server stuff
This commit is contained in:
parent
9524fabb85
commit
037d7fad84
18 changed files with 477 additions and 146 deletions
|
@ -26,9 +26,7 @@ in
|
|||
wootility
|
||||
];
|
||||
|
||||
services.udev.packages = with pkgs; [
|
||||
yubikey-personalization
|
||||
];
|
||||
services.udev.packages = with pkgs; [ yubikey-personalization ];
|
||||
|
||||
hardware.i2c.enable = true;
|
||||
services.libinput.enable = true;
|
||||
|
|
|
@ -23,6 +23,11 @@ in
|
|||
enable = true;
|
||||
allowPing = true;
|
||||
};
|
||||
|
||||
networking.nameservers = [
|
||||
"1.1.1.1"
|
||||
"9.9.9.9"
|
||||
];
|
||||
};
|
||||
|
||||
imports = [ ./bluetooth.nix ];
|
||||
|
|
|
@ -93,7 +93,7 @@ in
|
|||
services.dbus.implementation = "broker";
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
zramSwap.enable = false;
|
||||
|
||||
#programs.ssh = {
|
||||
# # startAgent = true;
|
||||
|
|
|
@ -7,9 +7,14 @@
|
|||
}:
|
||||
let
|
||||
inherit (config.grimmShared) enable tooling;
|
||||
inherit (lib) mkIf mapAttrs' concatLines attrNames;
|
||||
inherit (lib)
|
||||
mkIf
|
||||
mapAttrs'
|
||||
concatLines
|
||||
attrNames
|
||||
;
|
||||
plugins = {
|
||||
ranger_udisk_menu = inputs.ranger_udisk_menu;
|
||||
ranger_udisk_menu = inputs.ranger_udisk_menu;
|
||||
};
|
||||
in
|
||||
{
|
||||
|
@ -20,11 +25,13 @@ in
|
|||
};
|
||||
environment.systemPackages = [ pkgs.ranger ];
|
||||
|
||||
environment.etc = (mapAttrs' (n: v: {
|
||||
name = "ranger/plugins/${n}";
|
||||
value.source = v;
|
||||
}) plugins) // {
|
||||
"ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins));
|
||||
};
|
||||
environment.etc =
|
||||
(mapAttrs' (n: v: {
|
||||
name = "ranger/plugins/${n}";
|
||||
value.source = v;
|
||||
}) plugins)
|
||||
// {
|
||||
"ranger/commands.py".text = concatLines (map (n: "from plugins.${n} import *") (attrNames plugins));
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
# Bootloader.
|
||||
boot = {
|
||||
loader.efi.canTouchEfiVariables = true;
|
||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
|
||||
# kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
|
||||
};
|
||||
|
||||
services.logrotate.checkConfig = false; # fixme: actually needed?
|
||||
|
|
|
@ -35,9 +35,9 @@ let
|
|||
#}
|
||||
];
|
||||
|
||||
# enable ccache for lix if ccache is enabled
|
||||
# enable_lix_ccache = true;
|
||||
in
|
||||
# enable ccache for lix if ccache is enabled
|
||||
# enable_lix_ccache = true;
|
||||
{
|
||||
imports = [
|
||||
"${nivSources.agenix}/modules/age.nix"
|
||||
|
@ -48,7 +48,7 @@ in
|
|||
(builtins.getFlake (asGithubRef nivSources.chaotic)).nixosModules.default
|
||||
# (builtins.getFlake (asGithubRef nivSources.nixos-matrix-modules)).nixosModules.default
|
||||
# (builtins.getFlake "git+${nivSources.nixos-mailserver.repo}").nixosModules.default
|
||||
] ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
|
||||
] ++ host_modules.grimmauld-nixos-server; # ++ lib.optionals (builtins.hasAttr build_target host_modules) host_modules.${build_target};
|
||||
|
||||
system.nixos = {
|
||||
distroId = "lixos";
|
||||
|
@ -114,7 +114,7 @@ in
|
|||
unpatched;
|
||||
|
||||
overlays = [
|
||||
(import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
|
||||
# (import "${nivSources.lix-module}/overlay.nix" { lix = nivSources.lix-pkg; })
|
||||
(final: prev: { agenix = final.callPackage "${nivSources.agenix}/pkgs/agenix.nix" { }; })
|
||||
];
|
||||
};
|
||||
|
@ -124,13 +124,15 @@ in
|
|||
inputs = nivSources;
|
||||
};
|
||||
|
||||
nix.package = pkgs.lix;
|
||||
|
||||
nix.settings.extra-substituters = [
|
||||
"https://cache.lix.systems"
|
||||
# "https://cache.lix.systems"
|
||||
"https://nyx.chaotic.cx/"
|
||||
];
|
||||
|
||||
nix.settings.trusted-public-keys = [
|
||||
"cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
# "cache.lix.systems:aBnZUw8zA7H35Cz2RyKFVs3H4PlGTLawyY5KRbvJR8o="
|
||||
"nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
||||
"chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8="
|
||||
];
|
||||
|
|
|
@ -5,21 +5,22 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
./wireguard.nix
|
||||
./matrix.nix
|
||||
./puffer.nix
|
||||
./gitea.nix
|
||||
./grafana.nix
|
||||
./nextcloud.nix
|
||||
# ./prometheus.nix
|
||||
./prometheus.nix
|
||||
# ./mjolnir.nix
|
||||
./fail2ban.nix
|
||||
# ./fail2ban.nix
|
||||
./email.nix
|
||||
./discord-matrix-bridge.nix
|
||||
# ./discord-matrix-bridge.nix
|
||||
./mastodon.nix
|
||||
./nix_cache.nix
|
||||
./auth.nix
|
||||
# ./auth.nix
|
||||
./hedgedoc.nix
|
||||
./factorio.nix
|
||||
# ./factorio.nix
|
||||
];
|
||||
|
||||
options.serverConfig =
|
||||
|
@ -169,8 +170,9 @@ in
|
|||
accessType = "proxy";
|
||||
};
|
||||
matrix_host = {
|
||||
accessType = "redirect";
|
||||
# accessType = "redirect";
|
||||
host = "matrix.${domain}";
|
||||
# port = 8008;
|
||||
};
|
||||
prometheus_host = {
|
||||
host = "prometheus.${domain}";
|
||||
|
|
|
@ -17,8 +17,8 @@ in
|
|||
};
|
||||
bridge = {
|
||||
enableSelfServiceBridging = true;
|
||||
domain = config.services.matrix-synapse-next.settings.server_name;
|
||||
homeserverUrl = config.services.matrix-synapse-next.settings.public_baseurl;
|
||||
domain = config.services.matrix-synapse.settings.server_name;
|
||||
homeserverUrl = config.services.matrix-synapse.settings.public_baseurl;
|
||||
disablePresence = true;
|
||||
disableTypingNotifications = true;
|
||||
};
|
||||
|
|
|
@ -1,13 +1,27 @@
|
|||
{ pkgs, config, lib, ...}: {
|
||||
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
34197
|
||||
34198
|
||||
];
|
||||
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
34198
|
||||
34197
|
||||
];
|
||||
|
||||
services.prometheus.scrapeConfigs = [
|
||||
{
|
||||
job_name = "clusterio-trangar";
|
||||
static_configs = [ { targets = [ "trang.ar:8080" ]; } ];
|
||||
}
|
||||
];
|
||||
|
||||
systemd.services.clusterio-trangar = {
|
||||
description = "clusterio pulling its config from trang.ar";
|
||||
|
@ -19,9 +33,11 @@
|
|||
#serviceConfig.Group = "users";
|
||||
serviceConfig.WorkingDirectory = "/home/grimmauld/clusterio";
|
||||
script = ''
|
||||
${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio/shell.nix
|
||||
export NIXPKGS_ALLOW_UNFREE=1
|
||||
${lib.getExe' config.nix.package "nix-shell"} -I nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos /home/grimmauld/clusterio-nonfhs/shell.nix --run "cd /home/grimmauld/clusterio-nonfhs/install && nice -19 bash run-host.sh"
|
||||
# /home/grimmauld/clusterio/shell.nix
|
||||
'';
|
||||
wantedBy = ["multi-user.target"]; # starts after login
|
||||
wantedBy = [ "multi-user.target" ]; # starts after login
|
||||
enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ config, ... }:
|
||||
let
|
||||
inherit (config.serverConfig) vhosts;
|
||||
in {
|
||||
services.hedgedoc = {
|
||||
in
|
||||
{
|
||||
services.hedgedoc = {
|
||||
enable = true;
|
||||
settings = {
|
||||
domain = vhosts.hedgedoc_host.host;
|
||||
|
|
240
modules/matrix_legacy.nix
Normal file
240
modules/matrix_legacy.nix
Normal file
|
@ -0,0 +1,240 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (config.networking) domain;
|
||||
inherit (config.serverConfig) vhosts;
|
||||
|
||||
fqdn = vhosts.matrix_host.host;
|
||||
base_url = "https://${fqdn}";
|
||||
|
||||
clientConfig."m.homeserver" = {inherit base_url; }; # = "https://${vhosts.matrix_host.host}";
|
||||
serverConfig."m.server" = "${vhosts.matrix_host.host}:443";
|
||||
mkWellKnown = data: ''
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '${builtins.toJSON data}';
|
||||
'';
|
||||
synapse_backend = "http://[::1]:8008";
|
||||
in
|
||||
{
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureDatabases = [ "synapse" ];
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "synapse";
|
||||
passFile = config.age.secrets.synapse_db_pass.path;
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
||||
services.matrix-synapse = {
|
||||
enable = true;
|
||||
settings.server_name = domain;
|
||||
# The public base URL value must match the `base_url` value set in `clientConfig` above.
|
||||
# The default value here is based on `server_name`, so if your `server_name` is different
|
||||
# from the value of `fqdn` above, you will likely run into some mismatched domain names
|
||||
# in client applications.
|
||||
settings.public_baseurl = base_url;
|
||||
settings.listeners = [
|
||||
{ port = 8008;
|
||||
bind_addresses = [ "::1" ];
|
||||
type = "http";
|
||||
tls = false;
|
||||
x_forwarded = true;
|
||||
resources = [ {
|
||||
names = [ "client" "federation" ];
|
||||
compress = true;
|
||||
} ];
|
||||
}
|
||||
];
|
||||
|
||||
settings.database = {
|
||||
name = "psycopg2";
|
||||
args = { user="synapse"; database= "synapse"; };
|
||||
};
|
||||
settings.log_config = ./matrix_synapse_log_config.yaml;
|
||||
settings.enable_registration = false;
|
||||
configureRedisLocally = true;
|
||||
settings.redis.enabled = true;
|
||||
|
||||
settings.app_service_config_files = [
|
||||
# The registration file is automatically generated after starting the
|
||||
# appservice for the first time.
|
||||
# cp /var/lib/mautrix-telegram/telegram-registration.yaml \
|
||||
# /var/lib/matrix-synapse/
|
||||
# chown matrix-synapse:matrix-synapse \
|
||||
# /var/lib/matrix-synapse/telegram-registration.yaml
|
||||
# "/var/lib/matrix-synapse/discord-registration.yaml"
|
||||
];
|
||||
};
|
||||
|
||||
# services.matrix-synapse-next = {
|
||||
# enable = true;
|
||||
#
|
||||
# workers.federationSenders = 1;
|
||||
# workers.federationReceivers = 1;
|
||||
# workers.initialSyncers = 1;
|
||||
# workers.normalSyncers = 1;
|
||||
# workers.eventPersisters = 2;
|
||||
# workers.useUserDirectoryWorker = true;
|
||||
# mainLogConfig = ./matrix_synapse_log_config.yaml;
|
||||
#
|
||||
# enableNginx = true;
|
||||
# enableSlidingSync = false;
|
||||
#
|
||||
# settings = {
|
||||
# suppress_key_server_warning = true;
|
||||
# server_name = domain;
|
||||
# public_baseurl = "https://${domain}";
|
||||
# enable_registration = true;
|
||||
# registration_requires_token = true;
|
||||
# registration_shared_secret_path = config.age.secrets.synapse_registration_shared_secret.path;
|
||||
# # enable_registration_without_verification = true;
|
||||
# # mainLogConfig = ./matrix_synapse_log_config.yaml;
|
||||
#
|
||||
# # registrations_require_3pid = [ "email" ];
|
||||
#
|
||||
# database = {
|
||||
# name = "psycopg2";
|
||||
# args = {
|
||||
# host = "localhost";
|
||||
# port = config.services.postgresql.settings.port;
|
||||
# dbname = "synapse";
|
||||
# user = "synapse";
|
||||
# cp_min = 5;
|
||||
# cp_max = 10;
|
||||
# client_encoding = "auto";
|
||||
# passfile = config.age.secrets.synapse_db_pass_prepared.path;
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
services.redis.servers."".enable = true;
|
||||
|
||||
age.secrets.synapse_db_pass = {
|
||||
file = ../secrets/synapse_db_pass.age;
|
||||
owner = "postgres";
|
||||
group = "postgres";
|
||||
};
|
||||
age.secrets.synapse_db_pass_prepared = {
|
||||
file = ../secrets/synapse_db_pass_prepared.age;
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
mode = "0600";
|
||||
};
|
||||
age.secrets.synapse_registration_shared_secret = {
|
||||
file = ../secrets/synapse_registration_shared_secret.age;
|
||||
owner = "matrix-synapse";
|
||||
group = "matrix-synapse";
|
||||
mode = "0600";
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
matrix-synapse-tools.synadm
|
||||
matrix-synapse
|
||||
];
|
||||
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
recommendedGzipSettings = true;
|
||||
recommendedProxySettings = true;
|
||||
|
||||
virtualHosts."${domain}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
# This section is not needed if the server_name of matrix-synapse is equal to
|
||||
# the domain (i.e. example.org from @foo:example.org) and the federation port
|
||||
# is 8448.
|
||||
# Further reference can be found in the docs about delegation under
|
||||
# https://element-hq.github.io/synapse/latest/delegate.html
|
||||
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
|
||||
# This is usually needed for homeserver discovery (from e.g. other Matrix clients).
|
||||
# Further reference can be found in the upstream docs at
|
||||
# https://spec.matrix.org/latest/client-server-api/#getwell-knownmatrixclient
|
||||
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
|
||||
};
|
||||
|
||||
virtualHosts."${fqdn}" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/_matrix" = {
|
||||
proxyPass = synapse_backend;
|
||||
#extraConfig = ''
|
||||
# add_header X-debug-backend ${synapse_backend};
|
||||
# add_header X-debug-group $synapse_uri_group;
|
||||
# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
|
||||
# proxy_read_timeout 10m;
|
||||
#'';
|
||||
};
|
||||
locations."/_synapse/client".proxyPass = synapse_backend;
|
||||
};
|
||||
};
|
||||
|
||||
# services.nginx = {
|
||||
# enable = true;
|
||||
# virtualHosts."${domain}" = {
|
||||
# forceSSL = true;
|
||||
# enableACME = lib.mkForce false; # use the cert above, not some weird one that matrix-synapse module supplies
|
||||
# useACMEHost = domain;
|
||||
# locations."/.well-known/matrix/server" = {
|
||||
# return = "200 '{\"m.server\":\"${vhosts.matrix_host.host}:443\"}'";
|
||||
# extraConfig = ''
|
||||
# default_type application/json;
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
# add_header Accept-Ranges bytes;'';
|
||||
# };
|
||||
# locations."/.well-known/matrix/client" = {
|
||||
# return = "200 '{\"m.homeserver\": {\"base_url\": \"https://${vhosts.matrix_host.host}\"}}'";
|
||||
# extraConfig = ''
|
||||
# add_header Access-Control-Allow-Origin *;
|
||||
# default_type application/json;
|
||||
# '';
|
||||
# };
|
||||
# locations."/_matrix" = {
|
||||
# proxyPass = "http://$synapse_backend";
|
||||
# extraConfig = ''
|
||||
# add_header X-debug-backend $synapse_backend;
|
||||
# add_header X-debug-group $synapse_uri_group;
|
||||
# client_max_body_size ${config.services.matrix-synapse-next.settings.max_upload_size};
|
||||
# proxy_read_timeout 10m;
|
||||
# '';
|
||||
# };
|
||||
# locations."/_synapse/client" = {
|
||||
# proxyPass = "http://$synapse_backend";
|
||||
# };
|
||||
# locations."~ ^/_matrix/client/(r0|v3)/sync$" = {
|
||||
# proxyPass = "http://$synapse_backend";
|
||||
# extraConfig = ''
|
||||
# proxy_read_timeout 1h;
|
||||
# '';
|
||||
# };
|
||||
# locations."~ ^/_matrix/client/(api/v1|r0|v3)/initialSync$" = {
|
||||
# proxyPass = "http://synapse_worker_initial_sync";
|
||||
# extraConfig = ''
|
||||
# proxy_read_timeout 1h;
|
||||
# '';
|
||||
# };
|
||||
# locations."~ ^/_matrix/client/(api/v1|r0|v3)/rooms/[^/]+/initialSync$" = {
|
||||
# proxyPass = "http://synapse_worker_initial_sync";
|
||||
# extraConfig = ''
|
||||
# proxy_read_timeout 1h;
|
||||
# '';
|
||||
# };
|
||||
# # locations."/.well-known/matrix" = {
|
||||
# proxyPass = "http://$synapse_backend";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# networking.firewall.allowedTCPPorts = [ 8448 8008 ];
|
||||
}
|
|
@ -14,17 +14,24 @@ in
|
|||
{
|
||||
targets =
|
||||
let
|
||||
inherit (lib) filter isAttrs attrValues;
|
||||
inherit (lib)
|
||||
filter
|
||||
isAttrs
|
||||
attrValues
|
||||
filterAttrs
|
||||
;
|
||||
in
|
||||
map (v: "127.0.0.1:${builtins.toString v.port}") (
|
||||
filter (v: (isAttrs v) && v.enable) (attrValues config.services.prometheus.exporters)
|
||||
filter (v: (isAttrs v) && v.enable) (
|
||||
attrValues (filterAttrs (n: v: n != "minio") config.services.prometheus.exporters)
|
||||
)
|
||||
);
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
exporters = {
|
||||
nginx.enable = true;
|
||||
# nginx.enable = true;
|
||||
redis.enable = true;
|
||||
domain.enable = true;
|
||||
postgres.enable = true;
|
||||
|
|
36
modules/wireguard.nix
Normal file
36
modules/wireguard.nix
Normal file
|
@ -0,0 +1,36 @@
|
|||
{pkgs, ...}: {
|
||||
# enable NAT
|
||||
networking.nat.enable = true; networking.nat.externalInterface = "eth0";
|
||||
networking.nat.internalInterfaces = [ "wg0" ]; networking.firewall = {
|
||||
allowedUDPPorts = [ 51820 ];
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces = {
|
||||
# "wg0" is the network interface name. You can name the interface
|
||||
# arbitrarily.}
|
||||
wg0 = {
|
||||
privateKeyFile = "/home/grimmauld/wireguard.priv";
|
||||
# Determines the IP address and subnet of the server's end of the tunnel
|
||||
# interface.
|
||||
ips = [ "10.100.0.1/24" ];
|
||||
# The port that WireGuard listens to. Must be accessible by the client.
|
||||
listenPort = 51820;
|
||||
# This allows the wireguard server to route your traffic to the internet and
|
||||
# hence be like a VPN For this to work you have to set the dnsserver IP of
|
||||
# your router (or dnsserver of choice) in your clients
|
||||
postSetup = '' ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
|
||||
'';
|
||||
# This undoes the above command
|
||||
postShutdown = '' ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens18 -j MASQUERADE
|
||||
'';
|
||||
|
||||
generatePrivateKeyFile = true;
|
||||
peers = [
|
||||
{
|
||||
publicKey="2aANdnPYtf78iXfwNVAtYjIlE5k/yDWvbdXZ2jw0hXk=";
|
||||
allowedIPs = [ "10.100.0.2/32" ];
|
||||
} ];
|
||||
};
|
||||
};
|
||||
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
||||
}
|
2
modules/wireguard.nix.save
Normal file
2
modules/wireguard.nix.save
Normal file
|
@ -0,0 +1,2 @@
|
|||
{
|
||||
|
|
@ -5,10 +5,10 @@
|
|||
"homepage": "https://matrix.to/#/#agenix:nixos.org",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "3a56735779db467538fb2e577eda28a9daacaca6",
|
||||
"sha256": "1h66zapc6im07k3kcgvhy3lhzahb70vd6m2ijhz4i0v6mn5l3fk9",
|
||||
"rev": "de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6",
|
||||
"sha256": "0rkcx72bq7fm5b1qy1nrzp8v93nv784wh11srgi3pi0m6sr9g03f",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/ryantm/agenix/archive/3a56735779db467538fb2e577eda28a9daacaca6.tar.gz",
|
||||
"url": "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"authentik-nix": {
|
||||
|
@ -17,10 +17,10 @@
|
|||
"homepage": "",
|
||||
"owner": "nix-community",
|
||||
"repo": "authentik-nix",
|
||||
"rev": "bb756751b02b3138a2cba58064a28ddc6f2648df",
|
||||
"sha256": "118jnqj0pxvwx7kaz6im9g4ys8sgm1xslz4figqq4nq417vjh86p",
|
||||
"rev": "89cfaf2eb197a39d12422e773f867d1a7c99b048",
|
||||
"sha256": "1405rzwq8fwpyc63ac76f50glc00sp18m2ska1najzqvzi9v5zpk",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/nix-community/authentik-nix/archive/bb756751b02b3138a2cba58064a28ddc6f2648df.tar.gz",
|
||||
"url": "https://github.com/nix-community/authentik-nix/archive/89cfaf2eb197a39d12422e773f867d1a7c99b048.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"chaotic": {
|
||||
|
@ -29,10 +29,10 @@
|
|||
"homepage": "https://nyx.chaotic.cx",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "0e99464b8956307678b60ec7540e6cad730ee825",
|
||||
"sha256": "1ksi4pssnxaa1pmxdk25gpbciaffjr5py3hdw0ifr0zcs8z22hyy",
|
||||
"rev": "a7f32d358f6efddddd29cd977cd056da9ab040cf",
|
||||
"sha256": "08gpq1bzfmis75c1lxqdsqa20m1nch1fnrl7v2f8jy10k9f332db",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/chaotic-cx/nyx/archive/0e99464b8956307678b60ec7540e6cad730ee825.tar.gz",
|
||||
"url": "https://github.com/chaotic-cx/nyx/archive/a7f32d358f6efddddd29cd977cd056da9ab040cf.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"glibc-eac": {
|
||||
|
@ -50,13 +50,13 @@
|
|||
"lix-module": {
|
||||
"branch": "main",
|
||||
"repo": "https://git.lix.systems/lix-project/nixos-module.git",
|
||||
"rev": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37",
|
||||
"rev": "d70318fb946a0e720dfdd1fb10b0645c14e2a02a",
|
||||
"type": "git"
|
||||
},
|
||||
"lix-pkg": {
|
||||
"branch": "main",
|
||||
"repo": "https://git.lix.systems/lix-project/lix.git",
|
||||
"rev": "865a3732faca16a79bf24982011adf100de04463",
|
||||
"rev": "5ee1e6ea9887a54f0af3a66528abc04b17611516",
|
||||
"type": "git"
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
|
@ -83,10 +83,10 @@
|
|||
"homepage": null,
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
|
||||
"sha256": "19z8yxgjm9jx7dls8942k6d8vp4dgh52azj1d6jgsy1vb27rw56k",
|
||||
"rev": "ad0b5eed1b6031efaed382844806550c3dcb4206",
|
||||
"sha256": "105856b6lrbhn6q6cdbxrmnwbxjd8jy8qs79qp864yk1x1j5wvpr",
|
||||
"type": "tarball",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/2741b4b489b55df32afac57bc4bfd220e8bf617e.tar.gz",
|
||||
"url": "https://github.com/NixOS/nixpkgs/archive/ad0b5eed1b6031efaed382844806550c3dcb4206.tar.gz",
|
||||
"url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz"
|
||||
},
|
||||
"ranger_udisk_menu": {
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, pkgs, ... }:
|
||||
{
|
||||
imports = [ ./hardware-configuration.nix ];
|
||||
|
||||
|
@ -11,6 +11,7 @@
|
|||
services.openssh.enable = true;
|
||||
system.stateVersion = "23.11";
|
||||
networking.networkmanager.enable = lib.mkForce false;
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
|
||||
# users.users.root.openssh.authorizedKeys.keys = (import ./authorizedKeys.nix);
|
||||
}
|
||||
|
|
|
@ -14,6 +14,11 @@
|
|||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/d6bf7aad-cd46-458c-98e8-a321eb77858a";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
environment.sessionVariables = {
|
||||
OMP_NUM_THREADS = "8";
|
||||
};
|
||||
|
|
199
sway/default.nix
199
sway/default.nix
|
@ -51,113 +51,122 @@
|
|||
urgentcol = "#9e3c3c";
|
||||
realwhite = "#C7D3E3";
|
||||
};
|
||||
keybinds = {
|
||||
"$mod+d" = "exec $menu";
|
||||
"$mod+Shift+d" = "exec $menu_run";
|
||||
"$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
|
||||
"$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh";
|
||||
"$mod+Return" = "exec ${getExe xdg-terminal-exec}";
|
||||
"$mod+Shift+q" = "kill";
|
||||
"$mod+Shift+c" = "reload";
|
||||
"$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'";
|
||||
keybinds =
|
||||
{
|
||||
"$mod+d" = "exec $menu";
|
||||
"$mod+Shift+d" = "exec $menu_run";
|
||||
"$mod+Shift+s" = ''exec ${getExe grim} -g "$(${getExe slurp} -d)" - | wl-copy'';
|
||||
"$mod+Shift+Return" = "exec ${getExe xdg-terminal-exec} xonsh";
|
||||
"$mod+Return" = "exec ${getExe xdg-terminal-exec}";
|
||||
"$mod+Shift+q" = "kill";
|
||||
"$mod+Shift+c" = "reload";
|
||||
"$mod+Shift+e" = "exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'";
|
||||
|
||||
# Move your focus around
|
||||
"$mod+$left" = "focus left";
|
||||
"$mod+$down" = "focus down";
|
||||
"$mod+$up" = "focus up";
|
||||
"$mod+$right" = "focus right";
|
||||
# Or use $mod+[up|down|left|right]
|
||||
"$mod+Left" = "focus left";
|
||||
"$mod+Down" = "focus down";
|
||||
"$mod+Up" = "focus up";
|
||||
"$mod+Right" = "focus right";
|
||||
# Move your focus around
|
||||
"$mod+$left" = "focus left";
|
||||
"$mod+$down" = "focus down";
|
||||
"$mod+$up" = "focus up";
|
||||
"$mod+$right" = "focus right";
|
||||
# Or use $mod+[up|down|left|right]
|
||||
"$mod+Left" = "focus left";
|
||||
"$mod+Down" = "focus down";
|
||||
"$mod+Up" = "focus up";
|
||||
"$mod+Right" = "focus right";
|
||||
|
||||
# Move the focused window with the same, but add Shift
|
||||
"$mod+Shift+$left" = "move left";
|
||||
"$mod+Shift+$down" = "move down";
|
||||
"$mod+Shift+$up" = "move up";
|
||||
"$mod+Shift+$right" = "move right";
|
||||
# Ditto, with arrow keys
|
||||
"$mod+Shift+Left" = "move left";
|
||||
"$mod+Shift+Down" = "move down";
|
||||
"$mod+Shift+Up" = "move up";
|
||||
"$mod+Shift+Right" = "move right";
|
||||
|
||||
# Layout stuff:
|
||||
#
|
||||
# You can "split" the current object of your focus with
|
||||
# $mod+b or $mod+v, for horizontal and vertical splits
|
||||
# respectively.
|
||||
"$mod+b" = "splith";
|
||||
"$mod+v" = "splitv";
|
||||
# Move the focused window with the same, but add Shift
|
||||
"$mod+Shift+$left" = "move left";
|
||||
"$mod+Shift+$down" = "move down";
|
||||
"$mod+Shift+$up" = "move up";
|
||||
"$mod+Shift+$right" = "move right";
|
||||
# Ditto, with arrow keys
|
||||
"$mod+Shift+Left" = "move left";
|
||||
"$mod+Shift+Down" = "move down";
|
||||
"$mod+Shift+Up" = "move up";
|
||||
"$mod+Shift+Right" = "move right";
|
||||
|
||||
# Switch the current container between different layout styles
|
||||
"$mod+s" = "layout stacking";
|
||||
"$mod+w" = "layout tabbed";
|
||||
"$mod+e" = "layout toggle split";
|
||||
# Layout stuff:
|
||||
#
|
||||
# You can "split" the current object of your focus with
|
||||
# $mod+b or $mod+v, for horizontal and vertical splits
|
||||
# respectively.
|
||||
"$mod+b" = "splith";
|
||||
"$mod+v" = "splitv";
|
||||
|
||||
# Make the current focus fullscreen
|
||||
"$mod+f" = "fullscreen";
|
||||
# Switch the current container between different layout styles
|
||||
"$mod+s" = "layout stacking";
|
||||
"$mod+w" = "layout tabbed";
|
||||
"$mod+e" = "layout toggle split";
|
||||
|
||||
# Toggle the current focus between tiling and floating mode
|
||||
"$mod+Shift+space" = "floating toggle";
|
||||
# Make the current focus fullscreen
|
||||
"$mod+f" = "fullscreen";
|
||||
|
||||
# Swap focus between the tiling area and the floating area
|
||||
"$mod+space" = "focus mode_toggle";
|
||||
# Toggle the current focus between tiling and floating mode
|
||||
"$mod+Shift+space" = "floating toggle";
|
||||
|
||||
# Move focus to the parent container
|
||||
"$mod+a" = "focus parent";
|
||||
# Swap focus between the tiling area and the floating area
|
||||
"$mod+space" = "focus mode_toggle";
|
||||
|
||||
"$mod+Shift+minus" = "move scratchpad";
|
||||
"$mod+minus" = "scratchpad show";
|
||||
# Move focus to the parent container
|
||||
"$mod+a" = "focus parent";
|
||||
|
||||
"$mod+r" = "mode \"resize\"";
|
||||
"$mod+Shift+minus" = "move scratchpad";
|
||||
"$mod+minus" = "scratchpad show";
|
||||
|
||||
XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
|
||||
XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
|
||||
"Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%";
|
||||
"Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%";
|
||||
XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
XF86AudioPlay = "exec playerctl play-pause";
|
||||
XF86AudioNext = "exec playerctl next";
|
||||
XF86AudioPrev = "exec playerctl previous";
|
||||
"$mod+c" = "exec ${getExe swaymux}";
|
||||
XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%";
|
||||
XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%";
|
||||
XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}";
|
||||
XF86Search = "exec ${getExe searchclip}";
|
||||
XF86HomePage =
|
||||
"$mod+r" = "mode \"resize\"";
|
||||
|
||||
XF86AudioRaiseVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
|
||||
XF86AudioLowerVolume = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
|
||||
"Shift+XF86AudioLowerVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ -5%";
|
||||
"Shift+XF86AudioRaiseVolume" = "exec pactl set-source-volume @DEFAULT_SOURCE@ +5%";
|
||||
XF86AudioMute = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
|
||||
XF86AudioPlay = "exec playerctl play-pause";
|
||||
XF86AudioNext = "exec playerctl next";
|
||||
XF86AudioPrev = "exec playerctl previous";
|
||||
"$mod+c" = "exec ${getExe swaymux}";
|
||||
XF86MonBrightnessUp = "exec ${getExe brightnessctl} s 10+%";
|
||||
XF86MonBrightnessDown = "exec ${getExe brightnessctl} s 10-%";
|
||||
XF86Explorer = "exec ${getExe xdg-terminal-exec} ${getExe ranger}";
|
||||
XF86Search = "exec ${getExe searchclip}";
|
||||
XF86HomePage =
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_browser" ''
|
||||
browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//")
|
||||
swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch
|
||||
'';
|
||||
in
|
||||
"exec ${getExe open}";
|
||||
XF86Tools =
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_spotify" ''
|
||||
# FIXME: spotify is being weird
|
||||
while IFS= read -r pid; do
|
||||
swaymsg [pid=$pid] focus && exit 0
|
||||
done <<< $(pgrep spotify -u "$(whoami)")
|
||||
${getExe deskwhich} spotify | xargs gio launch
|
||||
'';
|
||||
in
|
||||
"exec ${getExe open}"; # for some reason tools = audio media on my keyboard??
|
||||
XF86Mail =
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_mail" ''
|
||||
desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//")
|
||||
swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch
|
||||
'';
|
||||
in
|
||||
"exec ${getExe open}";
|
||||
# XF86Bluetooth = "exec blueman-manager";
|
||||
}
|
||||
// (
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_browser" ''
|
||||
browser=$(xdg-settings get default-web-browser | sed "s/\.desktop//")
|
||||
swaymsg [app_id="$browser"] focus || ${getExe deskwhich} $browser | xargs gio launch
|
||||
'';
|
||||
inherit (builtins) toString;
|
||||
in
|
||||
"exec ${getExe open}";
|
||||
XF86Tools =
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_spotify" ''
|
||||
# FIXME: spotify is being weird
|
||||
while IFS= read -r pid; do
|
||||
swaymsg [pid=$pid] focus && exit 0
|
||||
done <<< $(pgrep spotify -u "$(whoami)")
|
||||
${getExe deskwhich} spotify | xargs gio launch
|
||||
'';
|
||||
in
|
||||
"exec ${getExe open}"; # for some reason tools = audio media on my keyboard??
|
||||
XF86Mail =
|
||||
let
|
||||
open = pkgs.writeShellScriptBin "open_or_switch_mail" ''
|
||||
desk=$(xdg-settings get default-url-scheme-handler mailto | sed "s/\.desktop//")
|
||||
swaymsg [app_id="$desk"] focus || ${getExe deskwhich} $desk | xargs gio launch
|
||||
'';
|
||||
in
|
||||
"exec ${getExe open}";
|
||||
# XF86Bluetooth = "exec blueman-manager";
|
||||
} // (let inherit (builtins) toString; in lib.mergeAttrsList (map (n: {
|
||||
"$mod+${toString n}" = "workspace number ${toString n}";
|
||||
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
|
||||
}) (lib.range 0 9)));
|
||||
lib.mergeAttrsList (
|
||||
map (n: {
|
||||
"$mod+${toString n}" = "workspace number ${toString n}";
|
||||
"$mod+Shift+${toString n}" = "move container to workspace number ${toString n}";
|
||||
}) (lib.range 0 9)
|
||||
)
|
||||
);
|
||||
autolaunch = with pkgs; [
|
||||
# fixme: absolute paths
|
||||
"blueman-applet"
|
||||
|
|
Loading…
Reference in a new issue