alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: alejandro-angulo:main
Branches Tags
alejandro-angulo:main
alejandro-angulo:test-nix-builder
alejandro-angulo:frigate
..
compare: alejandro-angulo:test-nix-builder
Branches Tags
alejandro-angulo:main
alejandro-angulo:test-nix-builder
alejandro-angulo:frigate

No commits in common. "main" and "test-nix-builder" have entirely different histories.
main ... test-nix-b

27 changed files with 273 additions and 1195 deletions
Download patch file Download diff file Expand all files Collapse all files

5
.forgejo/workflows/build_nixos_configs.yml
View file

@ -1,4 +1,4 @@
name: Build NixOS Configurations name: Buill NixOS Configurations
on: [push] on: [push]
jobs: jobs:
@ -12,7 +12,6 @@ jobs:
matrix: matrix:
system: system:
- "carbon" - "carbon"
- "framework"
- "git" - "git"
- "gospel" - "gospel"
- "node" - "node"
@ -28,4 +27,4 @@ jobs:
nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }} -- login gospel https://attic.kilonull.com ${{ secrets.ATTIC_PUSH_SECRET }}
nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \ nix --extra-experimental-features nix-command --extra-experimental-features flakes run nixpkgs#attic-client \
-- push --ignore-upstream-cache-filter gospel:nixosConfigs ./result -- push gospel:nixosConfigs ./result

756
flake.lock generated
View file

File diff suppressed because it is too large Load diff

11
flake.nix
View file

@ -27,12 +27,11 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
nixvim.url = "git+https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config?ref=main"; nixvim.url = "git+https://git.alejandr0angul0.dev/alejandro-angulo/nixvim-config?ref=main";
# nixvim.inputs.nixpkgs.follows = "nixpkgs";
devenv.url = "github:cachix/devenv"; devenv.url = "github:cachix/devenv";
devenv.inputs.nixpkgs.follows = "nixpkgs"; devenv.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix";
zsh-syntax-highlighting.url = "github:zsh-users/zsh-syntax-highlighting/master"; zsh-syntax-highlighting.url = "github:zsh-users/zsh-syntax-highlighting/master";
zsh-syntax-highlighting.flake = false; zsh-syntax-highlighting.flake = false;
@ -60,10 +59,7 @@
catppuccin.nixosModules.catppuccin catppuccin.nixosModules.catppuccin
]; ];
homes.modules = with inputs; [ homes.modules = with inputs; [ catppuccin.homeModules.catppuccin ];
catppuccin.homeModules.catppuccin
spicetify-nix.homeManagerModules.spicetify
];
outputs-builder = channels: { outputs-builder = channels: {
devShells.default = inputs.devenv.lib.mkShell { devShells.default = inputs.devenv.lib.mkShell {
@ -148,10 +144,9 @@
hydraJobs = hydraJobs =
let let
systems_to_build = [ systems_to_build = [
"carbon"
"framework"
"gospel" "gospel"
"node" "node"
"carbon"
]; ];
in in
{ {

9
homes/x86_64-linux/alejandro@carbon/default.nix
View file

@ -4,6 +4,7 @@ let
internal_display_settings = "eDP-1,preferred,auto,1.6"; internal_display_settings = "eDP-1,preferred,auto,1.6";
clamshell_script = pkgs.writeShellScriptBin "clamshell" '' clamshell_script = pkgs.writeShellScriptBin "clamshell" ''
if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then
echo "Detected external monitor..."
if [[ "$1" == "open" ]]; then if [[ "$1" == "open" ]]; then
${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings} ${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings}
else else
@ -20,20 +21,14 @@ in
enable = true; enable = true;
monitor = [ monitor = [
"eDP-1,preferred,auto,1.6" "eDP-1,preferred,auto,1.6"
"desc:Dell Inc. DELL U4025QW BH2F734,preferred,auto,1.25" "desc:Dell Inc. DELL U4025QW BH2F734,3440x1440,auto,1"
",preferred,auto,1" ",preferred,auto,1"
]; ];
}; };
aa.services.hypridle.suspendInhibitWhenPluggedIn = true;
aa.windowManagers.sway.enable = lib.mkForce false; aa.windowManagers.sway.enable = lib.mkForce false;
aa.spicetify.enable = true;
wayland.windowManager.hyprland.settings.bindl = [ wayland.windowManager.hyprland.settings.bindl = [
", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open" ", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open"
", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close" ", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close"
]; ];
catppuccin.zathura.enable = true;
programs.zathura.enable = true;
} }

