dachxy/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: routine maintenance

Browse source
This commit is contained in:
danny 2025-11-23 16:24:38 +08:00
parent c45ba82b90
commit c7743490a7
75 changed files with 1200 additions and 634 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.sops.yaml
View file

@ -18,10 +18,23 @@ creation_rules:
- path_regex: system/dev/dn-lap/sops/secret.yaml - path_regex: system/dev/dn-lap/sops/secret.yaml
key_groups: key_groups:
- age: - age:
- *dn_server - *dn_pre7780
- *dn_lap - *dn_lap
- path_regex: system/dev/skydrive-lap/sops/secret.yaml - path_regex: system/dev/skydrive-lap/sops/secret.yaml
key_groups: key_groups:
- age: - age:
- *skydrive_lap - *skydrive_lap
- *dn_pre7780 - *dn_pre7780
- path_regex: system/dev/public/sops/dn-secret.yaml
key_groups:
- age:
- *dn_pre7780
- *dn_server
- *dn_lap
- path_regex: system/dev/public/sops/secret.yaml
key_groups:
- age:
- *dn_pre7780
- *dn_server
- *skydrive_lap
- *dn_lap

2
README.md
View file

@ -15,7 +15,7 @@
- [x] Hypridle - [x] Hypridle
- [x] Zen Browser - [x] Zen Browser
- [x] Swaync (Notification Center) - [x] Swaync (Notification Center)
- [x] Swww (Wallpaper) - [x] Awww (Wallpaper)
- [x] Ghostty (Terminal) - [x] Ghostty (Terminal)
- [x] SDDM (Display Manager) - [x] SDDM (Display Manager)
- [x] Fish (shell) - [x] Fish (shell)

487
flake.lock generated
View file

@ -8,11 +8,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1757826057, "lastModified": 1762920604,
"narHash": "sha256-KE6kxoDme82jgmPUE67mvs/kjQBTfSxIuMufuEUSUSo=", "narHash": "sha256-60YEo8f+P50eu4iCL7DWD8NPEvwZl6nimSTsNPqi1cU=",
"owner": "DACHXY", "owner": "DACHXY",
"repo": "actual-budget-api", "repo": "actual-budget-api",
"rev": "1c7a816cbfe17c5821b446b5582e88404cb23596", "rev": "eb107c928feb31e1162e25f59c08fabb1839ad90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -100,6 +100,28 @@
"type": "github" "type": "github"
} }
}, },
"awww": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1763732354,
"narHash": "sha256-o1O5GCgdkehrvqqvwfX53TCiES8k+z9Ac1JKuIUZfwo=",
"ref": "refs/heads/main",
"rev": "880d590d0e6e337cb96428edbedae81283ebec19",
"revCount": 1310,
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
},
"original": {
"type": "git",
"url": "https://codeberg.org/LGFae/awww"
}
},
"base16": { "base16": {
"inputs": { "inputs": {
"fromYaml": "fromYaml" "fromYaml": "fromYaml"
@ -121,16 +143,17 @@
"base16-fish": { "base16-fish": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1622559957, "lastModified": 1754405784,
"narHash": "sha256-PebymhVYbL8trDVVXxCvZgc0S5VxI7I1Hv4RMSquTpA=", "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=",
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "2f6dd973a9075dabccd26f1cded09508180bf5fe", "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "tomyun", "owner": "tomyun",
"repo": "base16-fish", "repo": "base16-fish",
"rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561",
"type": "github" "type": "github"
} }
}, },
@ -178,11 +201,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759542305, "lastModified": 1763172111,
"narHash": "sha256-ODiAXnQWTSSc0j2fkJ0JQBdjQktfcBTX//legwStGns=", "narHash": "sha256-QseFQKZgMq/kbHlrhfaNlwEyQ1H3J+UhnbgpAIEGpvA=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "cli", "repo": "cli",
"rev": "ebbd636b7962fa7fe41d406dcd1088958715161e", "rev": "d89c438284311e99148ece61054cd6f9bc8e8cb7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -200,11 +223,11 @@
"quickshell": "quickshell" "quickshell": "quickshell"
}, },
"locked": { "locked": {
"lastModified": 1759890778, "lastModified": 1763256383,
"narHash": "sha256-DzxhtmepaYmtDNI5LZUI6SroMn5XPV4wv8w83aVyeBo=", "narHash": "sha256-Vwct8SbZkfoTY0BbB0XVmXo5KsRIH4asV7QzXpjZ4b8=",
"owner": "caelestia-dots", "owner": "caelestia-dots",
"repo": "shell", "repo": "shell",
"rev": "7e878fd3731993ef693a163d17f03bf5415639a5", "rev": "58fe2962b6f515e879962953fcb4fcd9c8f39c32",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -219,14 +242,14 @@
"home-manager": "home-manager", "home-manager": "home-manager",
"jovian": "jovian", "jovian": "jovian",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay_2"
}, },
"locked": { "locked": {
"lastModified": 1760152188, "lastModified": 1763732117,
"narHash": "sha256-k9sqEYgJ2QH257T4p6MeKCHLYi2k9XH7Cjv8LPrtuvY=", "narHash": "sha256-/zBu6slgHtkuFZFJ4ReKS3NO6rdwEv4KcaYADkz6KyA=",
"owner": "chaotic-cx", "owner": "chaotic-cx",
"repo": "nyx", "repo": "nyx",
"rev": "3f06ccee77dcae294d48cf7741dd3647fc3613a7", "rev": "a34640558e83eb3ba0d52c52cb5ffd0465786e4b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -273,11 +296,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758287904, "lastModified": 1763651264,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "narHash": "sha256-8vvwZbw0s7YvBMJeyPVpWke6lg6ROgtts5N2/SMCcv4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "rev": "e86a89079587497174ccab6d0d142a65811a4fd9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -321,11 +344,11 @@
"flake-compat_2": { "flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1761588595,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -353,11 +376,11 @@
"flake-compat_4": { "flake-compat_4": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1696426674, "lastModified": 1747046372,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -369,11 +392,11 @@
"flake-compat_5": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1747046372, "lastModified": 1696426674,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -399,22 +422,6 @@
} }
}, },
"flake-compat_7": { "flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_8": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1751685974, "lastModified": 1751685974,
@ -430,22 +437,6 @@
"url": "https://git.lix.systems/lix-project/flake-compat.git" "url": "https://git.lix.systems/lix-project/flake-compat.git"
} }
}, },
"flake-compat_9": {
"flake": false,
"locked": {
"lastModified": 1747046372,
"narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": { "flake-parts": {
"inputs": { "inputs": {
"nixpkgs-lib": [ "nixpkgs-lib": [
@ -496,11 +487,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759362264, "lastModified": 1762980239,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "narHash": "sha256-8oNVE8TrD19ulHinjaqONf9QWCKK+w4url56cdStMpM=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "rev": "52a2caecc898d0b46b2b905f058ccc5081f842da",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -535,11 +526,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759362264, "lastModified": 1760948891,
"narHash": "sha256-wfG0S7pltlYyZTM+qqlhJ7GMw2fTF4mLKCIVhLii/4M=", "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "758cf7296bee11f1706a574c77d072b8a7baa881", "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -742,7 +733,7 @@
}, },
"ghostty": { "ghostty": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -751,11 +742,11 @@
"zon2nix": "zon2nix" "zon2nix": "zon2nix"
}, },
"locked": { "locked": {
"lastModified": 1760128918, "lastModified": 1763704826,
"narHash": "sha256-2BAJkbGXebSCxbe4KHdtpH4optMmptw7Ibw1Bs23TPc=", "narHash": "sha256-Q2ArFuRzdNqR8gK0g2eBfnwwPWmiIIU4TPWa+xNHtqc=",
"owner": "ghostty-org", "owner": "ghostty-org",
"repo": "ghostty", "repo": "ghostty",
"rev": "c5ad7563f92656ec02bd08856b46431f2e222e69", "rev": "5f3645433c0ba5910c7da1f25aaa07efc2c84b64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -764,29 +755,6 @@
"type": "github" "type": "github"
} }
}, },
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_6",
"gitignore": "gitignore_3",
"nixpkgs": [
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1759523803,
"narHash": "sha256-PTod9NG+i3XbbnBKMl/e5uHDBYpwIWivQ3gOWSEuIEM=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "cfc9f7bb163ad8542029d303e599c0f7eee09835",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -831,68 +799,23 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_3": {
"inputs": {
"nixpkgs": [
"neovim-nightly-overlay",
"git-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gnome-shell": { "gnome-shell": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1748186689, "host": "gitlab.gnome.org",
"narHash": "sha256-UaD7Y9f8iuLBMGHXeJlRu6U1Ggw5B9JnkFs3enZlap0=", "lastModified": 1762869044,
"narHash": "sha256-nwm/GJ2Syigf7VccLAZ66mFC8mZJFqpJmIxSGKl7+Ds=",
"owner": "GNOME", "owner": "GNOME",
"repo": "gnome-shell", "repo": "gnome-shell",
"rev": "8c88f917db0f1f0d80fa55206c863d3746fa18d0", "rev": "680e3d195a92203f28d4bf8c6e8bb537cc3ed4ad",
"type": "github" "type": "gitlab"
}, },
"original": { "original": {
"host": "gitlab.gnome.org",
"owner": "GNOME", "owner": "GNOME",
"ref": "48.2", "ref": "gnome-49",
"repo": "gnome-shell", "repo": "gnome-shell",
"type": "github" "type": "gitlab"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": [
"neovim-nightly-overlay",
"flake-parts"
],
"nixpkgs": [
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1758022363,
"narHash": "sha256-ENUhCRWgSX4ni751HieNuQoq06dJvApV/Nm89kh+/A0=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "1a3667d33e247ad35ca250698d63f49a5453d824",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
} }
}, },
"home-manager": { "home-manager": {
@ -903,11 +826,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1760061988, "lastModified": 1763416652,
"narHash": "sha256-CeuMo7fjWm3XaoK+b1PGyaVIlE1GHudoxk9jrJFvfbY=", "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c7f4214faca2f196c551b767c12a70bfa0614510", "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -923,11 +846,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1760130406, "lastModified": 1763416652,
"narHash": "sha256-GKMwBaFRw/C1p1VtjDz4DyhyzjKUWyi1K50bh8lgA2E=", "narHash": "sha256-8EBEEvtzQ11LCxpQHMNEBQAGtQiCu/pqP9zSovDSbNM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d305eece827a3fe317a2d70138f53feccaf890a1", "rev": "ea164b7c9ccdc2321379c2ff78fd4317b4c41312",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1072,11 +995,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1760143196, "lastModified": 1763732618,
"narHash": "sha256-UPKU7QXmJ8vJO59bGzT0UFhvncWb14odLJXzcvSu73U=", "narHash": "sha256-hvElpSNHbYSBsn/GoJV0RgAecpn3vcC5kJso34XqwJw=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprland-plugins", "repo": "hyprland-plugins",
"rev": "f6dd103dfb12f8939bf8049ee35a2b3eb7564dc3", "rev": "57961d69ad9725986290c8c0f2b0d118b645daee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1248,11 +1171,11 @@
"systems": "systems_5" "systems": "systems_5"
}, },
"locked": { "locked": {
"lastModified": 1760023949, "lastModified": 1761675634,
"narHash": "sha256-fu0B4duamVdbkPio/czu1XhsPLRXUJpZLDrSk3nih4U=", "narHash": "sha256-Et1jNDB2d3e0b4okIKuyAMktECS+5hk+vMAA7X598ao=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "hyprlock", "repo": "hyprlock",
"rev": "36ec73f166d9434a3f27c96c575198906f77644a", "rev": "98b86752fe4867bd14ef96a92ea788229af93130",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1370,11 +1293,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759815224, "lastModified": 1763453666,
"narHash": "sha256-HbdOyjqHm38j6o5mV24i0bn+r5ykS+VJBnWJuZ0fE+A=", "narHash": "sha256-Hu8lDUlbMFvcYX30LBXX7Gq5FbU35bERH0pSX5qHf/Q=",
"owner": "Jovian-Experiments", "owner": "Jovian-Experiments",
"repo": "Jovian-NixOS", "repo": "Jovian-NixOS",
"rev": "ee974f496a080c61b3164992c850f43741edcc52", "rev": "b843b551415c7aecc97c8b3ab3fff26fd0cd8bbf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1386,13 +1309,13 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane_2", "crane": "crane_2",
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"pre-commit-hooks-nix": "pre-commit-hooks-nix", "pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay_2" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1737639419, "lastModified": 1737639419,
@ -1416,11 +1339,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1761893234, "lastModified": 1763876586,
"narHash": "sha256-ePHBF/6fyfTSAMvAaES+LxaBIeW6weooAOXxqN1em0s=", "narHash": "sha256-bQ5KRepEVyvF81AlaLxn4IdFfzZJzBq221ix2Zmjtz4=",
"owner": "dachxy", "owner": "dachxy",
"repo": "nix-mail-server", "repo": "nix-mail-server",
"rev": "b8c26c666a14fcdf4d514c17a2362fc5d33c7358", "rev": "238e340ef58db602892e8cde114576612055520c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1454,11 +1377,11 @@
"spectrum": "spectrum" "spectrum": "spectrum"
}, },
"locked": { "locked": {
"lastModified": 1760115376, "lastModified": 1763429621,
"narHash": "sha256-DCKRMxudVOddhA0AlDmRLeoUmPONkUBYv1MiK7mWbY8=", "narHash": "sha256-xJD3vjEdDP+/XKLgPAkaX44s2xuiAeOhCdjs2jrALY4=",
"owner": "microvm-nix", "owner": "microvm-nix",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "5103fad040940b6b01891ed44b1d8bebd71249c6", "rev": "c4e4a264da114c618251b17eb4c959f86376e530",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1484,20 +1407,16 @@
}, },
"neovim-nightly-overlay": { "neovim-nightly-overlay": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_5",
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"git-hooks": "git-hooks",
"hercules-ci-effects": "hercules-ci-effects",
"neovim-src": "neovim-src", "neovim-src": "neovim-src",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4"
"treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1760168241, "lastModified": 1763683496,
"narHash": "sha256-87aML9i/zVm5WSCEx59PUpCrpkLbXEqcLEFPNn5+2iE=", "narHash": "sha256-k20voxbsi+899PeXlvWpKU5tcgNYfNqC52rgrh+MOto=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "d5ef90cf4577df3e3daef7e070d200cca64c889f", "rev": "1ddc8e956c8165df29735202b76bb0cfa827916d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1509,11 +1428,11 @@
"neovim-src": { "neovim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1760105690, "lastModified": 1763682595,
"narHash": "sha256-ZII7EvSnJueiV/a595uOsIdbWcXVWhO5pCvvJp2/mco=", "narHash": "sha256-/dUf5I0DyLvPgFzjJj0/lUHKZ2M1sVlbYCgudDabxIo=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "fafc329bbd1e15f9ab595568e8cd8b10295113dd", "rev": "a8b9660ca3452a27b68bf914f618df2d78b64180",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1573,11 +1492,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759637156, "lastModified": 1763265660,
"narHash": "sha256-8NI1SqntLfKl6Q0Luemc3aIboezSJElofUrqipF5g78=", "narHash": "sha256-Ad9Rd3ZAidrH01xP73S3CjPiyXo7ywZs3uCESjPwUdc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "0ca69684091aa3a6b1fe994c4afeff305b15e915", "rev": "469ef53571ea80890c9497952787920c79c1ee6e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1588,18 +1507,18 @@
}, },
"nix-minecraft": { "nix-minecraft": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_7", "flake-compat": "flake-compat_6",
"flake-utils": "flake-utils_5", "flake-utils": "flake-utils_5",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1760147325, "lastModified": 1763690461,
"narHash": "sha256-mBHP1GhvuRE/n8ZXh1lfh+Tn+5oOwB2zCuoPs2mM7IQ=", "narHash": "sha256-q3tHxrMu5BjSG8pE53dOevl4JmyhR73sICy/kJ0fYNk=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "701fd12530b71a059e7a130fb58b28cb15c38bfb", "rev": "106ec777ce9fb7e98c9d68d717c91d5d59ce497b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1614,11 +1533,11 @@
"nixpkgs": "nixpkgs_5" "nixpkgs": "nixpkgs_5"
}, },
"locked": { "locked": {
"lastModified": 1758135610, "lastModified": 1760307084,
"narHash": "sha256-z7Mt//II4pvOJ4hzbgNRErk/MpXzgkGQm7VimXDG/H8=", "narHash": "sha256-fhXbkH1iqLugr5zkuSgxUYziq5Q4f+QnV5eSag9La8g=",
"owner": "3timeslazy", "owner": "3timeslazy",
"repo": "nix-search-tv", "repo": "nix-search-tv",
"rev": "5bcc012b9f6ae069c984e994f85eb7976b4d58a3", "rev": "7499132c98e044e36bc73254d4179cff0d9d7768",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1654,14 +1573,14 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1759830669, "lastModified": 1761572354,
"narHash": "sha256-MvFhaBavW6beDnhDBiEBfWFDE1pat5kOgGeOPYE9zyk=", "narHash": "sha256-3aXsnYf/wXad8DRLTSTOlulS+65qp93eMo5R7pmaHi4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixd", "repo": "nixd",
"rev": "62c94242843cbed00ee4c5b2cd6e781b4a9b7854", "rev": "b9229d79b1cd722257c16027ea79d8f033c3aa4e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1672,11 +1591,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1760038930, "lastModified": 1763421233,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=", "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3", "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1732,11 +1651,11 @@
}, },
"nixpkgs-stable_3": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1760139962, "lastModified": 1763622513,
"narHash": "sha256-4xggC56Rub3WInz5eD7EZWXuLXpNvJiUPahGtMkwtuc=", "narHash": "sha256-1jQnuyu82FpiSxowrF/iFK6Toh9BYprfDqfs4BB+19M=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7e297ddff44a3cc93673bb38d0374df8d0ad73e4", "rev": "c58bc7f5459328e4afac201c5c4feb7c818d604b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1777,11 +1696,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1759977445, "lastModified": 1763618868,
"narHash": "sha256-LYr4IDfuihCkFAkSYz5//gT2r1ewcWBYgd5AxPzPLIo=", "narHash": "sha256-v5afmLjn/uyD9EQuPBn7nZuaZVV9r+JerayK/4wvdWA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2dad7af78a183b6c486702c18af8a9544f298377", "rev": "a8d610af3f1a5fb71e23e08434d8d61a466fc942",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1809,27 +1728,27 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1760103332, "lastModified": 1763421233,
"narHash": "sha256-BMsGVfKl4Q80Pr9T1AkCRljO1bpwCmY8rTBVj8XGuhA=", "narHash": "sha256-Stk9ZYRkGrnnpyJ4eqt9eQtdFWRRIvMxpNRf4sIegnw=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "870493f9a8cb0b074ae5b411b2f232015db19a65", "rev": "89c2b2330e733d6cdb5eae7b899326930c2c0648",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixpkgs-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_7": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1759570798, "lastModified": 1763191728,
"narHash": "sha256-kbkzsUKYzKhuvMOuxt/aTwWU2mnrwoY964yN3Y4dE98=", "narHash": "sha256-esRhOS0APE6k40Hs/jjReXg+rx+J5LkWw7cuWFKlwYA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0d4f673a88f8405ae14484e6a1ea870e0ba4ca26", "rev": "1d4c88323ac36805d09657d13a5273aea1b34f0c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1841,11 +1760,11 @@
}, },
"nixpkgs_8": { "nixpkgs_8": {
"locked": { "locked": {
"lastModified": 1756288264, "lastModified": 1762286042,
"narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=", "narHash": "sha256-OD5HsZ+sN7VvNucbrjiCz7CHF5zf9gP51YVJvPwYIH8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9", "rev": "12c1f0253aa9a54fdf8ec8aecaafada64a111e24",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1898,7 +1817,7 @@
}, },
"nvf": { "nvf": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_8", "flake-compat": "flake-compat_7",
"flake-parts": "flake-parts_5", "flake-parts": "flake-parts_5",
"mnw": "mnw", "mnw": "mnw",
"nixpkgs": [ "nixpkgs": [
@ -1907,11 +1826,11 @@
"systems": "systems_9" "systems": "systems_9"
}, },
"locked": { "locked": {
"lastModified": 1761112426, "lastModified": 1762622004,
"narHash": "sha256-fa3fIyXP3xQhsPaZX4WsFwPM9g64EMOucfDEC4o8Nwc=", "narHash": "sha256-NpzzgaoMK8aRHnndHWbYNKLcZN0r1y6icCoJvGoBsoE=",
"owner": "NotAShelf", "owner": "NotAShelf",
"repo": "nvf", "repo": "nvf",
"rev": "9b3e7bcf68ace2f07eb7478c40e45ce79332482b", "rev": "09470524a214ed26633ddc2b6ec0c9bf31a8b909",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -1922,7 +1841,7 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"gitignore": "gitignore", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"hyprland", "hyprland",
@ -1978,11 +1897,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759610621, "lastModified": 1763210607,
"narHash": "sha256-P3UPFd95mS/3aNgy40nCXAmyfR2bEEBd+tX6xfkYFb0=", "narHash": "sha256-gyEL9lw8oSbFbZ323vYUpIhcZLzudACEAQyCTkYh1WM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c5c438f1cd1a76660a8658ef929a3d19e968e2ce", "rev": "0a7dcf30eaf438aa1ec72a9017cdb952df03f005",
"revCount": 689, "revCount": 704,
"type": "git", "type": "git",
"url": "https://git.outfoxxed.me/outfoxxed/quickshell" "url": "https://git.outfoxxed.me/outfoxxed/quickshell"
}, },
@ -1996,6 +1915,7 @@
"actual-budget-api": "actual-budget-api", "actual-budget-api": "actual-budget-api",
"actual-budget-server": "actual-budget-server", "actual-budget-server": "actual-budget-server",
"attic": "attic", "attic": "attic",
"awww": "awww",
"caelestia-shell": "caelestia-shell", "caelestia-shell": "caelestia-shell",
"chaotic": "chaotic", "chaotic": "chaotic",
"disko": "disko", "disko": "disko",
@ -2017,9 +1937,9 @@
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable_3", "nixpkgs-stable": "nixpkgs-stable_3",
"nvf": "nvf", "nvf": "nvf",
"rust-overlay": "rust-overlay_4",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"stylix": "stylix", "stylix": "stylix",
"swww": "swww",
"yazi": "yazi", "yazi": "yazi",
"zen-browser": "zen-browser" "zen-browser": "zen-browser"
} }
@ -2027,16 +1947,16 @@
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"chaotic", "awww",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1760063676, "lastModified": 1761964689,
"narHash": "sha256-s5Fjh43skH2L+avOGioLmEHoYZffDbg3abV5h0gjeew=", "narHash": "sha256-Zo3LQQDz+64EQ9zor/WmeNTFLoZkjmhp0UY3G0D3seE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "897deed0923cc5a1d560c5176abe0d172ec9716d", "rev": "63d22578600f70d293aede6bc737efef60ebd97f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2046,6 +1966,27 @@
} }
}, },
"rust-overlay_2": { "rust-overlay_2": {
"inputs": {
"nixpkgs": [
"chaotic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1763433504,
"narHash": "sha256-cVid5UNpk88sPYHkLAA5aZEHOFQXSB/2L1vl18Aq7IM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "42ce16c6d8318a654d53f047c9400b7d902d6e61",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -2066,19 +2007,18 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_3": { "rust-overlay_4": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"swww",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1759199574, "lastModified": 1763692705,
"narHash": "sha256-w24RYly3VSVKp98rVfCI1nFYfQ0VoWmShtKPCbXgK6A=", "narHash": "sha256-tCKCyMYU0Vy+ph/xswlNsYXXjnFVweWBV+ew/5FS9tA=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "381776b12d0d125edd7c1930c2041a1471e586c0", "rev": "6fbf5d328dce1828d887b8ee7d44a785196a34e7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2087,7 +2027,7 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay_4": { "rust-overlay_5": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"yazi", "yazi",
@ -2095,11 +2035,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1756348497, "lastModified": 1762396738,
"narHash": "sha256-xJp3VnoYh4kpsaKFO/7SsGbwOz7pI1ZmjbqpXEuR2cw=", "narHash": "sha256-BarSecuxtzp1boERdABLkkoxQTi6s/V33lJwUbWLrLY=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "0adf92c70d23fb4f703aea5d3ebb51ac65994f7f", "rev": "c63598992afd54d215d54f2b764adc0484c2b159",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2113,11 +2053,11 @@
"nixpkgs": "nixpkgs_7" "nixpkgs": "nixpkgs_7"
}, },
"locked": { "locked": {
"lastModified": 1759635238, "lastModified": 1763607916,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=", "narHash": "sha256-VefBA1JWRXM929mBAFohFUtQJLUnEwZ2vmYUNkFnSjE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133", "rev": "877bb495a6f8faf0d89fc10bd142c4b7ed2bcc0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2163,11 +2103,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1759690047, "lastModified": 1763695782,
"narHash": "sha256-Vlpa0d1xOgPO9waHwxJNi6LcD2PYqB3EjwLRtSxXlHc=", "narHash": "sha256-XNc65mYmCzadkYlsahfvrhqRfIvQlX94PzTEjmO1yYo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "stylix", "repo": "stylix",
"rev": "09022804b2bcd217f3a41a644d26b23d30375d12", "rev": "57e963fd7901ddce320bbb8fdd910113e4a1fd31",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2176,28 +2116,6 @@
"type": "github" "type": "github"
} }
}, },
"swww": {
"inputs": {
"flake-compat": "flake-compat_9",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1759428786,
"narHash": "sha256-vn3/hpRTI330+yJOoow7wBWMUk2LbnYgyR0v4/LX08o=",
"owner": "LGFae",
"repo": "swww",
"rev": "b9aaba38c79e9915c62328861def7353f53dcdbd",
"type": "github"
},
"original": {
"owner": "LGFae",
"repo": "swww",
"type": "github"
}
},
"systems": { "systems": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
@ -2445,27 +2363,6 @@
} }
}, },
"treefmt-nix": { "treefmt-nix": {
"inputs": {
"nixpkgs": [
"neovim-nightly-overlay",
"nixpkgs"
]
},
"locked": {
"lastModified": 1760120816,
"narHash": "sha256-gq9rdocpmRZCwLS5vsHozwB6b5nrOBDNc2kkEaTXHfg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "761ae7aff00907b607125b2f57338b74177697ed",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixd", "nixd",
@ -2531,14 +2428,14 @@
"inputs": { "inputs": {
"flake-utils": "flake-utils_7", "flake-utils": "flake-utils_7",
"nixpkgs": "nixpkgs_8", "nixpkgs": "nixpkgs_8",
"rust-overlay": "rust-overlay_4" "rust-overlay": "rust-overlay_5"
}, },
"locked": { "locked": {
"lastModified": 1759765472, "lastModified": 1763600401,
"narHash": "sha256-YYfXBsw57fH6s/hXR24rv8/nr35oQl1CBH7p4WcK8RA=", "narHash": "sha256-druDd9HC3UxZSzCY+qaFp9QDCGfzrhv+Zrytia6lJUE=",
"owner": "sxyazi", "owner": "sxyazi",
"repo": "yazi", "repo": "yazi",
"rev": "554cb52cc581df9a41e0778ebd448925cd3aca55", "rev": "a08b345a02c6b4c65239a0522f67e77a0132e88b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2552,11 +2449,11 @@
"nixpkgs": "nixpkgs_9" "nixpkgs": "nixpkgs_9"
}, },
"locked": { "locked": {
"lastModified": 1759642033, "lastModified": 1763775611,
"narHash": "sha256-irUhy22si6jwWSj2AYkOOuf949P4PFMihVUvU1qt1Jo=", "narHash": "sha256-AmgDr9n3JAUwwG3b28oArHaDv5pDMos53D1uZFDl8os=",
"owner": "dachxy", "owner": "dachxy",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "7978da3c80968b1b61c97a3f3858640a8583bfb9", "rev": "bff2ec6219c2574fa9818b709a0b1e68eef42a6d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -2581,11 +2478,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1759192380, "lastModified": 1760401936,
"narHash": "sha256-0BWJgt4OSzxCESij5oo8WLWrPZ+1qLp8KUQe32QeV4Q=", "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=",
"owner": "mitchellh", "owner": "mitchellh",
"repo": "zig-overlay", "repo": "zig-overlay",
"rev": "0bcd1401ed43d10f10cbded49624206553e92f57", "rev": "365085b6652259753b598d43b723858184980bbe",
"type": "github" "type": "github"
}, },
"original": { "original": {

13
flake.nix
View file

@ -7,7 +7,7 @@
}; };
nixpkgs = { nixpkgs = {
url = "github:nixos/nixpkgs/nixpkgs-unstable"; url = "github:nixos/nixpkgs/nixos-unstable";
}; };
home-manager = { home-manager = {
@ -15,6 +15,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
rust-overlay = {
url = "github:oxalica/rust-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = { nix-index-database = {
url = "github:nix-community/nix-index-database"; url = "github:nix-community/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -69,8 +74,8 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
swww = { awww = {
url = "github:LGFae/swww"; url = "git+https://codeberg.org/LGFae/awww";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@ -186,7 +191,6 @@
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
inherit (conf) system;
inherit inherit
helper helper
inputs inputs
@ -203,6 +207,7 @@
inputs.mail-server.overlay inputs.mail-server.overlay
inputs.nix-minecraft.overlay inputs.nix-minecraft.overlay
inputs.nix-tmodloader.overlay inputs.nix-tmodloader.overlay
inputs.rust-overlay.overlays.default
] ]
++ (import ./pkgs/overlays); ++ (import ./pkgs/overlays);
} }

BIN
home/config/.face
View file

Binary file not shown.
Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 116 KiB

After

Width:  |  Height:  |  Size: 1.3 MiB

Before After
Before After

5
home/options/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./ntfy-client.nix
];
}

81
home/options/ntfy-client.nix Normal file
View file

@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
literalExpression
mkEnableOption
mkPackageOption
mkOption
types
mkIf
getExe'
;
cfg = config.services.ntfy-client;
in
{
options.services.ntfy-client = {
enable = mkEnableOption "enable ntfy client subscription";
package = mkPackageOption pkgs "ntfy-sh" { };
extraArgs = mkOption {
type = with types; listOf str;
default = [ ];
};
settings = mkOption {
type = with types; attrs;
description = "The settings for `client.yml`";
default = { };
example = literalExpression ''
{
default-host = "https://ntfy.sh";
subscribe = [
{
topic = "common";
command = ''\''notify-send "$m"''\'';
token = "$TOKEN";
}
];
}
'';
};
environmentFile = mkOption {
type = with types; path;
default = null;
description = "environmentFile contains secrets";
example = ''
/var/run/secrets
content:
NTFY_USER="username:password"
'';
};
};
config = mkIf cfg.enable (
let
configFile = (pkgs.formats.yaml { }).generate "ntfy-client.yml" cfg.settings;
in
{
systemd.user.services.ntfy-client = {
Unit.X-Restart-Triggers = [ config.xdg.configFile."ntfy/client.yml".source ];
Install = {
WantedBy = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${getExe' cfg.package "ntfy"} subscribe --from-config ${toString cfg.extraArgs}";
EnvironmentFile = [
cfg.environmentFile
];
};
};
xdg.configFile."ntfy/client.yml".source = configFile;
}
);
}

1
home/presets/basic.nix
View file

@ -1,6 +1,7 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
../options
../user/internationalisation.nix ../user/internationalisation.nix
../user/config.nix ../user/config.nix
../user/direnv.nix ../user/direnv.nix

2
home/scripts/mkWall.nix
View file

@ -10,7 +10,7 @@ let
curl -sL "$url" -o "$filepath" curl -sL "$url" -o "$filepath"
fi fi
${config.services.swww.package}/bin/swww img "$filepath" \ ${config.services.swww.package}/bin/awww img "$filepath" \
--transition-fps 45 \ --transition-fps 45 \
--transition-duration 1 \ --transition-duration 1 \
--transition-type random --transition-type random

