notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

treewide: adhere to official nix formatting style #28

Closed
notohh wants to merge 4 commits from nixfmt-rfc-style into master
pull from: nixfmt-rfc-style
merge into: notohh:master
Conversation 1 Commits 4 Files changed 118 +1895 -1489
118 changed files with 1895 additions and 1489 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
flake.nix
View file

@ -41,17 +41,18 @@
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
outputs =
{
self,
nixpkgs,
pre-commit-hooks,
...
} @ inputs: let
}@inputs:
let
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
};
in {
pkgs = import nixpkgs { inherit system; };
in
{
checks = {
pre-commit-check = pre-commit-hooks.lib.${system}.run {
src = ./.;
@ -59,7 +60,7 @@
stylua.enable = true;
eslint.enable = true;
statix.enable = true;
alejandra.enable = true;
alejandra.enable = false;
deadnix = {
enable = true;
excludes = [ "overlays.nix" ];
@ -77,12 +78,14 @@
packages = with pkgs; [
git
sops
alejandra
# alejandra
statix
deadnix
yaml-language-server
lua-language-server
];
};
formatter.${system} = pkgs.alejandra;
# formatter.${system} = pkgs.alejandra;
deploy = import ./hosts/deploy.nix inputs;
nixosConfigurations = import ./hosts inputs;
};

15
home/ags/default.nix
View file

@ -1,13 +1,14 @@
{
pkgs,
config,
...
}: let
{ pkgs, config, ... }:
let
configDir = "/home/notoh/snowflake/home/ags/config";
in {
in
{
programs.ags = {
enable = true;
extraPackages = with pkgs; [libsoup_3 libdbusmenu-gtk3];
extraPackages = with pkgs; [
libsoup_3
libdbusmenu-gtk3
];
};
home.packages = with pkgs; [ dart-sass ];
xdg.configFile = {

18
home/anyrun/default.nix
View file

@ -3,12 +3,18 @@
pkgs,
lib,
...
}: let
compileSCSS = name: source: "${pkgs.runCommandLocal name {} ''
}:
let
compileSCSS =
name: source:
"${
pkgs.runCommandLocal name { } ''
mkdir -p $out
${lib.getExe pkgs.sassc} -t expanded '${source}' > $out/${name}.css
''}/${name}.css";
in {
''
}/${name}.css";
in
{
programs.anyrun = {
enable = true;
config = {
@ -17,7 +23,9 @@ in {
dictionary
websearch
];
width = {fraction = 0.3;};
width = {
fraction = 0.3;
};
hideIcons = false;
ignoreExclusiveZones = false;
layer = "overlay";

9
home/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
./helix
./neofetch
@ -63,7 +64,11 @@
key = "BD47506D475EE86D";
signByDefault = true;
};
ignores = ["*result*" ".direnv" "node_modules"];
ignores = [
"*result*"
".direnv"
"node_modules"
];
};
gh = {
enable = true;

3
home/firefox/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.firefox = {
enable = true;
policies = {

3
home/gtk/catppuccin-red.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";

3
home/gtk/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.pointerCursor = {
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";

24
home/helix/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./languages.nix
./themes/catppuccin_mocha.nix
@ -16,11 +17,26 @@
completion-replace = true;
soft-wrap.enable = true;
idle-timeout = 1;
gutters = ["diff" "diagnostics" "line-numbers" "spacer"];
gutters = [
"diff"
"diagnostics"
"line-numbers"
"spacer"
];
statusline = {
left = ["mode" "spinner"];
left = [
"mode"
"spinner"
];
center = [ "file-name" ];
right = ["diagnostics" "selections" "position" "file-line-ending" "file-type" "version-control"];
right = [
"diagnostics"
"selections"
"position"
"file-line-ending"
"file-type"
"version-control"
];
separator = "|";
mode = {
normal = "NORMAL";

5
home/helix/languages.nix
View file

@ -1,8 +1,5 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
programs.helix.languages = {
language = with pkgs; [
{

55
home/helix/themes/catppuccin_mocha.nix
View file

@ -1,6 +1,7 @@
_: {
programs.helix = {
themes.catppuccin_mocha = let
themes.catppuccin_mocha =
let
rosewater = "#f5e0dc";
flamingo = "#f2cdcd";
pink = "#f5c2e7";
@ -32,7 +33,8 @@ _: {
cursorline = "#2a2b3c";
secondary_cursor = "#b5a6a8";
in {
in
{
"type" = yellow;
"constructor" = sapphire;
"constant" = peach;
@ -82,20 +84,33 @@ _: {
"markup.heading.5" = pink;
"markup.heading.6" = teal;
"markup.list" = mauve;
"markup.bold" = {modifiers = ["bold"];};
"markup.italic" = {modifiers = ["italic"];};
"markup.bold" = {
modifiers = [ "bold" ];
};
"markup.italic" = {
modifiers = [ "italic" ];
};
"markup.link.url" = {
fg = rosewater;
modifiers = ["italic" "underlined"];
modifiers = [
"italic"
"underlined"
];
};
"markup.link.text" = blue;
"markup.raw" = flamingo;
"diff.plus" = green;
"diff.minus" = red;
"diff.delta" = blue;
"ui.background" = {fg = surface1;};
"ui.linenr" = {fg = surface1;};
"ui.linenr.selected" = {fg = lavender;};
"ui.background" = {
fg = surface1;
};
"ui.linenr" = {
fg = surface1;
};
"ui.linenr.selected" = {
fg = lavender;
};
"ui.statusline" = {
fg = subtext1;
bg = mantle;
@ -123,7 +138,9 @@ _: {
fg = text;
bg = surface0;
};
"ui.window" = {fg = crust;};
"ui.window" = {
fg = crust;
};
"ui.help" = {
fg = overlay2;
bg = surface0;
@ -140,22 +157,30 @@ _: {
style = "line";
};
};
"ui.bufferline.background" = {bg = crust;};
"ui.bufferline.background" = {
bg = crust;
};
"ui.text" = text;
"ui.text.focus" = {
fg = text;
bg = surface0;
modifiers = [ "bold" ];
};
"ui.text.inactive" = {fg = overlay1;};
"ui.text.inactive" = {
fg = overlay1;
};
"ui.virtual" = overlay0;
"ui.virtual.ruler" = {bg = surface0;};
"ui.virtual.ruler" = {
bg = surface0;
};
"ui.virtual.indent-guide" = surface0;
"ui.virtual.inlay-hint" = {
fg = surface1;
bg = mantle;
};
"ui.selection" = {bg = surface1;};
"ui.selection" = {
bg = surface1;
};
"ui.cursor" = {
fg = base;
bg = secondary_cursor;
@ -168,7 +193,9 @@ _: {
fg = peach;
modifiers = [ "bold" ];
};
"ui.cursorline.primary" = {bg = cursorline;};
"ui.cursorline.primary" = {
bg = cursorline;
};
"ui.highlight" = {
bg = surface1;
modifiers = [ "bold" ];

182
home/helix/themes/tokyonight.nix
View file

@ -1,6 +1,7 @@
_: {
programs.helix = {
themes.tokyonight = let
themes.tokyonight =
let
red = "#f7768e";
orange = "#ff9e64";
yellow = "#e0af68";
@ -19,74 +20,131 @@ _: {
foreground_gutter = "#363b54";
background_highlight = "#30374b";
background_menu = "#16161e";
in {
in
{
"comment" = {
fg = comment;
modifiers = [ "italic" ];
};
"constant" = {fg = orange;};
"constant.character.escape" = {fg = magenta;};
"constant" = {
fg = orange;
};
"constant.character.escape" = {
fg = magenta;
};
"function" = {
fg = blue;
modifiers = [ "italic" ];
};
"function.macro" = {fg = cyan;};
"function.macro" = {
fg = cyan;
};
"keyword" = {
fg = cyan;
modifiers = [ "italic" ];
};
"keyword.control" = {fg = magenta;};
"keyword.control.import" = {fg = cyan;};
"keyword.operator" = {fg = turquoise;};
"keyword.control" = {
fg = magenta;
};
"keyword.control.import" = {
fg = cyan;
};
"keyword.operator" = {
fg = turquoise;
};
"keyword.function" = {
fg = magenta;
modifiers = [ "italic" ];
};
"operator" = {fg = turquoise;};
"punctuation" = {fg = turquoise;};
"string" = {fg = light-green;};
"string.regexp" = {fg = "light-blue";};
"tag" = {fg = red;};
"type" = {fg = teal;};
"namespace" = {fg = blue;};
"variable" = {fg = white;};
"variable.builtin" = {fg = red;};
"variable.other.member" = {fg = green;};
"operator" = {
fg = turquoise;
};
"punctuation" = {
fg = turquoise;
};
"string" = {
fg = light-green;
};
"string.regexp" = {
fg = "light-blue";
};
"tag" = {
fg = red;
};
"type" = {
fg = teal;
};
"namespace" = {
fg = blue;
};
"variable" = {
fg = white;
};
"variable.builtin" = {
fg = red;
};
"variable.other.member" = {
fg = green;
};
"variable.parameter" = {
fg = yellow;
modifiers = [ "italic" ];
};
"diff.plus" = {fg = green;};
"diff.delta" = {fg = orange;};
"diff.minus" = {fg = red;};
"diff.plus" = {
fg = green;
};
"diff.delta" = {
fg = orange;
};
"diff.minus" = {
fg = red;
};
"ui.background" = {fg = foreground;};
"ui.background" = {
fg = foreground;
};
"ui.cursor" = {modifiers = ["reversed"];};
"ui.cursor" = {
modifiers = [ "reversed" ];
};
"ui.cursor.match" = {
fg = orange;
modifiers = [ "bold" ];
};
"ui.cursor.primary" = {modifiers = ["reversed"];};
"ui.cursorline.primary" = {bg = background_menu;};
"ui.cursor.primary" = {
modifiers = [ "reversed" ];
};
"ui.cursorline.primary" = {
bg = background_menu;
};
"ui.help" = {
fg = foreground;
bg = background_menu;
};
"ui.linenr" = {fg = foreground_gutter;};
"ui.linenr.selected" = {fg = foreground;};
"ui.linenr" = {
fg = foreground_gutter;
};
"ui.linenr.selected" = {
fg = foreground;
};
"ui.menu" = {
fg = foreground;
bg = background_menu;
};
"ui.menu.selected" = {bg = background_highlight;};
"ui.menu.selected" = {
bg = background_highlight;
};
"ui.popup" = {
fg = foreground;
bg = background_menu;
};
"ui.selection" = {bg = background_highlight;};
"ui.selection.primary" = {bg = background_highlight;};
"ui.selection" = {
bg = background_highlight;
};
"ui.selection.primary" = {
bg = background_highlight;
};
"ui.statusline" = {
fg = foreground;
bg = background_menu;
@ -107,17 +165,37 @@ _: {
fg = black;
bg = magenta;
};
"ui.text" = {fg = foreground;};
"ui.text.focus" = {fg = cyan;};
"ui.virtual.ruler" = {bg = foreground_gutter;};
"ui.virtual.whitespace" = {fg = foreground_gutter;};
"ui.virtual.inlay-hint" = {fg = comment;};
"ui.window" = {fg = black;};
"ui.text" = {
fg = foreground;
};
"ui.text.focus" = {
fg = cyan;
};
"ui.virtual.ruler" = {
bg = foreground_gutter;
};
"ui.virtual.whitespace" = {
fg = foreground_gutter;
};
"ui.virtual.inlay-hint" = {
fg = comment;
};
"ui.window" = {
fg = black;
};
"error" = {fg = red;};
"warning" = {fg = yellow;};
"info" = {fg = blue;};
"hint" = {fg = teal;};
"error" = {
fg = red;
};
"warning" = {
fg = yellow;
};
"info" = {
fg = blue;
};
"hint" = {
fg = teal;
};
"diagnostic.error" = {
underline = {
style = "curl";
@ -142,13 +220,17 @@ _: {
color = teal;
};
};
"special" = {fg = orange;};
"special" = {
fg = orange;
};
"markup.heading" = {
fg = cyan;
modifiers = [ "bold" ];
};
"markup.list" = {fg = cyan;};
"markup.list" = {
fg = cyan;
};
"markup.bold" = {
fg = orange;
modifiers = [ "bold" ];
@ -157,14 +239,22 @@ _: {
fg = yellow;
modifiers = [ "italic" ];
};
"markup.strikethrough" = {modifiers = ["crossed_out"];};
"markup.link.url" = {fg = green;};
"markup.link.text" = {fg = light-gray;};
"markup.strikethrough" = {
modifiers = [ "crossed_out" ];
};
"markup.link.url" = {
fg = green;
};
"markup.link.text" = {
fg = light-gray;
};
"markup.quote" = {
fg = yellow;
modifiers = [ "italic" ];
};
"markup.raw" = {fg = cyan;};
"markup.raw" = {
fg = cyan;
};
};
};
}

5
home/lazygit/default.nix
View file

@ -5,7 +5,10 @@ _: {
windowSize = "normal";
gui.theme = {
lightTheme = false;
activeBorderColor = ["#2ac3de" "bold"];
activeBorderColor = [
"#2ac3de"
"bold"
];
inactiveBorderColor = [ "#f7768e" ];
optionsTextColor = [ " #c0caf5" ];
selectedLineBgColor = [ "#24283b" ];

3
home/neofetch/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = [ pkgs.neofetch ];
xdg.configFile."neofetch/config.conf".source = ./config.conf;
}

3
home/spotify-player/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
home.packages = [ pkgs.spotify-player ];
xdg.configFile."spotify-player/app.toml" = {
text = ''

11
home/starship/default.nix
View file

@ -1,8 +1,5 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
home.sessionVariables.STARSHIP_CACHE = "${config.xdg.cacheHome}/starship";
programs.starship = {
@ -40,9 +37,7 @@
"$rust"
"$golang"
];
right_format = lib.concatStrings [
"$nix_shell"
];
right_format = lib.concatStrings [ "$nix_shell" ];
character = {
error_symbol = "[](bold red)";
success_symbol = "[](bold teal)";
@ -77,7 +72,7 @@
impure_msg = "[impure shell](bold red)";
pure_msg = "[pure shell](bold green)";
unknown_msg = "[unknown shell](bold yellow)";
format = "via [ $state( \($name\))](bold teal)";
format = "via [ $state( ($name))](bold teal)";
};
git_branch = {
symbol = "";

10
home/wayland/default.nix
View file

@ -1,8 +1,5 @@
{
pkgs,
inputs,
...
}: let
{ pkgs, inputs, ... }:
let
dbus-hyprland-environment = pkgs.writeTextFile {
name = "dbus-hyprland-environment";
destination = "/bin/dbus-hyprland-environment";
@ -13,7 +10,8 @@
systemctl --user start pipewire wireplumber pipewire-media-session xdg-desktop-portal xdg-desktop-portal-hyprland
'';
};
in {
in
{
imports = [ ./greetd.nix ];
environment = {
systemPackages = with pkgs; [

3
home/wayland/hyprland/config/general.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
wayland.windowManager.hyprland = {
settings = {
monitor = [

16
home/yazi/default.nix
View file

@ -1,10 +1,10 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
xdg.configFile."yazi/init.lua".source = ./init.lua;
imports = [./keymap.nix ./openers.nix];
imports = [
./keymap.nix
./openers.nix
];
programs.yazi = {
enable = true;
@ -12,7 +12,11 @@
enableNushellIntegration = true;
settings = {
manager = {
ratio = [1 3 3];
ratio = [
1
3
3
];
sort_by = "natural";
sort_reverse = false;
sort_dir_first = true;

25
home/yazi/keymap.nix
View file

@ -40,7 +40,10 @@ _: {
desc = "Enter the child directory";
}
{
on = ["g" "g"];
on = [
"g"
"g"
];
exec = "arrow -99999999";
desc = "Move cursor to the top";
}
@ -53,7 +56,10 @@ _: {
# Selection
{
on = [ "<Space>" ];
exec = ["select --state=none" "arrow 1"];
exec = [
"select --state=none"
"arrow 1"
];
desc = "Toggle the current selection state";
}
{
@ -148,17 +154,26 @@ _: {
# Copy
{
on = ["c" "c"];
on = [
"c"
"c"
];
exec = "copy path";
desc = "copy the absolute path";
}
{
on = ["c" "d"];
on = [
"c"
"d"
];
exec = "copy dirname";
desc = "copy parent directory path";
}
{
on = ["c" "f"];
on = [
"c"
"f"
];
exec = "copy filename";
desc = "copy file name";
}

29
home/yazi/openers.nix
View file

@ -1,25 +1,42 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
programs.yazi.settings = {
open.rules = [
{
mime = "text/*";
use = ["edit" "reveal"];
use = [
"edit"
"reveal"
];
}
{
mime = "image/*";
use = ["image" "reveal"];
use = [
"image"
"reveal"
];
}
{
mime = "video/*";
use = ["play" "reveal"];
use = [
"play"
"reveal"
];
}
{
mime = "application/json";
use = ["edit" "reveal"];
use = [
"edit"
"reveal"
];
}
{
mime = "*";
use = ["edit" "open" "reveal"];
use = [
"edit"
"open"
"reveal"
];
}
];
opener = {

4
home/zellij/default.nix
View file

@ -1,7 +1,5 @@
_: {
imports = [
./layouts.nix
];
imports = [ ./layouts.nix ];
programs.zellij = {
enable = true;

2
hosts/ame/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

18
hosts/ame/hardware.nix
View file

@ -3,10 +3,9 @@
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
kernelModules = [ "kvm-intel" ];
@ -22,7 +21,12 @@
};
};
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "usb_storage" "sd_mod"];
availableKernelModules = [
"xhci_pci"
"ahci"
"usb_storage"
"sd_mod"
];
kernelModules = [ ];
};
};
@ -42,9 +46,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/4f69ab31-f6a9-4799-92f1-5abbe0dc9180";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/4f69ab31-f6a9-4799-92f1-5abbe0dc9180"; } ];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

3
hosts/ame/home.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
imports = [
../../home
../../home/anyrun

7
hosts/ame/services/default.nix
View file

@ -1,5 +1,4 @@
{...}: {
imports = [
./restic.nix
];
{ ... }:
{
imports = [ ./restic.nix ];
}

17
hosts/ame/services/restic.nix
View file

@ -1,17 +1,16 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-ame = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.ame-s3 = {sopsFile = ../../../secrets/s3/secrets.yaml;};
sops.secrets.restic-ame = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
sops.secrets.ame-s3 = {
sopsFile = ../../../secrets/s3/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {
ame = {
paths = [
"/home"
];
paths = [ "/home" ];
exclude = [
"*.qcow2"
"*.iso"

2
hosts/arashi/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

26
hosts/arashi/hardware.nix
View file

@ -1,15 +1,12 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
kernel.sysctl = {"kernel.shmmax" = 100663296;};
kernel.sysctl = {
"kernel.shmmax" = 100663296;
};
extraModulePackages = [ ];
loader.grub = {
enable = true;
@ -18,7 +15,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -34,9 +38,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/e9eb4b6a-e9a1-4616-8c82-349d2f38d140"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/arashi/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

5
hosts/arashi/services/postgresql.nix
View file

@ -1,8 +1,5 @@
{ pkgs, lib, ... }:
{
pkgs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [ 5432 ];
services.postgresql = {
enable = true;

3
hosts/arashi/services/redis.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.redis-dump ];
services.redis.servers = {
forgejo = {

13
hosts/arashi/services/restic.nix
View file

@ -1,17 +1,14 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-arashi = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-arashi = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {
arashi = {
user = "root";
paths = [
"/var/backup/"
];
paths = [ "/var/backup/" ];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"

118
hosts/default.nix
View file

@ -1,4 +1,5 @@
inputs: let
inputs:
let
system = "x86_64-linux";
sopsModule = inputs.sops-nix.nixosModules.sops;
hmModule = inputs.home-manager.nixosModules.home-manager;
@ -9,10 +10,13 @@ inputs: let
atticModule = inputs.attic.nixosModules.atticd;
nurModule = inputs.nur.nixosModules.nur;
inherit (inputs.nixpkgs.lib) nixosSystem;
in {
in
{
tsuki = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./tsuki
sopsModule
@ -23,7 +27,9 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./tsuki/home.nix
@ -39,7 +45,9 @@ in {
};
sakura = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./sakura
sopsModule
@ -48,11 +56,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./sakura/home.nix
];
imports = [ ./sakura/home.nix ];
};
};
}
@ -60,7 +68,9 @@ in {
};
kariru = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./kariru
sopsModule
@ -69,11 +79,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./kariru/home.nix
];
imports = [ ./kariru/home.nix ];
};
};
}
@ -81,7 +91,9 @@ in {
};
yuki = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./yuki
sopsModule
@ -90,11 +102,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./yuki/home.nix
];
imports = [ ./yuki/home.nix ];
};
};
}
@ -102,7 +114,9 @@ in {
};
ame = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./ame
sopsModule
@ -111,7 +125,9 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./ame/home.nix
@ -125,7 +141,9 @@ in {
};
arashi = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./arashi
sopsModule
@ -134,11 +152,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./arashi/home.nix
];
imports = [ ./arashi/home.nix ];
};
};
}
@ -146,7 +164,9 @@ in {
};
sora = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./sora
sopsModule
@ -156,11 +176,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./sora/home.nix
];
imports = [ ./sora/home.nix ];
};
};
}
@ -168,7 +188,9 @@ in {
};
tsuru = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./tsuru
sopsModule
@ -177,11 +199,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./tsuru/home.nix
];
imports = [ ./tsuru/home.nix ];
};
};
}
@ -189,7 +211,9 @@ in {
};
haru = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./haru
sopsModule
@ -198,11 +222,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./haru/home.nix
];
imports = [ ./haru/home.nix ];
};
};
}
@ -210,7 +234,9 @@ in {
};
kaze = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
specialArgs = {
inherit inputs;
};
modules = [
./kaze
sopsModule
@ -219,11 +245,11 @@ in {
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;};
extraSpecialArgs = {
inherit inputs;
};
users.notoh = {
imports = [
./kaze/home.nix
];
imports = [ ./kaze/home.nix ];
};
};
}

48
hosts/deploy.nix
View file

@ -7,7 +7,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.sakura;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
kariru = {
@ -17,7 +21,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.kariru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
yuki = {
@ -27,7 +35,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.yuki;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
arashi = {
@ -37,7 +49,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.arashi;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
sora = {
@ -47,7 +63,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.sora;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
tsuru = {
@ -57,7 +77,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.tsuru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
haru = {
@ -67,7 +91,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.haru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
kaze = {
@ -77,7 +105,11 @@ inputs: {
path = activate.nixos inputs.self.nixosConfigurations.kaze;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
sshOpts = [
"-t"
"-i"
"~/.ssh/forgejo"
];
magicRollback = true;
};
};

2
hosts/haru/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

22
hosts/haru/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
@ -17,7 +12,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -29,9 +31,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/c879fa21-fd80-422c-9aef-0becce5ff19c";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/c879fa21-fd80-422c-9aef-0becce5ff19c"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/haru/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

24
hosts/haru/services/blocky.nix
View file

@ -1,5 +1,9 @@
{pkgs, ...}: {
networking.firewall.allowedTCPPorts = [53 4000];
{ pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [
53
4000
];
networking.firewall.allowedUDPPorts = [ 53 ];
environment.systemPackages = [ pkgs.blocky ];
@ -72,11 +76,10 @@
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts"
];
catchall = [
"https://big.oisd.nl/domainswild"
];
catchall = [ "https://big.oisd.nl/domainswild" ];
};
whiteLists = let
whiteLists =
let
customWhitelist = pkgs.writeText "misc.txt" ''
ax.phobos.apple.com.edgesuite.net
amp-api-edge.apps.apple.com
@ -84,7 +87,8 @@
(\.|^)wac\.phicdn\.net$
*.flake.sh
'';
in {
in
{
ads = [
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt"
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt"
@ -103,9 +107,11 @@
};
customDNS = {
customTTL = "1h";
mapping = let
mapping =
let
yukiIp = "192.168.1.98";
in {
in
{
# infra
"truenas.internal.flake.sh" = "192.168.1.199";

2
hosts/kariru/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

22
hosts/kariru/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
@ -17,7 +12,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -41,9 +43,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/f28bad28-ae14-4aa7-85c5-47abe46bae56";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/f28bad28-ae14-4aa7-85c5-47abe46bae56"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/kariru/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

3
hosts/kariru/services/default.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
networking.firewall.allowedTCPPorts = [ 9292 ];
imports = [

9
hosts/kariru/services/restic.nix
View file

@ -1,9 +1,8 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-kariru = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-kariru = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {

3
hosts/kariru/services/torrent.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
sops.secrets.gluetun = { };
virtualisation.oci-containers.containers = {
gluetun = {

2
hosts/kaze/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

23
hosts/kaze/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ "kvm-amd" ];
@ -17,7 +12,15 @@
useOSProber = true;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" "virtio_blk"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
"virtio_blk"
];
kernelModules = [ ];
};
};
@ -33,9 +36,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/100a4262-ce57-47a7-b99a-f124a8e369de";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/100a4262-ce57-47a7-b99a-f124a8e369de"; } ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

7
hosts/kaze/home.nix
View file

@ -1,7 +1,6 @@
{...}: {
imports = [
../../home
];
{ ... }:
{
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

15
hosts/kaze/services/minio.nix
View file

@ -1,11 +1,10 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
environment.systemPackages = [ pkgs.minio-client ];
systemd.services.minio.environment = {MINIO_BROWSER_REDIRECT = "false";};
systemd.services.minio.environment = {
MINIO_BROWSER_REDIRECT = "false";
};
sops.secrets.minio = {
owner = "minio";
@ -13,9 +12,11 @@
mode = "0600";
restartUnits = [ "minio.service" ];
};
services.minio = let
services.minio =
let
dataDir = "/var/lib/slab/minio";
in {
in
{
enable = true;
region = "us-east-1";
consoleAddress = "0.0.0.0:9006";

22
hosts/kaze/services/tailscale.nix
View file

@ -3,9 +3,15 @@
lib,
pkgs,
...
}: {
sops.secrets.tsauth-kaze = {sopsFile = ../../../secrets/tailscale/secrets.yaml;};
environment.systemPackages = [pkgs.jq pkgs.tailscale];
}:
{
sops.secrets.tsauth-kaze = {
sopsFile = ../../../secrets/tailscale/secrets.yaml;
};
environment.systemPackages = [
pkgs.jq
pkgs.tailscale
];
services.tailscale = {
useRoutingFeatures = lib.mkDefault "client";
};
@ -16,8 +22,14 @@
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
after = [
"network-pre.target"
"tailscale.service"
];
wants = [
"network-pre.target"
"tailscale.service"
];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job

22
hosts/sakura/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
@ -17,7 +12,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -37,9 +39,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/c5afba13-f1af-4e7f-994b-f565c52d92fc"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/sakura/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

23
hosts/sakura/services/authelia.nix
View file

@ -1,16 +1,23 @@
{config, ...}: {
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [ 9091 ];
sops.secrets.authelia-jwt = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
sops.secrets.authelia-sek = {owner = config.systemd.services.authelia-default.serviceConfig.User;};
sops.secrets.authelia-jwt = {
owner = config.systemd.services.authelia-default.serviceConfig.User;
};
sops.secrets.authelia-sek = {
owner = config.systemd.services.authelia-default.serviceConfig.User;
};
services.authelia.instances.default = {
enable = true;
secrets = {
jwtSecretFile = config.sops.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.sops.secrets.authelia-sek.path;
};
settings = let
settings =
let
pqdn = "notohh.dev";
in {
in
{
log.level = "debug";
theme = "dark";
default_2fa_method = "totp";
@ -53,9 +60,11 @@
notifier.filesystem = {
filename = "/var/lib/authelia-default/notif.txt";
};
storage.postgres = let
storage.postgres =
let
dbInfo = "authelia";
in {
in
{
host = "192.168.1.211";
port = 5432;
database = dbInfo;

5
hosts/sakura/services/conduit.nix
View file

@ -1,5 +1,8 @@
_: {
networking.firewall.allowedTCPPorts = [6167 8448];
networking.firewall.allowedTCPPorts = [
6167
8448
];
services.matrix-conduit = {
enable = true;
settings = {

3
hosts/sakura/services/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./restic.nix
./authelia.nix

16
hosts/sakura/services/forgejo.nix
View file

@ -1,13 +1,13 @@
{
lib,
config,
...
}: let
{ lib, config, ... }:
let
sshPort = 2222;
dbHost = "192.168.1.211";
dbLogin = "forgejo";
in {
sops.secrets.smtp2go-pwd = {owner = "forgejo";};
in
{
sops.secrets.smtp2go-pwd = {
owner = "forgejo";
};
networking.firewall.allowedTCPPorts = [ 2222 ];
services.forgejo = {
enable = true;
@ -78,7 +78,7 @@ in {
services.fail2ban.jails.forgejo = {
settings = {
filter = "forgejo";
action = ''iptables-allports'';
action = "iptables-allports";
mode = "aggressive";
maxretry = 3;
findtime = 3600;

6
hosts/sakura/services/grafana.nix
View file

@ -1,7 +1,9 @@
_: let
_:
let
prometheusPort = "9090";
dbLogin = "grafana";
in {
in
{
services.grafana = {
enable = true;
settings = {

9
hosts/sakura/services/restic.nix
View file

@ -1,9 +1,8 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-sakura = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-sakura = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {

3
hosts/sakura/services/rustypaste.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [ rustypaste ];
systemd.services.rustypaste = {

22
hosts/sakura/services/tailscale.nix
View file

@ -3,9 +3,15 @@
lib,
pkgs,
...
}: {
sops.secrets.tsauth-sakura = {sopsFile = ../../../secrets/tailscale/secrets.yaml;};
environment.systemPackages = [pkgs.jq pkgs.tailscale];
}:
{
sops.secrets.tsauth-sakura = {
sopsFile = ../../../secrets/tailscale/secrets.yaml;
};
environment.systemPackages = [
pkgs.jq
pkgs.tailscale
];
services.tailscale = {
useRoutingFeatures = lib.mkDefault "client";
};
@ -16,8 +22,14 @@
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
after = [
"network-pre.target"
"tailscale.service"
];
wants = [
"network-pre.target"
"tailscale.service"
];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job

5
hosts/sakura/services/vaultwarden.nix
View file

@ -1,8 +1,5 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.vaultwarden-env = { };
services.vaultwarden = {
enable = true;

10
hosts/sora/hardware.nix
View file

@ -1,4 +1,5 @@
{modulesPath, ...}: {
{ modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
zramSwap.enable = true;
@ -11,7 +12,12 @@
device = "nodev";
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"xen_blkfront"
"vmw_pvscsi"
];
kernelModules = [ "nvme" ];
};
};

6
hosts/sora/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

3
hosts/sora/networking.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
networking = {
hostName = "sora";
nameservers = [

5
hosts/sora/services/attic.nix
View file

@ -1,8 +1,5 @@
{ config, pkgs, ... }:
{
config,
pkgs,
...
}: {
sops.secrets.attic = { };
environment.systemPackages = [ pkgs.attic ];

3
hosts/sora/services/atuin.nix
View file

@ -1,4 +1,5 @@
{lib, ...}: {
{ lib, ... }:
{
networking.firewall.allowedTCPPorts = [ 8888 ];
services.atuin = {
enable = true;

3
hosts/sora/services/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./restic.nix
./traefik.nix

5
hosts/sora/services/minecraft.nix
View file

@ -3,7 +3,10 @@ _: {
networking.firewall.allowedUDPPorts = [ 24454 ];
virtualisation.oci-containers.containers.minecraft = {
image = "itzg/minecraft-server";
ports = ["25565:25565" "24454:24454/udp"];
ports = [
"25565:25565"
"24454:24454/udp"
];
environment = {
EULA = "TRUE";
VERSION = "1.19.2";

3
hosts/sora/services/ntfy-sh.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.ntfy-sh ];
services.ntfy-sh = {
enable = true;

13
hosts/sora/services/restic.nix
View file

@ -1,11 +1,12 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets = {
restic-sora = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sora-s3 = {sopsFile = ../../../secrets/s3/secrets.yaml;};
restic-sora = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
sora-s3 = {
sopsFile = ../../../secrets/s3/secrets.yaml;
};
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {

22
hosts/sora/services/tailscale.nix
View file

@ -3,9 +3,15 @@
lib,
pkgs,
...
}: {
sops.secrets.tsauth-sora = {sopsFile = ../../../secrets/tailscale/secrets.yaml;};
environment.systemPackages = [pkgs.jq pkgs.tailscale];
}:
{
sops.secrets.tsauth-sora = {
sopsFile = ../../../secrets/tailscale/secrets.yaml;
};
environment.systemPackages = [
pkgs.jq
pkgs.tailscale
];
services.tailscale = {
useRoutingFeatures = lib.mkDefault "server"; # important to make it a server, it sets sysctl for ip forwarding without intervention and reboot
};
@ -16,8 +22,14 @@
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
after = [
"network-pre.target"
"tailscale.service"
];
wants = [
"network-pre.target"
"tailscale.service"
];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job

32
hosts/sora/services/traefik.nix
View file

@ -1,6 +1,12 @@
{config, ...}: {
{ config, ... }:
{
sops.secrets.cloudflare-api-key = { };
networking.firewall.allowedTCPPorts = [80 443 2222 8080];
networking.firewall.allowedTCPPorts = [
80
443
2222
8080
];
systemd.services.traefik = {
environment = {
CLOUDFLARE_EMAIL = "jch0tm2e@notohh.dev";
@ -47,9 +53,11 @@
};
};
};
routers = let
routers =
let
pqdn = "flake.sh";
in {
in
{
api = {
rule = "PathPrefix(`/api/`)";
entrypoints = [ "websecure" ];
@ -163,10 +171,12 @@
tls.certresolver = "production";
};
};
services = let
services =
let
sakuraIp = "100.121.201.47:";
soraIp = "100.104.42.96:";
in {
in
{
# sora
uptime-kuma.loadBalancer.servers = [ { url = "http://${soraIp}4000"; } ];
foundryvtt.loadBalancer.servers = [ { url = "http://${soraIp}30000"; } ];
@ -227,7 +237,10 @@
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
delayBeforeCheck = "0";
};
};
@ -237,7 +250,10 @@
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
delayBeforeCheck = "0";
};
};

7
hosts/tsuki/default.nix
View file

@ -3,7 +3,8 @@
config,
pkgs,
...
}: {
}:
{
imports = [
inputs.nix-gaming.nixosModules.steamCompat
inputs.nix-gaming.nixosModules.pipewireLowLatency
@ -56,9 +57,7 @@
gamemode.enable = true;
steam = {
enable = true;
extraCompatPackages = [
inputs.nix-gaming.packages.${pkgs.system}.proton-ge
];
extraCompatPackages = [ inputs.nix-gaming.packages.${pkgs.system}.proton-ge ];
};
};

25
hosts/tsuki/hardware.nix
View file

@ -3,13 +3,15 @@
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot = {
kernelModules = ["v4l2loopback" "kvm-intel"];
kernelModules = [
"v4l2loopback"
"kvm-intel"
];
extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ];
loader = {
systemd-boot = {
@ -22,7 +24,14 @@
};
};
initrd = {
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod"];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
kernelModules = [ ];
};
};
@ -58,9 +67,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/2f5e2c64-99b8-4fa0-943c-c9dd45c84fdc";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/2f5e2c64-99b8-4fa0-943c-c9dd45c84fdc"; } ];
networking.useDHCP = lib.mkDefault true;

5
hosts/tsuki/home.nix
View file

@ -1,8 +1,5 @@
{ inputs, pkgs, ... }:
{
inputs,
pkgs,
...
}: {
imports = [
./services/swayidle.nix
../../home

3
hosts/tsuki/services/atticd.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.attic ];
systemd.services.atticd = {

3
hosts/tsuki/services/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./restic.nix
./atticd.nix

8
hosts/tsuki/services/hydroxide.nix
View file

@ -1,6 +1,10 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.hydroxide ];
networking.firewall.allowedTCPPorts = [1025 1143];
networking.firewall.allowedTCPPorts = [
1025
1143
];
systemd.services.hydroxide = {
enable = true;

13
hosts/tsuki/services/restic.nix
View file

@ -1,10 +1,11 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-tsuki = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-osu = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-tsuki = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
sops.secrets.restic-osu = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {

2
hosts/tsuru/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

22
hosts/tsuru/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
@ -17,7 +12,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -29,9 +31,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/5be1a83b-5b40-4068-ade3-fcf28ff07e35";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/5be1a83b-5b40-4068-ade3-fcf28ff07e35"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/tsuru/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

6
hosts/tsuru/services/default.nix
View file

@ -1,5 +1 @@
_: {
imports = [
./woodpecker.nix
];
}
_: { imports = [ ./woodpecker.nix ]; }

22
hosts/tsuru/services/tailscale.nix
View file

@ -3,9 +3,15 @@
lib,
pkgs,
...
}: {
sops.secrets.tsauth-tsuru = {sopsFile = ../../../secrets/tailscale/secrets.yaml;};
environment.systemPackages = [pkgs.jq pkgs.tailscale];
}:
{
sops.secrets.tsauth-tsuru = {
sopsFile = ../../../secrets/tailscale/secrets.yaml;
};
environment.systemPackages = [
pkgs.jq
pkgs.tailscale
];
services.tailscale = {
useRoutingFeatures = lib.mkDefault "client";
};
@ -16,8 +22,14 @@
description = "Automatic connection to Tailscale";
# make sure tailscale is running before trying to connect to tailscale
after = ["network-pre.target" "tailscale.service"];
wants = ["network-pre.target" "tailscale.service"];
after = [
"network-pre.target"
"tailscale.service"
];
wants = [
"network-pre.target"
"tailscale.service"
];
wantedBy = [ "multi-user.target" ];
# set this service as a oneshot job

3
hosts/tsuru/services/woodpecker.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
sops.secrets.woodpecker-server = { };
sops.secrets.woodpecker-agent-secret = { };
services.woodpecker-server = {

2
hosts/yuki/default.nix
View file

@ -1,4 +1,4 @@
{...}: {
_: {
imports = [
./hardware.nix
./services

22
hosts/yuki/hardware.nix
View file

@ -1,11 +1,6 @@
{ lib, modulesPath, ... }:
{
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot = {
kernelModules = [ ];
@ -17,7 +12,14 @@
useOSProber = false;
};
initrd = {
availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
kernelModules = [ ];
};
};
@ -45,9 +47,7 @@
};
};
swapDevices = [
{device = "/dev/disk/by-uuid/bd7ccb73-6f85-4b3d-b37f-5cff58a6ab59";}
];
swapDevices = [ { device = "/dev/disk/by-uuid/bd7ccb73-6f85-4b3d-b37f-5cff58a6ab59"; } ];
networking.useDHCP = lib.mkDefault true;

6
hosts/yuki/home.nix
View file

@ -1,7 +1,5 @@
{...}: {
imports = [
../../home
];
_: {
imports = [ ../../home ];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;

3
hosts/yuki/services/anki-sync-server.nix
View file

@ -1,4 +1,5 @@
{config, ...}: {
{ config, ... }:
{
sops.secrets.anki-pwd = { };
services.anki-sync-server = {
enable = true;

3
hosts/yuki/services/default.nix
View file

@ -1,4 +1,5 @@
{...}: {
{ ... }:
{
imports = [
./hass
./restic.nix

43
hosts/yuki/services/hass/lovelace.nix
View file

@ -24,8 +24,12 @@ _: {
{
type = "light";
entity = "light.living_room";
tap_action = {action = "toggle";};
hold_action = {action = "Default action";};
tap_action = {
action = "toggle";
};
hold_action = {
action = "Default action";
};
style = {
top = "72.8%";
left = "75.3%";
@ -34,8 +38,12 @@ _: {
{
type = "light";
entity = "light.hall_light";
tap_action = {action = "toggle";};
hold_action = {action = "Default action";};
tap_action = {
action = "toggle";
};
hold_action = {
action = "Default action";
};
style = {
top = "72.8%";
left = "75.3%";
@ -49,8 +57,12 @@ _: {
{
type = "light";
entity = "light.master_bedroom_lamp";
tap_action = {action = "toggle";};
hold_action = {action = "Default action";};
tap_action = {
action = "toggle";
};
hold_action = {
action = "Default action";
};
style = {
top = "72.8%";
left = "75.3%";
@ -66,8 +78,12 @@ _: {
entity = "light.bedroom_1";
show_state = true;
show_icon = true;
tap_action = {action = "toggle";};
hold_action = {action = "Default action";};
tap_action = {
action = "toggle";
};
hold_action = {
action = "Default action";
};
style = {
top = "72.8%";
left = "75.3%";
@ -78,8 +94,12 @@ _: {
entity = "light.light_panels_58_6c_84";
show_state = true;
show_icon = true;
tap_action = {action = "toggle";};
hold_action = {action = "Default action";};
tap_action = {
action = "toggle";
};
hold_action = {
action = "Default action";
};
style = {
top = "72.8%";
left = "75.3%";
@ -102,8 +122,7 @@ _: {
}
{
title = "Bedroom 2";
cards = [
];
cards = [ ];
}
];
};

8
hosts/yuki/services/hydroxide.nix
View file

@ -1,6 +1,10 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.hydroxide ];
networking.firewall.allowedTCPPorts = [1025 1143];
networking.firewall.allowedTCPPorts = [
1025
1143
];
systemd.services.hydroxide = {
enable = true;

5
hosts/yuki/services/miniflux.nix
View file

@ -1,8 +1,5 @@
{ config, lib, ... }:
{
config,
lib,
...
}: {
sops.secrets.miniflux = { };
services.miniflux = {

17
hosts/yuki/services/paperless.nix
View file

@ -3,20 +3,27 @@
config,
lib,
...
}: {
}:
{
sops.secrets.paperless-pwd = {
owner = "paperless";
group = "paperless";
};
systemd.services = {
paperless-task-queue.serviceConfig = {PrivateNetwork = false;};
paperless-scheduler.serviceConfig = {PrivateNetwork = lib.mkForce false;};
paperless-task-queue.serviceConfig = {
PrivateNetwork = false;
};
paperless-scheduler.serviceConfig = {
PrivateNetwork = lib.mkForce false;
};
};
services.paperless = let
services.paperless =
let
dataDir = "/var/lib/paperless-ngx";
in {
in
{
package = pkgs.paperless-ngx;
enable = true;
address = "0.0.0.0";

13
hosts/yuki/services/restic.nix
View file

@ -1,9 +1,8 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.restic-yuki = {sopsFile = ../../../secrets/restic/secrets.yaml;};
sops.secrets.restic-yuki = {
sopsFile = ../../../secrets/restic/secrets.yaml;
};
environment.systemPackages = [ pkgs.restic ];
services.restic = {
backups = {
@ -15,9 +14,7 @@
"/var/lib/private/jellyseerr"
"/var/lib/private/homepage-dashboard"
];
exclude = [
"/home/notoh/docker/stash/data"
];
exclude = [ "/home/notoh/docker/stash/data" ];
pruneOpts = [
"--keep-daily=7"
"--keep-weekly=6"

5
hosts/yuki/services/searxng.nix
View file

@ -1,8 +1,5 @@
{ pkgs, config, ... }:
{
pkgs,
config,
...
}: {
sops.secrets.searxng-secret = { };
networking.firewall.allowedTCPPorts = [ 8100 ];
services.searx = {

6
hosts/yuki/services/stash.nix
View file

@ -1,6 +1,8 @@
_: let
_:
let
storagePath = "/home/notoh/docker/stash";
in {
in
{
virtualisation.oci-containers.containers.stash = {
image = "stashapp/stash@sha256:b3b59809d5be1d82467253ec9e2ee98628a0db7527d27a6c7daa75e1fcda7deb"; # v0.24.3
ports = [ "9999:9999" ];

26
hosts/yuki/services/traefik.nix
View file

@ -1,5 +1,10 @@
{config, ...}: {
networking.firewall.allowedTCPPorts = [80 443 8080];
{ config, ... }:
{
networking.firewall.allowedTCPPorts = [
80
443
8080
];
sops.secrets.cloudflare-api-key = { };
systemd.services.traefik = {
environment = {
@ -13,9 +18,11 @@
enable = true;
dynamicConfigOptions = {
http = {
routers = let
routers =
let
fqdn = "internal.flake.sh";
in {
in
{
# local
api = {
rule = "PathPrefix(`/api/`)";
@ -129,9 +136,11 @@
tls.certresolver = "production";
};
};
services = let
services =
let
kariruHost = "192.168.1.54:";
in {
in
{
# local
stash.loadBalancer.servers = [ { url = "http://localhost:9999"; } ];
homepage.loadBalancer.servers = [ { url = "http://localhost:7676"; } ];
@ -177,7 +186,10 @@
caServer = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "cloudflare";
resolvers = ["1.1.1.1:53" "1.0.0.1:53"];
resolvers = [
"1.1.1.1:53"
"1.0.0.1:53"
];
delayBeforeCheck = "0";
};
};

4
hosts/yuki/services/wallos.nix
View file

@ -6,6 +6,8 @@ _: {
"/home/notoh/docker/wallos/db:/var/www/html/db"
"/home/notoh/docker/wallos/logos:/var/www/html/images/uploads/logos"
];
environment = {TZ = "America/New_York";};
environment = {
TZ = "America/New_York";
};
};
}

3
modules/default.nix
View file

@ -1,4 +1,5 @@
{inputs, ...}: {
{ inputs, ... }:
{
imports = [
inputs.nh.nixosModules.default
./prometheus.nix

18
modules/fonts.nix
View file

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
fonts = {
enableDefaultPackages = false;
fontDir.enable = true;
@ -14,9 +15,18 @@
enable = true;
allowBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono NF Medium" "Twitter Color Emoji"];
serif = ["Noto Serif" "Twitter Color Emoji"];
sansSerif = ["Noto Sans" "Twitter Color Emoji"];
monospace = [
"JetBrainsMono NF Medium"
"Twitter Color Emoji"
];
serif = [
"Noto Serif"
"Twitter Color Emoji"
];
sansSerif = [
"Noto Sans"
"Twitter Color Emoji"
];
emoji = [ "Twitter Color Emoji" ];
};
hinting = {

Some files were not shown because too many files have changed in this diff Show more