39
homes/x86_64-linux/alejandro@framework/default.nix
View file

@ -1,39 +0,0 @@
{ lib, pkgs, ... }:
let
internal_display_settings = "eDP-1,preferred,auto,2";
clamshell_script = pkgs.writeShellScriptBin "clamshell" ''
if ${pkgs.hyprland}/bin/hyprctl monitors | ${pkgs.ripgrep}/bin/rg -q '\sDP-'; then
if [[ "$1" == "open" ]]; then
${pkgs.hyprland}/bin/hyprctl keyword monitor ${internal_display_settings}
else
${pkgs.hyprland}/bin/hyprctl keyword monitor "eDP-1,disable"
fi
fi
'';
in
{
aa.isHeadless = false;
aa.windowManagers.sway.clamshell.enable = true;
aa.programs.opencode.enable = true;
aa.windowManagers.hyprland = {
enable = true;
monitor = [
internal_display_settings
"desc:Dell Inc. DELL U4025QW BH2F734,5120x2160@120,auto,2"
",preferred,auto,1"
];
};
aa.services.hypridle.suspendInhibitWhenPluggedIn = true;
aa.windowManagers.sway.enable = lib.mkForce false;
wayland.windowManager.hyprland.settings.bindl = [
", switch:off:Lid Switch, exec, ${clamshell_script}/bin/clamshell open"
", switch:on:Lid Switch, exec, ${clamshell_script}/bin/clamshell close"
];
aa.programs.spicetify.enable = true;
catppuccin.zathura.enable = true;
programs.zathura.enable = true;
}

79
modules/home/apps/tmux/default.nix
View file

@ -75,53 +75,44 @@ in
tmuxPlugins.vim-tmux-navigator tmuxPlugins.vim-tmux-navigator
]; ];
extraConfig = '' extraConfig =
# Scrolling with mouse wheel scrolls output instead of previous commands ''
setw -g mouse on # Scrolling with mouse wheel scrolls output instead of previous commands
setw -g mouse on
# Open panes in the same directory # Open panes in the same directory
bind c new-window -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}"
bind '"' split-window -c "#{pane_current_path}" bind '"' split-window -c "#{pane_current_path}"
bind % split-window -h -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}"
# sessionizer # sessionizer
bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms" bind C-o display-popup -E "${pkgs.tmux-sessionizer}/bin/tms"
bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch" bind C-j display-popup -E "${pkgs.tmux-sessionizer}/bin/tms switch"
bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows" bind C-w display-popup -E "${pkgs.tmux-sessionizer}/bin/tms windows"
bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'" bind C-s command-prompt -p "Rename active session to:" "run-shell '${pkgs.tmux-sessionizer}/bin/tms rename %1'"
'' ''
+ lib.strings.optionalString config.programs.lazygit.enable '' + lib.strings.optionalString config.programs.lazygit.enable ''
# Open lazygit in a popup # Open lazygit in a popup
# Spins up a new session with a '-lg' suffix (hitting the shortcut # Spins up a new session with a '-lg' suffix (hitting the shortcut
# toggles between attaching and detaching) # toggles between attaching and detaching)
bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" { bind C-g if-shell "[[ $(tmux display-message -p '#S') == *-lg ]]" {
detach-client detach-client
} { } {
display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit" display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-lg ${pkgs.lazygit}/bin/lazygit"
} }
'' ''
+ lib.strings.optionalString config.programs.btop.enable '' + lib.strings.optionalString config.programs.btop.enable ''
# Open btop in a popup # Open btop in a popup
# Spins up a new session named `btop` (hitting the shortcut # Spins up a new session named `btop` (hitting the shortcut
# toggles between attaching and detaching) # toggles between attaching and detaching)
# NOTE: This overrides the default C-t shortcut (shows time by default) # NOTE: This overrides the default C-t shortcut (shows time by default)
bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" { bind C-t if-shell "[[ $(tmux display-message -p '#S') == btop ]]" {
detach-client detach-client
} { } {
display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop" display-popup -h 90% -w 90% -E "tmux new-session -A -s btop ${pkgs.btop}/bin/btop"
} }
'' '';
+ lib.strings.optionalString config.programs.yazi.enable ''
# Open yazi in a popup
# Spins up a new session with a '-yazi' suffix (hitting the shortcut
# toggles between attaching and detaching)
bind C-y if-shell "[[ $(tmux display-message -p '#S') == *-yazi ]]" {
detach-client
} {
display-popup -h 90% -w 90% -E "tmux new-session -A -s $(tmux display-message -p '#S')-yazi ${pkgs.yazi}/bin/yazi"
}
'';
}; };
xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig; xdg.configFile."tms/config.toml".source = (pkgs.formats.toml { }).generate "tms-config" tmsConfig;

4
modules/home/programs/opencode/default.nix
View file

@ -24,14 +24,12 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.opencode = { programs.opencode = {
enable = true; enable = true;
tui = { settings = {
theme = "catppuccin"; theme = "catppuccin";
keybinds = { keybinds = {
app_exit = "ctrl+d,<leader>q"; app_exit = "ctrl+d,<leader>q";
session_interrupt = "ctrl+c"; session_interrupt = "ctrl+c";
}; };
};
settings = {
mcp = { mcp = {
context7 = { context7 = {
type = "local"; type = "local";

29
modules/home/programs/spicetify/default.nix
View file

@ -1,29 +0,0 @@
{
config,
lib,
namespace,
inputs,
pkgs,
...
}:
let
cfg = config.${namespace}.programs.spicetify;
spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.stdenv.hostPlatform.system};
in
{
options.${namespace}.programs.spicetify = {
enable = lib.mkEnableOption "spicetify";
};
config = lib.mkIf cfg.enable {
programs.spicetify = {
enable = true;
colorScheme = "mocha";
theme = spicePkgs.themes.catppuccin;
enabledExtensions = with spicePkgs.extensions; [
keyboardShortcut
shuffle
];
};
};
}

5
modules/home/programs/yazi/default.nix
View file

@ -13,10 +13,7 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.yazi = { programs.yazi.enable = true;
enable = true;
shellWrapperName = "y";
};
catppuccin.yazi.enable = true; catppuccin.yazi.enable = true;
}; };
} }

23
modules/home/services/hypridle/default.nix
View file

@ -14,15 +14,6 @@ let
; ;
cfg = config.${namespace}.services.hypridle; cfg = config.${namespace}.services.hypridle;
# Script that suspends only when not docked (no external monitors).
suspendScript = pkgs.writeShellScript "hypridle-suspend" ''
mon_count=$(${pkgs.hyprland}/bin/hyprctl monitors all 2>/dev/null | ${pkgs.gnugrep}/bin/grep -c '^Monitor' || echo "0")
# If only 1 monitor (builtin), suspend. If 2+ monitors, assume docked - don't suspend.
if [ "$mon_count" -le 1 ]; then
${pkgs.systemd}/bin/systemctl suspend
fi
'';
in in
{ {
options.${namespace}.services.hypridle = { options.${namespace}.services.hypridle = {
@ -58,14 +49,6 @@ in
Whether or not to automatically suspend Whether or not to automatically suspend
''; '';
}; };
suspendInhibitWhenPluggedIn = mkOption {
type = types.bool;
default = false;
description = ''
Whether to inhibit suspend when AC power is connected.
Useful for laptops that should only suspend on battery.
'';
};
brightnessTimeout = mkOption { brightnessTimeout = mkOption {
type = types.int; type = types.int;
@ -125,11 +108,7 @@ in
# Suspend system # Suspend system
(lib.mkIf cfg.suspendEnable { (lib.mkIf cfg.suspendEnable {
timeout = cfg.suspendTimeout; timeout = cfg.suspendTimeout;
on-timeout = on-timeout = "systemctl suspend";
if cfg.suspendInhibitWhenPluggedIn then
"${suspendScript}"
else
"${pkgs.systemd}/bin/systemctl suspend";
}) })
]; ];
}; };

14
modules/home/services/swaync/default.nix
View file

@ -16,19 +16,7 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
home.packages = [ home.packages = [ pkgs.libnotify ];
pkgs.libnotify
pkgs.dconf
];
gtk = {
enable = true;
gtk4.theme = null;
iconTheme = {
name = lib.mkForce "Adwaita";
package = lib.mkForce pkgs.adwaita-icon-theme;
};
};
services.swaync = { services.swaync = {
enable = true; enable = true;

60
modules/home/windowManagers/hyprland/default.nix
View file

@ -246,17 +246,15 @@ in
# Media keys # Media keys
bindl = [ bindl = [
", XF86AudioRaiseVolume, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume 5" ", XF86AudioRaiseVolume, exec, ${pkgs.pamixer}/bin/pamixer --increase 5"
", XF86AudioLowerVolume, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume -5" ", XF86AudioLowerVolume, exec, ${pkgs.pamixer}/bin/pamixer --decrease 5"
", XF86AudioMute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle" ", XF86AudioMute, exec, ${pkgs.pamixer}/bin/pamixer --toggle-mute"
", XF86AudioPrev, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl previous" ", XF86AudioPrev, exec, ${pkgs.playerctl}/bin/playerctl previous"
", XF86AudioNext, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl next" ", XF86AudioNext, exec, ${pkgs.playerctl}/bin/playerctl next"
", XF86AudioPlay, exec, ${pkgs.swayosd}/bin/swayosd-client --playerctl play-pause" ", XF86AudioPlay, exec, ${pkgs.playerctl}/bin/playerctl play-pause"
", XF86MonBrightnessDown, exec, ${pkgs.swayosd}/bin/swayosd-client --brightness lower" ", XF86MonBrightnessDown, exec, ${pkgs.light}/bin/light -U 5"
", XF86MonBrightnessUp, exec, ${pkgs.swayosd}/bin/swayosd-client --brightness raise" ", XF86MonBrightnessUp, exec, ${pkgs.light}/bin/light -A 5"
]; ];
gesture = "3, horizontal, workspace";
}; };
}; };
@ -274,47 +272,5 @@ in
]; ];
}; };
}; };
xdg.configFile."swayosd/style.css".text = ''
window#osd {
border-radius: 999px;
border: none;
background: rgba(30, 30, 46, 0.8); }
window#osd #container {
margin: 16px; }
window#osd image,
window#osd label {
color: #cdd6f4; }
window#osd progressbar:disabled,
window#osd image:disabled {
opacity: 0.5; }
window#osd progressbar,
window#osd segmentedprogress {
min-height: 6px;
border-radius: 999px;
background: transparent;
border: none; }
window#osd trough,
window#osd segment {
min-height: inherit;
border-radius: inherit;
border: none;
background: rgba(49, 50, 68, 0.8); }
window#osd progress,
window#osd segment.active {
min-height: inherit;
border-radius: inherit;
border: none;
background: #9399b2; }
window#osd segment {
margin-left: 8px; }
window#osd segment:first-child {
margin-left: 0; }
'';
services.swayosd = {
enable = true;
stylePath = "${config.xdg.configHome}/${config.xdg.configFile."swayosd/style.css".target}";
};
}; };
} }

4
modules/home/windowManagers/sway/default.nix
View file

@ -320,8 +320,8 @@ in
"${modifier}+Left" = "exec 'playerctl previous'"; "${modifier}+Left" = "exec 'playerctl previous'";
# Backlight keys # Backlight keys
"XF86MonBrightnessDown" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set -n10 10%-'"; "XF86MonBrightnessDown" = "exec '${pkgs.light}/bin/light -U 5'";
"XF86MonBrightnessUp" = "exec '${pkgs.brightnessctl}/bin/brightnessctl set 10%+'"; "XF86MonBrightnessUp" = "exec '${pkgs.light}/bin/light -A 5'";
# Navigation # Navigation

