repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: repomaa:refactor
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor
..
compare: repomaa:tech/native-immich-module
Branches Tags
repomaa:main repomaa:tech/native-immich-module repomaa:refactor

108 Commits
refactor ... tech/nativ

Author SHA1 Message Date
Joakim Repomaa
f58c878ef9 use native immich module 2025-02-13 00:40:08 +02:00
Joakim Repomaa
2fd8d559c9 fix duplicate port 2025-02-13 00:16:04 +02:00
Joakim Repomaa
8f4c08f1bc downgrade postgres to 16 2025-02-13 00:04:40 +02:00
Joakim Repomaa
c519f8d83e refactor 2025-02-12 23:54:07 +02:00
Joakim Repomaa
dd4e5c63e3 add donetick 2025-02-12 20:58:10 +02:00
Joakim Repomaa
0f79298aa2 rekey secrets 2025-02-12 17:27:42 +02:00
Joakim Repomaa
cfa04ddc31 add readeck 2025-02-11 23:32:41 +02:00
Joakim Repomaa
0bc01cd2b1 use agenix 2025-02-11 22:40:39 +02:00
Joakim Repomaa
8a1f2c4968 add back pcscd 2025-02-11 11:52:41 +02:00
Joakim Repomaa
227319b662 refactor 2025-02-11 10:31:10 +02:00
Joakim Repomaa
21f3f9e390 update hastebin 2025-02-11 10:19:56 +02:00
Joakim Repomaa
43f44ad06d fix yubikey 2025-02-11 10:10:28 +02:00
Joakim Repomaa
9337d0e14c update hastebin 2025-02-10 14:12:15 +02:00
Joakim Repomaa
4d28bc0f6b fix charset 2025-02-10 13:59:32 +02:00
Joakim Repomaa
00783c9fca update hastebin 2025-02-10 13:36:29 +02:00
Joakim Repomaa
e809cdc57c use hastebin nixos module 2025-02-10 10:53:28 +02:00
Joakim Repomaa
70cfdfaed2 update hastebin 2025-02-10 10:53:28 +02:00
Joakim Repomaa
1e3abcaeb2 use ip for binding 2025-02-10 03:25:28 +02:00
Joakim Repomaa
fa252d1334 fix nginx config 2025-02-10 03:21:11 +02:00
Joakim Repomaa
70ef355d28 update hastebin 2025-02-10 03:20:28 +02:00
Joakim Repomaa
27da7f97df fix unit name 2025-02-10 03:09:05 +02:00
Joakim Repomaa
dbe1b3109c set max size for nginx 2025-02-10 03:07:00 +02:00
Joakim Repomaa
0f8491a18e replace rustypaste with hastebin 2025-02-10 03:04:01 +02:00
Joakim Repomaa
222d4b9527 update workout-sync 2025-02-09 23:07:01 +02:00
Joakim Repomaa
7aad5b5bf0 fix yubikey and gtrackmap 2025-02-09 22:11:42 +02:00
Joakim Repomaa
a17b0b46b5 update workout-tracker 2025-02-09 11:10:31 +02:00
Joakim Repomaa
d078df43ad increase max body size for workout-sync 2025-02-09 00:48:18 +02:00
Joakim Repomaa
f81f8b2a47 fix workout tracker url 2025-02-09 00:27:28 +02:00
Joakim Repomaa
7d63777170 update workout-tracker 2025-02-08 22:44:56 +02:00
Joakim Repomaa
913d3d1238 refactor 2025-02-08 21:17:11 +02:00
Joakim Repomaa
271d9e8f88 use nix devshell for helpers 2025-02-08 15:42:02 +02:00
Joakim Repomaa
0cf0753e5b refactor 2025-02-08 15:42:02 +02:00
Joakim Repomaa
d32a5dc147 add workout-sync 2025-02-08 15:42:02 +02:00
Joakim Repomaa
0b4e55e0b4 replace snips.sh with rustypaste 2025-02-08 15:42:02 +02:00
Joakim Repomaa
6a5789d45b refactor 2025-02-08 15:42:02 +02:00
Joakim Repomaa
e0d0c12a8e update immich 2025-02-08 15:42:02 +02:00
Joakim Repomaa
953d2b5c5d fix syncthing proxy 
fix syncthing proxy
 2025-02-08 15:42:01 +02:00
Joakim Repomaa
2d6e8607f3 vaultwarden serves websockets on the same port as http 2025-02-08 15:42:01 +02:00
Joakim Repomaa
599ca53f1d explicitly use v4 localhost 2025-02-08 15:42:01 +02:00
Joakim Repomaa
39134ba640 fix syncthing service 2025-02-08 15:42:01 +02:00
Joakim Repomaa
71e65bf687 remove webroot 2025-02-08 15:42:01 +02:00
Joakim Repomaa
eb3682f19a fix snips service 2025-02-08 15:42:01 +02:00
Joakim Repomaa
5c456d4a50 make sure web ports are allowed 2025-02-08 15:42:01 +02:00
Joakim Repomaa
e2f8d1eeff add authorized key for root 2025-02-08 15:42:01 +02:00
Joakim Repomaa
9f446bc1f6 migrate freun.dev to arm server 2025-02-08 15:41:58 +02:00
Joakim Repomaa
8664b2c976 disable autoupgrade 2025-02-08 15:41:14 +02:00
Joakim Repomaa
185e9b4f03 update gtrackmap 2025-02-08 15:38:51 +02:00
Joakim Repomaa
65a7bc1720 add evaluation jobs 2025-02-08 15:38:51 +02:00
Joakim Repomaa
0e83d6538c add devshell 2025-02-08 15:38:51 +02:00
Joakim Repomaa
6aa0640684 move ssh key to variable for DRYness 2025-02-08 15:38:51 +02:00
Joakim Repomaa
7a24ac5fe6 refactor 2025-02-08 15:38:51 +02:00
Joakim Repomaa
983e313e11 freun.dev add snips 2025-02-08 15:38:51 +02:00
Joakim Repomaa
f1d5a4b2f2 ignore /result 2025-02-08 15:38:51 +02:00
Joakim Repomaa
2a36964fcc refactor vlan and firewall config into modules 
fix bug with vlans module

fix vlans
 2025-02-08 15:38:50 +02:00
Joakim Repomaa
6026e064fd freun.dev: setup transport layout offloads for tailscale 2025-02-02 22:48:09 +02:00
Joakim Repomaa
6e041b2d99 apu: setup transport layout offloads for tailscale 2025-02-02 22:41:56 +02:00
Joakim Repomaa
c5faa5e2f4 add makefile for convenient rebuilding 2025-02-02 21:55:54 +02:00
Joakim Repomaa
e215c05588 update flake inputs 2025-02-02 21:55:30 +02:00
Joakim Repomaa
e6cee6d299 apu: add support for nix-command and flakes, enable gc 2025-02-02 21:45:21 +02:00
Joakim Repomaa
ea0738bcea use tailscale to connect to apu 2025-02-02 21:14:41 +02:00
Joakim Repomaa
9a22cca0ea add nh to apu and freun.dev 2025-02-02 21:14:05 +02:00
Joakim Repomaa
73119f5df3 add readme with build status badge 2025-02-02 20:29:10 +02:00
Joakim Repomaa
a201aa2de0 refactor file structure 2025-02-02 20:26:12 +02:00
Joakim Repomaa
908b26449d dry run in ci 2025-02-02 18:56:46 +02:00
Joakim Repomaa
636326f00f fix deprecation issues in apu config 2025-02-02 18:56:25 +02:00
Joakim Repomaa
89474fb479 add apu configuration 2025-02-02 18:39:51 +02:00
Joakim Repomaa
94d9a45a38 fix locale and font troubles 2025-02-02 15:34:28 +02:00
Joakim Repomaa
c757f0892d refactor 2025-01-30 21:15:02 +02:00
Joakim Repomaa
12647a2e77 move home configs to root 2025-01-30 20:47:28 +02:00
Joakim Repomaa
ea7c4cbf31 global pkgs 2025-01-30 19:33:33 +02:00
Joakim Repomaa
6b8c9d6abf fix fontconfig 2025-01-30 18:34:22 +02:00
Joakim Repomaa
1050e28b9f switch to stable 
Revert "radish: fix deprecation warning"

This reverts commit 2d1d2c5839.
 2025-01-30 15:35:14 +02:00
Joakim Repomaa
98a0a95166 don't try building radish config (running out of disk space) 2025-01-30 09:44:15 +02:00
Joakim Repomaa
4c697a041f radish: remove meilisearch 2025-01-30 09:43:28 +02:00
Joakim Repomaa
079f6518ae fix build 2025-01-29 14:21:31 +02:00
Joakim Repomaa
1cf76a05af disable ollama 2025-01-29 14:17:00 +02:00
Joakim Repomaa
7d005ea27d add build manifests 2025-01-29 14:13:25 +02:00
Joakim Repomaa
1241c82bd7 add home manager configs 2025-01-29 13:59:14 +02:00
Joakim Repomaa
ae4f9c2825 freun.dev: update workout tracker 2025-01-29 13:59:13 +02:00
Joakim Repomaa
2d1d2c5839 radish: fix deprecation warning 2025-01-25 19:33:29 +02:00
Joakim Repomaa
c769fdfd0c update flake inputs 2025-01-25 16:02:05 +02:00
Joakim Repomaa
4739b9316e freun.dev: update immich 2025-01-25 16:00:15 +02:00
Joakim Repomaa
25fa204428 freun.dev: update postgres to 17 2025-01-05 16:55:19 +02:00
Joakim Repomaa
4900d460d0 freun.dev: update immich 2025-01-05 16:41:58 +02:00
Joakim Repomaa
f3420f4072 lock gtrackmap and update flake inputs 2025-01-05 16:29:15 +02:00
Joakim Repomaa
c51affcc6b freun.dev: disable hydra 2025-01-05 16:07:07 +02:00
Joakim Repomaa
6ea8b4df03 update flake input 2024-12-27 18:20:10 +02:00
Joakim Repomaa
be2c73e78f update flake inputs 2024-11-22 16:49:08 +01:00
Joakim Repomaa
439a130163 radish: add jack support 2024-11-21 19:43:03 +01:00
Joakim Repomaa
c441b1cb2c gotosocial: allow registration and expose public timeline 2024-11-04 22:52:26 +02:00
Joakim Repomaa
79b598cd25 fix autoupdate 2024-11-04 16:30:17 +02:00
Joakim Repomaa
0c95824992 add gotosocial to freun.dev 2024-11-04 16:13:03 +02:00
Joakim Repomaa
f54eda2815 update flake inputs 2024-11-04 13:27:32 +02:00
Joakim Repomaa
3558aeecda add radish configuration 2024-11-04 12:43:09 +02:00
Joakim Repomaa
89d7e656f9 update nixpkgs and immich 2024-10-25 11:54:01 +03:00
Joakim Repomaa
ee2fd183f3 update nixpkgs 2024-09-30 11:34:03 +03:00
Joakim Repomaa
c38f454595 update immich 2024-09-30 11:31:31 +03:00
Joakim Repomaa
eabe62bd5f use upstream binary for workout-tracker 2024-08-26 11:17:20 +03:00
Joakim Repomaa
87e7e2fbe4 add workout tracker service 2024-08-26 10:30:06 +03:00
Joakim Repomaa
47d18621b2 update nixpkgs 2024-08-26 10:29:47 +03:00
Joakim Repomaa
de862b1ba0 use nftables 2024-08-06 23:13:09 +03:00
Joakim Repomaa
4c4597af0e remove wireguard 2024-08-06 22:37:41 +03:00
Joakim Repomaa
08d97b1c07 update flakes 2024-08-06 22:35:24 +03:00
Joakim Repomaa
939f5be8d6 add tailscale 2024-08-06 22:30:21 +03:00
Joakim Repomaa
629079b45e pin immich version 2024-07-16 11:16:08 +03:00
Joakim Repomaa
fdd310863a update nixpkgs 2024-07-16 11:04:48 +03:00
Joakim Repomaa
07e6220808 add git 2024-07-16 11:00:02 +03:00
Joakim Repomaa
6cb5322e7b update immich 2024-07-16 10:58:58 +03:00
101 changed files with 7087 additions and 881 deletions
Expand all files Collapse all files

7
.builds/apu.yml Normal file
View File

@@ -0,0 +1,7 @@
image: nixos/unstable
environment:
NIX_CONFIG: "experimental-features = nix-command flakes"
tasks:
- build: |
cd NixOS
nix build --dry-run '.#nixosConfigurations.apu.config.system.build.toplevel'

7
.builds/freun-dev.yml Normal file
View File

@@ -0,0 +1,7 @@
image: nixos/unstable
environment:
NIX_CONFIG: "experimental-features = nix-command flakes"
tasks:
- build: |
cd NixOS
nix build --dry-run '.#nixosConfigurations.freun-dev.config.system.build.toplevel'

7
.builds/radish.yml Normal file
View File

@@ -0,0 +1,7 @@
image: nixos/unstable
environment:
NIX_CONFIG: "experimental-features = nix-command flakes"
tasks:
- build: |
cd NixOS
nix build --dry-run '.#nixosConfigurations.radish.config.system.build.toplevel'

1
.envrc Normal file
View File

@@ -0,0 +1 @@
use flake .

2
.gitignore vendored Normal file
View File

@@ -0,0 +1,2 @@
/result
/.direnv

3
README.md Normal file
View File

@@ -0,0 +1,3 @@
# My NixOS Configurations
[![builds.sr.ht status](https://builds.sr.ht/~repomaa.svg)](https://builds.sr.ht/~repomaa?)

1
custom-pkgs/commander-nvim/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, inputs, ... }: util.vimPlugin { name = "commander.nvim"; source = inputs.commander-nvim; }

1
custom-pkgs/crystal/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, ... }: util.package { }

16
custom-pkgs/crystal/package.nix Normal file
View File

@@ -0,0 +1,16 @@
{ pkgs, ... }:
let
inherit (pkgs) crystal libffi;
in
crystal.overrideAttrs (oldAttrs:
{
makeFlags = oldAttrs.makeFlags ++ [
"interpreter=1"
];
buildInputs = oldAttrs.buildInputs ++ [
libffi
];
FLAGS = ["--single-module"];
doCheck = false;
}
)

9
custom-pkgs/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, inputs, ... }:
let
inherit (builtins) attrNames filter readDir;
dirs =
let files = readDir ./.;
in filter (name: files."${name}" == "directory") (attrNames files);
util = import ./util.nix;
in
lib.composeManyExtensions (map (dir: import ./${dir} { util = util dir; inherit inputs; }) dirs)

1
custom-pkgs/fb-client/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, ... }: util.package { }

22
custom-pkgs/fb-client/package.nix Normal file
View File

@@ -0,0 +1,22 @@
{ lib, stdenv, fetchurl, python3, ... }:
stdenv.mkDerivation rec {
pname = "fb-client";
version = "2.3.0";
src = fetchurl {
url = "https://paste.xinu.at/data/client/fb-${version}.tar.gz";
sha256 = "sha256-EWTsoG7qy0IQ1GLEuvHEAEJyphl9hz1hFm53k1OdGYM=";
};
buildInputs =
[ (python3.withPackages (pyPkgs: with pyPkgs; [ pycurl pyxdg ])) ];
makeFlags = [ "PREFIX=$(out)" ];
meta = with lib; {
mainProgram = "fb";
description = "Client for paste.xinu.at";
homepage = "https://paste.xinu.at";
license = licenses.gpl3Only;
};
}

1
custom-pkgs/flameshot/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, ... }: util.package { }

6
custom-pkgs/flameshot/package.nix Normal file
View File

@@ -0,0 +1,6 @@
{ pkgs, ... }:
pkgs.writeShellScriptBin "flameshot" ''
export XDG_SESSION_TYPE= QT_QPA_PLATFORM=wayland
nohup ${pkgs.flameshot}/bin/flameshot >& /dev/null &
${pkgs.flameshot}/bin/flameshot "$@"
''

1
custom-pkgs/gen-nvim/default.nix Normal file
View File

@@ -0,0 +1 @@
{ inputs, util, ... }: util.vimPlugin { name = "gen.nvim"; source = inputs.gen-nvim; }

1
custom-pkgs/otp/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, inputs, ... }: util.package { inherit inputs; }

18
custom-pkgs/otp/package.nix Normal file
View File

@@ -0,0 +1,18 @@
{ pkgs, inputs }:
let
yubikey-manager = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.yubikey-manager;
ykman = "${yubikey-manager}/bin/ykman";
sk = "${pkgs.skim}/bin/sk";
wl-copy = "${pkgs.wl-clipboard}/bin/wl-copy";
in
pkgs.writeShellScriptBin "otp" ''
skim_command=("${sk}")
if [ -n "$*" ]; then
skim_command+=(-q "$*")
fi
account=$(${ykman} oath accounts list | "''${skim_command[@]}")
[ -z "$account" ] && exit 1
${ykman} oath accounts code -s "$account" | ${wl-copy} -n
''

16
custom-pkgs/util.nix Normal file
View File

@@ -0,0 +1,16 @@
dir:
{
vimPlugin = { name, source }:
final: prev: {
vimPlugins = prev.vimPlugins // {
"${dir}" = prev.vimUtils.buildVimPlugin {
pname = name;
version = source.lastModifiedDate;
src = source;
doCheck = false;
};
};
};
package = attrs: final: prev: { "${dir}" = final.callPackage ./${dir}/package.nix (attrs // { pkgs = prev; }); };
}

1
custom-pkgs/vimpeccable/default.nix Normal file
View File

@@ -0,0 +1 @@
{ inputs, util, ... }: util.vimPlugin { name = "vimpeccable"; source = inputs.vimpeccable; }

1
custom-pkgs/windline-nvim/default.nix Normal file
View File

@@ -0,0 +1 @@
{ inputs, util, ... }: util.vimPlugin { name = "windline.nvim"; source = inputs.windline-nvim; }

1
custom-pkgs/wl-copy-both/default.nix Normal file
View File

@@ -0,0 +1 @@
{ util, ... }: util.package { }

14
custom-pkgs/wl-copy-both/package.nix Normal file
View File

@@ -0,0 +1,14 @@
{ pkgs }:
pkgs.writeShellScriptBin "wl-copy" ''
set -euo pipefail
copy="${pkgs.wl-clipboard}/bin/wl-copy"
paste="${pkgs.wl-clipboard}/bin/wl-paste"
"$copy" "$@"
args="$*"
if [[ "$args" =~ /(^| )(-p|--primary)($| )/ ]]; then
exit
fi
"$paste" -n | "$copy" -p "$@"
''

654
flake.lock generated
View File

@@ -1,15 +1,127 @@
{ {
"nodes": { "nodes": {
"agenix": {
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1736955230,
"narHash": "sha256-uenf8fv2eG5bKM8C/UvFaiJMZ4IpUFaQxk9OH5t/1gA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "e600439ec4c273cf11e06fe4d9d906fb98fa097c",
"type": "github"
},
"original": {
"owner": "ryantm",
"repo": "agenix",
"type": "github"
}
},
"auto-cpufreq": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737497253,
"narHash": "sha256-sOLwi/3oQiNWA2I3WiGneK988YdKVHbH1P5lEjxypIg=",
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"rev": "4cee388c1bbea3adc333b597717d5d8d12375705",
"type": "github"
},
"original": {
"owner": "AdnanHodzic",
"repo": "auto-cpufreq",
"type": "github"
}
},
"commander-nvim": {
"flake": false,
"locked": {
"lastModified": 1717816527,
"narHash": "sha256-eXOHR+lwHVJze6jvFuDlvcUtFSpV8EJqlWvXLRWeCNI=",
"owner": "FeiyouG",
"repo": "commander.nvim",
"rev": "84101e8eb1613a72bbdec655b734f891d8a00694",
"type": "github"
},
"original": {
"owner": "FeiyouG",
"repo": "commander.nvim",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1700795494,
"narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1719877454, "lastModified": 1738453229,
"narHash": "sha256-g5N1yyOSsPNiOlFfkuI/wcUjmtah+nxdImJqrSATjOU=", "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "4e3583423212f9303aa1a6337f8dffb415920e4f", "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -36,9 +148,48 @@
"type": "github" "type": "github"
} }
}, },
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@@ -56,7 +207,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1701680307, "lastModified": 1701680307,
@@ -72,6 +223,24 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"frontend": { "frontend": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@@ -92,6 +261,44 @@
"type": "github" "type": "github"
} }
}, },
"gen-nvim": {
"flake": false,
"locked": {
"lastModified": 1735503365,
"narHash": "sha256-s3Ky2uhRviKAaKF3iCF2uHctzk+kFV7BnqyxAGwqhbo=",
"owner": "David-Kunz",
"repo": "gen.nvim",
"rev": "e09a8dbffa139ad60d5b47998fcc8669ead1ebf4",
"type": "github"
},
"original": {
"owner": "David-Kunz",
"repo": "gen.nvim",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gtrackmap": { "gtrackmap": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
@@ -101,11 +308,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719992292, "lastModified": 1739016132,
"narHash": "sha256-bMKzt/rKkBsI8NbtsmfGG0tHsn/UilZqgOYwHRk45KQ=", "narHash": "sha256-7utkc6OSf4K2PFktxPPPZdBMnl0LoACEOeifOoAkTjM=",
"owner": "gtrackmap", "owner": "gtrackmap",
"repo": "gtrackmap", "repo": "gtrackmap",
"rev": "84df36e004cda9bd802e46ed0c814c7b08031807", "rev": "1db7bb76a486f5ca4f8ce055a3bbee08d9f63775",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -114,6 +321,201 @@
"type": "github" "type": "github"
} }
}, },
"hastebin": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739261575,
"narHash": "sha256-MRU+at2TEZ61G1bXJeVYIswJ8mVIaqVmXrKLBNs0lvU=",
"owner": "~repomaa",
"repo": "hastebin",
"rev": "0400c9d3fcfe77dd4bd087c3f1f5ce06a8f29ad9",
"type": "sourcehut"
},
"original": {
"owner": "~repomaa",
"repo": "hastebin",
"type": "sourcehut"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703113217,
"narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736373539,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"ketchup": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1718020591,
"narHash": "sha256-nNkMX4Fifj4Z1n2ldWAeu1AujaW41ugsEokPrKioNy0=",
"owner": "repomaa",
"repo": "ketchup",
"rev": "7cbff916ad4ebfd983402842569730e63d105de9",
"type": "github"
},
"original": {
"owner": "repomaa",
"repo": "ketchup",
"type": "github"
}
},
"keycloak-realms": {
"locked": {
"lastModified": 1721562747,
"narHash": "sha256-uHNWpe/j5Q7Ak9+SNQkCPy7t9ayQUDAt+2tZ7OFYv6Q=",
"owner": "rorosen",
"repo": "nixpkgs",
"rev": "79862894befe49e2837e3f5eefe11433eef6611a",
"type": "github"
},
"original": {
"owner": "rorosen",
"ref": "keycloak-realm-import",
"repo": "nixpkgs",
"type": "github"
}
},
"ksoloti-pr": {
"locked": {
"lastModified": 1730719587,
"narHash": "sha256-aeQjG4hFCAqnen296tC8XuX2w2gbaorcosP7jde0cqQ=",
"owner": "repomaa",
"repo": "nixpkgs",
"rev": "ea615cc6ccb36c050290e09a5f90a91b78900a81",
"type": "github"
},
"original": {
"owner": "repomaa",
"ref": "pkg/ksoloti",
"repo": "nixpkgs",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"nextcloud": {
"inputs": {
"keycloak-realms": "keycloak-realms",
"nixos-shell": "nixos-shell",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730827799,
"narHash": "sha256-79sE72rlztvhx37PYh6m2TLE2J6ybVvDRMQBRWaohqc=",
"owner": "onny",
"repo": "nixos-nextcloud-testumgebung",
"rev": "c3fdbf165814d403a8f8e81ff8e15adcbe7eadd0",
"type": "github"
},
"original": {
"owner": "onny",
"repo": "nixos-nextcloud-testumgebung",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1738816619,
"narHash": "sha256-5yRlg48XmpcX5b5HesdGMOte+YuCy9rzQkJz+imcu6I=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "2eccff41bab80839b1d25b303b53d339fbb07087",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixos-shell": {
"inputs": {
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1728308049,
"narHash": "sha256-wjAkG8f5orZ4+wgXmEaFAJkVJS6ORqfgM0zzLEvbUNw=",
"owner": "Mic92",
"repo": "nixos-shell",
"rev": "9373ca9522f844a3b8029720c74f340e560e4462",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nixos-shell",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1717196966, "lastModified": 1717196966,
@@ -132,14 +534,14 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1719876945, "lastModified": 1738452942,
"narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", "narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
} }
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
@@ -154,6 +556,50 @@
"url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz"
} }
}, },
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1738452942,
"narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1738680400,
"narHash": "sha256-ooLh+XW8jfa+91F1nhf9OF7qhuA/y1ChLx6lXDNeY5U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "799ba5bffed04ced7067a91798353d360788b30d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1702151865, "lastModified": 1702151865,
@@ -172,16 +618,47 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1719848872, "lastModified": 1731919951,
"narHash": "sha256-H3+EC5cYuq+gQW8y0lSrrDZfH71LB4DAf+TDFyvwCNA=", "narHash": "sha256-vOM6ETpl1yu9KLi/icTmLJIPbbdJCdAVYUXZceO/Ce4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00d80d13810dbfea8ab4ed1009b09100cca86ba8", "rev": "04386ac325a813047fc314d4b4d838a5b1e3c7fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1628465643,
"narHash": "sha256-QSNw9bDq9uGUniQQtakRuw4m21Jxugm23SXLVgEV4DM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6ef4f522d63f22b40004319778761040d3197390",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1738702386,
"narHash": "sha256-nJj8f78AYAxl/zqLiFGXn5Im1qjFKU8yBPKoWEeZN5M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "030ba1976b7c0e1a67d9716b17308ccdab5b381e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -205,11 +682,74 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix",
"auto-cpufreq": "auto-cpufreq",
"commander-nvim": "commander-nvim",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"gen-nvim": "gen-nvim",
"gtrackmap": "gtrackmap", "gtrackmap": "gtrackmap",
"nixpkgs": "nixpkgs_3" "hastebin": "hastebin",
"home-manager": "home-manager_2",
"ketchup": "ketchup",
"ksoloti-pr": "ksoloti-pr",
"lanzaboote": "lanzaboote",
"nextcloud": "nextcloud",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nixpkgs-unstable": "nixpkgs-unstable",
"vimpeccable": "vimpeccable",
"windline-nvim": "windline-nvim",
"workout-sync": "workout-sync"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
} }
}, },
"systems": { "systems": {
@@ -241,6 +781,88 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vimpeccable": {
"flake": false,
"locked": {
"lastModified": 1640723263,
"narHash": "sha256-MnEOCb/0wvvcYnTOROmVO8HUge3dWmuweAXdpx1zbXE=",
"owner": "svermeulen",
"repo": "vimpeccable",
"rev": "bd19b2a86a3d4a0ee184412aa3edb7ed57025d56",
"type": "github"
},
"original": {
"owner": "svermeulen",
"repo": "vimpeccable",
"type": "github"
}
},
"windline-nvim": {
"flake": false,
"locked": {
"lastModified": 1720754740,
"narHash": "sha256-vvekmr4ApAyvsxC/pdqupLBCqkHr9JZ8+jSjYRb+iYM=",
"owner": "windwp",
"repo": "windline.nvim",
"rev": "bef735787bef64697036774eca6418e7a786100b",
"type": "github"
},
"original": {
"owner": "windwp",
"repo": "windline.nvim",
"type": "github"
}
},
"workout-sync": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1739133791,
"narHash": "sha256-NkaMCUtPVDJgjK7JCEhj3XrG26XAFNoVx0eSMO5LDNM=",
"owner": "~repomaa",
"repo": "workout-sync",
"rev": "4db627eed1d4903e6a6f5aff9bcde0b647dd77e2",
"type": "sourcehut"
},
"original": {
"owner": "~repomaa",
"repo": "workout-sync",
"type": "sourcehut"
}
} }
}, },
"root": "root", "root": "root",

112
flake.nix
View File

@@ -1,27 +1,103 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nextcloud = {
url = "github:onny/nixos-nextcloud-testumgebung";
inputs.nixpkgs.follows = "nixpkgs";
};
gtrackmap = { gtrackmap = {
url = "github:gtrackmap/gtrackmap"; url = "github:gtrackmap/gtrackmap";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; lanzaboote.url = "github:nix-community/lanzaboote";
outputs = { flake-parts, nixpkgs, gtrackmap, ... }@inputs: ( nixos-hardware.url = "github:NixOS/nixos-hardware/master";
flake-parts.lib.mkFlake { inherit inputs; } { auto-cpufreq = {
flake.nixosConfigurations = { url = "github:AdnanHodzic/auto-cpufreq";
freun-dev = nixpkgs.lib.nixosSystem { inputs.nixpkgs.follows = "nixpkgs";
system = "x86_64-linux"; };
specialArgs = inputs; home-manager = {
modules = [ url = "github:nix-community/home-manager/release-24.11";
./hosts/freun-dev inputs = {
gtrackmap.nixosModules.default nixpkgs.follows = "nixpkgs";
];
};
}; };
systems = [ };
"x86_64-linux" commander-nvim = {
]; url = "github:FeiyouG/commander.nvim";
} flake = false;
); };
vimpeccable = {
url = "github:svermeulen/vimpeccable";
flake = false;
};
windline-nvim = {
url = "github:windwp/windline.nvim";
flake = false;
};
gen-nvim = {
url = "github:David-Kunz/gen.nvim";
flake = false;
};
ketchup = {
url = "github:repomaa/ketchup";
inputs.nixpkgs.follows = "nixpkgs";
};
workout-sync = {
url = "sourcehut:~repomaa/workout-sync";
inputs.nixpkgs.follows = "nixpkgs";
};
hastebin = {
url = "sourcehut:~repomaa/hastebin";
inputs.nixpkgs.follows = "nixpkgs";
};
ksoloti-pr.url = "github:repomaa/nixpkgs/pkg/ksoloti";
agenix = {
url = "github:ryantm/agenix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { flake-parts, agenix, nixpkgs, ... }@inputs:
flake-parts.lib.mkFlake { inherit inputs; } (
let
ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
specialArgs = { inherit inputs ssh; };
inherit (nixpkgs) lib;
in
{
systems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ];
perSystem = { pkgs, ... }: {
devShells.default = pkgs.mkShell {
packages = with pkgs; [
(writeShellScriptBin "switch" ''
${nh}/bin/nh os switch .
'')
(writeShellScriptBin "deploy" ''
${openssh}/bin/ssh -t "$1" nh os switch sourcehut:~repomaa/NixOS -- --option tarball-ttl 0
'')
(writeShellScriptBin "evaluate" ''
${nix}/bin/nix build --dry-run ".#nixosConfigurations.$1.config.system.build.toplevel" | ${nix-output-monitor}/bin/nom
'')
agenix.packages.${pkgs.system}.default
];
};
};
flake.nixosConfigurations = {
freun-dev = lib.nixosSystem {
inherit specialArgs;
modules = [ ./modules ./hosts/freun.dev ];
};
radish = lib.nixosSystem {
inherit specialArgs;
modules = [ ./modules ./hosts/radish ];
};
apu = nixpkgs.lib.nixosSystem {
inherit specialArgs;
modules = [ ./modules ./hosts/apu ];
};
};
}
);
} }

2
home/Makefile Normal file
View File

@@ -0,0 +1,2 @@
switch:
home-manager switch

BIN
home/assets/profile-pictures/jokke.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

BIN
home/assets/profile-pictures/moco.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.9 KiB

425
home/common/default.nix Normal file
View File

@@ -0,0 +1,425 @@
{ config, lib, pkgs, inputs, ... }:
{
nixpkgs.config.allowUnfree = true;
imports = [ ../gnome ../custom-programs ./neovim ];
# This value determines the Home Manager release that your configuration is
# compatible with. This helps avoid breakage when a new Home Manager release
# introduces backwards incompatible changes.
#
# You should not change this value, even if you update Home Manager. If you do
# want to update the value, then make sure to first check the Home Manager
# release notes.
home.stateVersion = "23.11"; # Please read the comment before changing.
home.packages = with pkgs; [
htop
gnupg
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.yubioath-flutter
inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.yubikey-manager
gcc
sqlite
nerdfonts
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
source-sans-pro
mosh
docker-compose
signal-desktop
cargo
blanket
wl-clipboard
gnumeric
gh
neovim-remote
flameshot
supersonic
crystal
shards
moreutils
keymapp
gnumake
tig
jq
yt-dlp
ffmpeg
otp
manix
(writeShellScriptBin "fd" ''
${fd}/bin/fd -H "$@"
'')
rpi-imager
picocom
imagemagick
ghostscript
inkscape
jless
qmapshack
scribus
dnscontrol
protonmail-bridge
hydroxide
protonmail-desktop
tutanota-desktop
imapsync
nixfmt-rfc-style
tree
];
programs = {
nh = {
enable = true;
flake = "/etc/nixos";
};
home-manager.enable = true;
bat = {
enable = true;
extraPackages = with pkgs.bat-extras; [ batdiff batwatch ];
config = {
pager = "less -FR";
};
};
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
mpv = {
enable = true;
config = {
hwdec = "auto-safe";
vo = "gpu";
profile = "gpu-hq";
gpu-context = "wayland";
};
};
fb-client = {
enable = true;
pastebin = "https://p.jokke.space";
clipboard_cmd = "${pkgs.wl-copy-both}/bin/wl-copy";
};
kitty = {
enable = true;
font = {
package = pkgs.nerdfonts;
name = "IosevkaTerm NFM";
size = 12;
};
shellIntegration.enableZshIntegration = true;
themeFile = "Tomorrow_Night";
settings = {
hide_window_decorations = true;
enabled_layouts = "splits,stack";
};
keybindings = {
"kitty_mod+q" = "";
"kitty_mod+w" = "";
"kitty_mod+t" = "new_tab_with_cwd";
"kitty_mod+tab" = "next_tab";
"kitty_mod+enter" = "launch --location=hsplit --cwd=current";
"kitty_mod+space" = "launch --location=vsplit --cwd=current";
"kitty_mod+h" = "neighboring_window left";
"kitty_mod+l" = "neighboring_window right";
"kitty_mod+k" = "neighboring_window up";
"kitty_mod+j" = "neighboring_window down";
"kitty_mod+1" = "goto_tab 1";
"kitty_mod+2" = "goto_tab 2";
"kitty_mod+3" = "goto_tab 3";
"kitty_mod+4" = "goto_tab 4";
"kitty_mod+5" = "goto_tab 5";
"kitty_mod+6" = "goto_tab 6";
"kitty_mod+7" = "goto_tab 7";
"kitty_mod+8" = "goto_tab 8";
"kitty_mod+9" = "goto_tab 9";
"kitty_mod+0" = "goto_tab 10";
"kitty_mod+f" = "toggle_layout stack";
"kitty_mod+/" = "show_scrollback";
"ctrl+alt+h" = "move_window left";
"ctrl+alt+l" = "move_window right";
"ctrl+alt+k" = "move_window up";
"ctrl+alt+j" = "move_window down";
"ctrl+alt+enter" = "layout_action rotate";
};
};
vivaldi.enable = true;
git = {
enable = true;
aliases = {
st = "status";
co = "checkout";
b = "branch";
};
extraConfig = {
pull = {
rebase = "true";
};
push = {
autoSetupRemote = true;
};
init = {
defaultBranch = "main";
};
user = {
name = "Joakim Repomaa";
signingKey = "F0AF1CE34733B22317A8937D05557F53CD3C6458";
};
commit.gpgSign = true;
};
};
gpg = {
enable = true;
};
zsh = {
enable = true;
enableVteIntegration = true;
cdpath = [
"${config.xdg.configHome}/home-manager"
];
defaultKeymap = "viins";
dirHashes = {
hm = "${config.xdg.configHome}/home-manager";
};
history = {
path = "${config.home.homeDirectory}/.cache/zsh/history";
save = 100000;
size = 100000;
};
initExtra = ''
. "${config.xdg.configHome}/zsh/init"
'';
};
lazygit = {
enable = true;
settings = {
gui = {
nerdFontsVersion = "3";
};
git = {
showUntrackedFiles = "all";
branchLogCmd = "git log {{branchName}} --first-parent --color=always --pretty=format:'%Cgreen%h%Creset %Cblue%aN%Creset %C(cyan)%<(14)%ar%Creset %s' --abbrev-commit";
};
os = {
edit = "$EDITOR {{filename}}";
editAtLine = "$EDITOR +{{line}} {{filename}}";
editAtLineAndWait = "$EDITOR --remote-wait +{{line}} {{filename}}";
};
customCommands = [
{
key = "<c-p>";
context = "global";
command = ''
git push --force-with-lease --set-upstream origin "{{.SelectedLocalBranch.Name}}" &&
gh pr create --title "{{.SelectedLocalBranch.Name}}" --fill ||
(git log --reverse --no-merges --pretty='- %s' master..HEAD | gh pr edit --body-file -);
gh pr view --web
'';
}
];
};
};
obs-studio.enable = true;
ssh = {
enable = true;
controlMaster = "auto";
controlPersist = "1h";
matchBlocks = {
"*" = {
extraOptions = {
ControlPath = "${config.home.homeDirectory}/.ssh/masters-control/%r@%h:%p";
};
setEnv = {
TERM = "screen-256color";
};
};
"apu" = {
hostname = "apu.tempel-vibes.ts.net";
user = "root";
};
};
};
spotify-player = {
enable = true;
settings = {
enable_streaming = "Always";
theme = "tomorrow_night";
copy_command = "wl-copy";
};
themes = [
{
name = "tomorrow_night";
palette = {
background = "#1d1f21";
foreground = "#c5c8c6";
black = "#000000";
red = "#cc6666";
green = "#b5bd68";
yellow = "#f0c674";
blue = "#81a2be";
magenta = "#b294bb";
cyan = "#8abeb7";
white = "#ffffff";
bright_black = "#000000";
bright_red = "#cc6666";
bright_green = "#b5bd68";
bright_yellow = "#f0c674";
bright_blue = "#81a2be";
bright_magenta = "#b294bb";
bright_cyan = "#8abeb7";
bright_white = "#ffffff";
};
component_style = {
playback_metadata = { fg = "#8abeb7"; };
playback_progress_bar = { bg = "#1d1f21"; fg = "#c5c8c6"; };
};
}
];
};
neovide = {
enable = true;
settings = {
font = {
normal = [ "IosevkaTerm NFM" ];
size = 12.0;
};
fork = true;
};
};
};
gnome = {
keyboard.sources = [ "us+altgr-intl" ];
keybindings = {
builtin = {
screenshot-window = [ ];
show-screenshot-ui = [ ];
};
custom = [
{
binding = "Print";
command = "flameshot gui";
name = "Flameshot";
}
{
binding = "<Alt>Print";
command = "kooha";
name = "Kooha";
}
];
};
power = {
powerButton = "hibernate";
};
extensions = {
paperwm = {
enable = true;
winprops = [
{ wm_class = "vivaldi-stable"; preferredWidth = "67%"; }
{ wm_class = "yubioath-flutter"; scratch_layer = true; }
{ wm_class = "signal"; scratch_layer = true; }
{ wm_class = "Slack"; scratch_layer = true; }
{ wm_class = "Supersonic"; scratch_layer = true; }
{ wm_class = "io.github.seadve.Kooha"; scratch_layer = true; }
{ wm_class = "/.*/"; preferredWidth = "33"; }
];
keybindings = {
move-down = [ "<Control><Super>Down" "<Shift><Super>j" ];
move-left = [ "<Control><Super>Left" "<Shift><Super>h" ];
move-right = [ "<Control><Super>Right" "<Shift><Super>l" ];
move-up = [ "<Control><Super>Up" "<Shift><Super>k" ];
switch-down = [ "<Super>Down" "<Super>j" ];
switch-left = [ "<Super>Left" "<Super>h" ];
switch-right = [ "<Super>Right" "<Super>l" ];
switch-up = [ "<Super>Up" "<Super>k" ];
};
};
freon = {
enable = true;
};
};
nightLight.enable = true;
};
fonts.fontconfig = {
enable = true;
defaultFonts = {
emoji = [ "Noto Color Emoji" ];
monospace = [ "IosevkaTerm NFM" ];
sansSerif = [ "Source Sans Pro" ];
};
};
targets.genericLinux.enable = true;
xdg.mime.enable = true;
xdg = {
enable = true;
configFile = {
tmux.source = dotfiles/tmux;
zsh.source = dotfiles/zsh;
"fd/ignore".text = ''
/.git/
'';
"vivaldi/NativeMessagingHosts/ff2mpv.json".text = builtins.toJSON {
name = "ff2mpv";
description = "ff2mpv's external manifest";
path = "${pkgs.ff2mpv-rust}/bin/ff2mpv-rust";
type = "stdio";
allowed_origins = [
"chrome-extension://ephjcajbkgplkjmelpglennepbpmdpjg/"
];
};
};
};
# Home Manager can also manage your environment variables through
# 'home.sessionVariables'. If you don't want to manage your shell through Home
# Manager then you have to manually source 'hm-session-vars.sh' located at
# either
#
# ~/.nix-profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# ~/.local/state/nix/profiles/profile/etc/profile.d/hm-session-vars.sh
#
# or
#
# /etc/profiles/per-user/jokke/etc/profile.d/hm-session-vars.sh
#
systemd.user.sessionVariables = {
NIXOS_OZONE_WL = 1;
NVIM_LISTEN_ADDRESS = "$XDG_RUNTIME_DIR/nvimsocket";
PAGER = "bat --paging=always --style=plain";
MANPAGER = "sh -c 'col -bx | bat -l man -p'";
MANROFFOPT = "-c";
DO_NOT_TRACK = 1;
};
home.shellAliases = {
_ = "sudo";
icr = "crystal i";
hm = "home-manager";
chat = "ssh root@ipv4.jokke.space pkill mosh; mosh weechat@ipv4.jokke.space";
wget = " wget --content-disposition";
pj = "jq | bat -l json";
ls = "ls --color=auto";
};
services.gpg-agent = with pkgs; {
enable = true;
enableSshSupport = true;
pinentryPackage = pinentry-gnome3;
};
programs.gpg.scdaemonSettings = {
disable-ccid = true;
};
xdg.configFile."autostart/gnome-keyring-ssh.desktop".text = lib.strings.concatLines [
(builtins.readFile "${pkgs.gnome-keyring}/etc/xdg/autostart/gnome-keyring-ssh.desktop")
"X-GNOME-Autostart-enabled=false"
];
gnome.automaticTimeZone = true;
}

