helvetica/puter
1
0
Fork 0
Code Activity

Merge branch 'main' of forgejo.helveticanonstandard.net:helvetica/puter

Browse source
This commit is contained in:
Lukas Wurzinger 2025-07-07 16:38:56 +00:00
commit a976140d15
No known key found for this signature in database
34 changed files with 494 additions and 346 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,4 +1,2 @@
.direnv/
.devenv/
.pre-commit-config.yaml

3
README.md
View file

@ -7,7 +7,6 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
- common: Sane defaults that make sense to use for every host.
- modules: Regular NixOS modules.
- profiles: Higher-level NixOS modules that conform to different roles that a host may have.
- packages: Packages that I couldn't fit anywhere else.
- secrets: Agenix secrets.
- hosts: Hosts exposed in `nixosConfigurations`.
- pubkeys.nix: Nix expression with all my SSH public keys, used for OpenSSH, Agenix and Restic.
@ -21,7 +20,7 @@ This is my cobbled together NixOS configuration. There are many like it, but thi
## Installation
```bash
nix run git+https://codeberg.org/helvetica/puter.git#disk /path/to/disk
nix run git+https://codeberg.org/helvetica/zap.git /path/to/disk
# TODO: Configure additional disks
mkdir -p /mnt/etc/ssh
cat > /mnt/etc/ssh/ssh_host_ed25519_key

9
common/hardware.nix
View file

@ -1,3 +1,12 @@
{
services.fwupd.enable = true;
hardware = {
bluetooth.enable = true;
steam-hardware.enable = true;
xone.enable = true;
xpadneo.enable = true;
gcadapter.enable = true;
enableAllFirmware = true;
};
}

3
common/xdg.nix Normal file
View file

@ -0,0 +1,3 @@
{
xdg.portal.xdgOpenUsePortal = true;
}

377
flake.lock generated
View file

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1747575206,
"narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "4835b1dc898959d8547a871ef484930675cb47f1",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -107,6 +107,22 @@
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1733328505,
@ -122,7 +138,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_6": {
"flake": false,
"locked": {
"lastModified": 1746162366,
@ -138,16 +154,32 @@
"type": "github"
}
},
"flake-compat_7": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"lastModified": 1751413152,
"narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github"
},
"original": {
@ -179,11 +211,11 @@
"nixpkgs-lib": "nixpkgs-lib_3"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
@ -254,11 +286,29 @@
"nixpkgs-lib": "nixpkgs-lib_6"
},
"locked": {
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_8": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib_7"
},
"locked": {
"lastModified": 1749398372,
"narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github"
},
"original": {
@ -335,6 +385,28 @@
}
},
"gitignore_3": {
"inputs": {
"nixpkgs": [
"hxwrap",
"hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_4": {
"inputs": {
"nixpkgs": [
"lanzaboote",
@ -356,13 +428,35 @@
"type": "github"
}
},
"gitignore_5": {
"inputs": {
"nixpkgs": [
"xenumenu",
"hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"hardware": {
"locked": {
"lastModified": 1748942041,
"narHash": "sha256-HEu2gTct7nY0tAPRgBtqYepallryBKR1U8B4v2zEEqA=",
"lastModified": 1751432711,
"narHash": "sha256-136MeWtckSHTN9Z2WRNRdZ8oRP3vyx3L8UxeBYE+J9w=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "fc7c4714125cfaa19b048e8aaf86b9c53e04d853",
"rev": "497ae1357f1ac97f1aea31a4cb74ad0d534ef41f",
"type": "github"
},
"original": {
@ -424,11 +518,57 @@
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"lastModified": 1750779888,
"narHash": "sha256-wibppH3g/E2lxU43ZQHC5yA/7kIKLGxVEnsnVK1BtRg=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"rev": "16ec914f6fb6f599ce988427d9d94efddf25fe6d",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"hooks_3": {
"inputs": {
"flake-compat": "flake-compat_3",
"gitignore": "gitignore_3",
"nixpkgs": [
