cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: cilly:master
Branches Tags
cilly:master
cilly:feat/immich
cilly:feat/restic
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2
..
compare: cilly:staging_auto/20260312
Branches Tags
cilly:feat/immich
cilly:feat/restic
cilly:master
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2

2 commits
master ... staging_au

Author SHA1 Message Date
github-actions[bot]
139cd6f5c0 packages/linux-lava: bump to 6.19.6 2026-03-12 02:33:08 +00:00
github-actions[bot]
28965dd837 flake: bump inputs 2026-03-12 02:33:06 +00:00
92 changed files with 552 additions and 2093 deletions
Download patch file Download diff file Expand all files Collapse all files

47
containers/amethyst/configuration.nix
View file

@ -1,47 +0,0 @@
{ lib, pkgs, ... }: {
system.stateVersion = "23.11";
systemd.tmpfiles.rules = [
"d /persist/transmission 755 transmission transmission"
"d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
"d /persist/transmission/.incomplete 750 transmission transmission"
"d /persist/transmission/Downloads 755 transmission transmission"
"d /persist/transmission/watchdir 755 transmission transmission"
];
networking.wg-quick.interfaces.wg0 = {
configFile = "/persist/vpn.conf";
preUp = ''
# Try to access the DNS for up to 300s
for i in {1..60}; do
${pkgs.iputils}/bin/ping -c1 'google.com' && break
echo "Attempt $i: DNS still not available"
sleep 5s
done
'';
};
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.transmission = {
enable = true;
package = pkgs.transmission_4;
downloadDirPermissions = "775";
openFirewall = true;
home = "/persist/transmission";
settings = {
ratio-limit-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-port = 9091;
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
};
};
}

27
containers/amethyst/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/amethyst/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "amethyst";
fqdn = "amethyst.lava.moe";
subnet = "1";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
#locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
hostAddress6 = "fd0d:1::${subnet}:1";
localAddress6 = "fd0d:1::${subnet}:2";
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/beryllium/configuration.nix
View file

@ -1,23 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/private" = {
device = "/persist";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 6167 ];
networking.firewall.allowedUDPPorts = [ 6167 ];
# TODO: this should be generically set
networking.useHostResolvConf = false;
networking.nameservers = [ "8.8.8.8" ];
services.matrix-continuwuity = {
enable = true;
settings.global = {
# TODO: link this with outer container's address
address = [ "10.30.2.2" ];
server_name = "lava.moe";
rocksdb_recovery_mode = 2;
};
};
}

27
containers/beryllium/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

69
containers/beryllium/flake.nix
View file

@ -1,69 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "beryllium";
fqdn = "beryllium.lava.moe";
subnet = "2";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".extraConfig = "return 302 'https://lava.moe';";
locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
};
services.nginx.virtualHosts."lava.moe" = {
locations."= /.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
# "m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
};
};
};
}

53
containers/citrine/configuration.nix
View file

@ -1,53 +0,0 @@
{ config, fqdn, lib, ... }: {
system.stateVersion = "25.11";
networking.firewall.allowedTCPPorts = [ 22 3000 ];
networking.firewall.allowedUDPPorts = [ 22 3000 ];
systemd.tmpfiles.rules = [
"L+ /persist/forgejo/custom/templates - - - - ${./templates}"
];
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
DEFAULT.APP_NAME = "cilly's botanical laboratory";
server = {
DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_DOMAIN = "git.lava.moe";
SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256";
};
ui = lib.mkForce {
DEFAULT_THEME = "catppuccin-maroon-auto";
THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [
"catppuccin-pink"
"catppuccin-maroon"
"catppuccin-flamingo"
"catppuccin-rosewater"
"forgejo"
"gitea"
];
};
api.ENABLE_SWAGGER = false;
other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
repository.ENABLE_PUSH_CREATE_USER = true;
repository.ENABLE_PUSH_CREATE_ORG = true;
service.DISABLE_REGISTRATION = true;
};
stateDir = "/persist/forgejo";
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
PrivateUsers = lib.mkForce false;
};
catppuccin.forgejo.enable = true;
environment.systemPackages = [ config.services.forgejo.package ];
}

62
containers/citrine/flake.lock generated
View file

@ -1,62 +0,0 @@
{
"nodes": {
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773403535,
"narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
"owner": "catppuccin",
"repo": "nix",
"rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1773122722,
"narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

68
containers/citrine/flake.nix
View file

@ -1,68 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
catppuccin.url = "github:catppuccin/nix";
};
outputs = { nixpkgs, catppuccin, ... }:
let
name = "citrine";
fqdn = "lab.lava.moe";
subnetId = "3";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
catppuccin.nixosModules.catppuccin
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:3000";
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

31
containers/citrine/templates/base/footer_content.tmpl
View file

@ -1,31 +0,0 @@
<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
<div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
{{if ShowFooterPoweredBy}}
<a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
{{end}}
{{if (or .ShowFooterVersion .PageIsAdmin)}}
{{if .IsAdmin}}
<a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
{{else}}
{{AppVerNoMetadata}}
{{end}}
{{end}}
{{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
{{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
{{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
{{end}}
</div>
<div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
<div class="ui dropdown upward language">
<span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
<div class="menu language-menu">
{{range .AllLangs}}
<a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
{{end}}
</div>
</div>
<a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
{{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
{{template "custom/extra_links_footer" .}}
</div>
</footer>

19
containers/citrine/templates/home.tmpl
View file

@ -1,19 +0,0 @@
{{template "base/head" .}}
{{if not .IsSigned}}
<script>window.location.href = "/explore/repos";</script>
{{end}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
<div class="center">
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppDisplayName}}
</h1>
<h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
</div>
</div>
</div>
{{template "home_forgejo" .}}
</div>
{{template "base/footer" .}}

22
containers/diamond/configuration.nix
View file

@ -1,22 +0,0 @@
{ fqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/vaultwarden 755 vaultwarden vaultwarden"
];
fileSystems."/var/lib/vaultwarden" = {
device = "/persist/vaultwarden";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 8000 ];
networking.firewall.allowedUDPPorts = [ 8000 ];
services.vaultwarden = {
enable = true;
domain = fqdn;
config = {
DOMAIN = "https://${fqdn}";
ROCKET_ADDRESS = "::";
};
};
}

27
containers/diamond/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/diamond/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "diamond";
fqdn = "astransia.lava.moe";
subnetId = "4";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
modules = [
./configuration.nix
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:8000";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/emerald/configuration.nix
View file

@ -1,23 +0,0 @@
{ fqdn, shareFqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/navidrome 755 navidrome navidrome"
];
networking.firewall.allowedTCPPorts = [ 4533 ];
networking.firewall.allowedUDPPorts = [ 4533 ];
services.navidrome = {
enable = true;
environmentFile = "/binds/navidrome_env";
settings = {
Port = 4533;
Address = "[::]";
BaseUrl = "https://${fqdn}/";
ShareURL = "https://${shareFqdn}";
EnableSharing = true;
DataFolder = "/persist/navidrome";
MusicFolder = "/binds/music/main";
};
};
systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
}

27
containers/emerald/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

78
containers/emerald/flake.nix
View file

@ -1,78 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "emerald";
fqdn = "navia.lava.moe";
shareFqdn = "muse.lava.moe";
subnetId = "5";
subnet = x: "fd0d:2::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.32.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:4533";
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn shareFqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/flower/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."navidrome_env" = {
hostPath = config.age.secrets.navidrome_env.path;
mountPoint = "/binds/navidrome_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

22
containers/fluorite/configuration.nix
View file

@ -1,22 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/slskd/Downloads 755 slskd slskd"
];
fileSystems."/var/lib/slskd" = {
device = "/persist/slskd";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 5030 50300 ];
networking.firewall.allowedUDPPorts = [ 5030 50300 ];
services.slskd = {
enable = true;
domain = null;
environmentFile = "/binds/slskd_env";
settings = {
shares.directories = [ "/binds/music/" ];
};
};
}

27
containers/fluorite/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

89
containers/fluorite/flake.nix
View file

@ -1,89 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "fluorite";
fqdn = "fluorite.lava.moe";
subnetId = "6";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
networking.firewall.allowedTCPPorts = [ 50300 ];
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:5030";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
"d /persist/media/music 075 nobody users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
forwardPorts = [
{
containerPort = 50300;
hostPort = 50300;
protocol = "tcp";
}
];
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/persist/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."slskd_env" = {
hostPath = config.age.secrets.slskd_env.path;
mountPoint = "/binds/slskd_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

36
containers/garnet/configuration.nix
View file

@ -1,36 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/opencloud" = {
device = "/flower/data";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/etc/opencloud" = {
device = "/persist/cfg";
fsType = "none";
options = [ "bind" ];
};
# TODO: hardcoded address
networking.extraHosts = ''
100.67.2.1 cloud.lava.moe
'';
networking.firewall.allowedTCPPorts = [ 9200 ];
networking.firewall.allowedUDPPorts = [ 9200 ];
environment.etc."opencloud-admin-pass".text = ''
IDM_ADMIN_PASSWORD=supersillysecure
'';
services.opencloud = {
enable = true;
url = "https://cloud.lava.moe";
address = "10.30.7.2";
port = 9200;
environment = {
PROXY_TLS = "false";
IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
IDP_ID_TOKEN_EXPIRATION = "2592000";
};
environmentFile = "/etc/opencloud-admin-pass";
};
}

27
containers/garnet/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

84
containers/garnet/flake.nix
View file

@ -1,84 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "garnet";
fqdn = "cloud.lava.moe";
subnetId = "7";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/" = {
proxyPass = "http://${client4}:9200";
proxyWebsockets = true;
};
extraConfig = ''
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
keepalive_requests 100000;
keepalive_timeout 5m;
http2_max_concurrent_streams 512;
'';
# TODO: hardcoded address
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."content" = {
hostPath = "/flower/opencloud";
mountPoint = "/flower";
isReadOnly = false;
};
};
};
};
}

601
flake.lock generated
View file

@ -7,11 +7,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1779903856,
"narHash": "sha256-uRShMtD6xW3ZKZbCQ6sDzKWEnbBXUg3IGfOARYogKhg=",
"lastModified": 1772290697,
"narHash": "sha256-MyLNx13P+pv1RszO1rMd3144NEeU/oU4iL+xOTpRoaU=",
"owner": "ezKEa",
"repo": "aagl-gtk-on-nix",
"rev": "50671fc7f29d686f63ef34b603320d44ad7f2d29",
"rev": "dcb53a4cb4cb09ef7f08328428ba559be5b9f01b",
"type": "github"
},
"original": {
@ -43,131 +43,41 @@
"type": "github"
}
},
"c-amethyst": {
"inputs": {
"nixpkgs": "nixpkgs_2"
},
"locked": {
"path": "./containers/amethyst",
"type": "path"
},
"original": {
"path": "./containers/amethyst",
"type": "path"
},
"parent": []
},
"c-beryllium": {
"inputs": {
"nixpkgs": "nixpkgs_3"
},
"locked": {
"path": "./containers/beryllium",
"type": "path"
},
"original": {
"path": "./containers/beryllium",
"type": "path"
},
"parent": []
},
"c-citrine": {
"inputs": {
"catppuccin": "catppuccin",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"path": "./containers/citrine",
"type": "path"
},
"original": {
"path": "./containers/citrine",
"type": "path"
},
"parent": []
},
"c-diamond": {
"inputs": {
"nixpkgs": "nixpkgs_6"
},
"locked": {
"path": "./containers/diamond",
"type": "path"
},
"original": {
"path": "./containers/diamond",
"type": "path"
},
"parent": []
},
"c-emerald": {
"inputs": {
"nixpkgs": "nixpkgs_7"
},
"locked": {
"path": "./containers/emerald",
"type": "path"
},
"original": {
"path": "./containers/emerald",
"type": "path"
},
"parent": []
},
"c-fluorite": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"path": "./containers/fluorite",
"type": "path"
},
"original": {
"path": "./containers/fluorite",
"type": "path"
},
"parent": []
},
"c-garnet": {
"inputs": {
"nixpkgs": "nixpkgs_9"
},
"locked": {
"path": "./containers/garnet",
"type": "path"
},
"original": {
"path": "./containers/garnet",
"type": "path"
},
"parent": []
},
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs_4"
"catppuccin-v1_1": "catppuccin-v1_1",
"catppuccin-v1_2": "catppuccin-v1_2",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable",
"nuscht-search": "nuscht-search"
},
"locked": {
"lastModified": 1773403535,
"narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
"lastModified": 1736069220,
"narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
"owner": "catppuccin",
"repo": "nix",
"rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
"rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
"type": "github"
}
},
"catppuccin-palette": {
"flake": false,
"locked": {
"lastModified": 1774131488,
"narHash": "sha256-hsy+GhuM4MSjnwGq1YJSLBFIbVm67SSdPRgObP00mxw=",
"lastModified": 1742245182,
"narHash": "sha256-R52Q1FVAclvBk7xNgj/Jl+GPCIbORNf6YbJ1nxH3Gzs=",
"owner": "catppuccin",
"repo": "palette",
"rev": "07d02aa110ef9eb7e7427afca5c73ba9cf7f8ebd",
"rev": "0df7db6fe201b437d91e7288fa22807bb0e44701",
"type": "github"
},
"original": {
@ -204,33 +114,6 @@
"url": "https://flakehub.com/f/catppuccin/nix/1.2.%2A.tar.gz"
}
},
"catppuccin_2": {
"inputs": {
"catppuccin-v1_1": "catppuccin-v1_1",
"catppuccin-v1_2": "catppuccin-v1_2",
"home-manager": "home-manager_2",
"home-manager-stable": "home-manager-stable",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable",
"nuscht-search": "nuscht-search"
},
"locked": {
"lastModified": 1736069220,
"narHash": "sha256-76MaB3COao55nlhWmSmq9PKgu2iGIs54C1cAE0E5J6Y=",
"owner": "catppuccin",
"repo": "nix",
"rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"rev": "8eada392fd6571a747e1c5fc358dd61c14c8704e",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -309,11 +192,11 @@
]
},
"locked": {
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
@ -327,11 +210,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
@ -358,42 +241,6 @@
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"git-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
@ -404,11 +251,11 @@
]
},
"locked": {
"lastModified": 1778507602,
"narHash": "sha256-kTwur1wV+01SdqskVMSo6JMEpg71ps3HpbFY2GsflKs=",
"lastModified": 1772893680,
"narHash": "sha256-JDqZMgxUTCq85ObSaFw0HhE+lvdOre1lx9iI6vYyOEs=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "61ab0e80d9c7ab14c256b5b453d8b3fb0189ba0a",
"rev": "8baab586afc9c9b57645a734c820e4ac0a604af9",
"type": "github"
},
"original": {
@ -482,6 +329,27 @@
"type": "github"
}
},
"home-manager-stable_2": {
"inputs": {
"nixpkgs": [
"nixpkgs-stable"
]
},
"locked": {
"lastModified": 1763992789,
"narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
@ -510,11 +378,11 @@
]
},
"locked": {
"lastModified": 1779969295,
"narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=",
"lastModified": 1773264496,
"narHash": "sha256-uwFY0+UfaGEo6205ixeBjplZxHWr56UQef+MtmJ0PW0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "61e2c9659324181e0f0ed911958c536333b1d4f6",
"rev": "32f78141a98098efed490842923b25ecb93b9b9f",
"type": "github"
},
"original": {
@ -554,11 +422,11 @@
"linux-tkg": {
"flake": false,
"locked": {
"lastModified": 1779857514,
"narHash": "sha256-dCrVB3cFvv1d/9wuEejYN131b1phyf6SDy1bcEvtWGo=",
"lastModified": 1773198393,
"narHash": "sha256-2MlldCNfuXXFrNryv0Bgae5FuSPCkcoPBomr5LKuRSw=",
"owner": "Frogging-Family",
"repo": "linux-tkg",
"rev": "c9196dea7ee464f7792f94cd39c32431ad9e25ab",
"rev": "fa33c3ddc3e79f647f934d9b38fdb1f6157b4ccb",
"type": "github"
},
"original": {
@ -576,11 +444,11 @@
]
},
"locked": {
"lastModified": 1780013080,
"narHash": "sha256-m984DKbcIeNNuLYFjN3780rPEd55Xe9/cB4BNKkIDvg=",
"lastModified": 1773273897,
"narHash": "sha256-S6r4raWL96DNO8nPP2whq8STG8SI8JDlyEuy1N6SvV8=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "c6cc238427db8f61b786a66d7e02cf7724b30226",
"rev": "f165d4768ca760f4c98b63286562b6fa79a8b114",
"type": "github"
},
"original": {
@ -592,11 +460,11 @@
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1779979065,
"narHash": "sha256-3uF/oP2D4Jka3DU2G8qqml75UOzPRrK+FIp+jghOq0s=",
"lastModified": 1773273300,
"narHash": "sha256-PzRI/GS7+4wz+dgqWq4X2biKtJc8WgUqS6jWk0fXmlM=",
"owner": "neovim",
"repo": "neovim",
"rev": "5d85669a33e10f1f156b086562458cbbc8054438",
"rev": "99a0b2f7b86d447af752ee7436dd5fd69fc6a101",
"type": "github"
},
"original": {
@ -609,14 +477,14 @@
"inputs": {
"flake-parts": "flake-parts_2",
"git-hooks": "git-hooks",
"nixpkgs": "nixpkgs_10"
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1779768228,
"narHash": "sha256-/dRavNAx/Mp67xcQQ3JBIMyf0cLoXqKedafB1+wksAE=",
"lastModified": 1773196297,
"narHash": "sha256-3cTCid9mn1VwqZwxoIjh7NKlUhnsNZUuEn++AAjaWsk=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "6e7a8414c0f547a86646eb0b56ebf89e7cc217a2",
"rev": "283b7757411109bec421885dca788984c423d4af",
"type": "github"
},
"original": {
@ -625,33 +493,13 @@
"type": "github"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1779604987,
"narHash": "sha256-ZQ5z+fVhxYKtIFwtqGp5O0PD84BM1riASvqDaN5Xs+s=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "8fba98c80b48fa013820e0163c5096922fea4ddd",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1777268161,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"lastModified": 1770841267,
"narHash": "sha256-9xejG0KoqsoKEGp2kVbXRlEYtFFcDTHjidiuX8hGO44=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"rev": "ec7c70d12ce2fc37cb92aff673dcdca89d187bae",
"type": "github"
},
"original": {
@ -663,11 +511,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"lastModified": 1772328832,
"narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742",
"type": "github"
},
"original": {
@ -692,13 +540,29 @@
"type": "github"
}
},
"nixpkgs_10": {
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1779536132,
"narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=",
"lastModified": 1768649915,
"narHash": "sha256-jc21hKogFnxU7KXSVTRmxC7u5D4RHwm9BAvDf5/Z1Uo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456",
"rev": "3e3f3c7f9977dc123c23ee21e8085ed63daf8c37",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1744536153,
"narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11",
"type": "github"
},
"original": {
@ -708,157 +572,29 @@
"type": "github"
}
},
"nixpkgs_11": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_12": {
"locked": {
"lastModified": 1770019141,
"narHash": "sha256-VKS4ZLNx4PNrABoB0L8KUpc1fE7CLpQXQs985tGfaCU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cb369ef2efd432b3cdf8622b0ffc0a97a02f3137",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"lastModified": 1772736753,
"narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"rev": "917fec990948658ef1ccd07cef2a1ef060786846",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1773122722,
"narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
"lastModified": 1772963539,
"narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"rev": "9dcb002ca1690658be4a04645215baea8b95f31d",
"type": "github"
},
"original": {
@ -894,11 +630,11 @@
"nvim-treesitter": {
"flake": false,
"locked": {
"lastModified": 1775221900,
"narHash": "sha256-PQR6tFt4lCrAZNQG7BLMD1IiCKja9wDS1S4laGJf/HE=",
"lastModified": 1772878538,
"narHash": "sha256-C2LcXM+J+1aJ0RGsIXpRRkWbeqRN00kWWhfkyBqgY2M=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter",
"rev": "4916d6592ede8c07973490d9322f187e07dfefac",
"rev": "5cb05e1b0fa3c469958a2b26f36b3fe930af221c",
"type": "github"
},
"original": {
@ -907,57 +643,14 @@
"type": "github"
}
},
"pastel": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_12",
"pnpm2nix": "pnpm2nix"
},
"locked": {
"lastModified": 1775622883,
"narHash": "sha256-2+7uCRXn+tn4LVaO7hLKPaezdKPW6HGvTr00aO4Tcxs=",
"owner": "cillynder",
"repo": "pastel",
"rev": "46f6569d5ad41ec1256dbf999d21701f73d6077b",
"type": "github"
},
"original": {
"owner": "cillynder",
"repo": "pastel",
"type": "github"
}
},
"pnpm2nix": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": [
"pastel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717937937,
"narHash": "sha256-bKoHjG5P15vCVpDndIXFfoJC65XhrBPQ9GWcXtXNuDA=",
"owner": "wrvsrx",
"repo": "pnpm2nix-nzbr",
"rev": "a2d285ad5718cb202f45e98a4f839a5b2608c4b1",
"type": "github"
},
"original": {
"owner": "wrvsrx",
"ref": "adapt-to-v9",
"repo": "pnpm2nix-nzbr",
"type": "github"
}
},
"pure": {
"flake": false,
"locked": {
"lastModified": 1779255807,
"narHash": "sha256-UQ0hP3qJd4Qxiw1LXPdb9d0Dc4OSD3HJpgYzaCfujno=",
"lastModified": 1770811375,
"narHash": "sha256-Fhk4nlVPS09oh0coLsBnjrKncQGE6cUEynzDO2Skiq8=",
"owner": "sindresorhus",
"repo": "pure",
"rev": "cc0759a0de620f191510e2e2f9748194a605b54d",
"rev": "dbefd0dcafaa3ac7d7222ca50890d9d0c97f7ca2",
"type": "github"
},
"original": {
@ -970,24 +663,17 @@
"inputs": {
"aagl": "aagl",
"agenix": "agenix",
"c-amethyst": "c-amethyst",
"c-beryllium": "c-beryllium",
"c-citrine": "c-citrine",
"c-diamond": "c-diamond",
"c-emerald": "c-emerald",
"c-fluorite": "c-fluorite",
"c-garnet": "c-garnet",
"catppuccin": "catppuccin_2",
"catppuccin": "catppuccin",
"catppuccin-palette": "catppuccin-palette",
"fast-syntax-highlighting": "fast-syntax-highlighting",
"home-manager": "home-manager_3",
"home-manager-stable": "home-manager-stable_2",
"linux-tkg": "linux-tkg",
"neovim-nightly": "neovim-nightly",
"nix-gaming": "nix-gaming",
"nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_11",
"nixpkgs": "nixpkgs_4",
"nixpkgs-stable": "nixpkgs-stable_2",
"nvim-treesitter": "nvim-treesitter",
"pastel": "pastel",
"pure": "pure",
"spicetify-nix": "spicetify-nix",
"spotify-adblock": "spotify-adblock",
@ -1001,17 +687,14 @@
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"aagl",
"nixpkgs"
]
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1777605393,
"narHash": "sha256-Hjp0VOOHgHcTrX23iVvnfAudPcuCmfkfpQNFwv2v/ks=",
"lastModified": 1770952264,
"narHash": "sha256-CjymNrJZWBtpavyuTkfPVPaZkwzIzGaf0E/3WgcwM14=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ff88db34cfa486fc4964a6991cab1678d82eee8c",
"rev": "ec6a3d5cdf14bb5a1dd03652bd3f6351004d2188",
"type": "github"
},
"original": {
@ -1025,14 +708,14 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_5"
"systems": "systems_3"
},
"locked": {
"lastModified": 1779824049,
"narHash": "sha256-dWHVUjP03KSVG1PaLKA6j9EdxWSxSQvipMUIcSyuA/U=",
"lastModified": 1773161309,
"narHash": "sha256-k2Un0blYBeoN8mB5HO4rqCKISb427IWy0fzCdCUIcio=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "1362178e5f5f7a848c49fe9dee004ef8824f100a",
"rev": "61df7293cf732c7b66cce7f8b46f7017e721a6cd",
"type": "github"
},
"original": {
@ -1044,11 +727,11 @@
"spotify-adblock": {
"flake": false,
"locked": {
"lastModified": 1773417310,
"lastModified": 1739206126,
"narHash": "sha256-nwiX2wCZBKRTNPhmrurWQWISQdxgomdNwcIKG2kSQsE=",
"owner": "abba23",
"repo": "spotify-adblock",
"rev": "813d3451c53126bf1941baaf8dd37f1152c3f412",
"rev": "8e0312d6085a6e4f9afeb7c2457517a75e8b8f9d",
"type": "github"
},
"original": {
@ -1060,11 +743,11 @@
"stevenblack-hosts": {
"flake": false,
"locked": {
"lastModified": 1779976382,
"narHash": "sha256-wt5NGa4K8/vda669UYUmTUt+BR9X5fPnuTZFfQdpLYo=",
"lastModified": 1773239891,
"narHash": "sha256-oNmcZEOUg1AuCZ3jFtrfO+dOJ6DhwMMg/rgJ8fn7+bg=",
"owner": "StevenBlack",
"repo": "hosts",
"rev": "d3e838712512490260f051150e3573eeebecfadb",
"rev": "c5915141ac18f35a7d219ad6b48e453e65dd3acb",
"type": "github"
},
"original": {
@ -1118,36 +801,6 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tree-sitter-jsonc": {
"flake": false,
"locked": {
@ -1169,13 +822,13 @@
"locked": {
"lastModified": 1668017714,
"narHash": "sha256-ywy/7xeT6FHkF7lcs+stW1WPV+piE8ztSwcQ161iico=",
"owner": "cillynder",
"owner": "LavaDesu",
"repo": "lavadesu.github.io",
"rev": "4e30c50be520a0a1bbecf408f056e6aaf135df67",
"type": "github"
},
"original": {
"owner": "cillynder",
"owner": "LavaDesu",
"ref": "master",
"repo": "lavadesu.github.io",
"type": "github"
@ -1200,11 +853,11 @@
"zsh-abbr": {
"flake": false,
"locked": {
"lastModified": 1773890443,
"narHash": "sha256-SVuwDeHIBg8yArKGzDEfsG3fz0UwABQoJkyKTQAPUiw=",
"lastModified": 1770748719,
"narHash": "sha256-RvdMEk1bQ/mCbcTneg8mMJJh6j60km0/wchBBQQ+Ugo=",
"ref": "refs/heads/main",
"rev": "889f4772c12b9dbe4965bbd56f2572af0a28fa3b",
"revCount": 1139,
"rev": "2de4a08c5e0d9dbe8447e11e0a177b59b5b6d6ea",
"revCount": 1137,
"submodules": true,
"type": "git",
"url": "https://github.com/olets/zsh-abbr"

24
flake.nix
View file

@ -4,6 +4,10 @@
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs-stable.url = "github:NixOS/nixpkgs/release-25.05";
home-manager-stable.url = "github:nix-community/home-manager/release-25.05";
home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
aagl.url = "github:ezKEa/aagl-gtk-on-nix";
@ -14,15 +18,12 @@
neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
nix-gaming.url = "github:fufexan/nix-gaming";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix";
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# services
pastel.url = "github:cillynder/pastel";
stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; };
website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; };
website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
# zsh plugins
zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; };
@ -36,18 +37,9 @@
spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
# containers
c-amethyst.url = "path:./containers/amethyst";
c-beryllium.url = "path:./containers/beryllium";
c-citrine.url = "path:./containers/citrine";
c-diamond.url = "path:./containers/diamond";
c-emerald.url = "path:./containers/emerald";
c-fluorite.url = "path:./containers/fluorite";
c-garnet.url = "path:./containers/garnet";
};
outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs:
outputs = { self, agenix, catppuccin, nixpkgs, nixpkgs-stable, ... } @ inputs:
let
overlays = (import ./overlays)
++ [(final: prev: {
@ -81,9 +73,9 @@
};
in
{
nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" [];
nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" [];
nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" [];
nixosConfigurations."dandelion" = mkSystem nixpkgs-stable "dandelion" "aarch64-linux" [];
nixosConfigurations."hazel" = mkSystem nixpkgs-stable "hazel" "x86_64-linux" [];
nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" [];
packages."x86_64-linux" =

