this repo has no description
The big move 2 electric boogaloo
+5807
+3
.gitmodules
+3
.gitmodules
+1
README.md
+1
README.md
···
1
+
Dotfiles for my systems
+38
default.nix
+38
default.nix
···
1
+
let
2
+
sources = import ./npins;
3
+
pkgs = import sources.nixpkgs { };
4
+
pkgs-master = import sources.nixpkgs-master { };
5
+
6
+
pup_lib = import ./lib {
7
+
inherit (pkgs) lib;
8
+
inherit pkgs;
9
+
inherit sources;
10
+
};
11
+
12
+
pins = (
13
+
pup_lib.gen_pins sources [
14
+
"helix-nix"
15
+
"nixpkgs"
16
+
]
17
+
);
18
+
root_path = builtins.toString ./.;
19
+
in
20
+
pkgs.lib.fix (self: rec {
21
+
22
+
args = {
23
+
inherit self;
24
+
inherit root_path;
25
+
inherit pins;
26
+
inherit sources;
27
+
inherit pup_lib;
28
+
inherit pkgs;
29
+
inherit pkgs-master;
30
+
};
31
+
32
+
hosts = {
33
+
work = pup_lib.gen_host [ ./hosts/work/default.nix ] args;
34
+
sand-archives = pup_lib.gen_host [ ./hosts/sand-archives/default.nix ] args;
35
+
cave = pup_lib.gen_host [ ./hosts/cave/default.nix ] args;
36
+
vulpes = pup_lib.gen_host [ ./hosts/vulpes/default.nix ] args;
37
+
};
38
+
})
+83
hive.nix
+83
hive.nix
···
1
+
let
2
+
sources = import ./npins;
3
+
pkgs = import sources.nixpkgs { };
4
+
pkgs-master = import sources.nixpkgs-master { };
5
+
pup_lib = import ./lib {
6
+
inherit (pkgs) lib;
7
+
inherit pkgs;
8
+
inherit sources;
9
+
};
10
+
root_path = toString ./.;
11
+
wire = import sources.wire;
12
+
pins = (
13
+
pup_lib.gen_pins sources [
14
+
"helix-nix"
15
+
"nixpkgs"
16
+
]
17
+
);
18
+
mods = pup_lib.get_mods;
19
+
pm = (mods.priv_mod.get_data args);
20
+
21
+
nixpkgs = pkgs.applyPatches {
22
+
name = "nixpkgs_patched";
23
+
src = sources.nixpkgs;
24
+
patches = [ ./patches/forgejo.patch ];
25
+
};
26
+
27
+
args = {
28
+
inherit sources;
29
+
inherit root_path;
30
+
inherit pins;
31
+
inherit pup_lib;
32
+
inherit mods;
33
+
inherit pkgs;
34
+
inherit pkgs-master;
35
+
};
36
+
in
37
+
wire.makeHive {
38
+
meta = {
39
+
inherit nixpkgs;
40
+
specialArgs = { inherit args; };
41
+
};
42
+
43
+
vulpes =
44
+
{
45
+
...
46
+
}:
47
+
{
48
+
imports = [
49
+
./hosts/vulpes/default.nix
50
+
];
51
+
deployment = {
52
+
target = {
53
+
host = "vulpes";
54
+
port = pm.hive.port;
55
+
user = "roufpup";
56
+
};
57
+
tags = [ "x86" ];
58
+
sshOptions = [
59
+
"ForwardAgent=true"
60
+
];
61
+
};
62
+
};
63
+
sand-archives =
64
+
{
65
+
...
66
+
}:
67
+
{
68
+
imports = [
69
+
./hosts/sand-archives/default.nix
70
+
];
71
+
deployment = {
72
+
target = {
73
+
host = "sand-archives";
74
+
port = pm.hive.port;
75
+
user = "roufpup";
76
+
};
77
+
tags = [ "x86" ];
78
+
sshOptions = [
79
+
"ForwardAgent=true"
80
+
];
81
+
};
82
+
};
83
+
}
+34
hosts/sand-archives/core/boot.nix
+34
hosts/sand-archives/core/boot.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
boot = {
4
+
kernelPackages = pkgs.linuxPackages_latest;
5
+
supportedFilesystems = [ "nfs" ];
6
+
loader = {
7
+
systemd-boot = {
8
+
enable = true;
9
+
consoleMode = "auto";
10
+
configurationLimit = 3;
11
+
};
12
+
13
+
efi.canTouchEfiVariables = true;
14
+
};
15
+
initrd = {
16
+
availableKernelModules = [
17
+
"ata_piix"
18
+
"uhci_hcd"
19
+
"virtio_pci"
20
+
"virtio_scsi"
21
+
"ahci"
22
+
"sr_mod"
23
+
"virtio_blk"
24
+
];
25
+
kernelModules = [ ];
26
+
};
27
+
kernelModules = [ "kvm-amd" ];
28
+
kernel.sysctl = {
29
+
# For valkey
30
+
"vm.overcommit_memory" = 1;
31
+
"net.ipv4.ip_forward" = 1;
32
+
};
33
+
};
34
+
}
+34
hosts/sand-archives/core/hardware.nix
+34
hosts/sand-archives/core/hardware.nix
···
1
+
{ args, ... }:
2
+
{
3
+
imports = [
4
+
(args.sources.nixpkgs.outPath + "/nixos/modules/profiles/qemu-guest.nix")
5
+
];
6
+
7
+
fileSystems = {
8
+
"/" = {
9
+
device = "/dev/disk/by-uuid/3c91b7cc-5821-4d06-bf09-cf3792d160c1";
10
+
fsType = "ext4";
11
+
};
12
+
13
+
"/boot" = {
14
+
device = "/dev/disk/by-uuid/9367-BD2C";
15
+
fsType = "vfat";
16
+
options = [
17
+
"fmask=0022"
18
+
"dmask=0022"
19
+
];
20
+
};
21
+
"/mnt/hd1" = {
22
+
device = "/dev/disk/by-uuid/87ff1623-c89b-41cc-8364-69967b95ad78";
23
+
fsType = "xfs";
24
+
};
25
+
"/export/hd1" = {
26
+
device = "/mnt/hd1";
27
+
options = [ "bind" ];
28
+
};
29
+
};
30
+
31
+
hardware = {
32
+
cpu.amd.updateMicrocode = true;
33
+
};
34
+
}
+57
hosts/sand-archives/core/networking.nix
+57
hosts/sand-archives/core/networking.nix
···
1
+
{ args, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
ipv4 = pm.net.ipv4.sand-archives;
5
+
ipv6 = pm.net.ipv6.sand-archives;
6
+
in
7
+
{
8
+
networking = {
9
+
hostName = "sand-archives";
10
+
useDHCP = false;
11
+
resolvconf.enable = false;
12
+
defaultGateway = ipv4.gate;
13
+
interfaces = {
14
+
eth0 = {
15
+
ipv4 = {
16
+
addresses = [
17
+
{
18
+
address = ipv4.addr;
19
+
prefixLength = ipv4.len;
20
+
}
21
+
];
22
+
};
23
+
ipv6 = {
24
+
addresses = [
25
+
{
26
+
address = ipv6.addr;
27
+
prefixLength = ipv6.len;
28
+
}
29
+
];
30
+
routes = [
31
+
{
32
+
address = ipv6.gate;
33
+
prefixLength = 128;
34
+
}
35
+
{
36
+
address = "::";
37
+
prefixLength = 0;
38
+
via = ipv6.gate;
39
+
}
40
+
];
41
+
};
42
+
};
43
+
};
44
+
45
+
hosts = {
46
+
"127.0.0.1" = [
47
+
"netbird.killuaa.dev"
48
+
"auth.killuaa.dev"
49
+
];
50
+
};
51
+
52
+
firewall = {
53
+
enable = true;
54
+
extraCommands = pm.net.firewall.sand-archives.extraCommands;
55
+
};
56
+
};
57
+
}
+4
hosts/sand-archives/core/programs.nix
+4
hosts/sand-archives/core/programs.nix
+248
hosts/sand-archives/core/services.nix
+248
hosts/sand-archives/core/services.nix
···
1
+
{
2
+
args,
3
+
config,
4
+
pkgs,
5
+
...
6
+
}:
7
+
8
+
let
9
+
pm = (args.mods.priv_mod.get_data args);
10
+
netbird_dashboard_settings = {
11
+
NETBIRD_MGMT_API_ENDPOINT = "https://netbird.killuaa.dev";
12
+
NETBIRD_MGMT_GRPC_API_ENDPOINT = "https://netbird.killuaa.dev";
13
+
AUTH_AUTHORITY = "https://auth.killuaa.dev/oauth2/openid/netbird";
14
+
AUTH_AUDIENCE = "netbird";
15
+
AUTH_CLIENT_ID = "netbird";
16
+
AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api";
17
+
NETBIRD_TOKEN_SOURCE = "idToken";
18
+
USE_AUTH0 = false;
19
+
AUTH_REDIRECT_URI = "/auth";
20
+
AUTH_SILENT_REDIRECT_URI = "/silent-auth";
21
+
};
22
+
netbird = pkgs.netbird.overrideAttrs (prev: {
23
+
src = pkgs.fetchFromGitHub {
24
+
owner = "netbirdio";
25
+
repo = "netbird";
26
+
tag = "v0.60.8";
27
+
hash = "sha256-XM4pUYimxbO3ZCmTPbg7dwDB3x2TnL9PUgbMfjHjxmo=";
28
+
};
29
+
vendorHash = "sha256-b3Wl9jsAdYC91JM/kDo4yIF05hqbivtrcn1aRuZzP3s=";
30
+
});
31
+
in
32
+
{
33
+
services = {
34
+
openssh = {
35
+
enable = true;
36
+
ports = pm.srv.ssh.ports;
37
+
listenAddresses = [
38
+
{
39
+
addr = pm.srv.ssh.addr;
40
+
}
41
+
];
42
+
settings = {
43
+
PasswordAuthentication = false;
44
+
PermitRootLogin = "no";
45
+
};
46
+
authorizedKeysInHomedir = true;
47
+
};
48
+
49
+
nfs = {
50
+
server = {
51
+
enable = true;
52
+
exports = ''
53
+
/export/hd1/cave ${pm.net.hosts.vulpes.public-ip}(rw,nohide,no_subtree_check,no_root_squash)
54
+
'';
55
+
};
56
+
};
57
+
58
+
caddy = {
59
+
enable = true;
60
+
email = "roufpup@killuaa.dev";
61
+
package = pkgs.caddy.withPlugins {
62
+
plugins = [
63
+
"github.com/mholt/caddy-l4@v0.0.0-20251209130418-1a3490ef786a"
64
+
];
65
+
hash = "sha256-E2/YH/Uzd2GIvuB+QmNtjNgTS47Dla/ym+DwRSJm/F8=";
66
+
};
67
+
logFormat = pkgs.lib.mkForce "level DEBUG";
68
+
globalConfig = ''
69
+
http_port 8880
70
+
https_port 4443
71
+
layer4 {
72
+
:80 {
73
+
@local_http {
74
+
http {
75
+
host netbird.killuaa.dev auth.killuaa.dev
76
+
}
77
+
}
78
+
route @local_http {
79
+
proxy 127.0.0.1:8880
80
+
}
81
+
82
+
@inner_http {
83
+
http {
84
+
85
+
}
86
+
}
87
+
route @inner_http {
88
+
proxy ${pm.net.hosts.vulpes.ip}:80
89
+
}
90
+
}
91
+
92
+
:443 {
93
+
@local_https {
94
+
tls {
95
+
sni netbird.killuaa.dev auth.killuaa.dev syncthing.killuaa.dev
96
+
}
97
+
}
98
+
route @local_https {
99
+
proxy 127.0.0.1:4443
100
+
}
101
+
102
+
@inner_https {
103
+
tls {
104
+
105
+
}
106
+
}
107
+
route @inner_https {
108
+
proxy ${pm.net.hosts.vulpes.ip}:443
109
+
}
110
+
}
111
+
}
112
+
'';
113
+
virtualHosts = {
114
+
"auth.killuaa.dev:4443" = {
115
+
extraConfig = ''
116
+
reverse_proxy https://127.0.0.1:8443 {
117
+
transport http {
118
+
tls
119
+
tls_server_name auth.killuaa.dev
120
+
}
121
+
}
122
+
'';
123
+
};
124
+
"netbird.killuaa.dev:4443" = {
125
+
extraConfig = ''
126
+
handle /api* {
127
+
reverse_proxy http://127.0.0.1:8011
128
+
}
129
+
handle /ws-proxy/management* {
130
+
reverse_proxy http://127.0.0.1:8011
131
+
}
132
+
handle /management.ManagementService* {
133
+
reverse_proxy h2c://127.0.0.1:33073
134
+
}
135
+
136
+
handle /signalexchange.SignalExchange* {
137
+
reverse_proxy h2c://127.0.0.1:10000
138
+
}
139
+
handle /ws-proxy/signal* {
140
+
reverse_proxy http://127.0.0.1:8012
141
+
}
142
+
143
+
handle /relay* {
144
+
reverse_proxy http://127.0.0.1:33080
145
+
}
146
+
147
+
handle /* {
148
+
root * ${args.pup_lib.get_netbird_dashboard netbird_dashboard_settings}
149
+
try_files {path} {path}.html {path}/ /index.html
150
+
file_server
151
+
}
152
+
153
+
header * {
154
+
Cache-Control "no-store, no-cache, must-revalidate, max-age=0"
155
+
Strict-Transport-Security "max-age=3600; includeSubDomains; preload"
156
+
X-Content-Type-Options "nosniff"
157
+
X-Frame-Options "DENY"
158
+
X-XSS-Protection "1; mode=block"
159
+
-Server
160
+
Referrer-Policy strict-origin-when-cross-origin
161
+
}
162
+
'';
163
+
};
164
+
"syncthing.killuaa.dev" = {
165
+
extraConfig = ''
166
+
reverse_proxy 0.0.0.0:8384
167
+
'';
168
+
};
169
+
};
170
+
};
171
+
172
+
kanidm = {
173
+
package = pkgs.kanidm_1_8;
174
+
enableServer = true;
175
+
enableClient = true;
176
+
clientSettings = {
177
+
uri = "https://auth.killuaa.dev";
178
+
ca_path = "/var/lib/acme/auth.killuaa.dev/fullchain.pem";
179
+
};
180
+
serverSettings = {
181
+
domain = "auth.killuaa.dev";
182
+
origin = "https://auth.killuaa.dev";
183
+
bindaddress = "[::]:8443";
184
+
tls_key = "/var/lib/acme/auth.killuaa.dev/key.pem";
185
+
tls_chain = "/var/lib/acme/auth.killuaa.dev/fullchain.pem";
186
+
};
187
+
};
188
+
189
+
syncthing = {
190
+
enable = true;
191
+
user = "arr";
192
+
group = "arr";
193
+
openDefaultPorts = true;
194
+
guiAddress = "0.0.0.0:8384";
195
+
};
196
+
197
+
netbird = {
198
+
package = netbird;
199
+
server = {
200
+
enable = true;
201
+
domain = "netbird.killuaa.dev";
202
+
management = {
203
+
enable = true;
204
+
oidcConfigEndpoint = "https://auth.killuaa.dev/oauth2/openid/netbird/.well-known/openid-configuration";
205
+
settings = {
206
+
DataStoreEncryptionKey = {
207
+
_secret = config.sops.secrets.netbird_data_store_encryption_key.path;
208
+
};
209
+
};
210
+
};
211
+
dashboard = {
212
+
settings.AUTH_AUTHORITY = "https://auth.killuaa.dev/oauth2/openid/netbird";
213
+
};
214
+
signal = {
215
+
enable = true;
216
+
};
217
+
coturn = {
218
+
enable = true;
219
+
passwordFile = config.sops.secrets.coturn_password.path;
220
+
domain = "netbird.killuaa.dev";
221
+
};
222
+
};
223
+
clients.sand_arc = {
224
+
port = 51820;
225
+
environment = {
226
+
NB_MANAGEMENT_URL = "https://netbird.killuaa.dev";
227
+
NB_SETUP_KEY_FILE = config.sops.secrets.nb_setup_key.path;
228
+
};
229
+
};
230
+
231
+
};
232
+
};
233
+
234
+
systemd.services = {
235
+
netbird-sand_arc = {
236
+
serviceConfig = {
237
+
AmbientCapabilities = [
238
+
"CAP_NET_BIND_SERVICE"
239
+
"CAP_DAC_OVERRIDE"
240
+
];
241
+
ReadWritePaths = [
242
+
"/etc/resolv.conf"
243
+
"/etc/resolv.conf.original.netbird"
244
+
];
245
+
};
246
+
};
247
+
};
248
+
}
+38
hosts/sand-archives/core/sops.nix
+38
hosts/sand-archives/core/sops.nix
···
1
+
{ args, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
sops = {
7
+
defaultSopsFile = pm.secrets_file.sand-archives;
8
+
defaultSopsFormat = "yaml";
9
+
age.keyFile = "/root/.config/sops/age/keys.txt";
10
+
age.sshKeyPaths = [ ];
11
+
gnupg.sshKeyPaths = [ ];
12
+
13
+
secrets = {
14
+
#
15
+
# Porkbun
16
+
#
17
+
porkbun_api_key = { };
18
+
porkbun_secret_api_key = { };
19
+
#
20
+
# Netbird
21
+
#
22
+
netbird_data_store_encryption_key = { };
23
+
nb_setup_key = {
24
+
owner = "netbird-sand_arc";
25
+
group = "netbird-sand_arc";
26
+
mode = "0440";
27
+
};
28
+
#
29
+
# Coturn
30
+
#
31
+
coturn_password = {
32
+
owner = "turnserver";
33
+
group = "turnserver";
34
+
mode = "0440";
35
+
};
36
+
};
37
+
};
38
+
}
+43
hosts/sand-archives/core/users.nix
+43
hosts/sand-archives/core/users.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
users = {
4
+
extraUsers = {
5
+
roufpup = {
6
+
uid = 1000;
7
+
group = "roufpup";
8
+
shell = pkgs.fish;
9
+
isNormalUser = true;
10
+
extraGroups = [
11
+
"wheel"
12
+
];
13
+
openssh = {
14
+
authorizedKeys.keys = [
15
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkUMYuTCjDCIldnrQlA8M5gPkEUZ/oXxD5+B7nNeoM3 openpgp:0x13D59319"
16
+
];
17
+
};
18
+
};
19
+
arr = {
20
+
uid = 7000;
21
+
group = "arr";
22
+
isSystemUser = true;
23
+
};
24
+
};
25
+
extraGroups = {
26
+
roufpup = {
27
+
name = "roufpup";
28
+
gid = 100;
29
+
members = [ "roufpup" ];
30
+
};
31
+
users.gid = pkgs.lib.mkForce 105;
32
+
sand-archives = {
33
+
gid = 400;
34
+
name = "sand-archives";
35
+
};
36
+
arr = {
37
+
gid = 700;
38
+
name = "arr";
39
+
members = [ "arr" ];
40
+
};
41
+
};
42
+
};
43
+
}
+83
hosts/sand-archives/default.nix
+83
hosts/sand-archives/default.nix
···
1
+
{
2
+
args,
3
+
config,
4
+
pkgs,
5
+
...
6
+
}:
7
+
{
8
+
imports = [
9
+
(args.sources.nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix")
10
+
args.pins.sops-nix.nixosModules.sops
11
+
]
12
+
++ (args.pup_lib.module_imports ./core);
13
+
14
+
security = {
15
+
acme = {
16
+
acceptTerms = true;
17
+
defaults = {
18
+
email = "roufpup@killuaa.dev";
19
+
dnsProvider = "porkbun";
20
+
credentialFiles = {
21
+
"PORKBUN_API_KEY_FILE" = config.sops.secrets.porkbun_api_key.path;
22
+
"PORKBUN_SECRET_API_KEY_FILE" = config.sops.secrets.porkbun_secret_api_key.path;
23
+
};
24
+
};
25
+
certs = {
26
+
"auth.killuaa.dev" = {
27
+
group = "kanidm";
28
+
};
29
+
};
30
+
};
31
+
sudo-rs = {
32
+
enable = true;
33
+
execWheelOnly = true;
34
+
extraConfig = ''
35
+
Defaults passwd_timeout=0
36
+
'';
37
+
};
38
+
pam = {
39
+
services = {
40
+
sudo.rssh = true;
41
+
};
42
+
rssh = {
43
+
enable = true;
44
+
settings = {
45
+
cue = true;
46
+
};
47
+
};
48
+
};
49
+
};
50
+
51
+
nixpkgs = {
52
+
hostPlatform = "x86_64-linux";
53
+
config = {
54
+
allowUnfree = true;
55
+
};
56
+
};
57
+
58
+
nix = {
59
+
package = pkgs.lix;
60
+
nixPath = [
61
+
"nixpkgs=${args.sources.nixpkgs.outPath}"
62
+
];
63
+
channel.enable = false;
64
+
settings = {
65
+
use-xdg-base-directories = true;
66
+
trusted-users = [
67
+
"roufpup"
68
+
];
69
+
experimental-features = [
70
+
"nix-command"
71
+
"flakes"
72
+
];
73
+
auto-optimise-store = true;
74
+
accept-flake-config = false;
75
+
};
76
+
gc = {
77
+
automatic = true;
78
+
dates = "weekly";
79
+
};
80
+
};
81
+
82
+
system.stateVersion = "26.05";
83
+
}
+32
hosts/vulpes/core/boot.nix
+32
hosts/vulpes/core/boot.nix
···
1
+
{
2
+
pkgs,
3
+
...
4
+
}:
5
+
{
6
+
boot = {
7
+
kernelPackages = pkgs.linuxPackages_latest;
8
+
9
+
loader = {
10
+
systemd-boot.enable = true;
11
+
efi.canTouchEfiVariables = true;
12
+
};
13
+
14
+
initrd = {
15
+
availableKernelModules = [
16
+
"xhci_pci"
17
+
"ahci"
18
+
"nvme"
19
+
"usbhid"
20
+
"usb_storage"
21
+
"sd_mod"
22
+
];
23
+
kernelModules = [ "dm-snapshot" ];
24
+
};
25
+
kernelModules = [ "kvm-amd" ];
26
+
supportedFilesystems = [ "nfs" ];
27
+
28
+
kernel.sysctl = {
29
+
"net.ipv4.ip_forward" = 1;
30
+
};
31
+
};
32
+
}
+53
hosts/vulpes/core/hardware.nix
+53
hosts/vulpes/core/hardware.nix
···
1
+
{
2
+
...
3
+
}:
4
+
{
5
+
fileSystems = {
6
+
"/" = {
7
+
device = "/dev/mapper/vulpes-root";
8
+
fsType = "ext4";
9
+
};
10
+
11
+
"/boot" = {
12
+
device = "/dev/disk/by-uuid/18CE-060A";
13
+
fsType = "vfat";
14
+
options = [
15
+
"fmask=0077"
16
+
"dmask=0077"
17
+
];
18
+
};
19
+
"/mnt/hd1" = {
20
+
device = "sand-archives:/export/hd1/cave";
21
+
fsType = "nfs";
22
+
options = [
23
+
"nofail"
24
+
"defaults"
25
+
];
26
+
};
27
+
};
28
+
hardware = {
29
+
enableRedistributableFirmware = true;
30
+
31
+
bluetooth = {
32
+
enable = true;
33
+
powerOnBoot = true;
34
+
};
35
+
36
+
amdgpu = {
37
+
opencl = {
38
+
enable = true;
39
+
};
40
+
};
41
+
42
+
graphics = {
43
+
enable = true;
44
+
enable32Bit = true;
45
+
};
46
+
47
+
cpu = {
48
+
amd = {
49
+
updateMicrocode = true;
50
+
};
51
+
};
52
+
};
53
+
}
+25
hosts/vulpes/core/networking.nix
+25
hosts/vulpes/core/networking.nix
···
1
+
{
2
+
args,
3
+
...
