noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 22:30:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:200f790ea15426a472dee27d5008e986920728bd
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:sway
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

57 Commits
200f790ea1 ... sway

Author SHA1 Message Date
Noah Masur
cb15963270 clean up i3 sxhkd 2023-08-09 22:03:47 -04:00
Noah Masur
5efa1eb269 restored working i3 with sxhkd 2023-08-09 21:32:38 -04:00
Noah Masur
6ea3da93db partial success of i3 and sxhkd 2023-08-09 08:36:07 -04:00
Noah Masur
97c94e6b6a move keybinds between i3 and keybinds file 2023-08-08 22:13:38 -04:00
Noah Masur
f16ef49792 move keybinds to sxhkd 2023-08-08 22:13:38 -04:00
Noah Masur
cc0325b431 start to add sway config 2023-08-08 22:13:38 -04:00
Noah Masur
5561c85b43 add networkmanager to fix steam startup times 2023-08-08 22:13:24 -04:00
Noah Masur
05a8f4a49b revert to basic adwaita gtk theme 2023-08-08 22:13:02 -04:00
Noah Masur
a1f651010b successfully build custom gtk with latest materia-theme 
too bad it looks terrible, especially for nautilus
 2023-08-08 20:08:34 -04:00
Noah Masur
3cecb8810c playing with custom gtk theme 
still pretty ugly unfortunately
 2023-08-06 18:07:47 -04:00
Noah Masur
af753153f1 fix: clicking mouse in rofi power menu 2023-08-06 18:06:50 -04:00
Noah Masur
d2afdd56ae gitcredentialhelper option renamed 2023-08-06 18:06:23 -04:00
Noah Masur
18fec1d058 add another mbsync ignorefile for polybar 2023-08-06 18:06:11 -04:00
Noah Masur
6a0e70568a remove litestream docs from nextcloud 
now that i've migrated from sqlite to mariadb
 2023-08-06 16:38:24 -04:00
Noah Masur
9b44d8f171 add jujutsu vcs 2023-08-06 16:37:53 -04:00
Noah Masur
1cf3405103 add readme for each directory 2023-08-06 08:01:21 -04:00
Noah Masur
7439d4bf39 fix: lightdm not showing username 2023-08-06 07:30:40 -04:00
github-actions[bot]
316c33e66c flake.lock: Update 
Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/16c07487ac9bc59f58b121d13160c67befa3342e' (2023-07-27)
  → 'github:lnl7/nix-darwin/829041cf10c4f6751a53c0a11ca2fd22ff0918d6' (2023-08-05)
• Updated input 'disko':
    'github:nix-community/disko/43f17a8b31c49f6696b8b258d317161afdc7e36b' (2023-07-28)
  → 'github:nix-community/disko/4015740375676402a2ee6adebc3c30ea625b9a94' (2023-07-30)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/69010f2ef9fbcef70d12541910ccc6db7a9997db' (2023-07-28)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/6081c33185dba05da784d9f2a392861af025bf1a' (2023-08-05)
• Updated input 'hmts-nvim-src':
    'github:calops/hmts.nvim/725300f46d702529a739d2e6ef84758b6003d135' (2023-08-03)
  → 'github:calops/hmts.nvim/1d40963804925754672940d07ddb250d19efec2e' (2023-08-05)
• Updated input 'home-manager':
    'github:nix-community/home-manager/f58889c07efa8e1328fdf93dc1796ec2a5c47f38' (2023-07-29)
  → 'github:nix-community/home-manager/0a014a729cdd54d9919ff36b714d047909d7a4c8' (2023-08-05)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28' (2023-07-28)
  → 'github:nixos/nixpkgs/18036c0be90f4e308ae3ebcab0e14aae0336fe42' (2023-08-04)
• Updated input 'nur':
    'github:nix-community/nur/1c4ba84e2cbfd43976a0fd3f848b536611735a79' (2023-07-30)
  → 'github:nix-community/nur/cf2f5d8ad452795e5aca290c95eedc829d3da7ec' (2023-08-06)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/4bd30f0137e44dcf3e74cc1164efb568f78f2b02' (2023-07-29)
  → 'github:kyazdani42/nvim-tree.lua/904f95cd9db31d1800998fa428e78e418a50181d' (2023-08-06)
 2023-08-06 03:47:21 +00:00
Noah Masur
c845ae2fd4 use ssh host key as identityfile on tempest 
reencrypt secrets and use personal key for mail
 2023-08-05 20:06:03 -04:00
Noah Masur
5bc10bef87 improve hosts documentation 2023-08-05 17:14:26 -04:00
Noah Masur
f0e1fc740f save ratbag profile to text 
move misc data files to misc directory
 2023-08-05 16:55:37 -04:00
Noah Masur
5826877ad2 more zfs docs 2023-08-05 14:59:09 -04:00
Noah Masur
d3b0f21313 initial zfs documentation 2023-08-05 14:44:24 -04:00
Noah Masur
b7d1921c4d provision grafana alerts and smtp 2023-08-05 14:21:49 +00:00
Noah Masur
de1337bf58 fix: failure to provision 2023-08-05 13:03:17 +00:00
Noah Masur
3cff7e090c fix: port is an integer 2023-08-05 01:20:38 +00:00
Noah Masur
21794891e7 grafana provisioning 
convert grafana dashboard to nix native

remove grafana yml file
 2023-08-04 21:15:38 -04:00
Noah Masur
20e5d7fef5 disable hmts because it's buggy 2023-08-04 05:14:05 +00:00
Noah Masur
b6a6c761e9 fix warnings in nextcloud 2023-08-04 05:13:43 +00:00
Noah Masur
fc4bd9e4a8 hmts: tree-sitter injections for home-manager 2023-08-03 16:06:47 -04:00
Noah Masur
25e3de5058 fix: output hash for nextcloud apps 2023-08-03 02:30:11 +00:00
Noah Masur
9694467ba0 try making nextcloud apps as flake inputs 2023-08-02 22:27:28 -04:00
Noah Masur
71e6780439 fix: wrong order of args 2023-08-02 21:50:26 -04:00
Noah Masur
e6d0852be0 try refactoring overlays into flake inputs 2023-08-02 11:51:11 -04:00
Noah Masur
00564c0c40 switch nextcloud to nix-based apps 2023-08-02 12:26:45 +00:00
Noah Masur
57b38a417e switch nextcloud from sqlite to mysql 2023-08-02 11:32:54 +00:00
Noah Masur
7f9ce5925e add undodir to hopefully fix short undo history 
seems like undo history was being lost after committing to git
 2023-08-01 11:05:41 -04:00
Noah Masur
5ce9a26441 fix: exa ls not showing group names 2023-08-01 08:14:06 -04:00
Noah Masur
73680961a0 bring back docker-cleanup file 
just for safekeeping
 2023-08-01 08:13:17 -04:00
Noah Masur
c59e914430 attempt to fix rofi power confirm issues 2023-07-31 23:00:30 -04:00
Noah Masur
e194003f8d fix: mach-nix not working with latest updates 2023-07-31 13:50:44 -04:00
Noah Masur
3d6f57c324 clean up and improve docs 2023-07-30 20:26:23 -04:00
Noah Masur
ef2ee7b871 fix: tree-sitter-python errors 2023-07-30 12:43:44 -04:00
Noah Masur
fc867d60cd add description for caddy overlay 2023-07-30 12:43:27 -04:00
Noah Masur
d395347a29 chore: fonts.fonts renamed to fonts.packages 2023-07-30 12:42:45 -04:00
github-actions[bot]
080f7395e0 flake.lock: Update 
Flake lock file updates:

• Updated input 'darwin':
    'github:lnl7/nix-darwin/efd35d99ce412335c478dff9da9a4256bbd39757' (2023-07-25)
  → 'github:lnl7/nix-darwin/16c07487ac9bc59f58b121d13160c67befa3342e' (2023-07-27)
• Updated input 'disko':
    'github:nix-community/disko/713eb78002e69bd77f5a69595756fd2e564233f3' (2023-07-23)
  → 'github:nix-community/disko/43f17a8b31c49f6696b8b258d317161afdc7e36b' (2023-07-28)
• Updated input 'firefox-darwin':
    'github:bandithedoge/nixpkgs-firefox-darwin/9f5f2b9396724b807818f889abfa7ccf61e20afa' (2023-07-22)
  → 'github:bandithedoge/nixpkgs-firefox-darwin/69010f2ef9fbcef70d12541910ccc6db7a9997db' (2023-07-28)
• Updated input 'home-manager':
    'github:nix-community/home-manager/d309a62ee81faec56dd31a263a0184b0e3227e36' (2023-07-24)
  → 'github:nix-community/home-manager/f58889c07efa8e1328fdf93dc1796ec2a5c47f38' (2023-07-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/b12803b6d90e2e583429bb79b859ca53c348b39a' (2023-07-24)
  → 'github:nixos/nixpkgs/2a9d660ff0f7ffde9d73be328ee6e6f10ef66b28' (2023-07-28)
• Updated input 'nur':
    'github:nix-community/nur/ed0946320360d3a08404d93077c0847c176d4da0' (2023-07-25)
  → 'github:nix-community/nur/1c4ba84e2cbfd43976a0fd3f848b536611735a79' (2023-07-30)
• Updated input 'nvim-tree-lua-src':
    'github:kyazdani42/nvim-tree.lua/273c1700eb68c27dce4e518efafc8144fd7ce4ab' (2023-07-23)
  → 'github:kyazdani42/nvim-tree.lua/4bd30f0137e44dcf3e74cc1164efb568f78f2b02' (2023-07-29)
• Updated input 'wsl':
    'github:nix-community/NixOS-WSL/01112baf546b5577038e2a422a5215eedd9bc84b' (2023-07-24)
  → 'github:nix-community/NixOS-WSL/f7a95a37306c46b42e9ce751977c44c752fd5eca' (2023-07-28)
• Updated input 'wsl/nixpkgs':
    'github:NixOS/nixpkgs/53657afe29748b3e462f1f892287b7e254c26d77' (2023-07-17)
  → 'github:NixOS/nixpkgs/9462344318b376e157c94fa60c20a25b913b2381' (2023-07-27)
 2023-07-30 14:23:23 +00:00
Noah Masur
1475172bdb switch to rebase merge 
uses fast-forward commit style
 2023-07-30 10:17:52 -04:00
Noah Masur
5d6dab3cab auth automerge and run status check in same action 2023-07-30 09:49:53 -04:00
Noah Masur
3e6232cbee fix: update to latest version of updater 2023-07-30 09:38:53 -04:00
Noah Masur
8d72216f13 fix: flake update permissions 2023-07-30 09:37:52 -04:00
Noah Masur
dd36a3bd82 fix: typo 2023-07-30 09:23:29 -04:00
Noah Masur
0ed3633404 add more comments and utilities 2023-07-29 23:56:44 -04:00
Noah Masur
95e04de763 reduce unnecessary caddy matches 2023-07-30 03:56:17 +00:00
Noah Masur
b1ebca57d2 replace nginx with caddy for nextcloud 2023-07-30 03:51:01 +00:00
Noah Masur
939d17ada1 delay gitea runner until gitea is running 2023-07-29 19:49:47 +00:00
Noah Masur
dfd52e2cd5 enable gitea metrics 2023-07-29 19:33:13 +00:00
Noah Masur
b589ba5d8a enable auto PRs and checks 2023-07-29 15:20:14 -04:00
111 changed files with 3907 additions and 784 deletions
Expand all files Collapse all files

20
.github/workflows/check.yml vendored Normal file
View File

@ -0,0 +1,20 @@
name: Check Build
on:
workflow_dispatch: # allows manual triggering
jobs:
check:
name: Check
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Check the Flake
run: nix flake check

38
.github/workflows/update.yml vendored Normal file
View File

@ -0,0 +1,38 @@
name: Update Flake
on:
workflow_dispatch: # allows manual triggering
schedule:
- cron: '33 3 * * 0' # runs weekly on Sunday at 03:33
permissions:
contents: write
pull-requests: write
jobs:
lockfile:
name: Lockfile
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v3
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@v4
- name: Check Nixpkgs Inputs
uses: DeterminateSystems/flake-checker-action@v5
- name: Add Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@v2
- name: Update flake.lock
uses: DeterminateSystems/update-flake-lock@v19
id: update
with:
pr-title: "Update flake.lock" # Title of PR to be created
pr-labels: | # Labels to be set on the PR
dependencies
automated
- name: Check the Flake
run: nix flake check
- name: Enable Pull Request Automerge
run: gh pr merge --rebase --auto ${{ steps.update.outputs.pull-request-number }}
env:
GH_TOKEN: ${{ github.token }}

9
apps/README.md Normal file
View File

@ -0,0 +1,9 @@
# Apps
These are all my miscellaneous utilies and scripts to accompany this project.
They can be run with:
```
nix run github:nmasur/dotfiles#appname
```

2
apps/encrypt-secret.nix
View File

@ -11,7 +11,7 @@
tmpfile=$(mktemp) tmpfile=$(mktemp)
echo "''${secret}" > ''${tmpfile} echo "''${secret}" > ''${tmpfile}
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${ ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../public-keys builtins.toString ../misc/public-keys
} $tmpfile } $tmpfile
rm $tmpfile rm $tmpfile
''); '');

4
apps/installer.nix
View File

@ -17,8 +17,8 @@
--foreground "#fb4934" \ --foreground "#fb4934" \
"Missing required parameter." \ "Missing required parameter." \
"Usage: installer -- <disk> <host>" \ "Usage: installer -- <disk> <host>" \
"Example: installer -- nvme0n1 desktop" \ "Example: installer -- nvme0n1 tempest" \
"Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 desktop" "Flake example: nix run github:nmasur/dotfiles#installer -- nvme0n1 tempest"
echo "(exiting)" echo "(exiting)"
exit 1 exit 1
fi fi

2
apps/reencrypt-secrets.nix
View File

@ -17,7 +17,7 @@
--identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile --identity ~/.ssh/id_ed25519 $encryptedfile > $tmpfile
echo "Encrypting ''${encryptedfile}..." echo "Encrypting ''${encryptedfile}..."
${pkgs.age}/bin/age --encrypt --armor --recipients-file ${ ${pkgs.age}/bin/age --encrypt --armor --recipients-file ${
builtins.toString ../public-keys builtins.toString ../misc/public-keys
} $tmpfile > $encryptedfile } $tmpfile > $encryptedfile
rm $tmpfile rm $tmpfile
done done

5
colorscheme/README.md Normal file
View File

@ -0,0 +1,5 @@
# Colorschemes
Color information for different themes is found here. The colors are sourced
and used with [base16](https://github.com/chriskempson/base16) format
consistently across the system.

5
disks/README.md Normal file
View File

@ -0,0 +1,5 @@
# Disks
These are my [disko](https://github.com/nix-community/disko) configurations,
which allow me to save desired disk formatting layouts as a declarative file so
I don't have to remember how to format my disks later on.

4
docs/README.md Normal file
View File

@ -0,0 +1,4 @@
# Documentation
Reference documents for some of the more complicated services and maintenance
tasks.

65
docs/repair-nextcloud.md Normal file
View File

@ -0,0 +1,65 @@
# Repairing Nextcloud
You can run the maintenance commands like this:
```
sudo -u nextcloud nextcloud-occ maintenance:mode --on
sudo -u nextcloud nextcloud-occ maintenance:repair
sudo -u nextcloud nextcloud-occ maintenance:mode --off
```
## Rescan Files
```
sudo -u nextcloud nextcloud-occ files:scan --all
```
## Converting from SQLite to MySQL (mariadb)
First: keep Nextcloud set to SQLite as its dbtype, and separately launch MySQL
as a service by copying the configuration found
[here](https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/nextcloud.nix).
No password is necessary, since the user-based auth works with UNIX sockets.
You can connect to the MySQL instance like this:
```
sudo -u nextcloud mysql -S /run/mysqld/mysqld.sock
```
Create a blank database for Nextcloud:
```sql
create database nextcloud;
```
Now setup the [conversion](https://docs.nextcloud.com/server/17/admin_manual/configuration_database/db_conversion.html):
```
sudo -u nextcloud nextcloud-occ db:convert-type mysql nextcloud localhost nextcloud
```
Ignore the password prompt. Proceed with the conversion.
Now `config.php` will be updated but the override config from NixOS will not
be. Now update your NixOS configuration:
- Remove the `mysql` service you created.
- Set `dbtype` to `mysql`.
- Set `database.createLocally` to `true`.
Rebuild your configuration.
Now, make sure to enable [4-byte
support](https://docs.nextcloud.com/server/latest/admin_manual/configuration_database/mysql_4byte_support.html)
in the database.
## Backing Up MySQL Database
Use this mysqldump command:
```
sudo -u nextcloud mysqldump -S /run/mysqld/mysqld.sock --default-character-set=utf8mb4 nextcloud > backup.sql
```

43
docs/restore-nextcloud.md
View File

@ -1,43 +0,0 @@
# Restoring Nextcloud From Backup
Install the `litestream` package.
```
nix-shell --run fish -p litestream
```
Set the S3 credentials:
```
set -x AWS_ACCESS_KEY_ID (read)
set -x AWS_SECRET_ACCESS_KEY (read)
```
Restore from S3:
```
litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
```
Install Nextcloud. Then copy DB:
```
sudo rm /data/nextcloud/data/nextcloud.db*
sudo mv nextcloud.db /data/nextcloud/data/
sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
sudo chmod 770 /data/nextcloud/data/nextcloud.db
```
Restart Nextcloud:
```
sudo systemctl restart phpfpm-nextcloud.service
```
Adjust Permissions and Directories:
```
sudo mkdir /data/nextcloud/data/noah/files
sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
```

45
docs/zfs.md Normal file
View File

@ -0,0 +1,45 @@
# ZFS
Swan runs its root on ext4. The ZFS drives are managed imperatively (this
[disko configuration](../disks/zfs.nix) is an unused work-in-progress).
The basic ZFS settings are managed [here](../modules/nixos/hardware/zfs.nix).
## Creating a New Dataset
```
sudo zfs create tank/mydataset
sudo zfs set compression=zstd tank/myzstddataset
sudo zfs set mountpoint=/data/mydataset tank/mydataset
```
## Maintenance
### Get Status
```
sudo zpool status
```
### Replace Disk
```
sudo zdb
sudo zpool status -g # Show by GUID
sudo zpool offline tank <GUID>
sudo zpool status
# Remove old disk, insert new disk
sudo zdb
sudo zpool replace tank <OLD GUID> /dev/disk/by-id/<NEW PATH>
sudo zpool status
```
## Initial Setup
```
sudo zpool create tank raidz1 sda sdb sdc
sudo zpool set ashift=12 tank
sudo zpool set autoexpand=on tank
sudo zpool set compression=on tank
```

216
flake.lock generated
View File

@ -73,11 +73,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690247892, "lastModified": 1691275315,
"narHash": "sha256-WMGc1yq1cqRd+kzjWgbvHxckJIe8VQfiZ5RfR8tgABw=", "narHash": "sha256-9WN0IA0vNZSNxKHpy/bYvPnCw4VH/nr5iBv7c+7KUts=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "efd35d99ce412335c478dff9da9a4256bbd39757", "rev": "829041cf10c4f6751a53c0a11ca2fd22ff0918d6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -94,11 +94,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690148072, "lastModified": 1690739034,
"narHash": "sha256-R7bk2ij1b06Wc8S3L/guz6Mape5HtKp/YZUyJaxSFa8=", "narHash": "sha256-roW02IaiQ3gnEEDMCDWL5YyN+C4nBf/te6vfL7rG0jk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "713eb78002e69bd77f5a69595756fd2e564233f3", "rev": "4015740375676402a2ee6adebc3c30ea625b9a94",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -114,11 +114,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1689987164, "lastModified": 1691196340,
"narHash": "sha256-piroYVZtJ6hK1QRBtof4d701FRchO+FgkFK4JwMOWxI=", "narHash": "sha256-b1haFWCbFJkiUkeTQCkNjr8hFq/8JlMPaQwNpGlcvxI=",
"owner": "bandithedoge", "owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin", "repo": "nixpkgs-firefox-darwin",
"rev": "9f5f2b9396724b807818f889abfa7ccf61e20afa", "rev": "6081c33185dba05da784d9f2a392861af025bf1a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -194,6 +194,22 @@
"type": "github" "type": "github"
} }
}, },
"hmts-nvim-src": {
"flake": false,
"locked": {
"lastModified": 1691223193,
"narHash": "sha256-Zsl4s3e4upWiU2mXKqiQcUGxslPzzebKKXfzaHiNq48=",
"owner": "calops",
"repo": "hmts.nvim",
"rev": "1d40963804925754672940d07ddb250d19efec2e",
"type": "github"
},
"original": {
"owner": "calops",
"repo": "hmts.nvim",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -201,11 +217,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690208251, "lastModified": 1691225770,
"narHash": "sha256-eb/KANeuQADVl5j4wVid4jyPCOMTorSI2+gqoXp3LME=", "narHash": "sha256-O5slH8nW8msTAqVAS5rkvdHSkjmrO+JauuSDzZCmv2M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d309a62ee81faec56dd31a263a0184b0e3227e36", "rev": "0a014a729cdd54d9919ff36b714d047909d7a4c8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,6 +231,42 @@
"type": "github" "type": "github"
} }
}, },
"nextcloud-cookbook": {
"flake": false,
"locked": {
"narHash": "sha256-XgBwUr26qW6wvqhrnhhhhcN4wkI+eXDHnNSm1HDbP6M=",
"type": "tarball",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz"
}
},
"nextcloud-external": {
"flake": false,
"locked": {
"narHash": "sha256-gY1nxqK/pHfoxW/9mE7DFtNawgdEV7a4OXpscWY14yk=",
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz"
}
},
"nextcloud-news": {
"flake": false,
"locked": {
"narHash": "sha256-hhXPEITSbCiFs0o+TOsQnSasXBpjU9mA/OFsbzuaCPw=",
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz"
}
},
"nil": { "nil": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
@ -297,11 +349,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1690179384, "lastModified": 1691186842,
"narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=", "narHash": "sha256-wxBVCvZUwq+XS4N4t9NqsHV4E64cPVqQ2fdDISpjcw0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b12803b6d90e2e583429bb79b859ca53c348b39a", "rev": "18036c0be90f4e308ae3ebcab0e14aae0336fe42",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -313,11 +365,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1689605451, "lastModified": 1690470004,
"narHash": "sha256-u2qp2k9V1smCfk6rdUcgMKvBj3G9jVvaPHyeXinjN9E=", "narHash": "sha256-l57RmPhPz9r1LGDg/0v8bYgJO8R+GGTQZtkIxE7negU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "53657afe29748b3e462f1f892287b7e254c26d77", "rev": "9462344318b376e157c94fa60c20a25b913b2381",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -345,11 +397,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1690247650, "lastModified": 1691289987,
"narHash": "sha256-xasDfDeXnR9PgUhOEzjn1NrvAcqloEgoNFUcQjv20Wg=", "narHash": "sha256-sbbDlVzxlP+bBTdhyyzJ6C0APUNU/sChuLmNU9ehkmg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nur", "repo": "nur",
"rev": "ed0946320360d3a08404d93077c0847c176d4da0", "rev": "cf2f5d8ad452795e5aca290c95eedc829d3da7ec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -378,11 +430,11 @@
"nvim-tree-lua-src": { "nvim-tree-lua-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1690096369, "lastModified": 1691292370,
"narHash": "sha256-aLw0ysDIJWOP2x1XppaHBmmRYfL4IzM5xQ+1WuW0QLM=", "narHash": "sha256-YQRirmp8QerxwF9qdrSrUKJZiVrBb6ZWpUTfM8H7fl4=",
"owner": "kyazdani42", "owner": "kyazdani42",
"repo": "nvim-tree.lua", "repo": "nvim-tree.lua",
"rev": "273c1700eb68c27dce4e518efafc8144fd7ce4ab", "rev": "904f95cd9db31d1800998fa428e78e418a50181d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -417,7 +469,11 @@
"darwin": "darwin", "darwin": "darwin",
"disko": "disko", "disko": "disko",
"firefox-darwin": "firefox-darwin", "firefox-darwin": "firefox-darwin",
"hmts-nvim-src": "hmts-nvim-src",
"home-manager": "home-manager", "home-manager": "home-manager",
"nextcloud-cookbook": "nextcloud-cookbook",
"nextcloud-external": "nextcloud-external",
"nextcloud-news": "nextcloud-news",
"nil": "nil", "nil": "nil",
"nix2vim": "nix2vim", "nix2vim": "nix2vim",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
@ -430,9 +486,15 @@
"telescope-nvim-src": "telescope-nvim-src", "telescope-nvim-src": "telescope-nvim-src",
"telescope-project-nvim-src": "telescope-project-nvim-src", "telescope-project-nvim-src": "telescope-project-nvim-src",
"toggleterm-nvim-src": "toggleterm-nvim-src", "toggleterm-nvim-src": "toggleterm-nvim-src",
"tree-sitter-bash": "tree-sitter-bash",
"tree-sitter-ini": "tree-sitter-ini",
"tree-sitter-puppet": "tree-sitter-puppet",
"tree-sitter-python": "tree-sitter-python",
"tree-sitter-rasi": "tree-sitter-rasi",
"vscode-terraform-snippets": "vscode-terraform-snippets", "vscode-terraform-snippets": "vscode-terraform-snippets",
"wallpapers": "wallpapers", "wallpapers": "wallpapers",
"wsl": "wsl" "wsl": "wsl",
"zenyd-mpv-scripts": "zenyd-mpv-scripts"
} }
}, },
"rust-overlay": { "rust-overlay": {
@ -540,6 +602,88 @@
"type": "github" "type": "github"
} }
}, },
"tree-sitter-bash": {
"flake": false,
"locked": {
"lastModified": 1688032601,
"narHash": "sha256-gl5F3IeZa2VqyH/qFj8ey2pRbGq4X8DL5wiyvRrH56U=",
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "493646764e7ad61ce63ce3b8c59ebeb37f71b841",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"repo": "tree-sitter-bash",
"rev": "493646764e7ad61ce63ce3b8c59ebeb37f71b841",
"type": "github"
}
},
"tree-sitter-ini": {
"flake": false,
"locked": {
"lastModified": 1690815608,
"narHash": "sha256-IIpKzpA4q1jpYVZ75VZaxWHaqNt8TA427eMOui2s71M=",
"owner": "justinmk",
"repo": "tree-sitter-ini",
"rev": "7f11a02fb8891482068e0fe419965d7bade81a68",
"type": "github"
},
"original": {
"owner": "justinmk",
"repo": "tree-sitter-ini",
"type": "github"
}
},
"tree-sitter-puppet": {
"flake": false,
"locked": {
"lastModified": 1690231696,
"narHash": "sha256-YEjjy9WLwITERYqoeSVrRYnwVBIAwdc4o0lvAK9wizw=",
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"rev": "9ce9a5f7d64528572aaa8d59459ba869e634086b",
"type": "github"
},
"original": {
"owner": "amaanq",
"repo": "tree-sitter-puppet",
"type": "github"
}
},
"tree-sitter-python": {
"flake": false,
"locked": {
"lastModified": 1690493803,
"narHash": "sha256-2btd/NRE6NuGNlx4cq535OrwtWXihiP3VMCJjPCiDOk=",
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "5af00f64af6bbf822f208243cce5cf75396fb6f5",
"type": "github"
},
"original": {
"owner": "tree-sitter",
"repo": "tree-sitter-python",
"rev": "5af00f64af6bbf822f208243cce5cf75396fb6f5",
"type": "github"
}
},
"tree-sitter-rasi": {
"flake": false,
"locked": {
"lastModified": 1678701563,
"narHash": "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=",
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"rev": "371dac6bcce0df5566c1cfebde69d90ecbeefd2d",
"type": "github"
},
"original": {
"owner": "Fymyte",
"repo": "tree-sitter-rasi",
"type": "github"
}
},
"vscode-terraform-snippets": { "vscode-terraform-snippets": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -579,11 +723,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1690187332, "lastModified": 1690553050,
"narHash": "sha256-8iyH0LXszole3kUjPfg4S8uprJ0RGDQbZLyBvKFiQ3s=", "narHash": "sha256-pK3kF30OykL3v6P8UP6ipihlS34KoGq9SryCj3tHrFw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "01112baf546b5577038e2a422a5215eedd9bc84b", "rev": "f7a95a37306c46b42e9ce751977c44c752fd5eca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -591,6 +735,22 @@
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"type": "github" "type": "github"
} }
},
"zenyd-mpv-scripts": {
"flake": false,
"locked": {
"lastModified": 1650625438,
"narHash": "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=",
"owner": "zenyd",
"repo": "mpv-scripts",
"rev": "19ea069abcb794d1bf8fac2f59b50d71ab992130",
"type": "github"
},
"original": {
"owner": "zenyd",
"repo": "mpv-scripts",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

76
flake.nix
View File

@ -111,6 +111,61 @@
url = "github:run-at-scale/vscode-terraform-doc-snippets"; url = "github:run-at-scale/vscode-terraform-doc-snippets";
flake = false; flake = false;
}; };
hmts-nvim-src = {
url = "github:calops/hmts.nvim";
flake = false;
};
# Tree-Sitter Grammars
tree-sitter-bash = {
# Fix: bash highlighting doesn't work as of this commit:
# https://github.com/NixOS/nixpkgs/commit/49cce41b7c5f6b88570a482355d9655ca19c1029
url =
"github:tree-sitter/tree-sitter-bash/493646764e7ad61ce63ce3b8c59ebeb37f71b841";
flake = false;
};
tree-sitter-python = {
# Fix: invalid node in position. Broken as of this commit (replaced with newer):
# https://github.com/NixOS/nixpkgs/commit/8ec3627796ecc899e6f47f5bf3c3220856ead9c5
url =
"github:tree-sitter/tree-sitter-python/5af00f64af6bbf822f208243cce5cf75396fb6f5";
flake = false;
};
tree-sitter-ini = {
url = "github:justinmk/tree-sitter-ini";
flake = false;
};
tree-sitter-puppet = {
url = "github:amaanq/tree-sitter-puppet";
flake = false;
};
tree-sitter-rasi = {
url = "github:Fymyte/tree-sitter-rasi";
flake = false;
};
# MPV Scripts
zenyd-mpv-scripts = {
url = "github:zenyd/mpv-scripts";
flake = false;
};
# Nextcloud Apps
nextcloud-news = {
url =
"https://github.com/nextcloud/news/releases/download/22.0.0/news.tar.gz";
flake = false;
};
nextcloud-external = {
url =
"https://github.com/nextcloud-releases/external/releases/download/v5.2.0/external-v5.2.0.tar.gz";
flake = false;
};
nextcloud-cookbook = {
url =
"https://github.com/nextcloud/cookbook/releases/download/v0.10.2/Cookbook-0.10.2.tar.gz";
flake = false;
};
}; };
@ -149,6 +204,9 @@
(import ./overlays/calibre-web.nix) (import ./overlays/calibre-web.nix)
(import ./overlays/disko.nix inputs) (import ./overlays/disko.nix inputs)
(import ./overlays/tree-sitter.nix inputs) (import ./overlays/tree-sitter.nix inputs)
(import ./overlays/caddy.nix inputs)
(import ./overlays/mpv-scripts.nix inputs)
(import ./overlays/nextcloud-apps.nix inputs)
(import ./overlays/betterlockscreen.nix) (import ./overlays/betterlockscreen.nix)
]; ];
@ -228,6 +286,24 @@
}); });
checks = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
in {
neovim = pkgs.runCommand "neovim-check-health" {
buildInputs = [ inputs.self.packages.${system}.neovim ];
} ''
mkdir -p $out
export HOME=$TMPDIR
nvim -c "checkhealth" -c "write $out/health.log" -c "quitall"
# Check for errors inside the health log
if $(grep "ERROR" $out/health.log); then
cat $out/health.log
exit 1
fi
'';
});
# Templates for starting other projects quickly # Templates for starting other projects quickly
templates = rec { templates = rec {
default = basic; default = basic;

2
hosts/README.md
View File

@ -1,5 +1,7 @@
# Hosts # Hosts
These are the individual machines managed by this flake.
| Host | Purpose | | Host | Purpose |
| --- | --- | | --- | --- |
| [aws](./aws/default.nix) | AWS AMI | | [aws](./aws/default.nix) | AWS AMI |

6
hosts/aws/default.nix
View File

@ -4,14 +4,10 @@ inputs.nixos-generators.nixosGenerate {
inherit system; inherit system;
format = "amazon"; format = "amazon";
modules = [ modules = [
globals
inputs.home-manager.nixosModules.home-manager inputs.home-manager.nixosModules.home-manager
{ {
nixpkgs.overlays = overlays; nixpkgs.overlays = overlays;
user = globals.user;
fullName = globals.fullName;
dotfilesRepo = globals.dotfilesRepo;
gitName = globals.gitName;
gitEmail = globals.gitEmail;
networking.hostName = "sheep"; networking.hostName = "sheep";
gui.enable = false; gui.enable = false;
theme.colors = (import ../../colorscheme/gruvbox).dark; theme.colors = (import ../../colorscheme/gruvbox).dark;

30
hosts/flame/default.nix
View File

@ -3,6 +3,7 @@
# How to install: # How to install:
# https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/ # https://blog.korfuri.fr/posts/2022/08/nixos-on-an-oracle-free-tier-ampere-machine/
# These days, probably use nixos-anywhere instead.
{ inputs, globals, overlays, ... }: { inputs, globals, overlays, ... }:
@ -21,32 +22,38 @@ inputs.nixpkgs.lib.nixosSystem {
server = true; server = true;
networking.hostName = "flame"; networking.hostName = "flame";
# Not sure what's necessary but too afraid to remove anything
imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ]; imports = [ (inputs.nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "usbhid" ];
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
# I forgot to set a clean label for it
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3"; device = "/dev/disk/by-uuid/e1b6bd50-306d-429a-9f45-78f57bc597c3";
fsType = "ext4"; fsType = "ext4";
}; };
# This is the boot filesystem for systemd-boot
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D5CA-237A"; device = "/dev/disk/by-uuid/D5CA-237A";
fsType = "vfat"; fsType = "vfat";
}; };
# Theming # Theming
gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Disable passwords, only use SSH key # Server doesn't require GUI
publicKey = gui.enable = false;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
# Programs and services # Programs and services
cloudflare.enable = true; # Proxy traffic with Cloudflare cloudflare.enable = true; # Proxy traffic with Cloudflare
dotfiles.enable = true; # Clone dotfiles dotfiles.enable = true; # Clone dotfiles
neovim.enable = true; neovim.enable = true;
giteaRunner.enable = true;
services.caddy.enable = true; services.caddy.enable = true;
services.grafana.enable = true; services.grafana.enable = true;
services.openssh.enable = true; services.openssh.enable = true;
@ -55,6 +62,7 @@ inputs.nixpkgs.lib.nixosSystem {
services.vaultwarden.enable = true; services.vaultwarden.enable = true;
services.minecraft-server.enable = true; # Setup Minecraft server services.minecraft-server.enable = true; # Setup Minecraft server
# Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2"; id = "bd250ee1-ed2e-42d2-b627-039f1eb5a4d2";
@ -63,8 +71,6 @@ inputs.nixpkgs.lib.nixosSystem {
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org"; "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBK/6oyVqjFGX3Uvrc3VS8J9sphxzAnRzKC85xgkHfYgR3TK6qBGXzHrknEj21xeZrr3G2y1UsGzphWJd9ZfIcdA= open-ssh-ca@cloudflareaccess.org";
}; };
giteaRunner.enable = true;
# Nextcloud backup config # Nextcloud backup config
backup.s3 = { backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
@ -72,8 +78,9 @@ inputs.nixpkgs.lib.nixosSystem {
accessKeyId = "0026b0e73b2e2c80000000005"; accessKeyId = "0026b0e73b2e2c80000000005";
}; };
# # Grant access to Jellyfin directories from Nextcloud # Disable passwords, only use SSH key
# users.users.nextcloud.extraGroups = [ "jellyfin" ]; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s";
# # Wireguard config for Transmission # # Wireguard config for Transmission
# wireguard.enable = true; # wireguard.enable = true;
@ -104,9 +111,6 @@ inputs.nixpkgs.lib.nixosSystem {
# # VPN port forwarding # # VPN port forwarding
# services.transmission.settings.peer-port = 57599; # services.transmission.settings.peer-port = 57599;
# # Grant access to Transmission directories from Jellyfin
# users.users.jellyfin.extraGroups = [ "transmission" ];
} }
]; ];
} }

2
hosts/hydra/default.nix
View File

@ -22,7 +22,7 @@ inputs.nixpkgs.lib.nixosSystem {
colors = (import ../../colorscheme/gruvbox).dark; colors = (import ../../colorscheme/gruvbox).dark;
dark = true; dark = true;
}; };
passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512; passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
wsl = { wsl = {
enable = true; enable = true;
wslConf.automount.root = "/mnt"; wslConf.automount.root = "/mnt";

