nekomimi.pet / nixcfg
my nix configs for my servers and desktop
fork atom

Compare changes

Choose any two refs to compare.

options
unified split
Changed files
+576 -236
common
python-cuda-dev.nix
services.nix
flake.lock
flake.nix
hosts
baal
default.nix
hardware.nix
secrets.nix
buer
default.nix
focalor
default.nix
vfio.nix
valefar
backup.nix
default.nix
gamevm.nix
hardware.nix
modules
forgejo
default.nix
garage
default.nix
secrets
build-token.age
garage-admin-token.age
garage-metrics-token.age
garage-rpc-secret.age
headscale-authkey.age
headscale-oidc-key.path
secrets.nix
+67
common/python-cuda-dev.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  description = "A Nix-flake-based PyTorch development environment";


     

       

       
3

       
+

       



     

       

       
4

       
+

       
  # CUDA binaries are cached by the community.


     

       

       
5

       
+

       
  nixConfig = {


     

       

       
6

       
+

       
    extra-substituters = [


     

       

       
7

       
+

       
      "https://nix-community.cachix.org"


     

       

       
8

       
+

       
    ];


     

       

       
9

       
+

       
    extra-trusted-public-keys = [


     

       

       
10

       
+

       
      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="


     

       

       
11

       
+

       
    ];


     

       

       
12

       
+

       
  };


     

       

       
13

       
+

       



     

       

       
14

       
+

       
  inputs.nixpkgs.url = "https://flakehub.com/f/NixOS/nixpkgs/0.1.*.tar.gz";


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  outputs = {


     

       

       
17

       
+

       
    self,


     

       

       
18

       
+

       
    nixpkgs,


     

       

       
19

       
+

       
  }: let


     

       

       
20

       
+

       
    supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"];


     

       

       
21

       
+

       
    forEachSupportedSystem = f:


     

       

       
22

       
+

       
      nixpkgs.lib.genAttrs supportedSystems (system:


     

       

       
23

       
+

       
        f {


     

       

       
24

       
+

       
          pkgs = import nixpkgs {


     

       

       
25

       
+

       
            inherit system;


     

       

       
26

       
+

       
            config.allowUnfree = true;


     

       

       
27

       
+

       
          };


     

       

       
28

       
+

       
        });


     

       

       
29

       
+

       
  in {


     

       

       
30

       
+

       
    devShells = forEachSupportedSystem ({pkgs}: let


     

       

       
31

       
+

       
      libs = [


     

       

       
32

       
+

       
        # PyTorch and Numpy depends on the following libraries.


     

       

       
33

       
+

       
        pkgs.cudaPackages.cudatoolkit


     

       

       
34

       
+

       
        pkgs.cudaPackages.cudnn


     

       

       
35

       
+

       
        pkgs.stdenv.cc.cc.lib


     

       

       
36

       
+

       
        pkgs.zlib


     

       

       
37

       
+

       



     

       

       
38

       
+

       
        # PyTorch also needs to know where your local "lib/libcuda.so" lives.


     

       

       
39

       
+

       
        # If you're not on NixOS, you should provide the right path (likely


     

       

       
40

       
+

       
        # another one).


     

       

       
41

       
+

       
        "/run/opengl-driver"


     

       

       
42

       
+

       
      ];


     

       

       
43

       
+

       
    in {


     

       

       
44

       
+

       
      default = pkgs.mkShell {


     

       

       
45

       
+

       
        packages = [


     

       

       
46

       
+

       
          pkgs.python312


     

       

       
47

       
+

       
          pkgs.python312Packages.venvShellHook


     

       

       
48

       
+

       
        ];


     

       

       
49

       
+

       



     

       

       
50

       
+

       
        env = {


     

       

       
51

       
+

       
          CC = "${pkgs.gcc}/bin/gcc"; # For `torch.compile`.


     

       

       
52

       
+

       
          LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath libs;


     

       

       
53

       
+

       
        };


     

       

       
54

       
+

       



     

       

       
55

       
+

       
        venvDir = ".venv";


     

       

       
56

       
+

       
        postVenvCreation = ''


     

       

       
57

       
+

       
          # This is run only when creating the virtual environment.


     

       

       
58

       
+

       
          pip install torch==2.5.1 numpy==2.2.2


     

       

       
59

       
+

       
        '';


     

       

       
60

       
+

       
        postShellHook = ''


     

       

       
61

       
+

       
          # This is run every time you enter the devShell.


     

       

       
62

       
+

       
          python3 -c "import torch; print('CUDA available' if torch.cuda.is_available() else 'CPU only')"


     

       

       
63

       
+

       
        '';


     

       

       
64

       
+

       
      };


     

       

       
65

       
+

       
    });


     

       

       
66

       
+

       
  };


     

       

       
67

       
+

       
}
+2
common/services.nix 
···

       
15

       
15

       
 

       
    zfs


     

       
16

       
16

       
 

       
    nixos-generators


     

       
17

       
17

       
 

       
    sqlite


     

       

       
18

       
+

       
    bun


     

       

       
19

       
+

       
    unzip


     

       
18

       
20

       
 

       
  ];


     

       
19

       
21

       
 

       



     

       
20

       
22

       
 

       
  services.openssh.enable         = true;
+189 -53
flake.lock 
···

       
8

       
8

       
 

       
        "systems": "systems"


     

       
9

       
9

       
 

       
      },


     

       
10

       
10

       
 

       
      "locked": {


     

       
11

       

       
-

       
        "lastModified": 1750173260,


     

       
12

       

       
-

       
        "narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",


     

       

       
11

       
+

       
        "lastModified": 1760836749,


     

       

       
12

       
+

       
        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",


     

       
13

       
13

       
 

       
        "owner": "ryantm",


     

       
14

       
14

       
 

       
        "repo": "agenix",


     

       
15

       

       
-

       
        "rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",


     

       

       
15

       
+

       
        "rev": "2f0f812f69f3eb4140157fe15e12739adf82e32a",


     

       
16

       
16

       
 

       
        "type": "github"


     

       
17

       
17

       
 

       
      },


     

       
18

       
18

       
 

       
      "original": {


     
···

       
26

       
26

       
 

       
        "nixpkgs": "nixpkgs_2"


     

       
27

       
27

       
 

       
      },


     

       
28

       
28

       
 

       
      "locked": {


     

       
29

       

       
-

       
        "lastModified": 1751705516,


     

       
30

       

       
-

       
        "narHash": "sha256-Y099OGYWYHtpYFP4offuV6rldBnpUv4CYk+HwuaQwLU=",


     

       

       
29

       
+

       
        "lastModified": 1760953099,


     

       

       
30

       
+

       
        "narHash": "sha256-sOKx2YcHa+lWEvaEOIGqLN2WWk1Wf5z6KM02tdfhMtw=",


     

       
31

       
31

       
 

       
        "owner": "catppuccin",


     

       
32

       
32

       
 

       
        "repo": "nix",


     

       
33

       

       
-

       
        "rev": "719bb50ca2c99bc9c077669a48bfd9815493a11d",


     

       

       
33

       
+

       
        "rev": "f5b21876888265d2fee7fb0640d1b66a1c1c6503",


     

       
34

       
34

       
 

       
        "type": "github"


     

       
35

       
35

       
 

       
      },


     

       
36

       
36

       
 

       
      "original": {


     
···

       
61

       
61

       
 

       
        "type": "github"


     

       
62

       
62

       
 

       
      }


     

       
63

       
63

       
 

       
    },


     

       

       
64

       
+

       
    "disko": {


     

       

       
65

       
+

       
      "inputs": {


     

       

       
66

       
+

       
        "nixpkgs": "nixpkgs_3"


     

       

       
67

       
+

       
      },


     

       

       
68

       
+

       
      "locked": {


     

       

       
69

       
+

       
        "lastModified": 1736864502,


     

       

       
70

       
+

       
        "narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",


     

       

       
71

       
+

       
        "owner": "nix-community",


     

       

       
72

       
+

       
        "repo": "disko",


     

       

       
73

       
+

       
        "rev": "0141aabed359f063de7413f80d906e1d98c0c123",


     

       

       
74

       
+

       
        "type": "github"


     

       

       
75

       
+

       
      },


     

       

       
76

       
+

       
      "original": {


     

       

       
77

       
+

       
        "owner": "nix-community",


     

       

       
78

       
+

       
        "ref": "v1.11.0",


     

       

       
79

       
+

       
        "repo": "disko",


     

       

       
80

       
+

       
        "type": "github"


     

       

       
81

       
+

       
      }


     

       

       
82

       
+

       
    },


     

       

       
83

       
+

       
    "flake-compat": {


     

       

       
84

       
+

       
      "locked": {


     

       

       
85

       
+

       
        "lastModified": 1696426674,


     

       

       
86

       
+

       
        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",


     

       

       
87

       
+

       
        "owner": "edolstra",


     

       

       
88

       
+

       
        "repo": "flake-compat",


     

       

       
89

       
+

       
        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",


     

       

       
90

       
+

       
        "type": "github"


     

       

       
91

       
+

       
      },


     

       

       
92

       
+

       
      "original": {


     

       

       
93

       
+

       
        "owner": "edolstra",


     

       

       
94

       
+

       
        "repo": "flake-compat",


     

       

       
95

       
+

       
        "type": "github"


     

       

       
96

       
+

       
      }


     

       

       
97

       
+

       
    },


     

       
64

       
98

       
 

       
    "flake-utils": {


     

       
65

       
99

       
 

       
      "inputs": {


     

       
66

       
100

       
 

       
        "systems": "systems_2"


     
···

       
99

       
133

       
 

       
    },


     

       
100

       
134

       
 

       
    "flake-utils_3": {


     

       
101

       
135

       
 

       
      "inputs": {


     

       
102

       

       
-

       
        "systems": "systems_4"


     

       

       
136

       
+

       
        "systems": "systems_5"


     

       
103

       
137

       
 

       
      },


     

       
104

       
138

       
 

       
      "locked": {


     

       
105

       
139

       
 

       
        "lastModified": 1681202837,


     
···

       
158

       
192

       
 

       
        ]


     

       
159

       
193

       
 

       
      },


     

       
160

       
194

       
 

       
      "locked": {


     

       
161

       

       
-

       
        "lastModified": 1751824240,


     

       
162

       

       
-

       
        "narHash": "sha256-aDDC0CHTlL7QDKWWhdbEgVPK6KwWt+ca0QkmHYZxMzI=",


     

       

       
195

       
+

       
        "lastModified": 1761235135,


     

       

       
196

       
+

       
        "narHash": "sha256-cux9xeceLIER1lBxUa1gMafkz7gg5ntcUmJBynWdBWI=",


     

       
163

       
197

       
 

       
        "owner": "nix-community",


     

       
164

       
198

       
 

       
        "repo": "home-manager",


     

       
165

       

       
-

       
        "rev": "fd9e55f5fac45a26f6169310afca64d56b681935",


     

       

       
199

       
+

       
        "rev": "0adf9ba3f567da2d53af581a857aacf671aaa547",


     

       
166

       
200

       
 

       
        "type": "github"


     

       
167

       
201

       
 

       
      },


     

       
168

       
202

       
 

       
      "original": {


     
···

       
179

       
213

       
 

       
        ]


     

       
180

       
214

       
 

       
      },


     

       
181

       
215

       
 

       
      "locked": {


     

       
182

       

       
-

       
        "lastModified": 1743604125,


     

       
183

       

       
-

       
        "narHash": "sha256-ZD61DNbsBt1mQbinAaaEqKaJk2RFo9R/j+eYWeGMx7A=",


     

       

       
216

       
+

       
        "lastModified": 1752603129,


     

       

       
217

       
+

       
        "narHash": "sha256-S+wmHhwNQ5Ru689L2Gu8n1OD6s9eU9n9mD827JNR+kw=",


     

       
184

       
218

       
 

       
        "owner": "nix-community",


     

       
185

       
219

       
 

       
        "repo": "home-manager",


     

       
186

       

       
-

       
        "rev": "180fd43eea296e62ae68e079fcf56aba268b9a1a",


     

       

       
220

       
+

       
        "rev": "e8c19a3cec2814c754f031ab3ae7316b64da085b",


     

       
187

       
221

       
 

       
        "type": "github"


     

       
188

       
222

       
 

       
      },


     

       
189

       
223

       
 

       
      "original": {


     
···

       
195

       
229

       
 

       
    "lix": {


     

       
196

       
230

       
 

       
      "flake": false,


     

       
197

       
231

       
 

       
      "locked": {


     

       
198

       

       
-

       
        "lastModified": 1746827285,


     

       
199

       

       
-

       
        "narHash": "sha256-hsFe4Tsqqg4l+FfQWphDtjC79WzNCZbEFhHI8j2KJzw=",


     

       
200

       

       
-

       
        "rev": "47aad376c87e2e65967f17099277428e4b3f8e5a",


     

       

       
232

       
+

       
        "lastModified": 1753223229,


     

       

       
233

       
+

       
        "narHash": "sha256-tkT4aCZZE6IEmjYotOzKKa2rV3pGpH3ZREeQn7ACgdU=",


     

       

       
234

       
+

       
        "rev": "7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a",


     

       
201

       
235

       
 

       
        "type": "tarball",


     

       
202

       

       
-

       
        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/47aad376c87e2e65967f17099277428e4b3f8e5a.tar.gz?rev=47aad376c87e2e65967f17099277428e4b3f8e5a"


     

       

       
236

       
+

       
        "url": "https://git.lix.systems/api/v1/repos/lix-project/lix/archive/7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a.tar.gz?rev=7ac20fc47cf2f1b7469c7a2f379e5a3a51a6789a"


     

       
203

       
237

       
 

       
      },


     

       
204

       
238

       
 

       
      "original": {


     

       
205

       
239

       
 

       
        "type": "tarball",


     

       
206

       

       
-

       
        "url": "https://git.lix.systems/lix-project/lix/archive/2.93.0.tar.gz"


     

       

       
240

       
+

       
        "url": "https://git.lix.systems/lix-project/lix/archive/release-2.93.tar.gz"


     

       
207

       
241

       
 

       
      }


     

       
208

       
242

       
 

       
    },


     

       
209

       
243

       
 

       
    "lix-module": {


     
···

       
216

       
250

       
 

       
        ]


     

       
217

       
251

       
 

       
      },


     

       
218

       
252

       
 

       
      "locked": {


     

       
219

       

       
-

       
        "lastModified": 1746838955,


     

       
220

       

       
-

       
        "narHash": "sha256-11R4K3iAx4tLXjUs+hQ5K90JwDABD/XHhsM9nkeS5N8=",


     

       
221

       

       
-

       
        "rev": "cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc",


     

       

       
253

       
+

       
        "lastModified": 1753282722,


     

       

       
254

       
+

       
        "narHash": "sha256-KYMUrTV7H/RR5/HRnjV5R3rRIuBXMemyJzTLi50NFTs=",


     

       

       
255

       
+

       
        "rev": "46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873",


     

       
222

       
256

       
 

       
        "type": "tarball",


     

       
223

       

       
-

       
        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc.tar.gz?rev=cd2a9c028df820a83ca2807dc6c6e7abc3dfa7fc"


     

       

       
257

       
+

       
        "url": "https://git.lix.systems/api/v1/repos/lix-project/nixos-module/archive/46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873.tar.gz?rev=46a9e8fcfe4be72b4c7c8082ee11d2c42da1e873"


     

       
224

       
258

       
 

       
      },


     

       
225

       
259

       
 

       
      "original": {


     

       
226

       
260

       
 

       
        "type": "tarball",


     

       
227

       

       
-

       
        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz"


     

       

       
261

       
+

       
        "url": "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz"


     

       
228

       
262

       
 

       
      }


     

       
229

       
263

       
 

       
    },


     

       
230

       
264

       
 

       
    "microvm": {


     
···

       
236

       
270

       
 

       
        "spectrum": "spectrum"


     

       
237

       
271

       
 

       
      },


     

       
238

       
272

       
 

       
      "locked": {


     

       
239

       

       
-

       
        "lastModified": 1751732733,


     

       
240

       

       
-

       
        "narHash": "sha256-MuaFFGHdShvGdHKrd3PUI2om+njixdG/1dGlglRdK8Q=",


     

       

       
273

       
+

       
        "lastModified": 1760574296,


     

       

       
274

       
+

       
        "narHash": "sha256-S3gIp6Wd9vQ2RYDxcbHM2CIYgDtogbwzSdu38WABKaQ=",


     

       
241

       
275

       
 

       
        "owner": "astro",


     

       
242

       
276

       
 

       
        "repo": "microvm.nix",


     

       
243

       

       
-

       
        "rev": "9d3d845ccb1a3f81747d027e95b110d4637468d0",


     

       

       
277

       
+

       
        "rev": "42628f7c61b02d385ce2cb1f66f9be333ac20140",


     

       
244

       
278

       
 

       
        "type": "github"


     

       
245

       
279

       
 

       
      },


     

       
246

       
280

       
 

       
      "original": {


     
···

       
251

       
285

       
 

       
    },


     

       
252

       
286

       
 

       
    "nixos-hardware": {


     

       
253

       
287

       
 

       
      "locked": {


     

       
254

       

       
-

       
        "lastModified": 1751432711,


     

       
255

       

       
-

       
        "narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",


     

       

       
288

       
+

       
        "lastModified": 1760958188,


     

       

       
289

       
+

       
        "narHash": "sha256-2m1S4jl+GEDtlt2QqeHil8Ny456dcGSKJAM7q3j/BFU=",


     

       
256

       
290

       
 

       
        "owner": "nixos",


     

       
257

       
291

       
 

       
        "repo": "nixos-hardware",


     

       
258

       

       
-

       
        "rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",


     

       

       
292

       
+

       
        "rev": "d6645c340ef7d821602fd2cd199e8d1eed10afbc",


     

       
259

       
293

       
 

       
        "type": "github"


     

       
260

       
294

       
 

       
      },


     

       
261

       
295

       
 

       
      "original": {


     
···

       
267

       
301

       
 

       
    },


     

       
268

       
302

       
 

       
    "nixpkgs": {


     

       
269

       
303

       
 

       
      "locked": {


     

       
270

       

       
-

       
        "lastModified": 1745391562,


     

       
271

       

       
-

       
        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",


     

       

       
304

       
+

       
        "lastModified": 1754028485,


     

       

       
305

       
+

       
        "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=",


     

       
272

       
306

       
 

       
        "owner": "NixOS",


     

       
273

       
307

       
 

       
        "repo": "nixpkgs",


     

       
274

       

       
-

       
        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",


     

       

       
308

       
+

       
        "rev": "59e69648d345d6e8fef86158c555730fa12af9de",


     

       
275

       
309

       
 

       
        "type": "github"


     

       
276

       
310

       
 

       
      },


     

       
277

       
311

       
 

       
      "original": {


     

       
278

       
312

       
 

       
        "owner": "NixOS",


     

       
279

       

       
-

       
        "ref": "nixos-unstable",


     

       

       
313

       
+

       
        "ref": "nixos-25.05",


     

       
280

       
314

       
 

       
        "repo": "nixpkgs",


     

       
281

       
315

       
 

       
        "type": "github"


     

       
282

       
316

       
 

       
      }


     

       
283

       
317

       
 

       
    },


     

       

       
318

       
+

       
    "nixpkgs-stable": {


     

       

       
319

       
+

       
      "locked": {


     

       

       
320

       
+

       
        "lastModified": 1748437600,


     

       

       
321

       
+

       
        "narHash": "sha256-hYKMs3ilp09anGO7xzfGs3JqEgUqFMnZ8GMAqI6/k04=",


     

       

       
322

       
+

       
        "owner": "NixOS",


     

       

       
323

       
+

       
        "repo": "nixpkgs",


     

       

       
324

       
+

       
        "rev": "7282cb574e0607e65224d33be8241eae7cfe0979",


     

       

       
325

       
+

       
        "type": "github"


     

       

       
326

       
+

       
      },


     

       

       
327

       
+

       
      "original": {


     

       

       
328

       
+

       
        "id": "nixpkgs",


     

       

       
329

       
+

       
        "ref": "nixos-25.05",


     

       

       
330

       
+

       
        "type": "indirect"


     

       

       
331

       
+

       
      }


     

       

       
332

       
+

       
    },


     

       

       
333

       
+

       
    "nixpkgs-unstable": {


     

       

       
334

       
+

       
      "locked": {


     

       

       
335

       
+

       
        "lastModified": 1723637854,


     

       

       
336

       
+

       
        "narHash": "sha256-med8+5DSWa2UnOqtdICndjDAEjxr5D7zaIiK4pn0Q7c=",


     

       

       
337

       
+

       
        "owner": "NixOS",


     

       

       
338

       
+

       
        "repo": "nixpkgs",


     

       

       
339

       
+

       
        "rev": "c3aa7b8938b17aebd2deecf7be0636000d62a2b9",


     

       

       
340

       
+

       
        "type": "github"


     

       

       
341

       
+

       
      },


     

       

       
342

       
+

       
      "original": {


     

       

       
343

       
+

       
        "id": "nixpkgs",


     

       

       
344

       
+

       
        "ref": "nixos-unstable",


     

       

       
345

       
+

       
        "type": "indirect"


     

       

       
346

       
+

       
      }


     

       

       
347

       
+

       
    },


     

       
284

       
348

       
 

       
    "nixpkgs_2": {


     

       
285

       
349

       
 

       
      "locked": {


     

       
286

       

       
-

       
        "lastModified": 1750776420,


     

       
287

       

       
-

       
        "narHash": "sha256-/CG+w0o0oJ5itVklOoLbdn2dGB0wbZVOoDm4np6w09A=",


     

       

       
350

       
+

       
        "lastModified": 1760524057,


     

       

       
351

       
+

       
        "narHash": "sha256-EVAqOteLBFmd7pKkb0+FIUyzTF61VKi7YmvP1tw4nEw=",


     

       
288

       
352

       
 

       
        "owner": "NixOS",


     

       
289

       
353

       
 

       
        "repo": "nixpkgs",


     

       
290

       

       
-

       
        "rev": "30a61f056ac492e3b7cdcb69c1e6abdcf00e39cf",


     

       

       
354

       
+

       
        "rev": "544961dfcce86422ba200ed9a0b00dd4b1486ec5",


     

       
291

       
355

       
 

       
        "type": "github"


     

       
292

       
356

       
 

       
      },


     

       
293

       
357

       
 

       
      "original": {


     
···

       
299

       
363

       
 

       
    },


     

       
300

       
364

       
 

       
    "nixpkgs_3": {


     

       
301

       
365

       
 

       
      "locked": {


     

       
302

       

       
-

       
        "lastModified": 1751637120,


     

       
303

       

       
-

       
        "narHash": "sha256-xVNy/XopSfIG9c46nRmPaKfH1Gn/56vQ8++xWA8itO4=",


     

       

       
366

       
+

       
        "lastModified": 1736241350,


     

       

       
367

       
+

       
        "narHash": "sha256-CHd7yhaDigUuJyDeX0SADbTM9FXfiWaeNyY34FL1wQU=",


     

       

       
368

       
+

       
        "owner": "NixOS",


     

       

       
369

       
+

       
        "repo": "nixpkgs",


     

       

       
370

       
+

       
        "rev": "8c9fd3e564728e90829ee7dbac6edc972971cd0f",


     

       

       
371

       
+

       
        "type": "github"


     

       

       
372

       
+

       
      },


     

       

       
373

       
+

       
      "original": {


     

       

       
374

       
+

       
        "owner": "NixOS",


     

       

       
375

       
+

       
        "ref": "nixpkgs-unstable",


     

       

       
376

       
+

       
        "repo": "nixpkgs",


     

       

       
377

       
+

       
        "type": "github"


     

       

       
378

       
+

       
      }


     

       

       
379

       
+

       
    },


     

       

       
380

       
+

       
    "nixpkgs_4": {


     

       

       
381

       
+

       
      "locked": {


     

       

       
382

       
+

       
        "lastModified": 1761016216,


     

       

       
383

       
+

       
        "narHash": "sha256-G/iC4t/9j/52i/nm+0/4ybBmAF4hzR8CNHC75qEhjHo=",


     

       
304

       
384

       
 

       
        "owner": "nixos",


     

       
305

       
385

       
 

       
        "repo": "nixpkgs",


     

       
306

       

       
-

       
        "rev": "5c724ed1388e53cc231ed98330a60eb2f7be4be3",


     

       

       
386

       
+

       
        "rev": "481cf557888e05d3128a76f14c76397b7d7cc869",


     

       
307

       
387

       
 

       
        "type": "github"


     

       
308

       
388

       
 

       
      },


     

       
309

       
389

       
 

       
      "original": {


     

       
310

       
390

       
 

       
        "owner": "nixos",


     

       
311

       

       
-

       
        "ref": "nixos-unstable",


     

       

       
391

       
+

       
        "ref": "nixos-25.05",


     

       
312

       
392

       
 

       
        "repo": "nixpkgs",


     

       
313

       
393

       
 

       
        "type": "github"


     

       
314

       
394

       
 

       
      }


     

       
315

       
395

       
 

       
    },


     

       
316

       

       
-

       
    "nixpkgs_4": {


     

       

       
396

       
+

       
    "nixpkgs_5": {


     

       
317

       
397

       
 

       
      "locked": {


     

       
318

       
398

       
 

       
        "lastModified": 1682134069,


     

       
319

       
399

       
 

       
        "narHash": "sha256-TnI/ZXSmRxQDt2sjRYK/8j8iha4B4zP2cnQCZZ3vp7k=",


     
···

       
327

       
407

       
 

       
        "type": "indirect"


     

       
328

       
408

       
 

       
      }


     

       
329

       
409

       
 

       
    },


     

       

       
410

       
+

       
    "proxmox-nixos": {


     

       

       
411

       
+

       
      "inputs": {


     

       

       
412

       
+

       
        "flake-compat": "flake-compat",


     

       

       
413

       
+

       
        "nixpkgs-stable": "nixpkgs-stable",


     

       

       
414

       
+

       
        "nixpkgs-unstable": "nixpkgs-unstable",


     

       

       
415

       
+

       
        "utils": "utils"


     

       

       
416

       
+

       
      },


     

       

       
417

       
+

       
      "locked": {


     

       

       
418

       
+

       
        "lastModified": 1758650077,


     

       

       
419

       
+

       
        "narHash": "sha256-ZeRtJimtk0Faiq7DPZEQNGipda3TaR4QXp0TAzu934Q=",


     

       

       
420

       
+

       
        "owner": "SaumonNet",


     

       

       
421

       
+

       
        "repo": "proxmox-nixos",


     

       

       
422

       
+

       
        "rev": "ce8768f43b4374287cd8b88d8fa9c0061e749d9a",


     

       

       
423

       
+

       
        "type": "github"


     

       

       
424

       
+

       
      },


     

       

       
425

       
+

       
      "original": {


     

       

       
426

       
+

       
        "owner": "SaumonNet",


     

       

       
427

       
+

       
        "repo": "proxmox-nixos",


     

       

       
428

       
+

       
        "type": "github"


     

       

       
429

       
+

       
      }


     

       

       
430

       
+

       
    },


     

       
330

       
431

       
 

       
    "root": {


     

       
331

       
432

       
 

       
      "inputs": {


     

       
332

       
433

       
 

       
        "agenix": "agenix",


     

       
333

       
434

       
 

       
        "catppuccin": "catppuccin",


     

       

       
435

       
+

       
        "disko": "disko",


     

       
334

       
436

       
 

       
        "home-manager": "home-manager_2",


     

       
335

       
437

       
 

       
        "lix-module": "lix-module",


     

       
336

       
438

       
 

       
        "microvm": "microvm",


     

       
337

       
439

       
 

       
        "nixos-hardware": "nixos-hardware",


     

       
338

       

       
-

       
        "nixpkgs": "nixpkgs_3",


     

       

       
440

       
+

       
        "nixpkgs": "nixpkgs_4",


     

       

       
441

       
+

       
        "proxmox-nixos": "proxmox-nixos",


     

       
339

       
442

       
 

       
        "vscode-server": "vscode-server",


     

       
340

       
443

       
 

       
        "zen-browser": "zen-browser"


     

       
341

       
444

       
 

       
      }


     
···

       
343

       
446

       
 

       
    "spectrum": {


     

       
344

       
447

       
 

       
      "flake": false,


     

       
345

       
448

       
 

       
      "locked": {


     

       
346

       

       
-

       
        "lastModified": 1751265943,


     

       
347

       

       
-

       
        "narHash": "sha256-XoHSo6GEElzRUOYAEg/jlh5c8TDsyDESFIux3nU/NMc=",


     

       

       
449

       
+

       
        "lastModified": 1759482047,


     

       

       
450

       
+

       
        "narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",


     

       
348

       
451

       
 

       
        "ref": "refs/heads/main",


     

       
349

       

       
-

       
        "rev": "37c8663fab86fdb202fece339ef7ac7177ffc201",


     

       
350

       

       
-

       
        "revCount": 904,


     

       

       
452

       
+

       
        "rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",


     

       

       
453

       
+

       
        "revCount": 996,


     

       
351

       
454

       
 

       
        "type": "git",


     

       
352

       
455

       
 

       
        "url": "https://spectrum-os.org/git/spectrum"


     

       
353

       
456

       
 

       
      },


     
···

       
416

       
519

       
 

       
        "type": "github"


     

       
417

       
520

       
 

       
      }


     

       
418

       
521

       
 

       
    },


     

       

       
522

       
+

       
    "systems_5": {


     

       

       
523

       
+

       
      "locked": {


     

       

       
524

       
+

       
        "lastModified": 1681028828,


     

       

       
525

       
+

       
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",


     

       

       
526

       
+

       
        "owner": "nix-systems",


     

       

       
527

       
+

       
        "repo": "default",


     

       

       
528

       
+

       
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",


     

       

       
529

       
+

       
        "type": "github"


     

       

       
530

       
+

       
      },


     

       

       
531

       
+

       
      "original": {


     

       

       
532

       
+

       
        "owner": "nix-systems",


     

       

       
533

       
+

       
        "repo": "default",


     

       

       
534

       
+

       
        "type": "github"


     

       

       
535

       
+

       
      }


     

       

       
536

       
+

       
    },


     

       

       
537

       
+

       
    "utils": {


     

       

       
538

       
+

       
      "inputs": {


     

       

       
539

       
+

       
        "systems": "systems_4"


     

       

       
540

       
+

       
      },


     

       

       
541

       
+

       
      "locked": {


     

       

       
542

       
+

       
        "lastModified": 1710146030,


     

       

       
543

       
+

       
        "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",


     

       

       
544

       
+

       
        "owner": "numtide",


     

       

       
545

       
+

       
        "repo": "flake-utils",


     

       

       
546

       
+

       
        "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",


     

       

       
547

       
+

       
        "type": "github"


     

       

       
548

       
+

       
      },


     

       

       
549

       
+

       
      "original": {


     

       

       
550

       
+

       
        "owner": "numtide",


     

       

       
551

       
+

       
        "repo": "flake-utils",


     

       

       
552

       
+

       
        "type": "github"


     

       

       
553

       
+

       
      }


     

       

       
554

       
+

       
    },


     

       
419

       
555

       
 

       
    "vscode-server": {


     

       
420

       
556

       
 

       
      "inputs": {


     

       
421

       
557

       
 

       
        "flake-utils": "flake-utils_3",


     

       
422

       

       
-

       
        "nixpkgs": "nixpkgs_4"


     

       

       
558

       
+

       
        "nixpkgs": "nixpkgs_5"


     

       
423

       
559

       
 

       
      },


     

       
424

       
560

       
 

       
      "locked": {


     

       
425

       

       
-

       
        "lastModified": 1750353031,


     

       
426

       

       
-

       
        "narHash": "sha256-Bx7DOPLhkr8Z60U9Qw4l0OidzHoqLDKQH5rDV5ef59A=",


     

       

       
561

       
+

       
        "lastModified": 1753541826,


     

       

       
562

       
+

       
        "narHash": "sha256-foGgZu8+bCNIGeuDqQ84jNbmKZpd+JvnrL2WlyU4tuU=",


     

       
427

       
563

       
 

       
        "owner": "nix-community",


     

       
428

       
564

       
 

       
        "repo": "nixos-vscode-server",


     

       
429

       

       
-

       
        "rev": "4ec4859b12129c0436b0a471ed1ea6dd8a317993",


     

       

       
565

       
+

       
        "rev": "6d5f074e4811d143d44169ba4af09b20ddb6937d",


     

       
430

       
566

       
 

       
        "type": "github"


     

       
431

       
567

       
 

       
      },


     

       
432

       
568

       
 

       
      "original": {


     
···

       
443

       
579

       
 

       
        ]


     

       
444

       
580

       
 

       
      },


     

       
445

       
581

       
 

       
      "locked": {


     

       
446

       

       
-

       
        "lastModified": 1751779188,


     

       
447

       

       
-

       
        "narHash": "sha256-o1PidAPLtSSqI6isos6v/e6s7t3zQ56NBYhXVaUesXc=",


     

       

       
582

       
+

       
        "lastModified": 1761180075,


     

       

       
583

       
+

       
        "narHash": "sha256-V4WLeUQ4gCGZiVihlXWBOZ/1FNcL0jM4zgTY1haJLvY=",


     

       
448

       
584

       
 

       
        "owner": "0xc000022070",


     

       
449

       
585

       
 

       
        "repo": "zen-browser-flake",


     

       
450

       

       
-

       
        "rev": "b3200f40877a3e0a679070d96f8793a06105c06e",


     

       

       
586

       
+

       
        "rev": "771a2604606905d8c0ffe3b818dc2cc5bd1405d8",


     

       
451

       
587

       
 

       
        "type": "github"


     

       
452

       
588

       
 

       
      },


     

       
453

       
589

       
 

       
      "original": {
+37 -4
flake.nix 
···

       
1

       
1

       
 

       
# flake.nix


     

       
2

       
2

       
 

       
{


     

       
3

       
3

       
 

       
  inputs = {


     

       
4

       

       
-

       
    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";


     

       

       
4

       
+

       
    nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";


     

       
5

       
5

       
 

       
    nixos-hardware.url = "github:nixos/nixos-hardware/master";


     

       
6

       
6

       
 

       



     

       

       
7

       
+

       
    proxmox-nixos.url = "github:SaumonNet/proxmox-nixos";


     

       

       
8

       
+

       



     

       
7

       
9

       
 

       
    lix-module = {


     

       
8

       

       
-

       
      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.0.tar.gz";


     

       

       
10

       
+

       
      url = "https://git.lix.systems/lix-project/nixos-module/archive/2.93.3-1.tar.gz";


     

       
9

       
11

       
 

       
      inputs.nixpkgs.follows = "nixpkgs";


     

       
10

       
12

       
 

       
    };


     

       
11

       
13

       
 

       



     
···

       
17

       
19

       
 

       
    };


     

       
18

       
20

       
 

       
    microvm.url = "github:astro/microvm.nix";


     

       
19

       
21

       
 

       
    microvm.inputs.nixpkgs.follows = "nixpkgs";


     

       

       
22

       
+

       



     

       

       
23

       
+

       
    disko.url = "github:nix-community/disko/v1.11.0";


     

       
20

       
24

       
 

       



     

       
21

       
25

       
 

       
    catppuccin.url = "github:catppuccin/nix";


     

       
22

       
26

       
 

       
    home-manager = {


     
···

       
81

       
85

       
 

       
            ./hosts/valefar


     

       
82

       
86

       
 

       
            lix-module.nixosModules.default


     

       
83

       
87

       
 

       
            vscode-server.nixosModules.default


     

       
84

       

       
-

       
            microvm.nixosModules.host


     

       
85

       
88

       
 

       
            


     

       

       
89

       
+

       
            proxmox-nixos.nixosModules.proxmox-ve


     

       

       
90

       
+

       



     

       

       
91

       
+

       
            ({ pkgs, lib, ... }: {


     

       

       
92

       
+

       
              services.proxmox-ve = {


     

       

       
93

       
+

       
                enable = true;


     

       

       
94

       
+

       
                ipAddress = "10.0.0.30";


     

       

       
95

       
+

       
              };


     

       

       
96

       
+

       



     

       

       
97

       
+

       
              nixpkgs.overlays = [


     

       

       
98

       
+

       
                proxmox-nixos.overlays.x86_64-linux


     

       

       
99

       
+

       
              ];


     

       

       
100

       
+

       
            }) 


     

       

       
101

       
+

       



     

       
86

       
102

       
 

       
            { imports = builtins.attrValues nixosModules; }


     

       
87

       
103

       
 

       
          ];


     

       
88

       
104

       
 

       
        };


     
···

       
101

       
117

       
 

       
            { imports = builtins.attrValues nixosModules; }


     

       
102

       
118

       
 

       
          ];


     

       
103

       
119

       
 

       
        };


     

       

       
120

       
+

       



     

       

       
121

       
+

       
        baal = nixpkgs.lib.nixosSystem {


     

       

       
122

       
+

       
          system = "aarch64-linux";


     

       

       
123

       
+

       
          specialArgs = {


     

       

       
124

       
+

       
            inherit inputs;


     

       

       
125

       
+

       
            system = "aarch64-linux";


     

       

       
126

       
+

       
          };


     

       

       
127

       
+

       
          modules = [


     

       

       
128

       
+

       
            ./hosts/baal


     

       

       
129

       
+

       



     

       

       
130

       
+

       
            agenix.nixosModules.default


     

       

       
131

       
+

       
            disko.nixosModules.disko


     

       

       
132

       
+

       



     

       

       
133

       
+

       
            { imports = builtins.attrValues nixosModules; }


     

       

       
134

       
+

       



     

       

       
135

       
+

       
          ];


     

       

       
136

       
+

       
        };


     

       
104

       
137

       
 

       
      };


     

       
105

       
138

       
 

       
    };


     

       
106

       

       
-

       
}

     

       

       
139

       
+

       
}
+58
hosts/baal/default.nix 
···

       

       
1

       
+

       
{ config, lib, pkgs, modulesPath, inputs, ... }:


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  imports = [


     

       

       
4

       
+

       
    ./hardware.nix


     

       

       
5

       
+

       
    ./secrets.nix


     

       

       
6

       
+

       



     

       

       
7

       
+

       
    ../../common/system.nix


     

       

       
8

       
+

       
    ../../common/users.nix


     

       

       
9

       
+

       
    ../../common/services.nix


     

       

       
10

       
+

       



     

       

       
11

       
+

       
    ../../host-secrets.nix


     

       

       
12

       
+

       
  ];


     

       

       
13

       
+

       



     

       

       
14

       
+

       
  boot = {


     

       

       
15

       
+

       
    loader = {


     

       

       
16

       
+

       
      systemd-boot.enable = true;


     

       

       
17

       
+

       
      efi = {


     

       

       
18

       
+

       
        canTouchEfiVariables = true;


     

       

       
19

       
+

       
        efiSysMountPoint = "/boot";


     

       

       
20

       
+

       
      };


     

       

       
21

       
+

       
    };


     

       

       
22

       
+

       
    initrd.systemd.enable = true;


     

       

       
23

       
+

       
  };


     

       

       
24

       
+

       



     

       

       
25

       
+

       
  system.stateVersion = "24.11";


     

       

       
26

       
+

       
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";


     

       

       
27

       
+

       



     

       

       
28

       
+

       
  systemd.targets.multi-user.enable = true;


     

       

       
29

       
+

       
  


     

       

       
30

       
+

       
  networking = {


     

       

       
31

       
+

       
    hostName = "baal";


     

       

       
32

       
+

       
    hostId = "aaaaaaaa";


     

       

       
33

       
+

       
    networkmanager.enable = true;


     

       

       
34

       
+

       
  };


     

       

       
35

       
+

       



     

       

       
36

       
+

       
    services.fail2ban = {


     

       

       
37

       
+

       
    enable = true;


     

       

       
38

       
+

       
    # Ban IP after 5 failures


     

       

       
39

       
+

       
    maxretry = 5;


     

       

       
40

       
+

       
    ignoreIP = [


     

       

       
41

       
+

       
      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"


     

       

       
42

       
+

       
    ];


     

       

       
43

       
+

       
    bantime = "24h"; # Ban IPs for one day on the first ban


     

       

       
44

       
+

       
    bantime-increment = {


     

       

       
45

       
+

       
      enable = true; # Enable increment of bantime after each violation


     

       

       
46

       
+

       
      multipliers = "1 2 4 8 16 32 64";


     

       

       
47

       
+

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       

       
48

       
+

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       

       
49

       
+

       
    };


     

       

       
50

       
+

       
  };


     

       

       
51

       
+

       



     

       

       
52

       
+

       
  virtualisation.docker = {


     

       

       
53

       
+

       
    enable = true;


     

       

       
54

       
+

       
    enableOnBoot = true;


     

       

       
55

       
+

       
  };


     

       

       
56

       
+

       



     

       

       
57

       
+

       
  documentation.enable = false;


     

       

       
58

       
+

       
}
+55
hosts/baal/hardware.nix 
···

       

       
1

       
+

       
# Do not modify this file!  It was generated by ‘nixos-generate-config’


     

       

       
2

       
+

       
# and may be overwritten by future invocations.  Please make changes


     

       

       
3

       
+

       
# to /etc/nixos/configuration.nix instead.


     

       

       
4

       
+

       
{ config, lib, pkgs, modulesPath, ... }:


     

       

       
5

       
+

       



     

       

       
6

       
+

       
{


     

       

       
7

       
+

       
  imports =


     

       

       
8

       
+

       
    [ (modulesPath + "/profiles/qemu-guest.nix")


     

       

       
9

       
+

       
    ];


     

       

       
10

       
+

       



     

       

       
11

       
+

       
  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" ];


     

       

       
12

       
+

       
  boot.initrd.kernelModules = [ ];


     

       

       
13

       
+

       
  boot.kernelModules = [ ];


     

       

       
14

       
+

       
  boot.extraModulePackages = [ ];


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking


     

       

       
17

       
+

       
  # (the default) this is the recommended approach. When using systemd-networkd it's


     

       

       
18

       
+

       
  # still possible to use this option, but it's recommended to use it in conjunction


     

       

       
19

       
+

       
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.


     

       

       
20

       
+

       
  networking.useDHCP = lib.mkDefault true;


     

       

       
21

       
+

       
  # networking.interfaces.enp0s6.useDHCP = lib.mkDefault true;


     

       

       
22

       
+

       



     

       

       
23

       
+

       
  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";


     

       

       
24

       
+

       



     

       

       
25

       
+

       
  disko.devices = {


     

       

       
26

       
+

       
    disk = {


     

       

       
27

       
+

       
      main = {


     

       

       
28

       
+

       
        type = "disk";


     

       

       
29

       
+

       
        device = "/dev/sda";


     

       

       
30

       
+

       
        content = {


     

       

       
31

       
+

       
          type = "gpt";


     

       

       
32

       
+

       
          partitions = {


     

       

       
33

       
+

       
            boot = {


     

       

       
34

       
+

       
              size = "512M";


     

       

       
35

       
+

       
              type = "EF00";


     

       

       
36

       
+

       
              content = {


     

       

       
37

       
+

       
                type = "filesystem";


     

       

       
38

       
+

       
                format = "vfat";


     

       

       
39

       
+

       
                mountpoint = "/boot";


     

       

       
40

       
+

       
              };


     

       

       
41

       
+

       
            };


     

       

       
42

       
+

       
            root = {


     

       

       
43

       
+

       
              size = "100%";


     

       

       
44

       
+

       
              content = {


     

       

       
45

       
+

       
                type = "filesystem";


     

       

       
46

       
+

       
                format = "ext4";


     

       

       
47

       
+

       
                mountpoint = "/";


     

       

       
48

       
+

       
              };


     

       

       
49

       
+

       
            };


     

       

       
50

       
+

       
          };


     

       

       
51

       
+

       
        };


     

       

       
52

       
+

       
      };


     

       

       
53

       
+

       
    };


     

       

       
54

       
+

       
  };


     

       

       
55

       
+

       
}
+3
hosts/baal/secrets.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       



     

       

       
3

       
+

       
}
+16
hosts/buer/default.nix 
···

       
66

       
66

       
 

       
    useDHCP = false;


     

       
67

       
67

       
 

       
  };


     

       
68

       
68

       
 

       



     

       

       
69

       
+

       
    services.fail2ban = {


     

       

       
70

       
+

       
    enable = true;


     

       

       
71

       
+

       
    # Ban IP after 5 failures


     

       

       
72

       
+

       
    maxretry = 5;


     

       

       
73

       
+

       
    ignoreIP = [


     

       

       
74

       
+

       
      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"


     

       

       
75

       
+

       
    ];


     

       

       
76

       
+

       
    bantime = "24h"; # Ban IPs for one day on the first ban


     

       

       
77

       
+

       
    bantime-increment = {


     

       

       
78

       
+

       
      enable = true; # Enable increment of bantime after each violation


     

       

       
79

       
+

       
      multipliers = "1 2 4 8 16 32 64";


     

       

       
80

       
+

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       

       
81

       
+

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       

       
82

       
+

       
    };


     

       

       
83

       
+

       
  };


     

       

       
84

       
+

       



     

       
69

       
85

       
 

       
  # Static IP configuration via systemd-networkd


     

       
70

       
86

       
 

       
  systemd.network = {


     

       
71

       
87

       
 

       
    enable = true;
-3
hosts/focalor/default.nix 
···

       
136

       
136

       
 

       
  virtualisation.docker = {


     

       
137

       
137

       
 

       
    enable = true;


     

       
138

       
138

       
 

       
    enableOnBoot = true;


     

       
139

       

       
-

       
    package = pkgs.docker.override {


     

       
140

       

       
-

       
      buildGoModule = pkgs.buildGo123Module;


     

       
141

       

       
-

       
    };


     

       
142

       
139

       
 

       
  };


     

       
143

       
140

       
 

       



     

       
144

       
141

       
 

       
  # =============================================================================
-7
hosts/focalor/vfio.nix 
···

       
9

       
9

       
 

       
      package = pkgs.qemu_kvm;


     

       
10

       
10

       
 

       
      runAsRoot = true;


     

       
11

       
11

       
 

       
      swtpm.enable = true;


     

       
12

       

       
-

       
      ovmf = {


     

       
13

       

       
-

       
        enable = true;


     

       
14

       

       
-

       
        packages = [(pkgs.OVMF.override {


     

       
15

       

       
-

       
          secureBoot = true;


     

       
16

       

       
-

       
          tpmSupport = true;


     

       
17

       

       
-

       
        }).fd];


     

       
18

       

       
-

       
      };


     

       
19

       
12

       
 

       
    };


     

       
20

       
13

       
 

       
    hooks.qemu = {


     

       
21

       
14

       
 

       
      win11 = ./scripts/vm-win11-hook.sh;
+64
hosts/valefar/backup.nix 
···

       

       
1

       
+

       
# Do not modify this file!  It was generated by ‘nixos-generate-config’


     

       

       
2

       
+

       
# and may be overwritten by future invocations.  Please make changes


     

       

       
3

       
+

       
# to /etc/nixos/configuration.nix instead.


     

       

       
4

       
+

       
{ config, lib, pkgs, modulesPath, ... }:


     

       

       
5

       
+

       



     

       

       
6

       
+

       
{


     

       

       
7

       
+

       
  imports =


     

       

       
8

       
+

       
    [ (modulesPath + "/installer/scan/not-detected.nix")


     

       

       
9

       
+

       
    ];


     

       

       
10

       
+

       



     

       

       
11

       
+

       
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "mpt3sas" "sd_mod" ];


     

       

       
12

       
+

       
  boot.initrd.kernelModules = [ ];


     

       

       
13

       
+

       
  boot.kernelModules = [ "kvm-amd" ];


     

       

       
14

       
+

       
  boot.extraModulePackages = [ ];


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  fileSystems."/" = {


     

       

       
17

       
+

       
    device = "/dev/disk/by-uuid/17b399da-2210-4493-9ae3-c65b20b992a0";


     

       

       
18

       
+

       
    fsType = "ext4";


     

       

       
19

       
+

       
  };


     

       

       
20

       
+

       



     

       

       
21

       
+

       
  fileSystems."/boot" =


     

       

       
22

       
+

       
    { device = "/dev/disk/by-uuid/6340-211B";


     

       

       
23

       
+

       
      fsType = "vfat";


     

       

       
24

       
+

       
      options = [ "fmask=0022" "dmask=0022" ];


     

       

       
25

       
+

       
    };


     

       

       
26

       
+

       



     

       

       
27

       
+

       
/*  fileSystems."/garage" = {


     

       

       
28

       
+

       
    device = "garage";


     

       

       
29

       
+

       
    fsType = "zfs";


     

       

       
30

       
+

       
  };


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  fileSystems."/storage" = {


     

       

       
33

       
+

       
    device = "storage";


     

       

       
34

       
+

       
    fsType = "zfs";


     

       

       
35

       
+

       
  };*/


     

       

       
36

       
+

       



     

       

       
37

       
+

       
  swapDevices = [ ];


     

       

       
38

       
+

       



     

       

       
39

       
+

       
  # Fan Control


     

       

       
40

       
+

       
  hardware.fancontrol = {


     

       

       
41

       
+

       
    enable = false;


     

       

       
42

       
+

       
    config = ''


     

       

       
43

       
+

       
INTERVAL=10


     

       

       
44

       
+

       
DEVPATH=hwmon1=devices/platform/nct6775.2592 hwmon2=devices/platform/coretemp.0


     

       

       
45

       
+

       
DEVNAME=hwmon1=nct6795 hwmon2=coretemp


     

       

       
46

       
+

       
FCTEMPS=hwmon1/pwm2=hwmon2/temp1_input hwmon1/pwm3=hwmon2/temp1_input


     

       

       
47

       
+

       
FCFANS=hwmon1/pwm2=hwmon1/fan2_input hwmon1/pwm3=hwmon1/fan3_input


     

       

       
48

       
+

       
MINTEMP=hwmon1/pwm2=20 hwmon1/pwm3=20


     

       

       
49

       
+

       
MAXTEMP=hwmon1/pwm2=65 hwmon1/pwm3=60


     

       

       
50

       
+

       
MINSTART=hwmon1/pwm2=38 hwmon1/pwm3=75


     

       

       
51

       
+

       
MINSTOP=hwmon1/pwm2=28 hwmon1/pwm3=75


     

       

       
52

       
+

       
MINPWM=hwmon1/pwm2=28 hwmon1/pwm3=75


     

       

       
53

       
+

       
MAXPWM=hwmon1/pwm2=150 hwmon1/pwm3=105


     

       

       
54

       
+

       
    '';


     

       

       
55

       
+

       
  };


     

       

       
56

       
+

       



     

       

       
57

       
+

       
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking


     

       

       
58

       
+

       
  # (the default) this is the recommended approach. When using systemd-networkd it's


     

       

       
59

       
+

       
  # still possible to use this option, but it's recommended to use it in conjunction


     

       

       
60

       
+

       
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.


     

       

       
61

       
+

       
  networking.useDHCP = lib.mkDefault true;


     

       

       
62

       
+

       
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;


     

       

       
63

       
+

       
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;


     

       

       
64

       
+

       
}
+34 -15
hosts/valefar/default.nix 
···

       
5

       
5

       
 

       
  # IMPORTS


     

       
6

       
6

       
 

       
  # =============================================================================


     

       
7

       
7

       
 

       
  imports = [


     

       
8

       

       
-

       
    # Host-specific hardware


     

       
9

       
8

       
 

       
    ./hardware.nix


     

       
10

       
9

       
 

       
    ./secrets.nix


     

       
11

       
10

       
 

       
    ../../common/nvidia.nix


     

       
12

       
11

       
 

       



     

       
13

       

       
-

       
    # Common secrets


     

       
14

       
12

       
 

       
    ../../host-secrets.nix


     

       
15

       
13

       
 

       
    


     

       
16

       

       
-

       
    # Common modules shared across hosts


     

       
17

       
14

       
 

       
    ../../common/system.nix


     

       
18

       
15

       
 

       
    ../../common/users.nix


     

       
19

       
16

       
 

       
    ../../common/services.nix


     

       
20

       
17

       
 

       
    ../../common/efi.nix


     

       
21

       
18

       
 

       
    


     

       
22

       

       
-

       
    # Hardware-specific (commented out)


     

       
23

       

       
-

       
    # ../../common/nvidia.nix


     

       

       
19

       
+

       
    ../../common/nvidia.nix


     

       
24

       
20

       
 

       
  ];


     

       
25

       
21

       
 

       



     

       
26

       
22

       
 

       
  # =============================================================================


     
···

       
29

       
25

       
 

       
  system.stateVersion = "24.11";


     

       
30

       
26

       
 

       
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";


     

       
31

       
27

       
 

       
  


     

       
32

       

       
-

       
  # Intel microcode updates


     

       
33

       

       
-

       
  hardware.cpu.intel.updateMicrocode = lib.mkDefault


     

       

       
28

       
+

       
  hardware.cpu.amd.updateMicrocode = lib.mkDefault


     

       
34

       
29

       
 

       
    config.hardware.enableRedistributableFirmware;


     

       
35

       
30

       
 

       



     

       
36

       
31

       
 

       
  # =============================================================================


     
···

       
60

       
55

       
 

       
  networking.hostId = "2a07da90";


     

       
61

       
56

       
 

       
  networking.firewall.enable = false;


     

       
62

       
57

       
 

       



     

       

       
58

       
+

       
  services.proxmox-ve.bridges = [ "vmbr0" ];


     

       

       
59

       
+

       



     

       
63

       
60

       
 

       
  systemd.network.networks."10-lan" = {


     

       
64

       

       
-

       
    matchConfig.Name = ["enp6s0" "vm-*"];


     

       

       
61

       
+

       
    matchConfig.Name = ["enp6s0"];


     

       
65

       
62

       
 

       
    networkConfig = {


     

       
66

       

       
-

       
      Bridge = "br0";


     

       

       
63

       
+

       
      Bridge = "vmbr0";


     

       
67

       
64

       
 

       
    };


     

       
68

       
65

       
 

       
  };


     

       
69

       
66

       
 

       
  systemd.network.netdevs."br0" = {


     

       
70

       
67

       
 

       
    netdevConfig = {


     

       
71

       

       
-

       
      Name = "br0";


     

       

       
68

       
+

       
      Name = "vmbr0";


     

       
72

       
69

       
 

       
      Kind = "bridge";


     

       
73

       
70

       
 

       
    };


     

       
74

       
71

       
 

       
  };


     

       
75

       
72

       
 

       



     

       
76

       
73

       
 

       
  systemd.network.networks."10-lan-bridge" = {


     

       
77

       

       
-

       
    matchConfig.Name = "br0";


     

       

       
74

       
+

       
    matchConfig.Name = "vmbr0";


     

       
78

       
75

       
 

       
    networkConfig = {


     

       
79

       
76

       
 

       
      Address = ["10.0.0.30/24" "2601:5c2:8400:26c0::30/64"];


     

       
80

       
77

       
 

       
      Gateway = "10.0.0.1";


     
···

       
150

       
147

       
 

       
    "d /storage/immich/photos 0755 immich immich -"


     

       
151

       
148

       
 

       
    "Z /storage/immich 0755 immich immich -"


     

       
152

       
149

       
 

       
    "d /storage/tm_share 0755 regent users"


     

       

       
150

       
+

       
    "Z /garage/ 0755 garage garage -"


     

       
153

       
151

       
 

       
  ];


     

       
154

       
152

       
 

       



     

       
155

       
153

       
 

       
  # =============================================================================


     
···

       
245

       
243

       
 

       
    nodejsPackage = pkgs.nodejs_20;


     

       
246

       
244

       
 

       
  };


     

       
247

       
245

       
 

       



     

       

       
246

       
+

       
  services.ollama = {


     

       

       
247

       
+

       
    enable = true;


     

       

       
248

       
+

       
    loadModels = ["deepseek-r1:1.5b" "gemma3:12b"];


     

       

       
249

       
+

       
    acceleration = "cuda";


     

       

       
250

       
+

       
  };


     

       

       
251

       
+

       



     

       

       
252

       
+

       
  services.open-webui.enable = true;


     

       

       
253

       
+

       



     

       
248

       
254

       
 

       
  # =============================================================================


     

       
249

       
255

       
 

       
  # VIRTUALIZATION


     

       
250

       
256

       
 

       
  # =============================================================================


     

       
251

       
257

       
 

       
  virtualisation.docker = {


     

       
252

       
258

       
 

       
    enable = true;


     

       
253

       
259

       
 

       
    enableOnBoot = true;


     

       
254

       

       
-

       
    package = pkgs.docker.override {


     

       
255

       

       
-

       
      buildGoModule = pkgs.buildGo123Module;


     

       

       
260

       
+

       
  };


     

       

       
261

       
+

       



     

       

       
262

       
+

       
  services.fail2ban = {


     

       

       
263

       
+

       
    enable = true;


     

       

       
264

       
+

       
    # Ban IP after 5 failures


     

       

       
265

       
+

       
    maxretry = 5;


     

       

       
266

       
+

       
    ignoreIP = [


     

       

       
267

       
+

       
      "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10"


     

       

       
268

       
+

       
    ];


     

       

       
269

       
+

       
    bantime = "24h"; # Ban IPs for one day on the first ban


     

       

       
270

       
+

       
    bantime-increment = {


     

       

       
271

       
+

       
      enable = true; # Enable increment of bantime after each violation


     

       

       
272

       
+

       
      multipliers = "1 2 4 8 16 32 64";


     

       

       
273

       
+

       
      maxtime = "168h"; # Do not ban for more than 1 week


     

       

       
274

       
+

       
      overalljails = true; # Calculate the bantime based on all the violations


     

       
256

       
275

       
 

       
    };


     

       
257

       
276

       
 

       
  };


     

       
258

       
277

       
 

       



     
···

       
269

       
288

       
 

       
  # =============================================================================


     

       
270

       
289

       
 

       
  # VIRTUAL MACHINES


     

       
271

       
290

       
 

       
  # =============================================================================


     

       
272

       

       
-

       
  systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ];


     

       

       
291

       
+

       
  /*systemd.services."microvm@".after = [ "microvm-virtiofsd@%i.service" ];


     

       
273

       
292

       
 

       



     

       
274

       
293

       
 

       
  microvm.vms = {


     

       
275

       
294

       
 

       
    gameservers = {


     
···

       
279

       
298

       
 

       



     

       
280

       
299

       
 

       
  microvm.autostart = [


     

       
281

       
300

       
 

       
    "gameservers"


     

       
282

       

       
-

       
  ];


     

       

       
301

       
+

       
  ];*/


     

       
283

       
302

       
 

       
}
-80
hosts/valefar/gamevm.nix 
···

       
1

       

       
-

       
{ config, lib, pkgs, modulesPath, microvm, inputs, ... }:


     

       
2

       

       
-

       



     

       
3

       

       
-

       
{


     

       
4

       

       
-

       
  # =============================================================================


     

       
5

       

       
-

       
  # IMPORTS


     

       
6

       

       
-

       
  # =============================================================================


     

       
7

       

       
-

       
  imports = [


     

       
8

       

       
-

       
      # Common modules shared across hosts


     

       
9

       

       
-

       
    ../../common/system.nix


     

       
10

       

       
-

       
    ../../common/users.nix


     

       
11

       

       
-

       
    ../../common/services.nix


     

       
12

       

       
-

       
  ];


     

       
13

       

       
-

       



     

       
14

       

       
-

       
  system.stateVersion = "25.05";


     

       
15

       

       
-

       
  networking.hostName = "gameservers";


     

       
16

       

       
-

       



     

       
17

       

       
-

       
  virtualisation.docker = {


     

       
18

       

       
-

       
    enable = true;


     

       
19

       

       
-

       
    enableOnBoot = true;


     

       
20

       

       
-

       
  };


     

       
21

       

       
-

       



     

       
22

       

       
-

       
  systemd.network.networks."20-lan" = {


     

       
23

       

       
-

       
    matchConfig.Type = "ether";


     

       
24

       

       
-

       
    networkConfig = {


     

       
25

       

       
-

       
      Address = [


     

       
26

       

       
-

       
        "10.0.0.31/24"


     

       
27

       

       
-

       
        "2601:5c2:8400:26c0::31/64"


     

       
28

       

       
-

       
      ];


     

       
29

       

       
-

       
      Gateway = "10.0.0.1";


     

       
30

       

       
-

       
      DNS = [


     

       
31

       

       
-

       
        "10.0.0.210"


     

       
32

       

       
-

       
        "1.1.1.1"


     

       
33

       

       
-

       
        "1.0.0.1"


     

       
34

       

       
-

       
      ];


     

       
35

       

       
-

       
      IPv6AcceptRA = true;


     

       
36

       

       
-

       
      DHCP = "no";


     

       
37

       

       
-

       
    };


     

       
38

       

       
-

       
  };


     

       
39

       

       
-

       



     

       
40

       

       
-

       
  systemd.network.networks."19-docker" = {


     

       
41

       

       
-

       
    matchConfig.Name = "veth*";


     

       
42

       

       
-

       
    linkConfig = {


     

       
43

       

       
-

       
      Unmanaged = true;


     

       
44

       

       
-

       
    };


     

       
45

       

       
-

       
  };


     

       
46

       

       
-

       



     

       
47

       

       
-

       
  microvm = {


     

       
48

       

       
-

       
    interfaces = [


     

       
49

       

       
-

       
      {


     

       
50

       

       
-

       
        type = "tap";


     

       
51

       

       
-

       
        id = "vm-test1";


     

       
52

       

       
-

       
        mac = "02:00:00:00:00:01";


     

       
53

       

       
-

       
      }


     

       
54

       

       
-

       
    ];


     

       
55

       

       
-

       



     

       
56

       

       
-

       
    shares = [


     

       
57

       

       
-

       
      {


     

       
58

       

       
-

       
        source = "/nix/store";


     

       
59

       

       
-

       
        mountPoint = "/nix/.ro-store";


     

       
60

       

       
-

       
        tag = "ro-store";


     

       
61

       

       
-

       
        proto = "virtiofs";


     

       
62

       

       
-

       
      }


     

       
63

       

       
-

       
      {


     

       
64

       

       
-

       
        source = "/etc/ssh";


     

       
65

       

       
-

       
        mountPoint = "/etc/ssh";


     

       
66

       

       
-

       
        tag = "ssh";


     

       
67

       

       
-

       
        proto = "virtiofs";


     

       
68

       

       
-

       
      }


     

       
69

       

       
-

       
      {


     

       
70

       

       
-

       
        source = "/home/regent/gamedata";


     

       
71

       

       
-

       
        mountPoint = "/root/gamedata";


     

       
72

       

       
-

       
        tag = "gamedata";


     

       
73

       

       
-

       
        proto = "virtiofs";


     

       
74

       

       
-

       
      }


     

       
75

       

       
-

       
    ];


     

       
76

       

       
-

       



     

       
77

       

       
-

       
    vcpu = 4;


     

       
78

       

       
-

       
    mem = 8192;


     

       
79

       

       
-

       
  };


     

       
80

       

       
-

       
}
+12 -36
hosts/valefar/hardware.nix 
···

       
8

       
8

       
 

       
    [ (modulesPath + "/installer/scan/not-detected.nix")


     

       
9

       
9

       
 

       
    ];


     

       
10

       
10

       
 

       



     

       
11

       

       
-

       
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "mpt3sas" "sd_mod" ];


     

       

       
11

       
+

       
  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "mpt3sas" "nvme" "usbhid" "uas" "sd_mod" ];


     

       
12

       
12

       
 

       
  boot.initrd.kernelModules = [ ];


     

       
13

       
13

       
 

       
  boot.kernelModules = [ "kvm-amd" ];


     

       
14

       
14

       
 

       
  boot.extraModulePackages = [ ];


     

       
15

       
15

       
 

       



     

       
16

       

       
-

       
  fileSystems."/" = {


     

       
17

       

       
-

       
    device = "/dev/disk/by-uuid/17b399da-2210-4493-9ae3-c65b20b992a0";


     

       
18

       

       
-

       
    fsType = "ext4";


     

       
19

       

       
-

       
  };


     

       

       
16

       
+

       
  fileSystems."/" =


     

       

       
17

       
+

       
    { device = "/dev/disk/by-uuid/e02d1d07-3bc8-4d1d-a301-6d589f4b4b6d";


     

       

       
18

       
+

       
      fsType = "ext4";


     

       

       
19

       
+

       
    };


     

       
20

       
20

       
 

       



     

       
21

       
21

       
 

       
  fileSystems."/boot" =


     

       
22

       

       
-

       
    { device = "/dev/disk/by-uuid/6340-211B";


     

       

       
22

       
+

       
    { device = "/dev/disk/by-uuid/B3DE-0187";


     

       
23

       
23

       
 

       
      fsType = "vfat";


     

       
24

       
24

       
 

       
      options = [ "fmask=0022" "dmask=0022" ];


     

       
25

       
25

       
 

       
    };


     

       
26

       
26

       
 

       



     

       
27

       

       
-

       
/*  fileSystems."/garage" = {


     

       
28

       

       
-

       
    device = "garage";


     

       
29

       

       
-

       
    fsType = "zfs";


     

       
30

       

       
-

       
  };


     

       
31

       

       
-

       



     

       
32

       

       
-

       
  fileSystems."/storage" = {


     

       
33

       

       
-

       
    device = "storage";


     

       
34

       

       
-

       
    fsType = "zfs";


     

       
35

       

       
-

       
  };*/


     

       
36

       

       
-

       



     

       
37

       

       
-

       
  swapDevices = [ ];


     

       
38

       

       
-

       



     

       
39

       

       
-

       
  # Fan Control


     

       
40

       

       
-

       
  hardware.fancontrol = {


     

       
41

       

       
-

       
    enable = false;


     

       
42

       

       
-

       
    config = ''


     

       
43

       

       
-

       
INTERVAL=10


     

       
44

       

       
-

       
DEVPATH=hwmon1=devices/platform/nct6775.2592 hwmon2=devices/platform/coretemp.0


     

       
45

       

       
-

       
DEVNAME=hwmon1=nct6795 hwmon2=coretemp


     

       
46

       

       
-

       
FCTEMPS=hwmon1/pwm2=hwmon2/temp1_input hwmon1/pwm3=hwmon2/temp1_input


     

       
47

       

       
-

       
FCFANS=hwmon1/pwm2=hwmon1/fan2_input hwmon1/pwm3=hwmon1/fan3_input


     

       
48

       

       
-

       
MINTEMP=hwmon1/pwm2=20 hwmon1/pwm3=20


     

       
49

       

       
-

       
MAXTEMP=hwmon1/pwm2=65 hwmon1/pwm3=60


     

       
50

       

       
-

       
MINSTART=hwmon1/pwm2=38 hwmon1/pwm3=75


     

       
51

       

       
-

       
MINSTOP=hwmon1/pwm2=28 hwmon1/pwm3=75


     

       
52

       

       
-

       
MINPWM=hwmon1/pwm2=28 hwmon1/pwm3=75


     

       
53

       

       
-

       
MAXPWM=hwmon1/pwm2=150 hwmon1/pwm3=105


     

       
54

       

       
-

       
    '';


     

       
55

       

       
-

       
  };


     

       

       
27

       
+

       
  swapDevices =


     

       

       
28

       
+

       
    [ { device = "/dev/disk/by-uuid/c8f24f31-49e0-486c-9f63-1d31b2e36ce9"; }


     

       

       
29

       
+

       
    ];


     

       
56

       
30

       
 

       



     

       
57

       
31

       
 

       
  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking


     

       
58

       
32

       
 

       
  # (the default) this is the recommended approach. When using systemd-networkd it's


     

       
59

       
33

       
 

       
  # still possible to use this option, but it's recommended to use it in conjunction


     

       
60

       
34

       
 

       
  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.


     

       
61

       
35

       
 

       
  networking.useDHCP = lib.mkDefault true;


     

       

       
36

       
+

       
  # networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;


     

       

       
37

       
+

       



     

       

       
38

       
+

       
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";


     

       
62

       
39

       
 

       
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;


     

       
63

       

       
-

       
  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;


     

       
64

       
40

       
 

       
}
+3 -2
modules/forgejo/default.nix 
···

       
37

       
37

       
 

       
          SSH_LISTEN_PORT = 2222;


     

       
38

       
38

       
 

       
          SSH_PORT = 2222;


     

       
39

       
39

       
 

       
          START_SSH_SERVER = true;


     

       

       
40

       
+

       
          SSH_DOMAIN = "sgit.nekomimi.pet";


     

       
40

       
41

       
 

       
        };


     

       
41

       

       
-

       
        # service.DISABLE_REGISTRATION = true;


     

       

       
42

       
+

       
        service.DISABLE_REGISTRATION = true;


     

       
42

       
43

       
 

       
        actions = {


     

       
43

       
44

       
 

       
          ENABLED = true;


     

       
44

       
45

       
 

       
          DEFAULT_ACTIONS_URL = "github";


     
···

       
46

       
47

       
 

       
      };


     

       
47

       
48

       
 

       
    };


     

       
48

       
49

       
 

       
  };


     

       
49

       

       
-

       
}

     

       

       
50

       
+

       
}
+4 -4
modules/garage/default.nix 
···

       
16

       
16

       
 

       
  config = mkIf cfg.enable {


     

       
17

       
17

       
 

       
    services.garage = {


     

       
18

       
18

       
 

       
      enable = true;


     

       
19

       

       
-

       
      package = pkgs.garage;


     

       

       
19

       
+

       
      package = pkgs.garage_2;


     

       
20

       
20

       
 

       
      settings = {


     

       
21

       
21

       
 

       
        metadata_dir = "/garage/metadata";


     

       
22

       
22

       
 

       
        data_dir = "/garage/data";


     

       
23

       
23

       
 

       
        db_engine = "lmdb";


     

       
24

       

       
-

       
        replication_mode = "2";


     

       

       
24

       
+

       
        replication_factor = 2;


     

       
25

       
25

       
 

       
        rpc_bind_addr = "[::]:3901";


     

       
26

       
26

       
 

       
        rpc_public_addr = "${config.networking.hostName}:3901";


     

       
27

       
27

       
 

       
        rpc_secret_file = config.age.secrets."garage-rpc-secret".path;


     
···

       
41

       
41

       
 

       
          metrics_token_file = config.age.secrets."garage-metrics-token".path;


     

       
42

       
42

       
 

       
        };


     

       
43

       
43

       
 

       
        bootstrap_peers = [


     

       
44

       

       
-

       
          "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[2a04:52c0:135:48d1::2]:3901" # buer


     

       
45

       

       
-

       
          "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[2601:5c2:8400:26c0:4ecc:6aff:fef7:98ca]:3901" #valefar


     

       

       
44

       
+

       
          "d548d0c9ae9aec9e26fe0bd2ca3efe75f654fa350bad5cb02bc9aebc9850ba8f@[buer]:3901"


     

       

       
45

       
+

       
          "5504cb25910dcef4a4312006691d651c099cde7c3a88df9ca79aa350571e6e65@[valefar]:3901"


     

       
46

       
46

       
 

       
        ];


     

       
47

       
47

       
 

       
      };


     

       
48

       
48

       
 

       
    };
secrets/build-token.age

This is a binary file and will not be displayed.

+10 -10
secrets/garage-admin-token.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       

       
-

       
-> ssh-ed25519 i9wBeA 8PLBgO1NF5MRPY/2WsmqQ31meGxLEq1CTOqo5ngwTFo


     

       
3

       

       
-

       
ymt1bCGSEN1jCb5zBc7gvaShzLKwT6Y5/J1/zO8PKWs


     

       
4

       

       
-

       
-> ssh-ed25519 UbxDgg JPYD8E0EDn2eBL0IltQtrgfTfFM4fqtRCjIqmrBb8is


     

       
5

       

       
-

       
QWzV5535zfi4wde4qY1TtWKwXEoSbkCRwpLt5R6k84I


     

       
6

       

       
-

       
-> ssh-ed25519 YYzA7Q YEIN85tSaLGmjECEGPVWrVtX3gXGXqy7NZEtnW86fkk


     

       
7

       

       
-

       
wPWnLtotf0JjJ+wPbz19DVYb8iXqXV9F61v54CAqoA4


     

       
8

       

       
-

       
-> ssh-ed25519 3RWqPQ P13HdiuAj6ZOqfw41dlZdim/Qz7Pu9sQkeRbAOfKo3M


     

       
9

       

       
-

       
9eI3OCu9corRl7Wnpa7o2d3JxtBR3ttJG021o8fDUL4


     

       
10

       

       
-

       
--- keY3p62HlGCBh2Wu9a9ZO6jcmLuk7bX1cJrRg+0BAQU


     

       
11

       

       
-

       
UO��ݵ�PRU]�����fp�s��U���W�9q�L��o�yv%�M0�K��S�I�[���;(�W("�3)���

     

       

       
2

       
+

       
-> ssh-ed25519 i9wBeA fg1LWmMYua0wvyimvg0ACEuZW/xQMG8BmdLm88TdZTU


     

       

       
3

       
+

       
ArN7CSKr0DDQ5y1W5RSfWfgdYJ6lmVpNcqdWoWLF3lk


     

       

       
4

       
+

       
-> ssh-ed25519 du7llw CcU5ZZufG24Vhkap2aHpgnx49bbF/VFE4b1TPAtE2CA


     

       

       
5

       
+

       
oP4hZZ1vl1GBzVHH1MbHGHen9lNNzn3IKeurT+LuB58


     

       

       
6

       
+

       
-> ssh-ed25519 YYzA7Q IKh3q1rcRds4lVvHuF/wsmTXgUcY/MmAUBS6QeGMPFI


     

       

       
7

       
+

       
eTdHuOwaBq/ikNyb/D1YJMWJ0JyAMmC2aJTcw2/f5Co


     

       

       
8

       
+

       
-> ssh-ed25519 3RWqPQ 16o8nTSNZyZZpedt5wwzFqU+p0GptbXK4n5s+PIsrwA


     

       

       
9

       
+

       
jZqX8fYZcvLO9wgKj0jz/Jxl+KawQq0x303HiqGVeew


     

       

       
10

       
+

       
--- qCeaSJ7KVru9VSYN04w845ZdqO0ELrPJ3JpgElzfMfk


     

       

       
11

       
+

       
�����Q�'�t[��;�F���IȆ#�`#;Oi��r�� Ka���&'m�5n>�1�:
��i����q&,k
secrets/garage-metrics-token.age

This is a binary file and will not be displayed.

+10 -11
secrets/garage-rpc-secret.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       

       
-

       
-> ssh-ed25519 i9wBeA zKsnT6qzLx1lwXUOqSvz288GQvRuTSC4h1r1/peo4kI


     

       
3

       

       
-

       
i/t/qhyZRcW3werLZMF6IY8YP5t/BcvyfsffDhz+toE


     

       
4

       

       
-

       
-> ssh-ed25519 UbxDgg VZuoyPwHuaysdcvJlx6ILndEjQ0hKQN4kaJGzwutzEU


     

       
5

       

       
-

       
zhGpGQYN6WiyJ9IXH/Kldfm1iTVcZYPvaUdxTyPfFbA


     

       
6

       

       
-

       
-> ssh-ed25519 YYzA7Q Qlj5Oas+FqgbCBJjjBjcD/rlndFmU3XaB7IPzeS47DM


     

       
7

       

       
-

       
rLs09r8RRq/SJd9oLJsDGibAZsKXo1SJ/qvi4Z4Vhhg


     

       
8

       

       
-

       
-> ssh-ed25519 3RWqPQ NfcoP0kzkhHXvjbtmsWhrTu6jJ4Cby2C35JqE17qxzk


     

       
9

       

       
-

       
wbWmgoZrN2hbblKEbEJ07IMI+ZZeVsOJLcEALYQ6tOo


     

       
10

       

       
-

       
--- nZymvWQjoVNZRlBMvYxiQt/IvT8LuNZFR4hQF6pJR04


     

       
11

       

       
-

       
]��~4F�Oު����`�ds��O


     

       
12

       

       
-

       
�>h���5����?����3�!�=s#�f	R5�scx��݈J�]�����;f$X�nG�������g���

     

       

       
2

       
+

       
-> ssh-ed25519 i9wBeA 8jCNk6EVR5xRMZm8xcDU6+HbM6bPbOuJD0hkfD0z8V0


     

       

       
3

       
+

       
35OKqytIzelEGkCCZ6wZ/JntcKhkYnrXqC1tjcWem/Q


     

       

       
4

       
+

       
-> ssh-ed25519 du7llw +CSkWwDcxadmXUazTQ3ilexC9D/tDLGqq/JLmuXisSQ


     

       

       
5

       
+

       
o7LiFJDX39Jf9rVNNB3tWr59enehKGT8YE4IrH75754


     

       

       
6

       
+

       
-> ssh-ed25519 YYzA7Q gVw+pxR9ZjhIztMwv+qmVf9r24AaMc3PZoIwS8+aI3I


     

       

       
7

       
+

       
qQhalCXRuNsSeMgRaiPN5ho8eLza2TInJTNkHKecVGM


     

       

       
8

       
+

       
-> ssh-ed25519 3RWqPQ iCzv+xB1+FWrdeQJC9BUrPSjFifkNobbnAvnR1qQWBg


     

       

       
9

       
+

       
xGayQTVaxOJdA+dJPZmm8MOnvOScfrDbqcanq/FidTk


     

       

       
10

       
+

       
--- JmDhgmtt40ySOQuJOTsJf7CqE9duhGodJNxMV3SJmic


     

       

       
11

       
+

       
�W�E����e�R�`cY��\^Ϡ
�W��I��`~8�х(=nH�k0�����m~P��,�S���kb}&@�QR_�P36S)����W��C�3�
secrets/headscale-authkey.age

This is a binary file and will not be displayed.

+10 -10
secrets/headscale-oidc-key.path 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       

       
-

       
-> ssh-ed25519 i9wBeA DynOTJFDKsSyHKTG9XFAAcZf/T//KKyK8UG4aGgVH2c


     

       
3

       

       
-

       
o+ggJe/HZmPU+Ezw4u4m+l9bQ1furG7G4Oo7xS8PMAs


     

       
4

       

       
-

       
-> ssh-ed25519 UbxDgg b1XiosrWXL9WI1B7YnNSw16l1p4oa3zjDCCgkU/FxiU


     

       
5

       

       
-

       
MY8oubHMth/wDKn9kNOUkaY9ODvrKIn7DeZTuGxj4/g


     

       
6

       

       
-

       
-> ssh-ed25519 YYzA7Q 6ql+gutJfteQM75WL6ywEDA1+fIcYSpLPaTSKhqE1ic


     

       
7

       

       
-

       
tbwXx/feysvpOrxwpDi5B5PveSIbFH0qSsV6/xmo4hk


     

       
8

       

       
-

       
-> ssh-ed25519 3RWqPQ hNVnobsB1OB9woXtn1T1tXJL+1Dbasc9N2tjZdXa0Bw


     

       
9

       

       
-

       
9HlWIX7aroc8kTUW3rPlxvMSTSGJXbMcOEipdoQqnbw


     

       
10

       

       
-

       
--- h8toQGhp/wUgMkJ+RU0bV7E6pHRUM8mKLPcrDmbZ5NQ


     

       
11

       

       
-

       
!Ŵ�j֖n$�Z���$s9f���ωk�.ro�`�CU>˻�R�F;H;�}J�(�0���	U�YP

     

       

       
2

       
+

       
-> ssh-ed25519 i9wBeA Gtd2ftibBF2166KCpJiJt1W9kbwrTybKx4O561e7oQw


     

       

       
3

       
+

       
3ci7PJxYqoglIml6YiyJrffteIZN0aUWDN5z4sogcfs


     

       

       
4

       
+

       
-> ssh-ed25519 du7llw zxlkrcUyO4q4CsRAYMr8vp7LzdK2E/O9fQrCi6TxYXs


     

       

       
5

       
+

       
q3xdu3He3SXg29mKS8Fv3YWt2CkENucPtPYtXmw+dx4


     

       

       
6

       
+

       
-> ssh-ed25519 YYzA7Q VQFwGeDchwrEiI3mPsNK1yGQKupTnh5jLxLhVlPbbzU


     

       

       
7

       
+

       
tsPNihdGL/2VumVXuOKRnfPw7LBlr5xKOODAKY5ROyc


     

       

       
8

       
+

       
-> ssh-ed25519 3RWqPQ YrxOoecRxIrNHq93LvFMgk2h83a0Z3UtsYeXKeQd1xo


     

       

       
9

       
+

       
lUM0BU8KTBjR13TGQj88n5BA4b9JAjZALfu9fTSmpu8


     

       

       
10

       
+

       
--- 8WCStyJ9IerfsQD3pL4ag8tnmt7hBXZxR+aCfv4BjS0


     

       

       
11

       
+

       
7�E�rY�)�GI���G�*K�b����b+��>�m�{����K�!��m�����J:���{��2/��
+2 -1
secrets/secrets.nix 
···

       
2

       
2

       
 

       
  regent = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0pU82lV9dSjkgYbdh9utZ5CDM2dPN70S5fBqN1m3Pb regent@orobas.local";


     

       
3

       
3

       
 

       
  users = [ regent ];


     

       
4

       
4

       
 

       



     

       
5

       

       
-

       
  valefar = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlXq2lSfiWwRwIxsxhffW5FDGmjt0QKYN+BaikmRR71";


     

       

       
5

       
+

       
  valefar = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPu8CVFsnUxhvABEqv4+EBBOL8tva5HJFoV3hElAlD0";


     

       
6

       
6

       
 

       
  buer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMVhjwDcO8eleSoR8a37ZGGPvkHEgV+c8SYcy07SayPB";


     

       
7

       
7

       
 

       
  focalor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA518oTmTp5VG60/dBrLu7rlV1hh8muhMattoiGfmrei";


     

       

       
8

       
+

       
  baal = "AAAAC3NzaC1lZDI1NTE5AAAAILdjRWunQNFeTTdnw4GaqL9G34oo4QuvrRE/jvxLdK1C";


     

       
8

       
9

       
 

       
  systems = [ valefar buer focalor];


     

       
9

       
10

       
 

       
in


     

       
10

       
11

       
 

       
{