15
home/scripts/ntfy.nix Normal file
View file

@ -0,0 +1,15 @@
{
config,
pkgs,
lib,
}:
let
inherit (lib) getExe';
in
pkgs.writeShellScriptBin "ntfy" ''
set -o allexport
source "${config.sops.secrets."ntfy".path}"
set +o allexport
${getExe' pkgs.ntfy-sh "ntfy"} "$@"
''

32
home/scripts/remoteRebuild.nix
View file

@ -1,4 +1,17 @@
{ pkgs, ... }: {
osConfig,
config,
pkgs,
}:
let
inherit (osConfig.networking) hostName;
shouldNotify =
(builtins.hasAttr "ntfy-client" config.services) && config.services.ntfy-client.enable;
rebuildCommand = ''
nixos-rebuild switch --target-host "$TARGET" \
--build-host "$BUILD" \
--sudo --ask-sudo-password $@'';
in
pkgs.writeShellScriptBin "rRebuild" '' pkgs.writeShellScriptBin "rRebuild" ''
TARGET=$1 TARGET=$1
BUILD=$2 BUILD=$2
@ -6,5 +19,20 @@ pkgs.writeShellScriptBin "rRebuild" ''
shift shift
shift shift
nixos-rebuild switch --target-host "$TARGET" --build-host "$BUILD" --sudo --ask-sudo-password $@ ${
if shouldNotify then
''
export NTFY_TITLE="🎯 $TARGET built by 🏗 ''\${BUILD:-${hostName}}"
export NTFY_TAGS="gear"
if ${rebuildCommand}
then
ntfy pub system-build " Build success" > /dev/null 2>&1
else
ntfy pub system-build " Build failed" > /dev/null 2>&1
fi
''
else
rebuildCommand
}
'' ''

1
home/user/config.nix
View file

@ -15,7 +15,6 @@ in
recursive = true; recursive = true;
source = "${configDir}/gh"; source = "${configDir}/gh";
}; };
".face".source = "${configDir}/.face";
}; };
xdg.mimeApps = { xdg.mimeApps = {

2
home/user/environment.nix
View file

@ -8,7 +8,7 @@
XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_DATA_HOME = "\${HOME}/.local/share";
XDG_DATA_DIRS = "\${XDG_DATA_DIRS}:/usr/share:/var/lib/flatpak/exports/share:\${HOME}/.local/share/flatpak/exports/share"; XDG_DATA_DIRS = "\${XDG_DATA_DIRS}:/usr/share";
WLR_RENDERER = "vulkan"; WLR_RENDERER = "vulkan";

6
home/user/git.nix
View file

@ -6,9 +6,9 @@
{ {
programs.git = { programs.git = {
enable = true; enable = true;
userName = username; settings = {
userEmail = email; user.name = username;
extraConfig = { user.email = email;
safe.directory = [ "/etc/nixos" ]; safe.directory = [ "/etc/nixos" ];
init.defaultBranch = "main"; init.defaultBranch = "main";
pull.rebase = true; pull.rebase = true;

5
home/user/hypr/bind.nix
View file

@ -2,7 +2,6 @@
{ {
osConfig, osConfig,
config, config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -18,6 +17,7 @@ let
browser = "${prefix}${browser-bin}"; browser = "${prefix}${browser-bin}";
terminal = "${prefix}ghostty"; terminal = "${prefix}ghostty";
filemanager = "${terminal} -e yazi"; filemanager = "${terminal} -e yazi";
mailClient = "${prefix}thunderbird";
screenshotFolder = "--output-folder ~/Pictures/Screenshots"; screenshotFolder = "--output-folder ~/Pictures/Screenshots";
clipboardOnly = "${screenshotFolder}"; clipboardOnly = "${screenshotFolder}";
@ -49,7 +49,8 @@ in
''CTRL ALT, T, exec, ${terminal}'' ''CTRL ALT, T, exec, ${terminal}''
''${mainMod}, Q, killactive, '' ''${mainMod}, Q, killactive, ''
''${mainMod}, M, exec, ${toggleWlogout}'' ''${mainMod} SHIFT, M, exec, ${toggleWlogout}''
''${mainMod}, M, exec, ${mailClient}''
''${mainMod}, E, exec, ${filemanager}'' ''${mainMod}, E, exec, ${filemanager}''
''${mainMod}, V, togglefloating, '' ''${mainMod}, V, togglefloating, ''
''ALT, SPACE, exec, rofi -config ~/.config/rofi/apps.rasi -show drun'' ''ALT, SPACE, exec, rofi -config ~/.config/rofi/apps.rasi -show drun''

11
home/user/hyprland.nix
View file

@ -3,11 +3,12 @@
lib, lib,
inputs, inputs,
config, config,
system,
osConfig, osConfig,
... ...
}: }:
let let
inherit (lib) mkForce escapeShellArgs getExe';
inherit (pkgs.stdenv.hostPlatform) system;
inherit (osConfig.systemConf) username; inherit (osConfig.systemConf) username;
inherit (osConfig.systemConf.hyprland) monitors; inherit (osConfig.systemConf.hyprland) monitors;
terminal = "ghostty"; terminal = "ghostty";
@ -64,7 +65,6 @@ in
plugins = ( plugins = (
with inputs.hyprland-plugins.packages.${system}; with inputs.hyprland-plugins.packages.${system};
[ [
xtra-dispatchers
hyprwinwrap hyprwinwrap
] ]
); );
@ -138,12 +138,15 @@ in
}; };
}; };
# === Swww === # # === Awww === #
services.swww = { services.swww = {
enable = true; enable = true;
package = inputs.swww.packages.${system}.swww; package = inputs.awww.packages.${system}.awww;
}; };
systemd.user.services.swww.Service.ExecStart =
mkForce "${getExe' config.services.swww.package "awww-daemon"} ${escapeShellArgs config.services.swww.extraArgs}";
# === hyprlock === # # === hyprlock === #
programs.hyprlock = { programs.hyprlock = {
enable = true; enable = true;

2
home/user/internationalisation.nix
View file

@ -8,7 +8,7 @@ let
addons = with pkgs; [ addons = with pkgs; [
fcitx5-gtk fcitx5-gtk
fcitx5-mozc # Japanese fcitx5-mozc # Japanese
fcitx5-chinese-addons qt6Packages.fcitx5-chinese-addons
fcitx5-rime # Bopomofo fcitx5-rime # Bopomofo
rime-data rime-data
]; ];

19
home/user/nvf/default.nix
View file

@ -28,16 +28,25 @@ in
imports = [ imports = [
./plugins/snacks-nvim ./plugins/snacks-nvim
./plugins/lualine ./plugins/lualine
./plugins/leetcode
./extra-lsp.nix ./extra-lsp.nix
]; ];
home.packages = with pkgs; [
(rust-bin.stable.latest.default.override {
extensions = [ "rust-src" ];
})
];
programs.nvf = { programs.nvf = {
enable = true; enable = true;
settings = { settings = {
vim = { vim = {
enableLuaLoader = true; enableLuaLoader = true;
vimAlias = true; vimAlias = true;
extraPackages = with pkgs; [ nixfmt ]; extraPackages = with pkgs; [
nixfmt
];
clipboard = { clipboard = {
enable = true; enable = true;
@ -380,12 +389,9 @@ in
enable = true; enable = true;
lsp = { lsp = {
enable = true; enable = true;
package = [
"rust-analyzer"
];
opts = '' opts = ''
['rust-analyzer'] = { ['rust-analyzer'] = {
cargo = {allFeature = true}, cargo = { allFeature = true },
checkOnSave = true, checkOnSave = true,
procMacro = { procMacro = {
enable = true, enable = true,
@ -528,7 +534,8 @@ in
yazi-nvim = { yazi-nvim = {
enable = true; enable = true;
mappings.openYaziDir = "<leader>e"; mappings.openYaziDir = "<leader>-";
mappings.openYazi = "<leader>e";
}; };
images = { images = {

72
home/user/nvf/plugins/leetcode/default.nix Normal file
View file

@ -0,0 +1,72 @@
{
lib,
config,
osConfig,
...
}:
let
inherit (lib.generators) mkLuaInline;
inherit (osConfig.systemConf) username;
relativeDir = "projects/leetcode";
dataDir = "${config.home.homeDirectory}/${relativeDir}";
in
{
programs.nvf.settings.vim.utility.leetcode-nvim = {
enable = true;
setupOpts = {
image_support = true;
lang = "rust";
plugins.non_standalone = true;
storage.home = mkLuaInline ''"${dataDir}"'';
injector = mkLuaInline ''
{
['rust'] = {
before = { '#[allow(dead_code)]', 'fn main() {}', '#[allow(dead_code)]', 'struct Solution;' },
}
}
'';
hooks."question_enter" = [
(mkLuaInline
# lua
''
function (question)
if question.lang ~= 'rust' then
return
end
local config = require("leetcode.config")
local problem_dir = config.user.storage.home .. "/Cargo.toml"
local content = [[
[package]
name = "leetcode"
edition = "2024"
[lib]
name = "%s"
path = "%s"
[dependencies]
rand = "0.8"
regex = "1"
itertools = "0.14.0"
]]
local file = io.open(problem_dir, "w")
if file then
local formatted = (content:gsub(" +", "")):format(question.q.frontend_id, question:path())
file:write(formatted)
file:close()
else
print("Failed to open file " .. problem_dir)
end
end
''
)
];
};
};
systemd.user.tmpfiles.rules = [
"d ${dataDir} 0744 ${username} users -"
];
}

81
home/user/packages.nix
View file

@ -1,12 +1,10 @@
{ {
pkgs, pkgs,
lib,
inputs, inputs,
system,
osConfig,
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
md2html = pkgs.callPackage ../scripts/md2html.nix { }; md2html = pkgs.callPackage ../scripts/md2html.nix { };
ghosttyShaders = pkgs.fetchFromGitHub { ghosttyShaders = pkgs.fetchFromGitHub {
owner = "sahaj-b"; owner = "sahaj-b";
@ -60,61 +58,46 @@ in
}; };
}; };
home.packages = home.packages = with pkgs; [
with pkgs; obsidian
[
obsidian
# Discord # Discord
# vesktop # vesktop
discord discord
# Dev stuff # Dev stuff
(python3.withPackages (python-pkgs: [ (python3.withPackages (python-pkgs: [
python-pkgs.pip python-pkgs.pip
python-pkgs.requests python-pkgs.requests
])) ]))
# Work stuff # Work stuff
libreoffice-qt libreoffice-qt
pandoc pandoc
# Bluetooth # Bluetooth
blueberry blueberry
# Downloads # Downloads
qbittorrent qbittorrent
# Utils # Utils
cava cava
papirus-folders papirus-folders
inkscape inkscape
# PDF Preview # PDF Preview
poppler poppler
trash-cli trash-cli
# File Manager # File Manager
nemo nemo
# Thumbnail thunderbird
ffmpegthumbnailer
thunderbird # Thumbnail
ffmpegthumbnailer
md2html md2html
] ];
++ (
if osConfig.programs.steam.enable then
[
steam-run
protonup
]
else
[ ]
);
home.sessionVariables = lib.mkIf osConfig.programs.steam.enable {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
};
} }

15
home/user/shell.nix
View file

@ -1,9 +1,17 @@
{ osConfig, pkgs, ... }: {
osConfig,
config,
pkgs,
...
}:
let let
shellAlias = import ./shellAlias.nix { hostname = osConfig.networking.hostName; }; remoteRebuld = import ../scripts/remoteRebuild.nix { inherit osConfig config pkgs; };
remoteRebuld = pkgs.callPackage ../scripts/remoteRebuild.nix { };
in in
{ {
imports = [
./shellAlias.nix
];
home.packages = with pkgs; [ home.packages = with pkgs; [
# Shell # Shell
grc grc
@ -34,7 +42,6 @@ in
src = pkgs.fishPlugins.hydro.src; src = pkgs.fishPlugins.hydro.src;
} }
]; ];
shellAliases = shellAlias;
}; };
bash = { bash = {

81
home/user/shellAlias.nix
View file

@ -1,27 +1,68 @@
{ hostname }:
{ {
ls = "exa --icons"; osConfig,
lp = "exa"; # Pure output config,
cat = "bat"; pkgs,
g = "git"; ...
t = "tmux"; }:
let
hostname = osConfig.networking.hostName;
# Nixos shouldNotify =
rebuild = "sudo nixos-rebuild switch --flake /etc/nixos#${hostname}"; (builtins.hasAttr "ntfy-client" config.services) && config.services.ntfy-client.enable;
fullClean = "sudo nix store gc && sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot";
# Hyprland rebuildCommand = ''
hyprlog = "grep -v \"arranged\" $XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/hyprland.log | cat"; sudo nixos-rebuild switch --target-host "$TARGET" \
--build-host "$BUILD" \
--sudo --ask-sudo-password $@'';
# Systemd Boot rebuild = pkgs.writeShellScriptBin "rebuild" ''
setWin = "sudo bootctl set-oneshot auto-windows"; ${
goWin = "sudo bootctl set-oneshot auto-windows && reboot"; if shouldNotify then
goBios = "sudo bootctl set-oneshot auto-reboot-to-firmware-setup && reboot"; ''
export NTFY_TITLE="🎯 ${hostname}"
export NTFY_TAGS="gear"
# TTY if ${rebuildCommand}
hideTTY = ''sudo sh -c "echo 0 > /sys/class/graphics/fb0/blank"''; then
showTTY = ''sudo sh -c "echo 1 > /sys/class/graphics/fb0/blank"''; ntfy pub system-build " Build success" > /dev/null 2>&1
else
ntfy pub system-build " Build failed" > /dev/null 2>&1
fi
''
else
rebuildCommand
}
'';
in
{
home.packages = [
rebuild
];
# Recover from hyprlock corruption programs.fish.shellAliases = {
letMeIn = ''hyprctl --instance 0 "keyword misc:allow_session_lock_restore 1" && hyprctl --instance 0 dispatch "exec hyprlock"''; ls = "exa --icons";
lp = "exa"; # Pure output
cat = "bat";
g = "git";
t = "tmux";
podt = "podman-tui";
# Nixos
fullClean = "sudo nix store gc && sudo nix-collect-garbage -d && sudo /run/current-system/bin/switch-to-configuration boot";
# Hyprland
hyprlog = "grep -v \"arranged\" $XDG_RUNTIME_DIR/hypr/$HYPRLAND_INSTANCE_SIGNATURE/hyprland.log | cat";
# Systemd Boot
setWin = "sudo bootctl set-oneshot auto-windows";
goWin = "sudo bootctl set-oneshot auto-windows && reboot";
goBios = "sudo bootctl set-oneshot auto-reboot-to-firmware-setup && reboot";
# TTY
hideTTY = ''sudo sh -c "echo 0 > /sys/class/graphics/fb0/blank"'';
showTTY = ''sudo sh -c "echo 1 > /sys/class/graphics/fb0/blank"'';
# Recover from hyprlock corruption
letMeIn = ''hyprctl --instance 0 "keyword misc:allow_session_lock_restore 1" && hyprctl --instance 0 dispatch "exec hyprlock"'';
};
} }

8
home/user/waybar.nix
View file

@ -4,7 +4,6 @@
{ {
osConfig, osConfig,
config, config,
username,
lib, lib,
pkgs, pkgs,
helper, helper,
@ -72,7 +71,7 @@ let
exit 1 exit 1
fi fi
${config.services.swww.package}/bin/swww img "$selected" --transition-fps 45 --transition-duration 1 --transition-type random ${config.services.swww.package}/bin/awww img "$selected" --transition-fps 45 --transition-duration 1 --transition-type random
''; '';
rbwSelector = import ../scripts/rbwSelector.nix { inherit pkgs; }; rbwSelector = import ../scripts/rbwSelector.nix { inherit pkgs; };
@ -84,11 +83,6 @@ in
mkWall mkWall
]; ];
# For wallpapers
systemd.user.tmpfiles.rules = [
"d /tmp/wall_cache 700 ${username} -"
];
# === gamemoded -r === # # === gamemoded -r === #
systemd.user.services.gamemodedr = lib.mkIf osConfig.programs.gamemode.enable { systemd.user.services.gamemodedr = lib.mkIf osConfig.programs.gamemode.enable {
Service = { Service = {

