Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: Kabbone:60b69e004942a5c288b88b800c9c5b222b007898
Branches Tags
Kabbone:main Kabbone:refactor
..
compare: Kabbone:main
Branches Tags
Kabbone:main Kabbone:refactor

56 Commits
60b69e0049 ... main

Author SHA1 Message Date
Kabbone
f6aa846798 flake update 2026-01-30 12:33:24 +01:00
Kabbone
31691c17fb noctalia: add pwvucontrol 2026-01-30 12:28:43 +01:00
Kabbone
920876d436 flake update 2026-01-23 13:00:48 +01:00
Kabbone
f68bfe1ab6 flake update 2026-01-11 09:08:48 +01:00
Kabbone
9c4168dc5b flake update and uncomment zsh config 2026-01-05 08:28:33 +01:00
Kabbone
86f76f418a lifebook: enable virutalisation 2025-12-29 20:33:48 +01:00
Kabbone
1fed2ab17c flake update and correcting microvm url 2025-12-29 15:29:34 +01:00
Kabbone
4cc6f0d183 add cloud-hypervisor and small niri floating fix 2025-12-29 15:29:12 +01:00
Kabbone
fdf38fdfae flake update 2025-12-28 16:39:47 +01:00
Kabbone
7559b4354c fix niri home import 2025-12-28 16:39:34 +01:00
Kabbone
e912b656a3 niri final touches on desktop 2025-12-27 15:56:43 +01:00
Kabbone
b62c5850dc initial niri config 2025-12-26 18:51:26 +01:00
Kabbone
ab6e1aa16e set environment for niri and cleanups 2025-12-26 17:54:45 +01:00
Kabbone
77b5652449 flake update 2025-12-26 12:59:13 +01:00
Kabbone
726e4e9432 add wallpaper 2025-12-26 12:38:25 +01:00
Kabbone
95e20a7dfe fix zsh ini for Wayland 2025-12-26 12:29:27 +01:00
Kabbone
e14992e9fd noctalia configuration and basic niri setup 2025-12-26 12:28:22 +01:00
Kabbone
c1f4c25cb6 lifebook: move to niri 
disable ssh agent in desktop config
 2025-12-23 14:29:54 +01:00
Kabbone
1dc51c4bc4 lifebook: switch to xe 2025-12-23 10:39:41 +01:00
Kabbone
ef662a0cab disable privacyextension on jupiter 2025-12-23 09:37:50 +01:00
Kabbone
bebe13d760 give hosts dns domain list 2025-12-22 12:41:31 +01:00
Kabbone
4c21950c3a flake update 
remove nbf5
 2025-12-22 10:47:57 +01:00
Kabbone
ac664dce9b flake update 2025-12-13 10:30:58 +01:00
Kabbone
a9d12ea535 enable imaginary and cleanup 2025-12-07 11:53:30 +01:00
Kabbone
1827e4eebf remove whiteboard collab 2025-12-07 11:43:17 +01:00
Kabbone
861dd0bab4 update to nextcloud32 and enable whiteboard 2025-12-07 11:24:36 +01:00
Kabbone
55342f4912 update to 25.11 with config changes 2025-12-06 16:48:39 +01:00
Kabbone
01e47e808e flake update 2025-11-30 18:02:54 +01:00
Kabbone
76774565a9 flake update 2025-11-23 11:01:03 +01:00
Kabbone
e288514e33 flake update 2025-11-15 19:57:16 +01:00
Kabbone
4e4b696177 fix element window on specific workspace 2025-11-15 19:53:10 +01:00
Kabbone
c83ec90489 move back to element 2025-11-13 19:44:46 +01:00
Kabbone
d71af6a1c9 flake update 2025-11-13 15:50:50 +01:00
Kabbone
35d2f5afe0 update flake and some update fixes 2025-11-02 16:05:39 +01:00
Kabbone
d69e4f2d3e openrgb need insecure package 2025-10-26 15:54:43 +01:00
Kabbone
8300a32027 flake update 
add nheko instead of element
 2025-10-26 15:45:57 +01:00
Kabbone
9108daaffb server: mealie: use unstable 2025-10-19 13:08:48 +02:00
Kabbone
2a3079f35e desktop: move to nheko with gnome-keyring 2025-10-18 14:58:03 +02:00
Kabbone
687fd92a94 new flake structure and overlays for unstable 2025-10-18 14:55:26 +02:00
Kabbone
e8c9cd32fd flake update 2025-10-14 20:05:37 +02:00
Kabbone
675e3cfb86 nas: syncthing: correct nginx settings 2025-10-12 18:17:51 +02:00
Kabbone
9a593ba9a1 syncthing: add lifebook key 2025-10-12 18:13:12 +02:00
Kabbone
bc7fbcfc7d lifebook: start syncthing 2025-10-12 18:04:45 +02:00
Kabbone
a43fdc77f8 hades: start syncthing 2025-10-12 17:58:15 +02:00
Kabbone
c2f53e4533 hades: start syncthing 2025-10-12 17:54:23 +02:00
Kabbone
43cfd4b6d3 nas: start syncthing 2025-10-12 17:34:32 +02:00
Kabbone
ea0beb9673 update flake 2025-10-11 07:55:28 +02:00
Kabbone
f3063e36d9 add build script for local dev 2025-10-11 07:55:16 +02:00
Kabbone
0e48154dec server: mealie: add openai 2025-10-11 07:54:52 +02:00
Kabbone
8ae9830eba server: create mealie group 2025-10-10 20:05:44 +02:00
Kabbone
23adee92a6 server: create mealie user 2025-10-10 20:02:40 +02:00
Kabbone
9c2a801040 rekey 2025-10-10 19:39:10 +02:00
Kabbone
97b66828ca server: add mealie 2025-10-09 22:14:51 +02:00
Kabbone
d978497b7c flake update 2025-10-09 20:21:07 +02:00
Kabbone
a9ab9e64ba nas: add syncthing module 2025-10-07 15:10:50 +02:00
Kabbone
234904c08f flake update 2025-09-28 09:12:58 +02:00
63 changed files with 1529 additions and 548 deletions
Expand all files Collapse all files

3
.gitattributes vendored Normal file
View File

@@ -0,0 +1,3 @@
*.jpg filter=lfs diff=lfs merge=lfs -text
*.svg filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text

262
flake.lock generated
View File

@@ -10,11 +10,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1754433428, "lastModified": 1762618334,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=", "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d", "rev": "fcdea223397448d35d9b31f798479227e80183f6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -25,11 +25,11 @@
}, },
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1754269165, "lastModified": 1769287525,
"narHash": "sha256-0tcS8FHd4QjbCVoxN9jI+PjHgA4vc/IjkUSp+N3zy0U=", "narHash": "sha256-gABuYA6BzoRMLuPaeO5p7SLrpd4qExgkwEmYaYQY4bM=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "444e81206df3f7d92780680e45858e31d2f07a08", "rev": "0314e365877a85c9e5758f9ea77a9972afbb4c21",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -63,63 +63,24 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1767039857,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=",
"owner": "edolstra", "owner": "NixOS",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "edolstra", "owner": "NixOS",
"repo": "flake-compat", "repo": "flake-compat",
"type": "github" "type": "github"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754091436,
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"pre-commit-hooks-nix", "pre-commit",
"nixpkgs" "nixpkgs"
] ]
}, },
@@ -165,11 +126,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757920978, "lastModified": 1769723138,
"narHash": "sha256-Mv16aegXLulgyDunijP6SPFJNm8lSXb2w3Q0X+vZ9TY=", "narHash": "sha256-kgkwjs33YfJasADIrHjHcTIDs3wNX0xzJhnUP+oldEw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "11cc5449c50e0e5b785be3dfcb88245232633eb8", "rev": "175532b6275b34598a0ceb1aef4b9b4006dd4073",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -185,27 +146,52 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757808926, "lastModified": 1769580047,
"narHash": "sha256-K6PEI5PYY94TVMH0mX3MbZNYFme7oNRKml/85BpRRAo=", "narHash": "sha256-tNqCP/+2+peAXXQ2V8RwsBkenlfWMERb+Uy6xmevyhM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "f21d9167782c086a33ad53e2311854a8f13c281e", "rev": "366d78c2856de6ab3411c15c1cb4fb4c2bf5c826",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs"
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1769548169,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -222,11 +208,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757230583, "lastModified": 1769596123,
"narHash": "sha256-4uqu7sFPOaVTCogsxaGMgbzZ2vK40GVGMfUmrvK3/LY=", "narHash": "sha256-kcElu+HiwNIJiaNH41IdemFaaGyU3TqI4ebx5CQMHFs=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "fc3960e6c32c9d4f95fff2ef84444284d24d3bea", "rev": "d6bf85533180720680544a0791c7334e315c4fd6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -238,20 +224,18 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit": "pre-commit",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1756744479, "lastModified": 1769417433,
"narHash": "sha256-EyZXusK/wRD3V9vDh00W2Re3Eg8UQ+LjVBQrrH9dq1U=", "narHash": "sha256-0WZ7I/N9InaBHL96/qdiJxg8mqFW3vRla8Z062JmQFE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "747b7912f49e2885090c83364d88cf853a020ac1", "rev": "1902463415745b992dbaf301b2a35a1277be1584",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -263,22 +247,21 @@
}, },
"microvm": { "microvm": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1757518086, "lastModified": 1769624238,
"narHash": "sha256-qUJFqN9KGhh2nh4ksaFGfGNIuL7p+8PstjtODLbWuSk=", "narHash": "sha256-qeXiVWfblS5w/gxwklncxfXPrdpyPJ3OGvgXKekXzaM=",
"owner": "astro", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "f6e7494efa2b17deb2a69a45932d34dc205bd3bb", "rev": "43406f57d740f96428a8df14d2fba80f437ca79a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "astro", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"type": "github" "type": "github"
} }
@@ -307,11 +290,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1757891025, "lastModified": 1769302137,
"narHash": "sha256-NfiTk59huy/YK9H4W4wVwRYyiP2u86QqROM5KK4f5F4=", "narHash": "sha256-QEDtctEkOsbx8nlFh4yqPEOtr4tif6KTqWwJ37IM2ds=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "4c38a024fa32e61db2be8573e5282b15d9733a79", "rev": "a351494b0e35fd7c0b7a1aae82f0afddf4907aa8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -323,27 +306,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1757810152, "lastModified": 1768564909,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a094440e02a699be5c57453a092a8baf569bdad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1757745802,
"narHash": "sha256-hLEO2TPj55KcUFUU1vgtHE9UEIOjRcH/4QbmfHNF820=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c23193b943c6c689d70ee98ce3128239ed9e32d1", "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -353,12 +320,61 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": { "nixpkgs-unstable": {
"locked": {
"lastModified": 1769461804,
"narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1769598131,
"narHash": "sha256-e7VO/kGLgRMbWtpBqdWl0uFg8Y2XWFMdz0uUJvlML8o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fa83fd837f3098e3e678e6cf017b2b36102c7211",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"noctalia": {
"inputs": { "inputs": {
"flake-compat": [ "nixpkgs": [
"lanzaboote", "nixpkgs"
"flake-compat" ]
], },
"locked": {
"lastModified": 1769743095,
"narHash": "sha256-yZ1bR3ducegfyauYnZ6JRbLQnIwxMWM7P2PioyEtsMk=",
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"rev": "4dea7d37801d705cf977ce69fd3ee87a3c995fe5",
"type": "github"
},
"original": {
"owner": "noctalia-dev",
"repo": "noctalia-shell",
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@@ -366,11 +382,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1750779888, "lastModified": 1769069492,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=", "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d", "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -389,8 +405,9 @@
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"microvm": "microvm", "microvm": "microvm",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable" "nixpkgs-unstable": "nixpkgs-unstable",
"noctalia": "noctalia"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -401,11 +418,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754189623, "lastModified": 1769309768,
"narHash": "sha256-fstu5eb30UYwsxow0aQqkzxNxGn80UZjyehQVNVHuBk=", "narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "c582ff7f0d8a7ea689ae836dfb1773f1814f472a", "rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -417,11 +434,11 @@
"spectrum": { "spectrum": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1754675037, "lastModified": 1759482047,
"narHash": "sha256-afS08F7lfMUBR4qrBxinN1kuxu+DoHQ5TPNVp9VS/OA=", "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "586577f3015397afacd83bc185454f4cc3c8028f", "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 955, "revCount": 996,
"type": "git", "type": "git",
"url": "https://spectrum-os.org/git/spectrum" "url": "https://spectrum-os.org/git/spectrum"
}, },
@@ -444,21 +461,6 @@
"repo": "default", "repo": "default",
"type": "github" "type": "github"
} }
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

58
flake.nix
View File

@@ -9,21 +9,20 @@
{ {
description = "Kabbone's peronal NixOS Flake config"; description = "Kabbone's peronal NixOS Flake config";
inputs = # All flake references used to build my NixOS setup. These are dependencies. inputs = {
{
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; # Nix Packages
nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
microvm = { microvm = {
url = "github:astro/microvm.nix"; url = "github:microvm-nix/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
home-manager = { # User Package Management home-manager = { # User Package Management
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -47,10 +46,52 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = inputs @ { self, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }: # Function that tells my flake which to use and what do what to do with the dependencies. };
rec {
outputs = {
self,
nixpkgs,
nixpkgs-unstable,
nixos-hardware,
home-manager,
home-manager-unstable,
agenix,
jovian-nixos,
microvm,
impermanence,
lanzaboote,
...
} @ inputs: rec {
inherit (self) outputs;
systems = [
# "aarch64-linux"
"x86_64-linux"
];
forAllSystems = nixpkgs.lib.genAttrs systems;
#in {
# Your custom packages
# Accessible through 'nix build', 'nix shell', etc
packages = forAllSystems (system: import ./packages nixpkgs.legacyPackages.${system});
# Formatter for your nix files, available through 'nix fmt'
# Other options beside 'alejandra' include 'nixpkgs-fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages.${system}.alejandra);
# Your custom packages and modifications, exported as overlays
overlays = import ./overlays {inherit inputs;};
# Reusable nixos modules you might want to export
# These are usually stuff you would upstream into nixpkgs
#nixosModules = import ./modules/kabbone;
# Reusable home-manager modules you might want to export
# These are usually stuff you would upstream into home-manager
#homeManagerModules = import ./modules/home-manager;
nixosConfigurations = ( # NixOS configurations nixosConfigurations = ( # NixOS configurations
import ./hosts { # Imports ./hosts/default.nix import ./hosts { # Imports ./hosts/default.nix
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
@@ -59,6 +100,7 @@
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
} }
); );
hydraJobs = { hydraJobs = {
"steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel; "steamdeck" = nixosConfigurations.steamdeck.config.system.build.toplevel;
"hades" = nixosConfigurations.hades.config.system.build.toplevel; "hades" = nixosConfigurations.hades.config.system.build.toplevel;
@@ -69,6 +111,4 @@
"dmz" = nixosConfigurations.dmz.config.system.build.toplevel; "dmz" = nixosConfigurations.dmz.config.system.build.toplevel;
}; };
}; };
} }

14
hosts/configuration_desktop.nix
View File

@@ -47,6 +47,7 @@
}; };
security = { security = {
pam.services.login.enableGnomeKeyring = true;
rtkit.enable = true; rtkit.enable = true;
pki.certificateFiles = [ pki.certificateFiles = [
./rootCA.pem ./rootCA.pem
@@ -160,18 +161,9 @@
programs = { # No xbacklight, this is the alterantive programs = { # No xbacklight, this is the alterantive
zsh.enable = true; zsh.enable = true;
dconf.enable = true; dconf.enable = true;
ssh = {
startAgent = true;
agentTimeout = "1h";
};
}; };
#xdg.portal = { # Required for flatpak
# enable = true;
# extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
#};
nix = { # Nix Package Manager settings nix = { # Nix Package Manager settings
settings ={ settings ={
auto-optimise-store = true; # Optimise syslinks auto-optimise-store = true; # Optimise syslinks
@@ -187,6 +179,10 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; # Allow proprietary software. nixpkgs.config.allowUnfree = true; # Allow proprietary software.
nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16"
"mbedtls-2.28.10"
];
system = { # NixOS settings system = { # NixOS settings
autoUpgrade = { # Allow auto update autoUpgrade = { # Allow auto update

24
hosts/default.nix
View File

@@ -96,28 +96,6 @@ in
]; ];
}; };
nbf5 = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix; };
modules = [
agenix.nixosModules.default
./nbf5
./configuration_server.nix
../modules/hardware/hydraCache.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
home-manager.nixosModules.home-manager {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.extraSpecialArgs = { inherit user; };
home-manager.users.${user} = {
imports = [(import ./home_server.nix)] ++ [(import ./nbf5/home.nix)];
};
}
];
};
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system; inherit system;
specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; }; specialArgs = { inherit inputs pkgs-stable user location nixos-hardware agenix jovian-nixos lanzaboote; };
@@ -165,7 +143,7 @@ in
kabtop = lib.nixosSystem { # Desktop profile kabtop = lib.nixosSystem { # Desktop profile
inherit system; inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs impermanence; }; specialArgs = { inherit inputs user location nixos-hardware agenix nixpkgs pkgs-unstable impermanence; };
modules = [ modules = [
agenix.nixosModules.default agenix.nixosModules.default
microvm.nixosModules.host microvm.nixosModules.host

31
hosts/desktop/default.nix
View File

@@ -17,12 +17,12 @@
# └─ default.nix # └─ default.nix
# #
{ config, nixpkgs, pkgs, user, lib, pkgs-kabbone, ... }: { inputs, lib, config, pkgs, user, nixpkgs, pkgs-kabbone, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager
(import ../../modules/wm/virtualisation) ++ # libvirt + Docker (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
#[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum #[(import ../../modules/kabbone/corosync-qdevice.nix)] ++ # corosync qdevice quorum
@@ -57,7 +57,7 @@
environment = { environment = {
systemPackages = [ systemPackages = [
pkgs.linux-firmware pkgs.linux-firmware
pkgs-kabbone.corosync-qdevice #pkgs-kabbone.corosync-qdevice
]; ];
}; };
@@ -77,7 +77,28 @@
enable = true; enable = true;
motherboard = "amd"; motherboard = "amd";
}; };
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
}; };
} }

3
hosts/desktop/home.nix
View File

@@ -17,7 +17,7 @@
imports = imports =
[ [
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager ../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -30,7 +30,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
#nheko #nheko
pulsemixer pulsemixer
#yubioath-flutter #yubioath-flutter

2
hosts/dmz/hardware-configuration.nix
View File

@@ -83,7 +83,7 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "ens18"; matchConfig.Name = "ens18";
ntp = [ "192.168.101.1" ]; ntp = [ "192.168.101.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

11
hosts/home.nix
View File

@@ -55,15 +55,17 @@
# Apps # Apps
galculator galculator
tdesktop telegram-desktop
hdparm hdparm
python3Full python3
android-tools android-tools
calibre calibre
mtpfs mtpfs
vimiv-qt vimiv-qt
freecad freecad
discord discord
vesktop
element-desktop
# Fileanagement # Fileanagement
kdePackages.ark kdePackages.ark
@@ -80,7 +82,6 @@
gimp gimp
# Flatpak # Flatpak
prusa-slicer
#vscodium #vscodium
(vscode-with-extensions.override { (vscode-with-extensions.override {
vscode = vscodium; vscode = vscodium;
@@ -89,8 +90,8 @@
github.copilot github.copilot
#ms-python.python #ms-python.python
ms-vscode.cpptools ms-vscode.cpptools
dracula-theme.theme-dracula catppuccin.catppuccin-vsc-icons
catppuccin.catppuccin-vsc
]; ];
}) })

2
hosts/home_server.nix
View File

@@ -42,7 +42,7 @@
# Apps # Apps
hdparm hdparm
python3Full python3
# File Management # File Management
rsync # Syncer $ rsync -r dir1/ dir2/ rsync # Syncer $ rsync -r dir1/ dir2/

13
hosts/jupiter/hardware-configuration.nix
View File

@@ -195,10 +195,21 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "ens18"; matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;
IPv6PrivacyExtensions=false;
};
ipv6AcceptRAConfig = {
DHCPv6Client = "always";
UseDNS = true;
};
dhcpV4Config = {
UseDNS = true;
};
dhcpV6Config = {
UseDNS = true;
}; };
}; };
}; };

2
hosts/kabtop/default.nix
View File

@@ -17,7 +17,7 @@
# └─ default.nix # └─ default.nix
# #
{ config, pkgs, user, agenix, impermanence, ... }: { config, pkgs, pkgs-unstable, user, agenix, impermanence, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files

2
hosts/kubemaster-1/hardware-configuration.nix
View File

@@ -83,7 +83,7 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "enp0s31f6"; matchConfig.Name = "enp0s31f6";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

34
hosts/lifebook/default.nix
View File

@@ -17,14 +17,13 @@
# └─ default.nix # └─ default.nix
# #
{ lib, config, pkgs, user, ... }: { inputs, lib, config, pkgs, user, ... }:
{ {
imports = # For now, if applying to other system, swap files imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix [(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/hyprland/default.nix)] ++ # Window Manager [(import ../../modules/wm/niri/default.nix)] ++ # Window Manager
[(import ../../modules/wm/sway/default.nix)] ++ # Window Manager (import ../../modules/wm/virtualisation) ++ # libvirt + Docker
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options [(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # kvm module options
(import ../../modules/hardware); # Hardware devices (import ../../modules/hardware); # Hardware devices
@@ -55,6 +54,7 @@
systemPackages = with pkgs; [ systemPackages = with pkgs; [
linux-firmware linux-firmware
intel-media-driver intel-media-driver
intel-compute-runtime
]; ];
}; };
@@ -64,7 +64,7 @@
systemd.sleep.extraConfig = "HibernateDelaySec=1h"; systemd.sleep.extraConfig = "HibernateDelaySec=1h";
services = { services = {
logind.lidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed logind.settings.Login.HandleLidSwitch = "suspend-then-hibernate"; # Laptop does not go to sleep when lid is closed
blueman.enable = true; blueman.enable = true;
avahi = { # Needed to find wireless printer avahi = { # Needed to find wireless printer
enable = true; enable = true;
@@ -76,6 +76,28 @@
}; };
}; };
#tailscale.enable = true; #tailscale.enable = true;
syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"jupiter.home.opel-online.de" = { id = "T53WU6Z-3NT74ZE-PZVZB2N-7FBTZ5K-HESC2ZM-W4ABDAS-NWXHTGI-ST4CDQR"; };
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/home/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "jupiter.home.opel-online.de" "hades.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
}; };
} }

3
hosts/lifebook/hardware-configuration.nix
View File

@@ -34,7 +34,8 @@
kernelModules = [ "kvm-intel" ]; kernelModules = [ "kvm-intel" ];
kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ]; kernelParams = [ "luks.options=fido2-device=auto" "sysrq_always_enabled=1" "pcie_aspm=force" ];
extraModprobeConfig = '' extraModprobeConfig = ''
options i915 enable_guc=3 options i915 force_probe=!9a49
options xe force_probe=9a49
''; '';
tmp.useTmpfs = false; tmp.useTmpfs = false;
tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;

3
hosts/lifebook/home.nix
View File

@@ -17,7 +17,7 @@
imports = imports =
[ [
#../../modules/wm/hyprland/home.nix # Window Manager #../../modules/wm/hyprland/home.nix # Window Manager
../../modules/wm/sway/home.nix # Window Manager ../../modules/wm/niri/home.nix # Window Manager
../../modules/home.nix # Window Manager ../../modules/home.nix # Window Manager
]; ];
@@ -30,7 +30,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
intel-gpu-tools intel-gpu-tools
pulsemixer pulsemixer

2
hosts/nasbackup/hardware-configuration.nix
View File

@@ -201,7 +201,7 @@
"10-lan" = { "10-lan" = {
matchConfig.Name = "ens18"; matchConfig.Name = "ens18";
ntp = [ "192.168.2.1" ]; ntp = [ "192.168.2.1" ];
#domains = [ "home.opel-online.de" ]; domains = [ "home.opel-online.de" ];
networkConfig = { networkConfig = {
DHCP = "yes"; DHCP = "yes";
IPv6AcceptRA = true; IPv6AcceptRA = true;

