cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:67048909a94a6f8a90307eb16d8d3f36413c4b13
Branches Tags
cy:main
cy:update
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:30c82dcb4f92f028437e4645d0f40226d329eff5
Branches Tags
cy:update
cy:main
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:downgrade-kernel
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence

4 commits
67048909a9 ... 30c82dcb4f

Author SHA1 Message Date
cy
30c82dcb4f
add sccache, some vscode changes, use kitten ssh 2025-01-30 12:48:48 -05:00
cy
d0ba9ca90b
make garage better 
Signed-off-by: cy <cy@cy7.sh>
 2025-01-30 12:35:19 -05:00
cy
4e0c1fbbb4
caddy: use acme_dns for wildcard TLS to work 
use cloudflare dns plugin to update zone
 2025-01-30 12:33:03 -05:00
cy
4f015ecb45
vscode: overlay github codespaces extension 
Signed-off-by: cy <cy@cy7.sh>
 2025-01-29 21:48:31 -05:00
13 changed files with 125 additions and 12 deletions
Show stats Expand all files Collapse all files

5
.sops.yaml
View file

@ -108,3 +108,8 @@ creation_rules:
- age: - age:
- *chunk - *chunk
- *cy - *cy
- path_regex: secrets/yt/(.*).yaml$
key_groups:
- age:
- *yt
- *cy

2
home/kitty.nix
View file

@ -67,4 +67,6 @@
"kitty_mod+o>l" = "kitten hints --type linenum"; "kitty_mod+o>l" = "kitten hints --type linenum";
}; };
}; };
programs.zsh.shellAliases."ssh" = "kitten ssh";
} }

1
home/niri/default.nix
View file

@ -102,6 +102,7 @@ in
{ app-id = "com.mitchellh.ghostt"; } { app-id = "com.mitchellh.ghostt"; }
{ app-id = "org.kde.okular"; } { app-id = "org.kde.okular"; }
{ app-id = "kitty"; } { app-id = "kitty"; }
{ app-id = "VSCodium"; }
]; ];
default-column-width.proportion = .5; default-column-width.proportion = .5;
} }

7
home/vscode.nix
View file

@ -11,6 +11,8 @@
jnoortheen.nix-ide jnoortheen.nix-ide
editorconfig.editorconfig editorconfig.editorconfig
github.github-vscode-theme github.github-vscode-theme
github.copilot
rust-lang.rust-analyzer
]; ];
userSettings = { userSettings = {
"workbench.colorTheme" = "GitHub Dark Default"; "workbench.colorTheme" = "GitHub Dark Default";
@ -18,10 +20,10 @@
"nix.enableLanguageServer" = true; "nix.enableLanguageServer" = true;
"nix.serverPath" = "nixd"; "nix.serverPath" = "nixd";
"editor.fontFamily" = "IBM Plex Mono"; "editor.fontFamily" = "IBM Plex Mono";
"editor.fontSize" = 15; "editor.fontSize" = 16;
"editor.wordWrap" = "on"; "editor.wordWrap" = "on";
# vim mode # vim mode settings
"vim.handleKeys" = { "vim.handleKeys" = {
"<C-b>" = false; # file tree toggle "<C-b>" = false; # file tree toggle
}; };
@ -32,6 +34,7 @@
"silent" = true; "silent" = true;
} }
]; ];
"workbench.startupEditor" = "none";
}; };
}; };
} }

17
home/yt/ytnix.nix
View file

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -108,6 +109,8 @@
hugo hugo
ghidra ghidra
sequoia sequoia
sccache
awscli2
]; ];
programs.waybar.enable = true; programs.waybar.enable = true;
@ -164,5 +167,19 @@
home.sessionVariables = { home.sessionVariables = {
# to make ghidra work on xwayland # to make ghidra work on xwayland
_JAVA_AWT_WM_NONREPARENTING = 1; _JAVA_AWT_WM_NONREPARENTING = 1;
# sccache stuff
RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
SCCACHE_BUCKET = "sccache";
SCCACHE_REGION = "earth";
SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
SCCACHE_ALLOW_CORE_DUMPS = "true";
SCCACHE_S3_USE_SSL = "true";
SCCACHE_CACHE_MULTIARCH = "true";
SCCACHE_LOG_LEVEL = "warn";
AWS_DEFAULT_REGION = "earth";
AWS_ENDPOINT_URL = "https://s3.cy7.sh";
AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
}; };
} }

2
hosts/chunk/default.nix
View file

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:

27
hosts/chunk/garage.nix
View file

@ -8,6 +8,12 @@
s3_api = { s3_api = {
s3_region = "earth"; s3_region = "earth";
api_bind_addr = "[::]:3900"; api_bind_addr = "[::]:3900";
root_domain = ".s3.cy7.sh";
};
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.s3.cy7.sh";
index = "index.html";
}; };
admin.api_bind_addr = "[::]:3903"; admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901"; rpc_bind_addr = "[::]:3901";
@ -17,8 +23,21 @@
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
}; };
services.caddy.virtualHosts."s3.cy7.sh".extraConfig = '' services.caddy.virtualHosts = {
import common "s3.cy7.sh" = {
reverse_proxy localhost:3900 serverAliases = [ "*.s3.cy7.sh" ];
''; extraConfig = ''
import common
reverse_proxy localhost:3900
'';
};
"*.web.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3902
'';
"admin.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3903
'';
};
} }

8
hosts/ytnix/default.nix
View file

@ -36,6 +36,14 @@
"tailscale/auth" = { "tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml; sopsFile = ../../secrets/services/tailscale.yaml;
}; };
"aws/key_id" = {
sopsFile = ../../secrets/yt/aws.yaml;
owner = "yt";
};
"aws/key_secret" = {
sopsFile = ../../secrets/yt/aws.yaml;
owner = "yt";
};
}; };
boot = { boot = {

13
modules/caddy.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let let
@ -14,6 +15,14 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.caddy = { services.caddy = {
enable = true; enable = true;
package = pkgs.caddy.withPlugins {
plugins = [
# error message will tell you the correct version tag to use
# (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
];
hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
};
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
extraConfig = '' extraConfig = ''
@ -22,6 +31,10 @@ in
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
} }
''; '';
globalConfig = ''
acme_dns cloudflare {$CLOUDFLARE_KEY}
'';
environmentFile = config.sops.secrets."caddy/env".path;
}; };
}; };
} }

1
overlay/default.nix
View file

@ -2,6 +2,7 @@ let
overlays = [ overlays = [
./conduwuit ./conduwuit
./attic ./attic
./vscode.nix
]; ];
importedOverlays = map (m: import m) overlays; importedOverlays = map (m: import m) overlays;
in in

14
overlay/vscode.nix Normal file
View file

@ -0,0 +1,14 @@
final: prev: {
vscode-extensions = prev.vscode-extensions // {
github = prev.vscode-extensions.github // {
codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
publisher = "github";
name = "codespaces";
version = "1.17.3";
hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w=";
};
};
};
};
}

8
secrets/services/caddy.yaml
View file

@ -1,5 +1,5 @@
caddy: caddy:
env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str] env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +33,8 @@ sops:
Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-17T03:25:37Z" lastmodified: "2025-01-30T17:26:39Z"
mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str] mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.4

32
secrets/yt/aws.yaml Normal file
View file

@ -0,0 +1,32 @@
aws:
key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str]
key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT
T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL
dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R
azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO
HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu
dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv
Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0
UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-30T17:45:09Z"
mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4