Compare commits
15 commits
9546caaa7c
...
5cb9e61708
| Author | SHA1 | Date | |
|---|---|---|---|
| 5cb9e61708 | |||
| 477d94687d | |||
| 8100b82485 | |||
| 3e371387e7 | |||
| 2972c64f33 | |||
| abe85c7763 | |||
| 1262c2daee | |||
| e6e9310b29 | |||
| 6220965c2d | |||
| 0299139b8e | |||
14f9f0c06a
|
|||
|
c400c4b5cd
|
|||
|
4e99cfcc94
|
|||
|
9c509c79cb
|
|||
|
99b07bdb36
|
13 changed files with 155 additions and 139 deletions
3
.editorconfig
Normal file
3
.editorconfig
Normal file
|
|
@ -0,0 +1,3 @@
|
|||
[*.nix]
|
||||
indent_style = space
|
||||
indent_size = 2
|
||||
71
.github/workflows/build-machines-and-homes.yml
vendored
71
.github/workflows/build-machines-and-homes.yml
vendored
|
|
@ -39,25 +39,6 @@ jobs:
|
|||
- name: setup binary cache key
|
||||
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
|
||||
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: post-build-hook
|
||||
run: |
|
||||
sudo mkdir -p /etc/nix
|
||||
sudo cp ci/upload-to-cache.sh /etc/nix/
|
||||
sudo chmod +x /etc/nix/upload-to-cache.sh
|
||||
|
||||
- name: setup s3 credentials
|
||||
run: |
|
||||
sudo mkdir /root/.aws
|
||||
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
|
||||
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
|
||||
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
|
||||
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v30
|
||||
with:
|
||||
|
|
@ -70,12 +51,26 @@ jobs:
|
|||
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
|
||||
extra-substituters = https://nixcache.cy7.sh
|
||||
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
|
||||
post-build-hook = /etc/nix/upload-to-cache.sh
|
||||
download-buffer-size = 1073741824
|
||||
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: build
|
||||
run: |
|
||||
nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}"
|
||||
|
||||
- name: cache
|
||||
run: |
|
||||
nix run \
|
||||
github:cything/nixcp/test-in-ci -- push \
|
||||
--bucket nixcache \
|
||||
--endpoint $AWS_ENDPOINT_URL \
|
||||
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
|
||||
result
|
||||
|
||||
build-homes:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
|
|
@ -85,7 +80,6 @@ jobs:
|
|||
- yt@chunk
|
||||
os:
|
||||
- ubuntu-latest
|
||||
# - macos-latest
|
||||
runs-on: ${{ matrix.os }}
|
||||
|
||||
steps:
|
||||
|
|
@ -104,25 +98,6 @@ jobs:
|
|||
- name: setup binary cache key
|
||||
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
|
||||
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: post-build-hook
|
||||
run: |
|
||||
sudo mkdir -p /etc/nix
|
||||
sudo cp ci/upload-to-cache.sh /etc/nix/
|
||||
sudo chmod +x /etc/nix/upload-to-cache.sh
|
||||
|
||||
- name: setup s3 credentials
|
||||
run: |
|
||||
sudo mkdir /root/.aws
|
||||
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
|
||||
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
|
||||
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
|
||||
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v30
|
||||
with:
|
||||
|
|
@ -135,9 +110,23 @@ jobs:
|
|||
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
|
||||
extra-substituters = https://nixcache.cy7.sh
|
||||
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
|
||||
post-build-hook = /etc/nix/upload-to-cache.sh
|
||||
download-buffer-size = 1073741824
|
||||
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: build
|
||||
run: |
|
||||
package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
|
||||
nix build -L "$package"
|
||||
|
||||
- name: cache
|
||||
run: |
|
||||
nix run \
|
||||
github:cything/nixcp/test-in-ci -- push \
|
||||
