cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:main
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:2025-04-14
Branches Tags
cy:main
cy:update
cy:2025-04-14
cy:2025-04-07
cy:2025-04-05
cy:2025-04-04
cy:staging
cy:dogfood-nixcp
cy:no-follows
cy:workflow-test
cy:update_flake_lock_action
cy:caddy-s3
cy:workflow-copy
cy:workflow-lix
cy:test-s3-cache
cy:temp
cy:attic
cy:helix
cy:test
cy:lix-test
cy:bitwarden-patch
cy:chromium
cy:new-attic
cy:canary
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:garage
cy:harmonia
cy:impermanence

9 commits
main ... 2025-04-14

Author SHA1 Message Date
cy
9960ac71fc
workflow: use envars for s3 region and endpoint 2025-04-14 15:12:57 -04:00
cy
114aca9541
workflow: try hex encoded secret 2025-04-14 14:35:50 -04:00
cy
0bfef139ee
workflow: use runner.temp variable 2025-04-14 14:19:20 -04:00
cy
dbfd590562
dogfood nixcp 2025-04-14 13:46:03 -04:00
cy
892f42ed2a
use nixpkgs unstable 2025-04-14 13:37:13 -04:00
cy
1573032ace
try not using lix 2025-04-14 13:29:51 -04:00
cy
e452f2b753
just don't use matrix anymore 2025-04-14 13:29:51 -04:00
cy
1d851c93f1
install nil 2025-04-14 13:29:51 -04:00
cy
fecdb66f77
use lix from nixpkgs 2025-04-14 10:45:00 -04:00
23 changed files with 953 additions and 284 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.editorconfig
View file

@ -1,3 +0,0 @@
[*.nix]
indent_style = space
indent_size = 2

49
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -49,9 +49,15 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
download-buffer-size = 1073741824
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -60,16 +66,21 @@ jobs:
- name: build - name: build
run: | run: |
# package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
# nix build -L "$package"
nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}" nix run nixpkgs#nixos-rebuild build -- -L --flake ".#${{ matrix.machine }}"
- name: cache - name: cache
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
nix run \ package=".#nixosConfigurations."${{ matrix.machine }}".config.system.build.toplevel"
github:cything/nixcp -- push \ nix run github:cything/nixcp/2025-04-12 -- \
push \
--bucket nixcache \ --bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \
result -u https://nix-community.cachix.org \
$package
build-homes: build-homes:
strategy: strategy:
@ -80,6 +91,7 @@ jobs:
- yt@chunk - yt@chunk
os: os:
- ubuntu-latest - ubuntu-latest
# - macos-latest
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
@ -108,9 +120,15 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
download-buffer-size = 1073741824
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository - name: Sync repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -123,10 +141,13 @@ jobs:
nix build -L "$package" nix build -L "$package"
- name: cache - name: cache
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
nix run \ package=".#homeConfigurations."${{ matrix.home }}".activationPackage"
github:cything/nixcp -- push \ nix run github:cything/nixcp/2025-04-12 -- \
push \
--bucket nixcache \ --bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \
result -u https://nix-community.cachix.org \
$package

32
.github/workflows/build-packages.yml vendored
View file

@ -24,8 +24,8 @@ jobs:
os: os:
- ubuntu-latest - ubuntu-latest
- ubuntu-24.04-arm - ubuntu-24.04-arm
# - macos-latest - macos-latest
# - macos-13 - macos-13
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
@ -42,19 +42,33 @@ jobs:
accept-flake-config = true accept-flake-config = true
system-features = nixos-test benchmark big-parallel kvm system-features = nixos-test benchmark big-parallel kvm
secret-key-files = ${{ runner.temp }}/cache-priv-key.pem secret-key-files = ${{ runner.temp }}/cache-priv-key.pem
extra-substituters = https://nixcache.cy7.sh extra-substituters = https://nixcache.cy7.sh https://cache.lix.systems
extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= extra-trusted-public-keys = nixcache.cy7.sh:DN3d1dt0wnXfTH03oVmTee4KgmdNdB0NY3SuzA8Fwx8= cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o=
- name: Install Lix
run: |
sudo --preserve-env=PATH $(which nix) run \
'git+https://git.lix.systems/lix-project/lix?ref=refs/tags/2.92.0' -- \
upgrade-nix
nix --version
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- run: nix build -L ${{ matrix.package }} - run: nix build -L ${{ matrix.package }}
- name: cache - name: cache result
# https://stackoverflow.com/a/58859404
if: '!cancelled()'
run: | run: |
nix run \ nix run github:cything/nixcp/2025-04-12 -- \
github:cything/nixcp -- push \ push \
--bucket nixcache \ --bucket nixcache \
--endpoint $AWS_ENDPOINT_URL \
--signing-key ${{ runner.temp }}/cache-priv-key.pem \ --signing-key ${{ runner.temp }}/cache-priv-key.pem \
result -u https://nix-community.cachix.org \
"${{ matrix.package }}"
- name: prepare tarball to upload - name: prepare tarball to upload
run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result run: nix run github:nixos/nixpkgs#gnutar hcvf result.tar result

40
README.md Normal file
View file

@ -0,0 +1,40 @@
# infra
## ./home
- [home-manager](https://github.com/nix-community/home-manager) configuration files
- foot, tmux, and zsh are configured in Nix
- nvim, rofi, sway, waybar are configured in their own literature and symlinked to $XDG_CONFIG_HOME with home-manager
## ./hosts
- [`hosts/common.nix`](hosts/common.nix): configuration that makes sense on all computers
- [`hosts/zsh.nix`](hosts/zsh.nix): for computers that have the power to run zsh
### ./hosts/ytnix
- personal laptop
- a single [`default.nix`](hosts/ytnix/default.nix) that could be modularized but works for now
### ./hosts/chunk
- the overworked server with 5% SLA
- very short and concise [`default.nix`](hosts/chunk/default.nix)
- services organized in their modules
- some services run through `virtualisation.oci-containers`:
- [immich](hosts/chunk/immich.nix)
- [conduwuit](hosts/chunk/conduwuit.nix)
### ./hosts/titan
- got this cause chunk would go down way too often :(
- hosted on azure for "reliability"
- runs:
- [ghost](hosts/titan/ghost.nix) (through `virtualisation.oci-containers`)
- [uptime-kuma](hosts/titan/uptime-kuma.nix)
- [ntfy-sh](hosts/titan/ntfy.nix)
## ./secrets
- secrets
- see [`.sops.yaml`](.sops.yaml) for who privy to what
## backups
- hourly borgbackup to [rsync.net](https://rsync.net)
- see [modules/backup](modules/backup.nix)
## monitoring
- [status.cything.io](https://status.cything.io/): uptime kuma (reliable)
- [grafana.cything.io](https://grafana.cything.io/): some real-time metrics here; unlike the status page this will go kaput often

8
ci/upload-to-cache.sh
View file

@ -1,8 +0,0 @@
#!/bin/sh
# https://nix.dev/guides/recipes/post-build-hook.html#implementing-the-build-hook
set -eu
set -f # disable globbing
export IFS=' '
echo "Uploading paths" $OUT_PATHS
exec /nix/var/nix/profiles/default/bin/nix copy --to "s3://nixcache?endpoint=s3.cy7.sh&compression=zstd&parallel-compression=true" $OUT_PATHS

