Compare commits

..

No commits in common. "main" and "feat/ovh-config" have entirely different histories.

53 changed files with 271 additions and 1491 deletions

2
.envrc Normal file
View file

@ -0,0 +1,2 @@
#!/usr/bin/env bash
use flake

1
.gitignore vendored
View file

@ -1,3 +1,2 @@
venv/
.direnv
.envrc

View file

@ -1,17 +1,10 @@
keys:
- &admin_gaspard age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
- &server_ovh age1th4zyxdg3y5sdza9v3zlezzru7wyqwvk5y0t7jdv97ej3gd6d5hs5mg7cr
- &server_pi4 age18gts35ruwj67kjgjtgrgrxup83apr8ekgrp98r434wcn2pf0l9sqnq5j2y
creation_rules:
- path_regex: secrets/OVHCloud/[^/]+\.(yaml|json|env|ini)$
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
age:
- *admin_gaspard
- *server_ovh
- path_regex: secrets/pi4/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
age:
- *admin_gaspard
- *server_pi4

View file

@ -53,6 +53,7 @@
(defwidget connectivity []
(eventbox
:onclick "bash -c 'iwgtk &> /dev/null &'"
(label
:class "connectivity"
:text "${

View file

@ -11,11 +11,11 @@
home.packages = [
pkgs.eww
# Script dependencies
pkgs.iw
pkgs.jq
pkgs.dash
pkgs.socat
pkgs.pamixer
pkgs.playerctl
pkgs.pavucontrol
];
}

View file

@ -1,5 +1,5 @@
(defvar WAIFU_MODE false) ; Bcz sometimes I listen to Geoxor, so, yeah...
(defvar FALLBACK_COVER "/home/gaspard/Pictures/Icons/music-disk.png")
(defvar FALLBACK_COVER "/home/gaspard/Images/Icons/music-disk.png")
(defvar PLAY_STATUS "⏸︎")
(deflisten music_info :initial '{"title": "", "artist": "", "artUrl": "", "status": ""}' "~/.config/eww/scripts/get-music-info")

View file

@ -3,10 +3,10 @@
print_network_state() {
case "$1" in
eth*|enp*)
eth*)
echo ethernet
;;
wlan*|wlp*)
wlan*)
echo wireless
;;
usb*)
@ -19,30 +19,27 @@ print_network_state() {
}
wifi_strength() {
if [ "$1" -le 20 ]; then echo terrible
elif [ "$1" -le 40 ]; then echo bad
elif [ "$1" -le 60 ]; then echo mediocre
elif [ "$1" -le 80 ]; then echo good
if [ "$1" -le -80 ]; then echo terrible
elif [ "$1" -le -70 ]; then echo bad
elif [ "$1" -le -60 ]; then echo mediocre
elif [ "$1" -le -40 ]; then echo good
else echo excellent
fi
}
print_network_infos() {
if [ -n "$1" ]; then
device="$1"
route_line=$(ip route show dev "$device" | awk '($1 == "default") { print }')
route_line=$(ip route show dev "$1" | awk '($1 == "default") { print }')
printf ',"ip":{"local":"%s","gateway":"%s"}' \
"$(echo "$route_line" | awk '{ print $7 }')" \
"$(echo "$route_line" | awk '{ print $3 }')"
if [ "$state" = wireless ]; then
wireless_info=$(nmcli --get-values active,ssid,signal dev wifi list --rescan no | grep "^yes")
ssid=$(echo "$wireless_info" | cut -d : -f2)
signal=$(echo "$wireless_info" | cut -d : -f3)
signal=$(iw dev "$1" link | awk '($1 == "signal:") { print $2}')
printf ',"wifi":{"signal":"%s","ssid":"%s"}' \
"$(wifi_strength "$signal")" \
"$ssid"
"$(iw dev wlan0 info | grep '^\s*ssid ' | xargs | cut -d \ -f 2-)"
fi
fi
}
@ -72,5 +69,4 @@ print_connectivity_info () {
print_connectivity_info
dbus-monitor --system "interface=org.freedesktop.DBus.ObjectManager" 2> /dev/null | while read -r line; do
print_connectivity_info
sleep 0.1
done

View file

@ -11,5 +11,4 @@ info (){
info
dbus-monitor "path=/org/mpris/MediaPlayer2,member=PropertiesChanged" | while read -r line; do
info
sleep 0.1
done

View file

@ -1,78 +0,0 @@
#!/usr/bin/env dash
WORK_TIME=1200
PAUSE_TIME=300
timer_state_pid=0
timer_state_state="inactive"
timer_state_time="00:00"
timer_state_progress=100000
sub_timer_pid=0
start_timer() {
timer_type=$1
duration=0
timer_state_state="$timer_type" # Update done later
if [ "$timer_type" = "work" ]; then
duration=$WORK_TIME
timer_type="pause"
elif [ "$timer_type" = "pause" ]; then
duration=$PAUSE_TIME
timer_type="work"
else
echo "Invalid argument"
exit 1
fi
i=$duration
while [ "$i" -ge 0 ] ; do
timer_state_progress=$((i * 100000 / duration))
timer_state_time="$(date -u -d @$i +'%M:%S')"
update_timer_state
sleep 1
i=$(( i - 1 ))
done
# Notify user
if [ "$timer_type" = "pause" ]; then
notify-send -c grind-timer -i ~/Pictures/Icons/moai.jpg "Work period over" "You can take a little nap now."
elif [ "$timer_type" = "work" ]; then
notify-send -c grind-timer -i ~/Pictures/Icons/moai.jpg "Pause period over" "Back to grinding we go."
fi
start_timer "$timer_type"
}
update_timer_state() {
echo "{\"pid\": $timer_state_pid, \"state\": \"$timer_state_state\", \"time\": \"$timer_state_time\", \"progress\": $timer_state_progress}"
}
handle_signal() {
# If a timer is running, kill it
if [ $sub_timer_pid -ne 0 ]; then
kill -9 $sub_timer_pid
sub_timer_pid=0
timer_state_state="inactive"
timer_state_progress=100000
update_timer_state
else
start_timer "work" &
sub_timer_pid=$!
# Will wait forever
wait $sub_timer_pid
fi
}
# Set up the SIGUSR1 signal handler
trap handle_signal 10
timer_state_pid=$$; update_timer_state
while true; do
sleep infinity &
wait
done

View file

@ -1,18 +1,57 @@
(deflisten timer_state :initial '{"pid": 0, "state": "inactive", "time": "00:00", "progress": 100000}' "~/.config/eww/scripts/timer")
(defvar WORK_TIME_SEC 1200)
(defvar PAUSE_TIME_SEC 300)
(defvar timer-state "inactive")
(defvar timer-start-time 0)
(defpoll timer-time
:interval "900ms"
:run-while {timer-state != "inactive"}
`date +%s`)
(defpoll timer-work-period
:interval "20m"
:initial "first"
:run-while {timer-state == "work"}
`if [ "$(eww get timer-work-period)" == "first" ]; then
eww update timer-start-time=$(date +%s)
echo next
else
notify-send -c grind-timer -i ~/Images/Icons/moai.jpg "Work period over" "You can take a little nap now."
eww update timer-state=pause timer-pause-period=first
echo final
fi`) ; TODO: Put in a separate script
(defpoll timer-pause-period
:interval "5m"
:initial "first"
:run-while {timer-state == "pause"}
`if [ "$(eww get timer-pause-period)" == "first" ]; then
eww update timer-start-time=$(date +%s)
echo next
else
notify-send -c grind-timer -i ~/Images/Icons/moai.jpg "Pause period over" "Back to grinding we go."
eww update timer-state=work timer-work-period=first
echo final
fi`) ; TODO: Put in a separate script
(defwidget start-button []
(button
:class "start-button"
:vexpand true
:onclick "kill -10 ${timer_state.pid}"
:onclick "eww update timer-state=${timer-state == "inactive" ? "work" : "inactive"} timer-work-period=first timer-pause-period=first"
(overlay
(circular-progress
:class "circle-progress"
:value "${timer_state.progress / 1000}"
:value "${
timer-state == "inactive" ? 100 :
100 * (timer-start-time + (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC) - timer-time)
/ (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC)
}"
:thickness 6
:start-at 75
:clockwise true)
(label :class "start-icon" :text "${timer_state.state == "inactive" ? 'Start' : (timer_state.state == "work" ? "Working" : "Pause")}")
(label :class "start-icon" :text "${timer-state == "inactive" ? 'Start' : (timer-state == "work" ? "Working" : "Pause")}")
)
)
)
@ -21,13 +60,13 @@
(box
:orientation "v"
:space-evenly false
:class "timer ${timer_state.state}"
:class "timer ${timer-state}"
(label :class "timer-title" :text "Grind timer")
(start-button :valign "center" :vexpand true)
(revealer
:transition "slideup"
:reveal {timer_state.state != "inactive"}
(label :class "timer-text" :text "${timer_state.time}")
:reveal {timer-state != "inactive"}
(label :class "timer-text" :text "${timer-state != "inactive" ? formattime(timer-start-time - (3600 - (timer-state == "work" ? WORK_TIME_SEC : PAUSE_TIME_SEC)) - timer-time, "%H:%M:%S") : "00:20:00"}")
)
)
)

View file

@ -9,6 +9,6 @@ export XDG_CONFIG_HOME="${HOME}/.config"
# Execution
exec ssh-agent \
dbus-launch --exit-with-session \
Hyprland \
hyprland \
"$@"

View file

@ -1,27 +0,0 @@
#!/usr/bin/env bash
set -xeuo pipefail
gamescopeArgs=(
--adaptive-sync # VRR support
--hdr-enabled
--mangoapp # performance overlay
--rt
--steam
)
steamArgs=(
-pipewire-dmabuf
-tenfoot
)
mangoConfig=(
cpu_temp
gpu_temp
ram
vram
)
mangoVars=(
MANGOHUD=1
MANGOHUD_CONFIG="$(IFS=,; echo "${mangoConfig[*]}")"
)
export "${mangoVars[@]}"
exec gamescope "${gamescopeArgs[@]}" -- steam "${steamArgs[@]}"

View file

@ -1,7 +1,7 @@
#!/bin/sh
# Run swaylock
exec swaylock \
exec /usr/bin/swaylock \
"$@" \
--indicator \
--daemonize \

View file

@ -10,7 +10,7 @@ export SWWW_TRANSITION=wipe
export SWWW_TRANSITION_ANGLE=$RANDOM
export SWWW_TRANSITION_FPS=60
wallpapers_dir=~/Pictures/Wallpapers/enabled
wallpapers_dir=~/Images/Wallpapers/enabled
if [[ "$1" = "daemon" ]]; then
exec swww-daemon

View file

@ -11,8 +11,8 @@
executable = true;
};
# Hyprland launch wrapper
".local/bin/Hyprland-wrapper" = {
source = ../../bin/Hyprland-wrapper;
".local/bin/Hyprland" = {
source = ../../bin/Hyprland;
executable = true;
};
# UWU launcher script
@ -30,62 +30,31 @@
source = ../../bin/wallpaperctl;
executable = true;
};
# Lock script
".local/bin/swaylock-hyprland" = {
source = ../../bin/swaylock-hyprland;
executable = true;
};
};
home.packages = with pkgs; [
egl-wayland # For NVIDIA compatibility
xdg-utils
xdg-desktop-portal-hyprland
home.packages = [
pkgs.egl-wayland # For NVIDIA compatibility
pkgs.xdg-desktop-portal-hyprland
# Common DE packages required in config
wl-clipboard
grim
slurp
hyprpicker
udiskie
swww
swaylock-effects
brightnessctl
networkmanagerapplet
pkgs.wl-clipboard
pkgs.grim
pkgs.slurp
pkgs.hyprpicker
pkgs.udiskie
pkgs.swww
# Apps launchable from bindings
kitty
yazi
# Yazi requirements
ffmpegthumbnailer
poppler
imagemagick
# Other apps
vlc
qbittorrent
webcord
# Firefox PWA
firefoxpwa
pkgs.firefox
pkgs.kitty
pkgs.yazi
# Theme
pkgs.bibata-cursors
];
home.pointerCursor = {
gtk.enable = true;
# x11.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 24;
};
wayland.windowManager.hyprland = {
enable = true;
package = inputs.hyprland.packages.${pkgs.system}.hyprland;
extraConfig = builtins.readFile ./hyprland.conf;
plugins = [inputs.hy3.packages.${pkgs.system}.hy3];
};
home.sessionVariables.NIXOS_OZONE_WL = "1";
programs.firefox = {
enable = true;
nativeMessagingHosts = [pkgs.firefoxpwa];
};
# bar is required
imports = [

View file

@ -53,12 +53,10 @@ decoration {
passes = 1
}
shadow {
enabled = yes
range = 4
render_power = 4
color = rgba(1a1a1aee)
}
drop_shadow = yes
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
}
animations {

View file

@ -1,6 +1,13 @@
# Hyprland GPU backend
# env = WLR_DRM_DEVICES,/dev/dri/card1
# Hyprcursor
env = HYPRCURSOR_THEME,Bibata-Modern
env = HYPRCURSOR_SIZE,24
# X cursor
env = XCURSOR_THEME,Bibata-Modern
env = XCURSOR_SIZE,24
# Backend
env = GDK_BACKEND, wayland,x11
env = SDL_VIDEODRIVER, wayland

View file

@ -1,10 +1,10 @@
# Startup
exec-once = artix-pipewire-launcher restart
exec-once = end-rs daemon
exec-once = wallpaperctl daemon
exec-once = swayosd-server
exec-once = nm-applet
exec-once = udiskie
exec-once = eww-bard
exec-once = end-rs daemon
exec-once = hyprctl setcursor Bibata-Modern-Classic 24
exec-once = dbus-update-activation-environment WAYLAND_DISPLAY XDG_CURRENT_DESKTOP

View file

@ -13,8 +13,6 @@ windowrulev2 = workspace 8 silent, class:(Deezer)
windowrule = float, ^(connman-gtk)$
windowrulev2 = float, class:(iwgtk)
windowrulev2 = float, class:(nm-connection-editor)
windowrulev2 = float, class:(.blueman-manager-wrapped)
windowrulev2 = float, class:(localsend_app)

View file

@ -1,9 +1,9 @@
# Preload
preload = ~/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
preload = ~/Pictures/Wallpapers/Overthinker - Inzo.png
preload = ~/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
preload = ~/Images/Wallpapers/Overthinker - Inzo.png
# Definition
wallpaper = , ~/Pictures/Wallpapers/Overthinker - Inzo.png
# wallpaper = , ~/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
wallpaper = , ~/Images/Wallpapers/Overthinker - Inzo.png
# wallpaper = , ~/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png
splash = false

View file

@ -6,6 +6,6 @@ exec --no-startup-id /usr/bin/wired
exec --no-startup-id artix-pipewire-launcher restart
exec --no-startup-id sleep 1 && feh --bg-fill "/home/gaspard/Pictures/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png"
exec --no-startup-id sleep 1 && feh --bg-fill "/home/gaspard/Images/Wallpapers/ExylCollection/Desktop Flute Altar by Exyl.png"
exec udiskie

View file

@ -24,6 +24,6 @@ normal = "block"
select = "underline"
[keys.normal]
backspace = {r = ":sh cargo run", b = ":sh cargo build", p = ":sh python src/main.py"}
backspace = {r = ":sh cargo run", p = ":sh python src/main.py"}
a = ["ensure_selections_forward", "collapse_selection", "move_char_right", "insert_mode"]
A-R = [":clipboard-paste-replace"]

View file

@ -1,7 +1,6 @@
{pkgs, ...}: {
home.packages = with pkgs; [
helix
lsp-ai
home.packages = [
pkgs.helix
];
home.file = {

View file

@ -1,34 +1,5 @@
##############################
## Configuration for lsp-ai ##
##############################
[language-server.lsp-ai]
command = "lsp-ai"
[language-server.lsp-ai.config.memory]
file_store = { }
[language-server.lsp-ai.config.models.codestral]
type = "mistral_fim"
fim_endpoint = "https://codestral.mistral.ai/v1/fim/completions"
model = "codestral-latest"
auth_token_env_var_name = "CODESTRAL_API_KEY"
[language-server.lsp-ai.config.completion]
model = "codestral"
[language-server.lsp-ai.config.completion.parameters]
max_tokens = 64
max_context = 2048
#################################
## Configuration for languages ##
#################################
[[language]]
name = "rust"
language-servers = [ "rust-analyzer" ]
[language.debugger]
command = "codelldb"
@ -49,7 +20,7 @@ runInTerminal = false
[[language]]
name = "python"
language-servers = [ "pyright", "ruff", "lsp-ai" ]
language-servers = [ "pyright", "ruff" ]
[language-server.pyright.config.python.analysis]
typeCheckingMode = "basic"
@ -102,7 +73,7 @@ formatter = { command = 'prettier', args = ["--parser", "css"] }
name = "scss"
formatter = { command = "prettier", args = ["--stdin-filepath", "dummy.scss"] }
indent = { tab-width = 4, unit = "\t" }
language-servers = ["vscode-css-language-server", "lsp-ai"]
language-servers = ["vscode-css-language-server"]
auto-format = true
[[language]]

View file

@ -1,47 +1,5 @@
{
"nodes": {
"anixrun": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1727281125,
"narHash": "sha256-/d65UInO08BTrE1JrXwc0/+tLdkRQuM4H2eSirbuLcI=",
"owner": "GaspardCulis",
"repo": "anixrun",
"rev": "95931fe5365120cafe46cbc8e3e0df5667b50db6",
"type": "github"
},
"original": {
"owner": "GaspardCulis",
"repo": "anixrun",
"type": "github"
}
},
"anyrun": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1731092955,
"narHash": "sha256-L1hLXf4IDZ0KoXbFiSNNZJ7IrReEr/J+CLt6Rl4Ea3M=",
"owner": "anyrun-org",
"repo": "anyrun",
"rev": "d2017f224b2bfd7e33573c7070e7c3e2960c7dcc",
"type": "github"
},
"original": {
"owner": "anyrun-org",
"repo": "anyrun",
"type": "github"
}
},
"aquamarine": {
"inputs": {
"hyprutils": [
@ -66,11 +24,11 @@
]
},
"locked": {
"lastModified": 1730968822,
"narHash": "sha256-NocDjINsh6ismkhb0Xr6xPRksmhuB2WGf8ZmXMhxu7Y=",
"lastModified": 1725199881,
"narHash": "sha256-jsmipf/u1GFZE5tBUkr56CHMN6VpUWCAjfLIhvQijU0=",
"owner": "hyprwm",
"repo": "aquamarine",
"rev": "a49bc3583ff223f426cb3526fdaa4bcaa247ec14",
"rev": "f8a687dd29ff019657498f1bd14da2fbbf0e604b",
"type": "github"
},
"original": {
@ -86,11 +44,11 @@
]
},
"locked": {
"lastModified": 1727938992,
"narHash": "sha256-uFzTqMYO9anwxQsfJ4AWEd0+FyBaiKjJ/bYF+ABFOB8=",
"lastModified": 1727343602,
"narHash": "sha256-V1HAB1p11dcUyurJAB60tcgn4Su2gPoPJ6dZqmCDfiE=",
"owner": "GaspardCulis",
"repo": "nixos-caddy-ovh",
"rev": "01860dceb7292392addda3780c6c8832f345b0f0",
"rev": "df515b6bfd497de2d150867c4c13aab1e3d011ce",
"type": "github"
},
"original": {
@ -108,11 +66,11 @@
"utils": "utils"
},
"locked": {
"lastModified": 1727447169,
"narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=",
"lastModified": 1718194053,
"narHash": "sha256-FaGrf7qwZ99ehPJCAwgvNY5sLCqQ3GDiE/6uLhxxwSY=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76",
"rev": "3867348fa92bc892eba5d9ddb2d7a97b9e127a8a",
"type": "github"
},
"original": {
@ -128,11 +86,11 @@
]
},
"locked": {
"lastModified": 1731274291,
"narHash": "sha256-cZ0QMpv5p2a6WEE+o9uu0a4ma6RzQDOQTbm7PbixWz8=",
"lastModified": 1726838624,
"narHash": "sha256-SU40aZ/UyK4bhuanaWvqlhIw2/kiDrGYcKxCkTn5FP8=",
"owner": "nix-community",
"repo": "disko",
"rev": "486250f404f4a4f4f33f8f669d83ca5f6e6b7dfc",
"rev": "0fe779905ffe730eace0bf7ecf56938c625012a5",
"type": "github"
},
"original": {
@ -148,11 +106,11 @@
]
},
"locked": {
"lastModified": 1731465760,
"narHash": "sha256-GYLUsd3WIrw0smnuBHR0kfDcHu16PQgRs8hIXvfdm5I=",
"lastModified": 1726943802,
"narHash": "sha256-Ooj+Io2qBvA1IOZ0Ueks4OYHN6ylhHTxSvkmwG1Wt4E=",
"owner": "Dr-42",
"repo": "end-rs",
"rev": "11688255d645e97708be5fb66ccc268bc12f5ac5",
"rev": "aced942e36ecd6d3ce4ab45cf1c79ca4e98f6267",
"type": "github"
},
"original": {
@ -177,66 +135,6 @@
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"anyrun",
"nixpkgs"
]
},
"locked": {
"lastModified": 1727826117,
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"hy3",
"hyprland",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -244,11 +142,11 @@
]
},
"locked": {
"lastModified": 1731235328,
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
"lastModified": 1726440980,
"narHash": "sha256-ChhIrjtdu5d83W+YDRH+Ec5g1MmM0xk6hJnkz15Ot7M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
"rev": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff",
"type": "github"
},
"original": {
@ -262,11 +160,11 @@
"hyprland": "hyprland"
},
"locked": {
"lastModified": 1731228735,
"narHash": "sha256-b3PuEtRHTSxV809RLUiZVQhDQZ8NxxpWUjboTe9QAAY=",
"lastModified": 1725825817,
"narHash": "sha256-hBvwaMlgBuR2cB1Kx6cA1z7x38HXUujNcHtBsKhaEZs=",
"owner": "outfoxxed",
"repo": "hy3",
"rev": "7e792f712a2a896bd8d3174780c8944ef5ae7931",
"rev": "4b194eb5486b89102726ad5f4492bb3440c46031",
"type": "github"
},
"original": {
@ -294,11 +192,11 @@
]
},
"locked": {
"lastModified": 1728669738,
"narHash": "sha256-EDNAU9AYcx8OupUzbTbWE1d3HYdeG0wO6Msg3iL1muk=",
"lastModified": 1722623071,
"narHash": "sha256-sLADpVgebpCBFXkA1FlCXtvEPu1tdEsTfqK1hfeHySE=",
"owner": "hyprwm",
"repo": "hyprcursor",
"rev": "0264e698149fcb857a66a53018157b41f8d97bb0",
"rev": "912d56025f03d41b1ad29510c423757b4379eb1c",
"type": "github"
},
"original": {
@ -311,26 +209,26 @@
"inputs": {
"aquamarine": "aquamarine",
"hyprcursor": "hyprcursor",
"hyprland-protocols": "hyprland-protocols",
"hyprlang": "hyprlang",
"hyprutils": "hyprutils",
"hyprwayland-scanner": "hyprwayland-scanner",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks",
"systems": "systems_3",
"systems": "systems_2",
"xdph": "xdph"
},
"locked": {
"lastModified": 1731162467,
"narHash": "sha256-b0w2XOVCuEdBIiTpKaaeSesKux1Q51YWEWdKbljDXPE=",
"lastModified": 1725814101,
"narHash": "sha256-+wE97utoDfhQP6AMdZHUmBeL8grbce/Jv2i5M+6AbaE=",
"ref": "refs/heads/main",
"rev": "a425fbebe4cf4238e48a42f724ef2208959d66cf",
"revCount": 5433,
"rev": "0f594732b063a90d44df8c5d402d658f27471dfe",
"revCount": 5196,
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
},
"original": {
"rev": "a425fbebe4cf4238e48a42f724ef2208959d66cf",
"rev": "0f594732b063a90d44df8c5d402d658f27471dfe",
"submodules": true,
"type": "git",
"url": "https://github.com/hyprwm/Hyprland"
}
@ -340,20 +238,22 @@
"nixpkgs": [
"hy3",
"hyprland",
"xdph",
"nixpkgs"
],
"systems": [
"hy3",
"hyprland",
"xdph",
"systems"
]
},
"locked": {
"lastModified": 1728345020,
"narHash": "sha256-xGbkc7U/Roe0/Cv3iKlzijIaFBNguasI31ynL2IlEoM=",
"lastModified": 1721326555,
"narHash": "sha256-zCu4R0CSHEactW9JqYki26gy8h9f6rHmSwj4XJmlHgg=",
"owner": "hyprwm",
"repo": "hyprland-protocols",
"rev": "a7c183800e74f337753de186522b9017a07a8cee",
"rev": "5a11232266bf1a1f5952d5b179c3f4b2facaaa84",
"type": "github"
},
"original": {
@ -381,11 +281,11 @@
]
},
"locked": {
"lastModified": 1728168612,
"narHash": "sha256-AnB1KfiXINmuiW7BALYrKqcjCnsLZPifhb/7BsfPbns=",
"lastModified": 1725188252,
"narHash": "sha256-yBH8c4GDaEAtBrh+BqIlrx5vp6gG/Gu8fQQK63KAQgs=",
"owner": "hyprwm",
"repo": "hyprlang",
"rev": "f054f2e44d6a0b74607a6bc0f52dba337a3db38e",
"rev": "c12ab785ce1982f82594aff03b3104c598186ddd",
"type": "github"
},
"original": {
@ -408,11 +308,11 @@
]
},
"locked": {
"lastModified": 1730968903,
"narHash": "sha256-zFvzLXcSm0Ia4XI1SE4FQ9KE63hlGrRWhLtwMolWuR8=",
"lastModified": 1724966483,
"narHash": "sha256-WXDgKIbzjYKczxSZOsJplCS1i1yrTUpsDPuJV/xpYLo=",
"owner": "hyprwm",
"repo": "hyprutils",
"rev": "3ce0cde8709cdacbfba471f8e828433b58a561e9",
"rev": "8976e3f6a5357da953a09511d0c7f6a890fb6ec2",
"type": "github"
},
"original": {
@ -435,11 +335,11 @@
]
},
"locked": {
"lastModified": 1726874836,
"narHash": "sha256-VKR0sf0PSNCB0wPHVKSAn41mCNVCnegWmgkrneKDhHM=",
"lastModified": 1721324119,
"narHash": "sha256-SOOqIT27/X792+vsLSeFdrNTF+OSRp5qXv6Te+fb2Qg=",
"owner": "hyprwm",
"repo": "hyprwayland-scanner",
"rev": "500c81a9e1a76760371049a8d99e008ea77aa59e",
"rev": "a048a6cb015340bd82f97c1f40a4b595ca85cc30",
"type": "github"
},
"original": {
@ -448,72 +348,13 @@
"type": "github"
}
},
"jovian": {
"inputs": {
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1731227601,
"narHash": "sha256-aGUQ6W/Oxd9xjH9RQbnUtC61sTK2fWlKr+J7kavT/RQ=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "7691d0ac1deb6ac7482c5a22fe1a14a34ca608b0",
"type": "github"
},
"original": {
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"jovian",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729697500,
"narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
"owner": "zhaofengli",
"repo": "nix-github-actions",
"rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"ref": "matrix-name",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1731797098,
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixos-hardware",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1730785428,
"narHash": "sha256-Zwl8YgTVJTEum+L+0zVAWvXAGbWAuXHax3KzuejaDyo=",
"lastModified": 1725103162,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4aa36568d413aca0ea84a1684d2d46f55dbabad7",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"type": "github"
},
"original": {
@ -525,27 +366,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"lastModified": 1725762081,
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1730602179,
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github"
},
"original": {
@ -557,11 +382,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1731139594,
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
"lastModified": 1726243404,
"narHash": "sha256-sjiGsMh+1cWXb53Tecsm4skyFNag33GPbVgCdfj3n9I=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
"rev": "345c263f2f53a3710abe117f28a5cb86d0ba4059",
"type": "github"
},
"original": {
@ -571,35 +396,8 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"hy3",
"hyprland",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1730814269,
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"anixrun": "anixrun",
"anyrun": "anyrun",
"caddy": "caddy",
"deploy-rs": "deploy-rs",
"disko": "disko",
@ -610,8 +408,6 @@
"hy3",
"hyprland"
],
"jovian": "jovian",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_2",
"sops-nix": "sops-nix"
}
@ -621,14 +417,14 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_2"
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731364708,
"narHash": "sha256-HC0anOL+KmUQ2hdRl0AtunbAckasxrkn4VLmxbW/WaA=",
"lastModified": 1726524647,
"narHash": "sha256-qis6BtOOBBEAfUl7FMHqqTwRLB61OL5OFzIsOmRz2J4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "4c91d52db103e757fc25b58998b0576ae702d659",
"rev": "e2d404a7ea599a013189aa42947f66cede0645c8",
"type": "github"
},
"original": {
@ -638,21 +434,6 @@
}
},
"systems": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -667,7 +448,7 @@
"type": "github"
}
},
"systems_3": {
"systems_2": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
@ -684,7 +465,7 @@
},
"utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1701680307,
@ -702,26 +483,12 @@
},
"xdph": {
"inputs": {
"hyprland-protocols": [
"hy3",
"hyprland",
"hyprland-protocols"
],
"hyprland-protocols": "hyprland-protocols",
"hyprlang": [
"hy3",
"hyprland",
"hyprlang"
],
"hyprutils": [
"hy3",
"hyprland",
"hyprutils"
],
"hyprwayland-scanner": [
"hy3",
"hyprland",
"hyprwayland-scanner"
],
"nixpkgs": [
"hy3",
"hyprland",
@ -734,11 +501,11 @@
]
},
"locked": {
"lastModified": 1730743262,
"narHash": "sha256-iTLqj3lU8kFehPm5tXpctzkD274t/k1nwSSq3qCWXeg=",
"lastModified": 1725203932,
"narHash": "sha256-VLULC/OnI+6R9KEP2OIGk+uLJJsfRlaLouZ5gyFd2+Y=",
"owner": "hyprwm",
"repo": "xdg-desktop-portal-hyprland",
"rev": "09b23cef06fe248e61cec8862c04b9bcb62f4b6d",
"rev": "2425e8f541525fa7409d9f26a8ffaf92a3767251",
"type": "github"
},
"original": {

View file

@ -3,7 +3,6 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -42,21 +41,6 @@
url = "github:Dr-42/end-rs";
inputs.nixpkgs.follows = "nixpkgs";
};
anyrun = {
url = "github:anyrun-org/anyrun";
inputs.nixpkgs.follows = "nixpkgs";
};
anixrun = {
url = "github:GaspardCulis/anixrun";
inputs.nixpkgs.follows = "nixpkgs";
};
# SteamOS
jovian = {
url = "github:Jovian-Experiments/Jovian-NixOS";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@ -66,22 +50,18 @@
deploy-rs,
sops-nix,
home-manager,
jovian,
nixos-hardware,
...
} @ inputs: let
system = "x86_64-linux";
pkgs = nixpkgs.legacyPackages.${system};
in rec {
in {
nixosConfigurations = {
Zephyrus = nixpkgs.lib.nixosSystem {
extraArgs = {inherit inputs;};
modules = [
./hosts/Zephyrus
disko.nixosModules.disko
nixos-hardware.nixosModules.asus-zephyrus-ga503
home-manager.nixosModules.home-manager
jovian.nixosModules.jovian
];
};
@ -94,17 +74,6 @@
home-manager.nixosModules.home-manager
];
};
pi4 = nixpkgs.lib.nixosSystem {
extraArgs = {inherit inputs;};
system = "aarch64-linux";
modules = [
./hosts/pi4
"${nixpkgs}/nixos/modules/profiles/minimal.nix"
nixos-hardware.nixosModules.raspberry-pi-4
sops-nix.nixosModules.sops
];
};
};
homeConfigurations = {
@ -127,8 +96,7 @@
};
};
deploy.nodes = {
OVHCloud = {
deploy.nodes.OVHCloud = {
hostname = "gasdev.fr";
profiles.system = {
user = "root";
@ -138,33 +106,6 @@
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.OVHCloud;
};
};
pi4 = {
hostname = "10.8.0.31";
profiles.system = {
user = "root";
sshUser = "root";
sshOpts = ["-p" "22"];
sudo = "";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.pi4;
};
};
};
images.pi4 =
(self.nixosConfigurations.pi4.extendModules {
modules = [
"${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
{
disabledModules = ["profiles/base.nix"];
}
];
})
.config
.system
.build
.sdImage;
packages.x86_64-linux.pi4-image = images.pi4;
packages.aarch64-linux.pi4-image = images.pi4;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

View file

@ -1,9 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
gamemode
];
imports = [
./minecraft
];
}

View file

@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
prismlauncher
];
}

View file

@ -2,7 +2,7 @@
# This will add secrets.yml to the nix store
# You can avoid this by adding a string to the full path instead, i.e.
# sops.defaultSopsFile = "/root/.sops/secrets/example.yaml";
sops.defaultSopsFile = ../../secrets/OVHCloud/default.yaml;
sops.defaultSopsFile = ../../secrets/OVHCloud.yaml;
# This will automatically import SSH keys as age keys
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];

View file

@ -1,6 +1,8 @@
{
inputs,
pkgs,
lib,
config,
...
}: {
imports = [
@ -14,60 +16,58 @@
time.timeZone = "Europe/Paris";
console.keyMap = "fr";
services.xserver.xkb.layout = "fr";
security.pam.services.swaylock = {};
# Network & Bluetooth
networking.wireless.iwd.enable = true;
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Audio
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# Services
services.seatd.enable = true;
services.blueman.enable = true;
services.udisks2.enable = true;
services.power-profiles-daemon.enable = true;
services.ollama = {
enable = true;
acceleration = "cuda";
};
systemd.services.ollama = {
wantedBy = pkgs.lib.mkForce [];
};
# Programs
environment.systemPackages = with pkgs; [
git
wget
ncdu
neofetch
bottom
htop
unzip
wg-netmanager
podman-compose
mangohud
environment.systemPackages = [
pkgs.git
pkgs.wget
pkgs.ncdu
pkgs.neofetch
pkgs.bottom
pkgs.htop
pkgs.iwgtk
];
#Podman
virtualisation.containers.enable = true;
virtualisation = {
podman = {
enable = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
# NVIDIA
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) ["nvidia-x11" "nvidia-settings"];
hardware.graphics.enable = true;
services.xserver.videoDrivers = ["nvidia"];
hardware.nvidia = {
modesetting.enable = true;
open = false; # Bruuh
prime = {
amdgpuBusId = "PCI:7:0:0";
nvidiaBusId = "PCI:1:0:0";
};
};
# ADB
programs.adb.enable = true;
# Gaming
programs.gamemode.enable = true;
# Other
programs.nix-ld.enable = true;
programs.localsend = {
enable = true;
openFirewall = true;
};
# User config
users.groups.gaspard = {
name = "gaspard";
@ -79,9 +79,6 @@
"video"
"seat"
"audio"
"adbusers"
"gamemode"
"networkmanager"
];
group = "gaspard";
};
@ -93,33 +90,5 @@
};
};
# Steam specialisation
specialisation.steam.configuration = {
system.nixos.tags = ["steam"];
users.groups.steam.name = "steam";
users.users.steam = {
isNormalUser = true;
createHome = true;
extraGroups = [
"video"
"seat"
"audio"
"gamemode"
"networkmanager"
];
group = "steam";
};
services.desktopManager.plasma6.enable = true;
jovian.steam = {
enable = true;
autoStart = true;
user = "steam";
desktopSession = "plasma";
};
environment.sessionVariables = {
XKB_DEFAULT_LAYOUT = "fr";
};
};
system.stateVersion = "24.11";
}

View file

@ -3,6 +3,7 @@
# to /etc/nixos/configuration.nix instead.
{
pkgs,
config,
lib,
modulesPath,
...
@ -15,16 +16,12 @@
boot = {
kernelPackages = lib.mkDefault pkgs.linuxPackages_zen;
kernelModules = ["kvm-amd"];
kernelParams = [
"mem_sleep_default=deep" # Should fix/change suspend method
];
extraModulePackages = [];
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "usbhid" "sdhci_pci"];
kernelModules = [];
};
loader = {
timeout = 2;
efi.canTouchEfiVariables = true;
grub = {
enable = true;
@ -32,59 +29,6 @@
efiSupport = true;
};
};
tmp.useTmpfs = true;
binfmt.emulatedSystems = ["aarch64-linux"];
};
# Network & Bluetooth
networking.networkmanager.enable = true;
networking.firewall.checkReversePath = "loose"; # For wireguard
hardware.bluetooth.enable = true;
hardware.bluetooth.powerOnBoot = true;
# Audio
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
#NVIDIA
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"cuda_cudart"
"libcublas"
"cuda_cccl"
"cuda_nvcc"
# Steam
"xow_dongle-firmware"
"steam"
"steam-original"
"steam-run"
"steam-unwrapped"
"steam-jupiter-unwrapped"
"steamdeck-hw-theme"
];
nixpkgs.config.packageOverrides = pkgs: {
intel-vaapi-driver = pkgs.intel-vaapi-driver.override {enableHybridCodec = true;};
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
vaapiVdpau
libvdpau-va-gl
mesa
];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -97,4 +41,5 @@
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -1,74 +0,0 @@
{
config,
pkgs,
...
}: {
imports = [
./hardware-configuration.nix
];
# Nix
nix.settings.experimental-features = ["nix-command" "flakes"];
# Set your time zone.
time.timeZone = "Europe/Paris";
environment.systemPackages = with pkgs; [
podman-compose
helix
unzip
htop
ncdu
wget
git
];
services.openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHQyRXFQ6iA5p0vDuoGSHZfajiVZPAGIyqhTziM7QgBV gaspard@nixos"
];
# Podman
virtualisation = {
containers.enable = true;
oci-containers.backend = "podman";
podman = {
enable = true;
# Required for containers under podman-compose to be able to talk to each other.
defaultNetwork.settings.dns_enabled = true;
};
};
# SOPS
sops.defaultSopsFile = ../../secrets/pi4/default.yaml;
sops.secrets."wireguard/private_key".owner = "root";
# Wireguard
networking.firewall = {
allowedUDPPorts = [51820];
};
networking.wg-quick.interfaces = {
wg0 = {
address = ["10.8.0.31/32"];
listenPort = 51820; # Should match firewall allowedUDPPorts
privateKeyFile = config.sops.secrets."wireguard/private_key".path;
peers = [
{
publicKey = "KLULII6VEUWMhyIba6oxxHdZsVP3TMVlNY1Vz49q7jg=";
allowedIPs = ["0.0.0.0/0"];
endpoint = "vpn.gasdev.fr:993";
persistentKeepalive = 25;
}
];
};
};
system.stateVersion = "24.11";
}

View file

@ -1,20 +0,0 @@
{
pkgs,
lib,
...
}: {
# "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" creates a
# disk with this label on first boot. Therefore, we need to keep it. It is the
# only information from the installer image that we need to keep persistent
fileSystems."/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
};
boot = {
kernelPackages = lib.mkForce pkgs.linuxPackages_latest;
loader = {
generic-extlinux-compatible.enable = lib.mkDefault true;
grub.enable = lib.mkDefault false;
};
};
}

View file

@ -1,38 +1,9 @@
{
pkgs,
inputs,
...
}: {
imports = [
inputs.anyrun.homeManagerModules.anyrun # Import the anyrun home-manager module
];
programs.anyrun = {
enable = true;
config = {
plugins = [
inputs.anyrun.packages.${pkgs.system}.applications
inputs.anyrun.packages.${pkgs.system}.symbols
inputs.anyrun.packages.${pkgs.system}.websearch
inputs.anyrun.packages.${pkgs.system}.rink
inputs.anyrun.packages.${pkgs.system}.shell
inputs.anixrun.packages.${pkgs.system}.default
];
x = {fraction = 0.5;};
y = {fraction = 0.3;};
width = {fraction = 0.3;};
hideIcons = false;
ignoreExclusiveZones = false;
layer = "top";
hidePluginInfo = true;
closeOnClick = true;
showResultsImmediately = false;
maxEntries = null;
{pkgs, ...}: {
home.file = {
".config/anyrun".source = ../anyrun;
};
extraCss = builtins.readFile ./style.css;
extraConfigFiles."applications.ron".text = builtins.readFile ./applications.ron;
extraConfigFiles."symbols.ron".text = builtins.readFile ./symbols.ron;
extraConfigFiles."websearch.ron".text = builtins.readFile ./websearch.ron;
};
home.packages = [
pkgs.anyrun
];
}

View file

@ -22,29 +22,11 @@ gitlab:
OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str]
DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str]
JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str]
musare:
APP_SECRET: ENC[AES256_GCM,data:MTwZ7ziFaa6kCdbvNPyFCbNa/aY1kPO3CuLG0UC8S8Pd5QHepIHor3Ab9yw=,iv:8zalEGdQUmCoSZV8B/wmztPFi2upZZ11rU/okhkdk30=,tag:++8A7nyxsAvpqg1azwCWaA==,type:str]
YOUTUBE_API_KEY: ENC[AES256_GCM,data:gyBGcdrTnpmnl+NtCO0qZdaUJJ4cGyrJng2us/1ERfmgJAds50eR,iv:0uAqORbl3hC7QYJfJaP/JnaYvHoToxwVKRwElFIhgRI=,tag:NuETLWclphy4dhVnKVh1jw==,type:str]
SPOTIFY_CLIENT_ID: ENC[AES256_GCM,data:SecWkp5T77ciTs5gjjUznYbhkFaLNGkiXwiD3uvprEQ=,iv:+Tm9qgTHiklnNsYDCXFV2pm5mDLV2azM2Q1ZWeifnFk=,tag:wkj63YNBx9svSUWoPBCFpQ==,type:str]
SPOTIFY_CLIENT_SECRET: ENC[AES256_GCM,data:QY6bXZSimSET8bQteZycUZOpC5lUgDXteBhFEYvtovI=,iv:3BtHH/pPFLqW+MHSgKVwJ/hViEeF4YOWRRFMT+YIibA=,tag:VKsuBBxV7y64vBMVl10PZQ==,type:str]
MONGO_USER_USERNAME: ENC[AES256_GCM,data:XKk3rmNJ,iv:x853fsUKFZ5xEKTTFd+r8MQ4yZK1q0x9ocjmngBJ4Wo=,tag:v9xsFbImlrNQb/yAlIWM/w==,type:str]
MONGO_USER_PASSWORD: ENC[AES256_GCM,data:QMocFYM0okz4/g0iPm3QoPGtxRc67A==,iv:xZJL5KVJAL0Gv9wkbyStrcJig1gKkHlQnJ8SIKVLeLs=,tag:HdXDA6z8YJzwEQPBt/0rCQ==,type:str]
MONGO_ROOT_PASSWORD: ENC[AES256_GCM,data:KrrEa7NVF1J+znK+8aychgmBGgtLHw==,iv:BGsnTPXmQ3moqFRVATRbVDBLl/EFG5DqSwii/9eKdLg=,tag:0hR91iEZcox/xe7M4SmCBg==,type:str]
REDIS_PASSWORD: ENC[AES256_GCM,data:8+iq5EiFJWyhvE/AV/qjb/61AHvFdQ==,iv:jv/XVunNDXRB5CjQVxtt+uL5V14p7ol7UuhJOSWcjEs=,tag:Ft/mWv2zmXjSToPogisqtw==,type:str]
notesnook:
API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str]
S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str]
S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str]
outline:
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str]
S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str]
penpot:
SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str]
OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str]
SMTP_HOST: ENC[AES256_GCM,data:J7D9fTRW1iANdPecxr0=,iv:LtTsRC144slQzt17DmOWL84NJJBR8A/emopAo8Qu1MM=,tag:6wUO1j0T7xAdkdkD1Xo2Cw==,type:str]
SMTP_PORT: ENC[AES256_GCM,data:fG4=,iv:PuMglwRdX45zZJaqsWfPxhuWpjpeOYL3M7bpj4g4GNg=,tag:K52aL+CGtzBjfPKKOCDm6A==,type:str]
SMTP_HOST: ENC[AES256_GCM,data:grXf4aoolCIEF+xomL9ziE4=,iv:HeUUuJJEjq/CWCWfrxe8ujBaMidFM6B49oHedjD7b3M=,tag:fnsUU8DhgUjtjoKkqw3c4g==,type:str]
SMTP_PORT: ENC[AES256_GCM,data:Lnh0,iv:gCLwzWrk6hMUZjL1RGi51dS2TULtCfYnlpAOJBVBen0=,tag:fv7lwt36JpKhRjXF41Wc8g==,type:str]
SMTP_USERNAME: ENC[AES256_GCM,data:VW/cB/BIisGfhwWNLNvRCvWGYI8=,iv:u+nAfJUfMZtthe18DPy4yBEWcbh52ZrUsbaOW8vnbVw=,tag:PLq47UuvDzd/X1aoCtRJjw==,type:str]
SMTP_PASSWORD: ENC[AES256_GCM,data:tl7hp0a4l8JLOSQQvJNRwF4DR+83FaKI,iv:vR0KiXjnkyO1pa+fxQ6ALoYN6IMFAk07qmMe5qgRB1E=,tag:/RmJIzgjDEBH9XNMol3IUg==,type:str]
POSTGRES_USER: ENC[AES256_GCM,data:Uk7czFf4,iv:2PGek4z7UJzvs6X4Jq8wx+HkUFYGtq0kVJd5ba3M24E=,tag:QysuNOULNHBPdheBH6CRDA==,type:str]
@ -54,17 +36,8 @@ penpot:
STORAGE_ASSETS_S3_REGION: ENC[AES256_GCM,data:oV4ucbPe,iv:zNsUsftybGcQdryAB+mN9Xb/rVWOLFlVixqRLLz8WIY=,tag:FiiSjLyuK89HK1GEE3BSUA==,type:str]
STORAGE_ASSETS_S3_ENDPOINT: ENC[AES256_GCM,data:mZjvBvNZC28jUYrK8e6HHixC4GU=,iv:mppmZn7nV/gckB3+GonwQQT5U14qg1FyEnQ92pGDSZI=,tag:rAePtPdd6o+EDC0MrAToKw==,type:str]
STORAGE_ASSETS_S3_BUCKET: ENC[AES256_GCM,data:nfcjtCQVWhdT1UUYPw==,iv:mF2Esw1GvWAjkabvDde63bAq4V5pXNhbhqsK1dkg5sg=,tag:uE6qKxKSJzYtHWxPMiK3Lw==,type:str]
stalwart-mail:
ACME_SECRET: ENC[AES256_GCM,data:maC7iAMiwFCYXD15IEqaCVi9TqPAIJ15T/yJWSwo4dW3mdqXmItS4hoS2cI=,iv:fWDase9PM2riakQDUiuCTa+W9W4bf7I39k/WSbX4RjI=,tag:+OixerP8JWAjGeh8U+g32g==,type:str]
ADMIN_SECRET: ENC[AES256_GCM,data:4ytiKxJ55Wm9p6M=,iv:dl1BCtxOu4o+2qC6ZlUw8cluoqDjp16/SN9bhGneRHs=,tag:qEgWrYHQJHDjR2PwK9y8UA==,type:str]
shadowsocks:
password: ENC[AES256_GCM,data:IdAvKXKckwvZUetkYSFTIPxd8nrwm13Ngc3KVDSmiW3AE4Rhmjk2VHjdUyQ=,iv:LVeQcL7XIEQyMTsXpXIROGte2+Z9+7FpemfiwhA0Pw0=,tag:qt+8jgN5UqwMeCV+D3stEQ==,type:str]
umami:
APP_SECRET: ENC[AES256_GCM,data:+WnBbgVY+YzMJ8yBeFUEhkqYfs7wamuC/VmgnSybOXnd/H6A+zgimBggFsU=,iv:9tWnwH1ZvvfaHbzhIkrsynnOywD0xkuQKkvYlnrxOy8=,tag:mld2+vqLCesDtSYbN8lECg==,type:str]
DB_USER: ENC[AES256_GCM,data:ue5HslI=,iv:kXJSHpbQ4HV9k4ZiouXoOjop7YdnJkhAy3OUh+6s90Y=,tag:KGNNA9gz30bo2nVLAkh4JQ==,type:str]
DB_PASS: ENC[AES256_GCM,data:KyVnQAWcLcttImqsyecIIYordN9LR0zg,iv:nTy7COxvg3nVpsMf9g7x+gwKLaonaxC53rIeeCIGqdk=,tag:XbX7qyjQn+6snnTbtLInLQ==,type:str]
webdav:
USER_PASSWORD: ENC[AES256_GCM,data:aULehVsCkGpsryQ=,iv:OD6ADWh62tvykGXP9Lmy4f9Iz9QuzyKMnGXGAvOv55s=,tag:ff47alP5Og7XaADzvZEMGA==,type:str]
wireguard:
private_key: ENC[AES256_GCM,data:fjaBcBplx4IOrbnT8PZwUl6m4j4sdiObJYJXSrzCOqXcL3Qyymj4HUPSBuM=,iv:4XVH1d0/PTfVHKtDoziOD3b+TGXafNEGNgqAUtQsoD8=,tag:c/9AQO5TmLPGvIRN59KMZg==,type:str]
public_key: ENC[AES256_GCM,data:zHQkA3wu7Kn9wnODn65zHKGX3qBvhRa0H/cSlg/8TjyTNtaMgY3Y0RiQEr4=,iv:kaWxt11DR4jZzgfoA7PDg/wPc6VqSoyuFU4KllOzZjY=,tag:acA0M4Eq0AR4FjFJZ4l13w==,type:str]
@ -92,8 +65,8 @@ sops:
MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN
y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-10T18:55:35Z"
mac: ENC[AES256_GCM,data:yoir0/xLbAksjcq61Fsnj0WJub1BkCohTngZIX3Ol8lT+5Fzn3uPPsheadgWKXYirMVAxm5HtvAiLetxbI1G4vFvu+BTiUhDvaV1VjS32JcJrDuvKzgdLgKUbE+bbAXobMduO7UAdzriXzTYJa3JpcSY6YtveyMiXB72Spqza04=,iv:KvYH1r9qNLr0eJF3kpIfvVESDr/EPb2vC5oOUK+x0u8=,tag:vJkGgBDnZMtgOlYztu7plw==,type:str]
lastmodified: "2024-10-24T10:04:55Z"
mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.0

View file

@ -1,31 +0,0 @@
wireguard:
private_key: ENC[AES256_GCM,data:L6FD+kBF7AoIrm3pMM6/pmWtX2FP5dUrJ9hUCuW9n4SlJ/JhpxI9m/1owIg=,iv:ok4pyUUv80kPY9n4WQmBGYHmMsPJnG0tnF+vbNhqc3s=,tag:OPribO7RoVCkFkTrYrHw7w==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1rgu2e75kt4uztr43y6wj70uz2sj3tr9lz58y4h6rk37alq2vwa5q9v35dr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJamxiNDlnRWJ6ZGFRaEtu
bGRveE9aWWY4c2duYkFYU2NKQlBSYjNWT3dZClNtNkpiRENNRFdUcTN6MENhU1Z1
YzVDa21peTluVkFoQURnK0xZQjNFZm8KLS0tIGpPbE95NVM2aUNrWWlEVGUybXpP
cXpCMmsxTkxKSXBjSmV2azNIcW04a1UKF8O99FpHDZSO0XFeCzWyoxJvjmvjvWFH
aOFSWHO64UDlSY/1eQmIYr/xad/BxxYnkrqlJib5tpmPkoi1qyuZVg==
-----END AGE ENCRYPTED FILE-----
- recipient: age18gts35ruwj67kjgjtgrgrxup83apr8ekgrp98r434wcn2pf0l9sqnq5j2y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFQmlDMzJQSEM3cjdnZmpy
RUgzZTYvT3RrQ2RMUmNNNWRvL2NjSUJvdW1jCkFvaVFOZUdPMWQxNnhGLzgwa2w4
MHpwVzJkQjZvd25oaENqbzdrT1dmazQKLS0tIE1MdmVrNVRscGlXeTB0NXV6SUMv
RDNob1FNdFZQUUk0SmVDUnZBc3FNdVEKcyNWzjvIZIBR39kQkUsSSmHJ+gePPtbS
PUcLp6jYFvPDyldLm+PqIApEL9X0d/0ccvY+wwkPCiqSPFZbBLitgg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-05T22:30:48Z"
mac: ENC[AES256_GCM,data:GI5Hb8zvafTdWhpm+D6qp9iefMD9NwYPRBKcxrIL9M1wTMzMzD4QsrbMDKQELfTYK3QhLZ0G4KTmLfoSB1zYO/GtslRDAAHmFzLuNNVJ9/8gIrd/Gb12JLnUDjJrxYEeF15NKnyqRMKUVQiJgYd8ggLGzT9pRqaMNTKCYutqsaE=,iv:XB/Ddi7mU9SdRD7nHkyAZR+gTZ9ZY2ZrvHlb0kFK/4Q=,tag:OgEw78w4o44CamP/4C6Y7g==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

View file

@ -34,20 +34,6 @@ identity_providers:
- 'email'
- 'openid'
- 'profile'
- client_id: 'outline'
client_name: 'Outline'
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://outline.gasdev.fr/auth/oidc.callback'
scopes:
- 'openid'
- 'offline_access'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
authentication_backend:
@ -74,14 +60,10 @@ storage:
path: /data/db.sqlite3
notifier:
disable_startup_check: true
smtp:
address: 'submissions://mail.gasdev.fr:465'
username: 'postmaster'
address: 'smtp.mail.ovh.net'
username: 'postmaster@gasdev.fr'
sender: 'Authelia <authelia@gasdev.fr>'
# identifier: 'mail.gasdev.fr'
# tls:
# server_name: 'mail.gasdev.fr'
log:
level: 'info'

View file

@ -2,13 +2,9 @@
imports = [
./authelia
./garage
./musare
./outline
./penpot
./shadowsocks
./stalwart-mail
./umami
./uptime-kuma
./webdav
./wireguard
];
}

View file

@ -1,25 +1,22 @@
# TODO: Run as different user
{config, ...}: {
{...}: {
sops.secrets."garage/RPC_SECRET".owner = "root";
services.caddy.virtualHosts."s3.gasdev.fr *.s3.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3.gasdev.fr.log";
extraConfig = ''
header {
?Access-Control-Allow-Headers *
?Access-Control-Allow-Methods *
?Access-Control-Allow-Origin *
}
services.caddy.virtualHosts."s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
};
services.caddy.virtualHosts."s3web.gasdev.fr *.s3web.gasdev.fr" = {
logFormat = "output file ${config.services.caddy.logDir}/access-s3web.gasdev.fr.log";
extraConfig = ''
services.caddy.virtualHosts."*.s3.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3900
'';
services.caddy.virtualHosts."*.s3web.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:3902
'';
};
virtualisation.oci-containers.containers = {
garage = {

View file

@ -1,164 +0,0 @@
{
pkgs,
config,
...
}: let
musare = pkgs.fetchFromGitHub {
owner = "Musare";
repo = "Musare";
rev = "v3.11.0";
hash = "sha256-RN9H7atiNOr4wqgzfwE/8hUMJ4zpgMBu3dXA37c/lH0=";
};
musare-backend =
pkgs.buildNpmPackage {
pname = "musare-backend";
version = "4.7.0";
nodejs = pkgs.nodejs_18;
src =
musare
+ "/backend";
npmDepsHash = "sha256-cxvK2Zp0iOA9qPg8NaCEcOsxmaU1/l/dvnfwUEq2BuE=";
dontNpmBuild = true;
}
+ "/lib/node_modules/musare-backend";
musare-frontend =
pkgs.buildNpmPackage {
pname = "musare-frontend";
version = "4.7.0";
src =
musare
+ "/frontend";
npmDepsHash = "sha256-R1vxio66W/8WN6pFRbwuOv0Z4/V4cnwBqhXlRygj7Js=";
npmBuildScript = "prod";
}
+ "/lib/node_modules/musare-frontend/build";
in {
services.caddy.virtualHosts."music.gasdev.fr".extraConfig = ''
root * ${musare-frontend}
file_server
@websockets {
path /backend/*
}
reverse_proxy @websockets localhost:32483
handle_path /backend/* {
reverse_proxy localhost:32483
}
'';
sops.secrets."musare/APP_SECRET".owner = "root";
sops.secrets."musare/YOUTUBE_API_KEY".owner = "root";
sops.secrets."musare/SPOTIFY_CLIENT_ID".owner = "root";
sops.secrets."musare/SPOTIFY_CLIENT_SECRET".owner = "root";
sops.secrets."musare/MONGO_USER_USERNAME".owner = "root";
sops.secrets."musare/MONGO_USER_PASSWORD".owner = "root";
sops.secrets."musare/MONGO_ROOT_PASSWORD".owner = "root";
sops.secrets."musare/REDIS_PASSWORD".owner = "root";
sops.templates."musare/.env" = {
content = ''
MONGO_USER_USERNAME=${config.sops.placeholder."musare/MONGO_USER_USERNAME"}
MONGO_USER_PASSWORD=${config.sops.placeholder."musare/MONGO_USER_PASSWORD"}
MONGO_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
MONGO_INITDB_ROOT_PASSWORD=${config.sops.placeholder."musare/MONGO_ROOT_PASSWORD"}
MONGO_INITDB_ROOT_USERNAME=admin
MONGO_INITDB_DATABASE=musare
REDIS_PASSWORD=meh_not_important
'';
owner = "root";
};
sops.templates."musare/config.json" = {
content = ''
{
"configVersion": 12,
"migration": false,
"secret": "${config.sops.placeholder."musare/APP_SECRET"}",
"port": 8080,
"url": {
"host": "music.gasdev.fr",
"secure": true
},
"apis": {
"youtube": {
"key": "${config.sops.placeholder."musare/YOUTUBE_API_KEY"}"
},
"spotify": {
"clientId": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_ID"}",
"clientSecret": "${config.sops.placeholder."musare/SPOTIFY_CLIENT_SECRET"}"
}
},
"mongo": {
"host": "musare-mongo"
},
"redis": {
"url": "redis://musare-redis:6379/0"
}
}
'';
};
virtualisation.oci-containers.containers = {
musare-backend = {
image = "localhost/musare:backend";
imageFile = pkgs.dockerTools.buildImage {
name = "musare";
tag = "backend";
copyToRoot = pkgs.buildEnv {
name = "musare-backend-env";
paths = with pkgs; [
nodejs_18
curl
bash
];
};
config = {
Cmd = ["node" "--es-module-specifier-resolution=node" "/opt/app/index.js"];
};
};
autoStart = true;
volumes = [
"${musare-backend}:/opt/app/"
"${config.sops.templates."musare/config.json".path}:/opt/app/config/local.json"
];
ports = [
"32483:8080"
];
workdir = "/opt/app";
environment = {
NODE_TLS_REJECT_UNAUTHORIZED = "0";
};
environmentFiles = [
config.sops.templates."musare/.env".path
];
dependsOn = ["musare-mongo" "musare-redis"];
};
musare-mongo = {
image = "docker.io/mongo:latest";
autoStart = true;
volumes = [
"${musare}/tools/docker/setup-mongo.sh:/docker-entrypoint-initdb.d/setup-mongo.sh"
"musare-mongodb:/data/db"
];
environmentFiles = [
config.sops.templates."musare/.env".path
];
};
musare-redis = {
image = "docker.io/redis:7";
autoStart = true;
cmd = ["--notify-keyspace-events" "Ex" "--requirepass" "meh_not_important" "--appendonly" "yes"];
volumes = [
"musare-redis:/data"
];
environmentFiles = [
config.sops.templates."musare/.env".path
];
};
};
}

View file

@ -1,49 +0,0 @@
{
config,
lib,
...
}: {
sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline";
sops.secrets."outline/SMTP_PASSWORD".owner = "outline";
sops.secrets."outline/S3_SECRET_KEY".owner = "outline";
services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:7143
'';
services.outline = {
enable = true;
port = 7143;
publicUrl = "https://outline.gasdev.fr";
forceHttps = false;
oidcAuthentication = {
authUrl = "https://auth.gasdev.fr/api/oidc/authorization";
userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo";
tokenUrl = "https://auth.gasdev.fr/api/oidc/token";
displayName = "Authelia";
clientId = "outline";
clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path;
scopes = ["openid" "offline_access" "profile" "email"];
};
smtp = {
host = "mail.gasdev.fr";
port = 465;
username = "postmaster";
passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path;
fromEmail = "outline@gasdev.fr";
replyEmail = "no-reply@gasdev.fr";
};
storage = {
storageType = "local";
localRootDir = "/var/lib/outline/data";
};
};
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"outline"
];
}

View file

@ -100,7 +100,6 @@
penpot-postgres = {
image = "docker.io/postgres:15";
autoStart = true;
ports = [];
volumes = [
"penpot_postgres:/var/lib/postgresql/data"
];

View file

@ -1,147 +0,0 @@
{config, ...}: let
domain = "gasdev.fr";
in {
sops.secrets."stalwart-mail/ADMIN_SECRET".owner = "stalwart-mail";
sops.secrets."stalwart-mail/ACME_SECRET".owner = "stalwart-mail";
services.caddy.virtualHosts."mailadmin.${domain}" = {
extraConfig = ''
reverse_proxy http://127.0.01:40312
'';
};
services.caddy.virtualHosts."mail.${domain}" = {
extraConfig = ''
reverse_proxy http://127.0.01:8080
'';
serverAliases = [
"mta-sts.${domain}"
"autoconfig.${domain}"
"autodiscover.${domain}"
"${domain}"
];
};
networking.firewall.allowedTCPPorts = [25 465 587 993];
services.stalwart-mail = {
enable = true;
settings = {
server = {
hostname = "mail.${domain}";
tls = {
enable = true;
implicit = true;
};
listener = {
smtp = {
protocol = "smtp";
bind = "[::]:25";
};
submissions = {
bind = "[::]:465";
protocol = "smtp";
tls.implicit = true;
};
imaps = {
bind = "[::]:993";
protocol = "imap";
tls.implicit = true;
};
jmap = {
bind = "[::]:8080";
protocol = "http";
tls.implicit = false;
};
management = {
bind = ["127.0.0.1:40312"];
protocol = "http";
};
};
};
lookup.default = {
hostname = "mail.${domain}";
domain = "${domain}";
};
certificate.default = {
default = true;
cert = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.pem}%";
private-key = "%{file:/var/lib/stalwart-mail/cert/mail.${domain}.priv.pem}%";
};
session.auth = {
mechanisms = "[plain, login]";
};
directory."imap".lookup.domains = ["${domain}"];
storage = {
data = "rocksdb";
fts = "rocksdb";
blob = "rocksdb";
lookup = "rocksdb";
directory = "internal";
};
store."rocksdb" = {
type = "rocksdb";
path = "%{env:STALWART_PATH}%/data";
compression = "lz4";
};
directory."internal" = {
type = "internal";
store = "rocksdb";
};
tracer."stdout" = {
type = "stdout";
level = "info";
ansi = false;
enable = true;
};
tracer."journal" = {
type = "journal";
level = "info";
enable = true;
};
authentication."fallback-admin" = {
user = "admin";
secret = "%{file:${config.sops.secrets."stalwart-mail/ADMIN_SECRET".path}}%";
};
};
};
systemd.services.stalwart-mail = {
environment = {
STALWART_PATH = "/var/lib/stalwart-mail";
};
serviceConfig = {
StateDirectory = "stalwart-mail";
StateDirectoryMode = "0740";
};
};
systemd.timers."stalwart-mail-update-certs" = {
wantedBy = ["timers.target"];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
Unit = "stalwart-mail-update-certs.service";
};
};
systemd.services."stalwart-mail-update-certs" = {
script = ''
set -eu
CADDY_CERT_DIR="/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.${domain}"
STALWART_CERT_DIR="/var/lib/stalwart-mail/cert"
mkdir -p "''\${CADDY_CERT_DIR}"
mkdir -p "''\${STALWART_CERT_DIR}"
cat "''\${CADDY_CERT_DIR}/mail.${domain}.crt" > "''\${STALWART_CERT_DIR}/mail.${domain}.pem"
cat "''\${CADDY_CERT_DIR}/mail.${domain}.key" > "''\${STALWART_CERT_DIR}/mail.${domain}.priv.pem"
chown -R stalwart-mail:stalwart-mail "''\${STALWART_CERT_DIR}"
chmod -R 0700 "''\${STALWART_CERT_DIR}"
'';
serviceConfig = {
Type = "oneshot";
User = "root";
};
};
}

View file

@ -1,52 +0,0 @@
{config, ...}: {
services.caddy.virtualHosts."analytics.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:4341
'';
sops.secrets."umami/APP_SECRET".owner = "root";
sops.secrets."umami/DB_USER".owner = "root";
sops.secrets."umami/DB_PASS".owner = "root";
sops.templates."umami.env" = {
content = ''
APP_SECRET=${config.sops.placeholder."umami/APP_SECRET"}
DATABASE_URL=postgresql://${config.sops.placeholder."umami/DB_USER"}:${config.sops.placeholder."umami/DB_PASS"}@umami-db:5432/umami
'';
owner = "root";
};
sops.templates."umami-db.env" = {
content = ''
POSTGRES_USER=${config.sops.placeholder."umami/DB_USER"}
POSTGRES_PASSWORD=${config.sops.placeholder."umami/DB_PASS"}
'';
owner = "root";
};
virtualisation.oci-containers.containers = {
umami = {
image = "ghcr.io/umami-software/umami:postgresql-latest";
autoStart = true;
ports = ["4341:3000"];
dependsOn = ["umami-db"];
environment = {
DATABASE_TYPE = "postgresql";
};
environmentFiles = [
config.sops.templates."umami.env".path
];
};
umami-db = {
image = "docker.io/postgres:15-alpine";
autoStart = true;
environment = {
POSTGRES_DB = "umami";
};
environmentFiles = [
config.sops.templates."umami-db.env".path
];
volumes = [
"umami-db-data:/var/lib/postgresql/data"
];
};
};
}

View file

@ -8,11 +8,7 @@
image = "docker.io/louislam/uptime-kuma:1";
autoStart = true;
ports = ["127.0.0.1:3001:3001"];
volumes = [
"uptime-kuma:/app/data"
# For container monitoring
"/var/run/podman/podman.sock:/var/run/podman/podman.sock"
];
volumes = ["uptime-kuma:/app/data"];
};
};
}

View file

@ -1,35 +0,0 @@
{config, ...}: {
sops.secrets."webdav/USER_PASSWORD".owner = "${config.services.webdav.user}";
sops.templates."webdav.env" = {
content = ''
USER_PASSWORD=${config.sops.placeholder."webdav/USER_PASSWORD"}
'';
owner = "${config.services.webdav.user}";
};
services.caddy.virtualHosts."webdav.gasdev.fr".extraConfig = ''
reverse_proxy http://127.0.0.1:6065
'';
services.webdav = {
enable = true;
environmentFile = config.sops.templates."webdav.env".path;
settings = {
address = "0.0.0.0";
port = 6065;
tls = false;
behindProxy = true;
directory = "/var/lib/webdav";
debug = true;
users = [
{
username = "gaspard";
password = "{env}USER_PASSWORD";
permissions = "CRUD";
}
];
};
};
systemd.services.webdav.serviceConfig.StateDirectory = "webdav";
systemd.services.webdav.serviceConfig.StateDirectoryMode = "0740";
}

View file

@ -51,11 +51,6 @@
publicKey = "cpBhnLD4u5brDZsc2uqXVlelApCIXFdRnfJXJU1WDmM=";
allowedIPs = ["10.8.0.11/32"];
}
{
# pi4
publicKey = "F9AkCI0FGkrFhCq+SvCT1F2RG2ApNUy+SeIj1+VPtXI=";
allowedIPs = ["10.8.0.31/32"];
}
];
};
};

View file

@ -2,7 +2,7 @@
# Start DE if on tty1
if [ "$(tty)" = /dev/tty1 ]; then
exec Hyprland-wrapper
exec Hyprland
fi
# Start DE if on tty1

View file

@ -12,7 +12,5 @@
home.packages = [
pkgs.starship
pkgs.zoxide
pkgs.tree
pkgs.lsd
];
}

View file

@ -1,4 +1,3 @@
[general]
live_config_reload = true
[bell]

View file

@ -1,13 +1,18 @@
{pkgs, ...}: {
{
config,
pkgs,
...
} : {
home.file = {
".config/alacritty/alacritty.toml".source = ./alacritty.toml;
};
home.packages = with pkgs; [
alacritty
fira-code-nerdfont
fira-code-symbols
home.packages = [
pkgs.alacritty
pkgs.fira-code-nerdfont
];
fonts.fontconfig.enable = true;
}

View file

@ -1,20 +0,0 @@
{pkgs, ...}: {
home.packages = [pkgs.dconf];
dconf.settings = {
"org/gnome/desktop/interface" = {
color-scheme = "prefer-light";
};
};
gtk = {
enable = true;
theme = {
package = pkgs.whitesur-gtk-theme;
name = "WhiteSur-Dark-solid-nord";
};
iconTheme = {
package = pkgs.whitesur-icon-theme;
name = "WhiteSur";
};
};
}

View file

@ -1,13 +1,4 @@
{...}: {
imports = [
../shell
../term
../editor
../de
../gaming
../themes/pomme.nix
];
home.username = "gaspard";
home.homeDirectory = "/home/gaspard";
home.stateVersion = "24.05";
@ -15,14 +6,10 @@
programs.home-manager.enable = true;
programs.direnv.enable = true;
xdg.mimeApps = {
enable = true;
defaultApplications = {
"text/html" = "firefox.desktop";
"x-scheme-handler/http" = "firefox.desktop";
"x-scheme-handler/https" = "firefox.desktop";
"x-scheme-handler/about" = "firefox.desktop";
"x-scheme-handler/unknown" = "firefox.desktop";
};
};
imports = [
../shell
../term
../editor
../de
];
}