migration start · aottr.dev/otterden@53b5dfa

-162

flake.lock

··· 1 - { 2 - "nodes": { 3 - "agenix": { 4 - "inputs": { 5 - "darwin": "darwin", 6 - "home-manager": "home-manager", 7 - "nixpkgs": [ 8 - "nixpkgs" 9 - ], 10 - "systems": "systems" 11 - }, 12 - "locked": { 13 - "lastModified": 1723293904, 14 - "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", 15 - "owner": "ryantm", 16 - "repo": "agenix", 17 - "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", 18 - "type": "github" 19 - }, 20 - "original": { 21 - "owner": "ryantm", 22 - "repo": "agenix", 23 - "type": "github" 24 - } 25 - }, 26 - "catppuccin": { 27 - "locked": { 28 - "lastModified": 1731232837, 29 - "narHash": "sha256-0aIwr/RC/oe7rYkfJb47xjdEQDSNcqpFGsEa+EPlDEs=", 30 - "owner": "catppuccin", 31 - "repo": "nix", 32 - "rev": "32359bf226fe874d3b7a0a5753d291a4da9616fe", 33 - "type": "github" 34 - }, 35 - "original": { 36 - "owner": "catppuccin", 37 - "repo": "nix", 38 - "type": "github" 39 - } 40 - }, 41 - "darwin": { 42 - "inputs": { 43 - "nixpkgs": [ 44 - "agenix", 45 - "nixpkgs" 46 - ] 47 - }, 48 - "locked": { 49 - "lastModified": 1700795494, 50 - "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", 51 - "owner": "lnl7", 52 - "repo": "nix-darwin", 53 - "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", 54 - "type": "github" 55 - }, 56 - "original": { 57 - "owner": "lnl7", 58 - "ref": "master", 59 - "repo": "nix-darwin", 60 - "type": "github" 61 - } 62 - }, 63 - "home-manager": { 64 - "inputs": { 65 - "nixpkgs": [ 66 - "agenix", 67 - "nixpkgs" 68 - ] 69 - }, 70 - "locked": { 71 - "lastModified": 1703113217, 72 - "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", 73 - "owner": "nix-community", 74 - "repo": "home-manager", 75 - "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", 76 - "type": "github" 77 - }, 78 - "original": { 79 - "owner": "nix-community", 80 - "repo": "home-manager", 81 - "type": "github" 82 - } 83 - }, 84 - "home-manager_2": { 85 - "inputs": { 86 - "nixpkgs": [ 87 - "nixpkgs" 88 - ] 89 - }, 90 - "locked": { 91 - "lastModified": 1732482255, 92 - "narHash": "sha256-GUffLwzawz5WRVfWaWCg78n/HrBJrOG7QadFY6rtV8A=", 93 - "owner": "nix-community", 94 - "repo": "home-manager", 95 - "rev": "a9953635d7f34e7358d5189751110f87e3ac17da", 96 - "type": "github" 97 - }, 98 - "original": { 99 - "owner": "nix-community", 100 - "repo": "home-manager", 101 - "type": "github" 102 - } 103 - }, 104 - "nixos-hardware": { 105 - "locked": { 106 - "lastModified": 1732483221, 107 - "narHash": "sha256-kF6rDeCshoCgmQz+7uiuPdREVFuzhIorGOoPXMalL2U=", 108 - "owner": "NixOS", 109 - "repo": "nixos-hardware", 110 - "rev": "45348ad6fb8ac0e8415f6e5e96efe47dd7f39405", 111 - "type": "github" 112 - }, 113 - "original": { 114 - "owner": "NixOS", 115 - "repo": "nixos-hardware", 116 - "type": "github" 117 - } 118 - }, 119 - "nixpkgs": { 120 - "locked": { 121 - "lastModified": 1732014248, 122 - "narHash": "sha256-y/MEyuJ5oBWrWAic/14LaIr/u5E0wRVzyYsouYY3W6w=", 123 - "owner": "nixos", 124 - "repo": "nixpkgs", 125 - "rev": "23e89b7da85c3640bbc2173fe04f4bd114342367", 126 - "type": "github" 127 - }, 128 - "original": { 129 - "owner": "nixos", 130 - "ref": "nixos-unstable", 131 - "repo": "nixpkgs", 132 - "type": "github" 133 - } 134 - }, 135 - "root": { 136 - "inputs": { 137 - "agenix": "agenix", 138 - "catppuccin": "catppuccin", 139 - "home-manager": "home-manager_2", 140 - "nixos-hardware": "nixos-hardware", 141 - "nixpkgs": "nixpkgs" 142 - } 143 - }, 144 - "systems": { 145 - "locked": { 146 - "lastModified": 1681028828, 147 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 148 - "owner": "nix-systems", 149 - "repo": "default", 150 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 151 - "type": "github" 152 - }, 153 - "original": { 154 - "owner": "nix-systems", 155 - "repo": "default", 156 - "type": "github" 157 - } 158 - } 159 - }, 160 - "root": "root", 161 - "version": 7 162 - }

+20 -62

flake.nix

··· 1 1 { 2 - description = "Home Manager configuration of alex"; 3 - 4 2 inputs = { 5 - # Specify the source of Home Manager and Nixpkgs. 6 - nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; 7 - catppuccin.url = "github:catppuccin/nix"; 8 - nixos-hardware.url = "github:NixOS/nixos-hardware"; 9 - home-manager = { 10 - url = "github:nix-community/home-manager"; 11 - inputs.nixpkgs.follows = "nixpkgs"; 12 - }; 13 - agenix = { 14 - url = "github:ryantm/agenix"; 3 + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 4 + disko = { 5 + url = "github:nix-community/disko"; 15 6 inputs.nixpkgs.follows = "nixpkgs"; 16 7 }; 17 8 }; 18 9 19 - outputs = inputs @ { nixpkgs, catppuccin, home-manager, agenix, nixos-hardware, ... }: 20 - let 21 - system = "x86_64-linux"; 22 - pkgs = nixpkgs.legacyPackages.${system}; 23 - in { 24 - 25 - # TODO optimize HM config (currently just otter / Framework) 26 - homeConfigurations."alex" = home-manager.lib.homeManagerConfiguration { 27 - inherit pkgs; 28 - 29 - # Specify your home configuration modules here, for example, 30 - # the path to your home.nix. 31 - modules = [ 32 - ./home/otter 33 - catppuccin.homeManagerModules.catppuccin 34 - ]; 35 - 36 - # Optionally use extraSpecialArgs 37 - # to pass through arguments to home.nix 38 - }; 39 - 40 - nixosConfigurations = let 41 - username = "alex"; 42 - #system = "x86_64-linux"; 43 - nixosSystem = import ./lib/nixosSystem.nix; 44 - home-module = import ./home/ferret; 45 - nixos-modules =./nixos/ferret; 46 - ferret_modules = { 47 - inherit nixos-modules; 48 - inherit home-module; 49 - }; 10 + outputs = 11 + { 12 + nixpkgs, 13 + disko, 14 + ... 15 + }: 16 + { 50 17 51 - otter_modules = { 52 - nixos-modules = ./nixos/otter; 53 - home-module = ./home/otter; 18 + # nixos-anywhere --flake .#polecat --generate-hardware-config nixos-generate-config ./hardware-configuration.nix root@192.168.1.50 19 + nixosConfigurations.polecat = nixpkgs.lib.nixosSystem { 20 + system = "x86_64-linux"; 21 + modules = [ 22 + disko.nixosModules.disko 23 + ./hosts/polecat/configuration.nix 24 + ./hosts/polecat/hardware-configuration.nix 25 + ]; 54 26 }; 55 - args = { 56 - inherit inputs; 57 - inherit nixpkgs; 58 - inherit home-manager; 59 - inherit system; 60 - specialArgs = { 61 - inherit inputs; 62 - inherit username; 63 - }; 64 - }; 65 - in { 66 - ferret = nixosSystem (ferret_modules // args); 67 - otter = nixosSystem (otter_modules // args); 68 - }; 69 - }; 70 - } 27 + }; 28 + }

-12

home/common/dev/blog.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - home.packages = with pkgs; [ 9 - hugo # cli for content creation 10 - ]; 11 - 12 - }

-18

home/common/dev/default.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - home.packages = with pkgs; [ 9 - nodejs_22 # node for intellij etc 10 - devenv 11 - direnv 12 - age 13 - sops 14 - kubectl 15 - ]; 16 - 17 - programs.k9s.enable = true; 18 - }

-85

home/common/firefox.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - programs.firefox = { 9 - enable = true; 10 - 11 - languagePacks = [ "de" "en-US" "fr"]; 12 - 13 - policies = { 14 - BlockAboutConfig = true; 15 - DefaultDownloadDirectory = "\${home}/Downloads"; 16 - DisableTelemetry = true; 17 - DisableFirefoxStudies = true; 18 - EnableTrackingProtection = { 19 - Value= true; 20 - Locked = true; 21 - Cryptomining = true; 22 - Fingerprinting = true; 23 - }; 24 - OverrideFirstRunPage = ""; 25 - OverridePostUpdatePage = ""; 26 - DisablePocket = true; 27 - DisableFirefoxAccounts = true; 28 - DisableAccounts = true; 29 - DisableFirefoxScreenshots = true; 30 - DontCheckDefaultBrowser = true; 31 - DisplayBookmarksToolbar = "always"; 32 - SearchBar = "unified"; 33 - }; 34 - 35 - profiles = { 36 - "default" = { 37 - id = 0; 38 - isDefault = true; 39 - 40 - settings = { 41 - "browser.contentblocking.category" = "strict"; 42 - "extensions.pocket.enabled" = false; 43 - "extensions.screenshots.disabled" = true; 44 - "browser.startup.homepage" = "https://start.duckduckgo.com"; 45 - 46 - "browser.newtabpage.activity-stream.feeds.section.highlights" = false; 47 - "browser.newtabpage.activity-stream.showSponsored" = false; 48 - "browser.newtabpage.activity-stream.system.showSponsored" = false; 49 - "browser.newtabpage.activity-stream.showSponsoredTopSites" = false; 50 - }; 51 - 52 - search = { 53 - 54 - default = "DuckDuckGo"; 55 - force = true; 56 - engines = { 57 - 58 - "Nix Packages" = { 59 - urls = [{ 60 - template = "https://search.nixos.org/packages"; 61 - params = [ 62 - { name = "query"; value = "{searchTerms}"; } 63 - ]; 64 - }]; 65 - icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 66 - definedAliases = [ "@np" ]; 67 - }; 68 - "Nix Options" = { 69 - definedAliases = [ "@no" ]; 70 - urls = [{ 71 - template = "https://search.nixos.org/options"; 72 - params = [ 73 - { name = "query"; value = "{searchTerms}"; } 74 - ]; 75 - }]; 76 - }; 77 - 78 - "Bing".metaData.hidden = true; 79 - "Google".metaData.alias = "@g"; 80 - }; 81 - }; 82 - }; 83 - }; 84 - }; 85 - }

-56

home/common/fish.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - home.packages = with pkgs; [ 9 - tree 10 - ]; 11 - 12 - programs.fish = { 13 - enable = true; 14 - 15 - interactiveShellInit = '' 16 - set fish_greeting # Disable greeting 17 - set -g theme_color_scheme "catppuccin" 18 - test (uname) = Darwin; and eval "$(/opt/homebrew/bin/brew shellenv)" 19 - ''; 20 - 21 - catppuccin = { 22 - enable = true; 23 - flavor = "macchiato"; 24 - }; 25 - 26 - plugins = with pkgs.fishPlugins; [ 27 - { name = "fzf"; src = fzf.src; } 28 - { name = "puffer"; src = puffer.src; } # https://github.com/nickeb96/puffer-fish 29 - { name = "z"; src = z.src; } 30 - { name = "autopair"; src = autopair.src; } 31 - { name = "hydro"; src = hydro.src; } # prompt 32 - ]; 33 - }; 34 - 35 - #programs.grc.enable = true; 36 - xdg.enable = true; 37 - 38 - programs.eza = { 39 - enable = true; 40 - icons = null; 41 - enableFishIntegration = true; 42 - 43 - extraOptions = [ 44 - "--group" 45 - "--smart-group" 46 - ]; 47 - }; 48 - 49 - programs.fzf = { 50 - enable = true; 51 - enableFishIntegration = false; # we use jethrokuan/fzf instead 52 - #defaultOptions = [ 53 - # "--color=bg+:#302D41,bg:#1E1E2E,spinner:#F8BD96,hl:#F28FAD --color=fg:#D9E0EE,header:#F28FAD,info:#DDB6F2,pointer:#F8BD96 --color=marker:#F8BD96,fg+:#F2CDCD,prompt:#DDB6F2,hl+:#F28FAD" 54 - #]; 55 - }; 56 - }

-53

home/common/git.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - programs.fish.shellAbbrs = { 9 - g = "git"; 10 - ga = "git add"; 11 - gcm = "git commit -sm"; 12 - gp = "git push"; 13 - gpl = "git pull"; 14 - gr = "git rebase"; 15 - gs = "git status"; 16 - }; 17 - 18 - 19 - programs.gh = { 20 - enable = true; 21 - settings = { 22 - version = "1"; 23 - git_protocol = "ssh"; 24 - }; 25 - }; 26 - 27 - programs.git = { 28 - enable = true; 29 - 30 - userName = "Alex Ottr"; 31 - userEmail = "alex@otter.foo"; 32 - signing = { 33 - key = "B899892A9D13D8A761B5F3E0E3DC722E2943A517"; 34 - signByDefault = true; 35 - }; 36 - 37 - extraConfig = { 38 - init.defaultBranch = "main"; 39 - pull.rebase = true; 40 - rerere.enabled = true; 41 - 42 - tag.gpgSign = false; 43 - }; 44 - 45 - # includes = [{ 46 - # condition = "gitdir/i:~/Projects/telekom/**"; 47 - # contents = { 48 - # user.email = "dustin.kroeger@telekom.de"; 49 - # user.name = "Dustin Kroeger"; 50 - # }; 51 - # }]; 52 - }; 53 - }

-73

home/common/gnome.nix

··· 1 - { config, lib, pkgs, ... }: 2 - { 3 - gtk = { 4 - enable = true; 5 - 6 - iconTheme = { 7 - name = "Papirus-Dark"; 8 - package = pkgs.papirus-icon-theme; 9 - }; 10 - 11 - theme = { 12 - name = "catppuccin-macchiato-blue-standard"; 13 - package = pkgs.catppuccin-gtk.override { 14 - variant = "macchiato"; 15 - }; 16 - }; 17 - 18 - cursorTheme = { 19 - name = "Numix-Cursor"; 20 - package = pkgs.numix-cursor-theme; 21 - }; 22 - 23 - gtk3.extraConfig = { 24 - Settings = '' 25 - gtk-application-prefer-dark-theme=1 26 - ''; 27 - }; 28 - 29 - gtk4.extraConfig = { 30 - Settings = '' 31 - gtk-application-prefer-dark-theme=1 32 - ''; 33 - }; 34 - }; 35 - xdg.configFile = { 36 - "gtk-4.0/assets".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/assets"; 37 - "gtk-4.0/gtk.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk.css"; 38 - "gtk-4.0/gtk-dark.css".source = "${config.gtk.theme.package}/share/themes/${config.gtk.theme.name}/gtk-4.0/gtk-dark.css"; 39 - }; 40 - 41 - home.sessionVariables.GTK_THEME = "catppuccin"; 42 - 43 - dconf.settings = { 44 - "org/gnome/desktop/interface" = { 45 - color-scheme = "prefer-dark"; 46 - enable-hot-corners = false; 47 - }; 48 - "org/gnome/shell" = { 49 - disable-user-extensions = false; 50 - 51 - 52 - enabled-extensions = with pkgs.gnomeExtensions; [ 53 - user-themes.extensionUuid 54 - sound-output-device-chooser.extensionUuid 55 - space-bar.extensionUuid 56 - blur-my-shell.extensionUuid 57 - tiling-shell.extensionUuid 58 - ]; 59 - }; 60 - "org/gnome/shell/extensions/user-theme" = { 61 - name = "catppuccin-macchiato-blue-standard"; 62 - }; 63 - }; 64 - 65 - home.packages = with pkgs.gnomeExtensions; [ 66 - tiling-shell 67 - blur-my-shell 68 - user-themes 69 - space-bar 70 - sound-output-device-chooser 71 - ]; 72 - 73 - }