45
hosts/alyssum/default.nix
View file

@ -1,45 +0,0 @@
{ inputs, lib, modules, modulesPath, ... }: {
networking.hostName = "alyssum";
system.stateVersion = "25.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
passwd.file = ../../secrets/passwd.age;
navidrome_env.file = ../../secrets/navidrome_env.age;
wpa_conf = {
file = ../../secrets/wpa_conf.age;
path = "/etc/wpa_supplicant/imperative.conf";
symlink = false;
};
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
base
kernel
nix-stable
packages
security
tailscale
modules.services.nginx
modules.services.syncthing
inputs.c-emerald.nixosModule
inputs.c-garnet.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./home.syncthing.nix
./samba.nix
../../users/hana
];
me.environment = "headless";
services.syncthing.user = lib.mkForce "hana";
}

35
hosts/alyssum/filesystem.nix
View file

@ -1,35 +0,0 @@
{ ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "alyssum";
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
"/boot" = mkLabelMount "stem" "vfat";
"/flower" = mkBtrfsMount "myosotis" "/@" true;
"/nix" = submount "/@/nix" false;
"/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
"/persist/.snapshots" = submount "/snap/persist" false;
"/var/log/journal" = bind "/persist/journal";
};
}

39
hosts/alyssum/home.syncthing.nix
View file

@ -1,39 +0,0 @@
{ config, lib, ... }:
let
configOn = user: port: {
me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
linger = true;
};
home-manager.users.${user} = { ... }: {
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "26.05";
};
services.syncthing = {
enable = true;
guiAddress = "[::]:${toString port}";
overrideDevices = false;
overrideFolders = false;
settings = {
options.listenAddresses = [
"tcp://0.0.0.0:2${toString port}"
"quic://0.0.0.0:2${toString port}"
"dynamic+https://relays.syncthing.net/endpoint"
];
defaults.folder.path = "/flower/syncthing/${user}";
};
};
};
};
in lib.mkMerge [
(configOn "kujira" 8385)
(configOn "cilly" 8386)
]

12
hosts/alyssum/kernel.nix
View file

@ -1,12 +0,0 @@
{ config, lib, ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
};
hardware.cpu.amd.updateMicrocode = true;
}

15
hosts/alyssum/networking.nix
View file

@ -1,15 +0,0 @@
{ config, ... }: {
networking = {
useDHCP = true;
wireless.enable = true;
interfaces.wlp1s0.useDHCP = false;
interfaces.wlp1s0.ipv4.addresses = [{
address = "192.168.1.167";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "8.8.8.8" "8.8.4.4" ];
};
}

14
hosts/alyssum/packages.nix
View file

@ -1,14 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
git
htop
jq
neovim
rsync
sshfs
wget
kitty.terminfo
];
environment.variables.EDITOR = "nvim";
}

84
hosts/alyssum/samba.nix
View file

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
let
configOn = user: let
passwd_fname = "passwd_smb${user}";
in {
age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
};
system.activationScripts = {
init_smbpasswd.text = let
smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
in ''
printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
'';
};
services.samba.settings."${user}" = {
"path" = "/flower/smb/${user}";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = user;
"force group" = "users";
"valid users" = user;
};
};
in lib.mkMerge [
(configOn "cilly")
(configOn "kujira")
{
me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
networking.firewall.allowPing = true;
services.samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
settings = {
global = {
"server smb encrypt" = "required";
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/flower/smb/public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "hana";
"force group" = "users";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish.enable = true;
publish.userServices = true;
};
}
]

1
hosts/anemone/default.nix
View file

@ -28,7 +28,6 @@
printing
security
snapper
tailscale
wireguard
./filesystem.nix

17
hosts/anemone/networking.nix
View file

@ -1,4 +1,19 @@
{ config, ... }: {
networking.wireless.iwd.enable = true;
networking = {
#nameservers = [ "8.8.8.8" "8.8.4.4" ];
#wg-quick.interfaces.wg0.configFile = "/persist/vpn.conf";
wireless.enableHardening = false;
networkmanager = {
enable = true;
#dns = "none";
};
extraHosts = ''
192.168.100.16 hyacinth
'';
};
environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections";
}

16
hosts/dandelion/default.nix
View file

@ -1,41 +1,33 @@
{ inputs, modules, modulesPath, ... }: {
{ modules, modulesPath, ... }: {
networking.hostName = "dandelion";
system.stateVersion = "23.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
slskd_env.file = ../../secrets/slskd_env.age;
wg_dandelion.file = ../../secrets/wg_dandelion.age;
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
home-manager-stable
base
kernel
nix-stable
packages
security
tailscale
wireguard
modules.services.banksia
modules.services.nginx
modules.services.postgres
modules.services.unbound
modules.services.website
inputs.c-amethyst.nixosModule
inputs.c-beryllium.nixosModule
inputs.c-citrine.nixosModule
inputs.c-diamond.nixosModule
inputs.c-fluorite.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./nginx.nix
./transmission-container.nix
../../users/hana
];

2
hosts/dandelion/filesystem.nix
View file

@ -22,7 +22,7 @@ in {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=6G" "mode=755" ];
options = [ "defaults" "size=12G" "mode=755" ];
};
"/boot" = mkLabelMount "UEFI" "vfat";

1
hosts/dandelion/networking.nix
View file

@ -1,4 +1,3 @@
{ ... }: {
networking.useDHCP = true;
networking.interfaces.enp2s0.useDHCP = false;
}

8
hosts/dandelion/nginx.nix
View file

@ -1,8 +0,0 @@
{ ... }: {
services.nginx.virtualHosts."muse.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "404";
locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
};
}

68
hosts/dandelion/transmission-container.nix Normal file
View file

@ -0,0 +1,68 @@
{ lib, modules, pkgs, gcSecrets, ... }: {
networking.nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "enp0s6";
};
networking.firewall = {
extraCommands = ''
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE
'';
extraStopCommands = ''
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -d 10.25.0.11 -p tcp -m tcp --dport 9091 -j MASQUERADE || true
'';
};
services.nginx.virtualHosts."tr.dandelion.gw.lava.moe" = {
locations."/".proxyPass = "http://10.25.0.11:9091";
};
containers.transmission = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.25.0.10";
localAddress = "10.25.0.11";
bindMounts."vpn" = {
hostPath = "/persist/aus.conf";
mountPoint = "/vpn.conf";
isReadOnly = true;
};
bindMounts."transmission" = {
hostPath = "/persist/transmission";
mountPoint = "/persist/transmission";
isReadOnly = false;
};
config = {
system.stateVersion = "23.11";
networking.wg-quick.interfaces.wg0 = {
configFile = "/vpn.conf";
preUp = ''
# Try to access the DNS for up to 300s
for i in {1..60}; do
${pkgs.iputils}/bin/ping -c1 'google.com' && break
echo "Attempt $i: DNS still not available"
sleep 5s
done
'';
};
networking.firewall.enable = false;
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
imports = [ modules.services.transmission ];
services.transmission.settings = {
rpc-host-whitelist-enabled = false;
rpc-whitelist = lib.mkForce "10.100.0.*,10.0.0.*,10.25.0.*,192.168.100.*";
rpc-username = gcSecrets.transmission.username;
rpc-password = gcSecrets.transmission.password;
};
};
};
}

95
hosts/hazel/default.nix Normal file
View file

@ -0,0 +1,95 @@
{ config, modules, pkgs, ... }:
let
dirs = [
["immich" "immich"]
["nextcloud" "nextcloud"]
["postgresql" "postgres"]
["redis-immich" "redis-immich"]
];
rules = builtins.map (d: "d /flower/${builtins.elemAt d 0} 750 ${builtins.elemAt d 1} ${builtins.elemAt d 1}") dirs;
mounts = builtins.listToAttrs (builtins.map (d: {
name = "/var/lib/${builtins.elemAt d 0}";
value = {
depends = [ "/flower" ];
device = "/flower/${builtins.elemAt d 0}";
fsType = "none";
options = [ "bind" ];
};
}) dirs);
in
{
networking.hostName = "hazel";
system.stateVersion = "24.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
wg_hazel.file = ../../secrets/wg_hazel.age;
};
imports = with modules.system; with modules.services; [
home-manager-stable
base
kernel
nix-stable
packages
security
nginx
unbound
wireguard
./filesystem.nix
./kernel.nix
./networking.nix
../../users/hana
];
me.environment = "headless";
services.nextcloud = {
enable = true;
package = pkgs.nextcloud31;
hostName = "cloud.lava.moe";
database.createLocally = true;
config = {
dbtype = "pgsql";
adminpassFile = "/persist/nextcloud-admin-pass";
};
https = true;
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
services.immich = {
enable = true;
port = 2283;
};
users.users.immich.extraGroups = [ "video" "render" ];
hardware.graphics.enable = true;
services.nginx.virtualHosts."photos.lava.moe" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://[::1]:${toString config.services.immich.port}";
proxyWebsockets = true;
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
proxy_read_timeout 600s;
proxy_send_timeout 600s;
send_timeout 600s;
'';
};
};
systemd.tmpfiles.rules = rules;
fileSystems = mounts;
}

