nathan/Olympus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test gitea docker

Browse Source
This commit is contained in:
Nathan
2026-04-26 12:25:17 -05:00
parent 7dd153349d fe29c5ff4b
commit e24312038e
37 changed files with 953 additions and 432 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.sops.yaml
View File

@@ -3,7 +3,25 @@ keys:
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules:
- path_regex: system/secrets.yaml$
- path_regex: features/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: live/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: container/secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android
- path_regex: users/.*/secrets.yaml$
key_groups:
- age:
- *laptop

156
flake.lock generated
View File

@@ -20,11 +20,11 @@
]
},
"locked": {
"lastModified": 1775558810,
"narHash": "sha256-fy95EdPnqQlpbP8+rk0yWKclWShCUS5VKs6P7/1MF2c=",
"lastModified": 1776702787,
"narHash": "sha256-qc5uwEWbuubzYthmZcfCapooZGXhoYZWfTQ24TozbCQ=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "7371b669b22aa2af980f913fc312a786d2f1abb2",
"rev": "9a1ca6b8cb4d86a599787a55b78f2ddf809bf945",
"type": "github"
},
"original": {
@@ -61,11 +61,11 @@
]
},
"locked": {
"lastModified": 1773889306,
"narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=",
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community",
"repo": "disko",
"rev": "5ad85c82cc52264f4beddc934ba57f3789f28347",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github"
},
"original": {
@@ -82,11 +82,11 @@
},
"locked": {
"dir": "pkgs/firefox-addons",
"lastModified": 1775880170,
"narHash": "sha256-63PLZ7lspPAqpV/+d0oNtDHLCWQf1MVFRG2DOeDK+nU=",
"lastModified": 1777003388,
"narHash": "sha256-IS8oeyaqYS/MPpDp0Z7i86PwcdTqJ2dritgdRtWzkew=",
"owner": "rycee",
"repo": "nur-expressions",
"rev": "28b164d30b5ab6820ef7e17281ae55c539ae9ff5",
"rev": "03d4270c1f75494910b7b8039b1a050bc7055c97",
"type": "gitlab"
},
"original": {
@@ -254,11 +254,11 @@
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1776885253,
"narHash": "sha256-vslJ5ezhyD+HBMEqzsPLOBfalILmPrAABR68yxrhEuM=",
"lastModified": 1777004352,
"narHash": "sha256-SV+9PgNwZ8jHVCjK6YaCBzaheLSW7cDnm5DpOYrD8Vw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "d79c987e654347083e903ab6d2a89ed3d0752177",
"rev": "6012cf1fed3eba66115f3fd117b9be6bd2a15b2f",
"type": "github"
},
"original": {
@@ -283,11 +283,11 @@
]
},
"locked": {
"lastModified": 1772461003,
"narHash": "sha256-pVICsV7FtcEeVwg5y/LFh3XFUkVJninm/P1j/JHzEbM=",
"lastModified": 1776511930,
"narHash": "sha256-fCpwFiTW0rT7oKJqr3cqHMnkwypSwQKpbtUEtxdkgrM=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "b62396457b9cfe2ebf24fe05404b09d2a40f8ed7",
"rev": "39435900785d0c560c6ae8777d29f28617d031ef",
"type": "github"
},
"original": {
@@ -312,11 +312,11 @@
]
},
"locked": {
"lastModified": 1775496928,
"narHash": "sha256-Ds759WU03mGWtu3I43J+5GF5Ni8TvF+GYQUFD+fVeMo=",
"lastModified": 1776426399,
"narHash": "sha256-RUESLKNikIeEq9ymGJ6nmcDXiSFQpUW1IhJ245nL3xM=",
"owner": "hyprwm",
"repo": "hyprgraphics",
"rev": "cf95d93d17baa18f1d9b016b3afe27f820521a6e",
"rev": "68d064434787cf1ed4a2fe257c03c5f52f33cf84",
"type": "github"
},
"original": {
@@ -342,11 +342,11 @@
"xdph": "xdph"
},
"locked": {
"lastModified": 1775828308,
"narHash": "sha256-mKW54+ilZNBVsU3GnzHhZUb041H7L/R8aPA0GD+1oKQ=",
"lastModified": 1776947531,
"narHash": "sha256-BnUJwexEDpt10Csws8UNq/34r5zaUl8oXNrDHd6oJVA=",
"ref": "refs/heads/main",
"rev": "f7755322fc515108cc9eed8113c09492d4a352c1",
"revCount": 7141,
"rev": "b65714e3b8e123fb2febd507905d25fa6abd0400",
"revCount": 7171,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
@@ -390,11 +390,11 @@
]
},
"locked": {
"lastModified": 1774710575,
"narHash": "sha256-p7Rcw13+gA4Z9EI3oGYe3neQ3FqyOOfZCleBTfhJ95Q=",
"lastModified": 1776426575,
"narHash": "sha256-KI6nIfVihn/DPaeB5Et46Xg3dkNHrrEtUd5LBBVomB0=",
"owner": "hyprwm",
"repo": "hyprland-guiutils",
"rev": "0703df899520001209646246bef63358c9881e36",
"rev": "a968d211048e3ed538e47b84cb3649299578f19d",
"type": "github"
},
"original": {
@@ -444,11 +444,11 @@
]
},
"locked": {
"lastModified": 1772459629,
"narHash": "sha256-/iwvNUYShmmnwmz/czEUh6+0eF5vCMv0xtDW0STPIuM=",
"lastModified": 1776426736,
"narHash": "sha256-rl7i4aY+9p8LysJp7o8uRWahCkpFznCgGHXszlTw7b0=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "7615ee388de18239a4ab1400946f3d0e498a8186",
"rev": "7833ff33b2e82d3406337b5dcf0d1cec595d83e9",
"type": "github"
},
"original": {
@@ -521,11 +521,11 @@
]
},
"locked": {
"lastModified": 1774911391,
"narHash": "sha256-c4YVwO33Mmw+FIV8E0u3atJZagHvGTJ9Jai6RtiB8rE=",
"lastModified": 1776428866,
"narHash": "sha256-XfRlBolGtjvalTHJp3XvvpYLBjkMhaZLLU0WqZ91Fcg=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "e6caa3d4d1427eedbdf556cf4ceb70f2d9c0b56d",
"rev": "eedd60805cd96d4442586f2ba5fe51d549b12674",
"type": "github"
},
"original": {
@@ -546,11 +546,11 @@
]
},
"locked": {
"lastModified": 1772459835,
"narHash": "sha256-978jRz/y/9TKmZb/qD4lEYHCQGHpEXGqy+8X2lFZsak=",
"lastModified": 1776430932,
"narHash": "sha256-Yv3RPiUvl7CAsJgwIVsqcj7akn1gLyJP1F/mocof5hA=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "0a692d4a645165eebd65f109146b8861e3a925e7",
"rev": "4c2fcc06dc9722c97dbb54ba649c69b18ce83d2e",
"type": "github"
},
"original": {
@@ -575,11 +575,11 @@
]
},
"locked": {
"lastModified": 1775414057,
"narHash": "sha256-mDpHnf+MkdOxEqIM1TnckYYh9p1SXR8B3KQfNZ12M8s=",
"lastModified": 1776728575,
"narHash": "sha256-z9eGphrArEBpl1O/GCH0wlY6z4K9vA6yWh2gAS6qytU=",
"owner": "hyprwm",
"repo": "hyprwire",
"rev": "86012ee01b0fdd8bf3101ef38816f2efbee42490",
"rev": "f3a80888783702a39691b684d099e16b83ed4702",
"type": "github"
},
"original": {
@@ -618,6 +618,22 @@
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1776983936,
"narHash": "sha256-ZOQyNqSvJ8UdrrqU1p7vaFcdL53idK+LOM8oRWEWh6o=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "2096f3f411ce46e88a79ae4eafcfc9df8ed41c61",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1775423009,
@@ -713,11 +729,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1775423009,
"narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=",
"lastModified": 1776548001,
"narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9",
"rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
"type": "github"
},
"original": {
@@ -729,11 +745,11 @@
},
"nixpkgs_4": {
"locked": {
"lastModified": 1775811116,
"narHash": "sha256-t+HZK42pB6N+i5RGbuy7Xluez/VvWbembBdvzsc23Ss=",
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "54170c54449ea4d6725efd30d719c5e505f1c10e",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"type": "github"
},
"original": {
@@ -791,6 +807,22 @@
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1772047000,
"narHash": "sha256-7DaQVv4R97cii/Qdfy4tmDZMB2xxtyIvNGSwXBBhSmo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1267bb4920d0fc06ea916734c11b0bf004bbe17e",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixvim": {
"inputs": {
"flake-parts": "flake-parts_3",
@@ -832,6 +864,24 @@
"type": "github"
}
},
"opi-zero2w": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1772415536,
"narHash": "sha256-dS4XyDDVCjGEFDX4zgaalQqMlfWL7JfeLGJpLwcAAFE=",
"owner": "virusdave",
"repo": "nixos-opi-zero2w",
"rev": "1337ecfb2443f059f8971eb89eae487fbc6b0dcc",
"type": "github"
},
"original": {
"owner": "virusdave",
"repo": "nixos-opi-zero2w",
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
@@ -842,11 +892,11 @@
]
},
"locked": {
"lastModified": 1775036584,
"narHash": "sha256-zW0lyy7ZNNT/x8JhzFHBsP2IPx7ATZIPai4FJj12BgU=",
"lastModified": 1776796298,
"narHash": "sha256-PcRvlWayisPSjd0UcRQbhG8Oqw78AcPE6x872cPRHN8=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "4e0eb042b67d863b1b34b3f64d52ceb9cd926735",
"rev": "3cfd774b0a530725a077e17354fbdb87ea1c4aad",
"type": "github"
},
"original": {
@@ -864,9 +914,11 @@
"home-manager": "home-manager_2",
"hyprland": "hyprland",
"import-tree": "import-tree_2",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_4",
"nixpkgs-us": "nixpkgs-us",
"nixvim": "nixvim",
"opi-zero2w": "opi-zero2w",
"sops-nix": "sops-nix"
}
},
@@ -877,11 +929,11 @@
]
},
"locked": {
"lastModified": 1775682595,
"narHash": "sha256-0E9PohY/VuESLq0LR4doaH7hTag513sDDW5n5qmHd1Q=",
"lastModified": 1776771786,
"narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d2e8438d5886e92bc5e7c40c035ab6cae0c41f76",
"rev": "bef289e2248991f7afeb95965c82fbcd8ff72598",
"type": "github"
},
"original": {
@@ -948,11 +1000,11 @@
]
},
"locked": {
"lastModified": 1773601989,
"narHash": "sha256-2tJf/CQoHApoIudxHeJye+0Ii7scR0Yyi7pNiWk0Hn8=",
"lastModified": 1776608502,
"narHash": "sha256-UH8YoQxx4hFOm6qjMdjRQNRvSejFIR/wBZ8fW1p9sME=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "a9b862d1aa000a676d310cc62d249f7ad726233d",
"rev": "4a293523d36dfa367e67ec304cc718ea66a8fec2",
"type": "github"
},
"original": {

5
flake.nix
View File

@@ -16,6 +16,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:nixos/nixos-hardware/master";
opi-zero2w.url = "github:virusdave/nixos-opi-zero2w";
#opi-zero2w.url = "git+file:///home/nathan/Projects/tests/nixos-opi-zero2w";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";

96
modules/features/default.nix
View File

@@ -1,96 +0,0 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
isNormalUser = true;
createHome = false;
};
sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFormat = "yaml";
};
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

32
modules/features/ethdhcp.nix Normal file
View File

@@ -0,0 +1,32 @@
{ ... }: {
flake.nixosModules.ethdhcp = { config, lib, ... }: {
networking.firewall.interfaces."eno1" = {
allowedUDPPorts = [ 53 67 68 ];
allowedTCPPorts = [ 53 67 68 ];
};
networking = {
interfaces."eno1" = {
ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }];
};
nat = {
enable = true;
internalInterfaces = [ "eno1" ];
externalInterface = "wlo1";
};
};
services.dnsmasq = {
enable = true;
settings = {
interface = "eno1";
dhcp-range = [ "192.168.121.2,192.168.121.2,1h" ];
};
};
networking.networkmanager.unmanaged = [ "eno1" ];
};
}

66
modules/features/gitea.nix
View File

@@ -80,6 +80,13 @@
repository = {
DEFAULT_BRANCH = "master";
};
migrations = {
ALLOWED_DOMAINS = "*";
ALLOW_LOCALNETWORKS = true;
SKIP_TLS_VERIFY = true;
BLOCKED_DOMAINS = "";
};
};
database = {
@@ -119,6 +126,26 @@
config = {
networking.firewall.allowedTCPPorts = [ 2222 ];
sops.secrets = {
"gitea/dbpass" = {};
};
sops.templates."gitea.env".content = ''
USER_UID=1000
USER_GID=1000
GITEA__database__DB_TYPE=postgres
GITEA__database__HOST=${name}-db:5432
GITEA__database__NAME=gitea
GITEA__database__USER=gitea
GITEA__database__PASSWD=${config.sops.placeholder."gitea/dbpass"}
'';
sops.templates."gitea-db.env".content = ''
POSTGRES_USER=gitea
POSTGRES_DB=gitea
POSTGRES_PASSWORD=${config.sops.placeholder."gitea/dbpass"}
'';
>>>>>>> dev
virtualisation.oci-containers.containers."${name}" = {
image = "docker.gitea.com/gitea:1.25.4";
@@ -134,7 +161,7 @@
labels = {
"traefik.enable" = "true";
"traefik.http.routers.${name}.entrypoints" = "localsecure";
"traefik.http.routers.${name}.entrypoints" = "websecure";
"traefik.http.routers.${name}.rule" = "Host(`${subdomain}.esotericbytes.com`)";
"traefik.http.routers.${name}.service" = "${name}";
"traefik.http.routers.${name}.tls.certResolver" = "cloudflare";
@@ -153,15 +180,20 @@
];
extraOptions = [
"--ip=192.168.101.20"
"--ip=192.168.101.25"
];
volumes = [
"vol_gitea:/data"
"/etc/gitea/data:/data"
];
environment = {
};
environmentFiles = [
config.sops.templates."gitea.env".path
];
dependsOn = [
"${name}-db"
];
};
virtualisation.oci-containers.containers."${name}-db" = {
@@ -183,15 +215,16 @@
];
extraOptions = [
"--ip=192.168.101.21"
"--ip=192.168.101.26"
];
volumes = [
"/etc/gitea/db:/var/lib/postgresql/data"
];
environment = {
};
environmentFiles = [
config.sops.templates."gitea-db.env".path
];
};
systemd.services."docker-gitea" = {
@@ -203,12 +236,10 @@
};
after = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
requires = [
"docker-network-setup.service"
"docker-volume-gitea.service"
"docker-gitea-db.service"
];
partOf = [
@@ -239,21 +270,6 @@
"docker-compose-gitea-root.target"
];
};
systemd.services."docker-volume-gitea" = {
path = [ pkgs.docker ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
docker volume inspect vol_gitea || docker volume create vol_gitea --driver=local
'';
partOf = [ "docker-compose-gitea-root.target" ];
wantedBy = [ "docker-compose-gitea-root.target" ];
};
};
};
}

21
modules/features/home-manager.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
imports = [
inputs.home-manager.nixosModules.default
];
config = {
programs.fuse.userAllowOther = true;
home-manager = {
backupFileExtension = "backup";
useUserPackages = true;
sharedModules = [];
};
};
};
}

55
modules/features/hotspot.nix Normal file
View File

@@ -0,0 +1,55 @@
{ ... }: {
flake.nixosModules.hotspot = { config, lib, ... }: {
networking.firewall.interfaces."wlo1" = {
allowedUDPPorts = [ 53 67 68 ];
allowedTCPPorts = [ 53 67 68 ];
};
networking = {
interfaces."wlo1" = {
ipv4.addresses = [{ address = "192.168.121.1"; prefixLength = 24; }];
};
nat = {
enable = true;
internalInterfaces = [ "wlo1" ];
externalInterface = "eno1";
};
};
services.dnsmasq = {
enable = true;
settings = {
interface = "wlo1";
dhcp-range = [ "192.168.121.2,192.168.121.10,1h" ];
};
};
sops.secrets."hotspotPass".sopsFile = ./secrets.yaml;
services.hostapd = {
enable = true;
radios.wlo1 = {
networks.wlo1 = {
ssid = "laptopHotspot";
authentication.saePasswords = [{ passwordFile = "${config.sops.secrets."hotspotPass".path}"; }];
};
countryCode = "US";
band = "2g";
channel = 7;
wifi4 = {
enable = true;
};
};
};
networking.networkmanager.unmanaged = [ "wlo1" ];
};
}

2
modules/features/hyprland.nix
View File

@@ -22,6 +22,8 @@
portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland;
};
programs.partition-manager.enable = true;
};
};
}

27
modules/features/locale.nix Normal file
View File

@@ -0,0 +1,27 @@
{ ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
time.timeZone = lib.mkDefault "America/Chicago";
i18n = lib.mkDefault {
defaultLocale = "en_US.UTF-8";
extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
};
};
};
}

2
modules/features/n8n.nix
View File

@@ -42,7 +42,7 @@
];
extraOptions = [
"--ip=192.168.101.2"
"--ip=192.168.101.14"
];
volumes = [

27
modules/features/netbird/netbird.nix
View File

@@ -31,6 +31,32 @@
};
};
flake.nixosModules.netbird-sbc = { config, lib, pkgs, ... }: {
config = let
pkgs-us = import inputs.nixpkgs-us {
system = "x86_64-linux";
};
in {
sops.secrets."netbirdKey".sopsFile = ./../secrets.yaml;
services.netbird = {
enable = lib.mkDefault true;
clients.default = {
port = 51820;
name = "netbird";
interface = "wt0";
hardened = false;
};
package = pkgs-us.netbird;
#package = pkgs.netbird;
};
};
};
flake.nixosModules.netbird-docker = { config, lib, pkgs, ... }: {
imports = [
@@ -218,6 +244,7 @@
extraOptions = [
"--network-alias=signal"
"--network=docker-main"
"--ip=192.168.101.2"
];
};
systemd.services."docker-netbird-signal" = {

21
modules/features/nix.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.default = { config, lib, pkgs, ... }: {
config = {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
channel.enable = false;
settings = {
experimental-features = [ "nix-command" "flakes" ];
substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-substituters = lib.mkIf config.programs.hyprland.enable ["https://hyprland.cachix.org"];
trusted-public-keys = lib.mkIf config.programs.hyprland.enable ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
};
};
};
}

61
modules/features/remoteBuilds.nix Normal file
View File

@@ -0,0 +1,61 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
nix = {
settings = {
builders-use-substitutes = (config.sops.secrets ? "remoteBuildKey");
};
distributedBuilds = lib.mkDefault (config.sops.secrets ? "remoteBuildKey");
buildMachines = lib.mkIf (config.sops.secrets ? "remoteBuildKey") [
{
hostName = "esotericbytes.com";
sshUser = "remote-builder";
sshKey = config.sops.secrets."remoteBuildKey".path;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
systems = [ "x86_64-linux" "aarch64-linux" ];
}
];
};
users.users."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
isNormalUser = true;
createHome = true;
home = "/tmp/remote-builder";
};
sops.templates."remote-builder" = lib.mkIf (builtins.any
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
) {
content = builtins.concatStringsSep ''''\n'' (builtins.map
(y: config.sops.placeholder.${y})
(builtins.filter
(x: (builtins.match "^remoteBuildClientKeys/.+" x) != null)
(builtins.attrNames config.sops.secrets)
)
);
path = "/etc/ssh/authorized_keys.d/remote-builder";
owner = "remote-builder";
};
};
};
}

7
modules/features/secrets.yaml
View File

@@ -2,6 +2,7 @@ remoteBuildClientKeys:
laptop: ENC[AES256_GCM,data:SZRAZ36nSueWVLcdvpgZpltp/aORqAObFWhgqtIrTYccoK/3F7l0J+VJzF51FASa6spbGJL2BSbzOygyal609pvJc9Hb9bIN85GMzV1P4lha62iC8dkuVLXezPU=,iv:veQJxL4QTxFg2UKm2+I3RQXyuwW2rXEV/gXIQ7nBtlY=,tag:9C9Ltzwz823yY029p9K41A==,type:str]
pi4: ENC[AES256_GCM,data:zT7V70DbBj5OIl5dTkUjvdqrxSiPcc+oFvL7R2ZAuytSQWdo9MR+WuuhN1Zeo0Ho9eGcbS+Qwr/Vs+yIYU+XaUlgawHM6aiUXoQmQE/yJFOPYUcmi0R4mxD0nkPZ0w==,iv:HQ+bxpeHZq9cezF6omZ1OMecfOw74pXzBujndhXnLPM=,tag:AM5O21nYzb4xzybOPvBwRg==,type:str]
android: ENC[AES256_GCM,data:srkEb7oAxcN5++sTWQo43C8M4JNpfeeJlcGLGUA6gp74kcES1HnIs87ZtCik121oMSYD15LZ8p/x/AV2QdGMobQFxoMQ2NEehhP66n2EoXcEos3BXqUlbphiBGMRfVK9+w==,iv:bmDbVfVSZLU+EsZh/GBBY9QVcfHZJB9gLZYeI3NYoGY=,tag:biE4/DN7z2wRyFBjK7vEnQ==,type:str]
hotspotPass: ENC[AES256_GCM,data:str2NCiO3mkWQiNWC1fouqHl,iv:gtwKki5hs9PHMzrK516QxZ4iLx8raIV7vCdJ7RpPd/E=,tag:j+Yw431Mghqt//bFUQnSSA==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
@@ -31,7 +32,7 @@ sops:
NXNhczV5Y3o3dmJ2RVk3eDBRd1FDdEkK4ELlB6suN3R3GJ6XRQCvE9mgiXUOMFs3
Yi+VfJTi3pkUQEi8MZP64Nl6IR5dXjUoPXFhBNcplmLf09JDjH4LJQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-26T22:28:31Z"
mac: ENC[AES256_GCM,data:hTEenm/UO84leu7alRdWlicKKrwNlaRR7ZQzhDtOCUcXemvwe30WkSq2mdzOnSo0uMSg1HZIlna8oRUd31ENe1aWfl69PlYPxEicmN5UHykVboXydw6m0yPoAqHj+nqG/vkWsVp0JN8HvTc59mzD+1DfydhJA3m0juaa81w5GsY=,iv:HBkE78QhX1wZANpvDW7nOIOTKBdCv0/dUc1Xv5+OQmQ=,tag:6I2z8MgZxnXjqd4iikA9nQ==,type:str]
lastmodified: "2026-04-24T23:13:22Z"
mac: ENC[AES256_GCM,data:m/4/y5r+BTeq5AtR6u3+vKxgTopGu+kIOGjaKMtNp/SSY1x086hzBfnB8p3BtLFijxYVrEqM/4JxvKU3m41jOtx4/1oSM/BXjHRUl+7diDSOcBaBtJMH2xam2b7Jlg4J0bW4ai3QnEQVF1A00dcmmEUqa/LZInFYSOXjB+FICCo=,iv:RcqpkSk8BSkcreVG1cY5f2OukCgcT36vqCyOfqoNXIs=,tag:aIDe4Tv5BygBYbyQ8GGr5Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.12.1

21
modules/features/sops.nix Normal file
View File

@@ -0,0 +1,21 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
sops = {
age = {
keyFile = "/var/lib/sops/age/keys.txt";
#generateKey = true;
};
defaultSopsFormat = "yaml";
};
};
};
}

29
modules/features/traefik/config/routing.yml
View File

@@ -8,7 +8,7 @@ http:
rule: "Host(`esotericbytes.com`) || Host(`www.esotericbytes.com`)"
service: "homepage"
middlewares:
- authentik
- authentik@docker
tls:
certResolver: "cloudflare"
@@ -20,15 +20,6 @@ http:
tls:
certResolver: "cloudflare"
gitea:
entryPoints:
- "localsecure"
- "websecure"
rule: "Host(`gitea.esotericbytes.com`)"
service: "gitea"
tls:
certResolver: "cloudflare"
octoprint:
entryPoints:
- "localsecure"
@@ -49,27 +40,9 @@ http:
servers:
- url: "http://192.168.100.31:4444"
gitea:
loadBalancer:
servers:
- url: "http://192.168.100.20:3000"
octoprint:
loadBalancer:
servers:
- url: "http://rpi-3dp.local"
passHostHeader: true
tcp:
routers:
gitea-ssh:
entryPoints:
- "gitea-ssh"
rule: "HostSNI(`*`)"
service: "gitea-ssh"
services:
gitea-ssh:
loadBalancer:
servers:
- address: "192.168.100.20:2222"

7
modules/hosts/homebox/secrets.yaml
View File

@@ -14,6 +14,7 @@ keycloak:
dbpass: ENC[AES256_GCM,data:tc4wIAqzY7nonBhz8s+YdAux,iv:Wg0b0/xnl6cANLTOJWBsX+gw1iF8Q/GvO/iKyKwqJrM=,tag:LORKRmo4RjcrVbPNhk2A9Q==,type:str]
netbird:
secret_key: ENC[AES256_GCM,data:isJHGh/InvgJUSqISqxpWhZH0OMN/QG7WBbSS7WqHaWTdfZDBOh//PBP8g==,iv:j0D6feM3qnDjXijXRHgZPboFLHzPwWIhT5bYz3M+QMU=,tag:pOHRxOEdOUrL3n6DgqGDsA==,type:str]
netbirdKey: ENC[AES256_GCM,data:NSOx62QO2/BMgsV6B+Bi20XN1s8PUYDogRVj4XXYeqhF2QZE,iv:FiJzCpy+4Et58KJlG25A/GqeYscFQ9yzLj5i1ZEVDos=,tag:nlviBvsFJBGsAmwVt3agTg==,type:str]
gitlab:
db_pass: ENC[AES256_GCM,data:N3KvXkXql/PDjxZSpGo/Apr/,iv:OOzhR4BEmV3T01PA50vqdJMg7D2OGKHn/8hiqKEaOd4=,tag:jzdonXH/D/5kZ5Cld2W//w==,type:str]
root_pass: ENC[AES256_GCM,data:bALaUkoJw3N0ugZP/4MCnEsD,iv:LJdJpXlyzA6o00UVlK+l5WCCFIL/sT/fQNjI8wA5LAg=,tag:BYk1o/rjubyEpeHbgYA1Sg==,type:str]
@@ -38,7 +39,7 @@ sops:
S0NMRGJSeks0Q0UrVnZmUVdyU2NqVm8KLu2kQpD1fJdU0fTdR9A2cTQzRp+waJ6M
8vA+E8xYb2U4d7m0YnwKkGzw0CBPb0BvdEgvWvqpFViftoDwRv5KGA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-02-01T12:56:37Z"
mac: ENC[AES256_GCM,data:clu/WnwHAQaowQ99Z8tNlIKKcVnLHYeYsgQK0meftXgiQKnLyLzqNipwfaU3qjITdm6fB7wY+TcySygpwFbY2f2TKrqAk7RxdnTFa61vQDqMF7rYPG90Ub79P+R5URZI8yjv69Hmrav0Y6z92vH8ItbPSRBLtgrbYZx36IFq0LU=,iv:qzBVA0xATM979tzu6cTvMrX77firvA5K0WU2hoUggoA=,tag:Fm3IqH0GUHBq9Din6ZW6ng==,type:str]
lastmodified: "2026-04-26T03:37:06Z"
mac: ENC[AES256_GCM,data:gFZhelYC2ToiyRQmX2XiEmmMy3XeSFiF9EARogNcEIv+V/3Z4jKIDGwIvnP94s9ylgb+VZ2IoJLYb6zYSgYx/muOCoeoLifNwZOO+zA2hEgUf0kAhsM08HkuuwvifPwBZXO0P3VXTfP21QymetYVstX9ifYT3K5BIB2m9Unudu0=,iv:+Pr8idIxArX7eQEQaxigjhAGEOQRl7pz3p182yh6+Tg=,tag:qlpBKB4vg3BRFd/s+vDaDw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0
version: 3.12.1

25
modules/hosts/iso/configuration.nix
View File

@@ -2,14 +2,19 @@
flake.nixosModules.iso = { lib, pkgs, modulesPath, ... }: {
imports = with inputs; [
imports = with self.nixosModules; [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
self.nixosModules.default
self.nixosModules.aurora-greeter
inputs.home-manager.nixosModules.default
home-manager.nixosModules.default
self.nixosModules.default
aurora-greeter
hyprland
pipewire
avahi
netbird
openssh
];
@@ -32,9 +37,21 @@
];
};
environment.etc."wallpaper.jpg".source = ./../../users/nathan/home-manager/dotfiles/Wallpaper/bluescape.jpg;
system.activationScripts."wallpaperInit" = {
text = ''
mkdir -p /tmp/aurora/wallpaper
cp /etc/wallpaper.jpg /tmp/aurora/wallpaper/wallpaper.jpg
'';
};
users.users.nixos.enable = lib.mkForce false;
networking = {
hostName = "iso";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};

7
modules/hosts/iso/default.nix
View File

@@ -1,13 +1,14 @@
{ self, inputs, ...}: {
perSystem = { config, system, pkgs, self', inputs', ... }: {
perSystem = { ... }: {
packages.iso = self.nixosConfigurations.iso.config.system.build.isoImage;
};
flake.nixosConfigurations.iso = inputs.nixpkgs.lib.nixosSystem {
modules = [
self.nixosModules.iso
modules = with self.nixosModules; [
iso
user-nathan
];
};

13
modules/hosts/laptop/configuration.nix
View File

@@ -15,6 +15,7 @@
avahi
netbird
openssh
sops
];
config = {
@@ -31,6 +32,7 @@
efi.canTouchEfiVariables = true;
timeout = null;
};
binfmt.emulatedSystems = [ "aarch64-linux" ];
};
systemd.settings.Manager.DefaultLimitNOFILE = 2048;
@@ -47,7 +49,6 @@
};
programs.partition-manager.enable = true;
services.pulseaudio.enable = false;
environment.systemPackages = with pkgs; [
@@ -81,7 +82,7 @@
];
networkmanager = {
enable = true;
dns = "none";
#dns = "none";
};
useDHCP = false;
dhcpcd.enable = false;
@@ -89,6 +90,14 @@
services.openssh.openFirewall = false;
specialisation = {
ethdhcp = {
configuration = with self.nixosModules; lib.mkMerge [
ethdhcp
];
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];

87
modules/hosts/pi4/configuration.nix
View File

@@ -1,87 +1,50 @@
{ inputs, ... }: {
{ self, inputs, ... }: {
flake.nixosModules.pi4 = { config, pkgs, ... }: {
flake.nixosModules.pi4-install-sd = { config, pkgs, modulesPath, ... }: {
imports = [
inputs.disko.nixosModules.default
imports = with self.nixosModules; [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
pi4-core
inputs.home-manager.nixosModules.default
];
config = {
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};
};
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
flake.nixosModules.pi4-install-disko = { config, pkgs, ... }: {
time.timeZone = "America/Chicago";
imports = with self.nixosModules; [
inputs.disko.nixosModules.default
i18n.defaultLocale = "en_US.UTF-8";
pi4-core
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
self.diskoConfigurations.pi4
];
hardware = {
bluetooth.enable = true;
config = {
};
};
};
programs.zsh.enable = true;
flake.nixosModules.pi4 = { config, pkgs, ... }: {
environment.shells = with pkgs; [ zsh ];
imports = with self.nixosModules; [
users = {
groups.gpio = {};
};
pi4-core
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
netbird-sbc
remoteBuilds
sops
];
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
config = {
sops = {
age.keyFile = "/var/lib/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
sound.enable = true;
security.rtkit.enable = true;
system.stateVersion = "25.05";
};
};
}

72
modules/hosts/pi4/core.nix Normal file
View File

@@ -0,0 +1,72 @@
{ self, inputs, ... }: {
flake.nixosModules.pi4-core = { config, pkgs, ... }: {
imports = with self.nixosModules; [
inputs.home-manager.nixosModules.default
self.nixosModules.default
user-nathan
avahi
openssh
];
config = {
boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
kernelParams = [ "snd_bcm2835.enable_hdmi=1" "snd_bcm2835.enable_headphones=1" ];
};
networking = {
hostName = "pi4";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
networkmanager.enable = true;
};
hardware = {
bluetooth.enable = true;
};
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
];
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
security.rtkit.enable = true;
system.stateVersion = "25.11";
};
};
}

40
modules/hosts/pi4/default.nix
View File

@@ -1,12 +1,48 @@
{ self, inputs, ... }: {
flake.nixosConfigurations."pi4" = inputs.nixpkgs.lib.nixosSystem {
perSystem = { ... }: {
packages.pi4-sd = self.nixosConfigurations.pi4-install-sd.config.system.build.sdImage;
};
flake.nixosConfigurations.pi4 = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4
self.nixosModules.pi4-hardware
self.diskoConfigurations.pi4
#self.diskoConfigurations.pi4
];
};
flake.nixosConfigurations.pi4-install = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-core
self.nixosModules.pi4-hardware
];
};
flake.nixosConfigurations.pi4-install-sd = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-install-sd
self.nixosModules.pi4-hardware
];
};
flake.nixosConfigurations.pi4-install-disko = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = [
self.nixosModules.pi4-install-disko
self.nixosModules.pi4-hardware
self.diskoConfigurations.pi4
];
};
}

35
modules/hosts/z2w/configuration.nix Normal file
View File

@@ -0,0 +1,35 @@
{ self, ... }: {
flake.nixosModules.z2w-install-sd = { config, pkgs, modulesPath, ... }: {
imports = with self.nixosModules; [
(modulesPath + "/installer/sd-card/sd-image-aarch64.nix")
z2w-core
];
config = {
};
};
flake.nixosModules.z2w = { config, pkgs, ... }: {
imports = with self.nixosModules; [
z2w-install-sd
netbird-sbc
remoteBuilds
sops
];
config = {
sops = {
defaultSopsFile = ./secrets.yaml;
};
};
};
}

66
modules/hosts/z2w/core.nix Normal file
View File

@@ -0,0 +1,66 @@
{ self, inputs, ... }: {
flake.nixosModules.z2w-core = { config, lib, pkgs, ... }: {
imports = with self.nixosModules; [
inputs.home-manager.nixosModules.default
self.nixosModules.default
user-nathan
avahi
openssh
];
config = {
/*boot = {
loader = {
grub.enable = false;
generic-extlinux-compatible.enable = true;
};
};*/
networking = {
hostName = lib.mkDefault "z2w";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
#networkmanager.enable = true;
#wireless.enable = lib.mkForce false;
};
/*hardware = {
bluetooth.enable = true;
};*/
programs.zsh.enable = true;
environment.shells = with pkgs; [ zsh ];
/*
users = {
groups.gpio = {};
};
services = {
udev.extraRules = ''
SUBSYSTEM=="bcm2835-gpiomem", KERNEL=="gpiomem", GROUP="gpio",MODE="0660"
SUBSYSTEM=="gpio", KERNEL=="gpiochip*", ACTION=="add", RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys/class/gpio/export /sys/class/gpio/unexport ; chmod 220 /sys/class/gpio/export /sys/class/gpio/unexport'"
SUBSYSTEM=="gpio", KERNEL=="gpio*", ACTION=="add",RUN+="${pkgs.bash}/bin/bash -c 'chown root:gpio /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value ; chmod 660 /sys%p/active_low /sys%p/direction /sys%p/edge /sys%p/value'"
'';
pulseaudio = {
enable = true;
extraConfig = ''
load-module module-native-protocol-tcp auth-ip-acl=127.0.0.1
'';
};
};
*/
fonts.packages = with pkgs; [ nerd-fonts.fira-code ];
system.stateVersion = "25.11";
};
};
}

26
modules/hosts/z2w/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{ self, inputs, ... }: {
perSystem = { ... }: {
packages.z2w-sd = self.nixosConfigurations.z2w-install-sd.config.system.build.sdImage;
};
flake.nixosConfigurations.z2w = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = inputs.opi-zero2w.lib.withOpiZero2wEssentials [
self.nixosModules.z2w
#self.nixosModules.z2w-hardware
];
};
flake.nixosConfigurations.z2w-install-sd = inputs.nixpkgs.lib.nixosSystem {
system = "aarch64-linux";
modules = inputs.opi-zero2w.lib.withOpiZero2wInstallerEssentials [
self.nixosModules.z2w-install-sd
#self.nixosModules.z2w-hardware
];
};
}

11
modules/users/nathan/home-manager/.sops.yaml
View File

@@ -1,11 +0,0 @@
keys:
- &homebox age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
- &laptop age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
- &android age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
creation_rules:
- path_regex: ^secrets.yaml$
key_groups:
- age:
- *laptop
- *homebox
- *android

32
modules/users/nathan/home-manager/default.nix
View File

@@ -1,11 +1,8 @@
{ self, inputs, ... }: {
{ self, ... }: {
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
imports = with self.homeModules; [
inputs.sops-nix.homeManagerModules.sops
nathan-terminal
nathan-mpd
nathan-nh
@@ -41,35 +38,8 @@
iconTheme.name = "rose-pine-moon";
};
sops = {
age.keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
defaultSopsFile = ./secrets.yaml;
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
services.mpris-proxy.enable = true;
programs.ssh = {
enable = true;
matchBlocks = {
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
};
}

22
modules/users/nathan/home-manager/features/git.nix
View File

@@ -4,26 +4,9 @@
config = {
sops = {
secrets = {
"git/username" = {};
"git/email" = {};
};
templates.gitconfig.content = ''
[user]
name = "${config.sops.placeholder."git/username"}"
email = "${config.sops.placeholder."git/email"}"
'';
};
programs.git = {
enable = true;
includes = [
{ path = "${config.sops.templates.gitconfig.path}"; }
];
settings = {
init = {
defaultBranch = "master";
@@ -38,6 +21,11 @@
];
};
};
user = {
name = "Nathan";
email = "nathanblunkall5@gmail.com";
};
};
};
};

54
modules/users/nathan/home-manager/features/packages.nix
View File

@@ -2,6 +2,11 @@
flake.homeModules.nathan = { config, lib, pkgs, ... }: {
options.olympus.packageSet = lib.mkOption {
type = lib.types.str;
default = "full";
};
config = with lib; mkMerge [
{
@@ -18,17 +23,6 @@
rsync
curl
(python314.withPackages (ps: with ps; [
gpustat
numpy
matplotlib
scipy
pandas
pyaudio
pyusb
requests
]))
cava
android-tools
neovim-remote
@@ -44,11 +38,6 @@
(mkIf config.wayland.windowManager.hyprland.enable {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = with pkgs; [
grim
@@ -56,13 +45,42 @@
wl-clipboard
xfce.thunar
blueberry
brightnessctl
libdbusmenu-gtk3
];
})
(mkIf (pkgs.stdenv.hostPlatform.system == "x86_64-linux") {
home.packages = with pkgs; [
(python314.withPackages (ps: with ps; [
gpustat
numpy
matplotlib
scipy
pandas
pyaudio
pyusb
requests
]))
];
})
(mkIf (config.olympus.packageSet == "full") {
nixpkgs.config = {
allowUnfree = true;
};
home.packages = with pkgs; [
handbrake
quickemu
bottles
brightnessctl
libdbusmenu-gtk3
lmms
#unfree {

23
modules/users/nathan/home-manager/features/sops.nix Normal file
View File

@@ -0,0 +1,23 @@
{ inputs, ... }: {
flake.homeModules.nathan-sops = { config, lib, pkgs, ... }: {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
config = {
sops = {
age = {
keyFile = "${config.home.homeDirectory}/.config/sops/age/keys.txt";
generateKey = true;
};
defaultSopsFormat = "yaml";
#secrets."remoteBuildKey" = {};
};
};
};
}

44
modules/users/nathan/home-manager/features/ssh.nix
View File

@@ -1,27 +1,41 @@
{ ... }: {
flake.homeModules.nathan-terminal = { ... }: {
flake.homeModules.nathan-terminal = { config, ... }: {
programs.ssh = {
enable = true;
# defaults as of 25.11
matchBlocks."*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
enableDefaultConfig = false;
matchBlocks = {
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
};
"builder" = {
hostname = "esotericbytes.com";
user = "remote-builder";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
"remote" = {
hostname = "esotericbytes.com";
user = "nathan";
identityFile = "${config.home.homeDirectory}/.ssh/id_ed25519";
port = 22;
};
};
};
};
}

36
modules/users/nathan/home-manager/secrets.yaml
View File

@@ -1,36 +0,0 @@
git:
username: ENC[AES256_GCM,data:418z4cCK,iv:tgPmynsW8fEJs6n+OGfm6IypOjNNhVdVaqFImeKXpC4=,tag:V5zI47vb9FnSO/OWurbJ+A==,type:str]
email: ENC[AES256_GCM,data:xp6HlIO1pTgvrXpGAOQwl0UvcnY4zrLrmw==,iv:LzGkluWeSe8MQqPXQMnNOv062UY+BkQE1fGjGqd/nCg=,tag:Y9nwo+Hjcg4ea2GxGKWApA==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvMktJdFhxRjhaT0MyZ0N3
YVBMYlNkRnl1eU8zajZLWXRPajZzWDBGQWxVCkhMcEdsNlVKQ1VHR2hjZWdsR1gx
MkhCeVZGUDJwdkdDTiswRW40QjRRYWMKLS0tIENIN2pheisyR21YZkIzblVZZ1cw
bHpLWEdPdUc4d2ZSS1FjUDM0QWRQUWsKqvlH0oWHH/PhMDTYT5KhCTzaEffsf1jM
r0o60YUCe6pUFs0qPvOxEPM3bq+7MkUpH4eXVAw3tCov3nUkmwlVZg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5K3ovcmpPck1reGVPQ0lm
YTYvNGtaSk4vLzlYSW0rSkpHcjZWUnBMS2dBCmt3RU1PMkJ1VU5wNUc1NC9lbGFk
cjl6cXp6M292enFHckkyamwwaDRia2MKLS0tIGRUTzFGdDZFaS9LdkRjMW56U25B
emRDTncvNnlycHF3V2VJN3NlZTNVSjgK8RUx9qImdqjHBHisnwY+qRZ9vuafl3MN
jnJsIsKSdF51dWYskEMVnPYwn9HdOKkAh6amwSITcw3ZCcK7ftfT+g==
-----END AGE ENCRYPTED FILE-----
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRWXVTSVQvNEhsMkQ2QkRl
SlZLTWN2eUdMa3MwdTBHZE8vdENKTTRKYVF3Ck01N2VNQUJPeHBwVHZTNWYzbXR5
ZS9hUDQydy9nQnR0SVpiUHV6ejhPb0EKLS0tIEZKeXV5QnpZYzBCVDR3WjVSV2Vv
TmJkL3VUbTRLNGNISGhFaGpmaXJ1cDAKpiZ8Nfml0KFq46JRg+394BCyZmnpE4XC
zqxRrNlGH/EDp00q5/jN84vQA+bOhGHcScQpvRCDKMXehQn3H4jksw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-16T16:08:48Z"
mac: ENC[AES256_GCM,data:3/ztJNXhOIPqgQ47QxjM5KTeAJwXPpUuVtvI5/xJsMOOZhXYRt+uhL584F98rJiMHhnbsuGIZi+jGlYRiE6c+GJ9X7TKLj9yRqKvCMSCdWHGzY721GH5kMPcjD2YDYZ4tt+olIMePNJBPjC1XJgfhfOvs43o2HyDTCS95cEQzB4=,iv:qofZBAwxbTrc/hPyuSi8nxibJ0bGhoytZpUTZwwzbuI=,tag:z1SJXutJmlJ+j6RnV4u29Q==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

76
modules/users/nathan/nathan.nix
View File

@@ -1,29 +1,41 @@
{ self, inputs, ... }: {
flake.nixosModules.user-nathan = { config, lib, pkgs, ... }: let
laptop = [ "laptop" ];
homebox = [ "homebox" ];
#both = laptop ++ homebox;
useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
in {
laptop = [ "laptop" ];
homebox = [ "homebox" ];
iso = [ "iso" ];
pi4 = [ "pi4" ];
z2w = [ "red-black" "blue-white" "z2w" ];
useWith = x: y: (lib.mkIf (builtins.any (z: z == config.networking.hostName) x) y);
in {
config = {
sops.secrets."nathan/pass".neededForUsers = true;
users.users.nathan = {
enable = true;
shell = pkgs.zsh;
name = lib.mkDefault "nathan";
isNormalUser = lib.mkDefault true;
#hashedPasswordFile = lib.mkIf (cfg.hashedPasswordFile != null) cfg.hashedPasswordFile;
extraGroups = [ "networkmanager" "docker" "libvirtd" "wheel" ];
hashedPassword = lib.mkIf
(config.users.users.nathan.hashedPasswordFile == null)
"$y$j9T$F0pn6l4C45lz4a0FTZLqE0$Fc48Ptbmz/3MJCk/Jsaqop4ff.bY3J3GcjhmJx5R7k6";
extraGroups = lib.mkMerge [
[ "networkmanager" "wheel" ]
(useWith (homebox) [ "docker" "libvirtd" ])
(useWith (pi4) [ "gpio" ])
];
openssh.authorizedKeys.keys = lib.mkMerge [
(useWith homebox [
(useWith (homebox) [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCM7ZgIu4+ntHZbzo9iQPq5pUt7AhpOnfvvI0lWDgO4CgtkPGvyFrDnW87wjAKGKYkgKeHWHIkwq2hkEDqlPD+7xxtPpwzfyo7ZS23xlP31rL14HcG21jGHgx9SO7RmGDHHylu4PwJzz/KX59hcVmpSSV4hgB/mYA9UKe6VHv39X4y3HsjmiHwNBOKXltG4V+VkxOZD6HcZ62sgkyDTaqDpE7p+q8vHPbm6dVTKC9cMjtJmjB5EesMGKcEAy3VN2tA9M0EndtaLcBKM39vDXGpBsjURYZTu7NbQnncnO7L8kVL0nT4vA/d4mCjB51dPoXIcxn1ise0TOb9G7TxMbBQQO5YMOpiB2iuZRRvB3sYoKwbO8YfSxZi0EhvLcxkF9GBFw+pWPl0p0D2fPBbW88YQfEpoAt2EWvEu/pgaMJsTHpgaIuDwPLVQmDciX4MRoi324oElGSK8yN0P8IaCHhFchuehLBWvTi34Qot0GpnxeTzmlLzImICO9Yq0I7dk2rk= nathan@rpi-3dp"
])
(useWith (iso ++ pi4 ++ z2w) [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsU69CxfQk58CvItPN426h5Alnpb60SH37wet97Vb57 nathan@laptop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
])
(useWith laptop [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEnUhN2uHwAJF/SLRX3wlGRmfhV3zpP88JQAYB+gh8jW nathan@localhost"
])
@@ -37,14 +49,15 @@
home-manager.users.nathan = with self.homeModules; lib.mkMerge [
self.homeModules.nathan
(useWith laptop nathan-aurora)
(useWith laptop nathan-firefox)
(useWith laptop nathan-rofi)
(useWith laptop nathan-hypridle)
(useWith laptop nathan-hyprland)
(useWith laptop nathan-kitty)
(useWith laptop nathan-scripts)
(useWith laptop nathan-pywal)
(useWith (laptop ++ iso) nathan-aurora)
(useWith (laptop ++ iso) nathan-firefox)
(useWith (laptop ++ iso) nathan-rofi)
(useWith (laptop ++ iso) nathan-hypridle)
(useWith (laptop ++ iso) nathan-hyprland)
(useWith (laptop ++ iso) nathan-kitty)
(useWith (laptop ++ iso) nathan-scripts)
(useWith (laptop ++ iso) nathan-pywal)
(useWith (laptop ++ homebox) nathan-sops)
(useWith laptop {
wayland.windowManager.hyprland.extraConfig = ''
@@ -53,13 +66,35 @@
bind = ALT, Escape, exec, if [[ $(hyprctl monitors | grep 0x0 | sed -n -e "s/\t*1920x1080@//" -e "s/.[1234567890]* at 0x0//p") == 300 ]]; then hyprctl keyword monitor eDP-1,1920x1080@60,0x0,1; else hyprctl keyword monitor eDP-1,1920x1080@300,0x0,1; fi
'';
})
(useWith (iso) {
wayland.windowManager.hyprland.extraConfig = ''
monitor=,preferred,auto,1
'';
})
(useWith (iso ++ pi4 ++ z2w ++ homebox) {
olympus = {
packageSet = "minimal";
};
})
];
};
};
flake.homeModules.nathan-standalone = { lib, ... }:
flake.homeModules.nathan-sops = { ... }: {
imports = [
inputs.sops-nix.homeManagerModules.sops
];
{
config = {
sops.defaultSopsFile = ./secrets.yaml;
};
};
flake.homeModules.nathan-standalone = { ... }: {
config = {
@@ -83,6 +118,7 @@
modules = [
self.homeModules.nathan
self.homeModules.nathan-standalone
];
};
}

35
modules/users/nathan/secrets.yaml Normal file
View File

@@ -0,0 +1,35 @@
nathan:
pass: ENC[AES256_GCM,data:QCpcdtN8Bzn4UnrIdwcEv5jkpW1Xfsmhy7iMyOmBUuMFqqmKrJcFbIUJCuNUSqtRgRl4KO7gzUuXfZbaDX0tm+B/YDEt8vAWxQ==,iv:3GYAq0I2uqJ91YewyTVoTQNR6cnwJROQr2ipgHvbmSo=,tag:oHnAjSNqIIp39LLI8kSONQ==,type:str]
sops:
age:
- recipient: age1yqgyp2uxz4lzrc9f9ka0mfjl5fr6ahf8nf24nlmran2wulg6fpvq9hyp9q
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNOWVVVVpVdGFMMmNaTmU2
ZStjR0liZVVKSHcyQUhiVkdCeWhCZUVGMzFRCkFRc0xpdUJ5R0lMUHZzcVN3TTd3
OXVuNHhqSVBoYnFveFljbHlBbGRoZVkKLS0tIHgvOFA2cGxMaTFBUGFrQVBmRVJ1
N3ZvV3VKbmhNUGx1ckhhdWZVemRCMGcKLwZZ+wlV8EOCk7F5eaBFR4HPPCjvPI/+
UyQFJSzc9gGCNrhGicFtrDLx0m/JCzU/jILFUXav9IUTZ8ZRi01BOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1640eg0pnmkruc89m5xguz0m8fek44fl4tzez6qwuzlz6kmapqewsp8esxd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWQ1hRVHIrWHp0ZnlFVmJR
ODk4VzZPWnBLaTMxK3pLR2VxQk9LY0tMWWhVCjFqUzMxb01JNXZuaWVIdEE2NkxL
UWp2UytEYVl0SnZHQm4veGNva1p1a2MKLS0tIEphZVU4VjJJblpDRzdNZ3hJbTAx
c3lUMjBXMjVUY2VlSm9SRTNHUEdJd1kK/hotdiVc5La4c6k4U73URA/26y6EMzDL
iHqVcXZmgkipQtFB5Fvfs/6Zuc0E2f4zQmZSaGw2hQheVl1snm5xiw==
-----END AGE ENCRYPTED FILE-----
- recipient: age12pnf36uqesjmy3e0lythfnpwam3zg5mv8m936fc4jphy4ces2fdqwn0s74
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJMDl4bWVPNnpxYXZmWG1h
N2krT2lqN09IOHlvS1FaL1hTNFpsZS9XUmdrCkRFc3YyaWNjejJobVlrdEFReW9N
RlRHdVc1RHNxUE0vV0VvTzdlMm11R3MKLS0tIEpDMUVVME9PdFVNVnVEeG5Oay9l
UU50YWtqSG5SYjc2YUhFWmNZc3NpNTAKPaL3XXAUMD0wjI3PkXEWN4epQPSURN+J
b7di0rMlc6JtJrtzU3HdfmXneMfd4Da9Xk1SeFIxKHS0AsD4cJyt2w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2026-04-24T01:30:18Z"
mac: ENC[AES256_GCM,data:1tuKI1VMDSiCNWZ2fXp4G3Z0OmhxdyF8IlTaoEFCq324qNgaIfUX7TLfzzEF7ogctf1VBwdu2klGNRKAwjaVIZ8/9U7RgjtkbP5KGJMtXiVkDh1gNV31mlE9ogddxixkQiM9j3wI3RbgsAJaBwo3WGNwEeRrqO21unlE28BrMo0=,iv:Asdx7jYvylRDxWRu7XALP9FpPxWvban8pldJ5b/O9to=,tag:cECR7vjAR05RyLhEWIIrcA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.12.1

22
modules/users/nathan/sops.nix Normal file
View File

@@ -0,0 +1,22 @@
{ inputs, ... }: {
flake.nixosModules.sops = { config, lib, ... }: {
imports = [
inputs.sops-nix.nixosModules.sops
];
config = {
sops.secrets."nathan/pass" = {
neededForUsers = true;
sopsFile = ./secrets.yaml;
};
users.users.nathan = {
enable = lib.mkDefault false;
hashedPasswordFile = lib.mkDefault config.sops.secrets."nathan/pass".path;
};
};
};
}