kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format

Browse Source
This commit is contained in:
Kopatz
2025-03-18 16:27:20 +01:00
parent 923ab37209
commit cc32af7b80
131 changed files with 2383 additions and 2224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
flake.nix
View File

@@ -63,9 +63,25 @@
# inputs.nixpkgs.follows = "nixpkgs-unstable";
#};
};
outputs = { self, nur, nixpkgs, nixos-hardware, nixos-wsl, nixpkgs-unstable
, agenix, home-manager, home-manager-unstable, nix-colors, nixos-cosmic
, nixvim, nixos-generators, stylix, disko, flake-utils, ... }@inputs:
outputs =
{ self
, nur
, nixpkgs
, nixos-hardware
, nixos-wsl
, nixpkgs-unstable
, agenix
, home-manager
, home-manager-unstable
, nix-colors
, nixos-cosmic
, nixvim
, nixos-generators
, stylix
, disko
, flake-utils
, ...
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
@@ -84,10 +100,16 @@
builtins.foldl' (acc: elem: nixpkgs.lib.recursiveUpdate acc elem) { }
list;
# helper function to create a machine
mkHost = { modules, specialArgs ? {
mkHost =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs-unstable;
home-manager-version = home-manager-unstable;
}, system ? "x86_64-linux", minimal ? false, graphical ? true }:
}
, system ? "x86_64-linux"
, minimal ? false
, graphical ? true
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
@@ -102,10 +124,15 @@
];
specialArgs = specialArgs // { inherit inputs outputs; };
};
mkStableServer = { modules, specialArgs ? {
mkStableServer =
{ modules
, specialArgs ? {
pkgsVersion = nixpkgs;
home-manager-version = home-manager;
}, system ? "x86_64-linux", minimal ? false }:
}
, system ? "x86_64-linux"
, minimal ? false
}:
let lib = specialArgs.pkgsVersion.lib;
in specialArgs.pkgsVersion.lib.nixosSystem {
inherit system;
@@ -141,7 +168,8 @@
};
};
});
in {
in
{
overlays = import ./overlays.nix { inherit inputs; };
nixosConfigurations = {

6
home-manager/code.nix
View File

@@ -1,6 +1,7 @@
{ osConfig, config, pkgs, inputs, lib, ... }: {
config = lib.mkIf osConfig.custom.graphical.code.enable rec {
home.activation.makeVSCodeConfigWritable = let
home.activation.makeVSCodeConfigWritable =
let
configDirName = {
"vscode" = "Code";
"vscode-insiders" = "Code - Insiders";
@@ -8,7 +9,8 @@
}.${programs.vscode.package.pname};
configPath =
"${config.xdg.configHome}/${configDirName}/User/settings.json";
in {
in
{
after = [ "writeBoundary" ];
before = [ ];
data = ''

2
home-manager/direnv.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.direnv = {
enable = true;

3
home-manager/firefox/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
stylix = lib.mkIf osConfig.custom.graphical.stylix.enable {
targets.firefox = {
profileNames = [ "default" ];

3
home-manager/floorp/default.nix
View File

@@ -58,7 +58,8 @@ let
};
};
};
in {
in
{
programs.floorp = {
enable = true;
policies = {

2
home-manager/gitconfig.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home.file.".gitconfig" = {
enable = true;

18
home-manager/hyprland/hyprland-settings.nix
View File

@@ -12,7 +12,8 @@ let
'';
monitor1 = if isPc then "DP-1" else if isLaptop then "eDP-1" else "eDP-1";
monitor2 = "HDMI-A-1";
in {
in
{
config = lib.mkIf cfg.enable {
home.file.".config/hypr/hyprshade.toml".source =
@@ -29,7 +30,8 @@ in {
#
# See https://wiki.hyprland.org/Configuring/Monitors/
monitor = if isPc then [
monitor =
if isPc then [
"${monitor2},1920x1080@60,0x0,1"
"${monitor1},2560x1440@144,1920x0,1"
"Unknown-1,disable"
@@ -181,7 +183,8 @@ in {
"$mainMod" = "SUPER";
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
bind = let
bind =
let
rofi = "${pkgs.rofi-wayland}/bin/rofi";
kitty = "${pkgs.kitty}/bin/kitty";
#dolphin = "${pkgs.dolphin}/bin/dolphin";
@@ -196,7 +199,8 @@ in {
#swaylock = "${pkgs.swaylock}/bin/swaylock";
hyprlock = "${pkgs.hyprlock}/bin/hyprlock";
playerctl = "${pkgs.playerctl}/bin/playerctl";
in [
in
[
"$mainMod, Q, exec, ${kitty}"
"$mainMod, C, killactive"
#"$mainMod, L, exec, ${swaylock} -f -c 000000"
@@ -318,14 +322,16 @@ in {
"xrandr --monitor ${monitor1} --primary"
];
};
extraConfig = let
extraConfig =
let
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
wl-paste = "${pkgs.wl-clipboard}/bin/wl-paste";
dunstify = "${pkgs.dunst}/bin/dunstify";
dunstctl = "${pkgs.dunst}/bin/dunstctl";
pdfgrep = "${pkgs.pdfgrep}/bin/pdfgrep --cache";
path = "/synced/fh/os-hardening/**/slides";
in ''
in
''
bind = $mainMod, A, submap, notes
submap = notes

2
home-manager/hyprland/hyprland-xwaylandvideobridge.nix
View File

@@ -16,7 +16,7 @@ in
systemd.user.services.xwaylandvideobridge = {
Unit.Description = "XWaylandVideoBridge";
Service.ExecStart = lib.getExe pkgs.unstable.xwaylandvideobridge;
Install.WantedBy = ["graphical-session.target"];
Install.WantedBy = [ "graphical-session.target" ];
};
};
}