53
hosts/hazel/filesystem.nix Normal file
View file

@ -0,0 +1,53 @@
{ ... }:
let
mkLabelMount = label: type: options: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" ] ++ options;
};
mkBtrfsMount = name: ext: subvol: atime: mkLabelMount name "btrfs"
([
"autodefrag"
"compress=zstd:4"
"compress-force=zstd:4"
"defaults"
"nossd"
"space_cache=v2"
"subvol=${subvol}"
(if atime then "relatime" else "noatime")
] ++ ext);
mkHazelMount = mkBtrfsMount "HAZEL" [];
in
{
boot.supportedFilesystems = [ "btrfs" ];
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "mode=755" ];
};
"/boot" = mkLabelMount "ROOT" "vfat" [];
"/flower" = mkHazelMount "/current/flower" true;
"/persist" = mkHazelMount "/current/persist" true;
"/var" = mkHazelMount "/current/var" true;
"/nix" = mkHazelMount "/current/nix" false;
"/mnt" = mkHazelMount "/" true;
};
services.snapper.cleanupInterval = "1h";
services.snapper.configs.flower = {
FSTYPE = "btrfs";
SUBVOLUME = "/mnt/current/flower";
TIMELINE_CLEANUP = true;
TIMELINE_CREATE = true;
TIMELINE_MIN_AGE = "1800";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "0";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
}

0
hosts/hazel/fs-decrypt.nix Normal file
View file

10
hosts/hazel/kernel.nix Normal file
View file

@ -0,0 +1,10 @@
{ ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
kernelModules = [ "kvm-amd" ];
};
}

15
hosts/hazel/networking.nix Normal file
View file

@ -0,0 +1,15 @@
{ gcSecrets, ... }: {
networking = {
useDHCP = true;
interfaces.enp8s0.ipv6.addresses = [
{
address = gcSecrets.hazel.ipv6Addr;
prefixLength = 64;
}
];
defaultGateway6 = {
address = "fe80::1";
interface = "enp8s0";
};
};
}

2
hosts/hyacinth/default.nix
View file

@ -18,7 +18,6 @@
bluetooth
ccache
corectrl
docker
flatpak
greetd
gui
@ -29,7 +28,6 @@
printing
security
snapper
tailscale
wireguard
modules.services.syncthing

1
hosts/hyacinth/packages.nix
View file

@ -1,6 +1,5 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
discord
jetbrains.idea
texliveFull
];

13
modules/binds.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ...}: {
imports = [ ./options.nix ];
fileSystems = lib.mapAttrs (dest: key: let
target = if (lib.strings.hasPrefix "/" key)
then key
else "/persist/binds/${key}";
in {
depends = [ "/persist" ];
device = target;
fsType = "none";
options = [ "bind" ];
}) config.me.binds;
}

5
modules/default.nix
View file

@ -14,10 +14,8 @@ let
}) paths
);
in {
binds = ./binds.nix;
options = ./options.nix;
services = mkAttrsFromPaths [
./services/banksia.nix
./services/jellyfin.nix
./services/nginx.nix
./services/postgres.nix
@ -42,6 +40,7 @@ in {
./system/greetd.nix
./system/gui.nix
./system/home-manager.nix
./system/home-manager-stable.nix
./system/input.nix
./system/kernel.nix
./system/nix.nix
@ -50,13 +49,11 @@ in {
./system/printing.nix
./system/security.nix
./system/snapper.nix
./system/tailscale.nix
./system/virtualisation.nix
./system/wireguard.nix
];
user = mkAttrsFromPaths [
./user/catppuccin.nix
./user/comma.nix
./user/direnv.nix
./user/dunst.nix
./user/eww.nix

5
modules/options.nix
View file

@ -44,10 +44,5 @@ in {
type = types.bool;
default = false;
};
binds = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
};
}

11
modules/services/banksia.nix
View file

@ -1,11 +0,0 @@
# TODO ^^
{ ... }: {
services.nginx.virtualHosts = {
"banksia.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
locations."/api".proxyPass = "http://localhost:8080/";
};
};
}

13
modules/services/nginx.nix
View file

@ -2,20 +2,17 @@
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = {
acceptTerms = true;
defaults = {
email = "me@lava.moe";
group = "nginx";
dnsProvider = "cloudflare";
environmentFile = config.age.secrets."acme_dns".path;
};
defaults.email = "me@lava.moe";
certs."lava.moe" = {
group = "nginx";
domain = "lava.moe";
extraDomainNames = [
"*.lava.moe"
"*.local.lava.moe"
];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."acme_dns".path;
};
certs."cilly.moe" = {};
certs."cilly.dev" = {};
};
services.nginx = {

1
modules/services/postgres.nix
View file

@ -8,7 +8,6 @@ in {
services.postgresql = {
enable = true;
dataDir = dir;
# TODO: broken :3
package = pkgs.postgresql_13;
authentication = lib.mkOverride 10 ''
#type database DBuser origin-address auth-method

6
modules/services/syncthing.nix
View file

@ -1,8 +1,7 @@
{ config, ... }:
let
dir = "/persist/shared/.syncthing";
user = if config.me.gui then "rin" else "hana";
uid = toString config.users.users."${user}".uid;
uid = toString config.users.users.rin.uid;
gid = toString config.users.groups.users.gid;
in
{
@ -14,10 +13,9 @@ in
services.syncthing = {
enable = true;
openDefaultPorts = true;
user = user;
user = "rin";
group = "users";
dataDir = "/persist/shared/.syncthing/data";
configDir = "/persist/shared/.syncthing/config";
guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
};
}

12
modules/services/unbound.nix
View file

@ -7,10 +7,6 @@ let
grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out"
'';
in {
networking.firewall.interfaces."ve-+" = {
allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ];
};
networking.firewall.interfaces.wg0 = {
allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ];
@ -27,12 +23,8 @@ in {
forward-addr = [
"2606:4700:4700::1111@853#cloudflare-dns.com"
"2606:4700:4700::1001@853#cloudflare-dns.com"
"2001:4860:4860::8888@853#dns.google"
"2001:4860:4860::8844@853#dns.google"
"1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
];
}];
@ -41,10 +33,8 @@ in {
access-control = [
"127.0.0.1/8 allow"
"10.0.0.0/8 allow"
"100.64.0.0/10 allow"
"192.168.100.0/24 allow"
"fd0d::/16 allow"
"fd7a:115c:a1e0::/48 allow"
"fd0d::/16 allow"
"${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
];
domain-insecure = [ "\"local.lava.moe\"" ];

21
modules/services/website.nix
View file

@ -1,30 +1,11 @@
{ inputs, pkgs, ... }: let
pastel = inputs.pastel.packages.${pkgs.system}.default;
in {
{ inputs, ... }: {
services.nginx.virtualHosts = {
"cilly.moe" = {
useACMEHost = "cilly.moe";
forceSSL = true;
root = pastel.outPath;
};
"cilly.dev" = {
useACMEHost = "cilly.dev";
forceSSL = true;
root = pastel.outPath;
};
"lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = inputs.website.outPath;
};
"cdn.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
extraConfig = ''
return 301 https://sh.lava.moe$request_uri;
'';
};
"sh.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = "/persist/cdn";

2
modules/system/base.nix
View file

@ -1,5 +1,5 @@
{ config, inputs, modules, ... }: {
imports = [ modules.binds modules.options ];
imports = [ modules.options ];
environment.etc = {
"machine-id".source = "/persist/machine-id";

8
modules/system/docker.nix
View file

@ -2,10 +2,10 @@
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
rootless = {
enable = true;
setSocketVariable = true;
};
};
environment.systemPackages = [
pkgs.docker-compose

19
modules/system/home-manager-stable.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, inputs, modules, ... }: {
imports = [
inputs.home-manager-stable.nixosModules.home-manager
];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {
inherit inputs modules;
sysConfig = config;
};
sharedModules = [
{
imports = [ modules.options ];
config.me = config.me;
}
];
};
}

16
modules/system/input.nix
View file

@ -6,19 +6,7 @@
"-arinterval 15"
];
};
xkb.options = "caps:escape";
};
services.keyd = {
enable = true;
keyboards = {
default = {
ids = [ "*" ];
settings = {
main = {
capslock = "esc";
esc = "capslock";
};
};
};
};
};
console.useXkbConfig = true;
}

3
modules/system/nix-stable.nix
View file

@ -1,7 +1,5 @@
{ config, lib, pkgs, ... }: {
nix = {
package = pkgs.nixVersions.latest;
settings = rec {
substituters = [
"https://cache.nixos.org?priority=10"
@ -19,5 +17,4 @@
'';
};
nixpkgs.config.allowUnfree = true;
programs.nh.enable = true;
}

3
modules/system/nix.nix
View file

@ -1,6 +1,5 @@
{ config, inputs, pkgs, ... }: {
{ config, lib, pkgs, ... }: {
nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
package = pkgs.nixVersions.latest;
settings = rec {

1
modules/system/packages-gui.nix
View file

@ -10,6 +10,7 @@
libva-vdpau-driver
libvdpau-va-gl
];
programs.light.enable = true;
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
programs.steam = {

2
modules/system/packages.nix
View file

@ -1,6 +1,7 @@
{ pkgs, ... }: {
imports = [ ./packages-gui.nix ];
environment.systemPackages = with pkgs; [
comma
# ecryptfs
efibootmgr
fd
@ -16,6 +17,7 @@
neovim
nfs-utils
ntfs3g
oci-cli
ripgrep
rsync
sshfs

30
modules/system/security.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: {
{ config, pkgs, ... }: {
networking.firewall =
let
iptables = "${pkgs.iptables}/bin/iptables";
@ -53,33 +53,5 @@
}
];
};
pam = lib.mkIf (config.me.environment != "headless") {
u2f = {
enable = true;
settings = {
cue = true;
pinverification = 1;
};
};
services.doas.rules.auth = {
u2f.settings.pinverification = lib.mkForce 0;
u2f_int = lib.mkMerge [
{
enable = true;
order = config.security.pam.services.doas.rules.auth.u2f.order + 1;
control = "sufficient";
modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so";
inherit (config.security.pam.u2f) settings;
}
{
settings = lib.mkForce {
interactive = true;
pinverification = 0;
userpresence = 0;
};
}
];
};
};
};
}

13
modules/system/tailscale.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ... }: {
age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
me.binds."/var/lib/tailscale" = "tailscale";
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale_auth.path;
openFirewall = true;
useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
};
}

6
modules/system/wireguard.nix
View file

@ -1,12 +1,12 @@
{ config, lib, pkgs, gcSecrets, ... }:
let
port = 51801;
port = 123;
serverName = "dandelion";
serverInterface = "enp0s6";
serverIp = gcSecrets.wireguard.gateway;
forwarding = {
"22727" = [ "10.100.0.3" "7777" ];
# "22727" = [ "10.100.0.3" "7777" ];
};
mapForwards = type:
@ -18,8 +18,6 @@ let
in ''
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
'') forwarding
);

7
modules/user/comma.nix
View file

@ -1,7 +0,0 @@
{ inputs, ... }: {
imports = [
inputs.nix-index-database.homeModules.default
];
programs.nix-index.enable = true;
programs.nix-index-database.comma.enable = true;
}

4
modules/user/eww.nix
View file

@ -21,9 +21,9 @@ let
'';
};
in {
home.packages = with pkgs; [ iw socat ];
home.packages = with pkgs; [ socat ];
programs.eww = {
enable = true;
configDir = res;
};
xdg.configFile."eww".source = res;
}

1
modules/user/git.nix
View file

@ -10,7 +10,6 @@
user.email = "mini@cilly.moe";
core.abbrev = 11;
safe.directory = "/home/rin/Projects/flakes";
init.defaultBranch = "master";
};
};
}

12
modules/user/hypridle.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }:
let
kblight = "brightnessctl -d ${config.me.kbBacklightDevice}";
kblight = "light -s sysfs/leds/${config.me.kbBacklightDevice}";
in
{
home.packages = [ config.services.hypridle.package ];
@ -16,18 +16,18 @@ in
listener = lib.optionals (config.me.kbBacklightDevice != null) [
{
timeout = 120;
on-timeout = "${kblight} -s && ${kblight} 0";
on-resume = "${kblight} -r";
on-timeout = "${kblight} -O && ${kblight} -S 0";
on-resume = "${kblight} -I";
}
] ++ [
{
timeout = 150;
on-timeout = "brightnessctl -s && brightnessctl 50%-";
on-resume = "brightnessctl -r";
on-timeout = "light -O && light -T 0.5";
on-resume = "light -I";
}
{
timeout = 180;
on-timeout = "brightnessctl -r && loginctl lock-session";
on-timeout = "light -I && loginctl lock-session";
}
{
timeout = 195;

2
modules/user/neovim-minimal.nix
View file

@ -9,8 +9,6 @@
vimAlias = true;
vimdiffAlias = true;
withNodeJs = false;
withPython3 = false;
withRuby = false;
plugins = with pkgs.vimPlugins; [
fzf-vim

23
modules/user/neovim.nix
View file

@ -1,9 +1,9 @@
{ config, lib, pkgs, sysConfig, ... }:
{ config, lib, pkgs, ... }:
let
luaconf = pkgs.writeText "config.lua"
(lib.replaceStrings
["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}" "{{USERNAME}}" "{{HOSTNAME}}"]
["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor config.home.username sysConfig.networking.hostName]
["{{OMNISHARP_PATH}}" "{{DART_PATH}}" "{{CATPPUCCIN_FLAVOUR}}"]
["${pkgs.omnisharp-roslyn}/bin/OmniSharp" "${pkgs.dart}/bin/dart" config.catppuccin.nvim.flavor]
(builtins.readFile ../../res/config.lua));
in {
systemd.user.tmpfiles.rules = [
@ -17,20 +17,17 @@ in {
vimdiffAlias = true;
#package = pkgs.neovim-nightly;
withNodeJs = true;
withPython3 = true;
withRuby = false;
extraPackages = with pkgs; [
nixd
rust-analyzer
texlab
astro-language-server
tailwindcss-language-server
diagnostic-languageserver
eslint_d
typescript-language-server
vscode-langservers-extracted
yaml-language-server
nodePackages."@astrojs/language-server"
nodePackages."@tailwindcss/language-server"
nodePackages.diagnostic-languageserver
nodePackages.eslint_d
nodePackages.typescript-language-server
nodePackages.vscode-langservers-extracted
nodePackages.yaml-language-server
];
plugins = with pkgs.vimPlugins; [

1
modules/user/zsh.nix
View file

@ -102,6 +102,7 @@ let
bindkey -a -r ':'
'';
in {
programs.command-not-found.enable = true;
programs.zsh = {
enable = true;
dotDir = "${config.xdg.configHome}/zsh";

1
overlays/default.nix
View file

@ -5,7 +5,6 @@ builtins.map (path: import path) [
./eww.nix
./jetbrains.nix
./material-icons.nix
./openldap.nix
./steam.nix
./utillinux.nix
./wpa-supplicant.nix

9
overlays/openldap.nix
View file

@ -1,9 +0,0 @@
self: super: {
# openldap i686 fails checks
# issue: https://github.com/NixOS/nixpkgs/issues/514113
# workaround: https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674
# fix: https://github.com/NixOS/nixpkgs/pull/515956
openldap = super.openldap.overrideAttrs {
doCheck = !self.stdenv.hostPlatform.isi686;
};
}

6
packages/linux-lava/sources.nix
View file

@ -1,8 +1,8 @@
{ fetchFromGitHub, inputs, lib }:
let
version = "7.0.10";
kernelHash = "1w4i705i0nl1xqv7fdhdbhy7j3xrzhl31fabs6vmgiw7nf06szxv";
kernelPatchHash = "0h7gxqcnww7sj5cdyblzj04775zhavwdylkm2pm91v6xkjbnz1zj";
version = "6.19.6";
kernelHash = "0mqka8ii7bvmx9hvfjdiyva9ib0j7m390gxhh8gki3qb4nl7jc1h";
kernelPatchHash = "0hns69nhh9a00nmfdhf2lrnn47nb8xbvdsli9lg47v9f3qbg49fb";
mm = lib.versions.majorMinor version;
hasPatch = (builtins.length (builtins.splitVersion version)) == 3;

5
res/config-minimal.lua
View file

@ -1,5 +1,5 @@
-- Keybindings
local map = vim.keymap.set
local map = vim.api.nvim_set_keymap
map('n', '<C-H>', '<C-W>h', { noremap = true })
map('n', '<C-J>', '<C-W>j', { noremap = true })
map('n', '<C-K>', '<C-W>k', { noremap = true })
@ -18,7 +18,6 @@ vim.opt.number = true
vim.opt.cursorline = true
vim.opt.signcolumn = "yes:3"
vim.opt.title = true
vim.opt.termguicolors = true
vim.opt.updatetime = 0
vim.opt.clipboard:prepend('unnamedplus')
@ -48,7 +47,7 @@ vim.g.signify_sign_change = vim.g.signify_sign_add
vim.g.signify_sign_change_delete = vim.g.signify_sign_delete
-- Plugins
require('nvim-treesitter').setup {
require('nvim-treesitter.configs').setup {
highlight = { enable = true },
indent = { enable = false }
}

68
res/config.lua
View file

@ -51,7 +51,6 @@ vim.g.signify_sign_change_delete = vim.g.signify_sign_delete
-- VimTeX
vim.g.vimtex_view_method = "zathura"
vim.g.vimtex_quickfix_open_on_warning = 0
-- Theming
vim.api.nvim_command("syntax enable")
@ -108,18 +107,18 @@ require('lualine').setup {
-- many thanks to @kristijanhusak
-- https://github.com/nvim-treesitter/nvim-treesitter/issues/1167#issuecomment-920824125
function _G.javascript_indent()
local line = vim.fn.getline(vim.v.lnum)
local prev_line = vim.fn.getline(vim.v.lnum - 1)
if line:match('^%s*[%*/]%s*') then
if prev_line:match('^%s*%*%s*') then
return vim.fn.indent(vim.v.lnum - 1)
end
if prev_line:match('^%s*/%*%*%s*$') then
return vim.fn.indent(vim.v.lnum - 1) + 1
end
local line = vim.fn.getline(vim.v.lnum)
local prev_line = vim.fn.getline(vim.v.lnum - 1)
if line:match('^%s*[%*/]%s*') then
if prev_line:match('^%s*%*%s*') then
return vim.fn.indent(vim.v.lnum - 1)
end
if prev_line:match('^%s*/%*%*%s*$') then
return vim.fn.indent(vim.v.lnum - 1) + 1
end
end
return vim.fn['GetJavascriptIndent']()
return vim.fn['GetJavascriptIndent']()
end
vim.cmd('au FileType javascript setlocal indentexpr=v:lua.javascript_indent()')
@ -157,17 +156,22 @@ vim.api.nvim_create_autocmd("LspAttach", {
end
})
vim.diagnostic.config({
focusable = false,
virtual_text = false,
underline = true,
signs = true,
update_in_insert = true
})
vim.lsp.handlers["textDocument/publishDiagnostics"] = vim.lsp.with(
vim.lsp.diagnostic.on_publish_diagnostics, {
focusable = false,
virtual_text = false,
underline = true,
signs = true,
update_in_insert = true
}
)
vim.lsp.handlers["textDocument/signatureHelp"] = vim.lsp.with(
vim.lsp.handlers.signature_help, { focusable = false }
)
capabilities = require('cmp_nvim_lsp').default_capabilities(capabilities)
local servers = { 'astro', 'clangd', 'cssls', 'html', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
local servers = { 'astro', 'clangd', 'cssls', 'html', 'nil_ls', 'tailwindcss', 'texlab', 'ts_ls', 'yamlls' }
for _, lsp in ipairs(servers) do
vim.lsp.config(lsp, {
capabilities = capabilities,
@ -292,32 +296,6 @@ vim.lsp.config("diagnosticls", {
})
vim.lsp.enable("diagnosticls")
-- LSP/nixd
vim.lsp.config("nixd", {
cmd = { "nixd" },
filetypes = { "nix" },
root_markers = { "flake.nix", ".git" },
settings = {
nixd = {
nixpkgs = {
expr = "import <nixpkgs> { }",
},
formatting = {
command = { "nixfmt" },
},
options = {
nixos = {
expr = '(builtins.getFlake (toString ./.)).nixosConfigurations.{{HOSTNAME}}.options',
},
home_manager = {
expr = '(builtins.getFlake (builtins.toString ./.)).nixosConfigurations."{{USERNAME}}@{{HOSTNAME}}".options.home-manager.users.type.getSubOptions []',
},
},
},
},
})
vim.lsp.enable("nixd")
-- LSP/Signatures
require("lsp_signature").setup {
hint_enable = false,

28
res/eww/eww.yuck
View file

@ -1,5 +1,4 @@
(defwindow mainbar :monitor 0
:geometry (geometry :x "0%"
:y "0%"
:width "100%"
@ -40,15 +39,14 @@
`cat /sys/class/power_supply/_BAT_PATH_/capacity`)
(defpoll pbat_status :interval "1s" :run-while bat-enabled
`cat /sys/class/power_supply/_BAT_PATH_/status`)
(defpoll wifi_ssid :interval "1s" :run-while wifi-enabled
`iwctl station wlan0 show | grep "Connected network" | awk '{print $3}'`)
(defpoll wifi_strength :interval "1s" :run-while wifi-enabled
`iw dev wlan0 link | awk '/signal/ {gsub("-",""); print $2}'`)
(defpoll network_strength :interval "1s" :run-while wifi-enabled
`nmcli -f IN-USE,SIGNAL device wifi | grep '*' | tr -d -c 0-9`)
(defpoll bluetooth_device :interval "1s" :run-while bt-enabled
`bluetoothctl devices Connected | grep Device | cut -d" " -f3-`)
(defpoll bluetooth_device_count :interval "1s" :run-while bt-enabled
`bluetoothctl devices Connected | wc -l`)
(deflisten lnetwork :initial "" :run-while wifi-enabled "./scripts/network.sh")
(deflisten ltitle :initial "" "./scripts/title.sh")
(deflisten lworkspaces :initial "[]" "./scripts/workspaces.sh")
(deflisten lcurrent_workspace :initial "1" "./scripts/active-workspace.sh")
@ -109,22 +107,22 @@
(defwidget network []
(button :onclick `eww update network-extended=${network-extended ? "false" : "true"}`
(box :orientation "horizontal"
:class {"widget pill" + ((network-extended && wifi_ssid != "") ? " extended" : "")}
:spacing {(network-extended && wifi_ssid != "") ? 5 : 0}
:class {"widget pill" + ((network-extended && lnetwork != "Disconnected") ? " extended" : "")}
:spacing {(network-extended && lnetwork != "Disconnected") ? 5 : 0}
:space-evenly false
(label :text {
(wifi_ssid == "") ? ""
: (wifi_strength == "") ? ""
: (wifi_strength < 75) ? ""
: (wifi_strength < 65) ? ""
: (wifi_strength < 60) ? ""
: (wifi_strength < 50) ? ""
(lnetwork == "Disconnected") ? ""
: (network_strength == "") ? ""
: (network_strength < 20) ? ""
: (network_strength < 30) ? ""
: (network_strength < 55) ? ""
: (network_strength < 80) ? ""
: ""}
:class "base pill-icon")
(revealer :transition "slideleft"
:reveal {network-extended && wifi_ssid != ""}
:reveal {network-extended && lnetwork != "Disconnected"}
:duration 150
(label :text wifi_ssid
(label :text lnetwork
:class "base")))))
(defwidget battery []

19
res/eww/scripts/network.sh Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/env bash
init=$(nmcli -t -f name,device connection show --active | grep wlp1s0 | cut -d\: -f1)
if [[ -z $init ]]; then
echo Disconnected
else
echo $init
fi
nmcli monitor | while read -r line ; do
if [[ $line == *"is now the primary connection" ]]; then
conn=$(echo $line | cut -d\' -f2)
echo $conn
fi
if [[ $line == "There's no primary connection" ]]; then
echo Disconnected
fi
done

12
secrets.nix
View file

@ -1,5 +1,4 @@
let
alyssum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAp00i2DTwMk9i2WBEwpNTDA51TQJEqzpyCka6znmRzR";
anemone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEPFifSAybe97xDP/cq6AAjy7Fm0go0dtQ9ICK6JRUgc";
blossom = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5wfPCcpkNR3ubr7cBV0UwVCDo/sMmV0aI/JOJTIxQj";
dandelion = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFUk99ku7+eiIO7Q9sIPlPx3GiUljLv7W404W/zwrtzI";
@ -7,15 +6,10 @@ let
rin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15";
in {
"secrets/passwd.age".publicKeys = [ alyssum anemone blossom rin ];
"secrets/passwd_smbcilly.age".publicKeys = [ alyssum rin ];
"secrets/passwd_smbkujira.age".publicKeys = [ alyssum rin ];
"secrets/wpa_conf.age".publicKeys = [ alyssum blossom rin ];
"secrets/passwd.age".publicKeys = [ anemone blossom rin ];
"secrets/wpa_conf.age".publicKeys = [ blossom rin ];
"secrets/acme_dns.age".publicKeys = [ alyssum dandelion hazel rin ];
"secrets/navidrome_env.age".publicKeys = [ alyssum dandelion rin ];
"secrets/slskd_env.age".publicKeys = [ anemone dandelion rin ];
"secrets/tailscale_auth.age".publicKeys = [ alyssum anemone blossom dandelion rin ];
"secrets/acme_dns.age".publicKeys = [ dandelion hazel rin ];
"secrets/warden_admin.age".publicKeys = [ rin ];
"secrets/wg_anemone.age".publicKeys = [ anemone rin ];
"secrets/wg_dandelion.age".publicKeys = [ dandelion rin ];

19
secrets/acme_dns.age
View file

@ -1,11 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 kOMSPw vqjZO82kILUQaoD9EwOgnmXKD9IyscgtzP65BVKkGhs
07f0vL5fSq+EVdJ4n3L/q0tGsh0SVLCueTzbrMQC2ok
-> ssh-ed25519 bRFqeQ qZAsyhdIY/fg7weEBYfB/WwFBrr/fDRrjt0J/m+57W4
FOWjbk7efoVdL9WxjWvaZ/0mJrQ4yj0fN/Fa3zztz84
-> ssh-ed25519 ZAcXHw UHpAQ4nKoGGaZWXVj4UM6uBanOgDpBvG6XdoBvhz6y8
xF1orqajQxp2QzU/e1sq8lMxz4AQ2Vr5a3wEU55QqyE
-> ssh-ed25519 U9FXlg n/LPuRDZ7N0VbZYLNr86hH/yRuqd2zFC7Nnpooz8d0o
aZig/wjd5vitGaJwQ89w2M7fj8fAiqTpdDOmLae74sM
--- mXuALIh6k4n0cErsTFnwKemo/r2jFG7mGSTz2M8zXF8
Zr2îŽ. Òõ~MúP€þXŹ1¼)9Rî9ªS cLzhQü™ßO†Ä0­íH7£•ŽLÌj¦5½ üâÏöÒ\©l9˜7ÓôçÜ«nœ©¡>¹æ¢
-> ssh-ed25519 bRFqeQ trK7wfJ1fObF70yD3a6axuXaZv/EzzFI7he1dvUajH8
1C5IrwITtma/um0zUo6by0llVTnla7TBdyRD07azTT8
-> ssh-ed25519 ZAcXHw f+n0WJKTViwizwTIgRpbLGqk458SnuAFVVj5FQS0nwA
MRinOTxWGwfeg16VWJYD+1Uta+7xF6G9oyqtYSfEq80
-> ssh-ed25519 U9FXlg 24QGfemIAHZYMwroayNJp91fUkbwUF7ACuXIk+7qdBg
RNGpjxUgfzV/e1Ab/NcA8A0zzxsXU06xmVbLpG3x+iI
--- mekieJNQOl4vcg+hsSOQsFC7mVUZf/oRl/dT7AeTRKg
ºöHì¦<C3AC>)kñÞ#%3cªQÎÚº¿Ï•žè1?žad| 쳄ٗ²õo¡
Bð)¾ä=ÿZió˜9çpR<70>¦î ÉKl<>žgû Õž’é

9
secrets/navidrome_env.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 kOMSPw s/uDjoILzZ4meH5Thqdly/pPe2bTO7sKHPIsn7B/Ays
Pg3ePdLimArZbzBJJkole/d6UjUafNayktjKqt9gqv4
-> ssh-ed25519 bRFqeQ /yrku11wKk2gf24aPjSBZ1KBZXLOlSTOgvW13gjzC3M
xTCWHdq5Vr02v9xDoEZqCcGLIdjZT9s29Gldoz27ow0
-> ssh-ed25519 U9FXlg HhSqF8DRz/vW42Sf34fqGMIgj9Zpc5MeYNhqqsz7fBk
4IzAURq50rY160/qAzo49cmhV7/skh7PGM8h9qI9WGE
--- aSO1slFKfkECL6Gro84fMiDZ0QLLNbOrfiNegNK7ksc
i'r¦áÐŒ¶ìl"êj^Sö"_ŸUP»¢C¡šxs1—“þÓM»¶w­Ê<C2AD>Õ;#{a£Ö}+ûÐ=ëåeÔ$“#s½züKiúª€ÀJòDº?Þ>F±÷8kîZ(°Åì‹;ÄÙÑ)Ñ[§êb+Ño„@¶#2®L,”­í ×—LÂ<\Äñ¤<C3B1>U ²õÿ#Ôòâ­>13ëp\çIQ)Þ½˜š@­ìp,C÷´v8M%§NA r7çÉ€ÿtê'Ð…Ö²©²5+bj®Œ)‡Ra„Cª

BIN
secrets/passwd.age
View file

Binary file not shown.

7
secrets/passwd_smbcilly.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 kOMSPw CQaXT9/nw3NGD2/H/ctSQGXIoacgjfKQ24wkpEieLSQ
i4xEXgWGQ7xgQyaDQQIeDuiCLjA6Le23qSnv8C1cbcI
-> ssh-ed25519 U9FXlg GL4dCSCku/FA6ipb9XI1AxO4lhm2r/1lRAeqaGrB32o
+pPgqwnoPi3wJLobTimVMj0rng+XRapRG6jTYFXSsDM
--- eVgn3ON19pqq+L832bqlbkHUQXdaTI+LfSL4bYfEdew
Æ*Œl\ÈWç!J7E/´»îò"f@%\ìüÏ[¨òj8fÓ¶ž

7
secrets/passwd_smbkujira.age
View file

@ -1,7 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 kOMSPw Kn+LPMoyOrVwI/nrGgnxgVA3D+tVY9Tccg/Yx/jL+E8
IfWiSBh7KgNvgcHlcDzfdcB9nxm1zy12Ae7AGm39fdE
-> ssh-ed25519 U9FXlg 6eIIGEIYDo02FBsgBnwbuOeR8t4xB6jSmLfIL73UCDg
QOc0ddunQQcVEVD20DKKpn3wZWUSveFJSUTBnv+xnNk
--- MjN2i0FNzbUpBGUDNgWGXrRsYl2gtsQX+JlzZV/fYdw
TÎ <çR#d<> ĆÌŽlLkáN¦½º8´cÃ_N¬)±ŠT

9
secrets/slskd_env.age
View file

@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 ohyStA 3Do7MsCBX9ZgP6pIekvkRisFgF74jq2cKxrjUi2NlhM
EdfLIUk40isfNBY4CKA0JjHc2RaCM/LJmvQJuue+aYs
-> ssh-ed25519 bRFqeQ XcjdLy6CEELgdN133BkgTG0cUffU6N9nsapB3c9Swyc
+ILEkir7XMK/xLNrTs2R+pBoucIN7fVEBRZSZwBo7Fs
-> ssh-ed25519 U9FXlg bqpdUcMN/bk7WlIruWmhj0hpFL/CliDHto/P/KaMdxk
z6wKPbT1OAW7sDjeziwdqs6mf9Rk37xsU9pw4wYMOF4
--- wNvTtQPOTxetOpazjBXo4fR3wPL7CVQq4R30gOj/qQw
&P+£ô²ó¬S¶÷y×=}¿Î~1äCšáŒðøÞ^.ñ¹¤?zL¿ŽH äR`akEÿ†R¯ß(4R!þ*lÂ!û”ÇA†ß~@VG½û¯Ì<ýõ2£-K8HõPuË2jS#WД´áÚÔ÷l>@³a . MÆž<C386>·ÿHg[™û³$­WËŒî½[™ú"%NÔ,Ò rGN<47>mf´9FÅùk&~—OW˜Z70ËtËóœ›?<3F>¶—eOf<4F>íAÔí¼õª°zØ,hq/ÄZó&€ÿFyÉ5ɾˆBQwÓÝö/Ø"æ´øJËS섘5šf}%Bª½PÄ®Ô,r<>F`”Nm¦Ãn§CêÃŽ™“rJ“Ýôafà Æi¬?¯Ÿ—0÷¼©pzÿaVÕ[í€ëyÃj±X4î†öB>R,¦tyOìõIW!À(™Ín#ÖÜj>ƒ¡£²ž58×°dËŽ0 ¦…øú®miœÆ C÷RË„^I„rÈMó")Ö™ÙSà&.)l·z§Ó¨qç…ÏÞÎ:Òr½±ŸbrE@íJǺsMí÷æd“‰?åSk

13
secrets/tailscale_auth.age
View file

@ -1,13 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 kOMSPw judP6VmZDGErkHfUpCp3xTgJtWVmGv3/tZw3WGyhfhM
10jxPIR6Qaf/iWLzbWOrFq9XBsm8OC3mcMrxEt+BYQ8
-> ssh-ed25519 ohyStA Xc6TjSJYtJkK1VEauNJKn+RcTdwdkyJ0Sr+tbAJ8rGc
vzQt4zMdktY5tNvfu9HsKBgJb52uM7x8bhF+WXwpWZ8
-> ssh-ed25519 CUCjXQ r8WxaXpWtaBdMJ2ubaAwJ4ipSz/UtnMs0x3+eI8p0VU
CdicUH7AE4E4XVHDAeYzQdsYMYA0sCLlt2P4eR24vvs
-> ssh-ed25519 bRFqeQ E9sknPioO9leKqs8bFJDLrAMuRAJf0ZRyGMvy7O5wVA
KX93oSqGHimM/PaeaoHq1aYVXGG1YsVMO2ihZaM8xVE
-> ssh-ed25519 U9FXlg u7yG7cLylPUgu/Is4xx0BXVhX31vUtgStV5CYa8Cowg
xAuGYZpMPVQpZYASXrMuqNE9wqqEG3kMLUNjLzPmL4g
--- EoeqIMnX5tR3J51Cz2QEyjsgD/7h468bqjRmt3mOEjY
äxHQ<>Š)þôÛûkö)ĉBâ³~Û•ÖZv?·–ˆ¦%lQx OwZIs©Û„óf4áD¯ ”ûÇ”þ*îOtݳ¶ 0.m[qß_[¯ÿ°¨žvº×Û

BIN
secrets/wpa_conf.age
View file

Binary file not shown.

2
users/hana/default.nix
View file

@ -1,5 +1,4 @@
{ config, lib, modules, pkgs, ... }: {
programs.nh.flake = "/persist/hana/flakes";
programs.zsh.enable = true;
users.users.hana = {
isNormalUser = true;
@ -22,7 +21,6 @@
};
imports = with modules.user; [
comma
direnv
git
neovim-minimal

3
users/rin/default.nix
View file

@ -3,7 +3,7 @@
programs.zsh.enable = true;
users.users.rin = {
isNormalUser = true;
extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "docker" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ];
extraGroups = [ "adbusers" "audio" "corectrl" "dialout" "libvirtd" "networkmanager" "video" "wheel" "wireshark" ];
shell = pkgs.zsh;
uid = 1001;
hashedPasswordFile = config.age.secrets.passwd.path;
@ -21,7 +21,6 @@
sessionVariables
catppuccin
comma
direnv
git
gpg

40
users/rin/packages.nix
View file

@ -15,52 +15,52 @@ in {
ffmpeg
gnupg
kitty
nil
nodejs_latest
pamixer
pnpm
unrar
yt-dlp
] ++ lib.optionals (config.me.environment == "desktop") [
krita
lutris
mangohud
inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
qmk
tetrio-desktop
tor-browser
virt-manager
winetricks
unrar
weechat
yt-dlp
nodePackages_latest.pnpm
] ++ lib.optionals config.me.gui [
android-studio
brightnessctl
drawio
element-desktop
evince
eww
feh
feishin
file-roller
gamescope
gimp3
grim
jetbrains.gateway
#kotatogram-desktop
krita
lm_sensors
lutris
insomnia
maim
mangohud
me.psensor
inputs.nix-gaming.packages.x86_64-linux.osu-lazer-bin
# inputs.nix-gaming.packages.x86_64-linux.wine-osu
obsidian
pavucontrol
(prismlauncher.override {
jdks = [
jdk21
temurin-bin-25
];
})
prismlauncher
qbittorrent
rivalcfg
screenkey
slurp
swaybg
tetrio-desktop
texliveFull
tor-browser
transmission-remote-gtk
vesktop
virt-manager
winetricks
zathura
zenity