From 78907aa98c1af8624a62ca123d088c6c16424f41 Mon Sep 17 00:00:00 2001 From: polwex Date: Sun, 21 Jul 2024 01:09:48 +0700 Subject: init --- flake.lock | 1587 ++++++++++++++++++++ flake.nix | 82 + hosts/adguard.nix | 17 + hosts/android.nix | 40 + hosts/base.nix | 22 + hosts/cloud/bkk/configuration.nix | 49 + hosts/cloud/bkk/hardware-configuration.nix | 34 + hosts/cloud/bkk/nginx.nix | 62 + hosts/cloud/flake.lock | 48 + hosts/cloud/flake.nix | 67 + hosts/cloud/install-script.sh | 170 +++ hosts/cloud/jeet/configuration.nix | 75 + hosts/cloud/jeet/disk-config.nix | 52 + hosts/cloud/jeet/hardware-configuration.nix | 24 + hosts/cloud/oldsortug/configuration.nix | 46 + hosts/cloud/oldsortug/coturn.nix | 60 + hosts/cloud/oldsortug/gitea.nix | 27 + hosts/cloud/oldsortug/hardware-configuration.nix | 31 + hosts/cloud/oldsortug/nginx.nix | 21 + hosts/cloud/oldsortug/packages.nix | 53 + hosts/cloud/oldsortug/users.nix | 56 + hosts/cloud/packages.nix | 55 + hosts/cloud/sing/configuration.nix | 38 + hosts/cloud/sing/disk-config.nix | 52 + hosts/cloud/sing/hardware-configuration.nix | 20 + hosts/cloud/sing/init.nix | 42 + hosts/cloud/sing/jellyfin.nix | 7 + hosts/cloud/sing/mail.key | 1 + hosts/cloud/sing/mail.nix | 68 + hosts/cloud/sing/mail2.key | 1 + hosts/cloud/sing/nginx.nix | 129 ++ hosts/cloud/sing/omail.nix | 79 + hosts/cloud/sing/packages.nix | 53 + hosts/cloud/sing/users.nix | 40 + hosts/cloud/sortug/configuration.nix | 90 ++ hosts/cloud/sortug/coturn.nix | 60 + hosts/cloud/sortug/default.nix | 3 + hosts/cloud/sortug/disk-config.nix | 56 + hosts/cloud/sortug/fetch/configuration.nix | 126 ++ .../cloud/sortug/fetch/hardware-configuration.nix | 24 + hosts/cloud/sortug/gitea.nix | 27 + hosts/cloud/sortug/hardware-configuration.nix | 17 + hosts/cloud/sortug/hardware2.nix | 29 + hosts/cloud/sortug/legacy.nix | 40 + hosts/cloud/sortug/minio.nix | 9 + hosts/cloud/sortug/nginx.nix | 124 ++ hosts/cloud/sortug/packages.nix | 53 + hosts/cloud/sortug/users.nix | 56 + hosts/cloud/spanm/configuration.nix | 66 + hosts/cloud/spanm/flake.lock | 27 + hosts/cloud/spanm/flake.nix | 16 + hosts/cloud/spanm/hardware-configuration.nix | 36 + hosts/cloud/spanm/mail.nix | 67 + hosts/cloud/spanm/nginx.nix | 46 + hosts/cloud/spanm/packages.nix | 47 + hosts/cloud/spanm/users.nix | 42 + hosts/cloud/users.nix | 41 + hosts/editors.nix | 12 + hosts/headless/bcn.nix | 70 + hosts/headless/configuration.nix | 76 + hosts/headless/flake.lock | 82 + hosts/headless/flake.nix | 41 + hosts/headless/hardware-configuration.nix | 20 + hosts/headless/headless.nix | 4 + hosts/linux.nix | 44 + hosts/local/fw11/configuration.nix | 53 + hosts/local/fw11/default.nix | 6 + hosts/local/fw11/framework.kbd | 101 ++ hosts/local/fw11/hardware-configuration.nix | 39 + hosts/local/fw11/keyboard.nix | 46 + hosts/local/i3.nix | 134 ++ hosts/local/master/configuration.nix | 61 + hosts/local/master/default.nix | 5 + hosts/local/master/hardware-configuration.nix | 41 + hosts/local/nvidia.nix | 17 + hosts/local/ohira/configuration.nix | 287 ++++ hosts/local/ohira/default.nix | 4 + hosts/local/ohira/hardware-configuration.nix | 39 + hosts/local/wayland.nix | 188 +++ hosts/network.nix | 32 + hosts/nixos.nix | 21 + hosts/pkgs.nix | 70 + hosts/syncthing.nix | 9 + hosts/unfree.nix | 24 + hosts/users.nix | 55 + outputs.nix | 17 + result | 1 + 87 files changed, 5909 insertions(+) create mode 100644 flake.lock create mode 100644 flake.nix create mode 100644 hosts/adguard.nix create mode 100644 hosts/android.nix create mode 100644 hosts/base.nix create mode 100644 hosts/cloud/bkk/configuration.nix create mode 100644 hosts/cloud/bkk/hardware-configuration.nix create mode 100644 hosts/cloud/bkk/nginx.nix create mode 100644 hosts/cloud/flake.lock create mode 100644 hosts/cloud/flake.nix create mode 100644 hosts/cloud/install-script.sh create mode 100644 hosts/cloud/jeet/configuration.nix create mode 100644 hosts/cloud/jeet/disk-config.nix create mode 100644 hosts/cloud/jeet/hardware-configuration.nix create mode 100644 hosts/cloud/oldsortug/configuration.nix create mode 100644 hosts/cloud/oldsortug/coturn.nix create mode 100644 hosts/cloud/oldsortug/gitea.nix create mode 100644 hosts/cloud/oldsortug/hardware-configuration.nix create mode 100644 hosts/cloud/oldsortug/nginx.nix create mode 100644 hosts/cloud/oldsortug/packages.nix create mode 100644 hosts/cloud/oldsortug/users.nix create mode 100644 hosts/cloud/packages.nix create mode 100644 hosts/cloud/sing/configuration.nix create mode 100644 hosts/cloud/sing/disk-config.nix create mode 100644 hosts/cloud/sing/hardware-configuration.nix create mode 100644 hosts/cloud/sing/init.nix create mode 100644 hosts/cloud/sing/jellyfin.nix create mode 100644 hosts/cloud/sing/mail.key create mode 100644 hosts/cloud/sing/mail.nix create mode 100644 hosts/cloud/sing/mail2.key create mode 100644 hosts/cloud/sing/nginx.nix create mode 100644 hosts/cloud/sing/omail.nix create mode 100644 hosts/cloud/sing/packages.nix create mode 100644 hosts/cloud/sing/users.nix create mode 100644 hosts/cloud/sortug/configuration.nix create mode 100644 hosts/cloud/sortug/coturn.nix create mode 100644 hosts/cloud/sortug/default.nix create mode 100644 hosts/cloud/sortug/disk-config.nix create mode 100644 hosts/cloud/sortug/fetch/configuration.nix create mode 100644 hosts/cloud/sortug/fetch/hardware-configuration.nix create mode 100644 hosts/cloud/sortug/gitea.nix create mode 100644 hosts/cloud/sortug/hardware-configuration.nix create mode 100644 hosts/cloud/sortug/hardware2.nix create mode 100644 hosts/cloud/sortug/legacy.nix create mode 100644 hosts/cloud/sortug/minio.nix create mode 100644 hosts/cloud/sortug/nginx.nix create mode 100644 hosts/cloud/sortug/packages.nix create mode 100644 hosts/cloud/sortug/users.nix create mode 100644 hosts/cloud/spanm/configuration.nix create mode 100644 hosts/cloud/spanm/flake.lock create mode 100644 hosts/cloud/spanm/flake.nix create mode 100644 hosts/cloud/spanm/hardware-configuration.nix create mode 100644 hosts/cloud/spanm/mail.nix create mode 100644 hosts/cloud/spanm/nginx.nix create mode 100644 hosts/cloud/spanm/packages.nix create mode 100644 hosts/cloud/spanm/users.nix create mode 100644 hosts/cloud/users.nix create mode 100644 hosts/editors.nix create mode 100644 hosts/headless/bcn.nix create mode 100644 hosts/headless/configuration.nix create mode 100644 hosts/headless/flake.lock create mode 100644 hosts/headless/flake.nix create mode 100644 hosts/headless/hardware-configuration.nix create mode 100644 hosts/headless/headless.nix create mode 100644 hosts/linux.nix create mode 100644 hosts/local/fw11/configuration.nix create mode 100644 hosts/local/fw11/default.nix create mode 100644 hosts/local/fw11/framework.kbd create mode 100644 hosts/local/fw11/hardware-configuration.nix create mode 100644 hosts/local/fw11/keyboard.nix create mode 100644 hosts/local/i3.nix create mode 100644 hosts/local/master/configuration.nix create mode 100644 hosts/local/master/default.nix create mode 100644 hosts/local/master/hardware-configuration.nix create mode 100644 hosts/local/nvidia.nix create mode 100644 hosts/local/ohira/configuration.nix create mode 100644 hosts/local/ohira/default.nix create mode 100644 hosts/local/ohira/hardware-configuration.nix create mode 100644 hosts/local/wayland.nix create mode 100644 hosts/network.nix create mode 100644 hosts/nixos.nix create mode 100644 hosts/pkgs.nix create mode 100644 hosts/syncthing.nix create mode 100644 hosts/unfree.nix create mode 100644 hosts/users.nix create mode 100644 outputs.nix create mode 120000 result diff --git a/flake.lock b/flake.lock new file mode 100644 index 0000000..a6174d9 --- /dev/null +++ b/flake.lock @@ -0,0 +1,1587 @@ +{ + "nodes": { + "agenix": { + "inputs": { + "agenix": "agenix_2", + "crane": "crane", + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718869541, + "narHash": "sha256-smhpGh1x/8mNl+sFL8SbeWnx0bK4HWjmdRA3mIwGjPU=", + "owner": "yaxitech", + "repo": "ragenix", + "rev": "8a254bbaa93fbd38e16f70fa81af6782794e046e", + "type": "github" + }, + "original": { + "owner": "yaxitech", + "repo": "ragenix", + "type": "github" + } + }, + "agenix_2": { + "inputs": { + "darwin": "darwin", + "home-manager": "home-manager", + "nixpkgs": [ + "agenix", + "nixpkgs" + ], + "systems": "systems" + }, + "locked": { + "lastModified": 1707830867, + "narHash": "sha256-PAdwm5QqdlwIqGrfzzvzZubM+FXtilekQ/FA0cI49/o=", + "owner": "ryantm", + "repo": "agenix", + "rev": "8cb01a0e717311680e0cbca06a76cbceba6f3ed6", + "type": "github" + }, + "original": { + "owner": "ryantm", + "repo": "agenix", + "type": "github" + } + }, + "crane": { + "inputs": { + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1708794349, + "narHash": "sha256-jX+B1VGHT0ruHHL5RwS8L21R6miBn4B6s9iVyUJsJJY=", + "owner": "ipetkov", + "repo": "crane", + "rev": "2c94ff9a6fbeb9f3ea0107f28688edbe9c81deaa", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_2": { + "inputs": { + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709610799, + "narHash": "sha256-5jfLQx0U9hXbi2skYMGodDJkIgffrjIOgMRjZqms2QE=", + "owner": "ipetkov", + "repo": "crane", + "rev": "81c393c776d5379c030607866afef6406ca1be57", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "crane_3": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718474113, + "narHash": "sha256-UKrfy/46YF2TRnxTtKCYzqf2f5ZPRRWwKCCJb7O5X8U=", + "owner": "ipetkov", + "repo": "crane", + "rev": "0095fd8ea00ae0a9e6014f39c375e40c2fbd3386", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, + "darwin": { + "inputs": { + "nixpkgs": [ + "agenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", + "type": "github" + }, + "original": { + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721417620, + "narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=", + "owner": "nix-community", + "repo": "disko", + "rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { + "locked": { + "lastModified": 1717312683, + "narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=", + "owner": "nix-community", + "repo": "flake-compat", + "rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719994518, + "narHash": "sha256-pQMhCCHyQGRzdfAkdJ4cIWiw+JNuWsTX7f0ZYSyz0VY=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "9227223f6d922fee3c7b190b2cc238a99527bbb7", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "inputs": { + "systems": "systems_5" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_6" + }, + "locked": { + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_7": { + "inputs": { + "systems": "systems_7" + }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs", + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_3": { + "inputs": { + "nixpkgs": [ + "nixos-rk3588", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "helix": { + "inputs": { + "crane": "crane_2", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2", + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1721378695, + "narHash": "sha256-WHjO7Ku9AjcDxaciZzEe6taye6KWLrw/eRQNWHMIkB8=", + "owner": "helix-editor", + "repo": "helix", + "rev": "dbaa6366834790cda0bd92ea8971fec9ae9b601b", + "type": "github" + }, + "original": { + "owner": "helix-editor", + "repo": "helix", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "agenix", + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "homix": { + "inputs": { + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1720719665, + "narHash": "sha256-BKcOoDlMC86zExMKXFXQ04HO99fUNFmtEdvP+gB45Pk=", + "owner": "homix-community", + "repo": "homix", + "rev": "62bc58f2350cbb061e61ac0f3d63018663fbe4cb", + "type": "github" + }, + "original": { + "owner": "homix-community", + "repo": "homix", + "type": "github" + } + }, + "impermanence": { + "locked": { + "lastModified": 1719091691, + "narHash": "sha256-AxaLX5cBEcGtE02PeGsfscSb/fWMnyS7zMWBXQWDKbE=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "23c1f06316b67cb5dabdfe2973da3785cfe9c34a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, + "kmonad": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "dir": "nix", + "lastModified": 1721284730, + "narHash": "sha256-eWPldqxXsqtbWrXflLEhZBjiSq0TJvIYoXQ/ExDKmls=", + "owner": "kmonad", + "repo": "kmonad", + "rev": "e5e839bcbedda23df0b8a3f8659edfa2c9bef8f8", + "type": "github" + }, + "original": { + "dir": "nix", + "owner": "kmonad", + "repo": "kmonad", + "type": "github" + } + }, + "lanzaboote": { + "inputs": { + "crane": "crane_3", + "flake-compat": "flake-compat_2", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_5", + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay_3" + }, + "locked": { + "lastModified": 1719818887, + "narHash": "sha256-Bogl1pJlgby7OpR16jp8zwOWV7FHRxCsnNxHcisyIq0=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "0e6457c98547ec8866714d4222545e7e8c1ae429", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lanzaboote", + "type": "github" + } + }, + "lib-aggregate": { + "inputs": { + "flake-utils": "flake-utils_7", + "nixpkgs-lib": "nixpkgs-lib_3" + }, + "locked": { + "lastModified": 1720958877, + "narHash": "sha256-ggCV3etL7W1X9kxhLPZP35+BBh1LgQybene+L/aeQaQ=", + "owner": "nix-community", + "repo": "lib-aggregate", + "rev": "6e56a6fd1d993eb02c991d449819f01340888e02", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "lib-aggregate", + "type": "github" + } + }, + "microvm": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_6", + "spectrum": "spectrum" + }, + "locked": { + "lastModified": 1721171275, + "narHash": "sha256-GKdodvwT9Suh6V0qJ0N/YWTIADWwto/x3XnFO86iXDs=", + "owner": "astro", + "repo": "microvm.nix", + "rev": "36e261aa2c15a4020663cef87905f436b15305f7", + "type": "github" + }, + "original": { + "owner": "astro", + "repo": "microvm.nix", + "type": "github" + } + }, + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs-darwin" + ] + }, + "locked": { + "lastModified": 1721270582, + "narHash": "sha256-MdZmYPPExntE5rJu88IhJSy8Um4UyZCTXhOwvzbjDVI=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "a3e4a7b8ffc08c7dc1973822a77ad432e1ec3dec", + "type": "github" + }, + "original": { + "owner": "lnl7", + "repo": "nix-darwin", + "type": "github" + } + }, + "nix-eval-jobs": { + "inputs": { + "flake-parts": "flake-parts_4", + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_10", + "treefmt-nix": "treefmt-nix" + }, + "locked": { + "lastModified": 1720931326, + "narHash": "sha256-QHajV5BjfaMWbiOAJ/MGH+exXo+CjzUpkxxEtz0ZZ2k=", + "owner": "nix-community", + "repo": "nix-eval-jobs", + "rev": "c132534bc68eb48479a59a3116ee7ce0f16ce12b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-eval-jobs", + "type": "github" + } + }, + "nix-gaming": { + "inputs": { + "flake-parts": "flake-parts_3", + "nixpkgs": "nixpkgs_7", + "umu": "umu" + }, + "locked": { + "lastModified": 1721478318, + "narHash": "sha256-kguFwlHcs7hr8fgThS6xkKuOySUKODfp1D0nJKtSrKY=", + "owner": "fufexan", + "repo": "nix-gaming", + "rev": "9d4bca9cd02d6e241d520431fea22406fed10848", + "type": "github" + }, + "original": { + "owner": "fufexan", + "repo": "nix-gaming", + "type": "github" + } + }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720066371, + "narHash": "sha256-uPlLYH2S0ACj0IcgaK9Lsf4spmJoGejR9DotXiXSBZQ=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "622f829f5fe69310a866c8a6cd07e747c44ef820", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-github-actions", + "type": "github" + } + }, + "nixlib": { + "locked": { + "lastModified": 1719708727, + "narHash": "sha256-XFNKtyirrGNdehpg7lMNm1skEcBApjqGhaHc/OI95HY=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "1bba8a624b3b9d4f68db94fb63aaeb46039ce9e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixlib_2": { + "locked": { + "lastModified": 1709426687, + "narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos-cn": { + "inputs": { + "flake-utils": "flake-utils_5", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721353155, + "narHash": "sha256-OJWzQC04UBDkXJyxoGnhQZwdxITBnN5QfEczY9Ht4gQ=", + "owner": "nixos-cn", + "repo": "flakes", + "rev": "7d6545e2d0d1a2614a3b98f724ea5d6e068649d1", + "type": "github" + }, + "original": { + "owner": "nixos-cn", + "repo": "flakes", + "type": "github" + } + }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720859326, + "narHash": "sha256-i8BiZj5faQS6gsupE0S9xtiyZmWinGpVLwxXWV342aQ=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "076ea5b672bb1ea535ee84cfdabd0c2f0b7f20c7", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-generators_2": { + "inputs": { + "nixlib": "nixlib_2", + "nixpkgs": [ + "nixos-rk3588", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709557527, + "narHash": "sha256-PV8oYqhTHX6FGZMQ1m5dhRuS914AhofPwgnAMhUZtwE=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "d048d6fc4bada612ff08d4b9d5edc48d45389431", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, + "nixos-hardware": { + "locked": { + "lastModified": 1721413321, + "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", + "owner": "nixos", + "repo": "nixos-hardware", + "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixos-rk3588": { + "inputs": { + "flake-utils": "flake-utils_6", + "nixos-generators": "nixos-generators_2", + "nixpkgs": "nixpkgs_8", + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1715737248, + "narHash": "sha256-DFh9cEWypbcitiuQ+pazHrY2z0qq2XYzPFsqZg7oZ5M=", + "owner": "ryan4yin", + "repo": "nixos-rk3588", + "rev": "c4fef04d8c124146e6e99138283e0c57b2ad8e29", + "type": "github" + }, + "original": { + "owner": "ryan4yin", + "repo": "nixos-rk3588", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1719082008, + "narHash": "sha256-jHJSUH619zBQ6WdC21fFAlDxHErKVDJ5fpN0Hgx4sjs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9693852a2070b398ee123a329e68f0dab5526681", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-darwin": { + "locked": { + "lastModified": 1721396254, + "narHash": "sha256-IpPVxufZfE8qy9Vp18LBNaDaxQThM4kS3PsFJHxMcdU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "83bb0d311cc9b1f6f4c860f4a9b30b8a1466126c", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-24.05-darwin", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_2": { + "locked": { + "lastModified": 1719876945, + "narHash": "sha256-Fm2rDDs86sHy0/1jxTOKB1118Q0O3Uc7EC0iXvXKpbI=", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + }, + "original": { + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/5daf0514482af3f97abaefc78a6606365c9108e2.tar.gz" + } + }, + "nixpkgs-lib_3": { + "locked": { + "lastModified": 1720918433, + "narHash": "sha256-z3Lp++7k4l/3K4A+7v3cuHBNcm/vntGXgxElLH+INa4=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "3b0b1763c0f0931deaa2980b7b146f8ae7a6a952", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-stable": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_3": { + "locked": { + "lastModified": 1721226092, + "narHash": "sha256-UBvzVpo5sXSi2S/Av+t+Q+C2mhMIw/LBEZR+d6NMjws=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c716603a63aca44f39bef1986c13402167450e0a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-wayland": { + "inputs": { + "flake-compat": "flake-compat_3", + "lib-aggregate": "lib-aggregate", + "nix-eval-jobs": "nix-eval-jobs", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721432204, + "narHash": "sha256-P+EcNbJfOAfSiTbgv0x3IDx+f0yZYRDAVOQvSeLNuBI=", + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "rev": "79fefa5cf958abe84266753de014126afbd33935", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs-wayland", + "type": "github" + } + }, + "nixpkgs_10": { + "locked": { + "lastModified": 1720781449, + "narHash": "sha256-po3TZO9kcZwzvkyMJKb0WCzzDtiHWD34XeRaX1lWXp0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "8b5a3d5a1d951344d683b442c0739010b80039db", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1702151865, + "narHash": "sha256-9VAt19t6yQa7pHZLDbil/QctAgVsA66DLnzdRGqDisg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "666fc80e7b2afb570462423cb0e1cf1a3a34fedd", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1709479366, + "narHash": "sha256-n6F0n8UV6lnTZbYPl1A9q1BS0p4hduAv1mGAP17CVd0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "b8697e57f10292a6165a20f03d2f42920dfaf973", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1719690277, + "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1720368505, + "narHash": "sha256-5r0pInVo5d6Enti0YwUSQK4TebITypB42bWy5su3MrQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ab82a9612aa45284d4adf69ee81871a389669a9e", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1718541509, + "narHash": "sha256-TmC5TxW5WPAfmovDzi1hLe1i4qqND79s9SH9UOKcSvo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ba06293cdba1c94af9710024abf3b94cf8d76349", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_6": { + "locked": { + "lastModified": 1708475490, + "narHash": "sha256-g1v0TsWBQPX97ziznfJdWhgMyMGtoBFs102xSYO4syU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0e74ca98a74bc7270d28838369593635a5db3260", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1721303309, + "narHash": "sha256-/+Yw4tW/mcTRKmkEAO64ObzCQClpSUZpk2flUD9GDHE=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7e2fb8e0eb807e139d42b05bf8e28da122396bed", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1709309926, + "narHash": "sha256-VZFBtXGVD9LWTecGi6eXrE0hJ/mVB3zGUlHImUs2Qak=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "79baff8812a0d68e24a836df0a364c678089e2c7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1721379653, + "narHash": "sha256-8MUgifkJ7lkZs3u99UDZMB4kbOxvMEXQZ31FO3SopZ0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1d9c2c9b3e71b9ee663d11c5d298727dace8d374", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nur": { + "locked": { + "lastModified": 1721493515, + "narHash": "sha256-l8XIL7n0zQ0Rkwr9x+6Hkfml1O+hvlagcM8xqws8cy0=", + "owner": "nix-community", + "repo": "NUR", + "rev": "cd04c57aa89f999c964378ba250f023919c13036", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "NUR", + "type": "github" + } + }, + "polybar-themes": { + "flake": false, + "locked": { + "lastModified": 1719673248, + "narHash": "sha256-zDh8jE6SOeRjAYqXgzAOnu6bo5Om5wJysWUzqw0Wuiw=", + "owner": "adi1090x", + "repo": "polybar-themes", + "rev": "39c73cc1a993816f0b4fb251d242632fe8c51bb7", + "type": "github" + }, + "original": { + "owner": "adi1090x", + "repo": "polybar-themes", + "type": "github" + } + }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": [ + "nixos-rk3588" + ], + "flake-utils": [ + "nixos-rk3588", + "flake-utils" + ], + "gitignore": "gitignore_3", + "nixpkgs": [ + "nixos-rk3588", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nixos-rk3588", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1702456155, + "narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore_2", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, + "root": { + "inputs": { + "agenix": "agenix", + "disko": "disko", + "flake-parts": "flake-parts", + "git-hooks": "git-hooks", + "helix": "helix", + "homix": "homix", + "impermanence": "impermanence", + "kmonad": "kmonad", + "lanzaboote": "lanzaboote", + "microvm": "microvm", + "nix-darwin": "nix-darwin", + "nix-gaming": "nix-gaming", + "nixos-cn": "nixos-cn", + "nixos-generators": "nixos-generators", + "nixos-hardware": "nixos-hardware", + "nixos-rk3588": "nixos-rk3588", + "nixpkgs": "nixpkgs_9", + "nixpkgs-darwin": "nixpkgs-darwin", + "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-wayland": "nixpkgs-wayland", + "nur": "nur", + "polybar-themes": "polybar-themes", + "waybar": "waybar", + "wrapper-manager": "wrapper-manager" + } + }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "agenix", + "flake-utils" + ], + "nixpkgs": [ + "agenix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1708740535, + "narHash": "sha256-NCTw235XwSDbeTAtAwg/hOeNOgwYhVq7JjDdbkOgBeA=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "9b24383d77f598716fa0cbb8b48c97249f5ee1af", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "flake-utils": [ + "helix", + "flake-utils" + ], + "nixpkgs": [ + "helix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709604635, + "narHash": "sha256-le4fwmWmjGRYWwkho0Gr7mnnZndOOe4XGbLw68OvF40=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "e86c0fb5d3a22a5f30d7f64ecad88643fe26449d", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_3": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1718504420, + "narHash": "sha256-F2HT/abCfr0CDpkvXwYCscJyD66XDTLMVfdrIMRp2ck=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "0043c3f92304823cc2c0a4354b0feaa61dfb4cd9", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "spectrum": { + "flake": false, + "locked": { + "lastModified": 1708358594, + "narHash": "sha256-e71YOotu2FYA67HoC/voJDTFsiPpZNRwmiQb4f94OxQ=", + "ref": "refs/heads/main", + "rev": "6d0e73864d28794cdbd26ab7b37259ab0e1e044c", + "revCount": 614, + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + }, + "original": { + "type": "git", + "url": "https://spectrum-os.org/git/spectrum" + } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_5": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "treefmt-nix": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1720930114, + "narHash": "sha256-VZK73b5hG5bSeAn97TTcnPjXUXtV7j/AtS4KN8ggCS0=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "b92afa1501ac73f1d745526adc4f89b527595f14", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, + "umu": { + "inputs": { + "nixpkgs": [ + "nix-gaming", + "nixpkgs" + ] + }, + "locked": { + "dir": "packaging/nix", + "lastModified": 1721334103, + "narHash": "sha256-WRfHP1Ud5koDOctnbCEitT3aC5P+dxBioXAPvqLofP0=", + "ref": "refs/heads/main", + "rev": "845da38a0088a2c6325be9fa4fb9ab542db3887f", + "revCount": 677, + "submodules": true, + "type": "git", + "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" + }, + "original": { + "dir": "packaging/nix", + "submodules": true, + "type": "git", + "url": "https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging/nix" + } + }, + "waybar": { + "inputs": { + "flake-compat": "flake-compat_4", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1721492166, + "narHash": "sha256-cEDdT5YGkVCGjA+LU4801SeYYMleE650xmEqHqJKqyI=", + "owner": "alexays", + "repo": "waybar", + "rev": "cb8fc1c10d32f719c3a41a26efa780f9fb6145ad", + "type": "github" + }, + "original": { + "owner": "alexays", + "repo": "waybar", + "type": "github" + } + }, + "wrapper-manager": { + "inputs": { + "nixpkgs": "nixpkgs_11" + }, + "locked": { + "lastModified": 1720446604, + "narHash": "sha256-RZ+Q04NnblBGq5nQAXiKcn69Gh87RqUjpl7mAk6BzSQ=", + "owner": "viperML", + "repo": "wrapper-manager", + "rev": "e1584a27f947c5a5d208c06ffcce09f13a3bd9a9", + "type": "github" + }, + "original": { + "owner": "viperML", + "repo": "wrapper-manager", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..83699f3 --- /dev/null +++ b/flake.nix @@ -0,0 +1,82 @@ +# heavily inspired by https://github.com/ryan4yin/nix-config +{ + description = "Master flake"; + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.05"; + nixpkgs-darwin.url = "github:nixos/nixpkgs/nixpkgs-24.05-darwin"; + nix-darwin = { + url = "github:lnl7/nix-darwin"; + inputs.nixpkgs.follows = "nixpkgs-darwin"; + }; + nixos-hardware.url = "github:nixos/nixos-hardware/master"; + #secure book + lanzaboote.url = "github:nix-community/lanzaboote"; + # choose files to wipe on reboot + impermanence.url = "github:nix-community/impermanence"; + nixpkgs-wayland = { + url = "github:nix-community/nixpkgs-wayland"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nixos-generators = { + url = "github:nix-community/nixos-generators"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + agenix = { + url = "github:yaxitech/ragenix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + nix-gaming.url = "github:fufexan/nix-gaming"; + disko = { + url = "github:nix-community/disko"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + git-hooks = { + url = "github:cachix/git-hooks.nix"; + }; + # haumea = { + # url = "github:nix-community/haumea"; + # }; + microvm = { + url = "github:astro/microvm.nix"; + }; + nixos-cn = { + url = "github:nixos-cn/flakes"; + # 强制 nixos-cn 和该 flake 使用相同版本的 nixpkgs + inputs.nixpkgs.follows = "nixpkgs"; + }; + nur.url = "github:nix-community/NUR"; + + wrapper-manager.url = "github:viperML/wrapper-manager"; + + flake-parts.url = "github:hercules-ci/flake-parts"; + + homix = { + url = "github:homix-community/homix"; + }; + kmonad.url = "github:kmonad/kmonad?dir=nix"; + helix.url = "github:helix-editor/helix"; + waybar = { + url = "github:alexays/waybar"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + ############# non flakes ############ + + polybar-themes = { + url = "github:adi1090x/polybar-themes"; + flake = false; + }; + + ########### secrets ################# + # mysecrets = { + # url = "git+ssh://git@git.sortug.com/polwex/nix-secrets.git"; + # flake = false; + # }; + ########### this fucking guy ######## + + nixos-rk3588.url = "github:ryan4yin/nixos-rk3588"; + }; + outputs = inputs: import ./outputs.nix inputs; +} diff --git a/hosts/adguard.nix b/hosts/adguard.nix new file mode 100644 index 0000000..c956189 --- /dev/null +++ b/hosts/adguard.nix @@ -0,0 +1,17 @@ +{...}: +{ + services.adguardhome = { + enable = true; + openFirewall = true; + settings = { + bind_port: 3001; + dns = { + bind_host = "0.0.0.0"; + bootstrap_dns = [ + "1.1.1.1" + "1.0.0.1" + ]; + }; + }; + }; +} diff --git a/hosts/android.nix b/hosts/android.nix new file mode 100644 index 0000000..6abf253 --- /dev/null +++ b/hosts/android.nix @@ -0,0 +1,40 @@ +{pkgs, ...}: let + androidComposition = pkgs.androidenv.composeAndroidPackages { + # cmdLineToolsVersion = "8.0"; + # toolsVersion = "26.1.1"; + # platformToolsVersion = "34.0.0"; + # buildToolsVersions = [ "34.0.0" ]; + # includeEmulator = false; + # emulatorVersion = "30.3.4"; + # platformVersions = [ "28" "29" "30" ]; + # includeSources = false; + # includeSystemImages = false; + # systemImageTypes = [ "google_apis_playstore" ]; + # abiVersions = [ "armeabi-v7a" "arm64-v8a" ]; + # cmakeVersions = [ "3.10.2" ]; + # includeNDK = true; + # ndkVersions = ["22.0.7026061"]; + # useGoogleAPIs = false; + # useGoogleTVAddOns = false; + # includeExtras = [ + # "extras;google;gcm" + # ]; + }; +in { + # allow unfree + environment.systemPackages = [ + pkgs.android-studio-full + androidComposition.androidsdk + ]; + services.udev.packages = [ + pkgs.android-udev-rules + ]; + programs.adb.enable = true; + users.users.y.extraGroups = ["adbusers" "kvm"]; + environment.variables = { + ANDROID_HOME = "${androidComposition.androidsdk}/libexec/android-sdk"; + LOL = "LMAO"; + }; + + nixpkgs.config.android_sdk.accept_license = true; +} diff --git a/hosts/base.nix b/hosts/base.nix new file mode 100644 index 0000000..e1e421b --- /dev/null +++ b/hosts/base.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + unfreePkgs, + ... +}: { + # enable flakes + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + settings = { + keep-outputs = true; + keep-derivations = true; + }; + }; + + #direnv + # programs.direnv.enable = true; +} diff --git a/hosts/cloud/bkk/configuration.nix b/hosts/cloud/bkk/configuration.nix new file mode 100644 index 0000000..42f6b2c --- /dev/null +++ b/hosts/cloud/bkk/configuration.nix @@ -0,0 +1,49 @@ +{ modulesPath, lib, pkgs, ... }: +{ + imports = [ + ./hardware-configuration.nix + ./nginx.nix + ]; + boot = { + loader.grub = { + enable = true; + device = "/dev/vda"; + }; + }; + users.users.root.openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + + # enable flakes + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + settings = { + keep-outputs = true; + keep-derivations = true; + }; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; + # ports = [5522]; + }; + networking = { + hostName = "yn-bkk"; # use Digital Ocean metadata server + }; + networking.firewall = { + enable = false; + # allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + }; + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://n.urbit.men"; + listen-http = ":8090"; + }; + }; + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/cloud/bkk/hardware-configuration.nix b/hosts/cloud/bkk/hardware-configuration.nix new file mode 100644 index 0000000..736857a --- /dev/null +++ b/hosts/cloud/bkk/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/22436064-dc92-4aea-8e58-0dc2ce872baa"; + fsType = "ext4"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/9726a4b6-5c40-4863-9a21-07f0100dea8d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens6.useDHCP = lib.mkDefault true; + # networking.interfaces.ens7.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/bkk/nginx.nix b/hosts/cloud/bkk/nginx.nix new file mode 100644 index 0000000..f948e0e --- /dev/null +++ b/hosts/cloud/bkk/nginx.nix @@ -0,0 +1,62 @@ +{ config, pkgs, ... }: { + + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@urbit.cam"; + services.nginx = { + enable = true; + virtualHosts."u.urbit.men" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."n.urbit.men" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8090"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + # virtualHosts."t.urbit.men" = { + # enableACME = true; + # forceSSL = true; + # locations."/" = { + # proxyPass = "http://127.0.0.1:8081"; + # # proxyWebsockets = true; # needed if you need to use WebSocket + # extraConfig = '' + # proxy_set_header Host $host; + # proxy_set_header Forwarded $proxy_add_x_forwarded_for; + # ''; + # }; + # extraConfig = '' + # chunked_transfer_encoding off; + # proxy_http_version 1.1; + # proxy_buffering off; + # proxy_cache off; + # ''; + # }; + }; +} diff --git a/hosts/cloud/flake.lock b/hosts/cloud/flake.lock new file mode 100644 index 0000000..7b53099 --- /dev/null +++ b/hosts/cloud/flake.lock @@ -0,0 +1,48 @@ +{ + "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1719401812, + "narHash": "sha256-QONBQ/arBsKZNJuSd3sMIkSYFlBoRJpvf1jGlMfcOuI=", + "owner": "nix-community", + "repo": "disko", + "rev": "b6a1262796b2990ec3cc60bb2ec23583f35b2f43", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1719379843, + "narHash": "sha256-u+D+IOAMMl70+CJ9NKB+RMrASjInuIWMHzjLWQjPZ6c=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3f3c1b13fb08f3828442ee86630362e81136bbc", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "disko": "disko", + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/cloud/flake.nix b/hosts/cloud/flake.nix new file mode 100644 index 0000000..84ad8d0 --- /dev/null +++ b/hosts/cloud/flake.nix @@ -0,0 +1,67 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + inputs.disko.url = "github:nix-community/disko"; + inputs.disko.inputs.nixpkgs.follows = "nixpkgs"; + + outputs = { nixpkgs, disko, ... }: + { + nixosConfigurations.sortug = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./sortug/configuration.nix + ./packages.nix + ./users.nix + ]; + }; + nixosConfigurations.osortug = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./oldsortug/configuration.nix + ./packages.nix + ./users.nix + ]; + }; + nixosConfigurations.jeet = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./jeet/configuration.nix + # ./packages.nix + ./users.nix + ]; + }; + nixosConfigurations.bkk = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./bkk/configuration.nix + ./packages.nix + ./users.nix + ]; + }; + nixosConfigurations.sing = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./sing/configuration.nix + ./packages.nix + ./users.nix + ./sing/omail.nix + ./sing/nginx.nix + ./sing/jellyfin.nix + ]; + }; + nixosConfigurations.spanmail= nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./spanm/configuration.nix + ./spanm/users.nix + ./spanm/mail.nix + ./spanm/packages.nix + ./spanm/nginx.nix + ]; + }; + }; +} diff --git a/hosts/cloud/install-script.sh b/hosts/cloud/install-script.sh new file mode 100644 index 0000000..1f9a54e --- /dev/null +++ b/hosts/cloud/install-script.sh @@ -0,0 +1,170 @@ +# The disk that will be used +# NOTE: If installing on an nvme drive (ie: /dev/nvme0n1), you'll need to replace all occurrences of ${DISK}# with ${DISK}p# where # is the partition number. +# Don't forget to also replace all occurences of $(echo $DISK | cut -f1 -d\ )# with $(echo $DISK | cut -f1 -d\ )p# +export DISK='/dev/vda' + +export LUKS_KEY_DISK=cryptkey +export KEYFILE_LOCATION=/cryptkey +export KEY_DISK=/dev/mapper/cryptkey + +# we use parted here since it does a good job with adding BIOS protective MBR to GPT disk +# since we are booting in BIOS mode, we get a max of 4 primary partitions +# BIOS MBR partition (1MB) +# /boot partition (1GB) +# LUKS key partition (20MB) +# LUKS swap partition (2GB) +# ZFS root partition (Remaining space) +# NOTE: Make the ZFS root partition your last partition, so that if you resize the disk it will be easy to get ZFS to use the extra space +parted --script $DISK mklabel gpt +parted --script --align optimal $DISK -- mklabel gpt mkpart 'BIOS-boot' 1MB 2MB set 1 bios_grub on mkpart 'boot' 2MB 1026MB mkpart 'luks-key' 1026MB 1046MB mkpart 'luks-swap' 1046MB 3094MB mkpart 'zfs-pool' 3094MB '100%' + +# tr -d '\n' < /dev/urandom | dd of=/dev/disk/by-partlabel/key +# Create an encrypted disk to hold our key, the key to this drive +# is what you'll type in to unlock the rest of your drives... so, +# remember it: +export DISK1_KEY=$(echo $DISK | cut -f1 -d\ )3 +cryptsetup luksFormat $DISK1_KEY +cryptsetup luksOpen $DISK1_KEY cryptkey + +# Write the key right to the decrypted LUKS partition, as raw bytes +echo "" > newline +dd if=/dev/zero bs=1 count=1 seek=1 of=newline +dd if=/dev/urandom bs=32 count=1 | od -A none -t x | tr -d '[:space:]' | cat - newline > hdd.key +dd if=/dev/zero of=$KEY_DISK +dd if=hdd.key of=$KEY_DISK +dd if=$KEY_DISK bs=64 count=1 + +# Format swap as encrypted LUKS and mount the partition +export DISK1_SWAP=$(echo $DISK | cut -f1 -d\ )4 +cryptsetup luksFormat --key-file=$KEY_DISK --keyfile-size=64 $DISK1_SWAP +cryptsetup open --key-file=$KEY_DISK --keyfile-size=64 $DISK1_SWAP cryptswap +mkswap /dev/mapper/cryptswap +swapon /dev/mapper/cryptswap + +# Create root pool +zpool create -f \ + -o ashift=12 \ + -o autotrim=on \ + -R /mnt \ + -O acltype=posixacl \ + -O compression=zstd \ + -O dnodesize=auto \ + -O normalization=formD \ + -O xattr=sa \ + -O atime=off \ + -O canmount=off \ + -O mountpoint=none \ + -O encryption=aes-256-gcm \ + -O keylocation=file://$KEY_DISK \ + -O keyformat=hex \ + rpool \ + ${DISK}5 + +# Create root system containers +zfs create \ + -o canmount=off \ + -o mountpoint=none \ + rpool/local +zfs create \ + -o canmount=off \ + -o mountpoint=none \ + rpool/safe + +# Create and mount dataset for `/` +zfs create -p -o mountpoint=legacy rpool/local/root +# Create a blank snapshot +zfs snapshot rpool/local/root@blank +# Mount root ZFS dataset +mount -t zfs rpool/local/root /mnt + +# Create and mount dataset for `/nix` +zfs create -p -o mountpoint=legacy rpool/local/nix +mkdir -p /mnt/nix +mount -t zfs rpool/local/nix /mnt/nix + +# Create and mount dataset for `/home` +zfs create -p -o mountpoint=legacy rpool/safe/home +mkdir -p /mnt/home +mount -t zfs rpool/safe/home /mnt/home + +# Create and mount dataset for `/persist` +zfs create -p -o mountpoint=legacy rpool/safe/persist +mkdir -p /mnt/persist +mount -t zfs rpool/safe/persist /mnt/persist + +# Create and mount dataset for `/services` +zfs create -p -o mountpoint=legacy rpool/safe/services +mkdir -p /mnt/services +mount -t zfs rpool/safe/services /mnt/services + +# create and mount boot partition +mkdir -p /mnt/boot +mkfs.vfat -F32 $(echo $DISK | cut -f1 -d\ )2 +mount -t vfat $(echo $DISK | cut -f1 -d\ )2 /mnt/boot + +# Generate initial system configuration +nixos-generate-config --root /mnt + +export CRYPTKEY="$(blkid -o export "$DISK1_KEY" | grep "^UUID=")" +export CRYPTKEY="${CRYPTKEY#UUID=*}" + +export CRYPTSWAP="$(blkid -o export "$DISK1_SWAP" | grep "^UUID=")" +export CRYPTSWAP="${CRYPTSWAP#UUID=*}" + +export RPOOL_PARTUUID="$(blkid -o export $(echo $DISK | cut -f1 -d\ )5 | grep "^PARTUUID=")" +export RPOOL_PARTUUID="${RPOOL_PARTUUID#PARTUUID=*}" + +# Import ZFS/boot-specific configuration +sed -i "s|./hardware-configuration.nix|./hardware-configuration.nix ./boot.nix|g" /mnt/etc/nixos/configuration.nix + +# Set root password +export rootPwd=$(mkpasswd -m SHA-512 -s "VerySecurePassword") +# Write boot.nix configuration +tee -a /mnt/etc/nixos/boot.nix <.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens18.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/oldsortug/configuration.nix b/hosts/cloud/oldsortug/configuration.nix new file mode 100644 index 0000000..1c1866e --- /dev/null +++ b/hosts/cloud/oldsortug/configuration.nix @@ -0,0 +1,46 @@ +{ modulesPath, lib, ... }: +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + ./hardware-configuration.nix + ./gitea.nix + ./nginx.nix + ./coturn.nix + ]; + boot = { + growPartition = true; + kernelParams = [ "console=ttyS0" "panic=1" "boot.panic_on_fail" ]; + initrd.kernelModules = [ "virtio_scsi" ]; + kernelModules = [ "virtio_pci" "virtio_net" ]; + loader = { + grub.device = "/dev/sda"; + timeout = 0; + grub.configurationLimit = 0; + }; + }; + services.openssh = { + enable = true; + passwordAuthentication = false; + ports = [5522]; + }; + services.do-agent.enable = true; + networking = { + hostName = "sortug"; # use Digital Ocean metadata server + }; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; + allowedUDPPorts = [ 40308 80 443 53 51820 5522 + 50000 + 50001 + 50002 + 50003 + 50004 + 50005 + 50006 + 50007 + 50008 + 50009 + 50010 + ]; + }; +} diff --git a/hosts/cloud/oldsortug/coturn.nix b/hosts/cloud/oldsortug/coturn.nix new file mode 100644 index 0000000..aaf097c --- /dev/null +++ b/hosts/cloud/oldsortug/coturn.nix @@ -0,0 +1,60 @@ +{ ... }: + +{ + services.coturn = { + enable = true; + lt-cred-mech = true; + # use-auth-secret = true; + # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC"; + realm = "turn.sortug.com"; + # relay-ips = [ + # "" + # ]; + # no-tcp-relay = true; + extraConfig = " + cipher-list=\"HIGH\" + no-loopback-peers + no-multicast-peers + "; + # secure-stun = true; + cert = "/var/lib/acme/turn.sortug.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.sortug.com/key.pem"; + min-port = 49152; + max-port = 49999; + }; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + allowPing = false; + allowedTCPPorts = [ + 5349 # STUN tls + 5350 # STUN tls alt + 80 # http + 443 # https + ]; + allowedUDPPortRanges = [ + { from=49152; to=49999; } # TURN relay + ]; + }; + + # setup certs + services.nginx = { + enable = true; + virtualHosts = { + "turn.sortug.com" = { + forceSSL = true; + enableACME = true; + }; + }; + }; + users.groups.turnserver.members = ["nginx" "coturn"]; + + # share certs with coturn and restart on renewal + security.acme.certs = { + "turn.sortug.com" = { + postRun = "systemctl reload nginx.service; systemctl restart coturn.service"; + }; + }; +} + diff --git a/hosts/cloud/oldsortug/gitea.nix b/hosts/cloud/oldsortug/gitea.nix new file mode 100644 index 0000000..a25773a --- /dev/null +++ b/hosts/cloud/oldsortug/gitea.nix @@ -0,0 +1,27 @@ +{ config, ...}: +{ + services.gitea = { + enable = true; + user = "git"; + appName = "Sortug Git"; + settings.server = { + domain = "git.sortug.com"; + ROOT_URL = "https://git.sortug.com/"; + SSH_PORT = 5522; + }; + lfs.enable = true; + }; + + users.users = { + git = { + description = "Gitea Service"; + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + }; + + + +} diff --git a/hosts/cloud/oldsortug/hardware-configuration.nix b/hosts/cloud/oldsortug/hardware-configuration.nix new file mode 100644 index 0000000..f46db2a --- /dev/null +++ b/hosts/cloud/oldsortug/hardware-configuration.nix @@ -0,0 +1,31 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/32e438fa-ead6-47d5-8ebe-75f6b1d0c1a6"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/cloud/oldsortug/nginx.nix b/hosts/cloud/oldsortug/nginx.nix new file mode 100644 index 0000000..ba64539 --- /dev/null +++ b/hosts/cloud/oldsortug/nginx.nix @@ -0,0 +1,21 @@ +{ ... }: { + + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@sortug.com"; + users.users.y.homeMode = "750"; + services.nginx = { + enable = true; + virtualHosts."old.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + # actually important + }; + }; + }; +} diff --git a/hosts/cloud/oldsortug/packages.nix b/hosts/cloud/oldsortug/packages.nix new file mode 100644 index 0000000..6985acb --- /dev/null +++ b/hosts/cloud/oldsortug/packages.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + neovim + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + glibcLocales + gnumake + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + skim # High-powered fuzzy finder written in Rust + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + caddy # simple web server made with go + innernet + + # s3 + minio + # databases + # postgresql + # sqlite + ]; +} + diff --git a/hosts/cloud/oldsortug/users.nix b/hosts/cloud/oldsortug/users.nix new file mode 100644 index 0000000..b3515c1 --- /dev/null +++ b/hosts/cloud/oldsortug/users.nix @@ -0,0 +1,56 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; +# plugins = [{ +# name="foreign-env"; +# src = pkgs.fetchFromGitHub { +# owner = "oh-my-fish"; +# repo = "plugin-foreign-env"; +# rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; +# sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; +# }; +# }]; +}; + + users = { + extraUsers = { + y = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + }; +# urbit = { +# group = "users"; +# isNormalUser = true; +# createHome = true; +# isSystemUser = false; +# openssh.authorizedKeys.keys = +# [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/VzXbaX1CLqQfPCkRdMHzAKsbS//2B0qlw3ROnR74tgl7jrBP2qeYhydcNECqC5WWO+KLZrbOWdVLATLW6z6oLlMx6E6WCfRVx/F7coMd/FBYqHwJ2Z1PbG0YSjWH07GyVYU2Nc9HfW459aXpGQ2LlTjYP14i7DqvSesCIkfbPfHzwAkyDxj4oIMXS3LMQlh4u69YKoXS/LPU+1Qv+bT5alRc2Uw+/9/q1IfDDxIiKqt3EVNEM6p5QssXtlFhk0+7zXRApWbpYLbjAVHDHbFoPAXeKLQvpgnz1K84fOGNlXj9nISYfDba8NVWQbetKnVxmQNDUKk3jOcBFmjgHvYv pkova@Pyrys-MacBook-Pro.local" ]; +# }; + }; + }; +} + + + diff --git a/hosts/cloud/packages.nix b/hosts/cloud/packages.nix new file mode 100644 index 0000000..fe7065b --- /dev/null +++ b/hosts/cloud/packages.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + helix + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + glibcLocales + gnumake + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + skim # High-powered fuzzy finder written in Rust + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + caddy # simple web server made with go + innernet + + # s3 + minio + # streaming + ffmpeg_5 + # databases + # postgresql + # sqlite + ]; +} + diff --git a/hosts/cloud/sing/configuration.nix b/hosts/cloud/sing/configuration.nix new file mode 100644 index 0000000..8428b10 --- /dev/null +++ b/hosts/cloud/sing/configuration.nix @@ -0,0 +1,38 @@ +{ modulesPath, pkgs, ... }: +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ]; + boot.loader.grub = { + efiSupport = true; + }; + + # enable flakes + nix = { + package = pkgs.nixFlakes; + extraOptions = '' + experimental-features = nix-command flakes + ''; + settings = { + keep-outputs = true; + keep-derivations = true; + }; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; + ports = [5522]; + }; + services.do-agent.enable = true; + networking = { + hostName = "yagonet-sing"; # use Digital Ocean metadata server + }; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 993 465 40308 80 443 53 51820 5522 ]; + allowedUDPPorts = [ 993 465 40308 80 443 53 50000 50001 50002 50003 50004 50005 50006 50007 50008 50009 50010 51820 5522 ]; + }; +} diff --git a/hosts/cloud/sing/disk-config.nix b/hosts/cloud/sing/disk-config.nix new file mode 100644 index 0000000..d1a1d90 --- /dev/null +++ b/hosts/cloud/sing/disk-config.nix @@ -0,0 +1,52 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ +# Disk /dev/sda: 200 GiB, 214748364800 bytes, 419430400 sectors +# Disk model: QEMU HARDDISK +# Units: sectors of 1 * 512 = 512 bytes +# Sector size (logical/physical): 512 bytes / 512 bytes +# I/O size (minimum/optimal): 512 bytes / 512 bytes +# Disklabel type: gpt +# Disk identifier: CED6435C-56EF-4699-BEE9-19280C444BCA +# +# Device Start End Sectors Size Type +# /dev/sda1 2048 4095 2048 1M BIOS boot +# /dev/sda2 4096 4194303 4190208 2G Linux filesystem +# /dev/sda3 4194304 419428351 415234048 198G Linux filesystem +# + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; # Allocates the remainder of the disk, minus the sizes of the other partitions + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cloud/sing/hardware-configuration.nix b/hosts/cloud/sing/hardware-configuration.nix new file mode 100644 index 0000000..04d76e5 --- /dev/null +++ b/hosts/cloud/sing/hardware-configuration.nix @@ -0,0 +1,20 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eth0.useDHCP = lib.mkDefault true; + + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/cloud/sing/init.nix b/hosts/cloud/sing/init.nix new file mode 100644 index 0000000..361fac8 --- /dev/null +++ b/hosts/cloud/sing/init.nix @@ -0,0 +1,42 @@ +{ modulesPath, config, lib, pkgs, ... }: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + (modulesPath + "/profiles/qemu-guest.nix") + ./disk-config.nix + ]; + + # boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.loader.grub = { + # no need to set devices, disko will add all devices that have a EF02 partition to the list already + # devices = [ ]; + efiSupport = true; + efiInstallAsRemovable = true; + }; + services.openssh = { + enable = true; + }; + + users.users.root.initialHashedPassword = "$y$j9T$pCnKvY2ASrwPgAlZhqK9A/$Ro7mKqBTHjKhn5GN82fEUBNnUrdP.SxN9bBIl7QxY./"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q" + ]; + users.users.y = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + "networkmanager" + "input" + "uinput" + "docker" + ]; + createHome = true; + home = "/home/y"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" + ]; + }; + + system.stateVersion = "23.11"; +} diff --git a/hosts/cloud/sing/jellyfin.nix b/hosts/cloud/sing/jellyfin.nix new file mode 100644 index 0000000..c9c8b9e --- /dev/null +++ b/hosts/cloud/sing/jellyfin.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: { + + services.jellyfin = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/cloud/sing/mail.key b/hosts/cloud/sing/mail.key new file mode 100644 index 0000000..ece0485 --- /dev/null +++ b/hosts/cloud/sing/mail.key @@ -0,0 +1 @@ +$2b$05$iw93ciS7B.5DfqxQ4XcAVuXF5d9qksmlg0I7FmMMa8vb1JIxN1f1e diff --git a/hosts/cloud/sing/mail.nix b/hosts/cloud/sing/mail.nix new file mode 100644 index 0000000..09a070d --- /dev/null +++ b/hosts/cloud/sing/mail.nix @@ -0,0 +1,68 @@ +{ + mailserver = { + enable = true; + fqdn = "mail.sortug.com"; + domains = [ "sortug.com" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "zh@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "jp@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "th@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "bd@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "info@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "admin@sortug.com" = { # legal and banking + hashedPasswordFile = "/home/y/mail.key"; + }; + "internal@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "billing@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "polwex@sortug.com" = { + hashedPasswordFile = "/home/y/mail2.key"; + }; + "kinode@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "hosting@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "support@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@sortug.com"; + # services.roundcube = { + # enable = true; + # # this is the url of the vhost, not necessarily the same as the fqdn of + # # the mailserver + # hostName = "mail.sortug.com"; + # extraConfig = '' + # # starttls needed for authentication, so the fqdn required to match + # # the certificate + # $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + # $config['smtp_user'] = "%u"; + # $config['smtp_pass'] = "%p"; + # ''; + # }; + services.nginx.enable = true; +} diff --git a/hosts/cloud/sing/mail2.key b/hosts/cloud/sing/mail2.key new file mode 100644 index 0000000..ba2fd93 --- /dev/null +++ b/hosts/cloud/sing/mail2.key @@ -0,0 +1 @@ +$2b$05$RDNpiqLeEGZjCb0z13R0tenPIr/r1ps1LPmIbGRkdSSmvFwgCVm6i diff --git a/hosts/cloud/sing/nginx.nix b/hosts/cloud/sing/nginx.nix new file mode 100644 index 0000000..501c4ee --- /dev/null +++ b/hosts/cloud/sing/nginx.nix @@ -0,0 +1,129 @@ +{ config, pkgs, ... }: { + + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@urbit.cam"; + services.nginx = { + enable = true; + virtualHosts."s.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8081"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."h.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."f.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8082"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."b.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8083"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + }; + virtualHosts."k.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8084"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + }; + virtualHosts."j.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8096"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + }; + virtualHosts."hls.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + root = "/var/www/hls"; + extraConfig = '' + add_header Cache-control no-cache; + add_header Access-Control-Allow-Origin *; + types { + application/vnd.apple.mpegurl m3u8; + video/mp2t ts; + } + ''; + }; + }; + virtualHosts."leo.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8090"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."sayu.urbit.cam" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8091"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + chunked_transfer_encoding off; + proxy_http_version 1.1; + proxy_buffering off; + proxy_cache off; + ''; + }; + }; +} diff --git a/hosts/cloud/sing/omail.nix b/hosts/cloud/sing/omail.nix new file mode 100644 index 0000000..ccbc847 --- /dev/null +++ b/hosts/cloud/sing/omail.nix @@ -0,0 +1,79 @@ +{ config, lib, ... }: { + imports = [ + (builtins.fetchTarball { + # Pick a release version you are interested in and set its hash, e.g. + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8"; + }) + ]; + + services.dovecot2.sieve.extensions = [ "fileinto" ]; + mailserver = { + enable = true; + fqdn = "mail.sortug.com"; + domains = [ "sortug.com" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "zh@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "jp@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "th@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "bd@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "info@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "admin@sortug.com" = { # legal and banking + hashedPasswordFile = "/home/y/mail.key"; + }; + "internal@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "billing@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "polwex@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "kinode@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "hosting@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + "support@sortug.com" = { + hashedPasswordFile = "/home/y/mail.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = lib.mkForce "security@sortug.com"; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.sortug.com"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.enable = true; +} diff --git a/hosts/cloud/sing/packages.nix b/hosts/cloud/sing/packages.nix new file mode 100644 index 0000000..6985acb --- /dev/null +++ b/hosts/cloud/sing/packages.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + neovim + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + glibcLocales + gnumake + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + skim # High-powered fuzzy finder written in Rust + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + caddy # simple web server made with go + innernet + + # s3 + minio + # databases + # postgresql + # sqlite + ]; +} + diff --git a/hosts/cloud/sing/users.nix b/hosts/cloud/sing/users.nix new file mode 100644 index 0000000..4d455ee --- /dev/null +++ b/hosts/cloud/sing/users.nix @@ -0,0 +1,40 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; + }; + + users = { + users = { + y = { + hashedPassword = "$y$j9T$KLRxiAIFO2yLoalaeSmjg/$ZzEQbGvVmRJ6gESNxNuRchNcx0V01QpCxnJVv5pdk/B"; + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + }; + }; + }; +} + + + diff --git a/hosts/cloud/sortug/configuration.nix b/hosts/cloud/sortug/configuration.nix new file mode 100644 index 0000000..da267f6 --- /dev/null +++ b/hosts/cloud/sortug/configuration.nix @@ -0,0 +1,90 @@ +{ modulesPath, lib, ... }: +{ + imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [ + ./hardware-configuration.nix + (modulesPath + "/installer/scan/not-detected.nix") + ./gitea.nix + ./nginx.nix + ./minio.nix + # ./coturn.nix + ./disk-config.nix + # ./mail.nix + ]; + + + boot = { + loader.grub.enable = true; + # loader.grub.device = "/dev/sda"; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; + ports = [5522]; + }; + + users.users.root.openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + + services.do-agent.enable = true; + networking = { + firewall.enable = false; + networkmanager.enable = true; + hostName = "sortug"; # use Digital Ocean metadata server + useDHCP = false; + interfaces.enp3s0.ipv4.addresses = [ + {address = "209.182.234.186"; prefixLength = 24;} + ]; + interfaces.enp3s0.ipv6.addresses = [ + {address = "2602:ff16:14:0:1:f7:0:1"; prefixLength = 64;} + ]; + defaultGateway = { + address = "209.182.234.1"; + interface = "enp3s0"; + }; + defaultGateway6 = { + address = "2602:ff16:14::1"; + interface = "enp3s0"; + }; + nameservers = [ + "8.8.8.8" + "8.8.4.4" + "2001:4860:4860::8888" + "2001:4860:4860::8844" + ]; + }; + + # curl https://raw.githubusercontent.com/elitak/nixos-infect/master/nixos-infect | NIX_CHANNEL=nixos-23.11 bash -x + + services.resolved = { + enable = true; + domains = + [ "2001:4860:4860::8888" "2001:4860:4860::8844" ]; + }; + + # networking.firewall = { + # enable = true; + # allowedTCPPorts = [ 40308 80 443 53 51820 5522 ]; + # allowedUDPPorts = [ 40308 80 443 53 51820 5522 + # 50000 + # 50001 + # 50002 + # 50003 + # 50004 + # 50005 + # 50006 + # 50007 + # 50008 + # 50009 + # 50010 + # ]; + # }; + services.ntfy-sh = { + enable = true; + settings = { + base-url = "https://ntfy.sortug.com"; + listen-http = ":8099"; + }; + }; + system.stateVersion = "24.05"; # Did you read the comment? +} diff --git a/hosts/cloud/sortug/coturn.nix b/hosts/cloud/sortug/coturn.nix new file mode 100644 index 0000000..aaf097c --- /dev/null +++ b/hosts/cloud/sortug/coturn.nix @@ -0,0 +1,60 @@ +{ ... }: + +{ + services.coturn = { + enable = true; + lt-cred-mech = true; + # use-auth-secret = true; + # static-auth-secret = "GHhc4i7Hwto0KxoDgNioYgWgkc1iLbEE8t45G6voTzD07vKvFsK6R4b8kShVZEhC"; + realm = "turn.sortug.com"; + # relay-ips = [ + # "" + # ]; + # no-tcp-relay = true; + extraConfig = " + cipher-list=\"HIGH\" + no-loopback-peers + no-multicast-peers + "; + # secure-stun = true; + cert = "/var/lib/acme/turn.sortug.com/fullchain.pem"; + pkey = "/var/lib/acme/turn.sortug.com/key.pem"; + min-port = 49152; + max-port = 49999; + }; + + # Open ports in the firewall. + networking.firewall = { + enable = true; + allowPing = false; + allowedTCPPorts = [ + 5349 # STUN tls + 5350 # STUN tls alt + 80 # http + 443 # https + ]; + allowedUDPPortRanges = [ + { from=49152; to=49999; } # TURN relay + ]; + }; + + # setup certs + services.nginx = { + enable = true; + virtualHosts = { + "turn.sortug.com" = { + forceSSL = true; + enableACME = true; + }; + }; + }; + users.groups.turnserver.members = ["nginx" "coturn"]; + + # share certs with coturn and restart on renewal + security.acme.certs = { + "turn.sortug.com" = { + postRun = "systemctl reload nginx.service; systemctl restart coturn.service"; + }; + }; +} + diff --git a/hosts/cloud/sortug/default.nix b/hosts/cloud/sortug/default.nix new file mode 100644 index 0000000..0307c7b --- /dev/null +++ b/hosts/cloud/sortug/default.nix @@ -0,0 +1,3 @@ +inputs: [ + ./configuration.nix +] diff --git a/hosts/cloud/sortug/disk-config.nix b/hosts/cloud/sortug/disk-config.nix new file mode 100644 index 0000000..75ae234 --- /dev/null +++ b/hosts/cloud/sortug/disk-config.nix @@ -0,0 +1,56 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%FREE"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + mountOptions = [ + "defaults" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/cloud/sortug/fetch/configuration.nix b/hosts/cloud/sortug/fetch/configuration.nix new file mode 100644 index 0000000..11b56bc --- /dev/null +++ b/hosts/cloud/sortug/fetch/configuration.nix @@ -0,0 +1,126 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + # i18n.defaultLocale = "en_US.UTF-8"; + # console = { + # font = "Lat2-Terminus16"; + # keyMap = "us"; + # useXkbConfig = true; # use xkb.options in tty. + # }; + + # Enable the X11 windowing system. + # services.xserver.enable = true; + + + + + # Configure keymap in X11 + # services.xserver.xkb.layout = "us"; + # services.xserver.xkb.options = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # hardware.pulseaudio.enable = true; + # OR + # services.pipewire = { + # enable = true; + # pulse.enable = true; + # }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.alice = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # packages = with pkgs; [ + # firefox + # tree + # ]; + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + # This option defines the first version of NixOS you have installed on this particular machine, + # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. + # + # Most users should NEVER change this value after the initial install, for any reason, + # even if you've upgraded your system to a new NixOS release. + # + # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, + # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how + # to actually do that. + # + # This value being lower than the current NixOS release does NOT mean your system is + # out of date, out of support, or vulnerable. + # + # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, + # and migrated your data accordingly. + # + # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . + system.stateVersion = "24.05"; # Did you read the comment? + +} + diff --git a/hosts/cloud/sortug/fetch/hardware-configuration.nix b/hosts/cloud/sortug/fetch/hardware-configuration.nix new file mode 100644 index 0000000..119faaf --- /dev/null +++ b/hosts/cloud/sortug/fetch/hardware-configuration.nix @@ -0,0 +1,24 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/gitea.nix b/hosts/cloud/sortug/gitea.nix new file mode 100644 index 0000000..a25773a --- /dev/null +++ b/hosts/cloud/sortug/gitea.nix @@ -0,0 +1,27 @@ +{ config, ...}: +{ + services.gitea = { + enable = true; + user = "git"; + appName = "Sortug Git"; + settings.server = { + domain = "git.sortug.com"; + ROOT_URL = "https://git.sortug.com/"; + SSH_PORT = 5522; + }; + lfs.enable = true; + }; + + users.users = { + git = { + description = "Gitea Service"; + home = "/var/lib/gitea"; + useDefaultShell = true; + group = "gitea"; + isSystemUser = true; + }; + }; + + + +} diff --git a/hosts/cloud/sortug/hardware-configuration.nix b/hosts/cloud/sortug/hardware-configuration.nix new file mode 100644 index 0000000..f219647 --- /dev/null +++ b/hosts/cloud/sortug/hardware-configuration.nix @@ -0,0 +1,17 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/hardware2.nix b/hosts/cloud/sortug/hardware2.nix new file mode 100644 index 0000000..beece7b --- /dev/null +++ b/hosts/cloud/sortug/hardware2.nix @@ -0,0 +1,29 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/profiles/qemu-guest.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_scsi" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + swapDevices = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bb9bdf23-2368-4452-988d-8b82e64b7fc4"; + fsType = "ext4"; + }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/sortug/legacy.nix b/hosts/cloud/sortug/legacy.nix new file mode 100644 index 0000000..98348ee --- /dev/null +++ b/hosts/cloud/sortug/legacy.nix @@ -0,0 +1,40 @@ +{ + disko.devices = { + disk = { + vdb = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "table"; + format = "gpt"; + partitions = [ + { + name = "ESP"; + start = "1M"; + end = "500M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + } + { + name = "root"; + start = "500M"; + end = "100%"; + part-type = "primary"; + bootable = true; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + } + ]; + }; + }; + }; + }; +} + diff --git a/hosts/cloud/sortug/minio.nix b/hosts/cloud/sortug/minio.nix new file mode 100644 index 0000000..13a5ff5 --- /dev/null +++ b/hosts/cloud/sortug/minio.nix @@ -0,0 +1,9 @@ +{...}: { + + services.minio = { + enable = true; + listenAddress = "127.0.0.1:9000"; + consoleAddress = "127.0.0.1:9001"; + rootCredentialsFile = /etc/nixos/minio-creds; + }; +} diff --git a/hosts/cloud/sortug/nginx.nix b/hosts/cloud/sortug/nginx.nix new file mode 100644 index 0000000..a3e5a85 --- /dev/null +++ b/hosts/cloud/sortug/nginx.nix @@ -0,0 +1,124 @@ +{ ... }: { + + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@sortug.com"; + services.nginx = { + enable = true; + virtualHosts."sortug.com" = { + enableACME = true; + forceSSL = true; + root = "/var/www/sortug"; + # root = "/home/y/www"; + }; + virtualHosts."cal.sortug.com" = { + enableACME = true; + forceSSL = true; + root = "/var/www/sorcal"; + # root = "/home/y/www"; + }; + virtualHosts."git.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."u.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8082"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + virtualHosts."p.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8083"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."ntfy.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8099"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."ustj.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8085"; + # proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header Forwarded $proxy_add_x_forwarded_for; + ''; + }; + extraConfig = '' + proxy_http_version 1.1; + chunked_transfer_encoding off; + proxy_buffering off; + proxy_cache off; + ''; + }; + virtualHosts."s3.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + # actually important + }; + }; + virtualHosts."s3c.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9001"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + }; + }; + # proxy_http_version 1.1; + # proxy_set_header Upgrade $http_upgrade; + # proxy_set_header Connection "Upgrade"; + virtualHosts."urbit.s3.sortug.com" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + }; + }; + }; +} diff --git a/hosts/cloud/sortug/packages.nix b/hosts/cloud/sortug/packages.nix new file mode 100644 index 0000000..6985acb --- /dev/null +++ b/hosts/cloud/sortug/packages.nix @@ -0,0 +1,53 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + neovim + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + glibcLocales + gnumake + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + skim # High-powered fuzzy finder written in Rust + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + caddy # simple web server made with go + innernet + + # s3 + minio + # databases + # postgresql + # sqlite + ]; +} + diff --git a/hosts/cloud/sortug/users.nix b/hosts/cloud/sortug/users.nix new file mode 100644 index 0000000..b3515c1 --- /dev/null +++ b/hosts/cloud/sortug/users.nix @@ -0,0 +1,56 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; +# plugins = [{ +# name="foreign-env"; +# src = pkgs.fetchFromGitHub { +# owner = "oh-my-fish"; +# repo = "plugin-foreign-env"; +# rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; +# sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; +# }; +# }]; +}; + + users = { + extraUsers = { + y = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + }; +# urbit = { +# group = "users"; +# isNormalUser = true; +# createHome = true; +# isSystemUser = false; +# openssh.authorizedKeys.keys = +# [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC/VzXbaX1CLqQfPCkRdMHzAKsbS//2B0qlw3ROnR74tgl7jrBP2qeYhydcNECqC5WWO+KLZrbOWdVLATLW6z6oLlMx6E6WCfRVx/F7coMd/FBYqHwJ2Z1PbG0YSjWH07GyVYU2Nc9HfW459aXpGQ2LlTjYP14i7DqvSesCIkfbPfHzwAkyDxj4oIMXS3LMQlh4u69YKoXS/LPU+1Qv+bT5alRc2Uw+/9/q1IfDDxIiKqt3EVNEM6p5QssXtlFhk0+7zXRApWbpYLbjAVHDHbFoPAXeKLQvpgnz1K84fOGNlXj9nISYfDba8NVWQbetKnVxmQNDUKk3jOcBFmjgHvYv pkova@Pyrys-MacBook-Pro.local" ]; +# }; + }; + }; +} + + + diff --git a/hosts/cloud/spanm/configuration.nix b/hosts/cloud/spanm/configuration.nix new file mode 100644 index 0000000..0ec8bf2 --- /dev/null +++ b/hosts/cloud/spanm/configuration.nix @@ -0,0 +1,66 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "spanmail"; # Define your hostname. + # + # Enable networking + networking.networkmanager.enable = true; + + networking.interfaces.ens160.ipv4.addresses = [ { + address = "185.32.214.66"; + prefixLength = 22; + } ]; + networking.defaultGateway = "185.32.212.1"; + + networking.nameservers = [ "185.32.212.3" ]; + + # Set your time zone. + time.timeZone = "Europe/Zurich"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" +]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + +} diff --git a/hosts/cloud/spanm/flake.lock b/hosts/cloud/spanm/flake.lock new file mode 100644 index 0000000..6bc7bd0 --- /dev/null +++ b/hosts/cloud/spanm/flake.lock @@ -0,0 +1,27 @@ +{ + "nodes": { + "nixpkgs": { + "locked": { + "lastModified": 1704008649, + "narHash": "sha256-rGPSWjXTXTurQN9beuHdyJhB8O761w1Zc5BqSSmHvoM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d44d59d2b5bd694cd9d996fd8c51d03e3e9ba7f7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixpkgs": "nixpkgs" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/cloud/spanm/flake.nix b/hosts/cloud/spanm/flake.nix new file mode 100644 index 0000000..b801212 --- /dev/null +++ b/hosts/cloud/spanm/flake.nix @@ -0,0 +1,16 @@ +{ + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + + outputs = { nixpkgs, ... }: + { + nixosConfigurations.spanmail = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./configuration.nix + ./users.nix + ./packages.nix + ./mail.nix + ]; + }; + }; +} diff --git a/hosts/cloud/spanm/hardware-configuration.nix b/hosts/cloud/spanm/hardware-configuration.nix new file mode 100644 index 0000000..fad27b2 --- /dev/null +++ b/hosts/cloud/spanm/hardware-configuration.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "ahci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/7a5731fc-56f0-4ce5-9dbe-dec8d1ba25db"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/066C-4E19"; + fsType = "vfat"; + }; + swapDevices = [ { + device = "/var/lib/swapfile"; + size = 4*1024; + } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.ens160.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; +} diff --git a/hosts/cloud/spanm/mail.nix b/hosts/cloud/spanm/mail.nix new file mode 100644 index 0000000..d020fec --- /dev/null +++ b/hosts/cloud/spanm/mail.nix @@ -0,0 +1,67 @@ +{ config, pkgs, ... }: { + imports = [ + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-23.11/nixos-mailserver-nixos-23.11.tar.gz"; + # To get the sha256 of the nixos-mailserver tarball, we can use the nix-prefetch-url command: + # release="nixos-23.05"; nix-prefetch-url "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/${release}/nixos-mailserver-${release}.tar.gz" --unpack + + sha256 = "122vm4n3gkvlkqmlskiq749bhwfd0r71v6vcmg1bbyg4998brvx8"; + }) + ]; + + services.dovecot2.sieve.extensions = [ "fileinto" ]; + mailserver = { + enable = true; + fqdn = "mail.spandrell.ch"; + domains = [ "spandrell.ch" ]; + + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "s@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "book@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "site@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "lol@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "sub@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "security@spandrell.ch" = { + hashedPasswordFile = "/home/span/mail.key"; + }; + "parallax@spandrell.ch" = { + hashedPassword = "$2y$12$RVCKyEwpPmQLznKOgtXiBOR3nRy5aT3rFMtypJiDe6xFPfi/r3TXq"; + }; + "finnem@spandrell.ch" = { + hashedPasswordFile = "/home/span/finnem.key"; + }; + }; + + # Use Let's Encrypt certificates. Note that this needs to set up a stripped + # down nginx and opens port 80. + certificateScheme = "acme-nginx"; + }; + security.acme.acceptTerms = true; + security.acme.defaults.email = "security@spandrell.ch"; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "mail.spandrell.ch"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; + services.nginx.enable = true; +} diff --git a/hosts/cloud/spanm/nginx.nix b/hosts/cloud/spanm/nginx.nix new file mode 100644 index 0000000..cda5ab4 --- /dev/null +++ b/hosts/cloud/spanm/nginx.nix @@ -0,0 +1,46 @@ +{ config, pkgs, ... }: { + + services.nginx = { + enable = true; + appendHttpConfig = '' + limit_req_zone $binary_remote_addr zone=blog:10m rate=10r/s; + ''; + virtualHosts."spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + limit_req zone=blog burst=20 nodelay; + proxy_set_header Host $Host; + proxy_set_header Forwarded for=$remote_addr; + ''; + }; + }; + virtualHosts."u.spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:8081"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + limit_req zone=blog burst=20 nodelay; + proxy_set_header Host $Host; + proxy_set_header Forwarded for=$remote_addr; + ''; + }; + }; + virtualHosts."s3.spandrell.ch" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; # needed if you need to use WebSocket + extraConfig = '' + proxy_set_header Host $Host; + ''; + }; + }; + }; +} diff --git a/hosts/cloud/spanm/packages.nix b/hosts/cloud/spanm/packages.nix new file mode 100644 index 0000000..6574071 --- /dev/null +++ b/hosts/cloud/spanm/packages.nix @@ -0,0 +1,47 @@ +{ config, pkgs, ... }: + +{ + nixpkgs.config = { + allowUnfree = true; + }; + + environment.systemPackages = with pkgs; [ + vim + helix + fish + # unix utilities + tmux + bat # cat replacement written in Rust + colordiff + direnv # Per-directory environment variables + lsd + fd # find replacement written in Rust + fzf # Fuzzy finder + git + htop # Resource monitoring + jq # JSON parsing for the CLI + lsof + ripgrep # grep replacement written in Rust + sd # Fancy sed replacement + silver-searcher + strace # debug stack trace + tealdeer # tldr for various shell tools + testdisk + tokei # Handy tool to see lines of code by language + watchexec # Fileystem watcher/executor useful for speedy development + xsv # CSV file parsing utility + just # Intriguing new make replacement + mdcat # Markdown converter/reader for the CLI + tree + unzip + zip + + # networking + curl + wget + + minio + ncdu + ]; +} + diff --git a/hosts/cloud/spanm/users.nix b/hosts/cloud/spanm/users.nix new file mode 100644 index 0000000..60e3a5a --- /dev/null +++ b/hosts/cloud/spanm/users.nix @@ -0,0 +1,42 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; + }; + + users = { + users = { + span = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "networkmanager" + "systemd-journal" + "wheel" + ]; + createHome = true; + home = "/home/span"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKD2DxTdE7vekp+BTifuB9gPoIPdaFSGkgVblA5MbTh" + ]; + }; + }; + }; +} + + + diff --git a/hosts/cloud/users.nix b/hosts/cloud/users.nix new file mode 100644 index 0000000..7fa3b07 --- /dev/null +++ b/hosts/cloud/users.nix @@ -0,0 +1,41 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; + }; + + users = { + users = { + y = { + hashedPassword = "$y$j9T$KLRxiAIFO2yLoalaeSmjg/$ZzEQbGvVmRJ6gESNxNuRchNcx0V01QpCxnJVv5pdk/B"; + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + "nginx" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + openssh.authorizedKeys.keys = + [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM+qXhCHNrSZmy4HEXaFn6xAp1w2GzQBMOfVdbR3E81Q cloudboxes" ]; + }; + }; + }; +} + + + diff --git a/hosts/editors.nix b/hosts/editors.nix new file mode 100644 index 0000000..fec5580 --- /dev/null +++ b/hosts/editors.nix @@ -0,0 +1,12 @@ +{ + pkgs, + inputs, + ... +}: { + environment.variables.EDITOR = "hx"; + environment.systemPackages = [ + pkgs.neovim + # inputs.helix.packages.${pkgs.system}.helix + pkgs.helix + ]; +} diff --git a/hosts/headless/bcn.nix b/hosts/headless/bcn.nix new file mode 100644 index 0000000..2cbf960 --- /dev/null +++ b/hosts/headless/bcn.nix @@ -0,0 +1,70 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../base.nix + ../linux.nix + ./headless.nix + ]; + + + + nix = { + autoOptimiseStore = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + # Free up to 1GiB whenever there is less than 100MiB left. + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; + boot = { + loader = { + systemd-boot.consoleMode = "max"; + grub.enable = false; + generic-extlinux-compatible.enable = true; # settings don't get saved without this!! + #raspberryPi.enable = true; + raspberryPi.version = 4; + raspberryPi.firmwareConfig = '' + dtparam=audio=on + dtoverlay=vc4-kms-3d + ''; + }; + kernelPackages = pkgs.linuxPackages_rpi4; # Mainline doesn't work yet + extraModprobeConfig = '' + options snd_bcm2835 enable_headphones=1 + ''; + }; + + + networking = { + hostName = "yn-bcn"; # Define your hostname. + }; + + + + # Set your time zone. + time.timeZone = "Europe/Madrid"; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "23.11"; # Did you read the comment? + +} + diff --git a/hosts/headless/configuration.nix b/hosts/headless/configuration.nix new file mode 100644 index 0000000..1d18dc5 --- /dev/null +++ b/hosts/headless/configuration.nix @@ -0,0 +1,76 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ../base.nix + ../linux.nix + ./headless.nix + ]; + + + + nix = { + package = pkgs.nixUnstable; + autoOptimiseStore = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + # Free up to 1GiB whenever there is less than 100MiB left. + extraOptions = '' + min-free = ${toString (100 * 1024 * 1024)} + max-free = ${toString (1024 * 1024 * 1024)} + ''; + }; + boot = { + loader = { + systemd-boot.consoleMode = "max"; + grub.enable = false; + generic-extlinux-compatible.enable = true; # settings don't get saved without this!! + #raspberryPi.enable = true; + raspberryPi.version = 4; + raspberryPi.firmwareConfig = '' + dtparam=audio=on + dtoverlay=vc4-kms-3d + ''; + }; + kernelPackages = pkgs.linuxPackages_rpi4; # Mainline doesn't work yet + extraModprobeConfig = '' + options snd_bcm2835 enable_headphones=1 + ''; + }; + hardware.raspberry-pi."4" = { + fkms-3d.enable = true; + audio.enable = true; + dwc2.enable = true; + }; + + + networking = { + hostName = "yfs"; # Define your hostname. + }; + + + + # Set your time zone. + time.timeZone = "Asia/Bangkok"; + + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "22.11"; # Did you read the comment? + +} + diff --git a/hosts/headless/flake.lock b/hosts/headless/flake.lock new file mode 100644 index 0000000..595d2ff --- /dev/null +++ b/hosts/headless/flake.lock @@ -0,0 +1,82 @@ +{ + "nodes": { + "nixos-hardware": { + "locked": { + "lastModified": 1702453208, + "narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "master", + "repo": "nixos-hardware", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", + "unfree": "unfree", + "unstable": "unstable" + } + }, + "unfree": { + "inputs": { + "nixpkgs": [ + "unstable" + ] + }, + "locked": { + "lastModified": 1701957584, + "narHash": "sha256-xEpFaRdrneHl3Xdyzp3emd4QVxML7AR3GC91wuWi0Ok=", + "owner": "numtide", + "repo": "nixpkgs-unfree", + "rev": "127b9b18583de04c6207c2a0e674abf64fc4a3b1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "nixpkgs-unfree", + "type": "github" + } + }, + "unstable": { + "locked": { + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/hosts/headless/flake.nix b/hosts/headless/flake.nix new file mode 100644 index 0000000..d4f58cd --- /dev/null +++ b/hosts/headless/flake.nix @@ -0,0 +1,41 @@ +# my flake!! + +{ + inputs = { + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; + unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; + unfree = { + url = "github:numtide/nixpkgs-unfree"; + inputs.nixpkgs.follows = "unstable"; + }; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + #inputs.cachix.url = "github:cachix/cachix/master"; + #inputs.devenv.url = "github:cachix/devenv/latest"; + }; + + outputs = inputs: + { + nixosConfigurations."yn-bcn" = inputs.nixpkgs.lib.nixosSystem rec { + system = "aarch64-linux"; + specialArgs = { + stablepkgs = inputs.nixpkgs.legacyPackages.${system}; + unstablePkgs = inputs.unstable.legacyPackages.${system}; + unfreePkgs = inputs.unfree.legacyPackages.${system}; + }; + modules = [ + ./bcn.nix + ]; + }; + nixosConfigurations."yfs" = inputs.nixpkgs.lib.nixosSystem rec { + system = "aarch64-linux"; + specialArgs = { + stablepkgs = inputs.nixpkgs.legacyPackages.${system}; + unstablePkgs = inputs.unstable.legacyPackages.${system}; + unfreePkgs = inputs.unfree.legacyPackages.${system}; + }; + modules = [ + ./configuration.nix + ]; + }; + }; +} diff --git a/hosts/headless/hardware-configuration.nix b/hosts/headless/hardware-configuration.nix new file mode 100644 index 0000000..51f1a8f --- /dev/null +++ b/hosts/headless/hardware-configuration.nix @@ -0,0 +1,20 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + + fileSystems."/" = + { device = "/dev/disk/by-label/NIXOS_SD"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/hosts/headless/headless.nix b/hosts/headless/headless.nix new file mode 100644 index 0000000..8c4a2f7 --- /dev/null +++ b/hosts/headless/headless.nix @@ -0,0 +1,4 @@ +{...}: +{ + services.mingetty.autologinUser = "y"; +} diff --git a/hosts/linux.nix b/hosts/linux.nix new file mode 100644 index 0000000..1e092bb --- /dev/null +++ b/hosts/linux.nix @@ -0,0 +1,44 @@ +{pkgs, ...}: { + imports = [ + # Include the results of the hardware scan. + ./users.nix + ./editors.nix + ./pkgs.nix + ./unfree.nix + ./network.nix + # ./yubikey.nix + ]; + + console = { + earlySetup = true; + packages = [pkgs.terminus_font]; + font = "Lat2-Terminus16"; + #font = "${pkgs.terminus_font}/share/consolefonts/ter-i32n.psf.gz"; + keyMap = "us"; + # useXkbConfig = true; # use xkbOptions in tty. + }; + + # docker + virtualisation.docker.enable = true; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "es_ES.UTF-8/UTF-8" + "zh_CN.UTF-8/UTF-8" + "zh_HK.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "th_TH.UTF-8/UTF-8" + ]; + }; + + ## Bluetooth + hardware.enableAllFirmware = true; + hardware.bluetooth.enable = true; + hardware.bluetooth.settings = {General = {Experimental = true;};}; + hardware.bluetooth.disabledPlugins = ["sap"]; + hardware.bluetooth.package = pkgs.bluez; + services.blueman.enable = true; +} diff --git a/hosts/local/fw11/configuration.nix b/hosts/local/fw11/configuration.nix new file mode 100644 index 0000000..b3b6b0f --- /dev/null +++ b/hosts/local/fw11/configuration.nix @@ -0,0 +1,53 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{...}: { + imports = [ + # Include the results of the hardware scan. + ../../base.nix + ../../linux.nix + ../wayland.nix + ../../syncthing.nix + ./keyboard.nix + # ../android.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # boot.supportedFilesystems = ["ntfs"]; + # boot.kernelPackages = lib.mkForce unfreePkgs.linuxKernel.packages.linux_xanmod_latest; + services.fprintd.enable = true; + + networking = { + hostName = "fw-nixos"; # Define your hostname. + firewall.enable = false; + }; + nix.settings.trusted-users = ["root" "y"]; + + # Set your time zone. + time.timeZone = "Asia/Bangkok"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # List services that you want to enable: + + services.openssh.enable = false; + + # firmware update + services.fwupd.enable = true; + + # android + # programs.adb.enable = true; + # users.users.y.extraGroups = ["adbusers"]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "23.05"; # Did you read the comment? +} diff --git a/hosts/local/fw11/default.nix b/hosts/local/fw11/default.nix new file mode 100644 index 0000000..b73579e --- /dev/null +++ b/hosts/local/fw11/default.nix @@ -0,0 +1,6 @@ +inputs: [ + inputs.kmonad.nixosModules.default + inputs.nixos-hardware.nixosModules.framework-11th-gen-intel + ./hardware-configuration.nix + ./configuration.nix +] diff --git a/hosts/local/fw11/framework.kbd b/hosts/local/fw11/framework.kbd new file mode 100644 index 0000000..2594bf6 --- /dev/null +++ b/hosts/local/fw11/framework.kbd @@ -0,0 +1,101 @@ +;; one liner comments ';;' +#| Multiline + comments |# + +(defcfg ;; For linux & by-id lists pluggable devices +;; If a key is not bound/left_empty(_) then it will fall back to the previous +;; layer's binding if not then default. +fallthrough true +;; To run system commands. You MIGHT face issues with tiling window managers due to command helpers. +;; allow-cmd true +;; use 'ls /dev/input/by-id/' for detachable keyboards and +;; 'ls /dev/input/by-path/' for builtin keyboards location' +input (device-file "/dev/input/event0") +;; Not sure what this does. Please check the docs. +output (uinput-sink "My KMonad output") +) + +;; This is the real representation of your actual keyboard. We haven't started +;; customizing layouts yet. +(defsrc + esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del + ` 1 2 3 4 5 6 7 8 9 0 - = bspc + tab q w e r t y u i o p [ ] \ + caps a s d f g h j k l ; ' ret + lsft z x c v b n m , . / rsft up + lctl lmet lalt spc ralt rctl left down right +) +;; Aliases + +(defalias +;; Layer toggles +sym (layer-toggle syms) +sym2 (layer-toggle syms2) +cords (sticky-key 1000 (layer-toggle mods)) +;; +hrt (layer-switch homerowmods) +back (layer-switch qwerty) + +;; Homerow keys +a (tap-hold-next-release 280 a lctl) +s (tap-hold-next-release 280 s lalt) +d (tap-hold-next-release 280 d lmet) +f (tap-hold-next-release 280 f lsft) +;; +j (tap-hold-next-release 280 j rsft) +k (tap-hold-next-release 280 k lmet) +l (tap-hold-next-release 280 l lalt) +semi (tap-hold-next-release 280 ; rctl) + +;; button to launch brave browser +;; veeb (cmd-button "brave") +;; ssf (sticky-key 500 (layer-toggle rshift)) +;; rsf (layer-toggle rshift) +) + +;; The first custom layer is the one that gets activated when kmonad is started +(deflayer qwerty ;; The default layer that'd be read when you launch kmonad + esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del + ` 1 2 3 4 5 6 7 8 9 0 - = bspc + tab q w e r t y u i o p [ ] \ + esc a s d f g h j k l ; ' ret + @sym z x c v b n m , . / rsft up + lctl lmet @sym spc @cords @hrt left down right +) +(deflayer homerowmods + esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del + ` 1 2 3 4 5 6 7 8 9 0 - = bspc + tab q w e r t y u i o p [ ] \ + esc @a @s @d @f g h @j @k @l @semi ' ret + @sym z x c v b n m , . / rsft up + lctl lmet @sym spc lalt @back left down right +) +(deflayer mods + esc f1 f2 f3 f4 f5 f6 f7 f8 f9 f10 f11 f12 del + ` 1 2 3 4 5 6 7 8 9 0 - = bspc + tab q w e r t y u i o p [ ] h + esc lctl lalt lmet lsft g h rsft rmet ralt rctl ' ret + @sym z x c v b n m , . / rsft up + lctl lmet @sym spc lalt @back left down right +) + +;; A layer dedicated to symbols +(deflayer syms + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ up _ _ ! @ # $ % _ _ _ + _ _ left down right @sym2 ' ^ & - = _ ret + _ _ _ _ _ _ \( [ { < \ _ _ + _ _ _ _ _ _ _ _ _ +) + + +;; More symbols +(deflayer syms2 + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ _ _ _ _ _ _ _ _ + _ _ _ _ _ _ ` ~ * \_ + _ ret + _ _ _ _ _ _ \) ] } > | _ _ + _ _ _ _ _ _ _ _ _ +) diff --git a/hosts/local/fw11/hardware-configuration.nix b/hosts/local/fw11/hardware-configuration.nix new file mode 100644 index 0000000..6b4e8bf --- /dev/null +++ b/hosts/local/fw11/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "i915" "8821cu"]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.rtl8821cu ]; + # to modeswitch usb dongle sudo usb_modeswitch -KW -v 0bda -p 1a2b + + fileSystems."/" = + { device = "/dev/disk/by-uuid/349f55f5-8726-47be-826c-33ae8da92346"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/0739-1303"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/5d13663a-3177-4338-b07a-4b0e10581084"; } + ]; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = lib.mkDefault false; + networking.interfaces.wlp170s0.useDHCP = lib.mkDefault true; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/local/fw11/keyboard.nix b/hosts/local/fw11/keyboard.nix new file mode 100644 index 0000000..88f8545 --- /dev/null +++ b/hosts/local/fw11/keyboard.nix @@ -0,0 +1,46 @@ +{ + config, + lib, + pkgs, + ... +}: { + services.logind.extraConfig = '' + # don’t shutdown when power button is short-pressed + HandlePowerKey=ignore + ''; + + # config file keeps getting rewritten but I don't know by who + # i18n.inputMethod = { + # enabled = "fcitx5"; + # fcitx5.addons = with pkgs; [ + # fcitx5-mozc + # # mozc-ut is better, wat do + # fcitx5-gtk + # libsForQt5.fcitx5-qt + # fcitx5-lua + # fcitx5-configtool + # fcitx5-rime + # ]; + # }; + environment.variables = { + GTK_IM_MODULE = "fcitx"; + QT_IM_MODULE = "fcitx"; + XMODIFIERS = "@im=fcitx"; + FCITX_SOCKET = "default"; + }; + + #kmonad + services.kmonad = lib.mkIf (pkgs.system == "x86_64-linux") { + enable = true; + + keyboards.internal = { + device = "/dev/input/by-path/platform-i8042-serio-0-event-kbd"; + config = builtins.readFile ./framework.kbd; + + # defcfg = { + # enable = true; + # fallthrough = true; + # }; + }; + }; +} diff --git a/hosts/local/i3.nix b/hosts/local/i3.nix new file mode 100644 index 0000000..623fcf9 --- /dev/null +++ b/hosts/local/i3.nix @@ -0,0 +1,134 @@ +{pkgs, ...}: { + environment.pathsToLink = ["/libexec"]; + services.xserver = { + xkb.layout = "us"; + xkb.variant = ""; + enable = true; + desktopManager = { + xterm.enable = true; + }; + windowManager.i3 = { + enable = true; + extraPackages = with pkgs; [ + dmenu + i3status + i3lock + i3blocks + ]; + }; + }; + services.displayManager.defaultSession = "none+i3"; + + environment.sessionVariables = { + GTK_IM_MODULE = "fcitx"; + QT_IM_MODULE = "fcitx"; + XMODIFIERS = "@im=fcitx"; + }; + + environment.systemPackages = with pkgs; [ + rofi + + alacritty + signal-desktop + tdesktop + brave + gimp + vlc + thunderbird + kmail + firefox + chromium + pavucontrol + # icons + polkit_gnome + gnome-themes-extra + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + lxappearance + adwaita-qt + adwaita-icon-theme + xfce.thunar + libreoffice + qbittorrent + zathura + # + libcamera # pipewire seems to want this + easyeffects + ]; + + # cjk input + i18n = { + inputMethod = { + type = "fcitx5"; + fcitx5.addons = with pkgs; [fcitx5-rime fcitx5-mozc]; + }; + }; + + fonts = { + enableDefaultPackages = true; + fontconfig = { + defaultFonts.emoji = ["Noto Color Emoji"]; + defaultFonts.monospace = ["Hack" "Sarasa Mono SC"]; + defaultFonts.sansSerif = ["DejaVu Sans"]; + defaultFonts.serif = ["DejaVu Serif" "Source Han Serif SC"]; + }; + packages = with pkgs; [ + fira-code + fira + cooper-hewitt + ibm-plex + jetbrains-mono + iosevka + spleen + fira-code-symbols + powerline-fonts + nerdfonts + arphic-ukai + arphic-uming + dejavu_fonts + font-awesome + inconsolata # monospaced + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + powerline-fonts + source-han-sans-japanese + source-han-sans-korean + source-han-sans-simplified-chinese + source-han-sans-traditional-chinese + source-sans-pro + ubuntu_font_family + wqy_microhei + wqy_zenhei + ]; + }; + + # screen capture + # + + xdg.portal.enable = true; + xdg.portal.config.common.default = "*"; + xdg.portal.wlr.enable = true; + services.dbus.enable = true; + ## Remove sound.enable or set it to false if you had it set previously, as sound.enable is only meant for ALSA-based configurations + + # rtkit is optional but recommended + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + }; + + # pipewire requires these off + # sound.enable = true; + # hardware.pulseaudio.enable = true; + # hardware.bluetooth.enable = true; +} diff --git a/hosts/local/master/configuration.nix b/hosts/local/master/configuration.nix new file mode 100644 index 0000000..19708b8 --- /dev/null +++ b/hosts/local/master/configuration.nix @@ -0,0 +1,61 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{pkgs, ...}: { + imports = [ + # Include the results of the hardware scan. + ../../base.nix + ../../linux.nix + ../../unfree.nix + ../../android.nix + ../i3.nix + ../nvidia.nix + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + boot.kernelParams = ["intel_pstate=active"]; + # boot.supportedFilesystems = ["ntfs"]; + services.fprintd.enable = true; + nix.settings.trusted-users = ["root" "y"]; + + networking = { + hostName = "master"; # Define your hostname. + }; + + # Set your time zone. + time.timeZone = "Asia/Bangkok"; + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.ports = [5555]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "23.11"; # Did you read the comment? + + #debugging segfaults + powerManagement.cpufreq.max = 4000000; + powerManagement.cpufreq.min = 800000; + + # Define the systemd service + # systemd.services.my-custom-script = { + # description = "Run my custom script on startup"; + # wantedBy = ["multi-user.target"]; + # after = ["network.target"]; # or any other service you need to wait for + # serviceConfig = { + # ExecStart = "${pkgs.bash}/bin/bash /etc/startup.sh"; + # Type = "oneshot"; + # RemainAfterExit = true; + # }; + # }; + + # Ensure the script is copied to the system + # environment.etc."startup.sh".source = ./startup.sh; +} diff --git a/hosts/local/master/default.nix b/hosts/local/master/default.nix new file mode 100644 index 0000000..91e5016 --- /dev/null +++ b/hosts/local/master/default.nix @@ -0,0 +1,5 @@ +inputs: [ + inputs.kmonad.nixosModules.default + ./hardware-configuration.nix + ./configuration.nix +] diff --git a/hosts/local/master/hardware-configuration.nix b/hosts/local/master/hardware-configuration.nix new file mode 100644 index 0000000..fc5597c --- /dev/null +++ b/hosts/local/master/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/13b360be-0528-4690-b7ab-80c89033c5b7"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/92AC-1484"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/0b5d123f-3832-4aa2-b486-c64ed476fcf9"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/local/nvidia.nix b/hosts/local/nvidia.nix new file mode 100644 index 0000000..74d5f5d --- /dev/null +++ b/hosts/local/nvidia.nix @@ -0,0 +1,17 @@ +{pkgs, ...}: { + boot.kernelModules = ["nvidia" "nvidia_modeset" "nvidia_uvm" "nvidia_drm"]; + # boot.kernelPackages = lib.mkForce unfreePkgs.linuxKernel.packages.linux_xanmod_latest; + boot.kernelParams = ["video=HDMI-A-1:1920x1080"]; + # hardware.opengl = { + # package = (pkgs.mesa.override { galliumDrivers = [ "i915" "swrast" ]; }).drivers; + # }; + services.xserver = { + videoDrivers = ["nvidia"]; + }; + + hardware.nvidia = { + modesetting.enable = true; + powerManagement.enable = true; + open = true; + }; +} diff --git a/hosts/local/ohira/configuration.nix b/hosts/local/ohira/configuration.nix new file mode 100644 index 0000000..c4a42b0 --- /dev/null +++ b/hosts/local/ohira/configuration.nix @@ -0,0 +1,287 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: { + imports = [ + # Include the results of the hardware scan. + ../../base.nix + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + # freaking wifi dongle thing + + services.udev.extraRules = '' + ACTION=="add", ATTRS{idVendor}=="0bda", ATTRS{idProduct}=="1a2b", RUN+="${pkgs.usb-modeswitch}/bin/usb_modeswitch -KW -v 0bda -p 1a2b", RUN+="${pkgs.coreutils}/bin/sleep 1", RUN+="${pkgs.usb-modeswitch}/bin/usb_modeswitch -KW -v 0bda -p 1a2b" + ''; + networking.hostName = "ohira"; # Define your hostname. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "Asia/Tokyo"; + + # Select internationalisation properties. + i18n = { + defaultLocale = "en_US.UTF-8"; + supportedLocales = [ + "en_US.UTF-8/UTF-8" + "zh_CN.UTF-8/UTF-8" + "zh_HK.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + ]; + extraLocaleSettings = { + LC_ADDRESS = "ja_JP.UTF-8"; + LC_IDENTIFICATION = "ja_JP.UTF-8"; + LC_MEASUREMENT = "ja_JP.UTF-8"; + LC_MONETARY = "ja_JP.UTF-8"; + LC_NAME = "ja_JP.UTF-8"; + LC_NUMERIC = "ja_JP.UTF-8"; + LC_PAPER = "ja_JP.UTF-8"; + LC_TELEPHONE = "ja_JP.UTF-8"; + LC_TIME = "ja_JP.UTF-8"; + }; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # Enable the GNOME Desktop Environment. + services.xserver.displayManager.gdm.enable = true; + services.xserver.desktopManager.gnome.enable = true; + + # Configure keymap in X11 + services.xserver = { + xkb.layout = "us"; + xkb.variant = ""; + }; + # japanese input + + i18n = { + inputMethod = { + type = "fcitx5"; + fcitx5.addons = with pkgs; [fcitx5-mozc]; + }; + }; + + environment.sessionVariables = { + GTK_IM_MODULE = "fcitx"; + QT_IM_MODULE = "fcitx"; + XMODIFIERS = "@im=fcitx"; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + ## Bluetooth + hardware.enableAllFirmware = true; + hardware.bluetooth.enable = true; + hardware.bluetooth.settings = {General = {Experimental = true;};}; + hardware.bluetooth.disabledPlugins = ["sap"]; + hardware.bluetooth.package = pkgs.bluez; + services.blueman.enable = true; + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.y = { + isNormalUser = true; + description = "y"; + extraGroups = ["networkmanager" "wheel"]; + packages = with pkgs; [ + firefox + # thunderbird + ]; + }; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # programs.steam = { + # enable = true; + # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + # }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + helix + usbutils + coreutils + wget + htop + bat + gitAndTools.gitFull + lazygit + lsd + lsof + tmux + tmate + minio + minio-client + zip + unzip + jq + tree + # gui stuff + alacritty + brave + deluge + vlc + gimp + libreoffice + # weirding + usb-modeswitch + #network + innernet + iptables + #games + prismlauncher + grapejuice + dosbox + # + gnomeExtensions.kimpanel + ]; + + fonts = { + enableDefaultPackages = true; + fontconfig = { + defaultFonts.emoji = ["Noto Color Emoji"]; + defaultFonts.monospace = ["Hack" "Sarasa Mono SC"]; + defaultFonts.sansSerif = ["DejaVu Sans"]; + defaultFonts.serif = ["DejaVu Serif" "Source Han Serif SC"]; + }; + packages = with pkgs; [ + # fira-code + # fira + # cooper-hewitt + # ibm-plex + # jetbrains-mono + # iosevka + # spleen + # fira-code-symbols + # powerline-fonts + # nerdfonts + # arphic-ukai + # arphic-uming + # dejavu_fonts + # font-awesome + # inconsolata # monospaced + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + # powerline-fonts + source-han-sans-japanese + # source-han-sans-korean + # source-han-sans-simplified-chinese + # source-han-sans-traditional-chinese + # source-sans-pro + # ubuntu_font_family + # wqy_microhei + # wqy_zenhei + ]; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + # passwordAuthentication = false; + ports = [4410]; + }; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? + + ## screen time limit + + # systemd.user.services = { + # # Shutdown at 10pm to get some sleep + # poweroff = { + # description = "Poweroff Service"; + # startAt = [ "*-*-* 21:30:00" ]; + # serviceConfig = { + # Type = "oneshot"; + # ExecStart = "/run/current-system/sw/bin/poweroff"; + # }; + # }; + # }; + + systemd.timers.shutdown = { + wantedBy = ["timers.target"]; + timerConfig.OnCalendar = "21:30"; + unitConfig.ExecStart = "${pkgs.coreutils}/bin/shutdown now"; + }; + systemd.services.timeCheckShutdown = { + description = "Prevent booting during specific hours"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + script = '' + CURRENT_HOUR=$(date +"%H") + if [ "$CURRENT_HOUR" -ge 21 ] || [ "$CURRENT_HOUR" -lt 6 ]; then + /run/current-system/sw/bin/shutdown now + fi + ''; + }; + systemd.services.afterSuspend = { + description = "Check time and shutdown if necessary after suspend"; + wantedBy = ["sleep.target"]; + bindsTo = ["sleep.target"]; + script = '' + CURRENT_HOUR=$(date +"%H") + if [ "$CURRENT_HOUR" -ge 21 ] || [ "$CURRENT_HOUR" -lt 6 ]; then + /run/current-system/sw/bin/shutdown now + fi + ''; + }; +} diff --git a/hosts/local/ohira/default.nix b/hosts/local/ohira/default.nix new file mode 100644 index 0000000..67cd4a5 --- /dev/null +++ b/hosts/local/ohira/default.nix @@ -0,0 +1,4 @@ +inputs: [ + ./hardware-configuration.nix + ./configuration.nix +] diff --git a/hosts/local/ohira/hardware-configuration.nix b/hosts/local/ohira/hardware-configuration.nix new file mode 100644 index 0000000..4b581fd --- /dev/null +++ b/hosts/local/ohira/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "8821cu" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ config.boot.kernelPackages.rtl8821cu ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/1170c84d-4965-4444-a998-23ceef6f7ca9"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6F38-0465"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/48b04403-6a5e-41f4-a656-5a95f850ccaa"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/local/wayland.nix b/hosts/local/wayland.nix new file mode 100644 index 0000000..c94a1dc --- /dev/null +++ b/hosts/local/wayland.nix @@ -0,0 +1,188 @@ +{pkgs, ...}: { + hardware.graphics = { + enable = true; + enable32Bit = true; + extraPackages = [ + pkgs.mesa.drivers + pkgs.vaapiIntel + pkgs.vaapiVdpau + pkgs.libvdpau-va-gl + pkgs.intel-media-driver + ]; + }; + programs.sway = { + enable = true; + wrapperFeatures.gtk = true; + extraOptions = ["--verbose" "--debug"]; + extraPackages = with pkgs; [ + xdg-utils + xdg-desktop-portal + xdg-desktop-portal-wlr + xdg-desktop-portal-gtk + alacritty + calibre + # nyxt + wofi + imv + swaylock + brightnessctl + swayidle + foot + (waybar.override { + wireplumberSupport = false; + }) + mako + kanshi + grim + slurp + wl-clipboard + wf-recorder + viewnior + playerctl + blueman + wdisplays + ]; + extraSessionCommands = '' + ''; + }; + # environment.loginShellInit = '' + # if [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then + # exec swayc + # fi + #''; + + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + SDL_VIDEODRIVER = "wayland"; + QT_QPA_PLATFORM = "wayland"; + QT_WAYLAND_DISABLE_WINDOWDECORATION = "1"; + _JAVA_AWT_WM_NONREPARENTING = "1"; + MOZ_ENABLE_WAYLAND = "1"; + + # GTK_IM_MODULE = "fcitx"; + # QT_IM_MODULE = "fcitx"; + # SDL_IM_MODULE = "fcitx"; + + XDG_CURRENT_DESKTOP = "sway"; + GDK_BACKEND = "wayland"; + XDG_SESSION_TYPE = "wayland"; + XMODIFIERS = "@im=fcitx"; + }; + + environment.systemPackages = with pkgs; [ + obsidian + signal-desktop + tdesktop + brave + gimp + vlc + mpv + celluloid + thunderbird + kmail + firefox + chromium + pavucontrol + # icons + polkit_gnome + gnome-themes-extra + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + lxappearance + adwaita-qt + adwaita-icon-theme + xfce.thunar + libreoffice + qbittorrent + zathura + # + libcamera # pipewire seems to want this + easyeffects + tigervnc + foliate + # code + kompare + meld + # tmp + grapejuice + dosbox + ]; + + # cjk input + i18n = { + inputMethod = { + type = "fcitx5"; + fcitx5 = { + # enabled = true; + addons = with pkgs; [fcitx5-rime fcitx5-mozc]; + waylandFrontend = true; + }; + }; + }; + + fonts = { + enableDefaultPackages = true; + fontconfig = { + defaultFonts.emoji = ["Noto Color Emoji"]; + defaultFonts.monospace = ["Hack" "Sarasa Mono SC"]; + defaultFonts.sansSerif = ["DejaVu Sans"]; + defaultFonts.serif = ["DejaVu Serif" "Source Han Serif SC"]; + }; + packages = with pkgs; [ + fira-code + fira + cooper-hewitt + ibm-plex + jetbrains-mono + iosevka + spleen + fira-code-symbols + powerline-fonts + nerdfonts + arphic-ukai + arphic-uming + dejavu_fonts + font-awesome + inconsolata # monospaced + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + noto-fonts-extra + powerline-fonts + source-han-sans-japanese + source-han-sans-korean + source-han-sans-simplified-chinese + source-han-sans-traditional-chinese + source-sans-pro + ubuntu_font_family + wqy_microhei + wqy_zenhei + ]; + }; + + # screen capture + # + + xdg.portal.enable = true; + xdg.portal.wlr.enable = true; + services.dbus.enable = true; + ## Remove sound.enable or set it to false if you had it set previously, as sound.enable is only meant for ALSA-based configurations + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + wireplumber.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + }; + + # pipewire requires these off + # sound.enable = true; + # hardware.pulseaudio.enable = true; + # hardware.bluetooth.enable = true; +} diff --git a/hosts/network.nix b/hosts/network.nix new file mode 100644 index 0000000..433a206 --- /dev/null +++ b/hosts/network.nix @@ -0,0 +1,32 @@ +{ + pkgs, + config, + lib, + ... +}: { + networking = { + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networkmanager.enable = true; # Easiest to use and most distros use this by default. + nameservers = ["1.1.1.1" "1.0.0.1"]; + #enableIPv6 = false; + # Configure network proxy if necessary + # proxy.default = "http://user:password@proxy:port/"; + # proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + }; + + # Enable the OpenSSH daemon. + networking.firewall = { + enable = false; + # Open ports in the firewall. + # allowedTCPPorts = [ ... ]; + # allowedUDPPorts = [ ... ]; + }; + + environment.systemPackages = [ + pkgs.innernet + pkgs.iptables + ]; + + # services.opensnitch.enable = true; +} diff --git a/hosts/nixos.nix b/hosts/nixos.nix new file mode 100644 index 0000000..c5dc34a --- /dev/null +++ b/hosts/nixos.nix @@ -0,0 +1,21 @@ +inputs: let + mkNixosSystem = system: path: + inputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = {inherit inputs;}; + modules = import (./. + "/${path}") inputs; + }; +in { + fw11 = mkNixosSystem "x86_64-linux" "local/fw11"; + master = mkNixosSystem "x64_64-linux" "local/master"; + # vivo2025 = mkNixosSystem "x64_64-linux" "local/vivo2025"; + ohira = mkNixosSystem "x64_64-linux" "local/ohira"; + # # headless + # r5s = mkNixosSystem "aarch64-linux" "headless/r5s"; + # pi4 = mkNixosSystem "aarch64-linux" "headless/pi4"; + # # cloud boxes + sortug = mkNixosSystem "x64_64-linux" "cloud/sortug"; + # lightnode = mkNixosSystem "x64_64-linux" "cloud/lightnode"; + # hostinger = mkNixosSystem "x64_64-linux" "cloud/hostinger"; + # contabo = mkNixosSystem "x64_64-linux" "cloud/contabo"; +} diff --git a/hosts/pkgs.nix b/hosts/pkgs.nix new file mode 100644 index 0000000..f6c6a6b --- /dev/null +++ b/hosts/pkgs.nix @@ -0,0 +1,70 @@ +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + alejandra + # nixfmt + # + busybox + usbutils + xdg-utils + rlwrap + wget + htop + btop + bat + gitAndTools.gitFull + lazygit + git-lfs + lsd + lsof + tmux + zellij + tmate + curlFull + ripgrep + ranger + minio + minio-client + zip + unzip + jq + vifm + nnn + fzf + killall + tree + qrcp + deluge + ncdu + edir + bottom + pigz + rclone + gparted + #hardware problems + lm_sensors + linuxKernel.packages.linux_latest_libre.cpupower + # images + sxiv + # audio debug + alsa-firmware + # wine + #wineWowPackages.staging + #wineWowPackages.waylandFull + appimage-run + # code + nil + direnv + nix-direnv + devenv + # scraping + python312Packages.yt-dlp + # markdown lsp + marksman + # disk automount + udiskie + #crypto + # electrum + yacreader + nethogs + ]; +} diff --git a/hosts/syncthing.nix b/hosts/syncthing.nix new file mode 100644 index 0000000..09b0d9b --- /dev/null +++ b/hosts/syncthing.nix @@ -0,0 +1,9 @@ +{ pkgs, ...}: +{ + services.syncthing = { + enable = true; + user = "y"; + dataDir = "/home/y/sync/data"; + configDir = "/home/y/sync/.config"; + }; +} diff --git a/hosts/unfree.nix b/hosts/unfree.nix new file mode 100644 index 0000000..8a74ba9 --- /dev/null +++ b/hosts/unfree.nix @@ -0,0 +1,24 @@ +{pkgs, ...}: { + # allow unfree + nixpkgs.config = { + allowUnfree = true; + chromium.enableWideVine = true; + }; + environment.systemPackages = with pkgs; [ + # opera + spotify + microsoft-edge + vscode + # fonts + corefonts + symbola + ]; + # fucking vscode requires this for github copilot + + services.gnome.gnome-keyring.enable = true; + programs.steam = { + enable = true; + remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server + }; +} diff --git a/hosts/users.nix b/hosts/users.nix new file mode 100644 index 0000000..6c5394b --- /dev/null +++ b/hosts/users.nix @@ -0,0 +1,55 @@ +{ config, pkgs, ... }: + + +let shellAliases = { + l = "lsd -lAh"; + la = "lsd -lAh"; + ports = "sudo lsof -i -P -n | grep LISTEN"; + gco = "git checkout"; + gcob = "git checkout -b"; + v = "nvim"; + sv = "sudo nvim"; + dotsin = "sh ~/dotfiles/commit.sh"; + sourceit = ". (sed 's/^/export /' .env | psub)"; + sqlite = "rlwrap sqlite3"; + # rsyn = "rsync -zuvaP --filter=':- .gitignore'" +}; + +in { + programs.fish = { + inherit shellAliases; + enable = true; + shellInit = '' + if not functions -q fisher + echo "no fisher" + curl -sL https://raw.githubusercontent.com/jorgebucaran/fisher/main/functions/fisher.fish | source + end + ''; + # fisher install jorgebucaran/fisher + # fisher install IlanCosman/tide@v6 +}; + + users = { + users = { + y = { + group = "users"; + isNormalUser = true; + extraGroups = [ + "systemd-journal" + "wheel" + "networkmanager" + "input" + "uinput" + "docker" + "plugdev" + ]; + createHome = true; + home = "/home/y"; + isSystemUser = false; + shell = pkgs.fish; + }; + }; + }; +} + + diff --git a/outputs.nix b/outputs.nix new file mode 100644 index 0000000..21c186e --- /dev/null +++ b/outputs.nix @@ -0,0 +1,17 @@ +{ + self, + nixpkgs, + nix-darwin, + nur, + git-hooks, + ... +} @ inputs: let + localHosts = { + # x86_64-linux = import ./hosts/x86 + }; +in { + nixosConfigurations = import ./hosts/nixos.nix inputs; + # darwinConfigurations = { + # m1mba = import ./hosts/mac/m1mba inputs; + # }; +} diff --git a/result b/result new file mode 120000 index 0000000..2bc5634 --- /dev/null +++ b/result @@ -0,0 +1 @@ +/nix/store/nkvk0j00lh9193sr2hivm4ilxks96492-nixos-system-ohira-24.11.20240719.1d9c2c9 \ No newline at end of file -- cgit v1.2.3