Compare commits
No commits in common. "main" and "feat/nix" have entirely different histories.
70 changed files with 300 additions and 2590 deletions
2
.envrc
Normal file
2
.envrc
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
use flake
|
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,3 +1,2 @@
|
||||||
venv/
|
venv/
|
||||||
.direnv
|
.direnv
|
||||||
.envrc
|
|
||||||
|
|
17
.sops.yaml
17
.sops.yaml
|
@ -1,17 +0,0 @@
|
||||||
keys:
|
|
||||||
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
|
||||||
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
|
||||||
- &server_pi4 age18gts35ruwj67kjgjtgrgrxup83apr8ekgrp98r434wcn2pf0l9sqnq5j2y
|
|
||||||
creation_rules:
|
|
||||||
- path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$
|
|
||||||
key_groups:
|
|
||||||
- pgp:
|
|
||||||
age:
|
|
||||||
- *admin_gaspard
|
|
||||||
- *server_ovh
|
|
||||||
- path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$
|
|
||||||
key_groups:
|
|
||||||
- pgp:
|
|
||||||
age:
|
|
||||||
- *admin_gaspard
|
|
||||||
- *server_pi4
|
|
|
@ -1,17 +0,0 @@
|
||||||
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 16 16">
|
|
||||||
<defs id="defs3051">
|
|
||||||
<style type="text/css" id="current-color-scheme">
|
|
||||||
.ColorScheme-Text {
|
|
||||||
color:#d3dae3;
|
|
||||||
}
|
|
||||||
.ColorScheme-NegativeText {
|
|
||||||
color:#da4453;
|
|
||||||
}
|
|
||||||
</style>
|
|
||||||
</defs>
|
|
||||||
<path
|
|
||||||
style="fill:currentColor;fill-opacity:1;stroke:none"
|
|
||||||
class="ColorScheme-NegativeText"
|
|
||||||
d="M 8,2 A 6,6 0 0 0 2,8 6,6 0 0 0 8,14 6,6 0 0 0 14,8 6,6 0 0 0 8,2 Z M 5.70703,5 8,7.29297 10.29297,5 11,5.70703 8.70703,8 11,10.29297 10.29297,11 8,8.70703 5.70703,11 5,10.29297 7.29297,8 5,5.70703 5.70703,5 Z"
|
|
||||||
/>
|
|
||||||
</svg>
|
|
Before Width: | Height: | Size: 626 B |
|
@ -20,7 +20,8 @@
|
||||||
(defpoll refresh_rate :interval "10s" :initial "165" "~/.config/eww/scripts/refresh_rate")
|
(defpoll refresh_rate :interval "10s" :initial "165" "~/.config/eww/scripts/refresh_rate")
|
||||||
(defpoll vpn_status :interval "60s" :initial '{"connected": false}' "~/.config/eww/scripts/vpn_status")
|
(defpoll vpn_status :interval "60s" :initial '{"connected": false}' "~/.config/eww/scripts/vpn_status")
|
||||||
|
|
||||||
(deflisten connectivity :initial '{"bluetooth": {}, "network": {}}' "~/.config/eww/scripts/get-connectivity-info")
|
(deflisten connectivity :initial '{"state": "disconnected"}' "~/.config/eww/scripts/get-connectivity wlan0")
|
||||||
|
(deflisten bluetoothinfo :initial '{"count": 0}' "~/.config/eww/scripts/get-bluetooth-info")
|
||||||
(deflisten hypr :initial '{"spaces": [], "current": 0, "title": ""}' "~/.config/eww/scripts/hypr/hyprstatus")
|
(deflisten hypr :initial '{"spaces": [], "current": 0, "title": ""}' "~/.config/eww/scripts/hypr/hyprstatus")
|
||||||
|
|
||||||
(deflisten volume :initial "{}" "~/.config/eww/scripts/get-volume")
|
(deflisten volume :initial "{}" "~/.config/eww/scripts/get-volume")
|
||||||
|
@ -53,17 +54,18 @@
|
||||||
|
|
||||||
(defwidget connectivity []
|
(defwidget connectivity []
|
||||||
(eventbox
|
(eventbox
|
||||||
|
:onclick "bash -c 'iwgtk &> /dev/null &'"
|
||||||
(label
|
(label
|
||||||
:class "connectivity"
|
:class "connectivity"
|
||||||
:text "${
|
:text "${
|
||||||
connectivity.network.state == "wireless"
|
connectivity.state == "wireless"
|
||||||
? network-icon["wifi-${connectivity.network.wifi.signal}"]
|
? network-icon["wifi-${connectivity.wifi.signal}"]
|
||||||
: network-icon[connectivity.network.state]
|
: network-icon[connectivity.state]
|
||||||
} ${
|
} ${
|
||||||
connectivity.network.state == "disconnected" ? "No network" :
|
connectivity.state == "disconnected" ? "No network" :
|
||||||
connectivity.network.state == "ethernet" ? "Ethernet" :
|
connectivity.state == "ethernet" ? "Ethernet" :
|
||||||
connectivity.network.state == "wireless" ? connectivity.network.wifi.ssid :
|
connectivity.state == "wireless" ? connectivity.wifi.ssid :
|
||||||
connectivity.network.state == "tethering" ? "USB tethering" : ''
|
connectivity.state == "tethering" ? "USB tethering" : ''
|
||||||
}"
|
}"
|
||||||
:limit-width 14)
|
:limit-width 14)
|
||||||
)
|
)
|
||||||
|
@ -74,7 +76,7 @@
|
||||||
:onclick "bash -c 'blueman-manager &> /dev/null &'"
|
:onclick "bash -c 'blueman-manager &> /dev/null &'"
|
||||||
(label
|
(label
|
||||||
:class "bluetooth"
|
:class "bluetooth"
|
||||||
:text " ${connectivity.bluetooth.count > 0 ? connectivity.bluetooth.count : connectivity.bluetooth.power}")
|
:text " ${bluetoothinfo.count > 0 ? bluetoothinfo.count : bluetoothinfo.power}")
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
|
@ -15,7 +15,6 @@
|
||||||
pkgs.dash
|
pkgs.dash
|
||||||
pkgs.socat
|
pkgs.socat
|
||||||
pkgs.pamixer
|
pkgs.pamixer
|
||||||
pkgs.playerctl
|
|
||||||
pkgs.pavucontrol
|
pkgs.pavucontrol
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
(defvar WAIFU_MODE false) ; Bcz sometimes I listen to Geoxor, so, yeah...
|
(defvar WAIFU_MODE false) ; Bcz sometimes I listen to Geoxor, so, yeah...
|
||||||
(defvar FALLBACK_COVER "/home/gaspard/Pictures/Icons/music-disk.png")
|
(defvar FALLBACK_COVER "/home/gaspard/Images/Icons/music-disk.png")
|
||||||
(defvar PLAY_STATUS "⏸︎")
|
(defvar PLAY_STATUS "⏸︎")
|
||||||
|
|
||||||
(deflisten music_info :initial '{"title": "", "artist": "", "artUrl": "", "status": ""}' "~/.config/eww/scripts/get-music-info")
|
(deflisten music_info :initial '{"title": "", "artist": "", "artUrl": "", "status": ""}' "~/.config/eww/scripts/get-music-info")
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
(defvar close_icon "/home/gaspard/.config/eww/assets/icons/window-close.svg")
|
(defvar close_icon "/usr/share/icons/Qogir-ubuntu-dark/16/actions/window-close.svg")
|
||||||
|
|
||||||
(defvar end-binary "end-rs")
|
(defvar end-binary "~/.local/bin/end-rs")
|
||||||
(defvar end-notifications '')
|
(defvar end-notifications '')
|
||||||
(defvar end-histories '')
|
(defvar end-histories '')
|
||||||
(defvar end-replies '')
|
(defvar end-replies '')
|
||||||
|
|
12
bar/eww/scripts/get-bluetooth-info
Executable file
12
bar/eww/scripts/get-bluetooth-info
Executable file
|
@ -0,0 +1,12 @@
|
||||||
|
#!/usr/bin/env dash
|
||||||
|
|
||||||
|
info (){
|
||||||
|
power=$(bluetoothctl show | grep Powered | awk '{print $2}' | sed 's/yes/on/g; s/no/off/g')
|
||||||
|
count=$(bluetoothctl devices Connected | wc -l)
|
||||||
|
echo "{\"power\": \"${power}\", \"count\": \"${count}\"}"
|
||||||
|
}
|
||||||
|
|
||||||
|
info
|
||||||
|
dbus-monitor --system "sender=:1.3" | while read -r line; do
|
||||||
|
info
|
||||||
|
done
|
59
bar/eww/scripts/get-connectivity
Executable file
59
bar/eww/scripts/get-connectivity
Executable file
|
@ -0,0 +1,59 @@
|
||||||
|
#!/usr/bin/env dash
|
||||||
|
|
||||||
|
print_state() {
|
||||||
|
case "$1" in
|
||||||
|
eth*)
|
||||||
|
echo ethernet
|
||||||
|
;;
|
||||||
|
wlan*)
|
||||||
|
echo wireless
|
||||||
|
;;
|
||||||
|
usb*)
|
||||||
|
echo tethering
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo disconnected
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
wifi_strength() {
|
||||||
|
if [ "$1" -le -80 ]; then echo terrible
|
||||||
|
elif [ "$1" -le -70 ]; then echo bad
|
||||||
|
elif [ "$1" -le -60 ]; then echo mediocre
|
||||||
|
elif [ "$1" -le -40 ]; then echo good
|
||||||
|
else echo excellent
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
print_infos() {
|
||||||
|
if [ -n "$1" ]; then
|
||||||
|
route_line=$(ip route show dev "$1" | awk '($1 == "default") { print }')
|
||||||
|
|
||||||
|
printf ',"ip":{"local":"%s","gateway":"%s"}' \
|
||||||
|
"$(echo "$route_line" | awk '{ print $7 }')" \
|
||||||
|
"$(echo "$route_line" | awk '{ print $3 }')"
|
||||||
|
|
||||||
|
if [ "$state" = wireless ]; then
|
||||||
|
signal=$(iw dev "$1" link | awk '($1 == "signal:") { print $2}')
|
||||||
|
printf ',"wifi":{"signal":"%s","ssid":"%s"}' \
|
||||||
|
"$(wifi_strength "$signal")" \
|
||||||
|
"$(iw dev wlan0 info | grep '^\s*ssid ' | xargs | cut -d \ -f 2-)"
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
print_network_status() {
|
||||||
|
device=$(ip route | awk '($1 == "default") { print $5 }')
|
||||||
|
state=$(print_state "$device")
|
||||||
|
|
||||||
|
printf '{"state":"%s"%s}\n' \
|
||||||
|
"$state" \
|
||||||
|
"$(print_infos "$device")"
|
||||||
|
}
|
||||||
|
|
||||||
|
print_network_status
|
||||||
|
tail -f -n 0 /run/dhcpcd/log /var/log/iwd/current | \
|
||||||
|
while read -r _unused; do
|
||||||
|
print_network_status
|
||||||
|
done
|
|
@ -1,76 +0,0 @@
|
||||||
#!/usr/bin/env dash
|
|
||||||
|
|
||||||
|
|
||||||
print_network_state() {
|
|
||||||
case "$1" in
|
|
||||||
eth*|enp*)
|
|
||||||
echo ethernet
|
|
||||||
;;
|
|
||||||
wlan*|wlp*)
|
|
||||||
echo wireless
|
|
||||||
;;
|
|
||||||
usb*)
|
|
||||||
echo tethering
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo disconnected
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
}
|
|
||||||
|
|
||||||
wifi_strength() {
|
|
||||||
if [ "$1" -le 20 ]; then echo terrible
|
|
||||||
elif [ "$1" -le 40 ]; then echo bad
|
|
||||||
elif [ "$1" -le 60 ]; then echo mediocre
|
|
||||||
elif [ "$1" -le 80 ]; then echo good
|
|
||||||
else echo excellent
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
print_network_infos() {
|
|
||||||
if [ -n "$1" ]; then
|
|
||||||
device="$1"
|
|
||||||
route_line=$(ip route show dev "$device" | awk '($1 == "default") { print }')
|
|
||||||
|
|
||||||
printf ',"ip":{"local":"%s","gateway":"%s"}' \
|
|
||||||
"$(echo "$route_line" | awk '{ print $7 }')" \
|
|
||||||
"$(echo "$route_line" | awk '{ print $3 }')"
|
|
||||||
|
|
||||||
if [ "$state" = wireless ]; then
|
|
||||||
wireless_info=$(nmcli --get-values active,ssid,signal dev wifi list --rescan no | grep "^yes")
|
|
||||||
ssid=$(echo "$wireless_info" | cut -d : -f2)
|
|
||||||
signal=$(echo "$wireless_info" | cut -d : -f3)
|
|
||||||
printf ',"wifi":{"signal":"%s","ssid":"%s"}' \
|
|
||||||
"$(wifi_strength "$signal")" \
|
|
||||||
"$ssid"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
print_network_status() {
|
|
||||||
device=$(ip route | awk '($1 == "default") { print $5 }')
|
|
||||||
state=$(print_network_state "$device")
|
|
||||||
|
|
||||||
printf '{"state":"%s"%s}\n' \
|
|
||||||
"$state" \
|
|
||||||
"$(print_network_infos "$device")"
|
|
||||||
}
|
|
||||||
|
|
||||||
print_bluetooth_status (){
|
|
||||||
power=$(bluetoothctl show | grep Powered | awk '{print $2}' | sed 's/yes/on/g; s/no/off/g')
|
|
||||||
count=$(bluetoothctl devices Connected | wc -l)
|
|
||||||
echo "{\"power\": \"${power}\", \"count\": \"${count}\"}"
|
|
||||||
}
|
|
||||||
|
|
||||||
print_connectivity_info () {
|
|
||||||
network="$(print_network_status)"
|
|
||||||
bluetooth="$(print_bluetooth_status)"
|
|
||||||
|
|
||||||
echo "{\"bluetooth\": ${bluetooth}, \"network\": ${network}}"
|
|
||||||
}
|
|
||||||
|
|
||||||
print_connectivity_info
|
|
||||||
dbus-monitor --system "interface=org.freedesktop.DBus.ObjectManager" 2> /dev/null | while read -r line; do
|
|
||||||
print_connectivity_info
|
|
||||||
sleep 0.1
|
|
||||||
done
|
|
|
@ -11,5 +11,4 @@ info (){
|
||||||
info
|
info
|
||||||
dbus-monitor "path=/org/mpris/MediaPlayer2,member=PropertiesChanged" | while read -r line; do
|
dbus-monitor "path=/org/mpris/MediaPlayer2,member=PropertiesChanged" | while read -r line; do
|
||||||
info
|
info
|
||||||
sleep 0.1
|
|
||||||
done
|
done
|
||||||
|
|
|
@ -7,6 +7,6 @@ volume (){
|
||||||
}
|
}
|
||||||
|
|
||||||
volume
|
volume
|
||||||
pw-mon --color=never | grep --line-buffered "changed" | while read -r line; do
|
pactl subscribe | grep --line-buffered "'change'" | while read -r line; do
|
||||||
volume
|
volume
|
||||||
done
|
done
|
||||||
|
|
|
@ -1,78 +0,0 @@
|
||||||
#!/usr/bin/env dash
|
|
||||||
|
|
||||||
WORK_TIME=1200
|
|
||||||
PAUSE_TIME=300
|
|
||||||
|
|
||||||
timer_state_pid=0
|
|
||||||
timer_state_state="inactive"
|
|
||||||
timer_state_time="00:00"
|
|
||||||
timer_state_progress=100000
|
|
||||||
|
|
||||||
sub_timer_pid=0
|
|
||||||
|
|
||||||
start_timer() {
|
|
||||||
timer_type=$1
|
|
||||||
duration=0
|
|
||||||
|
|
||||||
timer_state_state="$timer_type" # Update done later
|
|
||||||
|
|
||||||
if [ "$timer_type" = "work" ]; then
|
|
||||||
duration=$WORK_TIME
|
|
||||||
timer_type="pause"
|
|
||||||
elif [ "$timer_type" = "pause" ]; then
|
|
||||||
duration=$PAUSE_TIME
|
|
||||||
timer_type="work"
|
|
||||||
else
|
|
||||||
echo "Invalid argument"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
i=$duration
|
|
||||||
while [ "$i" -ge 0 ] ; do
|
|
||||||
timer_state_progress=$((i * 100000 / duration))
|
|
||||||
timer_state_time="$(date -u -d @$i +'%M:%S')"
|
|
||||||
update_timer_state
|
|
||||||
sleep 1
|
|
||||||
i=$(( i - 1 ))
|
|
||||||
done
|
|
||||||
|
|
||||||
# Notify user
|
|
||||||
if [ "$timer_type" = "pause" ]; then
|
|
||||||
notify-send -c grind-timer -i ~/Pictures/Icons/moai.jpg "Work period over" "You can take a little nap now."
|
|
||||||
elif [ "$timer_type" = "work" ]; then
|
|
||||||
notify-send -c grind-timer -i ~/Pictures/Icons/moai.jpg "Pause period over" "Back to grinding we go."
|
|
||||||
fi
|
|
||||||
|
|
||||||
start_timer "$timer_type"
|
|
||||||
}
|
|
||||||
|
|
||||||
update_timer_state() {
|
|
||||||
echo "{\"pid\": $timer_state_pid, \"state\": \"$timer_state_state\", \"time\": \"$timer_state_time\", \"progress\": $timer_state_progress}"
|
|
||||||
}
|
|
||||||
|
|
||||||
handle_signal() {
|
|
||||||
# If a timer is running, kill it
|
|
||||||
if [ $sub_timer_pid -ne 0 ]; then
|
|
||||||
kill -9 $sub_timer_pid
|
|
||||||
sub_timer_pid=0
|
|
||||||
timer_state_state="inactive"
|
|
||||||
timer_state_progress=100000
|
|
||||||
update_timer_state
|
|
||||||
else
|
|
||||||
start_timer "work" &
|
|
||||||
sub_timer_pid=$!
|
|
||||||
# Will wait forever
|
|
||||||
wait $sub_timer_pid
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Set up the SIGUSR1 signal handler
|
|
||||||
trap handle_signal 10
|
|
||||||
|
|
||||||
timer_state_pid=$$; update_timer_state
|
|
||||||
|
|
||||||
while true; do
|
|
||||||
sleep infinity &
|
|
||||||
wait
|
|
||||||
done
|
|
||||||
|
|
|
@ -1,18 +1,57 @@
|
||||||
(deflisten timer_state :initial '{"pid": 0, "state": "inactive", "time": "00:00", "progress": 100000}' "~/.config/eww/scripts/timer")
|
(defvar WORK_TIME_SEC 1200)
|
||||||
|
(defvar PAUSE_TIME_SEC 300)
|
||||||
|
|
||||||
|
(defvar timer-state "inactive")
|
||||||
|
(defvar timer-start-time 0)
|
||||||
|
|
||||||
|
(defpoll timer-time
|
||||||
|
:interval "900ms"
|
||||||
|
:run-while {timer-state != "inactive"}
|
||||||
|
`date +%s`)
|
||||||
|
|
||||||
|
(defpoll timer-work-period
|
||||||
|
:interval "20m"
|
||||||
|
:initial "first"
|
||||||
|
:run-while {timer-state == "work"}
|
||||||
|
`if [ "$(eww get timer-work-period)" == "first" ]; then
|
||||||
|
eww update timer-start-time=$(date +%s)
|
||||||
|
echo next
|
||||||
|
else
|
||||||
|
notify-send -c grind-timer -i ~/Images/Icons/moai.jpg "Work period over" "You can take a little nap now."
|
||||||
|
eww update timer-state=pause timer-pause-period=first
|
||||||
|
echo final
|
||||||
|
fi`) ; TODO: Put in a separate script
|
||||||
|
|
||||||
|
(defpoll timer-pause-period
|
||||||
|
:interval "5m"
|
||||||
|
:initial "first"
|
||||||
|
:run-while {timer-state == "pause"}
|
||||||
|
`if [ "$(eww get timer-pause-period)" == "first" ]; then
|
||||||
|
eww update timer-start-time=$(date +%s)
|
||||||
|
echo next
|
||||||
|
else
|
||||||
|
notify-send -c grind-timer -i ~/Images/Icons/moai.jpg "Pause period over" "Back to grinding we go."
|
||||||
|
eww update timer-state=work timer-work-period=first
|
||||||
|
echo final
|
||||||
|
fi`) ; TODO: Put in a separate script
|
||||||
|
|
||||||
(defwidget start-button []
|
(defwidget start-button []
|
||||||
(button
|
(button
|
||||||
:class "start-button"
|
:class "start-button"
|
||||||
:vexpand true
|
:vexpand true
|
||||||
:onclick "kill -10 ${timer_state.pid}"
|
:onclick "eww update timer-state=${timer-state == "inactive" ? "work" : "inactive"} timer-work-period=first timer-pause-period=first"
|
||||||
(overlay
|
(overlay
|
||||||
(circular-progress
|
(circular-progress
|
||||||
:class "circle-progress"
|
:class "circle-progress"
|
||||||
:value "${timer_state.progress / 1000}"
|
:value "${
|
||||||
|
timer-state == "inactive" ? 100 :
|
||||||
|
100 * (timer-start-time + (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC) - timer-time)
|
||||||
|
/ (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC)
|
||||||
|
}"
|
||||||
:thickness 6
|
:thickness 6
|
||||||
:start-at 75
|
:start-at 75
|
||||||
:clockwise true)
|
:clockwise true)
|
||||||
(label :class "start-icon" :text "${timer_state.state == "inactive" ? 'Start' : (timer_state.state == "work" ? "Working" : "Pause")}")
|
(label :class "start-icon" :text "${timer-state == "inactive" ? 'Start' : (timer-state == "work" ? "Working" : "Pause")}")
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
@ -21,13 +60,13 @@
|
||||||
(box
|
(box
|
||||||
:orientation "v"
|
:orientation "v"
|
||||||
:space-evenly false
|
:space-evenly false
|
||||||
:class "timer ${timer_state.state}"
|
:class "timer ${timer-state}"
|
||||||
(label :class "timer-title" :text "Grind timer")
|
(label :class "timer-title" :text "Grind timer")
|
||||||
(start-button :valign "center" :vexpand true)
|
(start-button :valign "center" :vexpand true)
|
||||||
(revealer
|
(revealer
|
||||||
:transition "slideup"
|
:transition "slideup"
|
||||||
:reveal {timer_state.state != "inactive"}
|
:reveal {timer-state != "inactive"}
|
||||||
(label :class "timer-text" :text "${timer_state.time}")
|
(label :class "timer-text" :text "${timer-state != "inactive" ? formattime(timer-start-time - (3600 - (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC)) - timer-time, "%H:%M:%S") : "00:20:00"}")
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
)
|
)
|
||||||
|
|
|
@ -9,6 +9,6 @@ export XDG_CONFIG_HOME="${HOME}/.config"
|
||||||
# Execution
|
# Execution
|
||||||
exec ssh-agent \
|
exec ssh-agent \
|
||||||
dbus-launch --exit-with-session \
|
dbus-launch --exit-with-session \
|
||||||
Hyprland \
|
hyprland \
|
||||||
"$@"
|
"$@"
|
||||||
|
|
27
bin/gs.sh
27
bin/gs.sh
|
@ -1,27 +0,0 @@
|
||||||
#!/usr/bin/env bash
|
|
||||||
set -xeuo pipefail
|
|
||||||
|
|
||||||
gamescopeArgs=(
|
|
||||||
--adaptive-sync # VRR support
|
|
||||||
--hdr-enabled
|
|
||||||
--mangoapp # performance overlay
|
|
||||||
--rt
|
|
||||||
--steam
|
|
||||||
)
|
|
||||||
steamArgs=(
|
|
||||||
-pipewire-dmabuf
|
|
||||||
-tenfoot
|
|
||||||
)
|
|
||||||
mangoConfig=(
|
|
||||||
cpu_temp
|
|
||||||
gpu_temp
|
|
||||||
ram
|
|
||||||
vram
|
|
||||||
)
|
|
||||||
mangoVars=(
|
|
||||||
MANGOHUD=1
|
|
||||||
MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")"
|
|
||||||
)
|
|
||||||
|
|
||||||
export "${mangoVars[@]}"
|
|
||||||
exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"
|
|
|
@ -1,7 +1,7 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Run swaylock
|
# Run swaylock
|
||||||
exec swaylock \
|
exec /usr/bin/swaylock \
|
||||||
"$@" \
|
"$@" \
|
||||||
--indicator \
|
--indicator \
|
||||||
--daemonize \
|
--daemonize \
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
if [[ $# -lt 1 ]] || [[ ! $1 = @(daemon|change) ]]; then
|
if [[ $# -lt 1 ]] || [[ ! $1 = @(daemon|change) ]]; then
|
||||||
echo "Usage:
|
echo "Usage:
|
||||||
|
@ -10,7 +10,7 @@ export SWWW_TRANSITION=wipe
|
||||||
export SWWW_TRANSITION_ANGLE=$RANDOM
|
export SWWW_TRANSITION_ANGLE=$RANDOM
|
||||||
export SWWW_TRANSITION_FPS=60
|
export SWWW_TRANSITION_FPS=60
|
||||||
|
|
||||||
wallpapers_dir=~/Pictures/Wallpapers/enabled
|
wallpapers_dir=~/Images/Wallpapers/enabled
|
||||||
|
|
||||||
if [[ "$1" = "daemon" ]]; then
|
if [[ "$1" = "daemon" ]]; then
|
||||||
exec swww-daemon
|
exec swww-daemon
|
||||||
|
|
|
@ -5,14 +5,9 @@
|
||||||
}: {
|
}: {
|
||||||
home.file = {
|
home.file = {
|
||||||
".config/hypr/hyprland.conf.d".source = ./hyprland.conf.d;
|
".config/hypr/hyprland.conf.d".source = ./hyprland.conf.d;
|
||||||
# Gamemode script
|
|
||||||
".config/hypr/gamemode.sh" = {
|
|
||||||
source = ./gamemode.sh;
|
|
||||||
executable = true;
|
|
||||||
};
|
|
||||||
# Hyprland launch wrapper
|
# Hyprland launch wrapper
|
||||||
".local/bin/Hyprland-wrapper" = {
|
".local/bin/Hyprland" = {
|
||||||
source = ../../bin/Hyprland-wrapper;
|
source = ../../bin/Hyprland;
|
||||||
executable = true;
|
executable = true;
|
||||||
};
|
};
|
||||||
# UWU launcher script
|
# UWU launcher script
|
||||||
|
@ -25,67 +20,33 @@
|
||||||
source = ../../bin/togglescreen;
|
source = ../../bin/togglescreen;
|
||||||
executable = true;
|
executable = true;
|
||||||
};
|
};
|
||||||
# Wallpaperctl script
|
|
||||||
".local/bin/wallpaperctl" = {
|
|
||||||
source = ../../bin/wallpaperctl;
|
|
||||||
executable = true;
|
|
||||||
};
|
|
||||||
# Lock script
|
|
||||||
".local/bin/swaylock-hyprland" = {
|
|
||||||
source = ../../bin/swaylock-hyprland;
|
|
||||||
executable = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = [
|
||||||
egl-wayland # For NVIDIA compatibility
|
pkgs.egl-wayland # For NVIDIA compatibility
|
||||||
xdg-utils
|
pkgs.xdg-desktop-portal-hyprland
|
||||||
xdg-desktop-portal-hyprland
|
|
||||||
# Common DE packages required in config
|
# Common DE packages required in config
|
||||||
wl-clipboard
|
pkgs.wl-clipboard-rs
|
||||||
grim
|
pkgs.grim
|
||||||
slurp
|
pkgs.slurp
|
||||||
hyprpicker
|
pkgs.hyprpicker
|
||||||
udiskie
|
pkgs.udiskie
|
||||||
swww
|
pkgs.swww
|
||||||
swaylock-effects
|
|
||||||
brightnessctl
|
|
||||||
networkmanagerapplet
|
|
||||||
# Apps launchable from bindings
|
# Apps launchable from bindings
|
||||||
kitty
|
pkgs.firefox
|
||||||
yazi
|
pkgs.kitty
|
||||||
# Yazi requirements
|
pkgs.yazi
|
||||||
ffmpegthumbnailer
|
# Theme
|
||||||
poppler
|
pkgs.bibata-cursors
|
||||||
imagemagick
|
pkgs.qogir-theme
|
||||||
# Other apps
|
pkgs.qogir-icon-theme
|
||||||
vlc
|
|
||||||
qbittorrent
|
|
||||||
webcord
|
|
||||||
# Firefox PWA
|
|
||||||
firefoxpwa
|
|
||||||
];
|
];
|
||||||
|
|
||||||
home.pointerCursor = {
|
|
||||||
gtk.enable = true;
|
|
||||||
# x11.enable = true;
|
|
||||||
package = pkgs.bibata-cursors;
|
|
||||||
name = "Bibata-Modern-Classic";
|
|
||||||
size = 24;
|
|
||||||
};
|
|
||||||
|
|
||||||
wayland.windowManager.hyprland = {
|
wayland.windowManager.hyprland = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
|
|
||||||
extraConfig = builtins.readFile ./hyprland.conf;
|
extraConfig = builtins.readFile ./hyprland.conf;
|
||||||
plugins = [inputs.hy3.packages.${pkgs.system}.hy3];
|
plugins = [inputs.hy3.packages.${pkgs.system}.hy3];
|
||||||
};
|
};
|
||||||
home.sessionVariables.NIXOS_OZONE_WL = "1";
|
|
||||||
|
|
||||||
programs.firefox = {
|
|
||||||
enable = true;
|
|
||||||
nativeMessagingHosts = [pkgs.firefoxpwa];
|
|
||||||
};
|
|
||||||
|
|
||||||
# bar is required
|
# bar is required
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -93,6 +54,5 @@
|
||||||
../../term/alacritty
|
../../term/alacritty
|
||||||
../../misc/swayosd
|
../../misc/swayosd
|
||||||
../../misc/anyrun
|
../../misc/anyrun
|
||||||
../../misc/end-rs
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,12 +53,10 @@ decoration {
|
||||||
passes = 1
|
passes = 1
|
||||||
}
|
}
|
||||||
|
|
||||||
shadow {
|
drop_shadow = yes
|
||||||
enabled = yes
|
shadow_range = 4
|
||||||
range = 4
|
shadow_render_power = 3
|
||||||
render_power = 4
|
col.shadow = rgba(1a1a1aee)
|
||||||
color = rgba(1a1a1aee)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
animations {
|
animations {
|
||||||
|
|
|
@ -47,7 +47,7 @@ bind = ,XF86Launch3, exec, asusctl led-mode -n
|
||||||
# Wayland gamemode
|
# Wayland gamemode
|
||||||
bind = WIN, F5, exec, ~/.config/hypr/gamemode.sh
|
bind = WIN, F5, exec, ~/.config/hypr/gamemode.sh
|
||||||
# Panel overdrive
|
# Panel overdrive
|
||||||
bind = $mainMod+SHIFT, o, exec, ~/.config/eww/scripts/refresh_rate toggle
|
bind = $mainMod+SHIFT, o, exec, ~/.config/waybar/scripts/refresh_rate.sh toggle; pkill -SIGRTMIN+10 waybar
|
||||||
# Toggle screen
|
# Toggle screen
|
||||||
bind = WIN, F9, exec, togglescreen
|
bind = WIN, F9, exec, togglescreen
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,13 @@
|
||||||
# Hyprland GPU backend
|
# Hyprland GPU backend
|
||||||
# env = WLR_DRM_DEVICES,/dev/dri/card1
|
# env = WLR_DRM_DEVICES,/dev/dri/card1
|
||||||
|
|
||||||
|
# Hyprcursor
|
||||||
|
env = HYPRCURSOR_THEME,Bibata-Modern
|
||||||
|
env = HYPRCURSOR_SIZE,24
|
||||||
|
# X cursor
|
||||||
|
env = XCURSOR_THEME,Bibata-Modern
|
||||||
|
env = XCURSOR_SIZE,24
|
||||||
|
|
||||||
# Backend
|
# Backend
|
||||||
env = GDK_BACKEND, wayland,x11
|
env = GDK_BACKEND, wayland,x11
|
||||||
env = SDL_VIDEODRIVER, wayland
|
env = SDL_VIDEODRIVER, wayland
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# Startup
|
# Startup
|
||||||
|
|
||||||
exec-once = artix-pipewire-launcher restart
|
exec-once = artix-pipewire-launcher restart
|
||||||
|
exec-once = end-rs daemon
|
||||||
exec-once = wallpaperctl daemon
|
exec-once = wallpaperctl daemon
|
||||||
exec-once = swayosd-server
|
exec-once = swayosd-server
|
||||||
exec-once = nm-applet
|
|
||||||
exec-once = udiskie
|
exec-once = udiskie
|
||||||
exec-once = eww-bard
|
exec-once = eww-bard
|
||||||
exec-once = end-rs daemon
|
exec-once = hyprctl setcursor Bibata-Modern-Classic 24
|
||||||
exec-once = dbus-update-activation-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
|
exec-once = dbus-update-activation-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP
|
||||||
|
|
|
@ -13,8 +13,6 @@ windowrulev2 = workspace 8 silent, class:(Deezer)
|
||||||
windowrule = float, ^(connman-gtk)$
|
windowrule = float, ^(connman-gtk)$
|
||||||
|
|
||||||
windowrulev2 = float, class:(iwgtk)
|
windowrulev2 = float, class:(iwgtk)
|
||||||
windowrulev2 = float, class:(nm-connection-editor)
|
|
||||||
windowrulev2 = float, class:(.blueman-manager-wrapped)
|
|
||||||
|
|
||||||
windowrulev2 = float, class:(localsend_app)
|
windowrulev2 = float, class:(localsend_app)
|
||||||
|
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
# Preload
|
# Preload
|
||||||
preload = ~/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
|
preload = ~/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
|
||||||
preload = ~/Pictures/Wallpapers/Overthinker - Inzo.png
|
preload = ~/Images/Wallpapers/Overthinker - Inzo.png
|
||||||
|
|
||||||
# Definition
|
# Definition
|
||||||
wallpaper = , ~/Pictures/Wallpapers/Overthinker - Inzo.png
|
wallpaper = , ~/Images/Wallpapers/Overthinker - Inzo.png
|
||||||
# wallpaper = , ~/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
|
# wallpaper = , ~/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
|
||||||
|
|
||||||
splash = false
|
splash = false
|
||||||
|
|
|
@ -6,6 +6,6 @@ exec --no-startup-id /usr/bin/wired
|
||||||
|
|
||||||
exec --no-startup-id artix-pipewire-launcher restart
|
exec --no-startup-id artix-pipewire-launcher restart
|
||||||
|
|
||||||
exec --no-startup-id sleep 1 && feh --bg-fill "/home/gaspard/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png"
|
exec --no-startup-id sleep 1 && feh --bg-fill "/home/gaspard/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png"
|
||||||
|
|
||||||
exec udiskie
|
exec udiskie
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
# Gasdev infrastructure
|
|
||||||
|
|
||||||
## Initial installation
|
|
||||||
|
|
||||||
Cloud providers not always provide a NixOS install option, so I use [nixos-anywhere](https://github.com/nix-community/nixos-anywhere) for remote NixOS installation using SSH
|
|
||||||
|
|
||||||
### Kexec installation
|
|
||||||
|
|
||||||
As specified in [nixos-images](https://github.com/nix-community/nixos-images#kexec-tarballs):
|
|
||||||
|
|
||||||
```sh
|
|
||||||
# Run as root
|
|
||||||
curl -L https://github.com/nix-community/nixos-images/releases/download/nixos-unstable/nixos-kexec-installer-noninteractive-x86_64-linux.tar.gz | tar -xzf- -C /root
|
|
||||||
/root/kexec/run
|
|
||||||
```
|
|
||||||
|
|
||||||
The machine will restart in a new NixOS installation. The existing SSH keys are copied to the new installation's _root_ user.
|
|
||||||
|
|
||||||
### NixOS-everywhere
|
|
||||||
|
|
||||||
```sh
|
|
||||||
nix run github:nix-community/nixos-anywhere -- --flake .#<configuration name> root@<ip address>
|
|
||||||
```
|
|
||||||
|
|
||||||
## Deploy configuration
|
|
||||||
|
|
||||||
In order to deploy new configuration changes after the initial NixOS installation, I use [deploy-rs](https://github.com/serokell/deploy-rs). It requires a properly set-up **ssh-agent** and SSH keys being installed on the **root** user.
|
|
||||||
|
|
||||||
Then you can deploy the new configuration:
|
|
||||||
|
|
||||||
```sh
|
|
||||||
deploy .#<configuration name>
|
|
||||||
```
|
|
|
@ -24,6 +24,6 @@ normal = "block"
|
||||||
select = "underline"
|
select = "underline"
|
||||||
|
|
||||||
[keys.normal]
|
[keys.normal]
|
||||||
backspace = {r = ":sh cargo run", b = ":sh cargo build", p = ":sh python src/main.py"}
|
backspace = {r = ":sh cargo run", p = ":sh python src/main.py"}
|
||||||
a = ["ensure_selections_forward", "collapse_selection", "move_char_right", "insert_mode"]
|
a = ["ensure_selections_forward", "collapse_selection", "move_char_right", "insert_mode"]
|
||||||
A-R = [":clipboard-paste-replace"]
|
A-R = [":clipboard-paste-replace"]
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
{pkgs, ...}: {
|
{pkgs, ...}: {
|
||||||
home.packages = with pkgs; [
|
home.packages = [
|
||||||
helix
|
pkgs.helix
|
||||||
lsp-ai
|
|
||||||
];
|
];
|
||||||
|
|
||||||
home.file = {
|
home.file = {
|
||||||
|
|
|
@ -1,34 +1,5 @@
|
||||||
##############################
|
|
||||||
## Configuration for lsp-ai ##
|
|
||||||
##############################
|
|
||||||
|
|
||||||
[language-server.lsp-ai]
|
|
||||||
command = "lsp-ai"
|
|
||||||
|
|
||||||
[language-server.lsp-ai.config.memory]
|
|
||||||
file_store = { }
|
|
||||||
|
|
||||||
[language-server.lsp-ai.config.models.codestral]
|
|
||||||
type = "mistral_fim"
|
|
||||||
fim_endpoint = "https://codestral.mistral.ai/v1/fim/completions"
|
|
||||||
model = "codestral-latest"
|
|
||||||
auth_token_env_var_name = "CODESTRAL_API_KEY"
|
|
||||||
|
|
||||||
[language-server.lsp-ai.config.completion]
|
|
||||||
model = "codestral"
|
|
||||||
|
|
||||||
[language-server.lsp-ai.config.completion.parameters]
|
|
||||||
max_tokens = 64
|
|
||||||
max_context = 2048
|
|
||||||
|
|
||||||
|
|
||||||
#################################
|
|
||||||
## Configuration for languages ##
|
|
||||||
#################################
|
|
||||||
|
|
||||||
[[language]]
|
[[language]]
|
||||||
name = "rust"
|
name = "rust"
|
||||||
language-servers = [ "rust-analyzer" ]
|
|
||||||
|
|
||||||
[language.debugger]
|
[language.debugger]
|
||||||
command = "codelldb"
|
command = "codelldb"
|
||||||
|
@ -49,7 +20,7 @@ runInTerminal = false
|
||||||
|
|
||||||
[[language]]
|
[[language]]
|
||||||
name = "python"
|
name = "python"
|
||||||
language-servers = [ "pyright", "ruff", "lsp-ai" ]
|
language-servers = [ "pyright", "ruff" ]
|
||||||
|
|
||||||
[language-server.pyright.config.python.analysis]
|
[language-server.pyright.config.python.analysis]
|
||||||
typeCheckingMode = "basic"
|
typeCheckingMode = "basic"
|
||||||
|
@ -102,7 +73,7 @@ formatter = { command = 'prettier', args = ["--parser", "css"] }
|
||||||
name = "scss"
|
name = "scss"
|
||||||
formatter = { command = "prettier", args = ["--stdin-filepath", "dummy.scss"] }
|
formatter = { command = "prettier", args = ["--stdin-filepath", "dummy.scss"] }
|
||||||
indent = { tab-width = 4, unit = "\t" }
|
indent = { tab-width = 4, unit = "\t" }
|
||||||
language-servers = ["vscode-css-language-server", "lsp-ai"]
|
language-servers = ["vscode-css-language-server"]
|
||||||
auto-format = true
|
auto-format = true
|
||||||
|
|
||||||
[[language]]
|
[[language]]
|
||||||
|
|
481
flake.lock
481
flake.lock
|
@ -1,47 +1,5 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"anixrun": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1727281125,
|
|
||||||
"narHash": "sha256-/d65UInO08BTrE1JrXwc0/+tLdkRQuM4H2eSirbuLcI=",
|
|
||||||
"owner": "GaspardCulis",
|
|
||||||
"repo": "anixrun",
|
|
||||||
"rev": "95931fe5365120cafe46cbc8e3e0df5667b50db6",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "GaspardCulis",
|
|
||||||
"repo": "anixrun",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"anyrun": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-parts": "flake-parts",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"systems": "systems"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731092955,
|
|
||||||
"narHash": "sha256-L1hLXf4IDZ0KoXbFiSNNZJ7IrReEr/J+CLt6Rl4Ea3M=",
|
|
||||||
"owner": "anyrun-org",
|
|
||||||
"repo": "anyrun",
|
|
||||||
"rev": "d2017f224b2bfd7e33573c7070e7c3e2960c7dcc",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "anyrun-org",
|
|
||||||
"repo": "anyrun",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"aquamarine": {
|
"aquamarine": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hyprutils": [
|
"hyprutils": [
|
||||||
|
@ -66,11 +24,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730968822,
|
"lastModified": 1725199881,
|
||||||
"narHash": "sha256-NocDjINsh6ismkhb0Xr6xPRksmhuB2WGf8ZmXMhxu7Y=",
|
"narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "aquamarine",
|
"repo": "aquamarine",
|
||||||
"rev": "a49bc3583ff223f426cb3526fdaa4bcaa247ec14",
|
"rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -79,48 +37,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"caddy": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1727938992,
|
|
||||||
"narHash": "sha256-uFzTqMYO9anwxQsfJ4AWEd0+FyBaiKjJ/bYF+ABFOB8=",
|
|
||||||
"owner": "GaspardCulis",
|
|
||||||
"repo": "nixos-caddy-ovh",
|
|
||||||
"rev": "01860dceb7292392addda3780c6c8832f345b0f0",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "GaspardCulis",
|
|
||||||
"repo": "nixos-caddy-ovh",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"deploy-rs": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"utils": "utils"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1727447169,
|
|
||||||
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
|
|
||||||
"owner": "serokell",
|
|
||||||
"repo": "deploy-rs",
|
|
||||||
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "serokell",
|
|
||||||
"repo": "deploy-rs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"disko": {
|
"disko": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -128,11 +44,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731274291,
|
"lastModified": 1726838624,
|
||||||
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
|
"narHash": "sha256-SU40aZ/UyK4bhuanaWvqlhIw2/kiDrGYcKxCkTn5FP8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
|
"rev": "0fe779905ffe730eace0bf7ecf56938c625012a5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -141,102 +57,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"end-rs": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731465760,
|
|
||||||
"narHash": "sha256-GYLUsd3WIrw0smnuBHR0kfDcHu16PQgRs8hIXvfdm5I=",
|
|
||||||
"owner": "Dr-42",
|
|
||||||
"repo": "end-rs",
|
|
||||||
"rev": "11688255d645e97708be5fb66ccc268bc12f5ac5",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Dr-42",
|
|
||||||
"repo": "end-rs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696426674,
|
|
||||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-compat_2": {
|
|
||||||
"flake": false,
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1696426674,
|
|
||||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "edolstra",
|
|
||||||
"repo": "flake-compat",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-parts": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs-lib": [
|
|
||||||
"anyrun",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1727826117,
|
|
||||||
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
|
|
||||||
"owner": "hercules-ci",
|
|
||||||
"repo": "flake-parts",
|
|
||||||
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "hercules-ci",
|
|
||||||
"repo": "flake-parts",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"gitignore": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"hy3",
|
|
||||||
"hyprland",
|
|
||||||
"pre-commit-hooks",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1709087332,
|
|
||||||
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
|
|
||||||
"owner": "hercules-ci",
|
|
||||||
"repo": "gitignore.nix",
|
|
||||||
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "hercules-ci",
|
|
||||||
"repo": "gitignore.nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"home-manager": {
|
"home-manager": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
|
@ -244,11 +64,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731235328,
|
"lastModified": 1726440980,
|
||||||
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
"narHash": "sha256-ChhIrjtdu5d83W+YDRH+Ec5g1MmM0xk6hJnkz15Ot7M=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
"rev": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -262,11 +82,11 @@
|
||||||
"hyprland": "hyprland"
|
"hyprland": "hyprland"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731228735,
|
"lastModified": 1725825817,
|
||||||
"narHash": "sha256-b3PuEtRHTSxV809RLUiZVQhDQZ8NxxpWUjboTe9QAAY=",
|
"narHash": "sha256-hBvwaMlgBuR2cB1Kx6cA1z7x38HXUujNcHtBsKhaEZs=",
|
||||||
"owner": "outfoxxed",
|
"owner": "outfoxxed",
|
||||||
"repo": "hy3",
|
"repo": "hy3",
|
||||||
"rev": "7e792f712a2a896bd8d3174780c8944ef5ae7931",
|
"rev": "4b194eb5486b89102726ad5f4492bb3440c46031",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -294,11 +114,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728669738,
|
"lastModified": 1722623071,
|
||||||
"narHash": "sha256-EDNAU9AYcx8OupUzbTbWE1d3HYdeG0wO6Msg3iL1muk=",
|
"narHash": "sha256-sLADpVgebpCBFXkA1FlCXtvEPu1tdEsTfqK1hfeHySE=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "hyprcursor",
|
"repo": "hyprcursor",
|
||||||
"rev": "0264e698149fcb857a66a53018157b41f8d97bb0",
|
"rev": "912d56025f03d41b1ad29510c423757b4379eb1c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -311,26 +131,26 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"aquamarine": "aquamarine",
|
"aquamarine": "aquamarine",
|
||||||
"hyprcursor": "hyprcursor",
|
"hyprcursor": "hyprcursor",
|
||||||
"hyprland-protocols": "hyprland-protocols",
|
|
||||||
"hyprlang": "hyprlang",
|
"hyprlang": "hyprlang",
|
||||||
"hyprutils": "hyprutils",
|
"hyprutils": "hyprutils",
|
||||||
"hyprwayland-scanner": "hyprwayland-scanner",
|
"hyprwayland-scanner": "hyprwayland-scanner",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"pre-commit-hooks": "pre-commit-hooks",
|
"systems": "systems",
|
||||||
"systems": "systems_3",
|
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731162467,
|
"lastModified": 1725814101,
|
||||||
"narHash": "sha256-b0w2XOVCuEdBIiTpKaaeSesKux1Q51YWEWdKbljDXPE=",
|
"narHash": "sha256-+wE97utoDfhQP6AMdZHUmBeL8grbce/Jv2i5M+6AbaE=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "a425fbebe4cf4238e48a42f724ef2208959d66cf",
|
"rev": "0f594732b063a90d44df8c5d402d658f27471dfe",
|
||||||
"revCount": 5433,
|
"revCount": 5196,
|
||||||
|
"submodules": true,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/hyprwm/Hyprland"
|
"url": "https://github.com/hyprwm/Hyprland"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"rev": "a425fbebe4cf4238e48a42f724ef2208959d66cf",
|
"rev": "0f594732b063a90d44df8c5d402d658f27471dfe",
|
||||||
|
"submodules": true,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/hyprwm/Hyprland"
|
"url": "https://github.com/hyprwm/Hyprland"
|
||||||
}
|
}
|
||||||
|
@ -340,20 +160,22 @@
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland",
|
"hyprland",
|
||||||
|
"xdph",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"systems": [
|
"systems": [
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland",
|
"hyprland",
|
||||||
|
"xdph",
|
||||||
"systems"
|
"systems"
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728345020,
|
"lastModified": 1721326555,
|
||||||
"narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=",
|
"narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "hyprland-protocols",
|
"repo": "hyprland-protocols",
|
||||||
"rev": "a7c183800e74f337753de186522b9017a07a8cee",
|
"rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -381,11 +203,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728168612,
|
"lastModified": 1725188252,
|
||||||
"narHash": "sha256-AnB1KfiXINmuiW7BALYrKqcjCnsLZPifhb/7BsfPbns=",
|
"narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "hyprlang",
|
"repo": "hyprlang",
|
||||||
"rev": "f054f2e44d6a0b74607a6bc0f52dba337a3db38e",
|
"rev": "c12ab785ce1982f82594aff03b3104c598186ddd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -408,11 +230,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730968903,
|
"lastModified": 1724966483,
|
||||||
"narHash": "sha256-zFvzLXcSm0Ia4XI1SE4FQ9KE63hlGrRWhLtwMolWuR8=",
|
"narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "hyprutils",
|
"repo": "hyprutils",
|
||||||
"rev": "3ce0cde8709cdacbfba471f8e828433b58a561e9",
|
"rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -435,11 +257,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1726874836,
|
"lastModified": 1721324119,
|
||||||
"narHash": "sha256-VKR0sf0PSNCB0wPHVKSAn41mCNVCnegWmgkrneKDhHM=",
|
"narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "hyprwayland-scanner",
|
"repo": "hyprwayland-scanner",
|
||||||
"rev": "500c81a9e1a76760371049a8d99e008ea77aa59e",
|
"rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -448,72 +270,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"jovian": {
|
|
||||||
"inputs": {
|
|
||||||
"nix-github-actions": "nix-github-actions",
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731227601,
|
|
||||||
"narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=",
|
|
||||||
"owner": "Jovian-Experiments",
|
|
||||||
"repo": "Jovian-NixOS",
|
|
||||||
"rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Jovian-Experiments",
|
|
||||||
"repo": "Jovian-NixOS",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nix-github-actions": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"jovian",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1729697500,
|
|
||||||
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
|
|
||||||
"owner": "zhaofengli",
|
|
||||||
"repo": "nix-github-actions",
|
|
||||||
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "zhaofengli",
|
|
||||||
"ref": "matrix-name",
|
|
||||||
"repo": "nix-github-actions",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixos-hardware": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731797098,
|
|
||||||
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixos-hardware",
|
|
||||||
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "master",
|
|
||||||
"repo": "nixos-hardware",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730785428,
|
"lastModified": 1725103162,
|
||||||
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
|
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
|
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -523,45 +286,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1730741070,
|
|
||||||
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-24.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs-stable_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1730602179,
|
|
||||||
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "release-24.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731139594,
|
"lastModified": 1726243404,
|
||||||
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
|
"narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
|
"rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -571,70 +302,16 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"pre-commit-hooks": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-compat": "flake-compat_2",
|
|
||||||
"gitignore": "gitignore",
|
|
||||||
"nixpkgs": [
|
|
||||||
"hy3",
|
|
||||||
"hyprland",
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1730814269,
|
|
||||||
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
|
|
||||||
"owner": "cachix",
|
|
||||||
"repo": "git-hooks.nix",
|
|
||||||
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "cachix",
|
|
||||||
"repo": "git-hooks.nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"anixrun": "anixrun",
|
|
||||||
"anyrun": "anyrun",
|
|
||||||
"caddy": "caddy",
|
|
||||||
"deploy-rs": "deploy-rs",
|
|
||||||
"disko": "disko",
|
"disko": "disko",
|
||||||
"end-rs": "end-rs",
|
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
"hy3": "hy3",
|
"hy3": "hy3",
|
||||||
"hyprland": [
|
"hyprland": [
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland"
|
"hyprland"
|
||||||
],
|
],
|
||||||
"jovian": "jovian",
|
"nixpkgs": "nixpkgs_2"
|
||||||
"nixos-hardware": "nixos-hardware",
|
|
||||||
"nixpkgs": "nixpkgs_2",
|
|
||||||
"sops-nix": "sops-nix"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"sops-nix": {
|
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"nixpkgs"
|
|
||||||
],
|
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731364708,
|
|
||||||
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=",
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"rev": "4c91d52db103e757fc25b58998b0576ae702d659",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "Mic92",
|
|
||||||
"repo": "sops-nix",
|
|
||||||
"type": "github"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems": {
|
"systems": {
|
||||||
|
@ -652,76 +329,14 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1681028828,
|
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"systems_3": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1689347949,
|
|
||||||
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default-linux",
|
|
||||||
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "nix-systems",
|
|
||||||
"repo": "default-linux",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"utils": {
|
|
||||||
"inputs": {
|
|
||||||
"systems": "systems_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1701680307,
|
|
||||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"xdph": {
|
"xdph": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"hyprland-protocols": [
|
"hyprland-protocols": "hyprland-protocols",
|
||||||
"hy3",
|
|
||||||
"hyprland",
|
|
||||||
"hyprland-protocols"
|
|
||||||
],
|
|
||||||
"hyprlang": [
|
"hyprlang": [
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland",
|
"hyprland",
|
||||||
"hyprlang"
|
"hyprlang"
|
||||||
],
|
],
|
||||||
"hyprutils": [
|
|
||||||
"hy3",
|
|
||||||
"hyprland",
|
|
||||||
"hyprutils"
|
|
||||||
],
|
|
||||||
"hyprwayland-scanner": [
|
|
||||||
"hy3",
|
|
||||||
"hyprland",
|
|
||||||
"hyprwayland-scanner"
|
|
||||||
],
|
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"hy3",
|
"hy3",
|
||||||
"hyprland",
|
"hyprland",
|
||||||
|
@ -734,11 +349,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730743262,
|
"lastModified": 1725203932,
|
||||||
"narHash": "sha256-iTLqj3lU8kFehPm5tXpctzkD274t/k1nwSSq3qCWXeg=",
|
"narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "xdg-desktop-portal-hyprland",
|
"repo": "xdg-desktop-portal-hyprland",
|
||||||
"rev": "09b23cef06fe248e61cec8862c04b9bcb62f4b6d",
|
"rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
114
flake.nix
114
flake.nix
|
@ -3,32 +3,16 @@
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "github:nix-community/home-manager";
|
url = "github:nix-community/home-manager";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
caddy = {
|
|
||||||
url = "github:GaspardCulis/nixos-caddy-ovh";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
disko = {
|
disko = {
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy-rs = {
|
|
||||||
url = "github:serokell/deploy-rs";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
sops-nix = {
|
|
||||||
url = "github:Mic92/sops-nix";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Hyprland
|
# Hyprland
|
||||||
hyprland = {
|
hyprland = {
|
||||||
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
|
url = "git+https://github.com/hyprwm/Hyprland?submodules=1";
|
||||||
|
@ -37,72 +21,25 @@
|
||||||
hy3 = {
|
hy3 = {
|
||||||
url = "github:outfoxxed/hy3";
|
url = "github:outfoxxed/hy3";
|
||||||
};
|
};
|
||||||
|
|
||||||
end-rs = {
|
|
||||||
url = "github:Dr-42/end-rs";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
anyrun = {
|
|
||||||
url = "github:anyrun-org/anyrun";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
anixrun = {
|
|
||||||
url = "github:GaspardCulis/anixrun";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
|
|
||||||
# SteamOS
|
|
||||||
jovian = {
|
|
||||||
url = "github:Jovian-Experiments/Jovian-NixOS";
|
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs = {
|
||||||
self,
|
self,
|
||||||
nixpkgs,
|
nixpkgs,
|
||||||
disko,
|
disko,
|
||||||
deploy-rs,
|
|
||||||
sops-nix,
|
|
||||||
home-manager,
|
home-manager,
|
||||||
jovian,
|
|
||||||
nixos-hardware,
|
|
||||||
...
|
...
|
||||||
} @ inputs: let
|
} @ inputs: let
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = nixpkgs.legacyPackages.${system};
|
pkgs = nixpkgs.legacyPackages.${system};
|
||||||
in rec {
|
in {
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
Zephyrus = nixpkgs.lib.nixosSystem {
|
Zephyrus = nixpkgs.lib.nixosSystem {
|
||||||
extraArgs = {inherit inputs;};
|
extraArgs = {inherit inputs;};
|
||||||
modules = [
|
modules = [
|
||||||
./hosts/Zephyrus
|
./hosts/Zephyrus
|
||||||
disko.nixosModules.disko
|
disko.nixosModules.disko
|
||||||
nixos-hardware.nixosModules.asus-zephyrus-ga503
|
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
jovian.nixosModules.jovian
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
OVHCloud = nixpkgs.lib.nixosSystem {
|
|
||||||
extraArgs = {inherit inputs;};
|
|
||||||
modules = [
|
|
||||||
./hosts/OVHCloud
|
|
||||||
disko.nixosModules.disko
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
pi4 = nixpkgs.lib.nixosSystem {
|
|
||||||
extraArgs = {inherit inputs;};
|
|
||||||
system = "aarch64-linux";
|
|
||||||
modules = [
|
|
||||||
./hosts/pi4
|
|
||||||
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
|
|
||||||
nixos-hardware.nixosModules.raspberry-pi-4
|
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -127,56 +64,13 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
deploy.nodes = {
|
|
||||||
OVHCloud = {
|
|
||||||
hostname = "gasdev.fr";
|
|
||||||
profiles.system = {
|
|
||||||
user = "root";
|
|
||||||
sshUser = "root";
|
|
||||||
sshOpts = ["-p" "22"];
|
|
||||||
sudo = "";
|
|
||||||
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.OVHCloud;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
pi4 = {
|
|
||||||
hostname = "10.8.0.31";
|
|
||||||
profiles.system = {
|
|
||||||
user = "root";
|
|
||||||
sshUser = "root";
|
|
||||||
sshOpts = ["-p" "22"];
|
|
||||||
sudo = "";
|
|
||||||
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi4;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
images.pi4 =
|
|
||||||
(self.nixosConfigurations.pi4.extendModules {
|
|
||||||
modules = [
|
|
||||||
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
|
|
||||||
{
|
|
||||||
disabledModules = ["profiles/base.nix"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
})
|
|
||||||
.config
|
|
||||||
.system
|
|
||||||
.build
|
|
||||||
.sdImage;
|
|
||||||
packages.x86_64-linux.pi4-image = images.pi4;
|
|
||||||
packages.aarch64-linux.pi4-image = images.pi4;
|
|
||||||
|
|
||||||
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
|
|
||||||
|
|
||||||
devShells.${system}.default = pkgs.mkShell {
|
devShells.${system}.default = pkgs.mkShell {
|
||||||
packages = with pkgs; [
|
nativeBuildInputs = with pkgs; [
|
||||||
alejandra
|
|
||||||
git
|
git
|
||||||
helix
|
helix
|
||||||
nil
|
|
||||||
pkgs.sops
|
|
||||||
pkgs.home-manager
|
pkgs.home-manager
|
||||||
pkgs.deploy-rs
|
alejandra
|
||||||
|
nil
|
||||||
];
|
];
|
||||||
|
|
||||||
shellHook = ''
|
shellHook = ''
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
{pkgs, ...}: {
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
gamemode
|
|
||||||
];
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./minecraft
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,5 +0,0 @@
|
||||||
{pkgs, ...}: {
|
|
||||||
home.packages = with pkgs; [
|
|
||||||
prismlauncher
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,84 +0,0 @@
|
||||||
{
|
|
||||||
inputs,
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
./sops.nix
|
|
||||||
../../services
|
|
||||||
];
|
|
||||||
|
|
||||||
# Nix
|
|
||||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Paris";
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
ports = [22];
|
|
||||||
settings = {
|
|
||||||
PasswordAuthentication = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyRXFQ6iA5p0vDuoGSHZfajiVZPAGIyqhTziM7QgBV gaspard@nixos"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Podman
|
|
||||||
virtualisation = {
|
|
||||||
containers.enable = true;
|
|
||||||
oci-containers.backend = "podman";
|
|
||||||
podman = {
|
|
||||||
enable = true;
|
|
||||||
# Required for containers under podman-compose to be able to talk to each other.
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
helix
|
|
||||||
git
|
|
||||||
];
|
|
||||||
|
|
||||||
# User config
|
|
||||||
users.groups.gaspard = {
|
|
||||||
name = "gaspard";
|
|
||||||
};
|
|
||||||
users.users.gaspard = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [
|
|
||||||
"wheel"
|
|
||||||
];
|
|
||||||
group = "gaspard";
|
|
||||||
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
||||||
};
|
|
||||||
|
|
||||||
home-manager = {
|
|
||||||
extraSpecialArgs = {inherit inputs;};
|
|
||||||
users = {
|
|
||||||
# FIX: No user config file
|
|
||||||
"gaspard" = {
|
|
||||||
home.username = "gaspard";
|
|
||||||
home.homeDirectory = "/home/gaspard";
|
|
||||||
home.stateVersion = "24.05";
|
|
||||||
|
|
||||||
programs.home-manager.enable = true;
|
|
||||||
programs.direnv.enable = true;
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
../../shell
|
|
||||||
../../editor
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
{lib, ...}: {
|
|
||||||
disko.devices = {
|
|
||||||
disk.disk1 = {
|
|
||||||
device = lib.mkDefault "/dev/sda";
|
|
||||||
type = "disk";
|
|
||||||
content = {
|
|
||||||
type = "gpt";
|
|
||||||
partitions = {
|
|
||||||
boot = {
|
|
||||||
name = "boot";
|
|
||||||
size = "1M";
|
|
||||||
type = "EF02";
|
|
||||||
};
|
|
||||||
esp = {
|
|
||||||
name = "ESP";
|
|
||||||
size = "500M";
|
|
||||||
type = "EF00";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "vfat";
|
|
||||||
mountpoint = "/boot";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
root = {
|
|
||||||
name = "root";
|
|
||||||
size = "100%";
|
|
||||||
content = {
|
|
||||||
type = "lvm_pv";
|
|
||||||
vg = "pool";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
lvm_vg = {
|
|
||||||
pool = {
|
|
||||||
type = "lvm_vg";
|
|
||||||
lvs = {
|
|
||||||
root = {
|
|
||||||
size = "100%FREE";
|
|
||||||
content = {
|
|
||||||
type = "filesystem";
|
|
||||||
format = "ext4";
|
|
||||||
mountpoint = "/";
|
|
||||||
mountOptions = [
|
|
||||||
"defaults"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,48 +0,0 @@
|
||||||
{
|
|
||||||
modulesPath,
|
|
||||||
config,
|
|
||||||
inputs,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
(modulesPath + "/profiles/qemu-guest.nix")
|
|
||||||
./disko-config.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.loader.grub = {
|
|
||||||
efiSupport = true;
|
|
||||||
efiInstallAsRemovable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# Firewall
|
|
||||||
networking.nftables.enable = true;
|
|
||||||
networking.firewall = {
|
|
||||||
enable = true;
|
|
||||||
allowedTCPPorts = [22 80 443];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Proxy
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
nss.tools
|
|
||||||
];
|
|
||||||
|
|
||||||
services.caddy = {
|
|
||||||
enable = true;
|
|
||||||
package = inputs.caddy.packages.${pkgs.system}.caddy;
|
|
||||||
|
|
||||||
globalConfig = ''
|
|
||||||
acme_dns ovh {
|
|
||||||
endpoint {$OVH_ENDPOINT}
|
|
||||||
application_key {$OVH_APPLICATION_KEY}
|
|
||||||
application_secret {$OVH_APPLICATION_SECRET}
|
|
||||||
consumer_key {$OVH_CONSUMER_KEY}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
systemd.services.caddy = {
|
|
||||||
serviceConfig = {
|
|
||||||
EnvironmentFile = config.sops.templates."caddy.env".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
# This will add secrets.yml to the nix store
|
|
||||||
# You can avoid this by adding a string to the full path instead, i.e.
|
|
||||||
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
|
|
||||||
sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml;
|
|
||||||
# This will automatically import SSH keys as age keys
|
|
||||||
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
|
|
||||||
|
|
||||||
sops.secrets."caddy/ovh_endpoint".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_application_key".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_application_secret".owner = "caddy";
|
|
||||||
sops.secrets."caddy/ovh_consumer_key".owner = "caddy";
|
|
||||||
|
|
||||||
sops.templates."caddy.env" = {
|
|
||||||
content = ''
|
|
||||||
OVH_ENDPOINT=${config.sops.placeholder."caddy/ovh_endpoint"}
|
|
||||||
OVH_APPLICATION_KEY=${config.sops.placeholder."caddy/ovh_application_key"}
|
|
||||||
OVH_APPLICATION_SECRET=${config.sops.placeholder."caddy/ovh_application_secret"}
|
|
||||||
OVH_CONSUMER_KEY=${config.sops.placeholder."caddy/ovh_consumer_key"}
|
|
||||||
'';
|
|
||||||
owner = "caddy";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,6 +1,8 @@
|
||||||
{
|
{
|
||||||
inputs,
|
inputs,
|
||||||
pkgs,
|
pkgs,
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -14,60 +16,50 @@
|
||||||
time.timeZone = "Europe/Paris";
|
time.timeZone = "Europe/Paris";
|
||||||
|
|
||||||
console.keyMap = "fr";
|
console.keyMap = "fr";
|
||||||
services.xserver.xkb.layout = "fr";
|
|
||||||
|
|
||||||
security.pam.services.swaylock = {};
|
# Network & Bluetooth
|
||||||
|
networking.wireless.iwd.enable = true;
|
||||||
|
|
||||||
|
hardware.bluetooth.enable = true;
|
||||||
|
hardware.bluetooth.powerOnBoot = true;
|
||||||
|
|
||||||
|
# Audio
|
||||||
|
hardware.pulseaudio.enable = true;
|
||||||
|
|
||||||
# Services
|
# Services
|
||||||
services.seatd.enable = true;
|
services.seatd.enable = true;
|
||||||
services.blueman.enable = true;
|
services.blueman.enable = true;
|
||||||
services.udisks2.enable = true;
|
services.pipewire.pulse.enable = true;
|
||||||
services.power-profiles-daemon.enable = true;
|
services.power-profiles-daemon.enable = true;
|
||||||
services.ollama = {
|
|
||||||
enable = true;
|
|
||||||
acceleration = "cuda";
|
|
||||||
};
|
|
||||||
systemd.services.ollama = {
|
|
||||||
wantedBy = pkgs.lib.mkForce [];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Programs
|
# Programs
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = [
|
||||||
git
|
pkgs.git
|
||||||
wget
|
pkgs.ncdu
|
||||||
ncdu
|
pkgs.neofetch
|
||||||
neofetch
|
pkgs.bottom
|
||||||
bottom
|
pkgs.htop
|
||||||
htop
|
pkgs.iwgtk
|
||||||
unzip
|
|
||||||
wg-netmanager
|
|
||||||
podman-compose
|
|
||||||
mangohud
|
|
||||||
];
|
];
|
||||||
|
|
||||||
#Podman
|
# NVIDIA
|
||||||
virtualisation.containers.enable = true;
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["nvidia-x11" "nvidia-settings"];
|
||||||
virtualisation = {
|
|
||||||
podman = {
|
hardware.graphics.enable = true;
|
||||||
enable = true;
|
|
||||||
# Required for containers under podman-compose to be able to talk to each other.
|
services.xserver.videoDrivers = ["nvidia"];
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
|
hardware.nvidia = {
|
||||||
|
modesetting.enable = true;
|
||||||
|
|
||||||
|
open = false; # Bruuh
|
||||||
|
|
||||||
|
prime = {
|
||||||
|
amdgpuBusId = "PCI:7:0:0";
|
||||||
|
nvidiaBusId = "PCI:1:0:0";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# ADB
|
|
||||||
programs.adb.enable = true;
|
|
||||||
|
|
||||||
# Gaming
|
|
||||||
programs.gamemode.enable = true;
|
|
||||||
|
|
||||||
# Other
|
|
||||||
programs.nix-ld.enable = true;
|
|
||||||
programs.localsend = {
|
|
||||||
enable = true;
|
|
||||||
openFirewall = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
# User config
|
# User config
|
||||||
users.groups.gaspard = {
|
users.groups.gaspard = {
|
||||||
name = "gaspard";
|
name = "gaspard";
|
||||||
|
@ -79,9 +71,6 @@
|
||||||
"video"
|
"video"
|
||||||
"seat"
|
"seat"
|
||||||
"audio"
|
"audio"
|
||||||
"adbusers"
|
|
||||||
"gamemode"
|
|
||||||
"networkmanager"
|
|
||||||
];
|
];
|
||||||
group = "gaspard";
|
group = "gaspard";
|
||||||
};
|
};
|
||||||
|
@ -93,33 +82,5 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# Steam specialisation
|
|
||||||
specialisation.steam.configuration = {
|
|
||||||
system.nixos.tags = ["steam"];
|
|
||||||
users.groups.steam.name = "steam";
|
|
||||||
users.users.steam = {
|
|
||||||
isNormalUser = true;
|
|
||||||
createHome = true;
|
|
||||||
extraGroups = [
|
|
||||||
"video"
|
|
||||||
"seat"
|
|
||||||
"audio"
|
|
||||||
"gamemode"
|
|
||||||
"networkmanager"
|
|
||||||
];
|
|
||||||
group = "steam";
|
|
||||||
};
|
|
||||||
services.desktopManager.plasma6.enable = true;
|
|
||||||
jovian.steam = {
|
|
||||||
enable = true;
|
|
||||||
autoStart = true;
|
|
||||||
user = "steam";
|
|
||||||
desktopSession = "plasma";
|
|
||||||
};
|
|
||||||
environment.sessionVariables = {
|
|
||||||
XKB_DEFAULT_LAYOUT = "fr";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "24.11";
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{
|
{
|
||||||
pkgs,
|
config,
|
||||||
lib,
|
lib,
|
||||||
modulesPath,
|
modulesPath,
|
||||||
...
|
...
|
||||||
|
@ -13,18 +13,13 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
|
|
||||||
kernelModules = ["kvm-amd"];
|
kernelModules = ["kvm-amd"];
|
||||||
kernelParams = [
|
|
||||||
"mem_sleep_default=deep" # Should fix/change suspend method
|
|
||||||
];
|
|
||||||
extraModulePackages = [];
|
extraModulePackages = [];
|
||||||
initrd = {
|
initrd = {
|
||||||
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
|
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
|
||||||
kernelModules = [];
|
kernelModules = [];
|
||||||
};
|
};
|
||||||
loader = {
|
loader = {
|
||||||
timeout = 2;
|
|
||||||
efi.canTouchEfiVariables = true;
|
efi.canTouchEfiVariables = true;
|
||||||
grub = {
|
grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -32,59 +27,6 @@
|
||||||
efiSupport = true;
|
efiSupport = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
tmp.useTmpfs = true;
|
|
||||||
binfmt.emulatedSystems = ["aarch64-linux"];
|
|
||||||
};
|
|
||||||
|
|
||||||
# Network & Bluetooth
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
networking.firewall.checkReversePath = "loose"; # For wireguard
|
|
||||||
|
|
||||||
hardware.bluetooth.enable = true;
|
|
||||||
hardware.bluetooth.powerOnBoot = true;
|
|
||||||
|
|
||||||
# Audio
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
# If you want to use JACK applications, uncomment this
|
|
||||||
#jack.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
#NVIDIA
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
||||||
builtins.elem (lib.getName pkg) [
|
|
||||||
"nvidia-x11"
|
|
||||||
"nvidia-settings"
|
|
||||||
"cuda_cudart"
|
|
||||||
"libcublas"
|
|
||||||
"cuda_cccl"
|
|
||||||
"cuda_nvcc"
|
|
||||||
# Steam
|
|
||||||
"xow_dongle-firmware"
|
|
||||||
"steam"
|
|
||||||
"steam-original"
|
|
||||||
"steam-run"
|
|
||||||
"steam-unwrapped"
|
|
||||||
"steam-jupiter-unwrapped"
|
|
||||||
"steamdeck-hw-theme"
|
|
||||||
];
|
|
||||||
|
|
||||||
nixpkgs.config.packageOverrides = pkgs: {
|
|
||||||
intel-vaapi-driver = pkgs.intel-vaapi-driver.override {enableHybridCodec = true;};
|
|
||||||
};
|
|
||||||
hardware.graphics = {
|
|
||||||
enable = true;
|
|
||||||
extraPackages = with pkgs; [
|
|
||||||
intel-media-driver
|
|
||||||
intel-vaapi-driver
|
|
||||||
vaapiVdpau
|
|
||||||
libvdpau-va-gl
|
|
||||||
mesa
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
@ -97,4 +39,5 @@
|
||||||
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,74 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
# Nix
|
|
||||||
nix.settings.experimental-features = ["nix-command" "flakes"];
|
|
||||||
|
|
||||||
# Set your time zone.
|
|
||||||
time.timeZone = "Europe/Paris";
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
podman-compose
|
|
||||||
helix
|
|
||||||
unzip
|
|
||||||
htop
|
|
||||||
ncdu
|
|
||||||
wget
|
|
||||||
git
|
|
||||||
];
|
|
||||||
|
|
||||||
services.openssh = {
|
|
||||||
enable = true;
|
|
||||||
ports = [22];
|
|
||||||
settings = {
|
|
||||||
PasswordAuthentication = false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyRXFQ6iA5p0vDuoGSHZfajiVZPAGIyqhTziM7QgBV gaspard@nixos"
|
|
||||||
];
|
|
||||||
|
|
||||||
# Podman
|
|
||||||
virtualisation = {
|
|
||||||
containers.enable = true;
|
|
||||||
oci-containers.backend = "podman";
|
|
||||||
podman = {
|
|
||||||
enable = true;
|
|
||||||
# Required for containers under podman-compose to be able to talk to each other.
|
|
||||||
defaultNetwork.settings.dns_enabled = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# SOPS
|
|
||||||
sops.defaultSopsFile = ../../secrets/pi4/default.yaml;
|
|
||||||
sops.secrets."wireguard/private_key".owner = "root";
|
|
||||||
|
|
||||||
# Wireguard
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [51820];
|
|
||||||
};
|
|
||||||
networking.wg-quick.interfaces = {
|
|
||||||
wg0 = {
|
|
||||||
address = ["10.8.0.31/32"];
|
|
||||||
listenPort = 51820; # Should match firewall allowedUDPPorts
|
|
||||||
privateKeyFile = config.sops.secrets."wireguard/private_key".path;
|
|
||||||
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
publicKey = "KLULII6VEUWMhyIba6oxxHdZsVP3TMVlNY1Vz49q7jg=";
|
|
||||||
allowedIPs = ["0.0.0.0/0"];
|
|
||||||
endpoint = "vpn.gasdev.fr:993";
|
|
||||||
persistentKeepalive = 25;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
|
|
||||||
# disk with this label on first boot. Therefore, we need to keep it. It is the
|
|
||||||
# only information from the installer image that we need to keep persistent
|
|
||||||
fileSystems."/" = {
|
|
||||||
device = "/dev/disk/by-label/NIXOS_SD";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
boot = {
|
|
||||||
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
|
|
||||||
loader = {
|
|
||||||
generic-extlinux-compatible.enable = lib.mkDefault true;
|
|
||||||
grub.enable = lib.mkDefault false;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,38 +1,9 @@
|
||||||
{
|
{pkgs, ...}: {
|
||||||
pkgs,
|
home.file = {
|
||||||
inputs,
|
".config/anyrun".source = ../anyrun;
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
inputs.anyrun.homeManagerModules.anyrun # Import the anyrun home-manager module
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.anyrun = {
|
|
||||||
enable = true;
|
|
||||||
config = {
|
|
||||||
plugins = [
|
|
||||||
inputs.anyrun.packages.${pkgs.system}.applications
|
|
||||||
inputs.anyrun.packages.${pkgs.system}.symbols
|
|
||||||
inputs.anyrun.packages.${pkgs.system}.websearch
|
|
||||||
inputs.anyrun.packages.${pkgs.system}.rink
|
|
||||||
inputs.anyrun.packages.${pkgs.system}.shell
|
|
||||||
inputs.anixrun.packages.${pkgs.system}.default
|
|
||||||
];
|
|
||||||
x = {fraction = 0.5;};
|
|
||||||
y = {fraction = 0.3;};
|
|
||||||
width = {fraction = 0.3;};
|
|
||||||
hideIcons = false;
|
|
||||||
ignoreExclusiveZones = false;
|
|
||||||
layer = "top";
|
|
||||||
hidePluginInfo = true;
|
|
||||||
closeOnClick = true;
|
|
||||||
showResultsImmediately = false;
|
|
||||||
maxEntries = null;
|
|
||||||
};
|
|
||||||
extraCss = builtins.readFile ./style.css;
|
|
||||||
|
|
||||||
extraConfigFiles."applications.ron".text = builtins.readFile ./applications.ron;
|
|
||||||
extraConfigFiles."symbols.ron".text = builtins.readFile ./symbols.ron;
|
|
||||||
extraConfigFiles."websearch.ron".text = builtins.readFile ./websearch.ron;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
home.packages = [
|
||||||
|
pkgs.anyrun
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
### Path to the eww binary
|
### Path to the eww binary
|
||||||
eww_binary_path = "eww"
|
eww_binary_path = "/usr/bin/eww"
|
||||||
### Where to find the icons for the notifications
|
### Where to find the icons for the notifications
|
||||||
icon_dirs = [
|
icon_dirs = [
|
||||||
"/usr/share/icons",
|
"/usr/share/icons",
|
||||||
"/usr/share/pixmaps",
|
"/usr/share/pixmaps",
|
||||||
"/home/gaspard/.nix-profile/share/icons",
|
|
||||||
"/home/gaspard/.nix-profile/share/pixmaps",
|
|
||||||
]
|
]
|
||||||
### The theme to use for the icons
|
### The theme to use for the icons
|
||||||
icon_theme = "Qogir"
|
icon_theme = "Qogir"
|
||||||
|
|
|
@ -1,15 +0,0 @@
|
||||||
{
|
|
||||||
inputs,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
home.file = {
|
|
||||||
".config/end-rs/config.toml".source = ./config.toml;
|
|
||||||
};
|
|
||||||
|
|
||||||
home.packages = [
|
|
||||||
inputs.end-rs
|
|
||||||
pkgs.libnotify
|
|
||||||
pkgs.qogir-icon-theme
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,99 +0,0 @@
|
||||||
authelia:
|
|
||||||
JWT_SECRET: ENC[AES256_GCM,data:a1LyPNaojDm8JtcCahkYx8TGGjbh2Appz1s5ruZzQs4VOMgtdV7MWl3RMpk=,iv:7y+ZhNYMS8t6Y3YqBJjnESBCK5BPM6Y+BbXMDSUQcc0=,tag:ksoR48cTA2eIg+JEvCXFWw==,type:str]
|
|
||||||
SESSION_SECRET: ENC[AES256_GCM,data:kr8+BsQhJQRmfhvzlOGBItqiRtHi2BcD9adhsL1N8FURe8sCPoOiNnwT0IM=,iv:97UPC5Woerm+ftrOMJ0HBM8jhF5ea+2H3QZU3a6i+fY=,tag:63N+r/BoBDaWYcEXUtIksw==,type:str]
|
|
||||||
STORAGE_PASSWORD: ENC[AES256_GCM,data:o+7Bszd/hPOaMMF/NOHVxMTY92hUZrFYu+4gkYkMkAubYiEfsX6kus4oToA=,iv:Q2sl8ZKblupyMO7GY/VCklQWTlHRtSsuVHRC60uwPfc=,tag:QxbpVJXq3HtEzHeFLoVOEw==,type:str]
|
|
||||||
STORAGE_ENCRYPTION_KEY: ENC[AES256_GCM,data:gGIayEmpkF+uLpsn69DgWcZPzeIV9xgAFBFgEMEKvSCoGx5id1bq/EFM81o=,iv:6SjBuo+/WosohTEWX8QwPqHd2f80ljx+m3WSjiChusU=,tag:pk2mNtGTOpFNcyVO8fFFuQ==,type:str]
|
|
||||||
SMTP_PASSWORD: ENC[AES256_GCM,data:cO2y3TQx/HJpjgseJt9ju9BvjZ2ZLUMf,iv:cWQDU2gtcml4zHlvtINW6k/6CwZtjxkDNWBiMguSijw=,tag:kA3PptaPHszw1FLwA9BTvQ==,type:str]
|
|
||||||
OIDC_HMAC_SECRET: ENC[AES256_GCM,data:AYVbbPVGqmx+ZOC6Y1xcHYZcz/aoTsv15v7FUL8MCU3+/VuEp0vE6pcxTxc=,iv:Pm/b1mEEgvfTKQr6FXibWAmcZGg9i+sxoqCQ+nD0aVE=,tag:6HaG0g6Rvf2lC9mzWpsHwg==,type:str]
|
|
||||||
#ENC[AES256_GCM,data:fCLX44MuqhAVHADGxHkVu53bnUSVKRzbUiucasqvu0gLbLOt1UWSyOTGhVUrgdjQC4QtemcqbTsVjBb0cvL7TA7EeYDKLg==,iv:cdhu+Vx/TfyDSsETHAfj3ZJSNRijr6pwW5Ca6uOVGLQ=,tag:2c3m2PmJ8hzU5XDk1eLJrw==,type:comment]
|
|
||||||
OIDC_JWKS_PRIVATE_KEY: ENC[AES256_GCM,data:jHGumhi77Hr8ZfR8zzNoSfKZvoc5RM35m+IzUybXtQANrT/JXCzWOOYI5cc9nRHJnKLEP80XvSEKzoFspMe1Xl28y1rJacPdx+HbvwEOP3JU+UxBRVjY7ptO/mtDaae7XWEDaEdna1ItqkXiJMkYc+XR0fb/UrD7x/DVNSUGamqTgNIi+oV3QzlVoLd3knVel/ujGaRNd/Dys7G1Ig7mDibH+8z4LTEiNdxJenYHAIFelJeiVWgFNtyT2Uljs9hjCtwJGwl+TmAykzggriTjenlLzmWgYt9kycxkR0hWRDS8zAzLbcloUy9wkNnDrxK9kLtr7G//eDC98UmupvVhDmJaZzgNQOHTVPsF0w7RQ6JRiu6tTbMVQN8g0pH11Zo9A8kJUgCKZWEuh9JbtvG2skrG5OVJVm2Hv0R/FIauypaXM+AXF49D+E0PGP6Os8azk2DDaTBTl8m+7x28VsZMxbwwZtmbPaAVXAyDoCYKa4Ac+LdE1QMv7biiTBOsd4G1iV3nE1b3KO/Jkhb8VS4rxfVbPtU6EOwrBXnZ+0RzK2dJakAkwvLeaUiRnVA8j2o+TKD7n8TPRhuVIfB4ru6LymttzLYveXju7tvN0HHkJL9OoIRFE8i82wSK6s6d1CVrJH1hJtwvZGemuaPRxG/bIJYEtRtsxZO2SPo1F7MLg4XrubaEuNFqJsQAmV2ip3XKsmzIz5yezz0YdgiyYj5i6mXQb4tO5Bmj0OxsmAv/loNHjREwnC5jECT8txKCqkV6V5y5DtLnRR7aZY6X+k84pfGXSi29xupEaU4/NCUM7T5rv8Gl076BSKAQnkwLW3PmtL4g3r/kU0woda0L4RHbgsPT6/kMe7Foxx5UtV4+kaJgA99nXIL2TaYlc9RZlVYOOhTxgT/ZBKdU8lF29sej4nMVQdc1NP2ujq2xG/fffZTHIyPV7W17NbjgRr17STpji1f1PSremU37kpk/hPeaj9F7fnuqNGPuh09EfpnXH3EKzu1gQamfvPNmH0rsglrtxoImaeok41Lrpa7/4CbS03fCwKfNLg7CGdJbUxl9v0hviB3vGj3dJm4DWRW/fAeaJVdxYsIOsRKZT4g32mjOiEcgH2JHOGTD/d64Z0TpvO57bYjBjSMO4oK59/XY8uD1PwqEsiigrAQW9Tww9711NBXlAqDPpgLou6SUrySq/ZnsUeZofpJPAt8VCmZAcGUxVrMTpvCTMkcp7dfrg2yuVqNcQGVtTeHNpX0GBLrlLTocsf7YU5RAoOzHBeT4PVRsKmupuT0zD1S6eBSTgRH7mR2gS5hR5XxbniIfHEXUC2mE6cydsdh7arD3M4mf9UzAoBs6w0pZyO7ztOGX4FaZf5rWE+lizGf2bfvZqXGTRX94h11gSt+VLQqRjb4b8h+ZVhKFwEiVxpFn6GmvuN4lIfK/7xfvwAisCUDAjbNaV5mFfeS7o8l9pclZ+mni86AFgNnMiAJaPKsoClBACabYCRdSxrtAWIsiM9pfQCeHHy6d18dJqLCOBB62IQ4iZJ7YtJF3dV2q6ZKmo9XQwA4YUpj93Qe9b6d7FPtOiBgySlUay5EwDXDteNMcH1hfbTOxMvau5JcePDsDkmH/fzLdBhszCECrsdQBDR+nSCsd8DLyKifyVdHhMd0YJU3oiCpMGIIYlDeLRmBwsXdY88xPhTlItko2bH38581uvPcrp03jXLD0IPPhAYxpjfSJQ33pGX7U0NMQgXH1W1+dqGFpDhX6o7e7lQ/uxXvi/DBz6zoORfSOs+TD0xi4ptkjbHu6xsH9Slrx0JsxyT5yWGBqlYd9QxwsOxbe6X5jZSgxPyRvUdLTGhs6BeZ8UO8/IAZaHQq3WRycnBsA1M0ZJ+HP86Xy9zKg5wCrKzIcoHLfylSBPiChOHvjhJP0C0gt4uSz2f/7hfeJ3JNfNp+yCWZ3VtgzatBkiegjC0V72/HwN9AeaGnoJJ6mC4D5wSoJ7y1bugtFSo9t3wIlA9UjtEPqi/O5C/liG3vCAXluE64J778PSQq1Bm7yztPvo0p460IwXmJ6p635gMVcAlCraBnKTBTwzz+hKIdj+Ok5NBvu0WG/zDXiIWHushIY4XneJC6qryqkBr3HMfYj/OkAkRX/hCbSnsZN8Fc69hyUzryu07up0/q9/R1uYKp6jbAHKONoPfEfip43v0FfP6ncQv9cDcvUE0W/z1TNkNNFDx8nEOtrAu+8fty1fQrj2w==,iv:YGEXMLWOoQ19cbftQU9/4kFNcWIqjnw2GgZIddBwbrc=,tag:og1Avj5ZcYblJWrE2q2Bcg==,type:str]
|
|
||||||
#ENC[AES256_GCM,data:gIGYsk5h40IBhtmRM4G/yA==,iv:6tdKmKcvTQH7STvVjPIpwmGS2TEzZjX25CBwRIF8fjY=,tag:9pO4w0Zw+5iNkxwWf5VJDw==,type:comment]
|
|
||||||
caddy:
|
|
||||||
ovh_endpoint: ENC[AES256_GCM,data:dTdfKCWE,iv:NnmdUyM9F8ujEIfEEl9WXGLY3zRpIy9BDeqs1frK+R0=,tag:1AblJqi2hKISXBqNdWybqQ==,type:str]
|
|
||||||
ovh_application_key: ENC[AES256_GCM,data:48HzVrSa35qUSkLO7sbUwg==,iv:QfTRXsfTlgeoJdRJIph39EBbLynRNxH4DkFuuC06IuE=,tag:m8lJPHEEpK24MKUou0MTpw==,type:str]
|
|
||||||
ovh_application_secret: ENC[AES256_GCM,data:X+grjuPsaIRYUEZZyoL1Tqx55tNYpvovYsXEwB15+K0=,iv:b88NCbfxahkryBp6eey74hc2IBwLTbTBe001uVJHaKw=,tag:HDw8w4g5ZS4m8ePCvvwJqw==,type:str]
|
|
||||||
ovh_consumer_key: ENC[AES256_GCM,data:oFLHB7obwz3F59Vt8LRxpKaHBjEaoYCrKLKPoqVHz4M=,iv:rXxR2Nv3YaT2QubZUqIi60RxaHe9ZaIT9hLiogbPVFw=,tag:5m+xXEUbN+a2fHCf+EXf9A==,type:str]
|
|
||||||
garage:
|
|
||||||
RPC_SECRET: ENC[AES256_GCM,data:OJbIST1mtpqMNk+MKnGFy6+tXjc6aEOMIWnfs8QY9ozpxN2apAN7ZrjAAZc3J7ORUIhUQh8Vjkb1EhxdqGxERA==,iv:NhREhGE0wz3/0sdXUxuDqWaPdjeeQFau2OEVsqpV3F0=,tag:yGYd5txtVQzIOchh2L/XXQ==,type:str]
|
|
||||||
gitlab:
|
|
||||||
DATABASE_PASSWORD: ENC[AES256_GCM,data:XINUoSf8FdPdZamlU5OlVf5cwNzd+1cC,iv:pdExA2VOiaQPEVSqNqnTLpqC72Q/bMlZqVVKuUOjTlg=,tag:nTZiUxo4YIDluRSJJ0yj0w==,type:str]
|
|
||||||
INITIAL_ROOT_PASSWORD: ENC[AES256_GCM,data:Bst1bbspfLgcvRk=,iv:3H2b9gL8jCEmMUWhrlzy05LghfMa/+6wRDNGITjO3XM=,tag:PXsZ6+2kp9SuS6XRUjCeGw==,type:str]
|
|
||||||
SECRET_KEY: ENC[AES256_GCM,data:JBaEx7ktyvbAHoShcgWygrOZcdRoNcpZfiQ8oksxWj+py0dSkbKjzQ0SRRQ=,iv:C6W2SJoIPMg2WYMj1ZrcabcYxwqUgGZzQcKOrBp+rFs=,tag:EpykSmAEvgryxNEca9TM8A==,type:str]
|
|
||||||
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
|
|
||||||
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
|
|
||||||
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
|
|
||||||
musare:
|
|
||||||
APP_SECRET: ENC[AES256_GCM,data:MTwZ7ziFaa6kCdbvNPyFCbNa/aY1kPO3CuLG0UC8S8Pd5QHepIHor3Ab9yw=,iv:8zalEGdQUmCoSZV8B/wmztPFi2upZZ11rU/okhkdk30=,tag:++8A7nyxsAvpqg1azwCWaA==,type:str]
|
|
||||||
YOUTUBE_API_KEY: ENC[AES256_GCM,data:gyBGcdrTnpmnl+NtCO0qZdaUJJ4cGyrJng2us/1ERfmgJAds50eR,iv:0uAqORbl3hC7QYJfJaP/JnaYvHoToxwVKRwElFIhgRI=,tag:NuETLWclphy4dhVnKVh1jw==,type:str]
|
|
||||||
SPOTIFY_CLIENT_ID: ENC[AES256_GCM,data:SecWkp5T77ciTs5gjjUznYbhkFaLNGkiXwiD3uvprEQ=,iv:+Tm9qgTHiklnNsYDCXFV2pm5mDLV2azM2Q1ZWeifnFk=,tag:wkj63YNBx9svSUWoPBCFpQ==,type:str]
|
|
||||||
SPOTIFY_CLIENT_SECRET: ENC[AES256_GCM,data:QY6bXZSimSET8bQteZycUZOpC5lUgDXteBhFEYvtovI=,iv:3BtHH/pPFLqW+MHSgKVwJ/hViEeF4YOWRRFMT+YIibA=,tag:VKsuBBxV7y64vBMVl10PZQ==,type:str]
|
|
||||||
MONGO_USER_USERNAME: ENC[AES256_GCM,data:XKk3rmNJ,iv:x853fsUKFZ5xEKTTFd+r8MQ4yZK1q0x9ocjmngBJ4Wo=,tag:v9xsFbImlrNQb/yAlIWM/w==,type:str]
|
|
||||||
MONGO_USER_PASSWORD: ENC[AES256_GCM,data:QMocFYM0okz4/g0iPm3QoPGtxRc67A==,iv:xZJL5KVJAL0Gv9wkbyStrcJig1gKkHlQnJ8SIKVLeLs=,tag:HdXDA6z8YJzwEQPBt/0rCQ==,type:str]
|
|
||||||
MONGO_ROOT_PASSWORD: ENC[AES256_GCM,data:KrrEa7NVF1J+znK+8aychgmBGgtLHw==,iv:BGsnTPXmQ3moqFRVATRbVDBLl/EFG5DqSwii/9eKdLg=,tag:0hR91iEZcox/xe7M4SmCBg==,type:str]
|
|
||||||
REDIS_PASSWORD: ENC[AES256_GCM,data:8+iq5EiFJWyhvE/AV/qjb/61AHvFdQ==,iv:jv/XVunNDXRB5CjQVxtt+uL5V14p7ol7UuhJOSWcjEs=,tag:Ft/mWv2zmXjSToPogisqtw==,type:str]
|
|
||||||
notesnook:
|
|
||||||
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
|
|
||||||
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
|
|
||||||
S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str]
|
|
||||||
SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str]
|
|
||||||
outline:
|
|
||||||
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str]
|
|
||||||
SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str]
|
|
||||||
S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str]
|
|
||||||
penpot:
|
|
||||||
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
|
|
||||||
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
|
|
||||||
SMTP_HOST: ENC[AES256_GCM,data:J7D9fTRW1iANdPecxr0=,iv:LtTsRC144slQzt17DmOWL84NJJBR8A/emopAo8Qu1MM=,tag:6wUO1j0T7xAdkdkD1Xo2Cw==,type:str]
|
|
||||||
SMTP_PORT: ENC[AES256_GCM,data:fG4=,iv:PuMglwRdX45zZJaqsWfPxhuWpjpeOYL3M7bpj4g4GNg=,tag:K52aL+CGtzBjfPKKOCDm6A==,type:str]
|
|
||||||
SMTP_USERNAME: ENC[AES256_GCM,data:VW/cB/BIisGfhwWNLNvRCvWGYI8=,iv:u+nAfJUfMZtthe18DPy4yBEWcbh52ZrUsbaOW8vnbVw=,tag:PLq47UuvDzd/X1aoCtRJjw==,type:str]
|
|
||||||
SMTP_PASSWORD: ENC[AES256_GCM,data:tl7hp0a4l8JLOSQQvJNRwF4DR+83FaKI,iv:vR0KiXjnkyO1pa+fxQ6ALoYN6IMFAk07qmMe5qgRB1E=,tag:/RmJIzgjDEBH9XNMol3IUg==,type:str]
|
|
||||||
POSTGRES_USER: ENC[AES256_GCM,data:Uk7czFf4,iv:2PGek4z7UJzvs6X4Jq8wx+HkUFYGtq0kVJd5ba3M24E=,tag:QysuNOULNHBPdheBH6CRDA==,type:str]
|
|
||||||
POSTGRES_PASSWORD: ENC[AES256_GCM,data:S/VKs3mMwgnlpiDLOrvMX0VLNdCseg==,iv:opj0KJq93DWljtnAmktpzAf1l9b9OCvEPAbTC06IEbQ=,tag:DkmgRJ1AodO/sEty3C6mxg==,type:str]
|
|
||||||
AWS_ACCESS_KEY_ID: ENC[AES256_GCM,data:1hXif1dLMVHTj7nvqExW6wzFP+1BTwRcqro=,iv:fXqD2fiVQa0DH7z4s70e7ggORppgqoccP+sD6eMQsvw=,tag:g18kahkiT2G9P0SBTB4HfQ==,type:str]
|
|
||||||
AWS_SECRET_ACCESS_KEY: ENC[AES256_GCM,data:n+0cr0tDAUAdOu65YOj+reTzF+EoRFVAZVg5172ZKYnjWBuBYjNgy6QyqqcPvZMkBBtybdUimjDgWD6mVmNDew==,iv:UwgB7PLaCoXN/qAA63u9Q8ERkhRaNRlOpSFqrUBUExg=,tag:ggs1ED4Ryb+4+O+7VG0rTQ==,type:str]
|
|
||||||
STORAGE_ASSETS_S3_REGION: ENC[AES256_GCM,data:oV4ucbPe,iv:zNsUsftybGcQdryAB+mN9Xb/rVWOLFlVixqRLLz8WIY=,tag:FiiSjLyuK89HK1GEE3BSUA==,type:str]
|
|
||||||
STORAGE_ASSETS_S3_ENDPOINT: ENC[AES256_GCM,data:mZjvBvNZC28jUYrK8e6HHixC4GU=,iv:mppmZn7nV/gckB3+GonwQQT5U14qg1FyEnQ92pGDSZI=,tag:rAePtPdd6o+EDC0MrAToKw==,type:str]
|
|
||||||
STORAGE_ASSETS_S3_BUCKET: ENC[AES256_GCM,data:nfcjtCQVWhdT1UUYPw==,iv:mF2Esw1GvWAjkabvDde63bAq4V5pXNhbhqsK1dkg5sg=,tag:uE6qKxKSJzYtHWxPMiK3Lw==,type:str]
|
|
||||||
stalwart-mail:
|
|
||||||
ACME_SECRET: ENC[AES256_GCM,data:maC7iAMiwFCYXD15IEqaCVi9TqPAIJ15T/yJWSwo4dW3mdqXmItS4hoS2cI=,iv:fWDase9PM2riakQDUiuCTa+W9W4bf7I39k/WSbX4RjI=,tag:+OixerP8JWAjGeh8U+g32g==,type:str]
|
|
||||||
ADMIN_SECRET: ENC[AES256_GCM,data:4ytiKxJ55Wm9p6M=,iv:dl1BCtxOu4o+2qC6ZlUw8cluoqDjp16/SN9bhGneRHs=,tag:qEgWrYHQJHDjR2PwK9y8UA==,type:str]
|
|
||||||
shadowsocks:
|
|
||||||
password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str]
|
|
||||||
umami:
|
|
||||||
APP_SECRET: ENC[AES256_GCM,data:+WnBbgVY+YzMJ8yBeFUEhkqYfs7wamuC/VmgnSybOXnd/H6A+zgimBggFsU=,iv:9tWnwH1ZvvfaHbzhIkrsynnOywD0xkuQKkvYlnrxOy8=,tag:mld2+vqLCesDtSYbN8lECg==,type:str]
|
|
||||||
DB_USER: ENC[AES256_GCM,data:ue5HslI=,iv:kXJSHpbQ4HV9k4ZiouXoOjop7YdnJkhAy3OUh+6s90Y=,tag:KGNNA9gz30bo2nVLAkh4JQ==,type:str]
|
|
||||||
DB_PASS: ENC[AES256_GCM,data:KyVnQAWcLcttImqsyecIIYordN9LR0zg,iv:nTy7COxvg3nVpsMf9g7x+gwKLaonaxC53rIeeCIGqdk=,tag:XbX7qyjQn+6snnTbtLInLQ==,type:str]
|
|
||||||
webdav:
|
|
||||||
USER_PASSWORD: ENC[AES256_GCM,data:aULehVsCkGpsryQ=,iv:OD6ADWh62tvykGXP9Lmy4f9Iz9QuzyKMnGXGAvOv55s=,tag:ff47alP5Og7XaADzvZEMGA==,type:str]
|
|
||||||
wireguard:
|
|
||||||
private_key: ENC[AES256_GCM,data:fjaBcBplx4IOrbnT8PZwUl6m4j4sdiObJYJXSrzCOqXcL3Qyymj4HUPSBuM=,iv:4XVH1d0/PTfVHKtDoziOD3b+TGXafNEGNgqAUtQsoD8=,tag:c/9AQO5TmLPGvIRN59KMZg==,type:str]
|
|
||||||
public_key: ENC[AES256_GCM,data:zHQkA3wu7Kn9wnODn65zHKGX3qBvhRa0H/cSlg/8TjyTNtaMgY3Y0RiQEr4=,iv:kaWxt11DR4jZzgfoA7PDg/wPc6VqSoyuFU4KllOzZjY=,tag:acA0M4Eq0AR4FjFJZ4l13w==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqckxiTmx3Rm12ZFJ2ZXBn
|
|
||||||
VVdOeCtWeE5xZGExOE4wTFliOGlqWWpWSFNBCmFSWS9MQmt1TWg4VFJzZmNpdStv
|
|
||||||
dThvSFlPSjk0dHZGTlEraldHSklDUkkKLS0tIFVjbFliTFZjUlkrejR2RnAwVTRU
|
|
||||||
U0NEaEpLREVNMUlxUFNIbTVKaUpoc1EKRC6skQPEMA4odk3yD66bqPa/2rvLGztx
|
|
||||||
FTwwdJuE1CXaErwtt7wOfMsb3c9HhpT2R+c76woP20+VsMJdrwdeHg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSLy8yZlBuUU5QRXptZmZQ
|
|
||||||
UzlLUmxSblpFVCtFdE4vWmUreThhT090aEFrCkV6b2FaVy83QnBTZTVrcWE2RGNE
|
|
||||||
VldUZVkveUl5bnFLZzRBR0JCWGhseEUKLS0tIDNZeGczT1BxV21VcnFmSkN0V09P
|
|
||||||
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
|
|
||||||
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-11-10T18:55:35Z"
|
|
||||||
mac: ENC[AES256_GCM,data:yoir0/xLbAksjcq61Fsnj0WJub1BkCohTngZIX3Ol8lT+5Fzn3uPPsheadgWKXYirMVAxm5HtvAiLetxbI1G4vFvu+BTiUhDvaV1VjS32JcJrDuvKzgdLgKUbE+bbAXobMduO7UAdzriXzTYJa3JpcSY6YtveyMiXB72Spqza04=,iv:KvYH1r9qNLr0eJF3kpIfvVESDr/EPb2vC5oOUK+x0u8=,tag:vJkGgBDnZMtgOlYztu7plw==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.1
|
|
|
@ -1,31 +0,0 @@
|
||||||
wireguard:
|
|
||||||
private_key: ENC[AES256_GCM,data:L6FD+kBF7AoIrm3pMM6/pmWtX2FP5dUrJ9hUCuW9n4SlJ/JhpxI9m/1owIg=,iv:ok4pyUUv80kPY9n4WQmBGYHmMsPJnG0tnF+vbNhqc3s=,tag:OPribO7RoVCkFkTrYrHw7w==,type:str]
|
|
||||||
sops:
|
|
||||||
kms: []
|
|
||||||
gcp_kms: []
|
|
||||||
azure_kv: []
|
|
||||||
hc_vault: []
|
|
||||||
age:
|
|
||||||
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJamxiNDlnRWJ6ZGFRaEtu
|
|
||||||
bGRveE9aWWY4c2duYkFYU2NKQlBSYjNWT3dZClNtNkpiRENNRFdUcTN6MENhU1Z1
|
|
||||||
YzVDa21peTluVkFoQURnK0xZQjNFZm8KLS0tIGpPbE95NVM2aUNrWWlEVGUybXpP
|
|
||||||
cXpCMmsxTkxKSXBjSmV2azNIcW04a1UKF8O99FpHDZSO0XFeCzWyoxJvjmvjvWFH
|
|
||||||
aOFSWHO64UDlSY/1eQmIYr/xad/BxxYnkrqlJib5tpmPkoi1qyuZVg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
- recipient: age18gts35ruwj67kjgjtgrgrxup83apr8ekgrp98r434wcn2pf0l9sqnq5j2y
|
|
||||||
enc: |
|
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQmlDMzJQSEM3cjdnZmpy
|
|
||||||
RUgzZTYvT3RrQ2RMUmNNNWRvL2NjSUJvdW1jCkFvaVFOZUdPMWQxNnhGLzgwa2w4
|
|
||||||
MHpwVzJkQjZvd25oaENqbzdrT1dmazQKLS0tIE1MdmVrNVRscGlXeTB0NXV6SUMv
|
|
||||||
RDNob1FNdFZQUUk0SmVDUnZBc3FNdVEKcyNWzjvIZIBR39kQkUsSSmHJ+gePPtbS
|
|
||||||
PUcLp6jYFvPDyldLm+PqIApEL9X0d/0ccvY+wwkPCiqSPFZbBLitgg==
|
|
||||||
-----END AGE ENCRYPTED FILE-----
|
|
||||||
lastmodified: "2024-11-05T22:30:48Z"
|
|
||||||
mac: ENC[AES256_GCM,data:GI5Hb8zvafTdWhpm+D6qp9iefMD9NwYPRBKcxrIL9M1wTMzMzD4QsrbMDKQELfTYK3QhLZ0G4KTmLfoSB1zYO/GtslRDAAHmFzLuNNVJ9/8gIrd/Gb12JLnUDjJrxYEeF15NKnyqRMKUVQiJgYd8ggLGzT9pRqaMNTKCYutqsaE=,iv:XB/Ddi7mU9SdRD7nHkyAZR+gTZ9ZY2ZrvHlb0kFK/4Q=,tag:OgEw78w4o44CamP/4C6Y7g==,type:str]
|
|
||||||
pgp: []
|
|
||||||
unencrypted_suffix: _unencrypted
|
|
||||||
version: 3.9.1
|
|
|
@ -1,109 +0,0 @@
|
||||||
theme: 'auto'
|
|
||||||
|
|
||||||
access_control:
|
|
||||||
default_policy: deny
|
|
||||||
rules:
|
|
||||||
- domain: '*.gasdev.fr'
|
|
||||||
policy: one_factor
|
|
||||||
|
|
||||||
server:
|
|
||||||
address: 'tcp://:9091/'
|
|
||||||
endpoints:
|
|
||||||
authz:
|
|
||||||
forward-auth:
|
|
||||||
implementation: 'ForwardAuth'
|
|
||||||
|
|
||||||
session:
|
|
||||||
cookies:
|
|
||||||
- domain: 'gasdev.fr'
|
|
||||||
authelia_url: 'https://auth.gasdev.fr'
|
|
||||||
default_redirection_url: 'https://auth.gasdev.fr/authenticated'
|
|
||||||
|
|
||||||
identity_providers:
|
|
||||||
oidc:
|
|
||||||
jwks:
|
|
||||||
- key: {{ secret "/secrets/OIDC_JWKS_PRIVATE_KEY" | mindent 10 "|" | msquote }}
|
|
||||||
clients:
|
|
||||||
- client_id: 'penpot'
|
|
||||||
client_name: 'Penpot'
|
|
||||||
client_secret: $pbkdf2-sha512$310000$WuYHbHrVI3wMn/tZXwDTMA$WnS0VoR4jLNQnXjJUN46EfnC4QMdpdnNcYsGvSCpkbzguO4of.tCgAeLsfzLgWn9CSGMt20TZOQfc/7IbfwBHg
|
|
||||||
redirect_uris: 'https://penpot.gasdev.fr/api/auth/oauth/oidc/callback'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
scopes:
|
|
||||||
- 'email'
|
|
||||||
- 'openid'
|
|
||||||
- 'profile'
|
|
||||||
- client_id: 'outline'
|
|
||||||
client_name: 'Outline'
|
|
||||||
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
|
|
||||||
public: false
|
|
||||||
authorization_policy: 'one_factor'
|
|
||||||
redirect_uris:
|
|
||||||
- 'https://outline.gasdev.fr/auth/oidc.callback'
|
|
||||||
scopes:
|
|
||||||
- 'openid'
|
|
||||||
- 'offline_access'
|
|
||||||
- 'profile'
|
|
||||||
- 'email'
|
|
||||||
userinfo_signed_response_alg: 'none'
|
|
||||||
token_endpoint_auth_method: 'client_secret_post'
|
|
||||||
|
|
||||||
|
|
||||||
authentication_backend:
|
|
||||||
password_reset:
|
|
||||||
disable: false
|
|
||||||
|
|
||||||
file:
|
|
||||||
path: '/data/users_database.yml'
|
|
||||||
password:
|
|
||||||
algorithm: 'argon2'
|
|
||||||
|
|
||||||
password_policy:
|
|
||||||
standard:
|
|
||||||
enabled: true
|
|
||||||
min_length: 10
|
|
||||||
max_length: 128
|
|
||||||
require_uppercase: true
|
|
||||||
require_lowercase: true
|
|
||||||
require_number: true
|
|
||||||
require_special: true
|
|
||||||
|
|
||||||
storage:
|
|
||||||
local:
|
|
||||||
path: /data/db.sqlite3
|
|
||||||
|
|
||||||
notifier:
|
|
||||||
disable_startup_check: true
|
|
||||||
smtp:
|
|
||||||
address: 'submissions://mail.gasdev.fr:465'
|
|
||||||
username: 'postmaster'
|
|
||||||
sender: 'Authelia <authelia@gasdev.fr>'
|
|
||||||
# identifier: 'mail.gasdev.fr'
|
|
||||||
# tls:
|
|
||||||
# server_name: 'mail.gasdev.fr'
|
|
||||||
|
|
||||||
log:
|
|
||||||
level: 'info'
|
|
||||||
format: 'json'
|
|
||||||
|
|
||||||
totp:
|
|
||||||
issuer: 'gasdev.fr'
|
|
||||||
## https://www.authelia.com/c/totp#algorithm
|
|
||||||
algorithm: 'SHA1'
|
|
||||||
|
|
||||||
## https://www.authelia.com/c/totp#digits
|
|
||||||
digits: 6
|
|
||||||
period: 30
|
|
||||||
## See: https://www.authelia.com/c/totp#input-validation to read
|
|
||||||
skew: 1
|
|
||||||
|
|
||||||
webauthn:
|
|
||||||
disable: true
|
|
||||||
|
|
||||||
duo_api:
|
|
||||||
disable: true
|
|
||||||
|
|
||||||
ntp:
|
|
||||||
address: 'udp://time.cloudflare.com:123'
|
|
||||||
|
|
|
@ -1,38 +0,0 @@
|
||||||
{...}: {
|
|
||||||
sops.secrets."authelia/JWT_SECRET".owner = "root";
|
|
||||||
sops.secrets."authelia/SMTP_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."authelia/SESSION_SECRET".owner = "root";
|
|
||||||
sops.secrets."authelia/STORAGE_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."authelia/STORAGE_ENCRYPTION_KEY".owner = "root";
|
|
||||||
sops.secrets."authelia/OIDC_HMAC_SECRET".owner = "root";
|
|
||||||
sops.secrets."authelia/OIDC_JWKS_PRIVATE_KEY".owner = "root";
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."auth.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:9091
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
authelia = {
|
|
||||||
image = "docker.io/authelia/authelia:latest";
|
|
||||||
autoStart = true;
|
|
||||||
ports = ["127.0.0.1:9091:9091"];
|
|
||||||
environment = {
|
|
||||||
AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE = "/secrets/JWT_SECRET";
|
|
||||||
AUTHELIA_SESSION_SECRET_FILE = "/secrets/SESSION_SECRET";
|
|
||||||
# AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = "/secrets/STORAGE_PASSWORD";
|
|
||||||
AUTHELIA_STORAGE_ENCRYPTION_KEY_FILE = "/secrets/STORAGE_ENCRYPTION_KEY";
|
|
||||||
AUTHELIA_NOTIFIER_SMTP_PASSWORD_FILE = "/secrets/SMTP_PASSWORD";
|
|
||||||
AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET_FILE = "/secrets/OIDC_HMAC_SECRET";
|
|
||||||
|
|
||||||
X_AUTHELIA_CONFIG_FILTERS = "template";
|
|
||||||
};
|
|
||||||
volumes = [
|
|
||||||
"authelia-data:/data"
|
|
||||||
"/run/secrets/authelia:/secrets"
|
|
||||||
"/etc/authelia/configuration.yml:/config/configuration.yml"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."authelia/configuration.yml".text = builtins.readFile ./configuration.yml;
|
|
||||||
}
|
|
|
@ -1,14 +0,0 @@
|
||||||
{
|
|
||||||
imports = [
|
|
||||||
./authelia
|
|
||||||
./garage
|
|
||||||
./musare
|
|
||||||
./outline
|
|
||||||
./shadowsocks
|
|
||||||
./stalwart-mail
|
|
||||||
./umami
|
|
||||||
./uptime-kuma
|
|
||||||
./webdav
|
|
||||||
./wireguard
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,51 +0,0 @@
|
||||||
# TODO: Run as different user
|
|
||||||
{config, ...}: {
|
|
||||||
sops.secrets."garage/RPC_SECRET".owner = "root";
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."s3.gasdev.fr *.s3.gasdev.fr" = {
|
|
||||||
logFormat = "output file ${config.services.caddy.logDir}/access-s3.gasdev.fr.log";
|
|
||||||
extraConfig = ''
|
|
||||||
header {
|
|
||||||
?Access-Control-Allow-Headers *
|
|
||||||
?Access-Control-Allow-Methods *
|
|
||||||
?Access-Control-Allow-Origin *
|
|
||||||
}
|
|
||||||
reverse_proxy http://127.0.0.1:3900
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."s3web.gasdev.fr *.s3web.gasdev.fr" = {
|
|
||||||
logFormat = "output file ${config.services.caddy.logDir}/access-s3web.gasdev.fr.log";
|
|
||||||
extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:3902
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
garage = {
|
|
||||||
image = "docker.io/dxflrs/garage:v1.0.0";
|
|
||||||
autoStart = true;
|
|
||||||
ports = [
|
|
||||||
"127.0.0.1:3900:3900"
|
|
||||||
"127.0.0.1:3901:3901"
|
|
||||||
"127.0.0.1:3902:3902"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/etc/garage.toml:/etc/garage.toml"
|
|
||||||
"/var/lib/garage/meta:/var/lib/garage/meta"
|
|
||||||
"/var/lib/garage/data:/var/lib/garage/data"
|
|
||||||
"/run/secrets/garage/RPC_SECRET:/run/secrets/garage/RPC_SECRET"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
environment.etc."garage.toml".text = builtins.readFile ./garage.toml;
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /var/lib/garage/meta 0700 root root -"
|
|
||||||
"d /var/lib/garage/data 0700 root root -"
|
|
||||||
];
|
|
||||||
|
|
||||||
programs.bash.shellAliases = {
|
|
||||||
garage = "podman exec -it garage /garage";
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
metadata_dir = "/var/lib/garage/meta"
|
|
||||||
data_dir = "/var/lib/garage/data"
|
|
||||||
db_engine = "lmdb"
|
|
||||||
metadata_auto_snapshot_interval = "6h"
|
|
||||||
|
|
||||||
replication_factor = 1
|
|
||||||
|
|
||||||
compression_level = 2
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901"
|
|
||||||
rpc_public_addr = "0.0.0.0:3901"
|
|
||||||
rpc_secret_file = "/run/secrets/garage/RPC_SECRET"
|
|
||||||
|
|
||||||
[s3_api]
|
|
||||||
s3_region = "garage"
|
|
||||||
api_bind_addr = "[::]:3900"
|
|
||||||
root_domain = ".s3.gasdev.fr"
|
|
||||||
|
|
||||||
[s3_web]
|
|
||||||
bind_addr = "[::]:3902"
|
|
||||||
root_domain = ".s3web.gasdev.fr"
|
|
||||||
index = "index.html"
|
|
|
@ -1,27 +0,0 @@
|
||||||
{config, ...}: let
|
|
||||||
port = 8086;
|
|
||||||
in {
|
|
||||||
sops.secrets."gitlab/DATABASE_PASSWORD".owner = "gitlab";
|
|
||||||
sops.secrets."gitlab/INITIAL_ROOT_PASSWORD".owner = "gitlab";
|
|
||||||
sops.secrets."gitlab/SECRET_KEY".owner = "gitlab";
|
|
||||||
sops.secrets."gitlab/OTP_KEY".owner = "gitlab";
|
|
||||||
sops.secrets."gitlab/DB_KEY".owner = "gitlab";
|
|
||||||
sops.secrets."gitlab/JWS_KEY".owner = "gitlab";
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."git.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:${toString port}
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.gitlab = {
|
|
||||||
enable = true;
|
|
||||||
port = port;
|
|
||||||
databasePasswordFile = config.sops.secrets."gitlab/DATABASE_PASSWORD".path;
|
|
||||||
initialRootPasswordFile = config.sops.secrets."gitlab/INITIAL_ROOT_PASSWORD".path;
|
|
||||||
secrets = {
|
|
||||||
secretFile = config.sops.secrets."gitlab/SECRET_KEY".path;
|
|
||||||
otpFile = config.sops.secrets."gitlab/OTP_KEY".path;
|
|
||||||
dbFile = config.sops.secrets."gitlab/DB_KEY".path;
|
|
||||||
jwsFile = config.sops.secrets."gitlab/JWS_KEY".path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,27 +0,0 @@
|
||||||
{...}: {
|
|
||||||
services.caddy.virtualHosts."console.i2p.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:7657
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."proxy.i2p.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:7657
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
uptime-kuma = {
|
|
||||||
image = "docker.io/geti2p/i2p";
|
|
||||||
autoStart = true;
|
|
||||||
environment = {
|
|
||||||
JVM_XMX = "256m";
|
|
||||||
};
|
|
||||||
ports = [
|
|
||||||
"4444:4444"
|
|
||||||
"6668:6668"
|
|
||||||
"7657:7657"
|
|
||||||
"54321:12345"
|
|
||||||
"54321:12345/udp"
|
|
||||||
];
|
|
||||||
volumes = ["i2phome:/i2p/.i2p" "i2ptorrents:/i2psnark"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,164 +0,0 @@
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
musare = pkgs.fetchFromGitHub {
|
|
||||||
owner = "Musare";
|
|
||||||
repo = "Musare";
|
|
||||||
rev = "v3.11.0";
|
|
||||||
hash = "sha256-RN9H7atiNOr4wqgzfwE/8hUMJ4zpgMBu3dXA37c/lH0=";
|
|
||||||
};
|
|
||||||
musare-backend =
|
|
||||||
pkgs.buildNpmPackage {
|
|
||||||
pname = "musare-backend";
|
|
||||||
version = "4.7.0";
|
|
||||||
nodejs = pkgs.nodejs_18;
|
|
||||||
|
|
||||||
src =
|
|
||||||
musare
|
|
||||||
+ "/backend";
|
|
||||||
|
|
||||||
npmDepsHash = "sha256-cxvK2Zp0iOA9qPg8NaCEcOsxmaU1/l/dvnfwUEq2BuE=";
|
|
||||||
dontNpmBuild = true;
|
|
||||||
}
|
|
||||||
+ "/lib/node_modules/musare-backend";
|
|
||||||
musare-frontend =
|
|
||||||
pkgs.buildNpmPackage {
|
|
||||||
pname = "musare-frontend";
|
|
||||||
version = "4.7.0";
|
|
||||||
|
|
||||||
src =
|
|
||||||
musare
|
|
||||||
+ "/frontend";
|
|
||||||
|
|
||||||
npmDepsHash = "sha256-R1vxio66W/8WN6pFRbwuOv0Z4/V4cnwBqhXlRygj7Js=";
|
|
||||||
npmBuildScript = "prod";
|
|
||||||
}
|
|
||||||
+ "/lib/node_modules/musare-frontend/build";
|
|
||||||
in {
|
|
||||||
services.caddy.virtualHosts."music.gasdev.fr".extraConfig = ''
|
|
||||||
root * ${musare-frontend}
|
|
||||||
file_server
|
|
||||||
|
|
||||||
@websockets {
|
|
||||||
path /backend/*
|
|
||||||
}
|
|
||||||
|
|
||||||
reverse_proxy @websockets localhost:32483
|
|
||||||
|
|
||||||
handle_path /backend/* {
|
|
||||||
reverse_proxy localhost:32483
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
|
|
||||||
sops.secrets."musare/APP_SECRET".owner = "root";
|
|
||||||
sops.secrets."musare/YOUTUBE_API_KEY".owner = "root";
|
|
||||||
sops.secrets."musare/SPOTIFY_CLIENT_ID".owner = "root";
|
|
||||||
sops.secrets."musare/SPOTIFY_CLIENT_SECRET".owner = "root";
|
|
||||||
sops.secrets."musare/MONGO_USER_USERNAME".owner = "root";
|
|
||||||
sops.secrets."musare/MONGO_USER_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."musare/MONGO_ROOT_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."musare/REDIS_PASSWORD".owner = "root";
|
|
||||||
|
|
||||||
sops.templates."musare/.env" = {
|
|
||||||
content = ''
|
|
||||||
MONGO_USER_USERNAME=${config.sops.placeholder."musare/MONGO_USER_USERNAME"}
|
|
||||||
MONGO_USER_PASSWORD=${config.sops.placeholder."musare/MONGO_USER_PASSWORD"}
|
|
||||||
MONGO_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
|
|
||||||
MONGO_INITDB_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
|
|
||||||
MONGO_INITDB_ROOT_USERNAME=admin
|
|
||||||
MONGO_INITDB_DATABASE=musare
|
|
||||||
REDIS_PASSWORD=meh_not_important
|
|
||||||
'';
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
sops.templates."musare/config.json" = {
|
|
||||||
content = ''
|
|
||||||
{
|
|
||||||
"configVersion": 12,
|
|
||||||
"migration": false,
|
|
||||||
"secret": "${config.sops.placeholder."musare/APP_SECRET"}",
|
|
||||||
"port": 8080,
|
|
||||||
"url": {
|
|
||||||
"host": "music.gasdev.fr",
|
|
||||||
"secure": true
|
|
||||||
},
|
|
||||||
"apis": {
|
|
||||||
"youtube": {
|
|
||||||
"key": "${config.sops.placeholder."musare/YOUTUBE_API_KEY"}"
|
|
||||||
},
|
|
||||||
"spotify": {
|
|
||||||
"clientId": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_ID"}",
|
|
||||||
"clientSecret": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_SECRET"}"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"mongo": {
|
|
||||||
"host": "musare-mongo"
|
|
||||||
},
|
|
||||||
"redis": {
|
|
||||||
"url": "redis://musare-redis:6379/0"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
musare-backend = {
|
|
||||||
image = "localhost/musare:backend";
|
|
||||||
imageFile = pkgs.dockerTools.buildImage {
|
|
||||||
name = "musare";
|
|
||||||
tag = "backend";
|
|
||||||
copyToRoot = pkgs.buildEnv {
|
|
||||||
name = "musare-backend-env";
|
|
||||||
paths = with pkgs; [
|
|
||||||
nodejs_18
|
|
||||||
curl
|
|
||||||
bash
|
|
||||||
];
|
|
||||||
};
|
|
||||||
config = {
|
|
||||||
Cmd = ["node" "--es-module-specifier-resolution=node" "/opt/app/index.js"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"${musare-backend}:/opt/app/"
|
|
||||||
"${config.sops.templates."musare/config.json".path}:/opt/app/config/local.json"
|
|
||||||
];
|
|
||||||
ports = [
|
|
||||||
"32483:8080"
|
|
||||||
];
|
|
||||||
workdir = "/opt/app";
|
|
||||||
environment = {
|
|
||||||
NODE_TLS_REJECT_UNAUTHORIZED = "0";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."musare/.env".path
|
|
||||||
];
|
|
||||||
dependsOn = ["musare-mongo" "musare-redis"];
|
|
||||||
};
|
|
||||||
musare-mongo = {
|
|
||||||
image = "docker.io/mongo:latest";
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"${musare}/tools/docker/setup-mongo.sh:/docker-entrypoint-initdb.d/setup-mongo.sh"
|
|
||||||
"musare-mongodb:/data/db"
|
|
||||||
];
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."musare/.env".path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
musare-redis = {
|
|
||||||
image = "docker.io/redis:7";
|
|
||||||
autoStart = true;
|
|
||||||
cmd = ["--notify-keyspace-events" "Ex" "--requirepass" "meh_not_important" "--appendonly" "yes"];
|
|
||||||
volumes = [
|
|
||||||
"musare-redis:/data"
|
|
||||||
];
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."musare/.env".path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,49 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline";
|
|
||||||
sops.secrets."outline/SMTP_PASSWORD".owner = "outline";
|
|
||||||
sops.secrets."outline/S3_SECRET_KEY".owner = "outline";
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:7143
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.outline = {
|
|
||||||
enable = true;
|
|
||||||
port = 7143;
|
|
||||||
publicUrl = "https://outline.gasdev.fr";
|
|
||||||
forceHttps = false;
|
|
||||||
|
|
||||||
oidcAuthentication = {
|
|
||||||
authUrl = "https://auth.gasdev.fr/api/oidc/authorization";
|
|
||||||
userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo";
|
|
||||||
tokenUrl = "https://auth.gasdev.fr/api/oidc/token";
|
|
||||||
displayName = "Authelia";
|
|
||||||
clientId = "outline";
|
|
||||||
clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path;
|
|
||||||
scopes = ["openid" "offline_access" "profile" "email"];
|
|
||||||
};
|
|
||||||
|
|
||||||
smtp = {
|
|
||||||
host = "mail.gasdev.fr";
|
|
||||||
port = 465;
|
|
||||||
username = "postmaster";
|
|
||||||
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
|
|
||||||
fromEmail = "outline@gasdev.fr";
|
|
||||||
replyEmail = "no-reply@gasdev.fr";
|
|
||||||
};
|
|
||||||
|
|
||||||
storage = {
|
|
||||||
storageType = "local";
|
|
||||||
localRootDir = "/var/lib/outline/data";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
nixpkgs.config.allowUnfreePredicate = pkg:
|
|
||||||
builtins.elem (lib.getName pkg) [
|
|
||||||
"outline"
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,120 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
services.caddy.virtualHosts."penpot.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:9001
|
|
||||||
'';
|
|
||||||
|
|
||||||
sops.secrets."penpot/SECRET_KEY".owner = "root";
|
|
||||||
sops.secrets."penpot/OIDC_CLIENT_SECRET".owner = "root";
|
|
||||||
sops.secrets."penpot/SMTP_HOST".owner = "root";
|
|
||||||
sops.secrets."penpot/SMTP_PORT".owner = "root";
|
|
||||||
sops.secrets."penpot/SMTP_USERNAME".owner = "root";
|
|
||||||
sops.secrets."penpot/SMTP_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."penpot/POSTGRES_USER".owner = "root";
|
|
||||||
sops.secrets."penpot/POSTGRES_PASSWORD".owner = "root";
|
|
||||||
sops.secrets."penpot/AWS_ACCESS_KEY_ID".owner = "root";
|
|
||||||
sops.secrets."penpot/AWS_SECRET_ACCESS_KEY".owner = "root";
|
|
||||||
sops.secrets."penpot/STORAGE_ASSETS_S3_REGION".owner = "root";
|
|
||||||
sops.secrets."penpot/STORAGE_ASSETS_S3_ENDPOINT".owner = "root";
|
|
||||||
sops.secrets."penpot/STORAGE_ASSETS_S3_BUCKET".owner = "root";
|
|
||||||
sops.templates."penpot.env" = {
|
|
||||||
content = ''
|
|
||||||
PENPOT_SECRET_KEY=${config.sops.placeholder."penpot/SECRET_KEY"}
|
|
||||||
PENPOT_OIDC_CLIENT_SECRET=${config.sops.placeholder."penpot/OIDC_CLIENT_SECRET"}
|
|
||||||
# SMTP
|
|
||||||
PENPOT_SMTP_HOST=${config.sops.placeholder."penpot/SMTP_HOST"}
|
|
||||||
PENPOT_SMTP_PORT=${config.sops.placeholder."penpot/SMTP_PORT"}
|
|
||||||
PENPOT_SMTP_USERNAME=${config.sops.placeholder."penpot/SMTP_USERNAME"}
|
|
||||||
PENPOT_SMTP_PASSWORD=${config.sops.placeholder."penpot/SMTP_PASSWORD"}
|
|
||||||
# Database
|
|
||||||
PENPOT_DATABASE_USERNAME=${config.sops.placeholder."penpot/POSTGRES_USER"}
|
|
||||||
PENPOT_DATABASE_PASSWORD=${config.sops.placeholder."penpot/POSTGRES_PASSWORD"}
|
|
||||||
POSTGRES_USER=${config.sops.placeholder."penpot/POSTGRES_USER"}
|
|
||||||
POSTGRES_PASSWORD=${config.sops.placeholder."penpot/POSTGRES_PASSWORD"}
|
|
||||||
# Storage
|
|
||||||
AWS_ACCESS_KEY_ID=${config.sops.placeholder."penpot/AWS_ACCESS_KEY_ID"}
|
|
||||||
AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."penpot/AWS_SECRET_ACCESS_KEY"}
|
|
||||||
PENPOT_STORAGE_ASSETS_S3_REGION=${config.sops.placeholder."penpot/STORAGE_ASSETS_S3_REGION"}
|
|
||||||
PENPOT_STORAGE_ASSETS_S3_BUCKET=${config.sops.placeholder."penpot/STORAGE_ASSETS_S3_BUCKET"}
|
|
||||||
PENPOT_STORAGE_ASSETS_S3_ENDPOINT=${config.sops.placeholder."penpot/STORAGE_ASSETS_S3_ENDPOINT"}
|
|
||||||
'';
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
penpot-frontend = {
|
|
||||||
image = "docker.io/penpotapp/frontend:latest";
|
|
||||||
autoStart = true;
|
|
||||||
ports = ["127.0.0.1:9001:80"];
|
|
||||||
volumes = [
|
|
||||||
"penpot_assets:/opt/data/assets"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
PENPOT_FLAGS = "disable-registration enable-login-with-oidc enable-oidc-registration disable-onboarding disable-onboarding-newsletter disable-onboarding-questions";
|
|
||||||
};
|
|
||||||
dependsOn = [
|
|
||||||
"penpot-backend"
|
|
||||||
"penpot-exporter"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
penpot-backend = {
|
|
||||||
image = "docker.io/penpotapp/backend:latest";
|
|
||||||
autoStart = true;
|
|
||||||
volumes = [
|
|
||||||
"penpot_assets:/opt/data/assets"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
PENPOT_FLAGS = "disable-registration enable-login-with-oidc enable-oidc-registration enable-smtp";
|
|
||||||
# Auth
|
|
||||||
PENPOT_OIDC_CLIENT_ID = "penpot";
|
|
||||||
PENPOT_OIDC_BASE_URI = "https://auth.gasdev.fr";
|
|
||||||
PENPOT_PUBLIC_URI = "https://penpot.gasdev.fr";
|
|
||||||
# DB
|
|
||||||
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
|
|
||||||
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
|
||||||
# Storage
|
|
||||||
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
|
|
||||||
# SMTP
|
|
||||||
PENPOT_SMTP_DEFAULT_FROM = "no-reply@gasdev.fr";
|
|
||||||
PENPOT_SMTP_DEFAULT_REPLY_TO = "no-reply@gasdev.fr";
|
|
||||||
PENPOT_SMTP_SSL = "true";
|
|
||||||
PENPOT_SMTP_TLS = "true";
|
|
||||||
# Other
|
|
||||||
PENPOT_TELEMETRY_ENABLED = "false";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."penpot.env".path
|
|
||||||
];
|
|
||||||
dependsOn = [
|
|
||||||
"penpot-postgres"
|
|
||||||
"penpot-redis"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
penpot-exporter = {
|
|
||||||
image = "docker.io/penpotapp/exporter:latest";
|
|
||||||
autoStart = true;
|
|
||||||
environment = {
|
|
||||||
PENPOT_PUBLIC_URI = "http://penpot-frontend";
|
|
||||||
PENPOT_REDIS_URI = "redis://penpot-redis/0";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
penpot-postgres = {
|
|
||||||
image = "docker.io/postgres:15";
|
|
||||||
autoStart = true;
|
|
||||||
ports = [];
|
|
||||||
volumes = [
|
|
||||||
"penpot_postgres:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
environment = {
|
|
||||||
POSTGRES_INITDB_ARGS = "--data-checksums";
|
|
||||||
POSTGRES_DB = "penpot";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."penpot.env".path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
penpot-redis = {
|
|
||||||
image = "docker.io/redis:7";
|
|
||||||
autoStart = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,43 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
port = "8388";
|
|
||||||
in {
|
|
||||||
sops.secrets."shadowsocks/password".owner = "root";
|
|
||||||
sops.templates."shadowsocks/config.json" = {
|
|
||||||
content = ''
|
|
||||||
{
|
|
||||||
"server": "0.0.0.0",
|
|
||||||
"server_port": ${port},
|
|
||||||
"password": "${config.sops.placeholder."shadowsocks/password"}",
|
|
||||||
"method": "aes-256-gcm",
|
|
||||||
"timeout": 300,
|
|
||||||
"plugin": "${pkgs.shadowsocks-v2ray-plugin}/bin/v2ray-plugin",
|
|
||||||
"plugin_opts":"server;loglevel=none",
|
|
||||||
|
|
||||||
"local_port": ${port},
|
|
||||||
"local_address": "127.0.0.1"
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."shadowsocks.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:${port}
|
|
||||||
'';
|
|
||||||
|
|
||||||
systemd.services = {
|
|
||||||
shadowsocks = {
|
|
||||||
description = "Shadowsocks tunnel";
|
|
||||||
after = ["network-online.target"];
|
|
||||||
wants = ["network-online.target"];
|
|
||||||
enable = true;
|
|
||||||
serviceConfig = {
|
|
||||||
Restart = "always";
|
|
||||||
ExecStart = "${pkgs.shadowsocks-rust}/bin/ssserver -c ${config.sops.templates."shadowsocks/config.json".path}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,147 +0,0 @@
|
||||||
{config, ...}: let
|
|
||||||
domain = "gasdev.fr";
|
|
||||||
in {
|
|
||||||
sops.secrets."stalwart-mail/ADMIN_SECRET".owner = "stalwart-mail";
|
|
||||||
sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."mailadmin.${domain}" = {
|
|
||||||
extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.01:40312
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
services.caddy.virtualHosts."mail.${domain}" = {
|
|
||||||
extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.01:8080
|
|
||||||
'';
|
|
||||||
serverAliases = [
|
|
||||||
"mta-sts.${domain}"
|
|
||||||
"autoconfig.${domain}"
|
|
||||||
"autodiscover.${domain}"
|
|
||||||
"${domain}"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
networking.firewall.allowedTCPPorts = [25 465 587 993];
|
|
||||||
|
|
||||||
services.stalwart-mail = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
server = {
|
|
||||||
hostname = "mail.${domain}";
|
|
||||||
tls = {
|
|
||||||
enable = true;
|
|
||||||
implicit = true;
|
|
||||||
};
|
|
||||||
listener = {
|
|
||||||
smtp = {
|
|
||||||
protocol = "smtp";
|
|
||||||
bind = "[::]:25";
|
|
||||||
};
|
|
||||||
submissions = {
|
|
||||||
bind = "[::]:465";
|
|
||||||
protocol = "smtp";
|
|
||||||
tls.implicit = true;
|
|
||||||
};
|
|
||||||
imaps = {
|
|
||||||
bind = "[::]:993";
|
|
||||||
protocol = "imap";
|
|
||||||
tls.implicit = true;
|
|
||||||
};
|
|
||||||
jmap = {
|
|
||||||
bind = "[::]:8080";
|
|
||||||
protocol = "http";
|
|
||||||
tls.implicit = false;
|
|
||||||
};
|
|
||||||
management = {
|
|
||||||
bind = ["127.0.0.1:40312"];
|
|
||||||
protocol = "http";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
lookup.default = {
|
|
||||||
hostname = "mail.${domain}";
|
|
||||||
domain = "${domain}";
|
|
||||||
};
|
|
||||||
certificate.default = {
|
|
||||||
default = true;
|
|
||||||
cert = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.pem}%";
|
|
||||||
private-key = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.priv.pem}%";
|
|
||||||
};
|
|
||||||
session.auth = {
|
|
||||||
mechanisms = "[plain, login]";
|
|
||||||
};
|
|
||||||
directory."imap".lookup.domains = ["${domain}"];
|
|
||||||
storage = {
|
|
||||||
data = "rocksdb";
|
|
||||||
fts = "rocksdb";
|
|
||||||
blob = "rocksdb";
|
|
||||||
lookup = "rocksdb";
|
|
||||||
directory = "internal";
|
|
||||||
};
|
|
||||||
store."rocksdb" = {
|
|
||||||
type = "rocksdb";
|
|
||||||
path = "%{env:STALWART_PATH}%/data";
|
|
||||||
compression = "lz4";
|
|
||||||
};
|
|
||||||
directory."internal" = {
|
|
||||||
type = "internal";
|
|
||||||
store = "rocksdb";
|
|
||||||
};
|
|
||||||
tracer."stdout" = {
|
|
||||||
type = "stdout";
|
|
||||||
level = "info";
|
|
||||||
ansi = false;
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
tracer."journal" = {
|
|
||||||
type = "journal";
|
|
||||||
level = "info";
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
authentication."fallback-admin" = {
|
|
||||||
user = "admin";
|
|
||||||
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.stalwart-mail = {
|
|
||||||
environment = {
|
|
||||||
STALWART_PATH = "/var/lib/stalwart-mail";
|
|
||||||
};
|
|
||||||
serviceConfig = {
|
|
||||||
StateDirectory = "stalwart-mail";
|
|
||||||
StateDirectoryMode = "0740";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.timers."stalwart-mail-update-certs" = {
|
|
||||||
wantedBy = ["timers.target"];
|
|
||||||
timerConfig = {
|
|
||||||
OnCalendar = "daily";
|
|
||||||
Persistent = true;
|
|
||||||
Unit = "stalwart-mail-update-certs.service";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services."stalwart-mail-update-certs" = {
|
|
||||||
script = ''
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
CADDY_CERT_DIR="/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.${domain}"
|
|
||||||
STALWART_CERT_DIR="/var/lib/stalwart-mail/cert"
|
|
||||||
|
|
||||||
mkdir -p "''\${CADDY_CERT_DIR}"
|
|
||||||
mkdir -p "''\${STALWART_CERT_DIR}"
|
|
||||||
|
|
||||||
cat "''\${CADDY_CERT_DIR}/mail.${domain}.crt" > "''\${STALWART_CERT_DIR}/mail.${domain}.pem"
|
|
||||||
cat "''\${CADDY_CERT_DIR}/mail.${domain}.key" > "''\${STALWART_CERT_DIR}/mail.${domain}.priv.pem"
|
|
||||||
|
|
||||||
chown -R stalwart-mail:stalwart-mail "''\${STALWART_CERT_DIR}"
|
|
||||||
chmod -R 0700 "''\${STALWART_CERT_DIR}"
|
|
||||||
'';
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
User = "root";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,52 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
services.caddy.virtualHosts."analytics.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:4341
|
|
||||||
'';
|
|
||||||
|
|
||||||
sops.secrets."umami/APP_SECRET".owner = "root";
|
|
||||||
sops.secrets."umami/DB_USER".owner = "root";
|
|
||||||
sops.secrets."umami/DB_PASS".owner = "root";
|
|
||||||
|
|
||||||
sops.templates."umami.env" = {
|
|
||||||
content = ''
|
|
||||||
APP_SECRET=${config.sops.placeholder."umami/APP_SECRET"}
|
|
||||||
DATABASE_URL=postgresql://${config.sops.placeholder."umami/DB_USER"}:${config.sops.placeholder."umami/DB_PASS"}@umami-db:5432/umami
|
|
||||||
'';
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
sops.templates."umami-db.env" = {
|
|
||||||
content = ''
|
|
||||||
POSTGRES_USER=${config.sops.placeholder."umami/DB_USER"}
|
|
||||||
POSTGRES_PASSWORD=${config.sops.placeholder."umami/DB_PASS"}
|
|
||||||
'';
|
|
||||||
owner = "root";
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
umami = {
|
|
||||||
image = "ghcr.io/umami-software/umami:postgresql-latest";
|
|
||||||
autoStart = true;
|
|
||||||
ports = ["4341:3000"];
|
|
||||||
dependsOn = ["umami-db"];
|
|
||||||
environment = {
|
|
||||||
DATABASE_TYPE = "postgresql";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."umami.env".path
|
|
||||||
];
|
|
||||||
};
|
|
||||||
umami-db = {
|
|
||||||
image = "docker.io/postgres:15-alpine";
|
|
||||||
autoStart = true;
|
|
||||||
environment = {
|
|
||||||
POSTGRES_DB = "umami";
|
|
||||||
};
|
|
||||||
environmentFiles = [
|
|
||||||
config.sops.templates."umami-db.env".path
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"umami-db-data:/var/lib/postgresql/data"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,18 +0,0 @@
|
||||||
{...}: {
|
|
||||||
services.caddy.virtualHosts."uptime.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:3001
|
|
||||||
'';
|
|
||||||
|
|
||||||
virtualisation.oci-containers.containers = {
|
|
||||||
uptime-kuma = {
|
|
||||||
image = "docker.io/louislam/uptime-kuma:1";
|
|
||||||
autoStart = true;
|
|
||||||
ports = ["127.0.0.1:3001:3001"];
|
|
||||||
volumes = [
|
|
||||||
"uptime-kuma:/app/data"
|
|
||||||
# For container monitoring
|
|
||||||
"/var/run/podman/podman.sock:/var/run/podman/podman.sock"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,35 +0,0 @@
|
||||||
{config, ...}: {
|
|
||||||
sops.secrets."webdav/USER_PASSWORD".owner = "${config.services.webdav.user}";
|
|
||||||
sops.templates."webdav.env" = {
|
|
||||||
content = ''
|
|
||||||
USER_PASSWORD=${config.sops.placeholder."webdav/USER_PASSWORD"}
|
|
||||||
'';
|
|
||||||
owner = "${config.services.webdav.user}";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.caddy.virtualHosts."webdav.gasdev.fr".extraConfig = ''
|
|
||||||
reverse_proxy http://127.0.0.1:6065
|
|
||||||
'';
|
|
||||||
|
|
||||||
services.webdav = {
|
|
||||||
enable = true;
|
|
||||||
environmentFile = config.sops.templates."webdav.env".path;
|
|
||||||
settings = {
|
|
||||||
address = "0.0.0.0";
|
|
||||||
port = 6065;
|
|
||||||
tls = false;
|
|
||||||
behindProxy = true;
|
|
||||||
directory = "/var/lib/webdav";
|
|
||||||
debug = true;
|
|
||||||
users = [
|
|
||||||
{
|
|
||||||
username = "gaspard";
|
|
||||||
password = "{env}USER_PASSWORD";
|
|
||||||
permissions = "CRUD";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
systemd.services.webdav.serviceConfig.StateDirectory = "webdav";
|
|
||||||
systemd.services.webdav.serviceConfig.StateDirectoryMode = "0740";
|
|
||||||
}
|
|
|
@ -1,62 +0,0 @@
|
||||||
{pkgs, ...}: {
|
|
||||||
sops.secrets."wireguard/private_key".owner = "root";
|
|
||||||
|
|
||||||
networking.nat.enable = true;
|
|
||||||
networking.nat.externalInterface = "ens3";
|
|
||||||
networking.nat.internalInterfaces = ["wg0"];
|
|
||||||
networking.firewall = {
|
|
||||||
allowedUDPPorts = [993];
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.wireguard.interfaces = {
|
|
||||||
# "wg0" is the network interface name. You can name the interface arbitrarily.
|
|
||||||
wg0 = {
|
|
||||||
# Determines the IP address and subnet of the server's end of the tunnel interface.
|
|
||||||
ips = ["10.8.0.1/24"];
|
|
||||||
|
|
||||||
# The port that WireGuard listens to. Must be accessible by the client.
|
|
||||||
listenPort = 993;
|
|
||||||
|
|
||||||
# This allows the wireguard server to route your traffic to the internet and hence be like a VPN
|
|
||||||
# For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients
|
|
||||||
postSetup = ''
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
|
|
||||||
'';
|
|
||||||
|
|
||||||
# This undoes the above command
|
|
||||||
postShutdown = ''
|
|
||||||
${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.8.0.0/24 -o ens3 -j MASQUERADE
|
|
||||||
'';
|
|
||||||
|
|
||||||
# Path to the private key file.
|
|
||||||
#
|
|
||||||
# Note: The private key can also be included inline via the privateKey option,
|
|
||||||
# but this makes the private key world-readable; thus, using privateKeyFile is
|
|
||||||
# recommended.
|
|
||||||
privateKeyFile = "/run/secrets/wireguard/private_key";
|
|
||||||
|
|
||||||
peers = [
|
|
||||||
{
|
|
||||||
# Pixel
|
|
||||||
publicKey = "xMO5xTvBXtikri0WS9wpzGvSWITjkQV5oUOYwFjqB0g=";
|
|
||||||
allowedIPs = ["10.8.0.69/32"];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Zephyrus
|
|
||||||
publicKey = "42Vj5VG4bJpOUE7j5UW28IFSmPlV+X3tIA9ne55W0Fo=";
|
|
||||||
allowedIPs = ["10.8.0.42/32"];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# Family desktop
|
|
||||||
publicKey = "cpBhnLD4u5brDZsc2uqXVlelApCIXFdRnfJXJU1WDmM=";
|
|
||||||
allowedIPs = ["10.8.0.11/32"];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# pi4
|
|
||||||
publicKey = "F9AkCI0FGkrFhCq+SvCT1F2RG2ApNUy+SeIj1+VPtXI=";
|
|
||||||
allowedIPs = ["10.8.0.31/32"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
# Start DE if on tty1
|
# Start DE if on tty1
|
||||||
if [ "$(tty)" = /dev/tty1 ]; then
|
if [ "$(tty)" = /dev/tty1 ]; then
|
||||||
exec Hyprland-wrapper
|
exec Hyprland
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start DE if on tty1
|
# Start DE if on tty1
|
||||||
|
|
|
@ -1,18 +1,19 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
} : {
|
||||||
programs.bash = {
|
programs.bash = {
|
||||||
enable = true;
|
enable = true;
|
||||||
bashrcExtra = ". ${./.bashrc}";
|
bashrcExtra = ". ${./.bashrc}";
|
||||||
};
|
};
|
||||||
|
|
||||||
home.file = {
|
home.file = {
|
||||||
".bash_aliases".source = ./.bash_aliases;
|
".bash_aliases".source = ./.bash_aliases;
|
||||||
".bash_exec".source = ./.bash_exec;
|
".bash_exec".source = ./.bash_exec;
|
||||||
};
|
};
|
||||||
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
pkgs.starship
|
pkgs.starship
|
||||||
pkgs.zoxide
|
|
||||||
pkgs.tree
|
|
||||||
pkgs.lsd
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
[general]
|
|
||||||
live_config_reload = true
|
live_config_reload = true
|
||||||
|
|
||||||
[bell]
|
[bell]
|
||||||
|
|
|
@ -1,13 +1,18 @@
|
||||||
{pkgs, ...}: {
|
{
|
||||||
|
config,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
} : {
|
||||||
home.file = {
|
home.file = {
|
||||||
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
|
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
|
||||||
};
|
};
|
||||||
|
|
||||||
home.packages = with pkgs; [
|
home.packages = [
|
||||||
alacritty
|
pkgs.alacritty
|
||||||
fira-code-nerdfont
|
pkgs.fira-code-nerdfont
|
||||||
fira-code-symbols
|
|
||||||
];
|
];
|
||||||
|
|
||||||
fonts.fontconfig.enable = true;
|
fonts.fontconfig.enable = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
{pkgs, ...}: {
|
|
||||||
home.packages = [pkgs.dconf];
|
|
||||||
dconf.settings = {
|
|
||||||
"org/gnome/desktop/interface" = {
|
|
||||||
color-scheme = "prefer-light";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
gtk = {
|
|
||||||
enable = true;
|
|
||||||
theme = {
|
|
||||||
package = pkgs.whitesur-gtk-theme;
|
|
||||||
name = "WhiteSur-Dark-solid-nord";
|
|
||||||
};
|
|
||||||
iconTheme = {
|
|
||||||
package = pkgs.whitesur-icon-theme;
|
|
||||||
name = "WhiteSur";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,13 +1,4 @@
|
||||||
{...}: {
|
{...}: {
|
||||||
imports = [
|
|
||||||
../shell
|
|
||||||
../term
|
|
||||||
../editor
|
|
||||||
../de
|
|
||||||
../gaming
|
|
||||||
../themes/pomme.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
home.username = "gaspard";
|
home.username = "gaspard";
|
||||||
home.homeDirectory = "/home/gaspard";
|
home.homeDirectory = "/home/gaspard";
|
||||||
home.stateVersion = "24.05";
|
home.stateVersion = "24.05";
|
||||||
|
@ -15,14 +6,10 @@
|
||||||
programs.home-manager.enable = true;
|
programs.home-manager.enable = true;
|
||||||
programs.direnv.enable = true;
|
programs.direnv.enable = true;
|
||||||
|
|
||||||
xdg.mimeApps = {
|
imports = [
|
||||||
enable = true;
|
../shell
|
||||||
defaultApplications = {
|
../term
|
||||||
"text/html" = "firefox.desktop";
|
../editor
|
||||||
"x-scheme-handler/http" = "firefox.desktop";
|
../de
|
||||||
"x-scheme-handler/https" = "firefox.desktop";
|
];
|
||||||
"x-scheme-handler/about" = "firefox.desktop";
|
|
||||||
"x-scheme-handler/unknown" = "firefox.desktop";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue