noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-07-06 19:00:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:legacy
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy
..
compare: noah:unfree-predicate-by-pkgs
Branches Tags
noah:master noah:platform noah:home-manager-fix noah:immich-proxy noah:microcode noah:nixd noah:eblume-mole noah:language-checks noah:keyd-2.4.3 noah:sway noah:nixosmodules noah:unfree-predicate-by-pkgs noah:darwin-ssl
noah:pre-platform noah:begin-nixos noah:begin-nix noah:neovim-lua noah:pre-nix noah:legacy

72 Commits
legacy ... unfree-pre

Author SHA1 Message Date
Noah Masur
8ab86428ec attempt to use pkgs for unfree predicate 
still not working
 2023-03-10 21:22:07 -05:00
Noah Masur
d4fa322fb1 fix: neovim xdg mimeapps don't work in macos 2023-03-09 10:45:11 -05:00
Noah Masur
3d73f8cab4 switch to nixpkgs slack instead of homebrew 2023-03-09 10:45:00 -05:00
Noah Masur
0df8af607d associate media applications as defaults 2023-03-08 22:58:49 -05:00
Noah Masur
61d9b103b0 set local network hosts file 2023-03-08 22:57:48 -05:00
Noah Masur
71d0d3ca14 move yt-dlp to separate file 2023-03-08 22:57:30 -05:00
Noah Masur
d5b0405b99 fix: default nvim desktop mime-apps 2023-03-08 22:55:34 -05:00
Noah Masur
3cad3d2fb0 bring back tabularize to neovim config 2023-03-08 18:14:52 -05:00
Noah Masur
2acd9b3478 add yt-dlp to media packages 2023-03-08 18:14:30 -05:00
Noah Masur
bf4be11718 don't garbage collect direnv flakes 2023-03-08 17:43:30 -05:00
Noah Masur
4d38d1094f limit number of configurations 
not really a big problem, but worth adding just in case
 2023-03-08 17:42:25 -05:00
Noah Masur
183babd2f0 disable community cachix on macos 
ssl at work prevents connection
 2023-03-08 10:30:47 -05:00
Noah Masur
12682a57e1 macos: don't recreate canvas on app switcher 2023-03-08 10:30:25 -05:00
Noah Masur
31170a616f client samba cleanup 2023-03-05 23:47:52 -05:00
Noah Masur
4502c5ff62 enhancements for samba server 2023-03-06 04:46:12 +00:00
Noah Masur
59bd3590a4 turn on fstrim for ssds 2023-03-05 23:07:03 -05:00
Noah Masur
ebacff7250 remove unnecessary trash in darwin 2023-03-05 23:04:28 -05:00
Noah Masur
763f0bbdda enable trash on linux 2023-03-05 23:04:06 -05:00
Noah Masur
18505d4cbb enable steam remote play 2023-03-05 23:03:34 -05:00
Noah Masur
a7c04b59ed use entire data dir for samba 2023-03-05 20:44:55 +00:00
Noah Masur
d46e6dad6b open firewall for samba connection 2023-03-05 19:59:58 +00:00
Noah Masur
5e4642b92e fix: mail pass file set incorrectly 2023-03-05 09:05:45 -05:00
Noah Masur
7ab78767d4 move calibre books to zfs directory 2023-03-04 01:04:02 +00:00
Noah Masur
366a7f6157 move nextcloud data directory 2023-03-03 20:54:27 +00:00
Noah Masur
fb47302f3b add cachix community binary cache 2023-03-03 09:39:42 -05:00
Noah Masur
cda3ee0a4c credit attribution to LaunchBar for applescript 2023-03-02 15:15:07 -05:00
Noah Masur
0ed11de174 move gvfs outside of common 
nixos-only option
 2023-03-02 14:49:20 -05:00
Noah Masur
ab6f80fc18 overlay for age no longer needed 2023-03-02 14:48:49 -05:00
Noah Masur
d1f21ec874 fix: dismiss notifications with hammerspoon in ventura 2023-03-02 14:47:51 -05:00
Noah Masur
cdcc90f85d docs: restore litestream nextcloud backups 2023-02-28 23:55:21 -05:00
Noah Masur
f5674134fc add nextcloud to swan 2023-03-01 04:54:48 +00:00
Noah Masur
d37cabfd9a fix: don't age encrypt password hash 2023-02-28 00:12:19 -05:00
Noah Masur
6e117769c6 fix: gvfs not in home-manager 2023-02-28 00:11:59 -05:00
Noah Masur
f648e92c28 samba initial setup 2023-02-28 05:05:04 +00:00
Noah Masur
43343b2824 add jellyfin to swan 2023-02-28 04:27:10 +00:00
Noah Masur
ab9136af2c enable backups without any specific 2023-02-28 02:02:45 +00:00
Noah Masur
a7fe90b236 add swan public key 2023-02-26 22:04:45 -05:00
Noah Masur
5557065c8b rearrange swan settings 2023-02-27 02:50:24 +00:00
Noah Masur
de1fae2baf setup but don't use generic zfs config 2023-02-27 01:49:46 +00:00
Noah Masur
2c310fd2f2 fix: disko doesn't have disks attribute 2023-02-26 20:28:10 -05:00
Noah Masur
aa4dc4a0c2 fix: disko root now takes one disk 2023-02-26 20:24:12 -05:00
Noah Masur
44821ea344 fix disko partition for single disk 2023-02-26 20:03:39 -05:00
Noah Masur
cb60542980 refactor apps and separate disko disks 
format-root app still not working
 2023-02-26 19:53:51 -05:00
Noah Masur
3fe6911e2d add separate root nix disko config 2023-02-26 10:55:36 -05:00
Noah Masur
afa62c5510 fix: diskoConfigurations using nixos module 2023-02-26 10:42:11 -05:00
Noah Masur
fea0396dce get neovim added to install-iso 2023-02-26 10:11:33 -05:00
Noah Masur
13014e6cc1 fix: fully enable zfs 2023-02-26 13:23:31 +00:00
Noah Masur
640e447006 replace sumneko_lua with lua_ls 
still the same program, but moved to new repository
 2023-02-25 13:21:50 -05:00
Noah Masur
595a02383e use multiple env variables to force git https 2023-02-25 11:45:40 -05:00
Noah Masur
3689f8ef52 try to force https in single command 2023-02-25 11:40:24 -05:00
Noah Masur
ab6a339c34 try to force https for dotfiles clone 
git seems to fail with ssh, at least to github
 2023-02-25 11:30:41 -05:00
Noah Masur
e6456d7f02 ssh settings for sshd 2023-02-25 11:25:20 -05:00
Noah Masur
fb74122458 fix hardware-configuration for swan 2023-02-25 11:23:26 -05:00
Noah Masur
d56a48cf65 add zfs module with options 2023-02-25 11:22:31 -05:00
Noah Masur
30fe7c2d18 disable disko enforcement 2023-02-25 10:53:45 -05:00
Noah Masur
08716d1c98 fix: label syntax 2023-02-25 10:37:28 -05:00
Noah Masur
60b68785a9 fix: types 2023-02-25 10:35:56 -05:00
Noah Masur
c360460d80 add filesystem labels to disko config 2023-02-25 10:32:54 -05:00
Noah Masur
b1b5e77f47 back to disko module once again 2023-02-25 10:22:24 -05:00
Noah Masur
67af160088 back to plain attrset for disko 2023-02-25 10:02:54 -05:00
Noah Masur
80d0451ff3 Revert "don't make disks.nix proper nixos module" 
This reverts commit 3dd7fa12b0.
 2023-02-25 09:57:58 -05:00
Noah Masur
0ba2492c61 don't import disks.nix as function 2023-02-25 09:57:06 -05:00
Noah Masur
3dd7fa12b0 don't make disks.nix proper nixos module 2023-02-25 09:55:57 -05:00
Noah Masur
741692e6f1 fix: typo in disko config 2023-02-25 09:49:40 -05:00
Noah Masur
7a547f99c0 add disko input and hardware module for swan 2023-02-25 09:45:49 -05:00
Noah Masur
18c9e1efc8 ssh settings for staff usb 2023-02-25 09:22:16 -05:00
Noah Masur
ac3d5e495c temp: start disk setup for swan 2023-02-23 00:13:16 -05:00
Noah Masur
252b3d5dac temp: broken sleep attempt 2023-02-22 23:46:24 -05:00
Noah Masur
6d0b0e3560 enable feral gamemode wrapper 2023-02-22 23:45:47 -05:00
Noah Masur
48d33a9ef5 update to kernel 6.2 2023-02-21 20:28:43 -05:00
Noah Masur
c08f08692b enable charm 2023-02-20 22:42:22 -05:00
Noah Masur
a8d1369c49 remove legacy scripts and configs 2023-02-20 22:34:16 -05:00
100 changed files with 863 additions and 1016 deletions
Expand all files Collapse all files

52
apps/default.nix
View File

@ -1,45 +1,19 @@
{ pkgs, ... }: rec {
default = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo ""
echo ""
'');
};
# Show quick helper
default = import ./help.nix { inherit pkgs; };
# Format and install from nothing
# Format primary disk
format-root = import ./format-root.nix { inherit pkgs; };
# Format and install from nothing (deprecated)
installer = import ./installer.nix { inherit pkgs; };
# Display the readme for this repository
readme = import ./readme.nix { inherit pkgs; };
# Rebuild
rebuild = {
type = "app";
program = builtins.toString (pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
else
nixos-rebuild switch --flake github:nmasur/dotfiles
fi
'');
};
rebuild = import ./rebuild.nix { inherit pkgs; };
# Load the SSH key for this machine
loadkey = import ./loadkey.nix { inherit pkgs; };
@ -54,17 +28,7 @@
netdata = import ./netdata-cloud.nix { inherit pkgs; };
# Run neovim as an app
neovim = {
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors =
import ../colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
})
}/bin/nvim";
};
neovim = import ./neovim.nix { inherit pkgs; };
nvim = neovim;
}

39
apps/format-root.nix Normal file
View File

@ -0,0 +1,39 @@
{ pkgs, ... }: {
# This script will partition and format drives; use at your own risk!
type = "app";
program = builtins.toString (pkgs.writeShellScript "format-root" ''
set -e
DISK=$1
if [ -z "''${DISK}" ]; then
${pkgs.gum}/bin/gum style --width 50 --margin "1 2" --padding "2 4" \
--foreground "#fb4934" \
"Missing required parameter." \
"Usage: format-root -- <disk>" \
"Flake example: nix run github:nmasur/dotfiles#format-root -- nvme0n1"
echo "(exiting)"
exit 1
fi
${pkgs.disko-packaged}/bin/disko \
--mode create \
--dry-run \
--flake "path:$(pwd)#root" \
--arg disk \""/dev/''${DISK}"\"
${pkgs.gum}/bin/gum confirm \
"This will ERASE ALL DATA on the disk /dev/''${DISK}. Are you sure you want to continue?" \
--default=false
${pkgs.disko-packaged}/bin/disko \
--mode create \
--flake "path:$(pwd)#root" \
--arg disk "/dev/''${DISK}"
'');
}

