]
|
||||
++ (
|
||||
if system != "riscv64-linux"
|
||||
then [kitty.terminfo]
|
||||
else []
|
||||
);
|
||||
networking.firewall.allowedTCPPorts = [22];
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
{
|
||||
from = 60000;
|
||||
to = 61000;
|
||||
}
|
||||
];
|
||||
|
||||
users.defaultUserShell = pkgs.zsh;
|
||||
|
||||
environment.pathsToLink = ["/share/zsh"];
|
||||
|
||||
console.keyMap = "neo";
|
||||
|
||||
security.sudo.extraConfig = ''
|
||||
Defaults env_keep += "TMUX"
|
||||
'';
|
||||
|
||||
programs.zsh.enable = true;
|
||||
users.mutableUsers = false;
|
||||
|
||||
sops.secrets."root/aws/credentials" = {
|
||||
sopsFile = ../secrets/shared.yaml;
|
||||
owner = "root";
|
||||
key = "aws/credentials";
|
||||
path = "/root/.aws/credentials";
|
||||
};
|
||||
sops.secrets."root/ssh/builder_id_ed25519" = {
|
||||
sopsFile = ../secrets/shared.yaml;
|
||||
owner = "root";
|
||||
key = "ssh/builder_id_ed25519";
|
||||
path = "/root/.ssh/builder_id_ed25519";
|
||||
};
|
||||
sops.secrets."darkkirb/ssh/builder_id_ed25519" = {
|
||||
sopsFile = ../secrets/shared.yaml;
|
||||
owner = "darkkirb";
|
||||
key = "ssh/builder_id_ed25519";
|
||||
path = "/home/darkkirb/.ssh/builder_id_ed25519";
|
||||
};
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
"nas.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
|
||||
"backup.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
|
||||
};
|
||||
boot.kernel.sysctl = {
|
||||
"fs.inotify.max_user_watches" = 524288;
|
||||
};
|
||||
services.prometheus.exporters.node = {
|
||||
port = 31941;
|
||||
enabledCollectors = [
|
||||
"buddyinfo"
|
||||
"cgroups"
|
||||
"systemd"
|
||||
"ethtool"
|
||||
];
|
||||
enable = true;
|
||||
};
|
||||
i18n.defaultLocale = "nl_NL.UTF-8";
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"olm-3.2.16"
|
||||
"${nixos-config}/modules"
|
||||
"${nixos-config}/services/tailscale.nix"
|
||||
"${nixos-config}/services/openssh.nix"
|
||||
"${nixos-config}/services/restic.nix"
|
||||
"${nixos-config}/users"
|
||||
"${nixos-config}/programs"
|
||||
./systemd-boot.nix
|
||||
./i18n.nix
|
||||
./overlays
|
||||
];
|
||||
boot.initrd.systemd.enable = true;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
security.sudo.enable = false;
|
||||
}
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
_: let
|
||||
mkSopsSecret = {
|
||||
name,
|
||||
path,
|
||||
}: {
|
||||
name = "desktop/${name}";
|
||||
value = {
|
||||
sopsFile = ../secrets/desktop.yaml;
|
||||
owner = "darkkirb";
|
||||
key = name;
|
||||
path = "/home/darkkirb/${path}";
|
||||
};
|
||||
};
|
||||
in {
|
||||
sops.secrets = builtins.listToAttrs (map mkSopsSecret [
|
||||
{
|
||||
name = "aws/credentials";
|
||||
path = ".aws/credentials";
|
||||
}
|
||||
{
|
||||
name = ".config/gh/hosts.yml";
|
||||
path = ".config/gh/hosts.yml";
|
||||
}
|
||||
]);
|
||||
}
|
|
@ -1,209 +0,0 @@
|
|||
{
|
||||
system,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
} @ args: let
|
||||
lockscreen-all = pkgs.writeScript "lockscreen-all" ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
|
||||
if ${pkgs.coreutils}/bin/[ -z "$(${pkgs.usbutils}/bin/lsusb | grep Yubico)" ]; then
|
||||
${pkgs.systemd}/bin/loginctl list-sessions | ${pkgs.gnugrep}/bin/grep '^\ ' | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.findutils}/bin/xargs -i ${pkgs.systemd}/bin/loginctl lock-session {}
|
||||
fi
|
||||
'';
|
||||
in {
|
||||
imports =
|
||||
[
|
||||
./services/pipewire.nix
|
||||
./desktop-secrets.nix
|
||||
./services/cups.nix
|
||||
./services/docker.nix
|
||||
./services/cifs.nix
|
||||
./kde.nix
|
||||
#./sway.nix
|
||||
]
|
||||
/*
|
||||
++ (
|
||||
if system == "x86_64-linux"
|
||||
then [./programs/virtualbox.nix]
|
||||
else []
|
||||
)
|
||||
*/
|
||||
;
|
||||
fonts = {
|
||||
fontDir.enable = true;
|
||||
fontconfig = {
|
||||
enable = true;
|
||||
defaultFonts = {
|
||||
emoji = ["Noto Color Emoji"];
|
||||
monospace = ["Fira Code" "Font Awesome 5 Free"];
|
||||
sansSerif = ["Noto Sans" "Font Awesome 5 Free"];
|
||||
serif = ["Noto Serif" "Font Awesome 5 Free"];
|
||||
};
|
||||
};
|
||||
packages = with pkgs; [
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
font-awesome
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-emoji
|
||||
noto-fonts-extra
|
||||
(nerdfonts.override {fonts = ["FiraCode" "DroidSansMono" "Noto"];})
|
||||
nasin-nanpa
|
||||
fairfax-hd
|
||||
(pkgs.stdenvNoCC.mkDerivation rec {
|
||||
pname = "zbalermorna";
|
||||
version = "920b28d798ae1c06885c674bbf02b08ffed12b2f";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "jackhumbert";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
sha256 = "00sl3f1x4frh166mq85lwl9v1f5r3ckkfg8id5fibafymick5vyp";
|
||||
};
|
||||
installPhase = ''
|
||||
mkdir -p $out/share/fonts
|
||||
cp -r $src/fonts/*.otf $out/share/fonts
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
fonts.fontconfig.localConf = ''
|
||||
<?xml version="1.0"?>
|
||||
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
|
||||
<fontconfig>
|
||||
<match target="scan">
|
||||
<test name="family">
|
||||
<string>Fairfax HD</string>
|
||||
</test>
|
||||
<edit name="spacing">
|
||||
<int>100</int>
|
||||
</edit>
|
||||
</match>
|
||||
</fontconfig>
|
||||
'';
|
||||
|
||||
time.timeZone = "Europe/Berlin";
|
||||
services.pcscd.enable = true;
|
||||
|
||||
security.pam = {
|
||||
services.login.u2fAuth = true;
|
||||
services.swaylock.u2fAuth = true;
|
||||
u2f = {
|
||||
enable = true;
|
||||
control = "required";
|
||||
};
|
||||
};
|
||||
services.udev.extraRules = ''
|
||||
ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="${lockscreen-all}"
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="e621", ATTRS{idProduct}=="0000", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="e621", ATTRS{idProduct}=="0000", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0306", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0330", TAG+="uaccess"
|
||||
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS={idProduct}=="6010", OWNER="user", MODE="0777", GROUP="dialout"
|
||||
'';
|
||||
programs.steam.enable = system == "x86_64-linux";
|
||||
nixpkgs.overlays = [
|
||||
(curr: prev: {
|
||||
steam = prev.steam.override {
|
||||
extraPkgs = pkgs:
|
||||
with pkgs; [
|
||||
mono
|
||||
fuse
|
||||
];
|
||||
};
|
||||
})
|
||||
];
|
||||
services.flatpak.enable = true;
|
||||
programs.java.enable = true;
|
||||
hardware.opengl.driSupport32Bit = lib.mkForce (system == "x86_64-linux");
|
||||
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
|
||||
desktop = true;
|
||||
inherit args;
|
||||
};
|
||||
|
||||
# For syncthing
|
||||
networking.firewall.allowedTCPPorts = [22000];
|
||||
networking.firewall.allowedUDPPorts = [22000];
|
||||
networking.firewall.allowedTCPPortRanges = [
|
||||
{
|
||||
from = 1714;
|
||||
to = 1764;
|
||||
}
|
||||
];
|
||||
networking.firewall.allowedUDPPortRanges = [
|
||||
{
|
||||
from = 1714;
|
||||
to = 1764;
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
pinentry-qt
|
||||
dotool
|
||||
wl-clipboard
|
||||
#plasma5Packages.thirdParty.lightly
|
||||
];
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
wlr.enable = true;
|
||||
# gtk portal needed to make gtk apps happy
|
||||
extraPortals = [pkgs.xdg-desktop-portal-gtk];
|
||||
config.common.default = "*";
|
||||
};
|
||||
programs.dconf.enable = true;
|
||||
services.xserver = {
|
||||
enable = true;
|
||||
libinput.enable = true;
|
||||
layout = "de";
|
||||
xkbVariant = "neo";
|
||||
displayManager.lightdm.enable = false;
|
||||
extraLayouts.zlr = {
|
||||
description = "lojban layout";
|
||||
languages = ["jbo"];
|
||||
symbolsFile = ../extra/keyboard/symbols;
|
||||
};
|
||||
};
|
||||
i18n.inputMethod = {
|
||||
enabled = "ibus";
|
||||
ibus.engines = with pkgs.ibus-engines; [anthy];
|
||||
};
|
||||
security.polkit.enable = true;
|
||||
services.dbus.enable = true;
|
||||
services.dbus.packages = with pkgs; [dconf];
|
||||
# Futureproofing: on non-x86 machines, emulate x86
|
||||
boot.binfmt.emulatedSystems =
|
||||
if system != "x86_64-linux"
|
||||
then [
|
||||
"x86_64-linux"
|
||||
"i686-linux"
|
||||
]
|
||||
else [];
|
||||
|
||||
virtualisation = {
|
||||
waydroid.enable = true;
|
||||
lxd.enable = true;
|
||||
};
|
||||
|
||||
programs.gamemode.enable = true;
|
||||
nixpkgs.config.permittedInsecurePackages = ["electron-26.3.0"];
|
||||
|
||||
boot = {
|
||||
plymouth.enable = true;
|
||||
consoleLogLevel = 0;
|
||||
initrd.verbose = false;
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"splash"
|
||||
"boot.shell_on_fail"
|
||||
"loglevel=3"
|
||||
"rd.systemd.show_status=false"
|
||||
"rd.udev.log_level=3"
|
||||
"udev.log_priority=3"
|
||||
];
|
||||
loader.timeout = 0;
|
||||
};
|
||||
}
|
|
@ -1,114 +0,0 @@
|
|||
{
|
||||
nixos-hardware,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-devterm;
|
||||
boot.kernelParams = ["fbcon=rotate:1"];
|
||||
networking.hostName = "devterm";
|
||||
imports = [
|
||||
./desktop.nix
|
||||
];
|
||||
boot.loader = {
|
||||
grub.enable = lib.mkDefault false;
|
||||
generic-extlinux-compatible.enable = lib.mkDefault true;
|
||||
};
|
||||
boot.initrd = {
|
||||
includeDefaultModules = false;
|
||||
availableKernelModules = [
|
||||
"usbhid"
|
||||
"usb_storage"
|
||||
"vc4"
|
||||
"pcie_brcmstb" # required for the pcie bus to work
|
||||
"reset-raspberrypi" # required for vl805 firmware to load
|
||||
"mmc_block"
|
||||
"usbhid"
|
||||
"hid_generic"
|
||||
"panel_cwd686"
|
||||
"ocp8178_bl"
|
||||
"ti_adc081c"
|
||||
];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
libraspberrypi
|
||||
raspberrypi-eeprom
|
||||
];
|
||||
system.stateVersion = "24.05";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mmcblk0p2";
|
||||
fsType = "btrfs";
|
||||
options = ["compress=zstd"];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/mmcblk0p1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
security.pam = {
|
||||
services.login.u2fAuth = lib.mkForce false;
|
||||
services.swaylock.u2fAuth = lib.mkForce false;
|
||||
u2f.enable = lib.mkForce false;
|
||||
services.sddm.u2fAuth = lib.mkForce false;
|
||||
};
|
||||
networking.networkmanager.enable = true;
|
||||
users.users.darkkirb.extraGroups = ["networkmanager"];
|
||||
hardware.deviceTree.filter = "*rpi*.dtb";
|
||||
hardware.deviceTree.overlays = [
|
||||
{
|
||||
name = "dwc2";
|
||||
dtsFile = ./devterm/dwc2-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "cma";
|
||||
dtsFile = ./devterm/cma-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "vc4-kms-v3d-pi4";
|
||||
dtsFile = ./devterm/vc4-kms-v3d-pi4-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "devterm-pmu";
|
||||
dtsFile = ./devterm/devterm-pmu-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "devterm-panel";
|
||||
dtsFile = ./devterm/devterm-panel-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "devterm-misc";
|
||||
dtsFile = ./devterm/devterm-misc-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "audremap";
|
||||
dtsFile = ./devterm/audremap-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "spi";
|
||||
dtsFile = ./devterm/spi0-overlay.dts;
|
||||
}
|
||||
{
|
||||
name = "devterm-overlay";
|
||||
dtsFile = ./devterm/devterm-overlay.dts;
|
||||
}
|
||||
];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
services.xserver.xkbVariant = lib.mkForce "us";
|
||||
console.keyMap = lib.mkForce "us";
|
||||
home-manager.users.darkkirb.wayland.windowManager.sway.config.input."*" = lib.mkForce {
|
||||
xkb_layout = "us";
|
||||
xkb_variant = "altgr-intl";
|
||||
};
|
||||
boot.initrd.systemd.tpm2.enable = lib.mkForce false;
|
||||
systemd.tpm2.enable = lib.mkForce false;
|
||||
services.displayManager = {
|
||||
autoLogin = {
|
||||
enable = true;
|
||||
user = "darkkirb";
|
||||
};
|
||||
sddm = {
|
||||
autoLogin.relogin = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,23 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target = <&audio_pins>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@1 {
|
||||
target = <&audio_pins>;
|
||||
__overlay__ {
|
||||
brcm,pins = < 12 13 >;
|
||||
brcm,function = < 4 >; /* alt0 alt0 */
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
};
|
|
@ -1,14 +0,0 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target = <&cma>;
|
||||
__overlay__ {
|
||||
size = <(384 * 1024 * 1024)>;
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,80 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/{
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target = <&i2c1>;
|
||||
__overlay__ {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <0>;
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&i2c1_pins>;
|
||||
status = "okay";
|
||||
|
||||
adc101c: adc@54 {
|
||||
reg = <0x54>;
|
||||
compatible = "ti,adc101c";
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fragment@1 {
|
||||
target = <&spi4>;
|
||||
__overlay__ {
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&spi4_pins &spi4_cs_pins>;
|
||||
cs-gpios = <&gpio 4 1>;
|
||||
status = "okay";
|
||||
|
||||
spidev4_0: spidev@0 {
|
||||
compatible = "spidev";
|
||||
reg = <0>; /* CE0 */
|
||||
#address-cells = <1>;
|
||||
#size-cells = <0>;
|
||||
spi-max-frequency = <125000000>;
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fragment@2 {
|
||||
target = <&uart1>;
|
||||
__overlay__ {
|
||||
pinctrl-names = "default";
|
||||
pinctrl-0 = <&uart1_pins>;
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@3 {
|
||||
target = <&gpio>;
|
||||
__overlay__ {
|
||||
|
||||
i2c1_pins: i2c1 {
|
||||
brcm,pins = <44 45>;
|
||||
brcm,function = <6>;
|
||||
};
|
||||
|
||||
spi4_pins: spi4_pins {
|
||||
brcm,pins = <6 7>;
|
||||
brcm,function = <7>;
|
||||
};
|
||||
|
||||
spi4_cs_pins: spi0_cs_pins {
|
||||
brcm,pins = <4>;
|
||||
brcm,function = <1>;
|
||||
};
|
||||
|
||||
uart1_pins: uart1_pins {
|
||||
brcm,pins = <14 15>;
|
||||
brcm,function = <2>;
|
||||
brcm,pull = <0 2>;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
};
|
|
@ -1,130 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
fragment@0 {
|
||||
target = <&dma40>;
|
||||
__overlay__ {
|
||||
dma-channel-mask = <0x3000>;
|
||||
};
|
||||
};
|
||||
fragment@1 {
|
||||
target = <&hdmi0>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@2 {
|
||||
target = <&uart0_pins>;
|
||||
__overlay__ {
|
||||
brcm,pull = <0x02 0x00 0x00 0x02>;
|
||||
brcm,pins = <0x1e 0x1f 0x20 0x21>;
|
||||
};
|
||||
};
|
||||
fragment@3 {
|
||||
target = <&dvp>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@4 {
|
||||
target = <&pixelvalve4>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@5 {
|
||||
target = <&ddc1>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@6 {
|
||||
target = <&txp>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@7 {
|
||||
target = <&hvs>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@8 {
|
||||
target = <&pixelvalve3>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@9 {
|
||||
target = <&spi4>;
|
||||
__overlay__ {
|
||||
pinctrl-0 = <0xf0 0xf1>;
|
||||
};
|
||||
};
|
||||
fragment@10 {
|
||||
target = <&pixelvalve2>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@11 {
|
||||
target = <&uart1>;
|
||||
__overlay__ {
|
||||
pinctrl-0 = <0xf2>;
|
||||
status = "disabled";
|
||||
};
|
||||
};
|
||||
fragment@12 {
|
||||
target = <&pixelvalve1>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@13 {
|
||||
target = <&hdmi1>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@14 {
|
||||
target = <&spi4>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@15 {
|
||||
target = <&ddc0>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@16 {
|
||||
target = <&aon_intr>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@17 {
|
||||
target = <&pixelvalve0>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
fragment@18 {
|
||||
target = <&audio>;
|
||||
__overlay__ {
|
||||
brcm,disable-headphones = <0x00>;
|
||||
status = "okay";
|
||||
bcrm,disable-hdmi;
|
||||
};
|
||||
};
|
||||
fragment@19 {
|
||||
target-path = "/chosen";
|
||||
__overlay__ {
|
||||
bootargs = "coherent_pool=1M 8250.nr_uarts=0 snd_bcm2835.enable_compat_alsa=0 snd_bcm2835.enable_hdmi=1 8250.nr_uarts=0 smsc95xx.macaddr=E4:5F:01:E4:FE:2D vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 8250.nr_uarts=1";
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,47 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target=<&dsi1>;
|
||||
__overlay__ {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <0>;
|
||||
status = "okay";
|
||||
|
||||
port {
|
||||
dsi_out_port: endpoint {
|
||||
remote-endpoint = <&panel_dsi_port>;
|
||||
};
|
||||
};
|
||||
|
||||
panel_cwd686: panel@0 {
|
||||
compatible = "cw,cwd686";
|
||||
reg = <0>;
|
||||
reset-gpio = <&gpio 8 1>;
|
||||
backlight = <&ocp8178_backlight>;
|
||||
rotation = <0x5a>;
|
||||
|
||||
port {
|
||||
panel_dsi_port: endpoint {
|
||||
remote-endpoint = <&dsi_out_port>;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fragment@1 {
|
||||
target-path = "/";
|
||||
__overlay__ {
|
||||
ocp8178_backlight: backlight@0 {
|
||||
compatible = "ocp8178-backlight";
|
||||
backlight-control-gpios = <&gpio 9 0>;
|
||||
default-brightness = <5>;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
|
@ -1,104 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target = <&i2c0if>;
|
||||
__overlay__ {
|
||||
#address-cells = <1>;
|
||||
#size-cells = <0>;
|
||||
pinctrl-0 = <&i2c0_pins>;
|
||||
pinctrl-names = "default";
|
||||
status = "okay";
|
||||
|
||||
axp22x: pmic@34 {
|
||||
interrupt-controller;
|
||||
#interrupt-cells = <1>;
|
||||
compatible = "x-powers,axp223";
|
||||
reg = <0x34>; /* i2c address */
|
||||
interrupt-parent = <&gpio>;
|
||||
interrupts = <2 8>; /* IRQ_TYPE_EDGE_FALLING */
|
||||
irq-gpios = <&gpio 2 0>;
|
||||
|
||||
regulators {
|
||||
|
||||
x-powers,dcdc-freq = <3000>;
|
||||
|
||||
reg_aldo1: aldo1 {
|
||||
regulator-always-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
regulator-name = "audio-vdd";
|
||||
};
|
||||
|
||||
reg_aldo2: aldo2 {
|
||||
regulator-always-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
regulator-name = "display-vcc";
|
||||
};
|
||||
|
||||
reg_dldo2: dldo2 {
|
||||
regulator-always-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
regulator-name = "dldo2";
|
||||
};
|
||||
|
||||
reg_dldo3: dldo3 {
|
||||
regulator-always-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
regulator-name = "dldo3";
|
||||
};
|
||||
|
||||
reg_dldo4: dldo4 {
|
||||
regulator-always-on;
|
||||
regulator-min-microvolt = <3300000>;
|
||||
regulator-max-microvolt = <3300000>;
|
||||
regulator-name = "dldo4";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
battery_power_supply: battery-power-supply {
|
||||
compatible = "x-powers,axp221-battery-power-supply";
|
||||
monitored-battery = <&battery>;
|
||||
};
|
||||
|
||||
ac_power_supply: ac_power_supply {
|
||||
compatible = "x-powers,axp221-ac-power-supply";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
fragment@1 {
|
||||
target = <&i2c0if>;
|
||||
__overlay__ {
|
||||
compatible = "brcm,bcm2708-i2c";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@2 {
|
||||
target-path = "/aliases";
|
||||
__overlay__ {
|
||||
i2c0 = "/soc/i2c@7e205000";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@3 {
|
||||
target-path = "/";
|
||||
__overlay__ {
|
||||
battery: battery@0 {
|
||||
compatible = "simple-battery";
|
||||
constant-charge-current-max-microamp = <2100000>;
|
||||
voltage-min-design-microvolt = <3300000>;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
|
@ -1,22 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@0 {
|
||||
target = <&usb>;
|
||||
#address-cells = <0x01>;
|
||||
#size-cells = <0x01>;
|
||||
|
||||
__overlay__ {
|
||||
compatible = "brcm,bcm2835-usb";
|
||||
dr_mode = "host";
|
||||
g-np-tx-fifo-size = <0x20>;
|
||||
g-rx-fifo-size = <0x22e>;
|
||||
g-tx-fifo-size = <0x200 0x200 0x200 0x200 0x200 0x100 0x100>;
|
||||
status = "okay";
|
||||
phandle = <0x01>;
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,11 +0,0 @@
|
|||
/dts-v1/;
|
||||
/plugin/;
|
||||
/ {
|
||||
compatible = "bcrm,bcm2711";
|
||||
fragment@0 {
|
||||
target = <&spi>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
};
|
|
@ -1,35 +0,0 @@
|
|||
// SPDX-License-Identifier: GPL-2.0
|
||||
/dts-v1/;
|
||||
/plugin/;
|
||||
|
||||
/ {
|
||||
compatible = "brcm,bcm2711";
|
||||
|
||||
fragment@1 {
|
||||
target = <&fb>;
|
||||
__overlay__ {
|
||||
status = "disabled";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@2 {
|
||||
target = <&firmwarekms>;
|
||||
__overlay__ {
|
||||
status = "disabled";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@3 {
|
||||
target = <&v3d>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
|
||||
fragment@4 {
|
||||
target = <&vc4>;
|
||||
__overlay__ {
|
||||
status = "okay";
|
||||
};
|
||||
};
|
||||
};
|
20
config/documentation.nix
Normal file
20
config/documentation.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
{ ... }:
|
||||
{
|
||||
#documentation.nixos.includeAllModules = true;
|
||||
#documentation.nixos.options.warningsAreErrors = false;
|
||||
/*
|
||||
home-manager.users.darkkirb =
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
systemConfig,
|
||||
...
|
||||
}:
|
||||
{
|
||||
manual = lib.mkIf (config.home.version.release == systemConfig.system.nixos.release) {
|
||||
html.enable = true;
|
||||
json.enable = true;
|
||||
};
|
||||
};
|
||||
*/
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
environment.extraInit = let
|
||||
systemdBin = lib.getBin config.systemd.package;
|
||||
in ''
|
||||
set -a
|
||||
. /dev/fd/0 <<EOF
|
||||
$(${systemdBin}/lib/systemd/user-environment-generators/30-systemd-environment-d-generator)
|
||||
EOF
|
||||
set +a
|
||||
'';
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
args: {
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
nix-gaming,
|
||||
system,
|
||||
...
|
||||
}: let
|
||||
in {
|
||||
home.packages =
|
||||
[
|
||||
pkgs.prismlauncher
|
||||
pkgs.mgba-dev
|
||||
]
|
||||
++ (
|
||||
if system == "x86_64-linux"
|
||||
then [
|
||||
pkgs.xivlauncher
|
||||
(pkgs.wineWowPackages.stagingFull.override {waylandSupport = true;})
|
||||
]
|
||||
else []
|
||||
);
|
||||
}
|
37
config/graphical.nix
Normal file
37
config/graphical.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{
|
||||
nixos-config,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
time.timeZone = "Etc/GMT-1";
|
||||
isGraphical = true;
|
||||
imports = [
|
||||
./kde
|
||||
./documentation.nix
|
||||
./graphical/fonts.nix
|
||||
"${nixos-config}/services/security-key"
|
||||
];
|
||||
home-manager.users.darkkirb.imports =
|
||||
if config.isSway then
|
||||
[
|
||||
./sway
|
||||
./graphical/gtk-fixes
|
||||
]
|
||||
else
|
||||
[ ./graphical/gtk-fixes ];
|
||||
xdg.portal = {
|
||||
wlr.enable = config.isSway;
|
||||
extraPortals =
|
||||
with pkgs;
|
||||
(lib.mkIf config.isSway [
|
||||
xdg-desktop-portal-gtk
|
||||
xdg-desktop-portal-kde
|
||||
xdg-desktop-portal-wlr
|
||||
]);
|
||||
config.common.default = lib.mkIf config.isSway "wlr";
|
||||
};
|
||||
security.pam.services.swaylock = { };
|
||||
}
|
40
config/graphical/fonts.nix
Normal file
40
config/graphical/fonts.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
fonts = {
|
||||
fontDir.enable = true;
|
||||
fontconfig = {
|
||||
enable = true;
|
||||
defaultFonts = {
|
||||
emoji = [ "Noto Color Emoji" ];
|
||||
monospace = [
|
||||
"Fira Code"
|
||||
"Font Awesome 5 Free"
|
||||
];
|
||||
sansSerif = [
|
||||
"Noto Sans"
|
||||
"Font Awesome 5 Free"
|
||||
];
|
||||
serif = [
|
||||
"Noto Serif"
|
||||
"Font Awesome 5 Free"
|
||||
];
|
||||
};
|
||||
};
|
||||
packages = with pkgs; [
|
||||
fira-code
|
||||
fira-code-symbols
|
||||
font-awesome
|
||||
noto-fonts
|
||||
noto-fonts-cjk-sans
|
||||
noto-fonts-emoji
|
||||
noto-fonts-extra
|
||||
(nerdfonts.override {
|
||||
fonts = [
|
||||
"FiraCode"
|
||||
"DroidSansMono"
|
||||
"Noto"
|
||||
];
|
||||
})
|
||||
];
|
||||
};
|
||||
}
|
7
config/graphical/gtk-fixes/default.nix
Normal file
7
config/graphical/gtk-fixes/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
gtk.enable = true;
|
||||
imports = [
|
||||
./gtk3.nix
|
||||
];
|
||||
}
|
37
config/graphical/gtk-fixes/gtk3.nix
Normal file
37
config/graphical/gtk-fixes/gtk3.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ ... }:
|
||||
{
|
||||
gtk.gtk3 = {
|
||||
extraConfig = {
|
||||
gtk-decoration-layout = "menu:close";
|
||||
};
|
||||
extraCss = ''
|
||||
.window-frame, .window-frame:backdrop {
|
||||
box-shadow: 0 0 0 black;
|
||||
border-style: none;
|
||||
margin: 0;
|
||||
border-radius: 0;
|
||||
}
|
||||
|
||||
.titlebar {
|
||||
border-radius: 0;
|
||||
}
|
||||
|
||||
.window-frame.csd.popup {
|
||||
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.2), 0 0 0 1px rgba(0, 0, 0, 0.13);
|
||||
}
|
||||
|
||||
.header-bar {
|
||||
background-image: none;
|
||||
background-color: #ededed;
|
||||
box-shadow: none;
|
||||
}
|
||||
GtkLabel.title {
|
||||
opacity: 0;
|
||||
}
|
||||
'';
|
||||
};
|
||||
home.sessionVariables = {
|
||||
GTK_USE_PORTAL = 1;
|
||||
GDK_DEBUG = "portals"; # sigh…
|
||||
};
|
||||
}
|
20
config/graphical/plymouth.nix
Normal file
20
config/graphical/plymouth.nix
Normal file
|
@ -0,0 +1,20 @@
|
|||
# Unlike other modules in this directory, this one is not enabled by default
|
||||
# The default graphical configuration would enable this, the verbose configuration would not.
|
||||
{ ... }:
|
||||
{
|
||||
boot = {
|
||||
plymouth.enable = true;
|
||||
consoleLogLevel = 0;
|
||||
initrd.verbose = false;
|
||||
kernelParams = [
|
||||
"quiet"
|
||||
"splash"
|
||||
"boot.shell_on_fail"
|
||||
"loglevel=3"
|
||||
"rd.systemd.show_status=false"
|
||||
"rd.udev.log_level=3"
|
||||
"udev.log_priority=3"
|
||||
];
|
||||
loader.timeout = 0;
|
||||
};
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
_: {
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.version = 2;
|
||||
}
|
File diff suppressed because it is too large
Load diff
|
@ -1,120 +0,0 @@
|
|||
desktop: {
|
||||
pkgs,
|
||||
system,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
imports =
|
||||
[
|
||||
(import ../programs/zsh.nix desktop)
|
||||
../programs/tmux.nix
|
||||
(import ../programs/vim desktop)
|
||||
]
|
||||
++ (
|
||||
if desktop
|
||||
then [
|
||||
../programs/mail.nix
|
||||
../programs/taskwarrior.nix
|
||||
]
|
||||
else []
|
||||
);
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
oh-my-zsh = {
|
||||
enable = true;
|
||||
};
|
||||
initExtraBeforeCompInit = "source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
|
||||
|
||||
initExtra =
|
||||
if system != "riscv64-linux"
|
||||
then ''
|
||||
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
|
||||
|
||||
test -n "$KITTY_INSTALLATION_DIR" || export KITTY_INSTALLATION_DIR=${pkgs.kitty}/lib/kitty
|
||||
export KITTY_SHELL_INTEGRATION=enabled
|
||||
autoload -Uz -- "$KITTY_INSTALLATION_DIR"/shell-integration/zsh/kitty-integration
|
||||
kitty-integration
|
||||
unfunction kitty-integration
|
||||
''
|
||||
else "";
|
||||
|
||||
plugins = [
|
||||
];
|
||||
};
|
||||
autojump.enable = true;
|
||||
jq.enable = true;
|
||||
ledger.enable = true;
|
||||
};
|
||||
home.file.".p10k.zsh".source = ./.p10k.zsh;
|
||||
|
||||
home = {
|
||||
shellAliases =
|
||||
{
|
||||
cat = "bat";
|
||||
less = "bat";
|
||||
}
|
||||
// (
|
||||
if system != "riscv64-linux"
|
||||
then {
|
||||
icat = "${pkgs.kitty}/bin/kitty +kitten icat";
|
||||
d = "${pkgs.kitty}/bin/kitty +kitten diff";
|
||||
hg = "${pkgs.kitty}/bin/kitty +kitten hyperlinked_grep";
|
||||
#ssh = "${pkgs.kitty}/bin/kitty +kitten ssh";
|
||||
cargo = "${pkgs.cargo-mommy}/bin/cargo-mommy";
|
||||
}
|
||||
else {}
|
||||
);
|
||||
packages = with pkgs;
|
||||
[
|
||||
mosh
|
||||
ripgrep
|
||||
gh
|
||||
htop
|
||||
sops
|
||||
progress
|
||||
hexyl
|
||||
mc
|
||||
rclone
|
||||
libarchive
|
||||
p7zip
|
||||
unrar
|
||||
]
|
||||
++ (
|
||||
if desktop
|
||||
then [
|
||||
yubikey-manager
|
||||
yt-dlp
|
||||
oxipng
|
||||
jpegoptim
|
||||
#picard
|
||||
easytag
|
||||
alejandra
|
||||
yubico-piv-tool
|
||||
]
|
||||
else []
|
||||
);
|
||||
sessionVariables = if desktop then {
|
||||
QT_PLUGIN_PATH = lib.mkForce "\${QT_PLUGIN_PATH}:${config.i18n.inputMethod.package}/${pkgs.qt6.qtbase.qtPluginPrefix}:${pkgs.kdePackages.kimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}";
|
||||
} else {};
|
||||
};
|
||||
|
||||
programs.eza = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
programs.fzf = {
|
||||
enable = true;
|
||||
tmux.enableShellIntegration = true;
|
||||
};
|
||||
home.stateVersion = "22.05";
|
||||
manual.manpages.enable = false; # broken
|
||||
|
||||
_module.args.withNSFW = false;
|
||||
}
|
|
@ -1,34 +0,0 @@
|
|||
{
|
||||
desktop,
|
||||
args,
|
||||
}: {pkgs, ...}: {
|
||||
imports =
|
||||
[
|
||||
(import ./base.nix desktop)
|
||||
../programs/ssh.nix
|
||||
(import ../programs/git.nix desktop)
|
||||
../programs/direnv.nix
|
||||
]
|
||||
++ (
|
||||
if desktop
|
||||
then [
|
||||
#../programs/sway.nix
|
||||
../programs/firefox.nix
|
||||
../programs/waybar.nix
|
||||
../programs/ims.nix
|
||||
../programs/syncthing.nix
|
||||
../programs/plover.nix
|
||||
(import ../games/default.nix args)
|
||||
../programs/yubikey.nix
|
||||
../programs/keybase.nix
|
||||
../programs/keepass.nix
|
||||
../programs/vscode
|
||||
../programs/misc.nix
|
||||
../programs/zk.nix
|
||||
../programs/fcitx.nix
|
||||
../programs/gpg.nix
|
||||
../programs/zoom.nix
|
||||
]
|
||||
else []
|
||||
);
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
imports = [
|
||||
(import ./base.nix false)
|
||||
];
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
imports = [
|
||||
(import ./base.nix false)
|
||||
../programs/builders.nix
|
||||
];
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
_: {
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.users.root = import ./home-manager/root.nix;
|
||||
}
|
17
config/i18n.nix
Normal file
17
config/i18n.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ ... }:
|
||||
{
|
||||
console.keyMap = "neo";
|
||||
i18n.extraLocaleSettings = {
|
||||
LC_ADDRESS = "de_DE.UTF-8";
|
||||
LC_MONETARY = "de_DE.UTF-8";
|
||||
LC_NAME = "de_DE.UTF-8";
|
||||
LC_PAPER = "de_DE.UTF-8";
|
||||
LC_TELEPHONE = "de_DE.UTF-8";
|
||||
LC_TIME = "de_DE.UTF-8";
|
||||
};
|
||||
i18n.supportedLocales = [
|
||||
"C.UTF-8/UTF-8"
|
||||
"en_US.UTF-8/UTF-8"
|
||||
"de_DE.UTF-8/UTF-8"
|
||||
];
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{nixpkgs, ...}: {
|
||||
imports = [
|
||||
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
|
||||
];
|
||||
networking.hostId = "8425e349";
|
||||
}
|
|
@ -1,149 +0,0 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
modulesPath,
|
||||
...