69
home/common/dotfiles/tmux/tmux.conf Normal file
View File

@@ -0,0 +1,69 @@
# vim: ft=tmux
# original from bl1nk
# Styles
setw -g mode-style "fg=yellow,bg=default,bright"
setw -g window-status-style "fg=default,bg=default,dim"
setw -g window-status-current-style "fg=yellow,bg=default,dim"
set -g message-style "fg=red,bg=default,bright"
set -g status-style "fg=default,bg=black,bright"
set -g pane-active-border-style "fg=blue,bg=black"
set -g allow-passthrough 1
set-option -g set-titles on
set-option -g focus-events on
# set set-titles-string "#{session_name}"
# Options
set -g bell-action any
set -g history-limit 50000
set -g status on
#set -g status-keys vi
#set -g status-utf8 on
set -g set-titles on
set -g default-terminal "tmux-256color"
set -as terminal-features ",foot*:RGB,alacritty*:RGB,gnome*:RGB"
set -g set-titles-string "tmux:#I [ #W ]"
set -g base-index 1
set -g pane-base-index 1
set -g @plugin 'base16-project/base16-tmux'
set -g update-environment "DISPLAY SSH_ASKPASS SSH_AGENT_PID SSH_CONNECTION WINDOWID XAUTHORITY BASE16_SHELL"
set -g status-left-length 30
set -g status-left '[#[fg=white]#S]#[fg=black,bright] #[default]'
set -sg escape-time 0
#setw -g utf8 on
setw -g automatic-rename on
setw -g clock-mode-style 24
#setw -g mode-keys vi
setw -g mouse on
bind-key q confirm kill-pane
bind-key Q confirm kill-session
bind-key Tab next-window
bind-key > switchc -n
bind-key > switchc -p
bind-key C-n new-window -c "#{pane_current_path}"
bind-key C-t new-window -c "#{pane_current_path}" "~/bin/share-tty $(tmux display -p '#S')"
bind-key u run tmux-url-select
bind-key o split-window -h -c '#{pane_current_path}'
bind-key u split-window -v -c '#{pane_current_path}'
bind-key C-o split-window -h -c '#{pane_current_path}'
bind-key C-u split-window -v -c '#{pane_current_path}'
bind-key -r C-h select-pane -L
bind-key -r C-j select-pane -D
bind-key -r C-k select-pane -U
bind-key -r C-l select-pane -R
bind-key f resize-pane -Z
bind-key r source-file ~/.config/tmux/tmux.conf
bind-key -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe-and-cancel "xclip -i"
bind -T root MouseDown2Pane select-pane -t =\; run -b "xclip -o | tmux load-buffer - && tmux paste-buffer -s ' '"
run '~/.tmux/plugins/tpm/tpm'

1953
home/common/dotfiles/zsh/.zcompdump Normal file
View File

File diff suppressed because it is too large Load Diff

30
home/common/dotfiles/zsh/completion Normal file
View File

@@ -0,0 +1,30 @@
#!/bin/zsh
# The following lines were added by compinstall
zstyle ':completion:*' completer _expand _complete _ignored _approximate
zstyle ':completion:*' completions 1
zstyle ':completion:*' expand prefix
zstyle ':completion:*' format '%BCompleting %d%b'
zstyle ':completion:*' glob 1
zstyle ':completion:*' group-name ''
zstyle ':completion:*' ignore-parents parent pwd
zstyle ':completion:*' insert-unambiguous true
zstyle ':completion:*' list-colors ${(s.:.)LS_COLORS}
zstyle ':completion:*' list-prompt %SAt %p: Hit TAB for more, or the character to insert%s
zstyle ':completion:*' list-suffixes true
zstyle ':completion:*' matcher-list '' 'm:{[:lower:][:upper:]}={[:upper:][:lower:]}' 'r:|[._-]=** r:|=**' 'l:|=* r:|=*'
zstyle ':completion:*' max-errors 1
zstyle ':completion:*' menu select=3
zstyle ':completion:*' original true
zstyle ':completion:*' preserve-prefix '//[^/]##/'
zstyle ':completion:*' prompt 'Did you mean...'
zstyle ':completion:*' select-prompt %SScrolling active: current selection at %p%s
zstyle ':completion:*' squeeze-slashes true
zstyle ':completion:*' substitute 1
zstyle ':completion:*' verbose true
zstyle ':completion:*' word true
zstyle :compinstall filename "$ZDOTDIR/completion"
autoload -Uz compinit
compinit
# End of lines added by compinstall

64
home/common/dotfiles/zsh/functions Normal file
View File

@@ -0,0 +1,64 @@
#!/usr/bin/zsh
scratch () {
nvim -c ":set ft=$1" $(mktemp)
}
tsessions() {
tmux list-sessions -F '#{session_name} #{?session_attached,,not_attached}' | \
awk '/not_attached/{print $1}'
}
tkill() {
tsessions | fzf | xargs tmux kill-session -t
}
tswitch() {
tsessions | fzf | xargs tmux switch-client -t
}
tnew() {
tmux new -d -s "$@"
tmux switch-client -t $1
}
asciirec() {
local tempfile=$(mktemp /tmp/asciirec.XXXXX.asciinema.json)
asciinema rec "$tempfile"
fb "$tempfile"
rm "$tempfile"
}
fbs() {
local url=$1
local time=${2-5}
fb <<-HTML | rev | cut -c 2- | rev | xclip
<html>
<head>
<meta http-equiv="refresh" content="${time}; url=${url}" />
</head>
<body>
<h3>Redirect</h3>
<p>Redirecting you to <a href="${url}">${url}</a></p>
</body>
</html>
HTML
xclip -o
}
qrshow() {
local url=$1
[[ -z "$url" ]] && read url
qrencode -o - "$url" | feh -
}
envy() {
env $(cat .env | sed '/^\s*#/d') "$@"
}
add-hash() {
hash -d "$@=$PWD"
echo "hash -d '$@=$PWD'" >> "$ZDOTDIR/hashes"
}

79
home/common/dotfiles/zsh/init Normal file
View File

@@ -0,0 +1,79 @@
#!/bin/zsh
# History {{{
HISTFILE="$XDG_CACHE_HOME/zsh/history"
HISTSIZE=100000
SAVEHIST=100000
setopt hist_ignore_dups
setopt hist_ignore_space
setopt share_history
setopt autopushd
mkdir -p $(dirname "$HISTFILE")
# }}}
# Various options {{{
setopt autocd extendedglob nomatch notify histfindnodups
unsetopt beep
setopt interactive_comments
# }}}
# Vim mode
bindkey -v
# Keybindings {{{
bindkey '^?' backward-delete-char
bindkey '^h' backward-delete-char
bindkey '^w' backward-kill-word
bindkey '^r' history-incremental-pattern-search-backward
bindkey '^k' history-beginning-search-backward
bindkey '^j' history-beginning-search-forward
bindkey '^p' push-input
bindkey '^ ' fzf-cd-widget
# }}}
# Prompt {{{
autoload -Uz vcs_info
precmd_functions+=( vcs_info )
setopt prompt_subst
PROMPT="%#$([ -n "$IN_NIX_SHELL" ] && echo '%F{blue}ns%f') %1~%(0?..%F{red})>%f "
RPROMPT=\$vcs_info_msg_0_
zstyle ':vcs_info:git:*' check-for-changes true
zstyle ':vcs_info:git:*' formats '<%b> [%u%c]'
# }}}
# Safe rm {{{
alias rm='rm -I '
setopt rm_star_silent
# }}}
for file in completion functions; do
[ -f "$XDG_CONFIG_HOME/zsh/$file" ] || touch "$XDG_CONFIG_HOME/zsh/$file"
. "$XDG_CONFIG_HOME/zsh/$file"
done
# GPG Agent {{{
export GPG_TTY=$(tty)
gpg-connect-agent updatestartuptty /bye >/dev/null
# }}}
# Base16 {{{
export BASE16_SHELL="$HOME/.config/base16-shell/"
[ -n "$PS1" ] && \
[ -s "$BASE16_SHELL/profile_helper.sh" ] && \
eval "$("$BASE16_SHELL/profile_helper.sh")"
# }}}
# NVM {{{
#if [ -f /usr/share/nvm/init-nvm.sh ]; then
# source /usr/share/nvm/init-nvm.sh
#fi
# }}}
# ENVS {{{
#eval "$(rbenv init -)"
#. /usr/share/nvm/nvm.sh
# }}}
# vim: set foldmethod=marker

433
home/common/neovim/default.nix Normal file
View File

@@ -0,0 +1,433 @@
{ pkgs, lib, ... }:
{
imports = [ ../../modules/neovim ];
programs.neovim =
let
toLua = lib.generators.toLua { };
luaMap = rhs: { rhs = rhs; lua = true; options = { silent = true; }; };
in
{
enable = true;
defaultEditor = true;
options = {
number = true;
expandtab = true;
tabstop = 2;
shiftwidth = 2;
softtabstop = 2;
signcolumn = "yes";
modeline = true;
hidden = true;
listchars = "tab: ,trail:·";
list = true;
undofile = true;
winblend = 30;
};
withTreesitterPlugins = p: [
p.lua
p.vim
p.vimdoc
p.nix
p.query
p.make
];
formatters = [
{
filetypes = [ "nix" ];
globs = [ "*.nix" ];
exe = "${pkgs.nixpkgs-fmt}/bin/nixpkgs-fmt";
stdin = true;
}
{
filetypes = [ "lua" ];
globs = [ "*.lua" ];
exe = "${pkgs.stylua}/bin/stylua";
args = _: [ "-" ];
stdin = true;
}
{
filetypes = [ "crystal" ];
globs = [ "*.cr" ];
exe = "${pkgs.crystal}/bin/crystal";
args = file: [ "tool" "format" ];
stdin = false;
}
];
autoCommands = [
{
event = "FileType";
pattern = [ "lua" ];
command = "setlocal expandtab";
}
{
event = "FileType";
pattern = [
"makefile"
];
command = "setlocal shiftwidth=4 tabstop=4 softtabstop=4 noexpandtab";
}
{
event = "FileType";
pattern = [ "gitcommit" "gitrebase" "gitconfig" ];
command = "set bufhidden=delete";
}
{
event = "BufWinEnter";
pattern = "*";
command = "if line2byte(line('$')) > 1000000 | syntax clear | endif";
}
];
signs = {
error = "";
warning = "";
hint = "";
info = "";
};
env = {
GIT_EDITOR = "nvr -cc split --remote-wait";
EDITOR = "nvr -cc close --remote-wait";
};
leader = " ";
mappings = {
normal = {
"<C-h>" = "<C-w>h";
"<C-j>" = "<C-w>j";
"<C-k>" = "<C-w>k";
"<C-l>" = "<c-w>l";
"n" = "n";
};
visual = {
"<tab>" = ">gv^";
"<s-tab>" = "<gv^";
};
};
snippets = {
snippets = ./snippets;
luasnippets = ./luasnippets;
};
plug = with pkgs.vimPlugins; [
vimpeccable
vim-crystal
{
plugin = telescope-nvim;
dependencies = [ plenary-nvim telescope-file-browser-nvim commander-nvim telescope-ui-select-nvim ];
config =
let
commands = [
{ cmd = "<cmd>!rails db:migrate<cr>"; desc = "Run rails migrations"; }
{ cmd = "<cmd>!yarn codegen --no-watch<cr>"; desc = "Run yarn codegen"; }
{ cmd = "<cmd>!rails translations:update<cr>"; desc = "Update i18n translations"; }
{ cmd = "<cmd>!deploy staging-v6 -t $(git branch --show-current)<cr>"; desc = "Deploy to staging"; }
{ cmd = "<cmd>!db-restore -d db-prod-inc<cr>"; desc = "Restore db from prod-inc"; }
];
mappings = { i = { "<c-h>" = "which_key"; }; };
in
''
local telescope = require('telescope')
local commander = require('commander')
commander.add(${toLua commands})
telescope.load_extension('commander')
telescope.load_extension('ui-select')
telescope.setup({
defaults = { mappings = ${toLua mappings}, winblend = 30; },
pickers = {
find_files = {
find_command = { "${pkgs.fd}/bin/fd", "-H", "--type=file", "--type=symlink" }
},
},
extensions = {
file_browser = {
hidden = true
},
}
})
'';
mappings = {
normal = (
lib.attrsets.mapAttrs
(key: value: luaMap "require('telescope.builtin').${value}")
{
"<leader>f" = "find_files";
"<leader>r" = "live_grep";
"<leader>b" = "buffers";
"<leader>h" = "help_tags";
"<leader>o" = "oldfiles";
"<leader>s" = "git_status";
"<leader>/" = "current_buffer_fuzzy_find";
"<leader>c" = "git_branches";
}
) // (
lib.attrsets.mapAttrs
(key: value: luaMap "require('telescope').extensions.${value}")
{
"<leader>n" = "file_browser.file_browser";
"<leader>:" = "commander.filter";
}
);
};
}
{
plugin = base16-nvim;
config = ''
vim.opt.termguicolors = true
vim.cmd('colorscheme base16-tomorrow-night')
'';
}
{ plugin = octo-nvim; config = "require('octo').setup()"; }
{
plugin = gitsigns-nvim;
dependencies = [ plenary-nvim ];
config = ''
require('gitsigns').setup(${toLua {
current_line_blame = true;
}})
'';
}
{ plugin = windline-nvim; config = "require('wlsample.airline')"; }
{
plugin = luasnip;
config = ''
require('luasnip.loaders.from_snipmate').lazy_load()
require('luasnip.loaders.from_lua').lazy_load()
local luasnip = require('luasnip')
luasnip.setup({ updateevents = 'TextChanged,TextChangedI' })
'';
mappings =
let
mapping = rhs: luaMap "function() ${rhs} end";
mappings = {
"<c-n>" = mapping "luasnip.jump(1)";
"<c-p>" = mapping "luasnip.jump(-1)";
"<c-e>" = mapping "if luasnip.choice_active() then luasnip.change_choice(1) end";
};
in
{
insert = mappings;
select = mappings;
};
}
{ plugin = vim-abolish; }
{ plugin = NrrwRgn; }
{
plugin = trouble-nvim;
dependencies = [ nvim-web-devicons ];
mappings =
let
mapping = rhs: luaMap "function() require('trouble').${rhs} end";
in
{
normal = {
"<leader>xx" = mapping "open()";
"<leader>xd" = mapping "open('document_diagnostics')";
"<leader>xl" = mapping "open('loclist')";
"gR" = mapping "open('lsp_references')";
};
};
}
{ plugin = twilight-nvim; }
{ plugin = which-key-nvim; }
{ plugin = zen-mode-nvim; }
{
plugin = diffview-nvim;
config =
let
config = {
default = {
layout = "diff2_vertical";
};
merge_tool = {
layout = "diff3_vertical";
};
file_history = {
layout = "diff2_vertical";
};
};
in
''
require('diffview').setup(${toLua config})
'';
}
{
plugin = toggleterm-nvim;
dependencies = [ plenary-nvim pkgs.lazygit ];
config = ''
local Terminal = require('toggleterm.terminal').Terminal
local lazygit = Terminal:new({
cmd = "${pkgs.lazygit}/bin/lazygit",
dir = "git_dir",
direction = "float",
hidden = true,
on_open = function (term)
vim.cmd('startinsert!')
vim.api.nvim_buf_set_keymap(term.bufnr, 'n', 'q', '<cmd>close<cr>', { noremap = true, silent = true })
end,
on_close = function (term)
vim.cmd('startinsert!')
end,
})
'';
mappings = {
normal = {
"<leader>g" = luaMap "function () lazygit:toggle() end";
};
};
}
{
plugin = copilot-cmp;
dependencies = [{
plugin = copilot-lua;
config = ''
require('copilot').setup({
suggestion = { enabled = false },
panel = { enajkbled = false },
copilot_node_command = '${pkgs.nodejs}/bin/node',
})
'';
}];
config = ''
require('copilot_cmp').setup()
'';
}
{
plugin = gen-nvim;
config =
let
config = {
model = "llama3";
};
in
''
require('gen').setup(${toLua config})
'';
}
{
plugin = bufferline-nvim;
config =
let
options = {
hover = {
enabled = true;
delay = 200;
reveal = [ "close" ];
};
};
in
''
require('bufferline').setup({ options = ${toLua options} })
'';
dependencies = [{
plugin = nvim-web-devicons;
}];
}
];
lsp = {
servers = with pkgs; [
{
name = "lua_ls";
config = {
settings = {
Lua = {
diagnostics = {
globals = [ "vim" ];
};
};
};
};
package = lua-language-server;
}
{
name = "yamlls";
config = {
settings = {
redhat = { telemetry = { enabled = false; }; };
yaml = {
schemas = {
"https://json.schemastore.org/github-workflow" = ".github/workflows/*.yml";
"https://json.schemastore.org/prettierrc" = ".prettierrc";
"https://json.schemastore.org/prettierrc.yml" = ".prettierrc.yml";
"https://json.schemastore.org/prettierrc.yaml" = ".prettierrc.yaml";
"https://json.schemastore.org/prettier.config.yml" = "prettier.config.yml";
"https://json.schemastore.org/prettier.config.yaml" = "prettier.config.yaml";
"https://schema.jokke.space/caddy.json" = [ "*caddy*.yml" "*caddy*.yaml" ];
};
};
};
};
package = yaml-language-server;
}
{
name = "tailwindcss";
config = {
settings = {
tailwindCSS = {
classAttributes = [ "class" "className" ];
};
};
};
package = tailwindcss-language-server;
}
{
name = "ts_ls";
package = nodePackages.typescript-language-server;
config = {
single_file_support = false;
};
rootPattern = [ "package.json" ];
}
{ name = "eslint"; package = vscode-langservers-extracted; }
{ name = "nixd"; package = nixd; }
{
name = "bashls";
package = nodePackages.bash-language-server.overrideAttrs (oldAttrs: {
buildDependencies = [ shellcheck ];
afterInstall = ''
wrapProgram "$out/bin/bash-language-server" --prefix PATH : "${shellcheck}/bin"
'';
});
}
{
name = "crystalline";
package = crystalline;
}
{
name = "rust_analyzer";
package = rust-analyzer;
}
];
mappings = {
buf = {
declaration = "gD";
definition = "gd";
hover = "K";
implementation = "gi";
type_definition = "<leader>D";
rename = "<leader>rn";
code_action = "<leader>ca";
};
diagnostic = {
show_line_diagnostics = "<leader>e";
goto_prev = "[d";
goto_next = "]d";
set_loclist = "<leader>q";
};
};
};
extraLuaConfig = ''
local function close_all_other_buffers(opts)
local current_buf = vim.api.nvim_get_current_buf()
local buffers = vim.api.nvim_list_bufs()
for _, buf in ipairs(buffers) do
if buf ~= current_buf and vim.api.nvim_buf_is_loaded(buf) then
vim.api.nvim_buf_delete(buf, { force = opts.bang })
end
end
end
vim.api.nvim_create_user_command('CloseOtherBuffers', close_all_other_buffers, { bang = true })
'';
};
}

46
home/common/neovim/formatters.lua Normal file
View File

@@ -0,0 +1,46 @@
local Formatters = {}
Formatters.setup = function()
local formatter = require('formatter')
local util = require('formatter.util')
local js = {
function ()
return {
exe = "npx",
args = {"prettier", "--stdin-filepath", util.escape_path(util.get_current_buffer_file_name())},
stdin = true,
}
end
}
local ruby = {
function ()
return {
exe = "bundle",
args = {"exec", "rufo", "-x", "--filename", util.escape_path(util.get_current_buffer_file_name())},
stdin = true,
}
end
}
formatter.setup {
filetype = {
javascript = js,
typescript = js,
javascriptreact = js,
typescriptreact = js,
svelte = js,
ruby = ruby,
haml = ruby,
}
}
vim.api.nvim_create_autocmd("BufWritePost", {
pattern = { "*.js", "*.ts", "*.jsx", "*.tsx", "*.svelte", "*.rb", "*.haml", "Gemfile", "*.rake" },
command = "FormatWrite",
group = vim.api.nvim_create_augroup("FormatAutogroup", { clear = true }),
})
end
Formatters.setup()

83
home/common/neovim/luasnippets/typescriptreact.lua Normal file
View File

@@ -0,0 +1,83 @@
local ls = require("luasnip")
local fmt = require("luasnip.extras.fmt").fmt
local s = ls.snippet
local sn = ls.snippet_node
local i = ls.insert_node
local f = ls.function_node
local d = ls.dynamic_node
return {
s(
{ trig = "fc", desc = "React.FC" },
fmt(
[[
import React from "react"
interface {props_name} {{
{prop_types}
}}
const {component_name}: React.FC<{props_name}> = ({props}) => {{
return (
{markup}
)
}}
export default {component_name}
]],
{
props_name = i(3, "Props"),
prop_types = i(2),
component_name = d(1, function()
local filename = vim.api.nvim_buf_get_name(0)
local component_name
if filename == "index.tsx" then
component_name = vim.fs.basename(vim.fs.dirname(filename))
else
component_name = vim.fs.basename(filename):match("(.+)%.tsx")
end
return sn(nil, i(1, component_name))
end),
props = f(function(prop_types)
local props = {}
for _, prop in ipairs(prop_types[1]) do
local parts = vim.split(prop, ":", { plain = true, trimempty = true })
local name = parts[1]
if name then
table.insert(props, vim.trim(name))
end
end
return "{ " .. table.concat(props, ", ") .. " }"
end, { 2 }),
markup = i(0),
},
{
repeat_duplicates = true,
}
)
),
s(
{ trig = "t", desc = "<tag>" },
fmt(
[[
<{tag}>
{children}
</{closing_tag}>
]],
{
tag = i(1, "div"),
closing_tag = f(function(tag)
return vim.split(tag[1][1], " ")[1]
end, { 1 }),
children = i(0),
},
{
repeat_duplicates = true,
}
)
),
}

33
home/common/neovim/snippets/ruby.snippets Normal file
View File

@@ -0,0 +1,33 @@
snippet if ruby if statement
if $1
$0
end
snippet qt graphql query test
require "test_helper"
module Graphql
module Queries
class $1Test < ActionDispatch::IntegrationTest
setup do
@user = users(:tobias)
rack_login(@user)
end
test "Query$1" do
run_query("Query$1") do |json, msg|
$0
end
end
test "Query$1 without $2 permissions" do
@user.permission.update!($2: 0)
run_query("Query$1") do |json, msg|
assert false
end
end
end
end
end

1
home/common/neovim/snippets/typescriptreact.snippets Normal file
View File

@@ -0,0 +1 @@

10
home/custom-programs/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
let
inherit (builtins) attrNames filter readDir;
dirs =
let files = readDir ./.;
in filter (name: files."${name}" == "directory") (attrNames files);
in
{
imports = map (dir: ./${dir}) dirs;
}

30
home/custom-programs/fb-client/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{ pkgs, config, lib, ... }:
let
cfg = config.programs.fb-client;
in
{
options.programs.fb-client = let inherit (lib) mkEnableOption mkOption types; in {
enable = mkEnableOption { };
pastebin = mkOption {
type = types.str;
default = "https://paste.xinu.at";
};
clipboard_cmd = mkOption {
type = types.pathInStore;
default = "${pkgs.wl-clipboard}/bin/wl-copy";
};
};
config = lib.mkIf cfg.enable {
home.packages = [ pkgs.fb-client ];
xdg = {
configFile = {
"fb-client/config".text = ''
pastebin="${cfg.pastebin}"
apikey_file="${config.xdg.dataHome}/fb-client/apikey"
clipboard_cmd="${cfg.clipboard_cmd}"
'';
};
};
};
}

13
home/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ inputs, ... }:
{
home-manager = {
users = {
jokke = import ./jokke;
moco = import ./moco;
};
extraSpecialArgs = { inherit inputs; };
sharedModules = [ (import ./common) ];
useUserPackages = true;
useGlobalPkgs = true;
};
}

130
home/gnome/default.nix Normal file
View File

@@ -0,0 +1,130 @@
{ config, lib, osConfig, ... }:
let
cfg = config.gnome;
in
{
imports = [ ./extensions ];
options.gnome = with lib.types; {
profilePicture = lib.mkOption {
type = nullOr path;
default = null;
};
keyboard = {
sources = lib.mkOption {
type = listOf str;
default = [ "us" ];
};
};
keybindings = {
builtin = lib.mkOption {
type = attrsOf (listOf str);
default = { };
};
custom = lib.mkOption {
type = listOf (submodule {
options = {
binding = lib.mkOption { type = str; };
command = lib.mkOption { type = str; };
name = lib.mkOption { type = str; };
};
});
default = [ ];
};
};
scalingFactor = lib.mkOption {
type = numbers.positive;
default = 1;
};
power = {
powerButton = lib.mkOption {
type = enum [ "suspend" "interactive" "hibernate" "nothing" ];
default = "interactive";
};
};
nightLight = {
enable = lib.mkEnableOption { };
temperature = lib.mkOption {
type = ints.between 1700 4700;
default = 2700;
};
schedule = lib.mkOption {
type = nullOr (submodule {
options = {
from = lib.mkOption {
type = numbers.between 0 23.99;
default = 20.0;
};
to = lib.mkOption {
type = numbers.between 0 23.99;
default = 8.0;
};
};
});
default = null;
};
};
calendar = {
showWeekNumbers = lib.mkEnableOption { };
};
automaticTimeZone = lib.mkEnableOption { };
region = lib.mkOption {
type = str;
default = osConfig.i18n.defaultLocale;
};
};
config = {
dconf.settings = with lib.hm.gvariant; {
"org/gnome/shell/keybindings" = cfg.keybindings.builtin;
"org/gnome/settings-daemon/plugins/media-keys" = {
custom-keybindings = (
lib.lists.imap0
(i: _: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}/")
cfg.keybindings.custom
);
};
"org/gnome/desktop/input-sources" = {
sources = map (source: mkTuple [ "xkb" source ]) cfg.keyboard.sources;
};
"org/gnome/mutter" = {
experimental-features = [ "scale-monitor-framebuffer" ];
};
"org/gnome/settings-daemon/plugins/xsettings" = {
overrides = [ (mkTuple [ "GdkWindowScalingFactor" cfg.scalingFactor ]) ];
};
"org/gnome/desktop/interface" = {
scaling-factor = cfg.scalingFactor;
};
"org/gnome/settings-daemon/plugins/power" = {
"power-button-action" = cfg.power.powerButton;
};
"org/gnome/settings-daemon/plugins/color" = with cfg.nightLight; {
night-light-enabled = enable;
night-light-temperature = temperature;
night-light-schedule-automatic = isNull schedule;
night-light-schedule-from = lib.mkIf (!isNull schedule) schedule.from;
night-light-schedule-to = lib.mkIf (!isNull schedule) schedule.to;
};
"org/gnome/desktop/calendar" = {
show-weekdate = cfg.calendar.showWeekNumbers;
};
"org/gnome/desktop/datetime" = {
automatic-timezone = cfg.automaticTimeZone;
};
"system/locale" = {
region = cfg.region;
};
} // (
builtins.listToAttrs (
lib.lists.imap0
(i: keybinding: {
name = "org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString i}";
value = keybinding;
})
cfg.keybindings.custom
)
);
home.file.".face".source = lib.mkIf (!isNull cfg.profilePicture) cfg.profilePicture;
};
}

10
home/gnome/extensions/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ ... }:
let
inherit (builtins) attrNames filter readDir;
dirs =
let files = readDir ./.;
in filter (name: files."${name}" == "directory") (attrNames files);
in
{
imports = map (dir: ./${dir}) dirs;
}

24
home/gnome/extensions/freon/default.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
let
cfg = config.gnome.extensions.freon;
in
{
options.gnome.extensions = with lib.types; {
freon = {
enable = lib.mkEnableOption { };
package = lib.mkOption {
type = package;
default = pkgs.gnomeExtensions.freon;
};
};
};
config = lib.mkIf cfg.enable {
dconf.settings = {
"org/gnome/shell".enabled-extensions = [
cfg.package.extensionUuid
];
};
home.packages = [ cfg.package ];
};
}

48
home/gnome/extensions/paperwm/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{ config, pkgs, lib, ... }:
let
cfg = config.gnome.extensions;
in
{
options.gnome.extensions = with lib.types; {
paperwm = {
enable = lib.mkEnableOption { };
package = lib.mkOption {
type = package;
default = pkgs.gnomeExtensions.paperwm;
};
cycle-height-steps = lib.mkOption { type = listOf numbers.nonnegative; default = [ 0.33 0.5 0.67 1.0 ]; };
cycle-width-steps = lib.mkOption { type = listOf numbers.nonnegative; default = [ 0.33 0.5 0.67 1.0 ]; };
horizontal-margin = lib.mkOption { type = ints.unsigned; default = 5; };
vertical-margin = lib.mkOption { type = ints.unsigned; default = 5; };
window-gap = lib.mkOption { type = ints.unsigned; default = 5; };
winprops = lib.mkOption {
type = listOf (submodule {
options = {
wm_class = lib.mkOption { type = str; default = ""; };
title = lib.mkOption { type = str; default = ""; };
scratch_layer = lib.mkEnableOption { };
preferredWidth = lib.mkOption { type = nullOr str; default = null; };
};
});
default = [ ];
};
keybindings = lib.mkOption {
type = attrsOf (listOf str);
default = { };
};
};
};
config = lib.mkIf cfg.paperwm.enable {
home.packages = [ cfg.paperwm.package ];
dconf.settings = {
"org/gnome/shell".enabled-extensions =
lib.mkIf cfg.paperwm.enable [ cfg.paperwm.package.extensionUuid ];
"org/gnome/shell/extensions/paperwm" = with cfg.paperwm; lib.mkIf cfg.paperwm.enable {
inherit cycle-height-steps cycle-width-steps horizontal-margin vertical-margin window-gap;
winprops = map (props: builtins.toJSON props) winprops;
};
"org/gnome/shell/extensions/paperwm/keybindings" = lib.mkIf cfg.paperwm.enable cfg.paperwm.keybindings;
};
};
}

101
home/jokke/default.nix Normal file
View File

@@ -0,0 +1,101 @@
{ pkgs, inputs, ... }:
{
config = {
# Home Manager needs a bit of information about you and the paths it should
# manage.
home.username = "jokke";
home.homeDirectory = "/home/jokke";
home.packages = with pkgs; [
ffmpeg
mediainfo
git-lfs
telegram-desktop
shards
deno
virt-manager
gimp
lftp
inkscape
wineWowPackages.waylandFull
reaper
inputs.ksoloti-pr.legacyPackages.${pkgs.system}.ksoloti
calibre
jellyfin-media-player
darktable
openscad
shutter
];
gnome.profilePicture = ../assets/profile-pictures/jokke.png;
programs.neovim = {
extraPackages = with pkgs; [
nodePackages.graphql-language-service-cli
];
withTreesitterPlugins = p: [
p.typescript
p.svelte
p.prisma
p.graphql
];
formatters = [
{
filetypes = [ "typescript" "typescriptreact" "svelte" ];
globs = [ "*.ts" "*.tsx" "*.svelte" ];
exe = "npx";
args = file: [ "prettier" "--stdin-filepath" file ];
stdin = true;
}
{
filetypes = [ "prisma" ];
globs = [ "*.prisma" ];
exe = "${pkgs.nodePackages.prisma}/bin/prisma";
args = file: [ "format" "--schema" ];
stdin = false;
}
];
lsp.servers = with pkgs; [
{
name = "svelte";
package = nodePackages.svelte-language-server;
}
{
name = "denols";
package = deno;
rootPattern = [ "deno.json" ];
}
{
name = "prismals";
package = nodePackages."@prisma/language-server";
rootPattern = [ "package.json" "deno.json" ];
}
{
name = "graphql";
package = nodePackages.graphql-language-service-cli;
config = {
filetypes = [ "typescript" "typescriptreact" "graphql" "svelte" ];
};
}
];
};
programs.ssh.matchBlocks = {
"alderaan" = {
hostname = "alderaan.space";
user = "root";
};
"base.alderaan" = {
hostname = "base.alderaan.space";
user = "luke";
};
"jokke.space" = {
user = "root";
};
};
programs.git.extraConfig.user.email = "joakim@repomaa.com";
services.syncthing = {
enable = true;
};
};
}

201
home/moco/default.nix Normal file
View File

@@ -0,0 +1,201 @@
{ pkgs, ... }:
let
homeDirectory = "/home/moco";
in
{
# Home Manager needs a bit of information about you and the paths it should
# manage.
home = {
username = "moco";
inherit homeDirectory;
packages = with pkgs; [
(slack.overrideAttrs (oldAttrs: {
fixupPhase = ''
sed -i -e 's/,"WebRTCPipeWireCapturer"/,"LebRTCPipeWireCapturer"/' $out/lib/slack/resources/app.asar
rm $out/bin/slack
makeWrapper $out/lib/slack/slack $out/bin/slack \
--prefix XDG_DATA_DIRS : $GSETTINGS_SCHEMAS_PATH \
--suffix PATH : ${lib.makeBinPath [ xdg-utils ]} \
--add-flags "--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations,WebRTCPipeWireCapturer"
'';
}))
kooha
gnome-pomodoro
mitmproxy
(writeShellScriptBin "moco-admin-pw" ''
password=$(op item get fkj74ou6jfex7a6gcinac6o5oe --reveal --fields label=Kennwort)
otp=$(ykman oath accounts code -s 'MOCO:Admin')
echo "''${password}''${otp}" | wl-copy -n
'')
(writeShellScriptBin "moco-reto-otp" ''
ykman oath accounts code -s 'MOCO Reto' | wl-copy -n
'')
];
};
gnome = {
profilePicture = ../assets/profile-pictures/moco.png;
calendar.showWeekNumbers = true;
extensions.paperwm.winprops = [
{ wm_class = "gnome-pomodoro"; scratch_layer = true; }
];
};
programs.poetry = {
enable = true;
settings = {
virtualenvs = {
create = true;
inProject = true;
};
};
};
programs.zsh = {
cdpath = [
"${homeDirectory}/Code/mocoapp"
"${homeDirectory}/Code/mocoapp-promo"
"${homeDirectory}/Code/mocoapp-llama"
];
dirHashes = {
moco = "${homeDirectory}/Code/mocoapp";
promo = "${homeDirectory}/Code/mocoapp-promo";
llama = "${homeDirectory}/Code/mocoapp-llama";
};
};
programs.git.extraConfig.user.email = "joakim.repomaa@mocoapp.com";
programs.neovim = {
withTreesitterPlugins = p: [
p.ruby
p.javascript
p.typescript
p.graphql
];
formatters = [
{
filetypes = [ "ruby" ];
globs = [ "*.rb" "Gemfile" "*.rake" ];
exe = "bundle";
args = file: [ "exec" "rufo" "-x" "--filename" file ];
stdin = true;
}
{
filetypes = [ "javascript" "typescript" "javascriptreact" "typescriptreact" ];
globs = [ "*.js" "*.jsx" "*.ts" "*.tsx" ];
exe = "npx";
args = file: [ "prettier" "--stdin-filepath" file ];
stdin = true;
}
];
lsp.servers = with pkgs; [
{
name = "ruby_lsp";
config = {
init_options = {
formatter = "auto";
};
};
package = ruby-lsp;
}
{
name = "graphql";
package = nodePackages.graphql-language-service-cli;
}
];
};
programs.ssh.matchBlocks =
let
aliases = [ "moco" "mocoapp" "mocoapp.com" ];
matcher = subdomains:
builtins.concatStringsSep " " (
map
(alias: builtins.concatStringsSep " " (
map (subdomain: "*.${subdomain}.${alias} ${subdomain}.${alias}") subdomains
))
aliases);
in
{
"console.*.moco" = {
extraOptions = {
RequestTTY = "force";
RemoteCommand = "./rails-console.sh";
};
};
"${matcher ["reto" "reto.intern"]}" = {
hostname = "reto.intern.mocoapp.com";
user = "jokke";
};
"${matcher ["web"]}" = {
hostname = "mocoapp.com";
};
"${matcher ["prod-inc"]}" = {
hostname = "prod-inc.mocoapp.com";
};
"${matcher ["prod"]}" = {
hostname = "web02.mocoapp";
};
"${matcher ["pfg" "primeforcegroup"]}" = {
hostname = "primeforcegroup.mocoapp.com";
};
"${matcher ["crafft"]}" = {
hostname = "crafft.mocoapp.com";
};
"${matcher ["bd" "businessdecision"]}" = {
hostname = "businessdecision.mocoapp.com";
};
"${matcher ["festland"]}" = {
hostname = "festland.mocoapp.com";
};
"${matcher ["oi" "one-inside"]}" = {
hostname = "one-inside.mocoapp.com";
};
"${matcher ["se" "scope-engineering"]}" = {
hostname = "scope-engineering.mocoapp.com";
};
"${matcher ["cpc" "cpc-ag"]}" = {
hostname = "cpc-ag.mocoapp.com";
};
"${matcher ["weareact3"]}" = {
hostname = "weareact3.mocoapp.com";
};
"${matcher ["avenit"]}" = {
hostname = "avenit.mocoapp.com";
};
"${matcher ["staging"]}" = {
hostname = "staging.mocoapp.com";
};
"${matcher ["staging-v2"]}" = {
hostname = "staging-v2.mocoapp.com";
};
"${matcher ["staging-v3"]}" = {
hostname = "staging-v3.mocoapp.com";
};
"${matcher ["staging-v4"]}" = {
hostname = "staging-v4.mocoapp.com";
};
"${matcher ["staging-v5"]}" = {
hostname = "staging-v5.mocoapp.com";
};
"${matcher ["staging-v6"]}" = {
hostname = "staging-v6.mocoapp.com";
};
"${matcher ["prod-db" "production-db"]}" = {
hostname = "production-db.mocoapp";
};
"${matcher ["pdf-renderer"]}" = {
hostname = "mocoapp-pdf-renderer01.mocoapp.com";
};
"*.moco *.mocoapp *.mocoapp.com" = {
forwardAgent = true;
};
"*.moco !reto.moco *.mocoapp.com !reto.mocoapp.com" = {
user = "butler";
};
};
}

392
home/modules/neovim/default.nix Normal file
View File

@@ -0,0 +1,392 @@
{ config, pkgs, lib, ... }:
let
cfg = config.programs.neovim;
toLua = lib.generators.toLua { };
buildPluginConfig = p:
let
pluginConfig = if builtins.hasAttr "plugin" p then p else { plugin = p; };
name = pluginConfig.plugin.name;
config = if (builtins.isNull pluginConfig.config or null) then "" else pluginConfig.config;
mappings = if (builtins.isNull pluginConfig.mappings or null) then "" else generateMappings pluginConfig.mappings;
mergedConfig = config + mappings;
in
[
{
plugin = pluginConfig.plugin;
config = lib.modules.mkIf (mergedConfig != "") ''
Plugins[${toLua name}] = {}
Plugins[${toLua name}].setup = function()
${lib.strings.concatMapStrings
(line: if line == "" then "" else " ${line}\n")
(lib.strings.splitString "\n" mergedConfig)
}
end
Plugins[${toLua name}].setup()
'';
type = "lua";
}
] ++ (
lib.lists.concatMap buildPluginConfig pluginConfig.dependencies or [ ]
);
lspPluginConfig = with pkgs.vimPlugins; {
plugin = nvim-lspconfig;
dependencies = [
nvim-cmp
cmp-nvim-lsp
cmp_luasnip
luasnip
];
config = (builtins.readFile ./lsp-config.lua) + ''
local capabilities = vim.lsp.protocol.make_client_capabilities()
capabilities.workspace.didChangeWatchedFiles.dynamicRegistration = true
local lspconfig = require('lspconfig')
local util = require('lspconfig.util')
local on_attach = function (client, bufnr)
local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end
local map = function (lhs, rhs)
print('set mapping ' .. lhs)
end
-- Enable completion triggered by <c-x><c-o>
buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc')
-- Mappings.
-- See `:help vim.lsp.*` for documentation on any of the below functions
${lib.strings.concatLines (lib.attrsets.mapAttrsToList (name: value: ''
local buf_${name} = vim.lsp.buf[${toLua name}]
if buf_${name} then
vim.keymap.set('n', ${toLua value}, buf_${name}, { buffer = bufnr })
end
''
) cfg.lsp.mappings.buf)}
${lib.strings.concatLines (lib.attrsets.mapAttrsToList (name: value: ''
local diagnostic_${name} = vim.lsp.buf[${toLua name}]
if diagnostic_${name} then
vim.keymap.set('n', ${toLua value}, diagnostic_${name}, { buffer = bufnr })
end
'') cfg.lsp.mappings.diagnostic)}
end
vim.env.PATH = ${toLua (lib.makeBinPath (map (s: s.package) (builtins.filter (s: builtins.hasAttr "package" s) cfg.lsp.servers)) + ":")} .. vim.env.PATH
local servers = ${toLua (map (
{ name, config ? {}, rootPattern ? null, ... }: {
inherit name;
config = config // (if (builtins.isNull rootPattern) then {} else { inherit rootPattern; });
}
) cfg.lsp.servers)}
for _, server in ipairs(servers) do
local server_config = server.config
server_config.on_attach = on_attach
server_config.capabilities = capabilities
server_config.flags = {
debounce_text_changes = 150
}
if server_config.rootPattern then
server_config.root_dir = util.root_pattern(
unpack(server_config.rootPattern)
)
end
lspconfig[server.name].setup(server_config)
end
'';
};
treesitterPluginConfig = with pkgs.vimPlugins; {
plugin = nvim-treesitter.withPlugins cfg.withTreesitterPlugins;
config = ''
require('nvim-treesitter.configs').setup(${toLua {
highlight = {
enable = true;
additional_vim_regex_highlighting = false;
};
}});
'';
};
formatterPluginConfig = with pkgs.vimPlugins; {
plugin = formatter-nvim;
config = ''
local formatter = require('formatter')
local util = require('formatter.util')
formatter.setup({
filetype = {
${lib.strings.concatMapStringsSep ",\n " ({ exe, args, stdin, no_append, filetypes, ... }:
lib.strings.concatMapStringsSep ",\n " (filetype: ''
[${toLua filetype}] = {
function ()
return {
exe = ${toLua exe},
args = {
${lib.strings.concatMapStringsSep ",\n " (arg:
if arg == "<<FILE>>"
then "util.escape_path(util.get_current_buffer_file_path())"
else toLua arg
) (args "<<FILE>>")}
},
stdin = ${toLua stdin},
no_append = ${toLua no_append},
}
end
}
'') filetypes
) cfg.formatters}
}
})
${generateAutoCommand {
event = "BufWritePost";
pattern = lib.lists.concatMap ({ globs, ... }: globs) cfg.formatters;
command = "FormatWrite";
group = "FormatAutogroup";
}}
'';
};
customTypes = let inherit (lib) mkOption mkEnableOption types; in {
mapping = types.submodule {
options = {
rhs = mkOption { type = types.str; };
lua = mkEnableOption { };
options = mkOption {
type = types.nullOr (
types.submodule {
options = {
buffer = mkOption { type = types.nullOr (types.either types.int types.bool); default = null; };
nowait = mkOption { type = types.nullOr types.bool; default = null; };
silent = mkOption { type = types.nullOr types.bool; default = null; };
expr = mkOption { type = types.nullOr types.bool; default = null; };
script = mkOption { type = types.nullOr types.bool; default = null; };
unique = mkOption { type = types.nullOr types.bool; default = null; };
replace_keycodes = mkOption { type = types.nullOr types.bool; default = null; };
};
}
);
default = { };
};
};
};
modeMappings = types.attrsOf (types.either types.str customTypes.mapping);
mappings = types.submodule {
options = {
normal = mkOption { type = customTypes.modeMappings; default = { }; };
insert = mkOption { type = customTypes.modeMappings; default = { }; };
visual = mkOption { type = customTypes.modeMappings; default = { }; };
command = mkOption { type = customTypes.modeMappings; default = { }; };
select = mkOption { type = customTypes.modeMappings; default = { }; };
};
};
plugin = types.either types.package (types.submodule {
options = {
plugin = mkOption { type = types.package; };
dependencies = mkOption {
type = types.listOf customTypes.plugin;
default = [ ];
};
mappings = mkOption { type = customTypes.mappings; default = { }; };
config = mkOption { type = types.nullOr types.str; default = null; };
};
});
autoCommand = types.submodule {
options = {
event = mkOption { type = types.either types.str (types.listOf types.str); };
pattern = mkOption { type = types.either types.str (types.listOf types.str); };
command = mkOption { type = types.str; };
};
};
lspServer = types.submodule {
options = {
name = mkOption { type = types.str; };
config = mkOption { type = types.attrs; default = { }; };
package = mkOption { type = types.nullOr types.package; default = null; };
rootPattern = mkOption { type = types.nullOr (types.listOf types.str); default = null; };
};
};
formatter = types.submodule {
options = {
filetypes = mkOption { type = types.listOf types.str; };
globs = mkOption { type = types.listOf types.str; };
exe = mkOption { type = types.either types.path types.str; };
args = mkOption { type = types.functionTo (types.listOf types.str); default = _: [ ]; };
stdin = mkEnableOption { };
no_append = mkEnableOption { };
};
};
};
generateMappings = mappings: lib.strings.concatLines (
lib.attrsets.mapAttrsToList
(mode: modeMappings:
lib.strings.concatLines (
lib.attrsets.mapAttrsToList
(name: value:
let
mapping = { lhs = name; lua = false; options = { }; } // (if builtins.isString value then { rhs = value; } else value);
args = [
(toLua (builtins.substring 0 1 mode))
(toLua mapping.lhs)
(if mapping.lua then mapping.rhs else toLua mapping.rhs)
(
toLua (
builtins.listToAttrs (
builtins.filter ({ value, ... }: !isNull (value)) (lib.attrsets.attrsToList mapping.options)
)
)
)
];
in
"vim.keymap.set(${lib.strings.concatStringsSep ", " args})"
)
modeMappings
)
)
mappings
);
generateAutoCommand = { event, pattern, command, group ? null }: ''
vim.api.nvim_create_autocmd(${toLua event}, {
pattern = ${toLua pattern},
command = ${toLua command},
group = ${if isNull group then toLua group else ''
vim.api.nvim_create_augroup(${toLua group}, { clear = true })
''},
})
'';
generateAutoCommands = autoCommands: lib.strings.concatLines (
map generateAutoCommand autoCommands
);
generateSignDefinitions = signs: lib.strings.concatLines (
lib.attrsets.mapAttrsToList
(name: value:
let
hl = "DiagnosticSign${lib.strings.toUpper (builtins.substring 0 1 name)}${builtins.substring 1 (-1) name}";
in
"vim.fn.sign_define(${toLua hl}, ${toLua { text = value; texthl = hl; numhl = ""; }})"
)
signs
);
in
{
options.programs.neovim =
let
inherit (lib) mkOption types;
in
{
mappings = mkOption { type = customTypes.mappings; default = { }; };
plug = mkOption {
type = types.listOf customTypes.plugin;
default = [ ];
};
leader = mkOption { type = types.str; default = "\\"; };
options = mkOption {
type = types.attrs;
default = { };
};
snippets = mkOption {
type = types.attrsOf types.path;
default = { };
};
autoCommands = mkOption {
type = types.listOf customTypes.autoCommand;
default = [ ];
};
env = mkOption {
type = types.attrsOf types.str;
default = { };
};
signs = {
error = mkOption { type = types.str; default = ""; };
warning = mkOption { type = types.str; default = ""; };
info = mkOption { type = types.str; default = ""; };
hint = mkOption { type = types.str; default = ""; };
};
lsp = {
servers = mkOption {
type = types.listOf customTypes.lspServer;
default = [ ];
};
mappings = {
buf = mkOption { type = types.attrsOf types.str; default = { }; };
diagnostic = mkOption { type = types.attrsOf types.str; default = { }; };
};
};
withTreesitterPlugins = mkOption {
type = types.functionTo (types.listOf types.package);
default = _: [ ];
};
formatters = mkOption {
type = types.listOf customTypes.formatter;
default = [ ];
};
};
config = {
programs.neovim = {
extraLuaConfig = lib.strings.concatLines [
"local Plugins = {}"
(generateMappings cfg.mappings)
(generateAutoCommands cfg.autoCommands)
(lib.strings.concatLines (lib.attrsets.mapAttrsToList (name: value: "vim.env.${name} = ${toLua value}") cfg.env))
(lib.strings.concatLines (lib.attrsets.mapAttrsToList (name: value: "vim.opt.${name} = ${toLua value}") cfg.options))
(generateSignDefinitions cfg.signs)
"vim.g.mapleader = ${toLua cfg.leader}"
''
local undodir = ${toLua (
if builtins.hasAttr "undodir" cfg.options
then cfg.options.undodir
else "${config.xdg.cacheHome}/nvim/undo"
)}
vim.opt.undodir = undodir
vim.fn.mkdir(undodir, 'p')
''
];
plugins = lib.lists.concatMap buildPluginConfig (
cfg.plug ++ [
lspPluginConfig
treesitterPluginConfig
formatterPluginConfig
]
);
vimAlias = lib.mkForce false;
vimdiffAlias = lib.mkForce false;
};
xdg.configFile = (
lib.attrsets.mapAttrs'
(name: value: {
name = "nvim/${name}";
value = { source = value; };
})
cfg.snippets
);
home.shellAliases =
let
nvim = ''nvim --listen "$XDG_RUNTIME_DIR/nvimsocket"'';
in
{
inherit nvim;
vim = nvim;
vimdiff = "${nvim} -d";
};
};
}

89
home/modules/neovim/lsp-config.lua Normal file
View File

@@ -0,0 +1,89 @@
local Lsp = {}
Lsp.setup = function()
local luasnip = require("luasnip")
local cmp = require("cmp")
local has_words_before = function()
if vim.api.nvim_buf_get_option(0, "buftype") == "prompt" then
return false
end
local line, col = unpack(vim.api.nvim_win_get_cursor(0))
return col ~= 0 and vim.api.nvim_buf_get_text(0, line - 1, 0, line - 1, col, {})[1]:match("^%s*$") == nil
end
cmp.setup({
snippet = {
expand = function(args)
luasnip.lsp_expand(args.body)
end,
},
window = {
completion = cmp.config.window.bordered(),
documentation = cmp.config.window.bordered(),
},
mapping = {
["<C-p>"] = function()
if luasnip.jumpable(-1) then
luasnip.jump(-1)
else
cmp.mapping.select_prev_item()
end
end,
["<C-n>"] = function()
if luasnip.expand_or_jumpable() then
luasnip.expand_or_jump()
else
cmp.mapping.select_next_item()
end
end,
["<C-d>"] = cmp.mapping.scroll_docs(-4),
["<C-f>"] = cmp.mapping.scroll_docs(4),
["<C-Space>"] = cmp.mapping.complete(),
["<C-e>"] = cmp.mapping.close(),
["<CR>"] = cmp.mapping.confirm({
behavior = cmp.ConfirmBehavior.Replace,
select = true,
}),
["<Tab>"] = function(fallback)
if cmp.visible() and has_words_before() then
cmp.select_next_item()
else
fallback()
end
end,
["<S-Tab>"] = function(fallback)
if cmp.visible() and has_words_before() then
cmp.select_prev_item()
else
fallback()
end
end,
},
sources = {
{ name = "copilot", group_index = 2 },
{ name = "nvim_lsp", group_index = 2 },
{ name = "luasnip", group_index = 2 },
},
})
vim.o.completeopt = "menuone,noselect"
vim.o.updatetime = 250
vim.cmd([[autocmd CursorHold,CursorHoldI * lua vim.diagnostic.open_float(nil, {focus=false})]])
vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with(vim.lsp.diagnostic.on_publish_diagnostics, {
virtual_text = {
source = "if_many",
},
})
vim.lsp.handlers["textDocument/hover"] = vim.lsp.with(vim.lsp.handlers.hover, { border = "rounded" })
vim.lsp.handlers["textDocument/signatureHelp"] =
vim.lsp.with(vim.lsp.handlers.signature_help, { border = "rounded" })
vim.diagnostic.config({
float = { border = "rounded", zindex = 1 },
})
end
Lsp.setup()

235
hosts/apu/configuration.nix Normal file
View File

@@ -0,0 +1,235 @@
# Edit this configuration file to define what should be installed on
# your system. Help is availanodev";
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ ssh, pkgs, config, ... }:
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "apu";
networking.useNetworkd = true;
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
modules.vlans = {
enable = true;
networks = {
koti = {
id = 10;
ipv6 = true;
};
gast = {
id = 20;
ipv6 = true;
staticLeases = {
"dc:a6:32:05:08:5d" = "10.20.1.235";
};
};
iot = {
id = 30;
};
cfg = {
id = 40;
staticLeases = {
"8c:3b:ad:c5:b8:ee" = "10.40.0.10";
};
};
};
bridge = {
enable = true;
pvid = config.modules.vlans.networks.cfg.id;
netdev = "20-lan";
network = "30-lan";
bindNetwork = "30-bind-lan";
};
};
modules.firewall = {
enable = true;
interfaces = {
koti = [ "dhcp" "dns" "ssh" "web" ];
gast = [ "dhcp" "dns" ];
iot = [ "dhcp" "dns" ];
cfg = [ "dhcp" "dns" ];
"tailscale*" = [ "ssh" "web" ];
};
allInterfaces = [ ];
};
systemd.network = {
enable = true;
config.networkConfig.IPv6Forwarding = true;
links = {
"10-extern0" = {
matchConfig.Path = "pci-0000:01:00.0";
linkConfig.Name = "extern0";
};
"10-intern0" = {
matchConfig.Path = "pci-0000:02:00.0";
linkConfig.Name = "intern0";
};
"10-intern1" = {
matchConfig.Path = "pci-0000:03:00.0";
linkConfig.Name = "intern1";
};
};
netdevs = {
"20-lan" = {
netdevConfig = {
Name = "lan";
Kind = "bridge";
};
};
};
networks = {
"30-bind-lan" = {
matchConfig = {
Name = "intern*";
};
networkConfig = {
Bridge = "lan";
};
};
"30-lan" = {
matchConfig = {
Name = "lan";
};
networkConfig = {
IPv6AcceptRA = false;
ConfigureWithoutCarrier = true;
};
};
"30-wan" = {
matchConfig = {
Name = "extern0";
};
networkConfig = {
DHCP = true;
DNS = "127.0.0.1";
IPv6AcceptRA = true;
IPv4Forwarding = true;
};
dhcpV6Config = {
PrefixDelegationHint = "::/56";
};
dhcpV4Config = {
Use6RD = true;
};
};
};
};
services.networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {
onState = [ "routable" ];
script = ''
#!${pkgs.runtimeShell}
${pkgs.ethtool}/bin/ethtool -K ${config.systemd.network.links."10-extern0".linkConfig.Name} rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
time.timeZone = "Europe/Helsinki";
users.users.jokke = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [ pkgs.nh ];
openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
initialPassword = "change-me";
};
environment.systemPackages = with pkgs; [
wget
curl
dig
neovim
vim
htop
];
services.openssh = {
enable = true;
openFirewall = false;
settings.PasswordAuthentication = false;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
services.resolved.enable = false;
services.nextdns = {
enable = true;
arguments = [ "-profile" "9c4ac9" "-setup-router" "-mdns" "koti" ];
};
services.home-assistant = {
enable = true;
extraComponents = [
# Components required to complete the onboarding
"esphome"
"met"
"radio_browser"
"yeelight"
"xiaomi_aqara"
"shelly"
];
extraPackages = python3Packages: with python3Packages; [
gtts
numpy
];
config = {
homeassistant = {
name = "Koti";
unit_system = "metric";
time_zone = "Europe/Helsinki";
};
http = {
use_x_forwarded_for = true;
trusted_proxies = "127.0.0.1";
};
default_config = { };
};
};
services.webserver = {
enable = true;
acme.dnsChallenge = true;
vHosts."koti.repomaa.com" = {
proxyBuffering = false;
locations."/".proxyPort = 8123;
};
};
networking.nftables.enable = true;
networking.firewall.enable = true;
networking.useDHCP = false;
system.stateVersion = "24.05";
}

11
hosts/apu/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ inputs, ... }:
let
inherit (inputs) nixos-hardware;
in
{
imports = [
./hardware-configuration.nix
./configuration.nix
nixos-hardware.nixosModules.pcengines-apu
];
}

53
hosts/apu/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,53 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@" ];
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/14D2-F8F4";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/f221c6a7-e05e-40dc-bc85-7970d7c8f22b";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

63
hosts/freun-dev/services.nix
View File

@@ -1,63 +0,0 @@
{ pkgs, ... }:
rec {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.caddy = {
enable = true;
enableReload = true;
email = "admin@pimeys.pm";
};
services.postgresql.enable = true;
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
networking.firewall = {
trustedInterfaces = [ "podman1" ];
interfaces.podman1.allowedUDPPorts = [ 53 ];
};
imports = [
../../modules/services/vaultwarden.nix
../../modules/services/immich.nix
../../modules/services/syncthing.nix
../../modules/services/invidious.nix
../../modules/services/grafana.nix
../../modules/services/gtrackmap.nix
../../modules/services/owncast.nix
../../modules/services/hydra.nix
../../modules/services/wireguard.nix
];
services.immich = {
enable = true;
fqdn = "img.freun.dev";
data_dir = fileSystems.immich_data.mountPoint;
secrets = "/var/secrets/immich";
};
fileSystems.immich_data = {
mountPoint = "/mnt/storage/immich";
device = "//u407959.your-storagebox.de/backup/immich";
fsType = "cifs";
options =
let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,auto,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in
[ "${automount_opts},credentials=/var/secrets/smb-storage" ];
};
environment.systemPackages = [ pkgs.cifs-utils ];
}

65
hosts/freun-dev/configuration.nix → hosts/freun.dev/configuration.nix
View File

@@ -2,7 +2,8 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ pkgs, ... }: { config, pkgs, ssh, ... }:
{ {
nix = { nix = {
settings = { settings = {
@@ -16,36 +17,21 @@
}; };
}; };
system.autoUpgrade = { boot.loader.systemd-boot.enable = true;
enable = true; boot.loader.efi.canTouchEfiVariables = true;
flake = "/etc/nixos";
flags = [
"--update-input"
"nixpkgs"
"-L" # print build logs
];
dates = "02:00";
randomizedDelaySec = "45min";
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.efiSupport = false;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "freun-dev"; # Define your hostname. networking.hostName = "freun-dev"; # Define your hostname.
networking.domain = "freun.dev";
networking.useDHCP = false; networking.useDHCP = false;
networking.nftables.enable = true;
systemd.network = { systemd.network = {
enable = true; enable = true;
networks.static = { networks.static = {
name = "enp1s0"; name = "enp1s0";
address = [ address = [
"95.217.223.61/32" "65.21.145.150/32"
"2a01:4f9:c012:5e97::1/64" "2a01:4f9:c011:9ac1::1/64"
]; ];
routes = [ routes = [
{ Gateway = "fe80::1"; } { Gateway = "fe80::1"; }
@@ -69,6 +55,17 @@
}; };
}; };
services.networkd-dispatcher = {
enable = true;
rules."50-tailscale" = {
onState = [ "routable" ];
script = ''
#!${pkgs.runtimeShell}
${pkgs.ethtool}/bin/ethtool -K ${config.systemd.network.networks.static.name} rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Helsinki"; time.timeZone = "Europe/Helsinki";
@@ -93,14 +90,12 @@
users.users.jokke = { users.users.jokke = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [ packages = [ pkgs.nh ];
# firefox openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
# tree
# ];
openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
];
}; };
users.users.root.openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
nix.settings.trusted-users = [ "jokke" ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
@@ -108,6 +103,7 @@
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget wget
htop htop
git
]; ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
@@ -126,11 +122,10 @@
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
# Open ports in the firewall. modules.firewall = {
networking.firewall.allowedTCPPorts = [ 22 ]; enable = true;
# networking.firewall.allowedUDPPorts = [ ... ]; allInterfaces = [ "ssh" ];
# Or disable the firewall altogether. };
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
@@ -143,5 +138,5 @@
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "24.11"; # Did you read the comment?
} }

6
hosts/freun-dev/default.nix → hosts/freun.dev/default.nix
View File

@@ -1,7 +1,9 @@
{ ... }: { { ... }:
{
imports = [ imports = [
./configuration.nix
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix
./services.nix ./services.nix
./secrets.nix
]; ];
} }

25
hosts/freun-dev/hardware-configuration.nix → hosts/freun.dev/hardware-configuration.nix
View File

@@ -5,29 +5,30 @@
{ {
imports = imports =
[ (modulesPath + "/profiles/qemu-guest.nix") [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_scsi" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/8456c7de-2116-4cbe-8deb-76cafbd3e6dd"; {
fsType = "btrfs"; device = "/dev/disk/by-uuid/f594ffbc-4553-42e4-8206-4d762c94b4c3";
options = [ "subvol=@" ]; fsType = "ext4";
}; };
fileSystems."/var" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/8456c7de-2116-4cbe-8deb-76cafbd3e6dd"; {
fsType = "btrfs"; device = "/dev/disk/by-uuid/46F1-18E3";
options = [ "subvol=@var" ]; fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/614a1b7f-04aa-478c-9011-8b81f133da98"; } [{ device = "/dev/disk/by-uuid/d9955575-d4e0-4a49-a3c5-41f54110d12b"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -36,5 +37,5 @@
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
} }

24
hosts/freun.dev/secrets.nix Normal file
View File

@@ -0,0 +1,24 @@
{ lib, config, ... }:
{
age.secrets = lib.listToAttrs
(
map (secret: { name = secret; value = { file = ../../secrets/${secret}.age; }; }) [
"gotosocial"
"hastebin-tokens"
"immich"
"readeck"
"storage-box-credentials"
"vaultwarden"
"donetick"
]
) // {
smtp-password = {
file = ../../secrets/smtp-password.age;
owner =
if (config.services.grafana.enable) then
config.systemd.services.grafana.serviceConfig.User
else
"root";
};
};
}

144
hosts/freun.dev/services.nix Normal file
View File

@@ -0,0 +1,144 @@
{ pkgs, config, ... }:
let
immichDataDir = "/mnt/storage/immich";
syncthingDataDir = "/mnt/storage/syncthing";
smtp = {
host = "horologium.uberspace.de";
port = 587;
username = "noreply@${config.networking.domain}";
from = "noreply@${config.networking.domain}";
heloName = config.networking.domain;
};
in
{
services.postgresql.package = pkgs.postgresql_16;
virtualisation.podman.enable = true;
virtualisation.oci-containers.backend = "podman";
modules.storageBoxMounts = {
${immichDataDir} = {
path = "/backup/immich";
user = "u407959";
uid = config.users.users.${config.services.immich.user}.uid;
gid = config.users.groups.${config.services.immich.user}.gid;
};
${syncthingDataDir} = {
path = "/backup/syncthing";
user = "u407959";
uid = config.users.users.${config.services.syncthing.user}.uid;
gid = config.users.groups.${config.services.syncthing.user}.gid;
};
};
services = {
hastebin = {
enable = true;
subdomain = "bin";
};
readeck = {
enable = true;
subdomain = "read";
settings.email = {
host = smtp.host;
port = smtp.port;
username = smtp.username;
encryption = "starttls";
from = smtp.from;
from_noreply = smtp.from;
};
};
donetick = {
enable = true;
subdomain = "do";
settings = {
email = {
host = smtp.host;
port = smtp.port;
email = smtp.username;
};
};
};
grafana = {
enable = true;
subdomain = "graph";
settings.smtp = {
enabled = true;
host = smtp.host;
port = smtp.port;
user = smtp.username;
from_address = smtp.from;
};
};
owncast = {
enable = true;
subdomain = "stream";
};
gtrackmap = {
enable = true;
subdomain = "trackmap";
port = 3001;
};
invidious = {
enable = true;
subdomain = "vid";
};
syncthing = {
enable = true;
subdomain = "sync";
dataDir = syncthingDataDir;
};
tailscale.enable = true;
gotosocial = {
enable = true;
subdomain = "social";
settings = {
port = 3002;
smtp-host = smtp.host;
smtp-port = smtp.port;
smtp-username = smtp.username;
smtp-from = smtp.from;
instance-languages = [ "de" "fi" "en" ];
};
};
vaultwarden = {
enable = true;
subdomain = "pw";
config = {
YUBICO_CLIENT_ID = 86799;
SMTP_HOST = smtp.host;
SMTP_FROM = smtp.from;
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = smtp.username;
SMTP_PORT = smtp.port;
HELO_NAME = smtp.heloName;
};
};
workout-tracker = {
enable = true;
subdomain = "fit";
};
workout-sync = {
enable = true;
subdomain = "ws";
};
immich = {
enable = true;
subdomain = "img";
mediaLocation = immichDataDir;
};
};
}

31
hosts/radish/boot.nix Normal file
View File

@@ -0,0 +1,31 @@
{ lib, pkgs, ... }:
{
boot = {
loader.systemd-boot.enable = lib.mkForce false;
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
settings = {
editor = false;
};
};
loader.efi.canTouchEfiVariables = true;
bootspec.enable = true;
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = [
"amdgpu.sg_display=0"
"resume_offset=533760"
];
resumeDevice = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
tmp.useTmpfs = true;
kernel.sysctl = {
"vm.max_map_count" = 262144;
};
};
environment.systemPackages = with pkgs; [
efibootmgr
];
}

39
hosts/radish/configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }:
{
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
auto-optimise-store = true;
};
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 7d";
};
};
networking.extraHosts = ''
10.10.0.1 warden.apu.repomaa.com
'';
networking.nftables.enable = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "23.11"; # Did you read the comment?
}

8
hosts/radish/containers.nix Normal file
View File

@@ -0,0 +1,8 @@
{ ... }:
{
virtualisation.docker.storageDriver = "btrfs";
virtualisation.docker.rootless = {
enable = true;
setSocketVariable = true;
};
}

22
hosts/radish/default.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, ... }:
let
inherit (inputs) lanzaboote nixos-hardware auto-cpufreq home-manager;
in
{
imports = [
./hardware-configuration.nix
./configuration.nix
./host.nix
./boot.nix
./hardware.nix
./packages.nix
./containers.nix
./desktop.nix
./users.nix
lanzaboote.nixosModules.lanzaboote
nixos-hardware.nixosModules.framework-13-7040-amd
auto-cpufreq.nixosModules.default
home-manager.nixosModules.home-manager
../../home
];
}

26
hosts/radish/desktop.nix Normal file
View File

@@ -0,0 +1,26 @@
{ ... }:
{
services.xserver = {
enable = true;
displayManager.gdm.enable = true;
desktopManager.gnome.enable = true;
};
services.printing.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
};
}

64
hosts/radish/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,64 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@" ];
};
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/43895585-8899-4e94-a413-889127c214f8";
allowDiscards = true;
};
fileSystems."/var/log" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@var_log" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/01E6-6258";
fsType = "vfat";
};
fileSystems."/swap" =
{ device = "/dev/disk/by-uuid/a331b669-f5c5-42f7-be58-434873c1b689";
fsType = "btrfs";
options = [ "subvol=@swap" ];
};
swapDevices = [ {
device = "/swap/swapfile";
size = 64*1024;
} ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

84
hosts/radish/hardware.nix Normal file
View File

@@ -0,0 +1,84 @@
{ pkgs, inputs, lib, config, ... }:
let
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
in
{
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
services.udev.packages = [
pkgs.zsa-udev-rules
pkgsUnstable.yubikey-personalization
inputs.ksoloti-pr.legacyPackages.${pkgs.system}.ksoloti
];
services.usbmuxd = {
enable = true;
package = pkgs.usbmuxd;
};
services.fwupd = {
enable = true;
};
services.fprintd.enable = true;
services.fstrim.enable = true;
security.pam.services.login.fprintAuth = false;
# similarly to how other distributions handle the fingerprinting login
security.pam.services.gdm-fingerprint = lib.mkIf (config.services.fprintd.enable) {
text = ''
auth required pam_shells.so
auth requisite pam_nologin.so
auth requisite pam_faillock.so preauth
auth required ${pkgs.fprintd}/lib/security/pam_fprintd.so
auth optional pam_permit.so
auth required pam_env.so
auth [success=ok default=1] ${pkgs.gdm}/lib/security/pam_gdm.so
auth optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so
account include login
password required pam_deny.so
session include login
session optional ${pkgs.gnome-keyring}/lib/security/pam_gnome_keyring.so auto_start
'';
};
hardware.keyboard.zsa.enable = true;
services.logind = {
lidSwitch = "suspend";
powerKey = "suspend";
extraConfig = ''
IdleAction=suspend
'';
};
powerManagement = {
enable = true;
powerDownCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi off";
powerUpCommands = "${pkgs.networkmanager}/bin/nmcli radio wifi on";
};
services.power-profiles-daemon.enable = false;
services.tlp = {
enable = true;
settings = {
CPU_BOOST_ON_BAT = 0;
CPU_SCALING_GOVERNOR_ON_BATTERY = "powersave";
START_CHARGE_THRESH_BATx = 85;
STOP_CHARGE_THRES_BATx = 90;
RUNTIME_PM_ON_BAT = "auto";
};
};
programs.auto-cpufreq.enable = true;
hardware.amdgpu.opencl.enable = true;
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [ rocmPackages.clr.icd ];
};
networking.networkmanager.wifi.backend = "iwd";
security.tpm2.enable = true;
}

12
hosts/radish/host.nix Normal file
View File

@@ -0,0 +1,12 @@
{ lib, ... }:
{
networking.hostName = "radish";
time.timeZone = lib.mkForce null; # allow TZ to be set by desktop user
i18n.defaultLocale = "de_DE.UTF-8";
i18n.supportedLocales = map (locale: "${locale}.UTF-8/UTF-8") [ "C" "en_US" "de_DE" "fi_FI" ];
i18n.extraLocaleSettings.LANG = "en_US.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "us";
};
}

54
hosts/radish/packages.nix Normal file
View File

@@ -0,0 +1,54 @@
{ pkgs, lib, inputs, ... }:
{
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ (import ../../custom-pkgs { inherit lib inputs; }) ];
environment = {
systemPackages = with pkgs; [
vim
wget
curl
htop
tmux
libimobiledevice
ripgrep
fd
];
pathsToLink = [ "/share/zsh" ];
};
services.pcscd = {
enable = true;
plugins = [ pkgs.ccid ];
};
services = {
openssh = {
enable = true;
openFirewall = false;
};
tailscale = {
enable = true;
useRoutingFeatures = "client";
};
ollama = {
enable = false; # FIXME: https://github.com/NixOS/nixpkgs/issues/376930
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "11.0.3";
};
};
};
programs = {
zsh.enable = true;
_1password-gui = {
enable = true;
polkitPolicyOwners = [ "moco" ];
};
_1password.enable = true;
};
}

17
hosts/radish/users.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, ... }:
{
# Define a user account. Don't forget to set a password with passwd.
users.users.jokke = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
};
users.users.moco = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
subUidRanges = [{ startUid = 10000; count = 65536; }];
subGidRanges = [{ startGid = 10000; count = 65536; }];
};
}

202
immich.nix
View File

@@ -1,202 +0,0 @@
{ pkgs, lib, ... }:
let
immich_version = "release";
storage_dir = "/mnt/storage/syncthing";
immich_data_dir = "/mnt/storage/immich";
volumeServices = names: (
lib.lists.foldl (services: name:
services // {
"podman-volume-immich_${name}" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect immich_${name} || podman volume create immich_${name}
'';
partOf = [ "podman-compose-immich-root.target" ];
wantedBy = [ "podman-compose-immich-root.target" ];
};
}
) {} names
);
containerServices = services: (
lib.lists.foldl (acc: { name, volumes ? [], ... }:
let
volume_services = map (volume: "podman-volume-immich_${volume}.service") volumes;
dependent_services = [ "podman-network-immich_default.service" ] ++ volume_services;
in
acc // {
"podman-immich_${name}" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = dependent_services;
requires = dependent_services;
partOf = [
"podman-compose-immich-root.target"
];
wantedBy = [
"podman-compose-immich-root.target"
];
};
}
)
{} services
);
in {
# Containers
virtualisation.oci-containers.containers = {
"immich_machine_learning" = {
image = "ghcr.io/immich-app/immich-machine-learning:${immich_version}";
environmentFiles = [
"/var/secrets/immich.env"
];
volumes = [
"immich_model_cache:/cache:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-machine-learning"
"--network=immich_default"
];
};
"immich_microservices" = {
image = "ghcr.io/immich-app/immich-server:${immich_version}";
environmentFiles = [
"/var/secrets/immich.env"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${immich_data_dir}:/usr/src/app/upload:rw"
"${storage_dir}:${storage_dir}:ro"
];
cmd = [ "start.sh" "microservices" ];
dependsOn = [
"immich_postgres"
"immich_redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-microservices"
"--network=immich_default"
];
};
"immich_postgres" = {
image = "registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0";
environmentFiles = [
"/var/secrets/immich.env"
];
environment = {
POSTGRES_INITDB_ARGS = "--data-checksums";
};
volumes = [
"immich_db_data:/var/lib/postgresql/data:rw"
];
cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
log-driver = "journald";
extraOptions = [
"--network-alias=database"
"--network=immich_default"
];
};
"immich_redis" = {
image = "registry.hub.docker.com/library/redis:6.2-alpine";
environmentFiles = [
"/var/secrets/immich.env"
];
log-driver = "journald";
extraOptions = [
"--network-alias=redis"
"--network=immich_default"
];
};
"immich_server" = {
image = "ghcr.io/immich-app/immich-server:${immich_version}";
environmentFiles = [
"/var/secrets/immich.env"
];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${immich_data_dir}:/usr/src/app/upload:rw"
"${storage_dir}:${storage_dir}:ro"
];
ports = [
"2283:3001/tcp"
];
cmd = [ "start.sh" "immich" ];
dependsOn = [
"immich_postgres"
"immich_redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=immich-server"
"--network=immich_default"
];
};
};
systemd.services = (containerServices [
{ name = "machine_learning"; volumes = [ "model_cache" ]; }
{ name = "postgres"; volumes = [ "db_data" ]; }
{ name = "redis"; }
{ name = "server"; }
{ name = "microservices"; }
]) // {
# Networks
"podman-network-immich_default" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f immich_default";
};
script = ''
podman network inspect immich_default || podman network create immich_default
'';
partOf = [ "podman-compose-immich-root.target" ];
wantedBy = [ "podman-compose-immich-root.target" ];
};
} // (volumeServices [
"db_data"
"model_cache"
]);
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-immich-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
services.caddy.virtualHosts = {
"img.freun.dev".extraConfig = ''
reverse_proxy localhost:2283
'';
};
fileSystems."${immich_data_dir}" = {
device = "//u407959.your-storagebox.de/backup/immich";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,auto,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=/var/secrets/smb-storage"];
};
environment.systemPackages = [ pkgs.cifs-utils ];
}

10
modules/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{ inputs, ... }:
{
imports = [
./vlans.nix
./firewall.nix
./storage-box-mounts.nix
./services
inputs.agenix.nixosModules.default
];
}

40
modules/firewall.nix Normal file
View File

@@ -0,0 +1,40 @@
{ lib, config, ... }:
let
services = {
ssh = { tcp = [ 22 ]; };
dhcp = { udp = [ 67 68 ]; };
dns = { udp = [ 53 ]; };
web = { tcp = [ 80 443 ]; };
};
rulesForServices = enabledServices:
lib.foldr
(service: { allowedUDPPorts, allowedTCPPorts }: {
allowedUDPPorts = allowedUDPPorts ++ services.${service}.udp or [ ];
allowedTCPPorts = allowedTCPPorts ++ services.${service}.tcp or [ ];
})
{ allowedUDPPorts = [ ]; allowedTCPPorts = [ ]; }
enabledServices;
cfg = config.modules.firewall;
in
{
options.modules.firewall = {
enable = lib.mkEnableOption "Enable the firewall";
interfaces = lib.mkOption {
type = lib.types.attrsOf (lib.types.listOf (lib.types.enum (lib.attrNames services)));
default = { };
};
allInterfaces = lib.mkOption {
type = lib.types.listOf (lib.types.enum (lib.attrNames services));
default = [ ];
};
};
config = lib.mkIf cfg.enable {
networking.firewall = {
enable = true;
interfaces = lib.mapAttrs (_: enabledServices: rulesForServices enabledServices) cfg.interfaces;
} // rulesForServices cfg.allInterfaces;
};
}

20
modules/services/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ ... }:
{
imports = [
./webserver.nix
./vaultwarden.nix
./immich.nix
./syncthing.nix
./invidious.nix
./grafana.nix
./gtrackmap.nix
./owncast.nix
./tailscale.nix
./workout-tracker.nix
./gotosocial.nix
./hastebin.nix
./workout-sync.nix
./readeck.nix
./donetick.nix
];
}

212
modules/services/donetick.nix Normal file
View File

@@ -0,0 +1,212 @@
{ lib, pkgs, config, ... }:
let
types = {
jwtSettings = {
session_time = lib.mkOption {
type = lib.types.str;
default = "168h";
};
max_refresh = lib.mkOption {
type = lib.types.str;
default = "168h";
};
};
serverSettings = {
port = lib.mkOption {
type = lib.types.int;
default = 2021;
};
read_timeout = lib.mkOption {
type = lib.types.str;
default = "10s";
};
write_timeout = lib.mkOption {
type = lib.types.str;
default = "10s";
};
rate_period = lib.mkOption {
type = lib.types.str;
default = "60s";
};
rate_limit = lib.mkOption {
type = lib.types.int;
default = 300;
};
cors_allow_origins = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [
"http://localhost:5173"
"http://localhost:7926"
"https://localhost"
"capacitor://localhost"
];
};
serve_frontend = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
schedulerSettings = {
due_job = lib.mkOption {
type = lib.types.str;
default = "30m";
};
overdue_job = lib.mkOption {
type = lib.types.str;
default = "3h";
};
pre_due_job = lib.mkOption {
type = lib.types.str;
default = "3h";
};
};
emailSettings = {
host = lib.mkOption {
type = lib.types.str;
default = "";
};
port = lib.mkOption {
type = lib.types.int;
default = 587;
};
email = lib.mkOption {
type = lib.types.str;
default = "";
};
key = lib.mkOption {
type = lib.types.str;
default = "";
};
};
oauth2Settings = {
client_id = lib.mkOption {
type = lib.types.str;
default = "";
};
client_secret = lib.mkOption {
type = lib.types.str;
default = "";
};
auth_url = lib.mkOption {
type = lib.types.str;
default = "";
};
token_url = lib.mkOption {
type = lib.types.str;
default = "";
};
user_info_url = lib.mkOption {
type = lib.types.str;
default = "";
};
redirect_url = lib.mkOption {
type = lib.types.str;
default = "";
};
name = lib.mkOption {
type = lib.types.str;
default = "";
};
};
settings = lib.types.submodule {
options = {
is_user_creation_disabled = lib.mkEnableOption "Disable user creation";
telegram.token = lib.mkOption {
type = lib.types.str;
default = "";
};
pushover.token = lib.mkOption {
type = lib.types.str;
default = "";
};
jwt = types.jwtSettings;
server = types.serverSettings;
scheduler_jobs = types.schedulerSettings;
email = types.emailSettings;
oauth2 = types.oauth2Settings;
};
};
};
version = "0.0.33";
package = pkgs.stdenv.mkDerivation {
name = "donetick";
src = pkgs.fetchurl {
url = "https://github.com/donetick/donetick/releases/download/v${version}/donetick_Linux_arm64.tar.gz";
hash = "sha256-o5PcONv+fxBMToOCwBcr2fnSpsHn5bdfujyUTuMKTbI=";
};
nativeBuildInputs = [
pkgs.autoPatchelfHook
];
sourceRoot = ".";
installPhase = ''
runHook preInstall
install -Dm755 donetick $out/bin/donetick
runHook postInstall
'';
meta = with pkgs.lib; {
description = "A self-hosted task and chore manager";
license = licenses.mit;
mainProgram = "donetick";
};
};
cfg = config.services.donetick;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
immutableSettings = {
name = "selfhosted";
is_done_tick_dot_com = false;
email.appHost = "https://${fqdn}";
database = {
type = "sqlite";
migration = true;
};
};
settings = (pkgs.formats.yaml { }).generate "selfhosted.yaml" (cfg.settings // immutableSettings);
secrets = config.age.secrets;
in
{
options.services.donetick = {
enable = lib.mkEnableOption "Enable donetick";
subdomain = lib.mkOption {
type = lib.types.str;
};
settings = lib.mkOption {
type = types.settings;
};
};
config = lib.mkIf cfg.enable {
systemd.services.donetick = {
enable = true;
environment = {
DT_ENV = "selfhosted";
};
serviceConfig = {
DynamicUser = true;
ExecStart = "${package}/bin/donetick";
BindReadOnlyPaths = [
"${settings}:/var/lib/donetick/config/selfhosted.yaml"
/run/systemd/resolve/stub-resolv.conf
/etc/ssl
/etc/static/ssl
/etc/resolv.conf
/etc/static/resolv.conf
/etc/nsswitch.conf
/etc/static/nsswitch.conf
/etc/hosts
];
WorkingDirectory = "/var/lib/donetick";
StateDirectory = "donetick";
EnvironmentFile = secrets.donetick.path;
};
wantedBy = [ "multi-user.target" ];
confinement.enable = true;
};
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" .proxyPort = cfg.settings.server.port;
};
};
}

52
modules/services/gotosocial.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, lib, ... }:
let
cfg = config.services.gotosocial;
secrets = config.age.secrets;
domain = config.networking.domain;
fqdn = "${cfg.subdomain}.${domain}";
port = cfg.settings.port;
in
{
options.services.gotosocial = {
subdomain = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services = {
gotosocial = {
environmentFile = secrets.gotosocial.path;
settings = {
host = fqdn;
account-domain = domain;
protocol = "https";
bind-address = "localhost";
instance-inject-mastodon-version = true;
accounts-registration-open = true;
instance-expose-public-timeline = true;
letsencrypt-enabled = false;
};
setupPostgresqlDB = true;
};
webserver.vHosts = {
${domain}.locations = lib.listToAttrs (
lib.map
(path: {
name = "/.well-known/${path}";
value.extraConfig = ''
rewrite ^.*$ https://${fqdn}/.well-known/${path} permanent;
'';
}) [
"host-meta"
"webfinger"
"nodeinfo"
]
);
"${fqdn}".locations."/".proxyPort = port;
};
};
};
}

98
modules/services/grafana.nix
View File

@@ -1,60 +1,58 @@
{ ... }: { lib, config, ... }:
let let
fqdn = "graph.freun.dev"; cfg = config.services.grafana;
port = 3300; secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
services.grafana = { options.services.grafana = {
enable = true; subdomain = lib.mkOption {
type = lib.types.str;
settings = {
server = {
root_url = "https://${fqdn}";
http_port = port;
};
database = {
host = "/var/run/postgresql";
type = "postgres";
user = "grafana";
};
smtp = {
enabled = true;
host = "horologium.uberspace.de";
from_address = "noreply@freun.dev";
from_name = "Vaultwarden";
user = "noreply@freun.dev";
password = "$__file{/var/secrets/smtp-password}";
};
}; };
}; };
services.prometheus = { config = lib.mkIf cfg.enable {
enable = true; services.grafana = {
exporters.node.enable = true; settings = {
scrapeConfigs = [ server = {
{ root_url = "https://${fqdn}";
job_name = "node"; };
static_configs = [
{ targets = [ "localhost:9100" ]; }
];
}
];
};
services.caddy.virtualHosts = { database = {
"${fqdn}".extraConfig = '' host = "/var/run/postgresql";
reverse_proxy localhost:${builtins.toString port} type = "postgres";
''; user = "grafana";
}; };
services.postgresql = { smtp = {
ensureDatabases = [ "grafana" ]; from_name = "Grafana";
ensureUsers = [{ password = "$__file{${secrets.smtp-password.path}}";
name = "grafana"; };
ensureDBOwnership = true; };
}]; };
services.prometheus = {
enable = true;
exporters.node.enable = true;
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{ targets = [ "localhost:9100" ]; }
];
}
];
};
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.settings.server.http_port;
services.postgresql = {
enable = lib.mkDefault true;
ensureDatabases = [ "grafana" ];
ensureUsers = [{
name = "grafana";
ensureDBOwnership = true;
}];
};
}; };
} }

22
modules/services/gtrackmap.nix
View File

@@ -1,16 +1,20 @@
{ config, ... }: { lib, config, inputs, ... }:
let let
fqdn = "trackmap.freun.dev"; cfg = config.services.gtrackmap;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
services.gtrackmap = { imports = [
enable = true; inputs.gtrackmap.nixosModules.default
port = 3200; ];
options.services.gtrackmap = {
subdomain = lib.mkOption {
type = lib.types.str;
};
}; };
services.caddy.virtualHosts = { config = lib.mkIf cfg.enable {
"${fqdn}".extraConfig = '' services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
reverse_proxy localhost:${toString config.services.gtrackmap.port}
'';
}; };
} }

56
modules/services/hastebin.nix Normal file
View File

@@ -0,0 +1,56 @@
{ lib, config, inputs, ... }:
let
cfg = config.services.hastebin;
secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{
imports = [
inputs.hastebin.nixosModules.default
];
options.services.hastebin.subdomain = lib.mkOption {
type = lib.types.str;
};
config = lib.mkIf cfg.enable {
services.hastebin.settings = lib.mkDefault {
max_size = "1 GiB";
host = "::1";
port = 3600;
mime_overrides = {
"text/plain" = [
"log"
"txt"
"diff"
"sh"
"rs"
"toml"
"cr"
"nix"
"rb"
"ts"
"tsx"
"jsx"
];
};
auth_tokens_file = secrets.hastebin-tokens.path;
};
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
proxyBuffering = false;
locations."/" = {
proxyPort = cfg.settings.port;
extraConfig = ''
client_max_body_size 0;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
'';
};
};
};
};
}

21
modules/services/hydra.nix
View File

@@ -1,21 +0,0 @@
{ ... }:
let
fqdn = "ci.freun.dev";
port = 3400;
in
{
services.hydra = {
enable = true;
hydraURL = "https://${fqdn}";
notificationSender = "Hydra <noreply@freun.dev>";
buildMachinesFiles = [];
useSubstitutes = true;
inherit port;
};
services.caddy.virtualHosts = {
"${fqdn}".extraConfig = ''
reverse_proxy localhost:${builtins.toString port}
'';
};
}

119
modules/services/immich.nix
View File

@@ -1,110 +1,41 @@
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.services.immich; cfg = config.services.immich;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
options.services.immich = with lib; { options.services.immich = {
enable = mkEnableOption "Enable immich"; subdomain = lib.mkOption {
type = lib.types.str;
fqdn = mkOption {
type = types.str;
description = "FQDN to use for the immich server";
}; };
data_dir = mkOption { timezone = lib.mkOption {
type = types.str; type = lib.types.str;
description = "The directory to store immich data in"; default = "UTC";
}; };
secrets = mkOption { uid = lib.mkOption {
type = types.str; type = lib.types.int;
description = "Path to file with secrets"; default = 990;
}; };
version = mkOption { gid = lib.mkOption {
type = types.str; type = lib.types.int;
default = "release"; default = 997;
description = "The version (docker image tag) of immich to use";
};
mounts = mkOption {
type = types.listOf types.str;
description = "Additional mounts to add to the immich container";
default = [ ];
};
port = mkOption {
type = types.int;
default = 2283;
description = "Port to expose the immich server on";
}; };
}; };
config = lib.mkIf cfg.enable {
imports = [ services = {
../util/container-services.nix immich = {
]; environment = {
TZ = cfg.timezone;
config = lib.mkIf cfg.enable rec {
container-services.immich = {
description = "Immich image server";
services = {
server = {
image = "ghcr.io/immich-app/immich-server:${cfg.version}";
environmentFiles = [
cfg.secrets
];
volumes = [
"${cfg.data_dir}:/usr/src/app/upload:rw"
"/etc/localtime:/etc/localtime:ro"
] ++ cfg.mounts;
ports = [ "${builtins.toString cfg.port}:3001/tcp" ];
dependsOn = [
container-services.immich.services.redis
container-services.immich.services.postgres
];
};
machine_learning = {
image = "ghcr.io/immich-app/immich-machine-learning:${cfg.version}";
environmentFiles = [
cfg.secrets
];
volumes = [
"model_cache:/cache:rw"
];
};
redis = {
image = "registry.hub.docker.com/library/redis:6.2-alpine";
healthCheck.test = "redis-cli ping || exit 1";
environmentFiles = [
cfg.secrets
];
};
postgres = {
image = "registry.hub.docker.com/tensorchord/pgvecto-rs:pg14-v0.2.0";
environmentFiles = [
cfg.secrets
];
environment = {
POSTGRES_INITDB_ARGS = "--data-checksums";
};
volumes = [
"db_data:/var/lib/postgresql/data:rw"
];
cmd = [ "postgres" "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ];
healthCheck = {
test = ''
pg_isready --dbname='$\{DB_DATABASE_NAME}' || exit 1
Chksum="$(psql --dbname='$\{DB_DATABASE_NAME}' --username='$\{DB_USERNAME}' --tuples-only --no-align --command='SELECT COALESCE(SUM(checksum_failures), 0) FROM pg_stat_database')"
echo "checksum failure count is $Chksum"
[ "$Chksum" = '0' ] || exit 1
'';
interval = "5m";
startInterval = "30s";
startPeriod = "5m";
};
}; };
settings.server.externalDomain = "https://${fqdn}";
};
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
}; };
services.caddy.virtualHosts = { users.users.${cfg.user}.uid = cfg.uid;
"${cfg.fqdn}".extraConfig = '' users.groups.${cfg.user}.gid = cfg.gid;
reverse_proxy localhost:${builtins.toString cfg.port}
'';
};
}; };
} }

43
modules/services/invidious.nix
View File

@@ -1,25 +1,34 @@
{ ... }: { config, lib, ... }:
let let
fqdn = "vid.freun.dev"; cfg = config.services.invidious;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
services.invidious = { options.services.invidious = {
enable = true; subdomain = lib.mkOption {
domain = fqdn; type = lib.types.str;
settings = {
external_port = 443;
db = {
dbname = "invidious";
user = "invidious";
};
}; };
}; };
services.caddy.virtualHosts = { config = lib.mkIf cfg.enable {
"${fqdn}".extraConfig = '' services.invidious = {
reverse_proxy localhost:3000 domain = fqdn;
''; address = "127.0.0.1";
};
settings = {
external_port = 443;
db = {
dbname = "invidious";
user = "invidious";
};
};
};
services.postgresql.enable = lib.mkDefault true;
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
};
} }

24
modules/services/owncast.nix
View File

@@ -1,16 +1,20 @@
{ ... }: { lib, config, ... }:
let let
fqdn = "stream.freun.dev"; cfg = config.services.owncast;
in fqdn = "${cfg.subdomain}.${config.networking.domain}";
in
{ {
services.owncast = { options.services.owncast = {
enable = true; subdomain = lib.mkOption {
openFirewall = true; type = lib.types.str;
};
}; };
services.caddy.virtualHosts = { config = lib.mkIf cfg.enable {
"${fqdn}".extraConfig = '' services.owncast = {
reverse_proxy localhost:8080 openFirewall = true;
''; };
services.webserver.vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
}; };
} }

40
modules/services/readeck.nix Normal file
View File

@@ -0,0 +1,40 @@
{ lib, inputs, config, pkgs, ... }:
let
cfg = config.services.readeck;
secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
pkgsUnstable = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
in
{
imports = [
"${inputs.nixpkgs-unstable}/nixos/modules/services/web-apps/readeck.nix"
];
options.services.readeck = {
subdomain = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services = {
readeck = {
package = pkgsUnstable.readeck;
environmentFile = secrets.readeck.path;
settings = {
server.port = lib.mkDefault 8090;
};
};
webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn} = {
proxyBuffering = false;
locations."/" = {
proxyPort = cfg.settings.server.port;
};
};
};
};
};
}

48
modules/services/syncthing.nix
View File

@@ -1,33 +1,29 @@
{ pkgs, config, lib, ... }: { config, lib, ... }:
let let
storage_dir = "/mnt/storage/syncthing"; cfg = config.services.syncthing;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
in in
{ {
services.syncthing = { options.services.syncthing = {
enable = true; subdomain = lib.mkOption {
dataDir = "/mnt/storage/syncthing"; type = lib.types.str;
openDefaultPorts = true; };
port = lib.mkOption {
type = lib.types.int;
default = 8384;
};
}; };
services.caddy.virtualHosts = { config = lib.mkIf cfg.enable {
"sync.freun.dev".extraConfig = '' services.syncthing = {
reverse_proxy localhost:8384 { openDefaultPorts = true;
header_up Host {upstream_hostport} guiAddress = "[::1]:${toString cfg.port}";
} settings.gui.insecureSkipHostCheck = true;
''; };
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = cfg.port;
};
}; };
fileSystems."${storage_dir}" = {
device = "//u407959.your-storagebox.de/backup/syncthing";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,auto,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
uid = builtins.toString config.users.users.syncthing.uid;
gid = builtins.toString config.users.groups.syncthing.gid;
in ["${automount_opts},credentials=/var/secrets/smb-storage,uid=${uid},gid=${gid}"];
};
environment.systemPackages = [ pkgs.cifs-utils ];
} }

9
modules/services/tailscale.nix Normal file
View File

@@ -0,0 +1,9 @@
{ lib, config, ... }:
let
cfg = config.services.tailscale;
in
{
config = lib.mkIf cfg.enable {
services.tailscale.useRoutingFeatures = "server";
};
}

74
modules/services/vaultwarden.nix
View File

@@ -1,42 +1,46 @@
{ ... }: { lib, config, ... }:
let
cfg = config.services.vaultwarden;
secrets = config.age.secrets;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = config.services.vaultwarden.config.ROCKET_PORT;
in
{ {
services.vaultwarden = { options.services.vaultwarden = {
enable = true; subdomain = lib.mkOption {
dbBackend = "postgresql"; type = lib.types.str;
environmentFile = "/var/secrets/vaultwarden.env";
config = {
DOMAIN = "https://pw.freun.dev";
DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden";
WEBSOCKET_ENABLED = true;
WEBSOCKET_ADDRESS = "127.0.0.1";
WEBSOCKET_PORT = 3012;
SIGNUPS_VERIFY = true;
PASSWORD_ITERATIONS = 600000;
YUBICO_CLIENT_ID = 86799;
SMTP_HOST = "horologium.uberspace.de";
SMTP_FROM = "noreply@freun.dev";
SMTP_FROM_NAME = "Vaultwarden";
SMTP_USERNAME = "noreply@freun.dev";
SMTP_PORT = 587;
HELO_NAME = "freun.dev";
ROCKET_LIMITS = "{json=10485760}";
}; };
}; };
services.caddy.virtualHosts = { config = lib.mkIf cfg.enable {
"pw.freun.dev".extraConfig = '' services = {
reverse_proxy /notifications/hub localhost:3012 vaultwarden = {
reverse_proxy localhost:8000 { dbBackend = "postgresql";
header_up X-Real-IP {remote_host} environmentFile = secrets.vaultwarden.path;
} config = {
''; DOMAIN = "https://${fqdn}";
}; DATABASE_URL = "postgres://%2Fvar%2Frun%2Fpostgresql/vaultwarden";
WEBSOCKET_ENABLED = true;
SIGNUPS_VERIFY = true;
PASSWORD_ITERATIONS = 600000;
ROCKET_LIMITS = "{json=10485760}";
ROCKET_PORT = 8000;
};
};
services.postgresql = { webserver = {
ensureDatabases = [ "vaultwarden" ]; enable = lib.mkDefault true;
ensureUsers = [{ vHosts.${fqdn}.locations."/".proxyPort = port;
name = "vaultwarden"; };
ensureDBOwnership = true;
}]; postgresql = {
enable = lib.mkDefault true;
ensureDatabases = [ "vaultwarden" ];
ensureUsers = [{
name = "vaultwarden";
ensureDBOwnership = true;
}];
};
};
}; };
} }

91
modules/services/webserver.nix Normal file
View File

@@ -0,0 +1,91 @@
{ lib, config, ... }:
let
cfg = config.services.webserver;
types = {
location = lib.types.submodule {
options = {
proxyPort = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
};
extraConfig = lib.mkOption {
type = lib.types.str;
default = "";
};
};
};
vhost = lib.types.submodule {
options = {
proxyBuffering = lib.mkOption {
type = lib.types.bool;
default = true;
};
locations = lib.mkOption {
type = lib.types.attrsOf types.location;
};
};
};
};
in
{
options.services.webserver = {
enable = lib.mkEnableOption "Enable nginx";
acme = {
dnsChallenge = lib.mkEnableOption "Enable DNS challenge";
dnsProvider = lib.mkOption {
type = lib.types.str;
default = "hetzner";
};
};
vHosts = lib.mkOption {
type = lib.types.attrsOf types.vhost;
default = { };
};
};
config = lib.mkIf cfg.enable {
services.nginx = {
enable = lib.mkDefault true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
recommendedBrotliSettings = true;
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
virtualHosts = lib.mapAttrs
(_: { proxyBuffering, locations }: {
forceSSL = true;
enableACME = true;
http2 = true;
acmeRoot = lib.mkIf cfg.acme.dnsChallenge null;
extraConfig = lib.concatLines [
(lib.optionalString (!proxyBuffering) "proxy_buffering off;")
"charset utf-8;"
];
locations = lib.mapAttrs
(_: { proxyPort, extraConfig }: lib.mergeAttrsList [
{ inherit extraConfig; }
(if (lib.isInt proxyPort) then {
proxyWebsockets = true;
proxyPass = "http://localhost:${toString proxyPort}";
} else { })
])
locations;
})
cfg.vHosts;
};
security.acme = {
acceptTerms = true;
defaults = {
email = "admin@j.repomaa.com";
dnsProvider = lib.mkIf cfg.acme.dnsChallenge cfg.acme.dnsProvider;
};
};
modules.firewall.allInterfaces = [ "web" ];
};
}

