noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 16:40:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:fea0396dce602b4f675171769ba18db08ad569b4
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
...
compare: noah:unfree-predicate-by-pkgs
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

45 Commits
fea0396dce ... unfree-pre

Author SHA1 Message Date
Noah Masur
8ab86428ec attempt to use pkgs for unfree predicate 
still not working
 2023-03-10 21:22:07 -05:00
Noah Masur
d4fa322fb1 fix: neovim xdg mimeapps don't work in macos 2023-03-09 10:45:11 -05:00
Noah Masur
3d73f8cab4 switch to nixpkgs slack instead of homebrew 2023-03-09 10:45:00 -05:00
Noah Masur
0df8af607d associate media applications as defaults 2023-03-08 22:58:49 -05:00
Noah Masur
61d9b103b0 set local network hosts file 2023-03-08 22:57:48 -05:00
Noah Masur
71d0d3ca14 move yt-dlp to separate file 2023-03-08 22:57:30 -05:00
Noah Masur
d5b0405b99 fix: default nvim desktop mime-apps 2023-03-08 22:55:34 -05:00
Noah Masur
3cad3d2fb0 bring back tabularize to neovim config 2023-03-08 18:14:52 -05:00
Noah Masur
2acd9b3478 add yt-dlp to media packages 2023-03-08 18:14:30 -05:00
Noah Masur
bf4be11718 don't garbage collect direnv flakes 2023-03-08 17:43:30 -05:00
Noah Masur
4d38d1094f limit number of configurations 
not really a big problem, but worth adding just in case
 2023-03-08 17:42:25 -05:00
Noah Masur
183babd2f0 disable community cachix on macos 
ssl at work prevents connection
 2023-03-08 10:30:47 -05:00
Noah Masur
12682a57e1 macos: don't recreate canvas on app switcher 2023-03-08 10:30:25 -05:00
Noah Masur
31170a616f client samba cleanup 2023-03-05 23:47:52 -05:00
Noah Masur
4502c5ff62 enhancements for samba server 2023-03-06 04:46:12 +00:00
Noah Masur
59bd3590a4 turn on fstrim for ssds 2023-03-05 23:07:03 -05:00
Noah Masur
ebacff7250 remove unnecessary trash in darwin 2023-03-05 23:04:28 -05:00
Noah Masur
763f0bbdda enable trash on linux 2023-03-05 23:04:06 -05:00
Noah Masur
18505d4cbb enable steam remote play 2023-03-05 23:03:34 -05:00
Noah Masur
a7c04b59ed use entire data dir for samba 2023-03-05 20:44:55 +00:00
Noah Masur
d46e6dad6b open firewall for samba connection 2023-03-05 19:59:58 +00:00
Noah Masur
5e4642b92e fix: mail pass file set incorrectly 2023-03-05 09:05:45 -05:00
Noah Masur
7ab78767d4 move calibre books to zfs directory 2023-03-04 01:04:02 +00:00
Noah Masur
366a7f6157 move nextcloud data directory 2023-03-03 20:54:27 +00:00
Noah Masur
fb47302f3b add cachix community binary cache 2023-03-03 09:39:42 -05:00
Noah Masur
cda3ee0a4c credit attribution to LaunchBar for applescript 2023-03-02 15:15:07 -05:00
Noah Masur
0ed11de174 move gvfs outside of common 
nixos-only option
 2023-03-02 14:49:20 -05:00
Noah Masur
ab6f80fc18 overlay for age no longer needed 2023-03-02 14:48:49 -05:00
Noah Masur
d1f21ec874 fix: dismiss notifications with hammerspoon in ventura 2023-03-02 14:47:51 -05:00
Noah Masur
cdcc90f85d docs: restore litestream nextcloud backups 2023-02-28 23:55:21 -05:00
Noah Masur
f5674134fc add nextcloud to swan 2023-03-01 04:54:48 +00:00
Noah Masur
d37cabfd9a fix: don't age encrypt password hash 2023-02-28 00:12:19 -05:00
Noah Masur
6e117769c6 fix: gvfs not in home-manager 2023-02-28 00:11:59 -05:00
Noah Masur
f648e92c28 samba initial setup 2023-02-28 05:05:04 +00:00
Noah Masur
43343b2824 add jellyfin to swan 2023-02-28 04:27:10 +00:00
Noah Masur
ab9136af2c enable backups without any specific 2023-02-28 02:02:45 +00:00
Noah Masur
a7fe90b236 add swan public key 2023-02-26 22:04:45 -05:00
Noah Masur
5557065c8b rearrange swan settings 2023-02-27 02:50:24 +00:00
Noah Masur
de1fae2baf setup but don't use generic zfs config 2023-02-27 01:49:46 +00:00
Noah Masur
2c310fd2f2 fix: disko doesn't have disks attribute 2023-02-26 20:28:10 -05:00
Noah Masur
aa4dc4a0c2 fix: disko root now takes one disk 2023-02-26 20:24:12 -05:00
Noah Masur
44821ea344 fix disko partition for single disk 2023-02-26 20:03:39 -05:00
Noah Masur
cb60542980 refactor apps and separate disko disks 
format-root app still not working
 2023-02-26 19:53:51 -05:00
Noah Masur
3fe6911e2d add separate root nix disko config 2023-02-26 10:55:36 -05:00
Noah Masur
afa62c5510 fix: diskoConfigurations using nixos module 2023-02-26 10:42:11 -05:00
62 changed files with 720 additions and 398 deletions
Expand all files Collapse all files

52
apps/default.nix
View File

@ -1,45 +1,19 @@
{ pkgs, ... }: rec {
default = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo ""
echo ""
'');
};
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format and install from nothing
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
else
nixos-rebuild switch --flake github:nmasur/dotfiles
fi
'');
};
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
@ -54,17 +28,7 @@
netdata = import ./netdata-cloud.nix { inherit pkgs; };
# Run neovim as an app
neovim = {
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors =
import ../colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
})
}/bin/nvim";
};
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

