dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update: system update & refactor

Browse source 
# Breaking Changes
- sops location movod to "system/dev/<dev-name>/sops/sops-conf.nix"
- flake devices declaration changes
- whole flake update
This commit is contained in:
danny 2025-10-14 16:49:03 +08:00
parent 321f740af0
commit 6a71b601f5
116 changed files with 2576 additions and 3634 deletions
Download patch file Download diff file Expand all files Collapse all files

0
system/dev/dn-pre7780/boot.nix → system/dev/dn-pre7780/common/boot.nix
View file

7
system/dev/dn-pre7780/common/default.nix Normal file
View file

@ -0,0 +1,7 @@
{
imports = [
./boot.nix
./nvidia.nix
./hardware-configuration.nix
];
}

0
system/dev/dn-pre7780/hardware-configuration.nix → system/dev/dn-pre7780/common/hardware-configuration.nix
View file

16
system/dev/dn-pre7780/common/nvidia.nix Normal file
View file

@ -0,0 +1,16 @@
{ lib, config, ... }:
let
inherit (lib) mkForce;
in
{
imports = [
(import ../../../modules/nvidia.nix {
nvidia-mode = "offload";
intel-bus-id = "PCI:0:2:0";
nvidia-bus-id = "PCI:1:0:0";
})
];
hardware.nvidia.package = mkForce config.boot.kernelPackages.nvidiaPackages.latest;
hardware.nvidia.open = mkForce true;
}

238
system/dev/dn-pre7780/default.nix
View file

@ -1,19 +1,37 @@
{ hostname }:
{
self,
inputs,
pkgs,
username,
config,
lib,
...
}:
let
inherit (lib) optionalString;
protonGEVersion = "10-15";
monitors = [
"desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271"
"desc:Acer Technologies XV272U V3 1322131231233"
];
username = "danny";
in
{
systemConf = {
inherit hostname username;
domain = "net.dn";
enableHomeManager = true;
hyprland = {
enable = true;
monitors = [
{
desc = "ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271";
output = "DP-6";
props = "2560x1440@165, 0x0, 1";
}
{
desc = "Acer Technologies XV272U V3 1322131231233";
output = "DP-5";
props = "2560x1440@180, -1440x-600, 1, transform, 1";
}
];
};
};
networking.firewall.allowedTCPPortRanges = [
{
from = 8000;
@ -25,57 +43,15 @@ in
}
];
hardware.nvidia.package = lib.mkForce config.boot.kernelPackages.nvidiaPackages.latest;
hardware.nvidia.open = lib.mkForce true;
imports = [
./boot.nix # Extra Boot Options
./sops-conf.nix # Secret
./nginx.nix
./mail.nix
# (import ./netbird.nix {
# domain = "pre7780.dn";
# coturnPassFile = config.sops.secrets."netbird/coturn/password".path;
# idpSecret = config.sops.secrets."netbird/oidc/secret".path;
# dataStoreEncryptionKey = config.sops.secrets."netbird/dataStoreKey".path;
# })
./hardware-configuration.nix
../../modules/presets/basic.nix
../../modules/sunshine.nix
# Nvidia GPU Driver
(import ../../modules/nvidia.nix {
nvidia-mode = "offload";
intel-bus-id = "PCI:0:2:0";
nvidia-bus-id = "PCI:1:0:0";
})
../../modules/gaming.nix
# ../../modules/secure-boot.nix
../../modules/virtualization.nix
../../modules/wine.nix
../../modules/wireguard.nix
../../modules/localsend.nix
(import ../../modules/airplay.nix { hostname = "pre7780"; })
(import ../../modules/rustdesk-server.nix {
relayHosts = [
"10.0.0.0/24"
"192.168.0.0/24"
];
})
(import ../../modules/nextcloud.nix {
hostname = "nextcloud.pre7780.dn";
configureACME = true;
https = true;
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
trusted = [ "nextcloud.daccc.info" ];
})
../../modules/davinci-resolve.nix
../../modules/webcam.nix
../../modules/postgresql.nix
./common
./games
./home
./services
./sops
./utility
./virtualisation
];
# Live Sync D
@ -84,151 +60,9 @@ in
ensureDatabases = [ "livesyncd" ];
};
# Power Management
services.tlp = {
enable = true;
settings = {
INTEL_GPU_MIN_FREQ_ON_AC = 500;
};
};
environment.systemPackages = with pkgs; [
rustdesk
((blender.override { cudaSupport = true; }).overrideAttrs (prev: {
postInstall = ''
sed -i 's|Exec=blender %f|Exec=/run/current-system/sw/bin/nvidia-offload blender %f|' $out/share/applications/blender.desktop
'';
}))
users.users.${username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMj/LeB3i/vca3YwGNpAjf922FgiY2svro48fUSQAjOv Shortcuts on :D"
];
services.openssh = {
settings = {
UseDns = false;
};
};
users.users = {
${username} = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMj/LeB3i/vca3YwGNpAjf922FgiY2svro48fUSQAjOv Shortcuts on :D"
];
};
};
home-manager = {
users."${username}" = {
imports = [
../../../home/presets/basic.nix
# Bitwarden client
(import ../../../home/user/bitwarden.nix {
email = "danny@net.dn";
baseUrl = "https://bitwarden.net.dn";
})
# waybar
(import ../../../home/user/waybar.nix {
settings = [
# monitor 1
{
output = "DP-6";
height = 48;
modules-left = [
"custom/os"
"hyprland/workspaces"
"clock"
"custom/cava"
"mpris"
];
modules-right = [
"wlr/taskbar"
(optionalString config.programs.gamemode.enable "custom/gamemode")
"custom/bitwarden"
"custom/airplay"
"custom/wallRand"
"custom/wireguard"
"custom/recording"
"idle_inhibitor"
"network"
"cpu"
"memory"
"pulseaudio"
"custom/swaync"
];
}
# monitor 2
{
output = "DP-5";
height = 54;
modules-left = [
"clock"
"mpris"
];
modules-right = [
"wlr/taskbar"
"temperature"
"cpu"
"memory"
"pulseaudio"
];
}
];
})
# Hyprland
(import ../../../home/user/hyprland.nix { inherit monitors; })
./hyprland.nix
# Git
(import ../../../home/user/git.nix {
inherit username;
email = "danny10132024@gmail.com";
})
# (import ../../../home/user/wallpaper-engine.nix {
# monitorIdPairs = [
# {
# monitor = "DP-6";
# id = "3050040845";
# }
# {
# monitor = "DP-5";
# id = "2665674743";
# }
# ];
# })
];
home.file = {
# CS go
".steam/steam/steamapps/common/Counter-Strike Global Offensive/game/csgo/cfg/autoexec.cfg".text = ''
fps_max "250"
# Wheel Jump
bind "mwheeldown" "+jump"
bind "mwheelup" "+jump"
bind "space" "+jump"
echo "AUTOEXEC LOADED SUCCESSFULLY!"
host_writeconfig
'';
# Proton GE
".steam/root/compatibilitytools.d/GE-Proton${protonGEVersion}" = {
source = fetchTarball {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${protonGEVersion}/GE-Proton${protonGEVersion}.tar.gz";
sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm";
};
};
".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = {
source = fetchTarball {
url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz";
sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz";
};
};
};
};
};
}

5
system/dev/dn-pre7780/expr/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./netbird.nix
];
}

1
system/dev/dn-pre7780/netbird.nix → system/dev/dn-pre7780/expr/netbird.nix
View file

@ -9,6 +9,7 @@ let
port = 51820;
in
{
services.netbird = {
server = {
enable = true;

169
system/dev/dn-pre7780/expr/vm-settings.nix Normal file
View file

@ -0,0 +1,169 @@
{
pkgs,
lib,
inputs,
system,
}:
let
vmList =
let
kubeMasterIP = "192.168.0.6";
kubeMasterHostname = "api.kube";
kubeMasterAPIServerPort = 6443;
kubeApi = "https://${kubeMasterHostname}:${toString kubeMasterAPIServerPort}";
in
{
# master
vm-1 = {
ip = "192.168.0.6";
mac = "02:00:00:00:00:01";
extraConfig = {
networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
];
services.kubernetes = {
roles = [
"master"
"node"
];
masterAddress = kubeMasterHostname;
apiserverAddress = kubeApi;
easyCerts = true;
apiserver = {
securePort = kubeMasterAPIServerPort;
advertiseAddress = kubeMasterIP;
};
addons.dns.enable = true;
};
systemd.services.link-kube-config = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.writeShellScript "link-kube-config.sh" ''
target="/etc/kubernetes/cluster-admin.kubeconfig"
if [ -e "$target" ]; then
[ ! -d "/root/.kube" ] && mkdir -p "/root/.kube"
ln -sf $target /root/.kube/config
fi
''}";
};
};
};
};
# Node
vm-2 = {
ip = "192.168.0.7";
mac = "02:00:00:00:00:02";
extraConfig = {
networking.extraHosts = "${kubeMasterIP} ${kubeMasterHostname}";
environment.systemPackages = with pkgs; [
kompose
kubectl
kubernetes
];
services.kubernetes = {
roles = [ "node" ];
masterAddress = kubeMasterHostname;
easyCerts = true;
kubelet.kubeconfig.server = kubeApi;
apiserverAddress = kubeApi;
addons.dns.enable = true;
};
};
};
};
mkMicrovm = name: value: {
hypervisor = "qemu";
vcpu = 4;
mem = 8192;
interfaces = [
{
type = "tap";
id = "${name}";
mac = value.mac;
}
];
shares = [
{
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
];
};
in
lib.mapAttrs' (
name: value:
lib.nameValuePair name (
lib.nixosSystem {
inherit system;
modules = [
inputs.microvm.nixosModules.microvm
value.extraConfig
{
microvm = mkMicrovm name value;
system.stateVersion = lib.trivial.release;
networking.hostName = name;
networking.domain = "kube";
networking.firewall.enable = false;
users.users.root.password = "";
services.getty.autologinUser = "root";
programs.fish.enable = true;
programs.bash = {
shellInit = ''
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
then
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
fi
'';
};
systemd.network.enable = true;
systemd.network.networks."20-lan" = {
matchConfig.Type = "ether";
networkConfig = {
Address = [ "${value.ip}/24" ];
Gateway = "192.168.0.1";
DNS = [ "192.168.0.1" ];
DHCP = "no";
};
};
systemd.services.br-netfilter = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "/run/current-system/sw/bin/modprobe br_netfilter";
};
};
environment.systemPackages = with pkgs; [
dig.dnsutils
openssl
fishPlugins.done
fishPlugins.fzf-fish
fishPlugins.forgit
fishPlugins.hydro
fzf
fishPlugins.grc
grc
git
];
}
];
}
)
) vmList

44
system/dev/dn-pre7780/expr/vm.nix Normal file
View file

@ -0,0 +1,44 @@
self: {
networking.useNetworkd = true;
systemd.network.enable = true;
systemd.network.networks."10-lan" = {
matchConfig.Name = [
"enp0s31f6"
"vm-*"
];
networkConfig = {
Bridge = "br0";
};
};
systemd.network.netdevs."br0" = {
netdevConfig = {
Name = "br0";
Kind = "bridge";
};
};
systemd.network.networks."10-lan-bridge" = {
matchConfig.Name = "br0";
networkConfig = {
Address = [ "192.168.0.5/24" ];
Gateway = "192.168.0.1";
DNS = [ "192.168.0.1" ];
};
linkConfig.RequiredForOnline = "routable";
};
microvm.vms = {
vm-1 = {
flake = self;
updateFlake = "git+file:///etc/nixos";
autostart = false;
};
vm-2 = {
flake = self;
updateFlake = "git+file:///etc/nixos";
autostart = false;
};
};
}

6
system/dev/dn-pre7780/games/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
../../../modules/gaming.nix
./game.nix
];
}

59
system/dev/dn-pre7780/games/game.nix Normal file
View file

@ -0,0 +1,59 @@
{
pkgs,
pkgs-stable,
config,
inputs,
...
}:
let
protonGEVersion = "10-15";
# ==== Needed for special import ==== #
shadps4-7 = pkgs.shadps4.overrideAttrs (_: rec {
version = "0.7.0";
src = pkgs.fetchFromGitHub {
owner = "shadps4-emu";
repo = "shadPS4";
rev = "v.${version}";
hash = "sha256-g55Ob74Yhnnrsv9+fNA1+uTJ0H2nyH5UT4ITHnrGKDo=";
fetchSubmodules = true;
};
});
in
{
environment.systemPackages = [
pkgs-stable.shadps4
];
home-manager = {
users."${config.systemConf.username}" = {
home.file = {
# CS go
".steam/steam/steamapps/common/Counter-Strike Global Offensive/game/csgo/cfg/autoexec.cfg".text = ''
fps_max "250"
# Wheel Jump
bind "mwheeldown" "+jump"
bind "mwheelup" "+jump"
bind "space" "+jump"
echo "AUTOEXEC LOADED SUCCESSFULLY!"
host_writeconfig
'';
# Proton GE
".steam/root/compatibilitytools.d/GE-Proton${protonGEVersion}" = {
source = fetchTarball {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${protonGEVersion}/GE-Proton${protonGEVersion}.tar.gz";
sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm";
};
};
".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = {
source = fetchTarball {
url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz";
sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz";
};
};
};
};
};
}

