swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: code cleanup

Browse source
This commit is contained in:
Swarsel 2024-07-18 23:12:04 +02:00
parent bb59145f85
commit 3eecea6503
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
42 changed files with 4232 additions and 4479 deletions
Download patch file Download diff file Expand all files Collapse all files

862
SwarselSystems.org
View file

File diff suppressed because it is too large Load diff

43
flake.nix
View file

@ -3,88 +3,85 @@
inputs = { inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixos-unstable; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = github:NixOS/nixpkgs/nixos-24.05; nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
# user-level configuration # user-level configuration
home-manager = { home-manager = {
url = github:nix-community/home-manager; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# overlay to access bleeding edge emacs # overlay to access bleeding edge emacs
emacs-overlay = { emacs-overlay = {
url = github:nix-community/emacs-overlay; url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# nix user repository # nix user repository
# i use this mainly to not have to build all firefox extensions # i use this mainly to not have to build all firefox extensions
# myself as well as for the emacs-init package (tbd) # myself as well as for the emacs-init package (tbd)
nur.url = github:nix-community/NUR; nur.url = "github:nix-community/NUR";
# provides GL to non-NixOS hosts # provides GL to non-NixOS hosts
nixgl.url = github:guibou/nixGL; nixgl.url = "github:guibou/nixGL";
# manages all theming using Home-Manager # manages all theming using Home-Manager
stylix.url = github:danth/stylix; stylix.url = "github:danth/stylix";
# nix secrets management # nix secrets management
sops-nix.url = github:Mic92/sops-nix; sops-nix.url = "github:Mic92/sops-nix";
# enable secure boot on NixOS # enable secure boot on NixOS
lanzaboote.url = github:nix-community/lanzaboote; lanzaboote.url = "github:nix-community/lanzaboote";
# nix for android # nix for android
nix-on-droid = { nix-on-droid = {
url = github:t184256/nix-on-droid/release-23.05; url = "github:t184256/nix-on-droid/release-23.05";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# generate NixOS images # generate NixOS images
nixos-generators = { nixos-generators = {
url = github:nix-community/nixos-generators; url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
# patches for gaming on nix # patches for gaming on nix
nix-gaming = { nix-gaming = {
url = github:fufexan/nix-gaming; url = "github:fufexan/nix-gaming";
}; };
# hardware quirks on nix # hardware quirks on nix
nixos-hardware = { nixos-hardware = {
url = github:NixOS/nixos-hardware/master; url = "github:NixOS/nixos-hardware/master";
}; };
# dynamic library loading # dynamic library loading
nix-alien = { nix-alien = {
url = github:thiagokokada/nix-alien; url = "github:thiagokokada/nix-alien";
}; };
# automatic nintendo switch payload injection # automatic nintendo switch payload injection
nswitch-rcm-nix = { nswitch-rcm-nix = {
url = github:Swarsel/nswitch-rcm-nix; url = "github:Swarsel/nswitch-rcm-nix";
}; };
}; };
outputs = inputs@{ outputs = inputs@{
self,
nixpkgs, nixpkgs,
nixpkgs-stable, nixpkgs-stable,
home-manager, home-manager,
nix-on-droid, nix-on-droid,
nixos-generators,
emacs-overlay, emacs-overlay,
nur, nur,
nixgl, nixgl,
stylix, stylix,
sops-nix, sops-nix,
lanzaboote, lanzaboote,
nix-gaming,
nixos-hardware, nixos-hardware,
nix-alien, nix-alien,
nswitch-rcm-nix, nswitch-rcm-nix,
@ -106,16 +103,6 @@
config.allowUnfree = true; config.allowUnfree = true;
}; };
# for ovm arm hosts
armpkgs = import nixpkgs { system = "aarch64-linux";
overlays = [ emacs-overlay.overlay
nur.overlay
nixgl.overlay
];
config.allowUnfree = true;
};
# NixOS modules that can only be used on NixOS systems # NixOS modules that can only be used on NixOS systems
nixModules = [ stylix.nixosModules.stylix nixModules = [ stylix.nixosModules.stylix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops

1093
index.html
View file

File diff suppressed because it is too large Load diff

4
profiles/TEMPLATE/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -118,7 +118,7 @@
}; };
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
# TEMPLATE # TEMPLATE
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\""; "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkschildi.sh\"";

4
profiles/TEMPLATE/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { pkgs, ... }:
{ {
@ -67,7 +67,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

101
profiles/common/home.nix
View file

@ -301,15 +301,17 @@
]; ];
sops.defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml"; sops = {
sops.validateSopsFiles = false; defaultSopsFile = "${config.home.homeDirectory}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
# since we are using the home-manager implementation, we need to specify the runtime path for each secret secrets = {
sops.secrets.mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";}; mrswarsel = {path = "/run/user/1000/secrets/mrswarsel";};
sops.secrets.nautilus = {path = "/run/user/1000/secrets/nautilus";}; nautilus = {path = "/run/user/1000/secrets/nautilus";};
sops.secrets.leon = {path = "/run/user/1000/secrets/leon";}; leon = {path = "/run/user/1000/secrets/leon";};
sops.secrets.swarselmail = {path = "/run/user/1000/secrets/swarselmail";}; swarselmail = {path = "/run/user/1000/secrets/swarselmail";};
sops.secrets.caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";}; caldav = {path = "${config.home.homeDirectory}/.emacs.d/.caldav";};
};
};
programs.ssh= { programs.ssh= {
enable = true; enable = true;
@ -518,22 +520,23 @@ home.sessionVariables = {
EDITOR = "bash ~/.dotfiles/scripts/editor.sh"; EDITOR = "bash ~/.dotfiles/scripts/editor.sh";
}; };
# zsh Integration is enabled by default for these programs = {
programs.bottom.enable = true; bottom.enable = true;
programs.imv.enable = true; imv.enable = true;
programs.sioyek.enable = true; sioyek.enable = true;
programs.bat.enable = true; bat.enable = true;
programs.carapace.enable = true; carapace.enable = true;
programs.wlogout.enable = true; wlogout.enable = true;
programs.swayr.enable = true; swayr.enable = true;
programs.yt-dlp.enable = true; yt-dlp.enable = true;
programs.mpv.enable = true; mpv.enable = true;
programs.jq.enable = true; jq.enable = true;
programs.nix-index.enable = true; nix-index.enable = true;
programs.ripgrep.enable = true; ripgrep.enable = true;
programs.pandoc.enable = true; pandoc.enable = true;
programs.fzf.enable = true; fzf.enable = true;
programs.zoxide.enable = true; zoxide.enable = true;
};
programs.password-store = { programs.password-store = {
enable = true; enable = true;
@ -1154,7 +1157,7 @@ programs.firefox = {
}; };
profiles.default = { profiles.default = {
isDefault = true; isDefault = true;
userChrome = (builtins.readFile ../../programs/firefox/chrome/userChrome.css); userChrome = builtins.readFile ../../programs/firefox/chrome/userChrome.css;
extensions = with pkgs.nur.repos.rycee.firefox-addons; [ extensions = with pkgs.nur.repos.rycee.firefox-addons; [
tridactyl tridactyl
browserpass browserpass
@ -1172,42 +1175,10 @@ programs.firefox = {
widegithub widegithub
enhanced-github enhanced-github
unpaywall unpaywall
# fastforwardteam
don-t-fuck-with-paste don-t-fuck-with-paste
plasma-integration plasma-integration
# (let version = "3.4.5.0";
# in buildFirefoxXpiAddon {
# pname = "bypass-paywalls-clean";
# inherit version;
# addonId = "magnolia@12.34";
# url =
# "https://gitlab.com/magnolia1234/bpc-uploads/-/raw/master/bypass_paywalls_clean-3.4.5.0.xpi";
# sha256 = "703d30c15b88291bd0305cc59013693aea5f75a40ea98fb8e252d1c7bfb43514";
# meta = with lib; {
# homepage =
# "https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean";
# description = "Bypass Paywalls of (custom) news sites";
# license = licenses.mit;
# platforms = platforms.all;
# };
# })
(buildFirefoxXpiAddon {
pname = ":emoji:";
version = "0.1.3";
addonId = "gonelf@gmail.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3365324/emojidots-0.1.3.xpi";
sha256 = "4f7cc25c478fe52eb82f37c9ff4978dcaa3f95020398c5b184e517f6efa2c201";
meta = with lib;
{
description = "emoji autocomplete anywhere on the internet";
mozPermissions = [ "https://gist.githubusercontent.com/gonelf/d8ae3ccb7902b501c4a5dd625d4089da/raw/5eeda197ba92f8c8139e846a1225d5640077e06f/emoji_pretty.json" "tabs" "storage"];
platforms = platforms.all;
};
})
]; ];
search.engines = { search.engines = {
"Nix Packages" = { "Nix Packages" = {
urls = [{ urls = [{
@ -1317,9 +1288,10 @@ wayland.windowManager.sway = {
enable = true; enable = true;
checkConfig = false; # delete this line once SwayFX is fixed upstream checkConfig = false; # delete this line once SwayFX is fixed upstream
package = pkgs.swayfx; package = pkgs.swayfx;
# package = pkgs.sway; systemd = {
systemd.enable = true; enable = true;
systemd.xdgAutostart = true; xdgAutostart = true;
};
wrapperFeatures.gtk = true; wrapperFeatures.gtk = true;
config = rec { config = rec {
modifier = "Mod4"; modifier = "Mod4";
@ -1327,7 +1299,7 @@ wayland.windowManager.sway = {
menu = "fuzzel"; menu = "fuzzel";
bars = [{ command = "waybar";}]; bars = [{ command = "waybar";}];
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+q" = "kill"; "${modifier}+q" = "kill";
"${modifier}+f" = "exec firefox"; "${modifier}+f" = "exec firefox";
@ -1539,7 +1511,7 @@ wayland.windowManager.sway = {
# exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK # exec hash dbus-update-activation-environment 2>/dev/null && dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK
# "; # ";
extraConfig =let extraConfig =let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
swayfxSettings = " swayfxSettings = "
blur enable blur enable
blur_xray disable blur_xray disable
@ -1550,7 +1522,6 @@ wayland.windowManager.sway = {
titlebar_separator disable titlebar_separator disable
default_dim_inactive 0.02 default_dim_inactive 0.02
"; ";
swayfxSettingsOff = "";
in " in "
exec_always autotiling exec_always autotiling
set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\" set $exit \"exit: [s]leep, [p]oweroff, [r]eboot, [l]ogout\"

75
profiles/common/nixos.nix
View file

@ -1,31 +1,35 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, ... }:
{ {
home-manager = {
home-manager.useGlobalPkgs = true; useGlobalPkgs = true;
home-manager.useUserPackages = true; useUserPackages = true;
};
services.xserver = { services.xserver = {
xkb.layout = "us"; xkb = {
xkb.variant = "altgr-intl"; layout = "us";
variant = "altgr-intl";
};
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
users.mutableUsers = false; users.mutableUsers = false;
# use ozone for wayland - chromium apps environment = {
environment.sessionVariables.NIXOS_OZONE_WL = "1"; wordlist.enable = true;
sessionVariables = {
# wordlist for look NIXOS_OZONE_WL = "1";
environment.wordlist.enable = true; GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
# gstreamer plugins for nautilus (used for file metadata)
environment.sessionVariables.GST_PLUGIN_SYSTEM_PATH_1_0 = lib.makeSearchPathOutput "lib" "lib/gstreamer-1.0" (with pkgs.gst_all_1; [
gst-plugins-good gst-plugins-good
gst-plugins-bad gst-plugins-bad
gst-plugins-ugly gst-plugins-ugly
gst-libav gst-libav
]); ]);
};
};
# gstreamer plugins for nautilus (used for file metadata)
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
@ -52,24 +56,28 @@ nix.optimise = {
DefaultTimeoutStopSec=15s DefaultTimeoutStopSec=15s
''; '';
hardware.graphics = { hardware = {
graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
hardware.pulseaudio= { pulseaudio= {
enable = true; enable = true;
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
hardware.enableAllFirmware = true; enableAllFirmware = true;
hardware.bluetooth.powerOnBoot = true; bluetooth = {
hardware.bluetooth.settings = { powerOnBoot = true;
settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
}; };
}; };
};
};
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
@ -278,8 +286,9 @@ systemd.services.NetworkManager-ensure-profiles.after = [ "NetworkManager.servic
time.timeZone = "Europe/Vienna"; time.timeZone = "Europe/Vienna";
i18n.defaultLocale = "en_US.UTF-8"; i18n = {
i18n.extraLocaleSettings = { defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "de_AT.UTF-8"; LC_ADDRESS = "de_AT.UTF-8";
LC_IDENTIFICATION = "de_AT.UTF-8"; LC_IDENTIFICATION = "de_AT.UTF-8";
LC_MEASUREMENT = "de_AT.UTF-8"; LC_MEASUREMENT = "de_AT.UTF-8";
@ -290,6 +299,7 @@ i18n.extraLocaleSettings = {
LC_TELEPHONE = "de_AT.UTF-8"; LC_TELEPHONE = "de_AT.UTF-8";
LC_TIME = "de_AT.UTF-8"; LC_TIME = "de_AT.UTF-8";
}; };
};
sops = { sops = {
@ -400,17 +410,16 @@ environment.systemPackages = with pkgs; [
]; ];
programs.dconf.enable = true; programs = {
programs.evince.enable = true; dconf.enable = true;
programs.kdeconnect.enable = true; evince.enable = true;
kdeconnect.enable = true;
};
# zsh section, do not delete ------
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ]; environment.shells = with pkgs; [ zsh ];
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
# ---------------------------------
services.blueman.enable = true; services.blueman.enable = true;
@ -421,19 +430,21 @@ hardware.sane = {
}; };
# enable discovery and usage of network devices (esp. printers) # enable discovery and usage of network devices (esp. printers)
services.printing.enable = true; services.printing = {
services.printing.drivers = [ enable = true;
drivers = [
pkgs.gutenprint pkgs.gutenprint
pkgs.gutenprintBin pkgs.gutenprintBin
]; ];
services.printing.browsedConf = '' browsedConf = ''
BrowseDNSSDSubTypes _cups,_print BrowseDNSSDSubTypes _cups,_print
BrowseLocalProtocols all BrowseLocalProtocols all
BrowseRemoteProtocols all BrowseRemoteProtocols all
CreateIPPPrinterQueues All CreateIPPPrinterQueues All
BrowseProtocols all BrowseProtocols all
''; '';
};
services.avahi = { services.avahi = {
enable = true; enable = true;
nssmdns4 = true; nssmdns4 = true;
@ -473,10 +484,6 @@ services.pcscd.enable = true;
hardware.ledger.enable = true; hardware.ledger.enable = true;
# environment.systemPackages = with pkgs; [
# --- IN SYSTEM PACKAGES SECTION ---
# ];
services.udev.packages = with pkgs; [ services.udev.packages = with pkgs; [
yubikey-personalization yubikey-personalization
ledger-udev-rules ledger-udev-rules

2
profiles/fourside/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

4
profiles/fourside/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -97,7 +97,7 @@
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\""; "${modifier}+w" = "exec \"bash ~/.dotfiles/scripts/checkelement.sh\"";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%"; "XF86MonBrightnessUp" = "exec brightnessctl set +5%";

8
profiles/fourside/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { config, pkgs, ... }:
{ {
@ -94,7 +94,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };
@ -143,10 +143,10 @@
services.nswitch-rcm = { services.nswitch-rcm = {
enable = true; enable = true;
package = (pkgs.fetchurl { package = pkgs.fetchurl {
url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin"; url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI="; hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
}); };
}; };
users.users.swarsel = { users.users.swarsel = {

2
profiles/mysticant/configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { pkgs, ... }:
{ {
environment.packages = with pkgs; [ environment.packages = with pkgs; [

109
profiles/remote/oracle/matrix/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, sops, ... }: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {
@ -23,13 +23,42 @@ in {
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/omatrix/secrets.yaml";
sops.secrets.dnstokenfull = {owner="acme";}; validateSopsFiles = false;
sops.templates."certs.secret".content = '' secrets = {
dnstokenfull = {owner="acme";};
matrixsharedsecret = {owner="matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";};
};
templates = {
"certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
'';
mautrixtelegram = {
owner = "matrix-synapse";
content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
};
matrixshared = {
owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
};
};
};
documentation = { documentation = {
enable = false; enable = false;
@ -69,11 +98,11 @@ in {
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = false; zramSwap.enable = false;
networking.hostName = "swatrix"; networking = {
networking.enableIPv6 = false; hostName = "swatrix";
# networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; enableIPv6 = false;
networking.domain = "swarsel.win"; domain = "swarsel.win";
networking.firewall.extraCommands = '' firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 8008 -j ACCEPT
@ -81,6 +110,7 @@ in {
iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29318 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 29328 -j ACCEPT
''; '';
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -97,33 +127,9 @@ in {
boot.loader.grub.device = "nodev"; boot.loader.grub.device = "nodev";
sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; services.postgresql = {
sops.templates."matrix_user_register.sh".content = '' enable = true;
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 initialScript = pkgs.writeText "synapse-init.sql" ''
'';
sops.templates.matrixshared.owner = "matrix-synapse";
sops.templates.matrixshared.content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
'';
sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";};
sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";};
sops.templates.mautrixtelegram.owner = "matrix-synapse";
sops.templates.mautrixtelegram.content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
'';
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";};
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse";
# sops.templates.mautrixwhatsapp.content = ''
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
# '';
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0 TEMPLATE template0
@ -145,7 +151,7 @@ in {
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
};
services.matrix-synapse = { services.matrix-synapse = {
settings.app_service_config_files = [ settings.app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml"
@ -154,12 +160,11 @@ in {
"/var/lib/matrix-synapse/doublepuppet.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml"
]; ];
enable = true; enable = true;
settings.server_name = matrixDomain; settings = {
settings.public_baseurl = "https://${matrixDomain}"; server_name = matrixDomain;
extraConfigFiles = [ public_baseurl = "https://${matrixDomain}";
config.sops.templates.matrixshared.path };
]; listeners = [
settings.listeners = [
{ port = 8008; { port = 8008;
bind_addresses = [ "0.0.0.0" ]; bind_addresses = [ "0.0.0.0" ];
type = "http"; type = "http";
@ -173,6 +178,9 @@ in {
]; ];
} }
]; ];
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
}; };
services.mautrix-telegram = { services.mautrix-telegram = {
@ -196,9 +204,6 @@ in {
database = "postgresql:///mautrix-telegram?host=/run/postgresql"; database = "postgresql:///mautrix-telegram?host=/run/postgresql";
}; };
bridge = { bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true; relaybot.authless_portals = true;
allow_avatar_remove = true; allow_avatar_remove = true;
allow_contact_info = true; allow_contact_info = true;
@ -211,12 +216,6 @@ in {
"*" = "relaybot"; "*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin"; "@swarsel:${matrixDomain}" = "admin";
}; };
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = { animated_sticker = {
target = "gif"; target = "gif";
args = { args = {
@ -236,7 +235,6 @@ in {
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -284,7 +282,6 @@ in {
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
registerToSynapse = false; # this has the same effect as registering to app_service_config_file above registerToSynapse = false; # this has the same effect as registering to app_service_config_file above
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";

2
profiles/remote/oracle/sync/hardware-configuration.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

26
profiles/remote/oracle/sync/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
@ -18,14 +18,16 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/sync/secrets.yaml";
sops.secrets.swarsel = { owner = "root";}; validateSopsFiles = false;
sops.secrets.dnstokenfull = {owner="acme";}; secrets.swarsel = { owner = "root";};
sops.templates."certs.secret".content = '' secrets.dnstokenfull = {owner="acme";};
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
};
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
@ -89,10 +91,11 @@
boot.tmp.cleanOnBoot = true; boot.tmp.cleanOnBoot = true;
zramSwap.enable = false; zramSwap.enable = false;
networking.hostName = "sync"; networking = {
networking.enableIPv6 = false; hostName = "sync";
networking.domain = "subnet03112148.vcn03112148.oraclevcn.com"; enableIPv6 = false;
networking.firewall.extraCommands = '' domain = "subnet03112148.vcn03112148.oraclevcn.com";
firewall.extraCommands = ''
iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 443 -j ACCEPT
iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT iptables -I INPUT -m state --state NEW -p tcp --dport 27701 -j ACCEPT
@ -102,6 +105,7 @@
iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT iptables -I INPUT -m state --state NEW -p udp --dport 22000 -j ACCEPT
iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT iptables -I INPUT -m state --state NEW -p udp --dport 21027 -j ACCEPT
''; '';
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";

2
profiles/sandbox/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

2
profiles/sandbox/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, unstable, sops, ... }: let
matrixDomain = "swatrix.swarsel.win"; matrixDomain = "swatrix.swarsel.win";
in { in {

16
profiles/server1/TEMPLATE/nixos.nix
View file

@ -18,12 +18,16 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC.manageNetwork = true; # manage network myself proxmoxLXC = {
proxmoxLXC.manageHostName = false; # manage hostname myself manageNetwork = true; # manage network myself
networking.hostName = "TEMPLATE"; # Define your hostname. manageHostName = false; # manage hostname myself
networking.useDHCP = true; };
networking.enableIPv6 = false; networking = {
networking.firewall.enable = false; hostName = "TEMPLATE"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";

2
profiles/server1/calibre/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

63
profiles/server1/calibre/nixos.nix
View file

@ -29,24 +29,22 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/calibre/secrets.yaml";
sops.secrets.kavita = { owner = "kavita";}; validateSopsFiles = false;
# sops.secrets.smbuser = { }; secrets.kavita = { owner = "kavita";};
# sops.secrets.smbpassword = { }; };
# sops.secrets.smbdomain = { }; proxmoxLXC = {
# sops.templates."smb.cred".content = '' manageNetwork = true; # manage network myself
# user=${config.sops.placeholder.smbuser} manageHostName = false; # manage hostname myself
# password=${config.sops.placeholder.smbpassword} };
# domain=${config.sops.placeholder.smbdomain} networking = {
# ''; hostName = "calibre"; # Define your hostname.
proxmoxLXC.manageNetwork = true; # manage network myself useDHCP = true;
proxmoxLXC.manageHostName = false; # manage hostname myself enableIPv6 = false;
networking.hostName = "calibre"; # Define your hostname. firewall.enable = false;
networking.useDHCP = true; };
networking.enableIPv6 = false;
networking.firewall.enable = false;
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -61,35 +59,6 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
# services.calibre-server = {
# enable = true;
# user = "calibre-server";
# auth.enable = true;
# auth.userDb = "/srv/calibre/users.sqlite";
# libraries = [
# /media/Books/main
# /media/Books/diverse
# /media/Books/language
# /media/Books/science
# /media/Books/sport
# /media/Books/novels
# ];
# };
# services.calibre-web = {
# enable = true;
# user = "calibre-web";
# group = "calibre-web";
# listen.port = 8083;
# listen.ip = "0.0.0.0";
# options = {
# enableBookUploading = true;
# enableKepubify = true;
# enableBookConversion = true;
# };
# };
services.kavita = { services.kavita = {
enable = true; enable = true;
user = "kavita"; user = "kavita";

2
profiles/server1/jellyfin/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

20
profiles/server1/jellyfin/nixos.nix
View file

@ -31,16 +31,16 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
# sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; proxmoxLXC = {
# sops.defaultSopsFile = "/.dotfiles/secrets/jellyfin/secrets.yaml"; manageNetwork = true; # manage network myself
# sops.validateSopsFiles = false; manageHostName = false; # manage hostname myself
};
proxmoxLXC.manageNetwork = true; # manage network myself networking = {
proxmoxLXC.manageHostName = false; # manage hostname myself hostName = "jellyfin"; # Define your hostname.
networking.hostName = "jellyfin"; # Define your hostname. useDHCP = true;
networking.useDHCP = true; enableIPv6 = false;
networking.enableIPv6 = false; firewall.enable = false;
networking.firewall.enable = false; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";

2
profiles/server1/matrix/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

108
profiles/server1/matrix/nixos.nix
View file

@ -1,18 +1,14 @@
{ config, pkgs, modulesPath, unstable, sops, ... }: let { config, pkgs, modulesPath, sops, ... }: let
matrixDomain = "matrix2.swarsel.win"; matrixDomain = "matrix2.swarsel.win";
in { in {
services.xserver = { services = {
xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; openssh = {
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself
networking.useDHCP = true;
networking.enableIPv6 = false;
services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [{
@ -20,6 +16,20 @@ in {
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }];
}; };
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -38,8 +48,10 @@ in {
# this module is hence not in the modules list, we add it ourselves # this module is hence not in the modules list, we add it ourselves
]; ];
networking.hostName = "matrix"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "matrix"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
@ -49,36 +61,42 @@ in {
ffmpeg ffmpeg
]; ];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/matrix/secrets.yaml";
sops.secrets.matrixsharedsecret = {owner="matrix-synapse";}; validateSopsFiles = false;
sops.templates."matrix_user_register.sh".content = '' secrets = {
matrixsharedsecret = {owner="matrix-synapse";};
mautrixtelegram_as = {owner="matrix-synapse";};
mautrixtelegram_hs = {owner="matrix-synapse";};
mautrixtelegram_api_id = {owner="matrix-synapse";};
mautrixtelegram_api_hash = {owner="matrix-synapse";};
};
templates = {
"matrix_user_register.sh".content = ''
register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008 register_new_matrix_user -k ${config.sops.placeholder.matrixsharedsecret} http://localhost:8008
''; '';
sops.templates.matrixshared.owner = "matrix-synapse"; matrixshared = {
sops.templates.matrixshared.content = '' owner = "matrix-synapse";
content = ''
registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret} registration_shared_secret: ${config.sops.placeholder.matrixsharedsecret}
''; '';
sops.secrets.mautrixtelegram_as = {owner="matrix-synapse";}; };
sops.secrets.mautrixtelegram_hs = {owner="matrix-synapse";}; mautrixtelegram = {
sops.secrets.mautrixtelegram_api_id = {owner="matrix-synapse";}; owner = "matrix-synapse";
sops.secrets.mautrixtelegram_api_hash = {owner="matrix-synapse";}; content = ''
sops.templates.mautrixtelegram.owner = "matrix-synapse";
sops.templates.mautrixtelegram.content = ''
MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as} MAUTRIX_TELEGRAM_APPSERVICE_AS_TOKEN=${config.sops.placeholder.mautrixtelegram_as}
MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs} MAUTRIX_TELEGRAM_APPSERVICE_HS_TOKEN=${config.sops.placeholder.mautrixtelegram_hs}
MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id} MAUTRIX_TELEGRAM_TELEGRAM_API_ID=${config.sops.placeholder.mautrixtelegram_api_id}
MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash} MAUTRIX_TELEGRAM_TELEGRAM_API_HASH=${config.sops.placeholder.mautrixtelegram_api_hash}
''; '';
# sops.secrets.mautrixwhatsapp_shared = {owner="matrix-synapse";}; };
# sops.templates.mautrixwhatsapp.owner = "matrix-synapse"; };
# sops.templates.mautrixwhatsapp.content = '' };
# MAUTRIX_WHATSAPP_BRIDGE_LOGIN_SHARED_SECRET=${config.sops.placeholder.mautrixwhatsapp_shared}
# '';
services.postgresql.enable = true; services.postgresql = {
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' enable = true;
initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0 TEMPLATE template0
@ -100,21 +118,20 @@ in {
LC_COLLATE = "C" LC_COLLATE = "C"
LC_CTYPE = "C"; LC_CTYPE = "C";
''; '';
};
services.matrix-synapse = { services.matrix-synapse = {
settings.app_service_config_files = [ enable = true;
settings = {
app_service_config_files = [
"/var/lib/matrix-synapse/telegram-registration.yaml" "/var/lib/matrix-synapse/telegram-registration.yaml"
"/var/lib/matrix-synapse/whatsapp-registration.yaml" "/var/lib/matrix-synapse/whatsapp-registration.yaml"
"/var/lib/matrix-synapse/signal-registration.yaml" "/var/lib/matrix-synapse/signal-registration.yaml"
"/var/lib/matrix-synapse/doublepuppet.yaml" "/var/lib/matrix-synapse/doublepuppet.yaml"
]; ];
enable = true; server_name = matrixDomain;
settings.server_name = matrixDomain; public_baseurl = "https://${matrixDomain}";
settings.public_baseurl = "https://${matrixDomain}"; listeners = [
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
settings.listeners = [
{ port = 8008; { port = 8008;
bind_addresses = [ "0.0.0.0" ]; bind_addresses = [ "0.0.0.0" ];
type = "http"; type = "http";
@ -129,6 +146,10 @@ in {
} }
]; ];
}; };
extraConfigFiles = [
config.sops.templates.matrixshared.path
];
};
services.mautrix-telegram = { services.mautrix-telegram = {
enable = true; enable = true;
@ -151,9 +172,6 @@ in {
database = "postgresql:///mautrix-telegram?host=/run/postgresql"; database = "postgresql:///mautrix-telegram?host=/run/postgresql";
}; };
bridge = { bridge = {
# login_shared_secret_map = {
# matrixDomain = "as_token:doublepuppet";
# };
relaybot.authless_portals = true; relaybot.authless_portals = true;
allow_avatar_remove = true; allow_avatar_remove = true;
allow_contact_info = true; allow_contact_info = true;
@ -166,12 +184,6 @@ in {
"*" = "relaybot"; "*" = "relaybot";
"@swarsel:${matrixDomain}" = "admin"; "@swarsel:${matrixDomain}" = "admin";
}; };
# Animated stickers conversion requires additional packages in the
# service's path.
# If this isn't a fresh installation, clearing the bridge's uploaded
# file cache might be necessary (make a database backup first!):
# delete from telegram_file where \
# mime_type in ('application/gzip', 'application/octet-stream')
animated_sticker = { animated_sticker = {
target = "gif"; target = "gif";
args = { args = {
@ -191,7 +203,6 @@ in {
services.mautrix-whatsapp = { services.mautrix-whatsapp = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";
@ -238,7 +249,6 @@ in {
services.mautrix-signal = { services.mautrix-signal = {
enable = true; enable = true;
# environmentFile = config.sops.templates.mautrixwhatsapp.path;
settings = { settings = {
homeserver = { homeserver = {
address = "http://localhost:8008"; address = "http://localhost:8008";

2
profiles/server1/nginx/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

32
profiles/server1/nginx/nixos.nix
View file

@ -20,19 +20,25 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/nginx/secrets.yaml";
sops.secrets.dnstokenfull = {owner="acme";}; validateSopsFiles = false;
sops.templates."certs.secret".content = '' secrets.dnstokenfull = {owner="acme";};
templates."certs.secret".content = ''
CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull} CF_DNS_API_TOKEN=${config.sops.placeholder.dnstokenfull}
''; '';
proxmoxLXC.manageNetwork = true; # manage network myself };
proxmoxLXC.manageHostName = false; # manage hostname myself proxmoxLXC = {
networking.hostName = "nginx"; # Define your hostname. manageNetwork = true; # manage network myself
networking.useDHCP = true; manageHostName = false; # manage hostname myself
networking.enableIPv6 = false; };
networking.firewall.enable = false; networking = {
hostName = "nginx"; # Define your hostname.
useDHCP = true;
enableIPv6 = false;
firewall.enable = false;
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
@ -195,8 +201,4 @@
}; };
}; };
} }

2
profiles/server1/paperless/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

40
profiles/server1/paperless/nixos.nix
View file

@ -9,16 +9,12 @@
services.xserver = { services = {
xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; openssh = {
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself
networking.useDHCP = true;
networking.enableIPv6 = false;
services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [{
@ -26,6 +22,20 @@
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }];
}; };
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -52,13 +62,17 @@
ssh-to-age ssh-to-age
]; ];
networking.hostName = "paperless"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "paperless"; # Define your hostname.
firewall.enable = false;
};
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/root/.dotfiles/secrets/paperless/secrets.yaml";
sops.secrets.admin = { owner = "paperless";}; validateSopsFiles = false;
secrets.admin = { owner = "paperless";};
};
services.paperless = { services.paperless = {
enable = true; enable = true;

2
profiles/server1/sound/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

56
profiles/server1/sound/nixos.nix
View file

@ -9,16 +9,12 @@
services.xserver = { services = {
xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; openssh = {
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself
networking.useDHCP = true;
networking.enableIPv6 = false;
services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [{
@ -26,6 +22,20 @@
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }];
}; };
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -40,7 +50,9 @@
proxmoxLXC.privileged = true; # manage hostname myself proxmoxLXC.privileged = true; # manage hostname myself
users.groups.lxc_pshares = { users = {
groups = {
lxc_pshares = {
gid = 110000; gid = 110000;
members = [ members = [
"navidrome" "navidrome"
@ -49,32 +61,38 @@
]; ];
}; };
users.groups.navidrome = { navidrome = {
gid = 61593; gid = 61593;
}; };
users.groups.mpd = {}; mpd = {};
};
users.users.navidrome = { users = {
navidrome = {
isSystemUser = true; isSystemUser = true;
uid = 61593; uid = 61593;
group = "navidrome"; group = "navidrome";
extraGroups = [ "audio" "utmp" ]; extraGroups = [ "audio" "utmp" ];
}; };
users.users.mpd = { mpd = {
isSystemUser = true; isSystemUser = true;
group = "mpd"; group = "mpd";
extraGroups = [ "audio" "utmp" ]; extraGroups = [ "audio" "utmp" ];
}; };
};
};
sound = { sound = {
enable = true; enable = true;
}; };
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
networking.hostName = "sound"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "sound"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
@ -84,10 +102,12 @@
mpv mpv
]; ];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/sound/secrets.yaml";
sops.secrets.mpdpass = { owner = "mpd";}; validateSopsFiles = false;
secrets.mpdpass = { owner = "mpd";};
};
services.navidrome = { services.navidrome = {
enable = true; enable = true;

2
profiles/server1/spotifyd/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

36
profiles/server1/spotifyd/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, modulesPath, ... }: { pkgs, modulesPath, ... }:
{ {
@ -9,16 +9,12 @@
services.xserver = { services = {
xserver = {
layout = "us"; layout = "us";
xkbVariant = "altgr-intl"; xkbVariant = "altgr-intl";
}; };
nix.settings.experimental-features = ["nix-command" "flakes"]; openssh = {
proxmoxLXC.manageNetwork = true; # manage network myself
proxmoxLXC.manageHostName = false; # manage hostname myself
networking.useDHCP = true;
networking.enableIPv6 = false;
services.openssh = {
enable = true; enable = true;
settings.PermitRootLogin = "yes"; settings.PermitRootLogin = "yes";
listenAddresses = [{ listenAddresses = [{
@ -26,6 +22,20 @@
addr = "0.0.0.0"; addr = "0.0.0.0";
}]; }];
}; };
};
nix.settings.experimental-features = ["nix-command" "flakes"];
proxmoxLXC = {
manageNetwork = true; # manage network myself
manageHostName = false; # manage hostname myself
};
networking = {
useDHCP = true;
enableIPv6 = false;
};
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../../secrets/keys/authorized_keys ../../../secrets/keys/authorized_keys
]; ];
@ -56,18 +66,16 @@
}; };
hardware.enableAllFirmware = true; hardware.enableAllFirmware = true;
networking.hostName = "spotifyd"; # Define your hostname. networking = {
networking.firewall.enable = false; hostName = "spotifyd"; # Define your hostname.
firewall.enable = false;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
gnupg gnupg
ssh-to-age ssh-to-age
]; ];
# sops.age.sshKeyPaths = [ "/etc/ssh/sops" ];
# sops.defaultSopsFile = "/.dotfiles/secrets/spotifyd/secrets.yaml";
# sops.validateSopsFiles = false;
services.spotifyd = { services.spotifyd = {
enable = true; enable = true;
settings = { settings = {

2
profiles/server1/transmission/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { lib, ... }:
{ {
imports = [ ]; imports = [ ];

170
profiles/server1/transmission/nixos.nix
View file

@ -44,62 +44,48 @@
nix.settings.experimental-features = ["nix-command" "flakes"]; nix.settings.experimental-features = ["nix-command" "flakes"];
sops.age.sshKeyPaths = [ "/etc/ssh/sops" ]; sops = {
sops.defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml"; age.sshKeyPaths = [ "/etc/ssh/sops" ];
sops.validateSopsFiles = false; defaultSopsFile = "/.dotfiles/secrets/transmission/secrets.yaml";
validateSopsFiles = false;
};
boot.kernelModules = [ "tun" ]; boot.kernelModules = [ "tun" ];
proxmoxLXC.manageNetwork = true; # manage network myself proxmoxLXC = {
proxmoxLXC.manageHostName = false; # manage hostname myself manageNetwork = true; # manage network myself
networking.hostName = "transmission"; # Define your hostname. manageHostName = false; # manage hostname myself
networking.useDHCP = true; };
networking.enableIPv6 = false; networking = {
networking.firewall.enable = false; hostName = "transmission"; # Define your hostname.
useDHCP = true;
services.radarr = { enableIPv6 = false;
enable = true; firewall.enable = false;
}; };
services.readarr = { services = {
radarr = {
enable = true; enable = true;
}; };
services.sonarr = { readarr = {
enable = true; enable = true;
}; };
services.lidarr = { sonarr = {
enable = true; enable = true;
}; };
services.prowlarr = { lidarr = {
enable = true; enable = true;
}; };
prowlarr = {
enable = true;
};
};
# networking.interfaces = {
# lo = {
# useDHCP = false;
# ipv4.addresses = [
# { address = "127.0.0.1"; prefixLength = 8; }
# ];
# };
#
# eth0 = {
# useDHCP = true;
# };
# };
# networking.firewall.extraCommands = ''
# sudo iptables -A OUTPUT ! -o lo -m owner --uid-owner vpn -j DROP
# '';
networking.iproute2 = { networking.iproute2 = {
enable = true; enable = true;
rttablesExtraConfig = '' rttablesExtraConfig = ''
200 vpn 200 vpn
''; '';
}; };
# boot.kernel.sysctl = {
# "net.ipv4.conf.all.rp_filter" = 2;
# "net.ipv4.conf.default.rp_filter" = 2;
# "net.ipv4.conf.eth0.rp_filter" = 2;
# };
environment.etc = { environment.etc = {
"openvpn/iptables.sh" = "openvpn/iptables.sh" =
{ source = ../../../scripts/server1/iptables.sh; { source = ../../../scripts/server1/iptables.sh;
@ -141,26 +127,22 @@
nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;"; nswitch = "cd /.dotfiles; git pull; nixos-rebuild --flake .#$(hostname) switch; cd -;";
}; };
sops.secrets.vpnuser = {}; sops = {
sops.secrets.rpcuser = {owner="vpn";}; templates = {
sops.secrets.vpnpass = {}; "transmission-rpc" = {
sops.secrets.rpcpass = {owner="vpn";}; owner = "vpn";
sops.secrets.vpnprot = {}; content = builtins.toJSON {
sops.secrets.vpnloc = {};
# sops.secrets.crlpem = {};
# sops.secrets.capem = {};
sops.templates."transmission-rpc".owner = "vpn";
sops.templates."transmission-rpc".content = builtins.toJSON {
rpc-username = config.sops.placeholder.rpcuser; rpc-username = config.sops.placeholder.rpcuser;
rpc-password = config.sops.placeholder.rpcpass; rpc-password = config.sops.placeholder.rpcpass;
}; };
};
sops.templates.pia.content = '' pia.content = ''
${config.sops.placeholder.vpnuser} ${config.sops.placeholder.vpnuser}
${config.sops.placeholder.vpnpass} ${config.sops.placeholder.vpnpass}
''; '';
sops.templates.vpn.content = '' vpn.content = ''
client client
dev tun dev tun
proto ${config.sops.placeholder.vpnprot} proto ${config.sops.placeholder.vpnprot}
@ -188,71 +170,20 @@
dhcp-option DNS 8.8.8.8 dhcp-option DNS 8.8.8.8
route-noexec route-noexec
''; '';
};
# services.pia.enable = true; secrets = {
# services.pia.authUserPass.username = "na"; vpnuser = {};
# services.pia.authUserPass.password = "na"; rpcuser = {owner="vpn";};
vpnpass = {};
rpcpass = {owner="vpn";};
# systemd.services.openvpn-vpn = { vpnprot = {};
# wantedBy = [ "multi-user.target" ]; vpnloc = {};
# after = [ "network.target" ]; };
# description = "OpenVPN connection to pia"; };
# serviceConfig = {
# Type = "forking";
# RuntimeDirectory="openvpn";
# PrivateTmp=true;
# KillMode="mixed";
# ExecStart = ''@${pkgs.openvpn}/sbin/openvpn openvpn --daemon ovpn-pia --status /run/openvpn/pia.status 10 --cd /etc/openvpn --script-security 2 --config ${config.sops.templates.vpn.path} --writepid /run/openvpn/pia.pid'';
# PIDFile=''/run/openvpn/pia.pid'';
# ExecReload=''/run/current-system/sw/bin/kill -HUP $MAINPID'';
# WorkingDirectory="/etc/openvpn";
# Restart="on-failure";
# RestartSec=30;
# ProtectSystem="yes";
# DeviceAllow=["/dev/null rw" "/dev/net/tun rw"];
# };
# };
services.openvpn.servers = { services.openvpn.servers = {
pia = { pia = {
autoStart = false; autoStart = false;
updateResolvConf = true; updateResolvConf = true;
# up = ''
# export INTERFACE="tun0"
# export VPNUSER="vpn"
# export LOCALIP="192.168.1.191"
# export NETIF="eth0"
# export VPNIF="tun0"
# export GATEWAYIP=$(ifconfig $VPNIF | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | egrep -v '255|(127\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | tail -n1)
# iptables -F -t nat
# iptables -F -t mangle
# iptables -F -t filter
# iptables -t mangle -A OUTPUT -j CONNMARK --restore-mark
# iptables -t mangle -A OUTPUT ! --dest $LOCALIP -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT --dest $LOCALIP -p udp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT --dest $LOCALIP -p tcp --dport 53 -m owner --uid-owner $VPNUSER -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT ! --src $LOCALIP -j MARK --set-mark 0x1
# iptables -t mangle -A OUTPUT -j CONNMARK --save-mark
# iptables -A INPUT -i $INTERFACE -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A INPUT -i $INTERFACE -j REJECT
# iptables -A OUTPUT -o lo -m owner --uid-owner $VPNUSER -j ACCEPT
# iptables -A OUTPUT -o $INTERFACE -m owner --uid-owner $VPNUSER -j ACCEPT
# iptables -t nat -A POSTROUTING -o $INTERFACE -j MASQUERADE
# iptables -A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# iptables -A OUTPUT ! --src $LOCALIP -o $NETIF -j REJECT
# if [[ `ip rule list | grep -c 0x1` == 0 ]]; then
# ip rule add from all fwmark 0x1 lookup $VPNUSER
# fi
# ip route replace default via $GATEWAYIP table $VPNUSER
# ip route append default via 127.0.0.1 dev lo table $VPNUSER
# ip route flush cache
# '';
# down = "bash /etc/openvpn/update-resolv-conf";
# these are outsourced to a local file, I am not sure if it can be done with sops-nix
# authUserPass = {
# username = "TODO:secrets";
# password = "TODO:secrets";
# };
config = "config ${config.sops.templates.vpn.path}"; config = "config ${config.sops.templates.vpn.path}";
}; };
}; };
@ -335,24 +266,5 @@
}; };
}; };
# services.nginx = {
# enable = true;
# virtualHosts = {
# "192.168.1.192" = {
# locations = {
# "/transmission" = {
# proxyPass = "http://127.0.0.1:9091";
# extraConfig = ''
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# '';
# };
# };
# };
# };
# };
} }

2
profiles/threed/hardware-configuration.nix
View file

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, modulesPath, ... }:
{ {
imports = imports =

4
profiles/threed/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -76,7 +76,7 @@
}; };
keybindings = let keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; inherit (config.wayland.windowManager.sway.config) modifier;
in { in {
"${modifier}+F2" = "exec brightnessctl set +5%"; "${modifier}+F2" = "exec brightnessctl set +5%";
"${modifier}+F1"= "exec brightnessctl set 5%-"; "${modifier}+F1"= "exec brightnessctl set 5%-";

4
profiles/threed/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { lib, pkgs, ... }:
{ {
@ -71,7 +71,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

10
profiles/winters/home.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, lib, fetchFromGitHub, ... }: { config, pkgs, ... }:
{ {
@ -97,11 +97,11 @@
]; ];
keybindings = let # keybindings = let
modifier = config.wayland.windowManager.sway.config.modifier; # inherit (config.wayland.windowManager.sway.config) modifier;
in { # in {
}; # };
startup = [ startup = [

4
profiles/winters/nixos.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, ... }: { pkgs, ... }:
{ {
@ -88,7 +88,7 @@
}; };
monospace = { monospace = {
package = (pkgs.nerdfonts.override { fonts = [ "FiraCode"]; }); package = pkgs.nerdfonts.override { fonts = [ "FiraCode"]; };
name = "FiraCode Nerd Font Mono"; name = "FiraCode Nerd Font Mono";
}; };

1
templates/cu_flake.nix
View file

@ -8,7 +8,6 @@
outputs = {nixpkgs, ...}: let outputs = {nixpkgs, ...}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; }; pkgs = import nixpkgs { system = "x86_64-linux"; config.allowUnfree = true; };
llvm = pkgs.llvmPackages_latest;
in { in {
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {

2
templates/rust_flake.nix
View file

@ -5,7 +5,7 @@
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
}; };
outputs = {self, nixpkgs, rust-overlay, ...}: let outputs = { nixpkgs, rust-overlay, ...}: let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;