"hxwrap",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749636823,
"narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "623c56286de5a3193aa38891a6991b28f9bab056",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"hooks_4": {
"inputs": {
"flake-compat": "flake-compat_7",
"gitignore": "gitignore_5",
"nixpkgs": [
"xenumenu",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749636823,
"narHash": "sha256-WUaIlOlPLyPgz9be7fqWJA5iG6rHcGRtLERSCfUDne4=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "623c56286de5a3193aa38891a6991b28f9bab056",
"type": "github"
},
"original": {
@ -440,14 +580,16 @@
"hxwrap": {
"inputs": {
"flake-parts": "flake-parts_3",
"nixpkgs": "nixpkgs_3"
"hooks": "hooks_3",
"nixpkgs": "nixpkgs_3",
"treefmt": "treefmt_2"
},
"locked": {
"lastModified": 1745088587,
"narHash": "sha256-85AYHWayJVq/dxgk/S4RH7u6w59Akyr1fVttR8KBh8g=",
"lastModified": 1749852670,
"narHash": "sha256-MveNAj05dpNfOiK9uK6el6eWNG7r1SlMq45uZWgt20k=",
"ref": "refs/heads/main",
"rev": "8fa5d5d550add7bf6cfd0a619dfac0e8a03b2bae",
"revCount": 21,
"rev": "1564605890b844183c2a9be9d3d7e71a0d12e367",
"revCount": 23,
"type": "git",
"url": "https://codeberg.org/helvetica/hxwrap.git"
},
@ -459,7 +601,7 @@
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-parts": "flake-parts_4",
"nixpkgs": [
"nixpkgs"
@ -508,11 +650,11 @@
"phps": "phps"
},
"locked": {
"lastModified": 1746369841,
"narHash": "sha256-/k3MQPXdsXJ0FDEsT1YvBG9ugRXk1nuE9MCb1wAMGQc=",
"lastModified": 1751398370,
"narHash": "sha256-7TSTVtdZz2nhO5Gn/U3pjvENvQAKJWFJ799EWtx/O/s=",
"ref": "refs/heads/main",
"rev": "dbe35541ef6923f411685434cc535d0854b55b6a",
"revCount": 5,
"rev": "18cc2db6cc507ff0123a7e7fc6936f9ea52dbc66",
"revCount": 7,
"type": "git",
"url": "https://codeberg.org/helvetica/myphps.git"
},
@ -527,11 +669,11 @@
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1747493683,
"narHash": "sha256-SEszNrbvTzxjFM7apKnL8LaarvDAzcuuQXj8r+ikJdk=",
"lastModified": 1751397212,
"narHash": "sha256-G9pjUEsde8bJl7TbTqTW2dADhI3FXLfb3Cvq8S1WTdo=",
"ref": "refs/heads/main",
"rev": "a61825fc51a2b52cebd01ce58910707383e08b02",
"revCount": 2,
"rev": "a41850db1bb1d4f31a828cecf9387601b3f208c8",
"revCount": 3,
"type": "git",
"url": "https://codeberg.org/helvetica/nini.git"
},
@ -547,11 +689,11 @@
]
},
"locked": {
"lastModified": 1748751003,
"narHash": "sha256-i4GZdKAK97S0ZMU3w4fqgEJr0cVywzqjugt2qZPrScs=",
"lastModified": 1751170039,
"narHash": "sha256-3EKpUmyGmHYA/RuhZjINTZPU+OFWko0eDwazUOW64nw=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "2860bee699248d828c2ed9097a1cd82c2f991b43",
"rev": "9c932ae632d6b5150515e5749b198c175d8565db",
"type": "github"
},
"original": {
@ -562,17 +704,17 @@
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_6",
"nixpkgs": "nixpkgs_8",
"nixpkgs-stable": "nixpkgs-stable_2",
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1748948933,
"narHash": "sha256-Lc3YwAK/h+BdXWuiKV+dflWbYD3yObkrN/wugr8w+70=",
"lastModified": 1751281697,
"narHash": "sha256-abHhTXGEGYhCKOc9vQbqHFG7dxwJ6AudIy1h4MUsjm0=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "a24e3123dab28fcc9b3e7b48f40e6e7ba12a6958",
"rev": "78b86e37713a1111d9e37c62b242d60be3013bd1",
"type": "github"
},
"original": {
@ -599,11 +741,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"lastModified": 1751159883,
"narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github"
},
"original": {
@ -629,11 +771,11 @@
},
"nixpkgs-lib_3": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"type": "github"
},
"original": {
@ -674,11 +816,26 @@
},
"nixpkgs-lib_6": {
"locked": {
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-lib_7": {
"locked": {
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"type": "github"
},
"original": {
@ -705,11 +862,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1748810746,
"narHash": "sha256-1na8blYvU1F6HLwx/aFjrhUqpqZ0SCsnqqW9n2vXvok=",
"lastModified": 1751048012,
"narHash": "sha256-MYbotu4UjWpTsq01wglhN5xDRfZYLFtNk7SBY0BcjkU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "78d9f40fd6941a1543ffc3ed358e19c69961d3c1",
"rev": "a684c58d46ebbede49f280b653b9e56100aa3877",
"type": "github"
},
"original": {
@ -737,11 +894,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1744932701,
"narHash": "sha256-fusHbZCyv126cyArUwwKrLdCkgVAIaa/fQJYFlCEqiU=",
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b024ced1aac25639f8ca8fdfc2f8c4fbd66c48ef",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"type": "github"
},
"original": {
@ -801,11 +958,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1743964447,
"narHash": "sha256-nEo1t3Q0F+0jQ36HJfbJtiRU4OI+/0jX/iITURKe3EE=",
"lastModified": 1751271578,
"narHash": "sha256-P/SQmKDu06x8yv7i0s8bvnnuJYkxVGBWLWHaU+tt4YY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "063dece00c5a77e4a0ea24e5e5a5bd75232806f8",
"rev": "3016b4b15d13f3089db8a41ef937b13a9e33a8df",
"type": "github"
},
"original": {
@ -817,11 +974,27 @@
},
"nixpkgs_8": {
"locked": {
"lastModified": 1748693115,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"lastModified": 1751011381,
"narHash": "sha256-krGXKxvkBhnrSC/kGBmg5MyupUUT5R6IBCLEzx9jhMM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"rev": "30e2e2857ba47844aa71991daa6ed1fc678bcbb7",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1750365781,
"narHash": "sha256-XE/lFNhz5lsriMm/yjXkvSZz5DfvKJLUjsS6pP8EC50=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "08f22084e6085d19bcfb4be30d1ca76ecb96fe54",
"type": "github"
},
"original": {
@ -833,7 +1006,7 @@
},
"phps": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_5",
"nixpkgs": "nixpkgs_6",
"utils": "utils"
},
@ -857,7 +1030,7 @@
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore_3",
"gitignore": "gitignore_4",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
@ -946,7 +1119,8 @@
"nixos-cosmic",
"nixpkgs"
],
"treefmt": "treefmt_2"
"treefmt": "treefmt_3",
"xenumenu": "xenumenu"
}
},
"rust-overlay": {
@ -978,11 +1152,11 @@
]
},
"locked": {
"lastModified": 1748918260,
"narHash": "sha256-KhXNXQ5IDLvwwYfJ0pXDjwIuisZ2qM6F7fcXjIGZy/4=",
"lastModified": 1751251399,
"narHash": "sha256-y+viCuy/eKKpkX1K2gDvXIJI/yzvy6zA3HObapz9XZ0=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "c9736155bc1eb7c7cf3a925920850e61c07ab22a",
"rev": "b22d5ee8c60ed1291521f2dde48784edd6bf695b",
"type": "github"
},
"original": {
@ -1045,15 +1219,57 @@
"treefmt_2": {
"inputs": {
"nixpkgs": [
"hxwrap",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748243702,
"narHash": "sha256-9YzfeN8CB6SzNPyPm2XjRRqSixDopTapaRsnTpXUEY8=",
"lastModified": 1749194973,
"narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "1f3f7b784643d488ba4bf315638b2b0a4c5fb007",
"rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt_3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1750931469,
"narHash": "sha256-0IEdQB1nS+uViQw4k3VGUXntjkDp7aAlqcxdewb/hAc=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "ac8e6f32e11e9c7f153823abc3ab007f2a65d3e1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt_4": {
"inputs": {
"nixpkgs": [
"xenumenu",
"nixpkgs"
]
},
"locked": {
"lastModified": 1749194973,
"narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5",
"type": "github"
},
"original": {
@ -1104,6 +1320,27 @@
"repo": "uv2nix",
"type": "github"
}
},
"xenumenu": {
"inputs": {
"flake-parts": "flake-parts_8",
"hooks": "hooks_4",
"nixpkgs": "nixpkgs_9",
"treefmt": "treefmt_4"
},
"locked": {
"lastModified": 1750544859,
"narHash": "sha256-OnSfoCCC6fYjAUdmZLwg3sRfgotO7bj55dUGV1BAKyY=",
"ref": "refs/heads/main",
"rev": "97ddcea8f30ecad4825f77260fa4e40e952262d1",
"revCount": 1,
"type": "git",
"url": "https://codeberg.org/helvetica/xenumenu.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/helvetica/xenumenu.git"
}
}
},
"root": "root",

1
flake.nix
View file

@ -26,6 +26,7 @@
myphps.url = "git+https://codeberg.org/helvetica/myphps.git";
forgesync.url = "git+https://codeberg.org/helvetica/forgesync.git";
nini.url = "git+https://codeberg.org/helvetica/nini.git";
xenumenu.url = "git+https://codeberg.org/helvetica/xenumenu.git";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs";

10
hosts/abacus/headscale.nix
View file

@ -9,7 +9,15 @@ in
port = 8010;
settings = {
server_url = "https://${virtualHostName}";
dns.base_domain = "tailnet.helveticanonstandard.net";
dns = {
base_domain = "tailnet.helveticanonstandard.net";
nameservers.global = [
"1.1.1.1"
"1.0.0.1"
"2606:4700:4700::1111"
"2606:4700:4700::1001"
];
};
logtail.enabled = false;
};
};

2
hosts/glacier/profiles.nix
View file

@ -1,6 +1,8 @@
{
profiles = {
desktop.enable = true;
dynamic.enable = true;
headful.enable = true;
emulation.enable = true;
gaming.enable = true;
piracy.enable = true;

8
hosts/insomniac/README.md Normal file
View file

@ -0,0 +1,8 @@
shell script that loops a launcher
basically
while true; do
fuzzel with retroarch steam quit
if quit; then exit; fi
else run command (waiting)
done

47
hosts/insomniac/cage.nix Normal file
View file

@ -0,0 +1,47 @@
{
lib,
inputs,
pkgs,
...
}:
let
spec = {
entries = [
{
displayName = "RetroArch";
program = "retroarch";
}
{
displayName = "Steam";
program = "steam";
args = [
"-tenfoot"
];
}
];
};
specFormat = pkgs.formats.json { };
launcher = pkgs.writeShellApplication {
name = "launcher";
runtimeInputs = [
inputs.xenumenu.packages.${pkgs.system}.default
];
text = ''
while true; do
xenumenu --rowcols 3 --exit ${specFormat.generate "spec.json" spec}
done
'';
};
in
{
services.cage = {
enable = true;
program = lib.getExe launcher;
user = "insomniac";
environment = {
WLR_LIBINPUT_NO_DEVICES = "1";
};
};
}

6
hosts/insomniac/profiles.nix
View file

@ -1,9 +1,7 @@
{
profiles = {
desktop.enable = true;
emulation.enable = true;
gaming.enable = true;
piracy.enable = true;
productivity.enable = true;
headful.enable = true;
dynamic.enable = true;
};
}

13
hosts/insomniac/retroarch.nix Normal file
View file

@ -0,0 +1,13 @@
{ pkgs, ... }:
{
environment.systemPackages =
let
retroarch = pkgs.retroarch.withCores (cores: [
cores.parallel-n64
cores.dolphin
]);
in
[
retroarch
];
}

11
hosts/insomniac/steam.nix Normal file
View file

@ -0,0 +1,11 @@
{
programs.steam = {
enable = true;
extest.enable = true;
protontricks.enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
gamescopeSession.enable = true; # TODO
};
}

2
hosts/insomniac/freetube.nix → hosts/work/mattermost.nix
View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
{
environment.systemPackages = [
pkgs.freetube
pkgs.mattermost-desktop
];
}

3
hosts/work/networking.nix Normal file
View file

@ -0,0 +1,3 @@
{
networking.networkmanager.enableStrongSwan = true;
}

2
hosts/work/profiles.nix
View file

@ -1,6 +1,8 @@
{
profiles = {
desktop.enable = true;
dynamic.enable = true;
headful.enable = true;
productivity.enable = true;
};
}

2
hosts/work/tools.nix
View file

@ -7,5 +7,7 @@
pkgs.jq
pkgs.mariadb
pkgs.openssl
pkgs.kubectl
pkgs.awscli2
];
}

7
modules/gcadapter.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
let
@ -10,9 +11,9 @@ in
options.hardware.gcadapter.enable = lib.mkEnableOption "GameCube Adapter support";
config = lib.mkIf cfg.enable {
services.udev.extraRules = ''
ATTRS{idVendor}=="057e", ATTRS{idProduct}=="0337", MODE="666", SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device" TAG+="uaccess"
'';
services.udev.packages = [
pkgs.dolphin-emu
];
boot = {
extraModulePackages = [

196
packages/disk/disk
View file

@ -1,196 +0,0 @@
#!/usr/bin/env bash
set -o errexit
set -o nounset
set -o pipefail
progname="$0"
warn() {
local line
for line in "$@"; do
echo "$progname: $line" 1>&2
done
}
error() {
warn "$@"
exit 1
}
skip() {
if (($# < 1)); then
error 'name of value to be skipped is required'
fi
if (($# > 1)); then
error 'too many arguments'
fi
local skip=$1
for s in "${skips[@]}"; do
if [[ $s == "$skip" ]]; then
return 1
fi
done
return 0
}
args=$(
getopt \
--options r:b:l:c:m:B:M:v \
--longoptions root:,boot-label:,main-label:,cryptmain-label:,mapping:,boot-options:,main-options:,verbose \
--name "$progname" \
-- "$@"
)
eval set -- "$args"
root=/mnt
bootlbl=BOOT
mainlbl=main
cryptmainlbl=cryptmain
mapping=main
bootflags=()
mainflags=()
fatflags=()
ext4flags=()
skips=()
while true; do
case "$1" in
-r | --root)
root=$2
shift 2
;;
-b | --boot-label)
skips+=(bootlbl)
bootlbl=${2^^}
shift 2
;;
-l | --main-label)
skips+=(mainlbl)
mainlbl=$2
shift 2
;;
-c | --cryptmain-label)
skips+=(cryptmainlbl)
cryptmainlbl=$2
shift 2
;;
-m | --mapping)
skips+=(mapping)
mapping=$2
shift 2
;;
-B | --boot-options)
bootflags+=(--options "$2")
shift 2
;;
-M | --main-options)
mainflags+=(--options "$2")
shift 2
;;
-v | --verbose)
fatflags+=(-v)
ext4flags+=(-v)
shift
;;
--)
shift
break
;;
esac
done
if (($# < 1)); then
error 'an argument specifying the block device is required'
fi
if (($# > 1)); then
error 'too many arguments'
fi
blkdev=$1
sfdisk --label gpt --quiet -- "$blkdev" <<EOF
,512M,U;
,,L;
EOF
parts=()
json=$(sfdisk --json -- "$blkdev")
while IFS= read -r k; do
parts+=("$(jq --argjson k "$k" --raw-output '.partitiontable.partitions[$k].node' <<<"$json")")
done < <(jq '.partitiontable.partitions | keys[]' <<<"$json")
bootfs="${parts[0]}"
mainblkdev="${parts[1]}"
if ! skip bootlbl; then
read -rep "Which label should the boot file system have? [$bootlbl] " input
if [[ -n $input ]]; then
bootlbl=$input
fi
fi
mkfs.fat -F 32 -n "$bootlbl" "${fatflags[@]}" -- "$bootfs" >/dev/null
while true; do
read -rep 'Do you want your main partition to be encrypted? [y/N] ' input
case "$input" in
[Yy]*)
while true; do
read -rsp 'Enter password: ' password
warn ''
read -rsp 'Re-enter password: ' repassword
warn ''
if [[ $password == "$repassword" ]]; then
break
fi
done
if ! skip cryptmainlbl; then
read -rep "Which label should the main LUKS partition have? [$cryptmainlbl] " input
if [[ -n $input ]]; then
cryptmainlbl=$input
fi
fi
cryptsetup luksFormat --batch-mode --label "$cryptmainlbl" -- "$mainblkdev" <<<"$password"
if ! skip mapping; then
read -rep "Which name should the main LUKS mapping have? [$mapping] " input
if [[ -n $input ]]; then
mapping=$input
fi
fi
cryptsetup open -- "$mainblkdev" "$mapping" <<<"$password"
mainfs=/dev/mapper/$mapping
break
;;
'' | [Nn]*)
mainfs=$mainblkdev
break
;;
*) warn 'Please answer with yes or no' ;;
esac
done
if ! skip mainlbl; then
read -rep "Which label should the main file system have? [$mainlbl] " input
if [[ -n $input ]]; then
mainlbl=$input
fi
fi
mkfs.ext4 -qFL "$mainlbl" "${ext4flags[@]}" -- "$mainfs"
mkdir --parents -- "$root"
mount "${mainflags[@]}" -- "$mainfs" "$root"
mkdir -- "$root/boot"
mount "${bootflags[@]}" -- "$bootfs" "$root/boot"

19
packages/disk/package.nix
View file

@ -1,19 +0,0 @@
{
writeShellApplication,
util-linux,
jq,
e2fsprogs,
dosfstools,
}:
writeShellApplication {
name = "disk";
runtimeInputs = [
util-linux
jq
e2fsprogs
dosfstools
];
text = builtins.readFile ./disk;
}

8
profiles/desktop/default.nix
View file

@ -13,6 +13,14 @@ in
assertion = !config.profiles.server.enable;
message = "The desktop profile is not compatible with the server profile.";
}
{
assertion = config.profiles.headful.enable;
message = "The desktop profile depends on the headful profile.";
}
{
assertion = config.profiles.dynamic.enable;
message = "The desktop profile depends on the dynamic profile.";
}
];
};
}

22
profiles/desktop/hardware.nix
View file

@ -1,22 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.profiles.desktop;
in
{
config = lib.mkIf cfg.enable {
hardware = {
bluetooth.enable = true;
steam-hardware.enable = true;
xone.enable = true;
xpadneo.enable = true;
opentabletdriver.enable = true;
gcadapter.enable = true;
graphics.enable = true;
enableAllFirmware = true;
};
};
}

20
profiles/desktop/networking.nix
View file

@ -1,20 +0,0 @@
{
config,
lib,
...
}:
let
cfg = config.profiles.desktop;
in
{
config = lib.mkIf cfg.enable {
services.resolved.enable = true;
networking.networkmanager = {
enable = true;
dns = "systemd-resolved";
};
users.groups.networkmanager.members = config.users.normalUsers;
};
}

5
profiles/desktop/xdg.nix → profiles/desktop/spotify.nix
View file

@ -1,6 +1,7 @@
{
config,
lib,
pkgs,
...
}:
let
@ -8,6 +9,8 @@ let
in
{
config = lib.mkIf cfg.enable {
xdg.portal.xdgOpenUsePortal = true;
environment.systemPackages = [
pkgs.spotify
];
};
}

18
profiles/dynamic/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, ... }:
let
cfg = config.profiles.dynamic;
in
{
options.profiles.dynamic = {
enable = lib.mkEnableOption "dynamic";
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = !config.profiles.server.enable;
message = "The dynamic profile is not compatible with the server profile.";
}
];
};
}

2
profiles/desktop/location.nix → profiles/dynamic/location.nix
View file

@ -4,7 +4,7 @@
...
}:
let
cfg = config.profiles.desktop;
cfg = config.profiles.dynamic;
in
{
config = lib.mkIf cfg.enable {

15
profiles/dynamic/networking.nix Normal file
View file

@ -0,0 +1,15 @@
{
config,
lib,
...
}:
let
cfg = config.profiles.dynamic;
in
{
config = lib.mkIf cfg.enable {
networking.networkmanager.enable = true;
users.groups.networkmanager.members = config.users.normalUsers;
};
}

0
profiles/desktop/clipboard.nix → profiles/headful/clipboard.nix
View file

18
profiles/headful/default.nix Normal file
View file

@ -0,0 +1,18 @@
{ config, lib, ... }:
let
cfg = config.profiles.headful;
in
{
options.profiles.headful = {
enable = lib.mkEnableOption "headful";
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = !config.profiles.server.enable;
message = "The headful profile is not compatible with the server profile.";
}
];
};
}

2
profiles/desktop/fonts.nix → profiles/headful/fonts.nix
View file

@ -5,7 +5,7 @@
...
}:
let
cfg = config.profiles.desktop;
cfg = config.profiles.headful;
in
{
config = lib.mkIf cfg.enable {

2
profiles/desktop/pipewire.nix → profiles/headful/pipewire.nix
View file

@ -4,7 +4,7 @@
...
}:
let
cfg = config.profiles.desktop;
cfg = config.profiles.headful;
in
{
config = lib.mkIf cfg.enable {

4
profiles/desktop/wayland.nix → profiles/headful/wayland.nix
View file

@ -4,13 +4,13 @@
...
}:
let
cfg = config.profiles.desktop;
cfg = config.profiles.headful;
in
{
config = lib.mkIf cfg.enable {
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SDL_VIDEODRIVER = "wayland";
SDL_VIDEODRIVER = "wayland,x11";
};
};
}

1
secrets/secrets.nix
View file

@ -21,4 +21,5 @@ in
"secure-boot/abacus.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.abacus ];
"secure-boot/flamingo.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.flamingo ];
"secure-boot/vessel.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.vessel ];
"secure-boot/work.tar.age".publicKeys = (builtins.attrValues users) ++ [ hosts.work ];
}

BIN
secrets/secure-boot/work.tar.age Normal file
View file

Binary file not shown.