74
system/dev/dn-pre7780/home/default.nix Normal file
View file

@ -0,0 +1,74 @@
{ config, lib, ... }:
let
inherit (lib) optionalString;
inherit (config.systemConf) username;
in
{
home-manager.users."${username}" = {
imports = [
../../../../home/presets/basic.nix
./wm
# Bitwarden client
(import ../../../../home/user/bitwarden.nix {
email = "danny@net.dn";
baseUrl = "https://bitwarden.net.dn";
})
# waybar
(import ../../../../home/user/waybar.nix {
settings = [
# monitor 1
{
output = "DP-6";
height = 48;
modules-left = [
"custom/os"
"hyprland/workspaces"
"clock"
"custom/cava"
"mpris"
];
modules-right = [
"wlr/taskbar"
(optionalString config.programs.gamemode.enable "custom/gamemode")
"custom/bitwarden"
"custom/airplay"
"custom/wallRand"
"custom/wireguard"
"custom/recording"
"idle_inhibitor"
"network"
"cpu"
"memory"
"pulseaudio"
"custom/swaync"
];
}
# monitor 2
{
output = "DP-5";
height = 54;
modules-left = [
"clock"
"mpris"
];
modules-right = [
"wlr/taskbar"
"temperature"
"cpu"
"memory"
"pulseaudio"
];
}
];
})
# Git
(import ../../../../home/user/git.nix {
inherit username;
email = "danny10132024@gmail.com";
})
];
};
}

5
system/dev/dn-pre7780/home/wm/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./hyprland.nix
];
}

6
system/dev/dn-pre7780/hyprland.nix → system/dev/dn-pre7780/home/wm/hyprland.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
let
memeSelector = pkgs.callPackage ../../../home/scripts/memeSelector.nix {
memeSelector = pkgs.callPackage ../../../../../home/scripts/memeSelector.nix {
url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/";
};
in
@ -11,10 +11,6 @@ in
wayland.windowManager.hyprland = {
settings = {
monitor = [
''desc:ASUSTek COMPUTER INC ASUS VG32VQ1B 0x00002271, 2560x1440@165, 0x0, 1''
''desc:Acer Technologies XV272U V3 1322131231233, 2560x1440@180, -1440x-600, 1, transform, 1''
];
misc = {
vrr = 0;
};

9
system/dev/dn-pre7780/services/default.nix Normal file
View file

@ -0,0 +1,9 @@
{
imports = [
../../../modules/postgresql.nix
./mail.nix
./nginx.nix
./wireguard.nix
# ./netbird.nix
];
}

28
system/dev/dn-pre7780/mail.nix → system/dev/dn-pre7780/services/mail.nix
View file

@ -1,4 +1,7 @@
{ config, ... }:
{
config,
...
}:
let
domain = "daccc.info";
fqdn = "mx1.daccc.info";
@ -6,7 +9,7 @@ in
{
networking.firewall.allowedTCPPorts = [ 8080 ];
imports = [
(import ../../modules/stalwart.nix {
(import ../../../modules/stalwart.nix {
inherit domain;
enableNginx = false;
@ -30,9 +33,10 @@ in
};
ldapConf = {
type = "ldap";
url = "ldap://10.0.0.1:389";
url = "ldaps://ldap.net.dn";
tls.enable = true;
timeout = "30s";
base-dn = "dc=net,dc=dn";
base-dn = "ou=people,dc=net,dc=dn";
attributes = {
name = "uid";
email = "mail";
@ -44,28 +48,18 @@ in
class = "objectClass";
};
filter = {
name = "(&(objectClass=inetOrgPerson)(uid=?))";
name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)))";
email = "(&(objectClass=inetOrgPerson)(mail=?))";
};
bind = {
dn = "cn=admin,dc=net,dc=dn";
secret = "%{file:${config.sops.secrets."stalwart/ldap".path}}%";
auth = {
method = "lookup";
method = "default";
};
};
};
oidcConf = {
type = "oidc";
timeout = "1s";
endpoint.url = "https://keycloak.net.dn/realms/master/protocol/openid-connect/userinfo";
endpoint.method = "userinfo";
fields = {
email = "email";
username = "preferred_username";
full-name = "name";
};
};
})
];
}

11
system/dev/dn-pre7780/services/netbird.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }:
{
imports = [
(import ../expr/netbird.nix {
domain = "pre7780.dn";
coturnPassFile = config.sops.secrets."netbird/coturn/password".path;
idpSecret = config.sops.secrets."netbird/oidc/secret".path;
dataStoreEncryptionKey = config.sops.secrets."netbird/dataStoreKey".path;
})
];
}

4
system/dev/dn-pre7780/nginx.nix → system/dev/dn-pre7780/services/nginx.nix
View file

@ -9,9 +9,11 @@
acceptTerms = true;
defaults = {
validMinDays = 2;
webroot = null;
server = "https://ca.net.dn/acme/acme/directory";
renewInterval = "daily";
email = "danny@net.dn";
email = "danny@pre7780.dn";
dnsResolver = "10.0.0.1:53";
dnsProvider = "pdns";
dnsPropagationCheck = false;
environmentFile = config.sops.secrets."acme/pdns".path;

5
system/dev/dn-pre7780/services/wireguard.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
../../../modules/wireguard.nix
];
}

5
system/dev/dn-pre7780/sops/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./sops-conf.nix
];
}

12
system/dev/dn-pre7780/secret.yaml → system/dev/dn-pre7780/sops/secret.yaml
View file

@ -15,13 +15,17 @@ stalwart:
dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str]
ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str]
acme:
pdns: ENC[AES256_GCM,data:+InGSnaGIFVtDRlVltzWbZfquzodHUQrPeMRBnVNB9mrajlKr5dFK6DD8dXAvN7UjZFBfrgZefOPkmLR2ncLXGOV2Kl7jorVw50Y0f0iKl7mqwHaZKaQdk7cpGDkCrt/LvfbP9x7gVrs6pQpsU+c/P5rbBLRyejchh/WtiyzgowYIJxYohggeG09+l7YI3FR6U5wiymIRISpNBGEhwG0q17qdAhdtc49qP/K,iv:JcSlxAwHwU528S7iSpAnSbUZw7iO+LMjR3qGwRHp+Zk=,tag:twf2WOQb/yZ3GtN/hlikMA==,type:str]
pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str]
cloudflare:
secret: ENC[AES256_GCM,data:tritGdt3bWm/YtfdF2kO8qIBisa2rGF9/Dpl8R79e6REe//YKZFqFg==,iv:UG53JZ55+gDCPJzKjbVaWnpgOdvqcRoDUg8ef9xOV9A=,tag:JD3s28dsA9G2fqtz4soATA==,type:str]
netbird:
oidc:
secret: ENC[AES256_GCM,data:hSVMUEBL0kCvRLD3zd57SLhNIAFOR4eaJPcIIIIUJng=,iv:VhfseftQNlXSDCWuaYQUIklMUCkUbChyWbJl3qgD75M=,tag:vbqov0VgA0XNZfzcr3FZgA==,type:str]
dataStoreKey: ENC[AES256_GCM,data:vV2wgo5qFS+DC1NmOjVddZW9HAsRMpUFH+t/70iQ3A5YXkhbWoCeSxZDyAg=,iv:tKqh28qj8gqHfcb44Ej731w6NKi29X4iEwIOQ4ZcCzA=,tag:ObAxVrUctm6pbmXSQw7j5w==,type:str]
crowdsec:
lapi.yaml: ENC[AES256_GCM,data:BpDlz/liFYVZTA66TMWDifGfT4R9l0W9/LOU33rrPVC4YKeFbB1gIxqkUOEDl8fxsou5Jx/MQivyz90lE8yxbcGV/Zzx4ZJaHN+jz6mfM6mADEWp/nUcfO9tECijOhPPYt/8aE3py38NlFZuafZ2CwdL7RmDX7YCjpiIYxXaIjSv61WPD1SLkOkusnoA7bJZ2xmJ/dfEMXEA4LCCOfGQ,iv:922rrz94pD3/R1kGlQyIFkoq/fRSyxaIQ5qllldQMCY=,tag:AAPlwiQP4KMzHZmcMH76AQ==,type:str]
capi.yaml: ENC[AES256_GCM,data:UuBESeHfKEPSIzP7RPNES0BVWwJsmPqLP3QJbAeAcm6eQ3sRzUSrVxY8A2yoiLD2lnuJPy2BbYHJpBR7VSfs7oUCc7LljgAp1uB2GH1y8YE46xJLo0TDp873bZJdcsO00ozsbtmWlGWJm7HLrzIUEe0mAjBzZeXe1WDJByGeVqupNLwpXSMaos2ktHjXA6hTGAdE5iIxBAXI6qjldWjRnlqE,iv:hZ2nUaOipU7Top0vsn23yU0XWP9SKcoj85xFo5hD/mU=,tag:32E2o+FOJXM9aMnLQA6KYA==,type:str]
consoleToken: ENC[AES256_GCM,data:Q6QWWwcvLd8+ddwPMBzyB+X4gh8I53qSLA==,iv:JD48L59nQYttglAfuKL/lNBzWgBfj01rkIeP8pqmo70=,tag:6cxsQViDGuzjScKkBuO4Bw==,type:str]
sops:
age:
- recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
@ -33,7 +37,7 @@ sops:
MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w
lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-01T05:31:13Z"
mac: ENC[AES256_GCM,data:a3CkOEZUYSeRa6Zj+2EQnusgkOu2xHvGXhW9Pr5ny9sEiUF+S9jLQeS9vZpDNnQc5F/BRf/r0K7BTSwyoaAGZn3vsm3ruTGpajqV43Ji8PzG8BEApV0USwAn+gM8K4mMAEU9AjiqQ6k4Zf/dbYzv/rDtxVTdSbwcpM8KjIBv//Q=,iv:aCk+M3wigrbhCEHtf1K9vwByIYnTxBi7VD1XEIYgiL8=,tag:PtJN8KlPZbed0bgEcgSY0w==,type:str]
lastmodified: "2025-10-13T06:51:06Z"
mac: ENC[AES256_GCM,data:1+X8f7lPwN+ELJ4DmkTN71Kzvvh4V3yiMilOOnz4NCqLRPdtpiQQz8W4VXkOkBONV5816IOCU2Br4kiQnPAkPEiwpJZzWQItqomZTp4gErSGmmMpVf2lbCRfsU2Eg1tgAaS1ZRQx8/o1vSIJtoPVKiqYdYSsNDx2zbafWqn9+Rk=,iv:uZ4BWoJB6LazGy+RAzdhB8uUCSa109R4TdE6PguryR8=,tag:5G0GRihPQKl9n/fJjZr/Jw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2
version: 3.11.0

23
system/dev/dn-pre7780/sops-conf.nix → system/dev/dn-pre7780/sops/sops-conf.nix
View file

@ -10,17 +10,8 @@ in
owner = "nextcloud";
group = "nextcloud";
};
"openldap/adminPassword" = mkIf config.services.openldap.enable {
owner = config.users.users.openldap.name;
group = config.users.users.openldap.group;
mode = "0660";
};
"lam/env" = { };
"dovecot/openldap" = mkIf (config.services.postfix.enable && config.services.openldap.enable) {
owner = config.services.dovecot2.user;
group = config.services.dovecot2.group;
mode = "0660";
};
"netbird/oidc/secret" = mkIf config.services.netbird.server.dashboard.enable {
owner = "netbird";
@ -36,6 +27,18 @@ in
"acme/pdns" = mkIf (hasAttr "acme" config.users.users) {
owner = "acme";
};
"crowdsec/lapi.yaml" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
"crowdsec/capi.yaml" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
"crowdsec/consoleToken" = mkIf config.services.crowdsec.enable {
owner = "crowdsec";
mode = "0600";
};
}
// (optionalAttrs config.services.stalwart-mail.enable (
let

5
system/dev/dn-pre7780/utility/airplay.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
(import ../../../modules/airplay.nix { hostname = "pre7780"; })
];
}

11
system/dev/dn-pre7780/utility/blender.nix Normal file
View file

@ -0,0 +1,11 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
rustdesk
((blender.override { cudaSupport = true; }).overrideAttrs (prev: {
postInstall = ''
sed -i 's|Exec=blender %f|Exec=/run/current-system/sw/bin/nvidia-offload blender %f|' $out/share/applications/blender.desktop
'';
}))
];
}

5
system/dev/dn-pre7780/utility/davinci-resolve.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
../../../modules/davinci-resolve.nix
];
}

8
system/dev/dn-pre7780/utility/default.nix Normal file
View file

@ -0,0 +1,8 @@
{
imports = [
../../../modules/localsend.nix
./airplay.nix
./davinci-resolve.nix
./blender.nix
];
}

6
system/dev/dn-pre7780/virtualisation/default.nix Normal file
View file

@ -0,0 +1,6 @@
{
imports = [
../../../modules/virtualization.nix
../../../modules/wine.nix
];
}