lelgenio/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 2 Releases Packages Wiki Activity Actions

Compare commits

base: lelgenio:main
Branches Tags
lelgenio:main
lelgenio:wipg
lelgenio:caffeinated
lelgenio:try-fix-firefox
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:niri
lelgenio:gnome
lelgenio:hyprland
..
compare: lelgenio:wipg
Branches Tags
lelgenio:wipg
lelgenio:main
lelgenio:caffeinated
lelgenio:try-fix-firefox
lelgenio:multiline-edit
lelgenio:gnome-the-second
lelgenio:gnome-pass-search-provider
lelgenio:refactor
lelgenio:sops
lelgenio:update-24.11
lelgenio:disko
lelgenio:release-24.05
lelgenio:niri
lelgenio:gnome
lelgenio:hyprland

1 commit
main ... wipg

Author SHA1 Message Date
lelgenio
e0a8b9e791 wip 2025-09-09 18:15:48 -03:00
11 changed files with 114 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

9
.sops.yaml
View file

@ -2,6 +2,7 @@ keys:
- &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B - &lelgenio-gpg 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
- &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h - &lelgenio-ssh age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
- &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw - &monolith-ssh age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
- &double-rainbow-ssh age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
- &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y - &phantom-ssh age1m4mqcd2kmuhfr8a22rvh02c68jkakhdfmuqgtusuv0czk4jvna7sz79p3y
creation_rules: creation_rules:
@ -19,6 +20,14 @@ creation_rules:
age: age:
- *lelgenio-ssh - *lelgenio-ssh
- *monolith-ssh - *monolith-ssh
- path_regex: secrets/double-rainbow/[^/]+\.(yaml|json|env|ini|gpg)$
key_groups:
- pgp:
- *lelgenio-gpg
age:
- *lelgenio-ssh
- *monolith-ssh
- *double-rainbow-ssh
- path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$ - path_regex: secrets/phantom/[^/]+\.(yaml|json|env|ini|gpg)$
key_groups: key_groups:
- pgp: - pgp:

2
flake.nix
View file

@ -166,7 +166,7 @@
double-rainbow = lib.nixosSystem { double-rainbow = lib.nixosSystem {
inherit system specialArgs; inherit system specialArgs;
modules = [ modules = [
./hosts/double-rainbow.nix ./hosts/double-rainbow
] ]
++ common_modules; ++ common_modules;
}; };

5
hosts/double-rainbow.nix → hosts/double-rainbow/default.nix
View file

@ -17,7 +17,10 @@ let
]; ];
in in
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./gitlab-runner.nix
];
my.nix-ld.enable = true; my.nix-ld.enable = true;

36
hosts/double-rainbow/gitlab-runner.nix Normal file
View file

@ -0,0 +1,36 @@
{
config,
pkgs,
...
}:
let
inherit (pkgs.callPackage ../../system/gitlab-runner.nix { }) mkNixRunnerFull;
in
{
boot.kernel.sysctl."net.ipv4.ip_forward" = true;
virtualisation.docker.enable = true;
services.gitlab-runner = {
enable = true;
settings.concurrent = 4;
services = {
wopus-gitlab-nix = mkNixRunnerFull {
authenticationTokenConfigFile = config.sops.secrets."gitlab-runners/wopus-gitlab-nix".path;
nixCacheSshPrivateKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pk".path;
nixCacheSshPublicKeyPath = config.sops.secrets."gitlab-runners/wopus-ssh-nix-cache-pub".path;
};
};
};
systemd.services.gitlab-runner.serviceConfig.Nice = 10;
sops.secrets = {
"gitlab-runners/wopus-gitlab-nix" = {
sopsFile = ../../secrets/double-rainbow/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pk" = {
sopsFile = ../../secrets/double-rainbow/default.yaml;
};
"gitlab-runners/wopus-ssh-nix-cache-pub" = {
sopsFile = ../../secrets/double-rainbow/default.yaml;
};
};
}

9
scripts/screenshotsh
View file

@ -46,13 +46,4 @@ case $1 in
$screenshot -o "$cur_output" - | $copy || $screenshot -o "$cur_output" - | $copy ||
$screenshot - | $copy $screenshot - | $copy
;; ;;
edit)
# Focused monitor to clipboard
cur_output=$(swaymsg -t get_outputs |
jq -r '.[] | select(.focused) | .name')
test -n "$cur_output" &&
$screenshot -o "$cur_output" - | satty --filename - --output-filename "$DESTFILE" ||
$screenshot - | satty --filename - --output-filename "$DESTFILE"
;;
esac esac

53
secrets/double-rainbow/default.yaml Normal file
View file

@ -0,0 +1,53 @@
gitlab-runners:
wopus-gitlab-nix: ENC[AES256_GCM,data:n/bm5W5Q/h7MxMZX7yz4qeUBpfZDrI7A7/PlnLncMto5V5itVTXRvfd3+D/d2r9PVuJSogfMgMAh0cwuvPspjlm9ToPxrmgGdYbnAkhnFeTHdCfcF1x2DG2JkHe54wUhcQa9QEJkWZ5jJM//2jU=,iv:63lrYCCBMSr5toulba7Rni+iun0Bl2vMFbIsTVvOWQs=,tag:Z1GHj91q09sOWCaLPIKJ4Q==,type:str]
wopus-ssh-nix-cache-pk: ENC[AES256_GCM,data:+5I7INvMNfegjjC0xPNOSj+vFakXe6V4N/S5wvL64DOxfPXhSQAjVtdMslp/LlJXH4XWbkQ8ErLbySB3WMDMRDnDRY+6+UKXsP6MFpvEtho0lN+8ZeAGC25ehadYDSFTX43wz6cLRuoAqRQdhPKM96wcYif7nF40cStgaAQhkNemK7AenSA9LQ4J72dWovFuwfTZml8qH6W/O+YEqfOgZsyJ/LobcM1fiuN1S4NnCOJSWB2Ahsu0tiMOSRxKWeUS9+ewh+x1xnZL3y4vax5GgtS2KojtXq0U4qgNi4Gwnmef7HmH1tVgeMO2ykCsuCCZ9iJR0IOqTHU2l+U6hTzf5vehpgK5/tsthkXRsLUmVRnjUaQwaEq9JYltGpEdk6U0UnD+Mf0f5BsDw23lHgannLeduhrSFrPFj+BVodnPxjyYJTPXwXfbWrKIQ8s5kWfIq9x0VePsteIgEH4xLL0yFtyZzrYeCq9WF3j5xTvJsOlG0ehQzX22orrM4RzrFVmeLYOIc/V4bQeyIf1lWemr,iv:UNaUnlVayrzF7qpgIVi9gxPFGCzIP24jNUpO295JPog=,tag:a5OlD+AJH3u6y+Lo3lOQWw==,type:str]
wopus-ssh-nix-cache-pub: ENC[AES256_GCM,data:aknblYwAAGaso/Vhr9f1RX64tA3uOh3qxc1dBI7DQmk4TUlQn/AYrKF7wanIhhydrasRulDEam3CBiiyeW/ejcXG07wKIUyZ94TOYfcyRd1yo+PGkmb1yycU6PdjaP5/zwUPAnjMhR2quW+8iwADaUMYKXIJkdQaqUW9a845vBKIxgNgBskWMGMzldb+aUnr2eCb,iv:MQdEUrNugzv+QL6f/MNUqh9M+nFVsWI4VHlMrgQOTEg=,tag:olNTQyCSOhv3sgSjuIXKBA==,type:str]
sops:
age:
- recipient: age1zrgu7w8059xydagm60phnffghvfe9h2ca58cx8qwagqpyfuvs9fqw79c8h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0eTBFdVM5OFlQTi9JMmFw
QWpIU2dSdDMzQTVJOWJCUU03QXR1QVZoeXc4CkljdHNKQ0tUczMrNys5eXNGMnVa
K003QjdRaWY4RmNtaEw4cEsxSEJwZlEKLS0tIFZpbGUyaHh0RndkVlpQVlVucHJa
TndIUUhsY2xSR3E1WlJXV3ZFN0lIMncKjjf1yt4XhfguzYoCNmHYSmetMDnoz4cr
frbZdy4hl9w9EZO5JUeC/n7QMYTZLC2/Zk2PXRUvwyQglrGoUVK2Bg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ecyynwv93lfu7crjjp8l47defv07quzfzaktwurpep7jc9eha5pscg7lrw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHbHd4L0NEZW55OWd3SWlv
U3dEcDNKZUJid2VsZ1lQdy9NRnIyVDRPRm1VCnZDcCs0S1BLNjJLZTFpSHVpNVRj
OFpMK0ZjWTJkcWJoUFk2YnBCK3JKcFUKLS0tIEtqRkF4Q0FobXhPVTF6eWN2d0Nx
eVAwSi9LaVNEcHIvQnhhZmZLbHRPOUUK6A91L8YCpi/sM9FiXcJ1sLmW3U4KadYL
uw07mobP1Rf0RUdAuSK+42ErFgmS+OTDze/mT/PXg6Dfk+vhTjbfGA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1026d4c8nqyapcsy4jz57szt6zw3ejcgv3ecyvz0s89t7w7z964fqdqv52h
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaUpLU1ZxQWNCNFNGeEpl
dEpVbzBFbk1XaVoxMXIzMWFmTkZWS05GOFFvCmJGamVGK2pCeTJROVloMGdYK3Mx
cGF1elFSbjJ3UmUyc1FsUkh6b2JNWTgKLS0tIFRzbHZIL25tK1dnWm90QVFueWZM
WUZrTkg0cklJSUg5MndsN0ZPcVk4U0kKPsj787kDFDMxsBt5qk4Bp121AMTE++99
m2X4lL6ona9fUe8e8wGhdgxZmqvJL2RCaVWJJy5SAbJ/skP3y7i2mw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-09-09T20:29:01Z"
mac: ENC[AES256_GCM,data:forfO9i1DJvf38Q2B6ETUuOmGB3XVNQEURlUH4h6+6qEZqpZb/c7yUlMpXTUk9kgXn+IcfUhymFN3lrS7KVhSG5SxOTqwpOLF39+XFXcam3X4jf1/H4uBVqmntWAFG2+SvPxvL5jUKw9j8O0xBPWlbnx6BOQU4ifjcoPMOWanBQ=,iv:wj6F/5AV4oieoASZXb6oBtDYA0cA+1ujPWkziMTAhQ0=,tag:29lR7wsFT3vhp2ztMHBlsA==,type:str]
pgp:
- created_at: "2025-09-09T20:27:32Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQEMAzy6JxafzLr5AQf/a5v/AIIsdE9WawM710HCLQwEJXskDXfN7UP055gDBJer
96qny8cKC833OhTPLqWCUpAVgJ1JQ8EDLvj2YvXLiq/NmMFs+mBwjPdzNIUKzK6E
QgtjRJuQfOGSW0i44b+nkmWLSi1PhxVbIFt27Nl4I+mrvkhztIZcTwht+be3mMrp
z1hEn/BbXsin6JOB6EuyFbsRZ3wYFUlr23NiKVI/JSo39ifbtGqgWn68GN+tYYYs
mZ5tJykyRZxTU6qEKBaW9veClxs0FW2shQpp6Go/u6u/ghhHeB99trauPFL2rypT
IaLGWruFwHMsd+rSTcw+YrTbL7bfkqx/4xj5dxJaFNJeAfo5F5ddr1odeAHeSQmh
pfStJmy83SHhyDw8wLKMeF9d7dPKIyU4cXbLjSv1w86bDpDw8LBJSYEjJPVjLONV
F6AXCJxNckDXmshGUejC09abAcMzzTsEJK7ocqEoMg==
=XAWM
-----END PGP MESSAGE-----
fp: 0FECE8316E74BA6F44EFC21A2F8F21CE8721456B
unencrypted_suffix: _unencrypted
version: 3.10.2

4
system/greetd.nix
View file

@ -37,6 +37,8 @@ in
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
# Always pick the first monitor, this is fine since I only ever use a single monitor
wlr.settings.screencast.chooser_type = "none";
# gtk portal needed to make gtk apps happy # gtk portal needed to make gtk apps happy
extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}; };
@ -72,7 +74,7 @@ in
user = "lelgenio"; user = "lelgenio";
}; };
default_session = { default_session = {
command = "dbus-run-session -- ${pkgs.sway}/bin/sway --config ${swayConfig}"; command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
}; };
}; };
}; };

2
system/monolith-gitlab-runner.nix
View file

@ -11,7 +11,7 @@ in
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
services.gitlab-runner = { services.gitlab-runner = {
enable = true; enable = true;
settings.concurrent = 8; settings.concurrent = 4;
services = { services = {
# runner for building in docker via host's nix-daemon # runner for building in docker via host's nix-daemon
# nix store will be readable in runner, might be insecure # nix store will be readable in runner, might be insecure

11
user/sway/default.nix
View file

@ -76,19 +76,10 @@ in
}; };
output = { output = {
"*" = { "*" = {
adaptive_sync = "on";
bg = "${theme.background} fill"; bg = "${theme.background} fill";
};
"AOC 24G2W1G4 ATNM6XA004804" = {
position = "0,0";
adaptive_sync = "on";
mode = "1920x1080@144.000Hz"; mode = "1920x1080@144.000Hz";
}; };
"LG Electronics 25UM58G 0x01010101" = {
position = "1920,215";
adaptive_sync = "on";
scale = "1.2";
mode = "2560x1080@74.991Hz";
};
}; };
fonts = { fonts = {
names = [ font.interface ]; names = [ font.interface ];

18
user/sway/kanshi.nix
View file

@ -8,24 +8,6 @@ in
config.services.kanshi = lib.mkIf cfg.enable { config.services.kanshi = lib.mkIf cfg.enable {
enable = true; enable = true;
settings = [ settings = [
{
profile = {
name = "home";
outputs = [
{
criteria = "AOC 24G2W1G4 ATNM6XA004804";
position = "0,0";
}
{
criteria = "LG Electronics 25UM58G 0x01010101";
position = "1920,215";
scale = 1.2;
mode = "2560x1080@74.991Hz";
}
];
exec = [ "xrdb .Xresources" ];
};
}
{ {
profile = { profile = {
name = "sedetary"; name = "sedetary";

11
user/sway/sway-binds.nix
View file

@ -110,8 +110,6 @@ let
"${mod}+Control+${keyBind}" = "resize ${resize_cmd}"; "${mod}+Control+${keyBind}" = "resize ${resize_cmd}";
# focus output # focus output
"${mod}+mod1+${keyBind}" = "focus output ${direction}"; "${mod}+mod1+${keyBind}" = "focus output ${direction}";
# Move window to output
"${mod}+mod1+Control+${keyBind}" = "move window output ${direction}; focus output ${direction}";
# Move workspace to output # Move workspace to output
"${mod}+mod1+Shift+${keyBind}" = "move workspace output ${direction}"; "${mod}+mod1+Shift+${keyBind}" = "move workspace output ${direction}";
} }
@ -127,8 +125,9 @@ let
"${mod}+v" = "splitv"; "${mod}+v" = "splitv";
"${mod}+a" = "focus parent"; "${mod}+a" = "focus parent";
"${mod}+Shift+z" = "move scratchpad"; ## TODO:
"${mod}+z" = "scratchpad show"; # "${mod}+Shift+minus" = "move scratchpad";
# "${mod}+minus" = "scratchpad show";
}; };
audio_binds = { audio_binds = {
@ -173,7 +172,9 @@ let
"${mod}+c" = "exec ${pkgs.color_picker}/bin/color_picker"; "${mod}+c" = "exec ${pkgs.color_picker}/bin/color_picker";
"${mod}+Return" = "exec ${terminal}"; "${mod}+Return" = "exec ${terminal}";
"${mod}+Ctrl+Return" = "exec thunar"; "${mod}+Ctrl+Return" = "exec thunar";
"${mod}+Shift+s" = "exec ${pkgs.screenshotsh}/bin/screenshotsh edit"; "${mod}+Shift+s" = ''
exec grim - | satty --filename - --output-filename "$(xdg-user-dir PICTURES)"/Screenshots/satty-$(date '+%Y%m%d-%H:%M:%S').png
'';
"${mod}+Ctrl+v" = "exec wl-paste | tesseract -l por - - | wl-copy"; "${mod}+Ctrl+v" = "exec wl-paste | tesseract -l por - - | wl-copy";
"${mod}+k" = "exec showkeys"; "${mod}+k" = "exec showkeys";
"${mod}+Alt+x" = "exec pkill wl-crosshair || exec wl-crosshair"; "${mod}+Alt+x" = "exec pkill wl-crosshair || exec wl-crosshair";