-66

home/common/gnome.nix.save

··· 1 - { config, lib, pkgs, ... }: 2 - { 3 - gtk = { 4 - enable = true; 5 - 6 - iconTheme = { 7 - name = "Papirus-Dark"; 8 - package = pkgs.papirus-icon-theme; 9 - }; 10 - 11 - theme = { 12 - name = "catppuccin"; 13 - package = pkgs.catppuccin-gtk; 14 - }; 15 - 16 - cursorTheme = { 17 - name = "Numix-Cursor"; 18 - package = pkgs.numix-cursor-theme; 19 - }; 20 - 21 - gtk3.extraConfig = { 22 - Settings = '' 23 - gtk-application-prefer-dark-theme=1 24 - ''; 25 - }; 26 - 27 - gtk4.extraConfig = { 28 - Settings = '' 29 - gtk-application-prefer-dark-theme=1 30 - ''; 31 - }; 32 - }; 33 - 34 - home.sessionVariables.GTK_THEME = "catppuccin"; 35 - 36 - dconf.settings = { 37 - "org/gnome/desktop/interface" = { 38 - color-scheme = "prefer-dark"; 39 - enable-hot-corners = false; 40 - }; 41 - "org/gnome/shell" = { 42 - disable-user-extensions = false; 43 - 44 - 45 - enabled-extensions = with pkgs.gnomeExtensions; [ 46 - user-themes.extensionUuid 47 - sound-output-device-chooser.extensionUuid 48 - space-bar.extensionUuid 49 - blur-my-shell.extensionUuid 50 - tiling-shell.extensionUuid 51 - ]; 52 - }; 53 - "org/gnome/shell/extensions/user-theme" = { 54 - name = "catppuccin-frappe-blue-standard"; 55 - }; 56 - }; 57 - 58 - home.packages = with pkgs.gnomeExtensions; [ 59 - tiling-shell 60 - blur-my-shell 61 - user-themes 62 - space-bar 63 - sound-output-device-chooser 64 - ]; 65 - 66 - }

-13

home/common/gpg.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - programs.gpg = { 9 - enable = true; 10 - #inherit (config.programs.gnupg) package; 11 - homedir = "${config.xdg.dataHome}/.gnupg"; 12 - }; 13 - }

-62

home/common/kitty.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - programs.kitty = { 9 - enable = true; 10 - catppuccin = { 11 - enable = true; 12 - flavor = "macchiato"; 13 - }; 14 - 15 - font = { 16 - name = "Fira Code, Menlo, Monaco, monospace"; 17 - size = 13; 18 - }; 19 - 20 - darwinLaunchOptions = [ 21 - "--single-instance" 22 - ]; 23 - 24 - shellIntegration = { 25 - mode = "no-cursor"; 26 - enableFishIntegration = true; 27 - }; 28 - 29 - keybindings = { 30 - "ctrl+shift+left" = "neighboring_window left"; 31 - "ctrl+shift+right" = "neighboring_window right"; 32 - "ctrl+shift+," = "tab_previous"; 33 - "ctrl+shift+." = "tab_next"; 34 - }; 35 - 36 - settings = { 37 - 38 - enabled_layouts = "splits"; 39 - enable_audio_bell = false; 40 - 41 - tab_bar_style = "powerline"; 42 - tab_bar_min_tabs = 1; 43 - tab_bar_edge = "bottom"; 44 - tab_powerline_style = "slanted"; 45 - tab_title_template = "{title}{' :{}:'.format(num_windows) if num_windows > 1 else ''}"; 46 - 47 - copy_on_select = true; 48 - macos_colorspace = "srgb"; 49 - macos_titlebar_color = "background"; 50 - 51 - window_resize_step_cells = 2; 52 - window_resize_step_lines = 2; 53 - initial_window_width = 640; 54 - initial_window_height = 400; 55 - 56 - allow_hyperlinks = true; 57 - term = "xterm-256color"; 58 - editor = "nvim"; 59 - 60 - }; 61 - }; 62 - }

-29

home/common/music.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - home.packages = with pkgs; [ 9 - musikcube 10 - ffmpeg 11 - ]; 12 - 13 - programs.beets = { 14 - enable = true; 15 - mpdIntegration.enableStats = true; #mdpstats plugin 16 - mpdIntegration.enableUpdate = false; # mdpupdate plugin 17 - 18 - settings = { 19 - directory = config.xdg.userDirs.music; 20 - library = "${config.xdg.userDirs.music}/musiclibrary.db"; 21 - clutter = [ 22 - "Thumbs.DB" 23 - ".DS_Store" 24 - ".directory" 25 - ]; 26 - }; 27 - 28 - }; 29 - }

-22

home/common/sway.nix

··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: { 7 - 8 - wayland.windowManager.sway = { 9 - enable = true; 10 - config = rec { 11 - modifier = "Mod4"; 12 - # Use kitty as default terminal 13 - terminal = "kitty"; 14 - startup = [ 15 - # Launch Firefox on start 16 - {command = "firefox";} 17 - ]; 18 - }; 19 - extraSessionCommands = ''exec sleep 5; systemctl --user start kanshi.service''; 20 - }; 21 - 22 - }

-22

home/common/vscode.nix

··· 1 - { pkgs, config, ... }: 2 - { 3 - programs.vscode = { 4 - enable = true; 5 - extensions = with pkgs.vscode-extensions; [ 6 - catppuccin.catppuccin-vsc 7 - catppuccin.catppuccin-vsc-icons 8 - bradlc.vscode-tailwindcss 9 - jnoortheen.nix-ide 10 - prisma.prisma 11 - batisteo.vscode-django 12 - oderwat.indent-rainbow 13 - ]; 14 - 15 - userSettings = { 16 - "files.autoSave" = "off"; 17 - "[nix]"."editor.tabSize" = 2; 18 - "workbench.colorTheme" = "Catppuccin Macchiato"; 19 - "workbench.iconTheme" = "catppuccin-macchiato"; 20 - }; 21 - }; 22 - }

-13

home/ferret/default.nix

··· 1 - { config, pkgs, ... }: 2 - 3 - { 4 - imports = [ 5 - ../common/fish.nix 6 - ]; 7 - 8 - home.username = "alex"; 9 - home.homeDirectory = "/home/alex"; 10 - home.stateVersion = "23.11"; # Please read the comment before changing. 11 - 12 - programs.home-manager.enable = true; 13 - }

-32

home/otter/default.nix

··· 1 - { config, pkgs, ... }: 2 - 3 - { 4 - imports = [ 5 - ../common/kitty.nix 6 - ../common/fish.nix 7 - ../common/git.nix 8 - ../common/gpg.nix 9 - ../common/music.nix 10 - #../common/sway.nix 11 - #../common/gnome.nix 12 - #../common/vscode.nix 13 - ../common/firefox.nix 14 - 15 - ../common/dev 16 - ../common/dev/blog.nix 17 - ]; 18 - 19 - home.username = "alex"; 20 - home.homeDirectory = "/home/alex"; 21 - home.stateVersion = "24.05"; # Please read the comment before changing. 22 - 23 - home.packages = []; 24 - 25 - # plain files is through 'home.file'. 26 - home.file = {}; 27 - 28 - home.sessionVariables = {}; 29 - 30 - programs.home-manager.enable = true; 31 - 32 - }