41
modules/services/wireguard.nix
View File

@@ -1,41 +0,0 @@
{ config, pkgs, lib, ... }:
let
port = 51820;
name = "wg0";
peers = [
{
PublicKey = "XI0/k2j20CVSfevwjkmo4IddVoA2VY2fN6feauXYEXU=";
AllowedIPs = [ "10.100.0.2" ];
} # radish
];
address = [ "10.100.0.1/24" ];
in
{
networking.firewall.allowedUDPPorts = [ port ];
networking.useNetworkd = true;
systemd.network = {
enable = true;
netdevs.${name} = {
netdevConfig = {
Kind = "wireguard";
Name = "${name}";
MTUBytes = "1300";
};
wireguardConfig = {
PrivateKeyFile = "/var/secrets/wireguard-privkey";
ListenPort = port;
};
wireguardPeers = peers;
};
networks.${name} = {
matchConfig.Name = name;
inherit address;
networkConfig = {
IPMasquerade = "ipv4";
IPForward = true;
};
};
};
}

62
modules/services/workout-sync.nix Normal file
View File

@@ -0,0 +1,62 @@
{ pkgs, inputs, config, lib, ... }:
let
cfg = config.services.workout-sync;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port;
workout-sync = inputs.workout-sync.packages.${pkgs.system}.default;
in
{
options.services.workout-sync = {
enable = lib.mkEnableOption "Enable Workout Sync";
subdomain = lib.mkOption {
type = lib.types.str;
};
port = lib.mkOption {
type = lib.types.int;
default = 3344;
};
};
config = lib.mkIf cfg.enable {
services.workout-tracker.enable = lib.mkDefault true;
systemd.services.workout-sync = {
enable = true;
description = "Workout sync service";
environment = {
PORT = toString port;
WORKOUT_TRACKER_URL = "http://localhost:${toString config.services.workout-tracker.port}";
};
serviceConfig = {
ExecStart = "${workout-sync}/bin/workout-sync";
Restart = "always";
DynamicUser = true;
BindReadOnlyPaths = [
/run/systemd/resolve/stub-resolv.conf
/etc/ssl
/etc/static/ssl
/etc/resolv.conf
/etc/static/resolv.conf
/etc/nsswitch.conf
/etc/static/nsswitch.conf
/etc/hosts
];
};
wantedBy = [ "multi-user.target" ];
confinement.enable = true;
};
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/" = {
proxyPort = port;
extraConfig = ''
client_max_body_size 50m;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
'';
};
};
};
}

23
modules/services/workout-tracker.nix Normal file
View File

@@ -0,0 +1,23 @@
{ pkgs, config, lib, inputs, ... }:
let
cfg = config.services.workout-tracker;
fqdn = "${cfg.subdomain}.${config.networking.domain}";
port = cfg.port;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.workout-tracker;
in
{
options.services.workout-tracker = {
subdomain = lib.mkOption {
type = lib.types.str;
};
};
config = lib.mkIf cfg.enable {
services.workout-tracker = { inherit package; };
services.webserver = {
enable = lib.mkDefault true;
vHosts.${fqdn}.locations."/".proxyPort = port;
};
};
}

57
modules/storage-box-mounts.nix Normal file
View File

@@ -0,0 +1,57 @@
{ lib, config, pkgs, ... }:
let
types = {
mount = lib.types.submodule {
options = {
path = lib.mkOption {
type = lib.types.str;
default = "/";
};
user = lib.mkOption {
type = lib.types.str;
};
uid = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
};
gid = lib.mkOption {
type = lib.types.nullOr lib.types.int;
default = null;
};
};
};
};
cfg = config.modules.storageBoxMounts;
secrets = config.age.secrets;
mountOptions = { uid, gid, ... }: [
"x-systemd.automount"
"auto"
"x-systemd.device-timeout=5s"
"x-systemd.mount-timeout=5s"
"credentials=${secrets.storage-box-credentials.path}"
] ++ (
if (uid != null) then [ "uid=${toString uid}" ] else [ ]
) ++ (
if (gid != null) then [ "gid=${toString gid}" ] else [ ]
);
in
{
options.modules.storageBoxMounts = lib.mkOption {
type = lib.types.attrsOf types.mount;
default = { };
};
config = {
fileSystems = lib.mapAttrs
(_: { path, user, ... }@options: {
device = "//${user}.your-storagebox.de${path}";
fsType = "cifs";
options = mountOptions options;
})
cfg;
environment.systemPackages = lib.mkIf ((lib.length (lib.attrNames cfg)) > 0) [ pkgs.cifs-utils ];
};
}

230
modules/util/container-services.nix
View File

@@ -1,230 +0,0 @@
{ pkgs, lib, config, ... }:
let
cfg = config.container-services;
healthcheck = with pkgs.lib; {
test = mkOption {
type = types.oneOf types.str (types.listOf types.str);
};
interval = mkOption {
type = types.str;
default = "30s";
};
startupInterval = mkOption {
type = types.str;
default = "30s";
};
startPeriod = mkOption {
type = types.str;
default = "0s";
};
};
service = with pkgs.lib; {
name = mkOption {
type = types.nilOr types.str;
default = nil;
};
alias = mkOption {
type = types.nilOr types.str;
default = nil;
};
dependsOn = mkOption {
type = types.listOf service;
default = [ ];
};
image = mkOption {
type = types.str;
};
volumes = mkOption {
type = types.listOf types.str;
default = [ ];
};
ports = mkOption {
type = types.listOf types.str;
default = [ ];
};
environment = mkOption {
type = types.attrsOf types.str;
default = { };
};
environmentFiles = mkOption {
type = types.listOf types.str;
default = [ ];
};
cmd = mkOption {
type = types.nilOr (types.listOf types.str);
default = nil;
};
healthCheck = mkOption {
type = types.nilOr (types.submodule healthcheck);
default = nil;
};
};
pod = with pkgs.lib; {
name = mkOption {
type = types.nilOr str;
default = nil;
};
description = mkOption {
type = types.nilOr str;
default = nil;
};
services = mkOption {
type = types.attrsOf (types.submodule service);
default = { };
};
};
backend = config.virtualisation.oci-containers.backend;
volumeName = pod: name: "${pod.name}-${name}";
volumeServiceName = pod: name: "${backend}-volume-${volumeName pod name}";
volumeServiceRef = pod: name: config.systemd.services."${backend}-volume-${volumeName pod name}".name + ".service";
serviceName = pod: service: "${backend}-${pod.name}-${service.name}";
serviceRef = pod: service: config.systemd.services."${backend}-${pod.name}-${service.name}".name + ".service";
networkName = pod: "${pod.name}-default";
networkServiceName = pod: "${backend}-network-${pod.name}";
networkServiceRef = pod: config.systemd.services."${backend}-network-${pod.name}".name + ".service";
podName = pod: "${backend}-pod-${pod.name}";
podRef = pod: config.systemd.targets."${backend}-pod-${pod.name}".name + ".target";
namedVolumes = service: lib.filter (volume: (! ((lib.hasPrefix "/" volume) || (lib.hasPrefix "./" volume)))) (lib.map (volume: lib.head (lib.splitString ":" volume)) service.volumes);
oneShotService = { pod, description, script }: {
path = [ (if backend == "podman" then pkgs.podman else pkgs.docker) ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
inherit description;
inherit script;
partOf = [ podRef pod ];
wantedBy = [ podRef pod ];
};
in
{
options = with pkgs.lib; {
container-services = mkOption {
type = types.attrsOf (types.submodule pod);
default = { };
};
};
config = {
container-services = lib.mapAttrs
(name: pod: {
name = lib.mkDefault pod.name;
services = lib.mapAttrs
(name: service: {
name = lib.mkDefault name;
})
pod.services;
})
cfg;
systemd.targets = lib.mapAttrs' (_: pod:
lib.nameValuePair (podName pod) {
wantedBy = [ "multi-user.target" ];
unitConfig = {
Description = pod.description or pod.name;
};
}
);
systemd.services = lib.foldl
(services: pod: lib.mergeAttrsList [
services
{
"${networkServiceName pod}" = oneShotService {
description = "Network for ${pod.name}";
script = ''
${backend} network inspect ${networkName pod} || ${backend} network create ${networkName pod}
'';
};
}
(lib.mapAttrs'
(_: service:
let
dependencies =
(lib.map (service: serviceRef pod.name service.name) service.dependsOn) ++
(lib.map (name: volumeServiceRef pod.name name) (namedVolumes service)) ++
(networkServiceRef pod);
in
{
name = (serviceName pod service);
value = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = dependencies;
requires = dependencies;
partOf = [ (podRef pod) ];
wantedBy = [ (podRef pod) ];
};
}
)
pod.services)
(lib.listToAttrs (lib.flatten (
lib.map
(service: (
lib.map
(volume: {
name = volumeServiceName pod volume;
value = oneShotService {
description = "Volume ${volume} of ${pod.name}";
script = ''
${backend} volume inspect ${volumeName pod volume} || ${backend} volume create ${volumeName pod volume}
'';
};
})
namedVolumes)
)
pod.services)))
])
{ }
(lib.attrValues cfg);
virtualisation.oci-containers.containers = lib.foldl
(containers: pod: containers // (
lib.mapAttrs'
(_: service: {
name = serviceName pod service;
value = {
image = service.image;
volumes = service.volumes;
log-driver = "journal";
ports = service.ports;
environment = service.environment;
environmentFiles = service.environmentFiles;
cmd = service.cmd;
extraOptions = [
"--network-alias=${service.alias or service.name}"
"--network=${networkName pod}"
] ++ (if (service.healthCheck != null) then [
"--health-cmd=${
if (builtins.isList service.healthCheck.test)
then builtins.toJSON service.healthCheck.test
else service.healthCheck.test
}"
"--health-interval=${service.healthCheck.interval}"
"--health-startup-interval=${service.healthCheck.startupInterval}"
"--health-start-period=${service.healthCheck.startPeriod}"
] else [ ]);
};
})
pod.services
))
{ }
(lib.attrValues cfg);
};
}

161
modules/vlans.nix Normal file
View File

@@ -0,0 +1,161 @@
{ lib, config, ... }:
let
types = {
portList = lib.types.listOf lib.types.int;
service = lib.types.submodule {
options = {
tcp = lib.mkOption {
type = types.portList;
default = [ ];
};
udp = lib.mkOption {
type = types.portList;
default = [ ];
};
};
};
vlan = lib.types.submodule {
options = {
id = lib.mkOption {
type = lib.types.int;
};
staticLeases = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
default = { };
};
ipv6 = lib.mkEnableOption "ipv6";
};
};
bridge = lib.types.submodule {
options = {
enable = lib.mkEnableOption "Enable bridge";
pvid = lib.mkOption {
type = lib.types.int;
};
bindNetwork = lib.mkOption {
type = lib.types.str;
};
network = lib.mkOption {
type = lib.types.str;
};
netdev = lib.mkOption {
type = lib.types.str;
};
};
};
};
cfg = config.modules.vlans;
vlans = lib.mapAttrsToList (attrName: { name ? attrName, ... }@vlan: ({ inherit name; } // vlan)) cfg.networks;
vlanAttrs = lib.listToAttrs (lib.map ({ name, ... }@value: { inherit name value; }) vlans);
buildNetdev = name: { id, ... }: {
name = "20-${name}";
value = {
netdevConfig = {
Name = name;
Kind = "vlan";
MACAddress = "00:0d:b9:49:d2:${toString id}";
};
vlanConfig = { Id = id; };
};
};
buildStaticLease = macAddress: address: ''
[DHCPServerStaticLease]
MACAddress=${macAddress}
Address=${address}
'';
buildNetwork = name: { id, ipv6, staticLeases, ... }: {
name = "30-${name}";
value = {
matchConfig = {
Name = name;
};
networkConfig = {
Address = "10.${toString id}.0.1/23";
IPMasquerade = "ipv4";
DHCPServer = true;
IPv6AcceptRA = false;
IPv6SendRA = ipv6;
DHCPPrefixDelegation = ipv6;
};
dhcpServerConfig = {
PoolOffset = 255;
DNS = "10.${toString id}.0.1";
};
extraConfig = lib.concatLines (lib.mapAttrsToList buildStaticLease staticLeases);
};
};
vlanIds = lib.mapAttrsToList (_: { id, ... }: id) vlanAttrs;
vlanRange = {
min = lib.foldr lib.min 999 vlanIds;
max = lib.foldr lib.max 0 vlanIds;
};
bridgeVLANConfig = ''
[BridgeVLAN]
VLAN=${toString vlanRange.min}-${toString vlanRange.max}
EgressUntagged=${toString cfg.bridge.pvid}
PVID=${toString cfg.bridge.pvid}
'';
bridgeNetDev =
if (cfg.bridge.enable) then {
"${cfg.bridge.netdev}".bridgeConfig = {
VLANFiltering = true;
DefaultPVID = cfg.bridge.pvid;
};
} else { };
bridgeBindNetwork =
if (cfg.bridge.enable) then {
${cfg.bridge.bindNetwork}.extraConfig = bridgeVLANConfig;
} else { };
bridgeNetwork =
if (cfg.bridge.enable) then {
"${cfg.bridge.network}" = {
vlan = lib.map ({ name, ... }: name) vlans;
bridgeVLANs = lib.map ({ id, ... }: { VLAN = id; }) vlans;
};
} else { };
netdevs = lib.mergeAttrsList [
(lib.mapAttrs' buildNetdev vlanAttrs)
bridgeNetDev
];
networks = lib.mergeAttrsList [
(lib.mapAttrs' buildNetwork vlanAttrs)
bridgeBindNetwork
bridgeNetwork
];
in
{
options.modules.vlans = {
enable = lib.mkEnableOption "Enable VLANs";
networks = lib.mkOption {
type = lib.types.attrsOf types.vlan;
};
bridge = lib.mkOption {
type = types.bridge;
};
};
config = lib.mkIf cfg.enable {
systemd.network = {
enable = lib.mkDefault true;
inherit netdevs networks;
};
};
}

10
secrets/donetick.age Normal file
View File

@@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA Uhj0wv4ftLWngI5kLmUYm/MIKgV8DMX+P9ODdBgnmR8
F3nokDZUpTMtD+GSy/lHZQDRWbpQA3euOfnPTvnAnyE
-> ssh-ed25519 DFiohQ Ydx/DFxmGrc1AzR8F7kpWFz3bDjpiAY2biCYCwRwt0w
/OFFEw3Hb720ST36K7woG26skB2Sq9cOWrPaTN/aIpw
-> ssh-ed25519 PT7ffg R1+hn9bq5P5zpOSAsKWmnPEpmRLdWBmx36+2o6bmBDQ
bu9yOfiVGc7qHGr12bVtUJTCZ8DfAAxs9FdCgDBRwr4
--- 9q8U0DARF8YjVla+Gywx2xlaZk2LHgcK7nOENR4Eup0
£¯M¾µM®ÔÖ »8ûìwi˜çÕ§ XA>äçýÏr,2¹N´a5{}K.Ïσ5¨š‰ÀÉeÖòØätS¤¯ˆb Åd<?Ý,CÙµ6¯=µTÑ-Šºl“Ê(Å'vî깨O$^þ›‰+<2B>s÷â&䂨ìÈ%ÿ¥âù<>‡V­©•8­ô‡äbBðl“q‰;kü¬½k·+-LIpÅOV~ŠhUŽy¶5 ÊÓØâ+þ8ÚÅÄôM{¡ûÙXÒä:Ì

11
secrets/gotosocial.age Normal file
View File

@@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 77EDoJKwYm80SsOFMaTeLVKyb60mpVafClV0oDfhnm0
gZ4EtoDbmI2iggyAooqWtd0Yhh5kebvR8vnHGz0Er6Y
-> ssh-ed25519 DFiohQ dYdiyYPtjCH8YFpj4bAwTDSEB+0JjzDIz1jwRPDjAFg
NAdMoMfREupERqZ8t2lu6++Qjgq7LVIo5wsXabXKWU8
-> ssh-ed25519 PT7ffg 6NFOq021rnHwv7BFIw9in6uQR39hgh5qVuPNvxtCd3k
4UK6DCVbSi4yugpY9nLBSoZ7SHLkF3MMIeHVKYH3bkQ
--- 1BNBapkorRybzDSfmHCQjfkN0ss0GXnZGv99Ni/O/VM
wp3IvÄ"ßc}úÀ™W,0VÀÄæÂ<C3A6>mØû±ù´˜ƒv¹„¯jªP#„”$Ž”f¹ÜÌ
v9x["ú¶c ‡y²
~ .€[†/ko'z

BIN
secrets/hastebin-tokens.age Normal file
View File

Binary file not shown.

10
secrets/immich.age Normal file
View File

@@ -0,0 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA 8VhILVP+borbW+8iFTyZTPlRAsdmoIUVa8DUWjrz/RI
E9SbMJ+Tz9p4O2z33AOKhpKVla8u+O39nO35hclR6oo
-> ssh-ed25519 DFiohQ +JeoeaQ62VmfBNN2wDEDGINspEK+e4YWNfjR7eJ7RAg
KM4/0TfoOk1+CqXkx55uUbaylCFgNwTHRaTiPdCYmCI
-> ssh-ed25519 PT7ffg AcIAWujVGx4ndNfqbp1wtDsHp5rHTTnz2gy+LLSzxEE
wDsg4PytTFf2wY71BCaDYMpaHxo3UqjXC93SSqmBhlY
--- U6Gn7J2Lh8Z83lYmHUEOgbbyDDEJqxSr/Kw2dcwhVgo
wqø(0÷™Êºz†¤Œ:J(qè¨ =ݨ©xô},øÏrG´<C2B4>Ët‡•uâ…“Ε"d„6 Ù¢²
¥.U€øÑ¥bg'ÌzZ»8¯í«öšAZvBø‡.3sX[`#\ùÅ.;J

BIN
secrets/readeck.age Normal file
View File

Binary file not shown.

21
secrets/secrets.nix Normal file
View File

@@ -0,0 +1,21 @@
let
moco = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRXRJUwX98l2Vl4bUZdyHGhLjlf1RGAA5VCa4dmEJdU";
jokke = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC7UDcuAbvp8mXIPl4M8MkM1X78YfXm50SLmSY3boL9Z";
users = [ moco jokke ];
apu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICAZkIuXtpP9a9bHkBl+MJI//q3ClMqzx03Rd/Xe4rjc";
freun-dev = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEvCSjIjipog1Xf9mPc683r5VSGSjVc8v1UZg5VrbbxM";
radish = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQ0fy4n3yyD64+g55eZazeI5g9FurJnlC6fRiOXbbks";
hosts = [ apu freun-dev radish ];
in
{
"gotosocial.age".publicKeys = users ++ [ freun-dev ];
"hastebin-tokens.age".publicKeys = users ++ [ freun-dev ];
"immich.age".publicKeys = users ++ [ freun-dev ];
"storage-box-credentials.age".publicKeys = users ++ [ freun-dev ];
"vaultwarden.age".publicKeys = users ++ [ freun-dev ];
"smtp-password.age".publicKeys = users ++ [ freun-dev ];
"readeck.age".publicKeys = users ++ [ freun-dev ];
"donetick.age".publicKeys = users ++ [ freun-dev ];
}

BIN
secrets/smtp-password.age Normal file
View File

Binary file not shown.

9
secrets/storage-box-credentials.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 osOCZA Mq3JCuYFasHg3oSpWgGEjs5+cleWPog/eJCx1SqqXVQ
SiJ8vHCSZoyhvbQQ3AUOGk54oOQZAqyNNvjRjKHm4Fg
-> ssh-ed25519 DFiohQ xEJMTBuU1uMm3goNGUln63rUbddy96+SZR8K+/LkMB4
hFWZe+w2h6sxitweJ+dRNb6HY7YFt1k+/XDVNoDVw0Y
-> ssh-ed25519 PT7ffg ErmwKHYuFoIS8rjMeq/5G6SWKaUhHG/N1Uy/KK7yZXU
/Iz1mQp8mq7xH+kjP4S5m36GjTpzVRv40mcKPT+5rcc
--- 82a4oeNSWQhUtTJvV+ErC9nmT3YrATezQzY7m8G2JFU
aë‡*1¾êr¤ÏDwzŸ¨ *ŸÓ‡ê=®^¨ERÕÞ?Ž<08>b¡ô&`i¸˜¼`^lØ6N÷á4¦Œ S½î-‰þÑ¥ Ù

Some files were not shown because too many files have changed in this diff Show More