commit 53feadf2897699a2dc1a05902f60a9965e2ebbd8 · pyrox.dev/nix

+2 -1

hosts/modules/services/buildbot-worker.nix

···

       1
       -
       {config, ...}: {

     

       0
        
       
     

       2
        
         services.buildbot-nix.worker = {

     

       3
        
           enable = true;

     

       4
        
           name = config.networking.hostName;

···

       1
       +
       { config, ... }:

     

       2
       +
       {

     

       3
        
         services.buildbot-nix.worker = {

     

       4
        
           enable = true;

     

       5
        
           name = config.networking.hostName;

+5 -2

modules/home/profiles/base/default.nix

···

       1
       -
       {...}: {

     

       0
        
       
     

       2
        
         imports = [

     

       3
        
           ../programs/gpg.nix

     

       4
        
           ../xdg.nix

     

       5
        
         ];

     

       6
        
         programs.home-manager.enable = true;

     

       7
        
         home.stateVersion = "24.05";

     

       8
       -
         home.language = {base = "en_US.utf8";};

     

       0
        
       
     

       0
        
       
     

       9
        
         manual = {

     

       10
        
           manpages.enable = false;

     

       11
        
           html.enable = false;

···

       1
       +
       { ... }:

     

       2
       +
       {

     

       3
        
         imports = [

     

       4
        
           ../programs/gpg.nix

     

       5
        
           ../xdg.nix

     

       6
        
         ];

     

       7
        
         programs.home-manager.enable = true;

     

       8
        
         home.stateVersion = "24.05";

     

       9
       +
         home.language = {

     

       10
       +
           base = "en_US.utf8";

     

       11
       +
         };

     

       12
        
         manual = {

     

       13
        
           manpages.enable = false;

     

       14
        
           html.enable = false;

+2 -1

modules/home/profiles/cli/default.nix

···

       1
       -
       {pkgs, ...}: {

     

       0
        
       
     

       2
        
         imports = [

     

       3
        
           ../programs/bat.nix

     

       4
        
           ../programs/direnv.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
        
         imports = [

     

       4
        
           ../programs/bat.nix

     

       5
        
           ../programs/direnv.nix

+2 -3

modules/home/profiles/desktop/default.nix

···

       1
       -
       { pkgs

     

       2
       -
       , ...

     

       3
       -
       }: {

     

       4
        
         imports = [

     

       5
        
           ./base.nix

     

       6
        
           ./cli.nix

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       0
        
       
     

       3
        
         imports = [

     

       4
        
           ./base.nix

     

       5
        
           ./cli.nix

+4 -5

modules/home/profiles/development/default.nix

···

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       1
        
       {

     

       2
       -
         pkgs,

     

       3
       -
         ...

     

       4
       -
       }: let

     

       5
       -
         customPython = pkgs.python311.withPackages (ps: [ps.pip]);

     

       6
       -
       in {

     

       7
        
         home.packages = with pkgs; [

     

       8
        
           alejandra

     

       9
        
           any-nix-shell

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       let

     

       3
       +
         customPython = pkgs.python311.withPackages (ps: [ ps.pip ]);

     

       4
       +
       in

     

       5
        
       {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       6
        
         home.packages = with pkgs; [

     

       7
        
           alejandra

     

       8
        
           any-nix-shell

+3 -2

modules/home/profiles/gui/default.nix

···

       3
        
         # games ? true,

     

       4
        
         # social ? true,

     

       5
        
         ...

     

       6
       -
       }: {

     

       0
        
       
     

       7
        
         imports = [

     

       8
        
           ../wayland/sway.nix

     

       9
        
       

     
···

       50
        
           # ] ++ lib.optionals social [

     

       51
        
           gajim

     

       52
        
           tauon

     

       53
       -
           (vesktop.override {withSystemVencord=false;})

     

       54
        
           # pidginWithPlugins

     

       55
        
           # ] ++ lib.optionals drawing [

     

       56
        
           krita

···

       3
        
         # games ? true,

     

       4
        
         # social ? true,

     

       5
        
         ...

     

       6
       +
       }:

     

       7
       +
       {

     

       8
        
         imports = [

     

       9
        
           ../wayland/sway.nix

     

       10
        
       

     
···

       51
        
           # ] ++ lib.optionals social [

     

       52
        
           gajim

     

       53
        
           tauon

     

       54
       +
           (vesktop.override { withSystemVencord = false; })

     

       55
        
           # pidginWithPlugins

     

       56
        
           # ] ++ lib.optionals drawing [

     

       57
        
           krita

+6 -2

modules/home/profiles/server/default.nix

···

       0
        
       
     

       1
        
       {

     

       2
       -
         ...

     

       3
       -
       }: {imports = [./base.nix ./cli.nix];}

     

       0
        
       
     

       0
        
       
     

       0

···

       1
       +
       { ... }:

     

       2
        
       {

     

       3
       +
         imports = [

     

       4
       +
           ./base.nix

     

       5
       +
           ./cli.nix

     

       6
       +
         ];

     

       7
       +
       }

+8 -6

modules/home/wayland/default.nix

···

       1
       -
       {imports = [

     

       2
       -
         ./sway.nix

     

       3
       -
         ./keybindings.nix

     

       4
       -
         ./waybar.nix

     

       5
       -
         ./swaylock.nix

     

       6
       -
       ];}

     

       0
        
       
     

       0

···

       1
       +
       {

     

       2
       +
         imports = [

     

       3
       +
           ./sway.nix

     

       4
       +
           ./keybindings.nix

     

       5
       +
           ./waybar.nix

     

       6
       +
           ./swaylock.nix

     

       7
       +
         ];

     

       8
       +
       }

+4 -5

modules/home/wayland/keybindings.nix

···

       1
       -
       {

     

       2
       -
         config,

     

       3
       -
         ...

     

       4
       -
       }: let

     

       5
        
         inherit (config.wayland.windowManager.sway.config) menu;

     

       6
        
         mod = config.wayland.windowManager.sway.config.modifier;

     

       7
        
         term = config.wayland.windowManager.sway.config.terminal;

     
···

       9
        
         slurp-screen = "\"$(slurp -c -b '#1e1e2e80' -o -r)\" -";

     

       10
        
         slurp-box = "\"$(slurp -c '#f38ba8ff' -b '#1e1e2e80' -w 1 -d -F 'IBM Plex Mono')\" -";

     

       11
        
         satty = "satty -f -";

     

       12
       -
       in {

     

       0
        
       
     

       13
        
         wayland.windowManager.sway.config.keybindings = lib.mkOptionDefault {

     

       14
        
           "${mod}+d" = "${menu}";

     

       15
        
           "${mod}+Shift+F" = "exec MOZ_DISABLE_RDD_SANDBOX=1 firefox";

···

       1
       +
       { config, ... }:

     

       2
       +
       let

     

       0
        
       
     

       0
        
       
     

       3
        
         inherit (config.wayland.windowManager.sway.config) menu;

     

       4
        
         mod = config.wayland.windowManager.sway.config.modifier;

     

       5
        
         term = config.wayland.windowManager.sway.config.terminal;

     
···

       7
        
         slurp-screen = "\"$(slurp -c -b '#1e1e2e80' -o -r)\" -";

     

       8
        
         slurp-box = "\"$(slurp -c '#f38ba8ff' -b '#1e1e2e80' -w 1 -d -F 'IBM Plex Mono')\" -";

     

       9
        
         satty = "satty -f -";

     

       10
       +
       in

     

       11
       +
       {

     

       12
        
         wayland.windowManager.sway.config.keybindings = lib.mkOptionDefault {

     

       13
        
           "${mod}+d" = "${menu}";

     

       14
        
           "${mod}+Shift+F" = "exec MOZ_DISABLE_RDD_SANDBOX=1 firefox";

+29 -18

modules/home/wayland/sway.nix

···

       1
       -
       {

     

       2
       -
         pkgs,

     

       3
       -
         config,

     

       4
       -
         ...

     

       5
       -
       }: let

     

       6
        
         term = config.wayland.windowManager.sway.config.terminal;

     

       7
        
         homeDir = config.home.homeDirectory;

     

       8
       -
       in {

     

       9
       -
         imports = [./keybindings.nix ./swaylock.nix ./waybar.nix];

     

       10
        
         wayland.windowManager.sway = {

     

       11
        
           enable = true;

     

       12
        
           package = null;

     
···

       27
        
             terminal = "${pkgs.kitty}/bin/kitty";

     

       28
        
             menu = "exec ${term} --detach --class=launcher -o initial_window_height=500 -o initial_window_width=500 -o font_size=16 ${pkgs.sway-launcher-desktop}/bin/sway-launcher-desktop";

     

       29
        
             modifier = "Mod4";

     

       30
       -
             bars = [{command = "true";}];

     

       31
        
             focus = {

     

       32
        
               followMouse = true;

     

       33
        
               mouseWarping = true;

     

       34
        
               newWindow = "smart";

     

       35
        
             };

     

       36
        
             fonts = {

     

       37
       -
               names = ["IBM Plex Sans"];

     

       38
        
               style = "Regular";

     

       39
        
               size = 12.0;

     

       40
        
             };

     
···

       45
        
               smartGaps = false;

     

       46
        
             };

     

       47
        
             input = {

     

       48
       -
               "type:keyboard" = {xkb_options = "caps:escape";};

     

       49
       -
               "type:mouse" = {accel_profile = "flat";};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       50
        
               "type:touchpad" = {

     

       51
        
                 accel_profile = "adaptive";

     

       52
        
                 scroll_factor = "1.5";

     
···

       68
        
               };

     

       69
        
             };

     

       70
        
             output = {

     

       71
       -
               eDP-1 = {scale = "1.2";};

     

       72
       -
               "*" = {bg = "${homeDir}/bgs/xenia-hangout-mocha.png fill";};

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       73
        
             };

     

       74
        
             startup = [

     

       75
       -
               {command = "${pkgs.dex}/bin/dex -a";}

     

       76
       -
               {command = "${homeDir}/scripts/unfuck-xdg-portals.fish";}

     

       77
        
             ];

     

       78
        
             window = {

     

       79
        
               commands = [

     

       80
        
                 {

     

       81
        
                   command = "inhibit_idle fullscreen";

     

       82
       -
                   criteria = {class = "Chromium|zoom|Firefox";};

     

       0
        
       
     

       0
        
       
     

       83
        
                 }

     

       84
        
                 {

     

       85
        
                   command = "floating enable, sticky enable, resize set 30 ppt 50 ppt, border pixel 4";

     

       86
       -
                   criteria = {app_id = "^launcher$";};

     

       0
        
       
     

       0
        
       
     

       87
        
                 }

     

       88
        
                 {

     

       89
        
                   command = "resize set 20 ppt";

     

       90
       -
                   criteria = {title = "Mumble PTT";};

     

       0
        
       
     

       0
        
       
     

       91
        
                 }

     

       92
        
               ];

     

       93
        
             };

···

       1
       +
       { pkgs, config, ... }:

     

       2
       +
       let

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         term = config.wayland.windowManager.sway.config.terminal;

     

       4
        
         homeDir = config.home.homeDirectory;

     

       5
       +
       in

     

       6
       +
       {

     

       7
        
         wayland.windowManager.sway = {

     

       8
        
           enable = true;

     

       9
        
           package = null;

     
···

       24
        
             terminal = "${pkgs.kitty}/bin/kitty";

     

       25
        
             menu = "exec ${term} --detach --class=launcher -o initial_window_height=500 -o initial_window_width=500 -o font_size=16 ${pkgs.sway-launcher-desktop}/bin/sway-launcher-desktop";

     

       26
        
             modifier = "Mod4";

     

       27
       +
             bars = [ { command = "true"; } ];

     

       28
        
             focus = {

     

       29
        
               followMouse = true;

     

       30
        
               mouseWarping = true;

     

       31
        
               newWindow = "smart";

     

       32
        
             };

     

       33
        
             fonts = {

     

       34
       +
               names = [ "IBM Plex Sans" ];

     

       35
        
               style = "Regular";

     

       36
        
               size = 12.0;

     

       37
        
             };

     
···

       42
        
               smartGaps = false;

     

       43
        
             };

     

       44
        
             input = {

     

       45
       +
               "type:keyboard" = {

     

       46
       +
                 xkb_options = "caps:escape";

     

       47
       +
               };

     

       48
       +
               "type:mouse" = {

     

       49
       +
                 accel_profile = "flat";

     

       50
       +
               };

     

       51
        
               "type:touchpad" = {

     

       52
        
                 accel_profile = "adaptive";

     

       53
        
                 scroll_factor = "1.5";

     
···

       69
        
               };

     

       70
        
             };

     

       71
        
             output = {

     

       72
       +
               eDP-1 = {

     

       73
       +
                 scale = "1.2";

     

       74
       +
               };

     

       75
       +
               "*" = {

     

       76
       +
                 bg = "${homeDir}/bgs/xenia-hangout-mocha.png fill";

     

       77
       +
               };

     

       78
        
             };

     

       79
        
             startup = [

     

       80
       +
               { command = "${pkgs.dex}/bin/dex -a"; }

     

       81
       +
               { command = "${homeDir}/scripts/unfuck-xdg-portals.fish"; }

     

       82
        
             ];

     

       83
        
             window = {

     

       84
        
               commands = [

     

       85
        
                 {

     

       86
        
                   command = "inhibit_idle fullscreen";

     

       87
       +
                   criteria = {

     

       88
       +
                     class = "Chromium|zoom|Firefox";

     

       89
       +
                   };

     

       90
        
                 }

     

       91
        
                 {

     

       92
        
                   command = "floating enable, sticky enable, resize set 30 ppt 50 ppt, border pixel 4";

     

       93
       +
                   criteria = {

     

       94
       +
                     app_id = "^launcher$";

     

       95
       +
                   };

     

       96
        
                 }

     

       97
        
                 {

     

       98
        
                   command = "resize set 20 ppt";

     

       99
       +
                   criteria = {

     

       100
       +
                     title = "Mumble PTT";

     

       101
       +
                   };

     

       102
        
                 }

     

       103
        
               ];

     

       104
        
             };

+44 -15

modules/home/wayland/waybar.nix

···

       0
        
       
     

       1
        
       {

     

       2
       -
         pkgs,

     

       3
       -
         lib,

     

       4
       -
         ...

     

       5
       -
       }: {

     

       6
        
         programs.waybar = {

     

       7
        
           enable = true;

     

       8
        
           catppuccin.enable = false;

     
···

       14
        
               layer = "top";

     

       15
        
               position = "top";

     

       16
        
               height = 32;

     

       17
       -
               modules-left = ["sway/workspaces" "sway/mode"];

     

       18
       -
               modules-center = ["custom/media"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       19
        
               modules-right = [

     

       20
        
                 "idle_inhibitor"

     

       21
        
                 "wireplumber"

     
···

       55
        
                 interval = 5;

     

       56
        
                 tooltip = false;

     

       57
        
               };

     

       58
       -
               "memory" = {format = "{}% ";};

     

       0
        
       
     

       0
        
       
     

       59
        
               "temperature" = {

     

       60
        
                 critical-threshold = 80;

     

       61
        
                 format = "{temperatureC}°C {icon}";

     

       62
       -
                 format-icons = ["" "" "" "" ""];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       63
        
               };

     

       64
        
               "backlight" = {

     

       65
        
                 format = "{percent}% {icon}";

     

       66
       -
                 format-icons = ["󰃚" "󰃛" "󰃜" "󰃝" "󰃞" "󰃟" "󰃠"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       67
        
               };

     

       68
        
               "battery" = {

     

       69
        
                 states = {

     
···

       75
        
                 format-charging = "{capacity}% 󰂄";

     

       76
        
                 format-plugged = "{capacity}% ";

     

       77
        
                 format-alt = "{time} {icon}";

     

       78
       -
                 format-icons = ["󰂎" "󰁺" "󰁻" "󰁼" "󰁽" "󰁾" "󰁿" "󰂀" "󰂁" "󰂂" "󰁹"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       79
        
               };

     

       80
        
               "network" = {

     

       81
        
                 format-wifi = "{essid} <big></big>";

     
···

       88
        
               "wireplumber" = {

     

       89
        
                 format = "{volume}% {icon}";

     

       90
        
                 format-muted = "󰝟";

     

       91
       -
                 format-icons = ["" "" ""];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       92
        
                 on-click = lib.getExe pkgs.helvum;

     

       93
        
               };

     

       94
        
               "custom/media" = {

     
···

       99
        
                   Playing = " ";

     

       100
        
                 };

     

       101
        
                 max-length = 70;

     

       102
       -
                 exec = ''

     

       103
       -
                   ${

     

       104
       -
                     lib.getExe pkgs.playerctl

     

       105
       -
                   } -a metadata --format '{"text": "{{playerName}}: {{artist}} - {{markup_escape(title)}}", "tooltip": "{{playerName}} : {{markup_escape(title)}}", "alt": "{{status}}", "class": "{{status}}"}' -F'';

     

       106
        
                 on-click = "${lib.getExe pkgs.playerctl} play-pause";

     

       107
        
               };

     

       108
        
             };

···

       1
       +
       { pkgs, lib, ... }:

     

       2
        
       {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         programs.waybar = {

     

       4
        
           enable = true;

     

       5
        
           catppuccin.enable = false;

     
···

       11
        
               layer = "top";

     

       12
        
               position = "top";

     

       13
        
               height = 32;

     

       14
       +
               modules-left = [

     

       15
       +
                 "sway/workspaces"

     

       16
       +
                 "sway/mode"

     

       17
       +
               ];

     

       18
       +
               modules-center = [ "custom/media" ];

     

       19
        
               modules-right = [

     

       20
        
                 "idle_inhibitor"

     

       21
        
                 "wireplumber"

     
···

       55
        
                 interval = 5;

     

       56
        
                 tooltip = false;

     

       57
        
               };

     

       58
       +
               "memory" = {

     

       59
       +
                 format = "{}% ";

     

       60
       +
               };

     

       61
        
               "temperature" = {

     

       62
        
                 critical-threshold = 80;

     

       63
        
                 format = "{temperatureC}°C {icon}";

     

       64
       +
                 format-icons = [

     

       65
       +
                   ""

     

       66
       +
                   ""

     

       67
       +
                   ""

     

       68
       +
                   ""

     

       69
       +
                   ""

     

       70
       +
                 ];

     

       71
        
               };

     

       72
        
               "backlight" = {

     

       73
        
                 format = "{percent}% {icon}";

     

       74
       +
                 format-icons = [

     

       75
       +
                   "󰃚"

     

       76
       +
                   "󰃛"

     

       77
       +
                   "󰃜"

     

       78
       +
                   "󰃝"

     

       79
       +
                   "󰃞"

     

       80
       +
                   "󰃟"

     

       81
       +
                   "󰃠"

     

       82
       +
                 ];

     

       83
        
               };

     

       84
        
               "battery" = {

     

       85
        
                 states = {

     
···

       91
        
                 format-charging = "{capacity}% 󰂄";

     

       92
        
                 format-plugged = "{capacity}% ";

     

       93
        
                 format-alt = "{time} {icon}";

     

       94
       +
                 format-icons = [

     

       95
       +
                   "󰂎"

     

       96
       +
                   "󰁺"

     

       97
       +
                   "󰁻"

     

       98
       +
                   "󰁼"

     

       99
       +
                   "󰁽"

     

       100
       +
                   "󰁾"

     

       101
       +
                   "󰁿"

     

       102
       +
                   "󰂀"

     

       103
       +
                   "󰂁"

     

       104
       +
                   "󰂂"

     

       105
       +
                   "󰁹"

     

       106
       +
                 ];

     

       107
        
               };

     

       108
        
               "network" = {

     

       109
        
                 format-wifi = "{essid} <big></big>";

     
···

       116
        
               "wireplumber" = {

     

       117
        
                 format = "{volume}% {icon}";

     

       118
        
                 format-muted = "󰝟";

     

       119
       +
                 format-icons = [

     

       120
       +
                   ""

     

       121
       +
                   ""

     

       122
       +
                   ""

     

       123
       +
                 ];

     

       124
        
                 on-click = lib.getExe pkgs.helvum;

     

       125
        
               };

     

       126
        
               "custom/media" = {

     
···

       131
        
                   Playing = " ";

     

       132
        
                 };

     

       133
        
                 max-length = 70;

     

       134
       +
                 exec = ''${lib.getExe pkgs.playerctl} -a metadata --format '{"text": "{{playerName}}: {{artist}} - {{markup_escape(title)}}", "tooltip": "{{playerName}} : {{markup_escape(title)}}", "alt": "{{status}}", "class": "{{status}}"}' -F'';

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       135
        
                 on-click = "${lib.getExe pkgs.playerctl} play-pause";

     

       136
        
               };

     

       137
        
             };

+2 -3

modules/nixos/defaultConfig/bootloader.nix

···

       24
        
             "sctp"

     

       25
        
             "tipc"

     

       26
        
             "x25"

     

       27
       -
           # Old or rare or insufficiently audited filesystems

     

       28
       -
           # or ones I just don't want loaded

     

       29
        
             "adfs"

     

       30
        
             "affs"

     

       31
        
             "befs"

     
···

       68
        
             "page_alloc.shuffle=1"

     

       69
        
             # Disable debugfs - not needed

     

       70
        
             "debugfs=off"

     

       71
       -
       

     

       72
        
           ];

     

       73
        
         };

     

       74
        
       }

···

       24
        
             "sctp"

     

       25
        
             "tipc"

     

       26
        
             "x25"

     

       27
       +
             # Old or rare or insufficiently audited filesystems

     

       28
       +
             # or ones I just don't want loaded

     

       29
        
             "adfs"

     

       30
        
             "affs"

     

       31
        
             "befs"

     
···

       68
        
             "page_alloc.shuffle=1"

     

       69
        
             # Disable debugfs - not needed

     

       70
        
             "debugfs=off"

     

       0
        
       
     

       71
        
           ];

     

       72
        
         };

     

       73
        
       }

+9 -5

modules/nixos/defaultConfig/networking.nix

···

       1
       -
       {pkgs, lib, ...}: {

     

       0
        
       
     

       2
        
         networking = {

     

       3
       -
           networkmanager.plugins = lib.mkForce [

     

       4
       -
             pkgs.networkmanager-openvpn

     

       5
       -
           ];

     

       6
        
           nameservers = [

     

       7
        
             "9.9.9.9"

     

       8
        
             "fd42:d42:d42:53::1"

     
···

       10
        
             "172.23.0.53"

     

       11
        
             "172.20.0.53"

     

       12
        
           ];

     

       13
       -
           timeServers = ["0.pool.ntp.org" "1.pool.ntp.org" "2.pool.ntp.org" "3.pool.ntp.org"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       14
        
           resolvconf.extraConfig = ''

     

       15
        
             name_servers="9.9.9.9 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53"

     

       16
        
           '';

···

       1
       +
       { pkgs, lib, ... }:

     

       2
       +
       {

     

       3
        
         networking = {

     

       4
       +
           networkmanager.plugins = lib.mkForce [ pkgs.networkmanager-openvpn ];

     

       0
        
       
     

       0
        
       
     

       5
        
           nameservers = [

     

       6
        
             "9.9.9.9"

     

       7
        
             "fd42:d42:d42:53::1"

     
···

       9
        
             "172.23.0.53"

     

       10
        
             "172.20.0.53"

     

       11
        
           ];

     

       12
       +
           timeServers = [

     

       13
       +
             "0.pool.ntp.org"

     

       14
       +
             "1.pool.ntp.org"

     

       15
       +
             "2.pool.ntp.org"

     

       16
       +
             "3.pool.ntp.org"

     

       17
       +
           ];

     

       18
        
           resolvconf.extraConfig = ''

     

       19
        
             name_servers="9.9.9.9 fd42:d42:d42:53::1 fd42:d42:d42:54::1 172.23.0.53 172.20.0.53"

     

       20
        
           '';

+5 -1

modules/nixos/defaultConfig/nixConfig.nix

···

       10
        
           settings = {

     

       11
        
             cores = 0;

     

       12
        
             auto-optimise-store = true;

     

       13
       -
             trusted-users = ["root" "thehedgehog" "pyrox"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       14
        
             trusted-substituters = [

     

       15
        
               "https://cache.nixos.org"

     

       16
        
               "https://colmena.cachix.org"

···

       10
        
           settings = {

     

       11
        
             cores = 0;

     

       12
        
             auto-optimise-store = true;

     

       13
       +
             trusted-users = [

     

       14
       +
               "root"

     

       15
       +
               "thehedgehog"

     

       16
       +
               "pyrox"

     

       17
       +
             ];

     

       18
        
             trusted-substituters = [

     

       19
        
               "https://cache.nixos.org"

     

       20
        
               "https://colmena.cachix.org"

+2 -1

modules/nixos/defaultConfig/packages.nix

···

       1
       -
       {pkgs, ...}: {

     

       0
        
       
     

       2
        
         environment.systemPackages = with pkgs; [

     

       3
        
           direnv

     

       4
        
           doggo

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
        
         environment.systemPackages = with pkgs; [

     

       4
        
           direnv

     

       5
        
           doggo

+4 -1

modules/nixos/defaultConfig/programs/default.nix

···

       1
        
       {

     

       2
       -
         imports = [./ssh.nix ./nh.nix];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         programs.fish.enable = true;

     

       4
        
       }

···

       1
        
       {

     

       2
       +
         imports = [

     

       3
       +
           ./ssh.nix

     

       4
       +
           ./nh.nix

     

       5
       +
         ];

     

       6
        
         programs.fish.enable = true;

     

       7
        
       }

+2 -1

modules/nixos/defaultConfig/programs/nh.nix

···

       1
       -
       {inputs, ...}: {

     

       0
        
       
     

       2
        
         programs.nh = {

     

       3
        
           enable = true;

     

       4
        
           package = inputs.nh.packages.x86_64-linux.default;

···

       1
       +
       { inputs, ... }:

     

       2
       +
       {

     

       3
        
         programs.nh = {

     

       4
        
           enable = true;

     

       5
        
           package = inputs.nh.packages.x86_64-linux.default;

+13 -3

modules/nixos/defaultConfig/secrets/secrets.nix

···

       4
        
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       5
        
         yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       6
        
         backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       7
       -
         servers = [prefect thought];

     

       8
       -
         personal = [yubi-back yubi-main backup];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       9
        
         all-keys = servers ++ personal;

     

       10
       -
       in {"powerdns-secrets.age".publicKeys = all-keys;}

     

       0
        
       
     

       0
        
       
     

       0

···

       4
        
         yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       5
        
         yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       6
        
         backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       7
       +
         servers = [

     

       8
       +
           prefect

     

       9
       +
           thought

     

       10
       +
         ];

     

       11
       +
         personal = [

     

       12
       +
           yubi-back

     

       13
       +
           yubi-main

     

       14
       +
           backup

     

       15
       +
         ];

     

       16
        
         all-keys = servers ++ personal;

     

       17
       +
       in

     

       18
       +
       {

     

       19
       +
         "powerdns-secrets.age".publicKeys = all-keys;

     

       20
       +
       }

+28 -27

modules/nixos/defaultConfig/security.nix

···

       1
       -
       {pkgs, ...}: {

     

       0
        
       
     

       2
        
         # Everything should use doas instead of sudo

     

       3
        
         # Sudo is kept enabled for tools that ~can't~ won't use doas.

     

       4
        
         security = {

     

       5
       -
         doas = {

     

       6
       -
           enable = true;

     

       7
       -
           wheelNeedsPassword = false;

     

       8
       -
         };

     

       9
       -
         # Needed for nixos-rebuild to work properly

     

       10
       -
         sudo.enable = true;

     

       11
        
       

     

       12
       -
         # TPM configuration

     

       13
       -
         tpm2 = {

     

       14
       -
           enable = true;

     

       15
       -
           abrmd.enable = true;

     

       16
       -
           applyUdevRules = true;

     

       17
       -
           pkcs11.enable = true;

     

       18
       -
         };

     

       19
        
       

     

       20
       -
         # Set up extra certificates for DN42 specifically

     

       21
       -
         pki.certificateFiles = [

     

       22
       -
           (pkgs.fetchurl {

     

       23
       -
             url = "https://dn42.burble.com/burble-dn42-ca.pem";

     

       24
       -
             name = "burble-dn42-ca.pem";

     

       25
       -
             sha256 = "0wcrjkiav018bpl87583g0v60clx3jg3wfyf8d9h8zdkwcb16b2g";

     

       26
       -
           })

     

       27
       -
           (pkgs.fetchurl {

     

       28
       -
             url = "https://aur.archlinux.org/cgit/aur.git/plain/dn42.crt?h=ca-certificates-dn42&id=646f7effb290adf25c7e9fea3b41bf055522ba29";

     

       29
       -
             name = "dn42.crt";

     

       30
       -
             sha256 = "sha256-wsMeC9/tlppSNZGrqfZFLAjv3AMj1KwIAWeh2XBpiYs=";

     

       31
       -
           })

     

       32
       -
         ];

     

       33
        
         };

     

       34
        
       }

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
        
         # Everything should use doas instead of sudo

     

       4
        
         # Sudo is kept enabled for tools that ~can't~ won't use doas.

     

       5
        
         security = {

     

       6
       +
           doas = {

     

       7
       +
             enable = true;

     

       8
       +
             wheelNeedsPassword = false;

     

       9
       +
           };

     

       10
       +
           # Needed for nixos-rebuild to work properly

     

       11
       +
           sudo.enable = true;

     

       12
        
       

     

       13
       +
           # TPM configuration

     

       14
       +
           tpm2 = {

     

       15
       +
             enable = true;

     

       16
       +
             abrmd.enable = true;

     

       17
       +
             applyUdevRules = true;

     

       18
       +
             pkcs11.enable = true;

     

       19
       +
           };

     

       20
        
       

     

       21
       +
           # Set up extra certificates for DN42 specifically

     

       22
       +
           pki.certificateFiles = [

     

       23
       +
             (pkgs.fetchurl {

     

       24
       +
               url = "https://dn42.burble.com/burble-dn42-ca.pem";

     

       25
       +
               name = "burble-dn42-ca.pem";

     

       26
       +
               sha256 = "0wcrjkiav018bpl87583g0v60clx3jg3wfyf8d9h8zdkwcb16b2g";

     

       27
       +
             })

     

       28
       +
             (pkgs.fetchurl {

     

       29
       +
               url = "https://aur.archlinux.org/cgit/aur.git/plain/dn42.crt?h=ca-certificates-dn42&id=646f7effb290adf25c7e9fea3b41bf055522ba29";

     

       30
       +
               name = "dn42.crt";

     

       31
       +
               sha256 = "sha256-wsMeC9/tlppSNZGrqfZFLAjv3AMj1KwIAWeh2XBpiYs=";

     

       32
       +
             })

     

       33
       +
           ];

     

       34
        
         };

     

       35
        
       }

+6 -1

modules/nixos/defaultConfig/services/default.nix

···

       1
       -
       {imports = [./ntp.nix ./tailscale.nix];}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
       +
       {

     

       2
       +
         imports = [

     

       3
       +
           ./ntp.nix

     

       4
       +
           ./tailscale.nix

     

       5
       +
         ];

     

       6
       +
       }

+5 -1

modules/nixos/defaultConfig/services/ntp.nix

···

       1
       -
       {services.ntp = {enable = true;};}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
       +
       {

     

       2
       +
         services.ntp = {

     

       3
       +
           enable = true;

     

       4
       +
         };

     

       5
       +
       }

+5 -1

modules/nixos/defaultConfig/services/tailscale.nix

···

       1
       -
       {services.tailscale = {enable = true;};}

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0

···

       1
       +
       {

     

       2
       +
         services.tailscale = {

     

       3
       +
           enable = true;

     

       4
       +
         };

     

       5
       +
       }

+2 -2

modules/nixos/defaultConfig/ssh.nix

···

       1
        
       {

     

       2
       -
         age.identityPaths = ["/etc/ssh/ssh_host_ed25519_key"];

     

       3
        
         services.openssh = {

     

       4
        
           enable = false;

     

       5
        
           allowSFTP = false;

     
···

       30
        
             ];

     

       31
        
           };

     

       32
        
         };

     

       33
       -
         networking.firewall.allowedTCPPorts = [22];

     

       34
        
       }

···

       1
        
       {

     

       2
       +
         age.identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

     

       3
        
         services.openssh = {

     

       4
        
           enable = false;

     

       5
        
           allowSFTP = false;

     
···

       30
        
             ];

     

       31
        
           };

     

       32
        
         };

     

       33
       +
         networking.firewall.allowedTCPPorts = [ 22 ];

     

       34
        
       }

+7 -5

modules/nixos/defaultConfig/users.nix

···

       0
        
       
     

       1
        
       {

     

       2
       -
         lib,

     

       3
       -
         pkgs,

     

       4
       -
         ...

     

       5
       -
       }: {

     

       6
        
         users.users = {

     

       7
        
           pyrox = {

     

       8
        
             isNormalUser = true;

     

       9
        
             description = lib.mkDefault "Pyrox";

     

       10
       -
             extraGroups = ["networkmanager" "wheel" "input" "wireshark"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       11
        
           };

     

       12
        
         };

     

       13
        
         # Set default editor

···

       1
       +
       { lib, pkgs, ... }:

     

       2
        
       {

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       3
        
         users.users = {

     

       4
        
           pyrox = {

     

       5
        
             isNormalUser = true;

     

       6
        
             description = lib.mkDefault "Pyrox";

     

       7
       +
             extraGroups = [

     

       8
       +
               "networkmanager"

     

       9
       +
               "wheel"

     

       10
       +
               "input"

     

       11
       +
               "wireshark"

     

       12
       +
             ];

     

       13
        
           };

     

       14
        
         };

     

       15
        
         # Set default editor

+12 -5

modules/nixos/dn42Pingfinder/default.nix

···

       4
        
         pkgs,

     

       5
        
         lib,

     

       6
        
         ...

     

       7
       -
       }: {

     

       0
        
       
     

       8
        
         options.services."dn42-pingfinder" = {

     

       9
        
           uuidFile = lib.mkOption {

     

       10
        
             type = lib.types.nullOr lib.types.path;

     
···

       15
        
       

     

       16
        
         config = lib.mkIf (config.services."dn42-pingfinder".uuidFile != null) {

     

       17
        
           systemd.services.dn42-pingfinder = {

     

       18
       -
             path = with pkgs; [curl inetutils which];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       19
        
             script = ''

     

       20
        
               export UUID=$(cat ${config.services."dn42-pingfinder".uuidFile})

     

       21
        
               exec ${pkgs.nur.repos.xddxdd.dn42-pingfinder}/bin/dn42-pingfinder

     
···

       26
        
               RuntimeDirectory = "dn42-pingfinder";

     

       27
        
               WorkingDirectory = "/run/dn42-pingfinder";

     

       28
        
             };

     

       29
       -
             unitConfig = {After = "network.target";};

     

       0
        
       
     

       0
        
       
     

       30
        
           };

     

       31
        
       

     

       32
        
           systemd.timers.dn42-pingfinder = {

     

       33
       -
             wantedBy = ["timers.target"];

     

       34
       -
             partOf = ["dn42-pingfinder.service"];

     

       35
        
             timerConfig = {

     

       36
        
               OnCalendar = "*:0/5";

     

       37
        
               Persistent = true;

···

       4
        
         pkgs,

     

       5
        
         lib,

     

       6
        
         ...

     

       7
       +
       }:

     

       8
       +
       {

     

       9
        
         options.services."dn42-pingfinder" = {

     

       10
        
           uuidFile = lib.mkOption {

     

       11
        
             type = lib.types.nullOr lib.types.path;

     
···

       16
        
       

     

       17
        
         config = lib.mkIf (config.services."dn42-pingfinder".uuidFile != null) {

     

       18
        
           systemd.services.dn42-pingfinder = {

     

       19
       +
             path = with pkgs; [

     

       20
       +
               curl

     

       21
       +
               inetutils

     

       22
       +
               which

     

       23
       +
             ];

     

       24
        
             script = ''

     

       25
        
               export UUID=$(cat ${config.services."dn42-pingfinder".uuidFile})

     

       26
        
               exec ${pkgs.nur.repos.xddxdd.dn42-pingfinder}/bin/dn42-pingfinder

     
···

       31
        
               RuntimeDirectory = "dn42-pingfinder";

     

       32
        
               WorkingDirectory = "/run/dn42-pingfinder";

     

       33
        
             };

     

       34
       +
             unitConfig = {

     

       35
       +
               After = "network.target";

     

       36
       +
             };

     

       37
        
           };

     

       38
        
       

     

       39
        
           systemd.timers.dn42-pingfinder = {

     

       40
       +
             wantedBy = [ "timers.target" ];

     

       41
       +
             partOf = [ "dn42-pingfinder.service" ];

     

       42
        
             timerConfig = {

     

       43
        
               OnCalendar = "*:0/5";

     

       44
        
               Persistent = true;

+42 -35

modules/nixos/forgejoRunner/default.nix

···

       1
       -
       {pkgs, config, lib, ...}: let

     

       2
       -
       runnerBase = {

     

       3
       -
         enable = true;

     

       4
       -
         url = "https://git.pyrox.dev";

     

       5
       -
         labels = [

     

       6
       -
           "default:docker://git.pyrox.dev/pyrox/flake-base:latest"

     

       7
       -
           "nodejs:docker://node:20"

     

       8
       -
           "nodejs-alpine:docker://node:20-alpine"

     

       9
       -
           "nodejs-lts:docker://node:20"

     

       10
       -
           "nodejs-lts:docker://node:20-alpine"

     

       11
       -
           "nodejs-latest:docker://node:21"

     

       12
       -
           "nodejs-latest-alpine:docker://node:21-alpine"

     

       13
       -
           "alpine:docker://alpine:3.19"

     

       14
       -
         ];

     

       15
       -
         settings = {

     

       16
       -
           log.level = "info";

     

       17
       -
           runner = {

     

       18
       -
             insecure = false;

     

       19
       -
             capacity = 4;

     

       20
       -
           };

     

       21
       -
           cache = {

     

       22
       -
             enabled = true;

     

       23
       -
             dir = "/var/lib/forgejo/runners/cache/";

     

       24
       -
             host = "";

     

       25
       -
             port = 0;

     

       26
       -
           };

     

       27
       -
           container = {

     

       28
       -
             # Automatically create a network for containers

     

       29
       -
             network = "";

     

       30
       -
             enable_ipv6 = false;

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       31
        
           };

     

       32
        
         };

     

       33
       -
       };

     

       34
       -
       cfg = config.pyrox.services.forgejo-runner;

     

       35
       -
       in {

     

       36
        
         options.pyrox.services.forgejo-runner = {

     

       37
        
           enable = lib.mkEnableOption "Forgejo Actions Runner configuration";

     

       38
        
           tokenFile = lib.mkOption {

     
···

       46
        
           package = pkgs.forgejo-actions-runner;

     

       47
        
           instances = {

     

       48
        
             "${config.networking.hostName}-default" = runnerBase // {

     

       49
       -
             inherit (cfg) tokenFile;

     

       50
       -
             name = "${config.networking.hostName}";

     

       51
        
             };

     

       52
        
           };

     

       53
        
         };

···

       1
       +
       {

     

       2
       +
         pkgs,

     

       3
       +
         config,

     

       4
       +
         lib,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       let

     

       8
       +
         runnerBase = {

     

       9
       +
           enable = true;

     

       10
       +
           url = "https://git.pyrox.dev";

     

       11
       +
           labels = [

     

       12
       +
             "default:docker://git.pyrox.dev/pyrox/flake-base:latest"

     

       13
       +
             "nodejs:docker://node:20"

     

       14
       +
             "nodejs-alpine:docker://node:20-alpine"

     

       15
       +
             "nodejs-lts:docker://node:20"

     

       16
       +
             "nodejs-lts:docker://node:20-alpine"

     

       17
       +
             "nodejs-latest:docker://node:21"

     

       18
       +
             "nodejs-latest-alpine:docker://node:21-alpine"

     

       19
       +
             "alpine:docker://alpine:3.19"

     

       20
       +
           ];

     

       21
       +
           settings = {

     

       22
       +
             log.level = "info";

     

       23
       +
             runner = {

     

       24
       +
               insecure = false;

     

       25
       +
               capacity = 4;

     

       26
       +
             };

     

       27
       +
             cache = {

     

       28
       +
               enabled = true;

     

       29
       +
               dir = "/var/lib/forgejo/runners/cache/";

     

       30
       +
               host = "";

     

       31
       +
               port = 0;

     

       32
       +
             };

     

       33
       +
             container = {

     

       34
       +
               # Automatically create a network for containers

     

       35
       +
               network = "";

     

       36
       +
               enable_ipv6 = false;

     

       37
       +
             };

     

       38
        
           };

     

       39
        
         };

     

       40
       +
         cfg = config.pyrox.services.forgejo-runner;

     

       41
       +
       in

     

       42
       +
       {

     

       43
        
         options.pyrox.services.forgejo-runner = {

     

       44
        
           enable = lib.mkEnableOption "Forgejo Actions Runner configuration";

     

       45
        
           tokenFile = lib.mkOption {

     
···

       53
        
           package = pkgs.forgejo-actions-runner;

     

       54
        
           instances = {

     

       55
        
             "${config.networking.hostName}-default" = runnerBase // {

     

       56
       +
               inherit (cfg) tokenFile;

     

       57
       +
               name = "${config.networking.hostName}";

     

       58
        
             };

     

       59
        
           };

     

       60
        
         };

+1 -3

overlays/alejandra/default.nix

···

       1
        
       # deadnix: skip

     

       2
       -
       { inputs, ...}: final: prev: {

     

       3
       -
         alejandra = inputs.alejandra.defaultPackage.${prev.system};

     

       4
       -
       }

···

       1
        
       # deadnix: skip

     

       2
       +
       { inputs, ... }: final: prev: { alejandra = inputs.alejandra.defaultPackage.${prev.system}; }

     

       0
        
       
     

       0

+2 -3

overlays/mesa/default.nix

···

       1
        
       # deadnix: skip

     

       2
       -
       { inputs, ...}: final: prev: {

     

       3
       -
         inherit (inputs.nixpkgs-mesa.legacyPackages.${prev.system}) mesa directx-headers;

     

       4
       -
       }

···

       1
        
       # deadnix: skip

     

       2
       +
       { inputs, ... }:

     

       3
       +
       final: prev: { inherit (inputs.nixpkgs-mesa.legacyPackages.${prev.system}) mesa directx-headers; }

     

       0

+1 -1

overlays/nix-index/default.nix

···

       1
        
       # deadnix: skip

     

       2
       -
       {inputs, ...}: final: prev: { inherit (inputs.nix-index.packages.${prev.system}) nix-index; }

···

       1
        
       # deadnix: skip

     

       2
       +
       { inputs, ... }: final: prev: { inherit (inputs.nix-index.packages.${prev.system}) nix-index; }

+5 -2

overlays/sway-unwrapped/default.nix

···

       1
        
       # deadnix: skip

     

       2
       -
       { ... }: final: prev: let

     

       0
        
       
     

       0
        
       
     

       3
        
         inherit (prev.lib.strings) mesonOption mesonEnable;

     

       4
       -
       in {

     

       0
        
       
     

       5
        
         sway-unwrapped = prev.sway-unwrapped.overrideAttrs {

     

       6
        
           mesonFlags = [

     

       7
        
             (mesonOption "sd-bus-provider" "libsystemd")

···

       1
        
       # deadnix: skip

     

       2
       +
       { ... }:

     

       3
       +
       final: prev:

     

       4
       +
       let

     

       5
        
         inherit (prev.lib.strings) mesonOption mesonEnable;

     

       6
       +
       in

     

       7
       +
       {

     

       8
        
         sway-unwrapped = prev.sway-unwrapped.overrideAttrs {

     

       9
        
           mesonFlags = [

     

       10
        
             (mesonOption "sd-bus-provider" "libsystemd")

+12 -5

users/thehedgehog/default.nix

···

       1
       -
       {pkgs, ...}: {

     

       0
        
       
     

       2
        
         users.users.thehedgehog = {

     

       3
        
           description = "The Hedgehog";

     

       4
        
           isNormalUser = true;

     

       5
       -
           extraGroups = ["adbusers" "wheel" "networkmanager" "video" "docker" "wireshark" "input"];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       6
        
           hashedPassword = "$6$6EtuZhVOJdfI9DYP$1Qnd7R8qdN.E5yE2kDQCNg2zgJ5cIjNBKsIW/qJgb8wcKlUpIoVg/fEKvBkAgCiLyojVG2kzfu4J9LR8rA8a2/";

     

       7
        
           shell = pkgs.fish;

     

       8
        
           openssh = {

     
···

       13
        
                 ../../home/programs/ssh/yubikey-back.pub

     

       14
        
                 ../../home/programs/ssh/backup.pub

     

       15
        
               ];

     

       16
       -
               keys = [

     

       17
       -
                 "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe"

     

       18
       -
               ];

     

       19
        
             };

     

       20
        
           };

     

       21
        
         };

···

       1
       +
       { pkgs, ... }:

     

       2
       +
       {

     

       3
        
         users.users.thehedgehog = {

     

       4
        
           description = "The Hedgehog";

     

       5
        
           isNormalUser = true;

     

       6
       +
           extraGroups = [

     

       7
       +
             "adbusers"

     

       8
       +
             "wheel"

     

       9
       +
             "networkmanager"

     

       10
       +
             "video"

     

       11
       +
             "docker"

     

       12
       +
             "wireshark"

     

       13
       +
             "input"

     

       14
       +
           ];

     

       15
        
           hashedPassword = "$6$6EtuZhVOJdfI9DYP$1Qnd7R8qdN.E5yE2kDQCNg2zgJ5cIjNBKsIW/qJgb8wcKlUpIoVg/fEKvBkAgCiLyojVG2kzfu4J9LR8rA8a2/";

     

       16
        
           shell = pkgs.fish;

     

       17
        
           openssh = {

     
···

       22
        
                 ../../home/programs/ssh/yubikey-back.pub

     

       23
        
                 ../../home/programs/ssh/backup.pub

     

       24
        
               ];

     

       25
       +
               keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe" ];

     

       0
        
       
     

       0
        
       
     

       26
        
             };

     

       27
        
           };

     

       28
        
         };