+56

hosts/polecat/configuration.nix

··· 1 + { 2 + modulesPath, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + { 8 + imports = [ 9 + (modulesPath + "/installer/scan/not-detected.nix") 10 + ./disko.nix 11 + ]; 12 + 13 + # Bootloader 14 + boot.loader.systemd-boot.enable = true; 15 + boot.loader.efi.canTouchEfiVariables = true; 16 + 17 + services.openssh.enable = true; 18 + 19 + networking = { 20 + hostName = "polecat"; 21 + domain = "otter.place"; 22 + useDHCP = false; 23 + interfaces.enp1s0.useDHCP = false; 24 + interfaces.enp1s0.ipv4.addresses = [ 25 + { 26 + address = "192.168.1.50"; 27 + prefixLength = 24; 28 + } 29 + ]; 30 + defaultGateway = "192.168.1.1"; 31 + nameservers = [ "192.168.1.1" "1.1.1.1" ]; 32 + }; 33 + 34 + networking.networkmanager.enable = true; 35 + networking.interfaces.enp1s0 = { 36 + useDHCP = false; 37 + ipv4.addresses = [ 38 + { 39 + address = "192.168.1.50"; 40 + prefixLength = 24; 41 + } 42 + ]; 43 + }; 44 + 45 + 46 + environment.systemPackages = map lib.lowPrio [ 47 + pkgs.curl 48 + pkgs.gitMinimal 49 + ]; 50 + 51 + users.users.root.openssh.authorizedKeys.keys = [ 52 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIB2KyeFk+PFSBQ2c9fZSP/3kngks5qzfJJb6PRgTmhb alex@otter.foo" 53 + ]; 54 + 55 + system.stateVersion = "24.05"; 56 + }

+74

hosts/polecat/disko.nix

··· 1 + { lib, ... }: 2 + { 3 + disko.devices = { 4 + disk = { 5 + nvme = { 6 + device = "/dev/nvme0n1"; 7 + type = "disk"; 8 + content = { 9 + type = "gpt"; 10 + partitions = { 11 + esp = { 12 + name = "ESP"; 13 + size = "512M"; 14 + type = "EF00"; 15 + content = { 16 + type = "filesystem"; 17 + format = "vfat"; 18 + mountpoint = "/boot"; 19 + mountOptions = [ 20 + "umask=0077" 21 + ]; 22 + }; 23 + }; 24 + root = { 25 + name = "root"; 26 + size = "100%"; 27 + content = { 28 + type = "lvm_pv"; 29 + vg = "pool"; 30 + }; 31 + }; 32 + }; 33 + }; 34 + }; 35 + 36 + ssd = { 37 + type = "disk"; 38 + device = "/dev/sda"; 39 + content = { 40 + type = "gpt"; 41 + partitions = { 42 + data = { 43 + size = "100%"; 44 + content = { 45 + type = "filesystem"; 46 + format = "ext4"; 47 + mountpoint = "/mnt/data"; 48 + }; 49 + }; 50 + }; 51 + }; 52 + }; 53 + 54 + lvm_vg = { 55 + pool = { 56 + type = "lvm_vg"; 57 + lvs = { 58 + root = { 59 + size = "100%FREE"; 60 + content = { 61 + type = "filesystem"; 62 + format = "ext4"; 63 + mountpoint = "/"; 64 + mountOptions = [ 65 + "defaults" 66 + ]; 67 + }; 68 + }; 69 + }; 70 + }; 71 + }; 72 + }; 73 + }; 74 + }

+1

hosts/polecat/hardware-configuration.nix

··· 1 + throw "Have you forgotten to run nixos-anywhere with `--generate-hardware-config nixos-generate-config ./hardware-configuration.nix`?"

-45

lib/nixosSystem.nix

··· 1 - { 2 - nixpkgs, 3 - home-manager, 4 - specialArgs, 5 - home-module, 6 - nixos-modules, 7 - system, 8 - inputs 9 - }: let 10 - username = specialArgs.username; 11 - in 12 - nixpkgs.lib.nixosSystem { 13 - inherit system specialArgs; 14 - modules = [ 15 - ({pkgs, config, ... }: { 16 - config = { 17 - nix.settings = { 18 - # add binary caches 19 - trusted-public-keys = [ 20 - "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 21 - #"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA=" 22 - ]; 23 - substituters = [ 24 - "https://cache.nixos.org" 25 - #"https://nixpkgs-wayland.cachix.org" 26 - ]; 27 - }; 28 - 29 - # use it as an overlay 30 - #nixpkgs.overlays = [ specialArgs.inputs.nixpkgs-wayland.overlay ]; 31 - }; 32 - }) 33 - nixos-modules 34 - inputs.agenix.nixosModules.default 35 - home-manager.nixosModules.home-manager 36 - { 37 - home-manager.useGlobalPkgs = true; 38 - home-manager.useUserPackages = true; 39 - 40 - home-manager.extraSpecialArgs = specialArgs; 41 - home-manager.sharedModules = [inputs.catppuccin.homeManagerModules.catppuccin]; 42 - home-manager.users."${username}" = home-module; 43 - } 44 - ]; 45 - }

modules/home-manager/.gitkeep

This is a binary file and will not be displayed.

modules/nixos/.gitkeep

This is a binary file and will not be displayed.

-8

nixos/common/desktop/default.nix

··· 1 - { config, pkgs, ... }: 2 - 3 - { 4 - imports = [ 5 - # ./sway2.nix 6 - ./gnome.nix 7 - ]; 8 - }

-28

nixos/common/desktop/gnome.nix

··· 1 - { config, pkgs, lib, ... }: 2 - { 3 - services.xserver.enable = true; 4 - services.xserver.displayManager.gdm.enable = true; 5 - services.xserver.desktopManager.gnome.enable = true; 6 - 7 - services.gnome.gnome-keyring.enable = true; 8 - 9 - environment.gnome.excludePackages = (with pkgs; [ 10 - # for packages that are pkgs.* 11 - gnome-tour 12 - gnome-connections 13 - epiphany 14 - geary 15 - evince 16 - yelp 17 - cheese 18 - ]) ++ (with pkgs.gnome; [ 19 - gnome-music 20 - gnome-contacts 21 - ]); 22 - 23 - environment.systemPackages = with pkgs; [ 24 - gnome-tweaks 25 - ]; 26 - 27 - programs.dconf.enable = true; 28 - }

-33

nixos/common/desktop/sway.nix

··· 1 - { config, pkgs, lib, ... }: 2 - { 3 - environment.systemPackages = with pkgs; [ 4 - # screenshot functionality 5 - grim 6 - slurp 7 - # wl-copy and wl-paste for copy/paste from stdin / stdout 8 - wl-clipboard 9 - # notification system 10 - mako 11 - ]; 12 - 13 - services.gnome.gnome-keyring.enable = true; 14 - security.pam.services.swaylock = {}; 15 - # enable sway window manager 16 - programs.sway = { 17 - enable = true; 18 - wrapperFeatures.gtk = true; 19 - }; 20 - 21 - # kanshi systemd service 22 - systemd.user.services.kanshi = { 23 - description = "kanshi daemon"; 24 - serviceConfig = { 25 - Type = "simple"; 26 - ExecStart = ''${pkgs.kanshi}/bin/kanshi -c kanshi_config_file''; 27 - }; 28 - }; 29 - 30 - 31 - # For sway with Home-Manager 32 - security.polkit.enable = true; 33 - }

-23

nixos/common/desktop/sway2.nix

··· 1 - { config, pkgs, lib, ... }: 2 - { 3 - programs.sway.enable = true; 4 - 5 - services.greetd = { 6 - enable = true; 7 - settings = { 8 - default_session.command = '' 9 - ${pkgs.greetd.tuigreet}/bin/tuigreet \ 10 - --time \ 11 - --asterisks \ 12 - --user-menu \ 13 - --cmd sway 14 - ''; 15 - }; 16 - }; 17 - 18 - environment.etc."greetd/environments".text = '' 19 - sway 20 - ''; 21 - # https://www.drakerossman.com/blog/wayland-on-nixos-confusion-conquest-triumph#getting-more-stuff-for-sway 22 - security.polkit.enable = true; 23 - }

-16

nixos/common/gpg.nix

··· 1 - { 2 - pkgs, 3 - ... 4 - }: { 5 - 6 - programs.gnupg.agent = { 7 - enable = true; 8 - enableSSHSupport = true; 9 - settings = { 10 - default-cache-ttl = 1209600; 11 - default-cache-ttl-ssh = 1209600; 12 - max-cache-ttl = 1209600; 13 - max-cache-ttl-ssh = 1209600; 14 - }; 15 - }; 16 - }