--bucket nixcache \
|
||||
--endpoint $AWS_ENDPOINT_URL \
|
||||
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
|
||||
result
|
||||
|
|
|
|||
29
.github/workflows/build-packages.yml
vendored
29
.github/workflows/build-packages.yml
vendored
|
|
@ -32,25 +32,6 @@ jobs:
|
|||
- name: setup binary cache key
|
||||
run: echo -n "${{ secrets.NIX_CACHE_SECRET_KEY }}" | xxd -p -r > ${{ runner.temp }}/cache-priv-key.pem
|
||||
|
||||
- name: Sync repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
persist-credentials: false
|
||||
|
||||
- name: post-build-hook
|
||||
run: |
|
||||
sudo mkdir -p /etc/nix
|
||||
sudo cp ci/upload-to-cache.sh /etc/nix/
|
||||
sudo chmod +x /etc/nix/upload-to-cache.sh
|
||||
|
||||
- name: setup s3 credentials
|
||||
run: |
|
||||
sudo mkdir /root/.aws
|
||||
echo "[default]" |sudo tee /root/.aws/config |sudo tee /root/.aws/credentials
|
||||
echo "aws_access_key_id=$AWS_ACCESS_KEY_ID" |sudo tee -a /root/.aws/credentials
|
||||
echo "aws_secret_access_key=$AWS_SECRET_ACCESS_KEY" |sudo tee -a /root/.aws/credentials
|
||||
echo "endpoint_url=$AWS_ENDPOINT_URL" |sudo tee -a /root/.aws/config
|
||||
|
||||
- name: Install Nix
|
||||
uses: cachix/install-nix-action@v30
|
||||
with:
|
||||
|
|
@ -63,10 +44,18 @@ jobs:
|
|||
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
|
||||
extra-substituters = https://nixcache.cy7.sh
|
||||
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8=
|
||||
post-build-hook = /etc/nix/upload-to-cache.sh
|
||||
|
||||
- run: nix build -L ${{ matrix.package }}
|
||||
|
||||
- name: cache
|
||||
run: |
|
||||
nix run \
|
||||
github:cything/nixcp/test-in-ci -- push \
|
||||
--bucket nixcache \
|
||||
--endpoint $AWS_ENDPOINT_URL \
|
||||
--signing-key ${{ runner.temp }}/cache-priv-key.pem \
|
||||
result
|
||||
|
||||
- name: prepare tarball to upload
|
||||
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result
|
||||
|
||||
|
|
|
|||
1
README
1
README
|
|
@ -1 +0,0 @@
|
|||
this is only open source for free ci
|
||||
54
flake.lock
generated
54
flake.lock
generated
|
|
@ -147,11 +147,11 @@
|
|||
"rust-overlay": "rust-overlay"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745229893,
|
||||
"narHash": "sha256-7syUmzqfY9gmLZF4WwqckPRbDRhJApOspd/qDIBHaWY=",
|
||||
"lastModified": 1745480492,
|
||||
"narHash": "sha256-atfb7grtY2DkjR5D9xTKx/CxXoXELBb+xQK2KVe6cso=",
|
||||
"owner": "deuxfleurs-org",
|
||||
"repo": "garage",
|
||||
"rev": "3c20984a08528f1a6672c8afc83d2306a0361e40",
|
||||
"rev": "bf4691d98afe348e528ee24e26b06c325cca35d0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -189,11 +189,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745256380,
|
||||
"narHash": "sha256-hJH1S5Xy0K2J6eT22AMDIcQ07E8XYC1t7DnXUr2llEM=",
|
||||
"lastModified": 1745858959,
|
||||
"narHash": "sha256-B1FQwPCFLL3cbHc2nxT3/UI1uprHp2h1EA6M2JVe0oQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "22b326b42bf42973d5e4fe1044591fb459e6aeac",
|
||||
"rev": "d0d9d0a1454d5a0200693570618084d80a8b336c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -214,11 +214,11 @@
|
|||
"rust-overlay": "rust-overlay_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745217777,
|
||||
"narHash": "sha256-lnsoesuG+r15kV3Um4hHpYXIjsi6EOPBtIlV8by/7i0=",
|
||||
"lastModified": 1745271491,
|
||||
"narHash": "sha256-4GAHjus6JRpYHVROMIhFIz/sgLDF/klBM3UHulbSK9s=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lanzaboote",
|
||||
"rev": "e4cf2086105f47a22f92985358db295a20746abb",
|
||||
"rev": "995637eb3ab78eac33f8ee6b45cc2ecd5ede12ba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -257,11 +257,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745120797,
|
||||
"narHash": "sha256-owQ0VQ+7cSanTVPxaZMWEzI22Q4bGnuvhVjLAJBNQ3E=",
|
||||
"lastModified": 1745725746,
|
||||
"narHash": "sha256-iR+idGZJ191cY6NBXyVjh9QH8GVWTkvZw/w+1Igy45A=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "69716041f881a2af935021c1182ed5b0cc04d40e",
|
||||
"rev": "187524713d0d9b2d2c6f688b81835114d4c2a7c6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -277,11 +277,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1744621833,
|
||||
"narHash": "sha256-II6a32kRc+KbLhU/jS8EbuXYt1PNCvsRvuBw2becgQM=",
|
||||
"lastModified": 1745836145,
|
||||
"narHash": "sha256-CQ18gPSd8nHMrK2K7hqsmLedQFfefUBgIq8AHHXsPRU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-ld",
|
||||
"rev": "9a3812797e25def1d4aed62b517606b7b93989dc",
|
||||
"rev": "3a4fcea3d9a3c1366a745d23808114a67bf98c68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -292,11 +292,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1744932701,
|
||||
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
|
||||
"lastModified": 1745526057,
|
||||
"narHash": "sha256-ITSpPDwvLBZBnPRS2bUcHY3gZSwis/uTe255QgMtTLA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
|
||||
"rev": "f771eb401a46846c1aebd20552521b233dd7e18b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -417,11 +417,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745207416,
|
||||
"narHash": "sha256-2g2TnXgJEvSvpk7ujY69pSplmM3oShhoOidZf1iHTHU=",
|
||||
"lastModified": 1745807802,
|
||||
"narHash": "sha256-Aary9kzSx9QFgfK1CDu3ZqxhuoyHvf0F71j64gXZebA=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "68a0ff1a43d08aa1ec3730e7e7d06f6da0ba630a",
|
||||
"rev": "9a6045615437787dfb9c1a3242fd75c6b6976b6b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -437,11 +437,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1744669848,
|
||||
"narHash": "sha256-pXyanHLUzLNd3MX9vsWG+6Z2hTU8niyphWstYEP3/GU=",
|
||||
"lastModified": 1745310711,
|
||||
"narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "61154300d945f0b147b30d24ddcafa159148026a",
|
||||
"rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -503,11 +503,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1745251368,
|
||||
"narHash": "sha256-Fczq6JKwtHsCNPKPxkGFBhpWH8KoqY2eTyE6jG/cqms=",
|
||||
"lastModified": 1745820808,
|
||||
"narHash": "sha256-6WmnH372ixlcGIAExWBmNg8aRlP1enR97zRfvYKNqR0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "6dfa23066faf8643ca05eac994aa14ef695231aa",
|
||||
"rev": "3f05a23a57d43dfcaa41f4fb59f9bd1e9382ba1a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
|
|
@ -13,6 +13,7 @@
|
|||
# for confirmation
|
||||
confirm_os_window_close = 0;
|
||||
clear_all_shortcuts = true;
|
||||
background_opacity = 0.85;
|
||||
|
||||
# will probably lower this later but the max allowed is actually 4GB
|
||||
# this is NOT stored in memory and can only be viewed with scrollback_pager
|
||||
|
|
|
|||
|
|
@ -8,7 +8,7 @@
|
|||
./common.nix
|
||||
../irssi.nix
|
||||
../kitty.nix
|
||||
../codium.nix
|
||||
# ../codium.nix
|
||||
];
|
||||
home = {
|
||||
username = "yt";
|
||||
|
|
@ -28,10 +28,7 @@
|
|||
home.packages =
|
||||
with pkgs;
|
||||
lib.flatten [
|
||||
ungoogled-chromium
|
||||
librewolf
|
||||
bitwarden-desktop
|
||||
bitwarden-cli
|
||||
fastfetch
|
||||
(with kdePackages; [
|
||||
gwenview
|
||||
|
|
@ -41,14 +38,12 @@
|
|||
signal-desktop
|
||||
btop
|
||||
jq
|
||||
sqlite
|
||||
usbutils
|
||||
calibre
|
||||
tor-browser
|
||||
wtype
|
||||
bat
|
||||
rclone
|
||||
go
|
||||
(rust-bin.selectLatestNightlyWith (
|
||||
toolchain:
|
||||
toolchain.default.override {
|
||||
|
|
@ -56,12 +51,9 @@
|
|||
targets = [ "aarch64-unknown-linux-musl" ];
|
||||
}
|
||||
))
|
||||
pwgen
|
||||
gnumake
|
||||
unzip
|
||||
anki-bin
|
||||
trezorctl
|
||||
q
|
||||
gdb
|
||||
fuzzel
|
||||
hugo
|
||||
|
|
@ -90,23 +82,18 @@
|
|||
jadx
|
||||
scrcpy
|
||||
syncthing
|
||||
syncthingtray
|
||||
(with llvmPackages; [
|
||||
clangUseLLVM
|
||||
compiler-rt
|
||||
libllvm
|
||||
])
|
||||
nix-output-monitor
|
||||
wl-clipboard-rs
|
||||
pixelflasher
|
||||
cinny-desktop
|
||||
freetube
|
||||
gopls
|
||||
rust-analyzer
|
||||
minio-client
|
||||
nil
|
||||
keepassxc
|
||||
lua-language-server
|
||||
ida-free
|
||||
jujutsu
|
||||
ffmpeg
|
||||
];
|
||||
|
||||
home.sessionVariables = {
|
||||
|
|
@ -158,6 +145,19 @@
|
|||
enable = true;
|
||||
viAlias = true;
|
||||
vimAlias = true;
|
||||
extraPackages = with pkgs; [
|
||||
lua-language-server
|
||||
nil
|
||||
rust-analyzer
|
||||
fzf
|
||||
fd
|
||||
ripgrep
|
||||
bat
|
||||
delta
|
||||
taplo
|
||||
llvmPackages.clang-tools
|
||||
pyright
|
||||
];
|
||||
};
|
||||
|
||||
programs.ssh = {
|
||||
|
|
@ -166,4 +166,32 @@
|
|||
};
|
||||
|
||||
programs.firefox.enable = true;
|
||||
|
||||
programs.emacs = {
|
||||
enable = true;
|
||||
extraPackages = _: with pkgs; [
|
||||
rust-analyzer
|
||||
nil
|
||||
ispell
|
||||
];
|
||||
};
|
||||
|
||||
gtk = {
|
||||
enable = true;
|
||||
theme.package = pkgs.gnome-themes-extra;
|
||||
theme.name = "Adwaita-dark";
|
||||
};
|
||||
|
||||
qt = {
|
||||
enable = true;
|
||||
platformTheme.name = "adwaita";
|
||||
style.name = "adwaita-dark";
|
||||
style.package = pkgs.adwaita-qt;
|
||||
};
|
||||
|
||||
dconf.settings = {
|
||||
"org/gnome/desktop/interface" = {
|
||||
color-scheme = "prefer-dark";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -37,12 +37,6 @@
|
|||
searchDownKey = "^n";
|
||||
};
|
||||
|
||||
# prezto = {
|
||||
# enable = true;
|
||||
# caseSensitive = false;
|
||||
# editor.keymap = "vi";
|
||||
# };
|
||||
|
||||
initExtra = ''
|
||||
# disable control+s to pause terminal
|
||||
unsetopt FLOW_CONTROL
|
||||
|
|
@ -85,14 +79,11 @@
|
|||
shellAliases = {
|
||||
"vi" = "nvim";
|
||||
"vim" = "nvim";
|
||||
"t" = "tmux";
|
||||
"tl" = "tmux list-sessions";
|
||||
"ta" = "tmux new-session -A -s";
|
||||
"se" = "sudoedit";
|
||||
"s" = "sudo";
|
||||
"nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json";
|
||||
"nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json";
|
||||
"hrs" = "home-manager switch -L --flake .";
|
||||
"nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config";
|
||||
"nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config";
|
||||
"hrs" = "home-manager switch -L --flake ~/nixos-config";
|
||||
"g" = "git";
|
||||
"ga" = "git add";
|
||||
"gaa" = "git add --all";
|
||||
|
|
@ -100,7 +91,6 @@
|
|||
"gc" = "git commit --verbose";
|
||||
"gcmsg" = "git commit --message";
|
||||
"gd" = "git diff";
|
||||
"gdca" = "git diff --cached";
|
||||
"gds" = "git diff --staged";
|
||||
"gl" = "git log --stat";
|
||||
"glg" = "git log --graph";
|
||||
|
|
@ -113,6 +103,11 @@
|
|||
"gs" = "git status --short";
|
||||
"gss" = "git status";
|
||||
"code" = "codium";
|
||||
"jl" = "jj log -n 10";
|
||||
"jll" = "jj log";
|
||||
"jd" = "jj diff";
|
||||
"jn" = "jj new";
|
||||
"jm" = "jj describe -m";
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@
|
|||
compression_level = "none";
|
||||
};
|
||||
environmentFile = config.sops.secrets."garage/env".path;
|
||||
logLevel = "warn";
|
||||
logLevel = "info";
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts = {
|
||||
|
|
|
|||
|
|
@ -14,15 +14,14 @@ let
|
|||
--config ${config.sops.secrets."rclone/config".path} \
|
||||
--allow-other \
|
||||
--cache-dir /var/cache/rclone \
|
||||
--transfers 64 \
|
||||
--vfs-cache-mode full \
|
||||
--transfers 16 \
|
||||
--vfs-cache-mode writes \
|
||||
--vfs-cache-min-free-space 5G \
|
||||
--dir-cache-time 30d \
|
||||
--no-checksum \
|
||||
--no-modtime \
|
||||
--vfs-fast-fingerprint \
|
||||
--vfs-read-chunk-size 8M \
|
||||
--vfs-read-chunk-streams 16 \
|
||||
--vfs-read-chunk-size 128M \
|
||||
--vfs-read-chunk-streams 0 \
|
||||
--sftp-concurrency 64 \
|
||||
--sftp-chunk-size 255k \
|
||||
--buffer-size 0 \
|
||||
|
|
|
|||
|
|
@ -87,7 +87,7 @@
|
|||
resolvconf.enable = true;
|
||||
firewall = {
|
||||
enable = true;
|
||||
trustedInterfaces = [ "tailscale0" "virbr0" ];
|
||||
trustedInterfaces = [ "tailscale0" "virbr0" "virbr1" ];
|
||||
# allowedTCPPorts = [
|
||||
# 8080 # mitmproxy
|
||||
# 22000 # syncthing
|
||||
|
|
@ -204,7 +204,7 @@
|
|||
services.displayManager = {
|
||||
enable = true;
|
||||
autoLogin.user = "yt";
|
||||
defaultSession = "plasma";
|
||||
defaultSession = "sway";
|
||||
sddm = {
|
||||
enable = true;
|
||||
wayland.enable = true;
|
||||
|
|
@ -238,6 +238,7 @@
|
|||
"/home/yt/Games"
|
||||
"/home/yt/Videos"
|
||||
"/home/yt/.bitmonero"
|
||||
"/home/yt/vms"
|
||||
];
|
||||
repo = "yt";
|
||||
passFile = config.sops.secrets."borg/rsyncnet".path;
|
||||
|
|
@ -360,12 +361,6 @@
|
|||
];
|
||||
};
|
||||
|
||||
services.ollama.enable = false;
|
||||
|
||||
services.trezord.enable = true;
|
||||
|
||||
programs.niri.enable = false;
|
||||
programs.niri.package = pkgs.niri-unstable;
|
||||
programs.xwayland.enable = true;
|
||||
|
||||
services.udev.extraHwdb = ''
|
||||
|
|
@ -390,7 +385,24 @@
|
|||
programs.ccache.enable = true;
|
||||
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
|
||||
programs.fuse.userAllowOther = true;
|
||||
nix.settings.sandbox = false;
|
||||
nix.settings.sandbox = true;
|
||||
|
||||
programs.ssh.startAgent = true;
|
||||
|
||||
programs.sway = {
|
||||
enable = true;
|
||||
wrapperFeatures.gtk = true;
|
||||
extraPackages = with pkgs; [
|
||||
rofi-wayland
|
||||
cliphist
|
||||
rofimoji
|
||||
grim
|
||||
slurp
|
||||
swaylock
|
||||
swayidle
|
||||
brightnessctl
|
||||
waybar
|
||||
wl-clipboard
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -68,6 +68,7 @@ in
|
|||
];
|
||||
scopes = [ "openid" "profile" "email" ];
|
||||
userinfo_signed_response_alg = "none";
|
||||
token_endpoint_auth_method = "client_secret_basic";
|
||||
}
|
||||
{
|
||||
client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU";
|
||||
|
|
|
|||
|
|
@ -19,9 +19,9 @@ in
|
|||
plugins = [
|
||||
# error message will tell you the correct version tag to use
|
||||
# (still need the @ to pass nix config check)
|
||||
"github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
|
||||
"github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349"
|
||||
];
|
||||
hash = "sha256-pfh9DXUj35jlAntkWc4D5wuW04xxQfM1rZ4KFauMzvc=";
|
||||
hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4=";
|
||||
};
|
||||
logFormat = lib.mkForce "level INFO";
|
||||
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
|
||||
|
|
@ -37,9 +37,9 @@ in
|
|||
|
||||
(authelia) {
|
||||
forward_auth localhost:9091 {
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||
}
|
||||
uri /api/authz/forward-auth
|
||||
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
|
||||
}
|
||||
}
|
||||
'';
|
||||
environmentFile = config.sops.secrets."caddy/env".path;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue