nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nullbite:ae77cb3e0c9ce2051720b4fda6946180d5537648
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia
..
compare: nullbite:46ae872eade418c8acf302aa64b8f155ad35d84a
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia

5 Commits
ae77cb3e0c ... 46ae872ead

Author SHA1 Message Date
NullBite
46ae872ead
nixos-wsl: commit tmpfiles workaround 
TODO: move impl to system, this isn't even needed on WSL
 2024-12-21 17:39:02 +00:00
NullBite
9c85910688
rpi4: set btrfs commit interval to 5 minutes 
i meant to do this months ago. my last sd card died and i want to avoid
that happening again.
 2024-12-17 00:59:13 +00:00
NullBite
28cad3a3fb
rpi4: fix redlib, rename from libreddit 2024-07-23 19:51:19 +00:00
NullBite
5782db8360
rpi4: fix libreddit subscriptions 2024-07-23 19:34:39 +00:00
NullBite
f9f32ba0f4
rpi4: subscribe to garn47 2024-07-23 19:29:26 +00:00
52 changed files with 372 additions and 1426 deletions
Show Stats Expand all files Collapse all files

814
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

41
flake.nix
View File

@ -6,7 +6,7 @@
# ^^^^^^^^^^^^^ this part is optional
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixpkgs-nix-du.url = "github:NixOS/nixpkgs/c933cf4698e5189b35dd83bf4d7a81aef16d464a";
nixpkgs-yt-dlp-2024.url = "github:NixOS/nixpkgs/528db5fa94041f0b4909a855d8b9fb9b44fa4f5d";
# this seems to be a popular way to declare systems
systems.url = "github:nix-systems/default";
@ -42,22 +42,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# https://github.com/nix-community/lanzaboote/releases
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
};
# no inputs.nixpkgs.follows so i can use cachix
# https://github.com/hyprwm/Hyprland/releases
# hyprland.url = "git+https://github.com/hyprwm/Hyprland?rev=v0.4.1&submodules=1";
hyprland = {
type = "git";
url = "https://github.com/hyprwm/Hyprland";
submodules = true;
# ref = "refs/tags/v0.44.1";
};
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
hyprwm-contrib = {
url = "github:hyprwm/contrib";
@ -82,14 +68,9 @@
};
stylix = {
url = "github:danth/stylix";
url = "github:danth/stylix?ref=e8e3304c2f8cf2ca60dcfc736a7422af2f24b8a8";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
inputs.base16.follows = "base16";
};
base16 = {
url = "github:SenchoPens/base16.nix";
};
nixfiles-assets = {
@ -151,7 +132,7 @@
# My username
username = "nullbite";
# My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "Europe/Amsterdam";
mobileTimeZone = "America/New_York";
# Variables to be passed to NixOS modules in the vars attrset
vars = {
@ -357,7 +338,7 @@
# (extraS|s)pecialArgs to pass variables
nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (system: let pkgs = import nixpkgs-unstable { inherit system; };
packages = eachSystem (system: let pkgs = import nixpkgs { inherit system; };
in (
import ./pkgs { inherit pkgs; }) // {
iso = let
@ -396,18 +377,6 @@
hostname = "nixos-wsl";
};
# for eval testing
rpi4-x86_64 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;
system = "x86_64-linux";
stateVersion = "24.11";
hostname = "rpi4";
extraModules = [{
nixpkgs.hostPlatform = "x86_64-linux";
}];
};
rpi4 = mkSystem {
nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable;

11
home/common/theme.nix
View File

@ -1,7 +1,6 @@
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.theming;
mkDefaultStylix = lib.mkOverride 999;
toCaps = s: with lib.strings; with builtins;
(toUpper (substring 0 1 s)) + toLower (substring 1 ((stringLength s)-1) s);
@ -21,7 +20,7 @@ let
};
packages = {
cursors = catppuccin-cursors."${toLower flavor}${toCaps accent}";
kvantum = catppuccin-kvantum.override { variant = toLower flavor; accent = toLower accent; };
kvantum = catppuccin-kvantum.override { variant = toCaps flavor; accent = toCaps accent; };
icons = catppuccin-papirus-folders.override { flavor = toLower flavor; accent = toLower accent; };
gtk = catppuccin-gtk.override { variant = toLower flavor; accents = [ (toLower accent) ]; };
};
@ -67,7 +66,7 @@ in {
});
theme = lib.mkDefault {
package = pkgs.gnome-themes-extra;
package = pkgs.gnome.gnome-themes-extra;
name = "Adwaita-dark";
};
@ -81,9 +80,9 @@ in {
enable = true;
autoEnable = true;
cursor = {
package = mkDefaultStylix ctp.packages.cursors;
name = mkDefaultStylix ctp.names.cursors;
size = mkDefaultStylix 24;
package = lib.mkDefault ctp.packages.cursors;
name = lib.mkDefault ctp.names.cursors;
size = lib.mkDefault 24;
# x11.enable = lib.mkDefault true;
# gtk.enable = lib.mkDefault true;
};

13
home/common/wm/default.nix
View File

@ -19,9 +19,8 @@ in
./keybinds.nix
];
config = lib.mkIf cfg.enable {
# Common options for standalone window managers. many of these (or
# alternatives thereof) would normally be pulled in by desktop
# environments; we want to create a similar experience for window managers.
# Common options for standalone window managers; many of these (or
# alternatives thereof) are pulled in by desktop environments.
nixfiles.theming.enable = lib.mkDefault true;
nixfiles.programs.dunst.enable = lib.mkDefault true;
@ -35,8 +34,8 @@ in
exec "${pcmanfm-qt}/bin/pcmanfm-qt" "$@"
'';
in [
libsForQt5.qt5ct
kdePackages.qt6ct
qt5ct
qt6ct
swaybg
swayidle
libsForQt5.qtstyleplugin-kvantum
@ -50,9 +49,9 @@ in
nwg-look
nwg-displays
# very consistent (ok it's actually a little better now)
# very consistent
(catppuccin-papirus-folders.override {accent = "mauve"; flavor = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "mauve"; variant = "mocha"; })
(pkgs.catppuccin-kvantum.override {accent = "Mauve"; variant = "Mocha"; })
catppuccin-cursors.mochaMauve
arc-theme

2
home/package-sets/communication.nix
View File

@ -48,8 +48,6 @@ in
thunderbird
vesktop
rustdesk-pkg
tor-browser
onionshare
] ++ [
irssi
];

5
home/package-sets/gaming.nix
View File

@ -6,7 +6,10 @@ in
{
config = lib.mkIf cfg.enable {
nixpkgs.overlays = let
in lib.mkAfter [ ];
prismlauncher-config = (final: prev: {
prismlauncher = prev.prismlauncher.override { withWaylandGLFW = true; };
});
in lib.mkAfter [ prismlauncher-config ];
nixfiles.common.wm.autostart = [
"steam -silent"

1
home/package-sets/multimedia.nix
View File

@ -26,7 +26,6 @@ in
audacity
picard
spicetify-cli
(kodi.withPackages (_: [])) # this is required to get python libs
] ++ [
yt-dlp
gallery-dl

5
home/package-sets/productivity.nix
View File

@ -8,11 +8,6 @@ in
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
libreoffice-fresh
obsidian
anki
# mapping/GIS
qgis
josm
] ++ [
pandoc
];

1
home/sessions/default.nix
View File

@ -2,6 +2,5 @@
{
imports = [
./hyprland
./plasma.nix
];
}

6
home/sessions/hyprland/default.nix
View File

@ -276,7 +276,7 @@ in
"$mod, O, togglesplit," # dwindle"
"$mod, f, fullscreen"
"$mod SHIFT, f, fullscreenstate, -1 2"
"$mod SHIFT, f, fakefullscreen"
"$mod CTRL, f, fullscreen, 1"
# Move focus with mod + arrow keys
@ -339,8 +339,8 @@ in
"$mod, mouse_up, workspace, e-1"
# show this file (help)
# ("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
# + lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
("$mod, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim '+set nomodifiable' '+noremap q :q<CR>' "
+ lib.escapeShellArg (args.vars.self.outPath + "/home/sessions/hyprland/default.nix"))
# edit this file
("$mod SHIFT, slash, exec, ${terminal} -e ${pkgs.neovim}/bin/nvim "

