mrsnowy.dev / dotfiles
My dotfiles for my nixos machines and infra
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

bump, fully switched to npins.

MrSnowy 8c1ae3f8 d1489a33

+558 -535
+1
.gitignore
··· 1 1 result/ 2 2 result 3 + iso 3 4 4 5 # For nixos-vms 5 6 *.qcow2
+53 -27
default.nix
··· 1 1 let 2 - sources = import ./npins; 3 - pkgs-stable = import sources.nixpkgs-stable { 4 - config.allowUnfree = true; 5 - }; 6 - pkgs-unstable = import sources.nixpkgs-unstable { 7 - config.allowUnfree = true; 8 - }; 9 - pkgs-custom = import /mnt/SnowData/snowy/Documents/repos/nixpkgs { 10 - config.allowUnfree = true; 2 + pins = import ./npins; 3 + 4 + nlib = import ./lib { 5 + inherit pins; 6 + lib = import "${pins.nixpkgs-stable}/lib"; 11 7 }; 12 - # root_path = toString ./.; 13 - nlib = import ./lib { }; 14 - # wire = import sources.; 15 - in 16 - rec { 8 + 17 9 repos = { 18 - stable = pkgs-stable; 19 - unstable = pkgs-unstable; 20 - custom = pkgs-custom; 10 + stable = import pins.nixpkgs-stable { 11 + config.allowUnfree = true; 12 + }; 13 + unstable = import pins.nixpkgs-unstable { 14 + config.allowUnfree = true; 15 + }; 16 + custom = import /mnt/SnowData/snowy/Documents/repos/nixpkgs { 17 + config.allowUnfree = true; 18 + }; 21 19 }; 20 + in 22 21 22 + { 23 23 hosts = { 24 + 24 25 desktop = nlib.nixosHost rec { 25 - nixpkgs = sources.nixpkgs-unstable; 26 + nixpkgs = pins.nixpkgs-unstable; 26 27 system = "x86_64-linux"; 27 - lib = import "${nixpkgs}/lib"; 28 28 29 29 specialArgs = { 30 30 inherit repos; 31 31 args = { 32 - inherit sources nixpkgs; 33 - pins = (nlib.gen_pins { inherit lib sources; }); 32 + # inherit pins; 33 + inherit nixpkgs; 34 + flakes = nlib.gen_flakes [ 35 + "hjem" 36 + "hjem-rum" 37 + "zen-browser" 38 + "nix-gaming-edge" 39 + ]; 34 40 }; 35 41 }; 36 42 ··· 40 46 }; 41 47 42 48 home-server = nlib.nixosHost rec { 43 - nixpkgs = sources.nixpkgs-stable; 49 + nixpkgs = pins.nixpkgs-stable; 44 50 system = "x86_64-linux"; 45 - lib = import "${nixpkgs}/lib"; 46 51 47 52 specialArgs = { 48 - inherit repos; 53 + # inherit repos; 49 54 args = { 50 - inherit sources nixpkgs; 51 - pins = (nlib.gen_pins { inherit lib sources; }); 55 + # inherit pins; 56 + inherit nixpkgs; 57 + # flakes = nlib.gen_flakes []; 52 58 }; 53 59 }; 54 60 ··· 56 62 ./home-server/default.nix 57 63 ]; 58 64 }; 59 - # server = "meow"; 65 + 66 + server = nlib.nixosHost rec { 67 + nixpkgs = pins.nixpkgs-stable; 68 + system = "x86_64-linux"; 69 + 70 + specialArgs = { 71 + # inherit repos; 72 + args = { 73 + # inherit pins; 74 + inherit nixpkgs; 75 + flakes = nlib.gen_flakes [ 76 + "sops-nix" 77 + "home-manager" 78 + ]; 79 + }; 80 + }; 81 + 82 + modules = [ 83 + ./server/default.nix 84 + ]; 85 + }; 60 86 }; 61 87 }
+9 -8
desktop/default.nix
··· 1 1 { 2 2 args, 3 3 pkgs, 4 + repos, 4 5 ... 5 6 }: 6 7 { ··· 9 10 imports = [ 10 11 ./system/configuration.nix # Main configuration 11 12 ./system/networking.nix # Network config 12 - ./system/audio.nix 13 + ./system/services.nix 13 14 ./hjem-rum/snowy.nix # :3 14 - # ../private/default.nix 15 + ../private/desktop.nix 15 16 16 17 # /mnt/SnowData/snowy/Documents/repos/nixpkgs/nixos/modules/services/networking/tetrd.nix 17 18 18 - args.pins.hjem.nixosModules.default 19 - args.pins.nix-gaming-edge.nixosModules.default 19 + args.flakes.hjem.nixosModules.default 20 + args.flakes.nix-gaming-edge.nixosModules.default 20 21 ]; 21 22 22 23 nixpkgs = { ··· 28 29 }; 29 30 30 31 overlays = [ 31 - args.pins.nix-gaming-edge.overlays.mesa-git 32 - args.pins.nix-gaming-edge.overlays.proton-cachyos 32 + args.flakes.nix-gaming-edge.overlays.mesa-git 33 + args.flakes.nix-gaming-edge.overlays.proton-cachyos 33 34 (final: prev: { 34 35 # tetrd = repos.custom.tetrd; 35 36 }) ··· 41 42 ]; 42 43 43 44 drivers.mesa-git = { 44 - enable = true; 45 + enable = false; 45 46 enableCache = false; 46 47 cacheCleanup = { 47 48 # protonPackage is null by default - thus Proton caches are not cleaned by default. Must define a protonPackage to clear Proton / engine caches ··· 53 54 hjem = { 54 55 clobberByDefault = true; 55 56 extraModules = [ 56 - args.pins.hjem-rum.hjemModules.default 57 + args.flakes.hjem-rum.hjemModules.default 57 58 ]; 58 59 }; 59 60 }
+1 -2
desktop/hjem-rum/snowy.nix
··· 10 10 users.users.snowy.packages = with pkgs; [ 11 11 # factorio 12 12 # factorio-space-age 13 - args.pins.zen-browser.packages."${stdenv.hostPlatform.system}".twilight 13 + args.flakes.zen-browser.packages."${stdenv.hostPlatform.system}".twilight 14 14 zed-editor 15 15 vscode 16 16 helix 17 17 18 - wire 19 18 ctop 20 19 waypipe 21 20 ente-desktop
-57
desktop/system/audio.nix
