ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-08-21 11:14:07 -05:00
commit 399478d791
50 changed files with 2882 additions and 470 deletions
Download patch file Download diff file Expand all files Collapse all files

1
common/_containers/forgejo.nix
View file

@ -7,6 +7,7 @@ let
name = "forgejo";
hostDataDir = "/var/lib/${name}";
hostAddress = "10.0.0.1";
containerAddress = "10.0.0.2";
hostAddress6 = "fc00::1";

3
common/_containers/librechat.nix
View file

@ -65,8 +65,6 @@ in
MEILI_MASTER_KEY = "ringofstormsLibreChat";
RAG_PORT = toString cfg.ragPort;
RAG_API_URL = "http://librechat_rag_api:${toString cfg.ragPort}";
# DEBUG_CONSOLE = "true";
# DEBUG_LOGGING = "true";
};
environmentFiles = [ "${cfg.dataDir}/.env" ];
volumes = [
@ -129,7 +127,6 @@ in
environment = {
DB_HOST = "librechat_vectordb";
RAG_PORT = toString cfg.ragPort;
OPENAI_API_KEY = "not_using_openai";
};
dependsOn = [ "librechat_vectordb" ];
environmentFiles = [ "${cfg.dataDir}/.env" ];

66
common/_home_manager/mods/ssh.nix
View file

@ -1,6 +1,16 @@
{ osConfig, ... }:
{
osConfig,
lib,
...
}:
let
inherit (osConfig) age;
hasSecret =
secret:
let
secrets = age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
# TODO can I put all IP's in the flake.nix top level settings and pull them in here instead?
@ -12,43 +22,43 @@ in
'';
matchBlocks = {
# EXTERNAL
"github.com" = {
"github.com" = lib.mkIf (hasSecret "nix2github") {
identityFile = age.secrets.nix2github.path;
};
"bitbucket.org" = {
"bitbucket.org" = lib.mkIf (hasSecret "nix2bitbucket") {
identityFile = age.secrets.nix2bitbucket.path;
};
# "git.joshuabell.xyz" = {
# "git.joshuabell.xyz" = lib.mkIf (hasSecret "nix2gitjosh") { # TODO remove old
# identityFile = age.secrets.nix2gitjosh.path;
# user = "git";
# };
"git.joshuabell.xyz" = {
"git.joshuabell.xyz" = lib.mkIf (hasSecret "nix2gitforgejo") {
identityFile = age.secrets.nix2gitforgejo.path;
user = "git";
};
# PERSONAL DEVICES
"lio" = {
"lio" = lib.mkIf (hasSecret "nix2lio") {
identityFile = age.secrets.nix2lio.path;
user = "josh";
};
"lio_" = {
"lio_" = lib.mkIf (hasSecret "nix2lio") {
identityFile = age.secrets.nix2lio.path;
hostname = "10.12.14.116";
user = "josh";
};
"oren" = {
"oren" = lib.mkIf (hasSecret "nix2oren") {
identityFile = age.secrets.nix2oren.path;
user = "josh";
};
"joe" = {
"joe" = lib.mkIf (hasSecret "nix2joe") {
identityFile = age.secrets.nix2joe.path;
user = "ringo";
};
"gp3" = {
"gp3" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
user = "josh";
};
"t" = {
"t" = lib.mkIf (hasSecret "nix2t") {
identityFile = age.secrets.nix2t.path;
user = "joshua.bell";
localForwards = [
@ -67,7 +77,7 @@ in
TERM = "vt100";
};
};
"t_" = {
"t_" = lib.mkIf (hasSecret "nix2t") {
identityFile = age.secrets.nix2t.path;
hostname = "10.12.14.103";
user = "joshua.bell";
@ -75,72 +85,72 @@ in
TERM = "vt100";
};
};
"mbptv" = {
"mbptv" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
user = "waka";
setEnv = {
TERM = "vt100";
};
};
"mbptv_" = {
"mbptv_" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
hostname = "10.12.14.101";
hostname = "10.12.14.30";
user = "waka";
setEnv = {
TERM = "vt100";
};
};
"nothing1" = {
"nothing1" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
user = "TODO";
};
"tab1" = {
"tab1" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
user = "TODO";
};
"pixel6" = {
"pixel6" = lib.mkIf (hasSecret "nix2gpdPocket3") {
identityFile = age.secrets.nix2gpdPocket3.path;
user = "TODO";
};
# HOME SERVERS
"h001" = {
"h001" = lib.mkIf (hasSecret "nix2h001") {
identityFile = age.secrets.nix2h001.path;
user = "luser";
};
"h001_" = {
"h001_" = lib.mkIf (hasSecret "nix2h001") {
identityFile = age.secrets.nix2h001.path;
hostname = "10.12.14.2";
hostname = "10.12.14.10";
user = "luser";
};
"h002" = {
"h002" = lib.mkIf (hasSecret "nix2h002") {
identityFile = age.secrets.nix2h002.path;
user = "luser";
};
"h003" = {
"h003" = lib.mkIf (hasSecret "nix2h003") {
identityFile = age.secrets.nix2h003.path;
user = "luser";
};
# LINODE SERVERS
"l001" = {
"l001" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
hostname = "172.236.111.33"; # Not on the tailscale network it is the primary host
user = "root";
};
"l002_" = {
"l002_" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
hostname = "172.234.26.141";
user = "root";
};
"l002" = {
"l002" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
user = "root";
};
# ORACLE SERVERS
"o001" = {
"o001" = lib.mkIf (hasSecret "nix2oracle") {
identityFile = age.secrets.nix2oracle.path;
user = "root";
};
"o001_" = {
"o001_" = lib.mkIf (hasSecret "nix2oracle") {
identityFile = age.secrets.nix2oracle.path;
hostname = "64.181.210.7";
user = "root";

0
common/_services/forejo.nix Normal file
View file

0
common/_services/librechat.nix Normal file
View file

5
common/desktop_environment/default.nix
View file

@ -6,6 +6,7 @@ in
{
imports = [
./gnome
./hyprland
];
config = {
assertions = [
@ -16,6 +17,10 @@ in
name = "gnome";
enabled = cfg.gnome.enable;
}
{
name = "hyprland";
enabled = cfg.hyprland.enable;
}
];
in
{

87
common/desktop_environment/hyprland/default.nix Normal file
View file

@ -0,0 +1,87 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
with lib;
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "hyprland desktop environment";
terminalCommand = mkOption {
type = lib.types.str;
default = "kitty";
description = "The terminal command to use.";
};
extraOptions = mkOption {
type = lib.types.attrs;
default = { };
description = "Extra options for Hyprland configuration.";
};
};
config = lib.mkIf cfg.enable {
# Enable for all users
home-manager = {
sharedModules = [
./home_manager
];
};
# Display Manager
services = {
displayManager = {
sddm = {
enable = true;
wayland.enable = true;
};
};
};
# Caps Lock as Escape for console/tty
console.useXkbConfig = true;
services.xserver.xkb = {
layout = "us";
options = "caps:escape";
};
hardware.graphics.enable = true;
environment.systemPackages = with pkgs; [
wl-clipboard
wl-clip-persist
wofi
nemo
feh
];
programs.hyprland = {
enable = true;
xwayland.enable = true;
withUWSM = true;
};
# Environment variables
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
GTK_THEME = "Adwaita:dark";
};
# Qt theming
qt = {
enable = true;
platformTheme = "gtk2";
style = "adwaita-dark";
};
};
}

13
common/desktop_environment/hyprland/home_manager/default.nix Normal file
View file

@ -0,0 +1,13 @@
{ ... }:
{
imports = [
./theme.nix
./hyprland.nix
./hyprpanel.nix
./hyprpolkitagent.nix
# ./quickshell.nix # TODO replace hyprpanel with custom quickshell...
./wofi.nix
# ./swaync.nix # notifications, hyprpanel has notifications but I want to replace hyprpanel sometime so keeping this here as reference
./swaylock.nix
];
}

154
common/desktop_environment/hyprland/home_manager/hyprland.nix Normal file
View file

@ -0,0 +1,154 @@
{
osConfig,
lib,
pkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
wayland.windowManager.hyprland = {
enable = true;
# set the Hyprland and XDPH packages to null to use the ones from the NixOS module
package = null;
portalPackage = null;
plugins = with pkgs.hyprlandPlugins; [
hyprspace
];
settings = lib.attrsets.recursiveUpdate {
# exec-once = [
# "waybar"
# ];
# Default monitor configuration
monitor = "monitor = , preferred, auto, 1";
# Add window rules for hyprpanel stability
windowrulev2 = [
"stayfocused, class:^(hyprpanel)$"
"pin, class:^(hyprpanel)$"
];
# Input configuration
input = {
kb_layout = "us";
kb_options = "caps:escape";
follow_mouse = 2;
touchpad = {
natural_scroll = true;
disable_while_typing = true;
};
};
# General settings
general = {
gaps_in = 2;
gaps_out = 4;
border_size = 1;
"col.active_border" = "rgba(797979aa)";
"col.inactive_border" = "rgba(393939aa)";
layout = "dwindle";
};
# Decoration
decoration = {
rounding = 4;
blur.enabled = false;
};
# Animations
animations = {
enabled = false;
};
# Layout
dwindle = {
pseudotile = true;
preserve_split = true;
};
# Misc
misc = {
force_default_wallpaper = 0;
disable_hyprland_logo = true;
disable_splash_rendering = true;
};
# Key bindings
"$mainMod" = "SUPER";
bind = [
# Applications
"$mainMod, Return, exec, ${cfg.terminalCommand}"
"$mainMod, Space, exec, pkill wofi || wofi --show drun"
"$mainMod, q, killactive"
"$mainMod SHIFT, q, exec, swaylock"
"$mainMod, f, togglefloating"
"$mainMod, g, pseudo"
"$mainMod, t, togglesplit"
# Move focus with mainMod + hjkl
"$mainMod, h, movefocus, l"
"$mainMod, l, movefocus, r"
"$mainMod, k, movefocus, u"
"$mainMod, j, movefocus, d"
# Switch workspaces with mainMod + [0-9]
"$mainMod, 1, workspace, 1"
"$mainMod, 2, workspace, 2"
"$mainMod, 3, workspace, 3"
"$mainMod, 4, workspace, 4"
"$mainMod, 5, workspace, 5"
"$mainMod, 6, workspace, 6"
"$mainMod, 7, workspace, 7"
"$mainMod, 8, workspace, 8"
"$mainMod, 9, workspace, 9"
"$mainMod, 0, workspace, 10"
# Window management (similar to your GNOME setup)
"$mainMod SHIFT, h, movewindow, l"
"$mainMod SHIFT, l, movewindow, r"
"$mainMod SHIFT, k, movewindow, u"
"$mainMod SHIFT, j, movewindow, d"
"$mainMod SHIFT, n, movetoworkspace, m+1"
"$mainMod SHIFT, p, movetoworkspace, m-1"
# Screenshots
", Print, exec, grimblast copy area"
];
bindr = [
# overview
"$mainMod, SUPER_L, overview:toggle"
];
binde = [
# Move between workspaces
"$mainMod, n, workspace, r+1"
"$mainMod, p, workspace, r-1"
# Resize windows
"$mainMod CTRL, h, resizeactive, -40 0"
"$mainMod CTRL, l, resizeactive, 40 0"
"$mainMod CTRL, k, resizeactive, 0 -20"
"$mainMod CTRL, j, resizeactive, 0 20"
];
# Mouse bindings
bindm = [
"$mainMod, mouse:272, movewindow"
"$mainMod, mouse:273, resizewindow"
];
} cfg.extraOptions;
};
}

159
common/desktop_environment/hyprland/home_manager/hyprpanel.nix Normal file
View file

@ -0,0 +1,159 @@
{
pkgs,
lib,
...
}:
{
home.packages = with pkgs; [
# aylurs-gtk-shell-git
wireplumber
libgtop
bluez
bluez-tools
networkmanager
dart-sass
wl-clipboard
upower
gvfs
gtksourceview3
libchamplain_libsoup3 # libsoup3
## Used for Tracking GPU Usage in your Dashboard (NVidia only)
# python
# python-gpustat
## To control screen/keyboard brightness
brightnessctl
## Only if a pywal hook from wallpaper changes applied through settings is desired
# pywal
## To check for pacman updates in the default script used in the updates module
# pacman-contrib
## To switch between power profiles in the battery module
power-profiles-daemon
## To take snapshots with the default snapshot shortcut in the dashboard
grimblast
## To record screen through the dashboard record shortcut
wf-recorder
## To enable the eyedropper color picker with the default snapshot shortcut in the dashboard
hyprpicker
## To enable hyprland's very own blue light filter
hyprsunset
## To click resource/stat bars in the dashboard and open btop
btop
## To enable matugen based color theming
# matugen
## To enable matugen based color theming and setting wallpapers
# swww
];
# uncomment this to make it possible to use the normal config agent using
# > hyprpanel toggleWindow settings-dialog
# xdg.configFile.hyprpanel.target = lib.mkForce "hyprpanel/config.generated.json";
programs.hyprpanel = {
enable = true;
settings = {
bar.layouts = {
"DP-1" = {
left = [
# "dashboard"
"workspaces"
"media"
"volume"
];
middle = [
"notifications"
"clock"
"cputemp"
"cpu"
"ram"
"storage"
];
right = [
"netstat"
"network"
"bluetooth"
# "battery"
# "updates"
"kbinput"
"power"
];
};
"*" = {
left = [
"workspaces"
];
middle = [
"clock"
];
right = [
"systray"
"cava"
];
};
};
bar.workspaces = {
# workspaces = 10;
show_icons = false;
show_numbered = false;
showWsIcons = true;
showApplicationIcons = false;
workspaceMask = true;
numbered_active_indicator = "highlight";
workspaceIconMap = {
"1" = ""; # "1" いち | ひとつ
"2" = ""; # "2" に | ふたつ
"3" = ""; # "3" さん | みっつ
"4" = ""; # "4" し | よん
"5" = ""; # "5" ご | いつつ
"6" = ""; # "6" ろく | むっつ
"7" = ""; # "7" しち | ななつ
"8" = ""; # "8" はち | やっつ
"9" = ""; # "9" きゅう | ここのつ
"10" = ""; # "10" じゅう | とお
"11" = ""; # "11" じゅういち | じゅうひとつ
"12" = ""; # "12" じゅうに | じゅうふたつ
"13" = ""; # "13" じゅうさん | じゅうみっつ
"14" = ""; # "14" じゅうし | じゅうよん
"15" = ""; # "15" じゅうご | じゅういつつ
"16" = ""; # "16" じゅうろく | じゅうむっつ
"17" = ""; # "17" じゅうしち | じゅうななつ
"18" = ""; # "18" じゅうはち | じゅうやっつ
"19" = ""; # "19" じゅうきゅう | じゅうここのつ
"20" = ""; # "20" にじゅう | にじっつ
};
};
notifications.ignore = [ "spotify" ];
customModules = {
cava = {
showActiveOnly = true;
showIcon = false;
icon = "";
};
};
theme = {
matugen = false;
name = "tokyo-night-vivid";
font = {
name = "JetBrainsMonoNL Nerd Font Regular";
size = "12px";
};
bar = {
transparent = true;
floating = true;
outer_spacing = "0px";
margin_bottom = "0px";
margin_top = "0px";
margin_sides = "0px";
};
};
wallpaper = {
enable = false;
image = "";
};
};
};
}

8
common/desktop_environment/hyprland/home_manager/hyprpolkitagent.nix Normal file
View file

@ -0,0 +1,8 @@
{
...
}:
{
services.hyprpolkitagent = {
enable = true;
};
}

30
common/desktop_environment/hyprland/home_manager/quickshell.nix Normal file
View file

@ -0,0 +1,30 @@
{
osConfig,
lib,
pkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
home.packages = with pkgs; [
quickshell
pulseaudio
brightnessctl
networkmanager
bluez
bluez-tools
power-profiles-daemon
upower
systemd
hyprlock
];
}

17
common/desktop_environment/hyprland/home_manager/swaylock.nix Normal file
View file

@ -0,0 +1,17 @@
{
...
}:
{
programs.swaylock = {
enable = true;
settings = {
color = "#000000";
indicator-caps-lock = true;
indicator-idle-visible = true;
indicator-radius = 100;
indicator-thickness = 10;
font = "JetBrainsMono Nerd Font Regular";
font-size = 20;
};
};
}

8
common/desktop_environment/hyprland/home_manager/swaync.nix Normal file
View file

@ -0,0 +1,8 @@
{
...
}:
{
services.swaync = {
enable = true;
};
}

18
common/desktop_environment/hyprland/home_manager/template.nix Normal file
View file

@ -0,0 +1,18 @@
{
osConfig,
lib,
pkgs,
...
}:
let
ccfg = import ../../../config.nix;
cfg_path = [
ccfg.custom_config_key
"desktopEnvironment"
"hyprland"
];
cfg = lib.attrsets.getAttrFromPath cfg_path osConfig;
in
{
}

32
common/desktop_environment/hyprland/home_manager/theme.nix Normal file
View file

@ -0,0 +1,32 @@
{
pkgs,
...
}:
{
home.pointerCursor = {
gtk.enable = true;
# x11.enable = true;
package = pkgs.bibata-cursors;
name = "Bibata-Modern-Classic";
size = 16;
};
# GTK theming
gtk = {
enable = true;
theme = {
package = pkgs.flat-remix-gtk;
name = "Flat-Remix-GTK-Grey-Darkest";
};
iconTheme = {
package = pkgs.adwaita-icon-theme;
name = "Adwaita";
};
font = {
name = "Sans";
size = 11;
};
};
}

26
common/desktop_environment/hyprland/home_manager/wofi.nix Normal file
View file

@ -0,0 +1,26 @@
{
...
}:
{
programs.wofi = {
enable = true;
settings = {
width = 500;
height = 600;
location = "bottom";
show = "drun";
prompt = "...";
filter_rate = 100;
allow_markup = true;
no_actions = true;
halign = "fill";
orientation = "vertical";
content_halign = "fill";
insensitive = true;
allow_images = true;
image_size = 40;
gtk_dark = true;
};
};
}

35
common/flake.lock generated
View file

@ -153,22 +153,6 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1741379970,
@ -185,23 +169,6 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"locked": {
"lastModified": 1754526276,
"narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=",
"owner": "sst",
"repo": "opencode",
"rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.133",
"repo": "opencode",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
@ -228,8 +195,6 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
}
},

29
common/flake.nix
View file

@ -4,11 +4,6 @@
home-manager.url = "github:rycee/home-manager/release-25.05";
ragenix.url = "github:yaxitech/ragenix";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
# tmp
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
opencode.url = "github:sst/opencode/v0.3.133";
opencode.flake = false;
};
outputs =
@ -16,8 +11,6 @@
home-manager,
ragenix,
nix-flatpak,
opencode,
nixpkgs-unstable,
...
}:
{
@ -30,27 +23,6 @@
}:
{
imports = [
(
{ ... }:
{
nixpkgs.overlays = [
(final: prev: {
opencode = nixpkgs-unstable.legacyPackages.${prev.system}.opencode.overrideAttrs (old: rec {
version = "0.3.133";
src = opencode;
node_modules = old.node_modules.overrideAttrs (nmOld: {
outputHash = "sha256-oZa8O0iK5uSJjl6fOdnjqjIuG//ihrj4six3FUdfob8=";
});
tui = old.tui.overrideAttrs (tuiOld: {
src = src;
modRoot = "packages/tui";
vendorHash = "sha256-uHb7fAiZ8XNGq9YZ6drNYU1SoKrWMgXpTfudOMvmcHU=";
});
});
})
];
}
)
home-manager.nixosModules.home-manager
ragenix.nixosModules.age
nix-flatpak.nixosModules.nix-flatpak
@ -64,7 +36,6 @@
./secrets
];
config = {
_module.args = {
inherit ragenix;
};

2
common/general/shell/common.nix
View file

@ -12,6 +12,7 @@ with lib;
nano
wget
curl
jq
fastfetch
bat
htop
@ -23,6 +24,7 @@ with lib;
killall
hdparm
speedtest-cli
lf
];
environment.shellAliases = {

2
common/programs/default.nix
View file

@ -14,7 +14,7 @@ in
./podman.nix
./incus.nix
./flatpaks.nix
./opencode.nix
./virt-manager.nix
];
config = {
assertions = [

34
common/programs/opencode.nix
View file

@ -1,34 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"opencode"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "opencode";
};
config = lib.mkIf cfg.enable ({
environment.systemPackages = with pkgs; [
opencode
];
environment.shellAliases = {
"oc" = "all_proxy='' http_proxy='' https_proxy='' opencode";
};
});
}

42
common/programs/virt-manager.nix Normal file
View file

@ -0,0 +1,42 @@
{
config,
lib,
...
}:
let
ccfg = import ../config.nix;
cfg_path = [
ccfg.custom_config_key
"programs"
"virt-manager"
];
cfg = lib.attrsets.getAttrFromPath cfg_path config;
users_cfg = config.${ccfg.custom_config_key}.users;
in
{
options =
{ }
// lib.attrsets.setAttrByPath cfg_path {
enable = lib.mkEnableOption "Enable virt manager/quemu";
users = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = builtins.attrNames users_cfg;
description = "Users to configure for virt-manager.";
};
};
config = lib.mkIf cfg.enable {
services.qemuGuest.enable = true;
services.spice-vdagentd.enable = true;
programs.virt-manager = {
enable = true;
};
virtualisation = {
libvirtd.enable = true;
spiceUSBRedirection.enable = true;
};
users.groups.libvirtd.members = cfg.users;
};
}

14
common/secrets/default.nix
View file

@ -54,6 +54,10 @@ in
file = ./secrets/nix2gitforgejo.age;
owner = users_cfg.primary;
};
nix2nix = {
file = ./secrets/nix2nix.age;
owner = users_cfg.primary;
};
nix2h001 = {
file = ./secrets/nix2h001.age;
owner = users_cfg.primary;
@ -114,6 +118,16 @@ in
file = ./secrets/us_chi_wg.age;
owner = users_cfg.primary;
};
# zitadel_master_key = {
# file = ./secrets/zitadel_master_key.age;
# owner = users_cfg.primary;
# mode = "444"; # World readable!
# };
# vaultwarden_env = {
# file = ./secrets/vaultwarden_env.age;
# owner = users_cfg.primary;
# mode = "444"; # World readable!
# };
};
};
};

51
common/secrets/secrets/nix2nix.age Normal file
View file

@ -0,0 +1,51 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBiSHRC
QUVCMnBYdDJXUjgweVNiQ1loTlkxMWxjV3haODdWeFFOOXVrb0NrCkVZRzZYZVNR
RkRBTlRtOFhLZUkxRnM0UmR6S3hzdTcvUGwvV083RU5Hc1UKLT4gc3NoLWVkMjU1
MTkgSmh2TCtRIG1HWmhGSG9ZQmNoWEZvWDBta3V0L1I0cTE3c1orMlp3ZTI0OW5F
TDBaeUkKSWFjSlQrdGtnVlVzNWp3VHBhcm05QTNKZUZrK0g5RWRJY1ROWHYrUWpY
TQotPiBzc2gtZWQyNTUxOSBTcENqQlEgR09DZnpLcW04TkpDa1crTHg4RG1FdmJh
T2V2VGJhWC94cm9IbWY3bmtrWQpmSGMrRHdreDNXOUlZRXdUQ3IzU3dMOVU4c2hH
YlpTMHdBZkxKcWJrMjBRCi0+IHNzaC1lZDI1NTE5IEJZS0crdyBaZ0RPdUhTV29y
QXN5N04vU2gwc0VEdzUyNDdBMU55VHZmK2Fjc0N1bTFvClRDY0hoRDRsd3ZSSlVr
RlJHR2VHbGxZYlRKK0hkV2lYWXFMUEM2UzZYUW8KLT4gc3NoLWVkMjU1MTkgWHpm
bWFRIFBqUlZoWW9oMWtoM00yU2oybzNuTXFvYXJjS3I0MHpFN3owUWZtQWdrRWcK
S0RGOU9jUFJxY0ZmWFJmaU9GaFNjNjhSZk84MFRmcE12SjliSmpEMWpFcwotPiBz
c2gtZWQyNTUxOSBSNSt4ZncgZ3A0NUtnS0JMN1dINStSOUlNSitxWWZRaEk1Qld0
aXp1V3Z3dVM1TUcxcwo1cENLMTNiSlJkeHNNamQyMGFvQ3FWNHBJYVVNSzhVdE9P
MkZVWnJmeWI4Ci0+IHNzaC1lZDI1NTE5IFJvWDVQUSBObzFBR1pKbTdpVlIvMWpa
bWlxd2Uwb01KYkZtMmhXRmZCRlgySW82bERNCk9kaDlRV0JxRDRvdTlxWU1xM1hF
YUtnL2lKQTQ5T0dFdEEvT2hTaXdmbVEKLT4gc3NoLWVkMjU1MTkgRjRiYjhnIC8w
d1hwSEw0Rkg1RE10Nm9oUlk5a1hKS1dJdGNyTHV3anhtcU9Ob0EwWG8KNXNHeWxp
Q296SjRsR1lSQmpDU1JCbngrVWQ1M2NNOGhLdkQ5REQ5dkFiUQotPiBzc2gtZWQy
NTUxOSB3ZHJaSkEgM1FWOGVtdzVERTl1dXpzYndmbGd2c0w0a1phczlaZy9wSzZw
Z20wZFpXTQp2azFzbkVDeWR3eFFhZTloRFlhK3c1Z01vaXdGYkVBNit0QWErRVNL
MWdRCi0+IHNzaC1lZDI1NTE5IDVhZHFNZyBmMG0wRHJDVzJBU1ZoRFRzdlRvOWZi
TDM0VWpKcUY4V3EyTzlBbWZlOWlZCmI3VHlqYitMODE1LzUvWkhoODl1WVVCM3hl
YWg2WWFlUUhkQ0lvbXovVTQKLT4gc3NoLWVkMjU1MTkgWmUxTXdRIHJON3RGNDYy
Sk82TnNwUHhOYVE0WGoxTFdIUXAwSlROMkl6YWVEYk5tMkUKd3M3VzA4dWVoVVZH
VW9zcHd5cEtadUJMWTJacFhkcUkwNDcyT2xHNUxBOAotPiBzc2gtZWQyNTUxOSBw
ZUZCUWcgbGdIakg4b1JzMkgybmpScFE4bmFreTF6ck9aM0hXbm1nYXl1V09CUVBq
OApLaGJHdEpjUEdjNVJEQXZvOUVxcllEckxmWVdCVkJPeXFDVnQ1cFI3cEE0Ci0+
IHNzaC1lZDI1NTE5IDl2LzJIQSB0NXNaZEtyQk1SMm93b2t6OGp1OHRUWXZwdWpa
Z21sVlJ0QmM3bW55MUdnCnZCRlVCdWRqN0hIVHRIWVBIYUdvTGYzWUxpRHY4WVZ6
MFlXcUk5anlrMGcKLT4gc3NoLWVkMjU1MTkga0hrMmdBIG5TTllCeWJtUkpTbVpQ
NzF4S1lIWk41aHR1Skw3ZDJxSnBhZ2NHNTdra1kKRW8yeit2SDA2S2xCU1pueHlY
NXo5WVIxaDBiS3dFMURkbnBQM3M5V09hQQotPiBzc2gtZWQyNTUxOSBJb3NBQlEg
K1pUM1pkWDIrd3djSThuNVFrTlBQQ2pOa0ZIRHRLZERnV2xkRitWNXBHNAozZjZs
MXhvUWM0elJkdEw3MlcvU2xBUXU5VThMVFB5NUZmTnhsVDBncVBBCi0+IHFjeUMt
Z3JlYXNlIGU3KmRuajM7IDZWCjJ0TWVnSmZRYy9aK3RSNWludGI4emdrSU9KV1dw
OUtYK3NUZldNcFZid2ZZMzRPZlFKRCtZbitPZ3hMV3FZaDAKdjJjeEVWUjc4Q1pk
L2tuSUZ0cVFDQ1YzOWxHdWVoT1hZQ2IyNW5XMEJ1UmJDckdTTzY2TnZmNGIwRy9H
S3JWbQoKLS0tIHVNQTFWNkhLMlVMMCtPU1plSVVBQ0FtZGlKNktSbXJKMjlsaVJx
L2RkNmMKL4QzBzzSOYmRx+8QC3YrvNX3hbfvPPP5gp2kfFK0clqTId3/UZu4qkOt
jUlhRTRWqv+ggJAHjyBCIPQP3BgHb6EDH0B2+ZaE/fXepvIaPnvInIoc+W7Dr8wA
JqgeDOtBWwuKKonGvPcATT3URZ8i5oGGHbyYGyQmeDjw7XdOQU78n8/sgm9bvOPK
woEE1G5tBvOXPWZXxgIlb01J/1LxLhmk7mmB5hyGgzG1kXyDHxcNmSytWNLe/6ly
v9mZSXAT97PPLJJcdwzd57tDav7yXXiNq8Wg5jxZR+YtyhmDX5BHcw/0nJr6CU0R
8bAsraBf1+zUoGYG0XKnqSCCb0Ky8rZYtG+KlN/aFRJ4T2RgLVIzncRvzL3evOa1
52POfhB26YyMdV2kQ82V5UJXEFHkjdjwixp7n5jxg3MKxZlCumyPCuUe11W9tRtV
UQPNxdhgOH8GZAm8m6JxECtJ3Xx3XpGG5nZSLPCDoIQnetqShb1vyc06AQKMdUnP
FBXj0edHQE1DRQoVtcSq1+1v7CmLb4iR7yFGgbiuuRzyn2I2YNX6jxsn+u8z/roD
jvGrIE8=
-----END AGE ENCRYPTED FILE-----

88
common/secrets/secrets/secrets.nix
View file

@ -7,23 +7,50 @@
# `nix run github:yaxitech/ragenix -- -i ~/.ssh/ragenix_authority --rules ~/.config/nixos-config/common/secrets/secrets.nix` <-r(eykey)|-e(edit) <File>>
let
publicKeys = [
authorityKey = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBdG4tG18VeuEr/g4GM7HWUzHuUVcR9k6oS3TPBs4JRF ragenix authority key"
];
gpdPocket3 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzAQ2Dzl8EvQtYLjEZS5K0bQeNop8QRkwrfxMkBagW2 root@gpdPocket3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIr/aS0qyn5hCLR6wH1P2GhH3hGOqniewMkIseGZ23HB josh@gpdPocket3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002"
];
lio = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGp6oInUcGVnDl5axV1EHflMfZUiHxtqNa4eAuye/av root@lio"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxNhtJNx/y4W54kAGmm2pF80l437z1RLWl/GTVKy0Pd josh@lio"
];
joe = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG4PwrrOuZJWRjlc2dKBUKKE4ybqifJeVOn7x9J5IxIS josh@joe"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP+GYfPPKxR/18RdD736G7IQhImX/CYU3A+Gifud3CHg root@joe"
];
oren = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK7bNX7R9ApoX/cHdXIhQdpA2sHrC9ii6VAulboAIJM2 root@oren"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICauUtSa71+oQAiLxp3GMMbmNXcbr9Mc7eK8b/lqZbbS josh@oren"
];
h001 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGTAz6n35c3r8kSuWJM1JzMVx6jK+0EBwpJA5eTIvy3N root@h001"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRHer3NrJiklp4oDNRCzDxc9fXpXn5rPAXGFce8ugy2 luser@h001"
];
h002 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB9GW9W3DT9AqTonG5rDta3ziZdYOEEdukh2ErJfHxoP root@h002"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC60tzOVF0mcyfnYK2V/omzikuyE8Ol0K+yAjGxBV7q4 luser@h002"
];
h003 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHsV5r9sWYgrr9t9p12Epzm6WtxN/XsKSCb46+ODQvVT root@h003"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILQLt2Hc+CN6+e7/sf3Fv0FQlp6+yrIbIJ/J9AdnJCjI luser@h003"
];
trustedKeys = authorityKey ++ gpdPocket3 ++ lio ++ joe ++ oren ++ h001 ++ h002 ++ h003;
o001 = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFrwvahx1x4rue28QHCzyADQndOeTESIv80f7d00NXWT" # root
];
in
{
## To make a new secret:
@ -35,64 +62,73 @@ in
# Git keys
"nix2github.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2bitbucket.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2gitforgejo.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2gitjosh.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2nix.age" = {
publicKeys = trustedKeys;
};
# Server keys
"nix2h001.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2h002.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2h003.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2joe.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2gpdPocket3.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2t.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2l002.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuo6L6V52AzdQIK6fWW9s0aX1yKUUTXbPd8v8IU9p2o nix2linode
"nix2linode.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG90Gg6dV3yhZ5+X40vICbeBwV9rfD39/8l9QSqluTw8 nix2oracle
"nix2oracle.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2lio.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"nix2oren.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
# Others
"github_read_token.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"headscale_auth.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"obsidian_sync_env.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
"us_chi_wg.age" = {
inherit publicKeys;
publicKeys = trustedKeys;
};
# "zitadel_master_key.age" = {
# # h001 only
# publicKeys = authorityKey ++ h001;
# };
# "vaultwarden_env.age" = {
# # h001 only
# publicKeys = authorityKey ++ o001;
# };
}

20
common/secrets/secrets/vaultwarden_env.age Normal file
View file

@ -0,0 +1,20 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USBMZ0VT
QWNCOUNSZ3ZPcmFFcXMvZkFqMVkxV1dRSDNLOTFzUExoc0F3dENFCldFZHdNSDdm
ZUR2eC94Y0cyRWJnTTRnSTlTRUlUSHlLS09IS2ZwZmVhOU0KLT4gc3NoLWVkMjU1
MTkgc2EwSmpnIGlNaHFLQ0tZeFFLR1ZPZnpCbHEzdlZXWUxjWFNmMUdMVjdQUHlJ
cTJUVkEKcERQMVNNcmxQekUra2tUNUhyVTAxVThSb3RPRFBOOWMwRlFqUnRQQm13
RQotPiAiXzVSX3wtZ3JlYXNlICpQMQpHUk5aSHJPRnNjQVR4Y2Q2TkhzU01SWWhh
TjBpb1JXbVFwSUxlT1BObEg0N2syNUJjUlc2TVJueVlyTXJRckQwCnhNOUZIVlVh
UG96d0pibVJsdmdNekJFUHg0NXFpa1JSd2lBdzN2S2JxenVMNVpWQ2hxRXlWUjFy
TWcKLS0tIG1QMHV3VW5VM25QVW80aUZOeEpTNG1qYksvQnE5emhBdzBuM2VMZE5n
VTQK6avsHayBgGGdjkwRORdaAz8mwLcxvI3YCMYwXjXCvJmIvlQerUEkDOU9D8sL
I+aSD5YCoHoJ5FsIOox5WWYEVcPxR/y1G2m3pAhZh1ner0Ckw29gsjdmckNwtSSr
tTrSve34ZEij1O7gfO30hW+Kd4579QWH/diFTrP88DjopqsaTWyh+A5A3WP6NxhJ
U0uL5RIPPGCMs0peqZG1Y44KRlt79hKELop4CwyF/06a3Oxuze5vifGl7+mogq0A
Xp3NgWR5AM2Fu+NfEQDUHU1R/CpyY6+VcTZWi8iu0/XfEiIQ4n5JSYNtd3ZL0ldL
WRoNdpA04IiCWM7fnRdDRVRGw9bDJ840oeBiSvbRqIt+uykEndEzKCxXh/jWvP+X
tBj05Rt2Qj3xAsq7yzsvK7vzacjV8fU2kNpxDvhVLQO8TBI5z7Sofu4Cy2fFY1F7
J7JABO+kciZ23gdEofrHusv3oZvu2eQ5PO1FXCSsZzalum2cWWou11QDi3Vt65kN
wjleyKCDx4a68n7IoS2GOCpDw/G0ACmHrTSnztaO
-----END AGE ENCRYPTED FILE-----

15
common/secrets/secrets/zitadel_master_key.age Normal file
View file

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDd6MzN5USAyWGFw
bUJNQkwvcjRKUWU5WWozTWZHb21IdDNlT0VwK21LQ2FZNEJWWWxJCjBBUDV4MkRt
Y3F5TWVMN0xLMjBibkJMcmUwdEwxM2pONUlLSU1EOXV5dXMKLT4gc3NoLWVkMjU1
MTkgcGVGQlFnIGJPcEx2TnFZZjVicDlYaVdwRmJHSnIvZlpRNkx5RG8zVmZTaTFq
bmkwM1kKK0o3ZVViNnBjS2NZbFV4TERBczJNQWxtWU1IYTNoL1EzQlNxWHhFNDZL
TQotPiBzc2gtZWQyNTUxOSA5di8ySEEgZm5nYXdJMElxVTE4TnVnY0xSVFVtMXFs
NTNobnI1MjdMNDhWRmpkL1BnSQpXRHcwSVVCajFhQlp4N2J5VGhKc3E2eHpYZmd6
TlU2MXdtdmNrSUJpZjFFCi0+IG5wImA0LWdyZWFzZQpuSHRTckxXVTd4eTFETWE4
MEQ0QXNaTzhSTmFOdjI5Vyt1bDVRU1k5dExiUVk3bEdCeGN2UFV4Y3RTR1MvalNn
CkhHWFF4TGtPcktieDZnQTRkdk9ndnllU05zSVlMOWh0R1ZncUlWNy9WZURiCi0t
LSAxdW84VUg5d21jT2hrNEJ0NlBES1NRRjU4b05JQW80dk9IL29LZGlST0FjCnt8
t+yvFWU0LlFGAWmLc9i4XFUpexZf8rC2bfw3FkNPuCzAyvbowhBJnGkqK+2C+mtL
za43EsGaLvA5s8ObhLw=
-----END AGE ENCRYPTED FILE-----

35
flake.lock generated
View file

@ -153,22 +153,6 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1753694789,
@ -201,23 +185,6 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"locked": {
"lastModified": 1754526276,
"narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=",
"owner": "sst",
"repo": "opencode",
"rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.133",
"repo": "opencode",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
@ -245,8 +212,6 @@
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
}
},

4
flake.nix
View file

@ -7,10 +7,6 @@
home-manager.url = "github:rycee/home-manager/release-25.05";
ragenix.url = "github:yaxitech/ragenix";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
opencode.url = "github:sst/opencode/v0.3.133";
opencode.flake = false;
# ======
};

4
hosts/gpdPocket3/flake.nix
View file

@ -3,8 +3,8 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# for local testing.
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};

1
hosts/h001/containers/default.nix
View file

@ -11,6 +11,7 @@ in
common.nixosModules.containers.forgejo
./opengist.nix
./homarr.nix
./zitadel.nix
];
config = {

211
hosts/h001/containers/zitadel.nix Normal file
View file

@ -0,0 +1,211 @@
{
config,
lib,
...
}:
let
name = "zitadel";
hostDataDir = "/var/lib/${name}";
hostAddress = "10.0.0.1";
containerAddress = "10.0.0.3";
hostAddress6 = "fc00::1";
containerAddress6 = "fc00::3";
binds = [
# Postgres data, must use postgres user in container and host
{
host = "${hostDataDir}/postgres";
# Adjust based on container postgres data dir
container = "/var/lib/postgresql/17";
user = "postgres";
uid = config.ids.uids.postgres;
gid = config.ids.gids.postgres;
}
# Postgres backups
{
host = "${hostDataDir}/backups/postgres";
container = "/var/backup/postgresql";
user = "postgres";
uid = config.ids.uids.postgres;
gid = config.ids.gids.postgres;
}
# secret
{
host = config.age.secrets.zitadel_master_key.path;
container = "/var/secrets/zitadel_master_key.age";
readOnly = true;
}
];
bindsWithUsers = lib.filter (b: b ? user) binds;
uniqueUsers = lib.foldl' (
acc: bind: if lib.lists.any (item: item.user == bind.user) acc then acc else acc ++ [ bind ]
) [ ] bindsWithUsers;
users = {
users = lib.listToAttrs (
lib.map (u: {
name = u.user;
value = {
isSystemUser = true;
name = u.user;
uid = u.uid;
group = u.user;
};
}) uniqueUsers
);
groups = lib.listToAttrs (
lib.map (g: {
name = g.user;
value.gid = g.gid;
}) uniqueUsers
);
};
in
{
options = { };
config = {
services.nginx.virtualHosts."sso.joshuabell.xyz" = {
locations = {
"/" = {
proxyWebsockets = true;
recommendedProxySettings = true;
proxyPass = "http://${containerAddress}:8080";
extraConfig = ''
proxy_set_header X-Forwarded-Proto https;
'';
};
};
};
# Ensure users exist on host machine
inherit users;
# Ensure directories exist on host machine
system.activationScripts."createDirsFor${name}" = ''
${lib.concatStringsSep "\n" (
lib.map (bind: ''
mkdir -p ${bind.host}
chown -R ${toString bind.user}:${toString bind.gid} ${bind.host}
chmod -R 750 ${bind.host}
'') bindsWithUsers
)}
'';
containers.${name} = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = hostAddress;
localAddress = containerAddress;
hostAddress6 = hostAddress6;
localAddress6 = containerAddress6;
bindMounts = lib.foldl (
acc: bind:
{
"${bind.container}" = {
hostPath = bind.host;
isReadOnly = bind.readOnly or false;
};
}
// acc
) { } binds;
config =
{ config, pkgs, ... }:
{
system.stateVersion = "25.05";
networking = {
firewall = {
enable = true;
allowedTCPPorts = [
8080
];
};
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
# Ensure users exist on container
inherit users;
services.postgresql = {
enable = true;
package = pkgs.postgresql_17.withJIT;
enableJIT = true;
authentication = ''
local all all trust
host all all 127.0.0.1/8 trust
host all all ::1/128 trust
host all all fc00::1/128 trust
'';
ensureDatabases = [ "zitadel" ];
ensureUsers = [
{
name = "zitadel";
ensureDBOwnership = true;
ensureClauses.login = true;
ensureClauses.superuser = true;
}
];
};
# Backup database
services.postgresqlBackup = {
enable = true;
};
services.zitadel = {
enable = true;
masterKeyFile = "/var/secrets/zitadel_master_key.age";
settings = {
Port = 8080;
Database.postgres = {
Host = "/var/run/postgresql/";
Port = 5432;
Database = "zitadel";
User = {
Username = "zitadel";
SSL.Mode = "disable";
};
Admin = {
Username = "zitadel";
SSL.Mode = "disable";
ExistingDatabase = "zitadel";
};
};
ExternalDomain = "sso.joshuabell.xyz";
ExternalPort = 443;
ExternalSecure = true;
};
steps.FirstInstance = {
InstanceName = "sso";
Org = {
Name = "SSO";
Human = {
UserName = "admin@joshuabell.xyz";
FirstName = "admin";
LastName = "admin";
Email.Address = "admin@joshuabell.xuz";
Email.Verified = true;
Password = "Password1!";
PasswordChangeRequired = true;
};
};
LoginPolicy.AllowRegister = false;
};
openFirewall = true;
};
systemd.services.zitadel = {
requires = [ "postgresql.service" ];
after = [ "postgresql.service" ];
};
};
};
};
}

94
hosts/h001/flake.lock generated
View file

@ -29,24 +29,17 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1753294571,
"narHash": "sha256-o5pjY2Mh/gbbD2GT2zStATKN3AOvYfMmGOkN4L3qrgo=",
"ref": "refs/heads/master",
"rev": "bb90226e5e1731652b7ed64d0ab038e68a999dee",
"revCount": 551,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
"path": "../../common",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
"path": "../../common",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
@ -110,11 +103,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1753055804,
"narHash": "sha256-KerePGJYX47ex6OY3CWsid4AltO2gDtQROunYJ0eCEE=",
"lastModified": 1753592768,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
"owner": "rycee",
"repo": "home-manager",
"rev": "adf195f021a8cbb0c317f75b52e96c82616526f9",
"rev": "fc3add429f21450359369af74c2375cb34a2d204",
"type": "github"
},
"original": {
@ -165,7 +158,7 @@
},
"nixarr": {
"inputs": {
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"vpnconfinement": "vpnconfinement",
"website-builder": "website-builder"
},
@ -185,11 +178,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1752620740,
"narHash": "sha256-f3pO+9lg66mV7IMmmIqG4PL3223TYMlnlw+pnpelbss=",
"lastModified": 1753345091,
"narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "32a4e87942101f1c9f9865e04dc3ddb175f5f32e",
"rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
"type": "github"
},
"original": {
@ -199,39 +192,7 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1752950548,
"narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c87b95e25065c028d31a94f06a62927d18763fdf",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -247,7 +208,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1748662220,
"narHash": "sha256-7gGa49iB9nCnFk4h/g9zwjlQAyjtpgcFkODjcOQS0Es=",
@ -263,7 +224,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1750400657,
"narHash": "sha256-3vkjFnxCOP6vm5Pm13wC/Zy6/VYgei/I/2DWgW4RFeA=",
@ -279,7 +240,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1750188666,
"narHash": "sha256-yAfLvtbCzSigTfbsJeOrvljS7VYLAwi2RZ6F+qd+A5E=",
@ -1190,29 +1151,12 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"locked": {
"lastModified": 1753194493,
"narHash": "sha256-eOsazBjkdTvGNsobb5WUBDB2udEJh9zkOeMfVH/tkQo=",
"owner": "sst",
"repo": "opencode",
"rev": "99d6a28249f10ba1fcb7d61599c008154663a51f",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.55",
"repo": "opencode",
"type": "github"
}
},
"ragenix": {
"inputs": {
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -1233,13 +1177,13 @@
"inputs": {
"common": "common",
"nixarr": "nixarr",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_4",
"ros_neovim": "ros_neovim"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_5",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",

4
hosts/h001/flake.nix
View file

@ -4,8 +4,8 @@
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";

44
hosts/h001/mods/pinchflat.nix
View file

@ -9,10 +9,11 @@
port = 8945;
selfhosted = true;
mediaDir = "/drives/wd10/pinchflat/media";
extraConfig = {
YT_DLP_WORKER_CONCURRENCY = 1;
};
};
users.users.pinchflat.isSystemUser = true;
users.users.pinchflat.group = "pinchflat";
users.groups.pinchflat = { };
@ -22,19 +23,38 @@
Group = "pinchflat";
};
# Use Nixarr vpn
systemd.services.pinchflat.vpnconfinement = {
enable = true;
vpnnamespace = "wg";
};
vpnNamespaces.wg.portMappings = [
{
from = 8945;
to = 8945;
}
];
systemd.tmpfiles.rules = [
"d '/drives/wd10/pinchflat/media' 0775 pinchflat pinchflat - -"
];
# services.nginx = {
# virtualHosts = {
# "yt.joshuabell.xyz" = {
# locations."/" = {
# proxyWebsockets = true;
# proxyPass = "http://localhost:8945";
# };
# };
# };
# };
services.nginx = {
virtualHosts = {
"pinchflat" = {
serverName = "h001.net.joshuabell.xyz";
listen = [
{
port = 8945;
addr = "0.0.0.0";
}
];
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://192.168.15.1:8945";
};
};
};
};
};
}

2
hosts/h001/nginx.nix
View file

@ -9,7 +9,7 @@ let
in
{
services.nginx.virtualHosts = {
"10.12.14.2" = {
"10.12.14.10" = {
locations = {
"/" = {
return = "301 http://h001.local.joshuabell.xyz";

288
hosts/lio/flake.lock generated
View file

@ -29,24 +29,17 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"nixpkgs-unstable": "nixpkgs-unstable",
"opencode": "opencode",
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1754593666,
"narHash": "sha256-FToZxXq2Ga/wsJRcwrVfsRIVXoCCy7KfuvBZ/dymQCM=",
"ref": "refs/heads/master",
"rev": "f04bac6e4f061fc0daae99612a1cb895611a3829",
"revCount": 578,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
"path": "../../common",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
"path": "../../common",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
@ -181,11 +174,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
@ -196,22 +189,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1753694789,
"narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -227,13 +204,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1752866191,
"narHash": "sha256-NV4S2Lf2hYmZQ3Qf4t/YyyBaJNuxLPyjzvDma0zPp/M=",
"lastModified": 1755471983,
"narHash": "sha256-axUoWcm4cNQ36jOlnkD9D40LTfSQgk8ExfHSRm3rTtg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f01fe91b0108a7aff99c99f2e9abbc45db0adc2a",
"rev": "48f4c982de68d966421d2b6f1ddbeb6227cc5ceb",
"type": "github"
},
"original": {
@ -243,13 +220,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1753848940,
"narHash": "sha256-jH7fqN4HzsIlj2c/SAuVWmgUIjBwDdEKVnL97xlECHY=",
"lastModified": 1755648324,
"narHash": "sha256-+2TxwJEXWXGC7JBsRGUHtmQ66lRGPcDI2kFKTTU5e2s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "25b37a9225cece2da4b68aca8bd0998439074362",
"rev": "226bb7c9df5f953fd7533e199b8d9e5475458a8a",
"type": "github"
},
"original": {
@ -258,6 +235,22 @@
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1755186698,
"narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nvim_plugin-Almo7aya/openingh.nvim": {
"flake": false,
"locked": {
@ -277,11 +270,11 @@
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": {
"flake": false,
"locked": {
"lastModified": 1753815885,
"narHash": "sha256-A9qlpDXdIfoZ/5yZ5w39pgfoxVwhklhcESYWsqQgiDY=",
"lastModified": 1755636100,
"narHash": "sha256-EeU6AfMISnXUmKdNHXN35srj+fuQiHoWx5uYRKCjsTE=",
"owner": "CopilotC-Nvim",
"repo": "CopilotChat.nvim",
"rev": "450fcecf2f71d0469e9c98f5967252092714ed03",
"rev": "f7bb32dbbe2ff5e26f5033e2142b5920cf427236",
"type": "github"
},
"original": {
@ -309,11 +302,11 @@
"nvim_plugin-L3MON4D3/LuaSnip": {
"flake": false,
"locked": {
"lastModified": 1753286973,
"narHash": "sha256-w70rSwYdjMRGCLYcwIoA4cvl6JcGQYHngCBJvRq+SXg=",
"lastModified": 1754037237,
"narHash": "sha256-JhTqTGQfIryJ7MElcOGOfb48uaNDnd9RM9Fl1Fs4QV0=",
"owner": "L3MON4D3",
"repo": "LuaSnip",
"rev": "3d5bced1b9ae69fa3f9b1942e28af5dbc537f946",
"rev": "de10d8414235b0a8cabfeba60d07c24304e71f5c",
"type": "github"
},
"original": {
@ -325,11 +318,11 @@
"nvim_plugin-MeanderingProgrammer/render-markdown.nvim": {
"flake": false,
"locked": {
"lastModified": 1753730059,
"narHash": "sha256-OjvoAFWaJT4+gyO/jtA2uvFdeOz7lhdkkhKQUl/kIT4=",
"lastModified": 1755631821,
"narHash": "sha256-+/GVSb3uQ5HktPv6HFwdywX85hScsAI1IHqXmwDH9PU=",
"owner": "MeanderingProgrammer",
"repo": "render-markdown.nvim",
"rev": "9e51b7711c6159511e966dc42fafd58a9db9ad1d",
"rev": "0087ee1d505d4fc4886d8d3121ae7848b7c0e49b",
"type": "github"
},
"original": {
@ -373,11 +366,11 @@
"nvim_plugin-Saecki/crates.nvim": {
"flake": false,
"locked": {
"lastModified": 1753218471,
"narHash": "sha256-5Vu3VG6Ab1Rpqzeqoa0S9sfzco7wykrSt2eSXOajm14=",
"lastModified": 1754466592,
"narHash": "sha256-b40E121rJrEmlor3fHmh4Y1TXKdfiqsBGBcpbY//eTw=",
"owner": "Saecki",
"repo": "crates.nvim",
"rev": "c915ab5334a46178f64ce17ab606a79454bcd14f",
"rev": "a49df0f70171adc77704eac70dd2c0d179065933",
"type": "github"
},
"original": {
@ -405,11 +398,11 @@
"nvim_plugin-b0o/schemastore.nvim": {
"flake": false,
"locked": {
"lastModified": 1753826458,
"narHash": "sha256-7VZmb4JPlLF4tmEuuM69etdyCIxdH1PNZlT1mijzo7o=",
"lastModified": 1755594039,
"narHash": "sha256-XU+PtvXlgoHFouyyceUIZ4L5AvZThUR2AegmCQAYt1A=",
"owner": "b0o",
"repo": "schemastore.nvim",
"rev": "3cd1c7267282b4d89618674de36a6d866981347e",
"rev": "e906ac3ed0bd273781759e7635b5b824393c925c",
"type": "github"
},
"original": {
@ -421,11 +414,11 @@
"nvim_plugin-catppuccin/nvim": {
"flake": false,
"locked": {
"lastModified": 1753779499,
"narHash": "sha256-lnIlYUhUQXuoVWv000n5Ev4YNSZY+U70b3npZbMUDg4=",
"lastModified": 1755621274,
"narHash": "sha256-o8VLMPriOh4+Ay5Ff0cWQYXjmihdr3x9131bKHHTsQE=",
"owner": "catppuccin",
"repo": "nvim",
"rev": "94f6e8a06b6bb7b8e5529cf9f93adb4654534241",
"rev": "30fa4d122d9b22ad8b2e0ab1b533c8c26c4dde86",
"type": "github"
},
"original": {
@ -437,11 +430,11 @@
"nvim_plugin-chrisgrieser/nvim-early-retirement": {
"flake": false,
"locked": {
"lastModified": 1750108178,
"narHash": "sha256-3I7Xup+v9Yq9/nJQ1F5CDW99oFQcxbinv7VQcKeA16Y=",
"lastModified": 1755590055,
"narHash": "sha256-989Zf6SCy+vakFac4KmElUn8+ErJMtYJ8zlOi999UJI=",
"owner": "chrisgrieser",
"repo": "nvim-early-retirement",
"rev": "d9ffd8f70ed6d466cecd3e7e2dd1425b0010932f",
"rev": "ef9fc0267da4204432ab7bf3ab9df359874cfeb6",
"type": "github"
},
"original": {
@ -533,11 +526,11 @@
"nvim_plugin-hrsh7th/cmp-nvim-lsp": {
"flake": false,
"locked": {
"lastModified": 1743496195,
"narHash": "sha256-iaihXNCF5bB5MdeoosD/kc3QtpA/QaIDZVLiLIurBSM=",
"lastModified": 1755085771,
"narHash": "sha256-X1rppwf2xBPrmB93ptXukOnEBDZmfjJd4F5ObNa1DHs=",
"owner": "hrsh7th",
"repo": "cmp-nvim-lsp",
"rev": "a8912b88ce488f411177fc8aed358b04dc246d7b",
"rev": "bd5a7d6db125d4654b50eeae9f5217f24bb22fd3",
"type": "github"
},
"original": {
@ -581,11 +574,11 @@
"nvim_plugin-j-hui/fidget.nvim": {
"flake": false,
"locked": {
"lastModified": 1753813056,
"narHash": "sha256-rQIEO9C9YokdwaPfKsu7Rb6pi51Tm0Qqo/igBKeCW/8=",
"lastModified": 1755048367,
"narHash": "sha256-Hcnbk6go2vYCYqSfXLWQ+KimpU+NPbIkjBTKGMFoNQM=",
"owner": "j-hui",
"repo": "fidget.nvim",
"rev": "c1725fbadd99c810273b202d67dbfedf66e61eaf",
"rev": "2cb5edb2dd6700a958a446b20bb2be04d318da9d",
"type": "github"
},
"original": {
@ -613,11 +606,11 @@
"nvim_plugin-lewis6991/gitsigns.nvim": {
"flake": false,
"locked": {
"lastModified": 1753442199,
"narHash": "sha256-7BKwxHoFWGepqm8/J+RB6zu+7IpGUUmgLP4a2O2lIuA=",
"lastModified": 1755014582,
"narHash": "sha256-zBUrqL+00Y8j4eVNAgI0nYn2i35zhQo2BVl4mL1cgfs=",
"owner": "lewis6991",
"repo": "gitsigns.nvim",
"rev": "b01433169be710d6c69f7b4ee264d9670698b831",
"rev": "6e3c66548035e50db7bd8e360a29aec6620c3641",
"type": "github"
},
"original": {
@ -693,11 +686,11 @@
"nvim_plugin-mfussenegger/nvim-lint": {
"flake": false,
"locked": {
"lastModified": 1753039571,
"narHash": "sha256-ly5S0KAZN8Jeag22SCX+5XKqn3d+zCRN/8Jf5HlEn9I=",
"lastModified": 1753951521,
"narHash": "sha256-GmXScmbXJx74RMgPhkdKtdODZqkOarFHE1XOiSnt5Bo=",
"owner": "mfussenegger",
"repo": "nvim-lint",
"rev": "9c6207559297b24f0b7c32829f8e45f7d65b991f",
"rev": "7ef127aaede2a4d5ad8df8321e2eb4e567f29594",
"type": "github"
},
"original": {
@ -709,11 +702,11 @@
"nvim_plugin-mrcjkb/rustaceanvim": {
"flake": false,
"locked": {
"lastModified": 1753575790,
"narHash": "sha256-Iw3W0Inn0CpZTXyxk54WRtsXP5DYm+7bKH/HSO/diBo=",
"lastModified": 1755599388,
"narHash": "sha256-4o20Hf+rFD2zejPZr5oe3ZkaynW3xAw/wtbF3sMjNnQ=",
"owner": "mrcjkb",
"repo": "rustaceanvim",
"rev": "f845bb055397019c4bc70f9c76376ca490f4c783",
"rev": "eb9beab7d80eb052f78165b28d18f55844b26aef",
"type": "github"
},
"original": {
@ -725,11 +718,11 @@
"nvim_plugin-neovim/nvim-lspconfig": {
"flake": false,
"locked": {
"lastModified": 1753837371,
"narHash": "sha256-IsdjkpE+T5irvmH5fam5EmsCpzwxSEiXV3r2iXsOVT0=",
"lastModified": 1755617152,
"narHash": "sha256-PSu5zQi/rzBAnALX8WrYckhqM5lI6hGAhsWWgS7ln7A=",
"owner": "neovim",
"repo": "nvim-lspconfig",
"rev": "3db16ceeea947517f0dc1404c24dcb5ab0c91d26",
"rev": "5f1c9a90c8db9c647da40ce6cf5be9e49ccbf0c7",
"type": "github"
},
"original": {
@ -741,11 +734,11 @@
"nvim_plugin-nosduco/remote-sshfs.nvim": {
"flake": false,
"locked": {
"lastModified": 1748880705,
"narHash": "sha256-eTnVFOR7FHlkU9kwrk3q3pNo/U8OR2gJrnrMUQKGi2A=",
"lastModified": 1755623332,
"narHash": "sha256-hnTDzd3eRsDUYYf9WPknYZ126d0XKXO1hjlY7WH4bDI=",
"owner": "nosduco",
"repo": "remote-sshfs.nvim",
"rev": "6e893c32ff7c5b8d0d501b748c525fa53963fb35",
"rev": "8ab43934caea0eacc986d112e5680c316b8a7944",
"type": "github"
},
"original": {
@ -789,11 +782,11 @@
"nvim_plugin-nvim-lualine/lualine.nvim": {
"flake": false,
"locked": {
"lastModified": 1749383457,
"narHash": "sha256-2aPgA7riA/FubQpTkqsxLKl7OZ8L6FkucNHc2QEx2HQ=",
"lastModified": 1754970649,
"narHash": "sha256-lWt2kpW+hsTMWt8tar/+AISTDrIt4Jn27NmI9j+Xt4s=",
"owner": "nvim-lualine",
"repo": "lualine.nvim",
"rev": "a94fc68960665e54408fe37dcf573193c4ce82c9",
"rev": "b8c23159c0161f4b89196f74ee3a6d02cdc3a955",
"type": "github"
},
"original": {
@ -805,11 +798,11 @@
"nvim_plugin-nvim-telescope/telescope-file-browser.nvim": {
"flake": false,
"locked": {
"lastModified": 1750040034,
"narHash": "sha256-NHcU3c+1pLeypHr9xXKmqvdwB1QM/vj5axzjpFEQCLQ=",
"lastModified": 1754424906,
"narHash": "sha256-FlJ7w5Ywwq03E0oYdnFJFb+MMUMQMa+5QhDMy2O9tGQ=",
"owner": "nvim-telescope",
"repo": "telescope-file-browser.nvim",
"rev": "7bf55ed0ff5be182ad3301cff266581fc1c56cce",
"rev": "3610dc7dc91f06aa98b11dca5cc30dfa98626b7e",
"type": "github"
},
"original": {
@ -869,11 +862,11 @@
"nvim_plugin-nvim-tree/nvim-tree.lua": {
"flake": false,
"locked": {
"lastModified": 1753762764,
"narHash": "sha256-uoiPwURO0ATaYeLozG8X44cC4eWf1wANspljkjh/qeY=",
"lastModified": 1755174669,
"narHash": "sha256-Cdd7m2ondica5yDgm8THEm8LttJwDWQTNPnKO4vKr2c=",
"owner": "nvim-tree",
"repo": "nvim-tree.lua",
"rev": "65bae449224b8a3bc149471b96587b23b13a9946",
"rev": "f0e9951778802526b14c934f7bf746e1e0ae5ed0",
"type": "github"
},
"original": {
@ -885,11 +878,11 @@
"nvim_plugin-nvim-tree/nvim-web-devicons": {
"flake": false,
"locked": {
"lastModified": 1753653538,
"narHash": "sha256-1IwOcdIUJuh7YC2YTw0VnGI2UIg7F/ipxLLfQdPzjFQ=",
"lastModified": 1754884337,
"narHash": "sha256-Zftd4xFYdCtof6IusN+E079yY2oMTNhJ/yznvLiiur0=",
"owner": "nvim-tree",
"repo": "nvim-web-devicons",
"rev": "4a8369f4c78ef6f6f895f0cec349e48f74330574",
"rev": "c2599a81ecabaae07c49ff9b45dcd032a8d90f1a",
"type": "github"
},
"original": {
@ -901,11 +894,11 @@
"nvim_plugin-nvim-treesitter/nvim-treesitter-context": {
"flake": false,
"locked": {
"lastModified": 1753794238,
"narHash": "sha256-9KKJJhKCjlKakVFyF3EUj2sobrKaJBMIGqkwbVjD9Mk=",
"lastModified": 1754488703,
"narHash": "sha256-f4a9Abwb265Rm+hpUXz+rKWXvaFVrmXf1h7d7eh9jJc=",
"owner": "nvim-treesitter",
"repo": "nvim-treesitter-context",
"rev": "02fd97c803962108d129cf42e05adc5eff7f89c1",
"rev": "dca8726fea2c14e1ce6adbaa76a04816fbfaff61",
"type": "github"
},
"original": {
@ -949,11 +942,11 @@
"nvim_plugin-rmagatti/auto-session": {
"flake": false,
"locked": {
"lastModified": 1753745747,
"narHash": "sha256-Uowy7CMw6+4y1ME5vNTUSxDCOBfjnfJRpteAKfUo6A8=",
"lastModified": 1755285297,
"narHash": "sha256-x8oPN7JqcY0scFO0vGREerT3dRiQA+k/qeWsug1sGiU=",
"owner": "rmagatti",
"repo": "auto-session",
"rev": "c93a9bfd8a5cbf931a6ead5c824998da874b9f79",
"rev": "d27a29f5754e3a8b8d89a4069814e53ac583e951",
"type": "github"
},
"original": {
@ -1013,11 +1006,11 @@
"nvim_plugin-stevearc/conform.nvim": {
"flake": false,
"locked": {
"lastModified": 1751472067,
"narHash": "sha256-bm6266h0rKYcOeMPVqjh3DEKe5M0EIPuo4rvmRtkpvs=",
"lastModified": 1755640282,
"narHash": "sha256-WYGvppnMsBaVYnMmv9WJRuKuyk4F/rzJ3DRBh+72tRY=",
"owner": "stevearc",
"repo": "conform.nvim",
"rev": "973f3cb73887d510321653044791d7937c7ec0fa",
"rev": "04bfa5f35706410376bf7618a01fcf44e3f35b59",
"type": "github"
},
"original": {
@ -1125,11 +1118,11 @@
"nvim_plugin-zbirenbaum/copilot.lua": {
"flake": false,
"locked": {
"lastModified": 1753817982,
"narHash": "sha256-AHDh24MQ3OMNKUCuKaA9KrR4l0I+dT7tF+Bpl6PBSx8=",
"lastModified": 1755448417,
"narHash": "sha256-KV+Wno4aB5uTSBxIZzQKC/0KfjQLM7x8wCDkVSnaPeA=",
"owner": "zbirenbaum",
"repo": "copilot.lua",
"rev": "55e43020dcd59c6da41cc773971380a003100844",
"rev": "3fd7b50810ae4cccf8b38e4c509b1608f141a9e9",
"type": "github"
},
"original": {
@ -1138,20 +1131,24 @@
"type": "github"
}
},
"opencode": {
"flake": false,
"quickshell": {
"inputs": {
"nixpkgs": [
"zaphkiel",
"nixpkgs"
]
},
"locked": {
"lastModified": 1754526276,
"narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=",
"owner": "sst",
"repo": "opencode",
"rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114",
"lastModified": 1753595452,
"narHash": "sha256-vqkSDvh7hWhPvNjMjEDV4KbSCv2jyl2Arh73ZXe274k=",
"owner": "quickshell-mirror",
"repo": "quickshell",
"rev": "a5431dd02dc23d9ef1680e67777fed00fe5f7cda",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.133",
"repo": "opencode",
"owner": "quickshell-mirror",
"repo": "quickshell",
"type": "github"
}
},
@ -1160,7 +1157,7 @@
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -1180,13 +1177,15 @@
"root": {
"inputs": {
"common": "common",
"nixpkgs": "nixpkgs_4",
"ros_neovim": "ros_neovim"
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable",
"ros_neovim": "ros_neovim",
"zaphkiel": "zaphkiel"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_4",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",
@ -1245,11 +1244,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1753849449,
"narHash": "sha256-zBShks1kHnfIq+tkBNkA41NCrhwJNbkhW3a/jLUIr50=",
"lastModified": 1755648539,
"narHash": "sha256-zElmY3ieHOxJtn5Q3KKXZw3i6/e63jRtHowzOM4jERw=",
"ref": "refs/heads/master",
"rev": "86093285e53caae7d2bf9a8d0046be3d4245a35b",
"revCount": 299,
"rev": "1f8444ad78e85c902818ab48479f3f3a1e909031",
"revCount": 300,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/nvim"
},
@ -1288,11 +1287,11 @@
]
},
"locked": {
"lastModified": 1753843724,
"narHash": "sha256-a0Aab7Zst68GqvNAMh9Ejwnp8gawGnruOMtEWZ0HHjM=",
"lastModified": 1755571033,
"narHash": "sha256-V8gmZBfMiFGCyGJQx/yO81LFJ4d/I5Jxs2id96rLxrM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "01ac47d86311fb030023f1dfc5f6bc368b9c6cee",
"rev": "95487740bb7ac11553445e9249041a6fa4b5eccf",
"type": "github"
},
"original": {
@ -1330,6 +1329,41 @@
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zaphkiel": {
"inputs": {
"nixpkgs": "nixpkgs_5",
"quickshell": "quickshell",
"systems": "systems_3"
},
"locked": {
"lastModified": 1755452579,
"narHash": "sha256-yKowI51cKh1qUKlDq1zLDUC9wcBXlCRt/6rS5OiSOzo=",
"owner": "Rexcrazy804",
"repo": "Zaphkiel",
"rev": "692e3318338b90229bf67e1d9c3d73b7d4a8606c",
"type": "github"
},
"original": {
"owner": "Rexcrazy804",
"repo": "Zaphkiel",
"type": "github"
}
}
},
"root": "root",

39
hosts/lio/flake.nix
View file

@ -1,12 +1,17 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
# common.url = "path:../../common";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
zaphkiel = {
url = "github:Rexcrazy804/Zaphkiel";
};
};
outputs =
@ -42,6 +47,16 @@
{
programs = {
steam.enable = true;
nix-ld = {
enable = true;
libraries = with pkgs; [
icu
gmp
glibc
openssl
stdenv.cc.cc
];
};
};
environment.systemPackages = with pkgs; [
@ -50,8 +65,14 @@
steam
ffmpeg-full
appimage-run
nodejs_24
];
environment.shellAliases = {
"oc" =
"all_proxy='' http_proxy='' https_proxy='' /home/josh/other/opencode/node_modules/opencode-linux-x64/bin/opencode";
};
# Also allow this key to work for root user, this will let us use this as a remote builder easier
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJN2nsLmAlF6zj5dEBkNSJaqcCya+aB6I0imY8Q5Ew0S nix2lio"
@ -67,7 +88,16 @@
reporting.enable = true;
disableRemoteBuildsOnLio = true;
};
desktopEnvironment.gnome.enable = true;
desktopEnvironment.hyprland = {
enable = true;
extraOptions = {
# hyprctl monitors all
monitor = [
"desc:ASUSTek COMPUTER INC ASUS PG43U 0x01010101,3840x2160@97.98,0x0,1,transform,0"
"desc:Samsung Electric Company C34J79x HTRM900776,3440x1440@99.98,-1440x-640,1,transform,1"
];
};
};
programs = {
qFlipper.enable = true;
rustDev.enable = true;
@ -76,7 +106,7 @@
tailnet.enableExitNode = true;
ssh.enable = true;
docker.enable = true;
opencode.enable = true;
virt-manager.enable = true;
flatpaks = {
enable = true;
packages = [
@ -136,7 +166,6 @@
};
};
};
}
)
];

7
hosts/oracle/o001/containers/vaultwarden.nix
View file

@ -1,4 +1,5 @@
{
config,
...
}:
let
@ -38,6 +39,10 @@ in
hostPath = "${hostDataDir}/backups";
isReadOnly = false;
};
"/var/secrets/vaultwarden.env" = {
hostPath = config.age.secrets.vaultwarden_env.path;
isReadOnly = true;
};
};
config =
{ ... }:
@ -56,12 +61,12 @@ in
enable = true;
dbBackend = "sqlite";
backupDir = "/var/lib/backups/vaultwarden";
environmentFile = "/var/secrets/vaultwarden.env";
config = {
DOMAIN = "https://vault.joshuabell.xyz";
SIGNUPS_ALLOWED = false;
ROCKET_PORT = builtins.toString v_port;
ROCKET_ADDRESS = "127.0.0.1";
# ADMIN_TOKEN = "$argon2id$v=19$m=65540,t=3,p=4$YMFEq4GZiCeM+MBSW75G+gq6Dnywszaqhhdrt5pIyLw$zdlU/ws8kfBVa/FWp1LVfhnu+CVuItG2nPGXgKyjWug";
};
};
};

59
hosts/oracle/o001/flake.lock generated
View file

@ -29,22 +29,17 @@
"inputs": {
"home-manager": "home-manager",
"nix-flatpak": "nix-flatpak",
"nixpkgs": "nixpkgs_2",
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1750784870,
"narHash": "sha256-jRpkTFQk0sOmhE2ABm1aA/diDOU4C23xYkLlPIK/01o=",
"ref": "refs/heads/master",
"rev": "9a78d02b5d91d713a63cb83514b7c2365b7c3a36",
"revCount": 511,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
"path": "../../../common",
"type": "path"
},
"original": {
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}
"path": "../../../common",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
@ -88,7 +83,7 @@
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_3",
"utils": "utils"
},
"locked": {
@ -144,11 +139,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1749154018,
"narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
"lastModified": 1753592768,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=",
"owner": "rycee",
"repo": "home-manager",
"rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
"rev": "fc3add429f21450359369af74c2375cb34a2d204",
"type": "github"
},
"original": {
@ -199,11 +194,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1749024892,
"narHash": "sha256-OGcDEz60TXQC+gVz5sdtgGJdKVYr6rwdzQKuZAJQpCA=",
"lastModified": 1753345091,
"narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f1b52b04f2cb6e5ead50bd28d76528a2f0380ef",
"rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9",
"type": "github"
},
"original": {
@ -214,22 +209,6 @@
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1749794982,
"narHash": "sha256-Kh9K4taXbVuaLC0IL+9HcfvxsSUx8dPB5s5weJcc9pc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ee930f9755f58096ac6e8ca94a1887e0534e2d81",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@ -245,7 +224,7 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_3": {
"locked": {
"lastModified": 1743014863,
"narHash": "sha256-jAIUqsiN2r3hCuHji80U7NNEafpIMBXiwKlSrjWMlpg=",
@ -261,7 +240,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1750622754,
"narHash": "sha256-kMhs+YzV4vPGfuTpD3mwzibWUE6jotw5Al2wczI0Pv8=",
@ -277,7 +256,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1750188666,
"narHash": "sha256-yAfLvtbCzSigTfbsJeOrvljS7VYLAwi2RZ6F+qd+A5E=",
@ -1193,7 +1172,7 @@
"agenix": "agenix",
"crane": "crane",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3",
"nixpkgs": "nixpkgs_2",
"rust-overlay": "rust-overlay"
},
"locked": {
@ -1214,13 +1193,13 @@
"inputs": {
"common": "common",
"deploy-rs": "deploy-rs",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_4",
"ros_neovim": "ros_neovim"
}
},
"ros_neovim": {
"inputs": {
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_5",
"nvim_plugin-Almo7aya/openingh.nvim": "nvim_plugin-Almo7aya/openingh.nvim",
"nvim_plugin-CopilotC-Nvim/CopilotChat.nvim": "nvim_plugin-CopilotC-Nvim/CopilotChat.nvim",
"nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring": "nvim_plugin-JoosepAlviste/nvim-ts-context-commentstring",

5
hosts/oracle/o001/flake.nix
View file

@ -2,7 +2,9 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
deploy-rs.url = "github:serokell/deploy-rs";
common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
common.url = "path:../../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
@ -60,6 +62,7 @@
ringofstorms_common = {
systemName = configuration_name;
secrets.enable = true;
general = {
disableRemoteBuildsOnLio = true;
readWindowsDrives = false;

11
hosts/oracle/o001/nginx.nix
View file

@ -133,6 +133,16 @@
proxyPass = "http://100.64.0.13";
};
};
"sso.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://100.64.0.13";
extraConfig = ''
proxy_set_header X-Forwarded-Proto https;
'';
};
};
"obsidiansync.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
@ -162,7 +172,6 @@
};
};
"_" = {
default = true;
locations."/" = {

16
hosts/oren/flake.lock generated
View file

@ -35,11 +35,11 @@
"ragenix": "ragenix"
},
"locked": {
"lastModified": 1753903666,
"narHash": "sha256-e6vzgJMrgxKJSiOY/8oD2lw+Kf0/MlmOs/gs8z8WQgw=",
"lastModified": 1755036081,
"narHash": "sha256-RcJpH9+C6os1jb9l3ukOAU0CtrP5YPlGyRGh6gZPF1Q=",
"ref": "refs/heads/master",
"rev": "79849411735ed37a15db58450876d6d59baab880",
"revCount": 556,
"rev": "db6d5161ff0d4962236befa6ca1fd7ef2cb37fe3",
"revCount": 588,
"type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
},
@ -1157,16 +1157,16 @@
"opencode": {
"flake": false,
"locked": {
"lastModified": 1753893530,
"narHash": "sha256-7L50P3+u4SHQtjSdFJviPaeLFnOIGP/l4BFLHKm4pNs=",
"lastModified": 1754526276,
"narHash": "sha256-OkkjbytvvUBOcSCjf3zd8NWLaM+I1tUR9IxcRZrdVeM=",
"owner": "sst",
"repo": "opencode",
"rev": "304e86a8d4ebbaf55de27ac012aecc58028c898d",
"rev": "1a561bb5120b1b87a4c477f7cb6c3a0a4ce79114",
"type": "github"
},
"original": {
"owner": "sst",
"ref": "v0.3.85",
"ref": "v0.3.133",
"repo": "opencode",
"type": "github"
}

1
hosts/oren/flake.nix
View file

@ -66,6 +66,7 @@
ssh.enable = true;
docker.enable = true;
opencode.enable = true;
virt-manager.enable = true;
flatpaks = {
enable = true;
packages = [

6
hosts/testbed/configuration.nix Normal file
View file

@ -0,0 +1,6 @@
{
...
}:
{
system.stateVersion = "25.05"; # Did you read the comment?
}

95
hosts/testbed/disko-config.nix Normal file
View file

@ -0,0 +1,95 @@
{ lib, config, ... }:
let
cfg = config.custom_disko;
in
{
options.custom_disko = {
withSwap = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Whether to create a swap file.";
};
};
config = {
disko.devices = {
disk = {
main = {
device = "/dev/vda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
start = "1M";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
extraArgs = [
"-n"
"NIXBOOT"
];
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
type = "btrfs";
extraArgs = [
"-f"
"--label NIXROOT"
];
subvolumes =
let
mountOptions = [
"compress=zstd"
"noatime"
];
in
{
"@root" = {
inherit mountOptions;
mountpoint = "/";
};
"@nix" = {
inherit mountOptions;
mountpoint = "/nix";
};
"@persist" = {
inherit mountOptions;
mountpoint = "/persist";
};
"@snapshots" = {
inherit mountOptions;
mountpoint = "/.snapshots";
};
"@swap" = lib.mkIf cfg.withSwap {
inherit mountOptions;
mountpoint = "/.swapfile";
swap.swapfile.size = "8G";
};
};
};
};
};
postCreateHook = ''
MNTPOINT=$(mktemp -d)
mount -t btrfs "${config.disko.devices.disk.main.content.partitions.root.device}" "$MNTPOINT"
trap 'umount $MNTPOINT; rmdir $MNTPOINT' EXIT
# Ensure the snapshots directory exists
mkdir -p $MNTPOINT/@snapshots
# Place readonly empty root snapshot inside snapshots subvol
btrfs subvolume snapshot -r $MNTPOINT/@root $MNTPOINT/@snapshots/_root-empty
'';
};
};
};
};
fileSystems."/persist".neededForBoot = true;
};
}

1338
hosts/testbed/flake.lock generated Normal file
View file

File diff suppressed because it is too large Load diff

110
hosts/testbed/flake.nix Normal file
View file

@ -0,0 +1,110 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
# nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
# Use relative to get current version for testing
common.url = "path:../../common";
# common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles";
disko.url = "github:nix-community/disko/latest";
disko.inputs.nixpkgs.follows = "nixpkgs";
# impermanence.url = "github:nix-community/impermanence";
ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
};
outputs =
{
self,
nixpkgs,
common,
ros_neovim,
disko,
# impermanence,
...
}:
let
configuration_name = "testbed";
lib = nixpkgs.lib;
in
{
packages = {
x86_64-linux.vm = self.nixosConfigurations.${configuration_name}.config.system.build.vmWithDisko;
};
nixosConfigurations = {
"${configuration_name}" = (
lib.nixosSystem {
modules = [
disko.nixosModules.disko
# impermanence.nixosModules.impermanence
common.nixosModules.default
ros_neovim.nixosModules.default
./configuration.nix
./hardware-configuration.nix
./disko-config.nix
(
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
cowsay
lolcat
];
ringofstorms_common = {
systemName = configuration_name;
boot.systemd.enable = true;
programs = {
ssh.enable = true;
podman.enable = true;
};
users = {
admins = [ "luser" ]; # First admin is also the primary user owning nix config
users = {
root = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
];
shell = pkgs.zsh;
};
luser = {
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH2KFSRkViT+asBTjCgA7LNP3SHnfNCW+jHbV08VUuIi nix2nix"
];
extraGroups = [
"networkmanager"
"video"
"input"
];
shell = pkgs.zsh;
};
};
};
homeManager = {
users = {
luser = {
imports = with common.homeManagerModules; [
kitty
tmux
atuin
direnv
git
nix_deprecations
postgres
ssh
starship
zoxide
zsh
];
};
};
};
};
}
)
];
}
);
};
};
}

19
hosts/testbed/hardware-configuration.nix Normal file
View file

@ -0,0 +1,19 @@
{
lib,
...
}:
{
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
boot.initrd.postMountCommands = lib.mkAfter ''
# Mount Btrfs volume (the device containing your root subvolumes)
mkdir -p /btrfs_tmp
mount -o subvol=/ /dev/disk/by-label/NIXROOT /btrfs_tmp
# Delete current @root, then restore from snapshot
btrfs subvolume delete /btrfs_tmp/@root || true
btrfs subvolume snapshot /btrfs_tmp/@snapshots/root-empty /btrfs_tmp/@root
umount /btrfs_tmp
'';
}