39
apps/format-root.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, ... }: {
# This script will partition and format drives; use at your own risk!
type = "app";
program = builtins.toString (pkgs.writeShellScript "format-root" ''
set -e
DISK=$1
if [ -z "''${DISK}" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: format-root -- <disk>" \
"Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
echo "(exiting)"
exit 1
fi
${pkgs.disko-packaged}/bin/disko \
--mode create \
--dry-run \
--flake "path:$(pwd)#root" \
--arg disk \""/dev/''${DISK}"\"
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.disko-packaged}/bin/disko \
--mode create \
--flake "path:$(pwd)#root" \
--arg disk "/dev/''${DISK}"
'');
}

23
apps/help.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo ""
echo ""
'');
}

13
apps/neovim.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors =
import ../colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
})
}/bin/nvim";
}

15
apps/rebuild.nix Normal file
View File

@ -0,0 +1,15 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
else
nixos-rebuild switch --flake github:nmasur/dotfiles
fi
'');
}

44
disks/root.nix Normal file
View File

@ -0,0 +1,44 @@
{ disk, ... }: {
disk = {
boot = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
# Boot partition
{
type = "partition";
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n boot" ];
};
}
# Root partition ext4
{
type = "partition";
name = "root";
start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L nixos" ];
};
}
];
};
};
};
}

95
disks/zfs.nix Normal file
View File

@ -0,0 +1,95 @@
{ pool, disks, ... }: {
disk = lib.genAttrs disks (disk: {
"${disk}" = {
type = "disk";
device = "/dev/${disk}";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = pool;
};
}];
};
};
});
zpool = {
"${pool}" = {
type = "zpool";
mode = "raidz1";
rootFsOptions = {
compression = "on"; # lz4 by default
"com.sun:auto-snapshot" = "false";
ashift = "12";
};
# mountpoint = "/";
datasets = {
root = {
zfs_type = "filesystem";
mountpoint = null;
options."com.sun:auto-snapshot" = "false";
};
# "media/movies" = {
# zfs_type = "filesystem";
# mountpoint = "/media/movies";
# options.recordsize = "1M";
# };
# "media/tv" = {
# zfs_type = "filesystem";
# mountpoint = "/media/tv";
# options.recordsize = "1M";
# };
# "media/books" = {
# zfs_type = "filesystem";
# mountpoint = "/media/books";
# };
# archive = {
# zfs_type = "filesystem";
# mountpoint = "/archive";
# options.compression = "zstd";
# options."com.sun:auto-snapshot" = "true";
# };
# zfs_unmounted_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "none";
# };
# zfs_legacy_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "legacy";
# mountpoint = "/zfs_legacy_fs";
# };
# zfs_testvolume = {
# zfs_type = "volume";
# size = "10M";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/ext4onzfs";
# };
# };
# encrypted = {
# zfs_type = "filesystem";
# size = "20M";
# options = {
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
# };
# };
# "encrypted/test" = {
# zfs_type = "filesystem";
# size = "2M";
# mountpoint = "/zfs_crypted";
# };
};
};
};
}

23
docs/restore-calibre.md Normal file
View File

@ -0,0 +1,23 @@
# Restoring Calibre From Backup
The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
web/account information.
Place books directories in `/data/books/`.
Place `metadata.db` in `/var/lib/calibre-web-db/`.
Symlink `metadata.db` to the library:
```
sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
```
Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
Restart Calibre:
```
sudo systemctl restart calibre-web.service
```

43
docs/restore-nextcloud.md Normal file
View File

@ -0,0 +1,43 @@
# Restoring Nextcloud From Backup
Install the `litestream` package.
```
nix-shell --run fish -p litestream
```
Set the S3 credentials:
```
set -x AWS_ACCESS_KEY_ID (read)
set -x AWS_SECRET_ACCESS_KEY (read)
```
Restore from S3:
```
litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
```
Install Nextcloud. Then copy DB:
```
sudo rm /data/nextcloud/data/nextcloud.db*
sudo mv nextcloud.db /data/nextcloud/data/
sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
sudo chmod 770 /data/nextcloud/data/nextcloud.db
```
Restart Nextcloud:
```
sudo systemctl restart phpfpm-nextcloud.service
```
Adjust Permissions and Directories:
```
sudo mkdir /data/nextcloud/data/noah/files
sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
```

24
flake.lock generated
View File

@ -94,11 +94,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1675471726,
"narHash": "sha256-526iHwidfdtZZ7aAU9od1/zbyfSFBEailBTet+Gvfqg=",
"lastModified": 1676854489,
"narHash": "sha256-hWmx3JFLNPGMtflyjgEn5GZydbLW3msjXvarS1NsBDM=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "813d55a3e3b3c0423eb5d1fcb4bf82197c9f7796",
"rev": "6a5cca0ea8dfab4718e1e43e243c80ba110c2364",
"type": "github"
},
"original": {
@ -176,11 +176,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1675935446,
"narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=",
"lastModified": 1678271387,
"narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2dce7f1a55e785a22d61668516df62899278c9e4",
"rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"type": "github"
},
"original": {
@ -301,11 +301,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1676973346,
"narHash": "sha256-rft8oGMocTAhUVqG3LW6I8K/Fo9ICGmNjRqaWTJwav0=",
"lastModified": 1676885936,
"narHash": "sha256-ZRKb6zBfTvdCOXI7nGC1L9UWSU5ay2ltxg+f5UIzBOU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d0d55259081f0b97c828f38559cad899d351cad1",
"rev": "b69883faca9542d135fa6bab7928ff1b233c167f",
"type": "github"
},
"original": {
@ -510,11 +510,11 @@
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {

13
flake.nix
View File

@ -152,7 +152,8 @@
darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
};
diskoConfigurations = { swan = import ./hosts/swan/disks.nix; };
# Disk formatting
diskoConfigurations = { root = import ./disks/root.nix; };
# Package servers into images with a generator
packages = forAllSystems (system: {
@ -178,7 +179,15 @@
});
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
let
pkgs = import nixpkgs {
inherit system;
overlays = overlays ++ [
(final: prev: {
disko-packaged = inputs.disko.packages.${system}.disko;
})
];
};
in import ./apps { inherit pkgs; });
devShells = forAllSystems (system:

2
hosts/flame/default.nix
View File

@ -29,7 +29,7 @@ nixpkgs.lib.nixosSystem {
# FQDNs for various services
networking.hostName = "flame";
bookServer = "books.masu.rs";
streamServer = "stream.masu.rs";
# streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
metricsServer = "metrics.masu.rs";

2
hosts/hydra/default.nix
View File

@ -25,7 +25,7 @@ nixpkgs.lib.nixosSystem {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";

1
hosts/lookingglass/default.nix
View File

@ -44,6 +44,7 @@ darwin.lib.darwinSystem {
lua.enable = true;
kubernetes.enable = true;
_1password.enable = true;
slack.enable = true;
}
];
}

35
hosts/swan/default.nix
View File

@ -10,7 +10,6 @@ nixpkgs.lib.nixosSystem {
specialArgs = { };
modules = [
./hardware-configuration.nix
./disks.nix
../../modules/common
../../modules/nixos
(removeAttrs globals [ "mail.server" ])
@ -19,18 +18,37 @@ nixpkgs.lib.nixosSystem {
disko.nixosModules.disko
{
server = true;
zfs.enable = true;
networking.hostName = "swan";
# head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
zfs.enable = true;
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
# // (import ../../disks/zfs.nix {
# pool = "tank";
# disks = [ "/dev/sda" "/dev/sdb" "/dev/sdc" ];
# });
};
boot.zfs.extraPools = [ "tank" ];
gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
nixpkgs.overlays = overlays;
wsl.enable = false;
neovim.enable = true;
caddy.enable = true;
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
bookServer = "books.masu.rs";
samba.enable = true;
networking.hostName = "swan";
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
};
# Disable passwords, only use SSH key
publicKey =
@ -39,15 +57,6 @@ nixpkgs.lib.nixosSystem {
# Clone dotfiles
dotfiles.enable = true;
neovim.enable = true;
# boot.zfs.enabled = true;
# boot.kernelPackages =
# config.boot.zfs.package.latestCompatibleLinuxPackages;
# boot.zfs.extraPools = [ "mypool" ];
# services.zfs.autoScrub.enable = true;
# services.zfs.autoScrub.interval = "daily";
# services.nfs.server.enable = true;
}

172
hosts/swan/disks.nix
View File

@ -1,172 +0,0 @@
{ ... }: {
disko.enableConfig = false;
disko.devices = {
disk = {
boot = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "table";
format = "gpt";
partitions = [
{
type = "partition";
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n boot" ];
};
}
{
type = "partition";
name = "root";
start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L nixos" ];
};
}
];
};
};
sda = {
type = "disk";
device = "/dev/sda";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}];
};
};
sdb = {
type = "disk";
device = "/dev/sdb";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}];
};
};
sdc = {
type = "disk";
device = "/dev/sdc";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = "tank";
};
}];
};
};
};
zpool = {
tank = {
type = "zpool";
mode = "raidz1";
rootFsOptions = {
compression = "on"; # lz4 by default
"com.sun:auto-snapshot" = "false";
ashift = "12";
};
# mountpoint = "/";
datasets = {
media = {
zfs_type = "filesystem";
mountpoint = "/media";
options."com.sun:auto-snapshot" = "false";
};
# "media/movies" = {
# zfs_type = "filesystem";
# mountpoint = "/media/movies";
# options.recordsize = "1M";
# };
# "media/tv" = {
# zfs_type = "filesystem";
# mountpoint = "/media/tv";
# options.recordsize = "1M";
# };
# "media/books" = {
# zfs_type = "filesystem";
# mountpoint = "/media/books";
# };
# archive = {
# zfs_type = "filesystem";
# mountpoint = "/archive";
# options.compression = "zstd";
# options."com.sun:auto-snapshot" = "true";
# };
# zfs_unmounted_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "none";
# };
# zfs_legacy_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "legacy";
# mountpoint = "/zfs_legacy_fs";
# };
# zfs_testvolume = {
# zfs_type = "volume";
# size = "10M";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/ext4onzfs";
# };
# };
# encrypted = {
# zfs_type = "filesystem";
# size = "20M";
# options = {
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
# };
# };
# "encrypted/test" = {
# zfs_type = "filesystem";
# size = "2M";
# mountpoint = "/zfs_crypted";
# };
};
};
};
};
}

18
hosts/swan/hardware-configuration.nix
View File

@ -12,15 +12,15 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "vfat";
};
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# fsType = "ext4";
# };
#
# fileSystems."/boot" = {
# device = "/dev/disk/by-label/boot";
# fsType = "vfat";
# };
swapDevices = [ ];

3
hosts/tempest/default.nix
View File

@ -29,7 +29,7 @@ nixpkgs.lib.nixosSystem {
};
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl.enable = false;
publicKey = null;
@ -49,6 +49,7 @@ nixpkgs.lib.nixosSystem {
# mullvad.enable = true;
nixlang.enable = true;
dotfiles.enable = true;
yt-dlp.enable = true;
gaming = {
enable = true;

2
modules/common/applications/1password.nix
View File

@ -11,7 +11,7 @@
config = lib.mkIf
(config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
unfreePackages = [ "1password" "_1password-gui" ];
unfreePackages = with pkgs; [ _1password _1password-gui ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};

4
modules/common/applications/default.nix
View File

@ -7,9 +7,11 @@
./firefox.nix
./kitty.nix
./media.nix
./nautilus.nix
./obsidian.nix
./qbittorrent.nix
./nautilus.nix
./slack.nix
./yt-dlp.nix
];
}

2
modules/common/applications/discord.nix
View File

@ -10,7 +10,7 @@
};
config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ];
unfreePackages = [ pkgs.discord ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = ''

6
modules/common/applications/firefox.nix
View File

@ -13,9 +13,9 @@
config = lib.mkIf (config.gui.enable && config.firefox.enable) {
unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin"
unfreePackages = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin
];
home-manager.users.${config.user} = {