··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: 7 - { 8 - # In order to save the sound card state on shutdown 9 - hardware.alsa.enablePersistence = true; 10 - 11 - services = { 12 - pipewire = { 13 - enable = true; 14 - alsa.enable = true; 15 - alsa.support32Bit = true; 16 - pulse.enable = true; 17 - jack.enable = true; 18 - 19 - wireplumber = { 20 - enable = true; 21 - # extraConfig = { 22 - # "arctis-nova" = { 23 - # "monitor.alsa.rules" = [ 24 - # # { 25 - # # matches = [ 26 - # # { 27 - # # "device.name" = "alsa_card.usb-SteelSeries_Arctis_Nova_7-00"; 28 - # # } 29 - # # ]; 30 - # # actions = { 31 - # # update-props = { 32 - # # # "device.description" = "Puppy Headphones"; 33 - 34 - # # }; 35 - # # }; 36 - # # } 37 - # { 38 - # matches = [ 39 - # { 40 - # "device.name" = "alsa_card.pci-0000_0f_00.4"; 41 - # } 42 - # ]; 43 - # actions = { 44 - # update-props = { 45 - # "device.description" = "Speakers"; 46 - # "audio.channels" = 6; 47 - # "audio.position" = "FL,FR,FC,LFE,RL,RR"; 48 - # }; 49 - # }; 50 - # } 51 - # ]; 52 - # }; 53 - # }; 54 - }; 55 - }; 56 - }; 57 - }
+35 -181
desktop/system/configuration.nix
··· 25 25 26 26 nix = { 27 27 nixPath = [ "nixpkgs=${args.nixpkgs}" ]; 28 + registry.nixpkgs.to = { 29 + type = "path"; 30 + path = args.nixpkgs; 31 + }; 32 + 28 33 package = pkgs.lix; 29 34 channel.enable = false; 30 35 settings = { ··· 71 76 # kernelPackages = pkgs.linuxPackages_cachyos; 72 77 kernelPackages = pkgs.linuxPackages_lqx; 73 78 74 - kernelParams = [ ]; 79 + kernelParams = [ 80 + "amdgpu.noretry=0" 81 + ]; 82 + 75 83 kernel.sysctl = { 76 84 "vm.swappiness" = 100; 77 85 "vm.max_map_count" = 1048576; ··· 81 89 82 90 extraModprobeConfig = '' 83 91 options snd-hda-intel power_save=0 power_save_controller=N # Disable speakers going into a powersaving state 84 - options amdgpu ppfeaturemask=0xFFF7FFFF 92 + # options amdgpu ppfeaturemask=0xFFF7FFFF 85 93 ''; 86 94 87 95 initrd.kernelModules = [ ··· 129 137 }; 130 138 131 139 hardware = { 140 + # In order to save the sound card state on shutdown 141 + alsa.enablePersistence = true; 142 + 143 + amdgpu = { 144 + overdrive.enable = true; 145 + }; 146 + 132 147 graphics = { 133 148 enable = true; 134 149 enable32Bit = true; ··· 238 253 LANG = "en_US.UTF-8"; 239 254 LANGUAGE = "en_US.UTF-8"; 240 255 LC_TIME = "en_GB.UTF-8"; 241 - # LC_ALL = "en_US.UTF-8"; 242 256 }; 243 257 }; 244 258 ··· 262 276 # firewall.enable = false; 263 277 }; 264 278 265 - services = { 266 279 267 - udev = { 268 - enable = true; 269 - extraRules = '' 270 - ENV{ID_VENDOR_ID}=="303a", ENV{ID_MODEL_ID}=="1001", MODE="0777" 271 - ''; 272 - packages = [ 273 - pkgs.opentabletdriver 274 - ]; 275 - }; 276 - 277 - greetd = { 278 - enable = true; 279 - settings = { 280 - default_session = { 281 - command = "${pkgs.tuigreet}/bin/tuigreet --remember --remember-session --user-menu --time --greeting 'Hello, Snowflake!'"; 282 - user = "greeter"; 283 - }; 284 - }; 285 - }; 286 - 287 - # Configure keymap in X11 288 - xserver.xkb = { 289 - layout = "us"; 290 - options = "caps:escape"; 291 - }; 292 - 293 - mullvad-vpn = { 294 - enable = true; 295 - package = pkgs.mullvad-vpn; 296 - }; 297 - 298 - ntp.enable = true; 299 - gvfs.enable = true; 300 - gnome.gnome-keyring.enable = true; 301 - flatpak.enable = true; 302 - blueman.enable = true; 303 - 304 - dbus.packages = with pkgs; [ 305 - gnome-keyring 306 - gcr 307 - # libsecret 308 - ]; 309 - 310 - # open-webui = { 311 - # enable = true; 312 - # # package = pkgs.open-webui; 313 - # }; 314 - 315 - tailscale = { 316 - enable = true; 317 - extraUpFlags = [ 318 - "--accept-dns=false" 319 - ]; 320 - }; 321 - 322 - netbird = { 323 - ui.enable = true; 324 - clients.fennec = { 325 - 326 - port = 51820; 327 - environment = { 328 - 329 - NB_MANAGEMENT_URL = "https://netbird.killuaa.dev"; 330 - # NB_SETUP_KEY_FILE = config.sops.secrets.nb_setup_key.path; 331 - }; 332 - }; 333 - }; 334 - 335 - # lsfg-vk = { 336 - # enable = true; 337 - # ui.enable = true; # installs gui for configuring lsfg-vk 338 - # }; 339 - 340 - # xserver.enable = true; 341 - #xserver.displayManager.gdm.enable = true; 342 - desktopManager.gnome.enable = true; 343 - 344 - # Enable the COSMIC desktop environment 345 - # desktopManager.cosmic.enable = true; 346 - 347 - sunshine = { 348 - enable = true; 349 - autoStart = true; 350 - capSysAdmin = true; 351 - openFirewall = true; 352 - }; 353 - }; 354 - # Enable touchpad support (enabled default in most desktopManager). 355 - # services.libinput.enable = true; 356 - 357 - # Define a user account. Don't forget to set a password with ‘passwd’. 358 - # users.users.alice = { 359 - # isNormalUser = true; 360 - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. 361 - # packages = with pkgs; [ 362 - # tree 363 - # ]; 364 - # }; 365 280 366 281 xdg = { 367 282 portal = { ··· 392 307 }; 393 308 394 309 programs = { 395 - # firefox = { 396 - # enable = true; 397 - # package = repos.unstable.firefox-devedition; 398 - # }; 399 - 400 310 steam = { 401 311 enable = true; 402 312 remotePlay.openFirewall = true; ··· 409 319 noisetorch.enable = true; 410 320 fish.enable = true; 411 321 412 - gamemode = { 413 - enable = true; 322 + # gamemode = { 323 + # enable = true; 414 324 415 - settings = { 416 - gpu = { 417 - apply_gpu_optimisations = "accept-responsibility"; # Setting this to the keyphrase "accept-responsibility" will allow gamemode to apply GPU optimisations such as overclocks 418 - amd_performance_level = "high"; # This corresponds to power_dpm_force_performance_level, "manual" is not supported for now 419 - gpu_device = 1; # The DRM device number on the system (usually 0), ie. the number in /sys/class/drm/card0/ 420 - }; 421 - custom = { 422 - start = "${pkgs.libnotify}/bin/notify-send 'GameMode started!' && systemctl --user stop docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl stop bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 423 - end = "${pkgs.libnotify}/bin/notify-send 'GameMode stopped!' && systemctl --user start docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl start bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 424 - }; 425 - }; 426 - }; 325 + # settings = { 326 + # gpu = { 327 + # apply_gpu_optimisations = "accept-responsibility"; # Setting this to the keyphrase "accept-responsibility" will allow gamemode to apply GPU optimisations such as overclocks 328 + # amd_performance_level = "high"; # This corresponds to power_dpm_force_performance_level, "manual" is not supported for now 329 + # gpu_device = 1; # The DRM device number on the system (usually 0), ie. the number in /sys/class/drm/card0/ 330 + # }; 331 + # custom = { 332 + # start = "${pkgs.libnotify}/bin/notify-send 'GameMode started!' && systemctl --user stop docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl stop bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 333 + # end = "${pkgs.libnotify}/bin/notify-send 'GameMode stopped!' && systemctl --user start docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl start bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 334 + # }; 335 + # }; 336 + # }; 427 337 428 338 hyprland = { 429 339 enable = true; ··· 463 373 openFirewall = true; 464 374 enable = true; 465 375 }; 466 - 467 - # home-manager.enable = true; 468 376 }; 469 377 470 378 fonts = { ··· 484 392 noto-fonts-lgc-plus 485 393 jetbrains-mono 486 394 monocraft 395 + nerd-fonts.monaspace 487 396 ]; 488 397 }; 489 398 ··· 491 400 # $ nix search wget 492 401 # 493 402 environment = { 494 - # etc = { 495 - # "qemu/OVMF_CODE.secure.fd".source = "${pkgs.qemu}/share/qemu/edk2-x86_64-secure-code.fd"; 496 - # "qemu/OVMF_VARS.fd".source = "${pkgs.qemu}/share/qemu/edk2-i386-vars.fd"; 497 - # }; 498 - 499 403 systemPackages = with pkgs; [ 500 - # dnsmasq 501 - 502 404 nh 503 405 npins 504 406 glib # for gsettings 505 - # vscodium-fhs 506 407 adwaita-icon-theme 507 408 adw-gtk3 508 409 ··· 535 436 gst_all_1.gst-plugins-ugly 536 437 gst_all_1.gst-libav 537 438 gst_all_1.gst-vaapi 538 - # corretto17 539 439 540 440 kdePackages.qtwayland 541 441 libsForQt5.qt5.qtwayland ··· 566 466 helix 567 467 nano 568 468 yazi 569 - # rclone-ui 570 469 rclone 571 470 572 471 bluez-tools 573 472 passt # needed for user-mode port forwarding in vm 574 - #firewalld 575 473 576 - # winePackages.stagingFull 577 - 578 - # wineWowPackages.staging 579 474 vulkan-tools 580 475 rocmPackages.rocminfo 581 476 rocmPackages.rocm-smi ··· 589 484 playerctl 590 485 waybar 591 486 polkit_gnome 592 - #gnome-keyring 593 487 cliphist 594 488 wl-clipboard 595 489 lact ··· 603 497 file-roller 604 498 foot 605 499 blueman 606 - # mpv 607 500 pavucontrol 608 501 609 502 # niri ··· 613 506 # hyprpaper 614 507 swaybg 615 508 swww 616 - cosmic-session 617 509 618 510 virt-manager 619 - # syncthing 620 511 prismlauncher 621 - # obs-studio 622 512 signal-desktop 623 513 qbittorrent 624 - # transmission_4-gtk 625 514 wireshark-qt 626 515 scrcpy 627 516 glogg 628 517 629 518 pear-desktop 630 - # vesktop 631 519 r2modman 632 - #libsForQt5.xp-pen-g430-drive 633 - # libsForQt5.xp-pen-deco-01-v2-driver 634 - # postman 635 - # insomnia 636 520 hoppscotch 637 521 638 522 ani-cli 639 523 syncplay 640 - # ollama-rocm 641 524 mumble 642 525 monero-gui 643 526 p2pool 644 - #keyguard 527 + # keyguard 645 528 bitwarden-desktop 646 - # devenv 647 - # heroic 648 - # stremio 649 - # grayjay 650 - 651 - # QUICKSHELL 652 529 quickshell 653 - # qt6.full 654 - 655 - distrobox 530 + # distrobox 656 531 657 532 (discord.override { 658 533 withOpenASAR = true; ··· 661 536 ]; 662 537 663 538 gnome.excludePackages = with pkgs; [ 664 - orca 539 + # orca 665 540 evince 666 - # file-roller 667 541 geary 668 542 gnome-disk-utility 669 - # seahorse 670 - # sushi 671 - # sysprof 672 - # 673 - # gnome-shell-extensions 674 - # 675 - # adwaita-icon-theme 676 - # nixos-background-info 677 543 gnome-backgrounds 678 - # gnome-bluetooth 679 - # gnome-color-manager 680 - # gnome-control-center 681 - # gnome-shell-extensions 682 - #gnome-tour # GNOME Shell detects the .desktop file on first log-in. 683 544 gnome-user-docs 684 - # glib # for gsettings program 685 - # gnome-menus 686 - # gtk3.out # for gtk-launch program 687 - # xdg-user-dirs # Update user dirs as described in https://freedesktop.org/wiki/Software/xdg-user-dirs/ 688 - # xdg-user-dirs-gtk # Used to create the default bookmarks 689 - # 690 545 baobab 691 546 epiphany 692 547 gnome-text-editor ··· 703 558 gnome-system-monitor 704 559 gnome-weather 705 560 loupe 706 - # nautilus 707 561 gnome-connections 708 562 simple-scan 709 563 snapshot
+101
desktop/system/services.nix
··· 1 + { pkgs, ... }: 2 + { 3 + services = { 4 + pipewire = { 5 + enable = true; 6 + alsa.enable = true; 7 + alsa.support32Bit = true; 8 + pulse.enable = true; 9 + jack.enable = true; 10 + 11 + wireplumber.enable = true; 12 + }; 13 + 14 + udev = { 15 + enable = true; 16 + extraRules = '' 17 + ENV{ID_VENDOR_ID}=="303a", ENV{ID_MODEL_ID}=="1001", MODE="0777" 18 + ''; 19 + packages = [ 20 + pkgs.opentabletdriver 21 + ]; 22 + }; 23 + 24 + greetd = { 25 + enable = true; 26 + settings = { 27 + default_session = { 28 + command = "${pkgs.tuigreet}/bin/tuigreet --remember --remember-session --user-menu --time --greeting 'Hello, Snowflake!'"; 29 + user = "greeter"; 30 + }; 31 + }; 32 + }; 33 + 34 + # Configure keymap in X11 35 + xserver.xkb = { 36 + layout = "us"; 37 + options = "caps:escape"; 38 + }; 39 + 40 + mullvad-vpn = { 41 + enable = true; 42 + package = pkgs.mullvad-vpn; 43 + }; 44 + 45 + ntp.enable = true; 46 + gvfs.enable = true; 47 + gnome.gnome-keyring.enable = true; 48 + flatpak.enable = true; 49 + blueman.enable = true; 50 + 51 + dbus.packages = with pkgs; [ 52 + gnome-keyring 53 + gcr 54 + # libsecret 55 + ]; 56 + 57 + tailscale = { 58 + enable = true; 59 + extraUpFlags = [ 60 + "--accept-dns=false" 61 + ]; 62 + }; 63 + 64 + netbird = { 65 + ui.enable = true; 66 + clients.fennec = { 67 + 68 + port = 51820; 69 + environment = { 70 + NB_MANAGEMENT_URL = "https://netbird.killuaa.dev"; 71 + # NB_SETUP_KEY_FILE = config.sops.secrets.nb_setup_key.path; 72 + }; 73 + }; 74 + }; 75 + 76 + # lsfg-vk = { 77 + # enable = true; 78 + # ui.enable = true; # installs gui for configuring lsfg-vk 79 + # }; 80 + 81 + desktopManager.gnome.enable = true; 82 + 83 + # Enable the COSMIC desktop environment 84 + desktopManager.cosmic.enable = true; 85 + 86 + sunshine = { 87 + enable = true; 88 + autoStart = true; 89 + capSysAdmin = true; 90 + openFirewall = true; 91 + }; 92 + 93 + # for mdns, then I can just access devices with hostname.local 94 + avahi = { 95 + enable = true; 96 + nssmdns4 = true; 97 + nssmdns6 = true; 98 + openFirewall = true; 99 + }; 100 + }; 101 + }
+83
hive.nix
··· 1 + let 2 + pins = import ./npins; 3 + 4 + nlib = import ./lib { 5 + inherit pins; 6 + lib = import "${pins.nixpkgs-stable}/lib"; 7 + }; 8 + 9 + repos = { 10 + stable = import pins.nixpkgs-stable { 11 + config.allowUnfree = true; 12 + }; 13 + unstable = import pins.nixpkgs-unstable { 14 + config.allowUnfree = true; 15 + }; 16 + custom = import /mnt/SnowData/snowy/Documents/repos/nixpkgs { 17 + config.allowUnfree = true; 18 + }; 19 + }; 20 + 21 + wire = import pins.wire { }; 22 + in 23 + 24 + wire.makeHive { 25 + meta = { 26 + nixpkgs = pins.nixpkgs-stable; 27 + 28 + specialArgs = { }; 29 + 30 + nodeSpecialArgs = { 31 + desktop = { 32 + inherit repos; 33 + }; 34 + snow-den = { 35 + 36 + }; 37 + snowlab = { 38 + 39 + }; 40 + }; 41 + }; 42 + 43 + defaults = 44 + { 45 + name, 46 + nodes, 47 + pkgs, 48 + ... 49 + }: 50 + { 51 + # import = [ 52 + # ./default-module.nix 53 + 54 + # # module that is imported for all nodes 55 + # ]; 56 + 57 + # # all nodes should include vim! 58 + environment.systemPackages = [ wire.packages.${system}.wire ]; 59 + }; 60 + 61 + snow-den = 62 + { 63 + name, 64 + nodes, 65 + pkgs, 66 + ... 67 + }: 68 + { 69 + imports = [ 70 + ./hosts/server 71 + ]; 72 + 73 + deployment = { 74 + target = { 75 + host = "server"; 76 + }; 77 + tags = [ "x86" ]; 78 + sshOptions = [ 79 + "ForwardAgent=true" 80 + ]; 81 + }; 82 + }; 83 + }
+2 -1
home-server/default.nix
··· 8 8 ]; 9 9 10 10 imports = [ 11 - "${args.sources.nixpkgs-stable}/nixos/modules/profiles/minimal.nix" # Disables some options by default for a minimal installation: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix 11 + "${args.nixpkgs}/nixos/modules/profiles/minimal.nix" # Disables some options by default for a minimal installation: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix 12 12 ./system/configuration.nix 13 + ./ports.nix 13 14 ]; 14 15 15 16 nixpkgs = {
+11
home-server/ports.nix
··· 1 + # All http ports 2 + { lib, ... }: 3 + 4 + { 5 + options.ports = lib.mkOption { 6 + type = lib.types.attrsOf lib.types.anything; 7 + default = { 8 + home_assistant = 3000; 9 + }; 10 + }; 11 + }
+12 -17
home-server/system/configuration.nix
··· 21 21 virtualisation.vmVariant.virtualisation = { 22 22 memorySize = 4096; 23 23 cores = 4; 24 - # diskImage = "./temp_disk"; 25 24 forwardPorts = [ 26 25 { 27 26 from = "host"; ··· 39 38 diskSize = 15360; 40 39 }; 41 40 42 - # virtualisation.vmVariant.virtualisation = { 43 - # qemu.guestAgent.enable = true; 44 - # diskSize = 1024 * 12; 45 - # memorySize = 1024 * 4; 46 - # cores = 4; 47 - # }; 48 - 49 - # fileSystems."/" = { 50 - # autoResize = true; 51 - # }; 52 - 53 - # boot.growPartition = true; 54 - 55 - # services.spice-vdagentd.enable = true; 56 - # services.qemuGuest.enable = true; 57 - 58 41 # Enable zram (compressed ram) 59 42 zramSwap = { 60 43 enable = true; ··· 71 54 72 55 nix = { 73 56 nixPath = [ "nixpkgs=${args.nixpkgs}" ]; 57 + registry.nixpkgs.to = { 58 + type = "path"; 59 + path = args.nixpkgs; 60 + }; 74 61 channel.enable = false; 75 62 settings = { 76 63 experimental-features = [ ··· 95 82 enableContainers = true; 96 83 kernelModules = [ ]; 97 84 85 + supportedFilesystems = [ 86 + "zfs" 87 + ]; 88 + 98 89 kernel.sysctl = { 99 90 # https://wiki.archlinux.org/title/Sysctl#Enable_TCP_Fast_Open 100 91 "net.ipv4.tcp_fastopen" = 3; ··· 113 104 device = "/dev/sda"; 114 105 }; 115 106 }; 107 + 108 + # zfs = { 109 + # enabled = true; 110 + # }; 116 111 117 112 blacklistedKernelModules = [ 118 113 # Obscure network protocols
