alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: alejandro-angulo:main
Branches Tags
alejandro-angulo:main
alejandro-angulo:test-nix-builder
alejandro-angulo:frigate
..
compare: alejandro-angulo:test-nix-builder
Branches Tags
alejandro-angulo:main
alejandro-angulo:test-nix-builder
alejandro-angulo:frigate

No commits in common. "main" and "test-nix-builder" have entirely different histories.
main ... test-nix-b

27 changed files with 273 additions and 1194 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.forgejo/workflows/build_nixos_configs.yml
View file

@ -1,4 +1,4 @@
name: Build NixOS Configurations
name: Buill NixOS Configurations
on: [push]
jobs:
@ -12,7 +12,6 @@ jobs:
matrix:
system:
- "carbon"
- "framework"
- "git"
- "gospel"
- "node"
@ -28,4 +27,4 @@ jobs:
nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }}
nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-- push --ignore-upstream-cache-filter gospel:nixosConfigs ./result
-- push gospel:nixosConfigs ./result

756
flake.lock generated
View file

File diff suppressed because it is too large Load diff

11
flake.nix
View file

@ -27,12 +27,11 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixvim.url = "git+https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config?ref=main";
# nixvim.inputs.nixpkgs.follows = "nixpkgs";
devenv.url = "github:cachix/devenv";
devenv.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix";
zsh-syntax-highlighting.url = "github:zsh-users/zsh-syntax-highlighting/master";
zsh-syntax-highlighting.flake = false;
@ -60,10 +59,7 @@
catppuccin.nixosModules.catppuccin
];
homes.modules = with inputs; [
catppuccin.homeModules.catppuccin
spicetify-nix.homeManagerModules.spicetify
];
homes.modules = with inputs; [ catppuccin.homeModules.catppuccin ];
outputs-builder = channels: {
devShells.default = inputs.devenv.lib.mkShell {
@ -148,10 +144,9 @@
hydraJobs =
let
systems_to_build = [
"carbon"
"framework"
"gospel"
"node"
"carbon"
];
in
{

9
homes/x86_64-linux/alejandro@carbon/default.nix
View file

@ -4,6 +4,7 @@ let
internal_display_settings = "eDP-1,preferred,auto,1.6";
clamshell_script = pkgs.writeShellScriptBin "clamshell" ''
if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then
echo "Detected external monitor..."
if [[ "$1" == "open" ]]; then
${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings}
else
@ -20,20 +21,14 @@ in
enable = true;
monitor = [
"eDP-1,preferred,auto,1.6"
"desc:Dell Inc. DELL U4025QW BH2F734,preferred,auto,1.25"
"desc:Dell Inc. DELL U4025QW BH2F734,3440x1440,auto,1"
",preferred,auto,1"
];
};
aa.services.hypridle.suspendInhibitWhenPluggedIn = true;
aa.windowManagers.sway.enable = lib.mkForce false;
aa.spicetify.enable = true;
wayland.windowManager.hyprland.settings.bindl = [
", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open"
", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close"
];
catppuccin.zathura.enable = true;
programs.zathura.enable = true;
}

39
homes/x86_64-linux/alejandro@framework/default.nix
View file

@ -1,39 +0,0 @@
{ lib, pkgs, ... }:
let
internal_display_settings = "eDP-1,preferred,auto,2";
clamshell_script = pkgs.writeShellScriptBin "clamshell" ''
if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then
if [[ "$1" == "open" ]]; then
${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings}
else
${pkgs.hyprland}/bin/hyprctl keyword monitor "eDP-1,disable"
fi
fi
'';
in
{
aa.isHeadless = false;
aa.windowManagers.sway.clamshell.enable = true;
aa.programs.opencode.enable = true;
aa.windowManagers.hyprland = {
enable = true;
monitor = [
internal_display_settings
"desc:Dell Inc. DELL U4025QW BH2F734,5120x2160@120,auto,2"
",preferred,auto,1"
];
};
aa.services.hypridle.suspendInhibitWhenPluggedIn = true;
aa.windowManagers.sway.enable = lib.mkForce false;
wayland.windowManager.hyprland.settings.bindl = [
", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open"
", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close"
];
aa.programs.spicetify.enable = true;
catppuccin.zathura.enable = true;
programs.zathura.enable = true;
}

79
modules/home/apps/tmux/default.nix
View file

@ -75,53 +75,44 @@ in
tmuxPlugins.vim-tmux-navigator
];
extraConfig = ''
# Scrolling with mouse wheel scrolls output instead of previous commands
setw -g mouse on
extraConfig =
''
# Scrolling with mouse wheel scrolls output instead of previous commands
setw -g mouse on
# Open panes in the same directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
# Open panes in the same directory
bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}"
# sessionizer
bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms"
bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch"
bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows"
bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'"
# sessionizer
bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms"
bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch"
bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows"
bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'"
''
+ lib.strings.optionalString config.programs.lazygit.enable ''
# Open lazygit in a popup
# Spins up a new session with a '-lg' suffix (hitting the shortcut
# toggles between attaching and detaching)
bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit"
}
''
+ lib.strings.optionalString config.programs.btop.enable ''
# Open btop in a popup
# Spins up a new session named `btop` (hitting the shortcut
# toggles between attaching and detaching)
# NOTE: This overrides the default C-t shortcut (shows time by default)
bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop"
}
''
+ lib.strings.optionalString config.programs.yazi.enable ''
# Open yazi in a popup
# Spins up a new session with a '-yazi' suffix (hitting the shortcut
# toggles between attaching and detaching)
bind C-y if-shell "[[ $(tmux display-message -p '#S') == *-yazi ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-yazi ${pkgs.yazi}/bin/yazi"
}
'';
''
+ lib.strings.optionalString config.programs.lazygit.enable ''
# Open lazygit in a popup
# Spins up a new session with a '-lg' suffix (hitting the shortcut
# toggles between attaching and detaching)
bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit"
}
''
+ lib.strings.optionalString config.programs.btop.enable ''
# Open btop in a popup
# Spins up a new session named `btop` (hitting the shortcut
# toggles between attaching and detaching)
# NOTE: This overrides the default C-t shortcut (shows time by default)
bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop"
}
'';
};
xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig;

4
modules/home/programs/opencode/default.nix
View file

@ -24,14 +24,12 @@ in
config = lib.mkIf cfg.enable {
programs.opencode = {
enable = true;
tui = {
settings = {
theme = "catppuccin";
keybinds = {
app_exit = "ctrl+d,<leader>q";
session_interrupt = "ctrl+c";
};
};
settings = {
mcp = {
context7 = {
type = "local";

29
modules/home/programs/spicetify/default.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
namespace,
inputs,
pkgs,
...
}:
let
cfg = config.${namespace}.programs.spicetify;
spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system};
in
{
options.${namespace}.programs.spicetify = {
enable = lib.mkEnableOption "spicetify";
};
config = lib.mkIf cfg.enable {
programs.spicetify = {
enable = true;
colorScheme = "mocha";
theme = spicePkgs.themes.catppuccin;
enabledExtensions = with spicePkgs.extensions; [
keyboardShortcut
shuffle
];
};
};
}

5
modules/home/programs/yazi/default.nix
View file

@ -13,10 +13,7 @@ in
};
config = lib.mkIf cfg.enable {
programs.yazi = {
enable = true;
shellWrapperName = "y";
};
programs.yazi.enable = true;
catppuccin.yazi.enable = true;
};
}

23
modules/home/services/hypridle/default.nix
View file

@ -14,15 +14,6 @@ let
;
cfg = config.${namespace}.services.hypridle;
# Script that suspends only when not docked (no external monitors).
suspendScript = pkgs.writeShellScript "hypridle-suspend" ''
mon_count=$(${pkgs.hyprland}/bin/hyprctl monitors all 2>/dev/null | ${pkgs.gnugrep}/bin/grep -c '^Monitor' || echo "0")
# If only 1 monitor (builtin), suspend. If 2+ monitors, assume docked - don't suspend.
if [ "$mon_count" -le 1 ]; then
${pkgs.systemd}/bin/systemctl suspend
fi
'';
in
{
options.${namespace}.services.hypridle = {
@ -58,14 +49,6 @@ in
Whether or not to automatically suspend
'';
};
suspendInhibitWhenPluggedIn = mkOption {
type = types.bool;
default = false;
description = ''
Whether to inhibit suspend when AC power is connected.
Useful for laptops that should only suspend on battery.
'';
};
brightnessTimeout = mkOption {
type = types.int;
@ -125,11 +108,7 @@ in
# Suspend system
(lib.mkIf cfg.suspendEnable {
timeout = cfg.suspendTimeout;
on-timeout =
if cfg.suspendInhibitWhenPluggedIn then
"${suspendScript}"
else
"${pkgs.systemd}/bin/systemctl suspend";
on-timeout = "systemctl suspend";
})
];
};

14
modules/home/services/swaync/default.nix
View file

@ -16,19 +16,7 @@ in
};
config = mkIf cfg.enable {
home.packages = [
pkgs.libnotify
pkgs.dconf
];
gtk = {
enable = true;
gtk4.theme = null;
iconTheme = {
name = lib.mkForce "Adwaita";
package = lib.mkForce pkgs.adwaita-icon-theme;
};
};
home.packages = [ pkgs.libnotify ];
services.swaync = {
enable = true;

60
modules/home/windowManagers/hyprland/default.nix
View file

@ -246,17 +246,15 @@ in
# Media keys
bindl = [
", XF86AudioRaiseVolume, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume 5"
", XF86AudioLowerVolume, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume -5"
", XF86AudioMute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle"
", XF86AudioPrev, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl previous"
", XF86AudioNext, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl next"
", XF86AudioPlay, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl play-pause"
", XF86MonBrightnessDown, exec, ${pkgs.swayosd}/bin/swayosd-client --brightness lower"
", XF86MonBrightnessUp, exec, ${pkgs.swayosd}/bin/swayosd-client --brightness raise"
", XF86AudioRaiseVolume, exec, ${pkgs.pamixer}/bin/pamixer --increase 5"
", XF86AudioLowerVolume, exec, ${pkgs.pamixer}/bin/pamixer --decrease 5"
", XF86AudioMute, exec, ${pkgs.pamixer}/bin/pamixer --toggle-mute"
", XF86AudioPrev, exec, ${pkgs.playerctl}/bin/playerctl previous"
", XF86AudioNext, exec, ${pkgs.playerctl}/bin/playerctl next"
", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl play-pause"
", XF86MonBrightnessDown, exec, ${pkgs.light}/bin/light -U 5"
", XF86MonBrightnessUp, exec, ${pkgs.light}/bin/light -A 5"
];
gesture = "3, horizontal, workspace";
};
};
@ -274,47 +272,5 @@ in
];
};
};
xdg.configFile."swayosd/style.css".text = ''
window#osd {
border-radius: 999px;
border: none;
background: rgba(30, 30, 46, 0.8); }
window#osd #container {
margin: 16px; }
window#osd image,
window#osd label {
color: #cdd6f4; }
window#osd progressbar:disabled,
window#osd image:disabled {
opacity: 0.5; }
window#osd progressbar,
window#osd segmentedprogress {
min-height: 6px;
border-radius: 999px;
background: transparent;
border: none; }
window#osd trough,
window#osd segment {
min-height: inherit;
border-radius: inherit;
border: none;
background: rgba(49, 50, 68, 0.8); }
window#osd progress,
window#osd segment.active {
min-height: inherit;
border-radius: inherit;
border: none;
background: #9399b2; }
window#osd segment {
margin-left: 8px; }
window#osd segment:first-child {
margin-left: 0; }
'';
services.swayosd = {
enable = true;
stylePath = "${config.xdg.configHome}/${config.xdg.configFile."swayosd/style.css".target}";
};
};
}

4
modules/home/windowManagers/sway/default.nix
View file

@ -320,8 +320,8 @@ in
"${modifier}+Left" = "exec 'playerctl previous'";
# Backlight keys
"XF86MonBrightnessDown" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set -n10 10%-'";
"XF86MonBrightnessUp" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set 10%+'";
"XF86MonBrightnessDown" = "exec '${pkgs.light}/bin/light -U 5'";
"XF86MonBrightnessUp" = "exec '${pkgs.light}/bin/light -A 5'";
# Navigation

17
modules/nixos/services/adguardhome/default.nix
View file

@ -38,15 +38,16 @@ in
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."adguardhome.kilonull.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
virtualHosts."adguardhome.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall = {

1
modules/nixos/services/atticd/default.nix
View file

@ -37,6 +37,7 @@ in
# openssl genrsa -traditional 4096 | base64 -w0
environmentFile = config.age.secrets.atticd.path;
settings = {
allowed-hosts = [ "attic.kilonull.com" ];
api-endpoint = "https://attic.kilonull.com/";
listen = "[::]:8080";
garbage-collection.retention-period = "30d";

21
modules/nixos/services/grafana/default.nix
View file

@ -113,17 +113,18 @@ in
services.nginx = {
enable = true;
virtualHosts."${server_settings.domain}" = {
locations."/" = {
proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
virtualHosts."${server_settings.domain}" =
{
locations."/" = {
proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall = {

97
modules/nixos/services/minio/default.nix
View file

@ -33,62 +33,63 @@ in
services.nginx = {
enable = true;
virtualHosts = {
"minio.kilonull.com" = {
extraConfig = ''
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
'';
"minio.kilonull.com" =
{
extraConfig = ''
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
'';
locations."/".extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
locations."/".extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://localhost:9000;
'';
locations."/ui".extraConfig = ''
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:9000;
'';
locations."/ui".extraConfig = ''
rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin "";
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin "";
chunked_transfer_encoding off;
chunked_transfer_encoding off;
proxy_pass http://localhost:9001;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
proxy_pass http://localhost:9001;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};
};

27
modules/nixos/services/nix-serve/default.nix
View file

@ -45,19 +45,20 @@ in
nginx = {
enable = true;
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = {
serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" =
{
serverAliases = [ "${cfg.subdomain_name}" ];
locations."/".extraConfig = ''
proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
'';
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};

25
modules/nixos/services/octoprint/default.nix
View file

@ -25,19 +25,20 @@ in
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts."octoprint.kilonull.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 512m;
'';
virtualHosts."octoprint.kilonull.com" =
{
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
proxyWebsockets = true;
extraConfig = ''
client_max_body_size 512m;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall.allowedTCPPorts = [

31
modules/nixos/services/sunshine/default.nix
View file

@ -30,22 +30,23 @@ in
services.nginx = {
enable = true;
virtualHosts."sunshine.kilonull.com" = {
locations."/" = {
recommendedProxySettings = true;
# NOTE: Sunshine is a little weird since it requires multiple
# ports. You configure it with a base port and the web UI +1 from
# the base port.
proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}";
extraConfig = ''
proxy_ssl_verify off;
'';
virtualHosts."sunshine.kilonull.com" =
{
locations."/" = {
recommendedProxySettings = true;
# NOTE: Sunshine is a little weird since it requires multiple
# ports. You configure it with a base port and the web UI +1 from
# the base port.
proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}";
extraConfig = ''
proxy_ssl_verify off;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
};
}

23
modules/nixos/services/teslamate/default.nix
View file

@ -147,18 +147,19 @@ in
services.nginx = {
enable = true;
virtualHosts."teslamate.kilonull.com" = {
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
# TODO: Make port configurable.
proxyPass = "http://127.0.0.1:4000";
virtualHosts."teslamate.kilonull.com" =
{
locations."/" = {
recommendedProxySettings = true;
proxyWebsockets = true;
# TODO: Make port configurable.
proxyPass = "http://127.0.0.1:4000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
};
networking.firewall.allowedTCPPorts = [ 4000 ];

3
modules/nixos/user/default.nix
View file

@ -58,7 +58,6 @@ in
shell = pkgs.zsh;
extraGroups = [ "wheel" ] ++ cfg.extraGroups;
}
// cfg.extraOptions;
} // cfg.extraOptions;
};
}

2
overlays/signal-desktop/default.nix → overlays/signal-desktop-bin/default.nix
View file

@ -1,6 +1,6 @@
{ ... }:
(final: prev: {
signal-desktop = prev.signal-desktop.overrideAttrs (oldAttrs: {
signal-desktop-bin = prev.signal-desktop-bin.overrideAttrs (oldAttrs: {
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.makeWrapper ];
postInstall = oldAttrs.postInstall or "" + ''
wrapProgram $out/bin/signal-desktop \

6
systems/x86_64-linux/carbon/default.nix
View file

@ -75,21 +75,21 @@
wireguard-tools
chromium
prusa-slicer
traceroute
gnumake
hugo
nixos-generators
vlc
signal-desktop
zoom-us
signal-desktop-bin
];
environment.pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
programs.light.enable = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave

121
systems/x86_64-linux/framework/default.nix
View file

@ -1,121 +0,0 @@
{
inputs,
pkgs,
lib,
...
}:
{
imports = [
# Include the results of the hardware scan.
# ./hardware-configuration-zfs.nix
# ./zfs.nix
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];
aa = {
nix = {
enable = true;
useSelfhostedCache = true;
remoteBuilder.client.enable = false;
};
archetypes.workstation.enable = true;
# services.printing.enable = true;
services.tailscale = {
enable = true;
configureClientRouting = true;
};
hardware.audio.enable = true;
hardware.bluetooth.enable = true;
# system.zfs.enable = true;
apps.yubikey.enable = true;
user.extraGroups = [
"dialout"
"video"
];
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
services.fwupd.enable = true;
services.gvfs.enable = true;
services.logind.settings.Login = {
HandleLidSwitchDocked = "ignore";
HandleLidSwitchExternalPower = "ignore";
HandleLidSwitch = "suspend";
KillUserProcesses = false;
};
virtualisation = {
docker = {
enable = true;
storageDriver = "overlay2";
rootless = {
enable = true;
setSocketVariable = true;
};
};
};
networking = {
hostName = "framework";
networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
};
# This service is problematic
# See: https://github.com/NixOS/nixpkgs/issues/180175
systemd.services.NetworkManager-wait-online.enable = false;
# services.tlp.settings = {
# USB_DENYLIST = "0000:1111 2222:3333 4444:5555";
# };
# Still need to run `nix run nixpkgs#bolt -- enroll DEVICE_UUID`
services.hardware.bolt.enable = true;
services.power-profiles-daemon.enable = lib.mkForce false;
time.timeZone = "America/Los_Angeles";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
pavucontrol
# android-tools
# sanoid
# # Below 3 installed for sanoid
# pv
# lzop
# mbuffer
# wireguard-tools
chromium
# prusa-slicer
traceroute
gnumake
hugo
nixos-generators
vlc
signal-desktop
# zoom-us
];
environment.pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

42
systems/x86_64-linux/framework/hardware-configuration.nix
View file

@ -1,42 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "UUID=00a14ad6-5635-4b54-b7e2-a35943639bb8";
fsType = "bcachefs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/66E9-291D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/x86_64-linux/gospel/default.nix
View file

@ -47,8 +47,7 @@
services.prometheus.enable = true;
services.promtail.enable = true;
services.hydra = {
# Intentionally disabled for now
enable = false;
enable = true;
acmeCertName = "kilonull.com";
secretKeyPath = "/var/gospelCache";
s3Bucket = "nix-store";
@ -112,14 +111,6 @@
"ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster"
];
settings.container = {
options = ''
-e PATH=:${pkgs.nix}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-e NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels
-e NIX_REMOTE=daemon
'';
valid_volumes = [ "/nix" ];
};
};
};
};
@ -202,7 +193,7 @@
prusa-slicer
esptool
minicom
signal-desktop
signal-desktop-bin
ncdu
cntr