cry/flake
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: cry:726111079ef5a9bd33622ecca8f185e8af696925
Branches Tags
cry:main
cry:pc/latest
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost
..
compare: cry:1de15c45f2d7bb1136f61c244a4580b43ac6800b
Branches Tags
cry:main
cry:pc/latest
cry:laptop
cry:lolcathost-24.05
cry:myputer
cry:lolcathost

No commits in common. "726111079ef5a9bd33622ecca8f185e8af696925" and "1de15c45f2d7bb1136f61c244a4580b43ac6800b" have entirely different histories.
726111079e ... 1de15c45f2

16 changed files with 363 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

97
deploy Executable file
View file

@ -0,0 +1,97 @@
#!/usr/bin/env bash
set -e
# TODO: use `nixos-rebuild build-vm`
usage="Usage: $(basename $0) [OPTIONS]
Options:
-f, --fresh Remove old content in the nixstore (good for debugging)
-b, --bootloader Reinstall the bootloader
-r, --remote Locally build and remotely deploy Colmena hive
--show-trace Show nix stack trace on error
-h, --help Show this message (^_^)"
# delete all cached entries
# to make the system from scratch
collect_garbage () {
sudo nix-collect-garbage --delete-old
}
rebuild_flake () {
# make sure all changes are visible to nixos
# (--intent-to-add tracks files but DOES NOT stage them)
git add . --intent-to-add --verbose
local FLAGS=
if [ "$1" = "reinstall-bootloader" ]; then
FLAGS="--install-bootloader"
# sudo nixos-rebuild switch --flake . --install-bootloader
# STC_DISPLAY_ALL_UNITS=1 (verbose, show output of all units)
fi
# LOG="$(mktemp /tmp/rebuild-XXXXXXXX)"
LOG="./rebuild.log"
echo "[*] Logging to $LOG"
sudo nixos-rebuild switch --flake . $FLAGS $EXTRA_FLAGS 2>&1 | tee "$LOG"
#nixos-rebuild build --flake .# --cores 8 -j 1
}
deploy_hive () {
echo "[+] Adding keys to ssh-agent"
ssh-add ~/.ssh/id_hyrule
printf "\n"
git add . --verbose
# Deploy to all Colmena hives
colmena build --experimental-flake-eval $EXTRA_FLAGS
colmena apply --experimental-flake-eval $EXTRA_FLAGS
# colmena apply --on hyrule --experimental-flake-eval
}
# check which flags were given
flag_fresh=false
flag_bootloader=false
flag_remote=false
flag_trace=false
for flag in "$@"; do
case "$flag" in
-r|--remote)
flag_remote=true ;;
--show-trace)
flag_trace=true ;;
-f|--fresh)
flag_fresh=true ;;
-b|--bootloader)
flag_bootloader=true ;;
-h|--help)
echo "$usage"
exit 0 ;;
*)
echo "[!] Unknown flag \"$flag\""
exit 1 ;;
esac
done
EXTRA_FLAGS=""
if [ "$flag_trace" = true ]; then
EXTRA_FLAGS="$EXTRA_FLAGS --show-trace"
fi
if [ "$flag_remote" = true ]; then
deploy_hive
exit 0
fi
# delete cached items in nixstore
if [ "$flag_fresh" = true ]; then
collect_garbage
exit 0
fi
# nixos-rebuild switch ...
if [ "$flag_bootloader" = true ]; then
collect_garbage
rebuild_flake "reinstall-bootloader"
else
rebuild_flake
fi

194
flake.lock generated
View file

@ -3,22 +3,21 @@
"cerulean": {
"inputs": {
"deploy-rs": "deploy-rs",
"mix": "mix",
"nib": "nib",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-unstable": [
"nixpkgs-unstable"
],
"nt": [
"nt"
],
"systems": [
"systems"
]
},
"locked": {
"lastModified": 1770594166,
"narHash": "sha256-ijsAdvC9/0873gCkqNpTjUDl+Gk8oKovgvpnnQfA+/A=",
"lastModified": 1770552327,
"narHash": "sha256-cVVPdC650MRP4tMSB9EcECUpc0U4HWSZzoQnpEHH0uE=",
"path": "/home/me/agribit/nexus/Cerulean",
"type": "path"
},
@ -121,28 +120,6 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"nt",
"nix-unit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762440070,
"narHash": "sha256-xxdepIcb39UJ94+YydGP221rjnpkDZUlykKuF54PsqI=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "26d05891e14c88eb4a5d5bee659c0db5afb609d8",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"grub2-themes": {
"inputs": {
"nixpkgs": [
@ -163,24 +140,45 @@
"type": "github"
}
},
"home-manager": {
"mix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
"nib": [
"cerulean",
"nib"
]
},
"locked": {
"lastModified": 1763992789,
"narHash": "sha256-WHkdBlw6oyxXIra/vQPYLtqY+3G8dUVZM8bEXk0t8x4=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "44831a7eaba4360fb81f2acc5ea6de5fde90aaa3",
"lastModified": 1768525804,
"narHash": "sha256-jlpNb7Utqfdq2HESAB1mtddWHOsxKlTjPiLFRLd35r8=",
"owner": "emilelcb",
"repo": "mix",
"rev": "617d8915a6518a3d4e375b87c50ae34d9daee6c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.05",
"repo": "home-manager",
"owner": "emilelcb",
"repo": "mix",
"type": "github"
}
},
"nib": {
"inputs": {
"systems": [
"cerulean",
"systems"
]
},
"locked": {
"lastModified": 1768472076,
"narHash": "sha256-bdVRCDy6oJx/CZiyxkke783FgtBW//wDuOAITUsQcNc=",
"owner": "emilelcb",
"repo": "nib",
"rev": "42ac66dfc180a13af1cc8850397db66ec5556991",
"type": "github"
},
"original": {
"owner": "emilelcb",
"repo": "nib",
"type": "github"
}
},
@ -200,52 +198,6 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nt",
"nix-unit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737420293,
"narHash": "sha256-F1G5ifvqTpJq7fdkT34e/Jy9VCyzd5XfJ9TO8fHhJWE=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "f4158fa080ef4503c8f4c820967d946c2af31ec9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nix-unit": {
"inputs": {
"flake-parts": "flake-parts_2",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nt",
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1762774186,
"narHash": "sha256-hRADkHjNt41+JUHw2EiSkMaL4owL83g5ZppjYUdF/Dc=",
"owner": "nix-community",
"repo": "nix-unit",
"rev": "1c9ab50554eed0b768f9e5b6f646d63c9673f0f7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-unit",
"type": "github"
}
},
"nixcord": {
"inputs": {
"flake-compat": "flake-compat_2",
@ -331,51 +283,16 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nt": {
"inputs": {
"nix-unit": "nix-unit",
"nixpkgs": "nixpkgs_3",
"systems": "systems_2"
},
"locked": {
"lastModified": 1770593961,
"narHash": "sha256-Q2rRlN6yZiatLwEfYyCKJ/SImva+vbXr8DVA0qvix4c=",
"path": "/home/me/agribit/nexus/nt",
"type": "path"
},
"original": {
"path": "/home/me/agribit/nexus/nt",
"type": "path"
}
},
"root": {
"inputs": {
"cerulean": "cerulean",
"dobutterfliescry-net": "dobutterfliescry-net",
"grub2-themes": "grub2-themes",
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixcord": "nixcord",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"nt": "nt",
"systems": "systems_3"
"systems": "systems_2"
}
},
"systems": {
@ -408,43 +325,6 @@
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nt",
"nix-unit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1762410071,
"narHash": "sha256-aF5fvoZeoXNPxT0bejFUBXeUjXfHLSL7g+mjR/p5TEg=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "97a30861b13c3731a84e09405414398fbf3e109f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems"

23
flake.nix
View file

@ -12,9 +12,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
# nt.url = "github:emilelcb/nt";
nt.url = "/home/me/agribit/nexus/nt";
cerulean = {
# url = "github:emilelcb/Cerulean";
url = "/home/me/agribit/nexus/Cerulean";
@ -22,7 +19,6 @@
systems.follows = "systems";
nixpkgs.follows = "nixpkgs";
nixpkgs-unstable.follows = "nixpkgs-unstable";
nt.follows = "nt";
};
};
@ -54,10 +50,7 @@
...
}: let
groups = {
cryos = {
# oh frick i cried again
cryde = {};
};
cryde = {}; # oh frick i cried again
server = {};
};
in
@ -70,7 +63,7 @@
# my laptop <3 :3
lolcathost = {
system = "x86_64-linux";
groups = [groups.cryos.cryde];
groups = [groups.cryde];
extraModules = [
home-manager.nixosModules.default
grub2-themes.nixosModules.default
@ -80,7 +73,7 @@
# i be on my puter frfr
myputer = {
system = "x86_64-linux";
groups = [groups.cryos.cryde];
groups = [groups.cryde];
extraModules = [
home-manager.nixosModules.default
grub2-themes.nixosModules.default
@ -102,11 +95,11 @@
};
# call me a statistician the way she spreads in my sheets
# matcha = {
# system = "x86_64-linux";
# groups = [groups.server];
# deploy.ssh.host = "bedroom.dobutterfliescry.net";
# };
matcha = {
system = "x86_64-linux";
groups = [groups.server];
deploy.ssh.host = "bedroom.dobutterfliescry.net";
};
};
};
};

5
groups/all/default.nix
View file

@ -1,5 +0,0 @@
{lib, ...}: {
# NOTE: mkDefault is 1000 and mkForce is 50
# NOTE: so this is like a second mkDefault
security.sudo.wheelNeedsPassword = lib.mkOverride 900 true;
}

8
groups/cryde/default.nix
View file

@ -12,7 +12,7 @@
../../hosts/modules/steam.nix
../../hosts/modules/obsidian.nix
# inputs.nix-flatpak.nixosModules.nix-flatpak
inputs.nix-flatpak.nixosModules.nix-flatpak
];
boot.loader.grub2-theme = {
@ -110,10 +110,10 @@
NIXOS_OZONE_WL = "1";
};
systemPackages = with pkgs; [
sddm-theme-corners
(callPackage ../sddm-theme-corners.nix {}).sddm-theme-corners
# dependencies for my sddm theme:
# XXX: add these as a buildInput
# pkgs.libsForQt5.qt5.qtgraphicaleffects
pkgs.libsForQt5.qt5.qtgraphicaleffects
];
};
@ -130,6 +130,8 @@
nitch
starfetch
colmena-latest
gitkraken
];
};

6
groups/cryde/programs.nix
View file

@ -1,8 +1,4 @@
{
pkgs,
upkgs,
...
}: {
{pkgs, ...}: {
# ---- SYSTEM PACKAGES -----
environment.systemPackages = with pkgs; [
# User Environment

26
groups/server/default.nix
View file

@ -1,4 +1,8 @@
{lib, ...}: {
{
lib,
sshPort ? 22,
...
}: {
networking = {
networkmanager.enable = true;
@ -11,7 +15,7 @@
firewall = {
enable = lib.mkDefault true;
allowedTCPPorts = [
22
sshPort
];
};
};
@ -37,7 +41,7 @@
services = {
openssh = {
enable = true;
ports = [22];
ports = [sshPort];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";
@ -47,20 +51,4 @@
};
};
};
users = {
users = {
# primary user
cry = {
isNormalUser = true;
home = "/home/cry";
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = lib.mkOverride 900 [
(throw ''
Hosts in the `server` group must set `users.users.cry.openssh.authorizedKeys.keys = [ ... ]`.
'')
];
};
};
};
}

16
hosts/butterfly/default.nix
View file

@ -57,10 +57,18 @@
# };
};
users.users.cry = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
users = {
users = {
# primary user
cry = {
isNormalUser = true;
home = "/home/cry";
extraGroups = ["wheel"];
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
};
};
};
virtualisation.docker.enable = true;

54
hosts/hyrule/default.nix
View file

@ -1,6 +1,8 @@
{...}: {
{pkgs, ...}: {
imports = [
./hardware-configuration.nix
./services
];
# super duper minimum grub2 config
@ -13,19 +15,59 @@
hostName = "hyrule";
firewall = {
allowedTCPPorts = [
80 # nginx
443 # nginx
];
allowedUDPPorts = [
54231 # Wireguard
];
};
# wg-quick.interfaces = {
# wg0 = {
# address = [
# "10.10.10.4/24"
# ];
# dns = ["10.10.10.1"];
# privateKeyFile = "/root/wg_agrivpn_hyrule";
# peers = [
# {
# # peer's public key
# publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY=";
# # choose which traffic to forward
# allowedIPs = [
# "10.0.51.0/24"
# "10.10.10.0/24"
# ];
# endpoint = "150.242.34.33:54231";
# }
# ];
# };
# };
};
users.users.cry = {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
users = {
users = {
# primary user
cry = {
isNormalUser = true;
extraGroups = ["wheel"];
shell = pkgs.bash;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net"
];
};
friends = {
isNormalUser = true;
shell = pkgs.fish;
home = "/home/friends";
};
};
};
virtualisation.docker.enable = true;
system.stateVersion = "25.11"; # DO NOT MODIFY
system.stateVersion = "24.11"; # DO NOT MODIFY
}

7
hosts/hyrule/services/default.nix Normal file
View file

@ -0,0 +1,7 @@
{...}: {
imports = [
./services/forgejo.nix
./services/vaultwarden.nix
./services/nginx.nix
];
}

83
hosts/hyrule/services/nginx.nix Normal file
View file

@ -0,0 +1,83 @@
{
inputs,
pkgs,
...
}: {
nixpkgs.overlays = [
(self: super: {
# in wake of CVE-2022-3602/CVE-2022-3786
nginxStable = super.nginxStable.override {openssl = pkgs.libressl;};
})
inputs.dobutterfliescry-net.overlays.default
];
# simple nginx instance to host static construction page
# TODO: I want sshd and forgejo's ssh server to both be bound to port 22
# So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc)
# and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address)
services.nginx = {
enable = true;
# XXX: TODO: this should auto use the nginxStable overlay no?
# in wake of CVE-2022-3602/CVE-2022-3786
# package = pkgs.nginxStable.override {openssl = pkgs.libressl;};
recommendedGzipSettings = true;
recommendedZstdSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# streamConfig = ''
# server {
# listen 127.0.0.1:53 udp reuseport;
# proxy_timeout 20s;
# proxy_pass 192.168.0.1:53535;
# }
# '';
virtualHosts = let
localhost = "http://127.0.0.1";
std = {
# TODO: should I run over QUIC+HTTP3? (experimental)
# quic = true;
# http3 = true;
enableACME = true;
# kTLS = true; # offload TLS to the linux kernel
};
vault =
{
forceSSL = true;
locations."/".proxyPass = "${localhost}:8222";
}
// std;
forge =
{
forceSSL = true;
extraConfig = ''
client_max_body_size 512M;
'';
locations."/".proxyPass = "${localhost}:3000";
}
// std;
in {
"dobutterfliescry.net" =
{
default = true;
addSSL = true; # not strictly enforced <3
# root = "/var/www/cry";
root = "${pkgs.dobutterfliescry-net}/www";
# extraConfig = ''
# error_page 404 /custom_404.html;
# '';
}
// std;
# Route "vault" subdomain to vaultwarden
"vault.imbored.dev" = vault;
# Route "forge" subdomain to forgejo
# TODO: use `forgejo.settings.server.ENABLE_ACME` instead?
# "tearforge.net" = forge;
"forge.dobutterfliescry.net" = forge;
};
};
}

20
hosts/modules/colmena.nix Normal file
View file

@ -0,0 +1,20 @@
{}: {
# Colmena's latest stable version is
# unusable so get latest unstable version.
colmena = let
src = pkgsBuild.fetchFromGitHub {
owner = "zhaofengli";
repo = "colmena";
rev = "47b6414d800c8471e98ca072bc0835345741a56a";
sha256 = "rINodqeUuezuCWOnpJgrH7u9vJ86fYT+Dj8Mu8T/IBc=";
};
flake =
pkgsBuild.callPackage "${src}/flake.nix" {
};
in
flake.packages."${system}".colmena;
nixpkgs.config.packageOverrides = pkgs: {
colmena = pkgs.callPackage
};
}

1
hosts/modules/steam.nix
View file

@ -52,5 +52,6 @@
# lutris
bottles
heroic
];
}

25
hosts/myputer/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
upkgs,
lib,
...
}: {
imports = [
@ -27,7 +26,29 @@
flatpak.enable = true;
};
security.sudo.wheelNeedsPassword = lib.mkForce false;
# ------- USERS -------
security.sudo.wheelNeedsPassword = false;
users = {
users = {
# just me fr (personal account)
me = {
isNormalUser = true;
extraGroups = ["wheel" "netdev" "docker"];
shell = pkgs.bash;
packages = with pkgs; [
firefox
nitch
starfetch
colmena-latest
gitkraken
# NOTE: downloadthing this causes my PC to freak!! ("too many open files" error)
#keyguard # bitwarden client app
];
};
};
};
# ---- SYSTEM PACKAGES -----
environment.systemPackages = with pkgs; [

4
overlays/default.nix
View file

@ -13,9 +13,5 @@
x86-manpages = import ../packages/x86-manpages {
pkgs = super;
};
sddm-theme-corners = import ../packages/sddm-theme-corners {
pkgs = super;
};
})
]

31
packages/sddm-theme-corners/default.nix
View file

@ -1,20 +1,17 @@
{pkgs}:
pkgs.stdenv.mkDerivation {
name = "sddm-theme-corners";
version = "1.0.0";
{pkgs}: {
sddm-theme-corners = pkgs.stdenv.mkDerivation {
name = "sddm-theme-corners";
version = "1.0.0";
installPhase = ''
mkdir -p $out/share/sddm/themes
cp -ar $src/corners $out/share/sddm/themes/
'';
src = pkgs.fetchFromGitHub {
owner = "aczw";
repo = "sddm-theme-corners";
rev = "6ff0ff455261badcae36cd7d151a34479f157a3c";
sha256 = "0iiasrbl7ciyhq3z02la636as915zk9ph063ac7vm5iwny8vgwh8";
installPhase = ''
mkdir -p $out/share/sddm/themes
cp -ar $src/corners $out/share/sddm/themes/
'';
src = pkgs.fetchFromGitHub {
owner = "aczw";
repo = "sddm-theme-corners";
rev = "6ff0ff455261badcae36cd7d151a34479f157a3c";
sha256 = "0iiasrbl7ciyhq3z02la636as915zk9ph063ac7vm5iwny8vgwh8";
};
};
buildInputs = with pkgs; [
libsForQt5.qt5.qtgraphicaleffects
];
}