14
home/user/yazi.nix
View file

@ -1,11 +1,12 @@
{ {
inputs, inputs,
system, config,
pkgs, pkgs,
lib, lib,
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
yaziPlugins = pkgs.fetchFromGitHub { yaziPlugins = pkgs.fetchFromGitHub {
owner = "yazi-rs"; owner = "yazi-rs";
repo = "plugins"; repo = "plugins";
@ -63,7 +64,7 @@ in
opener = { opener = {
set-wallpaper = [ set-wallpaper = [
{ {
run = ''${pkgs.swww}/bin/swww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; run = ''${config.services.swww.package}/bin/awww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random'';
for = "linux"; for = "linux";
desc = "Set as wallpaper"; desc = "Set as wallpaper";
} }
@ -111,7 +112,7 @@ in
"g" "g"
"w" "w"
]; ];
run = ''shell -- ${pkgs.swww}/bin/swww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random''; run = ''shell -- ${config.services.swww.package}/bin/awww img "$1" --transition-fps 45 --transition-duration 1 --transition-type random'';
desc = "Set as wallpaper"; desc = "Set as wallpaper";
} }
# Git Changes # Git Changes
@ -178,9 +179,7 @@ in
"c" "c"
"D" "D"
]; ];
run = '' run = ''shell 'ripdrag "$0" "$@" -x 2>/dev/null &' --confirm'';
shell '${pkgs.ripdrag.out}/bin/ripdrag "$@" -x 2>/dev/null &' --confirm
'';
desc = "Drag the file"; desc = "Drag the file";
} }
# Start terminal # Start terminal
@ -214,7 +213,7 @@ in
{ {
on = [ on = [
"F" # file "F" # file
"m" # markdown "M" # markdown
"H" # html "H" # html
]; ];
for = "unix"; for = "unix";
@ -251,5 +250,6 @@ in
home.packages = with pkgs; [ home.packages = with pkgs; [
ueberzugpp ueberzugpp
pdfNormalize pdfNormalize
ripdrag
]; ];
} }

13
options/systemconf.nix
View file

@ -1,6 +1,5 @@
{ {
inputs, inputs,
system,
config, config,
pkgs, pkgs,
helper, helper,
@ -8,6 +7,7 @@
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
inherit (lib) inherit (lib)
mkOption mkOption
mkEnableOption mkEnableOption
@ -63,6 +63,12 @@ in
description = "Hostname for system"; description = "Hostname for system";
}; };
face = mkOption {
type = with types; nullOr path;
description = "User avatar";
default = null;
};
domain = mkOption { domain = mkOption {
type = types.str; type = types.str;
default = "local"; default = "local";
@ -140,6 +146,7 @@ in
imports = [ imports = [
inputs.hyprland.homeManagerModules.default inputs.hyprland.homeManagerModules.default
inputs.caelestia-shell.homeManagerModules.default inputs.caelestia-shell.homeManagerModules.default
inputs.sops-nix.homeManagerModules.default
inputs.zen-browser.homeManagerModules.${system}.default inputs.zen-browser.homeManagerModules.${system}.default
inputs.nvf.homeManagerModules.default inputs.nvf.homeManagerModules.default
{ {
@ -148,6 +155,10 @@ in
stateVersion = stateVersion; stateVersion = stateVersion;
}; };
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.file.".face" = mkIf (cfg.face != null) {
source = cfg.face;
};
} }
] ]
++ (optionals cfg.hyprland.enable [ ++ (optionals cfg.hyprland.enable [

4
pkgs/overlays/default.nix
View file

@ -1,5 +1,5 @@
[ [
(import ./vesktop.nix) (import ./vesktop.nix)
(import ./powerdns-admin.nix) # (import ./powerdns-admin.nix)
(import ./stalwart-mail) # (import ./stalwart-mail)
] ]

35
pkgs/patches/nextcloud_recognize_models_path.patch
View file

@ -1,35 +0,0 @@
diff --git a/lib/Service/DownloadModelsService.php b/lib/Service/DownloadModelsService.php
index 64e4223..ac939a3 100755
--- a/lib/Service/DownloadModelsService.php
+++ b/lib/Service/DownloadModelsService.php
@@ -27,7 +27,7 @@ final class DownloadModelsService {
* @throws \Exception
*/
public function download() : void {
- $targetPath = __DIR__ . '/../../models';
+ $targetPath = "/var/lib/nextcloud/models";
if (file_exists($targetPath)) {
// remove models directory
$it = new RecursiveDirectoryIterator($targetPath, FilesystemIterator::SKIP_DOTS);
@@ -44,7 +44,7 @@ final class DownloadModelsService {
}
$archiveUrl = $this->getArchiveUrl($this->getNeededArchiveRef());
- $archivePath = __DIR__ . '/../../models.tar.gz';
+ $archivePath = "/var/lib/nextcloud/models.tar.gz";
$timeout = $this->isCLI ? 0 : 480;
$this->clientService->newClient()->get($archiveUrl, ['sink' => $archivePath, 'timeout' => $timeout]);
$tarManager = new TAR($archivePath);
diff --git a/lib/Settings/AdminSettings.php b/lib/Settings/AdminSettings.php
index 83f8a76..ac73d29 100755
--- a/lib/Settings/AdminSettings.php
+++ b/lib/Settings/AdminSettings.php
@@ -28,7 +28,7 @@ final class AdminSettings implements ISettings {
$settings = $this->settingsService->getAll();
$this->initialState->provideInitialState('settings', $settings);
- $modelsPath = __DIR__ . '/../../models';
+ $modelsPath = "/var/lib/nextcloud/models";
$modelsDownloaded = file_exists($modelsPath);
$this->initialState->provideInitialState('modelsDownloaded', $modelsDownloaded);

3
system/dev/dn-lap/default.nix
View file

@ -8,6 +8,7 @@ in
{ {
systemConf = { systemConf = {
inherit hostname username; inherit hostname username;
face = ../../../home/config/.face;
domain = "net.dn"; domain = "net.dn";
hyprland = { hyprland = {
enable = true; enable = true;
@ -23,6 +24,8 @@ in
imports = [ imports = [
../../modules/presets/basic.nix ../../modules/presets/basic.nix
../public/dn
../public/dn/ntfy.nix
./common ./common
./games ./games
./home ./home

26
system/dev/dn-lap/sops/secret.yaml
View file

@ -2,25 +2,25 @@ wireguard:
wg0.conf: ENC[AES256_GCM,data:drqs+CkZVZH4K87jWZLy33NuqPeqLkyTp6mDoxcOsEYGaIR38pommv4TSynAOvrUC3dCw9O+qLHEiSwlJGoZOQKFzHxUefKrCtkRMCE3ytDKFmJbLoKT/GPxnOOenIm8JxKX6nsLaqCk36ODXzTA8iU8ICN2zqoCiodjx72Ge2KckQzSak04v28B6viuzfl8zipD1Fetm72sOBTX0I0WwoziDBBL77x1hX/8POob3ISrTejhik18dxAPLB9H3iVl1aOHhszsrAYB26IfujY/FxRqIrn8v+H2aFen3oowRjd/wTPtc/rLZj/7n6/Sl3NDzOE+jIYYG7yym7lkUM9Z,iv:oS01iUSG0ufUzIsfPD/jF3/TPEDDBp+CnnLQnyze8dM=,tag:mtmY3OVz3k7eu5Lxe14KLg==,type:str] wg0.conf: ENC[AES256_GCM,data:drqs+CkZVZH4K87jWZLy33NuqPeqLkyTp6mDoxcOsEYGaIR38pommv4TSynAOvrUC3dCw9O+qLHEiSwlJGoZOQKFzHxUefKrCtkRMCE3ytDKFmJbLoKT/GPxnOOenIm8JxKX6nsLaqCk36ODXzTA8iU8ICN2zqoCiodjx72Ge2KckQzSak04v28B6viuzfl8zipD1Fetm72sOBTX0I0WwoziDBBL77x1hX/8POob3ISrTejhik18dxAPLB9H3iVl1aOHhszsrAYB26IfujY/FxRqIrn8v+H2aFen3oowRjd/wTPtc/rLZj/7n6/Sl3NDzOE+jIYYG7yym7lkUM9Z,iv:oS01iUSG0ufUzIsfPD/jF3/TPEDDBp+CnnLQnyze8dM=,tag:mtmY3OVz3k7eu5Lxe14KLg==,type:str]
sops: sops:
age: age:
- recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkczZGckdvWVdlaFFxQmox YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeGx5aDZOeVBDSWpjUlV4
eWM5eGtoOHIvbTlEc0RnSVN1REVMSTBXZURrCktDeUxMZUY1cHRtKzRLTDNDUU9E WEZuK3JBQnVySmQySFd4dnNKRkdVR01pVVRNClE2WXQveG9aaTZJUHVHaUdoOFht
aldkcFZ2a0ZzUXdOSjZWeHVPZ1FJY1UKLS0tIGZZTlk4OWtZcERXME5YNk96cmc5 VENZMHF0eHkzb0VTUEN2TW5OYjBxS0UKLS0tIGlOb1VYdHhMMVd5L0RCSEVabzMx
M3RPbkRxSFRXeEU5MFZxLzl4clpabDAKiCaiEKZwaCUGi6DRtzb786c8qB+EiiCn Q2wvRjV5SGQwZ3ZRNmYzSW5pdlJNTE0Kyg2/VqHJngn/n+OJbIDSn4fy+KjanN2o
YHrCvm5F72vAmDAozqtTjZM1Dt4yQDxPNMWKFyUzxY0TDpboGrgBHA== AufQbRG46T4kXeOwmtMp+5oRIrxKMibu8bvQpR6DjsHs0xmXhhlFAw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
- recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
enc: | enc: |
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1SzNGcVFkSS93VnQyUlZw YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0N3pUMHNWVGxwOWFKVS9a
YkM0U1BUTTF4ajY5VU5LOHpYbTBaYnBsUFZnCmx2a0R1VCtkcTUrT2VNMGRRc29H dEYzREFSdkR0bldMSEV0b3dZMnlsQUE1RTNVCllPblJUMG90RlViZ2N1RU1TS2tO
R1hVSHNDSjlwdk1RUXZYdkpFeUFkY1EKLS0tIDdVdU92STZIN0JmK0ZPeldsYlRG UnlHS0IzT3E3bER4eEg4SlQ5QjNZQ1UKLS0tIGhtTTlUZHVrbUZiRHZCbEt1K2w0
eWFnVWcrUVpRVDQveTloWk9LVm4yd28KppalVePvXwPks+2TKHqG8a+uZjpgQo3I V09NYXpBYXBtYWdBajJubmVFL2loY0EKJdYKQHPriOT0eouvRUiCyqLSTzugUZxl
edhrdNan56Ly5mLFyXmGlww88nqQMTZq4DODtyfF4+rRlyv0i4AEEg== BFTwfCez1/K2ERKQkKsMfIARbHaI2SRyDxM2O1IJ+DOIJ2383K6Gvw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-15T08:06:35Z" lastmodified: "2025-11-21T12:34:30Z"
mac: ENC[AES256_GCM,data:sinK5N+aY4PwsqtHhyAI5a6YU7uhKkh5APrtQorgCYHJ1Q3p3Fit//UOnY86kK/CiXS/OQ6oZZi5XjJOKULThp8X2JSu1iAdBK2Sl11AD1kGyDb69vuYr3PlAFWDdp5mbjMAPACukUpeiIL9jfZWL06WqzGSz73hDHP3T90BZAE=,iv:bcT/JWtuy74/5B/S4vzEgv8Vcnw8aMGNr8f2ON7uJI0=,tag:iA/iW+TFxyW1PWZKtr+Kqw==,type:str] mac: ENC[AES256_GCM,data:LUqoXWMhmQQgqq1AX7I2v7z58ywstjWzsVTav9iu0RrkCxeB1u5V90E4tcnfjtquLwjiabpLSRpkUXE33DhqcgxLIklX0Cpld5TK1Bsdn8DXyKk1Lhfdf3OL7cn14kb4CqXTNlDyqwM+BBsYmdFQzPjb8IPiD9y+mTO5yHuAta0=,iv:mbHhZdv+0lDI9cNUsI3oatwbItQ6Xfvgm0UMQdu9FKA=,tag:aPFWPwahvMjBojzthZZ6vQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

3
system/dev/dn-pre7780/default.nix
View file

@ -55,6 +55,9 @@ in
imports = [ imports = [
../../modules/presets/basic.nix ../../modules/presets/basic.nix
../public/dn
../public/dn/ntfy.nix
./expr
./common ./common
./games ./games
./home ./home

3
system/dev/dn-pre7780/expr/default.nix
View file

@ -1,5 +1,6 @@
{ {
imports = [ imports = [
./netbird.nix # ./netbird.nix
./osx-kvm.nix
]; ];
} }

14
system/dev/dn-pre7780/expr/osx-kvm.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, ... }:
let
inherit (config.systemConf) username;
in
{
virtualisation.libvirtd.enable = true;
users.extraUsers."${username}".extraGroups = [ "libvirtd" ];
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_msrs=1 report_ignored_msrs=0
'';
}

3
system/dev/dn-pre7780/expr/vm-settings.nix
View file

@ -2,9 +2,10 @@
pkgs, pkgs,
lib, lib,
inputs, inputs,
system,
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
vmList = vmList =
let let
kubeMasterIP = "192.168.0.6"; kubeMasterIP = "192.168.0.6";

16
system/dev/dn-pre7780/games/game.nix
View file

@ -2,11 +2,9 @@
pkgs, pkgs,
pkgs-stable, pkgs-stable,
config, config,
inputs,
... ...
}: }:
let let
protonGEVersion = "10-15";
# ==== Needed for special import ==== # # ==== Needed for special import ==== #
shadps4-7 = pkgs.shadps4.overrideAttrs (_: rec { shadps4-7 = pkgs.shadps4.overrideAttrs (_: rec {
version = "0.7.0"; version = "0.7.0";
@ -39,20 +37,6 @@ in
echo "AUTOEXEC LOADED SUCCESSFULLY!" echo "AUTOEXEC LOADED SUCCESSFULLY!"
host_writeconfig host_writeconfig
''; '';
# Proton GE
".steam/root/compatibilitytools.d/GE-Proton${protonGEVersion}" = {
source = fetchTarball {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${protonGEVersion}/GE-Proton${protonGEVersion}.tar.gz";
sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm";
};
};
".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = {
source = fetchTarball {
url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz";
sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz";
};
};
}; };
}; };
}; };

6
system/dev/dn-pre7780/home/default.nix
View file

@ -1,4 +1,8 @@
{ config, lib, ... }: {
config,
lib,
...
}:
let let
inherit (lib) optionalString; inherit (lib) optionalString;
inherit (config.systemConf) username; inherit (config.systemConf) username;

1
system/dev/dn-pre7780/services/default.nix
View file

@ -4,6 +4,7 @@
./mail.nix ./mail.nix
./nginx.nix ./nginx.nix
./wireguard.nix ./wireguard.nix
./nextcloud.nix
# ./netbird.nix # ./netbird.nix
]; ];
} }

178
system/dev/dn-pre7780/services/mail.nix
View file

@ -1,35 +1,42 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
let let
domain = "daccc.info"; inherit (lib) mkIf;
fqdn = "mx1.daccc.info"; mkCondition = (
condition: ithen: ielse: [
{
"if" = condition;
"then" = ithen;
}
{ "else" = ielse; }
]
);
rspamdWebPort = 11333;
rspamdPort = 31009;
domain = "dnywe.com";
fqdn = "mx1.dnywe.com";
rspamdSecretFile = config.sops.secrets."rspamd".path;
rspamdSecretPath = "/run/rspamd/rspamd-controller-password.inc";
in in
{ {
networking.firewall.allowedTCPPorts = [ 8080 ]; networking.firewall.allowedTCPPorts = [ 8080 ];
imports = [ imports = [
(import ../../../modules/stalwart.nix { (import ../../../modules/stalwart.nix {
inherit domain; inherit domain;
enableNginx = false; enableNginx = false;
dkimKey = config.sops.secrets."stalwart/dkimKey".path;
adminPassFile = config.sops.secrets."stalwart/adminPassword".path; adminPassFile = config.sops.secrets."stalwart/adminPassword".path;
dbPassFile = config.sops.secrets."stalwart/db".path; certs."default" = {
acmeConf = {
directory = "https://acme-v02.api.letsencrypt.org/directory";
origin = "${domain}";
contact = "admin@${domain}";
domains = [
domain
fqdn
];
challenge = "dns-01";
cache = "${config.services.stalwart-mail.dataDir}/acme";
default = true; default = true;
provider = "cloudflare"; cert = "%{file:${config.security.acme.certs.${fqdn}.directory}/cert.pem}%";
renew-before = "30d"; private-key = "%{file:${config.security.acme.certs.${fqdn}.directory}/key.pem}%";
secret = "%{file:${config.sops.secrets."cloudflare/secret".path}}%";
}; };
ldapConf = { ldapConf = {
type = "ldap"; type = "ldap";
@ -39,17 +46,19 @@ in
base-dn = "ou=people,dc=net,dc=dn"; base-dn = "ou=people,dc=net,dc=dn";
attributes = { attributes = {
name = "uid"; name = "uid";
email = "mailRoutingAddress"; email = "mail";
email-alias = "mailRoutingAddress";
secret = "userPassword"; secret = "userPassword";
description = [ description = [
"cn" "cn"
"description" "description"
]; ];
class = "objectClass"; class = "objectClass";
groups = [ "memberOf" ];
}; };
filter = { filter = {
name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)(mailRoutingAddress=?)))"; name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)(mailRoutingAddress=?)))";
email = "(&(objectClass=inetOrgPerson)(mailRoutingAddress=?))"; email = "(&(objectClass=inetOrgPerson)(|(mailRoutingAddress=?)(mail=?)))";
}; };
bind = { bind = {
dn = "cn=admin,dc=net,dc=dn"; dn = "cn=admin,dc=net,dc=dn";
@ -62,4 +71,135 @@ in
}) })
]; ];
services.stalwart-mail.settings.spam-filter.enable = !config.services.rspamd.enable;
services.stalwart-mail.settings.session.milter."rspamd" = mkIf config.services.rspamd.enable {
enable = mkCondition "listener = 'smtp'" true false;
hostname = "127.0.0.1";
port = rspamdPort;
stages = [
"connect"
"ehlo"
"mail"
"rcpt"
"data"
];
tls = false;
allow-invalid-certs = false;
options = {
tempfail-on-error = true;
max-response-size = 52428800; # 50mb
version = 6;
};
};
services.rspamd = {
enable = true;
locals = {
"redis.conf".text = ''
servers = "${config.services.redis.servers.rspamd.unixSocket}";
'';
"classifier-bayes.conf".text = ''
backend = "redis";
autolearn = true;
'';
"dkim_signing.conf".text = ''
enabled = false;
'';
"milter_headers.conf".text = ''
enabled = true;
extended_spam_headers = true;
skip_local = false;
use = ["x-spamd-bar", "x-spam-level", "x-spam-status", "authentication-results", "x-spamd-result"];
authenticated_headers = ["authentication-results"];
'';
};
localLuaRules =
pkgs.writeText "rspamd-local.lua"
# lua
''
-- Temporary fix for double dot issue rspamd#5273
local lua_util = require("lua_util")
rspamd_config.UNQUALIFY_SENDER_HOSTNAME = {
callback = function(task)
local hn = task:get_hostname()
if not hn then return end
local san_hn = string.gsub(hn, "%.$", "")
if hn ~= san_hn then
task:set_hostname(san_hn)
end
end,
type = "prefilter",
priority = lua_util.symbols_priorities.top + 1,
}
'';
workers = {
rspamd_proxy = {
type = "rspamd_proxy";
includes = [ "$CONFDIR/worker-proxy.inc" ];
bindSockets = [
"*:${toString rspamdPort}"
];
extraConfig = ''
self_scan = yes;
'';
};
controller = {
type = "controller";
includes = [
"$CONFDIR/worker-controller.inc"
];
extraConfig = ''
.include(try=true; priority=1,duplicate=merge) "${rspamdSecretPath}"
'';
bindSockets = [ "127.0.0.1:${toString rspamdWebPort}" ];
};
};
overrides."whitelist.conf".text = ''
whiltelist_from {
${domain} = true;
}
'';
};
systemd.services.rspamd = mkIf config.services.rspamd.enable {
path = [
pkgs.rspamd
pkgs.coreutils
];
serviceConfig = {
ExecStartPre = [
"${pkgs.writeShellScript "generate-rspamd-passwordfile" ''
RSPAMD_PASSWORD_HASH=$(rspamadm pw --password $(cat ${rspamdSecretFile}))
echo "enable_password = \"$RSPAMD_PASSWORD_HASH\";" > ${rspamdSecretPath}
chmod 770 "${rspamdSecretPath}"
''}"
];
};
};
services.redis.servers.rspamd = {
enable = true;
port = 0;
user = config.services.rspamd.user;
};
security.acme = {
acceptTerms = true;
certs."${fqdn}" = {
inheritDefaults = false;
group = config.systemd.services.stalwart-mail.serviceConfig.Group;
dnsProvider = "cloudflare";
dnsResolver = "1.1.1.1:53";
server = "https://acme-v02.api.letsencrypt.org/directory";
validMinDays = 30;
email = "dachxy@${domain}";
extraDomainNames = [ domain ];
environmentFile = config.sops.secrets."cloudflare/secret".path;
postRun = ''
systemctl reload stalwart-mail
'';
};
};
} }

87
system/dev/dn-pre7780/services/nextcloud.nix Normal file
View file

@ -0,0 +1,87 @@
{
config,
lib,
pkgs,
...
}:
let
hostname = "drive.dnywe.com";
port = 31007;
in
{
imports = [
(import ../../../modules/nextcloud.nix {
configureACME = false;
hostname = hostname;
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
trusted-domains = [
hostname
];
trusted-proxies = [ "10.0.0.0/24" ];
whiteboardSecrets = [
config.sops.secrets."nextcloud/whiteboard".path
];
})
];
services.nextcloud = {
https = lib.mkForce false;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) spreed;
twofactor_totp = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz";
sha256 = "sha256-Wa2P6tpp75IxCsTG4B5DQ8+iTzR7yjKBi4ZDBcv+AOI=";
license = "agpl3Plus";
};
twofactor_nextcloud_notification = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.9.0/twofactor_nextcloud_notification-v3.9.0.tar.gz";
sha256 = "sha256-4fXWgDeiup5/Gm9hdZDj/u07rp/Nzwly53aLUT/d0IU=";
license = "agpl3Plus";
};
twofactor_email = pkgs.fetchNextcloudApp {
url = "https://github.com/nursoda/twofactor_email/releases/download/2.8.2/twofactor_email.tar.gz";
sha256 = "sha256-zk5DYNwoIRTIWrchWDiCHuvAST2kuIoow6VaHAAzYog=";
license = "agpl3Plus";
};
};
};
users.groups.signaling = {
};
users.users.signaling = {
isSystemUser = true;
group = "signaling";
};
systemd.services.nextcloud-spreed-signaling = {
requiredBy = [
"multi-users.target"
"phpfpm-nextcloud.service"
];
serviceConfig = {
User = "signaling";
Group = "signaling";
ExecStart = "${lib.getExe' pkgs.nextcloud-spreed-signaling "server"} --config ${
config.sops.secrets."nextcloud/signaling.conf".path
}";
};
};
services.nats = {
enable = true;
settings = {
host = "127.0.0.1";
};
};
services.nginx.virtualHosts."${hostname}".listen = lib.mkForce [
{
port = port;
addr = "0.0.0.0";
}
];
}

13
system/dev/dn-pre7780/sops/secret.yaml
View file

@ -3,7 +3,9 @@ wireguard:
dovecot: dovecot:
openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str] openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str]
nextcloud: nextcloud:
adminPassword: ENC[AES256_GCM,data:8LjI2/vQ9aHQfZSMumnjBw==,iv:1hfhKz58v10JfPgipueQVOtlCgBXwruA00BOkhjuN/E=,tag:y/vqcztye4Xlokpbm/jHiw==,type:str] adminPassword: ENC[AES256_GCM,data:69NrA/iP0sfrkdv8ahv7I+ZY,iv:/TXTs0fZw64HELdGr5CzgToO2L2G2mCNdN4Zexz8p+o=,tag:p2hNTxv1xdYmEJ6ZAO3w3Q==,type:str]
whiteboard: ENC[AES256_GCM,data:qcZOLX1qJyciKm+4uuOVIopZXG70Jg9Grc07SCjG5ww9DK0myzdqlfWeZKdTsOyTBLMyCE9K7lC5rtBFeSv3ZeqkAUXTQt9QiAN05+tTpHk=,iv:v6fgSz/eh8MZANSbLbeSrKVOdX09pHYZ599BK8Ug2Lo=,tag:JTezfqrInm82K3gB0zpniw==,type:str]
signaling.conf: ENC[AES256_GCM,data:Ede61FM7k3VQHt4hO7O4UOE0p5nHk8lYsqaNWh8ZxfdGRJoMoLJYFcJs8nemAj1AGCh1Ep4ehtgQGcFfILUcek280m4paSIfaE2cwsI+1F+diXn98YmsmiR3swryw518gmfTZ7DrHlns7EWr/Udflz91F5+CKAuPNKtsYRSkB4KmJmEc4k2ioPus7hHEz/edLqA4mob/DuRXrWmFkDtlEj4I9aS5CJpyeDrsYoticnp5/QCWBnpxN2itqvbwjspid085Us7p4wbrM7Di/gPjj0D84Hw4biOLWSHm1oMRXqXIBP3ntPvvKJ2sKy7czcbeIGeJAIwEctStG7hqLAv3bfxiMn8DQ8eNp/xWw6tnwYklS4KCBJbDUucGvNcSx41JLCm+TShxaPIv/l6y+Z7Hkvri1WW2WSRvRsMFFEy3PrZLu0GstESYyARBrVdJ+OdaEtt3tthYLCUQcTT5xd484TTEyF9z3d5CBPC62BXZBdFRyEPD696nXV0ztVTBz2oWCmD6jHL0v+nTn3sojTDet0vmPo6o6cE0RqX6G/oVx+Y9l52QirFxOaNALk3R1l/lvXhDhlrAp8EldGhfnZf8y7X2HoC/XHQud9pA0N89Xrgp/Ak+9d+tRtmr4icLNVtwBg91md9P1tCyqPTUGR3JHc1KtmDHVI3NqgekUAmHrNRE5m633fchV2sTYSOfvdtL,iv:/xlMQoexPA9rXIlMd7bTQY1ojHuprBX/5quVSnNslvI=,tag:geAR+vPBmDB37/oSnnpqSA==,type:str]
openldap: openldap:
adminPassword: ENC[AES256_GCM,data:jEGuzgs5QTWfdyJenC3t3g==,iv:StfFOcvbDapnma6eAlpaGiBWnqiD3I/wfQsMBzufol0=,tag:892q7N4KrsSQoZYGy6CQrA==,type:str] adminPassword: ENC[AES256_GCM,data:jEGuzgs5QTWfdyJenC3t3g==,iv:StfFOcvbDapnma6eAlpaGiBWnqiD3I/wfQsMBzufol0=,tag:892q7N4KrsSQoZYGy6CQrA==,type:str]
lam: lam:
@ -11,13 +13,11 @@ lam:
stalwart: stalwart:
adminPassword: ENC[AES256_GCM,data:hHQlmztndbB8Ct5Zig8BChz1,iv:kDgSVglIKxEghV/lkcKKxKCzgwVJqcH4l8aXYt7k+W8=,tag:vD14vP2iJEOG4WR6djab1A==,type:str] adminPassword: ENC[AES256_GCM,data:hHQlmztndbB8Ct5Zig8BChz1,iv:kDgSVglIKxEghV/lkcKKxKCzgwVJqcH4l8aXYt7k+W8=,tag:vD14vP2iJEOG4WR6djab1A==,type:str]
tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str] tsig: ENC[AES256_GCM,data:wxsM/dbkW2fNf86b6TsLRNAce19h7mBEuSzFT84aIlaVZA/S29g1U4/CAwD4b+h/XfBgpZQCJf/9yT3yo6dbGAIAk5UgjV2cNY9pO1/uF1T6xoKDgfRZxA==,iv:9BvP8vQkTTEaNgYUPfQcfEMcWqDyD045EPBr7NyHmO4=,tag:coBBAe62kpe/L0S6V8NhXg==,type:str]
db: ENC[AES256_GCM,data:ZRZ2ZzUotYMe2GfkMS7o7dz0aGg=,iv:ys6ogueueESp0y6A+hUG9zTnqmCVobuIzyqA4WVtewo=,tag:p74G+8XhMcpgDnIfh1aXTg==,type:str]
dkimKey: ENC[AES256_GCM,data:oi+XvZ9hMMsgMtFnGPMbVBGagkwQzcPQDi1b0Zd54615V5yuOLHZxpLT5Z3LYlCOQmOcrCaIwn8lQKIZbAuAq6HDUVlNabjgnHeoq3XRIvcswO/B9pljL/22JCZleSrWSBh+WE+RwQIcqUIr0eNerXCUaAQLTE8lYn6mJMa/OoHJJ3R498OGyM/8rbuIMfKj5eqJnctsd9lRWeNmiq7hpQKJ8syLXMsRM9y79NJTPGJrIAJ/5F8SfUJ256/S2N25Cq61pkaXWxTcZzXFgAGU/sa3zsY86BRwEnFEVRMnygJWrVZW/ABYgRjL99r6OBQM8WTFpE8cK9GZTpylTm+QCS9lHsAA2rnUfLTs/09z41klbGSAu5jfokM5jhyFIjmDm9h3hEk4l0F4KTWgQ7avWqGVx4yVPktrVS6eh6W7+I0V6BOUhzH0Pp9xXWwhbFrMPYAYK5MQSLAS5nd3RCQWrxZwWh//ATiWdngUeWPyObxXSTmoV254k230sT39jQmqmTK5zIkOBvokPps9q3nPq1i3UIkSAXo0ZWI+GHiL1rnzJkMMGViugJdGEwUf8nWlYMcYkHmDRUZam6DIxzkf5svtd+kbDTxRa4GzeJrOYizgwDGpD5vRA9u8i7MYBS1Rhw3UVqZ9gkjtv8mqoOkDqVnHVnS2UPtsircecvjHmhu4Tq4hn8phX3F+2I8lhXUIalzPng5zjPGNUcDT+SoCbNeHuSWDDmMYQtzM3/xwae9quP9FXhr9IGGygmFUPGsl3cuxSJ3+Cq9/Hhd7bnTYnxYfv781qTmZsFclMUWNxUJQWLJ+5BQz6u1zW64wh+5SHUGrw7CHFsdgNAKv7YN+GJMNTHOjZr9RTL9R8opDm8Iho5IyQjMP401+DY30mOCq03WKJiC8qehgoaH16ssNV6ZuoHldu2N6JKmiwywgTRq8zQEo8jPnro772CQ9Tg0/5PnkhdlLdphDEIp60IbM+XWqMNwHY57fm6U+81PcgtsoRmI5OklrrhQjv+1aRgz0vRM80FOHMv7kxgEdNkb1x15B4g0ocBXEdLuxJEVaW4uWlP9EIivXOWwaPZf1QjT8ISuUQlFMXvtNj/V3SraW3K1bErJL5JnI16z803kdoAqYijf3IrRK49SKoCq6B2V8yo8iCRod2GFt1P3ADKb/uvJ6iCBSlFRFwiJYr8qu7TPXFCpsoySEmr1edBQdAkzXxFZLDMczHq2BzUo2RPfwtDubG1GMWxzrbZ1T6N3j1+GXiyTX7XuKdpSpFlXtPuJcCIrX4D4xnjv1SqqXEcKJO9oUcdMK6+Eem7wtVDBDDYpWellT+bLmtouvdEgjYE8VG5UGJJ5NpYoJAce9c7RE5/ozuvUH+uMfqfb8igZQlBMl6hbqO7j8m11i+ijS9T6Wu2DCSVIqqBHu8bouz1vyfq8l/whJCl1BkaZtiE5+NLkHoYSOuXGtVvEuXwMhvCWdnkxJtHZxxXQuCcBcVkD9Edg0YTslGv+XUvaYRlfZUqypqYZ9zJ21en9XPK3zafZ5gRLdY0xhXN4OKbGrXXL4cm5jfroTeez9iIL4fJGcA80PRHUGoLfK7ht2z0Lq3U91F4jz5KEhbaDtWDcMryr1Bwb6UXgLrezNM290g8J3GpXLBAdvqDXK79jSdPNqptGYt++VDeCdtA+P3z9K6aMWZzPURkLXxZ1bWy5YXP03MIkUpZWsc5lQmccUiyFe/Y+d9RSAZClmVxsQAY5y90d42EhkrOag06geziV9aaxgr57LdoPJQabD48bIbFFvimhV2DS3Gf/7gFtCXlm9oZiIqSHG+1TMKRp8XVwn6f70d76/Ba5Uiu0EX8V2x0Dsnin6GGynMBFCPKPXssHRe71SfRVxPJrzlLjtfTdPuzW5Q2k/U//z9SWd6Ao3+mzsbTC8MAYGeIzeE4GdsTs4ViEQWg5sSMSfjeKOFfgpTQi20LGomjF4gtTfnchEUBcUAarV6+hT/inYG2SlglyWwr2+LE3Ua5FWRXsZu4tBHcfE0axIb6Ju5KeogPVPo6cNoJCR2XLPNQakB9ONniCxPTW6zOx8h/A2UeIWMgbAn/jNYdd4kFu1IWBAQaZg5kSg1KmSAtnKgFmhb8A0Ope8h5fKfdX5tf0ulW0bjBz+rqNf2FQwcB/ScuEc65LSX+b0bzvIILuZfSRytFQpaQ4svjjA6mP4VIRoPRkkRl+gTEO+Ue4No4VZGE9+YdRFZ7OmtH6S1e5vu1rBiLuTVayHjuSWRu0OmxDiErP6uXPy8Q==,iv:Q5g9kxJKEKLHge2mcgk/UnTNMDFjzeLFLNjlY8KWe60=,tag:yL03NWRK2whOxNjcR3cPyA==,type:str]
ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str] ldap: ENC[AES256_GCM,data:ygOPMCNIxvWxE9dPBeKGbA==,iv:t+p1/vjEZNDTw7LcaitzYv2xCPtlf/mmQhqXT1OFKXs=,tag:uPYp259FHZu5fut+Bc9eSA==,type:str]
acme: acme:
pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str] pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str]
cloudflare: cloudflare:
secret: ENC[AES256_GCM,data:tritGdt3bWm/YtfdF2kO8qIBisa2rGF9/Dpl8R79e6REe//YKZFqFg==,iv:UG53JZ55+gDCPJzKjbVaWnpgOdvqcRoDUg8ef9xOV9A=,tag:JD3s28dsA9G2fqtz4soATA==,type:str] secret: ENC[AES256_GCM,data:Ktk7BtyjaDeOc4Okflz/ZBYpJ7Uy1SeEBV6ofWcToZsvCDT6aTVxGrAKEHIE/eknvnyWOFeSQv/z/Q==,iv:x2ymbLwa1E2FzdomISeyhchya5bowgieO/XuOnoi81w=,tag:Nj+1DRnbvcwiLiEeu2WaRQ==,type:str]
netbird: netbird:
oidc: oidc:
secret: ENC[AES256_GCM,data:hSVMUEBL0kCvRLD3zd57SLhNIAFOR4eaJPcIIIIUJng=,iv:VhfseftQNlXSDCWuaYQUIklMUCkUbChyWbJl3qgD75M=,tag:vbqov0VgA0XNZfzcr3FZgA==,type:str] secret: ENC[AES256_GCM,data:hSVMUEBL0kCvRLD3zd57SLhNIAFOR4eaJPcIIIIUJng=,iv:VhfseftQNlXSDCWuaYQUIklMUCkUbChyWbJl3qgD75M=,tag:vbqov0VgA0XNZfzcr3FZgA==,type:str]
@ -26,6 +26,7 @@ crowdsec:
lapi.yaml: ENC[AES256_GCM,data:BpDlz/liFYVZTA66TMWDifGfT4R9l0W9/LOU33rrPVC4YKeFbB1gIxqkUOEDl8fxsou5Jx/MQivyz90lE8yxbcGV/Zzx4ZJaHN+jz6mfM6mADEWp/nUcfO9tECijOhPPYt/8aE3py38NlFZuafZ2CwdL7RmDX7YCjpiIYxXaIjSv61WPD1SLkOkusnoA7bJZ2xmJ/dfEMXEA4LCCOfGQ,iv:922rrz94pD3/R1kGlQyIFkoq/fRSyxaIQ5qllldQMCY=,tag:AAPlwiQP4KMzHZmcMH76AQ==,type:str] lapi.yaml: ENC[AES256_GCM,data:BpDlz/liFYVZTA66TMWDifGfT4R9l0W9/LOU33rrPVC4YKeFbB1gIxqkUOEDl8fxsou5Jx/MQivyz90lE8yxbcGV/Zzx4ZJaHN+jz6mfM6mADEWp/nUcfO9tECijOhPPYt/8aE3py38NlFZuafZ2CwdL7RmDX7YCjpiIYxXaIjSv61WPD1SLkOkusnoA7bJZ2xmJ/dfEMXEA4LCCOfGQ,iv:922rrz94pD3/R1kGlQyIFkoq/fRSyxaIQ5qllldQMCY=,tag:AAPlwiQP4KMzHZmcMH76AQ==,type:str]
capi.yaml: ENC[AES256_GCM,data:UuBESeHfKEPSIzP7RPNES0BVWwJsmPqLP3QJbAeAcm6eQ3sRzUSrVxY8A2yoiLD2lnuJPy2BbYHJpBR7VSfs7oUCc7LljgAp1uB2GH1y8YE46xJLo0TDp873bZJdcsO00ozsbtmWlGWJm7HLrzIUEe0mAjBzZeXe1WDJByGeVqupNLwpXSMaos2ktHjXA6hTGAdE5iIxBAXI6qjldWjRnlqE,iv:hZ2nUaOipU7Top0vsn23yU0XWP9SKcoj85xFo5hD/mU=,tag:32E2o+FOJXM9aMnLQA6KYA==,type:str] capi.yaml: ENC[AES256_GCM,data:UuBESeHfKEPSIzP7RPNES0BVWwJsmPqLP3QJbAeAcm6eQ3sRzUSrVxY8A2yoiLD2lnuJPy2BbYHJpBR7VSfs7oUCc7LljgAp1uB2GH1y8YE46xJLo0TDp873bZJdcsO00ozsbtmWlGWJm7HLrzIUEe0mAjBzZeXe1WDJByGeVqupNLwpXSMaos2ktHjXA6hTGAdE5iIxBAXI6qjldWjRnlqE,iv:hZ2nUaOipU7Top0vsn23yU0XWP9SKcoj85xFo5hD/mU=,tag:32E2o+FOJXM9aMnLQA6KYA==,type:str]
consoleToken: ENC[AES256_GCM,data:Q6QWWwcvLd8+ddwPMBzyB+X4gh8I53qSLA==,iv:JD48L59nQYttglAfuKL/lNBzWgBfj01rkIeP8pqmo70=,tag:6cxsQViDGuzjScKkBuO4Bw==,type:str] consoleToken: ENC[AES256_GCM,data:Q6QWWwcvLd8+ddwPMBzyB+X4gh8I53qSLA==,iv:JD48L59nQYttglAfuKL/lNBzWgBfj01rkIeP8pqmo70=,tag:6cxsQViDGuzjScKkBuO4Bw==,type:str]
rspamd: ENC[AES256_GCM,data:8DryYdMyhzBqwqcbYUQ=,iv:5w21u3xqshRSf8IJbG16/Gf6AC2Zw6VnI3MOchN+w8A=,tag:OiiYUDT69SZObgOh1qCL0g==,type:str]
sops: sops:
age: age:
- recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
@ -37,7 +38,7 @@ sops:
MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w
lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-13T06:51:06Z" lastmodified: "2025-11-22T10:29:33Z"
mac: ENC[AES256_GCM,data:1+X8f7lPwN+ELJ4DmkTN71Kzvvh4V3yiMilOOnz4NCqLRPdtpiQQz8W4VXkOkBONV5816IOCU2Br4kiQnPAkPEiwpJZzWQItqomZTp4gErSGmmMpVf2lbCRfsU2Eg1tgAaS1ZRQx8/o1vSIJtoPVKiqYdYSsNDx2zbafWqn9+Rk=,iv:uZ4BWoJB6LazGy+RAzdhB8uUCSa109R4TdE6PguryR8=,tag:5G0GRihPQKl9n/fJjZr/Jw==,type:str] mac: ENC[AES256_GCM,data:hcqqPP7EEDrFWwKU3Yl0XM6h17pLXBsmISMd94qYzaxmT/nKnF5bn8dq6M1C9t0Q0vvLjrPm94Gv2HPPJOX960whYMfwuXv/RkORJGb4qXdkXsGJaCrR9M51HArrd7Ba3pjoEyp3Jz9xTNrqg8kCDphBs0oZRV6dQDJUTdLbR50=,iv:eH5T27fthAad/dM5NxXyQawiVmTGgwJbeRXAiut9kL4=,tag:3lGkJMZKo8O1Zm1fB3DJ9Q==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

26
system/dev/dn-pre7780/sops/sops-conf.nix
View file

@ -10,6 +10,14 @@ in
owner = "nextcloud"; owner = "nextcloud";
group = "nextcloud"; group = "nextcloud";
}; };
"nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable {
owner = "signaling";
group = "signaling";
mode = "0640";
};
"nextcloud/whiteboard" = mkIf config.services.nextcloud.enable {
owner = "nextcloud";
};
"lam/env" = { }; "lam/env" = { };
@ -39,6 +47,15 @@ in
owner = "crowdsec"; owner = "crowdsec";
mode = "0600"; mode = "0600";
}; };
"cloudflare/secret" = mkIf (hasAttr "acme" config.users.users) {
owner = "acme";
mode = "0600";
};
"rspamd" = mkIf config.services.rspamd.enable {
owner = config.services.rspamd.user;
group = config.services.rspamd.group;
mode = "0660";
};
} }
// (optionalAttrs config.services.stalwart-mail.enable ( // (optionalAttrs config.services.stalwart-mail.enable (
let let
@ -52,15 +69,6 @@ in
"stalwart/tsig" = { "stalwart/tsig" = {
inherit group owner; inherit group owner;
}; };
"stalwart/db" = {
inherit group owner;
};
"stalwart/dkimKey" = {
inherit group owner;
};
"cloudflare/secret" = {
inherit group owner;
};
"stalwart/ldap" = { "stalwart/ldap" = {
inherit group owner; inherit group owner;
}; };

2
system/dev/dn-pre7780/utility/default.nix
View file

@ -3,6 +3,6 @@
../../../modules/localsend.nix ../../../modules/localsend.nix
./airplay.nix ./airplay.nix
./davinci-resolve.nix ./davinci-resolve.nix
./blender.nix # ./blender.nix
]; ];
} }

3
system/dev/dn-server/default.nix
View file

@ -19,6 +19,8 @@ in
"maps.rspamd.com" "maps.rspamd.com"
"cdn-hub.crowdsec.net" "cdn-hub.crowdsec.net"
"api.crowdsec.net" "api.crowdsec.net"
"mx1.daccc.info"
"mx1.dnywe.com"
]; ];
allowedIPs = [ allowedIPs = [
"10.0.0.0/24" "10.0.0.0/24"
@ -43,6 +45,7 @@ in
''; '';
imports = [ imports = [
../public/dn/default.nix
./common ./common
./home ./home
./network ./network

12
system/dev/dn-server/network/services.nix
View file

@ -384,7 +384,15 @@ in
"test.local." = "127.0.0.1:5359"; "test.local." = "127.0.0.1:5359";
}; };
forwardZonesRecurse = { forwardZonesRecurse = {
"." = "168.95.1.1"; # ==== Rspamd DNS ==== #
"multi.uribl.com." = "168.95.1.1";
"score.senderscore.com." = "168.95.1.1";
"list.dnswl.org." = "168.95.1.1";
"dwl.dnswl.org." = "168.95.1.1";
# ==== Others ==== #
"tw." = "168.95.1.1";
"." = "8.8.8.8";
}; };
dnssecValidation = "off"; dnssecValidation = "off";
dns.allowFrom = [ dns.allowFrom = [
@ -395,6 +403,7 @@ in
dns.port = 5300; dns.port = 5300;
yaml-settings = { yaml-settings = {
webservice.webserver = true; webservice.webserver = true;
recordcache.max_negative_ttl = 60;
}; };
}; };
@ -451,7 +460,6 @@ in
virtualisation = { virtualisation = {
oci-containers = { oci-containers = {
backend = "docker";
containers = { containers = {
uptime-kuma = { uptime-kuma = {
extraOptions = [ "--network=host" ]; extraOptions = [ "--network=host" ];

3
system/dev/dn-server/nix/atticd.nix
View file

@ -1,10 +1,11 @@
{ {
pkgs,
config, config,
inputs, inputs,
system,
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
listenPort = 30098; listenPort = 30098;
in in
{ {

2
system/dev/dn-server/options/network.nix
View file

@ -58,7 +58,7 @@ in
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnBootSec = 10; OnBootSec = 10;
OnUnitActiveSec = 60; OnUnitActiveSec = 360;
}; };
}; };

2
system/dev/dn-server/services/default.nix
View file

@ -3,7 +3,7 @@
imports = [ imports = [
./actual-budget.nix ./actual-budget.nix
./bitwarden.nix ./bitwarden.nix
./docmost.nix # ./docmost.nix
./mail-server.nix ./mail-server.nix
./nextcloud.nix ./nextcloud.nix
./paperless-ngx.nix ./paperless-ngx.nix

53
system/dev/dn-server/services/mail-server.nix
View file

@ -1,5 +1,6 @@
{ config, ... }: { config, lib, ... }:
let let
inherit (lib) mkForce;
inherit (config.systemConf) username; inherit (config.systemConf) username;
in in
{ {
@ -46,6 +47,30 @@ in
''; '';
secretFile = config.sops.secrets."ldap/password".path; secretFile = config.sops.secrets."ldap/password".path;
webSecretFile = config.sops.secrets."ldap/env".path; webSecretFile = config.sops.secrets."ldap/env".path;
olcAccess =
let
olcDN = "dc=net,dc=dn";
in
[
''
{0}to attrs=userPassword
by peername="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by dn.exact="cn=admin,${olcDN}" manage
by dn.exact="uid=admin,ou=people,${olcDN}" manage
by self write
by anonymous auth
by * none
''
''
{1}to *
by peername="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage
by dn.exact="cn=admin,${olcDN}" manage
by dn.exact="uid=admin,ou=people,${olcDN}" manage
by self read
by anonymous auth
by * none
''
];
}; };
rspamd = { rspamd = {
secretFile = config.sops.secrets."rspamd".path; secretFile = config.sops.secrets."rspamd".path;
@ -55,4 +80,30 @@ in
enable = true; enable = true;
}; };
}; };
services.openldap.settings.attrs.olcLogLevel = mkForce "config";
services.postfix.settings.main = {
# internal_mail_filter_classes = [ "bounce" ];
};
services.rspamd = {
locals."logging.conf".text = ''
level = "debug";
'';
locals."settings.conf".text = ''
bounce {
id = "bounce";
priority = high;
ip = "127.0.0.1";
selector = 'smtp_from.regexp("/^$/").last';
apply {
BOUNCE = -25.0;
}
symbols [ "BOUNCE" ]
}
'';
};
} }