|
||||
} @ args: {
|
||||
networking.hostName = "instance-20221213-1915";
|
||||
networking.hostId = "746d4523";
|
||||
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./systemd-boot.nix
|
||||
./server.nix
|
||||
./wireguard/public-server.nix
|
||||
./services/named-submissive.nix
|
||||
./services/shitalloverme.nix
|
||||
./users/remote-build.nix
|
||||
./services/atticd.nix
|
||||
./services/minecraft.nix
|
||||
./services/postgres.nix
|
||||
./services/uptime-kuma.nix
|
||||
./services/reverse-proxy.nix
|
||||
./wireguard
|
||||
./zfs.nix
|
||||
#./services/kubernetes.nix
|
||||
./services/gitea.nix
|
||||
./services/chir-rs.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "tank/local/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/6557-C4A0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "tank/local/nix";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
fileSystems."/persist" = {
|
||||
device = "tank/safe/persist";
|
||||
fsType = "zfs";
|
||||
neededForBoot = true;
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "tank/safe/home";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
|
||||
# https://grahamc.com/blog/erase-your-darlings
|
||||
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
||||
zfs rollback -r tank/local/root@blank
|
||||
'';
|
||||
|
||||
services.openssh = {
|
||||
hostKeys = [
|
||||
{
|
||||
path = "/persist/ssh/ssh_host_ed25519_key";
|
||||
type = "ed25519";
|
||||
}
|
||||
{
|
||||
path = "/persist/ssh/ssh_host_rsa_key";
|
||||
type = "rsa";
|
||||
bits = 4096;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L /var/lib/acme - - - - /persist/var/lib/acme"
|
||||
"L /var/lib/tailscale/tailscaled.state - - - - /persist/var/lib/tailscale/tailscaled.state"
|
||||
"d /build - - - - -"
|
||||
"L /var/lib/ipfs - - - - /persist/var/lib/ipfs"
|
||||
"L /var/lib/uptime-kuma - - - - /persist/var/lib/uptime-kuma"
|
||||
];
|
||||
|
||||
services.postgresql.dataDir = "/persist/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
|
||||
|
||||
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453/64"];
|
||||
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
|
||||
desktop = false;
|
||||
inherit args;
|
||||
};
|
||||
nix.settings.cores = 4;
|
||||
nix.settings.max-jobs = 4;
|
||||
nix.settings.system-features = [
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-armv8-a"
|
||||
"gccarch-armv8.1-a"
|
||||
"gccarch-armv8.2-a"
|
||||
"ca-derivations"
|
||||
];
|
||||
nix.daemonCPUSchedPolicy = "idle";
|
||||
nix.daemonIOSchedClass = "idle";
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
|
||||
sops.secrets."root/.ssh/id_ed25519" = {
|
||||
owner = "root";
|
||||
path = "/root/.ssh/id_ed25519";
|
||||
};
|
||||
sops.secrets."services/ssh/host-key" = {
|
||||
owner = "root";
|
||||
path = "/etc/secrets/initrd/ssh_host_ed25519_key";
|
||||
};
|
||||
sops.age.sshKeyPaths = lib.mkForce ["/persist/ssh/ssh_host_ed25519_key"];
|
||||
services.bind.forwarders = lib.mkForce [];
|
||||
boot.loader.systemd-boot.configurationLimit = lib.mkForce 1;
|
||||
services.tailscale.useRoutingFeatures = "server";
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "6GB";
|
||||
effective_cache_size = "18GB";
|
||||
maintenance_work_mem = "1536MB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "15728kB";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 4;
|
||||
max_parallel_workers_per_gather = 2;
|
||||
max_parallel_workers = 4;
|
||||
max_parallel_maintenance_workers = 2;
|
||||
};
|
||||
|
||||
services.restic.backups.sysbackup.paths = ["/persist"];
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
{
|
||||
security.pam.services.sddm.u2fAuth = true;
|
||||
services.displayManager.sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
wayland.compositor = "kwin";
|
||||
};
|
||||
services.xserver = {
|
||||
desktopManager.plasma6.enable = true;
|
||||
#desktopManager.plasma5.enable = true;
|
||||
displayManager.defaultSession = "plasma";
|
||||
#displayManager.defaultSession = "plasmawayland";
|
||||
};
|
||||
}
|
22
config/kde/default.nix
Normal file
22
config/kde/default.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.xserver.enable = !config.isSway;
|
||||
services.displayManager.sddm = {
|
||||
enable = !config.isSway;
|
||||
wayland.enable = true;
|
||||
wayland.compositor = "kwin";
|
||||
};
|
||||
services.desktopManager.plasma6.enable = !config.isSway;
|
||||
|
||||
imports = [
|
||||
./i18n.nix
|
||||
];
|
||||
|
||||
home-manager.users.darkkirb.imports =
|
||||
if !config.isSway then
|
||||
[
|
||||
./home-manager.nix
|
||||
]
|
||||
else
|
||||
[ ];
|
||||
}
|
16
config/kde/home-manager.nix
Normal file
16
config/kde/home-manager.nix
Normal file
|
@ -0,0 +1,16 @@
|
|||
{ plasma-manager, ... }:
|
||||
{
|
||||
programs.plasma.enable = true;
|
||||
programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false;
|
||||
programs.plasma.configFile.kwalletrc."org.freedesktop.secrets".apiEnabled = false;
|
||||
imports = [
|
||||
plasma-manager.homeManagerModules.plasma-manager
|
||||
./theming.nix
|
||||
./krdp.nix
|
||||
./konsole.nix
|
||||
];
|
||||
programs.plasma.kwin.virtualDesktops = {
|
||||
rows = 3;
|
||||
number = 9;
|
||||
};
|
||||
}
|
8
config/kde/i18n.nix
Normal file
8
config/kde/i18n.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.libinput.enable = true;
|
||||
services.xserver.xkb = {
|
||||
layout = "de";
|
||||
variant = "neo";
|
||||
};
|
||||
}
|
8
config/kde/konsole.nix
Normal file
8
config/kde/konsole.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
programs.konsole = {
|
||||
enable = true;
|
||||
defaultProfile = "Stylix";
|
||||
profiles.Stylix.colorScheme = "Stylix";
|
||||
};
|
||||
}
|
11
config/kde/krdp.nix
Normal file
11
config/kde/krdp.nix
Normal file
|
@ -0,0 +1,11 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
programs.plasma.configFile.krdpserverrc.General = {
|
||||
Autostart = true;
|
||||
Certificate = config.sops.secrets.".local/share/krdpserver/krdp.crt".path;
|
||||
CertificateKey = config.sops.secrets.".local/share/krdpserver/krdp.key".path;
|
||||
Users = "darkkirb";
|
||||
};
|
||||
sops.secrets.".local/share/krdpserver/krdp.key".sopsFile = ./krdp.yaml;
|
||||
sops.secrets.".local/share/krdpserver/krdp.crt".sopsFile = ./krdp.yaml;
|
||||
}
|
34
config/kde/krdp.yaml
Normal file
34
config/kde/krdp.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
.local:
|
||||
share:
|
||||
krdpserver:
|
||||
krdp.key: ENC[AES256_GCM,data:U5QhG2Ac5Dym8E0BToa+MNWUm6AHrqoxAu7RZjIWH5NjeK+Mt6fwuim1vTt55GZL7dkXehUc58NIUc7RgAIdY49+1akdOCzKWCtkGXW2jBS5p6bQt//9UlYS+P7olS9Mc6UWZ+2cSJw6Kz0rcLppuX3gjDcn6s3mOq7/RwYFdoFgjO24CLAVe6UUhRRIhgRCUe/fYzXR1KfuNPGe5SVtgfASKOdI06V9yeYo5gWqVaYa53rm6TALNgxzUCqynKxylO8o9qShlJJ4jexzy611rBAyOt4200BQV+cbmEUC+3RSLZpMDwYXo++mg0BMWvtk0uKGD6fhHV9zOajUeWLoSpKDj9z6EQv9mxrRMjJVRd9xXYzn8NQymIJi4jFN+C5RIV540rCs9nOx/eyVG0rpv4eBsZ5Q6jAWNp2vLHIMqw1+4K/AMSaF2o+b/c6p/DHLFcuOlRsTMdAO8FqHJ5d9g7fRe48ePpFagMXa7JwEAeVOOdbEGZpWl9D3DLKskCQos/rfGEKsFjOCA2MJ229RwZ0FVA3zbOSYXFxnqB7AiSGlasSY2CZ27U9X4KnSzgYXC9KAUR5I5S1cbr87as7zmh5lhWA9wsQuMnRRvn3iunPMEv6mYQZ7Rh0Z1Q4MrsEQ+F4Y6+4LjqGXOY3TdwpInu0vawZEI1S+bnLtzLQuCXLPc5t07zuqU7I/zJ0uRwMnPC7lRLOX55NHZHtEiafbRVw7vNltsH2QyWOafEPPLhp/ZvhH33C2kgZ56b6yJbhBVRDBYdb1ViLYv5JLhcn59G+y7wiCHThd0wllMs6g9rCCcAgSqdQzFhLoLxje2roDKHd0xeaTivgHxjaVEKLmfXCVqwzjoeAKALcv8baBxBBQn9//EKRnfw7D478DfWUIIp6ox7Pmc2kYvl3GQZ/Zj5NvN45hK4wGtV7k7JGYxig4YmePt8dGkMkcM14elOlW8fy5N+jmPA/NOOUHOU53p6Dg0dsiNaqtITSYYWfIHDGhVfS3zP6+p/MXPL2/cYBXXB4sceocvdzbEPwjbh3pcKanX9hwk7EFOZ0GH6843EPmg+7+N6kv9DAta1o+ZeEcLID/ItOw4K84xInRYYaXReZGJtVuiee/YV5YtALu51j7trrI/dyfLhveuVGgTb1VKw6dvULcg24Dtt1OZCW7U/xT8gJ5HtPS6jFyB+a7iK27qukRuuNt6j8NNzmpZtId9Iu+yb7HNEL0tvYhh3fzFcZFB8ncDuYk16b4EqhVfqjPUrkcUGrBSocmY4xC6p4qig4ZOrA1BsYJXrO3ytlBrnCA0DNx/UVoe5lrAp5z4kDuAKLW01BSJk48cpuBcKDAIBaLNbirHLw8WsX61lnhTh5o4hmzASJ9KiBIe9u5+zbyZFfXrm3xkCMY/vez9vrS+BVwFD3GNndbPEchyUbAGjkaP0m9kjqAPfijFHtGtGl3z9I5/VIsfLF1FDBUV9joWoZ4qNRNQjHP/vMZK194KlUPTTEwkKf4W655XsFTMfpu+Au14Em1jnKKw4jJ7Omz9DuOi8Aut/mX6iVWUgQChcI8cjY9UAzcxJbgUCCPOxdGS2l4ExhxPMdzL43IurkILWV8cQYwMMXImRlV2RYtwOhQayeeaRVInLmGi8Ro5YXwFLfjBM1gEV7KmCq9T+SN9gJfPELabB6iSypAImfiO3dWBKn5ftL6qVolaM+PocBQpQ3B50rBkMdVseKTi39Gz4Rhl04w+GSSsggB60JcTG1VftePML3m//bpn/QvtZP2w3rrKuuWKSHzFTXazMZAgJBE+LZ55r7Az43N2E4LMW8tyI36wVWCrxXffNYK4TCh4uzBXxFHjsE3DNa/DZacRMIauTwRJOqp5lkdBG3ukgIt9GsJQZ7UHlr44nD0hGg4Oon3deCVBDexUoiD1ooZ4LRKEvXTeznB7UMA9G2OIAMThdCVyQBzYRPo2yO4fFH6nIZ0atbq1FGX2X5Ub9hcshXxcb6+N1btFIcKwELMmMWrLLbXaDXmh3ycIlS8HqrYe37DzkTEXQ30ChOgjJrRFubvbXvB2aQE9BY5ap2rPf0FOzGAsKFYq0BF8d4UCySPZLrSXGURDT+ZUMUiY/DBmWl28oPihP8J6tsqSaI78hRF6FOAJnIsw7r9EcK7hGHbbL8qBCHmSRyoFyOhhwVKqNq8yi14dwlhAjKTRMCejKL6GqLwIgM4Ow/woMNmZep+OZfefUEx6F+sTW1JETmixL1OW1u+UXdnax+rqdg+PKGjFoFpg4UD,iv:YWvImaFa5GXiraaF7UVt3fAsuYIK+RpHkSQ2mPAsHz4=,tag:JvHARPOlmrKgG5Z85QokDg==,type:str]
|
||||
krdp.crt: ENC[AES256_GCM,data:/cIW8pLa1Xp3feHoGQ8ujAqcx8IQnV/+9pSxmuuYNgs0Pn9BjHhNvkXPh1z8h0LiTHQ/jks23C0TS8tyNNXYZI/w1ihGhkqlFWGkr1yC1yM0SXnDfAp/gBAAdKzIJN2rGWpK/FD+s8GH1ys1g0+V2sPrzOis0h7jwL0EWG1un6hGn9q9YLoYbJbxLlv2W2+AGM4QqUv6/p07QhUyUSwaXWDrPZ2Sr1PZfRX30Zj4McM3TS9keyobOWS99kphBjX/c4TD+zMfMeSZRptcUiLQH03R9OPRSmr+xe72xNjMBKdkElc1wANc1H3g/upgTFZDwEpadd+YCvUFPVr1vxaIFfIz2jsWar4g802nY/jJfH+iWziNzkBI3jWpfSsIupWRHMB690mqp7UvUpSTwx4gcUB7L52MAUXEYMfYxws+kVHr3P2YsjkJ3PDESE/42/UuxA5Ccy0LxynCQWqa9/dnc84jQeYfKL5nuFozHqeRbfvPkvkc1U2I+18oEnCmTV3AR1XrV9iH0DLrVJ81eKd1UuZz468x+7B6NtWCOU4D4mABQWTAW6XbxA69qIZNv7/g4tBxc85iuZ6dxNV2TY6QA3+foYaD1Y5LD5Cslgs6r6RTIHrQ2Pmj4fQvA2pSk46rXUFCsyTq2heEiXFvlqY8YTLM3MsEV+KUQg4Cd1koUM5JlOAF+fHaNkOAQjc01QdZM79yJSrJByb6tvsLfjioYYl/EsJkUmc4cBeWkS1C0ap/mcaUSZy7QCC4FGUI62cFa1ClbqK9IIVXy3BL1oeD6OYxul7TX+2GB/tSgxGXZkQFdIRoQGo0Rkl7Jjlp+b8vfx+E9byA4gfoIi9T00EDlffNT446l2/3EbTNiW7HGYPD0hFyBDz7T5sOLS4Pv/hEDt5Yn9Fgyh+k434PuVcLxCtqJ+XMVU5U2hKukkk9MvezlbeH+w6dVRp3IkSWVE5SaIHZZmdOQGKINXOd7ez274qgMcFfWXpfw8MsbZU6VfK8orpmhCj5agSfiuZSLQRhonsaBbh/xzfXcThy51E4eqIZTMl2DrzKnN1+R061C0n2yhNG4ftZqsyqfEtMSkq5sUGhjl8H+aWFl+go2wsZhRcpFQa6dcZFmJvHblWnWPvfAesYoaVr7ZtGKLgA2Pt1Q9RE/5PdSfKZbziFIEGNpx4v5yt4hRwC0n+lCL6fm0vJ124gdufizxWoY7BKsi56cwYaeRrYARJ8OUl901DQNIbHNvfjrnUUqIQsn4CYT3bp78AxSRZLTWbS9yrm4K6pVUiJBI8KdvHhLaEYfGhP0+apaw/OT1x2McmH/gIBuxjanDs7OWWJ/D8OUdM9Dv6WNV6kitS8NMLmQaOhEMxt/plOGrGzzk5VgiDxmc/J8O5AFDc0XQLYy0rTR9h7Gj6oDnlIZahtL0qxSvO7QdG0fxho+zqT+N7JW92iZs6OhdkUIeUelBDtMXsstbhmx1/DBQrKhUJjhOVjoJE724Xhuu0mIOTznvaiwK7wbSLz5kOykvUIXoeaV74CQAn16Kv/JhHz4v6+7ZWXSp5BGe7RXXPpGtyb+W23dMOPxaRkQnHTh2nTET1Sr1FnyL0Ei5Je9uZ6NjubxlTRRgYPhRsOkr5/TmCnN0RtMaZxpvhB3s+d8HfvXE13zn0AVYTO,iv:AjoxETlmSVqKF2lEc73mKrtSV5HbKOQPLIUWUAdiwuo=,tag:m95ON0puJ+bXGF+vrWYd8g==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WUQyb0dmRElyemJ2RDlE
|
||||
ZzR1WE1VR2hNNUs3YlFObWdESmNYTDI1b0NzCk5SNXBCaUlRcFh4QXk1WmVseHdF
|
||||
YUV4M0tUWlVLSUxKdGMzVXRkdERGWWcKLS0tIGxBYlJXUjIvSXZxRG9mMk14YTlu
|
||||
RVp3VWxEQUtZdktoemVmN2FMYWZIUmMKV7/6sHEvevafH/yf3sEqpsgFwJefCoE+
|
||||
dl9mzJ/RDjcIQMllJskdcqYRSMPwBLG2+doxIpJ1rZkGqa2t0unarw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUFo1SEhKbm5PUjFNVjBl
|
||||
RlNpakxRTkVSY1RSSzhBeTBUSjE5RzhVQmpBCmx0aGcyY0lORmFCWFlIWGlPZ2ZT
|
||||
RmQycEZTWWFVZXRVZk9JcU1JZ1ViTlEKLS0tIGxOR09MSmVKVm44Q0NtbFFqUklN
|
||||
aE52LzRtc25GUG9ibGsxcXJWaTZlQWMKafTEZA7jS2D/lIR05ham1axBmKh+v+6F
|
||||
EZnTVwFpyFzw/Kpbc6PHQ6D+/7gq75tZOrbllH7bUNeWphUyC+N8Vw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-11-17T10:00:38Z"
|
||||
mac: ENC[AES256_GCM,data:4HH7jjZBZY621EA4beI/hIuuXvqztJT1x3dTGSNshZzntIKealr74blBdwy+Fb/mPeJH/WuA4XVXcjupZhKN76nM5/BbW1w4fOmP3Hjpo0LHsc6I7J/BgoMv3SItXQdRGgQGE9XivbS5zieb/+NFl0eTvT6jIlUQUznTOOmGDyU=,iv:RTKUVAAieUPKXCeT0/5PxMPNOPxPAkP9ZqPHzamVRa0=,tag:wwMpIIlus/R1RQdOa7MLmg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.1
|
42
config/kde/theming.nix
Normal file
42
config/kde/theming.nix
Normal file
|
@ -0,0 +1,42 @@
|
|||
{ ... }:
|
||||
{
|
||||
programs.plasma = {
|
||||
workspace = {
|
||||
lookAndFeel = "org.kde.breezedark.desktop";
|
||||
};
|
||||
hotkeys.commands."launch-konsole" = {
|
||||
name = "Launch Konsole";
|
||||
key = "Meta+Alt+K";
|
||||
command = "konsole";
|
||||
};
|
||||
panels = [
|
||||
# Windows-like panel at the bottom
|
||||
{
|
||||
location = "bottom";
|
||||
screen = "all";
|
||||
widgets = [
|
||||
"org.kde.plasma.kickoff"
|
||||
"org.kde.plasma.icontasks"
|
||||
"org.kde.plasma.marginsseparator"
|
||||
"org.kde.plasma.systemtray"
|
||||
"org.kde.plasma.pager"
|
||||
"org.kde.plasma.digitalclock"
|
||||
];
|
||||
}
|
||||
# Global menu at the top
|
||||
{
|
||||
location = "top";
|
||||
height = 26;
|
||||
widgets = [ "org.kde.plasma.appmenu" ];
|
||||
screen = "all";
|
||||
}
|
||||
];
|
||||
configFile.kwinrc."NightColor" = {
|
||||
Active = true;
|
||||
LatitudeFixed = 51;
|
||||
LongitudeFixed = 13;
|
||||
Mode = "Location";
|
||||
NightTemperature = 4200;
|
||||
};
|
||||
};
|
||||
}
|
211
config/nas.nix
211
config/nas.nix
|
@ -1,211 +0,0 @@
|
|||
{
|
||||
config,
|
||||
modulesPath,
|
||||
lib,
|
||||
nixos-hardware,
|
||||
nixpkgs,
|
||||
pkgs,
|
||||
...
|
||||
} @ args: {
|
||||
networking.hostName = "nas";
|
||||
networking.hostId = "70af00ed";
|
||||
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./systemd-boot.nix
|
||||
./services/tpm2.nix
|
||||
./server.nix
|
||||
./services/hydra.nix
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
./services/syncthing.nix
|
||||
../modules/tc-cake.nix
|
||||
./services/cups.nix
|
||||
./services/iscsi.nix
|
||||
./services/docker.nix
|
||||
./users/remote-build.nix
|
||||
./services/nfs.nix
|
||||
./services/tempo.nix
|
||||
./services/loki.nix
|
||||
./services/prometheus.nix
|
||||
./services/yiff-stash.nix
|
||||
./services/reverse-proxy.nix
|
||||
./services/jellyfin.nix
|
||||
./services/mautrix-discord.nix
|
||||
./services/mautrix-telegram.nix
|
||||
./services/mautrix-whatsapp.nix
|
||||
./services/mautrix-signal.nix
|
||||
./services/synapse.nix
|
||||
./services/heisenbridge.nix
|
||||
#./services/kubernetes.nix
|
||||
./services/forgejo-runner.nix
|
||||
./services/renovate.nix
|
||||
./services/mautrix-slack.nix
|
||||
];
|
||||
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "bcache"];
|
||||
boot.initrd.kernelModules = ["igb"];
|
||||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [
|
||||
config.boot.kernelPackages.zenpower
|
||||
];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/bcache0";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=root" "compress=zstd"];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "/dev/bcache0";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=home" "compress=zstd"];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/bcache0";
|
||||
fsType = "btrfs";
|
||||
options = ["subvol=nix" "compress=zstd" "noatime"];
|
||||
};
|
||||
|
||||
services.snapper.configs.main = {
|
||||
SUBVOLUME = "/";
|
||||
TIMELINE_LIMIT_HOURLY = 5;
|
||||
TIMELINE_LIMIT_DAILY = 7;
|
||||
TIMELINE_LIMIT_WEEKLY = 4;
|
||||
TIMELINE_LIMIT_MONTHLY = 12;
|
||||
TIMELINE_LIMIT_YEARLY = 0;
|
||||
};
|
||||
services.beesd.filesystems.root = {
|
||||
spec = "/";
|
||||
hashTableSizeMB = 2048;
|
||||
verbosity = "crit";
|
||||
extraOptions = ["--loadavg-target" "5.0"];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/nvme0n1p1";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
environment.etc."sysconfig/lm_sensors".text = ''
