mrsnowy.dev / dotfiles
My dotfiles for my nixos machines and infra
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

Bump, switched to brr and fixed garage and samba stuff on homelab

MrSnowy 479cf774 78ae23f9

+117 -84
+2 -2
hosts/desktop/hjem-rum/snowy.nix
··· 31 31 mpv 32 32 33 33 jetbrains.idea 34 - jetbrains.rider 34 + # jetbrains.rider 35 35 orca-slicer 36 - unityhub 36 + # unityhub 37 37 38 38 #language servers 39 39 bash-language-server
+18 -12
hosts/desktop/system/configuration.nix
··· 87 87 "vm.max_map_count" = 1048576; 88 88 "net.ipv4.conf.all.forwarding" = true; 89 89 "net.ipv6.conf.all.forwarding" = true; 90 + 91 + # https://wiki.archlinux.org/title/Sysctl#Enable_TCP_Fast_Open 92 + "net.ipv4.tcp_fastopen" = 3; 93 + 94 + # better 95 + "net.ipv4.tcp_congestion_control" = "tcp_bbr"; 96 + "net.core.default_qdisc" = "fq"; 90 97 }; 91 98 92 99 extraModprobeConfig = '' ··· 457 464 fwupd 458 465 android-tools 459 466 netcap 460 - # nemo 461 - nemo-with-extensions 462 - nemo-fileroller 463 - nemo-preview 467 + 468 + # nemo-with-extensions 469 + # nemo-fileroller 470 + # nemo-preview 464 471 465 472 zellij 466 473 helix ··· 476 483 rocmPackages.rocm-smi 477 484 amdgpu_top 478 485 mangohud 479 - # mangojuice 486 + mangojuice 480 487 481 488 rofi 482 489 mako ··· 503 510 repos.unstable.xwayland-satellite 504 511 xdg-desktop-portal-gnome 505 512 506 - # hyprpaper 507 513 swaybg 508 - swww 514 + # swww 509 515 510 516 virt-manager 511 517 prismlauncher ··· 518 524 pear-desktop 519 525 r2modman 520 526 hoppscotch 521 - 522 527 ani-cli 523 528 syncplay 524 529 mumble 530 + 525 531 monero-gui 526 532 p2pool 527 533 # keyguard ··· 529 535 quickshell 530 536 # distrobox 531 537 532 - (discord.override { 533 - withOpenASAR = true; 534 - withVencord = true; 535 - }) 538 + # (discord.override { 539 + # withOpenASAR = true; 540 + # withVencord = true; 541 + # }) 536 542 ]; 537 543 538 544 gnome.excludePackages = with pkgs; [
+10 -3
hosts/desktop/system/services.nix
··· 1 - { pkgs, ... }: 1 + { pkgs, repos, ... }: 2 2 { 3 3 services = { 4 4 timesyncd.enable = true; ··· 45 45 }; 46 46 47 47 ntp.enable = true; 48 - gvfs.enable = true; 48 + gvfs = { 49 + enable = true; 50 + package = pkgs.gnome.gvfs; 51 + }; 49 52 gnome.gnome-keyring.enable = true; 50 53 flatpak.enable = true; 51 54 blueman.enable = true; ··· 64 67 }; 65 68 66 69 netbird = { 67 - ui.enable = true; 70 + package = repos.stable.netbird; 71 + ui = { 72 + enable = true; 73 + package = repos.stable.netbird-ui; 74 + }; 68 75 clients.fennec = { 69 76 70 77 port = 51820;
+13
hosts/homelab/services/garage.nix
··· 5 5 }: 6 6 { 7 7 # todo! garage-webui :3 8 + 8 9 services.garage = { 9 10 enable = true; 10 11 package = pkgs.garage_2; ··· 50 51 # api_bind_addr = "[::]:3904"; 51 52 # }; 52 53 }; 54 + }; 55 + 56 + systemd.services.garage_cleanup = { 57 + enable = true; 58 + description = "Cleans up any incomplete uploads in garage to save storage :P"; 59 + startAt = "daily UTC"; 60 + enableStrictShellChecks = true; 61 + script = '' 62 + ${pkgs.garage_2}/bin/garage bucket cleanup-incomplete-uploads phone-backup 63 + ${pkgs.garage_2}/bin/garage bucket cleanup-incomplete-uploads ente-bucket 64 + ${pkgs.garage_2}/bin/garage bucket cleanup-incomplete-uploads music 65 + ''; 53 66 }; 54 67 55 68 # systemd.services.garage.serviceConfig = {
+15 -13
hosts/homelab/services/samba.nix
··· 16 16 openFirewall = true; 17 17 settings = { 18 18 global = { 19 - security = "user"; 19 + "security" = "user"; 20 + "workgroup" = "WORKGROUP"; 21 + "server string" = "My snowlab Samba"; 22 + "netbios name" = "SNOWLAB"; # what shows up in discovery 23 + "hosts allow" = "ALL"; 20 24 }; 21 25 # public = { }; 22 26 private = { ··· 40 44 }; 41 45 42 46 system.activationScripts = { 43 - # The "init_smbpasswd" script name is arbitrary, but a useful label for tracking 44 - # failed scripts in the build output. An absolute path to smbpasswd is necessary 45 - # as it is not in $PATH in the activation script's environment. The password 46 - # is repeated twice with newline characters as smbpasswd requires a password 47 - # confirmation even in non-interactive mode where input is piped in through stdin. 48 - init_samba_user_smbpasswd.text = '' 49 - /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${ 50 - config.sops.secrets."samba/samba_user".path 51 - })\n$(/run/current-system/sw/bin/cat ${ 52 - config.sops.secrets."samba/samba_user".path 53 - })\n" | /run/current-system/sw/bin/smbpasswd -sa samba_user 54 - ''; 47 + init_samba_user_smbpasswd = { 48 + deps = [ "setupSecrets" ]; # depend it on sops 49 + text = '' 50 + /run/current-system/sw/bin/printf "$(/run/current-system/sw/bin/cat ${ 51 + config.sops.secrets."samba/samba_user".path 52 + })\n$(/run/current-system/sw/bin/cat ${ 53 + config.sops.secrets."samba/samba_user".path 54 + })\n" | /run/current-system/sw/bin/smbpasswd -sa samba_user 55 + ''; 56 + }; 55 57 }; 56 58 }
+6
hosts/homelab/system/configuration.nix
··· 75 75 kernel.sysctl = { 76 76 # https://wiki.archlinux.org/title/Sysctl#Enable_TCP_Fast_Open 77 77 "net.ipv4.tcp_fastopen" = 3; 78 + 79 + # better for starlink 80 + "net.ipv4.tcp_congestion_control" = "tcp_bbr"; 81 + "net.core.default_qdisc" = "fq"; 78 82 }; 79 83 80 84 loader = { ··· 196 200 execWheelOnly = true; 197 201 }; 198 202 }; 203 + 204 + # systemd.enableStrictShellChecks = true; 199 205 200 206 users = { 201 207 mutableUsers = false;
+17 -23
hosts/server/services/caddy.nix
··· 1 1 { 2 2 config, 3 - lib, 4 3 ... 5 4 }: 6 5 # let ··· 9 8 { 10 9 services.caddy = { 11 10 enable = true; 12 - logFormat = lib.mkForce "level DEBUG"; 11 + # logFormat = lib.mkForce "level DEBUG"; 13 12 globalConfig = '' 14 13 15 14 ''; ··· 159 158 } 160 159 161 160 *.s3.mrsnowy.dev, s3.mrsnowy.dev { 162 - tls { 163 - ciphers TLS_AES_128_GCM_SHA256 TLS_AES_256_GCM_SHA384 164 - } 161 + # log { 162 + # output file /var/log/caddy/s3.log 163 + # level DEBUG 164 + # } 165 165 166 - @h2 protocol h1 167 166 reverse_proxy :${toString config.ports.garage.s3_api} { 168 167 flush_interval -1 # low-latency mode 169 168 # request_body { ··· 171 170 # } 172 171 # 173 172 174 - transport http { 175 - keepalive_idle_conns_per_host 0 176 - read_buffer 1MiB 177 - write_buffer 1MiB 178 - compression off 179 - # versions 1.1 180 - } 173 + # transport http { 174 + # # compression off 175 + # versions 1.1 176 + # } 181 177 } 182 178 } 183 179 184 180 http://s4.mrsnowy.dev { 181 + # log { 182 + # output file /var/log/caddy/s4.log 183 + # level DEBUG 184 + # } 185 185 186 186 reverse_proxy :${toString config.ports.garage.s3_api} { 187 187 flush_interval -1 # low-latency mode 188 - # request_body { 189 - # max_size 5GB # raise for large object uploads 190 - # } 191 - # 192 188 193 - transport http { 194 - keepalive_idle_conns_per_host 0 195 - read_buffer 1MiB 196 - write_buffer 1MiB 197 - compression off 198 - } 189 + # transport http { 190 + # # compression off 191 + # versions 1.1 192 + # } 199 193 } 200 194 } 201 195 '';
+1 -1
hosts/server/services/garage.nix
··· 10 10 package = pkgs.garage_2; 11 11 settings = { 12 12 db_engine = "sqlite"; 13 - compression_level = 0; 13 + compression_level = 18; 14 14 replication_factor = 2; 15 15 consistency_mode = "degraded"; 16 16 metadata_fsync = false;
+5
hosts/server/system/configuration.nix
··· 86 86 # https://wiki.archlinux.org/title/Sysctl#Enable_TCP_Fast_Open 87 87 "net.ipv4.tcp_fastopen" = 3; 88 88 89 + # better 90 + "net.ipv4.tcp_congestion_control" = "tcp_bbr"; 91 + "net.core.default_qdisc" = "fq"; 92 + 89 93 # for containers :3 90 94 "kernel.unprivileged_userns_clone" = 1; 91 95 ··· 181 185 programs = { 182 186 nano.enable = false; 183 187 fish.enable = true; 188 + bat.enable = true; 184 189 # nh = { 185 190 # enable = true; 186 191 # flake = "/etc/nixos";
+27 -27
modules/npins/sources.json
··· 23 23 }, 24 24 "branch": "master", 25 25 "submodules": false, 26 - "revision": "9d3ef138f70b3540397320d25ead6aa96101371d", 27 - "url": "https://github.com/amaanq/helium-flake/archive/9d3ef138f70b3540397320d25ead6aa96101371d.tar.gz", 28 - "hash": "sha256-OxeMEMxRJ6dF3UGXVJoNRwxU/F1nOVbdcyX9n8S3Mxk=" 26 + "revision": "e90541d0904593bec70fadd6383659ec42cd610b", 27 + "url": "https://github.com/amaanq/helium-flake/archive/e90541d0904593bec70fadd6383659ec42cd610b.tar.gz", 28 + "hash": "sha256-6FDLz9ydI32uoOJa2qsPpaxQ3T0DB/7Lw/Meos6NjRo=" 29 29 }, 30 30 "hjem": { 31 31 "type": "Git", ··· 36 36 }, 37 37 "branch": "main", 38 38 "submodules": false, 39 - "revision": "4d0d0e4dc99245ffaa0d51acf69e288fb59fb0f1", 40 - "url": "https://github.com/feel-co/hjem/archive/4d0d0e4dc99245ffaa0d51acf69e288fb59fb0f1.tar.gz", 41 - "hash": "sha256-bPTW00Tkp8c7HJbhNC7wLO3fcngFXBpuX7LZByE/F8c=" 39 + "revision": "d51b2e524794a61762453be5bf7b4fe259150191", 40 + "url": "https://github.com/feel-co/hjem/archive/d51b2e524794a61762453be5bf7b4fe259150191.tar.gz", 41 + "hash": "sha256-hOweDMc/uNFeliSVuNXZ4qa6WC8AbmRV8pNSAD/h4S0=" 42 42 }, 43 43 "hjem-rum": { 44 44 "type": "Git", ··· 62 62 }, 63 63 "branch": "release-25.11", 64 64 "submodules": false, 65 - "revision": "5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c", 66 - "url": "https://github.com/nix-community/home-manager/archive/5c0f63f8d55040a7eed69df7e3fcdd15dfb5a04c.tar.gz", 67 - "hash": "sha256-rK0507bDuWBrZo+0zts9bCs/+RRUEHuvFE5DHWPxX/Q=" 65 + "revision": "cf9686ba26f5ef788226843bc31fda4cf72e373b", 66 + "url": "https://github.com/nix-community/home-manager/archive/cf9686ba26f5ef788226843bc31fda4cf72e373b.tar.gz", 67 + "hash": "sha256-dnHvv5EMUgTzGZmA+3diYjQU2O6BEpGLEOgJ1Qe9LaY=" 68 68 }, 69 69 "nix-gaming-edge": { 70 70 "type": "Git", ··· 75 75 }, 76 76 "branch": "nightly", 77 77 "submodules": false, 78 - "revision": "a6644fdb35fb66e3f15ed1ce5dd5e56ea64ddf06", 79 - "url": "https://github.com/powerofthe69/nix-gaming-edge/archive/a6644fdb35fb66e3f15ed1ce5dd5e56ea64ddf06.tar.gz", 80 - "hash": "sha256-aKwGEGa3UffChR91GNkk/TnVNXWQth8mmZATAgrG0Yc=" 78 + "revision": "3e479e75a18f1458b112ee74ae6c0c5b4b75bcf9", 79 + "url": "https://github.com/powerofthe69/nix-gaming-edge/archive/3e479e75a18f1458b112ee74ae6c0c5b4b75bcf9.tar.gz", 80 + "hash": "sha256-bfjINgmeHk+jWwli/ODZsQFZcR1yZjVXzalR6vvjz9o=" 81 81 }, 82 82 "nixpkgs-stable": { 83 83 "type": "Git", ··· 88 88 }, 89 89 "branch": "nixos-25.11", 90 90 "submodules": false, 91 - "revision": "3e20095fe3c6cbb1ddcef89b26969a69a1570776", 92 - "url": "https://github.com/NixOS/nixpkgs/archive/3e20095fe3c6cbb1ddcef89b26969a69a1570776.tar.gz", 93 - "hash": "sha256-SEzUWw2Rf5Ki3bcM26nSKgbeoqi2uYy8IHVBqOKjX3w=" 91 + "revision": "4590696c8693fea477850fe379a01544293ca4e2", 92 + "url": "https://github.com/NixOS/nixpkgs/archive/4590696c8693fea477850fe379a01544293ca4e2.tar.gz", 93 + "hash": "sha256-4XfMXU0DjN83o6HWZoKG9PegCvKvIhNUnRUI19vzTcQ=" 94 94 }, 95 95 "nixpkgs-unstable": { 96 96 "type": "Git", ··· 101 101 }, 102 102 "branch": "nixos-unstable", 103 103 "submodules": false, 104 - "revision": "c06b4ae3d6599a672a6210b7021d699c351eebda", 105 - "url": "https://github.com/NixOS/nixpkgs/archive/c06b4ae3d6599a672a6210b7021d699c351eebda.tar.gz", 106 - "hash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=" 104 + "revision": "6c9a78c09ff4d6c21d0319114873508a6ec01655", 105 + "url": "https://github.com/NixOS/nixpkgs/archive/6c9a78c09ff4d6c21d0319114873508a6ec01655.tar.gz", 106 + "hash": "sha256-US5Tda2sKmjrg2lNHQL3jRQ6p96cgfWh3J1QBliQ8Ws=" 107 107 }, 108 108 "sops-nix": { 109 109 "type": "Git", ··· 114 114 }, 115 115 "branch": "master", 116 116 "submodules": false, 117 - "revision": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", 118 - "url": "https://github.com/Mic92/sops-nix/archive/d1ff3b1034d5bab5d7d8086a7803c5a5968cd784.tar.gz", 119 - "hash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=" 117 + "revision": "614e256310e0a4f8a9ccae3fa80c11844fba7042", 118 + "url": "https://github.com/Mic92/sops-nix/archive/614e256310e0a4f8a9ccae3fa80c11844fba7042.tar.gz", 119 + "hash": "sha256-fhG4JAcLgjKwt+XHbjs8brpWnyKUfU4LikLm3s0Q/ic=" 120 120 }, 121 121 "wire": { 122 122 "type": "Git", ··· 127 127 }, 128 128 "branch": "stable", 129 129 "submodules": false, 130 - "revision": "53dad75b2503b8d9bb09ea3fbd9d87a0ab14bcf2", 131 - "url": "https://github.com/mrshmllow/wire/archive/53dad75b2503b8d9bb09ea3fbd9d87a0ab14bcf2.tar.gz", 132 - "hash": "sha256-eIi3o3TiYFlgk831lkWilNw9vTrO26PNaNwbG2UAF60=" 130 + "revision": "5439d792ec7f876992300f10da37ff068dbafb29", 131 + "url": "https://github.com/mrshmllow/wire/archive/5439d792ec7f876992300f10da37ff068dbafb29.tar.gz", 132 + "hash": "sha256-vTO8yQsn0lCwxaXx/i4Njuv8NcENP8k5w1PKdVhT4lI=" 133 133 }, 134 134 "zen-browser": { 135 135 "type": "Git", ··· 140 140 }, 141 141 "branch": "main", 142 142 "submodules": false, 143 - "revision": "9346698c4562819f61b4e5097151ec0b17729fab", 144 - "url": "https://github.com/0xc000022070/zen-browser-flake/archive/9346698c4562819f61b4e5097151ec0b17729fab.tar.gz", 145 - "hash": "sha256-L1yMYmFffHfZNP+hKJGRBmrFKkn/VDhu7jEbVftBQuM=" 143 + "revision": "a0f3d47dbd8f8618a1920d5a5ca09b7993415895", 144 + "url": "https://github.com/0xc000022070/zen-browser-flake/archive/a0f3d47dbd8f8618a1920d5a5ca09b7993415895.tar.gz", 145 + "hash": "sha256-gibUM0pSnLxEeuFrYA8T1oEaixk+fjQpqXbYaxcEX/4=" 146 146 } 147 147 }, 148 148 "version": 7
+3 -3
modules/sops/homelab/default.yaml
··· 2 2 wireguard: 3 3 key: ENC[AES256_GCM,data:TZG68pWFZW5T+UxoCXhmLgp2SYhvN/kKeLLgjRf48M79pzZVWnwQT2769Cc=,iv:WmfvM9H0zwYUTnM4DszQRA3W+si0eULNpW4ZJqAjtyk=,tag:UBultWSGxv1spMeBtknmUg==,type:str] 4 4 samba: 5 - samba_user: ENC[AES256_GCM,data:iaWzLYgvJPMKjrqBPt3YjiWhS073oQ/kpg88pUuMUj0kfuXSZ9sjTmwr2HUam0Gpod8Zujj76HpxxH9N5Cqiqg==,iv:uLeZ4v3PhCZ7hZ7NTDpsGx76WBlIQinfvU4iN2YMjVQ=,tag:DYdFVPTunMzDg60sSB3Lpg==,type:str] 5 + samba_user: ENC[AES256_GCM,data:sY6FSlw+wb+mYWjZGMjfqRDkVeqCf4B+HITiS2L90/I=,iv:zW7ya+xDMx20HqnjV3Zv5Iptu33nqFba3Q3DbwnnTmA=,tag:u0IE9x3sm6FSdjATzdLckQ==,type:str] 6 6 sops: 7 7 age: 8 8 - recipient: age1yjv3ngyz26qqggvef3ekwdw60dfvcmfd0l6n88vs3axux6vusdhsyzlts0 ··· 14 14 UXhYeElvSTNaV21CY2s2c29tOFplakkKdSQ+SSMQje7l3AmNndI/PAmMVzmJe7sm 15 15 snnqYTs6E1sKfBklznsYbcZrXeuDzgPt6XhtC1XIgHP0bxTFVYSPRA== 16 16 -----END AGE ENCRYPTED FILE----- 17 - lastmodified: "2026-03-19T13:26:55Z" 18 - mac: ENC[AES256_GCM,data:bI/dov0roY6UVz/DwJa7GpYD2oLy7KKx6QiAiePKIy+gsp2qgVFVar2R+98mU6JkRTO4qVCF3mjpIqXmb0ezJOJZKKJTzMrIA3TpTJJcfhiw2WLA7LpxLKi7o80NdvbXBQxFKsZCaEBJoJxwxqMbch/0lltZAgClu7MW/FW7WG4=,iv:taiX25EYw0spPzBg6thtJJWEKy0j9gt5w8orC/uhd+4=,tag:ECN3I7vgFUwXOrFsSffL/g==,type:str] 17 + lastmodified: "2026-03-21T15:49:40Z" 18 + mac: ENC[AES256_GCM,data:Z3EGvXmNjZy6Hor2uE4tQf9KaA14wBGYVovndDRPyGTjE2vv2b0JJW+8YBujw1f1QQBnKubWeMbAwLpB277ZH86+5KntIgZbqq44MZAgXD84WOiFfHg0CP3Z7qLT3rMLrt/1m6yAdmbTbluAxilGB8IXnI3t3nLz2KB7Ji4Cga4=,iv:DCU5xizhb6eDG80szLYCuswMDHstuecjjgCM0jB8ZEs=,tag:14me8kgEg8ETjHBMRLzOvw==,type:str] 19 19 pgp: 20 20 - created_at: "2026-02-06T18:21:16Z" 21 21 enc: |-