nullbite/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nullbite:fd94cff63edfa593abe7edee1cd83245dc0476e0
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia
..
compare: nullbite:90587d63cb4deeeacf106b4082014337d4a72487
Branches Tags
nullbite:main
nullbite:feature/refactor-module-args
nullbite:flake-parts-hosts
nullbite:feature/tmpfiles-workaround
nullbite:wip/unified-lts-kernel
nullbite:wip/lanzaboote
nullbite:authelia
nullbite:btrfs
nullbite:wip/theme-helper
nullbite:wip/unstable
nullbite:archive/authelia

3 Commits
fd94cff63e ... 90587d63cb

Author SHA1 Message Date
NullBite
90587d63cb
move authelia into separate file 2024-06-27 20:22:43 -04:00
NullBite
1720c3c456
minor remove test thing (squash later) 2024-06-26 20:33:47 -04:00
NullBite
35ea0561f4
rpi4: submodule extension test 2024-06-26 19:01:59 -04:00
24 changed files with 209 additions and 486 deletions
Show Stats Expand all files Collapse all files

207
flake.lock generated
View File

@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1720546205, "lastModified": 1718371084,
"narHash": "sha256-boCXsjYVxDviyzoEyAk624600f3ZBo/DKtUdvMTpbGY=", "narHash": "sha256-abpBi61mg0g+lFFU0zY4C6oP6fBwPzbHPKBGw676xsA=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6", "rev": "3a56735779db467538fb2e577eda28a9daacaca6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -176,22 +176,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1696426674,
@ -207,7 +191,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -245,24 +229,6 @@
"inputs": { "inputs": {
"systems": "systems_6" "systems": "systems_6"
}, },
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_7"
},
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
@ -338,11 +304,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720470846, "lastModified": 1719180626,
"narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=", "narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192", "rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -358,11 +324,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1719827415, "lastModified": 1717476296,
"narHash": "sha256-pvh+1hStXXAZf0sZ1xIJbWGx4u+OGBC1rVx6Wsw0fBw=", "narHash": "sha256-ScHe38Tr+TxGURC17kby4mIIxOG3aJvZWXzPM79UnEk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f2e3c19867262dbe84fdfab42467fc8dd83a2005", "rev": "095ef64aa3b2ab4a4f1bf07f29997e21e3a5576a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -388,11 +354,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720108799, "lastModified": 1718450675,
"narHash": "sha256-AxRkTJlbB8r7aG6gvc7IaLhc2T9TO4/8uqanKRxukBQ=", "narHash": "sha256-jpsns6buS4bK+1sF8sL8AaixAiCRjA+nldTKvcwmvUs=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "a5c0d57325c5f0814c39110a70ca19c070ae9486", "rev": "66d5b46ff94efbfa6fa3d1d1b66735f1779c34a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -434,11 +400,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1720453602, "lastModified": 1719348396,
"narHash": "sha256-7+PjJZn/jpqNkVKJ3AGVT9G601rVj/R8KkT+WWjhwyk=", "narHash": "sha256-mkicHoAPk4VWXdPVD54K66/kWmAZJgO+v+b9TcS17B4=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "b03f41efec14273cf25c42d4cef326acc36cb319", "rev": "c338acbb7dc64a735dadd0ae54f3b17d85a2a467",
"revCount": 4913, "revCount": 4890,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@ -463,11 +429,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718746314, "lastModified": 1714869498,
"narHash": "sha256-HUklK5u86w2Yh9dOkk4FdsL8eehcOZ95jPhLixGDRQY=", "narHash": "sha256-vbLVOWvQqo4n1yvkg/Q70VTlPbMmTiCQfNTgcWDCfJM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "1b61f0093afff20ab44d88ad707aed8bf2215290", "rev": "e06482e0e611130cd1929f75e8c1cf679e57d161",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -514,11 +480,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720381373, "lastModified": 1717881852,
"narHash": "sha256-lyC/EZdHULsaAKVryK11lgHY9u6pXr7qR4irnxNWC7k=", "narHash": "sha256-XeeVoKHQgfKuXoP6q90sUqKyl7EYy3ol2dVZGM+Jj94=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "5df0174fd09de4ac5475233d65ffc703e89b82eb", "rev": "ec6938c66253429192274d612912649a0cfe4d28",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -539,11 +505,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720203444, "lastModified": 1719316102,
"narHash": "sha256-lq2dPPPcwMHTLsFrQ2pRp4c2LwDZWoqzSyjuPdeJCP4=", "narHash": "sha256-dmRz128j/lJmMuTYeCYPfSBRHHQO3VeH4PbmoyAhHzw=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "a8c3a135701a7b64db0a88ec353a392f402d2a87", "rev": "1f6bbec5954f623ff8d68e567bddcce97cd2f085",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -564,11 +530,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720215857, "lastModified": 1719067853,
"narHash": "sha256-JPdL+Qul+jEueAn8CARfcWP83eJgwkhMejQYfDvrgvU=", "narHash": "sha256-mAnZG/eQy72Fp1ImGtqCgUrDumnR1rMZv2E/zgP4U74=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "d5fa094ca27e0039be5e94c0a80ae433145af8bb", "rev": "914f083741e694092ee60a39d31f693d0a6dc734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -619,11 +585,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720334033, "lastModified": 1719111455,
"narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=", "narHash": "sha256-rnIxHx+fLpydjMQsbpZ21kblUr/lMqSaAtMA4+qMMEE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "685e40e1348007d2cf76747a201bab43d86b38cb", "rev": "4293f532d0107dfb7e6f8b34a0421dc8111320e6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -641,56 +607,34 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720572381, "lastModified": 1716948931,
"narHash": "sha256-y3sXBK51k3LIqGvH48ObjVgzFa+GMOHRdr+2KABU12g=", "narHash": "sha256-wP2A/wbxE7h8u5iwlogkEevsIvx/dJmZlyoyy/2x3rE=",
"owner": "Silveere",
"repo": "nix-minecraft",
"rev": "ffd41af3e7035bb033c30ef9758a4d41466d0de9",
"type": "github"
},
"original": {
"owner": "Silveere",
"ref": "quilt-revert",
"repo": "nix-minecraft",
"type": "github"
}
},
"nix-minecraft-upstream": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs-unstable"
]
},
"locked": {
"lastModified": 1720574857,
"narHash": "sha256-d54eAlQJ+8qJIeiBxjGT63qNgOhhx8G8h4UzmUUWXTU=",
"owner": "infinidoge", "owner": "infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "94356ef03990fb5b8a3015a13df397ceb612ddc4", "rev": "ab4790259bf8ed20f4417de5a0e5ee592094c7c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "infinidoge", "owner": "infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "ab4790259bf8ed20f4417de5a0e5ee592094c7c3",
"type": "github" "type": "github"
} }
}, },
"nix-wsl": { "nix-wsl": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1720428387, "lastModified": 1719220171,
"narHash": "sha256-0vHxVNWTql555MZLb2kngrcjfNtsJKoYdyUivTibgnc=", "narHash": "sha256-xywM6JoGT8AwfoOFJBTv8GRlvNu8LYqqqMS/OQ6uCgE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "30ebd0beb2ed26e09bcd245d757504029f807cce", "rev": "269411cfed6aab694e46f719277c972de96177bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -724,11 +668,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1720031269, "lastModified": 1719075281,
"narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", "narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", "rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -740,11 +684,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1720571246, "lastModified": 1719285171,
"narHash": "sha256-nkUXwunTck+hNMt2wZuYRN+jf2ySRjKTzI0fo5TDH78=", "narHash": "sha256-kOUKtKfYEh8h8goL/P6lKF4Jb0sXnEkFyEganzdTGvo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "16e401f01842c5bb2499e78c1fe227f939c0c474", "rev": "cfb89a95f19bea461fc37228dc4d07b22fe617c2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -772,20 +716,36 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1720553833, "lastModified": 1719122173,
"narHash": "sha256-IXMiHQMtdShDXcBW95ctA+m5Oq2kLxnBt7WlMxvDQXA=", "narHash": "sha256-aEMsNUtqSPwn6l+LIZ/rX++nCgun3E9M3uSZs6Rwb7w=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "249fbde2a178a2ea2638b65b9ecebd531b338cf9", "rev": "906320ae02f769d13a646eb3605a9821df0d6ea2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.05", "ref": "nixos-23.11",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"pkg-android-tools": {
"locked": {
"lastModified": 1676239704,
"narHash": "sha256-eKJDKTzI/uHNmfOX1Ln7Y1cjyA9XAkf5vyWdz03EXAA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55070e598e0e03d1d116c49b9eff322ef07c6ac6",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55070e598e0e03d1d116c49b9eff322ef07c6ac6",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
@ -797,15 +757,15 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-minecraft": "nix-minecraft", "nix-minecraft": "nix-minecraft",
"nix-minecraft-upstream": "nix-minecraft-upstream",
"nix-wsl": "nix-wsl", "nix-wsl": "nix-wsl",
"nixfiles-assets": "nixfiles-assets", "nixfiles-assets": "nixfiles-assets",
"nixpkgs": "nixpkgs_2", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-yt-dlp-2024": "nixpkgs-yt-dlp-2024", "nixpkgs-yt-dlp-2024": "nixpkgs-yt-dlp-2024",
"pkg-android-tools": "pkg-android-tools",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"stylix": "stylix", "stylix": "stylix",
"systems": "systems_8" "systems": "systems_7"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -815,11 +775,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720577957, "lastModified": 1719281921,
"narHash": "sha256-RZuzLdB/8FaXaSzEoWLg3au/mtbuH7MGn2LmXUKT62g=", "narHash": "sha256-LIBMfhM9pMOlEvBI757GOK5l0R58SRi6YpwfYMbf4yc=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "a434177dfcc53bf8f1f348a3c39bfb336d760286", "rev": "b6032d3a404d8a52ecfc8571ff0c26dfbe221d07",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -837,7 +797,7 @@
"base16-kitty": "base16-kitty", "base16-kitty": "base16-kitty",
"base16-tmux": "base16-tmux", "base16-tmux": "base16-tmux",
"base16-vim": "base16-vim", "base16-vim": "base16-vim",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_3",
"gnome-shell": "gnome-shell", "gnome-shell": "gnome-shell",
"home-manager": [ "home-manager": [
"home-manager" "home-manager"
@ -966,21 +926,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_8": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": "hyprland-protocols", "hyprland-protocols": "hyprland-protocols",
@ -998,11 +943,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720194466, "lastModified": 1718619174,
"narHash": "sha256-Rizg9efi6ue95zOp0MeIV2ZedNo+5U9G2l6yirgBUnA=", "narHash": "sha256-FWW68AVYmB91ZDQnhLMBNCUUTCjb1ZpO2k2KIytHtkA=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "b9b97e5ba23fe7bd5fa4df54696102e8aa863cf6", "rev": "c7894aa54f9a7dbd16df5cd24d420c8af22d5623",
"type": "github" "type": "github"
}, },
"original": { "original": {

