mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-06-16 10:05:13 -05:00
feat: expanded all lists
This commit is contained in:
Nick
parent
59cc199722
commit
bb0b55b011
144 changed files with 1798 additions and 507 deletions
|
|
@ -1,7 +1,11 @@
|
|||
{
|
||||
nix.settings = {
|
||||
substituters = ["https://cosmic.cachix.org/"];
|
||||
trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
|
||||
substituters = [
|
||||
"https://cosmic.cachix.org/"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="
|
||||
];
|
||||
};
|
||||
|
||||
environment.sessionVariables.COSMIC_DATA_CONTROL_ENABLED = 1;
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
in {
|
||||
security = {
|
||||
doas = {
|
||||
|
|
@ -8,7 +11,9 @@ in {
|
|||
{
|
||||
keepEnv = true;
|
||||
noPass = true;
|
||||
users = [user0];
|
||||
users = [
|
||||
user0
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -13,13 +13,12 @@
|
|||
;
|
||||
};
|
||||
variables = {
|
||||
VIDEO_PLAYER = "vlc";
|
||||
VIDEO_PLAYER = "mpv";
|
||||
EDITOR = "hx";
|
||||
WLR_NO_HARDWARE_CURSORS = "1";
|
||||
WLR_DRM_NO_ATOMIC = "1";
|
||||
NIXPKGS_ALLOW_INSECURE = "1";
|
||||
NIXPKGS_ALLOW_UNFREE = "1";
|
||||
GRIM_DEFAULT_DIR = "$HOME/Pictures/screenshots/";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,15 +3,24 @@
|
|||
flake,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.aesthetics.themes.theme) font;
|
||||
inherit
|
||||
(flake.config.aesthetics.themes.theme)
|
||||
font
|
||||
;
|
||||
in {
|
||||
fonts = {
|
||||
fontconfig = {
|
||||
enable = true;
|
||||
defaultFonts = {
|
||||
serif = [font];
|
||||
monospace = [font];
|
||||
sansSerif = [font];
|
||||
serif = [
|
||||
font
|
||||
];
|
||||
monospace = [
|
||||
font
|
||||
];
|
||||
sansSerif = [
|
||||
font
|
||||
];
|
||||
emoji = ["Noto Fonts Color Emoji"];
|
||||
};
|
||||
antialias = true;
|
||||
|
|
|
|||
|
|
@ -4,7 +4,10 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
in {
|
||||
services = {
|
||||
greetd = {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,9 @@
|
|||
useUserPackages = true;
|
||||
backupFileExtension = "backup";
|
||||
extraSpecialArgs = {
|
||||
inherit flake;
|
||||
inherit
|
||||
flake
|
||||
;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -10,6 +10,8 @@
|
|||
};
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
extraPortals = [pkgs.xdg-desktop-portal-gtk];
|
||||
extraPortals = [
|
||||
pkgs.xdg-desktop-portal-gtk
|
||||
];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,7 +20,9 @@
|
|||
options = "--delete-older-than 10d";
|
||||
};
|
||||
settings = {
|
||||
substituters = ["https://hyprland.cachix.org"];
|
||||
substituters = [
|
||||
"https://hyprland.cachix.org"
|
||||
];
|
||||
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.services.instances) ollama web;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
ollama
|
||||
web
|
||||
;
|
||||
service = ollama;
|
||||
localhost = web.localhost.address0;
|
||||
in {
|
||||
|
|
@ -27,7 +31,9 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = ["Z ${service.paths.path1} 0755 ${service.name} ${service.name} -"];
|
||||
systemd.tmpfiles.rules = [
|
||||
"Z ${service.paths.path1} 0755 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.machines.devices) printer0 printer1;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
printer0
|
||||
printer1
|
||||
;
|
||||
genericPPD = "drv:///sample.drv/generic.ppd";
|
||||
pageSize = "Letter";
|
||||
in {
|
||||
|
|
|
|||
|
|
@ -3,9 +3,18 @@
|
|||
flake,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit (flake.config.people.users.${user0}) email;
|
||||
inherit (flake.config.services) instances;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
inherit
|
||||
(flake.config.people.users.${user0})
|
||||
email
|
||||
;
|
||||
inherit
|
||||
(flake.config.services)
|
||||
instances
|
||||
;
|
||||
domain0 = instances.web.domains.url0;
|
||||
domain1 = instances.web.domains.url1;
|
||||
domain3 = instances.web.domains.url3;
|
||||
|
|
@ -65,7 +74,9 @@ in {
|
|||
);
|
||||
};
|
||||
sops = let
|
||||
sopsSecrets = ["pass"];
|
||||
sopsSecrets = [
|
||||
"pass"
|
||||
];
|
||||
sopsPath = secret: {
|
||||
path = "/var/lib/secrets/${instances.acme.name}/${dns}-${secret}";
|
||||
owner = "root";
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.services.instances) caddy web;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
caddy
|
||||
web
|
||||
;
|
||||
|
||||
domain0 = web.domains.url0;
|
||||
|
||||
|
|
@ -17,7 +21,11 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
users.users.${service.name}.extraGroups = ["acme" "nextcloud" "mastodon"];
|
||||
users.users.${service.name}.extraGroups = [
|
||||
"acme"
|
||||
"nextcloud"
|
||||
"mastodon"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
|
|
|
|||
|
|
@ -3,8 +3,15 @@
|
|||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) forgejo web;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
forgejo
|
||||
web
|
||||
;
|
||||
service = forgejo;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url1}";
|
||||
|
|
@ -86,7 +93,9 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
|
||||
|
|
@ -95,7 +104,10 @@ in {
|
|||
"Z ${service.sops.path0} 755 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
users.users.${service.name}.extraGroups = ["caddy" "postgres"];
|
||||
users.users.${service.name}.extraGroups = [
|
||||
"caddy"
|
||||
"postgres"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
|
|
|
|||
|
|
@ -1,7 +1,17 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) jellyfin web;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
jellyfin
|
||||
web
|
||||
;
|
||||
service = jellyfin;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url0}";
|
||||
|
|
@ -35,7 +45,9 @@ in {
|
|||
fileSystems = let
|
||||
settings = {
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
in {
|
||||
|
|
|
|||
|
|
@ -5,8 +5,15 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) mastodon web;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
mastodon
|
||||
web
|
||||
;
|
||||
service = mastodon;
|
||||
host = web.domains.url1;
|
||||
localhost = web.localhost.address0;
|
||||
|
|
@ -68,23 +75,33 @@ in {
|
|||
sidekiqThreads = 25;
|
||||
sidekiqProcesses = {
|
||||
all = {
|
||||
jobClasses = [];
|
||||
jobClasses = [
|
||||
];
|
||||
threads = null;
|
||||
};
|
||||
default = {
|
||||
jobClasses = ["default"];
|
||||
jobClasses = [
|
||||
"default"
|
||||
];
|
||||
threads = 5;
|
||||
};
|
||||
ingress = {
|
||||
jobClasses = ["ingress"];
|
||||
jobClasses = [
|
||||
"ingress"
|
||||
];
|
||||
threads = 5;
|
||||
};
|
||||
push-pull = {
|
||||
jobClasses = ["push" "pull"];
|
||||
jobClasses = [
|
||||
"push"
|
||||
"pull"
|
||||
];
|
||||
threads = 5;
|
||||
};
|
||||
mailers = {
|
||||
jobClasses = ["mailers"];
|
||||
jobClasses = [
|
||||
"mailers"
|
||||
];
|
||||
threads = 5;
|
||||
};
|
||||
};
|
||||
|
|
@ -169,7 +186,9 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
|
||||
|
|
@ -178,11 +197,14 @@ in {
|
|||
"Z ${service.sops.path0} 0755 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
users.users.${service.name}.extraGroups = ["postgres"];
|
||||
users.users.${service.name}.extraGroups = [
|
||||
"postgres"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
allowedTCPPorts = [];
|
||||
allowedTCPPorts = [
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,8 +3,14 @@
|
|||
flake,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) minecraft;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
minecraft
|
||||
;
|
||||
service = minecraft;
|
||||
in {
|
||||
services = {
|
||||
|
|
@ -71,8 +77,12 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
depends = [server.storage0.mount];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [
|
||||
server.storage0.mount
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
|
|
|||
|
|
@ -4,10 +4,24 @@
|
|||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit (flake.config.people.users.${user0}) name;
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) nextcloud nginx web;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
inherit
|
||||
(flake.config.people.users.${user0})
|
||||
name
|
||||
;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
nextcloud
|
||||
nginx
|
||||
web
|
||||
;
|
||||
service = nextcloud;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url1}";
|
||||
|
|
@ -96,7 +110,9 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
|
||||
|
|
@ -105,7 +121,11 @@ in {
|
|||
"Z ${service.sops.path0} 750 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
users.users.${service.name}.extraGroups = ["caddy" "nginx" "postgres"];
|
||||
users.users.${service.name}.extraGroups = [
|
||||
"caddy"
|
||||
"nginx"
|
||||
"postgres"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
|
|
|
|||
|
|
@ -1,6 +1,13 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) ollama web;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
ollama
|
||||
web
|
||||
;
|
||||
service = ollama;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url0}";
|
||||
|
|
@ -45,11 +52,15 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = ["Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"];
|
||||
systemd.tmpfiles.rules = [
|
||||
"Z ${service.paths.path0} 0755 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
networking = {
|
||||
firewall = {
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.services.instances) owncast web;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
owncast
|
||||
web
|
||||
;
|
||||
service = owncast;
|
||||
localhost = web.localhost.address1;
|
||||
host = "${service.subdomain}.${web.domains.url1}";
|
||||
|
|
|
|||
|
|
@ -4,8 +4,16 @@
|
|||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) caddy peertube web;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
caddy
|
||||
peertube
|
||||
web
|
||||
;
|
||||
service = peertube;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url3}";
|
||||
|
|
@ -109,7 +117,9 @@ in {
|
|||
fileSystems."/var/lib/${service.name}" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [server.storage0.mount];
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -1,6 +1,12 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.machines.devices) server;
|
||||
inherit (flake.config.services.instances) postgresql;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
server
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
postgresql
|
||||
;
|
||||
|
||||
service = postgresql;
|
||||
in {
|
||||
|
|
@ -8,7 +14,13 @@ in {
|
|||
postgresqlBackup = {
|
||||
enable = true;
|
||||
location = service.paths.path0;
|
||||
databases = ["mastodon" "nextcloud" "peertube" "forgejo" "wiki"];
|
||||
databases = [
|
||||
"mastodon"
|
||||
"nextcloud"
|
||||
"peertube"
|
||||
"forgejo"
|
||||
"wiki"
|
||||
];
|
||||
};
|
||||
postgresql = {
|
||||
enable = true;
|
||||
|
|
@ -25,13 +37,23 @@ in {
|
|||
fileSystems."/var/lib/postgresql" = {
|
||||
device = service.paths.path0;
|
||||
fsType = "none";
|
||||
options = ["bind"];
|
||||
depends = [server.storage0.mount];
|
||||
options = [
|
||||
"bind"
|
||||
];
|
||||
depends = [
|
||||
server.storage0.mount
|
||||
];
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = ["Z ${service.paths.path0} 700 ${service.name} ${service.name} -"];
|
||||
systemd.tmpfiles.rules = [
|
||||
"Z ${service.paths.path0} 700 ${service.name} ${service.name} -"
|
||||
];
|
||||
|
||||
users.users.${service.name}.extraGroups = ["nextcloud" "mastodon" "forgejo"];
|
||||
users.users.${service.name}.extraGroups = [
|
||||
"nextcloud"
|
||||
"mastodon"
|
||||
"forgejo"
|
||||
];
|
||||
|
||||
system.activationScripts.postgresCommands = ''
|
||||
chown -R ${service.name}:${service.name} ${service.paths.path0}
|
||||
|
|
|
|||
|
|
@ -3,7 +3,11 @@
|
|||
flake,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.services.instances) samba jellyfin;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
samba
|
||||
jellyfin
|
||||
;
|
||||
service = samba;
|
||||
in {
|
||||
# If you ever need to start fresh, you need to add yourself to the Samba users database:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,9 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.services.instances) upRootNutrition web;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
upRootNutrition
|
||||
web
|
||||
;
|
||||
service = upRootNutrition;
|
||||
host = web.domains.url3;
|
||||
in {
|
||||
|
|
|
|||
|
|
@ -3,7 +3,11 @@
|
|||
config,
|
||||
...
|
||||
}: let
|
||||
inherit (flake.config.services.instances) vaultwarden web;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
vaultwarden
|
||||
web
|
||||
;
|
||||
service = vaultwarden;
|
||||
localhost = web.localhost.address0;
|
||||
host = "${service.subdomain}.${web.domains.url0}";
|
||||
|
|
|
|||
|
|
@ -1,5 +1,8 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
in {
|
||||
sops = {
|
||||
defaultSopsFile = ../../secrets/secrets.yaml;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,12 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.people) user0;
|
||||
inherit (flake.config.people.users.${user0}) sshKeys;
|
||||
inherit
|
||||
(flake.config.people)
|
||||
user0
|
||||
;
|
||||
inherit
|
||||
(flake.config.people.users.${user0})
|
||||
sshKeys
|
||||
;
|
||||
in {
|
||||
users.users.${user0} = {
|
||||
openssh.authorizedKeys.keys = sshKeys;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,15 @@
|
|||
{flake, ...}: let
|
||||
inherit (flake.config.machines.devices) synology phone tablet;
|
||||
inherit (flake.config.services.instances) syncthing web;
|
||||
inherit
|
||||
(flake.config.machines.devices)
|
||||
synology
|
||||
phone
|
||||
tablet
|
||||
;
|
||||
inherit
|
||||
(flake.config.services.instances)
|
||||
syncthing
|
||||
web
|
||||
;
|
||||
service = syncthing;
|
||||
localhost = web.localhost.address0;
|
||||
in {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue