thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

meta: Format tree

Browse source
This commit is contained in:
The Hedgehog 2022-10-05 18:17:21 -04:00
parent 1435241e0c
commit 157210cefb
Signed by: thehedgehog
GPG key ID: 8CDF3F7CAA53A0F5
60 changed files with 877 additions and 775 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -149,7 +149,6 @@
};
hydraJobs = {
build = {
marvin = self.nixosConfigurations.marvin.config.system.build.toplevel;
prefect = self.nixosConfigurations.prefect.config.system.build.toplevel;

8
home.nix
View file

@ -143,10 +143,10 @@
};
xdg.configFile = {
"btop/themes".source = pkgs.my-pkgs.catppuccin-btop;
"btop/themes".recursive = true;
"bat/themes".source = pkgs.my-pkgs.catppuccin-bat;
"bat/themes".recursive = true;
"btop/themes".source = pkgs.my-pkgs.catppuccin-btop;
"btop/themes".recursive = true;
"bat/themes".source = pkgs.my-pkgs.catppuccin-bat;
"bat/themes".recursive = true;
};
# fonts.fontconfig.enable = true;

8
home/files/pamKeys.nix
View file

@ -1,3 +1,5 @@
{ xdg.configFile."Yubico/u2f_keys".text = ''
thehedgehog:iC1dk7d+DYFX60wpkDlWdwNpkRLXmML7iDjxh4TRXe8OhsAb2pgKiY6tVLHeZIK3WOVA1DuWU8rWlHdma3eqJg==,NdBJTVCvOamU35ad3fJRv6A6YZQIYrojcVk9a8WYMVvTtKO+xyIeBvunlidHv4Zb0rYrOvK6u7Gb4N5x6T6FIQ==,es256,+presence:juWx2IphhNuHZHiv8nG3i2WWTyR5A+CWp5iHz2AmE7aj3b3rgj85Gl1PMpmZlvlwDgbCP+dlcP5PPzTFloB3Ow==,FEXBkP0PzZSURoIbLuGiRRHFIcSiqEz/ieNPRqRY/hqLJ4AsvGwJ1xdIX7F8qAQuMSp8m7usuBLS4u+4FGg3Ng==,es256,+presence
'';}
{
xdg.configFile."Yubico/u2f_keys".text = ''
thehedgehog:iC1dk7d+DYFX60wpkDlWdwNpkRLXmML7iDjxh4TRXe8OhsAb2pgKiY6tVLHeZIK3WOVA1DuWU8rWlHdma3eqJg==,NdBJTVCvOamU35ad3fJRv6A6YZQIYrojcVk9a8WYMVvTtKO+xyIeBvunlidHv4Zb0rYrOvK6u7Gb4N5x6T6FIQ==,es256,+presence:juWx2IphhNuHZHiv8nG3i2WWTyR5A+CWp5iHz2AmE7aj3b3rgj85Gl1PMpmZlvlwDgbCP+dlcP5PPzTFloB3Ow==,FEXBkP0PzZSURoIbLuGiRRHFIcSiqEz/ieNPRqRY/hqLJ4AsvGwJ1xdIX7F8qAQuMSp8m7usuBLS4u+4FGg3Ng==,es256,+presence
'';
}

