0xa/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Compare commits

base: 0xa:main
Branches Tags
0xa:main
0xa:caddy
0xa:gnome
0xa:niri
0xa:sway
0xa:conduwuit
0xa:NTWRKMNGR
..
compare: 0xa:conduwuit
Branches Tags
0xa:main
0xa:caddy
0xa:gnome
0xa:niri
0xa:sway
0xa:conduwuit
0xa:NTWRKMNGR

2 commits
main ... conduwuit

Author SHA1 Message Date
Grisha Shipunov
97ce3fd7d1 update conduwuit to latest 2025-02-06 23:28:54 +00:00
Grigory Shipunov
16cddf11dd increase timeouts 2025-02-06 23:28:54 +00:00
20 changed files with 864 additions and 357 deletions
Show stats Expand all files Collapse all files

814
flake.lock generated
View file

File diff suppressed because it is too large Load diff

28
flake.nix
View file

@ -21,8 +21,8 @@
}; };
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.1";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs";
}; };
authentik-nix = { authentik-nix = {
@ -30,19 +30,19 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
lix = {
url = "https://git.lix.systems/lix-project/lix/archive/main.tar.gz";
flake = false;
};
lix-module = { lix-module = {
url = "https://git.lix.systems/lix-project/nixos-module/archive/main.tar.gz"; url = "https://git.lix.systems/lix-project/nixos-module/archive/2.92.0.tar.gz";
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs";
inputs.lix.follows = "lix";
}; };
website = { website = {
url = "git+https://git.oxapentane.com/0xa/website.git?ref=main"; url = "git+https://codeberg.org/0xa/website.git?ref=main";
inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
};
conduwuit = {
url = "github:girlbossceo/conduwuit";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
}; };
@ -61,7 +61,6 @@
microvm, microvm,
nixos-hardware, nixos-hardware,
nixpkgs, nixpkgs,
nixpkgs-unstable,
sops-nix, sops-nix,
... ...
}: }:
@ -98,7 +97,7 @@
in in
microvms microvms
// { // {
toaster = nixpkgs-unstable.lib.nixosSystem { toaster = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; }; specialArgs = { inherit inputs; };
modules = [ modules = [
@ -118,7 +117,8 @@
./modules/science.nix ./modules/science.nix
./modules/tlp.nix ./modules/tlp.nix
./modules/virtualization.nix ./modules/virtualization.nix
./modules/emacs.nix ./hosts/toaster/secure-boot.nix
./modules/chromium.nix
./modules/mail ./modules/mail
./modules/wg ./modules/wg
]; ];

10
hosts/cloud/proxy/conduwuit.nix
View file

@ -14,9 +14,11 @@ let
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade"; proxy_set_header Connection "upgrade";
keepalive_timeout 65;
send_timeout 600s;
proxy_read_timeout 600s; proxy_read_timeout 600s;
proxy_send_timeout 600s; proxy_send_timeout 600s;
send_timeout 600s;
''; '';
in in
@ -24,11 +26,15 @@ in
services.nginx.upstreams.conduwuit = { services.nginx.upstreams.conduwuit = {
servers = { servers = {
"10.89.88.16:6167" = { }; "10.89.88.16:6167" = { };
"[fd31:185d:722f::16]:6167" = { }; #"[fd31:185d:722f::16]:6167" = { };
}; };
}; };
services.nginx.virtualHosts."oxapentane.com" = { services.nginx.virtualHosts."oxapentane.com" = {
extraConfig = ''
client_header_timeout 600;
client_body_timeout 600;
'';
locations."/_matrix/" = { locations."/_matrix/" = {
proxyPass = "http://conduwuit$request_uri"; proxyPass = "http://conduwuit$request_uri";
extraConfig = proxy-conf; extraConfig = proxy-conf;

7
hosts/conduwuit/conduwuit.nix
View file

@ -1,8 +1,11 @@
{ pkgs, ... }: { pkgs, inputs, ... }:
let
conduwuit-latest = inputs.conduwuit.packages.${pkgs.system}.all-features;
in
{ {
services.matrix-conduit = { services.matrix-conduit = {
enable = true; enable = true;
package = pkgs.conduwuit; package = conduwuit-latest;
settings = { settings = {
global = { global = {
database_backend = "rocksdb"; database_backend = "rocksdb";