61
flake.nix
View File

@ -2,7 +2,7 @@
description = "NixOS Configuration"; description = "NixOS Configuration";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
# ^^^^^^^^^^^^^ this part is optional # ^^^^^^^^^^^^^ this part is optional
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
@ -21,13 +21,12 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
nix-minecraft = { # 33.0.3p2 as suggested by https://xdaforums.com/t/guide-january-3-2024-root-pixel-7-pro-unlock-bootloader-pass-safetynet-both-slots-bootable-more.4505353/
url = "github:Silveere/nix-minecraft/quilt-revert"; # android tools versions [ 34.0.0, 34.0.5 ) causes bootloops somehow and 34.0.5 isn't in nixpkgs yet
inputs.nixpkgs.follows = "nixpkgs-unstable"; pkg-android-tools.url = "github:NixOS/nixpkgs/55070e598e0e03d1d116c49b9eff322ef07c6ac6";
};
nix-minecraft-upstream = { nix-minecraft = {
url = "github:infinidoge/nix-minecraft"; url = "github:infinidoge/nix-minecraft/ab4790259bf8ed20f4417de5a0e5ee592094c7c3";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
@ -90,19 +89,11 @@
lib = nixpkgs.lib; lib = nixpkgs.lib;
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [ "x86_64-linux" "aarch64-linux" ];
overlays = let overlays = [
nix-minecraft-patched-overlay = let /* android-tools 33.0.3p2 */ (final: prev: {
normal = inputs.nix-minecraft-upstream.overlays.default; inherit (inputs.pkg-android-tools.legacyPackages.${final.system})
quilt = inputs.nix-minecraft.overlays.default; android-tools android-udev-rules;
in lib.composeExtensions })
normal
(final: prev: let
x=quilt final prev;
in {
inherit (x) quiltServers quilt-server;
minecraftServers = prev.minecraftServers // x.quiltServers;
});
in [
(final: prev: let (final: prev: let
packages = import ./pkgs { inherit (prev) pkgs; }; packages = import ./pkgs { inherit (prev) pkgs; };
in { in {
@ -119,7 +110,7 @@
inputs.hyprwm-contrib.overlays.default inputs.hyprwm-contrib.overlays.default
inputs.rust-overlay.overlays.default inputs.rust-overlay.overlays.default
inputs.nixfiles-assets.overlays.default inputs.nixfiles-assets.overlays.default
nix-minecraft-patched-overlay inputs.nix-minecraft.overlays.default
# inputs.hypridle.overlays.default # inputs.hypridle.overlays.default
(final: prev: { inherit (inputs.hypridle.packages.${prev.system}) hypridle; }) (final: prev: { inherit (inputs.hypridle.packages.${prev.system}) hypridle; })
]; ];
@ -130,11 +121,10 @@
# My current timezone for any mobile devices (i.e., my laptop) # My current timezone for any mobile devices (i.e., my laptop)
mobileTimeZone = "America/New_York"; mobileTimeZone = "America/New_York";
# TODO this was something for android-tools. overlays are a better way to
# define packages anyway, probably remove this.
#
# define extra packages here # define extra packages here
mkExtraPkgs = system: { mkExtraPkgs = system: {
# android-tools = inputs.pkg-android-tools.legacyPackages.${system}.android-tools;
inherit (inputs.pkg-android-tools.legacyPackages.${system}) android-tools android-udev-rules;
}; };
# Variables to be passed to NixOS modules in the vars attrset # Variables to be passed to NixOS modules in the vars attrset
@ -265,20 +255,6 @@
in in
mkSystem (args // override); mkSystem (args // override);
mkISOSystem = system: inputs.nixpkgs-unstable.lib.nixosSystem {
inherit system;
modules = [
"${inputs.nixpkgs-unstable}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix"
({ config, pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
neovim
gparted
];
})
];
};
# values to be passed to nixosModules and homeManagerModules wrappers # values to be passed to nixosModules and homeManagerModules wrappers
moduleInputs = { moduleInputs = {
inherit mkExtraPkgs; inherit mkExtraPkgs;
@ -346,20 +322,13 @@
nixosModules = (import ./modules/nixos) moduleInputs; nixosModules = (import ./modules/nixos) moduleInputs;
homeManagerModules = (import ./modules/home-manager) moduleInputs; homeManagerModules = (import ./modules/home-manager) moduleInputs;
packages = eachSystem (system: let pkgs = import nixpkgs { inherit system; }; packages = eachSystem (system: let pkgs = import nixpkgs { inherit system; };
in ( in import ./pkgs { inherit pkgs; });
import ./pkgs { inherit pkgs; }) // {
iso = let
isoSystem = mkISOSystem system;
in isoSystem.config.system.build.isoImage;
}
);
apps = eachSystem (system: import ./pkgs/apps.nix apps = eachSystem (system: import ./pkgs/apps.nix
{ inherit (self.outputs) packages; inherit system; }); { inherit (self.outputs) packages; inherit system; });
overlays = import ./overlays self; overlays = import ./overlays self;
nixosConfigurations = { nixosConfigurations = {
iso = mkISOSystem "x86_64-linux";
slab = mkSystem { slab = mkSystem {
nixpkgs = inputs.nixpkgs-unstable; nixpkgs = inputs.nixpkgs-unstable;
home-manager = inputs.home-manager-unstable; home-manager = inputs.home-manager-unstable;

3
home/common/wm/default.nix
View File

@ -58,9 +58,6 @@ in
]; ];
programs = { programs = {
waybar = {
enable = true;
};
swaylock = { swaylock = {
enable = true; enable = true;

6
home/package-sets/multimedia.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, inputs, osConfig ? { }, ...}: { config, lib, pkgs, osConfig ? { }, ...}:
let let
cfg = config.nixfiles.packageSets.multimedia; cfg = config.nixfiles.packageSets.multimedia;
inherit (lib) optionals mkEnableOption mkIf; inherit (lib) optionals mkEnableOption mkIf;
@ -16,8 +16,6 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions = [ { assertion = inputs.nixpkgs-unstable.sourceInfo.lastModified <= 1720571246; message = "re-add picard and remove this assertion"; } ];
home.packages = with pkgs; optionals config.nixfiles.meta.graphical [ home.packages = with pkgs; optionals config.nixfiles.meta.graphical [
mpv mpv
gimp gimp
@ -26,7 +24,7 @@ in
obs-studio obs-studio
nomacs nomacs
audacity audacity
# picard picard
spicetify-cli spicetify-cli
] ++ [ ] ++ [
yt-dlp yt-dlp

2
home/sessions/hyprland/default.nix
View File

@ -61,7 +61,6 @@ let
${pkgs.systemd}/bin/systemctl --user restart xdg-desktop-portal.service ${pkgs.systemd}/bin/systemctl --user restart xdg-desktop-portal.service
''; '';
bar-cmd = "${pkgs.waybar}/bin/waybar";
# Hyprland workspace configuration # Hyprland workspace configuration
mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]); mainWorkspaces = builtins.genList (x: x+1) (9 ++ [0]);
workspaceName = key: let workspaceName = key: let
@ -153,7 +152,6 @@ in
polkit-agent polkit-agent
idle-cmd idle-cmd
xdpg-workaround xdpg-workaround
bar-cmd
]; ];
# Source a file (multi-file configs) # Source a file (multi-file configs)