400
home/files/tridactylrc.nix
View file

@ -1,209 +1,209 @@
{
# color=1A1B26
xdg.configFile."tridactyl/tridactylrc".text = ''
" General Settings
set update.lastchecktime 1657980206978
set update.nag true
set update.nagwait 7
set update.lastnaggedversion 1.14.0
set update.checkintervalsecs 86400
set configversion 2.0
set smoothscroll true
set k scrollline -5
set theme tokyo-night
set newtab about:blank
set allowautofocus false
set allowautofocus false
set followpagepatterns.prev Previous
" General Settings
set update.lastchecktime 1657980206978
set update.nag true
set update.nagwait 7
set update.lastnaggedversion 1.14.0
set update.checkintervalsecs 86400
set configversion 2.0
set smoothscroll true
set k scrollline -5
set theme tokyo-night
set newtab about:blank
set allowautofocus false
set allowautofocus false
set followpagepatterns.prev Previous
" Binds
bind j scrollline 5
bind ;x hint -F e => { const pos = tri.dom.getAbsoluteCentre(e); tri.excmds.exclaim_quiet("xdotool mousemove --sync " + window.devicePixelRatio * pos.x + " " + window.devicePixelRatio * pos.y + "; xdotool click 1")}
bind ;X hint -F e => { const pos = tri.dom.getAbsoluteCentre(e); tri.excmds.exclaim_quiet("xdotool mousemove --sync " + window.devicePixelRatio * pos.x + " " + window.devicePixelRatio * pos.y + "; xdotool keydown ctrl+shift; xdotool click 1; xdotool keyup ctrl+shift")}
bind <A-p> pin
bind <A-m> mute toggle
bind <F1> help
bind o fillcmdline open
bind O current_url open
bind w fillcmdline winopen
bind W current_url winopen
bind t fillcmdline tabopen
bind ]] followpage next
bind [[ followpage prev
bind [c urlincrement -1
bind ]c urlincrement 1
bind <C-x> urlincrement -1
bind <C-a> urlincrement 1
bind T current_url tabopen
bind yy clipboard yank
bind ys clipboard yankshort
bind yc clipboard yankcanon
bind ym clipboard yankmd
bind yo clipboard yankorg
bind yt clipboard yanktitle
bind gh home
bind gH home true
bind p clipboard open
bind P clipboard tabopen
bind <C-e> scrollline 10
bind k scrollline -5
bind <C-y> scrollline -10
bind h scrollpx -50
bind l scrollpx 50
bind G scrollto 100
bind gg scrollto 0
bind <C-u> scrollpage -0.5
bind <C-d> scrollpage 0.5
bind <C-f> scrollpage 1
bind <C-b> scrollpage -1
unbind <C-v>
bind $ scrollto 100 x
bind ^ scrollto 0 x
bind H back
bind L forward
bind <C-o> jumpprev
bind <C-i> jumpnext
bind d tabclose
bind D composite tabprev; tabclose #
bind gx0 tabclosealltoleft
bind gx$ tabclosealltoright
bind << tabmove -1
bind >> tabmove +1
bind u undo
bind U undo window
bind r reload
bind R reloadhard
bind x tabclose
bind gi focusinput -l
bind g? rot13
bind g! jumble
bind g; changelistjump -1
bind J tabprev
bind K tabnext
bind gt tabnext_gt
bind gT tabprev
bind g^ tabfirst
bind g0 tabfirst
bind g$ tablast
bind ga tabaudio
bind gr reader
bind gu urlparent
bind gU urlroot
bind gf viewsource
bind : fillcmdline_notrail
bind s fillcmdline open search
bind S fillcmdline tabopen search
bind M gobble 1 quickmark
bind B fillcmdline taball
bind b fillcmdline tab
bind ZZ qall
bind f hint
bind F hint -b
bind gF hint -qb
bind ;i hint -i
bind ;b hint -b
bind ;o hint
bind ;I hint -I
bind ;k hint -k
bind ;K hint -K
bind ;y hint -y
bind ;Y hint -cF img i => tri.excmds.yankimage(tri.urlutils.getAbsoluteURL(i.src))
bind ;p hint -p
bind ;h hint -h
bind v hint -h
bind ;P hint -P
bind ;r hint -r
bind ;s hint -s
bind ;S hint -S
bind ;a hint -a
bind ;A hint -A
bind ;; hint -; *
bind ;# hint -#
bind ;v hint -W mpvsafe
bind ;V hint -V
bind ;w hint -w
bind ;t hint -W tabopen
bind ;O hint -W fillcmdline_notrail open
bind ;W hint -W fillcmdline_notrail winopen
bind ;T hint -W fillcmdline_notrail tabopen
bind ;z hint -z
bind ;m composite hint -Jpipe img src | open images.google.com/searchbyimage?image_url=
bind ;M composite hint -Jpipe img src | tabopen images.google.com/searchbyimage?image_url=
bind ;gi hint -qi
bind ;gI hint -qI
bind ;gk hint -qk
bind ;gy hint -qy
bind ;gp hint -qp
bind ;gP hint -qP
bind ;gr hint -qr
bind ;gs hint -qs
bind ;gS hint -qS
bind ;ga hint -qa
bind ;gA hint -qA
bind ;g; hint -q;
bind ;g# hint -q#
bind ;gv hint -qW mpvsafe
bind ;gw hint -qw
bind ;gb hint -qb
bind ;gF hint -qb
bind ;gf hint -q
bind <S-Insert> mode ignore
bind <AC-Escape> mode ignore
bind <AC-`> mode ignore
bind <S-Escape> mode ignore
bind <Escape> composite mode normal ; hidecmdline
bind <C-[> composite mode normal ; hidecmdline
bind a current_url bmark
bind A bmark
bind zi zoom 0.1 true
bind zo zoom -0.1 true
bind zm zoom 0.5 true
bind zr zoom -0.5 true
bind zM zoom 0.5 true
bind zR zoom -0.5 true
bind zz zoom 1
bind zI zoom 3
bind zO zoom 0.3
bind . repeat
bind <AS-ArrowUp><AS-ArrowUp><AS-ArrowDown><AS-ArrowDown><AS-ArrowLeft><AS-ArrowRight><AS-ArrowLeft><AS-ArrowRight>ba open https://www.youtube.com/watch?v=M3iOROuTuMA
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
unbindurl https://github.com --mode
bindurl ^https://web.whatsapp.com f hint -c [tabindex]:not(.two)>div,a
bindurl ^https://web.whatsapp.com F hint -bc [tabindex]:not(.two)>div,a
unbindurl % x
unbindurl refined-github-html-preview.kidonng.workers.dev x
" Binds
bind j scrollline 5
bind ;x hint -F e => { const pos = tri.dom.getAbsoluteCentre(e); tri.excmds.exclaim_quiet("xdotool mousemove --sync " + window.devicePixelRatio * pos.x + " " + window.devicePixelRatio * pos.y + "; xdotool click 1")}
bind ;X hint -F e => { const pos = tri.dom.getAbsoluteCentre(e); tri.excmds.exclaim_quiet("xdotool mousemove --sync " + window.devicePixelRatio * pos.x + " " + window.devicePixelRatio * pos.y + "; xdotool keydown ctrl+shift; xdotool click 1; xdotool keyup ctrl+shift")}
bind <A-p> pin
bind <A-m> mute toggle
bind <F1> help
bind o fillcmdline open
bind O current_url open
bind w fillcmdline winopen
bind W current_url winopen
bind t fillcmdline tabopen
bind ]] followpage next
bind [[ followpage prev
bind [c urlincrement -1
bind ]c urlincrement 1
bind <C-x> urlincrement -1
bind <C-a> urlincrement 1
bind T current_url tabopen
bind yy clipboard yank
bind ys clipboard yankshort
bind yc clipboard yankcanon
bind ym clipboard yankmd
bind yo clipboard yankorg
bind yt clipboard yanktitle
bind gh home
bind gH home true
bind p clipboard open
bind P clipboard tabopen
bind <C-e> scrollline 10
bind k scrollline -5
bind <C-y> scrollline -10
bind h scrollpx -50
bind l scrollpx 50
bind G scrollto 100
bind gg scrollto 0
bind <C-u> scrollpage -0.5
bind <C-d> scrollpage 0.5
bind <C-f> scrollpage 1
bind <C-b> scrollpage -1
unbind <C-v>
bind $ scrollto 100 x
bind ^ scrollto 0 x
bind H back
bind L forward
bind <C-o> jumpprev
bind <C-i> jumpnext
bind d tabclose
bind D composite tabprev; tabclose #
bind gx0 tabclosealltoleft
bind gx$ tabclosealltoright
bind << tabmove -1
bind >> tabmove +1
bind u undo
bind U undo window
bind r reload
bind R reloadhard
bind x tabclose
bind gi focusinput -l
bind g? rot13
bind g! jumble
bind g; changelistjump -1
bind J tabprev
bind K tabnext
bind gt tabnext_gt
bind gT tabprev
bind g^ tabfirst
bind g0 tabfirst
bind g$ tablast
bind ga tabaudio
bind gr reader
bind gu urlparent
bind gU urlroot
bind gf viewsource
bind : fillcmdline_notrail
bind s fillcmdline open search
bind S fillcmdline tabopen search
bind M gobble 1 quickmark
bind B fillcmdline taball
bind b fillcmdline tab
bind ZZ qall
bind f hint
bind F hint -b
bind gF hint -qb
bind ;i hint -i
bind ;b hint -b
bind ;o hint
bind ;I hint -I
bind ;k hint -k
bind ;K hint -K
bind ;y hint -y
bind ;Y hint -cF img i => tri.excmds.yankimage(tri.urlutils.getAbsoluteURL(i.src))
bind ;p hint -p
bind ;h hint -h
bind v hint -h
bind ;P hint -P
bind ;r hint -r
bind ;s hint -s
bind ;S hint -S
bind ;a hint -a
bind ;A hint -A
bind ;; hint -; *
bind ;# hint -#
bind ;v hint -W mpvsafe
bind ;V hint -V
bind ;w hint -w
bind ;t hint -W tabopen
bind ;O hint -W fillcmdline_notrail open
bind ;W hint -W fillcmdline_notrail winopen
bind ;T hint -W fillcmdline_notrail tabopen
bind ;z hint -z
bind ;m composite hint -Jpipe img src | open images.google.com/searchbyimage?image_url=
bind ;M composite hint -Jpipe img src | tabopen images.google.com/searchbyimage?image_url=
bind ;gi hint -qi
bind ;gI hint -qI
bind ;gk hint -qk
bind ;gy hint -qy
bind ;gp hint -qp
bind ;gP hint -qP
bind ;gr hint -qr
bind ;gs hint -qs
bind ;gS hint -qS
bind ;ga hint -qa
bind ;gA hint -qA
bind ;g; hint -q;
bind ;g# hint -q#
bind ;gv hint -qW mpvsafe
bind ;gw hint -qw
bind ;gb hint -qb
bind ;gF hint -qb
bind ;gf hint -q
bind <S-Insert> mode ignore
bind <AC-Escape> mode ignore
bind <AC-`> mode ignore
bind <S-Escape> mode ignore
bind <Escape> composite mode normal ; hidecmdline
bind <C-[> composite mode normal ; hidecmdline
bind a current_url bmark
bind A bmark
bind zi zoom 0.1 true
bind zo zoom -0.1 true
bind zm zoom 0.5 true
bind zr zoom -0.5 true
bind zM zoom 0.5 true
bind zR zoom -0.5 true
bind zz zoom 1
bind zI zoom 3
bind zO zoom 0.3
bind . repeat
bind <AS-ArrowUp><AS-ArrowUp><AS-ArrowDown><AS-ArrowDown><AS-ArrowLeft><AS-ArrowRight><AS-ArrowLeft><AS-ArrowRight>ba open https://www.youtube.com/watch?v=M3iOROuTuMA
bind / fillcmdline find
bind ? fillcmdline find -?
bind n findnext 1
bind N findnext -1
unbindurl https://github.com --mode
bindurl ^https://web.whatsapp.com f hint -c [tabindex]:not(.two)>div,a
bindurl ^https://web.whatsapp.com F hint -bc [tabindex]:not(.two)>div,a
unbindurl % x
unbindurl refined-github-html-preview.kidonng.workers.dev x
" Subconfig Settings
seturl ^https://docs.google.com/ preventautofocusjackhammer true
seturl www.google.com followpagepatterns.next Next
seturl https://nixos.org/manual/nixpkgs/stable/#python sourcegraph.com allowautofocus
seturl sourcegraph.com allowautofocus true
seturl https://docs.google.com allowautofocus true
seturl myaccess.apsva.us allowautofocus true
seturl webmail.migadu.com allowautofocus true
seturl godbolt.org allowautofocus true
seturl jsfiddle.net allowautofocus true
" Subconfig Settings
seturl ^https://docs.google.com/ preventautofocusjackhammer true
seturl www.google.com followpagepatterns.next Next
seturl https://nixos.org/manual/nixpkgs/stable/#python sourcegraph.com allowautofocus
seturl sourcegraph.com allowautofocus true
seturl https://docs.google.com allowautofocus true
seturl myaccess.apsva.us allowautofocus true
seturl webmail.migadu.com allowautofocus true
seturl godbolt.org allowautofocus true
seturl jsfiddle.net allowautofocus true
" Autocmds
autocmd DocStart https://twitch.tv mode ignore
autocmd DocStart twitch.tv mode ignore
autocmd DocStart % mode ignore
autocmd DocStart qmk.fm mode ignore
autocmd DocStart config.qmk.fm mode ignore
autocmd DocStart discourse.doomemacs.org mode ignore
autocmd DocStart toptal.com mode ignore
autocmd DocStart github.com mode ignore
autocmd DocStart tpt-plus.glitch.me mode ignore
autocmd DocStart ducdat0507.github.io mode ignore
autocmd DocStart dontwordle.com mode ignore
autocmd DocStart www.nytimes.com/games/wordle mode ignore
autocmd DocLoad ^https://github.com/tridactyl/tridactyl/issues/new$ issue
autocmd TriStart .* source_quiet
" Autocmds
autocmd DocStart https://twitch.tv mode ignore
autocmd DocStart twitch.tv mode ignore
autocmd DocStart % mode ignore
autocmd DocStart qmk.fm mode ignore
autocmd DocStart config.qmk.fm mode ignore
autocmd DocStart discourse.doomemacs.org mode ignore
autocmd DocStart toptal.com mode ignore
autocmd DocStart github.com mode ignore
autocmd DocStart tpt-plus.glitch.me mode ignore
autocmd DocStart ducdat0507.github.io mode ignore
autocmd DocStart dontwordle.com mode ignore
autocmd DocStart www.nytimes.com/games/wordle mode ignore
autocmd DocLoad ^https://github.com/tridactyl/tridactyl/issues/new$ issue
autocmd TriStart .* source_quiet
" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl
" vim: set filetype=tridactyl
" For syntax highlighting see https://github.com/tridactyl/vim-tridactyl
" vim: set filetype=tridactyl
'';
}

4
home/programs/git.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }:
{pkgs, ...}:
with pkgs; {
programs.git = {
enable = true;
@ -62,7 +62,7 @@ with pkgs; {
settings = {
gui.showIcons = true;
gui.showRandomTip = false;
gui.theme.selectedLineBgColor = [ "default" ];
gui.theme.selectedLineBgColor = ["default"];
git.paging = {
pager = "delta --dark --paging=never";
colorArg = "always";

12
home/programs/neovim/default.nix
View file

@ -30,12 +30,12 @@
pkgs.taplo-lsp
pkgs.ueberzug
];
# extraConfig = ''
# luafile ~/.config/nvim/init.generated.lua
# colorscheme tokyonight
# let g:python3_host_prog='${pkgs.python3Full}/bin/python'
# let mapleader=' '
# '';
# extraConfig = ''
# luafile ~/.config/nvim/init.generated.lua
# colorscheme tokyonight
# let g:python3_host_prog='${pkgs.python3Full}/bin/python'
# let mapleader=' '
# '';
};
xdg.configFile."nvim" = {
source = ./config;

52
home/programs/neovim/plugins.nix
View file

@ -62,31 +62,31 @@ in {
vim-tmux
which-key-nvim
nvim-treesitter
# (nvim-treesitter.withPlugins (plugins:
# with plugins; [
# tree-sitter-bash
# tree-sitter-comment
# tree-sitter-commonlisp
# tree-sitter-css
# tree-sitter-elisp
# tree-sitter-fennel
# tree-sitter-fish
# tree-sitter-html
# tree-sitter-http
# tree-sitter-javascript
# tree-sitter-jsdoc
# tree-sitter-json
# tree-sitter-json5
# tree-sitter-lua
# tree-sitter-markdown
# tree-sitter-nix
# tree-sitter-norg
# tree-sitter-org-nvim
# tree-sitter-python
# tree-sitter-regex
# tree-sitter-rust
# tree-sitter-toml
# tree-sitter-vim
# ]))
# (nvim-treesitter.withPlugins (plugins:
# with plugins; [
# tree-sitter-bash
# tree-sitter-comment
# tree-sitter-commonlisp
# tree-sitter-css
# tree-sitter-elisp
# tree-sitter-fennel
# tree-sitter-fish
# tree-sitter-html
# tree-sitter-http
# tree-sitter-javascript
# tree-sitter-jsdoc
# tree-sitter-json
# tree-sitter-json5
# tree-sitter-lua
# tree-sitter-markdown
# tree-sitter-nix
# tree-sitter-norg
# tree-sitter-org-nvim
# tree-sitter-python
# tree-sitter-regex
# tree-sitter-rust
# tree-sitter-toml
# tree-sitter-vim
# ]))
];
}

10
home/programs/wezterm/default.nix
View file

@ -1,4 +1,6 @@
{ xdg.configFile."wezterm" = {
source = ./config;
recursive = true;
};}
{
xdg.configFile."wezterm" = {
source = ./config;
recursive = true;
};
}

77
home/wayland/keybindings.nix
View file

@ -1,39 +1,46 @@
{ pkgs, lib, config, ...}: let
{
pkgs,
lib,
config,
...
}: let
mod = config.wayland.windowManager.sway.config.modifier;
homeDir = config.home.homeDirectory;
menu = config.wayland.windowManager.sway.config.menu;
term = config.wayland.windowManager.sway.config.terminal;
in { wayland.windowManager.sway.config.keybindings = lib.mkOptionDefault {
"${mod}+d" = "${menu}";
"${mod}+Shift+F" = "exec MOZ_DISABLE_RDD_SANDBOX=1 firefox";
"${mod}+Return" = "exec ${term}";
"${mod}+x" = "exec wlogout";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"Ctrl+F3" = "exec grimshot save screen";
"Ctrl+F4" = "exec grimshot save area";
"Ctrl+F5" = "exec grimshot save active";
"Ctrl+F6" = "exec grimshot save window";
"Shift+F3" = "exec grimshot copy screen";
"Shift+F4" = "exec grimshot copy area";
"Shift+F5" = "exec grimshot copy active";
"Shift+F6" = "exec grimshot copy window";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+0" = "workspace number 10";
};}
in {
wayland.windowManager.sway.config.keybindings = lib.mkOptionDefault {
"${mod}+d" = "${menu}";
"${mod}+Shift+F" = "exec MOZ_DISABLE_RDD_SANDBOX=1 firefox";
"${mod}+Return" = "exec ${term}";
"${mod}+x" = "exec wlogout";
"XF86MonBrightnessDown" = "exec brightnessctl set 5%-";
"XF86MonBrightnessUp" = "exec brightnessctl set +5%";
"XF86AudioRaiseVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ +5%";
"XF86AudioLowerVolume" = "exec pactl set-sink-volume @DEFAULT_SINK@ -5%";
"XF86AudioMute" = "exec pactl set-sink-mute @DEFAULT_SINK@ toggle";
"XF86AudioMicMute" = "exec pactl set-source-mute @DEFAULT_SOURCE@ toggle";
"XF86AudioPlay" = "exec playerctl play-pause";
"XF86AudioNext" = "exec playerctl next";
"XF86AudioPrev" = "exec playerctl previous";
"Ctrl+F3" = "exec grimshot save screen";
"Ctrl+F4" = "exec grimshot save area";
"Ctrl+F5" = "exec grimshot save active";
"Ctrl+F6" = "exec grimshot save window";
"Shift+F3" = "exec grimshot copy screen";
"Shift+F4" = "exec grimshot copy area";
"Shift+F5" = "exec grimshot copy active";
"Shift+F6" = "exec grimshot copy window";
"${mod}+Shift+1" = "move container to workspace number 1";
"${mod}+Shift+2" = "move container to workspace number 2";
"${mod}+Shift+3" = "move container to workspace number 3";
"${mod}+Shift+4" = "move container to workspace number 4";
"${mod}+Shift+5" = "move container to workspace number 5";
"${mod}+Shift+6" = "move container to workspace number 6";
"${mod}+Shift+7" = "move container to workspace number 7";
"${mod}+Shift+8" = "move container to workspace number 8";
"${mod}+Shift+9" = "move container to workspace number 9";
"${mod}+Shift+0" = "move container to workspace number 10";
"${mod}+0" = "workspace number 10";
};
}

2
home/wayland/sway.nix
View file

@ -6,7 +6,7 @@
term = config.wayland.windowManager.sway.config.terminal;
homeDir = config.home.homeDirectory;
in {
imports = [ ./keybindings.nix ];
imports = [./keybindings.nix];
wayland.windowManager.sway = {
enable = true;
systemdIntegration = true;

40
hosts/common/networking.nix
View file

@ -1,19 +1,21 @@
{ networking = {
nameservers = [
"45.11.45.11"
"100.64.0.3"
"fd42:d42:d42:53::1"
"fd42:d42:d42:54::1"
"172.23.0.53"
"172.20.0.53"
];
timeServers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
resolvconf.extraConfig = ''
name_servers="100.64.0.3 45.11.45.11 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53"
'';
};}
{
networking = {
nameservers = [
"45.11.45.11"
"100.64.0.3"
"fd42:d42:d42:53::1"
"fd42:d42:d42:54::1"
"172.23.0.53"
"172.20.0.53"
];
timeServers = [
"0.pool.ntp.org"
"1.pool.ntp.org"
"2.pool.ntp.org"
"3.pool.ntp.org"
];
resolvconf.extraConfig = ''
name_servers="100.64.0.3 45.11.45.11 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53"
'';
};
}

8
hosts/common/programs/default.nix
View file

@ -1,3 +1,5 @@
{ imports = [
./ssh.nix
];}
{
imports = [
./ssh.nix
];
}

8
hosts/common/services/default.nix
View file

@ -1,3 +1,5 @@
{ imports = [
./ntp.nix
];}
{
imports = [
./ntp.nix
];
}

24
hosts/default.nix
View file

@ -1,11 +1,13 @@
{ imports = [
./common/networking.nix
./common/nixConfig.nix
./common/nixpkgsConfig.nix
./common/packages.nix
./common/programs
./common/root.nix
./common/services
./common/ssh.nix
./common/users.nix
];}
{
imports = [
./common/networking.nix
./common/nixConfig.nix
./common/nixpkgsConfig.nix
./common/packages.nix
./common/programs
./common/root.nix
./common/services
./common/ssh.nix
./common/users.nix
];
}

2
hosts/marvin/firewall.nix
View file

@ -1,4 +1,4 @@
{
networking.firewall.allowedTCPPorts = [80 443 6912];
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.trustedInterfaces = ["tailscale0"];
}

4
hosts/marvin/secrets/secrets.nix
View file

@ -4,8 +4,8 @@ let
yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";
backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
me = [ yubi-main yubi-back backup ssh-new ];
default = [ marvin yubi-back ssh-new ];
me = [yubi-main yubi-back backup ssh-new];
default = [marvin yubi-back ssh-new];
in {
"authentik-env.age".publicKeys = default;
"external-wg-priv-key.age".publicKeys = default;

8
hosts/marvin/services/authentik.nix
View file

@ -13,11 +13,11 @@
POSTGRES_USER = "authentik";
POSTGRES_DB = "authentik";
};
extraOptions = [ "--network=authentik" ];
extraOptions = ["--network=authentik"];
};
authentik-redis = {
image = "redis:alpine";
extraOptions = [ "--network=authentik" ];
extraOptions = ["--network=authentik"];
};
authentik-server = {
image = "ghcr.io/goauthentik/server:${authentikVersion}";
@ -39,7 +39,7 @@
"/var/lib/authentik/media:/media"
"/var/lib/authentik/templates:/templates"
];
extraOptions = [ "--network=authentik" ];
extraOptions = ["--network=authentik"];
};
authentik-worker = {
image = "ghcr.io/goauthentik/server:${authentikVersion}";
@ -58,7 +58,7 @@
"/var/lib/authentik/templates:/templates"
"/var/lib/authentik/certs:/certs"
];
extraOptions = [ "--network=authentik" ];
extraOptions = ["--network=authentik"];
};
};
}

30
hosts/marvin/services/deemix.nix
View file

@ -1,15 +1,17 @@
{ virtualisation.oci-containers.containers.deemix = {
image = "registry.gitlab.com/bockiii/deemix-docker";
volumes = [
"/var/lib/deemix:/config"
"/var/lib/music:/downloads"
];
ports = [ "6907:6595" ];
environment = {
PUID = "1000";
PGID = "1000";
UMASK_SET = "022";
DEEMIX_SINGLE_USER = "true";
DISABLE_OWNERSHIP_CHECK = "true";
{
virtualisation.oci-containers.containers.deemix = {
image = "registry.gitlab.com/bockiii/deemix-docker";
volumes = [
"/var/lib/deemix:/config"
"/var/lib/music:/downloads"
];
ports = ["6907:6595"];
environment = {
PUID = "1000";
PGID = "1000";
UMASK_SET = "022";
DEEMIX_SINGLE_USER = "true";
DISABLE_OWNERSHIP_CHECK = "true";
};
};
};}
}

6
hosts/marvin/services/dendrite.nix
View file

@ -1,4 +1,8 @@
{lib, pkgs, ...}: {
{
lib,
pkgs,
...
}: {
services.dendrite = {
enable = true;
httpPort = 6921;

5
hosts/marvin/services/go-jamming.nix
View file

@ -17,11 +17,10 @@
}
'';
in {
systemd.services.go-jamming = {
after = [ "network.target" ];
after = ["network.target"];
description = "Go-Jamming Webmentions Server";
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
serviceConfig = {
User = "go-jamming";
Group = "go-jamming";

67
hosts/marvin/services/grafana.nix
View file

@ -1,35 +1,36 @@
{config, ...}: { services.grafana = {
enable = true;
domain = "stats.thehedgehog.me";
port = 6914;
addr = "0.0.0.0";
rootUrl = "https://stats.thehedgehog.me";
auth.google.enable = false;
auth.azuread.enable = false;
auth.disableLoginForm = true;
security = {
adminUser = "thehedgeh0g";
adminPasswordFile = config.age.secrets.grafana-admin.path;
};
smtp = {
{config, ...}: {
services.grafana = {
enable = true;
user = "grafana@thehedgehog.me";
fromAddress = "grafana@thehedgehog.me";
host = "smtp.migadu.com:465";
passwordFile = config.age.secrets.grafana-smtp-password.path;
domain = "stats.thehedgehog.me";
port = 6914;
addr = "0.0.0.0";
rootUrl = "https://stats.thehedgehog.me";
auth.google.enable = false;
auth.azuread.enable = false;
auth.disableLoginForm = true;
security = {
adminUser = "thehedgeh0g";
adminPasswordFile = config.age.secrets.grafana-admin.path;
};
smtp = {
enable = true;
user = "grafana@thehedgehog.me";
fromAddress = "grafana@thehedgehog.me";
host = "smtp.migadu.com:465";
passwordFile = config.age.secrets.grafana-smtp-password.path;
};
analytics.reporting.enable = false;
extraOptions = {
AUTH_GENERIC_OAUTH_NAME = "auth";
AUTH_GENERIC_OAUTH_ICON = "signin";
AUTH_GENERIC_OAUTH_ENABLED = "true";
AUTH_GENERIC_OAUTH_CLIENT_ID = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";
AUTH_GENERIC_OAUTH_CLIENT_SECRET = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";
AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.thehedgehog.me/application/o/authorize/";
AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.thehedgehog.me/application/o/token/";
AUTH_GENERIC_OAUTH_API_URL = "https://auth.thehedgehog.me/application/o/userinfo/";
AUTH_SIGNOUT_REDIRECT_URL = "https://auth.thehedgehog.me/if/session-end/stathog/";
AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
};
};
analytics.reporting.enable = false;
extraOptions = {
AUTH_GENERIC_OAUTH_NAME = "auth";
AUTH_GENERIC_OAUTH_ICON = "signin";
AUTH_GENERIC_OAUTH_ENABLED = "true";
AUTH_GENERIC_OAUTH_CLIENT_ID = "89f4607cf446a777a6b25ebde8731cdcb80b04c1";
AUTH_GENERIC_OAUTH_CLIENT_SECRET = "89eccaa8a31104c218df5cfe37c87f0ea0bbddcd1571bddb7f7fbf5a09045efd59c61f1caaa79483ad59aac2c19488b254acdaced47e66a6505865a14a63ac4a";
AUTH_GENERIC_OAUTH_AUTH_URL = "https://auth.thehedgehog.me/application/o/authorize/";
AUTH_GENERIC_OAUTH_TOKEN_URL = "https://auth.thehedgehog.me/application/o/token/";
AUTH_GENERIC_OAUTH_API_URL = "https://auth.thehedgehog.me/application/o/userinfo/";
AUTH_SIGNOUT_REDIRECT_URL = "https://auth.thehedgehog.me/if/session-end/stathog/";
AUTH_GENERIC_OAUTH_SCOPES = "openid profile email";
};
};}
}

2
hosts/marvin/services/jellyfin.nix
View file

@ -2,5 +2,5 @@
services.jellyfin = {
enable = true;
};
networking.firewall.allowedUDPPorts = [ 1900 7359 ];
networking.firewall.allowedUDPPorts = [1900 7359];
}

18
hosts/marvin/services/nsd/default.nix
View file

@ -1,12 +1,14 @@
{inputs, ...}: let
dns = inputs.dns.lib;
in { services.nsd = {
enable = false;
zones = {
"hog" = {
# Don't enable DNSSEC with my internal zone. 1 less thing to break
dnssec = false;
data = dns.toString "hog" (import ./hog.nix { inherit dns; });
in {
services.nsd = {
enable = false;
zones = {
"hog" = {
# Don't enable DNSSEC with my internal zone. 1 less thing to break
dnssec = false;
data = dns.toString "hog" (import ./hog.nix {inherit dns;});
};
};
};
};}
}

7
hosts/marvin/services/nsd/hog.nix
View file

@ -1,4 +1,5 @@
{ dns, ... }: with dns.combinators; {
{dns, ...}:
with dns.combinators; {
SOA = {
nameServer = "ns1";
adminEmail = "me@thehedgehog.me";
@ -10,8 +11,8 @@
"ns2.hog"
];
A = [ "100.64.0.3" ];
AAAA = [ "4349:3909:beef::3" ];
A = ["100.64.0.3"];
AAAA = ["4349:3909:beef::3"];
subdomains = rec {
# Default settings are for marvin's IPs

76
hosts/marvin/services/tubearchivist.nix
View file

@ -1,40 +1,42 @@
{ virtualisation.oci-containers.containers = {
tubearchivist-server = {
image = "bbilly1/tubearchivist:latest";
ports = [ "6912:8000" ];
extraOptions = [ "--network=archivist" ];
volumes = [
"/var/lib/archivist/media:/youtube"
"/var/lib/archivist/cache:/cache"
];
environment = {
ES_URL = "http://tubearchivist-elastic:9200";
REDIS_HOST = "tubearchivist-redis";
TA_HOST = "tube.thehedgehog.me";
TA_USERNAME = "thehedgeh0g";
TA_PASSWORD = "insecurepassw0rd";
ELASTIC_PASSWORD = "tub3arch1vist";
TZ = "America/New_York";
{
virtualisation.oci-containers.containers = {
tubearchivist-server = {
image = "bbilly1/tubearchivist:latest";
ports = ["6912:8000"];
extraOptions = ["--network=archivist"];
volumes = [
"/var/lib/archivist/media:/youtube"
"/var/lib/archivist/cache:/cache"
];
environment = {
ES_URL = "http://tubearchivist-elastic:9200";
REDIS_HOST = "tubearchivist-redis";
TA_HOST = "tube.thehedgehog.me";
TA_USERNAME = "thehedgeh0g";
TA_PASSWORD = "insecurepassw0rd";
ELASTIC_PASSWORD = "tub3arch1vist";
TZ = "America/New_York";
};
dependsOn = ["tubearchivist-elastic" "tubearchivist-redis"];
};
dependsOn = [ "tubearchivist-elastic" "tubearchivist-redis" ];
};
tubearchivist-redis = {
image = "redislabs/rejson:latest";
dependsOn = [ "tubearchivist-elastic" ];
volumes = [ "/var/lib/archivist/redis-data:/data" ];
extraOptions = [ "--network=archivist" ];
};
tubearchivist-elastic = {
image = "bbilly1/tubearchivist-es:latest";
extraOptions = [ "--network=archivist" ];
environment = {
"xpack.security.enabled" = "true";
ELASTIC_PASSWORD = "tub3arch1vist";
"discovery.type" = "single-node";
ES_JAVA_OPTS = "-Xms512m -Xmx512m";
tubearchivist-redis = {
image = "redislabs/rejson:latest";
dependsOn = ["tubearchivist-elastic"];
volumes = ["/var/lib/archivist/redis-data:/data"];
extraOptions = ["--network=archivist"];
};
tubearchivist-elastic = {
image = "bbilly1/tubearchivist-es:latest";
extraOptions = ["--network=archivist"];
environment = {
"xpack.security.enabled" = "true";
ELASTIC_PASSWORD = "tub3arch1vist";
"discovery.type" = "single-node";
ES_JAVA_OPTS = "-Xms512m -Xmx512m";
};
volumes = [
"/var/lib/archivist/es-data:/usr/share/elasticsearch/data"
];
};
volumes = [
"/var/lib/archivist/es-data:/usr/share/elasticsearch/data"
];
};
};}
}

18
hosts/marvin/services/ytdl.nix
View file

@ -1,9 +1,11 @@
{ virtualisation.oci-containers.containers.ytdl = {
image = "alexta69/metube";
ports = [ "6906:8081" ];
volumes = [ "/var/lib/music:/downloads" ];
environment = {
UID = "996";
GID = "996";
{
virtualisation.oci-containers.containers.ytdl = {
image = "alexta69/metube";
ports = ["6906:8081"];
volumes = ["/var/lib/music:/downloads"];
environment = {
UID = "996";
GID = "996";
};
};
};}
}

14
hosts/prefect/dn42/services.nix
View file

@ -50,7 +50,7 @@ in {
frontend = {
enable = true;
whois = "whois.burble.dn42";
protocolFilter = [ "bgp" "ospf" "static" ];
protocolFilter = ["bgp" "ospf" "static"];
servers = ["dn42"];
netSpecificMode = "dn42";
domain = "thehedgehog.me";
@ -68,8 +68,16 @@ in {
+ lib.concatStrings (builtins.map
(x: "
protocol bgp ${x.name} from dnpeers {
${ if x.multihop then "multihop;" else "" }
${ if x.gracefulRestart then "graceful restart on;" else "" }
${
if x.multihop
then "multihop;"
else ""
}
${
if x.gracefulRestart
then "graceful restart on;"
else ""
}
neighbor ${x.neigh} as ${x.as};
${
if x.multi || x.v4

16
hosts/prefect/dn42/wireguard.nix
View file

@ -27,12 +27,16 @@ in {
];
postSetup =
''
${ if peerIPv4 != "" then
"${pkgs.iproute2}/bin/ip addr add ${localIPv4} peer ${peerIPv4} dev ${name}"
else "" }
${ if peerIPv6 != "" then
"${pkgs.iproute2}/bin/ip -6 addr add ${localIPv6} peer ${peerIPv6} dev ${name}"
else "" }
${
if peerIPv4 != ""
then "${pkgs.iproute2}/bin/ip addr add ${localIPv4} peer ${peerIPv4} dev ${name}"
else ""
}
${
if peerIPv6 != ""
then "${pkgs.iproute2}/bin/ip -6 addr add ${localIPv6} peer ${peerIPv6} dev ${name}"
else ""
}
''
+ lib.optionalString isOspf "${pkgs.iproute2}/bin/ip -6 addr add ${defaultLocalIPv6} dev ${name}";
};

66
hosts/prefect/firewall.nix
View file

@ -1,43 +1,43 @@
{
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 8000 ];
networking.firewall.allowedTCPPorts = [8000];
services.ferm = {
enable = true;
config = ''
domain ip table filter chain INPUT proto icmp ACCEPT;
domain ip6 table filter chain INPUT proto (ipv6-icmp icmp) ACCEPT;
domain (ip ip6) table filter {
chain INPUT {
policy DROP;
interface lo ACCEPT;
interface tailscale0 ACCEPT;
interface wg42_+ ACCEPT;
interface wg0 ACCEPT;
proto tcp dport (22 53 80 443 6900 8000 http https ) ACCEPT;
proto udp dport (22 53 480:510 6900 8000 ) ACCEPT;
proto tcp dport (179) ACCEPT;
# dns
proto (udp tcp) dport domain ACCEPT;
mod state state (INVALID) DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy DROP;
# allow intern routing and dn42 forwarding
interface wg42_+ outerface wg42_+ ACCEPT;
interface tailscale0 outerface tailscale0 ACCEPT;
interface tailscale0 outerface wg42_+ ACCEPT;
# but dn42 -> intern only with execptions
interface wg42_+ outerface tailscale0 {
proto (ipv6-icmp icmp) ACCEPT; # Allow SSH Access from dn42 to devices behind tailscale0 Interfaces
proto tcp dport (ssh) ACCEPT;
mod state state (ESTABLISHED) ACCEPT;
}
domain ip table filter chain INPUT proto icmp ACCEPT;
domain ip6 table filter chain INPUT proto (ipv6-icmp icmp) ACCEPT;
domain (ip ip6) table filter {
chain INPUT {
policy DROP;
interface lo ACCEPT;
interface tailscale0 ACCEPT;
interface wg42_+ ACCEPT;
interface wg0 ACCEPT;
proto tcp dport (22 53 80 443 6900 8000 http https ) ACCEPT;
proto udp dport (22 53 480:510 6900 8000 ) ACCEPT;
proto tcp dport (179) ACCEPT;
# dns
proto (udp tcp) dport domain ACCEPT;
mod state state (INVALID) DROP;
mod state state (ESTABLISHED RELATED) ACCEPT;
}
chain OUTPUT {
policy ACCEPT;
}
chain FORWARD {
policy DROP;
# allow intern routing and dn42 forwarding
interface wg42_+ outerface wg42_+ ACCEPT;
interface tailscale0 outerface tailscale0 ACCEPT;
interface tailscale0 outerface wg42_+ ACCEPT;
# but dn42 -> intern only with execptions
interface wg42_+ outerface tailscale0 {
proto (ipv6-icmp icmp) ACCEPT; # Allow SSH Access from dn42 to devices behind tailscale0 Interfaces
proto tcp dport (ssh) ACCEPT;
mod state state (ESTABLISHED) ACCEPT;
}
}
}
'';
};
}

6
hosts/prefect/networking.nix
View file

@ -1,4 +1,8 @@
{lib, pkgs, ...}: {
{
lib,
pkgs,
...
}: {
networking = {
hostName = "prefect";
nameservers = lib.mkForce [

4
hosts/prefect/secrets/secrets.nix
View file

@ -4,6 +4,6 @@ let
backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe";
in {
"headscale-oidc-secret.age".publicKeys = [ prefect yubi-main yubi-back ];
"dn42-privkey.age".publicKeys = [ prefect yubi-main yubi-back ];
"headscale-oidc-secret.age".publicKeys = [prefect yubi-main yubi-back];
"dn42-privkey.age".publicKeys = [prefect yubi-main yubi-back];
}

7
hosts/prefect/services/blog-update.nix
View file

@ -1,8 +1,8 @@
{pkgs, ...}: {
systemd.timers.blog-update = {
enable = false;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
after = ["network.target"];
wantedBy = ["multi-user.target"];
description = "Blog Update Timer";
timerConfig = {
Unit = "blog-update.service";
@ -12,7 +12,7 @@
systemd.services.blog-update = {
enable = false;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
description = "Blog Update Service";
path = [
"${pkgs.hugo}"
@ -35,4 +35,3 @@
};
};
}

10
hosts/prefect/services/caddy.nix
View file

@ -138,10 +138,10 @@
# Littlelink
"link.thehedgehog.me" = {
extraConfig = ''
root * /var/www/littlelink
php_fastcgi ${config.services.phpfpm.pools.littlelink.socket}
file_server
extraConfig = ''
root * /var/www/littlelink
php_fastcgi ${config.services.phpfpm.pools.littlelink.socket}
file_server
'';
};
@ -214,13 +214,11 @@
'';
};
# Yourmother.website - The best rick-roll URL, period
"yourmother.website" = {
extraConfig = ''
redir https://www.youtube.com/watch?v=dQw4w9WgXcQ 301
'';
};
# OpenPGP Key

129
hosts/prefect/services/headscale.nix
View file

@ -1,70 +1,71 @@
# Headscale is a tailscale-compatible control plane that you can use with all of the clients.
{services.headscale = {
enable = true;
port = 6900;
# Set so that anything can access this. Default is localhost only, which is useless
address = "0.0.0.0";
# Server URL is the FQDN of this server
serverUrl = "https://vpn.thehedgehog.me:6900";
dns = {
# All domains are .hog domains internally
baseDomain = "hog";
# Enable MagicDNS
# See https://tailscale.com/kb/1081/magicdns/ for more details
magicDns = true;
# I inject DNS.sb as my secondary nameserver, and my adblocking server as primary.
nameservers = [
"45.11.45.11"
];
# Domains to inject, so I can type "media/" into my search bar and go to "media.main.hog"
# You can't tell headscale to not create a namespace, so this is the best that I can do
domains = [
"main.hog"
];
};
# Automatic TLS
tls = {
letsencrypt = {
# Set up automatic Let's Encrypt cert pulls
hostname = "vpn.thehedgehog.me";
{
services.headscale = {
enable = true;
port = 6900;
# Set so that anything can access this. Default is localhost only, which is useless
address = "0.0.0.0";
# Server URL is the FQDN of this server
serverUrl = "https://vpn.thehedgehog.me:6900";
dns = {
# All domains are .hog domains internally
baseDomain = "hog";
# Enable MagicDNS
# See https://tailscale.com/kb/1081/magicdns/ for more details
magicDns = true;
# I inject DNS.sb as my secondary nameserver, and my adblocking server as primary.
nameservers = [
"45.11.45.11"
];
# Domains to inject, so I can type "media/" into my search bar and go to "media.main.hog"
# You can't tell headscale to not create a namespace, so this is the best that I can do
domains = [
"main.hog"
];
};
};
# Disabled since if this goes down, then it's a pain to reconnect to auth
# OIDC configuration, so I can have my beloved SSO.
# openIdConnect = {
# # Issuer is HedgeCloud auth, my private auth server
# issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
# # All people get assigned to the "main" namespace
# domainMap = {
# ".*" = "main";
# };
# # Set client ID for OIDC
# clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
# # Client Secret is in this file
# clientSecretFile = "/run/agenix/headscale-oidc-secret";
# };
# Misc settings that aren't set in the above sections
settings = {
# Set challenge type, forwarded by Caddy
tls_letsencrypt_challenge_type = "HTTP-01";
# oidc.strip_email_domain = true;
# NixOS handles our updates
disable_check_updates = true;
ip_prefixes = [
"4349:3909:beef::/48"
"100.64.0.0/10"
];
derp = {
server = {
enabled = true;
region_id = 969;
region_code = "internal";
region_name = "Internal DERP";
stun_listen_addr = "0.0.0.0:6869";
# Automatic TLS
tls = {
letsencrypt = {
# Set up automatic Let's Encrypt cert pulls
hostname = "vpn.thehedgehog.me";
};
};
# Disabled since if this goes down, then it's a pain to reconnect to auth
# OIDC configuration, so I can have my beloved SSO.
# openIdConnect = {
# # Issuer is HedgeCloud auth, my private auth server
# issuer = "https://auth.thehedgehog.me/application/o/hedgevpn/";
# # All people get assigned to the "main" namespace
# domainMap = {
# ".*" = "main";
# };
# # Set client ID for OIDC
# clientId = "25066b6b1e72718186f8c0dc20f7892951834b6e";
# # Client Secret is in this file
# clientSecretFile = "/run/agenix/headscale-oidc-secret";
# };
# Misc settings that aren't set in the above sections
settings = {
# Set challenge type, forwarded by Caddy
tls_letsencrypt_challenge_type = "HTTP-01";
# oidc.strip_email_domain = true;
# NixOS handles our updates
disable_check_updates = true;
ip_prefixes = [
"4349:3909:beef::/48"
"100.64.0.0/10"
];
derp = {
server = {
enabled = true;
region_id = 969;
region_code = "internal";
region_name = "Internal DERP";
stun_listen_addr = "0.0.0.0:6869";
};
};
};
};
};
systemd.services.headscale.serviceConfig.CapabilityBoundingSet = [ "CAP_CHOWN" "CAP_NET_BIND_SERVICE" ];
systemd.services.headscale.serviceConfig.AmbientCapabilities = [ "CAP_CHOWN" "CAP_NET_BIND_SERVICE" ];
systemd.services.headscale.serviceConfig.CapabilityBoundingSet = ["CAP_CHOWN" "CAP_NET_BIND_SERVICE"];
systemd.services.headscale.serviceConfig.AmbientCapabilities = ["CAP_CHOWN" "CAP_NET_BIND_SERVICE"];
}

25
hosts/prefect/services/nsd/mrhedge.me.nix
View file

@ -1,4 +1,5 @@
{ dns, ... }: with dns.combinators; {
{dns, ...}:
with dns.combinators; {
SOA = {
nameServer = "ns1.thehedgehog.me.";
adminEmail = "me@thehedgehog.me";
@ -21,7 +22,7 @@
];
TXT = [
(with spf; soft [ "include:simplelogin.co" ])
(with spf; soft ["include:simplelogin.co"])
# Simplelogin verification record
"sl-verification=foeneinidqlmctesbdisoatddkijkv"
# PGP Key fingerprint for Keyoxide
@ -37,21 +38,19 @@
];
## Set DMARC Policy
DMARC = [{
p = "quarantine";
pct = 100;
adkim = "strict";
aspf = "strict";
}];
DMARC = [
{
p = "quarantine";
pct = 100;
adkim = "strict";
aspf = "strict";
}
];
CAA = letsEncrypt "me@thehedgehog.me";
subdomains = rec {
# DKIM
"dkim._domainkey".CNAME = [ "dkim._domainkey.simplelogin.co." ];
"dkim._domainkey".CNAME = ["dkim._domainkey.simplelogin.co."];
};
}

17
hosts/prefect/services/nsd/mrhedgehog.xyz.nix
View file

@ -1,4 +1,5 @@
{ dns, ... }: with dns.combinators; {
{dns, ...}:
with dns.combinators; {
SOA = {
nameServer = "ns1.thehedgehog.me.";
adminEmail = "me@thehedgehog.me";
@ -23,7 +24,7 @@
TXT = [
# Migadu Verification Record
"hosted-email-verify=4zojt5x8"
(with spf; strict [ "include:spf.migadu.com" ])
(with spf; strict ["include:spf.migadu.com"])
# PGP Key fingerprint for Keyoxide
"https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"
];
@ -79,16 +80,15 @@
CAA = letsEncrypt "me@thehedgehog.me";
subdomains = rec {
# HIBP Verification
"have-i-been-pwned-verification".TXT = [ "7828e9a7228ef80bd4b445f0cf235450" ];
"have-i-been-pwned-verification".TXT = ["7828e9a7228ef80bd4b445f0cf235450"];
# CNAME Records for mail
"key1._domainkey".CNAME = [ "key1.mrhedgehog.xyz._domainkey.migadu.com." ];
"key2._domainkey".CNAME = [ "key2.mrhedgehog.xyz._domainkey.migadu.com." ];
"key3._domainkey".CNAME = [ "key3.mrhedgehog.xyz._domainkey.migadu.com." ];
"autoconfig".CNAME = [ "autoconfig.migadu.com." ];
"key1._domainkey".CNAME = ["key1.mrhedgehog.xyz._domainkey.migadu.com."];
"key2._domainkey".CNAME = ["key2.mrhedgehog.xyz._domainkey.migadu.com."];
"key3._domainkey".CNAME = ["key3.mrhedgehog.xyz._domainkey.migadu.com."];
"autoconfig".CNAME = ["autoconfig.migadu.com."];
# Wildcard Addressing
"*".MX = with mx; [
@ -97,4 +97,3 @@
];
};
}

33
hosts/prefect/services/nsd/thehedgehog.me.nix
View file

@ -1,4 +1,5 @@
{ dns, ... }: with dns.combinators; {
{dns, ...}:
with dns.combinators; {
SOA = {
nameServer = "ns1.thehedgehog.me.";
adminEmail = "me@thehedgehog.me";
@ -12,8 +13,8 @@
};
# Set Primary root records
A = [ "5.161.140.5" ];
AAAA = [ "2a01:4ff:f0:98bf::1" ];
A = ["5.161.140.5"];
AAAA = ["2a01:4ff:f0:98bf::1"];
# Set primary nameserver to my nameserver.
NS = [
@ -27,7 +28,7 @@
TXT = [
# Migadu Verification Record
"hosted-email-verify=w6ot8s3l"
(with spf; strict [ "include:spf.migadu.com" ])
(with spf; strict ["include:spf.migadu.com"])
# PGP Key fingerprint for Keyoxide
"https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"
];
@ -83,14 +84,13 @@
CAA = letsEncrypt "me@thehedgehog.me";
subdomains = rec {
prefect = host "5.161.140.5" "2a01:4ff:f0:98bf::1";
ns1.A = [ "5.161.140.5" ];
ns1.AAAA = [ "2a01:4ff:f0:98bf::1" ];
ns2.A = [ "5.161.140.5" ];
ns2.AAAA = [ "2a01:4ff:f0:98bf::1" ];
ns1.A = ["5.161.140.5"];
ns1.AAAA = ["2a01:4ff:f0:98bf::1"];
ns2.A = ["5.161.140.5"];
ns2.AAAA = ["2a01:4ff:f0:98bf::1"];
adguard = prefect;
auth = prefect;
@ -118,19 +118,19 @@
# Externally hosted services
## Netdata Cloud statuspage
netdata.CNAME = [ "app.netdata.cloud" ];
netdata.CNAME = ["app.netdata.cloud"];
## Statuspage, hosted at PikaPods
status.CNAME = [ "thankful-junglefowl.pikapod.net." ];
status.CNAME = ["thankful-junglefowl.pikapod.net."];
## Resume site, hosted at SourceHut
work.CNAME = [ "pages.sr.ht." ];
work.CNAME = ["pages.sr.ht."];
# CNAME Records for mail
"key1._domainkey".CNAME = [ "key1.thehedgehog.me._domainkey.migadu.com." ];
"key2._domainkey".CNAME = [ "key2.thehedgehog.me._domainkey.migadu.com." ];
"key3._domainkey".CNAME = [ "key3.thehedgehog.me._domainkey.migadu.com." ];
"autoconfig".CNAME = [ "autoconfig.migadu.com." ];
"key1._domainkey".CNAME = ["key1.thehedgehog.me._domainkey.migadu.com."];
"key2._domainkey".CNAME = ["key2.thehedgehog.me._domainkey.migadu.com."];
"key3._domainkey".CNAME = ["key3.thehedgehog.me._domainkey.migadu.com."];
"autoconfig".CNAME = ["autoconfig.migadu.com."];
# Wildcard Addressing
"*".MX = with mx; [
@ -139,4 +139,3 @@
];
};
}

33
hosts/prefect/services/nsd/yourmother.website.nix
View file

@ -1,4 +1,5 @@
{ dns, ... }: with dns.combinators; {
{dns, ...}:
with dns.combinators; {
SOA = {
nameServer = "ns1.thehedgehog.me.";
adminEmail = "me@thehedgehog.me";
@ -15,26 +16,30 @@
"ns3.he.net."
];
A = [ "5.161.140.5" ];
AAAA = [ "2a01:4ff:f0:98bf::1" ];
A = ["5.161.140.5"];
AAAA = ["2a01:4ff:f0:98bf::1"];
# Mail config
## Yourmother.website does not send email, so verify this.
TXT = [
(with spf; strict [ "" ])
(with spf; strict [""])
# PGP key fingerprint for Keyoxide
"https://keyoxide.org/4CA972FBADC814160F103138FE1D8A7D620C611F"
];
DKIM = [{
selector = "*";
p = "";
}];
DKIM = [
{
selector = "*";
p = "";
}
];
DMARC = [{
p = "reject";
sp = "reject";
adkim = "strict";
aspf = "strict";
}];
DMARC = [
{
p = "reject";
sp = "reject";
adkim = "strict";
aspf = "strict";
}
];
}

40
hosts/prefect/services/php.nix
View file

@ -1,20 +1,24 @@
{lib, pkgs, ...}: {
services.phpfpm.pools = {
littlelink = {
user = "caddy";
settings = {
"listen.owner" = "caddy";
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
};
{
lib,
pkgs,
...
}: {
services.phpfpm.pools = {
littlelink = {
user = "caddy";
settings = {
"listen.owner" = "caddy";
"pm" = "dynamic";
"pm.max_children" = 32;
"pm.max_requests" = 500;
"pm.start_servers" = 2;
"pm.min_spare_servers" = 2;
"pm.max_spare_servers" = 5;
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
phpEnv."PATH" = lib.makeBinPath [pkgs.php];
};
};
}

25
hosts/prefect/services/secrets.nix
View file

@ -1,13 +1,14 @@
{ config.age.secrets = {
# headscale-oidc-secret = {
# file = ../secrets/headscale-oidc-secret.age;
# path = "/run/agenix/headscale-oidc-secret";
# owner = "headscale";
# group = "headscale";
# };
dn42-privkey = {
file = ../secrets/dn42-privkey.age;
path = "/run/agenix/dn42-privkey";
{
config.age.secrets = {
# headscale-oidc-secret = {
# file = ../secrets/headscale-oidc-secret.age;
# path = "/run/agenix/headscale-oidc-secret";
# owner = "headscale";
# group = "headscale";
# };
dn42-privkey = {
file = ../secrets/dn42-privkey.age;
path = "/run/agenix/dn42-privkey";
};
};
};}
}

8
hosts/zaphod/bootloader.nix
View file

@ -6,14 +6,14 @@
boot = {
cleanTmpDir = true;
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
kernelModules = ["kvm-intel"];
extraModulePackages = [];
supportedFilesystems = lib.mkForce ["btrfs" "vfat" "f2fs"];
initrd = {
enable = true;
network.enable = false;
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ];
kernelModules = [ "intel_agp" "i915"];
availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"];
kernelModules = ["intel_agp" "i915"];
};
loader = {
systemd-boot = {

8
hosts/zaphod/fonts.nix
View file

@ -7,10 +7,10 @@
fontconfig = {
enable = lib.mkForce true;
defaultFonts = {
serif = [ "IBM Plex Serif" "Input Serif" ];
sansSerif = [ "IBM Plex Sans" "Input Sans" ];
monospace = [ "IBM Plex Mono" "Input Mono" "FiraCode Nerd Font Mono" ];
emoji = [ "JoyPixels" ];
serif = ["IBM Plex Serif" "Input Serif"];
sansSerif = ["IBM Plex Sans" "Input Sans"];
monospace = ["IBM Plex Mono" "Input Mono" "FiraCode Nerd Font Mono"];
emoji = ["JoyPixels"];
};
};
fonts = with pkgs; [

32
hosts/zaphod/misc.nix
View file

@ -1,5 +1,9 @@
# Misc settings(documentation etc}
{lib, pkgs, ...}: {
{
lib,
pkgs,
...
}: {
documentation = {
enable = true;
dev.enable = true;
@ -25,17 +29,17 @@
services.openssh.permitRootLogin = lib.mkForce "yes";
time.timeZone = "America/New_York";
## THIS IS A HACK
## DO NOT DO THIS
## Allows mason.nvim to work properly
## ONCE AGAIN, DO NOT DO THIS
environment = {
extraSetup = ''
mkdir -p $out/lib64
ln -sf ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2 $out/lib64/ld-linux-x86-64.so.2
'';
};
systemd.tmpfiles.rules = [
"L+ /lib64 - - - - /run/current-system/sw/lib64"
];
## THIS IS A HACK
## DO NOT DO THIS
## Allows mason.nvim to work properly
## ONCE AGAIN, DO NOT DO THIS
environment = {
extraSetup = ''
mkdir -p $out/lib64
ln -sf ${pkgs.glibc}/lib64/ld-linux-x86-64.so.2 $out/lib64/ld-linux-x86-64.so.2
'';
};
systemd.tmpfiles.rules = [
"L+ /lib64 - - - - /run/current-system/sw/lib64"
];
}

6
hosts/zaphod/packages.nix
View file

@ -1,4 +1,8 @@
{pkgs, inputs, ...}: {
{
pkgs,
inputs,
...
}: {
environment.systemPackages = with pkgs; [
dig
inputs.agenix.defaultPackage."${system}"

2
hosts/zaphod/secrets/secrets.nix
View file

@ -3,5 +3,5 @@ let
yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";
backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
in {
"wg-privkey.age".publicKeys = [ yubi-back yubi-main backup ];
"wg-privkey.age".publicKeys = [yubi-back yubi-main backup];
}

1
hosts/zaphod/services/docker.nix
View file

@ -5,4 +5,3 @@
rootless.setSocketVariable = true;
};
}

34
hosts/zaphod/services/unbound.nix
View file

@ -1,4 +1,8 @@
{pkgs, lib, ...}: {
{
pkgs,
lib,
...
}: {
# Enable DN42 Certificates
security.pki.certificateFiles = [
(pkgs.fetchurl {
@ -42,22 +46,22 @@
];
};
forward-zone = let
dn42DNS = [
"172.20.0.53"
# "172.23.0.53"
# "fd42:d42:d42:54::1"
# "fd42:d42:d42:53::1"
];
dn42DNS = [
"172.20.0.53"
# "172.23.0.53"
# "fd42:d42:d42:54::1"
# "fd42:d42:d42:53::1"
];
chaosVpnDNS = [
"172.31.255.53"
"172.31.0.5"
];
chaosVpnDNS = [
"172.31.255.53"
"172.31.0.5"
];
neoNetDNS = [
"10.127.255.53"
"fd10:127:ffff:53::"
];
neoNetDNS = [
"10.127.255.53"
"fd10:127:ffff:53::"
];
in [
{
name = ".";

2
hosts/zaphod/services/yubikey-agent.nix
View file

@ -1 +1 @@
{ services.yubikey-agent.enable = true; }
{services.yubikey-agent.enable = true;}

22
overlays/treesitter.nix
View file

@ -1,14 +1,16 @@
self: super: {
vimPlugins = super.vimPlugins // {
nvim-treesitter = super.vimUtils.buildVimPlugin {
pname = "nvim-treesitter";
version = "2022-08-29";
src = super.fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "f3c53d225ada93a99bfd818e1c40012400e2dc55";
sha256 = "1qj4rp8ry1qyv6lsdxbmnl9h0bb2jc9hs52q55f4wxw5rxq9zf00";
vimPlugins =
super.vimPlugins
// {
nvim-treesitter = super.vimUtils.buildVimPlugin {
pname = "nvim-treesitter";
version = "2022-08-29";
src = super.fetchFromGitHub {
owner = "nvim-treesitter";
repo = "nvim-treesitter";
rev = "f3c53d225ada93a99bfd818e1c40012400e2dc55";
sha256 = "1qj4rp8ry1qyv6lsdxbmnl9h0bb2jc9hs52q55f4wxw5rxq9zf00";
};
};
};
};
}

2
pkgs/caddyBin.nix
View file

@ -7,7 +7,7 @@
stdenv.mkDerivation {
pname = "caddy-bin";
version = "2.5.2";
phases = [ "unpackPhase" "installPhase" ];
phases = ["unpackPhase" "installPhase"];
src = fetchFromGitea rec {
domain = "git.thehedgehog.me";

2
pkgs/caddyBin2.nix
View file

@ -7,7 +7,7 @@
stdenv.mkDerivation {
pname = "caddy-bin";
version = "2.5.2";
phases = [ "unpackPhase" "installPhase" ];
phases = ["unpackPhase" "installPhase"];
src = fetchFromGitea rec {
domain = "git.exozy.me";

34
pkgs/catppuccin-bat.nix
View file

@ -1,19 +1,23 @@
{pkgs, lib, stdenv, fetchFromGitHub }:
{
pkgs,
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
phases = ["unpackPhase" "installPhase"];
phases = [ "unpackPhase" "installPhase" ];
name = "catppuccin-btop";
src = fetchFromGitHub {
owner = "catppuccin";
repo = "bat";
rev = "f0dedf515c02799b76a2804db9815a479f6c0075";
sha256 = "0z1pxk21f770xqhd9gxiwls018rla3qg667i6x3z9cjbgwv6mlbi";
};
name = "catppuccin-btop";
src = fetchFromGitHub {
owner = "catppuccin";
repo = "bat";
rev = "f0dedf515c02799b76a2804db9815a479f6c0075";
sha256 = "0z1pxk21f770xqhd9gxiwls018rla3qg667i6x3z9cjbgwv6mlbi";
};
installPhase = ''
ls -1l
install -d $out
install *.tmTheme $out
'';
installPhase = ''
ls -1l
install -d $out
install *.tmTheme $out
'';
}

34
pkgs/catppuccin-btop.nix
View file

@ -1,19 +1,23 @@
{pkgs, lib, stdenv, fetchFromGitHub }:
{
pkgs,
lib,
stdenv,
fetchFromGitHub,
}:
stdenv.mkDerivation rec {
phases = ["unpackPhase" "installPhase"];
phases = [ "unpackPhase" "installPhase" ];
name = "catppuccin-btop";
src = fetchFromGitHub {
owner = "catppuccin";
repo = "btop";
rev = "ecb8562bb6181bb9f2285c360bbafeb383249ec3";
sha256 = "0sfyf44lwmf4mkd4gjkw82wn7va56c8xy06cx4q6b3drjfx6vxd2";
};
name = "catppuccin-btop";
src = fetchFromGitHub {
owner = "catppuccin";
repo = "btop";
rev = "ecb8562bb6181bb9f2285c360bbafeb383249ec3";
sha256 = "0sfyf44lwmf4mkd4gjkw82wn7va56c8xy06cx4q6b3drjfx6vxd2";
};
installPhase = ''
ls -1l
install -d $out
install *.theme $out
'';
installPhase = ''
ls -1l
install -d $out
install *.theme $out
'';
}

32
pkgs/cinny.nix
View file

@ -1,14 +1,18 @@
{ lib, stdenv, fetchzip }:
stdenv.mkDerivation rec {
name = "cinny";
version = "2.1.2";
src = fetchzip {
url = "https://github.com/cinnyapp/cinny/releases/download/v${version}/cinny-v${version}.tar.gz";
sha256 = "0was1y915p2kg7wj5r7fmhyqiqyr7nff77hdgp3bpfqys703xnz8";
};
phases = [ "unpackPhase" "installPhase" ];
installPhase = ''
install -d $out
cp -r * $out/
'';
}
{
lib,
stdenv,
fetchzip,
}:
stdenv.mkDerivation rec {
name = "cinny";
version = "2.1.2";
src = fetchzip {
url = "https://github.com/cinnyapp/cinny/releases/download/v${version}/cinny-v${version}.tar.gz";
sha256 = "0was1y915p2kg7wj5r7fmhyqiqyr7nff77hdgp3bpfqys703xnz8";
};
phases = ["unpackPhase" "installPhase"];
installPhase = ''
install -d $out
cp -r * $out/
'';
}

8
pkgs/go-jamming.nix
View file

@ -1,5 +1,9 @@
{ lib, stdenv, fetchFromGitea, buildGoModule}:
{
lib,
stdenv,
fetchFromGitea,
buildGoModule,
}:
buildGoModule rec {
pname = "go-jamming";
version = "2.0.2";

32
pkgs/littlelink-custom.nix
View file

@ -1,16 +1,22 @@
{ pkgs, lib, fetchFromGitHub, stdenv}: stdenv.mkDerivation {
name = "littlelink-custom";
{
pkgs,
lib,
fetchFromGitHub,
stdenv,
}:
stdenv.mkDerivation {
name = "littlelink-custom";
phases = [ "unpackPhase" "installPhase" ];
src = fetchFromGitHub {
owner = "JulianPrieber";
repo = "littlelink-custom";
rev = "v2.8.2";
sha256 = "sha256-5bU7UaEVb8Z46kbmDKQ8mw7tcDDVnfnauJQBZgo9jyk=";
};
phases = ["unpackPhase" "installPhase"];
src = fetchFromGitHub {
owner = "JulianPrieber";
repo = "littlelink-custom";
rev = "v2.8.2";
sha256 = "sha256-5bU7UaEVb8Z46kbmDKQ8mw7tcDDVnfnauJQBZgo9jyk=";
};
installPhase = ''
install -d $out
cp -fr ./* $out/
'';
installPhase = ''
install -d $out
cp -fr ./* $out/
'';
}

45
pkgs/olympus.nix
View file

@ -1,5 +1,8 @@
{ pkgs, lib, makeDesktopItem }:
let
{
pkgs,
lib,
makeDesktopItem,
}: let
olympus = pkgs.stdenv.mkDerivation rec {
pname = "olympus";
version = "2788";
@ -10,7 +13,7 @@ let
sha256 = "sha256-PDkxtI0aLw1JdNOB207C50YBmzfKmq2DfMxj16/cYgM=";
};
buildInputs = [ pkgs.unzip ];
buildInputs = [pkgs.unzip];
installPhase = ''
mkdir -p "$out/opt/olympus/"
mv dist.zip "$out/opt/olympus/" && cd "$out/opt/olympus/"
@ -24,22 +27,22 @@ let
'';
};
in
pkgs.buildFHSUserEnv {
name = "olympus";
runScript = "${olympus}/opt/olympus/olympus";
targetPkgs = pkgs: [
pkgs.freetype
pkgs.zlib
pkgs.SDL2
pkgs.curl
pkgs.libpulseaudio
pkgs.gtk3
pkgs.glib
pkgs.libGL
pkgs.libdrm
];
pkgs.buildFHSUserEnv {
name = "olympus";
runScript = "${olympus}/opt/olympus/olympus";
targetPkgs = pkgs: [
pkgs.freetype
pkgs.zlib
pkgs.SDL2
pkgs.curl
pkgs.libpulseaudio
pkgs.gtk3
pkgs.glib
pkgs.libGL
pkgs.libdrm
];
# https://github.com/EverestAPI/Olympus/blob/main/lib-linux/olympus.desktop
# https://stackoverflow.com/questions/8822097/how-to-replace-a-whole-line-with-sed
extraInstallCommands = ''cp -r "${olympus}/share/" $out'';
}
# https://github.com/EverestAPI/Olympus/blob/main/lib-linux/olympus.desktop
# https://stackoverflow.com/questions/8822097/how-to-replace-a-whole-line-with-sed
extraInstallCommands = ''cp -r "${olympus}/share/" $out'';
}

10
pkgs/pgp-webroot.nix
View file

@ -1,4 +1,10 @@
{stdenv, fetchFromGitea, pkgs, lib, ...}:
{
stdenv,
fetchFromGitea,
pkgs,
lib,
...
}:
stdenv.mkDerivation rec {
name = "pgp-webroot";
src = fetchFromGitea {
@ -8,7 +14,7 @@ stdenv.mkDerivation rec {
rev = "c651d3dac938257f087987942c1d14d064cf2895";
sha256 = "0lnh921bil626i133sp08a2jgib3ig960iprlvkab4zscm65hhi1";
};
phases = [ "unpackPhase" "installPhase" ];
phases = ["unpackPhase" "installPhase"];
installPhase = ''
cp -fvr ./hosts/prefect/services/webroot/ $out/

12
pkgs/xcaddy.nix
View file

@ -1,5 +1,11 @@
{ lib, pkgs, fetchFromGitHub, buildGoModule, stdenv, ...}:
{
lib,
pkgs,
fetchFromGitHub,
buildGoModule,
stdenv,
...
}:
buildGoModule rec {
pname = "xcaddy";
version = "0.3.0";
@ -19,6 +25,6 @@ buildGoModule rec {
homepage = "https://caddyserver.com";
description = "Caddy build tool";
license = licenses.asl20;
maintainers = with maintainers; [ thehedgeh0g ];
maintainers = with maintainers; [thehedgeh0g];
};
}

4
users/thehedgehog/default.nix
View file

@ -2,12 +2,12 @@
users.users.thehedgehog = {
description = "The Hedgehog";
isNormalUser = true;
extraGroups = ["wheel" "networkmanager" "video" "docker" ];
extraGroups = ["wheel" "networkmanager" "video" "docker"];
hashedPassword = "$6$6EtuZhVOJdfI9DYP$1Qnd7R8qdN.E5yE2kDQCNg2zgJ5cIjNBKsIW/qJgb8wcKlUpIoVg/fEKvBkAgCiLyojVG2kzfu4J9LR8rA8a2/";
shell = pkgs.fish;
openssh = {
authorizedKeys = {
keyFiles = [ ../../home/programs/ssh/yubikey-new.pub ../../home/programs/ssh/yubikey-main.pub ../../home/programs/ssh/yubikey-back.pub ../../home/programs/ssh/backup.pub];
keyFiles = [../../home/programs/ssh/yubikey-new.pub ../../home/programs/ssh/yubikey-main.pub ../../home/programs/ssh/yubikey-back.pub ../../home/programs/ssh/backup.pub];
keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe"
];