cy/nixos-config
cy/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Compare commits

base: cy:main
Branches Tags
cy:main
cy:update
cy:downgrade-kernel
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence
..
compare: cy:impermanence
Branches Tags
cy:update
cy:downgrade-kernel
cy:main
cy:soju
cy:kde
cy:shiori
cy:caddy-module
cy:anki-overlay
cy:nixpkgs-master
cy:lix
cy:pan-home
cy:pi
cy:pancake
cy:pancake-sd-image
cy:arm
cy:lix-404
cy:customize-kernel
cy:blueprint
cy:flake-utils
cy:conduwuit-flake
cy:ghostty
cy:zen
cy:update_flake_lock_action
cy:lact-fix-test
cy:alvr-test
cy:workflow-refactor
cy:bump-conduwuit
cy:test
cy:gollum
cy:build
cy:nginx
cy:iso
cy:flake-parts
cy:temp
cy:codespace
cy:sway
cy:minio
cy:garage-module
cy:garage-test
cy:vscode
cy:purge
cy:create-pull-request/patch
cy:staging
cy:garage
cy:harmonia
cy:impermanence

1 commit
main ... impermanen

Author SHA1 Message Date
cy
fb51ba8285 init 2025-01-01 20:56:11 -05:00
75 changed files with 879 additions and 3163 deletions
Show stats Expand all files Collapse all files

126
.github/workflows/build-machines-and-homes.yml vendored
View file

@ -1,126 +0,0 @@
name: build and cache machines and homes
on:
workflow_dispatch:
push:
pull_request:
jobs:
build-machines:
strategy:
matrix:
machine:
- chunk
- ytnix
- titan
os:
- ubuntu-latest
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Maximize build disk space
uses: easimon/maximize-build-space@v10
with:
overprovision-lvm: true
swap-size-mb: 1024
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
remove-docker-images: 'true'
build-mount-path: /nix
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
install_url: https://releases.nixos.org/nix/nix-2.25.4/install
extra_nix_config: 'accept-flake-config = true'
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ vars.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ matrix.machine }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.machine }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-last-accessed: 86400
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# always save the cache
save-always: true
- run: nix build -L .#nixosConfigurations.${{ matrix.machine }}.config.system.build.toplevel
build-homes:
strategy:
matrix:
home:
- yt@ytnix
- yt@chunk
os:
- ubuntu-latest
# - macos-latest
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Maximize build disk space
uses: easimon/maximize-build-space@v10
with:
overprovision-lvm: true
swap-size-mb: 1024
remove-dotnet: 'true'
remove-android: 'true'
remove-haskell: 'true'
remove-codeql: 'true'
remove-docker-images: 'true'
build-mount-path: /nix
- uses: nixbuild/nix-quick-install-action@master
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ vars.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ matrix.home }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.home }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-last-accessed: 86400
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# always save the cache
save-always: true
- run: nix build -L .#homeConfigurations."${{ matrix.home }}".activationPackage

59
.github/workflows/build-packages.yml vendored
View file

@ -1,59 +0,0 @@
name: build and cache packages
on:
workflow_dispatch:
inputs:
package:
description: "package to build"
required: false
type: string
jobs:
build-packages:
strategy:
matrix:
package:
- github:cything/nixpkgs/928e0c6874ab3e759305e93f806a4cf559645677#alvr
- github:cything/nixpkgs/8929e1256ceec677dd57fce405cdaca23176399b#lact
- ${{ inputs.package }}
os:
- ubuntu-latest
- macos-latest
- ubuntu-24.04-arm
runs-on: ${{ matrix.os }}
continue-on-error: true
steps:
- name: Install Nix
uses: cachix/install-nix-action@v30
- name: Sync repository
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: cachix/cachix-action@v14
with:
name: cything
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
useDaemon: false
installCommand: nix profile install nixpkgs#cachix
- name: Setup Attic cache
uses: ryanccn/attic-action@v0
with:
endpoint: ${{ vars.ATTIC_ENDPOINT }}
cache: ${{ vars.ATTIC_CACHE }}
token: ${{ secrets.ATTIC_TOKEN }}
- name: Restore and cache Nix store
uses: nix-community/cache-nix-action@v5.1.0
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ matrix.package }}-${{ hashFiles('**/*.nix', 'flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-${{ matrix.package }}-
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago relative to the start of the `Post Restore` phase
purge-last-accessed: 86400
# except the version with the `primary-key`, if it exists
purge-primary-key: never
# always save the cache
save-always: true
- run: nix build -L ${{ matrix.package }}

20
.sops.yaml
View file

@ -93,23 +93,3 @@ creation_rules:
- age: - age:
- *yt - *yt
- *cy - *cy
- path_regex: secrets/services/attic.yaml
key_groups:
- age:
- *chunk
- *cy
- path_regex: secrets/services/garage.yaml
key_groups:
- age:
- *chunk
- *cy
- path_regex: secrets/services/tailscale.yaml
key_groups:
- age:
- *chunk
- *cy
- path_regex: secrets/yt/(.*).yaml$
key_groups:
- age:
- *yt
- *cy

2
LICENSE
View file

@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2025 Cy Copyright (c) 2024 Cy Pokhrel
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

1187
flake.lock generated
View file

File diff suppressed because it is too large Load diff

234
flake.nix
View file

@ -2,7 +2,8 @@
description = "cy's flake"; description = "cy's flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -11,103 +12,19 @@
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
treefmt = { treefmt.url = "github:numtide/treefmt-nix";
url = "github:numtide/treefmt-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
disko = { disko = {
url = "github:nix-community/disko/latest"; url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/master"; url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs";
inputs.crane.follows = "crane";
inputs.flake-compat.follows = "flake-compat";
inputs.flake-parts.follows = "flake-parts";
inputs.rust-overlay.follows = "rust-overlay";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-parts.follows = "flake-parts";
inputs.flake-compat.follows = "flake-compat";
inputs.home-manager.follows = "home-manager";
inputs.treefmt-nix.follows = "treefmt";
};
flake-parts = {
url = "github:hercules-ci/flake-parts";
inputs.nixpkgs-lib.follows = "nixpkgs";
};
niri = {
url = "github:sodiboo/niri-flake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs-stable.follows = "nixpkgs";
};
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
conduwuit = { impermanence.url = "github:nix-community/impermanence";
url = "github:girlbossceo/conduwuit";
inputs = {
nixpkgs.follows = "nixpkgs";
crane.follows = "crane";
flake-compat.follows = "flake-compat";
flake-utils.follows = "flake-utils";
};
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
inputs.lix.follows = "lix";
};
lix = {
url = "git+https://git.lix.systems/lix-project/lix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-compat.follows = "flake-compat";
};
nix-ld = {
url = "github:nix-community/nix-ld";
inputs.nixpkgs.follows = "nixpkgs";
};
plasma-manager = {
url = "github:nix-community/plasma-manager";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
nixpkgs-garage.url = "github:cything/nixpkgs/garage-module"; # unmerged PR nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
nvim-github-theme = {
url = "github:projekt0n/github-nvim-theme";
flake = false;
};
# deduplication
flake-utils.url = "github:numtide/flake-utils";
crane.url = "github:ipetkov/crane";
flake-compat.url = "github:edolstra/flake-compat";
};
nixConfig = {
extra-substituters = [
"https://cache.cything.io/central"
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://cything.cachix.org"
"https://aseipp-nix-cache.global.ssl.fastly.net"
];
extra-trusted-public-keys = [
"central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
];
builders-use-substitutes = true;
}; };
outputs = outputs =
@ -115,60 +32,78 @@
self, self,
nixpkgs, nixpkgs,
home-manager, home-manager,
treefmt,
disko, disko,
flake-parts,
... ...
}@inputs: }@inputs:
flake-parts.lib.mkFlake { inherit inputs; } ( let
{ ... }: lib = nixpkgs.lib;
{ inherit (self) outputs;
imports = [
inputs.treefmt.flakeModule systems = [ "x86_64-linux" ];
forEachSystem = f: lib.genAttrs systems (system: f pkgsFor.${system});
overridePkgsFromFlake =
pkgs: flake: pkgNames:
let
pkgs' = import flake { inherit (pkgs) system config; };
pkgNames' = builtins.map (lib.splitString ".") pkgNames;
pkgVals = builtins.map (
path:
let
package = lib.getAttrFromPath path pkgs';
in
lib.setAttrByPath path package
) pkgNames';
in
lib.foldl' lib.recursiveUpdate { } pkgVals;
overlayPkgsFromFlake =
flake: pkgNames: _final: prev:
overridePkgsFromFlake prev flake pkgNames;
overlays = [
(overlayPkgsFromFlake inputs.nixpkgs-stable [
"prometheus" # fails to build on unstable
])
]; ];
debug = true;
systems = [ pkgsFor = lib.genAttrs systems (
"x86_64-linux" system:
]; import nixpkgs {
perSystem = inherit system overlays;
{ config = {
inputs', allowUnfree = true;
... };
}: }
{ );
treefmt = {
treefmtEval = forEachSystem (
pkgs:
treefmt.lib.evalModule pkgs {
projectRootFile = "flake.nix"; projectRootFile = "flake.nix";
programs.nixfmt.enable = true; programs.nixfmt.enable = true;
programs.stylua.enable = true; programs.stylua.enable = true;
programs.yamlfmt.enable = true; programs.yamlfmt.enable = true;
programs.typos.enable = true; programs.typos.enable = true;
programs.shellcheck.enable = true; programs.shellcheck.enable = true;
programs.deadnix.enable = true;
settings.global.excludes = [ settings.global.excludes = [ "secrets/*" ];
"secrets/*" }
"**/*.png" # tries to format a png file );
];
};
};
flake =
let
pkgs = import nixpkgs {
config.allowUnfree = true;
system = "x86_64-linux";
overlays = [
inputs.niri.overlays.niri
inputs.rust-overlay.overlays.default
] ++ import ./overlay;
};
in in
{ {
formatter = forEachSystem (pkgs: treefmtEval.${pkgs.system}.config.build.wrapper);
checks = forEachSystem (pkgs: {
formatting = treefmtEval.${pkgs.system}.config.build.check self;
});
nixosConfigurations = nixosConfigurations =
let let
lib = nixpkgs.lib; pkgs = pkgsFor.x86_64-linux;
in in
{ {
ytnix = lib.nixosSystem { ytnix = lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs outputs; };
modules = [ modules = [
{ {
nixpkgs = { inherit pkgs; }; nixpkgs = { inherit pkgs; };
@ -177,29 +112,24 @@
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules ./modules
inputs.lanzaboote.nixosModules.lanzaboote inputs.lanzaboote.nixosModules.lanzaboote
inputs.niri.nixosModules.niri
inputs.lix-module.nixosModules.default
inputs.nix-ld.nixosModules.nix-ld
]; ];
}; };
chunk = lib.nixosSystem { chunk = lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs outputs; };
modules = [ modules = [
{ {
nixpkgs = { inherit pkgs; }; nixpkgs = { inherit pkgs; };
disabledModules = [
"services/web-servers/garage.nix"
];
} }
./hosts/chunk ./hosts/chunk
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./modules ./modules
(inputs.nixpkgs-garage + "/nixos/modules/services/web-servers/garage.nix") inputs.impermanence.nixosModules.impermanence
]; ];
}; };
titan = lib.nixosSystem { titan = lib.nixosSystem {
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs outputs; };
modules = [ modules = [
{ {
nixpkgs = { inherit pkgs; }; nixpkgs = { inherit pkgs; };
@ -211,41 +141,23 @@
]; ];
}; };
}; };
homeConfigurations =
let homeConfigurations = {
lib = home-manager.lib; "yt@ytnix" = home-manager.lib.homeManagerConfiguration {
in pkgs = pkgsFor.x86_64-linux;
{ extraSpecialArgs = { inherit inputs outputs; };
"yt@ytnix" = lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = { inherit inputs; };
modules = [ modules = [
./home/yt/ytnix.nix ./home/yt/ytnix.nix
inputs.nixvim.homeManagerModules.nixvim
inputs.niri.homeModules.config
inputs.plasma-manager.homeManagerModules.plasma-manager
]; ];
}; };
"yt@chunk" = lib.homeManagerConfiguration { "yt@chunk" = home-manager.lib.homeManagerConfiguration {
inherit pkgs; pkgs = pkgsFor.x86_64-linux;
extraSpecialArgs = { inherit inputs; }; extraSpecialArgs = { inherit inputs outputs; };
modules = [ modules = [
./home/yt/chunk.nix ./home/yt/chunk.nix
inputs.nixvim.homeManagerModules.nixvim
];
};
"codespace@codespace" = lib.homeManagerConfiguration {
inherit pkgs;
extraSpecialArgs = { inherit inputs; };
modules = [
./home/yt/codespace.nix
inputs.nixvim.homeManagerModules.nixvim
]; ];
}; };
}; };
}; };
} }
);
}

6
garnix.yaml
View file

@ -1,6 +0,0 @@
builds:
include:
- 'nixosConfigurations.*'
- 'homeConfigurations.*'
- '*.aarch64-linux.*'
- '*.x86_64-linux.*'

32
home/foot.nix
View file

@ -17,32 +17,40 @@
blink = "yes"; blink = "yes";
blink-rate = 500; blink-rate = 500;
beam-thickness = 1.5; beam-thickness = 1.5;
color = "161821 c6c8d1";
}; };
mouse = { mouse = {
hide-when-typing = "yes"; hide-when-typing = "yes";
}; };
colors = { colors = {
foreground = "c6c8d1";
background = "161821"; background = "161821";
regular0 = "1e2132"; foreground = "c6c8d1";
regular1 = "e27878";
regular2 = "b4be82"; selection-background = "1e2132";
regular3 = "e2a478"; selection-foreground = "c6c8d1";
regular4 = "84a0c6";
regular5 = "a093c7"; regular0 = "161821";
regular6 = "89b8c2";
regular7 = "c6c8d1";
bright0 = "6b7089"; bright0 = "6b7089";
regular1 = "e27878";
bright1 = "e98989"; bright1 = "e98989";
regular2 = "b4be82";
bright2 = "c0ca8e"; bright2 = "c0ca8e";
regular3 = "e2a478";
bright3 = "e9b189"; bright3 = "e9b189";
regular4 = "84a0c6";
bright4 = "91acd1"; bright4 = "91acd1";
regular5 = "a093c7";
bright5 = "ada0d3"; bright5 = "ada0d3";
regular6 = "89b8c2";
bright6 = "95c4ce"; bright6 = "95c4ce";
regular7 = "c6c8d1";
bright7 = "d2d4de"; bright7 = "d2d4de";
selection-foreground = "161821";
selection-background = "c6c8d1";
}; };
key-bindings = { key-bindings = {