6
home-manager/hyprland/waybar.nix
View File

@@ -2,7 +2,8 @@
with lib;
let cfg = osConfig.custom.graphical.hyprland;
in {
config = let
config =
let
# styles from https://github.com/khaneliman/khanelinix/blob/8375f8cfbe5bfd87565b4dc34c9d30630c17336d/modules/home/desktop/addons/waybar/default.nix
base16 = config.stylix.base16Scheme;
readAndReplace = path: replace: builtins.readFile (pkgs.replaceVars path replace);
@@ -14,7 +15,8 @@ in {
powerStyle = builtins.readFile ./styles/power.css;
statsStyle = builtins.readFile ./styles/stats.css;
workspacesStyle = builtins.readFile ./styles/workspaces.css;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
home.file.".config/waybar" = {
recursive = true;

3
home-manager/i3.nix
View File

@@ -68,7 +68,8 @@ in {
# wm-restack = "i3";
# override-redirect = true;
};
"module/i3" = let padding = 2;
"module/i3" =
let padding = 2;
in {
type = "internal/i3";
pin-workspaces = true;

2
home-manager/kitty.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib, ...}:
{ config, pkgs, inputs, lib, ... }:
{
programs.kitty = {
enable = true;

2
home-manager/lf.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.lf = {
enable = true;

2
home-manager/mpv.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
programs.mpv = {
enable = true;

2
home-manager/nixvim/config.nix
View File

@@ -1,4 +1,4 @@
{lib, pkgs, ...}:
{ lib, pkgs, ... }:
{
enable = true;
viAlias = true;

3
home-manager/nixvim/default.nix
View File

@@ -30,7 +30,8 @@ let
];
merged =
builtins.foldl' (acc: elem: lib.recursiveUpdate acc elem) { } configs;
in {
in
{
home.sessionVariables = { EDITOR = "nvim"; };
programs.nixvim = merged;
}

2
home-manager/nixvim/images.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}:
{ pkgs, ... }:
{
plugins = {
image.enable = true;

15
home-manager/nixvim/lsp.nix
View File

@@ -1,19 +1,28 @@
{pkgs, ...}:
{ pkgs, ... }:
{
plugins = {
otter = { # provide lsp functionality for code embedded in other languages
otter = {
# provide lsp functionality for code embedded in other languages
enable = true;
settings.handle_leading_whitespace = true;
};
lsp = {
enable = true;
inlayHints = true;
servers = {
bashls.enable = true;
#ccls.enable = true;
clangd.enable = true;
cssls.enable = true;
gopls.enable = true;
nixd.enable = true;
nixd = {
enable = true;
settings = {
nixpkgs.expr = ''import <nixpkgs> { }'';
formatting.command = [ "nixpkgs-fmt" ];
options.nixos.expr = ''(builtins.getFlake ("/home/kopatz/projects/github/nix-config")).nixosConfigurations.kop-pc.options'';
};
};
html.enable = true;
dartls.enable = true;
ts_ls.enable = true;

2
home-manager/nixvim/none-ls.nix
View File

@@ -10,7 +10,7 @@
fantomas.enable = true;
gofmt.enable = true;
goimports.enable = true;
nixfmt.enable = true;
#nixfmt.enable = true;
markdownlint.enable = true;
shellharden.enable = true;
shfmt.enable = true;

3
home-manager/nixvim/which_key.nix
View File

@@ -2,4 +2,5 @@
opts = {
timeoutlen = 500;
};
plugins.which-key = { enable = true; }; }
plugins.which-key = { enable = true; };
}

2
home-manager/nvim.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home.file.".config/nvim" = {
enable = true;

6
home-manager/rofi/default.nix
View File

@@ -8,7 +8,8 @@ let
r = c."${color}-rgb-r";
g = c."${color}-rgb-g";
b = c."${color}-rgb-b";
in "rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
in
"rgba ( ${r}, ${g}, ${b}, ${opacity} % )";
mkRgb = mkRgba "100";
rofiOpacity =
builtins.toString (builtins.ceil (config.stylix.opacity.popups * 100));
@@ -55,7 +56,8 @@ let
alternate-active-text = mkRgb "base0D";
alternate-urgent-text = mkRgb "base08";
};
in {
in
{
home.file.".config/rofi" = {
enable = true;
recursive = true;

8
home-manager/stylix.nix
View File

@@ -1,7 +1,9 @@
{ osConfig, pkgs, config, lib, ... }:
let cfg = osConfig.custom.graphical.stylix;
let
cfg = osConfig.custom.graphical.stylix;
base16 = config.stylix.base16Scheme;
in {
in
{
config = lib.mkIf cfg.enable {
stylix = {
enable = true;
@@ -17,7 +19,7 @@ in {
};
wayland.windowManager.hyprland.settings = lib.mkIf osConfig.custom.graphical.hyprland.enable {
env = ["GTK_THEME,adw-gtk3"];
env = [ "GTK_THEME,adw-gtk3" ];
general."col.active_border" = lib.mkForce "rgb(${base16.base07}) rgb(${base16.base04}) 45deg";
};
};

2
home-manager/theme.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, inputs, ...}:
{ config, pkgs, inputs, ... }:
{
home = {
pointerCursor = {

2
modules/cursed-ssh-conf-for-3neo.nix
View File

@@ -3,7 +3,7 @@
services.openssh.extraConfig = ''
HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedAlgorithms +ssh-rsa
'';
'';
services.openssh.settings.Macs = [
"hmac-md5"

2
modules/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./fh

4
modules/ecryptfs.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
ecryptfs
@@ -6,5 +6,5 @@
security.pam.enableEcryptfs = true;
programs.ecryptfs.enable = true;
boot.kernelModules = ["ecryptfs"];
boot.kernelModules = [ "ecryptfs" ];
}

2
modules/fh/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [

2
modules/fh/forensik.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...} :
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
regripper

2
modules/fh/scanning.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...} :
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
nmap

2
modules/fh/writing.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
typst
];

2
modules/gpg.nix
View File

@@ -1,4 +1,4 @@
{pkgs, ...}:
{ pkgs, ... }:
{
#services.pcscd.enable = true;

2
modules/graphical/audio.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...} :
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.audio;

2
modules/graphical/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
{
imports = [

2
modules/graphical/emulators.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, inputs, ... }:
{ lib, config, pkgs, inputs, ... }:
with lib;
let
cfg = config.custom.graphical.emulators;

3
modules/graphical/games.nix
View File

@@ -11,7 +11,8 @@ let
# hash = "sha256-aWpTUAm9FBuZI2KwEvhSnLB7Mfp5nYgUwvvLF47FIfM=";
# };
#});
in {
in
{
options.custom.graphical.games = {
enable = mkEnableOption "Enables games";
enablePreinstalled = mkEnableOption "Enables preinstalled games";

2
modules/graphical/lxqt.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.lxqt;

2
modules/graphical/noise-supression.nix
View File

@@ -1,4 +1,4 @@
{config, pkgs, lib, ...}:
{ config, pkgs, lib, ... }:
let
cfg = config.custom.graphical.noise-supression;
in

2
modules/graphical/obs.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.obs;

2
modules/graphical/openrgb.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ...}:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.openrgb;

6
modules/graphical/shared.nix
View File

@@ -6,11 +6,13 @@ in {
enable = mkEnableOption "Enables shared";
};
config = let
config =
let
screenshot = pkgs.writeShellScriptBin "screenshot" ''
${pkgs.scrot}/bin/scrot -fs - | ${pkgs.xclip}/bin/xclip -selection clipboard -t image/png -i
'';
in mkIf cfg.enable {
in
mkIf cfg.enable {
programs.dconf.enable = true;
fonts.fontDir.enable = true;

2
modules/graphical/xfce.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ...}:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.graphical.xfce;

2
modules/hardware/firmware.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.firmware;

9
modules/hardware/nvidia.nix
View File

@@ -28,9 +28,11 @@ in {
};
};
config = let
config =
let
# the option was renamed in unstable
nvidiaOption = if (pkgsVersion == inputs.nixpkgs-unstable) then {
nvidiaOption =
if (pkgsVersion == inputs.nixpkgs-unstable) then {
hardware.graphics = {
enable = true;
enable32Bit = true;
@@ -44,7 +46,8 @@ in {
};
};
nvidia_oc = "${pkgs.nvidia_oc}/bin/nvidia_oc";
in lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
in
lib.mkIf cfg.enable (lib.recursiveUpdate nvidiaOption {
boot.kernelParams =
[ "nvidia-drm.fbdev=1" "nvidia.NVreg_PreserveVideoMemoryAllocations=1" ];
services.xserver.videoDrivers = [ "nvidia" ];

2
modules/hardware/scheduler.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.scheduler;

2
modules/hardware/ssd.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.hardware.ssd;

8
modules/hardware/wooting.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ...}:
{ config, pkgs, lib, ... }:
with lib;
let
cfg = config.custom.hardware.wooting;
@@ -8,7 +8,8 @@ in
enable = mkEnableOption "Enable wooting hardware support";
};
config = let
config =
let
wooting-udev = pkgs.stdenv.mkDerivation rec {
pname = "wooting-udev-rules";
version = "unstable-2023-03-31";
@@ -30,7 +31,8 @@ in
maintainers = with maintainers; [ davidtwco ];
};
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
services.udev.packages = [ wooting-udev ];
environment.systemPackages = with pkgs; [

2
modules/hdd-spindown.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
powerManagement.powerUpCommands = ''
${pkgs.hdparm}/sbin/hdparm -B 127 /dev/sd[ab]

101
modules/kernel.nix
View File

@@ -1,53 +1,54 @@
{ pkgs, config, ... }:
let
#amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
#
# pkgs.stdenv.mkDerivation {
# pname = "amdgpu-kernel-module";
# inherit (kernel) version postPatch nativeBuildInputs;
# src = fetchurl {
# url =
# "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# # Use "sha256-....." value here.
# hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
# };
#
# kernel_dev = kernel.dev;
# kernelVersion = kernel.modDirVersion;
#
# modulePath = "drivers/gpu/drm/amd/amdgpu";
#
# buildPhase = ''
# BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
#
# cp $BUILT_KERNEL/Module.symvers .
# cp $BUILT_KERNEL/.config .
# cp $kernel_dev/vmlinux .
#
# make "-j$NIX_BUILD_CORES" modules_prepare
# make "-j$NIX_BUILD_CORES" M=$modulePath modules
# '';
#
# installPhase = ''
# make \
# INSTALL_MOD_PATH="$out" \
# XZ="xz -T$NIX_BUILD_CORES" \
# M="$modulePath" \
# modules_install
# '';
#
# meta = {
# description = "AMD GPU kernel module";
# license = lib.licenses.gpl3;
# };
# };
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel;
# };
#amdgpu_module_pkg =
# { pkgs, lib, fetchurl, kernel ? pkgs.linuxPackages_latest.kernel, ... }:
#
# pkgs.stdenv.mkDerivation {
# pname = "amdgpu-kernel-module";
# inherit (kernel) version postPatch nativeBuildInputs;
# src = fetchurl {
# url =
# "https://gitlab.freedesktop.org/agd5f/linux/-/archive/amd-drm-next-6.15-2025-03-14/linux-amd-drm-next-6.15-2025-03-14.tar.gz";
# # After the first build attempt, look for "hash mismatch" and then 2 lines below at the "got:" line.
# # Use "sha256-....." value here.
# hash = "sha256-/9EvJNBSKteXljrZzmaQkbZ7o4etCe0yFM3JJg/jD7o=";
# };
#
# kernel_dev = kernel.dev;
# kernelVersion = kernel.modDirVersion;
#
# modulePath = "drivers/gpu/drm/amd/amdgpu";
#
# buildPhase = ''
# BUILT_KERNEL=$kernel_dev/lib/modules/$kernelVersion/build
#
# cp $BUILT_KERNEL/Module.symvers .
# cp $BUILT_KERNEL/.config .
# cp $kernel_dev/vmlinux .
#
# make "-j$NIX_BUILD_CORES" modules_prepare
# make "-j$NIX_BUILD_CORES" M=$modulePath modules
# '';
#
# installPhase = ''
# make \
# INSTALL_MOD_PATH="$out" \
# XZ="xz -T$NIX_BUILD_CORES" \
# M="$modulePath" \
# modules_install
# '';
#
# meta = {
# description = "AMD GPU kernel module";
# license = lib.licenses.gpl3;
# };
# };
# amdgpu_module = pkgs.callPackage amdgpu_module_pkg {
# kernel = config.boot.kernelPackages.kernel;
# };
in {
in
{
#boot.extraModulePackages = [ amdgpu_module ];
#boot.kernelPackages = pkgs.linuxPackages_latest;
#boot.kernelPackages = pkgs.linuxPackages_testing;
@@ -62,7 +63,8 @@ in {
# };
#});
boot.kernelPackages = let
boot.kernelPackages =
let
amd_drm_next_pkg = { fetchurl, buildLinux, ... }@args:
buildLinux (args // rec {
@@ -81,5 +83,6 @@ in {
extraMeta.branch = "6.14.0-rc4";
} // (args.argsOverride or { }));
linux_amd_drm_next = pkgs.callPackage amd_drm_next_pkg { };
in pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
in
pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linux_amd_drm_next);
}

10
modules/misc/backup.nix
View File

@@ -22,17 +22,18 @@ in
};
excludePaths = lib.mkOption {
type = types.listOf types.str;
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out"];
default = [ "**/Cache" "**/.cache" "**/__pycache__" "**/node_modules" "**/venv" "*.o" "*.out" ];
description = "paths to exclude from the backup";
};
excludePathsRemote = lib.mkOption {
type = types.listOf types.str;
default = cfg.excludePaths ++ [ "**/dont_remotebackup"];
default = cfg.excludePaths ++ [ "**/dont_remotebackup" ];
description = "paths to exclude from the remote backup";
};
};
config = let
config =
let
checkStorageSpace = pkgs.writeShellApplication {
name = "checkBackupStorageSpace";
text = ''
@@ -51,7 +52,8 @@ in
du -sch ${builtins.concatStringsSep " " (map (x: "--exclude=" + x) cfg.excludePathsRemote)} ${builtins.concatStringsSep " " cfg.large}
'';
};
in mkIf cfg.enable {
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [ checkStorageSpace ];
age.secrets.restic-pw = {
file = ../../secrets/restic-pw.age;

2
modules/misc/btrfs.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.misc.btrfs;

6
modules/misc/cli-tools.nix
View File

@@ -4,7 +4,8 @@ let cfg = config.custom.cli-tools;
in {
options.custom.cli-tools = { enable = mkEnableOption "Enables cli-tools"; };
config = let
config =
let
getTotalPowerUsed = pkgs.writeShellScriptBin "total-power" ''
echo "$(sudo cat /sys/class/powercap/*/energy_uj | awk 'BEGIN { sum = 0; } { sum += $1; } END { print sum; }' "$@") / 1000000" | bc | xargs -I _ echo "_ W"
'';
@@ -24,7 +25,8 @@ in {
echo "scale=2; ($power_curr - $power_prev) / 1" | bc | xargs -I _ echo "_ W"
done
'';
in mkIf cfg.enable {
in
mkIf cfg.enable {
environment.systemPackages = with pkgs; [
getTotalPowerUsed
watchCurrentPowerUsed

2
modules/misc/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./packages-list.nix

2
modules/misc/nftables.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.nftables;

6
modules/misc/packages-list.nix
View File

@@ -1,8 +1,10 @@
{ config, pkgs, ... }: {
environment.etc."current-system-packages".text = let
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique =
builtins.sort builtins.lessThan (pkgs.lib.lists.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in formatted;
in
formatted;
}

3
modules/misc/static-ip.nix
View File

@@ -22,7 +22,8 @@ in {
description = "Default gateway";
};
};
config = let fallback = "1.1.1.1";
config =
let fallback = "1.1.1.1";
in mkIf cfg.enable {
networking = {
defaultGateway = cfg.gateway;

2
modules/misc/tmpfs.nix
View File

@@ -1,4 +1,4 @@
{config, lib, ...}:
{ config, lib, ... }:
with lib;
let
cfg = config.custom.tmpfs;

2
modules/misc/wireshark.nix
View File

@@ -1,4 +1,4 @@
{lib, config, pkgs, ... }:
{ lib, config, pkgs, ... }:
with lib;
let
cfg = config.custom.wireshark;

96
modules/motd.nix
View File

@@ -1,52 +1,52 @@
{
users.motd = ''
'';
}

2
modules/networkmanager.nix
View File

@@ -1,4 +1,4 @@
{pkgs, lib, ...}:
{ pkgs, lib, ... }:
{
networking.networkmanager.enable = true;
networking.networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ];

2
modules/nix/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./index.nix

2
modules/nix/ld.nix
View File

@@ -1,4 +1,4 @@
{config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.custom.nix.ld;

3
modules/nix/settings.nix
View File

@@ -3,7 +3,8 @@ with lib;
let
cfg = config.custom.nix.settings;
cache = "https://cache.nixos.org";
in {
in
{
options.custom.nix.settings = {
enable = mkEnableOption "Enables various nix settings";
optimise = mkOption {

1
modules/no-sleep-lid-closed.nix
View File

@@ -1,4 +1,3 @@
{
services.logind.lidSwitchExternalPower = "ignore";
}

1
modules/services/adam-site.nix
View File

@@ -1,4 +1,3 @@
{ config, pkgs, lib, inputs, ... }:
with lib;
let cfg = config.custom.services.adam-site;

6
modules/services/adguard.nix
View File

@@ -19,10 +19,12 @@ in {
description = "use https for the adguard instance";
};
};
config = let
config =
let
ip = cfg.ip;
wireguardIp = config.custom.services.wireguard.ip;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 53 ];
networking.firewall.allowedUDPPorts = [ 53 ];

9
modules/services/caldav.nix
View File

@@ -28,8 +28,10 @@ in {
large = [ "/var/lib/radicale/" ];
};
systemd.services.kop-fhcalendar = let
radicale = if lib.versionOlder lib.version "25.05" then
systemd.services.kop-fhcalendar =
let
radicale =
if lib.versionOlder lib.version "25.05" then
(builtins.elemAt
config.services.radicale.settings.storage.filesystem_folder 0)
else
@@ -37,7 +39,8 @@ in {
# not reproducible
working =
"${radicale}/collection-root/kopatz/b6d2c446-8109-714a-397f-1f35d3136639";
in {
in
{
description = "Download fh calendar";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];

12
modules/services/coturn.nix
View File

@@ -6,7 +6,7 @@
group = "turnserver";
};
networking.firewall.allowedUDPPortRanges = [ { from = 49000; to=50000; } ];
networking.firewall.allowedUDPPortRanges = [{ from = 49000; to = 50000; }];
networking.firewall.allowedUDPPorts = [ 3478 ]; #5349 ];
networking.firewall.allowedTCPPorts = [ 3478 ]; #5349 ];
@@ -65,9 +65,9 @@
};
#systemd.services.coturn = {
# serviceConfig = {
# User = lib.mkForce "root";
# Group = lib.mkForce "root";
# };
# };
# serviceConfig = {
# User = lib.mkForce "root";
# Group = lib.mkForce "root";
# };
# };
}

2
modules/services/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./acme.nix

2
modules/services/dyndns.nix
View File

@@ -7,6 +7,6 @@
enable = true;
protocol = "duckdns";
passwordFile = config.age.secrets.duckdns.path;
domains = ["wachbirn.duckdns.org"];
domains = [ "wachbirn.duckdns.org" ];
};
}

2
modules/services/fileshelter.nix
View File

@@ -17,7 +17,7 @@ in
uid = cfg.uid;
group = "fileshelter";
};
users.groups.fileshelter = {};
users.groups.fileshelter = { };
age.secrets.fileshelter-conf = {
file = ../../secrets/fileshelter-conf.age;
owner = "fileshelter";

2
modules/services/games/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [
./terraria.nix

8
modules/services/games/palworld.nix
View File

@@ -1,7 +1,9 @@
# valheim.nix
{config, pkgs, lib, ...}: let
{ config, pkgs, lib, ... }:
let
join = builtins.concatStringsSep " ";
in {
in
{
services.cron = {
enable = true;
@@ -20,7 +22,7 @@ in {
group = "palworld";
};
users.groups.palworld = {};
users.groups.palworld = { };
systemd.services.palworld = {
wantedBy = [ "multi-user.target" ];

4
modules/services/grafana.nix
View File

@@ -1,4 +1,4 @@
{pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
let
useHttps = config.services.step-ca.enable;
fqdn = "grafana.home.arpa";
@@ -91,7 +91,7 @@ in
settings.namespaces = [
{
name = "nginxlog";
source.files = ["/var/log/nginx/access.log"];
source.files = [ "/var/log/nginx/access.log" ];
format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\"";
}
];

2
modules/services/home-assistant.nix
View File

@@ -13,7 +13,7 @@
config = {
# Includes dependencies for a basic setup
# https://www.home-assistant.io/integrations/default_config/
default_config = {};
default_config = { };
};
};
}

2
modules/services/invidious.nix
View File

@@ -1,4 +1,4 @@
{ config, vars, ...} :
{ config, vars, ... }:
let
fqdn = "yt.home.arpa";
useHttps = config.services.step-ca.enable;

15
modules/services/kavita.nix
View File

@@ -21,14 +21,16 @@ in {
};
isTest = mkEnableOption "Is this a test vm?";
};
config = let
config =
let
fqdn = "kavita-kopatz.duckdns.org";
useStepCa = false; # config.services.step-ca.enable;
useHttps = cfg.https;
baseDir = cfg.dir;
mangal = "${pkgs.mangal-patched}/bin/mangal";
githubRunnerEnabled = config.services.github-runners ? oberprofis.enable;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 5000 ];
systemd.tmpfiles.rules = [
(if githubRunnerEnabled then
@@ -48,18 +50,21 @@ in {
services.kavita = {
enable = true;
user = "kavita";
package = let
package =
let
backend = pkgs.unstable.kavita.backend.overrideAttrs
(old: { patches = old.patches ++ [ ./kavita-patches-chapter-parsing.diff ./kavita-page-size.diff ]; });
kavitaPatched = pkgs.unstable.kavita.overrideAttrs (old: { backend = backend; });
in kavitaPatched;
in
kavitaPatched;
settings = {
Port = 5000;
IpAddresses = "127.0.0.1";
BaseUrl = "/kavita";
};
dataDir = baseDir;
tokenKeyFile = if cfg.isTest then
tokenKeyFile =
if cfg.isTest then
(builtins.toFile "test"
"wWKNeGUslGILrUUp8Dnn4xyYnivZWBb8uqjKg3ALyCs7reV5v3CtE/E2b6i0Mwz1Xw1p9a0wcduRDNoa8Yh8kQ==")
else

8
modules/services/kubernetes.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ...}:
{ pkgs, config, lib, ... }:
# idk, dont need this
with lib;
let
@@ -8,10 +8,12 @@ in
options.custom.services.kubernetes = {
enable = mkEnableOption "Enables kubernetes";
};
config = let
config =
let
kubeMasterIP = "localhost";
kubeMasterHostname = "localhost";
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)

102
modules/services/minecraft-server.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ...}:
{ pkgs, ... }:
{
services.minecraft-server = {
enable = true;
@@ -11,56 +11,56 @@
filipus098 = "a09fb009-be78-4e26-9f33-1534186e2228";
};
serverProperties = {
allow-flight=true;
allow-nether=true;
broadcast-console-to-ops=true;
broadcast-rcon-to-ops=true;
debug=false;
difficulty="hard";
enable-command-block=false;
enable-jmx-monitoring=false;
enable-query=false;
enable-rcon=false;
enable-status=true;
enforce-secure-profile=true;
enforce-whitelist=false;
entity-broadcast-range-percentage=100;
force-gamemode=false;
function-permission-level=2;
gamemode="survival";
generate-structures=true;
hardcore=false;
hide-online-players=false;
initial-enabled-packs="vanilla";
level-name="budak";
level-type="minecraft\:normal";
log-ips=true;
max-chained-neighbor-updates=1000000;
max-players=5;
max-tick-time=60000;
max-world-size=29999984;
motd="A Minecraft Server";
network-compression-threshold=256;
online-mode=true;
op-permission-level=4;
player-idle-timeout=0;
prevent-proxy-connections=false;
pvp=true;
"query.port"=25565;
rate-limit=0;
"rcon.password"="123asdadsqwe123123";
"rcon.port"=25575;
require-resource-pack=false;
server-port=25565;
simulation-distance=10;
spawn-animals=true;
spawn-monsters=true;
spawn-npcs=true;
spawn-protection=16;
sync-chunk-writes=true;
use-native-transport=true;
view-distance=10;
white-list=true;
allow-flight = true;
allow-nether = true;
broadcast-console-to-ops = true;
broadcast-rcon-to-ops = true;
debug = false;
difficulty = "hard";
enable-command-block = false;
enable-jmx-monitoring = false;
enable-query = false;
enable-rcon = false;
enable-status = true;
enforce-secure-profile = true;
enforce-whitelist = false;
entity-broadcast-range-percentage = 100;
force-gamemode = false;
function-permission-level = 2;
gamemode = "survival";
generate-structures = true;
hardcore = false;
hide-online-players = false;
initial-enabled-packs = "vanilla";
level-name = "budak";
level-type = "minecraft\:normal";
log-ips = true;
max-chained-neighbor-updates = 1000000;
max-players = 5;
max-tick-time = 60000;
max-world-size = 29999984;
motd = "A Minecraft Server";
network-compression-threshold = 256;
online-mode = true;
op-permission-level = 4;
player-idle-timeout = 0;
prevent-proxy-connections = false;
pvp = true;
"query.port" = 25565;
rate-limit = 0;
"rcon.password" = "123asdadsqwe123123";
"rcon.port" = 25575;
require-resource-pack = false;
server-port = 25565;
simulation-distance = 10;
spawn-animals = true;
spawn-monsters = true;
spawn-npcs = true;
spawn-protection = 16;
sync-chunk-writes = true;
use-native-transport = true;
view-distance = 10;
white-list = true;
};
};
}

6
modules/services/nginx.nix
View File

@@ -45,7 +45,8 @@ in {
more_set_headers "Permissions-Policy: geolocation=(), microphone=()";
'';
virtualHosts = let
virtualHosts =
let
kopConfig = {
root = pkgs.kop-website;
forceSSL = cfg.https;
@@ -107,7 +108,8 @@ in {
};
};
};
in {
in
{
"kopatz.ddns.net" = kopConfig;
"kop.oasch.net" = kopConfig;
};

3
modules/services/smartd.nix
View File

@@ -17,7 +17,8 @@ let
--data "$JSON"
'';
cfg = config.custom.services.smartd;
in {
in
{
options.custom.services.smartd = {
enable = lib.mkEnableOption "Enables smartd monitoring";

48
modules/services/step-ca.nix
View File

@@ -2,33 +2,33 @@
let
root_ca =
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
MTZaFw0zMzEyMDUxNDUxMTZaMCQxDDAKBgNVBAoTA0tvcDEUMBIGA1UEAxMLS29w
IFJvb3QgQ0EwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATdZBOkNynShXipzhuX
f6dUByD3chNupNWsagYC5AlPRJT9fAeHEIK/bxWkFwRtLBDopWvBu9lHahBgpHc7
y7rTo0UwQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATAdBgNV
HQ4EFgQU9AVtwipW5HDBLfZRH1KZCnIKCfowCgYIKoZIzj0EAwIDSQAwRgIhAMHj
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
'';
intermediate_ca =
''
-----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww
CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx
N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag
SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs
4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl
pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF
bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR
DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y
AgN9qNc3Jbo=
-----END CERTIFICATE-----
'';
-----BEGIN CERTIFICATE-----
MIIBtDCCAVqgAwIBAgIQbEVEV7LgtjVWO+qBrrmgETAKBggqhkjOPQQDAjAkMQww
CgYDVQQKEwNLb3AxFDASBgNVBAMTC0tvcCBSb290IENBMB4XDTIzMTIwODE0NTEx
N1oXDTMzMTIwNTE0NTExN1owLDEMMAoGA1UEChMDS29wMRwwGgYDVQQDExNLb3Ag
SW50ZXJtZWRpYXRlIENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEmv7jg7Cs
4L5v52+3yUmn79hZFS2vmm/5wwcUCL63dokEXQsHgbEjaRKsF/MW0yJDLTB6Sdhl
pCvoNJqITWuEN6NmMGQwDgYDVR0PAQH/BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8C
AQAwHQYDVR0OBBYEFDgVolMCmdrhDIXhuIs4q/KwRKNLMB8GA1UdIwQYMBaAFPQF
bcIqVuRwwS32UR9SmQpyCgn6MAoGCCqGSM49BAMCA0gAMEUCIQCQa01E+UvAJ8KR
DFfDducZUpW4tZRN35lqoge7T9nM2QIgK4FFt1NqDqcjOSabAXPOQ68bvdxlHW0y
AgN9qNc3Jbo=
-----END CERTIFICATE-----
'';
in
{

10
modules/services/synapse.nix
View File

@@ -9,7 +9,8 @@ let
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
in
{
networking.domain = "kopatz.ddns.net";
networking.firewall.allowedTCPPorts = [ 80 443 ];
@@ -77,15 +78,16 @@ in {
config.age.secrets.matrix-registration.path
];
settings.listeners = [
{ port = 8008;
{
port = 8008;
bind_addresses = [ "::1" ];
type = "http";
tls = false;
x_forwarded = true;
resources = [ {
resources = [{
names = [ "client" "federation" ];
compress = true;
} ];
}];
}
];
};

4
modules/services/wireguard-client.nix
View File

@@ -6,7 +6,7 @@
};
systemd.network.networks.wg0 = {
dns = [ "192.168.2.1"];
dns = [ "192.168.2.1" ];
};
networking.wg-quick.interfaces = {
wg0 = {
@@ -15,7 +15,7 @@
privateKeyFile = config.age.secrets.wireguard-client.path;
listenPort = 51820;
dns = [ "192.168.2.1" ];
address = ["192.168.2.22/24"];
address = [ "192.168.2.22/24" ];
peers = [
{
#allowedIPs = [ "192.168.2.0/24" "192.168.0.0/24" ];

7
modules/services/wireguard.nix
View File

@@ -13,9 +13,10 @@ in
};
};
config =
let
let
wireguardIp = cfg.ip;
in lib.mkIf cfg.enable {
in
lib.mkIf cfg.enable {
age.secrets.wireguard-private = {
file = ../../secrets/wireguard-private.age;
@@ -109,5 +110,5 @@ in lib.mkIf cfg.enable {
privateKeyFile = config.age.secrets.wireguard-private.path;
};
};
};
};
}

2
modules/support/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, ...}:
{ pkgs, config, ... }:
{
imports = [

38
modules/themes/tsukasa.nix
View File

@@ -1,21 +1,21 @@
{
"base00"= "201a1e";
"base01"= "5c4133";
"base02"= "83644f";
"base03"= "c3955f";
"base04"= "dab353";
"base05"= "f4dfb4";
"base06"= "fef1de";
"base07"= "fef1de";
"base08"= "ed8796";
"base09"= "f5a97f";
"base0A"= "eed49f";
"base0B"= "a6da95";
"base0C"= "8bd5ca";
"base0D"= "8aadf4";
"base0E"= "c6a0f6";
"base0F"= "f0c6c6";
"author"= "Stylix";
"scheme"= "Stylix";
"slug"= "stylix";
"base00" = "201a1e";
"base01" = "5c4133";
"base02" = "83644f";
"base03" = "c3955f";
"base04" = "dab353";
"base05" = "f4dfb4";
"base06" = "fef1de";
"base07" = "fef1de";
"base08" = "ed8796";
"base09" = "f5a97f";
"base0A" = "eed49f";
"base0B" = "a6da95";
"base0C" = "8bd5ca";
"base0D" = "8aadf4";
"base0E" = "c6a0f6";
"base0F" = "f0c6c6";
"author" = "Stylix";
"scheme" = "Stylix";
"slug" = "stylix";
}

3
overlays.nix
View File

@@ -8,7 +8,8 @@ let
system = "x86_64-linux";
config.allowUnfree = true;
};
in {
in
{
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ./pkgs { pkgs = final; };

2
pkgs/adam-site/default.nix
View File

@@ -8,7 +8,7 @@ buildNpmPackage rec {
ref = "main";
rev = "6575c418f45aef025d2d89d5b0b4ff4fbdffe298";
};
npmDepsHash="sha256-PRFHBlVIdHfATAAKVKax+bY4o+9czdfl7HjFnKk4KtI=";
npmDepsHash = "sha256-PRFHBlVIdHfATAAKVKax+bY4o+9czdfl7HjFnKk4KtI=";
installPhase = ''
mkdir -p $out
cp -r ./dist/adams-site/* $out

39
pkgs/electron27/default.nix
View File

@@ -1,7 +1,33 @@
{ lib, stdenv, libXScrnSaver, makeWrapper, fetchurl, wrapGAppsHook3, glib, gtk3
, unzip, at-spi2-atk, libdrm, libgbm, libxkbcommon, libxshmfence, libGL
, vulkan-loader, alsa-lib, cairo, cups, dbus, expat, gdk-pixbuf, nss, nspr, xorg
, pango, systemd, pciutils, }:
{ lib
, stdenv
, libXScrnSaver
, makeWrapper
, fetchurl
, wrapGAppsHook3
, glib
, gtk3
, unzip
, at-spi2-atk
, libdrm
, libgbm
, libxkbcommon
, libxshmfence
, libGL
, vulkan-loader
, alsa-lib
, cairo
, cups
, dbus
, expat
, gdk-pixbuf
, nss
, nspr
, xorg
, pango
, systemd
, pciutils
,
}:
let
version = "27.3.11";
@@ -157,6 +183,7 @@ let
passthru.dist = finalAttrs.finalPackage + "/Applications";
};
in stdenv.mkDerivation (finalAttrs:
lib.recursiveUpdate (common stdenv.hostPlatform)
in
stdenv.mkDerivation (finalAttrs:
lib.recursiveUpdate (common stdenv.hostPlatform)
((if stdenv.hostPlatform.isDarwin then darwin else linux) finalAttrs))

19
pkgs/lact/default.nix
View File

@@ -1,6 +1,19 @@
{ lib, rustPlatform, stdenv, fetchFromGitHub, blueprint-compiler, pkg-config
, wrapGAppsHook4, gdk-pixbuf, gtk4, libdrm, vulkan-loader, coreutils
, nix-update-script, hwdata, fuse }:
{ lib
, rustPlatform
, stdenv
, fetchFromGitHub
, blueprint-compiler
, pkg-config
, wrapGAppsHook4
, gdk-pixbuf
, gtk4
, libdrm
, vulkan-loader
, coreutils
, nix-update-script
, hwdata
, fuse
}:
rustPlatform.buildRustPackage rec {
pname = "lact";

12
pkgs/mangal/default.nix
View File

@@ -1,9 +1,9 @@
{
lib,
stdenv,
buildGoModule,
fetchFromGitHub,
installShellFiles,
{ lib
, stdenv
, buildGoModule
, fetchFromGitHub
, installShellFiles
,
}:
buildGoModule rec {
name = "mangal";

9
systems/amd-server-vm/configuration.nix
View File

@@ -1,7 +1,8 @@
{ config, pkgs, modulesPath, lib, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
#./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -45,7 +46,8 @@
};
misc = {
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -54,7 +56,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
excludePaths = lib.mkOptionDefault [ "${kavita}/manga" ];
small = backupPathsSmall; # goes to backblaze

3
systems/amd-server/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, lib, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/kernel.nix
../../modules/services/ssh.nix

9
systems/laptop/configuration.nix
View File

@@ -1,5 +1,6 @@
{ config, pkgs, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./modules/battery.nix
../../modules/ecryptfs.nix
@@ -86,7 +87,8 @@
# "d /docker-data 0755 kopatz users"
#];
security.pki.certificates = [''
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -98,7 +100,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
''];
''
];
system.stateVersion = "23.05"; # Did you read the comment?
}

12
systems/laptop/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" "rtsx_pci_sdmmc" ];
@@ -14,18 +15,19 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
{
device = "/dev/disk/by-uuid/10537ea5-9d9f-4be8-8509-c7f9c9b978b8";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/C163-6BD5";
{
device = "/dev/disk/by-uuid/C163-6BD5";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }
];
[{ device = "/dev/disk/by-uuid/3ef4829c-e9ea-4cc0-85a1-bd8e704b9940"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/mini-pc-proxmox/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, modulesPath, lib, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -47,7 +48,8 @@
};
misc = {
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
@@ -56,7 +58,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive

10
systems/mini-pc-proxmox/hardware-configuration.nix
View File

@@ -5,13 +5,15 @@
{
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
{
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ];
};
fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
{
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = ["defaults" "nofail" "noatime"];
options = [ "defaults" "nofail" "noatime" ];
};
}
}

9
systems/mini-pc/configuration.nix
View File

@@ -5,7 +5,8 @@
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/services/ssh.nix
../../modules/services/step-ca.nix
@@ -38,7 +39,8 @@
misc = {
btrfs.enable = true;
docker.enable = true;
backup = let
backup =
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
syncthing = [ "/synced/default/" "/synced/work_drive/" ];
@@ -46,7 +48,8 @@
backupPathsSmall = [ "/home" gitolite ] ++ syncthing;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull;
in {
in
{
enable = true;
small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive

20
systems/mini-pc/hardware-configuration.nix
View File

@@ -5,7 +5,8 @@
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
@@ -14,7 +15,8 @@
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e";
{
device = "/dev/disk/by-uuid/193dfa08-bf89-4a8b-a159-592c0a0b4d6e";
fsType = "ext4";
options = [
"defaults"
@@ -23,25 +25,27 @@
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/EEC1-C78B";
{
device = "/dev/disk/by-uuid/EEC1-C78B";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/data" =
{ device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
{
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ];
};
fileSystems."/1tbssd" =
{ device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
{
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = ["defaults" "nofail" "noatime"];
options = [ "defaults" "nofail" "noatime" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; }
];
[{ device = "/dev/disk/by-uuid/af6bf3d5-07a4-4139-9464-ffc1c4e23549"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

9
systems/pc/configuration.nix
View File

@@ -3,7 +3,8 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }: {
imports = [ # Include the results of the hardware scan.
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../modules/flatpak.nix
../../modules/gpg.nix
@@ -220,7 +221,8 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
security.pki.certificates = [''
security.pki.certificates = [
''
-----BEGIN CERTIFICATE-----
MIIBjTCCATKgAwIBAgIRAMVH2+JHZ3wm2fLUlKjTYDswCgYIKoZIzj0EAwIwJDEM
MAoGA1UEChMDS29wMRQwEgYDVQQDEwtLb3AgUm9vdCBDQTAeFw0yMzEyMDgxNDUx
@@ -232,7 +234,8 @@
AipNdhQKIYPvMt/h1uW4xP3NTkitnmshM09+rIasAiEAlSalGddXDkqJBHhPD+Fr
gpuVkfVkA8gQCXNs5F9TnxA=
-----END CERTIFICATE-----
''];
''
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

Some files were not shown because too many files have changed in this diff Show More