35
home/sessions/plasma.nix
View File

@ -1,35 +0,0 @@
{ pkgs, config, lib, osConfig ? {}, ... }:
let
inherit (lib) mkOption mkEnableOption;
cfg = config.nixfiles.sessions.plasma;
in
{
options.nixfiles.sessions.plasma = {
enable = lib.mkOption {
description = "Whether to enable the Plasma session home configuration.";
type = with lib.types; bool;
default = osConfig.nixfiles.sessions.plasma.enable or false;
example = true;
};
};
config = lib.mkIf cfg.enable {
# TODO make this a generic implementation
home.packages = let
startupScript = pkgs.writeShellScript "autostart-script"
(lib.concatStringsSep "\n"
(builtins.map (x: "sh -c ${lib.escapeShellArg x} &") config.nixfiles.common.wm.autostart));
name = "home-manager-autostart";
desktopFilePkg = pkgs.makeDesktopItem {
inherit name;
desktopName = "Home Manager Autostart";
exec = startupScript;
};
autostartPkg = pkgs.runCommand name {} ''
mkdir -p $out/etc/xdg/autostart
ln -s "${desktopFilePkg}/share/applications/${name}.desktop" "$out/etc/xdg/autostart/"
'';
in [ autostartPkg ];
};
}

3
home/standalone.nix
View File

@ -1,10 +1,9 @@
# Home Manager default nixfiles entrypoint. This serves as an alternative to
# default.nix, which sets up some more appropriate options for home-manager
{ inputs, pkgs, config, lib, ... }:
{ pkgs, config, lib, ... }:
{
imports = [
./.
inputs.stylix.homeManagerModules.stylix
];
config = {
# bash is more common on my standalone machines for some reason (low

3
home/stylix.nix
View File

@ -1,11 +1,10 @@
{ pkgs, lib, config, inputs, ... }@args:
{
imports = [ ];
imports = [ inputs.stylix.homeManagerModules.stylix ];
config = {
stylix = lib.mkMerge [
{
targets.vim.enable = lib.mkDefault false;
targets.neovim.enable = lib.mkDefault false;
targets.gtk.enable = lib.mkDefault false;
targets.fzf.enable = lib.mkDefault false;
# the ring is styled light so it's light on light which looks worse than the default theme

4
hosts/nixos-wsl/configuration.nix
View File

@ -40,9 +40,9 @@
};
fonts.packages = with pkgs; [
nerd-fonts.fira-code
(nerdfonts.override { fonts = [ "FiraCode" ]; })
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk
];

52
hosts/nullbox/backup.nix
View File

@ -1,52 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) escapeShellArg;
secret = name: config.age.secrets."${name}".path;
fs = config.fileSystems."/srv/mcserver";
in
{
config = {
age.secrets.restic-rclone.file = ../../secrets/restic-rclone.age;
age.secrets.restic-password.file = ../../secrets/restic-password.age;
systemd.services.restic-backups-system = {
path = with pkgs; [ btrfs-progs ];
};
services.restic.backups.system = {
# create an atomic backup
backupPrepareCommand = ''
set -Eeuxo pipefail
if btrfs subvol delete /srv/mcserver/@restic; then
echo "Old restic snapshot deleted.";
fi
btrfs subvol snapshot -r /srv/mcserver /srv/mcserver/@restic
'';
backupCleanupCommand = ''
btrfs subvolume delete /srv/mcserver/@restic
'';
rcloneConfigFile = secret "restic-rclone";
passwordFile = secret "restic-password";
repository = "rclone:restic:";
exclude = [
".snapshots"
];
paths = [
"/srv/mcserver/@restic"
];
dynamicFilesFrom = ''
echo
'';
extraBackupArgs = [
"--tag=auto"
"--group-by=host,tag"
];
};
};
}

41
hosts/nullbox/configuration.nix
View File

@ -15,8 +15,6 @@
./mcserver.nix
./impermanence.nix
./backup.nix
];
config = {
@ -41,52 +39,32 @@
# hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.production;
hardware.nvidia.open = lib.mkForce false;
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
specialisation.plasma.configuration = {
system.nixos.tags = [ "Plasma" ];
nixfiles = {
session = "hyprland";
session = "plasma";
};
};
hardware.cpu.intel.updateMicrocode = true;
services.udev.extraRules = ''
# motherboard has a faulty USB hub or something; whenever *any* program
# tries to enumerate USB devices (which is a lot of programs for some
# reason), it hangs for several seconds. this disables the faulty hub.
SUBSYSTEMS=="usb", ACTION=="add", KERNEL=="usb2", ATTRS{idVendor}=="1d6b", ATTRS{idProduct}=="0003", ATTRS{serial}=="0000:00:14.0", ATTRS{busnum}=="2", ATTR{authorized}="0"
'';
# nixfiles
nixfiles = {
profile.workstation.enable = true;
programs.adb.enable = true;
workarounds.nvidiaPrimary = true;
programs.greetd = {
preset = "tuigreet";
settings = {
randr = [ "--output" "HDMI-A-3" "--off" ];
autologin = false;
autologin = true;
autologinUser = "nullbite";
autolock = false;
autolock = true;
};
};
programs.unbound.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries = {
windows = {
name = "Windows Boot Manager";
efiPartUUID = "6fc437f5-b917-42b2-9d5d-1439a14e105b";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
session = lib.mkDefault "hyprland";
hardware.nvidia.modesetting.enable = true;
packageSets.gaming.enable = true;
};
@ -109,9 +87,6 @@
};
};
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
networking.wg-quick.interfaces.wg0 = {
configFile = "/etc/wireguard/wg0.conf";
autostart = true;

20
hosts/nullbox/hardware-configuration.nix
View File

@ -41,33 +41,19 @@
fsType = "vfat";
};
fileSystems."/srv/mcserver-old" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver-old/.snapshots" =
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
fileSystems."/srv/mcserver" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=@mcserver" ];
};
fileSystems."/srv/mcserver/.snapshots" =
{ device = "/dev/disk/by-uuid/e36d1ab4-d18b-434e-80b5-0efca0652eb5";
{ device = "/dev/disk/by-uuid/7204ff85-6404-4bd7-ba0d-3fb23a5cf52c";
fsType = "btrfs";
options = [ "subvol=snapshots/@mcserver" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4b86cbd6-6fc5-47d4-9d44-35eec59cb785"; }
];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

3
hosts/nullbox/impermanence.nix
View File

@ -94,8 +94,7 @@ in {
"/var/db/sudo/lectured"
# remember login stuff
{ directory = "/var/cache/tuigreet"; user = "greeter"; group = "greeter"; }
{ directory = "/var/cache/regreet"; user = "greeter"; group = "greeter"; }
"/var/cache/tuigreet"
];
files = [

1
hosts/rpi4/backup.nix
View File

@ -23,7 +23,6 @@ in
"/opt"
"/var/lib/gitea"
"/var/lib/tailscale"
"/var/lib/private/anki-sync-server"
"/etc"
];
dynamicFilesFrom = ''

17
hosts/rpi4/configuration.nix
View File

@ -22,34 +22,23 @@
"/opt/hassio"
"/opt/hassio/.snapshots"
];
fn = (x: { options = [ "compress=zstd" "commit=300" "noatime" ];});
fn = (x: { options = [ "compress=zstd commit=300" ];});
in lib.genAttrs mounts fn;
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible = {
enable = true;
configurationLimit = 5;
};
# temporary while i am away from server
boot.kernelPackages = pkgs.linuxPackages_6_6;
boot.loader.generic-extlinux-compatible.enable = true;
nixfiles = {
profile.server.enable = true;
};
hardware.rtl-sdr.enable = true;
# VPN services
age.secrets.wg0 = {
file = ../../secrets/wireguard-rpi4.age;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
};
services.tailscale.enable = true;
systemd.services.wg-quick-wg0.serviceConfig.execStartPre = pkgs.writeShellScript "wait-dns" ''
until ${lib.getExe pkgs.getent} ahostsv4 example.com ; do echo sleep 1 ; done

5
hosts/rpi4/reddit-subscriptions.txt
View File

@ -5,7 +5,6 @@ autism
beatsaber
Bitwarden
boykisser
btd6
ConservativeRap
crackheadcraigslist
crackwatch
@ -20,12 +19,11 @@ femboymemes
feminineboys
flatpak
geometrydash
garn47
homeassistant
ihaveihaveihavereddit
LinkedInLunatics
linux
linux_gaming
losercity
NixOS
NonBinaryTalk
okbuddyhetero
@ -34,7 +32,6 @@ prismlauncher
rust
rustjerk
selfhosted
Shark_Park
steam
SteamDeck
talesfromtechsupport

