Blunkall-Technologies/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Blunkall-Technologies:4e3d74795b89ac25ad461e8cc055c7e4fc335188
Branches Tags
Blunkall-Technologies:master Blunkall-Technologies:dev
...
compare: Blunkall-Technologies:dev
Branches Tags
Blunkall-Technologies:dev Blunkall-Technologies:master

382 Commits
4e3d74795b ... dev

Author SHA1 Message Date
Nathan
806e8900b4 ssh for laptop 2026-04-22 23:02:19 -05:00
Nathan
5731f191f7 ssh for laptop test 2026-04-22 21:59:17 -05:00
Nathan
c6b84a7c49 fix 2026-04-22 14:51:39 -05:00
Nathan
cbebf1639f restructure 2026-04-22 14:09:08 -05:00
Nathan
4ae1389378 restructure 2026-04-22 13:56:19 -05:00
Nathan
2fd2e5f2aa restructure 2026-04-22 13:53:13 -05:00
Nathan
e950b4c162 restructure 2026-04-22 13:27:21 -05:00
Nathan
06385f94f6 restructure 2026-04-22 12:30:34 -05:00
Nathan
03bec1dcaf restructure 2026-04-22 09:46:04 -05:00
Nathan
cff3aec197 restructure 2026-04-22 09:23:44 -05:00
Nathan
e2a6515ad6 restructure 2026-04-22 09:22:24 -05:00
Nathan
63559c16ac top level restructure 2026-04-22 08:25:10 -05:00
Nathan
846d33ac50 iso package test 2026-04-21 23:14:21 -05:00
Nathan
9a98e3256f iso package test 2026-04-21 23:12:38 -05:00
Nathan
f525b68345 iso package test 2026-04-21 23:06:48 -05:00
Nathan
0c7cafdc17 netbird unstable 2026-04-21 22:16:02 -05:00
Nathan
eff446334d netbird unstable 2026-04-21 19:54:14 -05:00
Nathan
97c84ff716 test 2026-04-21 19:33:46 -05:00
Nathan
f0860c2602 fix docker 2026-04-19 10:21:54 -05:00
Nathan
54d4d5aadf fix sops 2026-04-19 08:34:52 -05:00
Nathan
3b386828af fix disko 2026-04-19 07:55:25 -05:00
Nathan
300b407208 remove submodules 2026-04-19 00:32:04 -05:00
Nathan
711b1f198e remote flakes 2026-04-19 00:27:55 -05:00
Nathan
fada73a69c wallpapers 2026-04-16 23:09:15 -05:00
Nathan
cd1392517a update flake 2026-04-12 21:22:35 -05:00
Nathan
04e238810c update flake 2026-04-12 20:58:58 -05:00
Nathan
a727cf8722 update flake 2026-04-12 20:54:17 -05:00
Nathan
8016b58416 update flake 2026-04-12 20:51:08 -05:00
Nathan
1ccbb3eb6c update flake 2026-04-12 20:49:29 -05:00
Nathan
55783a7780 update flake 2026-04-12 20:39:46 -05:00
Nathan
c0443e73e6 update flake 2026-04-11 20:03:23 -05:00
Nathan
1316fe9169 update flake 2026-04-11 20:02:04 -05:00
Nathan
f5cba81ace update flake 2026-04-11 07:39:15 -05:00
Nathan
e6d45592df fix 2026-04-11 07:31:13 -05:00
Nathan
f1637d0497 renamed package 2026-04-11 07:28:44 -05:00
Nathan
ab691de708 update flake 2026-04-11 07:24:41 -05:00
Nathan
f8e4ddce82 update flake 2026-04-11 07:03:09 -05:00
Nathan
64b5a8c65b test 2026-04-10 16:57:01 -05:00
Nathan
41ebb79c2a test 2026-04-10 16:53:50 -05:00
Nathan
068d260470 test 2026-04-10 16:48:57 -05:00
Nathan
b34ad76811 test 2026-04-10 16:45:23 -05:00
Nathan
c79f76efa1 test 2026-04-10 16:41:39 -05:00
Nathan
87a4cc6455 test 2026-04-10 16:30:54 -05:00
Nathan
0bcab64638 test 2026-04-10 16:26:34 -05:00
Nathan
59fe61b835 test 2026-04-10 16:22:50 -05:00
Nathan
c25a1c26f5 test 2026-04-10 16:19:17 -05:00
Nathan
5cc628cfd9 test 2026-04-10 13:12:29 -05:00
Nathan
8b67d7b8fb test 2026-04-10 12:04:24 -05:00
Nathan
69797b6b01 test 2026-04-10 11:48:37 -05:00
Nathan
7853bc389d test 2026-04-10 11:43:02 -05:00
Nathan
a1417b9514 test 2026-04-10 11:21:59 -05:00
Nathan
dcc347a717 test 2026-04-09 19:02:59 -05:00
Nathan
4b32b5a3e7 test 2026-04-09 18:44:48 -05:00
Nathan
a87eb1994f test 2026-04-09 16:59:41 -05:00
Nathan
bdac2cafee test 2026-04-09 14:40:53 -05:00
Nathan
86a1071b1b test 2026-04-09 14:27:19 -05:00
Nathan
11048faa79 test 2026-04-09 14:25:40 -05:00
Nathan
58eec1d59d test 2026-04-09 11:23:51 -05:00
Nathan
00a830c3c4 test 2026-04-09 11:20:46 -05:00
Nathan
94a2ed6c8a test 2026-04-09 11:20:15 -05:00
Nathan
42d2399c42 test 2026-04-01 07:44:13 -05:00
Nathan
8704160c10 test 2026-03-31 22:45:28 -05:00
Nathan
74d813c5e8 test 2026-03-31 20:28:21 -05:00
Nathan
0c7291d3eb test 2026-03-31 20:25:04 -05:00
Nathan
10e69d4eff test 2026-03-31 20:20:01 -05:00
Nathan
72ecac11b7 test aurora 2026-03-31 20:14:04 -05:00
Nathan
db8f72308b test 2026-03-31 20:08:30 -05:00
Nathan
59a6dc79f0 test 2026-03-31 20:07:15 -05:00
Nathan
297b993992 update aurora 2026-03-21 16:20:01 -05:00
Nathan
0df6aee231 debugpy 3.14 broken 2026-03-20 13:29:11 -05:00
Nathan
33d139bdf6 update aurora 2026-03-20 13:04:13 -05:00
Nathan
effeddf963 name 2026-03-20 12:58:09 -05:00
Nathan
79c8e5061b test aurora 2026-03-20 11:28:20 -05:00
Nathan
1636b715b5 update aurora 2026-03-07 17:38:02 -06:00
Nathan
c00be80234 latest hyprland 2026-03-07 11:32:02 -06:00
Nathan
7fb7498acc scrolling 2026-03-07 11:17:29 -06:00
Nathan
449dbcff24 scrolling 2026-03-07 11:14:33 -06:00
Nathan
317bc368e9 scrolling 2026-03-07 11:13:07 -06:00
Nathan
d3689592e8 update aurora 2026-03-07 10:59:59 -06:00
Nathan
e6a810d833 test 2026-03-07 10:42:51 -06:00
Nathan
21579b281f test 2026-03-07 10:29:59 -06:00
Nathan
68bdc0c85e test 2026-03-07 10:23:56 -06:00
Nathan
64973efb33 test 2026-03-07 10:21:52 -06:00
Nathan
bed86c50dd test 2026-03-07 10:19:59 -06:00
Nathan
df6268f8c3 test 2026-03-07 10:15:43 -06:00
Nathan
09ff97278c test 2026-03-07 10:04:58 -06:00
Nathan
445e6a8c8b test 2026-03-07 10:03:45 -06:00
Nathan
b860c0ead1 test 2026-03-07 10:02:43 -06:00
Nathan
ed863b4ab1 test 2026-03-07 09:49:53 -06:00
Nathan
498fd77851 test 2026-03-07 09:27:49 -06:00
Nathan
19537a1499 test 2026-03-07 09:18:34 -06:00
Nathan
b7c9ca3ccc test 2026-03-07 09:16:40 -06:00
Nathan
8c66096e81 test 2026-03-06 23:23:42 -06:00
Nathan
e6b2a1d3ee test 2026-03-06 23:17:43 -06:00
Nathan
93b4b2730f test 2026-03-06 21:55:48 -06:00
Nathan
e9988b21ff test 2026-03-06 21:47:12 -06:00
Nathan
d6e9904bfc test 2026-03-06 21:32:57 -06:00
Nathan
aea1919a44 test 2026-03-06 21:27:24 -06:00
Nathan
da7ad42da9 test 2026-03-06 20:04:38 -06:00
Nathan
13e5c8410e test 2026-03-06 19:42:47 -06:00
Nathan
c8cfd433ae test 2026-03-06 19:39:21 -06:00
Nathan
60dd114bcc update aurora 2026-03-06 19:35:52 -06:00
Nathan
ac12242060 update aurora 2026-03-06 19:31:03 -06:00
Nathan
c3f12243d8 Begin Dendritic rewrite 2026-03-06 19:17:00 -06:00
Nathan
e296f298b1 Begin Dendritic rewrite 2026-03-06 19:07:55 -06:00
Nathan
f656be3dfb Begin Dendritic rewrite 2026-03-06 19:05:37 -06:00
Nathan
eb5b08c8f0 Begin Dendritic rewrite 2026-03-06 18:46:38 -06:00
Nathan
fa9ca0ec63 Begin Dendritic rewrite 2026-03-06 18:37:21 -06:00
Nathan
fd10360294 Begin Dendritic rewrite 2026-03-06 18:27:39 -06:00
Nathan
0237820306 Begin Dendritic rewrite 2026-03-06 18:26:41 -06:00
Nathan
64b6b6b763 Begin Dendritic rewrite 2026-03-06 18:23:19 -06:00
Nathan
78b1b26b91 Begin Dendritic rewrite 2026-03-06 16:34:10 -06:00
Nathan
44eb6492f2 Begin Dendritic rewrite 2026-03-06 16:32:07 -06:00
Nathan
597f51e7b2 Begin Dendritic rewrite 2026-03-06 16:25:23 -06:00
Nathan
c1684a80f7 Begin Dendritic rewrite 2026-03-06 16:24:53 -06:00
Nathan
f3a90a0fe8 test 2026-02-28 19:01:49 -06:00
Nathan
11089070ba test 2026-02-28 18:05:10 -06:00
Nathan
8697469f5f add authentik middleware 2026-02-28 17:56:12 -06:00
Nathan
fa6abcfd98 add ssh key 2026-02-28 17:26:54 -06:00
Nathan
7f0629f313 work on docker gitea 2026-02-25 09:03:17 -06:00
Nathan
1a088bc501 no nextcloud for now 2026-02-20 21:35:52 -06:00
Nathan
0f70cf9bbc add localsend 2026-02-14 18:02:53 -06:00
Nathan
fbf6864350 ollama ip 2026-02-04 00:15:51 -06:00
Nathan
b3058b25a6 jellyfin 2026-02-03 10:25:15 -06:00
Nathan
1ec2681731 jellyfin 2026-02-03 10:21:10 -06:00
Nathan
2c0bfcbcdd jellyfin 2026-02-03 10:19:49 -06:00
Nathan
51942d5e10 jellyfin 2026-02-03 10:12:48 -06:00
Nathan
6dbbe36327 nextcloud ip 2026-02-03 08:55:30 -06:00
Nathan
2dec58998d nixvim 2026-02-03 08:45:58 -06:00
Nathan
f3d0db4a63 static ips 2026-02-03 00:59:13 -06:00
Nathan
d4e2841833 update flake 2026-02-03 00:34:27 -06:00
Nathan
e1eb4569a8 remove graphics option 2026-02-03 00:31:06 -06:00
Nathan
a9d1fd2316 open to web 2026-02-02 19:25:26 -06:00
Nathan
fc3ed73055 no ports 2026-02-02 19:15:56 -06:00
Nathan
488a6437c3 opengl? 2026-02-02 14:45:04 -06:00
Nathan
b40400ed71 aio stuff 2026-02-02 12:23:59 -06:00
Nathan
1dcb262114 aio stuff 2026-02-02 12:19:50 -06:00
Nathan
5e9b353529 aio stuff 2026-02-02 12:11:51 -06:00
Nathan
12c0bd71dd skip domain validation 2026-02-02 11:11:17 -06:00
Nathan
930596db1a docker containers use pihole 2026-02-02 10:56:00 -06:00
Nathan
6643b584f9 nextcloud 2026-02-02 10:42:32 -06:00
Nathan
2205f7ca57 nextcloud 2026-02-02 10:34:05 -06:00
Nathan
784a3f213e name 2026-02-02 10:11:05 -06:00
Nathan
98da646e59 name 2026-02-02 10:08:05 -06:00
Nathan
12d8b7746b version 2026-02-02 09:45:03 -06:00
Nathan
529e9f994f nextcloud 2026-02-02 09:33:16 -06:00
Nathan
be86d9b31b port 2026-02-01 14:37:05 -06:00
Nathan
7ac91b21b3 volume stuff 2026-02-01 14:16:19 -06:00
Nathan
851911f491 netbird version bs 2026-02-01 14:12:47 -06:00
Nathan
a0da606694 add openwebui 2026-02-01 14:05:39 -06:00
Nathan
8a8b48a6cc add openwebui 2026-02-01 14:03:13 -06:00
Nathan
7dd49cd8e4 authentik fix 2026-02-01 09:10:24 -06:00
Nathan
a00a888676 route gitea ssh through traefik 2026-02-01 08:15:13 -06:00
Nathan
536a76ca80 update netbird volumes 2026-02-01 07:56:47 -06:00
Nathan
41b13580dc update hass proxy 2026-02-01 07:36:24 -06:00
Nathan
74b0d63f26 dockerfy netbird 2026-02-01 07:07:06 -06:00
Nathan
e91def66b5 update netbird secrets 2026-02-01 06:57:38 -06:00
Nathan
9325a6b079 dockerfy netbird 2026-02-01 06:53:07 -06:00
Nathan
f9e66ff1a0 dockerfy netbird 2026-02-01 06:48:12 -06:00
Nathan
98c81001f7 dockerfy traefik 2026-01-31 20:31:59 -06:00
Nathan
002bd38906 dockerfy traefik 2026-01-31 20:24:44 -06:00
Nathan
1a52dd8041 dockerfy traefik 2026-01-31 20:22:06 -06:00
Nathan
67f75bcd97 dockerfy traefik 2026-01-31 20:20:17 -06:00
Nathan
1bba167d6d dockerfy traefik 2026-01-31 19:43:37 -06:00
Nathan
f418f3dfa5 dockerfy traefik 2026-01-31 19:36:38 -06:00
Nathan
0c5ab6519d dockerfy traefik 2026-01-31 18:50:01 -06:00
Nathan
e58d6118ea dockerfy traefik 2026-01-31 15:41:36 -06:00
Nathan
aecbdb243d dockerfy traefik 2026-01-31 15:34:12 -06:00
Nathan
4cc510d584 dockerfy traefik 2026-01-31 15:00:06 -06:00
Nathan
1ab353746d dockerfy traefik 2026-01-31 14:52:24 -06:00
Nathan
05fd4f67b1 dockerfy traefik 2026-01-31 14:24:21 -06:00
Nathan
d134f6e849 dockerfy traefik 2026-01-31 14:06:59 -06:00
Nathan
03c66ccc13 dockerfy traefik 2026-01-31 13:44:46 -06:00
Nathan
dd44fd8b0c dockerfy traefik 2026-01-31 13:41:06 -06:00
Nathan
5226ade22c dockerfy traefik 2026-01-31 13:35:59 -06:00
Nathan
e162e47b1d dockerfy traefik 2026-01-31 13:03:18 -06:00
Nathan
6541a307bc dockerfy traefik 2026-01-31 11:27:49 -06:00
Nathan
2be4a81c03 dockerfy traefik 2026-01-31 11:27:30 -06:00
Nathan
2d52f92795 dockerfy traefik 2026-01-31 11:20:33 -06:00
Nathan
3a47aa53d0 dockerfy traefik 2026-01-31 11:09:13 -06:00
Nathan
9b01209ef0 dockerfy traefik 2026-01-31 11:06:17 -06:00
Nathan
1372c8f1ce dockerfy traefik 2026-01-31 10:45:08 -06:00
Nathan
b264cddcda dockerfy traefik 2026-01-31 10:38:41 -06:00
Nathan
8f3ded4029 dockerfy traefik 2026-01-31 10:17:46 -06:00
Nathan
f15a6b92ae dockerfy traefik 2026-01-31 10:13:33 -06:00
Nathan
15f6577c84 dockerfy traefik 2026-01-31 09:22:09 -06:00
Nathan
48d8f13145 dockerfy traefik 2026-01-31 09:20:11 -06:00
Nathan
5de8af47ff dockerfy traefik 2026-01-31 09:18:52 -06:00
Nathan
75586a64f3 dockerfy traefik 2026-01-31 09:15:58 -06:00
Nathan
06edfb2795 great docker migration 2026-01-30 11:19:24 -06:00
Nathan
0603de3f11 secrets 2026-01-30 07:37:06 -06:00
Nathan
2f4419eb59 begin great docker migration 2026-01-30 00:08:37 -06:00
Nathan
4bccbb92f4 enable authentik 2026-01-28 11:30:38 -06:00
Nathan
f41ca1867e enable authentik 2026-01-28 11:16:48 -06:00
Nathan
9a0dfc4cca try authentik 2026-01-28 11:12:58 -06:00
Nathan
d7875217bd begin work on authentik again 2026-01-27 17:42:00 -06:00
Nathan
89328fe7e7 hass config update 2026-01-26 17:39:43 -06:00
Nathan
d9338b280e add hass config 2026-01-26 17:32:37 -06:00
Nathan
51f15e3305 docker image 2026-01-26 17:11:37 -06:00
Nathan
bbd135bad9 home-assistant docker 2026-01-26 16:34:30 -06:00
Nathan
94ae66c7eb vms 2026-01-25 17:36:45 -06:00
Nathan
b72a7f5660 vms 2026-01-25 14:26:56 -06:00
Nathan
a73ed8e3f0 try n8n 2026-01-25 14:09:42 -06:00
Nathan
3e42c24435 try n8n 2026-01-25 14:05:51 -06:00
Nathan
fbce7e8f2b try n8n 2026-01-25 13:29:36 -06:00
Nathan
e0ae6fd31e group 2026-01-25 13:27:03 -06:00
Nathan
6e70652719 n8n fix 2026-01-23 12:18:23 -06:00
Nathan
cc0b9cef25 n8n fix firewall 2026-01-23 11:26:18 -06:00
Nathan
8e07c32238 netbird fix container dns 2026-01-23 11:03:11 -06:00
Nathan
d2ea2395f0 fix netbird secrets_setup 2026-01-23 10:40:37 -06:00
Nathan
b4d7f9c3d2 no ha yet 2026-01-23 08:24:35 -06:00
Nathan
33cf8a4f0a docker n8n 2026-01-23 07:41:39 -06:00
Nathan
94a1ca970f match gitea ssh ports 2026-01-22 20:25:44 -06:00
Nathan
1238fa76db wyoming 2026-01-22 13:00:27 -06:00
Nathan
58e0b82520 wyoming 2026-01-22 12:54:52 -06:00
Nathan
b4bac11cf9 option 2026-01-22 12:50:44 -06:00
Nathan
bb45b7b08a option 2026-01-22 12:49:45 -06:00
Nathan
9a07fe0d59 proper ssh port 2026-01-22 12:46:55 -06:00
Nathan
5c8ebb84bb proper ssh port 2026-01-22 12:15:03 -06:00
Nathan
6dfacb91da proper ssh port 2026-01-22 12:10:02 -06:00
Nathan
128a560bb0 use ssh for submodules 2026-01-22 10:20:51 -06:00
Nathan
86fbc59bcf virtual machines 2026-01-22 09:18:06 -06:00
Nathan
82e15df890 next step 2026-01-22 09:15:41 -06:00
Nathan
a60a5b738b use recent packages 2026-01-21 22:23:00 -06:00
Nathan
191a54670e option 2026-01-21 22:16:15 -06:00
Nathan
7949acb8f0 option 2026-01-21 21:58:19 -06:00
Nathan
11e881b1cc import 2026-01-21 21:55:42 -06:00
Nathan
2223acef57 inputs 2026-01-21 21:52:29 -06:00
Nathan
b1d54ce420 import 2026-01-21 21:50:20 -06:00
Nathan
d3c63aa684 import 2026-01-21 21:41:17 -06:00
Nathan
dac6771f58 import 2026-01-21 21:33:52 -06:00
Nathan
cf784f3847 inputs 2026-01-21 18:49:59 -06:00
Nathan
e9c4339640 inputs 2026-01-21 17:55:17 -06:00
Nathan
386c4d6561 submodules should use https 2026-01-21 17:44:50 -06:00
Nathan
66171880bc submodules should use https 2026-01-21 17:43:55 -06:00
Nathan
65430099bf submodules should use https 2026-01-21 17:40:57 -06:00
Nathan
a65cfacb79 Revert "submodules should use https" 
This reverts commit c6a21aee85.
 2026-01-21 17:37:32 -06:00
Nathan
c6a21aee85 submodules should use https 2026-01-21 17:30:50 -06:00
Nathan
514e4864ca options 2026-01-21 16:30:18 -06:00
Nathan
69d16e38a8 nix-on-droid only goes to 24.05 2026-01-21 12:24:27 -06:00
Nathan
e86a839bd7 rename options 2026-01-21 09:42:51 -06:00
Nathan
65f878b20d prepare android 2026-01-21 09:27:44 -06:00
Nathan
b893475db6 prepare android 2026-01-21 09:22:22 -06:00
Nathan
1ada91d5ef reorganize 2026-01-20 17:34:34 -06:00
Nathan
42bf08084e reorganize and fix searxng 2026-01-20 17:30:56 -06:00
Nathan
50d192c809 reorganize 2026-01-20 13:34:12 -06:00
Nathan
c028bad2a6 fix portainer domain 2026-01-20 12:44:01 -06:00
Nathan
9b218f88fa fix traefik docker 2026-01-20 12:34:45 -06:00
Nathan
276823d2aa fix traefik docker 2026-01-20 11:53:31 -06:00
Nathan
ab47a1ea52 fix traefik docker 2026-01-20 11:48:40 -06:00
Nathan
4a7615b50c fix traefik docker 2026-01-20 11:40:43 -06:00
Nathan
ea37cbe865 no error 2026-01-20 11:17:08 -06:00
Nathan
8cc337ca0e no error 2026-01-20 11:16:46 -06:00
Nathan
f99cb4f761 try docker provider for traefik 2026-01-20 11:15:55 -06:00
Nathan
6abef03321 networking 2026-01-19 19:46:45 -06:00
Nathan
f584fb2e32 networking 2026-01-19 19:40:29 -06:00
Nathan
b7763031dd networking 2026-01-19 19:36:09 -06:00
Nathan
761624c21c networking 2026-01-19 17:53:14 -06:00
Nathan
43d87cb6b3 networking 2026-01-19 17:42:51 -06:00
Nathan
be310b9ae7 docker network 2026-01-19 17:25:19 -06:00
Nathan
39fb19f62e setup internal services 2026-01-19 16:06:23 -06:00
Nathan
f7041607d7 try 2026-01-19 11:10:07 -06:00
Nathan
6ef3081bd1 try 2026-01-19 10:46:19 -06:00
Nathan
c69e8ed0ef help 2026-01-19 10:35:43 -06:00
Nathan
9e3023c26b help 2026-01-19 10:33:23 -06:00
Nathan
3a6c6673eb help 2026-01-19 10:08:09 -06:00
Nathan
c6baa8fc5b try pihole network 2026-01-19 09:13:22 -06:00
Nathan
9a89b1ee6a try pihole network 2026-01-19 09:10:54 -06:00
Nathan
eda60a7fec try pihole network 2026-01-19 08:49:42 -06:00
Nathan
e69f8348be try pihole network 2026-01-19 08:42:11 -06:00
Nathan
23b4035da1 try pihole network 2026-01-19 01:09:51 -06:00
Nathan
02427aca71 try netbird + pihole 2026-01-19 00:42:13 -06:00
Nathan
03274e6e46 try netbird + pihole 2026-01-19 00:35:11 -06:00
Nathan
bf994f7e13 try compartmental traefik 2026-01-18 23:59:14 -06:00
Nathan
3696bab033 try compartmental traefik 2026-01-18 23:16:54 -06:00
Nathan
ea2a03037a try compartmental traefik 2026-01-18 23:14:32 -06:00
Nathan
0947941c11 dns trouble 2026-01-18 22:22:48 -06:00
Nathan
c48ecab2bd dns trouble 2026-01-18 22:11:32 -06:00
Nathan
55b1cae63b set pihole as sole dns 2026-01-18 21:34:28 -06:00
Nathan
76a072d274 try pihole as sole dns 2026-01-18 19:41:19 -06:00
Nathan
346907fce4 try pihole as sole dns 2026-01-18 18:58:59 -06:00
Nathan
86810b6105 fix remote build 2026-01-18 18:27:02 -06:00
Nathan
eba2b6e52f fix remote build 2026-01-18 18:23:45 -06:00
Nathan
96e4476934 fix remote build 2026-01-18 18:22:40 -06:00
Nathan
560f36b18e packages 2026-01-18 17:22:49 -06:00
Nathan
0c9d45ad39 packages 2026-01-18 17:17:23 -06:00
Nathan
e39eeac850 packages 2026-01-18 17:14:48 -06:00
Nathan
46cc39c91f options 2026-01-18 17:11:03 -06:00
Nathan
9f7b03679a options 2026-01-18 17:10:23 -06:00
Nathan
96ab25c6ad move options 2026-01-18 17:08:05 -06:00
Nathan
d530844886 docker ollama tune 2026-01-18 14:34:43 -06:00
Nathan
8bb52d7df6 docker ollama tune 2026-01-18 14:31:50 -06:00
Nathan
05d4280ad6 docker ollama debug 2026-01-18 14:17:46 -06:00
Nathan
90b99dbf19 docker ollama debug 2026-01-18 14:13:22 -06:00
Nathan
f96f7182c4 docker ollama debug 2026-01-18 14:08:35 -06:00
Nathan
bd8b5f1327 docker perms 2026-01-18 13:40:15 -06:00
Nathan
d13b59e7ac docker ollama 2026-01-18 13:34:23 -06:00
Nathan
69b47de1fc docker pihole debug 2026-01-18 12:42:14 -06:00
Nathan
06cb547197 docker pihole debug 2026-01-18 12:32:47 -06:00
Nathan
f0ec952442 docker pihole enable 2026-01-18 12:23:46 -06:00
Nathan
2fab28204d docker pihole 2026-01-18 12:21:50 -06:00
Nathan
9b32b8a6db option 2026-01-18 11:01:24 -06:00
Nathan
71e6fbcef4 spellcheck 2026-01-18 10:57:51 -06:00
Nathan
1b140efc19 mkIf nonsense 2026-01-18 10:57:03 -06:00
Nathan
8c21db0a08 try 2026-01-18 10:54:34 -06:00
Nathan
d5a7657410 spellcheck 2026-01-18 10:47:22 -06:00
Nathan
e5b8871d4e try docker 2026-01-18 10:45:33 -06:00
Nathan
a6808a984e try 2026-01-17 10:24:00 -06:00
Nathan
e5f6a4bc69 dns 2026-01-17 10:19:35 -06:00
Nathan
eb857b8d03 timeout 2026-01-17 10:13:32 -06:00
Nathan
712aaab720 spellcheck 2026-01-17 10:10:47 -06:00
Nathan
778433b318 try networkd again 2026-01-17 10:08:11 -06:00
Nathan
7440ef91b4 try preStart 2026-01-16 20:37:49 -06:00
Nathan
265a526c8b try networkd 2026-01-16 19:15:29 -06:00
Nathan
6cd5770452 pihole and dots 2026-01-16 18:33:53 -06:00
Nathan
66d2dde112 try cname 2026-01-16 07:42:43 -06:00
Nathan
7974a95659 pihole please 2026-01-15 23:37:22 -06:00
Nathan
8b605d692f pihole please 2026-01-15 23:23:27 -06:00
Nathan
b911a7931e pihole? 2026-01-15 23:16:49 -06:00
Nathan
574b2c058b pihole? 2026-01-15 23:11:54 -06:00
Nathan
f4f69a4a25 pihole? 2026-01-15 23:07:10 -06:00
Nathan
640c5911f6 ollama env var 2026-01-15 21:20:53 -06:00
Nathan
be74b8caaf test dns 2026-01-15 21:05:12 -06:00
Nathan
be199acad3 rewrite colorPrefix 2026-01-15 19:45:55 -06:00
Nathan
3335542d54 rewrite colorPrefix 2026-01-15 19:39:46 -06:00
Nathan
e008cd4d89 don't use bs nameservers 2026-01-15 19:23:52 -06:00
Nathan
4dbffa89c2 help 2026-01-15 19:16:24 -06:00
Nathan
c89816839a help 2026-01-15 19:06:50 -06:00
Nathan
b5b1e07f3a option 2026-01-15 18:53:34 -06:00
Nathan
340ea873ce option 2026-01-15 18:51:43 -06:00
Nathan
1fa30bdb94 option 2026-01-15 18:49:46 -06:00
Nathan
f480a1f8c9 lots 2026-01-15 18:47:31 -06:00
Nathan
fd3f3639bd try 2026-01-14 15:49:11 -06:00
Nathan
be4f0c5e6b try 2026-01-14 15:28:25 -06:00
Nathan
46f546a0e0 ssh key 2026-01-12 15:24:08 -06:00
Nathan
22535fbbaf ollama gpu 2026-01-11 22:25:28 -06:00
Nathan
10cf6bba46 fix homebox 2026-01-11 21:44:12 -06:00
Nathan
f07c4ae0d3 fix homebox 2026-01-11 21:02:39 -06:00
Nathan
c1f8c704b3 fix homebox 2026-01-11 20:43:00 -06:00
Nathan
0aa7f459dd update machines 2026-01-11 20:32:16 -06:00
Nathan
15dfb83bb7 propare homebox 2026-01-11 18:08:00 -06:00
Nathan
6b8a9a2152 propare homebox 2026-01-11 17:45:06 -06:00
Nathan
482f1b5912 propare homebox 2026-01-11 17:35:19 -06:00
Nathan
78277afa8a propare homebox 2026-01-11 17:33:24 -06:00
Nathan
680454c6b2 propare homebox 2026-01-11 17:32:04 -06:00
Nathan
ec1a12e2a1 propare homebox 2026-01-11 17:24:24 -06:00
Nathan
960af2d43b propare homebox 2026-01-11 17:19:52 -06:00
Nathan
a7e636e7a2 propare homebox 2026-01-11 17:18:05 -06:00
Nathan
099b8e40b2 prepare homebox 2026-01-11 17:15:15 -06:00
Nathan
32bf3e0bc0 propare homebox 2026-01-11 17:14:29 -06:00
Nathan
905de63f78 lock 2026-01-11 14:26:13 -06:00
Nathan
c977f9d3a2 proper branch stuff 2026-01-11 14:24:50 -06:00
Nathan
bc666ecab5 git tomfoolery 2026-01-11 14:23:31 -06:00
Nathan
8e0d66eff5 fix file not found stuff? 2026-01-11 14:12:49 -06:00
Nathan
c657f03912 update machines 2026-01-11 10:20:05 -06:00
Nathan
2ec608c5ae update machines 2026-01-11 10:12:55 -06:00
Nathan
6a3a44b2f0 add more opencode models 2026-01-10 23:23:33 -06:00
Nathan
1c96a54c52 use instruct model for opencode 2026-01-10 21:23:53 -06:00
Nathan
30d55ebb5a unfree problems 2026-01-10 19:06:55 -06:00
Nathan
daf0ea1169 update ollama, add magic space, install opencode 2026-01-10 18:58:54 -06:00
Nathan
bd20e9a29b fix pypr 2026-01-10 11:58:17 -06:00
Nathan
f8d3994ad9 update hyprland window rules 2026-01-10 10:50:33 -06:00
Nathan
3b376d7657 update laptop 2026-01-10 10:33:52 -06:00
Nathan
082f0bdcc5 fix hyprrun 2026-01-10 10:09:29 -06:00
Nathan
137e3753da no hypr errors 2026-01-10 09:09:03 -06:00
Nathan
c012163715 fix syntax 2026-01-10 08:58:54 -06:00
Nathan
be4b7c7d82 fix warning 2026-01-10 08:07:25 -06:00
Nathan
6c88dcd775 fix warning 2026-01-10 08:02:07 -06:00
Nathan
a1f0bf30cd stop warning? 2026-01-10 07:56:48 -06:00
Nathan
873230cfe3 use an option that exists 2026-01-09 20:33:01 -06:00
Nathan
1bf5944f11 include quickshell for option 2026-01-09 19:53:28 -06:00
Nathan
ff5e0d6bb2 try uwsm again 2026-01-09 19:47:53 -06:00
Nathan
795bca39f8 submodules 2026-01-07 12:28:22 -06:00
Nathan
707e839517 submodules incoming 2026-01-07 10:39:37 -06:00
Nathan
a9db2c09e7 remove laptop to add as submodule 2026-01-07 10:08:46 -06:00
Nathan
c657dae471 update scripts 2026-01-06 02:13:40 -06:00
Nathan
d1237dab12 update syntax 2026-01-06 02:03:50 -06:00
Nathan
61bcc8776f hyprland error fix 2026-01-06 01:46:52 -06:00
Nathan
e05dc795b3 re-add nh? 2026-01-06 01:34:58 -06:00
Nathan
eafa73042a no nh? 2026-01-06 00:56:03 -06:00
Nathan
e36f899e93 unstable nh? 2026-01-06 00:48:55 -06:00
Nathan
671b5f92c0 try 2026-01-06 00:19:34 -06:00
278 changed files with 8488 additions and 8066 deletions
Expand all files Collapse all files

22
.sops.yaml
View File

@@ -3,28 +3,6 @@ keys:
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q - &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74 - &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules: creation_rules:
- path_regex: homebox/secrets.yaml$
key_groups:
- age:
- *homebox
- path_regex: laptop/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: pi4/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: live/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: nathan/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: system/secrets.yaml$ - path_regex: system/secrets.yaml$
key_groups: key_groups:
- age: - age:

511
flake.lock generated
View File

@@ -20,11 +20,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767024902, "lastModified": 1775558810,
"narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=", "narHash": "sha256-fy95EdPnqQlpbP8+rk0yWKclWShCUS5VKs6P7/1MF2c=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "aquamarine", "repo": "aquamarine",
"rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556", "rev": "7371b669b22aa2af980f913fc312a786d2f1abb2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -33,6 +33,27 @@
"type": "github" "type": "github"
} }
}, },
"aurora": {
"inputs": {
"flake-parts": "flake-parts",
"home-manager": "home-manager",
"import-tree": "import-tree",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1776046854,
"narHash": "sha256-cxX5DzXikwGhHalyOOkll1vGgCdhTfTgReSXIJlQ0AY=",
"ref": "refs/heads/master",
"rev": "b2ec3d9cd0a6e52c4922b26d8b8e25823afd89d1",
"revCount": 52,
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
},
"original": {
"type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -40,11 +61,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766150702, "lastModified": 1773889306,
"narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -61,11 +82,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1767585814, "lastModified": 1775880170,
"narHash": "sha256-7iodv57Ppq05AHVKnS9/IdhhgBYTVpTDZmz2u2enr/E=", "narHash": "sha256-63PLZ7lspPAqpV/+d0oNtDHLCWQf1MVFRG2DOeDK+nU=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "66bfeb87deb83ca2f9fa2045704b72de52c6433a", "rev": "28b164d30b5ab6820ef7e17281ae55c539ae9ff5",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@@ -91,32 +112,16 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1754487366, "lastModified": 1775087534,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -126,6 +131,42 @@
} }
}, },
"flake-parts_2": { "flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_3": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_4": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
"nixvim", "nixvim",
@@ -134,11 +175,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754487366, "lastModified": 1772408722,
"narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -147,42 +188,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -206,17 +211,35 @@
} }
}, },
"home-manager": { "home-manager": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1775900011,
"narHash": "sha256-QUGu6CJYFQ5AWVV0n3/FsJyV+1/gj7HSDx68/SX9pwM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "b0569dc6ec1e6e7fefd8f6897184e4c191cd768e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1767619900, "lastModified": 1775425411,
"narHash": "sha256-KpoCBPvwHz3gAQtIUkohE2InRBFK3r0/FM6z5SPWfvM=", "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6bd04da47cfb48dfd15eabf08364b78ad894f5b2", "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -226,6 +249,24 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": {
"inputs": {
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1776885253,
"narHash": "sha256-vslJ5ezhyD+HBMEqzsPLOBfalILmPrAABR68yxrhEuM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d79c987e654347083e903ab6d2a89ed3d0752177",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"hyprcursor": { "hyprcursor": {
"inputs": { "inputs": {
"hyprlang": [ "hyprlang": [
@@ -242,11 +283,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753964049, "lastModified": 1772461003,
"narHash": "sha256-lIqabfBY7z/OANxHoPeIrDJrFyYy9jAM4GQLzZ2feCM=", "narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprcursor", "repo": "hyprcursor",
"rev": "44e91d467bdad8dcf8bbd2ac7cf49972540980a5", "rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -271,11 +312,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766946335, "lastModified": 1775496928,
"narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=", "narHash": "sha256-Ds759WU03mGWtu3I43J+5GF5Ni8TvF+GYQUFD+fVeMo=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprgraphics", "repo": "hyprgraphics",
"rev": "4af02a3925b454deb1c36603843da528b67ded6c", "rev": "cf95d93d17baa18f1d9b016b3afe27f820521a6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -295,17 +336,17 @@
"hyprutils": "hyprutils", "hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner", "hyprwayland-scanner": "hyprwayland-scanner",
"hyprwire": "hyprwire", "hyprwire": "hyprwire",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",
"systems": "systems", "systems": "systems",
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1767654014, "lastModified": 1775828308,
"narHash": "sha256-1RG4xtr1FOX7mtSGBR9BcCsTrlRkXbygPaCSFNdT3bs=", "narHash": "sha256-mKW54+ilZNBVsU3GnzHhZUb041H7L/R8aPA0GD+1oKQ=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "9817553c664b0b7f6776671383a6368c74ee8dee", "rev": "f7755322fc515108cc9eed8113c09492d4a352c1",
"revCount": 6789, "revCount": 7141,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@@ -349,11 +390,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767023960, "lastModified": 1774710575,
"narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=", "narHash": "sha256-p7Rcw13+gA4Z9EI3oGYe3neQ3FqyOOfZCleBTfhJ95Q=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-guiutils", "repo": "hyprland-guiutils",
"rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660", "rev": "0703df899520001209646246bef63358c9881e36",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -374,11 +415,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1765214753, "lastModified": 1772460177,
"narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "narHash": "sha256-/6G/MsPvtn7bc4Y32pserBT/Z4SUUdBd4XYJpOEKVR4=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-protocols", "repo": "hyprland-protocols",
"rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "rev": "1cb6db5fd6bb8aee419f4457402fa18293ace917",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -403,11 +444,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764612430, "lastModified": 1772459629,
"narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=", "narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlang", "repo": "hyprlang",
"rev": "0d00dc118981531aa731150b6ea551ef037acddd", "rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -455,11 +496,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764592794, "lastModified": 1772462885,
"narHash": "sha256-7CcO+wbTJ1L1NBQHierHzheQGPWwkIQug/w+fhTAVuU=", "narHash": "sha256-5pHXrQK9zasMnIo6yME6EOXmWGFMSnCITcfKshhKJ9I=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprtoolkit", "repo": "hyprtoolkit",
"rev": "5cfe0743f0e608e1462972303778d8a0859ee63e", "rev": "9af245a69fa6b286b88ddfc340afd288e00a6998",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -480,11 +521,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1766253372, "lastModified": 1774911391,
"narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", "narHash": "sha256-c4YVwO33Mmw+FIV8E0u3atJZagHvGTJ9Jai6RtiB8rE=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprutils", "repo": "hyprutils",
"rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", "rev": "e6caa3d4d1427eedbdf556cf4ceb70f2d9c0b56d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -505,11 +546,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1763640274, "lastModified": 1772459835,
"narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", "narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwayland-scanner", "repo": "hyprwayland-scanner",
"rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", "rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -534,11 +575,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767473322, "lastModified": 1775414057,
"narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=", "narHash": "sha256-mDpHnf+MkdOxEqIM1TnckYYh9p1SXR8B3KQfNZ12M8s=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprwire", "repo": "hyprwire",
"rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11", "rev": "86012ee01b0fdd8bf3101ef38816f2efbee42490",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -547,63 +588,43 @@
"type": "github" "type": "github"
} }
}, },
"ixx": { "import-tree": {
"inputs": {
"flake-utils": [
"nixvim",
"nixvim",
"nuschtosSearch",
"flake-utils"
],
"nixpkgs": [
"nixvim",
"nixvim",
"nuschtosSearch",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1754860581, "lastModified": 1773693634,
"narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "NuschtOS", "owner": "vic",
"repo": "ixx", "repo": "import-tree",
"rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NuschtOS", "owner": "vic",
"ref": "v0.1.1", "repo": "import-tree",
"repo": "ixx",
"type": "github" "type": "github"
} }
}, },
"nix-minecraft": { "import-tree_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2"
},
"locked": { "locked": {
"lastModified": 1767147099, "lastModified": 1773693634,
"narHash": "sha256-395ehjdAtaqCbKmx+PhKAqnkYLvTtAzq2qzFG9qaGDw=", "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"owner": "Infinidoge", "owner": "vic",
"repo": "nix-minecraft", "repo": "import-tree",
"rev": "01f571579edd64433f97c4294137fbc366deef4b", "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "Infinidoge", "owner": "vic",
"repo": "nix-minecraft", "repo": "import-tree",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1767379071, "lastModified": 1775423009,
"narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fb7944c166a3b630f177938e478f0378e64ce108", "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -615,11 +636,41 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1753579242, "lastModified": 1774748309,
"narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -630,11 +681,11 @@
}, },
"nixpkgs-us": { "nixpkgs-us": {
"locked": { "locked": {
"lastModified": 1767379071, "lastModified": 1776548001,
"narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fb7944c166a3b630f177938e478f0378e64ce108", "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -646,11 +697,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1748929857, "lastModified": 1775710090,
"narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=", "narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4", "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -662,11 +713,27 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1767480499, "lastModified": 1775423009,
"narHash": "sha256-8IQQUorUGiSmFaPnLSo2+T+rjHtiNWc+OAzeHck7N48=", "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1775811116,
"narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "30a3c519afcf3f99e2c6df3b359aec5692054d92", "rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -676,13 +743,29 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1755615617, "lastModified": 1775423009,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=", "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1775710090,
"narHash": "sha256-ar3rofg+awPB8QXDaFJhJ2jJhu+KqN/PRCXeyuXR76E=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "20075955deac2583bb12f07151c2df830ef346b4", "rev": "4c1018dae018162ec878d42fec712642d214fdfa",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -692,13 +775,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1755577059, "lastModified": 1774701658,
"narHash": "sha256-5hYhxIpco8xR+IpP3uU56+4+Bw7mf7EMyxS/HqUYHQY=", "narHash": "sha256-CIS/4AMUSwUyC8X5g+5JsMRvIUL3YUfewe8K4VrbsSQ=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "97eb7ee0da337d385ab015a23e15022c865be75c", "rev": "b63fe7f000adcfa269967eeff72c64cafecbbebe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -710,16 +793,17 @@
}, },
"nixvim": { "nixvim": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_4", "home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_6",
"nixvim": "nixvim_2" "nixvim": "nixvim_2"
}, },
"locked": { "locked": {
"lastModified": 1760575893, "lastModified": 1776887413,
"narHash": "sha256-u6eyhxtlxgG29uI2VCSt5Ir6/BW9hkhglCTfbJ14Hgg=", "narHash": "sha256-zIx29OCh30Bpi4lHwce/5Qz86n6OVqDFi3P5QLRXh7Y=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "bcc5185ef433a77b18f5aa585ee79d97f9a8e69c", "rev": "7fb16160f7170a580d6791d0f26736ff68cceb3c",
"revCount": 36, "revCount": 40,
"type": "git", "type": "git",
"url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai" "url": "https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"
}, },
@@ -730,17 +814,16 @@
}, },
"nixvim_2": { "nixvim_2": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_4",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_7",
"nuschtosSearch": "nuschtosSearch", "systems": "systems_2"
"systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1755741137, "lastModified": 1775837497,
"narHash": "sha256-YnpE/fOL3H8cJZ9by/YmeNhIqOQdKuZRYA1L3+w6WsI=", "narHash": "sha256-L17VI03w/wVXvc1SK7EI1muLqHxD3+esYPPzgQvvdOE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "91a38e66240c338e683421a4ee3f525d329fc4ad", "rev": "a587a96a48c705609bfd2ad23f9ae5961eb0d373",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -749,30 +832,6 @@
"type": "github" "type": "github"
} }
}, },
"nuschtosSearch": {
"inputs": {
"flake-utils": "flake-utils_2",
"ixx": "ixx",
"nixpkgs": [
"nixvim",
"nixvim",
"nixpkgs"
]
},
"locked": {
"lastModified": 1755555503,
"narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=",
"owner": "NuschtOS",
"repo": "search",
"rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea",
"type": "github"
},
"original": {
"owner": "NuschtOS",
"repo": "search",
"type": "github"
}
},
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@@ -783,11 +842,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767281941, "lastModified": 1775036584,
"narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", "narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", "rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -798,12 +857,14 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"aurora": "aurora",
"disko": "disko", "disko": "disko",
"firefox-addons": "firefox-addons", "firefox-addons": "firefox-addons",
"home-manager": "home-manager", "flake-parts": "flake-parts_2",
"home-manager": "home-manager_2",
"hyprland": "hyprland", "hyprland": "hyprland",
"nix-minecraft": "nix-minecraft", "import-tree": "import-tree_2",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_4",
"nixpkgs-us": "nixpkgs-us", "nixpkgs-us": "nixpkgs-us",
"nixvim": "nixvim", "nixvim": "nixvim",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@@ -816,11 +877,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767499857, "lastModified": 1775682595,
"narHash": "sha256-0zUU/PW09d6oBaR8x8vMHcAhg1MOvo3CwoXgHijzzNE=", "narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "ecc41505948ec2ab0325f14c9862a4329c2b4190", "rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -859,36 +920,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"xdph": { "xdph": {
"inputs": { "inputs": {
"hyprland-protocols": [ "hyprland-protocols": [
@@ -917,11 +948,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1761431178, "lastModified": 1773601989,
"narHash": "sha256-xzjC1CV3+wpUQKNF+GnadnkeGUCJX+vgaWIZsnz9tzI=", "narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland", "repo": "xdg-desktop-portal-hyprland",
"rev": "4b8801228ff958d028f588f0c2b911dbf32297f9", "rev": "a9b862d1aa000a676d310cc62d249f7ad726233d",
"type": "github" "type": "github"
}, },
"original": { "original": {

159
flake.nix
View File

@@ -21,164 +21,25 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
flake-parts.url = "github:hercules-ci/flake-parts";
import-tree.url = "github:vic/import-tree";
firefox-addons = { firefox-addons = {
url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons"; url = "gitlab:rycee/nur-expressions?dir=pkgs/firefox-addons";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
#simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-25.11";
hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1"; hyprland.url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai"; nixvim.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Moirai";
#nixvim.url = "git+file:///home/nathan/Projects/Moirai";
aurora.url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Aurora";
#aurora.url = "git+file:///home/nathan/Projects/Aurora";
}; };
outputs = { self, nixpkgs, home-manager, ... } @ inputs: { outputs = { ... } @ inputs:
inputs.flake-parts.lib.mkFlake { inherit inputs; }
profiles = let (inputs.import-tree [ ./modules ]);
dir = builtins.readDir ./system/profiles;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... }: {
imports = [
./system
./system/profiles/${name}
];
};
})) filtered)
);
homes = let
dir = builtins.readDir ./system/users;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = { ... } @ exputs: {
imports = [
(./system/users/${name}/home-manager (inputs // exputs))
];
};
})) filtered)
);
iso = (nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inputs = inputs // {
nathan = self.homes.nathan;
inherit self;
};
};
modules = [
self.profiles.iso
];
}).config.system.build.isoImage;
templates = {
nixos = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nixos;
};
home-manager = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/home-manager;
};
nix-on-droid = {
welcomeText = ''
#Welcome to Olympus!
Have Fun!
'';
description = ''
Generate this where you want your config.
'';
path = ./templates/nix-on-droid;
};
machines = let
dir = builtins.readDir ./machines;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome to Olympus!
##Warning:
This is a config for ${name}, an established machine!
It may require significant alterations to be usable!
'';
description = ''
Generate this where you want your config.
'';
path = ./machines/${name};
};
})) filtered)
);
homes = let
dir = builtins.readDir ./homes;
filtered = builtins.filter (x: dir.${x} == "directory") (builtins.attrNames dir);
in (builtins.listToAttrs
(builtins.map
(name: ({
inherit name;
value = {
welcomeText = ''
#Welcome home, ${name}!
Your config is right here.
'';
description = ''
Generate this where you want your config.
'';
path = ./homes/${name};
};
})) filtered)
);
default = self.templates.nixos;
};
};
} }

40
homes/nathan/flake.nix
View File

@@ -1,40 +0,0 @@
{
description = "Home-Manager Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, home-manager, olympus, ... } @ inputs: {
homeConfigurations = {
nathan = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs {
system = builtins.currentSystem;
};
modules = [
olympus.homes.nathan
./home.nix
];
extraSpecialArgs = {
inherit inputs;
};
};
};
};
}

11
homes/nathan/home.nix
View File

@@ -1,11 +0,0 @@
{ ... }:
{
config = {
homeconfig = {
graphical = false;
minimal = false;
};
};
}

33
machines/android/.sops.yaml
View File

@@ -1,33 +0,0 @@
keys:
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules:
- path_regex: homebox/secrets.yaml$
key_groups:
- age:
- *homebox
- path_regex: laptop/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: pi4/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: live/secrets.yaml$
key_groups:
- age:
- *laptop
- path_regex: nathan/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: system-config/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

80
machines/android/configuration.nix
View File

@@ -1,80 +0,0 @@
{ config, lib, pkgs, inputs, ... }: {
options.sysconfig.remoteBuildClient = with lib; mkOption {
type = with types; bool;
default = false;
};
config = {
sysconfig.remoteBuildClient = true;
home-manager = {
backupFileExtension = ".backup";
useUserPackages = true;
useGlobalPkgs = true;
extraSpecialArgs = { inherit inputs; };
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
inputs.home-manager-config
];
config = { config, lib, pkgs, ... }: {
imports = [
inputs.olympus.homes.nathan
];
config = {
homeconfig = {
graphical = false;
minimal = true;
host = "android";
scripts.enable = false;
};
home.username = "nathan";
home.homeDirectory = "/data/data/com.termux.nix/files/home";
};
};
};
terminal.font = "${pkgs.fira-code}/share/fonts/truetype/FiraCode-VF.ttf";
user = {
userName = "nathan";
uid = 10472; #update this for your device!
shell = "${pkgs.zsh}/bin/zsh";
};
time.timeZone = "America/Chicago";
android-integration = {
xdg-open.enable = true;
termux-open.enable = true;
termux-open-url.enable = true;
termux-setup-storage.enable = true;
termux-wake-lock.enable = true;
termux-wake-unlock.enable = true;
am.enable = true;
};
system.stateVersion = "24.05";
environment = {
etcBackupExtension = ".backup";
motd = "";
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
extraOptions = ''
experimental-features = nix-command flakes
builders-use-substitutes = true
builders = ssh://builder x86_64-linux,aarch64-linux /run/secrets/remoteBuildKey 1 1 nixos-test,benchmark,big-parallel,kvm - -
'';
};
};
}

47
machines/android/flake.nix
View File

@@ -1,47 +0,0 @@
{
description = "System Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
olympus = {
url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, olympus, ... } @ inputs: let
host = "laptop";
in {
nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {
system = "aarch64-linux";
overlays = [ inputs.nix-on-droid.overlays.default ];
};
modules = [
./configuration.nix
];
extraSpecialArgs = {
inherit inputs;
};
};
};
}

92
machines/homebox/configuration.nix
View File

@@ -1,92 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
config = {
hardware = {
nvidia = {
modesetting.enable = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
bluetooth.enable = true;
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
remoteBuildKey = {};
};
};
sysconfig = {
users = {
nathan = {
isSuperuser = true;
extraGroups = [ "networkmanager" ];
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = true;
nh.enable = true;
};
#monitor=eDP-1, addreserved, 40,0,0,0
wayland.windowManager.hyprland.extraConfig = ''
monitor=eDP-1,1920x1080@60,0x0,1
bind = CTRL SHIFT, XF86Launch2, exec, bash -c 'if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then pkexec --user root /nix/var/nix/profiles/system/bin/switch-to-configuration switch; else pkexec --user root /nix/var/nix/profiles/system/specialisation/docked/bin/switch-to-configuration switch; fi'
bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi
'';
}
];
};
};
};
};
services.xserver.videoDrivers = [ "nvidia" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
};
}

145
machines/homebox/disko.nix
View File

@@ -1,145 +0,0 @@
{
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
device2,
device3,
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = device2;
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = device3;
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
}

38
machines/homebox/flake.nix
View File

@@ -1,38 +0,0 @@
{
description = "System Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
home-manager = {
url = "github:nix-community/home-manager/release-25.05";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
#url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
url = "git+file:///home/nathan/Projects/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, olympus, ... }: let
host = "homebox";
in {
nixosConfigurations."${host}" = nixpkgs.lib.nixosSystem {
specialArgs = olympus.inputs;
modules = [
{ sysconfig.host = host; }
./configuration.nix
olympus.profiles.homebox
];
};
};
}

39
machines/homebox/hardware-configuration.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.br-de2feead48ad.useDHCP = lib.mkDefault true;
# networking.interfaces.docker0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-blunkall-us.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-gitea.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-home-assnHYM.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-jellyfin.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-keycloak.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-n8n.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-netbird.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-nextcloud.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-ollama.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-traefik.useDHCP = lib.mkDefault true;
# networking.interfaces.ve-wyoming.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp7s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

103
machines/laptop/configuration.nix
View File

@@ -1,103 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [ # Include the results of the hardware scan.
./hardware-configuration.nix
];
config = {
boot.kernelParams = [ "snd-intel-dspcfg.dsp_driver=1" ];
hardware.nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = {
# Make sure to use the correct Bus ID values for your system!
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
# WARNING: sync and offload are mutually exclusive.
# You can only pick one!!
#sync.enable = true;
offload = {
enable = true;
enableOffloadCmd = true;
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
remoteBuildKey = {};
};
};
sysconfig = {
users = {
nathan = {
isSuperuser = true;
extraGroups = [ "networkmanager" ];
hashedPasswordFile = config.sops.secrets."nathan/pass".path;
shell = pkgs.zsh;
home-manager = {
enable = true;
standalone = false;
extraModules = [
{
homeconfig = {
minimal = false;
hyprland.enable = true;
hyprlock.enable = true;
wal.enable = true;
mpd.enable = true;
hyprpanel.enable = true;
calcurse.enable = true;
rofi.enable = true;
firefox.enable = true;
git.enable = true;
nh.enable = true;
};
#monitor=eDP-1, addreserved, 40,0,0,0
wayland.windowManager.hyprland.extraConfig = ''
monitor=eDP-1,1920x1080@60,0x0,1
bind = CTRL SHIFT, XF86Launch2, exec, bash -c 'if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then pkexec --user root /nix/var/nix/profiles/system/bin/switch-to-configuration switch; else pkexec --user root /nix/var/nix/profiles/system/specialisation/docked/bin/switch-to-configuration switch; fi'
bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi
'';
}
];
};
};
};
};
services.xserver.videoDrivers = [ "nvidia" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
};
}

38
machines/laptop/flake.nix
View File

@@ -1,38 +0,0 @@
{
description = "System Configuration";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
olympus = {
#url = "git+https://gitea.esotericbytes.com/Blunkall-Technologies/Olympus";
url = "git+file:///home/nathan/Projects/Olympus";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
};
};
outputs = { self, nixpkgs, olympus, ... }: let
host = "laptop";
in {
nixosConfigurations."${host}" = nixpkgs.lib.nixosSystem {
specialArgs = olympus.inputs;
modules = [
{ sysconfig.host = host; }
./configuration.nix
olympus.profiles.laptop
];
};
};
}

39
machines/laptop/hardware-configuration.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/78c0964d-c09e-4e31-8a73-eb719d79917a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AE5E-AC86";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

16
modules/features/aurora-greeter.nix Normal file
View File

@@ -0,0 +1,16 @@
{ inputs, ... }: {
flake.nixosModules.aurora-greeter = { config, lib, pkgs, ... }: {
imports = [
inputs.aurora.nixosModules.default
];
config = {
services.aurora-greeter = {
enable = true;
};
};
};
}

236
modules/features/authentik.nix Normal file
View File

@@ -0,0 +1,236 @@
{ ... }: {
flake.nixosModules.authentik = { config, lib, pkgs, ... }: let
hostPort = 9005;
subdomain = "auth";
name = "authentik";
in {
config = {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
sops.secrets = {
"authentik/pass" = {};
"authentik/secret_key" = {};
};
sops.templates."authentik.env" = {
content = ''
PG_PASS=${config.sops.placeholder."authentik/pass"}
SECRET_KEY=${config.sops.placeholder."authentik/secret_key"}
'';
};
virtualisation.oci-containers.containers."authentik-postgresql" = {
image = "docker.io/library/postgres:16-alpine";
environment = {
"POSTGRES_DB" = "authentik";
"POSTGRES_PASSWORD" = "\${PG_PASS}";
"POSTGRES_USER" = "authentik";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"authentik_database:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--health-cmd=pg_isready -d \${POSTGRES_DB} -U \${POSTGRES_USER}"
"--health-interval=30s"
"--health-retries=5"
"--health-start-period=20s"
"--health-timeout=5s"
"--network-alias=postgresql"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-postgresql" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-volume-authentik_database.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:${builtins.toString hostPort}";
"traefik.http.middlewares.authentik.forwardauth.address" = "https://auth.esotericbytes.com/outpost.goauthentik.io/auth/traefik";
"traefik.http.middlewares.authentik.forwardauth.trustForwardHeader" = "true";
"traefik.http.middlewares.authentik.forwardauth.authResponseHeaders" = "X-authentik-username,X-authentik-groups,X-authentik-entitlements,X-authentik-email,X-authentik-name,X-authentik-uid,X-authentik-jwt,X-authentik-meta-jwks,X-authentik-meta-outpost,X-authentik-meta-provider,X-authentik-meta-app,X-authentik-meta-version";
};
volumes = [
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
];
ports = [
"${builtins.toString hostPort}:9000/tcp"
#"9443:9443/tcp"
];
cmd = [ "server" ];
dependsOn = [
"authentik-postgresql"
];
log-driver = "journald";
extraOptions = [
"--network-alias=server"
"--network-alias=authentik-server"
"--network-alias=${name}"
"--ip=192.168.101.6"
];
networks = [
"docker-main"
"authentik_default"
];
};
systemd.services."docker-authentik-server" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
requires = [
"docker-network-authentik_default.service"
"docker-network-setup.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2025.12.2";
environment = {
"AUTHENTIK_POSTGRESQL__HOST" = "postgresql";
"AUTHENTIK_POSTGRESQL__NAME" = "authentik";
"AUTHENTIK_POSTGRESQL__PASSWORD" = "\${PG_PASS}";
"AUTHENTIK_POSTGRESQL__USER" = "authentik";
"AUTHENTIK_SECRET_KEY" = "\${SECRET_KEY}";
};
environmentFiles = [ config.sops.templates."authentik.env".path ];
volumes = [
"/etc/Authentik/certs:/certs:rw"
"/etc/Authentik/custom-templates:/templates:rw"
"/etc/Authentik/data:/data:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
];
cmd = [ "worker" ];
dependsOn = [
"authentik-postgresql"
];
user = "root";
log-driver = "journald";
extraOptions = [
"--network-alias=worker"
"--network=authentik_default"
];
};
systemd.services."docker-authentik-worker" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-authentik_default.service"
];
requires = [
"docker-network-authentik_default.service"
];
partOf = [
"docker-compose-authentik-root.target"
];
wantedBy = [
"docker-compose-authentik-root.target"
];
};
# Networks
systemd.services."docker-network-authentik_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f authentik_default";
};
script = ''
docker network inspect authentik_default || docker network create authentik_default
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Volumes
systemd.services."docker-volume-authentik_database" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect authentik_database || docker volume create authentik_database --driver=local
'';
partOf = [ "docker-compose-authentik-root.target" ];
wantedBy = [ "docker-compose-authentik-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-authentik-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
};
}

20
modules/features/avahi.nix Normal file
View File

@@ -0,0 +1,20 @@
{ ... }: {
flake.nixosModules.avahi = { config, lib, ... }: {
config = {
services.avahi = {
enable = true;
ipv4 = true;
ipv6 = true;
openFirewall = true;
nssmdns4 = true;
wideArea = true;
};
};
};
}

39
modules/features/code-server.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }: {
flake.nixosModules.code-server = { config, lib, ... }: {
config = {
containers.code-server = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.31";
config = {
services.code-server = {
enable = true;
hashedPassword = "1$WFYzcW1TNmpYM1ZKU3lielNCaXAyRkF2K3FjPQ$bSeeV4bvL2uiDYKiQjBLJPAO13/gNjYVgw8YKFtTQDI";
disableUpdateCheck = true;
disableTelemetry = true;
disableGettingStartedOverride = true;
auth = "none";
host = "0.0.0.0";
};
networking.firewall.allowedTCPPorts = [ 4444 ];
system.stateVersion = "25.05";
};
};
};
};
}

96
modules/features/default.nix Normal file
View File

@@ -0,0 +1,96 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

1
modules/features/docker-mailserver.nix Normal file
View File

@@ -0,0 +1 @@
{}

49
modules/features/docker.nix Normal file
View File

@@ -0,0 +1,49 @@
{ ... }: {
flake.nixosModules.docker = { config, lib, pkgs, ... }: {
config = {
networking.nat.internalInterfaces = [ "docker0" "docker-main" ];
virtualisation = {
docker = {
enable = true;
storageDriver = "btrfs";
};
oci-containers = {
backend = "docker";
};
};
hardware.nvidia-container-toolkit.enable = lib.mkDefault (builtins.any
(x: x == "nvidia")
config.services.xserver.videoDrivers
);
systemd.services."docker-network-setup" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f docker-main";
};
script = ''
docker network inspect docker-main ||
docker network create -d bridge docker-main \
--attachable --subnet 192.168.101.0/24 --ip-range 192.168.101.0/24 \
--gateway 192.168.101.1 \
-o "com.docker.network.bridge.name"="docker-main" \
-o "com.docker.network.bridge.trusted_host_interfaces"="wt0:ve-netbird:ve-traefik"
'';
wantedBy = [ "docker-net.target" ];
};
systemd.targets."docker-net" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

38
modules/features/dynamicDNS.nix Normal file
View File

@@ -0,0 +1,38 @@
{ ... }: {
flake.nixosModules.dynamicDNS = { config, lib, pkgs, ... }: {
config = {
systemd.timers.dynamicDNS = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitActiveSec = "1h";
Unit = "dynamicDNS.service";
};
};
systemd.services.dynamicDNS = {
name = "dynamicDNS.service";
serviceConfig = {
Type = "oneshot";
LoadCredential = [ "cloudflare-api-key" ];
};
script = '''';
};
};
};
}

258
modules/features/gitea.nix Normal file
View File

@@ -0,0 +1,258 @@
{ ... }: {
flake.nixosModules.gitea = { config, lib, ... }: {
config = {
networking = {
nat.internalInterfaces = [ "ve-gitea" ];
};
sops.secrets = {
"gitea/dbpass" = {};
};
containers.gitea = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.20";
bindMounts = {
"/etc/gitea/data" = {
hostPath = "/ssd1/Gitea/data";
isReadOnly = false;
};
};
extraFlags = [
"--load-credential=dbpass:${config.sops.secrets."gitea/dbpass".path}"
];
config = {
systemd.services.secrets_setup = {
wantedBy = [ "gitea.service" ];
serviceConfig = {
LoadCredential = [
"dbpass"
];
};
script = ''
cat ''${CREDENTIALS_DIRECTORY}/dbpass > /etc/gitea/dbpass
chown gitea:gitea /etc/gitea/*
'';
};
services.gitea = {
enable = true;
stateDir = "/etc/gitea/data";
dump.enable = false;
appName = "Gitea";
settings = {
server = {
DOMAIN = "gitea.esotericbytes.com";
HTTP_PORT = 3000;
ROOT_URL = "https://gitea.esotericbytes.com/";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
REQUIRE_SIGNIN_VIEW = false;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
session.COOKIE_SECURE = true;
cron = {
ENABLED = true;
RUN_AT_START = true;
};
repository = {
DEFAULT_BRANCH = "master";
};
};
database = {
passwordFile = "/etc/gitea/dbpass";
type = "postgres";
};
};
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
ports = [ 2222 ];
};
networking.firewall.allowedTCPPorts = [ 3000 ];
system.stateVersion = "24.11";
};
};
};
};
flake.nixosModules.gitea-docker = { config, lib, pkgs, ... }: let
subdomain = "gitea";
name = "gitea";
in {
config = {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "3000";
"traefik.tcp.routers.${name}-ssh.entrypoints" = "gitea-ssh";
"traefik.tcp.routers.${name}-ssh.rule" = "HostSNI(`*`)";
"traefik.tcp.routers.${name}-ssh.service" = "${name}-ssh";
"traefik.tcp.services.${name}-ssh.loadbalancer.server.port" = "22";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.20"
];
volumes = [
"vol_gitea:/data"
];
environment = {
};
};
virtualisation.oci-containers.containers."${name}-db" = {
image = "docker.io/library/postgres:14";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${name}-db";
networks = [
"docker-main"
];
labels = {
};
ports = [
];
extraOptions = [
"--ip=192.168.101.21"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
};
systemd.services."docker-gitea" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-gitea-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-gitea-root.target"
];
wantedBy = [
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
};
};
}

16
modules/features/home-assistant/configuration.yaml Normal file
View File

@@ -0,0 +1,16 @@
# Loads default set of integrations. Do not remove.
default_config:
# Load frontend themes from the themes folder
frontend:
themes: !include_dir_merge_named themes
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.101.11

63
modules/features/home-assistant/home-assistant.nix Normal file
View File

@@ -0,0 +1,63 @@
{ ... }: {
flake.nixosModules.home-assistant = { config, lib, ... }: let
subdomain = "hass";
name = "home-assistant";
in {
config = {
environment.etc."home-assistant/configuration.yaml".source = ./configuration.yaml;
virtualisation.oci-containers.containers.home-assistant = {
image = "ghcr.io/home-assistant/home-assistant:stable";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8123";
};
environment = {
TZ = "America/Chicago";
};
extraOptions = [
"--ip=192.168.101.13"
];
ports = [
];
volumes = [
"vol_home-assistant:/config/"
"/etc/home-assistant/configuration.yaml:/config/configuration.yaml"
];
};
};
};
flake.nixosModules.home-assistant-vm = { config, lib, ... }: {
config = {
};
};
}

28
modules/features/hyprland.nix Normal file
View File

@@ -0,0 +1,28 @@
{ inputs, ... }: {
flake.nixosModules.hyprland = { config, lib, pkgs, ... }: {
config = {
environment.sessionVariables.NIXOS_OZONE_WL = "1";
programs.hyprland = let
system = pkgs.stdenv.hostPlatform.system;
#pkgs-us = import inputs.nixpkgs-us { inherit system; };
in {
enable = true;
withUWSM = false;
xwayland.enable = true;
systemd.setPath.enable = true;
package = inputs.hyprland.packages.${system}.hyprland;
portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
};
};
};
}

117
modules/features/jellyfin.nix Normal file
View File

@@ -0,0 +1,117 @@
{ ... }: {
flake.nixosModules.jellyfin = { config, lib, pkgs, ... }: let
subdomain = "watch";
name = "jellyfin";
in {
config = {
networking.firewall.allowedUDPPorts = [ 7359 ];
virtualisation.oci-containers.containers.jellyfin = {
image = "jellyfin/jellyfin:10.11.6";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"7359:7359/udp"
];
volumes = [
"vol_jellyfin-config:/config"
"vol_jellyfin-cache:/cache"
"/etc/jellyfin/media:/media"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8096";
};
extraOptions = lib.mkMerge [
(lib.mkIf config.hardware.nvidia-container-toolkit.enable [
"--device=nvidia.com/gpu=all"
])
[ "--ip=192.168.101.21" ]
];
environment = {
JELLYFIN_PublishedServerUrl = "https://${subdomain}.esotericbytes.com";
};
};
systemd.services."docker-jellyfin" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-jellyfin-config.service"
"docker-volume-jellyfin-cache.service"
];
partOf = [
"docker-compose-jellyfin-root.target"
];
wantedBy = [
"docker-compose-jellyfin-root.target"
];
};
systemd.services."docker-volume-jellyfin-config" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-config || docker volume create vol_jellyfin-config --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.services."docker-volume-jellyfin-cache" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_jellyfin-cache || docker volume create vol_jellyfin-cache --driver=local
'';
partOf = [ "docker-compose-jellyfin-root.target" ];
wantedBy = [ "docker-compose-jellyfin-root.target" ];
};
systemd.targets."docker-compose-jellyfin-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

28
modules/features/kdePlasma6.nix Normal file
View File

@@ -0,0 +1,28 @@
{ ... }: {
flake.nixosModules.kdePlasma6 = { config, lib, pkgs, ... }: {
config = {
services.desktopManager.plasma6.enable = true;
environment.systemPackages = with pkgs; [
kdePackages.discover # Optional: Install if you use Flatpak or fwupd firmware update sevice
kdePackages.kcalc # Calculator
kdePackages.kcharselect # Tool to select and copy special characters from all installed fonts
kdePackages.kcolorchooser # A small utility to select a color
kdePackages.kolourpaint # Easy-to-use paint program
kdePackages.ksystemlog # KDE SystemLog Application
kdePackages.sddm-kcm # Configuration module for SDDM
kdiff3 # Compares and merges 2 or 3 files or directories
kdePackages.isoimagewriter # Optional: Program to write hybrid ISO files onto USB disks
kdePackages.partitionmanager # Optional Manage the disk devices, partitions and file systems on your computer
hardinfo2 # System information and benchmarks for Linux systems
haruna # Open source video player built with Qt/QML and libmpv
wayland-utils # Wayland utilities
wl-clipboard # Command-line copy/paste utilities for Wayland
];
};
};
}

1
modules/features/kiwix.nix Normal file
View File

@@ -0,0 +1 @@
{}

1
modules/features/minecraft.nix Normal file
View File

@@ -0,0 +1 @@
{}

100
modules/features/n8n.nix Normal file
View File

@@ -0,0 +1,100 @@
{ ... }: {
flake.nixosModules.n8n = { config, lib, pkgs, ... }: let
subdomain = "n8n";
name = "n8n";
in {
config = {
virtualisation.oci-containers.containers."${name}" = {
image = "docker.n8n.io/n8nio/n8n";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "5678";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.2"
];
volumes = [
"vol_n8n:/etc/n8n"
];
environment = {
GENERIC_TIMEZONE = "America/Chicago";
TZ = "America/Chicago";
N8N_DIAGNOSTICS_ENABLED = "false";
N8N_VERSION_NOTIFICATIONS_ENABLED = "false";
N8N_TEMPLATES_ENABLED = "false";
EXTERNAL_FRONTEND_HOOKS_URLS = "";
N8N_DIAGNOSTICS_CONFIG_FRONTEND = "";
N8N_DIAGNOSTICS_CONFIG_BACKEND = "";
N8N_SECURE_COOKIE = "false";
};
};
systemd.services."docker-n8n" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-n8n.service"
];
partOf = [
"docker-compose-n8n-root.target"
];
wantedBy = [
"docker-compose-n8n-root.target"
];
};
systemd.services."docker-volume-n8n" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_n8n || docker volume create vol_n8n --driver=local
'';
partOf = [ "docker-compose-n8n-root.target" ];
wantedBy = [ "docker-compose-n8n-root.target" ];
};
};
};
}

27
modules/features/netbird/config/management.json Normal file
View File

@@ -0,0 +1,27 @@
{
"Stuns": [
{
"Proto": "udp",
"URI": "stun:vpn.esotericbytes.com:3478"
}
],
"Relay": {
"Addresses": ["rels://vpn.esotericbytes.com:443"],
"CredentialsTTL": "24h",
"Secret": "0qSIu/S2sXHJbo0SyBNm4SFxAItRoPLKR4wjnW/Zsgc"
},
"Signal": {
"Proto": "https",
"URI": "vpn.esotericbytes.com:443"
},
"Datadir": "/var/lib/netbird",
"DataStoreEncryptionKey": "FZnQt+JqAC8GEXUSJwhrgo0vn4PoDetoAhjUx9nSJR0=",
"EmbeddedIdP": {
"Enabled": true,
"Issuer": "https://vpn.esotericbytes.com/oauth2",
"DashboardRedirectURIs": [
"https://vpn.esotericbytes.com/nb-auth",
"https://vpn.esotericbytes.com/nb-silent-auth"
]
}
}

258
modules/features/netbird/netbird.nix Normal file
View File

@@ -0,0 +1,258 @@
{ inputs, ... }: {
flake.nixosModules.netbird = { config, lib, pkgs, ... }: {
config = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
};
in {
services.netbird = {
enable = lib.mkDefault true;
clients.default = {
port = 51820;
name = "netbird";
interface = "wt0";
hardened = false;
ui = {
enable = lib.mkDefault config.hardware.graphics.enable;
#package = pkgs-us.netbird-ui;
#package = pkgs.netbird-ui;
};
};
package = pkgs-us.netbird;
#package = pkgs.netbird;
};
};
};
flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: {
config = {
networking.firewall.allowedUDPPorts = [ 3478 ];
sops.secrets."netbird/secret_key" = {};
sops.templates."netbird-relay.env" = {
content = ''
NB_AUTH_SECRET=${config.sops.placeholder."netbird/secret_key"}
NB_LOG_LEVEL=info
NB_LISTEN_ADDRESS=:80
NB_EXPOSED_ADDRESS=rels://vpn.esotericbytes.com:443
NB_ENABLE_STUN=true
NB_STUN_LOG_LEVEL=info
NB_STUN_PORTS=3478
'';
};
environment.etc."netbird/management.json".source = ./config/management.json;
# Containers
virtualisation.oci-containers.containers."netbird-dashboard" = {
image = "netbirdio/dashboard:v2.30.1";
environment = {
"AUTH_AUDIENCE" = "netbird-dashboard";
"AUTH_AUTHORITY" = "https://vpn.esotericbytes.com/oauth2";
"AUTH_CLIENT_ID" = "netbird-dashboard";
"AUTH_CLIENT_SECRET" = "";
"AUTH_REDIRECT_URI" = "/nb-auth";
"AUTH_SILENT_REDIRECT_URI" = "/nb-silent-auth";
"AUTH_SUPPORTED_SCOPES" = "openid profile email groups";
"LETSENCRYPT_DOMAIN" = "none";
"NETBIRD_MGMT_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NETBIRD_MGMT_GRPC_API_ENDPOINT" = "https://vpn.esotericbytes.com";
"NGINX_SSL_PORT" = "443";
"USE_AUTH0" = "false";
};
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-dashboard.entrypoints" = "websecure";
"traefik.http.routers.netbird-dashboard.priority" = "1";
"traefik.http.routers.netbird-dashboard.rule" = "Host(`vpn.esotericbytes.com`)";
"traefik.http.routers.netbird-dashboard.tls" = "true";
"traefik.http.services.netbird-dashboard.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=dashboard"
"--network=docker-main"
"--ip=192.168.101.5"
];
};
systemd.services."docker-netbird-dashboard" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-management" = {
image = "netbirdio/management:0.64.4";
volumes = [
"/etc/netbird/management.json:/etc/netbird/management.json:rw"
"netbird_netbird_management:/var/lib/netbird:rw"
];
cmd = [ "--port" "80" "--log-file" "console" "--log-level" "info" "--disable-anonymous-metrics=false" "--single-account-mode-domain=netbird.selfhosted" "--dns-domain=netbird.selfhosted" "--idp-sign-key-refresh-enabled" ];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-api.entrypoints" = "websecure";
"traefik.http.routers.netbird-api.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/api`)";
"traefik.http.routers.netbird-api.service" = "netbird-api";
"traefik.http.routers.netbird-api.tls" = "true";
"traefik.http.routers.netbird-mgmt-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/management.ManagementService/`)";
"traefik.http.routers.netbird-mgmt-grpc.service" = "netbird-mgmt-grpc";
"traefik.http.routers.netbird-mgmt-grpc.tls" = "true";
"traefik.http.routers.netbird-mgmt-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-mgmt-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/management`)";
"traefik.http.routers.netbird-mgmt-ws.service" = "netbird-mgmt-ws";
"traefik.http.routers.netbird-mgmt-ws.tls" = "true";
"traefik.http.routers.netbird-oauth2.entrypoints" = "websecure";
"traefik.http.routers.netbird-oauth2.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/oauth2`)";
"traefik.http.routers.netbird-oauth2.service" = "netbird-oauth2";
"traefik.http.routers.netbird-oauth2.tls" = "true";
"traefik.http.services.netbird-api.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-mgmt-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-mgmt-ws.loadbalancer.server.port" = "80";
"traefik.http.services.netbird-oauth2.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=management"
"--network=docker-main"
"--ip=192.168.101.4"
];
};
systemd.services."docker-netbird-management" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-volume-netbird_netbird_management.service"
];
requires = [
"docker-volume-netbird_netbird_management.service"
];
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-relay" = {
image = "netbirdio/relay:0.64.4";
environmentFiles = [ config.sops.templates."netbird-relay.env".path ];
ports = [
"3478:3478/udp"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-relay.entrypoints" = "websecure";
"traefik.http.routers.netbird-relay.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/relay`)";
"traefik.http.routers.netbird-relay.tls" = "true";
"traefik.http.services.netbird-relay.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=relay"
"--network=docker-main"
"--ip=192.168.101.3"
];
};
systemd.services."docker-netbird-relay" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
virtualisation.oci-containers.containers."netbird-signal" = {
image = "netbirdio/signal:0.64.4";
labels = {
"traefik.enable" = "true";
"traefik.http.routers.netbird-signal-grpc.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-grpc.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/signalexchange.SignalExchange/`)";
"traefik.http.routers.netbird-signal-grpc.service" = "netbird-signal-grpc";
"traefik.http.routers.netbird-signal-grpc.tls" = "true";
"traefik.http.routers.netbird-signal-ws.entrypoints" = "websecure";
"traefik.http.routers.netbird-signal-ws.rule" = "Host(`vpn.esotericbytes.com`) && PathPrefix(`/ws-proxy/signal`)";
"traefik.http.routers.netbird-signal-ws.service" = "netbird-signal-ws";
"traefik.http.routers.netbird-signal-ws.tls" = "true";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.port" = "10000";
"traefik.http.services.netbird-signal-grpc.loadbalancer.server.scheme" = "h2c";
"traefik.http.services.netbird-signal-ws.loadbalancer.server.port" = "80";
};
log-driver = "journald";
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
];
};
systemd.services."docker-netbird-signal" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-netbird-root.target"
];
wantedBy = [
"docker-compose-netbird-root.target"
];
};
# Volumes
systemd.services."docker-volume-netbird_netbird_management" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect netbird_netbird_management || docker volume create netbird_netbird_management
'';
partOf = [ "docker-compose-netbird-root.target" ];
wantedBy = [ "docker-compose-netbird-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-netbird-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
};
};
}

113
modules/features/nextcloud.nix Normal file
View File

@@ -0,0 +1,113 @@
{ ... }: {
flake.nixosModules.nextcloud = { config, lib, pkgs, ... }: let
subdomain = "cloud";
name = "nextcloud";
in {
config = {
virtualisation.oci-containers.containers."nextcloud-aio-mastercontainer" = {
image = "ghcr.io/nextcloud-releases/all-in-one:20260122_105751";
serviceName = "docker-nextcloud";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
];
volumes = [
"nextcloud_aio_mastercontainer:/mnt/docker-aio-config"
"/run/docker.sock:/var/run/docker.sock:ro"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "websecure,localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.routers.${name}.middlewares" = "nextcloud-chain";
"traefik.http.middlewares.https-redirect.redirectScheme.scheme" = "https";
"traefik.http.middlewares.nextcloud-secure-headers.headers.hostsProxyHeaders" = "X-Forwarded-Host";
"traefik.http.middlewares.nextcloud-secure-headers.headers.referrerPolicy" = "same-origin";
"traefik.http.middlewares.nextcloud-chain.chain.middlewares" = "https-redirect,nextcloud-secure-headers";
#"traefik.http.services.${name}.loadbalancer.server.port" = "11000";
"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.101.1:11000";
};
extraOptions = [
"--ip=192.168.101.17"
];
environment = {
APACHE_PORT = "11000";
APACHE_IP = "0.0.0.0";
APACHE_ADDITIONAL_NETWORK = "docker-main";
SKIP_DOMAIN_VALIDATION = "true";
TALK_PORT = "3479";
};
};
systemd.services."docker-nextcloud" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-nextcloud.service"
];
partOf = [
"docker-compose-nextcloud-root.target"
];
wantedBy = [
"docker-compose-nextcloud-root.target"
];
};
systemd.services."docker-volume-nextcloud" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect nextcloud_aio_mastercontainer || docker volume create nextcloud_aio_mastercontainer --driver=local
'';
partOf = [ "docker-compose-nextcloud-root.target" ];
wantedBy = [ "docker-compose-nextcloud-root.target" ];
};
systemd.targets."docker-compose-nextcloud-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

41
modules/features/nginx.nix Normal file
View File

@@ -0,0 +1,41 @@
{ ... }: {
flake.nixosModules.nginx = { config, lib, ... }: {
config = {
containers.esotericbytes-com = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.13";
bindMounts = {
"/var/www/data" = {
hostPath = "/ssd1/esotericbytes-com/data";
isReadOnly = false;
};
};
config = {
services.nginx = {
enable = true;
virtualHosts = {
"esotericbytes.com" = {
enableACME = false;
forceSSL = false;
root = "/var/www/data";
};
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
};
}

78
modules/features/novnc.nix Normal file
View File

@@ -0,0 +1,78 @@
{ ... }: {
flake.nixosModules.novnc = { config, lib, pkgs, ... }: {
config = {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 127.0.0.1:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
};
};
flake.nixosModules.novnc-container = { config, lib, pkgs, ... }: {
config = {
networking = {
firewall.interfaces."ve-novnc" = {
allowedTCPPorts = [ 5900 ];
allowedUDPPorts = [ 5900 ];
};
};
containers.novnc = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.30";
config = {
systemd.services.novnc = {
enable = true;
path = with pkgs; [
novnc
ps
];
script = ''
novnc --listen 80 --vnc 192.168.100.10:5900
'';
serviceConfig = {
Type = "exec";
};
wantedBy = [ "multi-user.target" ];
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "25.05";
};
};
};
};
}

41
modules/features/ntfy.nix Normal file
View File

@@ -0,0 +1,41 @@
{ ... }: {
flake.nixosModules.ntfy = { config, lib, ... }: {
config = {
containers.ntfy = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.19";
config = {
services.ntfy-sh = {
enable = true;
settings = {
base-url = "https://ntfy.esotericbytes.com";
listen-http = ":80";
behind-proxy = true;
upstream-base-url = "https://ntfy.sh";
auth-default-access = "deny-all";
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
system.stateVersion = "24.05";
};
};
};
};
}

91
modules/features/ollama.nix Normal file
View File

@@ -0,0 +1,91 @@
{ inputs, ... }: {
flake.nixosModules.ollama = { config, lib, ... }: {
config = {
services.ollama = {
enable = true;
acceleration = "cuda";
environmentVariables = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "16000";
};
package = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
config.allowUnfree = true;
};
in pkgs-us.ollama-cuda;
};
};
};
flake.nixosModules.ollama-docker = { config, lib, pkgs, ... }: let
hostPort = 11434;
subdomain = "ollama";
name = "ollama";
in {
config = {
environment.systemPackages = with pkgs; [
ollama
];
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
"ve-openwebui" = {
allowedTCPPorts = [ hostPort ];
};
};
virtualisation.oci-containers.containers.ollama = {
image = "ollama/ollama:latest";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
ports = [
"${builtins.toString hostPort}:11434"
];
volumes = [
"vol_ollama:/root/.ollama"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.ollama.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "11434";
};
extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.22"
];
environment = {
OLLAMA_CONTEXT_LENGTH = lib.mkDefault "32000";
};
};
};
};
}

19
modules/features/openssh.nix Normal file
View File

@@ -0,0 +1,19 @@
{ ... }: {
flake.nixosModules.openssh = { config, lib, ... }: {
config = {
services.openssh = {
enable = true;
openFirewall = lib.mkDefault true;
settings = {
PermitRootLogin = lib.mkForce "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
};
};
}

94
modules/features/openwebui.nix Normal file
View File

@@ -0,0 +1,94 @@
{ ... }: {
flake.nixosModules.openwebui = { config, lib, pkgs, ... }: let
subdomain = "ai";
name = "openwebui";
in {
config = {
virtualisation.oci-containers.containers.openwebui = {
image = "ghcr.io/open-webui/open-webui:v0.7.2";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
/*ports = [
"${builtins.toString hostPort}:8080"
];*/
volumes = [
"vol_openwebui:/app/backend/data"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
extraOptions = lib.mkIf config.hardware.nvidia-container-toolkit.enable [
"--device=nvidia.com/gpu=all"
"--ip=192.168.101.8"
];
environment = {
};
};
systemd.services."docker-openwebui" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-openwebui.service"
];
partOf = [
"docker-compose-openwebui-root.target"
];
wantedBy = [
"docker-compose-openwebui-root.target"
];
};
systemd.services."docker-volume-openwebui" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_openwebui || docker volume create vol_openwebui --driver=local
'';
partOf = [ "docker-compose-openwebui-root.target" ];
wantedBy = [ "docker-compose-openwebui-root.target" ];
};
systemd.targets."docker-compose-openwebui-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

12
modules/features/packages.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }: {
flake.nixosModules.default = { pkgs, ... }: {
environment.systemPackages = with pkgs; [
age
sops
inputs.disko.packages.${pkgs.stdenv.hostPlatform.system}.disko-install
];
};
}

167
modules/features/passbolt/docker-compose.nix-txt Normal file
View File

@@ -0,0 +1,167 @@
# Auto-generated by compose2nix.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."passbolt-db" = {
image = "mariadb:10.11";
environment = {
"MYSQL_DATABASE" = "passbolt";
"MYSQL_PASSWORD" = "P4ssb0lt";
"MYSQL_RANDOM_ROOT_PASSWORD" = "true";
"MYSQL_USER" = "passbolt";
};
volumes = [
"passbolt_database_volume:/var/lib/mysql:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=db"
"--network=passbolt_default"
];
};
systemd.services."docker-passbolt-db" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_database_volume.service"
];
requires = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_database_volume.service"
];
partOf = [
"docker-compose-passbolt-root.target"
];
wantedBy = [
"docker-compose-passbolt-root.target"
];
};
virtualisation.oci-containers.containers."passbolt-passbolt" = {
image = "passbolt/passbolt:latest-ce";
environment = {
"APP_FULL_BASE_URL" = "https://passbolt.local";
"DATASOURCES_DEFAULT_DATABASE" = "passbolt";
"DATASOURCES_DEFAULT_HOST" = "db";
"DATASOURCES_DEFAULT_PASSWORD" = "P4ssb0lt";
"DATASOURCES_DEFAULT_USERNAME" = "passbolt";
};
volumes = [
"passbolt_gpg_volume:/etc/passbolt/gpg:rw"
"passbolt_jwt_volume:/etc/passbolt/jwt:rw"
];
ports = [
"80:80/tcp"
"443:443/tcp"
];
cmd = [ "/usr/bin/wait-for.sh" "-t" "0" "db:3306" "--" "/docker-entrypoint.sh" ];
dependsOn = [
"passbolt-db"
];
log-driver = "journald";
extraOptions = [
"--network-alias=passbolt"
"--network=passbolt_default"
];
};
systemd.services."docker-passbolt-passbolt" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_gpg_volume.service"
"docker-volume-passbolt_jwt_volume.service"
];
requires = [
"docker-network-passbolt_default.service"
"docker-volume-passbolt_gpg_volume.service"
"docker-volume-passbolt_jwt_volume.service"
];
partOf = [
"docker-compose-passbolt-root.target"
];
wantedBy = [
"docker-compose-passbolt-root.target"
];
};
# Networks
systemd.services."docker-network-passbolt_default" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "docker network rm -f passbolt_default";
};
script = ''
docker network inspect passbolt_default || docker network create passbolt_default
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
# Volumes
systemd.services."docker-volume-passbolt_database_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_database_volume || docker volume create passbolt_database_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
systemd.services."docker-volume-passbolt_gpg_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_gpg_volume || docker volume create passbolt_gpg_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
systemd.services."docker-volume-passbolt_jwt_volume" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect passbolt_jwt_volume || docker volume create passbolt_jwt_volume
'';
partOf = [ "docker-compose-passbolt-root.target" ];
wantedBy = [ "docker-compose-passbolt-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-passbolt-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

1
modules/features/passbolt/passbolt.nix Normal file
View File

@@ -0,0 +1 @@
{}

80
modules/features/pihole.nix Normal file
View File

@@ -0,0 +1,80 @@
{ ... }: {
flake.nixosModules.pihole = { config, lib, ... }: let
hostPort = 9001;
subdomain = "pihole";
name = "pihole";
in {
config = {
virtualisation.docker.daemon.settings.dns = [ "192.168.101.12" ];
environment.etc."resolv.conf" = {
enable = true;
text = ''
nameserver 127.0.0.1
nameserver 1.1.1.1
nameserver 1.0.0.1
options edns0
'';
user = "root";
mode = "0664";
};
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "80";
};
extraOptions = [
"--ip=192.168.101.12"
];
ports = [
"${builtins.toString hostPort}:80"
"127.0.0.1:53:53/tcp"
"127.0.0.1:53:53/udp"
];
volumes = [
"vol_pihole:/etc/pihole"
];
environment = {
FTLCONF_webserver_api_password = "7567";
FTLCONF_dns_listeningMode = "ALL";
};
};
};
};
}

47
modules/features/pipewire.nix Normal file
View File

@@ -0,0 +1,47 @@
{ ... }: {
flake.nixosModules.pipewire = { config, lib, pkgs, ... }: {
config = {
# Enable sound with pipewire.
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
package = pkgs.pipewire;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
extraConfig.pipewire-pulse."92-low-latency" = {
context.modules = [
{
name = "libpipewire-module-protocol-pulse";
args = {
pulse.min.req = "32/48000";
pulse.default.req = "32/48000";
pulse.max.req = "32/48000";
pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000";
};
}
];
stream.properties = {
node.latency = "32/48000";
resample.quality = 1;
};
};
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
wireplumber.enable = true;
};
};
};
}

60
modules/features/portainer.nix Normal file
View File

@@ -0,0 +1,60 @@
{ ... }: {
flake.nixosModules.portainer = { config, lib, ... }: let
hostPort = 9000;
subdomain = "portainer";
name = "portainer";
in {
config = {
networking.firewall.interfaces = {
"ve-traefik" = {
allowedTCPPorts = [ hostPort ];
};
};
virtualisation.oci-containers.containers.portainer = {
image = "portainer/portainer-ce:latest";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "9000";
};
ports = [
"127.0.0.1:8000:8000"
"${builtins.toString hostPort}:9000"
];
extraOptions = [
"--ip=192.168.101.10"
];
volumes = [
"vol_portainer:/data"
"/run/docker.sock:/var/run/docker.sock"
];
};
};
};
}

1
modules/features/rustdesk/default.nix Normal file
View File

@@ -0,0 +1 @@
{}

77
modules/features/rustdesk/docker-compose.nix-txt Normal file
View File

@@ -0,0 +1,77 @@
# Auto-generated by compose2nix.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.docker = {
enable = true;
autoPrune.enable = true;
};
virtualisation.oci-containers.backend = "docker";
# Containers
virtualisation.oci-containers.containers."hbbr" = {
image = "rustdesk/rustdesk-server:latest";
volumes = [
"/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
];
cmd = [ "hbbr" ];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."docker-hbbr" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-rustdesk-root.target"
];
wantedBy = [
"docker-compose-rustdesk-root.target"
];
};
virtualisation.oci-containers.containers."hbbs" = {
image = "rustdesk/rustdesk-server:latest";
volumes = [
"/home/nathan/Projects/Olympus/system/virtualization/docker/rustdesk/data:/root:rw"
];
cmd = [ "hbbs" ];
dependsOn = [
"hbbr"
];
log-driver = "journald";
extraOptions = [
"--network=host"
];
};
systemd.services."docker-hbbs" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
partOf = [
"docker-compose-rustdesk-root.target"
];
wantedBy = [
"docker-compose-rustdesk-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-rustdesk-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

77
modules/features/sandbox.nix Normal file
View File

@@ -0,0 +1,77 @@
{ ... }: {
flake.nixosModules.sandbox = { config, lib, self, ... }: {
config = {
networking = {
nat.internalInterfaces = [ "ve-sandbox" ];
};
containers.sandbox = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.10";
localAddress = "192.168.100.32";
ephemeral = true;
timeoutStartSec = "3min";
flake = "${self}";
/*bindMounts = {
"/dev/nvidia0" = {
hostPath = "/dev/nvidia0";
isReadOnly = false;
};
"/dev/nvidiactl" = {
hostPath = "/dev/nvidiactl";
isReadOnly = false;
};
"/dev/nvidia-uvm" = {
hostPath = "/dev/nvidia-uvm";
isReadOnly = false;
};
"/dev/nvidia-modeset" = {
hostPath = "/dev/nvidia-modeset";
isReadOnly = false;
};
"/dev/nvidia-uvm-tools" = {
hostPath = "/dev/nvidia-uvm-tools";
isReadOnly = false;
};
};
allowedDevices = [
{
node = "/dev/nvidia0";
modifier = "rw";
}
{
node = "/dev/nvidiactl";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm";
modifier = "rw";
}
{
node = "/dev/nvidia-modeset";
modifier = "rw";
}
{
node = "/dev/nvidia-uvm-tools";
modifier = "rw";
}
];*/
config = {
};
};
};
};
}

32
modules/features/sddm.nix Normal file
View File

@@ -0,0 +1,32 @@
{ ... }: {
flake.nixosModules.sddm = { config, lib, pkgs, ... }: {
config = {
qt.enable = true;
environment.systemPackages = with pkgs; [ (sddm-astronaut.override { embeddedTheme = "pixel_sakura"; }) ];
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
autoNumlock = true;
theme = "sddm-astronaut-theme"; #"${inputs.tokyo-night-sddm-theme { inherit pkgs; }}";
enableHidpi = true;
/*extraPackages = with pkgs; [
libsForQt5.qtsvg
libsForQt5.qtquickcontrols2
libsForQt5.qtgraphicaleffects
];*/
package = lib.mkDefault pkgs.kdePackages.sddm;
extraPackages = with pkgs; [
kdePackages.qtsvg
kdePackages.qtvirtualkeyboard
kdePackages.qtmultimedia
];
};
};
};
}

57
modules/features/searxng/searxng.nix Normal file
View File

@@ -0,0 +1,57 @@
{ ... }: {
flake.nixosModules.searxng = { config, lib, ... }: let
subdomain = "searxng";
name = "searxng";
in {
config = {
environment.etc."searxng/settings.yml".source = ./settings.yml;
virtualisation.oci-containers.containers.searxng = {
image = "searxng/searxng:latest";
# unstable, waiting for 26.05
#pull = "newer";
hostname = "${subdomain}.esotericbytes.com";
networks = [
"docker-main"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
#"traefik.http.services.${name}.loadbalancer.server.url" = "http://192.168.100.10:${builtins.toString hostPort}";
"traefik.http.services.${name}.loadbalancer.server.port" = "8080";
};
ports = [
];
extraOptions = [
"--ip=192.168.101.9"
];
volumes = [
"vol_searxng_settings:/etc/searxng/"
"vol_searxng_data:/var/cache/searxng/"
"/etc/searxng/settings.yml:/etc/searxng/settings.yml"
];
environment = {
SEARXNG_SECRET = "2e8b4fcf4c0f46b097496f2d5715dbb061bd5cac78c64d0f5a0bee27f013f3c0";
};
};
};
};
}

2820
modules/features/searxng/settings.yml Normal file
View File

File diff suppressed because it is too large Load Diff

0
system/secrets.yaml → modules/features/secrets.yaml
View File

13
modules/features/steam.nix Normal file
View File

@@ -0,0 +1,13 @@
{ ... }: {
flake.nixosModules.steam = { config, lib, ... }: {
config = {
programs.steam = {
enable = true;
};
};
};
}

75
modules/features/traefik/config/routing.yml Normal file
View File

@@ -0,0 +1,75 @@
http:
routers:
homepageSecure:
entryPoints:
- "websecure"
- "localsecure"
rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
service: "homepage"
middlewares:
- authentik
tls:
certResolver: "cloudflare"
code-server:
entryPoints:
- "localsecure"
rule: "Host(`code.esotericbytes.com`)"
service: "code-server"
tls:
certResolver: "cloudflare"
gitea:
entryPoints:
- "localsecure"
- "websecure"
rule: "Host(`gitea.esotericbytes.com`)"
service: "gitea"
tls:
certResolver: "cloudflare"
octoprint:
entryPoints:
- "localsecure"
#- "websecure"
rule: "Host(`3dp.esotericbytes.com`)"
service: "octoprint"
tls:
certResolver: "cloudflare"
services:
homepage:
loadBalancer:
servers:
- url: "http://192.168.100.13:80"
code-server:
loadBalancer:
servers:
- url: "http://192.168.100.31:4444"
gitea:
loadBalancer:
servers:
- url: "http://192.168.100.20:3000"
octoprint:
loadBalancer:
servers:
- url: "http://rpi-3dp.local"
passHostHeader: true
tcp:
routers:
gitea-ssh:
entryPoints:
- "gitea-ssh"
rule: "HostSNI(`*`)"
service: "gitea-ssh"
services:
gitea-ssh:
loadBalancer:
servers:
- address: "192.168.100.20:2222"

87
modules/features/traefik/config/traefik.yml Normal file
View File

@@ -0,0 +1,87 @@
providers:
docker:
exposedByDefault: false
file:
filename: "/etc/traefik/routing.yml"
serversTransport:
insecureSkipVerify: true
api:
dashboard: true
global:
checknewversion: true
sendanonymoususage: false
entryPoints:
web:
address: ":81"
http:
redirections:
entryPoint:
to: "websecure"
scheme: "https"
websecure:
address: ":444"
asDefault: true
transport:
respondingTimeouts:
readTimeout: 24h
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
encodedCharacters:
allowEncodedSlash: true
allowEncodedQuestionMark: true
allowEncodedPercent: true
local:
address: ":80"
http:
redirections:
entryPoint:
to: "localsecure"
scheme: "https"
localsecure:
address: ":443"
asDefault: true
transport:
respondingTimeouts:
readTimeout: 24h
http:
tls:
certResolver: "cloudflare"
domains:
main: "esotericbytes.com"
sans:
- "*.esotericbytes.com"
encodedCharacters:
allowEncodedSlash: true
allowEncodedQuestionMark: true
allowEncodedPercent: true
gitea-ssh:
address: ":2222"
log:
level: "INFO"
filePath: "/etc/traefik/logs/traefik.log"
format: "json"
certificatesResolvers:
cloudflare:
acme:
storage: "/etc/traefik/acme.json"
keyType: "EC256"
dnsChallenge:
provider: "cloudflare"
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"

106
modules/features/traefik/traefik.nix Normal file
View File

@@ -0,0 +1,106 @@
{ ... }: {
flake.nixosModules.traefik = { config, lib, ... }: {
config = {
networking.firewall.allowedTCPPorts = [ 80 81 443 444 2222 ];
sops.secrets = {
"traefik/cf_email" = {};
"traefik/cf_api_key" = {};
};
sops.templates."traefik.env" = {
content = ''
CF_API_EMAIL=${config.sops.placeholder."traefik/cf_email"}
CF_DNS_API_TOKEN=${config.sops.placeholder."traefik/cf_api_key"}
'';
};
environment.etc = (builtins.listToAttrs (builtins.map (x: {
name = "traefik/${x}";
value = {
source = ./config/${x};
mode = "0664";
};
}) (builtins.attrNames (builtins.readDir ./config))));
/*environment.etc."traefik/traefik.yml" = {
source = ./config/traefik.yml;
};
environment.etc."traefik/routing.yml" = {
source = ./config/routing.yml;
};*/
virtualisation.oci-containers.containers.traefik = {
image = "traefik:v3.6";
environment = {
TRAEFIK_CERTIFICATESRESOLVERS_CLOUDFLARE_ACME_EMAIL = "\${CF_API_EMAIL}";
};
environmentFiles = [ config.sops.templates."traefik.env".path ];
volumes = [
"/etc/traefik/:/etc/traefik/"
"/run/docker.sock:/var/run/docker.sock"
];
networks = [
"docker-main"
];
ports = [
"80:80"
"81:81"
"443:443"
"444:444"
"2222:2222"
];
labels = {
"traefik.enable" = "true";
"traefik.http.routers.dashboard.rule" = "Host(`traefik.esotericbytes.com`)";
"traefik.http.routers.dashboard.entrypoints" = "websecure,localsecure";
"traefik.http.routers.dashboard.service" = "api@internal";
"traefik.http.routers.dashboard.tls.certResolver" = "cloudflare";
};
extraOptions = [
"--ip=192.168.101.11"
];
log-driver = "journald";
};
systemd.services."docker-traefik" = {
serviceConfig = {
Restart = lib.mkOverride 90 "always";
RestartMaxDelaySec = lib.mkOverride 90 "1m";
RestartSec = lib.mkOverride 90 "100ms";
RestartSteps = lib.mkOverride 90 9;
};
after = [
"docker-network-setup.service"
];
requires = [
"docker-network-setup.service"
];
partOf = [
"docker-compose-traefik-root.target"
];
wantedBy = [
"docker-compose-traefik-root.target"
];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."docker-compose-traefik-root" = {
wantedBy = [ "multi-user.target" ];
};
};
};
}

22
modules/features/virtual-machines.nix Normal file
View File

@@ -0,0 +1,22 @@
{ ... }: {
flake.nixosModules.virtual-machines = { config, lib, pkgs, ... }: {
config = {
programs.virt-manager.enable = true;
virtualisation = {
libvirtd = {
enable = true;
qemu.swtpm.enable = true;
};
spiceUSBRedirection.enable = true;
};
environment.systemPackages = with pkgs; lib.mkIf config.hardware.graphics.enable [
virt-viewer
];
};
};
}

46
modules/features/wyoming.nix Normal file
View File

@@ -0,0 +1,46 @@
{ ... }: {
flake.nixosModules.wyoming = { config, lib, ... }: {
config = {
services.wyoming = {
piper = {
servers.piper = {
enable = lib.mkDefault true;
voice = "en-us-ryan-medium";
uri = "tcp://0.0.0.0:11435";
};
};
openwakeword = {
enable = lib.mkDefault true;
uri = "tcp://0.0.0.0:11432";
threshold = 0.5;
customModelsDirectories = [
#./wake_words
];
};
faster-whisper = {
servers.whisper = {
enable = lib.mkDefault true;
device = "auto";
language = "en";
model = "medium.en";
uri = "tcp://0.0.0.0:11433";
};
};
satellite = {
enable = lib.mkDefault true;
uri = "tcp://0.0.0.0:11431";
};
};
};
};
}

120
modules/hosts/container/configuration.nix Normal file
View File

@@ -0,0 +1,120 @@
{ inputs, ... }: {
flake.nixosModules.container = { config, pkgs, lib, ... }:
{
imports =
[
inputs.home-manager.nixosModules.default
];
config = {
hardware.nvidia.open = true;
boot.isContainer = true;
services = {
xserver = {
#enable = true;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = true;
defaultSession = "plasma";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
/*
environment.sessionVariables = {
WLR_BACKENDS = "headless";
WLR_LIBINPUT_NO_DEVICES = "1";
};
*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users.defaultUserShell = pkgs.zsh;
nixpkgs = {
config.allowUnfree = true;
hostPlatform = "x86_64-linux";
};
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
services.displayManager.sddm.settings.AutoLogin = {
User = "nathan";
Session = "plasmawayland.desktop";
Relogin = true;
};
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
firewall.allowedTCPPorts = [ 80 ];
};
system.stateVersion = "25.05"; # Did you read the comment?
users.users."nathan" = {
isNormalUser = true;
initialPassword = "7567";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
]; # Enable sudo for the user.
/*openssh.authorizedKeys.keys = [
];*/
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
/*sops = {
age.keyFile = "/home/nathan/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
};
};*/
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
};
}

0
machines/homebox/.sops.yaml → modules/hosts/homebox/.sops.yaml
View File

128
modules/hosts/homebox/configuration.nix Normal file
View File

@@ -0,0 +1,128 @@
{ self, inputs, ... }: {
flake.nixosModules.homebox = { config, pkgs, lib, ... }:
{
imports =
[
inputs.disko.nixosModules.default
inputs.home-manager.nixosModules.default
self.nixosModules.default
];
config = {
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
nixpkgs.config.allowUnfree = true;
networking = {
hostName = "homebox";
nameservers = lib.mkDefault [ "1.1.1.1" "1.0.0.1" ];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
nftables = {};
nat = {
enable = true;
internalInterfaces = [ "ve-.+" ];
externalInterface = "wlp7s0"; # wifi
#externalInterface = "enp6s0"; # ethernet
};
};
services.netbird.clients.default.environment = {
NB_EXTRA_DNS_LABELS = "server";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
services = {
xserver = {
enable = false;
videoDrivers = ["nvidia"];
};
displayManager = {
enable = false;
defaultSession = "hyprland";
autoLogin = {
enable = true;
user = "nathan";
};
};
pulseaudio.enable = false;
hardware.openrgb = {
enable = true;
motherboard = "amd";
};
};
hardware = {
nvidia = {
open = true;
modesetting.enable = true;
nvidiaPersistenced = true;
};
bluetooth = {
enable = true;
powerOnBoot = false;
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
secrets = {
"nathan/pass" = {
neededForUsers = true;
};
"remoteBuildClientKeys/laptop".sopsFile = ./../../features/secrets.yaml;
"remoteBuildClientKeys/pi4".sopsFile = ./../../features/secrets.yaml;
"remoteBuildClientKeys/android".sopsFile = ./../../features/secrets.yaml;
};
};
nix = {
settings = {
trusted-users = [ "remote-builder" ];
};
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
};
};
}

12
modules/hosts/homebox/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."homebox" = inputs.nixpkgs.lib.nixosSystem {
modules = with self.nixosModules; [
(user-nathan "laptop")
homebox
homebox-hardware
self.diskoConfigurations.homebox
];
};
}

143
modules/hosts/homebox/disko.nix Normal file
View File

@@ -0,0 +1,143 @@
{ ... }: {
flake.diskoConfigurations.homebox = {
disko.devices = {
disk = {
main = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "4G";
content = {
type = "swap";
resumeDevice = true;
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
ssd1 = {
device = "/dev/nvme1n1";
type = "disk";
content = {
type = "gpt";
partitions = {
ssd1 = {
name = "ssd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "ssd1_vg";
};
};
};
};
};
hdd1 = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
hdd1 = {
name = "hdd1";
size = "100%";
content = {
type = "lvm_pv";
vg = "hdd1_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
ssd1_vg = {
type = "lvm_vg";
lvs = {
ssd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/ssd1" = {
mountOptions = [ "subvol=ssd1" "noatime" ];
mountpoint = "/ssd1";
};
};
};
};
};
};
hdd1_vg = {
type = "lvm_vg";
lvs = {
hdd1 = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/hdd1" = {
mountOptions = [ "subvol=hdd1" "noatime" ];
mountpoint = "/hdd1";
};
};
};
};
};
};
};
};
};
}

24
modules/hosts/homebox/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,24 @@
{ ... }: {
flake.nixosModules.homebox-hardware = { config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

11
machines/homebox/secrets.yaml → modules/hosts/homebox/secrets.yaml
View File

@@ -1,5 +1,8 @@
nathan: nathan:
pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str] pass: ENC[AES256_GCM,data:HP/kF665VvIUybXmqaluJikeHWR0lvTXjA8Ry/dpbjDd3VUfiDuWFKlBkUzIZ1brAc86PV1xl4JWu2CNEz7uc3TmPuJ+GsFFOA==,iv:uPQZE7s3PvfShOaVCNRnnhXlcvA5aIiXRxi7UPbXfdU=,tag:Wg0IuCm4ljSPBmB/H2OSFA==,type:str]
traefik:
cf_email: ENC[AES256_GCM,data:ujvdfobp/aTcyC+kUYeYYeaiXQnQhoHYhg==,iv:LBzvuMMt76jX70a68rzaMgkmzHtVE2TlbrJlWE7I6o8=,tag:cTO1ApZQ214zjJyumunvPg==,type:str]
cf_api_key: ENC[AES256_GCM,data:CrtkBlhUZT3rlZAqiEHz7/OhPaoQ5nAz+deWmrh2zmwJfAp95lGZCA==,iv:qPXTm5zjTVYupot/hUkI/pSe0QNs17rapDrvdweRDTQ=,tag:VL2Cnig8Ih0iSL7myqlTgA==,type:str]
authentik: authentik:
pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str] pass: ENC[AES256_GCM,data:pTjpwRgdUVU5543T199P7Zoy,iv:93WpIK6qq+A1LhaQdBvMQ4jzuAOmMUt575y/p8m8Ugk=,tag:jTg/JED3vpdOVHF8LdIyLg==,type:str]
secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str] secret_key: ENC[AES256_GCM,data:tIWDGtB/z7Ysizz9FPQJe2EeSTAxDPkeHJnaDfytDvbqvRaiCgg7qGpEF6hAQFdZ,iv:gloup5aI0qY+SYJt8V6lvUdE+18IWH09BXtz8dRi6JE=,tag:vFwF9h1Rsa/X1bjvdSRSfQ==,type:str]
@@ -10,7 +13,7 @@ gitea:
keycloak: keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str] dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird: netbird:
coturnPass: ENC[AES256_GCM,data:zB6P9RyTTKkXEOIhOyeJuF4Y,iv:8SWVfcdmMnXQJxezu3uanrlmFhR+hxXEJ3T7KA+YZqE=,tag:1H21K3kbZOuLOdN2zufWJw==,type:str] secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str]
gitlab: gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str] db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str] root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
@@ -35,7 +38,7 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA== 8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T05:54:41Z" lastmodified: "2026-02-01T12:56:37Z"
mac: ENC[AES256_GCM,data:hLxsJDB3kr00fVVlkGC7L/pP3AH+W+IZbt4zHxGb9C7bhgs1zkLdDGGW8uqitsYQP5ZqSq00raym+JGGREH0q+SepQB+yrB26yDsac6thzKV1Yr3sIMhKdzSHJiNEawUxI7pTToKG3e6XDz2S0r0i0AvAoA6abPHoPH4ihojoXE=,iv:lSKAiSdkP1FxVoeKtSYs4i3HcyouNUeBHRvAXXqiBKY=,tag:hJGw0QhvbUf9M3AXC67iFA==,type:str] mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.11.0

48
modules/hosts/iso/configuration.nix Normal file
View File

@@ -0,0 +1,48 @@
{ self, inputs, ... }: {
flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
imports = with inputs; [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
self.nixosModules.default
self.nixosModules.aurora-greeter
home-manager.nixosModules.default
];
config = {
fonts.fontconfig.enable = lib.mkForce true;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
environment.systemPackages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.11";
nixpkgs.hostPlatform = "x86_64-linux";
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
users.users.nixos.enable = lib.mkForce false;
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
};
};
}

15
modules/hosts/iso/default.nix Normal file
View File

@@ -0,0 +1,15 @@
{ self, inputs, ...}: {
perSystem = { config, system, pkgs, self', inputs', ... }: {
packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage;
};
flake.nixosConfigurations.iso = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.iso
];
};
}

113
modules/hosts/jesstop/configuration.nix Normal file
View File

@@ -0,0 +1,113 @@
{ inputs, ... }: {
flake.nixosModules.jesstop = { config, pkgs, lib, ... }:
{
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
systemd.extraConfig = "DefaultLimitNOFILE=2048";
hardware = {
graphics.enable = true;
#enable bluetooth
bluetooth.enable = true;
};
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
# Enable the X11 windowing system.
services.xserver = {
enable = true;
desktopManager.enlightenment.enable = true;
};
services.acpid.enable = true;
services.displayManager.enable = true;
# Enable CUPS to print documents.
services.printing.enable = true;
system.stateVersion = "23.05"; # Did you read the comment?
# Set your time zone.
time.timeZone = "America/Chicago";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
networking = {
hostName = "jesstop";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
users.users."nickelback" = {
isNormalUser = true;
description = "Thomas Jefferson";
initialPassword = "89453712";
#hashedPasswordFile = config.sops.secrets."nathan/pass".path;
extraGroups = [
"wheel"
"networkmanager"
]; # Enable sudo for the user.
openssh.authorizedKeys.keys = [];
packages = with pkgs; [
(writeShellScriptBin "beets" ''
bluetoothctl connect A4:16:C0:74:1F:55
'')
spotify
gnome-network-displays
discord
krita
rpcs3
];
};
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
settings = {
experimental-features = [ "nix-command" "flakes" ];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
};
}

11
modules/hosts/jesstop/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."jesstop" = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.jesstop
self.nixosModules.jesstop-hardware
];
};
}

39
modules/hosts/jesstop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }: {
flake.nixosModules.jesstop-hardware = { config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "vmd" "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d76defe1-149f-4ea2-a5a1-d9cc2804cf72";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/D497-6455";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

0
machines/laptop/.sops.yaml → modules/hosts/laptop/.sops.yaml
View File

142
modules/hosts/laptop/configuration.nix Normal file
View File

@@ -0,0 +1,142 @@
{ self, inputs, ... }: {
flake.nixosModules.laptop = { config, pkgs, lib, ... }:
{
imports = with self.nixosModules; [
inputs.home-manager.nixosModules.default
self.nixosModules.default
self.nixosModules.default
aurora-greeter
hyprland
pipewire
steam
avahi
netbird
openssh
];
config = {
nixpkgs.config = {
allowUnfree = true;
};
# Bootloader.
boot = {
kernelPackages = pkgs.linuxKernel.packages.linux_6_18;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
timeout = null;
};
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
hardware = {
graphics.enable = true;
firmware = with pkgs; [
sof-firmware
];
#enable bluetooth
bluetooth.enable = true;
};
programs.partition-manager.enable = true;
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
alsa-utils
];
# Enable the X11 windowing system.
services.xserver = {
enable = true;
};
services.displayManager.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
# Enable CUPS to print documents.
services.printing.enable = true;
programs.adb.enable = true;
programs.zsh.enable = true;
networking = {
hostName = "laptop";
nameservers = [
"1.1.1.1"
"1.0.0.1"
];
networkmanager = {
enable = true;
dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
};
services.openssh.openFirewall = false;
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
boot.kernelParams = [ "snd-intel-dspcfg.dsp_driver=1" ];
hardware = {
nvidia = {
modesetting.enable = true;
powerManagement.enable = true;
powerManagement.finegrained = true;
open = false;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
prime = {
# Make sure to use the correct Bus ID values for your system!
intelBusId = "PCI:0:2:0";
nvidiaBusId = "PCI:1:0:0";
# WARNING: sync and offload are mutually exclusive.
# You can only pick one!!
#sync.enable = true;
offload = {
enable = true;
enableOffloadCmd = true;
};
};
};
};
sops = {
defaultSopsFile = ./secrets.yaml;
secrets = {
remoteBuildKey = {};
};
};
services.xserver.videoDrivers = [ "nvidia" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
};
};
}

12
modules/hosts/laptop/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."laptop" = inputs.nixpkgs.lib.nixosSystem {
modules = with self.nixosModules; [
user-nathan
laptop
laptop-hardware
];
};
}

39
modules/hosts/laptop/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
{ ... }: {
flake.nixosModules.laptop-hardware = { config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/78c0964d-c09e-4e31-8a73-eb719d79917a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/AE5E-AC86";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

0
machines/laptop/secrets.yaml → modules/hosts/laptop/secrets.yaml
View File

60
modules/hosts/live/configuration.nix Normal file
View File

@@ -0,0 +1,60 @@
{ inputs, ... }: {
flake.nixosModules.live = { pkgs, ... }: {
imports = with inputs; [
disko.nixosModules.default
(import ./disko.nix { device = "/dev/mmcblk0"; })
sops-nix.nixosModules.sops
home-manager.nixosModules.default
];
config = {
hardware.enableRedistributableFirmware = true;
hardware.enableAllHardware = true;
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh bashInteractive ];
networking = {
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
nixpkgs.hostPlatform = "x86_64-linux";
boot = {
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
};
users.users."nathan" = {
hashedPassword = "$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
packages = with pkgs; [
git
nerd-fonts.fira-code
];
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."nathan/pass".neededForUsers = true;
};
system.stateVersion = "25.05";
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
};
};
}

11
modules/hosts/live/default.nix Normal file
View File

@@ -0,0 +1,11 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."live" = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.live
self.diskoConfigurations.live
];
};
}

69
modules/hosts/live/disko.nix Normal file
View File

@@ -0,0 +1,69 @@
{ ... }: {
flake.diskoConfigurations.live = {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

0
system/profiles/live/secrets.yaml → modules/hosts/live/secrets.yaml
View File

87
modules/hosts/pi4/configuration.nix Normal file
View File

@@ -0,0 +1,87 @@
{ inputs, ... }: {
flake.nixosModules.pi4 = { config, pkgs, ... }: {
imports = [
inputs.disko.nixosModules.default
inputs.home-manager.nixosModules.default
];
config = {
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
time.timeZone = "America/Chicago";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
};
}

12
modules/hosts/pi4/default.nix Normal file
View File

@@ -0,0 +1,12 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.pi4
self.nixosModules.pi4-hardware
self.diskoConfigurations.pi4
];
};
}

69
modules/hosts/pi4/disko.nix Normal file
View File

@@ -0,0 +1,69 @@
{ ... }: {
flake.diskoConfigurations.pi4 = {
device1 ? throw "Set this to your disk device, e.g. /dev/sda",
...
}: {
disko.devices = {
disk = {
main = {
device = device1;
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
name = "boot";
size = "1M";
type = "EF02";
};
esp = {
name = "ESP";
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
name = "root";
size = "100%";
content = {
type = "lvm_pv";
vg = "root_vg";
};
};
};
};
};
};
lvm_vg = {
root_vg = {
type = "lvm_vg";
lvs = {
root = {
size = "100%FREE";
content = {
type = "btrfs";
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
};
"/nix" = {
mountOptions = ["subvol=nix" "noatime"];
mountpoint = "/nix";
};
};
};
};
};
};
};
};
};
}

27
modules/hosts/pi4/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.pi4-hardware = { config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
};
}

0
system/profiles/pi4/secrets.yaml → modules/hosts/pi4/secrets.yaml
View File

12
modules/parts.nix Normal file
View File

@@ -0,0 +1,12 @@
{ inputs, ... }: {
imports = [
inputs.home-manager.flakeModules.home-manager
inputs.disko.flakeModules.default
];
systems = [
"x86_64-linux"
"aarch64-linux"
];
}

11
modules/users/nathan/home-manager/.sops.yaml Normal file
View File

@@ -0,0 +1,11 @@
keys:
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules:
- path_regex: ^secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

75
modules/users/nathan/home-manager/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{ self, inputs, ... }: {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
imports = with self.homeModules; [
inputs.sops-nix.homeManagerModules.sops
nathan-terminal
nathan-mpd
nathan-nh
];
config = {
home.username = "nathan";
home.homeDirectory = lib.mkDefault "/home/${config.home.username}";
home.stateVersion = "23.11";
home.pointerCursor = {
gtk.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
dconf.settings = {
"org/virt-manager/virt-manager/connections" = {
autoconnect = ["qemu:///system"];
uris = ["qemu:///system"];
};
};
gtk = {
enable = true;
theme.name = "Tokyonight-Dark";
theme.package = pkgs.tokyonight-gtk-theme;
iconTheme.package = pkgs.rose-pine-icon-theme;
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
};
}

0
system/users/nathan/home-manager/dotfiles/Wallpaper/Tron.jpg → modules/users/nathan/home-manager/dotfiles/Wallpaper/Tron.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.4 MiB

After

Width:  |  Height:  |  Size: 1.4 MiB

0
system/users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg → modules/users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.0 MiB

After

Width:  |  Height:  |  Size: 1.0 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/chainsaw_man.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.8 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.2 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/eighty-six3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.7 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/frieren.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.4 MiB

0
system/users/nathan/home-manager/dotfiles/Wallpaper/galaxy.jpg → modules/users/nathan/home-manager/dotfiles/Wallpaper/galaxy.jpg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1007 KiB

After

Width:  |  Height:  |  Size: 1007 KiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer1.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.5 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.2 MiB

BIN
modules/users/nathan/home-manager/dotfiles/Wallpaper/goblin_slayer3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.9 MiB

Some files were not shown because too many files have changed in this diff Show More