natto1784/dotfiles
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: natto1784:5e54dfded8ffe6ff9117109da64e2e3acfb4bc7c
Branches Tags
natto1784:nixos
..
compare: natto1784:11a8dfebffad3d21320eba6808b409861b8b211d
Branches Tags
natto1784:nixos

51 Commits
5e54dfded8 ... 11a8dfebff

Author SHA1 Message Date
Amneesh Singh
11a8dfebff hosts/suwako: move gitea from marisa to suwako 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 16:35:31 +05:30
Amneesh Singh
c2a1654be8 hosts/suwako: move filehost from marisa to suwako 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 15:32:44 +05:30
Amneesh Singh
6d431bdf9d hosts/remilia: networking: add suwako public wg key 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 13:12:39 +05:30
Amneesh Singh
5dc4e6d3c0 hosts/remilia: mailserver: dovecot2 directory migration 
changed stateVersion to 3

More: https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-mail-directory-migration

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 13:11:46 +05:30
Amneesh Singh
5c1c326baf hosts/suwako: mailserver: dovecot2 directory migration 
changed stateVersion to 3

More: https://nixos-mailserver.readthedocs.io/en/latest/migrations.html#dovecot-mail-directory-migration

Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 12:16:55 +05:30
Amneesh Singh
4e5b555498 hosts/security: fix cert path 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 11:48:32 +05:30
Amneesh Singh
895a495b3f hosts/suwako: split service files 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-09-04 11:48:29 +05:30
Amneesh Singh
7e4a6ac8fe hosts: housekeeping 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-08-31 19:34:44 +05:30
Amneesh Singh
cd52be2620 home: natto: add me@amneesh.com to neomutt 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-08-30 20:05:25 +05:30
Amneesh Singh
34b2c4d015 hosts/suwako: add mailserver for amneesh.com 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-08-30 16:46:44 +05:30
Amneesh Singh
943956f119 home: amneesh: add wayvnc and more pkgs 
Signed-off-by: Amneesh Singh <amneesh@ti.com>
 2025-08-29 13:20:00 +05:30
Amneesh Singh
27f3b76ab7 home: natto: restart ags 10s after failure 
Signed-off-by: Amneesh Singh <amneesh@ti.com>
 2025-08-28 18:49:02 +05:30
Amneesh Singh
4decf54e13 home: amneesh: wrap hyprland in nixGL 
Signed-off-by: Amneesh Singh <amneesh@ti.com>
 2025-08-25 18:16:18 +05:30
Amneesh Singh
abd567a8a5 home: amneesh: move ubuntu->arch and use existing config 
Signed-off-by: Amneesh Singh <amneesh@ti.com>
 2025-08-25 18:04:40 +05:30
Amneesh Singh
5785832cbe home: emacs: use vertico+consult instead of selectrum 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 22:31:00 +05:30
Amneesh Singh
0eacdcdc27 home: emacs: move config files 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 21:42:25 +05:30
Amneesh Singh
0890c49887 hosts/remilia: mailserver: change certificateScheme 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 00:37:22 +05:30
Amneesh Singh
fb94547fa2 hosts/hina: change rootfs disk path to by-label 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 00:31:54 +05:30
Amneesh Singh
c10e121604 hosts/remilia: change rootfs disk path to by-label 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 00:31:09 +05:30
Amneesh Singh
8a87dc6c93 hosts/remilia: add stateVersion in mailserver 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-07-02 00:30:57 +05:30
Amneesh Singh
5db9d23792 hosts/suwako: add pufferpanel (minecraft paper) 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 20:49:40 +05:30
Amneesh Singh
1651bb9356 home: move amneesh to its own directory 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:51:33 +05:30
Amneesh Singh
a9d4f6de5a treewide: format files 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:49:39 +05:30
Amneesh Singh
404f35c0b9 home/natto: delete unused 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:44:41 +05:30
Amneesh Singh
9baf54ef33 home/natto: split wayland.nix 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:40:28 +05:30
Amneesh Singh
5a9ff77a29 home/natto: split programs.nix 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:34:12 +05:30
Amneesh Singh
87a6c1a862 home: refactor common files 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 19:23:07 +05:30
Amneesh Singh
43660ff173 home: ags: use v1 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:57:27 +05:30
Amneesh Singh
fe6d79edb5 pkgs: remove tlauncher 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:56:41 +05:30
Amneesh Singh
da4309e2e0 hosts: make security settings common 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:49:58 +05:30
Amneesh Singh
e1e72965f9 hosts: move pipewire to services/ 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:31:53 +05:30
Amneesh Singh
0979956f16 hosts: enable dconf on desktop 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:27:59 +05:30
Amneesh Singh
28c9799f60 hosts: move wayland portal to home 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:18:27 +05:30
Amneesh Singh
f9e29ce77f hosts: move xserver to services/ 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 18:05:23 +05:30
Amneesh Singh
f4a8493dce hosts: delete minimal.nix 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:55:35 +05:30
Amneesh Singh
e097c9d25f hosts: move neovim to programs/ 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:54:17 +05:30
Amneesh Singh
58ab2f07a7 hosts: move nix settings to its own file 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:50:50 +05:30
Amneesh Singh
e1faa10e24 hosts: move doas to its own module 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:45:10 +05:30
Amneesh Singh
f9ed56123d hosts: move git to its own module 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:45:08 +05:30
Amneesh Singh
30934f006c hosts: rename modules -> programs 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:33:24 +05:30
Amneesh Singh
31bec468c8 hosts: move gnupg into a module 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:31:33 +05:30
Amneesh Singh
6c1400e295 hosts: move adb into a module 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:28:47 +05:30
Amneesh Singh
8d3bbe9d75 hosts: move fonts to home-manager 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:28:04 +05:30
Amneesh Singh
4f96bcda1d hosts: split zsh into a module 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-29 17:27:55 +05:30
Amneesh Singh
0ecd267fa8 home: zsh: fix prezto config 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
c590fb01dc home: natto: rename deprecated stuff 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
d9a9d110de home: natto: edit hyprland config 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
09f2e19683 hosts: satori: rename opengl -> graphics 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
8b12178bfc hosts: okina: update disk configuration 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
4f0f6021e5 hosts: rename font 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
Amneesh Singh
00ead02ff1 flake: update 
Signed-off-by: Amneesh Singh <natto@weirdnatto.in>
 2025-06-14 17:24:32 +05:30
104 changed files with 2224 additions and 1349 deletions
Expand all files Collapse all files

8
conf/colors.nix
View File

@@ -1,6 +1,6 @@
#Catpuccin Mocha
let
colors = rec{
colors = rec {
rosewater = "#F5E0DC";
flamingo = "#F2CDCD";
pink = "#F5C2E7";
@@ -37,5 +37,9 @@ in
rec {
default = with builtins; mapAttrs (_: color: substring 1 6 color) colors; # hex without hash
hex = colors; # hex with hash
argb = { a ? "ff" }: builtins.mapAttrs (_:color: a + color) default; # ARGB
argb =
{
a ? "ff",
}:
builtins.mapAttrs (_: color: a + color) default; # ARGB
}

1
conf/network.nix
View File

@@ -15,6 +15,7 @@
};
domain = {
natto = "weirdnatto.in";
amneesh = "amneesh.com";
};
};

720
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

123
flake.nix
View File

@@ -1,56 +1,13 @@
{
description = "dotfiles";
inputs = {
nixpkgs.url = github:nixos/nixpkgs/nixpkgs-unstable;
stable.url = github:nixos/nixpkgs/release-24.05;
flake-parts.url = github:hercules-ci/flake-parts;
home-manager = {
url = github:nix-community/home-manager;
inputs.nixpkgs.follows = "nixpkgs";
};
mailserver = {
url = gitlab:simple-nixos-mailserver/nixos-mailserver;
inputs.nixpkgs.follows = "nixpkgs";
};
filehost = {
url = github:natto1784/simpler-filehost;
};
nix-gaming.url = github:fufexan/nix-gaming;
nbfc = {
url = github:nbfc-linux/nbfc-linux;
inputs.nixpkgs.follows = "nixpkgs";
};
emacs-overlay.url = github:nix-community/emacs-overlay;
nvim-overlay.url = github:nix-community/neovim-nightly-overlay;
hyprland = {
type = "git";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
};
hyprland-contrib = {
url = github:hyprwm/contrib;
};
agenix.url = github:ryantm/agenix;
ags.url = github:Aylur/ags;
};
outputs = inputs@{ self, ... }:
outputs =
inputs@{ self, ... }:
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
systems = [ "x86_64-linux" "aarch64-linux" ];
systems = [
"x86_64-linux"
"aarch64-linux"
];
imports = [
./hosts
@@ -59,18 +16,70 @@
./conf
];
perSystem = { system, pkgs, ... }:
perSystem =
{ system, pkgs, ... }:
rec {
formatter = pkgs.nixpkgs-fmt;
devShells.default = with pkgs; mkShell {
packages = [
nixd
formatter
];
};
formatter = pkgs.nixfmt-tree;
devShells.default =
with pkgs;
mkShell {
packages = [
nixd
formatter
];
};
_module.args.pkgs = import inputs.nixpkgs {
inherit system;
};
};
};
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
stable.url = "github:nixos/nixpkgs/release-24.05";
flake-parts.url = "github:hercules-ci/flake-parts";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
filehost = {
url = "github:natto1784/simpler-filehost";
};
nix-gaming.url = "github:fufexan/nix-gaming";
nbfc = {
url = "github:nbfc-linux/nbfc-linux";
inputs.nixpkgs.follows = "nixpkgs";
};
emacs-overlay.url = "github:nix-community/emacs-overlay";
nvim-overlay.url = "github:nix-community/neovim-nightly-overlay";
hyprland = {
type = "git";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
};
hyprland-contrib = {
url = "github:hyprwm/contrib";
};
agenix.url = "github:ryantm/agenix";
ags.url = "github:Aylur/ags/v1";
nixgl.url = "github:nix-community/nixGL";
};
}

