···

       
60
       
60
       
 
       
    # Actual inputs

     

       
61
       
61
       
 
       
    agenix = {

     

       
62
       
62
       
 
       
      url = "github:ryantm/agenix";

     

       
63
       
63
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
64
       
64
       
-
       
      inputs.systems.follows = "systems";

     

       
65
       
65
       
-
       
      inputs.home-manager.follows = "home-manager";

     

       
63
       
63
       
+
       
      inputs = {

     

       
64
       
64
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
65
       
65
       
+
       
        systems.follows = "systems";

     

       
66
       
66
       
+
       
        home-manager.follows = "home-manager";

     

       
67
       
67
       
+
       
      };

     

       
66
       
68
       
 
       
    };

     

       
67
       
69
       
 
       
    alejandra = {

     

       
68
       
70
       
 
       
      url = "github:kamadorueda/alejandra";

     
···

       
76
       
78
       
 
       
    };

     

       
77
       
79
       
 
       
    conduit = {

     

       
78
       
80
       
 
       
      url = "gitlab:famedly/conduit";

     

       
79
       
79
       
-
       
      inputs.flake-utils.follows = "flake-utils";

     

       
80
       
80
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
81
       
81
       
-
       
      inputs.flake-compat.follows = "flake-compat";

     

       
82
       
82
       
-
       
      inputs.attic.inputs.flake-utils.follows = "flake-utils";

     

       
83
       
83
       
-
       
      inputs.attic.inputs.flake-compat.follows = "flake-compat";

     

       
84
       
84
       
-
       
      inputs.attic.inputs.nixpkgs.follows = "nixpkgs";

     

       
85
       
85
       
-
       
      inputs.attic.inputs.nixpkgs-stable.follows = "nixpkgs";

     

       
81
       
81
       
+
       
      inputs = {

     

       
82
       
82
       
+
       
        flake-utils.follows = "flake-utils";

     

       
83
       
83
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
84
       
84
       
+
       
        flake-compat.follows = "flake-compat";

     

       
85
       
85
       
+
       
        attic.inputs = {

     

       
86
       
86
       
+
       
          flake-utils.follows = "flake-utils";

     

       
87
       
87
       
+
       
          flake-compat.follows = "flake-compat";

     

       
88
       
88
       
+
       
          nixpkgs.follows = "nixpkgs";

     

       
89
       
89
       
+
       
          nixpkgs-stable.follows = "nixpkgs";

     

       
90
       
90
       
+
       
        };

     

       
91
       
91
       
+
       
      };

     

       
86
       
92
       
 
       
    };

     

       
87
       
93
       
 
       
    ctp = {

     

       
88
       
94
       
 
       
      url = "github:catppuccin/nix";

     
···

       
119
       
125
       
 
       
    };

     

       
120
       
126
       
 
       
    lix-module = {

     

       
121
       
127
       
 
       
      url = "git+https://git.lix.systems/lix-project/nixos-module";

     

       
122
       
122
       
-
       
      inputs.lix.follows = "lix";

     

       
123
       
123
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
124
       
124
       
-
       
      inputs.flake-utils.follows = "flake-utils";

     

       
128
       
128
       
+
       
      inputs = {

     

       
129
       
129
       
+
       
        lix.follows = "lix";

     

       
130
       
130
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
131
       
131
       
+
       
        flake-utils.follows = "flake-utils";

     

       
132
       
132
       
+
       
      };

     

       
125
       
133
       
 
       
    };

     

       
126
       
134
       
 
       
    mailserver = {

     

       
127
       
135
       
 
       
      url = "gitlab:simple-nixos-mailserver/nixos-mailserver/master";

     

       
128
       
128
       
-
       
      inputs.flake-compat.follows = "flake-compat";

     

       
129
       
129
       
-
       
      inputs.utils.follows = "flake-utils";

     

       
130
       
130
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
136
       
136
       
+
       
      inputs = {

     

       
137
       
137
       
+
       
        flake-compat.follows = "flake-compat";

     

       
138
       
138
       
+
       
        utils.follows = "flake-utils";

     

       
139
       
139
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
140
       
140
       
+
       
      };

     

       
131
       
141
       
 
       
    };

     

       
132
       
142
       
 
       
    mkshell-minimal = {

     

       
133
       
143
       
 
       
      url = "github:viperML/mkshell-minimal";

     
···

       
144
       
154
       
 
       
    };

     

       
145
       
155
       
 
       
    nvim = {

     

       
146
       
156
       
 
       
      url = "github:nix-community/neovim-nightly-overlay";

     

       
147
       
147
       
-
       
      inputs.nixpkgs.follows = "nixpkgs-nvim";

     

       
148
       
148
       
-
       
      inputs.flake-parts.follows = "flake-parts";

     

       
149
       
149
       
-
       
      inputs.flake-compat.follows = "flake-compat";

     

       
157
       
157
       
+
       
      inputs = {

     

       
158
       
158
       
+
       
        nixpkgs.follows = "nixpkgs-nvim";

     

       
159
       
159
       
+
       
        flake-parts.follows = "flake-parts";

     

       
160
       
160
       
+
       
        flake-compat.follows = "flake-compat";

     

       
161
       
161
       
+
       
      };

     

       
150
       
162
       
 
       
    };

     

       
151
       
163
       
 
       
    nh = {

     

       
152
       
164
       
 
       
      url = "github:viperML/nh";

     
···

       
169
       
181
       
 
       
    nur.url = "github:nix-community/nur";

     

       
170
       
182
       
 
       
    prismlauncher = {

     

       
171
       
183
       
 
       
      url = "github:PrismLauncher/PrismLauncher";

     

       
172
       
172
       
-
       
      inputs.flake-compat.follows = "flake-compat";

     

       
173
       
173
       
-
       
      inputs.flake-parts.follows = "flake-parts";

     

       
174
       
174
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
175
       
175
       
-
       
      inputs.pre-commit-hooks.inputs.flake-compat.follows = "flake-compat";

     

       
176
       
176
       
-
       
      inputs.pre-commit-hooks.inputs.nixpkgs.follows = "nixpkgs";

     

       
177
       
177
       
-
       
      inputs.pre-commit-hooks.inputs.nixpkgs-stable.follows = "nixpkgs";

     

       
184
       
184
       
+
       
      inputs = {

     

       
185
       
185
       
+
       
        flake-compat.follows = "flake-compat";

     

       
186
       
186
       
+
       
        flake-parts.follows = "flake-parts";

     

       
187
       
187
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
188
       
188
       
+
       
        pre-commit-hooks.inputs = {

     

       
189
       
189
       
+
       
          flake-compat.follows = "flake-compat";

     

       
190
       
190
       
+
       
          nixpkgs.follows = "nixpkgs";

     

       
191
       
191
       
+
       
          nixpkgs-stable.follows = "nixpkgs";

     

       
192
       
192
       
+
       
        };

     

       
193
       
193
       
+
       
      };

     

       
178
       
194
       
 
       
    };

     

       
179
       
195
       
 
       
    my-pkgs = {

     

       
180
       
196
       
 
       
      url = "git+https://git.pyrox.dev/pyrox/pkgs";

     
···

       
182
       
198
       
 
       
    };

     

       
183
       
199
       
 
       
    wayland = {

     

       
184
       
200
       
 
       
      url = "github:nix-community/nixpkgs-wayland";

     

       
185
       
185
       
-
       
      inputs.flake-compat.follows = "flake-compat";

     

       
186
       
186
       
-
       
      inputs.nixpkgs.follows = "nixpkgs";

     

       
187
       
187
       
-
       
      inputs.nix-eval-jobs.inputs.flake-parts.follows = "flake-parts";

     

       
188
       
188
       
-
       
      inputs.nix-eval-jobs.inputs.nixpkgs.follows = "nixpkgs";

     

       
189
       
189
       
-
       
      inputs.lib-aggregate.inputs.flake-utils.follows = "flake-utils";

     

       
190
       
190
       
-
       
      inputs.lib-aggregate.inputs.nixpkgs-lib.follows = "nixpkgs-lib";

     

       
201
       
201
       
+
       
      inputs = {

     

       
202
       
202
       
+
       
        flake-compat.follows = "flake-compat";

     

       
203
       
203
       
+
       
        nixpkgs.follows = "nixpkgs";

     

       
204
       
204
       
+
       
        nix-eval-jobs.inputs.flake-parts.follows = "flake-parts";

     

       
205
       
205
       
+
       
        nix-eval-jobs.inputs.nixpkgs.follows = "nixpkgs";

     

       
206
       
206
       
+
       
        lib-aggregate.inputs.flake-utils.follows = "flake-utils";

     

       
207
       
207
       
+
       
        lib-aggregate.inputs.nixpkgs-lib.follows = "nixpkgs-lib";

     

       
208
       
208
       
+
       
      };

     

       
191
       
209
       
 
       
    };

     

       
192
       
210
       
 
       
  };

     

       
193
       
211
       
 
       


     
···

       
245
       
263
       
 
       
          lix-module.nixosModules.default

     

       
246
       
264
       
 
       
          agenix.nixosModules.default

     

       
247
       
265
       
 
       
        ];

     

       
248
       
248
       
-
       


     

       
266
       
266
       
+
       
        hosts = {

     

       
249
       
267
       
 
       
        # Zaphod, my personal Framework 16 laptop

     

       
250
       
250
       
-
       
        systems.hosts.zaphod.modules = with inputs; [ hardware.nixosModules.framework-16-7040-amd ];

     

       
268
       
268
       
+
       
        zaphod.modules = with inputs; [ hardware.nixosModules.framework-16-7040-amd ];

     

       
251
       
269
       
 
       


     

       
252
       
270
       
 
       
        # Prefect, my main VPS

     

       
253
       
253
       
-
       
        systems.hosts.prefect.modules = with inputs; [

     

       
271
       
271
       
+
       
        prefect.modules = with inputs; [

     

       
254
       
272
       
 
       
          self.nixosModules.dn42Pingfinder

     

       
255
       
255
       
-
       
          inputs.mailserver.nixosModule

     

       
273
       
273
       
+
       
          mailserver.nixosModule

     

       
256
       
274
       
 
       
        ];

     

       
257
       
275
       
 
       


     

       
258
       
276
       
 
       
        # (Deep) Thought, a WIP VPS

     

       
259
       
259
       
-
       
        systems.hosts.thought.modules = with inputs; [ self.nixosModules.dn42Pingfinder ];

     

       
277
       
277
       
+
       
        thought.modules = with inputs; [ self.nixosModules.dn42Pingfinder ];

     

       
260
       
278
       
 
       


     

       
261
       
279
       
 
       
        # Marvin, my main homelab machine

     

       
262
       
262
       
-
       
        systems.hosts.marvin.modules = with inputs; [

     

       
280
       
280
       
+
       
        marvin.modules = with inputs; [

     

       
263
       
281
       
 
       
          self.nixosModules.forgejoRunner

     

       
264
       
282
       
 
       
          iceshrimp.nixosModules.default

     

       
265
       
283
       
 
       
          golink.nixosModules.default

     

       
266
       
284
       
 
       
          buildbot-nix.nixosModules.buildbot-master

     

       
267
       
285
       
 
       
          buildbot-nix.nixosModules.buildbot-worker

     

       
268
       
286
       
 
       
        ];

     

       
287
       
287
       
+
       
        };

     

       
269
       
288
       
 
       
      };

     

       
270
       
289
       
 
       


     

       
271
       
290
       
 
       
      outputs-builder =

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  pkgs,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
4
       
-
       
  ...

     

       
5
       
5
       
-
       
}: {

     

       
6
       
6
       
-
       
  programs.msmtp.enable = true;

     

       
7
       
7
       
-
       
  programs.mbsync.enable = true;

     

       
8
       
8
       
-
       
  programs.mu.enable = true;

     

       
9
       
9
       
-
       
}

     

···

       
61
       
61
       
 
       
    enable = true;

     

       
62
       
62
       
 
       
    catppuccin.enable = true;

     

       
63
       
63
       
 
       
    settings = {

     

       
64
       
64
       
-
       
      gui.nerdFontsVersion = "3";

     

       
65
       
65
       
-
       
      gui.showRandomTip = false;

     

       
66
       
66
       
-
       
      gui.theme.selectedLineBgColor = ["default"];

     

       
64
       
64
       
+
       
      gui = {

     

       
65
       
65
       
+
       
        nerdFontsVersion = "3";

     

       
66
       
66
       
+
       
        showRandomTip = false;

     

       
67
       
67
       
+
       
        theme.selectedLineBgColor = ["default"];

     

       
68
       
68
       
+
       
      };

     

       
67
       
69
       
 
       
      git.paging = {

     

       
68
       
70
       
 
       
        pager = "${lib.getExe pkgs.delta} --dark --paging=never";

     

       
69
       
71
       
 
       
        colorArg = "always";

     

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  programs.nushell = {

     

       
3
       
3
       
 
       
    enable = true;

     

       
4
       
4
       
 
       
    configFile.source = ./config.nu;

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  config,

     

       
3
       
2
       
 
       
  pkgs,

     

       
4
       
3
       
 
       
  ...

     

       
5
       
4
       
 
       
}: {

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  lib,

     

       
3
       
3
       
-
       
  pkgs,

     

       
4
       
4
       
-
       
  ...

     

       
5
       
5
       
-
       
}: {programs.pandoc.enable = true;}

     

       
1
       
1
       
+
       
{programs.pandoc.enable = true;}

     

···

       
1
       
1
       
-
       
{ pkgs, config, ...}: {

     

       
1
       
1
       
+
       
{ pkgs, ...}: {

     

       
2
       
2
       
 
       
  imports = [./style.nix];

     

       
3
       
3
       
 
       
  programs.wlogout = {

     

       
4
       
4
       
 
       
    enable = true;

     

···

       
1
       
1
       
-
       
{pkgs, config, ...}: let

     

       
1
       
1
       
+
       
{config, ...}: let

     

       
2
       
2
       
 
       
  pkg = config.programs.wlogout.package;

     

       
3
       
3
       
 
       
  icon-path = "${pkg}/share/wlogout/icons";

     

       
4
       
4
       
 
       
in {

     

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  programs.zsh = {

     

       
3
       
3
       
 
       
    enable = true;

     

       
4
       
4
       
 
       
    autosuggestion.enable = true;

     

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  services.gpg-agent = {

     

       
3
       
3
       
 
       
    enable = true;

     

       
4
       
4
       
 
       
    enableExtraSocket = true;

     

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  services.kanshi = {

     

       
3
       
3
       
 
       
    enable = true;

     

       
4
       
4
       
 
       
    settings = [

     

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  services.kdeconnect = {

     

       
3
       
3
       
 
       
    enable = false;

     

       
4
       
4
       
 
       
    indicator = true;

     

···

       
1
       
1
       
-
       
{lib, inputs, namespace, snowfall-inputs, ...}: {

     

       
2
       
2
       
-
       
}

     

···

       
1
       
1
       
-
       
{inputs, config, ...}: {

     

       
1
       
1
       
+
       
{...}: {

     

       
2
       
2
       
 
       
  imports = [

     

       
3
       
3
       
 
       
    ../programs/gpg.nix

     

       
4
       
4
       
 
       
    ../xdg.nix

     
···

       
6
       
6
       
 
       
  programs.home-manager.enable = true;

     

       
7
       
7
       
 
       
  home.stateVersion = "24.05";

     

       
8
       
8
       
 
       
  home.language = {base = "en_US.utf8";};

     

       
9
       
9
       
-
       
  manual.manpages.enable = false;

     

       
10
       
10
       
-
       
  manual.html.enable = false;

     

       
11
       
11
       
-
       
  manual.json.enable = false;

     

       
9
       
9
       
+
       
  manual = {

     

       
10
       
10
       
+
       
    manpages.enable = false;

     

       
11
       
11
       
+
       
    html.enable = false;

     

       
12
       
12
       
+
       
    json.enable = false;

     

       
13
       
13
       
+
       
  };

     

       
12
       
14
       
 
       
  programs.man.enable = false;

     

       
13
       
15
       
 
       
}

     

···

       
1
       
1
       
-
       
{pkgs, ...}: let

     

       
2
       
2
       
-
       
  customPythonPackages = python-packages: with python-packages; [textual];

     

       
3
       
3
       
-
       
  customPython = pkgs.python311.withPackages customPythonPackages;

     

       
4
       
4
       
-
       
in {

     

       
1
       
1
       
+
       
{pkgs, ...}: {

     

       
5
       
2
       
 
       
  imports = [

     

       
6
       
3
       
 
       
    ../programs/bat.nix

     

       
7
       
4
       
 
       
    ../programs/direnv.nix

     
···

       
21
       
18
       
 
       


     

       
22
       
19
       
 
       
    ../files/distrobox-config.nix

     

       
23
       
20
       
 
       
  ];

     

       
24
       
24
       
-
       
  programs.eza = {

     

       
25
       
25
       
-
       
    enable = true;

     

       
26
       
26
       
-
       
    icons = true;

     

       
27
       
27
       
-
       
    git = true;

     

       
28
       
28
       
-
       
    enableBashIntegration = false;

     

       
29
       
29
       
-
       
    enableIonIntegration = false;

     

       
30
       
30
       
-
       
  };

     

       
31
       
31
       
-
       
  programs.btop = {

     

       
32
       
32
       
-
       
    enable = true;

     

       
33
       
33
       
-
       
    catppuccin.enable = true;

     

       
21
       
21
       
+
       
  programs = {

     

       
22
       
22
       
+
       
    eza = {

     

       
23
       
23
       
+
       
      enable = true;

     

       
24
       
24
       
+
       
      icons = true;

     

       
25
       
25
       
+
       
      git = true;

     

       
26
       
26
       
+
       
      enableBashIntegration = false;

     

       
27
       
27
       
+
       
      enableIonIntegration = false;

     

       
28
       
28
       
+
       
    };

     

       
29
       
29
       
+
       
    btop = {

     

       
30
       
30
       
+
       
      enable = true;

     

       
31
       
31
       
+
       
      catppuccin.enable = true;

     

       
32
       
32
       
+
       
    };

     

       
33
       
33
       
+
       
    glamour.catppuccin.enable = true;

     

       
34
       
34
       
 
       
  };

     

       
35
       
35
       
-
       
  programs.glamour.catppuccin.enable = true;

     

       
36
       
35
       
 
       
  xdg.configFile = {

     

       
37
       
36
       
 
       
    "rbw".source = ../../oldconfig/rbw;

     

       
38
       
37
       
 
       
    "rbw".recursive = true;

     
···

       
43
       
42
       
 
       
    fzf

     

       
44
       
43
       
 
       
    glow

     

       
45
       
44
       
 
       
    gnupg

     

       
46
       
46
       
-
       
    # neovim

     

       
47
       
45
       
 
       
    pinentry

     

       
48
       
46
       
 
       
    rbw

     

       
49
       
47
       
 
       
    rsync

     

···

       
1
       
1
       
 
       
{ pkgs

     

       
2
       
2
       
-
       
, inputs

     

       
3
       
2
       
 
       
, ...

     

       
4
       
3
       
 
       
}: {

     

       
5
       
4
       
 
       
  imports = [

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  pkgs,

     

       
3
       
3
       
-
       
  inputs,

     

       
4
       
4
       
-
       
  lib, # games ? true,

     

       
3
       
3
       
+
       
  # games ? true,

     

       
5
       
4
       
 
       
  # social ? true,

     

       
6
       
5
       
 
       
  ...

     

       
7
       
6
       
 
       
}: {

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  pkgs,

     

       
3
       
3
       
-
       
  inputs,

     

       
4
       
2
       
 
       
  ...

     

       
5
       
3
       
 
       
}: {imports = [./base.nix ./cli.nix];}

     

···

       
1
       
1
       
 
       
{imports = [

     

       
2
       
2
       
 
       
  ./sway.nix

     

       
3
       
3
       
 
       
  ./keybindings.nix

     

       
4
       
4
       
-
       
  ./misc.nix

     

       
5
       
4
       
 
       
  ./waybar.nix

     

       
6
       
5
       
 
       
  ./swaylock.nix

     

       
7
       
6
       
 
       
];}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  pkgs,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
2
       
 
       
  config,

     

       
5
       
3
       
 
       
  ...

     

       
6
       
4
       
 
       
}: let

     

       
5
       
5
       
+
       
  inherit (config.wayland.windowManager.sway.config) menu;

     

       
7
       
6
       
 
       
  mod = config.wayland.windowManager.sway.config.modifier;

     

       
8
       
8
       
-
       
  homeDir = config.home.homeDirectory;

     

       
9
       
9
       
-
       
  menu = config.wayland.windowManager.sway.config.menu;

     

       
10
       
7
       
 
       
  term = config.wayland.windowManager.sway.config.terminal;

     

       
11
       
8
       
 
       
  grim = "grim -g";

     

       
12
       
9
       
 
       
  slurp-screen = "\"$(slurp -c -b '#1e1e2e80' -o -r)\" -";

     

This is a binary file and will not be displayed.

···

       
1
       
1
       
-
       
{pkgs, ...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  nixpkgs = {

     

       
3
       
3
       
 
       
    config = {

     

       
4
       
4
       
 
       
      allowUnfree = true;

     

···

       
1
       
1
       
 
       
{pkgs, ...}: {

     

       
2
       
2
       
 
       
  # Everything should use doas instead of sudo

     

       
3
       
3
       
 
       
  # Sudo is kept enabled for tools that ~can't~ won't use doas.

     

       
4
       
4
       
-
       
  security.doas = {

     

       
4
       
4
       
+
       
  security = {

     

       
5
       
5
       
+
       
  doas = {

     

       
5
       
6
       
 
       
    enable = true;

     

       
6
       
7
       
 
       
    wheelNeedsPassword = false;

     

       
7
       
8
       
 
       
  };

     

       
8
       
9
       
 
       
  # Needed for nixos-rebuild to work properly

     

       
9
       
9
       
-
       
  security.sudo.enable = true;

     

       
10
       
10
       
+
       
  sudo.enable = true;

     

       
10
       
11
       
 
       


     

       
11
       
12
       
 
       
  # TPM configuration

     

       
12
       
12
       
-
       
  security.tpm2 = {

     

       
13
       
13
       
+
       
  tpm2 = {

     

       
13
       
14
       
 
       
    enable = true;

     

       
14
       
15
       
 
       
    abrmd.enable = true;

     

       
15
       
16
       
 
       
    applyUdevRules = true;

     
···

       
17
       
18
       
 
       
  };

     

       
18
       
19
       
 
       


     

       
19
       
20
       
 
       
  # Set up extra certificates for DN42 specifically

     

       
20
       
20
       
-
       
  security.pki.certificateFiles = [

     

       
21
       
21
       
+
       
  pki.certificateFiles = [

     

       
21
       
22
       
 
       
    (pkgs.fetchurl {

     

       
22
       
23
       
 
       
      url = "https://dn42.burble.com/burble-dn42-ca.pem";

     

       
23
       
24
       
 
       
      name = "burble-dn42-ca.pem";

     
···

       
29
       
30
       
 
       
      sha256 = "sha256-wsMeC9/tlppSNZGrqfZFLAjv3AMj1KwIAWeh2XBpiYs=";

     

       
30
       
31
       
 
       
    })

     

       
31
       
32
       
 
       
  ];

     

       
33
       
33
       
+
       
  };

     

       
32
       
34
       
 
       
}

     

···

       
1
       
1
       
+
       
# deadnix: skip

     

       
1
       
2
       
 
       
{ inputs, ...}: final: prev: {

     

       
2
       
3
       
 
       
  alejandra = inputs.alejandra.defaultPackage.${prev.system};

     

       
3
       
4
       
 
       
}

     

···

       
1
       
1
       
+
       
# deadnix: skip

     

       
1
       
2
       
 
       
{ inputs, ...}: final: prev: {

     

       
2
       
3
       
 
       
  inherit (inputs.nixpkgs-mesa.legacyPackages.${prev.system}) mesa directx-headers;

     

       
3
       
4
       
 
       
}

     

···

       
1
       
1
       
+
       
# deadnix: skip

     

       
1
       
2
       
 
       
{inputs, ...}: final: prev: { inherit (inputs.nix-index.packages.${prev.system}) nix-index; }

     

···

       
1
       
1
       
-
       
final: prev: let

     

       
1
       
1
       
+
       
# deadnix: skip

     

       
2
       
2
       
+
       
{ ... }: final: prev: let

     

       
2
       
3
       
 
       
  inherit (prev.lib.strings) mesonOption mesonEnable;

     

       
3
       
4
       
 
       
in {

     

       
4
       
4
       
-
       
  sway-unwrapped = prev.sway-unwrapped.overrideAttrs (old: {

     

       
5
       
5
       
+
       
  sway-unwrapped = prev.sway-unwrapped.overrideAttrs {

     

       
5
       
6
       
 
       
    mesonFlags = [

     

       
6
       
7
       
 
       
      (mesonOption "sd-bus-provider" "libsystemd")

     

       
7
       
8
       
 
       
      (mesonEnable "tray" true)

     

       
8
       
9
       
 
       
    ];

     

       
9
       
9
       
-
       
  });

     

       
10
       
10
       
+
       
  };

     

       
10
       
11
       
 
       
}

     

···

       
1
       
1
       
-
       
final: prev: rec {

     

       
2
       
2
       
-
       
  tdlib-pidgin = prev.tdlib.overrideAttrs (old: {

     

       
3
       
3
       
-
       
    version = "1.8.0";

     

       
4
       
4
       
-
       
    src = prev.fetchFromGitHub {

     

       
5
       
5
       
-
       
      owner = "tdlib";

     

       
6
       
6
       
-
       
      repo = "td";

     

       
7
       
7
       
-
       
      rev = "b3ab664a18f8611f4dfcd3054717504271eeaa7a";

     

       
8
       
8
       
-
       
      sha256 = "19psqpyh9a2kzfdhgqkirpif4x8pzy89phvi59dq155y30a3661q";

     

       
9
       
9
       
-
       
    };

     

       
10
       
10
       
-
       
  });

     

       
11
       
11
       
-
       
  pidginPackages = prev.pidginPackages // {

     

       
12
       
12
       
-
       
    tdlib-purple = prev.pidginPackages.tdlib-purple.overrideAttrs (old: {

     

       
13
       
13
       
-
       
      version = "0.9.0";

     

       
14
       
14
       
-
       
      meta.broken = false;

     

       
15
       
15
       
-
       
      src = prev.fetchFromGitHub {

     

       
16
       
16
       
-
       
        owner = "BenWiederhake";

     

       
17
       
17
       
-
       
        repo = "tdlib-purple";

     

       
18
       
18
       
-
       
        rev = "fce1b50c15a55c300553019b5f6756dd856485e7";

     

       
19
       
19
       
-
       
        sha256 = "177fax1w440ch00vdda178bgwbbqp3y6zk38krld8kblj9p0ppyd";

     

       
20
       
20
       
-
       
      };

     

       
21
       
21
       
-
       
      buildInputs = (prev.lib.lists.remove prev.tdlib old.buildInputs) ++ [tdlib-pidgin];

     

       
22
       
22
       
-
       
      patches = [(

     

       
23
       
23
       
-
       
        prev.fetchpatch {

     

       
24
       
24
       
-
       
          url = "https://github.com/BenWiederhake/tdlib-purple/commit/db2a900a6d999e9df120a63d27c2bb3312aeddd5.patch";

     

       
25
       
25
       
-
       
          sha256 = "04p24zviqp0hvvfa2khrh0n5wwfjyrmc6wzrm06mg1k6li5d73jr";

     

       
26
       
26
       
-
       
        }

     

       
27
       
27
       
-
       
      )];

     

       
28
       
28
       
-
       
    });

     

       
29
       
29
       
-
       
  };

     

       
30
       
30
       
-
       
}

     

···

       
1
       
1
       
-
       
self: super: {

     

       
2
       
2
       
-
       
tree-sitter = super.tree-sitter.overrideAttrs (old: rec {

     

       
3
       
3
       
-
       
    name = "tree-sitter";

     

       
4
       
4
       
-
       
    version = "0.20.9";

     

       
5
       
5
       
-
       
    src = super.fetchFromGitHub {

     

       
6
       
6
       
-
       
      owner = "tree-sitter";

     

       
7
       
7
       
-
       
      repo = "tree-sitter";

     

       
8
       
8
       
-
       
      rev = "v${version}";

     

       
9
       
9
       
-
       
      sha256 = "sha256-NxWqpMNwu5Ajffw1E2q9KS4TgkCH6M+ctFyi9Jp0tqQ=";

     

       
10
       
10
       
-
       
      fetchSubmodules = true;

     

       
11
       
11
       
-
       
    };

     

       
12
       
12
       
-
       
    cargoDeps = super.rustPlatform.importCargoLock {

     

       
13
       
13
       
-
       
      lockFile = super.fetchurl {

     

       
14
       
14
       
-
       
        url =

     

       
15
       
15
       
-
       
          "https://raw.githubusercontent.com/tree-sitter/tree-sitter/v${version}/Cargo.lock";

     

       
16
       
16
       
-
       
        sha256 = "sha256-CVxS6AAHkySSYI9vY9k1DLrffZC39nM7Bc01vfjMxWk=";

     

       
17
       
17
       
-
       
      };

     

       
18
       
18
       
-
       
      allowBuiltinFetchGit = true;

     

       
19
       
19
       
-
       
    };

     

       
20
       
20
       
-
       
  });

     

       
21
       
21
       
-
       
}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  fetchurl,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
3
       
 
       
  stdenv,

     

       
5
       
5
       
-
       
  pkgs,

     

       
6
       
4
       
 
       
}:

     

       
7
       
5
       
 
       
stdenv.mkDerivation {

     

       
8
       
6
       
 
       
  pname = "caddy-bin";

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  lib,

     

       
3
       
3
       
-
       
  stdenv,

     

       
4
       
3
       
 
       
  fetchFromGitea,

     

       
5
       
4
       
 
       
  buildGoModule,

     

       
6
       
5
       
 
       
}:

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  pkgs,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
4
       
-
       
  makeDesktopItem,

     

       
2
       
2
       
+
       
  pkgs

     

       
5
       
3
       
 
       
}: let

     

       
6
       
4
       
 
       
  olympus = pkgs.stdenv.mkDerivation rec {

     

       
7
       
5
       
 
       
    pname = "olympus";

     

···

       
1
       
1
       
 
       
{ inputs, pkgs, ...}: let

     

       
2
       
2
       
 
       
  mkShell = inputs.mkshell-minimal pkgs;

     

       
3
       
3
       
-
       
in mkShell {}

     

       
3
       
3
       
+
       
in mkShell {

     

       
4
       
4
       
+
       
  packages = [

     

       
5
       
5
       
+
       
    pkgs.deadnix

     

       
6
       
6
       
+
       
    pkgs.nixfmt-rfc-style

     

       
7
       
7
       
+
       
    pkgs.statix

     

       
8
       
8
       
+
       
  ];

     

       
9
       
9
       
+
       
}

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  networking.firewall.allowedTCPPorts = [80 443 6912 34197];

     

       
3
       
3
       
-
       
  networking.firewall.allowedUDPPorts = [4367 34197];

     

       
4
       
4
       
-
       
  networking.firewall.trustedInterfaces = ["tailscale0" "wg0"];

     

       
5
       
5
       
-
       
}

     

       
1
       
1
       
+
       
{networking.firewall = {

     

       
2
       
2
       
+
       
  allowedTCPPorts = [80 443 6912 34197];

     

       
3
       
3
       
+
       
  allowedUDPPorts = [4367 34197];

     

       
4
       
4
       
+
       
  trustedInterfaces = ["tailscale0" "wg0"];

     

       
5
       
5
       
+
       
};}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  config,

     

       
3
       
2
       
 
       
  pkgs,

     

       
4
       
4
       
-
       
  lib,

     

       
5
       
3
       
 
       
  ...

     

       
6
       
4
       
 
       
}: {

     

       
7
       
7
       
-
       
  systemd.services.io-bot = {

     

       
5
       
5
       
+
       
  systemd.services = {

     

       
6
       
6
       
+
       
  io-bot = {

     

       
8
       
7
       
 
       
    enable = false;

     

       
9
       
8
       
 
       
    wantedBy = ["multi-user.target"];

     

       
10
       
9
       
 
       
    after = ["network.target" "io-bot-lavalink.service"];

     
···

       
17
       
16
       
 
       
      WorkingDirectory = "/home/thehedgehog/io-py";

     

       
18
       
17
       
 
       
    };

     

       
19
       
18
       
 
       
  };

     

       
20
       
20
       
-
       
  systemd.services.io-bot-lavalink = {

     

       
19
       
19
       
+
       
  io-bot-lavalink = {

     

       
21
       
20
       
 
       
    enable = false;

     

       
22
       
21
       
 
       
    wantedBy = ["multi-user.target"];

     

       
23
       
22
       
 
       
    after = ["network.target"];

     
···

       
29
       
28
       
 
       
      WorkingDirectory = "/home/thehedgehog/io-py/config";

     

       
30
       
29
       
 
       
    };

     

       
31
       
30
       
 
       
  };

     

       
32
       
32
       
-
       
  systemd.services.misc-bot = {

     

       
31
       
31
       
+
       
  misc-bot = {

     

       
33
       
32
       
 
       
    enable = false;

     

       
34
       
33
       
 
       
    wantedBy = ["multi-user.target"];

     

       
35
       
34
       
 
       
    after = ["network.target"];

     
···

       
41
       
40
       
 
       
      RestartSec = 3;

     

       
42
       
41
       
 
       
      WorkingDirectory = "/home/thehedgehog/bots/bot1";

     

       
43
       
42
       
 
       
    };

     

       
43
       
43
       
+
       
  };

     

       
44
       
44
       
 
       
  };

     

       
45
       
45
       
 
       
}

     

···

       
7
       
7
       
 
       
    group = "buildbot";

     

       
8
       
8
       
 
       
  };

     

       
9
       
9
       
 
       
in {

     

       
10
       
10
       
-
       
  services.buildbot-nix.master = {

     

       
10
       
10
       
+
       
  services = {

     

       
11
       
11
       
+
       
  buildbot-nix.master = {

     

       
11
       
12
       
 
       
    enable = true;

     

       
12
       
13
       
 
       
    dbUrl = "postgresql://buildbot@localhost/buildbot";

     

       
13
       
14
       
 
       
    workersFile = as.buildbot-workers.path;

     
···

       
26
       
27
       
 
       
    domain = d.extUrl;

     

       
27
       
28
       
 
       
    useHttps = true;

     

       
28
       
29
       
 
       
  };

     

       
29
       
29
       
-
       
  services.postgresql.ensureUsers = [{

     

       
30
       
30
       
-
       
    name = "buildbot";

     

       
31
       
31
       
-
       
    ensureDBOwnership = true;

     

       
32
       
32
       
-
       
    ensureClauses.login = true;

     

       
33
       
33
       
-
       
  }];

     

       
34
       
34
       
-
       
  services.postgresql.ensureDatabases = [ "buildbot" ];

     

       
35
       
35
       
-
       
  services.buildbot-master.port = 6915;

     

       
30
       
30
       
+
       
  postgresql = {

     

       
31
       
31
       
+
       
    ensureUsers = [{

     

       
32
       
32
       
+
       
      name = "buildbot";

     

       
33
       
33
       
+
       
      ensureDBOwnership = true;

     

       
34
       
34
       
+
       
      ensureClauses.login = true;

     

       
35
       
35
       
+
       
    }];

     

       
36
       
36
       
+
       
    ensureDatabases = [ "buildbot" ];

     

       
37
       
37
       
+
       
  };

     

       
38
       
38
       
+
       
  buildbot-master.port = 6915;

     

       
39
       
39
       
+
       
  };

     

       
36
       
40
       
 
       
  age.secrets = {

     

       
37
       
41
       
 
       
    buildbot-gitea-token = bbSecret // {

     

       
38
       
42
       
 
       
      file = ../secrets/buildbot-gitea-token.age;

     

···

       
23
       
23
       
 
       
  services.forgejo = {

     

       
24
       
24
       
 
       
    enable = true;

     

       
25
       
25
       
 
       
    lfs.enable = true;

     

       
26
       
26
       
-
       
    database.type = "postgres";

     

       
27
       
27
       
-
       
    database.createDatabase = true;

     

       
28
       
28
       
-
       
    database.passwordFile = age.forgejo-db-pw.path;

     

       
26
       
26
       
+
       
    database = {

     

       
27
       
27
       
+
       
      type = "postgres";

     

       
28
       
28
       
+
       
      createDatabase = true;

     

       
29
       
29
       
+
       
      passwordFile = age.forgejo-db-pw.path;

     

       
30
       
30
       
+
       
    };

     

       
29
       
31
       
 
       
    mailerPasswordFile = age.forgejo-mail-pw.path;

     

       
30
       
32
       
 
       
    settings = {

     

       
31
       
33
       
 
       
      DEFAULT = {

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  config,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
4
       
-
       
  pkgs,

     

       
5
       
5
       
-
       
  ...

     

       
6
       
6
       
-
       
}: {

     

       
7
       
2
       
 
       
  services.golink = {

     

       
8
       
3
       
 
       
    enable = true;

     

       
9
       
4
       
 
       
    tailscaleAuthKeyFile = /run/agenix/golink-authkey;

     

···

       
9
       
9
       
 
       
  d = lib.data.services.iceshrimp;

     

       
10
       
10
       
 
       


     

       
11
       
11
       
 
       
  package = inputs.iceshrimp.packages.x86_64-linux.iceshrimp-pre.overrideAttrs

     

       
12
       
12
       
-
       
    (old: rec {

     

       
12
       
12
       
+
       
    rec {

     

       
13
       
13
       
 
       
      version = "2023.12.7-pyrox1";

     

       
14
       
14
       
 
       
      src = pkgs.fetchgit {

     

       
15
       
15
       
 
       
        url = "https://iceshrimp.dev/pyrox/iceshrimp";

     
···

       
18
       
18
       
 
       
        fetchLFS = true;

     

       
19
       
19
       
 
       
      };

     

       
20
       
20
       
 
       
      patches = [];

     

       
21
       
21
       
-
       
    });

     

       
21
       
21
       
+
       
    };

     

       
22
       
22
       
 
       
in {

     

       
23
       
23
       
 
       
  services.iceshrimp = {

     

       
24
       
24
       
 
       
    inherit package;

     
···

       
28
       
28
       
 
       
    createDb = true;

     

       
29
       
29
       
 
       
    configureNginx.enable = false;

     

       
30
       
30
       
 
       
    settings = {

     

       
31
       
31
       
+
       
      inherit (d) port;

     

       
31
       
32
       
 
       
      url = "https://${d.extUrl}";

     

       
32
       
33
       
 
       
      accountDomain = "pyrox.dev";

     

       
33
       
33
       
-
       
      port = d.port;

     

       
34
       
34
       
 
       
      redis.port = 6997;

     

       
35
       
35
       
 
       
      maxNoteLength = 16384;

     

       
36
       
36
       
 
       
      maxCaptionLength = 8192;

     
···

       
81
       
81
       
 
       
  };

     

       
82
       
82
       
 
       
  age.secrets = {

     

       
83
       
83
       
 
       
    iceshrimp-secret-config = {

     

       
84
       
84
       
+
       
      inherit (config.services.iceshrimp) group;

     

       
84
       
85
       
 
       
      file = ../secrets/iceshrimp-secret-config.age;

     

       
85
       
86
       
 
       
      owner = config.services.iceshrimp.user;

     

       
86
       
86
       
-
       
      group = config.services.iceshrimp.group;

     

       
87
       
87
       
 
       
    };

     

       
88
       
88
       
 
       
    iceshrimp-db-password = {

     

       
89
       
89
       
 
       
      file = ../secrets/iceshrimp-db-password.age;

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  config,

     

       
3
       
2
       
 
       
  pkgs,

     

       
4
       
3
       
 
       
  inputs,

     

       
5
       
4
       
 
       
  lib,

     
···

       
12
       
11
       
 
       
    package = inputs.conduit.packages.${pkgs.system}.default;

     

       
13
       
12
       
 
       


     

       
14
       
13
       
 
       
    settings.global = {

     

       
14
       
14
       
+
       
      inherit (d) port;

     

       
15
       
15
       
 
       
      server_name = "pyrox.dev";

     

       
16
       
16
       
-
       
      port = d.port;

     

       
17
       
16
       
 
       
      max_request_size = 1024 * 1024 * 50;

     

       
18
       
17
       
 
       
      allow_registration = false;

     

       
19
       
18
       
 
       
      allow_federation = true;

     

···

       
2
       
2
       
 
       
  d = lib.py.data.services.nextcloud-imaginary;

     

       
3
       
3
       
 
       
in{

     

       
4
       
4
       
 
       
  services.imaginary = {

     

       
5
       
5
       
+
       
    inherit (d) port;

     

       
5
       
6
       
 
       
    enable = true;

     

       
6
       
7
       
 
       
    address = "localhost";

     

       
7
       
7
       
-
       
    port = d.port;

     

       
8
       
8
       
 
       
    settings.return-size = true;

     

       
9
       
9
       
 
       
    settings.disable-endpoints = "form";

     

       
10
       
10
       
 
       
  };

     

···

       
4
       
4
       
 
       
  services.nginx = {

     

       
5
       
5
       
 
       
    virtualHosts = {

     

       
6
       
6
       
 
       
      "${n.extUrl}" = {

     

       
7
       
7
       
-
       
        listen = [ { addr = "0.0.0.0"; port = n.port; } ];

     

       
7
       
7
       
+
       
        listen = [ { inherit (n) port; addr = "0.0.0.0"; } ];

     

       
8
       
8
       
 
       
      };

     

       
9
       
9
       
 
       
    };

     

       
10
       
10
       
 
       
  };

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  virtualisation.docker.enable = true;

     

       
3
       
3
       
-
       
  virtualisation.oci-containers.backend = "docker";

     

       
4
       
4
       
-
       
  virtualisation.docker.storageDriver = "zfs";

     

       
5
       
5
       
-
       
  virtualisation.docker.autoPrune.enable = true;

     

       
6
       
6
       
-
       
  virtualisation.docker.liveRestore = true;

     

       
7
       
7
       
-
       
  virtualisation.docker.daemon.settings = {

     

       
8
       
8
       
-
       
    ipv6 = true;

     

       
9
       
9
       
-
       
    experimental = true;

     

       
10
       
10
       
-
       
    ip6tables = true;

     

       
11
       
11
       
-
       
    fixed-cidr-v6 = "2001:db8:1::/64";

     

       
1
       
1
       
+
       
{virtualisation = {

     

       
2
       
2
       
+
       
  oci-containers.backend = "docker";

     

       
3
       
3
       
+
       
  docker = {

     

       
4
       
4
       
+
       
    enable = true;

     

       
5
       
5
       
+
       
    storageDriver = "zfs";

     

       
6
       
6
       
+
       
    autoPrune.enable = true;

     

       
7
       
7
       
+
       
    liveRestore = true;

     

       
8
       
8
       
+
       
    daemon.settings = {

     

       
9
       
9
       
+
       
      experimental = true;

     

       
10
       
10
       
+
       
      ip6tables = true;

     

       
11
       
11
       
+
       
      fixed-cidr-v6 = "2001:db8:1::/64";

     

       
12
       
12
       
+
       
    };

     

       
12
       
13
       
 
       
  };

     

       
13
       
13
       
-
       
}

     

       
14
       
14
       
+
       
};}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
+
       
  # deadnix: skip

     

       
2
       
3
       
 
       
  config,

     

       
4
       
4
       
+
       
  # deadnix: skip

     

       
3
       
5
       
 
       
  pkgs,

     

       
6
       
6
       
+
       
  # deadnix: skip

     

       
4
       
7
       
 
       
  lib,

     

       
5
       
8
       
 
       
  ...

     

       
6
       
9
       
 
       
}: {services.prosody = {enable = true;};}

     

···

       
1
       
1
       
-
       
{pkgs, lib, config, ...}: let

     

       
1
       
1
       
+
       
{lib, config, ...}: let

     

       
2
       
2
       
 
       
  d = lib.py.data.services.radicale;

     

       
3
       
3
       
 
       
  p = toString d.port;

     

       
4
       
4
       
 
       
in {

     

···

       
2
       
2
       
 
       
  d = lib.py.data.services.redlib;

     

       
3
       
3
       
 
       
in {

     

       
4
       
4
       
 
       
  services.libreddit = {

     

       
5
       
5
       
+
       
    inherit (d) port;

     

       
5
       
6
       
 
       
    enable = true;

     

       
6
       
7
       
 
       
    package = pkgs.redlib;

     

       
7
       
7
       
-
       
    port = d.port;

     

       
8
       
8
       
 
       
    openFirewall = false;

     

       
9
       
9
       
 
       
  };

     

       
10
       
10
       
 
       
}

     

···

       
11
       
11
       
 
       
      grub.device = "/dev/sda";

     

       
12
       
12
       
 
       
      grub.enable = true;

     

       
13
       
13
       
 
       
    };

     

       
14
       
14
       
-
       
    initrd.availableKernelModules = [

     

       
15
       
15
       
-
       
      "ata_piix"

     

       
16
       
16
       
-
       
      "uhci_hcd"

     

       
17
       
17
       
-
       
      "xen_blkfront"

     

       
18
       
18
       
-
       
      "ahci"

     

       
19
       
19
       
-
       
      "xhci_pci"

     

       
20
       
20
       
-
       
      "virtio_pci"

     

       
21
       
21
       
-
       
      "sd_mod"

     

       
22
       
22
       
-
       
      "sr_mod"

     

       
23
       
23
       
-
       
    ];

     

       
24
       
24
       
-
       
    initrd.kernelModules = ["nvme"];

     

       
25
       
25
       
-
       
    initrd.supportedFilesystems = ["btrfs" "vfat" "f2fs" "zfs"];

     

       
14
       
14
       
+
       
    initrd = {

     

       
15
       
15
       
+
       
      availableKernelModules = [

     

       
16
       
16
       
+
       
        "ata_piix"

     

       
17
       
17
       
+
       
        "uhci_hcd"

     

       
18
       
18
       
+
       
        "xen_blkfront"

     

       
19
       
19
       
+
       
        "ahci"

     

       
20
       
20
       
+
       
        "xhci_pci"

     

       
21
       
21
       
+
       
        "virtio_pci"

     

       
22
       
22
       
+
       
        "sd_mod"

     

       
23
       
23
       
+
       
        "sr_mod"

     

       
24
       
24
       
+
       
      ];

     

       
25
       
25
       
+
       
      kernelModules = ["nvme"];

     

       
26
       
26
       
+
       
      supportedFilesystems = ["btrfs" "vfat" "f2fs" "zfs"];

     

       
27
       
27
       
+
       
    };

     

       
26
       
28
       
 
       
    supportedFilesystems = lib.mkForce ["btrfs" "vfat" "f2fs" "zfs"];

     

       
27
       
29
       
 
       
    kernelPackages = pkgs.linuxPackages_6_1;

     

       
28
       
30
       
 
       
    kernel.sysctl = {

     

···

       
1
       
1
       
-
       
{...}: {

     

       
1
       
1
       
+
       
{

     

       
2
       
2
       
 
       
  sessions = [

     

       
3
       
3
       
 
       
    # Lutoma

     

       
4
       
4
       
 
       
    # {

     

···

       
12
       
12
       
 
       
  '';

     

       
13
       
13
       
 
       
  bgp = import ./bgp.nix {};

     

       
14
       
14
       
 
       
in {

     

       
15
       
15
       
-
       
  systemd.timers.dn42-roa = {

     

       
15
       
15
       
+
       
  systemd = {

     

       
16
       
16
       
+
       
  timers.dn42-roa = {

     

       
16
       
17
       
 
       
    description = "Trigger a ROA table update";

     

       
17
       
18
       
 
       


     

       
18
       
19
       
 
       
    timerConfig = {

     
···

       
24
       
25
       
 
       
    wantedBy = ["timers.target"];

     

       
25
       
26
       
 
       
    before = ["bird.service"];

     

       
26
       
27
       
 
       
  };

     

       
27
       
27
       
-
       
  systemd.services = {

     

       
28
       
28
       
+
       
  services = {

     

       
28
       
29
       
 
       
    dn42-roa = {

     

       
29
       
30
       
 
       
      after = ["network.target"];

     

       
30
       
31
       
 
       
      description = "DN42 ROA Updated";

     
···

       
32
       
33
       
 
       
      serviceConfig = {ExecStart = "${script}/bin/update-roa";};

     

       
33
       
34
       
 
       
    };

     

       
34
       
35
       
 
       
  };

     

       
35
       
35
       
-
       
  systemd.services.bird-lg-proxy.serviceConfig.User = lib.mkForce "bird2";

     

       
36
       
36
       
-
       
  systemd.services.bird-lg-proxy.serviceConfig.Group = lib.mkForce "bird2";

     

       
36
       
36
       
+
       
  services.bird-lg-proxy.serviceConfig.User = lib.mkForce "bird2";

     

       
37
       
37
       
+
       
  services.bird-lg-proxy.serviceConfig.Group = lib.mkForce "bird2";

     

       
38
       
38
       
+
       
  };

     

       
37
       
39
       
 
       


     

       
38
       
40
       
 
       
  services = {

     

       
39
       
41
       
 
       
    bird-lg = {

     
···

       
85
       
87
       
 
       
        + bgp.extraConfig;

     

       
86
       
88
       
 
       
    };

     

       
87
       
89
       
 
       
  };

     

       
88
       
88
       
-
       


     

       
89
       
90
       
 
       
  users.users.thehedgehog.extraGroups = ["bird2"];

     

       
90
       
91
       
 
       
}

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  tunnel,

     

       
3
       
3
       
-
       
  ospf,

     

       
4
       
3
       
 
       
  ...

     

       
5
       
4
       
 
       
}: let

     

       
5
       
5
       
+
       
  # deadnix: skip

     

       
6
       
6
       
 
       
  defaultPubKey = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg=";

     

       
7
       
7
       
 
       
  defaultPrivKeyFile = "/run/agenix/dn42-privkey";

     

       
8
       
8
       
 
       
  defaultLocalIPv4 = "172.20.43.96";

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  config,

     

       
3
       
2
       
 
       
  pkgs,

     

       
4
       
3
       
 
       
  lib,

     

       
5
       
4
       
 
       
  ...

     
···

       
7
       
6
       
 
       
  defaultLocalIPv4 = "172.20.43.96/32";

     

       
8
       
7
       
 
       
  defaultLocalIPv6 = "fe80::1/64";

     

       
9
       
8
       
 
       
  privKeyFile = "/run/agenix/dn42-privkey";

     

       
9
       
9
       
+
       
  # deadnix: skip

     

       
10
       
10
       
 
       
  defaultPubKey = "e6kp9sca4XIzncKa9GEQwyOnMjje299Xg9ZdgXWMwHg=";

     

       
11
       
11
       
 
       
in {

     

       
12
       
12
       
 
       
  environment.systemPackages = [pkgs.wireguard-tools];

     

       
13
       
13
       
 
       


     

       
14
       
14
       
 
       
  networking.wireguard.interfaces = import ./tunnels.nix rec {

     

       
15
       
15
       
 
       
    customTunnel = listenPort: privKeyFile: peerPubKey: endpoint: name: peerIPv4: peerIPv6: localIPv4: localIPv6: isOspf: {

     

       
16
       
16
       
-
       
      listenPort = listenPort;

     

       
16
       
16
       
+
       
      inherit listenPort;

     

       
17
       
17
       
 
       
      privateKeyFile = privKeyFile;

     

       
18
       
18
       
 
       
      allowedIPsAsRoutes = false;

     

       
19
       
19
       
 
       
      peers = [

     

       
20
       
20
       
 
       
        {

     

       
21
       
21
       
+
       
          inherit endpoint;

     

       
21
       
22
       
 
       
          publicKey = peerPubKey;

     

       
22
       
23
       
 
       
          allowedIPs = ["0.0.0.0/0" "::/0"];

     

       
23
       
23
       
-
       
          endpoint = endpoint;

     

       
24
       
24
       
 
       
          dynamicEndpointRefreshSeconds = 5;

     

       
25
       
25
       
 
       
          persistentKeepalive = 15;

     

       
26
       
26
       
 
       
        }

     
···

       
41
       
41
       
 
       
        + lib.optionalString isOspf

     

       
42
       
42
       
 
       
        "${pkgs.iproute2}/bin/ip -6 addr add ${defaultLocalIPv6} dev ${name}";

     

       
43
       
43
       
 
       
    };

     

       
44
       
44
       
+
       
    # deadnix: skip

     

       
44
       
45
       
 
       
    tunnel = listenPort: privKey: peerPubKey: localIPv4: localIPv6: endpoint: name: peerIPv4: peerIPv6:

     

       
45
       
46
       
 
       
      customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4

     

       
46
       
47
       
 
       
      peerIPv6

     

       
47
       
48
       
 
       
      localIPv4

     

       
48
       
49
       
 
       
      localIPv6

     

       
49
       
50
       
 
       
      false;

     

       
51
       
51
       
+
       
    # deadnix: skip

     

       
50
       
52
       
 
       
    ospf = listenPort: privKey: peerPubKey: endpoint: name: peerIPv4: peerIPv6: ULAIPv6:

     

       
51
       
53
       
 
       
      customTunnel listenPort privKeyFile peerPubKey endpoint name peerIPv4

     

       
52
       
54
       
 
       
      peerIPv6

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  lib,

     

       
3
       
3
       
-
       
  pkgs,

     

       
4
       
4
       
-
       
  config,

     

       
5
       
3
       
 
       
  ...

     

       
6
       
4
       
 
       
}: {

     

       
7
       
5
       
 
       
  networking = {

     

···

       
1
       
1
       
 
       
let

     

       
2
       
2
       
 
       
  yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       
3
       
3
       
 
       
  yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       
4
       
4
       
+
       
  # deadnix: skip

     

       
4
       
5
       
 
       
  backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       
5
       
6
       
 
       
  prefect = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP532AB5mkNvE29MkDDY8HEf8ZdktGWiI0PzLrvbmLQe";

     

       
6
       
7
       
 
       
in {

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  lib,

     

       
3
       
3
       
-
       
  config,

     

       
4
       
3
       
 
       
  ...

     

       
5
       
4
       
 
       
}: {

     

       
6
       
5
       
 
       
  imports = [./logins.nix ./monitoring.nix ./overrides.nix];

     
···

       
74
       
73
       
 
       
      autoIndex = true;

     

       
75
       
74
       
 
       
      enforced = "body";

     

       
76
       
75
       
 
       
      indexAttachments = true;

     

       
77
       
77
       
-
       
      maintenance.enable = true;

     

       
78
       
78
       
-
       
      maintenance.onCalendar = "daily";

     

       
79
       
79
       
-
       
      maintenance.randomizedDelaySec = 1000;

     

       
76
       
76
       
+
       
      maintenance = {

     

       
77
       
77
       
+
       
        enable = true;

     

       
78
       
78
       
+
       
        onCalendar = "daily";

     

       
79
       
79
       
+
       
        randomizedDelaySec = 1000;

     

       
80
       
80
       
+
       
      };

     

       
80
       
81
       
 
       
      maxSize = 20;

     

       
81
       
82
       
 
       
      memoryLimit = 2048;

     

       
82
       
83
       
 
       
      minSize = 2;

     

···

       
1
       
1
       
-
       
{ config

     

       
2
       
2
       
-
       
, lib

     

       
3
       
3
       
-
       
, pkgs

     

       
1
       
1
       
+
       
{ lib

     

       
4
       
2
       
 
       
, ...

     

       
5
       
5
       
-
       
}:

     

       
6
       
6
       
-
       
let

     

       
7
       
7
       
-
       


     

       
8
       
8
       
-
       
  nm = pkgs.nginxModules;

     

       
9
       
9
       
-
       


     

       
10
       
10
       
-
       
in

     

       
11
       
11
       
-
       
{

     

       
3
       
3
       
+
       
}: {

     

       
12
       
4
       
 
       
  services.nginx = {

     

       
13
       
5
       
 
       
    enable = true;

     

       
14
       
6
       
 
       
    additionalModules = [ ];

     

···

       
1
       
1
       
 
       
{config, ...}: {

     

       
2
       
2
       
 
       
  services.tailscale = {enable = true;};

     

       
3
       
3
       
-
       
  networking.firewall.trustedInterfaces = ["tailscale0"];

     

       
4
       
4
       
-
       
  networking.firewall.allowedUDPPorts = [config.services.tailscale.port];

     

       
5
       
5
       
-
       
  networking.firewall.checkReversePath = "loose";

     

       
3
       
3
       
+
       
  networking.firewall = {

     

       
4
       
4
       
+
       
    trustedInterfaces = ["tailscale0"];

     

       
5
       
5
       
+
       
    allowedUDPPorts = [config.services.tailscale.port];

     

       
6
       
6
       
+
       
    checkReversePath = "loose";

     

       
7
       
7
       
+
       
  };

     

       
6
       
8
       
 
       
}

     

···

       
10
       
10
       
 
       
      grub.device = "/dev/sda";

     

       
11
       
11
       
 
       
      grub.enable = true;

     

       
12
       
12
       
 
       
    };

     

       
13
       
13
       
-
       
    initrd.availableKernelModules = [

     

       
14
       
14
       
-
       
      "ata_piix"

     

       
15
       
15
       
-
       
      "uhci_hcd"

     

       
16
       
16
       
-
       
      "xen_blkfront"

     

       
17
       
17
       
-
       
      "ahci"

     

       
18
       
18
       
-
       
      "xhci_pci"

     

       
19
       
19
       
-
       
      "virtio_pci"

     

       
20
       
20
       
-
       
      "sd_mod"

     

       
21
       
21
       
-
       
      "sr_mod"

     

       
22
       
22
       
-
       
    ];

     

       
23
       
23
       
-
       
    initrd.kernelModules = ["nvme"];

     

       
24
       
24
       
-
       
    initrd.supportedFilesystems = ["btrfs" "vfat" "f2fs"];

     

       
13
       
13
       
+
       
    initrd = {

     

       
14
       
14
       
+
       
      availableKernelModules = [

     

       
15
       
15
       
+
       
        "ata_piix"

     

       
16
       
16
       
+
       
        "uhci_hcd"

     

       
17
       
17
       
+
       
        "xen_blkfront"

     

       
18
       
18
       
+
       
        "ahci"

     

       
19
       
19
       
+
       
        "xhci_pci"

     

       
20
       
20
       
+
       
        "virtio_pci"

     

       
21
       
21
       
+
       
        "sd_mod"

     

       
22
       
22
       
+
       
        "sr_mod"

     

       
23
       
23
       
+
       
      ];

     

       
24
       
24
       
+
       
      kernelModules = ["nvme"];

     

       
25
       
25
       
+
       
      supportedFilesystems = ["btrfs" "vfat" "f2fs"];

     

       
26
       
26
       
+
       
    };

     

       
25
       
27
       
 
       
    supportedFilesystems = lib.mkForce ["btrfs" "vfat" "f2fs"];

     

       
26
       
28
       
 
       
    kernelPackages = pkgs.linuxPackages_latest;

     

       
27
       
29
       
 
       
    kernel.sysctl = {

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
-
       
  networking.firewall.enable = true;

     

       
3
       
3
       
-
       
  networking.firewall.allowedTCPPorts = [8000];

     

       
4
       
4
       
-
       
  networking.firewall.allowedUDPPorts = [34197];

     

       
2
       
2
       
+
       
  networking.firewall = {

     

       
3
       
3
       
+
       
    enable = true;

     

       
4
       
4
       
+
       
    allowedTCPPorts = [8000];

     

       
5
       
5
       
+
       
    allowedUDPPorts = [34197];

     

       
6
       
6
       
+
       
  };

     

       
5
       
7
       
 
       
  services.ferm = {

     

       
6
       
8
       
 
       
    enable = true;

     

       
7
       
9
       
 
       
    config = ''

     

···

       
1
       
1
       
 
       
{

     

       
2
       
2
       
 
       
  lib,

     

       
3
       
3
       
-
       
  pkgs,

     

       
4
       
4
       
-
       
  config,

     

       
5
       
3
       
 
       
  ...

     

       
6
       
4
       
 
       
}: {

     

       
7
       
5
       
 
       
  networking = {

     

···

       
1
       
1
       
 
       
let

     

       
2
       
2
       
+
       
  # deadnix: skip

     

       
2
       
3
       
 
       
  yubi-back = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";

     

       
4
       
4
       
+
       
  # deadnix: skip

     

       
3
       
5
       
 
       
  yubi-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBBsOIMMZVmleClXfqUMrnmyh8PFuyiJqHKEZ51Xy746";

     

       
6
       
6
       
+
       
  # deadnix: skip

     

       
4
       
7
       
 
       
  backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";

     

       
8
       
8
       
+
       
  # deadnix: skip

     

       
5
       
9
       
 
       
  thought = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGkJcLykggEp427h2IywoiR74Yl3N+FU6Pwx9ZFQ3vjq";

     

       
6
       
10
       
 
       
in {

     

       
7
       
11
       
 
       
  imports = [../../common/secrets/secrets.nix];

     

···

       
1
       
1
       
 
       
{config, ...}: {

     

       
2
       
2
       
 
       
  services.tailscale = {enable = true;};

     

       
3
       
3
       
-
       
  networking.firewall.trustedInterfaces = ["tailscale0"];

     

       
4
       
4
       
-
       
  networking.firewall.allowedUDPPorts = [config.services.tailscale.port];

     

       
5
       
5
       
-
       
  networking.firewall.checkReversePath = "loose";

     

       
3
       
3
       
+
       
  networking.firewall = {

     

       
4
       
4
       
+
       
    trustedInterfaces = ["tailscale0"];

     

       
5
       
5
       
+
       
    allowedUDPPorts = [config.services.tailscale.port];

     

       
6
       
6
       
+
       
    checkReversePath = "loose";

     

       
7
       
7
       
+
       
  };

     

       
6
       
8
       
 
       
}

     

···

       
2
       
2
       
 
       
  pkgs,

     

       
3
       
3
       
 
       
  lib,

     

       
4
       
4
       
 
       
  config,

     

       
5
       
5
       
-
       
  inputs,

     

       
6
       
5
       
 
       
  ...

     

       
7
       
6
       
 
       
}: {

     

       
8
       
7
       
 
       
  boot = {

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  pkgs,

     

       
3
       
3
       
-
       
  lib,

     

       
4
       
4
       
-
       
  inputs,

     

       
5
       
5
       
-
       
  ...

     

       
6
       
6
       
-
       
}: {

     

       
1
       
1
       
+
       
{ ... }: {

     

       
7
       
2
       
 
       
  imports = [

     

       
8
       
3
       
 
       
    # Common Config

     

       
9
       
4
       
 
       
    ../default.nix

     

···

       
1
       
1
       
-
       
{

     

       
2
       
2
       
-
       
  services.xserver.enable = false;

     

       
3
       
3
       
-
       
  services.xserver.displayManager.sddm.enable = false;

     

       
4
       
4
       
-
       
  services.xserver.displayManager.defaultSession = "plasmawayland";

     

       
5
       
5
       
-
       
  services.xserver.desktopManager.plasma5 = {

     

       
1
       
1
       
+
       
{services.xserver = {

     

       
2
       
2
       
+
       
  enable = false;

     

       
3
       
3
       
+
       
  displayManager = {

     

       
4
       
4
       
+
       
    sddm.enable = false;

     

       
5
       
5
       
+
       
    defaultSession = "plasmawayland";

     

       
6
       
6
       
+
       
  };

     

       
7
       
7
       
+
       
  desktopManager.plasma5 = {

     

       
6
       
8
       
 
       
    enable = false;

     

       
7
       
9
       
 
       
    phononBackend = "vlc";

     

       
8
       
10
       
 
       
    runUsingSystemd = true;

     

       
9
       
11
       
 
       
    useQtScaling = true;

     

       
12
       
12
       
+
       
  };

     

       
10
       
13
       
 
       
  };

     

       
11
       
14
       
 
       
  qt = {

     

       
12
       
15
       
 
       
    enable = true;