|
||||
# Generated by sensors-detect on Sun Apr 24 08:31:51 2022
|
||||
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
|
||||
# be loaded/unloaded.
|
||||
#
|
||||
# The format of this file is a shell script that simply defines variables:
|
||||
# HWMON_MODULES for hardware monitoring driver modules, and optionally
|
||||
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
|
||||
|
||||
HWMON_MODULES="it87"
|
||||
'';
|
||||
nix.settings.cores = 12;
|
||||
nix.settings.system-features = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-znver1"
|
||||
"gccarch-skylake"
|
||||
"ca-derivations"
|
||||
];
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"armv7l-linux"
|
||||
"powerpc-linux"
|
||||
"powerpc64-linux"
|
||||
"powerpc64le-linux"
|
||||
"wasm32-wasi"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
nix.settings.substituters = lib.mkForce [
|
||||
"https://attic.chir.rs/chir-rs/"
|
||||
"https://cache.nixos.org/"
|
||||
];
|
||||
nix.daemonCPUSchedPolicy = "idle";
|
||||
nix.daemonIOSchedClass = "idle";
|
||||
|
||||
system.stateVersion = "22.05";
|
||||
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
|
||||
desktop = false;
|
||||
inherit args;
|
||||
};
|
||||
|
||||
networking.tc_cake = {
|
||||
enp2s0f0u4 = {
|
||||
disableOffload = true;
|
||||
shapeEgress = {
|
||||
bandwidth = "4mbit";
|
||||
extraArgs = "docsis nat ack-filter";
|
||||
};
|
||||
shapeIngress = {
|
||||
bandwidth = "33mbit";
|
||||
ifb = "ifb4enp2s0f0u4";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "4GB";
|
||||
effective_cache_size = "12GB";
|
||||
maintenance_work_mem = "1GB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "5242kB";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 12;
|
||||
max_parallel_workers_per_gather = 4;
|
||||
max_parallel_workers = 12;
|
||||
max_parallel_maintenance_workers = 4;
|
||||
};
|
||||
services.tailscale.useRoutingFeatures = "both";
|
||||
hardware.sane.brscan4.enable = true;
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/dev/sda2";
|
||||
}
|
||||
{
|
||||
device = "/dev/sdb2";
|
||||
}
|
||||
{
|
||||
device = "/dev/sdc2";
|
||||
}
|
||||
];
|
||||
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
};
|
||||
|
||||
services.xserver.videoDrivers = ["nvidia"];
|
||||
|
||||
hardware.nvidia = {
|
||||
modesetting.enable = true;
|
||||
powerManagement.enable = false;
|
||||
powerManagement.finegrained = false;
|
||||
open = false;
|
||||
nvidiaSettings = true;
|
||||
package = config.boot.kernelPackages.nvidiaPackages.stable;
|
||||
};
|
||||
services.restic.backups.sysbackup = {
|
||||
paths = ["/media"];
|
||||
pruneOpts = [
|
||||
"--keep-daily 7"
|
||||
"--keep-weekly 4"
|
||||
"--keep-monthly 12"
|
||||
"--keep-yearly 10"
|
||||
];
|
||||
};
|
||||
virtualisation.docker = {
|
||||
enable = true;
|
||||
#enableNvidia = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [docker runc];
|
||||
}
|
9
config/networkmanager.nix
Normal file
9
config/networkmanager.nix
Normal file
|
@ -0,0 +1,9 @@
|
|||
{ ... }:
|
||||
{
|
||||
networking.networkmanager.enable = true;
|
||||
users.users.darkkirb.extraGroups = [ "networkmanager" ];
|
||||
environment.persistence."/persistent".directories = [
|
||||
"/var/lib/NetworkManager"
|
||||
"/etc/NetworkManager"
|
||||
];
|
||||
}
|
208
config/nix.nix
208
config/nix.nix
|
@ -1,208 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
system,
|
||||
attic,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./workarounds
|
||||
];
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
nix = {
|
||||
settings = {
|
||||
sandbox = true;
|
||||
trusted-users = ["@wheel" "remote-build"];
|
||||
require-sigs = true;
|
||||
substituters = [
|
||||
"https://attic.chir.rs/chir-rs/"
|
||||
"https://hydra.int.chir.rs"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
|
||||
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
|
||||
"chir-rs:rzK1Czm3RqBbZLnXYrLM6JyOhfr6Z/8lhACIPO/LNFQ="
|
||||
];
|
||||
auto-optimise-store = true;
|
||||
};
|
||||
extraOptions = ''
|
||||
experimental-features = nix-command flakes ca-derivations
|
||||
'';
|
||||
gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
buildMachines = with lib;
|
||||
mkMerge [
|
||||
(mkIf (config.networking.hostName != "instance-20221213-1915") [
|
||||
{
|
||||
hostName = "build-aarch64";
|
||||
systems = [
|
||||
"aarch64-linux"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
maxJobs = 4;
|
||||
speedFactor = 1;
|
||||
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
|
||||
}
|
||||
])
|
||||
(mkIf (config.networking.hostName != "nas") [
|
||||
{
|
||||
hostName = "build-nas";
|
||||
systems = [
|
||||
"i686-linux"
|
||||
"x86_64-linux"
|
||||
"armv7l-linux"
|
||||
"powerpc-linux"
|
||||
"powerpc64-linux"
|
||||
"powerpc64le-linux"
|
||||
"wasm32-wasi"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
maxJobs = 12;
|
||||
speedFactor = 1;
|
||||
supportedFeatures = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-znver1"
|
||||
"gccarch-skylake"
|
||||
"ca-derivations"
|
||||
];
|
||||
}
|
||||
])
|
||||
(mkIf (config.networking.hostName != "rainbow-resort") [
|
||||
{
|
||||
hostName = "build-rainbow-resort";
|
||||
systems = [
|
||||
"i686-linux"
|
||||
"x86_64-linux"
|
||||
"armv7l-linux"
|
||||
"powerpc-linux"
|
||||
"powerpc64-linux"
|
||||
"powerpc64le-linux"
|
||||
"wasm32-wasi"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
maxJobs = 16;
|
||||
speedFactor = 1;
|
||||
supportedFeatures = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-skylake-avx512"
|
||||
"gccarch-znver3"
|
||||
"gccarch-znver2"
|
||||
"gccarch-znver1"
|
||||
"gccarch-skylake"
|
||||
"ca-derivations"
|
||||
];
|
||||
}
|
||||
])
|
||||
(mkIf (config.networking.hostName != "vf2") [
|
||||
{
|
||||
hostName = "build-riscv";
|
||||
systems = [
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
maxJobs = 4;
|
||||
speedFactor = 2;
|
||||
supportedFeatures = [
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"ca-derivations"
|
||||
# There are many more combinations but i simply do not care lol
|
||||
"gccarch-rv64gc_zba_zbb"
|
||||
"gccarch-rv64gc_zba"
|
||||
"gccarch-rv64gc_zbb"
|
||||
"gccarch-rv64gc"
|
||||
"gccarch-rv32gc_zba_zbb"
|
||||
"gccarch-rv32gc_zba"
|
||||
"gccarch-rv32gc_zbb"
|
||||
"gccarch-rv32gc"
|
||||
"native-riscv"
|
||||
];
|
||||
}
|
||||
])
|
||||
];
|
||||
distributedBuilds = true;
|
||||
};
|
||||
systemd.services.nix-daemon.environment.TMPDIR = "/build";
|
||||
systemd.services.nixos-upgrade = {
|
||||
description = "NixOS Upgrade";
|
||||
|
||||
restartIfChanged = false;
|
||||
unitConfig.X-StopOnRemoval = false;
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
path = with pkgs; [
|
||||
coreutils
|
||||
gnutar
|
||||
xz.bin
|
||||
gzip
|
||||
gitMinimal
|
||||
config.nix.package.out
|
||||
config.programs.ssh.package
|
||||
jq
|
||||
curl
|
||||
];
|
||||
|
||||
script = lib.mkDefault ''
|
||||
#!${pkgs.bash}/bin/bash
|
||||
set -ex
|
||||
builds=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/jobset/flakes/${
|
||||
if config.networking.hostName != "vf2"
|
||||
then "nixos-config"
|
||||
else "nixos-config-riscv"
|
||||
}/evals | ${pkgs.jq}/bin/jq -r '.evals[0].builds[]')
|
||||
for build in $builds; do
|
||||
doc=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/build/$build)
|
||||
jobname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.job')
|
||||
if [ "$jobname" = "${config.networking.hostName}.${system}" ]; then
|
||||
drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath')
|
||||
output=$(${pkgs.nix}/bin/nix-store -r $drvname)
|
||||
|
||||
${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $output
|
||||
|
||||
${
|
||||
if config.networking.hostName != "nixos-8gb-fsn1-1"
|
||||
then ''
|
||||
$output/bin/switch-to-configuration boot
|
||||
booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
|
||||
built="$(${pkgs.coreutils}/bin/readlink $output/{initrd,kernel,kernel-modules})"
|
||||
if [ "$booted" = "$built" ]; then
|
||||
$output/bin/switch-to-configuration switch
|
||||
else
|
||||
${pkgs.systemd}/bin/shutdown -r +1
|
||||
fi
|
||||
exit
|
||||
''
|
||||
else "$output/bin/switch-to-configuration switch"
|
||||
}
|
||||
fi
|
||||
done
|
||||
'';
|
||||
after = ["network-online.target"];
|
||||
wants = ["network-online.target"];
|
||||
};
|
||||
systemd.timers.nixos-upgrade = {
|
||||
enable = true;
|
||||
description = "Automatically update nixos";
|
||||
requires = ["nixos-upgrade.service"];
|
||||
wantedBy = ["multi-user.target"];
|
||||
timerConfig = {
|
||||
OnUnitActiveSec = "30min";
|
||||
RandomizedDelaySec = "1h";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,215 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
modulesPath,
|
||||
pkgs,
|
||||
config,
|
||||
system,
|
||||
...
|
||||
} @ args: {
|
||||
networking.hostName = "nixos-8gb-fsn1-1";
|
||||
networking.hostId = "73561e1f";
|
||||
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
./grub.nix
|
||||
./server.nix
|
||||
./services/named.nix
|
||||
./services/grafana.nix
|
||||
./users/miifox.nix
|
||||
./services/postgres.nix
|
||||
./services/dovecot.nix
|
||||
./services/postfix.nix
|
||||
./services/reverse-proxy.nix
|
||||
./services/matrix-media-repo.nix
|
||||
./bittorrent-blocker.nix
|
||||
./services/akkoma
|
||||
./services/peertube
|
||||
./services/rspamd.nix
|
||||
./wireguard/public-server.nix
|
||||
./services/shitalloverme.nix
|
||||
./services/initrd-ssh.nix
|
||||
./wireguard
|
||||
./zfs.nix
|
||||
#./services/kubernetes.nix
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];
|
||||
boot.initrd.kernelModules = [];
|
||||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
boot.supportedFilesystems = ["zfs"];
|
||||
boot.loader.grub.devices = ["/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_16151622"];
|
||||
boot.loader.timeout = 5;
|
||||
boot.initrd.luks.devices = {
|
||||
disk0 = {
|
||||
device = "/dev/disk/by-partuuid/29ccd4c9-5ef5-a146-8e42-9244f712baca";
|
||||
};
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "tank/nixos";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "tank/nixos/nix";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/etc" = {
|
||||
device = "tank/nixos/etc";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var" = {
|
||||
device = "tank/nixos/var";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib" = {
|
||||
device = "tank/nixos/var/lib";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/minio" = {
|
||||
device = "tank/nixos/var/lib/minio";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/minio/disk0" = {
|
||||
device = "tank/nixos/var/lib/minio/disk0";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/minio/disk1" = {
|
||||
device = "tank/nixos/var/lib/minio/disk1";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/minio/disk2" = {
|
||||
device = "tank/nixos/var/lib/minio/disk2";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/lib/minio/disk3" = {
|
||||
device = "tank/nixos/var/lib/minio/disk3";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/log" = {
|
||||
device = "tank/nixos/var/log";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/var/spool" = {
|
||||
device = "tank/nixos/var/spool";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/home" = {
|
||||
device = "tank/userdata/home";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/root" = {
|
||||
device = "tank/userdata/home/root";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/home/darkkirb" = {
|
||||
device = "tank/userdata/home/darkkirb";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/home/miifox" = {
|
||||
device = "tank/userdata/home/miifox";
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil"];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/8E14-4366";
|
||||
fsType = "vfat";
|
||||
options = ["X-mount.mkdir"];
|
||||
};
|
||||
|
||||
swapDevices = [];
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
networks."ens3".extraConfig = ''
|
||||
[Match]
|
||||
Name = ens3
|
||||
[Network]
|
||||
Address = 2a01:4f8:1c17:d953:b4e1:08ff:e658:6f49/64
|
||||
Gateway = fe80::1
|
||||
'';
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/64"];
|
||||
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
|
||||
desktop = false;
|
||||
inherit args;
|
||||
};
|
||||
nix.settings.cores = 2;
|
||||
nix.settings.max-jobs = 2;
|
||||
nix.daemonCPUSchedPolicy = "idle";
|
||||
nix.daemonIOSchedClass = "idle";
|
||||
|
||||
nix.settings.system-features = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-skylake"
|
||||
"ca-derivations"
|
||||
];
|
||||
nix.settings.auto-optimise-store = true;
|
||||
|
||||
services.postgresql.settings = {
|
||||
max_connections = 200;
|
||||
shared_buffers = "1GB";
|
||||
effective_cache_size = "3GB";
|
||||
maintenance_work_mem = "256MB";
|
||||
checkpoint_completion_target = 0.9;
|
||||
wal_buffers = "16MB";
|
||||
default_statistics_target = 100;
|
||||
random_page_cost = 1.1;
|
||||
effective_io_concurrency = 200;
|
||||
work_mem = "52422kB";
|
||||
min_wal_size = "1GB";
|
||||
max_wal_size = "4GB";
|
||||
max_worker_processes = 2;
|
||||
max_parallel_workers_per_gather = 1;
|
||||
max_parallel_workers = 2;
|
||||
max_parallel_maintenance_workers = 1;
|
||||
};
|
||||
|
||||
services.resolved.enable = false;
|
||||
services.bind.forwarders = lib.mkForce [];
|
||||
services.tailscale.useRoutingFeatures = "server";
|
||||
services.caddy.virtualHosts."darkkirb.de" = {
|
||||
useACMEHost = "darkkirb.de";
|
||||
logFormat = pkgs.lib.mkForce "";
|
||||
extraConfig = ''
|
||||
redir https://lotte.chir.rs
|
||||
'';
|
||||
};
|
||||
}
|
40
config/overlays/default.nix
Normal file
40
config/overlays/default.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
{
|
||||
inTester,
|
||||
system,
|
||||
self,
|
||||
rust-overlay,
|
||||
nix-vscode-extensions,
|
||||
...
|
||||
}:
|
||||
{
|
||||
imports =
|
||||
if !inTester then
|
||||
(
|
||||
[
|
||||
./inputs-overlay.nix
|
||||
]
|
||||
++ (
|
||||
if system == "riscv64-linux" then
|
||||
[
|
||||
./riscv.nix
|
||||
./riscv-cross-packages.nix
|
||||
]
|
||||
else
|
||||
[ ]
|
||||
)
|
||||
)
|
||||
else
|
||||
[ ];
|
||||
}
|
||||
// (
|
||||
if !inTester then
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.default
|
||||
(import rust-overlay)
|
||||
nix-vscode-extensions.overlays.default
|
||||
];
|
||||
}
|
||||
else
|
||||
{ }
|
||||
)
|
22
config/overlays/inputs-overlay.nix
Normal file
22
config/overlays/inputs-overlay.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{ pureInputs, lib, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(_: _: {
|
||||
inputs = pureInputs;
|
||||
})
|
||||
];
|
||||
environment.etc."nix/inputs/nixpkgs-overlays/inputs.nix".text =
|
||||
let
|
||||
inputsToLoadString = lib.mapAttrsToList (
|
||||
name: value:
|
||||
''${name} = ${if value._type or "" == "flake" then "loadFlake \"${value}\"" else "${value}"};''
|
||||
) pureInputs;
|
||||
in
|
||||
''
|
||||
_: _: let loadFlake = builtins.getFlake or (import ${pureInputs.flake-compat}); in {
|
||||
inputs = {
|
||||
${lib.concatStringsSep "\n" inputsToLoadString}
|
||||
};
|
||||
}
|
||||
'';
|
||||
}
|
40
config/overlays/riscv-cross-packages.nix
Normal file
40
config/overlays/riscv-cross-packages.nix
Normal file
|
@ -0,0 +1,40 @@
|
|||
# Cross compiled packages for when shit breaks
|
||||
{
|
||||
nixpkgs,
|
||||
lix,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pkgs_x86_64 = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
crossSystem.system = "riscv64-linux";
|
||||
overlays = [ lix.overlays.default ];
|
||||
};
|
||||
pkgs_x86_64_2 = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
crossSystem.system = "riscv64-linux";
|
||||
};
|
||||
in
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(self: super: {
|
||||
inherit (pkgs_x86_64) lix pandoc;
|
||||
inherit (pkgs_x86_64_2) nixos-option;
|
||||
})
|
||||
];
|
||||
environment.etc."nix/inputs/nixpkgs-overlays/riscv-cross-packages.nix".text = ''
|
||||
self: _: let pkgs_x86_64 = import <nixpkgs> {
|
||||
system = "x86_64-linux";
|
||||
crossSystem.system = "riscv64-linux";
|
||||
overlays = [self.inputs.lix.overlays.default];
|
||||
}
|
||||
pkgs_x86_64_2 = import <nixpkgs> {
|
||||
system = "x86_64-linux";
|
||||
crossSystem.system = "riscv64-linux";
|
||||
overlays = [];
|
||||
}; in {
|
||||
inherit (pkgs_x86_64) lix pandoc;
|
||||
inherit (pkgs_x86_64_2) nixos-option;
|
||||
}
|
||||
'';
|
||||
}
|
7
config/overlays/riscv.nix
Normal file
7
config/overlays/riscv.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ riscv-overlay, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
riscv-overlay.overlays.default
|
||||
];
|
||||
environment.etc."nix/inputs/nixpkgs-overlays/riscv-overlay.nix".text = "import ${riscv-overlay}/overlay.nix";
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
{...}: {
|
||||
accounts.calendar.accounts.lotte = {
|
||||
};
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
_: {
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
i18n.inputMethod = {
|
||||
enabled = "fcitx5";
|
||||
fcitx5.addons = with pkgs; [fcitx5-chinese-addons fcitx5-table-extra fcitx5-table-other fcitx5-gtk fcitx5-mozc];
|
||||
};
|
||||
}
|
|
@ -1,36 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
firefox,
|
||||
...
|
||||
}: {
|
||||
programs.firefox = {
|
||||
enable = true;
|
||||
profiles = {
|
||||
unhardened = {
|
||||
id = 1;
|
||||
};
|
||||
default = {
|
||||
userChrome = ''
|
||||
/* Hide tab bar in FF Quantum */
|
||||
@-moz-document url("chrome://browser/content/browser.xul") {
|
||||
#TabsToolbar {
|
||||
visibility: collapse !important;
|
||||
margin-bottom: 21px !important;
|
||||
}
|
||||
|
||||
#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
|
||||
visibility: collapse !important;
|
||||
}
|
||||
}
|
||||
'';
|
||||
settings = {
|
||||
"font.default.x-western" = "sans-serif";
|
||||
"font.name-list.monospace.x-western" = "monospace, nasin-nanpa";
|
||||
"font.name-list.sans-serif.x-western" = "sans-serif, nasin-nanpa";
|
||||
"font.name-list.serif.x-western" = "sans-serif, nasin-nanpa";
|
||||
};
|
||||
id = 0;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,50 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
programs.gpg = {
|
||||
enable = true;
|
||||
publicKeys = [
|
||||
{
|
||||
source = ../../keys/lotte_chir.rs.pgp;
|
||||
trust = 5;
|
||||
}
|
||||
{
|
||||
source = ../../keys/miifox_miifox.net.pgp;
|
||||
trust = 3;
|
||||
}
|
||||
{
|
||||
source = ../../keys/mdelenk_hs-mittweida.de.pgp;
|
||||
trust = 5;
|
||||
}
|
||||
];
|
||||
scdaemonSettings = {
|
||||
disable-ccid = true;
|
||||
pcsc-driver = "${pkgs.pcsclite.out}/lib/libpcsclite.so.1";
|
||||
reader-port = "Yubico YubiKey";
|
||||
};
|
||||
settings = {
|
||||
# https://github.com/drduh/config/blob/master/gpg.conf
|
||||
personal-cipher-preferences = "AES256 AES192 AES";
|
||||
personal-digest-preferences = "SHA512 SHA384 SHA256";
|
||||
personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
|
||||
default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
|
||||
cert-digest-algo = "SHA512";
|
||||
s2k-digest-algo = "SHA512";
|
||||
s2k-cipher-algo = "AES256";
|
||||
charset = "utf-8";
|
||||
fixed-list-mode = true;
|
||||
no-comments = true;
|
||||
no-emit-version = true;
|
||||
no-greeting = true;
|
||||
keyid-format = "0xlong";
|
||||
list-options = "show-uid-validity";
|
||||
verify-options = "show-uid-validity";
|
||||
with-fingerprint = true;
|
||||
with-key-origin = true;
|
||||
require-cross-certification = true;
|
||||
no-symkey-cache = true;
|
||||
use-agent = true;
|
||||
throw-keyids = true;
|
||||
keyserver = ["hkps://keys.openpgp.org" "hkps://keyserver.ubuntu.com:443" "hkps://hkps.pool.sks-keyservers.net" "hkps://pgp.ocf.berkeley.edu"];
|
||||
auto-key-locate = ["local" "dane" "cert" "wkd"];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
{
|
||||
system,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
home.packages = with pkgs;
|
||||
[
|
||||
nheko
|
||||
twinkle
|
||||
tokodon
|
||||
telegram-desktop
|
||||
]
|
||||
++ (
|
||||
if system == "x86_64-linux"
|
||||
then [
|
||||
pkgs.discord
|
||||
]
|
||||
else []
|
||||
);
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
{...}: {
|
||||
services.kdeconnect.enable = true;
|
||||
services.kdeconnect.indicator = true;
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
home.packages = [pkgs.keepassxc];
|
||||
systemd.user.services.keepassxc = {
|
||||
Unit = {
|
||||
Description = "keepassxc";
|
||||
After = ["graphical-session-pre.target"];
|
||||
PartOf = ["graphical-session.target"];
|
||||
};
|
||||
Install.WantedBy = ["graphical-session.target"];
|
||||
Service = {
|
||||
ExecStart = "${pkgs.keepassxc}/bin/keepassxc";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{nixpkgs, ...}: let
|
||||
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
|
||||
in {
|
||||
services.keybase.enable = true;
|
||||
services.kbfs.enable = true;
|
||||
home.packages = [
|
||||
x86_64-linux-pkgs.keybase-gui
|
||||
];
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
home.packages = with pkgs; [kicad-unstable-small];
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
_: {
|
||||
programs.kitty = {
|
||||
enable = true;
|
||||
font.name = "FiraCode Nerd Font Mono";
|
||||
settings = {
|
||||
disable_ligatures = "cursor";
|
||||
shell_integration = "disabled";
|
||||
font_size = 8;
|
||||
};
|
||||
extraConfig = ''
|
||||
symbol_map U+F1900-U+F19FF Fairfax HD
|
||||
narrow_symbols U+F1900-U+F19FF 2
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,9 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
programs.thunderbird = {
|
||||
enable = true;
|
||||
profiles.main = {
|
||||
withExternalGnupg = true;
|
||||
isDefault = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
programs.mako = {
|
||||
enable = true;
|
||||
defaultTimeout = 30000;
|
||||
};
|
||||
systemd.user.services.mako = {
|
||||
Unit = {
|
||||
Description = "mako";
|
||||
After = ["graphical-session-pre.target"];
|
||||
PartOf = ["graphical-session.target"];
|
||||
};
|
||||
Install.WantedBy = ["graphical-session.target"];
|
||||
Service = {
|
||||
ExecStart = "mako";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,32 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
...
