zoey/config
1
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

smallest change

Browse source
This commit is contained in:
zack 2025-03-22 16:03:07 -04:00
parent 4cca1dc327
commit 9c83ba6849
No known key found for this signature in database
GPG key ID: EE8A2B709E2401D1
77 changed files with 36828 additions and 1516 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1 +1,3 @@
nixos-switch.log
client-public.key
client-private.key

1257
flake.lock generated
View file

File diff suppressed because it is too large Load diff

53
flake.nix
View file

@ -12,10 +12,10 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/release-24.11";
nixos-stable.url = "github:nixos/nixpkgs/nixos-24.11";
home-manager = {
url = "github:nix-community/home-manager/master";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
@ -63,11 +63,13 @@
inputs.nixpkgs.follows = "nixpkgs";
};
mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
catppuccin.url = "github:catppuccin/nix";
hyprland = {
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
kb-gui = {
@ -96,16 +98,17 @@
};
umu.url = "github:Open-Wine-Components/umu-launcher?dir=packaging/nix";
umu.inputs.nixpkgs.follows = "nixpkgs";
# umu.inputs.nixpkgs.follows = "nixpkgs";
# zen-browser.url = "github:0xc000022070/zen-browser-flake";
zen-browser.url = "github:zackartz/zen-browser-flake";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
zoeycomputer = {
url = "git+https://git.zoeys.cloud/zoey/zoeys.computer";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
posting.url = "github:jorikvanveen/posting-flake";
lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/2.91.1-1.tar.gz";
inputs.nixpkgs.follows = "nixpkgs";
@ -117,17 +120,18 @@
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
g2claude.url = "git+https://git.zoeys.cloud/zoey/g2claude.git";
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
opnix.url = "github:brizzbuzz/opnix";
mc-honeypot.url = "github:Duckulus/mc-honeypot";
mc-honeypot.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = inputs @ {self, ...}: let
@ -140,6 +144,18 @@
(final: prev: {
ghostty = inputs.ghostty.packages."x86_64-linux".default;
})
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs {
src = prev.fetchFromGitHub {
owner = "shadps4-emu";
repo = "shadPS4";
rev = "41b39428335025e65f9e707ed8d5a9a1b09ba942";
hash = "sha256-5oe2By8TjJJIVubkp5lzqx2slBR7hxIHV4wZLgRYKl8=";
fetchSubmodules = true;
};
patches = [];
};
})
];
snowfall = {
@ -148,6 +164,9 @@
channels-config = {
allowUnfree = true;
gcc.arch = "znver3";
gcc.tune = "znver3";
};
homes.modules = with inputs; [
@ -155,6 +174,7 @@
catppuccin.homeManagerModules.catppuccin
anyrun.homeManagerModules.default
ags.homeManagerModules.default
opnix.homeManagerModules.default
];
systems.modules.nixos = with inputs; [
@ -166,7 +186,10 @@
solaar.nixosModules.default
zoeycomputer.nixosModules.default
lix-module.nixosModules.default
disko.nixosModules.default
mailserver.nixosModule
disko.nixosModules.disko
mc-honeypot.nixosModules.default
opnix.nixosModules.default
];
};
in

29
genkey.sh Executable file
View file

@ -0,0 +1,29 @@
#!/usr/bin/env bash
# Generate client keys
wg genkey | tee client-private.key | wg pubkey >client-public.key
# Get the keys
CLIENT_PRIVATE_KEY=$(cat client-private.key)
CLIENT_PUBLIC_KEY=$(cat client-public.key)
SERVER_PUBLIC_KEY=$(sudo cat /home/zoey/wg-keys/private | wg pubkey)
# Your server's public IP
SERVER_IP="66.227.177.15"
# Create the client configuration
cat >wg0-client.conf <<EOF
[Interface]
PrivateKey = ${CLIENT_PRIVATE_KEY}
Address = 10.100.0.2/24
DNS = 1.1.1.1
[Peer]
PublicKey = ${SERVER_PUBLIC_KEY}
Endpoint = ${SERVER_IP}:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
EOF
echo "Client Public Key (add this to your server config):"
echo ${CLIENT_PUBLIC_KEY}

106
homes/x86_64-linux/zoey@earth/default.nix
View file

@ -8,6 +8,7 @@
wms.hyprland.enable = true;
apps = {
web.librewolf.enable = true;
web.librewolf.setDefault = true;
tools.git.enable = true;
tools.tmux.enable = true;
@ -17,7 +18,7 @@
tools.direnv.enable = true;
tools.tealdeer.enable = true;
tools.bat.enable = true;
tools.emacs.enable = true;
tools.emacs.enable = false;
tools.gh.enable = true;
@ -28,6 +29,9 @@
term.ghostty.enable = true;
music.spotify.enable = true;
video.mpv.enable = true;
mail.aerc.enable = true;
helpers = {
rofi.enable = true;
@ -42,8 +46,6 @@
services.lock.enable = true;
services.music.enable = true;
services.pm-bridge.enable = true;
services.pm-bridge.nonInteractive = true;
services.udiskie.enable = true;
xdg.enable = true;
@ -57,16 +59,12 @@
};
};
# programs.pywal2.enable = true;
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "zen_twilight.desktop";
"x-scheme-handler/http" = "zen_twilight.desktop";
"x-scheme-handler/https" = "zen_twilight.desktop";
"x-scheme-handler/about" = "zen_twilight.desktop";
"x-scheme-handler/unknown" = "zen_twilight.desktop";
"inode/directory" = ["org.gnome.Nautilus.desktop"];
"image/jpeg" = ["org.gnome.Loupe.desktop"];
@ -79,6 +77,7 @@
"image/svg+xml" = ["org.gnome.Loupe.desktop"];
"application/x-compressed-tar" = "org.gnome.FileRoller.desktop";
"application/x-compressed-zip" = "org.gnome.FileRoller.desktop";
"application/x-archive" = "org.gnome.FileRoller.desktop";
};
};
@ -98,15 +97,21 @@
};
catppuccin.enable = true;
catppuccin.flavor = "macchiato";
catppuccin.accent = "pink";
catppuccin.flavor = "mocha";
catppuccin.accent = "red";
catppuccin.aerc.enable = true;
work.vpn.enable = true;
home.packages = [
pkgs.gimp
pkgs.slack
pkgs.monero-cli
pkgs.zoom-us
pkgs.elisa
pkgs.pandoc
pkgs.prismlauncher
pkgs.obs-studio
@ -115,6 +120,15 @@
pkgs.uutils-coreutils-noprefix
pkgs.yazi
pkgs.fragments
inputs.posting.packages.${pkgs.system}.default
pkgs.heroic
pkgs.cartridges
pkgs.discord-canary
pkgs.darktable
pkgs.thunderbird
pkgs.custom.nvidia-nsight
@ -122,7 +136,7 @@
pkgs.custom.enc
pkgs.nix-tree
inputs.g2claude.packages.${pkgs.system}.default
# inputs.g2claude.packages.${pkgs.system}.default
pkgs.mongodb-compass
pkgs.postman
@ -130,12 +144,17 @@
pkgs.dconf
pkgs.wl-clipboard
pkgs.pavucontrol
pkgs.pwvucontrol
pkgs.wlogout
pkgs.sway-audio-idle-inhibit
pkgs.grim
pkgs.slurp
pkgs.pods
pkgs.polari
pkgs.flare-signal
pkgs.neovide
pkgs.nitch
@ -155,13 +174,28 @@
pkgs.parsec-bin
pkgs.filezilla
pkgs.zed-editor
lib.custom.nixos-stable.zed-editor
pkgs.rmpc
inputs.zen-browser.packages.${pkgs.system}.twilight
# (inputs.zen-browser.packages.${pkgs.system}.twilight.overrideAttrs {
# version = "1.7.7t";
# src = builtins.fetchTarball {
# url = "https://github.com/zen-browser/desktop/releases/download/twilight/zen.linux-x86_64.tar.xz";
# sha256 = "sha256:1wgkqdfny6bqwmpka6knrjzsidpm3v5kiijkmszg7wiisl47lgal";
# };
# })
inputs.zen-browser.packages.${pkgs.system}.beta
pkgs.starfetch
lib.custom.nixos-stable.kiwix
pkgs.mpc-cli
pkgs.zathura
pkgs.gpgme.dev
pkgs.rofimoji
pkgs.renderdoc
pkgs.nautilus
pkgs.nautilus-python
@ -172,25 +206,47 @@
pkgs.linux-manual
pkgs.man-pages
pkgs.man-pages-posix
pkgs.ardour
pkgs.shadps4
pkgs.audacity
];
programs.mpv = {
enable = true;
extraInput = ''
background-color='#000000"
'';
};
catppuccin.mpv.enable = true;
programs.zoxide = {
enable = true;
options = ["--cmd cd"];
};
home.file.".mozilla/native-messaging-hosts/gpgmejson.json".text = builtins.toJSON {
name = "gpgmejson";
description = "JavaScript binding for GnuPG";
path = "${pkgs.gpgme.dev}/bin/gpgme-json";
type = "stdio";
allowed_extensions = ["jid1-AQqSMBYb0a8ADg@jetpack"];
};
programs.cava = {
enable = true;
catppuccin.enable = true;
# settings = {
# general = {
# bars = 2;
# channels = 2;
# mono = "no";
#
# # smoothing = 0;
# # falloff = 0.0;
# };
# input = {
# method = "pipewire";
# source = "alsa_input.pci-0000_0d_00.4.analog-stereo";
# };
# # output = {
# # method = "ncurses";
# # };
# };
};
programs.btop = {

2
homes/x86_64-linux/zoey@pluto/default.nix
View file

@ -7,7 +7,7 @@
}: {
apps = {
tools.git.enable = true;
tools.tmux.enable = true;
tools.tmux.enable = false;
tools.neovim.enable = true;
tools.starship.enable = true;
tools.skim.enable = true;

71
homes/x86_64-linux/zoey@venus/default.nix Normal file
View file

@ -0,0 +1,71 @@
{
inputs,
pkgs,
system,
lib,
...
}: {
apps = {
tools.git.enable = true;
tools.tmux.enable = false;
tools.neovim.enable = true;
tools.starship.enable = true;
tools.skim.enable = true;
tools.direnv.enable = true;
tools.tealdeer.enable = true;
tools.bat.enable = true;
};
shells.zsh.enable = true;
xdg.enable = true;
programs = {
gpg.enable = true;
man.enable = true;
eza.enable = true;
dircolors = {
enable = true;
enableZshIntegration = true;
};
};
# catppuccin.enable = true;
home.packages = [
pkgs.mosh
pkgs.nix-output-monitor
pkgs.fastfetch
pkgs.nh
pkgs.killall
pkgs.custom.rebuild
];
programs.zoxide = {
enable = true;
enableZshIntegration = true;
options = ["--cmd cd"];
};
programs.btop = {
enable = true;
catppuccin.enable = true;
extraConfig = ''
update_ms = 100
vim_keys = true
'';
};
programs.lazygit = {
enable = true;
catppuccin.enable = true;
};
programs.fzf = {
enable = true;
catppuccin.enable = true;
};
}

18
k3s/user.yaml Normal file
View file

@ -0,0 +1,18 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

6
lib/module/default.nix
View file

@ -18,4 +18,10 @@ with lib; rec {
enabled = {enable = true;};
disabled = {enable = false;};
nixos-stable = import inputs.nixos-stable {
system = "x86_64-linux";
config = {};
overlays = [];
};
}

2
lib/theme/default.nix
View file

@ -28,5 +28,5 @@
};
};
wallpaper = ./wall4.jpg;
wallpaper = ./favs-98.png;
}

BIN
lib/theme/favs-77.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 36 MiB

BIN
lib/theme/favs-93.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 31 MiB

BIN
lib/theme/favs-98.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 32 MiB

BIN
lib/theme/wallpaper.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 166 KiB

37
modules/home/apps/helpers/waybar/default.nix
View file

@ -17,11 +17,11 @@ in {
config = mkIf cfg.enable {
services.swaync = {
enable = true;
style = ''
style = lib.mkForce ''
* {
all: unset;
font-size: 14px;
font-family: "Cantarell";
font-family: "Adwaita Sans", "JetBrains Mono Nerd Font";
transition: 200ms;
}
@ -290,16 +290,16 @@ in {
border: 1px solid #6e738d;
}
.widget-mpris .widget-mpris-player {
.widget-mpris .widget-mpris-player .widget-mpd {
background: #363a4f;
padding: 7px;
}
.widget-mpris .widget-mpris-title {
.widget-mpris .widget-mpris-title .widget-mpd .widget-mpd-title {
font-size: 1.2rem;
}
.widget-mpris .widget-mpris-subtitle {
.widget-mpris .widget-mpris-subtitle .widget-mpd .widget-mpd-subtitle {
font-size: 0.8rem;
}
@ -419,6 +419,7 @@ in {
#tray,
#memory,
#window,
#mpd
#mpris {
padding: 0.3rem 0.6rem;
margin: 0.4rem 0.25rem;
@ -518,6 +519,32 @@ in {
exec = "spotifatius monitor";
};
mpd = {
format = "{stateIcon} {consumeIcon}{randomIcon}{repeatIcon}{singleIcon}{artist} - {title}";
"format-disconnected" = "Disconnected ";
"format-stopped" = "{consumeIcon}{randomIcon}{repeatIcon}{singleIcon}Stopped ";
"interval" = 10;
"consume-icons" = {
"on" = " ";
};
"random-icons" = {
"off" = "<span color=\"#f53c3c\"></span> ";
"on" = " ";
};
"repeat-icons" = {
"on" = " ";
};
"single-icons" = {
"on" = "1 ";
};
"state-icons" = {
"paused" = "";
"playing" = "";
};
"tooltip-format" = "MPD (connected)";
"tooltip-format-disconnected" = "";
};
mpris = {
player = "spotify";
"dynamic-order" = ["artist" "title"];

37
modules/home/apps/mail/aerc/default.nix Normal file
View file

@ -0,0 +1,37 @@
{
options,
config,
lib,
...
}:
with lib;
with lib.custom; let
cfg = config.apps.mail.aerc;
in {
options.apps.mail.aerc = with types; {
enable = mkBoolOpt false "Enable Aerc Mail Client";
};
config = mkIf cfg.enable {
programs.aerc = {
enable = false;
package = nixos-stable.aerc;
extraConfig = {
general = {
pgp-provider = "gpg";
};
filters = {
"text/plain" = "colorize";
"text/calendar" = "calendar";
"message/delivery-status" = "colorize";
"message/rfc822" = " colorize";
"text/html" = "pandoc -f html -t plain | colorize";
};
hooks = {
"mail-received" = "notify-send \"[$AERC_ACCOUNT/$AERC_FOLDER] New mail from $AERC_FROM_NAME\" \"$AERC_SUBJECT\"";
};
};
};
};
}

1
modules/home/apps/term/kitty/default.nix
View file

@ -42,6 +42,7 @@ in {
settings = {
window_padding_width = 12;
background_opacity = "0.9";
# background = "#000000";
};
};
};

3
modules/home/apps/tools/emacs/default.nix
View file

@ -61,9 +61,6 @@ in {
sqlite
# :lang latex & :lang org (latex previews)
texlive.combined.scheme-medium
# :lang beancount
beancount
fava
# :lang nix
age
];

6
modules/home/apps/tools/git/default.nix
View file

@ -58,6 +58,12 @@ in {
autoupdate = true;
enabled = true;
};
sendemail = {
smtpserver = "mail.zoeys.cloud";
smtpuser = "hi@zoeys.computer";
smtpencryption = "ssl";
smtpserverport = 465;
};
};
lfs.enable = true;
delta.enable = true;

5
modules/home/apps/tools/neovim/config/lazyvim.json
View file

@ -22,8 +22,11 @@
"lazyvim.plugins.extras.lang.elixir",
"lazyvim.plugins.extras.lang.tex",
"lazyvim.plugins.extras.lang.go",
"lazyvim.plugins.extras.lang.python",
"lazyvim.plugins.extras.lang.zig",
"lazyvim.plugins.extras.lang.typescript",
"lazyvim.plugins.extras.test.core",
"lazyvim.plugins.extras.util.rest",
"lazyvim.plugins.extras.util.dot",
"lazyvim.plugins.extras.util.mini-hipatterns",
"lazyvim.plugins.extras.coding.luasnip",
@ -32,5 +35,5 @@
"news": {
"NEWS.md": "6520"
},
"version": 7
"version": 8
}

61
modules/home/apps/tools/neovim/config/lua/plugins/core.lua
View file

@ -2,10 +2,20 @@ return {
{
"LazyVim/LazyVim",
opts = {
colorscheme = "catppuccin-macchiato",
colorscheme = "catppuccin-mocha",
news = { lazyvim = false },
},
},
{
"drewxs/ash.nvim",
lazy = false,
priority = 1000,
},
{
"dgox16/oldworld.nvim",
lazy = false,
priority = 1000,
},
{
"snacks.nvim",
opts = {
@ -16,7 +26,7 @@ return {
preset = {
header = [[
l
l ~
f_,)
]],
@ -24,6 +34,14 @@ return {
},
},
},
-- {
-- "uZer/pywal16.nvim",
-- -- for local dev replace with:
-- -- dir = '~/your/path/pywal16.nvim',
-- config = function()
-- vim.cmd.colorscheme("pywal16")
-- end,
-- },
{
"catppuccin",
opts = {
@ -31,6 +49,13 @@ return {
integrations = {
blink_cmp = true,
},
-- color_overrides = {
-- mocha = {
-- base = "#000000",
-- mantle = "#000000",
-- crust = "#000000",
-- },
-- },
},
},
"f-person/git-blame.nvim",
@ -46,6 +71,7 @@ return {
javascriptreact = { "prettierd" },
javascript = { "prettierd" },
htmlangular = { "prettierd" },
python = { "black" },
},
},
},
@ -75,6 +101,37 @@ return {
-- whitespace = { highlight = "Whitespace", "NonText" },
-- },
},
{
"neovim/nvim-lspconfig",
opts = {
servers = {
emmet_ls = {},
slang = {
inlayHints = {
deducedTypes = true,
paramaterNames = true,
},
},
nil_ls = {
settings = {
["nil"] = {
nix = {
flake = {
autoEvalInputs = true,
nixpkgsInputName = "nixpkgs",
autoArchive = true,
},
maxMemoryMB = 4096,
},
formatting = {
command = { "nixfmt" },
},
},
},
},
},
},
},
-- lua with lazy.nvim
{
"max397574/better-escape.nvim",

4
modules/home/apps/tools/neovim/default.nix
View file

@ -58,8 +58,6 @@ in {
(pkgs.rust-bin.selectLatestNightlyWith
(toolchain: toolchain.default))
rust-analyzer
vscode-langservers-extracted
nodePackages.vscode-json-languageserver
nodePackages.typescript-language-server
#nodePackages.astro-language-server
nodePackages.bash-language-server
@ -92,7 +90,7 @@ in {
postgresql
mongosh
gerbera
vscode-extensions.vadimcn.vscode-lldb.adapter
# vscode-extensions.vadimcn.vscode-lldb.adapter
];
plugins = with pkgs.vimPlugins; [
lazy-nix-helper-nvim

10
modules/home/apps/tools/tmux/default.nix
View file

@ -14,10 +14,17 @@ in {
};
config = mkIf cfg.enable {
catppuccin.tmux = {
enable = true;
# extraConfig = ''
# set -g @catppuccin_window_status_style "basic"
# set -g @catppuccin_status_background "#000000"
# '';
};
programs.tmux = {
enable = true;
shell = "${pkgs.zsh}/bin/zsh";
catppuccin.enable = true;
historyLimit = 100000;
plugins = with pkgs; [
tmuxPlugins.sensible
@ -35,7 +42,6 @@ in {
set-window-option -g pane-base-index 1
set-option -g renumber-windows on
set -g @catppuccin_window_status_style "basic"
set -g default-terminal "tmux-256color"
set -g allow-passthrough on

40
modules/home/apps/video/mpv/default.nix Normal file
View file

@ -0,0 +1,40 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.apps.video.mpv;
in {
options.apps.video.mpv = with types; {
enable = mkBoolOpt false "Enable MPV video player";
};
config = mkIf cfg.enable {
catppuccin.mpv.enable = false;
home.packages = with pkgs; [open-in-mpv];
programs.mpv = {
enable = true;
config = {
profile = "main";
background-color = "#000000";
};
scripts = with pkgs.mpvScripts; [uosc sponsorblock thumbfast quality-menu];
profiles = {
main = {
vo = "gpu-next";
};
"protocol.dvd" = {
profile-desc = "profile for dvd:// streams";
alang = "en";
};
};
};
};
}

259
modules/home/apps/web/firefox/default.nix
View file

@ -1,259 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.apps.web.firefox;
in {
options.apps.web.firefox = with types; {
enable = mkBoolOpt false "Enable or disable firefox";
setDefault = mkBoolOpt false "Set Firefox as default browser";
};
config = mkIf cfg.enable {
xdg.mimeApps.defaultApplications = mkIf cfg.setDefault {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"image/png" = "feh.desktop";
};
programs.firefox = let
lock-false = {
Value = false;
Status = "locked";
};
lock-true = {
Value = true;
Status = "locked";
};
in {
enable = true;
package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
extraPolicies = {
DisableTelemetry = true;
Preferences = {
"app.normandy.api_url" = {
Value = "";
Status = "locked";
};
"app.normandy.enabled" = lock-false;
"app.shield.optoutstudies.enabled" = lock-false;
"app.update.auto" = lock-false;
"beacon.enabled" = lock-false;
"breakpad.reportURL" = {
Value = "";
Status = "locked";
};
"browser.aboutConfig.showWarning" = lock-false;
"browser.cache.offline.enable" = lock-false;
"browser.crashReports.unsubmittedCheck.autoSubmit" = lock-false;
"browser.crashReports.unsubmittedCheck.autoSubmit2" = lock-false;
"browser.crashReports.unsubmittedCheck.enabled" = lock-false;
"browser.disableResetPrompt" = lock-true;
"browser.newtab.preload" = lock-false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = lock-false;
"browser.newtabpage.enhanced" = lock-false;
"browser.newtabpage.introShown" = lock-true;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = lock-false;
"browser.newtabpage.activity-stream.showSponsored" = lock-false;
"browser.newtabpage.activity-stream.system.showSponsored" = lock-false;
"browser.safebrowsing.appRepURL" = {
Value = "";
Status = "locked";
};
"browser.safebrowsing.blockedURIs.enabled" = lock-false;
"browser.safebrowsing.downloads.enabled" = lock-false;
"browser.safebrowsing.downloads.remote.enabled" = lock-false;
"browser.safebrowsing.downloads.remote.url" = {
Value = "";
Status = "locked";
};
"browser.safebrowsing.enabled" = lock-false;
"browser.safebrowsing.malware.enabled" = lock-false;
"browser.safebrowsing.phishing.enabled" = lock-false;
"browser.selfsupport.url" = {
Value = "";
Status = "locked";
};
"browser.send_pings" = lock-false;
"browser.sessionstore.privacy_level" = {
Value = 0;
Status = "locked";
};
"browser.shell.checkDefaultBrowser" = lock-false;
"browser.startup.homepage_override.mstone" = {
Value = "ignore";
Status = "locked";
};
"browser.tabs.crashReporting.sendReport" = lock-false;
"browser.urlbar.groupLabels.enabled" = lock-false;
"browser.urlbar.quicksuggest.enabled" = lock-false;
"browser.urlbar.speculativeConnect.enabled" = lock-false;
"browser.urlbar.trimURLs" = lock-false;
"browser.urlbar.suggest.quicksuggest.sponsored" = lock-false;
"datareporting.healthreport.service.enabled" = lock-false;
"datareporting.healthreport.uploadEnabled" = lock-false;
"datareporting.policy.dataSubmissionEnabled" = lock-false;
"device.sensors.ambientLight.enabled" = lock-false;
"device.sensors.enabled" = lock-false;
"device.sensors.motion.enabled" = lock-false;
"device.sensors.orientation.enabled" = lock-false;
"device.sensors.proximity.enabled" = lock-false;
"dom.battery.enabled" = lock-false;
"dom.event.clipboardevents.enabled" = lock-false;
"dom.webaudio.enabled" = lock-false;
"experiments.activeExperiment" = lock-false;
"experiments.enabled" = lock-false;
"experiments.manifest.uri" = {
Value = "";
Status = "locked";
};
"experiments.supported" = lock-false;
"extensions.ClearURLs@kevinr.whiteList" = {
Value = "";
Status = "locked";
};
"extensions.Decentraleyes@ThomasRientjes.whiteList" = {
Value = "";
Status = "locked";
};
"extensions.FirefoxMulti-AccountContainers@mozilla.whiteList" = {
Value = "";
Status = "locked";
};
"extensions.TemporaryContainers@stoically.whiteList" = {
Value = "";
Status = "locked";
};
"extensions.autoDisableScopes" = 14;
"extensions.getAddons.cache.enabled" = lock-false;
"extensions.getAddons.showPane" = lock-false;
"extensions.greasemonkey.stats.optedin" = lock-false;
"extensions.greasemonkey.stats.url" = {
Value = "";
Status = "locked";
};
"extensions.pocket.enabled" = lock-false;
"extensions.shield-recipe-client.api_url" = {
Value = "";
Status = "locked";
};
"extensions.shield-recipe-client.enabled" = lock-false;
"extensions.webservice.discoverURL" = {
Value = "";
Status = "locked";
};
"media.autoplay.default" = {
Value = 0;
Status = "locked";
};
"media.autoplay.enabled" = lock-true;
"media.eme.enabled" = lock-false;
"media.gmp-widevinecdm.enabled" = lock-false;
"media.navigator.enabled" = lock-false;
"media.peerconnection.enabled" = lock-false;
"media.video_stats.enabled" = lock-false;
"network.IDN_show_punycode" = lock-true;
"network.allow-experiments" = lock-false;
"network.captive-portal-service.enabled" = lock-false;
"network.cookie.cookieBehavior" = {
Value = 1;
Status = "locked";
};
"network.dns.disablePrefetch" = lock-true;
"network.dns.disablePrefetchFromHTTPS" = lock-true;
"network.http.referer.spoofSource" = lock-true;
"network.http.speculative-parallel-limit" = {
Value = 0;
Status = "locked";
};
"network.predictor.enable-prefetch" = lock-false;
"network.predictor.enabled" = lock-false;
"network.prefetch-next" = lock-false;
"network.trr.mode" = {
Value = 5;
Status = "locked";
};
"privacy.donottrackheader.enabled" = lock-true;
"privacy.donottrackheader.value" = {
Value = 1;
Status = "locked";
};
"privacy.firstparty.isolate" = lock-true;
"privacy.query_stripping" = lock-true;
"privacy.trackingprotection.cryptomining.enabled" = lock-true;
"privacy.trackingprotection.enabled" = lock-true;
"privacy.trackingprotection.fingerprinting.enabled" = lock-true;
"privacy.trackingprotection.pbmode.enabled" = lock-true;
"privacy.usercontext.about_newtab_segregation.enabled" = lock-true;
"security.ssl.disable_session_identifiers" = lock-true;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSite" = lock-false;
"signon.autofillForms" = lock-false;
"toolkit.telemetry.archive.enabled" = lock-false;
"toolkit.telemetry.bhrPing.enabled" = lock-false;
"toolkit.telemetry.cachedClientID" = {
Value = "";
Status = "locked";
};
"toolkit.telemetry.enabled" = lock-false;
"toolkit.telemetry.firstShutdownPing.enabled" = lock-false;
"toolkit.telemetry.hybridContent.enabled" = lock-false;
"toolkit.telemetry.newProfilePing.enabled" = lock-false;
"toolkit.telemetry.prompted" = {
Value = 2;
Status = "locked";
};
"toolkit.telemetry.rejected" = lock-true;
"toolkit.telemetry.reportingpolicy.firstRun" = lock-false;
"toolkit.telemetry.server" = {
Value = "";
Status = "locked";
};
"toolkit.telemetry.shutdownPingSender.enabled" = lock-false;
"toolkit.telemetry.unified" = lock-false;
"toolkit.telemetry.unifiedIsOptIn" = lock-false;
"toolkit.telemetry.updatePing.enabled" = lock-false;
"webgl.renderer-string-override" = {
Value = " ";
Status = "locked";
};
"webgl.vendor-string-override" = {
Value = " ";
Status = "locked";
};
};
ExtensionSettings = with builtins; let
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "normal_installed";
};
};
in
listToAttrs [
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
(extension "1password-x-password-manager" "{d634138d-c276-4fc8-924b-40a0ea21d284}")
(extension "firefox-color" "FirefoxColor@mozilla.com")
(extension "multi-account-containers" "@testpilot-containers")
(extension "temporary-containers" "{c607c8df-14a7-4f28-894f-29e8722976af}")
(extension "styl-us" "{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}")
(extension "betterttv" "firefox@betterttv.net")
(extension "decentraleyes" "jid1-BoFifL9Vbdl2zQ@jetpack")
(extension "canvasblocker" "CanvasBlocker@kkapsner.de")
(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
(extension "mtab" "contact@maxhu.dev")
];
};
};
};
};
}

234
modules/home/apps/web/librewolf/default.nix
View file

@ -9,9 +9,9 @@ with lib.custom; let
cfg = config.apps.web.librewolf;
in {
options.apps.web.librewolf = with types; {
enable = mkBoolOpt false "Enable librewolf";
enable = mkBoolOpt false "Enable or disable librewolf";
setDefault = mkBoolOpt false "Set Librewolf to default";
setDefault = mkBoolOpt false "Set Librewolf as default browser";
};
config = mkIf cfg.enable {
@ -19,17 +19,233 @@ in {
"text/html" = "librewolf.desktop";
"x-scheme-handler/http" = "librewolf.desktop";
"x-scheme-handler/https" = "librewolf.desktop";
"image/png" = "feh.desktop";
};
programs.librewolf = {
enable = true;
settings = {
"webgl.disabled" = false;
"privacy.resistFingerprinting" = false;
"privacy.clearOnShutdown.history" = false;
"privacy.clearOnShutdown.cookies" = false;
"network.cookie.lifetimePolicy" = 0;
profiles.${config.home.username} = {
id = 0;
isDefault = true;
search = {
default = "SearXNG";
engines = {
"NixOS Options" = {
urls = [
{
template = "https://search.nixos.org/options?query={searchTerms}";
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@nixos"];
};
"Nix Packages" = {
urls = [
{
template = "https://search.nixos.org/packages?query={searchTerms}";
}
];
icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg";
definedAliases = ["@nixpkgs"];
};
"OpenStreetMap" = {
urls = [
{
template = "https://www.openstreetmap.org/search?query={searchTerms}";
}
];
iconUpdateURL = "https://www.openstreetmap.org/favicon.ico";
definedAliases = ["@openstreetmap" "@osm"];
};
"SearXNG" = {
urls = [
{
template = "https://search.zoeys.computer/searx/search?q={searchTerms}";
}
];
iconUpdateURL = "https://search.zoeys.computer/searx/static/themes/simple/img/favicon.svg";
definedAliases = ["@searx"];
};
"docs.rs" = {
urls = [
{
template = "https://docs.rs/releases/search?query={searchTerms}";
}
];
iconUpdateURL = "https://docs.rs/-/static/favicon.ico";
definedAliases = ["@docs"];
};
"crates.io" = {
urls = [
{
template = "https://crates.io/search?q={searchTerms}";
}
];
iconUpdateURL = "https://crates.io/assets/cargo.png";
definedAliases = ["@crates"];
};
};
force = true; # Required to prevent search engine symlink being overwritten. See https://github.com/nix-community/home-manager/issues/3698
};
};
policies = {
DisableTelemetry = true;
Preferences = {
"app.normandy.api_url" = "";
"app.normandy.enabled" = false;
"app.shield.optoutstudies.enabled" = false;
"app.update.auto" = false;
"beacon.enabled" = false;
"breakpad.reportURL" = "";
"browser.aboutConfig.showWarning" = false;
"browser.cache.offline.enable" = false;
"browser.crashReports.unsubmittedCheck.autoSubmit" = false;
"browser.crashReports.unsubmittedCheck.autoSubmit2" = false;
"browser.crashReports.unsubmittedCheck.enabled" = false;
"browser.disableResetPrompt" = true;
"browser.newtab.preload" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.enhanced" = false;
"browser.newtabpage.introShown" = true;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.system.showSponsored" = false;
"browser.safebrowsing.appRepURL" = "";
"browser.safebrowsing.blockedURIs.enabled" = false;
"browser.safebrowsing.downloads.enabled" = false;
"browser.safebrowsing.downloads.remote.enabled" = false;
"browser.safebrowsing.downloads.remote.url" = "";
"browser.safebrowsing.enabled" = false;
"browser.safebrowsing.malware.enabled" = false;
"browser.safebrowsing.phishing.enabled" = false;
"browser.selfsupport.url" = "";
"browser.send_pings" = false;
"browser.sessionstore.privacy_level" = 0;
"browser.shell.checkDefaultBrowser" = false;
"browser.startup.homepage_override.mstone" = "";
"browser.tabs.crashReporting.sendReport" = false;
"browser.urlbar.groupLabels.enabled" = false;
"browser.urlbar.quicksuggest.enabled" = false;
"browser.urlbar.speculativeConnect.enabled" = false;
"browser.urlbar.trimURLs" = false;
"browser.urlbar.suggest.quicksuggest.sponsored" = false;
"datareporting.healthreport.service.enabled" = false;
"datareporting.healthreport.uploadEnabled" = false;
"datareporting.policy.dataSubmissionEnabled" = false;
"device.sensors.ambientLight.enabled" = false;
"device.sensors.enabled" = false;
"device.sensors.motion.enabled" = false;
"device.sensors.orientation.enabled" = false;
"device.sensors.proximity.enabled" = false;
"dom.battery.enabled" = false;
"dom.event.clipboardevents.enabled" = false;
"dom.webaudio.enabled" = false;
"experiments.activeExperiment" = false;
"experiments.enabled" = false;
"experiments.manifest.uri" = "";
"experiments.supported" = false;
"extensions.ClearURLs@kevinr.whiteList" = "";
"extensions.Decentraleyes@ThomasRientjes.whiteList" = "";
"extensions.FirefoxMulti-AccountContainers@mozilla.whiteList" = "";
"extensions.TemporaryContainers@stoically.whiteList" = "";
"extensions.autoDisableScopes" = 14;
"extensions.getAddons.cache.enabled" = false;
"extensions.getAddons.showPane" = false;
"extensions.greasemonkey.stats.optedin" = false;
"extensions.greasemonkey.stats.url" = "";
"extensions.pocket.enabled" = false;
"extensions.shield-recipe-client.api_url" = "";
"extensions.shield-recipe-client.enabled" = false;
"extensions.webservice.discoverURL" = "";
"media.autoplay.default" = 0;
"media.autoplay.enabled" = true;
"media.eme.enabled" = false;
"media.gmp-widevinecdm.enabled" = false;
"media.navigator.enabled" = false;
"media.peerconnection.enabled" = false;
"media.video_stats.enabled" = false;
"network.IDN_show_punycode" = true;
"network.allow-experiments" = false;
"network.captive-portal-service.enabled" = false;
"network.cookie.cookieBehavior" = 1;
"network.dns.disablePrefetch" = true;
"network.dns.disablePrefetchFromHTTPS" = true;
"network.http.referer.spoofSource" = true;
"network.http.speculative-parallel-limit" = "";
"network.predictor.enable-prefetch" = false;
"network.predictor.enabled" = false;
"network.prefetch-next" = false;
"network.trr.mode" = "";
"privacy.donottrackheader.enabled" = true;
"privacy.donottrackheader.value" = "";
"privacy.firstparty.isolate" = true;
"privacy.query_stripping" = true;
"privacy.trackingprotection.cryptomining.enabled" = true;
"privacy.trackingprotection.enabled" = true;
"privacy.trackingprotection.fingerprinting.enabled" = true;
"privacy.trackingprotection.pbmode.enabled" = true;
"privacy.usercontext.about_newtab_segregation.enabled" = true;
"security.ssl.disable_session_identifiers" = true;
"services.sync.prefs.sync.browser.newtabpage.activity-stream.showSponsoredTopSite" = false;
"signon.autofillForms" = false;
"toolkit.telemetry.archive.enabled" = false;
"toolkit.telemetry.bhrPing.enabled" = false;
"toolkit.telemetry.cachedClientID" = "";
"toolkit.telemetry.enabled" = false;
"toolkit.telemetry.firstShutdownPing.enabled" = false;
"toolkit.telemetry.hybridContent.enabled" = false;
"toolkit.telemetry.newProfilePing.enabled" = false;
"toolkit.telemetry.prompted" = "";
"toolkit.telemetry.rejected" = true;
"toolkit.telemetry.reportingpolicy.firstRun" = false;
"toolkit.telemetry.server" = "";
"toolkit.telemetry.shutdownPingSender.enabled" = false;
"toolkit.telemetry.unified" = false;
"toolkit.telemetry.unifiedIsOptIn" = false;
"toolkit.telemetry.updatePing.enabled" = false;
"webgl.renderer-string-override" = " ";
"webgl.vendor-string-override" = " ";
};
ExtensionSettings = with builtins; let
extension = shortId: uuid: {
name = uuid;
value = {
install_url = "https://addons.mozilla.org/en-US/firefox/downloads/latest/${shortId}/latest.xpi";
installation_mode = "normal_installed";
};
};
in
listToAttrs [
(extension "ublock-origin" "uBlock0@raymondhill.net")
(extension "privacy-badger17" "jid1-MnnxcxisBPnSXQ@jetpack")
(extension "1password-x-password-manager" "{d634138d-c276-4fc8-924b-40a0ea21d284}")
(extension "firefox-color" "FirefoxColor@mozilla.com")
(extension "multi-account-containers" "@testpilot-containers")
(extension "temporary-containers" "{c607c8df-14a7-4f28-894f-29e8722976af}")
(extension "styl-us" "{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}")
(extension "betterttv" "firefox@betterttv.net")
(extension "decentraleyes" "jid1-BoFifL9Vbdl2zQ@jetpack")
(extension "canvasblocker" "CanvasBlocker@kkapsner.de")
(extension "clearurls" "{74145f27-f039-47ce-a470-a662b129930a}")
(extension "mtab" "contact@maxhu.dev")
];
};
};
};

2
modules/home/rice/gtk/default.nix
View file

@ -26,7 +26,7 @@ in {
enable = true;
font = {
name = "Cantarell";
name = "Adwaita Sans";
size = 11;
};

28
modules/home/rice/pywal/default.nix Normal file
View file

@ -0,0 +1,28 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.programs.pywal2;
in {
options = {programs.pywal2 = {enable = mkEnableOption "pywal";};};
config = mkIf cfg.enable {
home.packages = [pkgs.pywal];
programs.zsh.initExtra = ''
# Import colorscheme from 'wal' asynchronously
# & # Run the process in the background.
# ( ) # Hide shell job control messages.
(cat ${config.xdg.cacheHome}/wal/sequences &)
'';
programs.kitty.extraConfig = ''
include ${config.xdg.cacheHome}/wal/colors-kitty.conf
'';
programs.rofi.theme."@import" = "${config.xdg.cacheHome}/wal/colors-rofi-dark.rasi";
};
}

48
modules/home/services/pm-bridge/default.nix
View file

@ -1,48 +0,0 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.services.pm-bridge;
in {
options.services.pm-bridge = with types; {
enable = mkOption {
type = types.bool;
default = false;
description = "Whether to enable the Bridge.";
};
nonInteractive = mkOption {
type = types.bool;
default = false;
description = "Start Bridge entirely noninteractively";
};
logLevel = mkOption {
type = types.enum ["panic" "fatal" "error" "warn" "info" "debug" "debug-client" "debug-server"];
default = "info";
description = "The log level";
};
};
config = mkIf cfg.enable {
systemd.user.services.protonmail-bridge = {
Unit = {
Description = "Protonmail Bridge";
After = ["network.target"];
};
Service = {
Restart = "always";
ExecStart = "${lib.getExe pkgs.hydroxide} serve";
};
Install = {
WantedBy = ["default.target"];
};
};
};
}

27
modules/home/wms/hyprland/default.nix
View file

@ -44,6 +44,8 @@ in {
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
xwayland.enable = true;
# plugins = with pkgs.hyprlandPlugins; [hypr-dynamic-cursors];
systemd = {
enable = false;
enableXdgAutostart = true;
@ -52,14 +54,15 @@ in {
wayland.windowManager.hyprland.settings = with colors; {
exec-once = [
"pw-loopback -C \"alsa_input.pci-0000_0d_00.4.analog-stereo\" -P \"Scarlett Solo (3rd Gen.) Headphones / Line 1-2\""
# "pw-loopback -C \"alsa_input.pci-0000_0d_00.4.analog-stereo\" -P \"Scarlett Solo (3rd Gen.) Headphones / Line 1-2\""
# "dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP"
# "systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP"
"zen"
"librewolf"
"thunderbird"
"vesktop"
"spotify"
"slack"
"${lib.getExe pkgs.bash} -c '(( $(date +%u) < 6 )) && ${lib.getExe pkgs.slack}'"
"signal-desktop"
];
env = [
@ -92,10 +95,11 @@ in {
"${mod},X,exec, ags --toggle-window \"dashboard\""
"${mod},Print,exec,${lib.getExe pkgs.custom.sc}"
"${mod},Shift&Print,exec,\"${lib.getExe pkgs.grim} -g ${lib.getExe pkgs.slurp} | wl-copy\""
"${mod},S,exec,${lib.getExe pkgs.grim} -g \"$(${lib.getExe pkgs.slurp})\" - | ${pkgs.wl-clipboard}/bin/wl-copy -t image/png"
# grim -g "$(slurp)" | wl-copy
"${modshift},O,exec,wl-ocr"
"${mod},Period,exec, tofi-emoji"
"${mod},Period,exec,rofimoji"
"${modshift},L,exec,swaylock --grace 0" # lock screen
]
@ -114,6 +118,8 @@ in {
# border thiccness
border_size = 2;
allow_tearing = true;
# active border color
"col.active_border" = "rgb(${rose})";
"col.inactive_border" = "rgb(${muted})";
@ -171,8 +177,12 @@ in {
force_zero_scaling = true;
};
ecosystem = {
no_update_news = true;
no_donation_nag = true;
};
experimental = {
hdr = false;
xx_color_management_v4 = true;
};
@ -180,7 +190,8 @@ in {
no_hardware_cursors = true;
};
monitor = ["DP-1,2560x1440@240,0x0,1" "HDMI-A-1,disable" "DP-2,disable"];
# for 10 bit color: DP-3,2560x1440@240,0x0,1,bitdepth,10,cm,hdr,sdrbrightness,1.2,sdrsaturation,1.0
monitor = ["DP-3,2560x1440@240,0x0,1" "HDMI-A-1,disable" "DP-1,disable"];
layerrule = [
"blur, ^(gtk-layer-shell)$"
@ -220,7 +231,7 @@ in {
"workspace 4, title:^(.*(Disc|WebC)ord.*)$"
"workspace 4, class:^(.*Slack.*)$"
"workspace 3, title:^(Spotify Premium)$"
"workspace 2, class:^(zen)$"
"workspace 2, class:^(librewolf)$"
"opacity 0.0 override,class:^(xwaylandvideobridge)$"
"noanim,class:^(xwaylandvideobridge)$"
"noinitialfocus,class:^(xwaylandvideobridge)$"

27
modules/home/work/vpn/default.nix Normal file
View file

@ -0,0 +1,27 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.work.vpn;
in {
options.work.vpn = with types; {
enable = mkBoolOpt false "Enable Work VPN Config";
};
config = mkIf cfg.enable {
xdg.configFile."vpn/work.ovpn" = {
text = ''
conifg /home/zoey/cvpn-client.ovpn
up ${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf
down ${pkgs.update-resolv-conf}/libexec/openvpn/update-resolv-conf
'';
recursive = true;
};
};
}

209
modules/nixos/hardware/audio/auto-connect-tt.lua Normal file
View file

@ -0,0 +1,209 @@
-- As explained on (and stolen from): https://bennett.dev/auto-link-pipewire-ports-wireplumber/
--
-- This script keeps my stereo-null-sink connected to whatever output I'm currently using.
-- I do this so Pulseaudio (and Wine) always sees a stereo output plus I can swap the output
-- without needing to reconnect everything.
-- Link two ports together
function link_port(output_port, input_port)
if not input_port or not output_port then
return nil
end
print("out", dump(output_port.properties))
print("in", dump(input_port.properties))
local link_args = {
["link.input.node"] = input_port.properties["node.id"],
["link.input.port"] = input_port.properties["object.id"],
["link.output.node"] = output_port.properties["node.id"],
["link.output.port"] = output_port.properties["object.id"],
-- -- The node never got created if it didn't have this field set to something
-- ["object.id"] = nil,
--
-- -- I was running into issues when I didn't have this set
-- ["object.linger"] = 1,
--
-- ["node.description"] = "Link created by auto_connect_ports",
}
print(dump(link_args))
local link = Link("link-factory", link_args)
link:activate(1)
print("link created", dump(link.properties))
return link
end
-- Automatically link ports together by their specific audio channels.
--
-- ┌──────────────────┐ ┌───────────────────┐
-- │ │ │ │
-- │ FL ├────────►│ AUX0 │
-- │ OUTPUT │ │ │
-- │ FR ├────────►│ AUX1 INPUT │
-- │ │ │ │
-- └──────────────────┘ │ AUX2 │
-- │ │
-- └───────────────────┘
--
-- -- Call this method inside a script in global scope
--
-- auto_connect_ports {
--
-- -- A constraint for all the required ports of the output device
-- output = Constraint { "node.name"}
--
-- -- A constraint for all the required ports of the input device
-- input = Constraint { .. }
--
-- -- A mapping of output audio channels to input audio channels
--
-- connections = {
-- ["FL"] = "AUX0"
-- ["FR"] = "AUX1"
-- }
--
-- }
function dump(o)
if type(o) == "table" then
local s = "{ "
for k, v in pairs(o) do
if type(k) ~= "number" then
k = '"' .. k .. '"'
end
s = s .. "[" .. k .. "] = " .. dump(v) .. ","
end
return s .. "} "
else
return tostring(o)
end
end
function auto_connect_ports(args)
local output_om = ObjectManager({
Interest({
type = "port",
args["output"],
Constraint({ "port.direction", "equals", "out" }),
}),
})
print("output_om", dump(output_om))
local links = {}
local input_om = ObjectManager({
Interest({
type = "port",
args["input"],
Constraint({ "port.direction", "equals", "in" }),
}),
})
print("input_om", dump(input_om))
local all_links = ObjectManager({
Interest({
type = "link",
}),
})
print("all_links", dump(all_links))
local unless = nil
if args["unless"] then
unless = ObjectManager({
Interest({
type = "port",
args["unless"],
Constraint({ "port.direction", "equals", "in" }),
}),
})
end
function _connect()
print("connecting...")
local delete_links = unless and unless:get_n_objects() > 0
if delete_links then
for _i, link in pairs(links) do
link:request_destroy()
end
links = {}
return
end
for output_name, input_names in pairs(args.connect) do
local input_names = input_names[1] == nil and { input_names } or input_names
-- for output in output_om:iterate() do
-- print(dump(output.properties))
-- end
if delete_links then
else
-- Iterate through all the output ports with the correct channel name
for output in output_om:iterate({ Constraint({ "audio.channel", "equals", output_name }) }) do
for _i, input_name in pairs(input_names) do
-- Iterate through all the input ports with the correct channel name
-- print("inp name", input_name)
-- print("output", dump(output.properties))
-- for input in input_om:iterate() do
-- print("hi")
-- -- print(dump(input.properties))
-- end
for input in input_om:iterate({ Constraint({ "audio.channel", "equals", input_name }) }) do
-- print("here2")
-- Link all the nodes
local link = link_port(output, input)
-- print("linked")
if link then
table.insert(links, link)
end
end
end
end
end
end
end
output_om:connect("object-added", _connect)
input_om:connect("object-added", _connect)
all_links:connect("object-added", _connect)
output_om:activate()
input_om:activate()
all_links:activate()
if unless then
unless:connect("object-added", _connect)
unless:connect("object-removed", _connect)
unless:activate()
end
print("dun")
end
-- Auto connect the stereo null sink to bluetooth headphones
auto_connect_ports({
input = Constraint({
"port.alias",
"matches",
"Scarlett Solo USB:playback_*",
}),
output = Constraint({ "port.alias", "matches", "ALC1220 Analog:capture_*" }),
connect = {
["FL"] = { "FL" },
["FR"] = { "FR" },
},
})

104
modules/nixos/hardware/audio/default.nix
View file

@ -13,7 +13,6 @@ in {
};
config = mkIf cfg.enable {
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
@ -21,19 +20,102 @@ in {
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
wireplumber.enable = true;
jack.enable = true;
extraConfig.pipewire.adjust-sample-rate = {
"context.properties" = {
"default.clock.rate" = 44100;
"default.allowed-rates" = [44100];
};
};
# extraConfig.pipewire.adjust-sample-rate = {
# "context.properties" = {
# "default.clock.rate" = 41000;
# "default.clock.allowed-rates" = [44100];
# };
# };
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
wireplumber.enable = true;
# wireplumber.extraConfig = {
# "custom" = {
# "monitor.alsa.rules" = [
# {
# matches = [
# {
# "node.name" = "alsa_output.usb-Focusrite_Scarlett_Solo_USB_Y76P5M4160A866-00.HiFi__Line1__sink";
# }
# ];
# actions = {
# update-props = {
# "audio.format" = "S32LE";
# "audio.rate" = 192000;
# "api.alsa.period-size" = 1024;
# };
# };
# }
# {
# matches = [
# {
# "node.name" = "alsa_input.pci-0000_0d_00.4.analog-stereo";
# }
# ];
# actions = {
# update-props = {
# "audio.format" = "S32LE";
# "audio.rate" = 192000;
# "api.alsa.period-size" = 1024;
# };
# };
# }
# {
# matches = [
# {
# "node.name" = "~alsa_output.*";
# }
# ];
# actions = {
# update-props = {
# "api.alsa.period-size" = 1024;
# "api.alsa.headroom" = 8192;
# };
# };
# }
# ];
# };
#
# "99-connect-tt" = {
# "wireplumber.components" = [
# {
# name = "auto-connect-tt.lua";
# type = "script/lua";
# provides = "custom.connect-tt";
# }
# ];
#
# "wireplumber.profiles" = {
# main = {
# "custom.connect-tt" = "required";
# };
# };
# };
# };
# wireplumber.extraScripts = {
# "auto-connect-tt.lua" = builtins.readFile ./auto-connect-tt.lua;
# };
# };
#
# # PulseAudio compatibility layer configuration for 44.1kHz
# services.pipewire.extraConfig.pipewire-pulse."92-steam-config" = {
# context.modules = [
# {
# name = "libpipewire-module-protocol-pulse";
# args = {
# pulse.min.req = "32/44100";
# pulse.default.req = "32/44100";
# pulse.min.quantum = "32/44100";
# pulse.max.quantum = "8192/44100";
# };
# }
# ];
# };
#
# environment.sessionVariables = {
# PIPEWIRE_LATENCY = "1024/44100";
};
};
}

28
modules/nixos/hardware/audio/dump-links.lua Normal file
View file

@ -0,0 +1,28 @@
-- Dump all Wireplumber links
function dump(o)
if type(o) == "table" then
local s = "{ "
for k, v in pairs(o) do
if type(k) ~= "number" then
k = '"' .. k .. '"'
end
s = s .. "[" .. k .. "] = " .. dump(v) .. ",\n"
end
return s .. "} "
else
return tostring(o)
end
end
local link_om = ObjectManager({
Interest({
type = "link",
}),
})
link_om:connect("object-added", function(om, link)
print(dump(link.properties) .. "\n\n")
end)
link_om:activate()

28
modules/nixos/hardware/audio/dump-ports.lua Normal file
View file

@ -0,0 +1,28 @@
-- Dump all Wireplumber ports
function dump(o)
if type(o) == "table" then
local s = "{ "
for k, v in pairs(o) do
if type(k) ~= "number" then
k = '"' .. k .. '"'
end
s = s .. "[" .. k .. "] = " .. dump(v) .. ",\n"
end
return s .. "} "
else
return tostring(o)
end
end
local port_om = ObjectManager({
Interest({
type = "port",
}),
})
port_om:connect("object-added", function(om, port)
print(dump(port.properties) .. "\n\n")
end)
port_om:activate()

104
modules/nixos/hardware/custom-opts/default.nix Normal file
View file

@ -0,0 +1,104 @@
# yoinked from https://gitlab.com/funaali/dotfiles/-/blob/3c74966cc4501c548aac0ee83cf5982510dd615c/modules/nixos/custom-opts.nix#L50, thanks!
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.hardware.march;
in {
options.hardware.march = with types; {
arch = mkOption {
type = types.nullOr types.str;
default = null;
description = "GCC -march=";
};
system = mkOption {
type = types.str;
default = "x86_64-linux";
};
enableNativeOptimizations = mkOption {
type = types.bool;
default = false;
description = "Enable -march=<arch> optimizations for all packages";
};
enableNativeOptimizationsByDefault = mkOption {
type = types.listOf types.str;
default = [];
description = ''
Architectures for which native optimizations are enabled by default.
'';
};
TCPBBRCongestionControl = mkEnableOption "TCP BBR congestion control";
cpu.vcores = mkOption {
type = types.int;
default = 0;
description = "Teh number of virtual CPU cores. Used to calculate heuristics.";
};
memory.total = mkOption {
type = types.int;
default = 0;
description = "Total amount of RAM in the system (gigabytes). Used to calculate heuristics.";
};
};
config = mkMerge [
# Enable nix to build for the system arch and its inferiors.
(mkIf (cfg.arch != null) {
# taken from https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/config/nix.nix
nix.settings.system-features = map (x: "gccarch-${x}") ((systems.architectures.inferiors.${cfg.arch} or []) ++ [cfg.arch]) ++ ["big-parallel"];
})
# Set nix cores and max jobs based on cores and installed memory.
(mkIf (cfg.cpu.vcores + cfg.memory.total > 0) (
let
minMemoryPerCore = 2;
jobsOvercommitFactor = 4;
cores = min 16 (min (cfg.cpu.vcores / 2) (cfg.memory.total / minMemoryPerCore));
max-jobs = jobsOvercommitFactor * cfg.memory.total / (cores * minMemoryPerCore);
in {
nix.settings = {
inherit cores max-jobs;
};
}
))
# Native arch optimizations
(mkIf (cfg.enableNativeOptimizations || elem cfg.arch cfg.enableNativeOptimizationsByDefault) {
assertions = [
{
message = "custom.arch can't be null when custom.enableNativeOptimizations is true!";
assertion = cfg.enableNativeOptimizations -> cfg.arch != null;
}
];
nixpkgs.hostPlatform = mkOverride 1 {
system = cfg.system;
gcc.arch = cfg.arch;
gcc.tune = cfg.arch;
};
})
# Enable TCP BBR congestion control
(mkIf cfg.TCPBBRCongestionControl {
boot.kernelModules = ["tcp_bbr"];
boot.kernel.sysctl = {
"net.core.default_qdisc" = "cake";
"net.ipv4.tcp_congestion_control" = "bbr";
};
})
# Settings if total memory is defined
(mkIf (cfg.memory.total > 0) {
services.earlyoom.freeMemThreshold = min 1 (max 5 (200 / cfg.memory.total));
})
];
}

2
modules/nixos/hardware/gpu-passthru/default.nix
View file

@ -48,7 +48,7 @@ in {
kmod
systemd
ripgrep
mullvad
nixos-stable.mullvad
killall
sd
];

4
modules/nixos/hardware/nvidia/default.nix
View file

@ -37,11 +37,11 @@ in {
# https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus
# Only available from driver 515.43.04+
# Currently alpha-quality/buggy, so false is currently the recommended setting.
open = false;
open = true;
# Enable the Nvidia settings menu,
# accessible via `nvidia-settings`.
nvidiaSettings = true;
nvidiaSettings = false;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = config.boot.kernelPackages.nvidiaPackages.beta;

15
modules/nixos/protocols/wayland/default.nix
View file

@ -35,7 +35,20 @@ in {
services.xserver.displayManager.gdm.enable = true;
programs.uwsm.enable = true;
programs.uwsm = {
enable = true;
# waylandCompositors = {
# "mwc" = {
# prettyName = "MWC";
# binPath = "/run/current-system/sw/bin/mwc";
# comment = "previously owl";
# };
# };
};
# environment.systemPackages = [
# pkgs.custom.mwc
# ];
programs.hyprland = {
withUWSM = true;

87
modules/nixos/services/mail/default.nix Normal file
View file

@ -0,0 +1,87 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.services.mail;
sec = config.age.secrets;
in {
options.services.mail = with types; {
enable = mkBoolOpt false "Enable Simple Nixos Mailserver";
};
config = mkIf cfg.enable {
age.secrets = {
webmaster-pw = {
file = ./sec/webmaster-pw.age;
};
zoeycomputer-pw = {
file = ./sec/zoey-zoeycomputer-pw.age;
};
zmio-pw = {
file = ./sec/zmio-pw.age;
};
zach-pw.file = ./sec/zach-pw.age;
emily-pw.file = ./sec/emily-piccat.age;
};
mailserver = {
enable = true;
fqdn = "mail.zoeys.email";
domains = ["zoeys.email" "zoeys.cloud" "zoeys.computer" "zackmyers.io" "zacharymyers.com" "pictureofcat.com"];
loginAccounts = {
"zoey@zoeys.email" = {
hashedPasswordFile = sec.webmaster-pw.path;
aliases = ["zoey@zoeys.cloud" "postmaster@zoeys.email" "abuse@zoeys.email"];
};
"hi@zoeys.computer" = {
hashedPasswordFile = sec.zoeycomputer-pw.path;
aliases = ["spam@zoeys.computer"];
};
"me@zackmyers.io" = {
hashedPasswordFile = sec.zmio-pw.path;
aliases = ["zach@zacharymyers.com" "zack@zacharymyers.com"];
};
"gf@zackmyers.io" = {
hashedPasswordFile = sec.emily-pw.path;
aliases = ["emily@pictureofcat.com"];
};
};
certificateScheme = "acme-nginx";
virusScanning = true;
};
# services.nginx = {
# virtualHosts = {
# "cal.zoeys.cloud" = {
# forceSSL = true;
# enableACME = true;
# locations."/" = {
# proxyPass = "http://localhost:5232/";
# extraConfig = ''
# proxy_set_header X-Script-Name /;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# proxy_pass_header Authorization;
# '';
# };
# };
# };
# };
services.roundcube = {
enable = true;
hostName = "zoeys.email";
extraConfig = ''
$config['smtp_server'] = "tls://${config.mailserver.fqdn}";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
};
}

7
modules/nixos/services/mail/sec/emily-piccat.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 CtmR6w GByJvx+LFQ6yzgAl/liuJjfzjkwZMHC+R+aKNfKNAmY
S5csNYDpwtHvIWe5W0lEiKbVnR2FcOtRU5WQW2cALAA
-> ssh-ed25519 +be3hg 68FeHprHjQxUbxJj0ERz6HOM338g12EU/BmLCDjtz3Y
ydJ94RUuxLwuk0BedBk816wLMWjgOQd3/Eb7msud3mA
--- pM8bV+881Kh2Rpizrmaa/JzzvNXtKRTRU1KyFw9qtaQ
:Ã쀬ÿxÕþ,ʅ梞ÔYk0+1ÂZÏOIq@ÛY”¼Ô¡Ö±2T³JÅ©Ž¤*Í ýù!%¹…cüýcšò<C5A1>Yq<RÕF ²ù±^Ú+éf Ý

8
modules/nixos/services/mail/sec/webmaster-pw.age Normal file
View file

@ -0,0 +1,8 @@
age-encryption.org/v1
-> ssh-ed25519 CtmR6w s2FYa/CFw32d95iUrKgwFbvMtNe+17vDYLzCRJaBumA
YgQyjn/bkEN6bH7VSlrN4xT/epITxj8NnPsalOz4ndU
-> ssh-ed25519 +be3hg BkNhJbmWJHREV54OnrDzA7ep8h2ZzVtzh+Ns6Es1jQ4
eepXxHwYgVZN56nuCisQuy+PHRjz+/NrJfVdqaAAMRE
--- wyDX4yv5LbYhCvxIiK+wzndFlBs5AdV/FgNC+MRHAO8
<EFBFBD>wVX=ó|¹éì @ß3ŒÜrÇ™sWl&ón»
¿Ù¿4“T&ÁÅJ"<Ë;רGYò-Dp@1Á<31>Î@ò»º_š9µÎ‡³ÌUû×™™ )•üb"

BIN
modules/nixos/services/mail/sec/zach-pw.age Normal file
View file

Binary file not shown.

BIN
modules/nixos/services/mail/sec/zmio-pw.age Normal file
View file

Binary file not shown.

BIN
modules/nixos/services/mail/sec/zoey-zoeycomputer-pw.age Normal file
View file

Binary file not shown.

168
modules/nixos/services/polaris2/default.nix Normal file
View file

@ -0,0 +1,168 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.services.polaris2;
settingsFormat = pkgs.formats.toml {};
in {
options = {
services.polaris2 = {
enable = lib.mkEnableOption "Polaris Music Server";
package = lib.mkPackageOption pkgs "polaris" {};
user = lib.mkOption {
type = lib.types.str;
default = "polaris";
description = "User account under which Polaris runs.";
};
group = lib.mkOption {
type = lib.types.str;
default = "polaris";
description = "Group under which Polaris is run.";
};
extraGroups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = "Polaris' auxiliary groups.";
example = lib.literalExpression ''["media" "music"]'';
};
port = lib.mkOption {
type = lib.types.port;
default = 5050;
description = ''
The port which the Polaris REST api and web UI should listen to.
Note: polaris is hardcoded to listen to the hostname "0.0.0.0".
'';
};
settings = lib.mkOption {
type = settingsFormat.type;
default = {};
description = ''
Contents for the TOML Polaris config, applied each start.
Although poorly documented, an example may be found here:
[CONFIGURATION.md](https://github.com/agersant/polaris/blob/46aed8096ee9d8702b5a98e6f3b1ff5db2bfc32a/docs/CONFIGURATION.md#format)
[test-config.toml](https://github.com/agersant/polaris/blob/46aed8096ee9d8702b5a98e6f3b1ff5db2bfc32a/test-data/config.toml)
'';
example = lib.literalExpression ''
{
settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800
settings.album_art_pattern =
"(cover|front|folder)\.(jpeg|jpg|png|bmp|gif)";
mount_dirs = [
{
name = "NAS";
source = "/mnt/nas/music";
}
{
name = "Local";
source = "/home/my_user/Music";
}
];
}
'';
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Open the configured port in the firewall.
'';
};
};
};
config = lib.mkIf cfg.enable {
systemd.services.polaris = {
description = "Polaris Music Server";
after = ["network.target"];
wantedBy = ["multi-user.target"];
serviceConfig = rec {
User = cfg.user;
Group = cfg.group;
DynamicUser = true;
SupplementaryGroups = cfg.extraGroups;
StateDirectory = "polaris";
CacheDirectory = "polaris";
ExecStart = lib.escapeShellArgs (
[
"${cfg.package}/bin/polaris"
"--foreground"
"--port"
cfg.port
"--database"
"/var/lib/${StateDirectory}/db.sqlite"
"--data"
"/var/lib/${StateDirectory}/data"
"--cache"
"/var/cache/${CacheDirectory}"
]
++ lib.optionals (cfg.settings != {}) [
"--config"
(settingsFormat.generate "polaris-config.toml" cfg.settings)
]
);
Restart = "on-failure";
# Security options:
#NoNewPrivileges = true; # implied by DynamicUser
#RemoveIPC = true; # implied by DynamicUser
AmbientCapabilities = "";
CapabilityBoundingSet = "";
DeviceAllow = "";
LockPersonality = true;
#PrivateTmp = true; # implied by DynamicUser
PrivateDevices = true;
PrivateUsers = true;
ProtectClock = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
RestrictNamespaces = true;
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictRealtime = true;
#RestrictSUIDSGID = true; # implied by DynamicUser
SystemCallArchitectures = "native";
SystemCallErrorNumber = "EPERM";
SystemCallFilter = [
"@system-service"
"~@cpu-emulation"
"~@debug"
"~@keyring"
"~@memlock"
"~@obsolete"
"~@privileged"
"~@setuid"
];
};
};
networking.firewall = lib.mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
};
};
meta.maintainers = with lib.maintainers; [pbsds];
}

49
modules/nixos/services/vpn/default.nix
View file

@ -15,7 +15,29 @@ in {
};
config = mkIf cfg.enable {
services.mullvad-vpn.enable = cfg.mullvad;
services.mullvad-vpn = {
enable = cfg.mullvad;
package = nixos-stable.mullvad;
};
#
# # Create a specific network namespace for VPN traffic
# systemd.services.mullvad-daemon = {
# serviceConfig = {
# NetworkNamespacePath = "/run/netns/mullvad";
# };
# };
#
# # Configure transmission to use Mullvad's SOCKS5 proxy
# # Configure transmission to use the Mullvad network namespace
# systemd.services.transmission = mkIf config.services.transmission.enable {
# serviceConfig = {
# NetworkNamespacePath = "/run/netns/mullvad";
# };
# # Make sure Mullvad is running before transmission starts
# requires = ["mullvad-daemon.service"];
# after = ["mullvad-daemon.service"];
# };
services.openvpn = {
servers = {
work = {
@ -27,14 +49,21 @@ in {
systemd.services.openvpn-work.wantedBy = lib.mkForce [];
systemd.services."mullvad-daemon".postStart = let
mullvad = config.services.mullvad-vpn.package;
in
mkIf cfg.mullvad ''
while ! ${mullvad}/bin/mullvad status >/dev/null; do sleep 1; done
${mullvad}/bin/mullvad auto-connect set on
${mullvad}/bin/mullvad tunnel set ipv6 on
${mullvad}/bin/mullvad connect
'';
# # Add necessary networking tools
# environment.systemPackages = with pkgs; [
# iproute2 # for ip netns commands
# ];
#
# # Setup network namespace
# systemd.services.setup-mullvad-netns = {
# description = "Setup Mullvad Network Namespace";
# before = ["mullvad-daemon.service"];
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart = "${pkgs.iproute2}/bin/ip netns add mullvad";
# ExecStop = "${pkgs.iproute2}/bin/ip netns delete mullvad";
# };
# };
};
}

22
modules/nixos/services/web/nginx/default.nix
View file

@ -26,12 +26,22 @@ in {
recommendedOptimisation = true;
recommendedTlsSettings = true;
sslDhparam = config.security.dhparams.params.nginx.path;
virtualHosts = {
"node.nyc.zackmyers.io" = {
forceSSL = true;
enableACME = true;
};
};
appendHttpConfig = ''
limit_req_zone $binary_remote_addr zone=iso_ratelimit:10m rate=1r/m;
limit_conn_zone $binary_remote_addr zone=iso_connlimit:10m;
access_log /var/log/nginx/blocked.log combined if=$ratelimited;
map $request_uri $ratelimited {
default 0;
~\.iso$ $limit_req_status;
}
'';
};
security.acme = {
acceptTerms = true;
defaults.email = "zach@zacharymyers.com";
};
};
}

60
modules/nixos/services/wg/default.nix Normal file
View file

@ -0,0 +1,60 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.services.wg;
in {
options.services.wg = with types; {
enable = mkBoolOpt false "Enable wg service(s)";
};
config = mkIf cfg.enable {
networking.nat.enable = false;
networking.nat.externalInterface = "enp5s0";
networking.nat.internalInterfaces = ["wg0"];
networking.firewall = {
allowedUDPPorts = [51820];
extraCommands = ''
# Allow WireGuard peer to access only Jellyfin
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -s 10.100.0.2 -d 192.168.1.83 -j ACCEPT
${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -s 10.100.0.3 -d 192.168.1.83 -j ACCEPT
'';
extraStopCommands = ''
# Clean up rules when stopping
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -s 10.100.0.2 -d 192.168.1.83 -j ACCEPT
${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -s 10.100.0.3 -d 192.168.1.83 -j ACCEPT
'';
};
networking.wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.1/24"];
listenPort = 51820;
privateKeyFile = "/home/zoey/wg-keys/private";
peers = [
# List of allowed peers.
{
# Feel free to give a meaning full name
# Public key of the peer (not a file path).
publicKey = "oxcliwRzjiYda7x90lv71R/PnnPxIWSVIjSjiv2DyBQ=";
# List of IPs assigned to this peer within the tunnel subnet. Used to configure routing.
allowedIPs = ["10.100.0.2/32" "192.168.1.83/32"];
}
{
publicKey = "+lWaMyRJOmijb3pSe8iufFO3lw2VW62uCn/ckJyAUxk=";
allowedIPs = ["10.100.0.3/32" "192.168.1.83/32"];
}
];
};
};
};
}

2
modules/nixos/sites/cv/default.nix
View file

@ -27,7 +27,7 @@ in {
root = "${inputs.resume.packages.${pkgs.system}.default}";
};
extraConfig = ''
index resume.pdf;
index ZacharyMyersResume.pdf;
'';
};
};

2
modules/nixos/sites/gitlab/default.nix
View file

@ -75,7 +75,7 @@ in {
mkdir -p -m 0755 /nix/var/nix/profiles/per-user/root
mkdir -p -m 0700 "$HOME/.nix-defexpr"
. ${pkgs.nix}/etc/profile.d/nix-daemon.sh
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-24.05 nixpkgs # 3
${pkgs.nix}/bin/nix-channel --add https://nixos.org/channels/nixos-24.11 nixpkgs # 3
${pkgs.nix}/bin/nix-channel --update nixpkgs
${pkgs.nix}/bin/nix-env -i ${concatStringsSep " " (with pkgs; [nix cacert git openssh])}
'';

7
modules/nixos/sites/gitlab/sec/gitlab-runner.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 CtmR6w UnmasP/1wPHR+LhLwOPU8n8xmYxzSxnz3zvnIxhKngY
bHwSyrccC/4a4X1nCSVR+Vl+Oi7Y1Sd5IzZjXVmkG5s
-> ssh-ed25519 RMNffg 5EgurJJqitwKtwze+WrcNmfFolK29aW0nqLyRFShamY
YsNxchVifSo+rBnhKsGYkVCxkHGmRH0FwnpLVjHYMH8
--- 0RY2Pmkw1TKwh8hCJ55R/6IYHWZAXrKra+y82GsJWNk
®<>MÑPpÿVš9Ýc¥ÅP<Õ¨´8m<5<>{ˆÊ8ïCê^+[S”-²ªÞ^%,­ò—˜0KÛ΀çºFDOµ NbY†ts@¬ó™5§ÓE­&Us¸P7È5å]ÇmPd˜h<CB9C>„ä¿ÎŽCz

35
modules/nixos/sites/immich/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.sites.immich;
in {
options.sites.immich = with types; {
enable = mkBoolOpt false "Enable Immich Photo backup";
};
config = mkIf cfg.enable {
services.immich.enable = true;
services.immich.port = 2283;
services.nginx.virtualHosts."i.zoeys.photos" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
};
}

16
modules/nixos/sites/jellyfin/default.nix
View file

@ -16,6 +16,22 @@ in {
services.jellyfin = {
enable = true;
openFirewall = true;
user = "zoey";
group = "users";
};
virtualisation.oci-containers = {
containers.jellyfin-vue = {
image = "ghcr.io/jellyfin/jellyfin-vue:unstable";
environment = {
"PUBLIC_JELLYFIN_API" = "http://localhost:8096";
};
ports = [
"8065:80"
];
};
};
networking.firewall.allowedTCPPorts = [8065];
};
}

22
modules/nixos/sites/mealie/default.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.sites.mealie;
in {
options.sites.mealie = with types; {
enable = mkBoolOpt false "Enable mealie";
};
config = mkIf cfg.enable {
services.mealie = {
enable = true;
port = 9090;
listenAddress = "127.0.0.1";
};
};
}

1
modules/nixos/sites/minio/default.nix
View file

@ -38,6 +38,7 @@ in {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
client_max_body_size 1G;
'';
};
};

12
modules/nixos/sites/mirror/default.nix
View file

@ -39,6 +39,18 @@ in {
locations."/".extraConfig = ''
autoindex on;
'';
locations."~* \.iso$".extraConfig = ''
limit_req zone=iso_ratelimit burst=20 nodelay;
limit_conn iso_connlimit 5;
limit_rate_after 10m;
limit_rate 500k;
if ($http_user_agent ~* "Transmission") {
access_log /var/log/nginx/blocked_transmission.log combined;
return 403;
}
'';
};
};
}

131
modules/nixos/sites/polaris/default.nix Normal file
View file

@ -0,0 +1,131 @@
{
lib,
config,
pkgs,
...
}:
with lib;
with lib.custom; let
cfg = config.sites.polaris;
polaris-web = pkgs.buildNpmPackage rec {
pname = "polaris-web";
version = "76";
src = pkgs.fetchFromGitHub {
owner = "agersant";
repo = "polaris-web";
rev = "build-${version}";
hash = "sha256-mGsgW6lRqCt+K2RrF2s4zhvYzH94K+GEXGUCn5ngBTY=";
};
npmDepsHash = "sha256-MVqC6mMdiqtJzAB8J8xdxO5xCwiibBasA3BvN6EiBSM=";
env.CYPRESS_INSTALL_BINARY = "0";
npmBuildScript = "build";
installPhase = ''
runHook preInstall
mkdir -p $out/share
cp -a dist $out/share/polaris-web
runHook postInstall
'';
};
polaris = pkgs.rustPlatform.buildRustPackage rec {
pname = "polaris";
version = "0.15.0";
src = pkgs.fetchFromGitHub {
owner = "agersant";
repo = "polaris";
tag = version;
hash = "sha256-uwYNyco4IY6lF+QSVEOVVhZCJ4nRkj8gsgRA0UydLHU=";
# The polaris version upstream in Cargo.lock is "0.0.0".
# We're unable to simply patch it in the patch phase due to
# rustPlatform.buildRustPackage fetching dependencies before applying patches.
# If we patch it after fetching dependencies we get an error when
# validating consistency between the final build and the prefetched deps.
postFetch = ''
# 'substituteInPlace' does not support multiline replacements?
sed -i $out/Cargo.lock -z \
-e 's/\[\[package\]\]\nname = "polaris"\nversion = "0.0.0"/[[package]]\nname = "polaris"\nversion = "'"${version}"'"/g'
'';
};
useFetchCargoVendor = true;
cargoHash = "sha256-EUUxKLLdXgNp7GWTWAkzdNHKogu4Voo8wjeFFzM9iEg=";
# Compile-time environment variables for where to find assets needed at runtime
env = {
POLARIS_WEB_DIR = "${polaris-web}/share/polaris-web";
};
preCheck = ''
# 'Err' value: Os { code: 24, kind: Uncategorized, message: "Too many open files" }
ulimit -n 4096
# to debug bumps
export RUST_BACKTRACE=1
'';
checkFlags = [
# requires network
"--skip=server::test::settings::put_settings_golden_path"
];
__darwinAllowLocalNetworking = true;
doCheck = false;
meta = with lib; {
description = "Self-host your music collection, and access it from any computer and mobile device";
longDescription = ''
Polaris is a FOSS music streaming application, designed to let you enjoy your music collection
from any computer or mobile device. Polaris works by streaming your music directly from your
own computer, without uploading it to a third-party. There are no kind of premium version.
The only requirement is that your computer stays on while it streams your music!
'';
homepage = "https://github.com/agersant/polaris";
license = licenses.mit;
maintainers = with maintainers; [pbsds];
platforms = platforms.unix;
mainProgram = "polaris";
};
};
in {
options.sites.polaris = with types; {
enable = mkBoolOpt false "Enable Music (Polaris)";
domain = mkStringOpt "music.zoeys.cloud" "The domain of the music instance";
};
config = mkIf cfg.enable {
services.polaris2 = {
enable = true;
package = polaris;
# group = "users";
# user = "zoey";
openFirewall = true;
settings = {
mount_dirs = [
{
name = "local";
source = "/home/zoey/Music/";
}
];
};
};
services.nginx.virtualHosts.${cfg.domain} = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.polaris.port}";
};
};
};
}

82
modules/nixos/ui/fonts/default.nix
View file

@ -31,53 +31,7 @@ in {
dejavu_fonts
iosevka
cantarell-fonts
# (let
# bolder = writeText "bolder.py" ''
# #!/usr/bin/env python
# # Script shamelessly stolen from: https://github.com/shytikov/pragmasevka
#
# import sys
# import fontforge
#
# if len(sys.argv) < 2:
# print("Please provide path prefix of the font to update!")
# exit()
#
# prefix = sys.argv[1]
#
# glyphs = [
# "exclam", "ampersand", "parenleft", "parenright", "asterisk", "plus",
# "comma", "hyphen", "period", "slash", "colon", "semicolon", "less",
# "equal", "greater", "question", "bracketleft", "backslash", "bracketright",
# "asciicircum", "braceleft", "bar", "braceright", "asciitilde",
# ]
#
# pairs = [
# ['regular', 'semibold'],
# ['regularItalic', 'semiboldItalic'],
# ['bold', 'black'],
# ['boldItalic', 'blackItalic'],
# ]
#
# for [recipient, donor] in pairs:
# font = f"{prefix}{recipient}.ttf"
# donor_font = f"{prefix}{donor}.ttf"
#
# target = fontforge.open(font)
# # Finding all punctuation
# target.selection.select(*glyphs)
# # and deleting it to make space
# for i in target.selection.byGlyphs:
# target.removeGlyph(i)
#
# source = fontforge.open(donor_font)
# source.selection.select(*glyphs)
# source.copy()
# target.paste()
#
# target.generate(font)
# '';
# in (iosevka.override
# (iosevka.override
# {
# set = "Custom";
# privateBuildPlan = ''
@ -90,34 +44,20 @@ in {
#
# [buildPlans.IosevkaCustom.variants]
# inherits = "ss08"
#
# [buildPlans.IosevkaCustom.widths.Normal]
# shape = 500
# menu = 5
# css = "normal"
# '';
# }))
# .overrideAttrs (oldAttrs: {
# buildInputs =
# (oldAttrs.buildInputs or [])
# ++ [
# pkgs.python3
# pkgs.python3Packages.fontforge
# ];
#
# postInstall = ''
# ${oldAttrs.postInstall or ""}
#
# echo $out
#
# cd $out/share/fonts/truetype
#
# PREFIX="IosevkaCustom-normal"
#
# python3 ${bolder} $PREFIX
# '';
# }))
# })
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
jetbrains-mono
nerd-fonts.iosevka
nerd-fonts.zed-mono
adwaita-fonts
# (nerdfonts.override {fonts = ["ZedMono" "Iosevka"];})
];
@ -127,11 +67,11 @@ in {
fontconfig = {
defaultFonts = {
monospace = [
"Pragmata Pro Mono"
# "Iosevka"
# "Pragmata Pro Mono"
"Iosevka"
"Noto Color Emoji"
];
sansSerif = ["Cantarell" "Noto Color Emoji"];
sansSerif = ["Adwaita Sans" "Noto Color Emoji"];
serif = ["Noto Serif" "Noto Color Emoji"];
emoji = ["Noto Color Emoji"];
};

2
packages/enc/default.nix
View file

@ -21,7 +21,7 @@ writeShellScriptBin "enc" ''
# Create recipient arguments for gpg
recipients=()
recipients+=("-r" "0x5F873416BCF59F35")
recipients+=("-r" "0xEE8A2B709E2401D1")
for recipient in "$@"; do
recipients+=("-r" "$recipient")
done

141
packages/mwc/default.nix Normal file
View file

@ -0,0 +1,141 @@
{
wayland-protocols,
wayland-scanner,
libxkbcommon,
makeWrapper,
pkg-config,
libinput,
wlroots_0_18,
wayland,
pixman,
xorg,
libdrm,
fetchFromGitHub,
stdenv,
ninja,
scdoc,
validatePkgConfig,
libGL,
mesa,
lib,
libglvnd,
meson,
}: let
scenefx = stdenv.mkDerivation (finalAttrs: {
pname = "scenefx";
version = "0.2.1";
src = fetchFromGitHub {
owner = "wlrfx";
repo = "scenefx";
rev = "87c0e8b6d5c86557a800445e8e4c322f387fe19c";
hash = "sha256-BLIADMQwPJUtl6hFBhh5/xyYwLFDnNQz0RtgWO/Ua8s=";
};
strictDeps = true;
depsBuildBuild = [pkg-config];
nativeBuildInputs = [
meson
ninja
pkg-config
scdoc
validatePkgConfig
wayland-scanner
];
buildInputs = [
libdrm
libGL
libxkbcommon
pixman
wayland
wayland-protocols
wlroots_0_18
mesa
];
meta = {
description = "Drop-in replacement for the wlroots scene API that allows wayland compositors to render surfaces with eye-candy effects";
homepage = "https://github.com/wlrfx/scenefx";
license = lib.licenses.mit;
mainProgram = "scenefx";
pkgConfigModules = ["scenefx"];
platforms = lib.platforms.all;
};
});
in
stdenv.mkDerivation {
pname = "mwc-wlr";
version = "unstable-0.1.0";
src = fetchFromGitHub {
owner = "dqrk0jeste";
repo = "mwc";
rev = "15c6a00e3ee85bce1bff812b69652b1e3211f637";
hash = "sha256-YJPkBuyyVXpGMQaOrCP1ECsF+kndFCIm/Fr2FR8fjt4=";
fetchSubmodules = true;
};
nativeBuildInputs = [
wayland-scanner
makeWrapper
pkg-config
meson
ninja
mesa
libglvnd.dev
scenefx
];
outputs = [
"out"
];
buildInputs = [
wayland-protocols
libxkbcommon
wlroots_0_18
libinput
wayland
mesa
libglvnd.dev
xorg.libxcb
libdrm
pixman
];
strictDeps = true;
depsBuildBuild = [
pkg-config
];
installPhase = ''
ls
mkdir -p $out/bin
mkdir -p $out/share
cp -r mwc $out/bin/
cp -r mwc-ipc $out/bin/
cp -r $src/default.conf $out/share/
runHook postInstall
'';
postInstall = ''
wrapProgram $out/bin/mwc --set MWC_DEFAULT_CONFIG_PATH "$out/share/default.conf"
'';
# HUUUUUUUUUGE thanks to https://github.com/dqrk0jeste ^^^
__structuredAttrs = true;
meta = {
description = "tiling wayland compositor based on wlroots.";
homepage = "https://github.com/dqrk0jeste/mwc";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [s0me1newithhand7s];
platforms = ["x86_64-linux"];
};
}

141
packages/renderdoc/default.nix Normal file
View file

@ -0,0 +1,141 @@
{
lib,
addDriverRunpath,
autoconf,
automake,
bison,
cmake,
fetchFromGitHub,
xorg,
libglvnd,
makeWrapper,
nix-update-script,
pcre,
pkg-config,
python311Packages,
qt5,
stdenv,
vulkan-loader,
wayland,
libsForQt5,
# Boolean flags
waylandSupport ? true,
...
}: let
custom_swig = fetchFromGitHub {
owner = "baldurk";
repo = "swig";
rev = "renderdoc-modified-7";
hash = "sha256-RsdvxBBQvwuE5wSwL8OBXg5KMSpcO6EuMS0CzWapIpc=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "renderdoc";
version = "1.36";
src = fetchFromGitHub {
owner = "baldurk";
repo = "renderdoc";
rev = "v${finalAttrs.version}";
hash = "sha256-a7jUWjNrpy3FnLRccljV7obAlnQwyMJrAaGf9iZa0UY=";
};
outputs = [
"out"
"dev"
"doc"
];
buildInputs =
[
xorg.libXdmcp
xorg.libpthreadstubs
python311Packages.pyside2
python311Packages.pyside2-tools
python311Packages.shiboken2
qt5.qtbase
qt5.qtsvg
vulkan-loader
]
++ lib.optionals waylandSupport [
wayland
libsForQt5.qt5.qtwayland
];
nativeBuildInputs = [
addDriverRunpath
autoconf
automake
bison
cmake
makeWrapper
pcre
pkg-config
python311Packages.python
qt5.qtx11extras
qt5.wrapQtAppsHook
];
cmakeFlags = [
(lib.cmakeFeature "BUILD_VERSION_HASH" finalAttrs.src.rev)
(lib.cmakeFeature "BUILD_VERSION_DIST_NAME" "NixOS")
(lib.cmakeFeature "BUILD_VERSION_DIST_VER" finalAttrs.version)
(lib.cmakeFeature "BUILD_VERSION_DIST_CONTACT" "https://github.com/NixOS/nixpkgs/")
(lib.cmakeBool "BUILD_VERSION_STABLE" true)
(lib.cmakeBool "ENABLE_WAYLAND" waylandSupport)
];
dontWrapQtApps = true;
strictDeps = true;
postUnpack = ''
cp -r ${custom_swig} swig
chmod -R +w swig
patchShebangs swig/autogen.sh
'';
# TODO: define these in the above array via placeholders, once those are
# widely supported
preConfigure = ''
cmakeFlagsArray+=(
"-DRENDERDOC_SWIG_PACKAGE=$PWD/../swig"
"-DVULKAN_LAYER_FOLDER=$out/share/vulkan/implicit_layer.d/"
)
'';
preFixup = let
libPath = lib.makeLibraryPath [
libglvnd
vulkan-loader
];
in ''
wrapQtApp $out/bin/qrenderdoc \
--suffix LD_LIBRARY_PATH : "$out/lib:${libPath}"
wrapProgram $out/bin/renderdoccmd \
--suffix LD_LIBRARY_PATH : "$out/lib:${libPath}"
'';
# The only documentation for this so far is in the setup-hook.sh script from
# add-opengl-runpath
postFixup = ''
addDriverRunpath $out/lib/librenderdoc.so
'';
passthru.updateScript = nix-update-script {};
meta = {
homepage = "https://renderdoc.org/";
description = "Single-frame graphics debugger";
longDescription = ''
RenderDoc is a free MIT licensed stand-alone graphics debugger that
allows quick and easy single-frame capture and detailed introspection
of any application using Vulkan, D3D11, OpenGL or D3D12 across
Windows 7 - 10, Linux or Android.
'';
license = lib.licenses.mit;
mainProgram = "renderdoccmd";
maintainers = with lib.maintainers; [AndersonTorres];
platforms = lib.intersectLists lib.platforms.linux (lib.platforms.x86_64 ++ lib.platforms.i686);
};
})

210
packages/vesktop/default.nix
View file

@ -1,210 +0,0 @@
{
lib,
stdenv,
stdenvNoCC,
fetchFromGitHub,
substituteAll,
makeWrapper,
makeDesktopItem,
copyDesktopItems,
vencord,
electron,
libicns,
jq,
moreutils,
cacert,
pipewire,
libpulseaudio,
autoPatchelfHook,
withTTS ? true,
# Enables the use of vencord from nixpkgs instead of
# letting vesktop manage it's own version
withSystemVencord ? false,
}:
stdenv.mkDerivation (finalAttrs: {
pname = "vesktop";
version = "1.5.3";
src = fetchFromGitHub {
owner = "Vencord";
repo = "Vesktop";
rev = "8993b0d";
hash = "sha256-R8MT8Z5oHJTAXE2SAcq+yAeVkUEhisLOUaUyMAwFy4w=";
};
# NOTE: This requires pnpm 8.10.0 or newer
# https://github.com/pnpm/pnpm/pull/7214
pnpmDeps = assert lib.versionAtLeast lib.custom.pkgs-unstable.nodePackages.pnpm.version "8.10.0";
stdenvNoCC.mkDerivation {
pname = "${finalAttrs.pname}-pnpm-deps";
inherit
(finalAttrs)
src
version
patches
ELECTRON_SKIP_BINARY_DOWNLOAD
;
nativeBuildInputs = [
cacert
jq
moreutils
lib.custom.pkgs-unstable.nodePackages.pnpm
];
# inspired by https://github.com/NixOS/nixpkgs/blob/763e59ffedb5c25774387bf99bc725df5df82d10/pkgs/applications/misc/pot/default.nix#L56
# and based on https://github.com/NixOS/nixpkgs/pull/290715
installPhase = ''
runHook preInstall
pnpm -v
export HOME=$(mktemp -d)
pnpm config set store-dir $out
# Some packages produce platform dependent outputs. We do not want to cache those in the global store
pnpm config set side-effects-cache false
# pnpm is going to warn us about using --force
# --force allows us to fetch all dependencies including ones that aren't meant for our host platform
pnpm install --force --frozen-lockfile --ignore-script
'';
fixupPhase = ''
runHook preFixup
# Remove timestamp and sort the json files
rm -rf $out/v3/tmp
for f in $(find $out -name "*.json"); do
sed -i -E -e 's/"checkedAt":[0-9]+,//g' $f
jq --sort-keys . $f | sponge $f
done
runHook postFixup
'';
dontConfigure = true;
dontBuild = true;
outputHashMode = "recursive";
outputHash = "sha256-FI2CGnbM5TYnh7+CBU0Bbo9I2RwlbGxb+OF/dlh0r0c=";
};
nativeBuildInputs = [
autoPatchelfHook
copyDesktopItems
makeWrapper
lib.custom.pkgs-unstable.nodePackages.pnpm
lib.custom.pkgs-unstable.nodePackages.nodejs
];
buildInputs = [
libpulseaudio
pipewire
stdenv.cc.cc.lib
];
patches =
[./disable_update_checking.patch]
++ lib.optional withSystemVencord (substituteAll {
inherit vencord;
src = ./use_system_vencord.patch;
});
ELECTRON_SKIP_BINARY_DOWNLOAD = 1;
configurePhase = ''
runHook preConfigure
export HOME=$(mktemp -d)
export STORE_PATH=$(mktemp -d)
cp -Tr "$pnpmDeps" "$STORE_PATH"
chmod -R +w "$STORE_PATH"
pnpm config set store-dir "$STORE_PATH"
pnpm install --frozen-lockfile --ignore-script --offline
patchShebangs node_modules/{*,.*}
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
pnpm build
# using `pnpm exec` here apparently makes it ignore ELECTRON_SKIP_BINARY_DOWNLOAD
./node_modules/.bin/electron-builder \
--dir \
-c.asarUnpack="**/*.node" \
-c.electronDist=${electron}/libexec/electron \
-c.electronVersion=${electron.version}
runHook postBuild
'';
# this is consistent with other nixpkgs electron packages and upstream, as far as I am aware
installPhase = ''
runHook preInstall
mkdir -p $out/opt/Vesktop
cp -r dist/linux-*unpacked/resources $out/opt/Vesktop/
pushd build
${libicns}/bin/icns2png -x icon.icns
for file in icon_*x32.png; do
file_suffix=''${file//icon_}
install -Dm0644 $file $out/share/icons/hicolor/''${file_suffix//x32.png}/apps/vesktop.png
done
makeWrapper ${electron}/bin/electron $out/bin/vesktop \
--add-flags $out/opt/Vesktop/resources/app.asar \
${lib.optionalString withTTS "--add-flags \"--enable-speech-dispatcher\""} \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime}}"
runHook postInstall
'';
desktopItems = [
(makeDesktopItem {
name = "vesktop";
desktopName = "Vesktop";
exec = "vesktop %U";
icon = "vesktop";
startupWMClass = "Vesktop";
genericName = "Internet Messenger";
keywords = [
"discord"
"vencord"
"electron"
"chat"
];
categories = [
"Network"
"InstantMessaging"
"Chat"
];
})
];
passthru = {
inherit (finalAttrs) pnpmDeps;
};
meta = {
description = "An alternate client for Discord with Vencord built-in";
homepage = "https://github.com/Vencord/Vesktop";
changelog = "https://github.com/Vencord/Vesktop/releases/tag/${finalAttrs.src.rev}";
license = lib.licenses.gpl3Only;
maintainers = with lib.maintainers; [
getchoo
Scrumplex
vgskye
pluiedev
];
platforms = [
"x86_64-linux"
"aarch64-linux"
];
mainProgram = "vesktop";
};
})

181
packages/vesktop/disable_update_checking.patch
View file

@ -1,181 +0,0 @@
diff --git a/package.json b/package.json
index 481c91b..7217e01 100644
--- a/package.json
+++ b/package.json
@@ -24,8 +24,7 @@
"updateMeta": "tsx scripts/utils/updateMeta.mts"
},
"dependencies": {
- "arrpc": "github:OpenAsar/arrpc#5aadc307cb9bf4479f0a12364a253b07a77ace22",
- "electron-updater": "^6.3.4"
+ "arrpc": "github:OpenAsar/arrpc#5aadc307cb9bf4479f0a12364a253b07a77ace22"
},
"optionalDependencies": {
"@vencord/venmic": "^6.1.0"
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 18e57ff..a600375 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -16,9 +16,6 @@ importers:
arrpc:
specifier: github:OpenAsar/arrpc#5aadc307cb9bf4479f0a12364a253b07a77ace22
version: https://codeload.github.com/OpenAsar/arrpc/tar.gz/5aadc307cb9bf4479f0a12364a253b07a77ace22(patch_hash=biyukfa6dww2wxujy4eyvkhrti)
- electron-updater:
- specifier: ^6.3.4
- version: 6.3.4
optionalDependencies:
'@vencord/venmic':
specifier: ^6.1.0
@@ -1007,9 +1004,6 @@ packages:
electron-publish@25.0.3:
resolution: {integrity: sha512-wSGm+TFK2lArswIFBPLuIRHbo945s3MCvG5y1xVC57zL/PsrElUkaGH2ERtRrcKNpaDNq77rDA9JnMJhAFJjUg==}
- electron-updater@6.3.4:
- resolution: {integrity: sha512-uZUo7p1Y53G4tl6Cgw07X1yF8Jlz6zhaL7CQJDZ1fVVkOaBfE2cWtx80avwDVi8jHp+I/FWawrMgTAeCCNIfAg==}
-
electron@32.1.2:
resolution: {integrity: sha512-CXe6doFzhmh1U7daOvUzmF6Cj8hssdYWMeEPRnRO6rB9/bbwMlWctcQ7P8NJXhLQ88/vYUJQrJvlJPh8qM0BRQ==}
engines: {node: '>= 12.20.55'}
@@ -1785,15 +1779,9 @@ packages:
lodash.difference@4.5.0:
resolution: {integrity: sha512-dS2j+W26TQ7taQBGN8Lbbq04ssV3emRw4NY58WErlTO29pIqS0HmoT5aJ9+TUQ1N3G+JOZSji4eugsWwGp9yPA==}
- lodash.escaperegexp@4.1.2:
- resolution: {integrity: sha512-TM9YBvyC84ZxE3rgfefxUWiQKLilstD6k7PTGt6wfbtXF8ixIJLOL3VYyV/z+ZiPLsVxAsKAFVwWlWeb2Y8Yyw==}
-
lodash.flatten@4.4.0:
resolution: {integrity: sha512-C5N2Z3DgnnKr0LOpv/hKCgKdb7ZZwafIrsesve6lmzvZIRZRGaZ/l6Q8+2W7NaT+ZwO3fFlSCzCzrDCFdJfZ4g==}
- lodash.isequal@4.5.0:
- resolution: {integrity: sha512-pDo3lu8Jhfjqls6GkMgpahsF9kCyayhgykjyLMNFTKWrpVdAQtYyB4muAMWozBB4ig/dtWAmsMxLEI8wuz+DYQ==}
-
lodash.isplainobject@4.0.6:
resolution: {integrity: sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==}
@@ -2485,9 +2473,6 @@ packages:
text-table@0.2.0:
resolution: {integrity: sha512-N+8UisAXDGk8PFXP4HAzVR9nbfmVJ3zYLAWiTIoqC5v5isinhr+r5uaO8+7r3BMfuNIufIsA7RdpVgacC2cSpw==}
- tiny-typed-emitter@2.1.0:
- resolution: {integrity: sha512-qVtvMxeXbVej0cQWKqVSSAHmKZEHAvxdF8HEUBFWts8h+xEo5m/lEiPakuyZ3BnCBjOD8i24kzNOiOLLgsSxhA==}
-
tmp-promise@3.0.3:
resolution: {integrity: sha512-RwM7MoPojPxsOBYnyd2hy0bxtIlVrihNs9pj5SUvY8Zz1sQcQG2tG1hSr8PDxfgEB8RNKDhqbIlroIarSNDNsQ==}
@@ -3214,7 +3199,7 @@ snapshots:
app-builder-bin@5.0.0-alpha.7: {}
- app-builder-lib@25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)):
+ app-builder-lib@25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)):
dependencies:
'@develar/schema-utils': 2.6.5
'@electron/notarize': 2.3.2
@@ -3229,7 +3214,7 @@ snapshots:
builder-util-runtime: 9.2.5
chromium-pickle-js: 0.2.0
debug: 4.3.7
- dmg-builder: 25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
+ dmg-builder: 25.0.5(electron-builder-squirrel-windows@25.0.5)
ejs: 3.1.10
electron-builder-squirrel-windows: 25.0.5(dmg-builder@25.0.5)
electron-publish: 25.0.3
@@ -3744,9 +3729,9 @@ snapshots:
'@types/react': 17.0.2
moment: 2.30.1
- dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)):
+ dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5):
dependencies:
- app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
+ app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
builder-util: 25.0.3
builder-util-runtime: 9.2.5
fs-extra: 10.1.0
@@ -3789,7 +3774,7 @@ snapshots:
electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5):
dependencies:
- app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
+ app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
archiver: 5.3.2
builder-util: 25.0.3
fs-extra: 10.1.0
@@ -3800,11 +3785,11 @@ snapshots:
electron-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)):
dependencies:
- app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5)))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
+ app-builder-lib: 25.0.5(dmg-builder@25.0.5(electron-builder-squirrel-windows@25.0.5))(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
builder-util: 25.0.3
builder-util-runtime: 9.2.5
chalk: 4.1.2
- dmg-builder: 25.0.5(electron-builder-squirrel-windows@25.0.5(dmg-builder@25.0.5))
+ dmg-builder: 25.0.5(electron-builder-squirrel-windows@25.0.5)
fs-extra: 10.1.0
is-ci: 3.0.1
lazy-val: 1.0.5
@@ -3828,19 +3813,6 @@ snapshots:
transitivePeerDependencies:
- supports-color
- electron-updater@6.3.4:
- dependencies:
- builder-util-runtime: 9.2.5
- fs-extra: 10.1.0
- js-yaml: 4.1.0
- lazy-val: 1.0.5
- lodash.escaperegexp: 4.1.2
- lodash.isequal: 4.5.0
- semver: 7.6.3
- tiny-typed-emitter: 2.1.0
- transitivePeerDependencies:
- - supports-color
-
electron@32.1.2:
dependencies:
'@electron/get': 2.0.3
@@ -4739,12 +4711,8 @@ snapshots:
lodash.difference@4.5.0: {}
- lodash.escaperegexp@4.1.2: {}
-
lodash.flatten@4.4.0: {}
- lodash.isequal@4.5.0: {}
-
lodash.isplainobject@4.0.6: {}
lodash.merge@4.6.2: {}
@@ -5498,8 +5466,6 @@ snapshots:
text-table@0.2.0: {}
- tiny-typed-emitter@2.1.0: {}
-
tmp-promise@3.0.3:
dependencies:
tmp: 0.2.3
diff --git a/src/main/index.ts b/src/main/index.ts
index 2e0d6f7..f8a67e4 100644
--- a/src/main/index.ts
+++ b/src/main/index.ts
@@ -7,7 +7,6 @@
import "./ipc";
import { app, BrowserWindow, nativeTheme } from "electron";
-import { autoUpdater } from "electron-updater";
import { DATA_DIR } from "./constants";
import { createFirstLaunchTour } from "./firstLaunch";
@@ -19,8 +18,6 @@ import { isDeckGameMode } from "./utils/steamOS";
if (IS_DEV) {
require("source-map-support").install();
-} else {
- autoUpdater.checkForUpdatesAndNotify();
}
// Make the Vencord files use our DATA_DIR
// Make the Vencord files use our DATA_DIR

13
packages/vesktop/use_system_vencord.patch
View file

@ -1,13 +0,0 @@
diff --git a/src/main/constants.ts b/src/main/constants.ts
index d5c5fa6..a1b32f1 100644
--- a/src/main/constants.ts
+++ b/src/main/constants.ts
@@ -16,7 +16,7 @@ export const VENCORD_THEMES_DIR = join(DATA_DIR, "themes");
// needs to be inline require because of circular dependency
// as otherwise "DATA_DIR" (which is used by ./settings) will be uninitialised
export const VENCORD_FILES_DIR =
- (require("./settings") as typeof import("./settings")).Settings.store.vencordDir || join(DATA_DIR, "vencordDist");
+ (require("./settings") as typeof import("./settings")).Settings.store.vencordDir || "@vencord@";
export const USER_AGENT = `Vesktop/${app.getVersion()} (https://github.com/Vencord/Vesktop)`;

2
shells/default/default.nix
View file

@ -6,11 +6,11 @@
mkShell {
packages = with pkgs; [
nil
nixd
alejandra
stylua
lua-language-server
luajitPackages.lua-lsp
python3
nixos-anywhere
];
}

58
systems/x86_64-linux/earth/default.nix
View file

@ -30,7 +30,37 @@
hardware.keyboard.qmk.enable = true;
programs.nix-ld.enable = true;
programs.steam.enable = true;
# services.monero.mining.enable = true;
# services.monero.enable = true;
# services.monero.mining.address = "485XKPKG38bSJBUa4SPenAEFt8Wgj2hWC97PNBpFHniwNXnDNZ9xar5hHb6qLQeyK2Kk3Fw2cxxPSLjgyqr5CxXAUkUsDDx";
# services.monero.mining.threads = 4;
hardware.march = {
arch = "znver3";
enableNativeOptimizations = true;
cpu.vcores = 32;
memory.total = 32;
};
specialisation = {
plasma6 = {
configuration = {
services.xserver.desktopManager.plasma6.enable = true;
programs.seahorse.enable = lib.mkForce false;
};
};
};
programs.steam = {
enable = true;
extraPackages = with pkgs; [
qt5.qtwayland
];
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
programs.steam.gamescopeSession.enable = true;
programs.gamemode.enable = true;
@ -50,7 +80,7 @@
services.lorri.enable = true;
services.udisks2.enable = true;
services.transmission = {
enable = true;
enable = false;
package = pkgs.transmission_4;
settings = {
download-dir = "/home/zoey/Downloads";
@ -61,9 +91,9 @@
group = "users";
};
services.gnome.gnome-keyring.enable = true;
services.solaar = {
enable = true;
};
# services.solaar = {
# enable = true;
# };
services._1password = {
enable = true;
polkitPolicyOwnerUsername = "zoey";
@ -88,6 +118,15 @@
};
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelPatches = [
{
name = "bsb-patches";
patch = pkgs.fetchpatch {
url = "https://gist.githubusercontent.com/galister/08cddf10ac18929647d5fb6308df3e4b/raw/0f6417b6cb069f19d6c28b730499c07de06ec413/combined-bsb-6-10.patch";
hash = "sha256-u8O4foBHhU+T3yYkguBZ14EyCKujPzHh1TwFRg6GMsA=";
};
}
];
boot.supportedFilesystems = ["ntfs"];
services.dlna.enable = false;
@ -105,10 +144,13 @@
hardware.bluetooth.powerOnBoot = true;
services.blueman.enable = true;
services.wg.enable = true;
# home-manager.useGlobalPkgs = false;
environment.systemPackages = [
pkgs.sbctl
pkgs.vesktop
lib.custom.nixos-stable.vesktop
pkgs.mangohud
pkgs.lutris
pkgs.bottles
@ -120,6 +162,8 @@
pkgs.transmission_4
pkgs.protonup-qt
pkgs.restic
inputs.opnix.packages.${system}.default
pkgs.qt5.qtwayland
(inputs.umu.packages.${system}.umu.override {
version = inputs.umu.shortRev;
truststore = true;
@ -226,6 +270,7 @@
programs.virt-manager.enable = true;
sites.jellyfin.enable = true;
sites.mealie.enable = false;
virtualisation.containers.enable = true;
virtualisation.podman = {
@ -233,6 +278,7 @@
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
virtualisation.waydroid.enable = true;
hardware.gpu-passthru.enable = true;
system.stateVersion = "24.05";

70
systems/x86_64-linux/juno/default.nix Normal file
View file

@ -0,0 +1,70 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
80
443
];
networking.firewall.allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s = {
enable = true;
role = "server";
token = "e73bb24efa7c545165e7edaf357bc8cfe0fc3e579ff41f6cdc4ea6b81f34ebd9c9ec13f27fb6d4aa5824dec3ac5c57dbf36460c5255fc434c2d33507e38578cb";
clusterInit = true;
};
services.k3s.extraFlags = [
"-tls-san=134.199.176.87"
"--egress-selector-mode=disabled"
"--disable=traefik"
"--bind-address=0.0.0.0"
"--advertise-address=134.199.176.87"
];
# do not use DHCP, as DigitalOcean provisions IPs using cloud-init
networking.useDHCP = lib.mkForce false;
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = ["ConfigDrive"];
datasource.ConfigDrive = {};
};
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/juno/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

16784
systems/x86_64-linux/pluto/blocked.txt Normal file
View file

File diff suppressed because it is too large Load diff

38
systems/x86_64-linux/pluto/default.nix
View file

@ -37,7 +37,22 @@
services.web.nginx.enable = true;
services.gh.enable = true;
services.fail2ban.enable = true;
services.fail2ban = {
enable = true;
jails.DDOS = ''
filter = nginx-limit-req
action = iptables-allports[name=HTTP, protocol=all]
logpath = /var/log/nginx/blocked.log
findtime = 600
maxretry = 20
bantime = 3600
'';
};
services.nginx.virtualHosts."node.nyc.zackmyers.io" = {
forceSSL = true;
enableACME = true;
};
services.atproto-pds = {
enable = true;
@ -77,9 +92,11 @@
pterodactyl.enable = true;
search.enable = true;
map.enable = true;
hydra.enable = true;
hydra.enable = false;
cache.enable = true;
minio.enable = true;
immich.enable = true;
polaris.enable = false;
zoeycomputer = {
enable = true;
domain = "zoeys.computer";
@ -239,6 +256,23 @@
permitRootLogin = "no";
};
networking.firewall.enable = true;
networking.firewall.extraPackages = [pkgs.ipset];
networking.firewall.extraCommands = ''
ipset create blocked_ips hash:ip
while IFS= read -r ip; do
ipset add blocked_ips "$ip"
done < ${./blocked.txt}
iptables -A INPUT -m set --set blocked_ips src -j DROP
iptables -A INPUT -m set --set blocked_ips src -j LOG --log-prefix "INPUT:DROP:" --log-level 6
'';
networking.firewall.extraStopCommands = ''
iptables -D INPUT -m set --set blocked_ips src -j DROP || true
iptables -A INPUT -m set --set blocked_ips src -j LOG --log-prefix "INPUT:DROP:" --log-level 6 || true
ipset destroy blocked_ips || true
'';
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [80 443 6969 2022 16262];
networking.firewall.allowedTCPPortRanges = [

16785
systems/x86_64-linux/pluto/export.csv Normal file
View file

File diff suppressed because it is too large Load diff

80
systems/x86_64-linux/venus/default.nix Normal file
View file

@ -0,0 +1,80 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
nix.settings = {
trusted-users = ["zoey"];
};
networking.useDHCP = lib.mkForce false;
networking.interfaces.ens3.ipv4.addresses = [
{
address = "185.112.147.15";
prefixLength = 24;
}
];
networking.nameservers = ["93.95.224.28" "93.95.224.29"];
networking.defaultGateway = "185.112.147.1";
programs.zsh.enable = true;
services.web.nginx.enable = true;
services.mail.enable = true;
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
users.users.zoey = {
isNormalUser = true;
description = "zoey";
extraGroups = ["networkmanager" "wheel"];
shell = pkgs.zsh;
hashedPassword = "$6$LZdeNTlfOEivWraB$J3/kQ5YHbcdd4J4oJ.0NJ7/MeRgdDHcemy4zIG1uAtI6637Glj6kPCPpJyyCRKN3I9NLRfZDLRBbwtSCtY.4B.";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
};
snowfallorg.users.zoey = {
create = true;
admin = false;
home = {
enable = true;
};
};
services.mc-honeypot = {
enable = true;
openFirewall = true;
settings = {
"webhook-url" = "https://discord.com/api/webhooks/1348850542398410834/1fqV4QLh4uTTuwZ0DjOczZa6gkDjsYECSlmWBwTXHWcYTHhwsE1ZLTP17z5v-vh6nn7H";
};
};
networking.firewall.allowedTCPPorts = [80 443];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/venus/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}

28
systems/x86_64-linux/venus/hardware-configuration.nix Normal file
View file

@ -0,0 +1,28 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

66
systems/x86_64-linux/vesta/default.nix Normal file
View file

@ -0,0 +1,66 @@
{
modulesPath,
lib,
pkgs,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
./disk-config.nix
];
boot.loader.grub = {
# no need to set devices, disko will add all devices that have a EF02 partition to the list already
# devices = [ ];
efiSupport = true;
efiInstallAsRemovable = true;
};
services.openssh.enable = true;
# do not use DHCP, as DigitalOcean provisions IPs using cloud-init
networking.useDHCP = lib.mkForce false;
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = ["ConfigDrive"];
datasource.ConfigDrive = {};
};
};
networking.firewall.allowedTCPPorts = [
6443 # k3s: required so that pods can reach the API server (running on port 6443 by default)
2379 # k3s, etcd clients: required if using a "High Availability Embedded etcd" configuration
2380 # k3s, etcd peers: required if using a "High Availability Embedded etcd" configuration
80
443
];
networking.firewall.allowedUDPPorts = [
8472 # k3s, flannel: required if using multi-node for inter-node networking
];
services.k3s = {
enable = true;
role = "agent"; # Or "agent" for worker only nodes
token = "e73bb24efa7c545165e7edaf357bc8cfe0fc3e579ff41f6cdc4ea6b81f34ebd9c9ec13f27fb6d4aa5824dec3ac5c57dbf36460c5255fc434c2d33507e38578cb";
serverAddr = "https://134.199.176.87:6443";
extraFlags = [
# "--advertise-address=174.138.106.48"
# "--disable=traefik"
];
};
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFuw7D+qDzzxBKsfKEmMd7odc98m3ZEnqWYFtuKwvC9k zoey@earth"
];
system.stateVersion = "24.05";
}

55
systems/x86_64-linux/vesta/disk-config.nix Normal file
View file

@ -0,0 +1,55 @@
# Example to create a bios compatible gpt partition
{lib, ...}: {
disko.devices = {
disk.disk1 = {
device = lib.mkDefault "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
};
};
};
};
}