+1 -30
home-server/system/network.nix
··· 2 2 { 3 3 networking = { 4 4 hostName = "snowlab"; 5 + hostId = "2c77257e"; 5 6 6 7 # Some good default dns servers 7 8 nameservers = [ ··· 18 19 19 20 # Use more modern nftables instead of iptables 20 21 nftables.enable = true; 21 - 22 - # # Gateways, these are specified in netcup 23 - # defaultGateway6 = { 24 - # address = "fe80::1"; 25 - # interface = "ens3"; 26 - # }; 27 - 28 - # defaultGateway = { 29 - # address = "89.58.16.1"; 30 - # interface = "ens3"; 31 - # }; 32 - 33 - # interfaces = { 34 - # ens3 = { 35 - # ipv6.addresses = [ 36 - # { 37 - # # Based on ipv6 block allocated in netcup 38 - # address = "2a0a:4cc0:0:1eb::c0ff:ee"; 39 - # prefixLength = 64; 40 - # } 41 - # ]; 42 - # ipv4.addresses = [ 43 - # { 44 - # # Based on ipv4 allocated in netcup 45 - # address = "89.58.19.34"; 46 - # prefixLength = 22; 47 - # } 48 - # ]; 49 - # }; 50 - # }; 51 22 52 23 firewall = { 53 24 enable = true;
+66 -6
home-server/system/services.nix
··· 8 8 22 9 9 ]; 10 10 allowSFTP = true; 11 + banner = "meow meow (home)\n"; 12 + authorizedKeysInHomedir = false; 11 13 settings = { 12 14 PasswordAuthentication = false; 13 15 PermitRootLogin = "yes"; 16 + AllowUsers = [ 17 + "root" 18 + "user" 19 + ]; 14 20 }; 15 21 }; 16 22 17 - # caddy = { 18 - # enable = true; 19 - # virtualHosts = { 20 - # 21 - # }; 22 - # }; 23 + # for mdns, then I can just access devices with hostname.local 24 + avahi = { 25 + enable = true; 26 + nssmdns4 = true; 27 + nssmdns6 = true; 28 + openFirewall = true; 29 + publish = { 30 + enable = true; 31 + addresses = true; 32 + domain = true; 33 + workstation = true; 34 + userServices = true; 35 + }; 36 + }; 37 + 38 + home-assistant = { 39 + enable = true; 40 + openFirewall = true; 41 + config = { 42 + homeassistant = { 43 + name = "Home"; 44 + unit_system = "metric"; 45 + time_zone = "Europe/Berlin"; 46 + }; 47 + 48 + http.server_port = config.ports.home_assistant; 49 + # feedreader.urls = [ "https://nixos.org/blogs.xml" ]; 50 + }; 51 + }; 52 + 53 + caddy = { 54 + enable = true; 55 + extraConfig = '' 56 + :80, :443 { 57 + root * /var/www/website/ 58 + file_server browse { 59 + index index.html 60 + } 61 + 62 + reverse_proxy /home/* http://localhost:${toString config.ports.home_assistant} 63 + } 64 + 65 + snowlab.local { 66 + root * /var/www/website/ 67 + file_server browse { 68 + index index.html 69 + } 70 + 71 + reverse_proxy /home/* http://localhost:${toString config.ports.home_assistant} 72 + } 73 + ''; 74 + }; 75 + 76 + zfs = { 77 + trim.enable = true; 78 + autoScrub = { 79 + enable = true; 80 + interval = "weekly"; 81 + }; 82 + }; 23 83 }; 24 84 }
+8
justfile
··· 1 + deploy target: 2 + nh os switch --file ./default.nix hosts.{{ target }} --target-host {{ target }} --build-host {{ target }} 3 + 4 + deploy-homelab: 5 + nh os switch --file ./default.nix hosts.home-server --target-host root@snowlab.local --build-host root@snowlab.local 6 + 7 + deploy-server: 8 + nh os switch --file ./default.nix hosts.server --target-host server --build-host server
+26 -17
lib/default.nix
··· 1 - { }: 1 + { pins, lib }: 2 2 3 3 { 4 - gen_pins = ( 5 - { 6 - lib, 7 - sources, 8 - excl ? [ ], 9 - }: 4 + gen_flakes = ( 5 + flakes: 6 + let 7 + wanted = lib.getAttrs flakes pins; 8 + in 9 + (lib.mapAttrs ( 10 + name: value: 11 + (import pins.flake-compat { 12 + src = builtins.path { 13 + inherit name; 14 + path = value; 15 + }; 16 + }).outputs 17 + ) wanted) 18 + ); 19 + 20 + gen_repos = ( 21 + repos: 22 + let 23 + wanted = lib.getAttrs repos pins; 24 + in 10 25 (lib.mapAttrs ( 11 26 name: value: 12 - if builtins.elem name excl then 13 - (import value) 14 - else 15 - (import sources.flake-compat { 16 - src = builtins.path { 17 - inherit name; 18 - path = value; 19 - }; 20 - }).outputs 21 - ) sources) 27 + import pins.value { 28 + config.allowUnfree = true; 29 + } 30 + ) wanted) 22 31 ); 23 32 24 33 # nixosHost = (
+28 -15
npins/sources.json
··· 23 23 }, 24 24 "branch": "main", 25 25 "submodules": false, 26 - "revision": "8539013044624a257e8da370069107aea148e985", 27 - "url": "https://github.com/feel-co/hjem/archive/8539013044624a257e8da370069107aea148e985.tar.gz", 28 - "hash": "sha256-I2zxtEafZbFbqXe71rjqwVeTDv8SIVLaSzQd39SwfwM=" 26 + "revision": "9d0c8d4b44f661910595b07e6480557644c1431c", 27 + "url": "https://github.com/feel-co/hjem/archive/9d0c8d4b44f661910595b07e6480557644c1431c.tar.gz", 28 + "hash": "sha256-cKETEBrseo7Iz+bOzflwy1xTpDuUj3QaLA+P49yJw8k=" 29 29 }, 30 30 "hjem-rum": { 31 31 "type": "Git", ··· 39 39 "revision": "edac54b7d57ad72cc4b124da2f44e7b2e584f3c6", 40 40 "url": "https://github.com/snugnug/hjem-rum/archive/edac54b7d57ad72cc4b124da2f44e7b2e584f3c6.tar.gz", 41 41 "hash": "sha256-P+59TbVusYqdx2Jt2liwvQ+hslUzU6M1ezRDy6c66Tc=" 42 + }, 43 + "home-manager": { 44 + "type": "Git", 45 + "repository": { 46 + "type": "GitHub", 47 + "owner": "nix-community", 48 + "repo": "home-manager" 49 + }, 50 + "branch": "release-25.11", 51 + "submodules": false, 52 + "revision": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826", 53 + "url": "https://github.com/nix-community/home-manager/archive/366d78c2856de6ab3411c15c1cb4fb4c2bf5c826.tar.gz", 54 + "hash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=" 42 55 }, 43 56 "nix-gaming-edge": { 44 57 "type": "Git", ··· 75 88 }, 76 89 "branch": "nixos-25.11", 77 90 "submodules": false, 78 - "revision": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a", 79 - "url": "https://github.com/NixOS/nixpkgs/archive/2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a.tar.gz", 80 - "hash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=" 91 + "revision": "fa83fd837f3098e3e678e6cf017b2b36102c7211", 92 + "url": "https://github.com/NixOS/nixpkgs/archive/fa83fd837f3098e3e678e6cf017b2b36102c7211.tar.gz", 93 + "hash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=" 81 94 }, 82 95 "nixpkgs-unstable": { 83 96 "type": "Git", ··· 88 101 }, 89 102 "branch": "nixos-unstable", 90 103 "submodules": false, 91 - "revision": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", 92 - "url": "https://github.com/NixOS/nixpkgs/archive/ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38.tar.gz", 93 - "hash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=" 104 + "revision": "bfc1b8a4574108ceef22f02bafcf6611380c100d", 105 + "url": "https://github.com/NixOS/nixpkgs/archive/bfc1b8a4574108ceef22f02bafcf6611380c100d.tar.gz", 106 + "hash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=" 94 107 }, 95 108 "sops-nix": { 96 109 "type": "Git", ··· 101 114 }, 102 115 "branch": "master", 103 116 "submodules": false, 104 - "revision": "691b8b6713855d0fe463993867291c158472fc6f", 105 - "url": "https://github.com/Mic92/sops-nix/archive/691b8b6713855d0fe463993867291c158472fc6f.tar.gz", 106 - "hash": "sha256-jJqlW8A3OZ5tYbXphF7U8P8g/3Cn8PPwPa4YlJ/9agg=" 117 + "revision": "c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff", 118 + "url": "https://github.com/Mic92/sops-nix/archive/c5eebd4eb2e3372fe12a8d70a248a6ee9dd02eff.tar.gz", 119 + "hash": "sha256-wFcr32ZqspCxk4+FvIxIL0AZktRs6DuF8oOsLt59YBU=" 107 120 }, 108 121 "wire": { 109 122 "type": "Git", ··· 127 140 }, 128 141 "branch": "main", 129 142 "submodules": false, 130 - "revision": "e862bd9ebbcd3265f1da6d1bdfe37d8732029d08", 131 - "url": "https://github.com/0xc000022070/zen-browser-flake/archive/e862bd9ebbcd3265f1da6d1bdfe37d8732029d08.tar.gz", 132 - "hash": "sha256-D4+/DD5/dhSihHxbSJnY9hi/3QiYnfqWT29ZpQRf1xw=" 143 + "revision": "e97c8e719c7e2567ccf86d279f73ade1dbf72373", 144 + "url": "https://github.com/0xc000022070/zen-browser-flake/archive/e97c8e719c7e2567ccf86d279f73ade1dbf72373.tar.gz", 145 + "hash": "sha256-wD3QwqGZ1cqZDkDQanwy3HgoVL4Dooqlgta3jOu3Mng=" 133 146 } 134 147 }, 135 148 "version": 7
+4 -2
readme.md
··· 1 1 # My dotfiles :3! 2 2 3 - This repo is split into two parts. 4 - - nixos -> This is my desktop called snowflake. 3 + This repo contains the following devices: 4 + - desktop -> This is my desktop called snowflake. 5 5 - server -> This is my vps called snow-den. 6 6 - home-server -> This is my homelab called snowlab. 7 + 8 + I use npins for dependency pinning and I have a justfile with recipies for deploying.
+1 -1
server/.sops.yaml sops/.sops.yaml
··· 6 6 - &admin_snowyboo D40CE1579C09BFD7EF4AB7E631250420834310B5 7 7 - &root_server age16e3uae0sktxmwzlmcdxwn07jpudtjl0s42hnwx2qsdh9h72gc5ssktkazg 8 8 creation_rules: 9 - - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ 9 + - path_regex: secrets/* 10 10 key_groups: 11 11 - pgp: 12 12 - *admin_snowyboo
+37
server/default.nix
··· 1 + { 2 + args, 3 + repos, 4 + ... 5 + }: 6 + { 7 + nixpkgs = { 8 + # inherit system; 9 + config.allowUnfree = true; 10 + overlays = [ 11 + (final: prev: { 12 + }) 13 + ]; 14 + }; 15 + 16 + home-manager.useGlobalPkgs = true; 17 + home-manager.useUserPackages = true; 18 + home-manager.extraSpecialArgs = { inherit args repos; }; 19 + home-manager.users = { 20 + snow = import ./home-manager/snow.nix; 21 + }; 22 + 23 + # disabledModules = [ 24 + 25 + # ]; 26 + 27 + imports = [ 28 + "${args.nixpkgs}/nixos/modules/profiles/minimal.nix" # Disables some options by default for a minimal installation: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/minimal.nix 29 + ./system/configuration.nix 30 + ./containers 31 + ./services 32 + 33 + ../sops 34 + args.flakes.home-manager.nixosModules.home-manager 35 + ]; 36 + 37 + }
-70
server/flake.lock
··· 1 - { 2 - "nodes": { 3 - "home-manager": { 4 - "inputs": { 5 - "nixpkgs": [ 6 - "nixpkgs" 7 - ] 8 - }, 9 - "locked": { 10 - "lastModified": 1765860045, 11 - "narHash": "sha256-7Lxp/PfOy4h3QIDtmWG/EgycaswqRSkDX4DGtet14NE=", 12 - "owner": "nix-community", 13 - "repo": "home-manager", 14 - "rev": "09de9577d47d8bffb11c449b6a3d24e32ac16c99", 15 - "type": "github" 16 - }, 17 - "original": { 18 - "owner": "nix-community", 19 - "ref": "master", 20 - "repo": "home-manager", 21 - "type": "github" 22 - } 23 - }, 24 - "nixpkgs": { 25 - "locked": { 26 - "lastModified": 1765687488, 27 - "narHash": "sha256-7YAJ6xgBAQ/Nr+7MI13Tui1ULflgAdKh63m1tfYV7+M=", 28 - "owner": "NixOS", 29 - "repo": "nixpkgs", 30 - "rev": "d02bcc33948ca19b0aaa0213fe987ceec1f4ebe1", 31 - "type": "github" 32 - }, 33 - "original": { 34 - "owner": "NixOS", 35 - "ref": "nixos-25.05", 36 - "repo": "nixpkgs", 37 - "type": "github" 38 - } 39 - }, 40 - "root": { 41 - "inputs": { 42 - "home-manager": "home-manager", 43 - "nixpkgs": "nixpkgs", 44 - "sops-nix": "sops-nix" 45 - } 46 - }, 47 - "sops-nix": { 48 - "inputs": { 49 - "nixpkgs": [ 50 - "nixpkgs" 51 - ] 52 - }, 53 - "locked": { 54 - "lastModified": 1765836173, 55 - "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", 56 - "owner": "Mic92", 57 - "repo": "sops-nix", 58 - "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", 59 - "type": "github" 60 - }, 61 - "original": { 62 - "owner": "Mic92", 63 - "repo": "sops-nix", 64 - "type": "github" 65 - } 66 - } 67 - }, 68 - "root": "root", 69 - "version": 7 70 - }
-64
server/flake.nix
··· 1 - { 2 - description = "Snow's Server Flake!"; 3 - inputs = { 4 - nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; 5 - 6 - home-manager = { 7 - url = "github:nix-community/home-manager/master"; 8 - inputs.nixpkgs.follows = "nixpkgs"; 9 - }; 10 - sops-nix = { 11 - url = "github:Mic92/sops-nix"; 12 - inputs.nixpkgs.follows = "nixpkgs"; 13 - }; 14 - }; 15 - 16 - outputs = 17 - { 18 - self, 19 - nixpkgs, 20 - ... 21 - }@inputs: 22 - 23 - let 24 - system = "x86_64-linux"; 25 - in 26 - { 27 - nixosConfigurations.snow-den = nixpkgs.lib.nixosSystem { 28 - inherit system; 29 - 30 - specialArgs = { 31 - inherit inputs; 32 - }; 33 - 34 - modules = [ 35 - { 36 - nixpkgs = { 37 - inherit system; 38 - config.allowUnfree = true; 39 - overlays = [ 40 - (final: prev: { 41 - }) 42 - ]; 43 - }; 44 - 45 - home-manager.useGlobalPkgs = true; 46 - home-manager.useUserPackages = true; 47 - home-manager.extraSpecialArgs = { inherit inputs; }; 48 - home-manager.users = { 49 - snow = import ./home-manager/snow.nix; 50 - }; 51 - } 52 - 53 - ./system/configuration.nix 54 - ./containers 55 - ./services 56 - "${nixpkgs}/nixos/modules/profiles/minimal.nix" 57 - 58 - # Nix secrets hehe :3 59 - inputs.sops-nix.nixosModules.sops 60 - inputs.home-manager.nixosModules.home-manager 61 - ]; 62 - }; 63 - }; 64 - }
-14
server/justfile
··· 1 - test: 2 - nix flake check 3 - 4 - dry-run: 5 - nixos-rebuild dry-run --flake .#snow-den 6 - 7 - deploy: 8 - nixos-rebuild switch --flake .#snow-den --target-host server --build-host server --use-remote-sudo 9 - 10 - update: 11 - nix flake update 12 - 13 - test-vm: 14 - nixos-rebuild build-vm-with-bootloader --flake .#snow-den && QEMU_NET_OPTS="hostfwd=tcp::2221-:335,hostfwd=tcp::8080-:80" ./result/bin/run-snow-den-vm
+3 -3
server/secrets/example.yaml sops/secrets/example.yaml
··· 1 - example_key: ENC[AES256_GCM,data:xqHoe3fPJwbpEytLkw==,iv:KLQf+7WKGViSrNIqR1sWIAEg2WVH0UfjK6PwVxbXVWM=,tag:zeWSmtJO3kJ/eCXJNp/h8Q==,type:str] 1 + #ENC[AES256_GCM,data:VCoJrRdEXtuZG4hsS2oTFv16IC7wX1gHKnfh,iv:EAFpXE1fm3A0a1gPk+GOs7eblCOAN58cJ9aDZfg4qvI=,tag:1oMrvTDE7GeGS7eFiZkBuA==,type:comment] 2 2 #ENC[AES256_GCM,data:+b7sZjD7+b6SgA==,iv:x6SjxKlIOSH6CgT7Yb9e31p4bHlPZuRJ9FBMKpir+3k=,tag:j8gk26rDYzMIr/zUM+tKDQ==,type:comment] 3 3 garage: 4 4 #ENC[AES256_GCM,data:Yx8PEnI/5OpHx6iVtE1oASzXSMJpEdgdX5V+5zUGDP6R1g==,iv:ggeiDdg3uzZKwRyw/yFFWg1ohxGbrHiSrhXbydhG10g=,tag:RrwmHXYdERfyh0JE1xEq0g==,type:comment] ··· 18 18 dUp2cU1wMU1Kd2J2cmlBMmlnbjVJV2sKkKx5nO2auold0qB6066aY1KXAjC2slna 19 19 G+Cy8EcjgRh29w5RFRyx541jOGvtf+wuz11R1dUY1o/NHdn2wFhJTg== 20 20 -----END AGE ENCRYPTED FILE----- 21 - lastmodified: "2025-12-21T11:43:03Z" 22 - mac: ENC[AES256_GCM,data:2MfZXU76GBuqU1ZYvknpPys24hW5eVEqotg3yFt8xupdS4EVGLGV1Ay36iL7Nd79j4iU3TSMqbyx5Gepqtwix/XnBy91bcq9TFKcvZ868PuntJR2BUKKggDwK544P0Mhh8BGHYsHCbwiemfGZUecoEqe9caToKBlZL2MITvav3I=,iv:kIeHl8m+HVcHtqzPF+jiiIV8k2/WtKXuToZ+gR385UA=,tag:+m9wK2Q5GwSFHKkK3GMPrg==,type:str] 21 + lastmodified: "2026-01-29T17:40:50Z" 22 + mac: ENC[AES256_GCM,data:c3vUBN3tku/Z3t7blgYqOHdMwfFOPpEz+VaXb9up2+RrdtMTdUJ20ixKPSOvmle4jIb3q8u6aIsRC1NNb6ZCheIRy5orDHEOvLKnNmTHAIx+UXC2sN0oqJl3bs/NQefVAr9fwPqwuMLEXZ64fKg1yowLpmNZgkb49Xj1tKlm9tk=,iv:ITV4UPdRo7jwCSFw3QUHAvLx6E74EeD5FAE+pqf6JYA=,tag:Kc33MOhklLYdqhjtHefKRQ==,type:str] 23 23 pgp: 24 24 - created_at: "2025-12-19T16:08:52Z" 25 25 enc: |-
+2 -8
server/services/default.nix
··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: 7 - 8 1 { 9 2 imports = [ 10 3 ./incus.nix 11 4 ./random.nix 5 + ./caddy.nix 12 6 ./garage.nix 13 - ./caddy.nix 7 + ./postgres.nix 14 8 ]; 15 9 }
-1
server/services/garage.nix
··· 1 1 { 2 2 config, 3 - lib, 4 3 pkgs, 5 4 ... 6 5 }:
+1 -1
server/services/random.nix
··· 41 41 }; 42 42 43 43 headscale = { 44 - enable = true; 44 + enable = false; 45 45 port = config.ports.headscale; 46 46 settings = { 47 47 server_url = "https://headscale.mrsnowy.dev";
+8 -2
server/system/configuration.nix
··· 3 3 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 4 5 5 { 6 - config, 6 + # config, 7 7 lib, 8 8 pkgs, 9 + args, 9 10 ... 10 11 }: 11 12 ··· 14 15 # Include the results of the hardware scan. 15 16 ./hardware-configuration.nix 16 17 ./network.nix 17 - ./sops.nix 18 18 ./ports.nix 19 19 ]; 20 20 ··· 31 31 ]; 32 32 33 33 nix = { 34 + nixPath = [ "nixpkgs=${args.nixpkgs}" ]; 35 + registry.nixpkgs.to = { 36 + type = "path"; 37 + path = args.nixpkgs; 38 + }; 39 + channel.enable = false; 34 40 settings = { 35 41 experimental-features = [ 36 42 "nix-command"
+12
server/system/network.nix
··· 148 148 destination = "10.0.100.65:22"; 149 149 } 150 150 151 + # meow ;3 152 + { 153 + sourcePort = 7777; 154 + proto = "tcp"; 155 + destination = "100.126.229.18:7777"; 156 + } 157 + { 158 + sourcePort = 7777; 159 + proto = "udp"; 160 + destination = "100.126.229.18:7777"; 161 + } 162 + 151 163 # IMAP 152 164 { 153 165 sourcePort = 143;
+20 -8
server/system/sops.nix sops/default.nix
··· 1 1 { 2 - config, 3 - lib, 4 - pkgs, 2 + # config, 3 + # lib, 4 + # pkgs, 5 + args, 5 6 ... 6 7 }: 7 8 8 9 { 10 + imports = [ 11 + # Nix secrets hehe :3 12 + args.flakes.sops-nix.nixosModules.sops 13 + ]; 14 + 9 15 sops = { 10 - defaultSopsFile = ../secrets/example.yaml; 16 + defaultSopsFile = ./secrets/example.yaml; 17 + 11 18 age = { 12 19 keyFile = "/root/.config/sops/age/keys.txt"; 13 20 generateKey = false; 14 21 }; 22 + 15 23 secrets = { 16 - example_key = { }; 17 24 "garage/rpc_secret" = { 18 25 mode = "0440"; 19 - # owner = config.users.users.root.name; 20 26 group = "sops_garage"; 21 27 }; 22 28 23 29 "garage/admin_token" = { 24 30 mode = "0440"; 25 - # owner = config.users.users.root.name; 26 31 group = "sops_garage"; 27 32 }; 28 33 29 34 "garage/metrics_token" = { 30 35 mode = "0440"; 31 - # owner = config.users.users.root.name; 32 36 group = "sops_garage"; 37 + }; 38 + 39 + postgres_sql = { 40 + format = "binary"; 41 + sopsFile = ./secrets/postgres.sql; 42 + 43 + mode = "0400"; 44 + owner = "postgres"; 33 45 }; 34 46 }; 35 47 };
+11
shell.nix
··· 1 + let 2 + sources = import ./npins; 3 + pkgs = import sources.nixpkgs-stable { }; 4 + wire = import sources.wire; 5 + in 6 + pkgs.mkShell { 7 + packages = [ 8 + wire.packages.${builtins.currentSystem}.wire 9 + pkgs.npins 10 + ]; 11 + }
+22
sops/secrets/postgres.sql
··· 1 + { 2 + "data": "ENC[AES256_GCM,data:51QF5BtvJgkRYqTwTHVHZqLbNhcyBER8biszh1KGmzvzcJ56bFxxMmFXxb+kNDUeBqN4e3N29q9mCS6L6Powms4FqaI1bd0cUVhGsAhmmdYAqBQFHT+5I5Qh6vPxoZ8xlekFv6xSSaS9+k5xCldajm0Tsf2X0K14qjvvDS3QKf6o6bBQS0zEa6cNZFLqokJGxEPDbiw=,iv:8mZzroAJYRAbRxX3WOGTEcoIMmmASp9GVm+4E2/5NI0=,tag:qGOZauuZEKdSndi6Qys9lA==,type:str]", 3 + "sops": { 4 + "age": [ 5 + { 6 + "recipient": "age16e3uae0sktxmwzlmcdxwn07jpudtjl0s42hnwx2qsdh9h72gc5ssktkazg", 7 + "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPdVpaenUrYVpMeEpRZlBl\nTndhYmkvUEcxQWZ5UjZFUHFUcGpqMXdoZ2xFCkFLUmY4YlhRRTdIUmpQTzNPYSsz\nZ2JaZ0JTM3NHNWNwMHdiR2J2M1RRb1kKLS0tIERXbGtkRUlRSnFybExqYlVoQjVz\ndFdNQ0kxU3FMT0Y1ZnRhZkxWZWcrbEEK8hSNNXzhRXLrqEUHsXnPM6p+2ZynT/is\nLT+kR1IhJjuAB0uFjlGDtL19OsQdwb85TV79i2shQZIxwftqVwYoeg==\n-----END AGE ENCRYPTED FILE-----\n" 8 + } 9 + ], 10 + "lastmodified": "2026-01-29T18:35:32Z", 11 + "mac": "ENC[AES256_GCM,data:y/VHDvRfwUaGyHCAIvOFNisyRwJYxoMk3ThurJmzf9804rkwVHaQFSXfVKzE13YhidG8kpI+6ELkidNzaew65M+VhWlw5atwqhWouIEp+Fib6OIWvhpd1dOKlEJe10ByibcsOKk3tCP/+xnE2LHnYnd7Bliio4wRt9v5Tb2KLDY=,iv:xF9UWM4Jr9yFGFDOzAdgE0D8JIAgrykLXrF+vp3N/Ls=,tag:C9mdtos0DoSztvpnRU1mfw==,type:str]", 12 + "pgp": [ 13 + { 14 + "created_at": "2026-01-29T17:28:29Z", 15 + "enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA09oKgMfawMUAQ/7BeTq0gsT8OxJ8rMNoacK0oscGx0nEKotNIxmxFck/Kpu\nfI6Dq9dvvOxoI48Dm4hBU/6VPMar1AA1B/ae5CfaY3CmB1E7NsOepKAHzfqO0rfH\nELZi/XX10G6he0UI2y1lz9IjqBx83Xuybp6ePeA7yO3OUT2K1S905px7XCIVidJw\ngNWYMtg6dSuhApA026/cftKARNDEoDsudI8pnVUSknAcDI2yrYW3DGGsKbTRYBWa\nR+zJiniUjBVUvRE8N3qc5TFN0V5NvFvfWyzIbLnh5XR+psbGgMoyV0WEm0TKGt4y\ndRH68Xh3CUH8lkLh5AqSapWwxi7A4v1zSbwud99zYkZlwGXBI0/QS1mIV5rm0ch5\nxQ61aJ2j3uw51lkZ1Bd4E53YB8/pc/PKIOxhZWKVi10umzHZFBuuqnXHhbMa9gw2\nALOEVw2RKiGViFrbZ8bZZKzpDkscQP8O5IxS3YeA6+n4VGCNHox90SAaPym77LB0\nJvDSXOitG9vxCEFezojmuWfrusiXWJfHbLj/hRzaZGWQKpfZ9QjfST/MEQFRQ4Gf\n7qjneRaUhVfZEdkF/xmHRaUXjbwC9VmJ5jLHVc6uyiDJQ9Vk2IwjYHWMqZSy4gsk\n5kqMJHj8oMeu2mx5jdKs3MywUgi+30WhMqGd52gxdAmPP4m96Rb0AlThSluShbPS\nXgGGE0UzfqalKLq37rNxN25URUtGZNBDRsWp4UpUnL0lTQx6F8lY/NWvjNB+wt1z\nd+j134e0EmDOPOO88FAtn7fvBuRjbuXwzC6MqHfIfaiNbchgKRY917txKidUlzE=\n=0TBQ\n-----END PGP MESSAGE-----", 16 + "fp": "D40CE1579C09BFD7EF4AB7E631250420834310B5" 17 + } 18 + ], 19 + "unencrypted_suffix": "_unencrypted", 20 + "version": "3.11.0" 21 + } 22 + }