blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: blake:2e36efa1c3d0e68a4ed793f4b79eb2df7e233970
Branches Tags
blake:trunk
...
compare: blake:trunk
Branches Tags
blake:trunk

119 Commits
2e36efa1c3 ... trunk

Author SHA1 Message Date
blake
1f4494d333 fix postfix hopefully 2026-01-28 15:09:47 -06:00
blake
85255adb2c fix postfix hopefully 2026-01-28 14:10:10 -06:00
blake
f251a6f5c7 fix postfix hopefully 2026-01-28 13:48:37 -06:00
blake
1f84cf19c7 fix postfix hopefully 2026-01-28 12:28:14 -06:00
blake
0e49c1b9ee add japanese fonts and input 2026-01-09 23:10:42 -06:00
blake
3ff5251b15 add yveltal back to device list 2026-01-09 20:23:13 -06:00
blake
007c66c007 device list on syncthing 2026-01-09 20:17:00 -06:00
blake
d37a0ce652 updates for mew setup 2026-01-09 20:00:08 -06:00
blake
5ab6c9e4c8 add anki 2026-01-09 19:46:02 -06:00
blake
fccec4d504 add anki 2026-01-09 19:45:49 -06:00
blake
8feda54866 updates for mew setup 2026-01-09 19:18:15 -06:00
blake
7179e6f047 mew added 2026-01-09 18:50:18 -06:00
blake
1da9d994de add new host 2026-01-09 18:02:44 -06:00
blake
e213c64481 add key for ipad 2026-01-09 00:02:43 -06:00
blake
49ac3c2bf5 add ipad to syncthing client 2026-01-08 16:32:21 -06:00
blake
8acebb13cc add ipad to syncthing fixed 2026-01-08 16:28:56 -06:00
blake
ff08538bae add ipad to syncthing 2026-01-08 16:26:40 -06:00
blake
494ac6cf57 switch back to listen address 2025-12-30 13:53:50 -06:00
blake
4cfddd2c7e updates 2025-12-30 13:30:18 -06:00
blake
60509f93f0 fix proxys 2025-12-27 21:02:34 -06:00
blake
96d8fd1129 bind dns to interfact rather then ip 2025-12-13 13:20:55 -06:00
blake
39264279e0 add cobblemon to motd 2025-12-04 20:59:21 -06:00
blake
07c9533255 fix ssh message 2025-12-04 20:32:30 -06:00
blake
015f416169 finish cobblemon, add to glance 2025-12-04 20:30:00 -06:00
blake
35d8c83423 fix postfix 2025-12-04 20:13:38 -06:00
blake
b488af297a fixin cobblemon, and new version warning finally GOD 2025-12-04 20:10:35 -06:00
blake
dbb5560793 fixin cobblemon 2025-12-04 20:01:52 -06:00
blake
7bcfef3ccf enable cobblemon and modded mc in general 2025-12-04 19:57:06 -06:00
blake
a1fd3b3af2 fix postfix 2025-12-04 19:44:13 -06:00
blake
a45d9014dd 25.11 2025-12-04 19:39:07 -06:00
blake
80451e9430 added cobblemon 2025-12-04 19:37:52 -06:00
blake
df1a77f73e added cobblemon 2025-12-04 19:37:40 -06:00
blake
6f51671dbb updates 2025-11-25 19:28:49 -06:00
blake
a238d2b61c updates 2025-11-20 16:56:11 -06:00
blake
62dd3f5d7c darwin updates 2025-11-17 15:43:55 -06:00
blake
8b8dc8cde8 show casing shit 2025-11-17 15:37:38 -06:00
blake
3047ff97b4 add wallpapers 2025-11-12 22:11:01 -06:00
blake
1c963f5563 fin udiskie 2025-11-12 21:48:02 -06:00
blake
c02f2853c1 add icons, didnt do anything lmao 2025-11-12 21:47:12 -06:00
blake
d73a561b9d add udiskie for automount 2025-11-12 21:11:10 -06:00
blake
7d97acfdfb add udiskie for automount 2025-11-12 21:10:22 -06:00
blake
cfb55f980d fix zdot till stable update 2025-11-12 00:36:23 -06:00
blake
1a67b02d7c make gpg work with yubi smartcard 2025-11-12 00:19:07 -06:00
blake
