Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

initial commit. after fucking it up once

Browse source
This commit is contained in:
Ittihadyya 2024-11-03 19:50:18 +02:00
commit b7cea98e99
48 changed files with 3437 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
.gitignore vendored Normal file
View file

@ -0,0 +1,14 @@
# ---> Nix
# Ignore build outputs from performing a nix-build or `nix build` command
result
result-*
# -*- mode: gitignore; -*-
*~
\#*\#
/.emacs.desktop
/.emacs.desktop.lock
*.elc
auto-save-list
tramp
.\#*

7
.sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &personal age12h0ekuyvy244etehyeymz2pt9xxjv7hpe2revateje00xrzj95fqvp2r82
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *personal

147
README.md Normal file
View file

@ -0,0 +1,147 @@
This is the configuration that Ittihadyya uses for their computers. It currently handles 5 computers. `capsaicin`, `menthol`, `glucose`, `fructose` and `aspartame`. The first is a custom-built PC, the second is a thinkpad T460s, the two following that are Lenovo Thinkcentre m92ps and the last one is a VPS hosted by contabo.
### Capsaicin
```
▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ emv@capsaicin
▜███▙ ▜███▙ ▟███▛ -------------
▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20240916.99dc878 (Vicuna) x86_64
▜███▙ ▜██████▛ Kernel: Linux 6.6.51
▟█████████████████▙ ▜████▛ ▟▙ Uptime: 1000 years
▟███████████████████▙ ▜███▙ ▟██▙ Packages: 2203 (nix-system)
▄▄▄▄▖ ▜███▙ ▟███▛ Shell: zsh 5.9
▟███▛ ▜██▛ ▟███▛ Display (LEN G34w-10): 3440x1440 @ 144 Hz in 34″ [External]
▟███▛ ▜▛ ▟███▛ WM: Sway (Wayland)
▟███████████▛ ▟██████████▙ Theme: adw-gtk3 [GTK2/3/4]
▜██████████▛ ▟███████████▛ Font: Ubuntu Nerd Font (10pt) [GTK2/3/4]
▟███▛ ▟▙ ▟███▛ Cursor: Afterglow-Recolored-Dracula-Green (24px)
▟███▛ ▟██▙ ▟███▛ Terminal: -
▟███▛ ▜███▙ ▝▀▀▀▀ CPU: Intel(R) Core(TM) i5-7600K (4) @ 4.20 GHz
▜██▛ ▜███▙ ▜██████████████████▛ GPU: AMD Radeon RX 6650 XT [Discrete]
▜▛ ▟████▙ ▜████████████████▛ Memory: 31.30 GiB
▟██████▙ ▜███▙ Swap: 45.45 GiB
▟███▛▜███▙ ▜███▙ Disk (/): 947.81 GiB - btrfs
▟███▛ ▜███▙ ▜███▙ Disk (/mnt/decrypted): 131.50 GiB - btrfs
▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘ Disk (/mnt/hdd1tb): 800.00 GiB - btrfs
Disk (/mnt/hdd500gb): 457.38 GiB - ext4
Local IP (enp5s0): -
Locale: en_US.UTF-8
```
There isn't much to say about it other than the fact that it is a desktop with a wifi module (that seldom gets used, usually that happens when the ethernet cable is connected to something else for tinkering purposes).
### Menthol
```
▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ emv@menthol
▜███▙ ▜███▙ ▟███▛ -----------
▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20240916.99dc878 (Vicuna) x86_64
▜███▙ ▜██████▛ Host: ThinkPad T460s
▟█████████████████▙ ▜████▛ ▟▙ Kernel: Linux 6.6.51
▟███████████████████▙ ▜███▙ ▟██▙ Uptime: A long long time
▄▄▄▄▖ ▜███▙ ▟███▛ Shell: zsh 5.9
▟███▛ ▜██▛ ▟███▛ Display (LGD0514): 1920x1080 @ 60 Hz in 14″
▟███▛ ▜▛ ▟███▛ Theme: adw-gtk3 [GTK2/3/4]
▟███████████▛ ▟██████████▙ Font: Ubuntu Nerd Font (10pt) [GTK2/3/4]
▜██████████▛ ▟███████████▛ Cursor: Afterglow-Recolored-Dracula-Green (24px)
▟███▛ ▟▙ ▟███▛ Terminal: -
▟███▛ ▟██▙ ▟███▛ CPU: Intel(R) Core(TM) i5-6300U (4) @ 3.00 GHz
▟███▛ ▜███▙ ▝▀▀▀▀ GPU: Intel HD Graphics 520 @ 1.00 GHz [Integrated]
▜██▛ ▜███▙ ▜██████████████████▛ Memory: 11.11 GiB
▜▛ ▟████▙ ▜████████████████▛ Swap: 7.45 GiB
▟██████▙ ▜███▙ Disk (/): 231.02 GiB - btrfs
▟███▛▜███▙ ▜███▙ Local IP (wlp4s0): -
▟███▛ ▜███▙ ▜███▙ Battery 1
▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘ Battery 2
Locale: en_US.UTF-8
```
The only interesting thing about it is the fact that it has a touchscreen, bluetooth and is full of stickers. It gets used when not home and when we need *something* with bluetooth.
### Glucose and Fructose
```
▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ emv@glucose
▜███▙ ▜███▙ ▟███▛ -----------
▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20240916.99dc878 (Vicuna) x86_64
▜███▙ ▜██████▛ Host: ThinkCentre M92p
▟█████████████████▙ ▜████▛ ▟▙ Kernel: Linux 6.6.51
▟███████████████████▙ ▜███▙ ▟██▙ Uptime: A while.
▄▄▄▄▖ ▜███▙ ▟███▛ Packages: 656 (nix-system)
▟███▛ ▜██▛ ▟███▛ Shell: zsh 5.9
▟███▛ ▜▛ ▟███▛ Terminal: -
▟███████████▛ ▟██████████▙ CPU: Intel(R) Core(TM) i5-3470T (4) @ 3.60 GHz
▜██████████▛ ▟███████████▛ GPU: Intel Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller @ 1.10 GHz [Integrated]
▟███▛ ▟▙ ▟███▛ Memory: 7.56 GiB
▟███▛ ▟██▙ ▟███▛ Swap: 14.90 GiB
▟███▛ ▜███▙ ▝▀▀▀▀ Disk (/): 938.97 GiB - btrfs
▜██▛ ▜███▙ ▜██████████████████▛ Local IP (eno1): 10.12.96.4/24
▜▛ ▟████▙ ▜████████████████▛ Locale: en_US.UTF-8
▟██████▙ ▜███▙
▟███▛▜███▙ ▜███▙
▟███▛ ▜███▙ ▜███▙
▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘
▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ emv@fructose
▜███▙ ▜███▙ ▟███▛ ------------
▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20240916.99dc878 (Vicuna) x86_64
▜███▙ ▜██████▛ Host: ThinkCentre M92p
▟█████████████████▙ ▜████▛ ▟▙ Kernel: Linux 6.6.51
▟███████████████████▙ ▜███▙ ▟██▙ Uptime: A bit.
▄▄▄▄▖ ▜███▙ ▟███▛ Packages: 647 (nix-system)
▟███▛ ▜██▛ ▟███▛ Shell: zsh 5.9
▟███▛ ▜▛ ▟███▛ Terminal: -
▟███████████▛ ▟██████████▙ CPU: Intel(R) Core(TM) i5-3470 (4) @ 3.60 GHz
▜██████████▛ ▟███████████▛ GPU: Intel Xeon E3-1200 v2/3rd Gen Core processor Graphics Controller @ 1.10 GHz [Integrated]
▟███▛ ▟▙ ▟███▛ Memory: 7.56 GiB
▟███▛ ▟██▙ ▟███▛ Swap: 29.80 GiB
▟███▛ ▜███▙ ▝▀▀▀▀ Disk (/): 924.07 GiB - btrfs
▜██▛ ▜███▙ ▜██████████████████▛ Local IP (eno1): 10.12.96.9/24
▜▛ ▟████▙ ▜████████████████▛ Locale: en_US.UTF-8
▟██████▙ ▜███▙
▟███▛▜███▙ ▜███▙
▟███▛ ▜███▙ ▜███▙
▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘
```
As can be seen, the only difference between the two is swap space and IP address, something which at the moment is inconsequential. They are going to be used as nodes in a kubernetes cluster ***soon*** (trust).
### Aspartame
```
▗▄▄▄ ▗▄▄▄▄ ▄▄▄▖ emv@aspartame
▜███▙ ▜███▙ ▟███▛ -------------
▜███▙ ▜███▙▟███▛ OS: NixOS 24.11.20240916.99dc878 (Vicuna) x86_64
▜███▙ ▜██████▛ Host: kvm/qemu
▟█████████████████▙ ▜████▛ ▟▙ Kernel: Linux 6.6.51
▟███████████████████▙ ▜███▙ ▟██▙ Uptime: At least 3
▄▄▄▄▖ ▜███▙ ▟███▛ Packages: 649 (nix-system)
▟███▛ ▜██▛ ▟███▛ Shell: zsh 5.9
▟███▛ ▜▛ ▟███▛ Display (QEMU Monitor): 1280x800 @ 75 Hz in 15″
▟███████████▛ ▟██████████▙ Terminal: -
▜██████████▛ ▟███████████▛ CPU: AMD EPYC 7282 (4) @ 2.79 GHz
▟███▛ ▟▙ ▟███▛ GPU: Unknown Device 1111 (VGA compatible)
▟███▛ ▟██▙ ▟███▛ Memory: 5.79 GiB
▟███▛ ▜███▙ ▝▀▀▀▀ Swap: 2.90 GiB
▜██▛ ▜███▙ ▜██████████████████▛ Disk (/): 587.54 GiB - ext4
▜▛ ▟████▙ ▜████████████████▛ Local IP (ens18): -
▟██████▙ ▜███▙ Locale: en_US.UTF-8
▟███▛▜███▙ ▜███▙
▟███▛ ▜███▙ ▜███▙
▝▀▀▀ ▀▀▀▀▘ ▀▀▀▘
```
Not very interesting, besides the fact that it is a VPS. It was made using [`nixos-infect`](https://github.com/elitak/nixos-infect) on top of Contabo's Ubuntu 22 image.
## Files
Modules have a `*.mod.nix` extension, they are loaded in [`flake.nix`](./flake.nix) via magic. Ittihadyya's flake was built, foundationally - at the very least, with heavy inspiration from [sodiboo's flake](https://github.com/sodiboo/system), so the magic of the aforelinked `flake.nix` file is from faer.
`<universal>` applies to every single computer, it contains stuff that we want available *everywhere*. `<personal>` applies to `capsaicin` and `menthol`.
`<cluster>`, at the moment, applies to everything else (*this is called foreshadowing*).
`<cluster-testing>`, as of **Right Now**, only applies to `glucose`.
`<sucrose>` applies to both glucose and fructose.
Secrets are handled by [`sops-nix`](https://github.com/Mic92/sops-nix). How? Magic. Basically, the wanted secrets are declared in [`sops.mod.nix`](./sops.mod.nix) and added to [`secrets.yaml`](./secrets.yaml) via `sops edit secrets.yaml`. For this there is an age key stashed away, more can be grasped, probably, by looking at the aforelinked `sops.mod.nix`.
All files within this repository have the possibility of:
- having eerie vibes.
- calling to the user.
- asking the user for directions to the nearest STUN server.
- spontaneously combusting.
- waging protracted war upon the user.
- telling the user any information in exchange for personal information, then, if it is wrong, it will smite the user.
- periodically altering the user's perception of time, eventually leading to exhaustion if no external stimuli interrupt this.
- reminding the user of the time before names.
- employing a birthday attack upon the Black Moon, to check if it is digitally howling.
- transporting the user into an alternate reality where physical constants are slightly off.

19
_inheritance.mod.nix Normal file
View file

@ -0,0 +1,19 @@
{
merge,
configs,
...
}:
{
#capsaicin is a custom-built PC
capsaicin = merge configs.universal configs.personal;
#menthol is a Lenovo Thinkpad T460s
menthol = merge configs.universal configs.personal;
#glucose and fructose are Lenovo Thinkcentres m92p
glucose = merge (merge configs.universal configs.sucrose) (
merge configs.cluster configs.cluster-testing
);
fructose = merge configs.universal (merge configs.sucrose configs.cluster);
#aspartame is a VPS from Contabo
aspartame = merge configs.universal configs.cluster;
}

72
adyya-pkgs/adyya_pkgs.mod.nix Normal file
View file

@ -0,0 +1,72 @@
{
aspartame.modules = [
(
{ pkgs, lib, ... }:
{
nixpkgs.overlays = [
(
final: prev:
let
caddy-custom = pkgs.callPackage ./caddy-custom.nix { };
in
let
# Caddy Layer4 modules
l4CaddyModules =
lib.lists.map
(name: {
inherit name;
repo = "github.com/mholt/caddy-l4";
version = "3d22d6da412883875f573ee4ecca3dbb3fdf0fd0";
})
[
"layer4"
"modules/l4proxy"
"modules/l4tls"
"modules/l4proxyprotocol"
];
in
{
caddy-default = caddy-custom;
caddy-base = caddy-custom.withPlugins { caddyModules = [ ]; };
caddy-l4 = caddy-custom.withPlugins {
caddyModules = l4CaddyModules;
vendorHash = "sha256-Bz2tR1/a2okARCWFEeSEeVUx2mdBe0QKUh5qzKUOF8s=";
};
caddy-many = caddy-custom.withPlugins {
caddyModules = [
{
name = "transform-encoder";
repo = "github.com/caddyserver/transform-encoder";
version = "f627fc4f76334b7aef8d4ed8c99c7e2bcf94ac7d";
}
{
name = "connegmatcher";
repo = "github.com/mpilhlt/caddy-conneg";
version = "v0.1.4";
}
] ++ l4CaddyModules;
vendorHash = "sha256-OjyJdcbLMSvgkHKR4xMF0BgsuA5kdKgDgV+ocuNHUf4=";
};
}
)
];
}
)
({
nixpkgs.overlays = [
(final: prev: {
gts = final.callPackage ./gts.nix { };
})
];
})
];
personal.modules = [
({
nixpkgs.overlays = [
(final: prev: {
beeref = final.callPackage ./beeref.nix { }; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
})
];
})
];
}

25
adyya-pkgs/beeref.nix Normal file
View file

@ -0,0 +1,25 @@
{
appimageTools,
fetchurl,
lib,
...
}:
let
name = "beeref";
version = "0.3.3";
src = fetchurl {
url = "https://github.com/rbreu/beeref/releases/download/v${version}/${name}-${version}.appimage";
hash = "sha256-pavXKtjOvKY2IUPp+UP0v8WkrpPeNEcNDhqoQtFYszo=";
};
in
appimageTools.wrapType2 {
inherit name version src;
extraPkgs = pkgs: [ pkgs.python311 ];
meta = with lib; {
description = "A Simple Reference Image Viewer";
homepage = "https://github.com/rbreu/beeref";
license = licenses.gpl3Only;
mainProgram = "beeref";
};
}

158
adyya-pkgs/caddy-custom.nix Normal file
View file

@ -0,0 +1,158 @@
{
lib,
buildGoModule,
fetchFromGitHub,
gnused,
installShellFiles,
nixosTests,
caddy,
testers,
stdenv,
}:
let
attrsToModule = map (plugin: plugin.repo);
attrsToVersionedModule = map (
{
repo,
version,
...
}:
lib.escapeShellArg "${repo}@${version}"
);
pname = "caddy";
version = "2.8.4";
dist = fetchFromGitHub {
owner = "caddyserver";
repo = "dist";
rev = "v${version}";
hash = "sha256-O4s7PhSUTXoNEIi+zYASx8AgClMC5rs7se863G6w+l0=";
};
src = fetchFromGitHub {
owner = "caddyserver";
repo = "caddy";
rev = "v${version}";
hash = "sha256-CBfyqtWp3gYsYwaIxbfXO3AYaBiM7LutLC7uZgYXfkQ=";
};
subPackages = [ "cmd/caddy" ];
ldflags = [
"-s"
"-w"
"-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"
];
# matches upstream since v2.8.0
tags = [ "nobadger" ];
nativeBuildInputs = [
gnused
installShellFiles
];
postInstall =
''
install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
substituteInPlace $out/lib/systemd/system/caddy.service \
--replace-fail "/usr/bin/caddy" "$out/bin/caddy"
substituteInPlace $out/lib/systemd/system/caddy-api.service \
--replace-fail "/usr/bin/caddy" "$out/bin/caddy"
''
+ lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# Generating man pages and completions fail on cross-compilation
# https://github.com/NixOS/nixpkgs/issues/308283
$out/bin/caddy manpage --directory manpages
installManPage manpages/*
installShellCompletion --cmd caddy \
--bash <($out/bin/caddy completion bash) \
--fish <($out/bin/caddy completion fish) \
--zsh <($out/bin/caddy completion zsh)
'';
meta = with lib; {
homepage = "https://caddyserver.com";
description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS";
license = licenses.asl20;
mainProgram = "caddy";
maintainers = with maintainers; [
Br1ght0ne
emilylange
techknowlogick
];
};
in
buildGoModule {
inherit
pname
version
src
subPackages
ldflags
tags
nativeBuildInputs
postInstall
meta
;
vendorHash = "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM=";
passthru = {
withPlugins =
{
caddyModules,
vendorHash ? lib.fakeHash,
}:
buildGoModule {
pname = "${caddy.pname}-with-plugins";
inherit
version
src
subPackages
ldflags
tags
nativeBuildInputs
postInstall
meta
;
modBuildPhase = ''
for module in ${toString (attrsToModule caddyModules)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
for plugin in ${toString (attrsToVersionedModule caddyModules)}; do
go get $plugin
done
go mod vendor
'';
modInstallPhase = ''
mv -t vendor go.mod go.sum
cp -r vendor "$out"
'';
preBuild = ''
chmod -R u+w vendor
[ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum}
for module in ${toString (attrsToModule caddyModules)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
'';
inherit vendorHash;
};
tests = {
inherit (nixosTests) caddy;
version = testers.testVersion {
command = "${caddy}/bin/caddy version";
package = caddy;
};
};
};
}

78
adyya-pkgs/gts.nix Normal file
View file

@ -0,0 +1,78 @@
{
lib,
fetchurl,
fetchFromGitHub,
buildGoModule,
nixosTests,
}:
let
owner = "superseriousbusiness";
repo = "gotosocial";
version = "0.17.1";
web-assets = fetchurl {
url = "https://github.com/${owner}/${repo}/releases/download/v${version}/${repo}_${version}_web-assets.tar.gz";
hash = "sha256-rGntLlIbgfCtdqpD7tnvAY8qwF+BpYbQWfAGMhdOTgY=";
};
in
buildGoModule rec {
inherit version;
pname = repo;
src = fetchFromGitHub {
inherit owner repo;
rev = "refs/tags/v${version}";
hash = "sha256-oWWsCs9jgd244yzWhgLkuHp7kY0BQ8+Ay6KpuBVG+U8=";
};
vendorHash = null;
ldflags = [
"-s"
"-w"
"-X main.Version=${version}"
];
tags = [
"kvformat"
];
postInstall = ''
tar xf ${web-assets}
mkdir -p $out/share/gotosocial
mv web $out/share/gotosocial/
'';
# tests are working only on x86_64-linux
# doCheck = stdenv.hostPlatform.isLinux && stdenv.hostPlatform.isx86_64;
# checks are currently very unstable in our setup, so we should test manually for now
doCheck = false;
checkFlags =
let
# flaky / broken tests
skippedTests = [
# See: https://github.com/superseriousbusiness/gotosocial/issues/2651
"TestPage/minID,_maxID_and_limit_set"
];
in
[ "-skip=^${builtins.concatStringsSep "$|^" skippedTests}$" ];
passthru.tests.gotosocial = nixosTests.gotosocial;
meta = with lib; {
homepage = "https://gotosocial.org";
changelog = "https://github.com/superseriousbusiness/gotosocial/releases/tag/v${version}";
description = "Fast, fun, ActivityPub server, powered by Go";
longDescription = ''
ActivityPub social network server, written in Golang.
You can keep in touch with your friends, post, read, and
share images and articles. All without being tracked or
advertised to! A light-weight alternative to Mastodon
and Pleroma, with support for clients!
'';
maintainers = with maintainers; [ blakesmith ];
license = licenses.agpl3Only;
};
}

104
apps.mod.nix Normal file
View file

@ -0,0 +1,104 @@
{ vscode-server, ... }:
{
universal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
ps
wget
libqalculate
magic-wormhole
];
programs = {
# For the love of Fucking please keep them in alphabetical order to soothe my brain
btop = {
enable = true;
};
emacs = {
enable = true;
};
eza = {
enable = true;
git = true;
};
# fastfetch = { # removed from universal as this adds gtk3 and imagemagick to the closure, for some godforsaken reason.
# enable = true;
# };
micro = {
enable = true;
};
ripgrep = {
enable = true;
};
};
}
)
];
universal.modules = [
{
programs.screen.enable = true;
}
];
personal.modules = [
(
{ pkgs, ... }:
{
users.users.emv.extraGroups = [ "video" ];
}
)
];
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
emulsion
ffmpeg
vlc
signal-desktop
discord
obsidian
# calibre # still borked apparently, what the hell
];
programs = {
librewolf = {
enable = true;
};
terminator = {
enable = true;
};
vscode = {
enable = true;
package = pkgs.vscodium;
mutableExtensionsDir = false;
extensions = with pkgs.vscode-extensions; [
rust-lang.rust-analyzer
tuttieee.emacs-mcx
tamasfe.even-better-toml
vadimcn.vscode-lldb
jnoortheen.nix-ide
mkhl.direnv
];
};
};
}
)
vscode-server.homeModules.default
{
services.vscode-server.enable = true;
}
];
capsaicin.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
cryptsetup
keepassxc
];
}
)
];
}