7
system/dev/dn-server/services/nextcloud.nix
View file

@ -4,11 +4,16 @@
(import ../../../modules/nextcloud.nix { (import ../../../modules/nextcloud.nix {
hostname = "nextcloud.net.dn"; hostname = "nextcloud.net.dn";
adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; adminpassFile = config.sops.secrets."nextcloud/adminPassword".path;
trusted-domains = [ "nextcloud.daccc.info" ];
trusted-proxies = [ "10.0.0.0/24" ]; trusted-proxies = [ "10.0.0.0/24" ];
whiteboardSecrets = [ whiteboardSecrets = [
config.sops.secrets."nextcloud/whiteboard".path config.sops.secrets."nextcloud/whiteboard".path
]; ];
}) })
]; ];
services.nextcloud = {
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) music;
};
};
} }

4
system/dev/dn-server/services/ntfy.nix
View file

@ -19,7 +19,11 @@ in
upstream-base-url = "https://ntfy.sh"; upstream-base-url = "https://ntfy.sh";
behind-proxy = true; behind-proxy = true;
proxy-trusted-hosts = "127.0.0.1"; proxy-trusted-hosts = "127.0.0.1";
auth-default-access = "deny-all";
enable-login = true;
auth-file = "/var/lib/ntfy-sh/user.db";
}; };
environmentFile = config.sops.secrets."ntfy".path;
}; };
services.nginx.virtualHosts = { services.nginx.virtualHosts = {

10
system/dev/dn-server/services/paperless-ngx.nix
View file

@ -6,14 +6,4 @@
passwordFile = config.sops.secrets."paperless/adminPassword".path; passwordFile = config.sops.secrets."paperless/adminPassword".path;
}) })
]; ];
# OIDC
services.paperless = {
settings = {
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIAL_AUTO_SIGNUP = true;
PAPERLESS_SOCIAL_ALLOW_SIGNUPS = true;
};
environmentFile = config.sops.secrets."paperless/envFile".path;
};
} }

5
system/dev/dn-server/sops/secret.yaml
View file

@ -40,6 +40,7 @@ crowdsec:
capi.yaml: ENC[AES256_GCM,data:+13mu3XXst8J5okb+jQ/IPOd5TfdcDgLuTP8L46U53GTgTJChQoT4Ttw6xKQhp6L7vNoArQBQL66leRt3DEXATUjxl/Zoi2eymxqLn6/NUpPkv0g7hszJGVbMZEUGjo3IAk5ZRQWaNXHA9mRq/OkHzpMMM6ZpCd0KpY92QbLSHxJ6yUMazL1Wh4hwvyWyN6lLxujrgnZWOQDPZYQmIi+c/Af,iv:OO+Ujqq89SbWcRoqhwiJX2jtIJIUrtgG9xll7WuDhzw=,tag:R+Mx2UAkwA238quvMKCBLQ==,type:str] capi.yaml: ENC[AES256_GCM,data:+13mu3XXst8J5okb+jQ/IPOd5TfdcDgLuTP8L46U53GTgTJChQoT4Ttw6xKQhp6L7vNoArQBQL66leRt3DEXATUjxl/Zoi2eymxqLn6/NUpPkv0g7hszJGVbMZEUGjo3IAk5ZRQWaNXHA9mRq/OkHzpMMM6ZpCd0KpY92QbLSHxJ6yUMazL1Wh4hwvyWyN6lLxujrgnZWOQDPZYQmIi+c/Af,iv:OO+Ujqq89SbWcRoqhwiJX2jtIJIUrtgG9xll7WuDhzw=,tag:R+Mx2UAkwA238quvMKCBLQ==,type:str]
consoleToken: ENC[AES256_GCM,data:G/UfbMqHW0lecT7vKmZsusvXzgxz6apdRQ==,iv:JJTN1RPhFNMd2gqE3Vw2FvC+bA/vgOiYNfBhr96veIw=,tag:HKbhtwCWkLte8e8uGDt2Gw==,type:str] consoleToken: ENC[AES256_GCM,data:G/UfbMqHW0lecT7vKmZsusvXzgxz6apdRQ==,iv:JJTN1RPhFNMd2gqE3Vw2FvC+bA/vgOiYNfBhr96veIw=,tag:HKbhtwCWkLte8e8uGDt2Gw==,type:str]
opencloud: ENC[AES256_GCM,data:NrhvojLoMUbGkWNkfDN12iAU70F9o1MXa3m8RzYtcBU1r9zk0e+4ZlPAqw2SIobMDC3vo3few7cA21ruYGP2p36lskG6UjafyJPJoHQcxlq04Kp/9GVeSsvI3KP08WLmoaBqk6b+f1K57P4OzSHPYKQ4/f51B4yhmt8n/DNg7RgF8wNKi4KUTOBuC/j+T+51vsJdjqHUuBi1y2ZqaolAwfEYbnswNVJUcOxHUezIAGke/22U0fS01+p1JQ/PAzSeDdxuX8dAMDVYHHZ13A07kXIRchpSb63Y5pTLUUAl25zAaSYoq+fZ0s61DZrYCaityZCishhCpJwmyoOsCWEesOpRFYNjIALIxWmM9b3aU/5G1WNiPRdlfvZpowhm3r+4X7QGCoXvuoI94l8DuXW7wN77XhLr7s4w,iv:TrUgpRHN7NYFZw+tihcxJ+dhNi4nIuNHMxNWgCE53AA=,tag:YZNL/Pv8S0hYtSt5IBE1GA==,type:str] opencloud: ENC[AES256_GCM,data:NrhvojLoMUbGkWNkfDN12iAU70F9o1MXa3m8RzYtcBU1r9zk0e+4ZlPAqw2SIobMDC3vo3few7cA21ruYGP2p36lskG6UjafyJPJoHQcxlq04Kp/9GVeSsvI3KP08WLmoaBqk6b+f1K57P4OzSHPYKQ4/f51B4yhmt8n/DNg7RgF8wNKi4KUTOBuC/j+T+51vsJdjqHUuBi1y2ZqaolAwfEYbnswNVJUcOxHUezIAGke/22U0fS01+p1JQ/PAzSeDdxuX8dAMDVYHHZ13A07kXIRchpSb63Y5pTLUUAl25zAaSYoq+fZ0s61DZrYCaityZCishhCpJwmyoOsCWEesOpRFYNjIALIxWmM9b3aU/5G1WNiPRdlfvZpowhm3r+4X7QGCoXvuoI94l8DuXW7wN77XhLr7s4w,iv:TrUgpRHN7NYFZw+tihcxJ+dhNi4nIuNHMxNWgCE53AA=,tag:YZNL/Pv8S0hYtSt5IBE1GA==,type:str]
ntfy: ENC[AES256_GCM,data:BapVKt2WzKLMP6KsxZ32+SS0mpIy0waqUTI7Rj0yyWA1mF9bstp0VfRv/6Dna41ttecFjyLRMmlF0jLqHXcNtqmlB3lHiE5IvVcEadjGB5C1fcQKrj5CveVPecvxzc+CfMMt4tlzike9TYL2tP5siGQzU7HvpNfIlT/Qfi40j8l7eT+Tne+XAadu/GQ1CH5dWKr8gPrR8fpfw6CgDvvc05SBLlfM2LsfTxz/UNV3vAbfRLchCsqd9s9jcR4UJPoJv6HVe480HXgY5SLcZA/Gh58=,iv:MqYwns9JITCskQo+ADgWghfRCwiSV+IGdUvi568Fmrc=,tag:Re20TMCnk5EA+X9wQRYg3w==,type:str]
sops: sops:
age: age:
- recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
@ -69,7 +70,7 @@ sops:
OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK
9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-05T08:37:16Z" lastmodified: "2025-11-22T18:17:35Z"
mac: ENC[AES256_GCM,data:Qyb0Zu2MSu3TVdhh6/5iEMhPBpb+hfYFwkxZUSreXxnMtRKRaasKrcjfG/pBWmublUoJpfN6MMSyg5dqKmtPTCFEA1h2TywjjR1elZao3Fj61artd2gTR60heWMzJ1rRdczgYLkTO4dWp0JB3ShF75T5XQM2kGSB/d2pvfYv4bA=,iv:p3ZNr/ZMQhAbF+KbpxqY3/0mz5kkJ8BcwO7yW3NU6l8=,tag:WS9hH77KeeMYVO9eNu5wWA==,type:str] mac: ENC[AES256_GCM,data:88NsRj8t483hQ1jWu3u+772he7G2oyybf+pcgyFoBpfrb5GZqXzlae7TpTqstRLvXLcvaXXWI+QUA9WKvuozHEZ2OPzP84JbTjj72POBaIf5k9jHwzNrbXdWPlQF0PLHjnguniDeKLMC8KI7Aypww7CM3N3Gkuyr6bVGGDIsPLw=,iv:D0O8HmtjYyTRd+ZeDkGctA79i+LVOh2f8B1vUjWYqPI=,tag:OU77+XJh9nOOo54fmj35kQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

4
system/dev/dn-server/sops/sops-conf.nix
View file

@ -92,5 +92,9 @@ in
group = config.services.opencloud.group; group = config.services.opencloud.group;
mode = "0600"; mode = "0600";
}; };
"ntfy" = mkIf config.services.ntfy-sh.enable {
owner = config.services.ntfy-sh.user;
mode = "0600";
};
}; };
} }

5
system/dev/public/dn/default.nix Normal file
View file

@ -0,0 +1,5 @@
{
imports = [
./yubikey.nix
];
}

46
system/dev/public/dn/ntfy.nix Normal file
View file

@ -0,0 +1,46 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (config.systemConf) username;
ntfyWrapper = import ../../../../home/scripts/ntfy.nix { inherit config pkgs lib; };
in
{
sops.secrets."ntfy" = {
owner = username;
sopsFile = ../../public/sops/dn-secret.yaml;
mode = "0600";
};
home-manager.users."${username}" = {
home.packages = [
ntfyWrapper
];
services.ntfy-client =
let
icon = builtins.fetchurl {
url = "https://docs.ntfy.sh/static/img/ntfy.png";
sha256 = "sha256:0igypv27phrhgiccvnrcvi543yz8k8rvsxkn4nha2l3xx92yx6r5";
};
in
{
enable = true;
settings = {
default-host = "https://ntfy.net.dn";
subscribe = [
{
topic = "public-notifications";
command = ''
notify-send -i ${icon} "[$topic] $title" "$message"
'';
}
];
};
environmentFile = config.sops.secrets."ntfy".path;
};
};
}

18
system/dev/public/dn/yubikey.nix Normal file
View file

@ -0,0 +1,18 @@
{
config,
...
}:
let
inherit (config.systemConf) username;
in
{
sops.secrets."u2f_keys" = {
sopsFile = ../../public/sops/dn-secret.yaml;
owner = username;
};
systemd.tmpfiles.rules = [
"d /home/${username}/.config/Yubico - ${username} - - -"
"L /home/${username}/.config/Yubico/u2f_keys - - - - ${config.sops.secrets."u2f_keys".path}"
];
}

35
system/dev/public/sops/dn-secret.yaml Normal file
View file

@ -0,0 +1,35 @@
ntfy: ENC[AES256_GCM,data:7m7hwmDWu6qP/mX7QujXPiDAmRC542CKyWzFaOL5sHza,iv:nn1F44LSFmrV2USRDD0z8CNfUhi40LZnvoU3j0nklcU=,tag:WhqQpThDaG10kNTk1tZxOQ==,type:str]
u2f_keys: ENC[AES256_GCM,data:boiKENOBo4hBWx9d+KVweCQrmFasDVUejuWrw60oPybPEW0pqTWz5GhQjfG6J0PWNFr/ObABT5eofKiSoy/pZ9uBQQGFO1nAA41axhI1Y9nuyBkkrNPYRnZsojdOcahNGMz1hplXTMzSdKgwutzA4/dsGG1ki/EOiuYRUgzQ/IzjEfqWGeBDlHoq9ohhTFFpsdNgZqgu23m3+Z0hcpquJdY3bhBi0L1nU3B88wJ7MiLyp2mVM3GA7i8jeIUmwqJCEuA3OkG3r3oUHO/l61N+0qtss8bmghf6bsJYtvkhCjXOiEE9R8dpCzjwXEhgAGcYiqiPWzLCl3WyYaytNlVJF/MHC+R0S1ruBV0RLrzCnvxaav8iqa4l3y2ErRB0qUgvO386suGNh2cEYTEEKF4GcQM6mzXbLzUqK4H+nGBC3SdArdphTIgWXP7C+romXzwgGVBLWW/4atRkj0ZF,iv:Rxke3HDAvcLv9sks5jDhNsfxXwSD4TgfGoN7v9HDntk=,tag:IkCsaFVPdgobd9+EX3CwIw==,type:str]
sops:
age:
- recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4L0FPWGRWeVp5SEp2eUpr
b1dvaWFBdHBmeEh5cE9Yd2FXV0lZYWNSZGowClJYRXRjdXNKTFNzTXdObXJZbXYr
Y1F3ajJNRXhwbzRwMEphTFl0aUhvODgKLS0tIDFrZTN0NWdYU1Bvc0k4NVdWVVUw
Q0xOT1JDNDdGWkR1a1FCc0U4YjBCVEUKR+EaZ39bDJWbJdbUey1EmQnJI+bTZ/PN
7o1Dn+qqUtUATeNL8a2KuXAiJ8nVqjQGVvL5DLNrqmsgIxJMoRMH6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiUHlhYXZkdlBPNkV4UDh6
aDk1aGFBbThZb3RZV0hJMDY0cW56dDN3L0Z3Ck15Smo2cXBFNUZNeWo1d2h2WHNk
Qk1FbmFwTEhGK1UzSWF4c1d0YnFFTVkKLS0tIC9HVEczcDQzclhRZVVQNU5tOEh6
WEE0aDRZaE1BQWVKWnpjamQrV3lwUmcKnFWVVNdgfNPgHMiL96568YjckHn4+GYJ
Bt5/n9n9YkxZ22AgFyxjzDczDf9dXDmAPpP2PNlIlw+VaEhhUGWw+A==
-----END AGE ENCRYPTED FILE-----
- recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWY3kydFo1V05HbTBWaUtq
emZvdm1rVEx2RWxuTGdidjdrMGNmMjZldVFnCmcxS0E3V1RpcGdsZldKLzdhKzIy
eXJQbDJUeW1Va0FLcTBvcllkdGlTUWMKLS0tIEJPR2k2cHAvNXVQZHJNSmhYU3gz
QWV3VjRjNC9RaXNwbDdLWmVQNS94UzAKeLZSqcXRwkVoUUKd4PuRusbJwFlubdJy
kcxGMzvfT0BMYDp61vV+F5Vh4TkgddCzp6Lphbb/6orkWWpjmE9I4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-21T12:34:46Z"
mac: ENC[AES256_GCM,data:jec/S+h3feoez+1OaWkZHAlSNhsLv8R4yXPIFjVUaYionJKMUAAizLtVsmpVHNRn8OCBhb7zi+Yk4GClZQqg/I8iTY3tzDTIJJsHoj+KsxuQohRASDikaYLTfdad44vin8ayxSKjSScK3JpwX5B12Rffx8DCPqUtXY0TGa0ULoQ=,iv:R1YiVCx3WDZO4b2d9TbdTnWmVmG4MQye4TUWWdIa4Yk=,tag:ACZoECWIqDRITghc8KwUsA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

43
system/dev/public/sops/secret.yaml Normal file
View file

@ -0,0 +1,43 @@
ntfy: ENC[AES256_GCM,data:TIbbEDjzQOnFKtxVYCFJZNDoKD3IJT7a3fZusC0CNkE6,iv:c5+HExq2flbY6f9mlWK6PtYJigWFG7w1hzFxRiOnjw8=,tag:6fCCfA9n3oOKIoEzKmIkqg==,type:str]
sops:
age:
- recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtbHlQZW9YL1pVdS9ldmUw
Y1pEMlBOS2JFbnlFTmFOYk9KVWxFMG1EdFY0CmdlY2pqWnVUM3dNWm5NWkg0Q01W
MlJRQWlFb3dtRG4zMDFGWVpWYzJ5Z2cKLS0tIG1rUnl4cU9rMDdLOVJMZ3ZVYldu
MWtQTFIxWDBYWDIrSmhMQXNpUUcrL2MK7ML57L+Wx9ET14VcSl36jBYj/ITQp5CS
txIVmUtD34emknZ84iJK5XakExJu6v/yFSlph+TFtm/dQG+6Dah9mg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1z6f643a6vqm7cqh6fna5dhmxfkgwxgqy8kg9s0vf9uxhaswtngtspmqsjw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhT3hIeUs1aFBvcEpKZjla
MWk1UndPS25FYS9UTy91alAxbzlMY253T0NJCmxZZHphM1VoQUVubUNZNW5jTnpp
T0pDN3NHRzZaaFFwb09HdzF4WnhhQ0kKLS0tIGNEZmtEY29tV0J3OWg5QTJUcWJ5
Z2lUUFZiaUdMSGNueGdMTmgyYXFXZWMKCZKSXjNUYPMQb57njPyojUIy+pFb5wdx
kpZRL6E1ymHUdqKv+Y4LjKJl5MndzFc5WX1bgCXNX6Ql2EWfnDyy7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ar5h06qv72pduau043r04kschwcq0x0lm33wqvxzdh9grmp3cq3sy0ngnz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAxOC9Hem9BQmY0T1VyZjIw
cUlkVE1iUC9nM21pSG5WcFRJWjhreWQvMWxnCitET0pDZFlUM3FjV25yNmNVRXBl
azR6TFEvbmJ5aWJZQWxIdyt4SFFBT1EKLS0tIEdLVmZhSXZCREl6WWJvbmp5OUs3
bHl2SjdmK2hHNXRvZ3lsdEkyRkk4YmsK3jkBYtIm42Rr3elD8I1AGnyv3A6lZ57M
6Z7anUS5SlYr2HdHVtQobJeDG8F38kfbWBZQMCDKWayJXy6XAKJAjw==
-----END AGE ENCRYPTED FILE-----
- recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybVBTV3RoYm1yOTgvZXpS
S0lYcHpuMVBrcDF0bm5ZUSt3NHV3T2p2V2lZCnQ5MVo0VW96TEx1NE91ZlJaUzVT
RlhoVWV2QmZsQzUzaThFQytGdzJxaFUKLS0tIEJ3cmV4eVlEZFNVcEFaVzVRQWpD
NnByZmhLdHdIYW1HSTFya0IxZWZseUEKXypAIQLljSCj8pF/29LrlFE3zU3cQ+4t
krG89BjB8zXwGdoEbT9OqDfV6R8+TpMo+BsDu/4svbUbXEJvSq8+Yg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-21T12:34:48Z"
mac: ENC[AES256_GCM,data:UmW1iNQEkZmHyt4X8HNtRreCvNiLu/f9wweomWZPSjDQgeIKq8OYy9cWW3gcRQ1/mCLBoZb7GYXF5KDmrzNNah6MdZ3nAl+GXDhoLjSEzqgnVBPaG26zMixNms+QH8u4YxF7tujk35vWYEqiDyUGCRfQSKxXM/nYrEGHJDUrZiI=,iv:5cJ/iGu7OPH0dKP5MkjseUv+l63mlGz856aSyJwNn/o=,tag:NiiYDb1fRKNTFOfTG//eMA==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

18
system/dev/skydrive-lap/home/default.nix
View file

@ -8,8 +8,6 @@ let
inherit (config.systemConf) username; inherit (config.systemConf) username;
inherit (lib) mkForce optionalString; inherit (lib) mkForce optionalString;
geVersion = "10-15";
memeSelector = pkgs.callPackage ../../../../home/scripts/memeSelector.nix { memeSelector = pkgs.callPackage ../../../../home/scripts/memeSelector.nix {
url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/";
}; };
@ -97,22 +95,6 @@ in
]; ];
}) })
]; ];
home.file = {
# Proton GE
".steam/root/compatibilitytools.d/GE-Proton${geVersion}" = {
source = fetchTarball {
url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton${geVersion}/GE-Proton${geVersion}.tar.gz";
sha256 = "sha256:0iv7vak4a42b5m772gqr6wnarswib6dmybfcdjn3snvwxcb6hbsm";
};
};
".steam/root/compatibilitytools.d/CachyOS-Proton10-0_v3" = {
source = fetchTarball {
url = "https://github.com/CachyOS/proton-cachyos/releases/download/cachyos-10.0-20250714-slr/proton-cachyos-10.0-20250714-slr-x86_64_v3.tar.xz";
sha256 = "sha256:0hp22hkfv3f1p75im3xpif0pmixkq2i3hq3dhllzr2r7l1qx16iz";
};
};
};
}; };
}; };
} }

3
system/modules/actual/default.nix
View file

@ -3,13 +3,14 @@
proxy ? true, proxy ? true,
}: }:
{ {
pkgs,
config, config,
lib, lib,
inputs, inputs,
system,
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
inherit (builtins) toString; inherit (builtins) toString;
inherit (lib) mkIf; inherit (lib) mkIf;

14
system/modules/flatpak.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }:
{
systemd.services.flatpak-repo = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.flatpak ];
script = ''
flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
'';
};
services = {
flatpak.enable = true;
};
}

9
system/modules/gaming.nix
View file

@ -4,7 +4,9 @@
lib, lib,
... ...
}: }:
let
inherit (config.systemConf) username;
in
{ {
nix = { nix = {
settings = { settings = {
@ -17,12 +19,17 @@
programs.gamescope.enable = lib.mkDefault true; programs.gamescope.enable = lib.mkDefault true;
users.users.${username}.extraGroups = [ "gamemode" ];
programs = { programs = {
steam = { steam = {
enable = true; enable = true;
protontricks.enable = true; protontricks.enable = true;
gamescopeSession.enable = true; gamescopeSession.enable = true;
extest.enable = true; extest.enable = true;
extraCompatPackages = with pkgs; [
proton-ge-bin
];
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true; dedicatedServer.openFirewall = true;
localNetworkGameTransfers.openFirewall = true; localNetworkGameTransfers.openFirewall = true;

6
system/modules/hardware.nix
View file

@ -1,11 +1,11 @@
{ {
pkgs, pkgs,
inputs, inputs,
system,
... ...
}: }:
let let
inherit (pkgs.stdenv.hostPlatform) system;
pkgs-hyprland = inputs.hyprland.inputs.nixpkgs.legacyPackages.${system}; pkgs-hyprland = inputs.hyprland.inputs.nixpkgs.legacyPackages.${system};
in in
{ {
@ -17,8 +17,8 @@ in
package = pkgs-hyprland.mesa; package = pkgs-hyprland.mesa;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiVdpau libva-vdpau-driver
(vaapiIntel.override { (intel-vaapi-driver.override {
enableHybridCodec = true; enableHybridCodec = true;
}) })
libvdpau-va-gl libvdpau-va-gl

29
system/modules/nextcloud.nix
View file

@ -23,28 +23,6 @@ let
cp ${caBundle} resources/config/ca-bundle.crt cp ${caBundle} resources/config/ca-bundle.crt
''; '';
}); });
# Patch for downloading models. Hardcoded to `/var/lib/nextcloud/models`
recognize = pkgs.stdenvNoCC.mkDerivation (finalAttrs: {
pname = "recognize-patched";
version = "10.0.4";
src = pkgs.fetchNextcloudApp {
url = "https://github.com/nextcloud/recognize/releases/download/v10.0.4/recognize-10.0.4.tar.gz";
sha256 = "sha256-/RHnnvGJMcxe4EuceYc20xh3qkYy1ZzGsyvp0h03eLk=";
license = "agpl3Plus";
};
patches = [
../../pkgs/patches/nextcloud_recognize_models_path.patch
];
installPhase = ''
mkdir -p $out
cp -r . $out/
'';
});
in in
{ {
imports = [ imports = [
@ -90,14 +68,13 @@ in
inherit (config.services.nextcloud.package.packages.apps) inherit (config.services.nextcloud.package.packages.apps)
contacts contacts
calendar calendar
tasks
whiteboard whiteboard
user_oidc user_oidc
memories memories
recognize # May break recognize
; ;
# inherit recognize;
camerarawpreviews = pkgs.fetchNextcloudApp { camerarawpreviews = pkgs.fetchNextcloudApp {
url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz"; url = "https://github.com/ariselseng/camerarawpreviews/releases/download/v0.8.8/camerarawpreviews_nextcloud.tar.gz";
sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I="; sha256 = "sha256-Pnjm38hn90oV3l4cPAnQ+oeO6x57iyqkm80jZGqDo1I=";
@ -138,7 +115,7 @@ in
services.nextcloud-whiteboard-server = { services.nextcloud-whiteboard-server = {
enable = true; enable = true;
settings = { settings = {
NEXTCLOUD_URL = "http${optionalString configureACME "s"}://${hostname}"; NEXTCLOUD_URL = "http${optionalString https "s"}://${hostname}";
PORT = "3002"; PORT = "3002";
}; };
secrets = whiteboardSecrets; secrets = whiteboardSecrets;

2
system/modules/nixsettings.nix
View file

@ -4,9 +4,11 @@
nix = { nix = {
settings = { settings = {
substituters = [ substituters = [
"https://yazi.cachix.org"
"https://cache.net.dn/dn-main" "https://cache.net.dn/dn-main"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"yazi.cachix.org-1:Dcdz63NZKfvUCbDGngQDAZq6kOroIrFoyO064uvLh8k="
"dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k=" "dn-main:ZjQmZEOWpe0TjZgHGwkgtPdOUXpN82RL9wy30EW1V7k="
]; ];
warn-dirty = false; warn-dirty = false;

2
system/modules/nvidia.nix
View file

@ -88,7 +88,7 @@ lib.checkListOfEnum "Nvidia Prime Mode" validModes [ nvidia-mode ] {
enable32Bit = true; enable32Bit = true;
extraPackages = with pkgs; [ extraPackages = with pkgs; [
nvidia-vaapi-driver nvidia-vaapi-driver
vaapiVdpau libva-vdpau-driver
libvdpau-va-gl libvdpau-va-gl
]; ];
}; };

6
system/modules/packages.nix
View file

@ -1,9 +1,11 @@
{ {
pkgs, pkgs,
inputs, inputs,
system,
... ...
}: }:
let
inherit (pkgs.stdenv.hostPlatform) system;
in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
file file
@ -31,7 +33,7 @@
p7zip p7zip
killall killall
zip zip
glxinfo # OpenGL info mesa-demos # OpenGL info
pciutils # PCI info pciutils # PCI info
xdotool # Keyboard input simulation xdotool # Keyboard input simulation
ffmpeg # Video encoding ffmpeg # Video encoding

2
system/modules/paperless-ngx.nix
View file

@ -24,7 +24,7 @@ in
}; };
PAPERLESS_URL = "http${optionalString configureNginx "s"}://${domain}"; PAPERLESS_URL = "http${optionalString configureNginx "s"}://${domain}";
}; };
configureTika = true; configureTika = false;
database.createLocally = true; database.createLocally = true;
}; };

2
system/modules/presets/basic.nix
View file

@ -6,11 +6,9 @@
../auto-mount.nix ../auto-mount.nix
../bluetooth.nix ../bluetooth.nix
../display-manager.nix ../display-manager.nix
../flatpak.nix
../obs-studio.nix ../obs-studio.nix
../plymouth.nix ../plymouth.nix
../polkit.nix ../polkit.nix
../security.nix
../hyprland.nix ../hyprland.nix
]; ];

1
system/modules/presets/minimal.nix
View file

@ -17,5 +17,6 @@
../ca.nix ../ca.nix
../sops-nix.nix ../sops-nix.nix
../gc.nix ../gc.nix
../security.nix
]; ];
} }

7
system/modules/programs.nix
View file

@ -12,13 +12,6 @@
]; ];
programs = { programs = {
gnupg = {
agent = {
enable = true;
enableSSHSupport = true;
};
};
neovim = { neovim = {
enable = true; enable = true;
configure = { configure = {

30
system/modules/security.nix
View file

@ -1,12 +1,34 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
services.udev.packages = [ pkgs.yubikey-personalization ]; services.udev.packages = [ pkgs.yubikey-personalization ];
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
security.sudo-rs = {
enable = true;
execWheelOnly = true;
extraConfig = ''
Defaults timestamp_timeout=0
'';
};
security.sudo.enable = !config.security.sudo-rs.enable;
# ==== PAM u2f ===== #
# $ nix shell nixpkgs#pam_u2f
# $ mkdir -p ~/.config/Yubico
# $ pamu2fcfg > ~/.config/Yubico/u2f_keys
security.pam = { security.pam = {
services.hyprlock = { }; services.hyprlock = {
u2fAuth = false;
};
services = { services = {
sudo.u2fAuth = true; sudo.u2fAuth = true;
login.u2fAuth = true;
}; };
u2f = { u2f = {
@ -16,7 +38,5 @@
}; };
}; };
environment.systemPackages = with pkgs; [ programs.yubikey-manager.enable = true;
yubikey-manager
];
} }

20
system/modules/stalwart.nix
View file

@ -1,10 +1,9 @@
{ {
adminPassFile, adminPassFile,
dbPassFile,
dkimKey,
ldapConf, ldapConf,
domain ? null, domain ? null,
acmeConf ? null, acmeConfs ? null,
certs ? null,
enableNginx ? true, enableNginx ? true,
}: }:
{ {
@ -16,15 +15,6 @@ let
inherit (lib) mkIf; inherit (lib) mkIf;
logFilePath = "${config.services.stalwart-mail.dataDir}/logs"; logFilePath = "${config.services.stalwart-mail.dataDir}/logs";
mkCondition = (
condition: ithen: ielse: [
{
"if" = condition;
"then" = ithen;
}
{ "else" = ielse; }
]
);
in in
{ {
services.postgresql = { services.postgresql = {
@ -104,7 +94,8 @@ in
hostname = "mx1.${domain}"; hostname = "mx1.${domain}";
domain = "${domain}"; domain = "${domain}";
}; };
acme."letsencrypt" = mkIf (acmeConf != null) acmeConf; acme = mkIf (acmeConfs != null) acmeConfs;
certificate = mkIf (certs != null) certs;
directory = { directory = {
"in-memory" = { "in-memory" = {
@ -120,9 +111,10 @@ in
}; };
"ldap" = ldapConf; "ldap" = ldapConf;
imap.lookup.domains = [ imap.lookup.domains = [
domain "mx1.${domain}"
]; ];
}; };
authentication.fallback-admin = { authentication.fallback-admin = {
user = "admin"; user = "admin";
secret = "%{file:${adminPassFile}}%"; secret = "%{file:${adminPassFile}}%";

4
system/modules/stylix.nix
View file

@ -29,7 +29,7 @@ in
monospace = caskaydia; monospace = caskaydia;
emoji = { emoji = {
package = pkgs.noto-fonts-emoji; package = pkgs.noto-fonts-color-emoji;
name = "Noto Color Emoji"; name = "Noto Color Emoji";
}; };
@ -47,7 +47,7 @@ in
jetbrains-mono jetbrains-mono
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-emoji noto-fonts-color-emoji
liberation_ttf liberation_ttf
# dfkai-sb # dfkai-sb
sf-pro-display-bold sf-pro-display-bold

6
system/modules/vaultwarden.nix
View file

@ -33,7 +33,9 @@
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".proxyPass = locations."/" = {
"http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/";
proxyWebsockets = true;
};
}; };
} }

18
system/modules/virtualization.nix
View file

@ -1,11 +1,25 @@
{ {
pkgs,
... ...
}: }:
{ {
virtualisation = { virtualisation = {
docker.enable = true; containers = {
docker.daemon.settings = { enable = true;
containersConf.settings.compose_warning_logs = false;
};
oci-containers.backend = "podman";
podman = {
enable = true;
dockerCompat = true;
defaultNetwork.settings.dns_enabled = true;
}; };
spiceUSBRedirection.enable = true; spiceUSBRedirection.enable = true;
}; };
environment.systemPackages = with pkgs; [
dive # look into docker image layers
podman-tui
podman-compose
];
} }