14
modules/common/applications/media.nix
View File

@ -19,9 +19,17 @@
];
# Set default for opening PDFs
xdg.mimeApps.defaultApplications."application/pdf" =
[ "zathura.desktop" ];
xdg.mimeApps.defaultApplications."image/*" = [ "sxiv.desktop" ];
xdg.mimeApps = {
associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/*" = [ "sxiv.desktop" ];
};
associations.removed = { "application/pdf" = [ "mupdf.desktop" ]; };
defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/*" = [ "sxiv.desktop" ];
};
};
};

1
modules/common/applications/nautilus.nix
View File

@ -28,6 +28,7 @@
};
};
};
};
}

2
modules/common/applications/obsidian.nix
View File

@ -10,7 +10,7 @@
};
config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
unfreePackages = [ "obsidian" ];
unfreePackages = [ pkgs.obsidian ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ obsidian ];
};

19
modules/common/applications/slack.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }: {
options = {
slack = {
enable = lib.mkEnableOption {
description = "Enable Slack.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.slack.enable) {
unfreePackages = [ pkgs.slack ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ slack ];
};
};
}

35
modules/common/applications/yt-dlp.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }: {
options = {
yt-dlp = {
enable = lib.mkEnableOption {
description = "Enable YouTube downloader.";
default = false;
};
};
};
config = lib.mkIf (config.yt-dlp.enable) {
home-manager.users.${config.user} = {
programs.yt-dlp = {
enable = true;
extraConfig = "";
settings = {
no-continue = true; # Always re-download each fragment
no-overwrites = true; # Don't overwrite existing files
download-archive = "archive.log"; # Log of archives
embed-metadata = true;
embed-thumbnail = true;
embed-subs = true;
sub-langs = "en.*";
concurrent-fragments = 4; # Parallel download chunks
};
};
programs.fish.shellAbbrs.yt = "yt-dlp";
};
};
}

34
modules/common/default.nix
View File

@ -68,7 +68,7 @@
description = "Link to dotfiles repository.";
};
unfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
type = lib.types.listOf lib.types.package;
description = "List of unfree packages to allow.";
default = [ ];
};
@ -77,11 +77,29 @@
config = let stateVersion = "23.05";
in {
# Enable features in Nix commands
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
nix = {
# Enable features in Nix commands
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
settings = {
# Add community Cachix to binary cache
substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
[ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
auto-optimise-store = true;
};
};
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
@ -95,8 +113,10 @@
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
# Idea: https://discourse.nixos.org/t/how-to-use-packages-directly-in-allowunfreepredicate/22455/6
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.unfreePackages;
builtins.elem (pkg.name or (builtins.parseDrvName pkg.pname).name)
(map lib.getName config.unfreePackages);
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;

2
modules/common/mail/default.nix
View File

@ -67,7 +67,7 @@
notmuch.enable = false;
passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
builtins.toString ../../private/mailpass.age
builtins.toString ../../../private/mailpass.age
}";
smtp = {
host = "smtp.purelymail.com";

9
modules/common/neovim/config/align.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }: {
plugins = [ pkgs.vimPlugins.tabular ];
lua = ''
-- Align
vim.keymap.set("", "<Leader>ta", ":Tabularize /")
vim.keymap.set("", "<Leader>t#", ":Tabularize /#<CR>")
vim.keymap.set("", "<Leader>tl", ":Tabularize /---<CR>")
'';
}

8
modules/common/neovim/default.nix
View File

@ -34,6 +34,14 @@ in {
programs.kitty.settings.scrollback_pager = lib.mkForce ''
${neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
name = "Neovim wrapper";
exec = "kitty nvim %F";
};
xdg.mimeApps = lib.mkIf pkgs.stdenv.isLinux {
defaultApplications."text/markdown" = [ "nvim.desktop" ];
};
};
# # Used for icons in Vim

1
modules/common/neovim/package/default.nix
View File

@ -31,6 +31,7 @@
pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
imports = [
../config/align.nix
../config/bufferline.nix
../config/completion.nix
../config/gitsigns.nix

6
modules/common/shell/direnv.nix
View File

@ -6,4 +6,10 @@
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
};
# Prevent garbage collection
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
}

8
modules/common/shell/fish/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, pkgs, lib, ... }: {
users.users.${config.user}.shell = pkgs.fish;
programs.fish.enable =
@ -11,7 +11,10 @@
programs.fish = {
enable = true;
shellAliases = { ls = "exa"; };
shellAliases = {
ls = "exa";
trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
};
functions = {
commandline-git-commits = {
description = "Insert commit into commandline";
@ -90,6 +93,7 @@
sc = "systemctl";
scs = "systemctl status";
m = "make";
t = "trash";
# Vim (overwritten by Neovim)
v = "vim";

14
modules/common/shell/utilities.nix
View File

@ -17,20 +17,6 @@ in {
home-manager.users.${config.user} = {
# Fix: age won't build
nixpkgs.overlays = [
(_final: prev: {
age = prev.age.overrideAttrs (_old: {
src = prev.fetchFromGitHub {
owner = "FiloSottile";
repo = "age";
rev = "7354aa0d08a06eac42c635670a55f858bd23c943";
sha256 = "H80mNTgZmExDMgubONIXP7jmLBvNMVqXee6NiZJhPFY=";
};
});
})
];
home.packages = with pkgs; [
unzip # Extract zips
rsync # Copy folders

1
modules/darwin/hammerspoon.nix
View File

@ -16,6 +16,7 @@
firefox = "${pkgs.firefox-bin}/Applications/Firefox.app";
discord = "${pkgs.discord}/Applications/Discord.app";
kitty = "${pkgs.kitty}/Applications/kitty.app";
slack = "${pkgs.slack}/Applications/Slack.app";
};
xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
./hammerspoon/Spoons/MoveWindow.spoon;

21
modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications.applescript Normal file
View File

@ -0,0 +1,21 @@
# Credit: https://github.com/Ptujec/LaunchBar/blob/f7b5a0dba9919c2fec879513f68a044f78748539/Notifications/Dismiss%20all%20notifications.lbaction/Contents/Scripts/default.applescript
tell application "System Events"
try
set _groups to groups of UI element 1 of scroll area 1 of group 1 of window "Notification Center" of application process "NotificationCenter"
repeat with _group in _groups
set _actions to actions of _group
repeat with _action in _actions
if description of _action is in {"Schlie§en", "Alle entfernen", "Close", "Clear All"} then
perform _action
end if
end repeat
end repeat
end try
end tell

2
modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/init.lua
View File

@ -10,7 +10,7 @@ obj.license = "MIT - https://opensource.org/licenses/MIT"
function obj:init()
hs.hotkey.bind({ "cmd", "alt", "ctrl" }, "k", function()
hs.osascript.javascriptFromFile("Spoons/DismissAlerts.spoon/close_notifications_applescript.js")
hs.osascript.applescriptFromFile("Spoons/DismissAlerts.spoon/close_notifications.applescript")
end)
end

51
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -8,44 +8,44 @@ obj.name = "Launcher"
obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT"
function DrawSwitcher()
-- Drawing
local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500
local canv = hs.canvas.new({
x = width / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
canv[#canv + 1] = {
action = "build",
type = "rectangle",
}
canv[#canv + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
return canv:show()
end
local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500
obj.canvas = hs.canvas.new({
x = width / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
function obj:init()
-- Begin launcher mode
if self.launcher == nil then
self.launcher = hs.hotkey.modal.new("ctrl", "space")
print(self.canvas)
print(obj.canvas)
end
-- Behaviors on enter
function self.launcher:entered()
-- hs.alert("Entered mode")
self.canv = DrawSwitcher()
obj.canvas:show()
end
-- Behaviors on exit
function self.launcher:exited()
-- hs.alert("Exited mode")
self.canv:hide()
obj.canvas:hide()
end
-- Use escape to exit launcher mode
@ -54,7 +54,8 @@ function obj:init()
end)
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function()
self:switch("@kitty@")
end)
@ -92,7 +93,7 @@ function obj:init()
hs.reload()
end)
self.launcher:bind("", "S", function()
self:switch("Slack.app")
self:switch("@slack@")
end)
self.launcher:bind("", "Z", function()
self:switch("zoom.us.app")

6
modules/darwin/homebrew.nix
View File

@ -45,12 +45,6 @@
];
};
home-manager.users.${config.user} = {
programs.fish.shellAbbrs.t = "trash";
};
};
}

2
modules/darwin/system.nix
View File

@ -166,7 +166,7 @@
echo "Choose and order dock icons"
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item ${pkgs.slack}/Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \

2
modules/nixos/gaming/minecraft-server.nix
View File

@ -14,7 +14,7 @@ in {
config = lib.mkIf config.gaming.minecraft-server.enable {
unfreePackages = [ "minecraft-server" ];
unfreePackages = [ pkgs.minecraft-server ];
services.minecraft-server = {
enable = true;

11
modules/nixos/gaming/steam.nix
View File

@ -4,16 +4,21 @@
config = lib.mkIf (config.gaming.steam.enable && pkgs.stdenv.isLinux) {
hardware.steam-hardware.enable = true;
unfreePackages = [ "steam" "steam-original" "steamcmd" "steam-run" ];
environment.systemPackages = with pkgs; [
unfreePackages = with pkgs; [ steam steamcmd steam-run ];
steam
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
};
environment.systemPackages = with pkgs; [
# Enable terminal interaction
steamPackages.steamcmd
steam-tui
];
};
}

3
modules/nixos/hardware/boot.nix
View File

@ -13,6 +13,9 @@
# Attempt to display GRUB on widescreen monitor
gfxmodeEfi = "1920x1080";
# Limit the total number of configurations to rollback
configurationLimit = 25;
# Install GRUB onto the boot disk
# device = config.fileSystems."/boot".device;

1
modules/nixos/hardware/default.nix
View File

@ -3,6 +3,7 @@
imports = [
./audio.nix
./boot.nix
./disk.nix
./keyboard.nix
./monitors.nix
./mouse.nix

7
modules/nixos/hardware/disk.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, lib, ... }: {
# Enable fstrim, which tracks free space on SSDs for garbage collection
# More info: https://www.reddit.com/r/NixOS/comments/rbzhb1/if_you_have_a_ssd_dont_forget_to_enable_fstrim/
services.fstrim.enable = true;
}

6
modules/nixos/hardware/networking.nix
View File

@ -9,6 +9,12 @@
networking.interfaces.enp5s0.useDHCP = true;
networking.interfaces.wlp4s0.useDHCP = true;
networking.firewall.allowPing = lib.mkIf config.server true;
networking.hosts = {
"192.168.0.120" = [ "tempest" ];
"192.168.0.218" = [ "swan" ];
};
};
}

3
modules/nixos/services/backups.nix
View File

@ -27,7 +27,7 @@
users.groups.backup = { };
secrets.backup = {
source = ../../private/backup.age;
source = ../../../private/backup.age;
dest = "${config.secretsDirectory}/backup";
group = "backup";
permissions = "0440";
@ -38,6 +38,7 @@
services.litestream = {
enable = true;
environmentFile = config.secrets.backup.dest;
settings = { };
};
# Wait for secret to exist

48
modules/nixos/services/calibre.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, lib, ... }:
let
libraryPath = "/data/books";
in {
options = {
bookServer = lib.mkOption {
@ -6,6 +12,11 @@
description = "Hostname for Calibre library";
default = null;
};
backups.calibre = lib.mkOption {
type = lib.types.bool;
description = "Whether to backup Calibre library";
default = true;
};
};
config = lib.mkIf (config.bookServer != null) {
@ -17,6 +28,7 @@
reverseProxyAuth.enable = false;
enableBookConversion = true;
enableBookUploading = true;
calibreLibrary = libraryPath;
};
};
@ -30,7 +42,7 @@
}];
# Run a backup on a schedule
systemd.timers.calibre-backup = {
systemd.timers.calibre-backup = lib.mkIf config.backups.calibre {
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "calibre-backup.service";
@ -39,24 +51,22 @@
};
# Backup Calibre data to object storage
systemd.services.calibre-backup =
let libraryPath = "/var/lib/calibre-web"; # Default location
in {
description = "Backup Calibre data";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "calibre-web";
Group = "backup";
EnvironmentFile = config.secrets.backup.dest;
};
script = ''
${pkgs.awscli2}/bin/aws s3 sync \
${libraryPath}/ \
s3://${config.backup.s3.bucket}/calibre/ \
--endpoint-url=https://${config.backup.s3.endpoint}
'';
systemd.services.calibre-backup = lib.mkIf config.backups.calibre {
description = "Backup Calibre data";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
serviceConfig = {
Type = "oneshot";
User = "calibre-web";
Group = "backup";
EnvironmentFile = config.secrets.backup.dest;
};
script = ''
${pkgs.awscli2}/bin/aws s3 sync \
${libraryPath}/ \
s3://${config.backup.s3.bucket}/calibre/ \
--endpoint-url=https://${config.backup.s3.endpoint}
'';
};
};

1
modules/nixos/services/default.nix
View File

@ -15,6 +15,7 @@
./netdata.nix
./nextcloud.nix
./prometheus.nix
./samba.nix
./secrets.nix
./sshd.nix
./transmission.nix

3
modules/nixos/services/jellyfin.nix
View File

@ -20,6 +20,9 @@
}];
}];
# Grant user access to Jellyfin directories
users.users.${config.user}.extraGroups = [ "jellyfin" ];
# Create videos directory, allow anyone in Jellyfin group to manage it
systemd.tmpfiles.rules = [
"d /var/lib/jellyfin 0775 jellyfin jellyfin"

6
modules/nixos/services/nextcloud.nix
View File

@ -15,6 +15,7 @@
services.nextcloud = {
enable = true;
package = pkgs.nextcloud25; # Required to specify
datadir = "/data/nextcloud";
https = true;
hostName = "localhost";
maxUploadSize = "50G";
@ -41,7 +42,7 @@
# Create credentials file for nextcloud
secrets.nextcloud = {
source = ../../private/nextcloud.age;
source = ../../../private/nextcloud.age;
dest = "${config.secretsDirectory}/nextcloud";
owner = "nextcloud";
group = "nextcloud";
@ -52,6 +53,9 @@
before = [ "nextcloud-setup.service" ];
};
# Grant user access to Nextcloud directories
users.users.${config.user}.extraGroups = [ "nextcloud" ];
## Backup config
# Open to groups, allowing for backups

38
modules/nixos/services/samba.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }: {
options = { samba.enable = lib.mkEnableOption "Enable Samba sharing."; };
config = {
services.samba = lib.mkIf (config.samba.enable) {
enable = true;
openFirewall = true;
shares.data = {
path = "/data";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"force user" = config.user;
"force group" = config.user;
comment = "NAS";
};
};
# Allows Windows clients to discover server
services.samba-wsdd.enable = true;
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
# Allow client browsing Samba and virtual filesystem shares
services.gvfs =
lib.mkIf (config.gui.enable && config.nautilus.enable) { enable = true; };
# # Permissions required to mount Samba with GVFS, if not using desktop environment
# environment.systemPackages = lib.mkIf (config.gui.enable
# && config.nautilus.enable
# && config.services.xserver.windowManager.i3.enable)
# [ pkgs.lxqt.lxqt-policykit ];
};
}

5
modules/nixos/system/user.nix
View File

@ -32,6 +32,11 @@
};
home-manager.users.${config.user}.xdg = {
# Allow Nix to manage the default applications list
mimeApps.enable = true;
# Set directories for application defaults
userDirs = {
enable = true;
createDirectories = true;

0
private/password.sha512 → password.sha512
View File

19
private/backup.age
View File

@ -1,10 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmVEo2
bExsZERhYi9vVXMxVThRK2w3dFR4UlZVcGlsWUFPM3pReTQwaW5ZCjQ5Z3g3amZC
bWUwWkdKTStVbFpwMmdwK3pQQU5CeE5tMVNHbXI1UkdCTFUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIE9sTG1lOHIyVGdLNWtJRTZtdGNWWEFsTTJ5bE1HS1V2MEdKeGNN
WFMyV28KVlRHdDg5SGFadVlJempKWkp6eEp6TkhINnl0R0xDL0J0WXByclpFWE5I
VQotLS0gVVhaUDZLTy8xS3hKOVliSlpuTEY2Q2xOQUEvblBtUG9Vb0I5ZE1oOUZ1
VQr18Jwx6XDa7bwq0QWT6NdIFzqNUHWhDyUvS9twncFsr0yEAUDQd2XLtE+Vc8T9
Z7y/C8Ct5+duqd6YaeqROJz5zVj0NnI0lshirBl89PQWF9ihp4V4Hw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBkOVNs
NklGeTFxTTQzQ2t5WVUvVzREVnk3WjB0ZnUwdGo5Wk5Zc2RVeVJJCnBFbHcvUzdi
SG5xeTg2dU9oRUtiYXk3cERJOC9zbitrZ1hxZ0RJWDVYNmcKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIElNNkFMYkRoYXpPV1RtWEhrdUJCbXczd05tTG5QNi8wVktYQmZn
eTlWbTgKUVVrb21mTTNzZ1d6cE0yU2l4SVhqbkNyUEpLSHJyUEMyS1pLNGloTlpK
cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgRU5LM2FKNEZ3Y1dDOW02VFU4bnNuZHpE
QzBLMlBhVnY3aGIrZDNhOUNWcwpSMHNsYTRlNFc5V0NsQ1h2VGFqUHNBVkxTVXdz
dGx6bWFwR1FFU2JNdmlBCi0tLSB6b3dpRmFURm0veFRFRitpbmZoOWJFcU8rbHJk
OXVIbGpUSWNFdWZmczVNCrodWjz8yVOdHHcVH9s2gOJfDrZFCP7L14RdGs9UW/Iw
JaJr5YblUiqTfKJiCN8dnCve3oCUlIY6K+yrBh5GaNbiwOgCzzZO5BGXEqoUSnux
ltmV1UI4
-----END AGE ENCRYPTED FILE-----

18
private/mailpass.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBIRnEy
am1HTXptMmpSTjZQa2hQSUxNUU1rdXlod3U3bVZ0VGxQVlE2WldBClg0K3k5MDZH
NFlPdHI0VnZSZE9DTTNMeDdldUpFQ3V0V0k0RnRIZHFhdzAKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlxZFpqNU5kNVY2VUk0Um0zZ1d1M2FlRkYvV1BoTEFSNjZ2Vk9I
QTVHM0UKY2gvVU9wckVUNEFwdUwyVFJZUGwxOFFKYm12cUlFTEVrb3IvcXI3TnND
UQotLS0gMHdaajFjV2ozd0g5dWN5YkhiU2NBVWZVSU00aVIzY0VKYjJleVlQTUdX
QQo7rH6kOTRFP43U/qiBOCHx+hBGlaODFRS1CgzkuqfMOq8PM28RsIN+l3sbwjxE
W8chE/A0EChjIDtfYTMgsN3cYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBsb0pX
R2RJRlJkbWF2a3BJN25ZY3ZwWTNRNDFhbWFkRE5TdkxDNUMrUms4CjI4TVN4Rk5U
a0xMRHVQSEJUcVJTQ2ZLd0c0c0MxM2thMFpyeXZ1NGM2NFEKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFFnN1VkSzVXVzg4UGFWakxweWRmSldWbDBOMW9xYWJQek1Ielk0
YXVrVFUKSzhUNVd3SGU4MkVZUXdLWXpFL3JCUWxOSitHOEJzQ0pXN0FKSXZ6RUFm
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgVG5jYmFCTkFmekJMdFBUVWJscmN5dUxp
RngzZEFEZUJINDBwUFBIUitpWQo3aWlLRDdoUklhbDlNeFJjeXFkTnJFcDJiV1Vv
ajBQQzFlaTFwWVFDSjljCi0tLSBWS3pzSWo4SXpIallxc0JQWk9LSWFDekxtOGRp
eGhYSEdqL1RmRnhtemMwCmQ5wc817Rk+Rs8RHXMe2Gm1mKbFOFMVrWFW5gLm9UHE
T05kZ7OBh34D9B7jmFokYM4uQBXBrydcb51TGVLXXgnN
-----END AGE ENCRYPTED FILE-----

18
private/nextcloud.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBudkxn
ZzU1YVViYUZBWVVTYm1SeHpvanQ5M0YwVGo2YldlN2RwY0tscWpBCjd0ZmtLZ2th
dEMrQk5QV0EzT0RpVkg5bGo1cHdTNzVYVkZpVzE4aHR0azgKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlqaEI2QUNnMjR1T0FENXJIMEJWOUFJUXZ4SlJxbUFnQktWUW9w
UFlmUUkKL1RwaWxoNFM4SkpadWtyN3JnWHdjVTYrQmo0dU9JUnp0MjN5enVsUm9o
ZwotLS0gWUd2eTR2VGkyeTZ5cHNuanMrSlZKVmc4T1ZORExmUnhDSjN0NEJkNjkz
cwriuyYCgvJe7TRi3n/JwxIRKMsoh7+xj4B5Fdxuj3BOtKVi1geSjlDHVklRwu9Y
IMCTLqQtj08JnuLfDezRGHAYCM8=
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBsWmI2
UisyZ01rS3k4R0tJMThNdEZUOXZNVnV5RGNtVTR3V25wb2UwUDE0CnlGc0xySy8x
L2k2b1VRc1M0R1p5MkVTUWxHWkU2ZEtTSDFXK211V0ZHQTQKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIExWdlE1M1ZldnpPYWVta3ovdmdEU3VtZU0xWWFldnp3L3hicnFY
Y0dxQjQKdEFHa09Sd2IwUDRwM2dMK1paTFNESUJVRk1NNUFScXJGK1J5MkdtUGZv
YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgVnRhWmtLTnpDSGhRODcvcUY1K2VySlJK
Rlk4WW1kQlVFd2Y4bWRLdGJWOAp1S1ZVclRrMUhicy9xQ1NTZ21tazEraDFaU2tD
eldWVVR1S1BTRDJ4ZjVrCi0tLSAwdXF6Nmt4RHBFVnVzZ08yeFBLbWF3dUx1M1hq
bVRzYmZiZk1Sb1ZOZUZRCpm4DLNa9DuoFQxQux3Q90PP6G30Z2b0j85cZqyr7anw
fg3687eKqMNwl4qdGYeE63oeUHrxfYISKB41zRDHmc7H2w==
-----END AGE ENCRYPTED FILE-----

19
private/transmission.json.age
View File

@ -1,10 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBSYUU2
OWp1ZDRLVTJrR1k3SVdXZnRPN3RUNDY5RFM2WEZaTzRmdU1zSWdrCjV1VHpNMG81
VHA4LzdsN3FpOUNoTGNlWmlHS3E4dTVvWTVoZHJMSlNYTHMKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDVjM1JmclgxQThKcU1XQWptWmN0MjlKU1NvMEpwMnYyd3Y4czBT
RTVkQ0UKc0pOYkRxZldsWnloQnBYMWk1eFU0M3R5SkZVTUYyaldIcENONE1PWVJv
NAotLS0gclZDQndaREZpZ2Z0R0d0alBPeW1tZFVOVHhSaHNlQTRXdTRoZmFDUFFK
SQqueOUzTFuhSryWW4Do+NAUcq2YdOtN8gmP5Zcp1oMe/9+JIs6Upjsc3eWn+dSA
7QwbGlTyd6D0+PLJxHA18Xfgpj5owGeTDtwykFPgdO1BjE8C3KlgzUfN
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1TWhO
N1k5bFFvODkwdzRGcGtFL2YzRkJDUjVSbUVFeXBOTExpK29uU2drCjN2cS9GZjJW
RGxrMlQzK3ZGVWU4L2M0M1d4cXJrOTNrcDhsdWUyRGt5N1EKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RICtoM2V3UjZ1cnVFN09pZ1Y0azYraENoWlN2ajRUeHRLZVlVd0Yw
T29BRW8Kb2ltQlpJZ1JUTkd6Wk14ZkFIdDliQ1JOMHMvVzhwaGkyMkl6ajFrYVNv
MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgNThPSW91di91SWxtbTRpQVJwek94VGJV
UERvS2tITHF0SXVlVFEyLzJTMApuYjdsWndDd01mUk5LbXJWTkd6UEt3eFkvMk40
VDBpZmk0bUkxNTBWMzlrCi0tLSBiVFpxcjd4ZkZ6YittMDBBT25rOFlrcEpTdXg1
d2Y5TkdwZ25sRFN0ZjVzCj8h/4aeASCnUoK7Sc6LsY9ur3krKlF+3GMMvlLiRqsi
COBx+YbkwR0EfrxhLZ6DLHhM/t2jnWAMMzDK2a4volvQkdORLiRo3sfjR5kSy5N5
Ml3lFlXKxYQ=
-----END AGE ENCRYPTED FILE-----

