m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: m3tam3re:ad87c67161a18c42552aa83f9a637f7b9353a563
Branches Tags
m3tam3re:master
..
compare: m3tam3re:master
Branches Tags
m3tam3re:master

20 Commits
ad87c67161 ... master

Author SHA1 Message Date
Sascha Koenig
0ff5c04d23 outline config + paperless overlay 2025-07-10 19:31:32 +02:00
Sascha Koenig
55e8c6cae5 +outine, flake update 2025-07-10 06:55:08 +02:00
Sascha Koenig
b54213cfbb flake update 2025-07-03 19:06:08 +02:00
Sascha Koenig
a11ee7ee02 +m3-daedalus 2025-06-24 20:13:48 +02:00
Sascha Koenig
8c9860674b hyprland stream-boxes 2025-05-21 14:24:30 +02:00
Sascha Koenig
e1719204e9 tailscale key rotation 2025-05-20 09:35:04 +02:00
Sascha Koenig
72ceffc61d nushell fzf 2025-05-19 21:03:09 +02:00
Sascha Koenig
22cbc7c5a2 flake update 2025-05-19 17:27:39 +02:00
Sascha Koenig
68ecbd3bf1 +builder for proxmox nixos-template 2025-05-19 12:53:05 +02:00
Sascha Koenig
f85332f321 gitea fix 2025-05-18 13:03:39 +02:00
Sascha Koenig
040d03423d mesa 25.0.6 overlay for doom the dark ages 2025-05-17 15:21:21 +02:00
Sascha Koenig
cf731e7309 rm wl-clipboard pin 2025-05-15 09:50:08 +02:00
Sascha Koenig
e0aa2783bb postgres upgrade@m3-atlas 2025-05-13 05:32:59 +02:00
Sascha Koenig
7854d75742 flake update 2025-05-12 11:22:29 +02:00
Sascha Koenig
80cff4278d port changes for gitea 2025-05-12 10:33:27 +02:00
Sascha Koenig
f33bfec02e vw conf @m3-atlas 2025-05-08 09:45:25 +02:00
Sascha Koenig
20bdd1c7b6 Paperless Service @m3-atlas 2025-05-08 08:20:16 +02:00
Sascha Koenig
7fec29f602 +vautwarden, +slash@nemoti 2025-05-08 00:15:04 +02:00
m3tam3re
a3a85c3596 +Tailscale @m3-ares 2025-05-06 13:23:55 +02:00
m3tam3re
279d00ae82 Headscale and Tailscale config modules 2025-05-06 13:22:39 +02:00
59 changed files with 1099 additions and 350 deletions
Expand all files Collapse all files

232
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1745630506,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -21,50 +21,6 @@
"type": "github"
}
},
"ags": {
"inputs": {
"astal": "astal",
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1736090999,
"narHash": "sha256-B5CJuHqfJrzPa7tObK0H9669/EClSHpa/P7B9EuvElU=",
"owner": "aylur",
"repo": "ags",
"rev": "5527c3c07d92c11e04e7fd99d58429493dba7e3c",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "ags",
"type": "github"
}
},
"astal": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"ags",
"nixpkgs"
]
},
"locked": {
"lastModified": 1735172721,
"narHash": "sha256-rtEAwGsHSppnkR3Qg3eRJ6Xh/F84IY9CrBBLzYabalY=",
"owner": "aylur",
"repo": "astal",
"rev": "6c84b64efc736e039a8a10774a4a1bf772c37aa2",
"type": "github"
},
"original": {
"owner": "aylur",
"repo": "astal",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -94,11 +50,11 @@
]
},
"locked": {
"lastModified": 1745812220,
"narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=",
"lastModified": 1750903843,
"narHash": "sha256-Ng9+f0H5/dW+mq/XOKvB9uwvGbsuiiO6HrPdAcVglCs=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0c543d740fad42fe2c035b43c9d41127e073c78",
"rev": "83c4da299c1d7d300f8c6fd3a72ac46cb0d59aae",
"type": "github"
},
"original": {
@ -123,6 +79,24 @@
"url": "https://code.m3tam3re.com/m3tam3re/dotfiles.git"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -151,11 +125,32 @@
]
},
"locked": {
"lastModified": 1745894335,
"narHash": "sha256-m47zhftaod/oHOwoVT25jstdcVLhkrVGyvEHKjbnFHI=",
"lastModified": 1751549056,
"narHash": "sha256-miKaJ4SFNxhZ/WVDADae2jNd9zka5bV9hKmXspAzvxo=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1ad123239957d40e11ef66c203d0a7e272eb48aa",
"rev": "1fa73bb2cc39e250eb01e511ae6ac83bfbf9f38c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"hyprpanel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1750798083,
"narHash": "sha256-DTCCcp6WCFaYXWKFRA6fiI2zlvOLCf5Vwx8+/0R8Wc4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff31a4677c1a8ae506aa7e003a3dba08cb203f82",
"type": "github"
},
"original": {
@ -170,7 +165,7 @@
"rose-pine-hyprcursor",
"nixpkgs"
],
"systems": "systems_2"
"systems": "systems_3"
},
"locked": {
"lastModified": 1709914708,
@ -188,15 +183,16 @@
},
"hyprpanel": {
"inputs": {
"ags": "ags",
"flake-utils": "flake-utils",
"home-manager": "home-manager_3",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1745885816,
"narHash": "sha256-yuIb6/gGcII+2YgtTLcYdga0pcL63B18xQ/oitOhg7k=",
"lastModified": 1751528316,
"narHash": "sha256-MGJmxnjlERXJLDywrSHYSgpt7fhh3/HOHQboRrxDW64=",
"owner": "Jas-SinghFSU",
"repo": "HyprPanel",
"rev": "0c82ce9704c8063be8d8f60443071c91943eb68c",
"rev": "343c9857bd7f1d302d591e8d5f3f9952dc84775b",
"type": "github"
},
"original": {
@ -205,6 +201,40 @@
"type": "github"
}
},
"nixlib": {
"locked": {
"lastModified": 1736643958,
"narHash": "sha256-tmpqTSWVRJVhpvfSN9KXBvKEXplrwKnSZNAoNPf/S/s=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "1418bc28a52126761c02dd3d89b2d8ca0f521181",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixos-generators": {
"inputs": {
"nixlib": "nixlib",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1747663185,
"narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixos-generators",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1745391562,
@ -221,19 +251,19 @@
"type": "github"
}
},
"nixpkgs-2744d98": {
"nixpkgs-45570c2": {
"locked": {
"lastModified": 1739661218,
"narHash": "sha256-hEGW0SKD0ORTEmoTuEEONxgENP5kMqe+NCtJug0U6R0=",
"lastModified": 1750950224,
"narHash": "sha256-vMCk6wKJVgR7H2pVrQV4/qygzTtvpnS/9jCT3cjzXVM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"rev": "45570c299dc2b63c8c574c4cd77f0b92f7e2766e",
"type": "github"
},
"original": {
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2744d988fa116fc6d46cdfa3d1c936d0abd7d121",
"rev": "45570c299dc2b63c8c574c4cd77f0b92f7e2766e",
"type": "github"
}
},
@ -255,11 +285,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1745912738,
"narHash": "sha256-B7XJw9j3ZDB1RS3S43FtEZroGFbEApbI/UUSTK0WUjA=",
"lastModified": 1751560954,
"narHash": "sha256-FHFuZj5oHZRoKPO1B/ske7SYTaMkMlaY/3ccramACFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0dc8551522034a0686417149337304bde2c27e7b",
"rev": "4dab91c09660994bc989810f0fbce49b480b7913",
"type": "github"
},
"original": {
@ -271,27 +301,27 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1745742390,
"narHash": "sha256-1rqa/XPSJqJg21BKWjzJZC7yU0l/YTVtjRi0RJmipus=",
"lastModified": 1751211869,
"narHash": "sha256-1Cu92i1KSPbhPCKxoiVG5qnoRiKTgR5CcGSRyLpOd7Y=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "26245db0cb552047418cfcef9a25da91b222d6c7",
"rev": "b43c397f6c213918d6cfe6e3550abfe79b5d1c51",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-24.11",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1736344531,
"narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=",
"lastModified": 1750776420,
"narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912",
"rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",
"type": "github"
},
"original": {
@ -303,11 +333,27 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1745794561,
"narHash": "sha256-T36rUZHUART00h3dW4sV5tv4MrXKT7aWjNfHiZz7OHg=",
"lastModified": 1736657626,
"narHash": "sha256-FWlPMUzp0lkQBdhKlPqtQdqmp+/C+1MBiEytaYfrCTY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2f9e2f85cb14a46410a1399aa9ea7ecf433e422e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1751271578,
"narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5461b7fa65f3ca74cef60be837fd559a8918eaa0",
"rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
"type": "github"
},
"original": {
@ -317,7 +363,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1710272261,
"narHash": "sha256-g0bDwXFmTE7uGDOs9HcJsfLFhH7fOsASbAuOzDC+fhQ=",
@ -340,8 +386,9 @@
"dotfiles": "dotfiles",
"home-manager": "home-manager_2",
"hyprpanel": "hyprpanel",
"nixpkgs": "nixpkgs_3",
"nixpkgs-2744d98": "nixpkgs-2744d98",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4",
"nixpkgs-45570c2": "nixpkgs-45570c2",
"nixpkgs-locked": "nixpkgs-locked",
"nixpkgs-master": "nixpkgs-master",
"nixpkgs-stable": "nixpkgs-stable",
@ -351,15 +398,15 @@
"rose-pine-hyprcursor": {
"inputs": {
"hyprlang": "hyprlang",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"utils": "utils"
},
"locked": {
"lastModified": 1740132177,
"narHash": "sha256-gNc20APKMefFdH5RONBuHhOps14aiMdgIT0I6RaSN64=",
"lastModified": 1748096947,
"narHash": "sha256-ouuA8LVBXzrbYwPW2vNjh7fC9H2UBud/1tUiIM5vPvM=",
"owner": "ndom91",
"repo": "rose-pine-hyprcursor",
"rev": "568067f35a85932192bd43ddf64fc05eff850f9f",
"rev": "4b02963d0baf0bee18725cf7c5762b3b3c1392f1",
"type": "github"
},
"original": {
@ -384,6 +431,21 @@
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -398,7 +460,7 @@
"type": "github"
}
},
"systems_3": {
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -415,7 +477,7 @@
},
"utils": {
"inputs": {
"systems": "systems_3"
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,

55
flake.nix
View File

@ -16,8 +16,8 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-24.11";
nixpkgs-2744d98.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-45570c2.url = "github:nixos/nixpkgs/45570c299dc2b63c8c574c4cd77f0b92f7e2766e";
nixpkgs-locked.url = "github:nixos/nixpkgs/2744d988fa116fc6d46cdfa3d1c936d0abd7d121";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
@ -28,6 +28,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-generators = {
url = "github:nix-community/nixos-generators";
};
hyprpanel.url = "github:Jas-SinghFSU/HyprPanel";
rose-pine-hyprcursor.url = "github:ndom91/rose-pine-hyprcursor";
@ -55,10 +59,31 @@
];
forAllSystems = nixpkgs.lib.genAttrs systems;
in {
packages =
forAllSystems (system: import ./pkgs nixpkgs.legacyPackages.${system});
packages = let
# Import the regular packages for all systems
regularPkgs = forAllSystems (
system:
import ./pkgs nixpkgs.legacyPackages.${system}
);
in
regularPkgs
// {
x86_64-linux =
regularPkgs.x86_64-linux
// {
# Build a QEMU image compatible with Proxmox using nixos-generators
proxmox-hermes-image = inputs.nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "proxmox";
modules = [
./hosts/m3-hermes/default.nix
];
};
};
};
overlays = import ./overlays {inherit inputs outputs;};
homeManagerModules = import ./modules/home-manager;
nixosConfigurations = {
m3-ares = nixpkgs.lib.nixosSystem {
specialArgs = {
@ -100,14 +125,30 @@
};
};
homeConfigurations = {
"m3tam3re@m3-ares" = home-manager.lib.homeManagerConfiguration {
"m3tam3re@m3-daedalus" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages."x86_64-linux";
extraSpecialArgs = {
inherit inputs outputs;
hostname = "m3-ares";
hostname = "m3-daedalus";
};
modules = [./home/m3tam3re/m3tam3re-ares.nix];
modules = [./home/m3tam3re/m3-daedalus.nix];
};
};
devShells.x86_64-linux.infraShell = let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
in
pkgs.mkShell {
buildInputs = with pkgs; [
opentofu
nixos-anywhere
];
shellHook = ''
echo "Infrastructure Management Shell"
echo "Commands:"
echo " - cd infra/proxmox && tofu init"
echo " - tofu plan"
echo " - tofu apply"
'';
};
};
}

1
home/common/default.nix
View File

@ -14,6 +14,7 @@
# Add overlays your own flake exports (from overlays and pkgs dir):
outputs.overlays.additions
outputs.overlays.modifications
outputs.overlays.temp-packages
outputs.overlays.stable-packages
outputs.overlays.locked-packages
outputs.overlays.pinned-packages

2
home/features/cli/default.nix
View File

@ -1,7 +1,7 @@
{pkgs, ...}: {
imports = [
./fish.nix
./skim.nix
./fzf.nix
./nitch.nix
./nushell.nix
./secrets.nix