1
home/stylix.nix
View File

@ -9,7 +9,6 @@
targets.fzf.enable = lib.mkDefault false; targets.fzf.enable = lib.mkDefault false;
# the ring is styled light so it's light on light which looks worse than the default theme # the ring is styled light so it's light on light which looks worse than the default theme
targets.swaylock.enable = lib.mkDefault false; targets.swaylock.enable = lib.mkDefault false;
targets.waybar.enable = lib.mkDefault false;
} }
# only if styix is standalone # only if styix is standalone
(lib.mkIf (!(args ? osConfig && args.osConfig ? stylix)) { (lib.mkIf (!(args ? osConfig && args.osConfig ? stylix)) {

53
hosts/nullbox/impermanence.nix
View File

@ -1,30 +1,39 @@
{ pkgs, config, lib, ... }: { pkgs, config, lib, ... }:
let let
inherit (lib) escapeShellArg; mkBtrfsInit = { prefix ? "",
# (wip) more configurable than old one, will be used by volatile btrfs module
mkBtrfsInit = { volatileRoot ? "/volatile",
oldRoots ? "/old_roots",
volume }: volume }:
'' ''
mkdir -p /btrfs_tmp mkdir /btrfs_tmp
mount ${escapeShellArg volume} /btrfs_tmp -o subvol=/ mount ${volume} /btrfs_tmp -o subvol=/
# ensure subvol parent directory exists # unix is fine with multiple consecutive slashes if prefix is empty or
mkdir -p $(dirname /btrfs_tmp/${escapeShellArg volatileRoot}) # contains a leading or trailing slash
mkdir -p "/btrfs_tmp/${prefix}/"
if [[ -e /btrfs_tmp/${escapeShellArg volatileRoot} ]] ; then if [[ -e "/btrfs_tmp/${prefix}/volatile" ]] ; then
mkdir -p /btrfs_tmp/${escapeShellArg oldRoots} mkdir -p "/btrfs_tmp/${prefix}/old_roots"
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${escapeShellArg volatileRoot})" "+%Y-%m-%-d_%H:%M:%S") timestamp=$(date --date="@$(stat -c %Y "/btrfs_tmp/${prefix}/volatile")" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/${escapeShellArg volatileRoot} /btrfs_tmp/${escapeShellArg oldRoots}/"$timestamp" mv "/btrfs_tmp/${prefix}/volatile" "/btrfs_tmp/${prefix}/old_roots/$timestamp"
fi fi
btrfs subvolume create /btrfs_tmp/${escapeShellArg volatileRoot} delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
# btrfs subvolume delete "$1"
echo would run: btrfs subvolume delete "$1"
echo remove this echo once you see this message
}
for i in $(find /btrfs_tmp/${prefix}/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/${prefix}/volatile
umount /btrfs_tmp umount /btrfs_tmp
# TODO implement deletion once system is booted. the old implementation did
# it here, which is not safe until system time is at least monotonic.
# systemd tmpfiles is good enough, just mount it to somewhere in /run
''; '';
root_vol = "/dev/archdesktop/root"; root_vol = "/dev/archdesktop/root";
@ -37,13 +46,7 @@ in {
options = [ "subvol=/nixos/@persist" ]; options = [ "subvol=/nixos/@persist" ];
}; };
# TODO volatile btrfs module boot.initrd.postDeviceCommands = lib.mkAfter (mkBtrfsInit { prefix = "nixos"; volume = root_vol; });
boot.initrd.postDeviceCommands = lib.mkAfter (mkBtrfsInit {
volume = root_vol;
volatileRoot = "/nixos/volatile";
oldRoots = "/nixos/old_roots";
});
fileSystems."/" = lib.mkForce { fileSystems."/" = lib.mkForce {
device = root_vol; device = root_vol;
fsType = "btrfs"; fsType = "btrfs";
@ -88,7 +91,6 @@ in {
"/var/lib/NetworkManager" "/var/lib/NetworkManager"
"/var/lib/power-profiles-daemon" "/var/lib/power-profiles-daemon"
"/var/lib/systemd/rfkill" "/var/lib/systemd/rfkill"
"/var/lib/systemd/timesync"
{ directory = "/var/lib/tailscale"; mode = "0700"; } { directory = "/var/lib/tailscale"; mode = "0700"; }
"/var/lib/unbound" "/var/lib/unbound"
"/var/db/sudo/lectured" "/var/db/sudo/lectured"
@ -105,6 +107,7 @@ in {
users.mutableUsers = false; users.mutableUsers = false;
users.users.nullbite.hashedPasswordFile = "/persist/passfile/nullbite"; users.users.nullbite.hashedPasswordFile = "/persist/passfile/nullbite";
users.users.nullbite.initialPassword = null;
users.users.root.hashedPasswordFile = "/persist/passfile/root"; users.users.root.hashedPasswordFile = "/persist/passfile/root";
}; };
} }

34
hosts/nullbox/mcserver.nix
View File

@ -22,12 +22,12 @@ in
SUBVOLUME = "/srv/mcserver"; SUBVOLUME = "/srv/mcserver";
TIMELINE_CREATE = true; TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true; TIMELINE_CLEANUP = true;
TIMELINE_MIN_AGE = 1800; TIMELINE_MIN_AGE = "1800";
TIMELINE_LIMIT_HOURLY = 36; TIMELINE_LIMIT_HOURLY = "36";
TIMELINE_LIMIT_DAILY = 14; TIMELINE_LIMIT_DAILY = "14";
TIMELINE_LIMIT_WEEKLY = 4; TIMELINE_LIMIT_WEEKLY = "4";
TIMELINE_LIMIT_MONTHLY = 12; TIMELINE_LIMIT_MONTHLY = "12";
TIMELINE_LIMIT_YEARLY = 10000; TIMELINE_LIMIT_YEARLY = "10000";
}; };
}; };
@ -37,10 +37,10 @@ in
dataDir = "/srv/mcserver"; dataDir = "/srv/mcserver";
servers = let servers = let
notlite-modpack = let notlite-modpack = let
commit = "7697c3a"; commit = "9e96ad3";
in pkgs.fetchPackwizModpack { in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml"; url = "https://gitea.protogen.io/nullbite/notlite/raw/commit/${commit}/pack.toml";
packHash = "sha256-/IA/NP1w9RcWg+71lxUN+Q3hz12GhN/e4lkSnaYyAb4="; packHash = "sha256-N3Pdlqte8OYz6wz3O/TSG75FMAV+XWAipqoXsYbcYDQ=";
}; };
# hack to make quilt work. requires manual installation. # hack to make quilt work. requires manual installation.
@ -48,25 +48,7 @@ in
shimPackage = pkgs.writeShellScriptBin "minecraft-server" '' shimPackage = pkgs.writeShellScriptBin "minecraft-server" ''
exec ${pkgs.jre_headless}/bin/java $@ -jar ./quilt-server-launch.jar nogui exec ${pkgs.jre_headless}/bin/java $@ -jar ./quilt-server-launch.jar nogui
''; '';
nulllite-staging = let
commit = "b8c639a";
packHash = "sha256-HTDVIkcBf0DyLbSCuU08/HnEQuesi3cmXXhB4y4lyko=";
in pkgs.fetchPackwizModpack {
url = "https://gitea.protogen.io/nullbite/nulllite/raw/commit/${commit}/pack.toml";
inherit packHash;
};
in { in {
nulllite-staging = {
useRecommendedDefaults = true;
enable = true;
autoStart = false;
modpack = nulllite-staging;
modpackSymlinks = [ "mods" ];
modpackFiles = [ "config/" ];
serverProperties.server-port = 25574;
serverProperties.motd = "staging server";
};
notlite = { notlite = {
useRecommendedDefaults = true; useRecommendedDefaults = true;
enable = true; enable = true;

75
hosts/rpi4/authelia.nix
View File

@ -1,89 +1,22 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
inherit (lib) types;
inherit (builtins) isNull;
getUpstreamFromInstance = instance: let
inherit (config.services.authelia.instances.${instance}.settings) server;
inherit (server) port;
host = if server.host == "0.0.0.0" then "127.0.0.1"
else if lib.hasInfix ":" server.host then
throw "TODO IPv6 not supported in Authelia server address (hard to parse, can't tell if it is [::])."
else server.host;
in "http://${host}:${port}";
in
{ {
# authelia # authelia
options.services.nginx = let options.services.nginx = let
inherit (lib) types;
mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); }; mkAttrsOfSubmoduleOpt = module: lib.mkOption { type = with types; attrsOf (submodule module); };
# make system config accessible from submodules # make system config accessible from submodules
systemConfig = config; systemConfig = config;
# submodule definitions # submodule definitions
locationModule' = vhostAttrs: { name, config, ... }: {
};
vhostModule = { name, config, ... }@attrs: { vhostModule = { name, config, ... }@attrs: {
options = { options.locations = mkAttrsOfSubmoduleOpt (locationModule' attrs);
locations = mkAttrsOfSubmoduleOpt (locationModule' attrs);
authelia = {
endpoint = {
instance = lib.mkOption {
description = ''
Local Authelia instance to act as the authentication endpoint.
This virtualHost will be configured to provide the
public-facing authentication service.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authentication
requests to.
'';
type = with types; nullOr str;
default = null;
};
};
instance = lib.mkOption {
description = ''
Local Authelia instance to use. Setting this option will
automatically configure Authelia on the specified virtualHost
with the given instance of Authelia.
'';
type = with types; nullOr str;
default = null;
};
upstream = lib.mkOption {
description = ''
Internal URL of the Authelia endpoint to forward authorization
requests to. This should not be the public-facing authentication
endpoint URL.
'';
};
};
};
config = {
authelia.upstream = lib.mkIf (!(isNull config.authelia.instance))
(getUpstreamFromInstance config.authelia.instance);
authelia.endpoint.upstream = lib.mkIf (!(isNull config.authelia.endpoint.instance))
(getUpstreamFromInstance config.authelia.endpoint.instance);
};
};
locationModule' = vhostAttrs: { name, config, ... }: let
vhostConfig = vhostAttrs.config;
in {
}; };
in { in {
virtualHosts = mkAttrsOfSubmoduleOpt vhostModule; virtualHosts = mkAttrsOfSubmoduleOpt vhostModule;
}; };
# TODO check if any vhosts have authelia configured
config = lib.mkIf false {
assertions = [
# TODO vhost cannot be both auth endpoint and regular reverse proxy
];
};
} }

6
hosts/rpi4/configuration.nix
View File

@ -37,10 +37,6 @@
file = ../../secrets/wireguard-rpi4.age; file = ../../secrets/wireguard-rpi4.age;
}; };
services.tailscale.enable = true; services.tailscale.enable = true;
systemd.services.wg-quick-wg0.serviceConfig.execStartPre = pkgs.writeShellScript "wait-dns" ''
until ${lib.getExe pkgs.getent} ahostsv4 example.com ; do echo sleep 1 ; done
'';
networking.wg-quick.interfaces.wg0 = { networking.wg-quick.interfaces.wg0 = {
configFile = config.age.secrets.wg0.path; configFile = config.age.secrets.wg0.path;
autostart = true; autostart = true;
@ -63,7 +59,7 @@
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone. # Set your time zone.
time.timeZone = "America/New_York"; # time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary # Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.default = "http://user:password@proxy:port/";

64
hosts/rpi4/services.nix
View File

@ -11,17 +11,6 @@
group = "secrets"; group = "secrets";
}; };
age.secrets.htpasswd-cam = {
file = ../../secrets/htpasswd-cam.age;
group = "nginx";
mode = "0750";
};
age.secrets.htpasswd = {
file = ../../secrets/htpasswd.age;
group = "nginx";
mode = "0750";
};
users.groups.secrets = {}; users.groups.secrets = {};
users.users.acme.extraGroups = [ "secrets" ]; users.users.acme.extraGroups = [ "secrets" ];
@ -72,35 +61,14 @@
''; '';
virtualHosts = let virtualHosts = let
mkReverseProxy = port: {
useACMEHost = "protogen.io"; useACMEHost = "protogen.io";
mkProxy = args@{ upstream ? "http://127.0.0.1:${builtins.toString args.port}", auth ? false, extraConfig ? {}, ... }:
lib.mkMerge [
{
inherit useACMEHost;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = upstream; proxyPass = "http://127.0.0.1:${builtins.toString port}";
proxyWebsockets = true; proxyWebsockets = true;
}; };
} };
(lib.mkIf auth {
basicAuthFile = config.age.secrets.htpasswd.path;
})
extraConfig
];
# mkReverseProxy = port: {
# inherit useACMEHost;
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://127.0.0.1:${builtins.toString port}";
# proxyWebsockets = true;
# };
# };
mkAuthProxy = port: mkProxy { inherit port; auth = true; };
mkReverseProxy = port: mkProxy { inherit port; };
in { in {
# TODO change all these with a vim macro when i learn how to extend submodules # TODO change all these with a vim macro when i learn how to extend submodules
"changedetection.protogen.io" = mkReverseProxy 5000; "changedetection.protogen.io" = mkReverseProxy 5000;
@ -111,39 +79,15 @@
"hass.protogen.io" = mkReverseProxy 8123; "hass.protogen.io" = mkReverseProxy 8123;
"node.protogen.io" = mkReverseProxy 1880; "node.protogen.io" = mkReverseProxy 1880;
# z2m auth 8124 # z2m auth 8124
"z2m.protogen.io" = mkAuthProxy 8124;
"room.protogen.io" = mkReverseProxy 8096; "room.protogen.io" = mkReverseProxy 8096;
"deemix.protogen.io" = mkAuthProxy 6595; # deemix auth 8096
# libreddit auth 8087 # libreddit auth 8087
"libreddit.protogen.io" = mkAuthProxy 8087;
"rss.protogen.io" = mkReverseProxy 8082; "rss.protogen.io" = mkReverseProxy 8082;
"blahaj.protogen.io" = mkReverseProxy 8086; "blahaj.protogen.io" = mkReverseProxy 8086;
# octoprint (proxy_addr is 10.10.1.8) # octoprint (proxy_addr is 10.10.1.8)
"print.protogen.io" = lib.mkMerge [ (mkProxy { auth = true; upstream = "http://10.10.1.8:80"; })
{
locations."/webcam" = {
proxyPass = "http://10.10.1.8:80$request_uri";
proxyWebsockets = true;
basicAuthFile = config.age.secrets.htpasswd-cam.path;
};
}];
# searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml) # searx auth 8088 (none for /favicon.ico, /autocompleter, /opensearch.xml)
"search.protogen.io".locations."/".return = "302 https://searx.protogen.io$request_uri";
"searx.protogen.io" = let
port = 8088;
in mkProxy { auth = true; inherit port; extraConfig = {
locations = lib.genAttrs [ "/favicon.ico" "/autocompleter" "/opensearch.xml" ] (attr: {
proxyPass = "http://localhost:${builtins.toString port}";
proxyWebsockets = true;
extraConfig = ''
auth_basic off;
'';
});
};};
# nbt.sh alias proot.link 8090 # nbt.sh alias proot.link 8090
"nbt.sh" = mkProxy { port = 8090; extraConfig.serverAliases = [ "proot.link" ]; };
# admin.nbt.sh alias admin.proot.link 8091 auth # admin.nbt.sh alias admin.proot.link 8091 auth
"admin.nbt.sh" = mkProxy { auth = true; port = 8091; extraConfig.serverAliases = [ "admin.proot.link" ]; };
# create track map todo later # create track map todo later
"uptime.protogen.io" = mkReverseProxy 3001; "uptime.protogen.io" = mkReverseProxy 3001;
"kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io"; "kuma.protogen.io".locations."/".return = "301 https://uptime.protogen.io";

20
hosts/slab/configuration.nix
View File

@ -74,20 +74,12 @@
networking.hostName = "slab"; networking.hostName = "slab";
boot.initrd.systemd.enable = true;
boot.plymouth.enable = true;
boot.kernelParams = [ "quiet" ];
# annoying ACPI bug
boot.consoleLogLevel = 2;
# cryptsetup # cryptsetup
boot.initrd.luks.devices = { boot.initrd.luks.devices = {
lvmroot = { lvmroot = {
device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a"; device="/dev/disk/by-uuid/2872c0f0-e544-45f0-9b6c-ea022af7805a";
allowDiscards = true; allowDiscards = true;
fallbackToPassword = lib.mkIf (!config.boot.initrd.systemd.enable) true; fallbackToPassword = true;
preLVM = true; preLVM = true;
}; };
}; };
@ -96,7 +88,7 @@
boot.loader = { boot.loader = {
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/efi"; efiSysMountPoint = "/boot";
}; };
# grub = { # grub = {
# enable = true; # enable = true;
@ -105,9 +97,10 @@
# }; # };
systemd-boot = { systemd-boot = {
enable = true; enable = true;
xbootldrMountPoint = "/boot";
netbootxyz.enable = true; netbootxyz.enable = true;
memtest86.enable = true; memtest86.enable = true;
# grr oem efi partitions
configurationLimit = 4;
}; };
}; };
@ -117,11 +110,6 @@
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
}); });
# might make hibernate better idk
systemd.sleep.extraConfig = ''
disk=shutdown
'';
services.logind = { services.logind = {
lidSwitch = "lock"; lidSwitch = "lock";
suspendKey = "hibernate"; suspendKey = "hibernate";

40
hosts/slab/hardware-configuration.nix
View File

@ -14,42 +14,42 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec"; { device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nixos/@" ]; options = [ "subvol=nixos/@root" ];
}; };
# fileSystems."/boot" =
# { device = "/dev/disk/by-uuid/b9813c1d-5b6c-4026-9ee3-53ba80b90dc4";
# fsType = "ext4";
# };
fileSystems."/nix" = fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec"; { device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=nixos/@nix" ]; options = [ "subvol=nixos/@nix" ];
}; };
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
options = [ "subvol=@home" ];
};
fileSystems."/boot" = fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/50D3-45F0";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/efi" =
{ device = "/dev/disk/by-uuid/4E1B-8BEE"; { device = "/dev/disk/by-uuid/4E1B-8BEE";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; };
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=/" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/5723dafa-81df-4bb4-a039-7f52b61cbb02";
fsType = "btrfs";
options = [ "subvol=@home" ];
}; };
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; } [ { device = "/dev/disk/by-uuid/9360890a-4050-4326-bf5f-8fa2bdc6744a"; }
]; ];
fileSystems."/.btrfsroot" =
{ device = "/dev/disk/by-uuid/9c2a06d8-bff5-4587-95a6-e25495e9c4ec";
fsType = "btrfs";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

34
modules/nixos/adb-old.nix Normal file
View File

@ -0,0 +1,34 @@
{...}@moduleInputs:
{ config, lib, pkgs, ... }:
with lib;
let
extraPkgs = (moduleInputs.mkExtraPkgs pkgs.system);
in
{
meta.maintainers = [ maintainers.mic92 ];
disabledModules = [ "programs/adb.nix" ];
###### interface
options = {
programs.adb = {
enable = mkOption {
default = false;
type = types.bool;
description = lib.mdDoc ''
Whether to configure system to use Android Debug Bridge (adb).
To grant access to a user, it must be part of adbusers group:
`users.users.alice.extraGroups = ["adbusers"];`
'';
};
};
};
###### implementation
config = mkIf config.programs.adb.enable {
services.udev.packages = [ extraPkgs.android-udev-rules ];
environment.systemPackages = [ extraPkgs.android-tools ];
users.groups.adbusers = {};
};
}

1
modules/nixos/default.nix
View File

@ -1,3 +1,4 @@
{...}@moduleInputs: {...}@moduleInputs:
{ {
adb = (import ./adb-old.nix) moduleInputs;
} }

BIN
secrets/htpasswd-cam.age
View File

Binary file not shown.

45
secrets/htpasswd.age
View File

@ -1,45 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 YUrFgQ yt/xvo+tCV4d9w15bYOImW5TLiBuj4HEk5x6iUAs9GA
8UwA9C3aM4e/L8Q6D2Q2WPtYvfb0pknxc4xZhl/yrf0
-> ssh-rsa I7EAZw
LQgq2oU/12z0cUSmCxyT4pSpE0OlPdeue33bdMpb41oMVpsEJPgg374HffHIGejm
6rvjHDYUhNcUobr0SFHhn4Rl29NCTKXNfbhcPrKkWoQPsIhlC/ZMNq0pVRG5vdsm
aj42JQG3xoytyaE0KfevmPtBFS7/e7kEojBOzPzs8pcw9EaYZFPVz56YPh3Z31K6
4OXhDrBLkiDc0bpjUlVfJGtlejBGWIlqtIoNGMmMVQJpXUUbJwm6RdGhGXUCvSHR
LdcU3RO5sJtiSUs9ur49GyFiiF6WjhE4vJpUhw94rvaKYmeS+JcgFPcl3+pp0K6/
JEv26WH5Ch0QNPY+MxnGVHCzGMiOEYOuiGYdxoNLZVZ31Btn4sA/2lS7wDrX9ptG
V0Iv58tD+7qkcH7ZJltwMcXAO28ELYANm+TaNnzmMqbNiBMt+BpflLCZNnyWu2ws
e8cvlPGhLKYRy3Cq0N3KrK0grje+eC2C9T1f48o1FjO8fGkSRL4IGeUbwK3c/rnF
-> ssh-rsa 0pGLuA
q6HsqeQLV4HXhcQDX0GT5CHKfEsK7N5BY5hHwCGZyPF0LPfrCjc8guhFxtpsHmKF
b8EjF+o4s+M37nrY8oW1Xq/MzX7EBbNCcr0qIN6WWr8ihDOM/ylSh0XDTiFU+ZOi
viVnIcy0GZ6pqNT8yd9rh4N3kQsNBsuJJQ9rs/IDdirnvYjzVRfFyUfRt1WgeA1d
0vLlucnYEwE83OnjrIh7pZm8yl/onl7kSUSvRkJU4NiT8V1zcwbzOYK4iyIPgbF4
AWiHqdQLouShVZYd0E1gOaMVhDlkiAz82GZvfVbc+OQDRHSP1dMrn88yYC+jxO/d
TwhAnz2NplggBxFofIq2dHsrgDlg8ZuwqXRtTA37f8Fz7HDrfkT430BA9Nkwo6f1
3ACHhWWE7CSAwJg/aUcq+emnoEstGUHKGPBvBKzTO4UCu+8exKnYqICMo52R5rOr
QFoNU+Xh6i/vnGE9vLB+ef+Qu8f62ZjzJDufkhUyJ9lH5mC78nb/Wev3HoeK04M0
-> ssh-rsa JoBDow
NpYBW5RnOkkUxV/D3fJof5NY5IENTk37GLtp7B9UHw+qDIKzwDUJsLW7siEeReni
anPtltPQVfdNCtCESlaN25VGMKmMEFxqI4jdeABgJ75zih6H1YDHEsFXco55q3SQ
NBJQrE4KzDd6lmYwVengPe4Dluq9ERqqtIKFifyQHAbC+JNa/j/TWRpYJ06OuM1W
uYyxBijVT1PAOs/pcD62gELikoBk0VnsmptZgvLxskO+9XPoZ7XAHUt31yT4Rdaa
gHHvpbUyPXcdQ9gcJ8hArfWwPAkenVHsV4xpdo7AOA86MP9bUtNg6sK7ERae1tPK
P7YChlRfqOPs9i42zuPElAhhkoEWc/2vLMQYw1mrPq3NVkxkyPLZAg+7VE8R5pIn
PR+GUmF7PAwNinQSnH+qO19hkC9CRAuRWJudyaZzz8g0zmTdK8QjEhmBdcVz6ld0
jSW58P63EQMtMG3+wk7FecySroA77tVqhGX7pnWH5SuVC+iFU6BZYUgYcTPume+V
-> ssh-rsa wzTCUg
Zm+akdwAssHoa/AaKna+aUbLxduwMkbeVNzVVqZSTUGLiW2x+XifLLytPQzO6tzd
0WS8QDwMzs0xVVP3ySBNgtxqdpUwPBrEPQlSBoC+k82oobvnPp3bQHi6rUmQxxfT
XLduTCQiQ5KB+2VrZmrk9HGzjOhtX+Up1+oRumNk5y5GUQcs0G10dkStR8oK8o5v
E2eDpdGY72xV3mf1gSdjpAzW3XDNUVcYXwfFqtDrE6kAGxzRGjyL3/UXQIsC2HVx
SQKCx1+hO8CCUAHgUk1cJDfOT1F8Nb6prBx/U0Z3Sh7z1cewLPYgXu2ikWmbWpPm
Lfe1UJ4L3SwVr7n+S6pAviaXoALgaUWXc77EEE6il2/3qEY6PsBbfQ2ARvJ9l4Ii
O/0mS4e7AUjANpjQxJmS7CMHIXC+TWIi+QYESQznd6fXbnskaxs3y0u01Oz/KalL
rVALt7UNhanhKVOqszR+lqdXVpsfbzknNJuUVleJQPbF8dEJ4VJ+kV/2oAs3vncc
--- V9+Pd5j6tALKKHeNBxdTYIu6mJZZcwAiBwvPxEQGGg4
H?ò¥R]¯Ä >¿fEåtW<19>PßÔxš'Ÿæ03H¤…[ ããGÂoÈfÃa<C383>{àMD¤; 1°u «ð5” €r…y{—ê:>_0ù™[iÊÝJ1<4A>ê×`¨SÛ¡ˆ¥“ÌcQ¾ô<C2BE> :¾7V`/áÚi^k.r·iždZjØóVšZ«hø*ó6Õl°5MýÁb—ÒãhÆ'Kjy1VêîO<C3AE>P+_1 =

2
secrets/secrets.nix
View File

@ -14,7 +14,5 @@ in
{ {
"cloudflare-dns.age".publicKeys = [ rpi4 ] ++ all-user; "cloudflare-dns.age".publicKeys = [ rpi4 ] ++ all-user;
"wireguard-rpi4.age".publicKeys = [ rpi4 ] ++ all-user; "wireguard-rpi4.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd.age".publicKeys = [ rpi4 ] ++ all-user;
"htpasswd-cam.age".publicKeys = [ rpi4 ] ++ all-user;
} }

3
system/common/desktop.nix
View File

@ -13,7 +13,7 @@ in
# ]; # ];
options.nixfiles.common.desktop = { options.nixfiles.common.desktop = {
enable = mkEnableOption "common desktop configuration"; enable = mkEnableOption "common desktop options";
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
@ -50,7 +50,6 @@ in
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
(nerdfonts.override { fonts = [ "FiraCode" ]; }) (nerdfonts.override { fonts = [ "FiraCode" ]; })
font-awesome
noto-fonts-cjk noto-fonts-cjk
(google-fonts.override { fonts = [ "NovaSquare" ];}) (google-fonts.override { fonts = [ "NovaSquare" ];})
]; ];

6
system/common/me.nix
View File

@ -16,12 +16,8 @@ in
packages = with pkgs; [ packages = with pkgs; [
keychain keychain
]; ];
initialPassword = lib.mkDefault "changeme";
shell = pkgs.zsh; shell = pkgs.zsh;
# this should only be configured if mutableUsers is enabled, otherwise it
# behaves the same as `password` and takes precedence over
# `hashedPasswordFile`, which is undesirable.
initialPassword = lib.mkIf config.users.mutableUsers (lib.mkDefault "changeme");
}; };
users.groups.nullbite.gid = 1000; users.groups.nullbite.gid = 1000;

8
system/default.nix
View File

@ -1,4 +1,4 @@
{ pkgs, config, lib, options, nixpkgs, home-manager, inputs, utils, ... }@args: { pkgs, config, lib, options, nixpkgs, home-manager, inputs, ... }@args:
let let
cfg = config.nixfiles; cfg = config.nixfiles;
flakeType = cfg.lib.types.flake; flakeType = cfg.lib.types.flake;
@ -30,12 +30,6 @@ in
type = lib.types.bool; type = lib.types.bool;
}; };
utils = lib.mkOption {
description = "nixpkgs `utils` argument passthrough";
default = utils;
readOnly = true;
};
workarounds.nvidiaPrimary = lib.mkOption { workarounds.nvidiaPrimary = lib.mkOption {
description = "Whether to enable workarounds for NVIDIA as the primary GPU"; description = "Whether to enable workarounds for NVIDIA as the primary GPU";
default = false; default = false;

2
system/hardware/nvidia.nix
View File

@ -68,7 +68,7 @@ in
nvidiaSettings = lib.mkDefault true; nvidiaSettings = lib.mkDefault true;
# Optionally, you may need to select the appropriate driver version for your specific GPU. # Optionally, you may need to select the appropriate driver version for your specific GPU.
package = lib.mkDefault config.boot.kernelPackages.nvidiaPackages.stable; package = lib.mkDefault nvidia_555;
}; };
}; };
} }

8
system/profile/base.nix
View File

@ -111,10 +111,6 @@ in
# kitty compatibility on all systems # kitty compatibility on all systems
kitty.terminfo kitty.terminfo
# GPG
gnupg
pinentry # i want all of them
]; ];
# Needed for Kvantum themes to be detected # Needed for Kvantum themes to be detected
@ -133,10 +129,6 @@ in
enableSSHSupport = lib.mkDefault false; enableSSHSupport = lib.mkDefault false;
}; };
# initrd rescue password (can store plain hash since it is extremely
# unlikely to be brute forced)
boot.initrd.systemd.emergencyAccess = "$2b$15$jljA4yma8GrD2LmvhrlUkuXWBry/0jhMnXs1qB1y/byBGXKq74wMK";
boot.loader.systemd-boot.configurationLimit = lib.mkDefault 15; boot.loader.systemd-boot.configurationLimit = lib.mkDefault 15;
# see: # see:

2
system/programs/android.nix
View File

@ -3,6 +3,8 @@ let
cfg = config.nixfiles.programs.adb; cfg = config.nixfiles.programs.adb;
in in
{ {
# imports = [ outputs.nixosModules.adb ];
options.nixfiles.programs.adb = { options.nixfiles.programs.adb = {
enable = lib.mkEnableOption "adb configuration"; enable = lib.mkEnableOption "adb configuration";
}; };