4
+
}:
5
+
let
6
+
pm = (args.mods.priv_mod.get_data args);
7
+
in
8
+
{
9
+
networking = {
10
+
hostName = "vulpes";
11
+
resolvconf.enable = false;
12
+
useDHCP = true;
13
+
firewall = {
14
+
enable = true;
15
+
extraCommands = pm.net.firewall.vulpes.extraCommands;
16
+
};
17
+
18
+
hosts = {
19
+
"${pm.net.hosts.sand-archives.ip}" = [
20
+
"sand-archives"
21
+
"netbird.killuaa.dev"
22
+
];
23
+
};
24
+
};
25
+
}
+15
hosts/vulpes/core/programs.nix
+15
hosts/vulpes/core/programs.nix
+49
hosts/vulpes/core/services.nix
+49
hosts/vulpes/core/services.nix
···
1
+
{ args, config, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
services = {
7
+
openssh = {
8
+
enable = true;
9
+
ports = pm.srv.ssh.ports;
10
+
listenAddresses = [
11
+
{
12
+
addr = pm.srv.ssh.addr;
13
+
}
14
+
];
15
+
settings = {
16
+
PasswordAuthentication = false;
17
+
PermitRootLogin = "no";
18
+
};
19
+
authorizedKeysInHomedir = true;
20
+
};
21
+
22
+
netbird = {
23
+
enable = true;
24
+
clients.vulpes = {
25
+
port = 51820;
26
+
environment = {
27
+
NB_MANAGEMENT_URL = "https://netbird.killuaa.dev";
28
+
NB_SETUP_KEY_FILE = config.sops.secrets.nb_setup_key.path;
29
+
};
30
+
};
31
+
};
32
+
33
+
qemuGuest = {
34
+
enable = true;
35
+
};
36
+
};
37
+
systemd.services.netbird-vulpes = {
38
+
serviceConfig = {
39
+
AmbientCapabilities = [
40
+
"CAP_NET_BIND_SERVICE"
41
+
"CAP_DAC_OVERRIDE"
42
+
];
43
+
ReadWritePaths = [
44
+
"/etc/resolv.conf"
45
+
"/etc/resolv.conf.original.netbird"
46
+
];
47
+
};
48
+
};
49
+
}
+101
hosts/vulpes/core/sops.nix
+101
hosts/vulpes/core/sops.nix
···
1
+
{ args, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
sops = {
7
+
defaultSopsFile = pm.secrets_file.vulpes;
8
+
defaultSopsFormat = "yaml";
9
+
age.keyFile = "/root/.config/sops/age/keys.txt";
10
+
age.sshKeyPaths = [ ];
11
+
gnupg.sshKeyPaths = [ ];
12
+
13
+
secrets = {
14
+
pgadmin_password = { };
15
+
#
16
+
# Forgejo
17
+
#
18
+
forgejo_signing_key_pub = {
19
+
owner = "forgejo";
20
+
group = "forgejo";
21
+
};
22
+
internal_token = {
23
+
owner = "forgejo";
24
+
group = "forgejo";
25
+
};
26
+
secret_key = {
27
+
owner = "forgejo";
28
+
group = "forgejo";
29
+
};
30
+
oauth2_jwt_secret = {
31
+
owner = "forgejo";
32
+
group = "forgejo";
33
+
};
34
+
lfs_jwt_secret = {
35
+
owner = "forgejo";
36
+
group = "forgejo";
37
+
};
38
+
forgejo_db_pwd = {
39
+
owner = "forgejo";
40
+
group = "forgejo";
41
+
};
42
+
forgejo_garage_key_id = {
43
+
owner = "forgejo";
44
+
group = "forgejo";
45
+
};
46
+
forgejo_garage_secret_key = {
47
+
owner = "forgejo";
48
+
group = "forgejo";
49
+
};
50
+
#
51
+
# Garage
52
+
#
53
+
garage_rpc_secret = {
54
+
group = "sand-archives";
55
+
mode = "0440";
56
+
};
57
+
garage_admin_token = {
58
+
group = "sand-archives";
59
+
mode = "0440";
60
+
};
61
+
garage_metrics_token = {
62
+
group = "sand-archives";
63
+
mode = "0440";
64
+
};
65
+
#
66
+
# Netbird
67
+
#
68
+
nb_setup_key = {
69
+
owner = "netbird-vulpes";
70
+
group = "netbird-vulpes";
71
+
mode = "0440";
72
+
};
73
+
#
74
+
# Ente
75
+
#
76
+
ente_garage_key = { };
77
+
ente_garage_secret = { };
78
+
ente_garage_endpoint = { };
79
+
ente_db_name = { };
80
+
ente_db_user = { };
81
+
ente_db_pass = { };
82
+
ente_encryption_key = { };
83
+
ente_hash_key = { };
84
+
ente_jwt_secret = { };
85
+
ente_admin_id = { };
86
+
#
87
+
# Zerda
88
+
#
89
+
zerda_env = {
90
+
owner = "zerda";
91
+
group = "zerda";
92
+
mode = "0440";
93
+
};
94
+
zerda_db_pass = {
95
+
owner = "zerda";
96
+
group = "zerda";
97
+
mode = "0440";
98
+
};
99
+
};
100
+
};
101
+
}
+63
hosts/vulpes/core/users.nix
+63
hosts/vulpes/core/users.nix
···
1
+
{ pkgs, lib, ... }:
2
+
{
3
+
users = {
4
+
extraUsers = {
5
+
roufpup = {
6
+
uid = 1000;
7
+
subUidRanges = [
8
+
{
9
+
startUid = 100000;
10
+
count = 65536;
11
+
}
12
+
];
13
+
subGidRanges = [
14
+
{
15
+
startGid = 100000;
16
+
count = 65536;
17
+
}
18
+
];
19
+
group = "roufpup";
20
+
home = "/home/roufpup";
21
+
shell = pkgs.fish;
22
+
isNormalUser = true;
23
+
extraGroups = [
24
+
"wheel"
25
+
];
26
+
linger = true;
27
+
openssh.authorizedKeys.keys = [
28
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkUMYuTCjDCIldnrQlA8M5gPkEUZ/oXxD5+B7nNeoM3 openpgp:0x13D59319"
29
+
];
30
+
};
31
+
ente = {
32
+
uid = 5000;
33
+
group = "ente";
34
+
isSystemUser = true;
35
+
};
36
+
zerda = {
37
+
group = "zerda";
38
+
isSystemUser = true;
39
+
};
40
+
};
41
+
extraGroups = {
42
+
roufpup = {
43
+
gid = 100;
44
+
name = "roufpup";
45
+
members = [ "roufpup" ];
46
+
};
47
+
users.gid = lib.mkForce 105;
48
+
sand-archives = {
49
+
gid = 400;
50
+
name = "sand-archives";
51
+
};
52
+
ente = {
53
+
gid = 500;
54
+
name = "ente";
55
+
members = [ "ente" ];
56
+
};
57
+
zerda = {
58
+
name = "zerda";
59
+
members = [ "zerda" ];
60
+
};
61
+
};
62
+
};
63
+
}
+77
hosts/vulpes/default.nix
+77
hosts/vulpes/default.nix
···
1
+
{
2
+
args,
3
+
pkgs,
4
+
lib,
5
+
...
6
+
}:
7
+
let
8
+
overlays = (args.pup_lib.get_overlays args);
9
+
in
10
+
{
11
+
imports = [
12
+
(args.sources.nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix")
13
+
args.pins.nix-minecraft.nixosModules.minecraft-servers
14
+
args.pins.sops-nix.nixosModules.sops
15
+
]
16
+
++ (args.pup_lib.module_imports ./core)
17
+
++ (args.pup_lib.module_imports ./infra);
18
+
19
+
environment.systemPackages = with pkgs; [
20
+
yazi
21
+
helix
22
+
eza
23
+
bat
24
+
btop
25
+
zellij
26
+
configarr
27
+
vulkan-tools
28
+
];
29
+
30
+
nix.settings = {
31
+
trusted-users = [
32
+
"root"
33
+
"@wheel"
34
+
];
35
+
experimental-features = [
36
+
"nix-command"
37
+
"flakes"
38
+
];
39
+
substituters = [
40
+
"https://cache.garnix.io"
41
+
];
42
+
trusted-public-keys = [
43
+
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
44
+
];
45
+
};
46
+
nixpkgs = {
47
+
config.allowUnfree = true;
48
+
hostPlatform = "x86_64-linux";
49
+
overlays = [
50
+
overlays.default
51
+
args.pins.nix-minecraft.overlay
52
+
];
53
+
};
54
+
55
+
security = {
56
+
sudo-rs = {
57
+
enable = true;
58
+
execWheelOnly = true;
59
+
extraConfig = ''
60
+
Defaults passwd_timeout=0
61
+
'';
62
+
};
63
+
pam = {
64
+
services = {
65
+
sudo.rssh = true;
66
+
};
67
+
rssh = {
68
+
enable = true;
69
+
settings = {
70
+
cue = true;
71
+
};
72
+
};
73
+
};
74
+
};
75
+
76
+
system.stateVersion = "26.05";
77
+
}
+162
hosts/vulpes/infra/caddy.nix
+162
hosts/vulpes/infra/caddy.nix
···
1
+
{ pkgs, ... }:
2
+
let
3
+
photos-pkg = (
4
+
pkgs.ente-web.override {
5
+
enteApp = "photos";
6
+
enteMainUrl = "https://ente.killuaa.dev";
7
+
extraBuildEnv = {
8
+
NEXT_PUBLIC_ENTE_ENDPOINT = "https://api.ente.killuaa.dev";
9
+
NEXT_PUBLIC_ENTE_ALBUMS_ENDPOINT = "https://albums.ente.killuaa.dev";
10
+
NEXT_TELEMETRY_DISABLED = "1";
11
+
};
12
+
}
13
+
);
14
+
in
15
+
{
16
+
services.caddy = {
17
+
enable = true;
18
+
package = pkgs.caddy.withPlugins {
19
+
plugins = [ "github.com/caddy-dns/porkbun@v0.3.1" ];
20
+
hash = "sha256-R1ZqQ8drcBQIH7cLq9kEvdg9Ze3bKkT8IAFavldVeC0=";
21
+
};
22
+
email = "rouffy@killuaa.dev";
23
+
virtualHosts = {
24
+
# Killuaa
25
+
"killuaa.dev" = {
26
+
extraConfig = ''
27
+
handle / {
28
+
redir https://git.killuaa.dev
29
+
}
30
+
handle /.well-known/matrix/server {
31
+
header Content-Type application/json
32
+
header Access-Control-Allow-Origin *
33
+
respond `{"m.server": "yap.killuaa.dev:443"}` 200
34
+
}
35
+
36
+
handle /.well-known/matrix/client {
37
+
header Content-Type application/json
38
+
header Access-Control-Allow-Origin *
39
+
respond `{"m.homeserver":{"base_url":"https://yap.killuaa.dev"}}` 200
40
+
}
41
+
'';
42
+
};
43
+
44
+
# Git Forge
45
+
"git.killuaa.dev" = {
46
+
extraConfig = ''
47
+
reverse_proxy 127.0.0.1:3000
48
+
'';
49
+
};
50
+
51
+
# Ente
52
+
"api.ente.killuaa.dev" = {
53
+
extraConfig = ''
54
+
reverse_proxy 127.0.0.1:7000
55
+
'';
56
+
};
57
+
"ente.killuaa.dev" = {
58
+
extraConfig = ''
59
+
root * ${photos-pkg}
60
+
file_server
61
+
try_files {path} {path}.html /index.html
62
+
'';
63
+
};
64
+
"albums.ente.killuaa.dev" = {
65
+
extraConfig = ''
66
+
root * ${photos-pkg}
67
+
file_server
68
+
try_files {path} {path}.html /index.html
69
+
'';
70
+
};
71
+
"s3.garage.killuaa.dev" = {
72
+
extraConfig = ''
73
+
reverse_proxy 127.0.0.1:3900
74
+
'';
75
+
};
76
+
77
+
# Media
78
+
"media.killuaa.dev" = {
79
+
extraConfig = ''
80
+
reverse_proxy 127.0.0.1:8096
81
+
'';
82
+
};
83
+
"seerr.killuaa.dev" = {
84
+
extraConfig = ''
85
+
reverse_proxy 127.0.0.1:5055
86
+
'';
87
+
};
88
+
"anisonarr.killuaa.dev" = {
89
+
extraConfig = ''
90
+
reverse_proxy 127.0.0.1:8989
91
+
'';
92
+
};
93
+
"aniradarr.killuaa.dev" = {
94
+
extraConfig = ''
95
+
reverse_proxy 127.0.0.1:7979
96
+
'';
97
+
};
98
+
"showsonarr.killuaa.dev" = {
99
+
extraConfig = ''
100
+
reverse_proxy 127.0.0.1:8988
101
+
'';
102
+
};
103
+
"movieradarr.killuaa.dev" = {
104
+
extraConfig = ''
105
+
reverse_proxy 127.0.0.1:7978
106
+
'';
107
+
};
108
+
"prowlarr.killuaa.dev" = {
109
+
extraConfig = ''
110
+
reverse_proxy 127.0.0.1:4545
111
+
'';
112
+
};
113
+
"torrent.killuaa.dev" = {
114
+
extraConfig = ''
115
+
reverse_proxy 127.0.0.1:9999
116
+
'';
117
+
};
118
+
119
+
# Matrix
120
+
"yap.killuaa.dev" = {
121
+
extraConfig = ''
122
+
reverse_proxy 127.0.0.1:6167
123
+
'';
124
+
};
125
+
126
+
# NTFY
127
+
"ntfy.killuaa.dev" = {
128
+
serverAliases = [ "http://ntfy.killuaa.dev" ];
129
+
extraConfig = ''
130
+
reverse_proxy 127.0.0.1:2586
131
+
132
+
@httpget {
133
+
protocol http
134
+
method GET
135
+
path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
136
+
}
137
+
138
+
redir @httpget https://{host}{uri}
139
+
'';
140
+
};
141
+
"mollysocket.killuaa.dev" = {
142
+
extraConfig = ''
143
+
reverse_proxy 127.0.0.1:8020
144
+
'';
145
+
};
146
+
147
+
# Zerda
148
+
"zerda.killuaa.dev" = {
149
+
extraConfig = ''
150
+
reverse_proxy 127.0.0.1:3232
151
+
'';
152
+
};
153
+
154
+
# Vaultwarden
155
+
"vaultwarden.killuaa.dev" = {
156
+
extraConfig = ''
157
+
reverse_proxy 127.0.0.1:7474
158
+
'';
159
+
};
160
+
};
161
+
};
162
+
}
+140
hosts/vulpes/infra/dns.nix
+140
hosts/vulpes/infra/dns.nix
···
1
+
{ args, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
services = {
7
+
pihole-web = {
8
+
enable = true;
9
+
ports = [
10
+
"9001"
11
+
"[::]:9001"
12
+
];
13
+
};
14
+
pihole-ftl = {
15
+
enable = true;
16
+
settings = {
17
+
webserver = {
18
+
interface.theme = "default-dark";
19
+
};
20
+
dns = {
21
+
port = 9000;
22
+
upstreams = [
23
+
"127.0.0.1#9002"
24
+
];
25
+
domain = {
26
+
name = "vulpes";
27
+
};
28
+
};
29
+
};
30
+
lists = [
31
+
{
32
+
enabled = true;
33
+
description = "Hagezi Ultimate";
34
+
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/ultimate.txt";
35
+
type = "block";
36
+
}
37
+
];
38
+
};
39
+
unbound = {
40
+
enable = true;
41
+
resolveLocalQueries = false;
42
+
settings = {
43
+
server = {
44
+
logfile = "/var/log/unbound/unbound.log";
45
+
log-time-ascii = "yes";
46
+
verbosity = 5;
47
+
48
+
port = 9002;
49
+
interface = [ "0.0.0.0" ];
50
+
51
+
do-ip4 = "yes";
52
+
do-ip6 = "no";
53
+
prefer-ip6 = "no";
54
+
55
+
do-tcp = "yes";
56
+
do-udp = "yes";
57
+
58
+
harden-glue = "yes";
59
+
harden-dnssec-stripped = "yes";
60
+
use-caps-for-id = "no";
61
+
edns-buffer-size = "1232";
62
+
63
+
prefetch = "yes";
64
+
num-threads = 2;
65
+
so-rcvbuf = "1m";
66
+
private-address = [
67
+
"192.168.0.0/16"
68
+
"169.254.0.0/16"
69
+
"172.16.0.0/12"
70
+
"100.64.0.0/10"
71
+
"10.0.0.0/8"
72
+
"fd00::/8"
73
+
"fe80::/10"
74
+
75
+
"192.0.2.0/24"
76
+
"198.51.100.0/24"
77
+
"203.0.113.0/24"
78
+
"255.255.255.255/32"
79
+
"2001:db8::/32"
80
+
];
81
+
local-zone = [
82
+
"\"killuaa.dev.\" static"
83
+
];
84
+
local-data = [
85
+
# Main zone setup
86
+
"\"killuaa.dev. IN SOA ns.killuaa.dev. roufpup.killuaa.dev. ( 20250211 10800 3600 604800 300)\""
87
+
"\"killuaa.dev. IN NS ns.killuaa.dev.\""
88
+
89
+
"\"ns.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
90
+
"\"killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
91
+
92
+
# DNS records
93
+
94
+
"\"killuaa.dev. IN MX 10 mail.tutanota.de.\""
95
+
"'killuaa.dev. IN TXT \"t-verify=3971cf62a080f647ea848e037ac87776\"'"
96
+
"'killuaa.dev. IN TXT \"v=spf1 include:spf.tutanota.de -all\"'"
97
+
"'_dmarc.killuaa.dev. IN TXT \"v=DMARC1; p=quarantine; adkim=s\"'"
98
+
"\"s1._domainkey.killuaa.dev. IN CNAME s1.domainkey.tutanota.de.\""
99
+
"\"s2._domainkey.killuaa.dev. IN CNAME s2.domainkey.tutanota.de.\""
100
+
"\"_mta-sts.killuaa.dev. IN CNAME mta-sts.tutanota.de.\""
101
+
"\"mta-sts.killuaa.dev. IN CNAME mta-sts.tutanota.de.\""
102
+
103
+
"\"git.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
104
+
105
+
"\"netbird.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
106
+
"\"auth.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
107
+
108
+
"\"ente.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
109
+
"\"api.ente.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
110
+
"\"albums.ente.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
111
+
"\"s3.garage.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
112
+
113
+
"\"media.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
114
+
"\"seerr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
115
+
"\"anisonarr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
116
+
"\"aniradarr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
117
+
"\"showsonarr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
118
+
"\"movieradarr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
119
+
"\"prowlarr.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
120
+
"\"torrent.killuaa.dev. IN A ${pm.net.hosts.vulpes.ip}\""
121
+
122
+
"\"yap.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
123
+
124
+
"\"ntfy.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
125
+
"\"mollysocket.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
126
+
127
+
"\"zerda.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
128
+
129
+
"\"vaultwarden.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
130
+
131
+
"\"syncthing.killuaa.dev. IN A ${pm.net.hosts.sand-archives.ip}\""
132
+
];
133
+
access-control = [
134
+
"100.0.0.0/8 allow"
135
+
];
136
+
};
137
+
};
138
+
};
139
+
};
140
+
}
+104
hosts/vulpes/infra/ente.nix
+104
hosts/vulpes/infra/ente.nix
···
1
+
{
2
+
config,
3
+
utils,
4
+
pkgs,
5
+
...
6
+
}:
7
+
let
8
+
secrets = config.sops.secrets;
9
+
secrets_dir = "/run/secrets";
10
+
data_dir = "/var/lib/ente";
11
+
12
+
ente_config = {
13
+
http = {
14
+
use-tls = false;
15
+
port = 7000;
16
+
};
17
+
apps = {
18
+
public-albums = "https://albums.ente.killuaa.dev";
19
+
};
20
+
webauthn = {
21
+
rpid = "127.0.0.1";
22
+
rporigins = [
23
+
"http://127.0.0.1:3001"
24
+
];
25
+
};
26
+
key = {
27
+
encryption._secret = secrets.ente_encryption_key.path;
28
+
hash._secret = secrets.ente_hash_key.path;
29
+
};
30
+
jwt = {
31
+
secret._secret = secrets.ente_jwt_secret.path;
32
+
};
33
+
internal = {
34
+
admin._secret = secrets.ente_admin_id.path;
35
+
disable-registration = true;
36
+
};
37
+
db = {
38
+
host = "127.0.0.1";
39
+
port = 5432;
40
+
name._secret = secrets.ente_db_name.path;
41
+
user._secret = secrets.ente_db_user.path;
42
+
password._secret = secrets.ente_db_pass.path;
43
+
sslmode = "disable";
44
+
};
45
+
s3 = {
46
+
are_local_buckets = false;
47
+
use_path_style_urls = true;
48
+
b2-eu-cen = {
49
+
key._secret = secrets.ente_garage_key.path;
50
+
secret._secret = secrets.ente_garage_secret.path;
51
+
endpoint._secret = secrets.ente_garage_endpoint.path;
52
+
region = "sand-archives";
53
+
bucket = "ente";
54
+
};
55
+
};
56
+
};
57
+
in
58
+
{
59
+
systemd.services = {
60
+
ente-museum-setup = {
61
+
enable = true;
62
+
wantedBy = [ "ente-museum.service" ];
63
+
before = [ "ente-museum.service" ];
64
+
script = ''
65
+
${utils.genJqSecretsReplacementSnippet ente_config "${secrets_dir}/local.yaml"}
66
+
'';
67
+
};
68
+
ente-museum = {
69
+
enable = true;
70
+
wantedBy = [ "default.target" ];
71
+
wants = [
72
+
"garage.service"
73
+
"ente-museum-setup.service"
74
+
];
75
+
after = [
76
+
"garage.service"
77
+
"ente-museum-setup.service"
78
+
];
79
+
serviceConfig = {
80
+
ExecStart = ''
81
+
${pkgs.museum}/bin/museum
82
+
'';
83
+
Type = "simple";
84
+
Restart = "always";
85
+
StateDirectory = "ente";
86
+
WorkingDirectory = "${data_dir}";
87
+
RuntimeDirectory = "ente";
88
+
User = "ente";
89
+
Group = "ente";
90
+
BindReadOnlyPaths = [
91
+
"${pkgs.museum}/share/museum/migrations:${data_dir}/migrations"
92
+
"${pkgs.museum}/share/museum/mail-templates:${data_dir}/mail-templates"
93
+
"${pkgs.museum}/share/museum/web-templates:${data_dir}/web-templates"
94
+
"${secrets_dir}/local.yaml:${data_dir}/configurations/local.yaml"
95
+
];
96
+
};
97
+
environment = {
98
+
ENVIRONMENT = "local";
99
+
GIT_COMMIT = "local";
100
+
GIN_MODE = "release";
101
+
};
102
+
};
103
+
};
104
+
}
+163
hosts/vulpes/infra/forgejo.nix
+163
hosts/vulpes/infra/forgejo.nix
···
1
+
{
2
+
pkgs,
3
+
config,
4
+
lib,
5
+
...
6
+
}:
7
+
{
8
+
services = {
9
+
forgejo = {
10
+
enable = true;
11
+
package = pkgs.forgejo;
12
+
secrets = {
13
+
server = {
14
+
LFS_JWT_SECRET = lib.mkForce config.sops.secrets.lfs_jwt_secret.path;
15
+
};
16
+
security = {
17
+
INTERNAL_TOKEN = lib.mkForce config.sops.secrets.internal_token.path;
18
+
SECRET_KEY = lib.mkForce config.sops.secrets.secret_key.path;
19
+
};
20
+
oauth2 = {
21
+
JWT_SECRET = lib.mkForce config.sops.secrets.oauth2_jwt_secret.path;
22
+
};
23
+
database = {
24
+
PASSWD = lib.mkForce config.sops.secrets.forgejo_db_pwd.path;
25
+
};
26
+
};
27
+
database = {
28
+
type = "postgres";
29
+
host = "127.0.0.1";
30
+
name = "forgejo";
31
+
user = "forgejo";
32
+
port = 5432;
33
+
createDatabase = false;
34
+
};
35
+
settings = {
36
+
DEFAULT = {
37
+
APP_NAME = "SillyDev";
38
+
RUN_MODE = "prod";
39
+
APP_SLOGAN = "Coding but add a little bit of silly";
40
+
};
41
+
repository = {
42
+
FORCE_PRIVATE = false;
43
+
DEFAULT_PRIVATE = "private";
44
+
DISABLE_HTTP_GIT = false;
45
+
USE_COMPAT_SSH_URI = true;
46
+
ENABLE_PUSH_CREATE_USER = true;
47
+
};
48
+
"repository.pull-request" = {
49
+
DEFAULT_MERGE_STYLE = "merge";
50
+
};
51
+
"repository.signing" = {
52
+
DEFAULT_TRUST_MODEL = "committer";
53
+
FORMAT = "ssh";
54
+
SIGNING_KEY = config.sops.secrets.forgejo_signing_key_pub.path;
55
+
SIGNING_NAME = "SillyDev Instance";
56
+
SIGNING_EMAIL = "git@killuaa.dev";
57
+
};
58
+
ui = {
59
+
THEMES = "gitea-auto, gitea-light, gitea-dark, forgejo-auto, forgejo-light, forgejo-dark";
60
+
DEFAULT_THEME = "gitea-auto";
61
+
SHOW_USER_EMAIL = "false";
62
+
};
63
+
"ui.meta" = {
64
+
AUTHOR = "SillyDev - Beyond Silly. We silly.";
65
+
DESCRIPTION = "";
66
+
};
67
+
server = {
68
+
DOMAIN = "git.killuaa.dev";
69
+
SSH_DOMAIN = "git.killuaa.dev";
70
+
HTTP_PORT = 3000;
71
+
ROOT_URL = "https://git.killuaa.dev/";
72
+
DISABLE_SSH = false;
73
+
SSH_PORT = 5858;
74
+
SSH_LISTEN_PORT = 5858;
75
+
LFS_START_SERVER = true;
76
+
OFFLINE_MODE = false;
77
+
LANDING_PAGE = "home";
78
+
};
79
+
database = {
80
+
SSL_MODE = "disable";
81
+
};
82
+
admin = {
83
+
DISABLE_REGULAR_ORG_CREATION = true;
84
+
};
85
+
security = {
86
+
INSTALL_LOCK = true;
87
+
REVERSE_PROXY_LIMIT = 1;
88
+
REVERSE_PROXY_TRUSTED_PROXIES = "*";
89
+
PASSWORD_HASH_ALGO = "pbkdf2_hi";
90
+
PASSWORD_COMPLEXITY = "lower, upper, digit, spec";
91
+
PASSWORD_CHECK_PWN = true;
92
+
};
93
+
openid = {
94
+
ENABLE_OPENID_SIGNIN = false;
95
+
ENABLE_OPENID_SIGNUP = false;
96
+
};
97
+
service = {
98
+
DISABLE_REGISTRATION = false;
99
+
REQUIRE_SIGNIN_VIEW = false;
100
+
REGISTER_EMAIL_CONFIRM = true;
101
+
ENABLE_NOTIFY_MAIL = false;
102
+
ENABLE_CAPTCHA = true;
103
+
DEFAULT_KEEP_EMAIL_PRIVATE = true;
104
+
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
105
+
DEFAULT_ENABLE_TIMETRACKING = true;
106
+
NO_REPLY_ADDRESS = "noreply.localhost";
107
+
DEFAULT_USER_IS_RESTRICTED = true;
108
+
EMAIL_DOMAIN_BLOCK_DISPOSABLE = true;
109
+
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
110
+
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
111
+
};
112
+
webhook = {
113
+
ALLOWED_HOST_LIST = "external,loopback";
114
+
};
115
+
session = {
116
+
PROVIDER = "file";
117
+
};
118
+
picture = {
119
+
AVATAR_MAX_FILE_SIZE = 15000000;
120
+
ENABLE_FEDERATED_AVATAR = true;
121
+
};
122
+
log = {
123
+
MODE = "console";
124
+
LEVEL = "Error";
125
+
};
126
+
"cron.update_checker" = {
127
+
ENABLED = true;
128
+
};
129
+
metrics = {
130
+
ENABLED = true;
131
+
ENABLED_ISSUE_BY_LABEL = true;
132
+
};
133
+
migrations = {
134
+
ALLOW_LOCALNETWORKS = true;
135
+
};
136
+
federation = {
137
+
ENABLED = true;
138
+
SHARE_USER_STATISTICS = true;
139
+
};
140
+
actions = {
141
+
ARTIFACT_RETENTION_DAYS = 14;
142
+
};
143
+
};
144
+
};
145
+
146
+
# gitea-actions-runner = {
147
+
# package = pkgs.forgejo-runner;
148
+
# instances.default = {
149
+
# enable = true;
150
+
# name = "hourglass";
151
+
# url = "https://git.killuaa.dev";
152
+
# tokenFile = config.sops.secrets.forgejo_runner_token.path;
153
+
# labels = [
154
+
# "ubuntu-latest:docker://node:20-bookworm"
155
+
# "ubuntu-22.04:docker://node:20-bookworm"
156
+
157
+
# "ubuntu-20.04:docker://node:16-bullseye"
158
+
# "ubuntu-18.04:docker://node:16-buster"
159
+
# ];
160
+
# };
161
+
# };
162
+
};
163
+
}
+50
hosts/vulpes/infra/garage.nix
+50
hosts/vulpes/infra/garage.nix
···
1
+
{ pkgs, config, ... }:
2
+
{
3
+
services.garage = {
4
+
enable = true;
5
+
package = pkgs.garage_2;
6
+
settings = {
7
+
db_engine = "sqlite";
8
+
replication_factor = 1;
9
+
allow_world_readable_secrets = true;
10
+
11
+
s3_api = {
12
+
s3_region = "sand-archives";
13
+
api_bind_addr = "[::]:3900";
14
+
};
15
+
16
+
rpc_bind_addr = "[::]:3901";
17
+
rpc_public_addr = "127.0.0.1:3901";
18
+
rpc_secret_file = config.sops.secrets.garage_rpc_secret.path;
19
+
20
+
s3_web = {
21
+
bind_addr = "[::]:3902";
22
+
index = "index.html";
23
+
root_domain = ".garage.killuaa.dev";
24
+
};
25
+
admin = {
26
+
api_bind_addr = "[::]:3903";
27
+
admin_token_file = config.sops.secrets.garage_admin_token.path;
28
+
metrics_token_file = config.sops.secrets.garage_metrics_token.path;
29
+
};
30
+
k2v_api = {
31
+
api_bind_addr = "[::]:3904";
32
+
};
33
+
};
34
+
};
35
+
systemd.services = {
36
+
garage = {
37
+
serviceConfig = {
38
+
BindPaths = [
39
+
"/mnt/hd1/garage:/var/lib/garage/data"
40
+
];
41
+
SupplementaryGroups = [
42
+
"sand-archives"
43
+
];
44
+
};
45
+
unitConfig = {
46
+
RequiresMountsFor = "/mnt/hd1/garage";
47
+
};
48
+
};
49
+
};
50
+
}
+14
hosts/vulpes/infra/matrix.nix
+14
hosts/vulpes/infra/matrix.nix
+91
hosts/vulpes/infra/media.nix
+91
hosts/vulpes/infra/media.nix
···
1
+
{
2
+
args,
3
+
config,
4
+
pkgs,
5
+
lib,
6
+
...
7
+
}:
8
+
let
9
+
pm = (args.mods.priv_mod.get_data args);
10
+
in
11
+
{
12
+
imports = [
13
+
(import args.mods.pub_mod.arr {
14
+
inherit config;
15
+
inherit pkgs;
16
+
inherit lib;
17
+
})
18
+
];
19
+
20
+
services = {
21
+
qbittorrent = {
22
+
enable = true;
23
+
webuiPort = 9999;
24
+
user = "arr";
25
+
group = "arr";
26
+
serverConfig = {
27
+
Preferences = {
28
+
WebUI = {
29
+
Password_PBKDF2 = pm.srv.qbittorrent.password;
30
+
LocalHostAuth = false;
31
+
AuthSubnetWhitelistEnabled = true;
32
+
AuthSubnetWhitelist = "100.64.0.0/10, 10.0.0.0/8, 192.0.0.0/24, fe80::/64";
33
+
};
34
+
};
35
+
BitTorrent = {
36
+
Session = {
37
+
DisableAutoTMMByDefault = false;
38
+
DisableAutoTMMTriggers = {
39
+
CategorySavePathChanged = false;
40
+
DefaultSavePathChanged = false;
41
+
};
42
+
DefaultSavePath = "/mnt/hd1/arr_data/torrents";
43
+
};
44
+
};
45
+
Core = {
46
+
AutoDeleteAddedTorrentFile = "IfAdded";
47
+
};
48
+
};
49
+
};
50
+
51
+
jellyfin = {
52
+
enable = true;
53
+
};
54
+
jellyseerr = {
55
+
enable = true;
56
+
};
57
+
flaresolverr = {
58
+
enable = true;
59
+
};
60
+
arr-stack = {
61
+
enable = true;
62
+
arrs = {
63
+
prowlarr = {
64
+
enable = true;
65
+
port = 4545;
66
+
service-type = "prowlarr";
67
+
};
68
+
anisonarr = {
69
+
enable = true;
70
+
port = 8989;
71
+
service-type = "sonarr";
72
+
};
73
+
showsonarr = {
74
+
enable = true;
75
+
port = 8988;
76
+
service-type = "sonarr";
77
+
};
78
+
aniradarr = {
79
+
enable = true;
80
+
port = 7979;
81
+
service-type = "radarr";
82
+
};
83
+
movieradarr = {
84
+
enable = true;
85
+
port = 7978;
86
+
service-type = "radarr";
87
+
};
88
+
};
89
+
};
90
+
};
91
+
}
+104
hosts/vulpes/infra/minecraft.nix
+104
hosts/vulpes/infra/minecraft.nix
···
1
+
{ pkgs, ... }:
2
+
let
3
+
modpack = pkgs.fetchPackwizModpack {
4
+
url = "https://git.killuaa.dev/roufpup/ATR10/raw/branch/trunk/pack/pack.toml";
5
+
packHash = "sha256-dM2+2ItZQtBR/tG+4EZ7zo1NpUXD8t2mqHpr8nnV2JQ=";
6
+
prefetch_mods = [
7
+
{
8
+
url = "https://edge.forgecdn.net/files/6172/735/bwncr-neoforge-1.21.1-3.20.3.jar";
9
+
sha256 = "sha256-LVBuxh2AL+7yoDJ59zqVKDcq9q5dDsBOqGd866q/5q8=";
10
+
name = "bwncr-neoforge-1.21.1-3.20.3.jar";
11
+
}
12
+
{
13
+
url = "https://edge.forgecdn.net/files/6919/850/tombstone-neoforge-1.21.1-9.4.8.jar";
14
+
sha256 = "sha256-kXXeDSk0FJ9dfhwaWpS4RqBKbnpWDfh1cJh/L3e42XA=";
15
+
name = "tombstone-neoforge-1.21.1-9.4.8.jar";
16
+
}
17
+
{
18
+
url = "https://edge.forgecdn.net/files/5991/453/imfast-NEOFORGE-1.0.2.jar";
19
+
sha256 = "sha256-tDX8IWUYg+3jdq2mhNGWock6ro8kC81NVR+w2DhNt/o=";
20
+
name = "imfast-NEOFORGE-1.0.2.jar";
21
+
}
22
+
{
23
+
url = "https://edge.forgecdn.net/files/6981/252/moreoverlays-1.24.2-mc1.21.1-neoforge.jar";
24
+
sha256 = "sha256-GrDRpJ4xu+XPDN/luin9kj7KWsYM21EWR4CqPbMXxLE=";
25
+
name = "moreoverlays-1.24.2-mc1.21.1-neoforge.jar";
26
+
}
27
+
{
28
+
url = "https://edge.forgecdn.net/files/7129/314/notenoughanimations-neoforge-1.10.6-mc1.21.1.jar";
29
+
sha256 = "sha256-odUKM+Dv50C3X/1XTMLYGZK7jDxCHNMk7fFbwkvwLgE=";
30
+
name = "notenoughanimations-neoforge-1.10.6-mc1.21.1.jar";
31
+
}
32
+
{
33
+
url = "https://edge.forgecdn.net/files/7078/283/Structory_Towers_1.21.x_v1.0.14.jar";
34
+
sha256 = "sha256-TzAeyMhlQo7y4zKnbBTPv3944aOfSmAywNrnnGYPzB8=";
35
+
name = "Structory_Towers_1.21.x_v1.0.14.jar";
36
+
}
37
+
{
38
+
url = "https://edge.forgecdn.net/files/7078/278/Structory_1.21.x_v1.3.12.jar";
39
+
sha256 = "sha256-K/R8JXsDG1Dz/mqqumow2eMKCg6ou85j4qhd7h8WRLE=";
40
+
name = "Structory_1.21.x_v1.3.12.jar";
41
+
}
42
+
];
43
+
prefetch_resourcepacks = [
44
+
{
45
+
url = "https://edge.forgecdn.net/files/5995/726/Create%20Immersive%20Aircraft%20Warship%20ResoucePack%20v1.2.zip";
46
+
sha256 = "sha256-3BW8dHyYGy6yODUmgTkqPjHJeiWfN0hBChNMZ6XbjfI=";
47
+
name = "Create Immersive Aircraft Warship ResoucePack v1.2.zip";
48
+
}
49
+
{
50
+
url = "https://edge.forgecdn.net/files/5375/282/Create%20Immersive%20Aircrafts%20Warship%20Recipe%20DataPack%20v1.0.zip";
51
+
sha256 = "sha256-7FEWJ61vgzEvvwAyAs7KKBpucQS5rHsG5bKy0BzUOR8=";
52
+
name = "Create Immersive Aircrafts Warship Recipe DataPack v1.0.zip";
53
+
}
54
+
{
55
+
url = "https://edge.forgecdn.net/files/6117/616/Visual%20Titles%201.1.zip";
56
+
sha256 = "sha256-mQ/qnTCIPrcpgkiMZNWAwgJdqSOOZfo+tU2H2AcKxUk=";
57
+
name = "Visual Titles 1.1.zip";
58
+
}
59
+
{
60
+
url = "https://edge.forgecdn.net/files/5050/834/IAF-DE4THR4SH-Dragonsteel-Weaponry-V-3.5-%5B1.20.X%5D.zip";
61
+
sha256 = "sha256-Z1Jlp1ublj0gehCNuMfzXhQJZRgli+5EiuA8MfRJnSA=";
62
+
name = "IAF-DE4THR4SH-Dragonsteel-Weaponry-V-3.5-[1.20.X].zip";
63
+
}
64
+
{
65
+
url = "https://edge.forgecdn.net/files/5982/488/enderio-refrubished-preview.zip";
66
+
sha256 = "sha256-dAa2ueyX6yf00xPf0A6dNpdnYdNqxRGJRvZCi5lMuS0=";
67
+
name = "enderio-refrubished-preview.zip";
68
+
}
69
+
];
70
+
};
71
+
in
72
+
{
73
+
services.minecraft-servers = {
74
+
enable = true;
75
+
eula = true;
76
+
dataDir = "/var/lib/minecraft";
77
+
managementSystem = {
78
+
tmux.enable = false;
79
+
systemd-socket.enable = true;
80
+
};
81
+
servers = {
82
+
atr10 = {
83
+
enable = true;
84
+
autoStart = true;
85
+
serverProperties = {
86
+
server-port = 2755;
87
+
"query.port" = 2755;
88
+
allow-flight = true;
89
+
};
90
+
jvmOpts = "-Xms12288M -Xmx12288M";
91
+
package = pkgs.neoforgeServers.neoforge-1_21_1-21_1_217;
92
+
files = {
93
+
"config" = "${modpack}/config";
94
+
"mods" = "${modpack}/mods";
95
+
"kubejs" = "${modpack}/kubejs";
96
+
"local" = "${modpack}/local";
97
+
"defaultconfigs" = "${modpack}/defaultconfigs";
98
+
"datapacks" = "${modpack}/datapacks";
99
+
"shaderpacks" = "${modpack}/shaderpacks";
100
+
};
101
+
};
102
+
};
103
+
};
104
+
}
+60
hosts/vulpes/infra/misc.nix
+60
hosts/vulpes/infra/misc.nix
···
1
+
{ args, pkgs, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
services = {
7
+
redis = {
8
+
package = pkgs.valkey;
9
+
servers = {
10
+
zerda = {
11
+
enable = true;
12
+
port = 6375;
13
+
bind = "0.0.0.0";
14
+
settings = {
15
+
protected-mode = "no";
16
+
};
17
+
};
18
+
};
19
+
};
20
+
ntfy-sh = {
21
+
enable = true;
22
+
settings = {
23
+
base-url = "https://ntfy.killuaa.dev";
24
+
listen-http = ":2586";
25
+
behind-proxy = true;
26
+
};
27
+
};
28
+
mollysocket = {
29
+
enable = true;
30
+
settings = {
31
+
host = "0.0.0.0";
32
+
};
33
+
};
34
+
murmur = {
35
+
enable = true;
36
+
bandwidth = 800000;
37
+
};
38
+
vaultwarden = {
39
+
enable = true;
40
+
};
41
+
};
42
+
systemd.services = {
43
+
vaultwarden = {
44
+
serviceConfig = {
45
+
Environment = [
46
+
"ROCKET_ADDRESS=0.0.0.0"
47
+
"ROCKET_PORT=7474"
48
+
"DATA_FOLDER=/var/lib/vaultwarden"
49
+
"WEB_VAULT_FOLDER=${pkgs.vaultwarden.webvault}/share/vaultwarden/vault"
50
+
];
51
+
EnvironmentFile = "";
52
+
};
53
+
};
54
+
mollysocket = {
55
+
serviceConfig = {
56
+
Environment = [ "MOLLY_VAPID_PRIVKEY=${pm.srv.molly.private_key}" ];
57
+
};
58
+
};
59
+
};
60
+
}
+78
hosts/vulpes/infra/postgres.nix
+78
hosts/vulpes/infra/postgres.nix
···
1
+
{ args, config, pkgs, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
services = {
7
+
postgresql = {
8
+
enable = true;
9
+
enableTCPIP = true;
10
+
package = pkgs.postgresql_17_jit;
11
+
ensureUsers = [
12
+
{
13
+
name = "roufpup";
14
+
ensureDBOwnership = true;
15
+
ensureClauses = {
16
+
login = true;
17
+
superuser = true;
18
+
createdb = true;
19
+
createrole = true;
20
+
bypassrls = true;
21
+
replication = true;
22
+
};
23
+
}
24
+
{
25
+
name = "forgejo";
26
+
ensureDBOwnership = true;
27
+
ensureClauses = {
28
+
login = true;
29
+
};
30
+
}
31
+
{
32
+
name = "ente";
33
+
ensureDBOwnership = true;
34
+
ensureClauses = {
35
+
login = true;
36
+
};
37
+
}
38
+
{
39
+
name = "zerda";
40
+
ensureDBOwnership = true;
41
+
ensureClauses = {
42
+
login = true;
43
+
};
44
+
}
45
+
];
46
+
ensureDatabases = [
47
+
"roufpup"
48
+
"forgejo"
49
+
"ente"
50
+
"zerda"
51
+
];
52
+
settings = {
53
+
listen_addresses = "*";
54
+
};
55
+
authentication = pkgs.lib.mkForce ''
56
+
local postgres postgres trust
57
+
local all roufpup trust
58
+
host all roufpup 127.0.0.1/8 trust
59
+
host forgejo forgejo 127.0.0.1/8 md5
60
+
host ente ente 127.0.0.1/8 md5
61
+
host ente ente ::1/8 md5
62
+
host zerda zerda 127.0.0.1/8 md5
63
+
'';
64
+
};
65
+
66
+
pgadmin = {
67
+
enable = true;
68
+
initialEmail = pm.srv.pgadmin.email;
69
+
initialPasswordFile = config.sops.secrets.pgadmin_password.path;
70
+
settings = {
71
+
DEFAULT_SERVER = "0.0.0.0";
72
+
FIXED_BINARY_PATHS = {
73
+
pg-17 = "${pkgs.postgresql_17_jit}/bin";
74
+
};
75
+
};
76
+
};
77
+
};
78
+
}
+78
hosts/vulpes/infra/zerda.nix
+78
hosts/vulpes/infra/zerda.nix
···
1
+
{
2
+
utils,
3
+
config,
4
+
args,
5
+
...
6
+
}:
7
+
let
8
+
secrets_dir = "/run/secrets";
9
+
zerda_config = {
10
+
url = "https://zerda.killuaa.dev";
11
+
address = "0.0.0.0";
12
+
port = 3232;
13
+
mediaDirectory = "/var/lib/zerda";
14
+
socket = null;
15
+
db = {
16
+
host = "127.0.0.1";
17
+
port = 5432;
18
+
db = "zerda";
19
+
user = "zerda";
20
+
pass._secret = config.sops.secrets.zerda_db_pass.path;
21
+
};
22
+
dbReplications = false;
23
+
redis = {
24
+
host = "127.0.0.1";
25
+
port = 6375;
26
+
};
27
+
fulltextSearch = {
28
+
provider = "sqlLike";
29
+
};
30
+
id = "aidx";
31
+
proxyBypassHosts = [
32
+
"api.deepl.com"
33
+
"api-free.deepl.com"
34
+
"www.recaptcha.net"
35
+
"hcaptcha.com"
36
+
"challenges.cloudflare.com"
37
+
];
38
+
proxyRemoteFiles = true;
39
+
signToActivityPubGet = true;
40
+
attachLdSignatureForRelays = true;
41
+
websocketCompression = false;
42
+
};
43
+
in
44
+
{
45
+
systemd.services = {
46
+
zerda-setup = {
47
+
enable = true;
48
+
wantedBy = [ "zerda.service" ];
49
+
before = [ "zerda.service" ];
50
+
script = ''
51
+
${utils.genJqSecretsReplacementSnippet zerda_config "${secrets_dir}/zerda_default.yml"}
52
+
'';
53
+
};
54
+
zerda = {
55
+
enable = true;
56
+
description = "Zerda";
57
+
wantedBy = [ "default.target" ];
58
+
wants = [
59
+
"zerda-setup.service"
60
+
];
61
+
after = [
62
+
"zerda-setup.service"
63
+
];
64
+
script = ''
65
+
${args.pkgs-master.sharkey}/bin/sharkey migrateandstart
66
+
'';
67
+
serviceConfig = {
68
+
EnvironmentFile = "${secrets_dir}/zerda_env";
69
+
Restart = "always";
70
+
SyslogIdentifier = "zerda";
71
+
RuntimeDirectory = "zerda";
72
+
StateDirectory = "zerda";
73
+
User = "zerda";
74
+
Group = "zerda";
75
+
};
76
+
};
77
+
};
78
+
}
+53
hosts/work/core/boot.nix
+53
hosts/work/core/boot.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
boot = {
4
+
5
+
supportedFilesystems = [
6
+
"ntfs"
7
+
"btrfs"
8
+
];
9
+
10
+
kernelPackages = pkgs.linuxPackages_latest;
11
+
kernelParams = [ "preempt=full" ];
12
+
13
+
loader = {
14
+
systemd-boot = {
15
+
enable = true;
16
+
consoleMode = "auto";
17
+
configurationLimit = 3;
18
+
};
19
+
20
+
efi = {
21
+
canTouchEfiVariables = true;
22
+
};
23
+
};
24
+
25
+
initrd = {
26
+
kernelModules = [
27
+
"dm-snapshot"
28
+
];
29
+
availableKernelModules = [
30
+
"nvme"
31
+
"xhci_pci"
32
+
"thunderbolt"
33
+
"usbhid"
34
+
"usb_storage"
35
+
"sd_mod"
36
+
];
37
+
};
38
+
39
+
kernelModules = [
40
+
"kvm-amd"
41
+
"amdgpu"
42
+
"usbmon"
43
+
];
44
+
45
+
plymouth = {
46
+
enable = true;
47
+
theme = "blahaj";
48
+
themePackages = with pkgs; [
49
+
plymouth-blahaj-theme
50
+
];
51
+
};
52
+
};
53
+
}
+26
hosts/work/core/gaming.nix
+26
hosts/work/core/gaming.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
services.ananicy = {
4
+
enable = true;
5
+
package = pkgs.ananicy-cpp;
6
+
rulesProvider = pkgs.ananicy-cpp;
7
+
extraRules = [
8
+
{
9
+
"name" = "gamescope";
10
+
"nice" = -20;
11
+
}
12
+
];
13
+
};
14
+
programs = {
15
+
gamescope = {
16
+
enable = true;
17
+
capSysNice = false;
18
+
};
19
+
steam = {
20
+
enable = true;
21
+
remotePlay.openFirewall = true;
22
+
dedicatedServer.openFirewall = true;
23
+
localNetworkGameTransfers.openFirewall = true;
24
+
};
25
+
};
26
+
}
+74
hosts/work/core/hardware.nix
+74
hosts/work/core/hardware.nix
···
1
+
{
2
+
config,
3
+
lib,
4
+
pkgs,
5
+
modulesPath,
6
+
...
7
+
}:
8
+
9
+
{
10
+
imports = [
11
+
(modulesPath + "/installer/scan/not-detected.nix")
12
+
];
13
+
14
+
fileSystems = {
15
+
16
+
"/" = {
17
+
device = "/dev/disk/by-uuid/368f8b9b-b87e-4344-bc7e-962d62a5eba8";
18
+
fsType = "btrfs";
19
+
};
20
+
21
+
"/home" = {
22
+
device = "/dev/disk/by-uuid/b69233ba-e1b2-4036-b32e-ade5ef35e10b";
23
+
fsType = "btrfs";
24
+
neededForBoot = true;
25
+
};
26
+
27
+
"/boot" = {
28
+
device = "/dev/disk/by-uuid/76AE-AD29";
29
+
fsType = "vfat";
30
+
options = [
31
+
"fmask=0022"
32
+
"dmask=0022"
33
+
];
34
+
};
35
+
};
36
+
37
+
swapDevices = [
38
+
{
39
+
device = "/swapfile";
40
+
size = 20 * 1024;
41
+
}
42
+
];
43
+
44
+
hardware = {
45
+
enableRedistributableFirmware = true;
46
+
47
+
bluetooth = {
48
+
enable = true;
49
+
powerOnBoot = true;
50
+
};
51
+
52
+
amdgpu = {
53
+
opencl = {
54
+
enable = true;
55
+
};
56
+
};
57
+
58
+
graphics = {
59
+
enable = true;
60
+
enable32Bit = true;
61
+
extraPackages = with pkgs; [
62
+
libva-utils
63
+
libvdpau-va-gl
64
+
];
65
+
};
66
+
67
+
cpu = {
68
+
amd = {
69
+
updateMicrocode = true;
70
+
};
71
+
};
72
+
};
73
+
74
+
}
+33
hosts/work/core/networking.nix
+33
hosts/work/core/networking.nix
···
1
+
{ ... }:
2
+
{
3
+
networking = {
4
+
hostName = "fennec-work";
5
+
networkmanager.enable = false;
6
+
resolvconf.enable = false;
7
+
wireless = {
8
+
enable = false;
9
+
};
10
+
dhcpcd = {
11
+
extraConfig = ''nohook resolv.conf '';
12
+
};
13
+
14
+
firewall = {
15
+
enable = true;
16
+
allowedTCPPorts = [
17
+
40555
18
+
];
19
+
allowedUDPPorts = [
20
+
34197
21
+
];
22
+
};
23
+
};
24
+
# services.resolved = {
25
+
# enable = true;
26
+
# extraConfig = ''
27
+
# DNSStubListener=no
28
+
# '';
29
+
# fallbackDns = [
30
+
# "127.0.0.1"
31
+
# ];
32
+
# };
33
+
}
+157
hosts/work/core/packages.nix
+157
hosts/work/core/packages.nix
···
1
+
{ pkgs, args, ... }:
2
+
let
3
+
pm = (args.mods.priv_mod.get_data args);
4
+
in
5
+
{
6
+
environment.systemPackages = with pkgs; [
7
+
krita
8
+
qbittorrent
9
+
gemini-cli-bin
10
+
11
+
# LLM
12
+
llama-cpp-rocm
13
+
python312Packages.huggingface-hub
14
+
15
+
# CLI utilities
16
+
magic-wormhole-rs
17
+
dysk
18
+
dust
19
+
vulkan-tools
20
+
_7zz
21
+
unzip
22
+
unrar
23
+
zola
24
+
speed-cloudflare-cli
25
+
btrfs-progs
26
+
fastfetch
27
+
zellij
28
+
calc-rs
29
+
xdg-utils
30
+
rocmPackages.rocminfo
31
+
rocmPackages.rocm-smi
32
+
clinfo
33
+
ripgrep
34
+
eza
35
+
bat
36
+
btop
37
+
pulsemixer
38
+
fd
39
+
jq
40
+
nix-output-monitor
41
+
sops
42
+
dig
43
+
nmap
44
+
pinentry-gnome3
45
+
46
+
# CLI apps
47
+
helix
48
+
steel
49
+
nh
50
+
npins
51
+
git
52
+
swww
53
+
stash
54
+
(lib.hiPrio wl-clipboard-rs)
55
+
monero-cli
56
+
yubikey-manager
57
+
58
+
# GUI apps
59
+
yubioath-flutter
60
+
dconf-editor
61
+
winbox4
62
+
amdgpu_top
63
+
easyeffects
64
+
quickshell
65
+
seahorse
66
+
delfin
67
+
nicotine-plus
68
+
tauon
69
+
antares
70
+
monero-gui
71
+
bisq2
72
+
73
+
# Social
74
+
signal-desktop
75
+
mumble
76
+
thunderbird-bin
77
+
telegram-desktop
78
+
element-desktop
79
+
80
+
# Gaming
81
+
lact
82
+
prismlauncher
83
+
(vintagestory.override {
84
+
# waylandSupport = true;
85
+
# x11Support = false;
86
+
})
87
+
(factorio-space-age.override {
88
+
username = pm.factorio.username;
89
+
token = pm.factorio.token;
90
+
})
91
+
mangohud
92
+
93
+
# Programming
94
+
rustc
95
+
rust-analyzer
96
+
cargo
97
+
rustfmt
98
+
clippy
99
+
nodejs
100
+
nixd
101
+
nixfmt-rfc-style
102
+
schemat
103
+
# corretto21
104
+
hoppscotch
105
+
forgejo-runner
106
+
meld
107
+
hextazy
108
+
xh
109
+
tokei
110
+
jujutsu
111
+
d-spy
112
+
just
113
+
ghex
114
+
android-studio
115
+
# jetbrains.idea-community-bin
116
+
jetbrains.rider
117
+
jetbrains.idea
118
+
119
+
# Cool but barely used
120
+
servo
121
+
122
+
# Daily Used
123
+
rofi
124
+
pear-desktop
125
+
bitwarden-desktop
126
+
ente-desktop
127
+
onlyoffice-desktopeditors
128
+
libreoffice-qt-fresh
129
+
papers
130
+
nemo-with-extensions
131
+
nemo-emblems
132
+
nemo-fileroller
133
+
newsflash
134
+
rssguard
135
+
yazi
136
+
foliate
137
+
mpv
138
+
tutanota-desktop
139
+
mako
140
+
librewolf-bin
141
+
syncplay
142
+
143
+
# Fish plugins
144
+
fishPlugins.fzf-fish
145
+
146
+
#Theming
147
+
mint-themes
148
+
mint-y-icons
149
+
kdePackages.breeze
150
+
kdePackages.breeze-icons
151
+
152
+
# 3rd party
153
+
args.pins.affinity-nix.packages."${pkgs.stdenv.hostPlatform.system}".v3
154
+
args.pins.wire.packages.${builtins.currentSystem}.wire
155
+
(import args.pins.nixpkgs-jelly { }).jellyfin-desktop
156
+
];
157
+
}
+46
hosts/work/core/programs.nix
+46
hosts/work/core/programs.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
programs = {
4
+
bat = {
5
+
enable = true;
6
+
};
7
+
gnupg = {
8
+
agent = {
9
+
enable = true;
10
+
pinentryPackage = pkgs.pinentry-gnome3;
11
+
enableSSHSupport = true;
12
+
};
13
+
};
14
+
fish = {
15
+
enable = true;
16
+
};
17
+
nix-ld = {
18
+
enable = true;
19
+
};
20
+
noisetorch = {
21
+
enable = true;
22
+
};
23
+
wireshark = {
24
+
enable = true;
25
+
package = pkgs.wireshark;
26
+
usbmon = {
27
+
enable = true;
28
+
};
29
+
dumpcap = {
30
+
enable = true;
31
+
};
32
+
};
33
+
dconf = {
34
+
enable = true;
35
+
};
36
+
ssh = {
37
+
enableAskPassword = true;
38
+
askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
39
+
};
40
+
niri = {
41
+
enable = true;
42
+
package = pkgs.niri;
43
+
useNautilus = false;
44
+
};
45
+
};
46
+
}
+176
hosts/work/core/services.nix
+176
hosts/work/core/services.nix
···
1
+
{ pkgs, config, ... }:
2
+
{
3
+
services = {
4
+
pcscd.enable = true;
5
+
power-profiles-daemon.enable = true;
6
+
spice-vdagentd.enable = true;
7
+
blueman.enable = true;
8
+
gvfs.enable = true;
9
+
fwupd.enable = true;
10
+
11
+
gnome = {
12
+
gcr-ssh-agent.enable = false;
13
+
gnome-keyring.enable = true;
14
+
};
15
+
16
+
tailscale = {
17
+
enable = false;
18
+
interfaceName = "userspace-networking";
19
+
authKeyFile = "${config.sops.secrets.pupscale_key.path}";
20
+
extraUpFlags = [ "--login-server=https://pupscale.killuaa.dev" ];
21
+
extraSetFlags = [
22
+
"--operator=roufpup"
23
+
"--accept-dns=true"
24
+
];
25
+
extraDaemonFlags = [
26
+
"--socks5-server=0.0.0.0:1055"
27
+
"--outbound-http-proxy-listen=0.0.0.0:1055"
28
+
];
29
+
};
30
+
31
+
pipewire = {
32
+
enable = true;
33
+
pulse.enable = true;
34
+
wireplumber = {
35
+
extraConfig = {
36
+
"99-custom-quantum.conf" = {
37
+
"context.properties" = {
38
+
"default.clock.rate" = 48000;
39
+
"default.clock.allowed-rates" = [ 48000 ];
40
+
"default.clock.quantum" = 4096;
41
+
"default.clock.min-quantum" = 4096;
42
+
"default.clock.max-quantum" = 8192;
43
+
};
44
+
"context.modules" = [
45
+
{
46
+
name = "libpipewire-module-rt";
47
+
args = {
48
+
"nice.level" = -20;
49
+
"rt.prio" = 99;
50
+
"rt.time.soft" = 200000;
51
+
"rt.time.hard" = 200000;
52
+
};
53
+
flags = [
54
+
"ifexists"
55
+
"nofail"
56
+
];
57
+
}
58
+
];
59
+
};
60
+
"FIIO-KA13" = {
61
+
"monitor.alsa.rules" = [
62
+
{
63
+
matches = [
64
+
{
65
+
"device.name" = "alsa_card.usb-FIIO_FIIO_KA13-01";
66
+
}
67
+
];
68
+
actions = {
69
+
update-props = {
70
+
71
+
};
72
+
};
73
+
}
74
+
];
75
+
};
76
+
"arctis-nova" = {
77
+
"monitor.alsa.rules" = [
78
+
{
79
+
matches = [
80
+
{
81
+
"device.name" = "alsa_card.usb-SteelSeries_Arctis_Nova_7-00";
82
+
}
83
+
];
84
+
actions = {
85
+
update-props = {
86
+
"device.description" = "Puppy Headphones";
87
+
};
88
+
};
89
+
}
90
+
];
91
+
};
92
+
};
93
+
};
94
+
};
95
+
96
+
openssh = {
97
+
enable = true;
98
+
settings = {
99
+
PasswordAuthentication = false;
100
+
};
101
+
};
102
+
103
+
dbus = {
104
+
implementation = "broker";
105
+
};
106
+
107
+
greetd = {
108
+
enable = true;
109
+
restart = true;
110
+
useTextGreeter = true;
111
+
settings = {
112
+
default_session = {
113
+
command = "${pkgs.tuigreet}/bin/tuigreet --time --remember --remember-session --user-menu";
114
+
};
115
+
};
116
+
};
117
+
118
+
netbird = {
119
+
clients.work = {
120
+
ui = {
121
+
enable = true;
122
+
};
123
+
port = 51820;
124
+
environment = {
125
+
NB_MANAGEMENT_URL = "https://netbird.killuaa.dev";
126
+
NB_SETUP_KEY_FILE = config.sops.secrets.nb_setup_key.path;
127
+
};
128
+
};
129
+
};
130
+
131
+
pihole-web = {
132
+
enable = true;
133
+
ports = [
134
+
"80r"
135
+
"443s"
136
+
];
137
+
};
138
+
pihole-ftl = {
139
+
enable = true;
140
+
settings = {
141
+
webserver = {
142
+
interface.theme = "default-dark";
143
+
};
144
+
dns = {
145
+
upstreams = [
146
+
"76.76.2.0"
147
+
"76.76.10.0"
148
+
];
149
+
domain = {
150
+
name = "puppy";
151
+
};
152
+
};
153
+
};
154
+
lists = [
155
+
{
156
+
enabled = true;
157
+
description = "Hagezi Ultimate";
158
+
url = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/ultimate.txt";
159
+
type = "block";
160
+
}
161
+
];
162
+
};
163
+
};
164
+
systemd.services.netbird-work = {
165
+
serviceConfig = {
166
+
AmbientCapabilities = [
167
+
"CAP_NET_BIND_SERVICE"
168
+
"CAP_DAC_OVERRIDE"
169
+
];
170
+
ReadWritePaths = [
171
+
"/etc/resolv.conf"
172
+
"/etc/resolv.conf.original.netbird"
173
+
];
174
+
};
175
+
};
176
+
}
+18
hosts/work/core/sops.nix
+18
hosts/work/core/sops.nix
···
1
+
{ args, ... }:
2
+
let
3
+
main_secrets = (args.mods.priv_mod.get_data args).secrets_file.work;
4
+
age_file = "/home/roufpup/.config/sops/age/work.txt";
5
+
in
6
+
{
7
+
sops = {
8
+
defaultSopsFile = main_secrets;
9
+
defaultSopsFormat = "yaml";
10
+
age.keyFile = age_file;
11
+
12
+
secrets = {
13
+
pupscale_key = { };
14
+
wpa_conf = { };
15
+
nb_setup_key = { };
16
+
};
17
+
};
18
+
}
+112
hosts/work/core/systemd.nix
+112
hosts/work/core/systemd.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
systemd = {
4
+
packages = with pkgs; [
5
+
lact
6
+
];
7
+
8
+
services = {
9
+
lactd = {
10
+
wantedBy = [ "multi-user.target" ];
11
+
};
12
+
};
13
+
14
+
user = {
15
+
tmpfiles.users.roufpup.rules =
16
+
let
17
+
file = pkgs.writeText "roufpup_scdaemon.conf" ''
18
+
disable-ccid
19
+
pcsc-shared
20
+
disable-application piv
21
+
'';
22
+
in
23
+
[
24
+
"L+ %h/.local/share/gnupg/scdaemon.conf - - - - ${file}"
25
+
];
26
+
services = {
27
+
sww-daemon = {
28
+
enable = true;
29
+
wantedBy = [ "graphical-session.target" ];
30
+
31
+
unitConfig = {
32
+
ConditionEnvironment = "WAYLAND_DISPLAY";
33
+
After = [ "graphical-session.target" ];
34
+
PartOf = [ "graphical-session.target" ];
35
+
};
36
+
37
+
serviceConfig = {
38
+
ExecStart = ''
39
+
${pkgs.swww}/bin/swww-daemon
40
+
'';
41
+
Restart = "always";
42
+
};
43
+
};
44
+
45
+
# stash-watch = {
46
+
# enable = true;
47
+
# wantedBy = [ "graphical-session.target" ];
48
+
49
+
# unitConfig = {
50
+
# ConditionEnvironment = "WAYLAND_DISPLAY";
51
+
# After = [ "graphical-session.target" ];
52
+
# PartOf = [ "graphical-session.target" ];
53
+
# };
54
+
55
+
# serviceConfig = {
56
+
# ExecStart = ''
57
+
# ${pkgs.stash}/bin/stash watch -v --types "image/png, image/webp, image/jpeg, image/avif, image/jxl ,text/plain"
58
+
# '';
59
+
# Restart = "always";
60
+
# };
61
+
# };
62
+
wl-clipboard-text = {
63
+
enable = true;
64
+
wantedBy = [ "graphical-session.target" ];
65
+
66
+
unitConfig = {
67
+
ConditionEnvironment = "WAYLAND_DISPLAY";
68
+
After = [ "graphical-session.target" ];
69
+
PartOf = [ "graphical-session.target" ];
70
+
};
71
+
72
+
serviceConfig = {
73
+
ExecStart = ''
74
+
${pkgs.wl-clipboard}/bin/wl-paste --type text --watch ${pkgs.cliphist}/bin/cliphist store
75
+
'';
76
+
Restart = "always";
77
+
};
78
+
};
79
+
wl-clipboard-image = {
80
+
enable = true;
81
+
wantedBy = [ "graphical-session.target" ];
82
+
83
+
unitConfig = {
84
+
ConditionEnvironment = "WAYLAND_DISPLAY";
85
+
After = [ "graphical-session.target" ];
86
+
PartOf = [ "graphical-session.target" ];
87
+
};
88
+
89
+
serviceConfig = {
90
+
ExecStart = ''
91
+
${pkgs.wl-clipboard}/bin/wl-paste --type image --watch ${pkgs.cliphist}/bin/cliphist store
92
+
'';
93
+
Restart = "always";
94
+
};
95
+
};
96
+
polkit-gnome-authentication-agent-1 = {
97
+
description = "polkit-gnome-authentication-agent-1";
98
+
wantedBy = [ "graphical-session.target" ];
99
+
wants = [ "graphical-session.target" ];
100
+
after = [ "graphical-session.target" ];
101
+
serviceConfig = {
102
+
Type = "simple";
103
+
ExecStart = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1";
104
+
Restart = "on-failure";
105
+
RestartSec = 1;
106
+
TimeoutStopSec = 10;
107
+
};
108
+
};
109
+
};
110
+
};
111
+
};
112
+
}
+34
hosts/work/core/users.nix
+34
hosts/work/core/users.nix
···
1
+
{ args, ... }:
2
+
{
3
+
users = {
4
+
# mutableUsers = false;
5
+
extraUsers = {
6
+
roufpup = {
7
+
uid = 1000;
8
+
group = "roufpup";
9
+
shell = pkgs.fish;
10
+
isNormalUser = true;
11
+
extraGroups = [
12
+
"wheel"
13
+
"video"
14
+
"render"
15
+
"wireshark"
16
+
];
17
+
openssh = {
18
+
authorizedKeys.keys = [
19
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkUMYuTCjDCIldnrQlA8M5gPkEUZ/oXxD5+B7nNeoM3 openpgp:0x13D59319"
20
+
];
21
+
};
22
+
# initialPassword = "testvm";
23
+
};
24
+
};
25
+
extraGroups = {
26
+
roufpup = {
27
+
name = "roufpup";
28
+
gid = 100;
29
+
members = [ "roufpup" ];
30
+
};
31
+
users.gid = pkgs.lib.mkForce 105;
32
+
};
33
+
};
34
+
}
+59
hosts/work/core/virtualization.nix
+59
hosts/work/core/virtualization.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
virtualisation = {
4
+
vmVariant.virtualisation = {
5
+
memorySize = 4096;
6
+
cores = 4;
7
+
diskImage = "./temp_disk";
8
+
forwardPorts = [
9
+
{
10
+
from = "host";
11
+
proto = "tcp";
12
+
host = {
13
+
port = 2222;
14
+
};
15
+
guest = {
16
+
port = 22;
17
+
};
18
+
}
19
+
];
20
+
qemu = {
21
+
guestAgent.enable = true;
22
+
};
23
+
useEFIBoot = true;
24
+
diskSize = 15360;
25
+
};
26
+
27
+
spiceUSBRedirection = {
28
+
enable = true;
29
+
};
30
+
libvirtd = {
31
+
enable = true;
32
+
33
+
qemu = {
34
+
swtpm = {
35
+
enable = true;
36
+
};
37
+
};
38
+
};
39
+
waydroid = {
40
+
enable = true;
41
+
};
42
+
43
+
docker = {
44
+
rootless = {
45
+
enable = true;
46
+
setSocketVariable = true;
47
+
};
48
+
};
49
+
};
50
+
51
+
security.wrappers = {
52
+
docker-rootlesskit = {
53
+
owner = "root";
54
+
group = "root";
55
+
capabilities = "cap_net_bind_service+ep";
56
+
source = "${pkgs.rootlesskit}/bin/rootlesskit";
57
+
};
58
+
};
59
+
}
+105
hosts/work/core/xdg.nix
+105
hosts/work/core/xdg.nix
···
1
+
{ pkgs, lib, ... }:
2
+
let
3
+
browser_desktop = "librewolf.desktop";
4
+
media_player_desktop = "mpv.desktop";
5
+
image_viewer_desktop = "org.gnome.Loupe.desktop";
6
+
text_editor_desktop = "dev.zed.Zed.desktop";
7
+
file_manager_desktop = "nemo.desktop";
8
+
in
9
+
{
10
+
xdg = {
11
+
portal = {
12
+
enable = true;
13
+
xdgOpenUsePortal = true;
14
+
extraPortals = with pkgs; [
15
+
xdg-desktop-portal-gnome
16
+
xdg-desktop-portal-gtk
17
+
];
18
+
config = {
19
+
niri = {
20
+
default = lib.mkForce [
21
+
"gtk;gnome"
22
+
];
23
+
"org.freedesktop.impl.portal.Secret" = [
24
+
"gnome-keyring"
25
+
];
26
+
"org.freedesktop.Notifications" = [
27
+
"mako"
28
+
];
29
+
};
30
+
};
31
+
};
32
+
33
+
mime = {
34
+
enable = true;
35
+
defaultApplications = {
36
+
# Browser
37
+
"application/x-extension-htm" = "${browser_desktop}";
38
+
"application/x-extension-html" = "${browser_desktop}";
39
+
"application/x-extension-shtml" = "${browser_desktop}";
40
+
"application/x-extension-xht" = "${browser_desktop}";
41
+
"application/x-extension-xhtml" = "${browser_desktop}";
42
+
"application/xhtml+xml" = "${browser_desktop}";
43
+
"x-scheme-handler/chrome" = "${browser_desktop}";
44
+
"x-scheme-handler/http" = "${browser_desktop}";
45
+
"x-scheme-handler/https" = "${browser_desktop}";
46
+
"text/html" = "${browser_desktop}";
47
+
48
+
# Text
49
+
"text/calendar" = "org.gnome.Calendar.desktop";
50
+
"text/plain" = "${text_editor_desktop}";
51
+
52
+
# Inode
53
+
"inode/directory" = "${file_manager_desktop}";
54
+
55
+
# Image
56
+
"image/gif" = "${image_viewer_desktop}";
57
+
"image/jpeg" = "${image_viewer_desktop}";
58
+
"image/png" = "${image_viewer_desktop}";
59
+
"image/webp" = "${image_viewer_desktop}";
60
+
# Media
61
+
"video/3gpp" = "${media_player_desktop}";
62
+
"video/3gpp2" = "${media_player_desktop}";
63
+
"video/annodex" = "${media_player_desktop}";
64
+
"video/dv" = "${media_player_desktop}";
65
+
"video/isivideo" = "${media_player_desktop}";
66
+
"video/mj2" = "${media_player_desktop}";
67
+
"video/mp2t" = "${media_player_desktop}";
68
+
"video/mp4" = "${media_player_desktop}";
69
+
"video/mpeg" = "${media_player_desktop}";
70
+
"video/ogg" = "${media_player_desktop}";
71
+
"video/quicktime" = "${media_player_desktop}";
72
+
"video/vnd.avi" = "${media_player_desktop}";
73
+
"video/vnd.mpegurl" = "${media_player_desktop}";
74
+
"video/vnd.radgamettools.bink" = "${media_player_desktop}";
75
+
"video/vnd.radgamettools.smacker" = "${media_player_desktop}";
76
+
"video/vnd.rn-realvideo" = "${media_player_desktop}";
77
+
"video/vnd.vivo" = "${media_player_desktop}";
78
+
"video/vnd.youtube.yt" = "${media_player_desktop}";
79
+
"video/wavelet" = "${media_player_desktop}";
80
+
"video/webm" = "${media_player_desktop}";
81
+
"video/x-anim" = "${media_player_desktop}";
82
+
"video/x-flic" = "${media_player_desktop}";
83
+
"video/x-flv" = "${media_player_desktop}";
84
+
"video/x-javafx" = "${media_player_desktop}";
85
+
"video/x-matroska" = "${media_player_desktop}";
86
+
"video/x-matroska-3d" = "${media_player_desktop}";
87
+
"video/x-mjpeg" = "${media_player_desktop}";
88
+
"video/x-mng" = "${media_player_desktop}";
89
+
"video/x-ms-wmv" = "${media_player_desktop}";
90
+
"video/x-nsv" = "${media_player_desktop}";
91
+
"video/x-ogm+ogg" = "${media_player_desktop}";
92
+
"video/x-sgi-movie" = "${media_player_desktop}";
93
+
"video/x-theora+ogg" = "${media_player_desktop}";
94
+
95
+
# Misc.
96
+
"x-scheme-handler/ror2mm" = "r2modman.desktop";
97
+
"x-scheme-handler/heroic" = "heroic.desktop";
98
+
"x-scheme-handler/discord" = "discord.desktop";
99
+
"x-scheme-handler/sidequest" = "SideQuest.desktop";
100
+
"x-scheme-handler/sgnl" = "signal.desktop";
101
+
102
+
};
103
+
};
104
+
};
105
+
}
+133
hosts/work/default.nix
+133
hosts/work/default.nix
···
1
+
{
2
+
args,
3
+
...
4
+
}:
5
+
let
6
+
overlays = (args.pup_lib.get_overlays args);
7
+
in
8
+
{
9
+
imports = [
10
+
args.mods.hosts_modules.work.hjem-rum
11
+
12
+
args.pins.sops-nix.nixosModules.sops
13
+
args.pins.nix-index.nixosModules.nix-index
14
+
]
15
+
++ (args.pup_lib.module_imports ./core);
16
+
17
+
time.timeZone = "Europe/Amsterdam";
18
+
i18n.defaultLocale = "en_US.UTF-8";
19
+
20
+
fonts = {
21
+
fontconfig = {
22
+
defaultFonts = {
23
+
monospace = [ "Monocraft Nerd Font" ];
24
+
};
25
+
};
26
+
packages = with pkgs; [
27
+
nerd-fonts.fira-code
28
+
noto-fonts
29
+
noto-fonts-cjk-sans
30
+
noto-fonts-cjk-serif
31
+
noto-fonts-color-emoji
32
+
noto-fonts-emoji-blob-bin
33
+
noto-fonts-lgc-plus
34
+
monocraft
35
+
];
36
+
};
37
+
38
+
qt = {
39
+
enable = true;
40
+
platformTheme = "kde";
41
+
};
42
+
43
+
security = {
44
+
sudo-rs = {
45
+
enable = true;
46
+
execWheelOnly = true;
47
+
extraConfig = ''
48
+
Defaults passwd_timeout=0
49
+
'';
50
+
};
51
+
pam = {
52
+
services = {
53
+
sudo.rssh = true;
54
+
greetd.enableGnomeKeyring = true;
55
+
};
56
+
rssh = {
57
+
enable = true;
58
+
settings = {
59
+
cue = true;
60
+
};
61
+
};
62
+
loginLimits = [
63
+
{
64
+
domain = "roufpup";
65
+
type = "-";
66
+
item = "rtprio";
67
+
value = 99;
68
+
}
69
+
{
70
+
domain = "roufpup";
71
+
type = "-";
72
+
item = "nice";
73
+
value = -20;
74
+
}
75
+
];
76
+
};
77
+
rtkit = {
78
+
enable = true;
79
+
};
80
+
};
81
+
82
+
nixpkgs = {
83
+
config = {
84
+
allowUnfree = true;
85
+
rocmSupport = true;
86
+
android_sdk.accept_license = true;
87
+
permittedInsecurePackages = [
88
+
"librewolf-bin-146.0.1-1"
89
+
"librewolf-bin-unwrapped-146.0.1-1"
90
+
];
91
+
};
92
+
hostPlatform = pkgs.lib.mkDefault "x86_64-linux";
93
+
overlays = [
94
+
overlays.default
95
+
overlays.huggingface-hub
96
+
];
97
+
};
98
+
99
+
nix = {
100
+
package = pkgs.lix;
101
+
nixPath = [
102
+
"nixpkgs=${args.sources.nixpkgs.outPath}"
103
+
"dots=${args.root_path}"
104
+
];
105
+
channel.enable = false;
106
+
settings = {
107
+
use-xdg-base-directories = true;
108
+
auto-optimise-store = true;
109
+
accept-flake-config = false;
110
+
111
+
trusted-users = [
112
+
"roufpup"
113
+
];
114
+
experimental-features = [
115
+
"nix-command"
116
+
"flakes"
117
+
];
118
+
substituters = [
119
+
"https://cache.garnix.io"
120
+
];
121
+
122
+
trusted-public-keys = [
123
+
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
124
+
];
125
+
};
126
+
gc = {
127
+
automatic = true;
128
+
dates = "weekly";
129
+
};
130
+
};
131
+
132
+
system.stateVersion = "25.05";
133
+
}
+63
hosts/work/hjem-rum/default.nix
+63
hosts/work/hjem-rum/default.nix
···
1
+
{
2
+
args,
3
+
...
4
+
}:
5
+
let
6
+
home = "/home/roufpup";
7
+
in
8
+
{
9
+
imports = [
10
+
args.pins.hjem.nixosModules.default
11
+
];
12
+
13
+
hjem = {
14
+
clobberByDefault = true;
15
+
extraModules = [
16
+
args.pins.hjem-rum.hjemModules.default
17
+
];
18
+
users = {
19
+
roufpup = {
20
+
enable = true;
21
+
directory = home;
22
+
user = "roufpup";
23
+
environment.sessionVariables = {
24
+
CARGO_HOME = "${home}/.local/share/cargo";
25
+
RUSTICL_ENABLE = "radeonsi";
26
+
GTK2_RC_FILES = "${home}/.config/gtk-2.0/gtkrc";
27
+
GOPATH = "${home}/.local/share/go";
28
+
GRADLE_USER_HOME = "${home}/.local/share/gradle";
29
+
GNUPGHOME = "${home}/.local/share/gnupg";
30
+
NPM_CONFIG_INIT_MODULE = "${home}/.config/npm/config/npm-init.js";
31
+
NPM_CONFIG_CACHE = "${home}/.cache/npm";
32
+
NPM_CONFIG_TMP = "$XDG_RUNTIME_DIR/npm";
33
+
DOTNET_CLI_HOME = "${home}/.local/share/dotnet";
34
+
NUGET_PACKAGES = "${home}/.cache/NuGetPackages";
35
+
DOCKER_CONFIG = "${home}/.config/docker";
36
+
NIXOS_OZONE_WL = "1";
37
+
SDL_VIDEODRIVER = "wayland";
38
+
MOZ_ENABLE_WAYLAND = "1";
39
+
EDITOR = "hx";
40
+
41
+
XCURSOR_THEME = "Bibata-Modern-Ice";
42
+
XCURSOR_SIZE = "24";
43
+
};
44
+
45
+
xdg = import ./xdg.nix { inherit args; };
46
+
47
+
rum = {
48
+
desktops = (
49
+
(import ./niri.nix) {
50
+
inherit args;
51
+
}
52
+
);
53
+
programs = (
54
+
args.pup_lib.merge_modules (./. + "/programs") {
55
+
inherit args;
56
+
}
57
+
);
58
+
};
59
+
};
60
+
};
61
+
};
62
+
63
+
}
+174
hosts/work/hjem-rum/niri.nix
+174
hosts/work/hjem-rum/niri.nix
···
1
+
{ args, ... }:
2
+
{
3
+
niri = {
4
+
enable = true;
5
+
spawn-at-startup = [
6
+
[
7
+
"quickshell"
8
+
"--config"
9
+
"/home/roufpup/.config/quickshell/shell/"
10
+
]
11
+
];
12
+
config = ''
13
+
input {
14
+
keyboard {
15
+
xkb {
16
+
layout "us,bg"
17
+
model ""
18
+
rules ""
19
+
variant ",phonetic"
20
+
options "grp:rctrl_rshift_toggle,caps:escape"
21
+
}
22
+
repeat-delay 600
23
+
repeat-rate 25
24
+
track-layout "global"
25
+
}
26
+
touchpad {
27
+
tap
28
+
natural-scroll
29
+
click-method "clickfinger"
30
+
}
31
+
focus-follows-mouse max-scroll-amount="0%"
32
+
}
33
+
output "eDP-2" {
34
+
scale 1.250000
35
+
transform "normal"
36
+
mode "2560x1600@165.000000"
37
+
}
38
+
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
39
+
prefer-no-csd
40
+
layout {
41
+
gaps 5
42
+
struts {
43
+
left 0
44
+
right 0
45
+
top 0
46
+
bottom 0
47
+
}
48
+
focus-ring { off; }
49
+
border { width 4; }
50
+
default-column-width
51
+
center-focused-column "never"
52
+
always-center-single-column
53
+
empty-workspace-above-first
54
+
}
55
+
gestures { hot-corners { off; }; }
56
+
xwayland-satellite { path "${pkgs.xwayland-satellite}/bin/xwayland-satellite"; }
57
+
window-rule {
58
+
match title="Removing Cookies and Site Data"
59
+
60
+
default-column-width { fixed 592; }
61
+
default-window-height { fixed 162; }
62
+
}
63
+
window-rule {
64
+
match title="Bitwarden"
65
+
default-column-width { fixed 1200; }
66
+
default-window-height { fixed 800; }
67
+
open-floating true
68
+
}
69
+
window-rule {
70
+
match app-id="xdg-desktop-portal-gtk"
71
+
open-floating true
72
+
default-column-width { fixed 1200; }
73
+
default-window-height { fixed 800; }
74
+
}
75
+
window-rule {
76
+
match app-id="nemo"
77
+
open-floating true
78
+
default-column-width { fixed 1375; }
79
+
default-window-height { fixed 830; }
80
+
}
81
+
'';
82
+
binds = {
83
+
"Ctrl+Shift+Left" = {
84
+
action = "focus-column-left";
85
+
};
86
+
87
+
"Ctrl+Shift+Right" = {
88
+
action = "focus-column-right";
89
+
};
90
+
"Ctrl+WheelScrollDown" = {
91
+
action = "focus-column-right";
92
+
};
93
+
"Ctrl+WheelScrollUp" = {
94
+
action = "focus-column-left";
95
+
};
96
+
"Mod+Alt+C" = {
97
+
action = "close-window";
98
+
};
99
+
"Mod+Down" = {
100
+
action = "focus-workspace-down";
101
+
};
102
+
"Mod+F" = {
103
+
action = "maximize-column";
104
+
};
105
+
"Mod+P" = {
106
+
action = "screenshot";
107
+
# parameters = {
108
+
# show-pointer = true;
109
+
# };
110
+
};
111
+
"Mod+Q" = {
112
+
spawn = [ "foot" ];
113
+
};
114
+
"Mod+Shift+Down" = {
115
+
action = "move-window-down-or-to-workspace-down";
116
+
};
117
+
"Mod+Shift+E" = {
118
+
action = "quit";
119
+
# parameters = {
120
+
# skip-confirmation = true;
121
+
# };
122
+
};
123
+
"Mod+Shift+F" = {
124
+
action = "fullscreen-window";
125
+
};
126
+
"Mod+Shift+Left" = {
127
+
action = "move-column-left";
128
+
};
129
+
"Mod+Shift+Right" = {
130
+
action = "move-column-right";
131
+
};
132
+
"Mod+Shift+Up" = {
133
+
action = "move-window-up-or-to-workspace-up";
134
+
};
135
+
"Mod+Space" = {
136
+
spawn = [
137
+
"sh"
138
+
"-c"
139
+
"rofi -show drun"
140
+
];
141
+
};
142
+
"Mod+Up" = {
143
+
action = "focus-workspace-up";
144
+
};
145
+
"Mod+V" = {
146
+
spawn = [
147
+
"sh"
148
+
"-c"
149
+
"${pkgs.cliphist}/bin/cliphist list | ${pkgs.rofi}/bin/rofi -dmenu | ${pkgs.cliphist}/bin/cliphist decode | ${pkgs.wl-clipboard-rs}/bin/wl-copy"
150
+
];
151
+
};
152
+
"Mod+Alt+V" = {
153
+
spawn = [
154
+
"sh"
155
+
"-c"
156
+
"${
157
+
(pkgs.rofi-rbw.override {
158
+
waylandSupport = true;
159
+
})
160
+
}/bin/rofi-rbw"
161
+
];
162
+
};
163
+
"Mod+Shift+V" = {
164
+
action = "toggle-window-floating";
165
+
};
166
+
"Mod+WheelScrollDown" = {
167
+
action = "focus-workspace-down";
168
+
};
169
+
"Mod+WheelScrollUp" = {
170
+
action = "focus-workspace-up";
171
+
};
172
+
};
173
+
};
174
+
}
+68
hosts/work/hjem-rum/programs/fish.nix
+68
hosts/work/hjem-rum/programs/fish.nix
···
1
+
{
2
+
args,
3
+
...
4
+
}:
5
+
let
6
+
rebuild_command = "sudo nixos-rebuild switch --file ${args.root_path}/default.nix --attr hosts.work";
7
+
in
8
+
{
9
+
fish = {
10
+
enable = true;
11
+
functions = {
12
+
fish_greeting = '''';
13
+
docker = ''
14
+
if test (count $argv) -eq 1; and test \"$argv[1]\" = ps
15
+
docker ps --format \"table {{.Names}}\\t{{.Image}}\\t{{.Status}}\\t{{.ID}}\"
16
+
else
17
+
command docker $argv
18
+
end
19
+
'';
20
+
deploy = ''
21
+
switch $argv[1]
22
+
case cave
23
+
sudo NIX_SSHOPTS="-o Port=30250" nixos-rebuild switch --file ${args.root_path}/default.nix --attr hosts.cave --ask-sudo-password --target-host roufpup@fennec-cave --use-substitutes
24
+
case sand-archives
25
+
NIX_SSHOPTS="-o Port=22 -o ForwardAgent=true" nixos-rebuild switch --file ${args.root_path}/default.nix --attr hosts.sand-archives --target-host roufpup@sand-archives --use-substitutes --sudo
26
+
case vulpes
27
+
NIX_SSHOPTS="-o Port=30250 -o ForwardAgent=true" nixos-rebuild switch --file ${args.root_path}/default.nix --attr hosts.vulpes --target-host roufpup@vulpes --use-substitutes --sudo
28
+
end
29
+
'';
30
+
};
31
+
aliases = {
32
+
wget = "wget --hsts-file=$XDG_DATA_HOME/wget-hsts";
33
+
basic = "~/Documents/Scripts/Utils/zellij_basic.sh";
34
+
helix = "hx";
35
+
cl = "clear";
36
+
helixcon = "helix ~/.config/helix/config.toml";
37
+
wezcon = "helix ~/.config/wezterm/wezterm.lua";
38
+
hyprcon = "helix ~/.config/hypr/hyprland.conf";
39
+
swaycon = "helix ~/.config/sway/config";
40
+
fishrc = "helix ~/.config/fish/config.fish";
41
+
ls = "eza -ihA --icons";
42
+
cat = "${pkgs.bat}/bin/bat";
43
+
bat = "${pkgs.coreutils-full}/bin/cat";
44
+
ctl = "sudo systemctl";
45
+
myip = "curl https://ipinfo.io/ip";
46
+
loginsway = "~/Documents/Scripts/Desktops/Sway.sh";
47
+
hypr = "~/Documents/Scripts/Desktops/Hyprland.sh";
48
+
fetch = "clear && fastfetch";
49
+
rem = "npins --directory ${args.root_path}/npins update && ${rebuild_command}";
50
+
rb = "${rebuild_command}";
51
+
nil = "nix-locate";
52
+
zj = "zellij";
53
+
docres = "docker compose down && docker compose up -d";
54
+
dps = "docker ps";
55
+
docu = "docker compose up -d";
56
+
docd = "docker compose down";
57
+
search = "nh search";
58
+
img = "${pkgs.chafa}/bin/chafa --format sixels";
59
+
qw-coder = "cd $HOME/Documents/Projects/LLM/models && llama-cli -m ./Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf --n-gpu-layers 20 --device ROCm0";
60
+
qw-standard = "cd $HOME/Documents/Projects/LLM/models && llama-cli -m ./Qwen3-30B-A3B-Instruct-2507-Q4_K_M.gguf --n-gpu-layers 20 --device ROCm0";
61
+
62
+
};
63
+
config = ''
64
+
set -xg fish_color_command blue
65
+
alias -- ls 'eza -ihA --icons'
66
+
'';
67
+
};
68
+
}
+148
hosts/work/hjem-rum/programs/misc.nix
+148
hosts/work/hjem-rum/programs/misc.nix
···
1
+
{ args, ... }:
2
+
{
3
+
direnv = {
4
+
enable = true;
5
+
integrations = {
6
+
fish.enable = true;
7
+
nix-direnv.enable = true;
8
+
};
9
+
settings = {
10
+
global = {
11
+
log_filter = "^$";
12
+
log_format = "-";
13
+
};
14
+
};
15
+
};
16
+
17
+
helix = {
18
+
enable = true;
19
+
};
20
+
21
+
nix-your-shell = {
22
+
enable = true;
23
+
integrations.fish.enable = true;
24
+
};
25
+
26
+
obs-studio = {
27
+
enable = true;
28
+
package = pkgs.wrapOBS {
29
+
plugins = with pkgs.obs-studio-plugins; [
30
+
obs-vkcapture
31
+
obs-pipewire-audio-capture
32
+
];
33
+
};
34
+
};
35
+
36
+
foot = {
37
+
enable = true;
38
+
settings = {
39
+
colors = {
40
+
alpha = "1.000000";
41
+
background = "191919";
42
+
bright0 = "625e4c";
43
+
bright1 = "f4005f";
44
+
bright2 = "98e024";
45
+
bright3 = "fa8419";
46
+
bright4 = "9d65ff";
47
+
bright5 = "f4005f";
48
+
bright6 = "58d1eb";
49
+
bright7 = "f6f6ef";
50
+
foreground = "c4c5b5";
51
+
regular0 = "191919";
52
+
regular1 = "f4005f";
53
+
regular2 = "98e024";
54
+
regular3 = "fa8419";
55
+
regular4 = "9d65ff";
56
+
regular5 = "f4005f";
57
+
regular6 = "58d1eb";
58
+
regular7 = "c4c5b5";
59
+
};
60
+
main = {
61
+
font = "Monocraft Nerd Font:size=14:style=Regular";
62
+
pad = "15x15";
63
+
term = "xterm-256color";
64
+
};
65
+
};
66
+
};
67
+
mpv = {
68
+
enable = true;
69
+
config = {
70
+
profile = "high-quality";
71
+
video-sync = "display-resample";
72
+
gpu-api = "vulkan";
73
+
hr-seek-framedrop = "no";
74
+
hwdec = "auto-copy";
75
+
vo = "gpu-next";
76
+
77
+
audio-channels = "auto";
78
+
79
+
sub-font = "Adwaita Sans";
80
+
sub-ass-override = "yes";
81
+
sub-bold = "yes";
82
+
sub-font-size = 64;
83
+
sub-align-x = "center";
84
+
sub-align-y = "center";
85
+
sub-justify = "left";
86
+
sub-border-size = 0.2;
87
+
sub-blur = 20;
88
+
sub-shadow-offset = 8;
89
+
};
90
+
};
91
+
92
+
git = {
93
+
enable = true;
94
+
settings = {
95
+
user = {
96
+
name = "roufpup";
97
+
email = "roufpup@killuaa.dev";
98
+
signingKey = "20B7409613D59319";
99
+
};
100
+
commit = {
101
+
gpgSign = true;
102
+
};
103
+
gpg = {
104
+
format = "openpgp";
105
+
};
106
+
tag = {
107
+
gpgSign = true;
108
+
};
109
+
filter.lfs = {
110
+
clean = "git-lfs clean -- %f";
111
+
smudge = "git-lfs smudge -- %f";
112
+
process = "git-lfs filter-process";
113
+
required = true;
114
+
};
115
+
};
116
+
};
117
+
118
+
starship = {
119
+
enable = true;
120
+
integrations.fish.enable = true;
121
+
settings = {
122
+
add_newline = true;
123
+
format = ''
124
+
[┌─\[](bold green) $directory[\]](bold green) $rust$package$git_branch$git_status$git_state
125
+
[│](bold green)
126
+
[└─](bold green)$character
127
+
'';
128
+
character = {
129
+
success_symbol = "[❯❯](bold green)";
130
+
error_symbol = "[❯❯](bold red)";
131
+
};
132
+
cmd_duration = {
133
+
min_time = 0;
134
+
show_milliseconds = true;
135
+
format = "Previous command took: [$duration]($style)";
136
+
};
137
+
fill = {
138
+
symbol = "─";
139
+
style = "bold green";
140
+
};
141
+
hostname = {
142
+
ssh_only = false;
143
+
format = "[$ssh_symbol$hostname]($style)";
144
+
style = "bold cyan";
145
+
};
146
+
};
147
+
};
148
+
}
+151
hosts/work/hjem-rum/programs/zed.nix
+151
hosts/work/hjem-rum/programs/zed.nix
···
1
+
{ args, ... }:
2
+
{
3
+
zed = {
4
+
enable = true;
5
+
settings = {
6
+
7
+
# AI stuff
8
+
agent = {
9
+
dock = "left";
10
+
button = true;
11
+
model_parameters = [ ];
12
+
};
13
+
disable_ai = true;
14
+
15
+
# Trash
16
+
calls = {
17
+
mute_on_join = true;
18
+
};
19
+
collaboration_panel = {
20
+
button = false;
21
+
};
22
+
notification_panel = {
23
+
button = false;
24
+
};
25
+
title_bar = {
26
+
show_menus = false;
27
+
show_user_picture = false;
28
+
show_sign_in = false;
29
+
show_onboarding_banner = false;
30
+
show_branch_icon = true;
31
+
};
32
+
debugger = {
33
+
button = true;
34
+
};
35
+
search = {
36
+
button = false;
37
+
};
38
+
status_bar = {
39
+
cursor_position_button = false;
40
+
active_language_button = false;
41
+
};
42
+
git = {
43
+
inline_blame = {
44
+
show_commit_summary = false;
45
+
};
46
+
};
47
+
48
+
# Git stuff
49
+
git_panel = {
50
+
dock = "right";
51
+
};
52
+
53
+
# Font
54
+
ui_font_size = 16.0;
55
+
ui_font_weight = 300.0;
56
+
ui_font_family = "Monocraft Nerd Font";
57
+
buffer_font_size = 16.0;
58
+
buffer_font_family = "Monocraft Nerd Font";
59
+
60
+
# UI
61
+
project_panel = {
62
+
hide_gitignore = true;
63
+
dock = "right";
64
+
};
65
+
tabs = {
66
+
file_icons = true;
67
+
git_status = true;
68
+
};
69
+
diagnostics = {
70
+
inline = {
71
+
enabled = true;
72
+
};
73
+
};
74
+
inlay_hints = {
75
+
enabled = true;
76
+
show_type_hints = true;
77
+
};
78
+
theme = {
79
+
mode = "system";
80
+
dark = "Puppy Soda";
81
+
light = "One Light";
82
+
};
83
+
icon_theme = {
84
+
mode = "system";
85
+
dark = "Catppuccin Mocha";
86
+
light = "Zed (Default)";
87
+
};
88
+
indent_guides = {
89
+
enabled = true;
90
+
line_width = 2;
91
+
active_line_width = 3;
92
+
coloring = "indent_aware";
93
+
};
94
+
bottom_dock_layout = "full";
95
+
auto_signature_help = true;
96
+
show_whitespaces = "none";
97
+
auto_reveal_entries = false;
98
+
99
+
# Functionality
100
+
autosave = {
101
+
after_delay = {
102
+
milliseconds = 700;
103
+
};
104
+
};
105
+
auto_update = false;
106
+
load_direnv = "direct";
107
+
restore_on_startup = "last_session";
108
+
109
+
# Others
110
+
use_system_window_tabs = false;
111
+
telemetry = {
112
+
diagnostics = false;
113
+
metrics = false;
114
+
};
115
+
116
+
# Language stuff
117
+
languages = {
118
+
Nix = {
119
+
language_servers = [
120
+
"nixd"
121
+
"!nil"
122
+
];
123
+
formatter = {
124
+
external = {
125
+
command = "${pkgs.nixfmt}/bin/nixfmt";
126
+
};
127
+
};
128
+
tab_size = 2;
129
+
};
130
+
Rust = {
131
+
formatter = "language_server";
132
+
};
133
+
};
134
+
lsp = {
135
+
rust-analyzer = {
136
+
enable_lsp_tasks = true;
137
+
initialization_options = {
138
+
check = {
139
+
command = "clippy";
140
+
};
141
+
inlayHints = {
142
+
closureReturnTypeHints = {
143
+
enable = "always";
144
+
};
145
+
};
146
+
};
147
+
};
148
+
};
149
+
};
150
+
};
151
+
}
+426
hosts/work/hjem-rum/themes/zed-theme.nix
+426
hosts/work/hjem-rum/themes/zed-theme.nix
···
1
+
# Custom added colors to the default color scheme:
2
+
#
3
+
# #292929 (Currently used for inactive tabs, active line background)
4
+
# #212121 (Currently used for the background variable)
5
+
#
6
+
# Default color scheme
7
+
#
8
+
# "purple" = "#AE81FF"
9
+
# "yellow" = "#E6DB74"
10
+
# "pink" = "#f92a72"
11
+
# "white" = "#cfcfc2"
12
+
# "gray" = "#75715e"
13
+
# "darkgray" = "#444444"
14
+
# "black" = "#222222"
15
+
# "blue" = "#66d9ef"
16
+
# "green" = "#a6e22e"
17
+
# "softorange" = "#f59762"
18
+
# "orange" = "#fd971f"
19
+
# "background" = "#191919"
20
+
21
+
{
22
+
"$schema" = "https://zed.dev/schema/themes/v0.2.0.json";
23
+
name = "Puppy Soda";
24
+
author = "roufpup";
25
+
themes = [
26
+
{
27
+
name = "Puppy Soda";
28
+
appearance = "dark";
29
+
style = {
30
+
"accents" = [
31
+
"#f92a72"
32
+
"#66d9ef"
33
+
"#AE81FF"
34
+
"f59762"
35
+
"a6e22e"
36
+
];
37
+
"border" = "#444444"; # Borders around things like terminal tabs or tabs etc.
38
+
"border.variant" = "#444444"; # Border separating elements like the tabs and the editor
39
+
"border.focused" = "#191919"; # Border around elements like radio button in settings when they are focused
40
+
"border.selected" = "#d003e2"; # Unmodified
41
+
"border.transparent" = "#191919"; # Border around elements like radio buttons in settings
42
+
"border.disabled" = "#d003e2"; # Unmodified
43
+
"elevated_surface.background" = "#191919";
44
+
"surface.background" = "#444444"; # Scrollbar for example
45
+
"background" = "#212121"; # So only use i found this for is when u have a tool tip and it acts as background of the rust type for the tooltip
46
+
"element.background" = "#444444"; # Background for elements like in settings for drop down menu
47
+
"element.hover" = "#444444"; # Backgrounf for an element that is hovered like a hovered text
48
+
"element.active" = "#444444"; # Backgrounf for an element that is active like a selected section in the settings on the side
49
+
"element.selected" = "#444444"; # Color for selected element like a file in the file browser
50
+
"element.disabled" = "#444444"; # Color for an element like a turned off radio button in settings
51
+
"drop_target.background" = "#444444"; # Only place i found this is when dragging a file in the file tree and that's the background color for where it will drop
52
+
"ghost_element.background" = "#00000000"; # Background for elements that are just not selected and are staying on the UI like all kinds of buttons, for example repo or project button or fullscreen and context menu to show all options
53
+
"ghost_element.hover" = "#444444"; # Same as above but hover
54
+
"ghost_element.active" = "#75715e"; # Same as above but if u click on the button
55
+
"ghost_element.selected" = "#444444"; # Background for selected element when opening LSP options with Ctrl + Space
56
+
"ghost_element.disabled" = "#d003e2"; # Unmodified
57
+
"text" = "#cfcfc2"; # Just color for most of the text
58
+
"text.muted" = "#cfcfc2"; # Subtitle text color
59
+
"text.placeholder" = "#75715e"; # Text for example in searchbar
60
+
"text.disabled" = "#75715e"; # Text color for when it's disabled like the forward and backward button on the tab bar
61
+
"text.accent" = "#cfcfc2"; # Text when a button is selected+clicked like in settings
62
+
"icon" = "#cfcfc2"; # Text color for icons like minimize maximize buttons
63
+
"icon.muted" = "#cfcfc2"; # Text color for icon like minimize maximize buttons when u hover over them
64
+
"icon.disabled" = "#d003e2"; # Unmodified
65
+
"icon.placeholder" = "#d003e2"; # Unmodified
66
+
"icon.accent" = "#d003e2"; # Unmodified
67
+
"status_bar.background" = "#191919"; # Background for the bottom most bar
68
+
"title_bar.background" = "#191919"; # Background for the top most bar
69
+
"title_bar.inactive_background" = "#191919"; # Background for the top most bar when inactive for example settings window when inavtive
70
+
"toolbar.background" = "#191919"; # Background for the bar right under the tabs where the path of the file and other buttons are shown
71
+
"tab_bar.background" = "#191919"; # Background for the bar where the tabs are
72
+
"tab.inactive_background" = "#292929"; # Background for when a tab is not selected
73
+
"tab.active_background" = "#191919"; # Background for when a tab is selected
74
+
"search.match_background" = "#cfcfc259"; # Background for when searching for text and the found text is selected
75
+
"panel.background" = "#191919"; # Background for the pannels like the file browser
76
+
"panel.focused_border" = "#444444"; # The border color for the pannels like the file browser
77
+
"pane.focused_border" = "#191919"; # The only place i found this color being used is in the debug menu on the borders of the central console and the top border of the right terminal
78
+
"scrollbar.thumb.background" = "#44444466"; # Background for the scrollbar thumb
79
+
"scrollbar.thumb.hover_background" = "#75715e66"; # Background for the scrollbar thumb when clicked
80
+
"scrollbar.thumb.border" = "#444444"; # Border for the scrollbar thumb
81
+
"scrollbar.track.background" = "#00000000"; # Background for the whole track where the scrollbar is
82
+
"scrollbar.track.border" = "#44444480"; # Border for the whole track where the scrollbar is
83
+
"editor.foreground" = "#cfcfc2"; # Idk what this changes but should be text for the editor
84
+
"editor.background" = "#191919"; # Background for the editor
85
+
"editor.gutter.background" = "#191919"; # Backgrounf for the left side where the number of the lines and such are displayed
86
+
"editor.subheader.background" = "#191919"; # The only place i encountered this was when globally searching it's each results foldable header
87
+
"editor.active_line.background" = "#29292980"; # The backgrounf for the currently active line
88
+
"editor.highlighted_line.background" = "#44444499"; # The backgrounf for the higlighted items in line for example when doing a batch rename and such
89
+
"editor.line_number" = "#444444"; # Color for the numbers displayed next to each line
90
+
"editor.active_line_number" = "#cfcfc2"; # Same as above but for the currently active line
91
+
"editor.hover_line_number" = "#AE81FF"; # Unmodified
92
+
"editor.invisible" = "#75715e"; # The color for the little dots or other patteern that you can display for showing the whitespaces
93
+
"editor.wrap_guide" = "#d003e2"; # Unmodified
94
+
"editor.active_wrap_guide" = "#d003e2"; # Unmodified
95
+
"editor.document_highlight.read_background" = "#44444499"; # Background color for when higlighting things like brackets when you are inside of them or when selecting text and it finds the same text somewhere else
96
+
"editor.document_highlight.write_background" = "#44444499"; # Background color for when highlighting things possibly like variables, i found it to highlight arguments in nix
97
+
"editor.document_highlight.bracket_background" = "#44444499"; # Background color for higlighting brackets
98
+
"terminal.background" = "#191919"; # Background color of the terminal
99
+
"terminal.foreground" = "#cfcfc2"; # Text color of the terminal
100
+
"terminal.bright_foreground" = "#cfcfc2"; # Idk cuz the same as above
101
+
"terminal.dim_foreground" = "#444444"; # dim terminal text
102
+
"terminal.ansi.black" = "#222222"; # terminal black
103
+
"terminal.ansi.bright_black" = "#222222"; # same as above
104
+
"terminal.ansi.dim_black" = "#222222"; # same as above
105
+
"terminal.ansi.red" = "#f92a72"; # terminal red ( pink actually )
106
+
"terminal.ansi.bright_red" = "#f92a72"; # same as above
107
+
"terminal.ansi.dim_red" = "#f92a72"; # same as above
108
+
"terminal.ansi.green" = "#a6e22e"; # terminal green
109
+
"terminal.ansi.bright_green" = "#a6e22e"; # same as above
110
+
"terminal.ansi.dim_green" = "#a6e22e"; # same as above
111
+
"terminal.ansi.yellow" = "#E6DB74"; # terminal yellow
112
+
"terminal.ansi.bright_yellow" = "#E6DB74"; # same as above
113
+
"terminal.ansi.dim_yellow" = "#E6DB74"; # same as above
114
+
"terminal.ansi.blue" = "#AE81FF"; # terminal blue
115
+
"terminal.ansi.bright_blue" = "#AE81FF"; # same as above
116
+
"terminal.ansi.dim_blue" = "#AE81FF"; # same as above
117
+
"terminal.ansi.magenta" = "#f92a72"; # terminal magenta ( pink actually )
118
+
"terminal.ansi.bright_magenta" = "#f92a72"; # same as above
119
+
"terminal.ansi.dim_magenta" = "#f92a72"; # same as above
120
+
"terminal.ansi.cyan" = "#66d9ef"; # terminal cyan ( blue actually )
121
+
"terminal.ansi.bright_cyan" = "#66d9ef"; # same as above
122
+
"terminal.ansi.dim_cyan" = "#66d9ef"; # same as above
123
+
"terminal.ansi.white" = "#cfcfc2"; # terminal white
124
+
"terminal.ansi.bright_white" = "#cfcfc2"; # same as above
125
+
"terminal.ansi.dim_white" = "#cfcfc2"; # same as above
126
+
"link_text.hover" = "#f59762"; # Color for when holding down ctrl and hovering over text that can be a link
127
+
"conflict" = "#d003e2"; # Unmodified
128
+
"conflict.background" = "#d003e2"; # Unmodified
129
+
"conflict.border" = "#d003e2"; # Unmodified
130
+
"created" = "#a6e22e"; # Color for created files in git
131
+
"created.background" = "#d003e2"; # Unmodified
132
+
"created.border" = "#d003e2"; # Unmodified
133
+
"deleted" = "#f92a72"; # Color for deleted files in git
134
+
"deleted.background" = "#d003e2"; # Unmodified
135
+
"deleted.border" = "#d003e2"; # Unmodified
136
+
"error" = "#f92a72"; # Color for an error under text
137
+
"error.background" = "#191919"; # Background color for popup of error
138
+
"error.border" = "#f92a72"; # Border color for popup of error
139
+
"hidden" = "#cfcfc2"; # Unmodified
140
+
"hidden.background" = "#d003e2"; # Unmodified
141
+
"hidden.border" = "#d003e2"; # Unmodified
142
+
"hint" = "#AE81FF"; # Color for help KEEP THIS FOR NOW??? IT IS ALSO THE COLOR FOR THE BREAKPOINT FOR DEBUGGING, AND INLINE GIT MESSAGE??
143
+
"hint.background" = "#191919"; # Background color for help popup
144
+
"hint.border" = "#AE81FF"; # Border color for help popup
145
+
"ignored" = "#d003e2"; # Unmodified
146
+
"ignored.background" = "#d003e2"; # Unmodified
147
+
"ignored.border" = "#d003e2"; # Unmodified
148
+
"info" = "#cfcfc2"; # Color for information
149
+
"info.background" = "#191919"; # Background color for information popup
150
+
"info.border" = "#cfcfc2"; # Border color for information popup
151
+
"modified" = "#E6DB74"; # Color for modified file in git
152
+
"modified.background" = "#d003e2"; # Unmodified
153
+
"modified.border" = "#d003e2"; # Unmodified
154
+
"predictive" = "#d003e2"; # Unmodified
155
+
"predictive.background" = "#d003e2"; # Unmodified
156
+
"predictive.border" = "#d003e2"; # Unmodified
157
+
"renamed" = "#d003e2"; # Unmodified
158
+
"renamed.background" = "#d003e2"; # Unmodified
159
+
"renamed.border" = "#d003e2"; # Unmodified
160
+
"success" = "#a6e22e"; # The only place i found this was on the LSP menu for whether an LSP is succesfully running as well as diagnostic tab if there are no problems it would use this color for the icon
161
+
"success.background" = "#d003e2"; # Unmodified
162
+
"success.border" = "#d003e2"; # Unmodified
163
+
"unreachable" = "#d003e2"; # Unmodified
164
+
"unreachable.background" = "#d003e2"; # Unmodified
165
+
"unreachable.border" = "#d003e2"; # Unmodified
166
+
"warning" = "#E6DB74";
167
+
"warning.background" = "#191919";
168
+
"warning.border" = "#E6DB74";
169
+
"players" = [
170
+
{
171
+
cursor = "#cfcfc2";
172
+
background = "#d003e2"; # Unmodified
173
+
selection = "#cfcfc23d";
174
+
}
175
+
{
176
+
cursor = "#d003e2"; # Unmodified
177
+
background = "#d003e2"; # Unmodified
178
+
selection = "#d003e2"; # Unmodified
179
+
}
180
+
{
181
+
cursor = "#d003e2"; # Unmodified
182
+
background = "#d003e2"; # Unmodified
183
+
selection = "#d003e2"; # Unmodified
184
+
}
185
+
{
186
+
cursor = "#d003e2"; # Unmodified
187
+
background = "#d003e2"; # Unmodified
188
+
selection = "#d003e2"; # Unmodified
189
+
}
190
+
{
191
+
cursor = "#d003e2"; # Unmodified
192
+
background = "#d003e2"; # Unmodified
193
+
selection = "#d003e2"; # Unmodified
194
+
}
195
+
{
196
+
cursor = "#d003e2"; # Unmodified
197
+
background = "#d003e2"; # Unmodified
198
+
selection = "#d003e2"; # Unmodified
199
+
}
200
+
{
201
+
cursor = "#d003e2"; # Unmodified
202
+
background = "#d003e2"; # Unmodified
203
+
selection = "#d003e2"; # Unmodified
204
+
}
205
+
{
206
+
cursor = "#d003e2"; # Unmodified
207
+
background = "#d003e2"; # Unmodified
208
+
selection = "#d003e2"; # Unmodified
209
+
}
210
+
];
211
+
"syntax" = {
212
+
attribute = {
213
+
color = "#AE81FF";
214
+
font_style = null;
215
+
font_weight = null;
216
+
};
217
+
"boolean" = {
218
+
color = "#f92a72";
219
+
font_style = null;
220
+
font_weight = null;
221
+
};
222
+
"comment" = {
223
+
color = "#75715e";
224
+
font_style = null;
225
+
font_weight = null;
226
+
};
227
+
"comment.doc" = {
228
+
color = "#75715e";
229
+
font_style = null;
230
+
font_weight = null;
231
+
};
232
+
"constant" = {
233
+
color = "#cfcfc2";
234
+
font_style = null;
235
+
font_weight = null;
236
+
};
237
+
"constructor" = {
238
+
color = "#AE81FF";
239
+
font_style = null;
240
+
font_weight = null;
241
+
};
242
+
"embedded" = {
243
+
color = "#d003e2"; # Unmodified
244
+
font_style = null;
245
+
font_weight = null;
246
+
};
247
+
"emphasis" = {
248
+
color = "#fd971f"; # Unmodified
249
+
font_style = null;
250
+
font_weight = null;
251
+
};
252
+
"emphasis.strong" = {
253
+
color = "#d003e2"; # Unmodified
254
+
font_style = null;
255
+
font_weight = 700;
256
+
};
257
+
"enum" = {
258
+
color = "#AE81FF";
259
+
font_style = null;
260
+
font_weight = null;
261
+
};
262
+
"function" = {
263
+
color = "#a6e22e";
264
+
font_style = null;
265
+
font_weight = null;
266
+
};
267
+
"hint" = {
268
+
color = "#cfcfc2";
269
+
font_style = null;
270
+
font_weight = null;
271
+
};
272
+
"keyword" = {
273
+
color = "#f92a72";
274
+
font_style = null;
275
+
font_weight = null;
276
+
};
277
+
"label" = {
278
+
color = "#E6DB74";
279
+
font_style = null;
280
+
font_weight = null;
281
+
};
282
+
"link_text" = {
283
+
color = "#E6DB74";
284
+
font_style = "italic";
285
+
font_weight = null;
286
+
};
287
+
"link_uri" = {
288
+
color = "#fd971f";
289
+
font_style = null;
290
+
font_weight = null;
291
+
};
292
+
"namespace" = {
293
+
color = "#f92a72";
294
+
font_style = null;
295
+
font_weight = null;
296
+
};
297
+
"number" = {
298
+
color = "#cfcfc2";
299
+
font_style = null;
300
+
font_weight = null;
301
+
};
302
+
"operator" = {
303
+
color = "#f92a72";
304
+
font_style = null;
305
+
font_weight = null;
306
+
};
307
+
"predictive" = {
308
+
color = "#d003e2"; # Unmodified
309
+
font_style = "italic";
310
+
font_weight = null;
311
+
};
312
+
"preproc" = {
313
+
color = "#d003e2"; # Unmodified
314
+
font_style = null;
315
+
font_weight = null;
316
+
};
317
+
"primary" = {
318
+
color = "#d003e2"; # Unmodified
319
+
font_style = null;
320
+
font_weight = null;
321
+
};
322
+
"property" = {
323
+
color = "#cfcfc2";
324
+
font_style = null;
325
+
font_weight = null;
326
+
};
327
+
"punctuation" = {
328
+
color = "#75715e";
329
+
font_style = null;
330
+
font_weight = null;
331
+
};
332
+
"punctuation.bracket" = {
333
+
color = "#75715e";
334
+
font_style = null;
335
+
font_weight = null;
336
+
};
337
+
"punctuation.delimiter" = {
338
+
color = "#cfcfc2";
339
+
font_style = null;
340
+
font_weight = null;
341
+
};
342
+
"punctuation.list_marker" = {
343
+
color = "#d003e2"; # Unmodified
344
+
font_style = null;
345
+
font_weight = null;
346
+
};
347
+
"punctuation.markup" = {
348
+
color = "#fd971f"; # The color of a lot of markdown symbols like - and `
349
+
font_style = null;
350
+
font_weight = null;
351
+
};
352
+
"punctuation.special" = {
353
+
color = "#75715e"; # Unmodified
354
+
font_style = null;
355
+
font_weight = null;
356
+
};
357
+
"selector" = {
358
+
color = "#d003e2"; # Unmodified
359
+
font_style = null;
360
+
font_weight = null;
361
+
};
362
+
"selector.pseudo" = {
363
+
color = "#d003e2"; # Unmodified
364
+
font_style = null;
365
+
font_weight = null;
366
+
};
367
+
"string" = {
368
+
color = "#E6DB74";
369
+
font_style = null;
370
+
font_weight = null;
371
+
};
372
+
"string.escape" = {
373
+
color = "#AE81FF";
374
+
font_style = null;
375
+
font_weight = null;
376
+
};
377
+
"string.regex" = {
378
+
color = "#d003e2"; # Unmodified
379
+
font_style = null;
380
+
font_weight = null;
381
+
};
382
+
"string.special" = {
383
+
color = "#f59762"; # Color of special strings like paths
384
+
font_style = null;
385
+
font_weight = null;
386
+
};
387
+
"string.special.symbol" = {
388
+
color = "#d003e2"; # Unmodified
389
+
font_style = null;
390
+
font_weight = null;
391
+
};
392
+
"tag" = {
393
+
color = "#d003e2"; # Unmodified
394
+
font_style = null;
395
+
font_weight = null;
396
+
};
397
+
"text.literal" = {
398
+
color = "#fd971f"; # The place i found this gets affect is for example when you put `<example>` in a mark down file
399
+
font_style = null;
400
+
font_weight = null;
401
+
};
402
+
"title" = {
403
+
color = "#fd971f"; # The color of text when we have for example header titles in markdown
404
+
font_style = null;
405
+
font_weight = 700;
406
+
};
407
+
"type" = {
408
+
color = "#AE81FF";
409
+
font_style = null;
410
+
font_weight = null;
411
+
};
412
+
"variable" = {
413
+
color = "#bfbdb6ff";
414
+
font_style = null;
415
+
font_weight = null;
416
+
};
417
+
"variant" = {
418
+
color = "#cfcfc2";
419
+
font_style = null;
420
+
font_weight = null;
421
+
};
422
+
};
423
+
};
424
+
}
425
+
];
426
+
}
+72
hosts/work/hjem-rum/xdg.nix
+72
hosts/work/hjem-rum/xdg.nix
···
1
+
{ args, ... }:
2
+
{
3
+
data = {
4
+
files = {
5
+
"applications/element-desktop.desktop" = {
6
+
text = ''
7
+
[Desktop Entry]
8
+
Categories=Network;InstantMessaging;Chat
9
+
Comment=Feature-rich client for Matrix.org
10
+
Exec=element-desktop --password-store=gnome-libsecret %u
11
+
GenericName=Matrix Client
12
+
Icon=element
13
+
MimeType=x-scheme-handler/element;x-scheme-handler/io.element.desktop
14
+
Name=Element
15
+
StartupWMClass=Element
16
+
Type=Application
17
+
Version=1.4
18
+
'';
19
+
};
20
+
"applications/steam.desktop" = {
21
+
enable = false;
22
+
text = ''
23
+
[Desktop Entry]
24
+
Comment=Steam Big Picture
25
+
Exec=gamescope -e -w 2560 -h 1600 -W 2560 -H 1600 -f -- steam -tenfoot
26
+
GenericName=Steam Big Picture
27
+
Icon=steam
28
+
MimeType=x-scheme-handler/steam;x-scheme-handler/steamlink;
29
+
Name=Steam Big Picture
30
+
StartupWMClass=Steam Big Picture
31
+
Type=Application
32
+
Version=1.4
33
+
'';
34
+
};
35
+
"applications/tutanota-desktop.desktop" = {
36
+
text = ''
37
+
[Desktop Entry]
38
+
Name=Tuta Mail
39
+
Exec=tutanota-desktop --no-sandbox --enable-features=UseOzonePlatform --ozone-platform=wayland --enable-wayland-ime %U
40
+
Terminal=false
41
+
Type=Application
42
+
Icon=tutanota-desktop
43
+
StartupWMClass=Tuta Mail
44
+
X-AppImage-Version=314.251030.0.1103
45
+
Comment=The desktop client for Tutanota, the secure e-mail service.
46
+
MimeType=x-scheme-handler/mailto;
47
+
Categories=Network;
48
+
'';
49
+
};
50
+
"icons/default/index.theme" = {
51
+
text = ''
52
+
[Icon Theme]
53
+
Name=Default
54
+
Comment=Default Cursor Theme
55
+
Inherits=Bibata-Modern-Ice
56
+
'';
57
+
};
58
+
"icons/Bibata-Modern-Ice" = {
59
+
source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Ice";
60
+
};
61
+
};
62
+
};
63
+
config = {
64
+
files = {
65
+
"zed/themes/Puppy Soda.json" = {
66
+
value = import ./themes/zed-theme.nix;
67
+
generator = pkgs.lib.generators.toJSON { };
68
+
};
69
+
};
70
+
};
71
+
72
+
}
+11
iso.nix
+11
iso.nix
···
1
+
{ pkgs, ... }:
2
+
{
3
+
imports = [
4
+
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
5
+
<nixpkgs/nixos/modules/installer/cd-dvd/channel.nix>
6
+
];
7
+
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
8
+
users.users.root.openssh.authorizedKeys.keys = [
9
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkUMYuTCjDCIldnrQlA8M5gPkEUZ/oXxD5+B7nNeoM3 openpgp:0x13D59319"
10
+
];
11
+
}
+141
lib/default.nix
+141
lib/default.nix
···
1
+
{
2
+
lib,
3
+
sources,
4
+
pkgs,
5
+
...
6
+
}:
7
+
let
8
+
nixosSystem = import "${toString sources.nixpkgs.outPath}/nixos/lib/eval-config.nix";
9
+
get_mods = {
10
+
priv_mod = import ../modules/priv { };
11
+
pub_mod = {
12
+
containers = ../modules/pub/containers.nix;
13
+
arr = ../modules/pub/arr.nix;
14
+
};
15
+
hosts_modules = {
16
+
work = {
17
+
hjem-rum = ../hosts/work/hjem-rum;
18
+
};
19
+
};
20
+
};
21
+
in
22
+
{
23
+
inherit get_mods;
24
+
merge_modules = (
25
+
path: args:
26
+
let
27
+
files = builtins.readDir path;
28
+
nix_files = lib.attrNames (
29
+
lib.filterAttrs (name: value: (lib.hasSuffix ".nix" name && value == "regular")) files
30
+
);
31
+
result = builtins.map (file_name: (import "${path}/${file_name}" args)) nix_files;
32
+
in
33
+
lib.mkMerge result
34
+
);
35
+
36
+
module_imports = (
37
+
path:
38
+
let
39
+
files = builtins.readDir path;
40
+
nix_files = lib.attrNames (
41
+
lib.filterAttrs (name: value: (lib.hasSuffix ".nix" name && value == "regular")) files
42
+
);
43
+
result = builtins.map (file_name: "${path}/${file_name}") nix_files;
44
+
in
45
+
result
46
+
);
47
+
48
+
gen_pins = (
49
+
src: excl:
50
+
(lib.mapAttrs (
51
+
name: value:
52
+
if builtins.elem name excl then
53
+
(import value)
54
+
else
55
+
(import src.flake-compat {
56
+
src = builtins.path {
57
+
inherit name;
58
+
path = value;
59
+
};
60
+
}).outputs
61
+
) src)
62
+
);
63
+
64
+
gen_host = (
65
+
modules: arguments:
66
+
(lib.fix (
67
+
self:
68
+
nixosSystem {
69
+
inherit modules;
70
+
specialArgs =
71
+
let
72
+
args = arguments // {
73
+
mod_self = self;
74
+
mods = get_mods;
75
+
};
76
+
in
77
+
{
78
+
inherit args;
79
+
};
80
+
}
81
+
))
82
+
);
83
+
84
+
get_overlays = (
85
+
args: {
86
+
default = import ../overlays/default/overlay.nix { inherit (args) pins; };
87
+
vllm = import ../overlays/vllm/overlay.nix { inherit (args) pkgs; };
88
+
huggingface-hub = import ../overlays/huggingface-hub/overlay.nix { };
89
+
krita = import ../overlays/krita/overlay.nix { };
90
+
cosmic-ext-extra-sessions = import ./overlays/cosmic-ext-extra-sessions/overlay.nix { };
91
+
}
92
+
);
93
+
94
+
get_netbird_dashboard = (
95
+
netbird_dashboard_settings:
96
+
let
97
+
toStringEnv = value: if lib.isBool value then lib.boolToString value else builtins.toString value;
98
+
in
99
+
pkgs.runCommand "netbird-dashboard"
100
+
{
101
+
nativeBuildInputs = [ pkgs.gettext ];
102
+
env = {
103
+
ENV_STR = lib.concatStringsSep " " [
104
+
"$AUTH_AUDIENCE"
105
+
"$AUTH_AUTHORITY"
106
+
"$AUTH_CLIENT_ID"
107
+
"$AUTH_CLIENT_SECRET"
108
+
"$AUTH_REDIRECT_URI"
109
+
"$AUTH_SILENT_REDIRECT_URI"
110
+
"$AUTH_SUPPORTED_SCOPES"
111
+
"$NETBIRD_DRAG_QUERY_PARAMS"
112
+
"$NETBIRD_GOOGLE_ANALYTICS_ID"
113
+
"$NETBIRD_GOOGLE_TAG_MANAGER_ID"
114
+
"$NETBIRD_HOTJAR_TRACK_ID"
115
+
"$NETBIRD_MGMT_API_ENDPOINT"
116
+
"$NETBIRD_MGMT_GRPC_API_ENDPOINT"
117
+
"$NETBIRD_TOKEN_SOURCE"
118
+
"$NETBIRD_WASM_PATH"
119
+
"$USE_AUTH0"
120
+
];
121
+
}
122
+
// (lib.mapAttrs (_: toStringEnv) netbird_dashboard_settings);
123
+
}
124
+
''
125
+
cp -R ${pkgs.netbird-dashboard} build
126
+
127
+
find build -type d -exec chmod 755 {} \;
128
+
OIDC_TRUSTED_DOMAINS="build/OidcTrustedDomains.js"
129
+
130
+
envsubst "$ENV_STR" < "$OIDC_TRUSTED_DOMAINS.tmpl" > "$OIDC_TRUSTED_DOMAINS"
131
+
132
+
for f in $(grep -R -l AUTH_SUPPORTED_SCOPES build/); do
133
+
mv "$f" "$f.copy"
134
+
envsubst "$ENV_STR" < "$f.copy" > "$f"
135
+
rm "$f.copy"
136
+
done
137
+
138
+
cp -R build $out
139
+
''
140
+
);
141
+
}
+124
modules/pub/arr.nix
+124
modules/pub/arr.nix
···
1
+
{
2
+
pkgs,
3
+
config,
4
+
lib,
5
+
...
6
+
}:
7
+
let
8
+
9
+
arr = config.services.arr-stack;
10
+
arrs = arr.arrs;
11
+
arr-type = lib.types.submodule (
12
+
{ config, ... }:
13
+
{
14
+
options = {
15
+
enable = lib.mkEnableOption "Enable ${config.service-type}";
16
+
package = lib.mkPackageOption pkgs "${config.service-type}" { };
17
+
port = lib.mkOption {
18
+
type = lib.types.int;
19
+
};
20
+
service-type = lib.mkOption {
21
+
type = lib.types.enum [
22
+
"sonarr"
23
+
"radarr"
24
+
"prowlarr"
25
+
];
26
+
};
27
+
};
28
+
}
29
+
);
30
+
in
31
+
{
32
+
options = {
33
+
services.arr-stack = {
34
+
enable = lib.mkEnableOption "Arr Stack";
35
+
data-dir = lib.mkOption {
36
+
type = lib.types.str;
37
+
default = "/var/lib/arr-stack";
38
+
};
39
+
firewallCommands = lib.mkOption {
40
+
type = lib.types.nullOr (lib.types.separatedString "\n");
41
+
default = null;
42
+
};
43
+
arrs = lib.mkOption {
44
+
type = lib.types.nullOr (lib.types.attrsOf arr-type);
45
+
default = null;
46
+
};
47
+
group = {
48
+
name = lib.mkOption {
49
+
type = lib.types.str;
50
+
default = "arr";
51
+
};
52
+
gid = lib.mkOption {
53
+
type = lib.types.int;
54
+
default = 700;
55
+
};
56
+
};
57
+
};
58
+
};
59
+
60
+
config = lib.mkIf arr.enable {
61
+
users = {
62
+
users = {
63
+
# Main arr stack user
64
+
arr = {
65
+
isSystemUser = true;
66
+
uid = 7000;
67
+
group = arr.group.name;
68
+
home = arr.data-dir;
69
+
};
70
+
};
71
+
72
+
# Main arr stack group
73
+
groups = {
74
+
"${arr.group.name}" = {
75
+
name = arr.group.name;
76
+
gid = arr.group.gid;
77
+
members = [ "arr" ];
78
+
};
79
+
};
80
+
};
81
+
82
+
# Main arr stack directory
83
+
systemd = {
84
+
tmpfiles.rules = [
85
+
"d ${arr.data-dir} 0760 arr ${arr.group.name} - -"
86
+
]
87
+
# Directories for each arr service
88
+
++ (lib.mapAttrsToList (
89
+
arr-name: value: "d /var/lib/${arr-name} 0760 arr ${arr.group.name} - -"
90
+
) arrs);
91
+
92
+
services =
93
+
(lib.mapAttrs (arr-name: value: {
94
+
enable = true;
95
+
description = "An instance of ${arrs."${arr-name}".service-type} called ${arr-name}";
96
+
after = [ "network.target" ];
97
+
wantedBy = [ "multi-user.target" ];
98
+
script = ''
99
+
${lib.getExe arrs."${arr-name}".package} -nobrowser -data=/var/lib/${arr-name}
100
+
'';
101
+
serviceConfig = {
102
+
Type = "simple";
103
+
User = "arr";
104
+
Group = "${arr.group.name}";
105
+
Restart = "always";
106
+
};
107
+
environment = {
108
+
"${lib.toUpper arrs."${arr-name}".service-type}__SERVER__PORT" = "${builtins.toString
109
+
arrs."${arr-name}".port
110
+
}";
111
+
};
112
+
}) arrs)
113
+
// {
114
+
115
+
};
116
+
};
117
+
118
+
services.jellyfin = lib.mkIf config.services.jellyfin.enable {
119
+
user = arr.group.name;
120
+
group = arr.group.name;
121
+
};
122
+
123
+
};
124
+
}
+136
modules/pub/containers.nix
+136
modules/pub/containers.nix
···
1
+
{
2
+
args,
3
+
...
4
+
}:
5
+
let
6
+
lib = pkgs.lib;
7
+
config = args.mod_self.config;
8
+
#
9
+
# Big corners that were cut is skipping on setting up veth names attribute and also host values are not globally available
10
+
#
11
+
containers = config.puppy.containers;
12
+
container_type = lib.types.submodule (
13
+
{ name, ... }:
14
+
{
15
+
options = {
16
+
enable = lib.mkEnableOption "Enable";
17
+
ephemeral = lib.mkOption {
18
+
type = lib.types.bool;
19
+
default = false;
20
+
};
21
+
container_name = lib.mkOption {
22
+
type = lib.types.str;
23
+
default = name;
24
+
};
25
+
bindMounts = lib.mkOption {
26
+
type = lib.types.attrs;
27
+
default = { };
28
+
};
29
+
forwardPorts = lib.mkOption {
30
+
type = lib.types.listOf lib.types.attrs;
31
+
default = [ ];
32
+
};
33
+
extraFlags = lib.mkOption {
34
+
type = lib.types.listOf lib.types.str;
35
+
default = [ ];
36
+
};
37
+
config = lib.mkOption {
38
+
type = lib.types.anything;
39
+
description = ''
40
+
Configuration from here will go directly into containers.<name>.config
41
+
'';
42
+
};
43
+
defaultOptions = lib.mkEnableOption "Enable default options";
44
+
};
45
+
}
46
+
);
47
+
host_name = "main-host";
48
+
host_ip = "10.0.0.0";
49
+
state_version = "25.05";
50
+
in
51
+
{
52
+
53
+
options = {
54
+
puppy.containers = lib.mkOption {
55
+
type = lib.types.nullOr (lib.types.attrsOf container_type);
56
+
};
57
+
puppy.final_containers = lib.mkOption {
58
+
type = lib.types.nullOr lib.types.anything;
59
+
};
60
+
};
61
+
62
+
config =
63
+
let
64
+
containers_list = (builtins.attrValues containers);
65
+
66
+
attr_size = (attrs: builtins.length (builtins.attrNames attrs));
67
+
68
+
# [Output: List] Merges two lists of attrs (BOTH SHOULD HAVE AN EQUAL AMOUNT OF ELEMS)
69
+
merge_attrs-lists = (
70
+
attrs_list1: attrs_list2:
71
+
(builtins.genList (i: (builtins.elemAt attrs_list1 i) // (builtins.elemAt attrs_list2 i)) (
72
+
builtins.length attrs_list1
73
+
))
74
+
);
75
+
76
+
# [Output: Attrs] Converts a list of values into an attrset where the value is put under the specified field
77
+
list_to_attrs_by_field = (
78
+
field_name: list:
79
+
(builtins.listToAttrs (
80
+
map (list_item: {
81
+
name = list_item.${field_name};
82
+
value = list_item;
83
+
}) list
84
+
))
85
+
);
86
+
87
+
ips = builtins.genList (i: { ip = "10.0.0.${builtins.toString (i + 1)}"; }) (attr_size containers);
88
+
final_containers = (
89
+
list_to_attrs_by_field "container_name" (merge_attrs-lists ips containers_list)
90
+
);
91
+
in
92
+
{
93
+
puppy.final_containers = final_containers;
94
+
containers = (
95
+
builtins.mapAttrs (name: value: {
96
+
autoStart = true;
97
+
extraVeths = {
98
+
"${name}-ve" = {
99
+
hostAddress = "${host_ip}";
100
+
localAddress = "${value.ip}";
101
+
};
102
+
};
103
+
privateNetwork = true;
104
+
forwardPorts = value.forwardPorts;
105
+
bindMounts = value.bindMounts;
106
+
extraFlags = value.extraFlags;
107
+
ephemeral = value.ephemeral;
108
+
config = lib.mkMerge [
109
+
(
110
+
{ ... }:
111
+
{
112
+
nixpkgs.pkgs = pkgs;
113
+
networking = {
114
+
hosts = {
115
+
"${host_ip}" = [ "${host_name}" ];
116
+
};
117
+
firewall = {
118
+
enable = true;
119
+
};
120
+
defaultGateway = lib.mkDefault "${host_ip}";
121
+
useHostResolvConf = lib.mkForce false;
122
+
};
123
+
services = {
124
+
resolved = {
125
+
enable = true;
126
+
};
127
+
};
128
+
system.stateVersion = "${state_version}";
129
+
}
130
+
)
131
+
value.config
132
+
];
133
+
}) final_containers
134
+
);
135
+
};
136
+
}
+249
npins/default.nix
+249
npins/default.nix
···
1
+
/*
2
+
This file is provided under the MIT licence:
3
+
4
+
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the “Software”), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
5
+
6
+
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
7
+
8
+
THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
9
+
*/
10
+
# Generated by npins. Do not modify; will be overwritten regularly
11
+
let
12
+
# Backwards-compatibly make something that previously didn't take any arguments take some
13
+
# The function must return an attrset, and will unfortunately be eagerly evaluated
14
+
# Same thing, but it catches eval errors on the default argument so that one may still call it with other arguments
15
+
mkFunctor =
16
+
fn:
17
+
let
18
+
e = builtins.tryEval (fn { });
19
+
in
20
+
(if e.success then e.value else { error = fn { }; }) // { __functor = _self: fn; };
21
+
22
+
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295
23
+
range =
24
+
first: last: if first > last then [ ] else builtins.genList (n: first + n) (last - first + 1);
25
+
26
+
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257
27
+
stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1));
28
+
29
+
# https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269
30
+
stringAsChars = f: s: concatStrings (map f (stringToCharacters s));
31
+
concatStrings = builtins.concatStringsSep "";
32
+
33
+
# If the environment variable NPINS_OVERRIDE_${name} is set, then use
34
+
# the path directly as opposed to the fetched source.
35
+
# (Taken from Niv for compatibility)
36
+
mayOverride =
37
+
name: path:
38
+
let
39
+
envVarName = "NPINS_OVERRIDE_${saneName}";
40
+
saneName = stringAsChars (c: if (builtins.match "[a-zA-Z0-9]" c) == null then "_" else c) name;
41
+
ersatz = builtins.getEnv envVarName;
42
+
in
43
+
if ersatz == "" then
44
+
path
45
+
else
46
+
# this turns the string into an actual Nix path (for both absolute and
47
+
# relative paths)
48
+
builtins.trace "Overriding path of \"${name}\" with \"${ersatz}\" due to set \"${envVarName}\"" (
49
+
if builtins.substring 0 1 ersatz == "/" then
50
+
/. + ersatz
51
+
else
52
+
/. + builtins.getEnv "PWD" + "/${ersatz}"
53
+
);
54
+
55
+
mkSource =
56
+
name: spec:
57
+
{
58
+
pkgs ? null,
59
+
}:
60
+
assert spec ? type;
61
+
let
62
+
# Unify across builtin and pkgs fetchers.
63
+
# `fetchGit` requires a wrapper because of slight API differences.
64
+
fetchers =
65
+
if pkgs == null then
66
+
{
67
+
inherit (builtins) fetchTarball fetchurl;
68
+
# For some fucking reason, fetchGit has a different signature than the other builtin fetchers …
69
+
fetchGit = args: (builtins.fetchGit args).outPath;
70
+
}
71
+
else
72
+
{
73
+
fetchTarball =
74
+
{
75
+
url,
76
+
sha256,
77
+
}:
78
+
pkgs.fetchzip {
79
+
inherit url sha256;
80
+
extension = "tar";
81
+
};
82
+
inherit (pkgs) fetchurl;
83
+
fetchGit =
84
+
{
85
+
url,
86
+
submodules,
87
+
rev,
88
+
name,
89
+
narHash,
90
+
}:
91
+
pkgs.fetchgit {
92
+
inherit url rev name;
93
+
fetchSubmodules = submodules;
94
+
hash = narHash;
95
+
};
96
+
};
97
+
98
+
# Dispatch to the correct code path based on the type
99
+
path =
100
+
if spec.type == "Git" then
101
+
mkGitSource fetchers spec
102
+
else if spec.type == "GitRelease" then
103
+
mkGitSource fetchers spec
104
+
else if spec.type == "PyPi" then
105
+
mkPyPiSource fetchers spec
106
+
else if spec.type == "Channel" then
107
+
mkChannelSource fetchers spec
108
+
else if spec.type == "Tarball" then
109
+
mkTarballSource fetchers spec
110
+
else if spec.type == "Container" then
111
+
mkContainerSource pkgs spec
112
+
else
113
+
builtins.throw "Unknown source type ${spec.type}";
114
+
in
115
+
spec // { outPath = mayOverride name path; };
116
+
117
+
mkGitSource =
118
+
{
119
+
fetchTarball,
120
+
fetchGit,
121
+
...
122
+
}:
123
+
{
124
+
repository,
125
+
revision,
126
+
url ? null,
127
+
submodules,
128
+
hash,
129
+
...
130
+
}:
131
+
assert repository ? type;
132
+
# At the moment, either it is a plain git repository (which has an url), or it is a GitHub/GitLab repository
133
+
# In the latter case, there we will always be an url to the tarball
134
+
if url != null && !submodules then
135
+
fetchTarball {
136
+
inherit url;
137
+
sha256 = hash;
138
+
}
139
+
else
140
+
let
141
+
url =
142
+
if repository.type == "Git" then
143
+
repository.url
144
+
else if repository.type == "GitHub" then
145
+
"https://github.com/${repository.owner}/${repository.repo}.git"
146
+
else if repository.type == "GitLab" then
147
+
"${repository.server}/${repository.repo_path}.git"
148
+
else if repository.type == "Forgejo" then
149
+
"${repository.server}/${repository.owner}/${repository.repo}.git"
150
+
else
151
+
throw "Unrecognized repository type ${repository.type}";
152
+
urlToName =
153
+
url: rev:
154
+
let
155
+
matched = builtins.match "^.*/([^/]*)(\\.git)?$" url;
156
+
157
+
short = builtins.substring 0 7 rev;
158
+
159
+
appendShort = if (builtins.match "[a-f0-9]*" rev) != null then "-${short}" else "";
160
+
in
161
+
"${if matched == null then "source" else builtins.head matched}${appendShort}";
162
+
name = urlToName url revision;
163
+
in
164
+
fetchGit {
165
+
rev = revision;
166
+
narHash = hash;
167
+
168
+
inherit name submodules url;
169
+
};
170
+
171
+
mkPyPiSource =
172
+
{ fetchurl, ... }:
173
+
{
174
+
url,
175
+
hash,
176
+
...
177
+
}:
178
+
fetchurl {
179
+
inherit url;
180
+
sha256 = hash;
181
+
};
182
+
183
+
mkChannelSource =
184
+
{ fetchTarball, ... }:
185
+
{
186
+
url,
187
+
hash,
188
+
...
189
+
}:
190
+
fetchTarball {
191
+
inherit url;
192
+
sha256 = hash;
193
+
};
194
+
195
+
mkTarballSource =
196
+
{ fetchTarball, ... }:
197
+
{
198
+
url,
199
+
locked_url ? url,
200
+
hash,
201
+
...
202
+
}:
203
+
fetchTarball {
204
+
url = locked_url;
205
+
sha256 = hash;
206
+
};
207
+
208
+
mkContainerSource =
209
+
pkgs:
210
+
{
211
+
image_name,
212
+
image_tag,
213
+
image_digest,
214
+
...
215
+
}:
216
+
if pkgs == null then
217
+
builtins.throw "container sources require passing in a Nixpkgs value: https://github.com/andir/npins/blob/master/README.md#using-the-nixpkgs-fetchers"
218
+
else
219
+
pkgs.dockerTools.pullImage {
220
+
imageName = image_name;
221
+
imageDigest = image_digest;
222
+
finalImageTag = image_tag;
223
+
};
224
+
in
225
+
mkFunctor (
226
+
{
227
+
input ? ./sources.json,
228
+
}:
229
+
let
230
+
data =
231
+
if builtins.isPath input then
232
+
# while `readFile` will throw an error anyways if the path doesn't exist,
233
+
# we still need to check beforehand because *our* error can be caught but not the one from the builtin
234
+
# *piegames sighs*
235
+
if builtins.pathExists input then
236
+
builtins.fromJSON (builtins.readFile input)
237
+
else
238
+
throw "Input path ${toString input} does not exist"
239
+
else if builtins.isAttrs input then
240
+
input
241
+
else
242
+
throw "Unsupported input type ${builtins.typeOf input}, must be a path or an attrset";
243
+
version = data.version;
244
+
in
245
+
if version == 7 then
246
+
builtins.mapAttrs (name: spec: mkFunctor (mkSource name spec)) data.pins
247
+
else
248
+
throw "Unsupported format version ${toString version} in sources.json. Try running `npins upgrade`"
249
+
)
+187
npins/sources.json
+187
npins/sources.json
···
1
+
{
2
+
"pins": {
3
+
"affinity-nix": {
4
+
"type": "Git",
5
+
"repository": {
6
+
"type": "GitHub",
7
+
"owner": "mrshmllow",
8
+
"repo": "affinity-nix"
9
+
},
10
+
"branch": "main",
11
+
"submodules": false,
12
+
"revision": "8c939e11edda228a529ed78701c327df4d38a4c4",
13
+
"url": "https://github.com/mrshmllow/affinity-nix/archive/8c939e11edda228a529ed78701c327df4d38a4c4.tar.gz",
14
+
"hash": "sha256-GSwYx+yFEZWUtRrUUyQjikvAErXZM/yLWtJYOWYlfKA="
15
+
},
16
+
"flake-compat": {
17
+
"type": "Git",
18
+
"repository": {
19
+
"type": "Forgejo",
20
+
"server": "https://git.lix.systems/",
21
+
"owner": "lix-project",
22
+
"repo": "flake-compat"
23
+
},
24
+
"branch": "main",
25
+
"submodules": false,
26
+
"revision": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",
27
+
"url": "https://git.lix.systems/lix-project/flake-compat/archive/549f2762aebeff29a2e5ece7a7dc0f955281a1d1.tar.gz",
28
+
"hash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw="
29
+
},
30
+
"helix-nix": {
31
+
"type": "Git",
32
+
"repository": {
33
+
"type": "Git",
34
+
"url": "file:///home/roufpup/Documents/Projects/helix-nix"
35
+
},
36
+
"branch": "main",
37
+
"submodules": false,
38
+
"revision": "50e5dded0def46ef53f24d1a385c5d58ec7efe68",
39
+
"url": null,
40
+
"hash": "sha256-G/2i4XKZOfRpghgu7Ix7QpYyP67dZULO/Re8JI3oyVQ="
41
+
},
42
+
"hjem": {
43
+
"type": "Git",
44
+
"repository": {
45
+
"type": "GitHub",
46
+
"owner": "feel-co",
47
+
"repo": "hjem"
48
+
},
49
+
"branch": "main",
50
+
"submodules": false,
51
+
"revision": "8539013044624a257e8da370069107aea148e985",
52
+
"url": "https://github.com/feel-co/hjem/archive/8539013044624a257e8da370069107aea148e985.tar.gz",
53
+
"hash": "sha256-I2zxtEafZbFbqXe71rjqwVeTDv8SIVLaSzQd39SwfwM="
54
+
},
55
+
"hjem-rum": {
56
+
"type": "Git",
57
+
"repository": {
58
+
"type": "GitHub",
59
+
"owner": "snugnug",
60
+
"repo": "hjem-rum"
61
+
},
62
+
"branch": "main",
63
+
"submodules": false,
64
+
"revision": "edac54b7d57ad72cc4b124da2f44e7b2e584f3c6",
65
+
"url": "https://github.com/snugnug/hjem-rum/archive/edac54b7d57ad72cc4b124da2f44e7b2e584f3c6.tar.gz",
66
+
"hash": "sha256-P+59TbVusYqdx2Jt2liwvQ+hslUzU6M1ezRDy6c66Tc="
67
+
},
68
+
"hjem-rum-local": {
69
+
"type": "Git",
70
+
"repository": {
71
+
"type": "Git",
72
+
"url": "file:///home/roufpup/Documents/Projects/hjem-rum"
73
+
},
74
+
"branch": "main",
75
+
"submodules": false,
76
+
"revision": "7c931af837c79d03275188e874e03ede10ce6183",
77
+
"url": null,
78
+
"hash": "sha256-OTmC/wDxW+2aTC93xAJK3jmBJyTwNfc+irLmD6kPEPc="
79
+
},
80
+
"nix-index": {
81
+
"type": "Git",
82
+
"repository": {
83
+
"type": "GitHub",
84
+
"owner": "nix-community",
85
+
"repo": "nix-index-database"
86
+
},
87
+
"branch": "main",
88
+
"submodules": false,
89
+
"revision": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
90
+
"url": "https://github.com/nix-community/nix-index-database/archive/82befcf7dc77c909b0f2a09f5da910ec95c5b78f.tar.gz",
91
+
"hash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws="
92
+
},
93
+
"nix-minecraft": {
94
+
"type": "Git",
95
+
"repository": {
96
+
"type": "Git",
97
+
"url": "file:///home/roufpup/repos/nix-minecraft"
98
+
},
99
+
"branch": "neoforge",
100
+
"submodules": false,
101
+
"revision": "65330cab6a364a9bc26c1c69c557931b1c066392",
102
+
"url": null,
103
+
"hash": "sha256-Qhc93GD2kp9GIpeYyXxX72ZsuuixGx34rdYQm5IEpT0="
104
+
},
105
+
"nixpkgs": {
106
+
"type": "Git",
107
+
"repository": {
108
+
"type": "GitHub",
109
+
"owner": "NixOS",
110
+
"repo": "nixpkgs"
111
+
},
112
+
"branch": "nixos-unstable",
113
+
"submodules": false,
114
+
"revision": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
115
+
"url": "https://github.com/NixOS/nixpkgs/archive/9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5.tar.gz",
116
+
"hash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A="
117
+
},
118
+
"nixpkgs-jelly": {
119
+
"type": "Git",
120
+
"repository": {
121
+
"type": "GitHub",
122
+
"owner": "vikingnope",
123
+
"repo": "nixpkgs"
124
+
},
125
+
"branch": "jellyfin-media-player--rename-to-jellyfin-desktop",
126
+
"submodules": false,
127
+
"revision": "108c36953a75771675e0056bb94f2467784353cf",
128
+
"url": "https://github.com/vikingnope/nixpkgs/archive/108c36953a75771675e0056bb94f2467784353cf.tar.gz",
129
+
"hash": "sha256-fT0cIx5RWgk21myuAe2zcg/dpGq+NaifOfNjuEbq1no=",
130
+
"frozen": true
131
+
},
132
+
"nixpkgs-master": {
133
+
"type": "Git",
134
+
"repository": {
135
+
"type": "GitHub",
136
+
"owner": "NixOS",
137
+
"repo": "nixpkgs"
138
+
},
139
+
"branch": "master",
140
+
"submodules": false,
141
+
"revision": "5cc1118e4abc5295a92908effb59c1ffe951b7f5",
142
+
"url": "https://github.com/NixOS/nixpkgs/archive/5cc1118e4abc5295a92908effb59c1ffe951b7f5.tar.gz",
143
+
"hash": "sha256-LB30+rJV0y3wE+FkIK1gV7bqALCjNpiCOlqcZOV+71M="
144
+
},
145
+
"sops-nix": {
146
+
"type": "Git",
147
+
"repository": {
148
+
"type": "GitHub",
149
+
"owner": "Mic92",
150
+
"repo": "sops-nix"
151
+
},
152
+
"branch": "master",
153
+
"submodules": false,
154
+
"revision": "ecc41505948ec2ab0325f14c9862a4329c2b4190",
155
+
"url": "https://github.com/Mic92/sops-nix/archive/ecc41505948ec2ab0325f14c9862a4329c2b4190.tar.gz",
156
+
"hash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE="
157
+
},
158
+
"stash": {
159
+
"type": "Git",
160
+
"repository": {
161
+
"type": "GitHub",
162
+
"owner": "notashelf",
163
+
"repo": "stash"
164
+
},
165
+
"branch": "push-zrxmlwwtvtlz",
166
+
"submodules": false,
167
+
"revision": "9b405982bf49abda65c098a45d70cac7dd4038ed",
168
+
"url": "https://github.com/notashelf/stash/archive/9b405982bf49abda65c098a45d70cac7dd4038ed.tar.gz",
169
+
"hash": "sha256-RJiJ8z5DLrrP6J8pCbeAF4992kp7v4FE33Ma2tgXgZM=",
170
+
"frozen": true
171
+
},
172
+
"wire": {
173
+
"type": "Git",
174
+
"repository": {
175
+
"type": "GitHub",
176
+
"owner": "mrshmllow",
177
+
"repo": "wire"
178
+
},
179
+
"branch": "stable",
180
+
"submodules": false,
181
+
"revision": "e374966c78c923163dd69ab28cbe716d9beb70c3",
182
+
"url": "https://github.com/mrshmllow/wire/archive/e374966c78c923163dd69ab28cbe716d9beb70c3.tar.gz",
183
+
"hash": "sha256-bZ1iL+czuFbfnTHB3yqyeEqVZiuTsfhPrhN25MDTQdc="
184
+
}
185
+
},
186
+
"version": 7
187
+
}
+29
overlays/cosmic-ext-extra-sessions/cosmic-ext-alternative-startup/default.nix
+29
overlays/cosmic-ext-extra-sessions/cosmic-ext-alternative-startup/default.nix
···
1
+
{
2
+
lib,
3
+
fetchFromGitHub,
4
+
rustPlatform,
5
+
nix-update-script,
6
+
}:
7
+
rustPlatform.buildRustPackage (finalAttrs: {
8
+
pname = "cosmic-ext-alternative-startup";
9
+
version = "0-unstable-2024-11-24";
10
+
11
+
src = fetchFromGitHub {
12
+
owner = "Drakulix";
13
+
repo = "cosmic-ext-alternative-startup";
14
+
rev = "8ceda00197c7ec0905cf1dccdc2d67d738e45417";
15
+
hash = "sha256-0kqn3hZ58uQMl39XXF94yQS1EWmGIK45/JFTAigg/3M=";
16
+
};
17
+
18
+
cargoHash = "sha256-DeMkAG2iINGden0Up013M9mWDN4QHrF+FXoNqpGB+mg=";
19
+
20
+
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch" ]; };
21
+
22
+
meta = {
23
+
mainProgram = "cosmic-ext-alternative-startup";
24
+
description = "Alternative entry point for cosmic-sessions compositor IPC interface";
25
+
homepage = "https://github.com/Drakulix/cosmic-ext-alternative-startup";
26
+
license = lib.licenses.gpl3;
27
+
maintainers = [ lib.teams.cosmic ];
28
+
};
29
+
})
+55
overlays/cosmic-ext-extra-sessions/cosmic-ext-extra-sessions/default.nix
+55
overlays/cosmic-ext-extra-sessions/cosmic-ext-extra-sessions/default.nix
···
1
+
{
2
+
lib,
3
+
fetchFromGitHub,
4
+
stdenvNoCC,
5
+
nix-update-script,
6
+
7
+
systemd,
8
+
bash,
9
+
dbus,
10
+
cosmic-session,
11
+
niri,
12
+
}:
13
+
stdenvNoCC.mkDerivation (finalAttrs: {
14
+
pname = "cosmic-ext-extra-sessions";
15
+
version = "0-unstable-2025-04-02";
16
+
17
+
src = fetchFromGitHub {
18
+
owner = "Drakulix";
19
+
repo = "cosmic-ext-extra-sessions";
20
+
rev = "66e065728d81eab86171e542dad08fb628c88494";
21
+
hash = "sha256-6JiWdBry63NrnmK3mt9gGSDAcyx/f6L5QsIgZSUakQI=";
22
+
};
23
+
24
+
installPhase = ''
25
+
runHook preInstall
26
+
install -Dm0644 $src/niri/cosmic-ext-niri.desktop $out/share/wayland-sessions/cosmic-ext-niri.desktop
27
+
install -Dm0755 $src/niri/start-cosmic-ext-niri $out/bin/start-cosmic-ext-niri
28
+
runHook postInstall
29
+
'';
30
+
31
+
postInstall = ''
32
+
substituteInPlace $out/share/wayland-sessions/cosmic-ext-niri.desktop \
33
+
--replace-fail "/usr/local/bin/start-cosmic-ext-niri" "$out/bin/start-cosmic-ext-niri" \
34
+
--replace-fail "COSMIC on niri" "Niri DE"
35
+
substituteInPlace $out/bin/start-cosmic-ext-niri \
36
+
--replace-fail "systemctl" "${systemd}/bin/systemctl" \
37
+
--replace-fail "exec bash" "exec ${lib.getExe bash}" \
38
+
--replace-fail "/usr/bin/dbus-run-session" "${dbus}/bin/dbus-run-session" \
39
+
--replace-fail "/usr/bin/cosmic-session niri" "${lib.getExe cosmic-session} ${lib.getExe niri} --session"
40
+
'';
41
+
42
+
passthru = {
43
+
providedSessions = [ "cosmic-ext-niri" ];
44
+
45
+
updateScript = nix-update-script { extraArgs = [ "--version=branch" ]; };
46
+
};
47
+
48
+
meta = {
49
+
mainProgram = "cosmic-ext-extra-sessions";
50
+
description = "Inofficial session variants for cosmic-epoch";
51
+
homepage = "https://github.com/Drakulix/cosmic-ext-extra-sessions";
52
+
license = lib.licenses.gpl3;
53
+
maintainers = [ lib.teams.cosmic ];
54
+
};
55
+
})
+6
overlays/cosmic-ext-extra-sessions/overlay.nix
+6
overlays/cosmic-ext-extra-sessions/overlay.nix
+34
overlays/default/overlay.nix
+34
overlays/default/overlay.nix
···
1
+
{ pins, ... }:
2
+
(final: prev: {
3
+
calc-rs = prev.callPackage ../../packages/calc-rs { };
4
+
configarr = prev.callPackage ../../packages/configarr { };
5
+
helix = pins.helix-nix.packages.helix;
6
+
steel = pins.helix-nix.packages.steel;
7
+
chafa = prev.chafa.overrideAttrs (prev-chafa: {
8
+
buildInputs =
9
+
prev-chafa.buildInputs
10
+
++ (with prev; [
11
+
libwebp
12
+
]);
13
+
});
14
+
stash = pins.stash.packages.${prev.stdenv.hostPlatform.system}.stash;
15
+
element-web = (
16
+
prev.element-web.overrideAttrs (
17
+
final: prev: {
18
+
installPhase = ''
19
+
runHook preInstall
20
+
21
+
cp -R webapp $out
22
+
echo "${final.version}" > "$out/version"
23
+
jq -s '.[0] * $conf' "config.sample.json" --argjson "conf" '${
24
+
builtins.toJSON {
25
+
disable_guests = true;
26
+
}
27
+
}' > "$out/config.json"
28
+
29
+
runHook postInstall
30
+
'';
31
+
}
32
+
)
33
+
);
34
+
})
+42
overlays/huggingface-hub/overlay.nix
+42
overlays/huggingface-hub/overlay.nix
···
1
+
{ ... }:
2
+
(final: prev: {
3
+
python312 = prev.python312.override {
4
+
packageOverrides = python-final: python-prev: {
5
+
huggingface-hub = python-prev.huggingface-hub.overridePythonAttrs (hf-prev: rec {
6
+
version = "1.1.4";
7
+
src = prev.fetchFromGitHub {
8
+
owner = "huggingface";
9
+
repo = "huggingface_hub";
10
+
tag = "v${version}";
11
+
hash = "sha256-9zO2oEjCB//YqV5OkV24Wo6hC5EKSexK52kh9Yz5Z6g=";
12
+
};
13
+
dependencies =
14
+
hf-prev.dependencies
15
+
++ (with python-final; [
16
+
httpx
17
+
shellingham
18
+
typer-slim
19
+
]);
20
+
});
21
+
hf-xet = python-prev.hf-xet.overridePythonAttrs rec {
22
+
pname = "hf-xet";
23
+
version = "1.2.0";
24
+
src = prev.fetchFromGitHub {
25
+
owner = "huggingface";
26
+
repo = "xet-core";
27
+
tag = "v${version}";
28
+
hash = "sha256-nRxLVCJF3meoVa1mc3jt0hJUFDwfSFl7U/fFLDQL44M=";
29
+
};
30
+
cargoDeps = prev.rustPlatform.fetchCargoVendor {
31
+
inherit
32
+
pname
33
+
version
34
+
src
35
+
;
36
+
sourceRoot = "${src.name}/hf_xet";
37
+
hash = "sha256-xMfsd7xOghktQu/do7TMmkUx4uTBHPK44XODePluUgc=";
38
+
};
39
+
};
40
+
};
41
+
};
42
+
})
+19
overlays/krita/overlay.nix
+19
overlays/krita/overlay.nix
···
1
+
{ ... }:
2
+
(final: prev: {
3
+
krita = (
4
+
prev.krita.override {
5
+
unwrapped =
6
+
with prev;
7
+
(libsForQt5.callPackage "${path}/pkgs/by-name/kr/krita" {
8
+
version = "5.2.13";
9
+
kde-channel = "stable";
10
+
hash = "sha256-y5CUMMmeK/EGhPHBPXaHZpHuYlctmqpU1wWJMflhVTE=";
11
+
}).overrideAttrs
12
+
(prev: {
13
+
patches = prev.patches ++ [
14
+
./patches/krita.patch
15
+
];
16
+
});
17
+
}
18
+
);
19
+
})
+128
overlays/krita/patches/krita.patch
+128
overlays/krita/patches/krita.patch
···
1
+
diff --git a/CMakeLists.txt b/CMakeLists.txt
2
+
index 82828ea779..f35cd6c701 100644
3
+
--- a/CMakeLists.txt
4
+
+++ b/CMakeLists.txt
5
+
@@ -416,6 +416,8 @@ find_package(KF5 ${MIN_FRAMEWORKS_VERSION} REQUIRED COMPONENTS
6
+
WindowSystem
7
+
)
8
+
9
+
+find_package(OpenGL REQUIRED COMPONENTS OpenGL)
10
+
+
11
+
find_package(Qt5 ${MIN_QT_VERSION}
12
+
REQUIRED COMPONENTS
13
+
Core
14
+
@@ -551,7 +553,7 @@ endif()
15
+
16
+
if (NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
17
+
18
+
- find_package(Qt5 ${MIN_QT_VERSION} REQUIRED X11Extras)
19
+
+ # find_package(Qt5 ${MIN_QT_VERSION} REQUIRED X11Extras)
20
+
21
+
find_package(Qt5DBus ${MIN_QT_VERSION})
22
+
set(HAVE_DBUS ${Qt5DBus_FOUND})
23
+
@@ -569,9 +571,9 @@ if (NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
24
+
TYPE OPTIONAL
25
+
PURPOSE "Optionally used to provide crash reporting on Linux")
26
+
27
+
- find_package(X11 REQUIRED COMPONENTS Xinput)
28
+
- set(HAVE_X11 TRUE)
29
+
- add_definitions(-DHAVE_X11)
30
+
+ # find_package(X11 REQUIRED COMPONENTS Xinput)
31
+
+ set(HAVE_X11 FALSE)
32
+
+ # add_definitions(-DHAVE_X11)
33
+
34
+
else()
35
+
set(HAVE_DBUS FALSE)
36
+
diff --git a/krita/CMakeLists.txt b/krita/CMakeLists.txt
37
+
index 4aeaddd25c..bd06dff082 100644
38
+
--- a/krita/CMakeLists.txt
39
+
+++ b/krita/CMakeLists.txt
40
+
@@ -110,7 +110,8 @@ target_link_libraries(krita
41
+
Qt5::Network
42
+
Qt5::PrintSupport
43
+
Qt5::Svg
44
+
- Qt5::Concurrent)
45
+
+ Qt5::Concurrent
46
+
+ OpenGL::OpenGL)
47
+
if(HAVE_KCRASH)
48
+
target_link_libraries(krita PRIVATE KF5::Crash)
49
+
endif()
50
+
diff --git a/krita/main.cc b/krita/main.cc
51
+
index c7ff996e25..a89701f459 100644
52
+
--- a/krita/main.cc
53
+
+++ b/krita/main.cc
54
+
@@ -568,12 +568,12 @@ extern "C" MAIN_EXPORT int MAIN_FN(int argc, char **argv)
55
+
56
+
installTranslators(app);
57
+
58
+
- if (KisApplication::platformName() == "wayland") {
59
+
- QMessageBox::critical(nullptr,
60
+
- i18nc("@title:window", "Fatal Error"),
61
+
- i18n("Krita does not support the Wayland platform. Use XWayland to run Krita on Wayland. Krita will close now."));
62
+
- return -1;
63
+
- }
64
+
+ // if (KisApplication::platformName() == "wayland") {
65
+
+ // QMessageBox::critical(nullptr,
66
+
+ // i18nc("@title:window", "Fatal Error"),
67
+
+ // i18n("Krita does not support the Wayland platform. Use XWayland to run Krita on Wayland. Krita will close now."));
68
+
+ // return -1;
69
+
+ // }
70
+
71
+
KisUsageLogger::writeHeader();
72
+
KisOpenGL::initialize();
73
+
diff --git a/libs/ui/CMakeLists.txt b/libs/ui/CMakeLists.txt
74
+
index 91e7de338e..5614fdede2 100644
75
+
--- a/libs/ui/CMakeLists.txt
76
+
+++ b/libs/ui/CMakeLists.txt
77
+
@@ -712,10 +712,10 @@ if (ANDROID)
78
+
target_link_libraries(kritaui PRIVATE Qt5::AndroidExtras)
79
+
endif()
80
+
81
+
-if (NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
82
+
- target_link_libraries(kritaui PRIVATE ${X11_X11_LIB}
83
+
- ${X11_Xinput_LIB})
84
+
-endif()
85
+
+# if (NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
86
+
+# target_link_libraries(kritaui PRIVATE ${X11_X11_LIB}
87
+
+# ${X11_Xinput_LIB})
88
+
+# endif()
89
+
90
+
if (HAIKU)
91
+
target_link_libraries(kritaui PRIVATE network expat iconv intl)
92
+
@@ -737,13 +737,13 @@ if(OpenEXR_FOUND)
93
+
endif()
94
+
95
+
# Add VSync disable workaround
96
+
-if(NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
97
+
- target_link_libraries(kritaui PRIVATE ${CMAKE_DL_LIBS} Qt5::X11Extras)
98
+
-endif()
99
+
+# if(NOT WIN32 AND NOT APPLE AND NOT ANDROID AND NOT HAIKU)
100
+
+# target_link_libraries(kritaui PRIVATE ${CMAKE_DL_LIBS} Qt5::X11Extras)
101
+
+# endif()
102
+
103
+
-if(X11_FOUND)
104
+
- target_link_libraries(kritaui PRIVATE Qt5::X11Extras ${X11_LIBRARIES})
105
+
-endif()
106
+
+# if(X11_FOUND)
107
+
+# target_link_libraries(kritaui PRIVATE Qt5::X11Extras ${X11_LIBRARIES})
108
+
+# endif()
109
+
110
+
target_include_directories(kritaui
111
+
PUBLIC
112
+
diff --git a/libs/widgets/CMakeLists.txt b/libs/widgets/CMakeLists.txt
113
+
index aeae3824b4..8add5f541b 100644
114
+
--- a/libs/widgets/CMakeLists.txt
115
+
+++ b/libs/widgets/CMakeLists.txt
116
+
@@ -113,9 +113,9 @@ target_link_libraries(kritawidgets
117
+
KF5::Completion
118
+
)
119
+
120
+
-if(X11_FOUND)
121
+
- target_link_libraries(kritawidgets Qt5::X11Extras ${X11_LIBRARIES})
122
+
-endif()
123
+
+# if(X11_FOUND)
124
+
+# target_link_libraries(kritawidgets Qt5::X11Extras ${X11_LIBRARIES})
125
+
+# endif()
126
+
127
+
set_target_properties(kritawidgets PROPERTIES
128
+
VERSION ${GENERIC_KRITA_LIB_VERSION} SOVERSION ${GENERIC_KRITA_LIB_SOVERSION}
+24
overlays/vllm/overlay.nix
+24
overlays/vllm/overlay.nix
···
1
+
{ pkgs, ... }:
2
+
(final: prev: {
3
+
full_rocm_stack = import ./rocm/full_rocm_stack { inherit pkgs; };
4
+
vllm = import ./pythonPackages/vllm {
5
+
inherit pkgs;
6
+
inherit final;
7
+
};
8
+
9
+
python312 = prev.python312.override {
10
+
packageOverrides =
11
+
python-final: python-prev:
12
+
let
13
+
call = prev.python312Packages.callPackage;
14
+
in
15
+
{
16
+
tensorizer = call ./pythonPackages/tensorizer { };
17
+
conch-triton-kernels = call ./pythonPackages/conch-triton-kernels { };
18
+
runai-model-streamer = call ./pythonPackages/runai-model-streamer { };
19
+
runai-model-streamer-s3 = call ./pythonPackages/runai-model-streamer-s3 { };
20
+
amdsmi = call ./pythonPackages/amdsmi { };
21
+
};
22
+
};
23
+
24
+
})
+30
overlays/vllm/pythonPackages/amdsmi/default.nix
+30
overlays/vllm/pythonPackages/amdsmi/default.nix
···
1
+
{
2
+
buildPythonPackage,
3
+
fetchPypi,
4
+
setuptools,
5
+
pyyaml,
6
+
rocmPackages,
7
+
full_rocm_stack,
8
+
...
9
+
}:
10
+
(buildPythonPackage rec {
11
+
pname = "amdsmi";
12
+
version = "6.3.3";
13
+
src = fetchPypi {
14
+
inherit pname version;
15
+
hash = "sha256-2IeUMJwQ8oAGuLjbhWPZPv+q8Sc9UCq8S79donI4BTA=";
16
+
};
17
+
doCheck = false;
18
+
pyproject = true;
19
+
build-system = [
20
+
setuptools
21
+
];
22
+
dependencies = [
23
+
pyyaml
24
+
];
25
+
26
+
postInstall = ''
27
+
sed -i 's|import os|import os\nos.environ["ROCM_PATH"] = "${full_rocm_stack}"|' $out/lib/python3*/site-packages/amdsmi/*.py
28
+
'';
29
+
30
+
})
+21
overlays/vllm/pythonPackages/conch-triton-kernels/default.nix
+21
overlays/vllm/pythonPackages/conch-triton-kernels/default.nix
···
1
+
{
2
+
buildPythonPackage,
3
+
fetchPypi,
4
+
setuptools-scm,
5
+
numpy,
6
+
...
7
+
}:
8
+
(buildPythonPackage rec {
9
+
pname = "conch_triton_kernels";
10
+
version = "1.3";
11
+
src = fetchPypi {
12
+
inherit pname version;
13
+
hash = "sha256-dcexNCaHsw1rcl7bzp4N6yS1U5ip84OvEOFbPPZnJpw=";
14
+
};
15
+
doCheck = false;
16
+
pyproject = true;
17
+
dependencies = [
18
+
setuptools-scm
19
+
numpy
20
+
];
21
+
})
+20
overlays/vllm/pythonPackages/runai-model-streamer-s3/default.nix
+20
overlays/vllm/pythonPackages/runai-model-streamer-s3/default.nix
···
1
+
{
2
+
buildPythonPackage,
3
+
fetchPypi,
4
+
...
5
+
}:
6
+
(buildPythonPackage rec {
7
+
pname = "runai_model_streamer_s3";
8
+
version = "0.15.0";
9
+
src = fetchPypi {
10
+
inherit pname version;
11
+
hash = "sha256-SKzWWS1sW4djw8+Epz5L5z54EFkmqQMAk61LBioWJgQ=";
12
+
format = "wheel";
13
+
platform = "manylinux2014_x86_64";
14
+
dist = "py3";
15
+
python = "py3";
16
+
};
17
+
18
+
doCheck = false;
19
+
format = "wheel";
20
+
})
+20
overlays/vllm/pythonPackages/runai-model-streamer/default.nix
+20
overlays/vllm/pythonPackages/runai-model-streamer/default.nix
···
1
+
{
2
+
buildPythonPackage,
3
+
fetchPypi,
4
+
...
5
+
}:
6
+
(buildPythonPackage rec {
7
+
pname = "runai_model_streamer";
8
+
version = "0.15.0";
9
+
src = fetchPypi {
10
+
inherit pname version;
11
+
hash = "sha256-hIDTYSyTJIXLrL/FM+h8OcXyLAqxI7W0QWDPAVi2L9k=";
12
+
format = "wheel";
13
+
platform = "manylinux2014_x86_64";
14
+
dist = "py3";
15
+
python = "py3";
16
+
};
17
+
18
+
doCheck = false;
19
+
format = "wheel";
20
+
})
+33
overlays/vllm/pythonPackages/tensorizer/default.nix
+33
overlays/vllm/pythonPackages/tensorizer/default.nix
···
1
+
{
2
+
buildPythonPackage,
3
+
fetchPypi,
4
+
torch,
5
+
numpy,
6
+
protobuf,
7
+
psutil,
8
+
boto3,
9
+
redis,
10
+
hiredis,
11
+
libnacl,
12
+
...
13
+
}:
14
+
(buildPythonPackage rec {
15
+
pname = "tensorizer";
16
+
version = "2.12.0";
17
+
src = fetchPypi {
18
+
inherit pname version;
19
+
hash = "sha256-HHJLS6HH8FdTDM2+dpTvy7828+g23faW6uNcncPigTI=";
20
+
};
21
+
doCheck = false;
22
+
pyproject = true;
23
+
dependencies = [
24
+
torch
25
+
numpy
26
+
protobuf
27
+
psutil
28
+
boto3
29
+
redis
30
+
hiredis
31
+
libnacl
32
+
];
33
+
})
+48
overlays/vllm/pythonPackages/vllm/default.nix
+48
overlays/vllm/pythonPackages/vllm/default.nix
···
1
+
{ pkgs, final, ... }:
2
+
with pkgs;
3
+
(final.python312Packages.vllm.overridePythonAttrs (
4
+
prev:
5
+
let
6
+
rocmDeps = with rocmPackages; [
7
+
rocrand
8
+
hiprand
9
+
rocblas
10
+
miopen
11
+
hipfft
12
+
hipcub
13
+
hipsolver
14
+
rocsolver
15
+
hipblaslt
16
+
rocthrust
17
+
amdsmi
18
+
];
19
+
in
20
+
{
21
+
rocmSupport = true;
22
+
patches = prev.patches ++ [
23
+
(fetchpatch {
24
+
url = "https://github.com/vllm-project/vllm/commit/d696173afab4232a88e7feb2f2456f1b0f542fb4.patch";
25
+
hash = "sha256-yzQc0jm70MR2RQL8rth/H1dJ8z/PlbOYTEQLK0y71TI=";
26
+
})
27
+
];
28
+
env = prev.env // {
29
+
ROCM_PATH = "${final.full_rocm_stack}";
30
+
};
31
+
buildInputs = prev.buildInputs ++ rocmDeps;
32
+
dependencies =
33
+
prev.dependencies
34
+
++ (with final.python312Packages; [
35
+
boto3
36
+
botocore
37
+
peft
38
+
pytest-asyncio
39
+
timm
40
+
tensorizer
41
+
runai-model-streamer
42
+
runai-model-streamer-s3
43
+
conch-triton-kernels
44
+
amdsmi
45
+
triton
46
+
]);
47
+
}
48
+
))
+24
overlays/vllm/rocm/full_rocm_stack/default.nix
+24
overlays/vllm/rocm/full_rocm_stack/default.nix
···
1
+
{ pkgs, ... }:
2
+
(pkgs.stdenv.mkDerivation {
3
+
name = "rocm_clr_thrust";
4
+
dontUnpack = true;
5
+
6
+
buildInputs = with pkgs; [
7
+
rocmPackages.clr
8
+
];
9
+
10
+
installPhase = ''
11
+
mkdir -p $out
12
+
mkdir -p $out/include/thrust
13
+
mkdir -p $out/include/rocprim
14
+
mkdir -p $out/include/hipcub
15
+
mkdir -p $out/lib
16
+
mkdir -p $out/share/amd_smi
17
+
18
+
cp -R ${pkgs.rocmPackages.clr}/* $out
19
+
cp -R ${pkgs.rocmPackages.rocthrust}/include/thrust/* $out/include/thrust
20
+
cp -R ${pkgs.rocmPackages.rocprim}/include/rocprim/* $out/include/rocprim
21
+
cp -R ${pkgs.rocmPackages.hipcub}/include/hipcub/* $out/include/hipcub
22
+
cp ${pkgs.rocmPackages.amdsmi}/lib/libamd_smi.so.0.0 $out/lib/libamd_smi.so
23
+
'';
24
+
})
+13
packages/calc-rs/default.nix
+13
packages/calc-rs/default.nix
···
1
+
{ rustPlatform, fetchFromGitHub, ... }:
2
+
rustPlatform.buildRustPackage {
3
+
pname = "calc-rs";
4
+
version = "git";
5
+
6
+
src = fetchFromGitHub {
7
+
owner = "coriolinus";
8
+
repo = "calc";
9
+
rev = "f3d572ab94e178cfcd6abfa560c8ec18cb0da0c3";
10
+
sha256 = "sha256-PIuDfjzfxmzO3cIyvUAYI4EQlG10FHG7QzPpBxKRbaM=";
11
+
};
12
+
cargoHash = "sha256-gFffLErPqkNxaOYaOn2cG84By8B8UF0XCwrho5Aqbyo=";
13
+
}
+22
packages/configarr/default.nix
+22
packages/configarr/default.nix
···
1
+
{ stdenv, autoPatchelfHook, ... }:
2
+
stdenv.mkDerivation rec {
3
+
pname = "configarr";
4
+
version = "1.19.0";
5
+
6
+
src = fetchTarball {
7
+
url = "https://github.com/raydak-labs/configarr/releases/download/v${version}/configarr-linux-x64.tar.xz";
8
+
sha256 = "sha256-0zHvDQLZcqvth/evOXxGBs1WheVnxu6Xo8TNsiK+pV8=";
9
+
};
10
+
11
+
dontUnpack = true;
12
+
dontStrip = true;
13
+
14
+
nativeBuildInputs = [
15
+
autoPatchelfHook
16
+
];
17
+
18
+
installPhase = ''
19
+
mkdir -p $out/bin
20
+
install -D -m755 $src $out/bin/configarr
21
+
'';
22
+
}
+138
patches/forgejo.patch
+138
patches/forgejo.patch
···
1
+
diff --git a/nixos/modules/services/misc/forgejo.nix b/nixos/modules/services/misc/forgejo.nix
2
+
index ebf795fe2..9df553779 100644
3
+
--- a/nixos/modules/services/misc/forgejo.nix
4
+
+++ b/nixos/modules/services/misc/forgejo.nix
5
+
@@ -562,24 +562,24 @@ in
6
+
};
7
+
};
8
+
9
+
- services.forgejo.secrets = {
10
+
- security = {
11
+
- SECRET_KEY = "${cfg.customDir}/conf/secret_key";
12
+
- INTERNAL_TOKEN = "${cfg.customDir}/conf/internal_token";
13
+
- };
14
+
+ # services.forgejo.secrets = {
15
+
+ # security = {
16
+
+ # SECRET_KEY = "${cfg.customDir}/conf/secret_key";
17
+
+ # INTERNAL_TOKEN = "${cfg.customDir}/conf/internal_token";
18
+
+ # };
19
+
20
+
- oauth2 = {
21
+
- JWT_SECRET = "${cfg.customDir}/conf/oauth2_jwt_secret";
22
+
- };
23
+
+ # oauth2 = {
24
+
+ # JWT_SECRET = "${cfg.customDir}/conf/oauth2_jwt_secret";
25
+
+ # };
26
+
27
+
- database = mkIf (cfg.database.passwordFile != null) {
28
+
- PASSWD = cfg.database.passwordFile;
29
+
- };
30
+
+ # database = mkIf (cfg.database.passwordFile != null) {
31
+
+ # PASSWD = cfg.database.passwordFile;
32
+
+ # };
33
+
34
+
- server = mkIf cfg.lfs.enable {
35
+
- LFS_JWT_SECRET = "${cfg.customDir}/conf/lfs_jwt_secret";
36
+
- };
37
+
- };
38
+
+ # server = mkIf cfg.lfs.enable {
39
+
+ # LFS_JWT_SECRET = "${cfg.customDir}/conf/lfs_jwt_secret";
40
+
+ # };
41
+
+ # };
42
+
43
+
services.postgresql = optionalAttrs (usePostgresql && cfg.database.createDatabase) {
44
+
enable = mkDefault true;
45
+
@@ -637,36 +637,36 @@ in
46
+
"z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -"
47
+
];
48
+
49
+
- systemd.services.forgejo-secrets = mkIf (!cfg.useWizard) {
50
+
- description = "Forgejo secret bootstrap helper";
51
+
- script = ''
52
+
- if [ ! -s '${cfg.secrets.security.SECRET_KEY}' ]; then
53
+
- ${exe} generate secret SECRET_KEY > '${cfg.secrets.security.SECRET_KEY}'
54
+
- fi
55
+
-
56
+
- if [ ! -s '${cfg.secrets.oauth2.JWT_SECRET}' ]; then
57
+
- ${exe} generate secret JWT_SECRET > '${cfg.secrets.oauth2.JWT_SECRET}'
58
+
- fi
59
+
-
60
+
- ${optionalString cfg.lfs.enable ''
61
+
- if [ ! -s '${cfg.secrets.server.LFS_JWT_SECRET}' ]; then
62
+
- ${exe} generate secret LFS_JWT_SECRET > '${cfg.secrets.server.LFS_JWT_SECRET}'
63
+
- fi
64
+
- ''}
65
+
-
66
+
- if [ ! -s '${cfg.secrets.security.INTERNAL_TOKEN}' ]; then
67
+
- ${exe} generate secret INTERNAL_TOKEN > '${cfg.secrets.security.INTERNAL_TOKEN}'
68
+
- fi
69
+
- '';
70
+
- serviceConfig = {
71
+
- Type = "oneshot";
72
+
- RemainAfterExit = true;
73
+
- User = cfg.user;
74
+
- Group = cfg.group;
75
+
- ReadWritePaths = [ cfg.customDir ];
76
+
- UMask = "0077";
77
+
- };
78
+
- };
79
+
+ # systemd.services.forgejo-secrets = mkIf (!cfg.useWizard) {
80
+
+ # description = "Forgejo secret bootstrap helper";
81
+
+ # script = ''
82
+
+ # if [ ! -s '${cfg.secrets.security.SECRET_KEY}' ]; then
83
+
+ # ${exe} generate secret SECRET_KEY > '${cfg.secrets.security.SECRET_KEY}'
84
+
+ # fi
85
+
+
86
+
+ # if [ ! -s '${cfg.secrets.oauth2.JWT_SECRET}' ]; then
87
+
+ # ${exe} generate secret JWT_SECRET > '${cfg.secrets.oauth2.JWT_SECRET}'
88
+
+ # fi
89
+
+
90
+
+ # ${optionalString cfg.lfs.enable ''
91
+
+ # if [ ! -s '${cfg.secrets.server.LFS_JWT_SECRET}' ]; then
92
+
+ # ${exe} generate secret LFS_JWT_SECRET > '${cfg.secrets.server.LFS_JWT_SECRET}'
93
+
+ # fi
94
+
+ # ''}
95
+
+
96
+
+ # if [ ! -s '${cfg.secrets.security.INTERNAL_TOKEN}' ]; then
97
+
+ # ${exe} generate secret INTERNAL_TOKEN > '${cfg.secrets.security.INTERNAL_TOKEN}'
98
+
+ # fi
99
+
+ # '';
100
+
+ # serviceConfig = {
101
+
+ # Type = "oneshot";
102
+
+ # RemainAfterExit = true;
103
+
+ # User = cfg.user;
104
+
+ # Group = cfg.group;
105
+
+ # ReadWritePaths = [ cfg.customDir ];
106
+
+ # UMask = "0077";
107
+
+ # };
108
+
+ # };
109
+
110
+
systemd.services.forgejo = {
111
+
description = "Forgejo (Beyond coding. We forge.)";
112
+
@@ -678,20 +678,20 @@ in
113
+
]
114
+
++ optionals useMysql [
115
+
"mysql.service"
116
+
- ]
117
+
- ++ optionals (!cfg.useWizard) [
118
+
- "forgejo-secrets.service"
119
+
];
120
+
+ # ++ optionals (!cfg.useWizard) [
121
+
+ # "forgejo-secrets.service"
122
+
+ # ];
123
+
requires =
124
+
optionals (cfg.database.createDatabase && usePostgresql) [
125
+
"postgresql.target"
126
+
]
127
+
++ optionals (cfg.database.createDatabase && useMysql) [
128
+
"mysql.service"
129
+
- ]
130
+
- ++ optionals (!cfg.useWizard) [
131
+
- "forgejo-secrets.service"
132
+
];
133
+
+ # ++ optionals (!cfg.useWizard) [
134
+
+ # "forgejo-secrets.service"
135
+
+ # ];
136
+
wantedBy = [ "multi-user.target" ];
137
+
path = [
138
+
cfg.package