23
apps/help.nix Normal file
View File

@ -0,0 +1,23 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "default" ''
${pkgs.gum}/bin/gum style --margin "1 2" --padding "0 2" --foreground "15" --background "55" "Options"
${pkgs.gum}/bin/gum format --type=template -- ' {{ Italic "Run with" }} {{ Color "15" "69" " nix run github:nmasur/dotfiles#" }}{{ Color "15" "62" "someoption" }}{{ Color "15" "69" " " }}.'
echo ""
echo ""
${pkgs.gum}/bin/gum format --type=template -- \
' {{ Color "15" "57" " readme " }} {{ Italic "Documentation for this repository." }}' \
' {{ Color "15" "57" " rebuild " }} {{ Italic "Switch to this configuration." }}' \
' {{ Color "15" "57" " installer " }} {{ Italic "Format and install from nothing." }}' \
' {{ Color "15" "57" " neovim " }} {{ Italic "Test out the Neovim package." }}' \
' {{ Color "15" "57" " loadkey " }} {{ Italic "Load an ssh key for this machine using melt." }}' \
' {{ Color "15" "57" " encrypt-secret " }} {{ Italic "Encrypt a secret for all machines." }}' \
' {{ Color "15" "57" " reencrypt-secrets " }} {{ Italic "Reencrypt all secrets when new machine is added." }}' \
' {{ Color "15" "57" " netdata " }} {{ Italic "Connect a machine to Netdata cloud." }}'
echo ""
echo ""
'');
}

13
apps/neovim.nix Normal file
View File

@ -0,0 +1,13 @@
{ pkgs, ... }: {
type = "app";
program = "${
(import ../modules/common/neovim/package {
inherit pkgs;
colors =
import ../colorscheme/gruvbox/neovim-gruvbox.nix { inherit pkgs; };
})
}/bin/nvim";
}

15
apps/rebuild.nix Normal file
View File

@ -0,0 +1,15 @@
{ pkgs, ... }: {
type = "app";
program = builtins.toString (pkgs.writeShellScript "rebuild" ''
echo ${pkgs.system}
SYSTEM=${if pkgs.stdenv.isDarwin then "darwin" else "linux"}
if [ "$SYSTEM" == "darwin" ]; then
darwin-rebuild switch --flake github:nmasur/dotfiles#lookingglass
else
nixos-rebuild switch --flake github:nmasur/dotfiles
fi
'');
}

44
disks/root.nix Normal file
View File

@ -0,0 +1,44 @@
{ disk, ... }: {
disk = {
boot = {
type = "disk";
device = disk;
content = {
type = "table";
format = "gpt";
partitions = [
# Boot partition
{
type = "partition";
name = "ESP";
start = "0";
end = "512MiB";
fs-type = "fat32";
bootable = true;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [ "-n boot" ];
};
}
# Root partition ext4
{
type = "partition";
name = "root";
start = "512MiB";
end = "100%";
part-type = "primary";
bootable = true;
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
extraArgs = [ "-L nixos" ];
};
}
];
};
};
};
}

95
disks/zfs.nix Normal file
View File

@ -0,0 +1,95 @@
{ pool, disks, ... }: {
disk = lib.genAttrs disks (disk: {
"${disk}" = {
type = "disk";
device = "/dev/${disk}";
content = {
type = "table";
format = "gpt";
partitions = [{
type = "partition";
name = "zfs";
start = "128MiB";
end = "100%";
content = {
type = "zfs";
pool = pool;
};
}];
};
};
});
zpool = {
"${pool}" = {
type = "zpool";
mode = "raidz1";
rootFsOptions = {
compression = "on"; # lz4 by default
"com.sun:auto-snapshot" = "false";
ashift = "12";
};
# mountpoint = "/";
datasets = {
root = {
zfs_type = "filesystem";
mountpoint = null;
options."com.sun:auto-snapshot" = "false";
};
# "media/movies" = {
# zfs_type = "filesystem";
# mountpoint = "/media/movies";
# options.recordsize = "1M";
# };
# "media/tv" = {
# zfs_type = "filesystem";
# mountpoint = "/media/tv";
# options.recordsize = "1M";
# };
# "media/books" = {
# zfs_type = "filesystem";
# mountpoint = "/media/books";
# };
# archive = {
# zfs_type = "filesystem";
# mountpoint = "/archive";
# options.compression = "zstd";
# options."com.sun:auto-snapshot" = "true";
# };
# zfs_unmounted_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "none";
# };
# zfs_legacy_fs = {
# zfs_type = "filesystem";
# options.mountpoint = "legacy";
# mountpoint = "/zfs_legacy_fs";
# };
# zfs_testvolume = {
# zfs_type = "volume";
# size = "10M";
# content = {
# type = "filesystem";
# format = "ext4";
# mountpoint = "/ext4onzfs";
# };
# };
# encrypted = {
# zfs_type = "filesystem";
# size = "20M";
# options = {
# mountpoint = "none";
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
# };
# };
# "encrypted/test" = {
# zfs_type = "filesystem";
# size = "2M";
# mountpoint = "/zfs_crypted";
# };
};
};
};
}

23
docs/restore-calibre.md Normal file
View File

@ -0,0 +1,23 @@
# Restoring Calibre From Backup
The `metadata.db` holds the library and `app.db` and `gdrive.db` contain the
web/account information.
Place books directories in `/data/books/`.
Place `metadata.db` in `/var/lib/calibre-web-db/`.
Symlink `metadata.db` to the library:
```
sudo ln -s /var/lib/calibre-web-db/metadata.db /data/books/metadata.db
```
Place `app.db` and `gdrive.db` in `/var/lib/calibre-web/`.
Restart Calibre:
```
sudo systemctl restart calibre-web.service
```

43
docs/restore-nextcloud.md Normal file
View File

@ -0,0 +1,43 @@
# Restoring Nextcloud From Backup
Install the `litestream` package.
```
nix-shell --run fish -p litestream
```
Set the S3 credentials:
```
set -x AWS_ACCESS_KEY_ID (read)
set -x AWS_SECRET_ACCESS_KEY (read)
```
Restore from S3:
```
litestream restore -o nextcloud.db s3://noahmasur-backup.s3.us-west-002.backblazeb2.com/nextcloud
```
Install Nextcloud. Then copy DB:
```
sudo rm /data/nextcloud/data/nextcloud.db*
sudo mv nextcloud.db /data/nextcloud/data/
sudo chown nextcloud:nextcloud /data/nextcloud/data/nextcloud.db
sudo chmod 770 /data/nextcloud/data/nextcloud.db
```
Restart Nextcloud:
```
sudo systemctl restart phpfpm-nextcloud.service
```
Adjust Permissions and Directories:
```
sudo mkdir /data/nextcloud/data/noah/files
sudo chown nextcloud:nextcloud /data/nextcloud/data/noah/files
```

45
flake.lock generated
View File

@ -69,16 +69,36 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1677116397,
"narHash": "sha256-2OHwhv4k1SDEuNxhq+zluvrd5pbW8d4TP9NKW4B8iO8=",
"owner": "nix-community",
"repo": "disko",
"rev": "8fddb2fd721365fa77ff68b709539639d4dc65d7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"firefox-darwin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1675471726,
"narHash": "sha256-526iHwidfdtZZ7aAU9od1/zbyfSFBEailBTet+Gvfqg=",
"lastModified": 1676854489,
"narHash": "sha256-hWmx3JFLNPGMtflyjgEn5GZydbLW3msjXvarS1NsBDM=",
"owner": "bandithedoge",
"repo": "nixpkgs-firefox-darwin",
"rev": "813d55a3e3b3c0423eb5d1fcb4bf82197c9f7796",
"rev": "6a5cca0ea8dfab4718e1e43e243c80ba110c2364",
"type": "github"
},
"original": {
@ -156,11 +176,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1675935446,
"narHash": "sha256-WajulTn7QdwC7QuXRBavrANuIXE5z+08EdxdRw1qsNs=",
"lastModified": 1678271387,
"narHash": "sha256-H2dv/i1LRlunRtrESirELzfPWdlG/6ElDB1ksO529H4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2dce7f1a55e785a22d61668516df62899278c9e4",
"rev": "36999b8d19eb6eebb41983ef017d7e0095316af2",
"type": "github"
},
"original": {
@ -281,11 +301,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1676110339,
"narHash": "sha256-kOS/L8OOL2odpCOM11IevfHxcUeE0vnZUQ74EOiwXcs=",
"lastModified": 1676885936,
"narHash": "sha256-ZRKb6zBfTvdCOXI7nGC1L9UWSU5ay2ltxg+f5UIzBOU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e5530aba13caff5a4f41713f1265b754dc2abfd8",
"rev": "b69883faca9542d135fa6bab7928ff1b233c167f",
"type": "github"
},
"original": {
@ -396,6 +416,7 @@
"bufferline-nvim-src": "bufferline-nvim-src",
"cmp-nvim-lsp-src": "cmp-nvim-lsp-src",
"darwin": "darwin",
"disko": "disko",
"firefox-darwin": "firefox-darwin",
"home-manager": "home-manager",
"nil": "nil",
@ -489,11 +510,11 @@
},
"utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"lastModified": 1676283394,
"narHash": "sha256-XX2f9c3iySLCw54rJ/CZs+ZK6IQy7GXNY4nSOyu2QG4=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"rev": "3db36a8b464d0c4532ba1c7dda728f4576d6d073",
"type": "github"
},
"original": {

19
flake.nix
View File

@ -29,6 +29,12 @@
# Use official Firefox binary for macOS
firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin";
# Manage disk format and partitioning
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
# Wallpapers
wallpapers = {
url = "gitlab:exorcist365/wallpapers";
@ -146,6 +152,9 @@
darwinConfigurations.lookingglass.config.home-manager.users."Noah.Masur".home;
};
# Disk formatting
diskoConfigurations = { root = import ./disks/root.nix; };
# Package servers into images with a generator
packages = forAllSystems (system: {
@ -170,7 +179,15 @@
});
apps = forAllSystems (system:
let pkgs = import nixpkgs { inherit system overlays; };
let
pkgs = import nixpkgs {
inherit system;
overlays = overlays ++ [
(final: prev: {
disko-packaged = inputs.disko.packages.${system}.disko;
})
];
};
in import ./apps { inherit pkgs; });
devShells = forAllSystems (system:

32
generators/staff/default.nix
View File

@ -1,7 +1,7 @@
# The Staff
# ISO configuration for my USB drive
{ inputs, system, ... }:
{ inputs, system, overlays, ... }:
with inputs;
@ -9,9 +9,39 @@ nixos-generators.nixosGenerate {
inherit system;
format = "install-iso";
modules = [{
nixpkgs.overlays = overlays;
networking.hostName = "staff";
users.extraUsers.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s"
];
services.openssh = {
enable = true;
ports = [ 22 ];
allowSFTP = true;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
environment.systemPackages =
let pkgs = import inputs.nixpkgs { inherit system overlays; };
in with pkgs; [
git
vim
wget
curl
(import ../../modules/common/neovim/package {
inherit pkgs;
# colors = import ../../colorscheme/gruvbox.dark.neovimConfig {
# inherit pkgs;
# };
})
];
nix.extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
}];
}

2
hosts/flame/default.nix
View File

@ -29,7 +29,7 @@ nixpkgs.lib.nixosSystem {
# FQDNs for various services
networking.hostName = "flame";
bookServer = "books.masu.rs";
streamServer = "stream.masu.rs";
# streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
transmissionServer = "download.masu.rs";
metricsServer = "metrics.masu.rs";

2
hosts/hydra/default.nix
View File

@ -25,7 +25,7 @@ nixpkgs.lib.nixosSystem {
colors = (import ../../colorscheme/gruvbox).dark;
dark = true;
};
passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl = {
enable = true;
wslConf.automount.root = "/mnt";

4
hosts/lookingglass/default.nix
View File

@ -29,6 +29,7 @@ darwin.lib.darwinSystem {
nixpkgs.overlays = [ firefox-darwin.overlay ] ++ overlays;
# Set registry to flake packages, used for nix X commands
nix.registry.nixpkgs.flake = nixpkgs;
charm.enable = true;
neovim.enable = true;
mail.enable = true;
mail.aerc.enable = true;
@ -42,7 +43,8 @@ darwin.lib.darwinSystem {
python.enable = true;
lua.enable = true;
kubernetes.enable = true;
"1password".enable = true;
_1password.enable = true;
slack.enable = true;
}
];
}

40
hosts/swan/default.nix
View File

@ -15,15 +15,40 @@ nixpkgs.lib.nixosSystem {
(removeAttrs globals [ "mail.server" ])
wsl.nixosModules.wsl
home-manager.nixosModules.home-manager
disko.nixosModules.disko
{
server = true;
networking.hostName = "swan";
# head -c 8 /etc/machine-id
networking.hostId = "600279f4"; # Random ID required for ZFS
zfs.enable = true;
disko = {
enableConfig = true;
devices = (import ../../disks/root.nix { disk = "/dev/nvme0n1"; });
# // (import ../../disks/zfs.nix {
# pool = "tank";
# disks = [ "/dev/sda" "/dev/sdb" "/dev/sdc" ];
# });
};
boot.zfs.extraPools = [ "tank" ];
gui.enable = false;
theme = { colors = (import ../../colorscheme/gruvbox).dark; };
nixpkgs.overlays = overlays;
wsl.enable = false;
neovim.enable = true;
caddy.enable = true;
streamServer = "stream.masu.rs";
nextcloudServer = "cloud.masu.rs";
bookServer = "books.masu.rs";
samba.enable = true;
networking.hostName = "swan";
backup.s3 = {
endpoint = "s3.us-west-002.backblazeb2.com";
bucket = "noahmasur-backup";
accessKeyId = "0026b0e73b2e2c80000000005";
};
# Disable passwords, only use SSH key
publicKey =
@ -32,16 +57,7 @@ nixpkgs.lib.nixosSystem {
# Clone dotfiles
dotfiles.enable = true;
neovim.enable = true;
boot.zfs.enabled = true;
boot.kernelPackages =
config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.zfs.extraPools = [ "mypool" ];
services.zfs.autoScrub.enable = true;
services.zfs.autoScrub.interval = "daily";
services.nfs.server.enable = true;
# services.nfs.server.enable = true;
}
];

39
hosts/swan/hardware-configuration.nix Normal file
View File

@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# fsType = "ext4";
# };
#
# fileSystems."/boot" = {
# device = "/dev/disk/by-label/boot";
# fsType = "vfat";
# };
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
hosts/tempest/default.nix
View File

@ -29,10 +29,11 @@ nixpkgs.lib.nixosSystem {
};
wallpaper = "${wallpapers}/gruvbox/road.jpg";
gtk.theme.name = nixpkgs.lib.mkDefault "Adwaita-dark";
passwordHash = nixpkgs.lib.fileContents ../../private/password.sha512;
passwordHash = nixpkgs.lib.fileContents ../../password.sha512;
wsl.enable = false;
publicKey = null;
charm.enable = true;
neovim.enable = true;
media.enable = true;
firefox.enable = true;
@ -48,6 +49,7 @@ nixpkgs.lib.nixosSystem {
# mullvad.enable = true;
nixlang.enable = true;
dotfiles.enable = true;
yt-dlp.enable = true;
gaming = {
enable = true;

4
legacy/bin/biggest
View File

@ -1,4 +0,0 @@
#!/usr/local/bin/nu
ls | sort-by size | reverse | keep 10

3
legacy/bin/biggest-files
View File

@ -1,3 +0,0 @@
#!/usr/local/bin/nu
ls **/* | where type == File | sort-by size | reverse | keep 10

26
legacy/bin/docker_cleanup
View File

@ -1,26 +0,0 @@
#!/bin/sh
# Stop all containers
if [ "$(docker ps -a -q)" ]; then
echo "Stopping docker containers..."
docker stop "$(docker ps -a -q)"
else
echo "No running docker containers."
fi
# Remove all stopped containers
if [ "$(docker ps -a -q)" ]; then
echo "Removing docker containers..."
docker rm "$(docker ps -a -q)"
else
echo "No stopped docker containers."
fi
# Remove all untagged images
if [[ $(docker images | grep "^<none>") ]]; then
docker rmi "$(docker images | grep "^<none>" | awk '{print $3}')"
else
echo "No untagged docker images."
fi
echo "Cleaned up docker."

37
legacy/bin/jira-checkout
View File

@ -1,37 +0,0 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT
choose_issue() {
jq_template='"\(.key): \(.fields.summary)"'
query="project=$JIRA_PROJECT AND status not in (\"Done\") AND assignee=currentUser()"
branch_name=$(
curl \
--data-urlencode "jql=$query" \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/search" |
jq ".issues[] | $jq_template" |
sed -e 's/"\(.*\)"/\1/' |
fzf \
--preview='jira-details {1}' \
--preview-window=top:wrap |
sed -e 's/: /:/' -e 's/[^a-zA-Z0-9:]/-/g' |
awk -F ":" '{printf "%s/%s", $1, tolower($2)}'
)
echo "$branch_name"
}
issue_branch=$(choose_issue)
if [ -n "$issue_branch" ]; then
echo "git checkout -b \"$issue_branch\""
fi

38
legacy/bin/jira-details
View File

@ -1,38 +0,0 @@
#!/bin/sh
# Adapted from: https://seb.jambor.dev/posts/improving-shell-workflows-with-fzf/
# Requires the following variables to be set:
# - ATLASSIAN_EMAIL
# - ATLASSIAN_API_TOKEN
# - JIRA_HOSTNAME
# - JIRA_PROJECT (for other script)
issue_details() {
jira_key=$(echo "$1" | cut -d":" -f1)
jq_template='"'\
'# \(.key): \(.fields.summary)\n'\
'\n'\
'*Created*: \(.fields.created)\n'\
'*Status*: \(.fields.status.statusCategory.name)\n'\
'*Reporter*: \(.fields.reporter.displayName)\n'\
'*Priority*: \(.fields.priority.name)\n'\
"*Epic*: https://$JIRA_HOSTNAME/browse/\(.fields.customfield_10014)\n"\
'\n'\
'## Link\n\n'\
"https://$JIRA_HOSTNAME/browse/\(.key)\n"\
'\n'\
'## Description\n\n'\
'\(.fields.description)'\
'"'
curl \
--get \
--user "$ATLASSIAN_EMAIL:$ATLASSIAN_API_TOKEN" \
--silent \
--compressed \
"https://$JIRA_HOSTNAME/rest/api/2/issue/$jira_key" |
jq "$jq_template" |
xargs printf |
bat -l md --color always --style plain
}
issue_details "$1"

14
legacy/bin/kube-dashboard
View File

@ -1,14 +0,0 @@
#!/bin/sh
kubectl -n kube-system get secret "$(
kubectl -n kube-system get secret |
grep dashboard-admin |
awk '{print $1}'
)" -o json |
jq -j --raw-output '.data.token' |
base64 --decode |
pbcopy
open http://localhost:8001/api/v1/namespaces/default/services/https:kubernetes-dashboard:https/proxy/#!/login
kubectl proxy

3
legacy/bin/newest
View File

@ -1,3 +0,0 @@
#!/usr/local/bin/nu
ls | sort-by modified | reverse | keep 5

3
legacy/bin/oldest
View File

@ -1,3 +0,0 @@
#!/usr/local/bin/nu
ls | sort-by modified | keep 5

16
legacy/bin/pod
View File

@ -1,16 +0,0 @@
#!/usr/bin/env bash
# Credit: https://github.com/junegunn/fzf/blob/master/ADVANCED.md
read -ra tokens < <(
kubectl get pods --all-namespaces |
fzf --info=inline --layout=reverse --header-lines=1 --border \
--prompt "$(kubectl config current-context | sed 's/-context$//')> " \
--header $'Press CTRL-O to open log in editor\n\n' \
--bind ctrl-/:toggle-preview \
--bind "ctrl-o:execute:${EDITOR:-vim} <(kubectl logs --namespace {1} {2}) > /dev/tty" \
--preview-window up,follow \
--preview 'kubectl logs --follow --tail=100000 --namespace {1} {2}' "$@"
)
[ ${#tokens} -gt 1 ] &&
kubectl exec -it --namespace "${tokens[0]}" "${tokens[1]}" -- /bin/sh

3
legacy/bin/symlinks
View File

@ -1,3 +0,0 @@
#!/usr/local/bin/nu
ls -al | where type == Symlink | select name target

5
legacy/bin/url-decode
View File

@ -1,5 +0,0 @@
#!/bin/bash
function urldecode() { : "${*//+/ }"; echo -e "${_//%/\\x}"; }
urldecode "$@"

28
legacy/newsboat/com.noah.newsboat.plist
View File

@ -1,28 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.noah.newsboat</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/newsboat -x reload</string>
</array>
<key>Nice</key>
<integer>1</integer>
<key>StartInterval</key>
<integer>1800</integer>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/tmp/newsboat.err</string>
<key>StandardOutPath</key>
<string>/tmp/newsboat.out</string>
</dict>
</plist>

40
legacy/newsboat/config
View File

@ -1,40 +0,0 @@
browser "$BROWSER %u"
prepopulate-query-feeds yes
feed-sort-order lastupdated
reload-only-visible-feeds yes
text-width 72
bind-key j down
bind-key k up
bind-key j next articlelist
bind-key k prev articlelist
bind-key G end
bind-key g home
bind-key d pagedown
bind-key u pageup
bind-key n next-unread
bind-key p prev-unread
bind-key ; macro-prefix
bind-key B bookmark
bind-key f edit-flags
macro v set browser "mpv %u"; open-in-browser; set browser "$BROWSER %u"
macro p set browser "echo %u"; one; set browser "$BROWSER %u"
macro H set browser "clx view $(echo %u | cut -d '=' -f2)"; one; set browser "$BROWSER %u"
macro h set browser "clx view $(echo %u | cut -d '=' -f2)"; two; set browser "$BROWSER %u"
macro w set browser "w3m -o confirm_qq=false %u"; open-in-browser; set browser "$BROWSER %u"
macro r set browser "url-markdown %u | glow -p -w 72 -"; open-in-browser; set browser "$BROWSER %u"
macro d set browser "youtube-dl -o ~/Downloads/%(title)s.%(ext)s %u &"; open-in-browser-noninteractively; set browser "$BROWSER %u"
macro n set-tag News; reload-all
macro a set-tag All
macro e set-tag Reddit; reload-all
macro y set-tag YouTube; reload-all
bookmark-cmd "bookmark"
highlight article "^(Feed|Title|Author|Link|Date):.*" color243 default
highlight article "^(Links):.*" color243 default
highlight article "^(\\[[0-9]+\\]):.*" color243 default
highlight article "^(\\[[0-9]+\\])" color243 default
highlight article "^\\[.*\\]$" color243 default
highlight article "^(Title:).*" color249 default

137
legacy/nix-env.fish
View File

@ -1,137 +0,0 @@
# Setup Nix
# We need to distinguish between single-user and multi-user installs.
# This is difficult because there's no official way to do this.
# We could look for the presence of /nix/var/nix/daemon-socket/socket but this will fail if the
# daemon hasn't started yet. /nix/var/nix/daemon-socket will exist if the daemon has ever run, but
# I don't think there's any protection against accidentally running `nix-daemon` as a user.
# We also can't just look for /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh because
# older single-user installs used the default profile instead of a per-user profile.
# We can still check for it first, because all multi-user installs should have it, and so if it's
# not present that's a pretty big indicator that this is a single-user install. If it does exist,
# we still need to verify the install type. To that end we'll look for a root owner and sticky bit
# on /nix/store. Multi-user installs set both, single-user installs don't. It's certainly possible
# someone could do a single-user install as root and then manually set the sticky bit but that
# would be extremely unusual.
set -l nix_profile_path /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh
set -l single_user_profile_path ~/.nix-profile/etc/profile.d/nix.sh
if test -e $nix_profile_path
# The path exists. Double-check that this is a multi-user install.
# We can't just check for ~/.nix-profile/… because this may be a single-user install running as
# the wrong user.
# stat is not portable. Splitting the output of ls -nd is reliable on most platforms.
set -l owner (string split -n ' ' (command ls -nd /nix/store 2>/dev/null))[3]
if not test -k /nix/store -a $owner -eq 0
# /nix/store is either not owned by root or not sticky. Assume single-user.
set nix_profile_path $single_user_profile_path
end
else
# The path doesn't exist. Assume single-user
set nix_profile_path $single_user_profile_path
end
if test -e $nix_profile_path
# Source the nix setup script
# We're going to run the regular Nix profile under bash and then print out a few variables
for line in (command env -u BASH_ENV bash -c '. "$0"; for name in PATH "${!NIX_@}"; do printf "%s=%s\0" "$name" "${!name}"; done' $nix_profile_path | string split0)
set -xg (string split -m 1 = $line)
end
# Insert Nix's fish share directories into fish's special variables.
# nixpkgs-installed fish tries to set these up already if NIX_PROFILES is defined, which won't
# be the case when sourcing $__fish_data_dir/share/config.fish normally, but might be for a
# recursive invocation. To guard against that, we'll only insert paths that don't already exit.
# Furthermore, for the vendor_conf.d sourcing, we'll use the pre-existing presence of a path in
# $fish_function_path to determine whether we want to source the relevant vendor_conf.d folder.
# To start, let's locally define NIX_PROFILES if it doesn't already exist.
set -al NIX_PROFILES
if test (count $NIX_PROFILES) -eq 0
set -a NIX_PROFILES $HOME/.nix-profile
end
# Replicate the logic from nixpkgs version of $__fish_data_dir/__fish_build_paths.fish.
set -l __nix_profile_paths (string split ' ' -- $NIX_PROFILES)[-1..1]
set -l __extra_completionsdir \
$__nix_profile_paths/etc/fish/completions \
$__nix_profile_paths/share/fish/vendor_completions.d
set -l __extra_functionsdir \
$__nix_profile_paths/etc/fish/functions \
$__nix_profile_paths/share/fish/vendor_functions.d
set -l __extra_confdir \
$__nix_profile_paths/etc/fish/conf.d \
$__nix_profile_paths/share/fish/vendor_conf.d
### Configure fish_function_path ###
# Remove any of our extra paths that may already exist.
# Record the equivalent __extra_confdir path for any function path that exists.
set -l existing_conf_paths
for path in $__extra_functionsdir
if set -l idx (contains --index -- $path $fish_function_path)
set -e fish_function_path[$idx]
set -a existing_conf_paths $__extra_confdir[(contains --index -- $path $__extra_functionsdir)]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/functions $fish_function_path)
# Fish has no way to simply insert into the middle of an array.
set -l new_path $fish_function_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_functionsdir
set fish_function_path $new_path $fish_function_path[$idx..-1]
else
set -a fish_function_path $__extra_functionsdir
end
### Configure fish_complete_path ###
# Remove any of our extra paths that may already exist.
for path in $__extra_completionsdir
if set -l idx (contains --index -- $path $fish_complete_path)
set -e fish_complete_path[$idx]
end
end
# Insert the paths before $__fish_data_dir.
if set -l idx (contains --index -- $__fish_data_dir/completions $fish_complete_path)
set -l new_path $fish_complete_path[1..$idx]
set -e new_path[$idx]
set -a new_path $__extra_completionsdir
set fish_complete_path $new_path $fish_complete_path[$idx..-1]
else
set -a fish_complete_path $__extra_completionsdir
end
### Source conf directories ###
# The built-in directories were already sourced during shell initialization.
# Any __extra_confdir that came from $__fish_data_dir/__fish_build_paths.fish was also sourced.
# As explained above, we're using the presence of pre-existing paths in $fish_function_path as a
# signal that the corresponding conf dir has also already been sourced.
# In order to simulate this, we'll run through the same algorithm as found in
# $__fish_data_dir/config.fish except we'll avoid sourcing the file if it comes from an
# already-sourced location.
# Caveats:
# * Files will be sourced in a different order than we'd ideally do (because we're coming in
# after the fact to source them).
# * If there are existing extra conf paths, files in them may have been sourced that should have
# been suppressed by paths we're inserting in front.
# * Similarly any files in $__fish_data_dir/vendor_conf.d that should have been suppressed won't
# have been.
set -l sourcelist
for file in $__fish_config_dir/conf.d/*.fish $__fish_sysconf_dir/conf.d/*.fish
# We know these paths were sourced already. Just record them.
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
or set -a sourcelist $basename
end
for root in $__extra_confdir
for file in $root/*.fish
set -l basename (string replace -r '^.*/' '' -- $file)
contains -- $basename $sourcelist
and continue
set -a sourcelist $basename
contains -- $root $existing_conf_paths
and continue # this is a pre-existing path, it will have been sourced already
[ -f $file -a -r $file ]
and source $file
end
end
end

168
legacy/scripts/configure_macos
View File

@ -1,168 +0,0 @@
#!/bin/sh
echo "Enable full keyboard access for all controls (e.g. enable Tab in modal dialogs)"
defaults write NSGlobalDomain AppleKeyboardUIMode -int 3
echo "Automatically show and hide the dock"
defaults write com.apple.dock autohide -bool true
echo "Automatically show and hide the menu bar"
defaults write NSGlobalDomain _HIHideMenuBar -bool true
echo "Make Dock icons of hidden applications translucent"
defaults write com.apple.dock showhidden -bool true
echo "Use current directory as default search scope in Finder"
defaults write com.apple.finder FXDefaultSearchScope -string "SCcf"
echo "Expand save panel by default"
defaults write NSGlobalDomain NSNavPanelExpandedStateForSaveMode -bool true
echo "Expand print panel by default"
defaults write NSGlobalDomain PMPrintingExpandedStateForPrint -bool true
echo "Disable the \"Are you sure you want to open this application?\" dialog"
defaults write com.apple.LaunchServices LSQuarantine -bool false
echo "Enable highlight hover effect for the grid view of a stack (Dock)"
defaults write com.apple.dock mouse-over-hilte-stack -bool true
echo "Enable spring loading for all Dock items"
defaults write enable-spring-load-actions-on-all-items -bool true
echo "Disable press-and-hold for keys in favor of key repeat"
defaults write NSGlobalDomain ApplePressAndHoldEnabled -bool false
defaults write -g ApplePressAndHoldEnabled -bool false
echo "Set a blazingly fast keyboard repeat rate"
defaults write NSGlobalDomain KeyRepeat -int 2
echo "Set a shorter Delay until key repeat"
defaults write NSGlobalDomain InitialKeyRepeat -int 12
echo "Disable disk image verification"
defaults write com.apple.frameworks.diskimages skip-verify -bool true
defaults write com.apple.frameworks.diskimages skip-verify-locked -bool true
defaults write com.apple.frameworks.diskimages skip-verify-remote -bool true
echo "Avoid creating .DS_Store files on network volumes"
defaults write com.apple.desktopservices DSDontWriteNetworkStores -bool true
echo "Disable the warning when changing a file extension"
defaults write com.apple.finder FXEnableExtensionChangeWarning -bool false
# echo "Enable snap-to-grid for desktop icons"
# /usr/libexec/PlistBuddy -c "Set :DesktopViewSettings:IconViewSettings:arrangeBy grid" ~/Library/Preferences/com.apple.finder.plist
echo "Disable the warning before emptying the Trash"
defaults write com.apple.finder WarnOnEmptyTrash -bool false
echo "Disable tap to click (Trackpad)"
defaults write com.apple.driver.AppleBluetoothMultitouch.trackpad Clicking -bool false
echo "Enable Safaris debug menu"
defaults write com.apple.Safari IncludeInternalDebugMenu -bool true
echo "Make Safaris search banners default to Contains instead of Starts With"
defaults write com.apple.Safari FindOnPageMatchesWordStartsOnly -bool false
echo "Add a context menu item for showing the Web Inspector in web views"
defaults write NSGlobalDomain WebKitDeveloperExtras -bool true
echo "Save to disk (not to iCloud) by default"
defaults write NSGlobalDomain NSDocumentSaveNewDocumentsToCloud -bool false
echo "Disable automatic capitalization as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticCapitalizationEnabled -bool false
echo "Disable smart dashes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticDashSubstitutionEnabled -bool false
echo "Disable automatic period substitution as its annoying when typing code"
defaults write NSGlobalDomain NSAutomaticPeriodSubstitutionEnabled -bool false
echo "Disable smart quotes as theyre annoying when typing code"
defaults write NSGlobalDomain NSAutomaticQuoteSubstitutionEnabled -bool false
echo "Disable auto-correct"
defaults write NSGlobalDomain NSAutomaticSpellingCorrectionEnabled -bool false
echo "Use scroll gesture with the Ctrl (^) modifier key to zoom"
defaults write com.apple.universalaccess closeViewScrollWheelToggle -bool true
defaults write com.apple.universalaccess HIDScrollZoomModifierMask -int 262144
echo "Follow the keyboard focus while zoomed in"
defaults write com.apple.universalaccess closeViewZoomFollowsFocus -bool true
echo "Require password immediately after sleep or screen saver begins"
defaults write com.apple.screensaver askForPassword -int 1
defaults write com.apple.screensaver askForPasswordDelay -int 0
echo "Save screenshots to downloads"
defaults write com.apple.screencapture location -string "${HOME}/Downloads"
echo "Finder: allow quitting via ⌘ + Q; doing so will also hide desktop icons"
defaults write com.apple.finder QuitMenuItem -bool true
echo "Show the ~/Library folder"
chflags nohidden ~/Library && xattr -d com.apple.FinderInfo ~/Library
# Noah Prefs
echo "Enable dock magnification"
defaults write com.apple.dock magnification -bool true
echo "Set dock size"
defaults write com.apple.dock largesize -int 48
defaults write com.apple.dock tilesize -int 44
echo "Choose and order dock icons"
__dock_item() {
printf '%s%s%s%s%s' \
'<dict><key>tile-data</key><dict><key>file-data</key><dict>' \
'<key>_CFURLString</key><string>' \
"$1" \
'</string><key>_CFURLStringType</key><integer>0</integer>' \
'</dict></dict></dict>'
}
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password\ 7.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item /Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \
"$(__dock_item /System/Applications/Mail.app)" \
"$(__dock_item /Applications/Mimestream.app)" \
"$(__dock_item /Applications/zoom.us.app)" \
"$(__dock_item /Applications/Obsidian.app)" \
"$(__dock_item /Applications/Alacritty.app)" \
"$(__dock_item /System/Applications/System\ Preferences.app)"
echo "No recent items in dock"
defaults write com.apple.dock show-recents -bool FALSE
echo "Switch to dark mode"
defaults write "Apple Global Domain" "AppleInterfaceStyle" "Dark"
echo "Turn on Scroll Reverser"
open /Applications/Scroll\ Reverser.app
osascript -e 'tell application "System Events" to make login item at end with properties {path:"/Applications/Scroll Reverser.app", hidden:false}'
echo "Allow apps from anywhere"
SPCTL=$(spctl --status)
if ! [ "$SPCTL" = "assessments disabled" ]
then
sudo spctl --master-disable
fi
# ---
echo "Reset Launchpad"
# [ -e ~/Library/Application\ Support/Dock/*.db ] && rm ~/Library/Application\ Support/Dock/*.db
rm ~/Library/Application\ Support/Dock/*.db
echo "Show the ~/Library folder"
chflags nohidden ~/Library
# Clean up
echo "Kill affected applications"
for app in Safari Finder Dock Mail SystemUIServer; do killall "$app" >/dev/null 2>&1; done

5
legacy/scripts/npm
View File

@ -1,5 +0,0 @@
#!/bin/sh
npm update -g
npm install -g pyright
npm install -g diagnostic-languageserver

48
legacy/scripts/rust
View File

@ -1,48 +0,0 @@
#!/bin/sh
install_rust() {
if ! (which ~/.cargo/bin/rustup > /dev/null)
then
echo "installing rustup"
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
echo "rustup ✓"
}
update_rust() {
~/.cargo/bin/rustup update > /dev/null 2>&1
rust_version=$(~/.cargo/bin/rustc --version | awk '{print $2}')
echo "latest rust: $rust_version ✓"
}
download_rust_analyzer() {
if ! (which rust-analyzer > /dev/null)
then
echo "downloading rust analyzer"
rust_analyzer_bin=/usr/local/bin/rust-analyzer
curl -s -L https://github.com/rust-analyzer/rust-analyzer/releases/latest/download/rust-analyzer-mac -o $rust_analyzer_bin
chmod +x $rust_analyzer_bin
fi
echo "rust-analyzer ✓"
}
# cargo-edit: quickly add and remove packages
# whatfeatures: see optional features for a package
install_cargos() {
set -- \
'cargo-edit' \
'cargo-whatfeatures'
for program do
cargo install "$program"
done
echo "cargos ✓"
}
install_rust
update_rust
download_rust_analyzer
install_cargos

6
legacy/scripts/setup_cheatsheet
View File

@ -1,6 +0,0 @@
#!/bin/sh
echo "downloading cheatsheet"
curl https://cht.sh/:cht.sh > ~/.local/bin/cheat
chmod 755 ~/.local/bin/cheat
echo "cheatsheet ✓"

46
legacy/scripts/setup_fish
View File

@ -1,46 +0,0 @@
#!/usr/bin/env fish
set -U FISH_DIR (readlink ~/.config/fish) # Used for getting to this repo
set -Ux DOTS (dirname $FISH_DIR) # Directory of this config repo
set -U CDPATH . $HOME # Directories available for immediate cd
set -Ux EDITOR nvim # Preferred text editor
set -U PROJ $HOME/dev/work # Projects directory
set -Ux NOTES_PATH "$HOME/dev/personal/notes" # Notes directory
set -Ux MANPAGER "nvim +Man!" # Used for reading man pages
set -Ux DIRENV_LOG_FORMAT "" # Disable direnv output
set -Ux BROWSER "/Applications/Firefox.app/Contents/MacOS/firefox"
# Load abbreviations
abbrs
# Turn off greeting
set -U fish_greeting ""
# Set colors (Base16 Eighties)
set -U fish_color_normal normal
set -U fish_color_command 99cc99
set -U fish_color_quote ffcc66
set -U fish_color_redirection d3d0c8
set -U fish_color_end cc99cc
set -U fish_color_error f2777a
set -U fish_color_selection white --bold --background=brblack
set -U fish_color_search_match bryellow --background=brblack
set -U fish_color_history_current --bold
set -U fish_color_operator 6699cc
set -U fish_color_escape 66cccc
set -U fish_color_cwd green
set -U fish_color_cwd_root red
set -U fish_color_valid_path --underline
set -U fish_color_autosuggestion 747369
set -U fish_color_user brgreen
set -U fish_color_host normal
set -U fish_color_cancel -r
set -U fish_pager_color_completion normal
set -U fish_pager_color_description B3A06D yellow
set -U fish_pager_color_prefix white --bold --underline
set -U fish_pager_color_progress brwhite --background=cyan
set -U fish_color_comment ffcc66
set -U fish_color_param d3d0c8
set -U fish_color_match 6699cc
echo "fish setup ✓"

7
legacy/scripts/setup_ytfzf
View File

@ -1,7 +0,0 @@
#!/bin/sh
echo "downloading ytfzf"
mkdir -p ~/.local/bin
curl -sL "https://raw.githubusercontent.com/pystardust/ytfzf/master/ytfzf" >~/.local/bin/ytfzf
chmod 755 ~/.local/bin/ytfzf
echo "ytfzf ✓"

8
legacy/templates/kubernetes/clusterrole.yaml
View File

@ -1,8 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name:
rules:
- apiGroups: [""]
resources:
verbs: []

12
legacy/templates/kubernetes/clusterrolebinding.yaml
View File

@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name:
subjects:
- kind: ServiceAccount
name:
namespace: default

8
legacy/templates/kubernetes/configmap.yaml
View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

33
legacy/templates/kubernetes/deployment.yaml
View File

@ -1,33 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name:
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app:
template:
metadata:
labels:
app:
spec:
serviceAccountName:
containers:
- name:
image:
imagePullPolicy: Always
envFrom:
- configMapRef:
name:
- secretRef:
name:
ports:
- containerPort:
protocol: TCP
resources:
limits:
cpu:
requests:
cpu:

21
legacy/templates/kubernetes/ingress.yaml
View File

@ -1,21 +0,0 @@
apiVersion: networking.k8s.io/v1beta1 # must be beta until k8s 1.19
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: alb
alb.ingress.kubernetes.io/group.name:
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/security-groups:
alb.ingress.kubernetes.io/tags: Project=
alb.ingress.kubernetes.io/target-type: instance
name:
namespace:
spec:
rules:
- host:
http:
paths:
- backend:
serviceName:
servicePort:

10
legacy/templates/kubernetes/role.yaml
View File

@ -1,10 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name:
namespace: default
rules:
- apiGroups: [""]
resourceNames:
resources:
verbs:

13
legacy/templates/kubernetes/rolebinding.yaml
View File

@ -1,13 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name:
namespace: default
roleRef:
kind:
name:
apiGroup: rbac.authorization.k8s.io
subjects:
- kind:
name:
apiGroup: rbac.authorization.k8s.io

8
legacy/templates/kubernetes/secret.yaml
View File

@ -1,8 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name:
namespace: default
annotations:
replicator.v1.mittwald.de/replicate-to: ".*"
data:

15
legacy/templates/kubernetes/service.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
annotations:
alb.ingress.kubernetes.io/healthcheck-path:
name:
namespace: default
spec:
ports:
- port: 443
protocol: TCP
targetPort: 80
selector:
app:
type: NodePort

5
legacy/templates/kubernetes/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name:
namespace: default

12
legacy/templates/programs/skeleton.py
View File

@ -1,12 +0,0 @@
#!/usr/bin/env python
"""
Program
"""
def main():
"""Run the program"""
pass
if __name__ == "__main__":
main()

8
legacy/templates/programs/skeleton.sh
View File

@ -1,8 +0,0 @@
#!/bin/sh
if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then
cat <<EOH
Help text
EOH
exit
fi

2
modules/common/applications/1password.nix
View File

@ -11,7 +11,7 @@
config = lib.mkIf
(config.gui.enable && config._1password.enable && pkgs.stdenv.isLinux) {
unfreePackages = [ "1password" "_1password-gui" ];
unfreePackages = with pkgs; [ _1password _1password-gui ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ _1password-gui ];
};

4
modules/common/applications/default.nix
View File

@ -7,9 +7,11 @@
./firefox.nix
./kitty.nix
./media.nix
./nautilus.nix
./obsidian.nix
./qbittorrent.nix
./nautilus.nix
./slack.nix
./yt-dlp.nix
];
}

2
modules/common/applications/discord.nix
View File

@ -10,7 +10,7 @@
};
config = lib.mkIf (config.gui.enable && config.discord.enable) {
unfreePackages = [ "discord" ];
unfreePackages = [ pkgs.discord ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ discord ];
xdg.configFile."discord/settings.json".text = ''

6
modules/common/applications/firefox.nix
View File

@ -13,9 +13,9 @@
config = lib.mkIf (config.gui.enable && config.firefox.enable) {
unfreePackages = [
(lib.mkIf config._1password.enable "onepassword-password-manager")
"okta-browser-plugin"
unfreePackages = with pkgs.nur.repos.rycee.firefox-addons; [
(lib.mkIf config._1password.enable onepassword-password-manager)
okta-browser-plugin
];
home-manager.users.${config.user} = {

14
modules/common/applications/media.nix
View File

@ -19,9 +19,17 @@
];
# Set default for opening PDFs
xdg.mimeApps.defaultApplications."application/pdf" =
[ "zathura.desktop" ];
xdg.mimeApps.defaultApplications."image/*" = [ "sxiv.desktop" ];
xdg.mimeApps = {
associations.added = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/*" = [ "sxiv.desktop" ];
};
associations.removed = { "application/pdf" = [ "mupdf.desktop" ]; };
defaultApplications = {
"application/pdf" = [ "pwmt.zathura-cb.desktop" ];
"image/*" = [ "sxiv.desktop" ];
};
};
};

1
modules/common/applications/nautilus.nix
View File

@ -28,6 +28,7 @@
};
};
};
};
}

2
modules/common/applications/obsidian.nix
View File

@ -10,7 +10,7 @@
};
config = lib.mkIf (config.gui.enable && config.obsidian.enable) {
unfreePackages = [ "obsidian" ];
unfreePackages = [ pkgs.obsidian ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ obsidian ];
};

19
modules/common/applications/slack.nix Normal file
View File

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }: {
options = {
slack = {
enable = lib.mkEnableOption {
description = "Enable Slack.";
default = false;
};
};
};
config = lib.mkIf (config.gui.enable && config.slack.enable) {
unfreePackages = [ pkgs.slack ];
home-manager.users.${config.user} = {
home.packages = with pkgs; [ slack ];
};
};
}

35
modules/common/applications/yt-dlp.nix Normal file
View File

@ -0,0 +1,35 @@
{ config, pkgs, lib, ... }: {
options = {
yt-dlp = {
enable = lib.mkEnableOption {
description = "Enable YouTube downloader.";
default = false;
};
};
};
config = lib.mkIf (config.yt-dlp.enable) {
home-manager.users.${config.user} = {
programs.yt-dlp = {
enable = true;
extraConfig = "";
settings = {
no-continue = true; # Always re-download each fragment
no-overwrites = true; # Don't overwrite existing files
download-archive = "archive.log"; # Log of archives
embed-metadata = true;
embed-thumbnail = true;
embed-subs = true;
sub-langs = "en.*";
concurrent-fragments = 4; # Parallel download chunks
};
};
programs.fish.shellAbbrs.yt = "yt-dlp";
};
};
}

26
modules/common/default.nix
View File

@ -68,7 +68,7 @@
description = "Link to dotfiles repository.";
};
unfreePackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
type = lib.types.listOf lib.types.package;
description = "List of unfree packages to allow.";
default = [ ];
};
@ -77,12 +77,30 @@
config = let stateVersion = "23.05";
in {
nix = {
# Enable features in Nix commands
nix.extraOptions = ''
extraOptions = ''
experimental-features = nix-command flakes
warn-dirty = false
'';
settings = {
# Add community Cachix to binary cache
substituters = lib.mkIf (!pkgs.stdenv.isDarwin)
[ "https://nix-community.cachix.org" ];
trusted-public-keys = lib.mkIf (!pkgs.stdenv.isDarwin) [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
# Scans and hard links identical files in the store
auto-optimise-store = true;
};
};
# Basic common system packages for all devices
environment.systemPackages = with pkgs; [ git vim wget curl ];
@ -95,8 +113,10 @@
# Allow specified unfree packages (identified elsewhere)
# Retrieves package object based on string name
# Idea: https://discourse.nixos.org/t/how-to-use-packages-directly-in-allowunfreepredicate/22455/6
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.unfreePackages;
builtins.elem (pkg.name or (builtins.parseDrvName pkg.pname).name)
(map lib.getName config.unfreePackages);
# Pin a state version to prevent warnings
home-manager.users.${config.user}.home.stateVersion = stateVersion;

2
modules/common/mail/default.nix
View File

@ -67,7 +67,7 @@
notmuch.enable = false;
passwordCommand =
"${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
builtins.toString ../../private/mailpass.age
builtins.toString ../../../private/mailpass.age
}";
smtp = {
host = "smtp.purelymail.com";

9
modules/common/neovim/config/align.nix Normal file
View File

@ -0,0 +1,9 @@
{ pkgs, ... }: {
plugins = [ pkgs.vimPlugins.tabular ];
lua = ''
-- Align
vim.keymap.set("", "<Leader>ta", ":Tabularize /")
vim.keymap.set("", "<Leader>t#", ":Tabularize /#<CR>")
vim.keymap.set("", "<Leader>tl", ":Tabularize /---<CR>")
'';
}

4
modules/common/neovim/config/lsp.nix
View File

@ -6,10 +6,10 @@
pkgs.vimPlugins.null-ls-nvim
];
use.lspconfig.sumneko_lua.setup = dsl.callWith {
use.lspconfig.lua_ls.setup = dsl.callWith {
settings = { Lua = { diagnostics = { globals = [ "vim" "hs" ]; }; }; };
capabilities = dsl.rawLua "require('cmp_nvim_lsp').default_capabilities()";
cmd = [ "${pkgs.sumneko-lua-language-server}/bin/lua-language-server" ];
cmd = [ "${pkgs.lua-language-server}/bin/lua-language-server" ];
};
use.lspconfig.nil_ls.setup = dsl.callWith {

8
modules/common/neovim/default.nix
View File

@ -34,6 +34,14 @@ in {
programs.kitty.settings.scrollback_pager = lib.mkForce ''
${neovim}/bin/nvim -c 'setlocal nonumber nolist showtabline=0 foldcolumn=0|Man!' -c "autocmd VimEnter * normal G" -'';
xdg.desktopEntries.nvim = lib.mkIf pkgs.stdenv.isLinux {
name = "Neovim wrapper";
exec = "kitty nvim %F";
};
xdg.mimeApps = lib.mkIf pkgs.stdenv.isLinux {
defaultApplications."text/markdown" = [ "nvim.desktop" ];
};
};
# # Used for icons in Vim

1
modules/common/neovim/package/default.nix
View File

@ -31,6 +31,7 @@
pkgs.neovimBuilder {
package = pkgs.neovim-unwrapped;
imports = [
../config/align.nix
../config/bufferline.nix
../config/completion.nix
../config/gitsigns.nix

8
modules/common/repositories/dotfiles.nix
View File

@ -14,7 +14,13 @@
[ "writeBoundary" ] ''
if [ ! -d "${config.dotfilesPath}" ]; then
$DRY_RUN_CMD mkdir --parents $VERBOSE_ARG $(dirname "${config.dotfilesPath}")
$DRY_RUN_CMD ${pkgs.git}/bin/git clone ${config.dotfilesRepo} "${config.dotfilesPath}"
# Force HTTPS because anonymous SSH doesn't work
GIT_CONFIG_COUNT=1 \
GIT_CONFIG_KEY_0="url.https://github.com/.insteadOf" \
GIT_CONFIG_VALUE_0="git@github.com:" \
$DRY_RUN_CMD \
${pkgs.git}/bin/git clone ${config.dotfilesRepo} "${config.dotfilesPath}"
fi
'';

6
modules/common/shell/direnv.nix
View File

@ -6,4 +6,10 @@
config = { whitelist = { prefix = [ config.dotfilesPath ]; }; };
};
# Prevent garbage collection
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
}

8
modules/common/shell/fish/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }: {
{ config, pkgs, lib, ... }: {
users.users.${config.user}.shell = pkgs.fish;
programs.fish.enable =
@ -11,7 +11,10 @@
programs.fish = {
enable = true;
shellAliases = { ls = "exa"; };
shellAliases = {
ls = "exa";
trash = lib.mkIf pkgs.stdenv.isLinux "${pkgs.trash-cli}/bin/trash-put";
};
functions = {
commandline-git-commits = {
description = "Insert commit into commandline";
@ -90,6 +93,7 @@
sc = "systemctl";
scs = "systemctl status";
m = "make";
t = "trash";
# Vim (overwritten by Neovim)
v = "vim";

15
modules/common/shell/utilities.nix
View File

@ -17,20 +17,6 @@ in {
home-manager.users.${config.user} = {
# Fix: age won't build
nixpkgs.overlays = [
(_final: prev: {
age = prev.age.overrideAttrs (_old: {
src = prev.fetchFromGitHub {
owner = "FiloSottile";
repo = "age";
rev = "7354aa0d08a06eac42c635670a55f858bd23c943";
sha256 = "H80mNTgZmExDMgubONIXP7jmLBvNMVqXee6NiZJhPFY=";
};
});
})
];
home.packages = with pkgs; [
unzip # Extract zips
rsync # Copy folders
@ -41,7 +27,6 @@ in {
tealdeer # Cheatsheets
tree # View directory hierarchy
htop # Show system processes
glow # Pretty markdown previews
qrencode # Generate qr codes
vimv-rs # Batch rename files
dig # DNS lookup

1
modules/darwin/hammerspoon.nix
View File

@ -16,6 +16,7 @@
firefox = "${pkgs.firefox-bin}/Applications/Firefox.app";
discord = "${pkgs.discord}/Applications/Discord.app";
kitty = "${pkgs.kitty}/Applications/kitty.app";
slack = "${pkgs.slack}/Applications/Slack.app";
};
xdg.configFile."hammerspoon/Spoons/MoveWindow.spoon".source =
./hammerspoon/Spoons/MoveWindow.spoon;

21
modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/close_notifications.applescript Normal file
View File

@ -0,0 +1,21 @@
# Credit: https://github.com/Ptujec/LaunchBar/blob/f7b5a0dba9919c2fec879513f68a044f78748539/Notifications/Dismiss%20all%20notifications.lbaction/Contents/Scripts/default.applescript
tell application "System Events"
try
set _groups to groups of UI element 1 of scroll area 1 of group 1 of window "Notification Center" of application process "NotificationCenter"
repeat with _group in _groups
set _actions to actions of _group
repeat with _action in _actions
if description of _action is in {"Schlie§en", "Alle entfernen", "Close", "Clear All"} then
perform _action
end if
end repeat
end repeat
end try
end tell

2
modules/darwin/hammerspoon/Spoons/DismissAlerts.spoon/init.lua
View File

@ -10,7 +10,7 @@ obj.license = "MIT - https://opensource.org/licenses/MIT"
function obj:init()
hs.hotkey.bind({ "cmd", "alt", "ctrl" }, "k", function()
hs.osascript.javascriptFromFile("Spoons/DismissAlerts.spoon/close_notifications_applescript.js")
hs.osascript.applescriptFromFile("Spoons/DismissAlerts.spoon/close_notifications.applescript")
end)
end

33
modules/darwin/hammerspoon/Spoons/Launcher.spoon/init.lua
View File

@ -8,44 +8,44 @@ obj.name = "Launcher"
obj.version = "0.1"
obj.license = "MIT - https://opensource.org/licenses/MIT"
function DrawSwitcher()
-- Drawing
local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500
local canv = hs.canvas.new({
local width = hs.screen.mainScreen():fullFrame().w
local switcherWidth = 500
obj.canvas = hs.canvas.new({
x = width / 2 - switcherWidth / 2,
y = 1,
h = 3,
w = switcherWidth,
})
canv[#canv + 1] = {
})
-- Draw switcher
obj.canvas[#obj.canvas + 1] = {
action = "build",
type = "rectangle",
}
canv[#canv + 1] = {
}
obj.canvas[#obj.canvas + 1] = {
type = "rectangle",
fillColor = { alpha = 1, red = 0.8, green = 0.6, blue = 0.3 },
action = "fill",
}
return canv:show()
end
}
function obj:init()
-- Begin launcher mode
if self.launcher == nil then
self.launcher = hs.hotkey.modal.new("ctrl", "space")
print(self.canvas)
print(obj.canvas)
end
-- Behaviors on enter
function self.launcher:entered()
-- hs.alert("Entered mode")
self.canv = DrawSwitcher()
obj.canvas:show()
end
-- Behaviors on exit
function self.launcher:exited()
-- hs.alert("Exited mode")
self.canv:hide()
obj.canvas:hide()
end
-- Use escape to exit launcher mode
@ -54,7 +54,8 @@ function obj:init()
end)
-- Launcher shortcuts
self.launcher:bind("ctrl", "space", function() end)
self.launcher:bind("ctrl", "space", function()
end)
self.launcher:bind("", "return", function()
self:switch("@kitty@")
end)
@ -92,7 +93,7 @@ function obj:init()
hs.reload()
end)
self.launcher:bind("", "S", function()
self:switch("Slack.app")
self:switch("@slack@")
end)
self.launcher:bind("", "Z", function()
self:switch("zoom.us.app")

6
modules/darwin/homebrew.nix
View File

@ -45,12 +45,6 @@
];
};
home-manager.users.${config.user} = {
programs.fish.shellAbbrs.t = "trash";
};
};
}

2
modules/darwin/system.nix
View File

@ -166,7 +166,7 @@
echo "Choose and order dock icons"
defaults write com.apple.dock persistent-apps -array \
"$(__dock_item /Applications/1Password.app)" \
"$(__dock_item /Applications/Slack.app)" \
"$(__dock_item ${pkgs.slack}/Applications/Slack.app)" \
"$(__dock_item /System/Applications/Calendar.app)" \
"$(__dock_item ${pkgs.firefox-bin}/Applications/Firefox.app)" \
"$(__dock_item /System/Applications/Messages.app)" \

1
modules/nixos/gaming/default.nix
View File

@ -16,5 +16,6 @@
driSupport = true;
driSupport32Bit = true;
};
programs.gamemode.enable = true;
};
}

2
modules/nixos/gaming/minecraft-server.nix
View File

@ -14,7 +14,7 @@ in {
config = lib.mkIf config.gaming.minecraft-server.enable {
unfreePackages = [ "minecraft-server" ];
unfreePackages = [ pkgs.minecraft-server ];
services.minecraft-server = {
enable = true;

11
modules/nixos/gaming/steam.nix
View File

@ -4,16 +4,21 @@
config = lib.mkIf (config.gaming.steam.enable && pkgs.stdenv.isLinux) {
hardware.steam-hardware.enable = true;
unfreePackages = [ "steam" "steam-original" "steamcmd" "steam-run" ];
environment.systemPackages = with pkgs; [
unfreePackages = with pkgs; [ steam steamcmd steam-run ];
steam
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
};
environment.systemPackages = with pkgs; [
# Enable terminal interaction
steamPackages.steamcmd
steam-tui
];
};
}

6
modules/nixos/hardware/boot.nix
View File

@ -13,6 +13,9 @@
# Attempt to display GRUB on widescreen monitor
gfxmodeEfi = "1920x1080";
# Limit the total number of configurations to rollback
configurationLimit = 25;
# Install GRUB onto the boot disk
# device = config.fileSystems."/boot".device;
@ -40,4 +43,7 @@
boot.supportedFilesystems =
lib.mkIf (config.physical && pkgs.stdenv.isLinux) [ "ntfs" ];
# Use latest released Linux kernel by default
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
}

2
modules/nixos/hardware/default.nix
View File

@ -3,6 +3,7 @@
imports = [
./audio.nix
./boot.nix
./disk.nix
./keyboard.nix
./monitors.nix
./mouse.nix
@ -10,6 +11,7 @@
./server.nix
./sleep.nix
./wifi.nix
./zfs.nix
];
options = {

7
modules/nixos/hardware/disk.nix Normal file
View File

@ -0,0 +1,7 @@
{ config, pkgs, lib, ... }: {
# Enable fstrim, which tracks free space on SSDs for garbage collection
# More info: https://www.reddit.com/r/NixOS/comments/rbzhb1/if_you_have_a_ssd_dont_forget_to_enable_fstrim/
services.fstrim.enable = true;
}

6
modules/nixos/hardware/networking.nix
View File

@ -9,6 +9,12 @@
networking.interfaces.enp5s0.useDHCP = true;
networking.interfaces.wlp4s0.useDHCP = true;
networking.firewall.allowPing = lib.mkIf config.server true;
networking.hosts = {
"192.168.0.120" = [ "tempest" ];
"192.168.0.218" = [ "swan" ];
};
};
}

10
modules/nixos/hardware/sleep.nix
View File

@ -4,9 +4,17 @@
# Prevent wake from keyboard
powerManagement.powerDownCommands = ''
for wakeup in /sys/bus/usb/devices/1-*/power/wakeup; do echo disabled > $wakeup; done
# for power in /sys/bus/usb/devices/*/power; do echo disabled > ''${power}/wakeup; done
# AMD issue: https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Instantaneous_wakeups_from_suspend
for power in /sys/bus/i2c/devices/i2c-*/device/power; do echo disabled > ''${power}/wakeup; done
'';
# From here: https://www.reddit.com/r/NixOS/comments/wcu34f/how_would_i_do_this_in_nix/
# services.udev.extraRules = ''
# ACTION=="add", SUBSYSTEM=="i2c", ATTRS{idVendor}=="<vendor>", ATTRS{idProduct}=="<product>" RUN+="${pkgs.bash}/bin/bash -c 'echo disabled > /sys/bus/i2c/devices/i2c-*/power/wakeup'"
# '';
};
}

16
modules/nixos/hardware/zfs.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, pkgs, lib, ... }: {
options = { zfs.enable = lib.mkEnableOption "ZFS file system."; };
config =
lib.mkIf (pkgs.stdenv.isLinux && config.server && config.zfs.enable) {
# Only use compatible Linux kernel, since ZFS can be behind
boot.kernelPackages =
config.boot.zfs.package.latestCompatibleLinuxPackages;
boot.kernelParams = [ "nohibernate" ];
boot.supportedFilesystems = [ "zfs" ];
};
}

3
modules/nixos/services/backups.nix
View File

@ -27,7 +27,7 @@
users.groups.backup = { };
secrets.backup = {
source = ../../private/backup.age;
source = ../../../private/backup.age;
dest = "${config.secretsDirectory}/backup";
group = "backup";
permissions = "0440";
@ -38,6 +38,7 @@
services.litestream = {
enable = true;
environmentFile = config.secrets.backup.dest;
settings = { };
};
# Wait for secret to exist

20
modules/nixos/services/calibre.nix
View File

@ -1,4 +1,10 @@
{ config, pkgs, lib, ... }: {
{ config, pkgs, lib, ... }:
let
libraryPath = "/data/books";
in {
options = {
bookServer = lib.mkOption {
@ -6,6 +12,11 @@
description = "Hostname for Calibre library";
default = null;
};
backups.calibre = lib.mkOption {
type = lib.types.bool;
description = "Whether to backup Calibre library";
default = true;
};
};
config = lib.mkIf (config.bookServer != null) {
@ -17,6 +28,7 @@
reverseProxyAuth.enable = false;
enableBookConversion = true;
enableBookUploading = true;
calibreLibrary = libraryPath;
};
};
@ -30,7 +42,7 @@
}];
# Run a backup on a schedule
systemd.timers.calibre-backup = {
systemd.timers.calibre-backup = lib.mkIf config.backups.calibre {
timerConfig = {
OnCalendar = "*-*-* 00:00:00"; # Once per day
Unit = "calibre-backup.service";
@ -39,9 +51,7 @@
};
# Backup Calibre data to object storage
systemd.services.calibre-backup =
let libraryPath = "/var/lib/calibre-web"; # Default location
in {
systemd.services.calibre-backup = lib.mkIf config.backups.calibre {
description = "Backup Calibre data";
environment.AWS_ACCESS_KEY_ID = config.backup.s3.accessKeyId;
serviceConfig = {

1
modules/nixos/services/default.nix
View File

@ -15,6 +15,7 @@
./netdata.nix
./nextcloud.nix
./prometheus.nix
./samba.nix
./secrets.nix
./sshd.nix
./transmission.nix

3
modules/nixos/services/jellyfin.nix
View File

@ -20,6 +20,9 @@
}];
}];
# Grant user access to Jellyfin directories
users.users.${config.user}.extraGroups = [ "jellyfin" ];
# Create videos directory, allow anyone in Jellyfin group to manage it
systemd.tmpfiles.rules = [
"d /var/lib/jellyfin 0775 jellyfin jellyfin"

6
modules/nixos/services/nextcloud.nix
View File

@ -15,6 +15,7 @@
services.nextcloud = {
enable = true;
package = pkgs.nextcloud25; # Required to specify
datadir = "/data/nextcloud";
https = true;
hostName = "localhost";
maxUploadSize = "50G";
@ -41,7 +42,7 @@
# Create credentials file for nextcloud
secrets.nextcloud = {
source = ../../private/nextcloud.age;
source = ../../../private/nextcloud.age;
dest = "${config.secretsDirectory}/nextcloud";
owner = "nextcloud";
group = "nextcloud";
@ -52,6 +53,9 @@
before = [ "nextcloud-setup.service" ];
};
# Grant user access to Nextcloud directories
users.users.${config.user}.extraGroups = [ "nextcloud" ];
## Backup config
# Open to groups, allowing for backups

38
modules/nixos/services/samba.nix Normal file
View File

@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }: {
options = { samba.enable = lib.mkEnableOption "Enable Samba sharing."; };
config = {
services.samba = lib.mkIf (config.samba.enable) {
enable = true;
openFirewall = true;
shares.data = {
path = "/data";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"force user" = config.user;
"force group" = config.user;
comment = "NAS";
};
};
# Allows Windows clients to discover server
services.samba-wsdd.enable = true;
networking.firewall.allowedTCPPorts = [ 5357 ];
networking.firewall.allowedUDPPorts = [ 3702 ];
# Allow client browsing Samba and virtual filesystem shares
services.gvfs =
lib.mkIf (config.gui.enable && config.nautilus.enable) { enable = true; };
# # Permissions required to mount Samba with GVFS, if not using desktop environment
# environment.systemPackages = lib.mkIf (config.gui.enable
# && config.nautilus.enable
# && config.services.xserver.windowManager.i3.enable)
# [ pkgs.lxqt.lxqt-policykit ];
};
}

10
modules/nixos/services/sshd.nix
View File

@ -17,11 +17,13 @@
services.openssh = {
enable = true;
ports = [ 22 ];
passwordAuthentication = false;
gatewayPorts = "no";
forwardX11 = false;
allowSFTP = true;
permitRootLogin = config.permitRootLogin;
settings = {
GatewayPorts = "no";
X11Forwarding = false;
PasswordAuthentication = false;
PermitRootLogin = config.permitRootLogin;
};
};
users.users.${config.user}.openssh.authorizedKeys.keys =

5
modules/nixos/system/user.nix
View File

@ -32,6 +32,11 @@
};
home-manager.users.${config.user}.xdg = {
# Allow Nix to manage the default applications list
mimeApps.enable = true;
# Set directories for application defaults
userDirs = {
enable = true;
createDirectories = true;

0
private/password.sha512 → password.sha512
View File

19
private/backup.age
View File

@ -1,10 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBmVEo2
bExsZERhYi9vVXMxVThRK2w3dFR4UlZVcGlsWUFPM3pReTQwaW5ZCjQ5Z3g3amZC
bWUwWkdKTStVbFpwMmdwK3pQQU5CeE5tMVNHbXI1UkdCTFUKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIE9sTG1lOHIyVGdLNWtJRTZtdGNWWEFsTTJ5bE1HS1V2MEdKeGNN
WFMyV28KVlRHdDg5SGFadVlJempKWkp6eEp6TkhINnl0R0xDL0J0WXByclpFWE5I
VQotLS0gVVhaUDZLTy8xS3hKOVliSlpuTEY2Q2xOQUEvblBtUG9Vb0I5ZE1oOUZ1
VQr18Jwx6XDa7bwq0QWT6NdIFzqNUHWhDyUvS9twncFsr0yEAUDQd2XLtE+Vc8T9
Z7y/C8Ct5+duqd6YaeqROJz5zVj0NnI0lshirBl89PQWF9ihp4V4Hw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBkOVNs
NklGeTFxTTQzQ2t5WVUvVzREVnk3WjB0ZnUwdGo5Wk5Zc2RVeVJJCnBFbHcvUzdi
SG5xeTg2dU9oRUtiYXk3cERJOC9zbitrZ1hxZ0RJWDVYNmcKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIElNNkFMYkRoYXpPV1RtWEhrdUJCbXczd05tTG5QNi8wVktYQmZn
eTlWbTgKUVVrb21mTTNzZ1d6cE0yU2l4SVhqbkNyUEpLSHJyUEMyS1pLNGloTlpK
cwotPiBzc2gtZWQyNTUxOSBuanZYNUEgRU5LM2FKNEZ3Y1dDOW02VFU4bnNuZHpE
QzBLMlBhVnY3aGIrZDNhOUNWcwpSMHNsYTRlNFc5V0NsQ1h2VGFqUHNBVkxTVXdz
dGx6bWFwR1FFU2JNdmlBCi0tLSB6b3dpRmFURm0veFRFRitpbmZoOWJFcU8rbHJk
OXVIbGpUSWNFdWZmczVNCrodWjz8yVOdHHcVH9s2gOJfDrZFCP7L14RdGs9UW/Iw
JaJr5YblUiqTfKJiCN8dnCve3oCUlIY6K+yrBh5GaNbiwOgCzzZO5BGXEqoUSnux
ltmV1UI4
-----END AGE ENCRYPTED FILE-----

18
private/mailpass.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBIRnEy
am1HTXptMmpSTjZQa2hQSUxNUU1rdXlod3U3bVZ0VGxQVlE2WldBClg0K3k5MDZH
NFlPdHI0VnZSZE9DTTNMeDdldUpFQ3V0V0k0RnRIZHFhdzAKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlxZFpqNU5kNVY2VUk0Um0zZ1d1M2FlRkYvV1BoTEFSNjZ2Vk9I
QTVHM0UKY2gvVU9wckVUNEFwdUwyVFJZUGwxOFFKYm12cUlFTEVrb3IvcXI3TnND
UQotLS0gMHdaajFjV2ozd0g5dWN5YkhiU2NBVWZVSU00aVIzY0VKYjJleVlQTUdX
QQo7rH6kOTRFP43U/qiBOCHx+hBGlaODFRS1CgzkuqfMOq8PM28RsIN+l3sbwjxE
W8chE/A0EChjIDtfYTMgsN3cYg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBsb0pX
R2RJRlJkbWF2a3BJN25ZY3ZwWTNRNDFhbWFkRE5TdkxDNUMrUms4CjI4TVN4Rk5U
a0xMRHVQSEJUcVJTQ2ZLd0c0c0MxM2thMFpyeXZ1NGM2NFEKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFFnN1VkSzVXVzg4UGFWakxweWRmSldWbDBOMW9xYWJQek1Ielk0
YXVrVFUKSzhUNVd3SGU4MkVZUXdLWXpFL3JCUWxOSitHOEJzQ0pXN0FKSXZ6RUFm
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgVG5jYmFCTkFmekJMdFBUVWJscmN5dUxp
RngzZEFEZUJINDBwUFBIUitpWQo3aWlLRDdoUklhbDlNeFJjeXFkTnJFcDJiV1Vv
ajBQQzFlaTFwWVFDSjljCi0tLSBWS3pzSWo4SXpIallxc0JQWk9LSWFDekxtOGRp
eGhYSEdqL1RmRnhtemMwCmQ5wc817Rk+Rs8RHXMe2Gm1mKbFOFMVrWFW5gLm9UHE
T05kZ7OBh34D9B7jmFokYM4uQBXBrydcb51TGVLXXgnN
-----END AGE ENCRYPTED FILE-----

18
private/nextcloud.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBudkxn
ZzU1YVViYUZBWVVTYm1SeHpvanQ5M0YwVGo2YldlN2RwY0tscWpBCjd0ZmtLZ2th
dEMrQk5QV0EzT0RpVkg5bGo1cHdTNzVYVkZpVzE4aHR0azgKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlqaEI2QUNnMjR1T0FENXJIMEJWOUFJUXZ4SlJxbUFnQktWUW9w
UFlmUUkKL1RwaWxoNFM4SkpadWtyN3JnWHdjVTYrQmo0dU9JUnp0MjN5enVsUm9o
ZwotLS0gWUd2eTR2VGkyeTZ5cHNuanMrSlZKVmc4T1ZORExmUnhDSjN0NEJkNjkz
cwriuyYCgvJe7TRi3n/JwxIRKMsoh7+xj4B5Fdxuj3BOtKVi1geSjlDHVklRwu9Y
IMCTLqQtj08JnuLfDezRGHAYCM8=
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBsWmI2
UisyZ01rS3k4R0tJMThNdEZUOXZNVnV5RGNtVTR3V25wb2UwUDE0CnlGc0xySy8x
L2k2b1VRc1M0R1p5MkVTUWxHWkU2ZEtTSDFXK211V0ZHQTQKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIExWdlE1M1ZldnpPYWVta3ovdmdEU3VtZU0xWWFldnp3L3hicnFY
Y0dxQjQKdEFHa09Sd2IwUDRwM2dMK1paTFNESUJVRk1NNUFScXJGK1J5MkdtUGZv
YwotPiBzc2gtZWQyNTUxOSBuanZYNUEgVnRhWmtLTnpDSGhRODcvcUY1K2VySlJK
Rlk4WW1kQlVFd2Y4bWRLdGJWOAp1S1ZVclRrMUhicy9xQ1NTZ21tazEraDFaU2tD
eldWVVR1S1BTRDJ4ZjVrCi0tLSAwdXF6Nmt4RHBFVnVzZ08yeFBLbWF3dUx1M1hq
bVRzYmZiZk1Sb1ZOZUZRCpm4DLNa9DuoFQxQux3Q90PP6G30Z2b0j85cZqyr7anw
fg3687eKqMNwl4qdGYeE63oeUHrxfYISKB41zRDHmc7H2w==
-----END AGE ENCRYPTED FILE-----

19
private/transmission.json.age
View File

@ -1,10 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBSYUU2
OWp1ZDRLVTJrR1k3SVdXZnRPN3RUNDY5RFM2WEZaTzRmdU1zSWdrCjV1VHpNMG81
VHA4LzdsN3FpOUNoTGNlWmlHS3E4dTVvWTVoZHJMSlNYTHMKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDVjM1JmclgxQThKcU1XQWptWmN0MjlKU1NvMEpwMnYyd3Y4czBT
RTVkQ0UKc0pOYkRxZldsWnloQnBYMWk1eFU0M3R5SkZVTUYyaldIcENONE1PWVJv
NAotLS0gclZDQndaREZpZ2Z0R0d0alBPeW1tZFVOVHhSaHNlQTRXdTRoZmFDUFFK
SQqueOUzTFuhSryWW4Do+NAUcq2YdOtN8gmP5Zcp1oMe/9+JIs6Upjsc3eWn+dSA
7QwbGlTyd6D0+PLJxHA18Xfgpj5owGeTDtwykFPgdO1BjE8C3KlgzUfN
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1TWhO
N1k5bFFvODkwdzRGcGtFL2YzRkJDUjVSbUVFeXBOTExpK29uU2drCjN2cS9GZjJW
RGxrMlQzK3ZGVWU4L2M0M1d4cXJrOTNrcDhsdWUyRGt5N1EKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RICtoM2V3UjZ1cnVFN09pZ1Y0azYraENoWlN2ajRUeHRLZVlVd0Yw
T29BRW8Kb2ltQlpJZ1JUTkd6Wk14ZkFIdDliQ1JOMHMvVzhwaGkyMkl6ajFrYVNv
MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgNThPSW91di91SWxtbTRpQVJwek94VGJV
UERvS2tITHF0SXVlVFEyLzJTMApuYjdsWndDd01mUk5LbXJWTkd6UEt3eFkvMk40
VDBpZmk0bUkxNTBWMzlrCi0tLSBiVFpxcjd4ZkZ6YittMDBBT25rOFlrcEpTdXg1
d2Y5TkdwZ25sRFN0ZjVzCj8h/4aeASCnUoK7Sc6LsY9ur3krKlF+3GMMvlLiRqsi
COBx+YbkwR0EfrxhLZ6DLHhM/t2jnWAMMzDK2a4volvQkdORLiRo3sfjR5kSy5N5
Ml3lFlXKxYQ=
-----END AGE ENCRYPTED FILE-----

20
private/vaultwarden.age
View File

@ -1,11 +1,13 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqNm0x
YVc0bXp6eldNdkp1QWk2cEI0WFBhVVd3cHhDODNwMS9UUTBPN25JCmxXZnRIcFZr
SFJrQnI3R1BTUk1BcVl3RjlUaXMzSXpqaGdTMi9reno1eHcKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIFlKWCtsWGtWdTI4L0ZFTVRHNFN5by9vTE95MXFoMVZGYlYrM1I2
alREaE0Kd251SGRDdE96VmZqblhEWXFkZDhvRUZsZ1pnZ3NqdEdJSlBvaXhoOHVB
WQotLS0gaGJNRm14SkdXcTFmYlJUell1WUZUeEllT3ZwMkNaejF3eWJ5U1ZSdno1
MAqQIT8vvUro+C+avm6lCPfrX9yigKzx/gtKfMB//1Ie7BUo1+o5iYoA+R0luMU8
/zVX1yGAzDPqas/HfYclIPg3bdjm2dnpz0ltOrOvjA4x3nEzzrmS96zo3Fy1d8oX
oAMw2l/p2QDHI60cyhvC
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBLemo1
TXRJdkYxR1RBcFdrVEthRUI1UEtWbm5LUlRKYVpOTUIyZjY2YlhJCmkzbEdmZFFN
MzBFQkN3ME9FcjdCOTN4T3ZlcWg1NEIydjZQQm93VURvcVEKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDNjMXpObEhuTWg5bitFL2VjUGtTcjhIMDYzeVFpQ0tpUnRRV3pJ
SGRwRzgKRkpzdzJsZ3N4dnhSaGplN0ZjQ1dpY0xOZHZyU0NON1NEbDc5MmtMKzhL
ZwotPiBzc2gtZWQyNTUxOSBuanZYNUEgaEFrMTZYNndKVWg0OTFtOVJyVTFPbjJJ
RHJwU0JsclUrSms5ckMyZTdoYwpmV3dlZFY4MEFYSEhoQnpic0NEd2xxOENIRTBt
MWs4RVNFUnIyTnNWUDRNCi0tLSAvT2ZPektwL2djUlNQdy9tek9hL3JmekJOc28z
NzU3cDR6TUxod0I5ODdZCnxOYrlDTdi8Y+m5PRxAYgS3u2cC1YlfXi5TZo1LIEjv
UxWwPwn8JAF9CYB1o8e6p/w+yMcUfr+2UHWo0GqLqye8VCGy7Vzk2S3tOCZJv+k9
+kQtMva6CND8gBZIIJ3aXoYshT4sLWfx+BAkxPQ=
-----END AGE ENCRYPTED FILE-----

18
private/wireguard.age
View File

@ -1,10 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBOOXNm
VG5EMHhEU2JLbkYyY1VXdXZJd2VxSEVXUjZaaURnU254QUVzUENzCnhnV21oRFNY
NGpMeXlqdDlYRmltN1cxTlJ3eWFTVElpK0ZBalA3QVFoL2MKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIDk3TVhDVVBjQU5XNjVTbkxKdUNEU25uZXREeEpHcTF4STg4VXR1
V2xzRTQKZTBXZUQrbjIwTDEwOEc3MktpQzBjTzhjS3lTNTJ0TEMyMVBOODQ0N0lt
OAotLS0gODA2L2FpSmxiWDAyM1IvM2Q4U2QrNmRkVjl1bFhURW5sNCtWZ2tiMnZU
YwoC0chavNt+a/AImm/7bNheZIPghrobp9g+ga+UpRWBtM2snpkyFZrBR0qAkw/f
3krp5Rrco7IOlEwWx96UzvAUpKlC7CdVI1MFa76ZUg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyBqamNI
eGQ3Ty9td3owQWNyOXMrM1ZTQ1dSOVc0dEZ6UlplY0ZDQlV4MG1NCmQ1eUpTdURs
YkhsNnF5djkwdWRlcms4SFEyaTdFUFZ2WFpTaVRPRy8zam8KLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIHBTWEkyekhRQ1RqWnVpM2FQVGVqQzZyVFpuL0liZU9UUHl4dVpr
dno5UjgKbFZxL0xXTWZwYU0wWjNhYm9NZzVCRWhER2N6eWUySjV4N0c3Z3V4S2o2
NAotPiBzc2gtZWQyNTUxOSBuanZYNUEgeDNtdjZvQkVGZXZsUFhkd3ZnWkNYaTdr
ZlFuR2RrNTVZNWh4WUY2cTh6OApEYTBwcGlvQ0xVazIzUjBBT2VuWGczRkRyM0d2
YmdoMVRPMFh5NVBwb3RFCi0tLSBjaXVreU1LYjNvOVVZeTlTRldyWE02Rzc1V2xN
N082QUtDNXM2bEpRMlpjCp6Qtp6EN1L1V/mLp48M6uymwPmGjR1pAloYXDhXSiab
uz9LLBvB8qVp15/724DTLg6Mi72LVYiHZ+zQ3IB8kv7gjhMMryfFJSPErZfY
-----END AGE ENCRYPTED FILE-----

5
public-keys
View File

@ -1,4 +1,5 @@
# Scan hosts: ssh-keyscan -t ed25519 <hostnames>
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s noah
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI oracle.masu.rs
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB+AbmjGEwITk5CK9y7+Rg27Fokgj9QEjgc9wST6MA3s tempest
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHVknmPi7sG6ES0G0jcsvebzKGWWaMfJTYgvOue6EULI flame
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ9mwXlZnIALt9SnH3FOZvdgHLM5ZqwYUERXBbM7Rwh6 swan