swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2026-04-14 13:19:09 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: update flake
Some checks failed
Build and Deploy / build (push) Has been cancelled
Details
Flake check / Check flake (push) Has been cancelled
Details
Build and Deploy / deploy (push) Has been cancelled
Details

Browse source
This commit is contained in:
Leon Schwarzäugl 2026-02-01 22:18:01 +01:00
parent edd2c61b17
commit 52554d4f92
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
28 changed files with 1111 additions and 1025 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/README.md vendored
View file

@ -135,7 +135,7 @@
|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) |
|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) |
|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) |
|📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | |📁 **Filesharing** | [Nextcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) |
|📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) |
|🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) |
@ -156,7 +156,7 @@
|⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) | |⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) |
|☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) | |☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) |
|🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) | |🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) |
|🐙 **Nix Build farm** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) | |🐙 **Nix Build farm** | [Hydra](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) | |🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) |
|🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) | |🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) |
|👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) | |👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) |

217
SwarselSystems.org
View file

@ -359,7 +359,7 @@ This is a comprehensive list of the services/components ran by my server machine
|📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) | |📼 **Videos** | [Jellyfin](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/jellyfin.nix) |
|🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) | |🎵 **Music** | [Navidrome](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/navidrome.nix) + [Spotifyd](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/spotifyd.nix) + [MPD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/mpd.nix) |
|🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) | |🗨️ **Messaging** | [Matrix](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/matrix.nix) |
|📁 **Filesharing** | [Nectcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) | |📁 **Filesharing** | [Nextcloud](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nextcloud.nix) |
|🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) | |🎞️ **Photos** | [Immich](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/immich.nix) |
|📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) | |📄 **Documents** | [Paperless](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/paperless.nix) |
|🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) | |🔄 **File Sync** | [Syncthing](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/syncthing.nix) |
@ -380,7 +380,7 @@ This is a comprehensive list of the services/components ran by my server machine
|⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) | |⛏️ **Minecraft** | [Minecraft](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/minecraft.nix) |
|☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) | |☁️ **S3** | [Garage](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/garage.nix) |
|🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) | |🕸️ **Nix Binary Cache** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/attic.nix) |
|🐙 **Nix Build farm** | [Attic](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) | |🐙 **Nix Build farm** | [Hydra](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/hydra.nix) |
|🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) | |🔑 **Cert-based SSH** | [OPKSSH](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/opkssh.nix) |
|🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) | |🔨 **Home Asset Management**| [Homebox](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/homebox.nix) |
|👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) | |👀 **DNS Records** | [NSD](https://github.com/Swarsel/.dotfiles/tree/main/modules/nixos/server/nsd.nix) |
@ -1737,13 +1737,22 @@ A short overview over each input and what it does:
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
# url = "github:Swarsel/home-manager/main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-index-database = { nix-index-database = {
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay"; # emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
@ -1755,7 +1764,6 @@ A short overview over each input and what it does:
sops.url = "github:Mic92/sops-nix"; sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-images.url = "github:Swarsel/nixos-images/main"; nixos-images.url = "github:Swarsel/nixos-images/main";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix"; nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix";
@ -1773,11 +1781,10 @@ A short overview over each input and what it does:
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";
treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.url = "github:numtide/treefmt-nix";
dns.url = "github:kirelagin/dns.nix";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
topologyPrivate.url = "./files/topology/public"; pia.url = "github:Swarsel/pia.nix/custom";
}; };
outputs = outputs =
@ -2279,6 +2286,7 @@ The rest of the functions are used to build full NixOS systems as well as halfCo
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests") (inputs.nixos-extra-modules + "/modules/guests")
(inputs.nixos-extra-modules + "/modules/interface-naming.nix") (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/hosts/nixos/${arch}/${configName}" "${self}/hosts/nixos/${arch}/${configName}"
@ -2627,7 +2635,7 @@ Another note concerning [[https://flake.parts/][flake-parts]]:
}; };
}; };
switch-bedroom = mkDevice "Switch Bedroom" { switch-bedroom = mkSwitch "Switch Bedroom" {
info = "Cisco SG 200-08"; info = "Cisco SG 200-08";
image = "${self}/files/topology-images/Cisco_SG_200-08.png"; image = "${self}/files/topology-images/Cisco_SG_200-08.png";
interfaceGroups = [ interfaceGroups = [
@ -4961,6 +4969,7 @@ This is my main server that I run at home. It handles most tasks that require bi
{ self, lib, minimal, ... }: { self, lib, minimal, ... }:
{ {
imports = [ imports = [
"${self}/profiles/nixos/microvm" "${self}/profiles/nixos/microvm"
"${self}/modules/nixos" "${self}/modules/nixos"
]; ];
@ -10207,6 +10216,20 @@ Here I disable global completion to prevent redundant compinit calls and cache i
}; };
} }
#+end_src #+end_src
***** nautilus
#+begin_src nix-ts :tangle modules/nixos/client/nautilus.nix
{ lib, config, ... }:
{
options.swarselmodules.nautilus = lib.mkEnableOption "nautilus config";
config = lib.mkIf config.swarselmodules.nautilus {
programs.nautilus-open-any-terminal = {
enable = true;
terminal = "kitty";
};
};
}
#+end_src
***** syncthing ***** syncthing
:PROPERTIES: :PROPERTIES:
:CUSTOM_ID: h:1e6d3d56-e415-43a2-8e80-3bad8062ecf8 :CUSTOM_ID: h:1e6d3d56-e415-43a2-8e80-3bad8062ecf8
@ -11672,17 +11695,19 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
:END: :END:
#+begin_src nix-ts :tangle modules/nixos/server/bastion.nix #+begin_src nix-ts :tangle modules/nixos/server/bastion.nix
{ self, lib, config, withHomeManager, ... }: { self, lib, config, withHomeManager, confLib, ... }:
{ {
options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server"; options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server";
config = lib.mkIf config.swarselmodules.server.bastion ({ config = lib.mkIf config.swarselmodules.server.bastion ({
users = { users = {
persistentIds.jump = confLib.mkIds 1001;
groups = { groups = {
jump = { }; jump = { };
}; };
users = { users = {
"jump" = { jump = {
autoSubUidGidRange = false;
isNormalUser = true; isNormalUser = true;
useDefaultShell = true; useDefaultShell = true;
group = lib.mkForce "jump"; group = lib.mkForce "jump";
@ -11750,7 +11775,7 @@ Here I am forcing =startWhenNeeded= to false so that the value will not be set t
Restricts access to the system by the nix build user as per https://discourse.nixos.org/t/wrapper-to-restrict-builder-access-through-ssh-worth-upstreaming/25834. Restricts access to the system by the nix build user as per https://discourse.nixos.org/t/wrapper-to-restrict-builder-access-through-ssh-worth-upstreaming/25834.
#+begin_src nix-ts :tangle modules/nixos/server/ssh-builder.nix #+begin_src nix-ts :tangle modules/nixos/server/ssh-builder.nix
{ self, pkgs, lib, config, ... }: { self, pkgs, lib, config, confLib, ... }:
let let
ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" "; ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" ";
@ -11772,6 +11797,7 @@ Restricts access to the system by the nix build user as per https://discourse.ni
options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server"; options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server";
config = lib.mkIf config.swarselmodules.server.ssh-builder { config = lib.mkIf config.swarselmodules.server.ssh-builder {
users = { users = {
persistentIds.builder = confLib.mkIds 965;
groups.builder = { }; groups.builder = { };
users.builder = { users.builder = {
useDefaultShell = true; useDefaultShell = true;
@ -13098,7 +13124,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
:END: :END:
#+begin_src nix-ts :tangle modules/nixos/server/mpd.nix #+begin_src nix-ts :tangle modules/nixos/server/mpd.nix
{ self, lib, config, pkgs, confLib, ... }: { lib, config, pkgs, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup; inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
@ -13130,10 +13156,10 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
mpv mpv
]; ];
topology.self.services.${serviceName} = { # topology.self.services.${serviceName} = {
info = "http://localhost:${builtins.toString servicePort}"; # info = "http://localhost:${builtins.toString servicePort}";
icon = lib.mkForce "${self}/files/topology-images/mpd.png"; # icon = lib.mkForce "${self}/files/topology-images/mpd.png";
}; # };
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }]; directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }];
@ -13298,7 +13324,7 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
:END: :END:
#+begin_src nix-ts :tangle modules/nixos/server/matrix.nix #+begin_src nix-ts :tangle modules/nixos/server/matrix.nix
{ self, lib, config, pkgs, globals, dns, confLib, ... }: { lib, config, pkgs, globals, dns, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
@ -13363,14 +13389,6 @@ This is the configuration to make [[#h:58c7563e-6954-42e6-a622-9d06523e8e24][Hin
# networking.firewall.allowedTCPPorts = [ servicePort federationPort ]; # networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
topology.self.services = lib.listToAttrs (map
(service:
lib.nameValuePair "mautrix-${service}" {
name = "mautrix-${service}";
icon = "${self}/files/topology-images/mautrix.png";
})
[ "whatsapp" "signal" "telegram" ]);
systemd = { systemd = {
timers."restart-bridges" = { timers."restart-bridges" = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
@ -14036,6 +14054,7 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
let let
inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain; inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain;
inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules; inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules;
inherit (config.swarselsystems) sopsFile;
lidarrUser = "lidarr"; lidarrUser = "lidarr";
lidarrGroup = lidarrUser; lidarrGroup = lidarrUser;
@ -14057,6 +14076,10 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
sops.secrets = {
pia = { inherit sopsFile; };
};
# this user/group section is probably unneeded # this user/group section is probably unneeded
users = { users = {
persistentIds = { persistentIds = {
@ -14141,6 +14164,17 @@ Also I install Tika and Gotenberg, which are needed to create PDFs out of =.eml=
}; };
services = { services = {
pia = {
enable = true;
credentials.credentialsFile = config.sops.secrets.pia.path;
protocol = "wireguard";
autoConnect = {
enable = true;
region = "sweden";
};
portForwarding.enable = true;
dns.enable = true;
};
radarr = { radarr = {
enable = true; enable = true;
user = radarrUser; user = radarrUser;
@ -15406,7 +15440,8 @@ kanidm person credential create-reset-token <user>
}; };
}; };
systemd.services."generateSSLCert-${serviceName}" = systemd.services = {
"generateSSLCert-${serviceName}" =
let let
daysValid = 3650; daysValid = 3650;
renewBeforeDays = 365; renewBeforeDays = 365;
@ -15458,6 +15493,12 @@ kanidm person credential create-reset-token <user>
fi fi
''; '';
}; };
kanidm = {
environment.KANIDM_TRUST_X_FORWARD_FOR = "true";
serviceConfig.RestartSec = "30";
};
};
# system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
@ -15521,7 +15562,7 @@ kanidm person credential create-reset-token <user>
# tls_key = config.sops.secrets.kanidm-self-signed-key.path; # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase; tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}"; bindaddress = "0.0.0.0:${toString servicePort}";
trust_x_forward_for = true; # trust_x_forward_for = true;
}; };
enableClient = true; enableClient = true;
clientSettings = { clientSettings = {
@ -15718,7 +15759,6 @@ kanidm person credential create-reset-token <user>
}; };
}; };
systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
nodes = let nodes = let
extraConfig = '' extraConfig = ''
@ -16126,7 +16166,7 @@ kanidm person credential create-reset-token <user>
#+begin_src nix-ts :tangle modules/nixos/server/koillection.nix #+begin_src nix-ts :tangle modules/nixos/server/koillection.nix
{ self, lib, config, globals, dns, confLib, ... }: { self, lib, config, globals, dns, confLib, ... }:
let let
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
serviceDB = "koillection"; serviceDB = "koillection";
@ -16150,7 +16190,7 @@ kanidm person credential create-reset-token <user>
koillection-env-file = { inherit sopsFile; }; koillection-env-file = { inherit sopsFile; };
}; };
topology.self.services.${serviceName} = { topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName; name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}"; info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png"; icon = "${self}/files/topology-images/${serviceName}.png";
@ -16558,6 +16598,7 @@ kanidm person credential create-reset-token <user>
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = { users = {
persistentIds.${serviceName} = confLib.mkIds 964;
groups.${serviceGroup} = { }; groups.${serviceGroup} = { };
users.${serviceUser} = { users.${serviceUser} = {
@ -16680,7 +16721,7 @@ kanidm person credential create-reset-token <user>
#+begin_src nix-ts :tangle modules/nixos/server/shlink.nix #+begin_src nix-ts :tangle modules/nixos/server/shlink.nix
{ self, lib, config, dns, globals, confLib, ... }: { self, lib, config, dns, globals, confLib, ... }:
let let
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a"; containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
@ -16711,6 +16752,12 @@ kanidm person credential create-reset-token <user>
}; };
}; };
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
virtualisation.oci-containers.containers.${serviceName} = { virtualisation.oci-containers.containers.${serviceName} = {
image = "shlinkio/shlink@${containerRev}"; image = "shlinkio/shlink@${containerRev}";
environment = { environment = {
@ -16757,12 +16804,6 @@ kanidm person credential create-reset-token <user>
{ directory = "/var/lib/containers"; } { directory = "/var/lib/containers"; }
]; ];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
globals = { globals = {
networks = { networks = {
${webProxyIf}.hosts = lib.mkIf isProxied { ${webProxyIf}.hosts = lib.mkIf isProxied {
@ -16802,14 +16843,14 @@ Deployment notes:
- finally, disable new user registration in web ui - finally, disable new user registration in web ui
#+begin_src nix-ts :tangle modules/nixos/server/slink.nix #+begin_src nix-ts :tangle modules/nixos/server/slink.nix
{ lib, config, dns, globals, confLib, ... }: { lib, config, dns, globals, confLib, ... }:
let let
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
in in
{ {
options = { options = {
swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server"; swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} on server";
}; };
@ -16819,6 +16860,12 @@ in
podman = true; podman = true;
}; };
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
virtualisation.oci-containers.containers.${serviceName} = { virtualisation.oci-containers.containers.${serviceName} = {
image = "anirdev/slink@${containerRev}"; image = "anirdev/slink@${containerRev}";
environment = { environment = {
@ -16858,12 +16905,6 @@ in
{ directory = serviceDir; } { directory = serviceDir; }
]; ];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
globals = { globals = {
networks = { networks = {
${webProxyIf}.hosts = lib.mkIf isProxied { ${webProxyIf}.hosts = lib.mkIf isProxied {
@ -16924,7 +16965,7 @@ in
}; };
}; };
} }
#+end_src #+end_src
**** Snipe-IT (currently unused) **** Snipe-IT (currently unused)
@ -17901,6 +17942,15 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
}; };
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds = {
knot-resolver = confLib.mkIds 963;
postfix-tlspol = confLib.mkIds 962;
roundcube = confLib.mkIds 961;
redis-rspamd = confLib.mkIds 960;
};
};
globals.services = { globals.services = {
${serviceName} = { ${serviceName} = {
domain = serviceDomain; domain = serviceDomain;
@ -17950,11 +18000,12 @@ When changing the hashed passwords, =dovecot= needs to be restarted manually, it
domains = [ baseDomain ]; domains = [ baseDomain ];
indexDir = "${serviceDir}/indices"; indexDir = "${serviceDir}/indices";
openFirewall = true; openFirewall = true;
certificateScheme = "acme"; # certificateScheme = "acme";
dmarcReporting.enable = true; dmarcReporting.enable = true;
enableSubmission = true; enableSubmission = true;
enableSubmissionSsl = true; enableSubmissionSsl = true;
enableImapSsl = true; enableImapSsl = true;
x509.useACMEHost = globals.domains.main;
loginAccounts = { loginAccounts = {
"${user1}@${baseDomain}" = { "${user1}@${baseDomain}" = {
@ -19057,7 +19108,7 @@ This has some state:
homeDomains) ++ [ homeDomains) ++ [
{ {
domain = "smb.${globals.domains.main}"; domain = "smb.${globals.domains.main}";
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4; answer = globals.networks.home-lan.vlans.services.hosts.summers-storage.ipv4;
enabled = true; enabled = true;
} }
]; ];
@ -19799,7 +19850,7 @@ Some standard options that should be set for every microvm host.
Some standard options that should be set for every microvm guest. We set the default Some standard options that should be set for every microvm guest. We set the default
#+begin_src nix-ts :tangle modules/nixos/optional/microvm-guest.nix #+begin_src nix-ts :tangle modules/nixos/optional/microvm-guest.nix
{ self, lib, config, inputs, microVMParent, nodes, globals, confLib, ... }: { self, config, inputs, ... }:
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@ -19816,6 +19867,7 @@ Some standard options that should be set for every microvm guest. We set the def
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/interface-naming.nix") (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
@ -21603,9 +21655,9 @@ To specify both content in Early initialization and General configuration, use l
Currently I only use it as before with =initExtra= though. Currently I only use it as before with =initExtra= though.
#+begin_src nix-ts :tangle modules/home/common/zsh.nix #+begin_src nix-ts :tangle modules/home/common/zsh.nix
{ self, config, pkgs, lib, minimal, globals, confLib, type, ... }: { self, config, pkgs, lib, minimal, globals, confLib, type, arch, ... }:
let let
inherit (config.swarselsystems) flakePath isNixos; inherit (config.swarselsystems) flakePath isNixos homeDir;
crocDomain = globals.services.croc.domain; crocDomain = globals.services.croc.domain;
in in
{ {
@ -21625,7 +21677,11 @@ Currently I only use it as before with =initExtra= though.
// lib.optionalAttrs (!minimal) { // lib.optionalAttrs (!minimal) {
shellAliases = lib.recursiveUpdate shellAliases = lib.recursiveUpdate
{ {
hg = "history | grep"; nb = "nix build";
nbl = "nix build --builders \"\"";
nbo = "nix build --offline --builders \"\"";
nd = "nix develop";
ns = "nix shell";
hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
@ -21651,7 +21707,8 @@ Currently I only use it as before with =initExtra= though.
boot-diff = "nix store diff-closures /run/*-system"; boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy"; cc = "wl-copy";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output"; build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-topology-dev = "nix build --show-trace --override-input nix-topology ${homeDir}/Documents/Private/nix-topology --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-iso = "nix build --print-out-paths .#live-iso"; build-iso = "nix build --print-out-paths .#live-iso";
nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD"; nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux"; nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";
@ -24308,7 +24365,7 @@ Sets up a systemd user service for anki that does not stall the shutdown process
}; };
Service = { Service = {
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
}; };
}; };
}; };
@ -25714,12 +25771,12 @@ This service changes the screen hue at night. I am not sure if that really does
# { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; } # { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; }
{ timeout = 600; command = "${suspend}"; } { timeout = 600; command = "${suspend}"; }
]; ];
events = [ events = {
# { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; } # { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; }
# { event = "after-resume"; command = "${swaylock} -f "; } # { event = "after-resume"; command = "${swaylock} -f "; }
{ event = "before-sleep"; command = "${swaylock} -f "; } before-sleep = "${swaylock} -f ";
{ event = "lock"; command = "${swaylock} -f "; } lock = "${swaylock} -f ";
]; };
}; };
}; };
@ -27394,6 +27451,8 @@ In short, the options defined here are passed to the modules systems using =_mod
serviceDir = dir; serviceDir = dir;
serviceAddress = address; serviceAddress = address;
serviceProxy = proxy; serviceProxy = proxy;
serviceNode = config.node.name;
topologyContainerName = "${serviceNode}-${config.virtualisation.oci-containers.backend}-${name}";
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null; proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null; proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
}; };
@ -29887,6 +29946,7 @@ Modules that need to be loaded on the NixOS level. Note that these will not be a
lid = lib.mkDefault true; lid = lib.mkDefault true;
login = lib.mkDefault true; login = lib.mkDefault true;
lowBattery = lib.mkDefault false; lowBattery = lib.mkDefault false;
nautilus = lib.mkDefault true;
network = lib.mkDefault true; network = lib.mkDefault true;
networkDevices = lib.mkDefault true; networkDevices = lib.mkDefault true;
nftables = lib.mkDefault true; nftables = lib.mkDefault true;
@ -30233,62 +30293,25 @@ This holds modules that are to be used on most hosts. These are also the most im
options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host"; options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host";
config = lib.mkIf config.swarselprofiles.dgxspark { config = lib.mkIf config.swarselprofiles.dgxspark {
swarselmodules = { swarselmodules = {
anki = lib.mkDefault false;
anki-tray = lib.mkDefault false;
atuin = lib.mkDefault true; atuin = lib.mkDefault true;
autotiling = lib.mkDefault false;
batsignal = lib.mkDefault false;
bash = lib.mkDefault true; bash = lib.mkDefault true;
blueman-applet = lib.mkDefault true; blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault false;
direnv = lib.mkDefault true; direnv = lib.mkDefault true;
element-desktop = lib.mkDefault false;
element-tray = lib.mkDefault false;
emacs = lib.mkDefault false;
env = lib.mkDefault false;
eza = lib.mkDefault true; eza = lib.mkDefault true;
firefox = lib.mkDefault true; firefox = lib.mkDefault true;
fuzzel = lib.mkDefault true; fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault false;
general = lib.mkDefault true; general = lib.mkDefault true;
git = lib.mkDefault true; git = lib.mkDefault true;
gnome-keyring = lib.mkDefault false;
gpgagent = lib.mkDefault true; gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault false;
kanshi = lib.mkDefault false;
kdeconnect = lib.mkDefault false;
kitty = lib.mkDefault true; kitty = lib.mkDefault true;
mail = lib.mkDefault false;
mako = lib.mkDefault false;
nix-index = lib.mkDefault true; nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true; nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true; nix-your-shell = lib.mkDefault true;
nm-applet = lib.mkDefault true; nm-applet = lib.mkDefault true;
obs-studio = lib.mkDefault false;
obsidian = lib.mkDefault false;
obsidian-tray = lib.mkDefault false;
ownpackages = lib.mkDefault false;
packages = lib.mkDefault false;
passwordstore = lib.mkDefault false;
programs = lib.mkDefault false;
sops = lib.mkDefault true; sops = lib.mkDefault true;
spicetify = lib.mkDefault false;
spotify-player = lib.mkDefault false;
ssh = lib.mkDefault false;
starship = lib.mkDefault true; starship = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault false;
swayidle = lib.mkDefault false;
swaylock = lib.mkDefault false;
swayosd = lib.mkDefault false;
symlink = lib.mkDefault false;
tmux = lib.mkDefault true; tmux = lib.mkDefault true;
vesktop = lib.mkDefault false;
vesktop-tray = lib.mkDefault false;
syncthing-tray = lib.mkDefault false;
waybar = lib.mkDefault false;
yubikey = lib.mkDefault false;
yubikeytouch = lib.mkDefault false;
zellij = lib.mkDefault true; zellij = lib.mkDefault true;
zsh = lib.mkDefault true; zsh = lib.mkDefault true;
}; };

297
flake.lock generated
View file

@ -298,7 +298,9 @@
"dns": { "dns": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1768143854, "lastModified": 1768143854,
@ -316,7 +318,7 @@
}, },
"emacs-overlay": { "emacs-overlay": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
@ -337,7 +339,7 @@
}, },
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_16", "nixpkgs": "nixpkgs_15",
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
@ -696,7 +698,25 @@
}, },
"flake-utils_6": { "flake-utils_6": {
"inputs": { "inputs": {
"systems": "systems_8" "systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_7": {
"inputs": {
"systems": "systems_9"
}, },
"locked": { "locked": {
"lastModified": 1731533236, "lastModified": 1731533236,
@ -891,11 +911,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769102673, "lastModified": 1769622371,
"narHash": "sha256-/qvRFjn1s3bIJdSKG6IpaE6ML3j9anQKUqGhmt4Qe+E=", "narHash": "sha256-Cs1/+P3ntxl9mOIL7/QtItBAzQJ2xjvTMHv7qw0nFV0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "b0491fe55680bd19be8e74847969dad9d7784658", "rev": "02d763228d8aff317e6e5a319474b6d4d9d826a5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -952,7 +972,7 @@
"nix-eval-jobs": [ "nix-eval-jobs": [
"nix-eval-jobs" "nix-eval-jobs"
], ],
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1759783173, "lastModified": 1759783173,
@ -972,7 +992,7 @@
"impermanence": { "impermanence": {
"inputs": { "inputs": {
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_6" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1768941735, "lastModified": 1768941735,
@ -1014,7 +1034,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_6",
"pre-commit": "pre-commit", "pre-commit": "pre-commit",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
@ -1034,7 +1054,7 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_7",
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
@ -1116,7 +1136,7 @@
"inputs": { "inputs": {
"niri-stable": "niri-stable", "niri-stable": "niri-stable",
"niri-unstable": "niri-unstable", "niri-unstable": "niri-unstable",
"nixpkgs": "nixpkgs_9", "nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2", "nixpkgs-stable": "nixpkgs-stable_2",
"xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-stable": "xwayland-satellite-stable",
"xwayland-satellite-unstable": "xwayland-satellite-unstable" "xwayland-satellite-unstable": "xwayland-satellite-unstable"
@ -1187,7 +1207,7 @@
}, },
"nix-darwin": { "nix-darwin": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_10" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1768764703, "lastModified": 1768764703,
@ -1267,7 +1287,7 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_11" "nixpkgs": "nixpkgs_10"
}, },
"locked": { "locked": {
"lastModified": 1768962252, "lastModified": 1768962252,
@ -1287,7 +1307,7 @@
"inputs": { "inputs": {
"home-manager": "home-manager_3", "home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack", "nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": "nixpkgs_12", "nixpkgs": "nixpkgs_11",
"nixpkgs-docs": "nixpkgs-docs", "nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd_2" "nmd": "nmd_2"
@ -1310,7 +1330,7 @@
"nix-topology": { "nix-topology": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_13" "nixpkgs": "nixpkgs_12"
}, },
"locked": { "locked": {
"lastModified": 1769018862, "lastModified": 1769018862,
@ -1364,7 +1384,7 @@
"nixgl": { "nixgl": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_14" "nixpkgs": "nixpkgs_13"
}, },
"locked": { "locked": {
"lastModified": 1762090880, "lastModified": 1762090880,
@ -1399,7 +1419,7 @@
"inputs": { "inputs": {
"devshell": "devshell_2", "devshell": "devshell_2",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_15", "nixpkgs": "nixpkgs_14",
"nixt": "nixt", "nixt": "nixt",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
@ -1421,7 +1441,9 @@
"nixos-generators": { "nixos-generators": {
"inputs": { "inputs": {
"nixlib": "nixlib", "nixlib": "nixlib",
"nixpkgs": "nixpkgs_17" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1764234087, "lastModified": 1764234087,
@ -1476,7 +1498,7 @@
"nixos-nftables-firewall": { "nixos-nftables-firewall": {
"inputs": { "inputs": {
"dependencyDagOfSubmodule": "dependencyDagOfSubmodule", "dependencyDagOfSubmodule": "dependencyDagOfSubmodule",
"nixpkgs": "nixpkgs_18" "nixpkgs": "nixpkgs_16"
}, },
"locked": { "locked": {
"lastModified": 1715521768, "lastModified": 1715521768,
@ -1805,22 +1827,6 @@
} }
}, },
"nixpkgs_10": { "nixpkgs_10": {
"locked": {
"lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1748929857, "lastModified": 1748929857,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
@ -1836,7 +1842,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_12": { "nixpkgs_11": {
"locked": { "locked": {
"lastModified": 1708172716, "lastModified": 1708172716,
"narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=", "narHash": "sha256-3M94oln0b61m3dUmLyECCA9hYAHXZEszM4saE3CmQO4=",
@ -1851,7 +1857,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_13": { "nixpkgs_12": {
"locked": { "locked": {
"lastModified": 1766651565, "lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=", "narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
@ -1867,7 +1873,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_14": { "nixpkgs_13": {
"locked": { "locked": {
"lastModified": 1746378225, "lastModified": 1746378225,
"narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=", "narHash": "sha256-OeRSuL8PUjIfL3Q0fTbNJD/fmv1R+K2JAOqWJd3Oceg=",
@ -1882,7 +1888,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_15": { "nixpkgs_14": {
"locked": { "locked": {
"lastModified": 1737885589, "lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
@ -1898,7 +1904,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_16": { "nixpkgs_15": {
"locked": { "locked": {
"lastModified": 1677063315, "lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=", "narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
@ -1914,23 +1920,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_17": { "nixpkgs_16": {
"locked": {
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"locked": { "locked": {
"lastModified": 1692638711, "lastModified": 1692638711,
"narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=", "narHash": "sha256-J0LgSFgJVGCC1+j5R2QndadWI1oumusg6hCtYAzLID4=",
@ -1946,6 +1936,38 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_17": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_18": {
"locked": {
"lastModified": 1720957393,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_19": { "nixpkgs_19": {
"locked": { "locked": {
"lastModified": 1769018530, "lastModified": 1769018530,
@ -1980,37 +2002,21 @@
}, },
"nixpkgs_20": { "nixpkgs_20": {
"locked": { "locked": {
"lastModified": 1720957393, "lastModified": 1767892417,
"narHash": "sha256-oedh2RwpjEa+TNxhg5Je9Ch6d3W1NKi7DbRO1ziHemA=", "narHash": "sha256-dhhvQY67aboBk8b0/u0XB6vwHdgbROZT3fJAjyNh5Ww=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "693bc46d169f5af9c992095736e82c3488bf7dbb", "rev": "3497aa5c9457a9d88d71fa93a4a8368816fbeeba",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_21": { "nixpkgs_21": {
"locked": {
"lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_22": {
"locked": { "locked": {
"lastModified": 1764947035, "lastModified": 1764947035,
"narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=",
@ -2026,7 +2032,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_23": { "nixpkgs_22": {
"locked": { "locked": {
"lastModified": 1764374374, "lastModified": 1764374374,
"narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=", "narHash": "sha256-naS7hg/D1yLKSZoENx9gvsPLFiNEOTcqamJSu0OEvCA=",
@ -2042,7 +2048,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_24": { "nixpkgs_23": {
"locked": { "locked": {
"lastModified": 1768569498, "lastModified": 1768569498,
"narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=", "narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=",
@ -2058,7 +2064,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_25": { "nixpkgs_24": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
@ -2074,7 +2080,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_26": { "nixpkgs_25": {
"locked": { "locked": {
"lastModified": 1767767207, "lastModified": 1767767207,
"narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=",
@ -2090,7 +2096,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_27": { "nixpkgs_26": {
"locked": { "locked": {
"lastModified": 1759733170, "lastModified": 1759733170,
"narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=", "narHash": "sha256-TXnlsVb5Z8HXZ6mZoeOAIwxmvGHp1g4Dw89eLvIwKVI=",
@ -2106,7 +2112,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_28": { "nixpkgs_27": {
"locked": { "locked": {
"lastModified": 1767364772, "lastModified": 1767364772,
"narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=",
@ -2122,7 +2128,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_29": { "nixpkgs_28": {
"locked": { "locked": {
"lastModified": 1742268799, "lastModified": 1742268799,
"narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=", "narHash": "sha256-IhnK4LhkBlf14/F8THvUy3xi/TxSQkp9hikfDZRD4Ic=",
@ -2138,22 +2144,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_29": {
"locked": {
"lastModified": 1616989418,
"narHash": "sha256-LcOn5wHR/1JwClfY/Ai/b+pSRY+d23QtIPQHwPAyHHI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9d8e05e088ad91b7c62886a2175f38bfa443db2c",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_30": {
"locked": { "locked": {
"lastModified": 1765934234, "lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=", "narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
@ -2169,7 +2160,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1760284886, "lastModified": 1760284886,
"narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=", "narHash": "sha256-TK9Kr0BYBQ/1P5kAsnNQhmWWKgmZXwUQr4ZMjCzWf2c=",
@ -2185,7 +2176,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1759652726, "lastModified": 1759652726,
"narHash": "sha256-2VjnimOYDRb3DZHyQ2WH2KCouFqYm9h0Rr007Al/WSA=", "narHash": "sha256-2VjnimOYDRb3DZHyQ2WH2KCouFqYm9h0Rr007Al/WSA=",
@ -2201,7 +2192,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1768564909,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
@ -2217,7 +2208,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1768127708, "lastModified": 1768127708,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
@ -2233,7 +2224,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_8": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1759381078, "lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
@ -2249,7 +2240,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1769018530, "lastModified": 1769018530,
"narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
@ -2265,6 +2256,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_9": {
"locked": {
"lastModified": 1765934234,
"narHash": "sha256-pJjWUzNnjbIAMIc5gRFUuKCDQ9S1cuh3b2hKgA7Mc4A=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "af84f9d270d404c17699522fab95bbf928a2d92f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixt": { "nixt": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_3",
@ -2361,7 +2368,7 @@
"nswitch-rcm-nix": { "nswitch-rcm-nix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_4", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_20" "nixpkgs": "nixpkgs_18"
}, },
"locked": { "locked": {
"lastModified": 1721304043, "lastModified": 1721304043,
@ -2380,7 +2387,7 @@
"nur": { "nur": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"nixpkgs": "nixpkgs_21" "nixpkgs": "nixpkgs_19"
}, },
"locked": { "locked": {
"lastModified": 1769114635, "lastModified": 1769114635,
@ -2535,6 +2542,26 @@
"type": "github" "type": "github"
} }
}, },
"pia": {
"inputs": {
"flake-utils": "flake-utils_6",
"nixpkgs": "nixpkgs_20"
},
"locked": {
"lastModified": 1769674747,
"narHash": "sha256-fj6i2Xay3Jz8MJHcPiJslsL+YHh2JzaJtWr7rA0ckgY=",
"owner": "Swarsel",
"repo": "pia.nix",
"rev": "7b56baf2300e49bb05d7e24f2fcd5d8ce4a40143",
"type": "github"
},
"original": {
"owner": "Swarsel",
"ref": "custom",
"repo": "pia.nix",
"type": "github"
}
},
"pre-commit": { "pre-commit": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -2585,7 +2612,7 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat_6", "flake-compat": "flake-compat_6",
"gitignore": "gitignore_3", "gitignore": "gitignore_3",
"nixpkgs": "nixpkgs_22" "nixpkgs": "nixpkgs_21"
}, },
"locked": { "locked": {
"lastModified": 1769069492, "lastModified": 1769069492,
@ -2626,7 +2653,7 @@
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixos-images": "nixos-images", "nixos-images": "nixos-images",
"nixos-nftables-firewall": "nixos-nftables-firewall", "nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs_19", "nixpkgs": "nixpkgs_17",
"nixpkgs-bisect": "nixpkgs-bisect", "nixpkgs-bisect": "nixpkgs-bisect",
"nixpkgs-dev": "nixpkgs-dev", "nixpkgs-dev": "nixpkgs-dev",
"nixpkgs-kernel": "nixpkgs-kernel", "nixpkgs-kernel": "nixpkgs-kernel",
@ -2637,6 +2664,7 @@
"nixpkgs-stable25_11": "nixpkgs-stable25_11", "nixpkgs-stable25_11": "nixpkgs-stable25_11",
"nswitch-rcm-nix": "nswitch-rcm-nix", "nswitch-rcm-nix": "nswitch-rcm-nix",
"nur": "nur", "nur": "nur",
"pia": "pia",
"pre-commit-hooks": "pre-commit-hooks_2", "pre-commit-hooks": "pre-commit-hooks_2",
"simple-nixos-mailserver": "simple-nixos-mailserver", "simple-nixos-mailserver": "simple-nixos-mailserver",
"smallpkgs": "smallpkgs", "smallpkgs": "smallpkgs",
@ -2644,7 +2672,7 @@
"spicetify-nix": "spicetify-nix", "spicetify-nix": "spicetify-nix",
"stylix": "stylix", "stylix": "stylix",
"swarsel-nix": "swarsel-nix", "swarsel-nix": "swarsel-nix",
"systems": "systems_6", "systems": "systems_7",
"topologyPrivate": "topologyPrivate", "topologyPrivate": "topologyPrivate",
"treefmt-nix": "treefmt-nix", "treefmt-nix": "treefmt-nix",
"vbc-nix": "vbc-nix", "vbc-nix": "vbc-nix",
@ -2764,7 +2792,7 @@
"blobs": "blobs", "blobs": "blobs",
"flake-compat": "flake-compat_7", "flake-compat": "flake-compat_7",
"git-hooks": "git-hooks", "git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_23" "nixpkgs": "nixpkgs_22"
}, },
"locked": { "locked": {
"lastModified": 1766321686, "lastModified": 1766321686,
@ -2800,7 +2828,7 @@
}, },
"sops": { "sops": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_24" "nixpkgs": "nixpkgs_23"
}, },
"locked": { "locked": {
"lastModified": 1768863606, "lastModified": 1768863606,
@ -2834,8 +2862,8 @@
}, },
"spicetify-nix": { "spicetify-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_25", "nixpkgs": "nixpkgs_24",
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1768656845, "lastModified": 1768656845,
@ -2938,9 +2966,9 @@
"firefox-gnome-theme": "firefox-gnome-theme", "firefox-gnome-theme": "firefox-gnome-theme",
"flake-parts": "flake-parts_6", "flake-parts": "flake-parts_6",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"nixpkgs": "nixpkgs_26", "nixpkgs": "nixpkgs_25",
"nur": "nur_2", "nur": "nur_2",
"systems": "systems_4", "systems": "systems_5",
"tinted-foot": "tinted-foot", "tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty", "tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes", "tinted-schemes": "tinted-schemes",
@ -2964,8 +2992,8 @@
"swarsel-nix": { "swarsel-nix": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_7", "flake-parts": "flake-parts_7",
"nixpkgs": "nixpkgs_27", "nixpkgs": "nixpkgs_26",
"systems": "systems_5" "systems": "systems_6"
}, },
"locked": { "locked": {
"lastModified": 1760190732, "lastModified": 1760190732,
@ -3073,6 +3101,21 @@
} }
}, },
"systems_7": { "systems_7": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_8": {
"locked": { "locked": {
"lastModified": 1689347949, "lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -3087,7 +3130,7 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": { "systems_9": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -3196,7 +3239,7 @@
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_28" "nixpkgs": "nixpkgs_27"
}, },
"locked": { "locked": {
"lastModified": 1768158989, "lastModified": 1768158989,
@ -3214,8 +3257,8 @@
}, },
"vbc-nix": { "vbc-nix": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_29", "nixpkgs": "nixpkgs_28",
"systems": "systems_7" "systems": "systems_8"
}, },
"locked": { "locked": {
"lastModified": 1742477270, "lastModified": 1742477270,
@ -3291,8 +3334,8 @@
"zjstatus": { "zjstatus": {
"inputs": { "inputs": {
"crane": "crane_3", "crane": "crane_3",
"flake-utils": "flake-utils_6", "flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_30", "nixpkgs": "nixpkgs_29",
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {

15
flake.nix
View file

@ -37,13 +37,22 @@
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
# url = "github:Swarsel/home-manager/main";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-index-database = { nix-index-database = {
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
dns = {
url = "github:kirelagin/dns.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
inputs.nixpkgs.follows = "nixpkgs";
};
topologyPrivate.url = "./files/topology/public";
# emacs-overlay.url = "github:nix-community/emacs-overlay"; # emacs-overlay.url = "github:nix-community/emacs-overlay";
emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D"; emacs-overlay.url = "github:nix-community/emacs-overlay/aba8daa237dc07a3bb28a61c252a718e8eb38057?narHash=sha256-4OXXccXsY1sBXTXjYIthdjXLAotozSh4F8StGRuLyMQ%3D";
@ -55,7 +64,6 @@
sops.url = "github:Mic92/sops-nix"; sops.url = "github:Mic92/sops-nix";
lanzaboote.url = "github:nix-community/lanzaboote"; lanzaboote.url = "github:nix-community/lanzaboote";
nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05"; nix-on-droid.url = "github:nix-community/nix-on-droid/release-24.05";
nixos-generators.url = "github:nix-community/nixos-generators";
nixos-images.url = "github:Swarsel/nixos-images/main"; nixos-images.url = "github:Swarsel/nixos-images/main";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix"; nswitch-rcm-nix.url = "github:Swarsel/nswitch-rcm-nix";
@ -73,11 +81,10 @@
nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main"; nixos-extra-modules.url = "github:oddlama/nixos-extra-modules/main";
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";
treefmt-nix.url = "github:numtide/treefmt-nix"; treefmt-nix.url = "github:numtide/treefmt-nix";
dns.url = "github:kirelagin/dns.nix";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
topologyPrivate.url = "./files/topology/public"; pia.url = "github:Swarsel/pia.nix/custom";
}; };
outputs = outputs =

1
hosts/nixos/x86_64-linux/summers/guests/transmission/default.nix
View file

@ -1,6 +1,7 @@
{ self, lib, minimal, ... }: { self, lib, minimal, ... }:
{ {
imports = [ imports = [
"${self}/profiles/nixos/microvm" "${self}/profiles/nixos/microvm"
"${self}/modules/nixos" "${self}/modules/nixos"
]; ];

5
hosts/nixos/x86_64-linux/summers/secrets/transmission/secrets.yaml
View file

@ -1,4 +1,5 @@
wireguard-private-key: ENC[AES256_GCM,data:o3wV7UI5BSV9YU0uaumgfFWBJlgMewpUqOusvcGWxOW8dSrT/aqpT9iu1K0=,iv:fNf6fOL8KcYBxmfFLi5K/qPmNfon16HE1fgQ86qNDNU=,tag:BoRbtrw7jvENAn5wiP/sWQ==,type:str] wireguard-private-key: ENC[AES256_GCM,data:o3wV7UI5BSV9YU0uaumgfFWBJlgMewpUqOusvcGWxOW8dSrT/aqpT9iu1K0=,iv:fNf6fOL8KcYBxmfFLi5K/qPmNfon16HE1fgQ86qNDNU=,tag:BoRbtrw7jvENAn5wiP/sWQ==,type:str]
pia: ENC[AES256_GCM,data:9bMMSavvHTC5UM24W+Gsy69VQdc=,iv:pRd18+/Yy8BWp/kybOqM1VPpIkS7vLSWXZ93PZT+mAk=,tag:DYiiv3+zl8N9UR2X4Yv58A==,type:str]
sops: sops:
age: age:
- recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u - recipient: age14sjyqch8tzqexk2gv0qgrrg09f0s6hvwhsgjac3vs6sc5rzgpcxsyqda6u
@ -19,8 +20,8 @@ sops:
aEg5NzQxeVZPaUY1bTBBa1ZidXJrS2MKUCsDOnsmpOZTQsnvdYguDK8uH4FetcXq aEg5NzQxeVZPaUY1bTBBa1ZidXJrS2MKUCsDOnsmpOZTQsnvdYguDK8uH4FetcXq
nKzlSJ8zvYXzb91PfCcjYbp3ttUGeeJLVPnrD42+3i8H2U8btSrR8w== nKzlSJ8zvYXzb91PfCcjYbp3ttUGeeJLVPnrD42+3i8H2U8btSrR8w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-01-07T13:36:52Z" lastmodified: "2026-01-28T11:27:02Z"
mac: ENC[AES256_GCM,data:Sb9HItfMt5WaTYJw1/OcPVR3SBKzAifgK0NTwSb59ByxAsaOhkXrGL2cx+6p7QpVBw2V9duiFVmZhOp9vW2clCQX2RwiSAxaRLcDtVIoqB7YfmiNTdzrEDFHJNndbT6Vs0qOb42tjMyKXGZIcrA55G3Vh8S5Qy5w3IW4CSwI20U=,iv:pRjPa71yPRy4X29IPjk9Jju4JZkhIK2uucgK/dBX4L8=,tag:2RD746vX1mlQu3GyDELF8w==,type:str] mac: ENC[AES256_GCM,data:7QTzIr3m0Gip66y+RNZrmmbUTn1jm+7PrEPerH/iw1resKHU5g+I3cumNqPt+iJYIbvNJmzfi5g6qLyjvcIjMFK8gy+RAkQ86r3zd9O0sWd9Nyd8OWstl/8srxGQNK8gWNEFIF97Dz2Hs26WYHa5NTWrZkyblFjJ2a1EiL+mNzo=,iv:aTF8ew4Ucu+QqiOz10F+KyuLb1Ukz6Q674SoSdYQxOM=,tag:5UeUHsJlKiwKfC7VwoEltg==,type:str]
pgp: pgp:
- created_at: "2026-01-12T22:05:42Z" - created_at: "2026-01-12T22:05:42Z"
enc: |- enc: |-

8
modules/home/common/swayidle.nix
View file

@ -22,12 +22,12 @@ in
# { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; } # { timeout = 600; command = ''${pkgs.sway}/bin/swaymsg "output * dpms off"; resumeCommand = "${pkgs.sway}/bin/swaymsg output * dpms on''; }
{ timeout = 600; command = "${suspend}"; } { timeout = 600; command = "${suspend}"; }
]; ];
events = [ events = {
# { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; } # { event = "before-sleep"; command = "${lib.getExe pkgs.swaylock-effects} -f --screenshots --clock --effect-blur 7x5 --effect-vignette 0.5:0.5 --fade-in 0.2"; }
# { event = "after-resume"; command = "${swaylock} -f "; } # { event = "after-resume"; command = "${swaylock} -f "; }
{ event = "before-sleep"; command = "${swaylock} -f "; } before-sleep = "${swaylock} -f ";
{ event = "lock"; command = "${swaylock} -f "; } lock = "${swaylock} -f ";
]; };
}; };
}; };

2
modules/home/common/vesktop-tray.nix
View file

@ -19,7 +19,7 @@
}; };
Service = { Service = {
ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --enable-speech-dispatcher --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime"; ExecStart = "${pkgs.vesktop}/bin/vesktop --start-minimized --ozone-platform-hint=auto --enable-features=WaylandWindowDecorations --enable-wayland-ime";
}; };
}; };
}; };

13
modules/home/common/zsh.nix
View file

@ -1,6 +1,6 @@
{ self, config, pkgs, lib, minimal, globals, confLib, type, ... }: { self, config, pkgs, lib, minimal, globals, confLib, type, arch, ... }:
let let
inherit (config.swarselsystems) flakePath isNixos; inherit (config.swarselsystems) flakePath isNixos homeDir;
crocDomain = globals.services.croc.domain; crocDomain = globals.services.croc.domain;
in in
{ {
@ -20,7 +20,11 @@ in
// lib.optionalAttrs (!minimal) { // lib.optionalAttrs (!minimal) {
shellAliases = lib.recursiveUpdate shellAliases = lib.recursiveUpdate
{ {
hg = "history | grep"; nb = "nix build";
nbl = "nix build --builders \"\"";
nbo = "nix build --offline --builders \"\"";
nd = "nix develop";
ns = "nix shell";
hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom"; hmswitch = lib.mkIf (!isNixos) "${lib.getExe pkgs.home-manager} --flake ${flakePath}#$(hostname) switch |& nom";
nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;"; nswitch = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) switch; cd -;";
ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;"; ntest = lib.mkIf isNixos "cd ${flakePath}; swarsel-deploy $(hostname) test; cd -;";
@ -46,7 +50,8 @@ in
boot-diff = "nix store diff-closures /run/*-system"; boot-diff = "nix store diff-closures /run/*-system";
gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system"; gen-diff = "nix profile diff-closures --profile /nix/var/nix/profiles/system";
cc = "wl-copy"; cc = "wl-copy";
build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private .#topology.x86_64-linux.config.output"; build-topology = "nix build --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-topology-dev = "nix build --show-trace --override-input nix-topology ${homeDir}/Documents/Private/nix-topology --override-input topologyPrivate ${self}/files/topology/private ${flakePath}#topology.${arch}.config.output";
build-iso = "nix build --print-out-paths .#live-iso"; build-iso = "nix build --print-out-paths .#live-iso";
nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD"; nix-review-local = "nix run nixpkgs#nixpkgs-review -- rev HEAD";
nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux"; nix-review-post = "nix run nixpkgs#nixpkgs-review -- pr --post-result --systems linux";

10
modules/nixos/client/nautilus.nix Normal file
View file

@ -0,0 +1,10 @@
{ lib, config, ... }:
{
options.swarselmodules.nautilus = lib.mkEnableOption "nautilus config";
config = lib.mkIf config.swarselmodules.nautilus {
programs.nautilus-open-any-terminal = {
enable = true;
terminal = "kitty";
};
};
}

3
modules/nixos/optional/microvm-guest.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, inputs, microVMParent, nodes, globals, confLib, ... }: { self, config, inputs, ... }:
{ {
imports = [ imports = [
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
@ -15,6 +15,7 @@
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/interface-naming.nix") (inputs.nixos-extra-modules + "/modules/interface-naming.nix")

2
modules/nixos/server/adguardhome.nix
View file

@ -70,7 +70,7 @@ in
homeDomains) ++ [ homeDomains) ++ [
{ {
domain = "smb.${globals.domains.main}"; domain = "smb.${globals.domains.main}";
answer = globals.networks.home-lan.vlans.services.hosts.storage.ipv4; answer = globals.networks.home-lan.vlans.services.hosts.summers-storage.ipv4;
enabled = true; enabled = true;
} }
]; ];

6
modules/nixos/server/bastion.nix
View file

@ -1,14 +1,16 @@
{ self, lib, config, withHomeManager, ... }: { self, lib, config, withHomeManager, confLib, ... }:
{ {
options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server"; options.swarselmodules.server.bastion = lib.mkEnableOption "enable bastion on server";
config = lib.mkIf config.swarselmodules.server.bastion ({ config = lib.mkIf config.swarselmodules.server.bastion ({
users = { users = {
persistentIds.jump = confLib.mkIds 1001;
groups = { groups = {
jump = { }; jump = { };
}; };
users = { users = {
"jump" = { jump = {
autoSubUidGidRange = false;
isNormalUser = true; isNormalUser = true;
useDefaultShell = true; useDefaultShell = true;
group = lib.mkForce "jump"; group = lib.mkForce "jump";

12
modules/nixos/server/kanidm.nix
View file

@ -93,7 +93,8 @@ in
}; };
}; };
systemd.services."generateSSLCert-${serviceName}" = systemd.services = {
"generateSSLCert-${serviceName}" =
let let
daysValid = 3650; daysValid = 3650;
renewBeforeDays = 365; renewBeforeDays = 365;
@ -145,6 +146,12 @@ in
fi fi
''; '';
}; };
kanidm = {
environment.KANIDM_TRUST_X_FORWARD_FOR = "true";
serviceConfig.RestartSec = "30";
};
};
# system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence { # system.activationScripts."createPersistentStorageDirs" = lib.mkIf config.swarselsystems.isImpermanence {
@ -208,7 +215,7 @@ in
# tls_key = config.sops.secrets.kanidm-self-signed-key.path; # tls_key = config.sops.secrets.kanidm-self-signed-key.path;
tls_key = keyPathBase; tls_key = keyPathBase;
bindaddress = "0.0.0.0:${toString servicePort}"; bindaddress = "0.0.0.0:${toString servicePort}";
trust_x_forward_for = true; # trust_x_forward_for = true;
}; };
enableClient = true; enableClient = true;
clientSettings = { clientSettings = {
@ -405,7 +412,6 @@ in
}; };
}; };
systemd.services.${serviceName}.serviceConfig.RestartSec = "30";
nodes = nodes =
let let

4
modules/nixos/server/koillection.nix
View file

@ -1,6 +1,6 @@
{ self, lib, config, globals, dns, confLib, ... }: { self, lib, config, globals, dns, confLib, ... }:
let let
inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "koillection"; port = 2282; dir = "/var/lib/koillection"; }) servicePort serviceName serviceUser serviceDir serviceDomain serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
serviceDB = "koillection"; serviceDB = "koillection";
@ -24,7 +24,7 @@ in
koillection-env-file = { inherit sopsFile; }; koillection-env-file = { inherit sopsFile; };
}; };
topology.self.services.${serviceName} = { topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName; name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}"; info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png"; icon = "${self}/files/topology-images/${serviceName}.png";

12
modules/nixos/server/mailserver.nix
View file

@ -16,6 +16,15 @@ in
}; };
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = {
persistentIds = {
knot-resolver = confLib.mkIds 963;
postfix-tlspol = confLib.mkIds 962;
roundcube = confLib.mkIds 961;
redis-rspamd = confLib.mkIds 960;
};
};
globals.services = { globals.services = {
${serviceName} = { ${serviceName} = {
domain = serviceDomain; domain = serviceDomain;
@ -65,11 +74,12 @@ in
domains = [ baseDomain ]; domains = [ baseDomain ];
indexDir = "${serviceDir}/indices"; indexDir = "${serviceDir}/indices";
openFirewall = true; openFirewall = true;
certificateScheme = "acme"; # certificateScheme = "acme";
dmarcReporting.enable = true; dmarcReporting.enable = true;
enableSubmission = true; enableSubmission = true;
enableSubmissionSsl = true; enableSubmissionSsl = true;
enableImapSsl = true; enableImapSsl = true;
x509.useACMEHost = globals.domains.main;
loginAccounts = { loginAccounts = {
"${user1}@${baseDomain}" = { "${user1}@${baseDomain}" = {

10
modules/nixos/server/matrix.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, globals, dns, confLib, ... }: { lib, config, pkgs, globals, dns, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "matrix"; user = "matrix-synapse"; port = 8008; }) servicePort serviceName serviceUser serviceGroup serviceDomain serviceAddress proxyAddress4 proxyAddress6;
@ -63,14 +63,6 @@ in
# networking.firewall.allowedTCPPorts = [ servicePort federationPort ]; # networking.firewall.allowedTCPPorts = [ servicePort federationPort ];
topology.self.services = lib.listToAttrs (map
(service:
lib.nameValuePair "mautrix-${service}" {
name = "mautrix-${service}";
icon = "${self}/files/topology-images/mautrix.png";
})
[ "whatsapp" "signal" "telegram" ]);
systemd = { systemd = {
timers."restart-bridges" = { timers."restart-bridges" = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];

1
modules/nixos/server/microbin.nix
View file

@ -12,6 +12,7 @@ in
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
users = { users = {
persistentIds.${serviceName} = confLib.mkIds 964;
groups.${serviceGroup} = { }; groups.${serviceGroup} = { };
users.${serviceUser} = { users.${serviceUser} = {

10
modules/nixos/server/mpd.nix
View file

@ -1,4 +1,4 @@
{ self, lib, config, pkgs, confLib, ... }: { lib, config, pkgs, confLib, ... }:
let let
inherit (config.swarselsystems) sopsFile; inherit (config.swarselsystems) sopsFile;
inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup; inherit (confLib.gen { name = "mpd"; port = 3254; }) servicePort serviceName serviceUser serviceGroup;
@ -30,10 +30,10 @@ in
mpv mpv
]; ];
topology.self.services.${serviceName} = { # topology.self.services.${serviceName} = {
info = "http://localhost:${builtins.toString servicePort}"; # info = "http://localhost:${builtins.toString servicePort}";
icon = lib.mkForce "${self}/files/topology-images/mpd.png"; # icon = lib.mkForce "${self}/files/topology-images/mpd.png";
}; # };
environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM { environment.persistence."/state" = lib.mkIf config.swarselsystems.isMicroVM {
directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }]; directories = [{ directory = "/var/lib/${serviceName}"; user = "mpd"; group = "mpd"; }];

14
modules/nixos/server/shlink.nix
View file

@ -1,6 +1,6 @@
{ self, lib, config, dns, globals, confLib, ... }: { self, lib, config, dns, globals, confLib, ... }:
let let
inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "shlink"; port = 8081; dir = "/var/lib/shlink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a"; containerRev = "sha256:1a697baca56ab8821783e0ce53eb4fb22e51bb66749ec50581adc0cb6d031d7a";
@ -31,6 +31,12 @@ in
}; };
}; };
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
virtualisation.oci-containers.containers.${serviceName} = { virtualisation.oci-containers.containers.${serviceName} = {
image = "shlinkio/shlink@${containerRev}"; image = "shlinkio/shlink@${containerRev}";
environment = { environment = {
@ -77,12 +83,6 @@ in
{ directory = "/var/lib/containers"; } { directory = "/var/lib/containers"; }
]; ];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/files/topology-images/${serviceName}.png";
};
globals = { globals = {
networks = { networks = {
${webProxyIf}.hosts = lib.mkIf isProxied { ${webProxyIf}.hosts = lib.mkIf isProxied {

14
modules/nixos/server/slink.nix
View file

@ -1,6 +1,6 @@
{ lib, config, dns, globals, confLib, ... }: { lib, config, dns, globals, confLib, ... }:
let let
inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6; inherit (confLib.gen { name = "slink"; port = 3000; dir = "/var/lib/slink"; }) servicePort serviceName serviceDomain serviceDir serviceAddress proxyAddress4 proxyAddress6 topologyContainerName;
inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules; inherit (confLib.static) isHome isProxied webProxy homeWebProxy dnsServer homeProxyIf webProxyIf homeServiceAddress nginxAccessRules;
containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9"; containerRev = "sha256:98b9442696f0a8cbc92f0447f54fa4bad227af5dcfd6680545fedab2ed28ddd9";
@ -15,6 +15,12 @@ in
podman = true; podman = true;
}; };
topology.nodes.${topologyContainerName}.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
virtualisation.oci-containers.containers.${serviceName} = { virtualisation.oci-containers.containers.${serviceName} = {
image = "anirdev/slink@${containerRev}"; image = "anirdev/slink@${containerRev}";
environment = { environment = {
@ -54,12 +60,6 @@ in
{ directory = serviceDir; } { directory = serviceDir; }
]; ];
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "services.not-available";
};
globals = { globals = {
networks = { networks = {
${webProxyIf}.hosts = lib.mkIf isProxied { ${webProxyIf}.hosts = lib.mkIf isProxied {

3
modules/nixos/server/ssh-builder.nix
View file

@ -1,4 +1,4 @@
{ self, pkgs, lib, config, ... }: { self, pkgs, lib, config, confLib, ... }:
let let
ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" "; ssh-restrict = "restrict,pty,command=\"${wrapper-dispatch-ssh-nix}/bin/wrapper-dispatch-ssh-nix\" ";
@ -20,6 +20,7 @@ in
options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server"; options.swarselmodules.server.ssh-builder = lib.mkEnableOption "enable ssh-builder config on server";
config = lib.mkIf config.swarselmodules.server.ssh-builder { config = lib.mkIf config.swarselmodules.server.ssh-builder {
users = { users = {
persistentIds.builder = confLib.mkIds 965;
groups.builder = { }; groups.builder = { };
users.builder = { users.builder = {
useDefaultShell = true; useDefaultShell = true;

16
modules/nixos/server/transmission.nix
View file

@ -2,6 +2,7 @@
let let
inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain; inherit (confLib.gen { name = "transmission"; port = 9091; }) serviceName servicePort serviceDomain;
inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules; inherit (confLib.static) isHome homeServiceAddress homeWebProxy nginxAccessRules;
inherit (config.swarselsystems) sopsFile;
lidarrUser = "lidarr"; lidarrUser = "lidarr";
lidarrGroup = lidarrUser; lidarrGroup = lidarrUser;
@ -23,6 +24,10 @@ in
options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server"; options.swarselmodules.server.${serviceName} = lib.mkEnableOption "enable ${serviceName} and friends on server";
config = lib.mkIf config.swarselmodules.server.${serviceName} { config = lib.mkIf config.swarselmodules.server.${serviceName} {
sops.secrets = {
pia = { inherit sopsFile; };
};
# this user/group section is probably unneeded # this user/group section is probably unneeded
users = { users = {
persistentIds = { persistentIds = {
@ -107,6 +112,17 @@ in
}; };
services = { services = {
pia = {
enable = true;
credentials.credentialsFile = config.sops.secrets.pia.path;
protocol = "wireguard";
autoConnect = {
enable = true;
region = "sweden";
};
portForwarding.enable = true;
dns.enable = true;
};
radarr = { radarr = {
enable = true; enable = true;
user = radarrUser; user = radarrUser;

2
modules/shared/config-lib.nix
View file

@ -33,6 +33,8 @@ in
serviceDir = dir; serviceDir = dir;
serviceAddress = address; serviceAddress = address;
serviceProxy = proxy; serviceProxy = proxy;
serviceNode = config.node.name;
topologyContainerName = "${serviceNode}-${config.virtualisation.oci-containers.backend}-${name}";
proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null; proxyAddress4 = globals.hosts.${proxy}.wanAddress4 or null;
proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null; proxyAddress6 = globals.hosts.${proxy}.wanAddress6 or null;
}; };

1
nix/hosts.nix
View file

@ -33,6 +33,7 @@
inputs.stylix.nixosModules.stylix inputs.stylix.nixosModules.stylix
inputs.swarsel-nix.nixosModules.default inputs.swarsel-nix.nixosModules.default
inputs.nixos-nftables-firewall.nixosModules.default inputs.nixos-nftables-firewall.nixosModules.default
inputs.pia.nixosModules.default
(inputs.nixos-extra-modules + "/modules/guests") (inputs.nixos-extra-modules + "/modules/guests")
(inputs.nixos-extra-modules + "/modules/interface-naming.nix") (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
"${self}/hosts/nixos/${arch}/${configName}" "${self}/hosts/nixos/${arch}/${configName}"

2
nix/topology.nix
View file

@ -157,7 +157,7 @@
}; };
}; };
switch-bedroom = mkDevice "Switch Bedroom" { switch-bedroom = mkSwitch "Switch Bedroom" {
info = "Cisco SG 200-08"; info = "Cisco SG 200-08";
image = "${self}/files/topology-images/Cisco_SG_200-08.png"; image = "${self}/files/topology-images/Cisco_SG_200-08.png";
interfaceGroups = [ interfaceGroups = [

37
profiles/home/dgxspark/default.nix
View file

@ -3,62 +3,25 @@
options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host"; options.swarselprofiles.dgxspark = lib.mkEnableOption "is this a dgx spark host";
config = lib.mkIf config.swarselprofiles.dgxspark { config = lib.mkIf config.swarselprofiles.dgxspark {
swarselmodules = { swarselmodules = {
anki = lib.mkDefault false;
anki-tray = lib.mkDefault false;
atuin = lib.mkDefault true; atuin = lib.mkDefault true;
autotiling = lib.mkDefault false;
batsignal = lib.mkDefault false;
bash = lib.mkDefault true; bash = lib.mkDefault true;
blueman-applet = lib.mkDefault true; blueman-applet = lib.mkDefault true;
desktop = lib.mkDefault false;
direnv = lib.mkDefault true; direnv = lib.mkDefault true;
element-desktop = lib.mkDefault false;
element-tray = lib.mkDefault false;
emacs = lib.mkDefault false;
env = lib.mkDefault false;
eza = lib.mkDefault true; eza = lib.mkDefault true;
firefox = lib.mkDefault true; firefox = lib.mkDefault true;
fuzzel = lib.mkDefault true; fuzzel = lib.mkDefault true;
gammastep = lib.mkDefault false;
general = lib.mkDefault true; general = lib.mkDefault true;
git = lib.mkDefault true; git = lib.mkDefault true;
gnome-keyring = lib.mkDefault false;
gpgagent = lib.mkDefault true; gpgagent = lib.mkDefault true;
hexchat = lib.mkDefault false;
kanshi = lib.mkDefault false;
kdeconnect = lib.mkDefault false;
kitty = lib.mkDefault true; kitty = lib.mkDefault true;
mail = lib.mkDefault false;
mako = lib.mkDefault false;
nix-index = lib.mkDefault true; nix-index = lib.mkDefault true;
nixgl = lib.mkDefault true; nixgl = lib.mkDefault true;
nix-your-shell = lib.mkDefault true; nix-your-shell = lib.mkDefault true;
nm-applet = lib.mkDefault true; nm-applet = lib.mkDefault true;
obs-studio = lib.mkDefault false;
obsidian = lib.mkDefault false;
obsidian-tray = lib.mkDefault false;
ownpackages = lib.mkDefault false;
packages = lib.mkDefault false;
passwordstore = lib.mkDefault false;
programs = lib.mkDefault false;
sops = lib.mkDefault true; sops = lib.mkDefault true;
spicetify = lib.mkDefault false;
spotify-player = lib.mkDefault false;
ssh = lib.mkDefault false;
starship = lib.mkDefault true; starship = lib.mkDefault true;
stylix = lib.mkDefault true; stylix = lib.mkDefault true;
sway = lib.mkDefault false;
swayidle = lib.mkDefault false;
swaylock = lib.mkDefault false;
swayosd = lib.mkDefault false;
symlink = lib.mkDefault false;
tmux = lib.mkDefault true; tmux = lib.mkDefault true;
vesktop = lib.mkDefault false;
vesktop-tray = lib.mkDefault false;
syncthing-tray = lib.mkDefault false;
waybar = lib.mkDefault false;
yubikey = lib.mkDefault false;
yubikeytouch = lib.mkDefault false;
zellij = lib.mkDefault true; zellij = lib.mkDefault true;
zsh = lib.mkDefault true; zsh = lib.mkDefault true;
}; };

1
profiles/nixos/personal/default.nix
View file

@ -25,6 +25,7 @@
lid = lib.mkDefault true; lid = lib.mkDefault true;
login = lib.mkDefault true; login = lib.mkDefault true;
lowBattery = lib.mkDefault false; lowBattery = lib.mkDefault false;
nautilus = lib.mkDefault true;
network = lib.mkDefault true; network = lib.mkDefault true;
networkDevices = lib.mkDefault true; networkDevices = lib.mkDefault true;
nftables = lib.mkDefault true; nftables = lib.mkDefault true;