jana/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: jana:workflows
Branches Tags
jana:main
jana:workflows
..
compare: jana:main
Branches Tags
jana:main
jana:workflows

33 commits
workflows ... main

Author SHA1 Message Date
Jana Dönszelmann
84644d3675
fix nixvim
Some checks failed
/ lint (push) Failing after 30s
Details
2026-01-25 09:41:59 +01:00
Jana Dönszelmann
e3f3e75285
immich
Some checks failed
/ lint (push) Failing after 38s
Details
2026-01-24 14:38:42 +01:00
Jana Dönszelmann
74a6785eb0
firefox bookmarks 2026-01-23 10:37:45 +01:00
Jana Dönszelmann
49b6f5bde0
switch to cap based home configs 2026-01-22 23:51:52 +01:00
Jana Dönszelmann
50ee9aac83
switch to cap based home configs 2026-01-22 23:51:52 +01:00
Jana Dönszelmann
acd7def6ed
nix on kil
Some checks failed
/ lint (push) Failing after 32s
Details
2026-01-20 16:51:45 +01:00
jana
b84f878dbd add kili to nix configurations 2026-01-19 16:14:09 +01:00
Jana Dönszelmann
8ebf4b74e6
site update and some vpn shit
Some checks failed
/ lint (push) Failing after 43s
Details
2026-01-06 15:43:40 +01:00
Jana Dönszelmann
b0158e96c8
setup autobrr 2026-01-06 02:21:31 +01:00
Jana Dönszelmann
bfab24fbe4
update mifg 2026-01-06 00:05:34 +01:00
Jana Dönszelmann
f14a6c8807
remove some warnings
Some checks failed
/ lint (push) Failing after 36s
Details
2026-01-03 18:36:46 +01:00
Jana Dönszelmann
612b7a13a7
migrate media services to pocketid
Some checks failed
/ lint (push) Failing after 34s
Details
2026-01-03 15:15:07 +01:00
Jana Dönszelmann
5f9ef795c0
disallow local login on forge
Some checks failed
/ lint (push) Failing after 37s
Details
2026-01-03 11:31:20 +01:00
Jana Dönszelmann
508c3a20bd
readme
All checks were successful
/ lint (push) Successful in 13s
Details
2026-01-03 02:47:56 +01:00
Jana Dönszelmann
dcf9031b33
remove direnv
Some checks are pending
/ lint (push) Waiting to run
Details
2026-01-03 02:45:48 +01:00
Jana Dönszelmann
69ad04cf64
users
Some checks are pending
/ lint (push) Waiting to run
Details
2026-01-03 02:42:46 +01:00
Jana Dönszelmann
3ae254a5da
remove deploy
Some checks are pending
/ lint (push) Waiting to run
Details
2026-01-03 02:41:51 +01:00
Jana Dönszelmann
115a711a5f
switch to keys
Some checks failed
/ lint (push) Waiting to run
Details
/ build (push) Has been cancelled
Details
2026-01-03 02:40:54 +01:00
Jana Dönszelmann
c40e6e3255
update flake and more pocketid
Some checks failed
/ lint (push) Waiting to run
Details
/ build (push) Has been cancelled
Details
2026-01-03 02:00:28 +01:00
Jana Dönszelmann
a3289c777e
pocketid 2026-01-02 22:45:52 +01:00
Jana Dönszelmann
08eb2d41db
cleanups 2026-01-02 22:04:40 +01:00
Jana Dönszelmann
1194a087a9
money is fckn gay
Some checks failed
/ lint (push) Successful in 57s
Details
/ build (push) Failing after 1h50m43s
Details
2026-01-02 21:59:21 +01:00
Jana Dönszelmann
ee764cf3c7
gay link 2025-12-26 14:15:35 +01:00
Jana Dönszelmann
d3d45d9e3c
datadog 2025-11-19 09:25:25 +01:00
Jana Dönszelmann
0c044cc4ea
update homepage
Some checks failed
/ lint (push) Successful in 13s
Details
/ build (push) Failing after 3h13m32s
Details
2025-10-28 23:55:48 +01:00
Jana Dönszelmann
a60d56425c
back to jellyfin 2025-10-21 23:36:38 +02:00
Jana Dönszelmann
d3662d77d0
add mapfm poster back 2025-10-21 17:33:47 +02:00
Jana Dönszelmann
47a4f3f9a7
factorio server
Some checks failed
/ build (push) Failing after 3h0m4s
Details
/ lint (push) Failing after 8s
Details
2025-09-27 23:59:08 +02:00
Jana Dönszelmann
00b7254d12
obsidian
Some checks failed
/ lint (push) Failing after 8s
Details
/ build (push) Failing after 3h12m10s
Details
2025-09-08 17:02:15 -07:00
Jana Dönszelmann
e898c31de2
reviewqueue state dir
Some checks failed
/ build (push) Has been cancelled
Details
/ lint (push) Successful in 8s
Details
2025-08-20 12:59:37 +02:00
Jana Dönszelmann
46e473652c
apply
All checks were successful
/ build (push) Successful in 15s
Details
/ lint (push) Successful in 6s
Details
2025-08-20 12:55:37 +02:00
Jana Dönszelmann
357a4072c6
add colmena
All checks were successful
/ build (push) Successful in 20s
Details
/ lint (push) Successful in 7s
Details
2025-08-20 12:53:54 +02:00
Jana Dönszelmann
f5cab89d2c
add colmeno
Some checks failed
/ build (push) Failing after 12s
Details
/ lint (push) Successful in 8s
Details
2025-08-20 12:51:53 +02:00
99 changed files with 7358 additions and 871 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.direnv/flake-profile
View file

@ -1 +0,0 @@
flake-profile-9-link

1
.direnv/flake-profile-9-link
View file

@ -1 +0,0 @@
/nix/store/k88yspmzczh2hz8assh7447skldwjdw7-nix-shell-env

11
.github/workflows/deploy.yml vendored
View file

@ -1,11 +0,0 @@
on:
push:
branches:
- main
jobs:
build:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: nix develop
- run: colmena build -v --on @fili

1
.gitignore vendored
View file

@ -1 +1,2 @@
secret/ secret/
.direnv

7
.sops.yaml
View file

@ -1,7 +0,0 @@
keys:
- &jana age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *jana

8
README.md Normal file
View file

@ -0,0 +1,8 @@
# Server Configuration
This is the server configuration of:
- currently only `fili`
For my nix-based dotfiles (i.e. home-manager configuration) which I use on my laptops for example, see <https://git.donsz.nl/dotfiles>.
Note: on most of my machines I don't actually use nixos, but do use nix to manage dotfiles and many programs.

28
default-machine-config.nix
View file

@ -1,15 +1,18 @@
{ {
lib, lib,
pkgs, pkgs,
inputs,
flakes,
... ...
}: }:
{ {
imports = [ imports = [
# ./cli-programs (inputs.self + /modules/machine-type.nix)
# inputs.home-manager.nixosModules.home-manager (inputs.self + /modules/program.nix)
(inputs.self + /programs)
]; ];
system.stateVersion = "25.05"; system.stateVersion = "26.05";
services.resolved.enable = false; services.resolved.enable = false;
# Enable SSH # Enable SSH
@ -38,6 +41,9 @@
atuin atuin
rcon rcon
lix lix
nix-output-monitor
wget
comma
]; ];
# Set up direnv # Set up direnv
@ -125,10 +131,14 @@
nixos.enable = lib.mkForce false; nixos.enable = lib.mkForce false;
}; };
# home-manager = { security.polkit.enable = true;
# useGlobalPkgs = true;
# useUserPackages = true; home-manager = {
# verbose = true; useGlobalPkgs = true;
# extraSpecialArgs = { inherit inputs; }; useUserPackages = true;
# };
extraSpecialArgs = {
inherit flakes;
};
};
} }

20
fili/lib/auth.nix
View file

@ -1,20 +0,0 @@
{ baseUrl, clientId }:
{
inherit clientId;
userAuthUrl = "${baseUrl}/ui/oauth2";
apiAuthUrl = "${baseUrl}/oauth2/authorise";
tokenUrl = "${baseUrl}/oauth2/token";
rfc7662TokenIntrospectionUrl = "${baseUrl}/oauth2/token/introspect";
rfc7009TokenRevokeUrl = "${baseUrl}/oauth2/token/revoke";
oauth2Rfc8414Discovery = "${baseUrl}/oauth2/openid/${clientId}/.well-known/oauth-authorization-server";
oidcIssuerUri = "${baseUrl}/oauth2/openid/${clientId}";
oidcDiscovery = "${baseUrl}/oauth2/openid/${clientId}/.well-known/openid-configuration";
oidcUserInfo = "${baseUrl}/oauth2/openid/${clientId}/userinfo";
oidcTokenSigningPubkey = "${baseUrl}/openid/${clientId}/public_key.jwk";
}

46
fili/services/auth/kanidm.nix
View file

@ -1,46 +0,0 @@
{ pkgs, config, ... }:
let
lib = pkgs.lib;
domain = "auth.donsz.nl";
port = 3013;
backupsDir = "/var/lib/kanidm/backup";
in
{
services.kanidm.enableServer = true;
services.kanidm.package = pkgs.kanidm_1_6;
services.kanidm.serverSettings = {
tls_chain = "/var/lib/acme/${domain}/fullchain.pem";
tls_key = "/var/lib/acme/${domain}/key.pem";
bindaddress = "[::1]:${toString port}";
ldapbindaddress = "[::1]:3636";
inherit domain;
origin = "https://${domain}";
trust_x_forward_for = true;
online_backup = {
path = backupsDir;
schedule = "0 0 * * *";
};
};
systemd.services.kanidm = {
preStart = lib.mkBefore ''
mkdir -p "${backupsDir}"
'';
serviceConfig = {
SupplementaryGroups = [ config.security.acme.certs.${domain}.group ];
};
};
environment.systemPackages = [ pkgs.kanidm ];
services.nginx.virtualHosts.${domain} = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "https://[::1]:${toString port}";
};
};
}

55
fili/services/auth/oauth2-proxy.nix
View file

@ -1,55 +0,0 @@
{ pkgs, config, ... }:
{
sops.secrets.oauth2-proxy = {
sopsFile = ../../../secrets/oauth2-proxy.env;
};
services.oauth2-proxy =
let
auth = import ../../lib/auth.nix {
baseUrl = "https://auth.donsz.nl";
clientId = "homeserver";
};
in
{
enable = true;
provider = "oidc";
clientID = "${auth.clientId}";
oidcIssuerUrl = auth.oidcIssuerUri;
proxyPrefix = "/oauth2";
reverseProxy = true;
keyFile = config.sops.secrets.oauth2-proxy.path;
loginURL = auth.apiAuthUrl;
redeemURL = auth.tokenUrl;
validateURL = auth.rfc7662TokenIntrospectionUrl;
profileURL = auth.oidcUserInfo;
scope = "openid profile email";
email.domains = [ "*" ];
cookie = {
domain = "donsz.nl";
refresh = "1h";
secure = true;
};
extraConfig = {
whitelist-domain = [ "*.donsz.nl" ];
};
nginx.domain = "oauth2.donsz.nl";
};
services.nginx.virtualHosts."oauth2.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/".return = "301 https://oauth2.donsz.nl/oauth2/sign_in";
};
}

19
fili/services/media/jackett.nix
View file

@ -1,19 +0,0 @@
_: {
services.nginx = {
virtualHosts."jackett.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:9117";
};
};
};
services.jackett = {
enable = true;
group = "jellyfin";
user = "jellyfin";
};
}

22
fili/services/media/overseerr.nix
View file

@ -1,22 +0,0 @@
{ config, ... }:
let
port = 11002;
in
{
config.networking.firewall.allowedTCPPorts = [ port ];
config.virtualisation.oci-containers.containers = {
overseerr = {
image = "mirror.gcr.io/fallenbagel/jellyseerr:develop";
environment = {
PORT = "5555";
TZ = "Europe/Amsterdam";
LOG_LEVEL = "debug";
};
extraOptions = [ "--network=host" ];
volumes = [
"/var/lib/microvms/rr/storage/data/overseerr:/app/config"
];
};
};
}

82
fili/services/media/plex.nix
View file

@ -1,82 +0,0 @@
_: {
services.plex = {
enable = true;
openFirewall = true;
user = "jellyfin";
};
users.groups.jellyfin = { };
users.users.jellyfin = {
isSystemUser = true;
group = "jellyfin";
extraGroups = [ "storage" ];
};
services.nginx = {
virtualHosts."media.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
extraConfig = ''
#Some players don't reopen a socket and playback stops totally instead of resuming after an extended pause
send_timeout 100m;
# Why this is important: https://blog.cloudflare.com/ocsp-stapling-how-cloudflare-just-made-ssl-30/
ssl_stapling on;
ssl_stapling_verify on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#Intentionally not hardened for security for player support and encryption video streams has a lot of overhead with something like AES-256-GCM-SHA384.
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
# Forward real ip and host to Plex
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $server_addr;
proxy_set_header Referer $server_addr;
proxy_set_header Origin $server_addr;
# Plex has A LOT of javascript, xml and html. This helps a lot, but if it causes playback issues with devices turn it off.
gzip on;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css text/xml application/xml text/javascript application/x-javascript image/svg+xml;
gzip_disable "MSIE [1-6]\.";
# Nginx default client_max_body_size is 1MB, which breaks Camera Upload feature from the phones.
# Increasing the limit fixes the issue. Anyhow, if 4K videos are expected to be uploaded, the size might need to be increased even more
client_max_body_size 100M;
# Plex headers
proxy_set_header X-Plex-Client-Identifier $http_x_plex_client_identifier;
proxy_set_header X-Plex-Device $http_x_plex_device;
proxy_set_header X-Plex-Device-Name $http_x_plex_device_name;
proxy_set_header X-Plex-Platform $http_x_plex_platform;
proxy_set_header X-Plex-Platform-Version $http_x_plex_platform_version;
proxy_set_header X-Plex-Product $http_x_plex_product;
proxy_set_header X-Plex-Token $http_x_plex_token;
proxy_set_header X-Plex-Version $http_x_plex_version;
proxy_set_header X-Plex-Nocache $http_x_plex_nocache;
proxy_set_header X-Plex-Provides $http_x_plex_provides;
proxy_set_header X-Plex-Device-Vendor $http_x_plex_device_vendor;
proxy_set_header X-Plex-Model $http_x_plex_model;
# Websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Buffering off send to the client as soon as the data is received from Plex.
proxy_redirect off;
proxy_buffering off;
'';
locations."/" = {
proxyPass = "http://[::1]:32400";
};
};
};
}

120
fili/services/media/torrent.nix
View file

@ -1,120 +0,0 @@
{
config,
pkgs,
...
}:
{
sops.secrets.mullvad = {
sopsFile = ../../../secrets/mullvad.yaml;
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
portMappings = [
{
from = 9091;
to = 9091;
} # UI Port.
{
from = 5432;
to = 5432;
} # DB Port.
];
openVPNPorts = [
{
port = 50901;
protocol = "both";
}
{
port = 50902;
protocol = "both";
}
{
port = 50903;
protocol = "both";
}
{
port = 50904;
protocol = "both";
}
{
port = 50905;
protocol = "both";
}
{
port = 50906;
protocol = "both";
}
{
port = 50907;
protocol = "both";
}
{
port = 50908;
protocol = "both";
}
{
port = 50909;
protocol = "both";
}
];
};
services.nginx = {
virtualHosts."dl.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.15.1:9091";
};
};
};
services.oauth2-proxy.nginx.virtualHosts."dl.donsz.nl" = { };
systemd.services.transmission.vpnConfinement = {
enable = true;
vpnNamespace = "mullvad";
};
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.stdenv.mkDerivation {
name = "flood-modified";
version = "1.0";
src = pkgs.flood-for-transmission;
installPhase = ''
mkdir -p $out
cp -r ./* $out
cp ./config.json.defaults $out/config.json
'';
};
home = "/var/lib/transmission";
user = "jellyfin";
group = "jellyfin";
settings = {
download-dir = "/storage/storage/torrents";
incomplete-dir-enabled = false;
# incomplete-dir = "/storage/storage/torrents";
rpc-bind-address = "192.168.15.1";
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
rpc-port = 9091;
peer-port = 50909;
cache-size-mb = 2048;
preallocation = 1;
};
};
}

23
fili/services/websites/homepage.nix
View file

@ -1,23 +0,0 @@
{ flakes, pkgs, ... }:
{
services.nginx = {
virtualHosts."donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.homepage.packages.${pkgs.system}.website;
};
};
virtualHosts."jdonszelmann.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.homepage.packages.${pkgs.system}.website;
};
};
};
}

30
fili/services/websites/mapf.nix
View file

@ -1,30 +0,0 @@
{ flakes, ... }:
{
# imports = [
# flakes.mapf.nixosModules.default
# ];
sops.secrets.mapf = {
sopsFile = ../../../secrets/mapf-prod.env;
};
services.nginx = {
virtualHosts."mapf.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:8080";
};
};
};
# donsz.services.mapf = {
# enable = true;
# envfile = "/run/secrets/sops/mapf";
# db_name = "mapfprod";
# db_user = "mapfprod";
# db_password = "";
# };
}

1859
flake.lock generated
View file

File diff suppressed because it is too large Load diff

122
flake.nix
View file

@ -1,11 +1,19 @@
{ {
description = "jana's server infrastructure"; description = "jana's server infrastructure";
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/release-25.05"; nixpkgs.url = "github:NixOS/nixpkgs";
colmena.url = "github:zhaofengli/colmena"; colmena.url = "github:zhaofengli/colmena";
flake-utils.url = "github:numtide/flake-utils"; flake-utils.url = "github:numtide/flake-utils";
sops-nix.url = "github:jdonszelmann/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
vpn-confinement.url = "github:Maroka-chan/VPN-Confinement"; vpn-confinement.url = "github:Maroka-chan/VPN-Confinement";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs";
};
# websites # websites
@ -14,6 +22,54 @@
harmonica.url = "git+ssh://git@github.com/jdonszelmann/harmonica-tabs"; harmonica.url = "git+ssh://git@github.com/jdonszelmann/harmonica-tabs";
mapf.url = "git+ssh://git@github.com/jdonszelmann/mapf-server"; mapf.url = "git+ssh://git@github.com/jdonszelmann/mapf-server";
reviewqueue.url = "github:jdonszelmann/review-queue"; reviewqueue.url = "github:jdonszelmann/review-queue";
compiler-construction-2021.url = "git+ssh://forgejo@git.donsz.nl/jana/eelco-visser-compiler-construction.git";
mifg.url = "git+ssh://forgejo@git.donsz.nl/jana/money.is.fckn.gay.git";
secrets.url = "git+ssh://forgejo@git.donsz.nl/jana/server-secrets.git";
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
t.url = "github:jdonszelmann/t-rs";
dumpasm.url = "github:jdonszelmann/dumpasm";
kitty-search = {
url = "github:trygveaa/kitty-kitten-search";
flake = false;
};
jujutsu = {
url = "github:martinvonz/jj";
inputs.nixpkgs.follows = "nixpkgs";
};
p1n3appl3 = {
url = "github:p1n3appl3/config";
inputs.rahul-config.follows = "rahul-config";
};
rahul-config.url = "github:jdonszelmann/nix-config";
niri-unstable.url = "github:YaLTeR/niri";
niri = {
url = "github:sodiboo/niri-flake";
inputs.niri-unstable.follows = "niri-unstable";
};
matugen = {
url = "github:/InioX/matugen/main";
inputs.nixpkgs.follows = "nixpkgs";
};
noctalia = {
url = "github:noctalia-dev/noctalia-shell";
inputs.nixpkgs.follows = "nixpkgs";
};
pipethon.url = "git+ssh://forgejo@git.donsz.nl/jana/pipethon.git";
firefox-sidebar-css = {
url = "github:drannex/FirefoxSidebar";
flake = false;
};
raw-data.url = "git+ssh://forgejo@git.donsz.nl/jana/raw-data.git";
}; };
outputs = outputs =
{ {
@ -23,7 +79,19 @@
flake-utils, flake-utils,
sops-nix, sops-nix,
vpn-confinement, vpn-confinement,
home-manager,
mapf, mapf,
nixvim,
t,
dumpasm,
jujutsu,
pipethon,
niri,
niri-unstable,
matugen,
noctalia,
firefox-addons,
raw-data,
... ...
}@inputs: }@inputs:
let let
@ -32,17 +100,35 @@
import nixpkgs { import nixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ ]; overlays = [
(_: _: {
custom = {
t = t.packages.${system}.default;
inherit (dumpasm.packages.${system}) dumpasm;
inherit (jujutsu.packages.${system}) jujutsu;
pipethon = pipethon.packages.${system}.python;
niri = niri-unstable.packages.${system}.niri;
raw-data = raw-data.packages.${system}.default;
};
p1n3appl3 = inputs.p1n3appl3.packages.${system};
})
];
}; };
in in
{ {
colmenaHive = colmena.lib.makeHive self.outputs.colmena; colmenaHive = colmena.lib.makeHive self.outputs.colmena;
colmena = { colmena = {
meta = { meta =
nixpkgs = pkgsForSystem "x86_64-linux"; let
system = "x86_64-linux";
in
{
nixpkgs = pkgsForSystem system;
specialArgs.flakes = inputs; specialArgs.flakes = inputs;
specialArgs.inputs = inputs;
specialArgs.secrets = inputs.secrets.packages.${system}.secrets;
}; };
fili = { fili = {
@ -56,13 +142,30 @@
}; };
imports = [ imports = [
./fili/configuration.nix home-manager.nixosModules.home-manager
./users/users.nix ./hosts/fili/configuration.nix
./users
./default-machine-config.nix ./default-machine-config.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
vpn-confinement.nixosModules.default vpn-confinement.nixosModules.default
]; ];
}; };
kili = {
deployment = {
allowLocalDeployment = true;
targetHost = null;
replaceUnknownProfiles = false;
tags = [ "laptop" ];
# buildOnTarget = true;
targetUser = "jana";
};
imports = [
home-manager.nixosModules.home-manager
./hosts/kili/configuration.nix
./users
];
};
}; };
} }
// flake-utils.lib.eachDefaultSystem ( // flake-utils.lib.eachDefaultSystem (
@ -78,11 +181,14 @@
(pkgs.writeShellScriptBin "apply" '' (pkgs.writeShellScriptBin "apply" ''
colmena apply --no-substitute colmena apply --no-substitute
'') '')
(pkgs.writeShellScriptBin "apply-local" ''
colmena apply-local --sudo
'')
]; ];
shellHook = "exec $NIX_BUILD_SHELL"; shellHook = "exec $NIX_BUILD_SHELL";
}; };
formatter = pkgs.nixfmt-rfc-style; formatter = pkgs.nixfmt;
} }
); );

15
fili/configuration.nix → hosts/fili/configuration.nix
View file

@ -6,6 +6,13 @@ _: {
./services ./services
]; ];
custom.machine = {
type = "server";
capabilities = [
"cli"
];
};
networking.nameservers = [ networking.nameservers = [
"1.1.1.1" "1.1.1.1"
"9.9.9.9" "9.9.9.9"
@ -35,4 +42,12 @@ _: {
# secrets # secrets
sops.age.keyFile = "/sops/sops-key.txt"; sops.age.keyFile = "/sops/sops-key.txt";
sops.defaultSopsFormat = "dotenv"; sops.defaultSopsFormat = "dotenv";
users.extraUsers.jana.extraGroups = [
"storage"
"syncthing"
"jellyfin"
"media"
"nginx"
];
} }

0
fili/hardware-configuration.nix → hosts/fili/hardware-configuration.nix
View file

0
fili/networking.nix → hosts/fili/networking.nix
View file

2
fili/services/auth/default.nix → hosts/fili/services/auth/default.nix
View file

@ -1,6 +1,6 @@
_: { _: {
imports = [ imports = [
./kanidm.nix
./oauth2-proxy.nix ./oauth2-proxy.nix
./pocketid.nix
]; ];
} }

47
hosts/fili/services/auth/oauth2-proxy.nix Normal file
View file

@ -0,0 +1,47 @@
{
config,
secrets,
...
}:
{
sops.secrets.oauth2-proxy = {
sopsFile = "${secrets}/oauth2-proxy.env";
};
services.oauth2-proxy = {
enable = true;
provider = "oidc";
scope = "openid profile email groups";
clientID = "38aa51e2-783e-48f0-a4b9-440e269f1217";
oidcIssuerUrl = "https://auth.donsz.nl";
reverseProxy = true;
proxyPrefix = "/oauth2";
keyFile = config.sops.secrets.oauth2-proxy.path;
email.domains = [ "*" ];
cookie = {
domain = "donsz.nl";
refresh = "1h";
secure = true;
};
extraConfig = {
whitelist-domain = [ "*.donsz.nl" ];
insecure-oidc-allow-unverified-email = true;
};
nginx.domain = "oauth2.donsz.nl";
};
services.nginx.virtualHosts."oauth2.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/".return = "301 https://oauth2.donsz.nl/oauth2/sign_in";
};
}

57
hosts/fili/services/auth/pocketid.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, secrets, ... }:
{
sops.secrets.pocketid = {
owner = config.services.pocket-id.user;
sopsFile = "${secrets}/pocketid.env";
};
services.nginx.virtualHosts."auth.donsz.nl" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
'';
locations."/".proxyPass = "http://[::1]:${toString config.services.pocket-id.settings.PORT}";
};
services.pocket-id = {
enable = true;
user = "pocket-id";
environmentFile = config.sops.secrets.pocketid.path;
settings = {
PORT = 1411;
TRUST_PROXY = true;
APP_URL = "https://auth.donsz.nl";
ALLOW_USER_SIGNUPS = "withToken";
UI_CONFIG_DISABLED = true;
ALLOW_OWN_ACCOUNT_EDIT = true;
DB_PROVIDER = "postgres";
DB_CONNECTION_STRING = "postgres://pocketid:pocketid@localhost:5432/pocketid";
KEYS_STORAGE = "database";
METRICS_ENABLED = false;
TRACING_ENABLED = false;
ANALYTICS_DISABLED = true;
SESSION_DURATION = 1440;
SMTP_HOST = "smtp.fastmail.com";
SMTP_PORT = "587";
SMTP_FROM = "auth@donsz.nl";
SMTP_USER = "pocketid-auth";
SMTP_TLS = "starttls";
EMAIL_LOGIN_NOTIFICATION_ENABLED = true;
EMAIL_API_KEY_EXPIRATION_ENABLED = true;
EMAIL_ONE_TIME_ACCESS_AS_ADMIN_ENABLED = true;
ACCENT_COLOR = "#c66995";
LOG_LEVEL = "debug";
};
};
}

8
fili/services/databases.nix → hosts/fili/services/databases.nix
View file

@ -50,6 +50,14 @@
name = "forgejo"; name = "forgejo";
ensureDBOwnership = true; ensureDBOwnership = true;
} }
{
name = "pocketid";
ensureDBOwnership = true;
}
{
name = "immich";
ensureDBOwnership = true;
}
]; ];
ensureDatabases = map (i: i.name) ensureUsers; ensureDatabases = map (i: i.name) ensureUsers;
}; };

4
fili/services/default.nix → hosts/fili/services/default.nix
View file

@ -4,7 +4,11 @@ _: {
./databases.nix ./databases.nix
./matrix-synapse.nix ./matrix-synapse.nix
./forgejo.nix ./forgejo.nix
./obsidian-sync.nix
./metrics.nix
./immich.nix
./factorio
./media ./media
./websites ./websites
./auth ./auth

136
hosts/fili/services/factorio/default.nix Normal file
View file

@ -0,0 +1,136 @@
{
lib,
pkgs,
config,
secrets,
...
}:
let
factorioVersion =
version: sha:
pkgs.factorio-headless.overrideAttrs (_: {
inherit version;
src = pkgs.fetchurl {
url = "https://factorio.com/get-download/${version}/headless/linux64";
name = "factorio-headless-${version}.tar.xz";
sha256 = sha;
};
});
getMods =
modDir:
let
modList = lib.pipe modDir [
builtins.readDir
(lib.filterAttrs (k: v: v == "regular"))
(lib.mapAttrsToList (k: v: k))
(builtins.filter (lib.hasSuffix ".zip"))
];
validPath =
modFileName:
builtins.path {
path = modDir + "/${modFileName}";
name = lib.strings.sanitizeDerivationName modFileName;
};
modToDrv =
modFileName:
pkgs.runCommand "copy-factorio-mods" { } ''
mkdir $out
ln -s '${validPath modFileName}' $out/'${modFileName}'
''
// {
deps = [ ];
};
in
builtins.map modToDrv modList;
factorioContainer = name: factorio-config: {
"factorio-${name}" = {
autoStart = true;
bindMounts = {
"/var/lib/factorio" = {
hostPath = "/factorio/${name}";
isReadOnly = false;
};
"/run/secrets" = {
hostPath = "/run/secrets";
isReadOnly = true;
};
"/etc/resolv.conf" = {
hostPath = "/etc/resolv.conf";
isReadOnly = true;
};
};
privateUsers = "no";
config =
{
config,
pkgs,
lib,
...
}:
{
systemd.services.factorio.serviceConfig.User = "factorio";
services.factorio = factorio-config // {
enable = true;
openFirewall = true;
game-name = name;
saveName = name;
stateDirName = "factorio";
};
nixpkgs.config = {
allowUnfree = true;
};
system.stateVersion = "23.11";
networking = {
firewall.enable = false;
};
};
};
};
in
{
users.groups.factorio = { };
users.users.factorio = {
isSystemUser = true;
group = "factorio";
extraGroups = [ "storage" ];
};
sops.secrets.factorio = {
sopsFile = "${secrets}/factorio.json";
format = "json";
key = "";
owner = "factorio";
};
containers =
factorioContainer "tawney" {
autosave-interval = 20;
admins = [
"jonay2000"
"computerdruid"
"pineapple"
];
extraSettingsFile = config.sops.secrets.factorio.path;
# mods = getMods .factorio-mods/tawney;
package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
port = 20001;
}
// factorioContainer "snek" {
autosave-interval = 20;
admins = [
"jonay2000"
"computerdruid"
"pineapple"
"koragendum"
];
extraSettingsFile = config.sops.secrets.factorio.path;
mods = getMods ./factorio-mods/snek;
package = factorioVersion "2.0.69" "sha256-I1FHuz7WtfCmmTiTxskv3+U1upWrhmBG9R+GUoS1c0E=";
port = 20002;
};
}

BIN
hosts/fili/services/factorio/factorio-mods/snek/VehicleSnap_2.0.2.zip Normal file
View file

Binary file not shown.

BIN
hosts/fili/services/factorio/factorio-mods/snek/factoryplanner_2.0.30.zip Normal file
View file

Binary file not shown.

BIN
hosts/fili/services/factorio/factorio-mods/snek/flib_0.16.3.zip Normal file
View file

Binary file not shown.

BIN
hosts/fili/services/factorio/factorio-mods/snek/valerian-planets_1.0.2.zip Normal file
View file

Binary file not shown.

BIN
hosts/fili/services/factorio/factorio-mods/snek/visible-planets_1.4.8.zip Normal file
View file

Binary file not shown.

58
fili/services/forgejo.nix → hosts/fili/services/forgejo.nix
View file

@ -1,35 +1,44 @@
{ {
lib,
pkgs, pkgs,
config, config,
flakes,
secrets,
... ...
}: }:
let
cfg = config.services.forgejo;
srv = cfg.settings.server;
in
{ {
sops.secrets.forgejo = { sops.secrets.forgejo = {
sopsFile = ../../secrets/forgejo.yaml; sopsFile = "${secrets}/forgejo.yaml";
key = "email_password"; key = "email_password";
format = "yaml"; format = "yaml";
}; };
users = {
users.groups.forgejo = { }; groups = {
users.users.forgejo = { forgejo = { };
forgejo-runner = { };
};
users.forgejo = {
isSystemUser = true; isSystemUser = true;
group = "forgejo"; group = "forgejo";
extraGroups = [ "storage" ]; extraGroups = [ "storage" ];
}; };
users.forgejo-runner = {
isSystemUser = true;
group = "forgejo-runner";
};
};
services.nginx = { services.nginx.virtualHosts."git.donsz.nl" = {
virtualHosts."git.donsz.nl" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
extraConfig = '' extraConfig = ''
client_max_body_size 512M; client_max_body_size 512M;
''; '';
locations."/".proxyPass = "http://[::1]:13121";
locations."/" = {
proxyPass = "http://[::1]:13121";
extraConfig = ''
rewrite ^/user/login.*$ /user/oauth2/pocketid last;
'';
}; };
}; };
@ -57,36 +66,41 @@ in
HTTP_PORT = 13121; HTTP_PORT = 13121;
}; };
service = { service = {
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true; ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false; SHOW_REGISTRATION_BUTTON = false;
ENABLE_PASSWORD_SIGNIN_FORM = false; ENABLE_PASSWORD_SIGNIN_FORM = false;
}; };
openid = {
ENABLE_OPENID_SIGNUP = true;
};
oauth2_client = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_AUTO_REGISTRATION = true;
UPDATE_AVATAR = true;
ACCOUNT_LINKING = "auto";
};
actions = { actions = {
ENABLED = true; ENABLED = true;
DEFAULT_ACTIONS_URL = "github"; DEFAULT_ACTIONS_URL = "github";
}; };
repository = { repository = {
DEFAULT_PRIVATE = "private"; DEFAULT_PRIVATE = "private";
DISABLE_HTTP_GIT = true;
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
SMTP_ADDR = "smtp.fastmail.com"; SMTP_ADDR = "smtp.fastmail.com";
FROM = "git@donsz.nl"; FROM = "git@donsz.nl";
USER = "git@donsz.nl"; USER = "git@donsz.nl";
PASSWD = config.sops.secrets.forgejo.path;
}; };
}; };
mailerPasswordFile = config.sops.secrets.forgejo.path;
};
users.groups.forgejo-runner = { };
users.users.forgejo-runner = {
isSystemUser = true;
group = "forgejo-runner";
}; };
sops.secrets.forgejo-runner = { sops.secrets.forgejo-runner = {
sopsFile = ../../secrets/forgejo-runner.env; sopsFile = "${secrets}/forgejo-runner.env";
}; };
nix = { nix = {
@ -136,6 +150,7 @@ in
wget wget
# used in deployments # used in deployments
flakes.colmena.defaultPackage."x86_64-linux"
lix lix
openssh openssh
]; ];
@ -149,5 +164,4 @@ in
}; };
}; };
networking.firewall.trustedInterfaces = [ "br-+" ]; networking.firewall.trustedInterfaces = [ "br-+" ];
} }

96
hosts/fili/services/immich.nix Normal file
View file

@ -0,0 +1,96 @@
{
config,
pkgs,
secrets,
...
}:
{
users.groups.jellyfin = { };
users.users.immich = {
isSystemUser = true;
group = "immich";
extraGroups = [
"video"
"render"
];
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-ocl
intel-media-driver
];
};
sops.secrets.immich-session-secret = {
sopsFile = "${secrets}/immich.yaml";
key = "client_secret";
format = "yaml";
};
services.nginx.virtualHosts."photos.donsz.nl" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
services.immich = {
enable = true;
port = 2283;
database = {
name = "immich";
createDB = false;
user = "postgres";
host = "localhost";
port = 5432;
};
secretsFile = toString (
pkgs.writeText "db-password" ''
DB_PASSWORD=immich
''
);
settings = {
server.externalDomain = "https://photos.donsz.nl";
logging.level = "verbose";
oauth = {
enabled = true;
clientSecret._secret = config.sops.secrets.immich-session-secret.path;
autoLaunch = true;
autoRegister = true;
buttonText = "Log in";
clientId = "8fd9c066-2298-4991-ba24-7c41bd73192b";
issuerUrl = "https://auth.donsz.nl";
roleClaim = "immich_role";
scope = "openid email profile groups";
tokenEndpointAuthMethod = "client_secret_post";
# storageLabelClaim: "",
# "mobileOverrideEnabled": false,
# "mobileRedirectUri": "",
};
};
mediaLocation = "/storage/storage/media-server/photos";
accelerationDevices = [
"/dev/dri/renderD128"
];
};
}

1
fili/services/matrix-synapse.nix → hosts/fili/services/matrix-synapse.nix
View file

@ -89,6 +89,7 @@ in
} }
]; ];
settings.registration_shared_secret = "eaU6JgZloozOfFU0tdkYh50CQBs8us0WzTuaaoGDWfwzGPwvABBSVXuqJHh5Pijx";
settings.database = { settings.database = {
name = "psycopg2"; name = "psycopg2";
args = { args = {

54
hosts/fili/services/media/autobrr.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, secrets, ... }:
{
sops.secrets.autobrr = {
sopsFile = "${secrets}/autobrr.yaml";
key = "key";
format = "yaml";
};
services.nginx = {
virtualHosts."autobrr.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.services.autobrr.settings.host}:${toString config.services.autobrr.settings.port}";
};
};
};
# oauth access to the service
services.oauth2-proxy.nginx.virtualHosts."autobrr.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.autobrr.settings.port;
# to = config.services.autobrr.settings.port;
# }
# ];
# vpnNamespaces.mullvad.openVPNPorts = [
# {
# # irc port
# port = 7021;
# protocol = "both";
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.autobrr = {
enable = true;
settings = {
logLevel = "DEBUG";
checkForUpdates = false;
host = "localhost";
port = 11012;
};
secretFile = config.sops.secrets.autobrr.path;
};
}

4
fili/services/media/default.nix → hosts/fili/services/media/default.nix
View file

@ -5,6 +5,8 @@ _: {
./sonarr.nix ./sonarr.nix
./torrent.nix ./torrent.nix
./jackett.nix ./jackett.nix
./plex.nix ./jellyfin.nix
./autobrr.nix
./vpn.nix
]; ];
} }

36
hosts/fili/services/media/jackett.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, ... }:
{
services.nginx = {
virtualHosts."jackett.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.jackett.port}";
};
};
};
# vpnNamespaces.mullvad.portMappings = [
# {
# from = config.services.jackett.port;
# to = config.services.jackett.port;
# }
# ];
# systemd.services.autobrr.vpnConfinement = {
# enable = true;
# vpnNamespace = "mullvad";
# };
services.oauth2-proxy.nginx.virtualHosts."jackett.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
services.jackett = {
enable = true;
group = "jellyfin";
user = "jellyfin";
port = 11013;
};
}

150
hosts/fili/services/media/jellyfin.nix Normal file
View file

@ -0,0 +1,150 @@
{
pkgs,
config,
...
}:
let
jellyfin-config = ''
{
"includeCorsCredentials": false,
"multiserver": false,
"themes": [
{
"name": "Apple TV",
"id": "appletv",
"color": "#bcbcbc"
}, {
"name": "Blue Radiance",
"id": "blueradiance",
"color": "#011432"
}, {
"name": "Dark",
"id": "dark",
"color": "#202020",
"default": true
}, {
"name": "Light",
"id": "light",
"color": "#303030"
}, {
"name": "Purple Haze",
"id": "purplehaze",
"color": "#000420"
}, {
"name": "WMC",
"id": "wmc",
"color": "#0c2450"
}
],
"menuLinks": [
{
"name": "Link SSO Account",
"icon": "add_link",
"url": "https://media.donsz.nl/SSOViews/linking"
}
],
"servers": [],
"plugins": [
"playAccessValidation/plugin",
"experimentalWarnings/plugin",
"htmlAudioPlayer/plugin",
"htmlVideoPlayer/plugin",
"photoPlayer/plugin",
"comicsPlayer/plugin",
"bookPlayer/plugin",
"youtubePlayer/plugin",
"backdropScreensaver/plugin",
"pdfPlayer/plugin",
"logoScreensaver/plugin",
"sessionPlayer/plugin",
"chromecastPlayer/plugin",
"syncPlay/plugin"
]
}
'';
in
{
environment.systemPackages = [
pkgs.jellyfin
pkgs.jellyfin-web
pkgs.jellyfin-ffmpeg
];
services.nginx.virtualHosts."media.donsz.nl" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8096";
extraConfig = ''
proxy_buffering off;
'';
};
locations."/socket" = {
inherit (config.services.nginx.virtualHosts."media.donsz.nl".locations."/")
proxyPass
;
proxyWebsockets = true;
};
};
users.groups.jellyfin = { };
users.users.jellyfin = {
isSystemUser = true;
group = "jellyfin";
extraGroups = [ "storage" ];
};
services.nginx.virtualHosts."media.donsz.nl".locations."/web/config.json".extraConfig = ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${jellyfin-config}';
'';
services.jellyfin = {
enable = true;
openFirewall = true;
user = "jellyfin";
group = "jellyfin";
};
# Only set this if you're using intel-vaapi-driver (see below):
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
};
systemd.services.jellyfin.environment.LIBVA_DRIVER_NAME = "iHD"; # or i965, see below
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
}; # ditto
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-ocl
intel-media-driver
# intel-media-sdk
];
};
# hardware.graphics = {
# enable = true;
# package = pkgs.intel-media-driver;
# };
# systemd.services.jellyfin = {
# # if EncoderAppPath is manually set in the web UI, it can never be updated through --ffmpeg
# preStart = "test ! -e /var/lib/jellyfin/config/encoding.xml || sed -i '/<EncoderAppPath>/d' /var/lib/jellyfin/config/encoding.xml";
# serviceConfig = {
# # allow access to GPUs for hardware transcoding
# DeviceAllow = lib.mkForce "char-drm";
# BindPaths = lib.mkForce "/dev/dri";
# # to allow restarting from web ui
# Restart = lib.mkForce "always";
# Slice = "mediaplayback.slice";
# };
# };
}

27
hosts/fili/services/media/overseerr.nix Normal file
View file

@ -0,0 +1,27 @@
{ ... }:
let
port = 11002;
in
{
services.nginx.virtualHosts."req.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:${toString port}";
};
};
virtualisation.oci-containers.containers = {
overseerr = {
image = "ghcr.io/fallenbagel/jellyseerr:preview-seerr";
environment = {
};
extraOptions = [ "--network=host" ];
volumes = [
"/var/lib/microvms/rr/storage/data/overseerr:/app/config"
];
};
};
}

11
fili/services/media/radarr.nix → hosts/fili/services/media/radarr.nix
View file

@ -1,4 +1,4 @@
{ ... }: { pkgs, ... }:
{ {
services.nginx = { services.nginx = {
virtualHosts."radarr.donsz.nl" = { virtualHosts."radarr.donsz.nl" = {
@ -11,10 +11,19 @@
}; };
}; };
}; };
services.oauth2-proxy.nginx.virtualHosts."radarr.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
services.radarr = { services.radarr = {
enable = true; enable = true;
group = "jellyfin"; group = "jellyfin";
user = "jellyfin"; user = "jellyfin";
environmentFiles = [
(pkgs.writeText "env" ''
RADARR__AUTH__METHOD="External"
'')
];
}; };
} }

12
fili/services/media/sonarr.nix → hosts/fili/services/media/sonarr.nix
View file

@ -1,4 +1,5 @@
_: { { pkgs, ... }:
{
services.nginx = { services.nginx = {
virtualHosts."sonarr.donsz.nl" = { virtualHosts."sonarr.donsz.nl" = {
forceSSL = true; forceSSL = true;
@ -10,10 +11,19 @@ _: {
}; };
}; };
}; };
services.oauth2-proxy.nginx.virtualHosts."sonarr.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
services.sonarr = { services.sonarr = {
enable = true; enable = true;
group = "jellyfin"; group = "jellyfin";
user = "jellyfin"; user = "jellyfin";
environmentFiles = [
(pkgs.writeText "env" ''
SONARR__AUTH__METHOD="External"
'')
];
}; };
} }

73
hosts/fili/services/media/torrent.nix Normal file
View file

@ -0,0 +1,73 @@
{ pkgs, ... }:
{
vpnNamespaces.mullvad.portMappings = [
{
from = 9091;
to = 9091;
} # UI Port.
{
from = 5432;
to = 5432;
} # DB Port.
];
vpnNamespaces.mullvad.openVPNPorts = [
{
port = 50909;
protocol = "both";
}
];
services.nginx = {
virtualHosts."dl.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://192.168.15.1:9091";
};
};
};
services.oauth2-proxy.nginx.virtualHosts."dl.donsz.nl" = {
allowed_groups = [ "torrent" ];
};
systemd.services.transmission.vpnConfinement = {
enable = true;
vpnNamespace = "mullvad";
};
services.transmission = {
enable = true;
package = pkgs.transmission_4;
webHome = pkgs.stdenv.mkDerivation {
name = "flood-modified";
version = "1.0";
src = pkgs.flood-for-transmission;
installPhase = ''
mkdir -p $out
cp -r ./* $out
cp ./config.json.defaults $out/config.json
'';
};
home = "/var/lib/transmission";
user = "jellyfin";
group = "jellyfin";
settings = {
download-dir = "/storage/storage/torrents";
incomplete-dir-enabled = false;
incomplete-dir = "/storage/storage/torrents";
rpc-bind-address = "192.168.15.1";
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
rpc-port = 9091;
peer-port = 50909;
cache-size-mb = 2048;
preallocation = 1;
};
};
}

16
hosts/fili/services/media/vpn.nix Normal file
View file

@ -0,0 +1,16 @@
{ config, secrets, ... }:
{
sops.secrets.mullvad = {
sopsFile = "${secrets}/mullvad.yaml";
owner = "root";
format = "yaml";
};
vpnNamespaces.mullvad = {
enable = true;
wireguardConfigFile = config.sops.secrets.mullvad.path;
accessibleFrom = [
"192.168.0.0/16"
];
};
}

371
hosts/fili/services/metrics.nix Normal file
View file

@ -0,0 +1,371 @@
{
pkgs,
config,
secrets,
...
}:
let
lib = pkgs.lib;
in
{
services.prometheus = {
enable = true;
globalConfig = {
scrape_interval = "15s";
};
scrapeConfigs =
map
(
{ name, value }:
{
job_name = name;
static_configs = [
{
targets = [
"${config.services.prometheus.exporters.${name}.listenAddress}:${
toString config.services.prometheus.exporters.${name}.port
}"
];
}
];
}
)
(
builtins.filter (
{ value, ... }: (builtins.tryEval value).success && (builtins.isAttrs value) && value.enable
) (lib.attrsToList config.services.prometheus.exporters)
);
};
services.prometheus.exporters = {
node = {
enable = true;
port = 9001;
listenAddress = "127.0.0.1";
enabledCollectors = [
"cpu"
"filesystem"
"loadavg"
"systemd"
];
disabledCollectors = [ "rapl" ];
extraFlags = [
"--collector.ethtool"
"--collector.softirqs"
"--collector.tcpstat"
];
};
process = {
enable = true;
listenAddress = "127.0.0.1";
port = 9256;
};
smartctl = {
enable = true;
port = 9633;
listenAddress = "127.0.0.1";
};
postgres = {
enable = true;
port = 9634;
listenAddress = "127.0.0.1";
runAsLocalSuperUser = true;
};
};
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
grpc_listen_port = 9096;
};
common = {
instance_addr = "127.0.0.1";
path_prefix = "/tmp/loki";
storage = {
filesystem = {
chunks_directory = "/tmp/loki/chunks";
rules_directory = "/tmp/loki/rules";
};
};
replication_factor = 1;
ring = {
kvstore = {
store = "inmemory";
};
};
};
query_range = {
results_cache = {
cache = {
embedded_cache = {
enabled = true;
max_size_mb = 100;
};
};
};
};
limits_config = {
allow_structured_metadata = false;
reject_old_samples = true;
reject_old_samples_max_age = "120d";
retention_period = "120d";
};
schema_config = {
configs = [
{
from = "2020-10-24";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
{
from = "2024-07-11";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
ruler = {
alertmanager_url = "http://localhost:9093";
};
analytics.reporting_enabled = false;
};
};
systemd.services.promtail.serviceConfig.User = lib.mkForce "nginx";
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}
];
scrape_configs = [
{
job_name = "nginx";
static_configs = [
{
targets = [ "localhost" ];
labels = {
job = "nginx";
host = "fili";
__path__ = "/var/log/nginx/json_access.log";
};
}
];
pipeline_stages = [
{
json = {
expressions = {
msec = "msec";
connection = "connection";
connection_requests = "connection_requests";
pid = "pid";
request_id = "request_id";
request_length = "request_length";
remote_addr = "remote_addr";
remote_user = "remote_user";
remote_port = "remote_port";
time_local = "time_local";
time_iso8601 = "time_iso8601";
request = "request";
request_uri = "request_uri";
args = "args";
status = "status";
body_bytes_sent = "body_bytes_sent";
bytes_sent = "bytes_sent";
http_referer = "http_referer";
http_user_agent = "http_user_agent";
http_x_forwarded_for = "http_x_forwarded_for";
http_host = "http_host";
server_name = "server_name";
request_time = "request_time";
upstream = "upstream";
upstream_connect_time = "upstream_connect_time";
upstream_header_time = "upstream_header_time";
upstream_response_time = "upstream_response_time";
upstream_response_length = "upstream_response_length";
upstream_cache_status = "upstream_cache_status";
ssl_protocol = "ssl_protocol";
ssl_cipher = "ssl_cipher";
scheme = "scheme";
request_method = "request_method";
server_protocol = "server_protocol";
pipe = "pipe";
gzip_ratio = "gzip_ratio";
http_cf_ray = "http_cf_ray";
};
};
}
{
timestamp = {
source = "msec";
format = "Unix";
};
}
# {
# geoip = {
# db = "/var/lib/geoip-databases/GeoLite2-City.mmdb";
# source = "remote_addr";
# db_type = "city";
# };
# }
# {
# pack = {
# labels = [ "geoip_country_name" ];
# };
# }
];
}
{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "fili";
};
};
relabel_configs = [
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}
];
}
];
};
};
services.grafana = {
enable = true;
settings = {
server = {
domain = "metrics.donsz.nl";
http_port = 2342;
http_addr = "127.0.0.1";
};
"auth.anonymous".enabled' = true;
};
provision = {
enable = true;
datasources = {
settings.datasources = [
{
type = "prometheus";
name = "Prometheus";
url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
}
{
name = "Loki";
type = "loki";
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}";
}
];
};
};
};
sops.secrets.geoip = {
sopsFile = "${secrets}/geoip.yaml";
key = "key";
format = "yaml";
};
services.geoipupdate = {
enable = true;
settings = {
LicenseKey = config.sops.secrets.geoip.path;
AccountID = 1247225;
DatabaseDirectory = "/var/lib/geoip-databases";
EditionIDs = [
"GeoLite2-ASN"
"GeoLite2-City"
"GeoLite2-Country"
];
};
};
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass =
"http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
};
services.nginx.package = pkgs.nginxStable.override (oldAttrs: {
modules = with pkgs.nginxModules; [ geoip2 ];
buildInputs = oldAttrs.buildInputs ++ [ pkgs.libmaxminddb ];
});
services.nginx.commonHttpConfig = ''
autoindex_localtime on;
geoip2 /var/lib/geoip-databases/GeoLite2-Country.mmdb {
$geoip2_data_country_iso_code country iso_code;
}
log_format json_analytics escape=json '{'
'"msec": "$msec", ' # request unixtime in seconds with a milliseconds resolution
'"connection": "$connection", ' # connection serial number
'"connection_requests": "$connection_requests", ' # number of requests made in connection
'"pid": "$pid", ' # process pid
'"request_id": "$request_id", ' # the unique request id
'"request_length": "$request_length", ' # request length (including headers and body)
'"remote_addr": "$remote_addr", ' # client IP
'"remote_user": "$remote_user", ' # client HTTP username
'"remote_port": "$remote_port", ' # client port
'"time_local": "$time_local", '
'"time_iso8601": "$time_iso8601", ' # local time in the ISO 8601 standard format
'"request": "$request", ' # full path no arguments if the request
'"request_uri": "$request_uri", ' # full path and arguments if the request
'"args": "$args", ' # args
'"status": "$status", ' # response status code
'"body_bytes_sent": "$body_bytes_sent", ' # the number of body bytes exclude headers sent to a client
'"bytes_sent": "$bytes_sent", ' # the number of bytes sent to a client
'"http_referer": "$http_referer", ' # HTTP referer
'"http_user_agent": "$http_user_agent", ' # user agent
'"http_x_forwarded_for": "$http_x_forwarded_for", ' # http_x_forwarded_for
'"http_host": "$http_host", ' # the request Host: header
'"server_name": "$server_name", ' # the name of the vhost serving the request
'"request_time": "$request_time", ' # request processing time in seconds with msec resolution
'"upstream": "$upstream_addr", ' # upstream backend server for proxied requests
'"upstream_connect_time": "$upstream_connect_time", ' # upstream handshake time incl. TLS
'"upstream_header_time": "$upstream_header_time", ' # time spent receiving upstream headers
'"upstream_response_time": "$upstream_response_time", ' # time spend receiving upstream body
'"upstream_response_length": "$upstream_response_length", ' # upstream response length
'"upstream_cache_status": "$upstream_cache_status", ' # cache HIT/MISS where applicable
'"ssl_protocol": "$ssl_protocol", ' # TLS protocol
'"ssl_cipher": "$ssl_cipher", ' # TLS cipher
'"scheme": "$scheme", ' # http or https
'"request_method": "$request_method", ' # request method
'"server_protocol": "$server_protocol", ' # request protocol, like HTTP/1.1 or HTTP/2.0
'"pipe": "$pipe", ' # "p" if request was pipelined, "." otherwise
'"gzip_ratio": "$gzip_ratio", '
'"http_cf_ray": "$http_cf_ray", '
'"geoip_country_code": "$geoip2_data_country_iso_code"'
'}';
access_log /var/log/nginx/json_access.log json_analytics;
'';
}

1
fili/services/nginx.nix → hosts/fili/services/nginx.nix
View file

@ -19,5 +19,4 @@
security.acme.defaults.email = "jana@donsz.nl"; security.acme.defaults.email = "jana@donsz.nl";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.preliminarySelfsigned = true;
} }

56
hosts/fili/services/obsidian-sync.nix Normal file
View file

@ -0,0 +1,56 @@
{
pkgs,
config,
secrets,
...
}:
let
port = 5984;
in
{
sops.secrets.obsidian-sync = {
sopsFile = "${secrets}/obsidian-sync.ini";
format = "ini";
owner = "couchdb";
};
services.couchdb = {
enable = true;
inherit port;
package = pkgs.couchdb3;
configFile = config.sops.secrets.obsidian-sync.path;
extraConfig = {
chttpd = {
require_valid_user = true;
enable_cors = true;
max_http_request_size = 4294967296;
};
chttpd_auth.require_valid_user = true;
httpd = {
WWW-Authenticate = ''Basic realm="couchdb"'';
enable_cors = true;
};
couchdb.max_document_size = 50000000;
cors = {
credentials = true;
headers = "accept, authorization, content-type, origin, referer";
methods = "GET,PUT,POST,HEAD,DELETE";
max_age = 3600;
origins = "app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://obsidian.donsz.nl,http://obsidian.donsz.nl,https://obsidian.donsz.nl";
};
};
};
services.nginx.virtualHosts."obsidian.donsz.nl" = {
forceSSL = true;
enableACME = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "http://localhost:${toString port}";
};
}

14
hosts/fili/services/websites/compiler-construction-2021.nix Normal file
View file

@ -0,0 +1,14 @@
{ pkgs, flakes, ... }:
{
services.nginx = {
virtualHosts."compiler-construction-2021.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.compiler-construction-2021.packages.${pkgs.system}.website;
};
};
};
}

3
fili/services/websites/default.nix → hosts/fili/services/websites/default.nix
View file

@ -5,5 +5,8 @@ _: {
./totpal.nix ./totpal.nix
./harmonica-tabs.nix ./harmonica-tabs.nix
./mapf.nix ./mapf.nix
./compiler-construction-2021.nix
./mapfm-poster.nix
./money-is-fckn-gay.nix
]; ];
} }

0
fili/services/websites/harmonica-tabs.nix → hosts/fili/services/websites/harmonica-tabs.nix
View file

48
hosts/fili/services/websites/homepage.nix Normal file
View file

@ -0,0 +1,48 @@
{ flakes, pkgs, ... }:
{
services.nginx = {
virtualHosts."donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website}";
};
};
virtualHosts."blog.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/".return = "301 https://donsz.nl/blog";
};
virtualHosts."gay.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website-gay}";
};
};
virtualHosts."jana.is.fckn.gay" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website-gay}";
};
};
virtualHosts."jdonszelmann.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = "${flakes.homepage.packages.${pkgs.system}.website}";
};
};
};
}

51
hosts/fili/services/websites/mapf.nix Normal file
View file

@ -0,0 +1,51 @@
{
config,
flakes,
pkgs,
secrets,
...
}:
{
sops.secrets.mapf = {
sopsFile = "${secrets}/mapf-prod.env";
};
services.nginx = {
virtualHosts."mapf.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://[::1]:8080";
};
};
};
systemd.services.mapf-server =
let
package = flakes.mapf.packages.${pkgs.system}.default;
in
{
description = "mapf-server";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
DynamicUser = "yes";
ExecStart = "${package}/mapf_server_bin";
Restart = "on-failure";
RestartSec = "5s";
EnvironmentFile = config.sops.secrets.mapf.path;
WorkingDirectory = "${package}";
};
environment = {
MAPF_TEMPLATEFOLDER = "${package}/templates";
MAPF_DBUSER = "mapfprod";
MAPF_DBPASSWORD = "";
MAPF_DBPORT = "3306";
MAPF_DBHOST = "localhost";
MAPF_DBDATABASE = "mapfprod";
};
};
}

26
hosts/fili/services/websites/mapfm-poster.nix Normal file
View file

@ -0,0 +1,26 @@
{ pkgs, ... }:
{
services.nginx.virtualHosts."mapfm-poster.donsz.nl" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = pkgs.stdenv.mkDerivation rec {
pname = "research-project-poster";
version = "2021-06-27";
src = pkgs.fetchFromGitHub {
owner = "jdonszelmann";
repo = "research-project";
rev = "f1c0c5d839197f825b555780271781281ba10ac3";
sha256 = "sha256-YJxcLRABU3yRS/U/XNLpTIXtve0cFfnwPKr+1oY0HeY=";
};
installPhase = ''
mkdir -p $out
cp -r assets/final_poster/* $out
'';
};
};
};
}

86
hosts/fili/services/websites/money-is-fckn-gay.nix Normal file
View file

@ -0,0 +1,86 @@
{
pkgs,
flakes,
...
}:
let
mifg-config = api-url: api-port: public-url: service-name: {
nginx = {
virtualHosts."${api-url}" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString api-port}";
proxyWebsockets = true;
};
};
virtualHosts."${public-url}" = {
forceSSL = true;
http2 = true;
enableACME = true;
locations."/" = {
root = flakes.mifg.packages.${pkgs.system}.frontend.override {
api_base_url = "https://${api-url}";
};
tryFiles = "$uri $uri/ /index.html";
};
};
};
service = {
description = "money is fckn gay";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
restartIfChanged = true;
serviceConfig = {
ExecStart = "${flakes.mifg.packages.${pkgs.system}.backend}/bin/backend";
Restart = "always";
# EnvironmentFile = "/run/secrets/reviewqueue";
StateDirectory = "${service-name}";
};
environment = {
MIFG_DATABASE_LOCATION = "/var/lib/${service-name}/db.sqlite";
MIFG_FRONTEND_ORIGIN = "https://${public-url}";
MIFG_PORT = toString api-port;
LD_LIBRARY_PATH =
with pkgs;
lib.makeLibraryPath [
openssl
sqlite
];
};
};
};
real = (mifg-config "api.money.is.fckn.gay" 11009 "money.is.fckn.gay" "money");
staging = (mifg-config "api.money-staging.donsz.nl" 11010 "money-staging.donsz.nl" "money-staging");
lib = pkgs.lib;
in
{
services.nginx = lib.mkMerge [
real.nginx
staging.nginx
];
systemd.services.money = real.service;
systemd.services.money-staging = lib.mkMerge [
staging.service
{
serviceConfig.ExecStartPre = "${(pkgs.writeShellScriptBin "setup-staging" ''
REAL_DB_LOCATION="/var/lib/money/"
STAGING_DB_LOCATION="/var/lib/money-staging/"
echo "$REAL_DB_LOCATION"
echo "$STAGING_DB_LOCATION"
mkdir -p $STAGING_DB_LOCATION
cp -r $REAL_DB_LOCATION/* $STAGING_DB_LOCATION
'')}/bin/setup-staging";
}
];
}

24
fili/services/websites/reviewqueue.nix → hosts/fili/services/websites/reviewqueue.nix
View file

@ -1,7 +1,12 @@
{ pkgs, flakes, ... }: {
pkgs,
flakes,
secrets,
...
}:
{ {
sops.secrets.reviewqueue = { sops.secrets.reviewqueue = {
sopsFile = ../../../secrets/reviewqueue.env; sopsFile = "${secrets}/reviewqueue.env";
}; };
services.nginx = { services.nginx = {
@ -11,7 +16,8 @@
enableACME = true; enableACME = true;
locations."/" = { locations."/" = {
proxyPass = "http://[::1]:3000"; proxyPass = "http://localhost:3000";
proxyWebsockets = true;
}; };
}; };
}; };
@ -20,19 +26,25 @@
description = "Review Queue"; description = "Review Queue";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; # if networking is needed after = [ "network.target" ];
restartIfChanged = true; # set to false, if restarting is problematic restartIfChanged = true;
serviceConfig = { serviceConfig = {
ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue"; ExecStart = "${flakes.reviewqueue.packages.${pkgs.system}.default}/bin/reviewqueue";
Restart = "always"; Restart = "always";
EnvironmentFile = "/run/secrets/reviewqueue"; EnvironmentFile = "/run/secrets/reviewqueue";
StateDirectory = "/var/lib/reviewqueue"; StateDirectory = "reviewqueue";
}; };
environment = { environment = {
DB_PATH = "/var/lib/reviewqueue/db.sqlite"; DB_PATH = "/var/lib/reviewqueue/db.sqlite";
LD_LIBRARY_PATH =
with pkgs;
lib.makeLibraryPath [
openssl
sqlite
];
}; };
}; };
} }

0
fili/services/websites/totpal.nix → hosts/fili/services/websites/totpal.nix
View file

0
fili/storage.nix → hosts/fili/storage.nix
View file

170
hosts/kili/configuration.nix Normal file
View file

@ -0,0 +1,170 @@
{
pkgs,
config,
...
}:
{
imports = [
./hardware-configuration.nix
../../default-machine-config.nix
];
custom.machine = {
type = "pc";
capabilities = [
"cli"
"graphical"
"work"
"fun"
];
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "kili";
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "nl_NL.UTF-8";
LC_IDENTIFICATION = "nl_NL.UTF-8";
LC_MEASUREMENT = "nl_NL.UTF-8";
LC_MONETARY = "nl_NL.UTF-8";
LC_NAME = "nl_NL.UTF-8";
LC_NUMERIC = "nl_NL.UTF-8";
LC_PAPER = "nl_NL.UTF-8";
LC_TELEPHONE = "nl_NL.UTF-8";
LC_TIME = "nl_NL.UTF-8";
};
services.xserver.xkb = {
layout = "us";
variant = "";
};
users.users.jana = {
extraGroups = [
"networkmanager"
"wheel"
];
packages = with pkgs; [ ];
};
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
firefox
kitty
pkgs.custom.niri
zed-editor
signal-desktop
discord
nautilus
adwaita-icon-theme
(pkgs.callPackage (
{ stdenv }:
stdenv.mkDerivation {
name = "global-cursor-theme";
unpackPhase = "true";
outputs = [ "out" ];
installPhase = ''
mkdir -p $out/share/icons/default
cat << EOF > $out/share/icons/default/index.theme
[Icon Theme]
Name=Default
Comment=Default Cursor Theme
Inherits=Adwaita
EOF
'';
}
) { })
];
services.xserver.enable = true;
services.displayManager.gdm.enable = true;
services.desktopManager.gnome.enable = true;
services.gnome.gnome-keyring.enable = true;
services.gvfs.enable = true;
services.displayManager.sessionPackages = [ pkgs.custom.niri ];
programs.dconf.enable = true;
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
services.xserver.videoDrivers = [
"modesetting"
"nvidia"
];
hardware.graphics.enable = true;
hardware.graphics.extraPackages = with pkgs; [
libva-vdpau-driver
intel-media-driver
];
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
};
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = false;
# use nvidia opensource driver (not nouveau!!)
open = true;
nvidiaSettings = true;
prime = {
offload = {
enable = true;
enableOffloadCmd = true;
};
intelBusId = "PCI:0@00:02:0";
nvidiaBusId = "PCI:0@01:00:0";
};
package = config.boot.kernelPackages.nvidiaPackages.mkDriver {
version = "580.95.05";
sha256_64bit = "sha256-hJ7w746EK5gGss3p8RwTA9VPGpp2lGfk5dlhsv4Rgqc=";
sha256_aarch64 = "sha256-zLRCbpiik2fGDa+d80wqV3ZV1U1b4lRjzNQJsLLlICk=";
openSha256 = "sha256-RFwDGQOi9jVngVONCOB5m/IYKZIeGEle7h0+0yGnBEI=";
settingsSha256 = "sha256-F2wmUEaRrpR1Vz0TQSwVK4Fv13f3J9NJLtBe4UP2f14=";
persistencedSha256 = "sha256-QCwxXQfG/Pa7jSTBB0xD3lsIofcerAWWAHKvWjWGQtg=";
patchesOpen = [
(pkgs.fetchpatch {
name = "get_dev_pagemap.patch";
url = "https://github.com/NVIDIA/open-gpu-kernel-modules/commit/3e230516034d29e84ca023fe95e284af5cd5a065.patch";
hash = "sha256-BhL4mtuY5W+eLofwhHVnZnVf0msDj7XBxskZi8e6/k8=";
})
];
};
};
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
nix.settings = {
# users that can interact with nix
trusted-users = [
"jana"
"root"
];
};
}

31
hosts/kili/hardware-configuration.nix Normal file
View file

@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4919727e-d114-4d57-b206-522b5df5fccc";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/26CD-373C";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
modules/capabilities.nix Normal file
View file

@ -0,0 +1,10 @@
[
# needs configs for cli access
"cli"
# needs configs for ui like a desktop manager and login manager
"graphical"
# needs configs for work computers like libreoffice etc
"work"
# needs configs for fun use, like steam
"fun"
]

16
modules/home-info.nix Normal file
View file

@ -0,0 +1,16 @@
{
lib,
...
}:
with lib;
{
options = {
custom.home-info = mkOption {
type = types.submodule {
options = {
};
};
};
};
}

25
modules/machine-type.nix Normal file
View file

@ -0,0 +1,25 @@
{
lib,
...
}:
with lib;
{
options = {
custom.machine = mkOption {
type = types.submodule {
options = {
type = mkOption {
type = types.enum [
"server"
"pc"
];
};
capabilities = mkOption {
type = types.listOf (types.enum (import ./capabilities.nix));
default = [ "cli" ];
};
};
};
};
};
}

36
modules/program.nix Normal file
View file

@ -0,0 +1,36 @@
{
lib,
options,
...
}:
with lib;
{
options = {
custom.program = mkOption {
type = types.attrsOf (
types.submodule (
{ config, ... }:
{
options = {
name = mkOption {
type = types.string;
};
requirements = mkOption {
type = types.listOf (types.enum (import ./capabilities.nix));
default = [ "cli" ];
};
home-config = mkOption {
type = types.deferredModule;
};
system-config = mkOption {
# type = types.attrs;
type = types.deferredModule;
default = { };
};
};
}
)
);
};
};
}

109
modules/users.nix Normal file
View file

@ -0,0 +1,109 @@
{
lib,
pkgs,
config,
...
}:
with lib;
let
cfg = config.custom.users;
machine = config.custom.machine;
valid-on-machine =
on:
# TODO: iterate over possibilities
if machine.type == "server" then
on.server
else if machine.type == "pc" then
on.pc
else
false;
matches-capabilities =
# all requirements are contained in the machine capabilities
requirements: lib.all (req: builtins.elem req machine.capabilities) requirements;
users = lib.filterAttrs (_: value: valid-on-machine value.on) cfg;
home-users = lib.filterAttrs (_: value: value.apply-home-configs) users;
stateVersion = config.system.stateVersion;
programs = lib.attrsets.attrValues config.custom.program;
valid-programs = builtins.filter (program: matches-capabilities program.requirements) programs;
in
{
options =
let
userType = types.submodule {
options = {
name = mkOption {
type = types.str;
default = [ ];
};
groups = mkOption {
type = types.listOf types.str;
default = [ ];
};
keys = mkOption {
type = types.listOf types.str;
default = [ ];
};
shell = mkOption {
type = types.package;
default = pkgs.fish;
};
on = mkOption {
type = types.submodule {
options = {
server = mkOption {
type = types.bool;
default = true;
};
pc = mkOption {
type = types.bool;
default = false;
};
};
};
default = { };
};
apply-home-configs = mkOption {
type = types.bool;
default = false;
};
};
};
in
{
custom.users = mkOption {
type = types.attrsOf userType;
};
};
config = lib.mkMerge ([
{
users.extraUsers = lib.mapAttrs (name: value: {
isNormalUser = true;
extraGroups = value.groups;
openssh.authorizedKeys.keys = value.keys;
shell = value.shell;
description = name;
}) users;
home-manager.users = lib.mapAttrs (
name: value:
(
{ pkgs, lib, ... }:
{
imports = (
[
./home-info.nix
]
++ (map (program: program.home-config) valid-programs)
);
home = {
inherit stateVersion;
username = name;
homeDirectory = "/home/${name}";
};
}
)
) home-users;
}
]);
}

25
programs/cosmic/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs
, lib
, cosmicLib
, ...
}:
let
ron = cosmicLib.cosmic.mkRON;
in
{
wayland.desktopManager.cosmic = {
enable = true;
# shortcuts = [
# {
# action = ron "enum" "Close";
# key = "Super+Q";
# }
# {
# action = ron "enum" "maximize";
# key = "Super+d";
# }
# ];
};
}

80
programs/default.nix Normal file
View file

@ -0,0 +1,80 @@
{
pkgs,
...
}:
{
imports = [
./nvim
./fish
./kanata
./kitty
./tmux
./git
./jj
./niri
./zed
./firefox
];
custom.program.graphcial-packages = {
requirements = [ "graphical" ];
home-config = _: {
home.packages = with pkgs; [
spotify
obsidian
];
};
};
custom.program.fun-packages = {
requirements = [ "fun" ];
home-config = _: {
home.packages = with pkgs; [
p1n3appl3.tab
];
};
};
custom.program.cli-packages = {
requirements = [ "cli" ];
home-config = _: {
home.packages = with pkgs; [
rustup
sops
];
};
};
custom.program.homedirs = {
home-config =
{ config, ... }:
{
home.file = {
"dl".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.download}";
"doc".source = config.lib.file.mkOutOfStoreSymlink "${config.xdg.userDirs.documents}";
};
};
};
custom.program.xdg = {
home-config =
{ config, ... }:
{
xdg = {
enable = true;
configHome = "${config.home.homeDirectory}/.config";
userDirs = {
enable = true;
documents = "${config.home.homeDirectory}/Documents";
desktop = "${config.home.homeDirectory}/Documents";
download = "${config.home.homeDirectory}/Downloads";
music = "${config.home.homeDirectory}/Documents/personal/music";
pictures = "${config.home.homeDirectory}/Documents/personal/pictures";
};
mime.enable = true;
};
};
};
}

165
programs/firefox/default.nix Normal file
View file

@ -0,0 +1,165 @@
_: {
custom.program.firefox.requirements = [ "graphical" ];
custom.program.firefox.home-config =
{
config,
flakes,
pkgs,
...
}:
let
ff-pkgs = flakes.firefox-addons.packages.${pkgs.system};
lock-false = {
Value = false;
Status = "locked";
};
# lock-true = {
# Value = true;
# Status = "locked";
# };
in
{
programs.firefox = {
enable = true;
package = pkgs.wrapFirefox pkgs.firefox-unwrapped {
extraPolicies = {
DisableFormHistory = true;
OfferToSaveLogins = false;
PasswordManagerEnabled = false;
AppAutoUpdate = false;
DisableFirefoxStudies = true;
DisablePocket = true;
DisableTelemetry = true;
UserMessaging = {
WhatsNew = true;
ExtensionRecommendations = false;
FeatureRecommendations = false;
UrlbarInterventions = false;
SkipOnboarding = true;
MoreFromMozilla = false;
Locked = true;
};
FirefoxHome = {
Search = true;
TopSites = false;
SponsoredTopSites = false;
Highlights = false;
Pocket = false;
SponsoredPocket = false;
Snippets = false;
Locked = false;
};
FirefoxSuggest = {
WebSuggestions = false;
SponsoredSuggestions = false;
ImproveSuggest = false;
Locked = true;
};
# TODO: https://github.com/TheRealGramdalf/nixos/blob/83f4339b121175f47940314bf5811080ac42c316/users/games/firefox/privacy.nix
};
};
profiles.default = {
id = 0;
name = "profile_0";
isDefault = true;
settings = {
# specify profile-specific preferences here; check about:config for options
"browser.newtabpage.activity-stream.feeds.section.highlights" = false;
"browser.startup.page" = 3; # Restore previous tabs
"extensions.autoDisableScopes" = 0;
"extensions.pocket.enabled" = lock-false;
"browser.tabs.closeWindowWithLastTab" = lock-false;
"sidebar.position_start" = false; # sidebar on the right
"toolkit.legacyUserProfileCustomizations.stylesheets" = true;
"browser.toolbars.bookmarks.visibility" = "always";
};
userChrome = builtins.readFile ./userChrome.css;
userContent = builtins.readFile ./userChrome.css;
extensions.packages = with ff-pkgs; [
bitwarden
ublock-origin
sidebery
sponsorblock
# vimium
];
bookmarks = {
force = true;
settings = [
{
keyword = "!w";
url = "https://www.wikipedia.org/w/index.php?title=Special:Search&search=%s";
}
{
keyword = "!m";
url = "https://www.google.com/maps?q=%s";
}
{
keyword = "!git";
url = "https://github.com/search?q=%s&type=code";
}
{
keyword = "!std";
url = "https://std.rs%s";
}
{
keyword = "!rust";
url = "https://docs.rs/releases/search?query=%s";
}
{
keyword = "!np";
url = "https://search.nixos.org/packages?query=%s";
}
{
keyword = "!nho";
url = "https://home-manager-options.extranix.com/?query=%s";
}
{
keyword = "!no";
url = "https://search.nixos.org/options?query=%s";
}
# {
# name = "bank";
# toolbar = true;
# url = "https://web.bunq.com/user";
# }
];
};
# extensions.settings = {
# "${ff-pkgs.sidebery.addonId}".settings = {
# sidebar = {
# # panels = with builtins; with lib; listToAttrs (map ffContainerToSideberryPanel (attrsToList containers));
# # nav = [ "Personal" "Programming"];
# };
# # https://github.com/Dash-L/nixconfig/blob/c30f6d1486a3fe2b3793ab0cb13a88edefe83b7a/home/firefox.nix#L82
# settings = {
# pinnedTabsPosition = "top";
# hideEmptyPanels = false;
# activateAfterClosing = "prev";
# activateAfterClosingStayInPanel = true;
# newTabCtxReopen = true;
# };
# };
# };
};
};
xdg.mimeApps = {
defaultApplications."x-scheme-handler/http" = [
"firefox.desktop"
];
defaultApplications."x-scheme-handler/https" = [
"firefox.desktop"
];
defaultApplications."text/html" = [ "firefox.desktop" ];
defaultApplications."x-scheme-handler/about" = [ "firefox.desktop" ];
defaultApplications."x-scheme-handler/unknown" = [ "firefox.desktop" ];
};
};
}

3
programs/firefox/userChrome.css Normal file
View file

@ -0,0 +1,3 @@
#TabsToolbar {
visibility: collapse;
}

241
programs/fish/default.nix Normal file
View file

@ -0,0 +1,241 @@
_: {
custom.program.fish.requirements = [ "cli" ];
custom.program.fish.home-config =
{
config,
pkgs,
lib,
...
}:
with builtins;
with lib.attrsets;
let
scripts = (import ./scripts.nix) pkgs;
aliases = with scripts; {
"cp-mov" = cp-media "mov" "movies";
"cp-ser" = cp-media "ser" "shows";
"cp-ani" = cp-media "ani" "anime";
"dumpasm" = "${pkgs.custom.dumpasm}/bin/dumpasm";
"p" = builtins.trace calc calc;
"s" = "systemctl";
"j" = "journalctl";
"ju" = "journalctl -u";
"jfu" = "journalctl -fu";
"ls" = "${pkgs.eza}/bin/eza --git";
"ll" = "${pkgs.eza}/bin/eza --git";
"lt" = "${pkgs.eza}/bin/eza --long --tree -L 3";
"open" = "${pkgs.xdg-utils}/bin/xdg-open";
"cb" = "${pkgs.wl-clipboard-rs}/bin/wl-copy";
"cat" = "${pkgs.bat}/bin/bat";
# "pull" = "${pkgs.git}/bin/git pull";
# "push" = "${pkgs.git}/bin/git push";
# "commit" = "${pkgs.git}/bin/git commit";
# "add" = "${pkgs.git}/bin/git add";
# "patch" = "${pkgs.git}/bin/git add -p";
# "amend" = "${pkgs.git}/bin/git commit --amend";
# "log" = "${pkgs.git}/bin/git log --all --graph --decorate";
# "st" = "${pkgs.git}/bin/git status";
# "checkout" = "${pkgs.git}/bin/git checkout";
# "rebase" = "${pkgs.git}/bin/git rebase";
# "stash" = "${pkgs.git}/bin/git stash";
"edit" = "jj edit";
"old" = "jj edit @-";
"new" = "jj edit @+";
"rebase" = "jj rebase";
"pull" = "jj git fetch; jj catchup";
"msg" = "jj describe -m";
"branch" = "jj bookmark set";
"stat" = "jj status";
"push" = "jj git push";
"tidy" = "x test tidy --bless";
"ui" = "x test tests/ui/";
"f" = "nautilus --no-desktop . &";
};
# extracting any compressed format
extract = ''
function extract -a file -d "decompress a file"
if not test -f $file
echo "'$file' is not a valid file"
return 1
end
switch $file
# tar can automatically figure out how to decompress
case '*.{tar,tar.{bz2,zst,gz,xz},tbz2,tgz'; ${pkgs.gnutar}/bin/tar xf $file; end
case '*.bz2'; bunzip2 $file; end
case '*.rar'; unrar e $file; end
case '*.gz'; gunzip $file; end
case '*.zip'; ${pkgs.unzip}/bin/unzip $file; end
case '*.Z'; uncompress $file; end
case '*.7z'; 7z x $file; end
case '*';
echo "'$file' cannot be extracted"
return 1
end
end
'';
in
{
programs = {
atuin = {
enable = true;
enableFishIntegration = true;
settings = {
filter_mode_shell_up_key_binding = "directory";
exit_mode = "return-original";
workspaces = true;
};
};
zoxide = {
enable = true;
enableFishIntegration = true;
};
direnv = {
enable = true;
# enableFishIntegration = lib.mkDefault true;
};
fzf = {
enable = true;
enableFishIntegration = true;
};
fish = {
enable = true;
shellAliases = aliases;
plugins = with pkgs.fishPlugins; [
{
name = "bang-bang";
src = pkgs.fetchFromGitHub {
owner = "oh-my-fish";
repo = "plugin-bang-bang";
rev = "ec991b80ba7d4dda7a962167b036efc5c2d79419";
hash = "sha256-oPPCtFN2DPuM//c48SXb4TrFRjJtccg0YPXcAo0Lxq0=";
};
}
{
name = "tide";
inherit (tide) src;
}
{
name = "sponge";
inherit (sponge) src;
}
{
name = "autopair";
inherit (autopair) src;
}
];
functions = {
fish_jj_prompt = {
body = ''
if not ${config.programs.jujutsu.package}/bin/jj root --quiet &>/dev/null
return 1
end
${config.programs.jujutsu.package}/bin/jj log --ignore-working-copy --no-graph --color always -r @ -T '
separate(
" ",
bookmarks.join(", "),
change_id.shortest(),
commit_id.shortest(),
if(conflict, "conflict"),
if(empty, "empty"),
if(divergent, "divergent"),
if(hidden, "hidden"),
)
'
'';
};
_tide_item_jj = {
body = ''
set -l _tide_item_jj_color $_tide_location_color
echo -ns $_tide_item_jj_color" ("(fish_jj_prompt)$_tide_item_jj_color")"
'';
};
_tide_item_git = {
body = ''
if not test -d .jj
fish_git_prompt '%s'
end
'';
};
};
interactiveShellInit = ''
fish_vi_key_bindings
set -g sponge_successful_exit_codes 0
set -g sponge_allow_previously_successful false
set -g sponge_delay 10
${config.programs.jujutsu.package}/bin/jj util completion fish | source
# if set -q tide_left_prompt_items; and not contains "jj" $tide_left_prompt_items
# set -l tide_item_jj_idx (contains -i "pwd" $tide_left_prompt_items)
# if test $tide_item_jj_idx
# set tide_left_prompt_items \
# $tide_left_prompt_items[1..$tide_item_jj_idx] \
# jj \
# $tide_left_prompt_items[(math $tide_item_jj_idx + 1)..-1]
# end
# end
function t
cd "$(${pkgs.custom.t}/bin/t-rs $argv | tail -n 1)"
end
function temp
t $argv
end
function rs
cd "$(${pkgs.custom.t}/bin/t-rs $argv | tail -n 1)"
cargo init . --bin --name $(basename "$PWD")
vim src/main.rs
end
fish_add_path "$HOME/.cargo/bin"
fish_add_path "$HOME/.local/bin"
fish_add_path "$HOME/Documents/scripts"
fish_add_path "$HOME/.nix-profile/bin"
function fish_greeting
${pkgs.blahaj}/bin/blahaj -s
end
'';
};
};
home.activation = {
setupTide = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
setupTide() {
${pkgs.fish}/bin/fish -c ${lib.escapeShellArg "tide configure ${
lib.cli.toGNUCommandLineShell { } {
auto = true;
style = "Lean";
prompt_colors = "True color";
show_time = "No";
lean_prompt_height = "Two lines";
prompt_connection = "Disconnected";
prompt_spacing = "Compact";
icons = "Few icons";
transient = "Yes";
}
}"} >/dev/null 2>&1
}
setupTide
'';
};
};
}

25
programs/fish/scripts.nix Normal file
View file

@ -0,0 +1,25 @@
{ pkgs, ... }:
{
calc = "${pkgs.custom.pipethon}/bin/python -i ${pkgs.writeText "init.py" ''
import sys
sys.path.append("${../../scriptlib}")
from scriptlib import *
''} ";
# sys.path.append("${pkgs.python314Packages.numpy}/lib/python3.14/site-packages/")
cp-media =
name: media:
let
s = pkgs.writeScriptBin "cp-${name}" ''
echo "copying to library ${media}"
echo "calculating hash"
find "$1" - type f - print0 | sort - z | xargs - 0 sha1sum | awk '{
print $1}' | sha1sum | awk '{print $1}' > "$1.hash"
rsync -azP "$1" fili:/media/${media}
rsync -azP "$1.hash" fili:/media/${media}
'';
in
"${s}/bin/cp-${name}";
}

39
programs/git/default.nix Normal file
View file

@ -0,0 +1,39 @@
_: {
custom.program.git.requirements = [ "cli" ];
custom.program.git.home-config = _: {
programs.git = {
enable = true;
signing.key = "/home/jana/.ssh/id_ed25519.pub";
signing.signByDefault = true;
settings = {
user.email = "jana@donsz.nl";
user.name = "Jana Dönszelmann";
push.autoSetupRemote = true;
pull.rebase = true;
init.defaultBranch = "main";
gpg.format = "ssh";
diff.colorMoved = "default";
rerere.enabled = true;
alias.conflicts = "diff --check";
};
};
programs.delta = {
enable = true;
options = {
navigate = true;
light = false;
side-by-side = true;
features = "decorations interactive";
interactive = {
keep-plus-minus-markers = false;
};
};
enableGitIntegration = true;
};
};
}

255
programs/gnome/default.nix Normal file
View file

@ -0,0 +1,255 @@
{ pkgs, lib, ... }:
let
unbound = [ "@as []" ];
custom-keys = [
{
binding = "<Shift><Super>Return";
command = "gnome-terminal";
name = "Launch terminal";
}
{
binding = "<Super>z";
command = "gnome-system-monitor";
name = "launch system monitor";
}
{
binding = "<Super>Return";
command = "${pkgs.custom.ghostty}/bin/ghostty";
name = "focus-terminal";
}
{
binding = "F12";
command = "${pkgs.custom.ghostty}/bin/ghostty -- ${((import ../fish/scripts.nix) pkgs).calc}";
name = "calculator";
}
];
in
{
dconf = {
enable = true;
settings =
{
"org/gnome/shell" = {
# pinned app bar
favorite-apps = [
"firefox.desktop"
"org.gnome.Nautilus.desktop"
"org.gnome.Settings.desktop"
"org.gnome.Terminal.desktop"
"jetbrains-clion-ec2b1366-55e3-4ecc-8780-ab6c7542eb56.desktop"
"discord-canary.desktop"
"io.element.Element.desktop"
"mattermost-desktop.desktop"
"org.mozilla.Thunderbird.desktop"
"spotify.desktop"
];
disable-user-extensions = false;
enabled-extensions = [
"horizontal-workspaces@gnome-shell-extensions.gcampax.github.com"
"org.gnome-shell.desktop-icons"
"auto-move-windows@gnome-shell-extensions.gcampax.github.com"
];
};
"org/gnome/desktop/background" = rec {
# picture-uri ="file:///${home.homeDirectory}/Pictures/backgrounds/2023-09-01-14-56-45-Road-saturated.png";
# picture-uri-dark = picture-uri;
};
"org/gnome/desktop/input-sources" = {
per-window = false;
show-all-sources = false;
sources = [ "('xkb', 'us')" ];
xkb-options = [
"lv3:switch"
"caps:escape"
"eurosign:4"
"compose:ralt"
];
};
"org/gnome/desktop/interface" = {
clock-show-seconds = true;
clock-show-weekday = true;
color-scheme = "prefer-dark";
cursor-theme = "Adwaita";
enable-animations = true;
enable-hot-corners = true;
font-name = "Noto Sans, 10";
};
"org/gnome/desktop/peripherals/mouse" = {
accel-profile = "adaptive";
natural-scroll = false;
};
"org/gnome/desktop/peripherals/touchpad" = {
click-method = "fingers";
disable-while-typing = false;
edge-scrolling-enabled = false;
natural-scroll = false;
send-events = "enabled";
speed = 0.5;
tap-to-click = true;
two-finger-scrolling-enabled = true;
};
"org/gnome/desktop/sound" = {
allow-volume-above-100-percent = true;
event-sounds = true;
};
"org/gnome/desktop/wm/keybindings" = {
always-on-top = [ "<Super>t" ];
begin-move = unbound;
begin-resize = unbound;
close = [ "<Super>q" ];
lower = unbound;
maximize = unbound;
minimize = [ "<Super>w" ];
move-to-monitor-down = [ "<Super>Down" ];
move-to-monitor-left = [ "<Super>Left" ];
move-to-monitor-right = [ "<Super>Right" ];
move-to-monitor-up = [ "<Super>Up" ];
move-to-workspace-1 = [ "<Shift><Super>exclam" ];
move-to-workspace-2 = [ "<Shift><Super>at" ];
move-to-workspace-3 = [ "<Shift><Super>numbersign" ];
move-to-workspace-4 = [ "<Shift><Super>dollar" ];
move-to-workspace-5 = [ "<Shift><Super>percent" ];
move-to-workspace-6 = [ "<Shift><Super>asciicircum" ];
panel-main-menu = [ "" ];
raise-or-lower = [ "<Super>s" ];
switch-applications = [ "<Super>Tab" ];
switch-applications-backward = [ "<Shift><Super>Tab" ];
switch-input-source = unbound;
switch-input-source-backward = unbound;
switch-to-workspace-1 = [ "<Super>1" ];
switch-to-workspace-2 = [ "<Super>2" ];
switch-to-workspace-3 = [ "<Super>3" ];
switch-to-workspace-4 = [ "<Super>4" ];
switch-to-workspace-5 = [ "<Super>5" ];
switch-to-workspace-6 = [ "<Super>6" ];
switch-to-workspace-down = [ "<Super>j" ];
switch-to-workspace-last = [ "<Super>0" ];
switch-to-workspace-up = [ "<Super>k" ];
switch-windows = unbound;
switch-windows-backward = unbound;
toggle-fullscreen = [ "<Super>f" ];
toggle-maximized = [ "<Super>d" ];
unmaximize = unbound;
};
"org/gnome/desktop/wm/preferences" = {
auto-raise = false;
button-layout = ":,maximize,minimize,close";
focus-mode = "click";
mouse-button-modifier = "<Super>";
num-workspaces = 6;
resize-with-right-button = false;
visual-bell = false;
};
"org/gnome/mutter" = {
center-new-windows = true;
dynamic-workspaces = false;
edge-tiling = true;
experimental-features = [ "scale-monitor-framebuffer" ];
overlay-key = "Super_L";
workspaces-only-on-primary = true;
};
"org/gnome/mutter/keybindings" = {
switch-monitor = [ "<Super>o" ];
toggle-tiled-left = [ "<Super>bracketleft" ];
toggle-tiled-right = [ "<Super>bracketright" ];
};
"org/gnome/settings-daemon/plugins/media-keys" = {
area-screenshot = unbound;
area-screenshot-clip = [ "<Shift><Super>s" ];
custom-keybindings =
with builtins;
(map (
i: "/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString (i - 1)}/"
) (genList (x: x + 1) (length custom-keys)));
email = [ "Display" ];
home = [ "<Super>e" ];
mic-mute = [ "AudioMicMute" ];
next = [ "<Super>period" ];
on-screen-keyboard = unbound;
pause = unbound;
play = [ "<Super>slash" ];
previous = [ "<Super>comma" ];
screensaver = [ "<Super>l" ];
screenshot = unbound;
screenshot-clip = unbound;
stop = unbound;
volume-down = [ "AudioLowerVolume" ];
volume-mute = [ "AudioMute" ];
volume-up = [ "AudioRaiseVolume" ];
window-screenshot = unbound;
window-screenshot-clip = unbound;
};
"org/gnome/settings-daemon/plugins/power" = {
ambient-enabled = false;
idle-dim = false;
power-button-action = "nothing";
power-saver-profile-on-low-battery = true;
sleep-inactive-ac-timeout = 7200;
sleep-inactive-ac-type = "nothing";
sleep-inactive-battery-timeout = 7200;
sleep-inactive-battery-type = "suspend";
};
"org/gnome/shell/extensions/auto-move-windows" = {
application-list = [
"firefox.desktop:1"
"discord.desktop:3"
"jetbrains-clion.desktop:2"
"jetbrains-goland.desktop:2"
"jetbrains-pycharm.desktop:2"
"jetbrains-idea.desktop:2"
"spotify.desktop:5"
];
};
"org/gnome/shell/keybindings" = {
open-application-menu = [ "Menu" ];
show-screenshot-ui = [ "<Shift><Super>s" ];
switch-to-application-1 = unbound;
switch-to-application-2 = unbound;
switch-to-application-3 = unbound;
switch-to-application-4 = unbound;
switch-to-application-5 = unbound;
switch-to-application-6 = unbound;
switch-to-application-7 = unbound;
switch-to-application-8 = unbound;
switch-to-application-9 = unbound;
toggle-message-tray = unbound;
toggle-overview = [ "<Super>p" ];
};
"org/gnome/terminal/legacy" = {
menu-accelerator-enabled = false;
mnemonics-enabled = true;
new-terminal-mode = "window";
shortcuts-enabled = true;
theme-variant = "dark";
};
"org/gnome/terminal/legacy/keybindings" = {
zoom-in = "<Primary>equal";
};
}
// (
with builtins;
foldl' (a: b: a // b) { } (
map (i: {
"org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom${toString (i - 1)}" =
elemAt custom-keys
(i - 1);
}) (genList (x: x + 1) (length custom-keys))
)
);
};
}

184
programs/jj/default.nix Normal file
View file

@ -0,0 +1,184 @@
_: {
custom.program.jujutsu.requirements = [ "cli" ];
custom.program.jujutsu.home-config =
{ config, pkgs, ... }:
{
programs.jujutsu = {
enable = true;
# package = pkgs.custom.jujutsu;
settings = {
user = {
email = config.programs.git.settings.user.email;
name = config.programs.git.settings.user.name;
};
ui = {
paginate = "never";
# pager = "${pkgs.delta}/bin/delta";
# for delta
# diff-formatter = ":git";
diff-formatter = [
"${pkgs.difftastic}/bin/difft"
"--color=always"
"$left"
"$right"
];
default-command = [
"log"
"--reversed"
"--no-pager"
];
merge-editor = [
"${pkgs.meld}/bin/meld"
"$left"
"$base"
"$right"
"-o"
"$output"
"--auto-merge"
];
# diff-editor = "${pkgs.meld}/bin/meld";
};
fsmonitor.backend = "watchman";
fsmonitor.watchman.register-snapshot-trigger = true;
# revsets.log = "@ | ancestors(trunk()..(visible_heads() & mine()), 2) | trunk()";
# revsets.log = "trunk()..@ | @..trunk() | trunk() | @:: | fork_point(trunk() | @)";
revsets.log = "trunk() | ancestors(trunk()..heads(((trunk()..visible_heads()) & my() | @)::), 2)";
revset-aliases = {
"my()" = "user(\"${config.programs.jujutsu.settings.user.email}\")";
"user(x)" = "author(x) | committer(x)";
current = "bookmarks() & my() & ~immutable()";
"closest_bookmark(to)" = "heads(::to & bookmarks())";
};
template-aliases = {
"format_timestamp(timestamp)" = "timestamp.ago()";
log_oneline = ''
if(root,
format_root_commit(self),
label(if(current_working_copy, "working_copy"),
concat(
separate(" ",
format_short_change_id_with_change_offset(self),
if(empty, label("empty", "(empty)")),
if(description,
description.first_line(),
label(if(empty, "empty"), description_placeholder),
),
bookmarks,
tags,
working_copies,
if(conflict, label("conflict", "conflict")),
if(config("ui.show-cryptographic-signatures").as_boolean(),
format_short_cryptographic_signature(signature)),
) ++ "\n",
),
)
)
'';
# if(.contained_in('first_parent(@)'), label("git_head", "HEAD")),
status_summary = "'\n' ++ self.diff().summary() ++ '\n'";
log_oneline_with_status_summary = "log_oneline ++ if(self.current_working_copy() && self.diff().files().len() > 0, status_summary)";
};
aliases =
let
util = script: [
"util"
"exec"
"--"
"bash"
"-c"
script
];
in
{
tug = [
"bookmark"
"move"
"--from"
"heads(::@- & bookmarks())"
"--to"
"coalesce(@ & ~empty(), @-)"
];
catchup = [
"rebase"
"-b"
"bookmarks() & mine() & ~immutable()"
"-d"
"trunk()"
"--skip-emptied"
];
pull = util ''
jj git fetch
jj catchup
'';
ch = [
"show"
"--stat"
];
move = [
"rebase"
"-r"
];
push = [
"git"
"push"
];
ll = [
"log"
"-T"
"builtin_log_compact"
];
mdiff = [
"diff"
"--from"
"trunk()"
];
};
templates = {
log_node = ''
label("node",
coalesce(
if(!self, label("elided", "~")),
if(current_working_copy, label("working_copy", "@")),
if(conflict, label("conflict", "×")),
if(immutable, label("immutable", "*")),
label("normal", "·")
)
)
'';
log = "log_oneline_with_status_summary";
git_push_bookmark = ''"jdonszelmann/" ++ change_id.short()'';
};
signing = {
# sign-all = true;
behavior = "own";
backend = "ssh";
key = "~/.ssh/id_ed25519.pub";
};
# remotes.origin.auto-track-bookmarks = true;
# remotes.upstream.auto-track-bookmarks = true;
git = {
private-commits = "description(glob:'wip:*') | description(glob:'trial:*')";
write-change-id-header = true;
fetch = [
"upstream"
"origin"
];
push = "origin";
};
};
};
};
}

125
programs/kanata/default.nix Normal file
View file

@ -0,0 +1,125 @@
{ pkgs, ... }:
let
kanata-config = ''
(defcfg
process-unmapped-keys yes
danger-enable-cmd yes
)
(defsrc
esc
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
caps a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
lctl lmet lalt spc ralt rctl
)
(deflayer qwerty
@esc
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e r t y u i o p [ ] \
@cap a s d f g h j k l ; ' ret
lsft z x c v b n m , . / rsft
lctl @lmet lalt spc ralt @rctl
)
(deflayer control
@esc
grv 1 2 3 4 5 6 7 8 9 0 - = bspc
tab q w e @replay t y u i o p @wup @wdown \
@cap a s d f g left down up right ; ' bspc
lsft z x C-c v bspc n @macro , . C-f rsft
lctl lmet lalt spc ralt @rctl
)
(deflayermap (programming)
f (macro f n spc)
w (macro w h e r e spc)
l (macro l o o p { ret)
u (macro u s e spc)
i (macro i m p o r t spc)
s (macro s e l f spc)
)
(defalias
;; hold esc
esc (tap-hold 800 800 esc caps)
;; control
cap (tap-hold-release 200 200
(multi dynamic-macro-record-stop esc)
(layer-while-held control)
)
lmet (
tap-hold-press 200 200
(cmd ${pkgs.lib.getExe' pkgs.custom.niri "niri"} msg action toggle-overview)
lmet
)
macro (dynamic-macro-record 0)
replay (dynamic-macro-play 0)
wup (mwheel-up 50 120)
wdown (mwheel-down 50 120)
;; programming
rctl (
tap-hold-release
200 200
C-k (layer-while-held programming)
)
)
'';
in
{
custom.program.kanata.requirements = [ "graphical" ];
custom.program.kanata.home-config =
{ pkgs, config, ... }:
{
systemd.user.services.kanata = {
Unit = {
Description = "kanata";
};
Service = {
Restart = "always";
RestartSec = "3";
ExecStart = "${pkgs.kanata-with-cmd}/bin/kanata --cfg ${pkgs.writeText "kanata.kbd" kanata-config}";
Nice = "-20";
};
Install = {
WantedBy = [ "default.target" ];
};
};
home.file.kanata = {
target = ".config/kanata/kanata.kbd";
text = kanata-config;
};
};
# custom.program.kanata.system-config =
# { pkgs, ... }:
# {
# sudo groupadd uinput
# sudo usermod -aG input $USER
# sudo usermod -aG uinput $USER
# echo "KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"" >> /etc/udev/rules.d/99-input.rules
# reboot or sudo udevadm control --reload-rules && sudo udevadm trigger
# sudo modprobe uinput
users.groups.uinput = { };
users.extraUsers.jana.extraGroups = [
"uinput"
"input"
];
environment.systemPackages = [ pkgs.kanata-with-cmd ];
services.udev.extraRules = ''
KERNEL=="uinput", MODE="0660", GROUP="uinput", OPTIONS+="static_node=uinput"
'';
# };
}

57
programs/kitty/default.nix Normal file
View file

@ -0,0 +1,57 @@
_: {
custom.program.kitty.requirements = [ "graphical" ];
custom.program.kitty.home-config =
{ pkgs, flakes, ... }:
{
programs.kitty = {
enable = true;
font = {
name = "Jetbrains Mono";
size = 13.0;
package = pkgs.jetbrains-mono;
};
settings = {
scrollback_lines = 20000;
allow_hyperlinks = true;
repaint_delay = 10;
input_delay = 3;
enable_audio_bell = false;
update_check_interval = 0;
initial_window_width = "95c";
initial_window_height = "30c";
remember_window_size = "no";
draw_minimal_borders = false;
hide_window_decorations = true;
shell = "${pkgs.tmux}/bin/tmux";
clipboard_control = "write-clipboard write-primary read-clipboard read-primary";
foreground = "#fcfcfc";
background = "#232627";
linux_display_server = "auto";
};
keybindings = {
"ctrl+f" =
"launch --location=hsplit --allow-remote-control kitty +kitten ${flakes.kitty-search}/search.py @active-kitty-window-id";
"ctrl+alt+r" = "load_config_file";
"ctrl+shift+r" = "no_op";
"super+`" = "no_op";
"ctrl+EQUAL" = "change_font_size all +2.0";
"ctrl+minus" = "change_font_size all -2.0";
"ctrl+0" = "change_font_size all 0";
# "ctrl+/" = "send_text all ";
"super+~" = "no_op";
};
extraConfig = ''
mouse_map left click ungrabbed no-op
'';
};
};
}

601
programs/niri/default.nix Normal file
View file

@ -0,0 +1,601 @@
_: {
custom.program.niri.requirements = [ "graphical" ];
custom.program.niri.home-config =
{
config,
pkgs,
flakes,
lib,
...
}:
let
noctalia =
cmd:
[
"${pkgs.lib.getExe' flakes.noctalia.packages.${pkgs.system}.default "noctalia-shell"}"
"ipc"
"call"
]
++ (pkgs.lib.splitString " " cmd);
wallpaper = ("${pkgs.custom.raw-data}/pacific.png");
matugenSchemeType = "scheme-tonal-spot";
in
{
imports = [
flakes.niri.homeModules.niri
flakes.matugen.nixosModules.default
flakes.noctalia.homeModules.default
];
home.packages = with pkgs; [
matugen
glib
dconf
gsettings-desktop-schemas
xwayland-satellite
# gtk
nwg-look
# qt config tool
kdePackages.qt6ct
fira
jetbrains-mono
fira-mono
noto-fonts
];
programs.niri.settings = {
# main laptop screen
outputs."eDP-1" = {
mode = {
width = 1928;
height = 1200;
refresh = 59.987;
};
position = {
x = 0;
y = 0;
};
};
outputs."LG Electronics LG ULTRAWIDE 411NTBK28189" = {
mode = {
width = 3440;
height = 1440;
refresh = 59.987;
};
position = {
x = -3440;
y = 240;
};
# focus the external screen first
focus-at-startup = true;
};
};
home.sessionVariables = {
QT_QPA_PLATFORMTHEME = "qt6ct";
XCURSOR_THEME = "Adwaita";
XCURSOR_SIZE = "10";
};
programs.niri.settings = {
input = {
keyboard = {
xkb = {
layout = "us";
options = "grp:win_space_toggle,compose:ralt";
};
numlock = true;
};
mouse = {
accel-speed = 0.5;
};
touchpad = {
dwt = true;
tap = true;
tap-button-map = "left-right-middle";
click-method = "clickfinger";
natural-scroll = false;
};
};
debug = {
render-drm-device = "/dev/dri/renderD128";
};
cursor = {
theme = "Adwaita";
size = 10;
};
gestures.hot-corners.enable = false;
layout = {
gaps = 5;
center-focused-column = "never";
preset-column-widths = [
{ proportion = 0.33333; }
{ proportion = 0.5; }
{ proportion = 0.66667; }
{ proportion = 1.0; }
];
default-column-width = {
proportion = 0.5;
};
shadow = {
softness = 20;
spread = 5;
offset = {
x = 0;
y = 5;
};
};
focus-ring = {
width = 1;
active.color = "#${config.programs.matugen.theme.colors.primary.default}";
inactive.color = "#${config.programs.matugen.theme.colors.surface.default}";
urgent.color = "#${config.programs.matugen.theme.colors.error.default}";
};
border = {
active.color = "#${config.programs.matugen.theme.colors.primary.default}";
inactive.color = "#${config.programs.matugen.theme.colors.surface.default}";
urgent.color = "#${config.programs.matugen.theme.colors.error.default}";
};
shadow = {
color = "#${config.programs.matugen.theme.colors.shadow.default}70";
};
tab-indicator = {
active.color = "#${config.programs.matugen.theme.colors.primary.default}";
inactive.color = "#${config.programs.matugen.theme.colors.primary_container.default}";
urgent.color = "#${config.programs.matugen.theme.colors.error.default}";
};
insert-hint = {
display.color = "#${config.programs.matugen.theme.colors.primary.default}80";
};
};
hotkey-overlay.skip-at-startup = true;
screenshot-path = "~/Documents/personal/pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png";
workspaces."01-browser" = {
name = "browser";
};
workspaces."02-programming" = {
name = "programming";
};
workspaces."03-chat" = {
name = "chat";
};
window-rules = [
{
matches = [ { title = "Extension: (Bitwarden Password Manager).*"; } ];
open-floating = true;
open-focused = true;
block-out-from = "screen-capture";
}
{
matches = [ { app-id = "firefox"; } ];
open-on-workspace = "browser";
}
{
matches = [
{
app-id = "org.gnome.Nautilus";
title = "Open Files";
}
{
app-id = "steam";
title = "Steam Settings";
}
];
open-floating = true;
}
{
matches = [
{ app-id = "discord"; }
{ app-id = "org.element.desktop"; } # TODO
{ app-id = "signal"; } # TODO
];
open-on-workspace = "chat";
}
{
matches = [
{ app-id = "dev.zed.Zed"; }
];
open-on-workspace = "programming";
}
{
geometry-corner-radius = {
top-left = 8.0;
top-right = 8.0;
bottom-right = 8.0;
bottom-left = 8.0;
};
clip-to-geometry = true;
}
];
spawn-at-startup = [
{ argv = [ "firefox" ]; }
{ argv = [ "discord" ]; }
{ argv = [ "signal-desktop" ]; }
{ argv = [ "zeditor" ]; }
{
argv = [ "${pkgs.lib.getExe' flakes.noctalia.packages.${pkgs.system}.default "noctalia-shell"}" ];
}
];
animations = { };
binds = {
"Ctrl+Alt+Delete" = {
hotkey-overlay.title = "Power menu";
action.spawn = noctalia "sessionMenu toggle";
};
"Mod+O" = {
hotkey-overlay.title = "Run an Application";
action.spawn = noctalia "launcher toggle";
};
"Mod+L" = {
hotkey-overlay.title = "Lock the Screen";
action.spawn = noctalia "lockScreen lock";
};
"Mod+Shift+Slash".action.show-hotkey-overlay = { };
"Mod+Return" = {
hotkey-overlay.title = "Open a Terminal";
action.spawn = "kitty";
};
"XF86AudioRaiseVolume" = {
allow-when-locked = true;
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1+";
};
"XF86AudioLowerVolume" = {
allow-when-locked = true;
action.spawn-sh = "wpctl set-volume @DEFAULT_AUDIO_SINK@ 0.1-";
};
"XF86AudioMute" = {
allow-when-locked = true;
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
};
"XF86AudioMicMute" = {
allow-when-locked = true;
action.spawn-sh = "wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle";
};
"XF86AudioPlay" = {
allow-when-locked = true;
action.spawn-sh = "playerctl play-pause";
};
"XF86AudioStop" = {
allow-when-locked = true;
action.spawn-sh = "playerctl stop";
};
"XF86AudioPrev" = {
allow-when-locked = true;
action.spawn-sh = "playerctl previous";
};
"XF86AudioNext" = {
allow-when-locked = true;
action.spawn-sh = "playerctl next";
};
"Mod+Period" = {
allow-when-locked = true;
action.spawn-sh = "playerctl previous";
};
"Mod+Comma" = {
allow-when-locked = true;
action.spawn-sh = "playerctl next";
};
"Mod+Slash" = {
allow-when-locked = true;
action.spawn-sh = "playerctl next";
};
# TODO
"XF86MonBrightnessUp" = {
allow-when-locked = true;
action.spawn = [
"brightnessctl"
"--device=amdgpu_bl1"
"--class=backlight"
"set"
"+10%"
];
};
"XF86MonBrightnessDown" = {
allow-when-locked = true;
action.spawn = [
"brightnessctl"
"--device=amdgpu_bl1"
"--class=backlight"
"set"
"10%-"
];
};
"Mod+Q" = {
repeat = false;
action.close-window = { };
};
"Mod+Left".action.focus-column-left = { };
"Mod+Down".action.focus-window-or-workspace-down = { };
"Mod+Up".action.focus-window-or-workspace-up = { };
"Mod+Right".action.focus-column-right = { };
"Mod+Shift+Left".action.move-column-left = { };
"Mod+Shift+Down".action.move-window-down-or-to-workspace-down = { };
"Mod+Shift+Up".action.move-window-up-or-to-workspace-up = { };
"Mod+Shift+Right".action.move-column-right = { };
"Mod+Home".action.focus-column-first = { };
"Mod+End".action.focus-column-last = { };
"Mod+Shift+Home".action.move-column-to-first = { };
"Mod+Shift+End".action.move-column-to-last = { };
"Mod+Ctrl+Left".action.focus-monitor-left = { };
"Mod+Ctrl+Down".action.focus-monitor-down = { };
"Mod+Ctrl+Up".action.focus-monitor-up = { };
"Mod+Ctrl+Right".action.focus-monitor-right = { };
"Mod+Shift+Ctrl+Left".action.move-column-to-monitor-left = { };
"Mod+Shift+Ctrl+Down".action.move-column-to-monitor-down = { };
"Mod+Shift+Ctrl+Up".action.move-column-to-monitor-up = { };
"Mod+Shift+Ctrl+Right".action.move-column-to-monitor-right = { };
"Mod+1".action.focus-workspace = 1;
"Mod+2".action.focus-workspace = 2;
"Mod+3".action.focus-workspace = 3;
"Mod+4".action.focus-workspace = 4;
"Mod+5".action.focus-workspace = 5;
"Mod+6".action.focus-workspace = 6;
"Mod+7".action.focus-workspace = 7;
"Mod+8".action.focus-workspace = 8;
"Mod+9".action.focus-workspace = 9;
"Mod+Shift+1".action.move-column-to-workspace = 1;
"Mod+Shift+2".action.move-column-to-workspace = 2;
"Mod+Shift+3".action.move-column-to-workspace = 3;
"Mod+Shift+4".action.move-column-to-workspace = 4;
"Mod+Shift+5".action.move-column-to-workspace = 5;
"Mod+Shift+6".action.move-column-to-workspace = 6;
"Mod+Shift+7".action.move-column-to-workspace = 7;
"Mod+Shift+8".action.move-column-to-workspace = 8;
"Mod+Shift+9".action.move-column-to-workspace = 9;
"Mod+WheelScrollDown" = {
cooldown-ms = 150;
action.focus-workspace-down = { };
};
"Mod+WheelScrollUp" = {
cooldown-ms = 150;
action.focus-workspace-up = { };
};
"Mod+Shift+WheelScrollDown".action.focus-column-left = { };
"Mod+Shift+WheelScrollUp".action.focus-column-right = { };
# "Mod+Shift+WheelScrollDown" = {
# cooldown-ms = 150;
# action.move-column-to-workspace-down = { };
# };
# "Mod+Shift+WheelScrollUp" = {
# cooldown-ms = 150;
# action.move-column-to-workspace-up = { };
# };
# "Mod+WheelScrollRight".action.focus-column-right = { };
# "Mod+WheelScrollLeft".action.focus-column-left = { };
# "Mod+Shift+WheelScrollRight".action.move-column-right = { };
# "Mod+Shift+WheelScrollLeft".action.move-column-left = { };
"Mod+BracketLeft".action.consume-or-expel-window-left = { };
"Mod+BracketRight".action.consume-or-expel-window-right = { };
"Mod+Shift+BracketLeft".action.consume-window-into-column = { };
"Mod+Shift+BracketRight".action.expel-window-from-column = { };
"Mod+R".action.switch-preset-column-width = { };
"Mod+Shift+R".action.switch-preset-window-height = { };
"Mod+Ctrl+R".action.reset-window-height = { };
"Mod+D".action.maximize-column = { };
"Mod+F".action.fullscreen-window = { };
"Mod+S".action.expand-column-to-available-width = { };
"Mod+C".action.center-column = { };
"Mod+Shift+C".action.center-visible-columns = { };
"Mod+Minus".action.set-column-width = "-10%";
"Mod+Equal".action.set-column-width = "+10%";
"Mod+Shift+Minus".action.set-window-height = "-10%";
"Mod+Shift+Equal".action.set-window-height = "+10%";
"Mod+E".action.toggle-window-floating = { };
"Mod+Shift+E".action.switch-focus-between-floating-and-tiling = { };
"Mod+W".action.toggle-column-tabbed-display = { };
"Mod+Shift+S".action.screenshot = { };
"Mod+Escape" = {
allow-inhibiting = false;
action.toggle-keyboard-shortcuts-inhibit = { };
};
"Mod+Shift+P".action.power-off-monitors = { };
};
};
programs.noctalia-shell = {
enable = true;
systemd.enable = false;
settings = {
general = {
# avatarImage = cfg.pfp;
};
colorSchemes = {
darkMode = true;
generateTemplatesForPredefined = true;
inherit matugenSchemeType;
predefinedScheme = "Noctalia (default)";
useWallpaperColors = true;
};
location = {
monthBeforeDay = false;
name = "Amsterdam";
};
wallpaper = {
enabled = true;
setWallpaperOnAllMonitors = true;
fillMode = "crop";
};
appLauncher = {
enableClipboardHistory = true;
terminalCommand = "kitty -e";
};
sessionMenu = {
enableCountdown = true;
countdownDuration = 5000;
};
controlCenter = {
position = "close_to_bar_button";
shortcuts = {
left = [
{
id = "WiFi";
}
{
id = "Bluetooth";
}
{
id = "PowerProfile";
}
{
id = "KeepAwake";
}
];
right = [ ];
};
};
bar = {
density = "compact";
position = "right";
backgroundOpacity = 0.5;
widgets = {
left = [
{
id = "ControlCenter";
useDistroLogo = true;
}
{
id = "NotificationHistory";
}
{
id = "plugin:catwalk";
}
];
center = [
{
hideUnoccupied = false;
id = "Workspace";
labelMode = "none";
}
];
right = [
{
id = "Tray";
drawerEnabled = false;
}
{
id = "WiFi";
}
{
id = "Bluetooth";
}
]
++ [ { id = "Battery"; } ]
++ [
{
id = "KeyboardLayout";
displayMode = "forceOpen";
}
{
formatHorizontal = "HH:mm";
formatVertical = "HH mm";
id = "Clock";
useMonospacedFont = true;
usePrimaryColor = true;
}
];
};
};
templates = {
gtk = true;
qt = true;
niri = true;
};
};
};
home.file.".cache/noctalia/wallpapers.json" = {
text = builtins.toJSON {
defaultWallpaper = wallpaper;
};
};
home.activation.themeFiles = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
mkdir -p ${config.xdg.configHome}/gtk-4.0
mkdir -p ${config.xdg.configHome}/gtk-3.0
mkdir -p ${config.xdg.configHome}/qt5ct/colors
mkdir -p ${config.xdg.configHome}/qt6ct/colors
touch ${config.xdg.configHome}/gtk-4.0/gtk.css
touch ${config.xdg.configHome}/gtk-3.0/gtk.css
touch ${config.xdg.configHome}/qt5ct/colors/noctalia.conf
touch ${config.xdg.configHome}/qt6ct/colors/noctalia.conf
'';
programs.matugen = {
enable = true;
wallpaper = wallpaper;
type = matugenSchemeType;
};
gtk.cursorTheme = {
package = pkgs.adwaita-icon-theme;
name = "Adwaita";
size = 24;
};
dconf.settings = {
# appearance
"org/gnome/desktop/interface" = {
color-scheme = "prefer-dark";
enable-hot-corners = false;
gtk-enable-primary-paste = false;
};
};
};
}

248
programs/nvim/config.lua Normal file
View file

@ -0,0 +1,248 @@
vim.o.sessionoptions="blank,buffers,curdir,folds,help,tabpages,winsize,winpos,terminal,localoptions"
vim.filetype.add({
extension = {
mdx = "markdown",
}
})
-- key mapping
local keymap = vim.api.nvim_set_keymap
local opts = { noremap = true, silent = true }
local builtin = require('telescope.builtin')
-- comment
local esc = vim.api.nvim_replace_termcodes(
'<ESC>', true, false, true
)
local api = require('Comment.api')
vim.keymap.set("n", "<C-_>", ":lua require('Comment.api').toggle.linewise.current()<CR> j", { remap = true })
vim.keymap.set("i", "<C-_>", "<c-o>:lua require('Comment.api').toggle.linewise.current()<CR>", { remap = true })
vim.keymap.set("x", "<C-_>", function()
vim.api.nvim_feedkeys(esc, 'nx', false)
api.toggle.linewise(vim.fn.visualmode())
end, { remap = true })
vim.keymap.set('n', 'gr', (function() builtin.lsp_references({jump_type="vsplit"}) end), {})
vim.keymap.set('n', 'gd', (function() builtin.lsp_definitions({jump_type="vsplit"}) end), {})
vim.keymap.set('n', 'gt', (function() builtin.lsp_type_definitions({jump_type="vsplit"}) end), {})
local barbar_state = require("barbar.state")
function find_windows_with_buffer(bufnum)
windows = {}
local window_list = vim.api.nvim_list_wins()
for _, window in ipairs(window_list) do
local win_info = vim.fn.getwininfo(window)
if win_info ~= nil then
for _, buf in ipairs(win_info) do
if buf.bufnr == bufnum then
table.insert(windows, window)
end
end
end
end
return windows
end
function num_useful_windows()
local window_list = vim.api.nvim_tabpage_list_wins(0)
local num = 0
for _, window in ipairs(window_list) do
local win_info = vim.fn.getwininfo(window)
if win_info ~= nil then
for _, win_info in ipairs(win_info) do
if buf_is_useful(win_info.bufnr) then
num = num + 1
end
end
end
end
return num
end
function buf_is_useful(bufnr)
local bufname = vim.api.nvim_buf_get_name(bufnr)
-- if the window's buffer has no name, it's not useful
if bufname == '' then
return false
end
-- print("bufname: ", bufname)
-- if the window's buffer is read only, it's not useful
local readonly = vim.api.nvim_buf_get_option(bufnr, 'readonly')
if readonly then
-- print("=readonly")
return false
end
-- -- if the buffer is not listed, it's not useful
local listed = vim.api.nvim_buf_get_option(bufnr, 'buflisted')
if not listed then
-- print("=unlisted")
return false
end
local buftype = vim.api.nvim_buf_get_option(bufnr, 'buftype')
if buftype == "quickfix" then
-- print("=readonly")
return false
end
local lines = vim.api.nvim_buf_get_lines(bufnr, 0, -1, false)
if #lines > 1 or (#lines == 1 and #lines[1] > 0) then
return true -- If the buffer has content, return false
else
return false
end
-- the window contains a useful buffer
return true
end
function quit_window(window)
vim.api.nvim_win_call(window, function()
vim.cmd "quit"
end)
end
vim.api.nvim_create_user_command('CloseBuffer', function (opts)
if num_useful_windows() > 1 then
vim.cmd {
cmd = "quit",
bang = opts.bang,
}
else
vim.cmd {
cmd = "BufferDelete",
bang = opts.bang,
}
if not buf_is_useful(vim.api.nvim_get_current_buf()) then
vim.cmd {
cmd = "quit",
bang = opts.bang,
}
end
end
end, { desc = "Close Current Buffer", bang = true, })
local function close_floating()
for _, win in ipairs(vim.api.nvim_list_wins()) do
local config = vim.api.nvim_win_get_config(win)
if config.relative ~= "" then
vim.api.nvim_win_close(win, false)
end
end
end
vim.keymap.set("n", "<Esc>", close_floating, { desc = "Close floats, clear highlights" })
local builtin = require('telescope.builtin')
vim.keymap.set("n", "<leader>x", require("telescope.builtin").resume, {
noremap = true,
silent = true,
desc = "Resume",
})
-- local gitsigns = require('gitsigns')
-- vim.keymap.set('n', '<leader>gr', gitsigns.reset_hunk)
-- vim.keymap.set('n', '<leader>gd', gitsigns.diffthis)
-- vim.keymap.set({'o', 'x'}, 'ig', ':<C-U>Gitsigns select_hunk<CR>')
-- better search
vim.cmd([[
" Better search
set incsearch
set ignorecase
set smartcase
set gdefault
nnoremap <silent> n n:call BlinkNextMatch()<CR>
nnoremap <silent> N N:call BlinkNextMatch()<CR>
function! BlinkNextMatch() abort
highlight JustMatched ctermfg=white ctermbg=magenta cterm=bold
let pat = '\c\%#' . @/
let id = matchadd('JustMatched', pat)
redraw
exec 'sleep 150m'
call matchdelete(id)
redraw
endfunction
nnoremap <silent> <Space> :silent noh<Bar>echo<CR>
nnoremap <silent> <Esc> :silent noh<Bar>echo<CR>
nnoremap <silent> n nzz
nnoremap <silent> N Nzz
nnoremap <silent> * *zz
nnoremap <silent> # #zz
nnoremap <silent> g* g*zz
]])
vim.cmd([[
inoremap <silent> <F1> <CMD>FloatermToggle<CR>
nnoremap <silent> <F1> <CMD>FloatermToggle<CR>
tnoremap <silent> <F1> <C-\><C-n><CMD>FloatermToggle<CR>
]])
vim.cmd([[
let g:suda_smart_edit = 1
filetype plugin indent on
]])
-- multicursor
vim.g.VM_default_mappings = 1
vim.g.VM_reselect_first = 1
vim.g.VM_notify_previously_selected = 1
vim.g.VM_theme = "iceblue"
-- workaround for rust-analyzer server cancelled request
for _, method in ipairs { 'textDocument/diagnostic', 'workspace/diagnostic' } do
local default_diagnostic_handler = vim.lsp.handlers[method]
vim.lsp.handlers[method] = function(err, result, context, config)
if err ~= nil and err.code == -32802 then
return
end
return default_diagnostic_handler(err, result, context, config)
end
end
require("hover").setup {
init = function()
require("hover.providers.lsp")
require('hover.providers.gh')
require('hover.providers.diagnostic')
end,
preview_opts = {
border = 'rounded'
},
-- Whether the contents of a currently open hover window should be moved
-- to a :h preview-window when pressing the hover keymap.
preview_window = false,
title = true,
}
-- Setup keymaps
vim.keymap.set("n", "K", require("hover").hover, {desc = "hover.nvim"})
vim.keymap.set("n", "gK", require("hover").hover_select, {desc = "hover.nvim (select)"})
-- vim.keymap.set("n", "<C-p>", function() require("hover").hover_switch("previous") end, {desc = "hover.nvim (previous source)"})
-- vim.keymap.set("n", "<C-n>", function() require("hover").hover_switch("next") end, {desc = "hover.nvim (next source)"})

104
programs/nvim/default.nix Normal file
View file

@ -0,0 +1,104 @@
_: {
custom.program.nvim.requirements = [ "cli" ];
custom.program.nvim.home-config =
{ pkgs, flakes, ... }:
{
home = {
sessionVariables = {
EDITOR = "nvim";
};
};
imports = [
flakes.nixvim.homeModules.nixvim
./options.nix
./plugins.nix
./keys.nix
];
programs.nixvim = {
enable = true;
globals.mapleader = " ";
globals.maplocalleader = " ";
viAlias = true;
vimAlias = true;
# Highlight and remove extra white spaces
# same color as cursorline as per
# https://github.com/joshdick/onedark.vim/blob/390b893d361c356ac1b00778d849815f2aa44ae4/autoload/onedark.vim
highlight.ExtraWhitespace.bg = "#2C323C";
match.ExtraWhitespace = "\\s\\+$";
clipboard.providers.wl-copy.enable = true;
performance = {
byteCompileLua.enable = true;
combinePlugins = {
enable = true;
standalonePlugins = [
# clashes with lualine
"onedark.nvim"
];
};
};
extraLuaPackages = ps: [ ps.magick ];
extraPackages = [ pkgs.imagemagick ];
# package = (import inputs.unstable { inherit (pkgs) system; }).neovim-unwrapped;
package = pkgs.neovim-unwrapped;
colorschemes.onedark = {
enable = true;
settings = {
style = "deep";
highlights = {
# bright green doccomments
"@lsp.type.comment".fg = "#77B767";
"@comment.documentation.rust".fg = "#77B767";
"@comment.documentation".fg = "#77B767";
"@comment".fg = "#426639";
# "Visual".bg = "#2a2e36";
# "Cursorline".bg = "#2a2e36";
};
};
};
extraConfigLuaPre = ''
require("neoconf").setup({})
'';
extraConfigLua = ''
require("render-markdown").setup {
latex_converter = '${pkgs.python312Packages.pylatexenc}/bin/latex2text',
}
''
# local lspconfig = require 'lspconfig'
# local configs = require 'lspconfig.configs'
# if not configs.foo_lsp then
# configs.noteslsp = {
# default_config = {
# -- cmd = {'${pkgs.custom.noteslsp}/bin/noteslsp'},
# cmd = {'./noteslsp/target/debug/noteslsp'},
# filetypes = {'markdown'},
# root_dir = function(fname)
# return lspconfig.util.find_git_ancestor(fname)
# end,
# settings = {}
# ,
# },
# }
# end
#
# lspconfig.noteslsp.setup{}
# ''
+ (builtins.readFile ./config.lua);
};
};
}

103
programs/nvim/keys.nix Normal file
View file

@ -0,0 +1,103 @@
_:
let
map = mode: key: action: {
inherit mode key action;
};
luamap =
mode: key: action:
map mode key "<cmd>lua ${action}<cr>";
telescope = "require('telescope.builtin')";
in
{
programs.nixvim.keymaps = [
(map "" "<f2>" "<cmd>Lspsaga rename<cr>")
(map "" "<leader>o" "<cmd>Lspsaga outline<cr>")
(map "" "<leader>." "<cmd>Lspsaga code_action<cr>")
# splitting
(map "n" "<leader>s" "<cmd>vertical sb<cr>")
# closing
(map "n" "<leader>w" "<cmd>BufferClose<cr>") # single buffer
(map "n" "<leader>cb" "<cmd>BufferClose<cr>") # single buffer
(map "n" "<leader>ct" "<cmd>CloseBuffer<cr>") # buffer or extra tab
(map "n" "<leader>q" "<cmd>CloseBuffer<cr>") # buffer or extra tab
(map "n" "<leader>co" "<cmd>silent! BufferCloseAllButVisible<cr>") # other buffers
(map "n" "<leader>cl" "<cmd>silent! BufferCloseBuffersLeft<cr>") # other buffers (left)
(map "n" "<leader>cr" "<cmd>silent! BufferCloseBuffersRight<cr>") # other buffers (right)
# moving
(map "n" "mL" "<cmd>BufferMovePrevious<cr>") # left
(map "n" "mr" "<cmd>BufferMoveNext<cr>") # right
(map "n" "m0" "<cmd>BufferMoveStart<cr>") # start
(map "n" "m$" "<cmd>BufferMoveEnd<cr>") # end
(map "n" "<leader>jb" "<cmd>BufferPick<cr>") # jump to tab
# jumplist
# (map "n" "<leader><Tab>" "<C-o>")
# (map "n" "<leader><S-Tab>" "<C-i>")
(luamap "n" "<leader>r" "${telescope}.jumplist()")
# pickers
(luamap "n" "<leader><leader>" "${telescope}.find_files()")
(luamap "n" "<leader>f" "${telescope}.live_grep()")
(luamap "n" "<leader>t" "${telescope}.lsp_document_symbols()")
(luamap "n" "<leader>T" "${telescope}.lsp_dynamic_workspace_symbols()")
# last used pickers/searches
(luamap "n" "<leader>h" "${telescope}.pickers()")
# open buffers
(luamap "n" "<leader>b" "${telescope}.buffers({sort_mru = true})")
# diagnostics
(map "n" "<leader>d" "<cmd>Trouble diagnostics toggle filter.buf=0<cr>")
(map "n" "<leader>ad" "<cmd>Trouble diagnostics toggle<cr>")
(luamap "n" "]d"
"vim.diagnostic.goto_next({ severity = vim.diagnostic.severity.ERROR, wrap=true })"
)
(luamap "n" "[d"
"vim.diagnostic.goto_prev({ severity = vim.diagnostic.severity.ERROR, wrap=true })"
)
(luamap "n" "]w" "vim.diagnostic.goto_next({ wrap=true })")
(luamap "n" "[w" "vim.diagnostic.goto_prev({ wrap=true })")
# docs with control-d just like in autocomplete
(map "n" "<C-d>" "K")
# expand macro
(map "n" "<leader>em" "<cmd>RustLsp expandMacro<cr>")
# easier quitting etc
(map "ca" "W" "w")
(map "ca" "X" "x")
(map "ca" "Q" "CloseBuffer")
(map "ca" "q" "CloseBuffer")
# navigation
(map "" "<leader><Left>" "<C-w><Left>")
(map "" "<leader><Right>" "<C-w><Right>")
(map "" "<leader><Up>" "<C-w><Up>")
(map "" "<leader><Down>" "<C-w><Down>")
(map "" "<leader><Down>" "<C-w><Down>")
# {
# key = "/";
# action = "<cmd>lua require('spectre').open_file_search({select_word=true})<CR>";
# }
(map "n" "t" "<cmd>Neotree toggle<cr>")
# tab for indent/dedent
(map "n" "<tab>" ">>_")
(map "n" "<S-tab>" "<<_")
(map "i" "<S-tab>" "<c-d>")
(map "v" "<tab>" ">gv")
(map "v" "<S-tab>" "<gv")
# to avoid many typos
(map "n" ";" ":")
];
}

88
programs/nvim/options.nix Normal file
View file

@ -0,0 +1,88 @@
_: {
programs.nixvim.diagnostics = {
# virtual_lines.enable = false;
# # virtual_lines = {
# # current_line = true;
# # format = ''
# # function(d)
# # if d.severity == vim.diagnostic.severity.ERROR then
# # return d
# # else
# # return ""
# # end
# # end
# # '';
# # };
# virtual_text = false;
update_in_insert = false; # annoying with virtual_lines which keep updating
severity_sort = true;
float = {
border = "rounded";
};
};
programs.nixvim.opts = {
# lazyredraw = true;
startofline = true;
showmatch = true;
belloff = "all";
showcmd = true;
mouse = "a";
modeline = true;
wrap = false;
spell = false;
# don't change the directory when a file is opened
# to work more like an IDE
autochdir = false;
autoindent = true;
smartindent = true;
smarttab = true;
backspace = [
"indent"
"eol"
"start"
];
list = true;
swapfile = false;
backup = false;
autoread = true;
undofile = true;
undodir = "/home/jana/.vimdid";
tabstop = 4;
softtabstop = 4;
shiftwidth = 4;
expandtab = true;
# relative line numbers except the current line
number = true;
# relativenumber = true;
# show (usually) hidden characters
listchars = {
nbsp = "¬";
extends = "»";
precedes = "«";
trail = "·";
tab = ">-";
};
# highlight current line
cursorline = true;
# clipboard == system clipboard
clipboard = "unnamedplus";
completeopt = [
"menuone"
"noselect"
"noinsert"
];
};
}

764
programs/nvim/plugins.nix Normal file
View file

@ -0,0 +1,764 @@
{ pkgs, config, ... }:
let
render-markdown = pkgs.vimUtils.buildVimPlugin {
name = "render-markdown";
src = pkgs.fetchFromGitHub {
owner = "MeanderingProgrammer";
repo = "markdown.nvim";
rev = "78ef39530266b3a0736c48b46c3f5d1ab022c7db";
hash = "sha256-mddnBvIrekHh60Ix6qIYAnv10Mu40LamGI47EXk9wSo=";
};
};
in
# fzy-lua-native = pkgs.vimUtils.buildVimPlugin {
# name = "fzy-lua-native";
# src = pkgs.fetchFromGitHub {
# owner = "romgrk";
# repo = "fzy-lua-native";
# rev = "9d720745d5c2fb563c0d86c17d77612a3519c506";
# hash = "sha256-pBV5iGa1+5gtM9BcDk8I5SKoQ9sydOJHsmyoBcxAct0=";
# };
# };
{
programs.nixvim = {
plugins = {
treesitter-textobjects = {
enable = false;
settings = {
lsp_interop.enable = true;
select = {
enable = true;
keymaps = {
"ai" = {
query = "@impl.outer";
};
"ii" = {
query = "@impl.inner";
};
"af" = {
query = "@function.outer";
};
"if" = {
query = "@function.inner";
};
"ac" = {
query = "@conditional.outer";
};
"ic" = {
query = "@conditional.inner";
};
"al" = {
query = "@loop.outer";
};
"il" = {
query = "@loop.inner";
};
};
};
move = {
enable = true;
set_jumps = true;
goto_next_start = {
"]f" = {
query = "@function.outer";
};
"]c" = {
query = "@conditional.outer";
};
"]l" = {
query = "@loop.outer";
};
"]i" = {
query = "@impl.outer";
};
};
goto_next_end = {
"]F" = {
query = "@function.outer";
};
"]C" = {
query = "@conditional.outer";
};
"]L" = {
query = "@loop.outer";
};
"]I" = {
query = "@impl.outer";
};
};
goto_previous_start = {
"[f" = {
query = "@function.outer";
};
"[c" = {
query = "@conditional.outer";
};
"[l" = {
query = "@loop.outer";
};
"[i" = {
query = "@impl.outer";
};
};
goto_previous_end = {
"[F" = {
query = "@function.outer";
};
"[C" = {
query = "@conditional.outer";
};
"[L" = {
query = "@loop.outer";
};
"[I" = {
query = "@impl.outer";
};
};
};
};
};
treesitter-context = {
enable = true;
settings = {
multiwindow = true;
separator = "";
max_lines = 4;
trim_scopes = "outer";
};
};
treesitter = {
enable = true;
nixGrammars = false;
nixvimInjections = false;
settings = {
indent.enable = true;
ensure_installed = "all";
ignore_install = [
"wing"
"brightscript"
];
highlight.enable = true;
incremental_selection = {
enable = true;
keymaps = {
scope_incremental = "s";
node_incremental = "+";
node_decremental = "-";
};
};
};
};
rainbow-delimiters.enable = true;
vim-surround.enable = true;
lsp-format.enable = true;
fugitive.enable = true;
lspkind.enable = true;
crates.enable = true;
fidget.enable = true;
nvim-autopairs.enable = true;
# nvim-highlight-colors.enable = true;
cmp = {
enable = true;
autoEnableSources = true;
settings = {
completion.completeopt = "noselect";
preselect = "None";
sources =
let
s = name: { inherit name; };
in
[
{
name = "nvim_lsp";
priority = 8;
}
# (s "nvim_lsp_signature_help")
# (s "treesitter")
(s "path")
(s "luasnip")
# (s "crates")
# (s "git")
# (s "calc")
# (s "buffer")
];
mapping =
let
next = ''
function(fallback)
if cmp.visible() then
cmp.select_next_item()
else
fallback()
end
end
'';
prev = ''
function(fallback)
if cmp.visible() then
cmp.select_prev_item()
else
fallback()
end
end
'';
in
{
"<C-Space>" = "cmp.mapping.complete()";
"<CR>" = "cmp.mapping.confirm({ select = true })";
"<C-d>" = ''
function()
if cmp.visible_docs() then
cmp.close_docs()
else
cmp.open_docs()
end
end
'';
"<Tab>" = next;
"<S-Tab>" = prev;
"<Down>" = next;
"<Up>" = prev;
};
snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end";
sorting.comparators = [
"offset"
"exact"
"score"
"recently_used"
"locality"
"kind"
"length"
"order"
];
window =
let
common_border = {
border = "rounded";
winhighlight = "Normal:Normal,FloatBorder:FloatBorder,CursorLine:Visual,Search:None";
};
in
{
completion = common_border;
documentation = common_border;
};
};
};
image = {
enable = true;
};
# dial.nvim
which-key = {
enable = true;
};
auto-session = {
enable = true;
settings = {
auto_save_enabled = true;
auto_restore_enabled = true;
pre_save_cmds = [ "Neotree close" ];
post_restore_cmds = [ "Neotree filesystem show" ];
};
};
comment = {
enable = true;
settings = {
sticky = true;
};
};
neo-tree = {
enable = true;
settings = {
close_if_last_window = true;
enable_git_status = false;
window = {
position = "right";
width = 30;
# mappings = {
# "<bs>" = "navigate_up";
# "." = "set_root";
# "/" = "fuzzy_finder";
# "f" = "filter_on_submit";
# "h" = "show_help";
# };
};
filesystem = {
follow_current_file.enabled = true;
filteredItems = {
hide_hidden = false;
hide_dotfiles = false;
force_visible_in_empty_folder = true;
hide_gitignored = false;
};
};
};
};
nvim-lightbulb = {
enable = true;
settings = {
autocmd = {
enabled = true;
updatetime = 200;
};
line = {
enabled = true;
};
number = {
enabled = true;
hl = "LightBulbNumber";
};
float = {
enabled = false;
text = "💡";
};
sign = {
enabled = true;
text = "💡";
};
status_text = {
enabled = false;
text = "💡";
};
};
};
git-conflict = {
enable = true;
settings = {
default_mappings = {
both = "<leader>cb";
none = "<leader>c0";
ours = "<leader>co";
prev = "]x";
next = "[x";
theirs = "<leader>ct";
};
disable_diagnostics = false;
highlights = {
current = "DiffText";
incoming = "DiffAdd";
};
list_opener = "conflicts";
};
};
gitsigns = {
enable = true;
settings = {
current_line_blame = true;
current_line_blame_opts = {
virt_text = true;
virt_text_pos = "eol";
};
};
};
lspsaga = {
enable = true;
settings = {
lightbulb.enable = false;
code_action.keys = {
quit = "<Esc>";
};
symbol_in_winbar.enable = false;
implement.enable = true;
};
};
typst-vim = {
enable = true;
settings = {
cmd = "${pkgs.typst}/bin/typst";
conceal_math = 1;
auto_close_toc = 1;
};
};
lualine = {
enable = true;
settings.options.theme = "onedark";
};
rustaceanvim = {
enable = true;
settings = {
rustAnalyzerPackage = null;
auto_attach = true;
server = {
standalone = false;
default_settings = {
rust-analyzer = {
inlayHints = {
lifetimeElisionHints.enable = "always";
# expressionAdjustmentHints = {
# enable = "always";
# mode = "prefer_postfix";
# };
discriminantHints.enable = "always";
};
# check = {
# command = "+nightly clippy";
# };
cachePriming.enable = true;
diagnostic = {
refreshSupport = true;
};
};
# cargo = {
# buildScripts.enable = true;
# features = "all";
# runBuildScripts = true;
# loadOutDirsFromCheck = true;
# };
# checkOnSave = true;
# check = {
# allFeatures = true;
# command = "clippy";
# extraArgs = [ "--no-deps" ];
# };
# procMacro = { enable = true; };
# imports = {
# granularity = { group = "module"; };
# prefix = "self";
# };
# files = {
# excludeDirs =
# [ ".cargo" ".direnv" ".git" "node_modules" "target" ];
# };
#
# inlayHints = {
# bindingModeHints.enable = true;
# closureStyle = "rust_analyzer";
# closureReturnTypeHints.enable = "always";
# discriminantHints.enable = "always";
# expressionAdjustmentHints.enable = "always";
# implicitDrops.enable = true;
# lifetimeElisionHints.enable = "always";
# rangeExclusiveHints.enable = true;
# reborrowHints.enable = "mutable";
# };
#
# rustc.source = "discover";
#
options.diagnostics = {
enable = true;
styleLints.enable = true;
};
};
};
};
};
lsp = {
enable = true;
servers = {
astro.enable = true;
cssls.enable = true;
nil_ls = {
enable = true;
settings = {
formatting.command = [ "${(pkgs.lib.getExe pkgs.nixfmt)}" ];
};
extraOptions = {
nix = {
maxMemoryMB = 0;
flake = {
autoArchive = true;
autoEvalInputs = true;
nixpkgsInputName = "nixpkgs";
};
};
};
};
clangd = {
enable = true;
filetypes = [
"c"
"cpp"
"objc"
"objcpp"
];
};
eslint = {
enable = true;
filetypes = [
"javascript"
"javascriptreact"
"typescript"
"typescriptreact"
];
};
html = {
enable = true;
filetypes = [ "html" ];
};
jsonls = {
enable = true;
filetypes = [
"json"
"jsonc"
];
};
pyright = {
enable = true;
filetypes = [ "python" ];
};
bashls = {
enable = true;
filetypes = [
"sh"
"bash"
];
};
# ts_ls = {
# enable = true;
# filetypes =
# [ "javascript" "javascriptreact" "typescript" "typescriptreact" ];
# };
# marksman.enable = true;
yamlls = {
enable = true;
filetypes = [ "yaml" ];
};
};
inlayHints = true;
keymaps = {
lspBuf = {
"<leader>;" = "format";
"gh" = "hover";
};
};
};
# leap = {
# enable = true;
# };
wilder = {
enable = true;
settings = {
modes = [
"/"
":"
"?"
];
enable_cmdline_enter = true;
before_cursor = true;
use_cmdlinechanged = true;
next_key = "<Tab>";
prev_key = "<S-Tab>";
accept_key = "<Down>";
reject_key = "<Up>";
};
options = {
pipeline = config.lib.nixvim.mkRaw ''
wilder.branch(
wilder.cmdline_pipeline({
language = 'python',
fuzzy = 2,
}),
wilder.python_search_pipeline({
pattern = wilder.python_fuzzy_pattern(),
sorter = wilder.python_difflib_sorter(),
engine = 're',
}),
wilder.substitute_pipeline({
pipeline = wilder.python_search_pipeline({
skip_cmdtype_check = 1,
pattern = wilder.python_fuzzy_pattern({
start_at_boundary = 0,
}),
}),
}),
{
wilder.check(function(ctx, x) return x == "" end),
wilder.history(),
},
wilder.python_file_finder_pipeline({
file_command = {'${pkgs.ripgrep}/bin/rg', '--files'},
dir_command = {'${pkgs.fd}/bin/fd', '-td'},
filters = {'cpsm_filter'},
})
)
'';
renderer = config.lib.nixvim.mkRaw ''
(function()
local highlighters = {
wilder.pcre2_highlighter(),
-- wilder.lua_fzy_highlighter(),
}
local popupmenu_renderer = wilder.popupmenu_renderer(
wilder.popupmenu_border_theme({
border = 'rounded',
empty_message = wilder.popupmenu_empty_message_with_spinner(),
highlighter = highlighters,
highlights = {
accent = wilder.make_hl('WilderAccent', 'Pmenu', {{a = 1}, {a = 1}, {foreground = '#f4468f'}}),
},
left = {
' ',
wilder.popupmenu_devicons(),
wilder.popupmenu_buffer_flags({
flags = ' a + ',
icons = {['+'] = '', a = '', h = ''},
}),
},
right = {
' ',
wilder.popupmenu_scrollbar(),
},
})
)
local wildmenu_renderer = wilder.wildmenu_renderer({
highlights = {
accent = wilder.make_hl('WilderAccent', 'Pmenu', {{a = 1}, {a = 1}, {foreground = '#f4468f'}}),
},
highlighter = highlighters,
separator = ' · ',
left = {' ', wilder.wildmenu_spinner(), ' '},
right = {' ', wilder.wildmenu_index()},
})
return wilder.renderer_mux({
[':'] = popupmenu_renderer,
['/'] = wildmenu_renderer,
substitute = wildmenu_renderer,
})
end)()
'';
};
};
floaterm = {
enable = true;
settings = {
opener = "edit";
width = 0.8;
height = 0.8;
};
};
telescope = {
enable = true;
extensions = {
ui-select.enable = true;
fzf-native.enable = true;
frecency.enable = true;
};
settings = {
file_ignore_patterns = [
"^.git/"
"^.jj/"
"^.vscode/"
"^.idea/"
"^build/"
"^target/"
];
defaults = {
path_display = [ "smart" ];
layout_strategy = "horizontal";
layout_config = {
width = 0.99;
height = 0.99;
};
};
};
};
# diagnostics
trouble = {
enable = true;
};
# tabs
barbar = {
enable = true;
settings = {
options.diagnostics = "nvim_lsp";
focus_on_close = "previous";
};
};
# for lsp/cmp inside markdown code blocks
otter = {
enable = true;
};
none-ls = {
enable = true;
sources = {
formatting.nixpkgs_fmt.enable = true;
code_actions.statix.enable = true;
diagnostics = {
statix.enable = true;
deadnix.enable = true;
};
};
};
nix.enable = true;
web-devicons.enable = true;
};
extraPlugins = with pkgs.vimPlugins; [
telescope-ui-select-nvim
telescope-fzf-native-nvim
vim-suda
render-markdown
vim-astro
nvim-web-devicons
vim-visual-multi
vim-gh-line
neoconf-nvim
vim-autoswap
targets-vim
# fzy-lua-native
cpsm
# jj
vim-jjdescription
hover-nvim
];
};
}

170
programs/tmux/default.nix Normal file
View file

@ -0,0 +1,170 @@
_: {
custom.program.tmux.requirements = [ "cli" ];
custom.program.tmux.home-config =
{ pkgs, ... }:
{
programs.tmux = {
enable = true;
mouse = true;
clock24 = true;
shortcut = "k";
plugins = with pkgs; [
{
plugin = tmuxPlugins.mkTmuxPlugin {
pluginName = "suspend";
version = "1a2f806";
src = pkgs.fetchFromGitHub {
owner = "MunifTanjim";
repo = "tmux-suspend";
rev = "1a2f806666e0bfed37535372279fa00d27d50d14";
sha256 = "0j7vjrwc7gniwkv1076q3wc8ccwj42zph5wdmsm9ibz6029wlmzv";
};
};
extraConfig = ''
set -g @suspend_key 'F11'
'';
}
{
plugin = tmuxPlugins.mode-indicator;
}
];
extraConfig = ''
# unbind every single normal keybinding
unbind-key -a
# for special characters to work right
# like <C-_>
# set-window-option -g xterm-keys on
set -g default-terminal "screen-256color"
set -g set-titles on
set -g allow-passthrough on
set -s escape-time 0
set-option -g default-shell ${pkgs.fish}/bin/fish
set -ga terminal-features "\*:hyperlinks"
set-window-option -g mode-keys vi
# clipboard stuff
bind -T copy-mode-vi v send-keys -X begin-selection
bind -T copy-mode-vi y send-keys -X copy-pipe-and-cancel
bind v copy-mode
bind p paste-buffer -p
set -s set-clipboard on
# get back normal terminal emulator bindings
bind-key -n S-PPage copy-mode -u
bind-key -T copy-mode -n S-NPage send-keys -X page-down
# don't scroll to end when copying with mouse
bind-key -T copy-mode MouseDragEnd1Pane send-keys -X copy-pipe
bind-key -T copy-mode-vi MouseDragEnd1Pane send-keys -X copy-pipe
bind-key -T copy-mode DoubleClick1Pane select-pane \; send-keys -X select-word \; run-shell -d 0.3 \; send-keys -X copy-pipe
bind-key -T copy-mode TripleClick1Pane select-pane \; send-keys -X select-line \; run-shell -d 0.3 \; send-keys -X copy-pipe
bind-key -T copy-mode-vi DoubleClick1Pane select-pane \; send-keys -X select-word \; run-shell -d 0.3 \; send-keys -X copy-pipe
bind-key -T copy-mode-vi TripleClick1Pane select-pane \; send-keys -X select-line \; run-shell -d 0.3 \; send-keys -X copy-pipe
# window control
bind t new-window -c "#{pane_current_path}"
bind-key Tab next-window
bind-key BTab previous-window
set -g automatic-rename-format "#{?#{==:#{pane_current_path},$HOME},~,#{b:pane_current_path}} (#{pane_current_command})"
set -g renumber-windows on
bind-key Q confirm-before -p "kill-window #W? (y/n)" kill-window
bind A last-window
bind-key 1 select-window -t :0
bind-key 2 select-window -t :1
bind-key 3 select-window -t :2
bind-key 4 select-window -t :3
bind-key 5 select-window -t :4
bind-key 6 select-window -t :5
bind-key 7 select-window -t :6
bind-key 8 select-window -t :7
bind-key 9 select-window -t :8
bind-key 0 select-window -t :9
# pane control
bind h select-pane -L
bind j select-pane -D
bind k select-pane -U
bind l select-pane -R
bind L split-window -h -c "#{pane_current_path}"
bind J split-window -v -c "#{pane_current_path}"
bind H split-window -h -b -c "#{pane_current_path}"
bind K split-window -v -b -c "#{pane_current_path}"
bind x swap-pane -D
# double-click ^k (or lshift with kanata) for previous pane like ^w in vim
bind -r ^k select-pane -l
bind-key q confirm-before -p "kill-pane #P? (y/n)" kill-pane
bind-key o choose-tree -wZ
bind-key O choose-tree -sZ
# get back command mode and some other basics...
bind : command-prompt
bind r source-file ~/.config/tmux/tmux.conf \; display "config reloaded"
bind-key ? list-keys
# Scroll oin man etc
tmux_commands_with_legacy_scroll="nano less more man git"
bind-key -T root WheelUpPane \
if-shell -Ft= '#{?mouse_any_flag,1,#{pane_in_mode}}' \
'send -Mt=' \
'if-shell -t= "#{?alternate_on,true,false} || echo \"#{tmux_commands_with_legacy_scroll}\" | grep -q \"#{pane_current_command}\"" \
"send -t= Up" "copy-mode -et="'
bind-key -T root WheelDownPane \
if-shell -Ft = '#{?pane_in_mode,1,#{mouse_any_flag}}' \
'send -Mt=' \
'if-shell -t= "#{?alternate_on,true,false} || echo \"#{tmux_commands_with_legacy_scroll}\" | grep -q \"#{pane_current_command}\"" \
"send -t= Down" "send -Mt="'
bind-key -T copy-mode-vi ] \
send-keys -X clear-selection \; \
send-keys -X search-forward "--> " \; \
send-keys -X next-word \; \
send-keys -X begin-selection \; \
send-keys -X jump-forward ":" \; \
send-keys -X jump-to-forward ":" \;
bind-key -T copy-mode-vi [ \
send-keys -X clear-selection \; \
send-keys -X start-of-line \; \
send-keys -X search-backward "--> " \; \
send-keys -X next-word \; \
send-keys -X begin-selection \; \
send-keys -X jump-forward ":" \; \
send-keys -X jump-to-forward ":" \;
bind-key [ copy-mode \; send-keys [
bind-key ] copy-mode \; send-keys ]
bind d select-pane -l \; send-keys [
'';
};
# bind-key -T root DoubleClick1Pane run-shell "cd '#{pane_current_path}'; echo '#{mouse_line}' | ${pkgs.writeScriptBin "open-file" ''
# open_file () {
# input=`cat`
# link=$(echo "$input" | grep -Po '[^ \\]*/[^ \\]*\.[^ \\]*\:[0-9]+' | sed 's/\:/|/g')
#
# if [ ! -z "$link" ]; then
# echo "LINK = $link"
# vim_proc=$(pgrep vim | xargs pwdx | grep $(pwd -P) | awk '{print $1}' | sed 's/\:*$//g' | xargs -I{} find /run/user/1000 -depth -maxdepth 1 -name "nvim.{}.0")
#
# nvim --server "$vim_proc" --remote-send "<C-\><C-N>:e $link<cr>"
# fi
# }
#
# open_file 2>&1 >> ~/open-file.log
#
# ''}/bin/open-file"
};
}

171
programs/zed/default.nix Normal file
View file

@ -0,0 +1,171 @@
_: {
custom.program.zed.requirements = [ "work" ];
custom.program.zed.home-config =
{ pkgs, ... }:
{
programs.zed-editor = {
enable = true;
extensions = [
"nix"
"intellij-newui-theme"
"charmed-icons"
"astro"
];
userSettings = {
ssh_connections = [
{
host = "icecube";
args = [ ];
projects = [
{
paths = [
"/home/jana/src/eii-test"
];
}
{
paths = [
"/home/jana/src/example"
];
}
{
paths = [
"/home/jana/src/fitgirl-ddl"
];
}
{
paths = [
"/home/jana/src/libs-team/tools/unstable-api"
];
}
{
paths = [
"/home/jana/src/ml-kem-hang"
];
}
{
paths = [
"/home/jana/src/opendal/core"
];
}
{
paths = [
"/home/jana/src/rust"
];
}
{
paths = [
"/home/jana/src/span-lowering-tests"
];
}
];
}
];
icon_theme = "Warm Charmed Icons";
ui_font_size = 16;
buffer_font_size = 16;
theme = {
mode = "system";
light = "One Light";
dark = "JetBrains New Dark";
};
disable_ai = true;
preview_tabs = {
enabled = true;
enable_preview_from_file_finder = true;
};
close_on_file_delete = true;
confirm_quit = true;
edit_predictions_disabled_in = [
"comment"
"string"
];
vim_mode = true;
cursor_blink = false;
vertical_scroll_margin = 0;
inlay_hints = {
enabled = true;
};
project_panel = {
dock = "right";
git_status = false;
};
minimap = {
show = "auto";
thumb = "always";
thumb_border = "left_open";
};
tab_bar = {
show = true;
show_nav_history_buttons = false;
show_tab_bar_buttons = false;
};
tabs = {
file_icons = true;
git_status = false;
activate_on_close = "history";
show_close_button = "hover";
};
lsp = {
rust-analyzer = {
initialization_options = {
inlayHints = {
lifetimeElisionHints = "always";
discriminantHints = "always";
};
diagnostic = {
refreshSupport = true;
};
};
};
nil = {
binary = {
ignore_system_version = false;
path = "${pkgs.lib.getExe' pkgs.nil "nil"}";
};
initialization_options = {
formatting = {
command = [ "${pkgs.lib.getExe' pkgs.nixfmt "nixfmt"}" ];
};
};
};
};
diagnostics = {
button = false;
include_warnings = true;
inline = {
enabled = true;
};
};
terminal = {
"dock" = "left";
"env" = {
# "EDITOR": "zeditor --wait"
"EDITOR" = "vim";
};
"font_size" = 12;
"font_family" = "Noto Sans Mono";
"line_height" = "standard";
};
buffer_font_family = "JetBrains Mono";
# "diagnostics_max_severity": "off",
"experimental.theme_overrides" = {
"syntax" = {
"comment.doc" = {
"color" = "#77B767";
};
};
};
};
};
};
}

50
scriptlib/scriptlib.py Normal file
View file

@ -0,0 +1,50 @@
from math import *;
# import numpy as np
from pathlib import Path
import subprocess
import os
from pprint import pprint
from itertools import *
Path.__repr__ = lambda i: f"p'{str(i)}'"
kilo = 1000
mega = 1000 * kilo
giga = 1000 * mega
tera = 1000 * giga
peta = 1000 * tera
b = 1
kib = 1024
mib = 1024 * kib
gib = 1024 * mib
tib = 1024 * gib
pib = 1024 * tib
inch = 0.0254
yard = 0.9144
def cwd():
return Path.cwd()
def ls(d = None):
if d is None:
d = cwd()
return list(Path(d).iterdir())
def glob(expr):
return list(cwd().glob(expr))
def run(cmd, only_stdout=True):
res = subprocess.run(cmd, capture_output=True, text=True, shell=True)
if only_stdout:
return str(res.stdout)
else:
return res
def cat(file):
return open(file, "r").read()
print_ = print
print = pprint

8
secrets/authentik.env
View file

@ -1,8 +0,0 @@
AUTHENTIK_SECRET_KEY=ENC[AES256_GCM,data:Iml9MKD/GVvsLJLEdkOPH2U+JENsaAvhlk4FT2cyFxlbaCAET2ipCD/GDx4=,iv:okpZlEnrFoXlS+6J11vB+z576pOshO9Tao9rlsDTkoY=,tag:3N3pVuIhPz4I42yt5tMX9g==,type:str]
AUTHENTIK_EMAIL__PASSWORD=ENC[AES256_GCM,data:m7r1IMvitkWEF5ngcAP8xY65anGq,iv:6vdnm8QXrNabTOLePwdMVSYvtcjmJUwRb6inbKxKii0=,tag:IOiSSQHltejNETUHuWvHgQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiYkJWNmhXM0FVWEUxQUhZ\nZnBDMnhQV2x0V3RrU292b241eW9pVXE0Tmo0CnUzVDVPbmVSdDlJWEpFTnhuRWtZ\ndW9OT3dVenlMbmYrQUpjcUt6RlJDcVUKLS0tIElQWkpUSVhkalVxYVM1TWRmUmNQ\nK1JTVmFMS21OeGlndWJSK0FLeHVZeFEKWX8mTFaauqBolk0nAkUcv+b/6rKA8Qzp\nhF16OnjtkjSDQw6Y5zNvahOXNgQudrGRZqudSC7RwvTEQ55Ci/JMFg==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-16T15:46:29Z
sops_mac=ENC[AES256_GCM,data:KQeVdOC2nrB+ZrLhSolLIkympnSgHRO+uF1Ku4PG3GU07hHhlyOe4UEfU8+zm8ETgwf66u1yWv9b2O4J5l//KqBR6fWJyu4htDSYBfcLT69E2IrtfyWgTbjRWcXcLCXx5XT3OmNr7EcjkzoeW8fPFmTAjTjMPzddD0uqOoJAeJ8=,iv:E4hiyBiffBWqdDjeNCMrWP1YQjEeGkHJhGTCdmlJ52k=,tag:GdEX74HgCVyp0gFHPhi18g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

21
secrets/deluge.yaml
View file

@ -1,21 +0,0 @@
deluge: ENC[AES256_GCM,data:/w9plpppO+CjKy+WhjfxQZfCWgVU5+zfl2HgUMqNcGG4Rjik,iv:qGlxtKgmwvVnNw4E8lZnZbkI4NZ9nQaFQNrp3xaXI8k=,tag:JLaNuxYTNnIgthSBXkyRVw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VWhtSjNFVVhMWFlqV0U3
Z3R4bkd1eHpFaXBTWjh0RENKaEdCa0UzL0dZCnNPSExXeGxQdGR2d1I3Vk1FdVdT
WnFkQnZtWGpOVVpOMGlWMDVGMXJXYlkKLS0tIEdpdVNhaVlaYW1ZU081NS84TlFS
Q0JwVDJGbzNlc2o0R1VTeG80bEpLV2sKe6fwXt7P0/zxbZucu4L61iAht/Xj1V82
UR7Qc7SmX6sAFD5JOh9SaFY19UGl0l1gQ3LYR34w3KABirSqC4BIrg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-27T07:52:50Z"
mac: ENC[AES256_GCM,data:s9QaVqCAD4Jqatr0cahB2DSDQaaDCnJIFrC9AsWLlkrXZbnrnzCn77WOaBpOTttAAzamY5zWqYIFHtc1LRRJvg+IOD6fRc2zCLOR7DsQH+7EzNjCFVfH85e0QrDqoD0OhBAqDtZb1O7lS8i62J5PyXgIpcuD+NJMqX80FYu5Kxw=,iv:2ATaeguyBEvYnd+xJ4kV02K0sPZngHhCDqest8aH75U=,tag:mgtq8b+2TRdhF/2itumbwQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

7
secrets/forgejo-runner.env
View file

@ -1,7 +0,0 @@
TOKEN=ENC[AES256_GCM,data:5WnyyafhDtizIzL4VjXYsMFxLTKikS4Lg6rNGoeVbMqXbquutotfcQ==,iv:2QknXqH8eHft9NHy6K17uv2WvSfvDE8HJsaBDfzUlws=,tag:jw0ffCsfhBNBy++W7cyJsg==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHaTZNTmxkMVVuWER0dTZN\nL3N0cDF2bHdpZUNLQWdJMHVjVk5LbnY1OGlVClpya1VhcHdRUW0yUW5CL21mSUJN\nMDU5cFZ1QUppaHZ2dXkwUjgrVFloS3cKLS0tIGNzRWUxSFlXUnR5eFhEQkNOWmRY\nV0dNWWRXVnJCU0duU2dGcWZRWFhMUm8K9dsrIrABcLRZ4pfduYrIaSiEVF+e2OA0\nOGY2eYWAxbgtqBXEX+vLn0eNtoAptpQi2WgOWwVPr1M1+07w7jExBA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2025-08-20T10:03:18Z
sops_mac=ENC[AES256_GCM,data:Su4KI/pxc1hqNzEYoA1iPU2a5Fp9o/SEf2DW+hx0T5sNL8UvUFDELqYUoGvNNuz1/59ZR8cEmNWhao9euBoF0eVoUAVuS6ADKkX8EjXXJY8qR3M7aseweYxRYXADcWLTlrXsK4xWU6z+NKwmdvYzir9N1XEeR+w3fJLBBNPBnZI=,iv:z3e0kJuJsCLrBGDXZZiYERA48bdvxTxCsPnSdUFgtT8=,tag:rW0zsoEKnKRTpJN8pkJ4/A==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

16
secrets/forgejo.yaml
View file

@ -1,16 +0,0 @@
email_password: ENC[AES256_GCM,data:bTFBUQ4ZQO3BYCA9ztly5w==,iv:YRggZh60iv1vvxbxvrv6224ztVUXlvZvp4p5IY4N3wo=,tag:BOQnvUGpiETuR7sP/fp/Pg==,type:str]
sops:
age:
- recipient: age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRV1c0YzBkWFpHTkt4ZXI2
dG9jL1dnNTRmbDNmelNxVHlSQTEzd0pIRFZjCjUwYnRQL1RBMmdTRkFud1M4cTdo
QnlESXlHZWhUUWdXZHpWYlBIMXR4aEUKLS0tIDZ4TUJYZzdHWGJpWVBiUHJVSnhQ
MnpUMzl3ZmhNZ25aWU5YcnVvUTY0c1EKt3q2WUaYFvFvJmLVHT10QbxqdAx1cvKU
ZGVJLxMbvzdNbK1MQacRbY+0JU+79WRG+BehGFxiExhYzNQS00ZQLg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T20:18:15Z"
mac: ENC[AES256_GCM,data:h112brIAuwrVKG2d7lRJvg5lSb6ruNTm+78E9IhBzPRRZJTCqWflp+rK7LpQevmaVgrLGHgF2LEnchzvQW2AMZh8726foQaUDGWhovvKMsnMmsU5axJ5QrKsPIvjpbqBjK3PZrqdVDZl53v6sNdAL8fi2uY0f0ncPOHbLb7E4Ag=,iv:YozwZvXgEA0Asyjcz6VuSIfNNCgoAzOqluLepttEJks=,tag:QpqhqCo//IbTDhMaVSIGqQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

8
secrets/houses.env
View file

@ -1,8 +0,0 @@
EMAIL_PSWD=ENC[AES256_GCM,data:Msh1GU/+/dLhFPcUdjoSuGTNIfrf,iv:q/e6bGIuSqLZhQ9jrcNPZz5Dx24ftubq37mp5Y0aflI=,tag:Uqw06eOXoRWOGHMnmWr8UQ==,type:str]
EMAIL_ADDR=ENC[AES256_GCM,data:1Beva3P2R5DZQlwXo70YOkrAsQ==,iv:kg9jr2/HAK6C6d2LBFqpPstMjZ6h4MWW6QD0CXgnsqA=,tag:Rb1/TMWQYzKaBQPe5zIBqA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJNVRWcjQ2QmxudmdSUzlP\nLzcwSXBib3dQblZSSFFNclMzYlpZdDVmb21vCmJTNjluRC9pV0h2ckpzaUJNcnhV\nZWhrOHVmUHc5cmJpRHYwOWp5TWJlQzgKLS0tIFd3WUw4YUVsZkRHeVR2SkN3dGVB\nZncvU2J4akN6Zlg3TUxYbTdmZ1FZSlEKMXuc+Xwr160bz+uraiwM1pNYpnws27zD\ngEClwqCGUrzcfogleYifnFT324ibk72IdEp95yPKuB9fTP9lYEtt9w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-15T21:58:51Z
sops_mac=ENC[AES256_GCM,data:8Gbu85+JPbHtCJpFsterCWYeDjBRlkydsNAiDm31W17xXHeExXcHB8q57lK/KeNuEfeaMLBIEh7J0wII+Y3LHJmZq4ErZgw/NRm8SGIrPqRtQRA9rIPiAklZEwmcgizEGvAuDMmfdNCGln8CRXLnkkeLqtmK0zqRYnahhL03yxE=,iv:JRF71fqSU02DNiXXq9SIJmNXMjGd+323a/72f6XYUjQ=,tag:7nx6W+HhoBDHhdCm3+0eqw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

7
secrets/mapf-prod.env
View file

@ -1,7 +0,0 @@
MAPF_SECRET: rZGeBaShgtOYxy/8sKwWyTGlFABkAbJ+QcRpr5Vwc1oJddwjye5U2A=ENC[AES256_GCM,data:Xg==,iv:k+gFdGIIcT8y9Qh+pe1BLki+1w5vm+AXDzXRjXyKRgg=,tag:5h9+IDMQ4jpXlMZrc23MoQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpcDhRSXcwSVBoSmVpcW1P\ndGNoSHRMK29jekVIYzR4N1dVclMrVWROd2hjCjNVRWRGTmFTbHNLTytTUGoxSG52\nR3YxS0FqWHk3WFc5cHRSQTNkRWs4Tk0KLS0tIDJ1TkVFY1Q4L1B0YkNhQk9FRlUv\nOUV2aFgwT0t2R3lhRFpJYmptc2RuaTgKzXKb1lXfIYYt0ufluK6KGeKEYaTzg6Zr\n7CYjLaEFTiOcSyjx3ns1v4KvfPkugRX4OHK1vU18WJLUw6dxuOEx9w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-07-20T13:00:34Z
sops_mac=ENC[AES256_GCM,data:InU5BymJGWK+rORfpsW7NnpAspdLHUQvBpFdPbZLE+m8RTLW+f1VE27MOtdTOGKPc5X5yM1YNcHodiiJ4D+L6fG9cHM6dhjmVBWQCVsg5/RiH1V746NSACgdHnY15cUndMjX5ETNr+Ap1VW83SzOUSzpGrd9G/Yczt4yhWb1bGw=,iv:bC8wR+iLQSgGhJHC7Ny60oh+PKFPuH9PklrYyUyzTgY=,tag:UfvIO7p1fufSRyoCktESoA==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

9
secrets/markdown.env
View file

@ -1,9 +0,0 @@
MINIO_ACCESS_KEY=ENC[AES256_GCM,data:ocRHyEiRDLwlu6QUN0t6CIhC,iv:pEjcEeIGOrQZ6cfrsPNgOAUVo6id5uoUm80QCkBWlBo=,tag:dBbWBk1gM9fklQnWFOxFng==,type:str]
MINIO_SECRET_KEY=ENC[AES256_GCM,data:TmIoWFU6KXcou/PX57jHXndtDwWuAWNWzSfXSezUuJ+d+A==,iv:MaMoFlIJw42B3ivZuVScpszgyUAH8RJ4umIrdO8jsew=,tag:Le5+9AhdresYVhM/NY37zQ==,type:str]
SESSION_SECRET=ENC[AES256_GCM,data:KghcYAqFAAau+1h6D9Pyinf4qY0W9FDJid/8VJDBW9uHdyo4QBUJNbB1m7r3Dh9MH4kBfVjwagBAADaYEYLTbKzOSrNGRrdp7+UQhmYH0sQn6Ja4V1VnzMyunLPHojU+apsyvy3dgzLPl5MZ2kfn4NFKX/6RhnbVqOO5ybx60k76rw==,iv:STjAYh/DcX8JUjnPHtEFbL2/2JwC/N0w3wFaDIkUybg=,tag:s9EbeDSkyfCsCyp9OlSO6w==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrb1BDZ1N6U29LVUxmOXBz\nMVNGdTcyZGdrREtwYnZiUDRBUEtkNWtrbEdNCjEvQTdBKy9wbUEzRnJ1Uk9neDhq\nT0ZNWk5tTHRUTDJOTFRiVHNXUnlqUmcKLS0tIEVoQS9pQTZ6eHdKTjRaZFhjSVNY\nNXBWbHpHN1I4UWdNNXpqQkE0YWJ0UHcK0ssbcZUWntiHse1ZkqJwQ4+ta4V2Yk0o\nzJCEClYzuJHPZzdLRMxzgRMYOib8J+oDFrQxG69eE+8x7zzzQdZf0w==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-01-01T15:11:06Z
sops_mac=ENC[AES256_GCM,data:dx1lF7o8cThBDgcnEt4s7KrIv3qQGRww6aIdQ8chAeFFjC7Wfdfsjz+gLn4R/vEzBSRPfly/W4tPbNE6B89st13vCSuIBMLMa8F3JKzmcAarvFmGuRDGnfV+EAHJECviEa/DOBXbg1W4t33dTqont8ZOYD9PtsK7e55yaCPOg2Q=,iv:rCLbIxYS19DXK2QIlYQgwqo+LxaXX6+ZfPm3+Ucl/9Q=,tag:a0lnwcLjSbQ4QV3566osIQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

8
secrets/minio.env
View file

@ -1,8 +0,0 @@
MINIO_ROOT_PASSWORD=ENC[AES256_GCM,data:xo1XpBya+c+0/isGS4Y7dDzpCMQSgdqDniI79YwsC6bk,iv:SE6ueqs3slZqfw1FMwIeOlTWW1c9AEA1rNgElmnmny8=,tag:NPrTkhPlIWkUleQH8rv8Rg==,type:str]
MINIO_ROOT_USER=ENC[AES256_GCM,data:SLD7qLdp9Qw=,iv:nyoJMkFpYCMrENkNWCPtKeSr3VuzJsDAEX1MCcSXSes=,tag:El3t0wLar3GbSTW+ha8lFQ==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2dWhsWEpwUnpwVVNBL2ZS\nbjhUc1h1MXd4YUdYRlg4L3liaE5VRG9GTUZNCjcxMUkveDBtZ1BFMDQ4RURpdFpH\nbjZENFE2OHVDWU1tY2doM1RqcHNtZWcKLS0tIGE1QnZUTWNzTWpXSmU4OThFZVFE\nL0NlVjZwT09XRDdGUnhpZ2VCaVZhNmMKs+v6IrYTbhqZzYcrHwGqHmYsHqQyJAcg\nrplBAzyY8pSPnwDrJnvZpgHJwZFq/UUoVRgLktWomdiWIgC+USysiw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-01-01T15:13:59Z
sops_mac=ENC[AES256_GCM,data:XcT4SHTC+divZHUccpjUu1F8zEeL3Du0IGZqb3Plz/lQC4yFuqZpFs8MAmiFhbw+8PO0w1ESFV33roMIDp1ZSrReUp+Pd8wtqDd3PS087l+yuOExISY0566BR141cujYUw83WO63KNyJf3n35aoFtTUAOZ7ZDPtHG4BVuSXSifM=,iv:q6tCSwsA1dzX11Ml6kwrpVt8JFyRyx3diJqn57eFeCE=,tag:SlMAvzcgBhhGAX1DZrNSSw==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.8.1

21
secrets/mullvad.yaml
View file

@ -1,21 +0,0 @@
mullvad: ENC[AES256_GCM,data:ZzLVUyH32OnyMx5K36PVw4KxL0hMjEco4f88FhRqooaxJMuPhbfth16sgCGhkn9/fv2IE5pJj/oLNmbCQhDfh1SXIbfoV+TAoVNePeHvTZl2oRhMPvhwMM9FYf9+tQqZ2sah7weO7nFt1Z1Ue85h0asiUoIC0Ft16H2IQI3ScNBildajZL2NDXT2zGiEQuPcLzQg4x9qOtB5IBy/3rIA/DGVH4YlDH9jN8InxmV8Q26/1oN7MHIMOd0UQWOQEKggzPZETrY6RDkpEGKPyGqO2oyoLadWsE+TV7cFiT3ULaJSB0ZcNf3ZmkkqJ5zAb5bWztLmPUTDtFPohMcSJulLwXKxooz1RhTjlklZY2dvRF0EfuHQZB5ccJS32c3545HvpQ==,iv:7u0g70YFNlzyt/IJnC3mWjkLEhOwu9C93r7VnZ828EU=,tag:TskCPydRlB38GQdMFQDvrw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJQnNrYXg3ajBycjJ2am5I
cnFrb2doRHhiM3U1emZ0VElWSjY3WVRzKzNBCml0amYzREdtTmk4WHVhYy83cWt1
aDBjN2xiVFQyamczNHBlUS9USWc5Uk0KLS0tIGgrVGhranZ2bjVTd3lJM0NIUVFN
cTgrSlBaK3BVTlBMM0lqd1FRSjVqcXMKnAI3PFSqhRaPGxzuclxj2dp4v/vMRZti
JXoi26CV1UAHlWYcl+bDLPpOl1ti1IFDx+tO5aJJVOEuIi1L8iTibg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-16T12:47:50Z"
mac: ENC[AES256_GCM,data:3tWeubU1vuGc6VbJus6OzAaf5RQ85mCZV3UBT4wpQz+QGUPmDsEqq1B+Pid+viW/Rn9E8gAjiz/nR7pDWGrLH7SIWcpVSm2Psxc5LBhldek5EPtR7SNA8uTX4S5P5/Jj4+9mPHSPu8zR3my/6JrigEYoJdWDSV6B2Jt2HIL2aDQ=,iv:U2MQ/XS1HtQSUJs19cYDYDc6GGvy7SDxzqD4qb40B+8=,tag:zWX8pcuntUlrpgz8erXpIw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

8
secrets/oauth2-proxy.env
View file

@ -1,8 +0,0 @@
OAUTH2_PROXY_CLIENT_SECRET=ENC[AES256_GCM,data:V/98HFTiIsMwLPKlTLG5t9cdGPLQ3267wYA1mW7OZD9HKHu4yl0EnSkS66LV6ANU,iv:iA1OLYXzxEGTWgxjHzrr3TXqQK7JhpjlXO48du+LwSU=,tag:V9K/FuM0LM6+BvEdSYlsSg==,type:str]
OAUTH2_PROXY_COOKIE_SECRET=ENC[AES256_GCM,data:mj4KK93nfPWb/0XGfeLOkgi69KQndghSvbm6Usg258s=,iv:3IZRadYRmP4pZ+7YRZ4ctyhMl6BP2GzqVAmMKijjE44=,tag:I9vIbsUl5YURMTPRJnje+A==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOL0VuWDliWTZIL0dydXRa\nMFc3YzFNeGh5UFNvR3E5UnVBVTlLWjNFT2lrCm4rYlhYZER1RnNuNUFtVDE2VHZD\nakpsbjNXQkY3Sm1nMW56bldUSTE4Uk0KLS0tIFplQ2VmaTIyYy9zcDJwcmgydTRW\nb0w3em1xNG5YVEVRQzlhbWN5aVE2OVkKkxhaO0R7oYVkyPkN24SK0SYe2m2ulma8\nzAsUJ6DmUBZrm/MOx8NDgGnPoF2o+d/Nk8jxeOCdge8oIixeI/i5jw==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2025-08-20T09:03:37Z
sops_mac=ENC[AES256_GCM,data:Lfuo/k0swCDLTXS9qBUrNtGvgO4CoN6NxYOnJJbczzuO00FzVLdr5CoDx0WVP1OaTC06AoQIbURH9azRf/wVsQxlqnrU6/jqRT2YN8ZOasSCfxchcFMavj8iWAM3f5Ib3ITg1VrruKfXCJUNWePqkBz9S4z3YhINyPcJ41oAIyw=,iv:dUliQFPNvWRuto/8BtOkSMOc7TuBRZt89AOD686I2Vo=,tag:uAOJDnSyzlBQziLzyGAQew==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

12
secrets/recipes.env
View file

@ -1,12 +0,0 @@
SECRET_KEY=ENC[AES256_GCM,data:KWZ1ZVt0ql3n4P7o97OXllVEBa5FDm0rZdvZf7vprP6y9U0NkKcrdYSsLr4B6lNjfA==,iv:A7sBP3dswrPEcu0LDEVfX/ZhAy7qO37mwkAoGc0k1n0=,tag:hGwlnxRrpYpZ6Nm26mknEQ==,type:str]
SOCIAL_PROVIDERS=ENC[AES256_GCM,data:jKhtPHbxj28yIT3O4609U3oRkM9n+Y2tmoDgFYrXXlrhBtMI0IopqPef5UAttA==,iv:GZKjJ+bkO9dvjcA8Y06rJ1dQynXr+nvdWut33LrCl9Q=,tag:joRgpsS85Q6ljUUpqQ53oA==,type:str]
SOCIALACCOUNT_PROVIDERS=ENC[AES256_GCM,data:ud6mfmwH7Mw0HuG3N6phugiCdqG2T8JpMYaFZTFIvE9Kwl4Bzpz6IF2qKcTGI6Dx+zTBKrpfsfoZuUoARiUE5Ib6oKXVpO+JUsf1waHpIxot/qKisX3YM6901Ud+u+ofnpB94vzg0ppAcqoiJ+M/PnzFWgEUiQSJBuiBjkZ6uPviCIFwBUYjPqwQkp66Pbftw908rmE302g+LMIUko5Yb7DwDlez44vZuTGiFAf48dgWmQ3gotpqpFCSJeFAsPuXX0T6wWQp3xrEZ/GNoxPSp0lrjQ4rP8OzKML+hj0PfwRB2UeEpfwg7QzyKfr/ugLVVkXgH1zjNYRRtl8awbrlYIprKES80+msfi/KjJ5trV7cAnHzDpkIwCtggLawKq5ZNoYVCTrLlhDyRtYgtRzhhoHd3z6wxPvglxXpa9n9cj7iO9AkmqnWXHHFG4+9HAUzZFX4/w8zSNazRvGXHNAszosH5NlzwruD/RFr9AykJZQIcVJfuW4wKslfGW3nEMzKijJ0GoshSFK/5c4zaBmOX2EDbjs+nZAd7iYJtSUW0iG6yfrmoQIzf29FlCV0dg==,iv:YEcG1KakdP0XB2QGi5qL72bkwgQa3s+u4AVtA/roZvo=,tag:/4kGp3yXXLdiT9vngXsr2A==,type:str]
REMOTE_USER_AUTH=ENC[AES256_GCM,data:FQ==,iv:9sxvJMxdBnDCVhw59VFxEAtplnc5PatqmTdjJslR/xA=,tag:Br66wtmmgsqjUnOgT8qY/Q==,type:str]
SOCIAL_DEFAULT_ACCESS=ENC[AES256_GCM,data:HQ==,iv:NX4blKkmgufydRi0g2GcrribsmL0JD1Wt7SKw9H/phE=,tag:+cNNg47B0WS8//uylNfSNQ==,type:str]
SOCIAL_DEFAULT_GROUP=ENC[AES256_GCM,data:M5X7I48=,iv:Sghrk+50vdwIMKX1t/YS6k1eUZgU/oZl6nPB3uUkqCE=,tag:z2o4wLqM6pEypfg0YPEqlA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1MGU4eUE4VHk3Uk5NMHBk\nZW44UTQ5VWZqRWZ2R09Zdk9XZjBzRzFZREVJCklaNm5KT2RPaDB1Z21STFVvZDFE\nQXZ3VjVTRldhVlVWeGtvdzJPL1RyNlUKLS0tIDVqYTc1dE5Td1NsbWdSbVZHajZz\nZnQ5TkplSXh0WlhDY09FOTg4V3dWdlUK3hW+DyFioTjjEfYJI6viOwHjrk/nCUNo\npGwYm8Ds+9vyDPGMazkUzCdM050y599YStjE7XnsbApMAI5myJ1BNQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-17T15:17:33Z
sops_mac=ENC[AES256_GCM,data:ixkzumZ+2blsD8ztx7dOEqQQRUysyrSu57WZarRm4rlSlcm6817GL7Wt89ktkuUqZvXJ9/uoqsmrVQ7AvDOXa5b5z9aTwXPm2WlH9lQ753qBtlRusJduLku6NDCmiWTm6trgu/+Ri9UdMuTEjgrRaJMZpmYWWT+UPR4Eq1UCaSI=,iv:6PbeWnvNHQ+lq5LZ0tMSslocwwCZlwxszss6FL3uZl0=,tag:v31EioeVkSP6jYCXwYVWVQ==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

11
secrets/reviewqueue.env
View file

@ -1,11 +0,0 @@
#ENC[AES256_GCM,data:wv0EtbYFXXAmf5dLBMv+Z4H3l9WoxF6QVg==,iv:t1BAHNW41you67UkLENuH/Zq8u69+TWzu+oqn/oEY0Q=,tag:RUVpGpUySzjht0PA+y1Fsg==,type:comment]
GITHUB_TOKEN=ENC[AES256_GCM,data:3jzTyFPhgKfnAIeSw8sNifib00swg4Ucf/QVTDUFvQQVClFe+59guGZ7Z9we8zVyoQ+nzIkNsTzW6mZ7tV8vtjKTs35KC8JecdQVewCnyQ4Oa0ODFwEI1SQtz7ti,iv:/v+7yrvEHWf7jkbnMapHbZSJxws6J0sbdCuww+J6Tag=,tag:LxqPKMomUsW4yLAcFR+Hpw==,type:str]
HOST=ENC[AES256_GCM,data:6UAKpEQWCnxqevidVg300euWmYXPQQ==,iv:Fk/OPIJZV4Wnu0N7zgcjEmLUF3Bn3qQAKHtuqfSWoF4=,tag:BjTrsO0GIYKCjF+rVSPSNQ==,type:str]
OAUTH_CLIENT_ID=ENC[AES256_GCM,data:oXhdE2Pkl0+yPf56kjSXSnDwXCo=,iv:p1kv+T8PhdxsYgokOOXCB8XP5TT1nFh8CUuHWJQHWrI=,tag:a/Ezh3CwGrBBZNMW2PKgAA==,type:str]
OAUTH_CLIENT_SECRET=ENC[AES256_GCM,data:yu7/kyk8CtGJ4rgqX1iW0h6/G5dwM7DDe9V+ov3aU7Ueh8tjO4kOIw==,iv:GBtG92pFIBwZBYe6H6hNxOEGyZrk9DX3JdbQF82nwPI=,tag:1h6xOCwq3644lCFCntfwRA==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlSmpaaUNWSGE1c0MzNURJ\nU2QzNFRZdS9ZeDR2TzlhZ3dnbi9wQW5hKzM4CnpjN3JYQkpvUkdsbW9LSWJhcmFF\nb0NjcEgrcE5qKzFmZlhtWVJ5QWZ4cjgKLS0tIE5ubW5idFE1VmVIdkRvdVVvK1Zl\nc2JTR2FCUGo3Q3pzWjhjK3I3MG9WZkEKGa6eY+IpfymIzfkAbGoJziyf9NP5U8xC\nUM0Xj68fstT9GLOg3/Zp1/4tueIO2Dh8omQi2LJZPjdmzY+Ph25IqA==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2025-08-13T16:48:41Z
sops_mac=ENC[AES256_GCM,data:CqtTl2qvFi2yL1GF0ZZpC5336Knbyl4EeVm8NI4pzp3rsIf7JPcqg5e2WUWMNuFFR69Q23plndAsOd8XtIPGoqlKyTnHqMMDLDsPZ0r198+zxbNM/z7ZaiI0YmaVTXkm5MMld+5/9FOUFkJyLqcGj1lMLMQIRRX2rn+ccx/7R48=,iv:puOXtn3haqSOyoUNLFrdOzLlGAeuhhlTdMXaokPV+J4=,tag:GloK7jJo3JvUvq9AnPuIwg==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.10.2

7
secrets/sleep.env
View file

@ -1,7 +0,0 @@
DISCORD_TOKEN=ENC[AES256_GCM,data:r2JY5Ig7yUijarzneODaa2jhhVTFzboaYsx4xrp1T0SiR3Rk6Bz8Uxxj340iYtfotA1RPgWBvuefVS89905GooHpGvgx7gfQx54=,iv:cwkmhBHPEGOfAxjIlSWvRa0Lxyvb5AxRDk7zYS17aig=,tag:H3v7VeALIomL0cABaECyVw==,type:str]
sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaUVlUlJHUjBDWGRaV0JW\nd3VkZ25WbyswWHVtVnlxUUhaVyt5aE5DRENNCkc4eDRHb2tNUmlZWGhNOU16ZXF5\nd2V6c2VhT0laWXc2N0dIckxEZytzaUEKLS0tIGRReUkzWmdNTGtrR0FaNFdtQytT\nMUF2MTVlTzZMTHYvVENCTndhVHFCblUKqH5Wd0rxrOcVCDrt5ntYRlWkw8rv872C\nEOcKYcAyujQwCgAqclpSi7//VkuvWu11LQGkb24bD3LKbT2wLaJ3AQ==\n-----END AGE ENCRYPTED FILE-----\n
sops_age__list_0__map_recipient=age1ygkcl4ss92z5ptzt3w5g4n98qx2c4kagyssm96m5z4c7t299c5wszjchxw
sops_lastmodified=2024-11-15T21:42:42Z
sops_mac=ENC[AES256_GCM,data:p8sTnU3L/g7WwaVdm/tQOWkKM8Jymitxg1EpkprPc1jfsbb7Joa3/bMxsziwUqaHv95ltbJwpvoZpLlKNKz61Kpm0qGZvXdCQsTTBpkxsn7ILKDs1B2DMToHqqZBume9NjrozmjFoR5m8jFvOhSdwVI1o/CLAHc3IJhZPk++3Jo=,iv:UjpYPxcmfzYe311GHGepKsd07HYUmNeqRNlisJz7Qzw=,tag:L2cIsM3QVU48T/Okw2wA5g==,type:str]
sops_unencrypted_suffix=_unencrypted
sops_version=3.9.1

94
users/default.nix Normal file
View file

@ -0,0 +1,94 @@
{ pkgs, inputs, ... }:
{
imports = [
(inputs.self + /modules/users.nix)
];
users.groups.media = { };
custom.users = {
vivian = {
shell = pkgs.zsh;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKME+A5zu36tMIsY+PBoboizgAzt6xReUNrKRBkxvl3i vivian@null"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8llUcEBHsLqotFZc++LNP2fjItuuzeUsu5ObXecYNj vivian@eevee"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
];
};
jana = {
shell = pkgs.fish;
keys = [
# ori (lenovo laptop/desktop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
# bastion (arch server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
# fili (server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
# kili (tudelft laptop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
# nori hp tudelft laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
# oneplus 5 phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
# git deploy key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
];
# Make me admin
groups = [
"systemd-journal"
"wheel"
"networkmanager"
"libvirtd"
"dialout"
];
on = {
pc = true;
};
apply-home-configs = true;
};
laura = {
shell = pkgs.zsh;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
];
};
wffl = {
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbYifrfevSlcZvKSCpJShXGX89dlLdD0wEl5L3CvX6e"
];
groups = [ "media" ];
};
julia = {
shell = pkgs.zsh;
keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfVoCjrBTOH746bJCKQwRgWzjFskNeLQKz73qmd4P3tmiJIFMAim7MiCwtQbxvIUOTZHbG7vRHZ5SwSH/d/wqmESmY1meRH/43uP4YlRRwUFkUHcwEJsVP9dDza0jYuBXVo04B/fuP93W2+aeBPKiSuWrnQ9s2LwRJ/0aqani8xpVn87EXp90aXjdF4iqu7tL4Nn1zUULYOdULrry0j6moUumUhmtkWb0PrTcxZr7BoDz8UH7Fu9G0uK8Xr5dAxs7RgTyFpUWg6h+AKQczMHLluwuRr2m12gWXKZIVO+Sw1PYYuU58Y7+E00KEM1Xy9SnuOW5ZgnxWBqydD+Gc2q67"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCatP3klEjfQPSiJNUc3FRDdz927BG1IzektpouzOZR"
];
groups = [ "media" ];
};
jonathan-brouwer = {
shell = pkgs.zsh;
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP6UDiX8vb4rHV+8Zwaozh8dnCAsPM+fe/4BEfC/xyV jonathantbrouwer@gmail.com"
];
};
};
}

139
users/users.nix
View file

@ -1,139 +0,0 @@
{ pkgs, ... }:
{
users.groups.media = { };
users.extraUsers.vivian = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKME+A5zu36tMIsY+PBoboizgAzt6xReUNrKRBkxvl3i vivian@null"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC8llUcEBHsLqotFZc++LNP2fjItuuzeUsu5ObXecYNj vivian@eevee"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBhJAp7NWlHgwDYd2z6VNROy5RkeZHRINFLsFvwT4b3 vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMMbdjysLnmwJD5Fs/SjBPstdIQNUxy8zFHP0GlhHMJB vivian@bastion"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIfooZjMWXvXZu1ReOEACDZ0TMb2WJRBSOLlWE8y6fUh vivian@aoife"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBMTCUjDbDjAiEKbKmLPavuYM0wJIBdjgytLsg1uWuGc vivian@nord"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM3TqXaApX2JZsgfZd7PKVFMecDgqTHKibpSzgdXNpYAAAAABHNzaDo= solov2-le"
];
};
users.extraUsers.jonathan = {
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# ori (lenovo laptop/desktop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
# bastion (arch server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
# fili (server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
# kili (tudelft laptop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
# nori hp tudelft laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
# oneplus 5 phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
# git deploy key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
];
# Make me admin
extraGroups = [
"systemd-journal"
"wheel"
"networkmanager"
"libvirtd"
"dialout"
"storage"
"syncthing"
"jellyfin"
"media"
];
};
users.extraUsers.jana = {
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
# ori (lenovo laptop/desktop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIET69oniNUA2nJV5+GxQ6XuK+vQbO8Uhtgrp1TrmiXVi jana@ori"
# bastion (arch server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJT6QJcxhUKjvHBv3Bd1rugyfAFUpxIe9cu1Frw3ylL jana@bastion"
# fili (server)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0pmCsQeMMJ0r3o/XN7Zw8YFa9OEqrL3ikoGTK0OUY6 jana@fili"
# kili (tudelft laptop)
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOAXOTU6E06zjK/zkzlSPhTG35PoNRYgTCStEPUYyjeE jana@kili"
# nori hp tudelft laptop
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOSCuEu1kFg8mAgpOuYZ/IH2Ur7LQP7sQrDjcPmerkSx jana@nori"
# oneplus 5 phone
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTqoHEVYxD+mwmZhPj+1+i1P0XmgTxXgSnPdPwFT1vr u0_a484@localhost"
# git deploy key
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgadaDrViJp0Z6fbLBAo9grkmCeNQliIPXe12l3X3i/ jana@deploy"
];
# Make me admin
extraGroups = [
"systemd-journal"
"wheel"
"networkmanager"
"libvirtd"
"dialout"
"storage"
"syncthing"
"jellyfin"
"media"
"nginx"
];
};
users.extraUsers.laura = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBIlFUUXbwOkhNUjoA6zueTdRuaylgpgFqSe/xWGK9zb laura@zmeura"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBVkk9/80askWhInQk03JMntF6SThAYkFZNm+lIGt4E7 laura@mura"
];
};
users.extraUsers.wffl = {
isNormalUser = true;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbYifrfevSlcZvKSCpJShXGX89dlLdD0wEl5L3CvX6e"
];
extraGroups = [ "media" ];
};
users.extraUsers.julia = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfVoCjrBTOH746bJCKQwRgWzjFskNeLQKz73qmd4P3tmiJIFMAim7MiCwtQbxvIUOTZHbG7vRHZ5SwSH/d/wqmESmY1meRH/43uP4YlRRwUFkUHcwEJsVP9dDza0jYuBXVo04B/fuP93W2+aeBPKiSuWrnQ9s2LwRJ/0aqani8xpVn87EXp90aXjdF4iqu7tL4Nn1zUULYOdULrry0j6moUumUhmtkWb0PrTcxZr7BoDz8UH7Fu9G0uK8Xr5dAxs7RgTyFpUWg6h+AKQczMHLluwuRr2m12gWXKZIVO+Sw1PYYuU58Y7+E00KEM1Xy9SnuOW5ZgnxWBqydD+Gc2q67"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCatP3klEjfQPSiJNUc3FRDdz927BG1IzektpouzOZR"
];
extraGroups = [ "media" ];
};
users.extraUsers.jonathan-brouwer = {
isNormalUser = true;
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFP6UDiX8vb4rHV+8Zwaozh8dnCAsPM+fe/4BEfC/xyV jonathantbrouwer@gmail.com"
];
};
}