atagen/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

collate recent changes back to master

Browse source
This commit is contained in:
atagen 2025-06-18 01:16:11 +10:00
commit 92ed39cb83
258 changed files with 5169 additions and 16379 deletions
Download patch file Download diff file Expand all files Collapse all files

171
system/adrift.nix Executable file → Normal file
View file

@ -1,119 +1,98 @@
{ config, lib, pkgs, modulesPath, ... }:
let
flake-compat = builtins.fetchTarball "https://github.com/edolstra/flake-compat/archive/master.tar.gz";
hyprland = (import flake-compat {
src = builtins.fetchTarball "https://github.com/hyprwm/Hyprland/archive/master.tar.gz";
}).defaultNix;
in {
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
imports =
[ hyprland.nixosModules.default ];
nixpkgs.overlays = [
(self: super: {
system76-scheduler = pkgs.callPackage ./syspkgs/system76-scheduler.nix {};
kwin-system76-scheduler-integration = pkgs.libsForQt5.callPackage ./syspkgs/kwin-system76-scheduler-integration.nix {};
})
{
config,
lib,
pkgs,
...
}:
{
imports = [
./configuration.nix
];
nix.settings.trusted-users = [ "plank" ];
programs.nh.flake = "/home/plank/.nix";
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelParams = [
"mitigations=off"
"quiet"
"loglevel=3"
"systemd.show_status=auto"
"rd.udev.log_level=3"
"vt.global_cursor_default=0"
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
boot.kernelModules = [
"iwlwifi"
"kvm-intel"
];
boot.kernelPackages = pkgs.linuxPackages;
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1C5C-8FF4";
fsType = "vfat";
};
swapDevices = [ ];
networking.useDHCP = lib.mkDefault true;
boot.loader.systemd-boot.configurationLimit = 2;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
networking.hostName = "adrift"; # Define your hostname.
services.xserver.videoDrivers = [ "i915" ];
services.power-profiles-daemon.enable = false;
services.tlp.enable = true;
users.users.plank = {
isNormalUser = true;
extraGroups = [ "wheel" ];
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1C5C-8FF4";
fsType = "vfat";
};
fileSystems."/" = {
device = "/dev/mapper/nix-os";
device = "/dev/disk/by-uuid/26389642-cf51-4c58-98e9-1fe491a11bb9";
fsType = "ext4";
};
fileSystems."/home" = {
device = "/dev/mapper/nix-home";
fsType = "ext4";
swapDevices = [
{ device = "/dev/disk/by-uuid/a732641d-1233-45a7-8614-53caed60f11b"; }
];
boot.loader.systemd-boot.configurationLimit = 2;
boot.loader.efi.canTouchEfiVariables = true;
# boot.plymouth.enable = true;
networking.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
services.power-profiles-daemon.enable = false;
services.tlp.enable = true;
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=5";
EDITOR = "hx";
};
environment.systemPackages = with pkgs;
[
wl-clipboard
wl-clipboard-x11
xclip
system76-scheduler
kwin-system76-scheduler-integration
];
programs.hyprland = {
enable = true;
xwayland = {
virtualisation = {
podman = {
enable = true;
hidpi = false;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
};
nvidiaPatches = true;
};
services.xserver.videoDrivers = [ "i915" ];
programs.xwayland.enable = true;
systemd.services."com.system76.Scheduler" = {
wantedBy = [ "multi-user.target" ];
description = "the system76 process scheduler";
serviceConfig = {
Type = "dbus";
ExecStart = ''${pkgs.system76-scheduler}/bin/system76-scheduler daemon'';
ExecReload = ''${pkgs.system76-scheduler}/bin/system76-scheduler daemon reload'';
BusName = "com.system76.Scheduler";
};
};
services.dbus.packages = [
pkgs.kwin-system76-scheduler-integration
pkgs.system76-scheduler
];
systemd.packages = [
pkgs.kwin-system76-scheduler-integration
pkgs.system76-scheduler
];
environment.etc = {
"system76-scheduler".source = "${pkgs.system76-scheduler}/etc/system76-scheduler";
};
xdg.portal = {
enable = true;
wlr = {
enable = true;
};
extraPortals = with pkgs; [
xdg-desktop-portal-kde
xdg-desktop-portal-gtk
extraPortals = [
pkgs.xdg-desktop-portal-gtk
];
};
}
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
wl-clipboard
wl-clipboard-x11
xclip
;
};
networking.hostName = "adrift"; # Define your hostname.
users.users.plank = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
}

13
system/cachix.nix
View file

@ -1,13 +0,0 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:
let
folder = ./cachix;
toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
in {
inherit imports;
nix.settings.substituters = ["https://cache.nixos.org/"];
}

11
system/cachix/cuda-maintainers.nix
View file

@ -1,11 +0,0 @@
{
nix = {
settings.substituters = [
"https://cuda-maintainers.cachix.org"
];
settings.trusted-public-keys = [
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
];
};
}

11
system/cachix/nix-community.nix
View file

@ -1,11 +0,0 @@
{
nix = {
settings.substituters = [
"https://nix-community.cachix.org"
];
settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

213
system/configuration.nix Executable file → Normal file
View file

@ -1,178 +1,85 @@
{ config, pkgs, ... }:
# let
# lemurs = callPackage ./system/syspkgs/lemurs.nix {};
# ly = callPackage ./system/syspkgs/ly.nix {};
# in
{
inputs,
lib,
pkgs,
mainUser,
...
}:
{
imports = [
# where are we ?
#./wollomi.nix
./adrift.nix
# ./quiver.nix
# home manager should exist for users
<home-manager/nixos>
./cachix.nix
# declarative cachix
(import (builtins.fetchTarball "https://github.com/jonascarpay/declarative-cachix/archive/master.tar.gz"))
./modules/network.nix
./modules/term.nix
./modules/bootloader.nix
./modules/sound.nix
./modules/sydney.nix
./modules/docs.nix
./modules/nix-meta.nix
./modules/anal-retentive.nix
./modules/wm.nix
./modules/culr.nix
];
cachix = [
"nix-community"
];
nix.extraOptions = ''
experimental-features = nix-command flakes
keep-outputs = true
keep-derivations = true
'';
hardware.enableRedistributableFirmware = true;
hardware.enableAllFirmware = true;
environment.pathsToLink = [ "/share/zsh" ];
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.consoleMode = "max";
boot.loader.timeout = 3;
boot.tmpOnTmpfs = true;
boot.tmp.useTmpfs = true;
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# services.udev.extraHwdb = ''
# evdev:atkbd:*
# KEYBOARD_KEY_3a=esc
# '';
services.xserver.xkb.options = "caps:swapescape";
# services.xserver.xkb.extraLayouts."swap" = {
# description = "caps swap";
# languages = [ "eng" ];
# symbolsFile = pkgs.writeText "keyboard" ''
# xkb_symbols
# {
# include "us(basic)"
time.timeZone = "Australia/Sydney";
time.hardwareClockInLocalTime = true;
# key <CAPS> {[ Escape ]};
# }
# '';
# };
console.useXkbConfig = true;
services.libinput.enable = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_AU.UTF-8";
i18n.supportedLocales = [ "en_AU.UTF-8/UTF-8" ];
console = {
font = "Lat2-Terminus16";
useXkbConfig = true; # use xkbOptions in tty.
};
nixpkgs.config.allowUnfree = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
#input stuff
services.xserver.enable = true;
services.xserver.xkbOptions = "caps:escape";
services.xserver.layout = "us";
services.xserver.libinput.enable = true;
services.xserver.displayManager.lightdm.enable = false; # gets installed by default..
services.udisks2.enable = true;
services.greetd = {
enable = true;
settings = {
default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet -r -g \"what's good\" --time --sessions ${config.services.xserver.displayManager.sessionData.desktops}/share/wayland-sessions";
user = "greeter";
};
};
};
# services.flatpak.enable = true;
security.polkit.enable = true;
programs.dconf.enable = true;
xdg.autostart.enable = true;
xdg.portal.enable = true;
services.resolved = {
enable = true;
fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ];
dnssec = "false";
};
# services.tailscale.enable = true;
# Enable sound.
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# jack.enable = true;
# TODO - move these to more appropriate places
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
curl
eza
git
;
};
qt.enable = true;
qt.style = "kvantum";
qt.platformTheme = "qt5ct";
programs.nix-index-database.comma.enable = true;
programs.nix-index.enableZshIntegration = false;
programs.nix-index.enableBashIntegration = false;
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
services.tailscale.enable = true;
# gnome/freedesktop compat stuff
programs.dconf.enable = true;
services.gvfs.enable = true;
environment.systemPackages = with pkgs; [
rnix-lsp
# give cpuset to user
systemd.services."user@".serviceConfig.Delegate = "memory pids cpu cpuset";
tailscale
home-manager
cachix
helix
ark
curl
git
zsh
nix-index
comma
];
networking.wg-quick.interfaces = {
mullvad = {
address = [ "10.66.224.186/32" ];
dns = [ "10.64.0.1" ];
privateKey = "WD0CNYazB8D19SJvwz/TdPqoWgWCGfTwA7mim16q7UM=";
peers = [
{
publicKey = "QhE7I5TnUuc3gLqSeF9KhOr0oew5v03bpj0EHrEOR2M=";
allowedIPs = [ "0.0.0.0/0" ];
endpoint = "89.44.10.66:51820";
persistentKeepalive = 25;
}
];
};
};
networking.firewall.enable = true;
networking.firewall = {
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
};
systemd.services.fixNetworkingForTailscale = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" "wg-quick-mullvad.service" ];
description = "fix the damn routing table";
serviceConfig = {
Type = "oneshot";
User = "root";
ExecStart = ''${pkgs.bash}/bin/bash -c 'if [[ "$( ${pkgs.iproute2}/bin/ip rule | grep -e "62:.*52" | wc -l)" -eq 0 ]]; then ${pkgs.iproute2}/bin/ip rule add pref 62 table 52; fi'''';
# ExecStop = ''${pkgs.iproute2}/bin/ip rule del pref 62 table 52'';
};
};
security.pam.services.waylock = {
text =''
auth include login
'';
};
system.stateVersion = "22.05"; # Did you read the comment?
systemd.user.extraConfig = "LogLevel=debug";
system.nixos.tags = [ "fatcock-xxl" ];
}

13
system/docker.nix
View file

@ -1,13 +0,0 @@
{ config, lib, pkgs, ... }:
{
virtualisation.docker.enable = true;
# virtualisation.docker.enableOnBoot = true;
# Nvidia Docker
virtualisation.docker.enableNvidia = true;
# libnvidia-container does not support cgroups v2 (prior to 1.8.0)
# https://github.com/NVIDIA/nvidia-docker/issues/1447
systemd.enableUnifiedCgroupHierarchy = false;
}

40
system/hardware-configuration.nix
View file

@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbcore" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/06f59431-d939-4b48-9d91-e23606dd3ce0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5008-1946";
fsType = "vfat";
};
fileSystems."/data" = {
device = "/dev/sdb1";
fsType = "ntfs";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

29
system/modules/anal-retentive.nix Normal file
View file

@ -0,0 +1,29 @@
{
pkgs,
lib,
...
}:
{
# perlless activations
boot.initrd.systemd.enable = true;
# breaks everything
# system.etc.overlay = {
# enable = lib.mkDefault true;
# mutable = true;
# };
services.userborn.enable = lib.mkDefault true;
# misc perl
system.disableInstallerTools = true;
programs.less.lessopen = null;
programs.command-not-found.enable = false;
boot.enableContainers = false;
boot.loader.grub.enable = false;
environment.defaultPackages = lib.mkDefault [ ];
documentation.info.enable = false;
# no cppnix .. ?
# system.systemBuilderArgs.disallowedRequisites = [pkgs.nix];
nix.package = pkgs.lix;
system.tools.nixos-option.enable = false;
}

41
system/modules/bootloader.nix Normal file
View file

@ -0,0 +1,41 @@
{
rice,
...
}:
{
boot.loader.limine = {
enable = true;
style =
let
pal = rice.palette.shortHex;
in
{
wallpapers = [ rice.bg.image ];
interface = {
brandingColor = 1;
branding = "welcome to quiver";
};
graphicalTerminal =
let
getPal = p: builtins.attrValues p |> builtins.concatStringsSep ";";
in
{
palette = getPal pal.normal;
brightPalette = getPal pal.bright;
marginGradient = 0;
margin = 256;
foreground = pal.util.fg;
background = "20" + pal.util.bg;
brightForeground = pal.bright.yellow;
brightBackground = pal.util.bg;
};
backdrop = pal.util.bg;
};
maxGenerations = 5;
extraEntries = ''
/Windows
protocol: efi
path: boot():/EFI/Microsoft/Boot/bootmgfw.efi
'';
};
}

6
system/modules/culr.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
programs.culr = {
enable = true;
pattern = "rainbow-split";
};
}

13
system/modules/docs.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
man-pages
man-pages-posix
;
};
documentation.dev.enable = true;
documentation.man.enable = true;
documentation.enable = true;
}

22
system/modules/network.nix Normal file
View file

@ -0,0 +1,22 @@
{ ... }:
{
# imports = [
# ./mullvad.nix
# ];
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
systemd.services.NetworkManager-wait-online.enable = true; # for some reason nm doesn't enable without this
services.resolved = {
enable = true;
fallbackDns = [
"103.1.206.179"
"168.138.8.38"
"168.138.12.137"
];
dnssec = "false";
};
services.mullvad-vpn.enable = true;
# systemd.services.mullvad-daemon.environment.TALPID_NET_CLS_MOUNT_DIR = "/opt/net-cls-v1";
networking.firewall = {
checkReversePath = "loose";
};
}

63
system/modules/nix-meta.nix Normal file
View file

@ -0,0 +1,63 @@
{
pkgs,
lib,
inputs,
mainUser,
...
}:
{
# these settings propagate to home-manager's nixpkgs
nixpkgs = {
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
cudaSupport = true;
};
};
nix = {
# add flake inputs to our registry to allow global use
registry = lib.mapAttrs (_: value: { flake = value; }) inputs;
settings = {
# trusted-users = ["bolt" "plank"];
experimental-features = [
"nix-command"
"flakes"
"pipe-operator"
];
substitute = true;
};
extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
optimise.automatic = true;
# package = pkgs.lix;
};
# services.smooooth = {
# enable = true;
# path = "/home/${mainUser}/.nix";
# blockers = [
# "hx"
# {
# nix = "die";
# }
# ];
# nixPackage = pkgs.lix;
# };
programs.meat = {
enable = true;
flake = "/home/${mainUser}/.nix";
};
environment.systemPackages = builtins.attrValues {
inherit (pkgs)
home-manager
cachix
nixfmt-rfc-style
;
inherit (inputs.nil.packages.${pkgs.system}) nil;
};
}

9
system/modules/sound.nix Normal file
View file

@ -0,0 +1,9 @@
_: {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

6
system/modules/sydney.nix Normal file
View file

@ -0,0 +1,6 @@
_: {
time.timeZone = "Australia/Sydney";
time.hardwareClockInLocalTime = false;
i18n.defaultLocale = "en_AU.UTF-8";
i18n.supportedLocales = [ "en_AU.UTF-8/UTF-8" ];
}

21
system/modules/term.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, ... }:
let
inherit (pkgs) fish;
in
{
programs.fish = {
enable = true;
};
programs.zoxide = {
enable = true;
enableFishIntegration = true;
};
environment.systemPackages = [
fish
];
environment.shells = [ fish ];
users.defaultUserShell = fish;
console = {
font = "Lat2-Terminus16";
};
}

27
system/modules/wm.nix Normal file
View file

@ -0,0 +1,27 @@
{
pkgs,
mainUser,
inputs,
...
}:
{
services.greetd = {
enable = true;
restart = false;
settings =
let
session = {
command = "niri-session";
user = "${mainUser}";
};
in
{
default_session = session;
initial_session = session;
};
};
programs.niri = {
enable = true;
package = inputs.niri.packages.${pkgs.system}.niri-unstable;
};
}

309
system/quiver.nix Executable file → Normal file
View file

@ -1,30 +1,86 @@
{ config, lib, pkgs, modulesPath, ... }:
let
flake-compat = builtins.fetchTarball "https://github.com/edolstra/flake-compat/archive/master.tar.gz";
hyprland = (import flake-compat {
src = builtins.fetchTarball "https://github.com/hyprwm/Hyprland/archive/master.tar.gz";
}).defaultNix;
in {
nixpkgs.overlays = [
(self: super: {
system76-scheduler = pkgs.callPackage ./syspkgs/system76-scheduler.nix {};
kwin-system76-scheduler-integration = pkgs.libsForQt5.callPackage ./syspkgs/kwin-system76-scheduler-integration.nix {};
})
{
config,
lib,
pkgs,
inputs,
rice,
...
}:
{
imports = [
./configuration.nix
];
nix.settings = {
substituters = [ "https://hyprland.cachix.org" ];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
services.ollama = {
enable = true;
user = "ollama";
};
imports =
[ hyprland.nixosModules.default ];
system.stateVersion = "22.11"; # Did you read the comment?
environment.sessionVariables = rec {
WLR_NO_HARDWARE_CURSORS = "1";
networking.hostName = "quiver";
users.users.bolt = {
isNormalUser = true;
extraGroups = [
"wheel"
"podman"
];
};
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbcore"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.initrd.verbose = false;
boot.kernelModules = [
"kvm-amd"
"i2c-dev"
];
boot.consoleLogLevel = 0;
boot.kernelParams = [
"mitigations=off"
"preempt=full"
"quiet"
"loglevel=3"
"systemd.show_status=off"
"rd.udev.log_level=3"
"vt.global_cursor_default=0"
];
services.scx = {
enable = true;
scheduler = "scx_bpfland";
};
boot.kernelPackages = pkgs.linuxPackages_cachyos;
boot.supportedFilesystems = {
ntfs = true;
btrfs = true;
};
boot.loader.efi.canTouchEfiVariables = true;
# boot.plymouth = {
# enable = true;
# inherit (rice.plymouth) theme themePackages font;
# };
security.tpm2.enable = true;
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = true;
environment.pathsToLink = [
"/share/xdg-desktop-portal"
"/share/applications"
];
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
# ZSH_AUTOSUGGEST_HIGHLIGHT_STYLE = "fg=5";
GBM_BACKEND = "nvidia-drm";
NVD_BACKEND = "direct";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
@ -34,157 +90,112 @@ in {
EDITOR = "hx";
};
boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbcore" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "i2c-dev" ];
boot.extraModulePackages = [ ];
boot.kernelParams = [ "nvidia_drm.modeset=1" "mitigations=off" "acpi_enforce_resources=lax" "preempt=full" ];
boot.loader.efi.canTouchEfiVariables = true;
# boot.plymouth.enable = true;
boot.supportedFilesystems = [ "ntfs" ];
security.tpm2.enable = true;
boot.loader.systemd-boot.configurationLimit = 5;
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
nix.settings.trusted-users = [ "bolt" ];
virtualisation.oci-containers.backend = "podman";
hardware.nvidia-container-toolkit.enable = true;
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
defaultNetwork.settings.dns_enabled = true;
};
};
services.minidlna = {
enable = true;
settings = {
notify_interval = 120;
friendly_name = "PC";
media_dir = [ "A,/data/Music/Slsk" ];
};
};
programs.hyprland = {
enable = true;
xwayland = {
enable = true;
hidpi = false;
};
nvidiaPatches = true;
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.beta;
hardware.nvidia.modesetting.enable = true;
hardware.nvidia.powerManagement.enable = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.latest;
modesetting.enable = true;
powerManagement.enable = true;
nvidiaPersistenced = true;
open = false;
};
programs.xwayland.enable = true;
systemd.services.no-rgb = {
wantedBy = [ "multi-user.target" ];
description = "rgb led turn-off-er";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.openrgb}/bin/openrgb -d "HyperX Fury RGB" -m static -c 000000'';
};
};
systemd.services."com.system76.Scheduler" = {
wantedBy = [ "multi-user.target" ];
description = "the system76 process scheduler";
serviceConfig = {
Type = "dbus";
ExecStart = ''${pkgs.system76-scheduler}/bin/system76-scheduler daemon'';
ExecReload = ''${pkgs.system76-scheduler}/bin/system76-scheduler daemon reload'';
BusName = "com.system76.Scheduler";
};
};
# openrgb no longer recognises the device?
# systemd.services.no-rgb = {
# wantedBy = ["multi-user.target"];
# description = "rgb led turn-off-er";
# serviceConfig = {
# Type = "oneshot";
# ExecStart = ''${pkgs.openrgb}/bin/openrgb -d "HyperX DRAM" -m static -c 000000'';
# After = ["openrgb"];
# };
# };
services.dbus.packages = [
pkgs.kwin-system76-scheduler-integration
pkgs.system76-scheduler
];
# services.hardware.openrgb = {
# enable = true;
# motherboard = "amd";
# };
systemd.packages = [
pkgs.kwin-system76-scheduler-integration
pkgs.system76-scheduler
];
environment.etc = {
"system76-scheduler".source = "${pkgs.system76-scheduler}/etc/system76-scheduler";
};
services.hardware.openrgb = {
enable = true;
motherboard = "amd";
};
hardware.ckb-next.enable = true;
xdg.portal = {
enable = true;
wlr = {
enable = true;
# settings = {
# screencast = {
# output_name = "DP-1";
# max_fps = 60;
# chooser_type = "simple";
# chooser_nvidia = "${pkgs.slurp}/bin/slurp -f %o -or";
# };
# };
};
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
hardware.ckb-next.enable = true;
environment.systemPackages =
builtins.attrValues {
inherit (pkgs)
wl-clipboard
wl-clipboard-x11
xclip
;
inherit (pkgs.kdePackages) qtbase qtdeclarative;
}
++ [
(inputs.quickshell.packages.${pkgs.system}.default.override {
withHyprland = false;
withI3 = false;
})
];
};
environment.systemPackages = with pkgs;
[
ckb-next
openrgb
wl-clipboard
wl-clipboard-x11
xclip
system76-scheduler
kwin-system76-scheduler-integration
];
networking.hostName = "quiver"; # Define your hostname.
users.users.bolt = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
programs.fuse.userAllowOther = true;
services.libinput.mouse = {
accelProfile = "flat";
accelSpeed = 0.0;
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d227445f-6120-4768-8e1b-011f097505c1";
fsType = "ext4";
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/b993b463-c131-4ef1-9aba-0e3eadaa2f9a";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/6B75-AF9F";
"/boot" = {
device = "/dev/disk/by-uuid/6B75-AF9F";
fsType = "vfat";
};
fileSystems."/data" = {
device = "/dev/disk/by-uuid/39D4F78C658E8B56";
fsType = "ntfs";
options = [ "rw" "uid=1001" "gid=100" ];
"/data" = {
device = "/dev/disk/by-uuid/39D4F78C658E8B56";
fsType = "ntfs";
options = [
"rw"
"uid=1000"
"gid=100"
];
};
};
# swapDevices = [ {
# device = "/dev/disk/by-uuid/7fde28ec-80f9-4228-8597-c3a57bfbf619";
# size = 4096;
# }
# ];
swapDevices = [
{ device = "/dev/disk/by-uuid/9c006925-e0e9-4165-bc0c-508ae2d1bfce"; }
];
# networking.nftables.enable = true;
networking.firewall = {
allowedUDPPorts = [ 1900 ];
allowedTCPPorts = [ 8200 2234 ];
# allowedUDPPorts = [1900];
# allowedTCPPorts = [8200 2234];
allowedTCPPorts = [ 2234 ];
};
services.open-webui = {
package = inputs.nixpkgs-stable.legacyPackages.x86_64-linux.open-webui;
enable = true;
port = 8088;
environment = {
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
ANONYMIZED_TELEMETRY = "False";
WEBUI_AUTH = "False";
DATABASE_URL = "sqlite:///${config.services.open-webui.stateDir}/newdb.db";
};
};
# for quickshell
qt.enable = true;
}

361
system/servers/atagen-vps/reflector.nix Normal file
View file

@ -0,0 +1,361 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
...
}:
let
wekan-compose = pkgs.fetchurl {
url = "https://github.com/wekan/wekan/raw/v6.68/docker-compose.yml";
sha256 = "sha256-gLZ8bZZ8ZMo1NGz3ooIgXRH6JuMoEMp+to7lfqAvc6E=";
};
# wekan-private = pkgs.runCommand "wekan-private" {} ''
# cp ${wekan-compose} $out
# sed -i '/localtime/d' $out
# sed -i '/timezone/d' $out
# sed -i 's/80:8080/7897:8080/g' $out
# sed -i 's/ROOT_URL=.*/ROOT_URL=https:\/\/reflector\.beam\/kanban\//' $out
# '';
wekan-rhizome = pkgs.runCommand "wekan-rhizome" { } ''
cp ${wekan-compose} $out
sed -i '/localtime/d' $out
sed -i '/timezone/d' $out
sed -i 's/80:8080/7897:8080/g' $out
sed -i 's/ROOT_URL=.*/ROOT_URL=https:\/\/board\.rhizome\.tf\//' $out
'';
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# ./cachix.nix
# (import (builtins.fetchTarball "https://github.com/jonascarpay/declarative-cachix/archive/master.tar.gz"))
];
# cachix = [
# "nix-community"
# ];
nix.settings.experimental-features = [
"flakes"
"nix-command"
];
# systemd.services.NetworkManager-wait-online.enable = false;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
networking.hostName = "reflector"; # Define your hostname.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Australia/Sydney";
# Define a user account. Don't forget to set a password with passwd.
users.users.sunshine = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ ];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSQC8VgKLzoU5BSynJJuC8BFqAEN8JlSIzsZ2Vg9rfXHM7T4vbWtnxSCSbNw3CEnZCfrdDQTeRum7Uq+gvrcHWd9Aj+rVmubTdud70ybW7T7SlGv3b5TYBhMNbrAz0JIJjLnFMy3/pWids1v6mKW3i7k6Kbq8fSt7jva5Yg5x1jtkUUwvjSZjPg/E/Zl0hAcnx8fWe4foFTcYYsUbfEpp6bxdN2QuVmb17UKnLrMz6JTj88Jd2uYZkeKxGOwk+uwrd0WArY8JIiRi1NcPA3I42aAQfZKxCUY/xmVyRlF+l6K8caD4CZlysms9aXQzBhmPPDIY87AwyRlVK5JsRbaMEBMsffX2xk8DdV+2+9RbztgeXOoYk7WjJX1/+WcxY3RGn8QsUfrGALmrQTRGXgYRbtM/ZJq1m9aP6IvVQeKE1NOpKguXpmokB7JsyKPcWk/PCMVYyXM/qYspc6hRPJgGWiJsayj7myO6X5Ssl9uQnHpNNyrQNY+cx3/boBu2J1sM= bolt@quiver"
];
};
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
helix
ripgrep
fd
curl
cachix
headscale
comma
woodpecker-agent
woodpecker-server
# podman
# podman-compose
# shadow
dufs
];
virtualisation = {
docker.enable = true;
# podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.dnsname.enable = true;
# };
};
# services.resolved = {
# enable = true;
# fallbackDns = [ "103.1.206.179" "168.138.8.38" "168.138.12.137" ];
# dnssec = "false";
# };
services.fail2ban.enable = true;
services.tailscale.enable = true;
services.headscale = {
enable = true;
serverUrl = "https://net.atagen.co";
dns = {
nameservers = [
"103.1.206.179"
"168.138.8.38"
"168.138.12.137"
];
magicDns = true;
};
};
services.syncthing = {
enable = true;
extraOptions = {
gui = {
insecureSkipHostcheck = true;
};
};
};
services.gitea = {
enable = true;
appName = "atagen gitea";
domain = "git.atagen.co";
httpPort = 3033;
settings.server = {
START_SSH_SERVER = true;
SSH_PORT = 6660;
SSH_DOMAIN = "git.atagen.co";
DISABLE_SSH = false;
};
rootUrl = "https://git.atagen.co";
settings.service.DISABLE_REGISTRATION = true;
settings.webhook.ALLOWED_HOST_LIST = "external,loopback";
};
users.users.ci = {
isSystemUser = true;
createHome = true;
group = "ci";
extraGroups = [
"docker"
"wheel"
];
};
users.groups.ci = { };
users.users.ci-agent = {
isSystemUser = true;
createHome = true;
group = "ci";
extraGroups = [
"docker"
"wheel"
];
};
users.groups.ci = { };
users.users.dufs = {
isSystemUser = true;
createHome = true;
group = "dufs";
};
users.groups.dufs = { };
systemd.services.woodpecker-server = {
wantedBy = [ "multi-user.target" ];
description = "woodpecker CI/CD server";
serviceConfig = {
Environment = [
"WOODPECKER_OPEN=true"
"WOODPECKER_ADMIN=atagen"
"WOODPECKER_REPO_OWNERS=rhizome"
"WOODPECKER_HOST=https://ci.atagen.co"
"WOODPECKER_GITEA=true"
"WOODPECKER_GITEA_URL=https://git.atagen.co"
"WOODPECKER_GITEA_CLIENT=1418f1d9-e2ce-4e8f-b8b2-7cf714baa07e"
"WOODPECKER_GITEA_SECRET=gto_chpk65trvfbnrqs4cog62kn7sgmvpizg5wbr4zknb54o4gxlssba"
"WOODPECKER_GITEA_SKIP_VERIFY=true"
"WOODPECKER_AGENT_SECRET=71a0ac7d617aef46fb93811c6e2a300e041a324727df12b4805d5f4e9e1f3326"
"WOODPECKER_DATABASE_DATASOURCE=/var/lib/woodpecker/woodpecker.sqlite"
];
Restart = "always";
ExecStart = "${pkgs.woodpecker-server}/bin/woodpecker-server";
User = "ci";
Group = "ci";
};
};
systemd.services.woodpecker-agent = {
wantedBy = [ "multi-user.target" ];
description = "woodpecker CI/CD agent";
serviceConfig = {
Environment = [
"WOODPECKER_SERVER=localhost:9000"
"WOODPECKER_AGENT_SECRET=71a0ac7d617aef46fb93811c6e2a300e041a324727df12b4805d5f4e9e1f3326"
];
Restart = "always";
ExecStart = "${pkgs.woodpecker-agent}/bin/woodpecker-agent";
User = "ci-agent";
};
};
# systemd.services.wekan-private = {
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" "docker.service" ];
# requires = [ "docker.service" ];
# description = "wekan kanban board";
# serviceConfig = {
# Restart = "always";
# User = "root";
# ExecStart = "${pkgs.docker}/bin/docker compose -f ${wekan-private} up";
# ExecStop = "${pkgs.docker}/bin/docker compose -f ${wekan-private} down";
# };
# };
systemd.services.wekan-rhizome = {
wantedBy = [ "multi-user.target" ];
after = [
"network.target"
"docker.service"
];
requires = [ "docker.service" ];
description = "wekan kanban board for rhizomers";
serviceConfig = {
Restart = "always";
User = "root";
ExecStart = "${pkgs.docker}/bin/docker compose -f ${wekan-rhizome} up";
ExecStop = "${pkgs.docker}/bin/docker compose -f ${wekan-rhizome} down";
};
};
systemd.services.dufs = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
description = "dufs webdav server";
serviceConfig = {
User = "dufs";
Restart = "always";
ExecStart = "${pkgs.dufs}/bin/dufs -b 127.0.0.1 -p 8083 /home/dufs/files";
};
};
# systemd.services.foswiki = {
# wantedBy = [ "multi-user.target" ];
# after = [ "network.target" "docker.service" ];
# requires = [ "docker.service" ];
# description = "foswiki wiki site";
# serviceConfig = {
# Restart = "always";
# User = "root";
# ExecStart = "${pkgs.docker}/bin/docker compose -f ${foswiki-compose} up";
# ExecStop = "${pkgs.docker}/bin/docker compose -f ${foswiki-compose} down";
# };
# };
services.caddy = {
enable = true;
virtualHosts = {
"atagen.co" = {
serverAliases = [ "www.atagen.co" ];
extraConfig = ''
respond "i live.. again"
'';
};
"iced-rs.info".extraConfig = ''
reverse_proxy http://127.0.0.1:8765
'';
"ci.atagen.co".extraConfig = ''
reverse_proxy http://127.0.0.1:8000
'';
# "ci.rhizome.tf".extraConfig = ''
# reverse_proxy http://127.0.0.1:8000
# '';
"git.atagen.co".extraConfig = ''
reverse_proxy http://127.0.0.1:3033
'';
# "git.rhizome.tf".extraConfig = ''
# reverse_proxy http://127.0.0.1:3033
# '';
"board.rhizome.tf".extraConfig = ''
reverse_proxy http://127.0.0.1:7897
'';
"net.atagen.co".extraConfig = ''
reverse_proxy http://127.0.0.1:8080
'';
"reflector.beam".extraConfig = ''
tls /etc/selfsigned/cert.pem /etc/selfsigned/key.pem
route /sync/* {
uri strip_prefix /sync
reverse_proxy http://127.0.0.1:8384
}
route /philez/* {
uri strip_prefix /philez
reverse_proxy http://127.0.0.1:8083
}
'';
};
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = "no";
};
networking.firewall = {
enable = true;
trustedInterfaces = [ "tailscale0" ];
checkReversePath = "loose";
allowedTCPPorts = [
80
443
6660
];
allowedUDPPorts = [
80
443
41641
6660
];
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}

295
system/servers/rhizome-vps/configuration.nix Normal file
View file

@ -0,0 +1,295 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{
pkgs,
lib,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
environment.pathsToLink = [ "/share/zsh" ];
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
users.users.felix = {
isSystemUser = true;
group = "www";
extraGroups = [ "docker" ];
};
users.users.spore = {
isSystemUser = true;
home = "/home/spore";
createHome = true;
useDefaultShell = true;
group = "www";
extraGroups = [ "docker" ];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL9VRcCnmjCyV7DpCm8ir3+xPTbyMDBJhgSkhpmdFL5d spore@server.rhizome.tf"
];
};
users.groups.www = {
members = [
"acme"
"felix"
"spore"
];
};
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only
networking.hostName = "filament"; # Define your hostname.
time.timeZone = "Australia/Sydney";
i18n.defaultLocale = "en_AU.UTF-8";
users.users.rhizome = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSQC8VgKLzoU5BSynJJuC8BFqAEN8JlSIzsZ2Vg9rfXHM7T4vbWtnxSCSbNw3CEnZCfrdDQTeRum7Uq+gvrcHWd9Aj+rVmubTdud70ybW7T7SlGv3b5TYBhMNbrAz0JIJjLnFMy3/pWids1v6mKW3i7k6Kbq8fSt7jva5Yg5x1jtkUUwvjSZjPg/E/Zl0hAcnx8fWe4foFTcYYsUbfEpp6bxdN2QuVmb17UKnLrMz6JTj88Jd2uYZkeKxGOwk+uwrd0WArY8JIiRi1NcPA3I42aAQfZKxCUY/xmVyRlF+l6K8caD4CZlysms9aXQzBhmPPDIY87AwyRlVK5JsRbaMEBMsffX2xk8DdV+2+9RbztgeXOoYk7WjJX1/+WcxY3RGn8QsUfrGALmrQTRGXgYRbtM/ZJq1m9aP6IvVQeKE1NOpKguXpmokB7JsyKPcWk/PCMVYyXM/qYspc6hRPJgGWiJsayj7myO6X5Ssl9uQnHpNNyrQNY+cx3/boBu2J1sM= bolt@quiver"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDW/YjnlHiEf2bV0RapVl+jWEtsNYrbXsaJJhXUkAaf61rsTZ2jpda7FmOVGjyJiOkTNYANoT83YhGxvKt3Ukcx5xG0JhcrilEGKfOR43/QLlXetCh4aFed//CXYNQo8obDovx9A8YamzfZWJo0nhshEAt1aDvNGlyPgHZI3r5vYNB6OpMlaSnr873i5hp6S9dxURoF0FjpdZwTWk5DiYUoZCezs6TfG6PzHbSsB88o4AUNZ6O+h1KD0lITSXH/v/M1zG8fkUzfZHFQoZ6VaIMhIVwLmbybvyb630IIfhx6KUoCWzCRlKBjVOGsQ1xZWEnjPgHB6atX5eNc/L8/bdyZOJ4aE2wSdVNMyriYuiyc3t/RwSvcRpfmzaxWUImDpjH3mxCrDymrZIQQTrNuC6o5O3mz3NCZRcFUZmuZXeYphyrzuNgAfsvHKMd8Fu+PdddSPCHkgYEIRuGD4flaujM8eUHZYqKkpmmiMwKk6jupBscN+1uwBqGQbaR0InXR+4c= custard"
];
};
users.users.ci = {
isSystemUser = true;
createHome = true;
group = "ci";
extraGroups = [ "docker" ];
};
users.users.ci-agent = {
isSystemUser = true;
createHome = true;
group = "ci";
extraGroups = [ "docker" ];
};
users.groups.ci = { };
virtualisation = {
docker.enable = true;
# podman = {
# enable = true;
# dockerCompat = true;
# defaultNetwork.settings.dns_enabled = true;
# };
};
services.fail2ban.enable = true;
services.redis.servers."".enable = true;
services.gitea = {
enable = true;
appName = "rhizome gitea";
domain = "git.rhizome.tf";
httpPort = 3036;
settings.server = {
START_SSH_SERVER = true;
SSH_PORT = 6660;
SSH_DOMAIN = "git.rhizome.tf";
DISABLE_SSH = false;
};
rootUrl = "https://git.rhizome.tf";
settings.service.DISABLE_REGISTRATION = true;
settings.webhook.ALLOWED_HOST_LIST = "external,loopback";
};
# systemd.services.spore = {
# wantedBy = [ "multi-user.target" ];
# description = "Spore Deployment Tool";
# serviceConfig = {
# User = "spore";
# Restart = "on-failure";
# ExecStart = "${lib.getExe pkgs.spore}";
# };
# };
systemd.services.grab-keys = {
description = "Server Key Grabber";
serviceConfig = {
Type = "oneshot";
User = "spore";
Restart = "on-failure";
ExecStart = "${pkgs.openssh}/bin/scp spore@server.rhizome.tf:/etc/letsencrypt/live/server.rhizome.tf/cert.pem /var/www/server.pem";
};
};
systemd.timers.grab-keys = {
description = "Server Key Grabber";
timerConfig = {
Persistent = "yes";
OnCalendar = "daily";
Unit = "grab-keys.service";
};
};
systemd.services.woodpecker-server = {
wantedBy = [ "multi-user.target" ];
description = "woodpecker CI/CD server";
serviceConfig = {
Environment = [
"WOODPECKER_OPEN=true"
"WOODPECKER_ADMIN=dbx"
"WOODPECKER_REPO_OWNERS=rhizome"
"WOODPECKER_HOST=https://ci.rhizome.tf"
"WOODPECKER_GITEA=true"
"WOODPECKER_GITEA_URL=https://git.rhizome.tf"
"WOODPECKER_GITEA_CLIENT=86bb265b-8914-4abd-a3eb-f843fabbd79d"
"WOODPECKER_GITEA_SECRET=gto_474i24aku3vda6wjbumdgfdcjdllclecfplfb4wsz2ibkemhdrwq"
"WOODPECKER_GITEA_SKIP_VERIFY=true"
"WOODPECKER_AGENT_SECRET=71a0ac7d617aef46fb93811c6e2a300e041a324727df12b4805d5f4e9e1f3326"
"WOODPECKER_DATABASE_DATASOURCE=/var/lib/woodpecker/woodpecker.sqlite"
];
Restart = "on-failure";
ExecStart = "${lib.getExe pkgs.woodpecker-server}";
User = "ci";
Group = "ci";
};
};
systemd.services.woodpecker-agent = {
wantedBy = [ "multi-user.target" ];
description = "woodpecker CI/CD agent";
serviceConfig = {
Environment = [
"WOODPECKER_AGENT_SECRET=71a0ac7d617aef46fb93811c6e2a300e041a324727df12b4805d5f4e9e1f3326"
];
Restart = "always";
ExecStart = "${lib.getExe pkgs.woodpecker-agent}";
User = "ci-agent";
Group = "ci";
};
};
systemd.services.felix = {
wantedBy = [ "multi-user.target" ];
description = "gilles on testing";
serviceConfig = {
ExecStart = ''${lib.getExe pkgs.docker} run --network host -v /var/lib/acme/rhizome.tf:/var/lib/acme/rhizome.tf --env-file /var/www/felix_env git.rhizome.tf/rhizome/gilles:latest'';
Group = "www";
User = "felix";
Restart = "always";
};
};
services.caddy = {
enable = true;
virtualHosts = {
"rhizome.tf".extraConfig = ''
route /.well-known/acme-challenge/* {
root * /var/www/acme-challenge
file_server
}
root * /var/www/rhizome.tf
file_server
handle_errors {
@404 {
expression {http.error.status_code} == 404
}
rewrite @404 /404.html
file_server
}
'';
"git.rhizome.tf".extraConfig = ''
reverse_proxy http://localhost:3036
'';
"ci.rhizome.tf".extraConfig = ''
reverse_proxy http://localhost:8000
'';
};
group = "www";
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
kitty
helix
ripgrep
fd
exa
bat
nix-index
comma
alejandra
curl
cachix
git
man-pages
man-pages-posix
rnix-lsp
zellij
zoxide
fzf
btop
];
documentation.dev.enable = true;
documentation.man.enable = true;
documentation.enable = true;
programs.nix-index-database.comma.enable = true;
programs.nix-index.enableZshIntegration = false;
programs.nix-index.enableBashIntegration = false;
services.openssh = {
enable = true;
passwordAuthentication = false;
kbdInteractiveAuthentication = false;
permitRootLogin = "no";
};
networking.firewall.allowedTCPPorts = [
22
80
443
5539
5559
6660
];
networking.firewall.allowedUDPPorts = [
443
6660
];
security.acme = {
acceptTerms = true;
defaults.email = "admin@rhizome.tf";
defaults.group = "www";
certs."rhizome.tf" = {
webroot = "/var/www/acme-challenge";
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
system.activationScripts = {
acls.text = ''
${pkgs.acl}/bin/setfacl -Rm spore:rx /var/lib/acme/rhizome.tf
'';
};
}

53
system/servers/rhizome-vps/flake.nix Normal file
View file

@ -0,0 +1,53 @@
{
description = "rhizome dev server";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05";
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
flake-utils.url = "github:numtide/flake-utils";
home-manager = {
url = "github:nix-community/home-manager/release-23.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
home-manager,
nix-index-database,
...
}@inputs:
let
inherit (self) outputs;
in
rec {
nixosConfigurations = {
"filament" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs outputs; };
modules = [
./configuration.nix
nix-index-database.nixosModules.nix-index
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = { inherit inputs outputs; };
home-manager.users.rhizome.imports = [ ./rhizome.nix ];
} # hm
]; # modules
}; # filament
};
}; # rec
}

38
system/servers/rhizome-vps/hardware-configuration.nix Normal file
View file

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
lib,
...
}:
{
imports = [ ];
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"sr_mod"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/f4889546-f71c-4e3c-ab47-e183a72dc52e";
fsType = "ext4";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
virtualisation.hypervGuest.enable = true;
}

127
system/servers/rhizome-vps/rhizome.nix Normal file
View file

@ -0,0 +1,127 @@
{
pkgs,
...
}:
{
home.packages = with pkgs; [
lazygit
alejandra
];
home = {
username = "rhizome";
homeDirectory = "/home/rhizome";
};
programs.direnv = {
enable = true;
nix-direnv = {
enable = true;
};
};
programs.git = {
enable = true;
userName = "rhizome";
userEmail = "filament@rhizome.tf";
};
programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.helix = {
enable = true;
settings = {
theme = "base16_terminal";
editor.lsp.display-messages = true;
};
};
programs.zsh = {
enable = true;
enableAutosuggestions = true;
enableCompletion = true;
enableSyntaxHighlighting = true;
enableVteIntegration = true;
autocd = true;
defaultKeymap = "viins";
initExtra = ''
[[ ! -f ~/.p10k.zsh ]] || source ~/.p10k.zsh
alias ...='cd ../..'
alias ....='cd ../../..'
alias .....='cd ../../../..'
alias chmox='chmod +x'
alias gs='git status'
alias gcl='git clone'
alias ga='git add'
alias gcb='git checkout -b'
alias gco='git checkout'
alias gl='git pull'
alias gp='git push'
alias gd='git diff'
alias gcam='git commit -am'
alias gcm='git commit -m'
alias gr='git restore'
alias gm='git merge'
alias l='exa -lh --group-directories-first --icons --color=always'
alias la='exa -lha --group-directories-first --icons --color=always'
eval "$(zoxide init zsh)"
'';
plugins = [
{
name = "powerlevel10k";
src = pkgs.zsh-powerlevel10k;
file = "share/zsh-powerlevel10k/powerlevel10k.zsh-theme";
}
{
name = "zsh-vi-mode";
src = pkgs.zsh-vi-mode;
file = "share/zsh-vi-mode/zsh-vi-mode.zsh";
}
{
name = "zsh-autopair";
src = pkgs.zsh-autopair;
file = "share/zsh-autopair/zsh-autopair.zsh";
}
{
name = "zsh-completions";
src = pkgs.zsh-completions;
file = "share/zsh-completions/zsh-completions.zsh";
}
{
name = "zsh-command-time";
src = pkgs.zsh-command-time;
file = "share/zsh-completions/zsh-command-time.zsh";
}
{
name = "zsh-autocomplete";
src = pkgs.zsh-autocomplete;
file = "share/zsh-autocomplete/zsh-autocomplete.zsh";
}
{
name = "zsh-fast-syntax-highlighting";
src = pkgs.zsh-fast-syntax-highlighting;
file = "share/zsh-fast-syntax-highlighting/zsh-fast-syntax-highlighting.zsh";
}
{
name = "zsh-nix-shell";
src = pkgs.zsh-nix-shell;
file = "share/zsh-nix-shell/zsh-nix-shell.zsh";
}
{
name = "any-nix-shell";
src = pkgs.any-nix-shell;
file = "share/any-nix-shell/any-nix-shell.zsh";
}
{
name = "nix-zsh-completions";
src = pkgs.nix-zsh-completions;
file = "share/nix-zsh-completions/nix-zsh-completions.zsh";
}
];
};
home.stateVersion = "23.05";
}

21
system/substituters.nix Normal file
View file

@ -0,0 +1,21 @@
{
...
}:
{
nix.settings = {
substituters = [
"https://cache.nixos.org"
"https://nix-community.cachix.org"
"https://helix.cachix.org"
"https://walker-git.cachix.org"
"https://anmonteiro.nix-cache.workers.dev"
];
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"helix.cachix.org-1:ejp9KQpR1FBI2onstMQ34yogDm4OgU2ru6lIwPvuCVs="
"walker-git.cachix.org-1:vmC0ocfPWh0S/vRAQGtChuiZBTAe4wiKDeyyXM0/7pM="
"ocaml.nix-cache.com-1:/xI2h2+56rwFfKyyFVbkJSeGqSIYMC/Je+7XXqGKDIY="
];
};
}

23
system/syspkgs/headscale-ui.nix
View file

@ -1,23 +0,0 @@
{ lib, stdenv, fetchurl, unzip }:
stdenv.mkDerivation rec {
pname = "headscale-ui";
version = "2022.12.23.2-beta";
src = fetchurl {
url = "https://github.com/gurucomputing/headscale-ui/releases/download/${version}/headscale-ui.zip";
sha256 = "sha256-QF10la68Rl2t0K53CH63Qiq54ynkySQACdELorZF/cY=";
};
nativeBuildInputs = [ unzip ];
unpackCmd = "unzip headscale-ui.zip";
dontConfigure = true;
dontBuild = true;
installPhase = ''
mkdir $out/
cp -R . $out
'';
}

13
system/syspkgs/hyprland-system76-scheduler-hook.sh
View file

@ -1,13 +0,0 @@
#!/usr/bin/env bash
socat - UNIX-CONNECT:/tmp/hypr/$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock |
while read line
do
if [[ "$line" == activewindow* ]]; then
pid="$(hyprctl activewindow | rg pid | cut -d' ' -f2)"
if [[ -n $pid ]]; then
dbus-send --system --dest=com.system76.Scheduler --type=method_call /com/system76/Scheduler com.system76.Scheduler.SetForegroundProcess uint32:$pid
fi
pid=""
fi
done

47
system/syspkgs/hyprland-system76-scheduler-integration.nix
View file

@ -1,47 +0,0 @@
{ lib, pkgs, stdenv, hyprland, ripgrep, socat, dbus, ... }:
stdenv.mkDerivation rec {
pname = "hyprland-system76-scheduler-integration";
version = "0.1.0";
nativeBuildInputs = [
socat
dbus
hyprland
ripgrep
];
dontUnpack = "true";
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
cat <<EOF > $out/bin/hyprland-system76-scheduler-hook.sh
#!${pkgs.bash}/bin/bash
echo "opening socket.."
${pkgs.socat}/bin/socat -u UNIX-CLIENT:/tmp/hypr/\''$HYPRLAND_INSTANCE_SIGNATURE/.socket2.sock STDOUT |
while read line; do
if [[ "\''$line" == activewindow* ]]; then
echo "got \''$line."
pid="\''$(${pkgs.hyprland}/bin/hyprctl activewindow | ${pkgs.ripgrep}/bin/rg pid | ${pkgs.coreutils}/bin/cut -d' ' -f2)"
if [[ -n \''$pid ]]; then
echo "sending \''$pid!"
${pkgs.dbus}/bin/dbus-send --system --dest=com.system76.Scheduler --type=method_call /com/system76/Scheduler com.system76.Scheduler.SetForegroundProcess uint32:\''$pid
fi
pid=""
fi
echo "continuing.."
done
echo "finished."
EOF
chmod +x $out/bin/hyprland-system76-scheduler-hook.sh
runHook postInstall
'';
}

54
system/syspkgs/kwin-system76-scheduler-integration.nix
View file

@ -1,54 +0,0 @@
{ lib, pkgs, stdenv, fetchFromGitHub, dbus, qt5, qtbase, wrapQtAppsHook, kpackage, kcoreaddons, ... }:
stdenv.mkDerivation rec {
pname = "kwin-system76-scheduler-integration";
version = "0.1";
src = fetchFromGitHub {
owner = "maxiberta";
repo = pname;
rev = version;
sha256 = "sha256-HX0nK1p97kqt+ZZuECm7Mg9aAXaFDnsJDkbcLUEU+p0=";
};
nativeBuildInputs = [
wrapQtAppsHook
kpackage
];
buildInputs = [
dbus
qt5.qttools.bin
];
dontBuild = true;
installPhase = ''
runHook preInstall
mkdir -p $out/bin
kpackagetool5 --type=KWin/Script -i . -p $out/share/kwin/scripts
cat <<EOF > $out/bin/kwin-system76-scheduler-dbus-proxy.sh
#!${pkgs.bash}/bin/bash
DBUS_SERVICE="com.system76.Scheduler"
DBUS_PATH="/com/system76/Scheduler"
DBUS_INTERFACE="com.system76.Scheduler"
DBUS_METHOD="SetForegroundProcess"
echo "starting dbus proxy.."
echo \''$DBUS_SERVICE \''$DBUS_PATH \''$DBUS_INTERFACE \''$DBUS_METHOD
${pkgs.dbus}/bin/dbus-monitor --session "destination=\''$DBUS_SERVICE,path=\''$DBUS_PATH,interface=\''$DBUS_INTERFACE,member=\''$DBUS_METHOD" |
while true; do
read method call time sender _ dest serial path interface member
read type pid
[ "\''$member" = "member=\''$DBUS_METHOD" ] && ${pkgs.libsForQt5.qt5.qttools.bin}/bin/qdbus --system \''$DBUS_SERVICE \''$DBUS_PATH \''$DBUS_INTERFACE.\''$DBUS_METHOD \''$pid && echo "new foreground process: \''$pid"
done
EOF
chmod +x $out/bin/kwin-system76-scheduler-dbus-proxy.sh
runHook postInstall
'';
}

26
system/syspkgs/lemurs.nix
View file

@ -1,26 +0,0 @@
{ lib, fetchFromGitHub, rustPlatform, linux-pam, pkg-config }:
rustPlatform.buildRustPackage rec {
pname = "lemurs";
version = "0.3.1";
src = fetchFromGitHub {
owner = "coastalwhite";
repo = pname;
rev = "60fda2a";
sha256 = "sha256-mQXavJULD5iyOnzj72xTV0EQ1HQvj25SHsbDgfRg4lQ=";
};
nativeBuildInputs = [ pkg-config ];
buildInputs = [ linux-pam ];
cargoSha256 = "sha256-OCaIeQB8reK0089vbC+4IvQt5pKdZ2SCyyGuQEYWzjo=";
meta = with lib; {
description = "A customizable TUI display/login manager written in Rust";
homepage = "https://git.atagen.co/coastalwhite/lemurs";
license = licenses.mit;
maintainers = [ ];
};
}

41
system/syspkgs/ly.nix
View file

@ -1,41 +0,0 @@
{ stdenv, lib, fetchFromGitHub, linux-pam, libxcb, git }:
stdenv.mkDerivation rec {
pname = "ly";
version = "0.5.0+";
src = fetchFromGitHub {
owner = "fairyglade";
repo = pname;
rev = "c64f806a68af225cc95623971b5e464abb55b879";
sha256 = "sha256-orCqjKlK6U1q7NDoMwxZZE44cyG8yuxdCCk1cQAalP0=";
fetchSubmodules = true;
};
nativeBuildInputs = [ git ];
buildInputs = [ linux-pam libxcb ];
makeFlags = [ "FLAGS=-Wno-error=unused-result" ];
preBuildPhase = ''
mkdir -p ./data
export DESTDIR="$PWD"
export DATADIR="$PWD/data"
'';
buildPhase = ''
make -j16
'';
installPhase = ''
mkdir -p $out/bin
cp bin/ly $out/bin
mkdir -p $out/etc/ly
cp -R ./data/* $out/etc/ly
'';
meta = with lib; {
description = "TUI display manager";
license = licenses.wtfpl;
homepage = "https://github.com/fairyglade/ly";
maintainers = [ ];
};
}

34
system/syspkgs/system76-scheduler.nix
View file

@ -1,34 +0,0 @@
{ pkgs, lib, rustPlatform, fetchFromGitHub, ... }:
rustPlatform.buildRustPackage rec {
pname = "system76-scheduler";
version = "1.2.2";
src = fetchFromGitHub {
owner = "pop-os";
repo = pname;
rev = version;
sha256 = "sha256-uFFJkuMxqcGj6OQShF0zh/FGwX4/ln1l6NwGonkUsNI=";
};
nativeBuildInputs = with pkgs; [
bcc
];
EXECSNOOP_PATH = "${pkgs.bcc}/bin/execsnoop";
cargoSha256 = "sha256-s91T/Ttr7G8sjyf0Mp5suep4IA+l/r4118B+ue33yfQ=";
postInstall = ''
mkdir -p $out/etc/system76-scheduler/assignments \
$out/etc/system76-scheduler/exceptions \
$out/lib/systemd/system \
$out/etc/dbus-1/system.d
install -Dm0644 data/config.ron $out/etc/system76-scheduler/config.ron
install -Dm0644 data/assignments.ron $out/etc/system76-scheduler/assignments/default.ron
install -Dm0644 data/exceptions.ron $out/etc/system76-scheduler/exceptions/default.ron
# install -Dm0644 data/com.system76.Scheduler.service $out/lib/systemd/system/com.system76.Scheduler.service
install -Dm0644 data/com.system76.Scheduler.conf $out/etc/dbus-1/system.d/com.system76.Scheduler.conf
'';
}

63
system/wollomi.nix
View file

@ -1,63 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbcore" "sd_mod" ];
boot.initrd.kernelModules = [];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.supportedFilesystems = [ "ntfs" ];
networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# dlna
services.minidlna = {
enable = true;
announceInterval = 120;
friendlyName = "PC";
mediaDirs = [ "A,/data/Music/Slsk" ];
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
hardware.ckb-next.enable = true;
environment.systemPackages = with pkgs; [
ckb-next
];
networking.hostName = "quiver"; # Define your hostname.
users.users.bolt = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
};
fileSystems."/" =
{ device = "/dev/disk/by-uuid/06f59431-d939-4b48-9d91-e23606dd3ce0";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/5008-1946";
fsType = "vfat";
};
fileSystems."/data" = {
device = "/dev/disk/by-uuid/39D4F78C658E8B56";
fsType = "ntfs";
options = [ "rw" "uid=1000" "gid=100" ];
};
swapDevices = [ ];
networking.firewall = {
allowedUDPPorts = [ 1900 ];
allowedTCPPorts = [ 8200 ];
};
}