23
hosts/swan/default.nix
View File

@ -13,11 +13,14 @@ inputs.nixpkgs.lib.nixosSystem {
../../modules/common ../../modules/common
../../modules/nixos ../../modules/nixos
{ {
nixpkgs.overlays = overlays;
# Hardware # Hardware
server = true; server = true;
physical = true; physical = true;
networking.hostName = "swan"; networking.hostName = "swan";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ]; [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
@ -30,29 +33,43 @@ inputs.nixpkgs.lib.nixosSystem {
"amdgpu.cik_support=1" "amdgpu.cik_support=1"
"amdgpu.dc=1" "amdgpu.dc=1"
]; ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Prioritize efficiency over performance
powerManagement.cpuFreqGovernor = "powersave"; powerManagement.cpuFreqGovernor = "powersave";
# Allow firmware updates
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
# ZFS # ZFS
zfs.enable = true; zfs.enable = true;
# Generated with: head -c 8 /etc/machine-id # Generated with: head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS networking.hostId = "600279f4"; # Random ID required for ZFS
# Sets root ext4 filesystem instead of declaring it manually
disko = { disko = {
enableConfig = true; enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; }); devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
}; };
# Automatically load the ZFS pool on boot
boot.zfs.extraPools = [ "tank" ]; boot.zfs.extraPools = [ "tank" ];
# Theming
# Server doesn't require GUI
gui.enable = false; gui.enable = false;
# Still require colors for programs like Neovim, K9S
theme = { colors = (import ../../colorscheme/gruvbox).dark; }; theme = { colors = (import ../../colorscheme/gruvbox).dark; };
nixpkgs.overlays = overlays;
# Programs and services
neovim.enable = true; neovim.enable = true;
cloudflare.enable = true; cloudflare.enable = true;
dotfiles.enable = true; dotfiles.enable = true;
arrs.enable = true; arrs.enable = true;
services.bind.enable = true; services.bind.enable = true;
services.caddy.enable = true; services.caddy.enable = true;
services.jellyfin.enable = true; services.jellyfin.enable = true;
@ -63,6 +80,7 @@ inputs.nixpkgs.lib.nixosSystem {
services.vmagent.enable = true; services.vmagent.enable = true;
services.samba.enable = true; services.samba.enable = true;
# Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2"; id = "646754ac-2149-4a58-b51a-e1d0a1f3ade2";
@ -71,6 +89,7 @@ inputs.nixpkgs.lib.nixosSystem {
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org"; "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCHF/UMtJqPFrf6f6GRY0ZFnkCW7b6sYgUTjTtNfRj1RdmNic1NoJZql7y6BrqQinZvy7nsr1UFDNWoHn6ah3tg= open-ssh-ca@cloudflareaccess.org";
}; };
# Send regular backups and litestream for DBs to an S3-like bucket
backup.s3 = { backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com"; endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup"; bucket = "noahmasur-backup";

32
hosts/tempest/default.nix
View File

@ -17,14 +17,25 @@ inputs.nixpkgs.lib.nixosSystem {
physical = true; physical = true;
networking.hostName = "tempest"; networking.hostName = "tempest";
# Not sure what's necessary but too afraid to remove anything
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules =
[ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
# Graphics and VMs
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
services.xserver.videoDrivers = [ "amdgpu" ]; services.xserver.videoDrivers = [ "amdgpu" ];
# Required binary blobs to boot on this machine
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Prioritize performance over efficiency
powerManagement.cpuFreqGovernor = "performance"; powerManagement.cpuFreqGovernor = "performance";
# Allow firmware updates
hardware.cpu.amd.updateMicrocode = true; hardware.cpu.amd.updateMicrocode = true;
# Helps reduce GPU fan noise under idle loads
hardware.fancontrol.enable = true; hardware.fancontrol.enable = true;
hardware.fancontrol.config = '' hardware.fancontrol.config = ''
# Configuration file generated by pwmconfig, changes will be lost # Configuration file generated by pwmconfig, changes will be lost
@ -41,22 +52,29 @@ inputs.nixpkgs.lib.nixosSystem {
MAXPWM=hwmon0/pwm1=240 MAXPWM=hwmon0/pwm1=240
''; '';
# File systems must be declared in order to boot
# This is the root filesystem containing NixOS
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
fsType = "ext4"; fsType = "ext4";
}; };
# This is the boot filesystem for Grub
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-label/boot"; device = "/dev/disk/by-label/boot";
fsType = "vfat"; fsType = "vfat";
}; };
# Must be prepared ahead # Secrets must be prepared ahead before deploying
identityFile = "/home/${globals.user}/.ssh/id_ed25519"; passwordHash = inputs.nixpkgs.lib.fileContents ../../misc/password.sha512;
passwordHash = inputs.nixpkgs.lib.fileContents ../../password.sha512;
# Theming # Theming
# Turn on all features related to desktop and graphical applications
gui.enable = true; gui.enable = true;
# Set the system-wide theme, also used for non-graphical programs
theme = { theme = {
colors = (import ../../colorscheme/gruvbox-dark).dark; colors = (import ../../colorscheme/gruvbox-dark).dark;
dark = true; dark = true;
@ -91,9 +109,11 @@ inputs.nixpkgs.lib.nixosSystem {
leagueoflegends.enable = true; leagueoflegends.enable = true;
ryujinx.enable = true; ryujinx.enable = true;
}; };
services.vmagent.enable = true; services.vmagent.enable = true; # Enables Prometheus metrics
services.openssh.enable =
true; # Required for Cloudflare tunnel and identity file
services.openssh.enable = true; # Required for Cloudflare tunnel # Allows private remote access over the internet
cloudflareTunnel = { cloudflareTunnel = {
enable = true; enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173"; id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
@ -103,6 +123,8 @@ inputs.nixpkgs.lib.nixosSystem {
}; };
# Allows requests to force machine to wake up # Allows requests to force machine to wake up
# This network interface might change, needs to be set specifically for each machine.
# Or set usePredictableInterfaceNames = false
networking.interfaces.enp5s0.wakeOnLan.enable = true; networking.interfaces.enp5s0.wakeOnLan.enable = true;
} }

21
misc/README.md Normal file
View File

@ -0,0 +1,21 @@
# Miscellaneous
These files contain important data sourced by the configuration, or simply
information to store for safekeeping later.
---
Creating hashed password for [password.sha512](./password.sha512):
```
mkpasswd -m sha-512
```
---
Getting key for [public-keys](./public-keys):
```
ssh-keyscan -t ed25519 <hostname>
```

23
misc/libratbag-profile Normal file
View File

@ -0,0 +1,23 @@
Profile 1: (active)
Name: n/a
Report Rate: 1000Hz
Resolutions:
0: 400dpi (active) (default)
1: 800dpi
2: 1600dpi
3: 2400dpi
4: 0dpi
Button: 0 is mapped to 'button 1'
Button: 1 is mapped to 'button 2'
Button: 2 is mapped to 'button 3'
Button: 3 is mapped to 'button 4'
Button: 4 is mapped to 'button 5'
Button: 5 is mapped to macro '↕F11'
Button: 6 is mapped to macro '↕VOLUMEDOWN'
Button: 7 is mapped to macro '↕VOLUMEUP'
Button: 8 is mapped to 'unknown'
Button: 9 is mapped to 'wheel-right'
Button: 10 is mapped to 'wheel-left'
LED: 0, depth: monochrome, mode: on, color: 000000
LED: 1, depth: monochrome, mode: on, color: 000000
LED: 2, depth: monochrome, mode: on, color: 000000

0
password.sha512 → misc/password.sha512
View File

3
public-keys → misc/public-keys
View File

@ -1,5 +1,6 @@
# Scan hosts: ssh-keyscan -t ed25519 <hostnames> # Scan hosts: ssh-keyscan -t ed25519 <hostnames>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s tempest ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s personal
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3yHivgEXr2ecwe58h9bkhwTYivf3GwL8xenQKMeiUb tempest

1
modules/README.md
View File

@ -5,4 +5,5 @@
| [common](./common/default.nix) | User programs and OS-agnostic configuration | | [common](./common/default.nix) | User programs and OS-agnostic configuration |
| [darwin](./darwin/default.nix) | macOS-specific configuration | | [darwin](./darwin/default.nix) | macOS-specific configuration |
| [nixos](./nixos/default.nix) | NixOS-specific configuration | | [nixos](./nixos/default.nix) | NixOS-specific configuration |
| [wsl](./wsl/default.nix) | WSL-specific configuration |

20
modules/common/applications/kitty.nix
View File

@ -11,23 +11,10 @@
config = lib.mkIf (config.gui.enable && config.kitty.enable) { config = lib.mkIf (config.gui.enable && config.kitty.enable) {
# Set the Rofi-Systemd terminal for viewing logs terminal = "${pkgs.kitty}/bin/kitty";
# Using optionalAttrs because only available in NixOS
environment = { } // lib.attrsets.optionalAttrs
(builtins.hasAttr "sessionVariables" config.environment) {
sessionVariables.ROFI_SYSTEMD_TERM = "${pkgs.kitty}/bin/kitty";
};
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
# Set the i3 terminal
xsession.windowManager.i3.config.terminal =
lib.mkIf pkgs.stdenv.isLinux "kitty";
# Set the Rofi terminal for running programs
programs.rofi.terminal =
lib.mkIf pkgs.stdenv.isLinux "${pkgs.kitty}/bin/kitty";
# Display images in the terminal # Display images in the terminal
programs.fish.shellAliases = { programs.fish.shellAliases = {
icat = "kitty +kitten icat"; icat = "kitty +kitten icat";
@ -40,7 +27,10 @@
extraConfig = ""; extraConfig = "";
font.size = 14; font.size = 14;
keybindings = { keybindings = {
# Use shift+enter to complete text suggestions in fish
"shift+enter" = "send_text all \\x1F"; "shift+enter" = "send_text all \\x1F";
# Easy fullscreen toggle (for macOS)
"super+f" = "toggle_fullscreen"; "super+f" = "toggle_fullscreen";
}; };
settings = { settings = {
@ -98,7 +88,7 @@
tab_bar_edge = "top"; tab_bar_edge = "top";
tab_bar_style = "slant"; tab_bar_style = "slant";
# Audio # Disable audio
enable_audio_bell = false; enable_audio_bell = false;
}; };
}; };

22
modules/common/applications/media.nix
View File

@ -22,8 +22,8 @@
enable = true; enable = true;
bindings = { }; bindings = { };
config = { config = {
image-display-duration = 2; image-display-duration = 2; # For cycling through images
hwdec = "auto-safe"; hwdec = "auto-safe"; # Attempt to use GPU decoding for video
}; };
scripts = [ scripts = [
@ -31,25 +31,11 @@
pkgs.mpvScripts.autoload pkgs.mpvScripts.autoload
# Delete current file after quitting # Delete current file after quitting
(pkgs.stdenv.mkDerivation rec { pkgs.mpvScripts.mpv-delete-file
pname = "mpv-delete-file";
version = "0.1"; # made-up
src = pkgs.fetchFromGitHub {
owner = "zenyd";
repo = "mpv-scripts";
rev = "19ea069abcb794d1bf8fac2f59b50d71ab992130";
sha256 = "sha256-OBCuzCtgfSwj0i/rBNranuu4LRc47jObwQIJgQQoerg=";
} + "/delete_file.lua";
dontBuild = true;
dontUnpack = true;
installPhase =
"install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua";
passthru.scriptName = "delete_file.lua";
})
]; ];
}; };
# Set default for opening PDFs # Set default programs for opening PDFs and other media
xdg.mimeApps = { xdg.mimeApps = {
associations.added = { associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ]; "application/pdf" = [ "pwmt.zathura-cb.desktop" ];

32
modules/common/mail/default.nix
View File

@ -27,19 +27,32 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.mbsync = { enable = true; }; programs.mbsync = { enable = true; };
# Automatically check for mail and keep files synced locally
services.mbsync = lib.mkIf pkgs.stdenv.isLinux { services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
enable = true; enable = true;
frequency = "*:0/5"; frequency = "*:0/5";
postExec = "${pkgs.notmuch}/bin/notmuch new"; postExec = "${pkgs.notmuch}/bin/notmuch new";
}; };
# Used to watch for new mail and trigger sync
services.imapnotify.enable = pkgs.stdenv.isLinux; services.imapnotify.enable = pkgs.stdenv.isLinux;
# Allows sending email from CLI/sendmail
programs.msmtp.enable = true; programs.msmtp.enable = true;
# Better local mail search
programs.notmuch = { programs.notmuch = {
enable = true; enable = true;
new.ignore = [ ".mbsyncstate.lock" ".mbsyncstate.journal" ]; new.ignore =
[ ".mbsyncstate.lock" ".mbsyncstate.journal" ".mbsyncstate.new" ];
}; };
accounts.email = { accounts.email = {
# Where email files are stored
maildirBasePath = "${config.homePath}/mail"; maildirBasePath = "${config.homePath}/mail";
accounts = { accounts = {
home = let address = "${config.mail.user}@${config.mail.server}"; home = let address = "${config.mail.user}@${config.mail.server}";
in { in {
@ -52,13 +65,17 @@
"hey" "hey"
"admin" "admin"
]; ];
# Options for contact completion
alot = { }; alot = { };
flavor = "plain";
imap = { imap = {
host = config.mail.imapHost; host = config.mail.imapHost;
port = 993; port = 993;
tls.enable = true; tls.enable = true;
}; };
# Watch for mail and run notifications or sync
imapnotify = { imapnotify = {
enable = true; enable = true;
boxes = [ "Inbox" ]; boxes = [ "Inbox" ];
@ -67,7 +84,11 @@
config.home-manager.users.${config.user}.services.dunst.enable config.home-manager.users.${config.user}.services.dunst.enable
"${pkgs.libnotify}/bin/notify-send 'New mail arrived'"; "${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
}; };
# Name of the directory in maildir for this account
maildir = { path = "main"; }; maildir = { path = "main"; };
# Bi-directional syncing options for local files
mbsync = { mbsync = {
enable = true; enable = true;
create = "both"; create = "both";
@ -78,12 +99,17 @@
CopyArrivalDate = "yes"; # Sync time of original message CopyArrivalDate = "yes"; # Sync time of original message
}; };
}; };
# Enable indexing
notmuch.enable = true; notmuch.enable = true;
# Used to login and send and receive emails
passwordCommand = passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${ "${pkgs.age}/bin/age --decrypt --identity ~/.ssh/id_ed25519 ${
pkgs.writeText "mailpass.age" pkgs.writeText "mailpass.age"
(builtins.readFile ../../../private/mailpass.age) (builtins.readFile ../../../private/mailpass.age)
}"; }";
smtp = { smtp = {
host = config.mail.smtpHost; host = config.mail.smtpHost;
port = 465; port = 465;

4
modules/common/mail/system.nix
View File

@ -5,12 +5,14 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.msmtp.enable = true; programs.msmtp.enable = true;
# The system user for sending automatic notifications
accounts.email.accounts.system = accounts.email.accounts.system =
let address = "system@${config.mail.server}"; let address = "system@${config.mail.server}";
in { in {
userName = address; userName = address;
realName = "NixOS System"; realName = "NixOS System";
primary = false; primary = !config.mail.enable; # Only primary if mail not enabled
inherit address; inherit address;
passwordCommand = passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${ "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${

3
modules/common/neovim/config/align.nix
View File

@ -1,4 +1,7 @@
{ pkgs, ... }: { { pkgs, ... }: {
# Plugin for aligning text programmatically
plugins = [ pkgs.vimPlugins.tabular ]; plugins = [ pkgs.vimPlugins.tabular ];
lua = '' lua = ''
-- Align -- Align

3
modules/common/neovim/config/bufferline.nix
View File

@ -1,4 +1,7 @@
{ pkgs, ... }: { { pkgs, ... }: {
# Shows buffers in a VSCode-style tab layout
plugins = [ plugins = [
pkgs.vimPlugins.bufferline-nvim pkgs.vimPlugins.bufferline-nvim
pkgs.vimPlugins.vim-bbye # Better closing of buffers pkgs.vimPlugins.vim-bbye # Better closing of buffers

2
modules/common/neovim/config/colors.nix
View File

@ -1,5 +1,7 @@
{ pkgs, lib, config, ... }: { { pkgs, lib, config, ... }: {
# Sets Neovim colors based on Nix colorscheme
options.colors = lib.mkOption { options.colors = lib.mkOption {
type = lib.types.attrsOf lib.types.str; type = lib.types.attrsOf lib.types.str;
description = "Attrset of base16 colorscheme key value pairs."; description = "Attrset of base16 colorscheme key value pairs.";

16
modules/common/neovim/config/completion.nix
View File

@ -24,12 +24,14 @@
end end
''; '';
# Enable Luasnip snippet completion
snippet.expand = dsl.rawLua '' snippet.expand = dsl.rawLua ''
function(args) function(args)
require("luasnip").lsp_expand(args.body) require("luasnip").lsp_expand(args.body)
end end
''; '';
# Basic completion keybinds
mapping = { mapping = {
"['<C-n>']" = dsl.rawLua "['<C-n>']" = dsl.rawLua
"require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })"; "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
@ -64,24 +66,26 @@
''; '';
}; };
# These are where the completion engine gets its suggestions
sources = [ sources = [
{ name = "nvim_lua"; } { name = "nvim_lua"; } # Fills in common Neovim lua functions
{ name = "nvim_lsp"; } { name = "nvim_lsp"; } # LSP results
{ name = "luasnip"; } { name = "luasnip"; } # Snippets
{ name = "path"; } { name = "path"; } # Shell completion from current PATH
{ {
name = "buffer"; name = "buffer"; # Grep for text from the current text buffer
keyword_length = 3; keyword_length = 3;
max_item_count = 10; max_item_count = 10;
} }
{ {
name = "rg"; name = "rg"; # Grep for text from the current directory
keyword_length = 6; keyword_length = 6;
max_item_count = 10; max_item_count = 10;
option = { additional_arguments = "--ignore-case"; }; option = { additional_arguments = "--ignore-case"; };
} }
]; ];
# Styling of the completion menu
formatting = { formatting = {
fields = [ "kind" "abbr" "menu" ]; fields = [ "kind" "abbr" "menu" ];
format = dsl.rawLua '' format = dsl.rawLua ''

5
modules/common/neovim/config/misc.nix
View File

@ -10,6 +10,7 @@
pkgs.vimPlugins.which-key-nvim # Keybind helper pkgs.vimPlugins.which-key-nvim # Keybind helper
]; ];
# Initialize some plugins
setup.Comment = { }; setup.Comment = { };
setup.colorizer = { }; setup.colorizer = { };
setup.glow = { }; setup.glow = { };
@ -51,7 +52,9 @@
vim.o.backup = true; # Easier to recover and more secure vim.o.backup = true; # Easier to recover and more secure
vim.bo.swapfile = false; # Instead of swaps, create backups vim.bo.swapfile = false; # Instead of swaps, create backups
vim.bo.undofile = true; # Keeps undos after quit vim.bo.undofile = true; # Keeps undos after quit
vim.o.backupdir = dsl.rawLua ''vim.fn.stdpath("cache") .. "/backup"''; vim.o.backupdir =
dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/backup//")'';
vim.o.undodir = dsl.rawLua ''vim.fn.expand("~/.local/state/nvim/undo//")'';
# Required for nvim-cmp completion # Required for nvim-cmp completion
vim.opt.completeopt = [ "menu" "menuone" "noselect" ]; vim.opt.completeopt = [ "menu" "menuone" "noselect" ];

1
modules/common/neovim/config/syntax.nix
View File

@ -23,6 +23,7 @@
pkgs.vimPlugins.nginx-vim pkgs.vimPlugins.nginx-vim
pkgs.vimPlugins.vim-helm pkgs.vimPlugins.vim-helm
pkgs.baleia-nvim # Clean ANSI from kitty scrollback pkgs.baleia-nvim # Clean ANSI from kitty scrollback
# pkgs.hmts-nvim # Tree-sitter injections for home-manager
(pkgs.vimUtils.buildVimPluginFrom2Nix { (pkgs.vimUtils.buildVimPluginFrom2Nix {
pname = "nmasur"; pname = "nmasur";
version = "0.1"; version = "0.1";

2
modules/common/neovim/config/telescope.nix
View File

@ -1,5 +1,7 @@
{ pkgs, dsl, ... }: { { pkgs, dsl, ... }: {
# Telescope is a fuzzy finder that can work with different sub-plugins
plugins = [ plugins = [
pkgs.vimPlugins.telescope-nvim pkgs.vimPlugins.telescope-nvim
pkgs.vimPlugins.project-nvim pkgs.vimPlugins.project-nvim

2
modules/common/neovim/config/toggleterm.lua
View File

@ -12,6 +12,8 @@ vim.api.nvim_create_autocmd("TermOpen", {
end, end,
}) })
-- These are all the different types of terminals we can trigger
local terminal = require("toggleterm.terminal").Terminal local terminal = require("toggleterm.terminal").Terminal
local basicterminal = terminal:new() local basicterminal = terminal:new()

2
modules/common/neovim/config/toggleterm.nix
View File

@ -1,5 +1,7 @@
{ pkgs, dsl, ... }: { { pkgs, dsl, ... }: {
# Toggleterm provides a floating terminal inside the editor for quick access
plugins = [ pkgs.vimPlugins.toggleterm-nvim ]; plugins = [ pkgs.vimPlugins.toggleterm-nvim ];
use.toggleterm.setup = dsl.callWith { use.toggleterm.setup = dsl.callWith {

20
modules/common/neovim/config/tree.nix
View File

@ -1,5 +1,7 @@
{ pkgs, dsl, ... }: { { pkgs, dsl, ... }: {
# This plugin creates a side drawer for navigating the current project
plugins = [ pkgs.vimPlugins.nvim-tree-lua pkgs.vimPlugins.nvim-web-devicons ]; plugins = [ pkgs.vimPlugins.nvim-tree-lua pkgs.vimPlugins.nvim-web-devicons ];
# Disable netrw eagerly # Disable netrw eagerly
@ -10,16 +12,16 @@
}; };
setup.nvim-tree = { setup.nvim-tree = {
disable_netrw = true; disable_netrw = true; # Disable the built-in file manager
hijack_netrw = true; hijack_netrw = true; # Works as the file manager
sync_root_with_cwd = true; sync_root_with_cwd = true; # Change project whenever currend dir changes
respect_buf_cwd = true; respect_buf_cwd = true; # Change to exact location of focused buffer
update_focused_file = { update_focused_file = { # Change project based on the focused buffer
enable = true; enable = true;
update_root = true; update_root = true;
ignore_list = { }; ignore_list = { };
}; };
diagnostics = { diagnostics = { # Enable LSP and linter integration
enable = true; enable = true;
icons = { icons = {
hint = ""; hint = "";
@ -28,7 +30,7 @@
error = ""; error = "";
}; };
}; };
renderer = { renderer = { # Show files with changes vs. current commit
icons = { icons = {
glyphs = { glyphs = {
git = { git = {
@ -43,6 +45,7 @@
}; };
}; };
}; };
# Set keybinds and initialize program
on_attach = dsl.rawLua '' on_attach = dsl.rawLua ''
function (bufnr) function (bufnr)
local api = require('nvim-tree.api') local api = require('nvim-tree.api')
@ -58,7 +61,7 @@
vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split')) vim.keymap.set('n', 'v', api.node.open.vertical, opts('Open: Vertical Split'))
end end
''; '';
view = { view = { # Set look and feel
width = 30; width = 30;
hide_root_folder = false; hide_root_folder = false;
side = "left"; side = "left";
@ -67,6 +70,7 @@
}; };
}; };
# Toggle the sidebar
lua = '' lua = ''
vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true }) vim.keymap.set("n", "<Leader>e", ":NvimTreeFindFileToggle<CR>", { silent = true })
''; '';

17
modules/common/neovim/default.nix
View File

@ -18,11 +18,17 @@ in {
home.packages = [ neovim ]; home.packages = [ neovim ];
# Use Neovim as the editor for git commit messages
programs.git.extraConfig.core.editor = "nvim"; programs.git.extraConfig.core.editor = "nvim";
programs.jujutsu.settings.ui.editor = "nvim";
# Set Neovim as the default app for text editing and manual pages
home.sessionVariables = { home.sessionVariables = {
EDITOR = "nvim"; EDITOR = "nvim";
MANPAGER = "nvim +Man!"; MANPAGER = "nvim +Man!";
}; };
# Create quick aliases for launching Neovim
programs.fish = { programs.fish = {
shellAliases = { vim = "nvim"; }; shellAliases = { vim = "nvim"; };
shellAbbrs = { shellAbbrs = {
@ -31,12 +37,20 @@ in {
vll = "nvim -c 'Telescope oldfiles'"; vll = "nvim -c 'Telescope oldfiles'";
}; };
}; };
# Set Neovim as the kitty terminal "scrollback" (vi mode) option.
# Requires removing some of the ANSI escape codes that are sent to the
# scrollback using sed and baleia, as well as removing several
# unnecessary features.
programs.kitty.settings.scrollback_pager = '' programs.kitty.settings.scrollback_pager = ''
$SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' ''; $SHELL -c 'sed -r "s/[[:cntrl:]]\]133;[AC]..//g" | ${neovim}/bin/nvim -c "setlocal nonumber norelativenumber nolist laststatus=0" -c "lua baleia = require(\"baleia\").setup({}); baleia.once(0)" -c "map <silent> q :qa!<CR>" -c "autocmd VimEnter * normal G"' '';
# Create a desktop option for launching Neovim from a file manager
# (Requires launching the terminal and then executing Neovim)
xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux { xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
name = "Neovim wrapper"; name = "Neovim wrapper";
exec = "kitty nvim %F"; exec = "kitty nvim %F";
mimeType = [ "text/plain" "text/markdown" ];
}; };
xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux { xdg.mimeApps.defaultApplications = lib.mkIf pkgs.stdenv.isLinux {
"text/plain" = [ "nvim.desktop" ]; "text/plain" = [ "nvim.desktop" ];
@ -45,9 +59,6 @@ in {
}; };
# # Used for icons in Vim
# fonts.fonts = with pkgs; [ nerdfonts ];
}; };
} }

2
modules/common/repositories/dotfiles.nix
View File

@ -1,5 +1,7 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
# Allows me to make sure I can work on my dotfiles locally
options.dotfiles.enable = lib.mkEnableOption "Clone dotfiles."; options.dotfiles.enable = lib.mkEnableOption "Clone dotfiles.";
config = lib.mkIf config.dotfiles.enable { config = lib.mkIf config.dotfiles.enable {

3
modules/common/repositories/notes.nix
View File

@ -1,5 +1,8 @@
{ config, ... }: { { config, ... }: {
# This is just a placeholder as I expect to interact with my notes in a
# certain location
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
home.sessionVariables = { home.sessionVariables = {

26
modules/common/shell/bash/scripts/docker-cleanup.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Stop all containers
if [ "$(docker ps -a -q)" ]; then
echo "Stopping docker containers..."
docker stop "$(docker ps -a -q)"
else
echo "No running docker containers."
fi
# Remove all stopped containers
if [ "$(docker ps -a -q)" ]; then
echo "Removing docker containers..."
docker rm "$(docker ps -a -q)"
else
echo "No stopped docker containers."
fi
# Remove all untagged images
if docker images | grep -q "^<none>"; then
docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
else
echo "No untagged docker images."
fi
echo "Cleaned up docker."

2
modules/common/shell/charm.nix
View File

@ -1,5 +1,7 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
# Convenience utilities from charm.sh
options.charm.enable = lib.mkEnableOption "Charm utilities."; options.charm.enable = lib.mkEnableOption "Charm utilities.";
config.home-manager.users.${config.user} = lib.mkIf config.charm.enable { config.home-manager.users.${config.user} = lib.mkIf config.charm.enable {

1
modules/common/shell/default.nix
View File

@ -7,6 +7,7 @@
./fzf.nix ./fzf.nix
./git.nix ./git.nix
./github.nix ./github.nix
./jujutsu.nix
./nixpkgs.nix ./nixpkgs.nix
./starship.nix ./starship.nix
./utilities.nix ./utilities.nix

1
modules/common/shell/direnv.nix
View File

@ -1,5 +1,6 @@
{ config, ... }: { { config, ... }: {
# Enables quickly entering Nix shells when changing directories
home-manager.users.${config.user}.programs.direnv = { home-manager.users.${config.user}.programs.direnv = {
enable = true; enable = true;
nix-direnv.enable = true; nix-direnv.enable = true;

11
modules/common/shell/fish/default.nix
View File

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
users.users.${config.user}.shell = pkgs.fish; users.users.${config.user}.shell = pkgs.fish;
programs.fish.enable = programs.fish.enable = true; # Needed for LightDM to remember username
true; # Needed for LightDM to remember username (TODO: fix)
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
@ -12,8 +11,14 @@
programs.fish = { programs.fish = {
enable = true; enable = true;
shellAliases = { shellAliases = {
# Version of bash which works much better on the terminal
bash = "${pkgs.bashInteractive}/bin/bash"; bash = "${pkgs.bashInteractive}/bin/bash";
ls = "exa";
# Use exa instead of ls for fancier output
ls = "exa --group";
# Move files to XDG trash on the commandline
trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put"; trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
}; };
functions = { functions = {

2
modules/common/shell/fzf.nix
View File

@ -1,5 +1,7 @@
{ config, ... }: { { config, ... }: {
# FZF is a fuzzy-finder for the terminal
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.fzf.enable = true; programs.fzf.enable = true;

2
modules/common/shell/github.nix
View File

@ -5,7 +5,7 @@
programs.gh = programs.gh =
lib.mkIf config.home-manager.users.${config.user}.programs.git.enable { lib.mkIf config.home-manager.users.${config.user}.programs.git.enable {
enable = true; enable = true;
enableGitCredentialHelper = true; gitCredentialHelper.enable = true;
settings.git_protocol = "https"; settings.git_protocol = "https";
}; };

21
modules/common/shell/jujutsu.nix Normal file
View File

@ -0,0 +1,21 @@
{ config, ... }: {
config = {
home-manager.users.${config.user}.programs.jujutsu = {
enable = true;
enableFishIntegration = true;
# https://github.com/martinvonz/jj/blob/main/docs/config.md
settings = {
user = {
name = config.home-manager.users.${config.user}.programs.git.userName;
email =
config.home-manager.users.${config.user}.programs.git.userEmail;
};
};
};
};
}

2
modules/common/shell/starship.nix
View File

@ -13,7 +13,7 @@
"$cmd_duration" "$cmd_duration"
"$character" "$character"
]; ];
right_format = "$nix_shell"; # right_format = "$nix_shell";
character = { character = {
success_symbol = "[](bold green)"; success_symbol = "[](bold green)";
error_symbol = "[](bold red)"; error_symbol = "[](bold red)";

3
modules/common/shell/utilities.nix
View File

@ -35,6 +35,9 @@ in {
tree # View directory hierarchy tree # View directory hierarchy
vimv-rs # Batch rename files vimv-rs # Batch rename files
unzip # Extract zips unzip # Extract zips
dua # File sizes (du)
du-dust # Disk usage tree (ncdu)
duf # Basic disk information (df)
]; ];
programs.zoxide.enable = true; # Shortcut jump command programs.zoxide.enable = true; # Shortcut jump command

2
modules/nixos/applications/calibre.nix
View File

@ -14,6 +14,8 @@
home.packages = with pkgs; [ calibre ]; home.packages = with pkgs; [ calibre ];
# home.sessionVariables = { CALIBRE_USE_DARK_PALETTE = 1; }; # home.sessionVariables = { CALIBRE_USE_DARK_PALETTE = 1; };
}; };
# Forces Calibre to use dark mode
environment.sessionVariables = { CALIBRE_USE_DARK_PALETTE = "1"; }; environment.sessionVariables = { CALIBRE_USE_DARK_PALETTE = "1"; };
}; };
} }

4
modules/nixos/applications/nautilus.nix
View File

@ -18,12 +18,14 @@
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
# Quick button for launching nautilus
xsession.windowManager.i3.config.keybindings = { xsession.windowManager.i3.config.keybindings = {
"${ "${
config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier config.home-manager.users.${config.user}.xsession.windowManager.i3.config.modifier
}+n" = "exec --no-startup-id ${pkgs.gnome.nautilus}/bin/nautilus"; }+n" = "exec --no-startup-id ${pkgs.gnome.nautilus}/bin/nautilus";
}; };
# Generates a QR code and previews it with sushi
programs.fish.functions = { programs.fish.functions = {
qr = { qr = {
body = body =
@ -31,7 +33,7 @@
}; };
}; };
# Set default for opening directories # Set Nautilus as default for opening directories
xdg.mimeApps = { xdg.mimeApps = {
associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ]; associations.added."inode/directory" = [ "org.gnome.Nautilus.desktop" ];
# associations.removed = { # associations.removed = {

4
modules/nixos/gaming/steam.nix
View File

@ -22,6 +22,10 @@
]; ];
# Seems like NetworkManager can help speed up Steam launch
# https://www.reddit.com/r/archlinux/comments/qguhco/steam_startup_time_arch_1451_seconds_fedora_34/hi8opet/
networking.networkmanager.enable = true;
}; };
} }

30
modules/nixos/graphical/default.nix
View File

@ -3,7 +3,9 @@
imports = [ imports = [
./dunst.nix ./dunst.nix
./fonts.nix ./fonts.nix
./gtk.nix
./i3.nix ./i3.nix
./keybinds.nix
./picom.nix ./picom.nix
./polybar.nix ./polybar.nix
./rofi.nix ./rofi.nix
@ -12,14 +14,6 @@
options = { options = {
launcherCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use for launching";
};
systemdSearch = lib.mkOption {
type = lib.types.str;
description = "Command to use for interacting with systemd";
};
altTabCommand = lib.mkOption { altTabCommand = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Command to use for choosing windows"; description = "Command to use for choosing windows";
@ -36,14 +30,30 @@
type = lib.types.str; type = lib.types.str;
description = "Command to use for quick calculations"; description = "Command to use for quick calculations";
}; };
toggleBarCommand = lib.mkOption { launcherCommand = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Command to hide and show the status bar."; description = "Command to use for launching";
};
lockScreenCommand = lib.mkOption {
type = lib.types.str;
description = "Command to use to lock the screen";
}; };
powerCommand = lib.mkOption { powerCommand = lib.mkOption {
type = lib.types.str; type = lib.types.str;
description = "Command to use for power options menu"; description = "Command to use for power options menu";
}; };
systemdSearch = lib.mkOption {
type = lib.types.str;
description = "Command to use for interacting with systemd";
};
terminal = lib.mkOption {
type = lib.types.str;
description = "Package to use for graphical terminal";
};
toggleBarCommand = lib.mkOption {
type = lib.types.str;
description = "Command to hide and show the status bar.";
};
wallpaper = lib.mkOption { wallpaper = lib.mkOption {
type = lib.types.path; type = lib.types.path;
description = "Wallpaper background image file"; description = "Wallpaper background image file";

2
modules/nixos/graphical/fonts.nix
View File

@ -6,7 +6,7 @@ in {
config = lib.mkIf (config.gui.enable && pkgs.stdenv.isLinux) { config = lib.mkIf (config.gui.enable && pkgs.stdenv.isLinux) {
fonts.fonts = with pkgs; [ fonts.packages = with pkgs; [
victor-mono # Used for Vim and Terminal victor-mono # Used for Vim and Terminal
(nerdfonts.override { fonts = [ "Hack" ]; }) # For Polybar, Rofi (nerdfonts.override { fonts = [ "Hack" ]; }) # For Polybar, Rofi
]; ];

51
modules/nixos/graphical/gtk.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, pkgs, lib, ... }: {
options = {
gtk.theme = {
name = lib.mkOption {
type = lib.types.str;
description = "Theme name for GTK applications";
};
package = lib.mkOption {
type = lib.types.package;
description = "Theme package for GTK applications";
default = pkgs.gnome-themes-extra;
};
};
};
config = lib.mkIf config.gui.enable {
home-manager.users.${config.user} = {
gtk = let
gtkExtraConfig = {
gtk-application-prefer-dark-theme = config.theme.dark;
};
in {
enable = true;
theme = {
name = config.gtk.theme.name;
package = config.gtk.theme.package;
};
gtk3.extraConfig = gtkExtraConfig;
gtk4.extraConfig = gtkExtraConfig;
};
};
# Required for setting GTK theme (for preferred-color-scheme in browser)
services.dbus.packages = [ pkgs.dconf ];
programs.dconf.enable = true;
# Make the login screen dark
services.xserver.displayManager.lightdm.greeters.gtk.theme = {
name = config.gtk.theme.name;
package = config.gtk.theme.package;
};
environment.sessionVariables = { GTK_THEME = config.gtk.theme.name; };
};
}

250
modules/nixos/graphical/i3.nix
View File

@ -2,11 +2,22 @@
let let
lockCmd =
"${pkgs.betterlockscreen}/bin/betterlockscreen --lock --display 1 --blur 0.5 --span";
lockUpdate = lockUpdate =
"${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.wallpaper} --display 1 --span"; "${pkgs.betterlockscreen}/bin/betterlockscreen --update ${config.wallpaper} --display 1 --span";
workspaces = {
"1" = "1:I";
"2" = "2:II";
"3" = "3:III";
"4" = "4:IV";
"5" = "5:V";
"6" = "6:VI";
"7" = "7:VII";
"8" = "8:VIII";
"9" = "9:IX";
"10" = "10:X";
};
in { in {
config = lib.mkIf pkgs.stdenv.isLinux { config = lib.mkIf pkgs.stdenv.isLinux {
@ -23,29 +34,18 @@ in {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
xsession.windowManager.i3 = { xsession.windowManager.i3 = {
enable = config.services.xserver.enable; enable = config.services.xserver.enable;
config = let config = let modifier = "Mod4"; # Super key
modifier = "Mod4"; # Super key
ws1 = "1:I";
ws2 = "2:II";
ws3 = "3:III";
ws4 = "4:IV";
ws5 = "5:V";
ws6 = "6:VI";
ws7 = "7:VII";
ws8 = "8:VIII";
ws9 = "9:IX";
ws10 = "10:X";
in { in {
modifier = modifier; modifier = modifier;
assigns = { assigns = {
"${ws1}" = [{ class = "Firefox"; }]; "${workspaces."1"}" = [{ class = "Firefox"; }];
"${ws2}" = [ "${workspaces."2"}" = [
{ class = "kitty"; } { class = "kitty"; }
{ class = "aerc"; } { class = "aerc"; }
{ class = "obsidian"; } { class = "obsidian"; }
]; ];
"${ws3}" = [{ class = "discord"; }]; "${workspaces."3"}" = [{ class = "discord"; }];
"${ws4}" = [{ class = "Steam"; }]; "${workspaces."4"}" = [{ class = "Steam"; }];
}; };
bars = [{ command = "echo"; }]; # Disable i3bar bars = [{ command = "echo"; }]; # Disable i3bar
colors = let colors = let
@ -91,129 +91,7 @@ in {
newWindow = "urgent"; newWindow = "urgent";
followMouse = false; followMouse = false;
}; };
keybindings = { keybindings = { };
# Adjust screen brightness
"Shift+F12" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
"Shift+F11" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
"XF86MonBrightnessUp" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 + 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 + 30";
"XF86MonBrightnessDown" =
"exec ${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 - 30 && sleep 1; exec ${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 - 30";
# Media player controls
"XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
"XF86AudioStop" = "exec ${pkgs.playerctl}/bin/playerctl stop";
"XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
"XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
# Launchers
"${modifier}+Return" =
"exec --no-startup-id kitty; workspace ${ws2}; layout tabbed";
"${modifier}+space" =
"exec --no-startup-id ${config.launcherCommand}";
"${modifier}+Shift+s" =
"exec --no-startup-id ${config.systemdSearch}";
"${modifier}+Shift+a" =
"exec --no-startup-id ${config.audioSwitchCommand}";
"Mod1+Tab" = "exec --no-startup-id ${config.altTabCommand}";
"${modifier}+Shift+period" =
"exec --no-startup-id ${config.powerCommand}";
"${modifier}+Shift+m" =
"exec --no-startup-id ${config.brightnessCommand}";
"${modifier}+c" =
"exec --no-startup-id ${config.calculatorCommand}";
"${modifier}+Shift+c" = "reload";
"${modifier}+Shift+r" = "restart";
"${modifier}+Shift+q" = ''
exec "i3-nagbar -t warning -m 'You pressed the exit shortcut. Do you really want to exit i3? This will end your X session.' -B 'Yes, exit i3' 'i3-msg exit'"'';
"${modifier}+Shift+x" = "exec ${lockCmd}";
"${modifier}+Mod1+h" =
"exec --no-startup-id kitty sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
"${modifier}+Mod1+r" =
"exec --no-startup-id kitty sh -c 'doas nixos-rebuild switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
# Window options
"${modifier}+q" = "kill";
"${modifier}+b" = "exec ${config.toggleBarCommand}";
"${modifier}+f" = "fullscreen toggle";
"${modifier}+h" = "focus left";
"${modifier}+j" = "focus down";
"${modifier}+k" = "focus up";
"${modifier}+l" = "focus right";
"${modifier}+Left" = "focus left";
"${modifier}+Down" = "focus down";
"${modifier}+Up" = "focus up";
"${modifier}+Right" = "focus right";
"${modifier}+Shift+h" = "move left";
"${modifier}+Shift+j" = "move down";
"${modifier}+Shift+k" = "move up";
"${modifier}+Shift+l" = "move right";
"${modifier}+Shift+Left" = "move left";
"${modifier}+Shift+Down" = "move down";
"${modifier}+Shift+Up" = "move up";
"${modifier}+Shift+Right" = "move right";
# Tiling
"${modifier}+i" = "split h";
"${modifier}+v" = "split v";
"${modifier}+s" = "layout stacking";
"${modifier}+t" = "layout tabbed";
"${modifier}+e" = "layout toggle split";
"${modifier}+Shift+space" = "floating toggle";
"${modifier}+Control+space" = "focus mode_toggle";
"${modifier}+a" = "focus parent";
# Workspaces
"${modifier}+1" = "workspace ${ws1}";
"${modifier}+2" = "workspace ${ws2}";
"${modifier}+3" = "workspace ${ws3}";
"${modifier}+4" = "workspace ${ws4}";
"${modifier}+5" = "workspace ${ws5}";
"${modifier}+6" = "workspace ${ws6}";
"${modifier}+7" = "workspace ${ws7}";
"${modifier}+8" = "workspace ${ws8}";
"${modifier}+9" = "workspace ${ws9}";
"${modifier}+0" = "workspace ${ws10}";
# Move windows
"${modifier}+Shift+1" =
"move container to workspace ${ws1}; workspace ${ws1}";
"${modifier}+Shift+2" =
"move container to workspace ${ws2}; workspace ${ws2}";
"${modifier}+Shift+3" =
"move container to workspace ${ws3}; workspace ${ws3}";
"${modifier}+Shift+4" =
"move container to workspace ${ws4}; workspace ${ws4}";
"${modifier}+Shift+5" =
"move container to workspace ${ws5}; workspace ${ws5}";
"${modifier}+Shift+6" =
"move container to workspace ${ws6}; workspace ${ws6}";
"${modifier}+Shift+7" =
"move container to workspace ${ws7}; workspace ${ws7}";
"${modifier}+Shift+8" =
"move container to workspace ${ws8}; workspace ${ws8}";
"${modifier}+Shift+9" =
"move container to workspace ${ws9}; workspace ${ws9}";
"${modifier}+Shift+0" =
"move container to workspace ${ws10}; workspace ${ws10}";
# Move screens
"${modifier}+Control+l" = "move workspace to output right";
"${modifier}+Control+h" = "move workspace to output left";
# Resizing
"${modifier}+r" = ''mode "resize"'';
"${modifier}+Control+Shift+h" =
"resize shrink width 10 px or 10 ppt";
"${modifier}+Control+Shift+j" =
"resize grow height 10 px or 10 ppt";
"${modifier}+Control+Shift+k" =
"resize shrink height 10 px or 10 ppt";
"${modifier}+Control+Shift+l" = "resize grow width 10 px or 10 ppt";
};
modes = { }; modes = { };
startup = [ startup = [
{ {
@ -222,16 +100,15 @@ in {
notification = false; notification = false;
} }
{ {
command = command = "i3-msg focus right, workspace ${workspaces."2"}";
"i3-msg workspace ${ws2}, move workspace to output right";
notification = false; notification = false;
} }
{ {
command = command = "i3-msg focus left, workspace ${workspaces."1"}";
"i3-msg workspace ${ws1}, move workspace to output left";
notification = false; notification = false;
} }
]; ];
terminal = config.terminal;
window = { window = {
border = 0; border = 0;
hideEdgeBorders = "smart"; hideEdgeBorders = "smart";
@ -239,22 +116,74 @@ in {
}; };
workspaceAutoBackAndForth = false; workspaceAutoBackAndForth = false;
workspaceOutputAssign = [ ]; workspaceOutputAssign = [ ];
# gaps = {
# bottom = 8;
# top = 8;
# left = 8;
# right = 8;
# horizontal = 15;
# vertical = 15;
# inner = 15;
# outer = 0;
# smartBorders = "off";
# smartGaps = false;
# };
}; };
extraConfig = ""; extraConfig = "";
}; };
services.sxhkd.keybindings = let
# Shortcuts
i3-msg = "${pkgs.i3}/bin/i3-msg";
in {
# Window navigation
"super + {_,shift +}{h,j,k,l}" =
''${i3-msg} "{focus,move} {left,down,up,right}"'';
"super + {_,shift +}{Left,Down,Up,Right}" =
''${i3-msg} "{focus,move} {left,down,up,right}"'';
"super + q" = ''${i3-msg} "kill"'';
"super + f" = ''${i3-msg} "fullscreen toggle"'';
# Screen management
"super + control + l" = ''${i3-msg} "move workspace to output right"'';
"super + control + h" = ''${i3-msg} "move workspace to output left"'';
# Window layouts and tiling
"super + {i,v}" = ''${i3-msg} "split {h,v}"'';
"super + {s,t,e}" =
''${i3-msg} "layout {stacking,tabbed,toggle split}"'';
"super + shift + space" = ''${i3-msg} "floating toggle"'';
"super + control + space" = ''${i3-msg} "focus mode_toggle"'';
"super + a" = ''${i3-msg} "focus parent"'';
# Launch terminal
"super + Return" = ''
${i3-msg} "exec --no-startup-id ${config.terminal}; workspace ${
workspaces."2"
}; layout tabbed"'';
# Restart and reload
"super + shift + {c,r}" = ''${i3-msg} "{reload,restart}"'';
"super + shift + q" = ''
${pkgs.i3}/bin/i3-nagbar -t warning -m "Exit i3?" -B "Yes, exit i3" "${i3-msg} exit"'';
# Resize
"super + r : {h,j,k,l}" =
''${i3-msg} "resize {shrink,grow} width 10px or 10 ppt"'';
"super + r : {j,k}" =
''${i3-msg} "resize {shrink,grow} height 10px or 10 ppt"'';
} // (
# Bind navigation by number
let
bindWorkspace = num: workspace:
lib.attrsets.nameValuePair ("super + ${num}")
(''${i3-msg} "workspace ${workspace}"'');
in lib.mapAttrs' bindWorkspace workspaces
) // (
# Bind move container to workspace by number
let
bindWorkspace = num: workspace:
lib.attrsets.nameValuePair ("super + shift +${num}") (''
${i3-msg} "move container to workspace ${workspace}; workspace ${workspace}"'');
in lib.mapAttrs' bindWorkspace workspaces
);
programs.fish.functions = { programs.fish.functions = {
update-lock-screen = lib.mkIf config.services.xserver.enable { update-lock-screen = lib.mkIf config.services.xserver.enable {
description = "Update lockscreen with wallpaper"; description = "Update lockscreen with wallpaper";
@ -275,17 +204,20 @@ in {
}; };
lockScreenCommand =
"${pkgs.betterlockscreen}/bin/betterlockscreen --lock --display 1 --blur 0.5 --span";
# Ref: https://github.com/betterlockscreen/betterlockscreen/blob/next/system/betterlockscreen%40.service # Ref: https://github.com/betterlockscreen/betterlockscreen/blob/next/system/betterlockscreen%40.service
systemd.services.lock = { systemd.services.lock = {
enable = config.services.xserver.enable; enable = config.services.xserver.enable;
description = "Lock the screen on resume from suspend"; description = "Lock the screen before suspend";
before = [ "sleep.target" "suspend.target" ]; before = [ "sleep.target" "suspend.target" ];
serviceConfig = { serviceConfig = {
User = config.user; User = config.user;
Type = "simple"; Type = "simple";
Environment = "DISPLAY=:0"; Environment = "DISPLAY=:0";
TimeoutSec = "infinity"; TimeoutSec = "infinity";
ExecStart = lockCmd; ExecStart = config.lockScreenCommand;
ExecStartPost = "${pkgs.coreutils-full}/bin/sleep 1"; ExecStartPost = "${pkgs.coreutils-full}/bin/sleep 1";
}; };
wantedBy = [ "sleep.target" "suspend.target" ]; wantedBy = [ "sleep.target" "suspend.target" ];

51
modules/nixos/graphical/keybinds.nix Normal file
View File

@ -0,0 +1,51 @@
{ config, pkgs, ... }: {
home-manager.users.${config.user} = {
services.sxhkd = {
enable = true;
keybindings = {
# Adjust screen brightness (TODO: replace with pkgs.light?)
"shift + {F11,F12}" = ''
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 {- 30,+ 30} && sleep 1; \\
${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 {- 30,+ 30}
'';
"XF86MonBrightness{Down,Up}" = ''
${pkgs.ddcutil}/bin/ddcutil --display 1 setvcp 10 {- 30,+ 30} && sleep 1; \\
${pkgs.ddcutil}/bin/ddcutil --display 2 setvcp 10 {- 30,+ 30}
'';
# Media controls
"XF86Audio{Play,Stop,Next,Prev}" =
"${pkgs.playerctl}/bin/playerctl {play-pause,stop,next,previous}";
# Toggle bar
"super + b" = config.toggleBarCommand;
# Launchers
"super + space" = config.launcherCommand;
"super + shift + s" = config.systemdSearch;
"super + shift + a" = config.audioSwitchCommand;
"alt + Tab" = config.altTabCommand;
"super + shift + period" = config.powerCommand;
"super + shift + m" = config.brightnessCommand;
"super + c" = config.calculatorCommand;
"super + shift + x" = config.lockScreenCommand;
"super + alt + h" =
"${config.terminal} sh -c '${pkgs.home-manager}/bin/home-manager switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
"super + alt + r" =
"${config.terminal} sh -c 'doas nixos-rebuild switch --flake ${config.dotfilesPath}#${config.networking.hostName} || read'";
};
};
xsession.windowManager.i3.config.startup = [{
command = "pkill sxhkd; sxhkd";
always = true;
notification = false;
}];
};
}

2
modules/nixos/graphical/picom.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) { config = lib.mkIf config.services.xserver.enable {
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
services.picom = { services.picom = {

2
modules/nixos/graphical/polybar.nix
View File

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) { config = lib.mkIf config.services.xserver.enable {
toggleBarCommand = "polybar-msg cmd toggle"; toggleBarCommand = "polybar-msg cmd toggle";

20
modules/nixos/graphical/rofi.nix
View File

@ -8,11 +8,10 @@ in {
imports = [ ./rofi/power.nix ./rofi/brightness.nix ]; imports = [ ./rofi/power.nix ./rofi/brightness.nix ];
config = lib.mkIf (pkgs.stdenv.isLinux && config.services.xserver.enable) { config = lib.mkIf config.services.xserver.enable {
# Set the Rofi-Systemd terminal for viewing logs # Set the Rofi-Systemd terminal for viewing logs
environment.sessionVariables.ROFI_SYSTEMD_TERM = environment.sessionVariables.ROFI_SYSTEMD_TERM = config.terminal;
lib.mkIf config.kitty.enable "${pkgs.kitty}/bin/kitty";
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
@ -24,6 +23,13 @@ in {
programs.rofi = { programs.rofi = {
enable = true; enable = true;
cycle = true; cycle = true;
extraConfig = {
show-icons = true;
kb-cancel = "Escape,Super+space";
modi = "window,run,ssh,emoji,calc,systemd";
sort = true;
# levenshtein-sort = true;
};
location = "center"; location = "center";
pass = { }; pass = { };
plugins = [ pkgs.rofi-calc pkgs.rofi-emoji pkgs.rofi-systemd ]; plugins = [ pkgs.rofi-calc pkgs.rofi-emoji pkgs.rofi-systemd ];
@ -143,15 +149,9 @@ in {
}; };
}; };
terminal = config.terminal;
xoffset = 0; xoffset = 0;
yoffset = -20; yoffset = -20;
extraConfig = {
show-icons = true;
kb-cancel = "Escape,Super+space";
modi = "window,run,ssh,emoji,calc,systemd";
sort = true;
# levenshtein-sort = true;
};
}; };
home.file.".local/share/rofi/themes" = { home.file.".local/share/rofi/themes" = {

0
modules/nixos/graphical/rofi/brightness.nix Executable file → Normal file
View File

2
modules/nixos/graphical/rofi/power.nix Executable file → Normal file
View File

@ -25,7 +25,7 @@ in {
| ${rofi}/bin/rofi \ | ${rofi}/bin/rofi \
-theme-str '@import "power.rasi"' \ -theme-str '@import "power.rasi"' \
-hover-select \ -hover-select \
-me-select-entry ''' \ -me-select-entry "" \
-me-accept-entry MousePrimary \ -me-accept-entry MousePrimary \
-dmenu \ -dmenu \
-sep ';' \ -sep ';' \

2
modules/nixos/graphical/rofi/rofi-prompt.sh
View File

@ -32,7 +32,7 @@ done
chosen=$(printf '%s;%s\n' "$yes" "$no" | chosen=$(printf '%s;%s\n' "$yes" "$no" |
rofi -theme-str '@import "prompt.rasi"' \ rofi -theme-str '@import "prompt.rasi"' \
-hover-select \ -hover-select \
-me-select-entry '' \ -me-select-entry "" \
-me-accept-entry MousePrimary \ -me-accept-entry MousePrimary \
-p "$query" \ -p "$query" \
-dmenu \ -dmenu \

21
modules/nixos/graphical/rofi/themes/prompt.rasi
View File

@ -4,14 +4,13 @@
*/ */
@import "common.rasi" @import "common.rasi"
* { * {
font: @text-font; font: @prompt-text-font;
} }
#window { #window {
height: @prompt-window-height; height: @prompt-window-height;
width: @prompt-window-width; width: @prompt-window-width;
children: [ inputbar, horibox ]; children: [ inputbar, horibox ];
border: @prompt-window-border; border: @prompt-window-border;
border-color: @accent;
} }
#inputbar { #inputbar {
enabled: false; enabled: false;
@ -19,8 +18,6 @@
#prompt { #prompt {
padding: @prompt-prompt-padding; padding: @prompt-prompt-padding;
margin: @prompt-prompt-margin; margin: @prompt-prompt-margin;
background-color: @accent;
text-color: @background-light;
} }
#listview { #listview {
padding: @prompt-listview-padding; padding: @prompt-listview-padding;
@ -31,19 +28,3 @@
font: @prompt-text-font; font: @prompt-text-font;
padding: @prompt-element-padding; padding: @prompt-element-padding;
} }
element.alternate.active,
element.normal.active,
element.alternate.urgent,
element.normal.urgent {
background-color: @background-light;
text-color: @foreground;
}
element.selected.urgent {
background-color: @off;
text-color: @background;
}
element.selected.active {
background-color: @on;
text-color: @background;
}

25
modules/nixos/graphical/sway.nix Normal file
View File

@ -0,0 +1,25 @@
{ config, lib, ... }: {
config = lib.mkIf config.gui.enable {
programs.sway = {
enable = true;
package = null; # Use home-manager Sway instead
};
};
home-manager.users.${config.user} = {
wayland.windowManager.sway = {
enable = true;
config =
config.home-manager.users.${config.user}.xsession.windowManager.i3.config;
};
};
# TODO: swaybg
# TODO: swaylock
}

44
modules/nixos/graphical/xorg.nix
View File

@ -1,27 +1,6 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
options = { config = lib.mkIf config.gui.enable {
gtk.theme = {
name = lib.mkOption {
type = lib.types.str;
description = "Theme name for GTK applications";
};
package = lib.mkOption {
type = lib.types.str;
description = "Theme package name for GTK applications";
default = "gnome-themes-extra";
};
};
};
config = let
gtkTheme = {
name = config.gtk.theme.name;
package = pkgs."${config.gtk.theme.package}";
};
in lib.mkIf config.gui.enable {
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver = { services.xserver = {
@ -36,10 +15,8 @@
enable = config.services.xserver.enable; enable = config.services.xserver.enable;
background = config.wallpaper; background = config.wallpaper;
# Make the login screen dark
greeters.gtk.theme = gtkTheme;
# Show default user # Show default user
# Also make sure /var/lib/AccountsService/users/<user> has SystemAccount=false
extraSeatDefaults = '' extraSeatDefaults = ''
greeter-hide-users = false greeter-hide-users = false
''; '';
@ -54,12 +31,6 @@
xclip # Clipboard xclip # Clipboard
]; ];
# Required for setting GTK theme (for preferred-color-scheme in browser)
services.dbus.packages = [ pkgs.dconf ];
programs.dconf.enable = true;
environment.sessionVariables = { GTK_THEME = config.gtk.theme.name; };
home-manager.users.${config.user} = { home-manager.users.${config.user} = {
programs.fish.shellAliases = { programs.fish.shellAliases = {
@ -67,17 +38,6 @@
pbpaste = "xclip -selection clipboard -out"; pbpaste = "xclip -selection clipboard -out";
}; };
gtk = let
gtkExtraConfig = {
gtk-application-prefer-dark-theme = config.theme.dark;
};
in {
enable = true;
theme = gtkTheme;
gtk3.extraConfig = gtkExtraConfig;
gtk4.extraConfig = gtkExtraConfig;
};
}; };
}; };

2
modules/nixos/hardware/networking.nix
View File

@ -2,7 +2,7 @@
config = lib.mkIf config.physical { config = lib.mkIf config.physical {
networking.useDHCP = true; networking.useDHCP = !config.networking.networkmanager.enable;
networking.firewall.allowPing = lib.mkIf config.server true; networking.firewall.allowPing = lib.mkIf config.server true;

2
modules/nixos/hardware/wifi.nix
View File

@ -3,7 +3,7 @@
config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) { config = lib.mkIf (config.physical && pkgs.stdenv.isLinux) {
# Enables wireless support via wpa_supplicant. # Enables wireless support via wpa_supplicant.
networking.wireless.enable = true; networking.wireless.enable = !config.networking.networkmanager.enable;
# Allows the user to control the WiFi settings. # Allows the user to control the WiFi settings.
networking.wireless.userControlled.enable = true; networking.wireless.userControlled.enable = true;

3
modules/nixos/services/caddy.nix
View File

@ -44,7 +44,7 @@
listen = [ ":443" ]; listen = [ ":443" ];
routes = config.caddy.routes; routes = config.caddy.routes;
errors.routes = config.caddy.blocks; errors.routes = config.caddy.blocks;
# logs = { }; # Uncomment to collect access logs logs = { }; # Uncomment to collect access logs
}; };
apps.http.servers.metrics = { }; # Enables Prometheus metrics apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies; apps.tls.automation.policies = config.caddy.tlsPolicies;
@ -54,6 +54,7 @@
output = "file"; output = "file";
filename = "${config.services.caddy.logDir}/caddy.log"; filename = "${config.services.caddy.logDir}/caddy.log";
roll = true; roll = true;
roll_size_mb = 1;
}; };
level = "INFO"; level = "INFO";
}; };

6
modules/nixos/services/calibre.nix
View File

@ -30,7 +30,11 @@ in {
match = [{ host = [ config.hostnames.books ]; }]; match = [{ host = [ config.hostnames.books ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8083"; }]; upstreams = [{
dial = "localhost:${
builtins.toString config.services.calibre-web.listen.port
}";
}];
headers.request.add."X-Script-Name" = [ "/calibre-web" ]; headers.request.add."X-Script-Name" = [ "/calibre-web" ];
}]; }];
}]; }];

5
modules/nixos/services/cloudflare.nix
View File

@ -44,10 +44,7 @@ in {
caddy.cidrAllowlist = cloudflareIpRanges; caddy.cidrAllowlist = cloudflareIpRanges;
# Tell Caddy to use Cloudflare DNS for ACME challenge validation # Tell Caddy to use Cloudflare DNS for ACME challenge validation
services.caddy.package = (pkgs.callPackage ../../../overlays/caddy.nix { services.caddy.package = pkgs.caddy-cloudflare; # Patched overlay
plugins = [ "github.com/caddy-dns/cloudflare" ];
# vendorSha256 = "sha256-K9HPZnr+hMcK5aEd1H4gEg6PXAaNrNWFvaHYm5m62JY=";
});
caddy.tlsPolicies = [{ caddy.tlsPolicies = [{
issuers = [{ issuers = [{
module = "acme"; module = "acme";

5
modules/nixos/services/gitea-runner.nix
View File

@ -31,6 +31,11 @@
tokenFile = config.secrets.giteaRunnerToken.dest; tokenFile = config.secrets.giteaRunnerToken.dest;
}; };
# Make sure the runner doesn't start until after Gitea
systemd.services."gitea-runner-${config.networking.hostName}".after =
[ "gitea.service" ];
# API key needed to connect to Gitea
secrets.giteaRunnerToken = { secrets.giteaRunnerToken = {
source = ../../../private/gitea-runner-token.age; # TOKEN=xyz source = ../../../private/gitea-runner-token.age; # TOKEN=xyz
dest = "${config.secretsDirectory}/gitea-runner-token"; dest = "${config.secretsDirectory}/gitea-runner-token";

38
modules/nixos/services/gitea.nix
View File

@ -9,6 +9,7 @@ in {
database.type = "sqlite3"; database.type = "sqlite3";
settings = { settings = {
actions.ENABLED = true; actions.ENABLED = true;
metrics.ENABLED = true;
repository = { repository = {
DEFAULT_PUSH_CREATE_PRIVATE = true; DEFAULT_PUSH_CREATE_PRIVATE = true;
DISABLE_HTTP_GIT = false; DISABLE_HTTP_GIT = false;
@ -37,13 +38,36 @@ in {
networking.firewall.allowedTCPPorts = [ 122 ]; networking.firewall.allowedTCPPorts = [ 122 ];
users.users.${config.user}.extraGroups = [ "gitea" ]; users.users.${config.user}.extraGroups = [ "gitea" ];
caddy.routes = [{ caddy.routes = [
match = [{ host = [ config.hostnames.git ]; }]; {
handle = [{ match = [{
handler = "reverse_proxy"; host = [ config.hostnames.git ];
upstreams = [{ dial = "localhost:3001"; }]; path = [ "/metrics*" ];
}]; }];
}]; handle = [{
handler = "static_response";
status_code = "403";
}];
}
{
match = [{ host = [ config.hostnames.git ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{
dial = "localhost:${
builtins.toString
config.services.gitea.settings.server.HTTP_PORT
}";
}];
}];
}
];
prometheus.scrapeTargets = [
"127.0.0.1:${
builtins.toString config.services.gitea.settings.server.HTTP_PORT
}"
];
## Backup config ## Backup config

2318
modules/nixos/services/grafana.nix
View File

File diff suppressed because it is too large Load Diff

161
modules/nixos/services/nextcloud.nix
View File

@ -1,39 +1,146 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
let
port = 8080;
in {
config = lib.mkIf config.services.nextcloud.enable { config = lib.mkIf config.services.nextcloud.enable {
services.nextcloud = { services.nextcloud = {
package = pkgs.nextcloud27; # Required to specify package = pkgs.nextcloud27; # Required to specify
configureRedis = true;
datadir = "/data/nextcloud"; datadir = "/data/nextcloud";
database.createLocally = true;
https = true; https = true;
hostName = "localhost"; hostName = "localhost";
maxUploadSize = "50G"; maxUploadSize = "50G";
config = { config = {
adminpassFile = config.secrets.nextcloud.dest; adminpassFile = config.secrets.nextcloud.dest;
dbtype = "mysql";
extraTrustedDomains = [ config.hostnames.content ]; extraTrustedDomains = [ config.hostnames.content ];
trustedProxies = [ "127.0.0.1" ]; trustedProxies = [ "127.0.0.1" ];
}; };
extraOptions = { default_phone_region = "US"; };
extraAppsEnable = true;
extraApps = with config.services.nextcloud.package.packages.apps; {
inherit calendar contacts;
news = pkgs.nextcloudApps.news;
external = pkgs.nextcloudApps.external;
cookbook = pkgs.nextcloudApps.cookbook;
};
phpOptions = { "opcache.interned_strings_buffer" = "16"; };
}; };
# Don't let Nginx use main ports (using Caddy instead) # Don't let Nginx use main ports (using Caddy instead)
services.nginx.virtualHosts."localhost".listen = [{ services.nginx.enable = false;
addr = "127.0.0.1";
port = port; services.phpfpm.pools.nextcloud.settings = {
}]; "listen.owner" = config.services.caddy.user;
"listen.group" = config.services.caddy.group;
};
users.users.caddy.extraGroups = [ "nextcloud" ];
# Point Caddy to Nginx # Point Caddy to Nginx
caddy.routes = [{ caddy.routes = [{
match = [{ host = [ config.hostnames.content ]; }]; match = [{ host = [ config.hostnames.content ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "subroute";
upstreams = [{ dial = "localhost:${builtins.toString port}"; }]; routes = [
# Sets variables and headers
{
handle = [
{
handler = "vars";
root = config.services.nextcloud.package;
}
{
handler = "headers";
response.set.Strict-Transport-Security =
[ "max-age=31536000;" ];
}
];
}
{
match = [{ path = [ "/nix-apps*" "/store-apps*" ]; }];
handle = [{
handler = "vars";
root = config.services.nextcloud.home;
}];
}
# Reroute carddav and caldav traffic
{
match =
[{ path = [ "/.well-known/carddav" "/.well-known/caldav" ]; }];
handle = [{
handler = "static_response";
headers = { Location = [ "/remote.php/dav" ]; };
status_code = 301;
}];
}
# Block traffic to sensitive files
{
match = [{
path = [
"/.htaccess"
"/data/*"
"/config/*"
"/db_structure"
"/.xml"
"/README"
"/3rdparty/*"
"/lib/*"
"/templates/*"
"/occ"
"/console.php"
];
}];
handle = [{
handler = "static_response";
status_code = 404;
}];
}
# Redirect index.php to the homepage
{
match = [{
file = { try_files = [ "{http.request.uri.path}/index.php" ]; };
not = [{ path = [ "*/" ]; }];
}];
handle = [{
handler = "static_response";
headers = { Location = [ "{http.request.orig_uri.path}/" ]; };
status_code = 308;
}];
}
# Rewrite paths to be relative
{
match = [{
file = {
split_path = [ ".php" ];
try_files = [
"{http.request.uri.path}"
"{http.request.uri.path}/index.php"
"index.php"
];
};
}];
handle = [{
handler = "rewrite";
uri = "{http.matchers.file.relative}";
}];
}
# Send all PHP traffic to Nextcloud PHP service
{
match = [{ path = [ "*.php" ]; }];
handle = [{
handler = "reverse_proxy";
transport = {
protocol = "fastcgi";
split_path = [ ".php" ];
};
upstreams = [{ dial = "unix//run/phpfpm/nextcloud.sock"; }];
}];
}
# Finally, send the rest to the file server
{ handle = [{ handler = "file_server"; }]; }
];
}]; }];
terminal = true;
}]; }];
# Create credentials file for nextcloud # Create credentials file for nextcloud
@ -52,40 +159,16 @@ in {
# Grant user access to Nextcloud directories # Grant user access to Nextcloud directories
users.users.${config.user}.extraGroups = [ "nextcloud" ]; users.users.${config.user}.extraGroups = [ "nextcloud" ];
## Backup config
# Open to groups, allowing for backups # Open to groups, allowing for backups
systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode = systemd.services.phpfpm-nextcloud.serviceConfig.StateDirectoryMode =
lib.mkForce "0770"; lib.mkForce "0770";
# Allow litestream and nextcloud to share a sqlite database
users.users.litestream.extraGroups = [ "nextcloud" ];
users.users.nextcloud.extraGroups = [ "litestream" ];
# Backup sqlite database with litestream
services.litestream = {
settings = {
dbs = [{
path = "${config.services.nextcloud.datadir}/data/nextcloud.db";
replicas = [{
url =
"s3://${config.backup.s3.bucket}.${config.backup.s3.endpoint}/nextcloud";
}];
}];
};
};
# Don't start litestream unless nextcloud is up
systemd.services.litestream = {
after = [ "phpfpm-nextcloud.service" ];
requires = [ "phpfpm-nextcloud.service" ];
};
# Log metrics to prometheus # Log metrics to prometheus
networking.hosts."127.0.0.1" = [ config.hostnames.content ];
services.prometheus.exporters.nextcloud = { services.prometheus.exporters.nextcloud = {
enable = config.prometheus.exporters.enable; enable = config.prometheus.exporters.enable;
username = config.services.nextcloud.config.adminuser; username = config.services.nextcloud.config.adminuser;
url = "http://localhost:${builtins.toString port}"; url = "https://${config.hostnames.content}";
passwordFile = config.services.nextcloud.config.adminpassFile; passwordFile = config.services.nextcloud.config.adminpassFile;
}; };
prometheus.scrapeTargets = [ prometheus.scrapeTargets = [

6
modules/nixos/services/vaultwarden.nix
View File

@ -39,7 +39,11 @@ in {
match = [{ host = [ config.hostnames.secrets ]; }]; match = [{ host = [ config.hostnames.secrets ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8222"; }]; upstreams = [{
dial = "localhost:${
builtins.toString config.services.vaultwarden.config.ROCKET_PORT
}";
}];
headers.request.add."X-Real-IP" = [ "{http.request.remote.host}" ]; headers.request.add."X-Real-IP" = [ "{http.request.remote.host}" ];
}]; }];
}]; }];

2
modules/nixos/services/wireguard.nix
View File

@ -38,7 +38,7 @@
}; };
# Create private key file for wireguard # Create private key file for wireguard
secrets.wireguard = { secrets.wireguard = lib.mkIf config.wireguard.enable {
source = ../../../private/wireguard.age; source = ../../../private/wireguard.age;
dest = "${config.secretsDirectory}/wireguard"; dest = "${config.secretsDirectory}/wireguard";
}; };

47
modules/nixos/system/auto-upgrade.nix Normal file
View File

@ -0,0 +1,47 @@
{ config, pkgs, lib, ... }: {
# This setting only applies to NixOS, different on Darwin
nix.gc.dates = "03:03"; # Run every morning (but before upgrade)
# Update the system daily by pointing it at the flake repository
system.autoUpgrade = {
enable = config.server; # Only auto upgrade servers
dates = "03:33";
flake = "git+${config.dotfilesRepo}";
randomizedDelaySec = "25min";
operation = "switch";
allowReboot = true;
rebootWindow = {
lower = "00:01";
upper = "06:00";
};
};
# Create an email notification service for failed jobs
systemd.services."notify-email@" =
let address = "system@${config.mail.server}";
in {
enable = config.mail.enable;
environment.SERVICE_ID = "%i";
script = ''
TEMPFILE=$(mktemp)
echo "From: ${address}" > $TEMPFILE
echo "To: ${address}" >> $TEMPFILE
echo "Subject: Failure in $SERVICE_ID" >> $TEMPFILE
echo -e "\nGot an error with $SERVICE_ID\n\n" >> $TEMPFILE
set +e
systemctl status $SERVICE_ID >> $TEMPFILE
set -e
${pkgs.msmtp}/bin/msmtp \
--file=${config.homePath}/.config/msmtp/config \
--account=system \
${address} < $TEMPFILE
'';
};
# Send an email whenever auto upgrade fails
systemd.services.nixos-upgrade.onFailure =
lib.mkIf config.systemd.services."notify-email@".enable
[ "notify-email@%i.service" ];
}

51
modules/nixos/system/default.nix
View File

@ -1,6 +1,7 @@
{ config, pkgs, lib, ... }: { { config, pkgs, lib, ... }: {
imports = [ ./doas.nix ./journald.nix ./user.nix ./timezone.nix ]; imports =
[ ./auto-upgrade.nix ./doas.nix ./journald.nix ./user.nix ./timezone.nix ];
config = lib.mkIf pkgs.stdenv.isLinux { config = lib.mkIf pkgs.stdenv.isLinux {
@ -8,54 +9,6 @@
system.stateVersion = system.stateVersion =
config.home-manager.users.${config.user}.home.stateVersion; config.home-manager.users.${config.user}.home.stateVersion;
# This setting only applies to NixOS, different on Darwin
nix.gc.dates = "weekly";
systemd.timers.nix-gc.timerConfig = { WakeSystem = true; };
systemd.services.nix-gc.postStop =
lib.mkIf (!config.server) "systemctl suspend";
# Update the system daily
system.autoUpgrade = {
enable = config.server; # Only auto upgrade servers
dates = "03:33";
flake = "git+${config.dotfilesRepo}";
randomizedDelaySec = "45min";
operation = "switch";
allowReboot = config.server; # Reboot servers
rebootWindow = {
lower = "00:01";
upper = "06:00";
};
};
# Create an email notification service for failed jobs
systemd.services."notify-email@" =
let address = "system@${config.mail.server}";
in {
enable = config.mail.enable;
environment.SERVICE_ID = "%i";
script = ''
TEMPFILE=$(mktemp)
echo "From: ${address}" > $TEMPFILE
echo "To: ${address}" >> $TEMPFILE
echo "Subject: Failure in $SERVICE_ID" >> $TEMPFILE
echo -e "\nGot an error with $SERVICE_ID\n\n" >> $TEMPFILE
set +e
systemctl status $SERVICE_ID >> $TEMPFILE
set -e
${pkgs.msmtp}/bin/msmtp \
--file=${config.homePath}/.config/msmtp/config \
--account=system \
${address} < $TEMPFILE
'';
};
# Send an email whenever auto upgrade fails
systemd.services.nixos-upgrade.onFailure =
lib.mkIf config.systemd.services."notify-email@".enable
[ "notify-email@%i.service" ];
}; };
} }

5
modules/nixos/system/doas.nix
View File

@ -13,11 +13,11 @@
doas = { doas = {
enable = true; enable = true;
# No password required # No password required for trusted users
wheelNeedsPassword = false; wheelNeedsPassword = false;
# Pass environment variables from user to root # Pass environment variables from user to root
# Also requires removing password here # Also requires specifying that we are removing password here
extraRules = [{ extraRules = [{
groups = [ "wheel" ]; groups = [ "wheel" ];
noPass = true; noPass = true;
@ -26,6 +26,7 @@
}; };
}; };
# Alias sudo to doas for convenience
home-manager.users.${config.user}.programs.fish.shellAliases = { home-manager.users.${config.user}.programs.fish.shellAliases = {
sudo = "doas"; sudo = "doas";
}; };

1
modules/nixos/system/journald.nix
View File

@ -1,6 +1,7 @@
{ ... }: { { ... }: {
# How long to keep journalctl entries # How long to keep journalctl entries
# This helps to make sure log disk usage doesn't grow too unwieldy
services.journald.extraConfig = '' services.journald.extraConfig = ''
SystemMaxUse=100M SystemMaxUse=100M
MaxFileSec=1month MaxFileSec=1month

4
modules/nixos/system/user.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { { config, lib, ... }: {
options = { options = {
@ -11,7 +11,7 @@
}; };
config = lib.mkIf (pkgs.stdenv.isLinux) { config = {
# Allows us to declaritively set password # Allows us to declaritively set password
users.mutableUsers = false; users.mutableUsers = false;

7
overlays/README.md Normal file
View File

@ -0,0 +1,7 @@
# Overlays
These are pinned commits, patches, or new packages for programs in Nixpkgs used
by this flake configuration.
Some of them introduce new functionality, while others could be patching
temporary issues.

74
overlays/caddy.nix
View File

@ -1,7 +1,14 @@
{ lib, buildGo118Module, fetchFromGitHub, plugins ? [ ] }: # Adds the Cloudflare DNS validation module
inputs: _final: prev:
let let
goImports = lib.flip lib.concatMapStrings plugins (pkg: " _ \"${pkg}\"\n");
goGets = lib.flip lib.concatMapStrings plugins (pkg: "go get ${pkg}\n "); plugins = [ "github.com/caddy-dns/cloudflare" ];
goImports =
prev.lib.flip prev.lib.concatMapStrings plugins (pkg: " _ \"${pkg}\"\n");
goGets = prev.lib.flip prev.lib.concatMapStrings plugins
(pkg: "go get ${pkg}\n ");
main = '' main = ''
package main package main
import ( import (
@ -13,44 +20,43 @@ let
caddycmd.Main() caddycmd.Main()
} }
''; '';
in buildGo118Module rec {
pname = "caddy";
version = "2.6.4";
runVend = true;
subPackages = [ "cmd/caddy" ]; in {
caddy-cloudflare = prev.buildGo118Module {
pname = "caddy-cloudflare";
version = prev.caddy.version;
runVend = true;
src = fetchFromGitHub { subPackages = [ "cmd/caddy" ];
owner = "caddyserver";
repo = "caddy";
rev = "v${version}";
sha256 = "sha256:3a3+nFHmGONvL/TyQRqgJtrSDIn0zdGy9YwhZP17mU0=";
};
vendorSha256 = "sha256:CrHqJcJ0knX+txQ5qvzW4JrU8vfi3FO3M/xtislIC1M="; src = prev.caddy.src;
overrideModAttrs = (_: { vendorSha256 = "sha256:CrHqJcJ0knX+txQ5qvzW4JrU8vfi3FO3M/xtislIC1M=";
preBuild = ''
overrideModAttrs = (_: {
preBuild = ''
echo '${main}' > cmd/caddy/main.go
${goGets}
'';
postInstall = "cp go.sum go.mod $out/ && ls $out/";
});
postPatch = ''
echo '${main}' > cmd/caddy/main.go echo '${main}' > cmd/caddy/main.go
${goGets} cat cmd/caddy/main.go
''; '';
postInstall = "cp go.sum go.mod $out/ && ls $out/";
});
postPatch = '' postConfigure = ''
echo '${main}' > cmd/caddy/main.go cp vendor/go.sum ./
cat cmd/caddy/main.go cp vendor/go.mod ./
''; '';
postConfigure = '' meta = with prev.lib; {
cp vendor/go.sum ./ homepage = "https://caddyserver.com";
cp vendor/go.mod ./ description =
''; "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
meta = with lib; { maintainers = with maintainers; [ Br1ght0ne techknowlogick ];
homepage = "https://caddyserver.com"; };
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [ Br1ght0ne techknowlogick ];
}; };
} }

17
overlays/mpv-scripts.nix Normal file
View File

@ -0,0 +1,17 @@
inputs: _final: prev: {
mpvScripts = prev.mpvScripts // {
# Delete current file after quitting
mpv-delete-file = prev.stdenv.mkDerivation rec {
pname = "mpv-delete-file";
version = "0.1"; # made-up
src = inputs.zenyd-mpv-scripts + "/delete_file.lua";
dontBuild = true;
dontUnpack = true;
installPhase =
"install -Dm644 ${src} $out/share/mpv/scripts/delete_file.lua";
passthru.scriptName = "delete_file.lua";
};
};
}

25
overlays/neovim-plugins.nix
View File

@ -19,24 +19,23 @@ in {
nil = inputs.nil.packages.${prev.system}.nil; nil = inputs.nil.packages.${prev.system}.nil;
vscode-terraform-snippets = inputs.vscode-terraform-snippets; vscode-terraform-snippets = inputs.vscode-terraform-snippets;
nvim-lspconfig = nvim-lspconfig = withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig;
(withSrc prev.vimPlugins.nvim-lspconfig inputs.nvim-lspconfig); cmp-nvim-lsp = withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp;
cmp-nvim-lsp = (withSrc prev.vimPlugins.cmp-nvim-lsp inputs.cmp-nvim-lsp); null-ls-nvim = withSrc prev.vimPlugins.null-ls-nvim inputs.null-ls-nvim;
null-ls-nvim = (withSrc prev.vimPlugins.null-ls-nvim inputs.null-ls-nvim); comment-nvim = withSrc prev.vimPlugins.comment-nvim inputs.comment-nvim;
comment-nvim = (withSrc prev.vimPlugins.comment-nvim inputs.comment-nvim);
nvim-treesitter = nvim-treesitter =
(withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter); withSrc prev.vimPlugins.nvim-treesitter inputs.nvim-treesitter;
telescope-nvim = telescope-nvim = withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim;
(withSrc prev.vimPlugins.telescope-nvim inputs.telescope-nvim); telescope-project-nvim = withSrc prev.vimPlugins.telescope-project-nvim
telescope-project-nvim = (withSrc prev.vimPlugins.telescope-project-nvim inputs.telescope-project-nvim;
inputs.telescope-project-nvim);
toggleterm-nvim = toggleterm-nvim =
(withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim); withSrc prev.vimPlugins.toggleterm-nvim inputs.toggleterm-nvim;
bufferline-nvim = bufferline-nvim =
(withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim); withSrc prev.vimPlugins.bufferline-nvim inputs.bufferline-nvim;
nvim-tree-lua = (withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua); nvim-tree-lua = withSrc prev.vimPlugins.nvim-tree-lua inputs.nvim-tree-lua;
# Packaging plugins entirely with Nix # Packaging plugins entirely with Nix
baleia-nvim = plugin "baleia-nvim" inputs.baleia-nvim-src; baleia-nvim = plugin "baleia-nvim" inputs.baleia-nvim-src;
hmts-nvim = plugin "hmts-nvim" inputs.hmts-nvim-src;
} }

18
overlays/nextcloud-apps.nix Normal file
View File

@ -0,0 +1,18 @@
inputs: _final: prev: {
nextcloudApps = {
news = prev.fetchNextcloudApp {
url = inputs.nextcloud-news.outPath;
sha256 = inputs.nextcloud-news.narHash;
};
external = prev.fetchNextcloudApp {
url = inputs.nextcloud-external.outPath;
sha256 = inputs.nextcloud-external.narHash;
};
cookbook = prev.fetchNextcloudApp {
url = inputs.nextcloud-cookbook.outPath;
sha256 = inputs.nextcloud-cookbook.narHash;
};
};
}

44
overlays/tree-sitter.nix
View File

@ -1,46 +1,32 @@
# Fix: bash highlighting doesn't work as of this commit:
# https://github.com/NixOS/nixpkgs/commit/49cce41b7c5f6b88570a482355d9655ca19c1029
inputs: _final: prev: { inputs: _final: prev: {
tree-sitter-grammars = prev.tree-sitter-grammars // { tree-sitter-grammars = prev.tree-sitter-grammars // {
# Fix: bash highlighting doesn't work as of this commit:
# https://github.com/NixOS/nixpkgs/commit/49cce41b7c5f6b88570a482355d9655ca19c1029
tree-sitter-bash = prev.tree-sitter-grammars.tree-sitter-bash.overrideAttrs tree-sitter-bash = prev.tree-sitter-grammars.tree-sitter-bash.overrideAttrs
(old: { (old: { src = inputs.tree-sitter-bash; });
src = prev.fetchFromGitHub {
owner = "tree-sitter"; # Fix: invalid node in position. Broken as of this commit (replaced with newer):
repo = "tree-sitter-bash"; # https://github.com/NixOS/nixpkgs/commit/8ec3627796ecc899e6f47f5bf3c3220856ead9c5
rev = "493646764e7ad61ce63ce3b8c59ebeb37f71b841"; tree-sitter-python =
sha256 = "sha256-gl5F3IeZa2VqyH/qFj8ey2pRbGq4X8DL5wiyvRrH56U="; prev.tree-sitter-grammars.tree-sitter-python.overrideAttrs
}; (old: { src = inputs.tree-sitter-python; });
});
# Add grammars not in nixpks
tree-sitter-ini = prev.tree-sitter.buildGrammar { tree-sitter-ini = prev.tree-sitter.buildGrammar {
language = "ini"; language = "ini";
version = "1.0.0"; version = "1.0.0";
src = prev.fetchFromGitHub { src = inputs.tree-sitter-ini;
owner = "justinmk";
repo = "tree-sitter-ini";
rev = "1a0ce072ebf3afac7d5603d9a95bb7c9a6709b44";
sha256 = "sha256-pPtKokpTgjoNzPW4dRkOnyzBBJFeJj3+CW3LbHSKsmU=";
};
}; };
tree-sitter-puppet = prev.tree-sitter.buildGrammar { tree-sitter-puppet = prev.tree-sitter.buildGrammar {
language = "puppet"; language = "puppet";
version = "1.0.0"; version = "1.0.0";
src = prev.fetchFromGitHub { src = inputs.tree-sitter-puppet;
owner = "amaanq";
repo = "tree-sitter-puppet";
rev = "v1.0.0";
sha256 = "sha256-vk5VJZ9zW2bBuc+DM+fwFyhM1htZGeLlmkjMAH66jBA=";
};
}; };
tree-sitter-rasi = prev.tree-sitter.buildGrammar { tree-sitter-rasi = prev.tree-sitter.buildGrammar {
language = "rasi"; language = "rasi";
version = "0.1.1"; version = "0.1.1";
src = prev.fetchFromGitHub { src = inputs.tree-sitter-rasi;
owner = "Fymyte";
repo = "tree-sitter-rasi";
rev = "371dac6bcce0df5566c1cfebde69d90ecbeefd2d";
sha256 = "sha256-2nYZoLcrxxxiOJEySwHUm93lzMg8mU+V7LIP63ntFdA=";
};
}; };
}; };

24
private/backup.age
View File

@ -1,13 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBkOVNs YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBhNzEr
NklGeTFxTTQzQ2t5WVUvVzREVnk3WjB0ZnUwdGo5Wk5Zc2RVeVJJCnBFbHcvUzdi aFRkQ3luWWhBbmdTTEtNOGc0c3ZPcTlRbktxd2xQZHFyMDF1c1ZVCkMwWDF5UlJH
SG5xeTg2dU9oRUtiYXk3cERJOC9zbitrZ1hxZ0RJWDVYNmcKLT4gc3NoLWVkMjU1 RTBhMXI0ZEhkQm5takh0QUpiZm5rbTk3M3REdUhQV0lOdmMKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIElNNkFMYkRoYXpPV1RtWEhrdUJCbXczd05tTG5QNi8wVktYQmZn MTkgWXlTVU1RIHdGOVptZzNIRlp1NUlFY1k2b1FtN3JRczMrZ054ZlhUbVlvRVVS
eTlWbTgKUVVrb21mTTNzZ1d6cE0yU2l4SVhqbkNyUEpLSHJyUEMyS1pLNGloTlpK NEZCaTQKUmMwWFBBVDdBMlBpekVCSC9EMERHdXlKNGpubXRmY0FxalRxbTNnREky
cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgRU5LM2FKNEZ3Y1dDOW02VFU4bnNuZHpE ZwotPiBzc2gtZWQyNTUxOSBuanZYNUEgeGhzMDRONFJjMEJZWUlDeHp6SHZERXJS
QzBLMlBhVnY3aGIrZDNhOUNWcwpSMHNsYTRlNFc5V0NsQ1h2VGFqUHNBVkxTVXdz VjNLb25adVJ2V0MxMm9DUE5Gawo2RlhSNDY3K2oyQ2VGZ3p1MHRreU0ydmZjRkZQ
dGx6bWFwR1FFU2JNdmlBCi0tLSB6b3dpRmFURm0veFRFRitpbmZoOWJFcU8rbHJk bHZsbkxXdzNsN1A2alBBCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBqL2FWZis5N2l6
OXVIbGpUSWNFdWZmczVNCrodWjz8yVOdHHcVH9s2gOJfDrZFCP7L14RdGs9UW/Iw T0lYUVRBcDBWQ0sxRFd5V3JydzVTVUZZaDZyL1ZGaUJvClRPazdXOWM5MUhrLys4
JaJr5YblUiqTfKJiCN8dnCve3oCUlIY6K+yrBh5GaNbiwOgCzzZO5BGXEqoUSnux OWp2SVg5S0pnVE51MzRwMU1hRThKVFJZSHJzY1kKLS0tIGl1UjBtUzhVZTArZkVt
ltmV1UI4 RVhMMlJNQVlBS0Z5bTByQ1hpSGQvZVprL29oS0UKZGsWBbEUiDIJhoBOEaLF7cnW
FMcg1pxgmlioqsRbKdcYlZWEKDYUa0ZctJEYo0m+eGxilTV/qctyiEIYsoKU1t0Y
+kCTYQk+RbtKfQ7xEStmJ2cdZDE=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

24
private/cloudflare-api.age
View File

@ -1,13 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyByWGJS YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBRckNo
SmJlSVhZcUx5Y3JhVXYxUVhUbmp2QjNXeUxYL1EwNThJelRoTVNvCjFsU0gyaWNJ MkttVHF3WWhKMGtCY1ZoL251SlhEb0YxUEZSSDBLVHhQK3o1QW1rCkp5WHFTb0xE
SEJpNVpYWm1TL24yeHNLaWNIdU9FdWw2d3p6UVVMSEYwT28KLT4gc3NoLWVkMjU1 amRrM05XRGxzMkRPUWx3Z1BVMFRsRGxvemRLckZEY0E0QmMKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIEV4NU1sOENFK1NvUWlZL1NmUCtUM2RRQmd1c2pnb3p6V3Bsc3pC MTkgWXlTVU1RIEhrV0E4b3VkOUZwYjBXTkF3UUhVVklLWXF0QkpYRjErY1l2dnFh
UVdYV3cKYmFkR0EwNVpRbzJBb2Z4RmpXSGVyK3BkLzd6TTMvQWRRK3BtRXZDUjVZ VWZvVkEKUGd2VGtVaEFqc0lpZS9Jd0pSQ2IydHBUN1JWTGE4MzZZT2RXRUt2eVFI
UQotPiBzc2gtZWQyNTUxOSBuanZYNUEgMG9rU0lzTU1iV1grOTNzZS85cldQZGE5 YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgelFPWGtneFhDWmFoc2FIL0RwejZuS3Zr
Ym9nVkRvNC9OMUFBbStNT1BBOApucnl1Z0w1Y1RRU3grS0Z0TjNNRXcwVnVqeDFF ZzBUREMvTUtpYlNqdmV0cHBscwpOMitLS1NoVkZwYmZFcnJRWkRWVFJ4Sm1oTmhG
VGc3Mm93UFc0YXoweVBBCi0tLSBvTnpCc3hBVU81dkpBRzV2L3NWTlZaV2QxUVNZ WHRjaWQvZWNLcVl5ZURvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBRMTdyOTRWV3NQ
KzJwcUI2QUl2NEY0R1p3CmDvQwsKrtmTJliCxHv+LSoIV8jYpQJ7I2LJSH9uP89N T1I0Wk1jOE5KSVFFaUEwTm9iRElCd1pscG80czF1U0E4CmREU3BNVklzOXZKVFFp
+7wbAwGjv/Uxk7gnMn5EqQuFKZeOl8LLhKEprmVqVZqlkgbpaaaWud/4xNKu9v5h UWRoYXp2UXRxR2ZhbzlYSng5akV5Zy9hZC9uWHcKLS0tIFFjdE5KN2lxMFQ2emJh
lWuY1sYd d1NwRm8xaHpZNGxQbFUzSTh3MWxJRXViUjVBUFkKr/OxDAiV2XR3YZDdT1DSPUPk
XQrbpI/urpfXPyQAzXH2IwqRU2H56JHH2Q+z1OK6/BDzpxyFf1HmK/N9p/00osK5
WPeBVcNDMmWD/RlgEyooxyajK6Q=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

28
private/cloudflared-flame.age
View File

@ -1,15 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBQVzVy YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB6R2Vp
ZmRldHhVenI3RVdOQXkyQ3pQUWM3N2l0bFBqT3ozakp3Nk5nS1dVCmoxb1lzVWd1 T2d4eDRDdGdIZVdZelRUY09oRWtwTFpDbGFEKytiOGxxQjgwakRrCnBveWptbm5P
YWZ0UWd4TExELzJ1cElsQ0o2L1g4TVBpZW16TmxvT05GaFEKLT4gc3NoLWVkMjU1 Q2lkaG4vSWZkS0RjM0VuUWtsalovZkJVamJzV1pWbGlDTzAKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDR2TjdhbG1MelVVTXF3WUhFRWZKRGVoYUNwdy9hc05uajg2enlY MTkgWXlTVU1RIEtuMnZvcGExWmJZU0tsdTJXa0ljeXYzOEJKV1Qrc0xNSnE0emJI
S0x5eWcKSlM2YjFCRi9yN3ozVkhScXM5S0dNRnhpeisvNlE1Q09CNVFvN0YwL2JR czdQbjgKM0NFc29UZTFUbVVrbFIzUDZhUlkrbGxSSXl6SldnYXh6a0hXSVlHQ25v
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgMEJtR2JpVk5PZnRpOUVuZHZJTDI3Z0Fa TQotPiBzc2gtZWQyNTUxOSBuanZYNUEgc3R0Qjh0Vy9mSnR1eE5rajU5ZG56OFVR
UUdwWXFLT1gxZ0c3WFBlU2dDawpreE0yYUxoUktveGF5NXE4VHRva1hNdjdpYmZn UUNLYmJyVHYxcUlsbzlTVGRUNApzcW4xVXp3dTVaVmhnVXdoUnZ2MlNESnUvVVk0
R08wQ0l6cXpvYmhRMXRvCi0tLSB0UmFTdVBlR3NTSkVzdGtzOTdmSFVERC85dU1z ZkRFVVBhdjZsMzhHRzZvCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA1MW8wdXBYdXBl
cHdMVFdYSTFWUGRDTm1nCrengYn1phCUDmVH29uRjKMLNDIucrpi1s4t8ciQ3ILG VjM3Ukc4U2tSWFc2WDJaVWo3aldvazgwckJBZXVKbkFVCjFaaHhENHVQOWx3Q25F
sz605ztO3UUlm4SQTJnXmktRDBlLu/xICzEo5okkNl9HwK7s2Ok2DAoz8K/KeFbS NnBnSXNJRjlwWk0zLzY1NVE2Z1M3dFhLMzVBT2sKLS0tIDk4TTBhNHpjS2lPRTlk
65K3a3RcZEdWryZyu/N12HAqu5FDw0wIbvLJP4X+EcpUJXYHr8FluLUSEQg+sORW VllRbmV4YU9xYUtEaVNWRVRrb2ZheSthWTAxcVEK9nC0bUWE1W8lmXZABR8IJAnI
FnL5tr1vK32ZQY4GIHZXh4hQbNoZo1v2ezkcK21siDkeA3e3PT6Bi0I90nuXS9Pc to/at+EBAj4gV+UvTpqBmQ9xy5q9ih+L9VH+WolUQg5To5nzSKDbhwybzwEj1YUd
0rZFZeYlNtI1Y4aeg6NEWytt 5Oqm1waFqasvLe4tNkNZ1aEVbc5VFY6OBCw3nVRESVR8AeuDnL8rRZyYpZjEwCZu
Qay0cQUSJPJQIKES/UzSrUj+HAw2LxPPAZ9xrDa+QuU36RfPHzmAoVMZ82MxtLxf
vLgxoUM9INybdIoBncihj90U+o8PC8Mud2DBm/FGkx0=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

28
private/cloudflared-swan.age
View File

@ -1,15 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBDL0tZ YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyA0bkg4
TG9JTEdCMkJ2SnRvaFVLalZIM05JWEc1U0JSK0Q5aEg3TTRscVhRCjhJRGJYL3M5 WkZTODJsOFN0RGtzQ0F5RzhmQ0ViUDBobXEvVFFidXNtNTRaSFI4CjBraW5mUmgy
T24yRGVQZG1heTJveU1qWCthZ1RJVkRtTksxVGhhR3dIMWcKLT4gc3NoLWVkMjU1 QzJPOStxdmRXSVY4NlNkZUUrcThGUUhpZUFxVm0yVENoNVkKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIGk2RDZjMEtDblNDcCtvRnFkNnQ1elEzUkdyWWg3M1hNcXBTaEdN MTkgWXlTVU1RIDc4MCttZk5aUlNoVjZZY2RwVW54SE8xT2gyYk5KSXFFQjFjT2ln
VGtLM2sKK09Sa3NZNnc3SWlHRXBjcVE0Z3ZHSnY0Zk5pS2UyQ3NSMWh2VzNJeTNm aUNhZ1UKSTJzdTJTTXBPZTVYVXRMb1M0c3FtSDlyd2MvdVdHYURMSHV1WUF0TTZT
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgWDhkN1B6ajNYcTBGeCtlbHhacnB4Ly9a MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgeEd6Zy9CYWRKUFNjUHRZd3ZEMmR4VCtK
ejJCSVhPcndST0dkN1VZZE1nRQpKeUhCWEk1RkdjajlFMFgzajdmclB3a3FORkp5 cGR5UWdFSmRyLy9iblpJNVRtbworVEdkL01YazZyZHA0NmRXKzl1NTIyM0FZK2hW
ZTRQK3JXcWE0YUIvL2UwCi0tLSBBYkFQcmwvM0hZbEtBWG1oVUZ5NVhoT2p3U2pF emlKWGhiUjl1T3lpcVhZCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBBN21XTy9qQldX
VzhGL25La2lJRElDL0o4CtVNQVuouGOOXtVTwdeBd4+CJyglCjFoDoOpXdH35fni enRxcE5pSVl2YXQwckIyQ1NueG5lbk1neGpDdThkSm5ZCm9HZlB2dWpSUWkrZUht
Azr6JyfKbBlcavrghACWVDem24WIKq7uh9BSL2yHd+sj4umDybuCk9RZWmLgSaHV S21wMDE4anZrMUdSUUdnTFJmWnhXUks2ZmhyQzAKLS0tIE5JekNmSkdjUHcxeDdP
g7Y3jiHa/NTvqd+Wr0PBas4TcOLcICQ0rg9gWnYH+QQDdnv+At4Eqp2/X1ztTI8O YVpLODlCemZkallwODRlOVVaOEk0UEVYY0Nxd00Km4HzHO0ciIVLi9jVf1WL0v70
PRJr7O6HJJasPZSsQldjs3O3fMiLiYPSywCTmgU/gstnv2YhbA3m4vhqOeRskuNg 9tdZZIXF1aklkmvwpKZyIBSJc2cDm583czRyrhy5/W2h2xLYSOXdL0NVKJyVgJj2
X0qAd8jso4Bo7jHohmLLzl1c Y8Iq3+nLStZ8p0TL9MuFyY5HXkQpJzFeIrdFRj2vcQPVP1txZd90se8WrUP4k/9h
xrC+MHllDYR5lDXhAUhS42y746Ixm3iabVlPDzcccPJS7nvT4w5HBwkhWaVvb1/1
cHD2guHpi4e3BbT5ozKADmOHajfjRy+j+gwFTl0AjGg=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

28
private/cloudflared-tempest.age
View File

@ -1,15 +1,17 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1VnBt YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBEVnpD
RTV5eWc3RDNUR2lOWFRaMlgzREQyMlcvUFNxV0N2Vm9lVVZKOUZ3ClJjaWtYZjR5 S3FrMlhVZXpEZ1IzMVJpTGh3UnUyaEo0VU5iR01JL0dKVWpCUGpjCmdoWHUzRzBh
ZTB4L2M4MFB0UThaMzlRT3JkUEE1N3RrSUlpZnRFbmFDdWcKLT4gc3NoLWVkMjU1 NCtMK25aNG8rVktpcDFkVW9yd1dOSExxNUo5RG9CWDgyUzgKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIE5iTUs1ak9VZjRIRGpLMWtDcVB0RjVFRW8vOENQZlkzeGhsYmFB MTkgWXlTVU1RIE41U2Y5QUwxZVYxTEVCVlczMjlUWmxYbG5oOEd1YnR2UUJOZ0hG
QzJ6Z00KZmcvZ0hYMjN1bGZwY3NvMjlCbnpHUWVjdVU4cnBGcDQxTU8wZ0EyQXdU ZU9GemMKaS9pYzQvSG1yR242UDlFQ2M4U0F0YjlHSzZBOUtvRCsybmhOclJkZkI1
MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgazRzK2ZnSUZNWURoKzZMZmM4VTlDbVBh OAotPiBzc2gtZWQyNTUxOSBuanZYNUEgUVdES1BCdFljL2JRTzJSSWpFcWw2b2hQ
WGc4MlE5TGFiN1MzV01FT1oyQQppRUhUNjdlQURNQm8rR0JOOUJFNm9vaXhPTXFW MFZqZTlyWC8rSzZ6RnI3ckdHbwo0cnBDNHdVNWFlMmxCZEVHWW9Tb2ZQMXc3WGw4
U2lJU09jWVA0TDRrVHY4Ci0tLSBudWJTclRTek1RWHYzYzA4aTduODB0NUNWbVVP WUszNUc5aTk2MDVERXRrCi0+IHNzaC1lZDI1NTE5IENxSU9VQSB6VXJBMit0UytG
cUIyVzJncWhDS053d25nCneJhp1QT1v+dAguW9wAKDgWST59KNBgbY01jkf1IqXc N1l4cHd6cTZudlBzWEcvNkhHVldOMnQvK2JWWVh4VGhJCmh0VVUrd0dEMk9XNVlD
FbmkctPIMggim3uCBqjzBboYvf+dtt0Fcu9aiB+4YmGUeQNb+9mdPweXoHmVrego eERYc1VtdjBHUEZZQ0pNWjF1aXRmUTFZc0phaDAKLS0tIHhVVTFDcjVucElUOHlw
XygVsbuSP4xKWtIJhBJ/3/jEK9LqBtv+owdUIxbw5Ci6A0JvSu+tnUj5oAgMyT2z T0VMUWVTL0R5ek16VmlDY1dZWGk2aWV3TjdQMVkKbBB/Ixe0nuEQ4WkOguVk6oRI
YrGRK9plQZteeUkMcd6+anSEUpP45lzfz/T7loD9ViCbPHRuUFgwkwUcRGjQStm3 h7gasRs0CYNvKoIjAf66tJ4IC6CumJIo2JRkH0CU94nOJhPqdPL5VS2IrJOznrWY
pnx9bi8N4ac599f4KqInm5gd bZolkeTJxq+IDUZVTNk6b/7TSmhPsKNgAZZdEQp+HSwz3sy1wZIBTkc7Lxml0Vvy
pBjh36wBjPLYJy69KAxsI13YYlT8gGw6dHQutBlVRzH6zL+To8TQ/TMDAwKHxkJA
6Bv3SyF5AvVYtJhnhT2Ic9fmkbbkohes6illUlpZTPU=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

23
private/gitea-runner-token.age
View File

@ -1,12 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBoOVF1 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBzTVNj
NmZocHpQQnRJcWpWUHh2bU93NkdnZWNzSlFiaHdTd24rcHpsczFRCmJaSzNkNGs1 R1FPalhwL01tWkg0REtwZ2M0Yno5RVVDSjJsQ1VUS1dWak9aeWgwClI2V1c2bE1w
UDJCN2dYUVE3UTE1OU5RUWljQlN4dmxuUnpOMFYxQTdUaVEKLT4gc3NoLWVkMjU1 RzFyVWlibVZzV1NGWEd3OWNOWG9jRXV1dHRTV2k0RzEreUkKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIE5HdGd6aTlKM0lFUlYzT1VhS05nZ2ZxTndVZHBNQlJxYlovdXkx MTkgWXlTVU1RIG1nZjVqbzlnUEZtSkxmTUtVNDdFS1NQanVmL1RSeWRNbk4rRjdP
ei96d2cKdzlUYVFFaEIzaS9LZmY3MzM1RmNnR0xjOEpHK1kxM0FMTWRQSlVnczVF YWw0WEUKdFp0NGtuMEtQdUhlNTN6MmdxRDY5b3lPajhoRVAvT0llQml5cGZLdFlm
dwotPiBzc2gtZWQyNTUxOSBuanZYNUEgQ1lhMGQvUy9OWkRBR3BZV1pFNmNtb2pq UQotPiBzc2gtZWQyNTUxOSBuanZYNUEgY0xkSFM5Q1pDRTlCbjRZT2FnN0JxR2h3
Y2VEUzhRWGVWUkZJY1l4RGtWdwphdFZtM0ZLZURvYVZQYjV4bWVPdWJxa3RmWmVh ZmM5NGJkNGo5M0tzak9iOGZUOApiVmNic2RpSjB6M3Jma1V6OGJjTGlmL0xYK3pP
SHl0T0pQWmxnVlFPR2drCi0tLSBnd2lwS3dqUk5Jelg0b3RxbFdEcnJ6ZkkvZTVN a3ZHYVhMMDBGZkQ4TUlFCi0+IHNzaC1lZDI1NTE5IENxSU9VQSA2K1lBMlFaVEp3
UllBeUUyOXBxVDBKMG5BCkGo9kj9sMVhbnXVM35lGScAb8r5LH9vf5jOdhLC/Wj2 cTZNZ0duTGlXc3JmUUo3MkYyK1ZVRWM2VTMxekNhNHdZClE3RDlub1Jab2VhbjFx
+uA0ONIh7F2GELzf5Cw1KZJ8aHTURM2r41vZvfAQN1RwrmYOiUzlyMrvTDe78cY= RHhOSHNnMGhEcjN0ZytsZWV4N1AzRFRDT1d6N0kKLS0tIFJSMEFkaWhMMGxQaTlL
MW12UldodHcrclFvQ080OEJBekh1VTZCNFEybWsKo6mw3I7uX/jwJ6moOGpqSltT
BRsBwTeNrIdc+FR60l4sP8nRI9KV/7wyce9aFhqtiFTBNnGDXRcjJDrqactCiGcB
Geuhsjc9ZMwjJEATbQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

14
private/mailpass-grafana.age Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB4R0xH
NU0rdGUzb0FaeC9JWUtJNUd1V3dFYWpKbm1ONG5MbFE0dE1obDIwClduT1ZTL3o5
MGNHamh6cWF5S3RlTGxGRWJnRE1xU0FRYkpETDgzTUpLSGMKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFhJektxUE84aC9BeVVlalJxUDFabTM0dWRHN1ZMY2tMb1JVSDZw
RHhTQ0UKQzhlTVU4djJKUENEVXpoQVU2azRBQU93d2JGamwzRjNxc3VCNVhEbVVH
TQotPiBzc2gtZWQyNTUxOSBuanZYNUEgZXZnUWt6ZHFxTW1mN2RtYy9IdXBtL21N
NG9wMEQ3WFRNTGF4M2NYU0ZtVQpRMllFVk9GV2dCeERIakpXZnIydXNLMWJwNGds
dEhyNjRSL29COU1uQlBNCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBiVjdTWlAwaytl
aWJwTkZNTTNwQVhNUGl0ejRiRHppWWhaWi9kWWk4QlhzCmJxcExjK2loWUtwZDND
WjBXRUFCVGFLbTlKdlVieTdSZ1hlL0ZaTkNubFUKLS0tIDNVQ2NCdDVHNGUvZXFM
azdWUmh6azAwMnJ4Wm5UOEdGTmRBenJSdUY1eGMKx3sYbX/g7JVCFrwVe7UNLkWn
1p+MbGJcRS0ucxNIEniCBafaVnXDiRAHtaWSCqtbvZ4SVg==
-----END AGE ENCRYPTED FILE-----

22
private/mailpass-system.age
View File

@ -1,12 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyA3Ynp0 YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBJQUVJ
UUVDdVk1MG1nQmZ3cDl5UmY5VnpMSkdyYmluTlJGWUdnRVQyVWhvCkNlQkY0RUR5 aHZzMHNaME1zUDR2dXVHMTFvc2pqZnV2Z09YZ3FTM20wdGo4ckFrCkFOc1lCQmhv
ODZTYUEzQlBmelBLcUxuWjdiYms2RUtmYlFFeEpXM3JCMlUKLT4gc3NoLWVkMjU1 STNpT2RlcWhNdzYxbEFvNzV4cmtoYm9waWc5cXhkWEM4eUkKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFNySTEvUXhycFhZa3h5ZnZyaXJEZ3BGRW03WGRvM29FQlZJQ2xx MTkgWXlTVU1RIHliSURYL0syL1N5bUxWQ2NOQzhWR09kNUNqaGpWa3lrR1M5Qldv
ZnMwVzgKbGFVMDlYZjVzeUJyY1kyc0ZXRnVydHkzOWtPaE1uTXllbHhaQTdIa016 KzlvM00KM3JvRjlBZHh2UzVxbW9rbUdIcUNOWkhVbEFETEN2VTdDc0lMV0EzR1kv
VQotPiBzc2gtZWQyNTUxOSBuanZYNUEgdjh4T2FkckZYQlpsd3ZSTmc4VGRxWjg4 VQotPiBzc2gtZWQyNTUxOSBuanZYNUEgK0lkMWNuUFR4ZGZmaGJpOURVS3lBbGti
TVRCTUl4U1BnanVwV29POXhIZwpEcHBUOFJjTXBGTExYTWtmd01XQlZndklXTkdU aFA4anhUNEhYLzkzT3hZZTJnUQpmSEN5MzdVcWYxbTFpeGRlODAvUFVySGRoUVpE
NHBnYkNBTSs5K1A3cE9vCi0tLSBBa01zRTdNYW5wRlltVkgrWG9mdHcrZ1NXRUwz NEd6aitiVm1vR1VNcnlNCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBiMjNoUG9jVTQ0
UUhsalZSeU1CVENmbnp3CphGOZ7hu3mq3UI69UCJq7ptFDMUmdmYW4ydzz2RVlYX akdPcXMrbVo4OU1mODhkMHlKbzEvTEJObGViVXFaUVJZClRWaXhjNzB4b3hvbkVW
P1JWkX0IpnHtcFPK1XmRrBkiyto= RUFWWnc0QkFzOEpXWVdZOG1TbDNLQ3lkdkxVRHMKLS0tIHNRNlIxVjhsMEVyK21o
a214bW1BKzVHbkZrdGhndkhnMlgrWStYbXoyVGMK8hdGLDk9xC1OnfTNtHZLbZCF
KKw9JFl6b8++iwM2H8cQgWk8qZWQUvyO58ahkO/xtOCXCA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

22
private/mailpass.age
View File

@ -1,12 +1,14 @@
-----BEGIN AGE ENCRYPTED FILE----- -----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBsb0pX YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBHR1lJ
R2RJRlJkbWF2a3BJN25ZY3ZwWTNRNDFhbWFkRE5TdkxDNUMrUms4CjI4TVN4Rk5U U0gyb05HSm9kUmNjdmdGQm1XU1ZCbld0L3lxemdMK1dlUXQxM1MwCmJwRzBGM3lk
a0xMRHVQSEJUcVJTQ2ZLd0c0c0MxM2thMFpyeXZ1NGM2NFEKLT4gc3NoLWVkMjU1 ckwzTDVqcEFOakxaMFYwWHQ4MFZ0ZjNySnVRU3FZbGxndUUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFFnN1VkSzVXVzg4UGFWakxweWRmSldWbDBOMW9xYWJQek1Ielk0 MTkgWXlTVU1RIHliMW0yaTdXTDRmcENtZUJhaE9NQWE2eGwwelRnM0ZydE1oeGtj
YXVrVFUKSzhUNVd3SGU4MkVZUXdLWXpFL3JCUWxOSitHOEJzQ0pXN0FKSXZ6RUFm bkVjeGcKaUtpMVdzSVBDTklUMDFjcmo5SCtHckhLaUxHNnMyMUZrNy9MeXZtSnp3
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgVG5jYmFCTkFmekJMdFBUVWJscmN5dUxp RQotPiBzc2gtZWQyNTUxOSBuanZYNUEgaW1IZjY4VnlFUUVJSzdnVkpFMllic0Rh
RngzZEFEZUJINDBwUFBIUitpWQo3aWlLRDdoUklhbDlNeFJjeXFkTnJFcDJiV1Vv eTFydGcxOGpWczhxVktxVi9ROAoyUE1PeVN6b0RDVHJGMFJwdWk2QkdwaEVVK0lU
ajBQQzFlaTFwWVFDSjljCi0tLSBWS3pzSWo4SXpIallxc0JQWk9LSWFDekxtOGRp Zjh5RWFSSjd3RHBNcFRBCi0+IHNzaC1lZDI1NTE5IENxSU9VQSBFNDhwVk0relJU
eGhYSEdqL1RmRnhtemMwCmQ5wc817Rk+Rs8RHXMe2Gm1mKbFOFMVrWFW5gLm9UHE WWFlcTFPRWlZLzRsOUhWWFhydS9teE9RRU43Mng4Y3pvClcrVWIrRjl6RnM3emJp
T05kZ7OBh34D9B7jmFokYM4uQBXBrydcb51TGVLXXgnN RFFGaEFka3VLQWg3UmUrN2M1VDVlODk5MGZvN28KLS0tIGRsdnpEc2YrdDJldmE3
S2xxck5hRlB1OEdZL0p4ZmNBMHA5bTNzUUJ6REkK4/pCDRQsb6e7TMT9I92Y6P0P
i6K/cnbu3GacXRXGdA21L3DVu5TFwKaym2pIbO5JdO/G1Ic7jQZrAg9GOHnNbSs=
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----

Some files were not shown because too many files have changed in this diff Show More