From 27482b20d712ea326be42352e0f8d00c54cb61e8 Mon Sep 17 00:00:00 2001 From: danny Date: Tue, 30 Dec 2025 15:11:46 +0800 Subject: [PATCH 01/10] feat: add wireguard watchdog --- system/dev/dn-lap/sops/sops-conf.nix | 5 - system/dev/dn-pre7780/services/default.nix | 2 +- system/dev/dn-pre7780/sops/sops-conf.nix | 2 - system/dev/skydrive-lap/sops/sops-conf.nix | 7 +- system/modules/shells/noctalia/bar.nix | 6 +- system/modules/shells/noctalia/default.nix | 27 ++--- system/modules/wireguard.nix | 118 +++++++++++++++++++++ 7 files changed, 137 insertions(+), 30 deletions(-) diff --git a/system/dev/dn-lap/sops/sops-conf.nix b/system/dev/dn-lap/sops/sops-conf.nix index 87b1a4d..2c63c08 100644 --- a/system/dev/dn-lap/sops/sops-conf.nix +++ b/system/dev/dn-lap/sops/sops-conf.nix @@ -1,7 +1,2 @@ { - sops = { - secrets = { - "wireguard/wg0.conf" = { }; - }; - }; } diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index 683a346..ce667a6 100644 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -1,7 +1,7 @@ { imports = [ ../../../modules/postgresql.nix - ./mail.nix + # ./mail.nix ./nginx.nix ./wireguard.nix # ./nextcloud.nix diff --git a/system/dev/dn-pre7780/sops/sops-conf.nix b/system/dev/dn-pre7780/sops/sops-conf.nix index a8e174f..34f5f60 100644 --- a/system/dev/dn-pre7780/sops/sops-conf.nix +++ b/system/dev/dn-pre7780/sops/sops-conf.nix @@ -5,8 +5,6 @@ in { sops = { secrets = { - "wireguard/wg0.conf" = { }; - "lam/env" = { }; "netbird/oidc/secret" = mkIf config.services.netbird.server.dashboard.enable { diff --git a/system/dev/skydrive-lap/sops/sops-conf.nix b/system/dev/skydrive-lap/sops/sops-conf.nix index 1dee73d..52c14b8 100644 --- a/system/dev/skydrive-lap/sops/sops-conf.nix +++ b/system/dev/skydrive-lap/sops/sops-conf.nix @@ -1,8 +1,3 @@ -{ config, lib, ... }: +{ ... }: { - sops = { - secrets = { - "wireguard/wg0.conf" = { }; - }; - }; } diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix index 565e1bc..158f04c 100644 --- a/system/modules/shells/noctalia/bar.nix +++ b/system/modules/shells/noctalia/bar.nix @@ -1,13 +1,13 @@ { - backgroundOpacity = 1; - capsuleOpacity = 1; + backgroundOpacity = 0.25; + capsuleOpacity = 0; density = "comfortable"; exclusive = true; floating = true; marginHorizontal = 0.25; marginVertical = 0.25; outerCorners = false; - postition = "top"; + position = "top"; showCapsule = true; widgets = { center = [ diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index ec9ba21..31b0851 100644 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -32,7 +32,7 @@ in enable = true; systemd.enable = true; settings = { - settingsVersion = 25; + settingsVersion = 26; appLauncher = { customLaunchPrefix = ""; customLaunchPrefixEnabled = false; @@ -61,18 +61,10 @@ in brightness = { brightnessStep = 5; enableDdcSupport = false; - enforceMinium = true; + enforceMinimum = true; }; calendar = { cards = [ - { - enabled = true; - id = "banner-card"; - } - { - enabled = true; - id = "calendar-card"; - } { enabled = true; id = "timer-card"; @@ -81,6 +73,14 @@ in enabled = true; id = "weather-card"; } + { + enabled = true; + id = "calendar-header-card"; + } + { + enabled = true; + id = "calendar-month-card"; + } ]; }; changelog = { @@ -101,14 +101,13 @@ in backgroundOpacity = 1; colorizeIcons = false; displayMode = "auto_hide"; - enabled = true; + enabled = false; floatingRatio = 1; monitors = [ ]; onlySameOutput = true; pinnedApps = [ ]; - radiusRatio = 0.68; size = 1; }; general = { @@ -116,6 +115,8 @@ in animationDisabled = false; animationSpeed = 1.5; avatarImage = "${config.home.homeDirectory}/.face"; + boxRadiusRatio = 0.68; + iRadiusRatio = 0.68; compactLockScreen = false; dimmerOpacity = 0.4; enableShadows = true; @@ -206,7 +207,7 @@ in fontDefaultScale = 1; fontFixed = config.stylix.fonts.monospace.name; fontFixedScale = 1; - panelBackgroundOpacity = 1; + panelBackgroundOpacity = 0.25; panelsAttachedToBar = true; settingsPanelAttachToBar = true; tooltipsEnabled = true; diff --git a/system/modules/wireguard.nix b/system/modules/wireguard.nix index b9bee18..75eb2a8 100644 --- a/system/modules/wireguard.nix +++ b/system/modules/wireguard.nix @@ -1,12 +1,130 @@ { config, + lib, + pkgs, ... }: +let + inherit (lib) getExe; + + notifyUser = pkgs.writeShellScriptBin "wg0-watchdog-notify-user" '' + is_wg_active() { + systemctl is-active wg-quick-wg0.service >/dev/null 2>&1 + return $? + } + + if is_wg_active; then + notify-send -u critical -a Wireguard "Endpoint up, wireguard resumed." + else + notify-send -u critical -a Wireguard "Endpoint down, wireguard stopped." + fi + ''; + + watchDog = pkgs.writeShellScriptBin "wg0-watchdog" '' + TARGET_CONF="$1" + PING_INTERVAL=1 + PING_TIMEOUT=1 + PING_COUNT=1 + + set -euo pipefail + + error_with_msg() { + echo "$1" + echo "Exiting" + exit 1 + } + + notify() { + users=$(loginctl list-users --json=short | jq -r '.[].user') + for user in $users; do + systemctl --machine=danny@.host --user start wg0-notify-user + done + } + + get_ip_from_conf() { + sed -n "s/Endpoint[[:space:]]*=[[:space:]]*\(.*\):[0-9]*/\\1/p" "$1" + } + + check_health() { + ping -c "$PING_COUNT" -W "$PING_TIMEOUT" $1 >/dev/null 2>&1 + return $? + } + + is_wg_active() { + systemctl is-active wg-quick-wg0.service >/dev/null 2>&1 + return $? + } + + start_wg() { + systemctl start wg-quick-wg0.service >/dev/null + } + + stop_wg() { + systemctl stop wg-quick-wg0.service >/dev/null + } + + if [ ! -e "$TARGET_CONF" ]; then + error_with_msg "Target wireguard configuration not exist: $TARGET_CONF" + fi + + TARGET_IP=$(get_ip_from_conf "$TARGET_CONF") + + if [ -z "$TARGET_IP" ]; then + error_with_msg "IP not found" + fi + + echo "Start detecting..." + + while true; do + if check_health "$TARGET_IP"; then + if ! is_wg_active; then + start_wg + echo "Endpoint up, wireguard resumed." + notify + fi + else + if is_wg_active; then + stop_wg + echo "Endpoint down, wireguard stopped." + notify + fi + fi + + sleep $PING_INTERVAL + done + ''; +in { + sops.secrets."wireguard/wg0.conf" = { }; + networking = { firewall = { allowedUDPPorts = [ 51820 ]; }; wg-quick.interfaces.wg0.configFile = config.sops.secrets."wireguard/wg0.conf".path; }; + + systemd.services.wg0-watchdog = { + wantedBy = [ "wg-quick-wg0.service" ]; + after = [ "wg-quick-wg0.service" ]; + path = with pkgs; [ + jq + ]; + serviceConfig = { + ExecStart = "${getExe watchDog} \"${config.sops.secrets."wireguard/wg0.conf".path}\""; + RestartSec = 5; + TimeoutStopSec = 0; + }; + }; + + systemd.user.services.wg0-notify-user = { + wantedBy = [ "graphical-session.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${getExe notifyUser}"; + }; + path = with pkgs; [ + libnotify + ]; + }; } From 53b83b3471ebf490b8f17c5371e9c69f7088ecb2 Mon Sep 17 00:00:00 2001 From: danny Date: Tue, 30 Dec 2025 16:24:54 +0800 Subject: [PATCH 02/10] fix: yazi opener --- home/user/nvf/default.nix | 9 ++- home/user/nvf/plugins/leetcode/default.nix | 81 ++++++++++++---------- home/user/yazi.nix | 6 +- home/user/zen-browser.nix | 3 +- 4 files changed, 58 insertions(+), 41 deletions(-) diff --git a/home/user/nvf/default.nix b/home/user/nvf/default.nix index 73d54b6..9c73d8a 100644 --- a/home/user/nvf/default.nix +++ b/home/user/nvf/default.nix @@ -1,5 +1,6 @@ { osConfig, + config, pkgs, lib, inputs, @@ -7,7 +8,7 @@ }: let inherit (lib.generators) mkLuaInline; - inherit (lib) concatStringsSep; + inherit (lib) concatStringsSep optionalString; suda-nvim = pkgs.vimUtils.buildVimPlugin { name = "vim-suda"; @@ -23,6 +24,8 @@ let name = "marks-nvim"; src = inputs.marks-nvim; }; + + yaziOpenDir = config.programs.nvf.settings.vim.utility.yazi-nvim.setupOpts.open_for_directories; in { imports = [ @@ -44,6 +47,9 @@ in vim = { enableLuaLoader = true; vimAlias = true; + luaConfigPre = '' + ${optionalString yaziOpenDir "vim.g.loaded_netrwPlugin = 1"} + ''; extraPackages = with pkgs; [ nixfmt ]; @@ -535,6 +541,7 @@ in yazi-nvim = { enable = true; + setupOpts.open_for_directories = true; mappings.openYaziDir = "-"; mappings.openYazi = "e"; }; diff --git a/home/user/nvf/plugins/leetcode/default.nix b/home/user/nvf/plugins/leetcode/default.nix index 935ad75..bada31c 100644 --- a/home/user/nvf/plugins/leetcode/default.nix +++ b/home/user/nvf/plugins/leetcode/default.nix @@ -1,5 +1,6 @@ { lib, + pkgs, config, osConfig, ... @@ -11,6 +12,17 @@ let dataDir = "${config.home.homeDirectory}/${relativeDir}"; in { + programs.nvf.settings.vim.extraPackages = with pkgs; [ + imagemagick # for image.nvim + ]; + + programs.nvf.settings.vim.utility.images.image-nvim = { + enable = true; + setupOpts = { + backend = "kitty"; + }; + }; + programs.nvf.settings.vim.utility.leetcode-nvim = { enable = true; setupOpts = { @@ -18,7 +30,7 @@ in lang = "rust"; plugins.non_standalone = true; storage.home = mkLuaInline ''"${dataDir}"''; - injector = mkLuaInline '' + injector = mkLuaInline /* lua */ '' { ['rust'] = { before = { '#[allow(dead_code)]', 'fn main() {}', '#[allow(dead_code)]', 'struct Solution;' }, @@ -26,42 +38,39 @@ in } ''; hooks."question_enter" = [ - (mkLuaInline - # lua - '' - function (question) - if question.lang ~= 'rust' then - return - end - - local config = require("leetcode.config") - local problem_dir = config.user.storage.home .. "/Cargo.toml" - local content = [[ - [package] - name = "leetcode" - edition = "2024" - - [lib] - name = "%s" - path = "%s" - - [dependencies] - rand = "0.8" - regex = "1" - itertools = "0.14.0" - ]] - - local file = io.open(problem_dir, "w") - if file then - local formatted = (content:gsub(" +", "")):format(question.q.frontend_id, question:path()) - file:write(formatted) - file:close() - else - print("Failed to open file " .. problem_dir) - end + (mkLuaInline /* lua */ '' + function (question) + if question.lang ~= 'rust' then + return end - '' - ) + + local config = require("leetcode.config") + local problem_dir = config.user.storage.home .. "/Cargo.toml" + local content = [[ + [package] + name = "leetcode" + edition = "2024" + + [lib] + name = "%s" + path = "%s" + + [dependencies] + rand = "0.8" + regex = "1" + itertools = "0.14.0" + ]] + + local file = io.open(problem_dir, "w") + if file then + local formatted = (content:gsub(" +", "")):format(question.q.frontend_id, question:path()) + file:write(formatted) + file:close() + else + print("Failed to open file " .. problem_dir) + end + end + '') ]; }; }; diff --git a/home/user/yazi.nix b/home/user/yazi.nix index 39a6ca4..db424ca 100644 --- a/home/user/yazi.nix +++ b/home/user/yazi.nix @@ -66,7 +66,7 @@ in opener = { edit = [ { - run = ''''\${EDITOR:=nvim} "$0"''; + run = ''''\${EDITOR:=nvim} "$1"''; desc = "$EDITOR"; block = true; } @@ -77,12 +77,12 @@ in ]; player = [ - { run = ''mpv --force-window "$0"''; } + { run = ''mpv --force-window "$1"''; } ]; open = [ { - run = ''xdg-open "$0"''; + run = ''xdg-open "$1"''; desc = "Open"; } ]; diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index 5b4bdbc..557cc2a 100644 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -171,8 +171,9 @@ in "application/xhtml+xml" "application/json" "application/pdf" - "text/plain" "text/html" + "image/png" + "image/jpeg" ] ); in From ea118b79956f3ff231ac607a431715e18bfacf1d Mon Sep 17 00:00:00 2001 From: danny Date: Thu, 8 Jan 2026 14:21:53 +0800 Subject: [PATCH 03/10] feat: netbird --- flake.lock | 607 ++++++------------ flake.nix | 9 +- home/options/sunsetr.nix | 9 +- home/scripts/remoteRebuild.nix | 11 +- home/user/shell.nix | 2 + system/dev/dn-lap/default.nix | 1 + system/dev/dn-lap/network/default.nix | 5 + system/dev/dn-lap/sops/secret.yaml | 6 +- system/dev/dn-pre7780/common/boot.nix | 3 +- system/dev/dn-pre7780/default.nix | 2 + system/dev/dn-pre7780/expr/default.nix | 1 - system/dev/dn-pre7780/expr/netbird.nix | 65 -- system/dev/dn-pre7780/games/default.nix | 3 +- system/dev/dn-pre7780/games/minecraft.nix | 12 + .../games/{game.nix => shadps4.nix} | 0 system/dev/dn-pre7780/network/default.nix | 6 + system/dev/dn-pre7780/services/default.nix | 3 +- system/dev/dn-pre7780/services/netbird.nix | 11 - system/dev/dn-pre7780/services/pangolin.nix | 48 ++ system/dev/dn-pre7780/services/wireguard.nix | 5 - system/dev/dn-pre7780/sops/secret.yaml | 13 +- system/dev/dn-pre7780/sops/sops-conf.nix | 11 - system/dev/dn-server/common/backup.nix | 1 + system/dev/dn-server/default.nix | 2 - system/dev/dn-server/network/default.nix | 1 + system/dev/dn-server/network/nginx.nix | 8 - system/dev/dn-server/network/services.nix | 61 +- system/dev/dn-server/network/step-ca.nix | 8 + system/dev/dn-server/network/wireguard.nix | 5 + system/dev/dn-server/options/network.nix | 8 +- system/dev/dn-server/security/fail2ban.nix | 2 + system/dev/dn-server/services/default.nix | 6 +- system/dev/dn-server/services/forgejo.nix | 72 +++ system/dev/dn-server/services/hideTTY.nix | 13 + system/dev/dn-server/services/keycloak.nix | 17 + system/dev/dn-server/services/mail-server.nix | 49 +- system/dev/dn-server/services/metrics.nix | 4 +- .../dn-server/services/minecraft-server.nix | 40 ++ system/dev/dn-server/services/netbird.nix | 119 ++++ system/dev/dn-server/services/nextcloud.nix | 147 ++++- system/dev/dn-server/sops/secret.yaml | 29 +- system/dev/dn-server/sops/sops-conf.nix | 4 - system/dev/skydrive-lap/default.nix | 8 +- system/dev/skydrive-lap/network/default.nix | 6 + system/dev/skydrive-lap/network/netbird.nix | 17 + system/dev/skydrive-lap/services/default.nix | 5 - .../dev/skydrive-lap/services/wireguard.nix | 5 - system/modules/actual/default.nix | 4 +- system/modules/cockpit.nix | 2 +- system/modules/docmost.nix | 6 +- system/modules/fail2ban.nix | 4 +- system/modules/gc.nix | 2 +- system/modules/netbird-client.nix | 31 + system/modules/netbird-server.nix | 123 ++++ system/modules/nextcloud.nix | 40 +- system/modules/paperless-ngx.nix | 2 +- system/modules/presets/minimal.nix | 9 +- system/modules/prometheus.nix | 4 +- system/modules/secure-boot.nix | 3 +- system/modules/services.nix | 2 +- system/modules/shells/noctalia/default.nix | 16 +- system/modules/systemd-resolv.nix | 17 + system/modules/vaultwarden.nix | 2 +- system/modules/wireguard.nix | 16 +- 64 files changed, 1088 insertions(+), 665 deletions(-) create mode 100644 system/dev/dn-lap/network/default.nix delete mode 100644 system/dev/dn-pre7780/expr/netbird.nix create mode 100644 system/dev/dn-pre7780/games/minecraft.nix rename system/dev/dn-pre7780/games/{game.nix => shadps4.nix} (100%) create mode 100644 system/dev/dn-pre7780/network/default.nix delete mode 100644 system/dev/dn-pre7780/services/netbird.nix create mode 100644 system/dev/dn-pre7780/services/pangolin.nix delete mode 100644 system/dev/dn-pre7780/services/wireguard.nix create mode 100644 system/dev/dn-server/network/wireguard.nix create mode 100644 system/dev/dn-server/services/forgejo.nix create mode 100644 system/dev/dn-server/services/hideTTY.nix create mode 100644 system/dev/dn-server/services/keycloak.nix create mode 100644 system/dev/dn-server/services/minecraft-server.nix create mode 100644 system/dev/dn-server/services/netbird.nix create mode 100644 system/dev/skydrive-lap/network/default.nix create mode 100644 system/dev/skydrive-lap/network/netbird.nix delete mode 100644 system/dev/skydrive-lap/services/default.nix delete mode 100644 system/dev/skydrive-lap/services/wireguard.nix create mode 100644 system/modules/netbird-client.nix create mode 100644 system/modules/netbird-server.nix create mode 100644 system/modules/systemd-resolv.nix diff --git a/flake.lock b/flake.lock index 8bad34c..d125474 100644 --- a/flake.lock +++ b/flake.lock @@ -21,27 +21,6 @@ "type": "github" } }, - "actual-budget-server": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1762440797, - "narHash": "sha256-Gl9i+siUDwjAdJ7zUurThP6XhtxV58xVgS0ztsLh7bI=", - "owner": "dachxy", - "repo": "actual-budget-flake", - "rev": "721d97809077c90d895cadbe2002e20e60d182af", - "type": "github" - }, - "original": { - "owner": "dachxy", - "repo": "actual-budget-flake", - "type": "github" - } - }, "aquamarine": { "inputs": { "hyprutils": [ @@ -62,11 +41,11 @@ ] }, "locked": { - "lastModified": 1764370710, - "narHash": "sha256-7iZklFmziy6Vn5ZFy9mvTSuFopp3kJNuPxL5QAvtmFQ=", + "lastModified": 1767024902, + "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "561ae7fbe1ca15dfd908262ec815bf21a13eef63", + "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556", "type": "github" }, "original": { @@ -234,29 +213,6 @@ "type": "github" } }, - "chaotic": { - "inputs": { - "flake-schemas": "flake-schemas", - "home-manager": "home-manager", - "jovian": "jovian", - "nixpkgs": "nixpkgs_2", - "rust-overlay": "rust-overlay_2" - }, - "locked": { - "lastModified": 1764847736, - "narHash": "sha256-FMYnfCH2TMNnTJvbc/mraZpRszIL7nc5YI6w/pWNyNs=", - "owner": "chaotic-cx", - "repo": "nyx", - "rev": "e3f8349d60d5daf58951b9ccd089fecb79ea5443", - "type": "github" - }, - "original": { - "owner": "chaotic-cx", - "ref": "nyxpkgs-unstable", - "repo": "nyx", - "type": "github" - } - }, "crane": { "locked": { "lastModified": 1751562746, @@ -274,11 +230,11 @@ }, "crane_2": { "locked": { - "lastModified": 1731098351, - "narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=", + "lastModified": 1765145449, + "narHash": "sha256-aBVHGWWRzSpfL++LubA0CwOOQ64WNLegrYHwsVuVN7A=", "owner": "ipetkov", "repo": "crane", - "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28", + "rev": "69f538cdce5955fcd47abfed4395dc6d5194c1c5", "type": "github" }, "original": { @@ -374,15 +330,15 @@ "flake-compat_4": { "flake": false, "locked": { - "lastModified": 1761588595, - "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", - "owner": "edolstra", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", "repo": "flake-compat", - "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { - "owner": "edolstra", + "owner": "NixOS", "repo": "flake-compat", "type": "github" } @@ -390,11 +346,11 @@ "flake-compat_5": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -457,27 +413,6 @@ } }, "flake-parts_2": { - "inputs": { - "nixpkgs-lib": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1730504689, - "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "506278e768c2a08bec68eb62932193e341f55c90", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_3": { "inputs": { "nixpkgs-lib": [ "neovim-nightly-overlay", @@ -498,7 +433,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -516,7 +451,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "nvf", @@ -537,7 +472,7 @@ "type": "github" } }, - "flake-parts_6": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -573,20 +508,6 @@ "type": "github" } }, - "flake-schemas": { - "locked": { - "lastModified": 1721999734, - "narHash": "sha256-G5CxYeJVm4lcEtaO87LKzOsVnWeTcHGKbKxNamNWgOw=", - "rev": "0a5c42297d870156d9c57d8f99e476b738dcd982", - "revCount": 75, - "type": "tarball", - "url": "https://api.flakehub.com/f/pinned/DeterminateSystems/flake-schemas/0.1.5/0190ef2f-61e0-794b-ba14-e82f225e55e6/source.tar.gz" - }, - "original": { - "type": "tarball", - "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" - } - }, "flake-utils": { "inputs": { "systems": "systems" @@ -625,7 +546,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_3" + "systems": "systems_4" }, "locked": { "lastModified": 1731533236, @@ -661,7 +582,10 @@ }, "flake-utils_5": { "inputs": { - "systems": "systems_6" + "systems": [ + "niri-nfsm", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -679,10 +603,7 @@ }, "flake-utils_6": { "inputs": { - "systems": [ - "niri-nfsm", - "systems" - ] + "systems": "systems_7" }, "locked": { "lastModified": 1731533236, @@ -718,25 +639,7 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_9" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_9": { - "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, @@ -771,8 +674,8 @@ "ghostty": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs_3", + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2", "zig": "zig", "zon2nix": "zon2nix" }, @@ -816,7 +719,7 @@ "inputs": { "nixpkgs": [ "lanzaboote", - "pre-commit-hooks-nix", + "pre-commit", "nixpkgs" ] }, @@ -854,27 +757,6 @@ } }, "home-manager": { - "inputs": { - "nixpkgs": [ - "chaotic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764788330, - "narHash": "sha256-hE/gXK+Z0j654T0tsW+KcndRqsgZXe8HyWchjBJgQpw=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "fca4cba863e76c26cfe48e5903c2ff4bac2b2d5d", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "home-manager", - "type": "github" - } - }, - "home-manager_2": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -939,11 +821,11 @@ ] }, "locked": { - "lastModified": 1763733840, - "narHash": "sha256-JnET78yl5RvpGuDQy3rCycOCkiKoLr5DN1fPhRNNMco=", + "lastModified": 1766946335, + "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "8f1bec691b2d198c60cccabca7a94add2df4ed1a", + "rev": "4af02a3925b454deb1c36603843da528b67ded6c", "type": "github" }, "original": { @@ -963,17 +845,17 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems_4", + "systems": "systems_3", "xdph": "xdph" }, "locked": { - "lastModified": 1764982118, - "narHash": "sha256-7Ofsbs4eJFyKUhm+PVv2QwTU77SQTmZ5X7yBPqArtR4=", + "lastModified": 1767812022, + "narHash": "sha256-BHBiQhlNl+Lxvp/bBOOTWhxbXYMoVG4xiyv9DE/nuZ4=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "cedadf4fdc63e04ab41cab00c0417ba248ce748e", + "rev": "918e2bb9be0e1d233f9394f1d569137788c43c01", "type": "github" }, "original": { @@ -1015,11 +897,11 @@ ] }, "locked": { - "lastModified": 1764616927, - "narHash": "sha256-wRT0MKkpPo11ijSX3KeMN+EQWnpSeUlRtyF3pFLtlRU=", + "lastModified": 1767023960, + "narHash": "sha256-R2HgtVS1G3KSIKAQ77aOZ+Q0HituOmPgXW9nBNkpp3Q=", "owner": "hyprwm", "repo": "hyprland-guiutils", - "rev": "25cedbfdc5b3ea391d8307c9a5bea315e5df3c52", + "rev": "c2e906261142f5dd1ee0bfc44abba23e2754c660", "type": "github" }, "original": { @@ -1070,11 +952,11 @@ ] }, "locked": { - "lastModified": 1759610243, - "narHash": "sha256-+KEVnKBe8wz+a6dTLq8YDcF3UrhQElwsYJaVaHXJtoI=", + "lastModified": 1765214753, + "narHash": "sha256-P9zdGXOzToJJgu5sVjv7oeOGPIIwrd9hAUAP3PsmBBs=", "owner": "hyprwm", "repo": "hyprland-protocols", - "rev": "bd153e76f751f150a09328dbdeb5e4fab9d23622", + "rev": "3f3860b869014c00e8b9e0528c7b4ddc335c21ab", "type": "github" }, "original": { @@ -1176,11 +1058,11 @@ ] }, "locked": { - "lastModified": 1764637132, - "narHash": "sha256-vSyiKCzSY48kA3v39GFu6qgRfigjKCU/9k1KTK475gg=", + "lastModified": 1766253372, + "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "2f2413801beee37303913fc3c964bbe92252a963", + "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", "type": "github" }, "original": { @@ -1230,11 +1112,11 @@ ] }, "locked": { - "lastModified": 1764773840, - "narHash": "sha256-9UcCdwe7vPgEcJJ64JseBQL0ZJZoxp/2iFuvfRI+9zk=", + "lastModified": 1767473322, + "narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=", "owner": "hyprwm", "repo": "hyprwire", - "rev": "3f1997d6aeced318fb141810fded2255da811293", + "rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11", "type": "github" }, "original": { @@ -1243,57 +1125,33 @@ "type": "github" } }, - "jovian": { - "inputs": { - "nix-github-actions": "nix-github-actions_2", - "nixpkgs": [ - "chaotic", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1764746434, - "narHash": "sha256-6ymFuw+Z1C90ezf8H0BP3c2JFZhJYwMq31px2StwWHU=", - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "rev": "b4c0b604148adacf119b89824ed26df8926ce42c", - "type": "github" - }, - "original": { - "owner": "Jovian-Experiments", - "repo": "Jovian-NixOS", - "type": "github" - } - }, "lanzaboote": { "inputs": { "crane": "crane_2", - "flake-compat": "flake-compat_5", - "flake-parts": "flake-parts_2", "nixpkgs": [ "nixpkgs" ], - "pre-commit-hooks-nix": "pre-commit-hooks-nix", - "rust-overlay": "rust-overlay_3" + "pre-commit": "pre-commit", + "rust-overlay": "rust-overlay_2" }, "locked": { - "lastModified": 1737639419, - "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=", + "lastModified": 1765382359, + "narHash": "sha256-RJmgVDzjRI18BWVogG6wpsl1UCuV6ui8qr4DJ1LfWZ8=", "owner": "nix-community", "repo": "lanzaboote", - "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e", + "rev": "e8c096ade12ec9130ff931b0f0e25d2f1bc63607", "type": "github" }, "original": { "owner": "nix-community", - "ref": "v0.4.2", + "ref": "v1.0.0", "repo": "lanzaboote", "type": "github" } }, "mail-ntfy-server": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] @@ -1319,11 +1177,11 @@ ] }, "locked": { - "lastModified": 1763876586, - "narHash": "sha256-bQ5KRepEVyvF81AlaLxn4IdFfzZJzBq221ix2Zmjtz4=", + "lastModified": 1767713191, + "narHash": "sha256-aVkBzGQjr7yApCQ9SzxCy2wm9vISb0pY1FBSLvyn3v8=", "owner": "dachxy", "repo": "nix-mail-server", - "rev": "238e340ef58db602892e8cde114576612055520c", + "rev": "081438f6f3f5b706cd0b1fd8917017e68cdd68d4", "type": "github" }, "original": { @@ -1350,7 +1208,7 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], @@ -1385,11 +1243,32 @@ "type": "github" } }, + "ndg": { + "inputs": { + "nixpkgs": [ + "nvf", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765720983, + "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", + "owner": "feel-co", + "repo": "ndg", + "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", + "type": "github" + }, + "original": { + "owner": "feel-co", + "repo": "ndg", + "type": "github" + } + }, "neovim-nightly-overlay": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1764979571, @@ -1428,7 +1307,7 @@ "nixpkgs": [ "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_3", + "nixpkgs-stable": "nixpkgs-stable_2", "xwayland-satellite-stable": "xwayland-satellite-stable", "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, @@ -1448,11 +1327,11 @@ }, "niri-nfsm": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1764588231, @@ -1523,29 +1402,6 @@ "type": "github" } }, - "nix-github-actions_2": { - "inputs": { - "nixpkgs": [ - "chaotic", - "jovian", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1729697500, - "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", - "owner": "zhaofengli", - "repo": "nix-github-actions", - "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", - "type": "github" - }, - "original": { - "owner": "zhaofengli", - "ref": "matrix-name", - "repo": "nix-github-actions", - "type": "github" - } - }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -1569,7 +1425,7 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_6", - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ] @@ -1590,8 +1446,8 @@ }, "nix-search-tv": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_7" + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1763912269, @@ -1629,7 +1485,7 @@ }, "nixd": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "flake-root": "flake-root", "nixpkgs": [ "nixpkgs" @@ -1695,22 +1551,6 @@ } }, "nixpkgs-stable_2": { - "locked": { - "lastModified": 1730741070, - "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_3": { "locked": { "lastModified": 1764831616, "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", @@ -1726,39 +1566,7 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { - "locked": { - "lastModified": 1764667669, - "narHash": "sha256-7WUCZfmqLAssbDqwg9cUDAXrSoXN79eEEq17qhTNM/Y=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "418468ac9527e799809c900eda37cbff999199b6", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1764947035, "narHash": "sha256-3PmKrux+ApKEM4IMRNAKeuWicwgRiRcprSuEnsbhVe4=", @@ -1771,7 +1579,7 @@ "url": "https://channels.nixos.org/nixpkgs-unstable/nixexprs.tar.xz" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1758360447, "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=", @@ -1784,13 +1592,13 @@ "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { - "lastModified": 1764517877, - "narHash": "sha256-pp3uT4hHijIC8JUK5MEqeAWmParJrgBVzHLNfJDZxg4=", + "lastModified": 1767379071, + "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2d293cbfa5a793b4c50d17c05ef9e385b90edf6c", + "rev": "fb7944c166a3b630f177938e478f0378e64ce108", "type": "github" }, "original": { @@ -1800,7 +1608,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { "lastModified": 1764915887, "narHash": "sha256-CeBCJ9BMsuzVgn8GVfuSRZ6xeau7szzG0Xn6O/OxP9M=", @@ -1816,7 +1624,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1757584362, "narHash": "sha256-XeTX/w16rUNUNBsfaOVCDoMMa7Xu7KvIMT7tn1zIEcg=", @@ -1832,13 +1640,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1764947035, - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", + "lastModified": 1767364772, + "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a672be65651c80d3f592a89b3945466584a22069", + "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", "type": "github" }, "original": { @@ -1848,7 +1656,7 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1764445028, "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", @@ -1864,6 +1672,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "noctalia": { "inputs": { "nixpkgs": [ @@ -1912,27 +1736,51 @@ "nvf": { "inputs": { "flake-compat": "flake-compat_7", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "mnw": "mnw", + "ndg": "ndg", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_10" + "systems": "systems_9" }, "locked": { - "lastModified": 1764904740, - "narHash": "sha256-TzqXUQlESmS5XGJ3tR1/xdoU0vySyp6YUUpmGF5F0kY=", - "owner": "NotAShelf", + "lastModified": 1767369300, + "narHash": "sha256-QV+tdP2bS+PJBcp4YHhqpMTzcxsxGaS/d6cKMCJ4PnA=", + "owner": "notashelf", "repo": "nvf", - "rev": "249cabe0c5392c384c82fa9d28d3f49fbeb04266", + "rev": "9c75c2a199af39fc95fb203636ce97d070ca3973", "type": "github" }, "original": { - "owner": "NotAShelf", + "owner": "notashelf", "repo": "nvf", "type": "github" } }, + "pre-commit": { + "inputs": { + "flake-compat": "flake-compat_5", + "gitignore": "gitignore_2", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1765016596, + "narHash": "sha256-rhSqPNxDVow7OQKi4qS5H8Au0P4S3AYbawBSmJNUtBQ=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "548fc44fca28a5e81c5d6b846e555e6b9c2a5a3c", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat_4", @@ -1943,11 +1791,11 @@ ] }, "locked": { - "lastModified": 1763988335, - "narHash": "sha256-QlcnByMc8KBjpU37rbq5iP7Cp97HvjRP0ucfdh+M4Qc=", + "lastModified": 1767281941, + "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "50b9238891e388c9fdc6a5c49e49c42533a1b5ce", + "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", "type": "github" }, "original": { @@ -1956,33 +1804,6 @@ "type": "github" } }, - "pre-commit-hooks-nix": { - "inputs": { - "flake-compat": [ - "lanzaboote", - "flake-compat" - ], - "gitignore": "gitignore_2", - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable_2" - }, - "locked": { - "lastModified": 1731363552, - "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=", - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "pre-commit-hooks.nix", - "type": "github" - } - }, "quickshell": { "inputs": { "nixpkgs": [ @@ -2007,14 +1828,12 @@ "root": { "inputs": { "actual-budget-api": "actual-budget-api", - "actual-budget-server": "actual-budget-server", "attic": "attic", "awww": "awww", "caelestia-shell": "caelestia-shell", - "chaotic": "chaotic", "disko": "disko", "ghostty": "ghostty", - "home-manager": "home-manager_2", + "home-manager": "home-manager", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", "lanzaboote": "lanzaboote", @@ -2030,10 +1849,10 @@ "nix-search-tv": "nix-search-tv", "nix-tmodloader": "nix-tmodloader", "nixd": "nixd", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "noctalia": "noctalia", "nvf": "nvf", - "rust-overlay": "rust-overlay_4", + "rust-overlay": "rust-overlay_3", "sops-nix": "sops-nix", "stylix": "stylix", "yazi": "yazi", @@ -2064,16 +1883,16 @@ "rust-overlay_2": { "inputs": { "nixpkgs": [ - "chaotic", + "lanzaboote", "nixpkgs" ] }, "locked": { - "lastModified": 1764729618, - "narHash": "sha256-z4RA80HCWv2los1KD346c+PwNPzMl79qgl7bCVgz8X0=", + "lastModified": 1765075567, + "narHash": "sha256-KFDCdQcHJ0hE3Nt5Gm5enRIhmtEifAjpxgUQ3mzSJpA=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "52764074a85145d5001bf0aa30cb71936e9ad5b8", + "rev": "769156779b41e8787a46ca3d7d76443aaf68be6f", "type": "github" }, "original": { @@ -2083,27 +1902,6 @@ } }, "rust-overlay_3": { - "inputs": { - "nixpkgs": [ - "lanzaboote", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1731897198, - "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, - "rust-overlay_4": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -2123,7 +1921,7 @@ "type": "github" } }, - "rust-overlay_5": { + "rust-overlay_4": { "inputs": { "nixpkgs": [ "yazi", @@ -2146,7 +1944,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1764483358, @@ -2185,13 +1983,13 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_6", + "flake-parts": "flake-parts_5", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" ], "nur": "nur", - "systems": "systems_11", + "systems": "systems_10", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -2257,21 +2055,6 @@ "type": "github" } }, - "systems_12": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -2288,21 +2071,6 @@ } }, "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_4": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -2317,6 +2085,21 @@ "type": "github" } }, + "systems_4": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_5": { "locked": { "lastModified": 1681028828, @@ -2333,21 +2116,6 @@ } }, "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_7": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -2362,6 +2130,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_8": { "locked": { "lastModified": 1681028828, @@ -2570,9 +2353,9 @@ }, "yazi": { "inputs": { - "flake-utils": "flake-utils_9", - "nixpkgs": "nixpkgs_10", - "rust-overlay": "rust-overlay_5" + "flake-utils": "flake-utils_8", + "nixpkgs": "nixpkgs_9", + "rust-overlay": "rust-overlay_4" }, "locked": { "lastModified": 1764949583, @@ -2642,7 +2425,7 @@ }, "zon2nix": { "inputs": { - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1758405547, diff --git a/flake.nix b/flake.nix index 83334a2..5d43f62 100644 --- a/flake.nix +++ b/flake.nix @@ -41,7 +41,7 @@ neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay"; lanzaboote = { - url = "github:nix-community/lanzaboote/v0.4.2"; + url = "github:nix-community/lanzaboote/v1.0.0"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -112,12 +112,6 @@ inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; }; - actual-budget-server = { - url = "git+file:///home/danny/projects/actual-budget-flake"; - # url = "github:dachxy/actual-budget-flake"; - inputs.nixpkgs.follows = "nixpkgs"; - }; - mail-server = { url = "github:dachxy/nix-mail-server"; inputs.nixpkgs.follows = "nixpkgs"; @@ -234,6 +228,7 @@ inputs.attic.nixosModules.atticd inputs.mail-server.nixosModules.default inputs.niri.nixosModules.niri + inputs.lanzaboote.nixosModules.lanzaboote ./options # ==== Private Configuration ==== # diff --git a/home/options/sunsetr.nix b/home/options/sunsetr.nix index 7e608a8..583edd8 100644 --- a/home/options/sunsetr.nix +++ b/home/options/sunsetr.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: let inherit (lib) mkIf @@ -11,7 +16,7 @@ in { options.services.sunsetr = { enable = mkEnableOption "Enable sunsetr."; - package = mkPackageOption "sunsetr"; + package = mkPackageOption pkgs "sunsetr" { }; }; config = mkIf cfg.enable { diff --git a/home/scripts/remoteRebuild.nix b/home/scripts/remoteRebuild.nix index 453c073..1997f9e 100644 --- a/home/scripts/remoteRebuild.nix +++ b/home/scripts/remoteRebuild.nix @@ -13,11 +13,13 @@ let --sudo --ask-sudo-password $@''; in pkgs.writeShellScriptBin "rRebuild" '' + NOTIFY="''\${NOTIFY:-0}" TARGET=$1 BUILD=$2 - shift - shift + set -euo pipefail + + shift 2 ${ if shouldNotify then @@ -25,6 +27,11 @@ pkgs.writeShellScriptBin "rRebuild" '' export NTFY_TITLE="🎯 $TARGET built by 🏗️ ''\${BUILD:-${hostName}}" export NTFY_TAGS="gear" + if [ "$NOTIFY" -eq 0 ] ; then + ${rebuildCommand} + exit 0 + fi + if ${rebuildCommand} then ntfy pub system-build "✅ Build success" > /dev/null 2>&1 diff --git a/home/user/shell.nix b/home/user/shell.nix index 6a5d54b..5b8f485 100644 --- a/home/user/shell.nix +++ b/home/user/shell.nix @@ -1,10 +1,12 @@ { + lib, osConfig, config, pkgs, ... }: let + inherit (lib) mkForce; remoteRebuld = import ../scripts/remoteRebuild.nix { inherit osConfig config pkgs; }; in { diff --git a/system/dev/dn-lap/default.nix b/system/dev/dn-lap/default.nix index 207514a..58754d9 100644 --- a/system/dev/dn-lap/default.nix +++ b/system/dev/dn-lap/default.nix @@ -23,6 +23,7 @@ in ./sops ./utility ./virtualisation + ./network ]; users.users."${username}".openssh.authorizedKeys.keys = [ diff --git a/system/dev/dn-lap/network/default.nix b/system/dev/dn-lap/network/default.nix new file mode 100644 index 0000000..3596983 --- /dev/null +++ b/system/dev/dn-lap/network/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ../../../modules/netbird-client.nix + ]; +} diff --git a/system/dev/dn-lap/sops/secret.yaml b/system/dev/dn-lap/sops/secret.yaml index a92f55e..89792fa 100644 --- a/system/dev/dn-lap/sops/secret.yaml +++ b/system/dev/dn-lap/sops/secret.yaml @@ -1,5 +1,7 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:9wegrw4ZbY+T/gNYi0gt4n6Db1/rRpsiqVbQr8QoYTwOiWBjKO2PGTTM5aK3khk5t2pYOTSqEBn5+5J/JYZpQ6nvJMcqn0+31KMuMT9/0akxOm112Tj31vOdBwRvSQVLBzmQtPABgMlV36lRtpVU71lwiNO4M33ygzL/tm7EMt0e75Nr9CZkGI7BGtnATBzbj3ysftsbFPF2iIgZ9fej4I78rJ1HavAsAgcrxksWAJjFZyFGWinkW4eiwDKlqBvRUW0tE8TF897ZmX90UnwXwjtyJcyJH6nzwrRDJgxR7uyRL/HIusmVZHCNSlo8dSaxAROXOw5ULjmQpXzzPAVUxw==,iv:FCv2ADYZXflBYuI9B9xvUSAYX8+v2Qf9EJjZ/TX27sA=,tag:caR4HS3yYrjNP1IzxgoOXA==,type:str] +netbird: + wt0-setupKey: ENC[AES256_GCM,data:bj3w7lGMJ0ZPQpGF0nKuhPKNWb04xVr6wNqoFGNzPnEJ+Q+b,iv:0helVFJqu4TNFY6LTG7LpD3tqsArwJHWH2XnlpPKEZk=,tag:yGrExGSmliHXxKAHqiHK/g==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -20,7 +22,7 @@ sops: V09NYXpBYXBtYWdBajJubmVFL2loY0EKJdYKQHPriOT0eouvRUiCyqLSTzugUZxl BFTwfCez1/K2ERKQkKsMfIARbHaI2SRyDxM2O1IJ+DOIJ2383K6Gvw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-19T12:39:58Z" - mac: ENC[AES256_GCM,data:tTvNyD6Lekc0RUIr9CpCjhWl2Gb9pHRubeoTrwceUCkm074EjYIzvqwiX5fzt6Cc5/H/k8NWJZBAoI3tOeCrXpo1Lbb0fCjGqxTldGN44pLR/5q9bdAxLom3EEqKiBBryVxqAkkm1a98UXPtnh+oDyaFsqTbS65LolEtFEbV/3U=,iv:J0gMlpWc9TVSCRxcdUnlXtNnmahvbc12EsLeFB4BJlY=,tag:h0EaNQ/sl+3sU9+g4ohjtw==,type:str] + lastmodified: "2026-01-06T08:39:04Z" + mac: ENC[AES256_GCM,data:xPMGZ7SUVih97hWeeARhoZVn4B8D/lNzLuxRRkQEG5PqdtXHwH9HVIHz6AG3Pc72aRKroGF0E2sidJU7WxIUde4IuoktecHq2e2e+tVLZWg50Y/keG7SMR5MamapCiYxK88a9vG4a8PYytSOFvF5DUUjKGkFJZOaelK+ydOPbek=,iv:lh+dwiBl26sEYpvXx6HtUwKs2Mz5F0hRKD4q2q1jlkI=,tag:+gDW5nRmBkjCryFTudyqMA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/common/boot.nix b/system/dev/dn-pre7780/common/boot.nix index 12868d8..ccaf732 100644 --- a/system/dev/dn-pre7780/common/boot.nix +++ b/system/dev/dn-pre7780/common/boot.nix @@ -3,7 +3,7 @@ ... }: { - boot.kernelPackages = pkgs.linuxPackages_6_17; + boot.kernelPackages = pkgs.linuxPackages_latest; fileSystems."/mnt/ssd" = { device = "/dev/disk/by-label/DN-SSD"; @@ -19,6 +19,7 @@ "uid=1000" "dmask=000" "fmask=000" + "exec" ]; }; diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 2209948..880918e 100644 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -44,6 +44,7 @@ in ../public/dn ../public/dn/ntfy.nix ./expr + ./network ./common ./games ./home @@ -53,6 +54,7 @@ in ./virtualisation ../../modules/shells/noctalia ../../modules/sunshine.nix + ../../modules/secure-boot.nix ]; # Live Sync D diff --git a/system/dev/dn-pre7780/expr/default.nix b/system/dev/dn-pre7780/expr/default.nix index c627d79..6f80563 100644 --- a/system/dev/dn-pre7780/expr/default.nix +++ b/system/dev/dn-pre7780/expr/default.nix @@ -1,6 +1,5 @@ { imports = [ - # ./netbird.nix # ./osx-kvm.nix ]; } diff --git a/system/dev/dn-pre7780/expr/netbird.nix b/system/dev/dn-pre7780/expr/netbird.nix deleted file mode 100644 index cbe0647..0000000 --- a/system/dev/dn-pre7780/expr/netbird.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ - domain, - idpSecret, - dataStoreEncryptionKey, - coturnPassFile, - ... -}: -let - port = 51820; -in -{ - services.netbird = { - server = { - enable = true; - domain = "netbird.${domain}"; - enableNginx = true; - management = { - oidcConfigEndpoint = "https://keycloak.net.dn/realms/master/.well-known/openid-configuration"; - settings = { - DataStoreEncryptionKey = { - _secret = dataStoreEncryptionKey; - }; - TURNConfig = { - Secret = { - _secret = idpSecret; - }; - }; - IdpManagerConfig = { - ClientConfig = { - ClientID = "netbird-backend"; - ClientSecret = { - _secret = idpSecret; - }; - }; - }; - }; - }; - coturn = { - user = "netbird"; - passwordFile = coturnPassFile; - enable = true; - }; - dashboard.settings = { - USE_AUTH0 = false; - AUTH_AUTHORITY = "https://keycloak.net.dn/realms/master"; - AUTH_CLIENT_ID = "netbird"; - AUTH_AUDIENCE = "netbird"; - AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; - }; - }; - clients.default = { - inherit port; - openFirewall = true; - name = "netbird"; - interface = "wt0"; - hardened = true; - dns-resolver.address = "10.0.0.1"; - }; - }; - - services.nginx.virtualHosts."netbird.${domain}" = { - enableACME = true; - forceSSL = true; - }; -} diff --git a/system/dev/dn-pre7780/games/default.nix b/system/dev/dn-pre7780/games/default.nix index 30e6300..d11d1c4 100644 --- a/system/dev/dn-pre7780/games/default.nix +++ b/system/dev/dn-pre7780/games/default.nix @@ -1,6 +1,7 @@ { imports = [ ../../../modules/gaming.nix - ./game.nix + ./shadps4.nix + ./minecraft.nix ]; } diff --git a/system/dev/dn-pre7780/games/minecraft.nix b/system/dev/dn-pre7780/games/minecraft.nix new file mode 100644 index 0000000..f0123aa --- /dev/null +++ b/system/dev/dn-pre7780/games/minecraft.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: +{ + home-manager.sharedModules = [ + { + home.packages = with pkgs; [ + prismlauncher + lsfg-vk + lsfg-vk-ui + ]; + } + ]; +} diff --git a/system/dev/dn-pre7780/games/game.nix b/system/dev/dn-pre7780/games/shadps4.nix similarity index 100% rename from system/dev/dn-pre7780/games/game.nix rename to system/dev/dn-pre7780/games/shadps4.nix diff --git a/system/dev/dn-pre7780/network/default.nix b/system/dev/dn-pre7780/network/default.nix new file mode 100644 index 0000000..cff9313 --- /dev/null +++ b/system/dev/dn-pre7780/network/default.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ../../../modules/netbird-client.nix + # ../../../modules/wireguard.nix + ]; +} diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index ce667a6..df55e8e 100644 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -3,8 +3,7 @@ ../../../modules/postgresql.nix # ./mail.nix ./nginx.nix - ./wireguard.nix + # ./pangolin.nix # ./nextcloud.nix - # ./netbird.nix ]; } diff --git a/system/dev/dn-pre7780/services/netbird.nix b/system/dev/dn-pre7780/services/netbird.nix deleted file mode 100644 index 589b265..0000000 --- a/system/dev/dn-pre7780/services/netbird.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, ... }: -{ - imports = [ - (import ../expr/netbird.nix { - domain = "pre7780.dn"; - coturnPassFile = config.sops.secrets."netbird/coturn/password".path; - idpSecret = config.sops.secrets."netbird/oidc/secret".path; - dataStoreEncryptionKey = config.sops.secrets."netbird/dataStoreKey".path; - }) - ]; -} diff --git a/system/dev/dn-pre7780/services/pangolin.nix b/system/dev/dn-pre7780/services/pangolin.nix new file mode 100644 index 0000000..b05fd85 --- /dev/null +++ b/system/dev/dn-pre7780/services/pangolin.nix @@ -0,0 +1,48 @@ +{ config, lib, ... }: +let + inherit (lib) mkForce; + secrets = config.sops.secrets; + domain = "net.dn"; +in +{ + sops.secrets = { + "pangolin/env" = { }; + "pangolin/traefik" = { + key = "acme/pdns"; + }; + }; + + services.pangolin = { + enable = true; + openFirewall = true; + dashboardDomain = "auth.${domain}"; + baseDomain = domain; + + environmentFile = secrets."pangolin/env".path; + letsEncryptEmail = "danny@net.dn"; + dnsProvider = "pdns"; + + settings = { + app = { + save_logs = true; + }; + domains = { + + }; + traefik.prefer_wildcard_cert = true; + }; + }; + + services.traefik = { + staticConfigOptions = { + certificatesResolvers.letsencrypt.acme = { + caServer = mkForce "https://ca.net.dn/acme/acme/directory"; + dnsChallenge = { + provider = "pdns"; + resolvers = [ "10.0.0.1:53" ]; + }; + }; + }; + environmentFiles = [ secrets."pangolin/traefik".path ]; + }; +} diff --git a/system/dev/dn-pre7780/services/wireguard.nix b/system/dev/dn-pre7780/services/wireguard.nix deleted file mode 100644 index b2e5388..0000000 --- a/system/dev/dn-pre7780/services/wireguard.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ../../../modules/wireguard.nix - ]; -} diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index c8203dd..9fa4e7c 100644 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -1,11 +1,12 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:ozySeNEvkiLt9TGrZCrlJWKT5gcSlZ9T8AeXGO97SPgxI394eCQ/LOkVFl7AykhZvs7YkxMpZzAZxc0oNdTYuDlqfrNr0pqTUJmpX+5PVRmDb5z2MJvERktVkJ4LSvVodoYznDwT/y9q199AFKf3t4EoWuRyR/il6P8HuGVHXrKRYUrwuB4nuq1SIByY+8D2gzohFB/s6pSOPYy6/xCt0Nm+x0wmcdrlyOb0S+4WXlcou2ll98o9q2YDdVBKeW4jyUjFqXM2XzD0JXpAi9ZFlyzxyYNwa4oMYATyCBCH4BNHqe850QHEoCaOovioEdDH/tluB2X/891ixqzURypzbg==,iv:3Q5xOgGcg8/DIwHt4fHsQGtN8f2hGpVDtf47PcwW62I=,tag:SbJqhWi3+h1O5ZIOayDrUw==,type:str] +netbird: + wt0-setupKey: ENC[AES256_GCM,data:166VX+rgzxhar+GFKxA5d8G3/9ewISdv2hUSwvbggyyjwwvE,iv:w8p4gDP6U0ZONX59t2dnglTC9S2dW2TX5A4OoCzRuzM=,tag:zf3jvlERJtM+osBd4ZQjMA==,type:str] dovecot: openldap: ENC[AES256_GCM,data:U3YYreEqoh+F0Mrli52jgQowrUqIUPmdQps=,iv:vTjHBFsue+89GOCDigVIktgGSZNZv8A2e3GM80o6TXc=,tag:GGh+hsT+yV/I12meXxflbQ==,type:str] nextcloud: adminPassword: ENC[AES256_GCM,data:69NrA/iP0sfrkdv8ahv7I+ZY,iv:/TXTs0fZw64HELdGr5CzgToO2L2G2mCNdN4Zexz8p+o=,tag:p2hNTxv1xdYmEJ6ZAO3w3Q==,type:str] whiteboard: ENC[AES256_GCM,data:qcZOLX1qJyciKm+4uuOVIopZXG70Jg9Grc07SCjG5ww9DK0myzdqlfWeZKdTsOyTBLMyCE9K7lC5rtBFeSv3ZeqkAUXTQt9QiAN05+tTpHk=,iv:v6fgSz/eh8MZANSbLbeSrKVOdX09pHYZ599BK8Ug2Lo=,tag:JTezfqrInm82K3gB0zpniw==,type:str] - signaling.conf: ENC[AES256_GCM,data:Ede61FM7k3VQHt4hO7O4UOE0p5nHk8lYsqaNWh8ZxfdGRJoMoLJYFcJs8nemAj1AGCh1Ep4ehtgQGcFfILUcek280m4paSIfaE2cwsI+1F+diXn98YmsmiR3swryw518gmfTZ7DrHlns7EWr/Udflz91F5+CKAuPNKtsYRSkB4KmJmEc4k2ioPus7hHEz/edLqA4mob/DuRXrWmFkDtlEj4I9aS5CJpyeDrsYoticnp5/QCWBnpxN2itqvbwjspid085Us7p4wbrM7Di/gPjj0D84Hw4biOLWSHm1oMRXqXIBP3ntPvvKJ2sKy7czcbeIGeJAIwEctStG7hqLAv3bfxiMn8DQ8eNp/xWw6tnwYklS4KCBJbDUucGvNcSx41JLCm+TShxaPIv/l6y+Z7Hkvri1WW2WSRvRsMFFEy3PrZLu0GstESYyARBrVdJ+OdaEtt3tthYLCUQcTT5xd484TTEyF9z3d5CBPC62BXZBdFRyEPD696nXV0ztVTBz2oWCmD6jHL0v+nTn3sojTDet0vmPo6o6cE0RqX6G/oVx+Y9l52QirFxOaNALk3R1l/lvXhDhlrAp8EldGhfnZf8y7X2HoC/XHQud9pA0N89Xrgp/Ak+9d+tRtmr4icLNVtwBg91md9P1tCyqPTUGR3JHc1KtmDHVI3NqgekUAmHrNRE5m633fchV2sTYSOfvdtL,iv:/xlMQoexPA9rXIlMd7bTQY1ojHuprBX/5quVSnNslvI=,tag:geAR+vPBmDB37/oSnnpqSA==,type:str] openldap: adminPassword: ENC[AES256_GCM,data:jEGuzgs5QTWfdyJenC3t3g==,iv:StfFOcvbDapnma6eAlpaGiBWnqiD3I/wfQsMBzufol0=,tag:892q7N4KrsSQoZYGy6CQrA==,type:str] lam: @@ -18,15 +19,13 @@ acme: pdns: ENC[AES256_GCM,data:eKnahc8HWboYCUpBuEUrdCMhN8A2N2VN0wrmzcyU2OfMeQaswIYSWV4sBzUbj/pono8PaVxK1FBKsn+Ycd4Y6tcxsAkbPfnPkOsbe0FJpz4t9RFLJBLw3U0YTE/TaURiDYipHnvPGYgyq3AziH/xa4WXZxLHGI0x+a/y3PpWy37rT87DWUT2kktPshdO7Mbwn7nSC78WByXmyaUMkT74Sc0FNmCgfijrHk/ATXGb,iv:y3eRZXFbqqf4VuuqHHYdIoiEa1zqRU1XIlEqooJ28lU=,tag:2bIALJFGZyIZT7fyo/y5Nw==,type:str] cloudflare: secret: ENC[AES256_GCM,data:Ktk7BtyjaDeOc4Okflz/ZBYpJ7Uy1SeEBV6ofWcToZsvCDT6aTVxGrAKEHIE/eknvnyWOFeSQv/z/Q==,iv:x2ymbLwa1E2FzdomISeyhchya5bowgieO/XuOnoi81w=,tag:Nj+1DRnbvcwiLiEeu2WaRQ==,type:str] -netbird: - oidc: - secret: ENC[AES256_GCM,data:hSVMUEBL0kCvRLD3zd57SLhNIAFOR4eaJPcIIIIUJng=,iv:VhfseftQNlXSDCWuaYQUIklMUCkUbChyWbJl3qgD75M=,tag:vbqov0VgA0XNZfzcr3FZgA==,type:str] - dataStoreKey: ENC[AES256_GCM,data:vV2wgo5qFS+DC1NmOjVddZW9HAsRMpUFH+t/70iQ3A5YXkhbWoCeSxZDyAg=,iv:tKqh28qj8gqHfcb44Ej731w6NKi29X4iEwIOQ4ZcCzA=,tag:ObAxVrUctm6pbmXSQw7j5w==,type:str] crowdsec: lapi.yaml: ENC[AES256_GCM,data:BpDlz/liFYVZTA66TMWDifGfT4R9l0W9/LOU33rrPVC4YKeFbB1gIxqkUOEDl8fxsou5Jx/MQivyz90lE8yxbcGV/Zzx4ZJaHN+jz6mfM6mADEWp/nUcfO9tECijOhPPYt/8aE3py38NlFZuafZ2CwdL7RmDX7YCjpiIYxXaIjSv61WPD1SLkOkusnoA7bJZ2xmJ/dfEMXEA4LCCOfGQ,iv:922rrz94pD3/R1kGlQyIFkoq/fRSyxaIQ5qllldQMCY=,tag:AAPlwiQP4KMzHZmcMH76AQ==,type:str] capi.yaml: ENC[AES256_GCM,data:UuBESeHfKEPSIzP7RPNES0BVWwJsmPqLP3QJbAeAcm6eQ3sRzUSrVxY8A2yoiLD2lnuJPy2BbYHJpBR7VSfs7oUCc7LljgAp1uB2GH1y8YE46xJLo0TDp873bZJdcsO00ozsbtmWlGWJm7HLrzIUEe0mAjBzZeXe1WDJByGeVqupNLwpXSMaos2ktHjXA6hTGAdE5iIxBAXI6qjldWjRnlqE,iv:hZ2nUaOipU7Top0vsn23yU0XWP9SKcoj85xFo5hD/mU=,tag:32E2o+FOJXM9aMnLQA6KYA==,type:str] consoleToken: ENC[AES256_GCM,data:Q6QWWwcvLd8+ddwPMBzyB+X4gh8I53qSLA==,iv:JD48L59nQYttglAfuKL/lNBzWgBfj01rkIeP8pqmo70=,tag:6cxsQViDGuzjScKkBuO4Bw==,type:str] rspamd: ENC[AES256_GCM,data:8DryYdMyhzBqwqcbYUQ=,iv:5w21u3xqshRSf8IJbG16/Gf6AC2Zw6VnI3MOchN+w8A=,tag:OiiYUDT69SZObgOh1qCL0g==,type:str] +pangolin: + env: ENC[AES256_GCM,data:f5Pq+DE9PeRyOKeygREuovlqOMhe/bmTOrBA7Px3Oq+pWG5kGwnxqDdP/PwawJAskQPC9LN+QP6hIPNrJbPyxtk87hoRMb/3X0ggOw==,iv:yqqQizPwf3EfCelczf/7piH9kYiAwGLTtassvQ8oXNs=,tag:UzVuKIS8WZNAHgpLkzc9XA==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -38,7 +37,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-19T12:39:37Z" - mac: ENC[AES256_GCM,data:JSwphdjAfZcLSuctzruwVjBQXhbQKnEda93KlrH8eoSJcFXBRCMz0v+HY2nBlrC9lwp9vgT3HnGmR6hIPi48UtyxYcGOJy33OY4M1it0WGE2r8Ikg++5cBUtacK4QdwuMCADhNT5ZHs5T7UUX0GMLeqAtrcJ3FKt+4+catsOvnE=,iv:7ZTi86IkbScizZlOCk+uXDyWzrFDsLRuLuzjUFsMFR0=,tag:3/i7BZ8XYALj7RYj4dIUgA==,type:str] + lastmodified: "2026-01-07T08:17:20Z" + mac: ENC[AES256_GCM,data:M9hBNU2KetaGEhJnYW10nWEWetFWs9c5gPN/0W6UIOsP2Y9E2d8J09Ary9O9z6TjjxqkS+H15SQfo6bjuc19jSwtdQ/scqy9nV1H0pOEHzWj8zG/bzC71WmwhZbx4+1cK83HYS9pJhzbO+5tbOK75GwJscXAhXKDzzNBmTW2Y3U=,iv:qozD5Z2uiI5vFApsRVkjiXLOPATs3VV0PDk5szX+mrc=,tag:WpM+Ab9U2q9GR0qvyMZO8w==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/sops/sops-conf.nix b/system/dev/dn-pre7780/sops/sops-conf.nix index 34f5f60..a5a1df9 100644 --- a/system/dev/dn-pre7780/sops/sops-conf.nix +++ b/system/dev/dn-pre7780/sops/sops-conf.nix @@ -7,17 +7,6 @@ in secrets = { "lam/env" = { }; - "netbird/oidc/secret" = mkIf config.services.netbird.server.dashboard.enable { - owner = "netbird"; - }; - - "netbird/coturn/password" = mkIf config.services.netbird.server.coturn.enable { - owner = "turnserver"; - key = "netbird/oidc/secret"; - }; - "netbird/dataStoreKey" = mkIf config.services.netbird.server.management.enable { - owner = "netbird"; - }; "acme/pdns" = mkIf (hasAttr "acme" config.users.users) { owner = "acme"; }; diff --git a/system/dev/dn-server/common/backup.nix b/system/dev/dn-server/common/backup.nix index 2696ba9..344f7ef 100644 --- a/system/dev/dn-server/common/backup.nix +++ b/system/dev/dn-server/common/backup.nix @@ -67,6 +67,7 @@ in "roundcube" "grafana" "crowdsec" + "netbird" ]; location = "${backupPath}/postgresql"; }; diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 0d2940c..0040b7b 100644 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -17,11 +17,9 @@ in "maps.rspamd.com" "cdn-hub.crowdsec.net" "api.crowdsec.net" - "mx1.daccc.info" "mx1.dnywe.com" ]; allowedIPs = [ - "10.0.0.0/24" "127.0.0.1" # CrowdSec "52.51.161.146" diff --git a/system/dev/dn-server/network/default.nix b/system/dev/dn-server/network/default.nix index d94f68f..b1161e8 100644 --- a/system/dev/dn-server/network/default.nix +++ b/system/dev/dn-server/network/default.nix @@ -3,5 +3,6 @@ ./nginx.nix ./services.nix ./step-ca.nix + ./wireguard.nix ]; } diff --git a/system/dev/dn-server/network/nginx.nix b/system/dev/dn-server/network/nginx.nix index 09fcb41..733924b 100644 --- a/system/dev/dn-server/network/nginx.nix +++ b/system/dev/dn-server/network/nginx.nix @@ -64,14 +64,6 @@ locations."/".proxyPass = "http://10.0.0.130:8001/phone.html"; }; - - "ca.net.dn" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "https://10.0.0.1:8443/"; - }; - }; }; }; } diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index 948f3af..3a69a42 100644 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -6,8 +6,9 @@ }: let inherit (config.systemConf) username security; - inherit (lib) concatStringsSep; + inherit (lib) concatStringsSep mkForce optionalString; inherit (helper.nftables) mkElementsStatement; + netbirdCfg = config.services.netbird; ethInterface = "enp0s31f6"; sshPorts = [ 30072 ]; @@ -23,19 +24,16 @@ let restrict = "10.0.0.128/25"; }; - kube = { - ip = "10.10.0.1/24"; - range = "10.10.0.0/24"; + infra = { + ip = "10.10.0.2/32"; interface = "wg1"; - port = 51821; - masterIP = "10.10.0.1"; - masterHostname = "api-kube.${config.networking.domain}"; - masterAPIServerPort = 6443; + range = "10.10.0.0/24"; }; allowedSSHIPs = concatStringsSep ", " [ "122.117.215.55" "192.168.100.1/24" + "100.64.0.0/16" personal.range ]; @@ -168,6 +166,13 @@ let ]; in { + systemConf.security.allowedIPs = [ + "10.10.0.0/24" + "10.0.0.0/24" + ]; + + services.resolved.enable = mkForce false; + networking = { nat = { enable = true; @@ -175,7 +180,6 @@ in externalInterface = ethInterface; internalInterfaces = [ personal.interface - kube.interface ]; }; @@ -183,15 +187,12 @@ in allowedUDPPorts = [ 53 personal.port - kube.port 25565 - kube.masterAPIServerPort 5359 ]; allowedTCPPorts = sshPorts ++ [ 53 25565 - kube.masterAPIServerPort 5359 ]; }; @@ -235,9 +236,10 @@ in tcp dport { ${sshPortsString} } jump ssh-filter - iifname { ${ethInterface}, ${personal.interface}, ${kube.interface} } udp dport { ${toString personal.port}, ${toString kube.port} } accept - iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet - iifname ${kube.interface} ip saddr ${kube.ip} jump kube-filter + iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port} } accept + iifname ${infra.interface} ip saddr ${infra.range} accept + iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet + iifname ${netbirdCfg.clients.wt0.interface} accept drop } @@ -251,6 +253,11 @@ in udp dport 53 accept tcp dport 53 accept + # Allow UDP hole punching + ${optionalString ( + netbirdCfg.clients ? wt0 + ) ''udp sport ${toString netbirdCfg.clients.wt0.port} accept''} + meta skuid ${toString config.users.users.systemd-timesync.uid} accept ct state vmap { invalid : drop, established : accept, related : accept } @@ -273,16 +280,11 @@ in meta l4proto { icmp, ipv6-icmp } accept iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet - iifname ${kube.interface} ip saddr ${kube.ip} jump kube-filter + iifname ${infra.interface} ip saddr ${infra.ip} accept counter } - chain kube-filter { - ip saddr ${kube.ip} ip daddr ${kube.ip} accept - counter drop - } - chain wg-subnet { ip saddr ${personal.full} accept ip saddr ${personal.restrict} ip daddr ${personal.range} accept @@ -309,17 +311,8 @@ in inherit (r) publicKey allowedIPs; }) (fullRoute ++ meshRoute); }; - - ${kube.interface} = { - ips = [ kube.ip ]; - listenPort = kube.port; - privateKeyFile = config.sops.secrets."wireguard/privateKey".path; - peers = [ ]; - }; }; }; - - extraHosts = "${kube.masterIP} ${kube.masterHostname}"; }; services = { @@ -349,7 +342,7 @@ in openssh = { enable = true; - ports = sshPorts; + ports = mkForce sshPorts; settings = { PasswordAuthentication = false; UseDns = false; @@ -385,9 +378,7 @@ in pdns-recursor = { enable = true; forwardZones = { - "${config.networking.domain}." = "127.0.0.1:5359"; - "pre7780.dn." = "127.0.0.1:5359"; - "test.local." = "127.0.0.1:5359"; + "dn." = "127.0.0.1:5359"; }; forwardZonesRecurse = { # ==== Rspamd DNS ==== # @@ -514,7 +505,7 @@ in "uptime.${config.networking.domain}" = { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:3001"; + locations."/".proxyPass = "http://127.0.0.1:3001"; }; }; diff --git a/system/dev/dn-server/network/step-ca.nix b/system/dev/dn-server/network/step-ca.nix index 8cdedee..8ac7ced 100644 --- a/system/dev/dn-server/network/step-ca.nix +++ b/system/dev/dn-server/network/step-ca.nix @@ -80,4 +80,12 @@ Bq-3sY8n13Dv0E6yx2hVIAlzLj3aE29LC4A2j81vW5MtpaM27lMpg.cwlqZ-8l1iZNeeS9.idRpRJ9zB openFirewall = true; intermediatePasswordFile = config.sops.secrets."step_ca/password".path; }; + + services.nginx.virtualHosts."ca.net.dn" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "https://10.0.0.1:8443/"; + }; + }; } diff --git a/system/dev/dn-server/network/wireguard.nix b/system/dev/dn-server/network/wireguard.nix new file mode 100644 index 0000000..85877ba --- /dev/null +++ b/system/dev/dn-server/network/wireguard.nix @@ -0,0 +1,5 @@ +{ config, ... }: +{ + sops.secrets."wireguard/wg1.conf" = { }; + networking.wg-quick.interfaces.wg1.configFile = config.sops.secrets."wireguard/wg1.conf".path; +} diff --git a/system/dev/dn-server/options/network.nix b/system/dev/dn-server/options/network.nix index b77f00c..646ae3e 100644 --- a/system/dev/dn-server/options/network.nix +++ b/system/dev/dn-server/options/network.nix @@ -5,7 +5,12 @@ ... }: let - inherit (lib) mkOption types concatStringsSep; + inherit (lib) + mkOption + types + concatStringsSep + unique + ; cfg = config.systemConf.security; in { @@ -14,6 +19,7 @@ in type = with types; listOf str; description = "Domains that allowed to query dns."; default = [ ]; + apply = v: unique v; }; rules = { setName = mkOption { diff --git a/system/dev/dn-server/security/fail2ban.nix b/system/dev/dn-server/security/fail2ban.nix index cdb8340..ba578f1 100644 --- a/system/dev/dn-server/security/fail2ban.nix +++ b/system/dev/dn-server/security/fail2ban.nix @@ -4,6 +4,8 @@ extraAllowList = [ "10.0.0.0/24" "122.117.215.55" + # Netbird + "100.104.0.0/16" ]; }) ]; diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix index 325cedd..d427c8c 100644 --- a/system/dev/dn-server/services/default.nix +++ b/system/dev/dn-server/services/default.nix @@ -3,11 +3,15 @@ imports = [ ./actual-budget.nix ./bitwarden.nix - # ./docmost.nix + ./minecraft-server.nix ./mail-server.nix ./nextcloud.nix ./paperless-ngx.nix ./metrics.nix + ./forgejo.nix + ./keycloak.nix + ./netbird.nix + ./hideTTY.nix # (import ../../../modules/opencloud.nix { # fqdn = "opencloud.net.dn"; # envFile = config.sops.secrets."opencloud".path; diff --git a/system/dev/dn-server/services/forgejo.nix b/system/dev/dn-server/services/forgejo.nix new file mode 100644 index 0000000..902307b --- /dev/null +++ b/system/dev/dn-server/services/forgejo.nix @@ -0,0 +1,72 @@ +{ lib, config, ... }: +let + cfg = config.services.forgejo; + srv = cfg.settings.server; + domain = "git.dnywe.com"; + mailServer = "mx1.net.dn"; + + forgejoOwner = { + owner = "forgejo"; + mode = "400"; + }; +in +{ + sops.secrets = { + "forgejo/mailer/password" = forgejoOwner; + "forgejo/server/secretKey" = forgejoOwner; + }; + + networking.firewall.allowedTCPPorts = [ srv.HTTP_PORT ]; + + services.postgresqlBackup.databases = [ cfg.database.name ]; + + systemd.services.forgejo.preStart = + let + adminCmd = "${lib.getExe cfg.package} admin user"; + pwd = config.sops.secrets."forgejo/mailer/password"; + user = "forgejo"; + in + '' + ${adminCmd} create --admin --email "noreply@${srv.DOMAIN}" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true + ''; + + services.openssh.settings.AllowUsers = [ cfg.user ]; + + services.forgejo = { + enable = true; + database.type = "postgres"; + lfs.enable = true; + + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${srv.DOMAIN}"; + HTTP_PORT = 32006; + SSH_PORT = lib.head config.services.openssh.ports; + + # ==== OpenID Connect ==== # + ENABLE_OPENID_SIGNIN = true; + WHITELISTED_URIS = "https://${config.services.keycloak.settings.hostname}/*"; + }; + + services.DISABLE_REGISTRATION = true; + actions = { + ENABLE = true; + DEFAULT_ACTION_URL = "github"; + }; + + mailer = { + ENABLED = true; + SMTP_ADDR = mailServer; + SMTP_PORT = 587; + FROM = "noreply@${srv.DOMAIN}"; + USER = "noreply@${srv.DOMAIN}"; + }; + }; + + secrets = { + mailer.PASSWD = config.sops.secrets."forgejo/mailer/password".path; + server.SECRET_KEY = config.sops.secrets."forgejo/server/secretKey".path; + }; + }; +} diff --git a/system/dev/dn-server/services/hideTTY.nix b/system/dev/dn-server/services/hideTTY.nix new file mode 100644 index 0000000..4a0da22 --- /dev/null +++ b/system/dev/dn-server/services/hideTTY.nix @@ -0,0 +1,13 @@ +{ ... }: +{ + systemd.services.hideTTY = { + description = "Auto turn off monitor "; + wantedBy = [ "multi-user.target" ]; + script = '' + echo 1 > /sys/class/graphics/fb0/blank + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; +} diff --git a/system/dev/dn-server/services/keycloak.nix b/system/dev/dn-server/services/keycloak.nix new file mode 100644 index 0000000..210b692 --- /dev/null +++ b/system/dev/dn-server/services/keycloak.nix @@ -0,0 +1,17 @@ +# NOTE: This is keycloak partial overwrite for `mail-server.nix`. +{ lib, config, ... }: +let + inherit (lib) mkForce; + domain = "dnywe.com"; + cfg = config.services.keycloak; +in +{ + services.keycloak = { + settings = { + hostname = mkForce "login.${domain}"; + }; + }; + + # Disable nginx reverse proxy + services.nginx.virtualHosts."${cfg.settings.hostname}" = mkForce { }; +} diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index 0e1ab7f..c390a9a 100644 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -1,9 +1,25 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: let inherit (lib) mkForce; inherit (config.systemConf) username; in { + systemConf.security.allowedDomains = [ + "registry-1.docker.io" + "auth.docker.io" + "login.docker.com" + "auth.docker.com" + "production.cloudflare.docker.com" + "docker-images-prod.6aa30f8b08e16409b46e0173d6de2f56.r2.cloudflarestorage" + "api.docker.com" + "cdn.segment.com" + "api.segment.io" + ]; + mail-server = let domain = "net.dn"; @@ -81,29 +97,16 @@ in }; }; - services.openldap.settings.attrs.olcLogLevel = mkForce "config"; - - services.postfix.settings.main = { - # internal_mail_filter_classes = [ "bounce" ]; + virtualisation.oci-containers.containers.phpLDAPadmin = { + environment = { + LDAP_ALLOW_GUEST = "true"; + LOG_LEVEL = "debug"; + LDAP_LOGGING = "true"; + }; }; - services.rspamd = { - locals."logging.conf".text = '' - level = "debug"; - ''; - locals."settings.conf".text = '' - bounce { - id = "bounce"; - priority = high; - ip = "127.0.0.1"; - selector = 'smtp_from.regexp("/^$/").last'; - - apply { - BOUNCE = -25.0; - } - - symbols [ "BOUNCE" ] - } - ''; + services.openldap.settings = { + attrs.olcLogLevel = mkForce "config"; + # children."cn=schema".includes = extraSchemas; }; } diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index 3b019ee..c6b4208 100644 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -63,7 +63,7 @@ in job_name = "powerdns_recursor"; static_configs = [ { - targets = [ "localhost:${toString config.services.pdns-recursor.api.port}" ]; + targets = [ "127.0.0.1:${toString config.services.pdns-recursor.api.port}" ]; labels = { machine = "${hostName}"; }; @@ -87,7 +87,7 @@ in static_configs = [ { targets = [ - "localhost:${toString config.services.crowdsec.settings.general.prometheus.listen_port}" + "127.0.0.1:${toString config.services.crowdsec.settings.general.prometheus.listen_port}" ]; labels = { machine = "${hostName}"; diff --git a/system/dev/dn-server/services/minecraft-server.nix b/system/dev/dn-server/services/minecraft-server.nix new file mode 100644 index 0000000..98e2905 --- /dev/null +++ b/system/dev/dn-server/services/minecraft-server.nix @@ -0,0 +1,40 @@ +{ pkgs, ... }: +let + modpack = pkgs.fetchPackwizModpack { + url = "https://git.dnywe.com/dachxy/shader-retired-modpack/raw/branch/main/pack.toml"; + packHash = "sha256-NPMS8j5NXbtbsso8R4s4lhx5L7rQJdek62G2Im3JdmM="; + }; +in +{ + systemConf.security.allowedDomains = [ + "api.mojang.com" + "textures.minecraft.net" + "session.minecraft.net" + "login.microsoftonline.com" + ]; + + services.minecraft-servers = { + enable = true; + eula = true; + }; + + services.minecraft-servers.servers.shader-retired = { + enable = true; + autoStart = true; + openFirewall = true; + package = pkgs.fabric-server; + symlinks = { + "mods" = "${modpack}/mods"; + }; + serverProperties = { + server-port = 25565; + difficulty = 3; + gamemode = "survival"; + max-player = 20; + modt = "Bro!!!!"; + accepts-flight = true; + accepts-transfers = true; + hardcore = false; + }; + }; +} diff --git a/system/dev/dn-server/services/netbird.nix b/system/dev/dn-server/services/netbird.nix new file mode 100644 index 0000000..9eac81c --- /dev/null +++ b/system/dev/dn-server/services/netbird.nix @@ -0,0 +1,119 @@ +{ config, lib, ... }: +let + inherit (lib) mkForce; + domain = "dnywe.com"; + + # Virtual Domain + vDomain = "vnet.dn"; + proxyIP = "10.10.0.1"; + + cfg = config.services.netbird; + srv = cfg.server; + + # TODO: Change realm to master + realm = "netbird"; +in +{ + sops.secrets."netbird/wt0-setupKey" = { + owner = cfg.clients.wt0.user.name; + mode = "400"; + }; + + systemConf.security.allowedDomains = [ + "login.dnywe.com" + "pkgs.netbird.io" + "${srv.domain}" + ]; + + imports = [ + (import ../../../modules/netbird-server.nix { + inherit realm vDomain; + domain = "netbird.${domain}"; + oidcURL = "https://${config.services.keycloak.settings.hostname}"; + enableNginx = false; + oidcType = "keycloak"; + }) + ]; + + services.netbird = { + ui.enable = mkForce false; + + clients.wt0 = { + port = 51830; + openFirewall = true; + autoStart = true; + environment = { + NB_MANAGEMENT_URL = "https://${srv.domain}"; + }; + login = { + enable = true; + setupKeyFile = config.sops.secrets."netbird/wt0-setupKey".path; + }; + }; + + server.management = { + disableSingleAccountMode = false; + singleAccountModeDomain = vDomain; + metricsPort = 32009; + turnDomain = mkForce "coturn.${domain}"; + extraOptions = [ "--user-delete-from-idp" ]; + }; + + server.coturn.enable = mkForce false; + }; + + networking.firewall.allowedTCPPorts = [ 32011 ]; + + # ==== Proxy By Caddy & CDN ==== # + services.nginx.appendHttpConfig = '' + set_real_ip_from ${proxyIP}; + real_ip_header X-Forwarded-For; + real_ip_recursive on; + ''; + + services.nginx.virtualHosts."netbird.local" = { + locations = { + "/" = { + root = cfg.server.dashboard.finalDrv; + tryFiles = "$uri $uri.html $uri/ =404"; + }; + + "/404.html".extraConfig = '' + internal; + ''; + + "/api" = { + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + ''; + proxyPass = "http://127.0.0.1:${builtins.toString srv.management.port}"; + }; + + "/management.ManagementService/".extraConfig = '' + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://127.0.0.1:${builtins.toString srv.management.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + + "/signalexchange.SignalExchange/".extraConfig = '' + client_body_timeout 1d; + + grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + grpc_pass grpc://127.0.0.1:${builtins.toString srv.signal.port}; + grpc_read_timeout 1d; + grpc_send_timeout 1d; + grpc_socket_keepalive on; + ''; + }; + + extraConfig = '' + error_page 404 /404.html; + ''; + }; +} diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index eee0e25..bf61e1c 100644 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -1,19 +1,156 @@ -{ config, ... }: { + config, + pkgs, + lib, + ... +}: +let + inherit (lib) mkIf mkDefault mkAfter; + inherit (config.sops) secrets; + spreedCfg = config.services.nextcloud-spreed-signaling; + nextcloudCfg = config.services.nextcloud; + turnDomain = "coturn.dnywe.com"; + domain = "net.dn"; +in +{ + sops.secrets = { + "nextcloud/smtpPassword" = { + owner = "nextcloud"; + group = "nextcloud"; + }; + "nextcloud/adminPassword" = { }; + "nextcloud/whiteboard" = { + owner = "nextcloud"; + }; + "nextcloud/spreed/turnPassword" = { + key = "netbird/coturn/password"; + owner = spreedCfg.user; + }; + "nextcloud/spreed/turnSecret" = { + key = "netbird/oidc/secret"; + owner = spreedCfg.user; + }; + "nextcloud/spreed/hashkey" = { + owner = spreedCfg.user; + }; + "nextcloud/spreed/blockkey" = { + owner = spreedCfg.user; + }; + "nextcloud/spreed/internalsecret" = { + owner = spreedCfg.user; + }; + "nextcloud/spreed/backendsecret" = { + owner = spreedCfg.user; + }; + }; + imports = [ (import ../../../modules/nextcloud.nix { - hostname = "nextcloud.net.dn"; - adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; + hostname = "nextcloud.${domain}"; + adminpassFile = secrets."nextcloud/adminPassword".path; trusted-proxies = [ "10.0.0.0/24" ]; whiteboardSecrets = [ - config.sops.secrets."nextcloud/whiteboard".path + secrets."nextcloud/whiteboard".path ]; }) ]; services.nextcloud = { extraApps = { - inherit (config.services.nextcloud.package.packages.apps) music; + inherit (config.services.nextcloud.package.packages.apps) music spreed; + + user_migration = pkgs.fetchNextcloudApp { + url = "https://github.com/nextcloud-releases/user_migration/releases/download/v9.0.0/user_migration-v9.0.0.tar.gz"; + sha256 = "sha256-WiEEAazuj8kh5o+URs22uoNWANXcXQYLTaoABMU6rFo="; + license = "agpl3Plus"; + }; + + cospend = pkgs.fetchNextcloudApp { + url = "https://github.com/julien-nc/cospend-nc/releases/download/v3.2.0/cospend-3.2.0.tar.gz"; + sha256 = "sha256-mclcZDNmvpYX/2q7azyiTLSCiTYvk7ILeqtb/8+0ADQ="; + license = "agpl3Plus"; + }; + }; + appstoreEnable = false; + + settings = { + mail_smtpauth = true; + mail_smtphost = "mx1.${domain}"; + mail_smtpname = "nextcloud"; + mail_smtpmode = "smtp"; + mail_smtpauthtype = "LOGIN"; + mail_domain = "net.dn"; + mail_smtpport = 465; + mail_smtpsecure = "ssl"; + mail_from_address = "nextcloud"; + }; + + secrets = { + mail_smtppassword = secrets."nextcloud/smtpPassword".path; }; }; + + # ==== Nextcloud Talk ==== # + services.nextcloud-spreed-signaling = { + enable = true; + configureNginx = true; + hostName = "talk.${domain}"; + backends.default = { + urls = [ "https://${nextcloudCfg.hostName}" ]; + secretFile = secrets."nextcloud/spreed/backendsecret".path; + }; + + settings = { + http.listen = "127.0.0.1:31008"; + turn = { + servers = [ "turn:${turnDomain}:3478?transport=udp" ]; + secretFile = secrets."nextcloud/spreed/turnPassword".path; + apikeyFile = secrets."nextcloud/spreed/turnSecret".path; + }; + clients.internalsecretFile = secrets."nextcloud/spreed/internalsecret".path; + sessions = { + hashkeyFile = secrets."nextcloud/spreed/hashkey".path; + blockkeyFile = secrets."nextcloud/spreed/blockkey".path; + }; + nats.url = [ "nats://127.0.0.1:4222" ]; + }; + }; + + services.nats = mkIf nextcloudCfg.enable { + enable = true; + settings = { + host = "127.0.0.1"; + }; + }; + + services.nginx.virtualHosts.${spreedCfg.hostName} = { + enableACME = true; + forceSSL = true; + }; + + # ==== Secruity ==== # + services.fail2ban = { + jails = { + nextcloud.settings = { + backend = "systemd"; + journalmatch = "SYSLOG_IDENTIFIER=Nextcloud"; + enabled = true; + port = 443; + protocol = "tcp"; + filter = "nextcloud"; + maxretry = 3; + bantime = 86400; + findtime = 43200; + }; + }; + }; + + environment.etc = { + "fail2ban/filter.d/nextcloud.local".text = mkDefault (mkAfter '' + [Definition] + failregex = ^.*"remoteAddr":"(?P)".*"message":"Login failed: + ^.*"remoteAddr":"(?P)".*"message":"Two-factor challenge failed: + ^.*"remoteAddr":"(?P)".*"message":"Trusted domain error + ''); + }; } diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index 195a3f8..f028377 100644 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -1,17 +1,31 @@ wireguard: privateKey: ENC[AES256_GCM,data:TzZLi58XfkhHAN0LcWNSlGJ7KSspCVaCKvLl1Y3MhxEKyERStCR8MEJ629U=,iv:XG107Tnt/Md56q9vK/Eh5uyzvFT+JrcD0UAUdqky+EA=,tag:dHgl7IwqEWC+MgHPH9wyIw==,type:str] + wg1.conf: ENC[AES256_GCM,data:Wq8PgaNaEZNYpxqC2sO9CY+Cc+Qsk+sWpQ43FkjXqY5rSYo7rSjzN3sde44ba2IY85Dwyo+TKNp+mmLnjDM3Bgxb3h/sLLEJRwVGS1lU7GQKuT2ZL3MupnKVYXyK/2VmP+Umfw75AHYeMM809HRr7UroDEFQEll3DVqNqWSJRAll2hR14lnxUQpZIewMWTerEE0b+SEADXhPCOsgTUXFxJMtXTfsifGjf0HO2sLrW7EQvMxuiTvSCwosUilc/HgaA/+vNm+UkZ3pSwybYm9fIFvEu0IEqHuLyvy41J70DdxFdS9mNAcYcpeOFrTR4BE6NQ==,iv:zgyIqdH9OWEXPNkHs94Tcet16zvbxV7rbkwzVybkQBc=,tag:GJgAAGyrAhhaxVmcsT/reA==,type:str] +netbird: + oidc: + secret: ENC[AES256_GCM,data:zZ8zuDqUdZANk1VV44kfp/Y4eXxJDwead9440QJma4Q=,iv:d6/RSEtuhqL+RQDuOQMJhyC9U9ikcasEz0DIdtaBtKg=,tag:8be6FBymbIN+To0dFz2ncA==,type:str] + dataStoreKey: ENC[AES256_GCM,data:FGyqII1DZMtImMtWiUx0e1I4J+yMzrWKwhBB6kjmRHqlLz8Oy+C/zCM5SQ8=,iv:AXD8u9vcha8CSRnMPabtdXDQoeqpqKIbWGwfcgIc8Dw=,tag:3nSIt0V+G6NJQ7JSslNOWg==,type:str] + coturn: + password: ENC[AES256_GCM,data:AMWBkWLcj1EFfufl8pALpVOG0PE=,iv:sngIedZE4X8clhGIsQyiGKbdsheRbEqeU57Emz2DWJM=,tag:daRLPNrO5fq84rtieYuYYw==,type:str] + wt0-setupKey: ENC[AES256_GCM,data:2KKqmcdQhkbu4Qo8rVWLwT7NdpF7iWneDGazHQlM++LdGQNr,iv:Dfryc5Ak8ueuHCT+8SxliEJqUtn695/N3iE69a5AoCQ=,tag:wCKfCOcTFZWbZs99FhF2EQ==,type:str] nextcloud: adminPassword: ENC[AES256_GCM,data:ev4Ua8JX0l0KK50SGm6xCw==,iv:OosiF0g4l1mrgndbwUOvO2YUqxWVk1hvAZY0rHU9GPE=,tag:rIr+4x/p8u94e2Ip03iX0Q==,type:str] whiteboard: ENC[AES256_GCM,data:EFrakjKTOskWBrobg/F12bdm/sM/cU4u6bUDw8TVqzmV95fNqn6n4MR+gTyKj6CG0+YLbZDHAmfsApWVH/VhDNTw3s1hkSu93Yq85ov7QEk=,iv:fYTLDOMmW+qoZVgC7fSPo+xFaytJN1gIaEcRgle+7gY=,tag:ETmXxGPsUafV3pR9cMLMXA==,type:str] + smtpPassword: ENC[AES256_GCM,data:sira5mEA1U3aUJVAdGt4wmQi,iv:asyfTixRkEU2LqaFYgf9PdpIwLzwdrRagmVNiiSqukw=,tag:LVL1uWKg+ud3AcE1ZtksTw==,type:str] + spreed: + hashkey: ENC[AES256_GCM,data:6HeTBV5sqwREumVNklCkLuqHMjRCoQ3BGddqFoZW5IWFLyMgHlgacZVq8iQ=,iv:AIeEmYRmCbipMEdATX0pocglhwP+vlrT1JfOz07peDg=,tag:VYgrLbDyyqw/4T5YnJUFlg==,type:str] + blockkey: ENC[AES256_GCM,data:eHnOyQBqjw3DPd1Vb9M9AVI/2yFgGh09sDIpq7rBrvE=,iv:m6jhSNZuFEBeLGaOS85GdT4bGAorhT0S0keRDzwEMg8=,tag:/Ck+vPXqmKkdpAdF1IiN/g==,type:str] + internalsecret: ENC[AES256_GCM,data:rOIMX0Me5V2xhnBSnNVg4F9nInYCGAXSp7Fm01uImlPSoXGWi8HBx2LRkN8=,iv:wyPIhSpDEZYf3apmQr3VsoO6MDjU3lvSjHeTZNEBMLM=,tag:NySofDB+7t8KXwG0BvYd8w==,type:str] + backendsecret: ENC[AES256_GCM,data:pV5yw755RkAwHBdmfeP37/SobFZqJouWyIiRJ+Y2mk0iiVdW04vhYVsyjcI=,iv:NhkewgnyE2Dw8mQMMSq6AWo6IOWu8BlyPZvZAszyZuQ=,tag:BlZO15qZWViV8pCWIgZHZQ==,type:str] step_ca: password: ENC[AES256_GCM,data:3NtUAl344gHiXLlMl88X17Vsm/4OKFM0W8bntzbXC0U=,iv:q9cWW8xTxYQnRYohBxnPIsbVSpvkZYVpYLRVeZgmsRM=,tag:ibumK7ebPKNO/CXAS0eeRA==,type:str] vaultwarden: ENC[AES256_GCM,data:5gn2+IYznojrYbmzCJx17qAlBvJBv3CnMEZensyep9JpKEHVz29teOYDh5Zetv0mSrgmrUxCTdNsm0OZCX9EswhslNl5ay6zkhoL+64JIyUcNFWcvu7oD2w1qynWgz41GS2yzuw91LntN4mcpODKhHNN8XFCU9d71Z9zTSIdWn2PoG8wME2hVBJ2YxLpqzDyJYlkWYf4VYUnn9vXZatZqQd0n7bjx3dgX3ogFG/UNfMAs2oLCfuYLkxBqpR2cGNktIxWctCEAWwG68Pfk7X66KMi5w==,iv:JcExp8YkGwV2nMbCK+n0KSL3+SryJZ0iKtVcU/Q+Cgs=,tag:Ut6ahXVAuOKlcwk6DE56Ig==,type:str] ldap: password: ENC[AES256_GCM,data:gz5WBopSffGyvJxKDPekPQ==,iv:bX7N9/oNMhtE/KbPah2ge4s87P2VsxHGoFkOyl83dxs=,tag:YoTe6NPAJgp/0nvhHC9Y5A==,type:str] - env: ENC[AES256_GCM,data:XmIz9JEswvK1jVmTsTgdDZJXeK7j8E/b6nF+uuZpvpoe5/IogjMrzcWi3EB1i44z1Dxgoim8QM8ZtczY,iv:1jK/J2qfKODrbrNpSHl110jPvbNLl0zI//laowerJOc=,tag:tkBVxDC8Ebn3Aac+LATQFA==,type:str] + env: ENC[AES256_GCM,data:68EvTHeBqtCVfde5oO+Wzny+l/YIMWQmbcNQ0Wl59EjMrSlJM0rmFm2lMJpxKzCN2cFs0N2z6zG1/eQ9t/SxxyVBrNA6ECnCZrerIo2YGlaT30tc1rffpd8TchMH1VKP5qHnbLUqORMx5z0LR4U49l2HVcHgSCjt/1f127oMi411vIU=,iv:+m1F0CBaoJGv6Z1u+h6rbsXGPUhxgHouTalj13ccJiY=,tag:I/hK65yPaIcgHEZVaXJHBA==,type:str] oauth: password: ENC[AES256_GCM,data:lzS/OtqHb/24IJnOKxMBQA==,iv:BI1n7Jjklye6WM2ss7jpaGgokrJpAG2Ipil7VrY30XM=,tag:i3OByJ6LDwvAsS5CTrEQig==,type:str] - adminEnv: ENC[AES256_GCM,data:tF7ECUxG5QeNIvx3IFpTtY7NnSXROGHi48jGXZNgJVX5cABNIYBUqYW9/p2KbA==,iv:7oNmOBEs0b9mB6Ay7IULH2AumQOdIyQ+hDHm5kV6lTY=,tag:jkfA6D8CKg1jC21dS7Sumw==,type:str] + adminEnv: ENC[AES256_GCM,data:qUU6jv7zDNd0pJQdGyyolWKhN+iq5vUWG8FgZlokOgx9cH89XVS4LBQofpHPz2Y1Th0kvRducQcZqFc=,iv:wSI3uOaXK12zwzyXAI7sQKy9RzVpNHtFswHa8p2+kio=,tag:jqAD0E/Vv1kpwAyghze+mw==,type:str] powerdns-admin: secret: ENC[AES256_GCM,data:M5hD8B7kikseQJZCWUIlc7OJcQn0nwnx0QOSQe+Mf8TaztvyFfSfxv0vowNsx0MyGef4teuK+DW9/UTbRFEHeg==,iv:xaSgzhqMU9+ud1xfXLVkg3v2xcmIo35BOhml5VfHKBI=,tag:L1v95+HsIqNjVA1LGNbEJQ==,type:str] salt: ENC[AES256_GCM,data:rs4tZrVF4kb6/97wjQA2Npb2QeS6vjN3L1zRgmM=,iv:c0VTEtnahMSfs/PqeFQxYpDstLxPKaW1RyXMc6SQJu8=,tag:dXHUO2KJvP5Sz22Gv6ws/w==,type:str] @@ -31,7 +45,7 @@ prometheus: nginxAuth: ENC[AES256_GCM,data:+xcdBPwrpAXIXPFJCrmSsDacWlKzZbE0Mtt97ixxYcDMJT4PdATkboaECDJoyhqUc9ThwOCJ7t8/IHHNOh5r7hkk9aWzh8FY,iv:Z/IiEi6oZm1Hv3m8c522GK6eYFf0syFn3A0o4S58DUI=,tag:ASZqiiBOitfFGdYFP+i0jQ==,type:str] paperless: adminPassword: ENC[AES256_GCM,data:6SFObuK96Vc+PBUv/wRNCA==,iv:Mn6GJWzkd72xsvqlG0bD/3pp9YICqov356ZmlTda2eA=,tag:P3BJ1I+3XFD3HVkJccKyTg==,type:str] - envFile: ENC[AES256_GCM,data:vkWkYMG9Wzlddrht485x9COh4gtheDgVEZJJdNpKiOqMReK8XZn1iDIYj6RQz6rfuXincUne4EkiLW3JkhFtyXcDfOJMB/Xxn/zNkxTU2xx1RFVNY+wXwcqhuDCd2OdFlp1xQpa1/jd0uktgfixE1yFoBA2JBUxQYdR+ISakeUw1mJN5g9neNJK/+hpS0s8Z/4Tup0Ax2EGKcO2Z2W+7gc8jji45a4kiypx/v8/Jq2xMg13Fdd6yBd1jYu3rCur5V+mI8JPSN4ayhobw1tycokKlMFwI+937POYvyOh5g67piEuM7czaYpn/wROWIIO6mKnIURAuySFkpW1kUL+a6M3bFh6Ew/G5Bn5snl1D+/3GCWq0GqYCzrhwKUlKUCNZJPYZ3V1DLy/4OgORyrzB7PUQul0VZO5llD6BRJ0yWTJJbnHan5X4nhqazdT5PCJZBNfILGI22KYcMsgqtrBD+i7NZSFq9hRhqQKvvYD4xgEdYLIHOOPu9rEHX9Nk2LLFcvsXlIxDx9OMJCxacYoqV0/tZtCP4dA=,iv:/rSkQ3a9q4kLfwznGnEl9nD2poUUMeS0oeLRyhQYE6o=,tag:HHY1NAXfoinfGqWmUTMmXA==,type:str] + envFile: ENC[AES256_GCM,data:7eA3OhoVtwdmpzKYd8vEtxxzwyWi3XClf3KqTTFZe5X696xvHUv8E5uvXuJm8lQ7RVas97qDSxqHXURNOE7SXQqyDblhPqYPZceqS8gfeXsQOkltrOZpqP1D8DFj93MnDVbsUBLBeRng6xz1XZ7zPn3PUfSOgFDjDyH6GU/XNsnIqWLxYyKqhEAW24KF8OZaSWwOgD1cV5EZR+GY9dTTBdAEwZaLzvUEXiKLRXEGBHAck6mGjuapyuA/DXjt1BNX8AS6AJeTJquK3flYwv3FFDFE1t3WrL2miOm3JtqSoqrbO/eOvJ3DD5vc7xRgNT673BlSBX6BEufXjS3kM+cBhYPEFsMx82dniojPpqCG8osz40YYDqo9Ao3mEqJDnPmyVi2XMLsHS/+XkGLbZPzGzlL14fIx1qIsS/22YsjHkNXLA6htwQbs5CSE8MEgHkVJHzSKo4W7nKB7OKuzdZB9PNlt1zmQozoGhgkAOKZo9kfs9FejTKiHS/I+v9DBuU4cts0BEOjCUViRjD6uVYg939HxAZQs9JM=,iv:EtcZFfI/zBDXyW6/LMoGahcjMQoAVKx9VTF9I9y6J3w=,tag:LdkJJzz/WBxQCVoLd0E1ug==,type:str] atticd: secret: ENC[AES256_GCM,data:HAMmdCCm5HVK35T7gkFbsVKXMENUqZxE23FvyYqii6Bs0nzo4mNJKcAkugYdKU4JgO1R3goMMNJsCaHDbsQ/FUM73MDbUyCS88rV5l+arsoDRBPlVfnfeMa+0CRxkoZpcpVpRJ/m8e6pIc+hqnn9DsxvB3uXcy77EpE2mAzRBTTzb9GKJnaNUubrHDi05BDAMRcyqFsgBl5SeQGA/HvhiqdUevz79kVQxQchBjYJvf+fRP8oub/mVJwbxJLBi/mStZtARp8/Xwt7SMlGGvYzL6czW1IowHd1GG/EQ+HplnBIHro1BVRDqyzP2aNq3ipW4KQ1yE3LUBSRrGUk7jR+lIhgwj0tepkJmrp3P73rEndjP3cqIB3G0e/L4CHH7hsbhZj/Setlg8Cb8tgD5Yj4/EUZGDr2Bfj8sqIDLTSK7aFFTvDeNUqrUji1J2I1HZSbXlGXWircgOjX84VU5hpUhVoQSYGBskBrzt3jkMh3FQUTLU4HOMInPvv+Ow9uICok3mOhF33Zg8h7lW8K4o633adDzoCrhVyOX75B3/cUGNhnSxJUql/NJe23dv1oOV1XsaZEVw/O2cWG/1P0GIAY98DnzMFpU0hbEjfI1sKTPxJDBNl0OSiiErix3Gls8EsxwR3aCQ/rIGreETvuAwLkeyaVzmeh5vv62OkhvRT2gtJM9/CsAp2HisCTcnV4bWsQ4dUCXOh64ZCaHYk2eF5TcSqQ1kUSm8RSpTcdsSUxn8grbUCzPm37xodX1joqW/dv6WACZmGkL62/Bv1cdduFeX5Z+yagyK3s8UHynNca945pmVEiYdAq9e9mAMRKeQPxNhc1Ri56wcSdmaCt8tvk1NOYpdn1bQMkK8HfzCD41bjy9oQ75Hsscaq6y3ybZlscGuHjWx4MKnb0he20BVEB+RmmfdVkShVJQTHyBepMFrqWNKxrKKe3c7izxMW1ksRjowIaLdeRTdoZBRP1PxdejVv3guniANooaEooatIdOZhYYcTLyQ4Sc5ceO+AV6QoYIULyBywMXP+4ONx3qg65LqF9Js24ngypko6NlqYnuw9BAfjj9QUVibpzxXarn6sbMsnWastXyvknfkCBJzIUy3aODCIk2OPa1QDGEuD5Y0DfdVRwMLaeG4l+XWztLin2oOCLmuWyCSE+hE1A70AmzjwvYVvTIB/A9OdFkNeLK7nUoPHmEtrJfENH5SuQVjSxEzjdwqL9jIYWelcCtz/oBQMTrXCfrs4uIrQbQ/GA/plK1IaNp//5gk1TT/YVARuaxZWsYZ17MYndLkuQ6V1oJFkXMLomJe7dFfw0bBn5Pq9TEvT0yPf+pqqsOmi7h3Cbhetlke2AT6V37UQ7U4SKG9zUVz+tzK+LikNTCRIcEQH5MiXEbu7EmOGRIZqGVs4Nfz6w54vzoh9Lgen6tf30IhpcysxsVzxjP59yXFILrzHbsVTUt+LG3igaKV8zNhrXB1vF6t+dqB6LZ8Y2Q7jPuL2tZ+Ti0BKIcAAc9i99PrsFsR/1q2EbgJmQ7PkzJs8qOY5oKHASbr7xGvNWZ9EmQU+bur7NyBNR34EdIr4H+g2N3+JQdjxtlxn8M1cgBDskgE56fG4Ve3c0l58KoK+u1IFMNSIS+Rx9RI5/V6cPcAVx597Fw9rCjndQumys9A9pI/l0qiYp7FHQcqq9wbahQARU1j4aoMRREJ7+so73kockdKXx6Gx5+CU7MRmP8zxWt2bATpH/x62QPyg7xp1J8k2vFDSpDdinFFCR3FE7zUY6IhmuZK2jvmMSv3fAKVDPIWpPJS/P93Lk3CWyxPFdgEhtaToHACBGoEk/rqYpgJNVAtZ2JpLVaYOjC17WCncoZzXwKJCJ0rlHIJXCrwaV37WazJM6k4o2tnLcl51LgmHk/w0FUT2fb7jFNpL6uMLd4chQiJfrccYDqWWpI+ltIK7kmCyycVQ/O63xBWTkP40ZjW2UJDKKRUOThsZsB9vbMRbOmmjkNbwCQ4eaaTM4kMX5jA60XQJa/XHgmHcAY3OLLTeZhbtVufgh8HGcxY/Sy2Cli2TqRYrDNiQLR6mdrb2pui5czHXU4b6JfrBIaPR3hSvKVAxEiuXRc7o1PAAfJPIKEFkTxbkuDl2gqBcfHZhydVqoL3rZnpL1R3ZjrwovlMf1ivIZ0x8S1ceiFw5UqjkIr3oGBo9rC3LJO8qy3i2x40hEzZMYckrxEunlxxgkDAPE2xMadldnmjd0HTOIn/5yCXIHx6HJOcV1ym2KIJNUvk0arql90tRglOLS2jX0IgK9wNHwMMyrIPGtoAFw+j6T7IJU2yLwFXK3oA4GLjZRjaBr16ZzJEpu9VMoTv/4aPxihoVUfWj9uXezQ1BokDLdpUeNUXTfV/YqXv8USC/Lfl2PfEM7ILcPzzaWrj8aZsuZFBRFNOLAFlrwTAxZq+fch8hEAg9XATdB5JOZZ66uGBoDzc8rsgJ+OlNBicld0B6wkB5NwCePSNy7WE/S9tJD26pzc3mVyf7OyjdKgz2yKVYjVtWuZidsxGXqFjQgEMcKwI+1Wam+iwJndFAhl4vJfJpLYZ3tgpnVrpzGkjE1t8zuy/m3pecqaYQMm1S7zxxsnE7LijYCMP39ExBNmrnrWZEO1S+amBAKxP99yFoFM/pznVthZKWAqDBBH+r4oWFgXSC1Nw43pr0XHsSGdPPFj0m8RUfJ+J+YynktKAOhcran1B+MPqE5ANH6ACmByB/pb9gZGgRiW4MLcYGmu6xSAz49Ow0Gn1ASiM7pI5+P5FK5ILJbmvbmC/qE/V7LYz9n+1Fm+7VoOY+1BHBjJofqI341erZIMKkhInnRnugHwDKV3at8Megd6PMU72RAbMorDJhX1Pe8HxAJ6rhDWToXzelWwRH9iqJAfBO2bTb4hAib2HCEqAStaf6NxObSHxV/66MgGGo0bNi/h5IKZwQVilxfuxeZPNwbKdmHIR8LSiIRKSYwCfMlBG0Ga+Q1cqJ+Tu/gHq9tes1+IJYih2dszl8ZdfyMY3cZ9ultejK0vANIRBeRE7gHf9YQWVu6UBzPcytrvVVggyqk84tYoxRIcGTzc4sCd0rhM6Ie4oyWRdgYK3CqCl1+SnsTTwJpFarILGX59j/ecGZFKxk+v6tUodgiUb+s2W3Sxtyu+PPHb2Tm0x6iXciRDEk8hxappKGI7YCnzi2FHhn8G1+bscli8Nf64igBd2s9dvckluZg30GOElZ5W8NFLW64WxoceQiq4hnXxpY38vsBals+0arQPLfDzYvvRgaTnCcDcWOE9sg4OhQC2/rXCglmMGEqnaDbysDziYcjQlCBgtWQSj6SBhm2SI2v+G3emRSFPsqGBvS9JgQPx8AKUHqBawRJlILyABNlQKvJjjPeXE17wWD9cwgFv6NPlZ4YggLFXl/Bdb7SLhzicBxdqlY4EfG2ZPIpJ4quDXLDQJl5uowwGorKqp2ZQjkdGeQGoi7riCsZtVeZZRFzQEZF9yWzIWyJfnLlaMxqRsLJ6uY9ZxVP/pLpNw4/WbZjxWXKZcXEaf/6Yy5iOaYl8YL3Bg8xyTmhQDXGyZaq+oTsm6i9nczsOth0pnxLtkCUO/AnxyYWO9CpF52QPzyCEoETHeLHB4rTxKjGbm2U2hXC5lIdMNW6S/aP2e4JDl2iduP4FiZTVmZtpu8W0bL3twtnnwkwMolxWNENaYsap02teEXMMaPd/f/F+vtN4VbYeDL5kmzo3pOC2Uxv4shlRfWgDmgUXP4oSVoHnTmBYnq1f1ww8uhm7XL/x7oL0JytNUqUUzlR3u8AmmpEWFCDVhXnNmgXNFiEzuDDu6it1TNDbPdgxPSdxzcuBp1oJTSEi6MtoyU1rfqE/LwcwAT15X/OP+vYQtuQbBh+8J0rMTVtA6xCl6rkLz1lcOnKOapB9yF208a5E3r6/f10zXbbcaYmQ+q/LmhwbnrMLijCQ/MVLBup9iJVWBsPLUS7BNikFgyAwRyMBUb+GEqCP3hoEir+7ILolCNcVBWj03nzkwsMm8fCLlQeC+KWtU1Z391U+JK3imgjudJTG/QFioS3c6UH14iDzMVdXw+aZoj+OroD1AOwJLaIZAS2omjkn44a4jRgCDMHClk/MTkuocaaMb2SPpIZI/If7N3KGscW2hSWlnWgwxTNWsGOPkbouFvH7SgWm3SLaFwBTKoI7ZG7VB/MbJSnpQtRMUbU9Me0xQpjc2zOV48bJE1jiOTdHEeUCDgJtXqKOpQxaByd/icIaJjs7G1/19OWHJMntaxDAk7THZsfAGYy2olqt/yefuDMxFEqapjQfNrpcQ503friY/dAuQHl7TaIjn7yZnGbLYDhJrip3srlIrqp+CR8kC/+A8D+ZjruUc8G+DZ1NPL5EksYAuiASr9WBKSkIKG7gBfibO8nO+vtGNs81pwfMOXMaXtohFmrRLhqjpGnte09scgk+ofym9l+4VsBUZnm7VZOWgOd4LyaKDH5YbAV3aP9BBtr/0dGPiV2BWvkx6woj3nU2MiLwFw2lMc06fXJXzXoZXclVbG3dMwU9NOOzyuI5YcRnxtjdAtVsXQuGtHDOgleEClTvDg+zF3D6McqFLW+O5fLthcavzQK9M/4x/J+7FGsE3cZs2r3ctu9v7+SwjDsuh3QBg6VEACgqEPYYhIZm4asbd647559LGWsmqRlXQIAVlbKQsTtosTHth2bzuIc9iBT1g/sHazLoGbhLO6uC0P9TbHTQW3oHKGQqP0mE73GX6pyS2Ohydl7Usd6GGFPzAG7cyswYfpoLCRbK+lwhygdw0/RvzgDbmLAR4p/ByAyp56sP4l5IE/i2ZrhHLLgjj/SBXb9CVY5hLeVbdk0LPCokeqFxsQDOnLEceGBUjg2Vj/KwBI1s/oaV+xmsGnIbYe/1TkFdp7+SP5PlRq/UIrG4OJTdpw0KT/z85XXSvrNAjSYTIjDUXAGN65ukWjLxGo5Sd4vzkFAYiWAX0uf2FNYKy9QBrC90o5QeVrMHw3j0ijExCVPmDzNcvco5Ie2cVAf4BzC6DS6dUuJLbtPcm7nG6p2iwchiiJFgOROWW2jBunwJO/7e5K9Y4eKO+mgAcDULi+ujmbbG9zlsPcVx7rkXPKbLjQsPOwI4b7wRsB62rFSAGhmAoQL7EKwg9k/FpXqHogGbQ29LN16/LvVoQ+lotKwFPMRWlXG0PLdTcQFIi/gCLO5YkM7xmAVTXRGLEf8V3JYyMpIgip3Gtjfnqbyli7bWbyjkrSaSV7RID3N8z4U3uIhvXECoK256rO5qgcgPx0jA34sHyKW7MekgcYLMXnTuJHOAGmM9I9GeXzsWnY0wXvWTkdv3A7jRlykGkUBzCXdd5pzi/1tmePuG2MXYq83H51N0XtcoWfmUiKZo9pra4zf66IiHWmcFOpXWZBPGU8fx2yoFq+yiz1zeJ+6TMiIHNOBvtCHPyrQPhfjPiEgBFa6L4f2dY3RMTmYVY/UqurZlX42KU3idiYHO6NBIfGkme9ShkgyxhghZfEYBDAwzNmt/uB+XCdvXLyB3bMEKwQrhKRIMVnkHrpA0wVi5XmfkkNyvxpxPks4czxnc4LmXLUizL/EKraWrGaUqxq7ctKG2k/xAEQjyf8kcidvMJu5LGRFq82oRCn+bP/2WGGCwVj4MKNxCmHG9b/e/dd4fSIPYuMohWe4XHCZWPsIX2yaBp+6S4JfhsoiVeyFQPu6pG9MU8wxS3GGIeftVm4Pye90OB/uY+ClcYR7gK2Lak0RFOXfLEeXCnlxRMLcnxTv1m1KXfGa4gWRINDdgZbDcXp2Xr0pE6t0IT8=,iv:WVSTjMjzmtQTs7s9RUO4q3QY0ECP3yhNrWIu+fOb8jQ=,tag:QmHqdcd9uMo2DSTVooJtVA==,type:str] docmost: ENC[AES256_GCM,data:4uK3rOKurQPFfiTJzjMRn7hqPeB3c1fYG/zt01Ttwp5BvuI9B3JA34oNwvVzG8Jkl+Oc8pcj+IR55H5Y7KCQNiY9ux8rLbdtHRjhwKU6nah8kP+qSLOi935fXDdd0C5aMoHz2k72G8pT5ww5mt3AVCtd+bghZKX8WV6+XPBYwya2R3JGy/dm5/UAWoYC0LxMKsyj1w7Zr7nKWCa3PMWDjJXNvHkfwvC/9mhNWUMSVtAtlqYNRjQpCK/4rH8PDRRr3KgPyV1LYmV+O8/wVK+aQ4cuI8TLp5qQxNXU3PBljKCrfMyGRNx307P/cL63DR7Bv08iTFtVX58dYnTrnG3OSvMWaup5IF9+w/I=,iv:hmU6Eq/3vj3+rWSnUlt6mdLW47viShxbFa6WykQrR6M=,tag:8dBYTIBI5jGhSEp64axpXg==,type:str] @@ -41,6 +55,11 @@ crowdsec: consoleToken: ENC[AES256_GCM,data:G/UfbMqHW0lecT7vKmZsusvXzgxz6apdRQ==,iv:JJTN1RPhFNMd2gqE3Vw2FvC+bA/vgOiYNfBhr96veIw=,tag:HKbhtwCWkLte8e8uGDt2Gw==,type:str] opencloud: ENC[AES256_GCM,data:NrhvojLoMUbGkWNkfDN12iAU70F9o1MXa3m8RzYtcBU1r9zk0e+4ZlPAqw2SIobMDC3vo3few7cA21ruYGP2p36lskG6UjafyJPJoHQcxlq04Kp/9GVeSsvI3KP08WLmoaBqk6b+f1K57P4OzSHPYKQ4/f51B4yhmt8n/DNg7RgF8wNKi4KUTOBuC/j+T+51vsJdjqHUuBi1y2ZqaolAwfEYbnswNVJUcOxHUezIAGke/22U0fS01+p1JQ/PAzSeDdxuX8dAMDVYHHZ13A07kXIRchpSb63Y5pTLUUAl25zAaSYoq+fZ0s61DZrYCaityZCishhCpJwmyoOsCWEesOpRFYNjIALIxWmM9b3aU/5G1WNiPRdlfvZpowhm3r+4X7QGCoXvuoI94l8DuXW7wN77XhLr7s4w,iv:TrUgpRHN7NYFZw+tihcxJ+dhNi4nIuNHMxNWgCE53AA=,tag:YZNL/Pv8S0hYtSt5IBE1GA==,type:str] ntfy: ENC[AES256_GCM,data:y2evjuP49mnN8dCnS+nC6KGYEiO5ZPykgtHXQJqYoW/yq7zMpPowe5cFdKYO6MYWYFwT4Vy8okl64h8GQXZOPfqjEct2eB23GL6021ZCm5FmGJf4pYERwuYV0LC3VV74nnvTd9rDhWeSDd1awXzwkbviy7CtI55R3+ZBxRKhIYL31f4T4OHs51wldJWE6Lf8f6eNldN0M+Ki4Pxvyhbtt/A3OLmfSKhCd+eehdCABkuWaiPAu55dJS/m/b8++lQaod0Vmdbp9WlLGP5Ep7G5XwG92F5PgPr6dRa78x5AcvahVgSr8inlTVhXrue5EBzd3TAj2cIf953S2V6GKCFqhdjajbPvqzqXVxC5JuTCX9d6bWAMVGkVqeF0i33kHewM+cT3iGAYUSt38UTvCqI7UY5X0AIlZe5S8J2BCoDlRbHA7mERQrDl2Q==,iv:n+ubsZKbW2odqQeK4aqhxPxdCxtCsO7wS2wIthaQPHE=,tag:j7Ju4FrPYnKfUcy5pNQI3w==,type:str] +forgejo: + server: + secretKey: ENC[AES256_GCM,data:DShv0oGdrHi40OMGz6/8XsiNY7nFcdJswBXucP9t7JQtgj9wk8Wr2mn17rfzkjNXTRletI60OPGPz2c57xOnTA==,iv:9TVma4i167123hyVA4yMAGsc9074+Yd4qggL7PkhUKg=,tag:/ELp01jK7of78Kyn+aOcMA==,type:str] + mailer: + password: ENC[AES256_GCM,data:dcIotYpgtdFLcunAB3ttlczzQ68=,iv:vH3rckAfntFAEtH3dolF7NCAdj142cAzre56x7oBdDA=,tag:TaxRn8g/TVloM60D6Ud0Jg==,type:str] sops: age: - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 @@ -70,7 +89,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-29T05:31:41Z" - mac: ENC[AES256_GCM,data:7vRB92qX6NPYafjpTY0wS23bq5Jn57xkWamJZ2ZgD4/2rW+qRilmO6sqaZEktWr7q2jQzgSvdgZsgbuhkxoqQXrTVP7osjr8qQ20jL9OXLxSgPQry2QqNBqlSdjEUov/bygJA0oI46K8pdk6OrT07Few/nXMrvUixFAGGUsKmJc=,iv:Gd5X70COnDL4Ntps/bedF92uUH6hCosDj2dsbF0KQHw=,tag:O3vq/kFnay5le7F1Q2heJQ==,type:str] + lastmodified: "2026-01-07T08:19:02Z" + mac: ENC[AES256_GCM,data:hWVuAT2P1vXtSWUiCYh52vr2FY60611QlO+lNf9GbB98Tzk6K3/RaEtQR8a1KVGz9qoJFwxRk0jm9Mo78ezxaCmjePWklyDYFTPGCcBZbPNGTcZfiCfp5yzFGDbGsR2s3nVDHP+a+BIwIWYEJZz2T4Gi/sPK2rUwGdvq6b0rnKQ=,iv:trEF/xsJobs87q96BdRxDkZHmInEU9krhUQiMvNu87g=,tag:PkYNLlnl72J+dxgnWhvWAw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-server/sops/sops-conf.nix b/system/dev/dn-server/sops/sops-conf.nix index 0449f9c..e123c75 100644 --- a/system/dev/dn-server/sops/sops-conf.nix +++ b/system/dev/dn-server/sops/sops-conf.nix @@ -5,10 +5,6 @@ in { sops.secrets = { "wireguard/privateKey" = { }; - "nextcloud/adminPassword" = { }; - "nextcloud/whiteboard" = { - owner = "nextcloud"; - }; "step_ca/password" = { }; vaultwarden = { }; "oauth/password" = { }; diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix index 1581b1c..0dd0d0d 100644 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -10,11 +10,11 @@ in systemConf = { inherit hostname username; domain = "net.dn"; - hyprland.enable = true; + # hyprland.enable = true; + niri.enable = true; face = pkgs.fetchurl { - url = "https://files.net.dn/skydrive.jpg"; + url = "https://git.dnywe.com/dachxy/skydrive-avatar/raw/branch/main/skydrive.jpg"; hash = "sha256-aMjl6VL1Zy+r3ElfFyhFOlJKWn42JOnAFfBXF+GPB/Q="; - curlOpts = "-k"; }; }; @@ -22,9 +22,9 @@ in ../../modules/presets/basic.nix ./common ./games - ./services ./sops ./utility + ./network ]; users.users.root.openssh.authorizedKeys.keys = [ diff --git a/system/dev/skydrive-lap/network/default.nix b/system/dev/skydrive-lap/network/default.nix new file mode 100644 index 0000000..e7803e3 --- /dev/null +++ b/system/dev/skydrive-lap/network/default.nix @@ -0,0 +1,6 @@ +{ ... }: +{ + imports = [ + ./netbird.nix + ]; +} diff --git a/system/dev/skydrive-lap/network/netbird.nix b/system/dev/skydrive-lap/network/netbird.nix new file mode 100644 index 0000000..b413fa2 --- /dev/null +++ b/system/dev/skydrive-lap/network/netbird.nix @@ -0,0 +1,17 @@ +{ self, ... }: +let + serverCfg = self.nixosConfigurations.dn-server.config; + domain = serverCfg.services.netbird.server.domain; +in +{ + services.netbird = { + clients.wt0 = { + openFirewall = true; + autoStart = true; + port = 51820; + environment = { + NB_MANAGEMENT_URL = "https://${domain}"; + }; + }; + }; +} diff --git a/system/dev/skydrive-lap/services/default.nix b/system/dev/skydrive-lap/services/default.nix deleted file mode 100644 index e02134a..0000000 --- a/system/dev/skydrive-lap/services/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ./wireguard.nix - ]; -} diff --git a/system/dev/skydrive-lap/services/wireguard.nix b/system/dev/skydrive-lap/services/wireguard.nix deleted file mode 100644 index b2e5388..0000000 --- a/system/dev/skydrive-lap/services/wireguard.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - imports = [ - ../../../modules/wireguard.nix - ]; -} diff --git a/system/modules/actual/default.nix b/system/modules/actual/default.nix index 5a34bf2..9b00369 100644 --- a/system/modules/actual/default.nix +++ b/system/modules/actual/default.nix @@ -39,7 +39,7 @@ in forceSSL = true; locations."/api/".proxyPass = - "http://localhost:${toString config.services.actual-budget-api.listenPort}/"; - locations."/".proxyPass = "http://localhost:${toString config.services.actual.settings.port}"; + "http://127.0.0.1:${toString config.services.actual-budget-api.listenPort}/"; + locations."/".proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}"; }; } diff --git a/system/modules/cockpit.nix b/system/modules/cockpit.nix index 6638ef8..5493fda 100644 --- a/system/modules/cockpit.nix +++ b/system/modules/cockpit.nix @@ -28,6 +28,6 @@ in services.nginx.virtualHosts."${domain}" = mkIf enableNginx { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:${toString config.services.cockpit.port}"; + locations."/".proxyPass = "http://127.0.0.1:${toString config.services.cockpit.port}"; }; } diff --git a/system/modules/docmost.nix b/system/modules/docmost.nix index 488b750..a86a592 100644 --- a/system/modules/docmost.nix +++ b/system/modules/docmost.nix @@ -46,10 +46,10 @@ in if (fqdn != null) then "${if https then "https" else "http"}://${fqdn}" else - "http://localhost:${toString port}" + "http://127.0.0.1:${toString port}" }"; DATABASE_URL = "postgresql://docmost@docmost?schema=public&host=/var/run/postgresql"; - REDIS_URL = "redis://localhost:${toString config.services.redis.servers.docmost.port}"; + REDIS_URL = "redis://127.0.0.1:${toString config.services.redis.servers.docmost.port}"; } // extraConf ); @@ -77,7 +77,7 @@ in enableACME = lib.mkIf https true; forceSSL = lib.mkIf https true; locations."/" = { - proxyPass = "http://localhost:${toString port}"; + proxyPass = "http://127.0.0.1:${toString port}"; proxyWebsockets = true; }; }; diff --git a/system/modules/fail2ban.nix b/system/modules/fail2ban.nix index 781ff17..c2ec324 100644 --- a/system/modules/fail2ban.nix +++ b/system/modules/fail2ban.nix @@ -1,5 +1,5 @@ { - extreAllowList ? [ ], + extraAllowList ? [ ], ... }: { @@ -9,7 +9,7 @@ ignoreIP = [ "192.168.0.0/16" ] - ++ extreAllowList; + ++ extraAllowList; bantime = "24h"; bantime-increment = { enable = true; diff --git a/system/modules/gc.nix b/system/modules/gc.nix index f90d332..eb5b5fb 100644 --- a/system/modules/gc.nix +++ b/system/modules/gc.nix @@ -11,7 +11,7 @@ optimise.automatic = true; gc = { automatic = true; - dates = [ "03:15" ]; + dates = "weekly"; options = "--delete-older-than 7d"; }; }; diff --git a/system/modules/netbird-client.nix b/system/modules/netbird-client.nix new file mode 100644 index 0000000..7119b5f --- /dev/null +++ b/system/modules/netbird-client.nix @@ -0,0 +1,31 @@ +{ + self, + config, + ... +}: +let + serverCfg = self.nixosConfigurations.dn-server.config; + cfg = config.services.netbird; + domain = serverCfg.services.netbird.server.domain; +in +{ + sops.secrets."netbird/wt0-setupKey" = { + owner = cfg.clients.wt0.user.name; + mode = "400"; + }; + + services.netbird = { + clients.wt0 = { + openFirewall = true; + autoStart = true; + port = 51820; + environment = { + NB_MANAGEMENT_URL = "https://${domain}"; + }; + login = { + enable = true; + setupKeyFile = config.sops.secrets."netbird/wt0-setupKey".path; + }; + }; + }; +} diff --git a/system/modules/netbird-server.nix b/system/modules/netbird-server.nix new file mode 100644 index 0000000..e563231 --- /dev/null +++ b/system/modules/netbird-server.nix @@ -0,0 +1,123 @@ +{ + domain, + oidcURL, + vDomain ? null, + enableNginx ? false, + oidcType ? "keycloak", + realm ? "netbird", +}: +{ + lib, + config, + ... +}: +let + inherit (lib) mkIf mkForce; + inherit (config.sops) secrets; + cfg = config.services.netbird; + srv = cfg.server; + dnsDomain = if vDomain == null then domain else vDomain; +in +{ + sops.secrets = { + "netbird/oidc/secret" = { }; + "netbird/turn/secret" = { + key = "netbird/oidc/secret"; + }; + "netbird/turn/password" = { + key = "netbird/coturn/password"; + }; + "netbird/coturn/password" = mkIf config.services.netbird.server.coturn.enable { + owner = "turnserver"; + }; + "netbird/dataStoreKey" = { }; + }; + + services.postgresql = { + enable = true; + ensureDatabases = [ "netbird" ]; + ensureUsers = [ + { + name = "netbird"; + ensureDBOwnership = true; + } + ]; + }; + + systemd.services.netbird-management.environment = { + NETBIRD_STORE_ENGINE_POSTGRES_DSN = "host=/var/run/postgresql user=netbird dbname=netbird"; + }; + + services.netbird = { + ui.enable = true; + + server = { + inherit domain enableNginx; + enable = true; + + # ==== Signal ==== # + signal.enable = true; + + # ==== Management ==== # + management = { + inherit dnsDomain; + + # === turn === # + oidcConfigEndpoint = "${oidcURL}/realms/${realm}/.well-known/openid-configuration"; + settings = { + StoreConfig.Engine = "postgres"; + DataStoreEncryptionKey = { + _secret = secrets."netbird/dataStoreKey".path; + }; + TURNConfig = { + Secret._secret = secrets."netbird/turn/secret".path; + Turns = mkForce [ + { + Proto = "udp"; + URI = "turn:${srv.management.turnDomain}:3478"; + Username = "netbird"; + Password._secret = secrets."netbird/turn/password".path; + } + ]; + }; + IdpManagerConfig = { + ManagerType = oidcType; + ClientConfig = { + TokenEndpoint = "${oidcURL}/realms/${realm}/protocol/openid-connect/token"; + ClientID = "netbird-backend"; + ClientSecret = { + _secret = secrets."netbird/oidc/secret".path; + }; + }; + ExtraConfig = { + AdminEndpoint = "${oidcURL}/admin/realms/${realm}"; + }; + }; + DeviceAuthorizationFlow.ProviderConfig = { + Audience = "netbird-client"; + ClientID = "netbird-client"; + }; + PKCEAuthorizationFlow.ProviderConfig = { + Audience = "netbird-client"; + ClientID = "netbird-client"; + }; + }; + }; + + # ==== Dashboard ==== # + dashboard.settings = { + AUTH_AUTHORITY = "${oidcURL}/realms/${realm}"; + AUTH_CLIENT_ID = "netbird-client"; + AUTH_AUDIENCE = "netbird-client"; + AUTH_SUPPORTED_SCOPES = "openid profile email offline_access api"; + }; + + # ==== Coturn (STUN/TURN) ==== # + coturn = { + enable = true; + passwordFile = secrets."netbird/coturn/password".path; + useAcmeCertificates = enableNginx; + }; + }; + }; +} diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix index 33041ae..d0ea33f 100644 --- a/system/modules/nextcloud.nix +++ b/system/modules/nextcloud.nix @@ -47,10 +47,42 @@ in ]; }; - systemd.services."phpfpm-nextcloud".postStart = mkIf config.services.nextcloud.enable '' - ${config.services.nextcloud.occ}/bin/nextcloud-occ config:app:set recognize node_binary --value '${lib.getExe pkgs.nodejs_22}' - ${config.services.nextcloud.occ}/bin/nextcloud-occ config:app:set recognize tensorflow.purejs --value 'true' - ''; + systemd.services.nextcloud-config-recognize = + let + inherit (config.services.nextcloud) occ; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ + "nextcloud-setup.service" + ]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set recognize node_binary --value '${lib.getExe pkgs.nodejs_22}' + ${occ}/bin/nextcloud-occ config:app:set recognize tensorflow.purejs --value 'true' + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; + + # Disable Other login method for nextcloud + # Admin can login through adding `?direct=1` to url param + systemd.services.nextcloud-config-oidc = + let + inherit (config.services.nextcloud) occ; + in + { + wantedBy = [ "multi-user.target" ]; + after = [ + "nextcloud-setup.service" + ]; + script = '' + ${occ}/bin/nextcloud-occ config:app:set --type=string --value=0 user_oidc allow_multiple_user_backends + ''; + serviceConfig = { + Type = "oneshot"; + }; + }; services.nextcloud = { enable = true; diff --git a/system/modules/paperless-ngx.nix b/system/modules/paperless-ngx.nix index e55cdd7..45ab185 100644 --- a/system/modules/paperless-ngx.nix +++ b/system/modules/paperless-ngx.nix @@ -31,6 +31,6 @@ in services.nginx.virtualHosts."${domain}" = mkIf configureNginx { enableACME = true; forceSSL = true; - locations."/".proxyPass = "http://localhost:${toString config.services.paperless.port}"; + locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; }; } diff --git a/system/modules/presets/minimal.nix b/system/modules/presets/minimal.nix index c2e5923..8312883 100644 --- a/system/modules/presets/minimal.nix +++ b/system/modules/presets/minimal.nix @@ -1,4 +1,7 @@ -{ ... }: +{ lib, ... }: +let + inherit (lib) mkForce; +in { imports = [ ../environment.nix @@ -18,5 +21,9 @@ ../sops-nix.nix ../gc.nix ../security.nix + ../systemd-resolv.nix ]; + + # Disable man cache + documentation.man.generateCaches = mkForce false; } diff --git a/system/modules/prometheus.nix b/system/modules/prometheus.nix index 1df30a6..de09bc6 100644 --- a/system/modules/prometheus.nix +++ b/system/modules/prometheus.nix @@ -33,7 +33,7 @@ in job_name = "master-server"; static_configs = [ (optionalAttrs selfMonitor { - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; }) ]; } @@ -47,7 +47,7 @@ in forceSSL = true; locations."/" = { - proxyPass = "http://localhost:${toString config.services.prometheus.port}"; + proxyPass = "http://127.0.0.1:${toString config.services.prometheus.port}"; }; }; } diff --git a/system/modules/secure-boot.nix b/system/modules/secure-boot.nix index 064adc8..75e9eed 100644 --- a/system/modules/secure-boot.nix +++ b/system/modules/secure-boot.nix @@ -8,7 +8,8 @@ loader.systemd-boot.enable = lib.mkForce false; lanzaboote = { enable = true; - pkiBundle = "/var/lib/sbctl/"; + autoGenerateKeys.enable = true; + pkiBundle = "/var/lib/sbctl"; }; }; } diff --git a/system/modules/services.nix b/system/modules/services.nix index e23eae3..dffbe2c 100644 --- a/system/modules/services.nix +++ b/system/modules/services.nix @@ -27,7 +27,7 @@ in ports = [ 22 ]; settings = { PasswordAuthentication = lib.mkDefault false; - AllowUsers = lib.mkDefault [ username ]; + AllowUsers = [ username ]; UseDns = lib.mkDefault false; PermitRootLogin = lib.mkDefault "no"; }; diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index 31b0851..c5079a5 100644 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -65,6 +65,14 @@ in }; calendar = { cards = [ + { + enabled = true; + id = "banner-card"; + } + { + enabled = true; + id = "calendar-card"; + } { enabled = true; id = "timer-card"; @@ -73,14 +81,6 @@ in enabled = true; id = "weather-card"; } - { - enabled = true; - id = "calendar-header-card"; - } - { - enabled = true; - id = "calendar-month-card"; - } ]; }; changelog = { diff --git a/system/modules/systemd-resolv.nix b/system/modules/systemd-resolv.nix new file mode 100644 index 0000000..28018c6 --- /dev/null +++ b/system/modules/systemd-resolv.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + networking.nameservers = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; + + services.resolved = { + enable = true; + llmnr = "false"; + fallbackDns = [ + "1.1.1.1#one.one.one.one" + "1.0.0.1#one.one.one.one" + ]; + domains = [ "~." ]; + }; +} diff --git a/system/modules/vaultwarden.nix b/system/modules/vaultwarden.nix index 49f931c..1894571 100644 --- a/system/modules/vaultwarden.nix +++ b/system/modules/vaultwarden.nix @@ -34,7 +34,7 @@ enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; proxyWebsockets = true; }; }; diff --git a/system/modules/wireguard.nix b/system/modules/wireguard.nix index 75eb2a8..43425f3 100644 --- a/system/modules/wireguard.nix +++ b/system/modules/wireguard.nix @@ -22,8 +22,8 @@ let watchDog = pkgs.writeShellScriptBin "wg0-watchdog" '' TARGET_CONF="$1" - PING_INTERVAL=1 - PING_TIMEOUT=1 + PING_INTERVAL=10 + PING_TIMEOUT=10 PING_COUNT=1 set -euo pipefail @@ -37,7 +37,7 @@ let notify() { users=$(loginctl list-users --json=short | jq -r '.[].user') for user in $users; do - systemctl --machine=danny@.host --user start wg0-notify-user + systemctl --machine="$user@.host" --user start wg0-notify-user done } @@ -46,13 +46,11 @@ let } check_health() { - ping -c "$PING_COUNT" -W "$PING_TIMEOUT" $1 >/dev/null 2>&1 - return $? + ping -c "$PING_COUNT" -W "$PING_TIMEOUT" "$1" >/dev/null 2>&1 } is_wg_active() { systemctl is-active wg-quick-wg0.service >/dev/null 2>&1 - return $? } start_wg() { @@ -105,15 +103,17 @@ in }; systemd.services.wg0-watchdog = { - wantedBy = [ "wg-quick-wg0.service" ]; - after = [ "wg-quick-wg0.service" ]; + wantedBy = [ "multi-user.target" ]; path = with pkgs; [ jq + iputils ]; serviceConfig = { ExecStart = "${getExe watchDog} \"${config.sops.secrets."wireguard/wg0.conf".path}\""; RestartSec = 5; TimeoutStopSec = 0; + CapabilityBoundingSet = "CAP_NET_RAW"; + AmbientCapabilities = "CAP_NET_RAW"; }; }; From d036cf224afa074536c343e51ca3b8af35165b68 Mon Sep 17 00:00:00 2001 From: danny Date: Thu, 8 Jan 2026 15:37:13 +0800 Subject: [PATCH 04/10] fix: nvf --- flake.lock | 6 +++--- system/dev/skydrive-lap/default.nix | 1 + system/modules/gaming.nix | 3 --- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index d125474..f0b5fb9 100644 --- a/flake.lock +++ b/flake.lock @@ -1745,11 +1745,11 @@ "systems": "systems_9" }, "locked": { - "lastModified": 1767369300, - "narHash": "sha256-QV+tdP2bS+PJBcp4YHhqpMTzcxsxGaS/d6cKMCJ4PnA=", + "lastModified": 1767847386, + "narHash": "sha256-S8lf6YtZpJQaq38GCuao+h7LnNYFVvTpI70lNevk5xM=", "owner": "notashelf", "repo": "nvf", - "rev": "9c75c2a199af39fc95fb203636ce97d070ca3973", + "rev": "317877430a36e2e449405aaea30788119791dedc", "type": "github" }, "original": { diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix index 0dd0d0d..1af18c4 100644 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -20,6 +20,7 @@ in imports = [ ../../modules/presets/basic.nix + ../../modules/virtualization.nix ./common ./games ./sops diff --git a/system/modules/gaming.nix b/system/modules/gaming.nix index d7e6edf..17ab960 100644 --- a/system/modules/gaming.nix +++ b/system/modules/gaming.nix @@ -69,9 +69,6 @@ in # Xbox controller xpadneo.enable = true; - - # Xbox USB dongle - xone.enable = true; }; boot.extraModulePackages = with config.boot.kernelPackages; [ From cf005ff8720667a63bf7892cb17f19be3f22db3a Mon Sep 17 00:00:00 2001 From: danny Date: Sat, 10 Jan 2026 12:46:40 +0800 Subject: [PATCH 05/10] feat: add formatter --- .gitignore | 2 + .sops.yaml | 0 README.md | 0 docs/fcitx.md | 0 docs/hyprland.md | 0 docs/yazi.md | 0 flake.lock | 197 +++++++++++++----- flake.nix | 52 ++++- helper/default.nix | 0 home/config/.face | Bin home/config/firefox/autohide_toolbox.css | 0 home/config/firefox/nightTab.json | 0 home/config/fish/functions/fish_prompt.fish | 0 home/config/gh/config.yaml | 0 home/config/ghostty/shader/mnoise.glsl | 0 home/config/rofi/apps.rasi | 0 home/config/rofi/config.rasi | 0 home/config/rofi/gruvbox-material.rasi | 0 home/config/tmux.yaml | 0 home/config/wlogout/icons/hibernate.svg | 0 home/config/wlogout/icons/lock.svg | 0 home/config/wlogout/icons/logout.svg | 0 home/config/wlogout/icons/reboot.svg | 0 home/config/wlogout/icons/shutdown.svg | 0 home/config/wlogout/icons/suspend.svg | 0 home/config/zen/zen-keyboard-shortcuts.json | 0 home/options/default.nix | 0 home/options/hyprlock.nix | 0 home/options/noctalia.nix | 0 home/options/ntfy-client.nix | 0 home/options/sunsetr.nix | 0 home/presets/basic.nix | 0 home/scripts/md2html.nix | 0 home/scripts/memeSelector.nix | 106 +++++----- home/scripts/mkWall.nix | 0 home/scripts/ntfy.nix | 0 home/scripts/rbwSelector.nix | 0 home/scripts/record.nix | 0 home/scripts/remoteRebuild.nix | 0 home/scripts/rofiwall.nix | 0 home/user/bitwarden.nix | 0 home/user/config.nix | 0 home/user/direnv.nix | 0 home/user/environment.nix | 0 home/user/firefox.nix | 0 home/user/ghostty.nix | 0 home/user/git.nix | 0 home/user/gtk.nix | 0 home/user/hypr/bind.nix | 0 home/user/hypr/input.nix | 0 home/user/hypr/window.nix | 0 home/user/hypr/windowrule.nix | 0 home/user/hypr/workspace.nix | 0 home/user/hyprland.nix | 0 home/user/internationalisation.nix | 0 home/user/music-production.nix | 0 home/user/nvf/default.nix | 18 +- home/user/nvf/extra-lsp.nix | 0 home/user/nvf/plugins/leetcode/default.nix | 0 home/user/nvf/plugins/lualine/default.nix | 0 home/user/nvf/plugins/snacks-nvim/default.nix | 0 home/user/nvf/plugins/snacks-nvim/keymaps.nix | 0 home/user/packages.nix | 0 home/user/podman.nix | 0 home/user/shell.nix | 0 home/user/shellAlias.nix | 0 home/user/shells/caelestia.nix | 0 home/user/tmux.nix | 0 home/user/virtualization.nix | 0 home/user/vscode.nix | 0 home/user/wallpaper-engine.nix | 0 home/user/waybar.nix | 0 home/user/wlogout.nix | 0 home/user/wm-service.nix | 0 home/user/yazi.nix | 0 home/user/zellij.nix | 0 home/user/zen-browser.nix | 0 options/default.nix | 0 options/systemconf.nix | 0 pkgs/assets/discord.svg | 0 pkgs/assets/peepoLeave.gif.base64 | 0 pkgs/fonts/dfkai-sb/default.nix | 0 pkgs/fonts/sf-pro-display-bold/default.nix | 0 pkgs/overlays/default.nix | 0 pkgs/overlays/powerdns-admin.nix | 0 pkgs/overlays/stalwart-mail/default.nix | 0 .../stalwart-mail/enable_root_ca.patch | 0 pkgs/overlays/vesktop.nix | 0 pkgs/patches/splash.patch | 0 preview.png | Bin system/dev/dn-lap/common/boot.nix | 0 system/dev/dn-lap/common/default.nix | 0 .../dn-lap/common/hardware-configuration.nix | 43 ++-- system/dev/dn-lap/default.nix | 0 system/dev/dn-lap/games/default.nix | 0 system/dev/dn-lap/home/default.nix | 4 - system/dev/dn-lap/network/default.nix | 0 system/dev/dn-lap/office/default.nix | 0 system/dev/dn-lap/services/default.nix | 0 system/dev/dn-lap/sops/default.nix | 0 system/dev/dn-lap/sops/secret.yaml | 0 system/dev/dn-lap/sops/sops-conf.nix | 0 system/dev/dn-lap/utility/default.nix | 0 system/dev/dn-lap/virtualisation/default.nix | 0 system/dev/dn-pre7780/common/boot.nix | 0 system/dev/dn-pre7780/common/default.nix | 0 .../common/hardware-configuration.nix | 0 system/dev/dn-pre7780/common/nvidia.nix | 0 system/dev/dn-pre7780/default.nix | 0 system/dev/dn-pre7780/expr/default.nix | 1 + system/dev/dn-pre7780/expr/noise-cancel.nix | 4 + system/dev/dn-pre7780/expr/osx-kvm.nix | 0 system/dev/dn-pre7780/expr/vm-settings.nix | 0 system/dev/dn-pre7780/expr/vm.nix | 0 system/dev/dn-pre7780/games/default.nix | 1 + system/dev/dn-pre7780/games/heroic.nix | 10 + system/dev/dn-pre7780/games/minecraft.nix | 0 system/dev/dn-pre7780/games/shadps4.nix | 0 system/dev/dn-pre7780/home/default.nix | 6 - system/dev/dn-pre7780/home/expr/default.nix | 0 system/dev/dn-pre7780/home/expr/helix.nix | 0 system/dev/dn-pre7780/home/wm/default.nix | 0 system/dev/dn-pre7780/home/wm/hyprland.nix | 0 system/dev/dn-pre7780/network/default.nix | 0 system/dev/dn-pre7780/services/default.nix | 0 system/dev/dn-pre7780/services/mail.nix | 0 system/dev/dn-pre7780/services/nextcloud.nix | 0 system/dev/dn-pre7780/services/nginx.nix | 0 system/dev/dn-pre7780/services/pangolin.nix | 0 system/dev/dn-pre7780/sops/default.nix | 0 system/dev/dn-pre7780/sops/secret.yaml | 0 system/dev/dn-pre7780/sops/sops-conf.nix | 0 system/dev/dn-pre7780/utility/airplay.nix | 0 system/dev/dn-pre7780/utility/blender.nix | 0 .../dn-pre7780/utility/davinci-resolve.nix | 0 system/dev/dn-pre7780/utility/default.nix | 0 .../dev/dn-pre7780/virtualisation/default.nix | 0 system/dev/dn-pre7780/virtualisation/kvm.nix | 0 system/dev/dn-server/common/backup.nix | 0 system/dev/dn-server/common/boot.nix | 0 system/dev/dn-server/common/default.nix | 0 .../common/hardware-configuration.nix | 0 system/dev/dn-server/common/networking.nix | 0 system/dev/dn-server/common/nvidia.nix | 0 system/dev/dn-server/default.nix | 0 system/dev/dn-server/home/default.nix | 0 system/dev/dn-server/network/default.nix | 0 system/dev/dn-server/network/nginx.nix | 0 system/dev/dn-server/network/services.nix | 4 +- system/dev/dn-server/network/step-ca.nix | 0 system/dev/dn-server/network/wireguard.nix | 0 system/dev/dn-server/nix/atticd.nix | 0 system/dev/dn-server/nix/default.nix | 0 system/dev/dn-server/options/default.nix | 0 system/dev/dn-server/options/network.nix | 0 system/dev/dn-server/security/crowdsec.nix | 0 system/dev/dn-server/security/default.nix | 0 system/dev/dn-server/security/fail2ban.nix | 0 .../dev/dn-server/services/actual-budget.nix | 0 system/dev/dn-server/services/bitwarden.nix | 0 system/dev/dn-server/services/default.nix | 0 system/dev/dn-server/services/docmost.nix | 0 system/dev/dn-server/services/forgejo.nix | 0 system/dev/dn-server/services/hideTTY.nix | 0 system/dev/dn-server/services/keycloak.nix | 0 system/dev/dn-server/services/mail-server.nix | 0 system/dev/dn-server/services/metrics.nix | 0 .../dn-server/services/minecraft-server.nix | 1 + system/dev/dn-server/services/netbird.nix | 51 +---- system/dev/dn-server/services/nextcloud.nix | 0 system/dev/dn-server/services/ntfy.nix | 0 .../dev/dn-server/services/paperless-ngx.nix | 0 system/dev/dn-server/sops/default.nix | 0 system/dev/dn-server/sops/secret.yaml | 8 +- system/dev/dn-server/sops/sops-conf.nix | 1 - system/dev/generic/default.nix | 0 system/dev/generic/disk.nix | 0 system/dev/generic/hardware-configuration.nix | 13 +- system/dev/public/dn/common.nix | 0 system/dev/public/dn/default.nix | 0 system/dev/public/dn/ntfy.nix | 0 system/dev/public/dn/yubikey.nix | 0 system/dev/public/sops/dn-secret.yaml | 0 system/dev/public/sops/secret.yaml | 0 system/dev/skydrive-lap/common/boot.nix | 0 system/dev/skydrive-lap/common/default.nix | 0 system/dev/skydrive-lap/common/disk.nix | 0 .../common/hardware-configuration.nix | 21 +- system/dev/skydrive-lap/common/nvidia.nix | 0 system/dev/skydrive-lap/default.nix | 5 +- system/dev/skydrive-lap/games/default.nix | 0 system/dev/skydrive-lap/home/default.nix | 0 system/dev/skydrive-lap/network/default.nix | 0 system/dev/skydrive-lap/network/netbird.nix | 0 system/dev/skydrive-lap/sops/default.nix | 0 system/dev/skydrive-lap/sops/secret.yaml | 0 system/dev/skydrive-lap/sops/sops-conf.nix | 0 system/dev/skydrive-lap/utility/default.nix | 0 system/extra/ca.crt | 0 system/modules/actual/default.nix | 0 system/modules/airplay.nix | 0 system/modules/auto-mount.nix | 0 system/modules/auto-upgrade.nix | 0 system/modules/battery-life.nix | 0 system/modules/bluetooth.nix | 0 system/modules/ca.nix | 0 system/modules/cockpit.nix | 0 system/modules/crowdsec.nix | 0 system/modules/davinci-resolve.nix | 0 system/modules/display-manager.nix | 0 system/modules/dns-server/default.nix | 0 system/modules/docmost.nix | 0 system/modules/environment.nix | 0 system/modules/fail2ban.nix | 0 system/modules/gaming.nix | 0 system/modules/gc.nix | 0 system/modules/gitea.nix | 0 system/modules/gnome.nix | 0 system/modules/grafana.nix | 0 system/modules/hardware.nix | 0 system/modules/hyprland.nix | 0 system/modules/internationalisation.nix | 0 system/modules/kubernetes.nix | 0 system/modules/localsend.nix | 0 system/modules/misc.nix | 0 system/modules/netbird-client.nix | 0 system/modules/netbird-server.nix | 0 system/modules/networking.nix | 0 system/modules/nextcloud.nix | 0 system/modules/niri.nix | 18 +- system/modules/nixsettings.nix | 0 system/modules/nvidia.nix | 0 system/modules/obs-studio.nix | 0 system/modules/opencloud.nix | 0 system/modules/openldap.nix | 0 system/modules/packages.nix | 0 system/modules/paperless-ngx.nix | 0 system/modules/plymouth.nix | 0 system/modules/polkit.nix | 0 system/modules/postgresql.nix | 0 system/modules/presets/basic.nix | 0 system/modules/presets/minimal.nix | 0 system/modules/printer.nix | 0 system/modules/programs.nix | 0 system/modules/prometheus.nix | 0 system/modules/rustdesk-server.nix | 0 system/modules/secure-boot.nix | 0 system/modules/security.nix | 0 system/modules/services.nix | 8 - system/modules/shells/noctalia/bar.nix | 0 .../modules/shells/noctalia/controlCenter.nix | 0 system/modules/shells/noctalia/default.nix | 0 .../modules/shells/noctalia/sessionMenu.nix | 0 .../modules/shells/noctalia/systemMonitor.nix | 0 system/modules/shells/noctalia/templates.nix | 0 system/modules/sops-nix.nix | 0 system/modules/sound.nix | 0 system/modules/stalwart.nix | 0 system/modules/stylix.nix | 0 system/modules/sunshine.nix | 0 system/modules/systemd-resolv.nix | 0 system/modules/time.nix | 0 system/modules/tmux.nix | 6 +- system/modules/users.nix | 0 system/modules/vaultwarden.nix | 15 +- system/modules/virtualization.nix | 0 system/modules/webcam.nix | 0 system/modules/wine.nix | 0 system/modules/wireguard.nix | 0 269 files changed, 369 insertions(+), 226 deletions(-) mode change 100644 => 100755 .gitignore mode change 100644 => 100755 .sops.yaml mode change 100644 => 100755 README.md mode change 100644 => 100755 docs/fcitx.md mode change 100644 => 100755 docs/hyprland.md mode change 100644 => 100755 docs/yazi.md mode change 100644 => 100755 flake.lock mode change 100644 => 100755 flake.nix mode change 100644 => 100755 helper/default.nix mode change 100644 => 100755 home/config/.face mode change 100644 => 100755 home/config/firefox/autohide_toolbox.css mode change 100644 => 100755 home/config/firefox/nightTab.json mode change 100644 => 100755 home/config/fish/functions/fish_prompt.fish mode change 100644 => 100755 home/config/gh/config.yaml mode change 100644 => 100755 home/config/ghostty/shader/mnoise.glsl mode change 100644 => 100755 home/config/rofi/apps.rasi mode change 100644 => 100755 home/config/rofi/config.rasi mode change 100644 => 100755 home/config/rofi/gruvbox-material.rasi mode change 100644 => 100755 home/config/tmux.yaml mode change 100644 => 100755 home/config/wlogout/icons/hibernate.svg mode change 100644 => 100755 home/config/wlogout/icons/lock.svg mode change 100644 => 100755 home/config/wlogout/icons/logout.svg mode change 100644 => 100755 home/config/wlogout/icons/reboot.svg mode change 100644 => 100755 home/config/wlogout/icons/shutdown.svg mode change 100644 => 100755 home/config/wlogout/icons/suspend.svg mode change 100644 => 100755 home/config/zen/zen-keyboard-shortcuts.json mode change 100644 => 100755 home/options/default.nix mode change 100644 => 100755 home/options/hyprlock.nix mode change 100644 => 100755 home/options/noctalia.nix mode change 100644 => 100755 home/options/ntfy-client.nix mode change 100644 => 100755 home/options/sunsetr.nix mode change 100644 => 100755 home/presets/basic.nix mode change 100644 => 100755 home/scripts/md2html.nix mode change 100644 => 100755 home/scripts/memeSelector.nix mode change 100644 => 100755 home/scripts/mkWall.nix mode change 100644 => 100755 home/scripts/ntfy.nix mode change 100644 => 100755 home/scripts/rbwSelector.nix mode change 100644 => 100755 home/scripts/record.nix mode change 100644 => 100755 home/scripts/remoteRebuild.nix mode change 100644 => 100755 home/scripts/rofiwall.nix mode change 100644 => 100755 home/user/bitwarden.nix mode change 100644 => 100755 home/user/config.nix mode change 100644 => 100755 home/user/direnv.nix mode change 100644 => 100755 home/user/environment.nix mode change 100644 => 100755 home/user/firefox.nix mode change 100644 => 100755 home/user/ghostty.nix mode change 100644 => 100755 home/user/git.nix mode change 100644 => 100755 home/user/gtk.nix mode change 100644 => 100755 home/user/hypr/bind.nix mode change 100644 => 100755 home/user/hypr/input.nix mode change 100644 => 100755 home/user/hypr/window.nix mode change 100644 => 100755 home/user/hypr/windowrule.nix mode change 100644 => 100755 home/user/hypr/workspace.nix mode change 100644 => 100755 home/user/hyprland.nix mode change 100644 => 100755 home/user/internationalisation.nix mode change 100644 => 100755 home/user/music-production.nix mode change 100644 => 100755 home/user/nvf/default.nix mode change 100644 => 100755 home/user/nvf/extra-lsp.nix mode change 100644 => 100755 home/user/nvf/plugins/leetcode/default.nix mode change 100644 => 100755 home/user/nvf/plugins/lualine/default.nix mode change 100644 => 100755 home/user/nvf/plugins/snacks-nvim/default.nix mode change 100644 => 100755 home/user/nvf/plugins/snacks-nvim/keymaps.nix mode change 100644 => 100755 home/user/packages.nix mode change 100644 => 100755 home/user/podman.nix mode change 100644 => 100755 home/user/shell.nix mode change 100644 => 100755 home/user/shellAlias.nix mode change 100644 => 100755 home/user/shells/caelestia.nix mode change 100644 => 100755 home/user/tmux.nix mode change 100644 => 100755 home/user/virtualization.nix mode change 100644 => 100755 home/user/vscode.nix mode change 100644 => 100755 home/user/wallpaper-engine.nix mode change 100644 => 100755 home/user/waybar.nix mode change 100644 => 100755 home/user/wlogout.nix mode change 100644 => 100755 home/user/wm-service.nix mode change 100644 => 100755 home/user/yazi.nix mode change 100644 => 100755 home/user/zellij.nix mode change 100644 => 100755 home/user/zen-browser.nix mode change 100644 => 100755 options/default.nix mode change 100644 => 100755 options/systemconf.nix mode change 100644 => 100755 pkgs/assets/discord.svg mode change 100644 => 100755 pkgs/assets/peepoLeave.gif.base64 mode change 100644 => 100755 pkgs/fonts/dfkai-sb/default.nix mode change 100644 => 100755 pkgs/fonts/sf-pro-display-bold/default.nix mode change 100644 => 100755 pkgs/overlays/default.nix mode change 100644 => 100755 pkgs/overlays/powerdns-admin.nix mode change 100644 => 100755 pkgs/overlays/stalwart-mail/default.nix mode change 100644 => 100755 pkgs/overlays/stalwart-mail/enable_root_ca.patch mode change 100644 => 100755 pkgs/overlays/vesktop.nix mode change 100644 => 100755 pkgs/patches/splash.patch mode change 100644 => 100755 preview.png mode change 100644 => 100755 system/dev/dn-lap/common/boot.nix mode change 100644 => 100755 system/dev/dn-lap/common/default.nix mode change 100644 => 100755 system/dev/dn-lap/common/hardware-configuration.nix mode change 100644 => 100755 system/dev/dn-lap/default.nix mode change 100644 => 100755 system/dev/dn-lap/games/default.nix mode change 100644 => 100755 system/dev/dn-lap/home/default.nix mode change 100644 => 100755 system/dev/dn-lap/network/default.nix mode change 100644 => 100755 system/dev/dn-lap/office/default.nix mode change 100644 => 100755 system/dev/dn-lap/services/default.nix mode change 100644 => 100755 system/dev/dn-lap/sops/default.nix mode change 100644 => 100755 system/dev/dn-lap/sops/secret.yaml mode change 100644 => 100755 system/dev/dn-lap/sops/sops-conf.nix mode change 100644 => 100755 system/dev/dn-lap/utility/default.nix mode change 100644 => 100755 system/dev/dn-lap/virtualisation/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/common/boot.nix mode change 100644 => 100755 system/dev/dn-pre7780/common/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/common/hardware-configuration.nix mode change 100644 => 100755 system/dev/dn-pre7780/common/nvidia.nix mode change 100644 => 100755 system/dev/dn-pre7780/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/expr/default.nix create mode 100755 system/dev/dn-pre7780/expr/noise-cancel.nix mode change 100644 => 100755 system/dev/dn-pre7780/expr/osx-kvm.nix mode change 100644 => 100755 system/dev/dn-pre7780/expr/vm-settings.nix mode change 100644 => 100755 system/dev/dn-pre7780/expr/vm.nix mode change 100644 => 100755 system/dev/dn-pre7780/games/default.nix create mode 100755 system/dev/dn-pre7780/games/heroic.nix mode change 100644 => 100755 system/dev/dn-pre7780/games/minecraft.nix mode change 100644 => 100755 system/dev/dn-pre7780/games/shadps4.nix mode change 100644 => 100755 system/dev/dn-pre7780/home/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/home/expr/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/home/expr/helix.nix mode change 100644 => 100755 system/dev/dn-pre7780/home/wm/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/home/wm/hyprland.nix mode change 100644 => 100755 system/dev/dn-pre7780/network/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/services/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/services/mail.nix mode change 100644 => 100755 system/dev/dn-pre7780/services/nextcloud.nix mode change 100644 => 100755 system/dev/dn-pre7780/services/nginx.nix mode change 100644 => 100755 system/dev/dn-pre7780/services/pangolin.nix mode change 100644 => 100755 system/dev/dn-pre7780/sops/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/sops/secret.yaml mode change 100644 => 100755 system/dev/dn-pre7780/sops/sops-conf.nix mode change 100644 => 100755 system/dev/dn-pre7780/utility/airplay.nix mode change 100644 => 100755 system/dev/dn-pre7780/utility/blender.nix mode change 100644 => 100755 system/dev/dn-pre7780/utility/davinci-resolve.nix mode change 100644 => 100755 system/dev/dn-pre7780/utility/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/virtualisation/default.nix mode change 100644 => 100755 system/dev/dn-pre7780/virtualisation/kvm.nix mode change 100644 => 100755 system/dev/dn-server/common/backup.nix mode change 100644 => 100755 system/dev/dn-server/common/boot.nix mode change 100644 => 100755 system/dev/dn-server/common/default.nix mode change 100644 => 100755 system/dev/dn-server/common/hardware-configuration.nix mode change 100644 => 100755 system/dev/dn-server/common/networking.nix mode change 100644 => 100755 system/dev/dn-server/common/nvidia.nix mode change 100644 => 100755 system/dev/dn-server/default.nix mode change 100644 => 100755 system/dev/dn-server/home/default.nix mode change 100644 => 100755 system/dev/dn-server/network/default.nix mode change 100644 => 100755 system/dev/dn-server/network/nginx.nix mode change 100644 => 100755 system/dev/dn-server/network/services.nix mode change 100644 => 100755 system/dev/dn-server/network/step-ca.nix mode change 100644 => 100755 system/dev/dn-server/network/wireguard.nix mode change 100644 => 100755 system/dev/dn-server/nix/atticd.nix mode change 100644 => 100755 system/dev/dn-server/nix/default.nix mode change 100644 => 100755 system/dev/dn-server/options/default.nix mode change 100644 => 100755 system/dev/dn-server/options/network.nix mode change 100644 => 100755 system/dev/dn-server/security/crowdsec.nix mode change 100644 => 100755 system/dev/dn-server/security/default.nix mode change 100644 => 100755 system/dev/dn-server/security/fail2ban.nix mode change 100644 => 100755 system/dev/dn-server/services/actual-budget.nix mode change 100644 => 100755 system/dev/dn-server/services/bitwarden.nix mode change 100644 => 100755 system/dev/dn-server/services/default.nix mode change 100644 => 100755 system/dev/dn-server/services/docmost.nix mode change 100644 => 100755 system/dev/dn-server/services/forgejo.nix mode change 100644 => 100755 system/dev/dn-server/services/hideTTY.nix mode change 100644 => 100755 system/dev/dn-server/services/keycloak.nix mode change 100644 => 100755 system/dev/dn-server/services/mail-server.nix mode change 100644 => 100755 system/dev/dn-server/services/metrics.nix mode change 100644 => 100755 system/dev/dn-server/services/minecraft-server.nix mode change 100644 => 100755 system/dev/dn-server/services/netbird.nix mode change 100644 => 100755 system/dev/dn-server/services/nextcloud.nix mode change 100644 => 100755 system/dev/dn-server/services/ntfy.nix mode change 100644 => 100755 system/dev/dn-server/services/paperless-ngx.nix mode change 100644 => 100755 system/dev/dn-server/sops/default.nix mode change 100644 => 100755 system/dev/dn-server/sops/secret.yaml mode change 100644 => 100755 system/dev/dn-server/sops/sops-conf.nix mode change 100644 => 100755 system/dev/generic/default.nix mode change 100644 => 100755 system/dev/generic/disk.nix mode change 100644 => 100755 system/dev/generic/hardware-configuration.nix mode change 100644 => 100755 system/dev/public/dn/common.nix mode change 100644 => 100755 system/dev/public/dn/default.nix mode change 100644 => 100755 system/dev/public/dn/ntfy.nix mode change 100644 => 100755 system/dev/public/dn/yubikey.nix mode change 100644 => 100755 system/dev/public/sops/dn-secret.yaml mode change 100644 => 100755 system/dev/public/sops/secret.yaml mode change 100644 => 100755 system/dev/skydrive-lap/common/boot.nix mode change 100644 => 100755 system/dev/skydrive-lap/common/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/common/disk.nix mode change 100644 => 100755 system/dev/skydrive-lap/common/hardware-configuration.nix mode change 100644 => 100755 system/dev/skydrive-lap/common/nvidia.nix mode change 100644 => 100755 system/dev/skydrive-lap/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/games/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/home/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/network/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/network/netbird.nix mode change 100644 => 100755 system/dev/skydrive-lap/sops/default.nix mode change 100644 => 100755 system/dev/skydrive-lap/sops/secret.yaml mode change 100644 => 100755 system/dev/skydrive-lap/sops/sops-conf.nix mode change 100644 => 100755 system/dev/skydrive-lap/utility/default.nix mode change 100644 => 100755 system/extra/ca.crt mode change 100644 => 100755 system/modules/actual/default.nix mode change 100644 => 100755 system/modules/airplay.nix mode change 100644 => 100755 system/modules/auto-mount.nix mode change 100644 => 100755 system/modules/auto-upgrade.nix mode change 100644 => 100755 system/modules/battery-life.nix mode change 100644 => 100755 system/modules/bluetooth.nix mode change 100644 => 100755 system/modules/ca.nix mode change 100644 => 100755 system/modules/cockpit.nix mode change 100644 => 100755 system/modules/crowdsec.nix mode change 100644 => 100755 system/modules/davinci-resolve.nix mode change 100644 => 100755 system/modules/display-manager.nix mode change 100644 => 100755 system/modules/dns-server/default.nix mode change 100644 => 100755 system/modules/docmost.nix mode change 100644 => 100755 system/modules/environment.nix mode change 100644 => 100755 system/modules/fail2ban.nix mode change 100644 => 100755 system/modules/gaming.nix mode change 100644 => 100755 system/modules/gc.nix mode change 100644 => 100755 system/modules/gitea.nix mode change 100644 => 100755 system/modules/gnome.nix mode change 100644 => 100755 system/modules/grafana.nix mode change 100644 => 100755 system/modules/hardware.nix mode change 100644 => 100755 system/modules/hyprland.nix mode change 100644 => 100755 system/modules/internationalisation.nix mode change 100644 => 100755 system/modules/kubernetes.nix mode change 100644 => 100755 system/modules/localsend.nix mode change 100644 => 100755 system/modules/misc.nix mode change 100644 => 100755 system/modules/netbird-client.nix mode change 100644 => 100755 system/modules/netbird-server.nix mode change 100644 => 100755 system/modules/networking.nix mode change 100644 => 100755 system/modules/nextcloud.nix mode change 100644 => 100755 system/modules/niri.nix mode change 100644 => 100755 system/modules/nixsettings.nix mode change 100644 => 100755 system/modules/nvidia.nix mode change 100644 => 100755 system/modules/obs-studio.nix mode change 100644 => 100755 system/modules/opencloud.nix mode change 100644 => 100755 system/modules/openldap.nix mode change 100644 => 100755 system/modules/packages.nix mode change 100644 => 100755 system/modules/paperless-ngx.nix mode change 100644 => 100755 system/modules/plymouth.nix mode change 100644 => 100755 system/modules/polkit.nix mode change 100644 => 100755 system/modules/postgresql.nix mode change 100644 => 100755 system/modules/presets/basic.nix mode change 100644 => 100755 system/modules/presets/minimal.nix mode change 100644 => 100755 system/modules/printer.nix mode change 100644 => 100755 system/modules/programs.nix mode change 100644 => 100755 system/modules/prometheus.nix mode change 100644 => 100755 system/modules/rustdesk-server.nix mode change 100644 => 100755 system/modules/secure-boot.nix mode change 100644 => 100755 system/modules/security.nix mode change 100644 => 100755 system/modules/services.nix mode change 100644 => 100755 system/modules/shells/noctalia/bar.nix mode change 100644 => 100755 system/modules/shells/noctalia/controlCenter.nix mode change 100644 => 100755 system/modules/shells/noctalia/default.nix mode change 100644 => 100755 system/modules/shells/noctalia/sessionMenu.nix mode change 100644 => 100755 system/modules/shells/noctalia/systemMonitor.nix mode change 100644 => 100755 system/modules/shells/noctalia/templates.nix mode change 100644 => 100755 system/modules/sops-nix.nix mode change 100644 => 100755 system/modules/sound.nix mode change 100644 => 100755 system/modules/stalwart.nix mode change 100644 => 100755 system/modules/stylix.nix mode change 100644 => 100755 system/modules/sunshine.nix mode change 100644 => 100755 system/modules/systemd-resolv.nix mode change 100644 => 100755 system/modules/time.nix mode change 100644 => 100755 system/modules/tmux.nix mode change 100644 => 100755 system/modules/users.nix mode change 100644 => 100755 system/modules/vaultwarden.nix mode change 100644 => 100755 system/modules/virtualization.nix mode change 100644 => 100755 system/modules/webcam.nix mode change 100644 => 100755 system/modules/wine.nix mode change 100644 => 100755 system/modules/wireguard.nix diff --git a/.gitignore b/.gitignore old mode 100644 new mode 100755 index 41fbeb0..c41aa9d --- a/.gitignore +++ b/.gitignore @@ -1 +1,3 @@ **/result + +.pre-commit-config.yaml diff --git a/.sops.yaml b/.sops.yaml old mode 100644 new mode 100755 diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/docs/fcitx.md b/docs/fcitx.md old mode 100644 new mode 100755 diff --git a/docs/hyprland.md b/docs/hyprland.md old mode 100644 new mode 100755 diff --git a/docs/yazi.md b/docs/yazi.md old mode 100644 new mode 100755 diff --git a/flake.lock b/flake.lock old mode 100644 new mode 100755 index f0b5fb9..213f672 --- a/flake.lock +++ b/flake.lock @@ -344,6 +344,22 @@ } }, "flake-compat_5": { + "flake": false, + "locked": { + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", + "owner": "NixOS", + "repo": "flake-compat", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_6": { "flake": false, "locked": { "lastModified": 1761588595, @@ -359,7 +375,7 @@ "type": "github" } }, - "flake-compat_6": { + "flake-compat_7": { "flake": false, "locked": { "lastModified": 1747046372, @@ -375,7 +391,7 @@ "type": "github" } }, - "flake-compat_7": { + "flake-compat_8": { "flake": false, "locked": { "lastModified": 1751685974, @@ -639,7 +655,7 @@ }, "flake-utils_8": { "inputs": { - "systems": "systems_11" + "systems": "systems_12" }, "locked": { "lastModified": 1731533236, @@ -693,7 +709,48 @@ "type": "github" } }, + "git-hooks": { + "inputs": { + "flake-compat": "flake-compat_4", + "gitignore": "gitignore", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1767281941, + "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "gitignore": { + "inputs": { + "nixpkgs": [ + "git-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "hyprland", @@ -715,7 +772,7 @@ "type": "github" } }, - "gitignore_2": { + "gitignore_3": { "inputs": { "nixpkgs": [ "lanzaboote", @@ -845,7 +902,7 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_3", "xdph": "xdph" @@ -1268,7 +1325,7 @@ "inputs": { "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_6" }, "locked": { "lastModified": 1764979571, @@ -1312,11 +1369,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1764971746, - "narHash": "sha256-PPwnDjR6ZjPooITfu6SWnoPsj3EV4fLrXk93U2RhjZ0=", + "lastModified": 1767833217, + "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "b0ebfba3a0774cc0b3f3b9a345ebad57de04b666", + "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", "type": "github" }, "original": { @@ -1368,11 +1425,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1764966114, - "narHash": "sha256-nC0Fsu4zSdabdR4tHHMCrTgqLms612eEDy5VCdQVZFk=", + "lastModified": 1767792726, + "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", "owner": "YaLTeR", "repo": "niri", - "rev": "ba29735fbbd8cf8319c71ccb55b54a0580007c80", + "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", "type": "github" }, "original": { @@ -1424,7 +1481,7 @@ }, "nix-minecraft": { "inputs": { - "flake-compat": "flake-compat_6", + "flake-compat": "flake-compat_7", "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" @@ -1447,7 +1504,7 @@ "nix-search-tv": { "inputs": { "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_7" }, "locked": { "lastModified": 1763912269, @@ -1552,11 +1609,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1764831616, - "narHash": "sha256-OtzF5wBvO0jgW1WW1rQU9cMGx7zuvkF7CAVJ1ypzkxA=", + "lastModified": 1767799921, + "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c97c47f2bac4fa59e2cbdeba289686ae615f8ed4", + "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", "type": "github" }, "original": { @@ -1566,6 +1623,22 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1764947035, @@ -1593,6 +1666,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1764947035, + "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a672be65651c80d3f592a89b3945466584a22069", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1767379071, "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", @@ -1608,7 +1697,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { "lastModified": 1764915887, "narHash": "sha256-CeBCJ9BMsuzVgn8GVfuSRZ6xeau7szzG0Xn6O/OxP9M=", @@ -1624,7 +1713,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_7": { "locked": { "lastModified": 1757584362, "narHash": "sha256-XeTX/w16rUNUNBsfaOVCDoMMa7Xu7KvIMT7tn1zIEcg=", @@ -1640,7 +1729,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_8": { "locked": { "lastModified": 1767364772, "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", @@ -1656,7 +1745,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_9": { "locked": { "lastModified": 1764445028, "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", @@ -1672,22 +1761,6 @@ "type": "github" } }, - "nixpkgs_9": { - "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ @@ -1695,11 +1768,11 @@ ] }, "locked": { - "lastModified": 1764990750, - "narHash": "sha256-oC3RAbXX2Yu+zkIQJlWgaT8mdKcv6JDiuI0XIOEGHyo=", + "lastModified": 1767851722, + "narHash": "sha256-33madeYEiounlmTjaTZk3KV0NutlT6qwwf/RgOuIdmQ=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "bdffb0f95941a4dd45287395b0f377e7c7895834", + "rev": "f9cbc7bc57315a92af99dce80385f8e42ccfe64f", "type": "github" }, "original": { @@ -1735,7 +1808,7 @@ }, "nvf": { "inputs": { - "flake-compat": "flake-compat_7", + "flake-compat": "flake-compat_8", "flake-parts": "flake-parts_4", "mnw": "mnw", "ndg": "ndg", @@ -1760,8 +1833,8 @@ }, "pre-commit": { "inputs": { - "flake-compat": "flake-compat_5", - "gitignore": "gitignore_2", + "flake-compat": "flake-compat_6", + "gitignore": "gitignore_3", "nixpkgs": [ "lanzaboote", "nixpkgs" @@ -1783,8 +1856,8 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_4", - "gitignore": "gitignore", + "flake-compat": "flake-compat_5", + "gitignore": "gitignore_2", "nixpkgs": [ "hyprland", "nixpkgs" @@ -1833,6 +1906,7 @@ "caelestia-shell": "caelestia-shell", "disko": "disko", "ghostty": "ghostty", + "git-hooks": "git-hooks", "home-manager": "home-manager", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", @@ -1849,12 +1923,13 @@ "nix-search-tv": "nix-search-tv", "nix-tmodloader": "nix-tmodloader", "nixd": "nixd", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_8", "noctalia": "noctalia", "nvf": "nvf", "rust-overlay": "rust-overlay_3", "sops-nix": "sops-nix", "stylix": "stylix", + "systems": "systems_11", "yazi": "yazi", "zen-browser": "zen-browser" } @@ -1944,7 +2019,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_9" }, "locked": { "lastModified": 1764483358, @@ -2041,6 +2116,20 @@ } }, "systems_11": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "id": "systems", + "type": "indirect" + } + }, + "systems_12": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2338,11 +2427,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1764721075, - "narHash": "sha256-ChH4nq0cMEEkzkHqKlQt5Z7wxrk8ybcEHuA1YKAYmV0=", + "lastModified": 1767830382, + "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "1b918e29b419e89910014054e8b71d54c9235ea5", + "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", "type": "github" }, "original": { @@ -2354,7 +2443,7 @@ "yazi": { "inputs": { "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_9", + "nixpkgs": "nixpkgs_10", "rust-overlay": "rust-overlay_4" }, "locked": { @@ -2381,11 +2470,11 @@ ] }, "locked": { - "lastModified": 1764995001, - "narHash": "sha256-jx0CmXLSJP0kttcrh7AvTMttS5gbst44h03Xe2fBCmM=", + "lastModified": 1767763594, + "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "298788c28f8e1d912a678ab4108383c1ac979801", + "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix old mode 100644 new mode 100755 index 5d43f62..d67648e --- a/flake.nix +++ b/flake.nix @@ -134,6 +134,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; + git-hooks.url = "github:cachix/git-hooks.nix"; + # ==== Shell ==== # caelestia-shell = { url = "github:caelestia-dots/shell"; @@ -144,34 +146,35 @@ url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; - }; outputs = { self, nixpkgs, + systems, ... }@inputs: let inherit (builtins) mapAttrs; + forEachSystem = nixpkgs.lib.genAttrs (import systems); hosts = { dn-pre7780 = { system = "x86_64-linux"; - path = ./system/dev/dn-pre7780; + confPath = ./system/dev/dn-pre7780; }; dn-server = { system = "x86_64-linux"; - path = ./system/dev/dn-server; + confPath = ./system/dev/dn-server; }; dn-lap = { system = "x86_64-linux"; - path = ./system/dev/dn-lap; + confPath = ./system/dev/dn-lap; }; skydrive-lap = { system = "x86_64-linux"; - path = ./system/dev/skydrive-lap; + confPath = ./system/dev/skydrive-lap; }; }; in @@ -181,7 +184,7 @@ mapAttrs ( hostname: conf: let - inherit (conf) path system; + inherit (conf) confPath system; pkgs = import nixpkgs { inherit system; }; @@ -232,12 +235,47 @@ ./options # ==== Private Configuration ==== # - (import path { inherit hostname; }) + (import confPath { inherit hostname; }) ]; } ) hosts ); + formatter = forEachSystem ( + system: + let + pkgs = nixpkgs.legacyPackages.${system}; + config = self.checks.${system}.pre-commit-check.config; + inherit (config) package configFile; + script = '' + ${pkgs.lib.getExe package} run --all-files --config ${configFile} + ''; + in + pkgs.writeShellScriptBin "pre-commit-run" script + ); + + checks = forEachSystem (system: { + pre-commit-check = inputs.git-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixfmt.enable = true; + }; + }; + }); + + devShells = forEachSystem (system: { + default = + let + pkgs = import nixpkgs { inherit system; }; + inherit (self.checks.${system}.pre-commit-check) shellHook enabledPackages; + in + pkgs.mkShell { + inherit shellHook; + name = "nixos"; + buildInputs = enabledPackages; + }; + }); + # ==== MicroVM Packages ==== # # packages."${system}" = { # vm-1 = self.nixosConfigurations.vm-1.config.microvm.declaredRunner; diff --git a/helper/default.nix b/helper/default.nix old mode 100644 new mode 100755 diff --git a/home/config/.face b/home/config/.face old mode 100644 new mode 100755 diff --git a/home/config/firefox/autohide_toolbox.css b/home/config/firefox/autohide_toolbox.css old mode 100644 new mode 100755 diff --git a/home/config/firefox/nightTab.json b/home/config/firefox/nightTab.json old mode 100644 new mode 100755 diff --git a/home/config/fish/functions/fish_prompt.fish b/home/config/fish/functions/fish_prompt.fish old mode 100644 new mode 100755 diff --git a/home/config/gh/config.yaml b/home/config/gh/config.yaml old mode 100644 new mode 100755 diff --git a/home/config/ghostty/shader/mnoise.glsl b/home/config/ghostty/shader/mnoise.glsl old mode 100644 new mode 100755 diff --git a/home/config/rofi/apps.rasi b/home/config/rofi/apps.rasi old mode 100644 new mode 100755 diff --git a/home/config/rofi/config.rasi b/home/config/rofi/config.rasi old mode 100644 new mode 100755 diff --git a/home/config/rofi/gruvbox-material.rasi b/home/config/rofi/gruvbox-material.rasi old mode 100644 new mode 100755 diff --git a/home/config/tmux.yaml b/home/config/tmux.yaml old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/hibernate.svg b/home/config/wlogout/icons/hibernate.svg old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/lock.svg b/home/config/wlogout/icons/lock.svg old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/logout.svg b/home/config/wlogout/icons/logout.svg old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/reboot.svg b/home/config/wlogout/icons/reboot.svg old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/shutdown.svg b/home/config/wlogout/icons/shutdown.svg old mode 100644 new mode 100755 diff --git a/home/config/wlogout/icons/suspend.svg b/home/config/wlogout/icons/suspend.svg old mode 100644 new mode 100755 diff --git a/home/config/zen/zen-keyboard-shortcuts.json b/home/config/zen/zen-keyboard-shortcuts.json old mode 100644 new mode 100755 diff --git a/home/options/default.nix b/home/options/default.nix old mode 100644 new mode 100755 diff --git a/home/options/hyprlock.nix b/home/options/hyprlock.nix old mode 100644 new mode 100755 diff --git a/home/options/noctalia.nix b/home/options/noctalia.nix old mode 100644 new mode 100755 diff --git a/home/options/ntfy-client.nix b/home/options/ntfy-client.nix old mode 100644 new mode 100755 diff --git a/home/options/sunsetr.nix b/home/options/sunsetr.nix old mode 100644 new mode 100755 diff --git a/home/presets/basic.nix b/home/presets/basic.nix old mode 100644 new mode 100755 diff --git a/home/scripts/md2html.nix b/home/scripts/md2html.nix old mode 100644 new mode 100755 diff --git a/home/scripts/memeSelector.nix b/home/scripts/memeSelector.nix old mode 100644 new mode 100755 index 7b90a36..824d523 --- a/home/scripts/memeSelector.nix +++ b/home/scripts/memeSelector.nix @@ -3,68 +3,68 @@ url, ... }: -pkgs.writers.writePython3Bin "memeSelector" {libraries = with pkgs.python3Packages; [requests];} -'' - import requests - import xml.etree.ElementTree as ET - import urllib.parse - import sys - import os - import tempfile - import subprocess +pkgs.writers.writePython3Bin "memeSelector" { libraries = with pkgs.python3Packages; [ requests ]; } + '' + import requests + import xml.etree.ElementTree as ET + import urllib.parse + import sys + import os + import tempfile + import subprocess - BASE_URL = "${url}" - headers = {"Depth": "1"} - resp = requests.request( - "PROPFIND", - BASE_URL, - headers=headers, - verify="${"" + ../../system/extra/ca.crt}" - ) + BASE_URL = "${url}" + headers = {"Depth": "1"} + resp = requests.request( + "PROPFIND", + BASE_URL, + headers=headers, + verify="${"" + ../../system/extra/ca.crt}" + ) - if resp.status_code not in (200, 207): - print(f"Error: Http {resp.status_code}") - sys.exit(1) + if resp.status_code not in (200, 207): + print(f"Error: Http {resp.status_code}") + sys.exit(1) - root = ET.fromstring(resp.text) - ns = {"d": "DAV:"} + root = ET.fromstring(resp.text) + ns = {"d": "DAV:"} - files = [] - for href in root.findall(".//d:href", ns): - path = href.text - if not path: - continue - filename = urllib.parse.unquote(path.split("/")[-1]) + files = [] + for href in root.findall(".//d:href", ns): + path = href.text + if not path: + continue + filename = urllib.parse.unquote(path.split("/")[-1]) - if filename and not filename.endswith("/"): - files.append(filename) + if filename and not filename.endswith("/"): + files.append(filename) - if not files: - print("No files found") - sys.exit(0) + if not files: + print("No files found") + sys.exit(0) - rofi = subprocess.run( - ["rofi", "-i", "-dmenu", "-p", "Meme"], - input="\n".join(files).encode(), - stdout=subprocess.PIPE - ) + rofi = subprocess.run( + ["rofi", "-i", "-dmenu", "-p", "Meme"], + input="\n".join(files).encode(), + stdout=subprocess.PIPE + ) - selected = rofi.stdout.decode().strip() - if not selected: - sys.exit(0) + selected = rofi.stdout.decode().strip() + if not selected: + sys.exit(0) - url = BASE_URL + urllib.parse.quote(selected) - tmpfile = os.path.join(tempfile.gettempdir(), selected) + url = BASE_URL + urllib.parse.quote(selected) + tmpfile = os.path.join(tempfile.gettempdir(), selected) - subprocess.run(["wget", "-q", "-O", tmpfile, url], check=True) + subprocess.run(["wget", "-q", "-O", tmpfile, url], check=True) - with open(tmpfile, "rb") as f: - subprocess.run("wl-copy", stdin=f) + with open(tmpfile, "rb") as f: + subprocess.run("wl-copy", stdin=f) - subprocess.run([ - "notify-send", - "-i", tmpfile, - "Meme Copied: ", - f"{selected}" - ]) -'' + subprocess.run([ + "notify-send", + "-i", tmpfile, + "Meme Copied: ", + f"{selected}" + ]) + '' diff --git a/home/scripts/mkWall.nix b/home/scripts/mkWall.nix old mode 100644 new mode 100755 diff --git a/home/scripts/ntfy.nix b/home/scripts/ntfy.nix old mode 100644 new mode 100755 diff --git a/home/scripts/rbwSelector.nix b/home/scripts/rbwSelector.nix old mode 100644 new mode 100755 diff --git a/home/scripts/record.nix b/home/scripts/record.nix old mode 100644 new mode 100755 diff --git a/home/scripts/remoteRebuild.nix b/home/scripts/remoteRebuild.nix old mode 100644 new mode 100755 diff --git a/home/scripts/rofiwall.nix b/home/scripts/rofiwall.nix old mode 100644 new mode 100755 diff --git a/home/user/bitwarden.nix b/home/user/bitwarden.nix old mode 100644 new mode 100755 diff --git a/home/user/config.nix b/home/user/config.nix old mode 100644 new mode 100755 diff --git a/home/user/direnv.nix b/home/user/direnv.nix old mode 100644 new mode 100755 diff --git a/home/user/environment.nix b/home/user/environment.nix old mode 100644 new mode 100755 diff --git a/home/user/firefox.nix b/home/user/firefox.nix old mode 100644 new mode 100755 diff --git a/home/user/ghostty.nix b/home/user/ghostty.nix old mode 100644 new mode 100755 diff --git a/home/user/git.nix b/home/user/git.nix old mode 100644 new mode 100755 diff --git a/home/user/gtk.nix b/home/user/gtk.nix old mode 100644 new mode 100755 diff --git a/home/user/hypr/bind.nix b/home/user/hypr/bind.nix old mode 100644 new mode 100755 diff --git a/home/user/hypr/input.nix b/home/user/hypr/input.nix old mode 100644 new mode 100755 diff --git a/home/user/hypr/window.nix b/home/user/hypr/window.nix old mode 100644 new mode 100755 diff --git a/home/user/hypr/windowrule.nix b/home/user/hypr/windowrule.nix old mode 100644 new mode 100755 diff --git a/home/user/hypr/workspace.nix b/home/user/hypr/workspace.nix old mode 100644 new mode 100755 diff --git a/home/user/hyprland.nix b/home/user/hyprland.nix old mode 100644 new mode 100755 diff --git a/home/user/internationalisation.nix b/home/user/internationalisation.nix old mode 100644 new mode 100755 diff --git a/home/user/music-production.nix b/home/user/music-production.nix old mode 100644 new mode 100755 diff --git a/home/user/nvf/default.nix b/home/user/nvf/default.nix old mode 100644 new mode 100755 index 9c73d8a..8613edf --- a/home/user/nvf/default.nix +++ b/home/user/nvf/default.nix @@ -7,8 +7,9 @@ ... }: let + inherit (builtins) concatStringsSep; inherit (lib.generators) mkLuaInline; - inherit (lib) concatStringsSep optionalString; + inherit (lib) optionalString; suda-nvim = pkgs.vimUtils.buildVimPlugin { name = "vim-suda"; @@ -369,11 +370,11 @@ in formatter = { conform-nvim = { enable = true; - setupOpts = { - formatters_by_ft = { - nix = [ "nixfmt" ]; - }; - }; + # setupOpts = { + # formatters_by_ft = { + # nix = [ "nixfmt" ]; + # }; + # }; }; }; @@ -420,7 +421,10 @@ in nix = { enable = true; extraDiagnostics.enable = false; - format.enable = false; # Manually configured in conform-nvim + format = { + type = [ "nixfmt" ]; + enable = true; + }; lsp.servers = [ "nixd" ]; }; sql.enable = true; diff --git a/home/user/nvf/extra-lsp.nix b/home/user/nvf/extra-lsp.nix old mode 100644 new mode 100755 diff --git a/home/user/nvf/plugins/leetcode/default.nix b/home/user/nvf/plugins/leetcode/default.nix old mode 100644 new mode 100755 diff --git a/home/user/nvf/plugins/lualine/default.nix b/home/user/nvf/plugins/lualine/default.nix old mode 100644 new mode 100755 diff --git a/home/user/nvf/plugins/snacks-nvim/default.nix b/home/user/nvf/plugins/snacks-nvim/default.nix old mode 100644 new mode 100755 diff --git a/home/user/nvf/plugins/snacks-nvim/keymaps.nix b/home/user/nvf/plugins/snacks-nvim/keymaps.nix old mode 100644 new mode 100755 diff --git a/home/user/packages.nix b/home/user/packages.nix old mode 100644 new mode 100755 diff --git a/home/user/podman.nix b/home/user/podman.nix old mode 100644 new mode 100755 diff --git a/home/user/shell.nix b/home/user/shell.nix old mode 100644 new mode 100755 diff --git a/home/user/shellAlias.nix b/home/user/shellAlias.nix old mode 100644 new mode 100755 diff --git a/home/user/shells/caelestia.nix b/home/user/shells/caelestia.nix old mode 100644 new mode 100755 diff --git a/home/user/tmux.nix b/home/user/tmux.nix old mode 100644 new mode 100755 diff --git a/home/user/virtualization.nix b/home/user/virtualization.nix old mode 100644 new mode 100755 diff --git a/home/user/vscode.nix b/home/user/vscode.nix old mode 100644 new mode 100755 diff --git a/home/user/wallpaper-engine.nix b/home/user/wallpaper-engine.nix old mode 100644 new mode 100755 diff --git a/home/user/waybar.nix b/home/user/waybar.nix old mode 100644 new mode 100755 diff --git a/home/user/wlogout.nix b/home/user/wlogout.nix old mode 100644 new mode 100755 diff --git a/home/user/wm-service.nix b/home/user/wm-service.nix old mode 100644 new mode 100755 diff --git a/home/user/yazi.nix b/home/user/yazi.nix old mode 100644 new mode 100755 diff --git a/home/user/zellij.nix b/home/user/zellij.nix old mode 100644 new mode 100755 diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix old mode 100644 new mode 100755 diff --git a/options/default.nix b/options/default.nix old mode 100644 new mode 100755 diff --git a/options/systemconf.nix b/options/systemconf.nix old mode 100644 new mode 100755 diff --git a/pkgs/assets/discord.svg b/pkgs/assets/discord.svg old mode 100644 new mode 100755 diff --git a/pkgs/assets/peepoLeave.gif.base64 b/pkgs/assets/peepoLeave.gif.base64 old mode 100644 new mode 100755 diff --git a/pkgs/fonts/dfkai-sb/default.nix b/pkgs/fonts/dfkai-sb/default.nix old mode 100644 new mode 100755 diff --git a/pkgs/fonts/sf-pro-display-bold/default.nix b/pkgs/fonts/sf-pro-display-bold/default.nix old mode 100644 new mode 100755 diff --git a/pkgs/overlays/default.nix b/pkgs/overlays/default.nix old mode 100644 new mode 100755 diff --git a/pkgs/overlays/powerdns-admin.nix b/pkgs/overlays/powerdns-admin.nix old mode 100644 new mode 100755 diff --git a/pkgs/overlays/stalwart-mail/default.nix b/pkgs/overlays/stalwart-mail/default.nix old mode 100644 new mode 100755 diff --git a/pkgs/overlays/stalwart-mail/enable_root_ca.patch b/pkgs/overlays/stalwart-mail/enable_root_ca.patch old mode 100644 new mode 100755 diff --git a/pkgs/overlays/vesktop.nix b/pkgs/overlays/vesktop.nix old mode 100644 new mode 100755 diff --git a/pkgs/patches/splash.patch b/pkgs/patches/splash.patch old mode 100644 new mode 100755 diff --git a/preview.png b/preview.png old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/common/boot.nix b/system/dev/dn-lap/common/boot.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/common/default.nix b/system/dev/dn-lap/common/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/common/hardware-configuration.nix b/system/dev/dn-lap/common/hardware-configuration.nix old mode 100644 new mode 100755 index bb2d14f..39eee71 --- a/system/dev/dn-lap/common/hardware-configuration.nix +++ b/system/dev/dn-lap/common/hardware-configuration.nix @@ -1,28 +1,42 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "uas" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; swapDevices = [ { device = "/dev/disk/by-label/swap"; } @@ -36,6 +50,5 @@ # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = - lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/system/dev/dn-lap/default.nix b/system/dev/dn-lap/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/games/default.nix b/system/dev/dn-lap/games/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/home/default.nix b/system/dev/dn-lap/home/default.nix old mode 100644 new mode 100755 index 368e8db..d37f782 --- a/system/dev/dn-lap/home/default.nix +++ b/system/dev/dn-lap/home/default.nix @@ -55,10 +55,6 @@ in imports = [ ../../../../home/presets/basic.nix - (import ../../../../home/user/bitwarden.nix { - email = "danny@net.dn"; - baseUrl = "https://bitwarden.net.dn"; - }) # waybar (import ../../../../home/user/waybar.nix { diff --git a/system/dev/dn-lap/network/default.nix b/system/dev/dn-lap/network/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/office/default.nix b/system/dev/dn-lap/office/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/services/default.nix b/system/dev/dn-lap/services/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/sops/default.nix b/system/dev/dn-lap/sops/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/sops/secret.yaml b/system/dev/dn-lap/sops/secret.yaml old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/sops/sops-conf.nix b/system/dev/dn-lap/sops/sops-conf.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/utility/default.nix b/system/dev/dn-lap/utility/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-lap/virtualisation/default.nix b/system/dev/dn-lap/virtualisation/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/common/boot.nix b/system/dev/dn-pre7780/common/boot.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/common/default.nix b/system/dev/dn-pre7780/common/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/common/hardware-configuration.nix b/system/dev/dn-pre7780/common/hardware-configuration.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/common/nvidia.nix b/system/dev/dn-pre7780/common/nvidia.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/expr/default.nix b/system/dev/dn-pre7780/expr/default.nix old mode 100644 new mode 100755 index 6f80563..dec4e60 --- a/system/dev/dn-pre7780/expr/default.nix +++ b/system/dev/dn-pre7780/expr/default.nix @@ -1,5 +1,6 @@ { imports = [ # ./osx-kvm.nix + ./noise-cancel.nix ]; } diff --git a/system/dev/dn-pre7780/expr/noise-cancel.nix b/system/dev/dn-pre7780/expr/noise-cancel.nix new file mode 100755 index 0000000..d6548bf --- /dev/null +++ b/system/dev/dn-pre7780/expr/noise-cancel.nix @@ -0,0 +1,4 @@ +{ ... }: +{ + programs.noisetorch.enable = true; +} diff --git a/system/dev/dn-pre7780/expr/osx-kvm.nix b/system/dev/dn-pre7780/expr/osx-kvm.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/expr/vm-settings.nix b/system/dev/dn-pre7780/expr/vm-settings.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/expr/vm.nix b/system/dev/dn-pre7780/expr/vm.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/games/default.nix b/system/dev/dn-pre7780/games/default.nix old mode 100644 new mode 100755 index d11d1c4..4ddf930 --- a/system/dev/dn-pre7780/games/default.nix +++ b/system/dev/dn-pre7780/games/default.nix @@ -3,5 +3,6 @@ ../../../modules/gaming.nix ./shadps4.nix ./minecraft.nix + ./heroic.nix ]; } diff --git a/system/dev/dn-pre7780/games/heroic.nix b/system/dev/dn-pre7780/games/heroic.nix new file mode 100755 index 0000000..3ce7bb7 --- /dev/null +++ b/system/dev/dn-pre7780/games/heroic.nix @@ -0,0 +1,10 @@ +{ pkgs, ... }: +{ + home-manager.sharedModules = [ + { + home.packages = with pkgs; [ + heroic + ]; + } + ]; +} diff --git a/system/dev/dn-pre7780/games/minecraft.nix b/system/dev/dn-pre7780/games/minecraft.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/games/shadps4.nix b/system/dev/dn-pre7780/games/shadps4.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix old mode 100644 new mode 100755 index 7d1588a..cdc87da --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -126,12 +126,6 @@ in ./expr ./wm - # Bitwarden client - (import ../../../../home/user/bitwarden.nix { - email = "danny@net.dn"; - baseUrl = "https://bitwarden.net.dn"; - }) - # waybar (import ../../../../home/user/waybar.nix { matchByDesc = true; diff --git a/system/dev/dn-pre7780/home/expr/default.nix b/system/dev/dn-pre7780/home/expr/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/home/expr/helix.nix b/system/dev/dn-pre7780/home/expr/helix.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/home/wm/default.nix b/system/dev/dn-pre7780/home/wm/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/home/wm/hyprland.nix b/system/dev/dn-pre7780/home/wm/hyprland.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/network/default.nix b/system/dev/dn-pre7780/network/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/services/mail.nix b/system/dev/dn-pre7780/services/mail.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/services/nextcloud.nix b/system/dev/dn-pre7780/services/nextcloud.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/services/nginx.nix b/system/dev/dn-pre7780/services/nginx.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/services/pangolin.nix b/system/dev/dn-pre7780/services/pangolin.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/sops/default.nix b/system/dev/dn-pre7780/sops/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/sops/sops-conf.nix b/system/dev/dn-pre7780/sops/sops-conf.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/utility/airplay.nix b/system/dev/dn-pre7780/utility/airplay.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/utility/blender.nix b/system/dev/dn-pre7780/utility/blender.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/utility/davinci-resolve.nix b/system/dev/dn-pre7780/utility/davinci-resolve.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/utility/default.nix b/system/dev/dn-pre7780/utility/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/virtualisation/default.nix b/system/dev/dn-pre7780/virtualisation/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-pre7780/virtualisation/kvm.nix b/system/dev/dn-pre7780/virtualisation/kvm.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/backup.nix b/system/dev/dn-server/common/backup.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/boot.nix b/system/dev/dn-server/common/boot.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/default.nix b/system/dev/dn-server/common/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/hardware-configuration.nix b/system/dev/dn-server/common/hardware-configuration.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/networking.nix b/system/dev/dn-server/common/networking.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/common/nvidia.nix b/system/dev/dn-server/common/nvidia.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/home/default.nix b/system/dev/dn-server/home/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/network/default.nix b/system/dev/dn-server/network/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/network/nginx.nix b/system/dev/dn-server/network/nginx.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix old mode 100644 new mode 100755 index 3a69a42..f67a42d --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -5,9 +5,11 @@ ... }: let + inherit (builtins) concatStringsSep; inherit (config.systemConf) username security; - inherit (lib) concatStringsSep mkForce optionalString; + inherit (lib) mkForce optionalString; inherit (helper.nftables) mkElementsStatement; + netbirdCfg = config.services.netbird; ethInterface = "enp0s31f6"; diff --git a/system/dev/dn-server/network/step-ca.nix b/system/dev/dn-server/network/step-ca.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/network/wireguard.nix b/system/dev/dn-server/network/wireguard.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/nix/atticd.nix b/system/dev/dn-server/nix/atticd.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/nix/default.nix b/system/dev/dn-server/nix/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/options/default.nix b/system/dev/dn-server/options/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/options/network.nix b/system/dev/dn-server/options/network.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/security/crowdsec.nix b/system/dev/dn-server/security/crowdsec.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/security/default.nix b/system/dev/dn-server/security/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/security/fail2ban.nix b/system/dev/dn-server/security/fail2ban.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/actual-budget.nix b/system/dev/dn-server/services/actual-budget.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/bitwarden.nix b/system/dev/dn-server/services/bitwarden.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/docmost.nix b/system/dev/dn-server/services/docmost.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/forgejo.nix b/system/dev/dn-server/services/forgejo.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/hideTTY.nix b/system/dev/dn-server/services/hideTTY.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/keycloak.nix b/system/dev/dn-server/services/keycloak.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/minecraft-server.nix b/system/dev/dn-server/services/minecraft-server.nix old mode 100644 new mode 100755 index 98e2905..1eeb44b --- a/system/dev/dn-server/services/minecraft-server.nix +++ b/system/dev/dn-server/services/minecraft-server.nix @@ -27,6 +27,7 @@ in "mods" = "${modpack}/mods"; }; serverProperties = { + server-port = 25565; difficulty = 3; gamemode = "survival"; diff --git a/system/dev/dn-server/services/netbird.nix b/system/dev/dn-server/services/netbird.nix old mode 100644 new mode 100755 index 9eac81c..c83978e --- a/system/dev/dn-server/services/netbird.nix +++ b/system/dev/dn-server/services/netbird.nix @@ -10,8 +10,7 @@ let cfg = config.services.netbird; srv = cfg.server; - # TODO: Change realm to master - realm = "netbird"; + realm = "master"; in { sops.secrets."netbird/wt0-setupKey" = { @@ -30,7 +29,7 @@ in inherit realm vDomain; domain = "netbird.${domain}"; oidcURL = "https://${config.services.keycloak.settings.hostname}"; - enableNginx = false; + enableNginx = true; oidcType = "keycloak"; }) ]; @@ -71,49 +70,11 @@ in real_ip_recursive on; ''; - services.nginx.virtualHosts."netbird.local" = { - locations = { - "/" = { - root = cfg.server.dashboard.finalDrv; - tryFiles = "$uri $uri.html $uri/ =404"; - }; - - "/404.html".extraConfig = '' - internal; - ''; - - "/api" = { - extraConfig = '' - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - ''; - proxyPass = "http://127.0.0.1:${builtins.toString srv.management.port}"; - }; - - "/management.ManagementService/".extraConfig = '' - client_body_timeout 1d; - - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - grpc_pass grpc://127.0.0.1:${builtins.toString srv.management.port}; - grpc_read_timeout 1d; - grpc_send_timeout 1d; - grpc_socket_keepalive on; - ''; - - "/signalexchange.SignalExchange/".extraConfig = '' - client_body_timeout 1d; - - grpc_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - - grpc_pass grpc://127.0.0.1:${builtins.toString srv.signal.port}; - grpc_read_timeout 1d; - grpc_send_timeout 1d; - grpc_socket_keepalive on; + services.nginx.virtualHosts."${srv.domain}" = { + locations."/api" = { + extraConfig = '' + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; }; - - extraConfig = '' - error_page 404 /404.html; - ''; }; } diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/ntfy.nix b/system/dev/dn-server/services/ntfy.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/services/paperless-ngx.nix b/system/dev/dn-server/services/paperless-ngx.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/sops/default.nix b/system/dev/dn-server/sops/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml old mode 100644 new mode 100755 index f028377..5cf0bc6 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -3,7 +3,7 @@ wireguard: wg1.conf: ENC[AES256_GCM,data:Wq8PgaNaEZNYpxqC2sO9CY+Cc+Qsk+sWpQ43FkjXqY5rSYo7rSjzN3sde44ba2IY85Dwyo+TKNp+mmLnjDM3Bgxb3h/sLLEJRwVGS1lU7GQKuT2ZL3MupnKVYXyK/2VmP+Umfw75AHYeMM809HRr7UroDEFQEll3DVqNqWSJRAll2hR14lnxUQpZIewMWTerEE0b+SEADXhPCOsgTUXFxJMtXTfsifGjf0HO2sLrW7EQvMxuiTvSCwosUilc/HgaA/+vNm+UkZ3pSwybYm9fIFvEu0IEqHuLyvy41J70DdxFdS9mNAcYcpeOFrTR4BE6NQ==,iv:zgyIqdH9OWEXPNkHs94Tcet16zvbxV7rbkwzVybkQBc=,tag:GJgAAGyrAhhaxVmcsT/reA==,type:str] netbird: oidc: - secret: ENC[AES256_GCM,data:zZ8zuDqUdZANk1VV44kfp/Y4eXxJDwead9440QJma4Q=,iv:d6/RSEtuhqL+RQDuOQMJhyC9U9ikcasEz0DIdtaBtKg=,tag:8be6FBymbIN+To0dFz2ncA==,type:str] + secret: ENC[AES256_GCM,data:6LEiompRgmip9NJUSHBevdwbnDhR3IXrSSorK7ToNlk=,iv:UshQW7lNdXZ6K/LX4prpRhZXTItXSM9fEIkJhOysYtc=,tag:aOrs44I7DbDQmdioB64Peg==,type:str] dataStoreKey: ENC[AES256_GCM,data:FGyqII1DZMtImMtWiUx0e1I4J+yMzrWKwhBB6kjmRHqlLz8Oy+C/zCM5SQ8=,iv:AXD8u9vcha8CSRnMPabtdXDQoeqpqKIbWGwfcgIc8Dw=,tag:3nSIt0V+G6NJQ7JSslNOWg==,type:str] coturn: password: ENC[AES256_GCM,data:AMWBkWLcj1EFfufl8pALpVOG0PE=,iv:sngIedZE4X8clhGIsQyiGKbdsheRbEqeU57Emz2DWJM=,tag:daRLPNrO5fq84rtieYuYYw==,type:str] @@ -19,7 +19,7 @@ nextcloud: backendsecret: ENC[AES256_GCM,data:pV5yw755RkAwHBdmfeP37/SobFZqJouWyIiRJ+Y2mk0iiVdW04vhYVsyjcI=,iv:NhkewgnyE2Dw8mQMMSq6AWo6IOWu8BlyPZvZAszyZuQ=,tag:BlZO15qZWViV8pCWIgZHZQ==,type:str] step_ca: password: ENC[AES256_GCM,data:3NtUAl344gHiXLlMl88X17Vsm/4OKFM0W8bntzbXC0U=,iv:q9cWW8xTxYQnRYohBxnPIsbVSpvkZYVpYLRVeZgmsRM=,tag:ibumK7ebPKNO/CXAS0eeRA==,type:str] -vaultwarden: ENC[AES256_GCM,data:5gn2+IYznojrYbmzCJx17qAlBvJBv3CnMEZensyep9JpKEHVz29teOYDh5Zetv0mSrgmrUxCTdNsm0OZCX9EswhslNl5ay6zkhoL+64JIyUcNFWcvu7oD2w1qynWgz41GS2yzuw91LntN4mcpODKhHNN8XFCU9d71Z9zTSIdWn2PoG8wME2hVBJ2YxLpqzDyJYlkWYf4VYUnn9vXZatZqQd0n7bjx3dgX3ogFG/UNfMAs2oLCfuYLkxBqpR2cGNktIxWctCEAWwG68Pfk7X66KMi5w==,iv:JcExp8YkGwV2nMbCK+n0KSL3+SryJZ0iKtVcU/Q+Cgs=,tag:Ut6ahXVAuOKlcwk6DE56Ig==,type:str] +vaultwarden: ENC[AES256_GCM,data:h8GFyXRMI51DZutX60up4vXTQLNY3q0pr+BWpZ5frJHwy6PVBTYts81K0aTIIU71epT4SVR3p3e8yUdU7jXS1Tw1ol0RnPL+bBNv7JyUede9mkrP4pnozmuCQqOdlHCaUvYyIoWFPrLiz/drXX7gJvWh6zYTTFn9mQ3wQE9J6rxoLzbMyS6raSn2O8Ke+YM0VRXYgVvsyEL3Aa0wV3qO5NDCZ67rZp4TG5U8tOrziw0gnKU3eBCuNyL/uU/7ySvfdxwv631vEi24+dxN+Kx6rlaJpJIywx9xxxoRhOz5TrHzptqRMWpg2GZL5qdVXiUxqYLgC3s7Ri0P2BwOslteO6Z6NXk0HSravbpz3sevEu+bRS7u2MLvL3keP48+EBsXNebnKY7nfqCoIPUQ86CIVGw5fNI+irnRR8kq6oV0MBDGXu6DgmzKV7crFp65zzVSqfFOntVYSqgtQnnM1CmkuGJD,iv:51zbASyFgprzYCMswiEM81p8C0kFhSc28VavCHqRsF0=,tag:LvcY2DbeA71/PXEnjph3dw==,type:str] ldap: password: ENC[AES256_GCM,data:gz5WBopSffGyvJxKDPekPQ==,iv:bX7N9/oNMhtE/KbPah2ge4s87P2VsxHGoFkOyl83dxs=,tag:YoTe6NPAJgp/0nvhHC9Y5A==,type:str] env: ENC[AES256_GCM,data:68EvTHeBqtCVfde5oO+Wzny+l/YIMWQmbcNQ0Wl59EjMrSlJM0rmFm2lMJpxKzCN2cFs0N2z6zG1/eQ9t/SxxyVBrNA6ECnCZrerIo2YGlaT30tc1rffpd8TchMH1VKP5qHnbLUqORMx5z0LR4U49l2HVcHgSCjt/1f127oMi411vIU=,iv:+m1F0CBaoJGv6Z1u+h6rbsXGPUhxgHouTalj13ccJiY=,tag:I/hK65yPaIcgHEZVaXJHBA==,type:str] @@ -89,7 +89,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-07T08:19:02Z" - mac: ENC[AES256_GCM,data:hWVuAT2P1vXtSWUiCYh52vr2FY60611QlO+lNf9GbB98Tzk6K3/RaEtQR8a1KVGz9qoJFwxRk0jm9Mo78ezxaCmjePWklyDYFTPGCcBZbPNGTcZfiCfp5yzFGDbGsR2s3nVDHP+a+BIwIWYEJZz2T4Gi/sPK2rUwGdvq6b0rnKQ=,iv:trEF/xsJobs87q96BdRxDkZHmInEU9krhUQiMvNu87g=,tag:PkYNLlnl72J+dxgnWhvWAw==,type:str] + lastmodified: "2026-01-09T04:59:21Z" + mac: ENC[AES256_GCM,data:NIHLAoNatyAhKHwCNdRGMR8+rUv00y/ssoGSQlq9/QayYt/GATfelgNwcqksSWf/db5v+Jz92bbk3RT9SKeoMWRxjm+8xzARbjhHGrzxAeLoerGPjQpEpkYYWbFC2ihSODrE+ar3HskAkQmVxmiGKEtYSg3+X2hiEy6ydZkP5Ps=,iv:mAyO820PpeG6NWQlmQf+l9MLIL4OTGJXCBSqYbmozZk=,tag:+Bex5hyAGBXiFoqxqVtaqg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-server/sops/sops-conf.nix b/system/dev/dn-server/sops/sops-conf.nix old mode 100644 new mode 100755 index e123c75..97535c1 --- a/system/dev/dn-server/sops/sops-conf.nix +++ b/system/dev/dn-server/sops/sops-conf.nix @@ -6,7 +6,6 @@ in sops.secrets = { "wireguard/privateKey" = { }; "step_ca/password" = { }; - vaultwarden = { }; "oauth/password" = { }; "oauth/adminEnv" = { }; "ldap/password" = lib.mkIf config.mail-server.enable { diff --git a/system/dev/generic/default.nix b/system/dev/generic/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/generic/disk.nix b/system/dev/generic/disk.nix old mode 100644 new mode 100755 diff --git a/system/dev/generic/hardware-configuration.nix b/system/dev/generic/hardware-configuration.nix old mode 100644 new mode 100755 index d2ae606..44a9a05 --- a/system/dev/generic/hardware-configuration.nix +++ b/system/dev/generic/hardware-configuration.nix @@ -1,12 +1,21 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { imports = [ ]; - boot.initrd.availableKernelModules = [ "virtio_scsi" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "virtio_scsi" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/system/dev/public/dn/common.nix b/system/dev/public/dn/common.nix old mode 100644 new mode 100755 diff --git a/system/dev/public/dn/default.nix b/system/dev/public/dn/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/public/dn/ntfy.nix b/system/dev/public/dn/ntfy.nix old mode 100644 new mode 100755 diff --git a/system/dev/public/dn/yubikey.nix b/system/dev/public/dn/yubikey.nix old mode 100644 new mode 100755 diff --git a/system/dev/public/sops/dn-secret.yaml b/system/dev/public/sops/dn-secret.yaml old mode 100644 new mode 100755 diff --git a/system/dev/public/sops/secret.yaml b/system/dev/public/sops/secret.yaml old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/common/boot.nix b/system/dev/skydrive-lap/common/boot.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/common/default.nix b/system/dev/skydrive-lap/common/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/common/disk.nix b/system/dev/skydrive-lap/common/disk.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/common/hardware-configuration.nix b/system/dev/skydrive-lap/common/hardware-configuration.nix old mode 100644 new mode 100755 index 0555636..c2aec52 --- a/system/dev/skydrive-lap/common/hardware-configuration.nix +++ b/system/dev/skydrive-lap/common/hardware-configuration.nix @@ -1,14 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/system/dev/skydrive-lap/common/nvidia.nix b/system/dev/skydrive-lap/common/nvidia.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix old mode 100644 new mode 100755 index 1af18c4..ab73d81 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -10,7 +10,8 @@ in systemConf = { inherit hostname username; domain = "net.dn"; - # hyprland.enable = true; + enableHomeManager = true; + hyprland.enable = false; niri.enable = true; face = pkgs.fetchurl { url = "https://git.dnywe.com/dachxy/skydrive-avatar/raw/branch/main/skydrive.jpg"; @@ -26,6 +27,8 @@ in ./sops ./utility ./network + ./home + ../../modules/shells/noctalia ]; users.users.root.openssh.authorizedKeys.keys = [ diff --git a/system/dev/skydrive-lap/games/default.nix b/system/dev/skydrive-lap/games/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/home/default.nix b/system/dev/skydrive-lap/home/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/network/default.nix b/system/dev/skydrive-lap/network/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/network/netbird.nix b/system/dev/skydrive-lap/network/netbird.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/sops/default.nix b/system/dev/skydrive-lap/sops/default.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/sops/secret.yaml b/system/dev/skydrive-lap/sops/secret.yaml old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/sops/sops-conf.nix b/system/dev/skydrive-lap/sops/sops-conf.nix old mode 100644 new mode 100755 diff --git a/system/dev/skydrive-lap/utility/default.nix b/system/dev/skydrive-lap/utility/default.nix old mode 100644 new mode 100755 diff --git a/system/extra/ca.crt b/system/extra/ca.crt old mode 100644 new mode 100755 diff --git a/system/modules/actual/default.nix b/system/modules/actual/default.nix old mode 100644 new mode 100755 diff --git a/system/modules/airplay.nix b/system/modules/airplay.nix old mode 100644 new mode 100755 diff --git a/system/modules/auto-mount.nix b/system/modules/auto-mount.nix old mode 100644 new mode 100755 diff --git a/system/modules/auto-upgrade.nix b/system/modules/auto-upgrade.nix old mode 100644 new mode 100755 diff --git a/system/modules/battery-life.nix b/system/modules/battery-life.nix old mode 100644 new mode 100755 diff --git a/system/modules/bluetooth.nix b/system/modules/bluetooth.nix old mode 100644 new mode 100755 diff --git a/system/modules/ca.nix b/system/modules/ca.nix old mode 100644 new mode 100755 diff --git a/system/modules/cockpit.nix b/system/modules/cockpit.nix old mode 100644 new mode 100755 diff --git a/system/modules/crowdsec.nix b/system/modules/crowdsec.nix old mode 100644 new mode 100755 diff --git a/system/modules/davinci-resolve.nix b/system/modules/davinci-resolve.nix old mode 100644 new mode 100755 diff --git a/system/modules/display-manager.nix b/system/modules/display-manager.nix old mode 100644 new mode 100755 diff --git a/system/modules/dns-server/default.nix b/system/modules/dns-server/default.nix old mode 100644 new mode 100755 diff --git a/system/modules/docmost.nix b/system/modules/docmost.nix old mode 100644 new mode 100755 diff --git a/system/modules/environment.nix b/system/modules/environment.nix old mode 100644 new mode 100755 diff --git a/system/modules/fail2ban.nix b/system/modules/fail2ban.nix old mode 100644 new mode 100755 diff --git a/system/modules/gaming.nix b/system/modules/gaming.nix old mode 100644 new mode 100755 diff --git a/system/modules/gc.nix b/system/modules/gc.nix old mode 100644 new mode 100755 diff --git a/system/modules/gitea.nix b/system/modules/gitea.nix old mode 100644 new mode 100755 diff --git a/system/modules/gnome.nix b/system/modules/gnome.nix old mode 100644 new mode 100755 diff --git a/system/modules/grafana.nix b/system/modules/grafana.nix old mode 100644 new mode 100755 diff --git a/system/modules/hardware.nix b/system/modules/hardware.nix old mode 100644 new mode 100755 diff --git a/system/modules/hyprland.nix b/system/modules/hyprland.nix old mode 100644 new mode 100755 diff --git a/system/modules/internationalisation.nix b/system/modules/internationalisation.nix old mode 100644 new mode 100755 diff --git a/system/modules/kubernetes.nix b/system/modules/kubernetes.nix old mode 100644 new mode 100755 diff --git a/system/modules/localsend.nix b/system/modules/localsend.nix old mode 100644 new mode 100755 diff --git a/system/modules/misc.nix b/system/modules/misc.nix old mode 100644 new mode 100755 diff --git a/system/modules/netbird-client.nix b/system/modules/netbird-client.nix old mode 100644 new mode 100755 diff --git a/system/modules/netbird-server.nix b/system/modules/netbird-server.nix old mode 100644 new mode 100755 diff --git a/system/modules/networking.nix b/system/modules/networking.nix old mode 100644 new mode 100755 diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix old mode 100644 new mode 100755 diff --git a/system/modules/niri.nix b/system/modules/niri.nix old mode 100644 new mode 100755 index 657ed78..bda7c54 --- a/system/modules/niri.nix +++ b/system/modules/niri.nix @@ -8,11 +8,8 @@ let inherit (lib) getExe pipe - map - listToAttrs - genList ; - inherit (builtins) fetchurl; + inherit (builtins) fetchurl genList listToAttrs; inherit (config.systemConf) username; # nvidia-offload-enabled = config.hardware.nvidia.prime.offload.enableOffloadCmd; @@ -20,8 +17,8 @@ let terminal = "ghostty"; browser = "zen-twilight"; - brightnessStep = builtins.toString 10; - volumeStep = builtins.toString 4; + brightnessStep = toString 10; + volumeStep = toString 4; execOnceScript = pkgs.writeShellScript "startupExec" '' # Fix nemo open in terminal @@ -163,7 +160,10 @@ in ]; input = { - focus-follows-mouse.enable = true; + focus-follows-mouse = { + max-scroll-amount = "90%"; + enable = true; + }; mouse.accel-speed = -0.1; keyboard = { repeat-delay = 250; @@ -226,11 +226,11 @@ in "Mod+WheelScrollLeft".action = focus-column-left; # Touchpad - "TouchpadScrollDown" = { + "Mod+TouchpadScrollDown" = { cooldown-ms = 150; action = focus-window-or-workspace-down; }; - "TouchpadScrollUp" = { + "Mod+TouchpadScrollUp" = { cooldown-ms = 150; action = focus-window-or-workspace-up; }; diff --git a/system/modules/nixsettings.nix b/system/modules/nixsettings.nix old mode 100644 new mode 100755 diff --git a/system/modules/nvidia.nix b/system/modules/nvidia.nix old mode 100644 new mode 100755 diff --git a/system/modules/obs-studio.nix b/system/modules/obs-studio.nix old mode 100644 new mode 100755 diff --git a/system/modules/opencloud.nix b/system/modules/opencloud.nix old mode 100644 new mode 100755 diff --git a/system/modules/openldap.nix b/system/modules/openldap.nix old mode 100644 new mode 100755 diff --git a/system/modules/packages.nix b/system/modules/packages.nix old mode 100644 new mode 100755 diff --git a/system/modules/paperless-ngx.nix b/system/modules/paperless-ngx.nix old mode 100644 new mode 100755 diff --git a/system/modules/plymouth.nix b/system/modules/plymouth.nix old mode 100644 new mode 100755 diff --git a/system/modules/polkit.nix b/system/modules/polkit.nix old mode 100644 new mode 100755 diff --git a/system/modules/postgresql.nix b/system/modules/postgresql.nix old mode 100644 new mode 100755 diff --git a/system/modules/presets/basic.nix b/system/modules/presets/basic.nix old mode 100644 new mode 100755 diff --git a/system/modules/presets/minimal.nix b/system/modules/presets/minimal.nix old mode 100644 new mode 100755 diff --git a/system/modules/printer.nix b/system/modules/printer.nix old mode 100644 new mode 100755 diff --git a/system/modules/programs.nix b/system/modules/programs.nix old mode 100644 new mode 100755 diff --git a/system/modules/prometheus.nix b/system/modules/prometheus.nix old mode 100644 new mode 100755 diff --git a/system/modules/rustdesk-server.nix b/system/modules/rustdesk-server.nix old mode 100644 new mode 100755 diff --git a/system/modules/secure-boot.nix b/system/modules/secure-boot.nix old mode 100644 new mode 100755 diff --git a/system/modules/security.nix b/system/modules/security.nix old mode 100644 new mode 100755 diff --git a/system/modules/services.nix b/system/modules/services.nix old mode 100644 new mode 100755 index dffbe2c..3ddb865 --- a/system/modules/services.nix +++ b/system/modules/services.nix @@ -32,13 +32,5 @@ in PermitRootLogin = lib.mkDefault "no"; }; }; - - xserver = { - enable = false; - xkb = { - layout = "us"; - options = "caps:swapescape"; - }; - }; }; } diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix old mode 100644 new mode 100755 diff --git a/system/modules/shells/noctalia/controlCenter.nix b/system/modules/shells/noctalia/controlCenter.nix old mode 100644 new mode 100755 diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix old mode 100644 new mode 100755 diff --git a/system/modules/shells/noctalia/sessionMenu.nix b/system/modules/shells/noctalia/sessionMenu.nix old mode 100644 new mode 100755 diff --git a/system/modules/shells/noctalia/systemMonitor.nix b/system/modules/shells/noctalia/systemMonitor.nix old mode 100644 new mode 100755 diff --git a/system/modules/shells/noctalia/templates.nix b/system/modules/shells/noctalia/templates.nix old mode 100644 new mode 100755 diff --git a/system/modules/sops-nix.nix b/system/modules/sops-nix.nix old mode 100644 new mode 100755 diff --git a/system/modules/sound.nix b/system/modules/sound.nix old mode 100644 new mode 100755 diff --git a/system/modules/stalwart.nix b/system/modules/stalwart.nix old mode 100644 new mode 100755 diff --git a/system/modules/stylix.nix b/system/modules/stylix.nix old mode 100644 new mode 100755 diff --git a/system/modules/sunshine.nix b/system/modules/sunshine.nix old mode 100644 new mode 100755 diff --git a/system/modules/systemd-resolv.nix b/system/modules/systemd-resolv.nix old mode 100644 new mode 100755 diff --git a/system/modules/time.nix b/system/modules/time.nix old mode 100644 new mode 100755 diff --git a/system/modules/tmux.nix b/system/modules/tmux.nix old mode 100644 new mode 100755 index 1d9d879..bb08238 --- a/system/modules/tmux.nix +++ b/system/modules/tmux.nix @@ -2,7 +2,8 @@ pkgs, config, ... -}: let +}: +let getIconScript = pkgs.writeShellScript "get-icon" '' get_icons() { local session_name="$1" @@ -30,7 +31,8 @@ prefixKey = "C-Space"; tmuxConfigPath = "/etc/tmux.conf"; -in { +in +{ environment = { variables = { TMUXINATOR_CONFIG = "/etc/tmuxinator"; diff --git a/system/modules/users.nix b/system/modules/users.nix old mode 100644 new mode 100755 diff --git a/system/modules/vaultwarden.nix b/system/modules/vaultwarden.nix old mode 100644 new mode 100755 index 1894571..ee251a5 --- a/system/modules/vaultwarden.nix +++ b/system/modules/vaultwarden.nix @@ -1,6 +1,12 @@ { domain }: { config, ... }: +let + inherit (config.sops) secrets; + cfg = config.services.vaultwarden; +in { + sops.secrets."vaultwarden" = { }; + services.postgresql = { enable = true; ensureUsers = [ @@ -17,7 +23,7 @@ services.vaultwarden = { enable = true; dbBackend = "postgresql"; - environmentFile = config.sops.secrets.vaultwarden.path; + environmentFile = secrets.vaultwarden.path; config = { DOMAIN = "https://${domain}"; SIGNUPS_ALLOWED = true; @@ -26,6 +32,11 @@ ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; + SSO_ENABLED = true; + SSO_ONLY = true; + SSO_SIGNUPS_MATCH_EMAIL = true; + SSO_AUTH_ONLY_NOT_SESSION = true; + DATABASE_URL = "postgresql:///vaultwarden"; }; }; @@ -34,7 +45,7 @@ enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}/"; + proxyPass = "http://127.0.0.1:${toString cfg.config.ROCKET_PORT}/"; proxyWebsockets = true; }; }; diff --git a/system/modules/virtualization.nix b/system/modules/virtualization.nix old mode 100644 new mode 100755 diff --git a/system/modules/webcam.nix b/system/modules/webcam.nix old mode 100644 new mode 100755 diff --git a/system/modules/wine.nix b/system/modules/wine.nix old mode 100644 new mode 100755 diff --git a/system/modules/wireguard.nix b/system/modules/wireguard.nix old mode 100644 new mode 100755 From 2378a661142bd00a17afe0cdcd71fefb958d9ab3 Mon Sep 17 00:00:00 2001 From: danny Date: Sat, 10 Jan 2026 13:28:41 +0800 Subject: [PATCH 06/10] feat: add pre-commit hook to check TODO|FIXME|FIX comment --- .envrc | 1 + .gitignore | 1 + flake.nix | 29 ++++++++++++++++++++++------- githooks/check-comment.nix | 19 +++++++++++++++++++ 4 files changed, 43 insertions(+), 7 deletions(-) create mode 100644 .envrc create mode 100644 githooks/check-comment.nix diff --git a/.envrc b/.envrc new file mode 100644 index 0000000..3550a30 --- /dev/null +++ b/.envrc @@ -0,0 +1 @@ +use flake diff --git a/.gitignore b/.gitignore index c41aa9d..5b12f7f 100755 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ **/result +.direnv .pre-commit-config.yaml diff --git a/flake.nix b/flake.nix index d67648e..7b3d88e 100755 --- a/flake.nix +++ b/flake.nix @@ -254,14 +254,29 @@ pkgs.writeShellScriptBin "pre-commit-run" script ); - checks = forEachSystem (system: { - pre-commit-check = inputs.git-hooks.lib.${system}.run { - src = ./.; - hooks = { - nixfmt.enable = true; + checks = forEachSystem ( + system: + let + pkgs = import nixpkgs { inherit system; }; + in + { + pre-commit-check = inputs.git-hooks.lib.${system}.run { + src = ./.; + hooks = { + nixfmt.enable = true; + + check-comment = { + enable = true; + name = "check comment"; + entry = "${pkgs.callPackage ./githooks/check-comment.nix { }}"; + files = "\\.nix$"; + pass_filenames = false; + stages = [ "pre-commit" ]; + }; + }; }; - }; - }); + } + ); devShells = forEachSystem (system: { default = diff --git a/githooks/check-comment.nix b/githooks/check-comment.nix new file mode 100644 index 0000000..d1d44f0 --- /dev/null +++ b/githooks/check-comment.nix @@ -0,0 +1,19 @@ +{ pkgs, lib }: +pkgs.writeShellScript "check-comment" '' + FILES=$("${lib.getExe pkgs.git}" diff --cached --name-only --diff-filter=ACM | grep '\.nix$' | grep -v '^githooks/check-comment.nix$') + + TODO_FOUND=0 + + for file in $FILES; do + if grep -nHE '#\s*(TODO|FIXME|FIX):' "$file"; then + TODO_FOUND=1 + fi + done + + if [ $TODO_FOUND -eq 1 ]; then + echo "Remove all the '#TODO|FIXME|FIX' before committing" + exit 1 + fi + + exit 0 +'' From 25482857d433ca1c72e16352027e2dd1091c6ba4 Mon Sep 17 00:00:00 2001 From: danny Date: Tue, 20 Jan 2026 13:41:53 +0800 Subject: [PATCH 07/10] chore: maintain --- flake.lock | 491 +++++++++--------- home/options/noctalia.nix | 10 +- home/presets/basic.nix | 1 + home/user/image-viewer.nix | 43 ++ home/user/nvf/default.nix | 5 +- home/user/yazi.nix | 14 +- home/user/zellij.nix | 2 +- home/user/zen-browser.nix | 2 - options/default.nix | 1 + options/game/velocity.nix | 152 ++++++ options/systemconf.nix | 8 +- system/dev/dn-pre7780/games/default.nix | 1 + system/dev/dn-pre7780/games/heroic.nix | 6 +- system/dev/dn-pre7780/games/lsgf-vk.nix | 11 + system/dev/dn-pre7780/games/minecraft.nix | 2 - system/dev/dn-pre7780/home/wm/hyprland.nix | 11 +- system/dev/dn-pre7780/network/default.nix | 1 + .../dev/dn-pre7780/network/openfortivpn.nix | 27 + system/dev/dn-pre7780/services/default.nix | 1 - system/dev/dn-pre7780/services/mail.nix | 16 +- system/dev/dn-pre7780/services/nextcloud.nix | 103 ---- system/dev/dn-pre7780/services/nginx.nix | 8 +- system/dev/dn-pre7780/sops/secret.yaml | 7 +- .../dn-pre7780/utility/davinci-resolve.nix | 2 +- system/dev/dn-server/default.nix | 16 +- system/dev/dn-server/network/nginx.nix | 62 +-- system/dev/dn-server/network/services.nix | 178 +------ system/dev/dn-server/network/step-ca.nix | 9 +- system/dev/dn-server/services/acme.nix | 59 +++ .../dev/dn-server/services/actual-budget.nix | 32 +- system/dev/dn-server/services/bitwarden.nix | 11 +- system/dev/dn-server/services/default.nix | 8 +- system/dev/dn-server/services/dns.nix | 164 ++++++ system/dev/dn-server/services/forgejo.nix | 12 +- system/dev/dn-server/services/keycloak.nix | 9 +- system/dev/dn-server/services/mail-server.nix | 2 +- system/dev/dn-server/services/metrics.nix | 18 +- .../dn-server/services/minecraft-server.nix | 144 ++++- system/dev/dn-server/services/netbird.nix | 8 +- system/dev/dn-server/services/nextcloud.nix | 13 +- system/dev/dn-server/services/ntfy.nix | 13 +- .../dev/dn-server/services/paperless-ngx.nix | 13 +- system/dev/dn-server/sops/secret.yaml | 13 +- system/dev/dn-server/sops/sops-conf.nix | 20 - system/dev/public/dn/common.nix | 2 +- system/dev/public/dn/ntfy.nix | 4 +- system/dev/skydrive-lap/home/default.nix | 6 +- system/modules/actual/default.nix | 25 +- system/modules/grafana.nix | 1 - system/modules/nextcloud.nix | 16 +- system/modules/niri.nix | 13 +- system/modules/nixsettings.nix | 6 +- system/modules/paperless-ngx.nix | 1 - system/modules/prometheus.nix | 3 - system/modules/shells/noctalia/bar.nix | 8 +- system/modules/shells/noctalia/default.nix | 13 +- system/modules/systemd-resolv.nix | 10 +- system/modules/vaultwarden.nix | 5 +- 58 files changed, 1095 insertions(+), 747 deletions(-) create mode 100644 home/user/image-viewer.nix create mode 100644 options/game/velocity.nix create mode 100644 system/dev/dn-pre7780/games/lsgf-vk.nix create mode 100644 system/dev/dn-pre7780/network/openfortivpn.nix delete mode 100755 system/dev/dn-pre7780/services/nextcloud.nix create mode 100644 system/dev/dn-server/services/acme.nix create mode 100644 system/dev/dn-server/services/dns.nix diff --git a/flake.lock b/flake.lock index 213f672..f0cf77e 100755 --- a/flake.lock +++ b/flake.lock @@ -86,11 +86,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1764956616, - "narHash": "sha256-jTGdwLtST22pUZqlRvOMAwSBxpj4bxKpIfThpmBX3Pw=", + "lastModified": 1766518114, + "narHash": "sha256-3zIOjIidbrHXTxEzjPVrwSd19Mwdfw58VvSnTWtlunc=", "ref": "refs/heads/main", - "rev": "526dd85c8047fb700dd7715701e4ca1e553275a0", - "revCount": 1321, + "rev": "138c4ebdbe0c3eead5656373ea8837a5bd49c40b", + "revCount": 1329, "type": "git", "url": "https://codeberg.org/LGFae/awww" }, @@ -120,17 +120,17 @@ "base16-fish": { "flake": false, "locked": { - "lastModified": 1754405784, - "narHash": "sha256-l9xHIy+85FN+bEo6yquq2IjD1rSg9fjfjpyGP1W8YXo=", + "lastModified": 1765809053, + "narHash": "sha256-XCUQLoLfBJ8saWms2HCIj4NEN+xNsWBlU1NrEPcQG4s=", "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" }, "original": { "owner": "tomyun", "repo": "base16-fish", - "rev": "23ae20a0093dca0d7b39d76ba2401af0ccf9c561", + "rev": "86cbea4dca62e08fb7fd83a70e96472f92574782", "type": "github" } }, @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1764381410, - "narHash": "sha256-WR/oQQjveFqQxo8oHngZuOVgBQINDgPe+lCXLeNhAAg=", + "lastModified": 1768655473, + "narHash": "sha256-iWnILPS2mP9ubbjRAhNv6Fqg1J/upxmD9OQTZQR4O2w=", "owner": "caelestia-dots", "repo": "cli", - "rev": "ed12d4cb82600872a82feb577711be1148c7af35", + "rev": "7de6c6063119a7cef27c6bd4c88f2c5ac4cbc064", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1764655592, - "narHash": "sha256-xaKTcjcmUqkJVb0DQv5UKib/tSFeyBTOuaWxyIlzSTw=", + "lastModified": 1768700084, + "narHash": "sha256-G/RtxgpF4OHRWy82/MHmEClOq9sBn8tki6K6vCuPZvU=", "owner": "caelestia-dots", "repo": "shell", - "rev": "16229e4219ef6a0951e4c9a3bff9bfe3fd54f16f", + "rev": "408c523d257f5e22fd95229dd36e76f4b90439a2", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1764627417, - "narHash": "sha256-D6xc3Rl8Ab6wucJWdvjNsGYGSxNjQHzRc2EZ6eeQ6l4=", + "lastModified": 1768727946, + "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=", "owner": "nix-community", "repo": "disko", - "rev": "5a88a6eceb8fd732b983e72b732f6f4b8269bef3", + "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f", "type": "github" }, "original": { @@ -266,11 +266,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1764724327, - "narHash": "sha256-OkFLrD3pFR952TrjQi1+Vdj604KLcMnkpa7lkW7XskI=", + "lastModified": 1764873433, + "narHash": "sha256-1XPewtGMi+9wN9Ispoluxunw/RwozuTRVuuQOmxzt+A=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "66b7c635763d8e6eb86bd766de5a1e1fbfcc1047", + "rev": "f7ffd917ac0d253dbd6a3bf3da06888f57c69f92", "type": "github" }, "original": { @@ -314,11 +314,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1747046372, - "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "lastModified": 1761588595, + "narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -475,11 +475,11 @@ ] }, "locked": { - "lastModified": 1760948891, - "narHash": "sha256-TmWcdiUUaWk8J4lpjzu4gCGxWY6/Ok7mOK4fIFfBuU4=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "864599284fc7c0ba6357ed89ed5e2cd5040f0c04", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -496,11 +496,11 @@ ] }, "locked": { - "lastModified": 1763759067, - "narHash": "sha256-LlLt2Jo/gMNYAwOgdRQBrsRoOz7BPRkzvNaI/fzXi2Q=", + "lastModified": 1767609335, + "narHash": "sha256-feveD98mQpptwrAEggBQKJTYbvwwglSbOv53uCfH9PY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "2cccadc7357c0ba201788ae99c4dfa90728ef5e0", + "rev": "250481aafeb741edfe23d29195671c19b36b6dca", "type": "github" }, "original": { @@ -580,7 +580,10 @@ }, "flake-utils_4": { "inputs": { - "systems": "systems_5" + "systems": [ + "niri-nfsm", + "systems" + ] }, "locked": { "lastModified": 1731533236, @@ -598,10 +601,7 @@ }, "flake-utils_5": { "inputs": { - "systems": [ - "niri-nfsm", - "systems" - ] + "systems": "systems_6" }, "locked": { "lastModified": 1731533236, @@ -637,25 +637,7 @@ }, "flake-utils_7": { "inputs": { - "systems": "systems_8" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { - "inputs": { - "systems": "systems_12" + "systems": "systems_11" }, "locked": { "lastModified": 1731533236, @@ -691,16 +673,17 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", + "home-manager": "home-manager", "nixpkgs": "nixpkgs_2", "zig": "zig", "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1764953050, - "narHash": "sha256-TkMjYCGm6FHflVQadN6mx1+3lWzY4wl+3U40lfvTroQ=", + "lastModified": 1768776776, + "narHash": "sha256-OeoF0vBLezZ0WQDxjpI5OHQskKzeCpOITYJ6XoUDwWg=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "08c9661683edc1e9e63d8e6abd469a68faaee575", + "rev": "250877eff69ee1f00168a1f5ce9ab5490e29b0dc", "type": "github" }, "original": { @@ -713,7 +696,7 @@ "inputs": { "flake-compat": "flake-compat_4", "gitignore": "gitignore", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1767281941, @@ -798,11 +781,11 @@ "flake": false, "locked": { "host": "gitlab.gnome.org", - "lastModified": 1764524476, - "narHash": "sha256-bTmNn3Q4tMQ0J/P0O5BfTQwqEnCiQIzOGef9/aqAZvk=", + "lastModified": 1767737596, + "narHash": "sha256-eFujfIUQDgWnSJBablOuG+32hCai192yRdrNHTv0a+s=", "owner": "GNOME", "repo": "gnome-shell", - "rev": "c0e1ad9f0f703fd0519033b8f46c3267aab51a22", + "rev": "ef02db02bf0ff342734d525b5767814770d85b49", "type": "gitlab" }, "original": { @@ -816,15 +799,36 @@ "home-manager": { "inputs": { "nixpkgs": [ + "ghostty", "nixpkgs" ] }, "locked": { - "lastModified": 1764998300, - "narHash": "sha256-fZatn/KLfHLDXnF0wy7JxXqGaZmGDTVufT4o/AOlj44=", + "lastModified": 1768068402, + "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", "owner": "nix-community", "repo": "home-manager", - "rev": "27a6182347ccae90a88231ae0dc5dfa7d15815bb", + "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1768770171, + "narHash": "sha256-JPmLGZgdWa8QcQbbtBqyZhpmxIHZ3lUO48laERjw+4k=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "521d5ea1a229ba315dd1cceaf869946ddcc83d36", "type": "github" }, "original": { @@ -902,17 +906,17 @@ "hyprutils": "hyprutils", "hyprwayland-scanner": "hyprwayland-scanner", "hyprwire": "hyprwire", - "nixpkgs": "nixpkgs_5", + "nixpkgs": "nixpkgs_4", "pre-commit-hooks": "pre-commit-hooks", "systems": "systems_3", "xdph": "xdph" }, "locked": { - "lastModified": 1767812022, - "narHash": "sha256-BHBiQhlNl+Lxvp/bBOOTWhxbXYMoVG4xiyv9DE/nuZ4=", + "lastModified": 1768746153, + "narHash": "sha256-H3BxpO76d/SX/qiCzl3bUi352xIkgdqqSb0sJfuv25w=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "918e2bb9be0e1d233f9394f1d569137788c43c01", + "rev": "eb0480ba0d0870ab5d8a876f01c6ab033a4b35f4", "type": "github" }, "original": { @@ -984,11 +988,11 @@ ] }, "locked": { - "lastModified": 1764888835, - "narHash": "sha256-CnxxUzSj421QJD2RW7zB1LhvwT+zAFpVDEGw6DKj0II=", + "lastModified": 1767723101, + "narHash": "sha256-jObY8O7OI+91hoE137APsDxm0235/Yx+HhFIip187zM=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "4ccb444d942d6fbd3135495fe3a0440610cf747a", + "rev": "fef398ed5e4faf59bc43b915e46a75cfe8b16697", "type": "github" }, "original": { @@ -1265,18 +1269,17 @@ }, "microvm": { "inputs": { - "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], "spectrum": "spectrum" }, "locked": { - "lastModified": 1764625594, - "narHash": "sha256-RwtPzq4rqDCLki3oOLuUUkKcuaZPy4IDUBb5tAWl4Xk=", + "lastModified": 1768682386, + "narHash": "sha256-mKrMf7eG9TM2AM3pTuhIiCGmZ/JwDegCQH3ThVqcTuc=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "6dab9a797f262a352eed55078597582ed2ded336", + "rev": "f469c1dfede623bbbf1ac605f6359316fd4002ef", "type": "github" }, "original": { @@ -1287,11 +1290,11 @@ }, "mnw": { "locked": { - "lastModified": 1758834834, - "narHash": "sha256-Y7IvY4F8vajZyp3WGf+KaiIVwondEkMFkt92Cr9NZmg=", + "lastModified": 1767030222, + "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "cfbc7d1cc832e318d0863a5fc91d940a96034001", + "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", "type": "github" }, "original": { @@ -1308,15 +1311,16 @@ ] }, "locked": { - "lastModified": 1765720983, - "narHash": "sha256-tWtukpABmux6EC/FuCJEgA1kmRjcRPtED44N+GGPq+4=", + "lastModified": 1768214250, + "narHash": "sha256-hnBZDQWUxJV3KbtvyGW5BKLO/fAwydrxm5WHCWMQTbw=", "owner": "feel-co", "repo": "ndg", - "rev": "f399ace8bb8e1f705dd8942b24d207aa4d75c936", + "rev": "a6bd3c1ce2668d096e4fdaaa03ad7f03ba1fbca8", "type": "github" }, "original": { "owner": "feel-co", + "ref": "refs/tags/v2.6.0", "repo": "ndg", "type": "github" } @@ -1325,14 +1329,14 @@ "inputs": { "flake-parts": "flake-parts_2", "neovim-src": "neovim-src", - "nixpkgs": "nixpkgs_6" + "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1764979571, - "narHash": "sha256-xOGEM8dZ6WtOnf+fkTthtiUbE47ZCEvuZTVsOrdTEZU=", + "lastModified": 1768781101, + "narHash": "sha256-p3guh/Vx4Pf+Ggk3X69SPTJot6emv6rgKpoBLNO61Ag=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "a70eaf7ca72ae845d53e2b2aa6106eebb00a4ed0", + "rev": "e90cb6d441572fc05ffb8769051d59f1d2d3269e", "type": "github" }, "original": { @@ -1344,11 +1348,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1764968664, - "narHash": "sha256-aueNP7DLGEqX+eUlkMz0X7h0X3c4IxLLxhMBG7MTPpg=", + "lastModified": 1768778690, + "narHash": "sha256-XrWZBeH0GnvnQzE9Xmm69sesSGB2h5uVLuTmLA7k1p0=", "owner": "neovim", "repo": "neovim", - "rev": "d6bee7e407442112ee9008ea35d6fe73dbb3eaaf", + "rev": "30259d6af79e731491e6b12d815893b1b130b52b", "type": "github" }, "original": { @@ -1369,11 +1373,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1767833217, - "narHash": "sha256-HLr9k8g1Geq40PLsNw7I5N8TZkBYtQVjkgDPV/Kehxk=", + "lastModified": 1768767453, + "narHash": "sha256-Omq1UHEJ1oxkTo2j8l6qQtmyPR7Uj+k7HC5Khd3jVVA=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "a789aa1512a9157d5d3392b27e60621fd0d83438", + "rev": "8eab7c21ef4edc97cc56ddb8e76a842e0818d6d7", "type": "github" }, "original": { @@ -1384,18 +1388,18 @@ }, "niri-nfsm": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_6" + "systems": "systems_5" }, "locked": { - "lastModified": 1764588231, - "narHash": "sha256-vH7ILtO2y7wesmbgzi4XiDVjiq2rvLEt4s8sW2t5IpY=", + "lastModified": 1768392962, + "narHash": "sha256-bLgk7kH3ciTMCD/rONZf5y08FAYD226CQpED8QyrWyk=", "owner": "dachxy", "repo": "nfsm", - "rev": "be633954b081bb050013f7c92d4f5d642c555af3", + "rev": "cd1b8d5fbe21cd30b73435c507403b4d2d382994", "type": "github" }, "original": { @@ -1425,11 +1429,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1767792726, - "narHash": "sha256-qS4tdG2iUQwSld9dTH1gk8GcIOrRi9umMgPv8MGDIA0=", + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", "owner": "YaLTeR", "repo": "niri", - "rev": "10df9f4717cbd4efd20ae796eb6b0aa400127bdc", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", "type": "github" }, "original": { @@ -1466,11 +1470,11 @@ ] }, "locked": { - "lastModified": 1764475780, - "narHash": "sha256-77jL5H5x51ksLiOUDjY0ZK8e2T4ZXLhj3ap8ETvknWI=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "5a3ff8c1a09003f399f43d5742d893c0b1ab8af0", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -1482,17 +1486,17 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1764986396, - "narHash": "sha256-HYBvpziKGvKY/XfMCBRCTuUUqhPWjWiWaPthIsPzGDk=", + "lastModified": 1768357481, + "narHash": "sha256-LpOWVXsHx20x8eRIhn23Q0icmV3Z6ZeFpAPzEqldXFk=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "70b931d67256ad7ebfced45ed797c016943bbff2", + "rev": "f888492aa1a1eeb0114cf78af40d44e8300e002e", "type": "github" }, "original": { @@ -1503,15 +1507,15 @@ }, "nix-search-tv": { "inputs": { - "flake-utils": "flake-utils_7", - "nixpkgs": "nixpkgs_7" + "flake-utils": "flake-utils_6", + "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1763912269, - "narHash": "sha256-9/OFoOAE5fNfwbemapBeBWZqaDz7/Q7h1w93YmiLuns=", + "lastModified": 1767922902, + "narHash": "sha256-ygA9AF4PrM+4G+Le70UI12OQPIjLmELg3Xpkmc7nMz0=", "owner": "3timeslazy", "repo": "nix-search-tv", - "rev": "c7919f34fde2e87de3fe70c74bf18c7e0091f19b", + "rev": "b21e232cb81320ee6225fea857ebcf33ebd19079", "type": "github" }, "original": { @@ -1550,11 +1554,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1764841794, - "narHash": "sha256-TcJ2kgFn8qbbNCh7HJLadi4ZvW9CFrbLB02VS7biWlo=", + "lastModified": 1768402933, + "narHash": "sha256-iNjr5pE5SvawTT3byEIU65FzWTMMjVfRhPXa2m818jM=", "owner": "nix-community", "repo": "nixd", - "rev": "514db907c8a0b32a0bdc1678d480a5278da4b679", + "rev": "13a89b59d0711390f0c765e693509f8282a1ff7e", "type": "github" }, "original": { @@ -1565,11 +1569,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1764836381, - "narHash": "sha256-8jemYbbW9EBttQKHep7Rj8kzXaxsrk/lACdXA2DN5Xk=", + "lastModified": 1767313136, + "narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ff06bd3398fb1bea6c937039ece7e7c8aa396ebf", + "rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", "type": "github" }, "original": { @@ -1609,11 +1613,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1767799921, - "narHash": "sha256-r4GVX+FToWVE2My8VVZH4V0pTIpnu2ZE8/Z4uxGEMBE=", + "lastModified": 1768621446, + "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d351d0653aeb7877273920cd3e823994e7579b0b", + "rev": "72ac591e737060deab2b86d6952babd1f896d7c5", "type": "github" }, "original": { @@ -1623,29 +1627,13 @@ "type": "github" } }, - "nixpkgs_10": { - "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs_2": { "locked": { - "lastModified": 1764947035, - "narHash": "sha256-3PmKrux+ApKEM4IMRNAKeuWicwgRiRcprSuEnsbhVe4=", - "rev": "a672be65651c80d3f592a89b3945466584a22069", + "lastModified": 1768032153, + "narHash": "sha256-zvxtwlM8ZlulmZKyYCQAPpkm5dngSEnnHjmjV7Teloc=", + "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", "type": "tarball", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre906997.a672be65651c/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre925418.3146c6aa9995/nixexprs.tar.xz" }, "original": { "type": "tarball", @@ -1653,19 +1641,6 @@ } }, "nixpkgs_3": { - "locked": { - "lastModified": 1758360447, - "narHash": "sha256-XDY3A83bclygHDtesRoaRTafUd80Q30D/Daf9KSG6bs=", - "rev": "8eaee110344796db060382e15d3af0a9fc396e0e", - "type": "tarball", - "url": "https://releases.nixos.org/nixos/unstable/nixos-25.11pre864002.8eaee1103447/nixexprs.tar.xz" - }, - "original": { - "type": "tarball", - "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz" - } - }, - "nixpkgs_4": { "locked": { "lastModified": 1764947035, "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", @@ -1681,7 +1656,7 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_4": { "locked": { "lastModified": 1767379071, "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", @@ -1697,13 +1672,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1764915887, - "narHash": "sha256-CeBCJ9BMsuzVgn8GVfuSRZ6xeau7szzG0Xn6O/OxP9M=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "42e29df35be6ef54091d3a3b4e97056ce0a98ce8", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -1713,7 +1688,7 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { "lastModified": 1757584362, "narHash": "sha256-XeTX/w16rUNUNBsfaOVCDoMMa7Xu7KvIMT7tn1zIEcg=", @@ -1729,13 +1704,13 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { - "lastModified": 1767364772, - "narHash": "sha256-fFUnEYMla8b7UKjijLnMe+oVFOz6HjijGGNS1l7dYaQ=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "16c7794d0a28b5a37904d55bcca36003b9109aaa", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -1745,13 +1720,29 @@ "type": "github" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { - "lastModified": 1764445028, - "narHash": "sha256-ik6H/0Zl+qHYDKTXFPpzuVHSZE+uvVz2XQuQd1IVXzo=", + "lastModified": 1768569498, + "narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a09378c0108815dbf3961a0e085936f4146ec415", + "rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_9": { + "locked": { + "lastModified": 1763806073, + "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "878e468e02bfabeda08c79250f7ad583037f2227", "type": "github" }, "original": { @@ -1768,11 +1759,11 @@ ] }, "locked": { - "lastModified": 1767851722, - "narHash": "sha256-33madeYEiounlmTjaTZk3KV0NutlT6qwwf/RgOuIdmQ=", + "lastModified": 1768785620, + "narHash": "sha256-ZhhZNA3romjb3ukC3cKnEhzv2GQDIMIComwtXpCqVCY=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "f9cbc7bc57315a92af99dce80385f8e42ccfe64f", + "rev": "cf2e02c6e9bf9f38d3e3787c6afe7d83f169ed5c", "type": "github" }, "original": { @@ -1793,11 +1784,11 @@ ] }, "locked": { - "lastModified": 1764773531, - "narHash": "sha256-mCBl7MD1WZ7yCG6bR9MmpPO2VydpNkWFgnslJRIT1YU=", + "lastModified": 1767810917, + "narHash": "sha256-ZKqhk772+v/bujjhla9VABwcvz+hB2IaRyeLT6CFnT0=", "owner": "nix-community", "repo": "NUR", - "rev": "1d9616689e98beded059ad0384b9951e967a17fa", + "rev": "dead29c804adc928d3a69dfe7f9f12d0eec1f1a4", "type": "github" }, "original": { @@ -1815,14 +1806,14 @@ "nixpkgs": [ "nixpkgs" ], - "systems": "systems_9" + "systems": "systems_8" }, "locked": { - "lastModified": 1767847386, - "narHash": "sha256-S8lf6YtZpJQaq38GCuao+h7LnNYFVvTpI70lNevk5xM=", + "lastModified": 1768464392, + "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", "owner": "notashelf", "repo": "nvf", - "rev": "317877430a36e2e449405aaea30788119791dedc", + "rev": "007f14a2c8d67568f4655654b401871920d73011", "type": "github" }, "original": { @@ -1885,11 +1876,11 @@ ] }, "locked": { - "lastModified": 1764045583, - "narHash": "sha256-W24ReyRrhOKTKIsuAMkY5hnVlCufGoONM79sjUoyQkk=", + "lastModified": 1768689040, + "narHash": "sha256-Tlnr5BulJcMers/cb+YvmBQW4nKHjdKo9loInJkyO2k=", "ref": "refs/heads/master", - "rev": "e9bad67619ee9937a1bbecfc6ad3b4231d2ecdc3", - "revCount": 709, + "rev": "7a427ce1979ce7447e885c4f30129b40f3d466f5", + "revCount": 729, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1907,7 +1898,7 @@ "disko": "disko", "ghostty": "ghostty", "git-hooks": "git-hooks", - "home-manager": "home-manager", + "home-manager": "home-manager_2", "hyprland": "hyprland", "hyprland-plugins": "hyprland-plugins", "lanzaboote": "lanzaboote", @@ -1923,13 +1914,13 @@ "nix-search-tv": "nix-search-tv", "nix-tmodloader": "nix-tmodloader", "nixd": "nixd", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "noctalia": "noctalia", "nvf": "nvf", "rust-overlay": "rust-overlay_3", "sops-nix": "sops-nix", "stylix": "stylix", - "systems": "systems_11", + "systems": "systems_10", "yazi": "yazi", "zen-browser": "zen-browser" } @@ -1983,11 +1974,11 @@ ] }, "locked": { - "lastModified": 1764988672, - "narHash": "sha256-FIJtt3Zil89/hLy9i7f0R2xXcJDPc3CeqiiCLfsFV0Y=", + "lastModified": 1768791178, + "narHash": "sha256-ZVqH14w7y40DEQOghli1c28NopVNFk1MNNRzEIwMa6M=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "086fd19a68e80fcc8a298e9df4674982e4c498a6", + "rev": "3941028eccc4d981f75c933786e1fd95b71024f1", "type": "github" }, "original": { @@ -2019,14 +2010,14 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1764483358, - "narHash": "sha256-EyyvCzXoHrbL467YSsQBTWWg4sR96MH1sPpKoSOelB4=", + "lastModified": 1768709255, + "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5aca6ff67264321d47856a2ed183729271107c9c", + "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9", "type": "github" }, "original": { @@ -2064,7 +2055,7 @@ "nixpkgs" ], "nur": "nur", - "systems": "systems_10", + "systems": "systems_9", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -2072,11 +2063,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1764979509, - "narHash": "sha256-n68Io6VWMbUX4857RHqGOfH9MDdta7EX6OYn8e/m8sI=", + "lastModified": 1768744881, + "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", "owner": "nix-community", "repo": "stylix", - "rev": "3a332459f45b16c6df9d788e923f293a4c28d793", + "rev": "06684f00cfbee14da96fd4307b966884de272d3a", "type": "github" }, "original": { @@ -2101,21 +2092,6 @@ } }, "systems_10": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_11": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2129,7 +2105,7 @@ "type": "indirect" } }, - "systems_12": { + "systems_11": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -2190,21 +2166,6 @@ } }, "systems_5": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, - "systems_6": { "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", @@ -2219,6 +2180,21 @@ "type": "github" } }, + "systems_6": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "systems_7": { "locked": { "lastModified": 1681028828, @@ -2300,11 +2276,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1763914658, - "narHash": "sha256-Hju0WtMf3iForxtOwXqGp3Ynipo0EYx1AqMKLPp9BJw=", + "lastModified": 1767710407, + "narHash": "sha256-+W1EB79Jl0/gm4JqmO0Nuc5C7hRdp4vfsV/VdzI+des=", "owner": "tinted-theming", "repo": "schemes", - "rev": "0f6be815d258e435c9b137befe5ef4ff24bea32c", + "rev": "2800e2b8ac90f678d7e4acebe4fa253f602e05b2", "type": "github" }, "original": { @@ -2316,11 +2292,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1764465359, - "narHash": "sha256-lbSVPqLEk2SqMrnpvWuKYGCaAlfWFMA6MVmcOFJjdjE=", + "lastModified": 1767489635, + "narHash": "sha256-e6nnFnWXKBCJjCv4QG4bbcouJ6y3yeT70V9MofL32lU=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "edf89a780e239263cc691a987721f786ddc4f6aa", + "rev": "3c32729ccae99be44fe8a125d20be06f8d7d8184", "type": "github" }, "original": { @@ -2332,11 +2308,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1764464512, - "narHash": "sha256-rCD/pAhkMdCx6blsFwxIyvBJbPZZ1oL2sVFrH07lmqg=", + "lastModified": 1767488740, + "narHash": "sha256-wVOj0qyil8m+ouSsVZcNjl5ZR+1GdOOAooAatQXHbuU=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "907dbba5fb8cf69ebfd90b00813418a412d0a29a", + "rev": "11abb0b282ad3786a2aae088d3a01c60916f2e40", "type": "github" }, "original": { @@ -2427,11 +2403,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1767830382, - "narHash": "sha256-0PgS7M1SV6JCN3MugFZPaP8J+Mr2o7lSDFTPVYZSIAY=", + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "74cf1a95a35fd7aec76432bc2cd9b310e0d908c5", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", "type": "github" }, "original": { @@ -2442,16 +2418,16 @@ }, "yazi": { "inputs": { - "flake-utils": "flake-utils_8", - "nixpkgs": "nixpkgs_10", + "flake-utils": "flake-utils_7", + "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1764949583, - "narHash": "sha256-pB+q3HIyIA3k1AnDiU9MDfJ5xNso1XX95qV0F5oe3cM=", + "lastModified": 1768756095, + "narHash": "sha256-5YO/8LTVhUFJ4jJMuJtgE3oGGD0D7aR0fcfHEKvQmTo=", "owner": "sxyazi", "repo": "yazi", - "rev": "c569263a5084f627ae70f983c271464b42890426", + "rev": "ca4cc594136e313b47f8da0f3699b7ea9699a959", "type": "github" }, "original": { @@ -2470,11 +2446,11 @@ ] }, "locked": { - "lastModified": 1767763594, - "narHash": "sha256-5ysv8EuVAgDoYmNuXEUNf7vBzdeRaFxeIlIndv5HMvs=", + "lastModified": 1768788372, + "narHash": "sha256-TTEB3amVrXNX5AmIj7Bb8Dp2W8BOD73GbW8p5uH8kQI=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "8b2302d8c10369c9135552cc892da75cff5ddb03", + "rev": "756b3eff6a629b70ea971b8a1819f22bc3789730", "type": "github" }, "original": { @@ -2499,11 +2475,11 @@ ] }, "locked": { - "lastModified": 1760401936, - "narHash": "sha256-/zj5GYO5PKhBWGzbHbqT+ehY8EghuABdQ2WGfCwZpCQ=", + "lastModified": 1763295135, + "narHash": "sha256-sGv/NHCmEnJivguGwB5w8LRmVqr1P72OjS+NzcJsssE=", "owner": "mitchellh", "repo": "zig-overlay", - "rev": "365085b6652259753b598d43b723858184980bbe", + "rev": "64f8b42cfc615b2cf99144adf2b7728c7847c72a", "type": "github" }, "original": { @@ -2514,20 +2490,23 @@ }, "zon2nix": { "inputs": { - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "ghostty", + "nixpkgs" + ] }, "locked": { - "lastModified": 1758405547, - "narHash": "sha256-WgaDgvIZMPvlZcZrpPMjkaalTBnGF2lTG+62znXctWM=", + "lastModified": 1768231828, + "narHash": "sha256-wL/8Iij4T2OLkhHcc4NieOjf7YeJffaUYbCiCqKv/+0=", "owner": "jcollie", "repo": "zon2nix", - "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245", + "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071", "type": "github" }, "original": { "owner": "jcollie", "repo": "zon2nix", - "rev": "bf983aa90ff169372b9fa8c02e57ea75e0b42245", + "rev": "c28e93f3ba133d4c1b1d65224e2eebede61fd071", "type": "github" } } diff --git a/home/options/noctalia.nix b/home/options/noctalia.nix index ce9dfae..0020381 100755 --- a/home/options/noctalia.nix +++ b/home/options/noctalia.nix @@ -1,17 +1,19 @@ { config, lib, ... }: let - inherit (lib) - mkOption - types + inherit (builtins) elem isList filter listToAttrs concatMap - nameValuePair attrNames isAttrs ; + inherit (lib) + mkOption + types + nameValuePair + ; filterAttrsRecursive' = pred: set: diff --git a/home/presets/basic.nix b/home/presets/basic.nix index 7d9ca55..41ca8ed 100755 --- a/home/presets/basic.nix +++ b/home/presets/basic.nix @@ -19,5 +19,6 @@ ../user/wm-service.nix ../user/ghostty.nix ../user/podman.nix + ../user/image-viewer.nix ]; } diff --git a/home/user/image-viewer.nix b/home/user/image-viewer.nix new file mode 100644 index 0000000..633fd55 --- /dev/null +++ b/home/user/image-viewer.nix @@ -0,0 +1,43 @@ +{ pkgs, ... }: +{ + home.packages = with pkgs; [ loupe ]; + + xdg.mimeApps = + let + value = "org.gnome.Loupe.desktop"; + + associations = builtins.listToAttrs ( + map + (name: { + inherit name value; + }) + [ + "image/png" + "image/jpeg" + "image/gif" + "image/bmp" + "image/webp" + "image/tiff" + "image/svg+xml" + "image/x-icon" + "image/avif" + "image/heif" + "image/heic" + "image/jxl" + "image/apng" + "image/x-raw" + "image/x-xbitmap" + "image/x-xpixmap" + "image/x-portable-bitmap" + "image/x-portable-graymap" + "image/x-portable-pixmap" + "image/x-tga" + "image/x-pcx" + ] + ); + in + { + associations.added = associations; + defaultApplications = associations; + }; +} diff --git a/home/user/nvf/default.nix b/home/user/nvf/default.nix index 8613edf..47ef48d 100755 --- a/home/user/nvf/default.nix +++ b/home/user/nvf/default.nix @@ -436,7 +436,10 @@ in ts-error-translator.enable = true; }; }; - python.enable = true; + python = { + enable = true; + format.type = [ "ruff" ]; + }; markdown = { enable = true; extensions = { diff --git a/home/user/yazi.nix b/home/user/yazi.nix index db424ca..4c72d47 100755 --- a/home/user/yazi.nix +++ b/home/user/yazi.nix @@ -7,7 +7,7 @@ }: let inherit (pkgs.stdenv.hostPlatform) system; - inherit (lib) getExe'; + inherit (lib) getExe' getExe; yaziPlugins = pkgs.fetchFromGitHub { owner = "yazi-rs"; repo = "plugins"; @@ -43,11 +43,11 @@ in enableFishIntegration = true; plugins = { - toggle-pane = ''${yaziPlugins}/toggle-pane.yazi''; - mount = ''${yaziPlugins}/mount.yazi''; - zoom = ''${yaziPlugins}/zoom''; - vcs-files = ''${yaziPlugins}/vcs-files''; - git = ''${yaziPlugins}/git''; + toggle-pane = "${yaziPlugins}/toggle-pane.yazi"; + mount = "${yaziPlugins}/mount.yazi"; + zoom = "${yaziPlugins}/zoom"; + vcs-files = "${yaziPlugins}/vcs-files"; + git = "${yaziPlugins}/git"; }; settings = { @@ -77,7 +77,7 @@ in ]; player = [ - { run = ''mpv --force-window "$1"''; } + { run = ''${getExe pkgs.mpv} --force-window "$1"''; } ]; open = [ diff --git a/home/user/zellij.nix b/home/user/zellij.nix index fc63a36..f39160c 100755 --- a/home/user/zellij.nix +++ b/home/user/zellij.nix @@ -21,7 +21,7 @@ let zellij-sessionizer-src = fetchurl { url = "https://raw.githubusercontent.com/dachxy/zellij-sessionizer/refs/heads/main/zellij-sessionizer"; - sha256 = "sha256:12kbni75x9g424bymky8cy84i354j654rfmz9bffnabbblccfbpn"; + sha256 = "sha256:0p6s2mwcya448vgag42akwlfmzr9nw1vxh6gv5lmz1xmyrhkysjd"; }; zellij-sessionizer = pkgs.writeShellScriptBin "zellij-sessionizer" '' diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index 557cc2a..957b5f0 100755 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -172,8 +172,6 @@ in "application/json" "application/pdf" "text/html" - "image/png" - "image/jpeg" ] ); in diff --git a/options/default.nix b/options/default.nix index de7b84b..07a9412 100755 --- a/options/default.nix +++ b/options/default.nix @@ -1,5 +1,6 @@ { imports = [ ./systemconf.nix + ./game/velocity.nix ]; } diff --git a/options/game/velocity.nix b/options/game/velocity.nix new file mode 100644 index 0000000..7621644 --- /dev/null +++ b/options/game/velocity.nix @@ -0,0 +1,152 @@ +{ + config, + lib, + pkgs, + ... +}: +let + inherit (pkgs.writers) writeTOML; + inherit (lib) + mkIf + mkOption + mkEnableOption + mkPackageOption + types + getExe + ; + cfg = config.services.velocity; + defaultSettings = { + config-version = "2.7"; + motd = "<#09add3>A Velocity Server"; + show-max-players = 500; + online-mode = true; + force-key-authentication = true; + prevent-client-proxy-connections = false; + player-info-forwarding-mode = "none"; + forwarding-secret-file = "forwarding.secret"; + announce-forge = false; + kick-existing-players = false; + ping-passthrough = "DISABLED"; + sample-players-in-ping = false; + enable-player-address-logging = true; + + servers = { + }; + + forced-hosts = { + }; + + advanced = { + compression-threshold = 256; + compression-level = -1; + login-ratelimit = 3000; + connection-timeout = 5000; + read-timeout = 30000; + haproxy-protocol = false; + tcp-fast-open = false; + bungee-plugin-message-channel = true; + show-ping-requests = false; + failover-on-unexpected-server-disconnect = true; + announce-proxy-commands = true; + log-command-executions = false; + log-player-connections = true; + accepts-transfers = false; + enable-reuse-port = false; + command-rate-limit = 50; + forward-commands-if-rate-limited = true; + kick-after-rate-limited-commands = 0; + tab-complete-rate-limit = 10; + kick-after-rate-limited-tab-completes = 0; + }; + + query = { + enabled = false; + port = 25565; + map = "Velocity"; + show-plugins = false; + }; + }; +in +{ + options.services.velocity = { + enable = mkEnableOption "Enable the minecraft proxy"; + package = mkPackageOption pkgs "velocity" { }; + user = mkOption { + type = types.str; + default = "velocity"; + }; + group = mkOption { + type = types.str; + default = "velocity"; + }; + + host = mkOption { + type = types.str; + default = "0.0.0.0"; + }; + + port = mkOption { + type = types.port; + default = 25565; + }; + + openFirewall = mkEnableOption "Open firewall for velocity" // { + default = true; + }; + + settings = mkOption { + type = + with types; + attrsOf (oneOf [ + attrs + str + int + bool + ]); + default = defaultSettings; + apply = + v: + defaultSettings + // { + bind = "${cfg.host}:${toString cfg.port}"; + } + // v; + }; + }; + + config = mkIf cfg.enable { + networking.firewall.allowedTCPPorts = mkIf cfg.openFirewall [ cfg.port ]; + + users.users.${cfg.user} = { + isSystemUser = true; + group = cfg.group; + }; + users.groups.${cfg.group} = { }; + + systemd.services.velocity = + let + configFile = writeTOML "velocity.toml" cfg.settings; + in + { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + User = cfg.user; + Group = cfg.group; + ExecStartPre = + let + configFilePath = "/var/lib/velocity/velocity.toml"; + in + [ + "${pkgs.coreutils}/bin/cp ${configFile} ${configFilePath}" + "${pkgs.coreutils}/bin/chmod 750 ${configFilePath}" + "${pkgs.coreutils}/bin/chown ${cfg.user}:${cfg.group} ${configFilePath}" + ]; + ExecStart = "${getExe cfg.package}"; + StateDirectory = "velocity"; + StateDirectoryMode = "0750"; + WorkingDirectory = "/var/lib/velocity"; + }; + }; + }; +} diff --git a/options/systemconf.nix b/options/systemconf.nix index 7c18aa5..3094cd9 100755 --- a/options/systemconf.nix +++ b/options/systemconf.nix @@ -1,4 +1,5 @@ { + self, inputs, config, pkgs, @@ -124,7 +125,12 @@ in useUserPackages = true; useGlobalPkgs = true; extraSpecialArgs = { - inherit helper inputs system; + inherit + helper + inputs + system + self + ; inherit (cfg) username hostname; }; sharedModules = [ diff --git a/system/dev/dn-pre7780/games/default.nix b/system/dev/dn-pre7780/games/default.nix index 4ddf930..640218e 100755 --- a/system/dev/dn-pre7780/games/default.nix +++ b/system/dev/dn-pre7780/games/default.nix @@ -3,6 +3,7 @@ ../../../modules/gaming.nix ./shadps4.nix ./minecraft.nix + ./lsgf-vk.nix ./heroic.nix ]; } diff --git a/system/dev/dn-pre7780/games/heroic.nix b/system/dev/dn-pre7780/games/heroic.nix index 3ce7bb7..47b278f 100755 --- a/system/dev/dn-pre7780/games/heroic.nix +++ b/system/dev/dn-pre7780/games/heroic.nix @@ -3,7 +3,11 @@ home-manager.sharedModules = [ { home.packages = with pkgs; [ - heroic + (heroic.override { + extraPkgs = pkgs: [ + pkgs.gamemode + ]; + }) ]; } ]; diff --git a/system/dev/dn-pre7780/games/lsgf-vk.nix b/system/dev/dn-pre7780/games/lsgf-vk.nix new file mode 100644 index 0000000..896dc21 --- /dev/null +++ b/system/dev/dn-pre7780/games/lsgf-vk.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: +{ + home-manager.sharedModules = [ + { + home.packages = with pkgs; [ + lsfg-vk + lsfg-vk-ui + ]; + } + ]; +} diff --git a/system/dev/dn-pre7780/games/minecraft.nix b/system/dev/dn-pre7780/games/minecraft.nix index f0123aa..1ff16b1 100755 --- a/system/dev/dn-pre7780/games/minecraft.nix +++ b/system/dev/dn-pre7780/games/minecraft.nix @@ -4,8 +4,6 @@ { home.packages = with pkgs; [ prismlauncher - lsfg-vk - lsfg-vk-ui ]; } ]; diff --git a/system/dev/dn-pre7780/home/wm/hyprland.nix b/system/dev/dn-pre7780/home/wm/hyprland.nix index 0891af9..1a55134 100755 --- a/system/dev/dn-pre7780/home/wm/hyprland.nix +++ b/system/dev/dn-pre7780/home/wm/hyprland.nix @@ -1,7 +1,14 @@ -{ pkgs, lib, ... }: +{ + self, + pkgs, + lib, + ... +}: let + serverCfg = self.nixosConfigurations.dn-server.config; + inherit (serverCfg.services.nextcloud) hostName; memeSelector = pkgs.callPackage ../../../../../home/scripts/memeSelector.nix { - url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; + url = "https://${hostName}/public.php/dav/files/pygHoPB5LxDZbeY/"; }; in { diff --git a/system/dev/dn-pre7780/network/default.nix b/system/dev/dn-pre7780/network/default.nix index cff9313..caf3094 100755 --- a/system/dev/dn-pre7780/network/default.nix +++ b/system/dev/dn-pre7780/network/default.nix @@ -1,6 +1,7 @@ { imports = [ ../../../modules/netbird-client.nix + ./openfortivpn.nix # ../../../modules/wireguard.nix ]; } diff --git a/system/dev/dn-pre7780/network/openfortivpn.nix b/system/dev/dn-pre7780/network/openfortivpn.nix new file mode 100644 index 0000000..16a7ba8 --- /dev/null +++ b/system/dev/dn-pre7780/network/openfortivpn.nix @@ -0,0 +1,27 @@ +{ + pkgs, + lib, + config, + ... +}: +let + inherit (lib) getExe; + inherit (config.sops) secrets; +in +{ + sops.secrets = { + "openfortivpn" = { }; + }; + + systemd.services.openfortivpn = { + script = '' + ${getExe pkgs.openfortivpn} -c "$CREDENTIALS_DIRECTORY/config" --set-dns=1 --use-resolvconf=1 + ''; + serviceConfig = { + Restart = "no"; + LoadCredential = [ + "config:${secrets."openfortivpn".path}" + ]; + }; + }; +} diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index df55e8e..fff90ce 100755 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -4,6 +4,5 @@ # ./mail.nix ./nginx.nix # ./pangolin.nix - # ./nextcloud.nix ]; } diff --git a/system/dev/dn-pre7780/services/mail.nix b/system/dev/dn-pre7780/services/mail.nix index 2175705..27bcb9c 100755 --- a/system/dev/dn-pre7780/services/mail.nix +++ b/system/dev/dn-pre7780/services/mail.nix @@ -6,6 +6,7 @@ }: let inherit (lib) mkIf; + inherit (config.networking) domain; mkCondition = ( condition: ithen: ielse: [ { @@ -18,7 +19,6 @@ let rspamdWebPort = 11333; rspamdPort = 31009; - domain = "dnywe.com"; fqdn = "mx1.dnywe.com"; rspamdSecretFile = config.sops.secrets."rspamd".path; @@ -202,18 +202,4 @@ in ''; }; }; - - services.mail-ntfy-server = { - enable = true; - settings = { - NTFY_URL = "https://ntfy.net.dn"; - NTFY_TOPIC = "dachxy-mail"; - NTFY_RCPTS = [ "dachxy@dnywe.com" ]; - HOST = "127.0.0.1"; - PORT = 31010; - }; - environmentFiles = [ - config.sops.secrets."ntfy".path - ]; - }; } diff --git a/system/dev/dn-pre7780/services/nextcloud.nix b/system/dev/dn-pre7780/services/nextcloud.nix deleted file mode 100755 index d5f324d..0000000 --- a/system/dev/dn-pre7780/services/nextcloud.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkIf mkForce; - hostname = "drive.dnywe.com"; - port = 31007; -in -{ - sops.secrets = { - "nextcloud/adminPassword" = mkIf config.services.nextcloud.enable { - owner = "nextcloud"; - group = "nextcloud"; - }; - "nextcloud/signaling.conf" = mkIf config.services.nextcloud.enable { - owner = "signaling"; - group = "signaling"; - mode = "0640"; - }; - "nextcloud/whiteboard" = mkIf config.services.nextcloud.enable { - owner = "nextcloud"; - }; - }; - - imports = [ - (import ../../../modules/nextcloud.nix { - configureACME = false; - hostname = hostname; - adminpassFile = config.sops.secrets."nextcloud/adminPassword".path; - trusted-domains = [ - hostname - ]; - trusted-proxies = [ "10.0.0.0/24" ]; - whiteboardSecrets = [ - config.sops.secrets."nextcloud/whiteboard".path - ]; - }) - ]; - - services.nextcloud = { - # enable = mkForce false; - https = mkForce false; - extraApps = { - inherit (config.services.nextcloud.package.packages.apps) spreed; - twofactor_totp = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/twofactor_totp/releases/download/v6.4.1/twofactor_totp-v6.4.1.tar.gz"; - sha256 = "sha256-Wa2P6tpp75IxCsTG4B5DQ8+iTzR7yjKBi4ZDBcv+AOI="; - license = "agpl3Plus"; - }; - - twofactor_nextcloud_notification = pkgs.fetchNextcloudApp { - url = "https://github.com/nextcloud-releases/twofactor_nextcloud_notification/releases/download/v3.9.0/twofactor_nextcloud_notification-v3.9.0.tar.gz"; - sha256 = "sha256-4fXWgDeiup5/Gm9hdZDj/u07rp/Nzwly53aLUT/d0IU="; - license = "agpl3Plus"; - }; - - twofactor_email = pkgs.fetchNextcloudApp { - url = "https://github.com/nursoda/twofactor_email/releases/download/2.8.2/twofactor_email.tar.gz"; - sha256 = "sha256-zk5DYNwoIRTIWrchWDiCHuvAST2kuIoow6VaHAAzYog="; - license = "agpl3Plus"; - }; - }; - }; - - users.groups.signaling = mkIf config.services.nextcloud.enable { - }; - - users.users.signaling = mkIf config.services.nextcloud.enable { - isSystemUser = true; - group = "signaling"; - }; - - systemd.services.nextcloud-spreed-signaling = mkIf config.services.nextcloud.enable { - requiredBy = [ - "multi-users.target" - "phpfpm-nextcloud.service" - ]; - serviceConfig = { - User = "signaling"; - Group = "signaling"; - ExecStart = "${lib.getExe' pkgs.nextcloud-spreed-signaling "server"} --config ${ - config.sops.secrets."nextcloud/signaling.conf".path - }"; - }; - }; - - services.nats = mkIf config.services.nextcloud.enable { - enable = true; - settings = { - host = "127.0.0.1"; - }; - }; - - services.nginx.virtualHosts."${hostname}".listen = lib.mkForce [ - { - port = port; - addr = "0.0.0.0"; - } - ]; -} diff --git a/system/dev/dn-pre7780/services/nginx.nix b/system/dev/dn-pre7780/services/nginx.nix index 3ec86d5..a18cb43 100755 --- a/system/dev/dn-pre7780/services/nginx.nix +++ b/system/dev/dn-pre7780/services/nginx.nix @@ -1,4 +1,8 @@ -{ config, ... }: +{ self, config, ... }: +let + serverCfg = self.nixosConfigurations.dn-server.config; + inherit (serverCfg.networking) domain; +in { networking.firewall.allowedTCPPorts = [ 443 @@ -10,7 +14,7 @@ defaults = { validMinDays = 2; webroot = null; - server = "https://ca.net.dn/acme/acme/directory"; + server = "https://ca.${domain}/acme/acme/directory"; renewInterval = "daily"; email = "danny@pre7780.dn"; dnsResolver = "10.0.0.1:53"; diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index 9fa4e7c..10cca37 100755 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -1,5 +1,6 @@ wireguard: wg0.conf: ENC[AES256_GCM,data:ozySeNEvkiLt9TGrZCrlJWKT5gcSlZ9T8AeXGO97SPgxI394eCQ/LOkVFl7AykhZvs7YkxMpZzAZxc0oNdTYuDlqfrNr0pqTUJmpX+5PVRmDb5z2MJvERktVkJ4LSvVodoYznDwT/y9q199AFKf3t4EoWuRyR/il6P8HuGVHXrKRYUrwuB4nuq1SIByY+8D2gzohFB/s6pSOPYy6/xCt0Nm+x0wmcdrlyOb0S+4WXlcou2ll98o9q2YDdVBKeW4jyUjFqXM2XzD0JXpAi9ZFlyzxyYNwa4oMYATyCBCH4BNHqe850QHEoCaOovioEdDH/tluB2X/891ixqzURypzbg==,iv:3Q5xOgGcg8/DIwHt4fHsQGtN8f2hGpVDtf47PcwW62I=,tag:SbJqhWi3+h1O5ZIOayDrUw==,type:str] +openfortivpn: ENC[AES256_GCM,data:rWv6kZDYO4yKmrEfm63X7qin0veSx7U/ZZFPM0vxBPjIzh7VZg6wCjJ1pHpSpCT0DS39TA/Z5xhH4l+gOUHMxeuKw1Zn96DxccdpGs+WMdgis8LJc42Qmfnmdw==,iv:QEgbiRV2B5LG7X9KXcln04nUedbV7GiS+3E5AihVbXw=,tag:rGerAwx0FeRLGPBCePdo/w==,type:str] netbird: wt0-setupKey: ENC[AES256_GCM,data:166VX+rgzxhar+GFKxA5d8G3/9ewISdv2hUSwvbggyyjwwvE,iv:w8p4gDP6U0ZONX59t2dnglTC9S2dW2TX5A4OoCzRuzM=,tag:zf3jvlERJtM+osBd4ZQjMA==,type:str] dovecot: @@ -26,6 +27,8 @@ crowdsec: rspamd: ENC[AES256_GCM,data:8DryYdMyhzBqwqcbYUQ=,iv:5w21u3xqshRSf8IJbG16/Gf6AC2Zw6VnI3MOchN+w8A=,tag:OiiYUDT69SZObgOh1qCL0g==,type:str] pangolin: env: ENC[AES256_GCM,data:f5Pq+DE9PeRyOKeygREuovlqOMhe/bmTOrBA7Px3Oq+pWG5kGwnxqDdP/PwawJAskQPC9LN+QP6hIPNrJbPyxtk87hoRMb/3X0ggOw==,iv:yqqQizPwf3EfCelczf/7piH9kYiAwGLTtassvQ8oXNs=,tag:UzVuKIS8WZNAHgpLkzc9XA==,type:str] +velocity: ENC[AES256_GCM,data:Q1Bfiks3/0XsBfouqck9PJr9QmZv/2ayd2qEFNPVz+GW3JpzIPEf2uGn06u7U+ZFtSuV12jG+3fhGhMh+UT3,iv:PHZLyLhNb9NE1J/Tsm35K4g6WMnR/9EYfVrsuDFbaNE=,tag:SCJgjDjaHkLffX8JiWTKsA==,type:str] +fabricProxy: ENC[AES256_GCM,data:MXukmKmMBRXCfeW6MBlfJU3cMZ/Y8sysFxiW0g3MOXnEcySu5tN5uuNhuorWNNknemRWayAaozU+d21UWbHmVez1inVQX193EnlTnDaZ,iv:ih2l1rimFqupZlu3NrGaCL7IMM0SPW6YZkMnk8mtXvc=,tag:wxNatJHNB3isKDuprxl7Fw==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -37,7 +40,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-07T08:17:20Z" - mac: ENC[AES256_GCM,data:M9hBNU2KetaGEhJnYW10nWEWetFWs9c5gPN/0W6UIOsP2Y9E2d8J09Ary9O9z6TjjxqkS+H15SQfo6bjuc19jSwtdQ/scqy9nV1H0pOEHzWj8zG/bzC71WmwhZbx4+1cK83HYS9pJhzbO+5tbOK75GwJscXAhXKDzzNBmTW2Y3U=,iv:qozD5Z2uiI5vFApsRVkjiXLOPATs3VV0PDk5szX+mrc=,tag:WpM+Ab9U2q9GR0qvyMZO8w==,type:str] + lastmodified: "2026-01-20T05:40:32Z" + mac: ENC[AES256_GCM,data:2UM15E3aYMunypx6THZTwHdedmUWYKQGgPEqMmT1D/CkWcCmau0Yk2nhALjcXWLuODlkedrjm6tYSPg7Yv/eZUnUwfI9reBAfoGBbJLCIoAloomzzm21xDvIJOco9xyHPKwT4buYYA/mylJvrSi07G0qRM6tINQjhEvVsDIbFR0=,iv:lPo3U/eCSZx6MmqvoTUpk+u6E+fFgED4eq0EF/jk/hs=,tag:b8XyedLJ706LplFF/VafAg==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-pre7780/utility/davinci-resolve.nix b/system/dev/dn-pre7780/utility/davinci-resolve.nix index 6b95868..bf8d6c2 100755 --- a/system/dev/dn-pre7780/utility/davinci-resolve.nix +++ b/system/dev/dn-pre7780/utility/davinci-resolve.nix @@ -1,5 +1,5 @@ { imports = [ - ../../../modules/davinci-resolve.nix + # ../../../modules/davinci-resolve.nix ]; } diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 0040b7b..53ad4f3 100755 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -1,9 +1,11 @@ { hostname }: { pkgs, + config, ... }: let + inherit (config.networking) domain; username = "danny"; in { @@ -17,7 +19,7 @@ in "maps.rspamd.com" "cdn-hub.crowdsec.net" "api.crowdsec.net" - "mx1.dnywe.com" + "mx1.${domain}" ]; allowedIPs = [ "127.0.0.1" @@ -58,4 +60,16 @@ in environment.systemPackages = with pkgs; [ openssl ]; + + users.users = { + root.openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" + ]; + + "${username}".openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn" + ]; + }; } diff --git a/system/dev/dn-server/network/nginx.nix b/system/dev/dn-server/network/nginx.nix index 733924b..05a9d18 100755 --- a/system/dev/dn-server/network/nginx.nix +++ b/system/dev/dn-server/network/nginx.nix @@ -2,22 +2,12 @@ config, ... }: +let + inherit (config.networking) domain; + + gcpIP = "10.10.0.1"; +in { - security.acme = { - acceptTerms = true; - defaults = { - validMinDays = 2; - server = "https://10.0.0.1:${toString config.services.step-ca.port}/acme/acme/directory"; - renewInterval = "daily"; - email = "danny@net.dn"; - dnsProvider = "pdns"; - dnsPropagationCheck = false; - environmentFile = config.sops.secrets."acme/env".path; - }; - }; - - users.users.nginx.extraGroups = [ "acme" ]; - services.nginx = { enable = true; enableReload = true; @@ -26,44 +16,10 @@ recommendedTlsSettings = true; recommendedProxySettings = true; - virtualHosts = { - "files.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - - root = "/var/www/files"; - locations."/" = { - extraConfig = '' - autoindex on; - autoindex_exact_size off; - autoindex_localtime on; - ''; - }; - - extraConfig = '' - types { - image/png png; - image/jpeg jpg jpeg; - image/gif gif; - } - ''; - }; - - "webcam.net.dn" = { - enableACME = true; - forceSSL = true; - - locations."/ws/" = { - proxyPass = "http://10.0.0.130:8080/"; - extraConfig = '' - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - ''; - }; - - locations."/".proxyPass = "http://10.0.0.130:8001/phone.html"; - }; + virtualHosts."manage.stalwart.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://${gcpIP}:8081"; }; }; } diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index f67a42d..4ebcb40 100755 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -6,11 +6,12 @@ }: let inherit (builtins) concatStringsSep; - inherit (config.systemConf) username security; + inherit (config.systemConf) security domain; inherit (lib) mkForce optionalString; inherit (helper.nftables) mkElementsStatement; netbirdCfg = config.services.netbird; + netbirdRange = "100.64.0.0/16"; ethInterface = "enp0s31f6"; sshPorts = [ 30072 ]; @@ -35,7 +36,7 @@ let allowedSSHIPs = concatStringsSep ", " [ "122.117.215.55" "192.168.100.1/24" - "100.64.0.0/16" + netbirdRange personal.range ]; @@ -173,8 +174,6 @@ in "10.0.0.0/24" ]; - services.resolved.enable = mkForce false; - networking = { nat = { enable = true; @@ -189,12 +188,10 @@ in allowedUDPPorts = [ 53 personal.port - 25565 5359 ]; allowedTCPPorts = sshPorts ++ [ 53 - 25565 5359 ]; }; @@ -233,15 +230,18 @@ in ct state vmap { invalid : drop, established : accept, related : accept } + # Allow Incoming DNS qeury udp dport 53 accept tcp dport 53 accept tcp dport { ${sshPortsString} } jump ssh-filter + # Allow Netbird UDP + udp dport { ${toString netbirdCfg.clients.wt0.port} } accept + iifname ${netbirdCfg.clients.wt0.interface} accept iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port} } accept iifname ${infra.interface} ip saddr ${infra.range} accept iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet - iifname ${netbirdCfg.clients.wt0.interface} accept drop } @@ -258,7 +258,7 @@ in # Allow UDP hole punching ${optionalString ( netbirdCfg.clients ? wt0 - ) ''udp sport ${toString netbirdCfg.clients.wt0.port} accept''} + ) "udp sport ${toString netbirdCfg.clients.wt0.port} accept"} meta skuid ${toString config.users.users.systemd-timesync.uid} accept @@ -281,6 +281,8 @@ in meta l4proto { icmp, ipv6-icmp } accept + ct state vmap { invalid : drop, established : accept, related : accept } + iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet iifname ${infra.interface} ip saddr ${infra.ip} accept @@ -309,7 +311,7 @@ in ips = [ personal.ip ]; listenPort = personal.port; privateKeyFile = config.sops.secrets."wireguard/privateKey".path; - peers = builtins.map (r: { + peers = map (r: { inherit (r) publicKey allowedIPs; }) (fullRoute ++ meshRoute); }; @@ -321,27 +323,6 @@ in dbus.enable = true; blueman.enable = true; - postgresql = { - enable = lib.mkDefault true; - authentication = '' - host powerdnsadmin powerdnsadmin 127.0.0.1/32 trust - ''; - ensureUsers = [ - { - name = "powerdnsadmin"; - ensureDBOwnership = true; - } - { - name = "pdns"; - ensureDBOwnership = true; - } - ]; - ensureDatabases = [ - "powerdnsadmin" - "pdns" - ]; - }; - openssh = { enable = true; ports = mkForce sshPorts; @@ -352,106 +333,12 @@ in }; }; - powerdns = { - enable = true; - extraConfig = '' - launch=gpgsql - loglevel=6 - webserver-password=$WEB_PASSWORD - api=yes - api-key=$WEB_PASSWORD - gpgsql-host=/var/run/postgresql - gpgsql-dbname=pdns - gpgsql-user=pdns - gpgsql-dnssec=yes - webserver=yes - webserver-port=8081 - local-port=5359 - dnsupdate=yes - primary=yes - secondary=no - allow-dnsupdate-from=10.0.0.0/24 - allow-axfr-ips=10.0.0.0/24 - also-notify=10.0.0.148:53 - ''; - secretFile = config.sops.secrets.powerdns.path; - }; - - pdns-recursor = { - enable = true; - forwardZones = { - "dn." = "127.0.0.1:5359"; - }; - forwardZonesRecurse = { - # ==== Rspamd DNS ==== # - "multi.uribl.com." = "168.95.1.1"; - "score.senderscore.com." = "168.95.1.1"; - "list.dnswl.org." = "168.95.1.1"; - "dwl.dnswl.org." = "168.95.1.1"; - - # ==== Others ==== # - "tw." = "168.95.1.1"; - "." = "8.8.8.8"; - }; - dnssecValidation = "off"; - dns.allowFrom = [ - "127.0.0.0/8" - "10.0.0.0/24" - "192.168.100.0/24" - ]; - dns.port = 5300; - yaml-settings = { - webservice.webserver = true; - recordcache.max_negative_ttl = 60; - }; - }; - - dnsdist = { - enable = true; - extraConfig = '' - newServer("127.0.0.1:${toString config.services.pdns-recursor.dns.port}") - addDOHLocal("0.0.0.0:8053", nil, nil, "/", { reusePort = true }) - getPool(""):setCache(newPacketCache(65535, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})) - ''; - }; - - powerdns-admin = { - enable = true; - secretKeyFile = config.sops.secrets."powerdns-admin/secret".path; - saltFile = config.sops.secrets."powerdns-admin/salt".path; - config = - # python - '' - import cachelib - BIND_ADDRESS = "127.0.0.1" - PORT = 8081 - SESSION_TYPE = 'cachelib' - SESSION_CACHELIB = cachelib.simple.SimpleCache() - SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=localhost' - ''; - }; - xserver = { enable = false; xkb.layout = "us"; }; }; - systemd.services.pdns-recursor.before = [ "acme-setup.service" ]; - systemd.services.pdns.before = [ "acme-setup.service" ]; - - users.users = { - root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" - ]; - - "${username}".openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSAOufpee7f8D8ONIIGU3qsN+8+DGO7BfZnEOTYqtQ5 danny@pre7780.dn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFQA42R3fZmjb9QnUgzzOTIXQBC+D2ravE/ZLvdjoOQ danny@lap.dn" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILSHkPa6vmr5WBPXAazY16+Ph1Mqv9E24uLIf32oC2oH danny@phone.dn" - ]; - }; - systemConf.security = { allowedDomains = [ "registry-1.docker.io" @@ -466,52 +353,19 @@ in image = "louislam/uptime-kuma:2"; volumes = [ "/var/lib/uptime-kuma:/app/data" - "${config.security.pki.caBundle}:/etc/ca.crt:ro" ]; - environment = { - NODE_EXTRA_CA_CERTS = "/etc/ca.crt"; - }; }; }; }; }; - systemd.services.raspamd-trainer = { + systemd.services.rspamd-trainer = { after = [ "pdns-recursor.service" ]; }; - services.nginx.virtualHosts = { - "dns.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/dns-query" = { - extraConfig = '' - grpc_pass grpc://127.0.0.1:${toString 8053}; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Protocol $scheme; - proxy_set_header Range $http_range; - proxy_set_header If-Range $http_if_range; - ''; - }; - }; - "powerdns.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/api".proxyPass = "http://127.0.0.1:8081"; - locations."/".proxyPass = "http://127.0.0.1:8000"; - }; - "uptime.${config.networking.domain}" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:3001"; - }; + services.nginx.virtualHosts."uptime.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:3001"; }; - - nix.settings.trusted-users = [ - username - ]; } diff --git a/system/dev/dn-server/network/step-ca.nix b/system/dev/dn-server/network/step-ca.nix index 8ac7ced..c126215 100755 --- a/system/dev/dn-server/network/step-ca.nix +++ b/system/dev/dn-server/network/step-ca.nix @@ -1,4 +1,7 @@ { pkgs, config, ... }: +let + inherit (config.networking) domain; +in { environment.systemPackages = with pkgs; [ step-cli ]; @@ -57,7 +60,7 @@ Bq-3sY8n13Dv0E6yx2hVIAlzLj3aE29LC4A2j81vW5MtpaM27lMpg.cwlqZ-8l1iZNeeS9.idRpRJ9zB }; dnsNames = [ "10.0.0.1" - "ca.net.dn" + "ca.${domain}" ]; federatedRoots = null; insecureAddress = ""; @@ -81,8 +84,8 @@ Bq-3sY8n13Dv0E6yx2hVIAlzLj3aE29LC4A2j81vW5MtpaM27lMpg.cwlqZ-8l1iZNeeS9.idRpRJ9zB intermediatePasswordFile = config.sops.secrets."step_ca/password".path; }; - services.nginx.virtualHosts."ca.net.dn" = { - enableACME = true; + services.nginx.virtualHosts."ca.${domain}" = { + useACMEHost = domain; forceSSL = true; locations."/" = { proxyPass = "https://10.0.0.1:8443/"; diff --git a/system/dev/dn-server/services/acme.nix b/system/dev/dn-server/services/acme.nix new file mode 100644 index 0000000..76d7980 --- /dev/null +++ b/system/dev/dn-server/services/acme.nix @@ -0,0 +1,59 @@ +{ + config, + pkgs, + ... +}: +let + inherit (config.sops) secrets; +in +{ + users.users.nginx.extraGroups = [ "acme" ]; + + sops.secrets = { + "acme/pdns" = { + mode = "0660"; + owner = "acme"; + group = "acme"; + }; + + "acme/cloudflare" = { + mode = "0640"; + }; + }; + + systemConf.security.allowedDomains = [ + "acme-v02.api.letsencrypt.org" + "api.cloudflare.com" + ]; + + security.acme = { + acceptTerms = true; + defaults = { + server = "https://10.0.0.1:${toString config.services.step-ca.port}/acme/acme/directory"; + validMinDays = 2; + renewInterval = "daily"; + email = "danny@net.dn"; + dnsProvider = "pdns"; + dnsPropagationCheck = false; + environmentFile = secrets."acme/pdns".path; + }; + + certs."dnywe.com" = { + domain = "*.dnywe.com"; + extraDomainNames = [ + "*.stalwart.dnywe.com" + ]; + server = "https://acme-v02.api.letsencrypt.org/directory"; + dnsProvider = "cloudflare"; + dnsResolver = "1.1.1.1:53"; + email = "postmaster@dnywe.com"; + dnsPropagationCheck = true; + environmentFile = pkgs.writeText "lego-config" '' + LEGO_CA_CERTIFICATES=${config.security.pki.caBundle} + ''; + credentialFiles = { + "CLOUDFLARE_DNS_API_TOKEN_FILE" = secrets."acme/cloudflare".path; + }; + }; + }; +} diff --git a/system/dev/dn-server/services/actual-budget.nix b/system/dev/dn-server/services/actual-budget.nix index 1bf255f..7ba8a37 100755 --- a/system/dev/dn-server/services/actual-budget.nix +++ b/system/dev/dn-server/services/actual-budget.nix @@ -1,7 +1,37 @@ +{ config, ... }: +let + inherit (config.networking) domain; + inherit (config.sops) secrets; + + hostname = "actual.${domain}"; + oidcURL = "https://${config.services.keycloak.settings.hostname}/realms/master"; +in { + sops.secrets."actual/clientSecret" = { + owner = "actual"; + group = "actual"; + mode = "640"; + }; + imports = [ (import ../../../modules/actual { - fqdn = "actual.net.dn"; + fqdn = hostname; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; + + services.actual.settings = { + loginMethod = "openid"; + allowedLoginMethods = [ "openid" ]; + openId = { + discoveryURL = "${oidcURL}/.well-known/openid-configuration"; + client_id = "actual"; + client_secret._secret = secrets."actual/clientSecret".path; + server_hostname = "https://${hostname}"; + authMethod = "openid"; + }; + }; } diff --git a/system/dev/dn-server/services/bitwarden.nix b/system/dev/dn-server/services/bitwarden.nix index 6710ae0..9319023 100755 --- a/system/dev/dn-server/services/bitwarden.nix +++ b/system/dev/dn-server/services/bitwarden.nix @@ -1,7 +1,16 @@ +{ config, ... }: +let + inherit (config.networking) domain; + hostname = "bitwarden.${domain}"; +in { imports = [ (import ../../../modules/vaultwarden.nix { - domain = "bitwarden.net.dn"; + domain = hostname; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; } diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix index d427c8c..fb46780 100755 --- a/system/dev/dn-server/services/default.nix +++ b/system/dev/dn-server/services/default.nix @@ -12,10 +12,8 @@ ./keycloak.nix ./netbird.nix ./hideTTY.nix - # (import ../../../modules/opencloud.nix { - # fqdn = "opencloud.net.dn"; - # envFile = config.sops.secrets."opencloud".path; - # }) - (import ./ntfy.nix { fqdn = "ntfy.net.dn"; }) + ./dns.nix + ./acme.nix + ./ntfy.nix ]; } diff --git a/system/dev/dn-server/services/dns.nix b/system/dev/dn-server/services/dns.nix new file mode 100644 index 0000000..2b499c6 --- /dev/null +++ b/system/dev/dn-server/services/dns.nix @@ -0,0 +1,164 @@ +{ config, lib, ... }: +let + inherit (builtins) listToAttrs; + inherit (lib) nameValuePair mkForce; + inherit (config.sops) secrets; + inherit (config.networking) domain; + + splitDNS = listToAttrs ( + map (x: nameValuePair x "127.0.0.1:5359") [ + "${domain}." + ] + ); +in +{ + services.resolved.enable = mkForce false; + + sops.secrets = { + "powerdns-admin/secret" = { + mode = "0660"; + owner = "powerdnsadmin"; + group = "powerdnsadmin"; + }; + "powerdns-admin/salt" = { + mode = "0660"; + owner = "powerdnsadmin"; + group = "powerdnsadmin"; + }; + powerdns = { + mode = "0660"; + owner = "pdns"; + group = "pdns"; + }; + }; + + services.postgresql = { + enable = true; + authentication = '' + host powerdnsadmin powerdnsadmin 127.0.0.1/32 trust + ''; + ensureUsers = [ + { + name = "powerdnsadmin"; + ensureDBOwnership = true; + } + { + name = "pdns"; + ensureDBOwnership = true; + } + ]; + ensureDatabases = [ + "powerdnsadmin" + "pdns" + ]; + }; + + services.powerdns = { + enable = true; + extraConfig = '' + launch=gpgsql + loglevel=6 + webserver-password=$WEB_PASSWORD + api=yes + api-key=$WEB_PASSWORD + gpgsql-host=/var/run/postgresql + gpgsql-dbname=pdns + gpgsql-user=pdns + gpgsql-dnssec=yes + webserver=yes + webserver-port=8081 + local-port=5359 + dnsupdate=yes + primary=yes + secondary=no + allow-dnsupdate-from=10.0.0.0/24 + allow-axfr-ips=10.0.0.0/24 + also-notify=10.0.0.148:53 + ''; + secretFile = secrets.powerdns.path; + }; + + services.pdns-recursor = { + enable = true; + forwardZones = { + "dn." = "127.0.0.1:5359"; + } + // splitDNS; + forwardZonesRecurse = { + # ==== Rspamd DNS ==== # + "multi.uribl.com." = "168.95.1.1"; + "score.senderscore.com." = "168.95.1.1"; + "list.dnswl.org." = "168.95.1.1"; + "dwl.dnswl.org." = "168.95.1.1"; + + # ==== Others ==== # + "tw." = "168.95.1.1"; + "." = "1.1.1.1"; + }; + dnssecValidation = "off"; + dns.allowFrom = [ + "127.0.0.0/8" + "10.0.0.0/24" + "192.168.100.0/24" + ]; + dns.port = 5300; + yaml-settings = { + webservice.webserver = true; + recordcache.max_negative_ttl = 60; + }; + }; + + services.dnsdist = { + enable = true; + extraConfig = '' + newServer("127.0.0.1:${toString config.services.pdns-recursor.dns.port}") + addDOHLocal("0.0.0.0:8053", nil, nil, "/", { reusePort = true }) + getPool(""):setCache(newPacketCache(65535, {maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false})) + ''; + }; + + services.powerdns-admin = { + enable = true; + secretKeyFile = config.sops.secrets."powerdns-admin/secret".path; + saltFile = config.sops.secrets."powerdns-admin/salt".path; + config = + # python + '' + import cachelib + BIND_ADDRESS = "127.0.0.1" + PORT = 8081 + SESSION_TYPE = 'cachelib' + SESSION_CACHELIB = cachelib.simple.SimpleCache() + SQLALCHEMY_DATABASE_URI = 'postgresql://powerdnsadmin@/powerdnsadmin?host=localhost' + ''; + }; + + services.nginx.virtualHosts = { + "dns.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/dns-query" = { + extraConfig = '' + grpc_pass grpc://127.0.0.1:${toString 8053}; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header Range $http_range; + proxy_set_header If-Range $http_if_range; + ''; + }; + }; + "powerdns.${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/api".proxyPass = "http://127.0.0.1:8081"; + locations."/".proxyPass = "http://127.0.0.1:8000"; + }; + }; + + systemd.services.pdns-recursor.before = [ "acme-setup.service" ]; + systemd.services.pdns.before = [ "acme-setup.service" ]; +} diff --git a/system/dev/dn-server/services/forgejo.nix b/system/dev/dn-server/services/forgejo.nix index 902307b..495b700 100755 --- a/system/dev/dn-server/services/forgejo.nix +++ b/system/dev/dn-server/services/forgejo.nix @@ -1,8 +1,10 @@ { lib, config, ... }: let + inherit (config.networking) domain; + cfg = config.services.forgejo; srv = cfg.settings.server; - domain = "git.dnywe.com"; + hostname = "git.${domain}"; mailServer = "mx1.net.dn"; forgejoOwner = { @@ -39,7 +41,7 @@ in settings = { server = { - DOMAIN = domain; + DOMAIN = hostname; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 32006; SSH_PORT = lib.head config.services.openssh.ports; @@ -69,4 +71,10 @@ in server.SECRET_KEY = config.sops.secrets."forgejo/server/secretKey".path; }; }; + + services.nginx.virtualHosts.${hostname} = { + useACMEHost = domain; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; + }; } diff --git a/system/dev/dn-server/services/keycloak.nix b/system/dev/dn-server/services/keycloak.nix index 210b692..2a3136c 100755 --- a/system/dev/dn-server/services/keycloak.nix +++ b/system/dev/dn-server/services/keycloak.nix @@ -2,7 +2,7 @@ { lib, config, ... }: let inherit (lib) mkForce; - domain = "dnywe.com"; + inherit (config.networking) domain; cfg = config.services.keycloak; in { @@ -12,6 +12,9 @@ in }; }; - # Disable nginx reverse proxy - services.nginx.virtualHosts."${cfg.settings.hostname}" = mkForce { }; + services.nginx.virtualHosts."${cfg.settings.hostname}" = { + useACMEHost = domain; + forceSSL = true; + enableACME = mkForce false; + }; } diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index c390a9a..2d83e7b 100755 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -46,7 +46,7 @@ in ''; webmail = { enable = true; - hostname = "mail.${domain}"; + hostname = "mail.dnywe.com"; }; keycloak = { dbSecretFile = config.sops.secrets."oauth/password".path; diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index c6b4208..c708af1 100755 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -8,7 +8,10 @@ let inherit (helper.grafana) mkDashboard; inherit (lib) optionalAttrs optional; - inherit (config.networking) hostName; + inherit (config.networking) hostName domain; + + grafanaHostname = "grafana.${domain}"; + prometheusHostname = "metrics.${domain}"; datasourceTemplate = [ { @@ -55,7 +58,7 @@ in { imports = [ (import ../../../modules/prometheus.nix { - fqdn = "metrics.net.dn"; + fqdn = prometheusHostname; selfMonitor = true; configureNginx = true; scrapes = [ @@ -108,7 +111,7 @@ in }) (import ../../../modules/grafana.nix { - domain = "grafana.net.dn"; + domain = grafanaHostname; passFile = config.sops.secrets."grafana/password".path; smtpHost = "${config.mail-server.hostname}.${config.mail-server.domain}:465"; smtpDomain = config.mail-server.domain; @@ -194,4 +197,13 @@ in }; enable = true; }; + + services.nginx.virtualHosts = { + "${grafanaHostname}" = { + useACMEHost = domain; + }; + "${prometheusHostname}" = { + useACMEHost = domain; + }; + }; } diff --git a/system/dev/dn-server/services/minecraft-server.nix b/system/dev/dn-server/services/minecraft-server.nix index 1eeb44b..d48a08e 100755 --- a/system/dev/dn-server/services/minecraft-server.nix +++ b/system/dev/dn-server/services/minecraft-server.nix @@ -1,9 +1,32 @@ -{ pkgs, ... }: +{ + pkgs, + config, + lib, + inputs, + ... +}: let - modpack = pkgs.fetchPackwizModpack { + inherit (config.sops) secrets; + inherit (inputs.nix-minecraft.lib) collectFilesAt; + + modpack-shaderRetired = pkgs.fetchPackwizModpack { url = "https://git.dnywe.com/dachxy/shader-retired-modpack/raw/branch/main/pack.toml"; packHash = "sha256-NPMS8j5NXbtbsso8R4s4lhx5L7rQJdek62G2Im3JdmM="; }; + + modpack-landscape = pkgs.fetchPackwizModpack { + url = "https://git.dnywe.com/dachxy/landscape-modpack/raw/branch/main/pack.toml"; + packHash = "sha256-mQSE4PMrOupARpEIzdzg+gOD0VQGII4MrBUyr8VevKk="; + }; + + fabricProxy = pkgs.fetchurl rec { + pname = "FabricProxy-Lite"; + version = "2.11.0"; + url = "https://cdn.modrinth.com/data/8dI2tmqs/versions/nR8AIdvx/${pname}-${version}.jar"; + hash = "sha256-68er6vbAOsYZxwHrszLeaWbG2D7fq/AkNHIMj8PQPNw="; + }; + + velocityCfg = config.services.velocity; in { systemConf.security.allowedDomains = [ @@ -13,29 +36,110 @@ in "login.microsoftonline.com" ]; + sops.secrets."velocity" = { + owner = velocityCfg.user; + }; + + sops.secrets."fabricProxy" = { + owner = "minecraft"; + }; + + services.velocity = { + enable = true; + openFirewall = true; + host = "0.0.0.0"; + port = 25565; + settings = { + motd = "<#09add3>POG, MC server!"; + player-info-forwarding-mode = "modern"; + forwarding-secret-file = "${secrets."velocity".path}"; + + servers = { + shader-retired = "127.0.0.1:30066"; + landscape = "127.0.0.1:30067"; + + try = [ + "shader-retired" + ]; + }; + + forced-hosts = { + "server.vnet.dn" = [ + "shader-retired" + ]; + "retired.mc.dnywe.com" = [ + "shader-retired" + ]; + "landscape.mc.dnywe.com" = [ + "landscape" + ]; + }; + }; + }; + services.minecraft-servers = { enable = true; eula = true; }; - services.minecraft-servers.servers.shader-retired = { - enable = true; - autoStart = true; - openFirewall = true; - package = pkgs.fabric-server; - symlinks = { - "mods" = "${modpack}/mods"; - }; - serverProperties = { + services.minecraft-servers.servers = { + shader-retired = + let + mcVersion = modpack-shaderRetired.manifest.versions.minecraft; + fabricVersion = modpack-shaderRetired.manifest.versions.fabric; + serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; + in + { + enable = true; + autoStart = true; + jvmOpts = "-Xms2144M -Xmx8240M"; + package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; + symlinks = collectFilesAt modpack-shaderRetired "mods" // { + "mods/FabricProxy-Lite.jar" = fabricProxy; + }; + files = { + "config/FabricProxy-Lite.toml" = "${secrets."fabricProxy".path}"; + }; + serverProperties = { + server-port = 30066; + difficulty = 3; + gamemode = "survival"; + max-player = 20; + motd = "Bro!!!!"; + accepts-flight = true; + accepts-transfers = true; + hardcore = false; + }; + }; - server-port = 25565; - difficulty = 3; - gamemode = "survival"; - max-player = 20; - modt = "Bro!!!!"; - accepts-flight = true; - accepts-transfers = true; - hardcore = false; - }; + landscape = + let + mcVersion = modpack-landscape.manifest.versions.minecraft; + fabricVersion = modpack-landscape.manifest.versions.fabric; + serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; + in + { + enable = true; + autoStart = true; + enableReload = true; + jvmOpts = "-Xms2144M -Xmx8240M"; + package = pkgs.fabricServers.${serverVersion}.override { loaderVersion = fabricVersion; }; + symlinks = collectFilesAt modpack-landscape "mods" // { + "mods/FabricProxy-Lite.jar" = fabricProxy; + }; + files = { + "config/FabricProxy-Lite.toml" = "${secrets."fabricProxy".path}"; + }; + serverProperties = { + server-port = 30067; + difficulty = 3; + gamemode = "survival"; + max-player = 20; + motd = "Landscape, daug!"; + accepts-flight = true; + accepts-transfers = true; + hardcore = false; + }; + }; }; } diff --git a/system/dev/dn-server/services/netbird.nix b/system/dev/dn-server/services/netbird.nix index c83978e..5323825 100755 --- a/system/dev/dn-server/services/netbird.nix +++ b/system/dev/dn-server/services/netbird.nix @@ -1,7 +1,7 @@ { config, lib, ... }: let inherit (lib) mkForce; - domain = "dnywe.com"; + inherit (config.networking) domain; # Virtual Domain vDomain = "vnet.dn"; @@ -19,9 +19,9 @@ in }; systemConf.security.allowedDomains = [ - "login.dnywe.com" - "pkgs.netbird.io" + config.services.keycloak.settings.hostname "${srv.domain}" + "pkgs.netbird.io" ]; imports = [ @@ -71,6 +71,8 @@ in ''; services.nginx.virtualHosts."${srv.domain}" = { + useACMEHost = domain; + addSSL = true; locations."/api" = { extraConfig = '' proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index bf61e1c..a27202e 100755 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -7,10 +7,10 @@ let inherit (lib) mkIf mkDefault mkAfter; inherit (config.sops) secrets; + inherit (config.networking) domain; spreedCfg = config.services.nextcloud-spreed-signaling; nextcloudCfg = config.services.nextcloud; - turnDomain = "coturn.dnywe.com"; - domain = "net.dn"; + turnDomain = "coturn.${domain}"; in { sops.secrets = { @@ -79,7 +79,7 @@ in mail_smtpname = "nextcloud"; mail_smtpmode = "smtp"; mail_smtpauthtype = "LOGIN"; - mail_domain = "net.dn"; + mail_domain = "${domain}"; mail_smtpport = 465; mail_smtpsecure = "ssl"; mail_from_address = "nextcloud"; @@ -123,8 +123,13 @@ in }; }; + services.nginx.virtualHosts.${nextcloudCfg.hostName} = { + useACMEHost = domain; + forceSSL = true; + }; + services.nginx.virtualHosts.${spreedCfg.hostName} = { - enableACME = true; + useACMEHost = domain; forceSSL = true; }; diff --git a/system/dev/dn-server/services/ntfy.nix b/system/dev/dn-server/services/ntfy.nix index 0129915..d7c0d73 100755 --- a/system/dev/dn-server/services/ntfy.nix +++ b/system/dev/dn-server/services/ntfy.nix @@ -1,22 +1,19 @@ -{ - fqdn ? null, -}: { config, ... }: let + inherit (config.networking) domain; port = 31004; - finalFqdn = if fqdn == null then config.networking.fqdn else fqdn; + hostname = "ntfy.${domain}"; in { systemConf.security.allowedDomains = [ "ntfy.sh" - "web.push.apple.com" ]; services.ntfy-sh = { enable = true; settings = { listen-http = ":${toString port}"; - base-url = "https://${finalFqdn}"; + base-url = "https://${hostname}"; upstream-base-url = "https://ntfy.sh"; behind-proxy = true; proxy-trusted-hosts = "127.0.0.1"; @@ -30,8 +27,8 @@ in }; services.nginx.virtualHosts = { - "${finalFqdn}" = { - enableACME = true; + "${hostname}" = { + useACMEHost = domain; forceSSL = true; locations."/" = { proxyWebsockets = true; diff --git a/system/dev/dn-server/services/paperless-ngx.nix b/system/dev/dn-server/services/paperless-ngx.nix index f47aae3..20f392a 100755 --- a/system/dev/dn-server/services/paperless-ngx.nix +++ b/system/dev/dn-server/services/paperless-ngx.nix @@ -1,9 +1,18 @@ -{ config, ... }: +{ config, lib, ... }: +let + inherit (config.networking) domain; + + hostname = "paperless.${domain}"; +in { imports = [ (import ../../../modules/paperless-ngx.nix { - domain = "paperless.net.dn"; + domain = hostname; passwordFile = config.sops.secrets."paperless/adminPassword".path; }) ]; + + services.nginx.virtualHosts."${hostname}" = { + useACMEHost = domain; + }; } diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index 5cf0bc6..e37855d 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -8,6 +8,8 @@ netbird: coturn: password: ENC[AES256_GCM,data:AMWBkWLcj1EFfufl8pALpVOG0PE=,iv:sngIedZE4X8clhGIsQyiGKbdsheRbEqeU57Emz2DWJM=,tag:daRLPNrO5fq84rtieYuYYw==,type:str] wt0-setupKey: ENC[AES256_GCM,data:2KKqmcdQhkbu4Qo8rVWLwT7NdpF7iWneDGazHQlM++LdGQNr,iv:Dfryc5Ak8ueuHCT+8SxliEJqUtn695/N3iE69a5AoCQ=,tag:wCKfCOcTFZWbZs99FhF2EQ==,type:str] +actual: + clientSecret: ENC[AES256_GCM,data:1p/1ns46hrBXC80YvdBUV5BUrXxUmF5+q2YK/ENA1iQ=,iv:2ivuxwlKNy2awFkSlA946rIythd2Q5fROO8tc3HgtR4=,tag:S2dUoazTvh2hwpkSaZ/O4Q==,type:str] nextcloud: adminPassword: ENC[AES256_GCM,data:ev4Ua8JX0l0KK50SGm6xCw==,iv:OosiF0g4l1mrgndbwUOvO2YUqxWVk1hvAZY0rHU9GPE=,tag:rIr+4x/p8u94e2Ip03iX0Q==,type:str] whiteboard: ENC[AES256_GCM,data:EFrakjKTOskWBrobg/F12bdm/sM/cU4u6bUDw8TVqzmV95fNqn6n4MR+gTyKj6CG0+YLbZDHAmfsApWVH/VhDNTw3s1hkSu93Yq85ov7QEk=,iv:fYTLDOMmW+qoZVgC7fSPo+xFaytJN1gIaEcRgle+7gY=,tag:ETmXxGPsUafV3pR9cMLMXA==,type:str] @@ -19,7 +21,7 @@ nextcloud: backendsecret: ENC[AES256_GCM,data:pV5yw755RkAwHBdmfeP37/SobFZqJouWyIiRJ+Y2mk0iiVdW04vhYVsyjcI=,iv:NhkewgnyE2Dw8mQMMSq6AWo6IOWu8BlyPZvZAszyZuQ=,tag:BlZO15qZWViV8pCWIgZHZQ==,type:str] step_ca: password: ENC[AES256_GCM,data:3NtUAl344gHiXLlMl88X17Vsm/4OKFM0W8bntzbXC0U=,iv:q9cWW8xTxYQnRYohBxnPIsbVSpvkZYVpYLRVeZgmsRM=,tag:ibumK7ebPKNO/CXAS0eeRA==,type:str] -vaultwarden: ENC[AES256_GCM,data:h8GFyXRMI51DZutX60up4vXTQLNY3q0pr+BWpZ5frJHwy6PVBTYts81K0aTIIU71epT4SVR3p3e8yUdU7jXS1Tw1ol0RnPL+bBNv7JyUede9mkrP4pnozmuCQqOdlHCaUvYyIoWFPrLiz/drXX7gJvWh6zYTTFn9mQ3wQE9J6rxoLzbMyS6raSn2O8Ke+YM0VRXYgVvsyEL3Aa0wV3qO5NDCZ67rZp4TG5U8tOrziw0gnKU3eBCuNyL/uU/7ySvfdxwv631vEi24+dxN+Kx6rlaJpJIywx9xxxoRhOz5TrHzptqRMWpg2GZL5qdVXiUxqYLgC3s7Ri0P2BwOslteO6Z6NXk0HSravbpz3sevEu+bRS7u2MLvL3keP48+EBsXNebnKY7nfqCoIPUQ86CIVGw5fNI+irnRR8kq6oV0MBDGXu6DgmzKV7crFp65zzVSqfFOntVYSqgtQnnM1CmkuGJD,iv:51zbASyFgprzYCMswiEM81p8C0kFhSc28VavCHqRsF0=,tag:LvcY2DbeA71/PXEnjph3dw==,type:str] +vaultwarden: ENC[AES256_GCM,data:unu2+istP/NHcns2HUvNYveGElAEDFI+6X/KXYu2hKvY9c57PhmGVEmwlNhMWjHOSLaIvF48iDKCMnFnk20Fop5S2PS8WdNQ5sAA3mhoBnYGKIVsSsjpAqdIKj5c+AozeFODuIrCPRFm1JbOlgcmniwWNwbKtXt8GrgHzBbFUNX00npOwK9NmZOTxPVCj6gs3purULbsTzxDYZKdtqoM0Rv8E+MM/SLTR3QJnTCi7CxWfqy2tSsNzFh4puyZ0xf03m/fMP2iJqwZKjr0G5DwMl8ng0XvnojUcAg3OO34T7VCR1E6unqOpt8Mxc4l5eDVZEp6euchLB1GHP1OaElLCGvlp16xFKQyu+XtuFKxDrgl+AjVXl/rdl8Sk7fa9x6VzYbbJIR5Nzrwb+x9sJIc0Q5u6MroVsfawUzNH3aWkBCxQ0jGqkWyAZyumOuLxODpYETUCxiaBW6unEYSABibY5Q=,iv:5T/N41eLnPThRs1nwFiqMqyd6+RMWkDz6N4yVuAojH0=,tag:1gyxAtpZw/uhPWOoioFqKw==,type:str] ldap: password: ENC[AES256_GCM,data:gz5WBopSffGyvJxKDPekPQ==,iv:bX7N9/oNMhtE/KbPah2ge4s87P2VsxHGoFkOyl83dxs=,tag:YoTe6NPAJgp/0nvhHC9Y5A==,type:str] env: ENC[AES256_GCM,data:68EvTHeBqtCVfde5oO+Wzny+l/YIMWQmbcNQ0Wl59EjMrSlJM0rmFm2lMJpxKzCN2cFs0N2z6zG1/eQ9t/SxxyVBrNA6ECnCZrerIo2YGlaT30tc1rffpd8TchMH1VKP5qHnbLUqORMx5z0LR4U49l2HVcHgSCjt/1f127oMi411vIU=,iv:+m1F0CBaoJGv6Z1u+h6rbsXGPUhxgHouTalj13ccJiY=,tag:I/hK65yPaIcgHEZVaXJHBA==,type:str] @@ -33,7 +35,8 @@ powerdns: ENC[AES256_GCM,data:d4qzUAjyHUxLynvP6vSxCzrihfb/X3KYHeRA/w+CButld7ulxL rspamd-trainer: ENC[AES256_GCM,data:EqWVADi7zr6AUZL5mlN1/xbpjuRIS3Zn,iv:M/xk7LywcRiKQM9LrnTnCKu3OS/YBf23CRkxh4ll1+c=,tag:4lH3hhMxWIzEUExJOt/41Q==,type:str] rspamd: ENC[AES256_GCM,data:qEXHXdcvk24pAHEl6MI=,iv:L5tmoTu5Qk5sxDj3EmWfc39AHwRTT4T4gB1O2EsTQkY=,tag:vIhAOnEpWxtP0eU4stkQww==,type:str] acme: - env: ENC[AES256_GCM,data:DQaHr13K3faeyQk/05sVmmZRNvEbjmMP8y3nES1vyFO+oNX9nyyWcy5YEAO5tjRTxi/yM1ISlhbXWct4iRwAkvnhtoFRK/jpAfDv+W3J1LotaRxiPWSXUs5lS7uS0DpveRwQVv6qEl3Cs8vitHAJfRCKJoYv5HTJyvOnoWqHbnk=,iv:co3V0vu2c26NKHuoNoRv7td8qu6m0NTlvkr3EJBQGvM=,tag:leTY/DGg85Pm8gsAHah29Q==,type:str] + pdns: ENC[AES256_GCM,data:pQbUDyKCRz36CAI1UhxLnsgDmQ1Hhfv6iqA8R3YBdWXHHXIHMXz2ujVz+/fPCEnbLuMevAzT2L5Pejm0q38FQitcbRNngueymOWX2Iq/T1GP+t/Yhfy/r24dubgX5sH6USl2du2MmIwxa5VwBpjoTi3+CjqalV2sp8+HYwXWNKQ=,iv:8sX4R5xgdlq8EyDEUcvoROs21h2pAH1C3TpDw4I2WLs=,tag:aQhuoldv4fRz2+NmHfCWNQ==,type:str] + cloudflare: ENC[AES256_GCM,data:JwIL00LMPQeIxesD5umO5iBkIFFBZek9iHw76BT4/km3UX+nUn+wcw==,iv:wJIW869+BY+w9ynL4jF40mSrXpClVW9HGnOwTaKIT/k=,tag:c/NK+RzwNfvB+jh6vliM0g==,type:str] postsrsd: secret: ENC[AES256_GCM,data:JZNwSymEjIFb8h3gnvFajxSaNYRxjA/NUruA4WX+uSqX0ufVcbVWgxQTr7U=,iv:ydGnCESCLbwyGKc+5witXDkT3OgW27LKen7PkqUL6mU=,tag:M3RGI6LgU5n2e6ZiXxTFfQ==,type:str] grafana: @@ -60,6 +63,8 @@ forgejo: secretKey: ENC[AES256_GCM,data:DShv0oGdrHi40OMGz6/8XsiNY7nFcdJswBXucP9t7JQtgj9wk8Wr2mn17rfzkjNXTRletI60OPGPz2c57xOnTA==,iv:9TVma4i167123hyVA4yMAGsc9074+Yd4qggL7PkhUKg=,tag:/ELp01jK7of78Kyn+aOcMA==,type:str] mailer: password: ENC[AES256_GCM,data:dcIotYpgtdFLcunAB3ttlczzQ68=,iv:vH3rckAfntFAEtH3dolF7NCAdj142cAzre56x7oBdDA=,tag:TaxRn8g/TVloM60D6Ud0Jg==,type:str] +velocity: ENC[AES256_GCM,data:PYGSXfivm7OyKhBMKPOVDs+efpcb0hhwCAxlT05pM+kg9t0lH4TEMuxBXFRs80LUiQx+CYXyw8UvBkkKwPEc,iv:PppenjXIQ+eirCor3PxT16r2S7wO8bww5v/RyjQh9MI=,tag:Dc3BzmyQcTwYsvWShQ/JqQ==,type:str] +fabricProxy: ENC[AES256_GCM,data:srGYmqHgfkxAKKSjy9uGX1mQpE3N0rXb06MYiycbYESj/sZu/vjsPspvUdzTHHb9zkF5SWLWkmP6llIpimkss/dm7A1pGlagin3+,iv:yoWQdWeP9UjoRO5rJ9FQGbBu3iypIdXGrSDqBfFhw6w=,tag:+d/Tp/m3vENZAXJyHOMJEA==,type:str] sops: age: - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 @@ -89,7 +94,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-09T04:59:21Z" - mac: ENC[AES256_GCM,data:NIHLAoNatyAhKHwCNdRGMR8+rUv00y/ssoGSQlq9/QayYt/GATfelgNwcqksSWf/db5v+Jz92bbk3RT9SKeoMWRxjm+8xzARbjhHGrzxAeLoerGPjQpEpkYYWbFC2ihSODrE+ar3HskAkQmVxmiGKEtYSg3+X2hiEy6ydZkP5Ps=,iv:mAyO820PpeG6NWQlmQf+l9MLIL4OTGJXCBSqYbmozZk=,tag:+Bex5hyAGBXiFoqxqVtaqg==,type:str] + lastmodified: "2026-01-19T10:14:12Z" + mac: ENC[AES256_GCM,data:d9OAnjstk72GOnKqyDw2qbNfZho0mdqAMSQ4xH903b1COmgIn4MsqWiCzDJ5k6RxLE4wfCAPvn8JA+cXiox6/xctqfyqLoWN4fp2Q40IHjbA3mQGalwywRgmga74PVe3gJPZ7H8PJncN0TdU29A/lGcUtjCkAqjBuFS4e7wbQfA=,iv:e6aG+plaSDtaiqglY5S1svE/XZfs7n9dhSNCiB5pdTs=,tag:BsGItrtDVFF2kXgwE1zaFA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/dn-server/sops/sops-conf.nix b/system/dev/dn-server/sops/sops-conf.nix index 97535c1..83fa29b 100755 --- a/system/dev/dn-server/sops/sops-conf.nix +++ b/system/dev/dn-server/sops/sops-conf.nix @@ -17,31 +17,11 @@ in mode = "0660"; group = config.users.groups.docker.name; }; - "powerdns-admin/secret" = { - mode = "0660"; - owner = "powerdnsadmin"; - group = "powerdnsadmin"; - }; - "powerdns-admin/salt" = { - mode = "0660"; - owner = "powerdnsadmin"; - group = "powerdnsadmin"; - }; - powerdns = { - mode = "0660"; - owner = "pdns"; - group = "pdns"; - }; rspamd-trainer = { }; rspamd = mkIf config.services.rspamd.enable { owner = config.services.rspamd.user; }; - "acme/env" = mkIf config.security.acme.acceptTerms { - mode = "0660"; - owner = "acme"; - group = "acme"; - }; "postsrsd/secret" = mkIf config.services.postsrsd.enable { mode = "0660"; owner = config.services.postsrsd.user; diff --git a/system/dev/public/dn/common.nix b/system/dev/public/dn/common.nix index 7b51aa2..17d9f0d 100755 --- a/system/dev/public/dn/common.nix +++ b/system/dev/public/dn/common.nix @@ -5,7 +5,7 @@ in { systemConf = { face = ../../../../home/config/.face; - domain = "net.dn"; + domain = "dnywe.com"; }; home-manager.users."${username}" = diff --git a/system/dev/public/dn/ntfy.nix b/system/dev/public/dn/ntfy.nix index 223b508..7729c82 100755 --- a/system/dev/public/dn/ntfy.nix +++ b/system/dev/public/dn/ntfy.nix @@ -1,10 +1,12 @@ { + self, config, pkgs, lib, ... }: let + serverCfg = self.nixosConfigurations.dn-server.config; inherit (config.systemConf) username; ntfyWrapper = import ../../../../home/scripts/ntfy.nix { inherit config pkgs lib; }; in @@ -30,7 +32,7 @@ in { enable = true; settings = { - default-host = "https://ntfy.net.dn"; + default-host = serverCfg.services.ntfy-sh.settings.base-url; subscribe = [ { topic = "public-notifications"; diff --git a/system/dev/skydrive-lap/home/default.nix b/system/dev/skydrive-lap/home/default.nix index b30997c..3d6d8fe 100755 --- a/system/dev/skydrive-lap/home/default.nix +++ b/system/dev/skydrive-lap/home/default.nix @@ -1,16 +1,18 @@ { + self, config, lib, pkgs, ... }: let - inherit (config.networking) hostName; + serverCfg = self.nixosConfigurations.dn-server.config; inherit (config.systemConf) username; inherit (lib) optionalString; + inherit (serverCfg.services.nextcloud) hostName; memeSelector = pkgs.callPackage ../../../../home/scripts/memeSelector.nix { - url = "https://nextcloud.net.dn/public.php/dav/files/pygHoPB5LxDZbeY/"; + url = "https://${hostName}/public.php/dav/files/pygHoPB5LxDZbeY/"; }; in { diff --git a/system/modules/actual/default.nix b/system/modules/actual/default.nix index 9b00369..1154945 100755 --- a/system/modules/actual/default.nix +++ b/system/modules/actual/default.nix @@ -8,21 +8,28 @@ ... }: let - inherit (builtins) toString; inherit (lib) mkIf; finalFqdn = if fqdn != null then fqdn else config.networking.fqdn; in { + users.users.actual = { + isSystemUser = true; + group = "actual"; + }; + + users.groups.actual = { }; + services = { actual = { enable = true; + user = config.users.users.actual.name; + group = config.users.users.actual.group; settings = { port = 31000; hostname = "127.0.0.1"; serverFiles = "/var/lib/actual/server-files"; userFiles = "/var/lib/actual/user-files"; - loginMethod = "openid"; }; }; @@ -35,11 +42,21 @@ in }; services.nginx.virtualHosts."${finalFqdn}" = mkIf proxy { - enableACME = true; forceSSL = true; locations."/api/".proxyPass = "http://127.0.0.1:${toString config.services.actual-budget-api.listenPort}/"; - locations."/".proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}"; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString config.services.actual.settings.port}"; + extraConfig = '' + proxy_hide_header Cross-Origin-Embedder-Policy; + proxy_hide_header Cross-Origin-Opener-Policy; + add_header Cross-Origin-Embedder-Policy "require-corp" always; + add_header Cross-Origin-Opener-Policy "same-origin" always; + add_header Origin-Agent-Cluster "?1" always; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + ''; + }; }; } diff --git a/system/modules/grafana.nix b/system/modules/grafana.nix index b1a247d..287b5c8 100755 --- a/system/modules/grafana.nix +++ b/system/modules/grafana.nix @@ -58,7 +58,6 @@ in // extraConf; services.nginx.virtualHosts."${domain}" = { - enableACME = true; forceSSL = true; locations."/" = { diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix index d0ea33f..1da492f 100755 --- a/system/modules/nextcloud.nix +++ b/system/modules/nextcloud.nix @@ -3,7 +3,7 @@ adminpassFile, datadir ? null, https ? true, - configureACME ? true, + configureNginx ? true, trusted-domains ? [ ], trusted-proxies ? [ ], whiteboardSecrets ? [ ], @@ -16,13 +16,6 @@ }: let inherit (lib) mkIf optionalString; - - nextcloudPkg = pkgs.nextcloud32.overrideAttrs (oldAttr: rec { - caBundle = config.security.pki.caBundle; - postPatch = '' - cp ${caBundle} resources/config/ca-bundle.crt - ''; - }); in { imports = [ @@ -86,13 +79,12 @@ in services.nextcloud = { enable = true; - package = nextcloudPkg; configureRedis = true; hostName = hostname; https = https; datadir = lib.mkIf (datadir != null) datadir; phpExtraExtensions = - all: with all; [ + allEx: with allEx; [ imagick ]; @@ -153,9 +145,7 @@ in secrets = whiteboardSecrets; }; - services.nginx.virtualHosts.${hostname} = mkIf configureACME { - enableACME = true; - forceSSL = true; + services.nginx.virtualHosts.${hostname} = mkIf configureNginx { locations."/whiteboard/" = { proxyWebsockets = true; proxyPass = "http://127.0.0.1:${config.services.nextcloud-whiteboard-server.settings.PORT}/"; diff --git a/system/modules/niri.nix b/system/modules/niri.nix index bda7c54..f243c28 100755 --- a/system/modules/niri.nix +++ b/system/modules/niri.nix @@ -73,7 +73,7 @@ in extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; }; - services.nfsm.enable = false; + services.nfsm.enable = true; programs.niri.package = osConfig.programs.niri.package; programs.niri.settings = { @@ -154,6 +154,7 @@ in matches = [ { app-id = "^xdg-desktop-portal-gtk$"; } { app-id = "^(org.gnome.Nautilus)$"; } + { app-id = "^(org.gnome.Loupe)$"; } ]; open-floating = true; } @@ -177,9 +178,9 @@ in in { # ==== Launch ==== # - "Mod+Return".action = sh ''${prefix} ${terminal}''; - "Mod+F".action = sh ''${browser}''; - "Mod+E".action = sh ''${prefix} ${terminal} -e yazi''; + "Mod+Return".action = sh "${prefix} ${terminal}"; + "Mod+F".action = sh "${browser}"; + "Mod+E".action = sh "${prefix} ${terminal} -e yazi"; "Mod+Ctrl+P".action = spawn "${rbwSelector}"; "Mod+Ctrl+M".action = spawn "${toggleWlogout}"; @@ -198,9 +199,9 @@ in "XF86AudioStop".action = spawn "playerctl" "stop"; "XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_SINK@" "toggle"; "XF86AudioRaiseVolume".action = - sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+''; + sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+"; "XF86AudioLowerVolume".action = - sh ''wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-''; + sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-"; "XF86MonBrightnessDown".action = spawn "brightnessctl set ${brightnessStep}%-"; "XF86MonBrightnessUp".action = spawn "brightnessctl set ${brightnessStep}%+"; diff --git a/system/modules/nixsettings.nix b/system/modules/nixsettings.nix index 2849e21..e4a924c 100755 --- a/system/modules/nixsettings.nix +++ b/system/modules/nixsettings.nix @@ -1,4 +1,7 @@ -{ inputs, ... }: +{ config, inputs, ... }: +let + inherit (config.systemConf) username; +in { documentation.nixos.enable = false; nix = { @@ -14,6 +17,7 @@ warn-dirty = false; trusted-users = [ "@wheel" + username ]; experimental-features = [ "nix-command" diff --git a/system/modules/paperless-ngx.nix b/system/modules/paperless-ngx.nix index 45ab185..1a12429 100755 --- a/system/modules/paperless-ngx.nix +++ b/system/modules/paperless-ngx.nix @@ -29,7 +29,6 @@ in }; services.nginx.virtualHosts."${domain}" = mkIf configureNginx { - enableACME = true; forceSSL = true; locations."/".proxyPass = "http://127.0.0.1:${toString config.services.paperless.port}"; }; diff --git a/system/modules/prometheus.nix b/system/modules/prometheus.nix index de09bc6..40bb793 100755 --- a/system/modules/prometheus.nix +++ b/system/modules/prometheus.nix @@ -7,12 +7,10 @@ { config, lib, - pkgs, ... }: let inherit (lib) mkIf optionalAttrs; - inherit (builtins) toString; in { services.prometheus.exporters.node = mkIf selfMonitor { @@ -43,7 +41,6 @@ in }; services.nginx.virtualHosts."${fqdn}" = mkIf configureNginx { - enableACME = true; forceSSL = true; locations."/" = { diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix index 158f04c..1481c86 100755 --- a/system/modules/shells/noctalia/bar.nix +++ b/system/modules/shells/noctalia/bar.nix @@ -1,6 +1,10 @@ +{ lib }: +let + inherit (lib) mkForce; +in { - backgroundOpacity = 0.25; - capsuleOpacity = 0; + backgroundOpacity = mkForce 0.25; + capsuleOpacity = mkForce 0; density = "comfortable"; exclusive = true; floating = true; diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index c5079a5..91c24dd 100755 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -2,7 +2,8 @@ let inherit (config.systemConf) username; - inherit (lib) mkForce mapAttrs; + inherit (builtins) mapAttrs; + inherit (lib) mkForce; in { @@ -57,7 +58,7 @@ in volumeOverdrive = false; volumeStep = 5; }; - bar = import ./bar.nix; + bar = import ./bar.nix { inherit lib; }; brightness = { brightnessStep = 5; enableDdcSupport = false; @@ -98,7 +99,7 @@ in }; controlCenter = import ./controlCenter.nix; dock = { - backgroundOpacity = 1; + backgroundOpacity = 1.0; colorizeIcons = false; displayMode = "auto_hide"; enabled = false; @@ -162,7 +163,7 @@ in manualSunset = "18:30"; }; notifications = { - backgroundOpacity = 1; + backgroundOpacity = 1.0; criticalUrgencyDuration = 15; enableKeyboardLayoutToast = true; enabled = true; @@ -176,7 +177,7 @@ in }; osd = { autoHideMs = 1500; - backgroundOpacity = 1; + backgroundOpacity = 1.0; enabled = true; enabledTypes = [ 0 @@ -207,7 +208,7 @@ in fontDefaultScale = 1; fontFixed = config.stylix.fonts.monospace.name; fontFixedScale = 1; - panelBackgroundOpacity = 0.25; + panelBackgroundOpacity = mkForce 0.25; panelsAttachedToBar = true; settingsPanelAttachToBar = true; tooltipsEnabled = true; diff --git a/system/modules/systemd-resolv.nix b/system/modules/systemd-resolv.nix index 28018c6..eda633a 100755 --- a/system/modules/systemd-resolv.nix +++ b/system/modules/systemd-resolv.nix @@ -7,11 +7,9 @@ services.resolved = { enable = true; - llmnr = "false"; - fallbackDns = [ - "1.1.1.1#one.one.one.one" - "1.0.0.1#one.one.one.one" - ]; - domains = [ "~." ]; + settings.Resolve = { + LLMNR = false; + Domains = [ "~." ]; + }; }; } diff --git a/system/modules/vaultwarden.nix b/system/modules/vaultwarden.nix index ee251a5..f2e274d 100755 --- a/system/modules/vaultwarden.nix +++ b/system/modules/vaultwarden.nix @@ -26,8 +26,8 @@ in environmentFile = secrets.vaultwarden.path; config = { DOMAIN = "https://${domain}"; - SIGNUPS_ALLOWED = true; - SIGNUPS_VERIFY = true; + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = false; ROCKET_PORT = 8222; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; @@ -42,7 +42,6 @@ in }; services.nginx.virtualHosts.${domain} = { - enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString cfg.config.ROCKET_PORT}/"; From b4b7997ac5af1d9b77462209d4baf1ad41e68b94 Mon Sep 17 00:00:00 2001 From: danny Date: Sat, 24 Jan 2026 15:10:26 +0800 Subject: [PATCH 08/10] chore: update flake --- flake.lock | 130 +++++++++--------- pkgs/overlays/default.nix | 1 + pkgs/overlays/proton-dw-bin.nix | 41 ++++++ system/dev/dn-pre7780/default.nix | 1 + system/dev/dn-pre7780/home/default.nix | 20 ++- system/dev/dn-server/network/services.nix | 66 +++------ system/dev/dn-server/services/mail-server.nix | 1 + system/dev/dn-server/services/metrics.nix | 5 +- system/dev/dn-server/sops/secret.yaml | 6 +- system/modules/card-reader.nix | 7 + system/modules/gaming.nix | 25 +--- 11 files changed, 163 insertions(+), 140 deletions(-) create mode 100644 pkgs/overlays/proton-dw-bin.nix create mode 100644 system/modules/card-reader.nix diff --git a/flake.lock b/flake.lock index f0cf77e..6477864 100755 --- a/flake.lock +++ b/flake.lock @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1768700084, - "narHash": "sha256-G/RtxgpF4OHRWy82/MHmEClOq9sBn8tki6K6vCuPZvU=", + "lastModified": 1769073714, + "narHash": "sha256-vppHLOKWw3ygroSlQ2oZ/evNIeXrBDl7cOPOyXZAh90=", "owner": "caelestia-dots", "repo": "shell", - "rev": "408c523d257f5e22fd95229dd36e76f4b90439a2", + "rev": "617f7a19f335be9e975dd001e262794636a6716f", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1768727946, - "narHash": "sha256-le2GY+ZR6uRHMuOAc60sBR3gBD2BEk1qOZ3S5C/XFpU=", + "lastModified": 1768923567, + "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", "owner": "nix-community", "repo": "disko", - "rev": "558e84658d0eafc812497542ad6ca0d9654b3b0f", + "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", "type": "github" }, "original": { @@ -679,11 +679,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1768776776, - "narHash": "sha256-OeoF0vBLezZ0WQDxjpI5OHQskKzeCpOITYJ6XoUDwWg=", + "lastModified": 1769140056, + "narHash": "sha256-EaC2VOH6BzzzeOFXor9BbesOGgJsCCHw5Nx+BG0IZY4=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "250877eff69ee1f00168a1f5ce9ab5490e29b0dc", + "rev": "4acd33954aaeafd414f483ae9c44ba1ae7effe98", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1767281941, - "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -824,11 +824,11 @@ ] }, "locked": { - "lastModified": 1768770171, - "narHash": "sha256-JPmLGZgdWa8QcQbbtBqyZhpmxIHZ3lUO48laERjw+4k=", + "lastModified": 1769132734, + "narHash": "sha256-gmU9cRplrQWqoback9PgQX7Dlsdx8JlhlVZwf0q1F7E=", "owner": "nix-community", "repo": "home-manager", - "rev": "521d5ea1a229ba315dd1cceaf869946ddcc83d36", + "rev": "d055b309a6277343cb1033a11d7500f0a0f669fc", "type": "github" }, "original": { @@ -912,11 +912,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1768746153, - "narHash": "sha256-H3BxpO76d/SX/qiCzl3bUi352xIkgdqqSb0sJfuv25w=", + "lastModified": 1769114016, + "narHash": "sha256-eYY8QyE+RY7sa69DZmdbfN2DFfyx3Jk9k/gALAKXi38=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "eb0480ba0d0870ab5d8a876f01c6ab033a4b35f4", + "rev": "64db62d7e2685d62cbab51a1a7cb7f2cf38a1b32", "type": "github" }, "original": { @@ -1290,11 +1290,11 @@ }, "mnw": { "locked": { - "lastModified": 1767030222, + "lastModified": 1768701608, "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", "owner": "Gerg-L", "repo": "mnw", - "rev": "75bb637454b0fbbb5ed652375a4bf7ffd28bcf6f", + "rev": "20d63a8a1ae400557c770052a46a9840e768926b", "type": "github" }, "original": { @@ -1332,11 +1332,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1768781101, - "narHash": "sha256-p3guh/Vx4Pf+Ggk3X69SPTJot6emv6rgKpoBLNO61Ag=", + "lastModified": 1769126721, + "narHash": "sha256-vMWf9C4LK2fshCKgUYGR0fn4/3qg2/sWyFILv4YYTB8=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "e90cb6d441572fc05ffb8769051d59f1d2d3269e", + "rev": "7c77dcce004c0845da25e0fe9a6c8b11bd46e614", "type": "github" }, "original": { @@ -1348,11 +1348,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1768778690, - "narHash": "sha256-XrWZBeH0GnvnQzE9Xmm69sesSGB2h5uVLuTmLA7k1p0=", + "lastModified": 1769125444, + "narHash": "sha256-KOVSBncEUsn5ZqbkaDo5GhXWCoKqdZGij/KnLH5CoVI=", "owner": "neovim", "repo": "neovim", - "rev": "30259d6af79e731491e6b12d815893b1b130b52b", + "rev": "c39d18ee939cba5f905416fcc97661b1836f4de4", "type": "github" }, "original": { @@ -1373,11 +1373,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1768767453, - "narHash": "sha256-Omq1UHEJ1oxkTo2j8l6qQtmyPR7Uj+k7HC5Khd3jVVA=", + "lastModified": 1769095293, + "narHash": "sha256-GPlRdJ7LVLyabpJ2tDA9Bj5em9wi3mKXeedIDl7+LWs=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "8eab7c21ef4edc97cc56ddb8e76a842e0818d6d7", + "rev": "180bdbbc91c89f540a52d2b31c8c08116c53b91f", "type": "github" }, "original": { @@ -1492,11 +1492,11 @@ ] }, "locked": { - "lastModified": 1768357481, - "narHash": "sha256-LpOWVXsHx20x8eRIhn23Q0icmV3Z6ZeFpAPzEqldXFk=", + "lastModified": 1768962252, + "narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "f888492aa1a1eeb0114cf78af40d44e8300e002e", + "rev": "433cf697394104123e1fd02fa689534ac1733bfa", "type": "github" }, "original": { @@ -1613,11 +1613,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768621446, - "narHash": "sha256-6YwHV1cjv6arXdF/PQc365h1j+Qje3Pydk501Rm4Q+4=", + "lastModified": 1768940263, + "narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "72ac591e737060deab2b86d6952babd1f896d7c5", + "rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03", "type": "github" }, "original": { @@ -1674,11 +1674,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1706,11 +1706,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1768661221, - "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1738,11 +1738,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1763806073, - "narHash": "sha256-FHsEKDvfWpzdADWj99z7vBk4D716Ujdyveo5+A048aI=", + "lastModified": 1768875095, + "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "878e468e02bfabeda08c79250f7ad583037f2227", + "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", "type": "github" }, "original": { @@ -1759,11 +1759,11 @@ ] }, "locked": { - "lastModified": 1768785620, - "narHash": "sha256-ZhhZNA3romjb3ukC3cKnEhzv2GQDIMIComwtXpCqVCY=", + "lastModified": 1769145612, + "narHash": "sha256-uHtKorr5FamlD/WXSs7gJYYcsO9EGlVJhY/V4n4HmW4=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "cf2e02c6e9bf9f38d3e3787c6afe7d83f169ed5c", + "rev": "e4729d9b92346f86eeaccc6063506684575ea9ea", "type": "github" }, "original": { @@ -1809,11 +1809,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1768464392, - "narHash": "sha256-H3DRARqclUFdUaWgu1xQEb86/wrh41ZG0fIQJVjcZdE=", + "lastModified": 1769111313, + "narHash": "sha256-2IU9TOe7BBG145mftfQW2aYxXxQd2YHfv8V1qTMFkmY=", "owner": "notashelf", "repo": "nvf", - "rev": "007f14a2c8d67568f4655654b401871920d73011", + "rev": "bebdddb5719ec2c3f86b0168a785d1a2aee1d857", "type": "github" }, "original": { @@ -1974,11 +1974,11 @@ ] }, "locked": { - "lastModified": 1768791178, - "narHash": "sha256-ZVqH14w7y40DEQOghli1c28NopVNFk1MNNRzEIwMa6M=", + "lastModified": 1769136478, + "narHash": "sha256-8UNd5lmGf8phCr/aKxagJ4kNsF0pCHLish2G4ZKCFFY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "3941028eccc4d981f75c933786e1fd95b71024f1", + "rev": "470ee44393bb19887056b557ea2c03fc5230bd5a", "type": "github" }, "original": { @@ -1995,11 +1995,11 @@ ] }, "locked": { - "lastModified": 1763952169, - "narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=", + "lastModified": 1769091129, + "narHash": "sha256-Jj/vIHjiu4OdDIrDXZ3xOPCJrMZZKzhE2UIVXV/NYzY=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ab726555a9a72e6dc80649809147823a813fa95b", + "rev": "131e22d6a6d54ab72aeef6a5a661ab7005b4c596", "type": "github" }, "original": { @@ -2013,11 +2013,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1768709255, - "narHash": "sha256-aigyBfxI20FRtqajVMYXHtj5gHXENY2gLAXEhfJ8/WM=", + "lastModified": 1768863606, + "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=", "owner": "Mic92", "repo": "sops-nix", - "rev": "5e8fae80726b66e9fec023d21cd3b3e638597aa9", + "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2", "type": "github" }, "original": { @@ -2423,11 +2423,11 @@ "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1768756095, - "narHash": "sha256-5YO/8LTVhUFJ4jJMuJtgE3oGGD0D7aR0fcfHEKvQmTo=", + "lastModified": 1769095881, + "narHash": "sha256-BZktPXn+8vyFyHapvW+9nepFsWRW/XBtdBcnLKrCNCw=", "owner": "sxyazi", "repo": "yazi", - "rev": "ca4cc594136e313b47f8da0f3699b7ea9699a959", + "rev": "4e0acf8cbfcd66924af38a9418d3e12dc31a7316", "type": "github" }, "original": { @@ -2446,11 +2446,11 @@ ] }, "locked": { - "lastModified": 1768788372, - "narHash": "sha256-TTEB3amVrXNX5AmIj7Bb8Dp2W8BOD73GbW8p5uH8kQI=", + "lastModified": 1769059766, + "narHash": "sha256-u95Qe60mF3eoEqrd0tIej4A8TDWoc/N4ZjZ60npplgw=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "756b3eff6a629b70ea971b8a1819f22bc3789730", + "rev": "dc0483a6e3ff1ffb04ad77d26c1a4458f4cf82d6", "type": "github" }, "original": { diff --git a/pkgs/overlays/default.nix b/pkgs/overlays/default.nix index 21e4f28..f05a430 100755 --- a/pkgs/overlays/default.nix +++ b/pkgs/overlays/default.nix @@ -1,5 +1,6 @@ [ (import ./vesktop.nix) + (import ./proton-dw-bin.nix) # (import ./powerdns-admin.nix) # (import ./stalwart-mail) ] diff --git a/pkgs/overlays/proton-dw-bin.nix b/pkgs/overlays/proton-dw-bin.nix new file mode 100644 index 0000000..3b550d0 --- /dev/null +++ b/pkgs/overlays/proton-dw-bin.nix @@ -0,0 +1,41 @@ +final: prev: { + proton-dw-bin = + let + steamDisplayName = "Proton DW"; + in + final.pkgs.stdenv.mkDerivation (finalAttrs: rec { + pname = "dwproton"; + version = "10.0-14"; + + src = final.pkgs.fetchzip { + url = "https://dawn.wine/dawn-winery/dwproton/releases/download/${pname}-${finalAttrs.version}/${pname}-${finalAttrs.version}-x86_64.tar.xz"; + hash = "sha256-5fDo7YUPhp0OwjdAXHfovSuFCgSPwHW0cSZk9E+FY98="; + }; + + dontUnpack = true; + dontConfigure = true; + dontBuild = true; + + outputs = [ + "out" + "steamcompattool" + ]; + + installPhase = '' + runHook preInstall + echo "${finalAttrs.pname} should not be installed into environments. Please use programs.steam.extraCompatPackages instead." > $out + + mkdir $steamcompattool + ln -s $src/* $steamcompattool + rm $steamcompattool/compatibilitytool.vdf + cp $src/compatibilitytool.vdf $steamcompattool + + runHook postInstall + ''; + + preFixup = '' + substituteInPlace "$steamcompattool/compatibilitytool.vdf" \ + --replace-fail "${finalAttrs.pname}-${finalAttrs.version}-x86_64" "${steamDisplayName}" + ''; + }); +} diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 880918e..bc46ec3 100755 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -55,6 +55,7 @@ in ../../modules/shells/noctalia ../../modules/sunshine.nix ../../modules/secure-boot.nix + ../../modules/card-reader.nix ]; # Live Sync D diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix index cdc87da..e72b04a 100755 --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -6,7 +6,7 @@ }: let inherit (helper) getMonitors; - inherit (builtins) elemAt; + inherit (builtins) elemAt length; inherit (config.networking) hostName; inherit (config.systemConf) username; inherit (lib) optionalString mkForce; @@ -24,7 +24,11 @@ in let monitors = getMonitors hostName config; mainMonitor = (elemAt monitors 0).criteria; - secondMonitor = (elemAt monitors 1).criteria; + secondMonitor = + let + index = if (length monitors) > 1 then 1 else 0; + in + (elemAt monitors index).criteria; mainMonitorSwayFormat = "desc:ASUSTek COMPUTER INC - ASUS VG32VQ1B"; in { @@ -58,6 +62,18 @@ in } ]; } + { + profile.name = "AcerOnly"; + profile.outputs = [ + { + criteria = "Acer Technologies XV272U V3 1322131231233"; + mode = "2560x1440@179.876999Hz"; + position = "0,0"; + transform = "normal"; + scale = 1.0; + } + ]; + } ]; programs.ghostty.settings = { diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index 4ebcb40..ac644b2 100755 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -7,11 +7,10 @@ let inherit (builtins) concatStringsSep; inherit (config.systemConf) security domain; - inherit (lib) mkForce optionalString; + inherit (lib) mkForce; inherit (helper.nftables) mkElementsStatement; netbirdCfg = config.services.netbird; - netbirdRange = "100.64.0.0/16"; ethInterface = "enp0s31f6"; sshPorts = [ 30072 ]; @@ -36,7 +35,6 @@ let allowedSSHIPs = concatStringsSep ", " [ "122.117.215.55" "192.168.100.1/24" - netbirdRange personal.range ]; @@ -221,50 +219,41 @@ in } chain input { - type filter hook input priority 0; policy drop; + type filter hook input priority -10; policy drop; iif lo accept - - meta nftrace set 1 meta l4proto { icmp, ipv6-icmp } accept - ct state vmap { invalid : drop, established : accept, related : accept } - # Allow Incoming DNS qeury - udp dport 53 accept - tcp dport 53 accept - tcp dport { ${sshPortsString} } jump ssh-filter - # Allow Netbird UDP - udp dport { ${toString netbirdCfg.clients.wt0.port} } accept - iifname ${netbirdCfg.clients.wt0.interface} accept - iifname { ${ethInterface}, ${personal.interface} } udp dport { ${toString personal.port} } accept - iifname ${infra.interface} ip saddr ${infra.range} accept - iifname ${personal.interface} ip saddr ${personal.range} jump wg-subnet - - drop + iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept } chain output { - type filter hook output priority 0; policy drop; + type filter hook output priority -10; policy drop; iif lo accept + ct state vmap { invalid : drop, established : accept, related : accept } + + # Time Sync + meta skuid ${toString config.users.users.systemd-timesync.uid} accept + + # VPN + oifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } accept # Allow DNS qeury udp dport 53 accept tcp dport 53 accept - # Allow UDP hole punching - ${optionalString ( - netbirdCfg.clients ? wt0 - ) "udp sport ${toString netbirdCfg.clients.wt0.port} accept"} + # UDP Hole Punching + meta mark 0x1bd00 accept - meta skuid ${toString config.users.users.systemd-timesync.uid} accept + # DHCP + udp sport 68 udp dport 67 accept - ct state vmap { invalid : drop, established : accept, related : accept } + # Allowed IPs ip saddr != @restrict_source_ips accept - ip daddr @${security.rules.setName} accept ip6 daddr @${security.rules.setNameV6} accept @@ -272,27 +261,10 @@ in } chain ssh-filter { - ip saddr { ${allowedSSHIPs} } accept - counter reject - } + iifname { ${personal.interface}, ${infra.interface}, ${netbirdCfg.clients.wt0.interface} } tcp dport { ${sshPortsString} } accept + ip saddr { ${allowedSSHIPs} } tcp dport { ${sshPortsString} } accept - chain forward { - type filter hook forward priority 0; policy drop; - - meta l4proto { icmp, ipv6-icmp } accept - - ct state vmap { invalid : drop, established : accept, related : accept } - - iifname ${personal.interface} ip saddr ${personal.ip} jump wg-subnet - iifname ${infra.interface} ip saddr ${infra.ip} accept - - counter - } - - chain wg-subnet { - ip saddr ${personal.full} accept - ip saddr ${personal.restrict} ip daddr ${personal.range} accept - counter drop + counter log prefix "SSH-DROP: " flags all drop } chain postrouting { diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index 2d83e7b..b40b4b5 100755 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -18,6 +18,7 @@ in "api.docker.com" "cdn.segment.com" "api.segment.io" + "sa-update.surbl.org" ]; mail-server = diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index c708af1..d418eba 100755 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -10,6 +10,7 @@ let inherit (lib) optionalAttrs optional; inherit (config.networking) hostName domain; + oidcEndpoint = "https://${config.services.keycloak.settings.hostname}/realms/master"; grafanaHostname = "grafana.${domain}"; prometheusHostname = "metrics.${domain}"; @@ -118,13 +119,13 @@ in extraSettings = { "auth.generic_oauth" = let - OIDCBaseUrl = "https://keycloak.net.dn/realms/master/protocol/openid-connect"; + OIDCBaseUrl = "${oidcEndpoint}/protocol/openid-connect"; in { enabled = true; allow_sign_up = true; client_id = "grafana"; - client_secret = ''$__file{${config.sops.secrets."grafana/client_secret".path}}''; + client_secret = "$__file{${config.sops.secrets."grafana/client_secret".path}}"; scopes = "openid email profile offline_access roles"; email_attribute_path = "email"; login_attribute_path = "username"; diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index e37855d..62082f0 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -41,7 +41,7 @@ postsrsd: secret: ENC[AES256_GCM,data:JZNwSymEjIFb8h3gnvFajxSaNYRxjA/NUruA4WX+uSqX0ufVcbVWgxQTr7U=,iv:ydGnCESCLbwyGKc+5witXDkT3OgW27LKen7PkqUL6mU=,tag:M3RGI6LgU5n2e6ZiXxTFfQ==,type:str] grafana: password: ENC[AES256_GCM,data:tySP1+vHkd+meSunzjE=,iv:09F8yEGw4j1Jd0HXDQyHbFxsr3Vg23mvWF5eZkU2KU8=,tag:6fmS38VUgNBNbo2BzxBuGA==,type:str] - client_secret: ENC[AES256_GCM,data:abk55RRC57xGiEpaBby0Drk4XS1+7INVie8wrpEg0XE=,iv:qywQIHIpgaS2pUcW1Uau//JU6UdMY52EVYCjhmnWJt4=,tag:fI01k/1nIqEXuPi90A00jQ==,type:str] + client_secret: ENC[AES256_GCM,data:bi1GSA2MSBQRTojgvmOvufjax/hathnXrPbnEF27SQc=,iv:IpzcIDWlgn5jfpA+ZRjji65AonarNjSzYRcfEzLxws8=,tag:ViEN0+67xFcpJ4Gl3blf8Q==,type:str] prometheus: powerdns: password: ENC[AES256_GCM,data:eliVy2619cZ/w/QOnayBt04ilCkXAXzck/RYr/c9oJEgirnqH1kATWJix3VzYng0/9yhGloOUHCm+jF3xOP6Uw==,iv:UI7UuJYJizYCO0ReC4SEPgmdPJNUnNuxgvkrhB1o/EQ=,tag:hEpJ64NcyaWl/e7KalOfGg==,type:str] @@ -94,7 +94,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-19T10:14:12Z" - mac: ENC[AES256_GCM,data:d9OAnjstk72GOnKqyDw2qbNfZho0mdqAMSQ4xH903b1COmgIn4MsqWiCzDJ5k6RxLE4wfCAPvn8JA+cXiox6/xctqfyqLoWN4fp2Q40IHjbA3mQGalwywRgmga74PVe3gJPZ7H8PJncN0TdU29A/lGcUtjCkAqjBuFS4e7wbQfA=,iv:e6aG+plaSDtaiqglY5S1svE/XZfs7n9dhSNCiB5pdTs=,tag:BsGItrtDVFF2kXgwE1zaFA==,type:str] + lastmodified: "2026-01-20T06:31:45Z" + mac: ENC[AES256_GCM,data:ad8EP8zk6mxlmMZaEijW0NWF72y2EikJPct7qxiCp6/sWGKKrGv8mRnC1zahgpRqpGR0jZKQ8Ot204EdGrJF9WI03+ZB9GgKi9ipQvXlGOCJq6m/Mp6WygI2hFAzRKCeoPqAPjVQxQ3Ctt/WEYXzvEp7CIKUq7WD6gTEFk6FDg0=,iv:20rJb79QnUW0DFbXTr0XXjiXjm7bK0CVs4oVan5SAKw=,tag:+mnMTBYQ1fhwe/abwGYNOA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/modules/card-reader.nix b/system/modules/card-reader.nix new file mode 100644 index 0000000..599a9d3 --- /dev/null +++ b/system/modules/card-reader.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: +{ + services.pcscd = { + enable = true; + plugins = with pkgs; [ ccid ]; + }; +} diff --git a/system/modules/gaming.nix b/system/modules/gaming.nix index 17ab960..59ddb89 100755 --- a/system/modules/gaming.nix +++ b/system/modules/gaming.nix @@ -27,27 +27,10 @@ in protontricks.enable = true; gamescopeSession.enable = true; extest.enable = true; - extraCompatPackages = - with pkgs; - let - proton-ge-10-25 = - (proton-ge-bin.overrideAttrs ( - _: finalAttrs: { - pname = "proton-ge-bin"; - version = "GE-Proton10-25"; - - src = fetchzip { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/${finalAttrs.version}/${finalAttrs.version}.tar.gz"; - hash = "sha256-RKko4QMxtnuC1SAHTSEQGBzVyl3ywnirFSYJ1WKSY0k="; - }; - } - )).override - { steamDisplayName = "GE-Proton10-25"; }; - in - [ - proton-ge-bin - proton-ge-10-25 - ]; + extraCompatPackages = with pkgs; [ + proton-ge-bin + proton-dw-bin + ]; remotePlay.openFirewall = true; dedicatedServer.openFirewall = true; localNetworkGameTransfers.openFirewall = true; From 601dfb92174f0b10015743b5a8d4b351680e76d4 Mon Sep 17 00:00:00 2001 From: danny Date: Wed, 4 Feb 2026 18:21:40 +0800 Subject: [PATCH 09/10] feat: add window manager options --- flake.lock | 351 +++++++----- flake.nix | 6 + home/options/default.nix | 1 + home/options/wm.nix | 455 +++++++++++++++ home/presets/basic.nix | 1 + home/user/hyprland.nix | 193 ++++--- home/user/wm.nix | 93 +++ home/user/zen-browser.nix | 6 +- options/systemconf.nix | 28 +- pkgs/overlays/default.nix | 2 +- pkgs/overlays/proton-dw-bin.nix | 4 +- .../{stalwart-mail => stalwart}/default.nix | 2 +- .../enable_root_ca.patch | 0 system/dev/dn-pre7780/default.nix | 3 +- system/dev/dn-pre7780/services/default.nix | 1 - system/dev/dn-pre7780/services/mail.nix | 205 ------- system/dev/dn-pre7780/sops/sops-conf.nix | 4 +- .../dn-pre7780/utility/davinci-resolve.nix | 2 +- system/dev/dn-pre7780/utility/default.nix | 4 +- system/dev/dn-server/services/default.nix | 2 +- system/dev/dn-server/services/dns.nix | 2 +- system/dev/dn-server/services/homepage.nix | 194 +++++++ system/dev/dn-server/sops/secret.yaml | 5 +- system/dev/public/dn/common.nix | 13 + system/dev/skydrive-lap/default.nix | 3 +- system/modules/hyprland.nix | 63 +- system/modules/mango.nix | 297 ++++++++++ system/modules/niri.nix | 540 ++++++++---------- system/modules/presets/basic.nix | 1 + system/modules/shells/noctalia/default.nix | 340 ++++++++++- system/modules/stalwart.nix | 6 +- 31 files changed, 2006 insertions(+), 821 deletions(-) create mode 100644 home/options/wm.nix create mode 100644 home/user/wm.nix rename pkgs/overlays/{stalwart-mail => stalwart}/default.nix (53%) rename pkgs/overlays/{stalwart-mail => stalwart}/enable_root_ca.patch (100%) delete mode 100755 system/dev/dn-pre7780/services/mail.nix create mode 100644 system/dev/dn-server/services/homepage.nix create mode 100644 system/modules/mango.nix diff --git a/flake.lock b/flake.lock index 6477864..14b0e6f 100755 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1767024902, - "narHash": "sha256-sMdk6QkMDhIOnvULXKUM8WW8iyi551SWw2i6KQHbrrU=", + "lastModified": 1769428758, + "narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "b8a0c5ba5a9fbd2c660be7dd98bdde0ff3798556", + "rev": "def5e74c97370f15949a67c62e61f1459fcb0e15", "type": "github" }, "original": { @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1768655473, - "narHash": "sha256-iWnILPS2mP9ubbjRAhNv6Fqg1J/upxmD9OQTZQR4O2w=", + "lastModified": 1769740633, + "narHash": "sha256-W4gMgX8RsDeJioRPQHhUgXD/TxqAQxdZjkhjHRX70Pk=", "owner": "caelestia-dots", "repo": "cli", - "rev": "7de6c6063119a7cef27c6bd4c88f2c5ac4cbc064", + "rev": "90fc2a981e587d38edc5a899011eca7979ecf124", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1769073714, - "narHash": "sha256-vppHLOKWw3ygroSlQ2oZ/evNIeXrBDl7cOPOyXZAh90=", + "lastModified": 1770122420, + "narHash": "sha256-SWFov0EDEZIjFMMNKiwOpTIsbiKO4jE7LSO7L2Bv3zE=", "owner": "caelestia-dots", "repo": "shell", - "rev": "617f7a19f335be9e975dd001e262794636a6716f", + "rev": "4c72e3e06bd58a31e16cc1588d94543069fbd00a", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1768923567, - "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", + "lastModified": 1769524058, + "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "owner": "nix-community", "repo": "disko", - "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", + "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "type": "github" }, "original": { @@ -430,17 +430,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "neovim-nightly-overlay", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1749398372, + "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569", "type": "github" }, "original": { @@ -451,7 +448,28 @@ }, "flake-parts_3": { "inputs": { - "nixpkgs-lib": "nixpkgs-lib" + "nixpkgs-lib": [ + "neovim-nightly-overlay", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_4": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { "lastModified": 1733312601, @@ -467,7 +485,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nvf", @@ -488,7 +506,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_6": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -600,24 +618,6 @@ } }, "flake-utils_5": { - "inputs": { - "systems": "systems_6" - }, - "locked": { - "lastModified": 1731533236, - "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_6": { "inputs": { "systems": "systems_7" }, @@ -635,7 +635,7 @@ "type": "github" } }, - "flake-utils_7": { + "flake-utils_6": { "inputs": { "systems": "systems_11" }, @@ -679,11 +679,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1769140056, - "narHash": "sha256-EaC2VOH6BzzzeOFXor9BbesOGgJsCCHw5Nx+BG0IZY4=", + "lastModified": 1770091344, + "narHash": "sha256-tKS5jzMfcWJjzq1Rm2QVUohzHEG/1VOM57aH6RQ5ALk=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "4acd33954aaeafd414f483ae9c44ba1ae7effe98", + "rev": "51897c0cd51fee61fff824d616fb2901ac41e817", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1769939035, + "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "a8ca480175326551d6c4121498316261cbb5b260", "type": "github" }, "original": { @@ -824,11 +824,11 @@ ] }, "locked": { - "lastModified": 1769132734, - "narHash": "sha256-gmU9cRplrQWqoback9PgQX7Dlsdx8JlhlVZwf0q1F7E=", + "lastModified": 1770164260, + "narHash": "sha256-mQgOAYWlVJyuyXjZN6yxqXWyODvQI5P/UZUCU7IOuYo=", "owner": "nix-community", "repo": "home-manager", - "rev": "d055b309a6277343cb1033a11d7500f0a0f669fc", + "rev": "4fda26500b4539e0a1e3afba9f0e1616bdad4f85", "type": "github" }, "original": { @@ -882,11 +882,11 @@ ] }, "locked": { - "lastModified": 1766946335, - "narHash": "sha256-MRD+Jr2bY11MzNDfenENhiK6pvN+nHygxdHoHbZ1HtE=", + "lastModified": 1769284023, + "narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "4af02a3925b454deb1c36603843da528b67ded6c", + "rev": "13c536659d46893596412d180449353a900a1d31", "type": "github" }, "original": { @@ -912,11 +912,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1769114016, - "narHash": "sha256-eYY8QyE+RY7sa69DZmdbfN2DFfyx3Jk9k/gALAKXi38=", + "lastModified": 1770164868, + "narHash": "sha256-sPyea7oYf5h420tdvkrwn0Z1uxfZdqhpuGrEVcdC7q8=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "64db62d7e2685d62cbab51a1a7cb7f2cf38a1b32", + "rev": "1bc857b12c434b7255119de009a50237856a90b2", "type": "github" }, "original": { @@ -988,11 +988,11 @@ ] }, "locked": { - "lastModified": 1767723101, - "narHash": "sha256-jObY8O7OI+91hoE137APsDxm0235/Yx+HhFIip187zM=", + "lastModified": 1769285097, + "narHash": "sha256-eVD4U3Oqzz0VU9ylJ5wo76xDcYKv2CpiiRXq4Is4QdA=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "fef398ed5e4faf59bc43b915e46a75cfe8b16697", + "rev": "06c0749a0dac978d89b1a76ae6adc76a3c15dbfa", "type": "github" }, "original": { @@ -1042,11 +1042,11 @@ ] }, "locked": { - "lastModified": 1764612430, - "narHash": "sha256-54ltTSbI6W+qYGMchAgCR6QnC1kOdKXN6X6pJhOWxFg=", + "lastModified": 1767983607, + "narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "0d00dc118981531aa731150b6ea551ef037acddd", + "rev": "d4037379e6057246b408bbcf796cf3e9838af5b2", "type": "github" }, "original": { @@ -1173,11 +1173,11 @@ ] }, "locked": { - "lastModified": 1767473322, - "narHash": "sha256-RGOeG+wQHeJ6BKcsSB8r0ZU77g9mDvoQzoTKj2dFHwA=", + "lastModified": 1769202094, + "narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=", "owner": "hyprwm", "repo": "hyprwire", - "rev": "d5e7d6b49fe780353c1cf9a1cf39fa8970bd9d11", + "rev": "a45ca05050d22629b3c7969a926d37870d7dd75c", "type": "github" }, "original": { @@ -1251,6 +1251,28 @@ "type": "github" } }, + "mango": { + "inputs": { + "flake-parts": "flake-parts_2", + "nixpkgs": [ + "nixpkgs" + ], + "scenefx": "scenefx" + }, + "locked": { + "lastModified": 1770169526, + "narHash": "sha256-GYe2+1AT3lGAXPjcd0BDZ+AclFK+Z6NiGJ2F4rM2rLc=", + "owner": "DreamMaoMao", + "repo": "mango", + "rev": "8ba259fbb7737e4cef29ca20c731ed0a93e4017d", + "type": "github" + }, + "original": { + "owner": "DreamMaoMao", + "repo": "mango", + "type": "github" + } + }, "marks-nvim": { "flake": false, "locked": { @@ -1275,11 +1297,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1768682386, - "narHash": "sha256-mKrMf7eG9TM2AM3pTuhIiCGmZ/JwDegCQH3ThVqcTuc=", + "lastModified": 1770074118, + "narHash": "sha256-3JFYOqJGLgn5QsEnBwOm6K+vFX3uckiiyVt3b9VT5h0=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "f469c1dfede623bbbf1ac605f6359316fd4002ef", + "rev": "4f7e75d2be8a4c99778275ad3b3e4421029dcde0", "type": "github" }, "original": { @@ -1290,11 +1312,11 @@ }, "mnw": { "locked": { - "lastModified": 1768701608, - "narHash": "sha256-kSvWF3Xt2HW9hmV5V7i8PqeWJIBUKmuKoHhOgj3Znzs=", + "lastModified": 1769981889, + "narHash": "sha256-ndI7AxL/6auelkLHngdUGVImBiHkG8w2N2fOTKZKn4k=", "owner": "Gerg-L", "repo": "mnw", - "rev": "20d63a8a1ae400557c770052a46a9840e768926b", + "rev": "332fed8f43b77149c582f1782683d6aeee1f07cf", "type": "github" }, "original": { @@ -1327,16 +1349,16 @@ }, "neovim-nightly-overlay": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "neovim-src": "neovim-src", "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1769126721, - "narHash": "sha256-vMWf9C4LK2fshCKgUYGR0fn4/3qg2/sWyFILv4YYTB8=", + "lastModified": 1770163968, + "narHash": "sha256-Ggh7hAS0tAOcPF66rrho9WAFZQZE0+SZYs+dnLgidpw=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "7c77dcce004c0845da25e0fe9a6c8b11bd46e614", + "rev": "4ae5c0c99f5e7fe02f0df0220a7d09b1945df646", "type": "github" }, "original": { @@ -1348,11 +1370,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1769125444, - "narHash": "sha256-KOVSBncEUsn5ZqbkaDo5GhXWCoKqdZGij/KnLH5CoVI=", + "lastModified": 1770163048, + "narHash": "sha256-MEaHWrzF6PqjyQH8+m84dhVr8R4lDYc3V+XW194O4no=", "owner": "neovim", "repo": "neovim", - "rev": "c39d18ee939cba5f905416fcc97661b1836f4de4", + "rev": "ddd1bf757fab3615301053acab5cc85508340844", "type": "github" }, "original": { @@ -1373,11 +1395,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1769095293, - "narHash": "sha256-GPlRdJ7LVLyabpJ2tDA9Bj5em9wi3mKXeedIDl7+LWs=", + "lastModified": 1770169657, + "narHash": "sha256-wiWbmO2xUoqh5DuSBYVLGOICo9AOcYq9mNPsvCtL7SM=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "180bdbbc91c89f540a52d2b31c8c08116c53b91f", + "rev": "4c962a3fd37ef268337ed113cbffabfd1fe3ca5c", "type": "github" }, "original": { @@ -1429,11 +1451,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1768678265, - "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "lastModified": 1770092965, + "narHash": "sha256-++K1ftjwPqMJzIO8t2GsdkYQzC2LLA5A1w21Uo+SLz4=", "owner": "YaLTeR", "repo": "niri", - "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "rev": "189917c93329c86ac2ddd89f459c26a028d590ba", "type": "github" }, "original": { @@ -1486,17 +1508,17 @@ "nix-minecraft": { "inputs": { "flake-compat": "flake-compat_7", - "flake-utils": "flake-utils_5", "nixpkgs": [ "nixpkgs" - ] + ], + "systems": "systems_6" }, "locked": { - "lastModified": 1768962252, - "narHash": "sha256-HyWOOHcySV8rl36gs4+n0sxPinxpwWOgwXibfFPYeZ0=", + "lastModified": 1770172907, + "narHash": "sha256-rqYl9B+4shcM5b6OYjT+qdsdQNJ7SY64/xcPIb96NzU=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "433cf697394104123e1fd02fa689534ac1733bfa", + "rev": "8958a5a4259e1aebf4916823bf463faaf2538566", "type": "github" }, "original": { @@ -1507,15 +1529,15 @@ }, "nix-search-tv": { "inputs": { - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1767922902, - "narHash": "sha256-ygA9AF4PrM+4G+Le70UI12OQPIjLmELg3Xpkmc7nMz0=", + "lastModified": 1770174568, + "narHash": "sha256-CuNnGNo2ON3LsBc4CAcE0znKKKRosGjdCetDsycmJRI=", "owner": "3timeslazy", "repo": "nix-search-tv", - "rev": "b21e232cb81320ee6225fea857ebcf33ebd19079", + "rev": "e1f74da24e3aded600d69d44ed39bbcf9ab83cd3", "type": "github" }, "original": { @@ -1546,7 +1568,7 @@ }, "nixd": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "flake-root": "flake-root", "nixpkgs": [ "nixpkgs" @@ -1554,11 +1576,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1768402933, - "narHash": "sha256-iNjr5pE5SvawTT3byEIU65FzWTMMjVfRhPXa2m818jM=", + "lastModified": 1769607914, + "narHash": "sha256-3eYf0yyS8yyXuzrIfbqDwpXZ+3z3TwHGFgbl1+/35DU=", "owner": "nix-community", "repo": "nixd", - "rev": "13a89b59d0711390f0c765e693509f8282a1ff7e", + "rev": "12e3e96245e81fbcaf1f0bad5079403b57c00e67", "type": "github" }, "original": { @@ -1584,6 +1606,21 @@ } }, "nixpkgs-lib": { + "locked": { + "lastModified": 1748740939, + "narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "656a64127e9d791a334452c6b6606d17539476e2", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixpkgs-lib_2": { "locked": { "lastModified": 1733096140, "narHash": "sha256-1qRH7uAUsyQI7R1Uwl4T+XvdNv778H0Nb5njNrqvylY=", @@ -1613,11 +1650,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1768940263, - "narHash": "sha256-sJERJIYTKPFXkoz/gBaBtRKke82h4DkX3BBSsKbfbvI=", + "lastModified": 1770136044, + "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3ceaaa8bc963ced4d830e06ea2d0863b6490ff03", + "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e", "type": "github" }, "original": { @@ -1658,11 +1695,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1767379071, - "narHash": "sha256-EgE0pxsrW9jp9YFMkHL9JMXxcqi/OoumPJYwf+Okucw=", + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fb7944c166a3b630f177938e478f0378e64ce108", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", "type": "github" }, "original": { @@ -1674,11 +1711,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768875095, - "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", + "lastModified": 1770141374, + "narHash": "sha256-yD4K/vRHPwXbJf5CK3JkptBA6nFWUKNX/jlFp2eKEQc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", + "rev": "41965737c1797c1d83cfb0b644ed0840a6220bd1", "type": "github" }, "original": { @@ -1706,11 +1743,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1768875095, - "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", + "lastModified": 1770141374, + "narHash": "sha256-yD4K/vRHPwXbJf5CK3JkptBA6nFWUKNX/jlFp2eKEQc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", + "rev": "41965737c1797c1d83cfb0b644ed0840a6220bd1", "type": "github" }, "original": { @@ -1722,11 +1759,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1768569498, - "narHash": "sha256-bB6Nt99Cj8Nu5nIUq0GLmpiErIT5KFshMQJGMZwgqUo=", + "lastModified": 1769740369, + "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "be5afa0fcb31f0a96bf9ecba05a516c66fcd8114", + "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", "type": "github" }, "original": { @@ -1759,11 +1796,11 @@ ] }, "locked": { - "lastModified": 1769145612, - "narHash": "sha256-uHtKorr5FamlD/WXSs7gJYYcsO9EGlVJhY/V4n4HmW4=", + "lastModified": 1770175191, + "narHash": "sha256-ge90SW/drqKfAFgnIedXJ0tn+5adDWL3ddDyGlnjH5E=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "e4729d9b92346f86eeaccc6063506684575ea9ea", + "rev": "787aab1f0a6bf282fbba92816e06bdf62226a179", "type": "github" }, "original": { @@ -1800,7 +1837,7 @@ "nvf": { "inputs": { "flake-compat": "flake-compat_8", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "mnw": "mnw", "ndg": "ndg", "nixpkgs": [ @@ -1809,11 +1846,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1769111313, - "narHash": "sha256-2IU9TOe7BBG145mftfQW2aYxXxQd2YHfv8V1qTMFkmY=", + "lastModified": 1770130359, + "narHash": "sha256-IfoT9oaeIE6XjXprMORG2qZFzGGZ0v6wJcOlQRdlpvY=", "owner": "notashelf", "repo": "nvf", - "rev": "bebdddb5719ec2c3f86b0168a785d1a2aee1d857", + "rev": "92854bd0eaaa06914afba345741c372439b8e335", "type": "github" }, "original": { @@ -1855,11 +1892,11 @@ ] }, "locked": { - "lastModified": 1767281941, - "narHash": "sha256-6MkqajPICgugsuZ92OMoQcgSHnD6sJHwk8AxvMcIgTE=", + "lastModified": 1769069492, + "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "f0927703b7b1c8d97511c4116eb9b4ec6645a0fa", + "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", "type": "github" }, "original": { @@ -1876,11 +1913,11 @@ ] }, "locked": { - "lastModified": 1768689040, - "narHash": "sha256-Tlnr5BulJcMers/cb+YvmBQW4nKHjdKo9loInJkyO2k=", + "lastModified": 1769593411, + "narHash": "sha256-WW00FaBiUmQyxvSbefvgxIjwf/WmRrEGBbwMHvW/7uQ=", "ref": "refs/heads/master", - "rev": "7a427ce1979ce7447e885c4f30129b40f3d466f5", - "revCount": 729, + "rev": "1e4d804e7f3fa7465811030e8da2bf10d544426a", + "revCount": 732, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -1904,6 +1941,7 @@ "lanzaboote": "lanzaboote", "mail-ntfy-server": "mail-ntfy-server", "mail-server": "mail-server", + "mango": "mango", "marks-nvim": "marks-nvim", "microvm": "microvm", "neovim-nightly-overlay": "neovim-nightly-overlay", @@ -1974,11 +2012,11 @@ ] }, "locked": { - "lastModified": 1769136478, - "narHash": "sha256-8UNd5lmGf8phCr/aKxagJ4kNsF0pCHLish2G4ZKCFFY=", + "lastModified": 1770174315, + "narHash": "sha256-GUaMxDmJB1UULsIYpHtfblskVC6zymAaQ/Zqfo+13jc=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "470ee44393bb19887056b557ea2c03fc5230bd5a", + "rev": "095c394bb91342882f27f6c73f64064fb9de9f2a", "type": "github" }, "original": { @@ -2008,16 +2046,37 @@ "type": "github" } }, + "scenefx": { + "inputs": { + "nixpkgs": [ + "mango", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1750785057, + "narHash": "sha256-tGX6j4W91rcb+glXJo43sjPI9zQvPotonknG1BdihR4=", + "owner": "wlrfx", + "repo": "scenefx", + "rev": "3a6cfb12e4ba97b43326357d14f7b3e40897adfc", + "type": "github" + }, + "original": { + "owner": "wlrfx", + "repo": "scenefx", + "type": "github" + } + }, "sops-nix": { "inputs": { "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1768863606, - "narHash": "sha256-1IHAeS8WtBiEo5XiyJBHOXMzECD6aaIOJmpQKzRRl64=", + "lastModified": 1770145881, + "narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c7067be8db2c09ab1884de67ef6c4f693973f4a2", + "rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c", "type": "github" }, "original": { @@ -2049,7 +2108,7 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_6", "gnome-shell": "gnome-shell", "nixpkgs": [ "nixpkgs" @@ -2063,11 +2122,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1768744881, - "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", + "lastModified": 1769978605, + "narHash": "sha256-Vjniae6HHJCb9xZLeUOP15aRQXSZuKeeaZFM+gRDCgo=", "owner": "nix-community", "repo": "stylix", - "rev": "06684f00cfbee14da96fd4307b966884de272d3a", + "rev": "ce22070ec5ce6169a6841da31baea33ce930ed38", "type": "github" }, "original": { @@ -2403,11 +2462,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1768765571, - "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "lastModified": 1770167989, + "narHash": "sha256-rE2WTxKHe3KMG/Zr5YUNeKHkZfWwSFl7yJXrOKnunHg=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "rev": "0947c4685f6237d4f8045482ce0c62feab40b6c4", "type": "github" }, "original": { @@ -2418,16 +2477,16 @@ }, "yazi": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_6", "nixpkgs": "nixpkgs_9", "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1769095881, - "narHash": "sha256-BZktPXn+8vyFyHapvW+9nepFsWRW/XBtdBcnLKrCNCw=", + "lastModified": 1769971982, + "narHash": "sha256-dc8lG9CxtrIk+tOsQx8TJKULQBG27Hoio4O4M/6CxFM=", "owner": "sxyazi", "repo": "yazi", - "rev": "4e0acf8cbfcd66924af38a9418d3e12dc31a7316", + "rev": "6757fed5aa82bfdcd5ecd52e8f374dc286220cc0", "type": "github" }, "original": { @@ -2446,11 +2505,11 @@ ] }, "locked": { - "lastModified": 1769059766, - "narHash": "sha256-u95Qe60mF3eoEqrd0tIej4A8TDWoc/N4ZjZ60npplgw=", + "lastModified": 1770097899, + "narHash": "sha256-FKRpvwWR96VDW4bdsxIrZgIAXvdXqsCTaV1HghCJBoQ=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "dc0483a6e3ff1ffb04ad77d26c1a4458f4cf82d6", + "rev": "615a27db86f3fddd0f096b5e9ea832795a4608d1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7b3d88e..2b7dd0c 100755 --- a/flake.nix +++ b/flake.nix @@ -146,6 +146,11 @@ url = "github:noctalia-dev/noctalia-shell"; inputs.nixpkgs.follows = "nixpkgs"; }; + + mango = { + url = "github:DreamMaoMao/mango"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = @@ -231,6 +236,7 @@ inputs.attic.nixosModules.atticd inputs.mail-server.nixosModules.default inputs.niri.nixosModules.niri + inputs.mango.nixosModules.mango inputs.lanzaboote.nixosModules.lanzaboote ./options diff --git a/home/options/default.nix b/home/options/default.nix index 5c8bad0..1019229 100755 --- a/home/options/default.nix +++ b/home/options/default.nix @@ -4,5 +4,6 @@ ./hyprlock.nix ./sunsetr.nix ./noctalia.nix + ./wm.nix ]; } diff --git a/home/options/wm.nix b/home/options/wm.nix new file mode 100644 index 0000000..b54d9c5 --- /dev/null +++ b/home/options/wm.nix @@ -0,0 +1,455 @@ +{ + lib, + config, + pkgs, + ... +}: +let + inherit (lib) + mkOption + types + concatStringsSep + getExe + dropEnd + last + mkEnableOption + mapAttrs' + nameValuePair + splitString + ; + + inherit (builtins) length; + + cfg = config.wm; + bindCfg = cfg.keybinds; + + sep = bindCfg.separator; + mod = bindCfg.mod; + + main-color = "#EBDBB2"; + secondary-color = "#24273A"; + + mkHyprBind = + keys: + let + len = length keys; + prefix = if len > 1 then [ ] else [ "None" ]; + finalKeys = prefix ++ keys; + in + (concatStringsSep "+" (dropEnd 1 finalKeys)) + ",${last finalKeys}"; + + mkBindOption = + keys: + let + hypr-key = mkHyprBind keys; + in + mkOption { + type = types.str; + default = if bindCfg.hypr-type then hypr-key else (concatStringsSep sep keys); + }; + + mkGradientColorOption = + { + from ? main-color, + to ? secondary-color, + angle ? 45, + }: + { + from = mkOption { + type = types.str; + default = from; + }; + to = mkOption { + type = types.str; + default = to; + }; + angle = mkOption { + type = types.int; + default = angle; + }; + }; + +in +{ + options.wm = { + exec-once = mkOption { + type = with types; nullOr lines; + default = null; + apply = v: if v != null then pkgs.writeShellScript "exec-once" v else null; + }; + app = { + browser = { + package = mkOption { + type = with types; nullOr package; + default = null; + }; + name = mkOption { + type = with types; nullOr package; + default = null; + }; + }; + terminal = { + package = mkOption { + type = with types; nullOr package; + default = null; + }; + name = mkOption { + type = with types; nullOr str; + default = null; + }; + run = mkOption { + type = with types; nullOr str; + default = "${getExe cfg.terminal.package} -e "; + }; + }; + file-browser = { + package = mkOption { + type = with types; nullOr package; + default = null; + }; + name = mkOption { + type = with types; nullOr str; + default = null; + }; + }; + }; + window = { + opacity = mkOption { + type = types.float; + default = 0.85; + }; + }; + input = { + keyboard = { + repeat-delay = mkOption { + type = types.int; + default = 250; + }; + repeat-rate = mkOption { + type = types.int; + default = 35; + }; + }; + }; + border = { + active = mkGradientColorOption { }; + inactive = mkGradientColorOption { + from = secondary-color; + to = secondary-color; + }; + radius = mkOption { + type = types.int; + default = 12; + }; + }; + keybinds = { + mod = mkOption { + type = types.str; + default = "Mod"; + }; + separator = mkOption { + type = types.str; + default = "+"; + }; + hypr-type = mkEnableOption "hyprland-like bind syntax" // { + default = false; + }; + + spawn = mkOption { + type = types.attrs; + default = { + "${mod}${sep}ENTER" = "${getExe cfg.app.terminal.package}"; + "${mod}${sep}F" = "${getExe cfg.app.browser.package}"; + }; + apply = + binds: + let + hypr-binds = mapAttrs' (n: v: nameValuePair (mkHyprBind (splitString sep n)) v) binds; + in + if bindCfg.hypr-type then hypr-binds else binds; + }; + + spawn-repeat = mkOption { + type = types.attrs; + default = { }; + apply = + binds: + let + hypr-binds = mapAttrs' (n: v: nameValuePair (mkHyprBind (splitString sep n)) v) binds; + in + if bindCfg.hypr-type then hypr-binds else binds; + }; + + # ==== Movement ==== # + switch-window-focus = mkBindOption [ + mod + "TAB" + ]; + move-window-focus = { + left = mkBindOption [ + mod + "H" + ]; + right = mkBindOption [ + mod + "L" + ]; + up = mkBindOption [ + mod + "K" + ]; + down = mkBindOption [ + mod + "J" + ]; + }; + move-monitor-focus = { + left = mkBindOption [ + mod + "CTRL" + "H" + ]; + right = mkBindOption [ + mod + "CTRL" + "L" + ]; + }; + move-workspace-focus = { + # Workspace Focus + next = mkBindOption [ + mod + "CTRL" + "J" + ]; + prev = mkBindOption [ + mod + "CTRL" + "k" + ]; + }; + move-window = { + left = mkBindOption [ + mod + "SHIFT" + "H" + ]; + right = mkBindOption [ + mod + "SHIFT" + "L" + ]; + up = mkBindOption [ + mod + "SHIFT" + "K" + ]; + down = mkBindOption [ + mod + "SHIFT" + "J" + ]; + }; + + consume-window = { + left = mkBindOption [ + mod + "CTRL" + "SHIFT" + "H" + ]; + right = mkBindOption [ + mod + "CTRL" + "SHIFT" + "L" + ]; + }; + + switch-layout = mkBindOption [ + mod + "CTRL" + "ALT" + "SPACE" + ]; + + # ==== Actions ==== # + center-window = mkBindOption [ + mod + "C" + ]; + toggle-overview = mkBindOption [ + mod + "O" + ]; + close-window = mkBindOption [ + mod + "Q" + ]; + toggle-fullscreen = mkBindOption [ + "F11" + ]; + + # ==== Scrolling ==== # + move-workspace = { + down = mkBindOption [ + mod + "CTRL" + "SHIFT" + "J" + ]; + up = mkBindOption [ + mod + "CTRL" + "SHIFT" + "K" + ]; + }; + + switch-preset-column-width = mkBindOption [ + mod + "W" + ]; + switch-preset-window-height = mkBindOption [ + mod + "S" + ]; + expand-column-to-available-width = mkBindOption [ + mod + "P" + ]; + maximize-column = mkBindOption [ + mod + "M" + ]; + reset-window-height = mkBindOption [ + mod + "CTRL" + "S" + ]; + + # ==== Float ==== # + toggle-float = mkBindOption [ + mod + "V" + ]; + switch-focus-between-floating-and-tiling = mkBindOption [ + mod + "CTRL" + "V" + ]; + + minimize = mkBindOption [ + mod + "I" + ]; + + restore-minimize = mkBindOption [ + mod + "SHIFT" + "I" + ]; + + toggle-scratchpad = mkBindOption [ + mod + "Z" + ]; + + # ==== Screenshot ==== # + screenshot = { + area = mkBindOption [ + mod + "SHIFT" + "S" + ]; + window = mkBindOption [ + "CTRL" + "SHIFT" + "S" + ]; + screen = mkBindOption [ + mod + "CTRL" + "SHIFT" + "S" + ]; + }; + + toggle-control-center = mkBindOption [ + mod + "SLASH" + ]; + + toggle-launcher = mkBindOption [ + "ALT" + "SPACE" + ]; + + lock-screen = mkBindOption [ + mod + "CTRL" + "M" + ]; + + clipboard-history = mkBindOption [ + mod + "COMMA" + ]; + + emoji = mkBindOption [ + mod + "PERIOD" + ]; + + screen-recorder = mkBindOption [ + mod + "F12" + ]; + + notification-center = mkBindOption [ + mod + "N" + ]; + + toggle-dont-disturb = mkBindOption [ + mod + "CTRL" + "N" + ]; + + wallpaper-selector = mkBindOption [ + mod + "CTRL" + "W" + ]; + + wallpaper-random = mkBindOption [ + mod + "CTRL" + "SLASH" + ]; + + calculator = mkBindOption [ + mod + "CTRL" + "C" + ]; + + media = { + prev = mkBindOption [ + mod + "CTRL" + "COMMA" + ]; + + next = mkBindOption [ + mod + "CTRL" + "PERIOD" + ]; + }; + + focus-workspace-prefix = mkBindOption [ mod ]; + }; + }; +} diff --git a/home/presets/basic.nix b/home/presets/basic.nix index 41ca8ed..a2af5ff 100755 --- a/home/presets/basic.nix +++ b/home/presets/basic.nix @@ -20,5 +20,6 @@ ../user/ghostty.nix ../user/podman.nix ../user/image-viewer.nix + ../user/wm.nix ]; } diff --git a/home/user/hyprland.nix b/home/user/hyprland.nix index d15b46b..9f2989f 100755 --- a/home/user/hyprland.nix +++ b/home/user/hyprland.nix @@ -1,118 +1,123 @@ { + osConfig, + config, + lib, pkgs, inputs, ... }: let + inherit (lib) mkIf; inherit (pkgs.stdenv.hostPlatform) system; - terminal = "ghostty"; - - execOnceScript = pkgs.writeShellScript "hyprlandExecOnce" '' - # Fix nemo open in terminal - dconf write /org/cinnamon/desktop/applications/terminal/exec "''\'${terminal}''\'" & - dconf write /org/cinnamon/desktop/applications/terminal/exec-arg "''\'''\'" & - - systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP QT_QPA_PLATFORMTHEME & - dbus-update-activation-environment --systemd HYPRLAND_INSTANCE_SIGNATURE - - # Hint dark theme - gsettings set org.gnome.desktop.interface color-scheme "prefer-dark" - ''; - - mainMod = "SUPER"; + wmCfg = config.wm; + bindCfg = wmCfg.keybinds; + mainMod = bindCfg.mod; in { - home.packages = with pkgs; [ - hyprcursor - ]; - - imports = [ - (import ./hypr/bind.nix { inherit mainMod; }) - ./hypr/workspace.nix - ./hypr/window.nix - ./hypr/windowrule.nix - ./hypr/input.nix - ]; - - wayland.windowManager.hyprland = { - enable = true; - xwayland.enable = true; - systemd = { - enable = true; - variables = [ "--all" ]; - }; - package = null; - portalPackage = null; - - plugins = ( - with inputs.hyprland-plugins.packages.${system}; - [ - hyprwinwrap - ] - ); - - settings = { - "$mainMod" = mainMod; - - debug = { - disable_logs = true; + config = mkIf osConfig.programs.hyprland.enable { + wm = { + exec-once = /* bash */ '' + dbus-update-activation-environment --systemd HYPRLAND_INSTANCE_SIGNATURE + ''; + keybinds = { + mod = "SUPER"; + separator = ","; + hypr-type = true; }; + }; - ecosystem.no_update_news = true; + home.packages = with pkgs; [ + hyprcursor + ]; - bindm = [ - # Move/resize windows with mainMod + LMB/RMB and dragging - ''${mainMod}, mouse:272, movewindow'' - ''${mainMod}, mouse:273, resizewindow'' - ]; + imports = [ + (import ./hypr/bind.nix { inherit mainMod; }) + ./hypr/workspace.nix + ./hypr/window.nix + ./hypr/windowrule.nix + ./hypr/input.nix + ]; - binde = - let - resizeStep = builtins.toString 20; - brightnessStep = builtins.toString 10; - volumeStep = builtins.toString 4; - in + wayland.windowManager.hyprland = { + enable = true; + xwayland.enable = true; + systemd = { + enable = true; + variables = [ "--all" ]; + }; + package = null; + portalPackage = null; + + plugins = ( + with inputs.hyprland-plugins.packages.${system}; [ - '',XF86AudioRaiseVolume, exec, wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+'' - '',XF86AudioLowerVolume, exec, wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-'' - '',XF86MonBrightnessDown, exec, brightnessctl set ${brightnessStep}%-'' - '',XF86MonBrightnessUp, exec, brightnessctl set ${brightnessStep}%+'' - ''${mainMod} CTRL, l, resizeactive, ${resizeStep} 0'' - ''${mainMod} CTRL, h, resizeactive, -${resizeStep} 0'' - ''${mainMod} CTRL, k, resizeactive, 0 -${resizeStep}'' - ''${mainMod} CTRL, j, resizeactive, 0 ${resizeStep}'' + hyprwinwrap + ] + ); + + settings = { + "$mainMod" = mainMod; + + debug = { + disable_logs = true; + }; + + ecosystem.no_update_news = true; + + bindm = [ + # Move/resize windows with mainMod + LMB/RMB and dragging + "${mainMod}, mouse:272, movewindow" + "${mainMod}, mouse:273, resizewindow" ]; - plugin = { - hyprwinrap = { - class = "kitty-bg"; + binde = + let + resizeStep = toString 20; + brightnessStep = toString 10; + volumeStep = toString 4; + in + [ + ",XF86AudioRaiseVolume, exec, wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+" + ",XF86AudioLowerVolume, exec, wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-" + ",XF86MonBrightnessDown, exec, brightnessctl set ${brightnessStep}%-" + ",XF86MonBrightnessUp, exec, brightnessctl set ${brightnessStep}%+" + "${mainMod} CTRL, l, resizeactive, ${resizeStep} 0" + "${mainMod} CTRL, h, resizeactive, -${resizeStep} 0" + "${mainMod} CTRL, k, resizeactive, 0 -${resizeStep}" + "${mainMod} CTRL, j, resizeactive, 0 ${resizeStep}" + ]; + + plugin = { + hyprwinrap = { + class = "kitty-bg"; + }; + + touch_gestures = { + sensitivity = 4.0; + workspace_swipe_fingers = 3; + workspace_swipe_edge = "d"; + long_press_delay = 400; + resize_on_border_long_press = true; + edge_margin = 10; + emulate_touchpad_swipe = false; + }; }; - touch_gestures = { - sensitivity = 4.0; - workspace_swipe_fingers = 3; - workspace_swipe_edge = "d"; - long_press_delay = 400; - resize_on_border_long_press = true; - edge_margin = 10; - emulate_touchpad_swipe = false; + exec-once = [ "${wmCfg.exec-once}" ]; + + env = [ + "XDG_CURRENT_DESKTOP, Hyprland" + "XDG_SESSION_DESKTOP, Hyprland" + "GDK_PIXBUF_MODULE_FILE, ${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache" + ]; + + misc = { + disable_hyprland_logo = true; + force_default_wallpaper = 0; + disable_splash_rendering = true; }; }; - - exec-once = [ "${execOnceScript}" ]; - - env = [ - ''XDG_CURRENT_DESKTOP, Hyprland'' - ''XDG_SESSION_DESKTOP, Hyprland'' - ''GDK_PIXBUF_MODULE_FILE, ${pkgs.librsvg}/lib/gdk-pixbuf-2.0/2.10.0/loaders.cache'' - ]; - - misc = { - disable_hyprland_logo = true; - force_default_wallpaper = 0; - disable_splash_rendering = true; - }; }; }; } diff --git a/home/user/wm.nix b/home/user/wm.nix new file mode 100644 index 0000000..f6895fd --- /dev/null +++ b/home/user/wm.nix @@ -0,0 +1,93 @@ +{ + pkgs, + lib, + config, + ... +}: +let + inherit (lib) getExe getExe'; + + # ==== binary ==== # + rofi = getExe pkgs.rofi; + playerctl = getExe pkgs.playerctl; + wpctl = getExe' pkgs.wireplumber "wpctl"; + brightnessctl = getExe pkgs.brightnessctl; + + brightnessStep = toString 10; + volumeStep = toString 4; + + rofiWall = import ../../home/scripts/rofiwall.nix { inherit config pkgs; }; + rbwSelector = import ../../home/scripts/rbwSelector.nix { inherit pkgs; }; + toggleWlogout = pkgs.writeShellScript "toggleWlogout" '' + if ${pkgs.busybox}/bin/pgrep wlogout > /dev/null; then + ${pkgs.busybox}/bin/pkill wlogout + else + ${getExe config.programs.wlogout.package} --protocol layer-shell + fi + ''; + + cfg = config.wm; + mod = cfg.keybinds.mod; + sep = cfg.keybinds.separator; +in +{ + wm = { + exec-once = /* bash */ '' + # Fix nemo open in terminal + dconf write /org/cinnamon/desktop/applications/terminal/exec "''\'${cfg.app.terminal.name}''\'" & + dconf write /org/cinnamon/desktop/applications/terminal/exec-arg "''\'''\'" & + + # Hint dark theme + dconf write /org/gnome/desktop/interface/color-scheme '"prefer-dark"' & + + systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP QT_QPA_PLATFORMTHEME & + ''; + + app = { + terminal = { + package = config.programs.ghostty.package; + name = "ghostty"; + run = "ghostty -e"; + }; + browser = { + package = config.programs.zen-browser.package; + name = "zen-twilight"; + }; + file-browser = { + package = config.programs.yazi.pacakge; + name = "yazi"; + }; + }; + keybinds = { + spawn-repeat = { + # ==== Media ==== # + "XF86AudioPrev" = "${playerctl} previous"; + "XF86AudioNext" = "${playerctl} next"; + "${mod}${sep}CTRL${sep}COMMA" = "${playerctl} previous"; + "${mod}${sep}CTRL${sep}PERIOD" = "${playerctl} next"; + "XF86AudioPlay" = "${playerctl} play-pause"; + "XF86AudioStop" = "${playerctl} stop"; + "XF86AudioMute" = "${wpctl} set-mute @DEFAULT_SINK@ toggle"; + "XF86AudioRaiseVolume" = + "${wpctl} set-mute @DEFAULT_SINK@ 0 && ${wpctl} set-volume @DEFAULT_SINK@ ${volumeStep}%+"; + "XF86AudioLowerVolume" = + "${wpctl} set-mute @DEFAULT_SINK@ 0 && ${wpctl} set-volume @DEFAULT_SINK@ ${volumeStep}%-"; + "XF86MonBrightnessDown" = "${brightnessctl} set ${brightnessStep}%-"; + "XF86MonBrightnessUp" = "${brightnessctl} set ${brightnessStep}%+"; + }; + spawn = { + "${mod}${sep}Return" = "${getExe cfg.app.terminal.package}"; + "${mod}${sep}F" = "${getExe cfg.app.browser.package}"; + "${mod}${sep}E" = "${cfg.app.terminal.run} ${cfg.app.file-browser.name}"; + "${mod}${sep}CTRL${sep}P" = "${rbwSelector}"; + "${mod}${sep}CTRL${sep}M" = "${toggleWlogout}"; + + # Launcher + "${mod}${sep}CTRL${sep}W" = "${rofiWall}"; + "ALT${sep}SPACE" = "${rofi} -config config/rofi/apps.rasi -show drun"; + "${mod}${sep}PERIOD" = "${rofi} -modi emoji -show emoji"; + "${mod}${sep}CTRL${sep}C" = "${rofi} -modi calc -show calc -no-show-match -no-sort"; + }; + }; + }; +} diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index 957b5f0..efd591c 100755 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -3,10 +3,12 @@ config, helper, pkgs, + lib, ... }: let inherit (osConfig.systemConf) username; + inherit (lib) mkForce; inherit (helper) capitalize; inherit (pkgs) runCommand; @@ -14,7 +16,7 @@ let owner = "JustAdumbPrsn"; repo = "zen-nebula"; rev = "main"; - sha256 = "sha256-wtntRAkOGm6fr396kqzqk+GyPk+ytifXTqqOp0YIvlw="; + sha256 = "sha256-Eg9HsN+yDA8OdVcE9clS+FyUhVBH3ooN/odkZIVR/p4="; }; patchedNebula = @@ -143,6 +145,8 @@ in recursive = true; }; + home.file.".zen/${profileName}/search.json.mozlz4".force = mkForce true; + xdg.mimeApps = let value = diff --git a/options/systemconf.nix b/options/systemconf.nix index 3094cd9..fa6922f 100755 --- a/options/systemconf.nix +++ b/options/systemconf.nix @@ -10,8 +10,10 @@ let inherit (pkgs.stdenv.hostPlatform) system; inherit (lib) + optional mkOption mkEnableOption + mkMerge types mkIf ; @@ -64,7 +66,7 @@ in domain = mkOption { type = types.str; default = "local"; - description = ''Domain for system''; + description = "Domain for system"; }; username = mkOption { @@ -85,16 +87,15 @@ in }; }; - hyprland = { - enable = (mkEnableOption "Enable hyprland") // { - default = false; - }; - }; - - niri = { - enable = (mkEnableOption "Enable niri") // { - default = false; - }; + windowManager = mkOption { + type = + with types; + nullOr (enum [ + "hyprland" + "niri" + "mango" + ]); + default = null; }; enableHomeManager = (mkEnableOption "Home manager") // { @@ -117,7 +118,9 @@ in system.stateVersion = stateVersion; - programs.hyprland.enable = if (cfg.hyprland.enable && (!cfg.niri.enable)) then true else false; + programs.hyprland.enable = cfg.windowManager == "hyprland"; + programs.niri.enable = cfg.windowManager == "niri"; + programs.mango.enable = cfg.windowManager == "mango"; # ==== Home Manager ==== # home-manager = mkIf cfg.enableHomeManager { @@ -134,6 +137,7 @@ in inherit (cfg) username hostname; }; sharedModules = [ + inputs.mango.hmModules.mango inputs.hyprland.homeManagerModules.default inputs.caelestia-shell.homeManagerModules.default inputs.sops-nix.homeManagerModules.default diff --git a/pkgs/overlays/default.nix b/pkgs/overlays/default.nix index f05a430..164f24e 100755 --- a/pkgs/overlays/default.nix +++ b/pkgs/overlays/default.nix @@ -2,5 +2,5 @@ (import ./vesktop.nix) (import ./proton-dw-bin.nix) # (import ./powerdns-admin.nix) - # (import ./stalwart-mail) + # (import ./stalwart) ] diff --git a/pkgs/overlays/proton-dw-bin.nix b/pkgs/overlays/proton-dw-bin.nix index 3b550d0..567e1de 100644 --- a/pkgs/overlays/proton-dw-bin.nix +++ b/pkgs/overlays/proton-dw-bin.nix @@ -5,11 +5,11 @@ final: prev: { in final.pkgs.stdenv.mkDerivation (finalAttrs: rec { pname = "dwproton"; - version = "10.0-14"; + version = "10.0-16"; src = final.pkgs.fetchzip { url = "https://dawn.wine/dawn-winery/dwproton/releases/download/${pname}-${finalAttrs.version}/${pname}-${finalAttrs.version}-x86_64.tar.xz"; - hash = "sha256-5fDo7YUPhp0OwjdAXHfovSuFCgSPwHW0cSZk9E+FY98="; + hash = "sha256-9wDhtrB5IjFVZxyorAJUaivRwE85pzQ6/eDgHXCSEh8="; }; dontUnpack = true; diff --git a/pkgs/overlays/stalwart-mail/default.nix b/pkgs/overlays/stalwart/default.nix similarity index 53% rename from pkgs/overlays/stalwart-mail/default.nix rename to pkgs/overlays/stalwart/default.nix index 2cfb650..e35e07e 100755 --- a/pkgs/overlays/stalwart-mail/default.nix +++ b/pkgs/overlays/stalwart/default.nix @@ -1,5 +1,5 @@ final: prev: { - stalwart-mail = prev.stalwart-mail.overrideAttrs (oldAttrs: { + stalwart = prev.stalwart.overrideAttrs (oldAttrs: { patches = [ ./enable_root_ca.patch ]; diff --git a/pkgs/overlays/stalwart-mail/enable_root_ca.patch b/pkgs/overlays/stalwart/enable_root_ca.patch similarity index 100% rename from pkgs/overlays/stalwart-mail/enable_root_ca.patch rename to pkgs/overlays/stalwart/enable_root_ca.patch diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index bc46ec3..2832653 100755 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -12,9 +12,8 @@ in systemConf = { inherit hostname username; enableHomeManager = true; + windowManager = "niri"; nvidia.enable = true; - hyprland.enable = false; - niri.enable = true; sddm.package = ( pkgs.sddm-astronaut.override { embeddedTheme = "purple_leaves"; diff --git a/system/dev/dn-pre7780/services/default.nix b/system/dev/dn-pre7780/services/default.nix index fff90ce..974420b 100755 --- a/system/dev/dn-pre7780/services/default.nix +++ b/system/dev/dn-pre7780/services/default.nix @@ -1,7 +1,6 @@ { imports = [ ../../../modules/postgresql.nix - # ./mail.nix ./nginx.nix # ./pangolin.nix ]; diff --git a/system/dev/dn-pre7780/services/mail.nix b/system/dev/dn-pre7780/services/mail.nix deleted file mode 100755 index 27bcb9c..0000000 --- a/system/dev/dn-pre7780/services/mail.nix +++ /dev/null @@ -1,205 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - inherit (lib) mkIf; - inherit (config.networking) domain; - mkCondition = ( - condition: ithen: ielse: [ - { - "if" = condition; - "then" = ithen; - } - { "else" = ielse; } - ] - ); - - rspamdWebPort = 11333; - rspamdPort = 31009; - fqdn = "mx1.dnywe.com"; - - rspamdSecretFile = config.sops.secrets."rspamd".path; - rspamdSecretPath = "/run/rspamd/rspamd-controller-password.inc"; -in -{ - networking.firewall.allowedTCPPorts = [ 8080 ]; - - imports = [ - (import ../../../modules/stalwart.nix { - inherit domain; - - enableNginx = false; - adminPassFile = config.sops.secrets."stalwart/adminPassword".path; - certs."default" = { - default = true; - cert = "%{file:${config.security.acme.certs.${fqdn}.directory}/cert.pem}%"; - private-key = "%{file:${config.security.acme.certs.${fqdn}.directory}/key.pem}%"; - }; - ldapConf = { - type = "ldap"; - url = "ldaps://ldap.net.dn"; - tls.enable = true; - timeout = "30s"; - base-dn = "ou=people,dc=net,dc=dn"; - attributes = { - name = "uid"; - email = "mail"; - email-alias = "mailRoutingAddress"; - secret = "userPassword"; - description = [ - "cn" - "description" - ]; - class = "objectClass"; - groups = [ "memberOf" ]; - }; - filter = { - name = "(&(objectClass=inetOrgPerson)(|(uid=?)(mail=?)(mailRoutingAddress=?)))"; - email = "(&(objectClass=inetOrgPerson)(|(mailRoutingAddress=?)(mail=?)))"; - }; - bind = { - dn = "cn=admin,dc=net,dc=dn"; - secret = "%{file:${config.sops.secrets."stalwart/ldap".path}}%"; - auth = { - method = "default"; - }; - }; - }; - }) - ]; - - services.stalwart-mail.settings.spam-filter.enable = !config.services.rspamd.enable; - - services.stalwart-mail.settings.session.milter."rspamd" = mkIf config.services.rspamd.enable { - enable = mkCondition "listener = 'smtp'" true false; - hostname = "127.0.0.1"; - port = rspamdPort; - stages = [ - "connect" - "ehlo" - "mail" - "rcpt" - "data" - ]; - tls = false; - allow-invalid-certs = false; - options = { - tempfail-on-error = true; - max-response-size = 52428800; # 50mb - version = 6; - }; - }; - - services.rspamd = { - enable = true; - locals = { - "redis.conf".text = '' - servers = "${config.services.redis.servers.rspamd.unixSocket}"; - ''; - "classifier-bayes.conf".text = '' - backend = "redis"; - autolearn = true; - ''; - "dkim_signing.conf".text = '' - enabled = false; - ''; - "milter_headers.conf".text = '' - enabled = true; - extended_spam_headers = true; - skip_local = false; - use = ["x-spamd-bar", "x-spam-level", "x-spam-status", "authentication-results", "x-spamd-result"]; - authenticated_headers = ["authentication-results"]; - ''; - }; - localLuaRules = - pkgs.writeText "rspamd-local.lua" - # lua - '' - -- Temporary fix for double dot issue rspamd#5273 - local lua_util = require("lua_util") - - rspamd_config.UNQUALIFY_SENDER_HOSTNAME = { - callback = function(task) - local hn = task:get_hostname() - if not hn then return end - local san_hn = string.gsub(hn, "%.$", "") - if hn ~= san_hn then - task:set_hostname(san_hn) - end - end, - type = "prefilter", - priority = lua_util.symbols_priorities.top + 1, - } - ''; - workers = { - rspamd_proxy = { - type = "rspamd_proxy"; - includes = [ "$CONFDIR/worker-proxy.inc" ]; - bindSockets = [ - "*:${toString rspamdPort}" - ]; - extraConfig = '' - self_scan = yes; - ''; - }; - controller = { - type = "controller"; - includes = [ - "$CONFDIR/worker-controller.inc" - ]; - extraConfig = '' - .include(try=true; priority=1,duplicate=merge) "${rspamdSecretPath}" - ''; - bindSockets = [ "127.0.0.1:${toString rspamdWebPort}" ]; - }; - }; - overrides."whitelist.conf".text = '' - whiltelist_from { - ${domain} = true; - } - ''; - }; - - systemd.services.rspamd = mkIf config.services.rspamd.enable { - path = [ - pkgs.rspamd - pkgs.coreutils - ]; - serviceConfig = { - ExecStartPre = [ - "${pkgs.writeShellScript "generate-rspamd-passwordfile" '' - RSPAMD_PASSWORD_HASH=$(rspamadm pw --password $(cat ${rspamdSecretFile})) - echo "enable_password = \"$RSPAMD_PASSWORD_HASH\";" > ${rspamdSecretPath} - chmod 770 "${rspamdSecretPath}" - ''}" - ]; - }; - }; - - services.redis.servers.rspamd = { - enable = true; - port = 0; - user = config.services.rspamd.user; - }; - - security.acme = { - acceptTerms = true; - certs."${fqdn}" = { - inheritDefaults = false; - group = config.systemd.services.stalwart-mail.serviceConfig.Group; - dnsProvider = "cloudflare"; - dnsResolver = "1.1.1.1:53"; - server = "https://acme-v02.api.letsencrypt.org/directory"; - validMinDays = 30; - email = "dachxy@${domain}"; - extraDomainNames = [ domain ]; - environmentFile = config.sops.secrets."cloudflare/secret".path; - postRun = '' - systemctl reload stalwart-mail - ''; - }; - }; -} diff --git a/system/dev/dn-pre7780/sops/sops-conf.nix b/system/dev/dn-pre7780/sops/sops-conf.nix index a5a1df9..596965b 100755 --- a/system/dev/dn-pre7780/sops/sops-conf.nix +++ b/system/dev/dn-pre7780/sops/sops-conf.nix @@ -32,9 +32,9 @@ in mode = "0660"; }; } - // (optionalAttrs config.services.stalwart-mail.enable ( + // (optionalAttrs config.services.stalwart.enable ( let - inherit (config.users.users.stalwart-mail) name group; + inherit (config.users.users.stalwart) name group; owner = name; in { diff --git a/system/dev/dn-pre7780/utility/davinci-resolve.nix b/system/dev/dn-pre7780/utility/davinci-resolve.nix index bf8d6c2..6b95868 100755 --- a/system/dev/dn-pre7780/utility/davinci-resolve.nix +++ b/system/dev/dn-pre7780/utility/davinci-resolve.nix @@ -1,5 +1,5 @@ { imports = [ - # ../../../modules/davinci-resolve.nix + ../../../modules/davinci-resolve.nix ]; } diff --git a/system/dev/dn-pre7780/utility/default.nix b/system/dev/dn-pre7780/utility/default.nix index c58d03c..03f9365 100755 --- a/system/dev/dn-pre7780/utility/default.nix +++ b/system/dev/dn-pre7780/utility/default.nix @@ -1,8 +1,8 @@ { imports = [ ../../../modules/localsend.nix - ./airplay.nix - ./davinci-resolve.nix + # ./airplay.nix + # ./davinci-resolve.nix # ./blender.nix ]; } diff --git a/system/dev/dn-server/services/default.nix b/system/dev/dn-server/services/default.nix index fb46780..7b910b2 100755 --- a/system/dev/dn-server/services/default.nix +++ b/system/dev/dn-server/services/default.nix @@ -1,4 +1,3 @@ -{ config, ... }: { imports = [ ./actual-budget.nix @@ -15,5 +14,6 @@ ./dns.nix ./acme.nix ./ntfy.nix + ./homepage.nix ]; } diff --git a/system/dev/dn-server/services/dns.nix b/system/dev/dn-server/services/dns.nix index 2b499c6..d9c848d 100644 --- a/system/dev/dn-server/services/dns.nix +++ b/system/dev/dn-server/services/dns.nix @@ -102,7 +102,7 @@ in "192.168.100.0/24" ]; dns.port = 5300; - yaml-settings = { + settings = { webservice.webserver = true; recordcache.max_negative_ttl = 60; }; diff --git a/system/dev/dn-server/services/homepage.nix b/system/dev/dn-server/services/homepage.nix new file mode 100644 index 0000000..f986316 --- /dev/null +++ b/system/dev/dn-server/services/homepage.nix @@ -0,0 +1,194 @@ +{ config, ... }: +let + inherit (config.networking) domain; + cfg = config.services.homepage-dashboard; +in +{ + sops.secrets = { + "homepage" = { + }; + }; + + services.homepage-dashboard = { + enable = true; + openFirewall = true; + listenPort = 8044; + environmentFile = config.sops.secrets."homepage".path; + allowedHosts = "www.${domain},${domain},localhost:${toString cfg.listenPort}"; + docker = { + docker = { + socket = "/var/run/docker.sock"; + }; + }; + widgets = [ + { + search = { + provider = "duckduckgo"; + target = "_blank"; + }; + } + { + datetime = { + text_size = "x1"; + format = { + dateStyle = "short"; + timeStyle = "short"; + hour12 = true; + }; + }; + } + ]; + services = [ + { + "Files & Documents" = [ + { + "Nextcloud" = { + icon = "nextcloud.svg"; + description = "☁️ Cloud drive"; + href = "https://${config.services.nextcloud.hostName}"; + widgets = [ + { + type = "nextcloud"; + url = "https://${config.services.nextcloud.hostName}"; + key = "{{HOMEPAGE_VAR_NEXTCLOUD_NC_TOKEN}}"; + } + ]; + }; + } + { + "Paperless" = { + icon = "paperless.svg"; + description = "PDF editing, tagging, and viewing"; + href = config.services.paperless.settings.PAPERLESS_URL; + }; + } + ]; + } + { + "VPN & IDP" = [ + { + "Netbird" = { + icon = "netbird.svg"; + description = "VPN Service: access internal services"; + href = "https://${config.services.netbird.server.domain}"; + }; + } + { + "Keycloak" = { + icon = "keycloak.svg"; + description = "Identity provider"; + href = "https://${config.services.keycloak.settings.hostname}"; + }; + } + ]; + } + { + "Monitor" = [ + { + "Grafana" = { + icon = "grafana.svg"; + description = "Show metrics!"; + href = config.services.grafana.settings.server.root_url; + }; + } + { + "Prometheus" = { + icon = "prometheus.svg"; + description = "The web is not that useful 🥀"; + href = config.services.prometheus.webExternalUrl; + }; + } + { + "Uptime Kuma" = { + icon = "uptime-kuma.svg"; + description = "Service health check"; + href = "https://uptime.${domain}"; + }; + } + ]; + } + { + "Utility" = [ + { + "Vaultwarden" = { + icon = "vaultwarden-light.svg"; + description = "Password manager"; + href = config.services.vaultwarden.config.DOMAIN; + }; + } + { + "PowerDNS" = { + icon = "powerdns.svg"; + description = "DNS record management"; + href = "https://powerdns.${domain}"; + }; + } + { + "Actual Budget" = { + icon = "actual-budget.svg"; + description = "Financial budget management"; + href = "https://actual.${domain}"; + }; + } + { + "Ntfy" = { + icon = "ntfy.svg"; + description = "Notification service"; + href = config.services.ntfy-sh.settings.base-url; + }; + } + ]; + } + { + "Games" = [ + { + "Minecraft" = { + icon = "minecraft.svg"; + description = "Minecraft servers"; + widgets = [ + { + type = "minecraft"; + fields = [ + "players" + "version" + "status" + ]; + url = "udp://mc.${domain}:${toString config.services.velocity.port}"; + } + ]; + }; + } + ]; + } + + ]; + settings = { + base = "https://www.${domain}"; + headerStyle = "boxed"; + title = "DN Home"; + description = "Welcome! maybe?"; + disableUpdateCheck = true; + providers = { + + }; + quicklaunch = { + searchDescriptions = true; + hideInternetSearch = true; + showSearchSuggestions = true; + hideVisitURL = true; + provider = "google"; + }; + }; + }; + + services.nginx.virtualHosts."${domain}" = { + useACMEHost = domain; + forceSSL = true; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.listenPort}"; + }; + serverAliases = [ + "www.${domain}" + ]; + }; +} diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index 62082f0..113f423 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -65,6 +65,7 @@ forgejo: password: ENC[AES256_GCM,data:dcIotYpgtdFLcunAB3ttlczzQ68=,iv:vH3rckAfntFAEtH3dolF7NCAdj142cAzre56x7oBdDA=,tag:TaxRn8g/TVloM60D6Ud0Jg==,type:str] velocity: ENC[AES256_GCM,data:PYGSXfivm7OyKhBMKPOVDs+efpcb0hhwCAxlT05pM+kg9t0lH4TEMuxBXFRs80LUiQx+CYXyw8UvBkkKwPEc,iv:PppenjXIQ+eirCor3PxT16r2S7wO8bww5v/RyjQh9MI=,tag:Dc3BzmyQcTwYsvWShQ/JqQ==,type:str] fabricProxy: ENC[AES256_GCM,data:srGYmqHgfkxAKKSjy9uGX1mQpE3N0rXb06MYiycbYESj/sZu/vjsPspvUdzTHHb9zkF5SWLWkmP6llIpimkss/dm7A1pGlagin3+,iv:yoWQdWeP9UjoRO5rJ9FQGbBu3iypIdXGrSDqBfFhw6w=,tag:+d/Tp/m3vENZAXJyHOMJEA==,type:str] +homepage: ENC[AES256_GCM,data:SqRtz4xrwCTQulgFsRAgTcQNQZRyRes+K4UzlhQZW3GuAmQaRBIHJyFttgIQYDKlc21QAiM2zxa9IBOtGNpQAdkplUptaRTq0fZH/OYcNw==,iv:NLEiWjfPvsw2Tq+pqrIPy8pKlWFD8wVXt9TMH8Y8+jA=,tag:N91DrYQoYeyJ3AH3ujTI+g==,type:str] sops: age: - recipient: age17rjcght2y5p4ryr76ysnxpy2wff62sml7pyc5udcts48985j05vqpwdfq2 @@ -94,7 +95,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-20T06:31:45Z" - mac: ENC[AES256_GCM,data:ad8EP8zk6mxlmMZaEijW0NWF72y2EikJPct7qxiCp6/sWGKKrGv8mRnC1zahgpRqpGR0jZKQ8Ot204EdGrJF9WI03+ZB9GgKi9ipQvXlGOCJq6m/Mp6WygI2hFAzRKCeoPqAPjVQxQ3Ctt/WEYXzvEp7CIKUq7WD6gTEFk6FDg0=,iv:20rJb79QnUW0DFbXTr0XXjiXjm7bK0CVs4oVan5SAKw=,tag:+mnMTBYQ1fhwe/abwGYNOA==,type:str] + lastmodified: "2026-01-30T04:08:29Z" + mac: ENC[AES256_GCM,data:egK9zlAccBV2IeJ+DYTP3AKQUUMFPmts8eZMilQlyh+EE/oXhNnKeKkmNg9h1RwoZ6zh0LRDsyjubCc06PI/wVx2lJ0JfPs4bt6PckC1hZglRSHHjmocyx1eF5bMVfBLmluDzQ3Zms1Ryvuh+M+EjtdhttBljAIb0JIRx8Wzwks=,iv:wWrRiOvzZDboZSMgTzmbVVWzpSIhLdlgxgUIFXCFet0=,tag:YLBtLivKLBvByyfm4PbVXQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/public/dn/common.nix b/system/dev/public/dn/common.nix index 17d9f0d..50271c2 100755 --- a/system/dev/public/dn/common.nix +++ b/system/dev/public/dn/common.nix @@ -27,6 +27,16 @@ in }; workspaces."game" = { }; window-rules = [ + # Wine systray + { + matches = [ + { + title = "^$"; + app-id = "^steam_app_(.*)$"; + } + ]; + open-fullscreen = false; + } # Steam Game Fullscreen { matches = [ @@ -68,5 +78,8 @@ in } ]; }; + wayland.windowManager.mango.settings = '' + xkb_rules_options = caps:escape + ''; }; } diff --git a/system/dev/skydrive-lap/default.nix b/system/dev/skydrive-lap/default.nix index ab73d81..5dcc56f 100755 --- a/system/dev/skydrive-lap/default.nix +++ b/system/dev/skydrive-lap/default.nix @@ -11,8 +11,7 @@ in inherit hostname username; domain = "net.dn"; enableHomeManager = true; - hyprland.enable = false; - niri.enable = true; + windowManager = "niri"; face = pkgs.fetchurl { url = "https://git.dnywe.com/dachxy/skydrive-avatar/raw/branch/main/skydrive.jpg"; hash = "sha256-aMjl6VL1Zy+r3ElfFyhFOlJKWn42JOnAFfBXF+GPB/Q="; diff --git a/system/modules/hyprland.nix b/system/modules/hyprland.nix index b69cb31..519f87b 100755 --- a/system/modules/hyprland.nix +++ b/system/modules/hyprland.nix @@ -7,44 +7,43 @@ }: let inherit (lib) mkIf; + inherit (pkgs.stdenv.hostPlatform) system; inherit (config.systemConf) username; - - hyprlandEnabled = config.programs.hyprland.enable; in { - programs.hyprland = { - enable = config.systemConf.hyprland.enable; - withUWSM = false; - package = inputs.hyprland.packages."${pkgs.system}".hyprland; - portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; - }; + config = mkIf config.programs.hyprland.enable { + programs.hyprland = { + withUWSM = false; + package = inputs.hyprland.packages."${system}".hyprland; + portalPackage = inputs.hyprland.packages.${system}.xdg-desktop-portal-hyprland; + }; - environment.sessionVariables = mkIf hyprlandEnabled { - NIXOS_OZONE_WL = "1"; - WLR_NO_HARDWARE_CURSORS = "1"; - }; + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + WLR_NO_HARDWARE_CURSORS = "1"; + }; - environment.systemPackages = mkIf hyprlandEnabled ( - with pkgs; - [ - pyprland - hyprsunset - hyprpicker - hyprshot - kitty - ] - ); + environment.systemPackages = ( + with pkgs; + [ + pyprland + hyprsunset + hyprpicker + hyprshot + ] + ); - nix = mkIf hyprlandEnabled { - settings = { - substituters = [ "https://hyprland.cachix.org" ]; - trusted-public-keys = [ - "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" - ]; + nix = { + settings = { + substituters = [ "https://hyprland.cachix.org" ]; + trusted-public-keys = [ + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" + ]; + }; + }; + + home-manager.users."${username}" = { + imports = [ ../../home/user/hyprland.nix ]; }; }; - - home-manager.users."${username}" = mkIf hyprlandEnabled { - imports = [ ../../home/user/hyprland.nix ]; - }; } diff --git a/system/modules/mango.nix b/system/modules/mango.nix new file mode 100644 index 0000000..87a27ee --- /dev/null +++ b/system/modules/mango.nix @@ -0,0 +1,297 @@ +{ + config, + lib, + ... +}: +let + inherit (lib) + mkIf + removePrefix + concatStringsSep + mapAttrsToList + ; +in +{ + config = mkIf config.programs.mango.enable { + home-manager.sharedModules = [ + ( + { config, ... }: + let + wmCfg = config.wm; + bindCfg = wmCfg.keybinds; + in + { + wm.keybinds = { + mod = "SUPER"; + separator = ","; + hypr-type = true; + }; + + wayland.windowManager.mango = { + enable = true; + settings = + let + keybinds = concatStringsSep "\n" ( + mapAttrsToList (n: v: "bind=${n},spawn,${v}") (bindCfg.spawn-repeat // bindCfg.spawn) + ); + in + '' + # Window effect + blur=0 + blur_layer=0 + blur_optimized=1 + blur_params_num_passes = 2 + blur_params_radius = 5 + blur_params_noise = 0.02 + blur_params_brightness = 0.9 + blur_params_contrast = 0.9 + blur_params_saturation = 1.2 + + shadows = 0 + layer_shadows = 0 + shadow_only_floating = 1 + shadows_size = 10 + shadows_blur = 15 + shadows_position_x = 0 + shadows_position_y = 0 + shadowscolor= 0x000000ff + + border_radius=${toString wmCfg.border.radius} + no_radius_when_single=0 + focused_opacity=${toString wmCfg.window.opacity} + unfocused_opacity=${toString wmCfg.window.opacity} + + # Animation Configuration(support type:zoom,slide) + # tag_animation_direction: 1-horizontal,0-vertical + animations=1 + layer_animations=1 + animation_type_open=slide + animation_type_close=slide + animation_fade_in=1 + animation_fade_out=1 + tag_animation_direction=1 + zoom_initial_ratio=0.3 + zoom_end_ratio=0.8 + fadein_begin_opacity=0.5 + fadeout_begin_opacity=0.8 + animation_duration_move=500 + animation_duration_open=400 + animation_duration_tag=350 + animation_duration_close=800 + animation_duration_focus=0 + animation_curve_open=0.46,1.0,0.29,1 + animation_curve_move=0.46,1.0,0.29,1 + animation_curve_tag=0.46,1.0,0.29,1 + animation_curve_close=0.08,0.92,0,1 + animation_curve_focus=0.46,1.0,0.29,1 + animation_curve_opafadeout=0.5,0.5,0.5,0.5 + animation_curve_opafadein=0.46,1.0,0.29,1 + + # Scroller Layout Setting + scroller_structs=20 + scroller_default_proportion=0.8 + scroller_focus_center=0 + scroller_prefer_center=0 + edge_scroller_pointer_focus=1 + scroller_default_proportion_single=1.0 + scroller_proportion_preset=0.5,0.8,1.0 + + # Master-Stack Layout Setting + new_is_master=1 + default_mfact=0.55 + default_nmaster=1 + smartgaps=0 + + # Overview Setting + hotarea_size=10 + enable_hotarea=1 + ov_tab_mode=0 + overviewgappi=5 + overviewgappo=30 + + # Misc + no_border_when_single=0 + axis_bind_apply_timeout=100 + focus_on_activate=1 + idleinhibit_ignore_visible=0 + sloppyfocus=1 + warpcursor=1 + focus_cross_monitor=0 + focus_cross_tag=0 + enable_floating_snap=0 + snap_distance=30 + cursor_size=24 + drag_tile_to_tile=1 + + # keyboard + repeat_rate=${toString wmCfg.input.keyboard.repeat-rate} + repeat_delay=${toString wmCfg.input.keyboard.repeat-delay} + numlockon=0 + xkb_rules_layout=us + + # Trackpad + # need relogin to make it apply + disable_trackpad=0 + tap_to_click=1 + tap_and_drag=1 + drag_lock=1 + trackpad_natural_scrolling=0 + disable_while_typing=1 + left_handed=0 + middle_button_emulation=0 + swipe_min_threshold=1 + + # mouse + # need relogin to make it apply + mouse_natural_scrolling=0 + + # Appearance + gappih=5 + gappiv=5 + gappoh=10 + gappov=10 + scratchpad_width_ratio=0.8 + scratchpad_height_ratio=0.9 + borderpx=4 + rootcolor=0x${removePrefix "#" wmCfg.border.active.to}ff + bordercolor=0x${removePrefix "#" wmCfg.border.active.from}ff + focuscolor=0x${removePrefix "#" wmCfg.border.active.to}ff + maximizescreencolor=0x89aa61ff + urgentcolor=0xad401fff + scratchpadcolor=0x516c93ff + globalcolor=0xb153a7ff + overlaycolor=0x14a57cff + + # layout support: + # tile,scroller,grid,deck,monocle,center_tile,vertical_tile,vertical_scroller + tagrule=id:1,layout_name:tile + tagrule=id:2,layout_name:tile + tagrule=id:3,layout_name:tile + tagrule=id:4,layout_name:tile + tagrule=id:5,layout_name:tile + tagrule=id:6,layout_name:tile + tagrule=id:7,layout_name:tile + tagrule=id:8,layout_name:tile + tagrule=id:9,layout_name:tile + + # Key Bindings + # key name refer to `xev` or `wev` command output, + # mod keys name: super,ctrl,alt,shift,none + + ${keybinds} + + # exit + bind=${bindCfg.close-window},killclient + + # switch window focus + bind=${bindCfg.switch-window-focus},focusstack,next + bind=${bindCfg.move-window-focus.left},focusdir,left + bind=${bindCfg.move-window-focus.right},focusdir,right + bind=${bindCfg.move-window-focus.up},focusdir,up + bind=${bindCfg.move-window-focus.down},focusdir,down + + # swap window + bind=${bindCfg.move-window.up},exchange_client,up + bind=${bindCfg.move-window.down},exchange_client,down + bind=${bindCfg.move-window.left},exchange_client,left + bind=${bindCfg.move-window.right},exchange_client,right + + # switch window status + bind=SUPER,g,toggleglobal, + bind=${bindCfg.toggle-overview},toggleoverview, + bind=${bindCfg.toggle-float},togglefloating, + bind=${bindCfg.maximize-column},togglemaximizescreen, + # bind=${bindCfg.toggle-fullscreen},togglefullscreen, + bind=${bindCfg.toggle-fullscreen},togglefakefullscreen, + bind=${bindCfg.minimize},minimized, + # bind=SUPER,o,toggleoverlay, + bind=${bindCfg.restore-minimize},restore_minimized + bind=${bindCfg.toggle-scratchpad},toggle_scratchpad + + # scroller layout + bind=${bindCfg.expand-column-to-available-width},set_proportion,1.0 + bind=${bindCfg.switch-preset-column-width},switch_proportion_preset, + + # switch layout + bind=${bindCfg.switch-layout},switch_layout + + # tag switch + bind=SUPER,Left,viewtoleft,0 + bind=CTRL,Left,viewtoleft_have_client,0 + bind=SUPER,Right,viewtoright,0 + bind=CTRL,Right,viewtoright_have_client,0 + bind=CTRL+SUPER,Left,tagtoleft,0 + bind=CTRL+SUPER,Right,tagtoright,0 + + bind=${bindCfg.focus-workspace-prefix},1,view,1,0 + bind=${bindCfg.focus-workspace-prefix},2,view,2,0 + bind=${bindCfg.focus-workspace-prefix},3,view,3,0 + bind=${bindCfg.focus-workspace-prefix},4,view,4,0 + bind=${bindCfg.focus-workspace-prefix},5,view,5,0 + bind=${bindCfg.focus-workspace-prefix},6,view,6,0 + bind=${bindCfg.focus-workspace-prefix},7,view,7,0 + bind=${bindCfg.focus-workspace-prefix},8,view,8,0 + bind=${bindCfg.focus-workspace-prefix},9,view,9,0 + + # tag: move client to the tag and focus it + # tagsilent: move client to the tag and not focus it + # bind=Alt,1,tagsilent,1 + bind=Alt,1,tag,1,0 + bind=Alt,2,tag,2,0 + bind=Alt,3,tag,3,0 + bind=Alt,4,tag,4,0 + bind=Alt,5,tag,5,0 + bind=Alt,6,tag,6,0 + bind=Alt,7,tag,7,0 + bind=Alt,8,tag,8,0 + bind=Alt,9,tag,9,0 + + # monitor switch + bind=${bindCfg.move-monitor-focus.left},focusmon,left + bind=${bindCfg.move-monitor-focus.right},Right,focusmon,right + bind=SUPER+Alt,Left,tagmon,left + bind=SUPER+Alt,Right,tagmon,right + + # gaps + # bind=ALT+SHIFT,X,incgaps,1 + # bind=ALT+SHIFT,Z,incgaps,-1 + # bind=ALT+SHIFT,R,togglegaps + + # movewin + bind=CTRL+SHIFT,Up,movewin,+0,-50 + bind=CTRL+SHIFT,Down,movewin,+0,+50 + bind=CTRL+SHIFT,Left,movewin,-50,+0 + bind=CTRL+SHIFT,Right,movewin,+50,+0 + + # resizewin + bind=CTRL+ALT,Up,resizewin,+0,-50 + bind=CTRL+ALT,Down,resizewin,+0,+50 + bind=CTRL+ALT,Left,resizewin,-50,+0 + bind=CTRL+ALT,Right,resizewin,+50,+0 + + # Mouse Button Bindings + # NONE mode key only work in ov mode + mousebind=SUPER,btn_left,moveresize,curmove + mousebind=NONE,btn_middle,togglemaximizescreen,0 + mousebind=SUPER,btn_right,moveresize,curresize + mousebind=NONE,btn_left,toggleoverview,1 + mousebind=NONE,btn_right,killclient,0 + + # Axis Bindings + axisbind=SUPER,UP,viewtoleft_have_client + axisbind=SUPER,DOWN,viewtoright_have_client + + + # layer rule + layerrule=animation_type_open:zoom,layer_name:rofi + layerrule=animation_type_close:zoom,layer_name:rofi + ''; + autostart_sh = '' + ${wmCfg.exec-once} + ''; + }; + } + ) + ]; + }; +} diff --git a/system/modules/niri.nix b/system/modules/niri.nix index f243c28..63d0152 100755 --- a/system/modules/niri.nix +++ b/system/modules/niri.nix @@ -7,308 +7,264 @@ let inherit (lib) getExe + mkIf pipe + mapAttrs ; inherit (builtins) fetchurl genList listToAttrs; inherit (config.systemConf) username; - # nvidia-offload-enabled = config.hardware.nvidia.prime.offload.enableOffloadCmd; - prefix = "nvidia-offload"; - terminal = "ghostty"; - browser = "zen-twilight"; - - brightnessStep = toString 10; - volumeStep = toString 4; - - execOnceScript = pkgs.writeShellScript "startupExec" '' - # Fix nemo open in terminal - dconf write /org/cinnamon/desktop/applications/terminal/exec "''\'${terminal}''\'" & - dconf write /org/cinnamon/desktop/applications/terminal/exec-arg "''\'''\'" & - - # Hint dark theme - dconf write /org/gnome/desktop/interface/color-scheme '"prefer-dark"' & - - systemctl --user import-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP QT_QPA_PLATFORMTHEME & - ''; - niri_peekaboo = fetchurl { url = "https://raw.githubusercontent.com/heyoeyo/niri_tweaks/refs/heads/main/niri_peekaboo.py"; sha256 = "sha256:0l1x0bsa9vr089jhzgcz3xbh1hg15sw6njb91q0j9pdbrp2ym3dc"; }; in { - programs.niri = { - enable = true; - package = pkgs.niri-unstable; - }; - - home-manager.users."${username}" = - { - osConfig, - config, - ... - }: - let - rofiWall = import ../../home/scripts/rofiwall.nix { inherit config pkgs; }; - rbwSelector = import ../../home/scripts/rbwSelector.nix { inherit pkgs; }; - rNiri = pkgs.writeShellScriptBin "rNiri" '' - NIRI_SOCKET="/run/user/1000/$(ls /run/user/1000 | grep niri | head -n 1)" niri $@ - ''; - toggleWlogout = pkgs.writeShellScript "toggleWlogout" '' - if ${pkgs.busybox}/bin/pgrep wlogout > /dev/null; then - ${pkgs.busybox}/bin/pkill wlogout - else - ${config.programs.wlogout.package}/bin/wlogout --protocol layer-shell - fi - ''; - in - with config.lib.niri.actions; - { - home.packages = with pkgs; [ - nautilus # xdg-desktop-portal-gnome file picker - rNiri - ]; - - xdg.portal = { - extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; - }; - - services.nfsm.enable = true; - - programs.niri.package = osConfig.programs.niri.package; - programs.niri.settings = { - spawn-at-startup = [ - { argv = [ "${execOnceScript}" ]; } - ]; - screenshot-path = "~/Pictures/Screenshots/%Y-%m-%d_%H-%M-%S.png"; - - prefer-no-csd = true; - - xwayland-satellite = { - enable = true; - path = getExe pkgs.xwayland-satellite-unstable; - }; - - animations = { - workspace-switch.kind.spring = { - damping-ratio = 1.0; - stiffness = 1000; - epsilon = 0.0001; - }; - - window-open.kind.easing = { - duration-ms = 150; - curve = "ease-out-expo"; - }; - - window-close.kind.easing = { - duration-ms = 150; - curve = "ease-out-quad"; - }; - - window-resize.kind.spring = { - damping-ratio = 1.0; - stiffness = 800; - epsilon = 0.0001; - }; - }; - - layout.border = { - enable = true; - width = 4; - active.gradient = { - from = "#24273A"; - to = "#EBDBB2"; - angle = 45; - in' = "oklab"; - relative-to = "window"; - }; - inactive.gradient = { - from = "#24273A"; - to = "#24273A"; - angle = 45; - in' = "oklab"; - relative-to = "window"; - }; - }; - - window-rules = [ - # Global - { - geometry-corner-radius = - let - round = 12.0; - in - { - bottom-left = round; - bottom-right = round; - top-left = round; - top-right = round; - }; - clip-to-geometry = true; - opacity = 1.0; - draw-border-with-background = false; - } - # Float - { - matches = [ - { app-id = "^xdg-desktop-portal-gtk$"; } - { app-id = "^(org.gnome.Nautilus)$"; } - { app-id = "^(org.gnome.Loupe)$"; } - ]; - open-floating = true; - } - ]; - - input = { - focus-follows-mouse = { - max-scroll-amount = "90%"; - enable = true; - }; - mouse.accel-speed = -0.1; - keyboard = { - repeat-delay = 250; - repeat-rate = 35; - }; - }; - - binds = - let - sh = spawn "sh" "-c"; - in - { - # ==== Launch ==== # - "Mod+Return".action = sh "${prefix} ${terminal}"; - "Mod+F".action = sh "${browser}"; - "Mod+E".action = sh "${prefix} ${terminal} -e yazi"; - "Mod+Ctrl+P".action = spawn "${rbwSelector}"; - "Mod+Ctrl+M".action = spawn "${toggleWlogout}"; - - # Rofi - "Mod+Ctrl+W".action = spawn "${rofiWall}"; - "Alt+Space".action = spawn "rofi" "-config" "~/.config/rofi/apps.rasi" "-show" "drun"; - "Mod+Period".action = spawn "rofi" "-modi" "emoji" "-show" "emoji"; - "Mod+Ctrl+C".action = spawn "rofi" "-modi" "calc" "-show" "calc" "-no-show-match" "-no-sort"; - - # ==== Media ==== # - "XF86AudioPrev".action = spawn "playerctl" "previous"; - "XF86AudioNext".action = spawn "playerctl" "next"; - "Mod+Ctrl+Comma".action = spawn "playerctl" "previous"; - "Mod+Ctrl+Period".action = spawn "playerctl" "next"; - "XF86AudioPlay".action = spawn "playerctl" "play-pause"; - "XF86AudioStop".action = spawn "playerctl" "stop"; - "XF86AudioMute".action = spawn "wpctl" "set-mute" "@DEFAULT_SINK@" "toggle"; - "XF86AudioRaiseVolume".action = - sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%+"; - "XF86AudioLowerVolume".action = - sh "wpctl set-mute @DEFAULT_SINK@ 0 && wpctl set-volume @DEFAULT_SINK@ ${volumeStep}%-"; - "XF86MonBrightnessDown".action = spawn "brightnessctl set ${brightnessStep}%-"; - "XF86MonBrightnessUp".action = spawn "brightnessctl set ${brightnessStep}%+"; - - # ==== Movement ==== # - # Mouse Scroll - "Mod+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-workspace-down; - }; - "Mod+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-workspace-up; - }; - "Mod+Shift+WheelScrollDown" = { - cooldown-ms = 150; - action = focus-column-or-monitor-right; - }; - "Mod+Shift+WheelScrollUp" = { - cooldown-ms = 150; - action = focus-column-or-monitor-left; - }; - "Mod+WheelScrollRight".action = focus-column-right; - "Mod+WheelScrollLeft".action = focus-column-left; - - # Touchpad - "Mod+TouchpadScrollDown" = { - cooldown-ms = 150; - action = focus-window-or-workspace-down; - }; - "Mod+TouchpadScrollUp" = { - cooldown-ms = 150; - action = focus-window-or-workspace-up; - }; - - # Monitor Focus - "Mod+Ctrl+H".action = focus-monitor-left; - "Mod+Ctrl+L".action = focus-monitor-right; - - # Workspace Focus - "Mod+Ctrl+J".action = focus-workspace-down; - "Mod+Ctrl+K".action = focus-workspace-up; - - # General Focus - "Mod+J".action = focus-window-or-workspace-down; - "Mod+K".action = focus-window-or-workspace-up; - "Mod+H".action = focus-column-or-monitor-left; - "Mod+L".action = focus-column-or-monitor-right; - - # Workspace Move - "Mod+Ctrl+Shift+J".action = move-workspace-down; - "Mod+Ctrl+Shift+K".action = move-workspace-up; - - # Window & Column Move - "Mod+Shift+J".action = move-window-down-or-to-workspace-down; - "Mod+Shift+K".action = move-window-up-or-to-workspace-up; - "Mod+Shift+L".action = move-column-right-or-to-monitor-right; - "Mod+Shift+H".action = move-column-left-or-to-monitor-left; - - # Window Comsume - "Mod+Ctrl+Shift+L".action = consume-or-expel-window-right; - "Mod+Ctrl+Shift+H".action = consume-or-expel-window-left; - - # ==== Action ==== # - # General - "Mod+C".action = center-window; - "Mod+O".action = toggle-overview; - "Mod+Q".action = close-window; - "F11".action = if config.services.nfsm.enable then (spawn "nfsm-cli") else fullscreen-window; - "Mod+Shift+slash".action = show-hotkey-overlay; - "Mod+Ctrl+Shift+P".action = spawn "${getExe pkgs.python312}" "${niri_peekaboo}"; - - # Column Scale - "Mod+W".action = switch-preset-column-width; - "Mod+S".action = switch-preset-window-height; - "Mod+P".action = expand-column-to-available-width; - "Mod+M".action = maximize-column; - "Mod+Ctrl+S".action = reset-window-height; - - # Float - "Mod+V".action = toggle-window-floating; - "Mod+Ctrl+V".action = switch-focus-between-floating-and-tiling; - - # Screenshot - "Mod+Shift+S".action.screenshot = [ { show-pointer = false; } ]; - "Ctrl+Shift+S".action.screenshot-window = [ - { - write-to-disk = false; - } - ]; - "Mod+Ctrl+Shift+S".action.screenshot-screen = [ - { - write-to-disk = false; - } - ]; - } - # Map Mod+{1 ~ 9} to workspace{1 ~ 9} - // (pipe 9 [ - (x: genList (i: i + 1) x) - ( - x: - map (i: { - name = "Mod+${toString i}"; - value.action = focus-workspace i; - }) x - ) - (x: listToAttrs x) - ]); - }; + config = mkIf config.programs.niri.enable { + programs.niri = { + package = pkgs.niri-unstable; }; + + home-manager.users."${username}" = + { + osConfig, + config, + ... + }: + let + rNiri = pkgs.writeShellScriptBin "rNiri" '' + NIRI_SOCKET="/run/user/1000/$(ls /run/user/1000 | grep niri | head -n 1)" niri $@ + ''; + wmCfg = config.wm; + bindCfg = wmCfg.keybinds; + in + with config.lib.niri.actions; + { + home.packages = with pkgs; [ + nautilus # xdg-desktop-portal-gnome file picker + rNiri + ]; + + xdg.portal = { + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; + }; + + services.nfsm.enable = true; + + programs.niri.package = osConfig.programs.niri.package; + programs.niri.settings = { + spawn-at-startup = [ + { argv = [ "${wmCfg.exec-once}" ]; } + ]; + screenshot-path = "~/Pictures/Screenshots/%Y-%m-%d_%H-%M-%S.png"; + + prefer-no-csd = true; + + xwayland-satellite = { + enable = true; + path = getExe pkgs.xwayland-satellite-unstable; + }; + + animations = { + workspace-switch.kind.spring = { + damping-ratio = 1.0; + stiffness = 1000; + epsilon = 0.0001; + }; + + window-open.kind.easing = { + duration-ms = 150; + curve = "ease-out-expo"; + }; + + window-close.kind.easing = { + duration-ms = 150; + curve = "ease-out-quad"; + }; + + window-resize.kind.spring = { + damping-ratio = 1.0; + stiffness = 800; + epsilon = 0.0001; + }; + }; + + layout.border = { + enable = true; + width = 4; + active.gradient = { + from = wmCfg.border.active.from; + to = wmCfg.border.active.to; + angle = wmCfg.border.active.angle; + in' = "oklab"; + relative-to = "window"; + }; + inactive.gradient = { + from = wmCfg.border.inactive.from; + to = wmCfg.border.inactive.to; + angle = wmCfg.border.inactive.angle; + in' = "oklab"; + relative-to = "window"; + }; + }; + + window-rules = [ + # Global + { + geometry-corner-radius = + let + round = wmCfg.border.radius + 0.0; + in + { + bottom-left = round; + bottom-right = round; + top-left = round; + top-right = round; + }; + clip-to-geometry = true; + opacity = 1.0; + draw-border-with-background = false; + } + # Float + { + matches = [ + { app-id = "^xdg-desktop-portal-gtk$"; } + { app-id = "^(org.gnome.Nautilus)$"; } + { app-id = "^(org.gnome.Loupe)$"; } + ]; + open-floating = true; + } + ]; + + input = { + focus-follows-mouse = { + max-scroll-amount = "90%"; + enable = true; + }; + mouse.accel-speed = -0.1; + keyboard = { + repeat-delay = wmCfg.input.keyboard.repeat-delay; + repeat-rate = wmCfg.input.keyboard.repeat-rate; + }; + }; + + binds = + let + sh = spawn "sh" "-c"; + spawnKeybinds = mapAttrs (name: value: { + action = sh value; + }) (wmCfg.keybinds.spawn-repeat // wmCfg.keybinds.spawn); + in + spawnKeybinds + // { + # ==== Movement ==== # + # Mouse Scroll + "Mod+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-workspace-down; + }; + "Mod+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-workspace-up; + }; + "Mod+Shift+WheelScrollDown" = { + cooldown-ms = 150; + action = focus-column-or-monitor-right; + }; + "Mod+Shift+WheelScrollUp" = { + cooldown-ms = 150; + action = focus-column-or-monitor-left; + }; + "Mod+WheelScrollRight".action = focus-column-right; + "Mod+WheelScrollLeft".action = focus-column-left; + + # Touchpad + "Mod+TouchpadScrollDown" = { + cooldown-ms = 150; + action = focus-window-or-workspace-down; + }; + "Mod+TouchpadScrollUp" = { + cooldown-ms = 150; + action = focus-window-or-workspace-up; + }; + + # Monitor Focus + "${bindCfg.move-monitor-focus.left}".action = focus-monitor-left; + "${bindCfg.move-monitor-focus.right}".action = focus-monitor-right; + + # Workspace Focus + "${bindCfg.move-workspace-focus.next}".action = focus-workspace-down; + "${bindCfg.move-workspace-focus.prev}".action = focus-workspace-up; + + # General Focus + "${bindCfg.move-window-focus.down}".action = focus-window-or-workspace-down; + "${bindCfg.move-window-focus.up}".action = focus-window-or-workspace-up; + "${bindCfg.move-window-focus.left}".action = focus-column-or-monitor-left; + "${bindCfg.move-window-focus.right}".action = focus-column-or-monitor-right; + + # Workspace Move + "${bindCfg.move-workspace.down}".action = move-workspace-down; + "${bindCfg.move-workspace.up}".action = move-workspace-up; + + # Window & Column Move + "${bindCfg.move-window.down}".action = move-window-down-or-to-workspace-down; + "${bindCfg.move-window.up}".action = move-window-up-or-to-workspace-up; + "${bindCfg.move-window.right}".action = move-column-right-or-to-monitor-right; + "${bindCfg.move-window.left}".action = move-column-left-or-to-monitor-left; + + # Window Comsume + "${bindCfg.consume-window.right}".action = consume-or-expel-window-right; + "${bindCfg.consume-window.left}".action = consume-or-expel-window-left; + + # ==== Action ==== # + # General + "${bindCfg.center-window}".action = center-window; + "${bindCfg.toggle-overview}".action = toggle-overview; + "${bindCfg.close-window}".action = close-window; + "${bindCfg.toggle-fullscreen}".action = + if config.services.nfsm.enable then (spawn "nfsm-cli") else fullscreen-window; + "Mod+Shift+slash".action = show-hotkey-overlay; + "Mod+Ctrl+Shift+P".action = spawn "${getExe pkgs.python312}" "${niri_peekaboo}"; + + # Column Scale + "${bindCfg.switch-preset-column-width}".action = switch-preset-column-width; + "${bindCfg.switch-preset-window-height}".action = switch-preset-window-height; + "${bindCfg.expand-column-to-available-width}".action = expand-column-to-available-width; + "${bindCfg.maximize-column}".action = maximize-column; + "${bindCfg.reset-window-height}".action = reset-window-height; + + # Float + "${bindCfg.toggle-float}".action = toggle-window-floating; + "${bindCfg.switch-focus-between-floating-and-tiling}".action = + switch-focus-between-floating-and-tiling; + + # Screenshot + "${bindCfg.screenshot.area}".action.screenshot = [ { show-pointer = false; } ]; + "${bindCfg.screenshot.window}".action.screenshot-window = [ + { + write-to-disk = false; + } + ]; + "${bindCfg.screenshot.screen}".action.screenshot-screen = [ + { + write-to-disk = false; + } + ]; + } + # Map Mod+{1 ~ 9} to workspace{1 ~ 9} + // (pipe 9 [ + (x: genList (i: i + 1) x) + ( + x: + map (i: { + name = "${bindCfg.focus-workspace-prefix}+${toString i}"; + value.action = focus-workspace i; + }) x + ) + (x: listToAttrs x) + ]); + }; + }; + + }; } diff --git a/system/modules/presets/basic.nix b/system/modules/presets/basic.nix index e62cb63..b0fed11 100755 --- a/system/modules/presets/basic.nix +++ b/system/modules/presets/basic.nix @@ -11,6 +11,7 @@ ../polkit.nix ../hyprland.nix ../niri.nix + ../mango.nix ]; programs.gdk-pixbuf.modulePackages = [ pkgs.librsvg ]; diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index 91c24dd..fdf42fc 100755 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -3,7 +3,13 @@ let inherit (config.systemConf) username; inherit (builtins) mapAttrs; - inherit (lib) mkForce; + inherit (lib) + mkForce + removePrefix + concatStringsSep + mapAttrsToList + mkIf + ; in { @@ -15,7 +21,13 @@ in # ================================= # home-manager.users.${username} = - { config, ... }: + { osConfig, config, ... }: + let + wmCfg = config.wm; + bindCfg = wmCfg.keybinds; + mod = wmCfg.keybinds.mod; + sep = wmCfg.keybinds.separator; + in { # ==== Disabled Services ==== # services.swww.enable = mkForce false; # Wallpaper @@ -29,6 +41,21 @@ in "QT_QPA_PLATFORMTHEME=gtk3" ]; + wm.keybinds.spawn-repeat = { + # ==== Media ==== # + "XF86AudioPrev" = ''noctalia "media" "previous"''; + "XF86AudioNext" = ''noctalia "media" "next"''; + "${mod}${sep}CTRL${sep}COMMA" = ''noctalia "media" "previous"''; + "${mod}${sep}CTRL${sep}PERIOD" = ''noctalia "media" "next"''; + "XF86AudioPlay" = ''noctalia "media" "playPause"''; + "XF86AudioStop" = ''noctalia "media" "pause"''; + "XF86AudioMute" = ''noctalia "volume" "muteOutput"''; + "XF86AudioRaiseVolume" = ''noctalia "volume" "increase"''; + "XF86AudioLowerVolume" = ''noctalia "volume" "decrease"''; + "XF86MonBrightnessDown" = ''noctalia "brightness" "decrease"''; + "XF86MonBrightnessUp" = ''noctalia "brightness" "increase"''; + }; + programs.noctalia-shell = { enable = true; systemd.enable = true; @@ -43,7 +70,7 @@ in ]; position = "top_center"; sortByMostUsed = true; - terminalCommand = "ghostty -e"; + terminalCommand = "${wmCfg.app.terminal.run}"; useApp2Unit = false; viewMode = "list"; }; @@ -244,7 +271,7 @@ in }; }; - programs.niri.settings = + programs.niri.settings = mkIf osConfig.programs.niri.enable ( with config.lib.niri.actions; let noctalia = spawn "noctalia-shell" "ipc" "call"; @@ -252,33 +279,310 @@ in { binds = mapAttrs (name: value: mkForce value) { # Core - "Mod+Slash".action = noctalia "controlCenter" "toggle"; - "Alt+Space".action = noctalia "launcher" "toggle"; - "Mod+Ctrl+M".action = noctalia "lockScreen" "lock"; + "${bindCfg.toggle-control-center}".action = noctalia "controlCenter" "toggle"; + "${bindCfg.toggle-launcher}".action = noctalia "launcher" "toggle"; + "${bindCfg.lock-screen}".action = noctalia "lockScreen" "lock"; # Utilities - "Mod+Comma".action = noctalia "launcher" "clipboard"; - "Mod+Period".action = noctalia "launcher" "emoji"; - "Mod+F12".action = noctalia "screenRecorder" "toggle"; - "Mod+N".action = noctalia "notifications" "toggleHistory"; - "Mod+Ctrl+N".action = noctalia "notifications" "toggleDND"; - "Mod+Ctrl+W".action = noctalia "wallpaper" "toggle"; - "Mod+Ctrl+C".action = noctalia "launcher" "calculator"; - "Mod+Ctrl+Slash".action = noctalia "wallpaper" "random"; + "${bindCfg.clipboard-history}".action = noctalia "launcher" "clipboard"; + "${bindCfg.emoji}".action = noctalia "launcher" "emoji"; + "${bindCfg.screen-recorder}".action = noctalia "screenRecorder" "toggle"; + "${bindCfg.notification-center}".action = noctalia "notifications" "toggleHistory"; + "${bindCfg.toggle-dont-disturb}".action = noctalia "notifications" "toggleDND"; + "${bindCfg.wallpaper-selector}".action = noctalia "wallpaper" "toggle"; + "${bindCfg.calculator}".action = noctalia "launcher" "calculator"; + "${bindCfg.wallpaper-random}".action = noctalia "wallpaper" "random"; # Media "XF86AudioPlay".action = noctalia "media" "playPause"; "XF86AudioStop".action = noctalia "media" "pause"; "XF86AudioPrev".action = noctalia "media" "previous"; "XF86AudioNext".action = noctalia "media" "next"; - "Mod+Ctrl+Comma".action = noctalia "media" "previous"; - "Mod+Ctrl+Period".action = noctalia "media" "next"; + "${bindCfg.media.prev}".action = noctalia "media" "previous"; + "${bindCfg.media.next}".action = noctalia "media" "next"; "XF86AudioMute".action = noctalia "volume" "muteOutput"; "XF86AudioRaiseVolume".action = noctalia "volume" "increase"; "XF86AudioLowerVolume".action = noctalia "volume" "decrease"; "XF86MonBrightnessDown".action = noctalia "brightness" "decrease"; "XF86MonBrightnessUp".action = noctalia "brightness" "increase"; }; - }; + } + ); + + wayland.windowManager.mango.settings = mkIf osConfig.programs.mango.enable ( + mkForce ( + let + keybinds = concatStringsSep "\n" ( + mapAttrsToList (n: v: "bind=${n},spawn,${v}") (bindCfg.spawn-repeat // bindCfg.spawn) + ); + in + '' + # Window effect + blur=0 + blur_layer=0 + blur_optimized=1 + blur_params_num_passes = 2 + blur_params_radius = 5 + blur_params_noise = 0.02 + blur_params_brightness = 0.9 + blur_params_contrast = 0.9 + blur_params_saturation = 1.2 + + shadows = 0 + layer_shadows = 0 + shadow_only_floating = 1 + shadows_size = 10 + shadows_blur = 15 + shadows_position_x = 0 + shadows_position_y = 0 + shadowscolor= 0x000000ff + + border_radius=${toString wmCfg.border.radius} + no_radius_when_single=0 + focused_opacity=${toString wmCfg.window.opacity} + unfocused_opacity=${toString wmCfg.window.opacity} + + # Animation Configuration(support type:zoom,slide) + # tag_animation_direction: 1-horizontal,0-vertical + animations=1 + layer_animations=1 + animation_type_open=slide + animation_type_close=slide + animation_fade_in=1 + animation_fade_out=1 + tag_animation_direction=1 + zoom_initial_ratio=0.3 + zoom_end_ratio=0.8 + fadein_begin_opacity=0.5 + fadeout_begin_opacity=0.8 + animation_duration_move=500 + animation_duration_open=400 + animation_duration_tag=350 + animation_duration_close=800 + animation_duration_focus=0 + animation_curve_open=0.46,1.0,0.29,1 + animation_curve_move=0.46,1.0,0.29,1 + animation_curve_tag=0.46,1.0,0.29,1 + animation_curve_close=0.08,0.92,0,1 + animation_curve_focus=0.46,1.0,0.29,1 + animation_curve_opafadeout=0.5,0.5,0.5,0.5 + animation_curve_opafadein=0.46,1.0,0.29,1 + + # Scroller Layout Setting + scroller_structs=20 + scroller_default_proportion=0.8 + scroller_focus_center=0 + scroller_prefer_center=0 + edge_scroller_pointer_focus=1 + scroller_default_proportion_single=1.0 + scroller_proportion_preset=0.5,0.8,1.0 + + # Master-Stack Layout Setting + new_is_master=1 + default_mfact=0.55 + default_nmaster=1 + smartgaps=0 + + # Overview Setting + hotarea_size=10 + enable_hotarea=1 + ov_tab_mode=0 + overviewgappi=5 + overviewgappo=30 + + # Misc + no_border_when_single=0 + axis_bind_apply_timeout=100 + focus_on_activate=1 + idleinhibit_ignore_visible=0 + sloppyfocus=1 + warpcursor=1 + focus_cross_monitor=0 + focus_cross_tag=0 + enable_floating_snap=0 + snap_distance=30 + cursor_size=24 + drag_tile_to_tile=1 + + # keyboard + repeat_rate=${toString wmCfg.input.keyboard.repeat-rate} + repeat_delay=${toString wmCfg.input.keyboard.repeat-delay} + numlockon=0 + xkb_rules_layout=us + + # Trackpad + # need relogin to make it apply + disable_trackpad=0 + tap_to_click=1 + tap_and_drag=1 + drag_lock=1 + trackpad_natural_scrolling=0 + disable_while_typing=1 + left_handed=0 + middle_button_emulation=0 + swipe_min_threshold=1 + + # mouse + # need relogin to make it apply + mouse_natural_scrolling=0 + + # Appearance + gappih=5 + gappiv=5 + gappoh=10 + gappov=10 + scratchpad_width_ratio=0.8 + scratchpad_height_ratio=0.9 + borderpx=4 + rootcolor=0x${removePrefix "#" wmCfg.border.active.to}ff + bordercolor=0x${removePrefix "#" wmCfg.border.active.from}ff + focuscolor=0x${removePrefix "#" wmCfg.border.active.to}ff + maximizescreencolor=0x89aa61ff + urgentcolor=0xad401fff + scratchpadcolor=0x516c93ff + globalcolor=0xb153a7ff + overlaycolor=0x14a57cff + + # layout support: + # tile,scroller,grid,deck,monocle,center_tile,vertical_tile,vertical_scroller + tagrule=id:1,layout_name:tile + tagrule=id:2,layout_name:tile + tagrule=id:3,layout_name:tile + tagrule=id:4,layout_name:tile + tagrule=id:5,layout_name:tile + tagrule=id:6,layout_name:tile + tagrule=id:7,layout_name:tile + tagrule=id:8,layout_name:tile + tagrule=id:9,layout_name:tile + + # Key Bindings + # key name refer to `xev` or `wev` command output, + # mod keys name: super,ctrl,alt,shift,none + + ${keybinds} + + # exit + bind=${bindCfg.close-window},killclient + + # switch window focus + bind=${bindCfg.switch-window-focus},focusstack,next + bind=${bindCfg.move-window-focus.left},focusdir,left + bind=${bindCfg.move-window-focus.right},focusdir,right + bind=${bindCfg.move-window-focus.up},focusdir,up + bind=${bindCfg.move-window-focus.down},focusdir,down + + # swap window + bind=${bindCfg.move-window.up},exchange_client,up + bind=${bindCfg.move-window.down},exchange_client,down + bind=${bindCfg.move-window.left},exchange_client,left + bind=${bindCfg.move-window.right},exchange_client,right + + # switch window status + bind=SUPER,g,toggleglobal, + bind=${bindCfg.toggle-overview},toggleoverview, + bind=${bindCfg.toggle-float},togglefloating, + bind=${bindCfg.maximize-column},togglemaximizescreen, + # bind=${bindCfg.toggle-fullscreen},togglefullscreen, + bind=${bindCfg.toggle-fullscreen},togglefakefullscreen, + bind=${bindCfg.minimize},minimized, + # bind=SUPER,o,toggleoverlay, + bind=${bindCfg.restore-minimize},restore_minimized + bind=${bindCfg.toggle-scratchpad},toggle_scratchpad + + # scroller layout + bind=${bindCfg.expand-column-to-available-width},set_proportion,1.0 + bind=${bindCfg.switch-preset-column-width},switch_proportion_preset, + + # switch layout + bind=${bindCfg.switch-layout},switch_layout + + # tag switch + bind=SUPER,Left,viewtoleft,0 + bind=CTRL,Left,viewtoleft_have_client,0 + bind=SUPER,Right,viewtoright,0 + bind=CTRL,Right,viewtoright_have_client,0 + bind=CTRL+SUPER,Left,tagtoleft,0 + bind=CTRL+SUPER,Right,tagtoright,0 + + bind=${bindCfg.focus-workspace-prefix},1,view,1,0 + bind=${bindCfg.focus-workspace-prefix},2,view,2,0 + bind=${bindCfg.focus-workspace-prefix},3,view,3,0 + bind=${bindCfg.focus-workspace-prefix},4,view,4,0 + bind=${bindCfg.focus-workspace-prefix},5,view,5,0 + bind=${bindCfg.focus-workspace-prefix},6,view,6,0 + bind=${bindCfg.focus-workspace-prefix},7,view,7,0 + bind=${bindCfg.focus-workspace-prefix},8,view,8,0 + bind=${bindCfg.focus-workspace-prefix},9,view,9,0 + + # tag: move client to the tag and focus it + # tagsilent: move client to the tag and not focus it + # bind=Alt,1,tagsilent,1 + bind=Alt,1,tag,1,0 + bind=Alt,2,tag,2,0 + bind=Alt,3,tag,3,0 + bind=Alt,4,tag,4,0 + bind=Alt,5,tag,5,0 + bind=Alt,6,tag,6,0 + bind=Alt,7,tag,7,0 + bind=Alt,8,tag,8,0 + bind=Alt,9,tag,9,0 + + # monitor switch + bind=${bindCfg.move-monitor-focus.left},focusmon,left + bind=${bindCfg.move-monitor-focus.right},Right,focusmon,right + bind=SUPER+Alt,Left,tagmon,left + bind=SUPER+Alt,Right,tagmon,right + + # gaps + # bind=ALT+SHIFT,X,incgaps,1 + # bind=ALT+SHIFT,Z,incgaps,-1 + # bind=ALT+SHIFT,R,togglegaps + + # movewin + bind=CTRL+SHIFT,Up,movewin,+0,-50 + bind=CTRL+SHIFT,Down,movewin,+0,+50 + bind=CTRL+SHIFT,Left,movewin,-50,+0 + bind=CTRL+SHIFT,Right,movewin,+50,+0 + + # resizewin + bind=CTRL+ALT,Up,resizewin,+0,-50 + bind=CTRL+ALT,Down,resizewin,+0,+50 + bind=CTRL+ALT,Left,resizewin,-50,+0 + bind=CTRL+ALT,Right,resizewin,+50,+0 + + # Mouse Button Bindings + # NONE mode key only work in ov mode + mousebind=SUPER,btn_left,moveresize,curmove + mousebind=NONE,btn_middle,togglemaximizescreen,0 + mousebind=SUPER,btn_right,moveresize,curresize + mousebind=NONE,btn_left,toggleoverview,1 + mousebind=NONE,btn_right,killclient,0 + + # Axis Bindings + axisbind=SUPER,UP,viewtoleft_have_client + axisbind=SUPER,DOWN,viewtoright_have_client + + + # layer rule + layerrule=animation_type_open:zoom,layer_name:rofi + layerrule=animation_type_close:zoom,layer_name:rofi + + # Core + ${bindCfg.toggle-control-center},spawn,noctalia "controlCenter" "toggle"; + ${bindCfg.toggle-launcher},spawn,noctalia "launcher" "toggle"; + ${bindCfg.lock-screen},spawn,noctalia "lockScreen" "lock"; + + # Utilities + ${bindCfg.clipboard-history},spawn,noctalia "launcher" "clipboard"; + ${bindCfg.emoji},spawn,noctalia "launcher" "emoji"; + ${bindCfg.screen-recorder},spawn,noctalia "screenRecorder" "toggle"; + ${bindCfg.notification-center},spawn,noctalia "notifications" "toggleHistory"; + ${bindCfg.toggle-dont-disturb},spawn,noctalia "notifications" "toggleDND"; + ${bindCfg.wallpaper-selector},spawn,noctalia "wallpaper" "toggle"; + ${bindCfg.calculator},spawn,noctalia "launcher" "calculator"; + ${bindCfg.wallpaper-random},spawn,noctalia "wallpaper" "random"; + '' + ) + ); }; } diff --git a/system/modules/stalwart.nix b/system/modules/stalwart.nix index 5e9b9a8..e006154 100755 --- a/system/modules/stalwart.nix +++ b/system/modules/stalwart.nix @@ -14,7 +14,7 @@ let inherit (lib) mkIf; - logFilePath = "${config.services.stalwart-mail.dataDir}/logs"; + logFilePath = "${config.services.stalwart.dataDir}/logs"; in { services.postgresql = { @@ -32,13 +32,13 @@ in systemd.tmpfiles.rules = let - inherit (config.users.users.stalwart-mail) name group; + inherit (config.users.users.stalwart) name group; in [ "d ${logFilePath} 0750 ${name} ${group} - " ]; - services.stalwart-mail = { + services.stalwart = { enable = true; openFirewall = true; settings = { From 98b4f598f83ab5e2755c53c27f2405395f3cb396 Mon Sep 17 00:00:00 2001 From: danny Date: Fri, 6 Mar 2026 17:06:53 +0800 Subject: [PATCH 10/10] chore: update flake & niri blur --- flake.lock | 345 ++++++++++-------- flake.nix | 3 +- home/user/ghostty.nix | 6 +- home/user/zen-browser.nix | 13 +- options/systemconf.nix | 2 - system/dev/dn-lap/default.nix | 9 +- system/dev/dn-lap/home/default.nix | 40 +- system/dev/dn-lap/services/default.nix | 2 +- system/dev/dn-pre7780/common/nvidia.nix | 7 +- system/dev/dn-pre7780/default.nix | 5 +- system/dev/dn-pre7780/home/default.nix | 5 +- system/dev/dn-pre7780/sops/secret.yaml | 6 +- system/dev/dn-server/default.nix | 2 +- system/dev/dn-server/network/services.nix | 2 +- system/dev/dn-server/services/homepage.nix | 38 +- system/dev/dn-server/services/mail-server.nix | 2 + system/dev/dn-server/services/metrics.nix | 2 +- .../dn-server/services/minecraft-server.nix | 2 +- system/dev/dn-server/services/nextcloud.nix | 5 +- system/dev/dn-server/sops/secret.yaml | 6 +- system/dev/public/dn/common.nix | 63 ---- system/dev/public/dn/default.nix | 6 - system/dev/public/dn/nextcloud-sync.nix | 74 ++++ system/dev/public/dn/presets/local.nix | 9 + system/dev/public/dn/presets/server.nix | 6 + system/dev/public/dn/wm.nix | 63 ++++ system/dev/public/sops/dn-secret.yaml | 7 +- system/modules/nextcloud.nix | 6 +- system/modules/niri.nix | 41 ++- system/modules/nvidia.nix | 17 +- system/modules/presets/minimal.nix | 2 +- system/modules/shells/noctalia/bar.nix | 9 + system/modules/shells/noctalia/default.nix | 12 +- .../modules/shells/noctalia/sessionMenu.nix | 2 +- system/modules/sops-nix.nix | 12 + system/modules/wine.nix | 2 +- 36 files changed, 516 insertions(+), 317 deletions(-) delete mode 100755 system/dev/public/dn/default.nix create mode 100644 system/dev/public/dn/nextcloud-sync.nix create mode 100644 system/dev/public/dn/presets/local.nix create mode 100644 system/dev/public/dn/presets/server.nix create mode 100644 system/dev/public/dn/wm.nix diff --git a/flake.lock b/flake.lock index 14b0e6f..654e6d2 100755 --- a/flake.lock +++ b/flake.lock @@ -41,11 +41,11 @@ ] }, "locked": { - "lastModified": 1769428758, - "narHash": "sha256-0G/GzF7lkWs/yl82bXuisSqPn6sf8YGTnbEdFOXvOfU=", + "lastModified": 1772292445, + "narHash": "sha256-4F1Q7U313TKUDDovCC96m/Za4wZcJ3yqtu4eSrj8lk8=", "owner": "hyprwm", "repo": "aquamarine", - "rev": "def5e74c97370f15949a67c62e61f1459fcb0e15", + "rev": "1dbbba659c1cef0b0202ce92cadfe13bae550e8f", "type": "github" }, "original": { @@ -86,11 +86,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1766518114, - "narHash": "sha256-3zIOjIidbrHXTxEzjPVrwSd19Mwdfw58VvSnTWtlunc=", + "lastModified": 1770895252, + "narHash": "sha256-TUGZVDcC5xsrWVnpBNosAG1cTy+aWchCWXPyeLZdnGM=", "ref": "refs/heads/main", - "rev": "138c4ebdbe0c3eead5656373ea8837a5bd49c40b", - "revCount": 1329, + "rev": "2c86d41d07471f518e24f5cd1f586e4d2a32d12c", + "revCount": 1331, "type": "git", "url": "https://codeberg.org/LGFae/awww" }, @@ -178,11 +178,11 @@ ] }, "locked": { - "lastModified": 1769740633, - "narHash": "sha256-W4gMgX8RsDeJioRPQHhUgXD/TxqAQxdZjkhjHRX70Pk=", + "lastModified": 1771987897, + "narHash": "sha256-5pNQFGxG3fxS9pGnNBJjT76veotKIKq2XpAVFGAhCdI=", "owner": "caelestia-dots", "repo": "cli", - "rev": "90fc2a981e587d38edc5a899011eca7979ecf124", + "rev": "b0d68f0a1c48fa138d6fde94dcbecea801a86a01", "type": "github" }, "original": { @@ -200,11 +200,11 @@ "quickshell": "quickshell" }, "locked": { - "lastModified": 1770122420, - "narHash": "sha256-SWFov0EDEZIjFMMNKiwOpTIsbiKO4jE7LSO7L2Bv3zE=", + "lastModified": 1772330657, + "narHash": "sha256-cWblprYsDUeAWA57xAqxIjNxXvDI/rqYn6TFp2OPi/k=", "owner": "caelestia-dots", "repo": "shell", - "rev": "4c72e3e06bd58a31e16cc1588d94543069fbd00a", + "rev": "278fd4a4ed1bfb42c3fe197ff38b587539c012aa", "type": "github" }, "original": { @@ -250,11 +250,11 @@ ] }, "locked": { - "lastModified": 1769524058, - "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", + "lastModified": 1772420042, + "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=", "owner": "nix-community", "repo": "disko", - "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", + "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6", "type": "github" }, "original": { @@ -454,11 +454,11 @@ ] }, "locked": { - "lastModified": 1769996383, - "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", + "lastModified": 1772408722, + "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", + "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", "type": "github" }, "original": { @@ -493,11 +493,11 @@ ] }, "locked": { - "lastModified": 1768135262, - "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -679,11 +679,11 @@ "zon2nix": "zon2nix" }, "locked": { - "lastModified": 1770091344, - "narHash": "sha256-tKS5jzMfcWJjzq1Rm2QVUohzHEG/1VOM57aH6RQ5ALk=", + "lastModified": 1772511675, + "narHash": "sha256-0VoWORbMVtDW7fwN0qwoc5SDZ6t/mdmt2NJSkQ1Mil0=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "51897c0cd51fee61fff824d616fb2901ac41e817", + "rev": "2502ca294efe5aa9722c36e25b2252b0150054e9", "type": "github" }, "original": { @@ -699,11 +699,11 @@ "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1769939035, - "narHash": "sha256-Fok2AmefgVA0+eprw2NDwqKkPGEI5wvR+twiZagBvrg=", + "lastModified": 1772024342, + "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a8ca480175326551d6c4121498316261cbb5b260", + "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "type": "github" }, "original": { @@ -804,11 +804,11 @@ ] }, "locked": { - "lastModified": 1768068402, - "narHash": "sha256-bAXnnJZKJiF7Xr6eNW6+PhBf1lg2P1aFUO9+xgWkXfA=", + "lastModified": 1770586272, + "narHash": "sha256-Ucci8mu8QfxwzyfER2DQDbvW9t1BnTUJhBmY7ybralo=", "owner": "nix-community", "repo": "home-manager", - "rev": "8bc5473b6bc2b6e1529a9c4040411e1199c43b4c", + "rev": "b1f916ba052341edc1f80d4b2399f1092a4873ca", "type": "github" }, "original": { @@ -824,11 +824,11 @@ ] }, "locked": { - "lastModified": 1770164260, - "narHash": "sha256-mQgOAYWlVJyuyXjZN6yxqXWyODvQI5P/UZUCU7IOuYo=", + "lastModified": 1772516620, + "narHash": "sha256-2r4cKdqCVlQkvcTcLUMxmsmAYZZxCMd//w/PnDnukTE=", "owner": "nix-community", "repo": "home-manager", - "rev": "4fda26500b4539e0a1e3afba9f0e1616bdad4f85", + "rev": "2b9504d5a0169d4940a312abe2df2c5658db8de9", "type": "github" }, "original": { @@ -882,11 +882,11 @@ ] }, "locked": { - "lastModified": 1769284023, - "narHash": "sha256-xG34vwYJ79rA2wVC8KFuM8r36urJTG6/csXx7LiiSYU=", + "lastModified": 1770511807, + "narHash": "sha256-suKmSbSk34uPOJDTg/GbPrKEJutzK08vj0VoTvAFBCA=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "13c536659d46893596412d180449353a900a1d31", + "rev": "7c75487edd43a71b61adb01cae8326d277aab683", "type": "github" }, "original": { @@ -912,11 +912,11 @@ "xdph": "xdph" }, "locked": { - "lastModified": 1770164868, - "narHash": "sha256-sPyea7oYf5h420tdvkrwn0Z1uxfZdqhpuGrEVcdC7q8=", + "lastModified": 1772487546, + "narHash": "sha256-DJugMsFeTNwV9MUIqQr+aE7xLBhKppYi8O+b2ACmUTU=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "1bc857b12c434b7255119de009a50237856a90b2", + "rev": "be03497b82be332a124dd170e8741623791ef7c4", "type": "github" }, "original": { @@ -988,11 +988,11 @@ ] }, "locked": { - "lastModified": 1769285097, - "narHash": "sha256-eVD4U3Oqzz0VU9ylJ5wo76xDcYKv2CpiiRXq4Is4QdA=", + "lastModified": 1771865848, + "narHash": "sha256-xwNa+1D8WPsDnJtUofDrtyDCZKZotbUymzV/R5s+M0I=", "owner": "hyprwm", "repo": "hyprland-plugins", - "rev": "06c0749a0dac978d89b1a76ae6adc76a3c15dbfa", + "rev": "b85a56b9531013c79f2f3846fd6ee2ff014b8960", "type": "github" }, "original": { @@ -1042,11 +1042,11 @@ ] }, "locked": { - "lastModified": 1767983607, - "narHash": "sha256-8C2co8NYfR4oMOUEsPROOJ9JHrv9/ktbJJ6X1WsTbXc=", + "lastModified": 1771866172, + "narHash": "sha256-fYFoXhQLrm1rD8vSFKQBOEX4OGCuJdLt1amKfHd5GAw=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "d4037379e6057246b408bbcf796cf3e9838af5b2", + "rev": "0b219224910e7642eb0ed49f0db5ec3d008e3e41", "type": "github" }, "original": { @@ -1119,11 +1119,11 @@ ] }, "locked": { - "lastModified": 1766253372, - "narHash": "sha256-1+p4Kw8HdtMoFSmJtfdwjxM4bPxDK9yg27SlvUMpzWA=", + "lastModified": 1771271487, + "narHash": "sha256-41gEiUS0Pyw3L/ge1l8MXn61cK14VAhgWB/JV8s/oNI=", "owner": "hyprwm", "repo": "hyprutils", - "rev": "51a4f93ce8572e7b12b7284eb9e6e8ebf16b4be9", + "rev": "340a792e3b3d482c4ae5f66d27a9096bdee6d76d", "type": "github" }, "original": { @@ -1144,11 +1144,11 @@ ] }, "locked": { - "lastModified": 1763640274, - "narHash": "sha256-Uan1Nl9i4TF/kyFoHnTq1bd/rsWh4GAK/9/jDqLbY5A=", + "lastModified": 1770501770, + "narHash": "sha256-NWRM6+YxTRv+bT9yvlhhJ2iLae1B1pNH3mAL5wi2rlQ=", "owner": "hyprwm", "repo": "hyprwayland-scanner", - "rev": "f6cf414ca0e16a4d30198fd670ec86df3c89f671", + "rev": "0bd8b6cde9ec27d48aad9e5b4deefb3746909d40", "type": "github" }, "original": { @@ -1173,11 +1173,11 @@ ] }, "locked": { - "lastModified": 1769202094, - "narHash": "sha256-gdJr/vWWLRW85ucatSjoBULPB2dqBJd/53CZmQ9t91Q=", + "lastModified": 1771606233, + "narHash": "sha256-F3PLUqQ/TwgR70U+UeOqJnihJZ2EuunzojYC4g5xHr0=", "owner": "hyprwm", "repo": "hyprwire", - "rev": "a45ca05050d22629b3c7969a926d37870d7dd75c", + "rev": "06c7f1f8c4194786c8400653c4efc49dc14c0f3a", "type": "github" }, "original": { @@ -1260,11 +1260,11 @@ "scenefx": "scenefx" }, "locked": { - "lastModified": 1770169526, - "narHash": "sha256-GYe2+1AT3lGAXPjcd0BDZ+AclFK+Z6NiGJ2F4rM2rLc=", + "lastModified": 1772520692, + "narHash": "sha256-kF242TbUoMN1WwBu1G37lBZmITxqfmzPRE7IL5gmwIk=", "owner": "DreamMaoMao", "repo": "mango", - "rev": "8ba259fbb7737e4cef29ca20c731ed0a93e4017d", + "rev": "1e1d41e626aa12057c03ec79ed11bcc5619f6748", "type": "github" }, "original": { @@ -1297,11 +1297,11 @@ "spectrum": "spectrum" }, "locked": { - "lastModified": 1770074118, - "narHash": "sha256-3JFYOqJGLgn5QsEnBwOm6K+vFX3uckiiyVt3b9VT5h0=", + "lastModified": 1772338235, + "narHash": "sha256-9XcwtSIL/c+pkC3SBNuxCJuSktFOBV1TLvvkhekyB8I=", "owner": "microvm-nix", "repo": "microvm.nix", - "rev": "4f7e75d2be8a4c99778275ad3b3e4421029dcde0", + "rev": "9d1ff9b53532908a5eba7707931c9093508b6b92", "type": "github" }, "original": { @@ -1312,11 +1312,11 @@ }, "mnw": { "locked": { - "lastModified": 1769981889, - "narHash": "sha256-ndI7AxL/6auelkLHngdUGVImBiHkG8w2N2fOTKZKn4k=", + "lastModified": 1770419553, + "narHash": "sha256-b1XqsH7AtVf2dXmq2iyRr2NC1yG7skY7Z6N2MpWHlK4=", "owner": "Gerg-L", "repo": "mnw", - "rev": "332fed8f43b77149c582f1782683d6aeee1f07cf", + "rev": "2aaffa8030d0b262176146adbb6b0e6374ce2957", "type": "github" }, "original": { @@ -1354,11 +1354,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1770163968, - "narHash": "sha256-Ggh7hAS0tAOcPF66rrho9WAFZQZE0+SZYs+dnLgidpw=", + "lastModified": 1772496284, + "narHash": "sha256-pDGgYqXFU5cY1Jn11R7N/Q6DFazg6CQq8KDlqvyl/XE=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "4ae5c0c99f5e7fe02f0df0220a7d09b1945df646", + "rev": "fc9e6626baffb5b577810269713aedc37e95ef60", "type": "github" }, "original": { @@ -1370,11 +1370,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1770163048, - "narHash": "sha256-MEaHWrzF6PqjyQH8+m84dhVr8R4lDYc3V+XW194O4no=", + "lastModified": 1772473891, + "narHash": "sha256-E/0dAqFsUm4DggmHBl8rfI67yK227RXpzbEkZ7729bM=", "owner": "neovim", "repo": "neovim", - "rev": "ddd1bf757fab3615301053acab5cc85508340844", + "rev": "a8361c3afc5b9281814e9f16a9d4291e095b38fa", "type": "github" }, "original": { @@ -1395,15 +1395,15 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1770169657, - "narHash": "sha256-wiWbmO2xUoqh5DuSBYVLGOICo9AOcYq9mNPsvCtL7SM=", - "owner": "sodiboo", + "lastModified": 1772005724, + "narHash": "sha256-sPzg2S8vOV7iS7Tdi4XpFWIWNAe7XJiz9YQ/3lWweSw=", + "owner": "dachxy", "repo": "niri-flake", - "rev": "4c962a3fd37ef268337ed113cbffabfd1fe3ca5c", + "rev": "63b401cdbbafba0d7668714a6328a750326911f6", "type": "github" }, "original": { - "owner": "sodiboo", + "owner": "dachxy", "repo": "niri-flake", "type": "github" } @@ -1434,16 +1434,16 @@ "niri-stable": { "flake": false, "locked": { - "lastModified": 1756556321, - "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", - "owner": "YaLTeR", + "lastModified": 1771749270, + "narHash": "sha256-ZJCM1XOHIdud6Jfpl4jYQOzbOJId9wmXT+hNJ1IPBIY=", + "owner": "niri-wm", "repo": "niri", - "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "rev": "734d86ec061d15d1980c5b940b2f4dc9aee80cf5", "type": "github" }, "original": { - "owner": "YaLTeR", - "ref": "v25.08", + "owner": "niri-wm", + "ref": "wip/branch", "repo": "niri", "type": "github" } @@ -1451,15 +1451,16 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1770092965, - "narHash": "sha256-++K1ftjwPqMJzIO8t2GsdkYQzC2LLA5A1w21Uo+SLz4=", - "owner": "YaLTeR", + "lastModified": 1771749270, + "narHash": "sha256-ZJCM1XOHIdud6Jfpl4jYQOzbOJId9wmXT+hNJ1IPBIY=", + "owner": "niri-wm", "repo": "niri", - "rev": "189917c93329c86ac2ddd89f459c26a028d590ba", + "rev": "734d86ec061d15d1980c5b940b2f4dc9aee80cf5", "type": "github" }, "original": { - "owner": "YaLTeR", + "owner": "niri-wm", + "ref": "wip/branch", "repo": "niri", "type": "github" } @@ -1492,11 +1493,11 @@ ] }, "locked": { - "lastModified": 1765267181, - "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", + "lastModified": 1772341813, + "narHash": "sha256-/PQ0ubBCMj/MVCWEI/XMStn55a8dIKsvztj4ZVLvUrQ=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", + "rev": "a2051ff239ce2e8a0148fa7a152903d9a78e854f", "type": "github" }, "original": { @@ -1514,11 +1515,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1770172907, - "narHash": "sha256-rqYl9B+4shcM5b6OYjT+qdsdQNJ7SY64/xcPIb96NzU=", + "lastModified": 1772334875, + "narHash": "sha256-AveYVY2plEJ62Br6iAd4fB5PDYyjJoTEmgdWRV3m+Vo=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "8958a5a4259e1aebf4916823bf463faaf2538566", + "rev": "a852ac73a4f9bf8270bdac90a72a28fef5df846b", "type": "github" }, "original": { @@ -1533,11 +1534,11 @@ "nixpkgs": "nixpkgs_6" }, "locked": { - "lastModified": 1770174568, - "narHash": "sha256-CuNnGNo2ON3LsBc4CAcE0znKKKRosGjdCetDsycmJRI=", + "lastModified": 1771465079, + "narHash": "sha256-vWKMGj2fBUbsAvwoYjgT+L4hH0A96u4rDOaT0wnj7iw=", "owner": "3timeslazy", "repo": "nix-search-tv", - "rev": "e1f74da24e3aded600d69d44ed39bbcf9ab83cd3", + "rev": "73a34372b15b3824586b3f65c22c4ff8f0eb4c2c", "type": "github" }, "original": { @@ -1576,11 +1577,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1769607914, - "narHash": "sha256-3eYf0yyS8yyXuzrIfbqDwpXZ+3z3TwHGFgbl1+/35DU=", + "lastModified": 1772441848, + "narHash": "sha256-H3W5PSJQTh8Yp51PGU3GUoGCcrD+y7nCsxYHQr+Orvw=", "owner": "nix-community", "repo": "nixd", - "rev": "12e3e96245e81fbcaf1f0bad5079403b57c00e67", + "rev": "c896f916addae5b133ee0f4f01f9cd93906f62ea", "type": "github" }, "original": { @@ -1650,11 +1651,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1770136044, - "narHash": "sha256-tlFqNG/uzz2++aAmn4v8J0vAkV3z7XngeIIB3rM3650=", + "lastModified": 1771903837, + "narHash": "sha256-sdaqdnsQCv3iifzxwB22tUwN/fSHoN7j2myFW5EIkGk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e576e3c9cf9bad747afcddd9e34f51d18c855b4e", + "rev": "e764fc9a405871f1f6ca3d1394fb422e0a0c3951", "type": "github" }, "original": { @@ -1666,11 +1667,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1768032153, - "narHash": "sha256-zvxtwlM8ZlulmZKyYCQAPpkm5dngSEnnHjmjV7Teloc=", - "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", + "lastModified": 1770537093, + "narHash": "sha256-XV30uo8tXuxdzuV8l3sojmlPRLd/8tpMsOp4lNzLGUo=", + "rev": "fef9403a3e4d31b0a23f0bacebbec52c248fbb51", "type": "tarball", - "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre925418.3146c6aa9995/nixexprs.tar.xz" + "url": "https://releases.nixos.org/nixpkgs/nixpkgs-26.05pre942631.fef9403a3e4d/nixexprs.tar.xz" }, "original": { "type": "tarball", @@ -1679,11 +1680,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1764947035, - "narHash": "sha256-EYHSjVM4Ox4lvCXUMiKKs2vETUSL5mx+J2FfutM7T9w=", + "lastModified": 1770073757, + "narHash": "sha256-Vy+G+F+3E/Tl+GMNgiHl9Pah2DgShmIUBJXmbiQPHbI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a672be65651c80d3f592a89b3945466584a22069", + "rev": "47472570b1e607482890801aeaf29bfb749884f6", "type": "github" }, "original": { @@ -1695,11 +1696,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1769461804, - "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "lastModified": 1772198003, + "narHash": "sha256-I45esRSssFtJ8p/gLHUZ1OUaaTaVLluNkABkk6arQwE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61", "type": "github" }, "original": { @@ -1711,11 +1712,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1770141374, - "narHash": "sha256-yD4K/vRHPwXbJf5CK3JkptBA6nFWUKNX/jlFp2eKEQc=", + "lastModified": 1772419343, + "narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "41965737c1797c1d83cfb0b644ed0840a6220bd1", + "rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9", "type": "github" }, "original": { @@ -1727,11 +1728,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1757584362, - "narHash": "sha256-XeTX/w16rUNUNBsfaOVCDoMMa7Xu7KvIMT7tn1zIEcg=", + "lastModified": 1770843696, + "narHash": "sha256-LovWTGDwXhkfCOmbgLVA10bvsi/P8eDDpRudgk68HA8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d33e926c80e6521a55da380a4c4c44a7462af405", + "rev": "2343bbb58f99267223bc2aac4fc9ea301a155a16", "type": "github" }, "original": { @@ -1743,11 +1744,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1770141374, - "narHash": "sha256-yD4K/vRHPwXbJf5CK3JkptBA6nFWUKNX/jlFp2eKEQc=", + "lastModified": 1772479524, + "narHash": "sha256-u7nCaNiMjqvKpE+uZz9hE7pgXXTmm5yvdtFaqzSzUQI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "41965737c1797c1d83cfb0b644ed0840a6220bd1", + "rev": "4215e62dc2cd3bc705b0a423b9719ff6be378a43", "type": "github" }, "original": { @@ -1759,11 +1760,11 @@ }, "nixpkgs_8": { "locked": { - "lastModified": 1769740369, - "narHash": "sha256-xKPyJoMoXfXpDM5DFDZDsi9PHArf2k5BJjvReYXoFpM=", + "lastModified": 1772173633, + "narHash": "sha256-MOH58F4AIbCkh6qlQcwMycyk5SWvsqnS/TCfnqDlpj4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6308c3b21396534d8aaeac46179c14c439a89b8a", + "rev": "c0f3d81a7ddbc2b1332be0d8481a672b4f6004d6", "type": "github" }, "original": { @@ -1775,11 +1776,11 @@ }, "nixpkgs_9": { "locked": { - "lastModified": 1768875095, - "narHash": "sha256-dYP3DjiL7oIiiq3H65tGIXXIT1Waiadmv93JS0sS+8A=", + "lastModified": 1772419343, + "narHash": "sha256-QU3Cd5DJH7dHyMnGEFfPcZDaCAsJQ6tUD+JuUsYqnKU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ed142ab1b3a092c4d149245d0c4126a5d7ea00b0", + "rev": "93178f6a00c22fcdee1c6f5f9ab92f2072072ea9", "type": "github" }, "original": { @@ -1793,14 +1794,15 @@ "inputs": { "nixpkgs": [ "nixpkgs" - ] + ], + "noctalia-qs": "noctalia-qs" }, "locked": { - "lastModified": 1770175191, - "narHash": "sha256-ge90SW/drqKfAFgnIedXJ0tn+5adDWL3ddDyGlnjH5E=", + "lastModified": 1772500480, + "narHash": "sha256-7Rj0vLxKBn25QDKaW1heAQPH9ICg/cyrlLsoEPO0E58=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "787aab1f0a6bf282fbba92816e06bdf62226a179", + "rev": "ddfb06fe5b8d859578b269362d2f3e21b5dc5a75", "type": "github" }, "original": { @@ -1809,6 +1811,27 @@ "type": "github" } }, + "noctalia-qs": { + "inputs": { + "nixpkgs": [ + "noctalia", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1772227064, + "narHash": "sha256-f821ZSoGpa/aXrWq0gPpea9qBnX8KDyavGKkptz2Mog=", + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "rev": "0741d27d2f7db567270f139c5d1684614ecf9863", + "type": "github" + }, + "original": { + "owner": "noctalia-dev", + "repo": "noctalia-qs", + "type": "github" + } + }, "nur": { "inputs": { "flake-parts": [ @@ -1846,11 +1869,11 @@ "systems": "systems_8" }, "locked": { - "lastModified": 1770130359, - "narHash": "sha256-IfoT9oaeIE6XjXprMORG2qZFzGGZ0v6wJcOlQRdlpvY=", + "lastModified": 1772483693, + "narHash": "sha256-sOq/GUSR0uw1eQla0Wc5BKztPqBJBj3khd/GhaVg4xU=", "owner": "notashelf", "repo": "nvf", - "rev": "92854bd0eaaa06914afba345741c372439b8e335", + "rev": "750dbfaf6eb62db8e67afc03a3ae3078bfd8f098", "type": "github" }, "original": { @@ -1892,11 +1915,11 @@ ] }, "locked": { - "lastModified": 1769069492, - "narHash": "sha256-Efs3VUPelRduf3PpfPP2ovEB4CXT7vHf8W+xc49RL/U=", + "lastModified": 1772024342, + "narHash": "sha256-+eXlIc4/7dE6EcPs9a2DaSY3fTA9AE526hGqkNID3Wg=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "a1ef738813b15cf8ec759bdff5761b027e3e1d23", + "rev": "6e34e97ed9788b17796ee43ccdbaf871a5c2b476", "type": "github" }, "original": { @@ -1913,11 +1936,11 @@ ] }, "locked": { - "lastModified": 1769593411, - "narHash": "sha256-WW00FaBiUmQyxvSbefvgxIjwf/WmRrEGBbwMHvW/7uQ=", + "lastModified": 1771926182, + "narHash": "sha256-QbXuSLhiSxOq6ydBL3+KGe1aiYWBW+e3J6qjJZaRMq0=", "ref": "refs/heads/master", - "rev": "1e4d804e7f3fa7465811030e8da2bf10d544426a", - "revCount": 732, + "rev": "cddb4f061bab495f4473ca5f2c571b6c710efef7", + "revCount": 744, "type": "git", "url": "https://git.outfoxxed.me/outfoxxed/quickshell" }, @@ -2012,11 +2035,11 @@ ] }, "locked": { - "lastModified": 1770174315, - "narHash": "sha256-GUaMxDmJB1UULsIYpHtfblskVC6zymAaQ/Zqfo+13jc=", + "lastModified": 1772507320, + "narHash": "sha256-GdGXniFvtIfRiakc+ncdQYnoQjKbTCv9Imjfl4ggquI=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "095c394bb91342882f27f6c73f64064fb9de9f2a", + "rev": "1775eafa1879ac098ee436849bc9c3d963206f89", "type": "github" }, "original": { @@ -2033,11 +2056,11 @@ ] }, "locked": { - "lastModified": 1769091129, - "narHash": "sha256-Jj/vIHjiu4OdDIrDXZ3xOPCJrMZZKzhE2UIVXV/NYzY=", + "lastModified": 1772420823, + "narHash": "sha256-q3oVwz1Rx41D1D+F6vg41kpOkk3Zi3KwnkHEZp7DCGs=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "131e22d6a6d54ab72aeef6a5a661ab7005b4c596", + "rev": "458eea8d905c609e9d889423e6b8a1c7bc2f792c", "type": "github" }, "original": { @@ -2072,11 +2095,11 @@ "nixpkgs": "nixpkgs_8" }, "locked": { - "lastModified": 1770145881, - "narHash": "sha256-ktjWTq+D5MTXQcL9N6cDZXUf9kX8JBLLBLT0ZyOTSYY=", + "lastModified": 1772495394, + "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=", "owner": "Mic92", "repo": "sops-nix", - "rev": "17eea6f3816ba6568b8c81db8a4e6ca438b30b7c", + "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff", "type": "github" }, "original": { @@ -2122,11 +2145,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1769978605, - "narHash": "sha256-Vjniae6HHJCb9xZLeUOP15aRQXSZuKeeaZFM+gRDCgo=", + "lastModified": 1772296853, + "narHash": "sha256-pAtzPsgHRKw/2Kv8HgAjSJg450FDldHPWsP3AKG/Xj0=", "owner": "nix-community", "repo": "stylix", - "rev": "ce22070ec5ce6169a6841da31baea33ce930ed38", + "rev": "c4b8e80a1020e09a1f081ad0f98ce804a6e85acf", "type": "github" }, "original": { @@ -2462,11 +2485,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1770167989, - "narHash": "sha256-rE2WTxKHe3KMG/Zr5YUNeKHkZfWwSFl7yJXrOKnunHg=", + "lastModified": 1771787042, + "narHash": "sha256-7bM6Y4KldhKnfopSALF8XALxcX7ehkomXH9sPl4MXp0=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "0947c4685f6237d4f8045482ce0c62feab40b6c4", + "rev": "33c344fee50504089a447a8fef5878cf4f6215fc", "type": "github" }, "original": { @@ -2482,11 +2505,11 @@ "rust-overlay": "rust-overlay_4" }, "locked": { - "lastModified": 1769971982, - "narHash": "sha256-dc8lG9CxtrIk+tOsQx8TJKULQBG27Hoio4O4M/6CxFM=", + "lastModified": 1772502075, + "narHash": "sha256-FDyvMvqrpDb2CrXOvtUEr0b4qgbe7D/POqVWdFD7wuI=", "owner": "sxyazi", "repo": "yazi", - "rev": "6757fed5aa82bfdcd5ecd52e8f374dc286220cc0", + "rev": "0efeaf5f641c7809bc820680c8a7d43a69ff2e13", "type": "github" }, "original": { @@ -2505,11 +2528,11 @@ ] }, "locked": { - "lastModified": 1770097899, - "narHash": "sha256-FKRpvwWR96VDW4bdsxIrZgIAXvdXqsCTaV1HghCJBoQ=", + "lastModified": 1772517053, + "narHash": "sha256-aBuL2TFnyBLR+t6iBlKnTWWzprXYKQQIaV0IuCSPPeE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "615a27db86f3fddd0f096b5e9ea832795a4608d1", + "rev": "32e9673aee2ae994ced561247918952398a3e933", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2b7dd0c..c65c286 100755 --- a/flake.nix +++ b/flake.nix @@ -125,7 +125,8 @@ nix-search-tv.url = "github:3timeslazy/nix-search-tv"; niri = { - url = "github:sodiboo/niri-flake"; + # url = "github:sodiboo/niri-flake"; + url = "github:dachxy/niri-flake"; # Wait for blur configurations inputs.nixpkgs.follows = "nixpkgs"; }; diff --git a/home/user/ghostty.nix b/home/user/ghostty.nix index fa170a9..06228f1 100755 --- a/home/user/ghostty.nix +++ b/home/user/ghostty.nix @@ -1,12 +1,10 @@ { inputs, pkgs, - lib, ... }: let inherit (pkgs.stdenv.hostPlatform) system; - inherit (lib) mkDefault; ghosttyShaders = pkgs.fetchFromGitHub { owner = "sahaj-b"; @@ -28,9 +26,9 @@ in "${ghosttyShaders}/ripple_cursor.glsl" ]; - unfocused-split-opacity = 0.85; + unfocused-split-opacity = 0.65; desktop-notifications = true; - background-opacity = mkDefault 0.6; + background-opacity = 0.5; background-blur = 20; wait-after-command = false; diff --git a/home/user/zen-browser.nix b/home/user/zen-browser.nix index efd591c..fa55872 100755 --- a/home/user/zen-browser.nix +++ b/home/user/zen-browser.nix @@ -3,12 +3,10 @@ config, helper, pkgs, - lib, ... }: let inherit (osConfig.systemConf) username; - inherit (lib) mkForce; inherit (helper) capitalize; inherit (pkgs) runCommand; @@ -39,6 +37,7 @@ let in { programs.zen-browser = { + suppressXdgMigrationWarning = true; enable = true; languagePacks = [ "en-US" @@ -137,15 +136,19 @@ in }; }; - home.file.".zen/${profileName}/zen-keyboard-shortcuts.json".source = + xdg.configFile."zen/${profileName}/zen-keyboard-shortcuts.json".source = ../config/zen/zen-keyboard-shortcuts.json; - home.file.".zen/${profileName}/chrome" = { + xdg.configFile."zen/${profileName}/chrome" = { source = patchedNebula; recursive = true; }; - home.file.".zen/${profileName}/search.json.mozlz4".force = mkForce true; + systemd.user.tmpfiles.rules = [ + '' + L+ ${config.home.homeDirectory}/.zen - - - - ${config.home.homeDirectory}/.config/zen + '' + ]; xdg.mimeApps = let diff --git a/options/systemconf.nix b/options/systemconf.nix index fa6922f..539add1 100755 --- a/options/systemconf.nix +++ b/options/systemconf.nix @@ -10,10 +10,8 @@ let inherit (pkgs.stdenv.hostPlatform) system; inherit (lib) - optional mkOption mkEnableOption - mkMerge types mkIf ; diff --git a/system/dev/dn-lap/default.nix b/system/dev/dn-lap/default.nix index 58754d9..7f81ad2 100755 --- a/system/dev/dn-lap/default.nix +++ b/system/dev/dn-lap/default.nix @@ -8,13 +8,13 @@ in { systemConf = { inherit hostname username; - niri.enable = true; + enableHomeManager = true; + windowManager = "niri"; }; imports = [ ../../modules/presets/basic.nix - ../public/dn - ../public/dn/ntfy.nix + ../public/dn/presets/local.nix ./common ./games ./home @@ -24,6 +24,9 @@ in ./utility ./virtualisation ./network + ../../modules/shells/noctalia + ../../modules/sunshine.nix + ../../modules/card-reader.nix ]; users.users."${username}".openssh.authorizedKeys.keys = [ diff --git a/system/dev/dn-lap/home/default.nix b/system/dev/dn-lap/home/default.nix index d37f782..8bc5415 100755 --- a/system/dev/dn-lap/home/default.nix +++ b/system/dev/dn-lap/home/default.nix @@ -1,4 +1,5 @@ { + pkgs, config, lib, ... @@ -10,6 +11,10 @@ let in { home-manager.users."${username}" = { + home.packages = with pkgs; [ + mattermost-desktop + ]; + home.sessionVariables = { BROWSER = mkForce "chromium"; }; @@ -27,9 +32,9 @@ in } ]; - programs.hyprlock.monitors = [ - "LG Display" - ]; + programs.noctalia-shell = { + settings = { }; + }; programs.chromium = { enable = true; @@ -55,34 +60,7 @@ in imports = [ ../../../../home/presets/basic.nix - - # waybar - (import ../../../../home/user/waybar.nix { - settings = [ - { - output = "eDP-1"; - height = 46; - modules-left = [ - "custom/os" - "hyprland/workspaces" - "clock" - "mpris" - ]; - modules-right = [ - "wlr/taskbar" - "temperature" - "custom/wallRand" - "custom/wireguard" - "custom/recording" - "idle_inhibitor" - "network" - "pulseaudio" - "battery" - "custom/swaync" - ]; - } - ]; - }) + ../../../../home/user/zellij.nix ]; }; } diff --git a/system/dev/dn-lap/services/default.nix b/system/dev/dn-lap/services/default.nix index b2e5388..cac831f 100755 --- a/system/dev/dn-lap/services/default.nix +++ b/system/dev/dn-lap/services/default.nix @@ -1,5 +1,5 @@ { imports = [ - ../../../modules/wireguard.nix + # ../../../modules/wireguard.nix ]; } diff --git a/system/dev/dn-pre7780/common/nvidia.nix b/system/dev/dn-pre7780/common/nvidia.nix index 6f75446..8698bbc 100755 --- a/system/dev/dn-pre7780/common/nvidia.nix +++ b/system/dev/dn-pre7780/common/nvidia.nix @@ -1,7 +1,4 @@ -{ config, lib, ... }: -let - inherit (lib) mkForce; -in +{ ... }: { imports = [ (import ../../../modules/nvidia.nix { @@ -10,6 +7,4 @@ in nvidia-bus-id = "PCI:1:0:0"; }) ]; - - hardware.nvidia.package = mkForce config.boot.kernelPackages.nvidiaPackages.beta; } diff --git a/system/dev/dn-pre7780/default.nix b/system/dev/dn-pre7780/default.nix index 2832653..6436d8e 100755 --- a/system/dev/dn-pre7780/default.nix +++ b/system/dev/dn-pre7780/default.nix @@ -38,10 +38,11 @@ in } ]; + nix.settings.download-buffer-size = 671088640; + imports = [ ../../modules/presets/basic.nix - ../public/dn - ../public/dn/ntfy.nix + ../public/dn/presets/local.nix ./expr ./network ./common diff --git a/system/dev/dn-pre7780/home/default.nix b/system/dev/dn-pre7780/home/default.nix index e72b04a..881eeb1 100755 --- a/system/dev/dn-pre7780/home/default.nix +++ b/system/dev/dn-pre7780/home/default.nix @@ -76,10 +76,6 @@ in } ]; - programs.ghostty.settings = { - background-opacity = 0.9; - }; - # ==== Shells ==== # # Caelestia programs.caelestia.settings = { @@ -92,6 +88,7 @@ in # Noctalia programs.noctalia-shell.filteredIds = [ "Brightness" + "Battery" ]; # ==== WM ==== # diff --git a/system/dev/dn-pre7780/sops/secret.yaml b/system/dev/dn-pre7780/sops/secret.yaml index 10cca37..09dd4f0 100755 --- a/system/dev/dn-pre7780/sops/secret.yaml +++ b/system/dev/dn-pre7780/sops/secret.yaml @@ -40,7 +40,7 @@ sops: MEdmWkFwNXZoR1ZVRnQ0aWlkYzZwSmsK0EFecUIdqlDKX08oRCoDQQ3QCX1wzb8w lghDJhWlfuKr+X24GoE4UK04aJVLqVMRRI4BJW+LQXeHS+dWKu3mQA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-20T05:40:32Z" - mac: ENC[AES256_GCM,data:2UM15E3aYMunypx6THZTwHdedmUWYKQGgPEqMmT1D/CkWcCmau0Yk2nhALjcXWLuODlkedrjm6tYSPg7Yv/eZUnUwfI9reBAfoGBbJLCIoAloomzzm21xDvIJOco9xyHPKwT4buYYA/mylJvrSi07G0qRM6tINQjhEvVsDIbFR0=,iv:lPo3U/eCSZx6MmqvoTUpk+u6E+fFgED4eq0EF/jk/hs=,tag:b8XyedLJ706LplFF/VafAg==,type:str] + lastmodified: "2026-03-06T08:47:28Z" + mac: ENC[AES256_GCM,data:1q8l6J6ePg3M4YZAxIjvVMzKurmPQHa93wXIQ3YJirVLaPGyXXczFPKrl9iHTPlwI7Vt1KSQGw1hkO2Q6KWSZgKd3/aKJ+HliRhnqbdOJThwbdHzmVq80mnCzG/Z+yYY45ONPI369bVHydZZT7iEjAWi3ndSkC9KFhyEez3Wa2w=,iv:+w+riNzfF4R+EkTON72AskJscqEMJ1WJoFSiJHPSEGc=,tag:wG4ZuOxXE3dzTezHOu9yzg==,type:str] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 diff --git a/system/dev/dn-server/default.nix b/system/dev/dn-server/default.nix index 53ad4f3..123a233 100755 --- a/system/dev/dn-server/default.nix +++ b/system/dev/dn-server/default.nix @@ -46,7 +46,7 @@ in ''; imports = [ - ../public/dn + ../public/dn/presets/server.nix ./common ./home ./network diff --git a/system/dev/dn-server/network/services.nix b/system/dev/dn-server/network/services.nix index ac644b2..bdcff34 100755 --- a/system/dev/dn-server/network/services.nix +++ b/system/dev/dn-server/network/services.nix @@ -33,8 +33,8 @@ let }; allowedSSHIPs = concatStringsSep ", " [ - "122.117.215.55" "192.168.100.1/24" + "140.113.229.197/32" personal.range ]; diff --git a/system/dev/dn-server/services/homepage.nix b/system/dev/dn-server/services/homepage.nix index f986316..a0ff448 100644 --- a/system/dev/dn-server/services/homepage.nix +++ b/system/dev/dn-server/services/homepage.nix @@ -13,7 +13,7 @@ in enable = true; openFirewall = true; listenPort = 8044; - environmentFile = config.sops.secrets."homepage".path; + environmentFiles = [ config.sops.secrets."homepage".path ]; allowedHosts = "www.${domain},${domain},localhost:${toString cfg.listenPort}"; docker = { docker = { @@ -64,6 +64,17 @@ in } ]; } + { + "Development" = [ + { + "Forgejo" = { + icon = "forgejo.svg"; + description = "Git repository"; + href = config.services.forgejo.settings.server.ROOT_URL; + }; + } + ]; + } { "VPN & IDP" = [ { @@ -121,6 +132,31 @@ in icon = "powerdns.svg"; description = "DNS record management"; href = "https://powerdns.${domain}"; + widgets = + let + queryProp = ''job="powerdns_recursor"''; + in + [ + { + type = "prometheusmetric"; + url = "https://metrics.dnywe.com"; + refreshInterval = 10000; + metrics = [ + { + label = "Up"; + query = "up{${queryProp}}"; + } + { + label = "Query Rate"; + query = "sum(rate(pdns_recursor_questions{${queryProp}}[1h]))"; + format = { + type = "number"; + suffix = " req/s"; + }; + } + ]; + } + ]; }; } { diff --git a/system/dev/dn-server/services/mail-server.nix b/system/dev/dn-server/services/mail-server.nix index b40b4b5..7cdec3b 100755 --- a/system/dev/dn-server/services/mail-server.nix +++ b/system/dev/dn-server/services/mail-server.nix @@ -21,6 +21,8 @@ in "sa-update.surbl.org" ]; + services.opendkim.enable = mkForce false; + mail-server = let domain = "net.dn"; diff --git a/system/dev/dn-server/services/metrics.nix b/system/dev/dn-server/services/metrics.nix index d418eba..d71cba4 100755 --- a/system/dev/dn-server/services/metrics.nix +++ b/system/dev/dn-server/services/metrics.nix @@ -143,7 +143,7 @@ in { uid = "prometheus-dn-server"; name = "Prometheus"; - url = "https://metrics.net.dn"; + url = "https://${prometheusHostname}"; type = "prometheus"; } ]; diff --git a/system/dev/dn-server/services/minecraft-server.nix b/system/dev/dn-server/services/minecraft-server.nix index d48a08e..906fd23 100755 --- a/system/dev/dn-server/services/minecraft-server.nix +++ b/system/dev/dn-server/services/minecraft-server.nix @@ -119,7 +119,7 @@ in serverVersion = lib.replaceStrings [ "." ] [ "_" ] "fabric-${mcVersion}"; in { - enable = true; + enable = false; autoStart = true; enableReload = true; jvmOpts = "-Xms2144M -Xmx8240M"; diff --git a/system/dev/dn-server/services/nextcloud.nix b/system/dev/dn-server/services/nextcloud.nix index a27202e..46c0bc6 100755 --- a/system/dev/dn-server/services/nextcloud.nix +++ b/system/dev/dn-server/services/nextcloud.nix @@ -48,7 +48,10 @@ in (import ../../../modules/nextcloud.nix { hostname = "nextcloud.${domain}"; adminpassFile = secrets."nextcloud/adminPassword".path; - trusted-proxies = [ "10.0.0.0/24" ]; + trusted-proxies = [ + "10.0.0.0/24" + "10.10.0.0/24" + ]; whiteboardSecrets = [ secrets."nextcloud/whiteboard".path ]; diff --git a/system/dev/dn-server/sops/secret.yaml b/system/dev/dn-server/sops/secret.yaml index 113f423..6f17b5e 100755 --- a/system/dev/dn-server/sops/secret.yaml +++ b/system/dev/dn-server/sops/secret.yaml @@ -21,7 +21,7 @@ nextcloud: backendsecret: ENC[AES256_GCM,data:pV5yw755RkAwHBdmfeP37/SobFZqJouWyIiRJ+Y2mk0iiVdW04vhYVsyjcI=,iv:NhkewgnyE2Dw8mQMMSq6AWo6IOWu8BlyPZvZAszyZuQ=,tag:BlZO15qZWViV8pCWIgZHZQ==,type:str] step_ca: password: ENC[AES256_GCM,data:3NtUAl344gHiXLlMl88X17Vsm/4OKFM0W8bntzbXC0U=,iv:q9cWW8xTxYQnRYohBxnPIsbVSpvkZYVpYLRVeZgmsRM=,tag:ibumK7ebPKNO/CXAS0eeRA==,type:str] -vaultwarden: ENC[AES256_GCM,data:unu2+istP/NHcns2HUvNYveGElAEDFI+6X/KXYu2hKvY9c57PhmGVEmwlNhMWjHOSLaIvF48iDKCMnFnk20Fop5S2PS8WdNQ5sAA3mhoBnYGKIVsSsjpAqdIKj5c+AozeFODuIrCPRFm1JbOlgcmniwWNwbKtXt8GrgHzBbFUNX00npOwK9NmZOTxPVCj6gs3purULbsTzxDYZKdtqoM0Rv8E+MM/SLTR3QJnTCi7CxWfqy2tSsNzFh4puyZ0xf03m/fMP2iJqwZKjr0G5DwMl8ng0XvnojUcAg3OO34T7VCR1E6unqOpt8Mxc4l5eDVZEp6euchLB1GHP1OaElLCGvlp16xFKQyu+XtuFKxDrgl+AjVXl/rdl8Sk7fa9x6VzYbbJIR5Nzrwb+x9sJIc0Q5u6MroVsfawUzNH3aWkBCxQ0jGqkWyAZyumOuLxODpYETUCxiaBW6unEYSABibY5Q=,iv:5T/N41eLnPThRs1nwFiqMqyd6+RMWkDz6N4yVuAojH0=,tag:1gyxAtpZw/uhPWOoioFqKw==,type:str] +vaultwarden: ENC[AES256_GCM,data:iQ6fu3rs0b4kiBKKMwv7EwNCHEbDnOvy0LhxoCo6ppo+3iYy55a86+gf9N2nDG1JiKEGSq6SAWqAG4Zhv4XEXZmjGzuVfpUWvPrXvlHFOv12/OWjOTTojf7JyJXuMNBbElC9aBLh6bfpF9jxMugs1s421QrG4irbK4jIwnKztADlzq+GlkWJgjIXatW6cZ8W3lx2yQO1D/n+MQJom4aCaMz+sbv2EF5hZW90VdLdgunzR15sIF6puremZFq4exS8W6QBV4fD3FgCHGelPLx8En0MyFxkVq2wLyQ88BzQI4eQf3wswOBD26OOH/hgwwzDk7Olv8w0FialtDEa3sM8lL6FHj9/+1RoFs/bLzSCz50PtlwIRChjoeD6zzfvyCuxg3nAJaI8Zm7JbbaLm+QMR0OE7f9H0+/fuxSmXu8pj1vuTXYs0bsrZv6Hr9sbNhIA3+kzzMtUaE8BuPKisx1M4FZiDFr2OPDsxqpkKB5ldqeqX6hVSYq6Skb7Kq7dLQyMWjQcNg==,iv:2pnql+V1QbuB11x7m4figiGJvxusOeVuadINrgjJXCo=,tag:tc/XruhnJ5iybOtajV/Lfg==,type:str] ldap: password: ENC[AES256_GCM,data:gz5WBopSffGyvJxKDPekPQ==,iv:bX7N9/oNMhtE/KbPah2ge4s87P2VsxHGoFkOyl83dxs=,tag:YoTe6NPAJgp/0nvhHC9Y5A==,type:str] env: ENC[AES256_GCM,data:68EvTHeBqtCVfde5oO+Wzny+l/YIMWQmbcNQ0Wl59EjMrSlJM0rmFm2lMJpxKzCN2cFs0N2z6zG1/eQ9t/SxxyVBrNA6ECnCZrerIo2YGlaT30tc1rffpd8TchMH1VKP5qHnbLUqORMx5z0LR4U49l2HVcHgSCjt/1f127oMi411vIU=,iv:+m1F0CBaoJGv6Z1u+h6rbsXGPUhxgHouTalj13ccJiY=,tag:I/hK65yPaIcgHEZVaXJHBA==,type:str] @@ -95,7 +95,7 @@ sops: OFloWEFuTC9GTXJsMG5NNktmdmIrY1kK0yN0ae0xNaydujV5lt2FiwXdyursG0DK 9i/B3TTAm9csDMMSTSFbiAUJDzG7kIqn++JU/cxvsGScSnhMqjEK/g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-30T04:08:29Z" - mac: ENC[AES256_GCM,data:egK9zlAccBV2IeJ+DYTP3AKQUUMFPmts8eZMilQlyh+EE/oXhNnKeKkmNg9h1RwoZ6zh0LRDsyjubCc06PI/wVx2lJ0JfPs4bt6PckC1hZglRSHHjmocyx1eF5bMVfBLmluDzQ3Zms1Ryvuh+M+EjtdhttBljAIb0JIRx8Wzwks=,iv:wWrRiOvzZDboZSMgTzmbVVWzpSIhLdlgxgUIFXCFet0=,tag:YLBtLivKLBvByyfm4PbVXQ==,type:str] + lastmodified: "2026-02-15T10:06:42Z" + mac: ENC[AES256_GCM,data:Cuy342Fl4oze+1+eT0tJcOMR+c8iXpJWLH74g3+MAKWlU6F1uIW7qTXAYzkXiQRKtwG0+Hfbp8xQV/Ay19c20FyfWuDl8JAse+RbP50lHeX6GqW/P4I2s2B056emmamwb71NIlS03AkVoii7n8xqkzGmJz2bS+SWLvK/INS0eGM=,iv:bVgs5Xn7vvkmTpSbDJy+ZJ2vbcaomV1qcTIUyHXmpL4=,tag:Vc0IJLA2MFh7toqlDg8xUw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/system/dev/public/dn/common.nix b/system/dev/public/dn/common.nix index 50271c2..13f201b 100755 --- a/system/dev/public/dn/common.nix +++ b/system/dev/public/dn/common.nix @@ -18,68 +18,5 @@ in email = "Danny01161013@gmail.com"; }) ]; - - # ==== Niri ==== # - programs.niri.settings = { - input.keyboard.xkb = { - layout = "us"; - options = "caps:escape"; - }; - workspaces."game" = { }; - window-rules = [ - # Wine systray - { - matches = [ - { - title = "^$"; - app-id = "^steam_app_(.*)$"; - } - ]; - open-fullscreen = false; - } - # Steam Game Fullscreen - { - matches = [ - { - app-id = "^steam_app_(.*)$"; - is-floating = false; - } - ]; - open-fullscreen = true; - } - # Steam & Steam Game - { - matches = [ - { app-id = "^steam_app_*"; } - { app-id = "^pioneergame.exe$"; } - { - app-id = "^steam$"; - title = "^Steam$"; - } - ]; - open-on-workspace = "game"; - } - # Steam Dialog float - { - matches = [ - { app-id = "^steam$"; } - { title = "(.*)(EasyAntiCheat_EOS_Setup)(.*)"; } - { - app-id = "^pioneergame.exe$"; - title = "^$"; - } - ]; - excludes = [ - { - title = "^Steam$"; - } - ]; - open-floating = true; - } - ]; - }; - wayland.windowManager.mango.settings = '' - xkb_rules_options = caps:escape - ''; }; } diff --git a/system/dev/public/dn/default.nix b/system/dev/public/dn/default.nix deleted file mode 100755 index d64a720..0000000 --- a/system/dev/public/dn/default.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ - imports = [ - ./yubikey.nix - ./common.nix - ]; -} diff --git a/system/dev/public/dn/nextcloud-sync.nix b/system/dev/public/dn/nextcloud-sync.nix new file mode 100644 index 0000000..4075a6c --- /dev/null +++ b/system/dev/public/dn/nextcloud-sync.nix @@ -0,0 +1,74 @@ +{ + config, + lib, + self, + ... +}: +let + inherit (builtins) length; + inherit (lib) getExe' optionalString; + inherit (config.systemConf) username; + serverCfg = self.nixosConfigurations.dn-server.config; + serverNextcloudCfg = serverCfg.services.nextcloud; + nextcloudURL = + (if serverNextcloudCfg.https then "https" else "http") + "://" + serverNextcloudCfg.hostName; +in +{ + + home-manager.users."${username}" = + { + pkgs, + config, + ... + }: + let + inherit (config.home) homeDirectory; + pathToSync = [ + { + target = "/Wallpapers"; + source = "${homeDirectory}/Pictures/Wallpapers"; + } + ]; + in + { + sops.secrets."netrc" = { + mode = "0700"; + sopsFile = ../sops/dn-secret.yaml; + path = "${homeDirectory}/.netrc"; + }; + + systemd.user = { + services.nextcloud-autosync = { + Unit = { + Description = "Auto sync Nextcloud"; + After = "network-online.target"; + }; + Service = { + Type = "simple"; + ExecStart = "${getExe' pkgs.nextcloud-client "nextcloudcmd"} -h -n ${ + optionalString (length pathToSync > 0) "--path" + } ${toString (map (x: "${x.target} ${x.source}") pathToSync)} ${nextcloudURL}"; + TimeoutStopSec = "180"; + KillMode = "process"; + KillSignal = "SIGINT"; + }; + Install.WantedBy = [ "multi-user.target" ]; + }; + + timers.nextcloud-autosync = + let + cfg = config.systemd.user.timers.nextcloud-autosync; + in + { + Unit.Description = "Automatic async files with nextcloud when booted up after ${cfg.Timer.OnBootSec} then rerun every ${cfg.Timer.OnUnitActiveSec} "; + Timer.OnBootSec = "5min"; + Timer.OnUnitActiveSec = "60min"; + Install.WantedBy = [ + "multi-user.target" + "timers.target" + ]; + }; + startServices = true; + }; + }; +} diff --git a/system/dev/public/dn/presets/local.nix b/system/dev/public/dn/presets/local.nix new file mode 100644 index 0000000..8497e6e --- /dev/null +++ b/system/dev/public/dn/presets/local.nix @@ -0,0 +1,9 @@ +{ + imports = [ + ../common.nix + ../nextcloud-sync.nix + ../yubikey.nix + ../ntfy.nix + ../wm.nix + ]; +} diff --git a/system/dev/public/dn/presets/server.nix b/system/dev/public/dn/presets/server.nix new file mode 100644 index 0000000..b34315a --- /dev/null +++ b/system/dev/public/dn/presets/server.nix @@ -0,0 +1,6 @@ +{ + imports = [ + ../common.nix + ../yubikey.nix + ]; +} diff --git a/system/dev/public/dn/wm.nix b/system/dev/public/dn/wm.nix new file mode 100644 index 0000000..72fc7b3 --- /dev/null +++ b/system/dev/public/dn/wm.nix @@ -0,0 +1,63 @@ +{ config, ... }: +let + inherit (config.systemConf) username; +in +{ + home-manager.users."${username}" = + { ... }: + { + # ==== Niri ==== # + programs.niri.settings = { + input.keyboard.xkb = { + layout = "us"; + options = "caps:escape"; + }; + workspaces."game" = { }; + window-rules = [ + # Steam Game Fullscreen + { + matches = [ + { + app-id = "^steam_app_(.*)$"; + title = "^.+$"; + is-floating = false; + } + ]; + open-fullscreen = true; + } + # Steam & Steam Game + { + matches = [ + { app-id = "^steam_app_*"; } + { app-id = "^pioneergame.exe$"; } + { + app-id = "^steam$"; + title = "^Steam$"; + } + ]; + open-on-workspace = "game"; + } + # Steam Dialog float + { + matches = [ + { app-id = "^steam$"; } + { title = "(.*)(EasyAntiCheat_EOS_Setup)(.*)"; } + { + app-id = "^pioneergame.exe$"; + title = "^$"; + } + ]; + excludes = [ + { + title = "^Steam$"; + } + ]; + open-floating = true; + } + ]; + }; + wayland.windowManager.mango.settings = '' + xkb_rules_options = caps:escape + ''; + }; +} diff --git a/system/dev/public/sops/dn-secret.yaml b/system/dev/public/sops/dn-secret.yaml index 540713f..0d3ec2b 100755 --- a/system/dev/public/sops/dn-secret.yaml +++ b/system/dev/public/sops/dn-secret.yaml @@ -1,5 +1,6 @@ ntfy: ENC[AES256_GCM,data:7m7hwmDWu6qP/mX7QujXPiDAmRC542CKyWzFaOL5sHza,iv:nn1F44LSFmrV2USRDD0z8CNfUhi40LZnvoU3j0nklcU=,tag:WhqQpThDaG10kNTk1tZxOQ==,type:str] u2f_keys: ENC[AES256_GCM,data:0EofFtgar18YzbzXiT6NdC9nwMTQoYkeU8snRTwhUX2Hz+k4B46839xZet4Df5a8xpaB2CuoPvRkEMSxknBWGKkK+gZr2m+zogbpMTGQVTYqmqlnunywrhe9u9FQ5D1hwU4PYcOgDqox5dw4QMg/AUontu5BYTG3WKCCTDVIL+i6PejwXKcfoKHd9G1K2QHV33S40EM4/jjijgxW+NoO6vkEWIwxih/DxQ4YZYTHHBZXhKRD7Hwhikd6G3Vs3/xD/UOVVJKtkyn1wKNQf+O30Q2LNOhDQ8/weNfN9IAMpVtRqvEtFXA2rfp9zI7TY1iuSN9nN9hYuZJeCktvK1WiRvspU5wYn2jDtM83zCA8Udnq1XJbsGEv2aA3SYyxoldtkjFcjlupGa1lJiaANxhmpOfJp0IIkeXqnIkLE/FzRFiced58H1UV6InlH5S/Lz42854ec/jDlgvzCnDoWIsgfgQf+KmwRHznzeepPW7S3tyB/jbJETEfCJfZ3E6YmeAMWd85drTKsySjBGiM7mueb4thGstfgnAEO/Y3PuVc/qGS1j95lUc0w0zbr3VzwibxCsS02PgMIUE5gZPEllknbhh6QiqbS2AtTAb9pIwrpYfEmcZU2blofQ8WzkLEjqNnRGaDXzgIEw4OirM0tSaFGmT9Vy1XN4yvSVssjsW/wXg19U4S/6FS+zOvyg+lIkT3NOfu5dKQecz8cH0czEN5MoVj3fm5LBhFmDOawP5AAA8dLafMEepxbBIGr/9nzDP17trMfzFf78hymHTgQk/qFb6oWl9Ai1dFZRwHO7HcXpBveTpPMCaeNOjcvRrvKsm2HSzsWPCVsfX6nrmNjqyFJXpPuuNaPezclL/ApPdEXpi9Q+aVHAgjllBLAH/R8UJu71cJAo+x7TCWykG31xLO0xodtJ5Lwk3O1lMnznnQXT/fCVaFYV24OT/nS7hQOtDvlJOCfmSpZTmZxX31xF4Gt0Auok+0uPJzDfbFQH9WwifXn6F8ixdsLK/VJMEk8EZbHpkNSV6hzWJkiOeJCDl7SBKEcQ+FizYSfZuOcVEt83ScJuVa7IScVLdatnTTTpR4c5GASYLr3lahqYwhuZGcQEUIwjDXu8Oymo0Sbvnmev60wY5Q3BEMSX1iwt3QWdCe5Kzq2vEUQHP9s6lg7DgOeIA2xQRK5siqwOhw9i1qaHbPG+1yTFOx7gRu0+yBy2Qzkwsc9naD8Ce0hpwQmu4Nvpd5TjMnS51ljDMWBok5evdOtGeWL9mDz6VdxtuHbcBShmEOk+lfKKjpDeK5319veBX5ugCm8WXeDmIIhG12gI07xRVzPaeYEhnRG2pHy/+JdjlyGeh0oHCJOYPhxtwVbqXwmH83BGn3H05bdIWEjXs=,iv:pAdO+Uja/Zyf5uLMa9zbKvEMoOOjQgkqHYnEH+Bxd5k=,tag:mYngzcv0bGwVJBHOR6D4uw==,type:str] +netrc: ENC[AES256_GCM,data:UaTMV459ApE94Lg/MsbEttaBskwTgQ/UJRejFa2KjxMQ1CKF38A6BOZip/yeE/lrDy5y4WblS7Hru38ytkPGCikZIjsdn61sLMstw1RQAHs=,iv:imk+pjmPu7soPImWQQHYapy46SvYTyWj/+4gwu9I/18=,tag:VhOCAWtUd/AC/DBxuNmt8A==,type:str] sops: age: - recipient: age1uvsvf5ljaezh5wze32p685kfentyle0l2mvysc67yvgct2h4850qqph9lv @@ -29,7 +30,7 @@ sops: QWV3VjRjNC9RaXNwbDdLWmVQNS94UzAKeLZSqcXRwkVoUUKd4PuRusbJwFlubdJy kcxGMzvfT0BMYDp61vV+F5Vh4TkgddCzp6Lphbb/6orkWWpjmE9I4g== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-12-09T08:03:16Z" - mac: ENC[AES256_GCM,data:6njhvipu8iUze0mmgFIWT6Neqy2xvNPB/4fW7OObHknXAh3VGAveBnigxAJmULua6HdQx4hZ2UkUrVBG8oStjCihFYJA0eBA9j9mM3rF7Piq2U98oGtw4A9Qj2PVC7Y8pOOuX25VRmDn78cw1PpwSEZL3zZ+8cqS5btHywJackY=,iv:AeRcrhhxl5v5YLNWUPx9qvGcMKHFQD/m87PJAGWa9iE=,tag:TN1KCUNa7lVWgxQ16WRijg==,type:str] + lastmodified: "2026-03-06T08:47:47Z" + mac: ENC[AES256_GCM,data:RMHOwVwL4tGKWOOOjh9OlAFnJxDGcQvgLb8vTACDAY5Mky+0+8gL1GO7hK+r0G7tbfMB4A/4CHeZtHqoXWjfhIEoDLVkkpAmckMpHVMd7bNlhvL0fkzi5YOLPgW8RCRO6VCXJM3Hb0v6N0NjcK37jdZdYJyr6DZI6aV3oY72mz0=,iv:CBAUv12RSLNY73JBZT4iHpRTLpRIm6a6mo1pz+lYEwc=,tag:l7RZNUzbZpG0Wkntl0qfLQ==,type:str] unencrypted_suffix: _unencrypted - version: 3.11.0 + version: 3.12.1 diff --git a/system/modules/nextcloud.nix b/system/modules/nextcloud.nix index 1da492f..3962331 100755 --- a/system/modules/nextcloud.nix +++ b/system/modules/nextcloud.nix @@ -83,10 +83,7 @@ in hostName = hostname; https = https; datadir = lib.mkIf (datadir != null) datadir; - phpExtraExtensions = - allEx: with allEx; [ - imagick - ]; + enableImagemagick = true; extraApps = { inherit (config.services.nextcloud.package.packages.apps) @@ -132,6 +129,7 @@ in "OC\\Preview\\HEIC" "OC\\Preview\\SVG" "OC\\Preview\\FONT" + "OC\\Preview\\Movie" ]; }; }; diff --git a/system/modules/niri.nix b/system/modules/niri.nix index 63d0152..00061c7 100755 --- a/system/modules/niri.nix +++ b/system/modules/niri.nix @@ -108,9 +108,40 @@ in }; }; + blur = { + passes = 3; + offset = 3; + noise = 0.02; + saturation = 1.5; + }; + + debug = { + honor-xdg-activation-with-invalid-serial = [ ]; + }; + + layer-rules = [ + { + matches = [ + { namespace = "^noctalia-overview*"; } + ]; + place-within-backdrop = true; + } + { + matches = [ + { namespace = "^noctalia-background-.*$"; } + ]; + background-effect = { + blur = true; + }; + } + ]; + window-rules = [ # Global { + background-effect = { + blur = true; + }; geometry-corner-radius = let round = wmCfg.border.radius + 0.0; @@ -122,9 +153,17 @@ in top-right = round; }; clip-to-geometry = true; - opacity = 1.0; + opacity = 0.8; draw-border-with-background = false; } + # non transparent + { + matches = [ + { app-id = "^(com.mitchellh.ghostty)$"; } + { app-id = "^(zen-twilight)$"; } + ]; + opacity = 1.0; + } # Float { matches = [ diff --git a/system/modules/nvidia.nix b/system/modules/nvidia.nix index 35d9502..d61b7d3 100755 --- a/system/modules/nvidia.nix +++ b/system/modules/nvidia.nix @@ -54,7 +54,22 @@ lib.checkListOfEnum "Nvidia Prime Mode" validModes [ nvidia-mode ] { nvidia.nvidiaSettings = true; nvidia.dynamicBoost.enable = true; - nvidia.package = config.boot.kernelPackages.nvidiaPackages.latest; + nvidia.package = + let + base = config.boot.kernelPackages.nvidiaPackages.latest; + cachyos-nvidia-patch = pkgs.fetchpatch { + url = "https://raw.githubusercontent.com/CachyOS/CachyOS-PKGBUILDS/master/nvidia/nvidia-utils/kernel-6.19.patch"; + sha256 = "sha256-YuJjSUXE6jYSuZySYGnWSNG5sfVei7vvxDcHx3K+IN4="; + }; + + driverAttr = if config.hardware.nvidia.open then "open" else "bin"; + in + base + // { + ${driverAttr} = base.${driverAttr}.overrideAttrs (oldAttrs: { + patches = (oldAttrs.patches or [ ]) ++ [ cachyos-nvidia-patch ]; + }); + }; nvidia.prime = ( diff --git a/system/modules/presets/minimal.nix b/system/modules/presets/minimal.nix index 8312883..75fc218 100755 --- a/system/modules/presets/minimal.nix +++ b/system/modules/presets/minimal.nix @@ -25,5 +25,5 @@ in ]; # Disable man cache - documentation.man.generateCaches = mkForce false; + documentation.man.cache.enable = mkForce false; } diff --git a/system/modules/shells/noctalia/bar.nix b/system/modules/shells/noctalia/bar.nix index 1481c86..2e16588 100755 --- a/system/modules/shells/noctalia/bar.nix +++ b/system/modules/shells/noctalia/bar.nix @@ -130,6 +130,15 @@ in id = "NotificationHistory"; showUnreadBadge = true; } + { + deviceNativePath = "__default__"; + displayMode = "graphic"; + hideIfIdle = false; + hideIfNotDetected = true; + id = "Battery"; + showNoctaliaPerformance = true; + showPowerProfiles = true; + } { colorizeDistroLogo = false; colorizeSystemIcon = "primary"; diff --git a/system/modules/shells/noctalia/default.nix b/system/modules/shells/noctalia/default.nix index fdf42fc..57646be 100755 --- a/system/modules/shells/noctalia/default.nix +++ b/system/modules/shells/noctalia/default.nix @@ -59,6 +59,7 @@ in programs.noctalia-shell = { enable = true; systemd.enable = true; + colors = mkForce { }; settings = { settingsVersion = 26; appLauncher = { @@ -126,7 +127,7 @@ in }; controlCenter = import ./controlCenter.nix; dock = { - backgroundOpacity = 1.0; + backgroundOpacity = mkForce 1.0; colorizeIcons = false; displayMode = "auto_hide"; enabled = false; @@ -159,6 +160,8 @@ in shadowOffsetY = 3; showHibernateOnLockScreen = false; showScreenCorners = true; + lockScreenAnimation = true; + lockScreenCountdownDuration = 3000; }; hooks = { enabled = false; @@ -190,7 +193,8 @@ in manualSunset = "18:30"; }; notifications = { - backgroundOpacity = 1.0; + enableMarkdown = true; + backgroundOpacity = mkForce 1.00; criticalUrgencyDuration = 15; enableKeyboardLayoutToast = true; enabled = true; @@ -204,7 +208,7 @@ in }; osd = { autoHideMs = 1500; - backgroundOpacity = 1.0; + backgroundOpacity = mkForce 0.55; enabled = true; enabledTypes = [ 0 @@ -249,7 +253,7 @@ in hideWallpaperFilenames = true; monitorDirectories = [ ]; - overviewEnabled = false; + overviewEnabled = true; panelPosition = "follow_bar"; randomEnabled = false; randomIntervalSec = 300; diff --git a/system/modules/shells/noctalia/sessionMenu.nix b/system/modules/shells/noctalia/sessionMenu.nix index 747bdfa..6d81ded 100755 --- a/system/modules/shells/noctalia/sessionMenu.nix +++ b/system/modules/shells/noctalia/sessionMenu.nix @@ -1,5 +1,5 @@ { - countdownDuration = 10000; + countdownDuration = 3000; enableCountdown = true; position = "bottom_center"; powerOptions = [ diff --git a/system/modules/sops-nix.nix b/system/modules/sops-nix.nix index 4b9c0f7..4f14cdc 100755 --- a/system/modules/sops-nix.nix +++ b/system/modules/sops-nix.nix @@ -12,6 +12,18 @@ in }; }; + home-manager.sharedModules = [ + { + sops = { + defaultSopsFile = defaultSopsFile; + + age = { + keyFile = ageKeyFile; + }; + }; + } + ]; + environment.variables = { SOPS_AGE_KEY_FILE = ageKeyFile; }; diff --git a/system/modules/wine.nix b/system/modules/wine.nix index b568e62..53ffbeb 100755 --- a/system/modules/wine.nix +++ b/system/modules/wine.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ - wineWowPackages.waylandFull # 32-bit & 64-bit + wineWow64Packages.waylandFull winetricks ]; }