30
art.mod.nix Normal file
View file

@ -0,0 +1,30 @@
{
capsaicin.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
blender # this is because capsaicin is the only one of the two who can take rendering something without starting a forest fire
];
}
)
];
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
krita
inkscape
libresprite
darktable
obs-studio
# pureref # not updated on nixpkgs apparently
beeref
];
}
)
];
}

27
audio.mod.nix Normal file
View file

@ -0,0 +1,27 @@
{
personal.modules = [
{
programs.noisetorch.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
jack.enable = true;
pulse.enable = true;
};
}
];
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
pwvucontrol
pw-volume
pw-viz
];
}
)
];
}

19
cluster/cluster-firewall.mod.nix Normal file
View file

@ -0,0 +1,19 @@
{
cluster-testing.modules = [
# ({
# networking.firewall = {
# allowedTCPPorts = [
# 2379 # embedded etcd clients
# 2380 # idem peers
# 4240 # cilium health checks
# 6443 # k3s server
#
# 10250 # kumetrics server
# ];
# allowedUDPPorts = [
# 8472 # cilium vxlan
# ];
# };
# })
];
}

29
cluster/kernel.mod.nix Normal file
View file

@ -0,0 +1,29 @@
{
cluster-testing.modules = [
(
{ pkgs, lib, ... }:
{
boot.kernelPatches = [
{
name = "eBPF-cilium";
patch = null; # the following are for ebpf, which is required by cilium
extraConfig = ''
BPF y
BPF_SYSCALL y
NET_CLS_BPF y
BPF_JIT y
NET_CLS_ACT y
NET_SCH_INGRESS y
CRYPTO_SHA1 y
CRYPTO_USER_API_HASH y
CGROUPS y
CGROUP_BPF y
PERF_EVENTS y
SCHEDSTATS y
'';
}
];
}
)
];
}

44
cluster/kubernetes.mod.nix Normal file
View file

@ -0,0 +1,44 @@
{
cluster-testing.modules = [
({
services.k3s = {
enable = true;
role = "server";
# token = ""; # Agent nodes are joined to the master node using a node-token which can be found on the master node at /var/lib/rancher/k3s/server/node-token.
clusterInit = true;
# allegedly you need different configs for non-starting nodes, including the ip of a server. you should handle this within nix, preferrably -e
# allegedly: " If you are configuring an HA cluster with an embedded etcd, the 1st server must have clusterInit = true and other servers must connect to it using serverAddr. " # I think you can get around this kinda by pointing to a domain, so that if the server with the address specified in the config fails, others take the request. i am not sure about the details of the implementation - i.e how to do it without giving authority to a specific node. This is more of a theoretical problem, i think, since this only matters when a node starts up and gets to be part of the cluster - after it's included i'm pretty sure it would be fine? Might need to do some testing -e
# this kinda makes sense? like otherwise how would the new clusters know where to connect to ? Because it uses raft, the serverAddr doesn't necessarily have to be the one with clusterInit, as, according to the Raft specification, calls to followers get forwarded to the leader node. -e
extraFlags = [
# "--flannel-backend none"
# "--disable-network-policy"
# "--no-deploy traefik"
]; # --flannel-backend-none and --disable-network-policy prepare the cluster for cillium, which, as far as i can see, i need to install imperatively because it isn't a service or packaged within nixpkgs. The command used is `cilium install --version 1.x.x --set=ipam.operator.clusterPoolIPv4PodCIDRList="10.42.0.0/16"`,replace the x's with whatever version you need, as of 2024.09.20 1.16.1 is the latest (released on the 14th of August 2024, according to their github). Godspeed to future addy if we decide to do package it ourselves or something. -e
# configPath = ./k3s.yaml;
}; # decided to try stock kubernetes since k3s doesn't seem to be working as i intend --- a week later --- YOU BUMBLING MORON YOU ARE ON UNSTABLE AND YOU WERE LOOKING AT 24.05 DOCS
/*
services.kubernetes = {
# flannel.enable = false;
roles = [ "master" "node" ];
masterAddress = "10.12.96.4";
#apiserverAddress = "10.12.96.4:6443";
kubelet = {
enable = true;
extraOpts = "--fail-swap-on=false";
};
scheduler.enable = true;
apiserver ={
enable = true;
advertiseAddress = "10.12.96.4";
securePort = 6443;
};
easyCerts = true;
pki.enable = true;
addons.dns.enable = true;
controllerManager.enable = true;
addonManager.enable = true;
}; #chat is this factual
*/
})
];
}

19
cluster/packages.mod.nix Normal file
View file

@ -0,0 +1,19 @@
{
cluster-testing.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
clang # this is for cilium
llvm_18 # idem
openiscsi # this is for longhorn
kubernetes-helm
cilium-cli # might not need this after all, if i try to install it using helm -e
# kubernetes
# kubectl
# kompose
];
}
)
];
}

38
cluster/virtualisation.mod.nix Normal file
View file

@ -0,0 +1,38 @@
{
cluster.modules = [
({
users.users.emv.extraGroups = [
"podman"
"docker"
];
})
];
sucrose.modules = [
({
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
daemon.settings = {
userland-proxy = false;
ipv6 = false;
data-root = "/home/emv/docker-data-root/";
};
};
})
(
{ pkgs, ... }:
{
environment.systemPackages = [ pkgs.podman-compose ];
virtualisation = {
containers.enable = true;
podman = {
enable = true;
dockerCompat = false;
defaultNetwork.settings.dns_enabled = true;
};
oci-containers.backend = "podman";
};
}
)
];
}

36
dev.mod.nix Normal file
View file

@ -0,0 +1,36 @@
{
universal.home_modules = [
{
programs.git = {
enable = true;
userName = "Ittihadyya";
userEmail = "Ittihadyya@collective-conciousness.monster";
delta.enable = true;
extraConfig = {
core = {
editor = "emacs";
sshCommand = "ssh -i ~/.ssh/id_ed25519";
};
};
};
}
];
personal.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages =
with pkgs;
[
];
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
enableZshIntegration = true;
};
};
}
)
];
}

71
emacs.mod.nix Normal file
View file

@ -0,0 +1,71 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
mupdf
];
programs.emacs = {
extraPackages = epkgs: [
epkgs.org
epkgs.ob-asymptote
epkgs.auctex # latex
epkgs.preview-dvisvgm # in-line latex preview
epkgs.latex-preview-pane
epkgs.pdf-tools
epkgs.obsidian
epkgs.hydra # should be fun
];
extraConfig = ''
;; disable splash screen
(setq inhibit-splash-screen t)
;; auctex stuff
(setq TeX-auto-save t)
(setq TeX-parse-self t)
(setq-default TeX-master nil)
;; to be able to view pdfs, i hope
(require 'doc-view)
(setq doc-view-resolution 144)
(setq doc-view-continuous t) ;; ugh, why isn't this the default
;; obsidian extension
(use-package obsidian
:ensure t
:demand t
:config
(obsidian-specify-path "~/notes/obsidian")
(global-obsidian-mode t)
:custom
;; This directory will be used for `obsidian-capture' if set.
(obsidian-inbox-directory "Inbox")
;; Create missing files in inbox? - when clicking on a wiki link
;; t: in inbox, nil: next to the file with the link
;; default: t
;(obsidian-wiki-link-create-file-in-inbox nil)
;; The directory for daily notes (file name is YYYY-MM-DD.md)
(obsidian-daily-notes-directory "daily_notes")
;; Directory of note templates, unset (nil) by default
;(obsidian-templates-directory "templates")
;; Daily Note template name - requires a template directory. Default: Daily Note Template.md
;(obsidian-daily-note-template "daily-note-template.md")
:bind (:map obsidian-mode-map
;; Replace C-c C-o with Obsidian.el's implementation. It's ok to use another key binding.
("C-c C-o" . obsidian-follow-link-at-point)
;; Jump to backlinks
("C-c C-b" . obsidian-backlink-jump)
;; If you prefer you can use `obsidian-insert-link'
("C-c C-l" . obsidian-insert-wikilink)))
;; obsidian hydra
(bind-key (kbd "C-c M-o") 'obsidian-hydra/body 'obsidian-mode-map)
'';
};
}
)
];
}

524
flake.lock Normal file
View file

@ -0,0 +1,524 @@
{
"nodes": {
"base16": {
"inputs": {
"fromYaml": "fromYaml"
},
"locked": {
"lastModified": 1708890466,
"narHash": "sha256-LlrC09LoPi8OPYOGPXegD72v+//VapgAqhbOFS3i8sc=",
"owner": "SenchoPens",
"repo": "base16.nix",
"rev": "665b3c6748534eb766c777298721cece9453fdae",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "base16.nix",
"type": "github"
}
},
"base16-fish": {
"flake": false,
"locked": {
"lastModified": 1622559957,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=",
"owner": "tomyun",
"repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe",
"type": "github"
},
"original": {
"owner": "tomyun",
"repo": "base16-fish",
"type": "github"
}
},
"base16-helix": {
"flake": false,
"locked": {
"lastModified": 1725860795,
"narHash": "sha256-Z2o8VBPW3I+KKTSfe25kskz0EUj7MpUh8u355Z1nVsU=",
"owner": "tinted-theming",
"repo": "base16-helix",
"rev": "7f795bf75d38e0eea9fed287264067ca187b88a9",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-helix",
"type": "github"
}
},
"base16-vim": {
"flake": false,
"locked": {
"lastModified": 1716150083,
"narHash": "sha256-ZMhnNmw34ogE5rJZrjRv5MtG3WaqKd60ds2VXvT6hEc=",
"owner": "tinted-theming",
"repo": "base16-vim",
"rev": "6e955d704d046b0dc3e5c2d68a2a6eeffd2b5d3d",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "base16-vim",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": [
"stylix",
"systems"
]
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1681202837,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
"lastModified": 1689549921,
"narHash": "sha256-iX0pk/uB019TdBGlaJEWvBCfydT6sRq+eDcGPifVsCM=",
"owner": "SenchoPens",
"repo": "fromYaml",
"rev": "11fbbbfb32e3289d3c631e0134a23854e7865c84",
"type": "github"
},
"original": {
"owner": "SenchoPens",
"repo": "fromYaml",
"type": "github"
}
},
"gnome-shell": {
"flake": false,
"locked": {
"lastModified": 1713702291,
"narHash": "sha256-zYP1ehjtcV8fo+c+JFfkAqktZ384Y+y779fzmR9lQAU=",
"owner": "GNOME",
"repo": "gnome-shell",
"rev": "0d0aadf013f78a7f7f1dc984d0d812971864b934",
"type": "github"
},
"original": {
"owner": "GNOME",
"ref": "46.1",
"repo": "gnome-shell",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1730016908,
"narHash": "sha256-bFCxJco7d8IgmjfNExNz9knP8wvwbXU4s/d53KOK6U0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "e83414058edd339148dc142a8437edb9450574c8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"stylix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1724435763,
"narHash": "sha256-UNky3lJNGQtUEXT2OY8gMxejakSWPTfWKvpFkpFlAfM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c2cd2a52e02f1dfa1c88f95abeb89298d46023be",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1729999765,
"narHash": "sha256-LYsavZXitFjjyETZoij8usXjTa7fa9AIF3Sk3MJSX+Y=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "0e3a8778c2ee218eff8de6aacf3d2fa6c33b2d4f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nix-monitored": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1715016928,
"narHash": "sha256-JZx+enK1RlsMSJGmX/KTpADtxrCPDztQRKpO22LKZZM=",
"owner": "ners",
"repo": "nix-monitored",
"rev": "776e497a13b8b403065d59c45a3fdc07b76a0db1",
"type": "github"
},
"original": {
"owner": "ners",
"repo": "nix-monitored",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1730368399,
"narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1714906307,
"narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730137625,
"narHash": "sha256-9z8oOgFZiaguj+bbi3k4QhAD6JabWrnv7fscC/mt0KE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64b80bfb316b57cdb8919a9110ef63393d74382a",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1729973466,
"narHash": "sha256-knnVBGfTCZlQgxY1SgH0vn2OyehH9ykfF8geZgS95bk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cd3e8833d70618c4eea8df06f95b364b016d4950",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1729951556,
"narHash": "sha256-bpb6r3GjzhNW8l+mWtRtLNg5PhJIae041sPyqcFNGb4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4e0eec54db79d4d0909f45a88037210ff8eaffee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1725194671,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1682134069,
"narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fd901ef4bf93499374c5af385b2943f5801c0833",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nix-index-database": "nix-index-database",
"nix-monitored": "nix-monitored",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable",
"sops-nix": "sops-nix",
"stylix": "stylix",
"vscode-server": "vscode-server"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_3",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1729999681,
"narHash": "sha256-qm0uCtM9bg97LeJTKQ8dqV/FvqRN+ompyW4GIJruLuw=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "1666d16426abe79af5c47b7c0efa82fd31bf4c56",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
"base16-fish": "base16-fish",
"base16-helix": "base16-helix",
"base16-vim": "base16-vim",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"gnome-shell": "gnome-shell",
"home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_4",
"systems": "systems",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-tmux": "tinted-tmux"
},
"locked": {
"lastModified": 1729963473,
"narHash": "sha256-uGjTjvvlGQfQ0yypVP+at0NizI2nrb6kz4wGAqzRGbY=",
"owner": "danth",
"repo": "stylix",
"rev": "04afcfc0684d9bbb24bb1dc77afda7c1843ec93b",
"type": "github"
},
"original": {
"owner": "danth",
"repo": "stylix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
"lastModified": 1696725948,
"narHash": "sha256-65bz2bUL/yzZ1c8/GQASnoiGwaF8DczlxJtzik1c0AU=",
"owner": "tinted-theming",
"repo": "tinted-foot",
"rev": "eedbcfa30de0a4baa03e99f5e3ceb5535c2755ce",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-foot",
"type": "github"
}
},
"tinted-kitty": {
"flake": false,
"locked": {
"lastModified": 1716423189,
"narHash": "sha256-2xF3sH7UIwegn+2gKzMpFi3pk5DlIlM18+vj17Uf82U=",
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-kitty",
"rev": "eb39e141db14baef052893285df9f266df041ff8",
"type": "github"
}
},
"tinted-tmux": {
"flake": false,
"locked": {
"lastModified": 1696725902,
"narHash": "sha256-wDPg5elZPcQpu7Df0lI5O8Jv4A3T6jUQIVg63KDU+3Q=",
"owner": "tinted-theming",
"repo": "tinted-tmux",
"rev": "c02050bebb60dbb20cb433cd4d8ce668ecc11ba7",
"type": "github"
},
"original": {
"owner": "tinted-theming",
"repo": "tinted-tmux",
"type": "github"
}
},
"vscode-server": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1729422940,
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
"owner": "nix-community",
"repo": "nixos-vscode-server",
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-vscode-server",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

127
flake.nix Normal file
View file

@ -0,0 +1,127 @@
{
description = "The Ittihadyya Flake"; # adapted from dearest sodiboo's config and with xir help
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-24.05";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixos-hardware.url = "github:NixOS/nixos-hardware";
nix-monitored.url = "github:ners/nix-monitored";
sops-nix.url = "github:Mic92/sops-nix";
stylix.url = "github:danth/stylix";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
vscode-server.url = "github:nix-community/nixos-vscode-server";
#niri.url = "github:sodiboo/niri-flake";
};
outputs =
{
self,
nixpkgs,
...
}@inputs:
with nixpkgs.lib;
let
match = flip getAttr;
read_dir_recursively =
dir:
concatMapAttrs (
this:
match {
directory = mapAttrs' (subpath: nameValuePair "${this}/${subpath}") (
read_dir_recursively "${dir}/${this}"
);
regular = {
${this} = "${dir}/${this}";
};
symlink = { };
}
) (builtins.readDir dir);
# `const` helper function is used extensively: the function is constant in regards to the name of the attribute.
params = inputs // {
configs = raw_configs;
molecules = {
# number via perfect squares for now, start from 15 squared for personal and 2 squared for others (use primes afterwards, in the same way)
capsaicin = 225; # pc
menthol = 196; # laptop
glucose = 4; # minipc functioning as server node
fructose = 9; # idem
aspartame = 16; # VPS
};
inherit merge extras;
};
# It is important to note, that when adding a new `.mod.nix` file, you need to run `git add` on the file.
# If you don't, the file will not be included in the flake, and the modules defined within will not be loaded.
read_all_modules = flip pipe [
read_dir_recursively
(filterAttrs (flip (const (hasSuffix ".mod.nix"))))
(mapAttrs (const import))
(mapAttrs (const (flip toFunction params)))
];
merge =
prev: this:
{
modules = prev.modules or [ ] ++ this.modules or [ ];
home_modules = prev.home_modules or [ ] ++ this.home_modules or [ ];
}
// (optionalAttrs (prev ? system || this ? system) {
system = prev.system or this.system;
});
all_modules = attrValues (read_all_modules "${self}");
raw_configs' = builtins.zipAttrsWith (
machine: if machine == "extras" then mergeAttrsList else builtins.foldl' merge { }
) all_modules;
raw_configs = builtins.removeAttrs raw_configs' [ "extras" ];
extras = raw_configs'.extras or { };
configs = builtins.mapAttrs (const (
config:
nixpkgs.lib.nixosSystem {
inherit (config) system;
modules = config.modules ++ [
{
_module.args.home_modules = config.home_modules;
}
];
}
)) raw_configs;
in
{
# for use in nix repl
p = s: builtins.trace "\n\n${s}\n" "---";
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations = builtins.mapAttrs (name: const configs.${name}) params.molecules;
# This is useful to rebuild all systems at once, for substitution
all-systems = nixpkgs.legacyPackages.x86_64-linux.runCommand "all-systems" { } (
''
mkdir $out
''
+ (builtins.concatStringsSep "\n" (
mapAttrsToList (name: config: ''
ln -s ${config.config.system.build.toplevel} $out/${name}
'') self.nixosConfigurations
))
);
};
}

20
fonts.mod.nix Normal file
View file

@ -0,0 +1,20 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-cjk-sans
noto-fonts-emoji
fira-code
fira-code-symbols # this is probably redundant, whatever
dina-font
proggyfonts
wqy_zenhei # this is so that hanzi doesn't look like pixel art
nerdfonts # all of them, apparently
];
}
)
];
}

28
games.mod.nix Normal file
View file

@ -0,0 +1,28 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
programs.steam = {
enable = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
};
}
)
];
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
lutris
heroic
];
programs.mangohud.enable = true;
}
)
];
}

153
hardware.mod.nix Normal file
View file

@ -0,0 +1,153 @@
{ nixos-hardware, ... }:
let
config = name: system: additional: {
inherit name;
value = {
inherit system;
modules = [
{
networking.hostName = name;
nixpkgs.hostPlatform = system;
}
] ++ additional;
};
};
filesystem = fsType: path: device: options: {
fileSystems.${path} = {
inherit device fsType;
} // (if options == null then { } else { inherit options; });
};
fs.mergerfs = filesystem "fuse.mergerfs";
fs.btrfs = filesystem "btrfs";
fs.ext4 = filesystem "ext4";
fs.vfat = filesystem "vfat";
swap = device: { swapDevices = [ { inherit device; } ]; };
cpu = brand: { hardware.cpu.${brand}.updateMicrocode = true; };
qemu =
{ modulesPath, ... }:
{
imports = [ "${modulesPath}/profiles/qemu-guest.nix" ];
};
in
{
universal.modules = [
(
{
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [ mergerfs ];
hardware.enableRedistributableFirmware = true;
networking.useDHCP = lib.mkDefault true;
}
)
];
personal.modules = [
{
services.fwupd.enable = true;
}
];
}
// builtins.listToAttrs [
(config "capsaicin" "x86_64-linux" [
(cpu "intel")
(fs.btrfs "/" "/dev/disk/by-uuid/a1a32f8b-847c-4349-8743-05d25950db1d" null)
(fs.btrfs "/mnt/hdd1tb" "/dev/disk/by-uuid/1b1451cd-89ce-4daa-afdb-37ceecbb9484" null)
(fs.ext4 "/mnt/hdd500gb" "/dev/disk/by-uuid/d7a35003-4b60-4a5e-b87a-af7c18eefe04" null)
(fs.vfat "/boot" "/dev/disk/by-uuid/5C2E-B6F1" null)
(swap "/dev/disk/by-uuid/16f09a9c-74ef-4a32-b9c0-d3948d76f3a0")
{
boot.loader.systemd-boot.enable = true;
zramSwap.enable = true;
boot.initrd.kernelModules = [ ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
boot.kernelModules = [
"usbmon"
"v4l2loopback"
];
boot.extraModulePackages = [ ];
}
])
(config "menthol" "x86_64-linux" [
(cpu "intel")
(fs.btrfs "/" "/dev/disk/by-uuid/1a254d99-6480-4557-b3e8-e8ee745f5832" null)
(swap "/dev/disk/by-uuid/455a7c78-fdc3-4dbb-b9f2-9518d960191b")
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
}
])
(config "glucose" "x86_64-linux" [
(cpu "intel")
(fs.btrfs "/" "/dev/disk/by-uuid/abbb549e-19b4-4855-b3c7-0b81ab784b74" null)
(swap "/dev/disk/by-uuid/dc948ee6-94fb-49b2-94d4-317aa41f1a9d")
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"sd_mod"
];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
}
])
(config "fructose" "x86_64-linux" [
(cpu "intel")
(fs.btrfs "/" "/dev/disk/by-uuid/e1b611e6-485f-4c2e-81fa-2fbcb3a7f1ba" null)
(swap "/dev/disk/by-uuid/83c561a1-08b9-4b48-bdfc-102098fd2059")
{
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.kernelModules = [ ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"sd_mod"
];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
}
])
(config "aspartame" "x86_64-linux" [
qemu
(fs.ext4 "/" "/dev/disk/by-uuid/2def7bee-b1e3-49ea-b46c-33f272aaa5b2" null)
{
boot.tmp.cleanOnBoot = true;
zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules = [
"ata_piix"
"uhci_hcd"
"virtio_pci"
"virtio_scsi"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
}
])
]

73
home.mod.nix Normal file
View file

@ -0,0 +1,73 @@
{ home-manager, ... }:
{
universal.modules = [
home-manager.nixosModules.home-manager
(
{ config, pkgs, ... }:
{
users.users.emv = {
isNormalUser = true;
description = "emv";
# shell = pkgs.zsh; # this is scuffed as hell, please, for the love of fuck, make a zsh.mod.nix file sometime
# ignoreShellProgramCheck = true;
extraGroups = [ "wheel" ];
};
home-manager = {
backupFileExtension = "bak";
useGlobalPkgs = true;
useUserPackages = true;
users.emv = {
home.username = "emv";
home.homeDirectory = "/home/emv";
home.stateVersion = "24.05";
imports = config._module.args.home_modules;
};
};
}
)
];
personal.home_modules = [
(
{
lib,
config,
...
}:
{
options.systemd-fuckery = {
auto-restart = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
config = {
home.activation.restartSystemdFuckery =
let
ensureRuntimeDir = "XDG_RUNTIME_DIR=\${XDG_RUNTIME_DIR:-/run/user/$(id -u)}";
systemctl = "env ${ensureRuntimeDir} ${config.systemd.user.systemctlPath}";
each = f: builtins.concatStringsSep "\n" (map f config.systemd-fuckery.auto-restart);
in
lib.mkIf (config.systemd-fuckery.auto-restart != [ ]) (
lib.hm.dag.entryAfter [ "reloadSystemd" ] ''
systemdStatus=$(${systemctl} --user is-system-running 2>&1 || true)
if [[ $systemdStatus == 'running' || $systemdStatus == 'degraded' ]]; then
${
each (unit: ''
run ${systemctl} --user try-restart ${unit}.service
'')
}
else
echo "User systemd daemon not running. Skipping reload."
fi
''
);
};
}
)
];
}

11
locale.mod.nix Normal file
View file

@ -0,0 +1,11 @@
{
universal.modules = [
(
{ config, ... }:
{
time.timeZone = "Europe/Bucharest";
i18n.defaultLocale = "en_US.UTF-8";
}
)
];
}

15
nerd.mod.nix Normal file
View file

@ -0,0 +1,15 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
geogebra6 # geogebra5 currently does not work?
chemtool
avogadro2
];
programs.sagemath.enable = true;
}
)
];
}

23
networking/firewall.mod.nix Normal file
View file

@ -0,0 +1,23 @@
{
universal.modules = [
{
networking.firewall.enable = true;
networking.nftables.enable = true;
}
];
fructose.modules = [
{
networking.firewall = {
allowedUDPPorts = [
# 53 # pihole
# 5894 # couchdb
];
allowedTCPPorts = [
222 # forgejo ssh
3000 # forgejo
# 5894 # couchdb
];
};
}
];
}

237
networking/general.mod.nix Normal file
View file

@ -0,0 +1,237 @@
{
# networking? I sure hope it is. (It was not)
universal.modules = [
(
{ pkgs, lib, ... }:
{
networking.networkmanager = {
enable = true;
plugins = lib.mkForce [ ]; # networkmanager has a shit ton of vpn plugins by default. which we do not care about because we use wireguard. -e
};
networking.usePredictableInterfaceNames = false;
users.users.emv.extraGroups = [ "networkmanager" ];
environment.systemPackages = with pkgs; [
busybox
tcpdump
nmap
];
networking.nameservers = [
"10.24.1.9"
"9.9.9.9"
]; # first is pihole (on fructose currently, after we get kubernetes set up we should figure out how to do it in a better way) second is quad9
}
)
];
personal.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
toybox
];
programs.wireshark.enable = true;
users.users.emv.extraGroups = [ "wireshark" ];
}
)
];
glucose.modules = [
(
{ ... }:
{
networking = {
interfaces.eth0.ipv4.addresses = [
{
address = "10.12.96.4";
prefixLength = 24;
}
];
defaultGateway = {
address = "10.12.96.1";
interface = "eth0";
};
};
}
)
];
fructose.modules = [
(
{ ... }:
{
networking = {
interfaces.eth0.ipv4.addresses = [
{
address = "10.12.96.9";
prefixLength = 24;
}
];
defaultGateway = {
address = "10.12.96.1";
interface = "eth0";
};
};
}
)
];
capsaicin.modules = [
(
{ config, ... }:
{
networking.resolvconf.enable = false;
networking = {
interfaces.eth0.ipv4.addresses = [
{
address = "192.168.88.225";
prefixLength = 24;
}
];
defaultGateway = {
address = "192.168.88.1";
interface = "eth0";
};
};
/*
networking.networkmanager = { # should probably figure out a way to get the default wireless interface? -e --- https://www.networkmanager.dev/docs/api/latest/nm-settings-nmcli.html Godsend
ensureProfiles = {
environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ];
profiles = {
home-wifi = {
connection = {
id = "home-wifi";
permissions = "";
type = "wifi";
interface-name = "wlp4s0";
};
ipv4 = {
method = "manual";
ignore-auto-dns = true;
addresses = "192.168.88.170/24, 10.12.96.226/24";
};
ipv6.method = "disabled";
wifi = {
mode = "infrastructure";
ssid = "$HOME1_SSID";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HOME1_PSK";
};
};
home1eth = {
connection = {
id = "home1eth";
permissions = "";
type = "ethernet";
interface-name = "enp5s0";
};
ipv4 = {
method = "manual";
ignore-auto-dns = true;
addresses = "192.168.88.169/24, 10.12.96.225/24";
};
ipv6.method = "disabled";
ethernet = {
auto-negotiate = true;
mtu = "auto";
};
};
};
};
};
*/
# this doesn't work, for reasons unknown, so i'm commenting it out -e
}
)
];
menthol.modules = [
(
{ config, ... }:
{
hardware.bluetooth = {
enable = true; # menthol is the only computer that actually has a bluetooth module.
powerOnBoot = true; # this will kill the battery, beware.
};
networking.networkmanager = {
# should probably figure out a way to get the default wireless interface?
ensureProfiles = {
environmentFiles = [ "${config.sops.templates."networkmanager.env.secrets.yaml".path}" ];
profiles = {
home2wireless = {
connection = {
id = "home2";
permissions = "";
type = "wifi";
interface-name = "wlp4s0";
};
ipv4 = {
method = "auto";
ignore-auto-dns = true;
};
ipv6.method = "disabled";
wifi = {
mode = "infrastructure";
ssid = "$HOME2_SSID";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HOME2_PSK";
};
};
home1wireless = {
# i don't know if ensureProfiles appends or overwrites so i'm doing this -e
connection = {
id = "home1wireless";
permissions = "";
type = "wifi";
interface-name = "wlp4s0";
};
ipv4 = {
method = "auto";
ignore-auto-dns = true;
};
ipv6.method = "disabled";
wifi = {
mode = "infrastructure";
ssid = "$HOME1_SSID";
};
wifi-security = {
auth-alg = "open";
key-mgmt = "wpa-psk";
psk = "$HOME1_PSK";
};
};
phonehotspot = {
connection = {
id = "phonehotspot";
permissions = "";
type = "wifi";
interface-name = "wlp4s0";
};
ipv4 = {
method = "auto";
ignore-auto-dns = true;
};
ipv6.method = "disabled";
wifi = {
mode = "infrastructure";
ssid = "$PHONE_HOTSPOT_SSID";
};
wifi-security = {
auth-alg = "open";
keu-mgmt = "wpa-psk";
psk = "$PHONE_HOTSPOT-PSK";
};
};
};
};
};
}
)
];
}

40
networking/ssh.mod.nix Normal file
View file

@ -0,0 +1,40 @@
{
universal.modules = [
({
services.openssh = {
enable = true;
settings.PasswordAuthentication = false; # english is a fake language, apparently it's not "authentification", literally go explode, it makes sense but i am still mad -e
# ports = [ 1295 ]; # can just do it on 22 bc of the preceding setting, i think.
openFirewall = true;
banner = "This place is not a place of honor... no highly esteemed deed is commemorated here... nothing valued is here.\nWhat is here was dangerous and repulsive to us.\nThis message is a warning about danger.\n";
};
users.users.emv.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDRf6PfZtcUN5GJ3hcxoxencU2EMRBeu4BIyBSOgKReD emv@capsaicin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2r4QfMmGcPUs4mpYd1YgcLKwwNpBmuHbZVT5VC+8W7 emv@menthol"
];
})
];
personal.home_modules = [
{
programs.ssh = {
enable = true;
matchBlocks =
let
to = hostname: {
inherit hostname;
user = "emv";
identityFile = "~/.ssh/id_ed25519";
};
in
{
glucose = to "glucose.wg";
fructose = to "fructose.wg";
capsaicin = to "capsaicin.wg";
menthol = to "menthol.wg";
aspartame = to "aspartame.wg";
};
};
}
];
}

49
networking/tailscale.mod.nix Normal file
View file

@ -0,0 +1,49 @@
{
# i am shameless, i know -e
aspartame.modules = [
{
services.headscale = {
enable = true;
port = 6562;
settings = {
server_url = "https://vpn.collective-conciousness.monster";
dns.magic_dns = false;
log.level = "warn";
logtail.enables = false;
metrics_listen_addr = "127.0.0.1:6563";
ip_prefixes = [
"100.81.0.0/10"
"fd7a:115c:a1e0::/48"
];
derp.server = {
enable = true;
region_id = 999;
stun_listen_addr = "0.0.0.0:6561";
};
};
};
networking.firewall.allowedUDPPorts = [ 6561 ];
}
];
universal.modules = [
{
services.tailscale = {
enable = true;
openFirewall = true;
useRoutingFeatures = "both";
};
}
];
sucrose.modules = [
{
services.tailscale.extraSetFlags = [
"--advertise-exit-node"
];
}
];
}

201
networking/vpn.mod.nix Normal file
View file

@ -0,0 +1,201 @@
{
self,
nixpkgs,
molecules,
...
}:
let
public-keys = {
capsaicin = "Jn0yQV0qdi1oPdiMSmQSPk4IYbfR2THuiY5pTl7cLgs=";
menthol = "6cDCwXBSC0bpEtpRVtzAFrt+a4BYd2iPjCmQb4xpZnU=";
glucose = "V6oihsGbdxSWpq63jCZbKNfQ9xrMqFTxDDRHh/lQkSc=";
fructose = "mx/TUng1JCNgeUsBKq9mYS2wjOYyL/dACmRYCHbgGVg=";
aspartame = "hd/sxxRJ8vw9yyzN3/WJZN+vYrQCHDWNvd6QqqVobRU=";
};
ip = i: "10.24.1.${toString i}";
subnet = "${ip 0}/24";
ips = builtins.mapAttrs (nixpkgs.lib.const ip) molecules;
ips' = builtins.mapAttrs (name: ip: "${ip}/32") ips;
port-for = builtins.mapAttrs (
machine: { config, ... }: toString config.networking.wireguard.interfaces.wg0.listenPort
) self.nixosConfigurations;
in
{
extras = {
wireguard-ips = ips;
};
universal.modules = [
(
{ config, ... }:
{
networking = {
# i sure hope it is
nat = {
enable = true;
externalInterface = "eth0";
internalInterfaces = [ "wg0" ];
};
firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ];
extraHosts = builtins.concatStringsSep "\n" (
nixpkgs.lib.mapAttrsToList (name: ip: "${ip} ${name}.wg") ips
);
wireguard.interfaces.wg0 = {
ips = [ "${ips.${config.networking.hostName}}/24" ];
listenPort = 46656;
privateKeyFile = config.sops.secrets.wireguard-private-key.path;
};
};
}
)
];
glucose.modules = [
(
{ pkgs, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
endpoint = "10.12.96.9:${port-for.fructose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
];
};
}
)
];
fructose.modules = [
(
{ pkgs, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
endpoint = "10.12.96.4:${port-for.glucose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
];
};
}
)
];
aspartame.modules = [
(
{ pkgs, ... }:
{
boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
networking.wireguard.interfaces.wg0 = {
postSetup = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
postShutdown = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s ${subnet} -o eth0 -j MASQUERADE
'';
peers = [
{
publicKey = public-keys.capsaicin;
allowedIPs = [ ips'.capsaicin ];
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
}
{
publicKey = public-keys.menthol;
allowedIPs = [ ips'.menthol ];
}
];
};
}
)
];
capsaicin.modules = [
{
networking.wireguard.interfaces.wg0.peers = [
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.glucose;
allowedIPs = [ ips'.glucose ];
endpoint = "10.12.96.4:${port-for.glucose}";
persistentKeepalive = 25;
}
{
publicKey = public-keys.fructose;
allowedIPs = [ ips'.fructose ];
endpoint = "10.12.96.9:${port-for.fructose}";
persistentKeepalive = 25;
}
];
}
];
menthol.modules = [
{
networking.wireguard.interfaces.wg0.peers = [
{
publicKey = public-keys.aspartame;
allowedIPs = [ subnet ];
endpoint = "vps.collective-conciousness.monster:${port-for.aspartame}";
persistentKeepalive = 25;
}
];
}
];
}

242
nix.mod.nix Normal file
View file

@ -0,0 +1,242 @@
{
nix-monitored,
molecules,
...
}:
let
garbage-collection-module =
{ lib, ... }:
{
programs.nh.clean = {
enable = true;
extraArgs = "--keep 3 --keep-since 7d";
dates = "Mon..Sun *-*-* 03:00:00";
};
nix.optimise = {
automatic = true;
dates = [ "Mon..Sun *-*-* 04:00:00" ];
};
# there are very few circumstances in which we'd be awake at those times.
systemd.timers =
let
fuck-off.timerConfig = {
Persistent = lib.mkForce false;
RandomizedDelaySec = lib.mkForce 0;
};
in
{
nh-clean = fuck-off;
nix-optimise = fuck-off;
};
};
distributed-build-module =
{ config, ... }:
{
nix.distributedBuilds = true;
nix.buildMachines = [
{
hostName = "capsaicin";
system = "x86_64-linux";
maxJobs = 2;
speedFactor = 3;
}
{
hostName = "glucose";
system = "x86_64-linux";
maxJobs = 3;
speedFactor = 2;
}
{
hostName = "fructose";
system = "x86_64-linux";
maxJobs = 2;
speedFactor = 1;
}
];
};
in
{
universal.modules = [
{
system.stateVersion = "24.05";
nixpkgs.config.allowUnfree = true; # this didn't work?? what.
nix.settings = {
show-trace = true;
experimental-features = [
"nix-command"
"flakes"
];
};
}
(
{ pkgs, ... }:
{
nixpkgs.overlays = [
nix-monitored.overlays.default
(final: prev: {
nix-monitored = prev.nix-monitored.override {
withNotify = true;
};
})
(final: prev: {
nixos-rebuild = prev.nixos-rebuild.override {
nix = prev.nix-monitored;
};
nix-direnv = prev.nix-direnv.override {
nix = prev.nix-monitored;
};
nixmon = prev.runCommand "nixmon" { } ''
mkdir -p $out/bin
ln -s ${prev.nix-monitored}/bin/nix $out/bin/nixmon
'';
})
];
nix.package = pkgs.nix-monitored;
environment.systemPackages = [ pkgs.nixmon ];
programs.nh.enable = true;
}
)
(
{
config,
pkgs,
lib,
...
}:
{
programs.ssh.extraConfig = ''
${builtins.concatStringsSep "" (
lib.mapAttrsToList (name: n: ''
Host ${name}
HostName ${name}.wg
User remote-builder
IdentityFile ${config.sops.secrets.remote-build-ssh-privkey.path}
'') molecules
)}
'';
users.users.remote-builder = {
isSystemUser = true;
group = "remote-builder";
description = "trusted remote builder user";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMedtsko4nwE6u00hLmmm70yBAU9uJJWbzo87BIOfB/ remote-builder"
];
shell = pkgs.runtimeShell;
};
users.groups.remote-builder = { };
nix.settings.trusted-users = [ "remote-builder" ];
}
)
(
{
config,
lib,
...
}:
lib.mkIf
(
# Don't make glucose a substitute for itself. Using glucose at the moment because it is not used for anything else. -e
config.networking.hostName != "glucose"
)
{
nix.settings = {
substituters = [ "https://cache.collective-conciousness.monster" ];
trusted-public-keys = [ "adyya-flake:PAbC0hnAiNj/kHcm9wIykmKIf25FDeXB6JusqlX2ghs=" ];
};
}
)
];
personal.modules = [
{
nixpkgs.config.rocmSupport = true;
}
];
glucose.modules = [
(
{
config,
pkgs,
lib,
...
}:
{
# This is publicly served from https://cache.collective-conciousness.monster
# That's proxied through aspartame via caddy.
services.nix-serve = {
enable = true;
port = 5020;
openFirewall = true;
package = pkgs.nix-serve-ng;
secretKeyFile = config.sops.secrets.binary-cache-secret.path;
};
systemd.timers."auto-update-rebuild" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = "1h";
Unit = "auto-update-rebuild.service";
};
};
systemd.services."auto-update-rebuild" = {
script = ''
mkdir -p /tmp/auto-update-rebuild && cd /tmp/auto-update-rebuild
export PATH=${
lib.makeBinPath (
with pkgs;
[
nix
git
coreutils
]
)
}
nix flake update --flake /home/emv/adyya-flake
'';
serviceConfig = {
Restart = "on-failure";
RestartSec = "15m";
Type = "oneshot";
};
};
}
)
garbage-collection-module
];
menthol.modules = [ distributed-build-module ];
aspartame.modules = [ distributed-build-module ];
capsaicin.modules = [ garbage-collection-module ];
universal.home_modules = [
(
{ pkgs, lib, ... }:
{
home.packages = with pkgs; [
cachix
nil
nurl
nix-diff
nh
nix-output-monitor
nvd
nixfmt-rfc-style
];
}
)
];
}

12
peripherals.mod.nix Normal file
View file

@ -0,0 +1,12 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
programs.adb.enable = true; # #yeag that's it for now lol
users.users.emv.extraGroups = [ "adbusers" ];
services.udev.packages = [ pkgs.android-udev-rules ];
}
)
];
}

40
secrets.yaml Normal file
View file

@ -0,0 +1,40 @@
home1_ssid: ENC[AES256_GCM,data:dNyzJnFqz2Fq,iv:HihJ53fs1+KRGr3KqdMrsGW3ZzW1AHdBDuSEI3JQtfI=,tag:7KJqC4thzJLuXPHqbB4RXA==,type:str]
home2_ssid: ENC[AES256_GCM,data:GLZHRz36eIlp2so=,iv:/pOgsD/FreAaRgQTlYxemWECp+Tp0udI8Sz5MyPSbns=,tag:eK9JaDPhxZYDsd9lWbM7wQ==,type:str]
phone_ssid: ENC[AES256_GCM,data:paVFm6NK,iv:pz6N/gKjYbyk0iIq8YqcB296VUfp3ACbYKSOxEEk45c=,tag:ZZTm6QdtirZqjWcaKVfGpw==,type:str]
phone_psk: ENC[AES256_GCM,data:wFCQyutUmKw=,iv:u/68+6r16RVGZzr/GKLm7MgChamlAl6ddMpYVOW1yZw=,tag:yWGxvhqYbhdYShIB0aaiHA==,type:str]
home1_psk: ENC[AES256_GCM,data:T5sA/OaEobLakzc8R7nu7w==,iv:2WDvlzFxXd/jafRhuuHo177xNOYX0UNKrd1pfGKtKF4=,tag:vwwGp8KsfhIwSmKzLg/w0g==,type:str]
home2_psk: ENC[AES256_GCM,data:THRuWnu8o4g=,iv:TwpFxCNdk7nUdbhJIwEFCzNy04eXmBPble/3hrHSVqM=,tag:I9411LtlgFCIX7jTyxrgNg==,type:str]
wireguard-private-keys:
capsaicin: ENC[AES256_GCM,data:sZlnvVOhMMXFtadYnK3MgcsIKw0+SrEhnigc/hQNhSu69BmgYiURJBIoxGo=,iv:153TnW25jYXLlSXZv1ecPQwI2pLSBbaa9+f2sxqf9CM=,tag:Qc7SJH4ogQbGBwn2Tedh/g==,type:str]
menthol: ENC[AES256_GCM,data:YPn7su3JoAlwZ9YE66xOigJ3iuUEiW9u1azrow45CTg1U954cDpv1bVOu+0=,iv:22nxSieTOriWwl6WtUGlSqhV6ZF9Cy52rPj9c4sU3kg=,tag:m2pBaGg4WuP8VVbanYJP7g==,type:str]
glucose: ENC[AES256_GCM,data:2ODCGVxk07PZ//UwkQcE5ztA68qJ866ZDIKKzs++5pNxtc0/ypvUfeC/uTM=,iv:crKEO6GHlwaXfzfXn3fMZF4JjNBzVkFcN/zV5mXdKbU=,tag:IWrigVoM3s9oKIsJPUxBQw==,type:str]
fructose: ENC[AES256_GCM,data:jlQtaHKAM6SpBt6xxadDH+Vw/lW62KPntA9s1F4LDJ4yCLqAQNZ6Ms+HjXY=,iv:WPbYuFHdG8C6F4gEhK7u23/YqMfHtufUZehrImQCdkY=,tag:lJvNO31NCZZ3V4eB4iJiYg==,type:str]
aspartame: ENC[AES256_GCM,data:n9trmVH7w6OkQcXDCx/rAReB4HS0AT8om+QGOkg5VYrUIK6s55aMmsHwtbc=,iv:CGnN+Ogh5uiwr4MNL+xWnl7euotZos+9VDcHijBpgsQ=,tag:1FQRpQXmaHMo/tNeOJ8qoA==,type:str]
binary-cache-secret: ENC[AES256_GCM,data:oqO12mG6prQWZMDZATSypi6vqth7dmXh4CuXQbTN7dND9MyE4dbNaiN+1jT14Lb5+WSVedojhslfpOt5LIHFRPriJymgEnwlEOjduX1dq/PdLP6PbdgKC0p+MXEYE4OIKVQZaA==,iv:ZM93+Ow26y3/1EV5d30iP5v0pTW9bddeue61FKMfk6U=,tag:/6pxVrp5cv62+F9Dpy/I0w==,type:str]
remote-build-ssh-privkey: ENC[AES256_GCM,data:WuqJMvB5haPTBDpqwoMYN/QMJb0j4RFs8PFQ5x59jv4nOdyHv8AWWShR245ONeov8ax+uk/gcKTQcF9xWX8RyfByvenwcQXo46E1e1XJeU9lYR5HXandbtEeCOs0Se7viAodjk7HomuwDSPEL4RCvUABEUOR0oVyruVYuQUG9ZnDwOGfZ3wD4t4FCubwVZGq7B7cOTVK8ffwc4KJi1IGP1EwA1a0U6icxqFQAbkPRtX+/Fk7FQHWTCFlr/7P8q0eloKJLAiiPE7HA3y06XX0QxvRpmZYsXn4g2aqCOLwXSEYqVQCdBgY0jMCUkILOmUw1dqZNonWuqER8TtTRbT0mApwpeIzHQeeOq6JCA6oxqgcYYj9Cl68A9zVvKSA14Cz448mzegkTomw87useU8TuqtJlMUUlYLmkBAcFj3eRheu550T69WVqI/DuGiB+bA8JH/y19gmKB2COjjHVbwEVspdw0bwXT8xzpL4r5OSEbN/NsvpOoC7q68RNQ8gPU0Q6dFLpeNl3ck5BHYlEpEYFo4PQEhx8vzFUppK,iv:mxO+JHVQL+CAYRKgPsnJU0teIwzour1PIqu3eVke3TE=,tag:wijuKJFzukM27N+BgwUyew==,type:str]
pihole_webpassword: ENC[AES256_GCM,data:/0b14jl+e6S8ZR47ug==,iv:sPu4ctPArYW/dR/W5J+Cg/gOD2fXMh/JlNEa/YohEwk=,tag:KBemhvYYFLTKOTGSMqDYXg==,type:str]
couchdb_admin_pass: ENC[AES256_GCM,data:InV2vswI2um58ST8jTJG01wl,iv:D/VCM1CXJLNORyGJf8D2k8Db4xo2fovsNIMGgEkhIKE=,tag:f/y+D10cFdXXnvEpmLtdyg==,type:str]
couchdb_admin_account: ENC[AES256_GCM,data:iyl1SLoPlpZYUw==,iv:TaA+KmlGeexpEW0H/P1TTowlNbE9UtQC3sREcT7MWRU=,tag:hyfbZR1cfIYTR3CzC/VoEw==,type:str]
gts_db_pass: ENC[AES256_GCM,data:oEdBEFomImyOFiCLGYL3upJZ4yxAm/iACAZlr9AU0Wp9a60=,iv:VzcE8SM8rjkfdTddJVIohW5JLcJPxF2OSfM3T5KZiWQ=,tag:FKMaW+gB3Q4N72rE4kCmkw==,type:str]
forgejo_db_pass: ENC[AES256_GCM,data:/whBxapqWGNMynXCXVxrQv/XS6ivdTUE6YkuKZ2Rk9kIojKQQcg6t52OgC8lgA3TUlGgeUnn,iv:KAIB0z+QvWpErdWYNJllV1Pv3A5MDwZpYP/9ofZkSBI=,tag:BLAtl9XdHf2Aa1KFVRnLGg==,type:str]
postgresdb_admin_password: ENC[AES256_GCM,data:DopfWHTOAwihPa9+197pX3TE03dqWST/7+o=,iv:O9dzjYs9A1vBSp17Kyiz41KllUvpUORCmag0AYe8MNA=,tag:FS0v5us/ANMXweXrSIH2xQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age12h0ekuyvy244etehyeymz2pt9xxjv7hpe2revateje00xrzj95fqvp2r82
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrbEJBYWRFRTUzRDJaN3d1
OGJSTkx4SzJOaitybkt3eDVPZUpqVFZoWmprCkl0aTlpbDlXM1grQjN6UVcveXI4
bi8yKzJIbWxjaTZLRHZOOHBiVm1kOFkKLS0tIEN1WGU0REw3b3VyN1ZZSTlFZUha
NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-03T14:04:07Z"
mac: ENC[AES256_GCM,data:Ux+VhisWUcu9zouDmRi/w8kQQggsIx9PLbFd4FcfNXoYO14QonFd/9FmU7dndzjUYaE5EGHW2rf9uB6zPzAky9F86Nb++iE9yHUWH0VbrWP2hJ5EbjOV/JQcjkC0284T877CVHBN7/FLUiTnIqy2LfPcWER1s3sWo0pm5ia5x0I=,iv:DHhPsc4Ok+hHyNyo9ht1kaw38IzQ4bBjk7cyQFfYngU=,tag:rvJLx3+bd3ystaHd7FGhoA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

29
services/couchdb/couchdb.mod.nix Normal file
View file

@ -0,0 +1,29 @@
{
glucose.modules = [
(
{ config, ... }:
{
# services.couchdb = {
# enable = true;
# adminUser = "Admin";
# adminPass = config.sops.secrets.couchdb_admin_pass
# }; # wanted to do this with the couchdb service. but it has no proper way to handle secrets. so i'm just going to use a container since i don't feel like writing my own couchdb package at the moment
virtualisation.oci-containers = {
containers.couchdb = {
image = "couchdb:3.4.2";
ports = [
"5894:5984"
];
environmentFiles = [
"${config.sops.templates."couchdb.env.secrets.yaml".path}"
];
volumes = [
"/var/services/couchdb/data/:/opt/couchdb/data/"
"/var/services/couchdb/etc:/opt/couchdb/etc/local.d/"
];
};
};
}
)
];
}

41
services/forgejo/forgejo.mod.nix Normal file
View file

@ -0,0 +1,41 @@
{
fructose.modules = [
(
{ config, pkgs, ... }:
{
services.forgejo = {
enable = true;
package = pkgs.forgejo;
stateDir = "/var/services/forgejo";
useWizard = false;
database = {
createDatabase = false;
type = "postgres";
name = "forgejodb";
host = "127.0.0.1";
port = 5432;
user = "forgejo";
passwordFile = "${config.sops.secrets.forgejo_db_pass.path}";
};
dump = {
enable = true;
interval = "02:50";
type = "tar.gz";
};
settings = { # this directly drops stuff in the forgejo app.ini
server = {
DOMAIN = "git.collective-conciousness.monster";
PROTOCOL = "http";
HTTP_PORT = 3000;
SSH_PORT = 222;
ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:443";
};
};
};
}
)
];
}

104
services/gts/gts.mod.nix Normal file
View file

@ -0,0 +1,104 @@
{
aspartame.modules = [
(
{ pkgs, config, ... }:
{
services.gotosocial = {
enable = true;
package = pkgs.gts;
setupPostgresqlDB = false;
openFirewall = true;
environmentFile = config.sops.templates."gts.env.secrets.yaml".path;
settings = {
# # most of these are the defaults but i'm writing them here anyways
### General config
log-level = "info";
log-db-queries = "false";
log-client-ip = "true";
log-timestamp-format = "2006-01-02T15:04:05.000Z07:00";
application-name = "RunFromSocial";
landing-page-user = "root";
host = "gts.collective-conciousness.monster";
account-domain = "";
protocol = "https";
bind-address = "127.0.0.1";
port = 8080;
trusted-proxies = [
"127.0.0.1/32"
"::1"
];
### Database config - still have to set this up.
db-type = "postgres";
db-address = "10.24.1.9";
db-port = "5432";
# db-password = ""; # commented out because it is being passed through env files. # GTS_DB_PASSWORD
db-database = "gtsdb";
db-user = "gts";
db-tls-mode = "disable"; # will probably want to change this at some point ?
db-tls-ca-cert = "";
db-max-open-conns-multiplier = 8;
db-postgres-connection-string = "";
cache.memory-target = "500MiB";
### Web config
web-template-base-dir = "/var/gts/web/template/";
web-asset-base-dir = "/var/gts/web/assets/";
### Instance config
instance-languages = [
"en"
"fr"
"ro"
"zh"
];
instance-federation-mode = "allowlist";
instance-federation-spam-filter = false;
instance-expose-peers = false;
instance-expose-suspended = false;
instance-expose-suspended-web = false;
instance-expose-public-timeline = false;
instance-deliver-to-shared-inboxes = true;
instance-inject-mastodon-version = false;
### Accounts config
accounts-registration-open = false;
accounts-reason-required = true;
accounts-allow-custom-css = true;
accounts-custom-css-length = 10000;
### Media config
media-local-max-size = "1GiB";
media-remote-max-size = "50MiB";
media-description-min-chars = 36;
media-description-max-chars = 16200;
media-emoji-local-max-size = "128KiB"; # may need to increase this in the future.
media-emoji-remote-max-size = "256KiB";
media-ffmpeg-pool-size = 2;
media-remote-cache-days = 7;
media-cleanup-from = "01:00";
media-cleanup-every = "24h";
### Storage config
storage-backend = "local";
storage-local-base-path = "/var/gts/storage";
# ommited settings related to s3
### Statuses config
statuses-max-chars = 8000;
statuses-poll-max-options = 10;
statuses-poll-option-max-chars = 100;
statuses-media-max-files = 12;
### Syslog config
syslog-enabled = true;
syslog-protocol = "";
syslog-address = "";
};
};
}
)
];
}

29
services/pihole/pihole.mod.nix Normal file
View file

@ -0,0 +1,29 @@
{
fructose.modules = [
(
{ config, ... }:
{
virtualisation.oci-containers = {
containers.pihole = {
image = "pihole/pihole:latest";
ports = [
"53:53/tcp"
"53:53/udp"
"800:80"
];
environmentFiles = [
"${config.sops.templates."pihole.env.secrets.yaml".path}"
];
environment = {
TZ = "Europe/Bucharest";
};
volumes = [
"/var/services/pihole/etc-pihole/:/etc/pihole/"
"/var/services/pihole/etc-dnsmasq.d/:/etc/dnsmasq.d/"
];
};
};
}
)
];
}

116
services/postgres/postgres.mod.nix Normal file
View file

@ -0,0 +1,116 @@
{
fructose.modules = [
/*
(
{ config, pkgs, lib, ... }:
{
systemd.services.postgresql.serviceConfig.TimeoutSec = lib.mkForce "infinity";
services.postgresql = {
enable = true;
checkConfig = true;
package = pkgs.postgresql_17;
dataDir = "/var/services/postgres/";
ensureDatabases = [
"forgejo"
"gts"
];
ensureUsers = [
{
name = "forgejo";
ensureDBOwnership = true;
ensureClauses = {
login = true;
};
}
{
name = "gts";
ensureDBOwnership = true;
ensureClauses = {
login = true;
};
}
];
settings = {
# connection
listen_addresses = lib.mkForce "127.0.0.1";
port = 5432;
unix_socket_directories = "/var/services/postgres/postgres.sock";
# auth
password_encryption = "scram-sha-256";
# ssl
ssl = false;
#log
log_connections = true;
log_directory = "/var/services/postgres/log";
logging_collector = true;
log_disconnections = true;
};
};
services.postgresqlBackup = {
enable = true;
location = "/var/services/postgresbackup/";
compression = "gzip";
backupAll = true;
startAt = "*-*-* 3:20:00";
};
# services.pgadmin = {
# enable = true;
# initialEmail = "pgadmin@collective-conciousness.monster";
# initialPasswordFile = "${config.sops.secrets.pgadmin_pass.path}";
# openFirewall = true;
# port = 5050;
# settings = {
# STRICT_TRANSPORT_SECURITY_ENABLED = true;
# ALLOWED_HOSTS = [
# "127.0.0.1"
# "10.24.1.225"
# "10.24.1.196"
# ];
# };
# };
}
)
*/
#doesn't seem to work so i'm just gonna make a container for it at the moment.
(
{
config,
pkgs,
lib,
...
}:
{
virtualisation.oci-containers = {
containers.postgres = {
image = "postgres:17";
ports = [
"5432:5432"
];
environmentFiles = [
"${config.sops.templates."postgresdb.env.secrets.yaml".path}"
];
volumes = [
"/var/services/postgresdb/data:/var/lib/postgresql/data/"
];
};
containers.adminer = {
image = "adminer:latest";
ports = [
"5433:8080"
"5434:53"
];
dependsOn = [ "postgres" ];
};
};
}
)
];
}

44
services/website/Caddyfile Normal file
View file

@ -0,0 +1,44 @@
{
layer4 {
:222 {
@a ssh
route @a {
proxy 10.24.1.9:222
}
}
}
}
https://collective-conciousness.monster {
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536001; includeSubdomains; preload"
}
root * /var/www/public
file_server
}
https://git.collective-conciousness.monster {
reverse_proxy 10.24.1.9:3000
}
https://obs.collective-conciousness.monster {
reverse_proxy 10.24.1.4:5894
}
https://gts.collective-conciousness.monster {
# Optional, but recommended, compress the traffic using proper protocols
encode zstd gzip
# The actual proxy configuration to port 8080 (unless you've chosen another port number)
reverse_proxy 127.0.0.1:8080 {
# Flush immediately, to prevent buffered response to the client
flush_interval -1
}
}
https://cache.collective-conciousness.monster {
encode zstd gzip
reverse_proxy 10.24.1.4:5020
}

14
services/website/website-content.mod.nix Normal file
View file

@ -0,0 +1,14 @@
{
aspartame.modules = [
(
{ pkgs, lib, ... }:
{
services.caddy = {
enable = true;
package = pkgs.caddy-many;
configFile = ./Caddyfile;
};
}
)
];
}

19
services/website/website-firewall.mod.nix Normal file
View file

@ -0,0 +1,19 @@
{
aspartame.modules = [
({
services.fail2ban.enable = true;
networking.firewall = {
interfaces.eth0.allowedTCPPorts = [
80
222 # this is for forgejo
443
];
};
})
];
fructose.modules = [
{
networking.firewall.interfaces.eth0.allowedTCPPorts = [ 222 ]; # when someones tries to ssh to forgejo, it goes -> aspartame -> fructose -> forgejo-container --- so fructose also needs this port open.
}
];
}

12
services/website/website.mod.nix Normal file
View file

@ -0,0 +1,12 @@
{
aspartame.modules = [
(
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
zola
];
}
)
];
}

104
sops.mod.nix Normal file
View file

@ -0,0 +1,104 @@
{ sops-nix, ... }:
{
universal.modules = [
sops-nix.nixosModules.sops
{
sops.defaultSopsFile = ./secrets.yaml;
sops.defaultSopsFormat = "yaml";
# sync ~/.ssh/sops out-of-band
# ssh-to-age -private-key -i ~/.ssh/sops > ~/.config/sops/age/keys.txt
sops.age.keyFile = "/home/emv/.config/sops/age/keys.txt";
}
(
{ config, ... }:
{
sops.secrets.wireguard-private-key = {
key = "wireguard-private-keys/${config.networking.hostName}";
};
}
)
({
sops.secrets.remote-build-ssh-privkey = { };
})
];
aspartame.modules = [
(
{ config, ... }:
{
sops.secrets.gts_db_pass = { };
sops.templates."gts.env.secrets.yaml".content = ''
GTS_DB_PASSWORD = "${config.sops.placeholder."gts_db_pass"}"
'';
}
)
];
glucose.modules = [
({
sops.secrets.binary-cache-secret = { };
})
(
{ config, ... }:
{
sops.secrets.couchdb_admin_pass = { };
sops.secrets.couchdb_admin_account = { };
sops.templates."couchdb.env.secrets.yaml".content = ''
COUCHDB_PASSWORD = "${config.sops.placeholder."couchdb_admin_pass"}"
COUCHDB_USER = "${config.sops.placeholder."couchdb_admin_account"}"
'';
}
)
];
fructose.modules = [
(
{ config, ... }:
{
sops.secrets.pihole_webpassword = { };
sops.templates."pihole.env.secrets.yaml".content = ''
WEBPASSWORD="${config.sops.placeholder."pihole_webpassword"}"
'';
}
)
(
{config, ...}: {
sops.secrets.postgresdb_admin_password = { };
sops.secrets.forgejo_db_pass = { };
sops.templates."postgresdb.env.secrets.yaml".content = ''
POSTGRES_PASSWORD="${config.sops.placeholder."postgresdb_admin_password"}"
'';
}
)
];
personal.modules = [
(
{ config, ... }:
{
sops.secrets.home1_ssid = { };
sops.secrets.home1_psk = { };
sops.secrets.home2_ssid = { };
sops.secrets.home2_psk = { };
sops.secrets.phone_ssid = { };
sops.secrets.phone_psk = { };
sops.templates."networkmanager.env.secrets.yaml".content = ''
HOME1_SSID="${config.sops.placeholder."home1_ssid"}"
HOME2_SSID="${config.sops.placeholder."home2_ssid"}"
PHONE_HOTSPOT_SSID="${config.sops.placeholder."phone_ssid"}"
HOME1_PSK="${config.sops.placeholder."home1_psk"}"
HOME2_PSK="${config.sops.placeholder."home2_psk"}"
PHONE_HOTSPOT_PSK="${config.sops.placeholder."phone_psk"}"
'';
}
)
];
universal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
sops
age
];
}
)
];
}

89
stylix.mod.nix Normal file
View file

@ -0,0 +1,89 @@
{ stylix, ... }:
let
wallpapers =
builtins.mapAttrs
(
name: value:
{
lib,
pkgs,
...
}:
{
stylix.image = pkgs.fetchurl {
url = value.url;
hash = value.hash or lib.fakeHash;
};
}
)
{
sekiro.url = "https://w.wallhaven.cc/full/vg/wallhaven-vgor6p.jpg";
sekiro.hash = "sha256-pcNIr1yON9SsOhUAr//GGbijZayksBTYBu7l+/1+He8=";
};
in
{
personal.modules = [
stylix.nixosModules.stylix
(
{
pkgs,
config,
...
}:
{
stylix.enable = true;
stylix.polarity = "dark";
stylix.fonts.monospace.package = pkgs.nerdfonts;
stylix.fonts.monospace.name = "FiraCode Nerd Font";
stylix.fonts.sansSerif.package = pkgs.nerdfonts;
stylix.fonts.sansSerif.name = "Ubuntu Nerd Font";
stylix.fonts.serif = config.stylix.fonts.sansSerif;
stylix.fonts.sizes.applications = 10;
stylix.fonts.sizes.desktop = 12;
stylix.cursor.package = pkgs.afterglow-cursors-recolored;
stylix.cursor.name = "Afterglow-Recolored-Dracula-Green";
stylix.cursor.size = 24;
stylix.opacity.terminal = 0.9;
}
)
];
capsaicin.modules = [
wallpapers.sekiro
];
menthol.modules = [
wallpapers.sekiro
];
personal.home_modules = [
{
stylix.targets.vscode.enable = false;
}
(
{
lib,
pkgs,
config,
...
}:
{
systemd-fuckery.auto-restart = [ "swaybg" ];
systemd.user.services."swaybg" = {
Unit = {
Description = "wallpapers! brought to you by stylix! :3";
PartOf = [ "graphical-session.target" ];
};
Install.WantedBy = [ "graphical-session.target" ];
Service = {
ExecStart = "${lib.getExe pkgs.swaybg} -i ${config.stylix.image}";
Restart = "on-failure";
};
};
}
)
];
}

31
sway.mod.nix Normal file
View file

@ -0,0 +1,31 @@
{
personal.modules = [
(
{ pkgs, ... }:
{
programs.sway = {
enable = true;
package = pkgs.swayfx;
};
environment.systemPackages = with pkgs; [
swayrbar
];
}
)
];
personal.home_modules = [
(
{ pkgs, ... }:
{
home.packages = with pkgs; [
slurp
grim
rofi-wayland
swaybg
wl-clipboard
];
}
)
];
}

33
tex.mod.nix Normal file
View file

@ -0,0 +1,33 @@
{
personal.home_modules = [
(
{ pkgs, ... }:
{
programs.texlive = {
enable = true;
packageSet = pkgs.texlive;
extraPackages = tpkgs: {
inherit (tpkgs)
scheme-medium
dvisvgm
dvipng # in-place output
wrapfig
amsmath
ulem
hyperref
capt-of
etoolbox # various for the default config from emacs
latex-uni8
mlmodern # annoying font stuff
asymptote
systeme
xstring
;
#(setq org-latex-compiler "pdflatex")
#(setq org-preview-latex-default-process "dvisvgm")
};
};
}
)
];
}

40
zsh.mod.nix Normal file
View file

@ -0,0 +1,40 @@
{
universal.modules = [
(
{ pkgs, ... }:
{
programs.zsh = {
enable = true;
};
users.defaultUserShell = pkgs.zsh;
}
)
];
universal.home_modules = [
{
programs = {
zsh = {
enable = true;
shellAliases = {
l = "eza --long --all --icons --time-style long-iso";
};
};
bash.enable = true; # just in case
};
}
];
personal.home_modules = [
{
programs.zsh.shellAliases = {
screenshot = "slurp | grim -g - - | wl-copy";
};
}
];
capsaicin.home_modules = [
{
programs.zsh.shellAliases = {
decrypt = "sudo cryptsetup --verbose luksOpen /dev/disk/by-uuid/08affe8f-ca2e-4f87-9f08-31faeca92a17 decrypted-data && sudo cryptsetup --verbose status decrypted-data && sudo mount /dev/mapper/decrypted-data /mnt/decrypted";
};
}
];
}