20
private/vaultwarden.age
View File

@ -1,11 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqNm0x
YVc0bXp6eldNdkp1QWk2cEI0WFBhVVd3cHhDODNwMS9UUTBPN25JCmxXZnRIcFZr
SFJrQnI3R1BTUk1BcVl3RjlUaXMzSXpqaGdTMi9reno1eHcKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlKWCtsWGtWdTI4L0ZFTVRHNFN5by9vTE95MXFoMVZGYlYrM1I2
alREaE0Kd251SGRDdE96VmZqblhEWXFkZDhvRUZsZ1pnZ3NqdEdJSlBvaXhoOHVB
WQotLS0gaGJNRm14SkdXcTFmYlJUell1WUZUeEllT3ZwMkNaejF3eWJ5U1ZSdno1
MAqQIT8vvUro+C+avm6lCPfrX9yigKzx/gtKfMB//1Ie7BUo1+o5iYoA+R0luMU8
/zVX1yGAzDPqas/HfYclIPg3bdjm2dnpz0ltOrOvjA4x3nEzzrmS96zo3Fy1d8oX
oAMw2l/p2QDHI60cyhvC
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBLemo1
TXRJdkYxR1RBcFdrVEthRUI1UEtWbm5LUlRKYVpOTUIyZjY2YlhJCmkzbEdmZFFN
MzBFQkN3ME9FcjdCOTN4T3ZlcWg1NEIydjZQQm93VURvcVEKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDNjMXpObEhuTWg5bitFL2VjUGtTcjhIMDYzeVFpQ0tpUnRRV3pJ
SGRwRzgKRkpzdzJsZ3N4dnhSaGplN0ZjQ1dpY0xOZHZyU0NON1NEbDc5MmtMKzhL
ZwotPiBzc2gtZWQyNTUxOSBuanZYNUEgaEFrMTZYNndKVWg0OTFtOVJyVTFPbjJJ
RHJwU0JsclUrSms5ckMyZTdoYwpmV3dlZFY4MEFYSEhoQnpic0NEd2xxOENIRTBt
MWs4RVNFUnIyTnNWUDRNCi0tLSAvT2ZPektwL2djUlNQdy9tek9hL3JmekJOc28z
NzU3cDR6TUxod0I5ODdZCnxOYrlDTdi8Y+m5PRxAYgS3u2cC1YlfXi5TZo1LIEjv
UxWwPwn8JAF9CYB1o8e6p/w+yMcUfr+2UHWo0GqLqye8VCGy7Vzk2S3tOCZJv+k9
+kQtMva6CND8gBZIIJ3aXoYshT4sLWfx+BAkxPQ=
-----END AGE ENCRYPTED FILE-----

18
private/wireguard.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBOOXNm
VG5EMHhEU2JLbkYyY1VXdXZJd2VxSEVXUjZaaURnU254QUVzUENzCnhnV21oRFNY
NGpMeXlqdDlYRmltN1cxTlJ3eWFTVElpK0ZBalA3QVFoL2MKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDk3TVhDVVBjQU5XNjVTbkxKdUNEU25uZXREeEpHcTF4STg4VXR1
V2xzRTQKZTBXZUQrbjIwTDEwOEc3MktpQzBjTzhjS3lTNTJ0TEMyMVBOODQ0N0lt
OAotLS0gODA2L2FpSmxiWDAyM1IvM2Q4U2QrNmRkVjl1bFhURW5sNCtWZ2tiMnZU
YwoC0chavNt+a/AImm/7bNheZIPghrobp9g+ga+UpRWBtM2snpkyFZrBR0qAkw/f
3krp5Rrco7IOlEwWx96UzvAUpKlC7CdVI1MFa76ZUg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqamNI
eGQ3Ty9td3owQWNyOXMrM1ZTQ1dSOVc0dEZ6UlplY0ZDQlV4MG1NCmQ1eUpTdURs
YkhsNnF5djkwdWRlcms4SFEyaTdFUFZ2WFpTaVRPRy8zam8KLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIHBTWEkyekhRQ1RqWnVpM2FQVGVqQzZyVFpuL0liZU9UUHl4dVpr
dno5UjgKbFZxL0xXTWZwYU0wWjNhYm9NZzVCRWhER2N6eWUySjV4N0c3Z3V4S2o2
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgeDNtdjZvQkVGZXZsUFhkd3ZnWkNYaTdr
ZlFuR2RrNTVZNWh4WUY2cTh6OApEYTBwcGlvQ0xVazIzUjBBT2VuWGczRkRyM0d2
YmdoMVRPMFh5NVBwb3RFCi0tLSBjaXVreU1LYjNvOVVZeTlTRldyWE02Rzc1V2xN
N082QUtDNXM2bEpRMlpjCp6Qtp6EN1L1V/mLp48M6uymwPmGjR1pAloYXDhXSiab
uz9LLBvB8qVp15/724DTLg6Mi72LVYiHZ+zQ3IB8kv7gjhMMryfFJSPErZfY
-----END AGE ENCRYPTED FILE-----

5
public-keys
View File

@ -1,4 +1,5 @@
# Scan hosts: ssh-keyscan -t ed25519 <hostnames>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s noah
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI oracle.masu.rs
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan