Updated server stuff · mrsnowy.dev/dotfiles@9a8ff9e

+2

.config/hypr/hyprland.conf

··· 52 52 exec-once = wl-paste --type image --watch cliphist store #Stores only image data 53 53 #exec-once = hyprpm reload -n 54 54 #exec-once = hyprctl plugin load $(find /nix/store -maxdepth 1 -wholename "*-hyprsplit-$(hyprctl version -j | jq -r .version)" -print -quit)/lib/libhyprsplit.so 55 + exec-once = hyprctl plugin load ${$LIB_HYPRSPLIT} 56 + exec-once = ${$POLKIT_GNOME} 55 57 #exec-once = gentoo-pipewire-launcher 56 58 #exec-once = kwalletd5 & 57 59

+21 -122

nixos/flake.lock

··· 56 56 "type": "github" 57 57 } 58 58 }, 59 - "fennec-flake": { 60 - "inputs": { 61 - "flake-parts": "flake-parts", 62 - "nixpkgs": "nixpkgs_2" 63 - }, 64 - "locked": { 65 - "lastModified": 1754899525, 66 - "narHash": "sha256-B1tfF/LeK7m/LFtB8t8H3lspOCtS9oOjztk297Juyvk=", 67 - "ref": "mrrow", 68 - "rev": "9ed246b1a635ed2edb5a7ff2bf55343494622f70", 69 - "revCount": 43, 70 - "type": "git", 71 - "url": "https://git.killuaa.dev/Rouffy/fennec-flake" 72 - }, 73 - "original": { 74 - "ref": "mrrow", 75 - "type": "git", 76 - "url": "https://git.killuaa.dev/Rouffy/fennec-flake" 77 - } 78 - }, 79 59 "flake-compat": { 80 60 "flake": false, 81 61 "locked": { ··· 110 90 "type": "github" 111 91 } 112 92 }, 113 - "flake-parts_2": { 114 - "inputs": { 115 - "nixpkgs-lib": "nixpkgs-lib_2" 116 - }, 117 - "locked": { 118 - "lastModified": 1754487366, 119 - "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", 120 - "owner": "hercules-ci", 121 - "repo": "flake-parts", 122 - "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", 123 - "type": "github" 124 - }, 125 - "original": { 126 - "owner": "hercules-ci", 127 - "repo": "flake-parts", 128 - "type": "github" 129 - } 130 - }, 131 93 "flake-schemas": { 132 94 "locked": { 133 95 "lastModified": 1721999734, ··· 295 257 "hyprlang": "hyprlang", 296 258 "hyprutils": "hyprutils", 297 259 "hyprwayland-scanner": "hyprwayland-scanner", 298 - "nixpkgs": "nixpkgs_3", 260 + "nixpkgs": "nixpkgs_2", 299 261 "pre-commit-hooks": "pre-commit-hooks", 300 262 "systems": "systems", 301 263 "xdph": "xdph" ··· 311 273 "original": { 312 274 "owner": "hyprwm", 313 275 "repo": "Hyprland", 314 - "type": "github" 315 - } 316 - }, 317 - "hyprland-plugins": { 318 - "inputs": { 319 - "hyprland": [ 320 - "hyprland" 321 - ], 322 - "nixpkgs": [ 323 - "hyprland-plugins", 324 - "hyprland", 325 - "nixpkgs" 326 - ], 327 - "systems": [ 328 - "hyprland-plugins", 329 - "hyprland", 330 - "systems" 331 - ] 332 - }, 333 - "locked": { 334 - "lastModified": 1756806479, 335 - "narHash": "sha256-+RLX4BmuMw4c97npsBcjjEuy+s83POX9Yp8Nkj499lA=", 336 - "owner": "hyprwm", 337 - "repo": "hyprland-plugins", 338 - "rev": "b8d6d369618078b2dbb043480ca65fe3521f273b", 339 - "type": "github" 340 - }, 341 - "original": { 342 - "owner": "hyprwm", 343 - "repo": "hyprland-plugins", 344 276 "type": "github" 345 277 } 346 278 }, ··· 618 550 "type": "github" 619 551 } 620 552 }, 621 - "nixpkgs-lib": { 553 + "nixpkgs-extra-unstable": { 622 554 "locked": { 623 - "lastModified": 1753579242, 624 - "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", 625 - "owner": "nix-community", 626 - "repo": "nixpkgs.lib", 627 - "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", 555 + "lastModified": 1757034884, 556 + "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", 557 + "owner": "NixOS", 558 + "repo": "nixpkgs", 559 + "rev": "ca77296380960cd497a765102eeb1356eb80fed0", 628 560 "type": "github" 629 561 }, 630 562 "original": { 631 - "owner": "nix-community", 632 - "repo": "nixpkgs.lib", 563 + "owner": "NixOS", 564 + "ref": "nixpkgs-unstable", 565 + "repo": "nixpkgs", 633 566 "type": "github" 634 567 } 635 568 }, 636 - "nixpkgs-lib_2": { 569 + "nixpkgs-lib": { 637 570 "locked": { 638 571 "lastModified": 1753579242, 639 572 "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", ··· 648 581 "type": "github" 649 582 } 650 583 }, 651 - "nixpkgs-pgks-unstable": { 652 - "locked": { 653 - "lastModified": 1757034884, 654 - "narHash": "sha256-PgLSZDBEWUHpfTRfFyklmiiLBE1i1aGCtz4eRA3POao=", 655 - "owner": "NixOS", 656 - "repo": "nixpkgs", 657 - "rev": "ca77296380960cd497a765102eeb1356eb80fed0", 658 - "type": "github" 659 - }, 660 - "original": { 661 - "owner": "NixOS", 662 - "ref": "nixpkgs-unstable", 663 - "repo": "nixpkgs", 664 - "type": "github" 665 - } 666 - }, 667 584 "nixpkgs-stable": { 668 585 "locked": { 669 - "lastModified": 1751274312, 670 - "narHash": "sha256-/bVBlRpECLVzjV19t5KMdMFWSwKLtb5RyXdjz3LJT+g=", 586 + "lastModified": 1757408970, 587 + "narHash": "sha256-aSgK4BLNFFGvDTNKPeB28lVXYqVn8RdyXDNAvgGq+k0=", 671 588 "owner": "NixOS", 672 589 "repo": "nixpkgs", 673 - "rev": "50ab793786d9de88ee30ec4e4c24fb4236fc2674", 590 + "rev": "d179d77c139e0a3f5c416477f7747e9d6b7ec315", 674 591 "type": "github" 675 592 }, 676 593 "original": { 677 594 "owner": "NixOS", 678 - "ref": "nixos-24.11", 595 + "ref": "nixos-25.05", 679 596 "repo": "nixpkgs", 680 597 "type": "github" 681 598 } ··· 698 615 }, 699 616 "nixpkgs_2": { 700 617 "locked": { 701 - "lastModified": 1754725699, 702 - "narHash": "sha256-iAcj9T/Y+3DBy2J0N+yF9XQQQ8IEb5swLFzs23CdP88=", 703 - "owner": "NixOS", 704 - "repo": "nixpkgs", 705 - "rev": "85dbfc7aaf52ecb755f87e577ddbe6dbbdbc1054", 706 - "type": "github" 707 - }, 708 - "original": { 709 - "owner": "NixOS", 710 - "ref": "nixos-unstable", 711 - "repo": "nixpkgs", 712 - "type": "github" 713 - } 714 - }, 715 - "nixpkgs_3": { 716 - "locked": { 717 618 "lastModified": 1757068644, 718 619 "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=", 719 620 "owner": "NixOS", ··· 728 629 "type": "github" 729 630 } 730 631 }, 731 - "nixpkgs_4": { 632 + "nixpkgs_3": { 732 633 "locked": { 733 634 "lastModified": 1756731054, 734 635 "narHash": "sha256-kifUBw3WDopsgxUq0X9hFb2MMDeqhREbF1YttEj6IpM=", ··· 743 644 "type": "github" 744 645 } 745 646 }, 746 - "nixpkgs_5": { 647 + "nixpkgs_4": { 747 648 "locked": { 748 649 "lastModified": 1755615617, 749 650 "narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", ··· 785 686 "root": { 786 687 "inputs": { 787 688 "chaotic": "chaotic", 788 - "fennec-flake": "fennec-flake", 789 689 "home-manager": "home-manager_2", 790 690 "hyprland": "hyprland", 791 - "hyprland-plugins": "hyprland-plugins", 792 691 "lsfg-vk-flake": "lsfg-vk-flake", 793 692 "nix-index": "nix-index", 794 - "nixpkgs-pgks-unstable": "nixpkgs-pgks-unstable", 693 + "nixpkgs-extra-unstable": "nixpkgs-extra-unstable", 795 694 "nixpkgs-stable": "nixpkgs-stable", 796 695 "nixpkgs-unstable": "nixpkgs-unstable", 797 696 "zed-editor": "zed-editor", ··· 877 776 }, 878 777 "zed-editor": { 879 778 "inputs": { 880 - "flake-parts": "flake-parts_2", 881 - "nixpkgs": "nixpkgs_4" 779 + "flake-parts": "flake-parts", 780 + "nixpkgs": "nixpkgs_3" 882 781 }, 883 782 "locked": { 884 783 "lastModified": 1756797624, ··· 897 796 "zen-browser": { 898 797 "inputs": { 899 798 "home-manager": "home-manager_3", 900 - "nixpkgs": "nixpkgs_5" 799 + "nixpkgs": "nixpkgs_4" 901 800 }, 902 801 "locked": { 903 802 "lastModified": 1757395105,

+1 -1

nixos/flake.nix

··· 40 40 chaotic, 41 41 # fennec-flake, 42 42 zed-editor, 43 - nixpkgs-pgks-unstable, 43 + nixpkgs-extra-unstable, 44 44 lsfg-vk-flake, 45 45 nix-index, 46 46 ...

+9 -1

nixos/home-manager/snowy.nix

··· 62 62 63 63 wineWowPackages.staging 64 64 # wine64 65 + pkgs-extra-unstable.hyprlandPlugins.hyprsplit 65 66 ]; 67 + 68 + 69 + systemd.user.sessionVariables = { 70 + # Define some locations of some files, this seemed like the least wack way to do things. 71 + POLKIT_GNOME = "${pkgs.polkit_gnome}/libexec/polkit-gnome-authentication-agent-1"; 72 + LIB_HYPRSPLIT = "${pkgs-extra-unstable.hyprlandPlugins.hyprsplit}/lib/libhyprsplit.so" 73 + }; 66 74 67 75 programs = { 68 76 ··· 143 151 ]; 144 152 }; 145 153 146 - # Make it base it on my hyprland config, I dont like managing configs throug home manager tbh. 154 + # Make it base it on my hyprland config, I dont like managing configs trough home manager tbh. 147 155 extraConfig = builtins.readFile ../../.config/hypr/hyprland.conf; 148 156 }; 149 157

+4

nixos/home-manager/snowy/stow.sh

··· 1 + #!/usr/bin/env nix-shell 2 + #!nix-shell -i bash -p stow 3 + 4 + stow silly

+2

nixos/system/configuration.nix

··· 20 20 qt.enable = true; 21 21 22 22 nix = { 23 + package = pkgs.lix; 24 + 23 25 settings = { 24 26 experimental-features = [ 25 27 "nix-command"

-254

server/configuration.nix

··· 1 - # Edit this configuration file to define what should be installed on 2 - # your system. Help is available in the configuration.nix(5) man page, on 3 - # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 - 5 - { config, lib, pkgs, ... }: 6 - 7 - { 8 - imports = 9 - [ # Include the results of the hardware scan. 10 - ./hardware-configuration.nix 11 - ]; 12 - 13 - zramSwap = { 14 - enable = true; 15 - algorithm = "zstd"; 16 - }; 17 - 18 - swapDevices = [{ 19 - device = "/swapfile"; 20 - size = 8 * 1024; # 16GB 21 - }]; 22 - 23 - nix = { 24 - settings = { 25 - experimental-features = [ 26 - "nix-command" 27 - "flakes" 28 - ]; 29 - # trusted-user = { 30 - # "@wheel" 31 - # }; 32 - auto-optimise-store = true; 33 - }; 34 - gc = { 35 - automatic = true; 36 - dates = "daily"; 37 - }; 38 - }; 39 - 40 - # Use grub so it works on both EFI and BOOT 41 - boot = { 42 - loader = { 43 - efi.canTouchEfiVariables = true; 44 - 45 - grub = { 46 - enable = true; 47 - timeoutStyle = "hidden"; 48 - efiSupport = true; 49 - # efiInstallAsRemovable = true; 50 - device = "nodev"; 51 - splashImage = null; 52 - }; 53 - }; 54 - 55 - blacklistedKernelModules = [ 56 - # Obscure network protocols 57 - "ax25" 58 - "netrom" 59 - "rose" 60 - 61 - # Old or rare or insufficiently audited filesystems 62 - "adfs" 63 - "affs" 64 - "bfs" 65 - "befs" 66 - "cramfs" 67 - "efs" 68 - "erofs" 69 - "exofs" 70 - "freevxfs" 71 - "f2fs" 72 - "hfs" 73 - "hpfs" 74 - "jfs" 75 - "minix" 76 - "nilfs2" 77 - "ntfs" 78 - "omfs" 79 - "qnx4" 80 - "qnx6" 81 - "sysv" 82 - "ufs" 83 - ]; 84 - }; 85 - 86 - networking = { 87 - hostName = "snow-den"; 88 - # nameservers = []; 89 - 90 - # interfaces = { 91 - # ens18 = { 92 - # ipv4 = { 93 - # addresses = [ 94 - # { 95 - # address = "193.24.209.147"; 96 - # prefixLength = 24; 97 - # } 98 - # ]; 99 - # }; 100 - # }; 101 - # }; 102 - 103 - firewall = { 104 - enable = true; 105 - allowedTCPPorts = [ 106 - 22 107 - 335 108 - ]; 109 - allowedUDPPorts = [ 110 - 111 - ]; 112 - }; 113 - }; 114 - 115 - time.timeZone = "Europe/Berlin"; # Set your time zone. 116 - i18n.defaultLocale = "en_US.UTF-8"; # Select internationalisation properties. 117 - 118 - environment = { 119 - defaultPackages = []; # Disable any default installed packages 120 - 121 - systemPackages = with pkgs; [ 122 - fastfetch 123 - helix 124 - # wget 125 - btop 126 - ]; 127 - }; 128 - 129 - fonts.fontconfig.enable = false; 130 - 131 - system = { 132 - stateVersion = "25.05"; 133 - tools = { 134 - nixos-version.enable = true; 135 - nixos-rebuild.enable = true; 136 - nixos-option.enable = true; 137 - 138 - nixos-generate-config.enable = false; 139 - nixos-install.enable = false; 140 - nixos-build-vms.enable = false; 141 - }; 142 - }; 143 - 144 - 145 - services = { 146 - dnsmasq = { 147 - enable = true; 148 - settings = { 149 - server = [ 150 - "1.1.1.1" 151 - "2606:4700:4700::1111" 152 - "1.0.0.1" 153 - "2606:4700:4700::1001" 154 - "194.242.2.2" 155 - "2a07:e340::2" 156 - ]; 157 - }; 158 - }; 159 - 160 - openssh = { 161 - enable = true; 162 - ports = [ 163 - 335 164 - ]; 165 - allowSFTP = true; 166 - settings = { 167 - PasswordAuthentication = false; 168 - PermitRootLogin = "no"; 169 - }; 170 - }; 171 - 172 - endlessh-go = { 173 - enable = true; 174 - port = 22; 175 - 176 - # prometheus = { 177 - # enable = true; 178 - # port = 2112; 179 - # }; 180 - }; 181 - 182 - # prometheus = { 183 - # enable = true; 184 - # }; 185 - }; 186 - 187 - programs = { 188 - nano.enable = false; 189 - fish.enable = true; 190 - nh = { 191 - enable = true; 192 - flake = "/etc/nixos"; 193 - }; 194 - }; 195 - 196 - security = { 197 - sudo.enable = false; 198 - sudo-rs = { 199 - enable = true; 200 - wheelNeedsPassword = true; 201 - execWheelOnly = true; 202 - # extraConfig = '' 203 - # Defaults passwd_timeout=0 204 - # ''; 205 - }; 206 - 207 - wrappers = { 208 - docker-rootlesskit = { 209 - owner = "root"; 210 - group = "root"; 211 - capabilities = "cap_net_bind_service+ep"; 212 - source = "${pkgs.rootlesskit}/bin/rootlesskit"; 213 - }; 214 - }; 215 - }; 216 - 217 - virtualisation = { 218 - docker = { 219 - rootless = { 220 - enable = true; 221 - setSocketVariable = true; 222 - }; 223 - }; 224 - 225 - lxd = { 226 - enable = true; 227 - recommendedSysctlSettings = true; 228 - ui = { 229 - enable = true; 230 - package = pkgs.lxd-ui; 231 - }; 232 - }; 233 - }; 234 - 235 - users.users = { 236 - snow = { 237 - isNormalUser = true; 238 - description = "snow"; 239 - extraGroups = [ 240 - "wheel" 241 - ]; 242 - shell = pkgs.fish; 243 - openssh.authorizedKeys.keys = [ 244 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 245 - ]; 246 - }; 247 - root = { 248 - shell = pkgs.fish; 249 - openssh.authorizedKeys.keys = [ 250 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 251 - ]; 252 - }; 253 - }; 254 - }

+7 -75

server/flake.lock

··· 7 7 ] 8 8 }, 9 9 "locked": { 10 - "lastModified": 1748737919, 11 - "narHash": "sha256-5kvBbLYdp+n7Ftanjcs6Nv+UO6sBhelp6MIGJ9nWmjQ=", 10 + "lastModified": 1754263839, 11 + "narHash": "sha256-ck7lILfCNuunsLvExPI4Pw9OOCJksxXwozum24W8b+8=", 12 12 "owner": "nix-community", 13 13 "repo": "home-manager", 14 - "rev": "5675a9686851d9626560052a032c4e14e533c1fa", 14 + "rev": "1d7abbd5454db97e0af51416f4960b3fb64a4773", 15 15 "type": "github" 16 16 }, 17 17 "original": { ··· 23 23 }, 24 24 "nixpkgs": { 25 25 "locked": { 26 - "lastModified": 1748437600, 27 - "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=", 26 + "lastModified": 1754292888, 27 + "narHash": "sha256-1ziydHSiDuSnaiPzCQh1mRFBsM2d2yRX9I+5OPGEmIE=", 28 28 "owner": "NixOS", 29 29 "repo": "nixpkgs", 30 - "rev": "7282cb574e0607e65224d33be8241eae7cfe0979", 30 + "rev": "ce01daebf8489ba97bd1609d185ea276efdeb121", 31 31 "type": "github" 32 32 }, 33 33 "original": { ··· 37 37 "type": "github" 38 38 } 39 39 }, 40 - "nixpkgs_2": { 41 - "locked": { 42 - "lastModified": 1748798537, 43 - "narHash": "sha256-l7ObzI637Tvty57eGKWhDtILX+PTZNSSwMTLj8JOxoQ=", 44 - "owner": "nixos", 45 - "repo": "nixpkgs", 46 - "rev": "f0baa02d9422bd78a1b9072950b6c3f53e885332", 47 - "type": "github" 48 - }, 49 - "original": { 50 - "owner": "nixos", 51 - "repo": "nixpkgs", 52 - "type": "github" 53 - } 54 - }, 55 40 "root": { 56 41 "inputs": { 57 42 "home-manager": "home-manager", 58 - "nixpkgs": "nixpkgs", 59 - "zenium": "zenium" 60 - } 61 - }, 62 - "systems": { 63 - "locked": { 64 - "lastModified": 1681028828, 65 - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 66 - "owner": "nix-systems", 67 - "repo": "default", 68 - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 69 - "type": "github" 70 - }, 71 - "original": { 72 - "owner": "nix-systems", 73 - "repo": "default", 74 - "type": "github" 75 - } 76 - }, 77 - "utils": { 78 - "inputs": { 79 - "systems": "systems" 80 - }, 81 - "locked": { 82 - "lastModified": 1731533236, 83 - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 84 - "owner": "numtide", 85 - "repo": "flake-utils", 86 - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 87 - "type": "github" 88 - }, 89 - "original": { 90 - "owner": "numtide", 91 - "repo": "flake-utils", 92 - "type": "github" 93 - } 94 - }, 95 - "zenium": { 96 - "inputs": { 97 - "nixpkgs": "nixpkgs_2", 98 - "utils": "utils" 99 - }, 100 - "locked": { 101 - "lastModified": 1748638806, 102 - "narHash": "sha256-V8Qhs8TJXgYwxze5T36hpCUBK5U5aBDawFDIcsc9dkE=", 103 - "ref": "refs/heads/project-refactor", 104 - "rev": "f66c84a58b49727c2706628773ec041b03a602bb", 105 - "revCount": 28458, 106 - "type": "git", 107 - "url": "https://git.killuaa.dev/Rouffy/Zenium" 108 - }, 109 - "original": { 110 - "type": "git", 111 - "url": "https://git.killuaa.dev/Rouffy/Zenium" 43 + "nixpkgs": "nixpkgs" 112 44 } 113 45 } 114 46 },

+8 -2

server/flake.nix

··· 1 1 { 2 - description = "Snow's Server Flake"; 2 + description = "Snow's Server Flake!"; 3 3 inputs = { 4 4 nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; 5 5 ··· 8 8 inputs.nixpkgs.follows = "nixpkgs"; 9 9 }; 10 10 11 + # zenium.url = "git+https://git.killuaa.dev/Rouffy/Zenium"; 11 12 }; 12 13 13 14 outputs = 14 15 { 15 16 nixpkgs, 16 17 home-manager, 18 + # zenium, 17 19 ... 18 20 }@inputs: 19 21 ··· 27 29 }; 28 30 29 31 modules = [ 30 - ./configuration.nix 32 + ./system/configuration.nix 33 + # <nixpkgs/nixos/modules/profiles/minimal.nix> 31 34 "${nixpkgs}/nixos/modules/profiles/minimal.nix" 35 + # ./lxd-config.nix 36 + # proxmox-nixos.nixosModules.proxmox-ve 32 37 33 38 home-manager.nixosModules.home-manager 34 39 { ··· 39 44 snow = import ./home-manager/snow.nix; 40 45 }; 41 46 } 47 + 42 48 ]; 43 49 }; 44 50 };

-37

server/hardware-configuration.nix

··· 1 - # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 - # and may be overwritten by future invocations. Please make changes 3 - # to /etc/nixos/configuration.nix instead. 4 - { config, lib, pkgs, modulesPath, ... }: 5 - 6 - { 7 - imports = 8 - [ (modulesPath + "/profiles/qemu-guest.nix") 9 - ]; 10 - 11 - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; 12 - boot.initrd.kernelModules = [ ]; 13 - boot.kernelModules = [ "kvm-amd" ]; 14 - boot.extraModulePackages = [ ]; 15 - 16 - fileSystems."/" = 17 - { device = "/dev/disk/by-label/nixos"; 18 - fsType = "ext4"; 19 - }; 20 - 21 - fileSystems."/boot" = 22 - { device = "/dev/disk/by-label/boot"; 23 - fsType = "vfat"; 24 - options = [ "fmask=0077" "dmask=0077" ]; 25 - }; 26 - 27 - swapDevices = [ ]; 28 - 29 - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 30 - # (the default) this is the recommended approach. When using systemd-networkd it's 31 - # still possible to use this option, but it's recommended to use it in conjunction 32 - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 33 - networking.useDHCP = lib.mkDefault true; 34 - # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; 35 - 36 - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 37 - }

+35 -19

server/home-manager/apps/fastfetch.nix

··· 4 4 enable = true; 5 5 settings = { 6 6 "$schema" = "https://github.com/fastfetch-cli/fastfetch/raw/dev/doc/json_schema.json"; 7 - # logo = { 8 - # type = "raw"; 9 - # source = "~/Documents/Misc./images/fastfetch/choppah2.sixel"; 10 - # width = 40; 11 - # height = 19; 12 - # }; 13 7 display = { 14 8 separator = " ➜ "; 15 9 }; 10 + 11 + logo = { 12 + padding = { 13 + top = 0; # Top padding 14 + left = 1; # Left padding 15 + right = 3; # Right padding 16 + }; 17 + }; 18 + 16 19 modules = [ 17 20 { 18 21 type = "title"; 19 - format = "{6}{7}\u001b[33m{2}\u001b[0m"; 22 + format = "{6}{7}{#33}{2}"; 20 23 } 21 24 { 22 - type = "custom"; 23 - format = "-====================-"; 24 - outputColor = "separator"; 25 + type = "custom"; 26 + format = "-====================-"; 27 + outputColor = "separator"; 25 28 } 26 29 { 27 30 type = "os"; 28 31 key = "{#34}  OS"; 32 + } 33 + { 34 + type = "host"; 35 + key = "{#34}  Host"; 29 36 } 30 37 { 31 38 type = "kernel"; 32 39 key = "{#33}  Kernel"; 33 40 } 34 41 { 35 - type = "packages"; 36 - key = "{#35} 󰏗 Packages"; 42 + type = "uptime"; 43 + key = "{#33}  Uptime"; 37 44 } 38 45 { 39 - type = "wm"; 40 - key = "{#36} 󰇄 WM"; 46 + type = "packages"; 47 + key = "{#35} 󰏗 Packages"; 41 48 } 42 49 { 43 - type = "uptime"; 44 - key = "{#33}  Uptime"; 50 + type = "terminal"; 51 + key = "{#34}  Terminal"; 45 52 } 46 53 { 47 54 type = "shell"; 48 - key = "{#34}  Shell"; 55 + key = "{#34}  Shell"; 49 56 } 50 57 "break" 51 58 { ··· 53 60 key = "{#35}  CPU"; 54 61 } 55 62 { 63 + type = "gpu"; 64 + format = "{2}"; 65 + key = "{#37}  GPU"; 66 + } 67 + { 56 68 type = "memory"; 57 69 key = "{#39}  Memory"; 58 70 } 59 71 { 72 + type = "swap"; 73 + key = "{#39}  Swap"; 74 + } 75 + { 60 76 type = "disk"; 61 77 key = "{#37}  Drive"; 62 78 } 63 79 "break" 64 - "break" 80 + "colors" 65 81 ]; 66 82 }; 67 83 }; 68 - } 84 + }

+21 -15

server/home-manager/apps/fish.nix

··· 3 3 programs.fish = { 4 4 enable = true; 5 5 generateCompletions = true; 6 - functions = { 7 - docker = { 8 - body = '' 9 - if test (count $argv) -eq 1; and test "$argv[1]" = ps 10 - ctop 11 - else 12 - command docker $argv 13 - end 14 - ''; 15 - }; 16 - }; 6 + # functions = { 7 + # docker = { 8 + # body = '' 9 + # if test (count $argv) -eq 1; and test "$argv[1]" = ps 10 + # ctop 11 + # else 12 + # command docker $argv 13 + # end 14 + # ''; 15 + # }; 16 + # }; 17 17 shellInit = '' 18 18 set -xg fish_color_command blue 19 19 ''; 20 20 shellAliases = { 21 21 fetch = "clear && fastfetch"; 22 22 helix = "hx"; 23 - ls = "eza -ihA --icons"; 23 + nano = "$EDITOR"; 24 + ls = "eza -ihg --icons"; 24 25 cat = "/etc/profiles/per-user/snow/bin/bat"; 25 26 bat = "/run/current-system/sw/bin/cat"; 26 27 ctl = "sudo systemctl"; 27 28 myip = "curl https://ipinfo.io/ip"; 28 - reslave = "sudo nix flake update --flake ~/.config/nixos && nh os switch ~/.config/nixos && sudo nix-collect-garbage -d && nix-collect-garbage -d && sudo nix-env --delete-generations +1"; 29 - rebuild = "nh os switch ~/.config/nixos"; 29 + myip6 = "curl https://v6.ipinfo.io/ip"; 30 30 docres = "docker compose down && docker compose up -d"; 31 + docvol = "cd ~/.local/share/docker/volumes"; 32 + 33 + logboot = "journalctl --boot=-1 --reverse"; 34 + reslave = "nh os switch ~/Nixos -u && nh clean all"; 35 + rebuild = "nh os switch ~/Nixos"; 36 + rebuildc = "nh os switch ~/Nixos && nh clean all"; 31 37 }; 32 38 }; 33 - } 39 + }

+6 -14

server/home-manager/snow.nix

··· 7 7 ]; 8 8 home.username = "snow"; 9 9 home.homeDirectory = "/home/snow"; 10 - home.file = { 11 - ".local/bin/zed_server/zenium-remote-server" = { 12 - source = "${ 13 - inputs.zenium.packages."${pkgs.system}".zenium-remote-server-bin 14 - }/bin/zenium-remote-server"; 15 - recursive = true; 16 - }; 17 - }; 18 10 19 11 home.packages = with pkgs; [ 20 12 git ··· 23 15 devenv 24 16 # yazi 25 17 ctop 26 - inputs.zenium.packages."${system}".zenium-remote-server-bin 18 + # inputs.zenium.packages."${system}".zenium-remote-server-bin 27 19 ]; 28 20 29 21 services = { 30 - cliphist = { 31 - enable = true; 32 - allowImages = true; 33 - }; 22 + # cliphist = { 23 + # enable = true; 24 + # allowImages = true; 25 + # }; 34 26 }; 35 27 36 28 programs = { ··· 47 39 icons = "always"; 48 40 }; 49 41 }; 50 - 42 + 51 43 home.stateVersion = "25.05"; 52 44 home.enableNixpkgsReleaseCheck = false; 53 45 }

+8

server/justfile

··· 1 + test: 2 + nix flake check 3 + 4 + dry-run: 5 + nixos-rebuild dry-run --flake .#snow-den 6 + 7 + deploy: 8 + nixos-rebuild switch --flake .#snow-den --target-host server --use-remote-sudo

+266

server/system/configuration.nix

··· 1 + # Edit this configuration file to define what should be installed on 2 + # your system. Help is available in the configuration.nix(5) man page, on 3 + # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). 4 + 5 + { 6 + # config, 7 + # lib, 8 + pkgs, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + # Include the results of the hardware scan. 15 + ./hardware-configuration.nix 16 + ./lxd-config.nix 17 + # ./ets2-config.nix 18 + ./network.nix 19 + ]; 20 + 21 + # nixpkgs.config.allowUnfree = true; 22 + 23 + zramSwap = { 24 + enable = true; 25 + algorithm = "zstd"; 26 + }; 27 + 28 + swapDevices = [ 29 + { 30 + device = "/swapfile"; 31 + size = 8 * 1024; 32 + } 33 + ]; 34 + 35 + nix = { 36 + settings = { 37 + experimental-features = [ 38 + "nix-command" 39 + "flakes" 40 + ]; 41 + # trusted-user = { 42 + # "@wheel" 43 + # }; 44 + auto-optimise-store = true; 45 + use-xdg-base-directories = true; 46 + }; 47 + gc = { 48 + automatic = true; 49 + dates = "daily"; 50 + }; 51 + }; 52 + 53 + # Use grub so it works on both EFI and BOOT 54 + boot = { 55 + # kernelPackages = pkgs.linuxKernel.packages.linux_hardened; 56 + kernelModules = [ 57 + # "overlay2" 58 + ]; 59 + 60 + kernel.sysctl = { 61 + # Hide kptrs even for processes with CAP_SYSLOG 62 + "kernel.kptr_restrict" = 2; 63 + 64 + # Disable ftrace debugging 65 + "kernel.ftrace_enabled" = false; 66 + 67 + # Disable bpf() JIT (to eliminate spray attacks) 68 + # "net.core.bpf_jit_enable" = false; 69 + 70 + # https://wiki.archlinux.org/title/Sysctl#Enable_TCP_Fast_Open 71 + "net.ipv4.tcp_fastopen" = 3; 72 + 73 + "kernel.unprivileged_userns_clone" = 1; 74 + }; 75 + 76 + loader = { 77 + efi.canTouchEfiVariables = true; 78 + 79 + grub = { 80 + enable = true; 81 + timeoutStyle = "hidden"; 82 + efiSupport = true; 83 + # efiInstallAsRemovable = true; 84 + device = "nodev"; 85 + splashImage = null; 86 + }; 87 + }; 88 + 89 + blacklistedKernelModules = [ 90 + # Obscure network protocols 91 + "ax25" 92 + "netrom" 93 + "rose" 94 + 95 + # Old or rare or insufficiently audited filesystems 96 + "adfs" 97 + "affs" 98 + "bfs" 99 + "befs" 100 + "cramfs" 101 + "efs" 102 + "erofs" 103 + "exofs" 104 + "freevxfs" 105 + "f2fs" 106 + "hfs" 107 + "hpfs" 108 + "jfs" 109 + "minix" 110 + "nilfs2" 111 + "ntfs" 112 + "omfs" 113 + "qnx4" 114 + "qnx6" 115 + "sysv" 116 + "ufs" 117 + ]; 118 + }; 119 + 120 + time.timeZone = "Europe/Berlin"; # Set your time zone. 121 + i18n.defaultLocale = "en_US.UTF-8"; # Select internationalisation properties. 122 + 123 + environment = { 124 + defaultPackages = [ ]; # Disable any default installed packages 125 + 126 + systemPackages = with pkgs; [ 127 + fastfetch 128 + helix 129 + # wget 130 + btop 131 + dysk 132 + ]; 133 + }; 134 + 135 + fonts.fontconfig.enable = false; 136 + 137 + system = { 138 + stateVersion = "25.05"; 139 + tools = { 140 + nixos-version.enable = true; 141 + nixos-rebuild.enable = true; 142 + nixos-option.enable = true; 143 + 144 + nixos-generate-config.enable = false; 145 + nixos-install.enable = false; 146 + nixos-build-vms.enable = false; 147 + }; 148 + }; 149 + 150 + services = { 151 + openssh = { 152 + enable = true; 153 + ports = [ 154 + 335 155 + ]; 156 + allowSFTP = true; 157 + settings = { 158 + PasswordAuthentication = false; 159 + PermitRootLogin = "no"; 160 + }; 161 + }; 162 + 163 + # endlessh-go = { 164 + # enable = true; 165 + # port = 22; 166 + 167 + # prometheus = { 168 + # enable = true; 169 + # port = 2112; 170 + # listenAddress = "0.0.0.0"; 171 + # }; 172 + # }; 173 + 174 + tailscale.enable = true; 175 + 176 + # prometheus = { 177 + # enable = true; 178 + # }; 179 + }; 180 + 181 + programs = { 182 + nano.enable = false; 183 + fish.enable = true; 184 + nh = { 185 + enable = true; 186 + flake = "/etc/nixos"; 187 + }; 188 + }; 189 + 190 + security = { 191 + # lockKernelModules = true; 192 + protectKernelImage = true; 193 + 194 + auditd.enable = true; 195 + sudo.enable = false; 196 + sudo-rs = { 197 + enable = true; 198 + wheelNeedsPassword = true; 199 + execWheelOnly = true; 200 + # extraConfig = '' 201 + # Defaults passwd_timeout=0 202 + # ''; 203 + }; 204 + 205 + pam = { 206 + services.sudo.rssh = true; 207 + services.sudo.unixAuth = false; 208 + rssh = { 209 + enable = true; 210 + settings = { 211 + # cue = true; 212 + debug = true; 213 + }; 214 + }; 215 + }; 216 + 217 + wrappers = { 218 + docker-rootlesskit = { 219 + owner = "root"; 220 + group = "root"; 221 + capabilities = "cap_net_bind_service+ep"; 222 + source = "${pkgs.rootlesskit}/bin/rootlesskit"; 223 + }; 224 + }; 225 + }; 226 + 227 + virtualisation = { 228 + docker = { 229 + rootless = { 230 + enable = true; 231 + setSocketVariable = true; 232 + }; 233 + }; 234 + }; 235 + 236 + users = { 237 + groups.radcliffe = { }; 238 + users = { 239 + snow = { 240 + isNormalUser = true; 241 + description = "snow"; 242 + linger = true; 243 + extraGroups = [ 244 + "wheel" 245 + ]; 246 + shell = pkgs.fish; 247 + openssh.authorizedKeys.keys = [ 248 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 249 + ]; 250 + }; 251 + radcliffe = { 252 + isNormalUser = true; 253 + linger = true; 254 + group = "radcliffe"; 255 + shell = pkgs.fish; 256 + openssh.authorizedKeys.keys = [ 257 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2za6psnuIMZ6FrdUehhyQlqYvy05+wv8dKER+Lctna snowy@Snowflake" 258 + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGiRKJiC+keGpcnWC9vItrPGqYSq9+bK3pNWc+zgnrMR user@radcliffe" 259 + ]; 260 + }; 261 + root = { 262 + shell = pkgs.fish; 263 + }; 264 + }; 265 + }; 266 + }

+62

server/system/hardware-configuration.nix

··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: 11 + 12 + { 13 + imports = [ 14 + (modulesPath + "/profiles/qemu-guest.nix") 15 + ]; 16 + 17 + boot.initrd.availableKernelModules = [ 18 + "ata_piix" 19 + "uhci_hcd" 20 + "virtio_pci" 21 + "sr_mod" 22 + "virtio_blk" 23 + ]; 24 + boot.initrd.kernelModules = [ ]; 25 + boot.kernelModules = [ ]; 26 + boot.extraModulePackages = [ ]; 27 + 28 + fileSystems."/" = { 29 + device = "/dev/disk/by-uuid/b435993e-0760-44ba-afa7-ead509b87e62"; 30 + fsType = "ext4"; 31 + }; 32 + 33 + fileSystems."/proc" = { 34 + device = "proc"; 35 + fsType = "proc"; 36 + options = [ 37 + "hidepid=2" 38 + "gid=wheel" 39 + ]; 40 + }; 41 + 42 + fileSystems."/boot" = { 43 + device = "/dev/disk/by-uuid/67AC-7FCE"; 44 + fsType = "vfat"; 45 + options = [ 46 + "fmask=0077" 47 + "dmask=0077" 48 + ]; 49 + }; 50 + 51 + swapDevices = [ ]; 52 + 53 + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking 54 + # (the default) this is the recommended approach. When using systemd-networkd it's 55 + # still possible to use this option, but it's recommended to use it in conjunction 56 + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. 57 + networking.useDHCP = lib.mkDefault true; 58 + # networking.interfaces.ens3.useDHCP = lib.mkDefault true; 59 + 60 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 61 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 62 + }

+74

server/system/lxd-config.nix

··· 1 + { pkgs, ... }: 2 + { 3 + virtualisation.lxd = { 4 + enable = true; 5 + recommendedSysctlSettings = true; 6 + 7 + ui = { 8 + enable = true; 9 + package = pkgs.lxd-ui; 10 + }; 11 + 12 + preseed = { 13 + config = { 14 + "core.https_address" = ":8443"; 15 + "core.shutdown_timeout" = "3"; 16 + "images.compression_algorithm" = "xz"; 17 + "backups.compression_algorithm" = "xz"; 18 + }; 19 + 20 + networks = [ 21 + { 22 + name = "hestia-bridge"; 23 + description = "Networking bridge for hestia"; 24 + type = "bridge"; 25 + config = { 26 + "ipv4.address" = "10.0.100.1/24"; 27 + # "ipv4.nat" = "true"; 28 + "ipv4.dhcp" = true; 29 + "ipv6.address" = "none"; 30 + }; 31 + } 32 + ]; 33 + 34 + storage_pools = [ 35 + { 36 + name = "hestia-pool"; 37 + description = "Storage pool for hestia"; 38 + driver = "dir"; 39 + config = { 40 + source = "/var/lib/lxd/storage-pools/hestia-pool"; 41 + }; 42 + } 43 + ]; 44 + 45 + storage_volumes = [ 46 + { 47 + name = "hestia-backups"; 48 + # type = "custom"; 49 + content_type = "filesystem"; 50 + pool = "hestia-pool"; 51 + config = { 52 + size = "32GiB"; 53 + }; 54 + } 55 + ]; 56 + 57 + # projects = [ 58 + # { 59 + # name = "hestia-project"; 60 + # # descripion = "Project for hestia"; 61 + # config = { 62 + # "features.images" = true; 63 + # "features.networks" = true; 64 + # "features.networks.zones" = false; 65 + # "features.profiles" = false; 66 + # "features.storage.buckets" = false; 67 + # "features.storage.volumes" = true; 68 + # }; 69 + # } 70 + # ]; 71 + 72 + }; 73 + }; 74 + }

+169

server/system/network.nix

··· 1 + { ... }: 2 + { 3 + networking = { 4 + hostName = "snow-den"; 5 + nameservers = [ 6 + # Cloudflare 7 + "2606:4700:4700::1111" 8 + "1.1.1.1" 9 + "2606:4700:4700::1001" 10 + "1.0.0.1" 11 + 12 + # Mullvad 13 + "2a07:e340::2" 14 + "194.242.2.2" 15 + ]; 16 + 17 + defaultGateway6 = { 18 + address = "fe80::1"; 19 + interface = "ens3"; 20 + }; 21 + 22 + interfaces = { 23 + ens3 = { 24 + ipv6.addresses = [ 25 + { 26 + address = "2a0a:4cc0:0:1eb::c0ff:ee"; 27 + prefixLength = 64; 28 + } 29 + ]; 30 + }; 31 + }; 32 + 33 + # interfaces = { 34 + # ens18 = { 35 + # ipv4 = { 36 + # addresses = [ 37 + # { 38 + # address = "193.24.209.147"; 39 + # prefixLength = 24; 40 + # } 41 + # ]; 42 + # }; 43 + # }; 44 + # }; 45 + 46 + firewall = { 47 + enable = true; 48 + trustedInterfaces = [ 49 + "hestia-bridge" 50 + ]; 51 + 52 + extraCommands = '' 53 + iptables -t nat -A POSTROUTING -s 10.0.100.0/24 ! -d 10.0.100.0/24 -j MASQUERADE 54 + ''; 55 + 56 + allowedTCPPorts = [ 57 + # HTTP 58 + 80 59 + 443 60 + 61 + # ssh 62 + 22 63 + 335 64 + 665 65 + 66 + # LXD 67 + 8443 68 + 69 + # email 70 + ## IMAP 71 + 143 72 + 993 73 + ## POP3 74 + 110 75 + 995 76 + ## SMTP 77 + 25 78 + 465 79 + 587 80 + 81 + # mumble 82 + 64738 83 + 84 + # broadcast-box 85 + 9070 86 + 87 + # Satisfactory 88 + 7777 89 + 8888 90 + 91 + # Steam 92 + 27015 93 + 27016 94 + ]; 95 + allowedUDPPorts = [ 96 + # HTTP 97 + 80 98 + 443 99 + 100 + # mumble 101 + 64738 102 + 103 + # broadcast-box 104 + 9070 105 + 106 + # Satisfactory 107 + 7777 108 + 109 + # Steam 110 + 27015 111 + 27016 112 + ]; 113 + }; 114 + 115 + nat = { 116 + enable = true; 117 + # internalInterfaces = [ "hestia-bridge" ]; 118 + externalInterface = "ens3"; 119 + # externalInterface = "wg0"; 120 + forwardPorts = [ 121 + # SSH 122 + { 123 + sourcePort = 665; 124 + proto = "tcp"; 125 + destination = "10.0.100.126:22"; 126 + } 127 + 128 + # IMAP 129 + { 130 + sourcePort = 143; 131 + proto = "tcp"; 132 + destination = "10.0.100.126:143"; 133 + } 134 + { 135 + sourcePort = 993; 136 + proto = "tcp"; 137 + destination = "10.0.100.126:993"; 138 + } 139 + # POP3 140 + { 141 + sourcePort = 110; 142 + proto = "tcp"; 143 + destination = "10.0.100.126:110"; 144 + } 145 + { 146 + sourcePort = 995; 147 + proto = "tcp"; 148 + destination = "10.0.100.126:995"; 149 + } 150 + # SMTP 151 + { 152 + sourcePort = 25; 153 + proto = "tcp"; 154 + destination = "10.0.100.126:25"; 155 + } 156 + { 157 + sourcePort = 465; 158 + proto = "tcp"; 159 + destination = "10.0.100.126:465"; 160 + } 161 + { 162 + sourcePort = 587; 163 + proto = "tcp"; 164 + destination = "10.0.100.126:587"; 165 + } 166 + ]; 167 + }; 168 + }; 169 + }

Configure Feed

Configure Feed