|
||||
}: let
|
||||
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
|
||||
in {
|
||||
home.packages = with pkgs; [
|
||||
#anki
|
||||
mdcat
|
||||
gimp
|
||||
krita
|
||||
ffmpeg-full
|
||||
audacious
|
||||
];
|
||||
xdg.configFile."gdb/gdbinit".text = "set auto-load safe-path /nix/store";
|
||||
services.xsettingsd = {
|
||||
enable = true;
|
||||
settings = {
|
||||
"Gtk/EnableAnimations" = 1;
|
||||
"Gtk/DecorationLayout" = "icon:minimize,maximize,close";
|
||||
"Gtk/PrimaryButtonWarpsSlider" = 0;
|
||||
"Gtk/ToolbarStyle" = 3;
|
||||
"Gtk/MenuImages" = 1;
|
||||
"Gtk/ButtonImages" = 1;
|
||||
"Gtk/CursorThemeSize" = 24;
|
||||
"Gtk/CursorThemeName" = "breeze_cursors";
|
||||
"Gtk/FontName" = "Noto Sans, 10";
|
||||
"Net/IconThemeName" = "breeze-dark";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,35 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
system,
|
||||
emily-modifiers,
|
||||
emily-symbols,
|
||||
...
|
||||
}: let
|
||||
plover-env =
|
||||
(pkgs.plover.pythonModule.withPackages (_:
|
||||
with pkgs; [
|
||||
plover
|
||||
plover-plugins-manager
|
||||
plover-plugin-emoji
|
||||
plover-plugin-tapey-tape
|
||||
plover-plugin-yaml-dictionary
|
||||
plover-plugin-rkb1-hid
|
||||
plover-plugin-python-dictionary
|
||||
plover-plugin-stenotype-extended
|
||||
plover-plugin-dotool-output
|
||||
plover-plugin-lapwing-aio
|
||||
]))
|
||||
.overrideDerivation (super: {
|
||||
nativeBuildInputs = super.nativeBuildInputs or [] ++ [pkgs.qt5.wrapQtAppsHook];
|
||||
postBuild =
|
||||
super.postBuild
|
||||
+ ''
|
||||
wrapQtApp $out/bin/plover
|
||||
'';
|
||||
});
|
||||
in {
|
||||
home.packages = [
|
||||
plover-env
|
||||
];
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
_: {
|
||||
imports = [
|
||||
./builders.nix
|
||||
];
|
||||
programs.ssh = {
|
||||
controlMaster = "auto";
|
||||
controlPersist = "10m";
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,6 +0,0 @@
|
|||
_: {
|
||||
services.syncthing = {
|
||||
enable = true;
|
||||
tray.enable = true;
|
||||
};
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
_: {
|
||||
programs.taskwarrior = {
|
||||
enable = true;
|
||||
colorTheme = "dark-violets-256";
|
||||
config = {
|
||||
weekstart = "monday"; # no americans, the week does not start with week-end
|
||||
};
|
||||
dataLocation = "~/Data/tasks/";
|
||||
};
|
||||
}
|
|
@ -1,606 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
colorpickle,
|
||||
withNSFW,
|
||||
lib,
|
||||
self,
|
||||
nixpkgs,
|
||||
...
|
||||
}: let
|
||||
theme = import ../../extra/theme.nix;
|
||||
inherit (config.lib.formats.rasi) mkLiteral;
|
||||
|
||||
prepBGs = [
|
||||
["${pkgs.lotte-art}/2021-01-27-ceeza-lottedonut.jxl" "-crop" "2048x1152+0+106"]
|
||||
["${pkgs.lotte-art}/2021-09-15-cloverhare-lotteplush.jxl" "-crop" "1774x997+0+173"]
|
||||
["${pkgs.lotte-art}/2022-11-15-wolfsifi-maff-me-leashed.jxl" "-crop" "1699x956+0+88"]
|
||||
];
|
||||
|
||||
prepBGsNSFW = [
|
||||
["${pkgs.lotte-art}/2021-11-27-theroguez-lottegassyvore1.jxl" "-crop" "1233x694+0+65"]
|
||||
["${pkgs.lotte-art}/2021-12-12-baltnwolf-christmas-diaper.jxl" "-crop" "2599x1462+0+294"]
|
||||
["${pkgs.lotte-art}/2021-12-12-baltnwolf-christmas-diaper-messy.jxl" "-crop" "2599x1462+0+294"]
|
||||
["${pkgs.lotte-art}/2022-04-20-cloverhare-mxbatty-maffsie-train-plush.jxl" "-crop" "3377x1900+0+211"]
|
||||
["${pkgs.lotte-art}/2022-04-20-cloverhare-mxbatty-me-train-maffsie-plush.jxl" "-crop" "3377x1900+0+211"]
|
||||
["${pkgs.lotte-art}/2022-12-27-rexyi-scatych.jxl" "-crop" "2000x1120+0+0"]
|
||||
["${pkgs.lotte-art}/2023-03-09-rexyi-voredisposal-ych.jxl" "-crop" "2000x1120+0+0"]
|
||||
["${pkgs.lotte-art}/2023-04-16-baltnwolf-lottediaperplushies.jxl" "-gravity" "center" "-background" "white" "-extent" "5333x3000"]
|
||||
["${pkgs.lotte-art}/2023-04-16-baltnwolf-lottediaperplushies-messy.jxl" "-gravity" "center" "-background" "white" "-extent" "5333x3000"]
|
||||
["${pkgs.lotte-art}/2023-08-09-coldquarantine-lotte-eating-trash.jxl" "-crop" "6000x3375+0+312"]
|
||||
["${pkgs.lotte-art}/2023-08-20-coldquarantine-lotte-eating-trash-clean.jxl" "-crop" "6000x3375+0+312"]
|
||||
["${pkgs.lotte-art}/2023-08-10-coldquarantine-lotte-eating-trash-diapers.jxl" "-crop" "6000x3375+0+312"]
|
||||
];
|
||||
|
||||
fixupImage = instructions:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "bg.jxl";
|
||||
src = pkgs.emptyDirectory;
|
||||
nativeBuildInputs = [pkgs.imagemagick];
|
||||
buildPhase = ''
|
||||
convert ${toString instructions} $out
|
||||
'';
|
||||
installPhase = "true";
|
||||
};
|
||||
|
||||
validBGs = ["${pkgs.lotte-art}/2020-07-24-urbankitsune-bna-ych.jxl" "${pkgs.lotte-art}/2022-05-02-anonfurryartist-giftart.jxl" "${pkgs.lotte-art}/2022-06-21-sammythetanuki-lotteplushpride.jxl"] ++ (map fixupImage prepBGs);
|
||||
validBGsNSFW = ["${pkgs.lotte-art}/2021-10-29-butterskunk-lotte-scat-buffet.jxl" "${pkgs.lotte-art}/2022-08-12-deathtoaster-funpit-scat.jxl" "${pkgs.lotte-art}/2022-08-15-deathtoaster-funpit-mud.jxl"] ++ (map fixupImage prepBGsNSFW) ++ validBGs;
|
||||
|
||||
mod = a: b: a - (a / b * b);
|
||||
choose = l: rand: let len = builtins.length l; in builtins.elemAt l (mod rand len);
|
||||
hexToIntList = {
|
||||
"0" = 0;
|
||||
"1" = 1;
|
||||
"2" = 2;
|
||||
"3" = 3;
|
||||
"4" = 4;
|
||||
"5" = 5;
|
||||
"6" = 6;
|
||||
"7" = 7;
|
||||
"8" = 8;
|
||||
"9" = 9;
|
||||
"a" = 10;
|
||||
"b" = 11;
|
||||
"c" = 12;
|
||||
"d" = 13;
|
||||
"e" = 14;
|
||||
"f" = 15;
|
||||
"A" = 10;
|
||||
"B" = 11;
|
||||
"C" = 12;
|
||||
"D" = 13;
|
||||
"E" = 14;
|
||||
"F" = 15;
|
||||
};
|
||||
hexToInt = s: lib.foldl (state: new: state * 16 + hexToIntList.${new}) 0 (lib.strings.stringToCharacters s);
|
||||
|
||||
seed = hexToInt (self.shortRev or nixpkgs.shortRev);
|
||||
bg =
|
||||
choose (
|
||||
if withNSFW
|
||||
then validBGsNSFW
|
||||
else validBGs
|
||||
)
|
||||
seed;
|
||||
|
||||
color = n:
|
||||
config.environment.graphical.colors.main."${builtins.toString n}";
|
||||
colorD = n:
|
||||
config.environment.graphical.colors.disabled."${builtins.toString n}";
|
||||
colorI = n:
|
||||
config.environment.graphical.colors.inactive."${builtins.toString n}";
|
||||
|
||||
color' = n: mkLiteral (color n);
|
||||
bgPng = pkgs.stdenv.mkDerivation {
|
||||
name = "bg.png";
|
||||
src = pkgs.emptyDirectory;
|
||||
nativeBuildInputs = [pkgs.imagemagick];
|
||||
buildPhase = ''
|
||||
convert ${bg} $out
|
||||
'';
|
||||
installPhase = "true";
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
colorpickle.nixosModules.default
|
||||
];
|
||||
environment.graphical.colorschemes.main = {
|
||||
image = bgPng;
|
||||
params = ["--lighten" "0.3"];
|
||||
};
|
||||
environment.graphical.colorschemes.disabled = {
|
||||
image = bgPng;
|
||||
params = ["--lighten" "0.1" "--saturate" "-0.5"];
|
||||
};
|
||||
environment.graphical.colorschemes.inactive = {
|
||||
image = bgPng;
|
||||
params = [];
|
||||
};
|
||||
wayland.windowManager.sway.config.output."*".bg = "${bgPng} fill";
|
||||
/*
|
||||
dconf.settings."org/gnome/desktop/interface" = {
|
||||
icon-theme = "breeze-dark";
|
||||
cursor-theme = "Vanilla-DMZ";
|
||||
};
|
||||
*/
|
||||
gtk = {
|
||||
#enable = true;
|
||||
gtk2.extraConfig = ''
|
||||
gtk-cursor-theme-name = "Vanilla-DMZ"
|
||||
gtk-cursor-theme-size = 0
|
||||
'';
|
||||
gtk3.extraConfig = {
|
||||
gtk-cursor-theme-name = "Vanilla-DMZ";
|
||||
gtk-cursor-theme-size = 0;
|
||||
};
|
||||
font = {
|
||||
package = pkgs.noto-fonts;
|
||||
name = "Noto Sans";
|
||||
size = 10;
|
||||
};
|
||||
iconTheme = {
|
||||
package = pkgs.libsForQt5.breeze-icons;
|
||||
name = "breeze-dark";
|
||||
};
|
||||
theme = {
|
||||
name = "Catppuccin-Mocha-Compact-Pink-Dark";
|
||||
package = pkgs.catppuccin-gtk.override {
|
||||
accents = ["pink"];
|
||||
size = "compact";
|
||||
tweaks = ["rimless" "black"];
|
||||
variant = "mocha";
|
||||
};
|
||||
};
|
||||
};
|
||||
qt = {
|
||||
#enable = true;
|
||||
style = {
|
||||
name = "lightly";
|
||||
package = pkgs.plasma5Packages.lightly;
|
||||
};
|
||||
platformTheme = "qtct";
|
||||
};
|
||||
xdg.configFile."qt5ct/colors/Catppuccin-Custom.conf".text = ''
|
||||
[ColorScheme]
|
||||
active_colors=${color 15}, ${color 0}, #ffa6adc8, #ff9399b2, ${color 1}, #ff6c7086, ${color 15}, ${color 15}, ${color 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${color 8}, ${color 15}, ${color 13}, ${color 5}, ${color 0}, ${color 15}, ${colorI 0}, ${color 5}, #807f849c
|
||||
disabled_colors=${colorD 15}, ${colorD 0}, #ffa6adc8, #ff9399b2, ${colorD 1}, #ff6c7086, ${colorD 15}, ${colorD 15}, ${colorD 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorD 8}, ${colorD 15}, ${colorD 13}, ${colorD 5}, ${colorD 0}, ${colorD 15}, ${colorI 0}, ${colorD 5}, #807f849c
|
||||
inactive_colors=${colorI 15}, ${colorI 0}, #ffa6adc8, #ff9399b2, ${colorI 1}, #ff6c7086, ${colorI 15}, ${colorI 15}, ${colorI 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorI 8}, ${colorI 15}, ${colorI 13}, ${colorI 5}, ${colorI 0}, ${colorI 15}, ${colorI 0}, ${colorI 5}, #807f849c
|
||||
'';
|
||||
xdg.configFile."qt6ct/colors/Catppuccin-Custom.conf".text = ''
|
||||
[ColorScheme]
|
||||
active_colors=${color 15}, ${color 0}, #ffa6adc8, #ff9399b2, ${color 1}, #ff6c7086, ${color 15}, ${color 15}, ${color 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${color 8}, ${color 15}, ${color 13}, ${color 5}, ${color 0}, ${color 15}, ${colorI 0}, ${color 5}, #807f849c
|
||||
disabled_colors=${colorD 15}, ${colorD 0}, #ffa6adc8, #ff9399b2, ${colorD 1}, #ff6c7086, ${colorD 15}, ${colorD 15}, ${colorD 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorD 8}, ${colorD 15}, ${colorD 13}, ${colorD 5}, ${colorD 0}, ${colorD 15}, ${colorI 0}, ${colorD 5}, #807f849c
|
||||
inactive_colors=${colorI 15}, ${colorI 0}, #ffa6adc8, #ff9399b2, ${colorI 1}, #ff6c7086, ${colorI 15}, ${colorI 15}, ${colorI 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorI 8}, ${colorI 15}, ${colorI 13}, ${colorI 5}, ${colorI 0}, ${colorI 15}, ${colorI 0}, ${colorI 5}, #807f849c
|
||||
'';
|
||||
nixpkgs.overlays = [
|
||||
(super: self: {
|
||||
python3 = super.python.override {
|
||||
packageOverrides = self: super: {
|
||||
python3Packages = self.python3.pkgs;
|
||||
catppuccin = super.catppuccin.overrideAttrs (super: {
|
||||
patches =
|
||||
super.patches
|
||||
or []
|
||||
++ [
|
||||
(pkgs.writeText "color.patch" ''
|
||||
diff --git a/catppuccin/colour.py b/catppuccin/colour.py
|
||||
index 193eea7..7620cf0 100644
|
||||
--- a/catppuccin/colour.py
|
||||
+++ b/catppuccin/colour.py
|
||||
@@ -43,6 +43,9 @@ class Colour:
|
||||
@classmethod
|
||||
def from_hex(cls, hex_string: str) -> Colour:
|
||||
"""Create a colour from hex string."""
|
||||
+ if hex_string.startswith("#"):
|
||||
+ hex_string = hex_string[1:]
|
||||
+
|
||||
if len(hex_string) not in (6, 8):
|
||||
raise ValueError("Hex string must be 6 or 8 characters long.")
|
||||
diff --git a/catppuccin/flavour.py b/catppuccin/flavour.py
|
||||
index aa7df98..4bf849a 100644
|
||||
--- a/catppuccin/flavour.py
|
||||
+++ b/catppuccin/flavour.py
|
||||
@@ -138,30 +138,30 @@ class Flavour: # pylint: disable=too-many-instance-attributes
|
||||
def mocha() -> "Flavour":
|
||||
"""Mocha flavoured Catppuccin."""
|
||||
return Flavour(
|
||||
- rosewater=Colour(245, 224, 220),
|
||||
- flamingo=Colour(242, 205, 205),
|
||||
- pink=Colour(245, 194, 231),
|
||||
- mauve=Colour(203, 166, 247),
|
||||
- red=Colour(243, 139, 168),
|
||||
- maroon=Colour(235, 160, 172),
|
||||
- peach=Colour(250, 179, 135),
|
||||
- yellow=Colour(249, 226, 175),
|
||||
- green=Colour(166, 227, 161),
|
||||
- teal=Colour(148, 226, 213),
|
||||
- sky=Colour(137, 220, 235),
|
||||
- sapphire=Colour(116, 199, 236),
|
||||
- blue=Colour(137, 180, 250),
|
||||
- lavender=Colour(180, 190, 254),
|
||||
- text=Colour(205, 214, 244),
|
||||
+ rosewater=Colour.from_hex("${color 1}"),
|
||||
+ flamingo=Colour.from_hex("${color 2}"),
|
||||
+ pink=Colour.from_hex("${color 3}"),
|
||||
+ mauve=Colour.from_hex("${color 4}"),
|
||||
+ red=Colour.from_hex("${color 5}"),
|
||||
+ maroon=Colour.from_hex("${color 6}"),
|
||||
+ peach=Colour.from_hex("${color 7}"),
|
||||
+ yellow=Colour.from_hex("${color 8}"),
|
||||
+ green=Colour.from_hex("${color 9}"),
|
||||
+ teal=Colour.from_hex("${color 10}"),
|
||||
+ sky=Colour.from_hex("${color 11}"),
|
||||
+ sapphire=Colour.from_hex("${color 12}"),
|
||||
+ blue=Colour.from_hex("${color 13}"),
|
||||
+ lavender=Colour.from_hex("${color 14}"),
|
||||
+ text=Colour.from_hex("${color 15}"),
|
||||
subtext1=Colour(186, 194, 222),
|
||||
subtext0=Colour(166, 173, 200),
|
||||
overlay2=Colour(147, 153, 178),
|
||||
overlay1=Colour(127, 132, 156),
|
||||
overlay0=Colour(108, 112, 134),
|
||||
- surface2=Colour(88, 91, 112),
|
||||
- surface1=Colour(69, 71, 90),
|
||||
- surface0=Colour(49, 50, 68),
|
||||
- base=Colour(30, 30, 46),
|
||||
- mantle=Colour(24, 24, 37),
|
||||
- crust=Colour(17, 17, 27),
|
||||
+ surface2=Colour.from_hex("${color 2}"),
|
||||
+ surface1=Colour.from_hex("${color 1}"),
|
||||
+ surface0=Colour.from_hex("${color 0}"),
|
||||
+ base=Colour.from_hex("${color 0}"),
|
||||
+ mantle=Colour.from_hex("${color 0}"),
|
||||
+ crust=Colour.from_hex("${color 0}"),
|
||||
)
|
||||
'')
|
||||
];
|
||||
});
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
/*
|
||||
home.file = {
|
||||
".icons/default/index.theme".text = ''
|
||||
[Icon Theme]
|
||||
Name=Default
|
||||
Comment=Default Cursor Theme
|
||||
Inherits=Vanilla-DMZ
|
||||
'';
|
||||
};
|
||||
*/
|
||||
programs.kitty.settings = with theme; {
|
||||
background = color 0;
|
||||
foreground = color 15;
|
||||
cursor = color 15;
|
||||
selection_background = "#4f414c";
|
||||
color0 = color 0;
|
||||
color1 = color 9;
|
||||
color2 = color 10;
|
||||
color3 = color 11;
|
||||
color4 = color 12;
|
||||
color5 = color 13;
|
||||
color6 = color 14;
|
||||
color7 = color 15;
|
||||
color8 = color 8;
|
||||
color9 = color 9;
|
||||
color10 = color 10;
|
||||
color11 = color 11;
|
||||
color12 = color 12;
|
||||
color13 = color 13;
|
||||
color14 = color 14;
|
||||
color15 = color 15;
|
||||
};
|
||||
# Taken from https://github.com/jakehamilton/dotfiles/blob/master/waybar/style.css
|
||||
programs.waybar.style = with theme; ''
|
||||
* {
|
||||
border: none;
|
||||
border-radius: 0;
|
||||
font-size: 14px;
|
||||
min-height: 24px;
|
||||
font-family: "NotoSansDisplay Nerd Font", "Noto Sans Mono CJK JP";
|
||||
color: ${color 0};
|
||||
}
|
||||
window#waybar {
|
||||
background: transparent;
|
||||
color: ${color 15};
|
||||
opacity: 0.9;
|
||||
}
|
||||
window#waybar.hidden {
|
||||
opacity: 0.2;
|
||||
}
|
||||
#window {
|
||||
margin-top: 8px;
|
||||
padding: 0px 16px 0px 16px;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: transparent;
|
||||
}
|
||||
#workspaces {
|
||||
margin-top: 8px;
|
||||
margin-left: 12px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
background-color: ${color 0};
|
||||
color: ${color 15};
|
||||
transition: none;
|
||||
}
|
||||
#workspaces button {
|
||||
transition: none;
|
||||
background: transparent;
|
||||
font-size: 16px;
|
||||
color: ${color 15};
|
||||
}
|
||||
#workspaces button.focused {
|
||||
background: ${color 13};
|
||||
color: ${color 0};
|
||||
}
|
||||
#workspaces button:hover {
|
||||
background: ${color 10};
|
||||
color: ${color 0};
|
||||
}
|
||||
#mpd {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
background: ${color 2};
|
||||
transition: none;
|
||||
}
|
||||
#mpd.disconnected,
|
||||
#mpd.stopped {
|
||||
background: ${color 4};
|
||||
}
|
||||
#network {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: ${color 13};
|
||||
}
|
||||
#pulseaudio {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: ${color 11};
|
||||
}
|
||||
#temperature, #battery {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: ${color 2};
|
||||
}
|
||||
#cpu, #backlight, #battery.warning {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: ${color 14};
|
||||
}
|
||||
#memory, #battery.critical {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 24px;
|
||||
transition: none;
|
||||
background: ${color 12};
|
||||
}
|
||||
#clock {
|
||||
margin-top: 8px;
|
||||
margin-left: 8px;
|
||||
margin-right: 12px;
|
||||
padding-left: 16px;
|
||||
padding-right: 16px;
|
||||
margin-bottom: 0;
|
||||
border-radius: 26px;
|
||||
transition: none;
|
||||
background: ${color 0};
|
||||
color: ${color 15};
|
||||
}
|
||||
'';
|
||||
|
||||
wayland.windowManager.sway.extraConfig = with theme; ''
|
||||
# target title bg text indicator border
|
||||
client.focused ${color 5} ${color 0} ${color 15} ${color 12} ${color 5}
|
||||
client.focused_inactive ${color 13} ${color 0} ${color 15} ${color 12} ${color 13}
|
||||
client.unfocused ${color 13} ${color 0} ${color 15} ${color 12} ${color 13}
|
||||
client.urgent ${color 14} ${color 0} ${color 14} ${color 8} ${color 14}
|
||||
client.placeholder ${color 8} ${color 0} ${color 15} ${color 8} ${color 8}
|
||||
client.background ${color 0}
|
||||
seat seat0 xcursor_theme breeze-dark 24
|
||||
'';
|
||||
home.packages = with pkgs; [
|
||||
libsForQt5.breeze-icons
|
||||
libsForQt5.qt5ct
|
||||
vanilla-dmz
|
||||
pkgs.plasma5Packages.lightly
|
||||
];
|
||||
|
||||
programs.rofi.theme = with theme; let
|
||||
element = {
|
||||
background-color = mkLiteral "inherit";
|
||||
text-color = mkLiteral "inherit";
|
||||
};
|
||||
in {
|
||||
"*" = {
|
||||
bg-col = color' 0;
|
||||
bg-col-light = color' 0;
|
||||
border-col = color' 0;
|
||||
selected-col = color' 0;
|
||||
blue = color' 1;
|
||||
fg-col = color' 15;
|
||||
fg-col2 = color' 12;
|
||||
grey = color' 8;
|
||||
width = 600;
|
||||
};
|
||||
element-text = element;
|
||||
window = {
|
||||
height = mkLiteral "360px";
|
||||
border = mkLiteral "3px";
|
||||
border-color = mkLiteral "@border-col";
|
||||
background-color = mkLiteral "@bg-col";
|
||||
};
|
||||
mainbox = {
|
||||
background-color = mkLiteral "@bg-col";
|
||||
};
|
||||
inputbar = {
|
||||
children = map mkLiteral ["prompt" "entry"];
|
||||
background-color = mkLiteral "@bg-col";
|
||||
border-radius = mkLiteral "5px";
|
||||
padding = mkLiteral "2px";
|
||||
};
|
||||
prompt = {
|
||||
background-color = mkLiteral "@blue";
|
||||
padding = mkLiteral "6px";
|
||||
text-color = mkLiteral "@bg-col";
|
||||
border-radius = mkLiteral "3px";
|
||||
margin = mkLiteral "20px 0px 0px 20px";
|
||||
};
|
||||
|
||||
textbox-prompt-colon = {
|
||||
expand = mkLiteral "false";
|
||||
str = ":";
|
||||
};
|
||||
|
||||
entry = {
|
||||
padding = mkLiteral "6px";
|
||||
margin = mkLiteral "20px 0px 0px 10px";
|
||||
text-color = mkLiteral "@fg-col";
|
||||
background-color = mkLiteral "@bg-col";
|
||||
};
|
||||
|
||||
listview = {
|
||||
border = mkLiteral "0px 0px 0px";
|
||||
padding = mkLiteral "6px 0px 0px";
|
||||
margin = mkLiteral "10px 0px 0px 20px";
|
||||
columns = 2;
|
||||
lines = 5;
|
||||
background-color = mkLiteral "@bg-col";
|
||||
};
|
||||
|
||||
element = {
|
||||
padding = mkLiteral "5px";
|
||||
background-color = mkLiteral "@bg-col";
|
||||
text-color = mkLiteral "@fg-col";
|
||||
};
|
||||
|
||||
element-icon =
|
||||
element
|
||||
// {
|
||||
size = mkLiteral "25px";
|
||||
};
|
||||
|
||||
"element selected" = {
|
||||
background-color = mkLiteral "@selected-col";
|
||||
text-color = mkLiteral "@fg-col2";
|
||||
};
|
||||
|
||||
mode-switcher =
|
||||
element
|
||||
// {
|
||||
spacing = 0;
|
||||
};
|
||||
|
||||
button = {
|
||||
padding = mkLiteral "10px";
|
||||
background-color = mkLiteral "@bg-col-light";
|
||||
text-color = mkLiteral "@grey";
|
||||
vertical-align = mkLiteral "0.5";
|
||||
horizontal-align = mkLiteral "0.5";
|
||||
};
|
||||
|
||||
"button selected" = {
|
||||
background-color = mkLiteral "@bg-col";
|
||||
text-color = mkLiteral "@blue";
|
||||
};
|
||||
|
||||
message = {
|
||||
background-color = mkLiteral "@bg-col-light";
|
||||
margin = mkLiteral "2px";
|
||||
padding = mkLiteral "2px";
|
||||
border-radius = mkLiteral "5px";
|
||||
};
|
||||
|
||||
textbox = {
|
||||
padding = mkLiteral "6px";
|
||||
margin = mkLiteral "20px 0px 0px 20px";
|
||||
text-color = mkLiteral "@blue";
|
||||
background-color = mkLiteral "@bg-col-light";
|
||||
};
|
||||
};
|
||||
programs.neomutt.extraConfig = ''
|
||||
color normal default default # Text is "Text"
|
||||
color index color2 default ~N # New Messages are Green
|
||||
color index color1 default ~F # Flagged messages are Red
|
||||
color index color13 default ~T # Tagged Messages are Red
|
||||
color index color1 default ~D # Messages to delete are Red
|
||||
color attachment color5 default # Attachments are Pink
|
||||
color signature color8 default # Signatures are Surface 2
|
||||
color search color4 default # Highlighted results are Blue
|
||||
color indicator default color8 # currently highlighted message Surface 2=Background Text=Foreground
|
||||
color error color1 default # error messages are Red
|
||||
color status color15 default # status line "Subtext 0"
|
||||
color tree color15 default # thread tree arrows Subtext 0
|
||||
color tilde color15 default # blank line padding Subtext 0
|
||||
color hdrdefault color13 default # default headers Pink
|
||||
color header color13 default "^From:"
|
||||
color header color13 default "^Subject:"
|
||||
color quoted color15 default # Subtext 0
|
||||
color quoted1 color7 default # Subtext 1
|
||||
color quoted2 color8 default # Surface 2
|
||||
color quoted3 color0 default # Surface 1
|
||||
color quoted4 color0 default
|
||||
color quoted5 color0 default
|
||||
color body color2 default [\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+ # email addresses Green
|
||||
color body color2 default (https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+ # URLs Green
|
||||
color body color4 default (^|[[:space:]])\\*[^[:space:]]+\\*([[:space:]]|$) # *bold* text Blue
|
||||
color body color4 default (^|[[:space:]])_[^[:space:]]+_([[:space:]]|$) # _underlined_ text Blue
|
||||
color body color4 default (^|[[:space:]])/[^[:space:]]+/([[:space:]]|$) # /italic/ text Blue
|
||||
color sidebar_flagged color1 default # Mailboxes with flagged mails are Red
|
||||
color sidebar_new color10 default # Mailboxes with new mail are Green
|
||||
'';
|
||||
home.file.".local/share/mc/skins/catppuccin.ini".source = ../../extra/mc-catppuccin.ini;
|
||||
systemd.user.services.transparency = {
|
||||
Unit = {
|
||||
Description = "transparency";
|
||||
After = ["graphical-session-pre.target"];
|
||||
PartOf = ["graphical-session.target"];
|
||||
};
|
||||
Install.WantedBy = ["graphical-session.target"];
|
||||
Service = {
|
||||
ExecStart = "${pkgs.python3.withPackages (ps: with ps; [i3ipc])}/bin/python ${./transparency.py}";
|
||||
};
|
||||
};
|
||||
|
||||
programs.zsh.initExtra =
|
||||
if withNSFW
|
||||
then ''
|
||||
export CARGO_MOMMYS_MOODS=chill/ominous/thirsty/yikes
|
||||
export CARGO_MOMMYS_LITTLE=racc/plush
|
||||
export CARGO_MOMMYS_PARTS=shit/pee
|
||||
export CARGO_MOMMYS_FUCKING="pet/toy/toilet/shitslut/septic tank"
|
||||
''
|
||||
else ''
|
||||
export CARGO_MOMMYS_MOODS=chill/ominous
|
||||
export CARGO_MOMMYS_LITTLE=racc/plush
|
||||
'';
|
||||
}
|
|
@ -1,60 +0,0 @@
|
|||
require("which-key").setup {
|
||||
plugins = {
|
||||
marks = true, -- shows a list of your marks on ' and `
|
||||
registers = true, -- shows your registers on " in NORMAL or <C-r> in INSERT mode
|
||||
spelling = {
|
||||
enabled = true, -- enabling this will show WhichKey when pressing z= to select spelling suggestions
|
||||
suggestions = 9, -- how many suggestions should be shown in the list?
|
||||
},
|
||||
-- the presets plugin, adds help for a bunch of default keybindings in Neovim
|
||||
-- No actual key bindings are created
|
||||
presets = {
|
||||
operators = true, -- adds help for operators like d, y, ... and registers them for motion / text object completion
|
||||
motions = true, -- adds help for motions
|
||||
text_objects = true, -- help for text objects triggered after entering an operator
|
||||
windows = true, -- default bindings on <c-w>
|
||||
nav = true, -- misc bindings to work with windows
|
||||
z = true, -- bindings for folds, spelling and others prefixed with z
|
||||
g = true, -- bindings for prefixed with g
|
||||
},
|
||||
},
|
||||
-- add operators that will trigger motion and text object completion
|
||||
-- to enable all native operators, set the preset / operators plugin above
|
||||
operators = { gc = "Comments" },
|
||||
key_labels = {
|
||||
-- override the label used to display some keys. It doesn't effect WK in any other way.
|
||||
-- For example:
|
||||
-- ["<space>"] = "SPC",
|
||||
-- ["<cr>"] = "RET",
|
||||
-- ["<tab>"] = "TAB",
|
||||
},
|
||||
icons = {
|
||||
breadcrumb = "»", -- symbol used in the command line area that shows your active key combo
|
||||
separator = "➜", -- symbol used between a key and it's label
|
||||
group = "+", -- symbol prepended to a group
|
||||
},
|
||||
window = {
|
||||
border = "none", -- none, single, double, shadow
|
||||
position = "bottom", -- bottom, top
|
||||
margin = { 0, 0, 0, 0 }, -- extra window margin [top, right, bottom, left]
|
||||
padding = { 1, 0, 1, 0 }, -- extra window padding [top, right, bottom, left]
|
||||
},
|
||||
layout = {
|
||||
height = { min = 1, max = 25 }, -- min and max height of the columns
|
||||
width = { min = 20, max = 50 }, -- min and max width of the columns
|
||||
spacing = 1, -- spacing between columns
|
||||
align = "center", -- align columns left, center or right
|
||||
},
|
||||
ignore_missing = false, -- enable this to hide mappings for which you didn't specify a label
|
||||
hidden = { "<silent>", "<cmd>", "<Cmd>", "<CR>", "call", "lua", "^:", "^ " }, -- hide mapping boilerplate
|
||||
show_help = true, -- show help message on the command line when the popup is visible
|
||||
triggers = "auto", -- automatically setup triggers
|
||||
-- triggers = {"<leader>"} -- or specify a list manually
|
||||
|
||||
triggers_blacklist = {
|
||||
-- list of mode / prefixes that should never be hooked by WhichKey
|
||||
-- this is mostly relevant for key maps that start with a native binding
|
||||
-- most people should not need to change this
|
||||
n = { "o", "O" },
|
||||
},
|
||||
}
|
|
@ -1,4 +0,0 @@
|
|||
{
|
||||
virtualisation.virtualbox.host.enable = true;
|
||||
users.extraGroups.vboxusers.members = ["darkkirb"];
|
||||
}
|
|
@ -1,22 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
lib,
|
||||
nixos-vscode-server,
|
||||
...
|
||||
}: let
|
||||
x86_64-linux-pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
in {
|
||||
imports = [
|
||||
"${nixos-vscode-server}/modules/vscode-server/home.nix"
|
||||
];
|
||||
programs.vscode = {
|
||||
enable = true;
|
||||
extensions = with x86_64-linux-pkgs.vscode-extensions; [
|
||||
];
|
||||
};
|
||||
services.vscode-server.enable = true;
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
systemd.user.services.wl-clipboard = {
|
||||
Unit = {
|
||||
Description = "wl-clipboard";
|
||||
After = ["graphical-session-pre.target"];
|
||||
PartOf = ["graphical-session.target"];
|
||||
};
|
||||
Install.WantedBy = ["graphical-session.target"];
|
||||
Service = {
|
||||
ExecStart = "${pkgs.wl-clipboard}/bin/wl-paste --watch ${pkgs.clipman}/bin/clipman store --no-persist";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
home.packages = with pkgs; [
|
||||
yubikey-manager-qt
|
||||
];
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
home.packages = [pkgs.zk pkgs.obsidian];
|
||||
}
|
|
@ -1,8 +0,0 @@
|
|||
{nixpkgs, ...}: let
|
||||
x86_64-linux-pkgs = import nixpkgs {
|
||||
system = "x86_64-linux";
|
||||
config.allowUnfree = true;
|
||||
};
|
||||
in {
|
||||
home.packages = [x86_64-linux-pkgs.zoom-us];
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
desktop: _: {
|
||||
programs = {
|
||||
zsh = {
|
||||
enable = true;
|
||||
enableAutosuggestions = true;
|
||||
enableCompletion = true;
|
||||
enableVteIntegration = desktop;
|
||||
autocd = true;
|
||||
loginExtra =
|
||||
if desktop
|
||||
then ''
|
||||
if [[ -z "$DISPLAY" ]] && [[ $(tty) = "/dev/tty1" ]]; then
|
||||
exec sway
|
||||
fi
|
||||
''
|
||||
else "";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,118 +0,0 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
lib,
|
||||
nixos-hardware,
|
||||
...
|
||||
}: {
|
||||
networking.hostName = "rainbow-resort";
|
||||
networking.hostId = "776736c6";
|
||||
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
./systemd-boot.nix
|
||||
./desktop.nix
|
||||
./services/tpm2.nix
|
||||
nixos-hardware.nixosModules.common-cpu-amd
|
||||
nixos-hardware.nixosModules.common-gpu-amd
|
||||
nixos-hardware.nixosModules.common-pc-ssd
|
||||
./users/remote-build.nix
|
||||
#./services/kubernetes.nix
|
||||
./services/forgejo-runner.nix
|
||||
./services/postgres.nix
|
||||
];
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
|
||||
boot.initrd.kernelModules = ["amdgpu"];
|
||||
boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"];
|
||||
boot.extraModulePackages = [
|
||||
config.boot.kernelPackages.zenpower
|
||||
];
|
||||
services.hardware.openrgb = {
|
||||
enable = true;
|
||||
package = pkgs.openrgb-with-all-plugins;
|
||||
motherboard = "amd";
|
||||
};
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/23690ff2-7a65-431e-a6ee-fea0878e0bb1";
|
||||
fsType = "btrfs";
|
||||
options = ["compress=zstd"];
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/B6BA-BE40";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
services.btrfs.autoScrub = {
|
||||
enable = true;
|
||||
fileSystems = ["/"];
|
||||
};
|
||||
services.snapper.configs.main = {
|
||||
SUBVOLUME = "/";
|
||||
TIMELINE_LIMIT_HOURLY = 5;
|
||||
TIMELINE_LIMIT_DAILY = 7;
|
||||
TIMELINE_LIMIT_WEEKLY = 4;
|
||||
TIMELINE_LIMIT_MONTHLY = 12;
|
||||
TIMELINE_LIMIT_YEARLY = 0;
|
||||
};
|
||||
|
||||
services.beesd.filesystems.root = {
|
||||
spec = "/";
|
||||
hashTableSizeMB = 2048;
|
||||
verbosity = "crit";
|
||||
extraOptions = ["--loadavg-target" "5.0"];
|
||||
};
|
||||
|
||||
networking.interfaces.enp14s0.useDHCP = true;
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
services.xserver.videoDrivers = ["amdgpu"];
|
||||
|
||||
nix.settings.cores = 16;
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"armv7l-linux"
|
||||
"powerpc-linux"
|
||||
"powerpc64-linux"
|
||||
"powerpc64le-linux"
|
||||
"wasm32-wasi"
|
||||
"riscv32-linux"
|
||||
"riscv64-linux"
|
||||
];
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
nix.daemonCPUSchedPolicy = "idle";
|
||||
nix.daemonIOSchedClass = "idle";
|
||||
|
||||
nix.settings.system-features = [
|
||||
"kvm"
|
||||
"nixos-test"
|
||||
"big-parallel"
|
||||
"benchmark"
|
||||
"gccarch-znver4"
|
||||
"gccarch-znver3"
|
||||
"gccarch-znver2"
|
||||
"gccarch-znver1"
|
||||
"gccarch-skylake"
|
||||
"gccarch-skylake-avx512"
|
||||
"ca-derivations"
|
||||
];
|
||||
|
||||
services.tailscale.useRoutingFeatures = "client";
|
||||
home-manager.users.darkkirb._module.args.withNSFW = lib.mkForce true;
|
||||
services.prometheus.exporters.node.enabledCollectors = ["drm"];
|
||||
services.k3s.role = lib.mkForce "agent";
|
||||
|
||||
services.ollama = {
|
||||
enable = true; # broken. lol
|
||||
acceleration = "rocm";
|
||||
# Thank you amd for not supporting 11.0.1
|
||||
environmentVariables.HCC_AMDGPU_TARGET = "gfx1100";
|
||||
rocmOverrideGfx = "11.0.0";
|
||||
};
|
||||
services.joycond.enable = true;
|
||||
hardware.bluetooth.enable = true;
|
||||
services.blueman.enable = true;
|
||||
}
|
|
@ -1,15 +0,0 @@
|
|||
_: {
|
||||
networking.hostName = "rpi2";
|
||||
networking.hostId = "29d7b964";
|
||||
# NixOS wants to enable GRUB by default
|
||||
boot.loader.grub.enable = false;
|
||||
# Enables the generation of /boot/extlinux/extlinux.conf
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-label/NIXOS_SD";
|
||||
fsType = "ext4";
|
||||
};
|
||||
system.stateVersion = "21.11";
|
||||
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix false;
|
||||
nix.settings.cores = 4;
|
||||
}
|
|
@ -1,7 +0,0 @@
|
|||
# Configuration unique to servers
|
||||
{pkgs, ...}: {
|
||||
imports = [
|
||||
./services/caddy
|
||||
./services/acme.nix
|
||||
];
|
||||
}
|
|
@ -1,40 +0,0 @@
|
|||
{config, ...}: {
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults = {
|
||||
email = "lotte@chir.rs";
|
||||
dnsProvider = "rfc2136";
|
||||
credentialsFile = "/run/secrets/security/acme/dns";
|
||||
};
|
||||
certs."darkkirb.de" = {
|
||||
domain = "*.darkkirb.de";
|
||||
extraDomainNames = ["darkkirb.de"];
|
||||
dnsProvider = "gcloud";
|
||||
credentialsFile = config.sops.secrets."security/acme/gcloud".path;
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
certs."chir.rs" = {
|
||||
domain = "*.chir.rs";
|
||||
extraDomainNames = ["chir.rs"];
|
||||
};
|
||||
certs."int.chir.rs" = {
|
||||
domain = "*.int.chir.rs";
|
||||
};
|
||||
certs."shitallover.me" = {
|
||||
domain = "*.shitallover.me";
|
||||
extraDomainNames = ["shitallover.me"];
|
||||
dnsProvider = "gcloud";
|
||||
credentialsFile = config.sops.secrets."security/acme/gcloud".path;
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
certs."miifox.net" = {
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = "/run/secrets/security/acme/cloudflare";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
};
|
||||
sops.secrets."security/acme/dns" = {};
|
||||
sops.secrets."security/acme/cloudflare" = {};
|
||||
sops.secrets."security/acme/gcloud" = {};
|
||||
sops.secrets."security/acme/gcloud.json".owner = "acme";
|
||||
}
|
|
@ -1,334 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
system,
|
||||
akkoma,
|
||||
admin-fe,
|
||||
akkoma-fe,
|
||||
...
|
||||
}: let
|
||||
purge_url_script = pkgs.writeScript "purge-url" ''
|
||||
access_key=$(cat ${config.sops.secrets."services/bunny-key".path})
|
||||
for url in $@; do
|
||||
url=$(echo $url | ${pkgs.python3}/bin/python3 -c "import sys; import urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip()))")
|
||||
${pkgs.curl}/bin/curl -H "Authorization: Bearer $access_key" -X POST "https://api.bunny.net/purge?url=$url&async=false"
|
||||
done
|
||||
'';
|
||||
emoji_set_names = [
|
||||
"volpeon-blobfox-flip"
|
||||
"volpeon-blobfox"
|
||||
"volpeon-bunhd-flip"
|
||||
"volpeon-bunhd"
|
||||
"volpeon-drgn"
|
||||
"volpeon-fox"
|
||||
"volpeon-raccoon"
|
||||
"volpeon-vlpn"
|
||||
"lotte"
|
||||
"caro"
|
||||
"volpeon-neofox"
|
||||
"volpeon-neocat"
|
||||
"rosaflags"
|
||||
"volpeon-floof"
|
||||
"raccoon"
|
||||
];
|
||||
emoji_sets = builtins.listToAttrs (map (name: {
|
||||
inherit name;
|
||||
value = "${pkgs."emoji-${name}"}";
|
||||
})
|
||||
emoji_set_names);
|
||||
copy_emoji_set = name: ''
|
||||
mkdir -p $out/emoji/${name}
|
||||
lndir ${emoji_sets.${name}} $out/emoji/${name}
|
||||
'';
|
||||
fedibird_fe = pkgs.fetchzip {
|
||||
url = "https://akkoma-updates.s3-website.fr-par.scw.cloud/frontend/akkoma/fedibird-fe.zip";
|
||||
sha256 = "sha256-hUp8XAQInWB3BpTrwsTV36xNwxs6fK01fFAd4FBwn4U=";
|
||||
};
|
||||
static_dir = pkgs.stdenvNoCC.mkDerivation {
|
||||
name = "akkoma-static";
|
||||
src = pkgs.emptyDirectory;
|
||||
nativeBuildInputs = with pkgs; [xorg.lndir];
|
||||
akkoma_fe = akkoma-fe.packages.${system}.akkoma-fe;
|
||||
akkoma_admin_fe = admin-fe.packages.${system}.admin-fe;
|
||||
inherit fedibird_fe;
|
||||
tos = ./terms-of-service.html;
|
||||
dontUnpack = false;
|
||||
installPhase = ''
|
||||
mkdir -p $out/frontends/pleroma-fe/stable
|
||||
lndir $akkoma_fe $out/frontends/pleroma-fe/stable
|
||||
mkdir -p $out/frontends/admin-fe/stable
|
||||
lndir $akkoma_admin_fe $out/frontends/admin-fe/stable
|
||||
mkdir -p $out/frontends/fedibird-fe/akkoma
|
||||
lndir $fedibird_fe $out/frontends/fedibird-fe/akkoma
|
||||
${toString (map copy_emoji_set emoji_set_names)}
|
||||
mkdir $out/emoji/misc
|
||||
ln -s ${./therian.png} $out/emoji/misc/therian.png
|
||||
mkdir $out/static
|
||||
cp $tos $out/static/terms-of-service.html
|
||||
'';
|
||||
};
|
||||
ec = pkgs.formats.elixirConf {};
|
||||
akkconfig = ec.generate "config.exs" (with ec.lib; {
|
||||
":pleroma" = {
|
||||
"Pleroma.Upload" = {
|
||||
uploader = mkRaw "Pleroma.Uploaders.S3";
|
||||
filters = map (v: mkRaw ("Pleroma.Upload.Filter." + v)) ["Mogrify" "Dedupe" "AnonymizeFilename"];
|
||||
base_url = "https://mastodon-assets.chir.rs/";
|
||||
};
|
||||
"Pleroma.Uploaders.S3" = {
|
||||
bucket = "mastodon-assets-chir-rs";
|
||||
truncated_namespace = "";
|
||||
};
|
||||
"Pleroma.Upload.Filter.Mogrify" = {
|
||||
args = ["auto-orient" "strip"];
|
||||
};
|
||||
":instance" = {
|
||||
name = "Raccoon Noises";
|
||||
email = "lotte@chir.rs";
|
||||
notify_email = "akko@chir.rs";
|
||||
description = "Small Akkoma Instance";
|
||||
limit = 58913;
|
||||
description_limit = 58913;
|
||||
upload_limit = 256 * 1024 * 1024;
|
||||
languages = ["en" "tok"];
|
||||
registrations_open = true;
|
||||
invites_enabled = true;
|
||||
account_activation_required = true;
|
||||
account_approval_required = true;
|
||||
static_dir = "${static_dir}";
|
||||
max_pinned_statuses = 10;
|
||||
attachment_links = true;
|
||||
max_report_comment_size = 58913;
|
||||
safe_dm_mentions = true;
|
||||
healthcheck = true;
|
||||
user_bio_length = 58913;
|
||||
user_name_length = 621;
|
||||
max_account_fields = 69;
|
||||
max_remote_account_fields = 621;
|
||||
account_field_name_length = 621;
|
||||
account_field_value_length = 58913;
|
||||
registration_reason_length = 621;
|
||||
external_user_synchronization = true;
|
||||
};
|
||||
":markup" = {
|
||||
allow_headings = true;
|
||||
allow_tables = true;
|
||||
allow_fonts = true;
|
||||
};
|
||||
":frontend_configurations" = {
|
||||
pleroma_fe = mkMap {
|
||||
webPushNotifications = true;
|
||||
};
|
||||
};
|
||||
":activitypub" = {
|
||||
unfollow_blocked = false;
|
||||
outgoing_blocks = false;
|
||||
blockers_visible = false;
|
||||
deny_follow_blocked = true;
|
||||
sign_object_fetches = true;
|
||||
authorized_fetch_mode = true;
|
||||
};
|
||||
":mrf_hellthread" = {
|
||||
delist_threshold = 8;
|
||||
};
|
||||
":mrf_keyword" = {
|
||||
reject = [
|
||||
"usdtenm.com"
|
||||
(mkRaw "~r/Hi \\w+! New account: .* Do not share with anyone, official website:/i")
|
||||
"dogeai.farm"
|
||||
"ARB Doge"
|
||||
"new meme token created by the latest neural network"
|
||||
(mkRaw "~r/dogecoin.*airdrop/i")
|
||||
(mkRaw "~r/airdrop.*dogecoin/i")
|
||||
];
|
||||
};
|
||||
":mrf_simple" = let
|
||||
processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m);
|
||||
in {
|
||||
reject = processMap {
|
||||
"qoto.org" = "Freeze Peach; Admin harasses other server admins; sends unsolicited emails";
|
||||
"poa.st" = "Hosting neonazis";
|
||||
"kiwifarms.cc" = "Targeted Harassment";
|
||||
"pmth.us" = "Harassment";
|
||||
"nicecrew.digital" = "TERF Instance";
|
||||
"freespeechextremist.com" = "Freeze Peach";
|
||||
"ryona.agency" = "Freeze Peach";
|
||||
"howlr.me" = "Run by verified kiwifarms user";
|
||||
"rdrama.cc" = "smells like Kiwifarms shit";
|
||||
"xhais.love" = "Zoophile instance";
|
||||
"beefyboys.win" = "freeze peach; hosts neonazis";
|
||||
"bae.st" = "freeze peach";
|
||||
"moth.zone" = "racism/antiblackness; owner self-admitted pedophile";
|
||||
"feral.cafe" = "Zoophilia";
|
||||
"disqordia.space" = "No snooping!";
|
||||
"mastodon.cloud" = "Corporate instance; Owner engaged in scams";
|
||||
"mstdn.jp" = "Corporate instance; Owner engaged in scams";
|
||||
"pawoo.net" = "Corporate instance; Owner engaged in scams";
|
||||
"activitypub-proxy.cf" = "Block circumvention tool";
|
||||
"mapsupport.de" = "Pedophile instance";
|
||||
"pedo.school" = "Pedophile instance";
|
||||
"baraag.net" = "porn involving (fictional) underage characters";
|
||||
"eientei.org" = "fash";
|
||||
"threads.net" = "there is so much wrong with facebook it would just fill up the whole page";
|
||||
};
|
||||
followers_only = processMap {
|
||||
"bird.makeup" = "Birdsite scraper with removed limitations and privacy considerations";
|
||||
};
|
||||
federated_timeline_removal = processMap {
|
||||
"mastodon.online" = "Too large to be moderated well";
|
||||
"tumblr.com" = "Too large to be moderated well, corporate instance";
|
||||
"vivaldi.net" = "Corporate instance; Registers nonconsensual accounts for Vivaldi Sync users";
|
||||
"mastodon.social" = "Too large to be moderated well";
|
||||
};
|
||||
};
|
||||
":mrf" = {
|
||||
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "KeywordPolicy" "TagPolicy" "RequireImageDescription" "HellthreadPolicy"];
|
||||
transparency = true;
|
||||
};
|
||||
":http_security" = {
|
||||
enabled = true;
|
||||
sts = true;
|
||||
referrer_policy = "no-referrer";
|
||||
};
|
||||
":frontends" = {
|
||||
primary = mkMap {
|
||||
name = "pleroma-fe";
|
||||
ref = "stable";
|
||||
};
|
||||
admin = mkMap {
|
||||
name = "admin-fe";
|
||||
ref = "stable";
|
||||
};
|
||||
mastodon = mkMap {
|
||||
name = "fedibird-fe";
|
||||
ref = "akkoma";
|
||||
};
|
||||
};
|
||||
":static_fe".enabled = true;
|
||||
":media_proxy" = {
|
||||
enabled = true;
|
||||
base_url = "https://mediaproxy.chir.rs";
|
||||
proxy_opts = {
|
||||
redirect_on_failure = true;
|
||||
};
|
||||
};
|
||||
":media_preview_proxy" = {
|
||||
enabled = true;
|
||||
};
|
||||
"Pleroma.Repo" = {
|
||||
adapter = mkRaw "Ecto.Adapters.Postgres";
|
||||
database = "akkoma";
|
||||
pool_size = 10;
|
||||
socket_dir = "/run/postgresql";
|
||||
prepare = mkAtom ":named";
|
||||
parameters.plan_cache_mode = "force_custom_plan";
|
||||
};
|
||||
"Pleroma.Web.Endpoint" = {
|
||||
url = {
|
||||
host = "akko.chir.rs";
|
||||
port = 443;
|
||||
scheme = "https";
|
||||
};
|
||||
secure_cookie_flag = true;
|
||||
};
|
||||
"Pleroma.Emails.Mailer" = {
|
||||
enabled = true;
|
||||
adapter = mkRaw "Swoosh.Adapters.SMTP";
|
||||
relay = "mail.chir.rs";
|
||||
username = "akko@chir.rs";
|
||||
port = "465";
|
||||
ssl = true;
|
||||
auth = mkAtom ":always";
|
||||
};
|
||||
"Pleroma.Emails.NewUsersDigestEmail" = {
|
||||
enabled = true;
|
||||
};
|
||||
":database".rum_enabled = true;
|
||||
":emoji" = {
|
||||
shortcode_globs = [
|
||||
"/emoji/volpeon-blobfox-flip/*.png"
|
||||
"/emoji/volpeon-blobfox/*.png"
|
||||
"/emoji/volpeon-bunhd-flip/*.png"
|
||||
"/emoji/volpeon-bunhd/*.png"
|
||||
"/emoji/volpeon-drgn/*.png"
|
||||
"/emoji/volpeon-fox/*.png"
|
||||
"/emoji/volpeon-raccoon/*.png"
|
||||
"/emoji/volpeon-vlpn/*.png"
|
||||
"/emoji/lotte/*.png"
|
||||
"/emoji/caro/*.png"
|
||||
"/emoji/misc/*.png"
|
||||
];
|
||||
groups = {
|
||||
"BlobfoxFlip" = "/emoji/volpeon-blobfox-flip/*.png";
|
||||
"Blobfox" = "/emoji/volpeon-blobfox/*.png";
|
||||
"BunhdFlip" = "/emoji/volpeon-bunhd-flip/*.png";
|
||||
"Bunhd" = "/emoji/volpeon-bunhd/*.png";
|
||||
"Drgn" = "/emoji/volpeon-drgn/*.png";
|
||||
"Fox" = "/emoji/volpeon-fox/*.png";
|
||||
"Raccoon" = "/emoji/volpeon-raccoon/*.png";
|
||||
"Vlpn" = "/emoji/volpeon-vlpn/*.png";
|
||||
"Lotte" = "/emoji/lotte/*.png";
|
||||
"Caroline" = "/emoji/caro/*.png";
|
||||
"Misc" = "/emoji/misc/*.png";
|
||||
};
|
||||
};
|
||||
"Pleroma.Captcha" = {
|
||||
enabled = true;
|
||||
method = mkRaw "Pleroma.Captcha.Kocaptcha";
|
||||
};
|
||||
};
|
||||
":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
|
||||
});
|
||||
in {
|
||||
services.pleroma = {
|
||||
enable = true;
|
||||
package = akkoma.packages.${system}.akkoma;
|
||||
configs = [
|
||||
''
|
||||
import Config
|
||||
import_config "${akkconfig}"
|
||||
''
|
||||
];
|
||||
user = "akkoma";
|
||||
group = "akkoma";
|
||||
secretConfigFile = config.sops.secrets."services/akkoma.exs".path;
|
||||
};
|
||||
systemd.services.pleroma.path = with pkgs; [exiftool imagemagick ffmpeg];
|
||||
services.postgresql.ensureDatabases = ["akkoma"];
|
||||
sops.secrets."services/akkoma.exs" = {owner = "akkoma";};
|
||||
sops.secrets."services/bunny-key".owner = "akkoma";
|
||||
services.caddy.virtualHosts."akko.chir.rs" = {
|
||||
useACMEHost = "chir.rs";
|
||||
logFormat = pkgs.lib.mkForce "";
|
||||
extraConfig = ''
|
||||
import baseConfig
|
||||
handle /media_attachments/* {
|
||||
redir https://mastodon-assets.chir.rs{uri} permanent
|
||||
}
|
||||
@isbunny {
|
||||
header Via BunnyCDN
|
||||
}
|
||||
route /media/* {
|
||||
reverse_proxy @isbunny {
|
||||
header_down Content-Security-Policy "script-src 'none';"
|
||||
to http://127.0.0.1:4000
|
||||
}
|
||||
respond "Use the cdn" 403
|
||||
}
|
||||
route /proxy/* {
|
||||
reverse_proxy @isbunny {
|
||||
header_down Content-Security-Policy "script-src 'none';"
|
||||
to http://127.0.0.1:4000
|
||||
}
|
||||
respond "Use the cdn" 403
|
||||
}
|
||||
route {
|
||||
reverse_proxy {
|
||||
to http://127.0.0.1:4000
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.postgresql.extraPlugins = with config.services.postgresql.package.pkgs; [rum];
|
||||
}
|
|
@ -1,139 +0,0 @@
|
|||
<h2>Rules</h2>
|
||||
<ul>
|
||||
<li>Hate against minority groups is forbidden. This includes racism, sexism, ableism, xenophobia, homophobia,
|
||||
transphobia,, antisemitism, islamophobia, queer exclusionism, etc.</li>
|
||||
<li>Content that is illegal under German Law is not permitted. This especially includes the promotion and
|
||||
dissemination of any Nazi symbolism and ideology, except for education, reporting on past or current events, and
|
||||
antifascist art.</li>
|
||||
<li>Please add content description to all media that you post. This instance automatically adds a CW if it is missing.
|
||||
If you are unable to create one, you can request one via the <a href="https://akko.chir.rs/tag/DescriptionWanted">#DescriptionWanted</a> hashtag</li>
|
||||
<li>Be considerate. Add content warnings for NSFW Content, common phobias, overly long posts, controversial subjects,
|
||||
etc. Please try to avoid flashing images and quickly moving text inside of your posts.</li>
|
||||
<li>NSFW content is generally allowed, but all NSFW content must be properly marked as such, including kinks. Profile
|
||||
images, names, bios, etc must be fully SFW, or they are subject to removal</li>
|
||||
<li>Bots are allowed, however they must be marked as such and must make unlisted posts, may only @ or interact with
|
||||
posts of other users iff they have prompted the bot, or have given explicit permission to do so. Additionally, bots
|
||||
may not post more than 10 posts in a 60 minute interval without interaction.</li>
|
||||
</ul>
|
||||
|
||||
We highly encourage reporting posts violating our rules, even if they are not on our instance. Your reports will not be
|
||||
ignored. For transparency we publish local moderation decisions for users on this server, and federation moderation
|
||||
decisions on the <a href="https://akko.chir.rs/tag/FediBlock">#FediBlock</a> hashtag.<br />
|
||||
|
||||
We do the following moderation automatically:
|
||||
|
||||
<ul>
|
||||
<li>Unlisting of bot posts</li>
|
||||
<li>Adding of CWs to unlabeled media</li>
|
||||
<li>Modification or removal of posts that cause issues with certain clients</li>
|
||||
</ul>
|
||||
|
||||
<h2>Privacy Policy</h2>
|
||||
|
||||
<h3>What data do we collect?</h3>
|
||||
We collect the following data:
|
||||
|
||||
<ul>
|
||||
<li>Email Addresses from local users</li>
|
||||
<li>Posts and Media uploaded by local users</li>
|
||||
<li>User Profiles and Posts by certain remote users</li>
|
||||
</ul>
|
||||
|
||||
<h3>How do we collect your data?</h3>
|
||||
|
||||
If you are a user of this instance, we collect and process your data when you sign up for or use interactive features (e.g. Posting) of the Website.<br />
|
||||
|
||||
If you are not a local user, we collect your data over the following ways:
|
||||
|
||||
<ul>
|
||||
<li>One of our users has requested to follow your account, and you have accepted the request.</li>
|
||||
<li>One of your posts has been interacted with by a remote account, that a local account has followed. This includes Replies, Repeats, Quotes, Likes, Emoji Reactions, and @-Mentions.</li>
|
||||
<li>You have requested that your post is shown to one of our users (i.e. through @-Mentions or DMs)</li>
|
||||
<li>User Interaction: One of our users has explicitely looked up your profile or one of your posts on this instance, for example to interact with it.</li>
|
||||
<li>You have posted a public post on an instance that participates in the <a href="https://relay.awoo.today/">awoo.today relay</a>.
|
||||
</ul>
|
||||
|
||||
<h3>How will we use your data?</h3>
|
||||
|
||||
We collect your data so that we can:
|
||||
|
||||
<ul>
|
||||
<li>Store and display your posts to our local users</li>
|
||||
<li>Display public posts to anonymous users</li>
|
||||
<li>Deliver your public, unlisted, and private posts to your followers </li>
|
||||
<li>Deliver direct messages to the recipient</li>
|
||||
<li>Allow our users to follow you</li>
|
||||
<li>Allow our users to interact with your posts</li>
|
||||
</ul>
|
||||
|
||||
As members of the <a href="https://relay.awoo.today/">awoo.today relay</a>, we will send posts that you have marked as “public” to all of the other instances participating in the relay.
|
||||
|
||||
<h3>How do we store your data?</h3>
|
||||
|
||||
We store your post, profile and account data securely in the Hetzner Datacenter in Falkenstein, Germany. <a href="https://www.hetzner.com/unternehmen/zertifizierung">See their DIN ISO/IEC 27001 certification</a>
|
||||
Media is stored on Backblaze B2<br />
|
||||
|
||||
We employ technical security measures to avoid exposure to sensitive data.<br />
|
||||
|
||||
We also store backups of post, profile, and account data in multiple locations, in an encrypted form, on our server near Chemnitz, Germany, as well as on Backblaze B2.<br />
|
||||
For technical reasons it is not possible modify these backups to remove your data. If this is a concern, please contact us.
|
||||
|
||||
<h3>What are your data protection rights?</h3>
|
||||
|
||||
We want to make sure that you are aware of your data protection rights. Every user is entitled to the following: <br />
|
||||
|
||||
<b>The right to access</b> — You can request a copy of the data we have about you. This may require a short verification for remote users. Local users can do so in the settings under Export/Import <br />
|
||||
|
||||
<b>The right to rectification</b> — You can request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is inaccurate. <br />
|
||||
|
||||
<b>The right to erasure</b> — You can request us to erase the data we have about you.<br />
|
||||
|
||||
<b>The right to restrict to processing</b> — You can restrict us from transmitting your posts to other servers by setting your post visiblity to “Local”. Remote users can also restrict processing of certain posts, by setting its visiblity to “Unlisted” or “Private”.<br />
|
||||
|
||||
<b>The right to object to processing</b> — As a remote user, you can object to further processing of posts and profile data by blocking this domain.<br />
|
||||
|
||||
<b>The right to data portability</b> — You can at any point move to other instances. Due to technical restrictions, it is currently not possible to automatically transfer the users you follow and posts to your new account.<br />
|
||||
|
||||
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, or need help with the included tools, please contact us at our email <a href="mailto:privacy@chir.rs">privacy@chir.rs</a>
|
||||
|
||||
<h3>Cookies</h3>
|
||||
|
||||
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology<br />
|
||||
|
||||
For further information, visit <a href="httpsd//allaboutcookies.org">allaboutcookies.org</a>.
|
||||
|
||||
<h4>How do we use cookies?</h4>
|
||||
|
||||
We use cookies for keeping you logged in. Additionally we store certain configuration in cookies, however these cookies are never transmitted to anyone.
|
||||
|
||||
<h4>How to manage cookies</h4>
|
||||
|
||||
You can tell your browser to not accept cookies, or tell it to remove cookies this website has stored on your device. Please consult your browser’s documentation on instructions on how to do that.
|
||||
|
||||
<h3>Privacy policies of other websites</h3>
|
||||
|
||||
This site contains many links to other websites. This privacy policy only applies to this website. Please consult the privacy policy of these remote sites before entering any personal information.
|
||||
|
||||
<h3>Changes to our privacy policy</h3>
|
||||
|
||||
We may make occasional adjustments to this privacy policy. This policy was last updated on 2022-12-30.
|
||||
|
||||
<h3>How to contact us</h3>
|
||||
|
||||
If you have any questions about this policy, the data we hold about you, or want to exercise one of your data protection rights, please contact us at: <a href="mailto:privacy@chir.rs">privacy@chir.rs</a>
|
||||
|
||||
<h3>How to contact the appropriate authority</h3>
|
||||
|
||||
Should you wish to report a complaint, or if you feel that we haven’t addressed your concern in a satisfactory manner, you may contact the <a href="https://www.saechsdsb.de/petition" lang="de">Sächsische Datenschutzbehörde</a>.
|
||||
|
||||
<hr />
|
||||
|
||||
We also offer the <a href="https://akko.chir.rs/web">Mastodon Web UI</a>. Keep in mind that some features are missing,
|
||||
like emoji reactions, quoting, and JPEG XL.
|
||||
|
||||
<h3>Art Credit</h3>
|
||||
|
||||
<ul>
|
||||
<li>Bun, blobfox, vlpn, raccoon, fox, gphn, neofox, neocat, drgn, floof: Created by <a href="https://is-a.wyvern.rip/@volpeon">@volpeon@is-a.wyvern.rip</a></li>
|
||||
<li>rosahaj pride: by <a href="https://alpaka.social/@braid">@braid@alpaka.social</a></li>
|
||||
</ul>
|
Binary file not shown.
Before Width: | Height: | Size: 15 KiB |
|
@ -1,54 +0,0 @@
|
|||
{
|
||||
attic,
|
||||
config,
|
||||
lib,
|
||||
system,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
disabledModules = ["services/networking/atticd.nix"];
|
||||
imports = [attic.nixosModules.atticd];
|
||||
services.atticd = {
|
||||
enable = true;
|
||||
package = attic.packages.${system}.attic-server;
|
||||
credentialsFile = config.sops.secrets."services/attic".path;
|
||||
settings = {
|
||||
listen = "[::1]:57448";
|
||||
allowed-hosts = ["attic.chir.rs"];
|
||||
api-endpoint = "https://attic.chir.rs/";
|
||||
database.url = "postgresql:///attic?sslmode=disable&host=/run/postgresql";
|
||||
storage = {
|
||||
type = "s3";
|
||||
region = "us-east-1";
|
||||
bucket = "attic-chir-rs";
|
||||
endpoint = "https://ams1.vultrobjects.com/";
|
||||
};
|
||||
compression = {
|
||||
type = "zstd";
|
||||
level = 12;
|
||||
};
|
||||
chunking = {
|
||||
nar-size-threshold = 131072;
|
||||
min-size = 65536;
|
||||
avg-size = 131072;
|
||||
max-size = 262144;
|
||||
};
|
||||
garbage-collection.default-retention-period = "3 months";
|
||||
};
|
||||
};
|
||||
sops.secrets."services/attic" = {};
|
||||
services.postgresql.ensureDatabases = [
|
||||
"attic"
|
||||
];
|
||||
services.caddy.virtualHosts."attic.chir.rs" = {
|
||||
useACMEHost = "chir.rs";
|
||||
logFormat = lib.mkForce "";
|
||||
extraConfig = ''
|
||||
import baseConfig
|
||||
|
||||
reverse_proxy http://[::1]:57448 {
|
||||
trusted_proxies private_ranges
|
||||
}
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
λ(host: Text) →
|
||||
|
||||
-- TODO: Deduplicate with the nix code
|
||||
|
||||
{
|
||||
-- Common config
|
||||
caddyConfig = {
|
||||
admin = {
|
||||
disabled = True
|
||||
},
|
||||
storage = {
|
||||
module = "file_system",
|
||||
root = "/var/lib/caddy"
|
||||
},
|
||||
apps = {
|
||||
http = ./http.dhall host
|
||||
}
|
||||
},
|
||||
nixosConfig = {
|
||||
systemd = {
|
||||
tmpfiles = {
|
||||
rules = [
|
||||
"d '/var/lib/caddy' 0750 caddy acme - -"
|
||||
]
|
||||
}
|
||||
},
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedTCPPorts = [ 80, 443 ],
|
||||
allowedUDPPorts = [ 443 ]
|
||||
}
|
||||
},
|
||||
security = {
|
||||
acme = {
|
||||
certs = let value = { reloadServices = ["caddy.service"] } in {
|
||||
`darkkirb.de` = value,
|
||||
`chir.rs` = value,
|
||||
`int.chir.rs` = value,
|
||||
`miifox.net` = value
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1,47 +0,0 @@
|
|||
{lib, ...}: {
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
group = "acme";
|
||||
globalConfig = ''
|
||||
admin off
|
||||
storage file_system /var/lib/caddy
|
||||
auto_https disable_certs
|
||||
'';
|
||||
logFormat = lib.mkForce ''
|
||||
output file /var/log/caddy/access.log {
|
||||
roll_keep_for 7d
|
||||
}
|
||||
format filter {
|
||||
wrap json
|
||||
fields {
|
||||
request>remote_addr ip_mask {
|
||||
ipv4 0
|
||||
ipv6 0
|
||||
}
|
||||
request>headers>Cf-Connecting-Ip ip_mask {
|
||||
ipv4 0
|
||||
ipv6 0
|
||||
}
|
||||
request>headers>X-Forwarded-For ip_mask {
|
||||
ipv4 0
|
||||
ipv6 0
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
extraConfig = ''
|
||||
(baseConfig) {
|
||||
encode {
|
||||
gzip
|
||||
zstd
|
||||
# TODO: support for brotli
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
systemd.tmpfiles.rules = [
|
||||
"d '/var/lib/caddy' 0750 caddy acme - -"
|
||||
];
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
networking.firewall.allowedUDPPorts = [443];
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
λ(host: Text) → {
|
||||
|
||||
}
|
|
@ -1,64 +0,0 @@
|
|||
λ ( secretsFile
|
||||
: { staticDir : Text, connectionString : Text, signUpKey : Text
|
||||
, nodeName : Text }
|
||||
) →
|
||||
let SqliteConfig =
|
||||
{ Type =
|
||||
{ filename : Text
|
||||
, walEnabled : Optional Bool
|
||||
, fkEnabled : Optional Bool
|
||||
, extraPragmas : Optional (List Text)
|
||||
}
|
||||
, default =
|
||||
{ walEnabled = None Bool
|
||||
, fkEnabled = None Bool
|
||||
, extraPragmas = None (List Text)
|
||||
}
|
||||
}
|
||||
|
||||
let PostgresConfig =
|
||||
{ Type =
|
||||
{ connectionString : Text
|
||||
, poolStripes : Natural
|
||||
, poolIdleTimeout : Natural
|
||||
}
|
||||
, default = { poolStripes = 0, poolIdleTimeout = 300 }
|
||||
}
|
||||
|
||||
let LogLevel =
|
||||
{ Type =
|
||||
< LogLevelDebug
|
||||
| LogLevelInfo
|
||||
| LogLevelWarn
|
||||
| LogLevelError
|
||||
| LogLevelOther : Text
|
||||
>
|
||||
}
|
||||
|
||||
let Config =
|
||||
{ Type =
|
||||
{ listenPort : Natural
|
||||
, database : PostgresConfig.Type
|
||||
, databasePoolSize : Natural
|
||||
, staticDir : Text
|
||||
, logLevel : LogLevel.Type
|
||||
, nodeName : Text
|
||||
, signUpKey : Text
|
||||
, rpId : Text
|
||||
}
|
||||
, default =
|
||||
{ databasePoolSize = 10
|
||||
, staticDir = "./static"
|
||||
, logLevel = LogLevel.Type.LogLevelInfo
|
||||
}
|
||||
}
|
||||
|
||||
in Config::{
|
||||
, listenPort = 62936
|
||||
, database = PostgresConfig::{ connectionString = secretsFile.connectionString }
|
||||
, logLevel = LogLevel.Type.LogLevelInfo
|
||||
, signUpKey = secretsFile.signUpKey
|
||||
, rpId = "lotte-test.chir.rs"
|
||||
, staticDir = secretsFile.staticDir
|
||||
, nodeName = secretsFile.nodeName
|
||||
}
|
|
@ -1,96 +0,0 @@
|
|||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
chir-rs,
|
||||
system,
|
||||
...
|
||||
}: let
|
||||
staticDir = pkgs.stdenvNoCC.mkDerivation {
|
||||
name = "static";
|
||||
buildPhase = "true";
|
||||
src = pkgs.emptyDirectory;
|
||||
installPhase = ''
|
||||
mkdir $out
|
||||
for f in ${chir-rs.packages.${system}.chir-rs-fe}/*; do
|
||||
ln -sv $f $out
|
||||
done
|
||||
ln -sv ${chir-rs.packages.${system}.art-assets} $out/img
|
||||
'';
|
||||
};
|
||||
auxCfg = pkgs.writeText "config.dhall" ''
|
||||
${./chir-rs.dhall} {
|
||||
staticDir = "${staticDir}",
|
||||
connectionString = "postgres://chir_rs:" ++ (${config.sops.secrets."services/chir-rs/database-password".path} as Text) ++ "@nixos-8gb-fsn1-1.int.chir.rs/chir_rs",
|
||||
signUpKey = ${config.sops.secrets."services/chir-rs/signup-secret".path} as Text,
|
||||
nodeName = "${config.networking.hostName}"
|
||||
}
|
||||
'';
|
||||
in {
|
||||
systemd.services.chir-rs = {
|
||||
enable = true;
|
||||
wantedBy = ["multi-user.target"];
|
||||
after = ["network.target"];
|
||||
serviceConfig = {
|
||||
Restart = "always";
|
||||
PrivateTmp = true;
|
||||
WorkingDirectory = "/tmp";
|
||||
User = "chir-rs";
|
||||
CapabilityBoundingSet = [""];
|
||||
DeviceAllow = [""];
|
||||
LockPersonality = true;
|
||||
MemoryDenyWriteExecute = true;
|
||||
NoNewPrivileges = true;
|
||||
PrivateDevices = true;
|
||||
ProtectClock = true;
|
||||
ProtectControlGroups = true;
|
||||
ProtectHome = true;
|
||||
ProtectHostname = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectSystem = "strict";
|
||||
RemoveIPC = true;
|
||||
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
|
||||
RestrictNamespaces = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
SystemCallArchitectures = "native";
|
||||
UMask = "0077";
|
||||
ExecStart = ''
|
||||
${chir-rs.packages.${system}.chir-rs}/bin/chir-rs
|
||||
'';
|
||||
};
|
||||
environment = {
|
||||
CHIR_RS_CONFIG = "${auxCfg}";
|
||||
};
|
||||
};
|
||||
sops.secrets."services/chir-rs/database-password".owner = "chir-rs";
|
||||
sops.secrets."services/chir-rs/signup-secret".owner = "chir-rs";
|
||||
services.postgresql.ensureDatabases = [
|
||||
"chir_rs"
|
||||
];
|
||||
services.postgresql.ensureUsers = [
|
||||
{
|
||||
name = "chir_rs";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
services.caddy.virtualHosts."lotte-test.chir.rs" = {
|
||||
useACMEHost = "chir.rs";
|
||||
logFormat = lib.mkForce "";
|
||||
extraConfig = ''
|
||||
import baseConfig
|
||||
|
||||
reverse_proxy http://127.0.0.1:62936 {
|
||||
trusted_proxies private_ranges
|
||||
}
|
||||
'';
|
||||
};
|
||||
users.users.chir-rs = {
|
||||
description = "Chir.rs domain server";
|
||||
isSystemUser = true;
|
||||
group = "chir-rs";
|
||||
};
|
||||
users.groups.chir-rs = {};
|
||||
}
|
|
@ -1,5 +0,0 @@
|
|||
{pkgs, ...}: {
|
||||
environment.systemPackages = [pkgs.cifs-utils pkgs.lxqt.lxqt-policykit];
|
||||
networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
|
||||
services.gvfs.enable = true;
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
nixpkgs,
|
||||
...
|
||||
}: {
|
||||
services.printing = {
|
||||
enable = true;
|
||||
drivers = with pkgs; [
|
||||
brlaser
|
||||
];
|
||||
browsing = true;
|
||||
listenAddresses = ["*:631"];
|
||||
allowFrom = ["all"];
|
||||
defaultShared = true;
|
||||
extraConf = ''
|
||||
ServerAlias *
|
||||
'';
|
||||
};
|
||||
|
||||
services.avahi = {
|
||||
enable = true;
|
||||
publish.enable = true;
|
||||
publish.userServices = true;
|
||||
};
|
||||
|
||||
#imports = ["${nixpkgs}/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"];
|
||||
hardware.sane.enable = true;
|
||||
}
|
|
@ -1,11 +0,0 @@
|
|||
_: {
|
||||
virtualisation.docker = {
|
||||
autoPrune = {
|
||||
dates = "weekly";
|
||||
enable = true;
|
||||
flags = ["--all"];
|
||||
};
|
||||
enable = true;
|
||||
};
|
||||
users.users.darkkirb.extraGroups = ["docker"];
|
||||
}
|
|
@ -1,153 +0,0 @@
|
|||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: let
|
||||
sieves = import ../../packages/sieves.nix pkgs;
|
||||
in {
|
||||
nixpkgs.overlays = [
|
||||
(curr: prev: {
|
||||
dovecot =
|
||||
(prev.dovecot.override {
|
||||
withPgSQL = true;
|
||||
})
|
||||
.overrideAttrs (super: {
|
||||
doCheck = false;
|
||||
doInstallCheck = false;
|
||||
});
|
||||
})
|
||||
];
|
||||
services.dovecot2 = {
|
||||
enable = true;
|
||||
enableImap = true;
|
||||
enableLmtp = true;
|
||||
enablePop3 = true;
|
||||
enableQuota = true;
|
||||
modules = [pkgs.dovecot_pigeonhole];
|
||||
mailGroup = "dovecot";
|
||||
mailUser = "dovecot";
|
||||
mailLocation = "maildir:/var/vmail/%d/%n";
|
||||
mailPlugins = {
|
||||
globally.enable = [
|
||||
"old_stats"
|
||||
];
|
||||
perProtocol = {
|
||||
imap.enable = [
|
||||
"imap_sieve"
|
||||
];
|
||||
lda.enable = [
|
||||
"sieve"
|
||||
];
|
||||
lmtp.enable = [
|
||||
"sieve"
|
||||
];
|
||||
};
|
||||
};
|
||||
mailboxes = {
|
||||
Drafts = {
|
||||
specialUse = "Drafts";
|
||||
auto = "subscribe";
|
||||
};
|
||||
Junk = {
|
||||
specialUse = "Junk";
|
||||
auto = "subscribe";
|
||||
};
|
||||
Trash = {
|
||||
specialUse = "Trash";
|
||||
auto = "subscribe";
|
||||
};
|
||||
Sent = {
|
||||
specialUse = "Sent";
|
||||
auto = "subscribe";
|
||||
};
|
||||
"Sent Messages" = {
|
||||
specialUse = "Sent";
|
||||
};
|
||||
"virtual/All" = {
|
||||
specialUse = "All";
|
||||
auto = "subscribe";
|
||||
};
|
||||
};
|
||||
sslServerCert = "/var/lib/acme/chir.rs/cert.pem";
|
||||
sslServerKey = "/var/lib/acme/chir.rs/key.pem";
|
||||
extraConfig = ''
|
||||
service old-stats {
|
||||
unix_listener old-stats {
|
||||
user = dovecot-exporter
|
||||
group = dovecot-exporter
|
||||
mode = 0660
|
||||
}
|
||||
fifo_listener old-stats-mail {
|
||||
mode = 0660
|
||||
user = dovecot
|
||||
group = dovecot
|
||||
}
|
||||
fifo_listener old-stats-user {
|
||||
mode = 0660
|
||||
user = dovecot
|
||||
group = dovecot
|
||||
}
|
||||
}
|
||||
plugin {
|
||||
old_stats_refresh = 30 secs
|
||||
old_stats_track_cmds = yes
|
||||
}
|
||||
plugin {
|
||||
sieve_plugins = sieve_imapsieve sieve_extprograms
|
||||
# From elsewhere to Spam folder or flag changed in Spam folder
|
||||
imapsieve_mailbox1_name = Junk
|
||||
imapsieve_mailbox1_causes = COPY FLAG
|
||||
imapsieve_mailbox1_before = file:${sieves.report-spam}/report-spam.sieve
|
||||
|
||||
# From Spam folder to elsewhere
|
||||
imapsieve_mailbox2_name = *
|
||||
imapsieve_mailbox2_from = Junk
|
||||
imapsieve_mailbox2_causes = COPY
|
||||
imapsieve_mailbox2_before = file:${sieves.report-ham}/report-ham.sieve
|
||||
|
||||
sieve_pipe_bin_dir = /nix/store
|
||||
|
||||
sieve_global_extensions = +vnd.dovecot.pipe
|
||||
sieve = ${sieves.default}/default.sieve
|
||||
}
|
||||
disable_plaintext_auth = yes
|
||||
auth_mechanisms = plain login
|
||||
|
||||
passdb {
|
||||
driver = sql
|
||||
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
|
||||
}
|
||||
userdb {
|
||||
driver = prefetch
|
||||
}
|
||||
userdb {
|
||||
driver = sql
|
||||
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
|
||||
}
|
||||
service auth {
|
||||
unix_listener /run/dovecot2/auth {
|
||||
mode = 0660
|
||||
user = postfix
|
||||
group = postfix
|
||||
}
|
||||
}
|
||||
first_valid_uid = 76
|
||||
last_valid_uid = 987
|
||||
'';
|
||||
user = "dovecot";
|
||||
group = "dovecot";
|
||||
};
|
||||
services.prometheus.exporters.dovecot = {
|
||||
enable = true;
|
||||
port = 35496;
|
||||
};
|
||||
sops.secrets."services/dovecot/rspamd_password" = {owner = "dovecot";};
|
||||
sops.secrets."services/dovecot/dovecot-sql.conf.ext" = {owner = "dovecot";};
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
110 # POP3
|
||||
143 # IMAP
|
||||
993 # IMAPS
|
||||
995 # POP3S
|
||||
];
|
||||
security.acme.certs."chir.rs".reloadServices = ["dovecot2.service"];
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show more
Loading…
Reference in a new issue