mrsnowy.dev / dotfiles
My dotfiles for my nixos machines and infra
2
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add SOPS, add Garage, update directory structure, move caddy out of a container and some other stuff

MrSnowy 90699a34 c4c3e005

+686 -1092
+1
.gitignore
··· 1 1 result/ 2 + result 2 3 3 4 # For nixos-vms 4 5 *.qcow2
+32 -752
desktop/flake.lock
··· 1 1 { 2 2 "nodes": { 3 - "aquamarine": { 4 - "inputs": { 5 - "hyprutils": [ 6 - "hyprland", 7 - "hyprutils" 8 - ], 9 - "hyprwayland-scanner": [ 10 - "hyprland", 11 - "hyprwayland-scanner" 12 - ], 13 - "nixpkgs": [ 14 - "hyprland", 15 - "nixpkgs" 16 - ], 17 - "systems": [ 18 - "hyprland", 19 - "systems" 20 - ] 21 - }, 22 - "locked": { 23 - "lastModified": 1762356719, 24 - "narHash": "sha256-qwd/xdoOya1m8FENle+4hWnydCtlXUWLAW/Auk6WL7s=", 25 - "owner": "hyprwm", 26 - "repo": "aquamarine", 27 - "rev": "6d0b3567584691bf9d8fedb5d0093309e2f979c7", 28 - "type": "github" 29 - }, 30 - "original": { 31 - "owner": "hyprwm", 32 - "repo": "aquamarine", 33 - "type": "github" 34 - } 35 - }, 36 - "chaotic": { 37 - "inputs": { 38 - "flake-schemas": "flake-schemas", 39 - "home-manager": "home-manager", 40 - "jovian": "jovian", 41 - "nixpkgs": "nixpkgs", 42 - "rust-overlay": "rust-overlay" 43 - }, 44 - "locked": { 45 - "lastModified": 1762525922, 46 - "narHash": "sha256-DX0/D0o/lUQRMCuoAoJiXkDqoISLSgkQAlsPqPS4i6M=", 47 - "owner": "chaotic-cx", 48 - "repo": "nyx", 49 - "rev": "863eed9a7967cb307ecdcdba0c7b87db6a314865", 50 - "type": "github" 51 - }, 52 - "original": { 53 - "owner": "chaotic-cx", 54 - "ref": "nyxpkgs-unstable", 55 - "repo": "nyx", 56 - "type": "github" 57 - } 58 - }, 59 - "flake-compat": { 60 - "flake": false, 61 - "locked": { 62 - "lastModified": 1747046372, 63 - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", 64 - "owner": "edolstra", 65 - "repo": "flake-compat", 66 - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", 67 - "type": "github" 68 - }, 69 - "original": { 70 - "owner": "edolstra", 71 - "repo": "flake-compat", 72 - "type": "github" 73 - } 74 - }, 75 - "flake-parts": { 76 - "inputs": { 77 - "nixpkgs-lib": "nixpkgs-lib" 78 - }, 79 - "locked": { 80 - "lastModified": 1754487366, 81 - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", 82 - "owner": "hercules-ci", 83 - "repo": "flake-parts", 84 - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", 85 - "type": "github" 86 - }, 87 - "original": { 88 - "owner": "hercules-ci", 89 - "repo": "flake-parts", 90 - "type": "github" 91 - } 92 - }, 93 - "flake-schemas": { 94 - "locked": { 95 - "lastModified": 1721999734, 96 - "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=", 97 - "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982", 98 - "revCount": 75, 99 - "type": "tarball", 100 - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz" 101 - }, 102 - "original": { 103 - "type": "tarball", 104 - "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" 105 - } 106 - }, 107 - "gitignore": { 108 - "inputs": { 109 - "nixpkgs": [ 110 - "hyprland", 111 - "pre-commit-hooks", 112 - "nixpkgs" 113 - ] 114 - }, 115 - "locked": { 116 - "lastModified": 1709087332, 117 - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", 118 - "owner": "hercules-ci", 119 - "repo": "gitignore.nix", 120 - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", 121 - "type": "github" 122 - }, 123 - "original": { 124 - "owner": "hercules-ci", 125 - "repo": "gitignore.nix", 126 - "type": "github" 127 - } 128 - }, 129 3 "home-manager": { 130 - "inputs": { 131 - "nixpkgs": [ 132 - "chaotic", 133 - "nixpkgs" 134 - ] 135 - }, 136 - "locked": { 137 - "lastModified": 1762463325, 138 - "narHash": "sha256-33YUsWpPyeBZEWrKQ2a1gkRZ7i0XCC/2MYpU6BVeQSU=", 139 - "owner": "nix-community", 140 - "repo": "home-manager", 141 - "rev": "0562fef070a1027325dd4ea10813d64d2c967b39", 142 - "type": "github" 143 - }, 144 - "original": { 145 - "owner": "nix-community", 146 - "repo": "home-manager", 147 - "type": "github" 148 - } 149 - }, 150 - "home-manager_2": { 151 4 "inputs": { 152 5 "nixpkgs": [ 153 6 "nixpkgs-unstable" 154 7 ] 155 8 }, 156 9 "locked": { 157 - "lastModified": 1762704774, 158 - "narHash": "sha256-iodz4xQbULkHqetbPu5BCSWsVEzZiiNSv0/dzfH4XiE=", 10 + "lastModified": 1766387499, 11 + "narHash": "sha256-AjK3/UKDzeXFeYNLVBaJ3+HLE9he1g5UrlNd4/BM3eA=", 159 12 "owner": "nix-community", 160 13 "repo": "home-manager", 161 - "rev": "be4a9233dd3f6104c9b0fdd3d56f953eb519a4c7", 14 + "rev": "527ad07e6625302b648ed3b28c34b62a79bd103e", 162 15 "type": "github" 163 16 }, 164 17 "original": { ··· 168 21 "type": "github" 169 22 } 170 23 }, 171 - "home-manager_3": { 24 + "home-manager_2": { 172 25 "inputs": { 173 26 "nixpkgs": [ 174 27 "zen-browser", ··· 176 29 ] 177 30 }, 178 31 "locked": { 179 - "lastModified": 1762351818, 180 - "narHash": "sha256-0ptUDbYwxv1kk/uzEX4+NJjY2e16MaAhtzAOJ6K0TG0=", 32 + "lastModified": 1765682243, 33 + "narHash": "sha256-yeCxFV/905Wr91yKt5zrVvK6O2CVXWRMSrxqlAZnLp0=", 181 34 "owner": "nix-community", 182 35 "repo": "home-manager", 183 - "rev": "b959c67241cae17fc9e4ee7eaf13dfa8512477ea", 36 + "rev": "58bf3ecb2d0bba7bdf363fc8a6c4d49b4d509d03", 184 37 "type": "github" 185 38 }, 186 39 "original": { ··· 189 42 "type": "github" 190 43 } 191 44 }, 192 - "hyprcursor": { 193 - "inputs": { 194 - "hyprlang": [ 195 - "hyprland", 196 - "hyprlang" 197 - ], 198 - "nixpkgs": [ 199 - "hyprland", 200 - "nixpkgs" 201 - ], 202 - "systems": [ 203 - "hyprland", 204 - "systems" 205 - ] 206 - }, 207 - "locked": { 208 - "lastModified": 1753964049, 209 - "narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", 210 - "owner": "hyprwm", 211 - "repo": "hyprcursor", 212 - "rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", 213 - "type": "github" 214 - }, 215 - "original": { 216 - "owner": "hyprwm", 217 - "repo": "hyprcursor", 218 - "type": "github" 219 - } 220 - }, 221 - "hyprgraphics": { 222 - "inputs": { 223 - "hyprutils": [ 224 - "hyprland", 225 - "hyprutils" 226 - ], 227 - "nixpkgs": [ 228 - "hyprland", 229 - "nixpkgs" 230 - ], 231 - "systems": [ 232 - "hyprland", 233 - "systems" 234 - ] 235 - }, 236 - "locked": { 237 - "lastModified": 1762462052, 238 - "narHash": "sha256-6roLYzcDf4V38RUMSqycsOwAnqfodL6BmhRkUtwIgdA=", 239 - "owner": "hyprwm", 240 - "repo": "hyprgraphics", 241 - "rev": "ffc999d980c7b3bca85d3ebd0a9fbadf984a8162", 242 - "type": "github" 243 - }, 244 - "original": { 245 - "owner": "hyprwm", 246 - "repo": "hyprgraphics", 247 - "type": "github" 248 - } 249 - }, 250 - "hyprland": { 251 - "inputs": { 252 - "aquamarine": "aquamarine", 253 - "hyprcursor": "hyprcursor", 254 - "hyprgraphics": "hyprgraphics", 255 - "hyprland-guiutils": "hyprland-guiutils", 256 - "hyprland-protocols": "hyprland-protocols", 257 - "hyprlang": "hyprlang", 258 - "hyprutils": "hyprutils", 259 - "hyprwayland-scanner": "hyprwayland-scanner_2", 260 - "nixpkgs": "nixpkgs_2", 261 - "pre-commit-hooks": "pre-commit-hooks", 262 - "systems": "systems", 263 - "xdph": "xdph" 264 - }, 265 - "locked": { 266 - "lastModified": 1762703954, 267 - "narHash": "sha256-tBNyAKujRoltMh3lsCnEiYza7YC+kK6pcwsCp33QpV4=", 268 - "owner": "hyprwm", 269 - "repo": "Hyprland", 270 - "rev": "0bd11d5eb941b8038f0723135768d84aa5512b4a", 271 - "type": "github" 272 - }, 273 - "original": { 274 - "owner": "hyprwm", 275 - "repo": "Hyprland", 276 - "type": "github" 277 - } 278 - }, 279 - "hyprland-guiutils": { 280 - "inputs": { 281 - "aquamarine": [ 282 - "hyprland", 283 - "aquamarine" 284 - ], 285 - "hyprgraphics": [ 286 - "hyprland", 287 - "hyprgraphics" 288 - ], 289 - "hyprlang": [ 290 - "hyprland", 291 - "hyprlang" 292 - ], 293 - "hyprtoolkit": "hyprtoolkit", 294 - "hyprutils": [ 295 - "hyprland", 296 - "hyprutils" 297 - ], 298 - "nixpkgs": [ 299 - "hyprland", 300 - "nixpkgs" 301 - ], 302 - "systems": [ 303 - "hyprland", 304 - "systems" 305 - ] 306 - }, 307 - "locked": { 308 - "lastModified": 1762465111, 309 - "narHash": "sha256-dS13YZdWjgGGLBjpT4FHB6xf8I/WiAU+mgNWXsZgDUs=", 310 - "owner": "hyprwm", 311 - "repo": "hyprland-guiutils", 312 - "rev": "a415eba866a953f3096d661318f771aa0082eb98", 313 - "type": "github" 314 - }, 315 - "original": { 316 - "owner": "hyprwm", 317 - "repo": "hyprland-guiutils", 318 - "type": "github" 319 - } 320 - }, 321 - "hyprland-protocols": { 322 - "inputs": { 323 - "nixpkgs": [ 324 - "hyprland", 325 - "nixpkgs" 326 - ], 327 - "systems": [ 328 - "hyprland", 329 - "systems" 330 - ] 331 - }, 332 - "locked": { 333 - "lastModified": 1759610243, 334 - "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=", 335 - "owner": "hyprwm", 336 - "repo": "hyprland-protocols", 337 - "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622", 338 - "type": "github" 339 - }, 340 - "original": { 341 - "owner": "hyprwm", 342 - "repo": "hyprland-protocols", 343 - "type": "github" 344 - } 345 - }, 346 - "hyprlang": { 347 - "inputs": { 348 - "hyprutils": [ 349 - "hyprland", 350 - "hyprutils" 351 - ], 352 - "nixpkgs": [ 353 - "hyprland", 354 - "nixpkgs" 355 - ], 356 - "systems": [ 357 - "hyprland", 358 - "systems" 359 - ] 360 - }, 361 - "locked": { 362 - "lastModified": 1758927902, 363 - "narHash": "sha256-LZgMds7M94+vuMql2bERQ6LiFFdhgsEFezE4Vn+Ys3A=", 364 - "owner": "hyprwm", 365 - "repo": "hyprlang", 366 - "rev": "4dafa28d4f79877d67a7d1a654cddccf8ebf15da", 367 - "type": "github" 368 - }, 369 - "original": { 370 - "owner": "hyprwm", 371 - "repo": "hyprlang", 372 - "type": "github" 373 - } 374 - }, 375 - "hyprtoolkit": { 376 - "inputs": { 377 - "aquamarine": [ 378 - "hyprland", 379 - "hyprland-guiutils", 380 - "aquamarine" 381 - ], 382 - "hyprgraphics": [ 383 - "hyprland", 384 - "hyprland-guiutils", 385 - "hyprgraphics" 386 - ], 387 - "hyprlang": [ 388 - "hyprland", 389 - "hyprland-guiutils", 390 - "hyprlang" 391 - ], 392 - "hyprutils": [ 393 - "hyprland", 394 - "hyprland-guiutils", 395 - "hyprutils" 396 - ], 397 - "hyprwayland-scanner": "hyprwayland-scanner", 398 - "nixpkgs": [ 399 - "hyprland", 400 - "hyprland-guiutils", 401 - "nixpkgs" 402 - ], 403 - "systems": [ 404 - "hyprland", 405 - "hyprland-guiutils", 406 - "systems" 407 - ] 408 - }, 409 - "locked": { 410 - "lastModified": 1762463729, 411 - "narHash": "sha256-2fYkU/mdz8WKY3dkDPlE/j6hTxIwqultsx4gMMsMns0=", 412 - "owner": "hyprwm", 413 - "repo": "hyprtoolkit", 414 - "rev": "88483bdee5329ec985f0c8f834c519cd18cfe532", 415 - "type": "github" 416 - }, 417 - "original": { 418 - "owner": "hyprwm", 419 - "repo": "hyprtoolkit", 420 - "type": "github" 421 - } 422 - }, 423 - "hyprutils": { 424 - "inputs": { 425 - "nixpkgs": [ 426 - "hyprland", 427 - "nixpkgs" 428 - ], 429 - "systems": [ 430 - "hyprland", 431 - "systems" 432 - ] 433 - }, 434 - "locked": { 435 - "lastModified": 1762387740, 436 - "narHash": "sha256-gQ9zJ+pUI4o+Gh4Z6jhJll7jjCSwi8ZqJIhCE2oqwhQ=", 437 - "owner": "hyprwm", 438 - "repo": "hyprutils", 439 - "rev": "926689ddb9c0a8787e58c02c765a62e32d63d1f7", 440 - "type": "github" 441 - }, 442 - "original": { 443 - "owner": "hyprwm", 444 - "repo": "hyprutils", 445 - "type": "github" 446 - } 447 - }, 448 - "hyprwayland-scanner": { 449 - "inputs": { 450 - "nixpkgs": [ 451 - "hyprland", 452 - "hyprland-guiutils", 453 - "hyprtoolkit", 454 - "nixpkgs" 455 - ], 456 - "systems": [ 457 - "hyprland", 458 - "hyprland-guiutils", 459 - "hyprtoolkit", 460 - "systems" 461 - ] 462 - }, 463 - "locked": { 464 - "lastModified": 1755184602, 465 - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", 466 - "owner": "hyprwm", 467 - "repo": "hyprwayland-scanner", 468 - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", 469 - "type": "github" 470 - }, 471 - "original": { 472 - "owner": "hyprwm", 473 - "repo": "hyprwayland-scanner", 474 - "type": "github" 475 - } 476 - }, 477 - "hyprwayland-scanner_2": { 478 - "inputs": { 479 - "nixpkgs": [ 480 - "hyprland", 481 - "nixpkgs" 482 - ], 483 - "systems": [ 484 - "hyprland", 485 - "systems" 486 - ] 487 - }, 488 - "locked": { 489 - "lastModified": 1755184602, 490 - "narHash": "sha256-RCBQN8xuADB0LEgaKbfRqwm6CdyopE1xIEhNc67FAbw=", 491 - "owner": "hyprwm", 492 - "repo": "hyprwayland-scanner", 493 - "rev": "b3b0f1f40ae09d4447c20608e5a4faf8bf3c492d", 494 - "type": "github" 495 - }, 496 - "original": { 497 - "owner": "hyprwm", 498 - "repo": "hyprwayland-scanner", 499 - "type": "github" 500 - } 501 - }, 502 - "jovian": { 503 - "inputs": { 504 - "nix-github-actions": "nix-github-actions", 505 - "nixpkgs": [ 506 - "chaotic", 507 - "nixpkgs" 508 - ] 509 - }, 510 - "locked": { 511 - "lastModified": 1762452596, 512 - "narHash": "sha256-Iaga+mkwWnWa6FxsAYknpHzeP344VCKGkdudX420LgA=", 513 - "owner": "Jovian-Experiments", 514 - "repo": "Jovian-NixOS", 515 - "rev": "99919fd35e70c1b18ce948d5329928d751031312", 516 - "type": "github" 517 - }, 518 - "original": { 519 - "owner": "Jovian-Experiments", 520 - "repo": "Jovian-NixOS", 521 - "type": "github" 522 - } 523 - }, 524 45 "lsfg-vk-flake": { 525 46 "inputs": { 526 47 "nixpkgs": [ ··· 542 63 "type": "github" 543 64 } 544 65 }, 545 - "nix-github-actions": { 546 - "inputs": { 547 - "nixpkgs": [ 548 - "chaotic", 549 - "jovian", 550 - "nixpkgs" 551 - ] 552 - }, 553 - "locked": { 554 - "lastModified": 1729697500, 555 - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", 556 - "owner": "zhaofengli", 557 - "repo": "nix-github-actions", 558 - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", 559 - "type": "github" 560 - }, 561 - "original": { 562 - "owner": "zhaofengli", 563 - "ref": "matrix-name", 564 - "repo": "nix-github-actions", 565 - "type": "github" 566 - } 567 - }, 568 66 "nix-index": { 569 67 "inputs": { 570 68 "nixpkgs": [ ··· 572 70 ] 573 71 }, 574 72 "locked": { 575 - "lastModified": 1762660502, 576 - "narHash": "sha256-C9F1C31ys0V7mnp4EcDy7L1cLZw/sCTEXqqTtGnvu08=", 73 + "lastModified": 1765267181, 74 + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", 577 75 "owner": "nix-community", 578 76 "repo": "nix-index-database", 579 - "rev": "15c5451c63f4c612874a43846bfe3fa828b03eee", 77 + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", 580 78 "type": "github" 581 79 }, 582 80 "original": { ··· 585 83 "type": "github" 586 84 } 587 85 }, 588 - "nixpkgs": { 86 + "nixpkgs-extra-unstable": { 589 87 "locked": { 590 - "lastModified": 1762363567, 591 - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", 88 + "lastModified": 1766314097, 89 + "narHash": "sha256-laJftWbghBehazn/zxVJ8NdENVgjccsWAdAqKXhErrM=", 592 90 "owner": "NixOS", 593 91 "repo": "nixpkgs", 594 - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", 92 + "rev": "306ea70f9eb0fb4e040f8540e2deab32ed7e2055", 595 93 "type": "github" 596 94 }, 597 95 "original": { 598 96 "owner": "NixOS", 599 - "ref": "nixos-unstable", 97 + "ref": "nixpkgs-unstable", 600 98 "repo": "nixpkgs", 601 99 "type": "github" 602 100 } 603 101 }, 604 - "nixpkgs-extra-unstable": { 102 + "nixpkgs-master": { 605 103 "locked": { 606 - "lastModified": 1762482733, 607 - "narHash": "sha256-g/da4FzvckvbiZT075Sb1/YDNDr+tGQgh4N8i5ceYMg=", 104 + "lastModified": 1766403040, 105 + "narHash": "sha256-nA6yZyc/HDo6JsmfX8aiVYEv++QXqzH80QTNRG1KEgQ=", 608 106 "owner": "NixOS", 609 107 "repo": "nixpkgs", 610 - "rev": "e1ebeec86b771e9d387dd02d82ffdc77ac753abc", 108 + "rev": "3ffc59654f4bbc433cf7202f43360b9d19aed3ea", 611 109 "type": "github" 612 110 }, 613 111 "original": { 614 112 "owner": "NixOS", 615 - "ref": "nixpkgs-unstable", 113 + "ref": "master", 616 114 "repo": "nixpkgs", 617 115 "type": "github" 618 116 } 619 117 }, 620 - "nixpkgs-lib": { 621 - "locked": { 622 - "lastModified": 1753579242, 623 - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", 624 - "owner": "nix-community", 625 - "repo": "nixpkgs.lib", 626 - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", 627 - "type": "github" 628 - }, 629 - "original": { 630 - "owner": "nix-community", 631 - "repo": "nixpkgs.lib", 632 - "type": "github" 633 - } 634 - }, 635 118 "nixpkgs-stable": { 636 119 "locked": { 637 - "lastModified": 1762498405, 638 - "narHash": "sha256-Zg/SCgCaAioc0/SVZQJxuECGPJy+OAeBcGeA5okdYDc=", 120 + "lastModified": 1766014764, 121 + "narHash": "sha256-+73VffE5GP5fvbib6Hs1Su6LehG+9UV1Kzs90T2gBLA=", 639 122 "owner": "NixOS", 640 123 "repo": "nixpkgs", 641 - "rev": "6faeb062ee4cf4f105989d490831713cc5a43ee1", 124 + "rev": "2b0d2b456e4e8452cf1c16d00118d145f31160f9", 642 125 "type": "github" 643 126 }, 644 127 "original": { ··· 650 133 }, 651 134 "nixpkgs-unstable": { 652 135 "locked": { 653 - "lastModified": 1762596750, 654 - "narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=", 655 - "owner": "NixOS", 656 - "repo": "nixpkgs", 657 - "rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e", 658 - "type": "github" 659 - }, 660 - "original": { 661 - "owner": "NixOS", 662 - "ref": "nixos-unstable", 663 - "repo": "nixpkgs", 664 - "type": "github" 665 - } 666 - }, 667 - "nixpkgs_2": { 668 - "locked": { 669 - "lastModified": 1762363567, 670 - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", 671 - "owner": "NixOS", 672 - "repo": "nixpkgs", 673 - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", 674 - "type": "github" 675 - }, 676 - "original": { 677 - "owner": "NixOS", 678 - "ref": "nixos-unstable", 679 - "repo": "nixpkgs", 680 - "type": "github" 681 - } 682 - }, 683 - "nixpkgs_3": { 684 - "locked": { 685 - "lastModified": 1762363567, 686 - "narHash": "sha256-YRqMDEtSMbitIMj+JLpheSz0pwEr0Rmy5mC7myl17xs=", 136 + "lastModified": 1766070988, 137 + "narHash": "sha256-G/WVghka6c4bAzMhTwT2vjLccg/awmHkdKSd2JrycLc=", 687 138 "owner": "NixOS", 688 139 "repo": "nixpkgs", 689 - "rev": "ae814fd3904b621d8ab97418f1d0f2eb0d3716f4", 140 + "rev": "c6245e83d836d0433170a16eb185cefe0572f8b8", 690 141 "type": "github" 691 142 }, 692 143 "original": { ··· 696 147 "type": "github" 697 148 } 698 149 }, 699 - "nixpkgs_4": { 700 - "locked": { 701 - "lastModified": 1756731054, 702 - "narHash": "sha256-kifUBw3WDopsgxUq0X9hFb2MMDeqhREbF1YttEj6IpM=", 703 - "owner": "nixos", 704 - "repo": "nixpkgs", 705 - "rev": "d042fb41a92f948e2f42038b0b9641bd501d08ce", 706 - "type": "github" 707 - }, 708 - "original": { 709 - "owner": "nixos", 710 - "repo": "nixpkgs", 711 - "type": "github" 712 - } 713 - }, 714 - "pre-commit-hooks": { 715 - "inputs": { 716 - "flake-compat": "flake-compat", 717 - "gitignore": "gitignore", 718 - "nixpkgs": [ 719 - "hyprland", 720 - "nixpkgs" 721 - ] 722 - }, 723 - "locked": { 724 - "lastModified": 1762441963, 725 - "narHash": "sha256-j+rNQ119ffYUkYt2YYS6rnd6Jh/crMZmbqpkGLXaEt0=", 726 - "owner": "cachix", 727 - "repo": "git-hooks.nix", 728 - "rev": "8e7576e79b88c16d7ee3bbd112c8d90070832885", 729 - "type": "github" 730 - }, 731 - "original": { 732 - "owner": "cachix", 733 - "repo": "git-hooks.nix", 734 - "type": "github" 735 - } 736 - }, 737 150 "root": { 738 151 "inputs": { 739 - "chaotic": "chaotic", 740 - "home-manager": "home-manager_2", 741 - "hyprland": "hyprland", 152 + "home-manager": "home-manager", 742 153 "lsfg-vk-flake": "lsfg-vk-flake", 743 154 "nix-index": "nix-index", 744 155 "nixpkgs-extra-unstable": "nixpkgs-extra-unstable", 156 + "nixpkgs-master": "nixpkgs-master", 745 157 "nixpkgs-stable": "nixpkgs-stable", 746 158 "nixpkgs-unstable": "nixpkgs-unstable", 747 - "spicetify-nix": "spicetify-nix", 748 - "zed-editor": "zed-editor", 749 159 "zen-browser": "zen-browser" 750 160 } 751 161 }, 752 - "rust-overlay": { 753 - "inputs": { 754 - "nixpkgs": [ 755 - "chaotic", 756 - "nixpkgs" 757 - ] 758 - }, 759 - "locked": { 760 - "lastModified": 1762483116, 761 - "narHash": "sha256-Z8EVsTH10BjCdFyPxbUu5jBV+HGL39rh9+beQcnNRm0=", 762 - "owner": "oxalica", 763 - "repo": "rust-overlay", 764 - "rev": "9de55b59b6aaadbd9dbf223765a835239b767ee5", 765 - "type": "github" 766 - }, 767 - "original": { 768 - "owner": "oxalica", 769 - "repo": "rust-overlay", 770 - "type": "github" 771 - } 772 - }, 773 - "spicetify-nix": { 774 - "inputs": { 775 - "nixpkgs": "nixpkgs_3", 776 - "systems": "systems_2" 777 - }, 778 - "locked": { 779 - "lastModified": 1762705543, 780 - "narHash": "sha256-yoJBNxZySJduVdzfy8zxlfx5OL2CvBOYtuQsYsbD/qw=", 781 - "owner": "Gerg-L", 782 - "repo": "spicetify-nix", 783 - "rev": "954fd25c1dc799f732a23da844befe71f03a5ff0", 784 - "type": "github" 785 - }, 786 - "original": { 787 - "owner": "Gerg-L", 788 - "repo": "spicetify-nix", 789 - "type": "github" 790 - } 791 - }, 792 - "systems": { 793 - "locked": { 794 - "lastModified": 1689347949, 795 - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", 796 - "owner": "nix-systems", 797 - "repo": "default-linux", 798 - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", 799 - "type": "github" 800 - }, 801 - "original": { 802 - "owner": "nix-systems", 803 - "repo": "default-linux", 804 - "type": "github" 805 - } 806 - }, 807 - "systems_2": { 808 - "locked": { 809 - "lastModified": 1681028828, 810 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 811 - "owner": "nix-systems", 812 - "repo": "default", 813 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 814 - "type": "github" 815 - }, 816 - "original": { 817 - "owner": "nix-systems", 818 - "repo": "default", 819 - "type": "github" 820 - } 821 - }, 822 - "xdph": { 823 - "inputs": { 824 - "hyprland-protocols": [ 825 - "hyprland", 826 - "hyprland-protocols" 827 - ], 828 - "hyprlang": [ 829 - "hyprland", 830 - "hyprlang" 831 - ], 832 - "hyprutils": [ 833 - "hyprland", 834 - "hyprutils" 835 - ], 836 - "hyprwayland-scanner": [ 837 - "hyprland", 838 - "hyprwayland-scanner" 839 - ], 840 - "nixpkgs": [ 841 - "hyprland", 842 - "nixpkgs" 843 - ], 844 - "systems": [ 845 - "hyprland", 846 - "systems" 847 - ] 848 - }, 849 - "locked": { 850 - "lastModified": 1761431178, 851 - "narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", 852 - "owner": "hyprwm", 853 - "repo": "xdg-desktop-portal-hyprland", 854 - "rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", 855 - "type": "github" 856 - }, 857 - "original": { 858 - "owner": "hyprwm", 859 - "repo": "xdg-desktop-portal-hyprland", 860 - "type": "github" 861 - } 862 - }, 863 - "zed-editor": { 864 - "inputs": { 865 - "flake-parts": "flake-parts", 866 - "nixpkgs": "nixpkgs_4" 867 - }, 868 - "locked": { 869 - "lastModified": 1756797624, 870 - "narHash": "sha256-8EWKUNW90lu6B13B/97CROw4iji6v3CAm3avvioXho8=", 871 - "owner": "HPsaucii", 872 - "repo": "zed-editor-flake", 873 - "rev": "2c2a2aaac1cd9dd95e92dc045ce51a6d8372b02e", 874 - "type": "github" 875 - }, 876 - "original": { 877 - "owner": "HPsaucii", 878 - "repo": "zed-editor-flake", 879 - "type": "github" 880 - } 881 - }, 882 162 "zen-browser": { 883 163 "inputs": { 884 - "home-manager": "home-manager_3", 164 + "home-manager": "home-manager_2", 885 165 "nixpkgs": [ 886 166 "nixpkgs-unstable" 887 167 ] 888 168 }, 889 169 "locked": { 890 - "lastModified": 1762665515, 891 - "narHash": "sha256-0+A0nHL1+x1H4NL5bE6GyA252JOpUK6kvfHg/g75260=", 170 + "lastModified": 1766378463, 171 + "narHash": "sha256-ZGTxrMJktO2TiqrWdZZ7FCw26LKcw3sJkn9MnDLWg4I=", 892 172 "owner": "0xc000022070", 893 173 "repo": "zen-browser-flake", 894 - "rev": "1bea5e777dd0b99158c504da1fb2913ff119e96c", 174 + "rev": "b6b1e625e4aa049b59930611fc20790c0ccbc840", 895 175 "type": "github" 896 176 }, 897 177 "original": {
+10 -10
desktop/flake.nix
··· 5 5 nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05"; 6 6 nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; 7 7 nixpkgs-extra-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 8 + nixpkgs-master.url = "github:NixOS/nixpkgs/master"; 8 9 home-manager = { 9 10 # url = "github:nix-community/home-manager/release-25.05"; 10 11 url = "github:nix-community/home-manager/master"; ··· 13 14 14 15 zen-browser = { 15 16 url = "github:0xc000022070/zen-browser-flake"; 16 - # IMPORTANT: we're using "libgbm" and is only available in unstable so ensure 17 - # to have it up-to-date or simply don't specify the nixpkgs input 18 17 inputs.nixpkgs.follows = "nixpkgs-unstable"; 19 18 }; 20 19 21 - hyprland.url = "github:hyprwm/Hyprland"; 20 + # hyprland.url = "github:hyprwm/Hyprland"; 22 21 23 - chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; 24 - zed-editor.url = "github:HPsaucii/zed-editor-flake"; 25 - # fennec-flake.url = "git+https://git.killuaa.dev/Rouffy/fennec-flake?ref=mrrow"; 22 + # chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; 26 23 27 24 lsfg-vk-flake = { 28 25 url = "github:pabloaul/lsfg-vk-flake/main"; ··· 34 31 inputs.nixpkgs.follows = "nixpkgs-unstable"; 35 32 }; 36 33 37 - spicetify-nix.url = "github:Gerg-L/spicetify-nix"; 38 - 39 - # modrinth-fix.url = "github:getchoo-contrib/nixpkgs/pkgs/modrinth-app/0.10.3"; 34 + # spicetify-nix.url = "github:Gerg-L/spicetify-nix"; 40 35 }; 41 36 42 37 outputs = ··· 58 53 # This makes these args available in all other modules 59 54 specialArgs = { 60 55 inherit inputs; 56 + inherit repos; 61 57 }; 62 58 63 59 modules = [ ··· 66 62 inherit system; 67 63 config.allowUnfree = true; 68 64 config.android_sdk.accept_license = true; 65 + overlays = [ 66 + (final: prev: { 67 + }) 68 + ]; 69 69 }; 70 70 } 71 71 72 72 ./system/configuration.nix # Main configuration 73 73 ./system/networking.nix # Network config 74 74 75 - inputs.chaotic.nixosModules.default 75 + # inputs.chaotic.nixosModules.default 76 76 inputs.lsfg-vk-flake.nixosModules.default 77 77 78 78 inputs.home-manager.nixosModules.home-manager
+9 -5
desktop/home-manager/snowy.nix
··· 23 23 # }; 24 24 25 25 home.packages = with pkgs; [ 26 - inputs.zen-browser.packages."${system}".twilight 27 - inputs.zed-editor.packages."${pkgs.system}".zed-editor-bin 26 + inputs.zen-browser.packages."${stdenv.hostPlatform.system}".twilight 27 + repos.extra-unstable.zed-editor 28 28 # corretto17 29 29 # android-studio 30 30 # forgejo-actions-runner ··· 35 35 vscode 36 36 helix 37 37 mpv 38 + tauon 39 + yt-dlp 38 40 39 41 # shellcheck # for zed basher? 40 42 # vscodium 41 - jetbrains.idea-ultimate 43 + jetbrains.idea 42 44 jetbrains.rider 43 45 orca-slicer 44 46 # godot ··· 55 57 fzf # for fish 56 58 chafa 57 59 # hextazy 58 - repos.pkgs-extra-unstable.grayjay 60 + # repos.extra-unstable.grayjay 59 61 60 62 # gaphor 61 63 # d-spyd ··· 65 67 gcc 66 68 just 67 69 jujutsu 70 + sops 68 71 69 72 # silly game 70 73 clonehero ··· 90 93 91 94 monocraft 92 95 python3 96 + repos.master.jellyfin-desktop 93 97 # wine64 94 98 # nixpkgs-extra-unstable.hyprlandPlugins.hyprsplit 95 99 ]; ··· 102 106 103 107 # programs.spicetify = 104 108 # let 105 - # spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.system}; 109 + # spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system}; 106 110 # in 107 111 # { 108 112 # enable = true;
+10 -13
desktop/repos.nix
··· 3 3 system, 4 4 ... 5 5 }: 6 - let 6 + { 7 7 inherit system; 8 8 9 - pkgs-extra-unstable = import inputs.nixpkgs-extra-unstable { 9 + master = import inputs.nixpkgs-master { 10 + inherit system; 11 + config.allowUnfree = true; 12 + }; 13 + 14 + extra-unstable = import inputs.nixpkgs-extra-unstable { 10 15 inherit system; 11 16 config.allowUnfree = true; 12 17 config.android_sdk.accept_license = true; 13 18 }; 14 19 15 - pks-unstable = import inputs.nixpkgs-unstable { 20 + unstable = import inputs.nixpkgs-unstable { 16 21 inherit system; 17 22 config.allowUnfree = true; 18 23 config.android_sdk.accept_license = true; 19 24 }; 20 25 21 - pkgs-stable = import inputs.nixpkgs-stable { 26 + stable = import inputs.nixpkgs-stable { 22 27 inherit system; 23 28 config.allowUnfree = true; 24 29 config.android_sdk.accept_license = true; 25 30 }; 26 31 27 32 pkgs-system = inputs.nixpkgs-unstable.lib.nixosSystem; 33 + 28 34 # { 29 35 # modules = [ 30 36 # { ··· 36 42 # } 37 43 # ]; 38 44 # }; 39 - 40 - in 41 - { 42 - inherit 43 - pkgs-extra-unstable 44 - pks-unstable 45 - pkgs-stable 46 - pkgs-system 47 - ; 48 45 }
+47 -31
desktop/system/configuration.nix
··· 6 6 config, 7 7 lib, 8 8 pkgs, 9 - pkgs-unstable, 10 - inputs, 9 + repos, 11 10 ... 12 11 }: 13 12 ··· 18 17 ./audio.nix 19 18 ]; 20 19 21 - # QUICKSHELl 22 - qt.enable = true; 20 + qt = { 21 + enable = true; 22 + # style = "adwaita-dark"; 23 + platformTheme = "qt5ct"; 24 + }; 23 25 24 26 nix = { 25 27 package = pkgs.lix; ··· 58 60 boot = { 59 61 supportedFilesystems = [ "ntfs" ]; 60 62 # kernelPackages = pkgs.linuxPackages_cachyos-rc; 61 - kernelPackages = pkgs.linuxPackages_cachyos; 63 + # kernelPackages = pkgs.linuxPackages_cachyos; 64 + kernelPackages = pkgs.linuxPackages_lqx; 65 + 62 66 kernelParams = [ ]; 63 67 kernel.sysctl = { 64 68 "vm.swappiness" = 100; 69 + "vm.max_map_count" = 1048576; 70 + "net.ipv4.conf.all.forwarding" = true; 71 + "net.ipv6.conf.all.forwarding" = true; 65 72 }; 66 73 67 74 extraModprobeConfig = '' 68 - options snd-hda-intel power_save=0 power_save_controller=N 75 + options snd-hda-intel power_save=0 power_save_controller=N # Disable speakers going into a powersaving state 69 76 options amdgpu ppfeaturemask=0xFFF7FFFF 70 77 ''; 71 78 ··· 78 85 "ntsync" 79 86 ]; 80 87 81 - # todo! do the gaming vm_mapsize thing 82 88 loader = { 83 89 systemd-boot = { 84 90 enable = true; ··· 96 102 enable = true; 97 103 qemu = { 98 104 swtpm.enable = true; 99 - # ovmf.packages = [ 100 - # pkgs.OVMFFull.fd 101 - # ]; 102 - # 103 105 vhostUserPackages = with pkgs; [ virtiofsd ]; 104 106 }; 105 107 }; ··· 116 118 # waydroid = { 117 119 # enable = true; 118 120 # }; 119 - 120 - # lxd = { 121 - # enable = true; 122 - # recommendedSysctlSettings = true; 123 - # ui = { 124 - # enable = true; 125 - # }; 126 - # }; 127 121 }; 128 122 129 123 hardware = { ··· 138 132 #vulkano 139 133 vulkan-loader 140 134 vulkan-validation-layers 141 - 142 - #AMD VLK 143 - # amdvlk 144 - # driversi686Linux.amdvlk 145 135 146 136 #opencl 147 137 rocmPackages.clr.icd ··· 206 196 passt = { 207 197 source = "${pkgs.passt}/bin/passt"; 208 198 capabilities = "cap_net_bind_service=ep"; 209 - owner = "snowy"; # Replace with your actual username 199 + owner = "snowy"; 210 200 group = "wheel"; 211 201 }; 212 202 }; 213 - 214 203 }; 215 204 216 205 # Set your time zone. ··· 306 295 307 296 lsfg-vk = { 308 297 enable = true; 298 + ui.enable = true; # installs gui for configuring lsfg-vk 309 299 }; 310 300 311 301 # xserver.enable = true; 312 302 #xserver.displayManager.gdm.enable = true; 313 303 desktopManager.gnome.enable = true; 304 + 305 + # Enable the COSMIC desktop environment 306 + # desktopManager.cosmic.enable = true; 314 307 315 308 sunshine = { 316 309 enable = true; ··· 354 347 "wireshark" 355 348 "input" 356 349 "libvirtd" 350 + "gamemode" 357 351 ]; 358 352 }; 359 353 }; ··· 361 355 programs = { 362 356 # firefox = { 363 357 # enable = true; 364 - # package = pkgs-unstable.firefox-devedition; 358 + # package = repos.unstable.firefox-devedition; 365 359 # }; 366 360 367 361 steam = { ··· 381 375 enable = true; 382 376 383 377 settings = { 378 + gpu = { 379 + apply_gpu_optimisations = "accept-responsibility"; # Setting this to the keyphrase "accept-responsibility" will allow gamemode to apply GPU optimisations such as overclocks 380 + amd_performance_level = "high"; # This corresponds to power_dpm_force_performance_level, "manual" is not supported for now 381 + gpu_device = 1; # The DRM device number on the system (usually 0), ie. the number in /sys/class/drm/card0/ 382 + }; 384 383 custom = { 385 - start = "${pkgs.libnotify}/bin/notify-send 'GameMode started!'"; 386 - end = "${pkgs.libnotify}/bin/notify-send 'GameMode stopped!'"; 384 + start = "${pkgs.libnotify}/bin/notify-send 'GameMode started!' && systemctl --user stop docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl stop bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 385 + end = "${pkgs.libnotify}/bin/notify-send 'GameMode stopped!' && systemctl --user start docker opentabletdriver obex gvfs-daemon.service && pkexec systemctl start bluetooth.service mullvad-daemon.service avahi-daemon.service systemd-machined ntpd"; 387 386 }; 388 387 }; 389 388 }; ··· 421 420 422 421 nix-ld.enable = true; 423 422 423 + winbox = { 424 + package = pkgs.winbox4; 425 + openFirewall = true; 426 + enable = true; 427 + }; 428 + 424 429 # home-manager.enable = true; 425 430 }; 426 431 ··· 446 451 # }; 447 452 448 453 systemPackages = with pkgs; [ 454 + # dnsmasq 455 + 449 456 nh 450 457 glib # for gsettings 451 458 # vscodium-fhs ··· 501 508 # zopfli 502 509 fwupd 503 510 android-tools 511 + netcap 512 + # nemo 513 + nemo-with-extensions 514 + nemo-fileroller 515 + nemo-preview 504 516 505 517 zellij 506 518 helix ··· 534 546 535 547 libsForQt5.qt5ct 536 548 kdePackages.qt6ct 549 + kdePackages.breeze 550 + kdePackages.breeze-icons 537 551 dconf-editor 538 552 nautilus 539 553 file-roller ··· 543 557 pavucontrol 544 558 545 559 # niri 546 - xwayland-satellite 560 + repos.unstable.xwayland-satellite 547 561 xdg-desktop-portal-gnome 548 562 549 - hyprpaper 563 + # hyprpaper 564 + swaybg 565 + swww 550 566 cosmic-session 551 567 552 568 virt-manager ··· 564 580 vesktop 565 581 r2modman 566 582 #libsForQt5.xp-pen-g430-drive 567 - libsForQt5.xp-pen-deco-01-v2-driver 583 + # libsForQt5.xp-pen-deco-01-v2-driver 568 584 # postman 569 585 # insomnia 570 586 hoppscotch
+47 -2
desktop/system/networking.nix
··· 9 9 { 10 10 # services.resolved.enable = false; 11 11 12 + # dnsmasq = { 13 + # enable = true; 14 + # settings = { 15 + # servers = [ 16 + # "1.1.1.1" 17 + # ]; 18 + # dhcp-range = [ "192.168.0.2,192.168.0.254" ]; 19 + # }; 20 + # }; 21 + 12 22 networking = { 13 23 hostName = "Snowflake"; 14 24 # wireless.enable = true; 15 - networkmanager.enable = true; 25 + networkmanager.enable = false; 16 26 # networkmanager.wifi.backend = "iwd"; 17 27 # wireless.iwd.enable = true; 18 - # useDHCP = true; 28 + useDHCP = true; 29 + 30 + # dhcpcd = { 31 + # enable = true; 32 + 33 + # denyInterfaces = [ 34 + # "br0" 35 + # "virbr0" 36 + # ]; 37 + # }; 38 + 39 + # interfaces.br0.useDHCP = true; 40 + # interfaces.enp9s0.useDHCP = false; 41 + 42 + # bridges = { 43 + # br0 = { 44 + # interfaces = [ "enp9s0" ]; 45 + # }; 46 + # }; 19 47 20 48 # search = [ 21 49 # "taila3a3d2.ts.net" 22 50 # ]; 51 + 52 + # interfaces = { 53 + # enp9s0 = { 54 + # ipv4.addresses = [ 55 + # { 56 + # address = "192.168.88.69"; 57 + # prefixLength = 24; 58 + # } 59 + # ]; 60 + # # ipv6.addresses = [ 61 + # # { 62 + # # address = "2a0a:4cc0:0:1eb::c0ff:ee"; 63 + # # prefixLength = 64; 64 + # # } 65 + # # ]; 66 + # }; 67 + # }; 23 68 24 69 nameservers = [ 25 70 # Cloudflare
+1 -1
home-server/justfile
··· 1 1 test-vm: 2 - nixos-rebuild build-vm-with-bootloader --flake .#snowlab && QEMU_NET_OPTS="hostfwd=tcp::2221-:22,hostfwd=tcp::8080-:80" ./result/bin/run-snowlab-vm 2 + nh os build-vm .#nixosConfigurations.snowlab --hostname snowlab --with-bootloader && ./result/bin/run-snowlab-vm
-1
home-server/result
··· 1 - /nix/store/wsmk41hbyl6kpv4snj02csn4vmdj1yld-nixos-vm
+41 -25
home-server/system/configuration.nix
··· 17 17 ]; 18 18 19 19 virtualisation.vmVariant.virtualisation = { 20 + memorySize = 4096; 21 + cores = 4; 22 + # diskImage = "./temp_disk"; 23 + forwardPorts = [ 24 + { 25 + from = "host"; 26 + proto = "tcp"; 27 + host = { 28 + port = 2222; 29 + }; 30 + guest = { 31 + port = 22; 32 + }; 33 + } 34 + ]; 20 35 qemu.guestAgent.enable = true; 21 - diskSize = 1024 * 12; 22 - memorySize = 1024 * 4; 23 - cores = 4; 36 + useEFIBoot = false; 37 + diskSize = 15360; 24 38 }; 25 39 26 - fileSystems."/" = { 27 - autoResize = true; 28 - }; 40 + # virtualisation.vmVariant.virtualisation = { 41 + # qemu.guestAgent.enable = true; 42 + # diskSize = 1024 * 12; 43 + # memorySize = 1024 * 4; 44 + # cores = 4; 45 + # }; 29 46 30 - boot.growPartition = true; 47 + # fileSystems."/" = { 48 + # autoResize = true; 49 + # }; 31 50 32 - services.spice-vdagentd.enable = true; 33 - services.qemuGuest.enable = true; 51 + # boot.growPartition = true; 52 + 53 + # services.spice-vdagentd.enable = true; 54 + # services.qemuGuest.enable = true; 34 55 35 56 # Enable zram (compressed ram) 36 57 zramSwap = { ··· 77 98 78 99 loader = { 79 100 efi.canTouchEfiVariables = true; 80 - 101 + refind.enable = true; 102 + timeout = 1; # Set timeout to null, so the refind nix options dont get overriden, its silly... 103 + # refind.extraConfig = '' 104 + # timeout -1 105 + # ''; 81 106 # Use grub so it works on both EFI and BOOT 82 107 grub = { 83 - enable = true; 84 - timeoutStyle = "hidden"; 85 - efiSupport = true; 86 - # efiInstallAsRemovable = true; 87 - device = "nodev"; 88 - splashImage = null; 108 + enable = false; 109 + # timeoutStyle = "hidden"; 110 + # efiSupport = true; 111 + # splashImage = null; 89 112 }; 90 113 }; 91 114 ··· 179 202 # }; 180 203 }; 181 204 182 - # virtualisation = { 183 - # docker = { 184 - # rootless = { 185 - # enable = true; 186 - # setSocketVariable = true; 187 - # }; 188 - # }; 189 - # }; 190 - 191 205 users = { 206 + mutableUsers = false; 192 207 groups.user = { }; 193 208 users = { 194 209 user = { ··· 204 219 205 220 root = { 206 221 shell = pkgs.fish; 222 + password = "goon"; 207 223 openssh.authorizedKeys.keys = [ 208 224 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 209 225 ];
+2 -1
readme.md
··· 2 2 3 3 This repo is split into two parts. 4 4 - nixos -> This is my desktop called snowflake. 5 - - server -> This is my server called snow-den. 5 + - server -> This is my vps called snow-den. 6 + - home-server -> This is my homelab called snowlab.
+14
server/.sops.yaml
··· 1 + # This example uses YAML anchors which allows reuse of multiple keys 2 + # without having to repeat yourself. 3 + # Also see https://github.com/Mic92/dotfiles/blob/d6114726d859df36ccaa32891c4963ae5717ef7f/nixos/.sops.yaml 4 + # for a more complex example. 5 + keys: 6 + - &admin_snowyboo D40CE1579C09BFD7EF4AB7E631250420834310B5 7 + - &root_server age16e3uae0sktxmwzlmcdxwn07jpudtjl0s42hnwx2qsdh9h72gc5ssktkazg 8 + creation_rules: 9 + - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$ 10 + key_groups: 11 + - pgp: 12 + - *admin_snowyboo 13 + age: 14 + - *root_server
-59
server/containers/caddy.nix
··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: 7 - 8 - let 9 - release = "nixos-25.05"; 10 - 11 - in 12 - { 13 - containers.caddy = { 14 - autoStart = true; 15 - privateNetwork = false; 16 - config = 17 - { 18 - config, 19 - pkgs, 20 - lib, 21 - ... 22 - }: 23 - { 24 - system.stateVersion = "25.05"; 25 - 26 - services.caddy = { 27 - enable = true; 28 - virtualHosts = { 29 - "mrsnowy.dev" = { 30 - serverAliases = [ 31 - "fpps4.net" 32 - "www.paradijs-in-hongarije.nl" 33 - "paradijs-in-hongarije.nl" 34 - "prowebservice.nl" 35 - "smarty.nl" 36 - "www.zendojaku.nl" 37 - "zendojaku.nl" 38 - ]; 39 - 40 - extraConfig = '' 41 - reverse_proxy https://10.0.100.65 { 42 - transport http { 43 - tls_insecure_skip_verify 44 - } 45 - } 46 - ''; 47 - }; 48 - 49 - "headscale.mrsnowy.dev" = { 50 - extraConfig = '' 51 - reverse_proxy http://localhost:3443 52 - ''; 53 - }; 54 - }; 55 - }; 56 - }; 57 - 58 - }; 59 - }
server/containers/main.nix server/containers/default.nix
+19 -84
server/flake.lock
··· 1 1 { 2 2 "nodes": { 3 - "deploy-rs": { 4 - "inputs": { 5 - "flake-compat": "flake-compat", 6 - "nixpkgs": "nixpkgs", 7 - "utils": "utils" 8 - }, 9 - "locked": { 10 - "lastModified": 1756719547, 11 - "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", 12 - "owner": "serokell", 13 - "repo": "deploy-rs", 14 - "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", 15 - "type": "github" 16 - }, 17 - "original": { 18 - "owner": "serokell", 19 - "repo": "deploy-rs", 20 - "type": "github" 21 - } 22 - }, 23 - "flake-compat": { 24 - "flake": false, 25 - "locked": { 26 - "lastModified": 1733328505, 27 - "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", 28 - "owner": "edolstra", 29 - "repo": "flake-compat", 30 - "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", 31 - "type": "github" 32 - }, 33 - "original": { 34 - "owner": "edolstra", 35 - "repo": "flake-compat", 36 - "type": "github" 37 - } 38 - }, 39 3 "home-manager": { 40 4 "inputs": { 41 5 "nixpkgs": [ ··· 43 7 ] 44 8 }, 45 9 "locked": { 46 - "lastModified": 1754263839, 47 - "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", 10 + "lastModified": 1765860045, 11 + "narHash": "sha256-7Lxp/PfOy4h3QIDtmWG/EgycaswqRSkDX4DGtet14NE=", 48 12 "owner": "nix-community", 49 13 "repo": "home-manager", 50 - "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", 14 + "rev": "09de9577d47d8bffb11c449b6a3d24e32ac16c99", 51 15 "type": "github" 52 16 }, 53 17 "original": { ··· 59 23 }, 60 24 "nixpkgs": { 61 25 "locked": { 62 - "lastModified": 1743014863, 63 - "narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=", 26 + "lastModified": 1765687488, 27 + "narHash": "sha256-7YAJ6xgBAQ/Nr+7MI13Tui1ULflgAdKh63m1tfYV7+M=", 64 28 "owner": "NixOS", 65 29 "repo": "nixpkgs", 66 - "rev": "bd3bac8bfb542dbde7ffffb6987a1a1f9d41699f", 67 - "type": "github" 68 - }, 69 - "original": { 70 - "owner": "NixOS", 71 - "ref": "nixpkgs-unstable", 72 - "repo": "nixpkgs", 73 - "type": "github" 74 - } 75 - }, 76 - "nixpkgs_2": { 77 - "locked": { 78 - "lastModified": 1754292888, 79 - "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", 80 - "owner": "NixOS", 81 - "repo": "nixpkgs", 82 - "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", 30 + "rev": "d02bcc33948ca19b0aaa0213fe987ceec1f4ebe1", 83 31 "type": "github" 84 32 }, 85 33 "original": { ··· 91 39 }, 92 40 "root": { 93 41 "inputs": { 94 - "deploy-rs": "deploy-rs", 95 42 "home-manager": "home-manager", 96 - "nixpkgs": "nixpkgs_2" 43 + "nixpkgs": "nixpkgs", 44 + "sops-nix": "sops-nix" 97 45 } 98 46 }, 99 - "systems": { 100 - "locked": { 101 - "lastModified": 1681028828, 102 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 103 - "owner": "nix-systems", 104 - "repo": "default", 105 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 106 - "type": "github" 107 - }, 108 - "original": { 109 - "owner": "nix-systems", 110 - "repo": "default", 111 - "type": "github" 112 - } 113 - }, 114 - "utils": { 47 + "sops-nix": { 115 48 "inputs": { 116 - "systems": "systems" 49 + "nixpkgs": [ 50 + "nixpkgs" 51 + ] 117 52 }, 118 53 "locked": { 119 - "lastModified": 1731533236, 120 - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 121 - "owner": "numtide", 122 - "repo": "flake-utils", 123 - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 54 + "lastModified": 1765836173, 55 + "narHash": "sha256-hWRYfdH2ONI7HXbqZqW8Q1y9IRbnXWvtvt/ONZovSNY=", 56 + "owner": "Mic92", 57 + "repo": "sops-nix", 58 + "rev": "443a7f2e7e118c4fc63b7fae05ab3080dd0e5c63", 124 59 "type": "github" 125 60 }, 126 61 "original": { 127 - "owner": "numtide", 128 - "repo": "flake-utils", 62 + "owner": "Mic92", 63 + "repo": "sops-nix", 129 64 "type": "github" 130 65 } 131 66 }
+9 -17
server/flake.nix
··· 7 7 url = "github:nix-community/home-manager/master"; 8 8 inputs.nixpkgs.follows = "nixpkgs"; 9 9 }; 10 - 11 - deploy-rs.url = "github:serokell/deploy-rs"; 10 + sops-nix = { 11 + url = "github:Mic92/sops-nix"; 12 + inputs.nixpkgs.follows = "nixpkgs"; 13 + }; 12 14 }; 13 15 14 16 outputs = ··· 16 18 self, 17 19 nixpkgs, 18 20 home-manager, 19 - deploy-rs, 20 - # zenium, 21 21 ... 22 22 }@inputs: 23 23 ··· 34 34 35 35 modules = [ 36 36 ./system/configuration.nix 37 - ./containers/main.nix 37 + ./containers 38 + ./services 38 39 "${nixpkgs}/nixos/modules/profiles/minimal.nix" 39 40 41 + # Nix secrets hehe :3 42 + inputs.sops-nix.nixosModules.sops 43 + 40 44 home-manager.nixosModules.home-manager 41 45 { 42 46 home-manager.useGlobalPkgs = true; ··· 47 51 }; 48 52 } 49 53 ]; 50 - }; 51 - 52 - # deploy-rs config 53 - deploy.nodes.snow-den = { 54 - hostname = "server"; # can be IP or hostname in SSH config 55 - profiles.system = { 56 - sshUser = "snow"; # non-root user with access 57 - user = "root"; 58 - interacticeSudo = true; 59 - remoteBuild = true; 60 - path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.snow-den; 61 - }; 62 54 }; 63 55 }; 64 56 }
-3
server/home-manager/snow.nix
··· 14 14 15 15 packages = with pkgs; [ 16 16 git 17 - # nixd 18 - # nixfmt-rfc-style 19 17 devenv 20 18 # yazi 21 19 ctop 22 - # inputs.zenium.packages."${system}".zenium-remote-server-bin 23 20 ]; 24 21 }; 25 22
+4 -1
server/justfile
··· 5 5 nixos-rebuild dry-run --flake .#snow-den 6 6 7 7 deploy: 8 - nixos-rebuild switch --flake .#snow-den --target-host server --use-remote-sudo 8 + nixos-rebuild switch --flake .#snow-den --target-host server --build-host server --use-remote-sudo 9 + 10 + update: 11 + nix flake update 9 12 10 13 test-vm: 11 14 nixos-rebuild build-vm-with-bootloader --flake .#snow-den && QEMU_NET_OPTS="hostfwd=tcp::2221-:335,hostfwd=tcp::8080-:80" ./result/bin/run-snow-den-vm
-1
server/result
··· 1 - /nix/store/q2l4r4920q2zrm7mh6j718h68k8kz4nz-nixos-vm
+45
server/secrets/example.yaml
··· 1 + example_key: ENC[AES256_GCM,data:xqHoe3fPJwbpEytLkw==,iv:KLQf+7WKGViSrNIqR1sWIAEg2WVH0UfjK6PwVxbXVWM=,tag:zeWSmtJO3kJ/eCXJNp/h8Q==,type:str] 2 + #ENC[AES256_GCM,data:+b7sZjD7+b6SgA==,iv:x6SjxKlIOSH6CgT7Yb9e31p4bHlPZuRJ9FBMKpir+3k=,tag:j8gk26rDYzMIr/zUM+tKDQ==,type:comment] 3 + garage: 4 + #ENC[AES256_GCM,data:Yx8PEnI/5OpHx6iVtE1oASzXSMJpEdgdX5V+5zUGDP6R1g==,iv:ggeiDdg3uzZKwRyw/yFFWg1ohxGbrHiSrhXbydhG10g=,tag:RrwmHXYdERfyh0JE1xEq0g==,type:comment] 5 + rpc_secret: ENC[AES256_GCM,data:4pv/pkXGajsUxxcQ/qrn4S5rB1sVATgTlDK58aZmtR7vu777DhnMnC+kIYijKt/Sr/fKbbfcNnYHVx1XV0LnhA==,iv:WY+V7viT7LSoKLbEgjncyzih82zQvFjWlvDDpDEuwb0=,tag:Fd98GTbXnqYWw5Onh1BR6A==,type:str] 6 + #ENC[AES256_GCM,data:Df0g74tf3/UB0jOq1tIwxzyipJ66ZVdt4Qe17kS4ou635wM0jTyxuqw0hIM=,iv:M91CxwA7PsUJse7sIwWEdF54a0o+ZuOyT5IS5UGaWdk=,tag:CrCbgoPh1dHCmC/BxaVBtw==,type:comment] 7 + admin_token: ENC[AES256_GCM,data:RAftH7+QvGbGiY3V+COPFwsSiiqfcg3w0JTOgabLNujcK+6eXz25mveeSQd6kBe8wbZm3+nC21fq1Q3SRXo10w==,iv:1Hy9p6c+0N/pu8m+AevCcWQj2AwWtKcL9/W43R1XDn0=,tag:Aaj1vFWsBqhiyz0fdohokA==,type:str] 8 + #ENC[AES256_GCM,data:Df0g74tf3/UB0jOq1tIwxzyipJ66ZVdt4Qe17kS4ou635wM0jTyxuqw0hIM=,iv:M91CxwA7PsUJse7sIwWEdF54a0o+ZuOyT5IS5UGaWdk=,tag:CrCbgoPh1dHCmC/BxaVBtw==,type:comment] 9 + metrics_token: ENC[AES256_GCM,data:aMEA+JL+Dnd+S4v6ypA/eMocI1nOOHLvGrOtaKN0Vkx2U6c9EYnOZ09DfpPb4n+r9p0X/cOt09zW+ZSQEJqS7A==,iv:a5UUHkybp87dO0Gk6vbta9L5C4EbYZ3oRQS8ItlQILE=,tag:4HCPGq5+jmVsgpODBxefPg==,type:str] 10 + sops: 11 + age: 12 + - recipient: age16e3uae0sktxmwzlmcdxwn07jpudtjl0s42hnwx2qsdh9h72gc5ssktkazg 13 + enc: | 14 + -----BEGIN AGE ENCRYPTED FILE----- 15 + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTDYwLy9Sanh4aWttNnVk 16 + WGJHQ1lmcDcwLzlEY3hhKzBmQkgyb0lwdGlrCjZXVm1hT1hKOU11ZndIVVhuRHFO 17 + SDN4ZDJYSGRQMldZa2dPNmQyelR5cjQKLS0tIHVPNVBqT3pmWVdySlZPK001c3p5 18 + dUp2cU1wMU1Kd2J2cmlBMmlnbjVJV2sKkKx5nO2auold0qB6066aY1KXAjC2slna 19 + G+Cy8EcjgRh29w5RFRyx541jOGvtf+wuz11R1dUY1o/NHdn2wFhJTg== 20 + -----END AGE ENCRYPTED FILE----- 21 + lastmodified: "2025-12-21T11:43:03Z" 22 + mac: ENC[AES256_GCM,data:2MfZXU76GBuqU1ZYvknpPys24hW5eVEqotg3yFt8xupdS4EVGLGV1Ay36iL7Nd79j4iU3TSMqbyx5Gepqtwix/XnBy91bcq9TFKcvZ868PuntJR2BUKKggDwK544P0Mhh8BGHYsHCbwiemfGZUecoEqe9caToKBlZL2MITvav3I=,iv:kIeHl8m+HVcHtqzPF+jiiIV8k2/WtKXuToZ+gR385UA=,tag:+m9wK2Q5GwSFHKkK3GMPrg==,type:str] 23 + pgp: 24 + - created_at: "2025-12-19T16:08:52Z" 25 + enc: |- 26 + -----BEGIN PGP MESSAGE----- 27 + 28 + hQIMA09oKgMfawMUAQ//WkbrA+iFyXsH1YRr1hT2gxG406yD+c4jfTBY/CAzARgj 29 + vyyjJ5rVcltzXQBKNzgnBFsn6GW95vWVKh98Q7KksC3Qm72NOZtPc5iai3y151Z2 30 + qxiwNFKD/VBIpuxX86MypkbwEuZn3N0teiGTaTx9dKxc9/y4WqjusD5Xp6O2T4oO 31 + 617JWKTTp+66Ca8t8SuUZQ+bl1nNmJOETn7a8Ws+HZe6n0Pcx9VCfHnAGPziVYTc 32 + x5n6z5FnGWf+kmBpExmRiE+37Waa3+YMm7SOY7HlsompVWNww1WyiMnPGs9cAUOj 33 + XsfMnMnoxiGoPeTvFbsLobeY0S8TcpIfJ43LmPqurK4a3/Cd8Z5rKS8BqrpchFy1 34 + uqPzQ/4oKmduzWcTdzmqxBDe1AsUXZZs7Tq2ypJ9oFdQy226baur85PJb9skLe2k 35 + UcJaJ/UTxlnUv4LTCBOXbBglpoFLcwIQeT54MyoozhMBY2Cndj9ffto8UaZwMq2l 36 + ppnfAGbUVVk1OFd/DNTzflXDb0W1ZN7e2+4voYlggplFfqqDVEi5b1WyJc6EE0ep 37 + uhJjeokdtKbAwSbrN78+WWnrGFIb6x3w6jh9VTqLw3zFlHL0YIcz5pyJMrA++Wh8 38 + qJwDGpPNVkrq5a1vJovYqtQM34Ih9MGLQvf7cCbHDoO+1OqGULGlm3jXtev+/0/S 39 + XgE2h3SCo2eCXBGaGYttIq+s0QDFNueT7luAvr81wTHBiKnMdg7cnjkJPebE4AM3 40 + OJKxYUb7ie7MsDTZBiR6Wgpp0Ygqo1J+YTcyQPeKy/HbmLiv9jlAmRKqxxIVHjg= 41 + =JhLZ 42 + -----END PGP MESSAGE----- 43 + fp: D40CE1579C09BFD7EF4AB7E631250420834310B5 44 + unencrypted_suffix: _unencrypted 45 + version: 3.11.0
+129
server/services/caddy.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + let 8 + hestia_ip = "10.0.100.65"; 9 + in 10 + { 11 + services.caddy = { 12 + enable = true; 13 + globalConfig = '' 14 + 15 + ''; 16 + 17 + extraConfig = '' 18 + mrsnowy.dev, mail.mrsnowy.dev, fpps4.net, www.paradijs-in-hongarije.nl, paradijs-in-hongarije.nl, prowebservice.nl, smarty.nl, www.zendojaku.nl, zendojaku.nl { 19 + reverse_proxy https://${hestia_ip} { 20 + transport http { 21 + tls_insecure_skip_verify 22 + } 23 + } 24 + } 25 + 26 + hestia.mrsnowy.dev { 27 + reverse_proxy https://${hestia_ip}:8083 { 28 + transport http { 29 + tls_insecure_skip_verify 30 + } 31 + } 32 + } 33 + 34 + api.fpps4.net { 35 + encode zstd gzip 36 + 37 + reverse_proxy https://${hestia_ip} { 38 + transport http { 39 + tls_insecure_skip_verify 40 + } 41 + } 42 + 43 + header { 44 + Access-Control-Allow-Origin * 45 + } 46 + } 47 + 48 + dockge.mrsnowy.dev { 49 + reverse_proxy :${toString config.ports.dockge} 50 + } 51 + 52 + vaultwarden.mrsnowy.dev { 53 + reverse_proxy :${toString config.ports.vaultwarden} 54 + } 55 + 56 + stream.mrsnowy.dev { 57 + reverse_proxy :${toString config.ports.broadcast_box} 58 + } 59 + 60 + board.mrsnowy.dev { 61 + reverse_proxy :${toString config.ports.grafana} 62 + } 63 + 64 + adminpg.mrsnowy.dev { 65 + reverse_proxy :${toString config.ports.pgadmin} 66 + } 67 + 68 + obsidian.mrsnowy.dev { 69 + reverse_proxy :${toString config.ports.couchdb} 70 + } 71 + 72 + ente.mrsnowy.dev { 73 + reverse_proxy :${toString config.ports.ente.web} 74 + header { 75 + Access-Control-Allow-Origin https://minio.ente.mrsnowy.dev 76 + } 77 + } 78 + 79 + api.ente.mrsnowy.dev { 80 + reverse_proxy :${toString config.ports.ente.api} 81 + } 82 + 83 + accounts.ente.mrsnowy.dev { 84 + reverse_proxy :${toString config.ports.ente.accounts} 85 + } 86 + 87 + albums.ente.mrsnowy.dev { 88 + reverse_proxy :${toString config.ports.ente.albums} 89 + } 90 + 91 + auth.ente.mrsnowy.dev { 92 + reverse_proxy :${toString config.ports.ente.auth} 93 + } 94 + 95 + cast.ente.mrsnowy.dev { 96 + reverse_proxy :${toString config.ports.ente.cast} 97 + } 98 + 99 + embed.ente.mrsnowy.dev { 100 + reverse_proxy :${toString config.ports.ente.embed} 101 + } 102 + 103 + minio.ente.mrsnowy.dev { 104 + reverse_proxy :${toString config.ports.ente.minio.api} 105 + } 106 + 107 + minio-web.ente.mrsnowy.dev { 108 + reverse_proxy :${toString config.ports.ente.minio.web} 109 + } 110 + 111 + headscale.mrsnowy.dev { 112 + reverse_proxy :${toString config.ports.headscale} 113 + } 114 + 115 + syncthing.mrsnowy.dev { 116 + reverse_proxy :${toString config.ports.syncthing} 117 + } 118 + 119 + *.garage.mrsnowy.dev, garage.mrsnowy.dev { 120 + reverse_proxy :${toString config.ports.garage.web_api} 121 + } 122 + 123 + *.s3.mrsnowy.dev, s3.mrsnowy.dev { 124 + reverse_proxy :${toString config.ports.garage.s3_api} 125 + } 126 + ''; 127 + }; 128 + 129 + }
+15
server/services/default.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + 8 + { 9 + imports = [ 10 + ./incus.nix 11 + ./random.nix 12 + ./garage.nix 13 + ./caddy.nix 14 + ]; 15 + }
+58
server/services/garage.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + { 8 + # todo! garage-webui :3 9 + services.garage = { 10 + enable = true; 11 + package = pkgs.garage_2; 12 + settings = { 13 + db_engine = "sqlite"; 14 + compression_level = 18; 15 + replication_factor = 1; 16 + consistency_mode = "consistent"; 17 + metadata_fsync = true; 18 + data_fsync = true; 19 + allow_world_readable_secrets = true; 20 + 21 + data_dir = [ 22 + { 23 + capacity = "200G"; 24 + path = "/var/lib/garage/data"; 25 + } 26 + ]; 27 + 28 + rpc_bind_addr = "[::]:3901"; 29 + # rpc_public_addr = "127.0.0.1:3901"; 30 + rpc_secret_file = config.sops.secrets."garage/rpc_secret".path; 31 + 32 + bootstrap_peers = [ ]; 33 + 34 + s3_api = { 35 + api_bind_addr = "[::]:${toString config.ports.garage.s3_api}"; 36 + s3_region = "Europe-1"; 37 + root_domain = "s3.mrsnowy.dev"; 38 + }; 39 + 40 + s3_web = { 41 + bind_addr = "[::]:${toString config.ports.garage.web_api}"; 42 + index = "index.html"; 43 + root_domain = "garage.mrsnowy.dev"; 44 + }; 45 + 46 + admin = { 47 + api_bind_addr = "[::]:${toString config.ports.garage.admin}"; 48 + admin_token_file = config.sops.secrets."garage/admin_token".path; 49 + metrics_token_file = config.sops.secrets."garage/metrics_token".path; 50 + metrics_require_token = true; 51 + }; 52 + 53 + # k2v_api = { 54 + # api_bind_addr = "[::]:3904"; 55 + # }; 56 + }; 57 + }; 58 + }
+7 -18
server/services/incus.nix
··· 1 - { pkgs, ... }: 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 2 7 { 3 8 virtualisation.incus = { 4 9 enable = true; ··· 13 18 14 19 preseed = { 15 20 config = { 16 - "core.https_address" = ":8444"; 21 + "core.https_address" = ":${toString config.ports.incus}"; 17 22 "core.shutdown_timeout" = "3"; 18 23 "images.compression_algorithm" = "xz"; 19 24 "backups.compression_algorithm" = "xz"; ··· 55 60 }; 56 61 } 57 62 ]; 58 - 59 - # projects = [ 60 - # { 61 - # name = "hestia-project"; 62 - # # descripion = "Project for hestia"; 63 - # config = { 64 - # "features.images" = true; 65 - # "features.networks" = true; 66 - # "features.networks.zones" = false; 67 - # "features.profiles" = false; 68 - # "features.storage.buckets" = false; 69 - # "features.storage.volumes" = true; 70 - # }; 71 - # } 72 - # ]; 73 - 74 63 }; 75 64 }; 76 65 }
-11
server/services/main.nix
··· 1 - { 2 - config, 3 - lib, 4 - pkgs, 5 - ... 6 - }: 7 - { 8 - imports = [ 9 - ./incus.nix 10 - ]; 11 - }
+62
server/services/random.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + 8 + { 9 + 10 + services = { 11 + openssh = { 12 + enable = true; 13 + ports = [ 14 + 335 15 + ]; 16 + allowSFTP = true; 17 + banner = "meow meow\n"; 18 + authorizedKeysInHomedir = false; 19 + settings = { 20 + PasswordAuthentication = false; 21 + PermitRootLogin = "no"; 22 + AllowUsers = [ 23 + "snow" 24 + "file-backup" 25 + ]; 26 + }; 27 + extraConfig = '' 28 + Match User file-backup 29 + ChrootDirectory %h 30 + ForceCommand internal-sftp -d /meow -u 700 31 + ''; 32 + }; 33 + 34 + endlessh-go = { 35 + enable = true; 36 + port = 22; 37 + prometheus = { 38 + enable = true; 39 + port = 2112; 40 + }; 41 + }; 42 + 43 + headscale = { 44 + enable = true; 45 + port = config.ports.headscale; 46 + settings = { 47 + server_url = "https://headscale.mrsnowy.dev"; 48 + dns.base_domain = "magicdns.headscale.mrsnowy.dev"; 49 + }; 50 + }; 51 + 52 + syncthing = { 53 + enable = false; 54 + overrideDevices = true; 55 + overrideFolders = false; 56 + guiAddress = "127.0.0.1:${toString config.ports.syncthing}"; 57 + settings.options.urAccepted = -1; 58 + }; 59 + 60 + tailscale.enable = true; 61 + }; 62 + }
+37 -56
server/system/configuration.nix
··· 3 3 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 4 5 5 { 6 - # config, 7 - # lib, 6 + config, 7 + lib, 8 8 pkgs, 9 9 ... 10 10 }: ··· 13 13 imports = [ 14 14 # Include the results of the hardware scan. 15 15 ./hardware-configuration.nix 16 - ../services/main.nix 17 16 ./network.nix 17 + ./sops.nix 18 + ./ports.nix 18 19 ]; 19 20 20 21 zramSwap = { ··· 76 77 77 78 grub = { 78 79 enable = true; 79 - timeoutStyle = "hidden"; 80 + timeoutStyle = "menu"; 80 81 efiSupport = true; 81 82 # efiInstallAsRemovable = true; 82 83 device = "nodev"; ··· 145 146 }; 146 147 }; 147 148 148 - services = { 149 - openssh = { 150 - enable = true; 151 - ports = [ 152 - 335 153 - ]; 154 - allowSFTP = true; 155 - settings = { 156 - PasswordAuthentication = false; 157 - PermitRootLogin = "no"; 158 - }; 159 - }; 160 - 161 - # endlessh-go = { 162 - # enable = true; 163 - # port = 22; 164 - 165 - # prometheus = { 166 - # enable = true; 167 - # port = 2112; 168 - # listenAddress = "0.0.0.0"; 169 - # }; 170 - # }; 171 - 172 - headscale = { 173 - enable = true; 174 - port = 3443; 175 - settings = { 176 - server_url = "https://headscale.mrsnowy.dev:3443"; 177 - dns.base_domain = "magicdns.headscale.mrsnowy.dev"; 178 - }; 179 - }; 180 - 181 - tailscale.enable = true; 182 - 183 - # prometheus = { 184 - # enable = true; 185 - # }; 186 - }; 187 - 188 149 programs = { 189 150 nano.enable = false; 190 151 fish.enable = true; 191 - nh = { 192 - enable = true; 193 - flake = "/etc/nixos"; 194 - }; 152 + # nh = { 153 + # enable = true; 154 + # flake = "/etc/nixos"; 155 + # }; 195 156 }; 196 157 197 158 security = { ··· 242 203 }; 243 204 244 205 users = { 245 - groups.radcliffe = { }; 246 - groups.proc-bypass = { }; 206 + groups = { 207 + snow = { }; 208 + file-share = { }; 209 + proc-bypass = { }; 210 + file-backup = { }; 211 + }; 247 212 users = { 248 213 snow = { 249 214 isNormalUser = true; 250 215 description = "snow"; 251 216 linger = true; 217 + group = "snow"; 252 218 extraGroups = [ 253 219 "wheel" 254 220 "proc-bypass" 221 + "users" 255 222 ]; 256 223 shell = pkgs.fish; 257 224 openssh.authorizedKeys.keys = [ 258 225 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 259 226 ]; 260 227 }; 261 - radcliffe = { 228 + # file-backup = { 229 + # isNormalUser = true; 230 + # description = "A user for backuping files onto"; 231 + # group = "file-backup"; 232 + # # shell = "${pkgs.util-linux}/bin/nologin"; 233 + # openssh.authorizedKeys.keys = [ 234 + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 235 + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWIEtXpj/CKFep8RqmpSQchYPNEUHGFnwP4UjJS16ey snowy@Snowflake" 236 + # ]; 237 + # }; 238 + file-share = { 262 239 isNormalUser = true; 263 - linger = true; 264 - group = "radcliffe"; 265 - extraGroups = [ 266 - "proc-bypass" 267 - ]; 240 + group = "file-share"; 268 241 shell = pkgs.fish; 269 242 openssh.authorizedKeys.keys = [ 270 243 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" ··· 274 247 shell = pkgs.fish; 275 248 }; 276 249 }; 250 + }; 251 + 252 + systemd = { 253 + user.services.docker.unitConfig.ConditionUser = lib.mkForce "snow"; 254 + # tmpfiles.rules = [ 255 + # "d ${config.users.users.file-backup.home} 0755 root root -" 256 + # "d ${config.users.users.file-backup.home}/meow 0700 ${config.users.users.file-backup.name} ${config.users.users.file-backup.group} -" 257 + # ]; 277 258 }; 278 259 }
+1 -1
server/system/network.nix
··· 114 114 # broadcast-box 115 115 9070 116 116 117 - # Satisfactory 117 + # Satisfactory && Astroneer 118 118 7777 119 119 120 120 # Steam
+40
server/system/ports.nix
··· 1 + # All http ports 2 + { lib, config, ... }: 3 + 4 + { 5 + options.ports = lib.mkOption { 6 + type = lib.types.attrsOf lib.types.anything; 7 + default = { 8 + dockge = 3000; 9 + vaultwarden = 3001; 10 + broadcast_box = 3002; 11 + grafana = 3003; 12 + pgadmin = 3004; 13 + couchdb = 3005; 14 + 15 + ente = { 16 + api = 3006; 17 + web = 3007; 18 + accounts = 3008; 19 + albums = 3009; 20 + auth = 3010; 21 + cast = 3011; 22 + embed = 3017; 23 + minio = { 24 + api = 3012; 25 + web = 3013; 26 + }; 27 + }; 28 + 29 + garage = { 30 + s3_api = 3014; 31 + web_api = 3015; 32 + admin = 3016; 33 + }; 34 + 35 + syncthing = 3020; 36 + headscale = 3443; 37 + incus = 8444; 38 + }; 39 + }; 40 + }
+46
server/system/sops.nix
··· 1 + { 2 + config, 3 + lib, 4 + pkgs, 5 + ... 6 + }: 7 + 8 + { 9 + sops = { 10 + defaultSopsFile = ../secrets/example.yaml; 11 + age = { 12 + keyFile = "/root/.config/sops/age/keys.txt"; 13 + generateKey = false; 14 + }; 15 + secrets = { 16 + example_key = { }; 17 + "garage/rpc_secret" = { 18 + mode = "0440"; 19 + # owner = config.users.users.root.name; 20 + group = "sops_garage"; 21 + }; 22 + 23 + "garage/admin_token" = { 24 + mode = "0440"; 25 + # owner = config.users.users.root.name; 26 + group = "sops_garage"; 27 + }; 28 + 29 + "garage/metrics_token" = { 30 + mode = "0440"; 31 + # owner = config.users.users.root.name; 32 + group = "sops_garage"; 33 + }; 34 + }; 35 + }; 36 + 37 + users.groups = { 38 + sops_garage = { }; 39 + }; 40 + 41 + systemd.services = { 42 + garage.serviceConfig.SupplementaryGroups = [ 43 + "sops_garage" 44 + ]; 45 + }; 46 + }