diff --git a/flake.lock b/flake.lock index 213f672..f0cf77e 100755 --- a/flake.lock +++ b/flake.lock @@ -86,11 +86,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1764956616, - "narHash": "sha256-jTGdwLtST22pUZqlRvOMAwSBxpj4bxKpIfThpmBX3Pw=", + "lastModified": 1766518114, + "narHash": "sha256-3zIOjIidbrHXTxEzjPVrwSd19Mwdfw58VvSnTWtlunc=", "ref": "refs/heads/main", - "rev": "526dd85c8047fb700dd7715701e4ca1e553275a0", - "revCount": 1321, + "rev": "138c4ebdbe0c3eead5656373ea8837a5bd49c40b", + "revCount": 1329, "type": "git", "url": "https://codeberg.org/LGFae/awww" }, @@ -120,17 +120,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1764381410, - "narHash": "sha256-WR/oQQjveFqQxo8oHngZuOVgBQINDgPe+lCXLeNhAAg=", + "lastModified": 1768655473, + "narHash": "sha256-iWnILPS2mP9ubbjRAhNv6Fqg1J/upxmD9OQTZQR4O2w=", "owner": "caelestia-dots", "repo": "cli", - "rev": "ed12d4cb82600872a82feb577711be1148c7af35", + "rev": "7de6c6063119a7cef27c6bd4c88f2c5ac4cbc064", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1764655592, - "narHash": "sha256-xaKTcjcmUqkJVb0DQv5UKib/tSFeyBTOuaWxyIlzSTw=", + "lastModified": 1768700084, + "narHash": "sha256-G/RtxgpF4OHRWy82/MHmEClOq9sBn8tki6K6vCuPZvU=", "owner": "caelestia-dots", "repo": "shell", - "rev": "16229e4219ef6a0951e4c9a3bff9bfe3fd54f16f", + "rev": "408c523d257f5e22fd95229dd36e76f4b90439a2", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1764627417, - "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", + "lastModified": 1768727946, + "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=", "owner": "nix-community", "repo": "disko", - "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", + "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f", "type": "github" }, "original": { @@ -266,11 +266,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -314,11 +314,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -475,11 +475,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -580,7 +580,10 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": [ + "niri-nfsm", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -598,10 +601,7 @@ }, "flake-utils_5": { "inputs": { - "systems": [ - "niri-nfsm", - "systems" - ] + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -637,25 +637,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, @@ -691,16 +673,17 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", + "home-manager": "home-manager", "nixpkgs": "nixpkgs_2", "zig": "zig", "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1764953050, - "narHash": "sha256-TkMjYCGm6FHflVQadN6mx1+3lWzY4wl+3U40lfvTroQ=", + "lastModified": 1768776776, + "narHash": "sha256-OeoF0vBLezZ0WQDxjpI5OHQskKzeCpOITYJ6XoUDwWg=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "08c9661683edc1e9e63d8e6abd469a68faaee575", + "rev": "250877eff69ee1f00168a1f5ce9ab5490e29b0dc", "type": "github" }, "original": { @@ -713,7 +696,7 @@ "inputs": { "flake-compat": "flake-compat_4", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1767281941, @@ -798,11 +781,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", "type": "gitlab" }, "original": { @@ -816,15 +799,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "ghostty", "nixpkgs" ] }, "locked": { - "lastModified": 1764998300, - "narHash": "sha256-fZatn/KLfHLDXnF0wy7JxXqGaZmGDTVufT4o/AOlj44=", + "lastModified": 1768068402, + "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "owner": "nix-community", "repo": "home-manager", - "rev": "27a6182347ccae90a88231ae0dc5dfa7d15815bb", + "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768770171, + "narHash": "sha256-JPmLGZgdWa8QcQbbtBqyZhpmxIHZ3lUO48laERjw+4k=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "521d5ea1a229ba315dd1cceaf869946ddcc83d36", "type": "github" }, "original": { @@ -902,17 +906,17 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_3", "xdph": "xdph" }, "locked": { - "lastModified": 1767812022, - "narHash": "sha256-BHBiQhlNl+Lxvp/bBOOTWhxbXYMoVG4xiyv9DE/nuZ4=", + "lastModified": 1768746153, + "narHash": "sha256-H3BxpO76d/SX/qiCzl3bUi352xIkgdqqSb0sJfuv25w=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "918e2bb9be0e1d233f9394f1d569137788c43c01", + "rev": "eb0480ba0d0870ab5d8a876f01c6ab033a4b35f4", "type": "github" }, "original": { @@ -984,11 +988,11 @@ ] }, "locked": { - "lastModified": 1764888835, - "narHash": "sha256-CnxxUzSj421QJD2RW7zB1LhvwT+zAFpVDEGw6DKj0II=", + "lastModified": 1767723101, + "narHash": "sha256-jObY8O7OI+91hoE137APsDxm0235/Yx+HhFIip187zM=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "4ccb444d942d6fbd3135495fe3a0440610cf747a", + "rev": "fef398ed5e4faf59bc43b915e46a75cfe8b16697", "type": "github" }, "original": { @@ -1265,18 +1269,17 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], "spectrum": "spectrum" }, "locked": { - "lastModified": 1764625594, - "narHash": "sha256-RwtPzq4rqDCLki3oOLuUUkKcuaZPy4IDUBb5tAWl4Xk=", + "lastModified": 1768682386, + "narHash": "sha256-mKrMf7eG9TM2AM3pTuhIiCGmZ/JwDegCQH3ThVqcTuc=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "6dab9a797f262a352eed55078597582ed2ded336", + "rev": "f469c1dfede623bbbf1ac605f6359316fd4002ef", "type": "github" }, "original": { @@ -1287,11 +1290,11 @@ }, "mnw": { "locked": { - "lastModified": 1758834834, - "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=", + "lastModified": 1767030222, + "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001", + "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", "type": "github" }, "original": { @@ -1308,15 +1311,16 @@ ] }, "locked": { - "lastModified": 1765720983, - "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", + "lastModified": 1768214250, + "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", "owner": "feel-co", "repo": "ndg", - "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", + "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", "type": "github" }, "original": { "owner": "feel-co", + "ref": "refs/tags/v2.6.0", "repo": "ndg", "type": "github" } @@ -1325,14 +1329,14 @@ "inputs": { "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1764979571, - "narHash": "sha256-xOGEM8dZ6WtOnf+fkTthtiUbE47ZCEvuZTVsOrdTEZU=", + "lastModified": 1768781101, + "narHash": "sha256-p3guh/Vx4Pf+Ggk3X69SPTJot6emv6rgKpoBLNO61Ag=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "a70eaf7ca72ae845d53e2b2aa6106eebb00a4ed0", + "rev": "e90cb6d441572fc05ffb8769051d59f1d2d3269e", "type": "github" }, "original": { @@ -1344,11 +1348,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1764968664, - "narHash": "sha256-aueNP7DLGEqX+eUlkMz0X7h0X3c4IxLLxhMBG7MTPpg=", + "lastModified": 1768778690, + "narHash": "sha256-XrWZBeH0GnvnQzE9Xmm69sesSGB2h5uVLuTmLA7k1p0=", "owner": "neovim", "repo": "neovim", - "rev": "d6bee7e407442112ee9008ea35d6fe73dbb3eaaf", + "rev": "30259d6af79e731491e6b12d815893b1b130b52b", "type": "github" }, "original": { @@ -1369,11 +1373,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1767833217, - "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", + "lastModified": 1768767453, + "narHash": "sha256-Omq1UHEJ1oxkTo2j8l6qQtmyPR7Uj+k7HC5Khd3jVVA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", + "rev": "8eab7c21ef4edc97cc56ddb8e76a842e0818d6d7", "type": "github" }, "original": { @@ -1384,18 +1388,18 @@ }, "niri-nfsm": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { - "lastModified": 1764588231, - "narHash": "sha256-vH7ILtO2y7wesmbgzi4XiDVjiq2rvLEt4s8sW2t5IpY=", + "lastModified": 1768392962, + "narHash": "sha256-bLgk7kH3ciTMCD/rONZf5y08FAYD226CQpED8QyrWyk=", "owner": "dachxy", "repo": "nfsm", - "rev": "be633954b081bb050013f7c92d4f5d642c555af3", + "rev": "cd1b8d5fbe21cd30b73435c507403b4d2d382994", "type": "github" }, "original": { @@ -1425,11 +1429,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1767792726, - "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", "owner": "YaLTeR", "repo": "niri", - "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", "type": "github" }, "original": { @@ -1466,11 +1470,11 @@ ] }, "locked": { - "lastModified": 1764475780, - "narHash": "sha256-77jL5H5x51ksLiOUDjY0ZK8e2T4ZXLhj3ap8ETvknWI=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5a3ff8c1a09003f399f43d5742d893c0b1ab8af0", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -1482,17 +1486,17 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1764986396, - "narHash": "sha256-HYBvpziKGvKY/XfMCBRCTuUUqhPWjWiWaPthIsPzGDk=", + "lastModified": 1768357481, + "narHash": "sha256-LpOWVXsHx20x8eRIhn23Q0icmV3Z6ZeFpAPzEqldXFk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "70b931d67256ad7ebfced45ed797c016943bbff2", + "rev": "f888492aa1a1eeb0114cf78af40d44e8300e002e", "type": "github" }, "original": { @@ -1503,15 +1507,15 @@ }, "nix-search-tv": { "inputs": { - "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_7" + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1763912269, - "narHash": "sha256-9/OFoOAE5fNfwbemapBeBWZqaDz7/Q7h1w93YmiLuns=", + "lastModified": 1767922902, + "narHash": "sha256-ygA9AF4PrM+4G+Le70UI12OQPIjLmELg3Xpkmc7nMz0=", "owner": "3timeslazy", "repo": "nix-search-tv", - "rev": "c7919f34fde2e87de3fe70c74bf18c7e0091f19b", + "rev": "b21e232cb81320ee6225fea857ebcf33ebd19079", "type": "github" }, "original": { @@ -1550,11 +1554,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1764841794, - "narHash": "sha256-TcJ2kgFn8qbbNCh7HJLadi4ZvW9CFrbLB02VS7biWlo=", + "lastModified": 1768402933, + "narHash": "sha256-iNjr5pE5SvawTT3byEIU65FzWTMMjVfRhPXa2m818jM=", "owner": "nix-community", "repo": "nixd", - "rev": "514db907c8a0b32a0bdc1678d480a5278da4b679", + "rev": "13a89b59d0711390f0c765e693509f8282a1ff7e", "type": "github" }, "original": { @@ -1565,11 +1569,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764836381, - "narHash": "sha256-8jemYbbW9EBttQKHep7Rj8kzXaxsrk/lACdXA2DN5Xk=", + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ff06bd3398fb1bea6c937039ece7e7c8aa396ebf", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", "type": "github" }, "original": { @@ -1609,11 +1613,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768621446, + "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "72ac591e737060deab2b86d6952babd1f896d7c5", "type": "github" }, "original": { @@ -1623,29 +1627,13 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1764947035, - "narHash": "sha256-3PmKrux+ApKEM4IMRNAKeuWicwgRiRcprSuEnsbhVe4=", - "rev": "a672be65651c80d3f592a89b3945466584a22069", + "lastModified": 1768032153, + "narHash": "sha256-zvxtwlM8ZlulmZKyYCQAPpkm5dngSEnnHjmjV7Teloc=", + "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", "type": "tarball", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre906997.a672be65651c/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre925418.3146c6aa9995/nixexprs.tar.xz" }, "original": { "type": "tarball", @@ -1653,19 +1641,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1758360447, - "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", - "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz" - }, - "original": { - "type": "tarball", - "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1764947035, "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", @@ -1681,7 +1656,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1767379071, "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", @@ -1697,13 +1672,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1764915887, - "narHash": "sha256-CeBCJ9BMsuzVgn8GVfuSRZ6xeau7szzG0Xn6O/OxP9M=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42e29df35be6ef54091d3a3b4e97056ce0a98ce8", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -1713,7 +1688,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1757584362, "narHash": "sha256-XeTX/w16rUNUNBsfaOVCDoMMa7Xu7KvIMT7tn1zIEcg=", @@ -1729,13 +1704,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -1745,13 +1720,29 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { - "lastModified": 1764445028, - "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", + "lastModified": 1768569498, + "narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a09378c0108815dbf3961a0e085936f4146ec415", + "rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", "type": "github" }, "original": { @@ -1768,11 +1759,11 @@ ] }, "locked": { - "lastModified": 1767851722, - "narHash": "sha256-33madeYEiounlmTjaTZk3KV0NutlT6qwwf/RgOuIdmQ=", + "lastModified": 1768785620, + "narHash": "sha256-ZhhZNA3romjb3ukC3cKnEhzv2GQDIMIComwtXpCqVCY=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "f9cbc7bc57315a92af99dce80385f8e42ccfe64f", + "rev": "cf2e02c6e9bf9f38d3e3787c6afe7d83f169ed5c", "type": "github" }, "original": { @@ -1793,11 +1784,11 @@ ] }, "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -1815,14 +1806,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_9" + "systems": "systems_8" }, "locked": { - "lastModified": 1767847386, - "narHash": "sha256-S8lf6YtZpJQaq38GCuao+h7LnNYFVvTpI70lNevk5xM=", + "lastModified": 1768464392, + "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", "owner": "notashelf", "repo": "nvf", - "rev": "317877430a36e2e449405aaea30788119791dedc", + "rev": "007f14a2c8d67568f4655654b401871920d73011", "type": "github" }, "original": { @@ -1885,11 +1876,11 @@ ] }, "locked": { - "lastModified": 1764045583, - "narHash": "sha256-W24ReyRrhOKTKIsuAMkY5hnVlCufGoONM79sjUoyQkk=", + "lastModified": 1768689040, + "narHash": "sha256-Tlnr5BulJcMers/cb+YvmBQW4nKHjdKo9loInJkyO2k=", "ref": "refs/heads/master", - "rev": "e9bad67619ee9937a1bbecfc6ad3b4231d2ecdc3", - "revCount": 709, + "rev": "7a427ce1979ce7447e885c4f30129b40f3d466f5", + "revCount": 729, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1907,7 +1898,7 @@ "disko": "disko", "ghostty": "ghostty", "git-hooks": "git-hooks", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", "lanzaboote": "lanzaboote", @@ -1923,13 +1914,13 @@ "nix-search-tv": "nix-search-tv", "nix-tmodloader": "nix-tmodloader", "nixd": "nixd", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "noctalia": "noctalia", "nvf": "nvf", "rust-overlay": "rust-overlay_3", "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_11", + "systems": "systems_10", "yazi": "yazi", "zen-browser": "zen-browser" } @@ -1983,11 +1974,11 @@ ] }, "locked": { - "lastModified": 1764988672, - "narHash": "sha256-FIJtt3Zil89/hLy9i7f0R2xXcJDPc3CeqiiCLfsFV0Y=", + "lastModified": 1768791178, + "narHash": "sha256-ZVqH14w7y40DEQOghli1c28NopVNFk1MNNRzEIwMa6M=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "086fd19a68e80fcc8a298e9df4674982e4c498a6", + "rev": "3941028eccc4d981f75c933786e1fd95b71024f1", "type": "github" }, "original": { @@ -2019,14 +2010,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1768709255, + "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9", "type": "github" }, "original": { @@ -2064,7 +2055,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_10", + "systems": "systems_9", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -2072,11 +2063,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764979509, - "narHash": "sha256-n68Io6VWMbUX4857RHqGOfH9MDdta7EX6OYn8e/m8sI=", + "lastModified": 1768744881, + "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", "owner": "nix-community", "repo": "stylix", - "rev": "3a332459f45b16c6df9d788e923f293a4c28d793", + "rev": "06684f00cfbee14da96fd4307b966884de272d3a", "type": "github" }, "original": { @@ -2101,21 +2092,6 @@ } }, "systems_10": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_11": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2129,7 +2105,7 @@ "type": "indirect" } }, - "systems_12": { + "systems_11": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2190,21 +2166,6 @@ } }, "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_6": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -2219,6 +2180,21 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_7": { "locked": { "lastModified": 1681028828, @@ -2300,11 +2276,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -2316,11 +2292,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -2332,11 +2308,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -2427,11 +2403,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1767830382, - "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", "type": "github" }, "original": { @@ -2442,16 +2418,16 @@ }, "yazi": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_10", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1764949583, - "narHash": "sha256-pB+q3HIyIA3k1AnDiU9MDfJ5xNso1XX95qV0F5oe3cM=", + "lastModified": 1768756095, + "narHash": "sha256-5YO/8LTVhUFJ4jJMuJtgE3oGGD0D7aR0fcfHEKvQmTo=", "owner": "sxyazi", "repo": "yazi", - "rev": "c569263a5084f627ae70f983c271464b42890426", + "rev": "ca4cc594136e313b47f8da0f3699b7ea9699a959", "type": "github" }, "original": { @@ -2470,11 +2446,11 @@ ] }, "locked": { - "lastModified": 1767763594, - "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", + "lastModified": 1768788372, + "narHash": "sha256-TTEB3amVrXNX5AmIj7Bb8Dp2W8BOD73GbW8p5uH8kQI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", + "rev": "756b3eff6a629b70ea971b8a1819f22bc3789730", "type": "github" }, "original": { @@ -2499,11 +2475,11 @@ ] }, "locked": { - "lastModified": 1760401936, - "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=", + "lastModified": 1763295135, + "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "365085b6652259753b598d43b723858184980bbe", + "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a", "type": "github" }, "original": { @@ -2514,20 +2490,23 @@ }, "zon2nix": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "ghostty", + "nixpkgs" + ] }, "locked": { - "lastModified": 1758405547, - "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=", + "lastModified": 1768231828, + "narHash": "sha256-wL/8Iij4T2OLkhHcc4NieOjf7YeJffaUYbCiCqKv/+0=", "owner": "jcollie", "repo": "zon2nix", - "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245", + "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071", "type": "github" }, "original": { "owner": "jcollie", "repo": "zon2nix", - "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245", + "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071", "type": "github" } } diff --git a/home/options/noctalia.nix b/home/options/noctalia.nix index ce9dfae..0020381 100755 --- a/home/options/noctalia.nix +++ b/home/options/noctalia.nix @@ -1,17 +1,19 @@ { config, lib, ... }: let - inherit (lib) - mkOption - types + inherit (builtins) elem isList filter listToAttrs concatMap - nameValuePair attrNames isAttrs ; + inherit (lib) + mkOption + types + nameValuePair + ; filterAttrsRecursive' = pred: set: diff --git a/home/presets/basic.nix b/home/presets/basic.nix index 7d9ca55..41ca8ed 100755 --- a/home/presets/basic.nix +++ b/home/presets/basic.nix @@ -19,5 +19,6 @@ ../user/wm-service.nix ../user/ghostty.nix ../user/podman.nix + ../user/image-viewer.nix ]; } diff --git a/home/user/image-viewer.nix b/home/user/image-viewer.nix new file mode 100644 index 0000000..633fd55 --- /dev/null +++ b/home/user/image-viewer.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ loupe ]; + + xdg.mimeApps = + let + value = "org.gnome.Loupe.desktop"; + + associations = builtins.listToAttrs ( + map + (name: { + inherit name value; + }) + [ + "image/png" + "image/jpeg" + "image/gif" + "image/bmp" + "image/webp" + "image/tiff" + "image/svg+xml" + "image/x-icon" + "image/avif" + "image/heif" + "image/heic" + "image/jxl" + "image/apng" + "image/x-raw" + "image/x-xbitmap" + "image/x-xpixmap" + "image/x-portable-bitmap" + "image/x-portable-graymap" + "image/x-portable-pixmap" + "image/x-tga" + "image/x-pcx" + ] + ); + in + { + associations.added = associations; + defaultApplications = associations; + }; +} diff --git a/home/user/nvf/default.nix b/home/user/nvf/default.nix index 8613edf..47ef48d 100755 --- a/home/user/nvf/default.nix +++ b/home/user/nvf/default.nix @@ -436,7 +436,10 @@ in ts-error-translator.enable = true; }; }; - python.enable = true; + python = { + enable = true; + format.type = [ "ruff" ]; + }; markdown = { enable = true; extensions = { diff --git a/home/user/yazi.nix b/home/user/yazi.nix index db424ca..4c72d47 100755 --- a/home/user/yazi.nix +++ b/home/user/yazi.nix @@ -7,7 +7,7 @@ }: let inherit (pkgs.stdenv.hostPlatform) system; - inherit (lib) getExe'; + inherit (lib) getExe' getExe; yaziPlugins = pkgs.fetchFromGitHub { owner = "yazi-rs"; repo = "plugins"; @@ -43,11 +43,11 @@ in enableFishIntegration = true; plugins = { - toggle-pane = ''${yaziPlugins}/toggle-pane.yazi''; - mount = ''${yaziPlugins}/mount.yazi''; - zoom = ''${yaziPlugins}/zoom''; - vcs-files = ''${yaziPlugins}/vcs-files''; - git = ''${yaziPlugins}/git''; + toggle-pane = "${yaziPlugins}/toggle-pane.yazi"; + mount = "${yaziPlugins}/mount.yazi"; + zoom = "${yaziPlugins}/zoom"; + vcs-files = "${yaziPlugins}/vcs-files"; + git = "${yaziPlugins}/git"; }; settings = { @@ -77,7 +77,7 @@ in ]; player = [ - { run = ''mpv --force-window "$1"''; } + { run = ''${getExe pkgs.mpv} --force-window "$1"''; } ]; open = [ diff --git a/home/user/zellij.nix b/home/user/zellij.nix index fc63a36..f39160c 100755 --- a/home/user/zellij.nix +++ b/home/user/zellij.nix @@ -21,7 +21,7 @@ let zellij-sessionizer-src = fetchurl { url = "https://raw.githubusercontent.com/dachxy/zellij-sessionizer/refs/heads/main/zellij-sessionizer"; - sha256 = "sha256:12kbni75x9g424bymky8cy84i354j654rfmz9bffnabbblccfbpn"; + sha256 = "sha256:0p6s2mwcya448vgag42akwlfmzr9nw1vxh6gv5lmz1xmyrhkysjd"; }; zellij-sessionizer = pkgs.writeShellScriptBin "zellij-sessionizer" '' diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index 557cc2a..957b5f0 100755 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -172,8 +172,6 @@ in "application/json" "application/pdf" "text/html" - "image/png" - "image/jpeg" ] ); in diff --git a/options/default.nix b/options/default.nix index de7b84b..07a9412 100755 --- a/options/default.nix +++ b/options/default.nix @@ -1,5 +1,6 @@ { imports = [ ./systemconf.nix + ./game/velocity.nix ]; } diff --git a/options/game/velocity.nix b/options/game/velocity.nix new file mode 100644 index 0000000..7621644 --- /dev/null +++ b/options/game/velocity.nix @@ -0,0 +1,152 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (pkgs.writers) writeTOML; + inherit (lib) + mkIf + mkOption + mkEnableOption + mkPackageOption + types + getExe + ; + cfg = config.services.velocity; + defaultSettings = { + config-version = "2.7"; + motd = "<#09add3>A Velocity Server"; + show-max-players = 500; + online-mode = true; + force-key-authentication = true; + prevent-client-proxy-connections = false; + player-info-forwarding-mode = "none"; + forwarding-secret-file = "forwarding.secret"; + announce-forge = false; + kick-existing-players = false; + ping-passthrough = "DISABLED"; + sample-players-in-ping = false; + enable-player-address-logging = true; + + servers = { + }; + + forced-hosts = { + }; + + advanced = { + compression-threshold = 256; + compression-level = -1; + login-ratelimit = 3000; + connection-timeout = 5000; + read-timeout = 30000; + haproxy-protocol = false; + tcp-fast-open = false; + bungee-plugin-message-channel = true; + show-ping-requests = false; + failover-on-unexpected-server-disconnect = true; + announce-proxy-commands = true; + log-command-executions = false; + log-player-connections = true; + accepts-transfers = false; + enable-reuse-port = false; + command-rate-limit = 50; + forward-commands-if-rate-limited = true; + kick-after-rate-limited-commands = 0; + tab-complete-rate-limit = 10; + kick-after-rate-limited-tab-completes = 0; + }; + + query = { + enabled = false; + port = 25565; + map = "Velocity"; + show-plugins = false; + }; + }; +in +{ + options.services.velocity = { + enable = mkEnableOption "Enable the minecraft proxy"; + package = mkPackageOption pkgs "velocity" { }; + user = mkOption { + type = types.str; + default = "velocity"; + }; + group = mkOption { + type = types.str; + default = "velocity"; + }; + + host = mkOption { + type = types.str; + default = "0.0.0.0"; + }; + + port = mkOption { + type = types.port; + default = 25565; + }; + + openFirewall = mkEnableOption "Open firewall for velocity" // { + default = true; + }; + + settings = mkOption { + type = + with types; + attrsOf (oneOf [ + attrs + str + int + bool + ]); + default = defaultSettings; + apply = + v: + defaultSettings + // { + bind = "${cfg.host}:${toString cfg.port}"; + } + // v; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + + users.users.${cfg.user} = { + isSystemUser = true; + group = cfg.group; + }; + users.groups.${cfg.group} = { }; + + systemd.services.velocity = + let + configFile = writeTOML "velocity.toml" cfg.settings; + in + { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStartPre = + let + configFilePath = "/var/lib/velocity/velocity.toml"; + in + [ + "${pkgs.coreutils}/bin/cp ${configFile} ${configFilePath}" + "${pkgs.coreutils}/bin/chmod 750 ${configFilePath}" + "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${configFilePath}" + ]; + ExecStart = "${getExe cfg.package}"; + StateDirectory = "velocity"; + StateDirectoryMode = "0750"; + WorkingDirectory = "/var/lib/velocity"; + }; + }; + }; +} diff --git a/options/systemconf.nix b/options/systemconf.nix index 7c18aa5..3094cd9 100755 --- a/options/systemconf.nix +++ b/options/systemconf.nix @@ -1,4 +1,5 @@ { + self, inputs, config, pkgs, @@ -124,7 +125,12 @@ in useUserPackages = true; useGlobalPkgs = true; extraSpecialArgs = { - inherit helper inputs system; + inherit + helper + inputs + system + self + ; inherit (cfg) username hostname; }; sharedModules = [ diff --git a/system/dev/dn-pre7780/games/default.nix b/system/dev/dn-pre7780/games/default.nix index 4ddf930..640218e 100755 --- a/system/dev/dn-pre7780/games/default.nix +++ b/system/dev/dn-pre7780/games/default.nix @@ -3,6 +3,7 @@ ../../../modules/gaming.nix ./shadps4.nix ./minecraft.nix + ./lsgf-vk.nix ./heroic.nix ]; } diff --git a/system/dev/dn-pre7780/games/heroic.nix b/system/dev/dn-pre7780/games/heroic.nix index 3ce7bb7..47b278f 100755 --- a/system/dev/dn-pre7780/games/heroic.nix +++ b/system/dev/dn-pre7780/games/heroic.nix @@ -3,7 +3,11 @@ home-manager.sharedModules = [ { home.packages = with pkgs; [ - heroic + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamemode + ]; + }) ]; } ]; diff --git a/system/dev/dn-pre7780/games/lsgf-vk.nix b/system/dev/dn-pre7780/games/lsgf-vk.nix new file mode 100644 index 0000000..896dc21 --- /dev/null +++ b/system/dev/dn-pre7780/games/lsgf-vk.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + home-manager.sharedModules = [ + { + home.packages = with pkgs; [ + lsfg-vk + lsfg-vk-ui + ]; + } + ]; +} diff --git a/system/dev/dn-pre7780/games/minecraft.nix b/system/dev/dn-pre7780/games/minecraft.nix index f0123aa..1ff16b1 100755 --- a/system/dev/dn-pre7780/games/minecraft.nix +++ b/system/dev/dn-pre7780/games/minecraft.nix @@ -4,8 +4,6 @@ { home.packages = with pkgs; [ prismlauncher - lsfg-vk - lsfg-vk-ui ]; } ]; diff --git a/system/dev/dn-pre7780/home/wm/hyprland.nix b/system/dev/dn-pre7780/home/wm/hyprland.nix index 0891af9..1a55134 100755 --- a/system/dev/dn-pre7780/home/wm/hyprland.nix +++ b/system/dev/dn-pre7780/home/wm/hyprland.nix @@ -1,7 +1,14 @@ -{ pkgs, lib, ... }: +{ + self, + pkgs, + lib, + ... +}: let + serverCfg = self.nixosConfigurations.dn-server.config; + inherit (serverCfg.services.nextcloud) hostName; memeSelector = pkgs.callPackage ../../../../../home/scripts/memeSelector.nix { - url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; + url = "https://${hostName}/public.php/dav/files/pygHoPB5LxDZbeY/"; }; in { diff --git a/system/dev/dn-pre7780/network/default.nix b/system/dev/dn-pre7780/network/default.nix index cff9313..caf3094 100755 --- a/system/dev/dn-pre7780/network/default.nix +++ b/system/dev/dn-pre7780/network/default.nix @@ -1,6 +1,7 @@ { imports = [ ../../../modules/netbird-client.nix + ./openfortivpn.nix # ../../../modules/wireguard.nix ]; } diff --git a/system/dev/dn-pre7780/network/openfortivpn.nix b/system/dev/dn-pre7780/network/openfortivpn.nix new file mode 100644 index 0000000..16a7ba8 --- /dev/null +++ b/system/dev/dn-pre7780/network/openfortivpn.nix @@ -0,0 +1,27 @@ +{ + pkgs, + lib, + config, + ... +}: +let + inherit (lib) getExe; + inherit (config.sops) secrets; +in +{ + sops.secrets = { + "openfortivpn" = { }; + }; + + systemd.services.openfortivpn = { + script = '' + ${getExe pkgs.openfortivpn} -c "$CREDENTIALS_DIRECTORY/config" --set-dns=1 --use-resolvconf=1 + ''; + serviceConfig = { + Restart = "no"; + LoadCredential = [ + "config:${secrets."openfortivpn".path}" + ]; + }; + }; +} diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index df55e8e..fff90ce 100755 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -4,6 +4,5 @@ # ./mail.nix ./nginx.nix # ./pangolin.nix - # ./nextcloud.nix ]; } diff --git a/system/dev/dn-pre7780/services/mail.nix b/system/dev/dn-pre7780/services/mail.nix index 2175705..27bcb9c 100755 --- a/system/dev/dn-pre7780/services/mail.nix +++ b/system/dev/dn-pre7780/services/mail.nix @@ -6,6 +6,7 @@ }: let inherit (lib) mkIf; + inherit (config.networking) domain; mkCondition = ( condition: ithen: ielse: [ { @@ -18,7 +19,6 @@ let rspamdWebPort = 11333; rspamdPort = 31009; - domain = "dnywe.com"; fqdn = "mx1.dnywe.com"; rspamdSecretFile = config.sops.secrets."rspamd".path; @@ -202,18 +202,4 @@ in ''; }; }; - - services.mail-ntfy-server = { - enable = true; - settings = { - NTFY_URL = "https://ntfy.net.dn"; - NTFY_TOPIC = "dachxy-mail"; - NTFY_RCPTS = [ "dachxy@dnywe.com" ]; - HOST = "127.0.0.1"; - PORT = 31010; - }; - environmentFiles = [ - config.sops.secrets."ntfy".path - ]; - }; } diff --git a/system/dev/dn-pre7780/services/nextcloud.nix b/system/dev/dn-pre7780/services/nextcloud.nix deleted file mode 100755 index d5f324d..0000000 --- a/system/dev/dn-pre7780/services/nextcloud.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkIf mkForce; - hostname = "drive.dnywe.com"; - port = 31007; -in -{ - sops.secrets = { - "nextcloud/adminPassword" = mkIf config.services.nextcloud.enable { - owner = "nextcloud"; - group = "nextcloud"; - }; - "nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable { - owner = "signaling"; - group = "signaling"; - mode = "0640"; - }; - "nextcloud/whiteboard" = mkIf config.services.nextcloud.enable { - owner = "nextcloud"; - }; - }; - - imports = [ - (import ../../../modules/nextcloud.nix { - configureACME = false; - hostname = hostname; - adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; - trusted-domains = [ - hostname - ]; - trusted-proxies = [ "10.0.0.0/24" ]; - whiteboardSecrets = [ - config.sops.secrets."nextcloud/whiteboard".path - ]; - }) - ]; - - services.nextcloud = { - # enable = mkForce false; - https = mkForce false; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) spreed; - twofactor_totp = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; - sha256 = "sha256-Wa2P6tpp75IxCsTG4B5DQ8+iTzR7yjKBi4ZDBcv+AOI="; - license = "agpl3Plus"; - }; - - twofactor_nextcloud_notification = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.9.0/twofactor_nextcloud_notification-v3.9.0.tar.gz"; - sha256 = "sha256-4fXWgDeiup5/Gm9hdZDj/u07rp/Nzwly53aLUT/d0IU="; - license = "agpl3Plus"; - }; - - twofactor_email = pkgs.fetchNextcloudApp { - url = "https://github.com/nursoda/twofactor_email/releases/download/2.8.2/twofactor_email.tar.gz"; - sha256 = "sha256-zk5DYNwoIRTIWrchWDiCHuvAST2kuIoow6VaHAAzYog="; - license = "agpl3Plus"; - }; - }; - }; - - users.groups.signaling = mkIf config.services.nextcloud.enable { - }; - - users.users.signaling = mkIf config.services.nextcloud.enable { - isSystemUser = true; - group = "signaling"; - }; - - systemd.services.nextcloud-spreed-signaling = mkIf config.services.nextcloud.enable { - requiredBy = [ - "multi-users.target" - "phpfpm-nextcloud.service" - ]; - serviceConfig = { - User = "signaling"; - Group = "signaling"; - ExecStart = "${lib.getExe' pkgs.nextcloud-spreed-signaling "server"} --config ${ - config.sops.secrets."nextcloud/signaling.conf".path - }"; - }; - }; - - services.nats = mkIf config.services.nextcloud.enable { - enable = true; - settings = { - host = "127.0.0.1"; - }; - }; - - services.nginx.virtualHosts."${hostname}".listen = lib.mkForce [ - { - port = port; - addr = "0.0.0.0"; - } - ]; -} diff --git a/system/dev/dn-pre7780/services/nginx.nix b/system/dev/dn-pre7780/services/nginx.nix index 3ec86d5..a18cb43 100755 --- a/system/dev/dn-pre7780/services/nginx.nix +++ b/system/dev/dn-pre7780/services/nginx.nix @@ -1,4 +1,8 @@ -{ config, ... }: +{ self, config, ... }: +let + serverCfg = self.nixosConfigurations.dn-server.config; + inherit (serverCfg.networking) domain; +in { networking.firewall.allowedTCPPorts = [ 443 @@ -10,7 +14,7 @@ defaults = { validMinDays = 2; webroot = null; - server = "https://ca.net.dn/acme/acme/directory"; + server = "https://ca.${domain}/acme/acme/directory"; renewInterval = "daily"; email = "danny@pre7780.dn"; dnsResolver = "10.0.0.1:53"; diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index 9fa4e7c..10cca37 100755 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -1,5 +1,6 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:ozySeNEvkiLt9TGrZCrlJWKT5gcSlZ9T8AeXGO97SPgxI394eCQ/LOkVFl7AykhZvs7YkxMpZzAZxc0oNdTYuDlqfrNr0pqTUJmpX+5PVRmDb5z2MJvERktVkJ4LSvVodoYznDwT/y9q199AFKf3t4EoWuRyR/il6P8HuGVHXrKRYUrwuB4nuq1SIByY+8D2gzohFB/s6pSOPYy6/xCt0Nm+x0wmcdrlyOb0S+4WXlcou2ll98o9q2YDdVBKeW4jyUjFqXM2XzD0JXpAi9ZFlyzxyYNwa4oMYATyCBCH4BNHqe850QHEoCaOovioEdDH/tluB2X/891ixqzURypzbg==,iv:3Q5xOgGcg8/DIwHt4fHsQGtN8f2hGpVDtf47PcwW62I=,tag:SbJqhWi3+h1O5ZIOayDrUw==,type:str] +openfortivpn: ENC[AES256_GCM,data:rWv6kZDYO4yKmrEfm63X7qin0veSx7U/ZZFPM0vxBPjIzh7VZg6wCjJ1pHpSpCT0DS39TA/Z5xhH4l+gOUHMxeuKw1Zn96DxccdpGs+WMdgis8LJc42Qmfnmdw==,iv:QEgbiRV2B5LG7X9KXcln04nUedbV7GiS+3E5AihVbXw=,tag:rGerAwx0FeRLGPBCePdo/w==,type:str] netbird: wt0-setupKey: ENC[AES256_GCM,data:166VX+rgzxhar+GFKxA5d8G3/9ewISdv2hUSwvbggyyjwwvE,iv:w8p4gDP6U0ZONX59t2dnglTC9S2dW2TX5A4OoCzRuzM=,tag:zf3jvlERJtM+osBd4ZQjMA==,type:str] dovecot: @@ -26,6 +27,8 @@ crowdsec: rspamd: ENC[AES256_GCM,data:8DryYdMyhzBqwqcbYUQ=,iv:5w21u3xqshRSf8IJbG16/Gf6AC2Zw6VnI3MOchN+w8A=,tag:OiiYUDT69SZObgOh1qCL0g==,type:str] pangolin: env: ENC[AES256_GCM,data:f5Pq+DE9PeRyOKeygREuovlqOMhe/bmTOrBA7Px3Oq+pWG5kGwnxqDdP/PwawJAskQPC9LN+QP6hIPNrJbPyxtk87hoRMb/3X0ggOw==,iv:yqqQizPwf3EfCelczf/7piH9kYiAwGLTtassvQ8oXNs=,tag:UzVuKIS8WZNAHgpLkzc9XA==,type:str] +velocity: ENC[AES256_GCM,data:Q1Bfiks3/0XsBfouqck9PJr9QmZv/2ayd2qEFNPVz+GW3JpzIPEf2uGn06u7U+ZFtSuV12jG+3fhGhMh+UT3,iv:PHZLyLhNb9NE1J/Tsm35K4g6WMnR/9EYfVrsuDFbaNE=,tag:SCJgjDjaHkLffX8JiWTKsA==,type:str] +fabricProxy: ENC[AES256_GCM,data:MXukmKmMBRXCfeW6MBlfJU3cMZ/Y8sysFxiW0g3MOXnEcySu5tN5uuNhuorWNNknemRWayAaozU+d21UWbHmVez1inVQX193EnlTnDaZ,iv:ih2l1rimFqupZlu3NrGaCL7IMM0SPW6YZkMnk8mtXvc=,tag:wxNatJHNB3isKDuprxl7Fw==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -37,7 +40,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-07T08:17:20Z" - mac: ENC[AES256_GCM,data:M9hBNU2KetaGEhJnYW10nWEWetFWs9c5gPN/0W6UIOsP2Y9E2d8J09Ary9O9z6TjjxqkS+H15SQfo6bjuc19jSwtdQ/scqy9nV1H0pOEHzWj8zG/bzC71WmwhZbx4+1cK83HYS9pJhzbO+5tbOK75GwJscXAhXKDzzNBmTW2Y3U=,iv:qozD5Z2uiI5vFApsRVkjiXLOPATs3VV0PDk5szX+mrc=,tag:WpM+Ab9U2q9GR0qvyMZO8w==,type:str] + lastmodified: "2026-01-20T05:40:32Z" + mac: ENC[AES256_GCM,data:2UM15E3aYMunypx6THZTwHdedmUWYKQGgPEqMmT1D/CkWcCmau0Yk2nhALjcXWLuODlkedrjm6tYSPg7Yv/eZUnUwfI9reBAfoGBbJLCIoAloomzzm21xDvIJOco9xyHPKwT4buYYA/mylJvrSi07G0qRM6tINQjhEvVsDIbFR0=,iv:lPo3U/eCSZx6MmqvoTUpk+u6E+fFgED4eq0EF/jk/hs=,tag:b8XyedLJ706LplFF/VafAg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/utility/davinci-resolve.nix b/system/dev/dn-pre7780/utility/davinci-resolve.nix index 6b95868..bf8d6c2 100755 --- a/system/dev/dn-pre7780/utility/davinci-resolve.nix +++ b/system/dev/dn-pre7780/utility/davinci-resolve.nix @@ -1,5 +1,5 @@ { imports = [ - ../../../modules/davinci-resolve.nix + # ../../../modules/davinci-resolve.nix ]; } diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 0040b7b..53ad4f3 100755 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -1,9 +1,11 @@ { hostname }: { pkgs, + config, ... }: let + inherit (config.networking) domain; username = "danny"; in { @@ -17,7 +19,7 @@ in "maps.rspamd.com" "cdn-hub.crowdsec.net" "api.crowdsec.net" - "mx1.dnywe.com" + "mx1.${domain}" ]; allowedIPs = [ "127.0.0.1" @@ -58,4 +60,16 @@ in environment.systemPackages = with pkgs; [ openssl ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" + ]; + + "${username}".openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn" + ]; + }; } diff --git a/system/dev/dn-server/network/nginx.nix b/system/dev/dn-server/network/nginx.nix index 733924b..05a9d18 100755 --- a/system/dev/dn-server/network/nginx.nix +++ b/system/dev/dn-server/network/nginx.nix @@ -2,22 +2,12 @@ config, ... }: +let + inherit (config.networking) domain; + + gcpIP = "10.10.0.1"; +in { - security.acme = { - acceptTerms = true; - defaults = { - validMinDays = 2; - server = "https://10.0.0.1:${toString config.services.step-ca.port}/acme/acme/directory"; - renewInterval = "daily"; - email = "danny@net.dn"; - dnsProvider = "pdns"; - dnsPropagationCheck = false; - environmentFile = config.sops.secrets."acme/env".path; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - services.nginx = { enable = true; enableReload = true; @@ -26,44 +16,10 @@ recommendedTlsSettings = true; recommendedProxySettings = true; - virtualHosts = { - "files.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - root = "/var/www/files"; - locations."/" = { - extraConfig = '' - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - ''; - }; - - extraConfig = '' - types { - image/png png; - image/jpeg jpg jpeg; - image/gif gif; - } - ''; - }; - - "webcam.net.dn" = { - enableACME = true; - forceSSL = true; - - locations."/ws/" = { - proxyPass = "http://10.0.0.130:8080/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - - locations."/".proxyPass = "http://10.0.0.130:8001/phone.html"; - }; + virtualHosts."manage.stalwart.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://${gcpIP}:8081"; }; }; } diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index f67a42d..4ebcb40 100755 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -6,11 +6,12 @@ }: let inherit (builtins) concatStringsSep; - inherit (config.systemConf) username security; + inherit (config.systemConf) security domain; inherit (lib) mkForce optionalString; inherit (helper.nftables) mkElementsStatement; netbirdCfg = config.services.netbird; + netbirdRange = "100.64.0.0/16"; ethInterface = "enp0s31f6"; sshPorts = [ 30072 ]; @@ -35,7 +36,7 @@ let allowedSSHIPs = concatStringsSep ", " [ "122.117.215.55" "192.168.100.1/24" - "100.64.0.0/16" + netbirdRange personal.range ]; @@ -173,8 +174,6 @@ in "10.0.0.0/24" ]; - services.resolved.enable = mkForce false; - networking = { nat = { enable = true; @@ -189,12 +188,10 @@ in allowedUDPPorts = [ 53 personal.port - 25565 5359 ]; allowedTCPPorts = sshPorts ++ [ 53 - 25565 5359 ]; }; @@ -233,15 +230,18 @@ in ct state vmap { invalid : drop, established : accept, related : accept } + # Allow Incoming DNS qeury udp dport 53 accept tcp dport 53 accept tcp dport { ${sshPortsString} } jump ssh-filter + # Allow Netbird UDP + udp dport { ${toString netbirdCfg.clients.wt0.port} } accept + iifname ${netbirdCfg.clients.wt0.interface} accept iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port} } accept iifname ${infra.interface} ip saddr ${infra.range} accept iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet - iifname ${netbirdCfg.clients.wt0.interface} accept drop } @@ -258,7 +258,7 @@ in # Allow UDP hole punching ${optionalString ( netbirdCfg.clients ? wt0 - ) ''udp sport ${toString netbirdCfg.clients.wt0.port} accept''} + ) "udp sport ${toString netbirdCfg.clients.wt0.port} accept"} meta skuid ${toString config.users.users.systemd-timesync.uid} accept @@ -281,6 +281,8 @@ in meta l4proto { icmp, ipv6-icmp } accept + ct state vmap { invalid : drop, established : accept, related : accept } + iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet iifname ${infra.interface} ip saddr ${infra.ip} accept @@ -309,7 +311,7 @@ in ips = [ personal.ip ]; listenPort = personal.port; privateKeyFile = config.sops.secrets."wireguard/privateKey".path; - peers = builtins.map (r: { + peers = map (r: { inherit (r) publicKey allowedIPs; }) (fullRoute ++ meshRoute); }; @@ -321,27 +323,6 @@ in dbus.enable = true; blueman.enable = true; - postgresql = { - enable = lib.mkDefault true; - authentication = '' - host powerdnsadmin powerdnsadmin 127.0.0.1/32 trust - ''; - ensureUsers = [ - { - name = "powerdnsadmin"; - ensureDBOwnership = true; - } - { - name = "pdns"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - "powerdnsadmin" - "pdns" - ]; - }; - openssh = { enable = true; ports = mkForce sshPorts; @@ -352,106 +333,12 @@ in }; }; - powerdns = { - enable = true; - extraConfig = '' - launch=gpgsql - loglevel=6 - webserver-password=$WEB_PASSWORD - api=yes - api-key=$WEB_PASSWORD - gpgsql-host=/var/run/postgresql - gpgsql-dbname=pdns - gpgsql-user=pdns - gpgsql-dnssec=yes - webserver=yes - webserver-port=8081 - local-port=5359 - dnsupdate=yes - primary=yes - secondary=no - allow-dnsupdate-from=10.0.0.0/24 - allow-axfr-ips=10.0.0.0/24 - also-notify=10.0.0.148:53 - ''; - secretFile = config.sops.secrets.powerdns.path; - }; - - pdns-recursor = { - enable = true; - forwardZones = { - "dn." = "127.0.0.1:5359"; - }; - forwardZonesRecurse = { - # ==== Rspamd DNS ==== # - "multi.uribl.com." = "168.95.1.1"; - "score.senderscore.com." = "168.95.1.1"; - "list.dnswl.org." = "168.95.1.1"; - "dwl.dnswl.org." = "168.95.1.1"; - - # ==== Others ==== # - "tw." = "168.95.1.1"; - "." = "8.8.8.8"; - }; - dnssecValidation = "off"; - dns.allowFrom = [ - "127.0.0.0/8" - "10.0.0.0/24" - "192.168.100.0/24" - ]; - dns.port = 5300; - yaml-settings = { - webservice.webserver = true; - recordcache.max_negative_ttl = 60; - }; - }; - - dnsdist = { - enable = true; - extraConfig = '' - newServer("127.0.0.1:${toString config.services.pdns-recursor.dns.port}") - addDOHLocal("0.0.0.0:8053", nil, nil, "/", { reusePort = true }) - getPool(""):setCache(newPacketCache(65535, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})) - ''; - }; - - powerdns-admin = { - enable = true; - secretKeyFile = config.sops.secrets."powerdns-admin/secret".path; - saltFile = config.sops.secrets."powerdns-admin/salt".path; - config = - # python - '' - import cachelib - BIND_ADDRESS = "127.0.0.1" - PORT = 8081 - SESSION_TYPE = 'cachelib' - SESSION_CACHELIB = cachelib.simple.SimpleCache() - SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=localhost' - ''; - }; - xserver = { enable = false; xkb.layout = "us"; }; }; - systemd.services.pdns-recursor.before = [ "acme-setup.service" ]; - systemd.services.pdns.before = [ "acme-setup.service" ]; - - users.users = { - root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" - ]; - - "${username}".openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn" - ]; - }; - systemConf.security = { allowedDomains = [ "registry-1.docker.io" @@ -466,52 +353,19 @@ in image = "louislam/uptime-kuma:2"; volumes = [ "/var/lib/uptime-kuma:/app/data" - "${config.security.pki.caBundle}:/etc/ca.crt:ro" ]; - environment = { - NODE_EXTRA_CA_CERTS = "/etc/ca.crt"; - }; }; }; }; }; - systemd.services.raspamd-trainer = { + systemd.services.rspamd-trainer = { after = [ "pdns-recursor.service" ]; }; - services.nginx.virtualHosts = { - "dns.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/dns-query" = { - extraConfig = '' - grpc_pass grpc://127.0.0.1:${toString 8053}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - ''; - }; - }; - "powerdns.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/api".proxyPass = "http://127.0.0.1:8081"; - locations."/".proxyPass = "http://127.0.0.1:8000"; - }; - "uptime.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:3001"; - }; + services.nginx.virtualHosts."uptime.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:3001"; }; - - nix.settings.trusted-users = [ - username - ]; } diff --git a/system/dev/dn-server/network/step-ca.nix b/system/dev/dn-server/network/step-ca.nix index 8ac7ced..c126215 100755 --- a/system/dev/dn-server/network/step-ca.nix +++ b/system/dev/dn-server/network/step-ca.nix @@ -1,4 +1,7 @@ { pkgs, config, ... }: +let + inherit (config.networking) domain; +in { environment.systemPackages = with pkgs; [ step-cli ]; @@ -57,7 +60,7 @@ Bq-3sY8n13Dv0E6yx2hVIAlzLj3aE29LC4A2j81vW5MtpaM27lMpg.cwlqZ-8l1iZNeeS9.idRpRJ9zB }; dnsNames = [ "10.0.0.1" - "ca.net.dn" + "ca.${domain}" ]; federatedRoots = null; insecureAddress = ""; @@ -81,8 +84,8 @@ Bq-3sY8n13Dv0E6yx2hVIAlzLj3aE29LC4A2j81vW5MtpaM27lMpg.cwlqZ-8l1iZNeeS9.idRpRJ9zB intermediatePasswordFile = config.sops.secrets."step_ca/password".path; }; - services.nginx.virtualHosts."ca.net.dn" = { - enableACME = true; + services.nginx.virtualHosts."ca.${domain}" = { + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "https://10.0.0.1:8443/"; diff --git a/system/dev/dn-server/services/acme.nix b/system/dev/dn-server/services/acme.nix new file mode 100644 index 0000000..76d7980 --- /dev/null +++ b/system/dev/dn-server/services/acme.nix @@ -0,0 +1,59 @@ +{ + config, + pkgs, + ... +}: +let + inherit (config.sops) secrets; +in +{ + users.users.nginx.extraGroups = [ "acme" ]; + + sops.secrets = { + "acme/pdns" = { + mode = "0660"; + owner = "acme"; + group = "acme"; + }; + + "acme/cloudflare" = { + mode = "0640"; + }; + }; + + systemConf.security.allowedDomains = [ + "acme-v02.api.letsencrypt.org" + "api.cloudflare.com" + ]; + + security.acme = { + acceptTerms = true; + defaults = { + server = "https://10.0.0.1:${toString config.services.step-ca.port}/acme/acme/directory"; + validMinDays = 2; + renewInterval = "daily"; + email = "danny@net.dn"; + dnsProvider = "pdns"; + dnsPropagationCheck = false; + environmentFile = secrets."acme/pdns".path; + }; + + certs."dnywe.com" = { + domain = "*.dnywe.com"; + extraDomainNames = [ + "*.stalwart.dnywe.com" + ]; + server = "https://acme-v02.api.letsencrypt.org/directory"; + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1:53"; + email = "postmaster@dnywe.com"; + dnsPropagationCheck = true; + environmentFile = pkgs.writeText "lego-config" '' + LEGO_CA_CERTIFICATES=${config.security.pki.caBundle} + ''; + credentialFiles = { + "CLOUDFLARE_DNS_API_TOKEN_FILE" = secrets."acme/cloudflare".path; + }; + }; + }; +} diff --git a/system/dev/dn-server/services/actual-budget.nix b/system/dev/dn-server/services/actual-budget.nix index 1bf255f..7ba8a37 100755 --- a/system/dev/dn-server/services/actual-budget.nix +++ b/system/dev/dn-server/services/actual-budget.nix @@ -1,7 +1,37 @@ +{ config, ... }: +let + inherit (config.networking) domain; + inherit (config.sops) secrets; + + hostname = "actual.${domain}"; + oidcURL = "https://${config.services.keycloak.settings.hostname}/realms/master"; +in { + sops.secrets."actual/clientSecret" = { + owner = "actual"; + group = "actual"; + mode = "640"; + }; + imports = [ (import ../../../modules/actual { - fqdn = "actual.net.dn"; + fqdn = hostname; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; + + services.actual.settings = { + loginMethod = "openid"; + allowedLoginMethods = [ "openid" ]; + openId = { + discoveryURL = "${oidcURL}/.well-known/openid-configuration"; + client_id = "actual"; + client_secret._secret = secrets."actual/clientSecret".path; + server_hostname = "https://${hostname}"; + authMethod = "openid"; + }; + }; } diff --git a/system/dev/dn-server/services/bitwarden.nix b/system/dev/dn-server/services/bitwarden.nix index 6710ae0..9319023 100755 --- a/system/dev/dn-server/services/bitwarden.nix +++ b/system/dev/dn-server/services/bitwarden.nix @@ -1,7 +1,16 @@ +{ config, ... }: +let + inherit (config.networking) domain; + hostname = "bitwarden.${domain}"; +in { imports = [ (import ../../../modules/vaultwarden.nix { - domain = "bitwarden.net.dn"; + domain = hostname; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; } diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix index d427c8c..fb46780 100755 --- a/system/dev/dn-server/services/default.nix +++ b/system/dev/dn-server/services/default.nix @@ -12,10 +12,8 @@ ./keycloak.nix ./netbird.nix ./hideTTY.nix - # (import ../../../modules/opencloud.nix { - # fqdn = "opencloud.net.dn"; - # envFile = config.sops.secrets."opencloud".path; - # }) - (import ./ntfy.nix { fqdn = "ntfy.net.dn"; }) + ./dns.nix + ./acme.nix + ./ntfy.nix ]; } diff --git a/system/dev/dn-server/services/dns.nix b/system/dev/dn-server/services/dns.nix new file mode 100644 index 0000000..2b499c6 --- /dev/null +++ b/system/dev/dn-server/services/dns.nix @@ -0,0 +1,164 @@ +{ config, lib, ... }: +let + inherit (builtins) listToAttrs; + inherit (lib) nameValuePair mkForce; + inherit (config.sops) secrets; + inherit (config.networking) domain; + + splitDNS = listToAttrs ( + map (x: nameValuePair x "127.0.0.1:5359") [ + "${domain}." + ] + ); +in +{ + services.resolved.enable = mkForce false; + + sops.secrets = { + "powerdns-admin/secret" = { + mode = "0660"; + owner = "powerdnsadmin"; + group = "powerdnsadmin"; + }; + "powerdns-admin/salt" = { + mode = "0660"; + owner = "powerdnsadmin"; + group = "powerdnsadmin"; + }; + powerdns = { + mode = "0660"; + owner = "pdns"; + group = "pdns"; + }; + }; + + services.postgresql = { + enable = true; + authentication = '' + host powerdnsadmin powerdnsadmin 127.0.0.1/32 trust + ''; + ensureUsers = [ + { + name = "powerdnsadmin"; + ensureDBOwnership = true; + } + { + name = "pdns"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ + "powerdnsadmin" + "pdns" + ]; + }; + + services.powerdns = { + enable = true; + extraConfig = '' + launch=gpgsql + loglevel=6 + webserver-password=$WEB_PASSWORD + api=yes + api-key=$WEB_PASSWORD + gpgsql-host=/var/run/postgresql + gpgsql-dbname=pdns + gpgsql-user=pdns + gpgsql-dnssec=yes + webserver=yes + webserver-port=8081 + local-port=5359 + dnsupdate=yes + primary=yes + secondary=no + allow-dnsupdate-from=10.0.0.0/24 + allow-axfr-ips=10.0.0.0/24 + also-notify=10.0.0.148:53 + ''; + secretFile = secrets.powerdns.path; + }; + + services.pdns-recursor = { + enable = true; + forwardZones = { + "dn." = "127.0.0.1:5359"; + } + // splitDNS; + forwardZonesRecurse = { + # ==== Rspamd DNS ==== # + "multi.uribl.com." = "168.95.1.1"; + "score.senderscore.com." = "168.95.1.1"; + "list.dnswl.org." = "168.95.1.1"; + "dwl.dnswl.org." = "168.95.1.1"; + + # ==== Others ==== # + "tw." = "168.95.1.1"; + "." = "1.1.1.1"; + }; + dnssecValidation = "off"; + dns.allowFrom = [ + "127.0.0.0/8" + "10.0.0.0/24" + "192.168.100.0/24" + ]; + dns.port = 5300; + yaml-settings = { + webservice.webserver = true; + recordcache.max_negative_ttl = 60; + }; + }; + + services.dnsdist = { + enable = true; + extraConfig = '' + newServer("127.0.0.1:${toString config.services.pdns-recursor.dns.port}") + addDOHLocal("0.0.0.0:8053", nil, nil, "/", { reusePort = true }) + getPool(""):setCache(newPacketCache(65535, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})) + ''; + }; + + services.powerdns-admin = { + enable = true; + secretKeyFile = config.sops.secrets."powerdns-admin/secret".path; + saltFile = config.sops.secrets."powerdns-admin/salt".path; + config = + # python + '' + import cachelib + BIND_ADDRESS = "127.0.0.1" + PORT = 8081 + SESSION_TYPE = 'cachelib' + SESSION_CACHELIB = cachelib.simple.SimpleCache() + SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=localhost' + ''; + }; + + services.nginx.virtualHosts = { + "dns.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/dns-query" = { + extraConfig = '' + grpc_pass grpc://127.0.0.1:${toString 8053}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + ''; + }; + }; + "powerdns.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/api".proxyPass = "http://127.0.0.1:8081"; + locations."/".proxyPass = "http://127.0.0.1:8000"; + }; + }; + + systemd.services.pdns-recursor.before = [ "acme-setup.service" ]; + systemd.services.pdns.before = [ "acme-setup.service" ]; +} diff --git a/system/dev/dn-server/services/forgejo.nix b/system/dev/dn-server/services/forgejo.nix index 902307b..495b700 100755 --- a/system/dev/dn-server/services/forgejo.nix +++ b/system/dev/dn-server/services/forgejo.nix @@ -1,8 +1,10 @@ { lib, config, ... }: let + inherit (config.networking) domain; + cfg = config.services.forgejo; srv = cfg.settings.server; - domain = "git.dnywe.com"; + hostname = "git.${domain}"; mailServer = "mx1.net.dn"; forgejoOwner = { @@ -39,7 +41,7 @@ in settings = { server = { - DOMAIN = domain; + DOMAIN = hostname; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 32006; SSH_PORT = lib.head config.services.openssh.ports; @@ -69,4 +71,10 @@ in server.SECRET_KEY = config.sops.secrets."forgejo/server/secretKey".path; }; }; + + services.nginx.virtualHosts.${hostname} = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; + }; } diff --git a/system/dev/dn-server/services/keycloak.nix b/system/dev/dn-server/services/keycloak.nix index 210b692..2a3136c 100755 --- a/system/dev/dn-server/services/keycloak.nix +++ b/system/dev/dn-server/services/keycloak.nix @@ -2,7 +2,7 @@ { lib, config, ... }: let inherit (lib) mkForce; - domain = "dnywe.com"; + inherit (config.networking) domain; cfg = config.services.keycloak; in { @@ -12,6 +12,9 @@ in }; }; - # Disable nginx reverse proxy - services.nginx.virtualHosts."${cfg.settings.hostname}" = mkForce { }; + services.nginx.virtualHosts."${cfg.settings.hostname}" = { + useACMEHost = domain; + forceSSL = true; + enableACME = mkForce false; + }; } diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index c390a9a..2d83e7b 100755 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -46,7 +46,7 @@ in ''; webmail = { enable = true; - hostname = "mail.${domain}"; + hostname = "mail.dnywe.com"; }; keycloak = { dbSecretFile = config.sops.secrets."oauth/password".path; diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index c6b4208..c708af1 100755 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -8,7 +8,10 @@ let inherit (helper.grafana) mkDashboard; inherit (lib) optionalAttrs optional; - inherit (config.networking) hostName; + inherit (config.networking) hostName domain; + + grafanaHostname = "grafana.${domain}"; + prometheusHostname = "metrics.${domain}"; datasourceTemplate = [ { @@ -55,7 +58,7 @@ in { imports = [ (import ../../../modules/prometheus.nix { - fqdn = "metrics.net.dn"; + fqdn = prometheusHostname; selfMonitor = true; configureNginx = true; scrapes = [ @@ -108,7 +111,7 @@ in }) (import ../../../modules/grafana.nix { - domain = "grafana.net.dn"; + domain = grafanaHostname; passFile = config.sops.secrets."grafana/password".path; smtpHost = "${config.mail-server.hostname}.${config.mail-server.domain}:465"; smtpDomain = config.mail-server.domain; @@ -194,4 +197,13 @@ in }; enable = true; }; + + services.nginx.virtualHosts = { + "${grafanaHostname}" = { + useACMEHost = domain; + }; + "${prometheusHostname}" = { + useACMEHost = domain; + }; + }; } diff --git a/system/dev/dn-server/services/minecraft-server.nix b/system/dev/dn-server/services/minecraft-server.nix index 1eeb44b..d48a08e 100755 --- a/system/dev/dn-server/services/minecraft-server.nix +++ b/system/dev/dn-server/services/minecraft-server.nix @@ -1,9 +1,32 @@ -{ pkgs, ... }: +{ + pkgs, + config, + lib, + inputs, + ... +}: let - modpack = pkgs.fetchPackwizModpack { + inherit (config.sops) secrets; + inherit (inputs.nix-minecraft.lib) collectFilesAt; + + modpack-shaderRetired = pkgs.fetchPackwizModpack { url = "https://git.dnywe.com/dachxy/shader-retired-modpack/raw/branch/main/pack.toml"; packHash = "sha256-NPMS8j5NXbtbsso8R4s4lhx5L7rQJdek62G2Im3JdmM="; }; + + modpack-landscape = pkgs.fetchPackwizModpack { + url = "https://git.dnywe.com/dachxy/landscape-modpack/raw/branch/main/pack.toml"; + packHash = "sha256-mQSE4PMrOupARpEIzdzg+gOD0VQGII4MrBUyr8VevKk="; + }; + + fabricProxy = pkgs.fetchurl rec { + pname = "FabricProxy-Lite"; + version = "2.11.0"; + url = "https://cdn.modrinth.com/data/8dI2tmqs/versions/nR8AIdvx/${pname}-${version}.jar"; + hash = "sha256-68er6vbAOsYZxwHrszLeaWbG2D7fq/AkNHIMj8PQPNw="; + }; + + velocityCfg = config.services.velocity; in { systemConf.security.allowedDomains = [ @@ -13,29 +36,110 @@ in "login.microsoftonline.com" ]; + sops.secrets."velocity" = { + owner = velocityCfg.user; + }; + + sops.secrets."fabricProxy" = { + owner = "minecraft"; + }; + + services.velocity = { + enable = true; + openFirewall = true; + host = "0.0.0.0"; + port = 25565; + settings = { + motd = "<#09add3>POG, MC server!"; + player-info-forwarding-mode = "modern"; + forwarding-secret-file = "${secrets."velocity".path}"; + + servers = { + shader-retired = "127.0.0.1:30066"; + landscape = "127.0.0.1:30067"; + + try = [ + "shader-retired" + ]; + }; + + forced-hosts = { + "server.vnet.dn" = [ + "shader-retired" + ]; + "retired.mc.dnywe.com" = [ + "shader-retired" + ]; + "landscape.mc.dnywe.com" = [ + "landscape" + ]; + }; + }; + }; + services.minecraft-servers = { enable = true; eula = true; }; - services.minecraft-servers.servers.shader-retired = { - enable = true; - autoStart = true; - openFirewall = true; - package = pkgs.fabric-server; - symlinks = { - "mods" = "${modpack}/mods"; - }; - serverProperties = { + services.minecraft-servers.servers = { + shader-retired = + let + mcVersion = modpack-shaderRetired.manifest.versions.minecraft; + fabricVersion = modpack-shaderRetired.manifest.versions.fabric; + serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; + in + { + enable = true; + autoStart = true; + jvmOpts = "-Xms2144M -Xmx8240M"; + package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; + symlinks = collectFilesAt modpack-shaderRetired "mods" // { + "mods/FabricProxy-Lite.jar" = fabricProxy; + }; + files = { + "config/FabricProxy-Lite.toml" = "${secrets."fabricProxy".path}"; + }; + serverProperties = { + server-port = 30066; + difficulty = 3; + gamemode = "survival"; + max-player = 20; + motd = "Bro!!!!"; + accepts-flight = true; + accepts-transfers = true; + hardcore = false; + }; + }; - server-port = 25565; - difficulty = 3; - gamemode = "survival"; - max-player = 20; - modt = "Bro!!!!"; - accepts-flight = true; - accepts-transfers = true; - hardcore = false; - }; + landscape = + let + mcVersion = modpack-landscape.manifest.versions.minecraft; + fabricVersion = modpack-landscape.manifest.versions.fabric; + serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; + in + { + enable = true; + autoStart = true; + enableReload = true; + jvmOpts = "-Xms2144M -Xmx8240M"; + package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; + symlinks = collectFilesAt modpack-landscape "mods" // { + "mods/FabricProxy-Lite.jar" = fabricProxy; + }; + files = { + "config/FabricProxy-Lite.toml" = "${secrets."fabricProxy".path}"; + }; + serverProperties = { + server-port = 30067; + difficulty = 3; + gamemode = "survival"; + max-player = 20; + motd = "Landscape, daug!"; + accepts-flight = true; + accepts-transfers = true; + hardcore = false; + }; + }; }; } diff --git a/system/dev/dn-server/services/netbird.nix b/system/dev/dn-server/services/netbird.nix index c83978e..5323825 100755 --- a/system/dev/dn-server/services/netbird.nix +++ b/system/dev/dn-server/services/netbird.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let inherit (lib) mkForce; - domain = "dnywe.com"; + inherit (config.networking) domain; # Virtual Domain vDomain = "vnet.dn"; @@ -19,9 +19,9 @@ in }; systemConf.security.allowedDomains = [ - "login.dnywe.com" - "pkgs.netbird.io" + config.services.keycloak.settings.hostname "${srv.domain}" + "pkgs.netbird.io" ]; imports = [ @@ -71,6 +71,8 @@ in ''; services.nginx.virtualHosts."${srv.domain}" = { + useACMEHost = domain; + addSSL = true; locations."/api" = { extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index bf61e1c..a27202e 100755 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -7,10 +7,10 @@ let inherit (lib) mkIf mkDefault mkAfter; inherit (config.sops) secrets; + inherit (config.networking) domain; spreedCfg = config.services.nextcloud-spreed-signaling; nextcloudCfg = config.services.nextcloud; - turnDomain = "coturn.dnywe.com"; - domain = "net.dn"; + turnDomain = "coturn.${domain}"; in { sops.secrets = { @@ -79,7 +79,7 @@ in mail_smtpname = "nextcloud"; mail_smtpmode = "smtp"; mail_smtpauthtype = "LOGIN"; - mail_domain = "net.dn"; + mail_domain = "${domain}"; mail_smtpport = 465; mail_smtpsecure = "ssl"; mail_from_address = "nextcloud"; @@ -123,8 +123,13 @@ in }; }; + services.nginx.virtualHosts.${nextcloudCfg.hostName} = { + useACMEHost = domain; + forceSSL = true; + }; + services.nginx.virtualHosts.${spreedCfg.hostName} = { - enableACME = true; + useACMEHost = domain; forceSSL = true; }; diff --git a/system/dev/dn-server/services/ntfy.nix b/system/dev/dn-server/services/ntfy.nix index 0129915..d7c0d73 100755 --- a/system/dev/dn-server/services/ntfy.nix +++ b/system/dev/dn-server/services/ntfy.nix @@ -1,22 +1,19 @@ -{ - fqdn ? null, -}: { config, ... }: let + inherit (config.networking) domain; port = 31004; - finalFqdn = if fqdn == null then config.networking.fqdn else fqdn; + hostname = "ntfy.${domain}"; in { systemConf.security.allowedDomains = [ "ntfy.sh" - "web.push.apple.com" ]; services.ntfy-sh = { enable = true; settings = { listen-http = ":${toString port}"; - base-url = "https://${finalFqdn}"; + base-url = "https://${hostname}"; upstream-base-url = "https://ntfy.sh"; behind-proxy = true; proxy-trusted-hosts = "127.0.0.1"; @@ -30,8 +27,8 @@ in }; services.nginx.virtualHosts = { - "${finalFqdn}" = { - enableACME = true; + "${hostname}" = { + useACMEHost = domain; forceSSL = true; locations."/" = { proxyWebsockets = true; diff --git a/system/dev/dn-server/services/paperless-ngx.nix b/system/dev/dn-server/services/paperless-ngx.nix index f47aae3..20f392a 100755 --- a/system/dev/dn-server/services/paperless-ngx.nix +++ b/system/dev/dn-server/services/paperless-ngx.nix @@ -1,9 +1,18 @@ -{ config, ... }: +{ config, lib, ... }: +let + inherit (config.networking) domain; + + hostname = "paperless.${domain}"; +in { imports = [ (import ../../../modules/paperless-ngx.nix { - domain = "paperless.net.dn"; + domain = hostname; passwordFile = config.sops.secrets."paperless/adminPassword".path; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; } diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index 5cf0bc6..e37855d 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -8,6 +8,8 @@ netbird: coturn: password: ENC[AES256_GCM,data:AMWBkWLcj1EFfufl8pALpVOG0PE=,iv:sngIedZE4X8clhGIsQyiGKbdsheRbEqeU57Emz2DWJM=,tag:daRLPNrO5fq84rtieYuYYw==,type:str] wt0-setupKey: ENC[AES256_GCM,data:2KKqmcdQhkbu4Qo8rVWLwT7NdpF7iWneDGazHQlM++LdGQNr,iv:Dfryc5Ak8ueuHCT+8SxliEJqUtn695/N3iE69a5AoCQ=,tag:wCKfCOcTFZWbZs99FhF2EQ==,type:str] +actual: + clientSecret: ENC[AES256_GCM,data:1p/1ns46hrBXC80YvdBUV5BUrXxUmF5+q2YK/ENA1iQ=,iv:2ivuxwlKNy2awFkSlA946rIythd2Q5fROO8tc3HgtR4=,tag:S2dUoazTvh2hwpkSaZ/O4Q==,type:str] nextcloud: adminPassword: ENC[AES256_GCM,data:ev4Ua8JX0l0KK50SGm6xCw==,iv:OosiF0g4l1mrgndbwUOvO2YUqxWVk1hvAZY0rHU9GPE=,tag:rIr+4x/p8u94e2Ip03iX0Q==,type:str] whiteboard: ENC[AES256_GCM,data:EFrakjKTOskWBrobg/F12bdm/sM/cU4u6bUDw8TVqzmV95fNqn6n4MR+gTyKj6CG0+YLbZDHAmfsApWVH/VhDNTw3s1hkSu93Yq85ov7QEk=,iv:fYTLDOMmW+qoZVgC7fSPo+xFaytJN1gIaEcRgle+7gY=,tag:ETmXxGPsUafV3pR9cMLMXA==,type:str] @@ -19,7 +21,7 @@ nextcloud: backendsecret: ENC[AES256_GCM,data:pV5yw755RkAwHBdmfeP37/SobFZqJouWyIiRJ+Y2mk0iiVdW04vhYVsyjcI=,iv:NhkewgnyE2Dw8mQMMSq6AWo6IOWu8BlyPZvZAszyZuQ=,tag:BlZO15qZWViV8pCWIgZHZQ==,type:str] step_ca: password: ENC[AES256_GCM,data:3NtUAl344gHiXLlMl88X17Vsm/4OKFM0W8bntzbXC0U=,iv:q9cWW8xTxYQnRYohBxnPIsbVSpvkZYVpYLRVeZgmsRM=,tag:ibumK7ebPKNO/CXAS0eeRA==,type:str] -vaultwarden: ENC[AES256_GCM,data:h8GFyXRMI51DZutX60up4vXTQLNY3q0pr+BWpZ5frJHwy6PVBTYts81K0aTIIU71epT4SVR3p3e8yUdU7jXS1Tw1ol0RnPL+bBNv7JyUede9mkrP4pnozmuCQqOdlHCaUvYyIoWFPrLiz/drXX7gJvWh6zYTTFn9mQ3wQE9J6rxoLzbMyS6raSn2O8Ke+YM0VRXYgVvsyEL3Aa0wV3qO5NDCZ67rZp4TG5U8tOrziw0gnKU3eBCuNyL/uU/7ySvfdxwv631vEi24+dxN+Kx6rlaJpJIywx9xxxoRhOz5TrHzptqRMWpg2GZL5qdVXiUxqYLgC3s7Ri0P2BwOslteO6Z6NXk0HSravbpz3sevEu+bRS7u2MLvL3keP48+EBsXNebnKY7nfqCoIPUQ86CIVGw5fNI+irnRR8kq6oV0MBDGXu6DgmzKV7crFp65zzVSqfFOntVYSqgtQnnM1CmkuGJD,iv:51zbASyFgprzYCMswiEM81p8C0kFhSc28VavCHqRsF0=,tag:LvcY2DbeA71/PXEnjph3dw==,type:str] +vaultwarden: ENC[AES256_GCM,data:unu2+istP/NHcns2HUvNYveGElAEDFI+6X/KXYu2hKvY9c57PhmGVEmwlNhMWjHOSLaIvF48iDKCMnFnk20Fop5S2PS8WdNQ5sAA3mhoBnYGKIVsSsjpAqdIKj5c+AozeFODuIrCPRFm1JbOlgcmniwWNwbKtXt8GrgHzBbFUNX00npOwK9NmZOTxPVCj6gs3purULbsTzxDYZKdtqoM0Rv8E+MM/SLTR3QJnTCi7CxWfqy2tSsNzFh4puyZ0xf03m/fMP2iJqwZKjr0G5DwMl8ng0XvnojUcAg3OO34T7VCR1E6unqOpt8Mxc4l5eDVZEp6euchLB1GHP1OaElLCGvlp16xFKQyu+XtuFKxDrgl+AjVXl/rdl8Sk7fa9x6VzYbbJIR5Nzrwb+x9sJIc0Q5u6MroVsfawUzNH3aWkBCxQ0jGqkWyAZyumOuLxODpYETUCxiaBW6unEYSABibY5Q=,iv:5T/N41eLnPThRs1nwFiqMqyd6+RMWkDz6N4yVuAojH0=,tag:1gyxAtpZw/uhPWOoioFqKw==,type:str] ldap: password: ENC[AES256_GCM,data:gz5WBopSffGyvJxKDPekPQ==,iv:bX7N9/oNMhtE/KbPah2ge4s87P2VsxHGoFkOyl83dxs=,tag:YoTe6NPAJgp/0nvhHC9Y5A==,type:str] env: ENC[AES256_GCM,data:68EvTHeBqtCVfde5oO+Wzny+l/YIMWQmbcNQ0Wl59EjMrSlJM0rmFm2lMJpxKzCN2cFs0N2z6zG1/eQ9t/SxxyVBrNA6ECnCZrerIo2YGlaT30tc1rffpd8TchMH1VKP5qHnbLUqORMx5z0LR4U49l2HVcHgSCjt/1f127oMi411vIU=,iv:+m1F0CBaoJGv6Z1u+h6rbsXGPUhxgHouTalj13ccJiY=,tag:I/hK65yPaIcgHEZVaXJHBA==,type:str] @@ -33,7 +35,8 @@ powerdns: ENC[AES256_GCM,data:d4qzUAjyHUxLynvP6vSxCzrihfb/X3KYHeRA/w+CButld7ulxL rspamd-trainer: ENC[AES256_GCM,data:EqWVADi7zr6AUZL5mlN1/xbpjuRIS3Zn,iv:M/xk7LywcRiKQM9LrnTnCKu3OS/YBf23CRkxh4ll1+c=,tag:4lH3hhMxWIzEUExJOt/41Q==,type:str] rspamd: ENC[AES256_GCM,data:qEXHXdcvk24pAHEl6MI=,iv:L5tmoTu5Qk5sxDj3EmWfc39AHwRTT4T4gB1O2EsTQkY=,tag:vIhAOnEpWxtP0eU4stkQww==,type:str] acme: - env: ENC[AES256_GCM,data:DQaHr13K3faeyQk/05sVmmZRNvEbjmMP8y3nES1vyFO+oNX9nyyWcy5YEAO5tjRTxi/yM1ISlhbXWct4iRwAkvnhtoFRK/jpAfDv+W3J1LotaRxiPWSXUs5lS7uS0DpveRwQVv6qEl3Cs8vitHAJfRCKJoYv5HTJyvOnoWqHbnk=,iv:co3V0vu2c26NKHuoNoRv7td8qu6m0NTlvkr3EJBQGvM=,tag:leTY/DGg85Pm8gsAHah29Q==,type:str] + pdns: ENC[AES256_GCM,data:pQbUDyKCRz36CAI1UhxLnsgDmQ1Hhfv6iqA8R3YBdWXHHXIHMXz2ujVz+/fPCEnbLuMevAzT2L5Pejm0q38FQitcbRNngueymOWX2Iq/T1GP+t/Yhfy/r24dubgX5sH6USl2du2MmIwxa5VwBpjoTi3+CjqalV2sp8+HYwXWNKQ=,iv:8sX4R5xgdlq8EyDEUcvoROs21h2pAH1C3TpDw4I2WLs=,tag:aQhuoldv4fRz2+NmHfCWNQ==,type:str] + cloudflare: ENC[AES256_GCM,data:JwIL00LMPQeIxesD5umO5iBkIFFBZek9iHw76BT4/km3UX+nUn+wcw==,iv:wJIW869+BY+w9ynL4jF40mSrXpClVW9HGnOwTaKIT/k=,tag:c/NK+RzwNfvB+jh6vliM0g==,type:str] postsrsd: secret: ENC[AES256_GCM,data:JZNwSymEjIFb8h3gnvFajxSaNYRxjA/NUruA4WX+uSqX0ufVcbVWgxQTr7U=,iv:ydGnCESCLbwyGKc+5witXDkT3OgW27LKen7PkqUL6mU=,tag:M3RGI6LgU5n2e6ZiXxTFfQ==,type:str] grafana: @@ -60,6 +63,8 @@ forgejo: secretKey: ENC[AES256_GCM,data:DShv0oGdrHi40OMGz6/8XsiNY7nFcdJswBXucP9t7JQtgj9wk8Wr2mn17rfzkjNXTRletI60OPGPz2c57xOnTA==,iv:9TVma4i167123hyVA4yMAGsc9074+Yd4qggL7PkhUKg=,tag:/ELp01jK7of78Kyn+aOcMA==,type:str] mailer: password: ENC[AES256_GCM,data:dcIotYpgtdFLcunAB3ttlczzQ68=,iv:vH3rckAfntFAEtH3dolF7NCAdj142cAzre56x7oBdDA=,tag:TaxRn8g/TVloM60D6Ud0Jg==,type:str] +velocity: ENC[AES256_GCM,data:PYGSXfivm7OyKhBMKPOVDs+efpcb0hhwCAxlT05pM+kg9t0lH4TEMuxBXFRs80LUiQx+CYXyw8UvBkkKwPEc,iv:PppenjXIQ+eirCor3PxT16r2S7wO8bww5v/RyjQh9MI=,tag:Dc3BzmyQcTwYsvWShQ/JqQ==,type:str] +fabricProxy: ENC[AES256_GCM,data:srGYmqHgfkxAKKSjy9uGX1mQpE3N0rXb06MYiycbYESj/sZu/vjsPspvUdzTHHb9zkF5SWLWkmP6llIpimkss/dm7A1pGlagin3+,iv:yoWQdWeP9UjoRO5rJ9FQGbBu3iypIdXGrSDqBfFhw6w=,tag:+d/Tp/m3vENZAXJyHOMJEA==,type:str] sops: age: - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 @@ -89,7 +94,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-09T04:59:21Z" - mac: ENC[AES256_GCM,data:NIHLAoNatyAhKHwCNdRGMR8+rUv00y/ssoGSQlq9/QayYt/GATfelgNwcqksSWf/db5v+Jz92bbk3RT9SKeoMWRxjm+8xzARbjhHGrzxAeLoerGPjQpEpkYYWbFC2ihSODrE+ar3HskAkQmVxmiGKEtYSg3+X2hiEy6ydZkP5Ps=,iv:mAyO820PpeG6NWQlmQf+l9MLIL4OTGJXCBSqYbmozZk=,tag:+Bex5hyAGBXiFoqxqVtaqg==,type:str] + lastmodified: "2026-01-19T10:14:12Z" + mac: ENC[AES256_GCM,data:d9OAnjstk72GOnKqyDw2qbNfZho0mdqAMSQ4xH903b1COmgIn4MsqWiCzDJ5k6RxLE4wfCAPvn8JA+cXiox6/xctqfyqLoWN4fp2Q40IHjbA3mQGalwywRgmga74PVe3gJPZ7H8PJncN0TdU29A/lGcUtjCkAqjBuFS4e7wbQfA=,iv:e6aG+plaSDtaiqglY5S1svE/XZfs7n9dhSNCiB5pdTs=,tag:BsGItrtDVFF2kXgwE1zaFA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-server/sops/sops-conf.nix b/system/dev/dn-server/sops/sops-conf.nix index 97535c1..83fa29b 100755 --- a/system/dev/dn-server/sops/sops-conf.nix +++ b/system/dev/dn-server/sops/sops-conf.nix @@ -17,31 +17,11 @@ in mode = "0660"; group = config.users.groups.docker.name; }; - "powerdns-admin/secret" = { - mode = "0660"; - owner = "powerdnsadmin"; - group = "powerdnsadmin"; - }; - "powerdns-admin/salt" = { - mode = "0660"; - owner = "powerdnsadmin"; - group = "powerdnsadmin"; - }; - powerdns = { - mode = "0660"; - owner = "pdns"; - group = "pdns"; - }; rspamd-trainer = { }; rspamd = mkIf config.services.rspamd.enable { owner = config.services.rspamd.user; }; - "acme/env" = mkIf config.security.acme.acceptTerms { - mode = "0660"; - owner = "acme"; - group = "acme"; - }; "postsrsd/secret" = mkIf config.services.postsrsd.enable { mode = "0660"; owner = config.services.postsrsd.user; diff --git a/system/dev/public/dn/common.nix b/system/dev/public/dn/common.nix index 7b51aa2..17d9f0d 100755 --- a/system/dev/public/dn/common.nix +++ b/system/dev/public/dn/common.nix @@ -5,7 +5,7 @@ in { systemConf = { face = ../../../../home/config/.face; - domain = "net.dn"; + domain = "dnywe.com"; }; home-manager.users."${username}" = diff --git a/system/dev/public/dn/ntfy.nix b/system/dev/public/dn/ntfy.nix index 223b508..7729c82 100755 --- a/system/dev/public/dn/ntfy.nix +++ b/system/dev/public/dn/ntfy.nix @@ -1,10 +1,12 @@ { + self, config, pkgs, lib, ... }: let + serverCfg = self.nixosConfigurations.dn-server.config; inherit (config.systemConf) username; ntfyWrapper = import ../../../../home/scripts/ntfy.nix { inherit config pkgs lib; }; in @@ -30,7 +32,7 @@ in { enable = true; settings = { - default-host = "https://ntfy.net.dn"; + default-host = serverCfg.services.ntfy-sh.settings.base-url; subscribe = [ { topic = "public-notifications"; diff --git a/system/dev/skydrive-lap/home/default.nix b/system/dev/skydrive-lap/home/default.nix index b30997c..3d6d8fe 100755 --- a/system/dev/skydrive-lap/home/default.nix +++ b/system/dev/skydrive-lap/home/default.nix @@ -1,16 +1,18 @@ { + self, config, lib, pkgs, ... }: let - inherit (config.networking) hostName; + serverCfg = self.nixosConfigurations.dn-server.config; inherit (config.systemConf) username; inherit (lib) optionalString; + inherit (serverCfg.services.nextcloud) hostName; memeSelector = pkgs.callPackage ../../../../home/scripts/memeSelector.nix { - url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; + url = "https://${hostName}/public.php/dav/files/pygHoPB5LxDZbeY/"; }; in { diff --git a/system/modules/actual/default.nix b/system/modules/actual/default.nix index 9b00369..1154945 100755 --- a/system/modules/actual/default.nix +++ b/system/modules/actual/default.nix @@ -8,21 +8,28 @@ ... }: let - inherit (builtins) toString; inherit (lib) mkIf; finalFqdn = if fqdn != null then fqdn else config.networking.fqdn; in { + users.users.actual = { + isSystemUser = true; + group = "actual"; + }; + + users.groups.actual = { }; + services = { actual = { enable = true; + user = config.users.users.actual.name; + group = config.users.users.actual.group; settings = { port = 31000; hostname = "127.0.0.1"; serverFiles = "/var/lib/actual/server-files"; userFiles = "/var/lib/actual/user-files"; - loginMethod = "openid"; }; }; @@ -35,11 +42,21 @@ in }; services.nginx.virtualHosts."${finalFqdn}" = mkIf proxy { - enableACME = true; forceSSL = true; locations."/api/".proxyPass = "http://127.0.0.1:${toString config.services.actual-budget-api.listenPort}/"; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}"; + extraConfig = '' + proxy_hide_header Cross-Origin-Embedder-Policy; + proxy_hide_header Cross-Origin-Opener-Policy; + add_header Cross-Origin-Embedder-Policy "require-corp" always; + add_header Cross-Origin-Opener-Policy "same-origin" always; + add_header Origin-Agent-Cluster "?1" always; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + ''; + }; }; } diff --git a/system/modules/grafana.nix b/system/modules/grafana.nix index b1a247d..287b5c8 100755 --- a/system/modules/grafana.nix +++ b/system/modules/grafana.nix @@ -58,7 +58,6 @@ in // extraConf; services.nginx.virtualHosts."${domain}" = { - enableACME = true; forceSSL = true; locations."/" = { diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix index d0ea33f..1da492f 100755 --- a/system/modules/nextcloud.nix +++ b/system/modules/nextcloud.nix @@ -3,7 +3,7 @@ adminpassFile, datadir ? null, https ? true, - configureACME ? true, + configureNginx ? true, trusted-domains ? [ ], trusted-proxies ? [ ], whiteboardSecrets ? [ ], @@ -16,13 +16,6 @@ }: let inherit (lib) mkIf optionalString; - - nextcloudPkg = pkgs.nextcloud32.overrideAttrs (oldAttr: rec { - caBundle = config.security.pki.caBundle; - postPatch = '' - cp ${caBundle} resources/config/ca-bundle.crt - ''; - }); in { imports = [ @@ -86,13 +79,12 @@ in services.nextcloud = { enable = true; - package = nextcloudPkg; configureRedis = true; hostName = hostname; https = https; datadir = lib.mkIf (datadir != null) datadir; phpExtraExtensions = - all: with all; [ + allEx: with allEx; [ imagick ]; @@ -153,9 +145,7 @@ in secrets = whiteboardSecrets; }; - services.nginx.virtualHosts.${hostname} = mkIf configureACME { - enableACME = true; - forceSSL = true; + services.nginx.virtualHosts.${hostname} = mkIf configureNginx { locations."/whiteboard/" = { proxyWebsockets = true; proxyPass = "http://127.0.0.1:${config.services.nextcloud-whiteboard-server.settings.PORT}/"; diff --git a/system/modules/niri.nix b/system/modules/niri.nix index bda7c54..f243c28 100755 --- a/system/modules/niri.nix +++ b/system/modules/niri.nix @@ -73,7 +73,7 @@ in extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; }; - services.nfsm.enable = false; + services.nfsm.enable = true; programs.niri.package = osConfig.programs.niri.package; programs.niri.settings = { @@ -154,6 +154,7 @@ in matches = [ { app-id = "^xdg-desktop-portal-gtk$"; } { app-id = "^(org.gnome.Nautilus)$"; } + { app-id = "^(org.gnome.Loupe)$"; } ]; open-floating = true; } @@ -177,9 +178,9 @@ in in { # ==== Launch ==== # - "Mod+Return".action = sh ''${prefix} ${terminal}''; - "Mod+F".action = sh ''${browser}''; - "Mod+E".action = sh ''${prefix} ${terminal} -e yazi''; + "Mod+Return".action = sh "${prefix} ${terminal}"; + "Mod+F".action = sh "${browser}"; + "Mod+E".action = sh "${prefix} ${terminal} -e yazi"; "Mod+Ctrl+P".action = spawn "${rbwSelector}"; "Mod+Ctrl+M".action = spawn "${toggleWlogout}"; @@ -198,9 +199,9 @@ in "XF86AudioStop".action = spawn "playerctl" "stop"; "XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_SINK@" "toggle"; "XF86AudioRaiseVolume".action = - sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+''; + sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+"; "XF86AudioLowerVolume".action = - sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-''; + sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-"; "XF86MonBrightnessDown".action = spawn "brightnessctl set ${brightnessStep}%-"; "XF86MonBrightnessUp".action = spawn "brightnessctl set ${brightnessStep}%+"; diff --git a/system/modules/nixsettings.nix b/system/modules/nixsettings.nix index 2849e21..e4a924c 100755 --- a/system/modules/nixsettings.nix +++ b/system/modules/nixsettings.nix @@ -1,4 +1,7 @@ -{ inputs, ... }: +{ config, inputs, ... }: +let + inherit (config.systemConf) username; +in { documentation.nixos.enable = false; nix = { @@ -14,6 +17,7 @@ warn-dirty = false; trusted-users = [ "@wheel" + username ]; experimental-features = [ "nix-command" diff --git a/system/modules/paperless-ngx.nix b/system/modules/paperless-ngx.nix index 45ab185..1a12429 100755 --- a/system/modules/paperless-ngx.nix +++ b/system/modules/paperless-ngx.nix @@ -29,7 +29,6 @@ in }; services.nginx.virtualHosts."${domain}" = mkIf configureNginx { - enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; }; diff --git a/system/modules/prometheus.nix b/system/modules/prometheus.nix index de09bc6..40bb793 100755 --- a/system/modules/prometheus.nix +++ b/system/modules/prometheus.nix @@ -7,12 +7,10 @@ { config, lib, - pkgs, ... }: let inherit (lib) mkIf optionalAttrs; - inherit (builtins) toString; in { services.prometheus.exporters.node = mkIf selfMonitor { @@ -43,7 +41,6 @@ in }; services.nginx.virtualHosts."${fqdn}" = mkIf configureNginx { - enableACME = true; forceSSL = true; locations."/" = { diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix index 158f04c..1481c86 100755 --- a/system/modules/shells/noctalia/bar.nix +++ b/system/modules/shells/noctalia/bar.nix @@ -1,6 +1,10 @@ +{ lib }: +let + inherit (lib) mkForce; +in { - backgroundOpacity = 0.25; - capsuleOpacity = 0; + backgroundOpacity = mkForce 0.25; + capsuleOpacity = mkForce 0; density = "comfortable"; exclusive = true; floating = true; diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index c5079a5..91c24dd 100755 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -2,7 +2,8 @@ let inherit (config.systemConf) username; - inherit (lib) mkForce mapAttrs; + inherit (builtins) mapAttrs; + inherit (lib) mkForce; in { @@ -57,7 +58,7 @@ in volumeOverdrive = false; volumeStep = 5; }; - bar = import ./bar.nix; + bar = import ./bar.nix { inherit lib; }; brightness = { brightnessStep = 5; enableDdcSupport = false; @@ -98,7 +99,7 @@ in }; controlCenter = import ./controlCenter.nix; dock = { - backgroundOpacity = 1; + backgroundOpacity = 1.0; colorizeIcons = false; displayMode = "auto_hide"; enabled = false; @@ -162,7 +163,7 @@ in manualSunset = "18:30"; }; notifications = { - backgroundOpacity = 1; + backgroundOpacity = 1.0; criticalUrgencyDuration = 15; enableKeyboardLayoutToast = true; enabled = true; @@ -176,7 +177,7 @@ in }; osd = { autoHideMs = 1500; - backgroundOpacity = 1; + backgroundOpacity = 1.0; enabled = true; enabledTypes = [ 0 @@ -207,7 +208,7 @@ in fontDefaultScale = 1; fontFixed = config.stylix.fonts.monospace.name; fontFixedScale = 1; - panelBackgroundOpacity = 0.25; + panelBackgroundOpacity = mkForce 0.25; panelsAttachedToBar = true; settingsPanelAttachToBar = true; tooltipsEnabled = true; diff --git a/system/modules/systemd-resolv.nix b/system/modules/systemd-resolv.nix index 28018c6..eda633a 100755 --- a/system/modules/systemd-resolv.nix +++ b/system/modules/systemd-resolv.nix @@ -7,11 +7,9 @@ services.resolved = { enable = true; - llmnr = "false"; - fallbackDns = [ - "1.1.1.1#one.one.one.one" - "1.0.0.1#one.one.one.one" - ]; - domains = [ "~." ]; + settings.Resolve = { + LLMNR = false; + Domains = [ "~." ]; + }; }; } diff --git a/system/modules/vaultwarden.nix b/system/modules/vaultwarden.nix index ee251a5..f2e274d 100755 --- a/system/modules/vaultwarden.nix +++ b/system/modules/vaultwarden.nix @@ -26,8 +26,8 @@ in environmentFile = secrets.vaultwarden.path; config = { DOMAIN = "https://${domain}"; - SIGNUPS_ALLOWED = true; - SIGNUPS_VERIFY = true; + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = false; ROCKET_PORT = 8222; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; @@ -42,7 +42,6 @@ in }; services.nginx.virtualHosts.${domain} = { - enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.config.ROCKET_PORT}/";