lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Actions Packages Projects 2 Releases Wiki Activity

Compare commits

base: lelgenio:main
Branches Tags
lelgenio:main
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:niri
lelgenio:gnome
lelgenio:hyprland
..
compare: lelgenio:refactor
Branches Tags
lelgenio:main
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:niri
lelgenio:gnome
lelgenio:hyprland

No commits in common. "main" and "refactor" have entirely different histories.
main ... refactor

39 changed files with 156 additions and 592 deletions
Show stats Expand all files Collapse all files

28
.sops.yaml
View file

@ -1,28 +0,0 @@
keys:
- &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
- &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
- &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
- &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *lelgenio-gpg
age:
- *lelgenio-ssh
- *monolith-ssh
- path_regex: secrets/monolith/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *lelgenio-gpg
age:
- *lelgenio-ssh
- *monolith-ssh
- path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini)$
key_groups:
- pgp:
- *lelgenio-gpg
age:
- *lelgenio-ssh
- *phantom-ssh

92
flake.lock
View file

@ -73,22 +73,6 @@
"url": "https://git.lelgenio.com/lelgenio/catboy-spinner"
}
},
"contador-da-viagem": {
"flake": false,
"locked": {
"lastModified": 1742610036,
"narHash": "sha256-sY1iheemazmIVJAnoFtut6cN7HX/C5OMDY54UrmCoqE=",
"ref": "refs/heads/main",
"rev": "efe5ac4a16de7f78824ac89dc987ef635afa5267",
"revCount": 4,
"type": "git",
"url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
},
"original": {
"type": "git",
"url": "https://git.lelgenio.com/lelgenio/contador-da-viagem"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat",
@ -225,11 +209,11 @@
]
},
"locked": {
"lastModified": 1741786315,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"lastModified": 1740485968,
"narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"owner": "nix-community",
"repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"type": "github"
},
"original": {
@ -243,11 +227,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1742179690,
"narHash": "sha256-s/q3OWRe5m7kwDcAs1BhJEj6aHc5bsBxRnLP7DM77xE=",
"lastModified": 1739502527,
"narHash": "sha256-KMLNOCWmqdDeAZV5O1ccRmVqRutDcy4IONJin3lzd0Q=",
"owner": "lelgenio",
"repo": "dzgui-nix",
"rev": "a6d68720c932ac26d549b24f17c776bd2aeb73b4",
"rev": "06fcea9445b5a005b40469a69f57f2147398bc94",
"type": "github"
},
"original": {
@ -456,11 +440,11 @@
]
},
"locked": {
"lastModified": 1742655702,
"narHash": "sha256-jbqlw4sPArFtNtA1s3kLg7/A4fzP4GLk9bGbtUJg0JQ=",
"lastModified": 1739757849,
"narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0948aeedc296f964140d9429223c7e4a0702a1ff",
"rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe",
"type": "github"
},
"original": {
@ -497,11 +481,11 @@
]
},
"locked": {
"lastModified": 1742701275,
"narHash": "sha256-AulwPVrS9859t+eJ61v24wH/nfBEIDSXYxlRo3fL/SA=",
"lastModified": 1740281615,
"narHash": "sha256-dZWcbAQ1sF8oVv+zjSKkPVY0ebwENQEkz5vc6muXbKY=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "36dc43cb50d5d20f90a28d53abb33a32b0a2aae6",
"rev": "465792533d03e6bb9dc849d58ab9d5e31fac9023",
"type": "github"
},
"original": {
@ -520,11 +504,11 @@
"nixpkgs-24_11": "nixpkgs-24_11"
},
"locked": {
"lastModified": 1742413977,
"narHash": "sha256-NkhM9GVu3HL+MiXtGD0TjuPCQ4GFVJPBZ8KyI2cFDGU=",
"lastModified": 1740437053,
"narHash": "sha256-exPTta4qI1ka9sk+jPcLogGffJ1OVXnAsTRqpeAXeNw=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
"rev": "b4fbffe79c00f19be94b86b4144ff67541613659",
"rev": "c8ec4d5e432f5df4838eacd39c11828d23ce66ec",
"type": "gitlab"
},
"original": {
@ -567,11 +551,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1743095683,
"narHash": "sha256-gWd4urRoLRe8GLVC/3rYRae1h+xfQzt09xOfb0PaHSk=",
"lastModified": 1740367490,
"narHash": "sha256-WGaHVAjcrv+Cun7zPlI41SerRtfknGQap281+AakSAw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5e5402ecbcb27af32284d4a62553c019a3a49ea6",
"rev": "0196c0175e9191c474c26ab5548db27ef5d34b05",
"type": "github"
},
"original": {
@ -628,11 +612,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1742937945,
"narHash": "sha256-lWc+79eZRyvHp/SqMhHTMzZVhpxkRvthsP1Qx6UCq0E=",
"lastModified": 1740339700,
"narHash": "sha256-cbrw7EgQhcdFnu6iS3vane53bEagZQy/xyIkDWpCgVE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d02d88f8de5b882ccdde0465d8fa2db3aa1169f7",
"rev": "04ef94c4c1582fd485bbfdb8c4a8ba250e359195",
"type": "github"
},
"original": {
@ -725,7 +709,6 @@
"inputs": {
"agenix": "agenix",
"catboy-spinner": "catboy-spinner",
"contador-da-viagem": "contador-da-viagem",
"demoji": "demoji",
"dhist": "dhist",
"disko": "disko",
@ -739,7 +722,6 @@
"nixpkgs-unstable": "nixpkgs-unstable",
"plymouth-themes": "plymouth-themes",
"ranger-icons": "ranger-icons",
"sops-nix": "sops-nix",
"tlauncher": "tlauncher",
"tomater": "tomater",
"treefmt-nix": "treefmt-nix",
@ -793,26 +775,6 @@
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1742700801,
"narHash": "sha256-ZGlpUDsuBdeZeTNgoMv+aw0ByXT2J3wkYw9kJwkAS4M=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "67566fe68a8bed2a7b1175fdfb0697ed22ae8852",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -960,11 +922,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1743081648,
"narHash": "sha256-WRAylyYptt6OX5eCEBWyTwOEqEtD6zt33rlUkr6u3cE=",
"lastModified": 1739829690,
"narHash": "sha256-mL1szCeIsjh6Khn3nH2cYtwO5YXG6gBiTw1A30iGeDU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "29a3d7b768c70addce17af0869f6e2bd8f5be4b7",
"rev": "3d0579f5cc93436052d94b73925b48973a104204",
"type": "github"
},
"original": {
@ -975,11 +937,11 @@
},
"vpsadminos": {
"locked": {
"lastModified": 1743047409,
"narHash": "sha256-WTUW2GZqHknVwEbzF/TeX2eg52414gfl6hXloDDwEsQ=",
"lastModified": 1740082937,
"narHash": "sha256-HcTWGIzG2leM0gZabg9lkY7iLwvAe49lqXEzez/Rp/s=",
"owner": "vpsfreecz",
"repo": "vpsadminos",
"rev": "cf9324b9ff855172bd9de8aa3b8215071c4a0c6f",
"rev": "521427c69173bc443de940ba88d4f58d5fa8d8e2",
"type": "github"
},
"original": {