2
home/README
View File

@@ -4,5 +4,5 @@ bat : default user for remilia (Oracle VM - NixOS Unstable)
spin : default user for hina (Oracle VM - NixOS Unstable)
spark : default user for marisa (RPi4 - NixOS Unstable)
kero : default user for suwako (ARM OracleVM - NixOS Unstable)
amneesh : default user for nightbug (Workplace PC - Ubuntu 22.04)
amneesh : default user for nightbug (Workplace PC - Arch Linux)

24
home/amneesh.nix
View File

@@ -1,24 +0,0 @@
{ config, pkgs, inputs, ... }:
{
home = {
homeDirectory = "/home/amneesh";
username = "amneesh";
stateVersion = "24.05";
packages = with pkgs; [
htop
nattovim
clang-tools
llvmPackages.clang
];
};
imports = [
./natto/emacs.nix
# ./natto/wayland.nix
];
xdg.mime.enable = true;
targets.genericLinux.enable = true;
programs.bash.enable = true;
}

35
home/amneesh/default.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
pkgs,
inputs,
...
}:
{
home = {
homeDirectory = "/home/amneesh";
username = "amneesh";
stateVersion = "24.05";
};
targets.genericLinux.enable = true;
imports = [
./pkgs.nix
./nixgl.nix
# wayland
./wayvnc.nix
# From personal
../natto/ags
../natto/emacs.nix
../natto/browser.nix
../natto/dunst.nix
../natto/gtk.nix
../natto/cursor.nix
# wayland
../natto/wayland.nix
../natto/hyprland.nix
../natto/tofi.nix
../natto/foot.nix
];
}

25
home/amneesh/nixgl.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
inputs,
...
}:
let
inherit (inputs) nixgl;
inherit (inputs.hyprland.packages.${pkgs.system}) hyprland;
inherit (config.lib.nixGL) wrap;
in
{
nixGL = {
packages = nixgl.packages;
defaultWrapper = "mesa";
offloadWrapper = "nvidiaPrime";
installScripts = [
"mesa"
"nvidiaPrime"
];
};
wayland.windowManager.hyprland.package = lib.mkForce (wrap hyprland);
}

27
home/amneesh/pkgs.nix Normal file
View File

@@ -0,0 +1,27 @@
{
pkgs,
inputs,
...
}:
{
xdg.mime.enable = true;
programs = {
bash.enable = true;
};
home.packages = with pkgs; [
clang-tools
cmake
corkscrew
dtc
file
htop
llvmPackages.clang
(nattovim.override { nvimPackage = inputs.nvim-overlay.packages.${pkgs.system}.neovim; })
meson
ninja
thunderbird
wget
];
}

13
home/amneesh/wayvnc.nix Normal file
View File

@@ -0,0 +1,13 @@
{
...
}:
{
services.wayvnc = rec {
enable = true;
autoStart = enable;
settings = {
address = "0.0.0.0";
port = 5900;
};
};
}

4
home/common/direnv/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.direnv.enable = true;
}

20
home/common/fonts/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{ pkgs, ... }:
{
home.packages = with pkgs; [
fira-code
fira-mono
monoid
font-awesome
material-icons
material-design-icons
lohit-fonts.devanagari
lohit-fonts.gurmukhi
office-code-pro
eb-garamond
noto-fonts-cjk-sans
takao
liberation_ttf
];
fonts.fontconfig.enable = true;
}

8
home/common/programs.nix
View File

@@ -1,8 +0,0 @@
{ config, ... }:
{
programs = {
home-manager.enable = true;
password-store.enable = true;
direnv.enable = true;
};
}

7
home/common/zsh.nix → home/common/zsh/default.nix
View File

@@ -1,4 +1,4 @@
{ ... }:
{ lib, ... }:
{
programs.zsh = {
enable = true;
@@ -16,8 +16,11 @@
prompt.theme = "pure";
autosuggestions.color = "fg=yellow,bold";
utility.safeOps = false;
extraConfig = lib.mkBefore ''
export GREP_COLORS="ms=01;31"
'';
};
initExtra = ''
initContent = lib.mkAfter ''
unsetopt extendedGlob
[[ -f ~/.zsh_custom ]] && source ~/.zsh_custom
'';

152
home/default.nix
View File

@@ -1,104 +1,122 @@
{ self, inputs, globalArgs, ... }:
{
self,
inputs,
globalArgs,
...
}:
let
common = [
./common/zsh.nix
./common/programs.nix
{ programs.home-manager.enable = true; }
./common/zsh
./common/direnv
./common/laptop.nix
inputs.agenix.homeManagerModules.default
];
mkPkgs = system: import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
allowBroken = true;
allowInsecure = true;
mkPkgs =
system:
import inputs.nixpkgs {
inherit system;
config = {
allowUnfree = true;
allowBroken = true;
allowInsecure = true;
};
overlays = [ self.overlays.default ];
};
overlays = [ self.overlays.default ];
};
extraSpecialArgs = globalArgs;
in
{
flake.homeConfigurations =
let
nattoModules = [
flake.homeConfigurations = {
natto-laptop = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
./natto
./common/laptop.nix
inputs.agenix.homeManagerModules.default
] ++ common;
in
{
natto-laptop = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = nattoModules ++ [
{ isLaptop = true; }
];
pkgs = mkPkgs "x86_64-linux";
};
./common/fonts
{ isLaptop = true; }
]
++ common;
pkgs = mkPkgs "x86_64-linux";
};
natto = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = nattoModules;
pkgs = mkPkgs "x86_64-linux";
};
natto = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
./natto
./common/fonts
]
++ common;
pkgs = mkPkgs "x86_64-linux";
};
}
// {
spark = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [{
spark = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
{
home = {
homeDirectory = "/home/spark";
username = "spark";
stateVersion = "23.05";
};
}] ++ common;
pkgs = mkPkgs "aarch64-linux";
};
}
]
++ common;
pkgs = mkPkgs "aarch64-linux";
};
bat = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [{
bat = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
{
home = {
homeDirectory = "/home/bat";
username = "bat";
stateVersion = "23.05";
};
}] ++ common;
pkgs = mkPkgs "x86_64-linux";
};
}
]
++ common;
pkgs = mkPkgs "x86_64-linux";
};
spin = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [{
spin = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
{
home = {
homeDirectory = "/home/spin";
username = "spin";
stateVersion = "23.05";
};
}] ++ common;
pkgs = mkPkgs "x86_64-linux";
};
}
]
++ common;
pkgs = mkPkgs "x86_64-linux";
};
kero = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [{
kero = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
{
home = {
homeDirectory = "/home/kero";
username = "kero";
stateVersion = "24.05";
};
}] ++ common;
pkgs = mkPkgs "aarch64-linux";
};
amneesh = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
./amneesh.nix
] ++ common;
pkgs = mkPkgs "x86_64-linux";
};
}
]
++ common;
pkgs = mkPkgs "aarch64-linux";
};
amneesh = inputs.home-manager.lib.homeManagerConfiguration {
inherit extraSpecialArgs;
modules = [
./amneesh
]
++ common;
pkgs = mkPkgs "x86_64-linux";
};
};
}

43
home/natto/ags/default.nix
View File

@@ -1,26 +1,35 @@
{ pkgs, lib, config, inputs, ... }:
{
pkgs,
lib,
config,
inputs,
...
}:
let
cfg = config.programs.ags;
deps = with pkgs; [
sass
gawk
bash
procps
coreutils
imagemagick
systemd
config.wayland.windowManager.hyprland.package
] ++ lib.optional config.isLaptop brightnessctl;
deps =
with pkgs;
[
sass
gawk
bash
procps
coreutils
imagemagick
systemd
config.wayland.windowManager.hyprland.package
]
++ lib.optional config.isLaptop brightnessctl;
configDir = lib.cleanSourceWith {
src = ./.;
filter = name: _:
filter =
name: _:
let
baseName = baseNameOf (toString name);
in
!(lib.hasSuffix ".nix" baseName);
!(lib.hasSuffix ".nix" baseName);
};
in
{
@@ -28,7 +37,10 @@ in
inputs.ags.homeManagerModules.default
];
programs.ags.enable = true;
programs.ags = {
enable = true;
# package = pkgs.ags_1;
};
xdg.configFile."ags" = {
source = configDir;
@@ -47,6 +59,7 @@ in
Environment = "PATH=${lib.makeBinPath deps}";
ExecStart = "${cfg.package}/bin/ags";
Restart = "on-failure";
RestartSec = 10;
};
Install.WantedBy = [ "graphical-session.target" ];
};

18
home/natto/browser.nix Normal file
View File

@@ -0,0 +1,18 @@
{ pkgs, ... }:
{
programs = {
firefox = {
enable = true;
profiles.natto = {
name = "natto";
};
};
chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
};
};
home.sessionVariables = {
BROWSER = "firefox";
};
}

64
home/natto/config/emacs/config.org
View File

@@ -78,32 +78,39 @@
(dark-theme t))
#+end_src
** Configure Selectrum
Enable selectrum
** Minibuffer
Enable vertico
#+begin_src emacs-lisp
(use-package selectrum
:defer t
:config
(selectrum-mode +1))
(use-package vertico
:init
(vertico-mode)
:bind (:map vertico-map
("C-j" . vertico-next)
("C-k" . vertico-previous)))
#+end_src
Add selectrum-prescient
Marginalia for description
#+begin_src emacs-lisp
(use-package selectrum-prescient
(use-package marginalia
:after vertico
:config
(selectrum-prescient-mode +1)
(prescient-persist-mode +1))
(marginalia-mode 1))
#+end_src
Orderless
#+begin_src emacs-lisp
(use-package orderless
:after selectrum
:after vertico
:config
(setq completion-styles '(orderless basic))
(savehist-mode)
(setq orderless-skip-highlighting (lambda () selectrum-is-active)
selectrum-highlight-candidates-function #'orderless-highlight-matches))
(setq completion-styles '(orderless basic)))
#+end_src
Consult
#+begin_src emacs-lisp
(use-package consult
:bind (("M-s M-g" . consult-grep)
("M-s M-f" . consult-find)
("M-s M-b" . consult-buffer)))
#+end_src
** Evil
@@ -132,6 +139,22 @@ Add selectrum-prescient
(evil-mode 1))
#+end_src
*** Evil related packages
#+begin_src emacs-lisp
(use-package evil-collection
:after evil
:ensure t
:config
(evil-collection-init))
(use-package evil-terminal-cursor-changer
:after evil
:if (not (display-graphic-p))
:config
(evil-terminal-cursor-changer-activate))
(use-package evil-anzu :after evil)
#+end_src
*** Configure undo tree
To undo and redo easily like vi
#+begin_src emacs-lisp
@@ -142,15 +165,6 @@ To undo and redo easily like vi
(global-undo-tree-mode 1))
#+end_src
*** Miscellaneous evil related packages
#+begin_src emacs-lisp
(use-package evil-terminal-cursor-changer
:if (not (display-graphic-p))
:config
(evil-terminal-cursor-changer-activate))
(use-package evil-anzu :after evil)
#+end_src
** Treemacs
*** Configure treemacs
#+begin_src emacs-lisp

24
home/natto/config/hypr/hyprland.conf
View File

@@ -1,10 +1,10 @@
monitor=, highrr, auto, 1, bitdepth, 10
monitor=, highrr, auto, 1
input {
kb_layout = us
kb_variant = colemak_dh
kb_layout = us,us
kb_variant = colemak_dh,
kb_model =
kb_options =
kb_options = grp:rctrl_toggle
kb_rules =
follow_mouse = 1
@@ -33,7 +33,10 @@ general {
decoration {
rounding = 1
inactive_opacity = 0.8
drop_shadow = true
shadow {
enabled = true
}
blur {
enabled = true
@@ -56,26 +59,23 @@ animations {
animation = workspaces, 1, 6, overshot
}
cursor {
no_hardware_cursors = true
}
dwindle {
pseudotile = yes
preserve_split = yes
}
master {
new_is_master = false
}
gestures {
workspace_swipe = off
}
misc {
no_direct_scanout = true
disable_hyprland_logo = true
}
windowrule=float, ^.*(iwgtk)$
$mainMod=SUPER
binde=$mainMod, RETURN, exec, foot

13
home/natto/cursor.nix Normal file
View File

@@ -0,0 +1,13 @@
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.catppuccin-cursors.mochaFlamingo;
name = "catppuccin-mocha-flamingo-cursors";
size = 32;
x11 = {
enable = true;
defaultCursor = "crosshair";
};
gtk.enable = true;
};
}

22
home/natto/default.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }:
{ ... }:
{
home = {
homeDirectory = "/home/natto";
@@ -8,17 +8,29 @@
imports = [
./email.nix
./programs.nix
# ./xsession.nix
./wayland.nix
./pass.nix
./browser.nix
./pdf.nix
./mpv.nix
./pkgs.nix
./stuff.nix
./emacs.nix
./gtk.nix
./dunst.nix
./git.nix
./music.nix
./zsh.nix
./games.nix
./cursor.nix
./emacs.nix
# when xserver
# ./xsession.nix
# when wayland
./wayland.nix
./hyprland.nix
./foot.nix
./tofi.nix
./ags
];
}

4
home/natto/dunst.nix
View File

@@ -3,7 +3,9 @@
services = {
dunst = {
enable = true;
iconTheme = with config.gtk.iconTheme; { inherit name package; };
iconTheme = with config.gtk.iconTheme; {
inherit name package;
};
settings = with conf.colors.hex; {
global = {
mouse_left_click = "close_current";

13
home/natto/emacs.nix
View File

@@ -1,6 +1,6 @@
{ config, pkgs, inputs, lib, ... }:
{ pkgs, inputs, ... }:
let
emacs = pkgs.emacs-pgtk;
emacs = pkgs.emacs-git-pgtk;
configFile = ./config/emacs/config.org;
enable = true;
in
@@ -24,10 +24,11 @@ in
alwaysEnsure = true;
alwaysTangle = true;
defaultInitFile = true;
extraEmacsPackages = epkgs: with epkgs; [
use-package
(tree-sitter-langs.withPlugins (_: tree-sitter-langs.plugins))
];
extraEmacsPackages =
epkgs: with epkgs; [
use-package
(tree-sitter-langs.withPlugins (_: tree-sitter-langs.plugins))
];
};
};
services.emacs = {

134
home/natto/email.nix
View File

@@ -1,45 +1,94 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
inputs,
conf,
...
}:
let
key = "53EC089EF230E47A83BA8F8195949BD4B853F559";
host = "mail.weirdnatto.in";
realName = "Amneesh Singh";
address = "natto@weirdnatto.in";
in
{
accounts.email = {
accounts = {
natto = rec {
inherit address realName;
primary = true;
userName = address;
gpg = {
inherit key;
signByDefault = true;
natto =
let
domain = conf.network.addresses.domain.natto;
address = "natto@${domain}";
host = "mail.${domain}";
in
{
inherit realName address;
primary = true;
userName = address;
gpg = {
key = "3C4BDBE7BBF45B52C14EA193007257B05FCC86A8";
signByDefault = true;
};
imap = {
inherit host;
tls.enable = true;
};
imapnotify.enable = true;
smtp = {
inherit host;
tls.enable = true;
};
mbsync = {
enable = true;
create = "both";
};
passwordCommand = "pass show email/${address}";
neomutt = {
enable = true;
extraMailboxes = [
"Sent"
"Drafts"
"Trash"
"Junk"
];
};
};
imap = {
inherit host;
tls.enable = true;
amneesh =
let
domain = conf.network.addresses.domain.amneesh;
address = "me@${domain}";
host = "mail.${domain}";
in
{
inherit address realName;
userName = address;
gpg = {
key = "0C2FDA374F2D48D9F9F0F7788EAAB36980C424C2";
signByDefault = true;
};
imap = {
inherit host;
tls.enable = true;
};
imapnotify.enable = true;
smtp = {
inherit host;
tls.enable = true;
};
mbsync = {
enable = true;
create = "both";
};
passwordCommand = "pass show email/${address}";
neomutt = {
enable = true;
extraMailboxes = [
"Sent"
"Drafts"
"Junk"
];
};
};
imapnotify.enable = true;
smtp = {
inherit host;
tls.enable = true;
};
mbsync = {
enable = true;
create = "both";
};
passwordCommand = "pass show email/${address}";
neomutt = {
enable = true;
extraMailboxes = [
"Sent"
"Drafts"
"Trash"
"Junk"
];
};
};
};
};
services = {
@@ -51,18 +100,17 @@ in
enable = true;
package = pkgs.neomutt;
sort = "reverse-date";
extraConfig =
lib.concatMapStringsSep
"\n"
builtins.readFile
[
./config/neomutt/neomuttrc
./config/neomutt/theme
];
extraConfig = lib.concatMapStringsSep "\n" builtins.readFile [
./config/neomutt/neomuttrc
./config/neomutt/theme
];
};
};
home = {
packages = with pkgs; [ mailcap w3m ];
packages = with pkgs; [
mailcap
w3m
];
file = {
mailcap = {
source = ./config/mailcap;

49
home/natto/eww/default.nix
View File

@@ -1,15 +1,21 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
programs.eww = {
enable = true;
package = pkgs.eww;
configDir = lib.cleanSourceWith {
src = ./.;
filter = name: _:
filter =
name: _:
let
baseName = baseNameOf (toString name);
in
!(lib.hasSuffix ".nix" baseName);
!(lib.hasSuffix ".nix" baseName);
};
};
@@ -20,24 +26,24 @@
};
Service =
let
deps = [
config.programs.eww.package
] ++ lib.optional
config.wayland.windowManager.hyprland.enable
config.wayland.windowManager.hyprland.package
++ (with pkgs; [
coreutils
bash
jq
less
gawk
socat
playerctl
networkmanager
iwgtk
wireplumber
])
++ lib.optional config.laptop pkgs.light;
deps =
[
config.programs.eww.package
]
++ lib.optional config.wayland.windowManager.hyprland.enable config.wayland.windowManager.hyprland.package
++ (with pkgs; [
coreutils
bash
jq
less
gawk
socat
playerctl
networkmanager
iwgtk
wireplumber
])
++ lib.optional config.laptop pkgs.light;
in
{
Type = "simple";
@@ -48,4 +54,3 @@
Install.WantedBy = [ "graphical-session.target" ];
};
}

38
home/natto/programs.nix → home/natto/foot.nix
View File

@@ -1,31 +1,6 @@
{ pkgs, config, conf, ... }:
{ conf, ... }:
{
programs = {
firefox = {
enable = true;
profiles.natto = {
name = "natto";
};
};
chromium = {
enable = true;
package = pkgs.ungoogled-chromium;
};
zathura = {
enable = true;
extraConfig = builtins.readFile ./config/zathura/zathurarc;
options = {
recolor = true;
recolor-lightcolor = "rgba(0,0,0,0)";
default-bg = "rgba(0,0,0,0.8)";
};
};
sioyek = {
enable = true;
};
go.enable = true;
foot = {
enable = true;
settings = {
@@ -55,16 +30,5 @@
};
};
};
mpv = {
enable = true;
config = {
force-window = true;
keep-open = true;
save-position-on-quit = true;
};
};
};
home.sessionVariables = {
BROWSER = "firefox";
};
}

1
home/natto/games.nix
View File

@@ -11,4 +11,3 @@
programs.mangohud.enable = true;
}

2
home/natto/gtk.nix
View File

@@ -3,7 +3,7 @@
gtk = {
enable = true;
theme = {
name = "Catppuccin-Mocha-Standard-Teal-Dark";
name = "catppuccin-mocha-teal-standard";
package = pkgs.catppuccin-gtk.override {
accents = [ "teal" ];
variant = "mocha";

41
home/natto/hyprland.nix Normal file
View File

@@ -0,0 +1,41 @@
{
pkgs,
inputs,
config,
conf,
...
}:
{
wayland = {
windowManager = {
hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
xwayland = {
enable = true;
};
extraConfig =
(builtins.readFile ./config/hypr/hyprland.conf)
+ (with config.home.pointerCursor; ''
exec-once=hyprctl setcursor ${name} ${toString size}
'')
+ (with conf.colors.argb { a = "ee"; }; ''
general {
col.active_border = 0x${mauve} 0x${flamingo} 135deg
col.inactive_border = 0x${surface0}
}
'');
};
};
};
home.packages = with pkgs; [
grim
slurp
inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
wl-clipboard
swayimg
swaybg
];
}

13
home/natto/mpv.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
programs = {
mpv = {
enable = true;
config = {
force-window = true;
keep-open = true;
save-position-on-quit = true;
};
};
};
}

9
home/natto/music.nix
View File

@@ -18,8 +18,7 @@ in
};
mpd-discord-rpc = {
# inherit (mpd) enable;
enable = false;
inherit (mpd) enable;
settings = {
id = 1039532008424099850; # dont really care
format = {
@@ -67,6 +66,7 @@ in
home = {
packages = with pkgs; [
spotify
playerctl
mpc_cli
(ncmpcpp.override {
@@ -82,13 +82,8 @@ in
source = ./config/ncmpcpp/config;
target = "${config.xdg.configHome}/ncmpcpp/config";
};
sessionVariables = {
# LV2_PATH = lib.makeSearchPath "lib/lv2" (with pkgs; [ calf ]);
};
};
age.secrets.mpdasrc = {
file = ./secrets/mpdasrc.age;
path = "${home}/.config/mpdasrc";

6
home/natto/pass.nix Normal file
View File

@@ -0,0 +1,6 @@
{ ... }:
{
programs = {
password-store.enable = true;
};
}

18
home/natto/pdf.nix Normal file
View File

@@ -0,0 +1,18 @@
{ ... }:
{
programs = {
zathura = {
enable = true;
extraConfig = builtins.readFile ./config/zathura/zathurarc;
options = {
recolor = true;
recolor-lightcolor = "rgba(0,0,0,0)";
default-bg = "rgba(0,0,0,0.8)";
};
};
sioyek = {
enable = true;
};
};
}

119
home/natto/pkgs.nix
View File

@@ -1,75 +1,54 @@
{ flake, pkgs, config, ... }:
{
home.packages = with pkgs; [
# A/V, codec and media stuff
ffmpeg-full
wireplumber
pulseaudio
pavucontrol
spotify
imagemagick
flake,
pkgs,
config,
...
}:
{
home.packages =
with pkgs;
[
# A/V, codec and media stuff
ffmpeg-full
wireplumber
pulseaudio
pavucontrol
imagemagick
# Utils
neofetch
rage
curl
yt-dlp
p7zip
unrar
vim
(flake.packages.${system}.customscripts)
cachix
steam-run
# Utils
neofetch
rage
curl
yt-dlp
p7zip
unrar
vim
(flake.packages.${system}.customscripts)
cachix
steam-run
# GUI utils
slack
vesktop
(xfce.thunar.override {
thunarPlugins = with xfce; [
thunar-media-tags-plugin
thunar-volman
thunar-archive-plugin
];
})
xfce.xfconf
xfce.tumbler
qbittorrent
hexchat
dunst
gnome.zenity
# GUI
vesktop
(xfce.thunar.override {
thunarPlugins = with xfce; [
thunar-media-tags-plugin
thunar-volman
thunar-archive-plugin
];
})
xfce.xfconf
xfce.tumbler
qbittorrent
hexchat
dunst
zenity
# Programming and dev stuff
(texlive.combine {
inherit (texlive)
scheme-small
babel
lm
graphics-def
url
mhchem
wrapfig
capt-of
minted
fvextra
xstring
catchfile
framed
upquote
pdfsync
tocloft
enumitem
multirow
tcolorbox;
})
python3Packages.pygments
# Misc
anki
tor-browser-bundle-bin
mailcap
libsForQt5.qtstyleplugins
] ++ lib.optionals config.isLaptop [
powertop
undervolt
];
# Misc
mailcap
libsForQt5.qtstyleplugins
]
++ lib.optionals config.isLaptop [
powertop
undervolt
];
}

28
home/natto/stuff.nix
View File

@@ -1,4 +1,10 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
xdg = {
enable = true;
userDirs.enable = true;
@@ -7,28 +13,20 @@
age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
home = {
pointerCursor = {
package = pkgs.catppuccin-cursors.mochaFlamingo;
name = "Catppuccin-Mocha-Flamingo-Cursors";
size = 32;
x11 = {
enable = true;
defaultCursor = "crosshair";
};
gtk.enable = true;
};
sessionVariables = {
QT_X11_NO_MITSHM = "1";
HM_CONF_DIR = "/etc/nixos";
QT_QPA_PLATFORMTHEME = "gtk2";
};
};
i18n = {
inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [ fcitx5-m17n fcitx5-mozc ];
enable = true;
type = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-m17n
fcitx5-mozc
];
};
};
}

37
home/natto/tofi.nix Normal file
View File

@@ -0,0 +1,37 @@
{
conf,
pkgs,
config,
...
}:
{
home.file.tofi = {
source = pkgs.writeText "tofi-config" (
pkgs.lib.generators.toKeyValue { } (
with conf.colors.default;
{
# https://github.com/philj56/tofi/blob/master/themes/fullscreen
width = "100%";
height = "100%";
border-width = 0;
outline-width = 0;
padding-left = "35%";
padding-top = "35%";
result-spacing = 25;
num-results = 5;
font = "Fira Mono";
font-size = 15;
text-color = foreground;
selection-color = rosewater;
selection-match-color = red;
background-color = "#000A";
}
)
);
target = "${config.xdg.configHome}/tofi/config";
};
home.packages = with pkgs; [
tofi
];
}

57
home/natto/wayland.nix
View File

@@ -1,64 +1,11 @@
{ pkgs, config, conf, inputs, ... }:
{ pkgs, inputs, ... }:
{
imports = [
inputs.hyprland.homeManagerModules.default
./ags
# ./eww
];
wayland = {
windowManager = {
sway = {
enable = true;
};
hyprland = {
enable = true;
xwayland = {
enable = true;
};
extraConfig = (builtins.readFile ./config/hypr/hyprland.conf)
+ (with config.home.pointerCursor; ''
exec-once=hyprctl setcursor ${name} ${toString size}
'')
+ (with conf.colors.argb { a = "ee"; };''
general {
col.active_border = 0x${mauve} 0x${flamingo} 135deg
col.inactive_border = 0x${surface0}
}
'');
};
};
};
home.file.tofi = {
source = pkgs.writeText "tofi-config" (pkgs.lib.generators.toKeyValue { } (with conf.colors.default; {
# https://github.com/philj56/tofi/blob/master/themes/fullscreen
width = "100%";
height = "100%";
border-width = 0;
outline-width = 0;
padding-left = "35%";
padding-top = "35%";
result-spacing = 25;
num-results = 5;
font = "Fira Mono";
font-size = 15;
text-color = foreground;
selection-color = rosewater;
selection-match-color = red;
background-color = "#000A";
}));
target = "${config.xdg.configHome}/tofi/config";
};
home.packages = with pkgs; [
tofi
imv
grim
slurp
inputs.hyprland-contrib.packages.${pkgs.system}.grimblast
wl-clipboard
swayimg
swaybg
];
}

7
home/natto/xsession.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, flake, ... }:
{
pkgs,
config,
flake,
...
}:
{
xsession = {
enable = true;

3
home/natto/zsh.nix
View File

@@ -3,9 +3,8 @@ let
secretPath = "${config.home.homeDirectory}/.zshenv_secret";
in
{
programs.zsh.initExtra = lib.mkForce ''
programs.zsh.initContent = lib.mkAfter ''
. ${secretPath};
unsetopt extendedGlob
'';
age.secrets.zshenv_secret = {

4
hosts/common/programs/adb/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.adb.enable = true;
}

4
hosts/common/programs/dconf/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.dconf.enable = true;
}

16
hosts/common/programs/doas/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{ ... }:
{
security = {
doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
keepEnv = true;
persist = true;
setEnv = [ "PATH" ];
}
];
};
};
}

4
hosts/common/programs/git/default.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
programs.git.enable = true;
}

9
hosts/common/programs/gnupg/default.nix Normal file
View File

@@ -0,0 +1,9 @@
{ ... }:
{
programs.gnupg = {
agent = {
enableSSHSupport = true;
enable = true;
};
};
}

0
hosts/nvim.nix → hosts/common/programs/neovim/default.nix
View File

5
hosts/nix.nix → hosts/common/programs/nix/default.nix
View File

@@ -16,7 +16,10 @@
'';
settings = {
auto-optimise-store = true;
trusted-users = [ "root" "@wheel" ];
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://mirrors.tuna.tsinghua.edu.cn/nix-channels/store"

13
hosts/common/programs/zsh/default.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }:
{
programs.zsh = {
enable = true;
histSize = 30000;
enableBashCompletion = true;
enableCompletion = true;
autosuggestions = {
enable = true;
highlightStyle = "fg=yellow,bold";
};
};
}

21
hosts/common/security/default.nix Normal file
View File

@@ -0,0 +1,21 @@
{
lib,
conf,
config,
...
}:
let
domain = conf.network.addresses.domain.natto;
nginx = config.services.nginx;
in
{
security = {
acme = lib.mkIf nginx.enable {
acceptTerms = true;
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; }) (
lib.filterAttrs (_: v: v.enableACME) nginx.virtualHosts
);
};
pki.certificateFiles = [ ../../../cert.pem ];
};
}

5
hosts/sound.nix → hosts/common/services/pipewire/default.nix
View File

@@ -1,6 +1,5 @@
{ lib, config, pkgs, ... }: {
# sound stuff
sound.enable = true;
{ ... }:
{
services.pipewire = {
enable = true;
alsa = {

14
hosts/xorg.nix → hosts/common/services/xserver/default.nix
View File

@@ -1,17 +1,11 @@
{ config, lib, ... }:
#let
# compiledLayout = pkgs.runCommand "keyboard-layout" {} ''
# ${pkgs.xorg.xkbcomp}/bin/xkbcomp ${./colemak-dh.xkb} $out
# '';
#in
{
services = {
libinput = {
enable = true;
mouse = {
accelSpeed = "0";
# accelProfile = "flat";
};
touchpad = {
middleEmulation = false;
@@ -22,13 +16,9 @@
};
xserver = {
enable = true;
displayManager = {
startx = {
enable = true;
};
};
displayManager.startx.enable = true;
xkb.layout = "us";
xkb.variant = "colemak_dh"; # trying to ditch DHz now
xkb.variant = "colemak_dh";
autoRepeatDelay = 320;
autoRepeatInterval = 30;
};

86
hosts/vault-agent.nix → hosts/common/vault-agent.nix
View File

@@ -1,5 +1,10 @@
#Taken from https://github.com/MagicRB/dotfiles/blob/master/nix/nixos-modules/vault-agent.nix
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.vault-agent;
@@ -59,48 +64,49 @@ in
};
};
config = mkIf cfg.enable
({
config = mkIf cfg.enable ({
users = {
users = {
users = {
"${cfg.userName}" = {
group = cfg.groupName;
uid = cfg.uid;
isSystemUser = true;
description = "Vault-Agent User";
};
};
groups = {
"${cfg.groupName}" = {
gid = cfg.gid;
};
"${cfg.userName}" = {
group = cfg.groupName;
uid = cfg.uid;
isSystemUser = true;
description = "Vault-Agent User";
};
};
systemd.tmpfiles.rules = mkIf (cfg.secretsDir != null) [
"d ${cfg.secretsDir} 6755 vault-agent ${cfg.groupName} 0"
];
systemd.services.vault-agent = {
description = "Vault Agent";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = (with pkgs; [
groups = {
"${cfg.groupName}" = {
gid = cfg.gid;
};
};
};
systemd.tmpfiles.rules = mkIf (cfg.secretsDir != null) [
"d ${cfg.secretsDir} 6755 vault-agent ${cfg.groupName} 0"
];
systemd.services.vault-agent = {
description = "Vault Agent";
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
path = (
with pkgs;
[
glibc
]);
serviceConfig = {
User = cfg.userName;
Group = cfg.groupName;
ExecReload = "${pkgs.busybox}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/vault agent -config=${json.generate "vault.json" cfg.settings}";
KillMode = "process";
KillSignal = "SIGINT";
Restart = "on-failure";
TimeoutStopSec = "30s";
RestartSec = 2;
ConfigurationDirectory = "vault-agent";
ConfigurationDirectoryMode = "0600";
};
]
);
serviceConfig = {
User = cfg.userName;
Group = cfg.groupName;
ExecReload = "${pkgs.busybox}/bin/kill -HUP $MAINPID";
ExecStart = "${cfg.package}/bin/vault agent -config=${json.generate "vault.json" cfg.settings}";
KillMode = "process";
KillSignal = "SIGINT";
Restart = "on-failure";
TimeoutStopSec = "30s";
RestartSec = 2;
ConfigurationDirectory = "vault-agent";
ConfigurationDirectoryMode = "0600";
};
});
};
});
}

26
hosts/common/x86builder.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, ... }:
{
nix = {
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [
{
hostName = "okina";
systems = [
"x86_64-linux"
"aarch64-linux"
];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
}
];
distributedBuilds = true;
};
}

35
hosts/default.nix
View File

@@ -3,19 +3,23 @@ let
inherit (inputs) nixpkgs;
commonModules = [
./nvim.nix
./nix.nix
{
_module.args = globalArgs;
}
./common/programs/neovim
./common/programs/nix
./common/programs/zsh
./common/programs/gnupg
./common/programs/git
./common/programs/doas
./common/security
];
desktopModules = [
./xorg.nix
./wayland.nix
./desktop-pkgs.nix
./sound.nix
./common/programs/adb
./common/programs/dconf
./common/services/xserver
./common/services/pipewire
];
serverModules = [ ./minimal.nix ];
in
{
flake.nixosConfigurations = {
@@ -45,8 +49,7 @@ in
modules = [
./marisa
]
++ commonModules
++ serverModules;
++ commonModules;
};
#Oracle Cloud VM
@@ -54,11 +57,10 @@ in
system = "x86_64-linux";
modules = [
./remilia
./x86builder.nix
./common/x86builder.nix
inputs.mailserver.nixosModules.mailserver
]
++ commonModules
++ serverModules;
++ commonModules;
};
#Oracle Cloud VM
@@ -66,10 +68,9 @@ in
system = "x86_64-linux";
modules = [
./hina
./x86builder.nix
./common/x86builder.nix
]
++ commonModules
++ serverModules;
++ commonModules;
};
#Oracle Cloud VM
@@ -77,9 +78,9 @@ in
system = "aarch64-linux";
modules = [
./suwako
inputs.mailserver.nixosModules.mailserver
]
++ commonModules
++ serverModules;
++ commonModules;
};
};
}

63
hosts/desktop-pkgs.nix
View File

@@ -1,63 +0,0 @@
{ lib, config, inputs, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
tmux
bc
gnumake
pciutils
usbutils
ntfs3g
python3
htop
wget
ripgrep
kbd
gcc
vulkan-tools
vulkan-headers
jq
dconf
];
fonts.packages = with pkgs; [
fira-code
fira-mono
monoid
font-awesome
material-icons
material-design-icons
lohit-fonts.devanagari
lohit-fonts.gurmukhi
office-code-pro
eb-garamond
noto-fonts-cjk
takao
liberation_ttf
];
programs = {
git.enable = true;
gnupg = {
agent = {
enableSSHSupport = true;
enable = true;
};
};
zsh = {
enable = true;
histSize = 30000;
enableBashCompletion = true;
enableCompletion = true;
autosuggestions = {
enable = true;
highlightStyle = "fg=yellow,bold";
};
};
adb.enable = true;
gamemode.enable = true;
};
}

14
hosts/hina/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

8
hosts/hina/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix
@@ -16,7 +21,6 @@
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
};
programs.zsh.enable = true;
system.stateVersion = "21.11";
}

24
hosts/hina/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/cloudimg-rootfs";
fsType = "ext4";
};
swapDevices = [
{

23
hosts/hina/networking.nix
View File

@@ -1,16 +1,25 @@
{ lib, config, conf, pkgs, ... }:
{
lib,
config,
conf,
pkgs,
...
}:
{
networking = {
useDHCP = false;
hostName = "hina";
firewall =
{
interfaces = {
ens3 = {
allowedTCPPorts = [ 9898 80 443 ];
};
firewall = {
interfaces = {
ens3 = {
allowedTCPPorts = [
9898
80
443
];
};
};
};
interfaces = {
ens3 = {
useDHCP = true;

16
hosts/hina/services.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, conf, ... }:
{
config,
pkgs,
lib,
conf,
...
}:
let
domain = conf.network.addresses.domain.natto;
in
@@ -31,12 +37,4 @@ in
};
};
};
security.acme = {
acceptTerms = true;
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; })
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
};
security.pki.certificateFiles = [ ../../cert.pem ];
}

29
hosts/marisa/boot.nix
View File

@@ -2,19 +2,33 @@
{
boot = {
consoleLogLevel = 7;
kernelParams = [ "console=ttyS0,115200n8" "console=ttyAMA0,115200n8" "console=tty0" ];
kernelParams = [
"console=ttyS0,115200n8"
"console=ttyAMA0,115200n8"
"console=tty0"
];
kernelPackages = pkgs.linuxPackages_5_10;
initrd.availableKernelModules = [ "xhci_pci" "usb_storage" "usbhid" "uas" "pcie-brcmstb" "vc4" ];
initrd.availableKernelModules = [
"xhci_pci"
"usb_storage"
"usbhid"
"uas"
"pcie-brcmstb"
"vc4"
];
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
/* raspberryPi= {
/*
raspberryPi= {
version = 4;
firmwareConfig = "dtparam=sd_poll_once=on";
enable = true;
}; */
enable = true;
};
*/
};
/* kernelPatches = [
/*
kernelPatches = [
{
name = "change-pgtable";
patch = null;
@@ -22,6 +36,7 @@
CONFIG_PGTABLE_LEVELS 4
'';
}
];*/
];
*/
};
}

10
hosts/marisa/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix
@@ -14,10 +19,7 @@
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
};
programs.zsh.enable = true;
time.timeZone = "Asia/Kolkata";
system.stateVersion = "21.05";
security.pki.certificateFiles = [ ../../cert.pem ../../consul-agent-ca.pem ];
}

27
hosts/marisa/hardware.nix
View File

@@ -1,21 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
fileSystems."/" =
{
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
fileSystems."/nix/store" =
{
device = "/nix/store";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/nix/store" = {
device = "/nix/store";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [
{

38
hosts/marisa/networking.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
networking = {
hostName = "marisa";
@@ -7,10 +12,10 @@
22 # ssh
80 # http
# 5454
5001 #gitea
4646 #nomad
5001 # gitea
4646 # nomad
# 8500 #vault nomad consul
8000 #simpler-filehost
8000 # simpler-filehost
# 6666 #concourse
# 202 #gitea-ssh
];
@@ -25,16 +30,20 @@
interfaces = {
eth0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.159";
}];
ipv4.addresses = [
{
prefixLength = 24;
address = "192.168.1.159";
}
];
};
wlan0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.159";
}];
ipv4.addresses = [
{
prefixLength = 24;
address = "192.168.1.159";
}
];
};
};
wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
@@ -52,6 +61,9 @@
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

21
hosts/marisa/services/default.nix
View File

@@ -3,33 +3,20 @@
imports = [
# ./hashicorp.nix
./filehost.nix
./gitea.nix
];
# Add secrets to nomad, consul and vault
virtualisation.docker = {
enable = true;
daemon.settings = {
# default-cgroupns-mode = "host";
};
};
services = {
openssh = {
enable = true;
ports = [ 22 22001 ];
ports = [
22
22001
];
};
postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-map
'';
identMap =
''
gitea-map gitea gitea
'';
};
};
}

6
hosts/marisa/services/hashicorp.nix
View File

@@ -6,7 +6,10 @@
enable = true;
enableDocker = true;
dropPrivileges = false;
extraPackages = with pkgs; [ consul cni-plugins ];
extraPackages = with pkgs; [
consul
cni-plugins
];
extraSettingsPaths = [ "/run/nomad/nomad.json" ];
};
vault = {
@@ -27,4 +30,3 @@
};
};
}

41
hosts/minimal.nix
View File

@@ -1,41 +0,0 @@
{ config, pkgs, ... }:
{
security = {
sudo.enable = false;
doas = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
keepEnv = true;
persist = true;
}
];
};
};
environment.systemPackages = with pkgs; [
git
htop
vim
tmux
wireguard-tools
nmap
gcc
];
programs = {
gnupg = {
agent = {
enable = true;
};
};
};
nix = {
extraOptions = ''
experimental-features = nix-command flakes
'';
settings.trusted-users = [ "root" ];
};
}

32
hosts/okina/boot.nix
View File

@@ -1,21 +1,41 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages;
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
kernelParams = [ "i915.force_probe=56a1" "resume_offset=11287312" ];
kernelParams = [ "i915.force_probe=56a1" ];
# kernelModules = [ "kvm-intel" "i2c-dev" "ddcci_backlight" ];
kernelModules = [ "kvm-intel" "i2c-dev" ];
kernelModules = [
"kvm-intel"
"i2c-dev"
];
# extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ddcci-driver ];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback r8125 ];
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
r8125
];
blacklistedKernelModules = [ "r8169" ];
extraModprobeConfig = ''options snd-intel-dspcfg dsp_driver=1 '';
resumeDevice = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
resumeDevice = "/dev/disk/by-uuid/3770e3bd-a200-4e36-b3a5-4963d13865f9";
loader = {
efi = {

15
hosts/okina/default.nix
View File

@@ -1,12 +1,11 @@
{ lib, config, ... }:
{
imports =
[
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
];
imports = [
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
];
system.stateVersion = "23.05";
}

75
hosts/okina/hardware.nix
View File

@@ -1,43 +1,45 @@
{ config, lib, modulesPath, pkgs, ... }:
{
config,
lib,
modulesPath,
pkgs,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/5679b901-3a70-4422-81f5-af91f287500b";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/A2E5-006F";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/A2E5-006F";
fsType = "vfat";
};
fileSystems."/media/omghi" =
{
device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c";
fsType = "ext4";
};
fileSystems."/media/omghi" = {
device = "/dev/disk/by-uuid/0e862bdb-168a-42cc-8a28-0ae9e9a0753c";
fsType = "ext4";
};
/* fileSystems."/media/real" =
{
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
*/
fileSystems."/media/real" = {
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
/* fileSystems."/media/ntfs" =
/*
fileSystems."/media/ntfs" =
{
device = "/dev/disk/by-uuid/54034ca6-d3cd-11ee-9e0c-f020ff87c985";
fsType = "ntfs";
};*/
};
*/
zramSwap = {
enable = true;
@@ -47,7 +49,7 @@
};
swapDevices = [
{ device = "/var/swap"; size = 32768; }
{ device = "/dev/disk/by-uuid/3770e3bd-a200-4e36-b3a5-4963d13865f9"; }
];
powerManagement = {
@@ -56,17 +58,18 @@
};
hardware = {
steam-hardware.enable = true;
bluetooth.enable = true;
cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
opengl = {
driSupport32Bit = true;
graphics = {
enable32Bit = true;
enable = true;
package = pkgs.mesa.drivers;
package32 = pkgs.pkgsi686Linux.mesa.drivers;
package = pkgs.mesa;
package32 = pkgs.pkgsi686Linux.mesa;
extraPackages = with pkgs; [
intel-media-driver
intel-compute-runtime
onevpl-intel-gpu
vpl-gpu-rt
];
};
};

61
hosts/okina/networking.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, conf, lib, ... }:
{
config,
pkgs,
conf,
lib,
...
}:
{
networking = {
@@ -10,35 +16,54 @@
};
firewall = {
allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 8096 ];
allowedUDPPorts = [ 22 17840 18172 ];
allowedTCPPorts = [
22
18172
6600
8001
7590
25565
9092
8096
];
allowedUDPPorts = [
22
17840
18172
];
trustedInterfaces = [ "docker0" ];
};
interfaces = {
enp7s0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.106";
}];
};
/*
enp7s0 = {
ipv4.addresses = [{
prefixLength = 24;
address = "192.168.1.106";
}];
};
*/
};
wireguard.interfaces.wg0 = with conf.network.addresses.wireguard.ips; {
ips = [ okina ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg.key";
peers = [{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}];
peers = [
{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

10
hosts/okina/services.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
services = {
openssh = {
@@ -15,7 +20,7 @@
};
avahi = lib.mkIf config.services.printing.enable {
enable = true;
nssmdns = true;
nssmdns4 = true;
openFirewall = true;
};
};
@@ -24,7 +29,6 @@
libvirtd.wantedBy = lib.mkForce [ ];
};
security.pki.certificateFiles = [ ../../cert.pem ];
virtualisation = {
docker = {
enable = true;

30
hosts/okina/stuff.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
time.timeZone = "Asia/Kolkata";
@@ -8,25 +13,24 @@
rtkit.enable = true;
polkit.enable = true;
sudo.enable = true;
doas = {
enable = true;
extraRules = [
{
users = [ "natto" ];
keepEnv = true;
persist = true;
setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
}
];
};
};
console.useXkbConfig = true;
users.users.natto = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/natto";
extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" ];
extraGroups = [
"wheel"
"adbusers"
"video"
"libvirtd"
"docker"
"networkmanager"
"dialout"
"pipewire"
];
};
virtualisation = {

14
hosts/remilia/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

8
hosts/remilia/default.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix
@@ -17,7 +22,6 @@
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
};
programs.zsh.enable = true;
system.stateVersion = "21.11";
}

24
hosts/remilia/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/d91adce2-9059-4a8a-86e7-dee6ecc85b2b";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/cloudimg-rootfs";
fsType = "ext4";
};
swapDevices = [
{

15
hosts/remilia/mailserver.nix
View File

@@ -1,14 +1,23 @@
{ config, pkgs, conf, network, ... }:
{
config,
pkgs,
conf,
network,
...
}:
{
mailserver =
let domain = conf.network.addresses.domain.natto; in
let
domain = conf.network.addresses.domain.natto;
in
rec {
enable = true;
stateVersion = 3;
fqdn = "mail.${domain}";
sendingFqdn = fqdn;
domains = [ domain ];
certificateDomains = [ "mail.${domain}" ];
certificateScheme = 3;
certificateScheme = "acme-nginx";
loginAccounts = {
"natto@${domain}" = {
hashedPasswordFile = "/var/secrets/natto@${domain}.key";

57
hosts/remilia/networking.nix
View File

@@ -1,27 +1,44 @@
{ lib, config, conf, pkgs, ... }:
{
lib,
config,
conf,
pkgs,
...
}:
{
networking = {
useDHCP = false;
hostName = "remilia";
firewall =
{
interfaces = {
ens3 = {
allowedTCPPorts = [ 80 81 443 444 993 465 143 25 22 22001 22002 4444 ]
++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
allowedUDPPorts = [ 17840 ];
};
firewall = {
interfaces = {
ens3 = {
allowedTCPPorts = [
80
81
443
444
993
465
143
25
22
22001
22002
4444
]
++ (map (x: x.sourcePort) config.networking.nat.forwardPorts);
allowedUDPPorts = [ 17840 ];
};
extraCommands = lib.concatMapStringsSep "\n"
(x:
let
t = lib.splitString ":" x.destination;
in
with lib;
"iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
)
config.networking.nat.forwardPorts;
};
extraCommands = lib.concatMapStringsSep "\n" (
x:
let
t = lib.splitString ":" x.destination;
in
with lib;
"iptables -t nat -A POSTROUTING -d ${head t} -p tcp -m tcp --dport ${last t} -j MASQUERADE"
) config.networking.nat.forwardPorts;
};
interfaces = {
ens3 = {
useDHCP = true;
@@ -76,6 +93,10 @@
publicKey = "BRdWQYPyfZeEWGtghhoYZf90nOsU/kXB3vOFJ6A17Ao=";
allowedIPs = [ ips.okina ];
}
{
publicKey = "JriOM0LQr/YbdeIH++qY4O32vlcc8L2AC1MDoFGCpmA=";
allowedIPs = [ ips.suwako ];
}
];
};
};

94
hosts/remilia/services.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, lib, conf, ... }:
{
config,
pkgs,
lib,
conf,
...
}:
let
domain = conf.network.addresses.domain.natto;
in
@@ -8,7 +14,10 @@ in
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
ports = [ 22 22002 ];
ports = [
22
22002
];
};
nginx = {
enable = true;
@@ -24,20 +33,28 @@ in
'';
virtualHosts =
let
genericHttpRProxy = { addr, ssl ? true, conf ? "" }: {
enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig = ''
expires $expires;
proxy_set_header Host $host;
'' + conf;
genericHttpRProxy =
{
addr,
ssl ? true,
conf ? "",
}:
{
enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig = ''
expires $expires;
proxy_set_header Host $host;
''
+ conf;
};
};
};
in
with conf.network.addresses.wireguard.ips; {
with conf.network.addresses.wireguard.ips;
{
"${domain}" = {
addSSL = true;
enableACME = true;
@@ -47,11 +64,13 @@ in
};
serverAliases = [ "www.${domain}" ];
};
# "vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; };
# "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; };
"f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8000"; };
# MPD server
"radio.${domain}" = genericHttpRProxy { addr = "http://${satori}:8001"; };
/* "radio.${domain}" = {
# Some random music server I once had
/*
"radio.${domain}" = {
addSSL = true;
enableACME = true;
locations."/" = {
@@ -62,13 +81,29 @@ in
'';
};
locations."= /".return = "301 /radio";
};*/
};
*/
"git.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:5001";
conf = "client_max_body_size 64M;";
};
/*"nomad.${domain}" = genericHttpRProxy {
# Gitea
/*
"git.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:5001";
conf = "client_max_body_size 64M;";
};
*/
# Personal filehost
# "f.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8000"; };
# Hashicorp Vault
# "vault.${domain}" = genericHttpRProxy { addr = "https://${marisa}:8800"; };
# Hashicorp Consul
# "consul.${domain}" = genericHttpRProxy { addr = "http://${marisa}:8500"; };
# Hashicorp Nomad
/*
"nomad.${domain}" = genericHttpRProxy {
addr = "http://${marisa}:4646";
conf = ''
proxy_buffering off;
@@ -79,15 +114,4 @@ in
};
};
};
security.acme = {
acceptTerms = true;
certs = {
"${domain}".extraDomainNames = lib.singleton "www.${domain}";
} //
lib.mapAttrs (n: _: { email = "natto@${domain}"; })
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
};
security.pki.certificateFiles = [ ../../cert.pem ];
}

41
hosts/satori/boot.nix
View File

@@ -1,22 +1,49 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
boot = {
kernelPackages = pkgs.linuxPackages_latest;
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "vfio-pci" ];
/* preDeviceCommands = ''
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"sd_mod"
"vfio-pci"
];
/*
preDeviceCommands = ''
DEVS="0000:01:00.0 0000:01:00.1 0000:01:00.2 0000:01:00.3"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
'';*/
'';
*/
kernelModules = [ ];
};
kernelParams = [ "intel_pstate=active" "intel_iommu=on" "nvidia_drm.modeset=1" "clearcpuid=512" ];
kernelModules = [ "kvm-intel" "snd-seq" "snd-rawmidi" "joydev" ];
extraModulePackages = with config.boot.kernelPackages; [ nvidia_x11 v4l2loopback ];
kernelParams = [
"intel_pstate=active"
"intel_iommu=on"
"nvidia_drm.modeset=1"
"clearcpuid=512"
];
kernelModules = [
"kvm-intel"
"snd-seq"
"snd-rawmidi"
"joydev"
];
extraModulePackages = with config.boot.kernelPackages; [
nvidia_x11
v4l2loopback
];
loader = {
efi = {
canTouchEfiVariables = true;

17
hosts/satori/default.nix
View File

@@ -1,13 +1,12 @@
{ lib, config, ... }:
{
imports =
[
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
./graphics.nix
];
imports = [
./hardware.nix
./stuff.nix
./networking.nix
./boot.nix
./services.nix
./graphics.nix
];
system.stateVersion = "23.05";
}

23
hosts/satori/graphics.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
nvidia-offload = pkgs.writeShellScriptBin "nvi" ''
export __NV_PRIME_RENDER_OFFLOAD=1
@@ -13,21 +18,25 @@ in
nvidia-offload
];
hardware = {
opengl = {
driSupport32Bit = true;
graphics = {
enable32Bit = true;
enable = true;
package = pkgs.mesa.drivers;
package32 = pkgs.pkgsi686Linux.mesa.drivers;
package = pkgs.mesa;
package32 = pkgs.pkgsi686Linux.mesa;
};
nvidia = {
package = config.boot.kernelPackages.nvidia_x11;
prime = {
# sync.enable = true;
offload = { enable = true; };
offload = {
enable = true;
};
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
};
modesetting = { enable = true; };
modesetting = {
enable = true;
};
powerManagement = {
enable = true;
finegrained = true;

48
hosts/satori/hardware.nix
View File

@@ -1,29 +1,30 @@
{ config, lib, modulesPath, ... }:
{
config,
lib,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/59af143c-1a87-4654-9b31-7594ac8ba530";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/59af143c-1a87-4654-9b31-7594ac8ba530";
fsType = "ext4";
};
fileSystems."/media/real" =
{
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/media/real" = {
device = "/dev/disk/by-uuid/8086be20-c770-46be-bd8f-5bd2d7735c7d";
fsType = "btrfs";
options = [ "compress-force=zstd:3" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/2424-5639";
fsType = "vfat";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/2424-5639";
fsType = "vfat";
};
zramSwap = {
enable = true;
@@ -33,7 +34,10 @@
};
swapDevices = [
{ device = "/var/swap"; size = 4096; }
{
device = "/var/swap";
size = 4096;
}
];
powerManagement = {

44
hosts/satori/networking.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
networking = {
@@ -10,8 +15,20 @@
};
firewall = {
allowedTCPPorts = [ 22 18172 6600 8001 7590 25565 9092 ];
allowedUDPPorts = [ 22 17840 18172 ];
allowedTCPPorts = [
22
18172
6600
8001
7590
25565
9092
];
allowedUDPPorts = [
22
17840
18172
];
trustedInterfaces = [ "docker0" ];
};
@@ -19,16 +36,21 @@
ips = [ satori ];
listenPort = 17840;
privateKeyFile = "/var/secrets/wg.key";
peers = [{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}];
peers = [
{
#Oracle VM1
publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
allowedIPs = [ remilia ];
endpoint = "${conf.network.addresses.domain.natto}:17840";
persistentKeepalive = 25;
}
];
};
defaultGateway = "192.168.1.1";
nameservers = [ "1.1.1.1" "8.8.8.8" ];
nameservers = [
"1.1.1.1"
"8.8.8.8"
];
};
}

8
hosts/satori/services.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
services = {
openssh = {
@@ -21,7 +26,6 @@
libvirtd.wantedBy = lib.mkForce [ ];
};
security.pki.certificateFiles = [ ../../cert.pem ];
virtualisation = {
docker = {
enable = true;

29
hosts/satori/stuff.nix
View File

@@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
{
time.timeZone = "Asia/Kolkata";
@@ -8,26 +13,22 @@
rtkit.enable = true;
polkit.enable = true;
sudo.enable = true;
doas = {
enable = true;
extraRules = [
{
users = [ "natto" ];
keepEnv = true;
persist = true;
setEnv = [ "SSH_AUTH_SOCK" "PATH" "SHELL" ];
}
];
};
};
console.useXkbConfig = true;
users.users.natto = {
isNormalUser = true;
shell = pkgs.zsh;
home = "/home/natto";
extraGroups = [ "wheel" "adbusers" "video" "libvirtd" "docker" "networkmanager" "dialout" ];
extraGroups = [
"wheel"
"adbusers"
"video"
"libvirtd"
"docker"
"networkmanager"
"dialout"
];
};
virtualisation = {

14
hosts/suwako/boot.nix
View File

@@ -3,9 +3,19 @@
boot = {
kernel.sysctl."net.ipv4.ip_forward" = 1;
initrd.kernelModules = [ "bochs" ];
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" ];
initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
];
kernelModules = [ "kvm-amd" ];
kernelParams = [ "console=ttyS0" "console=tty1" "nvme.shutdown_timeout=10" "libiscsi.debug_libiscsi_eh=1" ];
kernelParams = [
"console=ttyS0"
"console=tty1"
"nvme.shutdown_timeout=10"
"libiscsi.debug_libiscsi_eh=1"
];
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;

12
hosts/suwako/default.nix
View File

@@ -1,10 +1,16 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
imports = [
./networking.nix
./hardware.nix
./boot.nix
./services.nix
./services
./mailserver.nix
];
time.timeZone = "Asia/Kolkata";
@@ -17,7 +23,5 @@
openssh.authorizedKeys.keys = conf.network.commonSSHKeys;
};
programs.zsh.enable = true;
system.stateVersion = "24.05";
}

24
hosts/suwako/hardware.nix
View File

@@ -1,16 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/e87c20b9-f451-45bf-b863-385ac9c290cf ";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-label/cloudimg-rootfs";
fsType = "ext4";
};
swapDevices = [
{

26
hosts/suwako/mailserver.nix Normal file
View File

@@ -0,0 +1,26 @@
{
conf,
...
}:
{
mailserver =
let
domain = conf.network.addresses.domain.amneesh;
in
rec {
enable = true;
stateVersion = 3;
fqdn = "mail.${domain}";
sendingFqdn = fqdn;
domains = [ domain ];
certificateDomains = [ "mail.${domain}" ];
certificateScheme = "acme-nginx";
loginAccounts = {
"me@${domain}" = {
hashedPasswordFile = "/var/secrets/me@${domain}.key";
};
};
enablePop3 = false;
enablePop3Ssl = false;
};
}

21
hosts/suwako/networking.nix
View File

@@ -1,16 +1,23 @@
{ lib, config, conf, pkgs, ... }:
{
conf,
...
}:
{
networking = {
useDHCP = false;
hostName = "suwako";
firewall =
{
interfaces = {
enp0s6 = {
allowedTCPPorts = [ 22 443 80 ];
};
firewall = {
interfaces = {
enp0s6 = {
allowedTCPPorts = [
22
443
80
25565 # minecraft
];
};
};
};
interfaces = {
enp0s6 = {
useDHCP = true;

24
hosts/suwako/services.nix
View File

@@ -1,24 +0,0 @@
{ config, pkgs, lib, conf, ... }:
let
domain = conf.network.addresses.domain.natto;
in
{
services = {
cron.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
ports = [ 22 ];
};
};
security.acme = {
acceptTerms = true;
certs = lib.mapAttrs (n: _: { email = "natto@${domain}"; })
(lib.filterAttrs (_: v: v.enableACME) config.services.nginx.virtualHosts);
};
security.pki.certificateFiles = [ ../../cert.pem ];
}

33
hosts/suwako/services/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{ ... }:
{
imports = [
./nginx.nix
./pufferpanel.nix
./filehost.nix
./gitea.nix
];
virtualisation.docker = {
enable = true;
};
services = {
cron.enable = true;
openssh = {
enable = true;
settings.PermitRootLogin = "yes";
ports = [ 22 ];
};
postgresql = {
enable = true;
authentication = ''
local gitea all ident map=gitea-map
'';
identMap = ''
gitea-map gitea gitea
'';
};
};
}

8
hosts/marisa/services/filehost.nix → hosts/suwako/services/filehost.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, inputs, conf, ... }:
{
config,
pkgs,
inputs,
conf,
...
}:
{
systemd.services.filehost = {
enable = true;

15
hosts/marisa/services/gitea.nix → hosts/suwako/services/gitea.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, conf, ... }:
{
config,
pkgs,
conf,
...
}:
{
services = {
gitea = rec {
@@ -20,15 +25,14 @@
HTTP_PORT = 5001;
ROOT_URL = "https://git.${domain}";
SSH_DOMAIN = "git.${domain}";
SSH_PORT = 22001;
SSH_PORT = 22;
SSH_LISTEN_PORT = SSH_PORT;
};
mailer = rec {
ENABLED = true;
FROM = "masti@${domain}";
TYPE = "smtp";
HOST = "mail.${domain}";
IS_TLS_ENABLED = true;
SMTP_ADDR = "mail.${domain}";
PROTOCOL = "smtps";
USER = FROM;
REGISTER_MAIL_CONFIRM = true;
};
@@ -38,4 +42,3 @@
};
};
}

65
hosts/suwako/services/nginx.nix Normal file
View File

@@ -0,0 +1,65 @@
{ conf, ... }:
let
domain = conf.network.addresses.domain.natto;
in
{
services.nginx = {
enable = true;
appendHttpConfig = ''
map $uri $expires {
default off;
~\.(jpg|jpeg|png|gif|ico)$ 30d;
}
'';
virtualHosts =
let
genericHttpRProxy =
{
addr,
ssl ? true,
conf ? "",
}:
{
enableACME = ssl;
# addSSL = ssl;
forceSSL = ssl;
locations."/" = {
proxyPass = toString addr;
extraConfig = ''
expires $expires;
proxy_set_header Host $host;
''
+ conf;
};
};
in
with conf.network.addresses.wireguard.ips;
{
"moj.${domain}" = genericHttpRProxy { addr = "https://${suwako}:25565"; };
"puffer.${domain}" = genericHttpRProxy {
addr = "http://${suwako}:8080";
conf = ''
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Connection "Upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Nginx-Proxy true;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M;
'';
};
# Gitea
"git.${domain}" = genericHttpRProxy {
addr = "http://${suwako}:5001";
conf = "client_max_body_size 64M;";
};
# Personal filehost
"f.${domain}" = genericHttpRProxy { addr = "http://${suwako}:8000"; };
};
};
}

17
hosts/suwako/services/pufferpanel.nix Normal file
View File

@@ -0,0 +1,17 @@
{ pkgs, lib, ... }:
{
services.pufferpanel = {
enable = true;
extraGroups = [ "docker" ];
package = pkgs.buildFHSEnv {
name = "pufferpanel-fhs";
runScript = lib.getExe pkgs.pufferpanel;
targetPkgs =
pkgs': with pkgs'; [
icu
openssl
zlib
];
};
};
}

11
hosts/wayland.nix
View File

@@ -1,11 +0,0 @@
{ inputs, pkgs, ... }:
{
xdg.portal = {
enable = true;
extraPortals = [
inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland
];
config.common.default = "*";
};
}

16
hosts/x86builder.nix
View File

@@ -1,16 +0,0 @@
{ config, ... }:
{
nix = {
extraOptions = ''
builders-use-substitutes = true
'';
buildMachines = [{
hostName = "okina";
systems = [ "x86_64-linux" "aarch64-linux" ];
maxJobs = 4;
speedFactor = 2;
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
}];
distributedBuilds = true;
};
}

6
pkgs/customscripts/default.nix
View File

@@ -1,4 +1,8 @@
{ lib, stdenvNoCC, fetchFromGitHub }:
{
lib,
stdenvNoCC,
fetchFromGitHub,
}:
stdenvNoCC.mkDerivation {
name = "customscripts";

11
pkgs/default.nix
View File

@@ -1,4 +1,5 @@
{ self, ... }: {
{ self, ... }:
{
flake = {
overlays = rec {
packages = import ./packages.nix;
@@ -6,7 +7,9 @@
};
};
perSystem = { pkgs, ... }: {
packages = self.overlays.default null pkgs;
};
perSystem =
{ pkgs, ... }:
{
packages = self.overlays.default null pkgs;
};
}

Some files were not shown because too many files have changed in this diff Show More