40
home/features/cli/fzf.nix Normal file
View File

@ -0,0 +1,40 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.fzf;
in {
options.features.cli.fzf.enable = mkEnableOption "enable fuzzy finder";
config = mkIf cfg.enable {
programs.fzf = {
enable = true;
enableFishIntegration = true;
colors = {
"fg" = "#f8f8f2";
"bg" = "#282a36";
"hl" = "#bd93f9";
"fg+" = "#f8f8f2";
"bg+" = "#44475a";
"hl+" = "#bd93f9";
"info" = "#ffb86c";
"prompt" = "#50fa7b";
"pointer" = "#ff79c6";
"marker" = "#ff79c6";
"spinner" = "#ffb86c";
"header" = "#6272a4";
};
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
"--header 'Press CTRL-Y to copy command into clipboard'"
"--bind 'ctrl-/:toggle-preview'"
"--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}

31
home/features/cli/nushell.nix
View File

@ -12,9 +12,6 @@ in {
config = mkIf cfg.enable {
programs.nushell = {
enable = true;
plugins = with pkgs.nushellPlugins; [
skim
];
envFile.text = ''
$env.config.show_banner = false
$env.NIX_PATH = "nixpkgs=channel:nixos-unstable"
@ -23,16 +20,13 @@ in {
$env.TERMINAL = "kitty"
$env.EDITOR = "nvim"
$env.VISUAL = "zed"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "--preview='bat --color=always -n {}' --bind 'ctrl-/:toggle-preview' --header 'Press CTRL-Y to copy command into clipboard' --bind 'ctrl-/:toggle-preview' --bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort' --color bg:#282a36,bg+:#44475a,fg:#f8f8f2,fg+:#f8f8f2,header:#6272a4,hl:#bd93f9,hl+:#bd93f9,info:#ffb86c,marker:#ff79c6,pointer:#ff79c6,prompt:#50fa7b,spinner:#ffb86c"
$env.XDG_DATA_HOME = $"($env.HOME)/.local/share"
$env.FZF_DEFAULT_COMMAND = "fd --type f --exclude .git --follow --hidden"
$env.FZF_DEFAULT_OPTS = "
--preview='bat --color=always -n {}'
--preview-window up:3:hidden:wrap
--bind 'ctrl-/:toggle-preview'
--bind 'ctrl-y:execute-silent(echo -n {2..} | wl-copy)+abort'
--color header:bold
--header 'Press CTRL-Y to copy command into clipboard'"
$env.SSH_AUTH_SOCK = "/run/user/1000/gnupg/S.gpg-agent.ssh"
$env.FLAKE = $"($env.HOME)/p/nixos/nixos-config"
source /run/agenix/${config.home.username}-secrets
'';
configFile.text = ''
if (tty) == "/dev/tty1" {
@ -75,12 +69,14 @@ in {
def history_fuzzy [] {
let selected = (
history
| uniq
| reverse
| get command
| sk --height 40% --layout=reverse --color=fg:#f8f8f2,bg:#282a36,current_bg:#ff79c6,current_fg:#bd93f9,info:#ffb86c,marker:#6272a4,pointer:#50fa7b,spinner:#50fa7b
| uniq
| to text
| ^fzf
)
if ($selected | is-not-empty) {
^nu -c ($selected)
commandline edit ($selected)
} else {
null
}
@ -88,7 +84,7 @@ in {
def --env dir_fuzzy [] {
let selected = (
fd --type directory
| ^sk --preview 'eza --tree --no-permissions --no-filesize --no-user --no-time --only-dirs {}' --height 40% --layout=reverse --color=fg:#f8f8f2,bg:#282a36,current_bg:#ff79c6,current_fg:#bd93f9,info:#ffb86c,marker:#6272a4,pointer:#50fa7b,spinner:#50fa7b
| ^fzf
)
cd $selected
}
@ -97,11 +93,8 @@ in {
let selected = (
^fd --type file --no-hidden -X rg -l --files-with-matches .
| lines
| sk --format { $in }
--height 40%
--layout=reverse
--preview { open $in | bat --color=always --line-range :50 }
--color=fg:#f8f8f2,bg:#282a36,current_bg:#ff79c6,current_fg:#bd93f9,info:#ffb86c,marker:#6272a4,pointer:#50fa7b,spinner:##50fa7b
| to text
| ^fzf
)
if ($selected | is-not-empty) {
^$env.EDITOR $selected

23
home/features/cli/skim.nix
View File

@ -1,23 +0,0 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.cli.skim;
in {
options.features.cli.skim.enable = mkEnableOption "enable skim fuzzy finder";
config = mkIf cfg.enable {
programs.skim = {
enable = true;
enableFishIntegration = true;
defaultOptions = [
"--preview='bat --color=always -n {}'"
"--bind 'ctrl-/:toggle-preview'"
];
defaultCommand = "fd --type f --exclude .git --follow --hidden";
changeDirWidgetCommand = "fd --type d --exclude .git --follow --hidden";
};
};
}

1
home/features/coding/default.nix
View File

@ -9,7 +9,6 @@
# Scientific packages
numba
numpy
openai-whisper
torch
srt
]))

174
home/features/desktop/coding.nix
View File

@ -5,7 +5,7 @@
...
}:
with lib; let
cfg = config.features.desktop.office;
cfg = config.features.desktop.coding;
in {
options.features.desktop.coding.enable =
mkEnableOption "install coding related stuff";
@ -19,87 +19,97 @@ in {
programs.zed-editor = {
enable = true;
userSettings = {
features = {
inline_prediction_provider = "zed";
edit_prediction_provider = "zed";
copilot = false;
};
telemetry = {
metrics = false;
};
lsp = {
rust_analyzer = {
binary = {path_lookup = true;};
};
};
languages = {
Nix = {
language_servers = ["nixd"];
formatter = {
external = {
command = "alejandra";
arguments = ["-q" "-"];
};
};
};
Python = {
language_servers = ["pyright"];
formatter = {
external = {
command = "black";
arguments = ["-"];
};
};
};
};
assistant = {
version = "2";
default_model = {
provider = "zed.dev";
model = "claude-3-5-sonnet-latest";
};
};
language_models = {
anthropic = {
version = "1";
api_url = "https://api.anthropic.com";
};
openai = {
version = "1";
api_url = "https://api.openai.com/v1";
};
ollama = {
api_url = "http://localhost:11434";
};
};
ssh_connections = [
{
host = "152.53.85.162";
nickname = "m3-atlas";
args = ["-i" "~/.ssh/m3tam3re"];
}
{
host = "95.217.189.186";
port = 2222;
nickname = "self-host-playbook";
args = ["-i" "~/.ssh/self-host-playbook"];
"projects" = [
{
paths = ["/etc/nixos/current-systemconfig"];
}
];
}
];
auto_update = false;
format_on_save = "on";
vim_mode = true;
load_direnv = "shell_hook";
theme = "Dracula";
buffer_font_family = "FiraCode Nerd Font";
ui_font_size = 16;
buffer_font_size = 16;
show_edit_predictions = true;
features = {
inline_prediction_provider = "zed";
edit_prediction_provider = "zed";
copilot = false;
};
telemetry = {
metrics = false;
};
lsp = {
rust_analyzer = {
binary = {path_lookup = true;};
};
};
languages = {
Nix = {
language_servers = ["nixd"];
formatter = {
external = {
command = "alejandra";
arguments = ["-q" "-"];
};
};
};
Python = {
language_servers = ["pyright"];
formatter = {
external = {
command = "black";
arguments = ["-"];
};
};
};
};
context_servers = {
"some-context-server" = {
command = {
path = "some-command";
args = ["arg-1" "arg-2"];
env = {};
};
settings = {};
};
};
assistant = {
version = "2";
default_model = {
provider = "anthropic";
model = "Claude 3.7 Sonnet";
};
};
language_models = {
anthropic = {
version = "1";
api_url = "https://api.anthropic.com";
};
openai = {
version = "1";
api_url = "https://api.openai.com/v1";
};
ollama = {
api_url = "http://localhost:11434";
};
};
ssh_connections = [
{
host = "152.53.85.162";
nickname = "m3-atlas";
args = ["-i" "~/.ssh/m3tam3re"];
}
{
host = "95.217.189.186";
port = 2222;
nickname = "self-host-playbook";
args = ["-i" "~/.ssh/self-host-playbook"];
"projects" = [
{
paths = ["/etc/nixos/current-systemconfig"];
}
];
}
];
auto_update = false;
format_on_save = "on";
vim_mode = true;
load_direnv = "shell_hook";
theme = "Dracula";
buffer_font_family = "FiraCode Nerd Font";
ui_font_size = 16;
buffer_font_size = 16;
show_edit_predictions = true;
};
};
};
};
}

14
home/features/desktop/default.nix
View File

@ -52,19 +52,6 @@
fonts.fontconfig.enable = true;
services.mako = {
enable = true;
backgroundColor = "#282a36";
textColor = "#80FFEA";
borderColor = "#9742b5";
width = 400;
height = 150;
padding = "10,20";
borderRadius = 8;
borderSize = 1;
margin = "20,20";
};
programs.kitty = {
enable = true;
shellIntegration = {
@ -94,6 +81,7 @@
# eww
# firefox-devedition
file-roller
google-chrome
hyprpanel
seahorse
sushi

12
home/features/desktop/hyprland.nix
View File

@ -123,6 +123,17 @@
"size 250 50, title:^(floating-pomodoro)$"
"move 12 100%-150,title:^(floating-pomodoro)$"
"pin,title:^(floating-pomodoro)$"
"float, initialTitle:.*streamlabs.com.*"
"pin, initialTitle:.*streamlabs.com.*"
"size 800 400, initialTitle:.*streamlabs.com.*"
"move 100%-820 102, initialTitle:.*alert-box.*"
"move 100%-820 512, initialTitle:.*chat-box.*"
"opacity 0.5 override, initialTitle:.*streamlabs.com.*"
"idleinhibit focus, initialTitle:.*streamlabs.com.*"
"noanim, initialTitle:.*streamlabs.com.*"
"noborder, initialTitle:.*streamlabs.com.*"
"noshadow, initialTitle:.*streamlabs.com.*"
"noblur, initialTitle:.*streamlabs.com.*"
];
"$mainMod" = "SUPER";
@ -134,6 +145,7 @@
"$mainMod SHIFT, t, exec, launch-timer"
"$mainMod SHIFT, e, exec, kitty -e zellij_nvim"
"$mainMod, o, exec, hyprctl setprop activewindow opaque toggle"
"$mainMod, r, exec, hyprctl dispatch focuswindow \"initialtitle:.*alert-box.*\" && hyprctl dispatch moveactive exact 4300 102 && hyprctl dispatch focuswindow \"initialtitle:.*chat-box.*\" && hyprctl dispatch moveactive exact 4300 512"
"$mainMod, b, exec, thunar"
"$mainMod SHIFT, B, exec, vivaldi"
"$mainMod, Escape, exec, wlogout -p layer-shell"

2
home/features/desktop/wayland.nix
View File

@ -274,7 +274,7 @@ in {
qt6.qtwayland
slurp
waypipe
pinned.wl-clipboard
wl-clipboard
wf-recorder
wl-mirror
wlogout

5
home/m3tam3re/home.nix
View File

@ -190,6 +190,11 @@
user = "admin";
identityFile = "~/.ssh/m3tam3re";
};
"m3-prox-1" = {
hostname = "192.168.1.110";
user = "root";
identityFile = "~/.ssh/m3tam3re";
};
"shp-old" = {
hostname = "95.217.3.250";
port = 2222;

17
home/m3tam3re/m3-aether.nix Normal file
View File

@ -0,0 +1,17 @@
{
imports = [
../common
../features/cli
./home-server.nix
];
features = {
cli = {
fish.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;
};
};
}

2
home/m3tam3re/m3-ares.nix
View File

@ -50,7 +50,7 @@ in {
cli = {
fish.enable = true;
nushell.enable = true;
skim.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;

2
home/m3tam3re/m3-atlas.nix
View File

@ -8,7 +8,7 @@
features = {
cli = {
nushell.enable = true;
skim.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = false;
starship.enable = true;

102
home/m3tam3re/m3-daedalus.nix Normal file
View File

@ -0,0 +1,102 @@
{
config,
lib,
...
}:
with lib; let
cfg = config.features.desktop.hyprland;
in {
imports = [
../common
./dotfiles
./home.nix
../features/cli
../features/coding
../features/desktop
#./services/librechat.nix
];
options.features.desktop.hyprland.enable =
mkEnableOption "enable Hyprland";
config = mkMerge [
# Base configuration
{
xdg = {
# TODO: better structure
enable = true;
configFile."mimeapps.list".force = true;
mimeApps = {
enable = true;
associations.added = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
defaultApplications = {
"application/zip" = ["org.gnome.FileRoller.desktop"];
"application/csv" = ["calc.desktop"];
"application/pdf" = ["vivaldi-stable.desktop"];
"application/md" = ["dev.zed.Zed.desktop"];
"application/text" = ["dev.zed.Zed.desktop"];
"x-scheme-handler/http" = ["vivaldi-stable.desktop"];
"x-scheme-handler/https" = ["vivaldi-stable.desktop"];
};
};
};
features = {
cli = {
fish.enable = true;
nushell.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;
};
desktop = {
coding.enable = true;
crypto.enable = false;
gaming.enable = false;
hyprland.enable = false;
media.enable = true;
office.enable = false;
rofi.enable = true;
fonts.enable = true;
wayland.enable = false;
};
};
}
(mkIf cfg.enable {
wayland.windowManager.hyprland = {
enable = true;
settings = {
monitor = [
"eDP-1,preferred,0x0,1.25"
"HDMI-A-1,preferred,2560x0,1"
];
workspace = [
"1, monitor:eDP-1, default:true"
"2, monitor:eDP-1"
"3, monitor:eDP-1"
"4, monitor:HDMI-A-1"
"5, monitor:HDMI-A-1,border:false,rounding:false"
"6, monitor:HDMI-A-1"
];
windowrule = [
"workspace 1,class:dev.zed.Zed"
"workspace 1,class:Msty"
"workspace 2,class:(com.obsproject.Studio)"
"workspace 4,opacity 1.0, class:(brave-browser)"
"workspace 4,opacity 1.0, class:(vivaldi-stable)"
"fullscreen,class:^steam_app_\\d+$"
"workspace 5,class:^steam_app_\\d+$"
"idleinhibit focus, class:^steam_app_\\d+$"
];
};
};
})
];
}

3
home/m3tam3re/m3-kratos.nix
View File

@ -13,7 +13,6 @@ in {
../features/cli
../features/coding
../features/desktop
./services/librechat.nix
];
options.features.desktop.hyprland.enable =
@ -49,7 +48,7 @@ in {
features = {
cli = {
nushell.enable = true;
skim.enable = true;
fzf.enable = true;
nitch.enable = true;
secrets.enable = true;
starship.enable = true;

1
hosts/common/extraServices/ollama.nix
View File

@ -22,6 +22,7 @@ in {
openFirewall = true;
environmentVariables = {
OLLAMA_ORIGINS = "https://msty.studio";
OLLAMA_HOST = "0.0.0.0";
};
};
nixpkgs.config = {

3
hosts/common/extraServices/virtualisation.nix
View File

@ -31,5 +31,8 @@ in {
};
};
programs.virt-manager.enable = true;
environment = {
systemPackages = [pkgs.qemu];
};
};
}

111
hosts/m3-aether/configuration.nix Normal file
View File

@ -0,0 +1,111 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{pkgs, ...}: {
imports = [
# Include the results of the hardware scan.
./disko-config.nix
./hardware-configuration.nix
];
# Bootloader.
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "m3-helios"; # Define your hostname.
networking.hostId = "3ebf1cd3";
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable =
true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Berlin";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the GNOME Desktop Environment.
# services.xserver.displayManager.gdm.enable = true;
# services.xserver.desktopManager.gnome.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [neovim git];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.fstrim = {
enable = true; # For SSD/thin-provisioned storage
interval = "weekly";
};
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

50
hosts/m3-aether/default.nix Normal file
View File

@ -0,0 +1,50 @@
# A staring point is the basic NIXOS configuration generated by the ISO installer.
# On an existing NIXOS install you can use the following command in your flakes basedir:
# sudo nixos-generate-config --dir ./hosts/m3tam3re
#
# Please make sure to change the first couple of lines in your configuration.nix:
# { config, inputs, ouputs, lib, pkgs, ... }:
#
# {
# imports = [ # Include the results of the hardware scan.
# ./hardware-configuration.nix
# inputs.home-manager.nixosModules.home-manager
# ];
# ...
#
# Moreover please update the packages option in your user configuration and add the home-manager options:
# users.users = {
# m3tam3re = {
# isNormalUser = true;
# initialPassword = "12345";
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = [ inputs.home-manager.packages.${pkgs.system}.default ];
# };
# };
#
# home-manager = {
# useUserPackages = true;
# extraSpecialArgs = { inherit inputs outputs; };
# users.m3tam3re =
# import ../../home/m3tam3re/${config.networking.hostName}.nix;
# };
#
# Please also change your hostname accordingly:
#:w
# networking.hostName = "nixos"; # Define your hostname.
{
imports = [
../common
./configuration.nix
./programs.nix
./secrets.nix
./services
];
extraServices = {
flatpak.enable = true;
ollama.enable = false;
podman.enable = true;
virtualisation.enable = false;
};
}

39
hosts/m3-aether/disko-config.nix Normal file
View File

@ -0,0 +1,39 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for GRUB MBR
priority = 1;
};
esp = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["defaults" "umask=0077"];
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = ["noatime" "nodiratime" "discard"];
};
};
};
};
};
};
};
}

24
hosts/m3-aether/hardware-configuration.nix Normal file
View File

@ -0,0 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

14
hosts/m3-aether/programs.nix Normal file
View File

@ -0,0 +1,14 @@
{pkgs, ...}: {
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
# Add any missing dynamic libraries for unpackaged programs
# here, NOT in environment.systemPackages
];
programs.fish.enable = true;
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/m3tam3re/p/nixos/nixos-config";
};
}

15
hosts/m3-aether/secrets.nix Normal file
View File

@ -0,0 +1,15 @@
{
age = {
secrets = {
traefik = {
file = ../../secrets/traefik.age;
mode = "770";
owner = "traefik";
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";
};
};
};
}

7
hosts/m3-aether/services/cloud-init.nix Normal file
View File

@ -0,0 +1,7 @@
{
services.cloud-init = {
enable = true;
ext4.enable = true;
network.enable = true;
};
}

11
hosts/m3-aether/services/default.nix Normal file
View File

@ -0,0 +1,11 @@
{
imports = [
./cloud-init.nix
];
systemd.sleep.extraConfig = ''
AllowSuspend=no
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
}

2
hosts/m3-ares/configuration.nix
View File

@ -26,7 +26,7 @@
boot.initrd.services.lvm.enable = false;
boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback];
boot.kernelModules = ["v4l2loopback"];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0

9
hosts/m3-ares/services/default.nix
View File

@ -15,7 +15,14 @@
gvfs.enable = true;
trezord.enable = true;
gnome.gnome-keyring.enable = true;
qdrant.enable = true;
qdrant = {
enable = true;
settings = {
service = {
host = "0.0.0.0";
};
};
};
upower.enable = true;
avahi = {
enable = true;

43
hosts/m3-ares/services/tailscale.nix
View File

@ -1,40 +1,11 @@
{
config,
pkgs,
...
}: {
{config, ...}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=https://va.m3tam3re.com"
"--accept-routes"
];
};
# systemd.services.tailscale-autoconnect = {
# description = "Automatic connection to Tailscale";
# # make sure tailscale is running before trying to connect to tailscale
# after = ["network-pre.target" "tailscale.service"];
# wants = ["network-pre.target" "tailscale.service"];
# wantedBy = ["multi-user.target"];
# # set this service as a oneshot job
# serviceConfig = {
# Type = "oneshot";
# EnvironmentFile = "${config.age.secrets.tailscale-key.path}";
# };
# # have the job run this shell script
# script = with pkgs; ''
# # wait for tailscaled to settle
# sleep 2
# # check if we are already authenticated to tailscale
# status="$(${tailscale}/bin/tailscale status -json | ${jq}/bin/jq -r .BackendState)"
# if [ $status = "Running" ]; then # if so, then do nothing
# exit 0
# fi
# # otherwise authenticate with tailscale
# ${tailscale}/bin/tailscale up --exit-node 100.88.96.77 --authkey $TAILSCALE_KEY
# '';
# };
}

2
hosts/m3-ares/services/udev.nix
View File

@ -1,6 +1,6 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666
SUBSYSTEM=="usb", MODE="0666"
'';
environment.systemPackages = with pkgs; [
zsa-udev-rules

13
hosts/m3-atlas/secrets.nix
View File

@ -7,6 +7,13 @@
ghost-env = {
file = ../../secrets/ghost-env.age;
};
kestra-config = {
file = ../../secrets/kestra-config.age;
mode = "644";
};
kestra-env = {
file = ../../secrets/kestra-env.age;
};
littlelink-m3tam3re = {
file = ../../secrets/littlelink-m3tam3re.age;
};
@ -16,6 +23,9 @@
n8n-env = {
file = ../../secrets/n8n-env.age;
};
paperless-key = {
file = ../../secrets/paperless-key.age;
};
restreamer-env = {
file = ../../secrets/restreamer-env.age;
};
@ -29,6 +39,9 @@
file = ../../secrets/traefik.age;
owner = "traefik";
};
vaultwarden-env = {
file = ../../secrets/vaultwarden-env.age;
};
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";

2
hosts/m3-atlas/services/containers/baserow.nix
View File

@ -1,6 +1,6 @@
{config, ...}: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.31.1";
image = "docker.io/baserow/baserow:1.33.4";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["127.0.0.1:3001:80"];
volumes = ["baserow_data:/baserow/data"];

2
hosts/m3-atlas/services/containers/default.nix
View File

@ -2,12 +2,14 @@
imports = [
./baserow.nix
./ghost.nix
./kestra.nix
./littlelink.nix
./matomo.nix
# ./n8n.nix
# ./pangolin.nix
./restreamer.nix
./slash.nix
./slash-nemoti.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then

34
hosts/m3-atlas/services/containers/kestra.nix Normal file
View File

@ -0,0 +1,34 @@
{ config, ... }: {
virtualisation.oci-containers.containers."kestra" = {
image = "docker.io/kestra/kestra:latest";
environmentFiles = [ config.age.secrets.kestra-env.path ];
cmd = [ "server" "standalone" "--config" "/etc/config/application.yaml"];
ports = [ "127.0.0.1:3018:8080" ];
user = "root";
volumes = [
"/var/run/docker.sock:/var/run/docker.sock"
"${config.age.secrets.kestra-config.path}:/etc/config/application.yaml"
"kestra_data:/app/storage"
"/tmp/kestra-wd:/tmp/kestra-wd"
];
extraOptions =
[ "--add-host=postgres:10.89.0.1" "--ip=10.89.0.18" "--network=web" ];
};
systemd.tmpfiles.rules = [
"d /tmp/kestra-wd 0750 1000 1000 - -"
];
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.kestra.loadBalancer.servers =
[{ url = "http://localhost:3018/"; }];
routers.kestra = {
rule = "Host(`k.m3ta.dev`)";
tls = { certResolver = "godaddy"; };
service = "kestra";
entrypoints = "websecure";
};
};
}

27
hosts/m3-atlas/services/containers/slash-nemoti.nix Normal file
View File

@ -0,0 +1,27 @@
{
virtualisation.oci-containers.containers."slash-nemoti" = {
image = "docker.io/yourselfhosted/slash:latest";
ports = ["127.0.0.1:3016:5231"];
volumes = [
"slash-nemoti_data:/var/opt/slash"
];
extraOptions = ["--ip=10.89.0.17" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.slash-nemoti.loadBalancer.servers = [
{
url = "http://localhost:3016/";
}
];
routers.slash-nemoti = {
rule = "Host(`l.nemoti.art`)";
tls = {
certResolver = "godaddy";
};
service = "slash-nemoti";
entrypoints = "websecure";
};
};
}

3
hosts/m3-atlas/services/default.nix
View File

@ -6,10 +6,13 @@
./minio.nix
./mysql.nix
./n8n.nix
./outline.nix
./paperless.nix
./postgres.nix
./searx.nix
./tailscale.nix
./traefik.nix
./vaultwarden.nix
./wastebin.nix
];
}

8
hosts/m3-atlas/services/gitea.nix
View File

@ -2,7 +2,11 @@
services.gitea = {
enable = true;
settings = {
server.ROOT_URL = "https://code.m3ta.dev";
server = {
ROOT_URL = "https://code.m3ta.dev";
HTTP_PORT = 3030;
};
mailer.SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
service.DISABLE_REGISTRATION = true;
};
lfs.enable = true;
@ -17,7 +21,7 @@
services.traefik.dynamicConfigOptions.http = {
services.gitea.loadBalancer.servers = [
{
url = "http://localhost:3000/";
url = "http://localhost:3030/";
}
];

44
hosts/m3-atlas/services/headscale.nix
View File

@ -1,7 +1,7 @@
{
pkgs,
config,
lib,
pkgs,
...
}: {
# Define a new option for the admin user
@ -42,14 +42,12 @@
routes = {
"0.0.0.0/0" = ["${adminUser}"];
"10.0.0.0/8" = ["${adminUser}"];
"172.16.0.0/12" = ["${adminUser}"];
"192.168.0.0/16" = ["${adminUser}"];
};
exitNode = ["${adminUser}"];
};
};
# Convert to HuJSON format with comments
aclHuJson = ''
// Headscale ACL Policy - Generated by NixOS
@ -57,18 +55,18 @@
${builtins.toJSON aclConfig}
'';
aclFile = pkgs.writeText "acl-policy.hujson" aclHuJson;
in {
services = {
headscale = {
enable = true;
adminUser = "m3tam3re@m3ta.loc";
port = 3009;
adminUser = "m3tam3re";
settings = {
server_url = "https://va.m3tam3re.com";
dns = {
base_domain = "m3ta.loc";
nameservers.global = ["8.8.8.8"];
};
logtail.enabled = false;
policy.path = "${aclFile}";
@ -76,24 +74,6 @@
};
};
# Traefik configuration
services.traefik.dynamicConfigOptions.http = {
services.headscale.loadBalancer.servers = [
{
url = "http://localhost:3009/";
}
];
routers.headscale = {
rule = "Host(`va.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "headscale";
entrypoints = "websecure";
};
};
# Create a systemd service to ensure the admin user exists
systemd.services.headscale-ensure-admin = lib.mkIf config.services.headscale.enable {
description = "Ensure Headscale admin user exists";
@ -117,5 +97,23 @@
fi
'';
};
# Traefik configuration for headscale
services.traefik.dynamicConfigOptions.http = {
services.headscale.loadBalancer.servers = [
{
url = "http://localhost:3009/";
}
];
routers.headscale = {
rule = "Host(`va.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "headscale";
entrypoints = "websecure";
};
};
};
}

7
hosts/m3-atlas/services/mysql.nix
View File

@ -18,5 +18,10 @@
calendar = "03:00:00";
databases = ["ghost" "matomo"];
};
networking.firewall.allowedTCPPorts = [3306];
networking.firewall = {
extraCommands = ''
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 3306 -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 3306 -j ACCEPT
'';
};
}

33
hosts/m3-atlas/services/outline.nix Normal file
View File

@ -0,0 +1,33 @@
{
services.outline = {
enable = true;
port = 3019;
publicUrl = "https://ol.m3ta.dev";
databaseUrl = "postgresql://outline:outline@127.0.0.1:5432/outline";
storage = {
storageType = "local";
};
};
systemd.services.outline.serviceConfig = {
Environment = [
"PGSSLMODE=disable"
];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.outline.loadBalancer.servers = [
{
url = "http://localhost:3019/";
}
];
routers.outline = {
rule = "Host(`ol.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "outline";
entrypoints = "websecure";
};
};
}

40
hosts/m3-atlas/services/paperless.nix Normal file
View File

@ -0,0 +1,40 @@
{config, ...}: {
services.paperless = {
enable = true;
port = 3012;
database.createLocally = true;
passwordFile = config.age.secrets.paperless-key.path;
configureTika = true;
settings = {
PAPERLESS_URL = "https://pl.m3ta.dev";
DATABASE_URL = "postgresql://paperless:paperless@127.0.0.1:5432/paperless";
PAPERLESS_CONSUMER_IGNORE_PATTERN = [
".DS_STORE/*"
"desktop.ini"
".env"
];
PAPERLESS_OCR_LANGUAGE = "deu+eng";
PAPERLESS_OCR_USER_ARGS = {
optimize = 1;
pdfa_image_compression = "lossless";
};
};
};
# Traefik configuration for headscale
services.traefik.dynamicConfigOptions.http = {
services.paperless.loadBalancer.servers = [
{
url = "http://localhost:3012/";
}
];
routers.paperless = {
rule = "Host(`pl.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "paperless";
entrypoints = "websecure";
};
};
}

43
hosts/m3-atlas/services/postgres.nix
View File

@ -2,23 +2,42 @@
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
package = pkgs.postgresql_17;
extensions = with pkgs.postgresql17Packages; [
pgvector
];
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.89.0.0/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
ALTER DATABASE baserow OWNER to baserow;
# Local connections (Unix socket)
local all postgres peer
local paperless paperless scram-sha-256
# Localhost connections (IPv4 and IPv6)
host all postgres 127.0.0.1/32 scram-sha-256
host all postgres ::1/128 scram-sha-256
host outline outline 127.0.0.1/32 scram-sha-256
host outline outline ::1/128 scram-sha-256
host paperless paperless 127.0.0.1/32 scram-sha-256
host paperless paperless ::1/128 scram-sha-256
# Podman network connections for Baserow
host baserow baserow 10.89.0.0/24 scram-sha-256
host kestra kestra 10.89.0.0/24 scram-sha-256
# Deny all other connections
local all all reject
host all all 0.0.0.0/0 reject
host all all ::/0 reject
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow"];
databases = ["baserow" "paperless" "kestra"];
};
networking.firewall = {
extraCommands = ''
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 5432 -j ACCEPT
iptables -A INPUT -p tcp -s 10.89.0.0/24 --dport 5432 -j ACCEPT
'';
};
networking.firewall.allowedTCPPorts = [5432];
}

28
hosts/m3-atlas/services/tailscale.nix
View File

@ -1,45 +1,27 @@
{
config,
lib,
pkgs,
...
}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "both";
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server=${config.services.headscale.settings.server_url}"
"--advertise-exit-node"
"--accept-routes"
];
};
services.networkd-dispatcher = {
services.networkd-dispatcher = lib.mkIf config.services.tailscale.enable {
enable = true;
rules."50-tailscale" = {
onState = ["routable"];
script = ''
"${pkgs.ethtool} NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ") | -K $NETDEV rx-udp-gro-forwarding on rx-gro-list off
NETDEV=$(ip -o route get 8.8.8.8 | cut -f 5 -d " ")
${pkgs.ethtool}/bin/ethtool -K "$NETDEV" rx-udp-gro-forwarding on rx-gro-list off
'';
};
};
boot.kernel.sysctl = {
"net.ipv4.ip_forward" = 1;
"net.ipv6.conf.all.forwarding" = 1;
"net.core.gro_normal_batch" = 8;
"net.core.gro_flush_timeout" = 200000;
};
networking.firewall = {
trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [41641];
checkReversePath = "loose";
};
environment.systemPackages = with pkgs; [
ethtool
tailscale
networkd-dispatcher
];
}

29
hosts/m3-atlas/services/vaultwarden.nix Normal file
View File

@ -0,0 +1,29 @@
{config, ...}: {
services.vaultwarden = {
enable = true;
backupDir = "/var/backup/vaultwarden";
config = {
ROCKET_ADDRESS = "127.0.0.1";
ROCKET_PORT = 3013;
};
environmentFile = "${config.age.secrets.vaultwarden-env.path}";
};
# Traefik configuration for headscale
services.traefik.dynamicConfigOptions.http = {
services.vaultwarden.loadBalancer.servers = [
{
url = "http://localhost:3013/";
}
];
routers.vaultwarden = {
rule = "Host(`vw.m3ta.dev`)";
tls = {
certResolver = "godaddy";
};
service = "vaultwarden";
entrypoints = "websecure";
};
};
}

26
hosts/m3-hermes/default.nix Normal file
View File

@ -0,0 +1,26 @@
{modulesPath, ...}: {
imports = [
"${modulesPath}/profiles/qemu-guest.nix"
];
system.stateVersion = "24.11";
services.cloud-init = {
enable = true;
};
users.users.root.initialPassword = "nixos";
services.openssh = {
enable = true;
};
networking = {
useNetworkd = true;
firewall.enable = true;
};
systemd.network.enable = true;
console.keyMap = "us";
}

2
hosts/m3-kratos/configuration.nix
View File

@ -14,7 +14,7 @@
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.initrd.kernelModules = ["amdgpu"];
boot.kernelPackages = pkgs.linuxPackages_latest;
services.xserver.videoDrivers = ["amdgpu"];
security.polkit.enable = true;
security.pam.services.gdm.enableGnomeKeyring = true;

2
hosts/m3-kratos/programs.nix
View File

@ -26,7 +26,7 @@
plugins = with pkgs.obs-studio-plugins; [
obs-composite-blur
obs-vaapi
obs-vertical-canvas
# obs-vertical-canvas
obs-vkcapture
obs-webkitgtk
wlrobs

4
hosts/m3-kratos/secrets.nix
View File

@ -1,6 +1,9 @@
{
age = {
secrets = {
tailscale-key = {
file = ../../secrets/tailscale-key.age;
};
wg-DE = {
file = ../../secrets/wg-DE.age;
path = "/etc/wireguard/DE.conf";
@ -21,7 +24,6 @@
file = ../../secrets/wg-BR.age;
path = "/etc/wireguard/BR.conf";
};
tailscale-key.file = ../../secrets/tailscale-key.age;
m3tam3re-secrets = {
file = ../../secrets/m3tam3re-secrets.age;
owner = "m3tam3re";

9
hosts/m3-kratos/services/tailscale.nix
View File

@ -1,10 +1,11 @@
{
{config, ...}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "client";
authKeyFile = config.age.secrets.tailscale-key.path;
useRoutingFeatures = "both";
extraUpFlags = [
"--login-server https://va.m3tam3re.com"
"--exit-node=m3-atlas"
"--login-server=https://va.m3tam3re.com"
"--accept-routes"
"--exit-node-allow-lan-access"
];
};

2
hosts/m3-kratos/services/udev.nix
View File

@ -1,6 +1,6 @@
{pkgs, ...}: {
services.udev.extraRules = ''
SUBSYSTEM=="usb", MODE="0666
SUBSYSTEM=="usb", MODE="0666"
'';
environment.systemPackages = with pkgs; [
zsa-udev-rules

17
overlays/default.nix
View File

@ -2,7 +2,7 @@
# This one brings our custom packages from the 'pkgs' directory
additions = final: prev:
(import ../pkgs {pkgs = final;})
// (inputs.hyprpanel.overlay final prev)
# // (inputs.hyprpanel.overlay final prev)
// {rose-pine-hyprcursor = inputs.rose-pine-hyprcursor.packages.${prev.system}.default;};
# This one contains whatever you want to overlay
# You can change versions, add patches, set compilation flags, anything really.
@ -14,10 +14,10 @@
commandLineArgs = "--password-store=gnome-libsecret";
};
# auto-cpufreq = inputs.nixpkgs-2744d98.legacyPackages.${prev.system}.auto-cpufreq;
# OVMF = inputs.nixpkgs-locked.legacyPackages.${prev.system}.OVMF;
nodejs_24 = inputs.nixpkgs-stable.legacyPackages.${prev.system}.nodejs_24;
paperless-ngx = inputs.nixpkgs-45570c2.legacyPackages.${prev.system}.paperless-ngx;
# trezord = inputs.nixpkgs-2744d98.legacyPackages.${prev.system}.trezord;
# mesa = inputs.nixpkgs-master.legacyPackages.${prev.system}.mesa;
# hyprpanel = inputs.hyprpanel.packages.${prev.system}.default.overrideAttrs (prev: {
# version = "latest"; # or whatever version you want
# src = final.fetchFromGitHub {
@ -29,6 +29,13 @@
# });
};
temp-packages = final: _prev: {
temp = import inputs.nixpkgs-9e9486b {
system = final.system;
config.allowUnfree = true;
};
};
stable-packages = final: _prev: {
stable = import inputs.nixpkgs-stable {
system = final.system;
@ -37,7 +44,7 @@
};
pinned-packages = final: _prev: {
pinned = import inputs.nixpkgs-2744d98 {
pinned = import inputs.nixpkgs-9472de4 {
system = final.system;
config.allowUnfree = true;
};

4
secrets.nix
View File

@ -22,12 +22,16 @@ in {
"secrets/ghost-env.age".publicKeys = systems ++ users;
"secrets/littlelink-m3tam3re.age".publicKeys = systems ++ users;
"secrets/m3tam3re-secrets.age".publicKeys = systems ++ users;
"secrets/kestra-config.age".publicKeys = systems ++ users;
"secrets/kestra-env.age".publicKeys = systems ++ users;
"secrets/minio-root-cred.age".publicKeys = systems ++ users;
"secrets/n8n-env.age".publicKeys = systems ++ users;
"secrets/paperless-key.age".publicKeys = systems ++ users;
"secrets/restreamer-env.age".publicKeys = systems ++ users;
"secrets/searx.age".publicKeys = systems ++ users;
"secrets/tailscale-key.age".publicKeys = systems ++ users;
"secrets/traefik.age".publicKeys = systems ++ users;
"secrets/vaultwarden-env.age".publicKeys = systems ++ users;
"secrets/wg-DE.age".publicKeys = systems ++ users;
"secrets/wg-NL.age".publicKeys = systems ++ users;
"secrets/wg-NO.age".publicKeys = systems ++ users;

BIN
secrets/kestra-config.age Normal file
View File

Binary file not shown.

BIN
secrets/kestra-env.age Normal file
View File

Binary file not shown.

21
secrets/paperless-key.age Normal file
View File

@ -0,0 +1,21 @@
age-encryption.org/v1
-> ssh-ed25519 4NLKrw +gTzzublNrJqte2A+JoeQ7pm8AbvHHFpEkvKDgKnrQE
TXRy2FHd4f6/QHgrayNBLYnL7R7fRi8oQCg/1SovnDQ
-> ssh-ed25519 5kwcsA zlGTm4IOhoSWSU0GjRq6deElKp+Oa7blT7lD5zTW8gI
wexSSiMFP4wgBW4OdUXX6w/0hSM5bnw0SFseB2iicP8
-> ssh-ed25519 9d4YIQ tHtlFaaNFLOhwftQycfkLvGeuMb6+Vf9avd89H/Y/TI
F0Odk63tfaDU46W4GSkfthB2mhGUnvGxkM9uH6MxveE
-> ssh-ed25519 3Bcr1w pN9xpC1+bkMgKfLwWq+mS/Nfns6OvLmMJ8Gp83yZ7wA
poHvRg2RAlzTcgXruUz4bRCna3/Csruk7we78WFr6ps
-> ssh-rsa DQlE7w
T/3AVPmmUZWnsSMBo09oYfBjNfN4C077mFUeHQP2TJOUFIPFxakWoQs8ge6wM35q
zj+iPFYw/QhRWYn525dcc3szBMQBk7dpcQ0ioX71L6aLR50jTVDu+kdRzgIvIrnh
YvR0u0H1JwNm1j6w6yRumG76hXyWmqBHRBY6pUwgObXX891rsLZm66cpM6rCkWKu
lOAfrtfQeLxco+8LIbjyszUZPAOQDyf+agD2TLEncpvZuMM31XX+wc8fWFs8hEI1
jnaIJ/xku1dMVazks1v2p5ydrddqyHj2xXunB3Vp0se17qm0oupOGLJfYg2cm0h0
Lr1MnGMG/rPyzejFKq5aBX/eiK3Vbk+eez6StR6jBDPYvfU1nxuX+X6uxU6PKFrM
/XF8Fdjq9vRGr15GGWDvsWGqR/tpdH8IzQTuoh3A2tkQPqjpDGztWzlWWoX2fQEt
aWGdZvXOuW0ZngeoGnqTkCzWZ1Wi6PIzZEWBhxYaHKtcM84yP4o1P1hcybpKU7wK
--- oYnNUuCYBsE2dkKN9H5VR+lrnnwP2sM/7oia0ss95N0
<EFBFBD><EFBFBD>ON-<2D><>O<>O<><4F>yO<79><4F><1E><>ϻb<>;6P<36><50>XKۗ<4B><DB97><0E>uS/<2F>۩<EFBFBD>,<2C><><EFBFBD>X<EFBFBD> w+_+<2B><><C9BE>X<EFBFBD>x<EFBFBD>&Ï<><C38F>e}<7D>(<28><>

BIN
secrets/tailscale-key.age
View File

Binary file not shown.

BIN
secrets/vaultwarden-env.age Normal file
View File

Binary file not shown.