13
flake.nix
View file

@ -26,11 +26,6 @@
inputs.home-manager.follows = "home-manager";
};
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-mailserver = {
url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";
inputs.nixpkgs.follows = "nixpkgs";
@ -56,10 +51,6 @@
wl-crosshair.url = "github:lelgenio/wl-crosshair";
warthunder-leak-counter.url = "git+https://git.lelgenio.com/lelgenio/warthunder-leak-counter";
made-you-look.url = "git+https://git.lelgenio.com/lelgenio/made-you-look";
contador-da-viagem = {
url = "git+https://git.lelgenio.com/lelgenio/contador-da-viagem";
flake = false;
};
catboy-spinner = {
url = "git+https://git.lelgenio.com/lelgenio/catboy-spinner";
flake = false;
@ -105,12 +96,10 @@
{ nixpkgs.pkgs = pkgs; }
./system/configuration.nix
./system/secrets.nix
./system/sops.nix
./system/greetd.nix
{ login-manager.greetd.enable = desktop == "sway"; }
inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.disko.nixosModules.disko
(
@ -150,7 +139,6 @@
modules = [
./hosts/monolith
./system/monolith-gitlab-runner.nix
./system/monolith-bitbucket-runner.nix
./system/monolith-forgejo-runner.nix
./system/nix-serve.nix
] ++ common_modules;
@ -159,6 +147,7 @@
inherit system specialArgs;
modules = [
./hosts/double-rainbow.nix
./system/rainbow-gitlab-runner.nix
] ++ common_modules;
};
pixie = lib.nixosSystem {

2
hosts/double-rainbow.nix
View file

@ -19,8 +19,6 @@ in
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
my.nix-ld.enable = true;
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"

3
hosts/monolith/amdgpu.nix
View file

@ -14,11 +14,12 @@ in
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelParams = [
"video=DP-1:1920x1080@144"
"amdgpu.ppfeaturemask=0xfffd7fff" # enable undervolting
];
systemd.services.amd-fan-control = {
script = ''
${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 90 0 80
${lib.getExe pkgs.amd-fan-control} /sys/class/drm/card1/device 60 85
'';
serviceConfig = {
Restart = "always";

1
hosts/monolith/default.nix
View file

@ -42,7 +42,6 @@ in
};
my.gaming.enable = true;
my.nix-ld.enable = true;
boot.extraModulePackages = with config.boot.kernelPackages; [ zenpower ];

3
hosts/monolith/factorio-server.nix
View file

@ -23,12 +23,11 @@
systemd.services.factorio-backup-save = {
description = "Backup factorio saves";
script = ''
FILENAME="space-age-$(date --iso=seconds | tr ':' '_').zip"
${lib.getExe pkgs.rsync} \
-av \
--chown=lelgenio \
/var/lib/factorio/saves/default.zip \
~lelgenio/Documentos/GameSaves/factorio_saves/$FILENAME
~lelgenio/Documentos/GameSaves/factorio_saves/space-age-$(date --iso=seconds).zip
'';
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];

13
hosts/phantom/default.nix
View file

@ -2,16 +2,12 @@
config,
pkgs,
inputs,
lib,
...
}:
{
imports = [
inputs.vpsadminos.nixosConfigurations.container
inputs.agenix.nixosModules.default
inputs.sops-nix.nixosModules.default
../../system/sops.nix
../../system/nix.nix
./hardware-config.nix
./mastodon.nix
@ -61,15 +57,6 @@
identityPaths = [ "/root/.ssh/id_rsa" ];
};
sops = {
secrets.hello = { };
defaultSopsFile = lib.mkForce ../../secrets/phantom/default.yaml;
};
environment.etc."teste-sops" = {
text = config.sops.secrets.hello.path;
};
virtualisation.docker = {
enable = true;
daemon.settings = {

5
hosts/phantom/goofs.nix
View file

@ -43,9 +43,4 @@
forceSSL = true;
root = inputs.hello-fonts;
};
services.nginx.virtualHosts."contador-da-viagem.lelgenio.com" = {
enableACME = true;
forceSSL = true;
root = inputs.contador-da-viagem;
};
}

2
hosts/phantom/hardware-config.nix
View file

@ -5,7 +5,7 @@
options = [ "nofail" ];
};
fileSystems."/var/lib/mastodon" = {
device = "172.16.131.19:/nas/5749/mastodon";
device = "172.16.130.7:/nas/5749/mastodon";
fsType = "nfs";
options = [ "nofail" ];
};

4
pkgs/factorio-headless/default.nix
View file

@ -1,10 +1,10 @@
{ factorio-headless, pkgs }:
factorio-headless.overrideAttrs (_: rec {
version = "2.0.39";
version = "2.0.28";
src = pkgs.fetchurl {
name = "factorio_headless_x64-${version}.tar.xz";
url = "https://www.factorio.com/get-download/${version}/headless/linux64";
hash = "sha256-D4o9DkN5e1/02LhdfDNLCVo/B9mqf4Cx6H+Uk5qT3zQ=";
hash = "sha256-6pk3tq3HoY4XpOHmSZLsOJQHSXs25oKAuxT83UyITdM=";
};
})

33
scripts/amd-fan-control
View file

@ -39,31 +39,10 @@ if [ -z "$TEMP_MAX" ];then
bail "No maximum temperature provided"
fi
PWM_MIN_PCT="$4"
PWM_MAX_PCT="$5"
if [ -z "$PWM_MIN_PCT" ];then
bail "No minimum fan speed % not provided"
fi
if [ -z "$PWM_MAX_PCT" ];then
bail "No maximum fan speed % not provided"
fi
PWM_MIN="$(( $PWM_MIN_PCT * 255 / 100))"
PWM_MAX="$(( $PWM_MAX_PCT * 255 / 100))"
PWM_MIN=0
PWM_MAX=255
echo "Running..." >&2
echo "TEMP_MIN=$TEMP_MIN°C"
echo "TEMP_MAX=$TEMP_MAX°C"
echo "FAN_MIN=$PWM_MIN_PCT%"
echo "FAN_MAX=$PWM_MAX_PCT%"
echo 1 > "$HWMON/pwm1_enable"
PREV=0
while true; do
TEMPERATURE_RAW=$(cat "$TEMP_INPUT")
TEMPERATURE="$(( $TEMPERATURE_RAW / 1000 ))"
@ -76,11 +55,7 @@ while true; do
PWM=$PWM_MIN
fi
AVG="$(( ($PWM * 20 + $PREV * 80) / 100 ))"
echo "$AVG"
echo "$AVG" > "$HWMON/pwm1"
PREV="$AVG"
echo 1 > "$HWMON/pwm1_enable"
echo "$PWM" > "$HWMON/pwm1"
sleep .1s
done

55
secrets/monolith/default.yaml
View file

@ -1,55 +0,0 @@
forgejo-runners:
git.lelgenio.com-default: ENC[AES256_GCM,data:sEfpBZvgQUkyXPWY4RI0RPJWUbsYK/RGqiYJ5wDSVY9a0EYenyt96QYq6815evq2iQ==,iv:rSWnCOdhfKH4TM9R0/IParYd9laYhWxR+iUhgkVvqfc=,tag:mBcSH/oGDMBgBScvCdn3Zg==,type:str]
gitlab-runners:
thoreb-telemetria-nix: ENC[AES256_GCM,data:zrZvG4be08ulpo7itbrprKK5csCMLvzZjrszfMw1XiJP0FyRTUd9nHgHpbAzbjj2KyT7kKngoZAyengvaTEhkT9sUi1pdGnvajAH8BDDOD0g4LJIHFl4,iv:3bSsTzU7gHx+MchuPg9kmb5xEDugmGPje8Jw74NpRJI=,tag:zffRr77lWbyLt7o/mywb5A==,type:str]
thoreb-itinerario-nix: ENC[AES256_GCM,data:UdAAD0V895sFoEYR56sCG2LlpZugJ0K/nwkTygzWOnbTSmBRAcIQ8qVFPZGw+K+XMSLiCyio6Jp7k8AYP0K1VYm+6aEP3OkqR9FCLQTJgXo=,iv:UGUby50BYkn13OzItk6zZmxc5+SnbZZa4bebQHIow2A=,tag:LjDg3deWwdH2T71EtPo6jA==,type:str]
docker-images-token: ENC[AES256_GCM,data:GGB/KSkjdAyhFKEspAh91ItbqEDf7K/LZSGSn+Jp7SxRfXpDzHIiMD8XJ9PTkGLeQGN4ug1i2nTYPS7d/P5OALWDU+1NPiV9nPdG0w7GERfu4g==,iv:6roabdOKX9xFMf0hWlECd73+943R+hFLos0e2dOpzns=,tag:LrASFc4DtN7aQ+3oOW/p/w==,type:str]
bitbucket-runners:
wopus-runner-1: ENC[AES256_GCM,data:gtH0T5n8qMYpvSv5ciN8+ScGlFDf9xE0FTxNP97vT/qsOCcaItTE+5P+DFcWw46onLED+1c+u0sArFbEsT3f8lyco9b+0l99uOQAxLZQzAXYH8zGye1UnwUtytkci2PHu5c8kTpIWHXyZ1IOYNGWkermeab57ANzOkM1LbkHyAjS6VTh0I60LfAOdHOw5FDFL8d1d9oWxLloOe9USLPqHjC023EpCUT2YuyHoPCTpBu8Kb/2HfV0wkAKaB3dvVrKwXCj+bfP6+bjQ3uMzVO/7jxPmnSGBfvyZ+Hlg5goJ6bSAqQWmnPPnQ96FgQfe8su5ML9qNIp9/7eNiL6Rv6Vhxe0hHbE5wsZ/58grcg/LrugeWJvUJ9THhwcTwO8Pkvwlq0XM9seUY2NV+LCK3bLQ4IWDjWkU1IHg6+nihTcvl1iD6UIGMgqGoB/v05WVzHb+GcE2fFuSuhVHfa5RMyboELOJoFrqZiXGhY=,iv:ZakLafxYQCDd1Zw8T83Xfj+YwAQKna9LC6ognJqtifA=,tag:bwBObfdMIvJfRrOG04NtxA==,type:str]
wopus-runner-2: ENC[AES256_GCM,data:gg8merZMFbf396hdJY7zmKQndT3GzB7NeGZAs3C0au8Zd7OFAg9vcQcFcxNA3kZGJZqmFTR/ycWJwhYr9fhlfFuPhDynVvgJAqoYtvC2MUDiOMD/d3DlfwFjQ6cOGTrvFuY1kkgSFb4OFdrVC1eiTDrGygFmYnYcqTKn/t5Ttqi+cHZNzFzVzdVLvaLCYxltM5g45zn+fXYxYwCfqyb32/M1XTnnwIGiataGxEX5oWhVV4zqeLO4ZIYPSby5AVvIMJ/zqvqaeVVY52GLDcTKrj3thbZxMQLWN3/lOA0uYhi3L/WM8Gx+JMEIbSICcuT7QXu4w4PA+opcx9GnsMCK2/egzS+cNPJ4vGZCdVD/jh6A9zVEJAgXdsHXNXFHmMPt7DcgrCQiub62og4kBY4G/Rcg4UN7sb3v3qyBpGbCGHGRjCFc+wdHpom0yDOG2cwcqfN49pC2R7Ag2BisFQ/5A+DPmKnvGG3kt9s=,iv:5g5XiDecYqi4JNRkZubgPJECBQdZ6rBeojgFe6Etebk=,tag:HRy5bFSbfxKTb5e13lGtgg==,type:str]
wopus-runner-3: ENC[AES256_GCM,data:f9pLYR8t51HtPpLyXysIVaDAhxDrmktJH93E7rb7imtKwK7hRhR8usnvHTcknLfD7BMvStAIYefdGt19u7PrQu6vqc19bEcNbnK5OH4KBP6+X47oMgBYtbIGXH+t3dSDt22fSIoppTwdX7/Kf4vqesfN8K7EunETvFR86oyyKdy15mvXr0XUO4us4HZjnIOBEnOm1P/V8hk5JcCpRuo+8ZYmBe5gzq5pTnqnYlPE1EovM7eDMg72J7ev07h50qvySrAqmNiqDcXfTPQ2TzuHx3XxAYqFybf1L6P9OnLB6RDAlpoFJ0h8dSg2tzC2+amYsBP0UIBK/ZhWvvAjpX+MZrTASjenh/tefDcNdbsXDOr7A4i/261z4rC0r+97INglCN1N/SZg51iBHiRAVV1zibDLfioR5+eBIykWAtjILMoYU+zOcr0E8K0I9jQGMtpnYmvHJqV0DVcdfZpJptrPUUy+lQ/iZVcPpLs=,iv:grzvVsfpUzywjNE4jvTxXKG3TYajrvSsQgfOgtafvIo=,tag:K1B6crN0ckLk0EYBtGHDkw==,type:str]
wopus-runner-4: ENC[AES256_GCM,data:D1Zq0BtPuACnutAbUcj3gYSMLuIZcMuqc/1mEFmitEG0tBFMWhkabS+8lXcp8sb1DM0LTDMEwgMB9FVyFb670MKQNEncqQtaNJtY1BxS3SolovDAM/I+i6YGvd4X8jX99d+7ZNR6xGBWJ/dW8rz4QnIM8Eh3FDOqaFa/ltfyPKP9IZ2uZi67C/n8Q/OSdgMQkt+QxhgJfSghE1iruPwxyGlqv+E4SZNI/fQQMjX0Lh7z02ms58yyMtjO71YbukV/JXFRsdJrqY2wfH/6NlZbsKideoSxluBRVqmbW6KQd7dUT819KbOSu9CFdgThtVCU8qiv3jbAbn8D5xRy4AAOEfSqRLXJoj7otCqr47R/8+0BdS3aztFBjL3lDmprMWZ4+LD55fvczfpxUF9ox1mhcjIvCvZJJL06XsST1XRXa7i2fr4/a/XhCmQgIzar5IYxSC9OjuHp6jLsTaY3ZUgid5W1L1n8uWSmA98=,iv:O9caRG//brERiIhuMrsFdTz6TnPY0rdQnvHEu0P42yM=,tag:hrmwLX/CRhZfammJ2nfTPw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlaFFtOHRBNjZqOXJOV1Bk
SXRhZTdNWklKaTZST2JhU3VFLzBGSWY0QlMwCldwS1hhMDEyZDAxWUlRRXZtTWts
Ti9IOUR2OFdGYkJ4cFRsV0lkbWJvb1EKLS0tIEJUS1ZCZ1M4ZUs5cDhiam5JaEk1
U1VjNFprNHZWeDhwU3owRXh0MlBFYkUKHPgxz9/w3+JEtOljfyWBPSshfFlVWVys
f15yxlAeWIZVEGqoau7DegVdZiYYIJR2dFBXV1RkKbAwLrbUxAQidg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OWk0cTJ4d25Qd0hrdkFD
a2Fzd1lrMDREclkvRmxUSjFpYXZvRGs2Rm13Cm5aRVZDWE5ZUVR1K2hkZkdKWjYw
K3lKNndBNGFveGVGVWplaHA0MVlYUG8KLS0tIFlVeXhCTGJGUm1HK2RCSFg1RnI3
aFVxcDFhaGdYekRWRVFIWnRsZndtZFkKgsvxOFHOcO306Z9FkucA1fDOpZA8N1/h
jYmIgcKTFgWoSCvux67lK30jFsYp7sm5z6WxxDYsGcoQ/+pxoUX2jQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-07T21:28:04Z"
mac: ENC[AES256_GCM,data:4lOafZQ6PP38CByulzA/J86sw+TpQhj40s1lTRXqUtpt72yH8nQK8dXpw0dNYvDBtDpKRvNTHZubzalEua6n2lCQL7rsZ2+fo6FJ4ht2Kb70dddDcWEyrfyZQ2FaKC5L/QjqM0SbIfPszNvyQ8wIaOoMfNJBis5QOjRSGDAcJm8=,iv:LLT0oJW+3KNe1nKphCK0c5FPIuh8GfnDrvNDCFhP4NM=,tag:rPbVY7L1qxNc3aCfv77FAg==,type:str]
pgp:
- created_at: "2025-03-07T22:49:16Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAzy6JxafzLr5AQgAjwQqdeESOfrOuCjfjALdoy3AnNYC+slusdlra58CoRu6
YFDAivwPHJBRiuVy43Lo7SWnKXMKvLOry589GBY3JGjNV5U1cPWBhMlTubYZmZWl
iel8Bvw4IF5JksMIvLFdDgexLN7wETzzZP9S8750BCgpSrncrw1k/dUedhv5HUjo
N10x6BPjPSmgolA8uxsISHLAUrKcQoeaWvcZFU1ofKywq08HgIySphy6z3Gmv3Qs
86saZp1rFm5+qHkrDRgL6Oe3Xx30jVkzn9MHPWzZCDPCEvYGJgXX34NGzbX+/nd3
JB9XkT2YTFi4BLhdHY3EE7e9//PJc5G9RVDZyAF1e9JeAXH2yR5blXbogoy+VMnS
Yn74Uvs+fnYFTDOiuequro5i0uAyxtrCx8fdfwjuh+9SC5p3N2cBv2eT7zLQwQHi
czHlwxmpi/dMB/u83fR4FzuCUt98VXiezIC4yGn25g==
=Yqqx
-----END PGP MESSAGE-----
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
unencrypted_suffix: _unencrypted
version: 3.9.4-unstable

54
secrets/phantom/default.yaml
View file

@ -1,54 +0,0 @@
hello: ENC[AES256_GCM,data:UJAAdOL7wzQ1LduTyW+XK2NtXyw/u/Yz28Bmd7OoBe41FVLKwVfvdI1nAwYuNQ==,iv:7kPT2HF5T498bUJ9hUlz5Ez/jn1g7YIUVbJOTW/CHhQ=,tag:KJhJPg8AStyW4roEbEUJ2g==,type:str]
example_key: ENC[AES256_GCM,data:DcLN+C1BQ6WZg5fRiA==,iv:JC3GTWn4a4RekAHdOQB3YV5+eGa4cUK1JjyTPe8eNHY=,tag:W9CV4rsgHuXyqpWpUxlIQg==,type:str]
#ENC[AES256_GCM,data:RjdYJNz6qGfbsU/AiBeLlQ==,iv:LjRzSjBXp44cGSqUUfRDNLC9cW4Vd7lfsqDWINt31VA=,tag:NzVm1h9CVKE2XXt300aR/g==,type:comment]
example_array:
- ENC[AES256_GCM,data:K9j/t8MDibYO8Frhu1M=,iv:YnrxRnJJwTH6DJC6Bv/d1NUnX2ZPFwsjoji7L1Z+d7s=,tag:Dm7xCUlnjKdXHCuk8lwY8w==,type:str]
- ENC[AES256_GCM,data:0g6ACJzEHBtukwQYYTY=,iv:xLBJWfOYkX7Y28N01CX2+d5QOr9VGAhInH6pa1hNSGE=,tag:tCkCigo4yhi6YKVMe3Z3lQ==,type:str]
example_number: ENC[AES256_GCM,data:R+/m/QVBH9/3DA==,iv:FumBUj97ICrRQmyh5fg8Gu9Lba9oITD1pdsr1I/PCf0=,tag:hguw1gpPI3w64fG1WLnJqA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:VvI5ag==,iv:koMzyWcua75sK19vuk65oywCD61lMyH3xUwue8LTqy4=,tag:2ym1M0FTwevLm7wefTUWAw==,type:bool]
- ENC[AES256_GCM,data:lFEC/S8=,iv:cJWbnmseP/AqJzyORM+VI5y7rK8axVeh7EXoLP7mT/Q=,tag:BaS5HyecokdLCq+LzQxGkg==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpSXhsMHQvb0NyUXRkRDE3
TjVjb2orQktDMGs4U2JUS3hWdmtMdnhuYnhBCi9VU1RVblZPaW14VGxMcjM0N20z
R1pOdUJZc1ZGcjBsTnNaZGhleVR6L1kKLS0tIE5vQkFhVXd0R3ZQSzZkNmVqN1Vj
NERXdlJhVHF0NWpNT29CNlRid2NYMVUKxg7kbP6dOZDUz0uxdC45DZCAa6GQTQ1x
nIb7lvPW4xFIb0bOZuvc7cAbHjf4So+8zvA0MM4mkTmIDpnwGD5Clg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrcTJGVmZUenNwYVNjRFlU
VXNBeDdpVFVtSTN5TG9VN0Q1WjRFbjlHd0Z3CjFsU1BsNkZ1a1ZkY2lva3lBUWZ3
YUpqeEo0Tys1bDk0TEpwQTJ2U29kbjgKLS0tIFJDYWpNemY4NXZ0MkM0YWNldDBE
RU1HSUhldHpzeURaUWQvcjBCQ3pMY2cKYL87Njs4e68zu5AXKNF/hxiB3HduS8wz
o0kmGI58DZx17+Cdipw0ab9a9wiu9C9Fn+LaiCcdM/ESXtS79RzdbQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-05T22:27:18Z"
mac: ENC[AES256_GCM,data:WSopSnWZ+uOllywd7difaZtJcfxkL7eIf9Kr3GajZKO0+rP6pEHIS+5AbXZy6oKRlCLUPecY/WXFvk3//akpvvXHbf6Jp4fQ/YSuTcYKRQupbDBpOXSlc33QyRl6oEyiMOjxMxa2N2tmq8dmA0NbF9wSDMa5a4eNDoiL5T/sUZ8=,iv:QqbVRApzFF6q24rk8KfKuthj656nEczD9Si4INj+N9A=,tag:tMRNYo+u/jIQ6iX3KqKJdA==,type:str]
pgp:
- created_at: "2025-03-07T22:49:19Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAzy6JxafzLr5AQf/Zw+EB0lFpbul4KmHL3ndbhQCHzhkMgG6vEyj7EpjHQxE
nwf9kRrTcRh9YdrgR+5PFRnFJ8+L+gZhk+V/GaEPcEUyskOX/YGTSp1u6pXKGEem
TGojrIx0WwcmeCZUn+qCehbC7ZU64NDDmb7VeWnRkMbboU6UVooHUub88VsbnYw2
XXtXh4G8isrbyAKzUyypnJnEVbKlVqPOL67BYczjyBqMYc1JVLmBy6nP+sv6q/yo
QyDzlunmZtu52dwAL0L6wJF+novLr4W9cso4K5UVv2sp5M8gucuiY2obiB3vNfgO
q9GZTlMWnyDGflM1w+tzpZ/Ke+sM4dSy3cXpZd+MFNJeAaBJ1owjolb4tPUXlt+W
cJ+SFLWxzH8MsPb+Hfxrt8PPCcv67uch/k50PLYs/V/EM59+mgEJe5LY4rMbUSFw
REGL3LA6Cnkl2bUeHlfG7XlztHd/ehmZM2RPKof+Qw==
=htZl
-----END PGP MESSAGE-----
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
unencrypted_suffix: _unencrypted
version: 3.9.4-unstable

3
secrets/secrets.nix
View file

@ -2,6 +2,9 @@ let
main_ssh_public_key = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxR/w+38b2lX90yNBqhq3mUmkn1WGu6GAPhN1tVp2ZjYRJNV/+5gWCnTtOWYtDx35HmK/spQ2Qy8X9ttkzORa24fysNx1Iqn/TiXhD7eIJjbGPnrOpIKTkW5/uB3SD/P5NBSa06//BaqJU4sBlG79hoXRpod052hQtdpTVDiMCIV+iboWPKqopmJJfWdBtVnHXs9rep0htPRExxGslImFk7Z6xjcaHyCpIQZPlOGf+sGsmUU7jRqzvZFV8ucIdbnAlMHrU4pepNFhuraESyZVTa/bi9sw0iozXp5Q5+5thMebEslmT1Z771kI4sieDy+O4r8c0Sx2/VY1UAzcpq1faggc3YB01MTh+tiEC6xdMvZLrQGL1NBWjHleMyL53GU5ERluC0vXJF3Hv3BGGBDfXWbrEm5n06DHr2apRVJGC0LwiQ7Woud1X4V4X1pKSusxCVMjT2lmcOwV6YhKhB2sowJc1OdMx4+tL0UWE+YKSZgBHfolwk6ml0F4EO9nnUHc= lelgenio@i15";
in
{
"rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
main_ssh_public_key
];
"monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age".publicKeys = [
main_ssh_public_key
];

55
secrets/test.yaml
View file

@ -1,55 +0,0 @@
hello: ENC[AES256_GCM,data:ADXdQUkrnh9lDrsHyInYsPBo21u/mIAH47KhGQsxuz5OshT6CoK+89CILEi9tQ==,iv:b/rnM77z69+pVO3kxQZxI2YzTCRiBwwO5fhcwCB2/CI=,tag:A0FOXIfgIkJawV3QhlJPWQ==,type:str]
example_key: ENC[AES256_GCM,data:gXXl6hhdYNLC1Grmyw==,iv:miSL7Wdewd5zs4A86/r8OW6gK+PGZJ+gaqZRHHxvZos=,tag:Ty+IaoXdMSEThNPRjwhqTA==,type:str]
#ENC[AES256_GCM,data:FLhydTaiOqLRFk+ZrgGx9Q==,iv:TqhX2ylJKFQjdOpmwCER1+gRe4iR+I0hkVkNnYH4ESo=,tag:1BSk9TKqTma4MVUMswwmog==,type:comment]
example_array:
- ENC[AES256_GCM,data:1sIEL3xGDAygUKoodBA=,iv:1DumVv8vDvhT/K0jXM1vHdrFTE7dIxqqjS8CIpWdnc8=,tag:WSs+3a816zVOaGCTElxgFQ==,type:str]
- ENC[AES256_GCM,data:tFi1czQnVgX/nlWrJrs=,iv:isH65ldilVe3EjsKNP/dOKgtWZtHQPw364fPHBI+LEw=,tag:Ka5ywriFptKg3+lIHPEIyA==,type:str]
example_number: ENC[AES256_GCM,data:sxSM8a9oAp+u6g==,iv:KRLfIxZuBsnK+QE4mqm3pyhJmE7Fsd4ykJA++KrOnEQ=,tag:F5EkVUzw06ulr5jZvlTJdg==,type:float]
example_booleans:
- ENC[AES256_GCM,data:PDts2Q==,iv:qtfKg5gmUw2aERJe3gfT15Pk7mWocXwKdJhAzSic1o0=,tag:gn1sWsgt9ihYF8bHAkAQwQ==,type:bool]
- ENC[AES256_GCM,data:o9as7T0=,iv:YXyTB2X9PmTsOd37+BAp2xnT/+Yzyajcn5y1GE1O5rE=,tag:hyXA43jpyAbgH2hg1ivloQ==,type:bool]
sops:
shamir_threshold: 1
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvUURIQmZvSVp3aXlFT0RR
VHVBR0drN2JyV1hNUk5sakxGRXl6SEJuOUUwClQ1Q1lRZTR5R3Z4dlZyb29OaTNW
UVcwV3h6UlhtZkg2aFhrUUtIT0tQRmsKLS0tIDlnckhHWXRKcmRwTGUzdHZxWEVh
a3ZSWk0wNm1raXdMYXdKY1hDd2dZWUEK+IFU/9vsHu70XbSJ7sKqFncrZO3NAH8/
X/XF1VUmIuDfQZYJsDa4HaXe52xvDWTw3/4frG9HutEI2NcvvRpxlw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNRGxFWXJVcDZOdzVxaFJG
LzdhN3JKaFhPOVBlblRPNWpDdERPaWhDNkM0CmcvUGxNQ09tNTJndWZTdjFia2pl
RnNWQ0ZKSFhEN0FNbVZlKzlFUlh5QTgKLS0tIFkwc1pJajlyOGNHSTdaM3FQZWFK
NUJpRDlLNXlGOTNBbVRTU0ZMVkhqdUUK1koXmGDGTKoNx1wp4c9EknY9LQ5a7dQP
Zx6OzvtpsxL6KGjH7BeNNcm2zOR4YqnklLq09UsPHElz2upJQzECAQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-07T22:49:01Z"
mac: ENC[AES256_GCM,data:yma+7wtzVjCzlLOVpqiicjQ9YN1ttzoh8CpcAtjdtVl6gu7/3FXUKYyAWJd+1NUUpK7vN435gOq9/nsig0FRrn0Hgq0+cjFUGS6+6+SPmL97eFvti89gCOeIFhPvBnJQYJLiyVkUcBek4xW+vnt6UgrTy+sD9AT3KHdBlfu3pzY=,iv:ioswFO5KDAL3Bv7MI8V0aWXXxZZIz1M1PyMUbIMnCRI=,tag:5fUBtqz9J2qvY4fUT2ueoQ==,type:str]
pgp:
- created_at: "2025-03-07T22:49:20Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAzy6JxafzLr5AQf/Xok7aBMNT6W3LV2Ekx/ccxEZaZ0aVNKHE9aFTz5kBSpu
cXVohu5mEgeXr++HbrsCI821/gfchQ1yzVSLJsSrmZdJ586c3a7pWx2Eo4pcngmy
vb5UWtTBNogABnLz4iTjVQYLjZeNcNhkzW6s3m9PiaX3AvJP9irPcmwIyYpzd9pt
hngnBsdTis52fmvZ6+wOuMyTZU0Iksknom1De8xqgR5ZuO0Vitt19RGbpVhx96AC
t1CUkb5WMFTdpbCFORa/ta9Z7UcKxXTAPsfPkPVG9DnHQ1jSmsJWPDQZxoIJLHuH
SVV+qfRGndOo9fjExCInX6I5wBlrHrdpGtL7VLczV9JeAXYlMJwH63eOyi8hxxtr
KfTJEIALC25uFhoK8bmr30yVZe7thUPMXfht+R5dlHne7+FcBb4k7YLpeN/M40me
CSKk+9YaG7gQIdrfvEXlHSPCPppcKev6ZUspHewhmQ==
=IMON
-----END PGP MESSAGE-----
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
unencrypted_suffix: _unencrypted
version: 3.9.4

3
system/configuration.nix
View file

@ -1,7 +1,7 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, config, ... }:
{ pkgs, ... }:
{
imports = [
./android.nix
@ -17,7 +17,6 @@
./locale.nix
./users.nix
./containers.nix
./nix-ld.nix
./network.nix
../settings
];

1
system/containers.nix
View file

@ -9,7 +9,6 @@
config = lib.mkIf config.my.containers.enable {
services.flatpak.enable = true;
programs.appimage.enable = true;
virtualisation.docker = {
enable = true;

8
system/gaming.nix
View file

@ -59,13 +59,5 @@
};
};
};
programs.corectrl = {
enable = true;
gpuOverclock = {
enable = true;
ppfeaturemask = "0xffffffff";
};
};
};
}

50
system/monolith-bitbucket-runner.nix
View file

@ -1,50 +0,0 @@
{
config,
pkgs,
...
}:
let
mkRunner = secret: {
image = "docker-public.packages.atlassian.com/sox/atlassian/bitbucket-pipelines-runner:latest";
volumes = [
"/tmp:/tmp"
"/var/run/docker.sock:/var/run/docker.sock"
"/var/lib/docker/containers:/var/lib/docker/containers:ro"
];
environmentFiles = [ secret ];
};
secretConf = {
sopsFile = ../secrets/monolith/default.yaml;
};
in
{
virtualisation.docker = {
enable = true;
daemon.settings = {
# needed by bitbucket runner ???
log-driver = "json-file";
log-opts = {
max-size = "10m";
max-file = "3";
};
};
};
virtualisation.oci-containers.backend = "docker";
virtualisation.oci-containers.containers = {
bitbucket-runner-1 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-1".path;
bitbucket-runner-2 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-2".path;
bitbucket-runner-3 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-3".path;
bitbucket-runner-4 = mkRunner config.sops.secrets."bitbucket-runners/wopus-runner-4".path;
};
sops.secrets = {
"bitbucket-runners/wopus-runner-1" = secretConf;
"bitbucket-runners/wopus-runner-2" = secretConf;
"bitbucket-runners/wopus-runner-3" = secretConf;
"bitbucket-runners/wopus-runner-4" = secretConf;
};
}

25
system/monolith-gitlab-runner.nix
View file

@ -1,6 +1,7 @@
{
config,
pkgs,
lib,
...
}:
let
@ -15,29 +16,9 @@ in
services = {
# runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure
thoreb-telemetria-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-telemetria-nix".path;
thoreb-itinerario-nix = mkNixRunner config.sops.secrets."gitlab-runners/thoreb-itinerario-nix".path;
default = {
# File should contain at least these two variables:
# `CI_SERVER_URL`
# `CI_SERVER_TOKEN`
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/docker-images-token".path;
dockerImage = "debian:stable";
};
thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
thoreb-itinerario-nix = mkNixRunner config.age.secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
sops.secrets = {
"gitlab-runners/thoreb-telemetria-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/thoreb-itinerario-nix" = {
sopsFile = ../secrets/monolith/default.yaml;
};
"gitlab-runners/docker-images-token" = {
sopsFile = ../secrets/monolith/default.yaml;
};
};
}

21
system/nix-ld.nix
View file

@ -1,21 +0,0 @@
{
pkgs,
lib,
config,
...
}:
{
options.my.nix-ld.enable = lib.mkEnableOption { };
config = lib.mkIf (config.my.nix-ld.enable) {
programs.nix-ld = {
enable = true;
libraries =
with pkgs;
# run appimages + linux games natively
[ fuse ]
++ (appimageTools.defaultFhsEnvArgs.multiPkgs pkgs)
++ (appimageTools.defaultFhsEnvArgs.targetPkgs pkgs);
};
};
}

22
system/rainbow-gitlab-runner.nix Normal file
View file

@ -0,0 +1,22 @@
{
config,
pkgs,
lib,
...
}:
let
inherit (pkgs.callPackage ./gitlab-runner.nix { }) mkNixRunner;
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
settings.concurrent = 6;
services = {
thoreb-telemetria-nix = mkNixRunner config.age.secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.path;
thoreb-itinerario-nix = mkNixRunner config.age.secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.path;
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
}

3
system/secrets.nix
View file

@ -1,4 +1,4 @@
{ pkgs, config, ... }:
{ pkgs, ... }:
{
age = {
identityPaths = [ "/root/.ssh/id_rsa" ];
@ -6,6 +6,7 @@
secrets.monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/monolith-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.gitlab-runner-thoreb-telemetria-registrationConfigFile.file = ../secrets/gitlab-runner-thoreb-telemetria-registrationConfigFile.age;
secrets.monolith-forgejo-runner-token.file = ../secrets/monolith-forgejo-runner-token.age;
secrets.rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.file = ../secrets/rainbow-gitlab-runner-thoreb-itinerario-registrationConfigFile.age;
secrets.monolith-nix-serve-privkey.file = ../secrets/monolith-nix-serve-privkey.age;
secrets.phantom-forgejo-mailer-password.file = ../secrets/phantom-forgejo-mailer-password.age;
};

15
system/sops.nix
View file

@ -1,15 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
sops
gnupg
];
sops = {
defaultSopsFile = ../secrets/test.yaml;
age.sshKeyPaths = [
"/etc/ssh/ssh_host_ed25519_key"
"/home/lelgenio/.ssh/id_ed25519"
];
};
}

1
user/dummy.nix
View file

@ -1,7 +1,6 @@
{ lib, ... }:
{
options.my = {
nix-ld.enable = lib.mkEnableOption { };
android.enable = lib.mkEnableOption { };
media-packages.enable = lib.mkEnableOption { };
containers.enable = lib.mkEnableOption { };

66
user/firefox.nix
View file

@ -2,22 +2,15 @@
config,
pkgs,
lib,
font,
...
}:
let
inherit (config.my) desktop;
inherit (config.my.theme) color;
inherit (config.my) desktop browser;
bugfixedFirefox = pkgs.firefox-devedition-unwrapped // {
requireSigning = false;
allowAddonSideload = true;
};
swayCustomization = ''
#titlebar { display: none !important; }
#TabsToolbar { display: none !important; }
#sidebar-header { display: none !important; }
'';
in
{
config = {
@ -126,17 +119,54 @@ in
"devtools.chrome.enabled" = true;
"devtools.debugger.remote-enabled" = true;
};
userChrome = ''
${lib.optionalString (desktop == "sway") swayCustomization}
userChrome =
if desktop == "sway" then
''
#titlebar { display: none !important; }
#TabsToolbar { display: none !important; }
#sidebar-header { display: none !important; }
''
else
''
/* Element | chrome://browser/content/browser.xhtml */
#sidebar-main {
background-color: ${color.bg};
}
#navigator-toolbox {
display: grid;
grid-template-columns: 1fr 50px;
overflow: hidden;
}
#tabbrowser-tabbox {
outline-width: 0 !important;
}
'';
/* Element | chrome://browser/content/browser.xhtml */
#nav-bar {
flex: 1;
width: 100%;
grid-column: 1 / 3;
grid-row: 1;
z-index: 0;
padding-right: 29px !important;
}
/* Element | chrome://browser/content/browser.xhtml */
.toolbar-items {
display: none;
}
/* Element | chrome://browser/content/browser.xhtml */
#TabsToolbar {
max-width: 50px;
}
/* Element | chrome://browser/content/browser.xhtml */
#titlebar {
max-width: 50px;
grid-area: 1 / 2;
z-index: 10;
}
'';
};
};
};

37
user/git.nix
View file

@ -16,46 +16,17 @@ in
user = {
name = username;
email = mail.personal.user;
signingkey = "2F8F21CE8721456B";
};
init.defaultBranch = "main";
core = {
fsmonitor = true;
untrackedCache = true;
};
commit = {
verbose = true;
gpgsign = true;
};
fetch = {
prune = true;
pruneTags = true;
all = true;
};
push = {
autoSetupRemote = true;
default = "simple";
followTags = true;
};
commit.verbose = true;
push.autoSetupRemote = true;
pull.rebase = true;
tag.sort = "version:refname";
merge.conflictStyle = "zdiff3";
rerere = {
enabled = true;
autoupdate = true;
};
branch.sort = "-committerdate";
diff = {
algorithm = "histogram";
colorMoved = "plain";
mnemonicPrefix = true;
renames = true;
};
merge.conflictStyle = "diff3";
rerere.enabled = true;
rebase = {
abbreviateCommands = true;
autoSquash = true;
autoStash = true;
updateRefs = true;
};
pager = {
log = "${pkgs._diffr}/bin/_diffr | ${pkgs.kak-pager}/bin/kak-pager";

1
user/gnome.nix
View file

@ -35,7 +35,6 @@ lib.mkIf (config.my.desktop == "gnome") {
amberol
pitivi
keepassxc
menulibre
libsForQt5.qt5ct
libsForQt5.qtstyleplugin-kvantum

28
user/home-manager.nix
View file

@ -1,28 +0,0 @@
{ pkgs, lib, ... }:
{
programs.home-manager.enable = true;
systemd.user.services.home-manager-expire = {
Unit = {
Description = "Remove old home-manager generations";
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "home-manager-expire" ''
${lib.getExe pkgs.home-manager} expire-generations 7d
'';
};
};
systemd.user.timers.home-manager-expire = {
Unit = {
Description = "Remove old home-manager generations";
};
Timer = {
OnCalendar = "daily";
Unit = "home-manager-expire.service";
};
Install = {
WantedBy = [ "timers.target" ];
};
};
}

28
user/home.nix
View file

@ -9,7 +9,6 @@
{
imports = [
./dummy.nix
./home-manager.nix
./waybar
./helix.nix
./kakoune
@ -45,7 +44,6 @@
inputs.nix-index-database.hmModules.nix-index
../settings
./powerplay-led-idle.nix
./rm-target.nix
];
my = import ./variables.nix // {
@ -59,6 +57,8 @@
home.username = "lelgenio";
home.homeDirectory = "/home/lelgenio";
# Let Home Manager install and manage itself.
programs.home-manager.enable = true;
home.packages = with pkgs; [
terminal
@ -169,6 +169,30 @@
exec nicotine
'';
systemd.user.services.rm-target = {
Unit = {
Description = "Remove directories named 'target'";
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "rm-target" ''
sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
'';
};
};
systemd.user.timers.rm-target = {
Unit = {
Description = "Remove directories named 'target'";
};
Timer = {
OnCalendar = "weekly";
Unit = "rm-target.service";
};
Install = {
WantedBy = [ "timers.target" ];
};
};
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards

3
user/kakoune/default.nix
View file

@ -82,9 +82,6 @@ in
rev = "1cc6baeb14b773916eb9209469aa77b3cfa67a0a";
sha256 = "sha256-3PLxG9UtT0MMSibvTviXQIgTH3rApZ3WSbNCEH3c7HE=";
};
buildInputs = with pkgs; [
python3Minimal
];
})
];
extraConfig =

8
user/kakoune/filetypes.kak
View file

@ -15,14 +15,6 @@ hook global WinSetOption filetype=nix %{
set buffer formatcmd 'nixfmt'
}
hook global BufCreate .*\.json %{
set buffer formatcmd 'prettier --parser json'
}
hook global BufCreate .*\.ya?ml %{
set buffer formatcmd 'prettier --parser yaml'
}
hook global BufCreate .*\.html %{
set buffer formatcmd 'prettier --parser html'
}

6
user/ranger/rc.conf
View file

@ -27,10 +27,10 @@ set confirm_on_delete multiple
# Use non-default path for file preview script?
# ranger ships with scope.sh, a script that calls external programs (see
# README.md for dependencies) to preview images, archives, etc.
# set preview_script ~/.config/ranger/scope.sh
set preview_script ~/.config/ranger/scope.sh
# Use the external preview script or display simple plain text or image previews?
# set use_preview_script true
set use_preview_script true
# Automatically count files in the directory, even before entering them?
set automatically_count_files true
@ -40,7 +40,7 @@ set automatically_count_files true
set open_all_images true
# Be aware of version control systems and display information.
set vcs_aware false
set vcs_aware true
# State of the four backends git, hg, bzr, svn. The possible states are
# disabled, local (only show local info), enabled (show local and remote

26
user/rm-target.nix
View file

@ -1,26 +0,0 @@
{ pkgs, lib, ... }:
{
systemd.user.services.rm-target = {
Unit = {
Description = "Remove directories named 'target'";
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "rm-target" ''
sudo ${pkgs.fd}/bin/fd -td -u '^\.?target$' "$HOME" -x rm -vrf --
'';
};
};
systemd.user.timers.rm-target = {
Unit = {
Description = "Remove directories named 'target'";
};
Timer = {
OnCalendar = "weekly";
Unit = "rm-target.service";
};
Install = {
WantedBy = [ "timers.target" ];
};
};
}

7
user/sway/default.nix
View file

@ -20,7 +20,6 @@ in
./swayidle.nix
./swaylock.nix
./theme.nix
./gammastep.nix
];
options.my.sway.enable = lib.mkEnableOption { };
@ -33,7 +32,6 @@ in
my.mpd.enable = true;
my.zathura.enable = true;
my.waybar.enable = true;
my.gammastep.enable = true;
wayland.windowManager.sway = {
enable = true;
@ -115,8 +113,13 @@ in
for_window [title=.*] inhibit_idle fullscreen
exec swaymsg workspace 2
exec_always systemctl --user restart waybar.service
exec corectrl --minimize-systray
'';
};
services.gammastep = {
enable = true;
provider = "geoclue2";
};
services.kdeconnect = {
enable = true;

19
user/sway/gammastep.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
let
cfg = config.my.gammastep;
in
{
options.my.gammastep.enable = lib.mkEnableOption { };
config = lib.mkIf cfg.enable {
services.gammastep = {
enable = true;
dawnTime = "6:00-7:45";
duskTime = "18:35-20:15";
temperature = {
day = 6500;
night = 4500;
};
};
};
}

2
user/sway/swaylock.nix
View file

@ -9,7 +9,7 @@ in
options.my.swaylock.enable = lib.mkEnableOption { };
config.programs.swaylock.settings = lib.mkIf cfg.enable {
image = theme.backgroundPath;
image = toString theme.background;
font = font.interface;
font-size = font.size.medium;
indicator-thickness = 20;

2
user/variables.nix
View file

@ -28,7 +28,6 @@ let
cursor_theme = "Bibata-Modern-Classic";
background = ./backgrounds/nixos-dark-pattern.png;
backgroundPath = "~/.local/share/backgrounds/nixos-dark-pattern.png";
opacity = 95;
opacityHex = "ee";
color = {
@ -60,7 +59,6 @@ let
cursor_theme = "Bibata-Modern-Classic";
background = ./backgrounds/nixos-light-pattern.png;
backgroundPath = "~/.local/share/backgrounds/nixos-light-pattern.png";
opacity = 95;
opacityHex = "ee";
color = {