17
modules/nixos/services/adguardhome/default.nix
View file

@ -38,15 +38,16 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts."adguardhome.kilonull.com" = { virtualHosts."adguardhome.kilonull.com" =
locations."/" = { {
proxyPass = "http://127.0.0.1:3000"; locations."/" = {
proxyPass = "http://127.0.0.1:3000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
}; };
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}; };
networking.firewall = { networking.firewall = {

1
modules/nixos/services/atticd/default.nix
View file

@ -37,6 +37,7 @@ in
# openssl genrsa -traditional 4096 | base64 -w0 # openssl genrsa -traditional 4096 | base64 -w0
environmentFile = config.age.secrets.atticd.path; environmentFile = config.age.secrets.atticd.path;
settings = { settings = {
allowed-hosts = [ "attic.kilonull.com" ];
api-endpoint = "https://attic.kilonull.com/"; api-endpoint = "https://attic.kilonull.com/";
listen = "[::]:8080"; listen = "[::]:8080";
garbage-collection.retention-period = "30d"; garbage-collection.retention-period = "30d";

21
modules/nixos/services/grafana/default.nix
View file

@ -113,17 +113,18 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."${server_settings.domain}" = { virtualHosts."${server_settings.domain}" =
locations."/" = { {
proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}"; locations."/" = {
proxyWebsockets = true; proxyPass = "http://${server_settings.http_addr}:${toString server_settings.http_port}";
recommendedProxySettings = true; proxyWebsockets = true;
recommendedProxySettings = true;
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
}; };
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}; };
networking.firewall = { networking.firewall = {

97
modules/nixos/services/minio/default.nix
View file

@ -33,62 +33,63 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
"minio.kilonull.com" = { "minio.kilonull.com" =
extraConfig = '' {
# Allow special characters in headers extraConfig = ''
ignore_invalid_headers off; # Allow special characters in headers
# Allow any size file to be uploaded. ignore_invalid_headers off;
# Set to a value such as 1000m; to restrict file size to a specific value # Allow any size file to be uploaded.
client_max_body_size 0; # Set to a value such as 1000m; to restrict file size to a specific value
# Disable buffering client_max_body_size 0;
proxy_buffering off; # Disable buffering
proxy_request_buffering off; proxy_buffering off;
''; proxy_request_buffering off;
'';
locations."/".extraConfig = '' locations."/".extraConfig = ''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300; proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1 # Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Connection ""; proxy_set_header Connection "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://localhost:9000; proxy_pass http://localhost:9000;
''; '';
locations."/ui".extraConfig = '' locations."/ui".extraConfig = ''
rewrite ^/ui/(.*) /$1 break; rewrite ^/ui/(.*) /$1 break;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true; proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed # This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP; real_ip_header X-Real-IP;
proxy_connect_timeout 300; proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023 # To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress) # Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string # Uncomment the following line to set the Origin request to an empty string
proxy_set_header Origin ""; proxy_set_header Origin "";
chunked_transfer_encoding off; chunked_transfer_encoding off;
proxy_pass http://localhost:9001; proxy_pass http://localhost:9001;
''; '';
} }
// lib.optionalAttrs (cfg.acmeCertName != "") { // lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true; forceSSL = true;
useACMEHost = cfg.acmeCertName; useACMEHost = cfg.acmeCertName;
}; };
}; };
}; };
}; };

27
modules/nixos/services/nix-serve/default.nix
View file

@ -45,19 +45,20 @@ in
nginx = { nginx = {
enable = true; enable = true;
virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" = { virtualHosts."${cfg.subdomain_name}.${cfg.domain_name}" =
serverAliases = [ "${cfg.subdomain_name}" ]; {
locations."/".extraConfig = '' serverAliases = [ "${cfg.subdomain_name}" ];
proxy_pass http://localhost:${toString config.services.nix-serve.port}; locations."/".extraConfig = ''
proxy_set_header Host $host; proxy_pass http://localhost:${toString config.services.nix-serve.port};
proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr;
''; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
} '';
// lib.optionalAttrs (cfg.acmeCertName != "") { }
forceSSL = true; // lib.optionalAttrs (cfg.acmeCertName != "") {
useACMEHost = cfg.acmeCertName; forceSSL = true;
}; useACMEHost = cfg.acmeCertName;
};
}; };
}; };

25
modules/nixos/services/octoprint/default.nix
View file

@ -25,19 +25,20 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts."octoprint.kilonull.com" = { virtualHosts."octoprint.kilonull.com" =
locations."/" = { {
proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}"; locations."/" = {
proxyWebsockets = true; proxyPass = "http://127.0.0.1:${toString config.services.octoprint.port}";
extraConfig = '' proxyWebsockets = true;
client_max_body_size 512m; extraConfig = ''
''; client_max_body_size 512m;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
}; };
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

31
modules/nixos/services/sunshine/default.nix
View file

@ -30,22 +30,23 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."sunshine.kilonull.com" = { virtualHosts."sunshine.kilonull.com" =
locations."/" = { {
recommendedProxySettings = true; locations."/" = {
# NOTE: Sunshine is a little weird since it requires multiple recommendedProxySettings = true;
# ports. You configure it with a base port and the web UI +1 from # NOTE: Sunshine is a little weird since it requires multiple
# the base port. # ports. You configure it with a base port and the web UI +1 from
proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}"; # the base port.
extraConfig = '' proxyPass = "https://127.0.0.1:${toString (config.services.sunshine.settings.port + 1)}";
proxy_ssl_verify off; extraConfig = ''
''; proxy_ssl_verify off;
'';
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
}; };
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}; };
}; };
} }

23
modules/nixos/services/teslamate/default.nix
View file

@ -147,18 +147,19 @@ in
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."teslamate.kilonull.com" = { virtualHosts."teslamate.kilonull.com" =
locations."/" = { {
recommendedProxySettings = true; locations."/" = {
proxyWebsockets = true; recommendedProxySettings = true;
# TODO: Make port configurable. proxyWebsockets = true;
proxyPass = "http://127.0.0.1:4000"; # TODO: Make port configurable.
proxyPass = "http://127.0.0.1:4000";
};
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
}; };
}
// lib.optionalAttrs (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};
}; };
networking.firewall.allowedTCPPorts = [ 4000 ]; networking.firewall.allowedTCPPorts = [ 4000 ];

3
modules/nixos/user/default.nix
View file

@ -58,7 +58,6 @@ in
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ "wheel" ] ++ cfg.extraGroups; extraGroups = [ "wheel" ] ++ cfg.extraGroups;
} } // cfg.extraOptions;
// cfg.extraOptions;
}; };
} }

2
overlays/signal-desktop/default.nix → overlays/signal-desktop-bin/default.nix
View file

@ -1,6 +1,6 @@
{ ... }: { ... }:
(final: prev: { (final: prev: {
signal-desktop = prev.signal-desktop.overrideAttrs (oldAttrs: { signal-desktop-bin = prev.signal-desktop-bin.overrideAttrs (oldAttrs: {
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.makeWrapper ]; nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ prev.makeWrapper ];
postInstall = oldAttrs.postInstall or "" + '' postInstall = oldAttrs.postInstall or "" + ''
wrapProgram $out/bin/signal-desktop \ wrapProgram $out/bin/signal-desktop \

6
systems/x86_64-linux/carbon/default.nix
View file

@ -75,21 +75,21 @@
wireguard-tools wireguard-tools
chromium
prusa-slicer prusa-slicer
traceroute traceroute
gnumake gnumake
hugo hugo
nixos-generators nixos-generators
vlc vlc
signal-desktop signal-desktop-bin
zoom-us
]; ];
environment.pathsToLink = [ environment.pathsToLink = [
"/share/applications" "/share/applications"
"/share/xdg-desktop-portal" "/share/xdg-desktop-portal"
]; ];
programs.light.enable = true;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

122
systems/x86_64-linux/framework/default.nix
View file

@ -1,122 +0,0 @@
{
inputs,
pkgs,
lib,
...
}:
{
imports = [
# Include the results of the hardware scan.
# ./hardware-configuration-zfs.nix
# ./zfs.nix
./hardware-configuration.nix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
];
aa = {
nix = {
enable = true;
useSelfhostedCache = true;
remoteBuilder.client.enable = false;
};
archetypes.workstation.enable = true;
# services.printing.enable = true;
services.tailscale = {
enable = true;
configureClientRouting = true;
};
hardware.audio.enable = true;
hardware.bluetooth.enable = true;
# system.zfs.enable = true;
apps.yubikey.enable = true;
user.extraGroups = [
"dialout"
"video"
];
};
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.kernelPackages = pkgs.linuxPackages_latest;
services.fwupd.enable = true;
services.gvfs.enable = true;
services.logind.settings.Login = {
HandleLidSwitchDocked = "ignore";
HandleLidSwitchExternalPower = "ignore";
HandleLidSwitch = "suspend";
KillUserProcesses = false;
};
virtualisation = {
docker = {
enable = true;
storageDriver = "overlay2";
rootless = {
enable = true;
setSocketVariable = true;
};
};
};
networking = {
hostName = "framework";
networkmanager.enable = true; # Enables wireless support via wpa_supplicant.
};
# This service is problematic
# See: https://github.com/NixOS/nixpkgs/issues/180175
systemd.services.NetworkManager-wait-online.enable = false;
services.tlp.enable = false;
services.power-profiles-daemon.enable = false;
services.tuned.enable = true;
# services.tlp.settings = {
# USB_DENYLIST = "0000:1111 2222:3333 4444:5555";
# };
# Still need to run `nix run nixpkgs#bolt -- enroll DEVICE_UUID`
services.hardware.bolt.enable = true;
time.timeZone = "America/Los_Angeles";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
pavucontrol
# android-tools
# sanoid
# # Below 3 installed for sanoid
# pv
# lzop
# mbuffer
# wireguard-tools
chromium
# prusa-slicer
traceroute
gnumake
hugo
nixos-generators
vlc
signal-desktop
# zoom-us
];
environment.pathsToLink = [
"/share/applications"
"/share/xdg-desktop-portal"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

42
systems/x86_64-linux/framework/hardware-configuration.nix
View file

@ -1,42 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "UUID=00a14ad6-5635-4b54-b7e2-a35943639bb8";
fsType = "bcachefs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/66E9-291D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
systems/x86_64-linux/gospel/default.nix
View file

@ -47,8 +47,7 @@
services.prometheus.enable = true; services.prometheus.enable = true;
services.promtail.enable = true; services.promtail.enable = true;
services.hydra = { services.hydra = {
# Intentionally disabled for now enable = true;
enable = false;
acmeCertName = "kilonull.com"; acmeCertName = "kilonull.com";
secretKeyPath = "/var/gospelCache"; secretKeyPath = "/var/gospelCache";
s3Bucket = "nix-store"; s3Bucket = "nix-store";
@ -112,14 +111,6 @@
"ubuntu-20.04:docker://node:16-bullseye" "ubuntu-20.04:docker://node:16-bullseye"
"ubuntu-18.04:docker://node:16-buster" "ubuntu-18.04:docker://node:16-buster"
]; ];
settings.container = {
options = ''
-e PATH=:${pkgs.nix}/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
-e NIX_PATH=nixpkgs=flake:nixpkgs:/nix/var/nix/profiles/per-user/root/channels
-e NIX_REMOTE=daemon
'';
valid_volumes = [ "/nix" ];
};
}; };
}; };
}; };
@ -202,7 +193,7 @@
prusa-slicer prusa-slicer
esptool esptool
minicom minicom
signal-desktop signal-desktop-bin
ncdu ncdu
cntr cntr