756
flake.lock generated
View file

@ -1,6 +1,171 @@
{ {
"nodes": { "nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1738524606,
"narHash": "sha256-hPYEJ4juK3ph7kbjbvv7PlU1D9pAkkhl+pwx8fZY53U=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "ff8a897d1f4408ebbf4d45fa9049c06b3e1e3f4e",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "main",
"repo": "attic",
"type": "github"
}
},
"cachix": {
"inputs": {
"devenv": "devenv",
"flake-compat": "flake-compat_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1737621947,
"narHash": "sha256-8HFvG7fvIFbgtaYAY2628Tb89fA55nPm2jSiNs0/Cws=",
"owner": "cachix",
"repo": "cachix",
"rev": "f65a3cd5e339c223471e64c051434616e18cc4f5",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "master",
"repo": "cachix",
"type": "github"
}
},
"cachix_2": {
"inputs": {
"devenv": [
"conduwuit",
"cachix",
"devenv"
],
"flake-compat": [
"conduwuit",
"cachix",
"devenv"
],
"git-hooks": [
"conduwuit",
"cachix",
"devenv"
],
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1728672398,
"narHash": "sha256-KxuGSoVUFnQLB2ZcYODW7AVPAh9JqRlD5BrfsC/Q4qs=",
"owner": "cachix",
"repo": "cachix",
"rev": "aac51f698309fd0f381149214b7eee213c66ef0a",
"type": "github"
},
"original": {
"owner": "cachix",
"ref": "latest",
"repo": "cachix",
"type": "github"
}
},
"complement": {
"flake": false,
"locked": {
"lastModified": 1741891349,
"narHash": "sha256-YvrzOWcX7DH1drp5SGa+E/fc7wN3hqFtPbqPjZpOu1Q=",
"owner": "girlbossceo",
"repo": "complement",
"rev": "e587b3df569cba411aeac7c20b6366d03c143745",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"ref": "main",
"repo": "complement",
"type": "github"
}
},
"conduwuit": {
"inputs": {
"attic": "attic",
"cachix": "cachix",
"complement": "complement",
"crane": "crane_2",
"fenix": "fenix",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils",
"liburing": "liburing",
"nix-filter": "nix-filter",
"nixpkgs": [
"nixpkgs"
],
"rocksdb": "rocksdb"
},
"locked": {
"lastModified": 1743780871,
"narHash": "sha256-xmDepDLHsIWiwpWYjhI40XOrV9jCKrYJQ+EK1EOIdRg=",
"owner": "girlbossceo",
"repo": "conduwuit",
"rev": "4e5b87d0cd16f3d015f4b61285b369d027bb909d",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"repo": "conduwuit",
"type": "github"
}
},
"crane": { "crane": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"locked": {
"lastModified": 1739936662,
"narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
"owner": "ipetkov",
"repo": "crane",
"rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
"type": "github"
},
"original": {
"owner": "ipetkov",
"ref": "master",
"repo": "crane",
"type": "github"
}
},
"crane_3": {
"locked": { "locked": {
"lastModified": 1737689766, "lastModified": 1737689766,
"narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=", "narHash": "sha256-ivVXYaYlShxYoKfSo5+y5930qMKKJ8CLcAoIBPQfJ6s=",
@ -15,13 +180,13 @@
"type": "github" "type": "github"
} }
}, },
"crane_2": { "crane_4": {
"locked": { "locked": {
"lastModified": 1746291859, "lastModified": 1741148495,
"narHash": "sha256-DdWJLA+D5tcmrRSg5Y7tp/qWaD05ATI4Z7h22gd1h7Q=", "narHash": "sha256-EV8KUaIZ2/CdBXlutXrHoZYbWPeB65p5kKZk71gvDRI=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "dfd9a8dfd09db9aad544c4d3b6c47b12562544a5", "rev": "75390a36cd0c2cdd5f1aafd8a9f827d7107f2e53",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -30,17 +195,75 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": { "devenv": {
"inputs": {
"cachix": "cachix_2",
"flake-compat": [
"conduwuit",
"cachix",
"flake-compat"
],
"git-hooks": [
"conduwuit",
"cachix",
"git-hooks"
],
"nix": "nix",
"nixpkgs": [
"conduwuit",
"cachix",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1717312683, "lastModified": 1733323168,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", "narHash": "sha256-d5DwB4MZvlaQpN6OQ4SLYxb5jA4UH5EtV5t5WOtjLPU=",
"owner": "cachix",
"repo": "devenv",
"rev": "efa9010b8b1cfd5dd3c7ed1e172a470c3b84a064",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "devenv",
"type": "github"
}
},
"fenix": {
"inputs": {
"nixpkgs": [
"conduwuit",
"nixpkgs"
],
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1740724364,
"narHash": "sha256-D1jLIueJx1dPrP09ZZwTrPf4cubV+TsFMYbpYYTVj6A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "flake-compat", "repo": "fenix",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", "rev": "edf7d9e431cda8782e729253835f178a356d3aab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "main",
"repo": "fenix",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"type": "github" "type": "github"
} }
@ -61,7 +284,101 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"ref": "master",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"conduwuit",
"cachix",
"devenv",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"lanzaboote", "lanzaboote",
@ -69,11 +386,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743550720, "lastModified": 1740872218,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", "narHash": "sha256-ZaMw0pdoUKigLpv9HiNDH2Pjnosg7NBYMJlHTIsHEUo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5", "rev": "3876f6b87db82f33775b1ef5ea343986105db764",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -96,6 +413,7 @@
}, },
"original": { "original": {
"owner": "numtide", "owner": "numtide",
"ref": "main",
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
@ -136,22 +454,40 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_4": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"garage": { "garage": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane_3",
"flake-compat": "flake-compat", "flake-compat": "flake-compat_4",
"flake-utils": "flake-utils", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1748012719, "lastModified": 1742547966,
"narHash": "sha256-s6VG70nqLCzAOLRgZ3oETQ8VJcsrEUol2vjTiYyesK4=", "narHash": "sha256-AJfw+XRaRyrlpb9Wy6rVz44JePy0AXWPECXVPBnrOfI=",
"owner": "deuxfleurs-org", "owner": "deuxfleurs-org",
"repo": "garage", "repo": "garage",
"rev": "37e5621dde5c25ccac4f6da4d7c60f45fc71ff88", "rev": "14d2f2b18da015508d4a1e31b2f014da5188d516",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -160,7 +496,59 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": [
"conduwuit",
"cachix",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"conduwuit",
"cachix",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1733318908,
"narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "6f4e2a2112050951a314d2733a994fbab94864c6",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"conduwuit",
"cachix",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -189,11 +577,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748529677, "lastModified": 1743948087,
"narHash": "sha256-MJEX3Skt5EAIs/aGHD8/aXXZPcceMMHheyIGSjvxZN0=", "narHash": "sha256-B6cIi2ScgVSROPPlTti6len+TdR0K25B9R3oKvbw3M8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "da282034f4d30e787b8a10722431e8b650a907ef", "rev": "ef3b2a6b602c3f1a80c6897d6de3ee62339a3eb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,9 +592,9 @@
}, },
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane_4",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -214,11 +602,11 @@
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1747056319, "lastModified": 1741442524,