1
hosts/steamdeck/home.nix
View File

@@ -35,7 +35,6 @@
thunderbird thunderbird
streamlink streamlink
streamlink-twitch-gui-bin streamlink-twitch-gui-bin
element-desktop
pulsemixer pulsemixer
#yuzu-early-access #yuzu-early-access

21
modules/programs/alacritty.nix
View File

@@ -13,17 +13,16 @@
programs = { programs = {
alacritty = { alacritty = {
enable = true; enable = true;
package = pkgs.alacritty; #settings = {
settings = { # env.term = "screen-256color";
env.term = "screen-256color"; # font = rec { # Font - Laptop has size manually changed at home.nix
font = rec { # Font - Laptop has size manually changed at home.nix # #normal.family = "FiraCode Nerd Font";
#normal.family = "FiraCode Nerd Font"; # normal.family = "Cascadia Code";
normal.family = "Cascadia Code"; # #normal.family = "Intel One Mono";
#normal.family = "Intel One Mono"; # #bold = { style = "Bold"; };
#bold = { style = "Bold"; }; # # size = 8;
# size = 8; # };
}; #};
};
}; };
}; };
} }

2
modules/programs/default.nix
View File

@@ -11,7 +11,7 @@
# #
[ [
./alacritty.nix # ./alacritty.nix
# ./rofi.nix # ./rofi.nix
./firefox.nix ./firefox.nix
#./waybar.nix #./waybar.nix

2
modules/programs/firefox.nix
View File

@@ -18,7 +18,7 @@
# ExtensionSettings = {}; # ExtensionSettings = {};
# }; # };
#}; #};
package = pkgs.firefox-wayland; # package = pkgs.firefox-wayland;
# profiles.kabbone = { # profiles.kabbone = {
# #id = 271987; # #id = 271987;
# name = "kabbone"; # name = "kabbone";

7
modules/services/default.nix
View File

@@ -11,14 +11,15 @@
# #
[ [
./dunst.nix #./dunst.nix
./flameshot.nix #./flameshot.nix
#./picom.nix #./picom.nix
#./polybar.nix #./polybar.nix
#./sxhkd.nix #./sxhkd.nix
#./udiskie.nix #./udiskie.nix
#./redshift.nix #./redshift.nix
./kanshi.nix #./kanshi.nix
./keyring.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

14
modules/services/keyring.nix Normal file
View File

@@ -0,0 +1,14 @@
#
# Screenshots
#
{ pkgs, user, ... }:
{
services = { # sxhkd shortcut = Printscreen button (Print)
gnome-keyring = {
enable = true;
};
};
home.packages = with pkgs; [ gcr seahorse ];
}

1
modules/services/nas/default.nix
View File

@@ -14,6 +14,7 @@
./nfs.nix ./nfs.nix
./nginx.nix ./nginx.nix
./vaultwarden.nix ./vaultwarden.nix
./syncthing.nix
] ]
# picom, polybar and sxhkd are pulled from desktop module # picom, polybar and sxhkd are pulled from desktop module

53
modules/services/nas/syncthing.nix Normal file
View File

@@ -0,0 +1,53 @@
#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.syncthing = {
enable = true;
group = "users";
user = "kabbone";
dataDir = "/home/${config.services.syncthing.user}/Sync";
configDir = "/home/${config.services.syncthing.user}/.config/syncthing";
overrideDevices = true; # overrides any devices added or deleted through the WebUI
overrideFolders = true; # overrides any folders added or deleted through the WebUI
openDefaultPorts = true;
settings = {
devices = {
"hades.home.opel-online.de" = { id = "3VPCBVW-RH7XKFM-TWJGQHC-ZRAQ575-CQKGGKP-NAB4VXE-KCKJFUT-AMCUQQA"; };
"lifebook.home.opel-online.de" = { id = "RKPZG3H-BDUZID3-DV26MKR-UOARIQC-JBCAFXP-J5QFM4H-5EGBSM5-VEGXHQ4"; };
};
folders = {
"Sync" = { # Name of folder in Syncthing, also the folder ID
path = "/mnt/Mars/${config.services.syncthing.user}/Sync"; # Which folder to add to Syncthing
devices = [ "hades.home.opel-online.de" "lifebook.home.opel-online.de" ]; # Which devices to share the folder with
ignorePerms = false; # By default, Syncthing doesn't sync file permissions. This line enables it for this folder.
};
};
};
};
services.nginx = {
virtualHosts = {
"syncthing.home.opel-online.de" = {
useACMEHost = "home.opel-online.de";
forceSSL = true;
locations."/" = {
recommendedProxySettings = false;
proxyPass = "http://${toString config.services.syncthing.guiAddress}";
extraConfig = ''
proxy_set_header Host localhost;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
'';
};
};
};
};
}

1
modules/services/server/default.nix
View File

@@ -18,6 +18,7 @@
./matrix.nix ./matrix.nix
./coturn.nix ./coturn.nix
./hydra.nix ./hydra.nix
./mealie.nix
# ./ollama.nix # ./ollama.nix
] ]

54
modules/services/server/mealie.nix Normal file
View File

@@ -0,0 +1,54 @@
{ config, pkgs, pkgs-unstable, ... }:
{
services.mealie = {
enable = true;
#package = pkgs-unstable.mealie;
listenAddress = "127.0.0.1";
credentialsFile = config.age.secrets."services/mealie/credentialsFile".path;
settings = {
ALLOW_SIGNUP = "false";
DB_ENGINE = "postgres";
TZ = "Europe/Berlin";
PGID = "911";
PUID = "911";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"mealie.kabtop.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:9000";
};
};
};
users = {
users = {
mealie = {
uid = 911;
group = "mealie";
isSystemUser = true;
};
};
groups = {
mealie = {
gid = 911;
};
};
};
age.secrets."services/mealie/credentialsFile" = {
file = ../../../secrets/services/mealie/credentialsFile.age;
owner = "mealie";
};
security.acme.defaults.email = "webmaster@kabtop.de";
security.acme.defaults.webroot = "/var/lib/acme/acme-challenge";
security.acme.acceptTerms = true;
}

30
modules/services/server/nextcloud.nix
View File

@@ -9,15 +9,16 @@
enable = true; enable = true;
hostName = "cloud.kabtop.de"; hostName = "cloud.kabtop.de";
https = true; https = true;
package = pkgs.nextcloud31; package = pkgs.nextcloud32;
database.createLocally = false; database.createLocally = false;
notify_push.enable = false; notify_push.enable = false;
enableImagemagick = true; enableImagemagick = true;
maxUploadSize = "512M"; maxUploadSize = "512M";
caching = { caching = {
redis = true; redis = true;
apcu = false; apcu = true;
}; };
imaginary.enable = true;
settings = { settings = {
log_type = "file"; log_type = "file";
logfile = "nextcloud.log"; logfile = "nextcloud.log";
@@ -28,7 +29,7 @@
host = "/run/redis-nextcloud/redis.sock"; host = "/run/redis-nextcloud/redis.sock";
port = 0; port = 0;
}; };
"memcache.local" = "\\OC\\Memcache\\Redis"; "memcache.local" = "\\OC\\Memcache\\APCu";
"memcache.distributed" = "\\OC\\Memcache\\Redis"; "memcache.distributed" = "\\OC\\Memcache\\Redis";
"memcache.locking" = "\\OC\\Memcache\\Redis"; "memcache.locking" = "\\OC\\Memcache\\Redis";
"enable_previews" = true; "enable_previews" = true;
@@ -60,19 +61,8 @@
phpOptions = { phpOptions = {
"opcache.interned_strings_buffer" = "16"; "opcache.interned_strings_buffer" = "16";
}; };
#autoUpdateApps.enable = true;
}; };
# services.onlyoffice = {
# enable = true;
# hostname = "docs.cloud.kabtop.de";
# postgresName = "onlyoffice";
# postgresHost = "localhost";
# postgresUser = "onlyoffice";
# postgresPasswordFile = config.age.secrets."services/nextcloud/onlyofficedb".path;
# jwtSecretFile = config.age.secrets."services/nextcloud/onlyofficejwt".path;
# };
services.redis = { services.redis = {
vmOverCommit = true; vmOverCommit = true;
servers.nextcloud = { servers.nextcloud = {
@@ -89,10 +79,6 @@
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
}; };
# "${config.services.onlyoffice.hostname}" = {
# enableACME = true;
# forceSSL = true;
# };
}; };
}; };
@@ -104,14 +90,6 @@
file = ../../../secrets/services/nextcloud/adminpassFile.age; file = ../../../secrets/services/nextcloud/adminpassFile.age;
owner = "nextcloud"; owner = "nextcloud";
}; };
# age.secrets."services/nextcloud/onlyofficedb" = {
# file = ../../../secrets/services/nextcloud/onlyofficedb.age;
# owner = "onlyoffice";
# };
# age.secrets."services/nextcloud/onlyofficejwt" = {
# file = ../../../secrets/services/nextcloud/onlyofficejwt.age;
# owner = "onlyoffice";
# };
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"]; requires = ["postgresql.service"];

1
modules/services/server/postgresql.nix
View File

@@ -28,6 +28,7 @@
host whatsappdb mautrixwa localhost scram-sha-256 host whatsappdb mautrixwa localhost scram-sha-256
host telegramdb mautrixtele localhost scram-sha-256 host telegramdb mautrixtele localhost scram-sha-256
host signaldb mautrixsignal localhost scram-sha-256 host signaldb mautrixsignal localhost scram-sha-256
host mealie mealie localhost scram-sha-256
host onlyoffice onlyoffice localhost scram-sha-256 host onlyoffice onlyoffice localhost scram-sha-256
local onlyoffice onlyoffice peer local onlyoffice onlyoffice peer
local hydra all ident map=hydra-users local hydra all ident map=hydra-users

16
modules/shell/git.nix
View File

@@ -7,18 +7,20 @@
programs = { programs = {
git = { git = {
enable = true; enable = true;
userName = "Kabbone"; settings = {
userEmail = "tobias@opel-online.de"; user.name = "Kabbone";
lfs.enable = true; user.email = "tobias@opel-online.de";
};
lfs = {
enable = true;
skipSmudge = true;
};
signing = { signing = {
format = "ssh";
key = "/home/${user}/.ssh/id_ed25519_sk_rk_red"; key = "/home/${user}/.ssh/id_ed25519_sk_rk_red";
signByDefault = true; signByDefault = true;
}; };
extraConfig = {
gpg = { format = "ssh"; };
credential = { helper = "cache --timeout=3600"; };
}; };
difftastic.enable = true; difftastic.enable = true;
}; };
};
} }

BIN
modules/shell/themes/wall.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 242 KiB

5
modules/shell/zsh.nix
View File

@@ -8,7 +8,6 @@
programs = { programs = {
zsh = { zsh = {
enable = true; enable = true;
dotDir = "~/.config/zsh_nix";
autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options autosuggestion.enable = true; # Auto suggest options and highlights syntact, searches in history for options
syntaxHighlighting.enable = true; syntaxHighlighting.enable = true;
history.size = 10000; history.size = 10000;
@@ -16,11 +15,11 @@
oh-my-zsh = { # Extra plugins for zsh oh-my-zsh = { # Extra plugins for zsh
enable = true; enable = true;
plugins = [ "git" ]; plugins = [ "git" ];
custom = "$HOME/.config/zsh_nix/custom"; #custom = "$HOME/.config/zsh_nix/custom";
}; };
initContent = '' initContent = ''
if [[ $DISPLAY ]]; then if [[ $WAYLAND_DISPLAY ]]; then
[[ $- != *i* ]] && return [[ $- != *i* ]] && return
[[ -z "$TMUX" ]] && (tmux attach || tmux new-session) [[ -z "$TMUX" ]] && (tmux attach || tmux new-session)
fi fi

BIN
modules/themes/nixos-wallpaper-catppuccin-mocha.jpg LFS Normal file
View File

Binary file not shown.

2
modules/themes/wall.jpg
View File

@@ -1 +1 @@
nixos-wallpaper-catppuccin-mocha.svg nixos-wallpaper-catppuccin-mocha.jpg

693
modules/wm/niri/config.kdl Normal file
View File

@@ -0,0 +1,693 @@
// This config is in the KDL format: https://kdl.dev
// "/-" comments out the following node.
// Check the wiki for a full description of the configuration:
// https://yalter.github.io/niri/Configuration:-Introduction
// Input device configuration.
// Find the full list of options on the wiki:
// https://yalter.github.io/niri/Configuration:-Input
input {
keyboard {
xkb {
// You can set rules, model, layout, variant and options.
// For more information, see xkeyboard-config(7).
// For example:
layout "us,de"
options "grp:win_space_toggle"
// If this section is empty, niri will fetch xkb settings
// from org.freedesktop.locale1. You can control these using
// localectl set-x11-keymap.
}
// Enable numlock on startup, omitting this setting disables it.
//numlock
}
// Next sections include libinput settings.
// Omitting settings disables them, or leaves them at their default values.
// All commented-out settings here are examples, not defaults.
touchpad {
// off
tap
// dwt
// dwtp
// drag false
// drag-lock
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
scroll-method "two-finger"
// disabled-on-external-mouse
}
mouse {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "no-scroll"
}
trackpoint {
// off
// natural-scroll
// accel-speed 0.2
// accel-profile "flat"
// scroll-method "on-button-down"
// scroll-button 273
// scroll-button-lock
// middle-emulation
}
touch {
map-to-output "eDP-1"
}
// Uncomment this to make the mouse warp to the center of newly focused windows.
// warp-mouse-to-focus
// Focus windows and outputs automatically when moving the mouse into them.
// Setting max-scroll-amount="0%" makes it work only on windows already fully on screen.
focus-follows-mouse max-scroll-amount="0%"
workspace-auto-back-and-forth
}
// You can configure outputs by their name, which you can find
// by running `niri msg outputs` while inside a niri instance.
// The built-in laptop monitor is usually called "eDP-1".
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Outputs
// Remember to uncomment the node by removing "/-"!
// Lenovo main
output "DP-2" {
mode "2560x1440"
scale 1.0
transform "normal"
position x=0 y=250
variable-refresh-rate
};
// Eizo right
output "DP-3" {
mode "1920x1200"
scale 1.0
transform "270"
position x=2560 y=0
};
output "eDP-1" {
// Uncomment this line to disable this output.
// off
// Resolution and, optionally, refresh rate of the output.
// The format is "<width>x<height>" or "<width>x<height>@<refresh rate>".
// If the refresh rate is omitted, niri will pick the highest refresh rate
// for the resolution.
// If the mode is omitted altogether or is invalid, niri will pick one automatically.
// Run `niri msg outputs` while inside a niri instance to list all outputs and their modes.
mode "1920x1080"
// You can use integer or fractional scale, for example use 1.5 for 150% scale.
scale 1.2
// Transform allows to rotate the output counter-clockwise, valid values are:
// normal, 90, 180, 270, flipped, flipped-90, flipped-180 and flipped-270.
transform "normal"
// Position of the output in the global coordinate space.
// This affects directional monitor actions like "focus-monitor-left", and cursor movement.
// The cursor can only move between directly adjacent outputs.
// Output scale and rotation has to be taken into account for positioning:
// outputs are sized in logical, or scaled, pixels.
// For example, a 3840×2160 output with scale 2.0 will have a logical size of 1920×1080,
// so to put another output directly adjacent to it on the right, set its x to 1920.
// If the position is unset or results in an overlap, the output is instead placed
// automatically.
position x=0 y=0
}
cursor {
xcursor-theme "Breeze_Hacked"
xcursor-size 24
hide-when-typing
hide-after-inactive-ms 1000
}
// Settings that influence how windows are positioned and sized.
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Layout
layout {
// Set gaps around windows in logical pixels.
gaps 8
// When to center a column when changing focus, options are:
// - "never", default behavior, focusing an off-screen column will keep at the left
// or right edge of the screen.
// - "always", the focused column will always be centered.
// - "on-overflow", focusing a column will center it if it doesn't fit
// together with the previously focused column.
center-focused-column "never"
// You can customize the widths that "switch-preset-column-width" (Mod+R) toggles between.
preset-column-widths {
// Proportion sets the width as a fraction of the output width, taking gaps into account.
// For example, you can perfectly fit four windows sized "proportion 0.25" on an output.
// The default preset widths are 1/3, 1/2 and 2/3 of the output.
proportion 0.33333
proportion 0.5
proportion 0.66667
// Fixed sets the width in logical pixels exactly.
// fixed 1920
}
// You can also customize the heights that "switch-preset-window-height" (Mod+Shift+R) toggles between.
preset-window-heights {
proportion 0.5
proportion 1.0
}
// You can change the default width of the new windows.
//default-column-width { proportion 1.0; }
// If you leave the brackets empty, the windows themselves will decide their initial width.
default-column-width {}
// By default focus ring and border are rendered as a solid background rectangle
// behind windows. That is, they will show up through semitransparent windows.
// This is because windows using client-side decorations can have an arbitrary shape.
//
// If you don't like that, you should uncomment `prefer-no-csd` below.
// Niri will draw focus ring and border *around* windows that agree to omit their
// client-side decorations.
//
// Alternatively, you can override it with a window rule called
// `draw-border-with-background`.
// You can change how the focus ring looks.
focus-ring {
// Uncomment this line to disable the focus ring.
// off
// How many logical pixels the ring extends out from the windows.
width 2
// Colors can be set in a variety of ways:
// - CSS named colors: "red"
// - RGB hex: "#rgb", "#rgba", "#rrggbb", "#rrggbbaa"
// - CSS-like notation: "rgb(255, 127, 0)", rgba(), hsl() and a few others.
// Color of the ring on the active monitor.
active-color "#7fc8ff"
// Color of the ring on inactive monitors.
//
// The focus ring only draws around the active window, so the only place
// where you can see its inactive-color is on other monitors.
inactive-color "#505050"
// You can also use gradients. They take precedence over solid colors.
// Gradients are rendered the same as CSS linear-gradient(angle, from, to).
// The angle is the same as in linear-gradient, and is optional,
// defaulting to 180 (top-to-bottom gradient).
// You can use any CSS linear-gradient tool on the web to set these up.
// Changing the color space is also supported, check the wiki for more info.
//
// active-gradient from="#80c8ff" to="#c7ff7f" angle=45
// You can also color the gradient relative to the entire view
// of the workspace, rather than relative to just the window itself.
// To do that, set relative-to="workspace-view".
//
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can also add a border. It's similar to the focus ring, but always visible.
border {
// The settings are the same as for the focus ring.
// If you enable the border, you probably want to disable the focus ring.
off
width 2
active-color "#ffc87f"
inactive-color "#505050"
// Color of the border around windows that request your attention.
urgent-color "#9b0000"
// Gradients can use a few different interpolation color spaces.
// For example, this is a pastel rainbow gradient via in="oklch longer hue".
//
// active-gradient from="#e5989b" to="#ffb4a2" angle=45 relative-to="workspace-view" in="oklch longer hue"
// inactive-gradient from="#505050" to="#808080" angle=45 relative-to="workspace-view"
}
// You can enable drop shadows for windows.
shadow {
// Uncomment the next line to enable shadows.
// on
// By default, the shadow draws only around its window, and not behind it.
// Uncomment this setting to make the shadow draw behind its window.
//
// Note that niri has no way of knowing about the CSD window corner
// radius. It has to assume that windows have square corners, leading to
// shadow artifacts inside the CSD rounded corners. This setting fixes
// those artifacts.
//
// However, instead you may want to set prefer-no-csd and/or
// geometry-corner-radius. Then, niri will know the corner radius and
// draw the shadow correctly, without having to draw it behind the
// window. These will also remove client-side shadows if the window
// draws any.
//
// draw-behind-window true
// You can change how shadows look. The values below are in logical
// pixels and match the CSS box-shadow properties.
// Softness controls the shadow blur radius.
softness 30
// Spread expands the shadow.
spread 5
// Offset moves the shadow relative to the window.
offset x=0 y=5
// You can also change the shadow color and opacity.
color "#0007"
}
// Struts shrink the area occupied by windows, similarly to layer-shell panels.
// You can think of them as a kind of outer gaps. They are set in logical pixels.
// Left and right struts will cause the next window to the side to always be visible.
// Top and bottom struts will simply add outer gaps in addition to the area occupied by
// layer-shell panels and regular gaps.
struts {
// left 64
// right 64
// top 6
// bottom 64
}
}
// Add lines like this to spawn processes at startup.
// Note that running niri as a session supports xdg-desktop-autostart,
// which may be more convenient to use.
// See the binds section below for more spawn examples.
// This line starts waybar, a commonly used bar for Wayland compositors.
spawn-at-startup "noctalia-shell"
spawn-at-startup "firefox"
spawn-at-startup "element-desktop"
spawn-at-startup "thunderbird"
// To run a shell command (with variables, pipes, etc.), use spawn-sh-at-startup:
// spawn-sh-at-startup "qs -c ~/source/qs/MyAwesomeShell"
hotkey-overlay {
// Uncomment this line to disable the "Important Hotkeys" pop-up at startup.
skip-at-startup
}
// Uncomment this line to ask the clients to omit their client-side decorations if possible.
// If the client will specifically ask for CSD, the request will be honored.
// Additionally, clients will be informed that they are tiled, removing some client-side rounded corners.
// This option will also fix border/focus ring drawing behind some semitransparent windows.
// After enabling or disabling this, you need to restart the apps for this to take effect.
prefer-no-csd
// You can change the path where screenshots are saved.
// A ~ at the front will be expanded to the home directory.
// The path is formatted with strftime(3) to give you the screenshot date and time.
screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
// You can also set this to null to disable saving screenshots to disk.
// screenshot-path null
// Animation settings.
// The wiki explains how to configure individual animations:
// https://yalter.github.io/niri/Configuration:-Animations
animations {
// Uncomment to turn off all animations.
// off
// Slow down all animations by this factor. Values below 1 speed them up instead.
// slowdown 3.0
}
// Window rules let you adjust behavior for individual windows.
// Find more information on the wiki:
// https://yalter.github.io/niri/Configuration:-Window-Rules
// Work around WezTerm's initial configure bug
// by setting an empty default-column-width.
workspace "browser" {
open-on-output "DP-2"
}
workspace "chat" {
open-on-output "DP-3"
}
workspace "terminal" {
}
window-rule {
// This regular expression is intentionally made as specific as possible,
// since this is the default config, and we want no false positives.
// You can get away with just app-id="wezterm" if you want.
//match app-id=r#"^org\.wezfurlong\.wezterm$"#
match app-id="Alacritty"
match title="Firefox"
default-column-width { proportion 1.0; }
}
window-rule {
match title="Firefox"
default-column-width { proportion 1.0; }
open-on-workspace "browser"
}
window-rule {
match app-id="Element"
match app-id="thunderbird"
default-column-width { proportion 1.0; }
open-on-workspace "chat"
}
// Open the Firefox picture-in-picture player as floating by default.
window-rule {
// This app-id regular expression will work for both:
// - host Firefox (app-id is "firefox")
// - Flatpak Firefox (app-id is "org.mozilla.firefox")
match app-id=r#"firefox$"# title="^Picture-in-Picture$"
match title="galculator"
match title="OpenSSH Askpass"
open-floating true
}
// Example: block out two password managers from screen capture.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
match app-id=r#"^org\.keepassxc\.KeePassXC$"#
match app-id=r#"^org\.gnome\.World\.Secrets$"#
block-out-from "screen-capture"
// Use this instead if you want them visible on third-party screenshot tools.
// block-out-from "screencast"
}
// Example: enable rounded corners for all windows.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
binds {
// Keys consist of modifiers separated by + signs, followed by an XKB key name
// in the end. To find an XKB name for a particular key, you may use a program
// like wev.
//
// "Mod" is a special modifier equal to Super when running on a TTY, and to Alt
// when running as a winit window.
//
// Most actions that you can bind here can also be invoked programmatically with
// `niri msg action do-something`.
// Mod-Shift-/, which is usually the same as Mod-?,
// shows a list of important hotkeys.
Mod+Shift+Slash { show-hotkey-overlay; }
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return hotkey-overlay-title="Open a Terminal: alacritty" { spawn "alacritty"; }
Mod+D hotkey-overlay-title="Run an Application: fuzzel" { spawn "fuzzel"; }
XF86AudioPlay allow-when-locked=true { spawn-sh "playerctl play-pause"; }
XF86AudioStop allow-when-locked=true { spawn-sh "playerctl stop"; }
XF86AudioPrev allow-when-locked=true { spawn-sh "playerctl previous"; }
XF86AudioNext allow-when-locked=true { spawn-sh "playerctl next"; }
Mod+Alt+L { spawn-sh "noctalia-shell ipc call lockScreen lock"; }
XF86AudioLowerVolume allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume decrease"; }
XF86AudioRaiseVolume allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume increase"; }
XF86MonBrightnessUp allow-when-locked=true { spawn-sh "noctalia-shell ipc call brightness increase"; }
XF86MonBrightnessDown allow-when-locked=true { spawn-sh "noctalia-shell ipc call brightness decrease"; }
XF86AudioMute allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume muteOutput"; }
XF86AudioMicMute allow-when-locked=true { spawn-sh "noctalia-shell ipc call volume muteInput"; }
// Open/close the Overview: a zoomed-out view of workspaces and windows.
// You can also move the mouse into the top-left hot corner,
// or do a four-finger swipe up on a touchpad.
Mod+O repeat=false { toggle-overview; }
Mod+Q repeat=false { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-down; }
Mod+K { focus-window-up; }
Mod+L { focus-column-right; }
// colemak-dh
Mod+M { focus-column-left; }
Mod+N { focus-window-down; }
Mod+E { focus-window-up; }
Mod+I { focus-column-right; }
Mod+Ctrl+Left { move-column-left; }
Mod+Ctrl+Down { move-window-down; }
Mod+Ctrl+Up { move-window-up; }
Mod+Ctrl+Right { move-column-right; }
Mod+Ctrl+H { move-column-left; }
Mod+Ctrl+J { move-window-down; }
Mod+Ctrl+K { move-window-up; }
Mod+Ctrl+L { move-column-right; }
// colemak-dh
Mod+Ctrl+M { move-column-left; }
Mod+Ctrl+N { move-window-down; }
Mod+Ctrl+E { move-window-up; }
Mod+Ctrl+I { move-column-right; }
// Alternative commands that move across workspaces when reaching
// the first or last window in a column.
// Mod+J { focus-window-or-workspace-down; }
// Mod+K { focus-window-or-workspace-up; }
// Mod+Ctrl+J { move-window-down-or-to-workspace-down; }
// Mod+Ctrl+K { move-window-up-or-to-workspace-up; }
Mod+Home { focus-column-first; }
Mod+End { focus-column-last; }
Mod+Ctrl+Home { move-column-to-first; }
Mod+Ctrl+End { move-column-to-last; }
Mod+Shift+Left { focus-monitor-left; }
Mod+Shift+Down { focus-monitor-down; }
Mod+Shift+Up { focus-monitor-up; }
Mod+Shift+Right { focus-monitor-right; }
Mod+Shift+H { focus-monitor-left; }
Mod+Shift+J { focus-monitor-down; }
Mod+Shift+K { focus-monitor-up; }
Mod+Shift+L { focus-monitor-right; }
//colemak-dh
Mod+Shift+M { focus-monitor-left; }
Mod+Shift+N { focus-monitor-down; }
Mod+Shift+I { focus-monitor-up; }
Mod+Shift+O { focus-monitor-right; }
Mod+Shift+Ctrl+Left { move-column-to-monitor-left; }
Mod+Shift+Ctrl+Down { move-column-to-monitor-down; }
Mod+Shift+Ctrl+Up { move-column-to-monitor-up; }
Mod+Shift+Ctrl+Right { move-column-to-monitor-right; }
Mod+Shift+Ctrl+H { move-column-to-monitor-left; }
Mod+Shift+Ctrl+J { move-column-to-monitor-down; }
Mod+Shift+Ctrl+K { move-column-to-monitor-up; }
Mod+Shift+Ctrl+L { move-column-to-monitor-right; }
// colemak-dh
Mod+Shift+Ctrl+M { move-column-to-monitor-left; }
Mod+Shift+Ctrl+N { move-column-to-monitor-down; }
Mod+Shift+Ctrl+E { move-column-to-monitor-up; }
Mod+Shift+Ctrl+I { move-column-to-monitor-right; }
// Alternatively, there are commands to move just a single window:
// Mod+Shift+Ctrl+Left { move-window-to-monitor-left; }
// ...
// And you can also move a whole workspace to another monitor:
// Mod+Shift+Ctrl+Left { move-workspace-to-monitor-left; }
// ...
Mod+Page_Down { focus-workspace-down; }
Mod+Page_Up { focus-workspace-up; }
Mod+U { focus-workspace-down; }
//Mod+I { focus-workspace-up; }
Mod+Ctrl+Page_Down { move-column-to-workspace-down; }
Mod+Ctrl+Page_Up { move-column-to-workspace-up; }
Mod+Ctrl+U { move-column-to-workspace-down; }
//Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
Mod+Shift+U { move-workspace-down; }
//Mod+Shift+I { move-workspace-up; }
// You can bind mouse wheel scroll ticks using the following syntax.
// These binds will change direction based on the natural-scroll setting.
//
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// Similarly, you can bind touchpad scroll "ticks".
// Touchpad scrolling is continuous, so for these binds it is split into
// discrete intervals.
// These binds are also affected by touchpad's natural-scroll, so these
// example binds are "inverted", since we have natural-scroll enabled for
// touchpads by default.
// Mod+TouchpadScrollDown { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02+"; }
// Mod+TouchpadScrollUp { spawn-sh "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.02-"; }
// You can refer to workspaces by index. However, keep in mind that
// niri is a dynamic workspace system, so these commands are kind of
// "best effort". Trying to refer to a workspace index bigger than
// the current workspace count will instead refer to the bottommost
// (empty) workspace.
//
// For example, with 2 workspaces + 1 empty, indices 3, 4, 5 and so on
// will all refer to the 3rd workspace.
Mod+1 { focus-workspace "browser"; }
Mod+2 { focus-workspace "chat"; }
Mod+3 { focus-workspace "terminal"; }
Mod+4 { focus-workspace 4; }
Mod+5 { focus-workspace 5; }
Mod+6 { focus-workspace 6; }
Mod+7 { focus-workspace 7; }
Mod+8 { focus-workspace 8; }
Mod+9 { focus-workspace 9; }
Mod+Ctrl+1 { move-column-to-workspace "browser"; }
Mod+Ctrl+2 { move-column-to-workspace "chat"; }
Mod+Ctrl+3 { move-column-to-workspace "terminal"; }
Mod+Ctrl+4 { move-column-to-workspace 4; }
Mod+Ctrl+5 { move-column-to-workspace 5; }
Mod+Ctrl+6 { move-column-to-workspace 6; }
Mod+Ctrl+7 { move-column-to-workspace 7; }
Mod+Ctrl+8 { move-column-to-workspace 8; }
Mod+Ctrl+9 { move-column-to-workspace 9; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+1 { move-window-to-workspace 1; }
// Switches focus between the current and the previous workspace.
// Mod+Tab { focus-workspace-previous; }
// The following binds move the focused window in and out of a column.
// If the window is alone, they will consume it into the nearby column to the side.
// If the window is already in a column, they will expel it out.
Mod+BracketLeft { consume-or-expel-window-left; }
Mod+BracketRight { consume-or-expel-window-right; }
// Consume one window from the right to the bottom of the focused column.
Mod+Comma { consume-window-into-column; }
// Expel the bottom window from the focused column to the right.
Mod+Period { expel-window-from-column; }
Mod+R { switch-preset-column-width; }
// Cycling through the presets in reverse order is also possible.
// Mod+R { switch-preset-column-width-back; }
Mod+Shift+R { switch-preset-window-height; }
Mod+Ctrl+R { reset-window-height; }
Mod+F { maximize-column; }
Mod+Shift+F { fullscreen-window; }
// Expand the focused column to space not taken up by other fully visible columns.
// Makes the column "fill the rest of the space".
Mod+Ctrl+F { expand-column-to-available-width; }
Mod+C { center-column; }
// Center all fully visible columns on screen.
Mod+Ctrl+C { center-visible-columns; }
// Finer width adjustments.
// This command can also:
// * set width in pixels: "1000"
// * adjust width in pixels: "-5" or "+5"
// * set width as a percentage of screen width: "25%"
// * adjust width as a percentage of screen width: "-10%" or "+10%"
// Pixel sizes use logical, or scaled, pixels. I.e. on an output with scale 2.0,
// set-column-width "100" will make the column occupy 200 physical screen pixels.
Mod+Minus { set-column-width "-10%"; }
Mod+Equal { set-column-width "+10%"; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
Mod+Shift+V { switch-focus-between-floating-and-tiling; }
// Toggle tabbed column display mode.
// Windows in this column will appear as vertical tabs,
// rather than stacked on top of each other.
Mod+W { toggle-column-tabbed-display; }
// Actions to switch layouts.
// Note: if you uncomment these, make sure you do NOT have
// a matching layout switch hotkey configured in xkb options above.
// Having both at once on the same hotkey will break the switching,
// since it will switch twice upon pressing the hotkey (once by xkb, once by niri).
// Mod+Space { switch-layout "next"; }
// Mod+Shift+Space { switch-layout "prev"; }
Print { screenshot; }
Ctrl+Print { screenshot-screen; }
Alt+Print { screenshot-window; }
// Applications such as remote-desktop clients and software KVM switches may
// request that niri stops processing the keyboard shortcuts defined here
// so they may, for example, forward the key presses as-is to a remote machine.
// It's a good idea to bind an escape hatch to toggle the inhibitor,
// so a buggy application can't hold your session hostage.
//
// The allow-inhibiting=false property can be applied to other binds as well,
// which ensures niri always processes them, even when an inhibitor is active.
Mod+Escape allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; }
// The quit action will show a confirmation dialog to avoid accidental exits.
Mod+Shift+E { quit; }
Ctrl+Alt+Delete { quit; }
// Powers off the monitors. To turn them back on, do any input like
// moving the mouse or pressing any other key.
Mod+Shift+P { power-off-monitors; }
}
include "./noctalia.kdl"

67
modules/wm/niri/default.nix Normal file
View File

@@ -0,0 +1,67 @@
#
# Sway configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ default.nix
# └─ ./modules
# └─ ./desktop
# └─ ./hyprland
# └─ hyprland.nix *
#
{ config, inputs, lib, user, pkgs, ... }:
{
imports = [ ../noctalia.nix ];
environment = {
systemPackages = with pkgs; [
alacritty
xdg-desktop-portal-gnome
xdg-desktop-portal-gtk
swaylock
swayidle
slurp
grim
lxqt.lxqt-openssh-askpass
clinfo
glib
brightnessctl
playerctl
xwayland-satellite
breeze-hacked-cursor-theme
];
loginShellInit = ''
export GTK_IM_MODULE="simple"
export ELECTRON_OZONE_PLATFORM_HINT="auto"
export NIXOS_OZONE_WL="1"
export WLR_RENDERER="vulkan"
export _JAVA_AWT_WM_NONREPARENTING="1"
'';
};
services = {
iio-niri = {
enable = false;
};
greetd = {
enable = true;
useTextGreeter = true;
settings = {
default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --time --cmd niri-session";
};
};
};
};
programs = {
niri.enable = true;
ssh.enableAskPassword = true;
ssh.askPassword = "${pkgs.lxqt.lxqt-openssh-askpass}/bin/lxqt-openssh-askpass";
};
security.pam.services.swaylock = {};
}

47
modules/wm/niri/home.nix Normal file
View File

@@ -0,0 +1,47 @@
#
# Sway NixOS & Home manager configuration
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ └─ home.nix
# └─ ./modules
# └─ ./desktop
# └─ ./sway
# └─ home.nix *
#
{ config, lib, pkgs, ... }:
{
programs = {
swaylock = {
enable = true;
settings = {
color = "000000";
image = "$HOME/.config/lockwall";
indicator-caps-lock = true;
show-keyboard-layout = true;
};
};
};
services = {
swayidle = {
enable = true;
events = [
{ event = "before-sleep"; command = "${pkgs.swaylock}/bin/swaylock"; }
{ event = "lock"; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
];
timeouts = [
{ timeout = 300; command = "${pkgs.swaylock}/bin/swaylock -fF"; }
{ timeout = 600; command = "${pkgs.niri}/bin/niri msg action power-off-monitors"; }
];
};
};
xdg.configFile = {
"niri/config.kdl".source = ./config.kdl;
};
}

188
modules/wm/noctalia.nix Normal file
View File

@@ -0,0 +1,188 @@
#
# Bar
#
{ config, pkgs, inputs, user, ...}:
{
# install package
environment.systemPackages = with pkgs; [
pwvucontrol
# ... maybe other stuff
];
services = {
tuned.enable = true;
upower.enable = true;
};
home-manager.users.${user} = { # Home-manager waybar config
# import the home manager module
imports = [
inputs.noctalia.homeModules.default
];
services = {
mako.enable = true; # notification daemon
polkit-gnome.enable = true; # polkit
};
# configure options
programs = {
fuzzel = {
enable = true; # Super+D in the default setting (app launcher)
};
noctalia-shell = {
enable = true;
# enable the systemd service
systemd.enable = true;
settings = {
# configure noctalia here
appLauncher = {
terminalCommand = "alacritty -e";
};
bar = {
density = "compact";
position = "top";
showCapsule = false;
widgets = {
left = [
{
id = "ControlCenter";
useDistroLogo = true;
}
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "none";
}
{
id = "ActiveWindow";
}
];
center = [
{
formatHorizontal = "HH:mm";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
right = [
{
id = "MediaMini";
}
{
id = "SystemMonitor";
showNetworkStats = true;
compactMode = false;
}
{
id = "WiFi";
}
{
id = "Bluetooth";
}
{
id = "Battery";
warningThreshold = 20;
displayMode = "alwaysShow";
}
{
id = "Volume";
displayMode = "alwaysShow";
}
{
id = "NotificationHistory";
hideWhenZero = true;
}
{
id = "Tray";
}
];
};
};
colorSchemes.predefinedScheme = "Catppuccin";
general = {
avatarImage = "/home/kabbone/.face";
radiusRatio = 0.2;
lockOnSusepnd = true;
};
location = {
monthBeforeDay = true;
name = "Munich, Germany";
showWeekNumberInCalendar = true;
firstDayOfWeek = 0;
};
wallpaper = {
enabled = true;
overviewEnabled = false;
directory = "/home/${user}/.setup/modules/themes/";
};
brightness = {
enforceMinimum = true;
brightnessStep = 5;
};
controlCenter = {
shortcuts = {
left = [
{
id = "WiFi";
}
{
id = "Bluetooth";
}
{
id = "ScreenRecorder";
}
{
id = "PowerProfile";
}
{
id = "KeepAwake";
}
];
};
};
dock = {
enabled = false;
};
sessionMenu = {
enableCountdown = false;
};
templates = {
fuzzel = true;
alacritty = true;
qt = true;
gtk = true;
discord = true;
code = true;
telegram = true;
niri = true;
firefox = true;
};
};
};
};
home.file.".cache/noctalia/wallpapers.json" = {
text = builtins.toJSON {
defaultWallpaper = "/home/${user}/.setup/modules/themes/wall.jpg";
};
};
};
}

3
modules/wm/sway/home.nix
View File

@@ -108,7 +108,7 @@
assigns = { assigns = {
"workspace number 1" = [{ app_id = "thunderbird"; }]; "workspace number 1" = [{ app_id = "thunderbird"; }];
"workspace number 2" = [{ app_id = "firefox"; }]; "workspace number 2" = [{ app_id = "firefox"; }];
"workspace number 3" = [{ class = "Element"; }]; "workspace number 3" = [{ app_id = "Element"; }];
}; };
window.commands = [ window.commands = [
@@ -276,7 +276,6 @@
}; };
rofi = { rofi = {
enable = true; enable = true;
package = pkgs.rofi-wayland;
extraConfig = { extraConfig = {
modi = "window,drun,ssh"; modi = "window,drun,ssh";
kb-primary-paste = "Control+V,Shift+Insert"; kb-primary-paste = "Control+V,Shift+Insert";

193
modules/wm/virtualisation/qemu.nix
View File

@@ -14,11 +14,6 @@
#qemuPackage = pkgs.qemu_kvm; # Default #qemuPackage = pkgs.qemu_kvm; # Default
qemu = { qemu = {
runAsRoot = false; runAsRoot = false;
ovmf.enable = true;
# ovmf.packages = [ pkgs.OVMFFull ];
# verbatimConfig = ''
# nvram = [ "${pkgs.OVMF}/FV/OVMF_CODE.fd:${pkgs.OVMF}/FV/OVMF_VARS.fd" ]
# '';
}; };
}; };
spiceUSBRedirection.enable = true; # USB passthrough spiceUSBRedirection.enable = true; # USB passthrough
@@ -31,197 +26,13 @@
virt-viewer virt-viewer
qemu qemu
OVMF OVMF
OVMF-cloud-hypervisor
gvfs # Used for shared folders between linux and windows gvfs # Used for shared folders between linux and windows
cloud-hypervisor
]; ];
}; };
services = { # Enable file sharing between OS services = { # Enable file sharing between OS
gvfs.enable = true; gvfs.enable = true;
}; };
#boot ={
# kernelParams = [ "intel_iommu=on" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd" ]; # or amd_iommu (cpu)
# kernelModules = [ "vendor-reset" "vfio" "vfio_iommu_type1" "vfio_pci" "vfio_virqfd"];
# extraModulePackages = [ config.boot.kernelPackages.vendor-reset ]; # Presumably fix for GPU Reset Bug
# extraModprobeConfig = "options vfio-pci ids=1002:67DF,1002:AAF0"; # grep PCI_ID /sys/bus/pci/devices/*/uevent
# kernelPatches = [
# {
# name = "vendor-reset-reqs-and-other-stuff";
# patch = null;
# extraConfig = ''
# FTRACE y
# KPROBES y
# FUNCTION_TRACER y
# HWLAT_TRACER y
# TIMERLAT_TRACER y
# IRQSOFF_TRACER y
# OSNOISE_TRACER y
# PCI_QUIRKS y
# KALLSYMS y
# KALLSYMS_ALL y
# '';
# }
# ];
#};
} }
#SHARED FOLDER
#FOR WINDOWS
# 3 options:
#
# 1. Make use of host samba server
# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
# 1.1 On host, set a password for the autentication of the samba server
# 1.2 $ smbpasswd -a <user>
# 1.3 Give password twice
# 1.4 On windows, open file explorer, right click "This PC", Map network drive...
# 1.5 fill in address: \\<ip-address>\share
# 1.6 Log in with details entered beforehand
#
# 2. Since this setup make use of iommu, you can pass through external usb hard drives or a specific PCI storage devices
# 2.1 Open details of virtual desktop in virt-manager
# 2.2 Add hardware
# 2.3 USB Host Device
# 2.4 Select device and launch virtual desktop
#
# 3. Set up shared folders in windows guest that can be accessed by host
# 3.0. Enable above service gvfs (this is used in the file manager to actually connect to the windows directory)
# 3.1. Log in to Windows
# 3.2. Go to "Network and Sharing Center"
# 3.3. Click "Change advanced sharing settings" and enable all settings for Private, Guest or Public and All Networks
# 3.3.1. Under "All Networks" you can disable "Password protected sharing" but it seems for optimal use, it's better to still give the password in the file manager
# 3.4. (possibly optional), select a folder and click "Properties", "Sharing", "Advanced Sharing"
# 3.4.1. Enable "Share this file"
# 3.4.2. Under "Permissions", allow full control. Apply
# 3.5. Click "Share" and use de drop down to add "Everyone" and change "Permission Level" to "Read/Write". Share, Done
# 3.6. Search for services and open menu
# 3.6.1. Search for below serices. Right click and select "Properties". "Startup type" = Automatic
# 3.6.1.1. SSDP Discovery
# 3.6.1.2. uPnPDevice Host
# 3.6.1.3. Functions Discovery Provider Host
# 3.6.1.4. Functions Discovery Resource Publication
# 3.7. Find IP of virtual device and make sure you can ping it.
# 3.8. In file manager add connection
# 3.8.1. For example in PCManFM
# 3.8.2. Search for smb://*ip*/
# 3.8.3. You can even specify specific folder smb://*ip*/users/Matthias/Desktop/share
# 3.8.4. If prompted to log in, do it, otherwise it might close on its own.
# 3.9. If there are any issues, maybe disable firewall on guest
# 3.10. Recommended to bookmark location for later
# Note:
# There is no passthrough, its recommended to install the windows kvm guest drivers.
# Can be found on github.com/virtio-win/virtio-win-pkg-scripts/blob/master/README.md
# Add this as CD storage in virt manager
# It can than be accest in the windows and the guest driver exe's can be run.
# Also, change video in virt-manager to virtio. This will fix the resolution
#FOR LINUX
# 2 options
#
# 1. Make use of host samba server
# 1.0 Samba is installed by default. The network-shared folder is at /home/<user>/share.
# 1.1 On host, set a password for the autentication of the samba server
# 1.2 $ smbpasswd -a <user>
# 1.3 Give password twice
# 1.4 On virtual machine open file manager
# 1.5 Search for smb://<ip-address>/share
# 1.6 Log in with details entered beforehand
#
# 2. Passing through a filesystem
# 2.1 Open details of virtual desktop on virt-manager
# 2.2 Add hardware
# 2.3 Select Filesystem: Type = mount / Mode = mapped / Source path = /home/<user>/share / Target path = /sharepoint
# 2.4 Boot into virtual machine
# 2.5 Create a directory to mount /sharepoint
# 2.6 $ sudo mount -t 9p -o trans=virtio /sharepoint /<mountpoint>
#SINGLE GPU PASSTHROUGH
# General Guide: gitlab.com/risingprismtv/single-gpu-passthrough/-/wikis/home
# 1. Download ISO
# 2. Download latest Video BIOS from techpowerup.com/vgabios (Sapphire RX580 8Gb)
# 2.1. $ Sudo mkdir /var/lib/libvirt/vbios/
# 2.2. $ Sudo mv ~/Downloads/*.rom /var/lib/libvirt/vbios/GPU.rom
# 2.3. $ Cd /var/lib/libvirt/vbios/
# 2.4. $ Sudo chmod -R 660 GPU.rom
# 3. Launch virt-manager
# 4. File - Add Connection
# 5. Create Virtual Machine
# 5.1 Select ISO and mark it as win10
# 5.2 Give temporary RAM
# 5.3 Customize configuration before install
# 5.4 Overview - Firmware - UEFI x86_64: /usr/*/OVMF_CODE.fd
# 5.5 Allow XML Editing via Edit - Preferences
# 5.6 Edit XML - Remove rtc & pit line. Change hpet to "yes"
# 6. Start Installation (let it run without interference and do steps below)
# 6.1 Press Esc, type exit, select boot-manager DVD ROM
# 6.2 Do installation, select Pro version.
# 6.3 Install hooks (Step 7 in guide)
# 7. Close VM
# 8. Edit VM
# 8.1 Remove everything spice (Display, Video QXL, Serial, Channel Spice)
# 8.2 Remove CD Rom
# 8.3 Add PCI hardware (GPU: 01:00:0 & 01:00:1 (most likely))
# 8.3 Add Mouse, Keyboard (PCI USB Controller in PCI Host Device or USB Host Device)
# 9. Select GPU and open XML
# 9.1 Add line "<rom file='/var/lib/libvirt/vbios/GPU.rom'/>" under "</source>"
# 9.2 Do for both 01:00:0 and 01:00:1
# 10. Edit CPU
# 10.1 Disable "Copy host CPU configuration" and select "host-passthrough"
# 10.2 Edit topology: Sockets=1 Cores=Total/2 Threads=2
# 10.3 Edit XML cpu under topology
# 10.3.1 Add "<feature policy='require' name='topoext'/>" for AMDCPU
# 10.3.2 Add "<feature policy='disable' name='smep'/>" for Intel CPU
# 11 Change memory to prefered (12GB for 16GB Total)
# 12 Start VM
# 13 Install correct video drivers
#MACOS ON VIRT-MANAGER
# General Guide: nixos.wiki/wiki/OSX-KVM
# Repository: github.com/kholia/OSX-KVM
# IMPORTANT: if you wish to start the virtual machine with virt-manager gui, clone to /home/<user>/.
# 1. git clone https://github.com/kholia/OSX-KVM
# 2. create a shell.nix (maybe best to store inside cloned directory)
# 3. shell.nix content:
# with import <nixpkgs> {};
# mkShell {
# buildInputs = [
# qemu
# python3
# iproute2
# ];
# }
# 4. In nixos configuration add:
# virtualisation.libvirtd.enable = true;
# users.extraUsers.<user>.extraGroups = [ "libvirtd" ];
# boot.extraModprobeConfig = ''
# options kvm_intel nested=1
# options kvm_intel emulate_invalid_guest_state=0
# options kvm ignore_msrs=1
# '';
# 5. Run the shell: $ nix-shell
# 6. As mentioned in the README, run ./fetch-macOS.py
# 6.1 Can be a specific version
# 7. Create base image for the macOs installer
# 8. $ qemu-img convert BaseSystem.dmg -O raw BaseSystem.img
# 9. Create disk for macOS
# 9.1 $ qemu-img create -f qcow2 mac_hdd_ng.img 128G
# 10. Set up networking. If something like virbr0 does not get detected start virt-manager. Commands:
# $ sudo ip tuntap add dev tap0 mode tap
# $ sudo ip link set tap0 up promisc on
# $ sudo ip link set dev virbr0 up
# $ sudo ip link set dev tap0 master virbr0
# 11. Boot the system
# 11.1 $ ./OpenCore-Boot.sh
# 12. Choose the first option to start the MacOS installer: macOS Base Systen
# 12.1 Use Disk Utility to esase the correct drive.
# 13. Go back and select the option to reinstall macOS
# 13.1 After the initial installation, a reboot will happen. Do nothing and wait or select the second option 'MacOs install'.
# 13.2 This will finalize the installaton but it will probably reboot multiple times. The second option will now have changed to the name of your drive. Use this as the boot option
# 14. To add the installation to virt-manager:
# 14.1 $ sed "s/CHANGEME/$USER/g" macOS-libvirt-Catalina.xml > macOS.xml
# 14.2 Inside macOS.xml change the emulator from /usr/bin/qemu-system-x86_64 to /run/libvirt/nix-emulators/qemu-system-x86_64
# 14.3 $ virt-xml-validate macOS.xml
# 15. $ virsh --connect qemu:///system define macOS.xml
# 16.(optional if permission is needed to the libvirt-qemu user)
# 16.1 $ sudo setfacl -m u:libvirt-qemu:rx /home/$USER
# 16.2 $ sudo setfacl -R -m u:libvirt-qemu:rx /home/$USER/OSX-KVM

19
overlays/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{inputs, ...}: {
# This one brings our custom packages from the 'pkgs' directory
additions = final: _prev: import ../pkgs {pkgs = final;};
modifications = final: prev: {
mealie = final.unstable.mealie;
};
# When applied, the unstable nixpkgs set (declared in the flake inputs) will
# be accessible through 'pkgs.unstable'
unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable {
system = final.system;
config.allowUnfree = true;
};
};
}

2
packages/build.sh Normal file
View File

@@ -0,0 +1,2 @@
➜ nix-build -j16 -E 'with import <nixpkgs> {}; callPackage ./corosync-qdevice.nix {}'

2
packages/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
corosync-qdevice = pkgs.callPackage ./corosync-qdevice.nix {}; # corosync-qdevice = pkgs.callPackage ./corosync-qdevice.nix {};
} }

BIN
secrets/keys/nixremote.age
View File

Binary file not shown.

BIN
secrets/keys/nixservepriv.age
View File

Binary file not shown.

3
secrets/secrets.nix
View File

@@ -72,10 +72,9 @@ in
"services/matrix/mautrix-signal.age".publicKeys = servers ++ users; "services/matrix/mautrix-signal.age".publicKeys = servers ++ users;
"services/nextcloud/adminpassFile.age".publicKeys = servers ++ users; "services/nextcloud/adminpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficedb.age".publicKeys = servers ++ users;
"services/nextcloud/onlyofficejwt.age".publicKeys = servers ++ users;
"services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users;
"services/gitea/mailerPassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users;
"services/mealie/credentialsFile.age".publicKeys = servers ++ users;
"services/gitea/homerunner-token.age".publicKeys = homerunners ++ users; "services/gitea/homerunner-token.age".publicKeys = homerunners ++ users;
"services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users; "services/gitea/serverrunner-token.age".publicKeys = serverrunners ++ users;
"services/vaultwarden/environment.age".publicKeys = homeServices ++ users; "services/vaultwarden/environment.age".publicKeys = homeServices ++ users;

BIN
secrets/services/acme/opel-online.age
View File

Binary file not shown.

38
secrets/services/coturn/static-auth.age
View File

@@ -1,21 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 WiIaQQ AymECXbz1LoDnspQJuoEkmSv7NYun50XgBHyHjknIEM -> ssh-ed25519 WiIaQQ 0L6Q7RQJaJTeeKDVSr6VxGonGkUdyF8mKx05C17uOjo
A0MMvf1OceTyITMeFpJ9T81HEmJq6qHszvuu3kkKzh4 pn3vf/e7nLWfzzrGd2NCyp+xBLY7EEMrVi5Yqzv329o
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
QtDZth2T+T1KeLPiZiK2lWMRVTZnbaKy8LsSNSY7gila0pmjkbrR8c9NY+Duupga DwlLrPYOnIHzAm+wY9T1Oc8jW86RgDm6w9M2KA8C7XWoMSheiKpB1S/Ii3kPVkOz
udMg4Dg3DLLMHsgpQrd1CxgdTO8MuIRGQBGnzws9D4ky/sy3VJ4RzpZ8YDWzCqTF 5L9QfJVYrz+9yApL8akUTS+UkKWj5rLKHrEXgdfzGxqt3T16Si/zvQgMR9fOO5mx
Qto5Mv6pAabVkRNju9zx9wi/USvl+eSNrg4fqY//nzMbBr1SIuIAr8mAR1oIewe9 +cDXBnyD8ufkUCdDZvIaH0fyU94q0HaNgkjd0juDOaYd3hE6usF3l4IWAqhZwfT0
gYMJOFoxPSCI01PduN4IVvuM23CPPYBywgo5SzcbWijNFopLhP+q5XH0sShRWJxl Sm54OCH+Y0YSIAA9AVscx3qopU5ZJjXFsRXzvOhQGMm6u1jIsiyHrcu13+hYo+wJ
YNHlbaTl35BbrsVW4Da1wo1NNa2PJ5euMaipi7kHpik1lQp34PTm845rhU0ce3eD jkHbDNFWV6PGtVmQNDDRPpprnAaFvDyXhDXZKx4tMxIgw7trfDh4+1b9khSavvOl
rojmDpr6SnrjEfkwq5ER8DQsJfWECINqIPRHP+btgI4RXnu/EdczhC8VkH8KvE48 GkMrhyrjpgY1L6Mv5eM9z3jprAutVrNaM4IzINkKijNE0aQMId7hi7V2OIvYS/dH
SmR7/TbiMzuaCKovgJkUXA0sCecQ/oC6zIDunV4WeWg3uJg/hAJ24EDy2NyC25NS dEoQkN1ZzpkwK4vuFvCAIaErkdNiLU76APpnjhnKy+SPQqASrhKPK+yeEu4Ri49o
GrGxjglkRgCMle0QBErjabBP4YwmQMdQaPLwnG0ZvYck1S5g28JA9vR1p8aSAqwN bht3bpJ9qMGLpi8hk7Af2ICBbHnrJ05yt9Q5S0S+I4459xkbFpjsA7g0z9MPiE0z
BvkmzECswkjWKtTrxou7QkahXq2fDbDziMLPNJvTX1f0kpLoz0j4NX832TOezc+7 KnSx+OxyUsQTsiZJMlwfzXOLMlzK/kwJ8QE0kp4rxIMItmklz23qU4i6gG99jnI1
zk0VwST09xvCUKZfOWXfvukhsBN/jx7fy8j9czAZeaAudYNr34v+rjK8A9ncM5D5 5C2o9EujZ0GSsbvZNJ4ucOOCC/J1BcoPHxU9cQz51DU+a0vFsK77UbzAC0mqQl8O
gK+rS7bYiNFkIqEb90R7cvZVPbeZer7yE70vtyoBk1c wODT219ZFC9GzP91qHtAlVxpoIVi7OhVw8d8ma11N7o
-> piv-p256 grR75w AmR7Z9NXZowB8y3qjr28/9WwP9GWrjIjvIoA5e4ODeb2 -> piv-p256 grR75w Awk7/Q4K6PnOx1VWmtxWQgJfGkPVHIbwk3oc2Dk6wcym
YilIuItZv8UTjEhkp+5wW4zJtRO3UQTyrhtrfOyECss oeWbEXfuOxHseJ9W+oKKqJiyGaE2a3w7nsF/AKY3pS8
-> piv-p256 RQguQQ A+izZLoy4SIbo5lXmkx02RtdTPZ+t6Pm7ctPCdMyDhvJ -> piv-p256 RQguQQ AwdHD65+4PZUT4F8t6qU1GiXL6ETjScnFlLIcVSWuOk+
T3OZdgOSJCUs5jz/6U98oNk5QckZVomqNs+YdRp0+oA POglZeYjAzYb/81gK8CDUDtl8eM6xE+z3YxcaOxK2/4
--- NxDLl2b3DW4SpmH3fryRW1b188tNC0PFZimD1Fr1i/0 --- juEnuBaZ4x58VXzlmSgEu2TAQWGEie7zgaoa0phxJBI
<OÔ¢W÷´gŸ- Ž}èt#)ä$0ƒ6<>ß©cÝ?Y|Ž<E2809A>õæƒßÎЈiTøü°˩Ηµcš<>÷†{•)Nä[®ªV*1Ôˆñ'Zc  §ńҤŔę­ŃśRěר ?H ňŁg» ďŰ4 ł &1«2CÖ+ě۱1¶rÍ­¦)ÇLV±Ŕá.P®ĺu±) )BÄ…8žňîň)eî¶ë2†úP¦zf€lT“M

BIN
secrets/services/gitea/databasePassword.age
View File

Binary file not shown.

BIN
secrets/services/gitea/homerunner-token.age
View File

Binary file not shown.

BIN
secrets/services/gitea/mailerPassword.age
View File

Binary file not shown.

38
secrets/services/gitea/serverrunner-token.age
View File

@@ -1,21 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 0qfOZA H7lWTHNSL/svIOfRLxjLLfwYuxT88/mdDi7OJKf/AwY -> ssh-ed25519 0qfOZA 2w9FxathvqTuN8TEnxHVFgr/O2dAy72owqK5Dfpl234
MLL9OQMaLxu9Et9iwV3iTAno7+xghvvjQlzoTeTH0RE ArxI39jUSbHAW1E9oVmTwkVWKIF4kZRhl26deteony4
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
H++2SfTM0885EepCfM3PNBd18tPs1/+vWHNs9Yy0nBzibB/ZPf6Gcy0hDVokWFKb PxnpVXjlneM5kJS3ThHQOtA5BCzruLTkNRI/QB5mBQFWTeqlOrUeR6VdIyKWckpp
cEepvCN4vYdW70TtaoduqzUvG1qrRCenCIRP5baL+7o8etXE5GpGTF/Nidy+Alaz 4ZSNoXTi/ub28uGY1y2wA77xPWzwYokFr6tWiJvEfgtvaO6HXhCVEY/g0H60bu++
y/0LoHR7B5TIJ+uY9bbtBZIqrVM2wT1dkgq7vgwITeZl6a8Jw1l4zv8FDChNi9DZ r6rpiJxycFEpRtJqZZRZ+/1S77AdTstkBzFFg1cJygHZjtJ5nlhcVIeh7rngrNEU
o/9jeCWDIhHawaO19Y6D/x+DKS5EvTg95dE7+hDD+LZg3omftOtGpZa9qDzZPU9B ypRzgl87zh3ZvG+9wVjBbnrIVF8ICm/rzSv//n2Lq+Q2DmIB5VYIiMErh/S0Xat5
7SA/gPpETcvkTQ2YB5OEdYxvUmSYT0obQbCmbL0OZLumDz4TuHrPpN4HTv9DxY1i t4a6Ch4KdyjvQxqDn15zWmkEMWasBM6BsrcZ0v67DA/q5Ue0KkMu8qomYoitH6dT
tusE84Y/Bqw8umE7+5JavptZAY7g6GGVKxfYi8fKbhhuYQmjjKKA62BExLbTBxV/ LyJwm2skAug8c3p53mPFOOZlyHrUgx4zuUx34lRHwmZrQm0Deag//KkKsbA5DsIB
b9wyH1Lf9IOberxJ6KdagVFeUf2UVKZTH9Pj6aZ4yeJHbYRn7/rNJ+nByhMx/6BN T1RCkSIldG11vRc92sg24rWBmyDkJuzU94/Seivf3fuWpI0bjwZJUJlShvxTgk8E
+uNlRjHZXwqJy6XzY3GRgZmzOc0qnOh3Ft/GY6g8qQEIGNquvUUbH5BMjfX6KAoR SJrkKljDeYE+nBfcCU6pVSx3zMRXEDHn/1O2lY6PV9xSiJ55NbYyBJTDmv4GLJTM
XTrfxXTtcASWJRQctNcByvrDgOLJj2Whpv/gZIy4p5n5VjhPjsAnZpe/and7K4R8 AUDZc7ZBSiVHfti3MkyzCO00X1HBKGZmRjfw/PDA0FaTy7h+3g/YIaKR1JCQDgDb
4vigyOPiocizYn90GANfFKx5Tn0xo5me+5W69uitkjQtroehxkceexvf1LAdJQpu g7w/LM2XoaNA4vsZONLlc9LmczGJcno4bGzDafr+R/n91+2s+PXfcLy0JnrjnhcS
kzcMoxZ2PNw8fM7zDyqD05hmi4mNErMyJoL/Y9x/VcI Uo20lgvdRdC7JhQUYEhGchhuDv18qWz86YGLZtXiDyI
-> piv-p256 grR75w A6DLAwVma2avPBLlhkiUMT85//JqQ8yQcYSm0aBj8AS2 -> piv-p256 grR75w Atv6Qx+Kox3yaIg3GlBcjl/jOqB1c+jQZjXjd9QjKG93
UUH0FF7Qyn5pt6t0dVLPjqHsb8PEftQJwP7zwRegW60 jCGiPNAhf/dv/u7+gMqyk0/Llg91j5V+eveseRDju2E
-> piv-p256 RQguQQ AtoYNTbQXPlEUM9zMr4C7GfXkzC5YcSYasWb45Lra5u8 -> piv-p256 RQguQQ AuFA9C0hg7/lDHEz4ot81oDorONklwhktdbcV28GlZNq
l1Yi7b8I2Wx/ihuBbtt2Cc5dRVHrZRpLerg4BI68jGU Ddl+GdZ+bd884HoRd8hYaMkzJVW1w9Jl09ZSJ5cr0LI
--- qX2G6LYMfIGeBjaFfLQM6AGbBQK4JNnoiDRtvaEWG0g --- EXQY07ioUVXZngCW4Fj8TWYtPcxKd33tsA2aSJJLGFU
1{ûâSB³ÕÏˆà•´u[)G0S…-îuT ì'F¢¿Ó­å 

BIN
secrets/services/matrix/mautrix-signal.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-telegram.age
View File

Binary file not shown.

BIN
secrets/services/matrix/mautrix-whatsapp.age
View File

Binary file not shown.

BIN
secrets/services/matrix/synapse.age
View File

Binary file not shown.

BIN
secrets/services/mealie/credentialsFile.age Normal file
View File

Binary file not shown.

38
secrets/services/nextcloud/adminpassFile.age
View File

@@ -1,21 +1,21 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 WiIaQQ 2t9ct5sBH5//3MX7GyHybc9FHsRZNE/Lwz4MnMaSeQQ -> ssh-ed25519 WiIaQQ axhKLacpJTDu8bKQnGqJc9FX1nthnXS+B98NkIKOfkg
EFibXd1sP1gz5FjkViZ16MdnjKQkhq6s9cunyQ+H3xQ hMUlU4+cARDtDSw82HBP++1y64uNui4Nn4RJmTc1Mbo
-> ssh-rsa VtjGpQ -> ssh-rsa VtjGpQ
YQk1KJAW0SM9HEHY55VwfkBjl34gX39reTXjlMAyUjsoEQPqMjNOOdNzeF+Hgetf J0vpMK/d/QLPKDFrsuZGjWWcLY58r8wqrqSTO40BTGYAbCkwpH/N9A4AiUnfGXj4
A6gkuSfrM5ydAJITbcJANZc/QjZceGuHT69ljDYi0+Yuwzzr1vRSRldZ7WDTdZpy VD+4qkdP5Cdn9lpQVHZb7MRVTmz1nIqgWbLcime6jm2/Z0oQhw2qR3KrxrwFpNHT
n7gDo93iMsswnX3X4OpHyz/kBwwXGpOUXEUpdunzBdAHoawVjwm1XfnbodIewR2O pb1q7TD6Rhz1U5aOeUnH8JMg8KXpr34GNWV83+pV5g4MzPivKMzq636zA5XXLGg2
zhxk9T4u1wP1Nm3KfQXahU6YXnRwMj7pZBGE3qTkl1iYSglViw+ZZi8e1C+nk9cl oiKL3sCy06QxyoCnvqdHj8ssYvIb6v0xROqHJSA27x0oHq8fgwk/jfx3A7CIcWbj
J6e07tr8ktbeolND61+LrJkfB/XfVGA14Nb4lH7nQMhnz8pWg08NL/eGS+yvzqNf kYIVXwfW1kQPBbEtV8QPVkI8wMvu2/mtt4l//A6EvFEBcTLFV8jqzFOw9fb1kQr0
kf9JC22bhN0sYbQkIqEV0B0Oaew2voyIv3Esy8oipXWpVZc2WagxXeqYbjOYkjie nOFFQQb+pUJz1K7DV/Yki9rkihHpeFCcXBnGoW53EM+7lizg7BWw4golqi2aDo/f
upAXg8KrBAVSmFQ3XSRVfNaefOLxxBwRDksPufd2KaMejJ7zz3EKAd1HFFf2X6XG TQU6YVYUUUCV18ymNydQTmEFUqpZyAjJ8U1x9dqC6GnAvbEckoWQO2rvaC3d3+Kd
HSW/RHThD7Foyl1/nCTuLw4/nDweuB8GZ6dJ5oFPhCglaG1kyLhja95Ug1HsoMKH I1x+MfRf0cKmr8v05cEjnA0jXsYVz5GoGbW07rSFfzehUql03UIWoCBjFe+jOit8
REgTszd4neOjAjDPjzjlA/ety2CO7Y/cNkLPucUSZVK6X2P1945lKimpn1Ud+ag0 dHGEgemX0oBK+3hKVGA2jgjjJuQSyJAohC0PB6N+FJg896ft1Qul0nIUBGsYxc0F
4LorRjJNI0BQlQF5S74g+cZoZCAs/0MKP66AmDxuAdJr4Ezx0ZNtMcv1930wV989 J1p2ANQCS5LYibl3RjzU84oVJ7tQRGxTm/ifV72ABLr51lQUQ/Xm7ejGc2W2DBf0
hPTgRUFjfmH1nZSBbi1wC6oQvmMU3w68HMZIOPLvPK4 hQFr8bsq/rUbyJSUlYd72m1+AIWkzNNnUzh4ZYZoKX4
-> piv-p256 grR75w AgG4UpmG5XqcJA7GCAKPwudoJUGvcDWRuOraVO0CW7TB -> piv-p256 grR75w A3S2V7f+gRKz0atGirP3XFwqcLUSwyyrwvXJn9N71GsK
+BS1z9m4pwDJ5HTBkRmBrwF7b+fMgauOrfu6V5SDtVk mHdPCL/r7/4lI62DVetgtQNz382RNVbYjjWJa7CY1+g
-> piv-p256 RQguQQ AyuRnVJussZFo+BPyb7CQQFaOzPsBMSwo8CEYUIgwfvo -> piv-p256 RQguQQ A8TZ/IJp06b3fyQW5v5eW4zvdTXt39vNcEoRKDFvFEuU
F2AH6I4y6bDQxZbRUVIT8rVC4zeazXtnswSTDQxeM0Q 5P//fq21JtVKc4kibrUzAizJSbuDPWvfpmKHTJOh+pQ
--- YCbvajV4wiAWhDqlVWnYZxICoSgvrRp5MYdacqtzs24 --- GCvDKrJ38F1lOQuj+4728qfgP5Kuh6pdrrtoCR9bW28
G˜Qú0rõƒd ùÉž¥A(c>ˆ•U|¸å‚ÃË­*áKžšÑ™TS K…û0µèL yçü p2Wþ` Õæsì8܉xOTÅ-J#~ $

BIN
secrets/services/nextcloud/dbpassFile.age
View File

Binary file not shown.

22
secrets/services/nextcloud/onlyofficedb.age
View File

@@ -1,22 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 WiIaQQ ibQNsZtfH0+ee2qsEm+RjDosoxZef2fZntXL6k7TXyQ
lLYmS35hzX659p0nboXKqy8MRQjIH/hBbFssLYPidTQ
-> ssh-rsa VtjGpQ
W600R22V7ABKLsyx5Ov3n84Xb5E//bR1sYUNY5bufTNc0gqYhFJPzjM7G/qrXUd9
ylBSBGvZua2L6yr0RFfZZqf2R2vHjLCU3u2HSWFNbwjpjL7dyDihSzdO9xSqyyh3
UXM0ajp1AETooHSBNA32Xvemc40YqfVABaTxm6VTiz5gdlXshqyvwlf2fCNyKrnb
DbFgH9bkuLH2EgyS7NKCXKwjn5W7SKOQoripHjba/p1pEUebuDQwDj6n/uoc/Qcu
B3XK1/AoduKTxaYnJ1h4Vbn1SfH5AxAphyl6StkPLfZcsGFXTozqCMObkBo0zKVo
ljPPuPQGE0KiLO1BXbLjgzoe4h0RbjsX965y6DCn6XCZmwqOha3c6/NnYkPBa/2f
AdeUOQqRGsTBBEYRhlGW5CDZLX+d+lP2G/g8Y2b8nfWEDWwH+hOLnrCDmENjy8Z2
eSwBGSlPq8ckERe/EriDg4uhgboGAQ6LM2kzEdnpBbzyqoxzH+cQ2jgKkXnucSsD
MnXa0Nmw3J/Obq7OlnHqEwvy9334ZOzpj6NLE/9/LTcy409SAlE/Du1AI37lrlZv
+K1rRwi1h4agtftYU5Z1xbBkFgzfPmyE7+PPuKoxEuL0eNztnQK8hQB3g5xgeWZK
PlVmxYEdYhWGymqRh3/+xbszrYDOL2sNTGp8DDqt9LU
-> piv-p256 grR75w A54j28UhpNbcKyndBaw2+L056dEle95ki6NH0u47EYCn
AwT9E+zkBIWrtRTxpdxFlqD1Kjq3mR1DjLfVF4du6/8
-> piv-p256 RQguQQ Ald/MGvQnBiEbFmk3Pcb9fsKWrRvNDP1VG/ETAb8ILay
HLJ1tf/vZkhAZrerGxGHw07m+wrQrv1YyTmHQtH98uU
--- BzeW+gBeWrsfRFSljcoTUpsJILCiUZmGgz6a2qZ3kgA
E
Þ¤.§b„ÛŒf¯GkÂî)·WXp<06>v86uËU£²æ ©7+Þy÷ä[á;

BIN
secrets/services/nextcloud/onlyofficejwt.age
View File

Binary file not shown.

BIN
secrets/services/postgresql/initScript.age
View File

Binary file not shown.

BIN
secrets/services/vaultwarden/environment.age
View File

Binary file not shown.