48
hosts/rpi4/services.nix
View File

@ -46,10 +46,6 @@
mode = "0750";
};
age.secrets.anki = {
file = ../../secrets/anki-user.age;
};
users.groups.secrets = {};
users.users.acme.extraGroups = [ "secrets" ];
@ -78,8 +74,6 @@
"*.nbt.sh"
"proot.link"
"*.proot.link"
"nullbite.xyz"
"*.nullbite.xyz"
];
};
};
@ -100,7 +94,6 @@
secrets = {
jwtSecretFile = config.age.secrets.authelia-jwt.path;
storageEncryptionKeyFile = config.age.secrets.authelia-storage.path;
sessionSecretFile = config.age.secrets.authelia-session.path;
};
settings = {
access_control.default_policy = "one_factor";
@ -122,9 +115,6 @@
default_redirection_url = "https://admin.proot.link";
}
];
session.redis = {
host = config.services.redis.servers.authelia.unixSocket;
};
notifier.filesystem.filename = "/var/lib/authelia-${inst}/notification.txt";
authentication_backend.file.path = config.age.secrets.authelia-users.path;
server.port = lib.mkIf (opts ? port) (opts.port or null);
@ -137,16 +127,6 @@
};
};
services.redis = {
servers.authelia = {
enable = true;
};
};
users.users."${config.services.authelia.instances.main.user}".extraGroups = let
name = config.services.redis.servers.authelia.user;
in [ name ];
services.nginx = {
enable = true;
recommendedProxySettings = true;
@ -215,9 +195,9 @@
# libreddit auth 8087
"libreddit.protogen.io" = {
locations."/".return = "302 https://redlib.protogen.io$request_uri";
forceSSL = true;
useACMEHost = "protogen.io";
forceSSL = true;
locations."/".return = "302 https://redlib.protogen.io$request_uri";
};
"redlib.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082;
@ -257,8 +237,6 @@
"uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";
"anki.protogen.io" = mkReverseProxy config.services.anki-sync-server.port;
"trackmap.protogen.io" = let
root = pkgs.modpacks.notlite-ctm-static;
in {
@ -302,7 +280,7 @@
locations."/" = {
return = "302 https://protogen.io$request_uri";
};
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" "nullbite.xyz" "www.nullbite.xyz" ];
serverAliases = [ "www.nullbite.com" "nullbite.dev" "www.nullbite.dev" "www.protogen.io" ];
};
# show blank page for unknown hosts
@ -334,29 +312,11 @@
(lib.filter (x: x != ""))
(lib.concatStringsSep "+")
];
REDLIB_DEFAULT_SHOW_NSFW = "on";
REDLIB_DEFAULT_BLUR_NSFW = "on";
REDLIB_DEFAULT_BLUR_SPOILER = "on";
REDLIB_DEFAULT_USE_HLS = "on";
REDLIB_DEFAULT_DISABLE_VISIT_REDDIT_CONFIRMATION = "on";
REDLIB_ENABLE_RSS = "on";
};
services.redlib = {
enable = true;
port = 8087;
};
services.anki-sync-server = {
enable = true;
address = "127.0.0.1";
users = [
{
username = "nullbite";
passwordFile = config.age.secrets.anki.path;
}
];
package = pkgs.redlib;
};
};
}

57
hosts/slab/configuration.nix
View File

@ -19,12 +19,6 @@
};
}
# Lanzaboote workaround (nix-community/lanzaboote#173)
(lib.mkIf config.boot.lanzaboote.enable {
"/efi/EFI/Linux" = { device = "/boot/EFI/Linux"; options = [ "bind" ]; };
"/efi/EFI/nixos" = { device = "/boot/EFI/nixos"; options = [ "bind" ]; };
})
(lib.genAttrs [ "/.btrfsroot" "/" "/home" "/nix" ] ( fs: {
options = [ "compress=zstd" ];
}))
@ -39,48 +33,34 @@
./supergfxd.nix
];
# specialisation.plasma.configuration = {
# system.nixos.tags = [ "Plasma" ];
# nixfiles = {
# session = "plasma";
# };
# services.displayManager.sddm.enable = lib.mkForce true;
# # services.xserver.displayManager.startx.enable = lib.mkForce false;
# };
specialisation.hyprland.configuration = {
system.nixos.tags = [ "Hyprland" ];
nixfiles.session = "hyprland";
specialisation.plasma.configuration = {
system.nixos.tags = [ "Plasma" ];
nixfiles = {
session = "plasma";
};
services.displayManager.sddm.enable = lib.mkForce true;
services.xserver.displayManager.startx.enable = lib.mkForce false;
};
nixfiles.supergfxd.profile = lib.mkDefault "Integrated";
# who needs a display manager?
services.displayManager.sddm.enable = false;
nixfiles = {
profile.workstation.enable = true;
common.remoteAccess.enable = true;
common.bootnext = {
enable = true;
entries.windows = {
name = "Windows Boot Manager";
efiPartUUID = "c8505f55-1f48-47fc-9b3b-3ba16062cafd";
desktopEntry = {
name = "Windows";
icon = "microsoft-windows";
};
};
};
hardware.opengl.enable = true;
hardware.gps.enable = true;
packageSets = {
gaming.enable = true;
fun.enable = true;
};
# session = lib.mkDefault "hyprland";
session = lib.mkDefault "plasma";
session = lib.mkDefault "hyprland";
programs = {
adb.enable = true;
unbound.enable = false;
greetd = {
preset = "tuigreet";
settings = {
autologin = true;
autologinUser = "nullbite";
@ -122,22 +102,13 @@
# device = "nodev";
# };
systemd-boot = {
enable = lib.mkForce (!config.boot.lanzaboote.enable);
enable = true;
xbootldrMountPoint = "/boot";
netbootxyz.enable = true;
memtest86.enable = true;
};
};
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
settings.reboot-for-bitlocker = true;
};
# GPS data from my phone
services.gpsd.devices = lib.mkIf config.nixfiles.hardware.gps.enable [ "tcp://pixel.magpie-moth.ts.net:6000" ];
# systemd power/suspend configuration
systemd.targets = lib.genAttrs ["suspend" "hybrid-sleep" "suspend-then-hibernate"] (_: {
enable = false;
@ -170,7 +141,7 @@
# }}}
# Set your time zone.
# time.timeZone = vars.mobileTimeZone;
time.timeZone = vars.mobileTimeZone;
services.asusd.enable = true;

5
hosts/slab/nvidia-optimus.nix
View File

@ -27,10 +27,7 @@
nvidiaSettings = false;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in version;
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = {
offload = {

59
overlays/mitigations.nix
View File

@ -1,23 +1,8 @@
nixfiles: final: prev:
let
pkgsStable = import nixfiles.inputs.nixpkgs.outPath { inherit (prev) system; };
updateTime = nixfiles.inputs.nixpkgs-unstable.lastModified;
inherit (final) lib callPackage fetchFromGitHub;
inherit (lib) recurseIntoAttrs optionalAttrs
versionOlder versionAtLeast;
pkgsFromFlake = flake: (import flake.outPath) { inherit (prev) system; };
pkgsFromInput = name: pkgsFromFlake nixfiles.inputs.${name};
pickFixed = ours: theirs: if versionAtLeast ours.version theirs.version then ours else theirs;
pickNewer = ours: theirs: if versionOlder theirs.version ours.version then ours else theirs;
hold = now: days: ours: theirs: let
seconds = days * 24 * 60 * 60;
endTimestamp = now + seconds;
in if now < endTimestamp then ours else theirs;
optionalPkg = cond: val: if cond then val else null;
inherit (prev) lib callPackage fetchFromGitHub;
inherit (prev.lib) recurseIntoAttrs optionalAttrs;
isNewer = ref: ver: (builtins.compareVersions ver ref) == 1;
gimp-with-plugins-good = let
badPlugins = [ "gap" ];
@ -26,36 +11,24 @@ let
filteredPlugins = lib.filterAttrs pluginFilter prev.gimpPlugins;
plugins = lib.mapAttrsToList (_: v: v) filteredPlugins;
in prev.gimp-with-plugins.override { inherit plugins; };
# this also causes an infinite recursion and i have no idea why
# in nixfiles.inputs.nixpkgs.lib.filterAttrs (k: v: v != null) {
in {
nix-du = let
old = prev.nix-du;
new = (pkgsFromInput "nixpkgs-nix-du").nix-du;
in pickNewer old new;
gimp-with-plugins = gimp-with-plugins-good;
easyeffects = let
stable = pkgsStable.easyeffects;
unstable = prev.easyeffects;
in if updateTime < 1726148749 then stable else unstable;
compsize = let
stable = pkgsStable.compsize;
unstable = prev.compsize;
now = 1724786296;
in hold now 7 stable unstable;
qgis = let
stable = pkgsStable.qgis;
unstable = prev.qgis;
now = 1733871491;
in hold now 7 stable unstable;
yt-dlp = let
pkgs-y = (import nixfiles.inputs.nixpkgs-yt-dlp-2024.outPath) { inherit (prev) system;};
in if ((builtins.compareVersions "2024.5.27" prev.yt-dlp.version) == 1)
then (final.python3Packages.toPythonApplication pkgs-y.python3Packages.yt-dlp)
else prev.yt-dlp;
redlib = let
redlib-new = final.callPackage nixfiles.packages.${prev.system}.redlib.override {};
inherit (prev) redlib;
in pickNewer redlib-new redlib;
notOlder = (builtins.compareVersions redlib-new.version redlib.version) >= 0;
in if notOlder then redlib-new else redlib;
}
# # can't optionalAttrs for version checks because it breaks lazy eval and causes infinite recursion
# // {
# obsidian = let
# pkg = final.callPackage "${nixfiles.inputs.nixpkgs-unstable}/pkgs/applications/misc/obsidian" { electron = final.electron_28; };
# in if isNewer "1.4.16" prev.obsidian.version then prev.obsidian else pkg;
# }

4
overlays/modpacks.nix
View File

@ -3,8 +3,8 @@ let
inherit (final) lib;
inherit (lib) fakeHash;
notlite = let
commit = "0e42bfbc6189db5848252d7dc7a638103d9d44ee";
packHash = "sha256-X9a7htRhJcSRXu4uDvzSjdjCyWg+x7Dqws9pIlQtl6A=";
commit = "1e519c6bd8267cc84ca40fcecc6d2453fac81e1b";
packHash = "sha256-rK+yuQ/wS0QWaPglFvljnkY0FJNgXwFd+SweZZDCHWw=";
in final.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
inherit packHash;

4
pkgs/atool-wrapped/default.nix
View File

@ -5,7 +5,7 @@
lzip,
plzip,
lzop,
xz,
lzma,
zip,
unzip,
arj,
@ -16,7 +16,7 @@
lha,
unfree ? false }:
let
wrappedPath = lib.makeBinPath ([lzip plzip lzop xz zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
wrappedPath = lib.makeBinPath ([lzip plzip lzop lzma zip unzip arj rpm cpio p7zip] ++ lib.optionals unfree [unrar lha]);
in
stdenvNoCC.mkDerivation {
name = "atool-wrapped";

30
pkgs/redlib/auth-fix.patch Normal file
View File

@ -0,0 +1,30 @@
From bd47c206a1d94c8382570b69730d72562d777454 Mon Sep 17 00:00:00 2001
From: Matthew Esposito <matt@matthew.science>
Date: Thu, 30 May 2024 18:08:45 -0400
Subject: [PATCH] fix(oauth): Make Android user-agent patching unconditional
---
src/client.rs | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/client.rs b/src/client.rs
index 5b8fe8f..5ea9d1c 100644
--- a/src/client.rs
+++ b/src/client.rs
@@ -181,11 +181,12 @@ fn request(method: &'static Method, path: String, redirect: bool, quarantine: bo
)
};
- // Check if multi sub requested, or if submitted was requested. If so, replace "Android" with a tricky word.
+ // Replace "Android" with a tricky word.
// Issues: #78/#115, #116
- if path.contains('+') || path.contains("/submitted") {
- user_agent = user_agent.replace("Android", "Andr\u{200B}oid");
- }
+ // If you include the word "Android", you will get a number of different errors
+ // I guess they don't expect mobile traffic on the endpoints we use
+ // Scrawled on wall for next poor soul: Run the test suite.
+ user_agent = user_agent.replace("Android", "Andr\u{200B}oid");
// Build request to Reddit. When making a GET, request gzip compression.
// (Reddit doesn't do brotli yet.)

23
pkgs/redlib/default.nix
View File

@ -5,26 +5,23 @@
, rustPlatform
, fetchFromGitHub
, darwin
, nix-update-script
}:
rustPlatform.buildRustPackage rec {
pname = "redlib";
version = "0.35.1-unstable-2024-12-02";
version = "0.34.0";
src = fetchFromGitHub {
owner = "redlib-org";
repo = "redlib";
rev = "d7ec07cd0d713fc308e1004663b0053db8f00a0f";
hash = "sha256-bAsSLZWGLMrD21xdQtD5NyNsNSZwLOd/+6ujZpbsyQg=";
rev = "refs/tags/v${version}";
hash = "sha256-JpuCX2ae9me+zHxQj5jqQlgDci2NV+TEVUAqnuTn3cA=";
};
patches = [
# this is so the commit hash can be embedded so redlib doesn't complain
# about the server being outdated unless it's /actually/ outdated
./no-hash.patch
./auth-fix.patch
];
cargoHash = "sha256-5eQRioAdB1OharUwAZEuPe7NpZOFvqAyh2m+NVio8EI=";
cargoHash = "sha256-gkRblCHUFiprZeYtu43GIGBZqCq5l/HEGaQN91XbfSs=";
buildInputs = lib.optionals stdenv.isDarwin [
darwin.apple_sdk.frameworks.Security
@ -33,14 +30,8 @@ rustPlatform.buildRustPackage rec {
checkFlags = [
# All these test try to connect to Reddit.
"--skip=test_fetching_subreddit_quarantined"
"--skip=test_gated_and_quarantined"
"--skip=test_fetching_nsfw_subreddit"
"--skip=test_fetching_ws"
"--skip=test_private_sub"
"--skip=test_banned_sub"
"--skip=test_gated_sub"
"--skip=test_rate_limit_check"
"--skip=test_default_subscriptions"
"--skip=test_obfuscated_share_link"
"--skip=test_share_link_strip_json"
@ -53,20 +44,16 @@ rustPlatform.buildRustPackage rec {
"--skip=test_oauth_client"
"--skip=test_oauth_client_refresh"
"--skip=test_oauth_token_exists"
"--skip=test_oauth_headers_len"
];
env = {
SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
GIT_HASH=src.rev;
};
passthru.tests = {
inherit (nixosTests) redlib;
};
passthru.updateScript = nix-update-script { extraArgs = [ "--version=branch=main" ]; };
meta = {
changelog = "https://github.com/redlib-org/redlib/releases/tag/v${version}";
description = "Private front-end for Reddit (Continued fork of Libreddit)";

10
pkgs/redlib/no-hash.patch
View File

@ -1,10 +0,0 @@
diff --git a/build.rs b/build.rs
index 0bdbda0..869c7e6 100644
--- a/build.rs
+++ b/build.rs
@@ -21,5 +21,4 @@ fn main() {
)
.unwrap_or_default();
let git_hash = if output == String::default() { "dev".into() } else { output };
- println!("cargo:rustc-env=GIT_HASH={git_hash}");
}

45
secrets/anki-user.age
View File

@ -1,45 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ Py/ogGTqlQKlRecdysJUoN/Y0WyX4gp8E78/jdrf7wQ
elo9bSDa5LkTi7bsJbfUM1LGnZgtll4ZSaONjBz/Qbc
-> ssh-rsa I7EAZw
QOko8NtkGmL83hUfyUB7hljd2NRPiumDBWY8vAA4vmWyq/Gv71gKjKfB50cqo4Oq
vxHVlZM+g0PQhJlCLZH4gZwoVniXRtsVo7KlLRI13VpPMmPfN2mLlhvmKmxy+1r9
RXvYk9Z/NYe6Zz24c17QsxGSyIwXLxdTjvaRH8+pkx3EuIYdS++rONH21B+EkfAJ
KRCsla/vfhGaC2DeOyR7K4hasfbfIiuPEPgeMy55LdHRMjPddKut5YnrD+4r3iXK
O3ct4/w8+k7NKWsRKYY8I8FzQJ2ADJpfcAK2NBo3M5QkM6xD7rXFGNHcl+vztzUG
a+uUsjeZPtyvSdja8uyaF08OVQ41qYGZurnDEVaBcg6f5wfDA0msAqMjeNFs5ayN
4EFq11AiR2gZEJ0vyKNOrPQH9J2KiGKZFt699j0oasFgKWHdrhNlQdDjUy3ylU3L
nSurQFPg+8qolFS7hwiiv0orxV8eaBjwE7yvp8UZK1/XC1imcEShbvyIbTEEezDQ
-> ssh-rsa 0pGLuA
oXi/tWHfAs/sDj8JtEsfQe5mMFywpKb6WukrCTpo0qAZfdEl6wyvf9j+IFPUUxL9
+dzNM0fGnBRQOMpU7AeB7wZznK062VxWrOUYWO5qrofhTpJpfib3zSX3M5TLecxr
1s+s0Goim3xWJs03XwKeheqSFT2mwRNSmyk+dYgI8dQ7goA1hUn6jZqH+gg2miHI
0XYppYDGmmuQ+rtvvnt/2r+Gp0WUPHQuB5TTs9BhtZL15mMShL9XN5hIyict+wZR
DNRKwTbJzR3cw+i2IvHGDB8sGLbeCDOqGngvVCkGhELMxTQLd4epnW+wfVmKBqc9
Oky9INruZxL2TD/pcXwOC1TQC7pRmLT9yZ6p0YMAr7fpvTe20dWewVUE0X2Eisbn
dIob5dusJjs2uqWTKs5j3FZcGfrHeGpWGjanCOovkSONER6IwVB+LdnLf7MB+WM3
M8voAfaa5RbG/UjhDwSrvJvIMQOHbkljq2/8R1F3x+iVeVrK96w/9a8NStQBaSiA
-> ssh-rsa JoBDow
duiQ9RqFrUdCUs828+tECTLk6VUZSNuz8bBw2uMcXQeet7I2CKWELpBPGEHj5JGL
79LF/SRcxC9kb4jEFo+TO0qH3JDeSZ03NUcG9Re1bAbAoP1qNPbeK8dAl1dsC0g7
p/ADm15+uYiiertHbD6iCp0E234ZiFN9tEOITR4NhUQVDJC0uMmRYL4FgWxvxPJp
IvEovvrNen9dy0dpzihcOC2fv3nt8QpuhMS6OQtanSvilrwxGD+MmuSJ1FEb9p1e
biPH8atNotBbqDPJV784e42hgUouLEM1tnRcujZfofENE6Eoe5/RcmjIec4JtFyi
4aU9Vnh7LFX6v38hZZswpegWDav4W158EFxSz4JjIMdYPYAeUJXOJPT+jXacTDIJ
hv8g3ztDWCgW8KA2odOHO6jQ1dMn8o0n+JXgnTvxzGvOyflr9dTbg2YvrDzE7LZY
qujfGxIn5SHPCBPTPef0NQIpBv/HidlX47VV3UmSBaMxeBLENB4aH1c3g02MZPpG
-> ssh-rsa wzTCUg
ND8YpDmFhYeKH5bRFSWO6X69imBfsH/iKlDkyRyGgWuldMTmAyAg7TB8A56SEH4Y
uqEUNjWK1aNMibXnkT1TfdWjBIndsUV3gWVd8JezMvbWdG7ukuj1jV4grFl8MOmi
uZCoQlJmFMiyuBBdhqe2+w3MpxV8kTEXjytQApRvZC+EiwF5nQvhZH/lv4Sl12n7
6seWeKxpwOpnZU6fqfVEqwuZFvBIgllv6Ff2KfJ413OCr6UDZj+U8sK4HEr6x4EL
ET6Sh57VXV3ntoFS1z0wBvgQh/Ed2aFSQdDAll5W8QTB91mYAFRBHXfrOqOpBecN
O86J/beml1Sz20QAEMujFGUhgHSTw1mrBId9a0CAUn7+bZN7HTBpnKaBufubj9MN
LwRe6PwA2GgGdnVweHxVYI6OUmYCWkMyvG42rFjd3WDl3ev7r0pTQsnKdAH9DH1R
M3QShaLXhFrvnVei+qmAYQo7ab1gLr9bCW3kPBhVMBTyZbSBue/zhl/Dh3mQFSyZ
--- aI2L8OoxgqsBI7ORqDkrOcwdJwd5YEcqVkOWZw03YE0
Ò}Órïÿ#”-“<>VG—e°yGÌÙËă¡jurlUˆ°{'˜ÿí¢Q¨°0§urJ@Få

74
secrets/authelia-session.age
View File

@ -1,45 +1,47 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ TztZqKKRIE8zJon7oqC7EbM7T7yx9845g27qV6pyASI
O0EsKk/1M1IVr6QjhzSSTsR2aa96xsyXDIQGwrEyY6I
-> ssh-ed25519 YUrFgQ 42WuYgB9B/1sV+Q8qvMq/65u1Ed0hREmJKKOATv0r3M
Ypm4fT9GizmjTTpD51VWs0+cZ1VMOQElDJjxNb8Hv/E
-> ssh-rsa I7EAZw
hVcxzwHX2oGyEvAQ1KRxjXCZ3547JsrdqSYpruAC8dL6TUPywxjZxtRVPuThRYPP
x0/ZQDFxggV/tuoSYrRSdUy9SB/HCX2trWUMYprJh4QBb7Vb+6tXg2mSbWyZXd2B
CPKw+nCkOoG64gY+qSdrz1FojxmCGuQ98xcTjF4OYu1dVY4EeEesVb18VQeLp3u9
4Lklcr8Vo4pf+K9hA1g9H5TuzYsInrmw8NljII9jOcKK1E0J51gAUBkhy6MTklZx
jR0dUmlVI5ZabFlRpeMRP+jV4ZB0mRpnntP79M1Wxw4NKRW7mjkfVgdDbTINcZk7
bq4LH1zA/zJedFunqZltDLzXsSh/4uev73sZxPnsPh1AYb15QYRLyW9foYH7FVKk
yNhDjJP2IiMFATu5jaA1tnUIEtSIgZy9pWBHCBl6J/d9Df2woCvYLpvLdlVQ5gk5
P2Cvm1TqSuXcYlEZArmpH0G8nYPx/o0HJ6axUv0MwXhilM5NjhT4fF8NX3JW8864
ZOmiFsTngJAdLrGRBmp/oYxkHnP0Jc/dtGMSNrsc8cpGWFmG7jz634V6Z6WPIXDc
LsRo+UjNQeZzq8Dhayvg0rxi1jG8y6T4jqrDMNL9lHOcLzP2P3tJ7MMiXbTz6REe
gBxB/dbluFf5QEbKkbg2OgqXdfdb2yqJkVw3TJa8v72sCuLrgGZuVclBlgxISP1x
UQADBVevUCS9tHE9xCsIEUcZJVFjrsxXnyT0QirqLJTQldpogYuTWAre7gKON7Sr
fulaKfq/BdKBr5XrtSTh8H1+t0wiQJ1DjfjoghgU8MATFj84yWEyusOAr9YHmFmf
w1pzy3D2G6OTc8hyWG7JuGunWnnr5D+7WOQwNUjBqMRCcW7wI2Vb0ikkUctJ/4Ws
XIjL7evBM5HvskwK438lFl+XaBkGXdCWHm6JrOkD3RTLLZFjYQnSdDMIALTUu4MC
VE+VESpENmq7czckbxJpUKgI+LSS5hPty2DMSHS5SuFW8CV98bPB8TFiR1MMs9Ud
-> ssh-rsa 0pGLuA
JW3hrOO2HkHdFlJEVtkJeNErjsdnVs2Rrq89u+nBJgeWeO0aslcr0k8oPDPXGpN6
xLdLFs8k4ShHqVinPM88mFcZsBadLAWrCrjw6d1JHcpiMkiq8oOKkuBOQLgTbZMn
0q01X8PctElcX2i+DxTkA9Pv/kXM4Pf4AbAnoumO9H225dXECwyV7e9oAIaj0pqT
Vo5w3R4xOztLx03RLsQRnrXT2xN1sF30CN1hXhb6vh1NB2Mc+ERrUSa46SYkMZ3s
x+/nirbOP6f+qWkxTe/X/konQGZgftnHbke4eZYmEQ1FPFMa4bwJrw5crU+5aqR6
v7fWH/6m9cm/aQVteiYEdzYP6s3Mpu/SN04QdFZtXUtrBndCf3NhMSlBlCKOLTAX
67Z16/zSn+O3U9JhxevpWCIk3aLm63Zs4jqhBKT1KMIu5IOAwfebtIhbLRo99e5B
0/6GajNHT6DtxYAC0SoGUnWDed8KPngMI5hCXY3oVjopR5VCCLNe2yMByScGN3rX
bsz1aks3oNSbtc4NAV+Tm00a4EySmzwSc2kjcssod+TbguoYmyELuuEpPVLbiRmn
GskJN+6rOHvFKJFtcIn22wEN6n+c445qNzvAPUKq3KFzSYmGtuKJDCvAgY+JkkTg
lIeViZVSf9rwrGesAixrd7GoaWbrdhifHVIH6fPF6cyb2ufSj8NDDL8Fq55z8Q6d
YTe25iCtVmrmlKjW5m37sOrSoSsGvhfMMc/VyrYu+Is3SsAzYURKVSH9JgQSTc3X
rtGI8Yx2Hgk7z7uFDe3RKDJXV85nZzl0Vhid4TYlZ1QUc9JtsPAm8Sh8SMofNmnD
GBU3C8j/1bs4qwX/s9UrqJJz0+ibAZ60gM0dr+r805k+hJR7iAiwTh9v3M067bVm
4fr4xBoqMXr08t6elyQKKJtLweKSnTJQF/6BptcZapwJTWmxO9zrujag5Qse+csR
jewrsuUddqngOKdHknmQwgoIRzbW3rCtmqjgbDoOvF1xEAONgoDJuUBiULt2elPC
-> ssh-rsa JoBDow
nJRweRkogrfs+k4vAk0lNOOVwA3jx7GUY4HEyi6BgKyJFzKaGsn8lcnxETaiAyGq
S4LL4GJzsjJBqlUjAGHEHklh+4BbIJKa+RBvO7lRnNmh+DC3A3s2HLrnCx6jYLJ1
ZERCxiIo26MlvkSz6yk4XsluK7wg8b/2kwJAjRGIqRptl2PgWCtoWaw5KOp2BmFe
CdfrIKz3kC+1G8Xn9qUxPRhUUkjfGla/bKIGyGg7xCAi6P18bMWQzs7DO44/9UI7
mqxR62d0wX126bu98yoW6Xvbp10/LsKFeoJHcuP0yHiHJ28YLmNt+AXBRSsTQb59
2YXXtUZSmOWLiv380+PgAaT92QTW4a/m127HZSgAkVN8InNO12YmEcv6zWwwGw3E
4r63z0IxjjcT0aKMRYIDIzQ2DSYIcCO1ImaWRpCQpX8P7M04CpEa85q5SVkWXN+b
DckkH88azjB64xwhmdnIOhUrCKHvZGwYvjunyuf+XLH/E75o6XZuLKRF/lK5uGWC
MbVKzWRHhCenqinwJcGxFW4tMaFfwZtA7Fp6L+f6DTCDbtuE9ovt2bbfJ6/yzJjE
kEiEnLzNVZbVccdREDdI3kq8wiFJKuBVbOZXCGmk2rgVUzgwXO5FfHqM1dul5foW
cJuzYfBAtmEnVCI0LjwTw+4nNnMzykhh/9OKjEUQ8bVFH+leFjgAeJdcTD5hWUtG
w8WAlttos0gnFcxtPm1X+JN1Gyu1oiVGVk+u/hxWs7zAdAixPtICt5ZB3TLelyu8
yWbMARZ4uLtPzgy0asSlmeOZ8r0oaTHWieLP30F1alsyakFbO6qXQZGEVNfx4z0e
AvMnPz+SSLQ9OIdThnYOjDDAkT79I5xuY7YeGoDkTy6a8JEo1SdXkf+0SAtE/Ihx
TTDhar+pjV+eV72fMbhbMvENcVb0o4edP/mCJXl8Wjz/RSlQs+huiF+RDEs0RX18
iua+wAylwb1ZLYL4hzsxxUodngbroGwglaMMMCbV4wOYR9LPfwP6hy8/EvY30IxU
-> ssh-rsa wzTCUg
OpQspznWcve14f0UIr6WNZIm7nXXyeBP+MD6MzsxW2I+JQN9YbAT4y7a4Qphfis+
lb9lQhe2PiX1zil+mUOilflSmVSfbxihC3lkWcrZG2Ov+U3U3Cdbv4T8ZWxp8nkq
xHz3JkR97b7FXCprc3Z4gPY8bq7XIh6U0RzY3XCaDCuAXDirsVLd10byKB2LDWk/
D5FCOs/gdiCUP75fGNMuQqQiWn8IrfaMAZyh4XoFrBGhxbGIIifujc/Clp3QPJuC
P5VCldocm+b6Lskgdy1kPfeQbP3H4tcTNcbuDV/FitrM620k7gnfY9MCTRnwJKOY
ww2H39IjVHnzKw3Xdj05jqeRtWoassLE4T6xysqOixyD1XciMmjyDrt5rqNaNchY
jWk+lUBNM+ipcFvEV/Ivcxk2Cd8yrxWX1rWBQz9HCZqo+gKEFe+O5l2dXVHK5GOw
0aJwE3gPLJkSpPAINMVVlonlkXgoeFUVp1wG55xz7EmpQm/NYnd9PXilp/UWnvBM
mIms/oP6KFSxBaulSRvNT3oTdMijcUZRQgPCiysvJBkpSSsIpoH2DSBhLqs2z7RS
XvavUqn6FJCOQHb/c9TXoP00Mwx3X/mpn8mAxddnNH+19ZboFEAj9qgXMuWygjro
CeO7h0TjYq55pubTS68BWb4BhIvAGQmIeFd7QyozdFOnAQ1Wdw+UjAuRl2GGEIAW
ztk8yeU2zp5Jo8Nqc6GFNlZR7OYx8mlMAUvkdo53bU7fTM0EfsxRuP9aNO/HXoSS
8OOGQzt+qefFoqDYWS16ftLafrBqdWps+ivWzn0Bh2CtdemdOKMDosBDtrHcLKL5
qOgae79fQd5x9HF8UHqunGijgcGxnm0GHOT5mIGWw9ms4RzyhC58HVqOFmS0SIOW
/SdHspEoFpY3E0ImHbDhDwfOcHbYzLllX9uf+0Nif8SMYGhEMa9loxYK1yKZVGHt
NiBFidgH/8OECkDjmatBtzigYyq7Tk+Ct2eZZJSAyeP2VVNYT4uqtmp24hfBlLBR
--- h1O4L8FUSX0ZTrvHxfuDP3op6n4Lm6vBN3ZPo2aL/fE
[g ÝtÄè,¿;Ga>uðNV|‰¿\× p "Ž°z@Õq#…ËN¶3“d|KZfÁ¨+è“æîÝö—œ"6üž.Ö<˜„Cïµ`pŽÚß<¯áøîÊ€ÑóCQbEšt
--- anDEUDvExEekm+KJ9jnPJRT52weZhy7l6dCeqeKltr0
aD=˽˜t.$¡f˜DVF}3ãzÖ5ücæ3*=¤…-Ú Žù³L?ú–ã˜^
hP§©È¬Ÿ6T*|îXU¬c”
IL<EFBFBD>Õ&<ïqŒÏ¶É‡¨jkƒ >ö±ØÐr¶ @%]ÊÀñ¶¡w[¹áy… Ö( l˜½~Ù•têK²Ö{" œöZ¯&ÿ·6r»cÎEüûW2¤0r<30>5¸$­¯” ¡!¸Œ<C2B8>ÞGOsšÚÔ”Sˆ †Fm@Ó—a ,Jú•ûÓût¨¹}é'¤4:&ÿc0AAz

BIN
secrets/authelia-users.age
View File

Binary file not shown.

2
secrets/secrets.nix
View File

@ -25,7 +25,5 @@ in
"restic-rclone.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"restic-password.age".publicKeys = [ rpi4 nullbox slab ] ++ all-user;
"anki-user.age".publicKeys = [ rpi4 ] ++ all-user;
}

138
system/common/bootnext.nix
View File

@ -1,138 +0,0 @@
{ config, lib, pkgs, options, ... }:
let
inherit (lib) types escapeShellArg;
cfg = config.nixfiles.common.bootnext;
bootNextScriptMain = pkgs.writeShellScript "bootnext-wrapped" ''
set -Eeuxo pipefail
PATH=${lib.escapeShellArg (with pkgs; lib.makeBinPath [ gnugrep coreutils efibootmgr ])}
export PATH
function do_bootnext() {
uuid="$1"
shift
entryName="$1"
shift
efibootmgr -n "$(efibootmgr | grep -Fi "$uuid" | grep -F "$entryName" | cut -d' ' -f1 | tr -dc '[:digit:]')"
}
case "$1" in
${lib.concatStringsSep "\n" (
lib.mapAttrsToList (name: value:
" ${escapeShellArg name}) do_bootnext ${escapeShellArg value.efiPartUUID} ${escapeShellArg value.name} ;;"
) cfg.entries
)}
*) echo "Boot entry \"$1\" not configured."; exit 1;;
esac
'';
bootNextScript = pkgs.writeShellScriptBin "bootnext" ''
# this wrapper is needed because the sudoers config needs the path to the
# actual script and self referencing is a pain. this way we can guarantee
# that the script passed is exactly the same as the one in the sudoers
# config. i could use realpath but this is probably safer since it is not
# evaluated at runtime. who knows.
if [[ "$(id -u)" -ne 0 ]]; then
exec sudo ${escapeShellArg bootNextScriptMain} "$@"
else
exec ${escapeShellArg bootNextScriptMain} "$@"
fi
'';
desktopWrapper = pkgs.writeShellScript "bootnext-desktop-wrapper" ''
if ${pkgs.libsForQt5.kdialog}/bin/kdialog --warningyesno "Are you sure you want to reboot?" ; then
${bootNextScript}/bin/bootnext "$@"
reboot
fi
'';
bootnextDesktopEntries = pkgs.symlinkJoin {
name = "bootnext-desktop-entries";
paths = lib.mapAttrsToList (name: value: pkgs.makeDesktopItem {
name = "bootnext-reboot-${name}";
desktopName = "Reboot into ${value.desktopEntry.name}";
comment = "Select the entry defined by the `${name}` configuration in the bootnext script and then reboot.";
icon = "${value.desktopEntry.icon}";
keywords = [ "bootnext" "reboot" "${name}" "${value.desktopEntry.name}" ];
exec = "${desktopWrapper} ${name}";
}) (lib.filterAttrs (_: value: value.desktopEntry.enable) cfg.entries);
};
in
{
options = {
nixfiles.common.bootnext = {
enable = lib.mkOption {
description = ''
Whether to enable the bootnext wrapper command for controlling boot order
'';
type = types.bool;
default = false;
example = true;
};
enableDesktopEntries = lib.mkEnableOption "generation of bootnext Desktop entries" // { default = true; };
entries = let
entryModule = {name, config, ... }: {
options = let
uuidType = with types; lib.mkOptionType {
name = "uuid";
description = "UUID";
descriptionClass = "noun";
check = let
uuidRegex = "^[0-9A-Fa-f]{8}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{4}-[0-9A-Fa-f]{12}$";
in x: str.check x && (builtins.match uuidRegex x) != null;
inherit (str) merge;
};
in {
efiPartUUID = lib.mkOption {
description = "UUID of EFI partition containing boot entry";
type = uuidType;
apply = lib.strings.toLower;
};
name = lib.mkOption {
description = "Name of boot entry as it appears in efibootmgr";
type = types.str;
example = "Windows Boot Manager";
};
desktopEntry = {
enable = lib.mkOption {
description = "Whether to generate this desktop entry.";
type = types.bool;
default = true;
example = false;
};
name = lib.mkOption {
description = "Display name of boot entry for desktop entry.";
type = types.str;
default = config.name;
example = "Windows";
};
icon = lib.mkOption {
description = "Path or name of icon to use for desktop entry";
type = with types; nullOr str;
default = null;
};
};
};
};
in lib.mkOption {
description = "bootnext entry";
type = with types; attrsOf (submodule entryModule);
};
};
};
config = lib.mkIf cfg.enable {
environment.systemPackages = [ bootNextScript ] ++ lib.optional cfg.enableDesktopEntries bootnextDesktopEntries;
security.sudo.extraRules = lib.mkAfter [
{
commands = [
{ command = "${bootNextScriptMain}"; options = [ "NOPASSWD" ]; }
];
groups = [ "wheel" ];
}
];
};
}

1
system/common/default.nix
View File

@ -5,6 +5,5 @@
./remote.nix
./wm.nix
./nix.nix
./bootnext.nix
];
}

8
system/common/nix.nix
View File

@ -70,14 +70,6 @@ in
# fallback to building locally if binary cache fails (home-manager should be
# able to handle simple rebuilds offline)
nix.settings.fallback = lib.mkDefault true;
# trust all members of wheel. this technically can give you root power,
# but if you've compromised a member of wheel, you might as well already
# be root; you could easily intercept a sudo call.
nix.settings.trusted-users = [
"@wheel"
"root"
];
})
];
}

5
system/common/remote.nix
View File

@ -19,10 +19,7 @@ in
openFirewall = true;
};
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
};
services.tailscale.enable = true;
networking.wireguard.enable = true;
};

1
system/default.nix
View File

@ -19,7 +19,6 @@ in
./minecraft.nix # imports inputs.nix-minecraft
inputs.impermanence.nixosModules.impermanence
inputs.agenix.nixosModules.default
inputs.lanzaboote.nixosModules.lanzaboote
./stylix.nix # imports inputs.stylix
];
config = {};

1
system/hardware/default.nix
View File

@ -6,6 +6,5 @@
./opengl.nix
./sound.nix
./binfmt.nix
./gps.nix
];
}

48
system/hardware/gps.nix
View File

@ -1,48 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.nixfiles.hardware.gps;
in
{
options = {
nixfiles.hardware.gps = {
enable = lib.mkEnableOption "GPS configuration";
gpsdBridge = lib.mkOption {
description = "Whether to enable bridging of gpsd data to Geoclue2";
default = true;
example = false;
type = lib.types.bool;
};
};
};
config = lib.mkIf cfg.enable {
services.geoclue2 = {
enable = true;
};
environment.etc."geoclue/conf.d/00-nmea-socket.conf".text = lib.mkIf cfg.gpsdBridge ''
[network-nmea]
enable=true
nmea-socket=/run/gpsd-nmea/nmea.sock
'';
# this could probably be a systemd socket but i don't know how to make those
systemd.services.gpsd-nmea-bridge = lib.mkIf cfg.gpsdBridge {
path = with pkgs; [
gpsd
coreutils
socat
];
description = "gpsd to Geoclue2 GPS data bridge";
before = [ "geoclue.service" ];
wantedBy = [ "geoclue.service" "multi-user.target" ];
serviceConfig = {
RuntimeDirectory = "gpsd-nmea";
ExecStart = pkgs.writeShellScript "gpsd-nmea-bridge" ''
exec socat -U UNIX-LISTEN:''${RUNTIME_DIRECTORY}/nmea.sock,fork,reuseaddr,mode=777 SYSTEM:'gpspipe -Br | stdbuf -oL tail -n+4'
'';
};
};
services.gpsd.enable = lib.mkIf cfg.gpsdBridge true;
};
}

5
system/hardware/nvidia.nix
View File

@ -68,10 +68,7 @@ in
nvidiaSettings = lib.mkDefault true;
# Optionally, you may need to select the appropriate driver version for your specific GPU.
package = let
stable = config.boot.kernelPackages.nvidiaPackages.stable;
version = stable;
in lib.mkDefault version;
package = lib.mkDefault config.boot.kernelPackages.nvidiaPackages.stable;
};
};
}

4
system/minecraft.nix
View File

@ -20,13 +20,13 @@
modpackFiles = lib.mkOption {
description = "List of files from modpack to copy into server directory";
type = with lib.types; listOf str;
type = with lib.types; listOf string;
default = [ ];
};
modpackSymlinks = lib.mkOption {
description = "List of files from modpack to symlink into server directory";
type = with lib.types; listOf str;
type = with lib.types; listOf string;
default = [ ];
};
};

5
system/package-sets/gaming.nix
View File

@ -28,7 +28,10 @@ in
];
};
});
in [ steamGamescopeFix ];
prismlauncherWayland = (final: prev: {
prismlauncher = prev.prismlauncher.override { withWaylandGLFW = true; };
});
in [ steamGamescopeFix prismlauncherWayland ];
programs.steam = {
enable = lib.mkDefault true;

6
system/profile/base.nix
View File

@ -67,14 +67,10 @@ in
fd
ripgrep
sbctl # TODO move this elsewhere
comma
nil
# UEFI utils
efitools
sbctl
sbsigntool
# network utilities
inetutils
socat

21
system/profile/pc.nix
View File

@ -24,12 +24,6 @@ in
# FIXME find somewhere else to put this
networking.networkmanager.enable = lib.mkDefault true; # Easiest to use and most distros use this by default.
# contains icons for bootnext desktop entries (the Windows icon); there's
# probably no reason to *not* include this.
environment.systemPackages = with pkgs; [
nixfiles-assets
];
# enable option sets
nixfiles = {
hardware = {
@ -38,21 +32,6 @@ in
};
};
# enable filesystems
boot.supportedFilesystems = {
# not yet; need kernel 6.7. update the lts kernel first.
# bcachefs = mkDefault true;
cifs = mkDefault true;
ext4 = mkDefault true;
ecryptfs = mkDefault true;
exfat = mkDefault true;
f2fs = mkDefault true;
nfs = mkDefault true;
squashfs = mkDefault true;
vfat = mkDefault true;
xfs = mkDefault true;
};
# probably unnecessary, this will be enabled by whatever session i use
# Enable the X11 windowing system.
# services.xserver.enable = true;

4
system/profile/workstation.nix
View File

@ -34,9 +34,9 @@ in
services.flatpak.enable = mkDefault true;
fonts.packages = with pkgs; [
nerd-fonts.fira-code
(nerdfonts.override { fonts = [ "FiraCode" ]; })
font-awesome
noto-fonts-cjk-sans
noto-fonts-cjk
(google-fonts.override { fonts = [ "NovaSquare" ];})
];

63
system/programs/greetd.nix
View File

@ -1,9 +1,9 @@
{ pkgs, config, lib, options, ... }:
let
cfg = config.nixfiles.programs.greetd;
inherit (lib) types optional optionals escapeShellArg escapeShellArgs;
inherit (types) bool enum nullOr str path listOf;
inherit (lib.types) bool enum nullOr str path listOf;
inherit (builtins) isNull;
inherit (lib) optional optionals;
optionalsSet = val: optionals (!(isNull val));
optionalSet = val: optional (!(isNull val));
sessions = config.services.displayManager.sessionData.desktops;
@ -13,12 +13,6 @@ let
loginwrap=pkgs.writeShellScriptBin "loginwrap" ''
exec "$SHELL" -lc 'exec "$@"' "login-wrapper" "$@"
'';
mkPresetOption = x: lib.mkOption {
description = "${x} greetd configuration";
type = bool;
default = false;
};
in
{
config = lib.mkIf cfg.enable {
@ -63,34 +57,7 @@ in
];
};
};
# regreet config (it is configured through an upstream module; the only
# greetd-specific config set is default_session, so we can configure it
# here instead of above.)
programs.regreet = let
# lets us use wlr-randr
wrapperPackage = pkgs.writeShellScriptBin "regreet-wrapper" ''
${cfg.settings.graphicalInit}
exec ${escapeShellArg (lib.getExe pkgs.greetd.regreet)} "$@"
'';
in lib.mkIf cfg.presets.regreet.enable {
enable = lib.mkDefault true;
package = wrapperPackage;
settings = {
background.path = cfg.settings.wallpaper;
fit = lib.mkDefault "Fill";
appearance.greeting_msg = cfg.settings.greeting;
};
};
# self config
nixfiles.programs.greetd = {
presets.${cfg.preset}.enable = true;
settings.graphicalInit = lib.optionalString (cfg.settings.randr != null) ''
${lib.getExe pkgs.wlr-randr} ${escapeShellArgs cfg.settings.randr}
'';
};
nixfiles.programs.greetd.presets.${cfg.preset}.enable = true;
};
options.nixfiles.programs.greetd = {
@ -99,7 +66,7 @@ in
preset = lib.mkOption {
description = "greetd configuration to enable (shorthand for presets.<preset>.enable)";
type = enum (lib.mapAttrsToList (name: value: name) options.nixfiles.programs.greetd.presets);
default = "regreet";
default = "tuigreet";
};
settings = {
@ -127,20 +94,6 @@ in
default = null;
example = [ "Hyprland" ];
};
graphicalInit = lib.mkOption {
description = "Commands to run upon initialization of a graphical greeter.";
type = lib.types.lines;
default = "";
};
randr = lib.mkOption {
description = "Options to pass to wlr-randr";
type = nullOr (listOf str);
default = null;
example = [ "--output" "HDMI-A-3" "--off" ];
};
loginShell = lib.mkOption {
description = "Wrap in login shell to source .profile/.zshenv/etc. (if configurable).";
type = bool;
@ -182,8 +135,10 @@ in
example = true;
};
};
presets.regreet.enable = mkPresetOption "regreet";
presets.tuigreet.enable = mkPresetOption "tuigreet";
presets.tuigreet.enable = lib.mkOption {
description = "tuigreet greetd configuration";
type = bool;
default = false;
};
};
}

4
system/sessions/hyprland.nix
View File

@ -3,8 +3,6 @@ let
cfg = config.nixfiles.sessions.hyprland;
flake-package = inputs.hyprland.packages.${pkgs.system}.hyprland;
flake-portal = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland;
nvidiaEnabled = (lib.elem "nvidia" config.services.xserver.videoDrivers);
in
{
# imports = [
@ -66,7 +64,7 @@ in
# NIXOS_OZONE_WL = "1"; # this is breaking things for some reason
}
(lib.mkIf (nvidiaEnabled && config.hardware.nvidia.modesetting.enable) {
(lib.mkIf config.hardware.nvidia.modesetting.enable {
WLR_NO_HARDWARE_CURSORS = "1";
})
];

9
system/sessions/plasma.nix
View File

@ -15,11 +15,9 @@ in
};
config = mkIf cfg.enable {
nixfiles.programs.greetd.enable = lib.mkDefault true;
nixfiles.programs.greetd.settings.command = lib.mkDefault [ "${pkgs.kdePackages.plasma-workspace}/libexec/plasma-dbus-run-session-if-needed" "startplasma-wayland" ];
services.xserver.enable = true;
services.desktopManager.plasma6.enable = true;
services.displayManager.sddm.enable = mkDefault true;
services.xserver.desktopManager.plasma6.enable = true;
services.displayManager.defaultSession = "plasma";
programs.kdeconnect.enable = mkDefault true;
nixfiles.meta.wayland = true;
@ -48,8 +46,7 @@ in
environment.systemPackages = with pkgs; [
# this fixes tiny file dialogs for Minecraft
kdePackages.kdialog
kdePackages.yakuake
libsForQt5.kdialog
];
};
}

5
system/stylix.nix
View File

@ -10,7 +10,7 @@
# this naming is confusing as shit
# this enables color theming of things by stylix
autoEnable = lib.mkDefault config.stylix.enable;
# this enables the entire module. keep this off by default.
# this enables installation of fonts/images/etc
enable = lib.mkDefault false;
# an image i like
@ -22,7 +22,8 @@
# use system config in home-manager
followSystem = lib.mkDefault true;
autoImport = lib.mkDefault true;
# I will manually import within home-manager so it works standalone
autoImport = lib.mkDefault false;
};
};
};

26
update.sh
View File

@ -1,26 +0,0 @@
#!/usr/bin/env nix-shell
#!nix-shell -i bash -p nix-update
set -Eeuxo pipefail
if [[ "$#" -ne 0 ]] ; then
until [[ "$#" -le 0 ]]; do
case "$1" in
pkgs|packages) DO_PACKAGES=1;;
flake) DO_FLAKE=1;;
esac
shift
done
else
DO_PACKAGES=1
DO_FLAKE=1
fi
cd "$(dirname "$0")"
[[ -n "${DO_FLAKE:+x}" ]] && nix flake update || true
if [[ -n "${DO_PACKAGES:+x}" ]] ; then
nix-update --flake redlib --version=branch=main
fi