20
home/ghostty.nix
View file

@ -1,20 +0,0 @@
{ ... }:
{
programs.ghostty = {
enable = true;
enableZshIntegration = true;
clearDefaultKeybinds = true;
settings = {
theme = "iceberg-dark";
font-family = "IBM Plex Mono";
font-size = "12";
window-decoration = false;
confirm-close-surface = false;
keybind = [
"ctrl+q=quit"
"ctrl+shift+c=copy_to_clipboard"
"ctrl+shift+v=paste_from_clipboard"
];
};
};
}

22
home/irssi.nix
View file

@ -1,22 +0,0 @@
{ ... }:
{
programs.irssi = {
enable = true;
networks.liberachat = {
nick = "cy7";
server = {
address = "irc.libera.chat";
port = 6697;
autoConnect = true;
};
channels = {
nixos.autoJoin = true;
linux.autoJoin = true;
rust.autoJoin = true;
};
};
extraConfig = ''
ignores = ( { level = "JOINS PARTS QUITS MODES NICKS"; } )
'';
};
}

72
home/kitty.nix
View file

@ -1,72 +0,0 @@
{ pkgs, ... }:
{
programs.kitty = {
enable = true;
font = {
name = "IBM Plex Mono";
package = pkgs.ibm-plex;
size = 12;
};
themeFile = "GitHub_Dark";
settings = {
enable_audio_bell = true;
# how many windows should be open before kitty asks
# for confirmation
confirm_os_window_close = 0;
clear_all_shortcuts = true;
# will probably lower this later but the max allowed is actually 4GB
# this is NOT stored in memory and can only be viewed with scrollback_pager
"scrollback_pager_history_size" = "1024";
# see https://github.com/sharkdp/bat/issues/1077#issuecomment-652785399
"scrollback_pager" = "bat --pager='less -FR +G'";
"scrollback_lines" = 20000;
};
keybindings = {
# kitty_mod is ctrl+shift by default
"kitty_mod+c" = "copy_to_clipboard";
"kitty_mod+v" = "paste_from_clipboard";
# "ctrl+q" = "quit";
"kitty_mod+m" = "show_scrollback";
# windows
"kitty_mod+h" = "neighboring_window left";
"kitty_mod+alt+h" = "move_window left";
"kitty_mod+l" = "neighboring_window right";
"kitty_mod+alt+l" = "move_window right";
"kitty_mod+j" = "neighboring_window down";
"kitty_mod+alt+j" = "move_window down";
"kitty_mod+k" = "neighboring_window up";
"kitty_mod+alt+k" = "move_window up";
"ctrl+f3" = "detach_window new-tab";
"ctrl+f4" = "detach_window tab-left";
"ctrl+f5" = "load_config_file";
"ctrl+alt+l" = "next_layout";
"ctrl+alt+t" = "goto_layout tall";
"ctrl+alt+s" = "goto_layout stack";
"kitty_mod+enter" = "new_window_with_cwd";
"kitty_mod+r" = "resize_window";
# tabs
"kitty_mod+n" = "next_tab";
"kitty_mod+p" = "previous_tab";
"kitty_mod+alt+n" = "move_tab_forward";
"kitty_mod+alt+p" = "move_tab_backward";
"kitty_mod+w" = "close_tab";
"kitty_mod+t" = "new_tab_with_cwd";
"ctrl+f2" = "detach_tab";
# hints
# > basically means the preceding key is a prefix (think tmux)
"kitty_mod+o>o" = "open_url_with_hints";
"kitty_mod+o>p" = "kitten hints --type path --program -";
"kitty_mod+o>n" = "kitten hints --type line --program -";
"kitty_mod+o>w" = "kitten hints --type word --program -";
"kitty_mod+o>h" = "kitten hints --type hash --program -";
"kitty_mod+o>l" = "kitten hints --type linenum";
};
};
programs.zsh.shellAliases."ssh" = "kitten ssh";
}

210
home/niri/default.nix
View file

@ -1,210 +0,0 @@
{
config,
pkgs,
lib,
...
}:
let
wallpaper = "${./nixos-c-book.png}";
terminal = "kitty";
menu = [
"fuzzel"
"-w"
"100"
];
browser = "librewolf";
file-manager = "thunar";
clipboard = "cliphist list | ${lib.concatStringsSep " " menu} --dmenu | cliphist decode | wl-copy";
in
{
programs.niri.settings = {
prefer-no-csd = true;
input.keyboard.xkb.options = "ctrl:nocaps";
spawn-at-startup = [
{ command = [ "${lib.getExe pkgs.waybar}" ]; }
{
command = [
"${lib.getExe pkgs.swaybg}"
"-m"
"fill"
"-i"
wallpaper
];
}
{ command = [ "${lib.getExe pkgs.xwayland-satellite}" ]; }
{
command = [
"wl-paste"
"--watch"
"cliphist"
"store"
];
}
];
hotkey-overlay.skip-at-startup = true;
input = {
touchpad = {
tap = true;
dwt = true;
natural-scroll = true;
click-method = "clickfinger";
};
warp-mouse-to-focus = false;
focus-follows-mouse.enable = false;
};
environment = {
DISPLAY = ":0"; # for xwayland-satellite
ANKI_WAYLAND = "1";
};
layout = {
gaps = 0;
focus-ring = {
width = 4;
active.color = "#4c7899";
inactive.color = "#333333";
};
always-center-single-column = true;
border.enable = false;
};
window-rules = [
{
matches = [
{ app-id = "mpv"; }
{ app-id = "Bitwarden"; }
{
app-id = "ghidra-Ghidra";
# pop-up windows
title = "^win(.*)";
}
];
open-floating = true;
}
{
matches = [
{
app-id = "anki";
title = "Add";
}
];
default-column-width.proportion = .25;
}
{
matches = [
{ app-id = "foot"; }
{
app-id = "anki";
title = "^Browse";
}
{ app-id = "com.mitchellh.ghostt"; }
{ app-id = "org.kde.okular"; }
{ app-id = "kitty"; }
{ app-id = "VSCodium"; }
];
default-column-width.proportion = .5;
}
{
matches = [ { app-id = "librewolf"; } ];
default-column-width.proportion = .75;
}
];
};
programs.niri.settings.binds =
with config.lib.niri.actions;
let
sh = spawn "sh" "-c";
in
{
"Mod+Return".action = spawn terminal;
"Mod+D".action = spawn menu;
"Mod+Shift+E".action = quit;
"Mod+Equal".action = set-column-width "+10%";
"Mod+Minus".action = set-column-width "-10%";
"Mod+Shift+Equal".action = set-window-height "+10%";
"Mod+Shift+Minus".action = set-window-height "-10%";
"Super+Alt+L".action = spawn "swaylock";
"Mod+Ctrl+Q".action = close-window;
"Mod+H".action = focus-column-left;
"Mod+L".action = focus-column-right;
"Mod+K".action = focus-window-up;
"Mod+J".action = focus-window-down;
"Mod+Shift+H".action = move-column-left;
"Mod+Shift+L".action = move-column-right;
"Mod+Shift+K".action = move-window-up;
"Mod+Shift+J".action = move-window-down;
"Mod+U".action = focus-workspace-up;
"Mod+I".action = focus-workspace-down;
"Mod+Shift+U".action = move-window-to-workspace-up;
"Mod+Shift+I".action = move-window-to-workspace-down;
"Mod+W".action = maximize-column;
"Mod+E".action = set-column-width "50%";
"Mod+R".action = set-column-width "75%";
"Mod+Q".action = set-column-width "25%";
"Mod+C".action = center-column;
"Mod+Shift+Space".action = toggle-window-floating;
"Mod+Space".action = switch-focus-between-floating-and-tiling;
"Print".action = screenshot;
"Alt+Print".action = screenshot-window;
"Ctrl+Print".action = screenshot-screen;
# "Mod+R".action = switch-preset-column-width;
"Mod+Shift+R".action = switch-preset-window-height;
"Mod+Ctrl+R".action = reset-window-height;
"Mod+F".action = fullscreen-window;
"Mod+WheelScrollDown" = {
cooldown-ms = 150;
action = focus-column-right;
};
"Mod+WheelScrollUp" = {
cooldown-ms = 150;
action = focus-column-left;
};
"Mod+Shift+WheelScrollDown" = {
cooldown-ms = 150;
action = focus-workspace-down;
};
"Mod+Shift+WheelScrollUp" = {
cooldown-ms = 150;
action = focus-workspace-up;
};
"XF86AudioRaiseVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%+";
"XF86AudioLowerVolume".action = sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 1%-";
"XF86AudioMute".action = sh "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
"XF86MonBrightnessUp".action = sh "brightnessctl set 1%+";
"XF86MonBrightnessDown".action = sh "brightnessctl set 1%-";
"Mod+1".action = focus-workspace 1;
"Mod+2".action = focus-workspace 2;
"Mod+3".action = focus-workspace 3;
"Mod+4".action = focus-workspace 4;
"Mod+5".action = focus-workspace 5;
"Mod+6".action = focus-workspace 6;
"Mod+7".action = focus-workspace 7;
"Mod+8".action = focus-workspace 8;
"Mod+9".action = focus-workspace 9;
"Mod+Shift+1".action = move-column-to-workspace 1;
"Mod+Shift+2".action = move-column-to-workspace 2;
"Mod+Shift+3".action = move-column-to-workspace 3;
"Mod+Shift+4".action = move-column-to-workspace 4;
"Mod+Shift+5".action = move-column-to-workspace 5;
"Mod+Shift+6".action = move-column-to-workspace 6;
"Mod+Shift+7".action = move-column-to-workspace 7;
"Mod+Shift+8".action = move-column-to-workspace 8;
"Mod+Shift+9".action = move-column-to-workspace 9;
"Mod+Alt+B".action = spawn browser;
"Mod+Alt+A".action = spawn "anki";
"Mod+Alt+F".action = spawn file-manager;
"Mod+Alt+E".action = spawn "evolution";
"Mod+P".action = spawn "bitwarden";
"Mod+Comma".action = sh clipboard;
"MouseForward".action = spawn "sh" "${./scripts/remote.sh}" "btn1";
"MouseBack".action = spawn "sh" "${./scripts/remote.sh}";
};
}

BIN
home/niri/nixos-c-book.png
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 150 KiB

25
home/niri/scripts/remote.sh
View file

@ -1,25 +0,0 @@
#!/usr/bin/env bash
active_window=$(niri msg --json focused-window |jq -r .app_id)
if [ "$1" = "btn1" ]; then
if [ "$active_window" = "anki" ]; then
wtype " "
elif [ "$active_window" = "kitty" ]; then
wtype -M ctrl -M shift -k c -m ctrl -m shift
elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then
wtype -M alt -P right -p right -m alt
else
wtype -M ctrl -k c -m ctrl
fi
else
if [ "$active_window" = "anki" ]; then
wtype "1"
elif [ "$active_window" = "kitty" ]; then
wtype -M ctrl -M shift -k v -m ctrl
elif [ "$active_window" = "chromium-browser" ] || [ "$active_window" = "librewolf" ]; then
wtype -M alt -P left -p left -m alt
else
wtype -M ctrl -k v -m ctrl
fi
fi

255
home/nixvim/default.nix
View file

@ -1,255 +0,0 @@
{ pkgs, inputs, ... }:
{
programs.nixvim = {
enable = true;
plugins.lualine.enable = true;
opts = {
number = true;
relativenumber = true;
expandtab = true;
autoindent = true;
shiftwidth = 2;
smartindent = true;
tabstop = 2;
ignorecase = true;
incsearch = true;
smartcase = true;
};
colorscheme = "github_dark_tritanopia";
clipboard.register = "unnamed";
globals = {
mapleader = ",";
};
extraPlugins = [
(pkgs.vimUtils.buildVimPlugin {
name = "github-theme";
src = inputs.nvim-github-theme;
})
];
keymaps = [
{
action = "<cmd>Neotree toggle<CR>";
key = "<space>s";
mode = "n";
options.silent = true;
}
{
# shortcut to command mode
action = ":";
key = ";";
mode = [
"n"
"x"
];
options.silent = true;
}
{
# insert line below without moving cursor
action = "printf('m`%so<ESC>``', v:count1)";
key = "<space>o";
options.expr = true;
mode = "n";
}
{
# insert line above without moving cursor
action = "printf('m`%sO<ESC>``', v:count1)";
key = "<space>O";
options.expr = true;
mode = "n";
}
# nice emacs bindings
{
action = "<HOME>";
key = "<C-a>";
mode = "i";
}
{
action = "<END>";
key = "<C-e>";
mode = "i";
}
# quick chat with copilot
{
key = "<leader>ccq";
action.__raw = ''
function()
local input = vim.fn.input("Quick chat: ")
if input ~= "" then
require("CopilotChat").ask(input, { selection = require("CopilotChat.select").buffer })
end
end
'';
mode = [
"n"
"v"
];
}
# ask perplexity a quick question
{
key = "<leader>ccs";
action.__raw = ''
function()
local input = vim.fn.input("Perplexity: ")
if input ~= "" then
require("CopilotChat").ask(input, {
agent = "perplexityai",
selection = false,
})
end
end
'';
mode = [
"n"
"v"
];
}
];
plugins.cmp = {
enable = true;
settings = {
formatting.fields = [
"abbr"
"kind"
"menu"
];
experimental = {
ghost_text = true;
};
snippet.expand = ''
function(args) require('luasnip').lsp_expand(args.body) end
'';
sources = [
{ name = "nvim_lsp"; }
{ name = "emoji"; }
{ name = "luasnip"; }
{ name = "buffer"; }
{ name = "path"; }
];
mapping = {
"<C-h>" = "cmp.mapping.abort()";
"<C-n>" = "cmp.mapping.select_next_item()";
"<C-p>" = "cmp.mapping.select_prev_item()";
"<C-u>" = "cmp.mapping.scroll_docs(-4)";
"<C-d>" = "cmp.mapping.scroll_docs(4)";
"<C-k>" = ''
cmp.mapping(function(fallback)
if cmp.visible() then
if require("luasnip").expandable() then
require("luasnip").expand()
else
cmp.confirm({
select = true,
})
end
else
fallback()
end
end)
'';
# plain tab conflicts with i try to indent
"<C-Tab>" = ''
cmp.mapping(function(fallback)
if require("luasnip").jumpable(1) then
require("luasnip").jump(1)
else
fallback()
end
end,{"i","s"})
'';
"<S-Tab>" = ''
cmp.mapping(function(fallback)
if require("luasnip").jumpable(-1) then
require("luasnip").jump(-1)
else
fallback()
end
end,{"i","s"})
'';
};
};
};
plugins.lsp = {
enable = true;
keymaps.lspBuf = {
"K" = "hover";
"gd" = "definition";
"gD" = "references";
# "gt" = "type_definition"; # conflicts with switch tab
"gI" = "type_definition";
"gi" = "implementation";
};
servers = {
bashls.enable = true;
lua_ls.enable = true;
nil_ls = {
enable = true;
settings = {
formatting.command = [
"nix"
"fmt"
];
nix.flake.autoArchive = true;
};
};
rust_analyzer = {
enable = true;
installRustc = true;
installCargo = true;
};
};
};
plugins.treesitter = {
enable = true;
nixGrammars = true;
settings = {
indent.enable = true;
auto_install = true;
highlight.enable = true;
};
};
plugins.fzf-lua = {
enable = true;
profile = "fzf-native";
keymaps = {
"<leader>ff" = "files";
"<leader>fg" = "live_grep";
};
};
plugins.neo-tree = {
enable = true;
buffers.followCurrentFile.enabled = true;
window.width = 30;
};
plugins.gitsigns = {
enable = true;
settings.current_line_blame = true;
};
plugins.copilot-chat = {
enable = true;
settings = {
model = "claude-3.5-sonnet";
};
};
plugins.cmp-buffer.enable = true;
plugins.cmp-emoji.enable = true;
plugins.cmp-nvim-lsp.enable = true;
plugins.cmp-path.enable = true;
plugins.cmp_luasnip.enable = true;
plugins.luasnip.enable = true;
plugins.nvim-autopairs.enable = true;
plugins.rainbow-delimiters.enable = true;
plugins.web-devicons.enable = true;
plugins.auto-save.enable = true;
plugins.indent-blankline.enable = true;
plugins.undotree.enable = true;
};
}

73
home/nvim/init.lua Normal file
View file

@ -0,0 +1,73 @@
require("plugin_specs")
local keymap = vim.keymap
local opt = vim.opt
vim.g.loaded_netrw = 1
vim.g.loaded_netrwPlugin = 1
vim.opt.termguicolors = true
require("nvim-tree").setup()
require("lualine").setup({
options = {
theme = "auto",
icons_enabled = true,
globalstatus = true,
},
})
require("gitsigns").setup()
opt.tabstop = 2
opt.softtabstop = 2
opt.shiftwidth = 2
opt.expandtab = true
opt.relativenumber = true
opt.ignorecase = true
opt.smartcase = true
opt.scrolloff = 3
opt.confirm = true
opt.history = 500
opt.undofile = true
opt.termguicolors = true
opt.showmode = false
opt.mouse = ""
opt.wrap = false
opt.clipboard:append("unnamedplus")
vim.cmd.colorscheme("iceberg")
keymap.set("n", "<space>s", require("nvim-tree.api").tree.toggle, {
desc = "toggle nvim-tree",
silent = true,
})
-- shortcut to command mode
keymap.set({ "n", "x" }, ";", ":", { silent = true })
keymap.set("n", "<space>o", "printf('m`%so<ESC>``', v:count1)", {
expr = true,
desc = "insert line below without moving cursor",
})
keymap.set("n", "<space>O", "printf('m`%sO<ESC>``', v:count1)", {
expr = true,
desc = "insert line above without moving cursor",
})
keymap.set("n", "/", [[/\v]])
keymap.set("n", "c", '"_c')
keymap.set("n", "C", '"_C')
keymap.set("n", "cc", '"_cc')
keymap.set("x", "c", '"_c')
keymap.set("x", "p", '"_c<Esc>p')
-- Break inserted text into smaller undo units when we insert some punctuation chars.
local undo_ch = { ",", ".", "!", "?", ";", ":" }
for _, ch in ipairs(undo_ch) do
keymap.set("i", ch, ch .. "<c-g>u")
end
keymap.set("i", "<C-A>", "<HOME>")
keymap.set("i", "<C-E>", "<END>")

24
home/nvim/lazy-lock.json Normal file
View file

@ -0,0 +1,24 @@
{
"LuaSnip": { "branch": "master", "commit": "03c8e67eb7293c404845b3982db895d59c0d1538" },
"cmp-buffer": { "branch": "main", "commit": "3022dbc9166796b644a841a02de8dd1cc1d311fa" },
"cmp-cmdline": { "branch": "main", "commit": "d250c63aa13ead745e3a40f61fdd3470efde3923" },
"cmp-nvim-lsp": { "branch": "main", "commit": "99290b3ec1322070bcfb9e846450a46f6efa50f0" },
"cmp-omni": { "branch": "main", "commit": "4ef610bbd85a5ee4e97e09450c0daecbdc60de86" },
"cmp-path": { "branch": "main", "commit": "91ff86cd9c29299a64f968ebb45846c485725f23" },
"cmp_luasnip": { "branch": "master", "commit": "98d9cb5c2c38532bd9bdb481067b20fea8f32e90" },
"dressing.nvim": { "branch": "master", "commit": "3a45525bb182730fe462325c99395529308f431e" },
"fzf-lua": { "branch": "main", "commit": "e724f5080b94ae685978919c971b3371b1b48a60" },
"gitsigns.nvim": { "branch": "main", "commit": "5f808b5e4fef30bd8aca1b803b4e555da07fc412" },
"hop.nvim": { "branch": "master", "commit": "08ddca799089ab96a6d1763db0b8adc5320bf050" },
"iceberg.vim": { "branch": "master", "commit": "23835d5ed696436f716cbfdb56a93a7850fe3b18" },
"lazy.nvim": { "branch": "main", "commit": "7e6c863bc7563efbdd757a310d17ebc95166cef3" },
"lualine.nvim": { "branch": "master", "commit": "2a5bae925481f999263d6f5ed8361baef8df4f83" },
"nvim-autopairs": { "branch": "master", "commit": "b464658e9b880f463b9f7e6ccddd93fb0013f559" },
"nvim-cmp": { "branch": "main", "commit": "b555203ce4bd7ff6192e759af3362f9d217e8c89" },
"nvim-lspconfig": { "branch": "master", "commit": "ff2b85abaa810f6611233dbe6d31c07510ebf43d" },
"nvim-tree.lua": { "branch": "master", "commit": "68fc4c20f5803444277022c681785c5edd11916d" },
"nvim-treesitter": { "branch": "master", "commit": "17678b00fa5c2712890a0ec2e269d0a4de1207df" },
"nvim-web-devicons": { "branch": "master", "commit": "c1a86a2c386c55efc02fa2ec2c3a914af653d954" },
"tokyonight.nvim": { "branch": "main", "commit": "45d22cf0e1b93476d3b6d362d720412b3d34465c" },
"vim-commentary": { "branch": "master", "commit": "64a654ef4a20db1727938338310209b6a63f60c9" }
}

21
home/nvim/lua/config/fzf.lua Normal file
View file

@ -0,0 +1,21 @@
local keymap = vim.keymap
local fzf = require("fzf-lua")
keymap.set("n", "<leader>ff", fzf.files, { silent = true })
keymap.set("n", "<leader>fr", fzf.oldfiles, { silent = true })
keymap.set("n", "<leader>fc", fzf.resume, { silent = true })
keymap.set("n", "<leader>fs", fzf.treesitter, { silent = true })
keymap.set("n", "<leader>fg", fzf.grep_project, { silent = true })
fzf.setup({
"fzf-native",
keymap = {
fzf = {
["ctrl-u"] = "half-page-up",
["ctrl-d"] = "half-page-down",
["ctrl-j"] = "preview-page-down",
["ctrl-k"] = "preview-page-up",
},
},
})

16
home/nvim/lua/config/hop.lua Normal file
View file

@ -0,0 +1,16 @@
local hop = require("hop")
local keymap = vim.keymap
hop.setup({
case_insensitive = true,
char2_fallback_key = "<CR>",
quit_key = "<Esc",
})
keymap.set({ "n", "v", "o" }, "<C-t>", "", {
silent = true,
noremap = true,
callback = function()
hop.hint_char1()
end,
})

76
home/nvim/lua/config/lsp.lua Normal file
View file

@ -0,0 +1,76 @@
local lsp = vim.lsp
local diagnostic = vim.diagnostic
local keymap = vim.keymap
keymap.set("n", "gd", lsp.buf.definition)
keymap.set("n", "<space>rn", lsp.buf.rename)
keymap.set("n", "gr", lsp.buf.references)
keymap.set("n", "[d", diagnostic.goto_prev)
keymap.set("n", "]d", diagnostic.goto_next)
diagnostic.config({
signs = false,
})
local lspconfig = require("lspconfig")
local capabilities = require("cmp_nvim_lsp").default_capabilities()
lspconfig.pylsp.setup({ capabilities = capabilities })
lspconfig.clangd.setup({ capabilities = capabilities })
lspconfig.vimls.setup({ capabilities = capabilities })
lspconfig.bashls.setup({ capabilities = capabilities })
lspconfig.rust_analyzer.setup({
capabilities = capabilities,
})
lspconfig.gopls.setup({
settings = {
gopls = {
analyses = {
unusedparams = true,
},
staticcheck = true,
gofumpt = true,
},
},
capabilities = capabilities,
})
lspconfig.lua_ls.setup({
capabilities = capabilities,
on_init = function(client)
if client.workspace_folders then
local path = client.workspace_folders[1].name
if vim.uv.fs_stat(path .. "/.luarc.json") or vim.uv.fs_stat(path .. "/.luarc.jsonc") then
return
end
end
client.config.settings.Lua = vim.tbl_deep_extend("force", client.config.settings.Lua, {
runtime = {
-- Tell the language server which version of Lua you're using
-- (most likely LuaJIT in the case of Neovim)
version = "LuaJIT",
},
-- Make the server aware of Neovim runtime files
workspace = {
checkThirdParty = false,
library = {
vim.env.VIMRUNTIME,
-- Depending on the usage, you might want to add additional paths here.
-- "${3rd}/luv/library"
-- "${3rd}/busted/library",
},
-- or pull in all of 'runtimepath'. NOTE: this is a lot slower
-- library = vim.api.nvim_get_runtime_file("", true)
},
})
end,
settings = {
Lua = {},
},
})
lspconfig.nixd.setup({ capabilities = capabilities })
lspconfig.sqls.setup({ capabilities = capabilities })
lspconfig.hls.setup({ capabilities = capabilities })

54
home/nvim/lua/config/nvim-cmp.lua Normal file
View file

@ -0,0 +1,54 @@
local cmp = require("cmp")
local luasnip = require("luasnip")
cmp.setup({
snippet = {
expand = function(args)
require("luasnip").lsp_expand(args.body)
end,
},
mapping = {
["<C-h"] = cmp.mapping.abort(),
["<C-k>"] = cmp.mapping(function(fallback)
if cmp.visible() then
if luasnip.expandable() then
luasnip.expand()
else
cmp.confirm({
select = true,
})
end
else
fallback()
end
end),
["<C-n>"] = cmp.mapping(function(fallback)
if luasnip.locally_jumpable(1) then
luasnip.jump(1)
elseif cmp.visible() then
cmp.select_next_item()
else
fallback()
end
end, { "i", "s" }),
["<C-p>"] = cmp.mapping(function(fallback)
if luasnip.locally_jumpable(-1) then
luasnip.jump(-1)
elseif cmp.visible() then
cmp.select_prev_item()
else
fallback()
end
end, { "i", "s" }),
},
sources = cmp.config.sources({
{ name = "nvim_lsp" },
{ name = "luasnip" },
}, {
{ name = "buffer" },
{ name = "path" },
}),
})

99
home/nvim/lua/plugin_specs.lua Normal file
View file

@ -0,0 +1,99 @@
-- Bootstrap lazy.nvim
local lazypath = vim.fn.stdpath("data") .. "/lazy/lazy.nvim"
if not (vim.uv or vim.loop).fs_stat(lazypath) then
local lazyrepo = "https://github.com/folke/lazy.nvim.git"
local out = vim.fn.system({ "git", "clone", "--filter=blob:none", "--branch=stable", lazyrepo, lazypath })
if vim.v.shell_error ~= 0 then
vim.api.nvim_echo({
{ "Failed to clone lazy.nvim:\n", "ErrorMsg" },
{ out, "WarningMsg" },
{ "\nPress any key to exit..." },
}, true, {})
vim.fn.getchar()
os.exit(1)
end
end
vim.opt.rtp:prepend(lazypath)
vim.g.mapleader = ","
local plugin_specs = {
{
"nvim-treesitter/nvim-treesitter",
build = ":TSUpdate",
event = "VeryLazy",
},
{
"neovim/nvim-lspconfig",
event = { "BufRead", "BufNewFile" },
config = function()
require("config.lsp")
end,
},
{
"hrsh7th/nvim-cmp",
event = "VeryLazy",
dependencies = {
"hrsh7th/cmp-nvim-lsp",
"hrsh7th/cmp-path",
"hrsh7th/cmp-buffer",
"hrsh7th/cmp-omni",
"hrsh7th/cmp-cmdline",
"saadparwaiz1/cmp_luasnip",
},
config = function()
require("config.nvim-cmp")
end,
},
{
"L3MON4D3/LuaSnip",
version = "v2.*",
build = "make install_jsregexp",
},
{ "stevearc/dressing.nvim", event = "VeryLazy" },
{
"nvim-tree/nvim-tree.lua",
lazy = false,
dependencies = {
"nvim-tree/nvim-web-devicons",
},
},
{
"ibhagwan/fzf-lua",
dependencies = { "nvim-tree/nvim-web-devicons" },
config = function()
require("config.fzf")
end,
},
{ "windwp/nvim-autopairs", event = "InsertEnter", config = true },
{ "tpope/vim-commentary", event = "VeryLazy" },
{ "folke/tokyonight.nvim", lazy = false, priority = 1000 },
{ "lewis6991/gitsigns.nvim" },
{ "nvim-lualine/lualine.nvim", dependencies = { "nvim-tree/nvim-web-devicons" } },
{
"smoka7/hop.nvim",
version = "*",
config = function()
require("config.hop")
end,
},
{ "cocopon/iceberg.vim" },
}
require("lazy").setup({
spec = plugin_specs,
rocks = { enabled = true },
})

80
home/plasma.nix
View file

@ -1,80 +0,0 @@
{ ... }:
{
programs.plasma = {
enable = true;
overrideConfig = true;
immutableByDefault = true;
workspace = {
lookAndFeel = "org.ide.breezedark.desktop";
cursor = {
theme = "Bibata-Modern-Classic";
size = 23;
};
};
fonts = {
general = {
family = "IBM Plex Mono";
pointSize = 12;
};
};
input.keyboard = {
numlockOnStartup = "on";
options = [ "ctrl:nocaps" ];
};
# Meta key is actually the Super key in KDE
hotkeys.commands = {
"launch-terminal" = {
name = "launch terminal";
key = "Meta+Return";
command = "kitty";
};
"launch-browser" = {
name = "launch browser";
key = "Meta+B";
command = "librewolf";
};
};
shortcuts = {
kwin = {
"Switch Window Down" = "Meta+J";
"Switch Window Left" = "Meta+H";
"Switch Window Right" = "Meta+L";
"Switch Window Up" = "Meta+K";
"Window Quick Tile Down" = "Meta+Shift+J";
"Window Quick Tile Left" = "Meta+Shift+H";
"Window Quick Tile Right" = "Meta+Shift+L";
"Window Quick Tile Up" = "Meta+Shift+K";
"Window Close" = "Meta+Ctrl+Q";
"Window Maximize" = "Meta+W";
"Window Minimize" = "Meta+Shift+-";
"Window Fullscreen" = "Meta+F";
"Window Shrink Horizontal" = "Meta+-";
};
ksmserver = {
"Lock Session" = [
"Screensaver"
"Meta+Ctrl+L"
];
};
};
configFile = {
# save RAM
baloofilerc."Basic Settings"."Indexing-Enabled" = false;
};
# looks like KDE overrides services.logind settings
powerdevil.AC = {
whenLaptopLidClosed = "hibernate";
};
powerdevil.battery = {
whenLaptopLidClosed = "hibernate";
};
};
}

8
home/sway/config
View file

@ -26,7 +26,7 @@ floating_modifier $mod normal
default_border pixel default_border pixel
smart_borders on smart_borders on
focus_follows_mouse always focus_follows_mouse always
# mouse_warping container mouse_warping container
bindsym $mod+Return exec $term bindsym $mod+Return exec $term
bindsym $mod+Ctrl+q kill bindsym $mod+Ctrl+q kill
@ -121,11 +121,13 @@ bindsym $mod+Control+l exec $lock
font pango:$font_family $font_size font pango:$font_family $font_size
for_window [app_id=mpv] inhibit_idle visible, floating enable, sticky enable for_window [app_id=mpv] inhibit_idle open
for_window [class="pomatez"] floating enable, sticky enable
for_window [class="PacketTracer"] floating enable, border normal
for_window [app_id="LibreWolf" title="^Extension"] floating enable for_window [app_id="LibreWolf" title="^Extension"] floating enable
for_window [floating] border csd for_window [floating] border csd
for_window [app_id="org.keepassxc.KeePassXC"] floating enable
for_window [app_id="Bitwarden"] floating enable for_window [app_id="Bitwarden"] floating enable
for_window [app_id=anki title="Add"] floating enable
bar { bar {
swaybar_command waybar swaybar_command waybar

40
home/vscode.nix
View file

@ -1,40 +0,0 @@
{ pkgs, ... }:
{
programs.vscode = {
enable = true;
package = pkgs.vscodium;
enableUpdateCheck = false;
enableExtensionUpdateCheck = false;
mutableExtensionsDir = false;
extensions = with pkgs.vscode-extensions; [
vscodevim.vim
jnoortheen.nix-ide
editorconfig.editorconfig
github.github-vscode-theme
github.copilot
rust-lang.rust-analyzer
];
userSettings = {
"workbench.colorTheme" = "GitHub Dark Default";
"files.autoSave" = "afterDelay";
"nix.enableLanguageServer" = true;
"nix.serverPath" = "nixd";
"editor.fontFamily" = "IBM Plex Mono";
"editor.fontSize" = 16;
"editor.wordWrap" = "on";
# vim mode settings
"vim.handleKeys" = {
"<C-b>" = false; # file tree toggle
};
"vim.normalModeKeyBindings" = [
{
"before" = [ ";" ];
"after" = [ ":" ];
"silent" = true;
}
];
"workbench.startupEditor" = "none";
};
};
}

6
home/waybar/config
View file

@ -6,8 +6,8 @@
"margin-left": 0, "margin-left": 0,
"margin-right": 0, "margin-right": 0,
"margin-top": 0, "margin-top": 0,
"modules-left": ["niri/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar "modules-left": ["sway/workspaces", "clock#time", "clock#date", "battery"], // Sets modules for the left of the bar
"modules-center": ["niri/window"], // Set modules for the center of the bar "modules-center": ["sway/window"], // Set modules for the center of the bar
"modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar "modules-right": ["tray", "temperature", "cpu", "memory", "wireplumber"], // Set modules for the right of the bar
"clock#time": { "clock#time": {
"format": "<span color=\"#7aa2f7\"> </span>{:%H:%M:%S}", "format": "<span color=\"#7aa2f7\"> </span>{:%H:%M:%S}",
@ -71,7 +71,7 @@
"on-click": "pavucontrol", "on-click": "pavucontrol",
"interval": 4, "interval": 4,
}, },
"niri/window": { "sway/window": {
"max-length": 64, "max-length": 64,
}, },
"tray": { "tray": {

4
home/yt/chunk.nix
View file

@ -16,6 +16,8 @@
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
home.packages = with pkgs; [ home.packages = with pkgs; [
attic-server bottom
btop
foot.terminfo
]; ];
} }

22
home/yt/codespace.nix
View file

@ -1,22 +0,0 @@
{
pkgs,
...
}:
{
imports = [
./common.nix
];
home = {
username = "codespace";
homeDirectory = "/home/codespace";
stateVersion = "24.05";
};
programs.home-manager.enable = true;
systemd.user.startServices = "sd-switch";
home.packages = with pkgs; [
foot.terminfo
attic-client
];
}

23
home/yt/common.nix
View file

@ -3,21 +3,21 @@
imports = [ imports = [
../tmux.nix ../tmux.nix
../zsh ../zsh
../nixvim
]; ];
home.sessionVariables = { home.sessionVariables = {
"EDITOR" = "nvim"; "EDITOR" = "nvim";
}; };
xdg.configFile = {
nvim.source = ../nvim;
};
home.packages = with pkgs; [ home.packages = with pkgs; [
man-pages man-pages
man-pages-posix man-pages-posix
man man
man-db man-db
attic-client
bottom
btop
]; ];
programs.zoxide.options = [ "--cmd cd" ]; programs.zoxide.options = [ "--cmd cd" ];
@ -27,10 +27,11 @@
}; };
programs.zoxide.enable = true; programs.zoxide.enable = true;
programs.eza.enable = true; programs.eza.enable = true;
programs.neovim.enable = true;
programs.git = { programs.git = {
enable = true; enable = true;
userName = "cy"; userName = "cy";
userEmail = "cy@cy7.sh"; userEmail = "hi@cything.io";
delta = { delta = {
enable = true; enable = true;
options = { options = {
@ -44,11 +45,7 @@
rebase = true; rebase = true;
autostash = true; autostash = true;
}; };
merge = { merge.tool = "vimdiff";
tool = "vimdiff";
keepBackup = false;
prompt = false;
};
rebase = { rebase = {
stat = true; stat = true;
autoStash = true; autoStash = true;
@ -56,10 +53,12 @@
updateRefs = true; updateRefs = true;
}; };
help.autocorrect = 1; help.autocorrect = 1;
"mergetool \"vimdiff\"".cmd = "nvim -d $LOCAL $REMOTE $MERGED -c '$wincmd w' -c 'wincmd J'"; mergetool = {
prompt = false;
path = "nvim-open";
};
}; };
}; };
programs.ripgrep.enable = true; programs.ripgrep.enable = true;
programs.man.generateCaches = true; programs.man.generateCaches = true;
programs.fd.enable = true;
} }

117
home/yt/ytnix.nix
View file

@ -1,17 +1,11 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
imports = [ imports = [
./common.nix ./common.nix
../foot.nix ../foot.nix
../niri
../irssi.nix
../kitty.nix
../vscode.nix
../plasma.nix
]; ];
home = { home = {
username = "yt"; username = "yt";
@ -22,34 +16,31 @@
systemd.user.startServices = "sd-switch"; systemd.user.startServices = "sd-switch";
# keep this commented when using plasma qt = {
# otherwise "system settings" in KDE will not function enable = true;
# qt = { platformTheme.name = "gtk";
# enable = true; style.name = "adwaita-dark";
# platformTheme.name = "kde"; style.package = pkgs.adwaita-qt;
# style.name = "breeze-dark"; };
# style.package = pkgs.kdePackages.breeze;
# };
# this one too gtk = {
# gtk = { enable = true;
# enable = true; cursorTheme = {
# theme = {
# package = pkgs.adw-gtk3;
# name = "adw-gtk3-dark";
# };
# iconTheme = {
# package = pkgs.adwaita-icon-theme;
# name = "Adwaita";
# };
# };
home.pointerCursor = {
package = pkgs.bibata-cursors; package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic"; name = "Bibata-Modern";
size = 23; };
gtk.enable = true; theme = {
x11.enable = true; package = pkgs.adw-gtk3;
name = "adw-gtk3-dark";
};
iconTheme = {
package = pkgs.adwaita-icon-theme;
name = "Adwaita";
};
};
home.sessionVariables = {
ANKI_WAYLAND = "1";
}; };
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -59,7 +50,9 @@
bitwarden-desktop bitwarden-desktop
bitwarden-cli bitwarden-cli
fastfetch fastfetch
discord
nwg-look nwg-look
element-desktop
kdePackages.gwenview kdePackages.gwenview
kdePackages.okular kdePackages.okular
kdePackages.qtwayland kdePackages.qtwayland
@ -78,7 +71,7 @@
bash-language-server bash-language-server
sqlite sqlite
usbutils usbutils
clang-tools llvmPackages_19.clang-tools
calibre calibre
tor-browser tor-browser
wtype wtype
@ -87,6 +80,7 @@
rclone rclone
go go
rustup rustup
clang_19
pwgen pwgen
lua-language-server lua-language-server
gnumake gnumake
@ -101,29 +95,6 @@
trezorctl trezorctl
trezor-agent trezor-agent
q q
opentofu
terraform-ls
gdb
clang
seahorse
github-cli
fuzzel
nixpkgs-review
just
hugo
ghidra-bin
sequoia
sccache
awscli2
lldb
(cutter.withPlugins (p: with p; [
rz-ghidra
jsdec
sigdb
]))
ida-free
patchelf
radare2
]; ];
programs.waybar.enable = true; programs.waybar.enable = true;
@ -146,6 +117,7 @@
}; };
xdg.configFile = { xdg.configFile = {
sway.source = ../sway;
rofi.source = ../rofi; rofi.source = ../rofi;
waybar.source = ../waybar; waybar.source = ../waybar;
mpv.source = ../mpv; mpv.source = ../mpv;
@ -160,37 +132,4 @@
miniflux-passwordfile /run/secrets/newsboat/miniflux miniflux-passwordfile /run/secrets/newsboat/miniflux
''; '';
}; };
programs.direnv = {
enable = true;
nix-direnv.enable = true;
};
programs.git.extraConfig = {
user = {
signingKey = "~/.ssh/id.key";
};
gpg.format = "ssh";
commit.gpgsign = true;
core.sshCommand = "ssh -i ~/.ssh/id.key";
};
home.sessionVariables = {
# to make ghidra work on xwayland
_JAVA_AWT_WM_NONREPARENTING = 1;
# sccache stuff
RUSTC_WRAPPER = "${lib.getExe pkgs.sccache}";
SCCACHE_BUCKET = "sccache";
SCCACHE_REGION = "earth";
SCCACHE_ENDPOINT = "https://sccache.s3.cy7.sh";
SCCACHE_ALLOW_CORE_DUMPS = "true";
SCCACHE_S3_USE_SSL = "true";
SCCACHE_CACHE_MULTIARCH = "true";
SCCACHE_LOG_LEVEL = "warn";
AWS_DEFAULT_REGION = "earth";
AWS_ENDPOINT_URL = "https://s3.cy7.sh";
AWS_ACCESS_KEY_ID = "$(cat /run/secrets/aws/key_id)";
AWS_SECRET_ACCESS_KEY = "$(cat /run/secrets/aws/key_secret)";
};
} }

29
home/zsh/default.nix
View file

@ -15,7 +15,7 @@
highlighters = [ "brackets" ]; highlighters = [ "brackets" ];
}; };
autocd = true; autocd = true;
defaultKeymap = "viins"; defaultKeymap = "emacs";
initExtraFirst = '' initExtraFirst = ''
if [[ -r "''\${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''\${(%):-%n}.zsh" ]]; then if [[ -r "''\${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-''\${(%):-%n}.zsh" ]]; then
@ -39,14 +39,11 @@
initExtra = '' initExtra = ''
# disable control+s to pause terminal # disable control+s to pause terminal
unsetopt FLOW_CONTROL unsetopt FLOW_CONTROL
# manually integrate fzf cause we need to make sure zsh-vi-mode
# useful emacs mode bindings # won't override C-r
bindkey -M viins "^E" end-of-line function zvm_after_init() {
bindkey -M viins "^A" beginning-of-line eval "$(${pkgs.fzf}/bin/fzf --zsh)"
bindkey -M viins "^B" backward-char }
# accept one word completion
bindkey -M viins "^S" forward-word
# fzf-tab stuff # fzf-tab stuff
# set description format to enable group support # set description format to enable group support
@ -63,6 +60,11 @@
source ${./p10k.zsh} source ${./p10k.zsh}
''; '';
plugins = with pkgs; [ plugins = with pkgs; [
{
name = "vi-mode";
src = zsh-vi-mode;
file = "share/zsh-vi-mode/zsh-vi-mode.plugin.zsh";
}
{ {
name = "powerlevel10k"; name = "powerlevel10k";
src = zsh-powerlevel10k; src = zsh-powerlevel10k;
@ -82,9 +84,9 @@
"ta" = "tmux new-session -A -s"; "ta" = "tmux new-session -A -s";
"se" = "sudoedit"; "se" = "sudoedit";
"s" = "sudo"; "s" = "sudo";
"nrs" = "sudo nixos-rebuild switch -L --flake ."; "nrs" = "sudo nixos-rebuild switch --flake .";
"nrt" = "sudo nixos-rebuild test -L --flake ."; "nrt" = "sudo nixos-rebuild test --flake .";
"hrs" = "home-manager switch -L --flake ."; "hrs" = "home-manager switch --flake .";
"g" = "git"; "g" = "git";
"ga" = "git add"; "ga" = "git add";
"gaa" = "git add --all"; "gaa" = "git add --all";
@ -107,9 +109,8 @@
}; };
}; };
programs.fzf.enableZshIntegration = true; programs.fzf.enableZshIntegration = false; # manually integrated see above
programs.zoxide.enableZshIntegration = true; programs.zoxide.enableZshIntegration = true;
programs.eza.enableZshIntegration = true; programs.eza.enableZshIntegration = true;
programs.nix-index.enableZshIntegration = false; programs.nix-index.enableZshIntegration = false;
programs.direnv.enableZshIntegration = false;
} }

62
hosts/chunk/Caddyfile Normal file
View file

@ -0,0 +1,62 @@
{
acme_ca https://acme.zerossl.com/v2/DV90
acme_eab {
key_id {$EAB_KEY_ID}
mac_key {$EAB_MAC_KEY}
}
}
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
git.cy7.sh, git.cything.io {
import common
reverse_proxy unix//run/gitlab/gitlab-workhorse.socket
}
rss.cything.io {
import common
reverse_proxy localhost:8080
}
photos.cy7.sh {
import common
reverse_proxy localhost:2283
}
chat.cything.io {
import common
reverse_proxy localhost:8448
}
pass.cy7.sh {
import common
reverse_proxy localhost:8081
}
dns.cything.io {
import common
reverse_proxy localhost:8082
}
pad.cything.io {
import common
reverse_proxy localhost:8085
}
red.cything.io {
import common
reverse_proxy localhost:8087
}
grafana.cything.io {
import common
reverse_proxy localhost:8088
}
element.cything.io {
import common
reverse_proxy localhost:8089
}

5
hosts/chunk/adguard.nix
View file

@ -21,9 +21,4 @@
]; ];
}; };
}; };
services.caddy.virtualHosts."dns.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8082
'';
} }

39
hosts/chunk/attic.nix
View file

@ -1,39 +0,0 @@
{ config, ... }:
{
services.atticd = {
enable = true;
environmentFile = config.sops.secrets."attic/env".path;
settings = {
listen = "[::]:8090";
api-endpoint = "https://cache.cything.io/";
allowed-hosts = [ "cache.cything.io" ];
require-proof-of-possession = false;
compression.type = "zstd";
database.url = "postgresql:///atticd?host=/run/postgresql";
storage = {
type = "local";
path = "/mnt/attic";
};
garbage-collection = {
default-retention-period = "3 months";
};
chunking = {
nar-size-threshold = 0; # disables chunking
min-size = 0;
avg-size = 0;
max-size = 0;
concurrent-chunk-uploads = 32;
};
};
};
services.caddy.virtualHosts."cache.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8090
'';
}

10
hosts/chunk/conduwuit.nix
View file

@ -1,18 +1,12 @@
{ inputs, ... }: { pkgs, ... }:
{ {
services.conduwuit = { services.conduwuit = {
enable = true; enable = true;
package = package = pkgs.callPackage ../../pkgs/conduwuit.nix { };
inputs.conduwuit.packages.x86_64-linux.static-x86_64-linux-musl-all-features-x86_64-haswell-optimised;
settings.global = { settings.global = {
port = [ 8448 ]; port = [ 8448 ];
server_name = "cything.io"; server_name = "cything.io";
allow_check_for_updates = true; allow_check_for_updates = true;
}; };
}; };
services.caddy.virtualHosts."chat.cything.io".extraConfig = ''
import common
reverse_proxy localhost:8448
'';
} }

75
hosts/chunk/default.nix
View file

@ -1,4 +1,6 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -7,6 +9,7 @@
../common.nix ../common.nix
../zsh.nix ../zsh.nix
./hardware-configuration.nix ./hardware-configuration.nix
./gitlab.nix
./backup.nix ./backup.nix
./rclone.nix ./rclone.nix
./postgres.nix ./postgres.nix
@ -18,13 +21,10 @@
./vaultwarden.nix ./vaultwarden.nix
./wireguard.nix ./wireguard.nix
./grafana.nix ./grafana.nix
./conduwuit.nix ./tor.nix
./conduit.nix
./immich.nix ./immich.nix
./element.nix ./element.nix
./attic.nix
./forgejo.nix
./garage.nix
./tailscale.nix
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -59,25 +59,33 @@
"miniflux/env" = { "miniflux/env" = {
sopsFile = ../../secrets/services/miniflux.yaml; sopsFile = ../../secrets/services/miniflux.yaml;
}; };
"gitlab/root" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
};
"gitlab/secret" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
};
"gitlab/jws" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
};
"gitlab/db" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
};
"gitlab/otp" = {
sopsFile = ../../secrets/services/gitlab.yaml;
owner = config.users.users.git.name;
};
"rsyncnet/id_ed25519" = { "rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/chunk.yaml; sopsFile = ../../secrets/de3911/chunk.yaml;
};
"attic/env" = {
sopsFile = ../../secrets/services/attic.yaml;
};
"garage/env" = {
sopsFile = ../../secrets/services/garage.yaml;
};
"tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml;
}; };
}; };
boot = { boot.loader.grub.enable = true;
loader.grub.enable = true; boot.loader.grub.device = "/dev/vda";
loader.grub.device = "/dev/vda";
kernelPackages = pkgs.linuxPackages_latest;
};
system.stateVersion = "24.05"; system.stateVersion = "24.05";
@ -124,6 +132,12 @@
address = "31.59.129.1"; address = "31.59.129.1";
interface = "ens18"; interface = "ens18";
}; };
networking.nameservers = [
"127.0.0.1"
"::1"
];
time.timeZone = "America/Toronto";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
console = { console = {
@ -146,13 +160,6 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyn2+OoRN4nExti+vFQ1NHEZip0slAoCH9C5/FzvgZD yt@ytnix"
]; ];
# for forgejo
users.users.git = {
isNormalUser = true;
home = "/var/lib/forgejo";
group = "git";
};
users.groups.git = { };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
vim vim
@ -162,7 +169,6 @@
tmux tmux
file file
sops sops
attic-server
]; ];
environment.variables = { environment.variables = {
@ -181,13 +187,11 @@
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;
programs.git.enable = true; programs.git.enable = true;
my.caddy.enable = true; services.caddy = {
services.caddy.virtualHosts."cy7.sh" = { enable = true;
serverAliases = [ "www.cy7.sh" ]; configFile = ./Caddyfile;
extraConfig = '' environmentFile = config.sops.secrets."caddy/env".path;
import common logFormat = lib.mkForce "level INFO";
redir https://cything.io temporary
'';
}; };
# container stuff # container stuff
@ -203,5 +207,4 @@
}; };
}; };
virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.backend = "podman";
environment.enableAllTerminfo = true;
} }

5
hosts/chunk/deluge.nix
View file

@ -7,9 +7,4 @@
port = 8112; port = 8112;
}; };
}; };
services.caddy.virtualHosts."t.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8112
'';
} }

10
hosts/chunk/element.nix
View file

@ -7,12 +7,9 @@
virtualisation.oci-containers.containers.element = { virtualisation.oci-containers.containers.element = {
image = "vectorim/element-web"; image = "vectorim/element-web";
autoStart = true; autoStart = true;
ports = [ "127.0.0.1:8089:8089" ]; ports = [ "127.0.0.1:8089:80" ];
pull = "newer"; pull = "newer";
networks = [ "element-net" ]; networks = [ "element-net" ];
environment = {
ELEMENT_WEB_PORT = "8089";
};
}; };
systemd.services.create-element-net = { systemd.services.create-element-net = {
@ -25,9 +22,4 @@
${pkgs.podman}/bin/podman network create element-net ${pkgs.podman}/bin/podman network create element-net
''; '';
}; };
services.caddy.virtualHosts."element.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8089
'';
} }

53
hosts/chunk/forgejo.nix
View file

@ -1,53 +0,0 @@
{ pkgs, ... }:
{
services.forgejo = {
enable = true;
package = pkgs.forgejo; # uses forgejo-lts by default
user = "git";
group = "git";
settings = {
server = {
ROOT_URL = "https://git.cy7.sh";
HTTP_PORT = 3000;
HTTP_ADDR = "127.0.0.1";
DOMAIN = "git.cy7.sh";
LANDING_PAGE = "explore";
};
session.COOKIE_SECURE = true;
service.DISABLE_REGISTRATION = true;
ui = {
AMBIGUOUS_UNICODE_DETECTION = false;
DEFAULT_THEME = "forgejo-dark";
};
actions.ENABLED = false;
repository.ENABLE_PUSH_CREATE_USER = true;
indexer.REPO_INDEXER_ENABLED = true;
};
database = {
type = "postgres";
socket = "/run/postgresql";
user = "git";
name = "git";
};
};
services.caddy.virtualHosts."git.cy7.sh".extraConfig = ''
import common
# renamed repo
uri replace /cy/infra /cy/nixos-config
reverse_proxy localhost:3000
'';
services.caddy.virtualHosts."git.cything.io".extraConfig = ''
import common
# wrap in route so things are evaluated in the order written
route {
# rewrite gitlab URIs to make it work with forgejo
uri path_regexp /-/ /
uri replace /blob/ /src/
redir https://git.cy7.sh{uri} permanent
}
'';
}

43
hosts/chunk/garage.nix
View file

@ -1,43 +0,0 @@
{ config, pkgs, ... }:
{
services.garage = {
enable = true;
package = pkgs.garage;
settings = {
data_dir = "/mnt/garage";
s3_api = {
s3_region = "earth";
api_bind_addr = "[::]:3900";
root_domain = ".s3.cy7.sh";
};
s3_web = {
bind_addr = "[::]:3902";
root_domain = ".web.s3.cy7.sh";
index = "index.html";
};
admin.api_bind_addr = "[::]:3903";
rpc_bind_addr = "[::]:3901";
replication_factor = 1;
db_engine = "lmdb";
};
environmentFile = config.sops.secrets."garage/env".path;
};
services.caddy.virtualHosts = {
"s3.cy7.sh" = {
serverAliases = [ "*.s3.cy7.sh" ];
extraConfig = ''
import common
reverse_proxy localhost:3900
'';
};
"*.web.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3902
'';
"admin.s3.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:3903
'';
};
}

9
hosts/chunk/gitlab.nix
View file

@ -8,7 +8,7 @@
group = "git"; group = "git";
port = 443; # this *not* the port gitlab will run on port = 443; # this *not* the port gitlab will run on
puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma puma.workers = 0; # https://docs.gitlab.com/omnibus/settings/memory_constrained_envs.html#optimize-puma
sidekiq.concurrency = 5; sidekiq.concurrency = 10;
databaseUsername = "git"; # needs to be same as user databaseUsername = "git"; # needs to be same as user
initialRootEmail = "hi@cything.io"; initialRootEmail = "hi@cything.io";
initialRootPasswordFile = config.sops.secrets."gitlab/root".path; initialRootPasswordFile = config.sops.secrets."gitlab/root".path;
@ -24,12 +24,5 @@
skip = [ "db" ]; skip = [ "db" ];
keepTime = 48; # hours keepTime = 48; # hours
}; };
extraConfig = {
gitlab = {
# NOTE: default_syntax_highlighting_theme needs to be set in the application_settings table in the database
default_color_mode = 2;
};
prometheus.enabled = false;
};
}; };
} }

5
hosts/chunk/grafana.nix
View file

@ -31,9 +31,4 @@
} }
]; ];
}; };
services.caddy.virtualHosts."grafana.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8088
'';
} }

3
hosts/chunk/hardware-configuration.nix
View file

@ -22,9 +22,10 @@
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/persistent" = {
device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e"; device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
fsType = "ext4"; fsType = "ext4";
neededForBoot = true;
}; };
swapDevices = [ ]; swapDevices = [ ];

5
hosts/chunk/hedgedoc.nix
View file

@ -16,9 +16,4 @@
protocolUseSSL = true; protocolUseSSL = true;
}; };
}; };
services.caddy.virtualHosts."pad.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8085
'';
} }

5
hosts/chunk/immich.nix
View file

@ -95,9 +95,4 @@ in
${pkgs.podman}/bin/podman network create immich-net ${pkgs.podman}/bin/podman network create immich-net
''; '';
}; };
services.caddy.virtualHosts."photos.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:2283
'';
} }

20
hosts/chunk/impermanence.nix Normal file
View file

@ -0,0 +1,20 @@
{...}: {
environment.persistence."/persistent" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/opt"
"/var/lib"
"/root/.config/borg" # nonce
# used a hack to disable cache
# see https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
"/root/.cache/borg"
"/root/.config/sops"
];
files = [
"/etc/machine-id"
];
};
}

7
hosts/chunk/miniflux.nix
View file

@ -5,13 +5,8 @@
adminCredentialsFile = config.sops.secrets."miniflux/env".path; adminCredentialsFile = config.sops.secrets."miniflux/env".path;
config = { config = {
PORT = 8080; PORT = 8080;
BASE_URL = "https://rss.cy7.sh"; BASE_URL = "https://rss.cything.io";
FORCE_REFRESH_INTERVAL = 0; # don't rate limit me FORCE_REFRESH_INTERVAL = 0; # don't rate limit me
}; };
}; };
services.caddy.virtualHosts."rss.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8080
'';
} }

14
hosts/chunk/postgres.nix
View file

@ -1,5 +1,6 @@
{ {
pkgs, pkgs,
lib,
... ...
}: }:
{ {
@ -10,14 +11,13 @@
enableTCPIP = true; enableTCPIP = true;
ensureDatabases = [ ensureDatabases = [
"hedgedoc" "hedgedoc"
"atticd"
];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
]; ];
authentication = lib.mkForce ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 172.18.0.0/16 trust
'';
}; };
services.postgresqlBackup = { services.postgresqlBackup = {
enable = true; enable = true;

68
hosts/chunk/rclone.nix
View file

@ -1,7 +1,6 @@
{ {
pkgs, pkgs,
config, config,
lib,
... ...
}: }:
{ {
@ -15,46 +14,41 @@
serviceConfig = { serviceConfig = {
Type = "notify"; Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos"; ExecStartPre = "/usr/bin/env mkdir -p /mnt/photos";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ ExecStart = "${pkgs.rclone}/bin/rclone mount --config ${
config.sops.secrets."rclone/config".path config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos "; } --cache-dir /var/cache/rclone --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G photos: /mnt/photos ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/photos"; ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/photos";
}; };
}; };
systemd.services.attic-mount = { # systemd.services.nextcloud-mount = {
enable = true; # enable = true;
description = "Mount the attic data remote"; # description = "Mount the nextcloud data remote";
requires = [ "network-online.target" ]; # after = ["network-online.target"];
after = [ "network-online.target" ]; # requires = ["network-online.target"];
requiredBy = [ "atticd.service" ]; # wantedBy = ["default.target"];
before = [ "atticd.service" ]; # serviceConfig = {
serviceConfig = { # Type = "notify";
Type = "notify"; # ExecStartPre = "/usr/bin/env mkdir -p /mnt/nextcloud";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/attic"; # ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --uid 33 --gid 0 --allow-other --file-perms 0770 --dir-perms 0770 --transfers=32 rsyncnet:nextcloud /mnt/nextcloud";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${ # ExecStop = "/bin/fusermount -u /mnt/nextcloud";
config.sops.secrets."rclone/config".path # EnvironmentFile = config.sops.secrets."rclone/env".path;
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 15G --allow-other rsyncnet:attic /mnt/attic "; # };
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/attic"; # };
};
};
systemd.services.garage-mount = {
enable = true;
description = "Mount the garage data remote";
requires = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [ "garage.service" ];
before = [ "garage.service" ];
serviceConfig = {
Type = "notify";
ExecStartPre = "/usr/bin/env mkdir -p /mnt/garage";
ExecStart = "${lib.getExe pkgs.rclone} mount --config ${
config.sops.secrets."rclone/config".path
} --cache-dir /var/cache/rclone --transfers=32 --checkers=32 --vfs-cache-mode writes --vfs-cache-max-size 5G --allow-other rsyncnet:garage /mnt/garage ";
ExecStop = "${lib.getExe' pkgs.fuse "fusermount"} -u /mnt/garage";
};
};
# systemd.services.jellyfin-mount = {
# enable = true;
# description = "Mount the jellyfin data remote";
# after = ["network-online.target"];
# requires = ["network-online.target"];
# requiredBy = ["jellyfin.service"];
# serviceConfig = {
# Type = "notify";
# ExecStartPre = "/usr/bin/env mkdir -p /mnt/jellyfin";
# ExecStart = "${pkgs.rclone}/bin/rclone mount --config /home/yt/.config/rclone/rclone.conf --allow-other --transfers=32 --dir-cache-time 72h --vfs-cache-mode writes --vfs-cache-max-size 2G jellyfin: /mnt/jellyfin";
# ExecStop = "${pkgs.fuse}/bin/fusermount -u /mnt/jellyfin";
# EnvironmentFile = config.sops.secrets."rclone/env".path;
# };
# };
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
} }

5
hosts/chunk/redlib.nix
View file

@ -10,9 +10,4 @@
REDLIB_ROBOTS_DISABLE_INDEXING = "on"; REDLIB_ROBOTS_DISABLE_INDEXING = "on";
}; };
}; };
services.caddy.virtualHosts."red.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8087
'';
} }

13
hosts/chunk/tailscale.nix
View file

@ -1,13 +0,0 @@
{ config, ... }:
{
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;
extraUpFlags = [
"--advertise-exit-node"
"--accept-dns=false"
];
useRoutingFeatures = "server";
openFirewall = true;
};
}

5
hosts/chunk/vaultwarden.nix
View file

@ -10,9 +10,4 @@
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden"; DATABASE_URL = "postgresql://vaultwarden:vaultwarden@127.0.0.1:5432/vaultwarden";
}; };
}; };
services.caddy.virtualHosts."pass.cy7.sh".extraConfig = ''
import common
reverse_proxy localhost:8081
'';
} }

32
hosts/common.nix
View file

@ -1,29 +1,10 @@
{ inputs, ... }: { ... }:
{ {
nix = { nix = {
settings = { settings = {
experimental-features = "nix-command flakes"; experimental-features = "nix-command flakes";
auto-optimise-store = true; auto-optimise-store = true;
flake-registry = ""; flake-registry = "";
trusted-users = [
"root"
"@wheel"
];
trusted-public-keys = [
"central:uWhjva6m6dhC2hqNisjn2hXGvdGBs19vPkA1dPEuwFg="
"niri.cachix.org-1:Wv0OmO7PsuocRKzfDoJ3mulSl7Z6oezYhGhR+3W2964="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"cything.cachix.org-1:xqW1W5NNL+wrM9wfSELb0MLj/harD2ZyB4HbdaMyvPI="
];
substituters = [
"https://aseipp-nix-cache.global.ssl.fastly.net"
"https://cache.cything.io/central"
"https://niri.cachix.org"
"https://nix-community.cachix.org"
"https://cache.garnix.io"
"https://cything.cachix.org"
];
}; };
channel.enable = false; channel.enable = false;
optimise = { optimise = {
@ -36,20 +17,9 @@
persistent = true; persistent = true;
options = "--delete-older-than 14d"; options = "--delete-older-than 14d";
}; };
extraOptions = ''
builders-use-substitutes = true
'';
registry.nixpkgs.flake = inputs.nixpkgs;
}; };
time.timeZone = "America/Toronto"; time.timeZone = "America/Toronto";
networking.firewall.logRefusedConnections = false; networking.firewall.logRefusedConnections = false;
networking.nameservers = [
# quad9
"2620:fe::fe"
"2620:fe::9"
"9.9.9.9"
"149.112.112.112"
];
# this is true by default and mutually exclusive with # this is true by default and mutually exclusive with
# programs.nix-index # programs.nix-index

6
hosts/titan/Caddyfile
View file

@ -13,16 +13,12 @@
cything.io { cything.io {
import common import common
reverse_proxy localhost:8084
header /.well-known/matrix/* Content-Type application/json header /.well-known/matrix/* Content-Type application/json
header /.well-known/matrix/* Access-Control-Allow-Origin * header /.well-known/matrix/* Access-Control-Allow-Origin *
header /.well-known/matrix/* Access-Control-Allow-Methods GET,POST,PUT,DELETE,OPTIONS,PATCH,HEAD
header /.well-known/matrix/* Access-Control-Allow-Headers X-Requested-With,Content-Type,Authorization,Origin,Accept
route {
respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"} respond /.well-known/matrix/server {"m.server":"chat.cything.io:443"}
respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}} respond /.well-known/matrix/client {"m.server":{"base_url":"https://chat.cything.io"},"m.homeserver":{"base_url":"https://chat.cything.io"},"org.matrix.msc3575.proxy":{"url":"https://chat.cything.io"}}
redir https://cy7.sh/posts{uri} permanent
}
} }
www.cything.io { www.cything.io {

2
hosts/titan/default.nix
View file

@ -30,7 +30,7 @@
sopsFile = ../../secrets/borg/titan.yaml; sopsFile = ../../secrets/borg/titan.yaml;
}; };
"rsyncnet/id_ed25519" = { "rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/titan.yaml; sopsFile = ../../secrets/de3911/titan.yaml;
}; };
}; };

114
hosts/ytnix/default.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
pkgs, pkgs,
inputs,
lib, lib,
... ...
}: }:
@ -9,7 +10,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
../common.nix ../common.nix
../zsh.nix ../zsh.nix
./tailscale.nix {
disabledModules = [
"services/backup/btrbk.nix"
];
}
(inputs.nixpkgs-btrbk + "/nixos/modules/services/backup/btrbk.nix")
]; ];
sops.age.keyFile = "/root/.config/sops/age/keys.txt"; sops.age.keyFile = "/root/.config/sops/age/keys.txt";
@ -27,23 +33,12 @@
sopsFile = ../../secrets/wireguard/yt.yaml; sopsFile = ../../secrets/wireguard/yt.yaml;
}; };
"rsyncnet/id_ed25519" = { "rsyncnet/id_ed25519" = {
sopsFile = ../../secrets/zh5061/yt.yaml; sopsFile = ../../secrets/de3911/yt.yaml;
}; };
"newsboat/miniflux" = { "newsboat/miniflux" = {
sopsFile = ../../secrets/newsboat.yaml; sopsFile = ../../secrets/newsboat.yaml;
owner = "yt"; owner = "yt";
}; };
"tailscale/auth" = {
sopsFile = ../../secrets/services/tailscale.yaml;
};
"aws/key_id" = {
sopsFile = ../../secrets/yt/aws.yaml;
owner = "yt";
};
"aws/key_secret" = {
sopsFile = ../../secrets/yt/aws.yaml;
owner = "yt";
};
}; };
boot = { boot = {
@ -53,7 +48,7 @@
efi.canTouchEfiVariables = false; # toggle when installing efi.canTouchEfiVariables = false; # toggle when installing
}; };
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
kernelPackages = pkgs.linuxKernel.packages.linux_zen; kernelPackages = pkgs.linuxPackages_latest;
extraModulePackages = with config.boot.kernelPackages; [ extraModulePackages = with config.boot.kernelPackages; [
rtl8821ce rtl8821ce
]; ];
@ -70,7 +65,6 @@
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
kernel.sysctl."kernel.sysrq" = 1; kernel.sysctl."kernel.sysrq" = 1;
binfmt.emulatedSystems = [ "aarch64-linux" ];
}; };
networking = { networking = {
@ -90,6 +84,10 @@
dns = "none"; dns = "none";
wifi.backend = "iwd"; wifi.backend = "iwd";
}; };
nameservers = [
"31.59.129.225"
"2a0f:85c1:840:2bfb::1"
];
resolvconf.enable = true; resolvconf.enable = true;
firewall = { firewall = {
allowedUDPPorts = [ 51820 ]; # for wireguard allowedUDPPorts = [ 51820 ]; # for wireguard
@ -141,7 +139,6 @@
"wheel" "wheel"
"libvirtd" "libvirtd"
"docker" "docker"
"disk"
]; ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -174,8 +171,6 @@
haskell-language-server haskell-language-server
ghc ghc
sbctl # secure boot sbctl # secure boot
wine-wayland
wine64
]; ];
environment.sessionVariables = { environment.sessionVariables = {
@ -184,17 +179,12 @@
system.stateVersion = "24.05"; system.stateVersion = "24.05";
services.gnome.gnome-keyring.enable = true;
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;
services.displayManager = { services.displayManager = {
enable = true; enable = true;
autoLogin.user = "yt"; autoLogin.user = "yt";
defaultSession = "plasma";
sddm = {
enable = true;
wayland.enable = true;
autoNumlock = true;
};
}; };
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
@ -210,6 +200,11 @@
}; };
services.blueman.enable = true; services.blueman.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
};
my.backup = { my.backup = {
enable = true; enable = true;
jobName = "ytnixRsync"; jobName = "ytnixRsync";
@ -228,15 +223,15 @@
services.btrbk.instances.local = { services.btrbk.instances.local = {
onCalendar = "hourly"; onCalendar = "hourly";
# only create snapshots automatically. backups are triggered manually with `btrbk resume`
snapshotOnly = true; snapshotOnly = true;
settings = { settings = {
snapshot_preserve_min = "latest"; # only create snapshots automatically. backups are triggered manually with `btrbk resume`
snapshot_preserve = "7d";
snapshot_preserve_min = "2d";
target_preserve = "*d"; target_preserve = "*d";
target_preserve_min = "no"; target_preserve_min = "no";
target = "/mnt/external/btr_backup/ytnix"; target = "/mnt/external/btr_backup/ytnix";
stream_compress = "zstd"; stream_compress = "zstd";
stream_compress_level = "8";
snapshot_dir = "/snapshots"; snapshot_dir = "/snapshots";
subvolume = { subvolume = {
"/home" = { }; "/home" = { };
@ -284,56 +279,12 @@
programs.virt-manager.enable = true; programs.virt-manager.enable = true;
services.usbmuxd.enable = true; services.usbmuxd.enable = true;
programs.nix-ld.dev = { programs.nix-ld.enable = true;
enable = true;
# nix run github:thiagokokada/nix-alien#nix-alien-find-libs ./<binary>
libraries = with pkgs; [
mesa
extest
stdenv.cc.cc
libGL
fontconfig
libxkbcommon
zlib
libxml2
dbus
freetype
egl-wayland
waylandpp
cairo
xcb-util-cursor
libplist
p11-kit
kdePackages.qtwayland
qt6.qtwayland
libsForQt5.qt5.qtwayland
xorg.libX11
xorg.libxcb
xorg.xcbutilwm
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.libXScrnSaver
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXtst
xorg.libxkbfile
xorg.libxshmfence
];
};
programs.evolution.enable = true; programs.evolution.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
xdgOpenUsePortal = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-gnome ];
}; };
programs.obs-studio = { programs.obs-studio = {
@ -376,23 +327,4 @@
}; };
services.trezord.enable = true; services.trezord.enable = true;
programs.niri.enable = true;
programs.niri.package = pkgs.niri-unstable;
programs.xwayland.enable = true;
services.udev.extraHwdb = ''
SUBSYSTEM=="usb", SYSFS{idVendor}=="090c", SYSFS{idProduct}=="1000", ACTION=="add", GROUP="users", MODE="0664"
'';
programs.ssh = {
askPassword = "${pkgs.seahorse}/libexec/seahorse/ssh-askpass";
startAgent = true;
enableAskPassword = true;
};
services.desktopManager.plasma6 = {
enable = true;
enableQt5Integration = true;
};
} }

13
hosts/ytnix/tailscale.nix
View file

@ -1,13 +0,0 @@
{ config, ... }:
{
services.tailscale = {
enable = true;
authKeyFile = config.sops.secrets."tailscale/auth".path;
openFirewall = true;
useRoutingFeatures = "client";
extraUpFlags = [
"--exit-node=100.122.132.30"
"--accept-dns=false"
];
};
}

18
justfile
View file

@ -1,18 +0,0 @@
update:
git branch -D update || true
git switch -c update
nix flake update
git add flake.lock
git commit -s -m "flake update"
git push -f
git switch main
upgrade:
git switch update
sudo nixos-rebuild switch -L --flake . --use-substitutes
nixos-rebuild switch -L --flake .#chunk --target-host root@2a0f:85c1:840:2bfb::1 --use-substitutes
nixos-rebuild switch -L --flake .#titan --target-host root@www.cything.io --use-substitutes
home-manager -L switch --flake .
git switch main
git merge update
git branch -d update

15
modules/backup.nix
View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
inputs,
... ...
}: }:
let let
@ -30,6 +31,13 @@ let
]; ];
in in
{ {
imports = [
{
disabledModules = [ "services/backup/borgbackup.nix" ];
}
(inputs.nixpkgs-borg + "/nixos/modules/services/backup/borgbackup.nix")
];
options.my.backup = { options.my.backup = {
enable = lib.mkEnableOption "backup"; enable = lib.mkEnableOption "backup";
paths = lib.mkOption { paths = lib.mkOption {
@ -44,7 +52,7 @@ in
}; };
repo = lib.mkOption { repo = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Borg repository to backup to. This is appended to `zh5061@zh5061.rsync.net:borg/`."; description = "Borg repository to backup to. This is appended to `de3911@de3911.rsync.net:borg/`.";
}; };
startAt = lib.mkOption { startAt = lib.mkOption {
type = lib.types.str; type = lib.types.str;
@ -68,7 +76,7 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.ssh.knownHostsFiles = [ programs.ssh.knownHostsFiles = [
(pkgs.writeText "rsyncnet-keys" '' (pkgs.writeText "rsyncnet-keys" ''
zh5061.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd de3911.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIObQN4P/deJ/k4P4kXh6a9K4Q89qdyywYetp9h3nwfPo
'') '')
]; # needs to be a list ]; # needs to be a list
@ -79,7 +87,7 @@ in
persistentTimer = true; persistentTimer = true;
paths = defaultPaths ++ cfg.paths; paths = defaultPaths ++ cfg.paths;
exclude = defaultExclude ++ cfg.exclude; exclude = defaultExclude ++ cfg.exclude;
repo = "zh5061@zh5061.rsync.net:borg/" + cfg.repo; repo = "de3911@de3911.rsync.net:borg/" + cfg.repo;
encryption = { encryption = {
mode = "repokey-blake2"; mode = "repokey-blake2";
passCommand = "cat ${cfg.passFile}"; passCommand = "cat ${cfg.passFile}";
@ -88,7 +96,6 @@ in
BORG_RSH = "ssh -i ${cfg.sshKeyFile}"; BORG_RSH = "ssh -i ${cfg.sshKeyFile}";
BORG_REMOTE_PATH = "borg1"; BORG_REMOTE_PATH = "borg1";
BORG_EXIT_CODES = "modern"; BORG_EXIT_CODES = "modern";
BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes";
}; };
compression = "auto,zstd,8"; compression = "auto,zstd,8";
extraCreateArgs = [ extraCreateArgs = [

40
modules/caddy.nix
View file

@ -1,40 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
cfg = config.my.caddy;
in
{
options.my.caddy = {
enable = lib.mkEnableOption "caddy reverse proxy";
};
config = lib.mkIf cfg.enable {
services.caddy = {
enable = true;
package = pkgs.caddy.withPlugins {
plugins = [
# error message will tell you the correct version tag to use
# (still need the @ to pass nix config check)
"github.com/caddy-dns/cloudflare@v0.0.0-20240703190432-89f16b99c18e"
];
hash = "sha256-jCcSzenewQiW897GFHF9WAcVkGaS/oUu63crJu7AyyQ=";
};
logFormat = lib.mkForce "level INFO";
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
extraConfig = ''
(common) {
encode zstd gzip
header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
}
'';
globalConfig = ''
acme_dns cloudflare {$CLOUDFLARE_KEY}
'';
environmentFile = config.sops.secrets."caddy/env".path;
};
};
}

1
modules/default.nix
View file

@ -2,6 +2,5 @@
{ {
imports = [ imports = [
./backup.nix ./backup.nix
./caddy.nix
]; ];
} }

23
overlay/attic/default.nix
View file

@ -1,23 +0,0 @@
final: prev: {
attic-client = prev.attic-client.override (old: {
rustPlatform = old.rustPlatform // {
buildRustPackage =
args:
old.rustPlatform.buildRustPackage (
args
// {
version = "0.1.1";
src = final.fetchFromGitHub {
owner = "cything";
repo = "attic";
rev = "d660c85bdb6bb10499a23a846a13107ea0c72769";
hash = "sha256-E22d2OLV02L2QdiSeK58flveehR8z8WIKkcN/njAMdg=";
};
cargoLock = null;
cargoHash = "sha256-AbpWnYfBMrR6oOfy2LkQvIPYsClCWE89bJav+iHTtLM=";
useFetchCargoVendor = true;
}
);
};
});
}

44
overlay/conduwuit/default.nix
View file

@ -1,44 +0,0 @@
final: prev:
let
newRust = final.rust-bin.fromRustupToolchainFile ./rust-toolchain.toml;
newRustPlatform = final.makeRustPlatform {
cargo = newRust;
rustc = newRust;
};
in
{
conduwuit = prev.conduwuit.override (old: {
rustPlatform = newRustPlatform // {
buildRustPackage =
args:
newRustPlatform.buildRustPackage (
args
// {
version = "0.5.0-rc2";
src = final.fetchFromGitHub {
owner = "girlbossceo";
repo = "conduwuit";
rev = "5b8464252c2c03edf65e43153be026dbb768a12a";
hash = "sha256-yNdxoVZX13QUDJYM6zTMY9ExvacTqB+f0MLvDreSW8U=";
};
doCheck = false;
cargoHash = "sha256-g19UujLI9d4aw+1273gfC17LDLOciqBvuLhe/VCsh80=";
# unstable has this set to "conduit"
meta.mainProgram = "conduwuit";
buildFeatures = [
"brotli_compression"
"element_hacks"
"gzip_compression"
"release_max_log_level" # without this feature to enable debug logging
"sentry_telemetry"
"systemd"
"zstd_compression"
"jemalloc"
"io_uring"
];
}
);
};
});
}

28
overlay/conduwuit/rust-toolchain.toml
View file

@ -1,28 +0,0 @@
# This is the authoritiative configuration of this project's Rust toolchain.
#
# Other files that need upkeep when this changes:
#
# * `Cargo.toml`
# * `flake.nix`
#
# Search in those files for `rust-toolchain.toml` to find the relevant places.
# If you're having trouble making the relevant changes, bug a maintainer.
[toolchain]
channel = "1.84.0"
profile = "minimal"
components = [
# For rust-analyzer
"rust-src",
"rust-analyzer",
# For CI and editors
"rustfmt",
"clippy",
]
targets = [
#"x86_64-apple-darwin",
"x86_64-unknown-linux-gnu",
"x86_64-unknown-linux-musl",
"aarch64-unknown-linux-musl",
#"aarch64-apple-darwin",
]

9
overlay/default.nix
View file

@ -1,9 +0,0 @@
let
overlays = [
./conduwuit
./attic
./vscode.nix
];
importedOverlays = map (m: import m) overlays;
in
importedOverlays

14
overlay/vscode.nix
View file

@ -1,14 +0,0 @@
final: prev: {
vscode-extensions = prev.vscode-extensions // {
github = prev.vscode-extensions.github // {
codespaces = prev.vscode-utils.buildVscodeMarketplaceExtension {
mktplcRef = {
publisher = "github";
name = "codespaces";
version = "1.17.3";
hash = "sha256-idJFYHJ4yeqpFZBX55Y0v1yfzgqyhS0MrC4yIto7i7w=";
};
};
};
};
}

0
secrets/zh5061/chunk.yaml → secrets/de3911/chunk.yaml
View file

0
secrets/zh5061/titan.yaml → secrets/de3911/titan.yaml
View file

0
secrets/zh5061/yt.yaml → secrets/de3911/yt.yaml
View file

6
secrets/rclone.yaml
View file

@ -1,5 +1,5 @@
rclone: rclone:
config: ENC[AES256_GCM,data:/GFMFowcU2940P3n/4qQEmAflNyn/s7kujrv1SmStpsVfoiqklD0aB77wh2n7nxzL+Yg98e+L1MADSUTkc1e1uAfc6NwhB62HzKuEvZwCCRs/WZas8ZMuB5cVQUtxl1kRoqLWVxUaaVQU/qsjEFj4uA/dnOe/PSR9DYOnAA7PiHFFP4rtD0/tfhsdjNUiKY62n/yVDRTNJmQ7f14jR2OPby65Xu6Upi77XvOeFDy6LMyOcAH8UF9QTw5+4r5nosOA+H9SFc4Y+BAVnboBi7McrLYtz9SAiaYFQAqT4/nbNSSfvdnvuMSNMxpW88L/UnRxtEHfAYCEyUQD+GaDIEt2vSRQLWHJB6znMxnMXi5U/S9gCP7/NdcSvCh9SkrnHmRW9dQg3euGkuaVkpiYQoORyzk7RrxjFOKHCpU4gaaLD6FBrkkJHY8zDL/176aZKBgIpFaHlQN/TVwEByVDEUfEZ4Z+Af528rBjZ/W8gV9kgYzBECQ8Mgw5/HVSwO1fvVuFQedV5pz/TxIrd9V1t1W8XDN9UYgnfctQDch2oQMA1iCVuV2Mm7I8Ew4ikNeCy5qBgBq3MfDSlpCmqeiqSuCR1V0O7FeyWgV46cm+ORVCgkAvYUH9xy8ARYEVRjK1aogjFwc+e8GhK976fvI1Lt9aE6c87AdJd58kP/LiS0So6d4VWfTZUNX1sdpZA7y2G5oSu7PRGfR94unzqzmRhbMPACvKnoLPUnod8Sw93vLu7y+QGI9zl4oICPT8GF8k1kfVdqGLWjB5i91RAJInbpkG3jeHciE3I7RC2gVNufdEmkpRx2bt7kLw30ede0=,iv:V+Kd3HRD6kfM8TTjBbmc/uQbo2iafDV5u6FtnhFSTQs=,tag:e9WX+hD2UNvnsQhCuMebUA==,type:str] config: ENC[AES256_GCM,data:mvbvhlePt87lZl5AWyq5l0hwop4wHdY5pY82EMyzz+KtW7DKmi/3txVuNJ/GjcDWIY9HxklDDrIbN/r+prVvl/OEquHg+YLn/0w7njWDsqIEO+GwDCUBAaZqZtc94LVkI4SYXuE1Jl5wyWy0qaqkvR3kd91bC5ABoTKXnr2yxiTIIH9M2QyXMYy2/zDI3Ux6t5+vO6kze/d1kVmxpzzNyYrPDflQgR4o94P0hDAsnOJa2MW9S10mIsOU5h61IuILm5XHWgTAgNiyEGVA/nFOsu1Ny8bUXCcWtwWNZkNmkkL7lgIpnzbm09DmKWHn18I9+nyWaYxmuKn/g9rxPPBduzg77CHyLtQv55ZI+5hsZrkPHKfoMqJrjkz3zCU/XplCrR21cHVM1Yo1LRDWcCrIzmNQiqTzBHY0QGuLPqdYtG3mcLrwwuBE8uvQt3YJ7FQHuq8vERHsq/PHBigndstGvXpfkQmn33/tAZCBPvZEKHakJ9bFyol/lPm+sbOIAaCqf0FFDSL5l3m0PiUHfZRPTS8bm+rTNPfQBclFGbwmNmvofxsCcbnJEZpqRBK38tMOp08cBjcKGyyb21Wpy8Qx1igWOVb71Rn13VfCdYFO4JoLVAX1r9uI8b3kW4qOMYY66iEnBCLbgK+81Dk+bzy+ilWQQiTYuW/lo+Dx4vPoLfIwVmgo3ooY282t0huxCi2edjq9llo+NOd63o8yNKhbAJlBPAigqAA53aqndLUka17CwXKKhT+k+zChu/ZlkQ6viPo6HJq+1rymYoK4KUrjTvXiAr+8eYpT/qJ2tTK7rCysFZhGuRlwP1Xk5z0=,iv:WXPH8jBHdqM2TL8xtFmvvXujmaNYR6AKlyJgfYVRf44=,tag:60WucstY5TAq+B8GrIOQfA==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +33,8 @@ sops:
aExPM3ZCL0kvMWpZZlFuTGMvU0pQNEEKTxkA30B3nPOO1Q0ZRiZZKicqvEpJoOL5 aExPM3ZCL0kvMWpZZlFuTGMvU0pQNEEKTxkA30B3nPOO1Q0ZRiZZKicqvEpJoOL5
B/PchzkTvSbjPGz55r+Qq3oTHTQ4bwxpZ7T1hMyMcXhws+oftol5/g== B/PchzkTvSbjPGz55r+Qq3oTHTQ4bwxpZ7T1hMyMcXhws+oftol5/g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-06T23:47:39Z" lastmodified: "2024-12-30T21:01:01Z"
mac: ENC[AES256_GCM,data:Yg/CiK3pZL+RPYHFVIMZj4pmDzenOpYj8slK/XL28+5IdQ/BBIETXgCz0JjN7p7li2sYGMnKv5DDa6NhCYOGhexmTxKzumAAjYNLrZamDaDBxXs+FnN6cBxytM2eEc+GFBazl0nEPPBulZNoDsFK1TpIFnMAClVjRe1y37cNXXQ=,iv:Rlxci8NVLzF9yDro30mDkymyiv30slcLKYCMIZv3y+o=,tag:a+m9ZcA/ttxiR/JXUPLfSQ==,type:str] mac: ENC[AES256_GCM,data:K9HJyxbipXb9oAiJQH+pm8hwQd6TqkJbOflFJDO1AoejYeJB5qyeGYmEgQ2l4sBmKrGetiyG5+qOaAPrKZoLeqtwyM8SxnLDUQ8dQLzEHnHGixlilkLyI4AxlznvkfVvcSjOfughVb2G4N5xIcaIWLT1+zAiweb7hoB55LGOSG8=,iv:xt1DXi4ZhIBPO9o5m4Uf8Z6B7SmbU3FGuvp5t+WgJns=,tag:WFACS8fCHOvNBAWXHZoD6A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.9.2

40
secrets/services/attic.yaml
View file

File diff suppressed because one or more lines are too long

8
secrets/services/caddy.yaml
View file

@ -1,5 +1,5 @@
caddy: caddy:
env: ENC[AES256_GCM,data:XyxcCVT+rwlS7A3xzUgGqpMoLwhfUJo2++zPTgoPt3q6Edt14bYQJsoSJXnKx/lGg/0ilNfEEg8AEnru/Mzx0bWedSdWuZ380l8wlLiucqQThhEBhEJlyd94BMNzhxFdj82w0ejp4oWb5By/WjkFNesvAyxPIo/Ir4S+fTgGpA1iO2Ms8Pdjp00qeXYsK1CfjaXOYlEP+8BxntN2JKLYb8Cgs7dLmHfUwP6gTFKlTukUTtQZYUw336q3TtGy,iv:Ab/E0ljUBxzWlXfAC2BXCYxlgo0ErvKFaubgVjFR3OU=,tag:Yr24/DofYS2lM6f2/1LQ3Q==,type:str] env: ENC[AES256_GCM,data:uVCkVky5MRRhN+g4f634nBjvpcI5Ldy+eOKXg7eGu9foswTHA1SXDs67+Wuvo/jaPw7Zg67xKZRHnoTon1udQzyfu0T6pmVKfsUPewITYCd+qLTanFz6uVRUHzpUVwjCZNqB8gxNr/BiZ70NG4vQXRjgd3zKFrQYQBr4zSaP2vK1pRdbuQ==,iv:dQBfX4X8huUp2dqY3tEGW+BPZ/XADT10ptt85R7X+AY=,tag:cvMbFjkRHoxxnNfz8dGv5g==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +33,8 @@ sops:
Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH Q2hBZE1FOHJ3aW5rVmoyK045eG11cmsKFOmP5iWONREZvxu0rM+fKMPQKgnYq5LH
AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ== AKMZFsP7nnUxjdCXEA18sDg4Rf0qp8i3uQK3D6P7417j9ye/YZA4BQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-30T17:26:39Z" lastmodified: "2024-12-17T03:25:37Z"
mac: ENC[AES256_GCM,data:saoalvnwHsv0CTw/cRZqibnH9oGoZTNwGUT7RePKRa8OwNzbUEzQt+Z1WrmmWoqR+omQXLE+lpOPv6uNYxvAWnIelzCGeBBCMSBxtjlTUsjts7oFo7d9C5SdTIOkzotDxryvjRupb0P7hAmEqcSUKRZipJy5MVR7VXR1XZ4fIPM=,iv:VaP05zj8L2pygi1/M4BnOV3Inf0ssaWMu+aTBkdDMys=,tag:nuZT8GMB4F0T5dHnTvHOhA==,type:str] mac: ENC[AES256_GCM,data:bhFBLkT2q6HGtTPtHLVZkKZn00Lbm11/u3qSR19lU2E1SsQ7mpukvCqcTxNWtJ+HHth6yJJfgM6XABKq/9/598L2MgGuF3C/GGS3xpjwHh5RyV8t1lV8cqDaZGjGOMGx35lFQ6DoXOreQrtP/f7MKzf+nVNFr1NbTR8YhqR1xDU=,iv:+fjYlbyIyM9nLagrvE+PUhC2pT7QTsTSQX7ELZ7Wuhs=,tag:GWQv6VmIsWwFzb4bUr5CLg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.9.2

31
secrets/services/garage.yaml
View file

@ -1,31 +0,0 @@
garage:
env: ENC[AES256_GCM,data:miNp4SJ9xuMXSEIJYCZFWM96enAh8uwCxv0ySn2Jbp5V4Iso2uZ2R9dXqSS7y60pRq+bbXPYbBxBnmb+fhjvB7TdCLPom9CKSY8zMI7n/p1IE4qUFvzCG4ejV6BIsh/887BjzAx1UNcRG/9eUNcMfTu58wQwKmIzr1iu5pD+IlLHa+0/orpZKssQ2Ba1hMwLOAXp,iv:zgkGikunB4zQ4CfGgEd1DmLgYpEREJhoX4oT/zK3mI8=,tag:ohpZWF/lPHQc010mteJZDw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIemdMVVE4alZ2MElWeUpj
TjNhL2VYL2dwMmN0VzJxVGwzWHgvbm82QWtjCk1pem5SdzFpR0dRci80emo1VlVu
VWtWMVpoN2M4NUphcTgxeTB6aU83bjAKLS0tIGlJanA1TFBnaE9PTmRnQWVidE53
elRZaFVaZ1VTRU1MbWlqSkJNZG1oRW8K8IupEpJzC0CJGpxSTssiFrQgdHAzCW4I
IlvYdZkUou/6km5OMnsFqhqEqIjAwVuJ08YiNzAv67ZzTG0ThD133A==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiemRZRmF1NWozM1RFS2Z2
bld5V0lTS3V1OW1SU0VaR2IzZjJmbEtJVkhjCnBVKzFYUXYveGdkSTVmbzRldGRo
eVAxWXQ1TzczVjZiQ2NsUEk3YmhGNk0KLS0tIG04d0FDYXF1MU5ab3ZMTmpCUWNa
WTQ3dWs4enQrc2F3K3AvMUQvWEh6RDgKxJl3ftSpIrK+45LzjX9gIy41Lv+bcZsV
7rriUhKAtaCXsQcO6Povif7zJyCROYhC0sgpRhmMKoN76TAH3zxvag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-08T20:44:32Z"
mac: ENC[AES256_GCM,data:rVv9sNYb9Fttm5IjonAZBmcrCqC1cAp2sjMJDZ3JMt+YeyiCUI6jsXSGAc3pgP+7vvaTvDvdNwlAa5axxA72omE4eAK+9me0RLI75vA4UGrh3KiB4qrHK6H6qMUFg92uhKFo+uhtxERIV5/HSwbZPBT2R0pbSSQzTKk5U9UuJsY=,iv:CRSEqphlBsHwPvwXlTQui5U4fsXWgWnZ+8KYFAyVRlg=,tag:82mxRsp5uCo235jzJNK8LQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.2

31
secrets/services/tailscale.yaml
View file

@ -1,31 +0,0 @@
tailscale:
auth: ENC[AES256_GCM,data:7gGiUBRUK25Tp5y/5DDZKOTxKPFFfN1UUeBOdMLLQqobq643MKdJ9imxkKmKFg/FwgLYft/uzdxQGGlE7Q==,iv:HRmd+T1QuTYP8VrX/bZt8dWSwm5rcUvpEMqCMPfxjE4=,tag:PRZn2Pm6yydfEULrYGM6yg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1eg6sxflw6l44fp20sl068sampwd95fm0mnh4ssegrhtktgm50ptqcuspyn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2Z1JZZmZMaDQ3UHYvbXYr
c05RaEMxUGJXSGczUDBkL1UxT0hjQ0VNNkJNClFUNmJ5d3gyaHFwMTdNVW9GQ2ly
V3haMkx5Z1B5dmJ0SE4wY0UzMWswQ0EKLS0tIGNpZVo3UmtHcjFZVE5FMmdpOGMx
UFZGb3I1L3FJYVE2VjJ5aTVoZlo4bFUKwH2sPBwuLQXrHmiKYSu4Eut/H2j/2tUW
1y8Eph7l6w3kfhZRRbo6cZ8gcbZNHPSPeAvWf/TpYumiTt1WBt8SMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSVXBMTEMrY1NGa1NBSjZP
R04wYUsrdGlVa3FnL1NYVG4xdUdqeHNnM0ZJCmhMSzFoRVFSOFBrQlU3VUtwaU0r
TEtad1B5NGh3OW1oajNvckhJcExrU0kKLS0tIFc5K3JOVTUvSFU1dmQxMUFRZ1o3
em5IemlsM29zVy9GK3RmTlgzVnRpMDAKRatmFgCdoXcypQ+1EDedCuVctl0SFMf4
kjtHrTSpept/y9bpTUy656aPRQ1LvqvfPs7Co1ssC/YWFroDsLgv4w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-24T05:26:20Z"
mac: ENC[AES256_GCM,data:GbQrLESUR/x+eLzukOR1FaJsd8zxlrz9dc/2kDBKUYAgI8L4QwLmwRuzpaIJgNLv2PdLTW83oSC8ekxR8fmsap40DpiygcrmPdPUeVFbEPaz7SSvU+DCgB0UX+qNQ9aOQ0BIbeKKOIj3r9enGv2o6DKY8I85n7VXjnGZAmCf1C8=,iv:UrtVqRGwvOpXOH3X3qF6ZF+VwqO0VGt+hFG7r6oUqCg=,tag:TD4mG3t5ORYgAS0GBmA7Eg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.3

32
secrets/yt/aws.yaml
View file

@ -1,32 +0,0 @@
aws:
key_id: ENC[AES256_GCM,data:vxa8IS5zVOStsQaQNoPy36MeCw2KD2Th5tg=,iv:TrPukr/bpkGysf1YigBlXwaCu0H1FM6ivCVQEgnst6A=,tag:yrlcsDkLkH7U2i3JgjDaBA==,type:str]
key_secret: ENC[AES256_GCM,data:R9hFgtylEW1RphrP7/9Hi7HIb7gcQX1WDEVfnUTTzh+/0LM2Rb9CdkaleO8wNlcyYVE/jUKtqdqqrospAJ7+Zw==,iv:3+yCVqH441+oXFLI5usaQdhnE3GFhbJjMsYeRvk8xEw=,tag:STxA32cSdwPBikXyVEP5+Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1sy0at69err83qyml2vqu8xvwjccfws447aaadfvacj2qluw3p45s2mtrw8
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKaUZKbTVjZ1NEWlE5RzZT
T1dKdkRQajEva0tpRXhxYUlYWmw1b3MwSFZvCmhteVJ2VGhVNnZTZkJlem1OT3dL
dGlQTWdOUlo3TXNOS0wvNlpqVWpZSFEKLS0tIC9DNjY3OW1zWUlRQ1ZEOGlBRk9R
azQxMGhQejQ5M0N1YjFtSW5uVnRCQ3MKtt26G2PxIry/lppOT/NUX8jebEb5NgqO
HuHj7WT51Gtotfgb22VfGeOCaw9+pPYSjdk9WV4z57r7Z/lylALKRw==
-----END AGE ENCRYPTED FILE-----
- recipient: age10h6pg5qdpc4t0rpmksfv788a57f04n83zgqaezkjjn65nkhv547s0vxfdn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPaVIwbExDUjJiVFpHOFJu
dk1SUHc5UDRFUENsbkg2RmQvazdEZ1NKeEhvCjVCNzdwRFN0aUZJL0pVSTI1RUxv
Ymhhc0tsSENVa1VUKzRBZk5IcjEvNFUKLS0tIFpPNlRXOVYyVnpyUmtLMTFqNlZ0
UlYrTExEUVc0dURLR1czN3BnYzZ2VGMKCbAgM50jvs9VciA1Pb/VY+2I4x62LBGe
j7eHkfTFc8Gnk/rZA9/ZJDLFr/FUPMQWK/NVoz6oLjO6oVFXqN6OqA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-30T17:45:09Z"
mac: ENC[AES256_GCM,data:uXnJ8DCs1ZZ72PFAmSQpqvVH2UYvRX8AeUC00A6WsgNL9sz6H0b7PwXBn4SucHACwLwilMVKYpFGE1pPMsIgpHxU5coNhvTfth/ChY1KS73LAwrJUAyUoFI3mumPkklj7b/u1CbBfhuhA2QoZVl+d9BGQn5CQu3+BySUmcT+P9k=,iv:H/hUTBDNcsGBP5TA/7U1QMZogZvuoPuEAg/tBCpbf9w=,tag:W7rH84Na/tHPuJlA9tRXEQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4