asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: asmir:dee5594c1c96a9be39d7e340c49e09474f801443
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2
..
compare: asmir:magento2
Branches Tags
asmir:master asmir:nftables_transition asmir:gitea_typst asmir:magento2

1 Commits
dee5594c1c ... magento2

Author SHA1 Message Date
Asmir A
f70118c33f add magento2 module 2023-07-03 22:48:55 +02:00
39 changed files with 621 additions and 2676 deletions
Expand all files Collapse all files

1
.nixd.json
View File

@@ -1 +0,0 @@
{"formatting":{"command":"alejandra"}}

1
README.md Normal file
View File

@@ -0,0 +1 @@
NixOS configuration using nix flakes and home-manager

3
README.txt
View File

@@ -1,3 +0,0 @@
NixOS configuration using nix flakes and home-manager
Main repository found at: https://git.project-cloud.net/asmir/nixos_flake_config

312
blue/configuration.nix
View File

@@ -1,312 +0,0 @@
{
config,
pkgs,
lib,
...
}: {
imports = [
];
system.stateVersion = "23.05";
system.autoUpgrade.enable = true;
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings.experimental-features = ["nix-command" "flakes"];
};
boot = {
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
supportedFilesystems = ["btrfs"];
tmpOnTmpfs = true;
initrd.compressor = "zstd";
loader.systemd-boot = {
enable = true;
editor = false;
memtest86.enable = true;
};
loader.efi.canTouchEfiVariables = true;
readOnlyNixStore = true;
};
security = {
rtkit.enable = true;
allowSimultaneousMultithreading = true;
sudo.enable = false;
doas.enable = true;
doas.extraRules = [
{
users = ["akill"];
keepEnv = true;
persist = true;
}
];
};
powerManagement = {
enable = true;
};
networking = {
firewall.enable = true;
hostName = "blue";
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager = {
enable = true;
dns = "none";
/*
wifi.backend = "iwd";
*/
};
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs = {
gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
zsh.enable = true;
firejail.enable = true;
adb.enable = true;
wireshark.enable = true;
sway.enable = true;
};
# List services that you want to enable:
systemd = {
services = {
"caps2esc" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/*-kbd | \
/opt/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/*-kbd \
'';
};
};
extraConfig = ''
DefaultTimeoutStartSec=30s
DefaultTimeoutStopSec=30s
'';
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = false;
printing.enable = true;
nextcloud = {
enable = true;
hostName = "localhost";
config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
};
jellyfin = {
enable = false;
user = "akill";
openFirewall = false;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
xserver = {
enable = true;
dpi = 144;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager = {
lightdm.enable = false;
startx.enable = true;
defaultSession = "none+i3";
};
windowManager.i3.enable = true;
};
udev.packages = [pkgs.rtl-sdr pkgs.openhantek6022];
tlp = {
enable = true;
};
actkbd = {
enable = true;
bindings = [
{
keys = [113];
events = ["key"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
}
{
keys = [114];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
}
{
keys = [115];
events = ["key" "rep"];
command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
}
{
keys = [224];
events = ["key"];
command = "${pkgs.light}/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "${pkgs.light}/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
};
fonts = {
fontconfig = {
cache32Bit = true;
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = ["JetBrainsMono"];
};
};
fonts = with pkgs; [
dejavu_fonts
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
inconsolata
iosevka
jetbrains-mono
liberation_ttf
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
proggyfonts
siji
terminus_font
terminus_font_ttf
ubuntu_font_family
];
};
virtualisation = {
containers.storage.settings = {
storage = {
driver = "btrfs";
graphroot = "/var/lib/containers/storage";
runroot = "/run/containers/storage";
};
};
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = true;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout"];
};
}

71
blue/hardware-configuration.nix
View File

@@ -1,71 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."enc_root".device = "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=log" "compress=zstd" "noatime"];
neededForBoot = true;
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
fsType = "btrfs";
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/6C85-D29B";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

70
common/suspend.nix
View File

@@ -1,70 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.batteryNotifier;
in {
options = {
services.batteryNotifier = {
enable = mkOption {
default = false;
description = ''
Whether to enable battery notifier.
'';
};
device = mkOption {
default = "BAT0";
description = ''
Device to monitor.
'';
};
notifyCapacity = mkOption {
default = 10;
description = ''
Battery level at which a notification shall be sent.
'';
};
suspendCapacity = mkOption {
default = 5;
description = ''
Battery level at which a suspend unless connected shall be sent.
'';
};
};
};
config = mkIf cfg.enable {
systemd.user.timers."lowbatt" = {
description = "check battery level";
timerConfig.OnBootSec = "1m";
timerConfig.OnUnitInactiveSec = "1m";
timerConfig.Unit = "lowbatt.service";
wantedBy = ["timers.target"];
};
systemd.user.services."lowbatt" = {
description = "battery level notifier";
serviceConfig.PassEnvironment = "DISPLAY";
script = ''
export battery_capacity=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/capacity)
export battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_capacity -le ${builtins.toString cfg.notifyCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Low" "You should probably plug-in."
fi
if [[ $battery_capacity -le ${builtins.toString cfg.suspendCapacity} && $battery_status = "Discharging" ]]; then
${pkgs.libnotify}/bin/notify-send --urgency=critical --hint=int:transient:1 --icon=battery_empty "Battery Critically Low" "Computer will suspend in 60 seconds."
sleep 60s
battery_status=$(${pkgs.coreutils}/bin/cat /sys/class/power_supply/${cfg.device}/status)
if [[ $battery_status = "Discharging" ]]; then
systemctl suspend
fi
fi
'';
};
};
}

82
nixy/configuration.nix → configuration.nix
View File

@@ -1,12 +1,13 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
caps2esc,
nix-xilinx,
sops-nix,
system,
nvim,
zremap,
...
}: {
imports = [];
@@ -14,12 +15,9 @@
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.keyFile = config.users.users.akill.home + "/.config/sops/age/keys.txt";
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
@@ -28,28 +26,22 @@
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
sandbox = true;
experimental-features = ["nix-command" "flakes"];
trusted-public-keys = [
"binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU="
];
};
};
boot = {
extraModulePackages = with config.boot.kernelPackages; [usbip v4l2loopback];
extraModulePackages = with config.boot.kernelPackages; [usbip];
initrd.compressor = "zstd";
initrd.kernelModules = ["amdgpu"];
binfmt.emulatedSystems = ["wasm32-wasi" "x86_64-windows"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["psmouse.synaptics_intertouch=0" "mem_sleep_default=deep"];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
kernelParams = ["psmouse.synaptics_intertouch=0"];
loader.efi.canTouchEfiVariables = true;
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
loader.systemd-boot.editor = false;
loader.systemd-boot.enable = true;
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
@@ -84,13 +76,12 @@
dhcpcd.extraConfig = "nohook resolv.conf";
extraHosts = ''
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 jellyseerr.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.230 mediabox.lan
192.168.88.230 jellyfin.mediabox.lan
192.168.88.230 deluge.mediabox.lan
192.168.88.230 binarycache.mediabox.lan
192.168.88.231 workstation.lan
192.168.88.121 ender.lan
192.168.88.1 router.lan
'';
networkmanager = {
@@ -113,11 +104,8 @@
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nix-xilinx.overlay nvim.overlays.${system}.overlay];
nixpkgs.overlays = [nix-xilinx.overlay];
environment = {
extraInit = ''
unset -v SSH_ASKPASS
'';
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
@@ -139,15 +127,16 @@
# List services that you want to enable:
systemd = {
services = {
"zremap" = {
"caps2esc" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.${system}}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
${pkgs.interception-tools}/bin/intercept \
-g /dev/input/by-path/platform-i8042-serio-0-event-kbd | \
${caps2esc.defaultPackage.x86_64-linux}/bin/caps2esc | ${pkgs.interception-tools}/bin/uinput \
-d /dev/input/by-path/platform-i8042-serio-0-event-kbd \
'';
};
};
@@ -185,21 +174,18 @@
startx.enable = true;
defaultSession = "none+i3";
};
windowManager.i3.enable = false;
windowManager.i3.enable = true;
};
udev = {
packages = [pkgs.rtl-sdr pkgs.openhantek6022 pkgs.openocd];
packages = [pkgs.openocd pkgs.rtl-sdr pkgs.openhantek6022];
extraRules = ''
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx FTDI
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666"
#Xilinx Digilent
ATTR{idVendor}=="1443", MODE:="666"
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
#Arduino UNO r4
SUBSYSTEMS=="usb", ATTRS{idVendor}=="2341", MODE:="0666"
#Xilinx Digilent
ATTR{idVendor}=="1443", MODE:="666"
ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666"
'';
};
@@ -207,12 +193,6 @@
enable = true;
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
actkbd = {
enable = true;
bindings = [
@@ -289,7 +269,7 @@
};
};
packages = with pkgs; [
fonts = with pkgs; [
dejavu_fonts
dina-font
fira-code

452
flake.lock generated
View File

@@ -1,54 +1,24 @@
{
"nodes": {
"blobs": {
"flake": false,
"caps2esc": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1604995301,
"narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
"lastModified": 1684616473,
"narHash": "sha256-e8/7jWl2EA1UROhd9L+D9kLdd5SoFYWi+56n2jer7g4=",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"rev": "4ebc36bef4f4548566df14d94c9c9907e7a76e78",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "blobs",
"owner": "asmir.abdulahovic",
"repo": "caps2esc",
"type": "gitlab"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@@ -64,14 +34,14 @@
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
"narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "009399224d5e398d03b22badca40a37ac85412a1",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
@@ -80,39 +50,6 @@
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-root": {
"locked": {
"lastModified": 1692742795,
"narHash": "sha256-f+Y0YhVCIJ06LemO+3Xx00lIcqQxSKJHXT/yk1RTKxw=",
"owner": "srid",
"repo": "flake-root",
"rev": "d9a70d9c7a5fd7f3258ccf48da9335e9b47c3937",
"type": "github"
},
"original": {
"owner": "srid",
"repo": "flake-root",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
@@ -131,30 +68,6 @@
"type": "github"
}
},
"goatcounter": {
"inputs": {
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-root": "flake-root",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1705880453,
"narHash": "sha256-Y1O6tia2Pc1MA5ZoFH3B2y7FwjZuIDiNT4C9+bBawrY=",
"owner": "asmir-abdulahovic",
"repo": "goatcounter-flake",
"rev": "f912ab7024cbc47d5fa80a416b643707a9b50b06",
"type": "github"
},
"original": {
"owner": "asmir-abdulahovic",
"repo": "goatcounter-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -162,11 +75,11 @@
]
},
"locked": {
"lastModified": 1709764752,
"narHash": "sha256-+lM4J4JoJeiN8V+3WSWndPHj1pJ9Jc1UMikGbXLqCTk=",
"lastModified": 1688220547,
"narHash": "sha256-cNKKLPaEOxd6t22Mt3tHGubyylbKGdoi2A3QkMTKes0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cf111d1a849ddfc38e9155be029519b0e2329615",
"rev": "89d10f8adce369a80e046c2fd56d1e7b7507bb5b",
"type": "github"
},
"original": {
@@ -177,17 +90,15 @@
},
"nix-xilinx": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
]
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1699035130,
"narHash": "sha256-emK4aJCC2gW94b2P3N2LjkQ6PEMLUcDduVWwYQ7aq+o=",
"lastModified": 1685780173,
"narHash": "sha256-K18JYyCHrnb05Odb7N9FpU30az7QOV8uL9ch0RgU7i0=",
"owner": "asmir.abdulahovic",
"repo": "nix-xilinx",
"rev": "0323990db46c32e361e4fd70600d859eb90862af",
"rev": "cc5ab958d31c58481b1f7f3a2c0a4db7c22006e9",
"type": "gitlab"
},
"original": {
@@ -198,111 +109,100 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1709703039,
"narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-23_05": {
"locked": {
"lastModified": 1704290814,
"narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=",
"lastModified": 1684585791,
"narHash": "sha256-lYPboblKrchmbkGMoAcAivomiOscZCjtGxxTSCY51SM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421",
"rev": "eea79d584eff53bf7a76aeb63f8845da6d386129",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.05",
"type": "indirect"
}
},
"nixpkgs-23_11": {
"locked": {
"lastModified": 1706098335,
"narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11",
"type": "indirect"
}
},
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1709428628,
"narHash": "sha256-//ZCCnpVai/ShtO2vPjh3AWgo8riXCaret6V9s7Hew4=",
"lastModified": 1688256355,
"narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "66d65cb00b82ffa04ee03347595aa20e41fe3555",
"rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.11",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"nixpkgs_2": {
"locked": {
"lastModified": 1710595214,
"narHash": "sha256-mjOOCO3F9gTd/+FIZMXuSYydBTtYqBcWDPkopCpXJh8=",
"ref": "refs/heads/master",
"rev": "a9bc0c8a7aca1a8f1c184d3c3a649d3f85fb3bc0",
"revCount": 23,
"type": "git",
"url": "file://file:/home/akill/proj/nvim_flake/"
"lastModified": 1685677062,
"narHash": "sha256-zoHF7+HNwNwne2XEomphbdc4Y8tdWT16EUxUTXpOKpQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "95be94370d09f97f6af6a1df1eb9649b5260724e",
"type": "github"
},
"original": {
"type": "git",
"url": "file://file:/home/akill/proj/nvim_flake/"
"id": "nixpkgs",
"type": "indirect"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1688231357,
"narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1684668519,
"narHash": "sha256-KkVvlXTqdLLwko9Y0p1Xv6KQ9QTcQorrU098cGilb7c=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "85340996ba67cc02f01ba324e18b1306892ed6f5",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixpkgs-unstable",
"type": "indirect"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1688188316,
"narHash": "sha256-CXuQllDKCxtZaB/umnZOvoJ/d4kJguYgffeTA9l1B3o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8277b539d371bf4308fc5097911aa58bfac1794f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1684706914,
@@ -318,81 +218,27 @@
"type": "gitlab"
}
},
"project-cloud": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"theme_anemone": "theme_anemone",
"theme_deepthought": "theme_deepthought"
},
"locked": {
"lastModified": 1705870326,
"narHash": "sha256-ojdGSeqztnnGMyLKjnSCGq0muGh3U+Zb9iwzaaDsaF4=",
"ref": "refs/heads/master",
"rev": "ad6af66a6142279789db8967b285eb04c6d18c02",
"revCount": 26,
"type": "git",
"url": "https://git.project-cloud.net/asmir/project-cloud"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/project-cloud"
}
},
"root": {
"inputs": {
"goatcounter": "goatcounter",
"caps2esc": "caps2esc",
"home-manager": "home-manager",
"nix-xilinx": "nix-xilinx",
"nixpkgs": "nixpkgs",
"nvim": "nvim",
"nixpkgs": "nixpkgs_3",
"peerix": "peerix",
"project-cloud": "project-cloud",
"simple-nixos-mailserver": "simple-nixos-mailserver",
"sops-nix": "sops-nix",
"swaysw": "swaysw",
"zremap": "zremap"
}
},
"simple-nixos-mailserver": {
"inputs": {
"blobs": "blobs",
"flake-compat": "flake-compat_4",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-23_05": "nixpkgs-23_05",
"nixpkgs-23_11": "nixpkgs-23_11",
"utils": "utils"
},
"locked": {
"lastModified": 1706742486,
"narHash": "sha256-sv/MISTeD0rqeVivpZJpynboMWJp6i62OmrZX1rGl38=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "9e36323ae3dde787f761420465c3ae560f3dbf29",
"type": "gitlab"
},
"original": {
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"type": "gitlab"
"sops-nix": "sops-nix"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"nixpkgs": "nixpkgs_5",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1709711091,
"narHash": "sha256-L0rSIU9IguTG4YqSj4B/02SyTEz55ACq5t8gXpzteYc=",
"lastModified": 1688268466,
"narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "25dd60fdd08fcacee2567a26ba6b91fe098941dc",
"rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957",
"type": "github"
},
"original": {
@@ -401,26 +247,6 @@
"type": "github"
}
},
"swaysw": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1698401726,
"narHash": "sha256-kGMqxaNaNSbKJS/55KqqMvLj1xOBc8zCizs6I3xiCo0=",
"ref": "refs/heads/master",
"rev": "1e49032fbfec10b51c9f627aab286290ac15977c",
"revCount": 3,
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
},
"original": {
"type": "git",
"url": "https://git.project-cloud.net/asmir/swaysw"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@@ -435,94 +261,6 @@
"repo": "default",
"type": "github"
}
},
"theme_anemone": {
"flake": false,
"locked": {
"lastModified": 1699399376,
"narHash": "sha256-u2baLVhc/tWd9h9+g9vKBN1m4qG23uL1HUizFigOJXw=",
"owner": "Speyll",
"repo": "anemone",
"rev": "565a6e84e3054a45ec31729125801ab1f403c936",
"type": "github"
},
"original": {
"owner": "Speyll",
"repo": "anemone",
"type": "github"
}
},
"theme_deepthought": {
"flake": false,
"locked": {
"lastModified": 1681035730,
"narHash": "sha256-dzhfGmhuNCbloqknM7lVnFbNYmf2/ue7az6DQok44yM=",
"owner": "RatanShreshtha",
"repo": "DeepThought",
"rev": "430c1d5085dd6bea4cd6bd2d55003db67ba6bea0",
"type": "github"
},
"original": {
"owner": "RatanShreshtha",
"repo": "DeepThought",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"goatcounter",
"nixpkgs"
]
},
"locked": {
"lastModified": 1702461037,
"narHash": "sha256-ssyGxfGHRuuLHuMex+vV6RMOt7nAo07nwufg9L5GkLg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "d06b70e5163a903f19009c3f97770014787a080f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"locked": {
"lastModified": 1605370193,
"narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5021eac20303a61fafe17224c087f5519baed54d",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zremap": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696448728,
"narHash": "sha256-kUc6983IX9n0eQxTFZRK7LYCLHoxoGZ5rOV7nu8hGRI=",
"owner": "asmir.abdulahovic",
"repo": "zremap",
"rev": "9043844893cfc333ed04d04c1d3b67d9904c0afc",
"type": "gitlab"
},
"original": {
"owner": "asmir.abdulahovic",
"repo": "zremap",
"type": "gitlab"
}
}
},
"root": "root",

154
flake.nix
View File

@@ -3,92 +3,40 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-xilinx = {
url = "gitlab:asmir.abdulahovic/nix-xilinx";
inputs.nixpkgs.follows = "nixpkgs";
};
peerix = {
url = "gitlab:asmir.abdulahovic/peerix";
inputs.nixpkgs.follows = "nixpkgs";
};
zremap = {
url = "gitlab:asmir.abdulahovic/zremap";
inputs.nixpkgs.follows = "nixpkgs";
};
swaysw = {
url = "git+https://git.project-cloud.net/asmir/swaysw";
inputs.nixpkgs.follows = "nixpkgs";
};
nvim = {
url = "git+file:/home/akill/proj/nvim_flake/";
inputs.nixpkgs.follows = "nixpkgs";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
goatcounter = {
url = "github:asmir-abdulahovic/goatcounter-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
caps2esc.url = "gitlab:asmir.abdulahovic/caps2esc";
nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx";
peerix.url = "gitlab:asmir.abdulahovic/peerix";
sops-nix.url = "github:Mic92/sops-nix";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
simple-nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
inputs.nixpkgs.follows = "nixpkgs";
};
project-cloud = {
url = "git+https://git.project-cloud.net/asmir/project-cloud";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = inputs @ {
goatcounter,
home-manager,
self,
nixpkgs,
caps2esc,
home-manager,
nix-xilinx,
nvim,
peerix,
project-cloud,
simple-nixos-mailserver,
sops-nix,
swaysw,
zremap,
...
}: let
pkgs = nixpkgs.legacyPackages.x86_64-linux.pkgs;
in {
}: {
nixosConfigurations = rec {
nixy = nixpkgs.lib.nixosSystem rec {
nixy = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./common/packages.nix
./common/suspend.nix
./nixy/configuration.nix
./nixy/hardware-configuration.nix
./configuration.nix
./packages.nix
./hardware-configuration.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
peerix.nixosModules.peerix
{
@@ -98,88 +46,12 @@
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = nixy.config.sops.secrets."peerix/private".path;
publicKeyFile = ./nixy/peerix-public;
publicKeyFile = ./peerix-public;
publicKey = "peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=";
};
}
];
};
mediabox = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./common/packages.nix
./common/suspend.nix
./mediabox/configuration.nix
./mediabox/hardware-configuration.nix
./modules/qbittorrent.nix
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
peerix.nixosModules.peerix
{
services.peerix = {
enable = true;
globalCacheTTL = 10;
package = peerix.packages.x86_64-linux.peerix;
openFirewall = true; # UDP/12304
privateKeyFile = mediabox.config.sops.secrets."peerix/private".path;
publicKeyFile = ./mediabox/peerix-public;
publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s=";
};
}
];
};
blue = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./blue/configuration.nix
./blue/hardware-configuration.nix
./common/packages.nix
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.akill = import ./home/home.nix;
home-manager.extraSpecialArgs = {inherit inputs system;};
}
];
};
magpie = nixpkgs.lib.nixosSystem rec {
system = "arm64-linux";
modules = [
{_module.args = inputs;}
{_module.args.system = system;}
{nix.registry.nixpkgs.flake = nixpkgs;}
./magpie/configuration.nix
./magpie/hardware-configuration.nix
goatcounter.nixosModules.goatcounter
simple-nixos-mailserver.nixosModule
sops-nix.nixosModules.sops
(builtins.toPath "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix")
];
};
};
devShell.x86_64-linux = pkgs.mkShell {
buildInputs = with pkgs; [sops ssh-to-age age];
shellHook = ''
echo "Configuring NixOS!"
'';
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
};
}

12
nixy/hardware-configuration.nix → hardware-configuration.nix
View File

@@ -20,7 +20,7 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
options = ["subvol=root" "compress=zstd" "noatime"];
};
boot.initrd.luks.devices."sys_enc".device = "/dev/disk/by-uuid/682d030d-189e-4b47-a60a-62cf1f3729d3";
@@ -28,25 +28,25 @@
fileSystems."/home" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
options = ["subvol=home" "compress=zstd" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
options = ["subvol=nix" "compress=zstd" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
options = ["subvol=persist" "compress=zstd" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/f06ac545-07c1-4b2b-8c0b-eeac43892933";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
options = ["subvol=log" "compress=zstd" "noatime"];
};
fileSystems."/boot" = {
@@ -55,7 +55,7 @@
};
fileSystems."/opt/xilinx" = {
device = "/dev/disk/by-uuid/f5c27ef2-8053-4d96-9f8f-c6a50d6193b9";
device = "/dev/disk/by-uuid/09912fb9-0284-4b4e-add1-d4a27329539f";
fsType = "erofs";
};

68
home/home.nix
View File

@@ -2,10 +2,11 @@
pkgs,
config,
lib,
inputs,
...
}:
with lib; {
with lib; let
vimrc = import ./vimrc.nix {inherit pkgs vimUtils fetchFromGitHub;};
in {
imports = [./zsh.nix ./i3status-rust.nix ./sway.nix ./i3.nix ./home_packages.nix ./whatsapp-for-linux.nix];
home.stateVersion = "22.11";
@@ -16,26 +17,20 @@ with lib; {
xdg.mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = "sioyek.desktop";
"text/html" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/about" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/http" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/https" = "org.qutebrowser.qutebrowser.desktop";
"x-scheme-handler/unknown" = "org.qutebrowser.qutebrowser.desktop";
"application/pdf" = ["sioyek.desktop"];
};
};
fonts.fontconfig.enable = true;
home.sessionVariables = rec {
BROWSER = "${pkgs.qutebrowser}/bin/qutebrowser";
DEFAULT_BROWSER = "${BROWSER}";
home.sessionVariables = {
BROWSER = "qutebrowser";
EDITOR = "nvim";
_JAVA_AWT_WM_NONREPARENTING = "1";
MOZ_ENABLE_WAYLAND = "1";
QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
SUDO_EDITOR = "nvim";
#WLR_RENDERER = "vulkan";
WLR_RENDERER = "vulkan";
};
wayland.windowManager.sway = {enable = true;};
@@ -52,23 +47,16 @@ with lib; {
};
};
tmux = {
enable = true;
clock24 = true;
keyMode = "vi";
terminal = "screen-256color";
plugins = with pkgs.tmuxPlugins; [ sysstat net-speed gruvbox ];
};
mpv = {
enable = true;
package = pkgs.mpv;
config = {
slang = "eng,en";
alang = "eng,en";
hwdec = "auto";
vo = "gpu-next";
ao = "pipewire";
script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
script-opts-set = "sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
};
@@ -140,13 +128,13 @@ with lib; {
qutebrowser = {
enable = true;
package = pkgs.qutebrowser.override {enableVulkan = false;};
package = pkgs.qutebrowser-qt6;
keyBindings = {
normal = {
"j" = "scroll-px 0 25";
"k" = "scroll-px 0 -25";
"u" = "undo --window";
";v" = "hint links spawn mpv {hint-url}";
";v" = "hint links userscript view_in_mpv";
};
};
@@ -182,8 +170,15 @@ with lib; {
pull = {rebase = true;};
credential = {helper = "store";};
};
signing.key = "020C42B7A9ABA3E2";
signing.signByDefault = true;
};
neovim = {
enable = true;
vimAlias = true;
vimdiffAlias = true;
plugins = vimrc.plugins;
extraConfig = "";
extraPackages = vimrc.extraPackages;
};
obs-studio = {
@@ -196,10 +191,14 @@ with lib; {
zsh.enable = true;
};
xdg.configFile."nvim/init.lua" = {
source = ./vimrc.lua;
recursive = true;
};
services = {
lorri.enable = false;
mako.enable = true;
cliphist.enable = true;
gammastep = {
enable = true;
latitude = "44.53";
@@ -216,33 +215,26 @@ with lib; {
enableSshSupport = true;
};
swayidle = let
locker = pkgs.writeShellScriptBin "swaylock_fancy" ''
TMP_FILE=$(${pkgs.coreutils}/bin/mktemp /tmp/.swaylock_ss_XXXXXX.jpg)
${pkgs.grim}/bin/grim -t ppm - | ${pkgs.imagemagick}/bin/convert - -blur 0x12 "$TMP_FILE"
${pkgs.swaylock}/bin/swaylock -f -i "$TMP_FILE"
${pkgs.coreutils}/bin/rm "$TMP_FILE"
'';
in {
swayidle = {
enable = true;
events = [
{
event = "before-sleep";
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
{
event = "lock";
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
{
event = "after-resume";
command = "${pkgs.procps}/bin/pkill -USR1 i3status-rs";
command = "pkill -USR1 i3status-rs";
}
];
timeouts = [
{
timeout = 15 * 60;
command = "${locker}/bin/swaylock_fancy";
command = "swaylock_bg_blur.sh";
}
];
};

181
home/home_packages.nix
View File

@@ -1,112 +1,79 @@
{
config,
pkgs,
inputs,
system,
...
}: let
chromium_teams = pkgs.writeShellScriptBin "chromium_teams" ''
${pkgs.chromium}/bin/chromium --socket=wayland org.chromium.Chromium --app=https://teams.microsoft.com/
'';
chromium_discord = pkgs.writeShellScriptBin "chromium_discord" ''
${pkgs.chromium}/bin/chromium --socket=wayland org.chromium.Chromium --app=https://discordapp.com/channels/@me
'';
in {
home.packages = with pkgs;
[
appimage-run
arp-scan
birdtray
blackmagic
blender
btop
cached-nix-shell
caddy
cargo
chromium
chromium_discord
chromium_teams
cmake
compsize
cura
deluge
discord
dmenu-wayland
ffmpeg-full
firefox
freecad
gcc
gdb
ghostscript
glab
glaxnimate
gnumake
go
grim
hyperfine
imagemagick
imv
inkscape
jellyfin-media-player
kdenlive
kicad
kodi-wayland
krita
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nix-init
nixpkgs-fmt
nodePackages.peerflix
openocd
openscad
pandoc
pass-wayland
patchelf
pavucontrol
pirate-get
poppler_utils
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
screen
seer
sioyek
skypeforlinux
slurp
stm32cubemx
tea
teams-for-linux
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wine
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yewtube
yt-dlp
zathura
zeal-qt6
zig
]
++ [
inputs.swaysw.packages.${system}.swaysw
(pkgs.callPackage ../packages/zapzap/default.nix {})
(pkgs.callPackage ../packages/viber/default.nix {})
(pkgs.callPackage ../packages/bubblewrap/default.nix {})
];
}: {
home.packages = with pkgs; [
alejandra
appimage-run
arp-scan
blackmagic
btop
cached-nix-shell
caddy
cargo
ccls
cemu
compsize
cura
deluge
ffmpeg-full
firefox
gcc
gdb
glab
glaxnimate
gnumake
grim
hyperfine
imagemagick
imv
jellyfin-media-player
kdenlive
kicad
kodi-wayland
libnotify
libreoffice
libva-utils
mediainfo
ncdu
neovide
ngspice
nodePackages.peerflix
openocd
pandoc
pass
patchelf
pavucontrol
pirate-get
powertop
pulsemixer
python3
python3Packages.west
remmina
river
rtorrent
rustc
screen
seer
sioyek
skypeforlinux
slurp
texlive.combined.scheme-full
thunderbird
upx
waybar
wdisplays
whatsapp-for-linux
wireshark
wl-clipboard
wlr-randr
wofi
x2goclient
yt-dlp
zathura
zeal-qt6
zig
zls
];
}

5
home/i3status-rust.nix
View File

@@ -39,11 +39,6 @@
device = "enp5s0";
interval = 2;
}
{
block = "net";
device = "eno1";
interval = 2;
}
{
block = "memory";
}

57
home/sway.nix
View File

@@ -2,25 +2,8 @@
config,
lib,
pkgs,
inputs,
system,
...
}: let
cliphist_sway = pkgs.writeShellScriptBin "cliphist_sway" ''
${pkgs.cliphist}/bin/cliphist list | \
${pkgs.wofi}/bin/wofi --dmenu --insensitive | \
${pkgs.cliphist}/bin/cliphist decode | \
${pkgs.wl-clipboard}/bin/wl-copy
'';
screenshot_clip = pkgs.writeShellScriptBin "screenshot_clip" ''
GEOM="$(${pkgs.slurp}/bin/slurp -d)"
${pkgs.grim}/bin/grim -g "$GEOM" - | ${pkgs.wl-clipboard}/bin/wl-copy
'';
swaysw = inputs.swaysw.packages.${system}.swaysw;
zapzap = pkgs.callPackage ../packages/zapzap/default.nix {};
viber = pkgs.callPackage ../packages/viber/default.nix {};
term = "${pkgs.foot}/bin/footclient";
in {
}: {
wayland.windowManager.sway = {
enable = true;
extraSessionCommands = "";
@@ -35,11 +18,11 @@ in {
window.commands = [
{
command = "move scratchpad, resize set 1152 648";
criteria = {app_id = "pulsemixer|python3|com.rtosta.zapzap|whatsapp-for-linux|com.viber";};
criteria = {app_id = "pulsemixer|python3|whatsapp-for-linux|com.viber.Viber";};
}
{
command = "move scratchpad, resize set 1502 845";
criteria = {app_id = "com.viber";};
criteria = {class = "ViberPC";};
}
{
command = "floating enable";
@@ -50,21 +33,16 @@ in {
modifier = "Mod4";
output = {
eDP-1 = {
bg = "~/pic/wallpaper stretch";
bg = "~/pic/weird_dragon.jpg stretch";
/*
scale = "1.4";
*/
};
HDMI-A-4 = {
res = "1920x1080";
};
};
input = {
"type:keyboard" = {repeat_delay = "150";};
"type:keyboard" = {repeat_rate = "70";};
"type:touchpad" = {tap = "enabled";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
"1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
"2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
};
bars = [
@@ -75,16 +53,14 @@ in {
style = "Bold Semi-Condensed";
size = 12.0;
};
statusCommand = "${pkgs.i3status-rust}/bin/i3status-rs ~/.config/i3status-rust/config-top.toml";
statusCommand = "i3status-rs ~/.config/i3status-rust/config-top.toml";
}
];
keybindings = {
"Alt+Shift+q" = "kill";
"Alt+Shift+Return" = "exec ${term}";
"Alt+Shift+Return" = "exec ${pkgs.foot}/bin/footclient";
"Alt+p" = "exec ${pkgs.dmenu-wayland}/bin/dmenu-wl_run -fn \"mono 14\"";
"Alt+c" = "exec ${pkgs.moreutils}/bin/lckdo cliphist_sway ${cliphist_sway}/bin/cliphist_sway";
"Print" = "exec ${pkgs.moreutils}/bin/lckdo screenshot_clip ${screenshot_clip}/bin/screenshot_clip";
"Alt+Shift+space" = "floating toggle";
"Alt+space" = "focus mode_toggle";
@@ -119,16 +95,21 @@ in {
"Alt+j" = "focus down";
"Alt+k" = "focus up";
"Alt+l" = "focus right";
"Alt+slash" = "exec ${pkgs.moreutils}/bin/lckdo swaysw ${swaysw}/bin/swaysw";
"Alt+slash" = "exec lckdo /tmp/.sws_cli_lock footclient -a sws_cli -- sws_cli.sh";
"Alt+Escape" = "workspace back_and_forth";
"Alt+f" = "fullscreen enable";
"Mod4+l" = ''
exec ${pkgs.sway}/bin/swaymsg [app_id="python3"] scratchpad show || exec ${term} -a python3 ${pkgs.python3}/bin/python3'';
"Mod4+h" = "exec ${pkgs.sway}/bin/swaymsg [app_id=com.rtosta.zapzap] scratchpad show || exec ${zapzap}/bin/zapzap";
"Mod4+j" = "exec ${pkgs.sway}/bin/swaymsg [app_id=com.viber] scratchpad show || exec ${viber}/bin/viber";
exec swaymsg [app_id="python3"] scratchpad show || exec foot -a python3 python3'';
"Mod4+h" = "exec swaymsg [app_id=whatsapp-for-linux] scratchpad show || exec whatsapp-for-linux";
"Mod4+j" = "exec swaymsg [app_id=com.viber.Viber] scratchpad show";
"Mod4+y" = ''
exec ${pkgs.sway}/bin/swaymsg [app_id="pulsemixer"] scratchpad show || exec ${term} -a pulsemixer ${pkgs.pulsemixer}/bin/pulsemixer'';
exec swaymsg [app_id="pulsemixer"] scratchpad show || exec foot -a pulsemixer pulsemixer'';
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume $(pacmd list-sinks |awk '/* index:/{print $3}') -5%";
"XF86AudioMute" = "exec pactl set-sink-mute $(pacmd list-sinks |awk '/* index:/{print $3}') toggle";
"XF86AudioMicMute" = "exec pactl set-source-mute $(pacmd list-sources |awk '/* index:/{print $3}') toggle";
};
};
};

195
home/vimrc.lua Normal file
View File

@@ -0,0 +1,195 @@
-- Basic settings
vim.g.loaded_matchparen = true
vim.g.netrw_liststyle = 3
vim.go.background = 'dark'
vim.go.belloff = 'all'
vim.go.breakindent = true
vim.go.hlsearch = false
vim.go.laststatus = 0
vim.go.lazyredraw = true
vim.go.showcmd = true
vim.go.synmaxcol = 800
vim.go.syntax = 'on'
vim.go.termguicolors = true
vim.go.titleold = vim.fn.getcwd()
vim.go.title = true
vim.go.wildmenu = true
vim.go.wrap = true
vim.wo.number = true
vim.cmd([[colorscheme gruvbox]])
-- Defines a read-write directory for treesitters in nvim's cache dir
local parser_install_dir = vim.fn.stdpath("cache") .. "/treesitters"
if vim.fn.isdirectory(parser_install_dir) == 0 then
vim.fn.mkdir(parser_install_dir, "p")
end
-- Adding runtime needed for Nix setup on non NixOS
vim.o.runtimepath = vim.o.runtimepath .. "," .. parser_install_dir
require 'nvim-treesitter.install'.compilers = { 'gcc' }
require 'nvim-treesitter.configs'.setup {
ensure_installed = { "c", "cpp", "zig", "python", "verilog", "nix", "lua", "latex" },
parser_install_dir = parser_install_dir,
highlight = { enable = true, disable = {} },
indent = { enable = false, disable = {} },
rainbow = {
enable = true,
extended_mode = true, -- Highlight also non-parentheses delimiters, boolean or table: lang -> boolean
max_file_lines = 1000, -- Do not enable for files with more than 1000 lines, int
colors = {
'#ff0000', '#ffa500', '#ffff00', '#008000', '#0051a0', '#8003f2'
} -- table of hex strings
}
}
-- Mappings.
-- See `:help vim.diagnostic.*` for documentation on any of the below functions
local opts = { noremap = true, silent = true }
vim.api.nvim_set_keymap('n', '<space>e',
'<cmd>lua vim.diagnostic.open_float()<CR>', opts)
vim.api.nvim_set_keymap('n', '<space>q',
'<cmd>lua vim.diagnostic.setloclist()<CR>', opts)
vim.api.nvim_set_keymap('n', 'Q', '<cmd>nohl<CR>', opts)
vim.api.nvim_set_keymap('n', 'j', 'gj', opts)
vim.api.nvim_set_keymap('n', 'k', 'gk', opts)
vim.api.nvim_set_keymap('v', 'j', 'gj', opts)
vim.api.nvim_set_keymap('v', 'k', 'gk', opts)
vim.api.nvim_set_keymap('n', '<C-J>', '<C-W><C-J>', opts)
vim.api.nvim_set_keymap('n', '<C-K>', '<C-W><C-K>', opts)
vim.api.nvim_set_keymap('n', '<C-L>', '<C-W><C-L>', opts)
vim.api.nvim_set_keymap('n', '<C-H>', '<C-W><C-H>', opts)
vim.api.nvim_create_autocmd('LspAttach', {
desc = 'LSP actions',
callback = function()
local bufmap = function(mode, lhs, rhs)
vim.keymap.set(mode, lhs, rhs, { buffer = true })
end
-- Displays hover information about the symbol under the cursor
bufmap('n', 'K', '<cmd>lua vim.lsp.buf.hover()<cr>')
-- Jump to the definition
bufmap('n', 'gd', '<cmd>lua vim.lsp.buf.definition()<cr>')
-- Jump to declaration
bufmap('n', 'gD', '<cmd>lua vim.lsp.buf.declaration()<cr>')
-- Lists all the implementations for the symbol under the cursor
bufmap('n', 'gi', '<cmd>lua vim.lsp.buf.implementation()<cr>')
-- Jumps to the definition of the type symbol
bufmap('n', 'go', '<cmd>lua vim.lsp.buf.type_definition()<cr>')
-- Lists all the references
bufmap('n', 'gr', '<cmd>lua vim.lsp.buf.references()<cr>')
-- Displays a function's signature information
bufmap('n', '<C-k>', '<cmd>lua vim.lsp.buf.signature_help()<cr>')
-- Renames all references to the symbol under the cursor
bufmap('n', 'rn', '<cmd>lua vim.lsp.buf.rename()<cr>')
-- Selects a code action available at the current cursor position
bufmap('n', '<F4>', '<cmd>lua vim.lsp.buf.code_action()<cr>')
bufmap('x', '<F4>', '<cmd>lua vim.lsp.buf.range_code_action()<cr>')
-- Show diagnostics in a floating window
bufmap('n', 'gl', '<cmd>lua vim.diagnostic.open_float()<cr>')
-- Move to the previous diagnostic
bufmap('n', '[d', '<cmd>lua vim.diagnostic.goto_prev()<cr>')
-- Move to the next diagnostic
bufmap('n', ']d', '<cmd>lua vim.diagnostic.goto_next()<cr>')
-- Format current buffer
bufmap('n', '<space>f', function() vim.lsp.buf.format { async = true } end)
end
})
-- Use a loop to conveniently call 'setup' on multiple servers and
-- map buffer local keybindings when the language server attaches
local cmp = require 'cmp'
cmp.setup({
sources = cmp.config.sources({
{ name = 'nvim_lsp' },
{ name = 'buffer' },
{ name = 'path' },
}),
mapping = {
["<Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
["<S-Tab>"] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Insert })
else
fallback()
end
end,
}),
['<Down>'] = cmp.mapping(cmp.mapping.select_next_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<Up>'] = cmp.mapping(cmp.mapping.select_prev_item({ behavior = cmp.SelectBehavior.Select }), { 'i' }),
['<C-n>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_next_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-p>'] = cmp.mapping({
i = function(fallback)
if cmp.visible() then
cmp.select_prev_item({ behavior = cmp.SelectBehavior.Select })
else
fallback()
end
end
}),
['<C-b>'] = cmp.mapping(cmp.mapping.scroll_docs(-4), { 'i', 'c' }),
['<C-f>'] = cmp.mapping(cmp.mapping.scroll_docs(4), { 'i', 'c' }),
['<C-Space>'] = cmp.mapping(cmp.mapping.complete(), { 'i', 'c' }),
['<C-e>'] = cmp.mapping({ i = cmp.mapping.close(), c = cmp.mapping.close() }),
['<CR>'] = cmp.mapping({
i = cmp.mapping.confirm({ behavior = cmp.ConfirmBehavior.Replace, select = false }),
}),
}
})
local servers = { 'pyright', 'rust_analyzer', 'ccls', 'lua_ls', 'rnix', 'texlab', 'verible' }
local capabilities = require('cmp_nvim_lsp').default_capabilities()
for _, lsp in pairs(servers) do
require('lspconfig')[lsp].setup {
capabilities = capabilities
}
end
require('lspconfig').lua_ls.setup({
single_file_support = true,
})
require('lspconfig').verible.setup({
root_dir = function() return vim.loop.cwd() end
})
if vim.fn.exists('+undofile') ~= 0 then
local undo_dir = vim.env.HOME .. '/.config/nvim/undo'
if vim.fn.isdirectory(undo_dir) == 0 then vim.fn.mkdir(undo_dir, 'p') end
vim.o.undodir = undo_dir
vim.o.undofile = true
end
vim.cmd([[syntax sync minlines=100]])
vim.cmd([[syntax sync maxlines=140]])

44
home/vimrc.nix Normal file
View File

@@ -0,0 +1,44 @@
{
pkgs,
vimUtils,
fetchFromGitHub,
}: {
extraPackages = [
pkgs.ccls
pkgs.clang
pkgs.luaformatter
pkgs.nil
pkgs.pyright
pkgs.rnix-lsp
pkgs.rust-analyzer
pkgs.sumneko-lua-language-server
pkgs.svls
pkgs.texlab
pkgs.tree-sitter
pkgs.zls
pkgs.verible
];
plugins = with pkgs.vimPlugins; [
colorizer
fugitive
fzf-vim
gruvbox
nvim-lspconfig
nvim-treesitter
nvim-ts-rainbow
repeat
targets-vim
UltiSnips
vim-addon-nix
vim-signify
vim-slime
vim-snippets
zig-vim
cmp-nvim-lsp
cmp-buffer
cmp-path
cmp-cmdline
nvim-cmp
];
}

10
home/zsh.nix
View File

@@ -52,8 +52,8 @@
src = pkgs.fetchFromGitHub {
owner = "sindresorhus";
repo = "pure";
rev = "87e6f5dd4c793f6d980532205aaefe196780606f";
hash = "sha256-TR4CyBZ+KoZRs9XDmWE5lJuUXXU1J8E2Z63nt+FS+5w=";
rev = "47c0c881f0e7cfdb5eaccd335f52ad17b897c060";
sha256 = "15xdhi72pq88ls5gx1h0k23jvb41j6kq6ar17dqmd5d38zsgwl3v";
};
file = "pure.plugin.zsh";
}
@@ -86,6 +86,7 @@
setopt c_bases
setopt completeinword
setopt completealiases
setopt extendedglob
setopt notify
#
@@ -98,11 +99,6 @@
eval "$(direnv hook zsh)"
zstyle ':completion:*' matcher-list 'm:{a-z}={A-Za-z}'
if [[ -n "$PS1" ]] && [[ -z "$TMUX" ]] && [[ -n "$SSH_CONNECTION" ]]; then
TMUX_EXE="${pkgs.tmux}/bin/tmux"
systemd-run --scope --user $TMUX_EXE attach-session -t $USER || systemd-run --scope --user $TMUX_EXE new-session -s $USER
fi
'';
};
}

77
magento2-nginx.nix Normal file
View File

@@ -0,0 +1,77 @@
{
pkgs,
lib,
config,
...
}: let
app = "magento2";
domain = "127.0.0.1";
dataDir = config.users.users.akill.home + "/proj/magento2/magento/pub";
in {
services = {
phpfpm.pools.${app} = {
user = "akill";
group = "users";
settings = {
"listen.owner" = config.services.nginx.user;
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
nginx = {
user = "akill";
group = "users";
enable = true;
virtualHosts.${domain}.locations."/" = {
root = dataDir;
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${config.services.phpfpm.pools.${app}.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
};
mysql = {
enable = true;
package = pkgs.mysql;
settings.mysqld.port = 3306;
initialDatabases = [{name = "magento2";}];
ensureUsers = [
{
name = "magento2";
ensurePermissions = {"magento2.*" = "ALL PRIVILEGES";};
}
];
};
opensearch.enable = true;
postgresql = {
enable = true;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE ROLE magento2 WITH LOGIN PASSWORD 'magento2' CREATEDB;
CREATE DATABASE magento2;
GRANT ALL PRIVILEGES ON DATABASE magento2 TO magento2;
'';
};
};
systemd.services.phpfpm-magento2.serviceConfig.ProtectHome = lib.mkForce false;
}

304
magpie/configuration.nix
View File

@@ -1,304 +0,0 @@
{
config,
pkgs,
lib,
project-cloud,
goatcounter,
...
}: {
imports = [];
nix.optimise.automatic = true;
nix.settings.experimental-features = ["nix-command" "flakes"];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.systemd-boot.configurationLimit = 2;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
# Set your time zone.
time.timeZone = "Europe/Berlin";
users.users.root.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0gyN7DzF7+sinneq7++fT93dNWe9ttKnLZJEb0LVs7UxPtz/ovlxnktAgEtSh7NUUGKPILGG6+YG/Jz3pb4cLuQHtavIQ2mIzIbiNl+c80gLNPulfOrC3KyCacYnlcEpoV+4yvMPLDf+5ySilYoF30CSIo8B7B4PSwO3/I20oXXY0zeVmYKs65BY8OrR8PDdtPpuqGcTdPpVSrooZQoykriFeejBb0Jn7qWO7vmsTyUZZIP4nKKUyqE6iFZ2zv+J3mYfuoglQKO1+kqcCYCef0sheLZGD4/QIIL8HJ9yNWb6OQhu7MEv1NowuHkviImwVO3actZ1/x4lrWt4mY+bGglVwA90u1KZUQ10qKQ2xCG2ZHE9DSxWxpI/Yq2P4pLA/XSkYFPpzmoD9c6cpv0WLAvmQrEVkqK0xXo+KszUlyGy5sVJl7/h1fZ8YhWsWUnU1XJFmKLaomUZflL3h7X6xJNVPzZmso8l1INdCvIBDu+G84kAp1/aFalSJMyjTgvCc1hxhAVYhmrc3msGH0Jk8CcPBwYa0BH4EryacdupOS/c5VxAbdyuizEgitP1ylRmydVVDEItPNXFvpWdyEehf/VmsUXqL48mBzfvi6feD5AzKjPaQNaATpxLs9Sl9CMxSy27ahHwEK6dek1wm7nkoSIDSRWfGhYKr3lUg0emAYQ=="
];
environment.systemPackages = with pkgs; [
alejandra
curl
fd
file
fzf
fzy
git
htop-vim
pciutils
tig
tmux
unzip
usbutils
wget
zip
goatcounter.packages.aarch64-linux.goatcounter
];
programs.mosh.enable = true;
programs.neovim = {
enable = true;
vimAlias = true;
viAlias = true;
};
mailserver = {
enable = true;
debug = false;
fqdn = "mail.project-cloud.net";
domains = ["project-cloud.net"];
enableSubmissionSsl = true;
enableImap = false;
enableImapSsl = true;
# A list of all login accounts. To create the password hashes, use
# nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
loginAccounts = {
"gitea@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."gitea_mail_pw_hash".path;
aliases = ["git@project-cloud.net"];
};
"asmir@project-cloud.net" = {
hashedPasswordFile = config.sops.secrets."asmir_mail_pw_hash".path;
aliases = ["asmir.abdulahovic@project-cloud.net"];
};
};
certificateScheme = "acme-nginx";
};
services.journald.extraConfig = ''SystemMaxUse=50M '';
services.logind.extraConfig = ''KillUserProcesses=yes '';
services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.enable = true;
services.opendkim.enable = true;
services.miniflux = {
enable = false;
adminCredentialsFile = config.sops.secrets."miniflux_env".path;
config = {
LISTEN_ADDR = "localhost:5001";
BASE_URL = "https://miniflux.project-cloud.net";
};
};
services.restya-board = {
enable = true;
virtualHost.serverName = "board.project-cloud.net";
virtualHost.listenHost = "localhost";
virtualHost.listenPort = 4001;
};
services.goatcounter = {
enable = true;
environmentFile = "/var/lib/goatcounter.env";
extraArgs = ["-listen='*:8002'" "-tls=proxy" ];
database = {
backend = "sqlite";
name = "goatcounter";
user = "goatcounter";
automigrate = true;
};
};
services.nextcloud = {
enable = true;
package = pkgs.nextcloud27;
config.adminpassFile = config.sops.secrets."nextcloud_admin".path;
configureRedis = true;
hostName = "cloud.project-cloud.net";
https = true;
extraOptions = {
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enabledPreviewProviders = [
"OC\\Preview\\BMP"
"OC\\Preview\\GIF"
"OC\\Preview\\HEIC"
"OC\\Preview\\JPEG"
"OC\\Preview\\Krita"
"OC\\Preview\\MarkDown"
"OC\\Preview\\MP3"
"OC\\Preview\\OpenDocument"
"OC\\Preview\\PNG"
"OC\\Preview\\TXT"
"OC\\Preview\\XBitmap"
];
};
phpOptions = {
"opcache.jit" = "tracing";
"opcache.jit_buffer_size" = "100M";
"opcache.interned_strings_buffer" = "16";
};
};
services.nginx = {
enable = true;
package = pkgs.nginxQuic;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
root = "${project-cloud.packages.aarch64-linux.default}/public";
};
virtualHosts.${config.services.nextcloud.hostName} = {
quic = true;
forceSSL = true;
enableACME = true;
};
virtualHosts."miniflux.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:5001";
};
};
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
virtualHosts."board.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:${toString config.services.restya-board.virtualHost.listenPort}";
};
};
virtualHosts."stats.project-cloud.net" = {
quic = true;
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://localhost:8002/";
};
};
};
services.gitea = {
enable = true;
appName = "Project Cloud Gitea server";
database = {
type = "sqlite3";
passwordFile = config.sops.secrets."gitea_db".path;
};
settings.server = {
DOMAIN = "git.project-cloud.net";
ROOT_URL = "https://git.project-cloud.net";
DISABLE_SSH = true;
HTTP_PORT = 3001;
LANDING_PAGE = "explore";
};
settings.mailer = {
ENABLED = true;
FROM = "gitea@project-cloud.net";
PROTOCOL = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
};
settings.service = {
DISABLE_REGISTRATION = true;
REGISTER_EMAIL_CONFIRM = true;
};
settings."markup.restructuredtext" = let
docutils =
pkgs.python3.withPackages (ps: with ps; [docutils pygments]);
in {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
};
/*
needed for sendmail mail functionality
*/
users.users.gitea.extraGroups = ["postdrop"];
systemd.services.gitea.serviceConfig = {
RestrictAddressFamilies = ["AF_NETLINK"];
ProtectSystem = lib.mkForce false;
};
security.acme = {
acceptTerms = true;
defaults.email = "asmir.abdulahovic@gmail.com";
};
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."miniflux_env" = {
sopsFile = ./secrets/miniflux.yaml;
};
sops.secrets."gitea_mail_pw_hash" = {
sopsFile = ./secrets/gitea_mail_pw_hash.yaml;
};
sops.secrets."asmir_mail_pw_hash" = {
sopsFile = ./secrets/asmir_mail_pw_hash.yaml;
};
sops.secrets."gitea_db" = {
sopsFile = ./secrets/gitea_db.yaml;
owner = config.users.users.gitea.name;
};
sops.secrets."nextcloud_admin" = {
sopsFile = ./secrets/nextcloud_admin.yaml;
owner = config.users.users.nextcloud.name;
};
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [80 443 587];
networking.firewall.allowedUDPPorts = [];
networking.firewall.allowPing = true;
networking.firewall.logRefusedConnections = lib.mkDefault false;
networking.hostName = "magpie";
networking.networkmanager.enable = true;
networking.wireless.enable = false;
systemd = {
enableEmergencyMode = false;
watchdog = {
runtimeTime = "20s";
rebootTime = "30s";
};
sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
'';
};
system.stateVersion = "22.11";
}

40
magpie/hardware-configuration.nix
View File

@@ -1,40 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "virtio_pci" "usbhid" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/118de1e5-f23e-4af3-a10a-054eded78152";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4FEE-DEED";
fsType = "vfat";
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
}

21
magpie/secrets/asmir_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
asmir_mail_pw_hash: ENC[AES256_GCM,data:LOKGd9X69fSj81BwaqjiQL18gXPebIdcfjOO2UJM8XOUEzsqP/gHYWuLYGQ5wuZB9zcFm0yeGjNN8hOq,iv:KwunTtk1ca/N4UidUXh3nSBwMNlP8vI4h2kk8roAzNU=,tag:JyfLzweD7sVT/+RVpLA3QQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKbTM0ZzVHZ1hlNzJ6d25a
eFpZMHdBZjBFSjU4L0dkK1Noby9HK29CMldNCkJWb2NmcC9jNVFBMWJOZjVBalRw
VVZsN3B1WGJseDFiRTA1R3cvU3c2NEEKLS0tIFI4WHFDRHBCN29IQ0tPVC9zbHZS
OFdsQUpvRzNKc2x1WW13b2d4R3lxdXMKJeMJ1IdxS+WUTzUlFdc4WfnUozWU4/80
9GBPz3VCppunrXrh1zFkfIL+Lz48HFyf7HNI4na6TkyqipR6wsW4gw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-20T19:31:29Z"
mac: ENC[AES256_GCM,data:xXiCems/1em6JdK3V5GcD811yc8t6iHHFmz0OOrWM3muR807Ux80TrD3uoMN8GxIMyr0AloH41k8+vxaSlMmHsGGl6o1P13aR03E+A9ZLp1W2Nb3nCy5rH4pF8WSeNMxZ1SoT2iEAtTsh29xusocQTMUvr7Ou8TDLyVvrKhBPZw=,iv:SSPpVTbVQTvhPg1qm9akrg2ji1fRcukkwX5P2FzWMb4=,tag:a6GiGWfwnKLtteVoi9DJtQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_db.yaml
View File

@@ -1,21 +0,0 @@
gitea_db: ENC[AES256_GCM,data:50Hu8vTKZFxd9kjbcDlyqBW9L5s=,iv:ADKMUKbu1YHOp+DUAezpT8tXCi7x3ayA2VN0s7k4kxg=,tag:S1cu5w8qKT7FFpC30Kd3Xg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKZ3l1UTRDMFVlM01TR1dW
VzNnRXpuc0R0d3BpVzZveHRrdHRTTVRXNWpnCjVqNittd3BiZ0d3YXVQUXBpWExU
cGdkSmVtOHJBN3FEdDVCeTVjUllHc0EKLS0tIG5TQlpIQXhNNmJiR0Y3L1p3SVpG
ZnlvRDRUam5MaFdZcGgyZlJSZzMvVWcKxiwENpP7qlF0Uy7DJM0WwLFQ0h+ost5T
BCsZtGP61Z2WcQq0EWYLqJItR2Tk3AXox014CJAm+G/G8PMTAKv0xw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T21:16:10Z"
mac: ENC[AES256_GCM,data:EPiLv8IzVXqRan9UlBuA3TmxtB3f4Qj4owed+1Pat9Tih1yOe4Z9RT28JIYJQ70R/IK+Yi0NQem9Ec6HU+8kaxLE3fff/4PM+B9QQbB6fjgLFod/nFk+OuWgR7FTcJ2j16OnlxE5ikCP+qdfvAM0eEv+BoDrWv98gSyCXtMCe48=,iv:th0E7zioz7gtgMlns8kvnf5hmlRH0KX65wPxBi3YP6Y=,tag:JhoGvF8LJmrAQpUOEopohA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/gitea_mail_pw_hash.yaml
View File

@@ -1,21 +0,0 @@
gitea_mail_pw_hash: ENC[AES256_GCM,data:HCXKeqnOxcmxbvTWDFd750gXfs/irNvHw+TWQE5qjFsUP6MTRGvJNQvoU5NDYXs6pjgyznIUx1z31DQG,iv:UV7Yf2JsAcpkyfIW/ipYQa3tlTai0WD102iA3V6ba+A=,tag:TIcB+9GOqyuG68uCTAl4Tg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCT2VyNWxUeUZ5aDdHcXJR
WGJVOGgyeC83MEV4REpGZkRUcVJKZDBqYmtjCllQdFhyRWNiTURYQmpucndFWDlr
WUFybGtmckNBdXYzMVZxT3lQM1k3aTgKLS0tIEpNZjU1RkpSOVo3Y1ovR0lmbHJu
bENVWmpCcTVqMDh2Wjhob2I2VzRRblkKPGCV1gRyihDCStM4tmvp89d996v1UzdJ
/NyK49//+uJJqwCEWuvHWWCB+EbkkOE6gPPKXZyXZSTbb/TDDcVF/Q==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-14T21:21:12Z"
mac: ENC[AES256_GCM,data:NE9btXZKE3KJmxtWc0Ytb0atfBJKRs5T+Xk9RDFX6veSGBoB+M2+YMCONQdr8T2w6lLJqlrMBHqlfuvD3YnDj041xZmfSsi9NACliWj6GWVWcFWWc6W9OVH8/5CfwjYBdgTJ2o7wdnF9fYHvwMRcaHThDmoUkaExVtVsyu912og=,iv:kyekfEq32GSKVNKy8MJYfT5ZMKNSRQUk1viB2W6k29U=,tag:7ie/2P/F3bPQXpkWGKqTfA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/miniflux.yaml
View File

@@ -1,21 +0,0 @@
miniflux_env: ENC[AES256_GCM,data:K5FiJcboD3tpWxQQG4EeCuOb9d8+cXTLjqb9Nt+aYUvWHwycA51q3ZQTMY9JS7GevNugGvz7,iv:Xk7aW1/DObGxJxTlJniaCBHuCVfCh6OZEewISdZl2Pc=,tag:BY8uVkkRzyKr9pA6EGCY2A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpZ1d3aGhud0UyOVV6Vzcw
Q3Q2OVRQOEpXUk1TK2dOOEZtKzNlUkJGZHh3CmJwYnRpWFhJWHZXQ2I1TnhKWDRx
MGlrbXJoQTVPcUFBa0gvME95OVlxWkEKLS0tIHNZWWRwWUJPV3o3REpENzdMYkVk
Y1V5SXhCUllDWGhjK3JzWDRKQU9hMmMKuVmn6OAy2q/mpBKqUhl1qfpnPvFOd72c
/jMqnxClGSVXjJ5qdvcXCfLeYwT8vnhViNZmjE1ebRosE5YupvrjUg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-13T11:17:33Z"
mac: ENC[AES256_GCM,data:CpzC0H2Rfvl7F9tXCJ0WwkhE4Ba7eOIl1QMh1DHP8YQ9rChzAE8S5SXXuJA0jcmVY6NPfZ7zl8VEBepE+LHCq2UdSkAefawLeM6HwNfedP8N+zheqlyCZ8Os48628aHYN0PVI+/dMvpWWcfl+CFaH1mm4c+KYedCIsS9ZEYi9N8=,iv:EbF58pxbtHxPTAgs4dbZ31qyRT3QJ1kQoUShbLE11FY=,tag:FNF/OzS2SL3FweFw0RcRLQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

21
magpie/secrets/nextcloud_admin.yaml
View File

@@ -1,21 +0,0 @@
nextcloud_admin: ENC[AES256_GCM,data:txb5JSKxFeTS3M9LSk7m5M1XAvg=,iv:Rf6VNFmK+f0pjL7wH0dlcPL4CqQDRq/qQyliTdn2c4I=,tag:wDQqDZCK2p5aG+g8eE4weA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrUnQ3SDAyRTUxUDF0dDhY
K3JmQWlYRVJtdEFac0J4U0RGKzZGNXJmUEg4CmtBSW9yNGZScXhKdnhZWkxIamFW
YXEzbGhwR2F3dDJGdzljZUZBeERhU1kKLS0tIGlXZUhsdnI4ell5R3ZZbjZ0NCtO
TUpkZmxBNzZ1UUY1dGRud2hycGUyZW8KFUGikaFQjFfmn068qex2tpGbRHIbmS3l
27lqo8+eRFnq0nw8H/1yRMi8IghR0+XK68T49hlt0VLS9LZJG1aPag==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-10-17T23:08:24Z"
mac: ENC[AES256_GCM,data:fb9cOL4Q+q5uarmXtXNlpRmWgv/Ao1MqwwH2V2CQxEiP8zFyFBZs2435vdcLzrQrnBXz0JLVu4g10SH2T4dpYFP42teIkrgmneecjjcM+UOsBsGsrxlpHMha1t/ERRhBA7uJze5/kwHqry6eruWehRTu65QF1qBTql3m6ipjCeY=,iv:a7aFuTCcRCIDERlrj/9dFCF7VgCDDakfPteQimHV3lc=,tag:4mwrDHaQWA4EU0AgtgZaMg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

419
mediabox/configuration.nix
View File

@@ -1,419 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
lib,
sops-nix,
zremap,
system,
...
}: {
imports = [];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
owner = config.users.users.nobody.name;
group = config.users.users.nobody.group;
};
nix = {
optimise.automatic = true;
gc.automatic = true;
gc.options = "--delete-older-than 7d";
package = pkgs.nixUnstable;
settings = {
experimental-features = ["nix-command" "flakes"];
};
};
boot = {
initrd.compressor = "zstd";
kernelModules = ["acpi_call"];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
loader.systemd-boot = {
editor = false;
enable = true;
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
tmp.useTmpfs = true;
tmp.tmpfsSize = "80%";
};
security = {
rtkit.enable = true;
acme = {
acceptTerms = true;
defaults.email = "aasmir@gmx.com";
};
};
powerManagement = {
enable = true;
cpuFreqGovernor = "ondemand";
};
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443];
};
hostName = "mediabox";
interfaces.enp0s25.useDHCP = true;
interfaces.wlp3s0.useDHCP = false;
useDHCP = false;
wireless.enable = false;
wireless.interfaces = ["wlp3s0"];
nameservers = ["127.0.0.1" "::1"];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = ''
192.168.1.173 nixy.lan
192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan
192.168.88.231 workstation.lan
'';
};
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
environment = {
homeBinInPath = true;
variables = {
PATH = "$HOME/.cargo/bin";
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
programs.zsh.enable = true;
programs.light.enable = true;
programs.firejail.enable = true;
programs.adb.enable = false;
programs.wireshark.enable = true;
programs.sway.enable = true;
# List services that you want to enable:
systemd = {
services = {
"macchanger-wireless" = {
after = ["sys-subsystem-net-devices-wlp3s0.device"];
before = ["network-pre.target"];
bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = ["multi-user.target"];
wants = ["network-pre.target"];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
serviceConfig.Type = "oneshot";
};
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
serviceConfig.Nice = -20;
script = ''
sleep 1
${zremap.defaultPackage.${system}}/bin/zremap \
/dev/input/by-path/platform-i8042-serio-0-event-kbd
'';
};
"wakeonlan" = {
description = "Reenable wake on lan every boot";
after = ["network.target"];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
};
wantedBy = ["default.target" "suspend.target" "shutdown.target"];
};
/*
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
*/
};
};
services = {
acpid.enable = true;
btrfs.autoScrub.enable = true;
dbus.enable = true;
fstrim.enable = true;
fwupd.enable = true;
ntp.enable = true;
openssh.enable = true;
restya-board.enable = false;
thinkfan.enable = false;
xrdp = {
enable = true;
defaultWindowManager = "icewm";
openFirewall = true;
};
logind = {
lidSwitch = "ignore";
};
jellyfin = {
enable = true;
user = "akill";
openFirewall = true;
};
jellyseerr = {
enable = true;
openFirewall = true;
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
deluge = {
enable = false;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/deluge";
web = {
enable = true;
openFirewall = false;
};
config = {
download_location = "/media";
allow_remote = true;
daemon_port = 58846;
};
};
transmission = {
enable = false;
openFirewall = true;
settings = {
rpc-whitelist = "192.168.88.*";
download-dir = "/media";
};
};
qbittorrent = {
enable = true;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/qbittorrent";
port = 8081;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."deluge.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8112/";
};
virtualHosts."qbittorrent.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8081/";
};
virtualHosts."jellyfin.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8096/";
};
virtualHosts."jellyseerr.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:5055/";
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
displayManager.lightdm.enable = false;
displayManager.defaultSession = "none+icewm";
windowManager.icewm.enable = true;
};
udev.packages = [];
tlp = {
enable = true;
settings = {};
};
actkbd = {
enable = true;
bindings = [
{
keys = [121];
events = ["key"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
}
{
keys = [122];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
}
{
keys = [123];
events = ["key" "rep"];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
}
{
keys = [224];
events = ["key"];
command = "/run/current-system/sw/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
command = "/run/current-system/sw/bin/light -A 5";
}
];
};
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
dnscrypt-proxy2 = {
enable = true;
settings = {
ipv6_servers = true;
require_dnssec = true;
sources.public-resolvers = {
urls = [
"https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
"https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
];
cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md";
minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
};
};
};
};
fonts.packages = with pkgs; [
dina-font
fira-code
fira-code-symbols
font-awesome
font-awesome_4
iosevka
jetbrains-mono
liberation_ttf
proggyfonts
siji
];
virtualisation = {
podman = {
enable = true;
dockerCompat = true;
};
};
sound.enable = true;
hardware = {
bluetooth = {
enable = false;
settings = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
opengl = {
enable = true;
driSupport = true;
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
];
};
};
zramSwap = {
enable = false;
algorithm = "zstd";
};
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.ado = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
};
users.users.mediauser = {
isNormalUser = true;
shell = pkgs.bash;
extraGroups = [];
};
}

64
mediabox/hardware-configuration.nix
View File

@@ -1,64 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=root" "compress=lzo" "noatime"];
};
boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a";
fileSystems."/home" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=home" "compress=lzo" "noatime"];
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=nix" "compress=lzo" "noatime"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=persist" "compress=lzo" "noatime"];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e";
fsType = "btrfs";
options = ["subvol=log" "compress=lzo" "noatime"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4B94-6E7B";
fsType = "vfat";
};
swapDevices = [
{device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982";}
];
hardware.cpu.intel.updateMicrocode = true;
nix.settings.max-jobs = lib.mkDefault 8;
}

1
mediabox/peerix-public
View File

@@ -1 +0,0 @@
peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw=

40
mediabox/secrets/peerix.yaml
View File

@@ -1,40 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:m76hyDWzcIlczegZyPyTtOYOgOGeyX++SeGsqEWS5b3ZbR2M9RqUGYEscLRX3/Dlff2vgs+hI4cOjiMnhq9pnLzP25Xh4XAiJNMkD43fFCCb7zj2RUWEyLAzzmWpR8fSB1mXTpciUGM=,iv:s9EXpkGYR0kI5xQZ8wAmkobK1q4XlVdFH4irEVwy1bs=,tag:L7AF6mFsxss6NDantbqXMw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMkdLVEFQMVk1allhK2hL
NXFXc254SmhxK0lFWTd1SUorUGQ0VEJPcXo4ClNYSkhJbnVjUjdFOGtoWFV2VWZC
NmpaRDVhWnRQUmVDWS9WU2pTVlBEQ1EKLS0tIFAydU9aYXJnd1NnRzU2YXpXM1Vq
VWhhbkZTT1kwTEl5VEVWR1A2aW5OUDgKiYcj5Yo42RjQeo1UeUTBV8YBNYL8ccLW
bQ1655MU/q3LQh14lqwbsOfmGjPc9H0ECltm+V+kNPTRi76qFhcodg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1eGJCRlhHbk1JQWl2RllZ
R3hkVGtIamJzZlVLazUrVEJnNmU3Z0tLMG5RClp2Z01Fc1p5QzFhUWNzU2NpU0Zo
aTRPMFhPYlA4VmZNUWFsWHZRMUxyaTQKLS0tIG51TW9JRW12RzVmdWpZY3FaVnBR
UTZ2YWdQVjRTTUxPUWVwbHI4aklITmMKZQnfJs01D4FX+MF6oU0FmWYQ4reB/X/k
Lat8FrqerqaCYqYmAKe3HWBR6HEVm0U7I7jkVuoROMqz3uci+5HWbQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrNTNhaFVzaWFoTU9GdEZD
Z0JWQlFXc3N3SnAwR09YUmIxZlpvNllmU2tnCkFtVlRXMGV2d1V4S0ZxNlRiVzlC
N3dHSFM2eG02UVQrdGR0SnhUMitvelkKLS0tIFpvQUlIZ05HK3F0a2FkKy9EOURY
YzUwa2s0eTliSmxtajdjYmFsOSs2T1kKg08c1uB0swRSo0R6s6hup5JBfkrCKoxf
SjwBAZtjNhr3hrLy1eoo/dpYG6oAkEs3GvaaZ02ldT872dxZvg6r+g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-30T14:18:57Z"
mac: ENC[AES256_GCM,data:R0TJ/7uihpsCHwPLXFYKi+ZaEUtbZVz02utDF7vO7gYDN1MFa0c5nZ/mAnJJtTJI41GdAu9ezTUiU6H1HTHLxYMeUoNAAvNlSCkvGc/oMQofXidL34hq1X2vG05N3UQlkbAXTlCBkYc20oVVOVmT/lq7USEx29oB/ytxZzKYFvM=,iv:qpz0g+O4kwChct1ddiT3D8rZBg08YUr4Ba5pJ4WQyzo=,tag:pWLFiQWl1QSzveBxnq4uXw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.0

78
modules/nextcloud.nix
View File

@@ -1,78 +0,0 @@
{
config,
pkgs,
...
}: {
# Enable Nginx
services.nginx = {
enable = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256
sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# Setup Nextcloud virtual host to listen on ports
virtualHosts = {
"nextcloud.mediabox.lan" = {
## Force HTTP redirect to HTTPS
#forceSSL = true;
};
};
};
# Actual Nextcloud Config
services.nextcloud = {
enable = true;
hostName = "localhost";
enableBrokenCiphersForSSE = false;
package = pkgs.nextcloud25;
# Use HTTPS for links
https = true;
# Auto-update Nextcloud Apps
autoUpdateApps.enable = true;
# Set what time makes sense for you
autoUpdateApps.startAt = "05:00:00";
config = {
# Further forces Nextcloud to use HTTPS
overwriteProtocol = "https";
# Nextcloud PostegreSQL database configuration, recommended over using SQLite
dbtype = "pgsql";
dbuser = "nextcloud";
dbhost = "/run/postgresql"; # nextcloud will add /.s.PGSQL.5432 by itself
dbname = "nextcloud";
dbpassFile = "/var/nextcloud-db-pass";
adminpassFile = "/var/nextcloud-admin-pass";
adminuser = "admin";
};
};
# Enable PostgreSQL
services.postgresql = {
enable = true;
# Ensure the database, user, and permissions always exist
ensureDatabases = ["nextcloud"];
ensureUsers = [
{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}
];
};
# Ensure that postgres is running before running the setup
systemd.services."nextcloud-setup" = {
requires = ["postgresql.service"];
after = ["postgresql.service"];
};
}

116
modules/qbittorrent.nix
View File

@@ -1,116 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.qbittorrent;
configDir = "${cfg.dataDir}/.config";
openFilesLimit = 4096;
in {
options.services.qbittorrent = {
enable = mkOption {
type = types.bool;
default = false;
description = ''
Run qBittorrent headlessly as systemwide daemon
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/qbittorrent";
description = ''
The directory where qBittorrent will create files.
'';
};
user = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
User account under which qBittorrent runs.
'';
};
group = mkOption {
type = types.str;
default = "qbittorrent";
description = ''
Group under which qBittorrent runs.
'';
};
port = mkOption {
type = types.port;
default = 8080;
description = ''
qBittorrent web UI port.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = ''
Open services.qBittorrent.port to the outside network.
'';
};
openFilesLimit = mkOption {
default = openFilesLimit;
description = ''
Number of files to allow qBittorrent to open.
'';
};
};
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.qbittorrent];
nixpkgs.overlays = [
(final: prev: {
qbittorrent = prev.qbittorrent.override {guiSupport = false;};
})
];
networking.firewall = mkIf cfg.openFirewall {
allowedTCPPorts = [cfg.port];
allowedUDPPorts = [cfg.port];
};
systemd.services.qbittorrent = {
after = ["network.target"];
description = "qBittorrent Daemon";
wantedBy = ["multi-user.target"];
path = [pkgs.qbittorrent];
serviceConfig = {
ExecStart = ''
${pkgs.qbittorrent}/bin/qbittorrent-nox \
--profile=${configDir} \
--webui-port=${toString cfg.port}
'';
# To prevent "Quit & shutdown daemon" from working; we want systemd to
# manage it!
Restart = "on-success";
User = cfg.user;
Group = cfg.group;
UMask = "0002";
LimitNOFILE = cfg.openFilesLimit;
};
};
users.users = mkIf (cfg.user == "qbittorrent") {
qbittorrent = {
group = cfg.group;
home = cfg.dataDir;
createHome = true;
description = "qBittorrent Daemon user";
};
};
users.groups =
mkIf (cfg.group == "qbittorrent") {qbittorrent = {gid = null;};};
};
}

31
nixy/secrets/peerix.yaml
View File

@@ -1,31 +0,0 @@
peerix:
private: ENC[AES256_GCM,data:767u5KKjk2lMr70vtBvX06t8n/1r5xpCrRNKc9QvypJmbPS+vS8vij8JYJZDKKFBh5xUazSLQC1ga2mpb+hEO2rgD0Aa70p22wwfOP+qCJQNYwlEf0MLWhlblTCE9Cr/eQSX7g==,iv:tPEB4NWbLMvzrUIvosj9PfinMhdWNBu5btjElvbDzxg=,tag:wzxaBzW0R6HKCyP5zlMPRw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRbi9uTGVPYlhYYWdFb25u
SGhSUm9rNmEzSkNVUEVIOGNLb1Z3VFdjNERFCjVEYXlXTlRCV2dLMW1VMWgzcXBR
OWxSOUZjZ2VCTzRycDhZRGRXWS9KRTAKLS0tIG8yMkZNeFRtdHVPTTJOM2tRSk5F
OXp3Wmh0b1lYQnJBWlMxeGZaZXdnY2MKftJPaUc9sDM8YmvUo1eVDNXWX4scr1rH
SMAod/Oq0BvQfyGIpvVBfL5T7RxlF1DwOedg/p3PSfMPjok7QLyv+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxdU9WSjZkWUd6NXFpdXNp
R2huUXZQOGZzb0Z0ekN2WkdRdEFJYk54RmhnCmo0ampNK01VR3lQM0RGYWlNQ3cx
Rk1BK1lIUHJPZ2R5YVd6RTlYbXJDVWcKLS0tIGV0Yy8ySnFMQ25PQUNBL3dPdmc3
WjhldWNVL0h6T1lUSEdXeHFQemRBVEEKJzh1HExRoy/iyTtBNaVdNgolWyFHaaLV
VTDZYEHq+eEIrVAG5xefG/nPpj2K6FRItA6+4PcKtyARG+gKYwp2tw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-28T11:55:00Z"
mac: ENC[AES256_GCM,data:ieNyjQlo1tQ8qxFMyIN5XGgUiclYIfJe6WUyWiR3qJKKOTnx5MBWNUuHfUMkpm2ToNpaxiDUih2Hhqv5S0Bq1zoExMLjqE36GgaOivha6DeoQn5+WH8bMdMAoc1PlCQkj6Fxw2sdZlrIKcswADk4MfDzdaY/vKoQ5AtK5Bdkgok=,iv:JaOfWEwbLhOTquQVIG6Ll38jkGOCzbtD8h5c7SOAzik=,tag:m4Fmor24Q9GDoe7nu2VnEA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

20
common/packages.nix → packages.nix
View File

@@ -2,7 +2,6 @@
config,
pkgs,
nix-xilinx,
system,
...
}: {
environment.systemPackages = with pkgs;
@@ -12,13 +11,10 @@
bluez
bluez-tools
btop
curlHTTP3
dfu-util
dhcpcd
direnv
dmidecode
dnsmasq
dtach
fd
file
fzf
@@ -26,40 +22,29 @@
git
gnupg
gptfdisk
hcxdumptool
hdparm
htop-vim
htop
interception-tools
jq
lm_sensors
meson
mosh
msmtp
nano
neovim
ninja
nix-index
nixos-option
nmap
ntfs3g
ntfsprogs
openhantek6022
optipng
pax-utils
pciutils
pstree
psutils
qemu_kvm
ripgrep
rsync
silver-searcher
socat
sshfs
strace
swaylock
tig
tmux
traceroute
unrar
unzip
usbutils
@@ -74,7 +59,6 @@
xdg-utils
zip
z-lua
nvim
]
++ (with nix-xilinx.packages.${system}; [vivado vitis vitis_hls model_composer xilinx-shell]);
++ (with nix-xilinx.packages.x86_64-linux; [vivado vitis vitis_hls model_composer xilinx-shell]);
}

56
packages/bubblewrap/default.nix
View File

@@ -1,56 +0,0 @@
{
lib,
stdenv,
fetchFromGitHub,
docbook_xsl,
libxslt,
meson,
ninja,
pkg-config,
bash-completion,
libcap,
libselinux,
}:
stdenv.mkDerivation rec {
pname = "bubblewrap";
version = "0.8.0";
src = fetchFromGitHub {
owner = "rhendric";
repo = "bubblewrap";
rev = "23ff0f875b3a0200c1796daa01173ecec7deaf88";
hash = "sha256-EWsuAGsShaHEmLi0jUHX2bFQZkinIOsRbgB7tZSfq8E=";
};
postPatch = ''
substituteInPlace tests/libtest.sh \
--replace "/var/tmp" "$TMPDIR"
'';
nativeBuildInputs = [
docbook_xsl
libxslt
meson
ninja
pkg-config
];
buildInputs = [
bash-completion
libcap
libselinux
];
# incompatible with Nix sandbox
doCheck = false;
meta = with lib; {
changelog = "https://github.com/containers/bubblewrap/releases/tag/${src.rev}";
description = "Unprivileged sandboxing tool";
homepage = "https://github.com/containers/bubblewrap";
license = licenses.lgpl2Plus;
maintainers = with maintainers; [dotlambda];
platforms = platforms.linux;
mainProgram = "bwrap";
};
}

169
packages/viber/default.nix
View File

@@ -1,169 +0,0 @@
{
alsa-lib,
brotli,
cups,
curl,
bubblewrap,
bash,
writeShellScriptBin,
dbus,
dpkg,
expat,
fetchurl,
fontconfig,
freetype,
glib,
gst_all_1,
harfbuzz,
krb5,
lcms,
lib,
libcap,
libevent,
libGL,
libGLU,
libopus,
libpulseaudio,
libwebp,
libxkbcommon,
libxml2,
libxslt,
makeWrapper,
mesa,
nspr,
nss,
openssl,
snappy,
stdenv,
systemd,
wayland,
xorg,
zlib,
zstd,
...
}:
stdenv.mkDerivation {
pname = "viber";
version = "21.8.0.11";
src = fetchurl {
# Official link: https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb
url = "https://download.cdn.viber.com/cdn/desktop/Linux/viber.deb";
hash = "sha256-RrObmN21QOm5nk0R2avgCH0ulrfiUIo2PnyYWvQaGVw=";
};
nativeBuildInputs = [makeWrapper];
buildInputs = [dpkg];
dontUnpack = true;
libPath = lib.makeLibraryPath [
alsa-lib
brotli
cups
curl
dbus
expat
fontconfig
freetype
glib
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
harfbuzz
krb5
lcms
libcap
libevent
libGLU
libGL
libopus
libpulseaudio
libwebp
libxkbcommon
libxml2
libxslt
mesa
nspr
nss
openssl
snappy
stdenv.cc.cc
systemd
wayland
zlib
zstd
xorg.libICE
xorg.libSM
xorg.libX11
xorg.libxcb
xorg.libXcomposite
xorg.libXcursor
xorg.libXdamage
xorg.libXext
xorg.libXfixes
xorg.libXi
xorg.libXrandr
xorg.libXrender
xorg.libXScrnSaver
xorg.libXtst
xorg.xcbutilimage
xorg.xcbutilkeysyms
xorg.xcbutilrenderutil
xorg.xcbutilwm
xorg.libxkbfile
];
installPhase = let
viberWrap = writeShellScriptBin "viberWrap" ''
${bubblewrap}/bin/bwrap --bind / / \
--dev /dev \
--tmpfs $HOME \
--bind $HOME/.ViberPC/ $HOME/.ViberPC \
--bind $HOME/Downloads/ $HOME/Downloads \
$@
'';
in ''
dpkg-deb -x $src $out
mkdir -p $out/bin
# Soothe nix-build "suspicions"
chmod -R g-w $out
for file in $(find $out -type f \( -perm /0111 -o -name \*.so\* \) ); do
patchelf --set-interpreter "$(cat $NIX_CC/nix-support/dynamic-linker)" "$file" || true
patchelf --set-rpath $libPath:$out/opt/viber/lib $file || true
done
# qt.conf is not working, so override everything using environment variables
wrapProgram $out/opt/viber/Viber \
--set QT_PLUGIN_PATH "$out/opt/viber/plugins" \
--set QT_XKB_CONFIG_ROOT "${xorg.xkeyboardconfig}/share/X11/xkb" \
--set QTCOMPOSE "${xorg.libX11.out}/share/X11/locale" \
--set QML2_IMPORT_PATH "$out/opt/viber/qml"
echo "#!${bash}/bin/bash" > $out/bin/viber
echo "${viberWrap}/bin/viberWrap $out/opt/viber/Viber" >> $out/bin/viber
chmod +x $out/bin/viber
mv $out/usr/share $out/share
rm -rf $out/usr
# Fix the desktop link
substituteInPlace $out/share/applications/viber.desktop \
--replace /opt/viber/Viber $out/opt/viber/Viber \
--replace /usr/share/ $out/share/
'';
dontStrip = true;
dontPatchELF = true;
meta = {
homepage = "https://www.viber.com";
description = "An instant messaging and Voice over IP (VoIP) app";
sourceProvenance = with lib.sourceTypes; [binaryNativeCode];
license = lib.licenses.unfree;
platforms = ["x86_64-linux"];
maintainers = with lib.maintainers; [jagajaga];
};
}

1
packages/zapzap/.nixd.json
View File

@@ -1 +0,0 @@
../../.nixd.json

27
packages/zapzap/default.nix
View File

@@ -1,27 +0,0 @@
{ fetchurl
, makeWrapper
, python3Packages
, qt6
}:
python3Packages.buildPythonPackage rec {
name = "zapzap";
version = "5.1-2";
src = fetchurl {
url = "https://github.com/zapzap-linux/zapzap/archive/refs/tags/${version}.tar.gz";
hash = "sha256-r5NhdXQ4Tl/wFrD1+sxFS10Z3lAcHcax5bi43Qa3ZI0=";
};
dontWrapQtApps = true;
propagatedBuildInputs = with python3Packages; [ pyqt6-webengine qt6.qtwayland qt6.qtsvg ];
nativeBuildInputs = [ qt6.wrapQtAppsHook makeWrapper ];
env = {
HOME = "/tmp";
};
preFixup = ''
makeWrapperArgs+=(
# Force the app to use QT_PLUGIN_PATH values from wrapper
--unset QT_PLUGIN_PATH
"''${qtWrapperArgs[@]}"
)
'';
}

0
nixy/peerix-public → peerix-public
View File

31
secrets/peerix.yaml Normal file
View File

@@ -0,0 +1,31 @@
peerix:
private: ENC[AES256_GCM,data:WlWrX0kxeElaGvFllg2EkgfDsj1bkRwD9xMTWQevktDQaRd3IdVD9IwFZcwgTgS4hVM6gy9Q/VWX3M12vKaLdaKeTR/PMOQGCov291w12cAFIg/pYINp+511a9aHqFaIZx0WeA==,iv:Ni0M4Tikcbs6NsanYunOKn1R8jLlC59NiDbqNVPW7gM=,tag:POSZ9OgkLZyvnN8vn8OgDQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNbWcxaHVYUjVydnZVZkJa
MFA1TDJFcmtpUis2SXBWNjh5QjI0WkgydHhBCklzVFRlZ0VoSitISlpIaVFJaHRZ
enNFaFl1MkRaQUtpb1JUOUNJaXJDT00KLS0tIHZBeGc2ejR4bkcxVjhrWDYyOVpk
V28zVWZsTFpJVHY3bHdqR3dGMHNqWncKcjvVw61Zfh0yXKikjnrlq1CIoN7wDiiQ
5FDAzjdTMGLOXvrxtfKEJ0RUP8/ANJ+b69pJTBl8To4qIAFGKU0syg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1smcrg45udmvl5w8306qec07lqqzjplwx3l8f80tcewpkh7r3h5yqgenrqd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYUnNveWIrOEE4UnlGNnpN
WE5oN1hrOTlma0ZWUDc5ZG5pcUFOV1BJam5nCnhiaFRJVjcreDFiTU85RlJzK0tT
eURJdHAwWXVZU2xHbTdsOVc4VjJOaUUKLS0tIGJ2c3JxVGFZWHdCY1p3M1VRNGlk
enVTczYxcjNPZkFHTG5RZEtRTTRJOUEKNTPZFBwdnKNmalgPqpJew8ucwQZ3yK+8
6Zqv3POnq68ms4nFelQynDYDAEK/maN+qYdo8qgFi14pz87liVF/Ug==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-03T20:12:05Z"
mac: ENC[AES256_GCM,data:kcfnNiu88VTYGgxfSRIkqK8MXS7Gcan9oXxc+UM6/c7yCj35ogNGtDxJmJ4O1Gov2LrP3+lbhyHjOeQBYN06JmE+3o3SV/bIZ5HUWMYqmj+yO1sG8ugSx2NAgSMKmyESlrZTZvN9Z9Z8JocmN1TtyA9Uip7/URfGOXaIFYYDLwE=,iv:bxRoXN4DEIi4B2bCxKcImKp1rfkps4RxP3UbjBePjPw=,tag:x4yXtvmoOrFEadhZmbJjAQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3