-6

nixos/common/postgres.nix

··· 1 - { pkgs, config, ... }: 2 - 3 - { 4 - services.postgresql.enable = true; 5 - services.postgresqlBackup.enable = true; 6 - }

-60

nixos/ferret/adguard.nix

··· 1 - { pkgs, config, ... }: 2 - let 3 - certloc = "/var/lib/acme/ferret.otter.place"; 4 - in { 5 - networking.firewall = { 6 - allowedTCPPorts = [ 53 ]; 7 - allowedUDPPorts = [ 53 ]; 8 - }; 9 - 10 - services.adguardhome = { 11 - enable = true; 12 - host = "127.0.0.1"; 13 - port = 3003; 14 - settings = { 15 - http = { 16 - address = "127.0.0.1:3003"; 17 - }; 18 - dhcp.enabled = false; 19 - dns = { 20 - 21 - bind_hosts = [ 22 - "127.0.0.1" 23 - "192.168.1.69" 24 - ]; 25 - 26 - upstream_dns = [ 27 - "1.1.1.1" 28 - "9.9.9.9" 29 - ]; 30 - }; 31 - filtering = { 32 - protection_enabled = true; 33 - filtering_enabled = true; 34 - 35 - parental_enabled = false; 36 - safe_search = { 37 - enabled = false; 38 - }; 39 - }; 40 - # The following notation uses map 41 - # to not have to manually create {enabled = true; url = "";} for every filter 42 - # This is, however, fully optional 43 - filters = map(url: { enabled = true; url = url; }) [ 44 - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_9.txt" # The Big List of Hacked Malware Web Sites 45 - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" # malicious url blocklist 46 - ]; 47 - }; 48 - }; 49 - 50 - # SSL config 51 - services.caddy = { 52 - virtualHosts."adguard.ferret.otter.place".extraConfig = '' 53 - reverse_proxy http://${toString config.services.adguardhome.host}:${toString config.services.adguardhome.port} 54 - 55 - tls ${certloc}/cert.pem ${certloc}/key.pem { 56 - protocols tls1.3 57 - } 58 - ''; 59 - }; 60 - }

-38

nixos/ferret/caddy.nix

··· 1 - { pkgs, config, ... }: 2 - 3 - { 4 - networking.firewall.allowedTCPPorts = [ 5 - 80 6 - 443 7 - ]; 8 - 9 - age.secrets.caddy = { 10 - file = ../../secrets/caddy.age; 11 - owner = config.services.caddy.user; 12 - group = config.services.caddy.group; 13 - }; 14 - 15 - security.acme = { 16 - acceptTerms = true; 17 - defaults.email = "alex@otter.foo"; 18 - 19 - certs."ferret.otter.place" = { 20 - 21 - group = config.services.caddy.group; 22 - 23 - domain = "ferret.otter.place"; 24 - extraDomainNames = [ "*.ferret.otter.place" ]; 25 - dnsProvider = "cloudflare"; 26 - dnsResolver = "1.1.1.1:53"; 27 - dnsPropagationCheck = true; 28 - environmentFile = config.age.secrets.caddy.path; 29 - }; 30 - }; 31 - 32 - services.caddy = { 33 - enable = true; 34 - virtualHosts."localhost".extraConfig = '' 35 - respond "OK" 36 - ''; 37 - }; 38 - }

-70

nixos/ferret/configuration.nix

··· 1 - { pkgs, inputs, config, ... }: 2 - 3 - { 4 - imports = [ 5 - ./hardware-configuration.nix 6 - ]; 7 - services.openssh = { 8 - enable = true; 9 - settings.PasswordAuthentication = true; 10 - settings.X11Forwarding = true; 11 - }; 12 - 13 - nix.settings.experimental-features = ["nix-command" "flakes" "no-url-literals"]; 14 - # Bootloader. 15 - boot.loader.systemd-boot.enable = true; 16 - boot.loader.efi.canTouchEfiVariables = true; 17 - 18 - networking.hostName = "ferret"; # Define your hostname. 19 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 20 - 21 - # Enable networking 22 - networking.networkmanager.enable = true; 23 - 24 - # Set your time zone. 25 - time.timeZone = "Europe/Paris"; 26 - # Select internationalisation properties. 27 - i18n.defaultLocale = "en_US.UTF-8"; 28 - i18n.extraLocaleSettings = { 29 - LC_ADDRESS = "fr_FR.UTF-8"; 30 - LC_IDENTIFICATION = "fr_FR.UTF-8"; 31 - LC_MEASUREMENT = "fr_FR.UTF-8"; 32 - LC_MONETARY = "fr_FR.UTF-8"; 33 - LC_NAME = "fr_FR.UTF-8"; 34 - LC_NUMERIC = "fr_FR.UTF-8"; 35 - LC_PAPER = "fr_FR.UTF-8"; 36 - LC_TELEPHONE = "fr_FR.UTF-8"; 37 - LC_TIME = "fr_FR.UTF-8"; 38 - }; 39 - 40 - # Enable the X11 windowing system. 41 - services.xserver.enable = true; 42 - 43 - 44 - # sound.enable = false; 45 - # services.pipewire = { 46 - # enable = false; 47 - # }; 48 - 49 - # Define a user account. Don't forget to set a password with ‘passwd’. 50 - users.users.alex = { 51 - isNormalUser = true; 52 - description = "Alex"; 53 - extraGroups = [ "networkmanager" "wheel" "media" ]; 54 - packages = with pkgs; [ 55 - git 56 - ]; 57 - }; 58 - 59 - # Allow unfree packages 60 - nixpkgs.config.allowUnfree = true; 61 - environment.systemPackages = [ 62 - pkgs.tailscale 63 - inputs.agenix.packages."x86_64-linux".default 64 - ]; 65 - services.tailscale = { 66 - enable = true; 67 - }; 68 - 69 - system.stateVersion = "23.11"; # NixOS Install State 70 - }

-18

nixos/ferret/default.nix

··· 1 - { pkgs, ... }: 2 - 3 - { 4 - imports = [ 5 - ./configuration.nix 6 - ./hardware-configuration.nix 7 - ../common/postgres.nix 8 - ./media.nix 9 - ./caddy.nix 10 - ./paperless.nix 11 - ./miniflux.nix 12 - # ./adguard.nix 13 - 14 - ./tailscale-splitdns.nix 15 - ]; 16 - 17 - security.polkit.enable = true; 18 - }

-42

nixos/ferret/hardware-configuration.nix

··· 1 - { config, lib, pkgs, modulesPath, ... }: 2 - { 3 - imports = [ 4 - (modulesPath + "/installer/scan/not-detected.nix") 5 - ]; 6 - 7 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; 8 - boot.initrd.kernelModules = [ "dm-snapshot" ]; 9 - boot.kernelModules = [ "kvm-amd" ]; 10 - boot.extraModulePackages = []; 11 - 12 - fileSystems."/" = 13 - { device = "/dev/disk/by-uuid/6e990a23-01fe-40e4-adc2-063973263f95"; 14 - fsType = "ext4"; 15 - }; 16 - 17 - fileSystems."/boot" = 18 - { device = "/dev/disk/by-uuid/0586-430E"; 19 - fsType = "vfat"; 20 - }; 21 - 22 - swapDevices = [{ device = "/dev/disk/by-uuid/d96908d3-b46e-40c2-a5e0-82b71196899c"; }]; 23 - networking.useDHCP = false; 24 - networking.interfaces.enp2s0.ipv4.addresses = [ 25 - { 26 - address = "192.168.1.10"; 27 - prefixLength = 24; 28 - } 29 - ]; 30 - networking.defaultGateway = { 31 - address = "192.168.1.1"; 32 - interface = "enp2s0"; 33 - }; 34 - networking.useNetworkd = true; 35 - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; 36 - # networking.interfaces.wlo1.useDHCP = lib.mkDefault true; 37 - 38 - # for tailscale 39 - networking.nameservers = [ "100.100.100.100" "1.1.1.1" "9.9.9.9" ]; 40 - 41 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 42 - }

-106

nixos/ferret/media.nix

··· 1 - { pkgs, ... }: 2 - let 3 - certloc = "/var/lib/acme/ferret.otter.place"; 4 - in { 5 - users.groups.media = { 6 - gid = 976; 7 - }; 8 - users.users.media = { 9 - group = "media"; 10 - isSystemUser = true; 11 - uid = 976; 12 - }; 13 - 14 - environment.systemPackages = [ pkgs.cifs-utils ]; 15 - fileSystems."/storage" = { 16 - device = "//pine.otter.place/media"; 17 - fsType = "cifs"; 18 - options = let 19 - # this line prevents hanging on network split 20 - automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s"; 21 - 22 - in ["${automount_opts},credentials=/etc/nixos/smb-media,uid=976,gid=976"]; 23 - }; 24 - 25 - services.jellyfin = { 26 - enable = true; 27 - openFirewall = true; 28 - user = "media"; 29 - group = "media"; 30 - }; 31 - 32 - # Retrieve Metadata and Subtitles for DVDs 33 - services.sonarr = { 34 - enable = true; 35 - 36 - user = "media"; 37 - group = "media"; 38 - }; 39 - 40 - services.radarr = { 41 - enable = true; 42 - 43 - user = "media"; 44 - group = "media"; 45 - }; 46 - 47 - services.bazarr = { 48 - enable = true; 49 - 50 - user = "media"; 51 - group = "media"; 52 - }; 53 - 54 - services.sabnzbd = { 55 - enable = true; 56 - openFirewall = true; 57 - user = "media"; 58 - group = "media"; 59 - }; 60 - 61 - networking.firewall.allowedTCPPorts = [ 8080 ]; 62 - 63 - 64 - # SSL config 65 - services.caddy = { 66 - virtualHosts."jellyfin.ferret.otter.place".extraConfig = '' 67 - reverse_proxy http://localhost:8096 68 - 69 - tls ${certloc}/cert.pem ${certloc}/key.pem { 70 - protocols tls1.2 71 - } 72 - ''; 73 - 74 - virtualHosts."sabnzbd.ferret.otter.place".extraConfig = '' 75 - reverse_proxy http://localhost:8080 76 - 77 - tls ${certloc}/cert.pem ${certloc}/key.pem { 78 - protocols tls1.3 79 - } 80 - ''; 81 - 82 - virtualHosts."sonarr.ferret.otter.place".extraConfig = '' 83 - reverse_proxy http://localhost:8989 84 - 85 - tls ${certloc}/cert.pem ${certloc}/key.pem { 86 - protocols tls1.3 87 - } 88 - ''; 89 - 90 - virtualHosts."radarr.ferret.otter.place".extraConfig = '' 91 - reverse_proxy http://localhost:7878 92 - 93 - tls ${certloc}/cert.pem ${certloc}/key.pem { 94 - protocols tls1.3 95 - } 96 - ''; 97 - 98 - virtualHosts."bazarr.ferret.otter.place".extraConfig = '' 99 - reverse_proxy http://localhost:6767 100 - 101 - tls ${certloc}/cert.pem ${certloc}/key.pem { 102 - protocols tls1.3 103 - } 104 - ''; 105 - }; 106 - }

-29

nixos/ferret/miniflux.nix

··· 1 - {config, ...}: 2 - let 3 - certloc = "/var/lib/acme/ferret.otter.place"; 4 - fqdn = "miniflux.ferret.otter.place"; 5 - in { 6 - 7 - age.secrets.miniflux-creds.file = ../../secrets/miniflux-creds.age; 8 - 9 - services.miniflux = { 10 - enable = true; 11 - adminCredentialsFile = config.age.secrets.miniflux-creds.path; 12 - createDatabaseLocally = true; # TODO install hstore extension in global postgres 13 - config = { 14 - BASE_URL = "https://${fqdn}"; 15 - LISTEN_ADDR = "localhost:18069"; 16 - }; 17 - }; 18 - 19 - # SSL config 20 - services.caddy = { 21 - virtualHosts."${fqdn}".extraConfig = '' 22 - reverse_proxy http://${config.services.miniflux.config.LISTEN_ADDR} 23 - 24 - tls ${certloc}/cert.pem ${certloc}/key.pem { 25 - protocols tls1.3 26 - } 27 - ''; 28 - }; 29 - }

-46

nixos/ferret/paperless.nix

··· 1 - {config, ...}: 2 - let 3 - certloc = "/var/lib/acme/ferret.otter.place"; 4 - in { 5 - 6 - age.secrets.paperless-password.file = ../../secrets/paperless-password.age; 7 - 8 - services.postgresql = { 9 - ensureDatabases = [config.services.paperless.user]; 10 - ensureUsers = [ 11 - { 12 - name = config.services.paperless.user; 13 - ensureDBOwnership = true; 14 - } 15 - ]; 16 - }; 17 - 18 - services.paperless = { 19 - enable = true; 20 - 21 - passwordFile = config.age.secrets.paperless-password.path; 22 - settings = { 23 - PAPERLESS_DBHOST = "/run/postgresql"; 24 - PAPERLESS_TIME_ZONE = config.time.timeZone; 25 - PAPERLESS_OCR_LANGUAGE = "deu+eng+fra"; 26 - PAPERLESS_ADMIN_USER = "alex"; 27 - PAPERLESS_URL = "https://paperless.ferret.otter.place"; 28 - PAPERLESS_OCR_USER_ARGS={ 29 - optimize = 1; 30 - pdfa_image_compression = "lossless"; 31 - invalidate_digital_signatures = true; 32 - }; 33 - }; 34 - }; 35 - 36 - # SSL config 37 - services.caddy = { 38 - virtualHosts."paperless.ferret.otter.place".extraConfig = '' 39 - reverse_proxy http://localhost:${toString config.services.paperless.port} 40 - 41 - tls ${certloc}/cert.pem ${certloc}/key.pem { 42 - protocols tls1.3 43 - } 44 - ''; 45 - }; 46 - }

-25

nixos/ferret/tailscale-splitdns.nix

··· 1 - { pkgs, config, ... }: 2 - 3 - { 4 - networking.firewall.interfaces."${config.services.tailscale.interfaceName}" = { 5 - allowedTCPPorts = [ 53 ]; 6 - allowedUDPPorts = [ 53 ]; 7 - }; 8 - 9 - services.unbound = { 10 - enable = true; 11 - resolveLocalQueries = false; 12 - 13 - settings = { 14 - server = { 15 - interface = [ "${config.services.tailscale.interfaceName}" ]; 16 - access-control = [ "100.0.0.0/8 allow" ]; 17 - 18 - # wildcard domain setup 19 - local-zone = [''"ferret.otter.place." redirect'']; 20 - local-data = [''"ferret.otter.place. IN A 100.104.240.21"'']; 21 - local-data-ptr = [''"100.104.240.21 ferret.otter.place"'']; 22 - }; 23 - }; 24 - }; 25 - }

-149

nixos/otter/configuration.nix

··· 1 - { config, pkgs, inputs, ... }: 2 - { 3 - imports = [ # Include the results of the hardware scan. 4 - ./hardware-configuration.nix 5 - 6 - inputs.nixos-hardware.nixosModules.framework-13-7040-amd 7 - ]; 8 - 9 - hardware.enableRedistributableFirmware = true; 10 - boot.kernelPackages = pkgs.linuxKernel.packages.linux_zen; 11 - 12 - # Bootloader. 13 - boot.loader.systemd-boot.enable = true; 14 - boot.loader.efi.canTouchEfiVariables = true; 15 - 16 - boot.initrd.luks.devices."luks-cd4e7e78-243a-4091-90dd-9ee091fbb27d".device = "/dev/disk/by-uuid/cd4e7e78-243a-4091-90dd-9ee091fbb27d"; 17 - networking.hostName = "otter"; 18 - 19 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 20 - 21 - # Configure the governor used to regulate the frequency of the available CPUs. 22 - powerManagement.cpuFreqGovernor = "powersave"; 23 - 24 - 25 - # Framework quirks 26 - hardware.framework.amd-7040.preventWakeOnAC = true; 27 - services.fwupd.enable = true; 28 - # we need fwupd 1.9.7 to downgrade the fingerprint sensor firmware 29 - # services.fwupd.package = (import (builtins.fetchTarball { 30 - # url = "https://github.com/NixOS/nixpkgs/archive/bb2009ca185d97813e75736c2b8d1d8bb81bde05.tar.gz"; 31 - # sha256 = "sha256:003qcrsq5g5lggfrpq31gcvj82lb065xvr7bpfa8ddsw8x4dnysk"; 32 - # }) { 33 - # inherit (pkgs) system; 34 - # }).fwupd; 35 - 36 - # Configure network proxy if necessary 37 - # networking.proxy.default = "http://user:password@proxy:port/"; 38 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 39 - 40 - # Enable networking 41 - networking.networkmanager.enable = true; 42 - 43 - # Set your time zone. 44 - time.timeZone = "Europe/Paris"; 45 - 46 - # Select internationalisation properties. 47 - i18n.defaultLocale = "en_US.UTF-8"; 48 - 49 - i18n.extraLocaleSettings = { 50 - LC_ADDRESS = "fr_FR.UTF-8"; 51 - LC_IDENTIFICATION = "fr_FR.UTF-8"; 52 - LC_MEASUREMENT = "fr_FR.UTF-8"; 53 - LC_MONETARY = "fr_FR.UTF-8"; 54 - LC_NAME = "fr_FR.UTF-8"; 55 - LC_NUMERIC = "fr_FR.UTF-8"; 56 - LC_PAPER = "fr_FR.UTF-8"; 57 - LC_TELEPHONE = "fr_FR.UTF-8"; 58 - LC_TIME = "fr_FR.UTF-8"; 59 - }; 60 - 61 - # Enable the X11 windowing system. 62 - #services.xserver.enable = true; 63 - 64 - # Enable the GNOME Desktop Environment. 65 - #services.xserver.displayManager.gdm.enable = true; 66 - #services.xserver.desktopManager.gnome.enable = true; 67 - 68 - # Configure keymap in X11 69 - #services.xserver.xkb = { 70 - # layout = "us"; 71 - # variant = "altgr-intl"; 72 - #}; 73 - 74 - # Enable CUPS to print documents. 75 - services.printing.enable = true; 76 - 77 - # Enable sound with pipewire. 78 - hardware.pulseaudio.enable = false; 79 - security.rtkit.enable = true; 80 - services.pipewire = { 81 - enable = true; 82 - alsa.enable = true; 83 - alsa.support32Bit = true; 84 - pulse.enable = true; 85 - # If you want to use JACK applications, uncomment this 86 - #jack.enable = true; 87 - 88 - # use the example session manager (no others are packaged yet so this is enabled by default, 89 - # no need to redefine it in your config for now) 90 - #media-session.enable = true; 91 - }; 92 - 93 - # Enable touchpad support (enabled default in most desktopManager). 94 - # services.xserver.libinput.enable = true; 95 - 96 - # Define a user account. Don't forget to set a password with ‘passwd’. 97 - users.users.alex = { 98 - isNormalUser = true; 99 - description = "Alex"; 100 - extraGroups = [ "networkmanager" "wheel" ]; 101 - packages = with pkgs; []; 102 - }; 103 - 104 - # Install firefox. 105 - # programs.firefox.enable = true; 106 - 107 - # Allow unfree packages 108 - nixpkgs.config.allowUnfree = true; 109 - 110 - # List packages installed in system profile. To search, run: 111 - # $ nix search wget 112 - environment.systemPackages = with pkgs; [ 113 - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. 114 - # wget 115 - git 116 - curl 117 - ]; 118 - 119 - # Some programs need SUID wrappers, can be configured further or are 120 - # started in user sessions. 121 - # programs.mtr.enable = true; 122 - # programs.gnupg.agent = { 123 - # enable = true; 124 - # enableSSHSupport = true; 125 - # }; 126 - 127 - # List services that you want to enable: 128 - 129 - # Enable the OpenSSH daemon. 130 - services.openssh.enable = true; 131 - 132 - # Open ports in the firewall. 133 - # networking.firewall.allowedTCPPorts = [ ... ]; 134 - # networking.firewall.allowedUDPPorts = [ ... ]; 135 - # Or disable the firewall altogether. 136 - # networking.firewall.enable = false; 137 - 138 - services.logind = { 139 - powerKey = "suspend-then-hibernate"; 140 - lidSwitch = "suspend-then-hibernate"; 141 - lidSwitchExternalPower = "suspend"; 142 - extraConfig = '' 143 - PowerKeyIgnoreInhibited=yes 144 - LidSwitchIgnoreInhibited=no 145 - ''; 146 - }; 147 - 148 - system.stateVersion = "24.05"; 149 - }

-16

nixos/otter/default.nix

··· 1 - { pkgs, ... }: 2 - 3 - { 4 - imports = [ 5 - ./configuration.nix 6 - ./hardware-configuration.nix 7 - 8 - ../common/gpg.nix 9 - 10 - ../common/desktop 11 - ]; 12 - environment.systemPackages = with pkgs; [ 13 - orca-slicer 14 - ]; 15 - # security.polkit.enable = true; 16 - }

-37

nixos/otter/hardware-configuration.nix

··· 1 - { config, lib, pkgs, modulesPath, ... }: 2 - 3 - { 4 - imports = [ 5 - (modulesPath + "/installer/scan/not-detected.nix") 6 - ]; 7 - 8 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; 9 - boot.initrd.kernelModules = [ ]; 10 - boot.kernelModules = [ "kvm-amd" ]; 11 - boot.extraModulePackages = [ ]; 12 - 13 - fileSystems."/" = { 14 - device = "/dev/disk/by-uuid/d03072f3-9413-401e-b2dd-31589f3b4a05"; 15 - fsType = "ext4"; 16 - }; 17 - 18 - boot.initrd.luks.devices."luks-d2d68a53-c760-44db-bfd6-cc508e7f8406".device = "/dev/disk/by-uuid/d2d68a53-c760-44db-bfd6-cc508e7f8406"; 19 - 20 - fileSystems."/boot" = { 21 - device = "/dev/disk/by-uuid/CF41-F52D"; 22 - fsType = "vfat"; 23 - options = [ "fmask=0077" "dmask=0077" ]; 24 - }; 25 - 26 - swapDevices = [ { device = "/dev/disk/by-uuid/767cf96c-be48-473d-b7a7-15fa1cb7a3f2"; } ]; 27 - 28 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 29 - # (the default) this is the recommended approach. When using systemd-networkd it's 30 - # still possible to use this option, but it's recommended to use it in conjunction 31 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 32 - networking.useDHCP = lib.mkDefault true; 33 - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; 34 - 35 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 36 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 37 - }

-151

nixos/pinemarten/configuration.nix

··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page 3 - # and in the NixOS manual (accessible by running ‘nixos-help’). 4 - 5 - { config, pkgs, ... }: 6 - 7 - { 8 - imports = 9 - [ # Include the results of the hardware scan. 10 - ./hardware-configuration.nix 11 - ]; 12 - 13 - # Bootloader. 14 - boot.loader.systemd-boot.enable = true; 15 - boot.loader.efi.canTouchEfiVariables = true; 16 - 17 - networking.hostName = "nixos"; # Define your hostname. 18 - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. 19 - nix.settings.experimental-features = [ "nix-command" "flakes" ]; 20 - # Configure network proxy if necessary 21 - # networking.proxy.default = "http://user:password@proxy:port/"; 22 - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; 23 - 24 - # Enable networking 25 - networking.networkmanager.enable = true; 26 - 27 - # Set your time zone. 28 - time.timeZone = "Europe/Paris"; 29 - 30 - # Select internationalisation properties. 31 - i18n.defaultLocale = "en_US.UTF-8"; 32 - 33 - i18n.extraLocaleSettings = { 34 - LC_ADDRESS = "fr_FR.UTF-8"; 35 - LC_IDENTIFICATION = "fr_FR.UTF-8"; 36 - LC_MEASUREMENT = "fr_FR.UTF-8"; 37 - LC_MONETARY = "fr_FR.UTF-8"; 38 - LC_NAME = "fr_FR.UTF-8"; 39 - LC_NUMERIC = "fr_FR.UTF-8"; 40 - LC_PAPER = "fr_FR.UTF-8"; 41 - LC_TELEPHONE = "fr_FR.UTF-8"; 42 - LC_TIME = "fr_FR.UTF-8"; 43 - }; 44 - 45 - # Enable the X11 windowing system. 46 - services.xserver.enable = true; 47 - 48 - # Enable the GNOME Desktop Environment. 49 - services.xserver.displayManager.gdm.enable = true; 50 - services.xserver.desktopManager.gnome.enable = true; 51 - 52 - # Configure keymap in X11 53 - services.xserver.xkb = { 54 - layout = "us"; 55 - variant = ""; 56 - }; 57 - 58 - # Enable CUPS to print documents. 59 - services.printing.enable = true; 60 - 61 - # Enable sound with pipewire. 62 - hardware.pulseaudio.enable = false; 63 - security.rtkit.enable = true; 64 - services.pipewire = { 65 - enable = true; 66 - alsa.enable = true; 67 - alsa.support32Bit = true; 68 - pulse.enable = true; 69 - # If you want to use JACK applications, uncomment this 70 - #jack.enable = true; 71 - 72 - # use the example session manager (no others are packaged yet so this is enabled by default, 73 - # no need to redefine it in your config for now) 74 - #media-session.enable = true; 75 - }; 76 - 77 - # Enable touchpad support (enabled default in most desktopManager). 78 - # services.xserver.libinput.enable = true; 79 - 80 - # Define a user account. Don't forget to set a password with ‘passwd’. 81 - users.users.alex = { 82 - isNormalUser = true; 83 - description = "Alex"; 84 - extraGroups = [ "networkmanager" "wheel" ]; 85 - packages = with pkgs; [ 86 - # thunderbird 87 - ]; 88 - }; 89 - 90 - # Install firefox. 91 - programs.firefox.enable = true; 92 - 93 - # Allow unfree packages 94 - nixpkgs.config.allowUnfree = true; 95 - 96 - # List packages installed in system profile. To search, run: 97 - # $ nix search wget 98 - environment.systemPackages = with pkgs; [ 99 - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. 100 - wget 101 - git 102 - curl 103 - ]; 104 - 105 - # Some programs need SUID wrappers, can be configured further or are 106 - # started in user sessions. 107 - # programs.mtr.enable = true; 108 - # programs.gnupg.agent = { 109 - # enable = true; 110 - # enableSSHSupport = true; 111 - # }; 112 - 113 - # List services that you want to enable: 114 - 115 - # Enable the OpenSSH daemon. 116 - services.openssh.enable = true; 117 - 118 - # nvidia 119 - # hardware.graphics.enable = true; 120 - hardware.opengl = { 121 - enable = true; 122 - driSupport = true; 123 - }; 124 - services.xserver.videoDrivers = ["nvidia"]; 125 - 126 - hardware.nvidia = { 127 - modesetting.enable = true; 128 - powerManagement.enable = false; 129 - powerManagement.finegrained = false; 130 - open = false; 131 - 132 - nvidiaSettings = true; 133 - 134 - package = config.boot.kernelPackages.nvidiaPackages.stable; # TODO install updated driver for RTX 2070 SUPER 135 - }; 136 - 137 - # Open ports in the firewall. 138 - # networking.firewall.allowedTCPPorts = [ ... ]; 139 - # networking.firewall.allowedUDPPorts = [ ... ]; 140 - # Or disable the firewall altogether. 141 - # networking.firewall.enable = false; 142 - 143 - # This value determines the NixOS release from which the default 144 - # settings for stateful data, like file locations and database versions 145 - # on your system were taken. It‘s perfectly fine and recommended to leave 146 - # this value at the release version of the first install of this system. 147 - # Before changing this value read the documentation for this option 148 - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). 149 - system.stateVersion = "24.05"; # Did you read the comment? 150 - 151 - }

-40

nixos/pinemarten/hardware-configuration.nix

··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 5 - 6 - { 7 - imports = 8 - [ (modulesPath + "/installer/scan/not-detected.nix") 9 - ]; 10 - 11 - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ "kvm-amd" ]; 14 - boot.extraModulePackages = [ ]; 15 - 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-uuid/fe527f6c-1da0-40d3-b541-eb5eadfdc95a"; 18 - fsType = "ext4"; 19 - }; 20 - 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-uuid/1B9A-699B"; 23 - fsType = "vfat"; 24 - options = [ "fmask=0077" "dmask=0077" ]; 25 - }; 26 - 27 - swapDevices = 28 - [ { device = "/dev/disk/by-uuid/220734f6-88e2-42b5-b373-f72646bf3c34"; } 29 - ]; 30 - 31 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 32 - # (the default) this is the recommended approach. When using systemd-networkd it's 33 - # still possible to use this option, but it's recommended to use it in conjunction 34 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 35 - networking.useDHCP = lib.mkDefault true; 36 - # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; 37 - 38 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 39 - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 40 - }

-7

secrets/caddy.age

··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 eJaLeQ R1ubPbKtfn8P3t0/ijT/eg8L7r+I1fLE6LtuklZfCTc 3 - f8khf1us+b42LvDzjwmyzCAiAvTt+GsMtovfJUjCOBk 4 - -> ssh-ed25519 PCx17Q YJ+hf3dYx7UoYdN/V9pUvrHL/0fGWpaE6Q10RcDL/TI 5 - MfMz6D9hSw1FykZucFbjYE/b2URqJvlHP+qdycD4VjA 6 - --- NQthQysGOomli1LZUcsDR/8dhZPRuCXYzfvqsCI+s4Q 7 - ��S�Y�:-�rɝ��g��{C�eަYbã��t1�C��E"�r��5TL�m��ltr��,mk�S��]⤢��f�{��iN��)�

-8

secrets/miniflux-creds.age

··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 eJaLeQ MHW1gUhSMElY2/fbby9J7EHRTe/U92/BYI4jkum/7x4 3 - nUWOUhG1JrLs0FyIBMv/4960hvyS2hQQJ8Zuav/15Sc 4 - -> ssh-ed25519 PCx17Q Llk4/Y6T+R8F/vFbaAAEExKm3Vg9QYb3ThtxJ0g9sxI 5 - /tkKi6p/cpqKwNnHVh0CPgbJAcRfPnMK6CrE4PujQNc 6 - --- dQUPUpDExrAG+DHLpdQKWFrFiZ75Ya0Hsjeqe9lN/wA 7 - V�C�|��g�J�9��p��t��ϵ�q�=�b�=)��E�F��^��ey��ȅ��CG 8 - s�

-7

secrets/paperless-password.age

··· 1 - age-encryption.org/v1 2 - -> ssh-ed25519 eJaLeQ 2D7xouv6vZldW1jCJUAOBtLn1eduBTx/nWwykvekyRc 3 - 3qa/nT/PiYgVrKJtX24pjFtdCTs5mSlkTeKrBbIbZ+0 4 - -> ssh-ed25519 PCx17Q YMBRYGcyTBtX4mV2ZgnGpMdn7hsws9X9OpsFD5ElCB4 5 - 44HCFrbFDsc247ZIUcMdlP2CwEv45bTzS/FfDk8yNx4 6 - --- kGfSmbGFNWOaXHlIPL8+5z++FF1g3IXmXM8Q5iuUMXE 7 - �E��N��JjR~u<��(Y��I��T��UJlR�M��BdDE�]^DNY%�

-12

secrets/secrets.nix

··· 1 - let 2 - alex = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIB2KyeFk+PFSBQ2c9fZSP/3kngks5qzfJJb6PRgTmhb alex@otter.foo"; 3 - users = [ alex ]; 4 - 5 - ferret = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrRb1KbZH7OtuHi9VOONdofjm5vZ80S+9aOufbGXXK9"; # scanned from host 6 - systems = [ ferret ]; 7 - in 8 - { 9 - "caddy.age".publicKeys = [ alex ferret ]; 10 - "paperless-password.age".publicKeys = [ alex ferret ]; 11 - "miniflux-creds.age".publicKeys = [ alex ferret ]; 12 - }

Configure Feed

Configure Feed