3
hosts/forgejo/default.nix
View file

@ -18,8 +18,7 @@ in
microvm = { microvm = {
hypervisor = "qemu"; hypervisor = "qemu";
mem = 3 * 1024; mem = 3 * 1024;
balloonMem = 4 * 1024; vcpu = 2;
vcpu = 4;
interfaces = [ interfaces = [
{ {
type = "tap"; type = "tap";

21
hosts/toaster/0xa-home.nix
View file

@ -1,21 +0,0 @@
{ pkgs, ... }:
{
home.stateVersion = "24.11";
home.pointerCursor = {
name = "Banana";
size = 32;
package = pkgs.banana-cursor;
x11.enable = true;
gtk.enable = true;
};
gtk = {
enable = true;
cursorTheme = {
name = "Banana";
size = 32;
package = pkgs.banana-cursor;
};
};
}

8
hosts/toaster/default.nix
View file

@ -46,11 +46,6 @@
supportedLocales = [ "all" ]; supportedLocales = [ "all" ];
}; };
# support ddc brigtness control
hardware.i2c.enable = true;
boot.kernelModules = [ "i2c-dev" ];
environment.systemPackages = [ pkgs.ddcutil ];
users.users."0xa" = { users.users."0xa" = {
extraGroups = [ extraGroups = [
"wheel" "wheel"
@ -60,7 +55,6 @@
"bluetooth" "bluetooth"
"libvirtd" "libvirtd"
"qemu-libvirtd" "qemu-libvirtd"
"i2c"
]; ];
group = "users"; group = "users";
home = "/home/0xa"; home = "/home/0xa";
@ -69,6 +63,8 @@
shell = pkgs.fish; shell = pkgs.fish;
}; };
services.emacs.defaultEditor = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave

6
hosts/toaster/hardware-configuration.nix
View file

@ -49,12 +49,6 @@
options = [ "zfsutil" ]; options = [ "zfsutil" ];
}; };
fileSystems."/tmp" = {
device = "zpool/nocomp/tmp";
fsType = "zfs";
options = [ "zfsutil" ];
};
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/A170-F83D"; device = "/dev/disk/by-uuid/A170-F83D";
fsType = "vfat"; fsType = "vfat";

71
hosts/toaster/network/full-networkd.nix
View file

@ -1,71 +0,0 @@
{ lib, pkgs, ... }:
{
imports = [
./mullvad.nix
./dumpdvb.nix
./zw.nix
];
environment.systemPackages = with pkgs; [
iwgtk
impala
];
# kick out networkmanager
networking.networkmanager.enable = lib.mkForce false;
networking.useNetworkd = true;
systemd.network.enable = true;
networking = {
hostName = "toaster";
firewall.enable = true;
wireguard.enable = true;
wireless.iwd.enable = true;
};
services.resolved = {
enable = true;
dnssec = "false";
fallbackDns = [
"9.9.9.9"
"2620:fe::fe"
"149.112.112.112"
"2620:fe::9"
];
};
# we might have no interwebs at all
systemd.network.wait-online.enable = false;
# uplinks
systemd.network.networks = {
"10-ether-uplink" = {
matchConfig.Name = "enp1s0f0";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
"10-dock-uplink" = {
matchConfig.Name = "enp5s0f4u1u1";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
dhcpV4Config = {
RouteMetric = 666;
};
dhcpV6Config = {
RouteMetric = 666;
};
};
"wlan-uplink" = {
matchConfig.Name = "wlan0";
networkConfig = {
DHCP = "yes";
IPv6AcceptRA = true;
};
};
};
}

3
hosts/toaster/zfs.nix
View file

@ -19,7 +19,6 @@
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
kernelParams = [ "nohibernate" ]; kernelParams = [ "nohibernate" ];
plymouth.enable = false; plymouth.enable = false;
tmp.useTmpfs = false; tmp.useTmpfs = true;
tmp.cleanOnBoot = true;
}; };
} }

12
modules/basic-tools/default.nix
View file

@ -39,6 +39,7 @@
exfatprogs exfatprogs
nmap nmap
bind bind
nnn
lf lf
man-pages man-pages
unzip unzip
@ -49,17 +50,8 @@
sshfs sshfs
whois whois
mtr mtr
joshuto
] ]
++ ( ++ (if config.networking.hostName == "toaster" then [ gitFull ] else [ git ]);
if config.networking.hostName == "toaster" then
[
gitFull
git-lfs
]
else
[ git ]
);
environment.variables = environment.variables =
let let

3
modules/basic-tools/fish.nix
View file

@ -3,9 +3,11 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
lsd lsd
fzf fzf
grc
fishPlugins.done fishPlugins.done
fishPlugins.fzf-fish fishPlugins.fzf-fish
fishPlugins.tide fishPlugins.tide
fishPlugins.grc
]; ];
programs.fish = { programs.fish = {
@ -13,7 +15,6 @@
interactiveShellInit = '' interactiveShellInit = ''
set fish_greeting set fish_greeting
function fish_command_not_found function fish_command_not_found
echo "Command not found"
end end
''; '';
shellAliases = { shellAliases = {

14
modules/basic-tools/nix.nix
View file

@ -1,5 +1,7 @@
{ {
lib,
pkgs, pkgs,
inputs,
... ...
}: }:
{ {
@ -14,10 +16,14 @@
# nix output-monitor # nix output-monitor
environment.systemPackages = [ pkgs.nix-output-monitor ]; environment.systemPackages = [ pkgs.nix-output-monitor ];
nixpkgs.flake = { # override default nix shell nixpkgs# behaviour to use current flake lock
setFlakeRegistry = true; nix.registry =
setNixPath = true; let
}; flakes = lib.filterAttrs (_name: value: value ? outputs) inputs.self.inputs;
in
builtins.mapAttrs (_name: v: { flake = v; }) flakes;
nix.nixPath = lib.mapAttrsToList (name: value: "${name}=${value.outPath}") inputs.self.inputs;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
} }

20
modules/chromium.nix
View file

@ -2,23 +2,24 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; }) chromium
]; ];
nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --ignore-gpu-blocklist --enable-gpu-rasterization --enable-zero-copy --enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,WebUIDarkMode"; nixpkgs.config.chromium.commandLineArgs = "--enable-features=UseOzonePlatform --ozone-platform=wayland --force-dark-mode --ignore-gpu-blocklist --enable-gpu-rasterization --enable-zero-copy --enable-features=VaapiVideoDecoder,VaapiVideoEncoder,CanvasOopRasterization,WebUIDarkMode";
programs.chromium = { programs.chromium = {
enable = true; enable = true;
extensions = [ extensions = [
# "pkehgijcmpdhfbdbbnkijodmdjhbjlgp" # privacy badger
"ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector "ekhagklcjbdpajgpjgmbionohlpdbjgc" # zotero connector
"nngceckbapebfimnlniiiahkandclblb" # bitwarden "nngceckbapebfimnlniiiahkandclblb" # bitwarden
"ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock lite # "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin
# "ddkjiahejlhfcafbddmgiahcphecmpfh" # ublock lite
"mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock "mnjggcdmjocbbbhaepdhchncahnbgone" # sponsorblock
"khncfooichmfjbepaaaebmommgaepoid" # unhook
]; ];
extraOpts = { extraOpts = {
"BrowserSignin" = 0; "BrowserSignin" = 0;
"SyncDisabled" = true; # "SyncDisabled" = true;
"PasswordManagerEnabled" = false; "PasswordManagerEnabled" = false;
"TranslateEnabled" = false; "TranslateEnabled" = false;
"AutofillAddressEnabled" = false; "AutofillAddressEnabled" = false;
@ -26,15 +27,10 @@
"AutoplayAllowed" = false; "AutoplayAllowed" = false;
"DefaultNotificationSetting" = 2; "DefaultNotificationSetting" = 2;
"BackgroundModeEnabled" = false; "BackgroundModeEnabled" = false;
"DefaultSearchProviderEnabled" = true; # "DefaultSearchProviderEnabled" = true;
# "DefaultSearchProviderSearchURL" = "https://google.com/search?q={searchTerms}"; # "DefaultSearchProviderSearchURL" = "https://google.com/search?q={searchTerms}";
"DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}"; # "DefaultSearchProviderSearchURL" = "https://duckduckgo.com/?q={searchTerms}";
"SearchSuggestEnable" = false; "SearchSuggestEnable" = false;
"BlockThirdPartyCookies" = true;
"PrivacySandboxAdMeasurementEnabled" = false;
"PrivacySandboxAdTopicsEnabled" = false;
"PrivacySandboxPromptEnabled" = false;
"PrivacySandboxSiteEnabledAdsEnabled" = false;
}; };
}; };
} }

14
modules/desktop-software.nix
View file

@ -1,26 +1,24 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
imports = [
./chromium.nix
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
audacity
blender blender
dino dino
ffmpeg-full ffmpeg-full
firefox-wayland
vivaldi
vivaldi-ffmpeg-codecs
gimp gimp
inkscape inkscape
kicad
signal-desktop signal-desktop
telegram-desktop tdesktop
tor-browser tor-browser
wl-clipboard wl-clipboard
yt-dlp yt-dlp
element-desktop element-desktop
discord discord
spotify
mpv mpv
# dwarf-fortress-packages.dwarf-fortress-full
obs-studio
firefox
]; ];
programs.steam.enable = true; programs.steam.enable = true;
} }

12
modules/devtools.nix
View file

@ -1,5 +1,8 @@
{ {
pkgs, pkgs,
inputs,
config,
lib,
... ...
}: }:
{ {
@ -13,6 +16,11 @@
kikit-library kikit-library
]; ];
}; };
# binwalk v3 on 24.11
sys_ver = config.system.nixos.release;
unstablepkgs = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system};
binwalkv3 = if lib.versionOlder "25.05" sys_ver then binwalk else unstablepkgs.binwalk;
in in
[ [
# general # general
@ -21,7 +29,7 @@
gef gef
gdb gdb
binutils binutils
binwalk binwalkv3
clang clang
clang-tools clang-tools
direnv direnv
@ -33,7 +41,7 @@
kikit kikit
freecad-wayland freecad-wayland
imhex imhex
python3Full python313Full
nixfmt-rfc-style nixfmt-rfc-style
treefmt treefmt
android-tools android-tools

37
modules/emacs.nix
View file

@ -1,37 +0,0 @@
{
pkgs,
lib,
...
}:
{
environment.systemPackages = with pkgs; [
direnv
mu
];
services.emacs = {
install = true;
enable = false;
package =
with pkgs;
(
(emacsPackagesFor (
emacs-pgtk.overrideAttrs (old: {
passthru = old.passthru // {
treeSitter = true;
};
})
)).emacsWithPackages
(
epkgs: with epkgs; [
treesit-grammars.with-all-grammars
vterm
pdf-tools
mu4e
]
)
);
defaultEditor = lib.mkDefault true;
};
}

4
modules/fonts.nix
View file

@ -1,7 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
fonts.packages = with pkgs; [ fonts.packages = with pkgs; [
adwaita-fonts
monoid monoid
font-awesome font-awesome
dejavu_fonts dejavu_fonts
@ -27,8 +26,7 @@
twemoji-color-font twemoji-color-font
twitter-color-emoji twitter-color-emoji
iosevka-bin iosevka-bin
cozette (nerdfonts.override { fonts = [ "Hack" ]; })
nerd-fonts.hack
]; ];
fonts.enableDefaultPackages = true; fonts.enableDefaultPackages = true;

11
modules/gnome.nix
View file

@ -8,17 +8,12 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
amberol amberol
celluloid celluloid
ddcutil
gnome-console gnome-console
gnome-obfuscate gnome-obfuscate
gnome-boxes gnome-boxes
gnome-tweaks gnome-tweaks
qbittorrent qbittorrent
gnomeExtensions.caffeine gnomeExtensions.caffeine
gnomeExtensions.brightness-control-using-ddcutil
spotify
ghostty
fractal
]; ];
environment.gnome.excludePackages = with pkgs; [ environment.gnome.excludePackages = with pkgs; [
@ -42,6 +37,12 @@
}; };
}; };
qt = {
enable = true;
platformTheme = "gnome";
style = "adwaita-dark";
};
services.xserver = { services.xserver = {
enable = true; enable = true;
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;

123
modules/niri.nix → modules/sway.nix
View file

@ -1,74 +1,30 @@
# General Desktop-related config # General Desktop-related config
{ pkgs, inputs, ... }: { pkgs, ... }:
{ {
nixpkgs.overlays = [ inputs.niri.overlays.niri ];
programs.niri.enable = true;
imports = [ imports = [
./desktop-software.nix ./desktop-software.nix
./fonts.nix ./fonts.nix
]; ];
environment.systemPackages = environment.systemPackages = with pkgs; [
let screen-message
xwayland-satellite-git = pkgs.xwayland-satellite.overrideAttrs ( qbittorrent
final: prev: { gajim
version = "git"; imv
cargoHash = "sha256-MaF2FyR3HvQAKkZKa8OO/5jbO64/Ncv7+JqHda4jN50="; swayimg
src = pkgs.fetchFromGitHub { mpv
owner = "Supreeeme"; evince
repo = "xwayland-satellite"; brightnessctl
rev = "cca74a5f6b23742d77dc5db4312dfc40fd4a0fcc"; pulsemixer
sha256 = "sha256-YZ+axsuNsgIKWfnRkt6Qa9UoKfUOIWf42vNUonXxmxM="; cmus
}; termusic
cargoDeps = pkgs.rustPlatform.fetchCargoTarball { gsettings-desktop-schemas
inherit (final) pname src version; xdg-utils
hash = final.cargoHash; foot
}; qt5.qtwayland
} bashmount
); nautilus
in audacity
with pkgs; ];
[
screen-message
qbittorrent
gajim
imv
mpv
evince
brightnessctl
pulsemixer
cmus
termusic
gsettings-desktop-schemas
xdg-utils
qt5.qtwayland
bashmount
audacity
spotify-player
zathura
ncdu
adwaita-icon-theme
bluetui
gammastep
graphicsmagick
i3status-rust
impala
kanshi
pamixer
swayidle
swaylock
wl-clipboard
xfce.thunar
banana-cursor
fuzzel
alacritty
i3bar-river
mako
swww
oculante
xwayland-satellite-git
];
# Enable sound. # Enable sound.
security.rtkit.enable = true; security.rtkit.enable = true;
@ -92,14 +48,45 @@
programs.light.enable = true; programs.light.enable = true;
programs.xwayland.enable = true; programs.xwayland.enable = true;
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraSessionCommands = ''
export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland-egl
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export QT_QPA_PLATFORMTHEME="gnome"
export QT_STYLE_OVERRIDE="adwaita-dark"
# export WLR_DRM_NO_ATOMIC=1
'';
extraPackages = with pkgs; [
adwaita-icon-theme
alacritty
bluetui
foot
gammastep
graphicsmagick
grim
i3status-rust
impala
kanshi
mako
pamixer
rofi-wayland
slurp
swayidle
swaylock
wl-clipboard
wl-mirror
];
};
environment.sessionVariables = { environment.sessionVariables = {
GTK_THEME = "Adwaita:dark"; GTK_THEME = "Adwaita:dark";
}; };
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; wlr.enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gnome ]; extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}; };
services.udisks2.enable = true; services.udisks2.enable = true;
@ -127,7 +114,7 @@
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.niri-stable}/bin/niri-session"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --greeting \"$(${pkgs.fortune}/bin/fortune -s)\" --cmd ${pkgs.sway}/bin/sway";
}; };
}; };
}; };