"narHash": "sha256-qSKcBaISBozadtPq6BomnD+wIYTZIkiua3UuHLaD52c=", "narHash": "sha256-tVcxLDLLho8dWcO81Xj/3/ANLdVs0bGyCPyKjp70JWk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "2e425f3da6ce7f5b34fa6eaf7a2a7f78dbabcc85", "rev": "d8099586d9a84308ffedac07880e7f07a0180ff4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -228,9 +616,42 @@
"type": "github" "type": "github"
} }
}, },
"libgit2": {
"flake": false,
"locked": {
"lastModified": 1697646580,
"narHash": "sha256-oX4Z3S9WtJlwvj0uH9HlYcWv+x1hqp8mhXl7HsLu2f0=",
"owner": "libgit2",
"repo": "libgit2",
"rev": "45fd9ed7ae1a9b74b957ef4f337bc3c8b3df01b5",
"type": "github"
},
"original": {
"owner": "libgit2",
"repo": "libgit2",
"type": "github"
}
},
"liburing": {
"flake": false,
"locked": {
"lastModified": 1740613216,
"narHash": "sha256-NpPOBqNND3Qe9IwqYs0mJLGTmIx7e6FgUEBAnJ+1ZLA=",
"owner": "axboe",
"repo": "liburing",
"rev": "e1003e496e66f9b0ae06674869795edf772d5500",
"type": "github"
},
"original": {
"owner": "axboe",
"ref": "master",
"repo": "liburing",
"type": "github"
}
},
"nil": { "nil": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@ -250,6 +671,85 @@
"type": "github" "type": "github"
} }
}, },
"nix": {
"inputs": {
"flake-compat": [
"conduwuit",
"cachix",
"devenv"
],
"flake-parts": "flake-parts_2",
"libgit2": "libgit2",
"nixpkgs": "nixpkgs_3",
"nixpkgs-23-11": [
"conduwuit",
"cachix",
"devenv"
],
"nixpkgs-regression": [
"conduwuit",
"cachix",
"devenv"
],
"pre-commit-hooks": [
"conduwuit",
"cachix",
"devenv"
]
},
"locked": {
"lastModified": 1727438425,
"narHash": "sha256-X8ES7I1cfNhR9oKp06F6ir4Np70WGZU5sfCOuNBEwMg=",
"owner": "domenkozar",
"repo": "nix",
"rev": "f6c5ae4c1b2e411e6b1e6a8181cc84363d6a7546",
"type": "github"
},
"original": {
"owner": "domenkozar",
"ref": "devenv-2.24",
"repo": "nix",
"type": "github"
}
},
"nix-filter": {
"locked": {
"lastModified": 1731533336,
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
"owner": "numtide",
"repo": "nix-filter",
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "nix-filter",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"conduwuit",
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -257,11 +757,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748145500, "lastModified": 1743911143,
"narHash": "sha256-t9fx0l61WOxtWxXCqlXPWSuG/0XMF9DtE2T7KXgMqJw=", "narHash": "sha256-4j4JPwr0TXHH4ZyorXN5yIcmqIQr0WYacsuPA4ktONo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "a98adbf54d663395df0b9929f6481d4d80fc8927", "rev": "a36f6a7148aec2c77d78e4466215cceb2f5f4bfb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -277,11 +777,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747646130, "lastModified": 1743410259,
"narHash": "sha256-B4+JyeF6u7FINPD1Fzc7QiDlmG1L06z/34MqMlBfPDQ=", "narHash": "sha256-tjdkPPkRT1Mj72yrpN8oUxYw9SaG8wOQWD3auS1bvSs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-ld", "repo": "nix-ld",
"rev": "14ad0c0a26dae752c93fa9fa59437bfd2b8aaf69", "rev": "140451db1cadeef1e7e9e054332b67b7be808916",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,11 +792,107 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1748370509, "lastModified": 1726042813,
"narHash": "sha256-QlL8slIgc16W5UaI3w7xHQEP+Qmv/6vSNTpoZrrSlbk=", "narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730531603,
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1717432640,
"narHash": "sha256-+f9c4/ZX5MWDOuB1rKoWj+lBNm0z0rs4CK47HBLxy1o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "88269ab3044128b7c2f4c7d68448b2fb50456870",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4faa5f5321320e49a78ae7848582f684d64783e9", "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -312,18 +908,18 @@
"lanzaboote", "lanzaboote",
"flake-compat" "flake-compat"
], ],
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1746537231, "lastModified": 1740915799,
"narHash": "sha256-Wb2xeSyOsCoTCTj7LOoD6cdKLEROyFAArnYoS+noCWo=", "narHash": "sha256-JvQvtaphZNmeeV+IpHgNdiNePsIpHD5U/7QN5AeY44A=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "fa466640195d38ec97cf0493d6d6882bc4d14969", "rev": "42b1ba089d2034d910566bf6b40830af6b8ec732",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -332,20 +928,55 @@
"type": "github" "type": "github"
} }
}, },
"rocksdb": {
"flake": false,
"locked": {
"lastModified": 1741308171,
"narHash": "sha256-YdBvdQ75UJg5ffwNjxizpviCVwVDJnBkM8ZtGIduMgY=",
"owner": "girlbossceo",
"repo": "rocksdb",
"rev": "3ce04794bcfbbb0d2e6f81ae35fc4acf688b6986",
"type": "github"
},
"original": {
"owner": "girlbossceo",
"ref": "v9.11.1",
"repo": "rocksdb",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"conduwuit": "conduwuit",
"garage": "garage", "garage": "garage",
"home-manager": "home-manager", "home-manager": "home-manager",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nil": "nil", "nil": "nil",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nix-ld": "nix-ld", "nix-ld": "nix-ld",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_5",
"rust-overlay": "rust-overlay_4", "rust-overlay": "rust-overlay_4",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"vscode-extensions": "vscode-extensions" "vscode-extensions": "vscode-extensions"
} }
}, },
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1740691488,
"narHash": "sha256-Fs6vBrByuiOf2WO77qeMDMTXcTGzrIMqLBv+lNeywwM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "fe3eda77d3a7ce212388bda7b6cec8bffcc077e5",
"type": "github"
},
"original": {
"owner": "rust-lang",
"ref": "nightly",
"repo": "rust-analyzer",
"type": "github"
}
},
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -376,11 +1007,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747017456, "lastModified": 1741228283,
"narHash": "sha256-C/U12fcO+HEF071b5mK65lt4XtAIZyJSSJAg9hdlvTk=", "narHash": "sha256-VzqI+k/eoijLQ5am6rDFDAtFAbw8nltXfLBC6SIEJAE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "5b07506ae89b025b14de91f697eba23b48654c52", "rev": "38e9826bc4296c9daf18bc1e6aa299f3e932a403",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,11 +1048,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1748486227, "lastModified": 1743906877,
"narHash": "sha256-veMuFa9cq/XgUXp1S57oC8K0TIw3XyZWL2jIyGWlW0c=", "narHash": "sha256-Thah1oU8Vy0gs9bh5QhNcQh1iuQiowMnZPbrkURonZA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "4bf1892eb81113e868efe67982b64f1da15c8c5a", "rev": "9d00c6b69408dd40d067603012938d9fbe95cfcd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -437,11 +1068,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1747603214, "lastModified": 1743910657,
"narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=", "narHash": "sha256-zr2jmWeWyhCD8WmO2aWov2g0WPPuZfcJDKzMJZYGq3Y=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd", "rev": "523f58a4faff6c67f5f685bed33a7721e984c304",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -495,19 +1126,34 @@
"type": "github" "type": "github"
} }
}, },
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"vscode-extensions": { "vscode-extensions": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1748397853, "lastModified": 1743904774,
"narHash": "sha256-tudGoP5caIJ5TzkV6wnsmUk7Spx21oWMKpkmPbjRNZc=", "narHash": "sha256-dHnwYLz1b6ohGP2DjWKpDFEZ9WOm4vYuPXKUna08awU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "ac4fc8eb9a1ee5eeb3c0a30f57652e4c5428d3a5", "rev": "da51d4cab526bef885e8c95ab2b9455bfe0940d4",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
flake.nix
View file

@ -11,6 +11,8 @@
lanzaboote.inputs.nixpkgs.follows = "nixpkgs"; lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
rust-overlay.url = "github:oxalica/rust-overlay"; rust-overlay.url = "github:oxalica/rust-overlay";
rust-overlay.inputs.nixpkgs.follows = "nixpkgs"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
conduwuit.url = "github:girlbossceo/conduwuit";
conduwuit.inputs.nixpkgs.follows = "nixpkgs";
nix-ld.url = "github:nix-community/nix-ld"; nix-ld.url = "github:nix-community/nix-ld";
nix-ld.inputs.nixpkgs.follows = "nixpkgs"; nix-ld.inputs.nixpkgs.follows = "nixpkgs";
nil.url = "github:oxalica/nil"; nil.url = "github:oxalica/nil";

6
garnix.yaml Normal file
View file

@ -0,0 +1,6 @@
builds:
include:
- 'nixosConfigurations.*'
- 'homeConfigurations.*'
- '*.aarch64-linux.*'
- '*.x86_64-linux.*'

4
home/kitty.nix
View file

@ -7,13 +7,13 @@
package = pkgs.ibm-plex; package = pkgs.ibm-plex;
size = 12; size = 12;
}; };
themeFile = "GitHub_Dark";
settings = { settings = {
enable_audio_bell = true; enable_audio_bell = true;
# how many windows should be open before kitty asks # how many windows should be open before kitty asks
# for confirmation # for confirmation
confirm_os_window_close = 0; confirm_os_window_close = 0;
clear_all_shortcuts = true; clear_all_shortcuts = true;
background_opacity = 0.9;
# will probably lower this later but the max allowed is actually 4GB # will probably lower this later but the max allowed is actually 4GB
# this is NOT stored in memory and can only be viewed with scrollback_pager # this is NOT stored in memory and can only be viewed with scrollback_pager
@ -21,7 +21,7 @@
# see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399 # see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399
"scrollback_pager" = "bat --pager='less -FR +G'"; "scrollback_pager" = "bat --pager='less -FR +G'";
# "scrollback_lines" = 20000; # "scrollback_lines" = 20000;
# wheel_scroll_multiplier = 50; wheel_scroll_multiplier = 50;
}; };
keybindings = { keybindings = {
# kitty_mod is ctrl+shift by default # kitty_mod is ctrl+shift by default

119
home/yt/ytnix.nix
View file

@ -8,7 +8,7 @@
./common.nix ./common.nix
../irssi.nix ../irssi.nix
../kitty.nix ../kitty.nix
# ../codium.nix ../codium.nix
]; ];
home = { home = {
username = "yt"; username = "yt";
@ -28,7 +28,10 @@
home.packages = home.packages =
with pkgs; with pkgs;
lib.flatten [ lib.flatten [
ungoogled-chromium
librewolf
bitwarden-desktop bitwarden-desktop
bitwarden-cli
fastfetch fastfetch
(with kdePackages; [ (with kdePackages; [
gwenview gwenview
@ -38,58 +41,32 @@
signal-desktop signal-desktop
btop btop
jq jq
sqlite
usbutils usbutils
calibre calibre
tor-browser tor-browser
wtype wtype
bat bat
rclone rclone
go
(rust-bin.selectLatestNightlyWith ( (rust-bin.selectLatestNightlyWith (
toolchain: toolchain:
toolchain.default.override { toolchain.default.override {
extensions = [ "rust-src" ]; extensions = [ "rust-src" ];
targets = [ "aarch64-unknown-linux-musl" ];
} }
)) ))
pwgen
gnumake gnumake
unzip unzip
anki-bin anki-bin
trezorctl
q
gdb gdb
fuzzel fuzzel
hugo hugo
ghidra
sccache sccache
awscli2 awscli2
p7zip
qbittorrent
android-tools
(python313.withPackages (
p: with p; [
python-lsp-server
pip
virtualenv
]
))
scrcpy
syncthing
(with llvmPackages; [
clangUseLLVM
compiler-rt
libllvm
])
nix-output-monitor
cinny-desktop
minio-client
keepassxc
jujutsu
ffmpeg
typst
pavucontrol
# reversing
radare2
jadx
frida-tools
mitmproxy
(cutter.withPlugins ( (cutter.withPlugins (
p: with p; [ p: with p; [
rz-ghidra rz-ghidra
@ -97,6 +74,36 @@
sigdb sigdb
] ]
)) ))
p7zip
qbittorrent
android-tools
frida-tools
mitmproxy
(python313.withPackages (
p: with p; [
python-lsp-server
pip
virtualenv
]
))
jadx
scrcpy
syncthing
syncthingtray
(with llvmPackages; [
clangUseLLVM
compiler-rt
libllvm
])
nix-output-monitor
wl-clipboard-rs
pixelflasher
cinny-desktop
freetube
gopls
rust-analyzer
minio-client
nil
]; ];
home.sessionVariables = { home.sessionVariables = {
@ -148,56 +155,10 @@
enable = true; enable = true;
viAlias = true; viAlias = true;
vimAlias = true; vimAlias = true;
extraPackages = with pkgs; [
lua-language-server
nixd
rust-analyzer
fzf
fd
ripgrep
bat
delta
taplo
llvmPackages.clang-tools
pyright
tree-sitter
nodejs
nixfmt-rfc-style
];
}; };
programs.ssh = { programs.ssh = {
enable = true; enable = true;
addKeysToAgent = "yes"; addKeysToAgent = "yes";
}; };
programs.firefox.enable = true;
programs.emacs = {
enable = true;
extraPackages = _: with pkgs; [
rust-analyzer
nil
ispell
];
};
gtk = {
enable = true;
theme.package = pkgs.gnome-themes-extra;
theme.name = "Adwaita-dark";
};
qt = {
enable = true;
platformTheme.name = "adwaita";
style.name = "adwaita-dark";
style.package = pkgs.adwaita-qt;
};
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
};
};
} }

21
home/zsh/default.nix
View file

@ -37,6 +37,12 @@
searchDownKey = "^n"; searchDownKey = "^n";
}; };
# prezto = {
# enable = true;
# caseSensitive = false;
# editor.keymap = "vi";
# };
initExtra = '' initExtra = ''
# disable control+s to pause terminal # disable control+s to pause terminal
unsetopt FLOW_CONTROL unsetopt FLOW_CONTROL
@ -79,11 +85,14 @@
shellAliases = { shellAliases = {
"vi" = "nvim"; "vi" = "nvim";
"vim" = "nvim"; "vim" = "nvim";
"t" = "tmux";
"tl" = "tmux list-sessions";
"ta" = "tmux new-session -A -s";
"se" = "sudoedit"; "se" = "sudoedit";
"s" = "sudo"; "s" = "sudo";
"nrs" = "sudo nixos-rebuild switch -L --flake ~/nixos-config"; "nrs" = "sudo nixos-rebuild switch -L --flake . --log-format internal-json -v |& nom --json";
"nrt" = "sudo nixos-rebuild test -L --flake ~/nixos-config"; "nrt" = "sudo nixos-rebuild test -L --flake . --log-format internal-json -v |& nom --json";
"hrs" = "home-manager switch -L --flake ~/nixos-config"; "hrs" = "home-manager switch -L --flake .";
"g" = "git"; "g" = "git";
"ga" = "git add"; "ga" = "git add";
"gaa" = "git add --all"; "gaa" = "git add --all";
@ -91,6 +100,7 @@
"gc" = "git commit --verbose"; "gc" = "git commit --verbose";
"gcmsg" = "git commit --message"; "gcmsg" = "git commit --message";
"gd" = "git diff"; "gd" = "git diff";
"gdca" = "git diff --cached";
"gds" = "git diff --staged"; "gds" = "git diff --staged";
"gl" = "git log --stat"; "gl" = "git log --stat";
"glg" = "git log --graph"; "glg" = "git log --graph";
@ -103,11 +113,6 @@
"gs" = "git status --short"; "gs" = "git status --short";
"gss" = "git status"; "gss" = "git status";
"code" = "codium"; "code" = "codium";
"jl" = "jj log -n 10";
"jll" = "jj log";
"jd" = "jj diff";
"jn" = "jj new";
"jm" = "jj describe -m";
}; };
}; };

36
hosts/chunk/default.nix
View file

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -69,10 +70,7 @@
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = [ trustedInterfaces = [ "tailscale0" ];
"tailscale0"
"podman1"
];
allowedTCPPorts = [ allowedTCPPorts = [
22 22
80 80
@ -81,6 +79,32 @@
allowedUDPPorts = [ allowedUDPPorts = [
443 443
]; ];
extraCommands =
let
ethtool = lib.getExe pkgs.ethtool;
tc = lib.getExe' pkgs.iproute2 "tc";
in
''
# disable TCP segmentation offload (https://wiki.archlinux.org/title/Advanced_traffic_control#Prerequisites)
${ethtool} -K ens18 tso off
# clear existing rules
${tc} qdisc del dev ens18 root || true
# create HTB hierarchy
${tc} qdisc add dev ens18 root handle 1: htb default 10
${tc} class add dev ens18 parent 1: classid 1:1 htb rate 100% ceil 100%
# rest
${tc} class add dev ens18 parent 1:1 classid 1:10 htb rate 60% ceil 100%
# caddy
${tc} class add dev ens18 parent 1:1 classid 1:30 htb rate 40% ceil 100%
# mark traffic
iptables -t mangle -A OUTPUT -m cgroup --path "system.slice/caddy.service" -j MARK --set-mark 3
# route marked packets
${tc} filter add dev ens18 parent 1: protocol ip prio 1 handle 3 fw flowid 1:30
'';
}; };
interfaces.ens18 = { interfaces.ens18 = {
ipv6.addresses = [ ipv6.addresses = [
@ -133,7 +157,6 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
neovim
wget wget
curl curl
tree tree
@ -161,8 +184,7 @@
my.containerization.enable = true; my.containerization.enable = true;
my.authelia.enable = true; my.authelia.enable = true;
my.karakeep = { my.karakeep = {
enable = false; enable = true;
dataDir = "/opt/karakeep"; dataDir = "/opt/karakeep";
}; };
my.roundcube.enable = true;
} }

2
hosts/chunk/garage.nix
View file

@ -25,7 +25,7 @@
compression_level = "none"; compression_level = "none";
}; };
environmentFile = config.sops.secrets."garage/env".path; environmentFile = config.sops.secrets."garage/env".path;
logLevel = "info"; logLevel = "warn";
}; };
services.caddy.virtualHosts = { services.caddy.virtualHosts = {

5
hosts/chunk/postgres.nix
View file

@ -19,5 +19,8 @@
} }
]; ];
}; };
services.postgresqlBackup.enable = true; services.postgresqlBackup = {
enable = true;
startAt = "hourly";
};
} }

12
hosts/chunk/rclone.nix
View file

@ -14,22 +14,22 @@ let
--config ${config.sops.secrets."rclone/config".path} \ --config ${config.sops.secrets."rclone/config".path} \
--allow-other \ --allow-other \
--cache-dir /var/cache/rclone \ --cache-dir /var/cache/rclone \
--transfers 16 \ --transfers 64 \
--vfs-cache-mode writes \ --vfs-cache-mode full \
--vfs-cache-min-free-space 5G \ --vfs-cache-min-free-space 5G \
--dir-cache-time 30d \ --dir-cache-time 30d \
--no-checksum \
--no-modtime \ --no-modtime \
--vfs-fast-fingerprint \ --vfs-fast-fingerprint \
--vfs-read-chunk-size 128M \ --vfs-read-chunk-size 8M \
--vfs-read-chunk-streams 0 \ --vfs-read-chunk-streams 16 \
--sftp-concurrency 64 \ --sftp-concurrency 128 \
--sftp-chunk-size 255k \ --sftp-chunk-size 255k \
--buffer-size 0 \ --buffer-size 0 \
--write-back-cache \ --write-back-cache \
${remote} ${mount} ${remote} ${mount}
''; '';
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}"; ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -zu ${mount}";
Restart = "on-failure";
}; };
in in
{ {

4
hosts/common.nix
View file

@ -1,7 +1,6 @@
{ inputs, config, pkgs, ... }: { inputs, config, pkgs, ... }:
{ {
nix = { nix = {
package = pkgs.lix;
settings = { settings = {
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
auto-optimise-store = true; auto-optimise-store = true;
@ -39,7 +38,7 @@
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
networking = { networking = {
firewall.logRefusedConnections = true; firewall.logRefusedConnections = false;
nameservers = [ nameservers = [
# quad9 (unfiltered) # quad9 (unfiltered)
"2620:fe::10" "2620:fe::10"
@ -56,7 +55,6 @@
"nts.teambelgium.net" "nts.teambelgium.net"
"c.st1.ntp.br" "c.st1.ntp.br"
]; ];
nftables.enable = true;
}; };
services.chrony = { services.chrony = {
enable = true; enable = true;

109
hosts/ytnix/default.nix
View file

@ -44,11 +44,10 @@
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxPackages_6_14; kernelPackages = pkgs.linuxKernel.packages.linux_zen;
extraModulePackages = with config.boot.kernelPackages; [ extraModulePackages = with config.boot.kernelPackages; [
rtl8821ce rtl8821ce
]; ];
kernelModules = [ "8821ce" ];
kernelParams = [ kernelParams = [
# see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management # see https://github.com/tomaspinho/rtl8821ce#pcie-active-state-power-management
"pcie_aspm=off" "pcie_aspm=off"
@ -61,10 +60,7 @@
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
kernel.sysctl = { kernel.sysctl."kernel.sysrq" = 1;
"kernel.sysrq" = 1;
# "net.ipv4.ip_forward" = 1;
};
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
@ -91,12 +87,12 @@
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
enable = true; enable = true;
trustedInterfaces = [ trustedInterfaces = [ "tailscale0" ];
"tailscale0" # allowedTCPPorts = [
]; # 8080 # mitmproxy
extraInputRules = '' # 22000 # syncthing
ip saddr 192.168.100.0/24 tcp dport 9234 accept # 3003 # immich-ml
''; # ];
}; };
hosts = { hosts = {
"100.122.132.30" = [ "s3.cy7.sh" ]; "100.122.132.30" = [ "s3.cy7.sh" ];
@ -109,10 +105,8 @@
pulse.enable = true; pulse.enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;
wireplumber.extraConfig."10-bluetooth-enhancements" = { wireplumber.extraConfig.bluetoothEnhancements = {
"wireplumber.settings" = { # https://julian.pages.freedesktop.org/wireplumber/daemon/configuration/bluetooth.html#bluetooth-configuration
"bluetooth.autoswitch-to-headset-profile" = false;
};
"monitor.bluez.properties" = { "monitor.bluez.properties" = {
"bluez5.enable-sbc-xq" = true; "bluez5.enable-sbc-xq" = true;
"bluez5.enable-msbc" = true; "bluez5.enable-msbc" = true;
@ -120,27 +114,27 @@
"bluez5.roles" = [ "bluez5.roles" = [
"a2dp_sink" "a2dp_sink"
"a2dp_source" "a2dp_source"
"hsp_hs"
"hsp_ag"
"hfp_hf" "hfp_hf"
"hfp_ag" "hfp_ag"
]; ];
}; };
}; };
# https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
wireplumber.extraConfig."11-disable-suspend" = { wireplumber.extraConfig.disableSuspend = {
"monitor.bluez.rules" = [ "monitor.bluez.rules" = {
{ matches = [
matches = [ {
{ "node.name" = "bluez_output.*";
"device.name" = "bluez_card.*"; }
} ];
]; };
actions = { actions = {
update-props = { update-props = {
"session.suspend-timeout-seconds" = 0; "session.suspend-timeout-seconds" = 0;
}; };
}; };
}
];
}; };
}; };
@ -210,7 +204,7 @@
services.displayManager = { services.displayManager = {
enable = true; enable = true;
autoLogin.user = "yt"; autoLogin.user = "yt";
defaultSession = "sway"; defaultSession = "plasma";
sddm = { sddm = {
enable = true; enable = true;
wayland.enable = true; wayland.enable = true;
@ -219,14 +213,10 @@
}; };
fonts = { fonts = {
packages = packages = with pkgs; [
(with pkgs; [ nerd-fonts.roboto-mono
ibm-plex ibm-plex
]) ];
++ (with pkgs.nerd-fonts; [
roboto-mono
jetbrains-mono
]);
enableDefaultPackages = true; enableDefaultPackages = true;
}; };
@ -248,7 +238,6 @@
"/home/yt/Games" "/home/yt/Games"
"/home/yt/Videos" "/home/yt/Videos"
"/home/yt/.bitmonero" "/home/yt/.bitmonero"
"/home/yt/vms"
]; ];
repo = "yt"; repo = "yt";
passFile = config.sops.secrets."borg/rsyncnet".path; passFile = config.sops.secrets."borg/rsyncnet".path;
@ -277,10 +266,6 @@
enable = true; enable = true;
qemu.vhostUserPackages = with pkgs; [ virtiofsd ]; qemu.vhostUserPackages = with pkgs; [ virtiofsd ];
}; };
# virtualisation.vmware.host = {
# enable = true;
# package = pkgs.vmware-workstation;
# };
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
my.containerization.enable = true; my.containerization.enable = true;
@ -331,7 +316,6 @@
xorg.libxshmfence xorg.libxshmfence
xorg.libXxf86vm xorg.libXxf86vm
xorg.libSM xorg.libSM
xorg.libICE
gtk3 gtk3
pango pango
gdk-pixbuf gdk-pixbuf
@ -376,6 +360,12 @@
]; ];
}; };
services.ollama.enable = false;
services.trezord.enable = true;
programs.niri.enable = false;
programs.niri.package = pkgs.niri-unstable;
programs.xwayland.enable = true; programs.xwayland.enable = true;
services.udev.extraHwdb = '' services.udev.extraHwdb = ''
@ -400,32 +390,7 @@
programs.ccache.enable = true; programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ]; nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
nix.settings.sandbox = true; nix.settings.sandbox = false;
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraPackages = with pkgs; [
rofi-wayland
cliphist
rofimoji
grim
slurp
swaylock
swayidle
brightnessctl
waybar
wl-clipboard
];
};
programs.ghidra = {
enable = true;
package = pkgs.ghidra.withExtensions (p: with p; [
findcrypt
ret-sync
]);
};
} }

2
hosts/ytnix/hardware-configuration.nix
View file

@ -82,5 +82,5 @@
# networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault true; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

1
modules/authelia.nix
View file

@ -68,7 +68,6 @@ in
]; ];
scopes = [ "openid" "profile" "email" ]; scopes = [ "openid" "profile" "email" ];
userinfo_signed_response_alg = "none"; userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
} }
{ {
client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU"; client_id = "_kuUEYxyfXjInJCniwugpw2Qn6iI-YW24NOkHZG~63BAhnAACDZ.xsLqOdGghj2DNZxXR0sU";

9
modules/backup.nix
View file

@ -21,7 +21,7 @@ let
"/var/lib/docker" "/var/lib/docker"
"/var/lib/containers" # podman "/var/lib/containers" # podman
"/var/lib/systemd" "/var/lib/systemd"
"/var/lib/libvirt/images" "/var/lib/libvirt"
"**/.rustup" "**/.rustup"
"**/.cargo" "**/.cargo"
"**/.docker" "**/.docker"
@ -47,7 +47,7 @@ in
}; };
startAt = lib.mkOption { startAt = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "daily"; default = "hourly";
description = "see systemd.timer(5)"; description = "see systemd.timer(5)";
}; };
jobName = lib.mkOption { jobName = lib.mkOption {
@ -98,9 +98,8 @@ in
failOnWarnings = false; failOnWarnings = false;
prune.keep = { prune.keep = {
daily = 7; within = "2d";
weekly = 12; daily = 365;
monthly = -1;
}; };
extraPruneArgs = [ "--stats" ]; extraPruneArgs = [ "--stats" ];
}; };

10
modules/caddy.nix
View file

@ -19,9 +19,9 @@ in
plugins = [ plugins = [
# error message will tell you the correct version tag to use # error message will tell you the correct version tag to use
# (still need the @ to pass nix config check) # (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.2.2-0.20250420134112-006ebb07b349" "github.com/caddy-dns/cloudflare@v0.0.0-20250228175314-1fb64108d4de"
]; ];
hash = "sha256-2U+icm4GtI5Fww6U8nKzQ/+pPf63T3scTGuj1zjj4b4="; hash = "sha256-YYpsf8HMONR1teMiSymo2y+HrKoxuJMKIea5/NEykGc=";
}; };
logFormat = lib.mkForce "level INFO"; logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
@ -37,9 +37,9 @@ in
(authelia) { (authelia) {
forward_auth localhost:9091 { forward_auth localhost:9091 {
uri /api/authz/forward-auth uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
} }
} }
''; '';
environmentFile = config.sops.secrets."caddy/env".path; environmentFile = config.sops.secrets."caddy/env".path;

4
modules/roundcube.nix
View file

@ -31,7 +31,6 @@ in
"contextmenu" "contextmenu"
"custom_from" "custom_from"
"thunderbird_labels" "thunderbird_labels"
"managesieve"
]; ];
dicts = with pkgs.aspellDicts; [ en ]; dicts = with pkgs.aspellDicts; [ en ];
extraConfig = '' extraConfig = ''
@ -39,8 +38,6 @@ in
$config['smtp_host'] = "ssl://smtp.migadu.com:465"; $config['smtp_host'] = "ssl://smtp.migadu.com:465";
$config['smtp_user'] = "%u"; $config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p"; $config['smtp_pass'] = "%p";
$config['managesieve_host'] = "tls://imap.migadu.com";
$config['managesieve_port'] = 4190;
''; '';
}; };
@ -51,7 +48,6 @@ in
services.caddy.virtualHosts."mail.cy7.sh".extraConfig = '' services.caddy.virtualHosts."mail.cy7.sh".extraConfig = ''
import common import common
import authelia
root ${roundcube.package} root ${roundcube.package}
php_fastcgi unix/${fpm.socket} php_fastcgi unix/${fpm.socket}
file_server file_server

3
overlay/default.nix
View file

@ -7,6 +7,9 @@
pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg}; pkgFrom = flake: pkg: flake.packages.${prev.system}.${pkg};
in in
{ {
conduwuit = pkgFrom inputs.conduwuit "default";
attic-server = pkgFrom inputs.attic "attic-server";
attic = pkgFrom inputs.attic "attic";
garage = ( garage = (
(pkgFrom inputs.garage "default").overrideAttrs { (pkgFrom inputs.garage "default").overrideAttrs {
meta.mainProgram = "garage"; meta.mainProgram = "garage";