WIP: rewrite config #618

Draft
darkkirb wants to merge 386 commits from rewrite into main
548 changed files with 5342 additions and 40432 deletions

2
.envrc
View file

@ -1 +1 @@
use flake
use flake

View file

@ -1,11 +0,0 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
version: 2
updates:
- package-ecosystem: "github-actions" # See documentation for possible values
directory: "/" # Location of package manifests
schedule:
interval: "weekly"

View file

@ -1,24 +0,0 @@
name: update-riscv
on:
push:
branches:
- main
jobs:
pr:
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Create update pull request
run: |
curl -X 'POST' \
'https://git.chir.rs/api/v1/repos/darkkirb/nixos-config/pulls' \
-H 'Authorization: Bearer ${{secrets.GITHUB_TOKEN}}' \
-H 'accept: application/json' \
-H 'Content-Type: application/json' \
-d '{
"base": "main-riscv",
"body": "Keeping main-riscv up to date",
"head": "main",
"title": "Update RISC-V config"
}'

5
.gitignore vendored
View file

@ -1,5 +1,2 @@
result
*.qcow2
*.fd
.direnv
/efi/secret
.direnv/

View file

@ -1,75 +1,72 @@
keys:
- &lotte age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
- &nixos-8gb-fsn1-1 age1273ps5thcy70ckdt0270s2nysqgu48t38pq3wq975v3y7mf4eavsw38wsl
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
- &nas age1c7y687sxh428wk34s8ws6kemu62mggafpt40rmanevgkuj5xa59q6f7tlc
- &instance-20221213-1915 age1elra3uklw8rmwkevqms2l4tsd06d5utqda9d2w4qvqpz898uzuesugxkhc
- &vf2 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
- &base age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
- &darkkirb age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
- &not522 age1emv3kzvwgl36hgllrv7rlekqy3y3c6eztadl3lv09ks3z9vv6vdqw06yqa
- &pc-installer age1eh2vd6cdy23qazwg0hzq95pn9e6p8yaqu4g6zyan8gzal4x5ed5qful8kg
- &rainbow-resort age19vzypddhexvvsf8xylstxc9znnkd8rxmamhjlt7elvz4j3zaf5tqqura6f
- &devterm age1sqvl2cwvzeztuelpwppaestqufzeap8uf0vgy7t5mzr9rwc3dpxqhx8ly9
- &thinkrac age1p400545a482fma40yfgytu40p6wr5a75v4f8yeudvgf7eh5erufqxhgynr
creation_rules:
- path_regex: secrets/shared\.yaml$
- path_regex: machine/not522/secrets\.yaml$
key_groups:
- age:
- *nixos-8gb-fsn1-1
- *base
- *not522
- path_regex: services/tailscale\.yaml$
key_groups:
- age:
- *base
- *not522
- *rainbow-resort
- *thinkrac
- *nas
- *instance-20221213-1915
- *vf2
- path_regex: services/restic\.yaml$
key_groups:
- age:
- *base
- *not522
- *rainbow-resort
- *lotte
- *devterm
- path_regex: secrets/nixos-8gb-fsn1-1\.yaml$
key_groups:
- age:
- *nixos-8gb-fsn1-1
- *lotte
- path_regex: secrets/thinkrac\.yaml$
key_groups:
- age:
- *thinkrac
- *lotte
- path_regex: secrets/nixos\.yaml$
key_groups:
- age:
- *lotte
- path_regex: secrets/nas\.yaml$
key_groups:
- age:
- *nas
- *lotte
- path_regex: secrets/desktop\.yaml$
- path_regex: users/root/system\.yaml$
key_groups:
- age:
- *base
- *not522
- *pc-installer
- *rainbow-resort
- *thinkrac
- path_regex: users/darkkirb/system\.yaml$
key_groups:
- age:
- *base
- *not522
- *pc-installer
- *rainbow-resort
- *lotte
- *devterm
- path_regex: secrets/instance-20221213-1915\.yaml$
- *thinkrac
- path_regex: users/darkkirb/home-manager/keys.yaml$
key_groups:
- age:
- *instance-20221213-1915
- *lotte
- path_regex: secrets/vf2\.yaml$
key_groups:
- age:
- *vf2
- *lotte
- path_regex: secrets/rainbow-resort\.yaml$
- *base
- *darkkirb
- path_regex: programs/ssh/shared-keys.yaml$
key_groups:
- age:
- *base
- *darkkirb
- *not522
- *pc-installer
- *rainbow-resort
- *lotte
- path_regex: secrets/devterm\.yaml$
- *thinkrac
- path_regex: programs/desktop/pim/secrets.yaml$
key_groups:
- age:
- *devterm
- *lotte
- path_regex: secrets/kubernetes\.yaml$
- *base
- *darkkirb
- path_regex: config/kde/krdp.yaml$
key_groups:
- age:
- *nixos-8gb-fsn1-1
- *nas
- *instance-20221213-1915
- *rainbow-resort
- *lotte
- *base
- *darkkirb
- path_regex: services/desktop/gpg/privkey.yaml
key_groups:
- age:
- *base
- *darkkirb

18
.vscode/settings.json vendored
View file

@ -1,18 +0,0 @@
{
"python.formatting.provider": "yapf",
"conventionalCommits.scopes": ["thinkrac", "aarch64"],
"files.associations": {
"*.hujson": "jsonc"
},
"json.schemas": [
{
"fileMatch": ["*.hujson"],
"schema": {
"allowTrailingCommas": true
}
}
],
"files.watcherExclude": {
"**/target": true
}
}

3
README.md Normal file
View file

@ -0,0 +1,3 @@
# Lottes New Nix configuration
Very WIP rewrite

View file

@ -1,50 +0,0 @@
_: {
networking.firewall.extraCommands = ''
# Taken from https://gist.github.com/rampageX/5cbe95be43ca3165f4d963629e3bb946
# Block Torrent algo string using Boyer-Moore (bm)
iptables -I FORWARD 1 -m string --algo bm --string "BitTorrent" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "BitTorrent protocol" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "peer_id=" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string ".torrent" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "announce.php?passkey=" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "torrent" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "announce" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "info_hash" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string "/default.ida?" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string ".exe?/c+dir" -j DROP
iptables -I FORWARD 1 -m string --algo bm --string ".exe?/c_tftp" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "BitTorrent" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "BitTorrent protocol" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "peer_id=" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string ".torrent" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "announce.php?passkey=" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "torrent" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "announce" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "info_hash" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string "/default.ida?" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string ".exe?/c+dir" -j DROP
ip6tables -I FORWARD 1 -m string --algo bm --string ".exe?/c_tftp" -j DROP
# Block Torrent keys
iptables -I FORWARD 1 -m string --algo kmp --string "peer_id" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "BitTorrent" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "BitTorrent protocol" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "bittorrent-announce" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "announce.php?passkey=" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "peer_id" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "BitTorrent" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "BitTorrent protocol" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "bittorrent-announce" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce.php?passkey=" -j DROP
# Block Distributed Hash Table (DHT) keywords
iptables -I FORWARD 1 -m string --algo kmp --string "find_node" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "info_hash" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "get_peers" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "announce" -j DROP
iptables -I FORWARD 1 -m string --algo kmp --string "announce_peers" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "find_node" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "info_hash" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "get_peers" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce" -j DROP
ip6tables -I FORWARD 1 -m string --algo kmp --string "announce_peers" -j DROP
'';
}

View file

@ -1,91 +1,18 @@
{ pkgs, nixos-config, ... }:
{
config,
pkgs,
system,
...
}: {
imports = [
./users/darkkirb.nix
./users/root.nix
./nix.nix
./sops.nix
./home.nix
./services/restic.nix
./specialization.nix
./services/promtail.nix
./env.nix
./tailscale.nix
./services/otel.nix
];
services.openssh.enable = true;
environment.systemPackages = with pkgs;
[
git
]
++ (
if system != "riscv64-linux"
then [kitty.terminfo]
else []
);
networking.firewall.allowedTCPPorts = [22];
networking.firewall.allowedUDPPortRanges = [
{
from = 60000;
to = 61000;
}
];
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = ["/share/zsh"];
console.keyMap = "neo";
security.sudo.extraConfig = ''
Defaults env_keep += "TMUX"
'';
programs.zsh.enable = true;
users.mutableUsers = false;
sops.secrets."root/aws/credentials" = {
sopsFile = ../secrets/shared.yaml;
owner = "root";
key = "aws/credentials";
path = "/root/.aws/credentials";
};
sops.secrets."root/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml;
owner = "root";
key = "ssh/builder_id_ed25519";
path = "/root/.ssh/builder_id_ed25519";
};
sops.secrets."darkkirb/ssh/builder_id_ed25519" = {
sopsFile = ../secrets/shared.yaml;
owner = "darkkirb";
key = "ssh/builder_id_ed25519";
path = "/home/darkkirb/.ssh/builder_id_ed25519";
};
programs.ssh.knownHosts = {
"nas.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
"backup.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhao1I1Kd1gK5bERUdjMxP9yHDrSHYZsTN2TcSk0K/U";
};
boot.kernel.sysctl = {
"fs.inotify.max_user_watches" = 524288;
};
services.prometheus.exporters.node = {
port = 31941;
enabledCollectors = [
"buddyinfo"
"cgroups"
"systemd"
"ethtool"
];
enable = true;
};
i18n.defaultLocale = "nl_NL.UTF-8";
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
"${nixos-config}/modules"
"${nixos-config}/services/tailscale.nix"
"${nixos-config}/services/openssh.nix"
"${nixos-config}/services/restic.nix"
"${nixos-config}/users"
"${nixos-config}/programs"
./systemd-boot.nix
./i18n.nix
./overlays
];
boot.initrd.systemd.enable = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
hardware.enableRedistributableFirmware = true;
security.sudo.enable = false;
}

View file

@ -1,25 +0,0 @@
_: let
mkSopsSecret = {
name,
path,
}: {
name = "desktop/${name}";
value = {
sopsFile = ../secrets/desktop.yaml;
owner = "darkkirb";
key = name;
path = "/home/darkkirb/${path}";
};
};
in {
sops.secrets = builtins.listToAttrs (map mkSopsSecret [
{
name = "aws/credentials";
path = ".aws/credentials";
}
{
name = ".config/gh/hosts.yml";
path = ".config/gh/hosts.yml";
}
]);
}

View file

@ -1,209 +0,0 @@
{
system,
config,
pkgs,
lib,
...
} @ args: let
lockscreen-all = pkgs.writeScript "lockscreen-all" ''
#!${pkgs.bash}/bin/bash
if ${pkgs.coreutils}/bin/[ -z "$(${pkgs.usbutils}/bin/lsusb | grep Yubico)" ]; then
${pkgs.systemd}/bin/loginctl list-sessions | ${pkgs.gnugrep}/bin/grep '^\ ' | ${pkgs.gawk}/bin/awk '{print $1}' | ${pkgs.findutils}/bin/xargs -i ${pkgs.systemd}/bin/loginctl lock-session {}
fi
'';
in {
imports =
[
./services/pipewire.nix
./desktop-secrets.nix
./services/cups.nix
./services/docker.nix
./services/cifs.nix
./kde.nix
#./sway.nix
]
/*
++ (
if system == "x86_64-linux"
then [./programs/virtualbox.nix]
else []
)
*/
;
fonts = {
fontDir.enable = true;
fontconfig = {
enable = true;
defaultFonts = {
emoji = ["Noto Color Emoji"];
monospace = ["Fira Code" "Font Awesome 5 Free"];
sansSerif = ["Noto Sans" "Font Awesome 5 Free"];
serif = ["Noto Serif" "Font Awesome 5 Free"];
};
};
packages = with pkgs; [
fira-code
fira-code-symbols
font-awesome
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
(nerdfonts.override {fonts = ["FiraCode" "DroidSansMono" "Noto"];})
nasin-nanpa
fairfax-hd
(pkgs.stdenvNoCC.mkDerivation rec {
pname = "zbalermorna";
version = "920b28d798ae1c06885c674bbf02b08ffed12b2f";
src = pkgs.fetchFromGitHub {
owner = "jackhumbert";
repo = pname;
rev = version;
sha256 = "00sl3f1x4frh166mq85lwl9v1f5r3ckkfg8id5fibafymick5vyp";
};
installPhase = ''
mkdir -p $out/share/fonts
cp -r $src/fonts/*.otf $out/share/fonts
'';
})
];
};
fonts.fontconfig.localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<match target="scan">
<test name="family">
<string>Fairfax HD</string>
</test>
<edit name="spacing">
<int>100</int>
</edit>
</match>
</fontconfig>
'';
time.timeZone = "Europe/Berlin";
services.pcscd.enable = true;
security.pam = {
services.login.u2fAuth = true;
services.swaylock.u2fAuth = true;
u2f = {
enable = true;
control = "required";
};
};
services.udev.extraRules = ''
ACTION=="remove", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0407", RUN+="${lockscreen-all}"
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="e621", ATTRS{idProduct}=="0000", TAG+="uaccess"
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="e621", ATTRS{idProduct}=="0000", TAG+="uaccess"
ACTION=="add", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", TAG+="uaccess"
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0306", TAG+="uaccess"
ACTION=="add", SUBSYSTEM=="hidraw*", ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0330", TAG+="uaccess"
ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="0403", ATTRS={idProduct}=="6010", OWNER="user", MODE="0777", GROUP="dialout"
'';
programs.steam.enable = system == "x86_64-linux";
nixpkgs.overlays = [
(curr: prev: {
steam = prev.steam.override {
extraPkgs = pkgs:
with pkgs; [
mono
fuse
];
};
})
];
services.flatpak.enable = true;
programs.java.enable = true;
hardware.opengl.driSupport32Bit = lib.mkForce (system == "x86_64-linux");
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
desktop = true;
inherit args;
};
# For syncthing
networking.firewall.allowedTCPPorts = [22000];
networking.firewall.allowedUDPPorts = [22000];
networking.firewall.allowedTCPPortRanges = [
{
from = 1714;
to = 1764;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
];
environment.systemPackages = with pkgs; [
pinentry-qt
dotool
wl-clipboard
#plasma5Packages.thirdParty.lightly
];
xdg.portal = {
enable = true;
wlr.enable = true;
# gtk portal needed to make gtk apps happy
extraPortals = [pkgs.xdg-desktop-portal-gtk];
config.common.default = "*";
};
programs.dconf.enable = true;
services.xserver = {
enable = true;
libinput.enable = true;
layout = "de";
xkbVariant = "neo";
displayManager.lightdm.enable = false;
extraLayouts.zlr = {
description = "lojban layout";
languages = ["jbo"];
symbolsFile = ../extra/keyboard/symbols;
};
};
i18n.inputMethod = {
enabled = "ibus";
ibus.engines = with pkgs.ibus-engines; [anthy];
};
security.polkit.enable = true;
services.dbus.enable = true;
services.dbus.packages = with pkgs; [dconf];
# Futureproofing: on non-x86 machines, emulate x86
boot.binfmt.emulatedSystems =
if system != "x86_64-linux"
then [
"x86_64-linux"
"i686-linux"
]
else [];
virtualisation = {
waydroid.enable = true;
lxd.enable = true;
};
programs.gamemode.enable = true;
nixpkgs.config.permittedInsecurePackages = ["electron-26.3.0"];
boot = {
plymouth.enable = true;
consoleLogLevel = 0;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
loader.timeout = 0;
};
}

View file

@ -1,114 +0,0 @@
{
nixos-hardware,
config,
lib,
pkgs,
...
}: {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux-devterm;
boot.kernelParams = ["fbcon=rotate:1"];
networking.hostName = "devterm";
imports = [
./desktop.nix
];
boot.loader = {
grub.enable = lib.mkDefault false;
generic-extlinux-compatible.enable = lib.mkDefault true;
};
boot.initrd = {
includeDefaultModules = false;
availableKernelModules = [
"usbhid"
"usb_storage"
"vc4"
"pcie_brcmstb" # required for the pcie bus to work
"reset-raspberrypi" # required for vl805 firmware to load
"mmc_block"
"usbhid"
"hid_generic"
"panel_cwd686"
"ocp8178_bl"
"ti_adc081c"
];
};
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
system.stateVersion = "24.05";
fileSystems."/" = {
device = "/dev/mmcblk0p2";
fsType = "btrfs";
options = ["compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/mmcblk0p1";
fsType = "vfat";
};
security.pam = {
services.login.u2fAuth = lib.mkForce false;
services.swaylock.u2fAuth = lib.mkForce false;
u2f.enable = lib.mkForce false;
services.sddm.u2fAuth = lib.mkForce false;
};
networking.networkmanager.enable = true;
users.users.darkkirb.extraGroups = ["networkmanager"];
hardware.deviceTree.filter = "*rpi*.dtb";
hardware.deviceTree.overlays = [
{
name = "dwc2";
dtsFile = ./devterm/dwc2-overlay.dts;
}
{
name = "cma";
dtsFile = ./devterm/cma-overlay.dts;
}
{
name = "vc4-kms-v3d-pi4";
dtsFile = ./devterm/vc4-kms-v3d-pi4-overlay.dts;
}
{
name = "devterm-pmu";
dtsFile = ./devterm/devterm-pmu-overlay.dts;
}
{
name = "devterm-panel";
dtsFile = ./devterm/devterm-panel-overlay.dts;
}
{
name = "devterm-misc";
dtsFile = ./devterm/devterm-misc-overlay.dts;
}
{
name = "audremap";
dtsFile = ./devterm/audremap-overlay.dts;
}
{
name = "spi";
dtsFile = ./devterm/spi0-overlay.dts;
}
{
name = "devterm-overlay";
dtsFile = ./devterm/devterm-overlay.dts;
}
];
hardware.enableRedistributableFirmware = true;
services.xserver.xkbVariant = lib.mkForce "us";
console.keyMap = lib.mkForce "us";
home-manager.users.darkkirb.wayland.windowManager.sway.config.input."*" = lib.mkForce {
xkb_layout = "us";
xkb_variant = "altgr-intl";
};
boot.initrd.systemd.tpm2.enable = lib.mkForce false;
systemd.tpm2.enable = lib.mkForce false;
services.displayManager = {
autoLogin = {
enable = true;
user = "darkkirb";
};
sddm = {
autoLogin.relogin = true;
};
};
}

View file

@ -1,23 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&audio_pins>;
__overlay__ {
status = "okay";
};
};
fragment@1 {
target = <&audio_pins>;
__overlay__ {
brcm,pins = < 12 13 >;
brcm,function = < 4 >; /* alt0 alt0 */
};
};
};

View file

@ -1,14 +0,0 @@
// SPDX-License-Identifier: GPL-2.0
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&cma>;
__overlay__ {
size = <(384 * 1024 * 1024)>;
};
};
};

View file

@ -1,80 +0,0 @@
/dts-v1/;
/plugin/;
/{
compatible = "brcm,bcm2711";
fragment@0 {
target = <&i2c1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
pinctrl-names = "default";
pinctrl-0 = <&i2c1_pins>;
status = "okay";
adc101c: adc@54 {
reg = <0x54>;
compatible = "ti,adc101c";
status = "okay";
};
};
};
fragment@1 {
target = <&spi4>;
__overlay__ {
pinctrl-names = "default";
pinctrl-0 = <&spi4_pins &spi4_cs_pins>;
cs-gpios = <&gpio 4 1>;
status = "okay";
spidev4_0: spidev@0 {
compatible = "spidev";
reg = <0>; /* CE0 */
#address-cells = <1>;
#size-cells = <0>;
spi-max-frequency = <125000000>;
status = "okay";
};
};
};
fragment@2 {
target = <&uart1>;
__overlay__ {
pinctrl-names = "default";
pinctrl-0 = <&uart1_pins>;
status = "okay";
};
};
fragment@3 {
target = <&gpio>;
__overlay__ {
i2c1_pins: i2c1 {
brcm,pins = <44 45>;
brcm,function = <6>;
};
spi4_pins: spi4_pins {
brcm,pins = <6 7>;
brcm,function = <7>;
};
spi4_cs_pins: spi0_cs_pins {
brcm,pins = <4>;
brcm,function = <1>;
};
uart1_pins: uart1_pins {
brcm,pins = <14 15>;
brcm,function = <2>;
brcm,pull = <0 2>;
};
};
};
};

View file

@ -1,130 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&dma40>;
__overlay__ {
dma-channel-mask = <0x3000>;
};
};
fragment@1 {
target = <&hdmi0>;
__overlay__ {
status = "okay";
};
};
fragment@2 {
target = <&uart0_pins>;
__overlay__ {
brcm,pull = <0x02 0x00 0x00 0x02>;
brcm,pins = <0x1e 0x1f 0x20 0x21>;
};
};
fragment@3 {
target = <&dvp>;
__overlay__ {
status = "okay";
};
};
fragment@4 {
target = <&pixelvalve4>;
__overlay__ {
status = "okay";
};
};
fragment@5 {
target = <&ddc1>;
__overlay__ {
status = "okay";
};
};
fragment@6 {
target = <&txp>;
__overlay__ {
status = "okay";
};
};
fragment@7 {
target = <&hvs>;
__overlay__ {
status = "okay";
};
};
fragment@8 {
target = <&pixelvalve3>;
__overlay__ {
status = "okay";
};
};
fragment@9 {
target = <&spi4>;
__overlay__ {
pinctrl-0 = <0xf0 0xf1>;
};
};
fragment@10 {
target = <&pixelvalve2>;
__overlay__ {
status = "okay";
};
};
fragment@11 {
target = <&uart1>;
__overlay__ {
pinctrl-0 = <0xf2>;
status = "disabled";
};
};
fragment@12 {
target = <&pixelvalve1>;
__overlay__ {
status = "okay";
};
};
fragment@13 {
target = <&hdmi1>;
__overlay__ {
status = "okay";
};
};
fragment@14 {
target = <&spi4>;
__overlay__ {
status = "okay";
};
};
fragment@15 {
target = <&ddc0>;
__overlay__ {
status = "okay";
};
};
fragment@16 {
target = <&aon_intr>;
__overlay__ {
status = "okay";
};
};
fragment@17 {
target = <&pixelvalve0>;
__overlay__ {
status = "okay";
};
};
fragment@18 {
target = <&audio>;
__overlay__ {
brcm,disable-headphones = <0x00>;
status = "okay";
bcrm,disable-hdmi;
};
};
fragment@19 {
target-path = "/chosen";
__overlay__ {
bootargs = "coherent_pool=1M 8250.nr_uarts=0 snd_bcm2835.enable_compat_alsa=0 snd_bcm2835.enable_hdmi=1 8250.nr_uarts=0 smsc95xx.macaddr=E4:5F:01:E4:FE:2D vc_mem.mem_base=0x3ec00000 vc_mem.mem_size=0x40000000 8250.nr_uarts=1";
};
};
};

View file

@ -1,47 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target=<&dsi1>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
status = "okay";
port {
dsi_out_port: endpoint {
remote-endpoint = <&panel_dsi_port>;
};
};
panel_cwd686: panel@0 {
compatible = "cw,cwd686";
reg = <0>;
reset-gpio = <&gpio 8 1>;
backlight = <&ocp8178_backlight>;
rotation = <0x5a>;
port {
panel_dsi_port: endpoint {
remote-endpoint = <&dsi_out_port>;
};
};
};
};
};
fragment@1 {
target-path = "/";
__overlay__ {
ocp8178_backlight: backlight@0 {
compatible = "ocp8178-backlight";
backlight-control-gpios = <&gpio 9 0>;
default-brightness = <5>;
};
};
};
};

View file

@ -1,104 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&i2c0if>;
__overlay__ {
#address-cells = <1>;
#size-cells = <0>;
pinctrl-0 = <&i2c0_pins>;
pinctrl-names = "default";
status = "okay";
axp22x: pmic@34 {
interrupt-controller;
#interrupt-cells = <1>;
compatible = "x-powers,axp223";
reg = <0x34>; /* i2c address */
interrupt-parent = <&gpio>;
interrupts = <2 8>; /* IRQ_TYPE_EDGE_FALLING */
irq-gpios = <&gpio 2 0>;
regulators {
x-powers,dcdc-freq = <3000>;
reg_aldo1: aldo1 {
regulator-always-on;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-name = "audio-vdd";
};
reg_aldo2: aldo2 {
regulator-always-on;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-name = "display-vcc";
};
reg_dldo2: dldo2 {
regulator-always-on;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-name = "dldo2";
};
reg_dldo3: dldo3 {
regulator-always-on;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-name = "dldo3";
};
reg_dldo4: dldo4 {
regulator-always-on;
regulator-min-microvolt = <3300000>;
regulator-max-microvolt = <3300000>;
regulator-name = "dldo4";
};
};
battery_power_supply: battery-power-supply {
compatible = "x-powers,axp221-battery-power-supply";
monitored-battery = <&battery>;
};
ac_power_supply: ac_power_supply {
compatible = "x-powers,axp221-ac-power-supply";
};
};
};
};
fragment@1 {
target = <&i2c0if>;
__overlay__ {
compatible = "brcm,bcm2708-i2c";
};
};
fragment@2 {
target-path = "/aliases";
__overlay__ {
i2c0 = "/soc/i2c@7e205000";
};
};
fragment@3 {
target-path = "/";
__overlay__ {
battery: battery@0 {
compatible = "simple-battery";
constant-charge-current-max-microamp = <2100000>;
voltage-min-design-microvolt = <3300000>;
};
};
};
};

View file

@ -1,22 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@0 {
target = <&usb>;
#address-cells = <0x01>;
#size-cells = <0x01>;
__overlay__ {
compatible = "brcm,bcm2835-usb";
dr_mode = "host";
g-np-tx-fifo-size = <0x20>;
g-rx-fifo-size = <0x22e>;
g-tx-fifo-size = <0x200 0x200 0x200 0x200 0x200 0x100 0x100>;
status = "okay";
phandle = <0x01>;
};
};
};

View file

@ -1,11 +0,0 @@
/dts-v1/;
/plugin/;
/ {
compatible = "bcrm,bcm2711";
fragment@0 {
target = <&spi>;
__overlay__ {
status = "okay";
};
};
};

View file

@ -1,35 +0,0 @@
// SPDX-License-Identifier: GPL-2.0
/dts-v1/;
/plugin/;
/ {
compatible = "brcm,bcm2711";
fragment@1 {
target = <&fb>;
__overlay__ {
status = "disabled";
};
};
fragment@2 {
target = <&firmwarekms>;
__overlay__ {
status = "disabled";
};
};
fragment@3 {
target = <&v3d>;
__overlay__ {
status = "okay";
};
};
fragment@4 {
target = <&vc4>;
__overlay__ {
status = "okay";
};
};
};

20
config/documentation.nix Normal file
View file

@ -0,0 +1,20 @@
{ ... }:
{
#documentation.nixos.includeAllModules = true;
#documentation.nixos.options.warningsAreErrors = false;
/*
home-manager.users.darkkirb =
{
lib,
config,
systemConfig,
...
}:
{
manual = lib.mkIf (config.home.version.release == systemConfig.system.nixos.release) {
html.enable = true;
json.enable = true;
};
};
*/
}

View file

@ -1,16 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
environment.extraInit = let
systemdBin = lib.getBin config.systemd.package;
in ''
set -a
. /dev/fd/0 <<EOF
$(${systemdBin}/lib/systemd/user-environment-generators/30-systemd-environment-d-generator)
EOF
set +a
'';
}

View file

@ -1,22 +0,0 @@
args: {
pkgs,
nixpkgs,
nix-gaming,
system,
...
}: let
in {
home.packages =
[
pkgs.prismlauncher
pkgs.mgba-dev
]
++ (
if system == "x86_64-linux"
then [
pkgs.xivlauncher
(pkgs.wineWowPackages.stagingFull.override {waylandSupport = true;})
]
else []
);
}

37
config/graphical.nix Normal file
View file

@ -0,0 +1,37 @@
{
nixos-config,
config,
pkgs,
lib,
...
}:
{
time.timeZone = "Etc/GMT-1";
isGraphical = true;
imports = [
./kde
./documentation.nix
./graphical/fonts.nix
"${nixos-config}/services/security-key"
];
home-manager.users.darkkirb.imports =
if config.isSway then
[
./sway
./graphical/gtk-fixes
]
else
[ ./graphical/gtk-fixes ];
xdg.portal = {
wlr.enable = config.isSway;
extraPortals =
with pkgs;
(lib.mkIf config.isSway [
xdg-desktop-portal-gtk
xdg-desktop-portal-kde
xdg-desktop-portal-wlr
]);
config.common.default = lib.mkIf config.isSway "wlr";
};
security.pam.services.swaylock = { };
}

View file

@ -0,0 +1,40 @@
{ pkgs, ... }:
{
fonts = {
fontDir.enable = true;
fontconfig = {
enable = true;
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [
"Fira Code"
"Font Awesome 5 Free"
];
sansSerif = [
"Noto Sans"
"Font Awesome 5 Free"
];
serif = [
"Noto Serif"
"Font Awesome 5 Free"
];
};
};
packages = with pkgs; [
fira-code
fira-code-symbols
font-awesome
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
noto-fonts-extra
(nerdfonts.override {
fonts = [
"FiraCode"
"DroidSansMono"
"Noto"
];
})
];
};
}

View file

@ -0,0 +1,7 @@
{ ... }:
{
gtk.enable = true;
imports = [
./gtk3.nix
];
}

View file

@ -0,0 +1,37 @@
{ ... }:
{
gtk.gtk3 = {
extraConfig = {
gtk-decoration-layout = "menu:close";
};
extraCss = ''
.window-frame, .window-frame:backdrop {
box-shadow: 0 0 0 black;
border-style: none;
margin: 0;
border-radius: 0;
}
.titlebar {
border-radius: 0;
}
.window-frame.csd.popup {
box-shadow: 0 1px 2px rgba(0, 0, 0, 0.2), 0 0 0 1px rgba(0, 0, 0, 0.13);
}
.header-bar {
background-image: none;
background-color: #ededed;
box-shadow: none;
}
GtkLabel.title {
opacity: 0;
}
'';
};
home.sessionVariables = {
GTK_USE_PORTAL = 1;
GDK_DEBUG = "portals"; # sigh…
};
}

View file

@ -0,0 +1,20 @@
# Unlike other modules in this directory, this one is not enabled by default
# The default graphical configuration would enable this, the verbose configuration would not.
{ ... }:
{
boot = {
plymouth.enable = true;
consoleLogLevel = 0;
initrd.verbose = false;
kernelParams = [
"quiet"
"splash"
"boot.shell_on_fail"
"loglevel=3"
"rd.systemd.show_status=false"
"rd.udev.log_level=3"
"udev.log_priority=3"
];
loader.timeout = 0;
};
}

View file

@ -1,4 +0,0 @@
_: {
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
}

File diff suppressed because it is too large Load diff

View file

@ -1,120 +0,0 @@
desktop: {
pkgs,
system,
lib,
config,
...
}: {
imports =
[
(import ../programs/zsh.nix desktop)
../programs/tmux.nix
(import ../programs/vim desktop)
]
++ (
if desktop
then [
../programs/mail.nix
../programs/taskwarrior.nix
]
else []
);
programs = {
zsh = {
enable = true;
oh-my-zsh = {
enable = true;
};
initExtraBeforeCompInit = "source ${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
initExtra =
if system != "riscv64-linux"
then ''
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
test -n "$KITTY_INSTALLATION_DIR" || export KITTY_INSTALLATION_DIR=${pkgs.kitty}/lib/kitty
export KITTY_SHELL_INTEGRATION=enabled
autoload -Uz -- "$KITTY_INSTALLATION_DIR"/shell-integration/zsh/kitty-integration
kitty-integration
unfunction kitty-integration
''
else "";
plugins = [
];
};
autojump.enable = true;
jq.enable = true;
ledger.enable = true;
};
home.file.".p10k.zsh".source = ./.p10k.zsh;
home = {
shellAliases =
{
cat = "bat";
less = "bat";
}
// (
if system != "riscv64-linux"
then {
icat = "${pkgs.kitty}/bin/kitty +kitten icat";
d = "${pkgs.kitty}/bin/kitty +kitten diff";
hg = "${pkgs.kitty}/bin/kitty +kitten hyperlinked_grep";
#ssh = "${pkgs.kitty}/bin/kitty +kitten ssh";
cargo = "${pkgs.cargo-mommy}/bin/cargo-mommy";
}
else {}
);
packages = with pkgs;
[
mosh
ripgrep
gh
htop
sops
progress
hexyl
mc
rclone
libarchive
p7zip
unrar
]
++ (
if desktop
then [
yubikey-manager
yt-dlp
oxipng
jpegoptim
#picard
easytag
alejandra
yubico-piv-tool
]
else []
);
sessionVariables = if desktop then {
QT_PLUGIN_PATH = lib.mkForce "\${QT_PLUGIN_PATH}:${config.i18n.inputMethod.package}/${pkgs.qt6.qtbase.qtPluginPrefix}:${pkgs.kdePackages.kimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}";
} else {};
};
programs.eza = {
enable = true;
enableZshIntegration = true;
};
programs.bat = {
enable = true;
};
programs.fzf = {
enable = true;
tmux.enableShellIntegration = true;
};
home.stateVersion = "22.05";
manual.manpages.enable = false; # broken
_module.args.withNSFW = false;
}

View file

@ -1,34 +0,0 @@
{
desktop,
args,
}: {pkgs, ...}: {
imports =
[
(import ./base.nix desktop)
../programs/ssh.nix
(import ../programs/git.nix desktop)
../programs/direnv.nix
]
++ (
if desktop
then [
#../programs/sway.nix
../programs/firefox.nix
../programs/waybar.nix
../programs/ims.nix
../programs/syncthing.nix
../programs/plover.nix
(import ../games/default.nix args)
../programs/yubikey.nix
../programs/keybase.nix
../programs/keepass.nix
../programs/vscode
../programs/misc.nix
../programs/zk.nix
../programs/fcitx.nix
../programs/gpg.nix
../programs/zoom.nix
]
else []
);
}

View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
imports = [
(import ./base.nix false)
];
}

View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
imports = [
(import ./base.nix false)
../programs/builders.nix
];
}

View file

@ -1,5 +0,0 @@
_: {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.root = import ./home-manager/root.nix;
}

17
config/i18n.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
console.keyMap = "neo";
i18n.extraLocaleSettings = {
LC_ADDRESS = "de_DE.UTF-8";
LC_MONETARY = "de_DE.UTF-8";
LC_NAME = "de_DE.UTF-8";
LC_PAPER = "de_DE.UTF-8";
LC_TELEPHONE = "de_DE.UTF-8";
LC_TIME = "de_DE.UTF-8";
};
i18n.supportedLocales = [
"C.UTF-8/UTF-8"
"en_US.UTF-8/UTF-8"
"de_DE.UTF-8/UTF-8"
];
}

View file

@ -1,6 +0,0 @@
{nixpkgs, ...}: {
imports = [
"${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma6.nix"
];
networking.hostId = "8425e349";
}

View file

@ -1,149 +0,0 @@
{
config,
lib,
modulesPath,
...
} @ args: {
networking.hostName = "instance-20221213-1915";
networking.hostId = "746d4523";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./systemd-boot.nix
./server.nix
./wireguard/public-server.nix
./services/named-submissive.nix
./services/shitalloverme.nix
./users/remote-build.nix
./services/atticd.nix
./services/minecraft.nix
./services/postgres.nix
./services/uptime-kuma.nix
./services/reverse-proxy.nix
./wireguard
./zfs.nix
#./services/kubernetes.nix
./services/gitea.nix
./services/chir-rs.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "tank/local/root";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6557-C4A0";
fsType = "vfat";
};
fileSystems."/nix" = {
device = "tank/local/nix";
fsType = "zfs";
};
fileSystems."/persist" = {
device = "tank/safe/persist";
fsType = "zfs";
neededForBoot = true;
};
fileSystems."/home" = {
device = "tank/safe/home";
fsType = "zfs";
};
networking.useDHCP = lib.mkDefault true;
# https://grahamc.com/blog/erase-your-darlings
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r tank/local/root@blank
'';
services.openssh = {
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
systemd.tmpfiles.rules = [
"L /var/lib/acme - - - - /persist/var/lib/acme"
"L /var/lib/tailscale/tailscaled.state - - - - /persist/var/lib/tailscale/tailscaled.state"
"d /build - - - - -"
"L /var/lib/ipfs - - - - /persist/var/lib/ipfs"
"L /var/lib/uptime-kuma - - - - /persist/var/lib/uptime-kuma"
];
services.postgresql.dataDir = "/persist/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:746d:4523:5c04:1453/64"];
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
desktop = false;
inherit args;
};
nix.settings.cores = 4;
nix.settings.max-jobs = 4;
nix.settings.system-features = [
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-armv8-a"
"gccarch-armv8.1-a"
"gccarch-armv8.2-a"
"ca-derivations"
];
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
boot.binfmt.emulatedSystems = [
"riscv32-linux"
"riscv64-linux"
];
system.stateVersion = "22.11";
sops.secrets."root/.ssh/id_ed25519" = {
owner = "root";
path = "/root/.ssh/id_ed25519";
};
sops.secrets."services/ssh/host-key" = {
owner = "root";
path = "/etc/secrets/initrd/ssh_host_ed25519_key";
};
sops.age.sshKeyPaths = lib.mkForce ["/persist/ssh/ssh_host_ed25519_key"];
services.bind.forwarders = lib.mkForce [];
boot.loader.systemd-boot.configurationLimit = lib.mkForce 1;
services.tailscale.useRoutingFeatures = "server";
services.postgresql.settings = {
max_connections = 200;
shared_buffers = "6GB";
effective_cache_size = "18GB";
maintenance_work_mem = "1536MB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "15728kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 4;
max_parallel_workers_per_gather = 2;
max_parallel_workers = 4;
max_parallel_maintenance_workers = 2;
};
services.restic.backups.sysbackup.paths = ["/persist"];
}

View file

@ -1,14 +0,0 @@
{
security.pam.services.sddm.u2fAuth = true;
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
wayland.compositor = "kwin";
};
services.xserver = {
desktopManager.plasma6.enable = true;
#desktopManager.plasma5.enable = true;
displayManager.defaultSession = "plasma";
#displayManager.defaultSession = "plasmawayland";
};
}

22
config/kde/default.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, ... }:
{
services.xserver.enable = !config.isSway;
services.displayManager.sddm = {
enable = !config.isSway;
wayland.enable = true;
wayland.compositor = "kwin";
};
services.desktopManager.plasma6.enable = !config.isSway;
imports = [
./i18n.nix
];
home-manager.users.darkkirb.imports =
if !config.isSway then
[
./home-manager.nix
]
else
[ ];
}

View file

@ -0,0 +1,16 @@
{ plasma-manager, ... }:
{
programs.plasma.enable = true;
programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false;
programs.plasma.configFile.kwalletrc."org.freedesktop.secrets".apiEnabled = false;
imports = [
plasma-manager.homeManagerModules.plasma-manager
./theming.nix
./krdp.nix
./konsole.nix
];
programs.plasma.kwin.virtualDesktops = {
rows = 3;
number = 9;
};
}

8
config/kde/i18n.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
services.libinput.enable = true;
services.xserver.xkb = {
layout = "de";
variant = "neo";
};
}

8
config/kde/konsole.nix Normal file
View file

@ -0,0 +1,8 @@
{ ... }:
{
programs.konsole = {
enable = true;
defaultProfile = "Stylix";
profiles.Stylix.colorScheme = "Stylix";
};
}

11
config/kde/krdp.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
programs.plasma.configFile.krdpserverrc.General = {
Autostart = true;
Certificate = config.sops.secrets.".local/share/krdpserver/krdp.crt".path;
CertificateKey = config.sops.secrets.".local/share/krdpserver/krdp.key".path;
Users = "darkkirb";
};
sops.secrets.".local/share/krdpserver/krdp.key".sopsFile = ./krdp.yaml;
sops.secrets.".local/share/krdpserver/krdp.crt".sopsFile = ./krdp.yaml;
}

34
config/kde/krdp.yaml Normal file
View file

@ -0,0 +1,34 @@
.local:
share:
krdpserver:
krdp.key: ENC[AES256_GCM,data:U5QhG2Ac5Dym8E0BToa+MNWUm6AHrqoxAu7RZjIWH5NjeK+Mt6fwuim1vTt55GZL7dkXehUc58NIUc7RgAIdY49+1akdOCzKWCtkGXW2jBS5p6bQt//9UlYS+P7olS9Mc6UWZ+2cSJw6Kz0rcLppuX3gjDcn6s3mOq7/RwYFdoFgjO24CLAVe6UUhRRIhgRCUe/fYzXR1KfuNPGe5SVtgfASKOdI06V9yeYo5gWqVaYa53rm6TALNgxzUCqynKxylO8o9qShlJJ4jexzy611rBAyOt4200BQV+cbmEUC+3RSLZpMDwYXo++mg0BMWvtk0uKGD6fhHV9zOajUeWLoSpKDj9z6EQv9mxrRMjJVRd9xXYzn8NQymIJi4jFN+C5RIV540rCs9nOx/eyVG0rpv4eBsZ5Q6jAWNp2vLHIMqw1+4K/AMSaF2o+b/c6p/DHLFcuOlRsTMdAO8FqHJ5d9g7fRe48ePpFagMXa7JwEAeVOOdbEGZpWl9D3DLKskCQos/rfGEKsFjOCA2MJ229RwZ0FVA3zbOSYXFxnqB7AiSGlasSY2CZ27U9X4KnSzgYXC9KAUR5I5S1cbr87as7zmh5lhWA9wsQuMnRRvn3iunPMEv6mYQZ7Rh0Z1Q4MrsEQ+F4Y6+4LjqGXOY3TdwpInu0vawZEI1S+bnLtzLQuCXLPc5t07zuqU7I/zJ0uRwMnPC7lRLOX55NHZHtEiafbRVw7vNltsH2QyWOafEPPLhp/ZvhH33C2kgZ56b6yJbhBVRDBYdb1ViLYv5JLhcn59G+y7wiCHThd0wllMs6g9rCCcAgSqdQzFhLoLxje2roDKHd0xeaTivgHxjaVEKLmfXCVqwzjoeAKALcv8baBxBBQn9//EKRnfw7D478DfWUIIp6ox7Pmc2kYvl3GQZ/Zj5NvN45hK4wGtV7k7JGYxig4YmePt8dGkMkcM14elOlW8fy5N+jmPA/NOOUHOU53p6Dg0dsiNaqtITSYYWfIHDGhVfS3zP6+p/MXPL2/cYBXXB4sceocvdzbEPwjbh3pcKanX9hwk7EFOZ0GH6843EPmg+7+N6kv9DAta1o+ZeEcLID/ItOw4K84xInRYYaXReZGJtVuiee/YV5YtALu51j7trrI/dyfLhveuVGgTb1VKw6dvULcg24Dtt1OZCW7U/xT8gJ5HtPS6jFyB+a7iK27qukRuuNt6j8NNzmpZtId9Iu+yb7HNEL0tvYhh3fzFcZFB8ncDuYk16b4EqhVfqjPUrkcUGrBSocmY4xC6p4qig4ZOrA1BsYJXrO3ytlBrnCA0DNx/UVoe5lrAp5z4kDuAKLW01BSJk48cpuBcKDAIBaLNbirHLw8WsX61lnhTh5o4hmzASJ9KiBIe9u5+zbyZFfXrm3xkCMY/vez9vrS+BVwFD3GNndbPEchyUbAGjkaP0m9kjqAPfijFHtGtGl3z9I5/VIsfLF1FDBUV9joWoZ4qNRNQjHP/vMZK194KlUPTTEwkKf4W655XsFTMfpu+Au14Em1jnKKw4jJ7Omz9DuOi8Aut/mX6iVWUgQChcI8cjY9UAzcxJbgUCCPOxdGS2l4ExhxPMdzL43IurkILWV8cQYwMMXImRlV2RYtwOhQayeeaRVInLmGi8Ro5YXwFLfjBM1gEV7KmCq9T+SN9gJfPELabB6iSypAImfiO3dWBKn5ftL6qVolaM+PocBQpQ3B50rBkMdVseKTi39Gz4Rhl04w+GSSsggB60JcTG1VftePML3m//bpn/QvtZP2w3rrKuuWKSHzFTXazMZAgJBE+LZ55r7Az43N2E4LMW8tyI36wVWCrxXffNYK4TCh4uzBXxFHjsE3DNa/DZacRMIauTwRJOqp5lkdBG3ukgIt9GsJQZ7UHlr44nD0hGg4Oon3deCVBDexUoiD1ooZ4LRKEvXTeznB7UMA9G2OIAMThdCVyQBzYRPo2yO4fFH6nIZ0atbq1FGX2X5Ub9hcshXxcb6+N1btFIcKwELMmMWrLLbXaDXmh3ycIlS8HqrYe37DzkTEXQ30ChOgjJrRFubvbXvB2aQE9BY5ap2rPf0FOzGAsKFYq0BF8d4UCySPZLrSXGURDT+ZUMUiY/DBmWl28oPihP8J6tsqSaI78hRF6FOAJnIsw7r9EcK7hGHbbL8qBCHmSRyoFyOhhwVKqNq8yi14dwlhAjKTRMCejKL6GqLwIgM4Ow/woMNmZep+OZfefUEx6F+sTW1JETmixL1OW1u+UXdnax+rqdg+PKGjFoFpg4UD,iv:YWvImaFa5GXiraaF7UVt3fAsuYIK+RpHkSQ2mPAsHz4=,tag:JvHARPOlmrKgG5Z85QokDg==,type:str]
krdp.crt: ENC[AES256_GCM,data:/cIW8pLa1Xp3feHoGQ8ujAqcx8IQnV/+9pSxmuuYNgs0Pn9BjHhNvkXPh1z8h0LiTHQ/jks23C0TS8tyNNXYZI/w1ihGhkqlFWGkr1yC1yM0SXnDfAp/gBAAdKzIJN2rGWpK/FD+s8GH1ys1g0+V2sPrzOis0h7jwL0EWG1un6hGn9q9YLoYbJbxLlv2W2+AGM4QqUv6/p07QhUyUSwaXWDrPZ2Sr1PZfRX30Zj4McM3TS9keyobOWS99kphBjX/c4TD+zMfMeSZRptcUiLQH03R9OPRSmr+xe72xNjMBKdkElc1wANc1H3g/upgTFZDwEpadd+YCvUFPVr1vxaIFfIz2jsWar4g802nY/jJfH+iWziNzkBI3jWpfSsIupWRHMB690mqp7UvUpSTwx4gcUB7L52MAUXEYMfYxws+kVHr3P2YsjkJ3PDESE/42/UuxA5Ccy0LxynCQWqa9/dnc84jQeYfKL5nuFozHqeRbfvPkvkc1U2I+18oEnCmTV3AR1XrV9iH0DLrVJ81eKd1UuZz468x+7B6NtWCOU4D4mABQWTAW6XbxA69qIZNv7/g4tBxc85iuZ6dxNV2TY6QA3+foYaD1Y5LD5Cslgs6r6RTIHrQ2Pmj4fQvA2pSk46rXUFCsyTq2heEiXFvlqY8YTLM3MsEV+KUQg4Cd1koUM5JlOAF+fHaNkOAQjc01QdZM79yJSrJByb6tvsLfjioYYl/EsJkUmc4cBeWkS1C0ap/mcaUSZy7QCC4FGUI62cFa1ClbqK9IIVXy3BL1oeD6OYxul7TX+2GB/tSgxGXZkQFdIRoQGo0Rkl7Jjlp+b8vfx+E9byA4gfoIi9T00EDlffNT446l2/3EbTNiW7HGYPD0hFyBDz7T5sOLS4Pv/hEDt5Yn9Fgyh+k434PuVcLxCtqJ+XMVU5U2hKukkk9MvezlbeH+w6dVRp3IkSWVE5SaIHZZmdOQGKINXOd7ez274qgMcFfWXpfw8MsbZU6VfK8orpmhCj5agSfiuZSLQRhonsaBbh/xzfXcThy51E4eqIZTMl2DrzKnN1+R061C0n2yhNG4ftZqsyqfEtMSkq5sUGhjl8H+aWFl+go2wsZhRcpFQa6dcZFmJvHblWnWPvfAesYoaVr7ZtGKLgA2Pt1Q9RE/5PdSfKZbziFIEGNpx4v5yt4hRwC0n+lCL6fm0vJ124gdufizxWoY7BKsi56cwYaeRrYARJ8OUl901DQNIbHNvfjrnUUqIQsn4CYT3bp78AxSRZLTWbS9yrm4K6pVUiJBI8KdvHhLaEYfGhP0+apaw/OT1x2McmH/gIBuxjanDs7OWWJ/D8OUdM9Dv6WNV6kitS8NMLmQaOhEMxt/plOGrGzzk5VgiDxmc/J8O5AFDc0XQLYy0rTR9h7Gj6oDnlIZahtL0qxSvO7QdG0fxho+zqT+N7JW92iZs6OhdkUIeUelBDtMXsstbhmx1/DBQrKhUJjhOVjoJE724Xhuu0mIOTznvaiwK7wbSLz5kOykvUIXoeaV74CQAn16Kv/JhHz4v6+7ZWXSp5BGe7RXXPpGtyb+W23dMOPxaRkQnHTh2nTET1Sr1FnyL0Ei5Je9uZ6NjubxlTRRgYPhRsOkr5/TmCnN0RtMaZxpvhB3s+d8HfvXE13zn0AVYTO,iv:AjoxETlmSVqKF2lEc73mKrtSV5HbKOQPLIUWUAdiwuo=,tag:m95ON0puJ+bXGF+vrWYd8g==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1tltjgexkp5fz3rum4j0k66ty5q4u8ptvkgkepumd20zal24g2qfs5xgw76
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3WUQyb0dmRElyemJ2RDlE
ZzR1WE1VR2hNNUs3YlFObWdESmNYTDI1b0NzCk5SNXBCaUlRcFh4QXk1WmVseHdF
YUV4M0tUWlVLSUxKdGMzVXRkdERGWWcKLS0tIGxBYlJXUjIvSXZxRG9mMk14YTlu
RVp3VWxEQUtZdktoemVmN2FMYWZIUmMKV7/6sHEvevafH/yf3sEqpsgFwJefCoE+
dl9mzJ/RDjcIQMllJskdcqYRSMPwBLG2+doxIpJ1rZkGqa2t0unarw==
-----END AGE ENCRYPTED FILE-----
- recipient: age15g6tzvcmcp3ae4hwnn4pwewat6eq9unlhtjrlaka6rf94ej9dd5qqpgt7u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUFo1SEhKbm5PUjFNVjBl
RlNpakxRTkVSY1RSSzhBeTBUSjE5RzhVQmpBCmx0aGcyY0lORmFCWFlIWGlPZ2ZT
RmQycEZTWWFVZXRVZk9JcU1JZ1ViTlEKLS0tIGxOR09MSmVKVm44Q0NtbFFqUklN
aE52LzRtc25GUG9ibGsxcXJWaTZlQWMKafTEZA7jS2D/lIR05ham1axBmKh+v+6F
EZnTVwFpyFzw/Kpbc6PHQ6D+/7gq75tZOrbllH7bUNeWphUyC+N8Vw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-17T10:00:38Z"
mac: ENC[AES256_GCM,data:4HH7jjZBZY621EA4beI/hIuuXvqztJT1x3dTGSNshZzntIKealr74blBdwy+Fb/mPeJH/WuA4XVXcjupZhKN76nM5/BbW1w4fOmP3Hjpo0LHsc6I7J/BgoMv3SItXQdRGgQGE9XivbS5zieb/+NFl0eTvT6jIlUQUznTOOmGDyU=,iv:RTKUVAAieUPKXCeT0/5PxMPNOPxPAkP9ZqPHzamVRa0=,tag:wwMpIIlus/R1RQdOa7MLmg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

42
config/kde/theming.nix Normal file
View file

@ -0,0 +1,42 @@
{ ... }:
{
programs.plasma = {
workspace = {
lookAndFeel = "org.kde.breezedark.desktop";
};
hotkeys.commands."launch-konsole" = {
name = "Launch Konsole";
key = "Meta+Alt+K";
command = "konsole";
};
panels = [
# Windows-like panel at the bottom
{
location = "bottom";
screen = "all";
widgets = [
"org.kde.plasma.kickoff"
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
"org.kde.plasma.pager"
"org.kde.plasma.digitalclock"
];
}
# Global menu at the top
{
location = "top";
height = 26;
widgets = [ "org.kde.plasma.appmenu" ];
screen = "all";
}
];
configFile.kwinrc."NightColor" = {
Active = true;
LatitudeFixed = 51;
LongitudeFixed = 13;
Mode = "Location";
NightTemperature = 4200;
};
};
}

View file

@ -1,211 +0,0 @@
{
config,
modulesPath,
lib,
nixos-hardware,
nixpkgs,
pkgs,
...
} @ args: {
networking.hostName = "nas";
networking.hostId = "70af00ed";
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./systemd-boot.nix
./services/tpm2.nix
./server.nix
./services/hydra.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./services/syncthing.nix
../modules/tc-cake.nix
./services/cups.nix
./services/iscsi.nix
./services/docker.nix
./users/remote-build.nix
./services/nfs.nix
./services/tempo.nix
./services/loki.nix
./services/prometheus.nix
./services/yiff-stash.nix
./services/reverse-proxy.nix
./services/jellyfin.nix
./services/mautrix-discord.nix
./services/mautrix-telegram.nix
./services/mautrix-whatsapp.nix
./services/mautrix-signal.nix
./services/synapse.nix
./services/heisenbridge.nix
#./services/kubernetes.nix
./services/forgejo-runner.nix
./services/renovate.nix
./services/mautrix-slack.nix
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" "bcache"];
boot.initrd.kernelModules = ["igb"];
boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = [
config.boot.kernelPackages.zenpower
];
fileSystems."/" = {
device = "/dev/bcache0";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd"];
};
fileSystems."/home" = {
device = "/dev/bcache0";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd"];
};
fileSystems."/nix" = {
device = "/dev/bcache0";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
services.snapper.configs.main = {
SUBVOLUME = "/";
TIMELINE_LIMIT_HOURLY = 5;
TIMELINE_LIMIT_DAILY = 7;
TIMELINE_LIMIT_WEEKLY = 4;
TIMELINE_LIMIT_MONTHLY = 12;
TIMELINE_LIMIT_YEARLY = 0;
};
services.beesd.filesystems.root = {
spec = "/";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
fileSystems."/boot" = {
device = "/dev/nvme0n1p1";
fsType = "vfat";
};
environment.etc."sysconfig/lm_sensors".text = ''
# Generated by sensors-detect on Sun Apr 24 08:31:51 2022
# This file is sourced by /etc/init.d/lm_sensors and defines the modules to
# be loaded/unloaded.
#
# The format of this file is a shell script that simply defines variables:
# HWMON_MODULES for hardware monitoring driver modules, and optionally
# BUS_MODULES for any required bus driver module (for example for I2C or SPI).
HWMON_MODULES="it87"
'';
nix.settings.cores = 12;
nix.settings.system-features = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
hardware.enableRedistributableFirmware = true;
nix.settings.substituters = lib.mkForce [
"https://attic.chir.rs/chir-rs/"
"https://cache.nixos.org/"
];
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
system.stateVersion = "22.05";
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
desktop = false;
inherit args;
};
networking.tc_cake = {
enp2s0f0u4 = {
disableOffload = true;
shapeEgress = {
bandwidth = "4mbit";
extraArgs = "docsis nat ack-filter";
};
shapeIngress = {
bandwidth = "33mbit";
ifb = "ifb4enp2s0f0u4";
};
};
};
services.postgresql.settings = {
max_connections = 200;
shared_buffers = "4GB";
effective_cache_size = "12GB";
maintenance_work_mem = "1GB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "5242kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 12;
max_parallel_workers_per_gather = 4;
max_parallel_workers = 12;
max_parallel_maintenance_workers = 4;
};
services.tailscale.useRoutingFeatures = "both";
hardware.sane.brscan4.enable = true;
swapDevices = [
{
device = "/dev/sda2";
}
{
device = "/dev/sdb2";
}
{
device = "/dev/sdc2";
}
];
hardware.opengl = {
enable = true;
driSupport32Bit = true;
};
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
services.restic.backups.sysbackup = {
paths = ["/media"];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 4"
"--keep-monthly 12"
"--keep-yearly 10"
];
};
virtualisation.docker = {
enable = true;
#enableNvidia = true;
};
environment.systemPackages = with pkgs; [docker runc];
}

View file

@ -0,0 +1,9 @@
{ ... }:
{
networking.networkmanager.enable = true;
users.users.darkkirb.extraGroups = [ "networkmanager" ];
environment.persistence."/persistent".directories = [
"/var/lib/NetworkManager"
"/etc/NetworkManager"
];
}

View file

@ -1,208 +0,0 @@
{
pkgs,
lib,
config,
system,
attic,
...
}: {
imports = [
./workarounds
];
nixpkgs.config.allowUnfree = true;
nix = {
settings = {
sandbox = true;
trusted-users = ["@wheel" "remote-build"];
require-sigs = true;
substituters = [
"https://attic.chir.rs/chir-rs/"
"https://hydra.int.chir.rs"
];
trusted-public-keys = [
"nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
"chir-rs:rzK1Czm3RqBbZLnXYrLM6JyOhfr6Z/8lhACIPO/LNFQ="
];
auto-optimise-store = true;
};
extraOptions = ''
experimental-features = nix-command flakes ca-derivations
'';
gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 7d";
};
buildMachines = with lib;
mkMerge [
(mkIf (config.networking.hostName != "instance-20221213-1915") [
{
hostName = "build-aarch64";
systems = [
"aarch64-linux"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 4;
speedFactor = 1;
supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"];
}
])
(mkIf (config.networking.hostName != "nas") [
{
hostName = "build-nas";
systems = [
"i686-linux"
"x86_64-linux"
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 12;
speedFactor = 1;
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
}
])
(mkIf (config.networking.hostName != "rainbow-resort") [
{
hostName = "build-rainbow-resort";
systems = [
"i686-linux"
"x86_64-linux"
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 16;
speedFactor = 1;
supportedFeatures = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-skylake-avx512"
"gccarch-znver3"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"ca-derivations"
];
}
])
(mkIf (config.networking.hostName != "vf2") [
{
hostName = "build-riscv";
systems = [
"riscv32-linux"
"riscv64-linux"
];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"big-parallel"
"benchmark"
"ca-derivations"
# There are many more combinations but i simply do not care lol
"gccarch-rv64gc_zba_zbb"
"gccarch-rv64gc_zba"
"gccarch-rv64gc_zbb"
"gccarch-rv64gc"
"gccarch-rv32gc_zba_zbb"
"gccarch-rv32gc_zba"
"gccarch-rv32gc_zbb"
"gccarch-rv32gc"
"native-riscv"
];
}
])
];
distributedBuilds = true;
};
systemd.services.nix-daemon.environment.TMPDIR = "/build";
systemd.services.nixos-upgrade = {
description = "NixOS Upgrade";
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
path = with pkgs; [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
jq
curl
];
script = lib.mkDefault ''
#!${pkgs.bash}/bin/bash
set -ex
builds=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/jobset/flakes/${
if config.networking.hostName != "vf2"
then "nixos-config"
else "nixos-config-riscv"
}/evals | ${pkgs.jq}/bin/jq -r '.evals[0].builds[]')
for build in $builds; do
doc=$(${pkgs.curl}/bin/curl -H 'accept: application/json' https://hydra.int.chir.rs/build/$build)
jobname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.job')
if [ "$jobname" = "${config.networking.hostName}.${system}" ]; then
drvname=$(echo $doc | ${pkgs.jq}/bin/jq -r '.drvpath')
output=$(${pkgs.nix}/bin/nix-store -r $drvname)
${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set $output
${
if config.networking.hostName != "nixos-8gb-fsn1-1"
then ''
$output/bin/switch-to-configuration boot
booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})"
built="$(${pkgs.coreutils}/bin/readlink $output/{initrd,kernel,kernel-modules})"
if [ "$booted" = "$built" ]; then
$output/bin/switch-to-configuration switch
else
${pkgs.systemd}/bin/shutdown -r +1
fi
exit
''
else "$output/bin/switch-to-configuration switch"
}
fi
done
'';
after = ["network-online.target"];
wants = ["network-online.target"];
};
systemd.timers.nixos-upgrade = {
enable = true;
description = "Automatically update nixos";
requires = ["nixos-upgrade.service"];
wantedBy = ["multi-user.target"];
timerConfig = {
OnUnitActiveSec = "30min";
RandomizedDelaySec = "1h";
};
};
}

View file

@ -1,215 +0,0 @@
{
lib,
modulesPath,
pkgs,
config,
system,
...
} @ args: {
networking.hostName = "nixos-8gb-fsn1-1";
networking.hostId = "73561e1f";
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
./grub.nix
./server.nix
./services/named.nix
./services/grafana.nix
./users/miifox.nix
./services/postgres.nix
./services/dovecot.nix
./services/postfix.nix
./services/reverse-proxy.nix
./services/matrix-media-repo.nix
./bittorrent-blocker.nix
./services/akkoma
./services/peertube
./services/rspamd.nix
./wireguard/public-server.nix
./services/shitalloverme.nix
./services/initrd-ssh.nix
./wireguard
./zfs.nix
#./services/kubernetes.nix
];
boot.initrd.availableKernelModules = ["ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
boot.supportedFilesystems = ["zfs"];
boot.loader.grub.devices = ["/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_16151622"];
boot.loader.timeout = 5;
boot.initrd.luks.devices = {
disk0 = {
device = "/dev/disk/by-partuuid/29ccd4c9-5ef5-a146-8e42-9244f712baca";
};
};
fileSystems."/" = {
device = "tank/nixos";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/nix" = {
device = "tank/nixos/nix";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/etc" = {
device = "tank/nixos/etc";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var" = {
device = "tank/nixos/var";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib" = {
device = "tank/nixos/var/lib";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib/minio" = {
device = "tank/nixos/var/lib/minio";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib/minio/disk0" = {
device = "tank/nixos/var/lib/minio/disk0";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib/minio/disk1" = {
device = "tank/nixos/var/lib/minio/disk1";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib/minio/disk2" = {
device = "tank/nixos/var/lib/minio/disk2";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/lib/minio/disk3" = {
device = "tank/nixos/var/lib/minio/disk3";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/log" = {
device = "tank/nixos/var/log";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/var/spool" = {
device = "tank/nixos/var/spool";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/home" = {
device = "tank/userdata/home";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/root" = {
device = "tank/userdata/home/root";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/home/darkkirb" = {
device = "tank/userdata/home/darkkirb";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/home/miifox" = {
device = "tank/userdata/home/miifox";
fsType = "zfs";
options = ["zfsutil"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/8E14-4366";
fsType = "vfat";
options = ["X-mount.mkdir"];
};
swapDevices = [];
system.stateVersion = "21.11";
systemd.network = {
enable = true;
networks."ens3".extraConfig = ''
[Match]
Name = ens3
[Network]
Address = 2a01:4f8:1c17:d953:b4e1:08ff:e658:6f49/64
Gateway = fe80::1
'';
};
networking.wireguard.interfaces."wg0".ips = ["fd0d:a262:1fa6:e621:b4e1:08ff:e658:6f49/64"];
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix {
desktop = false;
inherit args;
};
nix.settings.cores = 2;
nix.settings.max-jobs = 2;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
nix.settings.system-features = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-skylake"
"ca-derivations"
];
nix.settings.auto-optimise-store = true;
services.postgresql.settings = {
max_connections = 200;
shared_buffers = "1GB";
effective_cache_size = "3GB";
maintenance_work_mem = "256MB";
checkpoint_completion_target = 0.9;
wal_buffers = "16MB";
default_statistics_target = 100;
random_page_cost = 1.1;
effective_io_concurrency = 200;
work_mem = "52422kB";
min_wal_size = "1GB";
max_wal_size = "4GB";
max_worker_processes = 2;
max_parallel_workers_per_gather = 1;
max_parallel_workers = 2;
max_parallel_maintenance_workers = 1;
};
services.resolved.enable = false;
services.bind.forwarders = lib.mkForce [];
services.tailscale.useRoutingFeatures = "server";
services.caddy.virtualHosts."darkkirb.de" = {
useACMEHost = "darkkirb.de";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
redir https://lotte.chir.rs
'';
};
}

View file

@ -0,0 +1,40 @@
{
inTester,
system,
self,
rust-overlay,
nix-vscode-extensions,
...
}:
{
imports =
if !inTester then
(
[
./inputs-overlay.nix
]
++ (
if system == "riscv64-linux" then
[
./riscv.nix
./riscv-cross-packages.nix
]
else
[ ]
)
)
else
[ ];
}
// (
if !inTester then
{
nixpkgs.overlays = [
self.overlays.default
(import rust-overlay)
nix-vscode-extensions.overlays.default
];
}
else
{ }
)

View file

@ -0,0 +1,22 @@
{ pureInputs, lib, ... }:
{
nixpkgs.overlays = [
(_: _: {
inputs = pureInputs;
})
];
environment.etc."nix/inputs/nixpkgs-overlays/inputs.nix".text =
let
inputsToLoadString = lib.mapAttrsToList (
name: value:
''${name} = ${if value._type or "" == "flake" then "loadFlake \"${value}\"" else "${value}"};''
) pureInputs;
in
''
_: _: let loadFlake = builtins.getFlake or (import ${pureInputs.flake-compat}); in {
inputs = {
${lib.concatStringsSep "\n" inputsToLoadString}
};
}
'';
}

View file

@ -0,0 +1,40 @@
# Cross compiled packages for when shit breaks
{
nixpkgs,
lix,
...
}:
let
pkgs_x86_64 = import nixpkgs {
system = "x86_64-linux";
crossSystem.system = "riscv64-linux";
overlays = [ lix.overlays.default ];
};
pkgs_x86_64_2 = import nixpkgs {
system = "x86_64-linux";
crossSystem.system = "riscv64-linux";
};
in
{
nixpkgs.overlays = [
(self: super: {
inherit (pkgs_x86_64) lix pandoc;
inherit (pkgs_x86_64_2) nixos-option;
})
];
environment.etc."nix/inputs/nixpkgs-overlays/riscv-cross-packages.nix".text = ''
self: _: let pkgs_x86_64 = import <nixpkgs> {
system = "x86_64-linux";
crossSystem.system = "riscv64-linux";
overlays = [self.inputs.lix.overlays.default];
}
pkgs_x86_64_2 = import <nixpkgs> {
system = "x86_64-linux";
crossSystem.system = "riscv64-linux";
overlays = [];
}; in {
inherit (pkgs_x86_64) lix pandoc;
inherit (pkgs_x86_64_2) nixos-option;
}
'';
}

View file

@ -0,0 +1,7 @@
{ riscv-overlay, ... }:
{
nixpkgs.overlays = [
riscv-overlay.overlays.default
];
environment.etc."nix/inputs/nixpkgs-overlays/riscv-overlay.nix".text = "import ${riscv-overlay}/overlay.nix";
}

View file

@ -1,4 +0,0 @@
{...}: {
accounts.calendar.accounts.lotte = {
};
}

View file

@ -1,6 +0,0 @@
_: {
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
}

View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [fcitx5-chinese-addons fcitx5-table-extra fcitx5-table-other fcitx5-gtk fcitx5-mozc];
};
}

View file

@ -1,36 +0,0 @@
{
pkgs,
firefox,
...
}: {
programs.firefox = {
enable = true;
profiles = {
unhardened = {
id = 1;
};
default = {
userChrome = ''
/* Hide tab bar in FF Quantum */
@-moz-document url("chrome://browser/content/browser.xul") {
#TabsToolbar {
visibility: collapse !important;
margin-bottom: 21px !important;
}
#sidebar-box[sidebarcommand="treestyletab_piro_sakura_ne_jp-sidebar-action"] #sidebar-header {
visibility: collapse !important;
}
}
'';
settings = {
"font.default.x-western" = "sans-serif";
"font.name-list.monospace.x-western" = "monospace, nasin-nanpa";
"font.name-list.sans-serif.x-western" = "sans-serif, nasin-nanpa";
"font.name-list.serif.x-western" = "sans-serif, nasin-nanpa";
};
id = 0;
};
};
};
}

View file

@ -1,50 +0,0 @@
{pkgs, ...}: {
programs.gpg = {
enable = true;
publicKeys = [
{
source = ../../keys/lotte_chir.rs.pgp;
trust = 5;
}
{
source = ../../keys/miifox_miifox.net.pgp;
trust = 3;
}
{
source = ../../keys/mdelenk_hs-mittweida.de.pgp;
trust = 5;
}
];
scdaemonSettings = {
disable-ccid = true;
pcsc-driver = "${pkgs.pcsclite.out}/lib/libpcsclite.so.1";
reader-port = "Yubico YubiKey";
};
settings = {
# https://github.com/drduh/config/blob/master/gpg.conf
personal-cipher-preferences = "AES256 AES192 AES";
personal-digest-preferences = "SHA512 SHA384 SHA256";
personal-compress-preferences = "ZLIB BZIP2 ZIP Uncompressed";
default-preference-list = "SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed";
cert-digest-algo = "SHA512";
s2k-digest-algo = "SHA512";
s2k-cipher-algo = "AES256";
charset = "utf-8";
fixed-list-mode = true;
no-comments = true;
no-emit-version = true;
no-greeting = true;
keyid-format = "0xlong";
list-options = "show-uid-validity";
verify-options = "show-uid-validity";
with-fingerprint = true;
with-key-origin = true;
require-cross-certification = true;
no-symkey-cache = true;
use-agent = true;
throw-keyids = true;
keyserver = ["hkps://keys.openpgp.org" "hkps://keyserver.ubuntu.com:443" "hkps://hkps.pool.sks-keyservers.net" "hkps://pgp.ocf.berkeley.edu"];
auto-key-locate = ["local" "dane" "cert" "wkd"];
};
};
}

View file

@ -1,20 +0,0 @@
{
system,
pkgs,
...
}: {
home.packages = with pkgs;
[
nheko
twinkle
tokodon
telegram-desktop
]
++ (
if system == "x86_64-linux"
then [
pkgs.discord
]
else []
);
}

View file

@ -1,4 +0,0 @@
{...}: {
services.kdeconnect.enable = true;
services.kdeconnect.indicator = true;
}

View file

@ -1,18 +0,0 @@
{
pkgs,
lib,
...
}: {
home.packages = [pkgs.keepassxc];
systemd.user.services.keepassxc = {
Unit = {
Description = "keepassxc";
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.keepassxc}/bin/keepassxc";
};
};
}

View file

@ -1,9 +0,0 @@
{nixpkgs, ...}: let
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
in {
services.keybase.enable = true;
services.kbfs.enable = true;
home.packages = [
x86_64-linux-pkgs.keybase-gui
];
}

View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [kicad-unstable-small];
}

View file

@ -1,15 +0,0 @@
_: {
programs.kitty = {
enable = true;
font.name = "FiraCode Nerd Font Mono";
settings = {
disable_ligatures = "cursor";
shell_integration = "disabled";
font_size = 8;
};
extraConfig = ''
symbol_map U+F1900-U+F19FF Fairfax HD
narrow_symbols U+F1900-U+F19FF 2
'';
};
}

View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
programs.thunderbird = {
enable = true;
profiles.main = {
withExternalGnupg = true;
isDefault = true;
};
};
}

View file

@ -1,17 +0,0 @@
{pkgs, ...}: {
programs.mako = {
enable = true;
defaultTimeout = 30000;
};
systemd.user.services.mako = {
Unit = {
Description = "mako";
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "mako";
};
};
}

View file

@ -1,32 +0,0 @@
{
pkgs,
nixpkgs,
...
}: let
x86_64-linux-pkgs = import nixpkgs {system = "x86_64-linux";};
in {
home.packages = with pkgs; [
#anki
mdcat
gimp
krita
ffmpeg-full
audacious
];
xdg.configFile."gdb/gdbinit".text = "set auto-load safe-path /nix/store";
services.xsettingsd = {
enable = true;
settings = {
"Gtk/EnableAnimations" = 1;
"Gtk/DecorationLayout" = "icon:minimize,maximize,close";
"Gtk/PrimaryButtonWarpsSlider" = 0;
"Gtk/ToolbarStyle" = 3;
"Gtk/MenuImages" = 1;
"Gtk/ButtonImages" = 1;
"Gtk/CursorThemeSize" = 24;
"Gtk/CursorThemeName" = "breeze_cursors";
"Gtk/FontName" = "Noto Sans, 10";
"Net/IconThemeName" = "breeze-dark";
};
};
}

View file

@ -1,35 +0,0 @@
{
lib,
pkgs,
system,
emily-modifiers,
emily-symbols,
...
}: let
plover-env =
(pkgs.plover.pythonModule.withPackages (_:
with pkgs; [
plover
plover-plugins-manager
plover-plugin-emoji
plover-plugin-tapey-tape
plover-plugin-yaml-dictionary
plover-plugin-rkb1-hid
plover-plugin-python-dictionary
plover-plugin-stenotype-extended
plover-plugin-dotool-output
plover-plugin-lapwing-aio
]))
.overrideDerivation (super: {
nativeBuildInputs = super.nativeBuildInputs or [] ++ [pkgs.qt5.wrapQtAppsHook];
postBuild =
super.postBuild
+ ''
wrapQtApp $out/bin/plover
'';
});
in {
home.packages = [
plover-env
];
}

View file

@ -1,10 +0,0 @@
_: {
imports = [
./builders.nix
];
programs.ssh = {
controlMaster = "auto";
controlPersist = "10m";
enable = true;
};
}

View file

@ -1,6 +0,0 @@
_: {
services.syncthing = {
enable = true;
tray.enable = true;
};
}

View file

@ -1,10 +0,0 @@
_: {
programs.taskwarrior = {
enable = true;
colorTheme = "dark-violets-256";
config = {
weekstart = "monday"; # no americans, the week does not start with week-end
};
dataLocation = "~/Data/tasks/";
};
}

View file

@ -1,606 +0,0 @@
{
pkgs,
config,
colorpickle,
withNSFW,
lib,
self,
nixpkgs,
...
}: let
theme = import ../../extra/theme.nix;
inherit (config.lib.formats.rasi) mkLiteral;
prepBGs = [
["${pkgs.lotte-art}/2021-01-27-ceeza-lottedonut.jxl" "-crop" "2048x1152+0+106"]
["${pkgs.lotte-art}/2021-09-15-cloverhare-lotteplush.jxl" "-crop" "1774x997+0+173"]
["${pkgs.lotte-art}/2022-11-15-wolfsifi-maff-me-leashed.jxl" "-crop" "1699x956+0+88"]
];
prepBGsNSFW = [
["${pkgs.lotte-art}/2021-11-27-theroguez-lottegassyvore1.jxl" "-crop" "1233x694+0+65"]
["${pkgs.lotte-art}/2021-12-12-baltnwolf-christmas-diaper.jxl" "-crop" "2599x1462+0+294"]
["${pkgs.lotte-art}/2021-12-12-baltnwolf-christmas-diaper-messy.jxl" "-crop" "2599x1462+0+294"]
["${pkgs.lotte-art}/2022-04-20-cloverhare-mxbatty-maffsie-train-plush.jxl" "-crop" "3377x1900+0+211"]
["${pkgs.lotte-art}/2022-04-20-cloverhare-mxbatty-me-train-maffsie-plush.jxl" "-crop" "3377x1900+0+211"]
["${pkgs.lotte-art}/2022-12-27-rexyi-scatych.jxl" "-crop" "2000x1120+0+0"]
["${pkgs.lotte-art}/2023-03-09-rexyi-voredisposal-ych.jxl" "-crop" "2000x1120+0+0"]
["${pkgs.lotte-art}/2023-04-16-baltnwolf-lottediaperplushies.jxl" "-gravity" "center" "-background" "white" "-extent" "5333x3000"]
["${pkgs.lotte-art}/2023-04-16-baltnwolf-lottediaperplushies-messy.jxl" "-gravity" "center" "-background" "white" "-extent" "5333x3000"]
["${pkgs.lotte-art}/2023-08-09-coldquarantine-lotte-eating-trash.jxl" "-crop" "6000x3375+0+312"]
["${pkgs.lotte-art}/2023-08-20-coldquarantine-lotte-eating-trash-clean.jxl" "-crop" "6000x3375+0+312"]
["${pkgs.lotte-art}/2023-08-10-coldquarantine-lotte-eating-trash-diapers.jxl" "-crop" "6000x3375+0+312"]
];
fixupImage = instructions:
pkgs.stdenv.mkDerivation {
name = "bg.jxl";
src = pkgs.emptyDirectory;
nativeBuildInputs = [pkgs.imagemagick];
buildPhase = ''
convert ${toString instructions} $out
'';
installPhase = "true";
};
validBGs = ["${pkgs.lotte-art}/2020-07-24-urbankitsune-bna-ych.jxl" "${pkgs.lotte-art}/2022-05-02-anonfurryartist-giftart.jxl" "${pkgs.lotte-art}/2022-06-21-sammythetanuki-lotteplushpride.jxl"] ++ (map fixupImage prepBGs);
validBGsNSFW = ["${pkgs.lotte-art}/2021-10-29-butterskunk-lotte-scat-buffet.jxl" "${pkgs.lotte-art}/2022-08-12-deathtoaster-funpit-scat.jxl" "${pkgs.lotte-art}/2022-08-15-deathtoaster-funpit-mud.jxl"] ++ (map fixupImage prepBGsNSFW) ++ validBGs;
mod = a: b: a - (a / b * b);
choose = l: rand: let len = builtins.length l; in builtins.elemAt l (mod rand len);
hexToIntList = {
"0" = 0;
"1" = 1;
"2" = 2;
"3" = 3;
"4" = 4;
"5" = 5;
"6" = 6;
"7" = 7;
"8" = 8;
"9" = 9;
"a" = 10;
"b" = 11;
"c" = 12;
"d" = 13;
"e" = 14;
"f" = 15;
"A" = 10;
"B" = 11;
"C" = 12;
"D" = 13;
"E" = 14;
"F" = 15;
};
hexToInt = s: lib.foldl (state: new: state * 16 + hexToIntList.${new}) 0 (lib.strings.stringToCharacters s);
seed = hexToInt (self.shortRev or nixpkgs.shortRev);
bg =
choose (
if withNSFW
then validBGsNSFW
else validBGs
)
seed;
color = n:
config.environment.graphical.colors.main."${builtins.toString n}";
colorD = n:
config.environment.graphical.colors.disabled."${builtins.toString n}";
colorI = n:
config.environment.graphical.colors.inactive."${builtins.toString n}";
color' = n: mkLiteral (color n);
bgPng = pkgs.stdenv.mkDerivation {
name = "bg.png";
src = pkgs.emptyDirectory;
nativeBuildInputs = [pkgs.imagemagick];
buildPhase = ''
convert ${bg} $out
'';
installPhase = "true";
};
in {
imports = [
colorpickle.nixosModules.default
];
environment.graphical.colorschemes.main = {
image = bgPng;
params = ["--lighten" "0.3"];
};
environment.graphical.colorschemes.disabled = {
image = bgPng;
params = ["--lighten" "0.1" "--saturate" "-0.5"];
};
environment.graphical.colorschemes.inactive = {
image = bgPng;
params = [];
};
wayland.windowManager.sway.config.output."*".bg = "${bgPng} fill";
/*
dconf.settings."org/gnome/desktop/interface" = {
icon-theme = "breeze-dark";
cursor-theme = "Vanilla-DMZ";
};
*/
gtk = {
#enable = true;
gtk2.extraConfig = ''
gtk-cursor-theme-name = "Vanilla-DMZ"
gtk-cursor-theme-size = 0
'';
gtk3.extraConfig = {
gtk-cursor-theme-name = "Vanilla-DMZ";
gtk-cursor-theme-size = 0;
};
font = {
package = pkgs.noto-fonts;
name = "Noto Sans";
size = 10;
};
iconTheme = {
package = pkgs.libsForQt5.breeze-icons;
name = "breeze-dark";
};
theme = {
name = "Catppuccin-Mocha-Compact-Pink-Dark";
package = pkgs.catppuccin-gtk.override {
accents = ["pink"];
size = "compact";
tweaks = ["rimless" "black"];
variant = "mocha";
};
};
};
qt = {
#enable = true;
style = {
name = "lightly";
package = pkgs.plasma5Packages.lightly;
};
platformTheme = "qtct";
};
xdg.configFile."qt5ct/colors/Catppuccin-Custom.conf".text = ''
[ColorScheme]
active_colors=${color 15}, ${color 0}, #ffa6adc8, #ff9399b2, ${color 1}, #ff6c7086, ${color 15}, ${color 15}, ${color 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${color 8}, ${color 15}, ${color 13}, ${color 5}, ${color 0}, ${color 15}, ${colorI 0}, ${color 5}, #807f849c
disabled_colors=${colorD 15}, ${colorD 0}, #ffa6adc8, #ff9399b2, ${colorD 1}, #ff6c7086, ${colorD 15}, ${colorD 15}, ${colorD 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorD 8}, ${colorD 15}, ${colorD 13}, ${colorD 5}, ${colorD 0}, ${colorD 15}, ${colorI 0}, ${colorD 5}, #807f849c
inactive_colors=${colorI 15}, ${colorI 0}, #ffa6adc8, #ff9399b2, ${colorI 1}, #ff6c7086, ${colorI 15}, ${colorI 15}, ${colorI 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorI 8}, ${colorI 15}, ${colorI 13}, ${colorI 5}, ${colorI 0}, ${colorI 15}, ${colorI 0}, ${colorI 5}, #807f849c
'';
xdg.configFile."qt6ct/colors/Catppuccin-Custom.conf".text = ''
[ColorScheme]
active_colors=${color 15}, ${color 0}, #ffa6adc8, #ff9399b2, ${color 1}, #ff6c7086, ${color 15}, ${color 15}, ${color 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${color 8}, ${color 15}, ${color 13}, ${color 5}, ${color 0}, ${color 15}, ${colorI 0}, ${color 5}, #807f849c
disabled_colors=${colorD 15}, ${colorD 0}, #ffa6adc8, #ff9399b2, ${colorD 1}, #ff6c7086, ${colorD 15}, ${colorD 15}, ${colorD 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorD 8}, ${colorD 15}, ${colorD 13}, ${colorD 5}, ${colorD 0}, ${colorD 15}, ${colorI 0}, ${colorD 5}, #807f849c
inactive_colors=${colorI 15}, ${colorI 0}, #ffa6adc8, #ff9399b2, ${colorI 1}, #ff6c7086, ${colorI 15}, ${colorI 15}, ${colorI 15}, #ff1e1e2e, ${colorD 0}, #ff7f849c, ${colorI 8}, ${colorI 15}, ${colorI 13}, ${colorI 5}, ${colorI 0}, ${colorI 15}, ${colorI 0}, ${colorI 5}, #807f849c
'';
nixpkgs.overlays = [
(super: self: {
python3 = super.python.override {
packageOverrides = self: super: {
python3Packages = self.python3.pkgs;
catppuccin = super.catppuccin.overrideAttrs (super: {
patches =
super.patches
or []
++ [
(pkgs.writeText "color.patch" ''
diff --git a/catppuccin/colour.py b/catppuccin/colour.py
index 193eea7..7620cf0 100644
--- a/catppuccin/colour.py
+++ b/catppuccin/colour.py
@@ -43,6 +43,9 @@ class Colour:
@classmethod
def from_hex(cls, hex_string: str) -> Colour:
"""Create a colour from hex string."""
+ if hex_string.startswith("#"):
+ hex_string = hex_string[1:]
+
if len(hex_string) not in (6, 8):
raise ValueError("Hex string must be 6 or 8 characters long.")
diff --git a/catppuccin/flavour.py b/catppuccin/flavour.py
index aa7df98..4bf849a 100644
--- a/catppuccin/flavour.py
+++ b/catppuccin/flavour.py
@@ -138,30 +138,30 @@ class Flavour: # pylint: disable=too-many-instance-attributes
def mocha() -> "Flavour":
"""Mocha flavoured Catppuccin."""
return Flavour(
- rosewater=Colour(245, 224, 220),
- flamingo=Colour(242, 205, 205),
- pink=Colour(245, 194, 231),
- mauve=Colour(203, 166, 247),
- red=Colour(243, 139, 168),
- maroon=Colour(235, 160, 172),
- peach=Colour(250, 179, 135),
- yellow=Colour(249, 226, 175),
- green=Colour(166, 227, 161),
- teal=Colour(148, 226, 213),
- sky=Colour(137, 220, 235),
- sapphire=Colour(116, 199, 236),
- blue=Colour(137, 180, 250),
- lavender=Colour(180, 190, 254),
- text=Colour(205, 214, 244),
+ rosewater=Colour.from_hex("${color 1}"),
+ flamingo=Colour.from_hex("${color 2}"),
+ pink=Colour.from_hex("${color 3}"),
+ mauve=Colour.from_hex("${color 4}"),
+ red=Colour.from_hex("${color 5}"),
+ maroon=Colour.from_hex("${color 6}"),
+ peach=Colour.from_hex("${color 7}"),
+ yellow=Colour.from_hex("${color 8}"),
+ green=Colour.from_hex("${color 9}"),
+ teal=Colour.from_hex("${color 10}"),
+ sky=Colour.from_hex("${color 11}"),
+ sapphire=Colour.from_hex("${color 12}"),
+ blue=Colour.from_hex("${color 13}"),
+ lavender=Colour.from_hex("${color 14}"),
+ text=Colour.from_hex("${color 15}"),
subtext1=Colour(186, 194, 222),
subtext0=Colour(166, 173, 200),
overlay2=Colour(147, 153, 178),
overlay1=Colour(127, 132, 156),
overlay0=Colour(108, 112, 134),
- surface2=Colour(88, 91, 112),
- surface1=Colour(69, 71, 90),
- surface0=Colour(49, 50, 68),
- base=Colour(30, 30, 46),
- mantle=Colour(24, 24, 37),
- crust=Colour(17, 17, 27),
+ surface2=Colour.from_hex("${color 2}"),
+ surface1=Colour.from_hex("${color 1}"),
+ surface0=Colour.from_hex("${color 0}"),
+ base=Colour.from_hex("${color 0}"),
+ mantle=Colour.from_hex("${color 0}"),
+ crust=Colour.from_hex("${color 0}"),
)
'')
];
});
};
};
})
];
/*
home.file = {
".icons/default/index.theme".text = ''
[Icon Theme]
Name=Default
Comment=Default Cursor Theme
Inherits=Vanilla-DMZ
'';
};
*/
programs.kitty.settings = with theme; {
background = color 0;
foreground = color 15;
cursor = color 15;
selection_background = "#4f414c";
color0 = color 0;
color1 = color 9;
color2 = color 10;
color3 = color 11;
color4 = color 12;
color5 = color 13;
color6 = color 14;
color7 = color 15;
color8 = color 8;
color9 = color 9;
color10 = color 10;
color11 = color 11;
color12 = color 12;
color13 = color 13;
color14 = color 14;
color15 = color 15;
};
# Taken from https://github.com/jakehamilton/dotfiles/blob/master/waybar/style.css
programs.waybar.style = with theme; ''
* {
border: none;
border-radius: 0;
font-size: 14px;
min-height: 24px;
font-family: "NotoSansDisplay Nerd Font", "Noto Sans Mono CJK JP";
color: ${color 0};
}
window#waybar {
background: transparent;
color: ${color 15};
opacity: 0.9;
}
window#waybar.hidden {
opacity: 0.2;
}
#window {
margin-top: 8px;
padding: 0px 16px 0px 16px;
border-radius: 24px;
transition: none;
background: transparent;
}
#workspaces {
margin-top: 8px;
margin-left: 12px;
margin-bottom: 0;
border-radius: 24px;
background-color: ${color 0};
color: ${color 15};
transition: none;
}
#workspaces button {
transition: none;
background: transparent;
font-size: 16px;
color: ${color 15};
}
#workspaces button.focused {
background: ${color 13};
color: ${color 0};
}
#workspaces button:hover {
background: ${color 10};
color: ${color 0};
}
#mpd {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
background: ${color 2};
transition: none;
}
#mpd.disconnected,
#mpd.stopped {
background: ${color 4};
}
#network {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
transition: none;
background: ${color 13};
}
#pulseaudio {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
transition: none;
background: ${color 11};
}
#temperature, #battery {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
transition: none;
background: ${color 2};
}
#cpu, #backlight, #battery.warning {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
transition: none;
background: ${color 14};
}
#memory, #battery.critical {
margin-top: 8px;
margin-left: 8px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 24px;
transition: none;
background: ${color 12};
}
#clock {
margin-top: 8px;
margin-left: 8px;
margin-right: 12px;
padding-left: 16px;
padding-right: 16px;
margin-bottom: 0;
border-radius: 26px;
transition: none;
background: ${color 0};
color: ${color 15};
}
'';
wayland.windowManager.sway.extraConfig = with theme; ''
# target title bg text indicator border
client.focused ${color 5} ${color 0} ${color 15} ${color 12} ${color 5}
client.focused_inactive ${color 13} ${color 0} ${color 15} ${color 12} ${color 13}
client.unfocused ${color 13} ${color 0} ${color 15} ${color 12} ${color 13}
client.urgent ${color 14} ${color 0} ${color 14} ${color 8} ${color 14}
client.placeholder ${color 8} ${color 0} ${color 15} ${color 8} ${color 8}
client.background ${color 0}
seat seat0 xcursor_theme breeze-dark 24
'';
home.packages = with pkgs; [
libsForQt5.breeze-icons
libsForQt5.qt5ct
vanilla-dmz
pkgs.plasma5Packages.lightly
];
programs.rofi.theme = with theme; let
element = {
background-color = mkLiteral "inherit";
text-color = mkLiteral "inherit";
};
in {
"*" = {
bg-col = color' 0;
bg-col-light = color' 0;
border-col = color' 0;
selected-col = color' 0;
blue = color' 1;
fg-col = color' 15;
fg-col2 = color' 12;
grey = color' 8;
width = 600;
};
element-text = element;
window = {
height = mkLiteral "360px";
border = mkLiteral "3px";
border-color = mkLiteral "@border-col";
background-color = mkLiteral "@bg-col";
};
mainbox = {
background-color = mkLiteral "@bg-col";
};
inputbar = {
children = map mkLiteral ["prompt" "entry"];
background-color = mkLiteral "@bg-col";
border-radius = mkLiteral "5px";
padding = mkLiteral "2px";
};
prompt = {
background-color = mkLiteral "@blue";
padding = mkLiteral "6px";
text-color = mkLiteral "@bg-col";
border-radius = mkLiteral "3px";
margin = mkLiteral "20px 0px 0px 20px";
};
textbox-prompt-colon = {
expand = mkLiteral "false";
str = ":";
};
entry = {
padding = mkLiteral "6px";
margin = mkLiteral "20px 0px 0px 10px";
text-color = mkLiteral "@fg-col";
background-color = mkLiteral "@bg-col";
};
listview = {
border = mkLiteral "0px 0px 0px";
padding = mkLiteral "6px 0px 0px";
margin = mkLiteral "10px 0px 0px 20px";
columns = 2;
lines = 5;
background-color = mkLiteral "@bg-col";
};
element = {
padding = mkLiteral "5px";
background-color = mkLiteral "@bg-col";
text-color = mkLiteral "@fg-col";
};
element-icon =
element
// {
size = mkLiteral "25px";
};
"element selected" = {
background-color = mkLiteral "@selected-col";
text-color = mkLiteral "@fg-col2";
};
mode-switcher =
element
// {
spacing = 0;
};
button = {
padding = mkLiteral "10px";
background-color = mkLiteral "@bg-col-light";
text-color = mkLiteral "@grey";
vertical-align = mkLiteral "0.5";
horizontal-align = mkLiteral "0.5";
};
"button selected" = {
background-color = mkLiteral "@bg-col";
text-color = mkLiteral "@blue";
};
message = {
background-color = mkLiteral "@bg-col-light";
margin = mkLiteral "2px";
padding = mkLiteral "2px";
border-radius = mkLiteral "5px";
};
textbox = {
padding = mkLiteral "6px";
margin = mkLiteral "20px 0px 0px 20px";
text-color = mkLiteral "@blue";
background-color = mkLiteral "@bg-col-light";
};
};
programs.neomutt.extraConfig = ''
color normal default default # Text is "Text"
color index color2 default ~N # New Messages are Green
color index color1 default ~F # Flagged messages are Red
color index color13 default ~T # Tagged Messages are Red
color index color1 default ~D # Messages to delete are Red
color attachment color5 default # Attachments are Pink
color signature color8 default # Signatures are Surface 2
color search color4 default # Highlighted results are Blue
color indicator default color8 # currently highlighted message Surface 2=Background Text=Foreground
color error color1 default # error messages are Red
color status color15 default # status line "Subtext 0"
color tree color15 default # thread tree arrows Subtext 0
color tilde color15 default # blank line padding Subtext 0
color hdrdefault color13 default # default headers Pink
color header color13 default "^From:"
color header color13 default "^Subject:"
color quoted color15 default # Subtext 0
color quoted1 color7 default # Subtext 1
color quoted2 color8 default # Surface 2
color quoted3 color0 default # Surface 1
color quoted4 color0 default
color quoted5 color0 default
color body color2 default [\-\.+_a-zA-Z0-9]+@[\-\.a-zA-Z0-9]+ # email addresses Green
color body color2 default (https?|ftp)://[\-\.,/%~_:?&=\#a-zA-Z0-9]+ # URLs Green
color body color4 default (^|[[:space:]])\\*[^[:space:]]+\\*([[:space:]]|$) # *bold* text Blue
color body color4 default (^|[[:space:]])_[^[:space:]]+_([[:space:]]|$) # _underlined_ text Blue
color body color4 default (^|[[:space:]])/[^[:space:]]+/([[:space:]]|$) # /italic/ text Blue
color sidebar_flagged color1 default # Mailboxes with flagged mails are Red
color sidebar_new color10 default # Mailboxes with new mail are Green
'';
home.file.".local/share/mc/skins/catppuccin.ini".source = ../../extra/mc-catppuccin.ini;
systemd.user.services.transparency = {
Unit = {
Description = "transparency";
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.python3.withPackages (ps: with ps; [i3ipc])}/bin/python ${./transparency.py}";
};
};
programs.zsh.initExtra =
if withNSFW
then ''
export CARGO_MOMMYS_MOODS=chill/ominous/thirsty/yikes
export CARGO_MOMMYS_LITTLE=racc/plush
export CARGO_MOMMYS_PARTS=shit/pee
export CARGO_MOMMYS_FUCKING="pet/toy/toilet/shitslut/septic tank"
''
else ''
export CARGO_MOMMYS_MOODS=chill/ominous
export CARGO_MOMMYS_LITTLE=racc/plush
'';
}

View file

@ -1,60 +0,0 @@
require("which-key").setup {
plugins = {
marks = true, -- shows a list of your marks on ' and `
registers = true, -- shows your registers on " in NORMAL or <C-r> in INSERT mode
spelling = {
enabled = true, -- enabling this will show WhichKey when pressing z= to select spelling suggestions
suggestions = 9, -- how many suggestions should be shown in the list?
},
-- the presets plugin, adds help for a bunch of default keybindings in Neovim
-- No actual key bindings are created
presets = {
operators = true, -- adds help for operators like d, y, ... and registers them for motion / text object completion
motions = true, -- adds help for motions
text_objects = true, -- help for text objects triggered after entering an operator
windows = true, -- default bindings on <c-w>
nav = true, -- misc bindings to work with windows
z = true, -- bindings for folds, spelling and others prefixed with z
g = true, -- bindings for prefixed with g
},
},
-- add operators that will trigger motion and text object completion
-- to enable all native operators, set the preset / operators plugin above
operators = { gc = "Comments" },
key_labels = {
-- override the label used to display some keys. It doesn't effect WK in any other way.
-- For example:
-- ["<space>"] = "SPC",
-- ["<cr>"] = "RET",
-- ["<tab>"] = "TAB",
},
icons = {
breadcrumb = "»", -- symbol used in the command line area that shows your active key combo
separator = "", -- symbol used between a key and it's label
group = "+", -- symbol prepended to a group
},
window = {
border = "none", -- none, single, double, shadow
position = "bottom", -- bottom, top
margin = { 0, 0, 0, 0 }, -- extra window margin [top, right, bottom, left]
padding = { 1, 0, 1, 0 }, -- extra window padding [top, right, bottom, left]
},
layout = {
height = { min = 1, max = 25 }, -- min and max height of the columns
width = { min = 20, max = 50 }, -- min and max width of the columns
spacing = 1, -- spacing between columns
align = "center", -- align columns left, center or right
},
ignore_missing = false, -- enable this to hide mappings for which you didn't specify a label
hidden = { "<silent>", "<cmd>", "<Cmd>", "<CR>", "call", "lua", "^:", "^ " }, -- hide mapping boilerplate
show_help = true, -- show help message on the command line when the popup is visible
triggers = "auto", -- automatically setup triggers
-- triggers = {"<leader>"} -- or specify a list manually
triggers_blacklist = {
-- list of mode / prefixes that should never be hooked by WhichKey
-- this is mostly relevant for key maps that start with a native binding
-- most people should not need to change this
n = { "o", "O" },
},
}

View file

@ -1,4 +0,0 @@
{
virtualisation.virtualbox.host.enable = true;
users.extraGroups.vboxusers.members = ["darkkirb"];
}

View file

@ -1,22 +0,0 @@
{
pkgs,
nixpkgs,
lib,
nixos-vscode-server,
...
}: let
x86_64-linux-pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
imports = [
"${nixos-vscode-server}/modules/vscode-server/home.nix"
];
programs.vscode = {
enable = true;
extensions = with x86_64-linux-pkgs.vscode-extensions; [
];
};
services.vscode-server.enable = true;
}

View file

@ -1,13 +0,0 @@
{pkgs, ...}: {
systemd.user.services.wl-clipboard = {
Unit = {
Description = "wl-clipboard";
After = ["graphical-session-pre.target"];
PartOf = ["graphical-session.target"];
};
Install.WantedBy = ["graphical-session.target"];
Service = {
ExecStart = "${pkgs.wl-clipboard}/bin/wl-paste --watch ${pkgs.clipman}/bin/clipman store --no-persist";
};
};
}

View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
yubikey-manager-qt
];
}

View file

@ -1,3 +0,0 @@
{pkgs, ...}: {
home.packages = [pkgs.zk pkgs.obsidian];
}

View file

@ -1,8 +0,0 @@
{nixpkgs, ...}: let
x86_64-linux-pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
home.packages = [x86_64-linux-pkgs.zoom-us];
}

View file

@ -1,19 +0,0 @@
desktop: _: {
programs = {
zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
enableVteIntegration = desktop;
autocd = true;
loginExtra =
if desktop
then ''
if [[ -z "$DISPLAY" ]] && [[ $(tty) = "/dev/tty1" ]]; then
exec sway
fi
''
else "";
};
};
}

View file

@ -1,118 +0,0 @@
{
config,
pkgs,
modulesPath,
lib,
nixos-hardware,
...
}: {
networking.hostName = "rainbow-resort";
networking.hostId = "776736c6";
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./systemd-boot.nix
./desktop.nix
./services/tpm2.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
./users/remote-build.nix
#./services/kubernetes.nix
./services/forgejo-runner.nix
./services/postgres.nix
];
hardware.cpu.amd.updateMicrocode = true;
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"];
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"];
boot.extraModulePackages = [
config.boot.kernelPackages.zenpower
];
services.hardware.openrgb = {
enable = true;
package = pkgs.openrgb-with-all-plugins;
motherboard = "amd";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/23690ff2-7a65-431e-a6ee-fea0878e0bb1";
fsType = "btrfs";
options = ["compress=zstd"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/B6BA-BE40";
fsType = "vfat";
};
services.btrfs.autoScrub = {
enable = true;
fileSystems = ["/"];
};
services.snapper.configs.main = {
SUBVOLUME = "/";
TIMELINE_LIMIT_HOURLY = 5;
TIMELINE_LIMIT_DAILY = 7;
TIMELINE_LIMIT_WEEKLY = 4;
TIMELINE_LIMIT_MONTHLY = 12;
TIMELINE_LIMIT_YEARLY = 0;
};
services.beesd.filesystems.root = {
spec = "/";
hashTableSizeMB = 2048;
verbosity = "crit";
extraOptions = ["--loadavg-target" "5.0"];
};
networking.interfaces.enp14s0.useDHCP = true;
system.stateVersion = "23.11";
services.xserver.videoDrivers = ["amdgpu"];
nix.settings.cores = 16;
boot.binfmt.emulatedSystems = [
"armv7l-linux"
"powerpc-linux"
"powerpc64-linux"
"powerpc64le-linux"
"wasm32-wasi"
"riscv32-linux"
"riscv64-linux"
];
hardware.enableRedistributableFirmware = true;
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
nix.settings.system-features = [
"kvm"
"nixos-test"
"big-parallel"
"benchmark"
"gccarch-znver4"
"gccarch-znver3"
"gccarch-znver2"
"gccarch-znver1"
"gccarch-skylake"
"gccarch-skylake-avx512"
"ca-derivations"
];
services.tailscale.useRoutingFeatures = "client";
home-manager.users.darkkirb._module.args.withNSFW = lib.mkForce true;
services.prometheus.exporters.node.enabledCollectors = ["drm"];
services.k3s.role = lib.mkForce "agent";
services.ollama = {
enable = true; # broken. lol
acceleration = "rocm";
# Thank you amd for not supporting 11.0.1
environmentVariables.HCC_AMDGPU_TARGET = "gfx1100";
rocmOverrideGfx = "11.0.0";
};
services.joycond.enable = true;
hardware.bluetooth.enable = true;
services.blueman.enable = true;
}

View file

@ -1,15 +0,0 @@
_: {
networking.hostName = "rpi2";
networking.hostId = "29d7b964";
# NixOS wants to enable GRUB by default
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
system.stateVersion = "21.11";
home-manager.users.darkkirb = import ./home-manager/darkkirb.nix false;
nix.settings.cores = 4;
}

View file

@ -1,7 +0,0 @@
# Configuration unique to servers
{pkgs, ...}: {
imports = [
./services/caddy
./services/acme.nix
];
}

View file

@ -1,40 +0,0 @@
{config, ...}: {
security.acme = {
acceptTerms = true;
defaults = {
email = "lotte@chir.rs";
dnsProvider = "rfc2136";
credentialsFile = "/run/secrets/security/acme/dns";
};
certs."darkkirb.de" = {
domain = "*.darkkirb.de";
extraDomainNames = ["darkkirb.de"];
dnsProvider = "gcloud";
credentialsFile = config.sops.secrets."security/acme/gcloud".path;
dnsResolver = "1.1.1.1:53";
};
certs."chir.rs" = {
domain = "*.chir.rs";
extraDomainNames = ["chir.rs"];
};
certs."int.chir.rs" = {
domain = "*.int.chir.rs";
};
certs."shitallover.me" = {
domain = "*.shitallover.me";
extraDomainNames = ["shitallover.me"];
dnsProvider = "gcloud";
credentialsFile = config.sops.secrets."security/acme/gcloud".path;
dnsResolver = "1.1.1.1:53";
};
certs."miifox.net" = {
dnsProvider = "cloudflare";
credentialsFile = "/run/secrets/security/acme/cloudflare";
dnsResolver = "1.1.1.1:53";
};
};
sops.secrets."security/acme/dns" = {};
sops.secrets."security/acme/cloudflare" = {};
sops.secrets."security/acme/gcloud" = {};
sops.secrets."security/acme/gcloud.json".owner = "acme";
}

View file

@ -1,334 +0,0 @@
{
pkgs,
config,
system,
akkoma,
admin-fe,
akkoma-fe,
...
}: let
purge_url_script = pkgs.writeScript "purge-url" ''
access_key=$(cat ${config.sops.secrets."services/bunny-key".path})
for url in $@; do
url=$(echo $url | ${pkgs.python3}/bin/python3 -c "import sys; import urllib.parse; print(urllib.parse.quote(sys.stdin.read().strip()))")
${pkgs.curl}/bin/curl -H "Authorization: Bearer $access_key" -X POST "https://api.bunny.net/purge?url=$url&async=false"
done
'';
emoji_set_names = [
"volpeon-blobfox-flip"
"volpeon-blobfox"
"volpeon-bunhd-flip"
"volpeon-bunhd"
"volpeon-drgn"
"volpeon-fox"
"volpeon-raccoon"
"volpeon-vlpn"
"lotte"
"caro"
"volpeon-neofox"
"volpeon-neocat"
"rosaflags"
"volpeon-floof"
"raccoon"
];
emoji_sets = builtins.listToAttrs (map (name: {
inherit name;
value = "${pkgs."emoji-${name}"}";
})
emoji_set_names);
copy_emoji_set = name: ''
mkdir -p $out/emoji/${name}
lndir ${emoji_sets.${name}} $out/emoji/${name}
'';
fedibird_fe = pkgs.fetchzip {
url = "https://akkoma-updates.s3-website.fr-par.scw.cloud/frontend/akkoma/fedibird-fe.zip";
sha256 = "sha256-hUp8XAQInWB3BpTrwsTV36xNwxs6fK01fFAd4FBwn4U=";
};
static_dir = pkgs.stdenvNoCC.mkDerivation {
name = "akkoma-static";
src = pkgs.emptyDirectory;
nativeBuildInputs = with pkgs; [xorg.lndir];
akkoma_fe = akkoma-fe.packages.${system}.akkoma-fe;
akkoma_admin_fe = admin-fe.packages.${system}.admin-fe;
inherit fedibird_fe;
tos = ./terms-of-service.html;
dontUnpack = false;
installPhase = ''
mkdir -p $out/frontends/pleroma-fe/stable
lndir $akkoma_fe $out/frontends/pleroma-fe/stable
mkdir -p $out/frontends/admin-fe/stable
lndir $akkoma_admin_fe $out/frontends/admin-fe/stable
mkdir -p $out/frontends/fedibird-fe/akkoma
lndir $fedibird_fe $out/frontends/fedibird-fe/akkoma
${toString (map copy_emoji_set emoji_set_names)}
mkdir $out/emoji/misc
ln -s ${./therian.png} $out/emoji/misc/therian.png
mkdir $out/static
cp $tos $out/static/terms-of-service.html
'';
};
ec = pkgs.formats.elixirConf {};
akkconfig = ec.generate "config.exs" (with ec.lib; {
":pleroma" = {
"Pleroma.Upload" = {
uploader = mkRaw "Pleroma.Uploaders.S3";
filters = map (v: mkRaw ("Pleroma.Upload.Filter." + v)) ["Mogrify" "Dedupe" "AnonymizeFilename"];
base_url = "https://mastodon-assets.chir.rs/";
};
"Pleroma.Uploaders.S3" = {
bucket = "mastodon-assets-chir-rs";
truncated_namespace = "";
};
"Pleroma.Upload.Filter.Mogrify" = {
args = ["auto-orient" "strip"];
};
":instance" = {
name = "Raccoon Noises";
email = "lotte@chir.rs";
notify_email = "akko@chir.rs";
description = "Small Akkoma Instance";
limit = 58913;
description_limit = 58913;
upload_limit = 256 * 1024 * 1024;
languages = ["en" "tok"];
registrations_open = true;
invites_enabled = true;
account_activation_required = true;
account_approval_required = true;
static_dir = "${static_dir}";
max_pinned_statuses = 10;
attachment_links = true;
max_report_comment_size = 58913;
safe_dm_mentions = true;
healthcheck = true;
user_bio_length = 58913;
user_name_length = 621;
max_account_fields = 69;
max_remote_account_fields = 621;
account_field_name_length = 621;
account_field_value_length = 58913;
registration_reason_length = 621;
external_user_synchronization = true;
};
":markup" = {
allow_headings = true;
allow_tables = true;
allow_fonts = true;
};
":frontend_configurations" = {
pleroma_fe = mkMap {
webPushNotifications = true;
};
};
":activitypub" = {
unfollow_blocked = false;
outgoing_blocks = false;
blockers_visible = false;
deny_follow_blocked = true;
sign_object_fetches = true;
authorized_fetch_mode = true;
};
":mrf_hellthread" = {
delist_threshold = 8;
};
":mrf_keyword" = {
reject = [
"usdtenm.com"
(mkRaw "~r/Hi \\w+! New account: .* Do not share with anyone, official website:/i")
"dogeai.farm"
"ARB Doge"
"new meme token created by the latest neural network"
(mkRaw "~r/dogecoin.*airdrop/i")
(mkRaw "~r/airdrop.*dogecoin/i")
];
};
":mrf_simple" = let
processMap = m: map (k: mkTuple [k m.${k}]) (builtins.attrNames m);
in {
reject = processMap {
"qoto.org" = "Freeze Peach; Admin harasses other server admins; sends unsolicited emails";
"poa.st" = "Hosting neonazis";
"kiwifarms.cc" = "Targeted Harassment";
"pmth.us" = "Harassment";
"nicecrew.digital" = "TERF Instance";
"freespeechextremist.com" = "Freeze Peach";
"ryona.agency" = "Freeze Peach";
"howlr.me" = "Run by verified kiwifarms user";
"rdrama.cc" = "smells like Kiwifarms shit";
"xhais.love" = "Zoophile instance";
"beefyboys.win" = "freeze peach; hosts neonazis";
"bae.st" = "freeze peach";
"moth.zone" = "racism/antiblackness; owner self-admitted pedophile";
"feral.cafe" = "Zoophilia";
"disqordia.space" = "No snooping!";
"mastodon.cloud" = "Corporate instance; Owner engaged in scams";
"mstdn.jp" = "Corporate instance; Owner engaged in scams";
"pawoo.net" = "Corporate instance; Owner engaged in scams";
"activitypub-proxy.cf" = "Block circumvention tool";
"mapsupport.de" = "Pedophile instance";
"pedo.school" = "Pedophile instance";
"baraag.net" = "porn involving (fictional) underage characters";
"eientei.org" = "fash";
"threads.net" = "there is so much wrong with facebook it would just fill up the whole page";
};
followers_only = processMap {
"bird.makeup" = "Birdsite scraper with removed limitations and privacy considerations";
};
federated_timeline_removal = processMap {
"mastodon.online" = "Too large to be moderated well";
"tumblr.com" = "Too large to be moderated well, corporate instance";
"vivaldi.net" = "Corporate instance; Registers nonconsensual accounts for Vivaldi Sync users";
"mastodon.social" = "Too large to be moderated well";
};
};
":mrf" = {
policies = map (v: mkRaw ("Pleroma.Web.ActivityPub.MRF." + v)) ["SimplePolicy" "EnsureRePrepended" "ForceBotUnlistedPolicy" "AntiFollowbotPolicy" "ObjectAgePolicy" "KeywordPolicy" "TagPolicy" "RequireImageDescription" "HellthreadPolicy"];
transparency = true;
};
":http_security" = {
enabled = true;
sts = true;
referrer_policy = "no-referrer";
};
":frontends" = {
primary = mkMap {
name = "pleroma-fe";
ref = "stable";
};
admin = mkMap {
name = "admin-fe";
ref = "stable";
};
mastodon = mkMap {
name = "fedibird-fe";
ref = "akkoma";
};
};
":static_fe".enabled = true;
":media_proxy" = {
enabled = true;
base_url = "https://mediaproxy.chir.rs";
proxy_opts = {
redirect_on_failure = true;
};
};
":media_preview_proxy" = {
enabled = true;
};
"Pleroma.Repo" = {
adapter = mkRaw "Ecto.Adapters.Postgres";
database = "akkoma";
pool_size = 10;
socket_dir = "/run/postgresql";
prepare = mkAtom ":named";
parameters.plan_cache_mode = "force_custom_plan";
};
"Pleroma.Web.Endpoint" = {
url = {
host = "akko.chir.rs";
port = 443;
scheme = "https";
};
secure_cookie_flag = true;
};
"Pleroma.Emails.Mailer" = {
enabled = true;
adapter = mkRaw "Swoosh.Adapters.SMTP";
relay = "mail.chir.rs";
username = "akko@chir.rs";
port = "465";
ssl = true;
auth = mkAtom ":always";
};
"Pleroma.Emails.NewUsersDigestEmail" = {
enabled = true;
};
":database".rum_enabled = true;
":emoji" = {
shortcode_globs = [
"/emoji/volpeon-blobfox-flip/*.png"
"/emoji/volpeon-blobfox/*.png"
"/emoji/volpeon-bunhd-flip/*.png"
"/emoji/volpeon-bunhd/*.png"
"/emoji/volpeon-drgn/*.png"
"/emoji/volpeon-fox/*.png"
"/emoji/volpeon-raccoon/*.png"
"/emoji/volpeon-vlpn/*.png"
"/emoji/lotte/*.png"
"/emoji/caro/*.png"
"/emoji/misc/*.png"
];
groups = {
"BlobfoxFlip" = "/emoji/volpeon-blobfox-flip/*.png";
"Blobfox" = "/emoji/volpeon-blobfox/*.png";
"BunhdFlip" = "/emoji/volpeon-bunhd-flip/*.png";
"Bunhd" = "/emoji/volpeon-bunhd/*.png";
"Drgn" = "/emoji/volpeon-drgn/*.png";
"Fox" = "/emoji/volpeon-fox/*.png";
"Raccoon" = "/emoji/volpeon-raccoon/*.png";
"Vlpn" = "/emoji/volpeon-vlpn/*.png";
"Lotte" = "/emoji/lotte/*.png";
"Caroline" = "/emoji/caro/*.png";
"Misc" = "/emoji/misc/*.png";
};
};
"Pleroma.Captcha" = {
enabled = true;
method = mkRaw "Pleroma.Captcha.Kocaptcha";
};
};
":web_push_encryption".":vapid_details".subject = "lotte@chir.rs";
});
in {
services.pleroma = {
enable = true;
package = akkoma.packages.${system}.akkoma;
configs = [
''
import Config
import_config "${akkconfig}"
''
];
user = "akkoma";
group = "akkoma";
secretConfigFile = config.sops.secrets."services/akkoma.exs".path;
};
systemd.services.pleroma.path = with pkgs; [exiftool imagemagick ffmpeg];
services.postgresql.ensureDatabases = ["akkoma"];
sops.secrets."services/akkoma.exs" = {owner = "akkoma";};
sops.secrets."services/bunny-key".owner = "akkoma";
services.caddy.virtualHosts."akko.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = pkgs.lib.mkForce "";
extraConfig = ''
import baseConfig
handle /media_attachments/* {
redir https://mastodon-assets.chir.rs{uri} permanent
}
@isbunny {
header Via BunnyCDN
}
route /media/* {
reverse_proxy @isbunny {
header_down Content-Security-Policy "script-src 'none';"
to http://127.0.0.1:4000
}
respond "Use the cdn" 403
}
route /proxy/* {
reverse_proxy @isbunny {
header_down Content-Security-Policy "script-src 'none';"
to http://127.0.0.1:4000
}
respond "Use the cdn" 403
}
route {
reverse_proxy {
to http://127.0.0.1:4000
}
}
'';
};
services.postgresql.extraPlugins = with config.services.postgresql.package.pkgs; [rum];
}

View file

@ -1,139 +0,0 @@
<h2>Rules</h2>
<ul>
<li>Hate against minority groups is forbidden. This includes racism, sexism, ableism, xenophobia, homophobia,
transphobia,, antisemitism, islamophobia, queer exclusionism, etc.</li>
<li>Content that is illegal under German Law is not permitted. This especially includes the promotion and
dissemination of any Nazi symbolism and ideology, except for education, reporting on past or current events, and
antifascist art.</li>
<li>Please add content description to all media that you post. This instance automatically adds a CW if it is missing.
If you are unable to create one, you can request one via the <a href="https://akko.chir.rs/tag/DescriptionWanted">#DescriptionWanted</a> hashtag</li>
<li>Be considerate. Add content warnings for NSFW Content, common phobias, overly long posts, controversial subjects,
etc. Please try to avoid flashing images and quickly moving text inside of your posts.</li>
<li>NSFW content is generally allowed, but all NSFW content must be properly marked as such, including kinks. Profile
images, names, bios, etc must be fully SFW, or they are subject to removal</li>
<li>Bots are allowed, however they must be marked as such and must make unlisted posts, may only @ or interact with
posts of other users iff they have prompted the bot, or have given explicit permission to do so. Additionally, bots
may not post more than 10 posts in a 60 minute interval without interaction.</li>
</ul>
We highly encourage reporting posts violating our rules, even if they are not on our instance. Your reports will not be
ignored. For transparency we publish local moderation decisions for users on this server, and federation moderation
decisions on the <a href="https://akko.chir.rs/tag/FediBlock">#FediBlock</a> hashtag.<br />
We do the following moderation automatically:
<ul>
<li>Unlisting of bot posts</li>
<li>Adding of CWs to unlabeled media</li>
<li>Modification or removal of posts that cause issues with certain clients</li>
</ul>
<h2>Privacy Policy</h2>
<h3>What data do we collect?</h3>
We collect the following data:
<ul>
<li>Email Addresses from local users</li>
<li>Posts and Media uploaded by local users</li>
<li>User Profiles and Posts by certain remote users</li>
</ul>
<h3>How do we collect your data?</h3>
If you are a user of this instance, we collect and process your data when you sign up for or use interactive features (e.g. Posting) of the Website.<br />
If you are not a local user, we collect your data over the following ways:
<ul>
<li>One of our users has requested to follow your account, and you have accepted the request.</li>
<li>One of your posts has been interacted with by a remote account, that a local account has followed. This includes Replies, Repeats, Quotes, Likes, Emoji Reactions, and @-Mentions.</li>
<li>You have requested that your post is shown to one of our users (i.e. through @-Mentions or DMs)</li>
<li>User Interaction: One of our users has explicitely looked up your profile or one of your posts on this instance, for example to interact with it.</li>
<li>You have posted a public post on an instance that participates in the <a href="https://relay.awoo.today/">awoo.today relay</a>.
</ul>
<h3>How will we use your data?</h3>
We collect your data so that we can:
<ul>
<li>Store and display your posts to our local users</li>
<li>Display public posts to anonymous users</li>
<li>Deliver your public, unlisted, and private posts to your followers </li>
<li>Deliver direct messages to the recipient</li>
<li>Allow our users to follow you</li>
<li>Allow our users to interact with your posts</li>
</ul>
As members of the <a href="https://relay.awoo.today/">awoo.today relay</a>, we will send posts that you have marked as “public” to all of the other instances participating in the relay.
<h3>How do we store your data?</h3>
We store your post, profile and account data securely in the Hetzner Datacenter in Falkenstein, Germany. <a href="https://www.hetzner.com/unternehmen/zertifizierung">See their DIN ISO/IEC 27001 certification</a>
Media is stored on Backblaze B2<br />
We employ technical security measures to avoid exposure to sensitive data.<br />
We also store backups of post, profile, and account data in multiple locations, in an encrypted form, on our server near Chemnitz, Germany, as well as on Backblaze B2.<br />
For technical reasons it is not possible modify these backups to remove your data. If this is a concern, please contact us.
<h3>What are your data protection rights?</h3>
We want to make sure that you are aware of your data protection rights. Every user is entitled to the following: <br />
<b>The right to access</b> — You can request a copy of the data we have about you. This may require a short verification for remote users. Local users can do so in the settings under Export/Import <br />
<b>The right to rectification</b> — You can request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is inaccurate. <br />
<b>The right to erasure</b> — You can request us to erase the data we have about you.<br />
<b>The right to restrict to processing</b> — You can restrict us from transmitting your posts to other servers by setting your post visiblity to “Local”. Remote users can also restrict processing of certain posts, by setting its visiblity to “Unlisted” or “Private”.<br />
<b>The right to object to processing</b> — As a remote user, you can object to further processing of posts and profile data by blocking this domain.<br />
<b>The right to data portability</b> — You can at any point move to other instances. Due to technical restrictions, it is currently not possible to automatically transfer the users you follow and posts to your new account.<br />
If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, or need help with the included tools, please contact us at our email <a href="mailto:privacy@chir.rs">privacy@chir.rs</a>
<h3>Cookies</h3>
Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology<br />
For further information, visit <a href="httpsd//allaboutcookies.org">allaboutcookies.org</a>.
<h4>How do we use cookies?</h4>
We use cookies for keeping you logged in. Additionally we store certain configuration in cookies, however these cookies are never transmitted to anyone.
<h4>How to manage cookies</h4>
You can tell your browser to not accept cookies, or tell it to remove cookies this website has stored on your device. Please consult your browsers documentation on instructions on how to do that.
<h3>Privacy policies of other websites</h3>
This site contains many links to other websites. This privacy policy only applies to this website. Please consult the privacy policy of these remote sites before entering any personal information.
<h3>Changes to our privacy policy</h3>
We may make occasional adjustments to this privacy policy. This policy was last updated on 2022-12-30.
<h3>How to contact us</h3>
If you have any questions about this policy, the data we hold about you, or want to exercise one of your data protection rights, please contact us at: <a href="mailto:privacy@chir.rs">privacy@chir.rs</a>
<h3>How to contact the appropriate authority</h3>
Should you wish to report a complaint, or if you feel that we havent addressed your concern in a satisfactory manner, you may contact the <a href="https://www.saechsdsb.de/petition" lang="de">Sächsische Datenschutzbehörde</a>.
<hr />
We also offer the <a href="https://akko.chir.rs/web">Mastodon Web UI</a>. Keep in mind that some features are missing,
like emoji reactions, quoting, and JPEG XL.
<h3>Art Credit</h3>
<ul>
<li>Bun, blobfox, vlpn, raccoon, fox, gphn, neofox, neocat, drgn, floof: Created by <a href="https://is-a.wyvern.rip/@volpeon">@volpeon@is-a.wyvern.rip</a></li>
<li>rosahaj pride: by <a href="https://alpaka.social/@braid">@braid@alpaka.social</a></li>
</ul>

Binary file not shown.

Before

Width:  |  Height:  |  Size: 15 KiB

View file

@ -1,54 +0,0 @@
{
attic,
config,
lib,
system,
pkgs,
...
}: {
disabledModules = ["services/networking/atticd.nix"];
imports = [attic.nixosModules.atticd];
services.atticd = {
enable = true;
package = attic.packages.${system}.attic-server;
credentialsFile = config.sops.secrets."services/attic".path;
settings = {
listen = "[::1]:57448";
allowed-hosts = ["attic.chir.rs"];
api-endpoint = "https://attic.chir.rs/";
database.url = "postgresql:///attic?sslmode=disable&host=/run/postgresql";
storage = {
type = "s3";
region = "us-east-1";
bucket = "attic-chir-rs";
endpoint = "https://ams1.vultrobjects.com/";
};
compression = {
type = "zstd";
level = 12;
};
chunking = {
nar-size-threshold = 131072;
min-size = 65536;
avg-size = 131072;
max-size = 262144;
};
garbage-collection.default-retention-period = "3 months";
};
};
sops.secrets."services/attic" = {};
services.postgresql.ensureDatabases = [
"attic"
];
services.caddy.virtualHosts."attic.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://[::1]:57448 {
trusted_proxies private_ranges
}
'';
};
}

View file

@ -1,44 +0,0 @@
λ(host: Text) →
-- TODO: Deduplicate with the nix code
{
-- Common config
caddyConfig = {
admin = {
disabled = True
},
storage = {
module = "file_system",
root = "/var/lib/caddy"
},
apps = {
http = ./http.dhall host
}
},
nixosConfig = {
systemd = {
tmpfiles = {
rules = [
"d '/var/lib/caddy' 0750 caddy acme - -"
]
}
},
networking = {
firewall = {
allowedTCPPorts = [ 80, 443 ],
allowedUDPPorts = [ 443 ]
}
},
security = {
acme = {
certs = let value = { reloadServices = ["caddy.service"] } in {
`darkkirb.de` = value,
`chir.rs` = value,
`int.chir.rs` = value,
`miifox.net` = value
}
}
}
}
}

View file

@ -1,47 +0,0 @@
{lib, ...}: {
services.caddy = {
enable = true;
group = "acme";
globalConfig = ''
admin off
storage file_system /var/lib/caddy
auto_https disable_certs
'';
logFormat = lib.mkForce ''
output file /var/log/caddy/access.log {
roll_keep_for 7d
}
format filter {
wrap json
fields {
request>remote_addr ip_mask {
ipv4 0
ipv6 0
}
request>headers>Cf-Connecting-Ip ip_mask {
ipv4 0
ipv6 0
}
request>headers>X-Forwarded-For ip_mask {
ipv4 0
ipv6 0
}
}
}
'';
extraConfig = ''
(baseConfig) {
encode {
gzip
zstd
# TODO: support for brotli
}
}
'';
};
systemd.tmpfiles.rules = [
"d '/var/lib/caddy' 0750 caddy acme - -"
];
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedUDPPorts = [443];
}

View file

@ -1,3 +0,0 @@
λ(host: Text) → {
}

View file

@ -1,64 +0,0 @@
λ ( secretsFile
: { staticDir : Text, connectionString : Text, signUpKey : Text
, nodeName : Text }
) →
let SqliteConfig =
{ Type =
{ filename : Text
, walEnabled : Optional Bool
, fkEnabled : Optional Bool
, extraPragmas : Optional (List Text)
}
, default =
{ walEnabled = None Bool
, fkEnabled = None Bool
, extraPragmas = None (List Text)
}
}
let PostgresConfig =
{ Type =
{ connectionString : Text
, poolStripes : Natural
, poolIdleTimeout : Natural
}
, default = { poolStripes = 0, poolIdleTimeout = 300 }
}
let LogLevel =
{ Type =
< LogLevelDebug
| LogLevelInfo
| LogLevelWarn
| LogLevelError
| LogLevelOther : Text
>
}
let Config =
{ Type =
{ listenPort : Natural
, database : PostgresConfig.Type
, databasePoolSize : Natural
, staticDir : Text
, logLevel : LogLevel.Type
, nodeName : Text
, signUpKey : Text
, rpId : Text
}
, default =
{ databasePoolSize = 10
, staticDir = "./static"
, logLevel = LogLevel.Type.LogLevelInfo
}
}
in Config::{
, listenPort = 62936
, database = PostgresConfig::{ connectionString = secretsFile.connectionString }
, logLevel = LogLevel.Type.LogLevelInfo
, signUpKey = secretsFile.signUpKey
, rpId = "lotte-test.chir.rs"
, staticDir = secretsFile.staticDir
, nodeName = secretsFile.nodeName
}

View file

@ -1,96 +0,0 @@
{
lib,
pkgs,
config,
chir-rs,
system,
...
}: let
staticDir = pkgs.stdenvNoCC.mkDerivation {
name = "static";
buildPhase = "true";
src = pkgs.emptyDirectory;
installPhase = ''
mkdir $out
for f in ${chir-rs.packages.${system}.chir-rs-fe}/*; do
ln -sv $f $out
done
ln -sv ${chir-rs.packages.${system}.art-assets} $out/img
'';
};
auxCfg = pkgs.writeText "config.dhall" ''
${./chir-rs.dhall} {
staticDir = "${staticDir}",
connectionString = "postgres://chir_rs:" ++ (${config.sops.secrets."services/chir-rs/database-password".path} as Text) ++ "@nixos-8gb-fsn1-1.int.chir.rs/chir_rs",
signUpKey = ${config.sops.secrets."services/chir-rs/signup-secret".path} as Text,
nodeName = "${config.networking.hostName}"
}
'';
in {
systemd.services.chir-rs = {
enable = true;
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Restart = "always";
PrivateTmp = true;
WorkingDirectory = "/tmp";
User = "chir-rs";
CapabilityBoundingSet = [""];
DeviceAllow = [""];
LockPersonality = true;
MemoryDenyWriteExecute = true;
NoNewPrivileges = true;
PrivateDevices = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHome = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectSystem = "strict";
RemoveIPC = true;
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
UMask = "0077";
ExecStart = ''
${chir-rs.packages.${system}.chir-rs}/bin/chir-rs
'';
};
environment = {
CHIR_RS_CONFIG = "${auxCfg}";
};
};
sops.secrets."services/chir-rs/database-password".owner = "chir-rs";
sops.secrets."services/chir-rs/signup-secret".owner = "chir-rs";
services.postgresql.ensureDatabases = [
"chir_rs"
];
services.postgresql.ensureUsers = [
{
name = "chir_rs";
ensureDBOwnership = true;
}
];
services.caddy.virtualHosts."lotte-test.chir.rs" = {
useACMEHost = "chir.rs";
logFormat = lib.mkForce "";
extraConfig = ''
import baseConfig
reverse_proxy http://127.0.0.1:62936 {
trusted_proxies private_ranges
}
'';
};
users.users.chir-rs = {
description = "Chir.rs domain server";
isSystemUser = true;
group = "chir-rs";
};
users.groups.chir-rs = {};
}

View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = [pkgs.cifs-utils pkgs.lxqt.lxqt-policykit];
networking.firewall.extraCommands = ''iptables -t raw -A OUTPUT -p udp -m udp --dport 137 -j CT --helper netbios-ns'';
services.gvfs.enable = true;
}

View file

@ -1,28 +0,0 @@
{
pkgs,
nixpkgs,
...
}: {
services.printing = {
enable = true;
drivers = with pkgs; [
brlaser
];
browsing = true;
listenAddresses = ["*:631"];
allowFrom = ["all"];
defaultShared = true;
extraConf = ''
ServerAlias *
'';
};
services.avahi = {
enable = true;
publish.enable = true;
publish.userServices = true;
};
#imports = ["${nixpkgs}/nixos/modules/services/hardware/sane_extra_backends/brscan4.nix"];
hardware.sane.enable = true;
}

View file

@ -1,11 +0,0 @@
_: {
virtualisation.docker = {
autoPrune = {
dates = "weekly";
enable = true;
flags = ["--all"];
};
enable = true;
};
users.users.darkkirb.extraGroups = ["docker"];
}

View file

@ -1,153 +0,0 @@
{
pkgs,
config,
...
}: let
sieves = import ../../packages/sieves.nix pkgs;
in {
nixpkgs.overlays = [
(curr: prev: {
dovecot =
(prev.dovecot.override {
withPgSQL = true;
})
.overrideAttrs (super: {
doCheck = false;
doInstallCheck = false;
});
})
];
services.dovecot2 = {
enable = true;
enableImap = true;
enableLmtp = true;
enablePop3 = true;
enableQuota = true;
modules = [pkgs.dovecot_pigeonhole];
mailGroup = "dovecot";
mailUser = "dovecot";
mailLocation = "maildir:/var/vmail/%d/%n";
mailPlugins = {
globally.enable = [
"old_stats"
];
perProtocol = {
imap.enable = [
"imap_sieve"
];
lda.enable = [
"sieve"
];
lmtp.enable = [
"sieve"
];
};
};
mailboxes = {
Drafts = {
specialUse = "Drafts";
auto = "subscribe";
};
Junk = {
specialUse = "Junk";
auto = "subscribe";
};
Trash = {
specialUse = "Trash";
auto = "subscribe";
};
Sent = {
specialUse = "Sent";
auto = "subscribe";
};
"Sent Messages" = {
specialUse = "Sent";
};
"virtual/All" = {
specialUse = "All";
auto = "subscribe";
};
};
sslServerCert = "/var/lib/acme/chir.rs/cert.pem";
sslServerKey = "/var/lib/acme/chir.rs/key.pem";
extraConfig = ''
service old-stats {
unix_listener old-stats {
user = dovecot-exporter
group = dovecot-exporter
mode = 0660
}
fifo_listener old-stats-mail {
mode = 0660
user = dovecot
group = dovecot
}
fifo_listener old-stats-user {
mode = 0660
user = dovecot
group = dovecot
}
}
plugin {
old_stats_refresh = 30 secs
old_stats_track_cmds = yes
}
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder or flag changed in Spam folder
imapsieve_mailbox1_name = Junk
imapsieve_mailbox1_causes = COPY FLAG
imapsieve_mailbox1_before = file:${sieves.report-spam}/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before = file:${sieves.report-ham}/report-ham.sieve
sieve_pipe_bin_dir = /nix/store
sieve_global_extensions = +vnd.dovecot.pipe
sieve = ${sieves.default}/default.sieve
}
disable_plaintext_auth = yes
auth_mechanisms = plain login
passdb {
driver = sql
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = prefetch
}
userdb {
driver = sql
args = /run/secrets/services/dovecot/dovecot-sql.conf.ext
}
service auth {
unix_listener /run/dovecot2/auth {
mode = 0660
user = postfix
group = postfix
}
}
first_valid_uid = 76
last_valid_uid = 987
'';
user = "dovecot";
group = "dovecot";
};
services.prometheus.exporters.dovecot = {
enable = true;
port = 35496;
};
sops.secrets."services/dovecot/rspamd_password" = {owner = "dovecot";};
sops.secrets."services/dovecot/dovecot-sql.conf.ext" = {owner = "dovecot";};
networking.firewall.allowedTCPPorts = [
110 # POP3
143 # IMAP
993 # IMAPS
995 # POP3S
];
security.acme.certs."chir.rs".reloadServices = ["dovecot2.service"];
}

Some files were not shown because too many files have changed in this diff Show more