0196b1d8b2 a whole lotta shit 2025-11-12 00:14:50 -06:00
blake
d7a6a85841 add folder for new device 2025-11-11 22:04:48 -06:00
blake
cc7aca0fce fix gitea 2025-11-11 20:17:13 -06:00
blake
6b393c7e4f add default branch 2025-11-11 20:15:35 -06:00
blake
c9bcda6043 fix relative path in dotdir 2025-11-11 19:29:37 -06:00
blake
7ce43bf8e7 add cifs client side mounts 2025-11-11 19:28:22 -06:00
blake
5a451bcaa1 add cifs client side mounts 2025-11-11 19:08:56 -06:00
blake
b4bba876ae ssh temp fix for stable rn 2025-11-11 17:36:06 -06:00
blake
005d0451f5 testing ssh 2025-11-11 17:33:52 -06:00
blake
d20a1787c2 testing ssh 2025-11-11 17:25:42 -06:00
blake
6bb1a13741 test id file 2025-11-11 17:15:27 -06:00
blake
b21060e78d fix snowbelle specific home man config 2025-11-11 17:10:51 -06:00
blake
8caa3b6fe7 ssh changes 2025-11-11 17:04:24 -06:00
blake
6fb6dc7abb add blake ssh key 2025-11-11 16:50:42 -06:00
blake
4a6eb5059c add blake ssh key 2025-11-11 16:49:10 -06:00
blake
d92a192a7f random shit 2025-11-11 16:34:13 -06:00
blake
51c3ae6d1e fin secureboot support 2025-11-11 16:29:31 -06:00
blake
2ea0b96230 add secure boot support 2025-11-11 15:55:18 -06:00
blake
f7ece5059d add secure boot support 2025-11-11 15:51:22 -06:00
blake
b84a2d7628 change wallpaper back 2025-11-11 15:35:29 -06:00
blake
b78a43d40a add fastfetch 2025-11-08 12:15:03 -06:00
blake
f5ff1a6639 attempt to fix flatpaks not appearing in tofi 2025-11-07 20:54:57 -06:00
blake
0534a04108 mime shit 2025-11-07 18:55:05 -06:00
blake
4af26da42f add flatpaks with nix-flatpak, but like right this time 2025-11-07 18:38:37 -06:00
blake
d014733441 add flatpaks with nix-flatpak 2025-11-07 18:22:05 -06:00
blake
38c0191ad2 clean up gitea config from testing 2025-11-07 17:22:35 -06:00
blake
2bbbd49a07 fix ssh config 2025-11-07 17:21:00 -06:00
blake
38a22b5255 update ssh config 2025-11-07 17:17:01 -06:00
blake
a787a7dfc5 fin gitea testing 2025-11-07 17:10:37 -06:00
blake
4349ccb132 fix ssh, back to built in 2025-11-07 17:09:29 -06:00
blake
96920b6b3d attempt to use systemssh 2025-11-07 16:35:13 -06:00
blake
b97d7e4cb1 just add a second entry for local access 2025-11-07 16:23:01 -06:00
blake
59927a4e3d testing local access 2025-11-07 16:21:06 -06:00
blake
076653fd15 remove local url 2025-11-07 16:19:49 -06:00
blake
63dcc450b6 change reverseproxy for gitea 2025-11-07 16:19:32 -06:00
blake
c15704eb22 add local root url 2025-11-07 16:19:32 -06:00
blake
85f7a2889c restructure slippi into gaming subdir 2025-11-07 15:35:58 -06:00
blake
6bfea61ffe restructure slippi into gaming subdir 2025-11-07 15:35:45 -06:00
blake
4e0cc2a322 hope this is the right binary lmao 2025-11-07 15:06:54 -06:00
blake
7ef99c8dd1 add userspace tools and passwdless sudo 2025-11-07 15:05:42 -06:00
blake
1655c0a867 add nh, a nix cli helper tool 2025-11-07 14:54:33 -06:00
blake
724c63f9ff add shortcut to goto ~/.nix 2025-11-07 04:21:22 -06:00
blake
5813db8160 rearrange common nix config, add optimising and garbage collecting 2025-11-07 04:18:09 -06:00
blake
cdf8403991 restructure programs (yes again okay like shut up), reorg standard packages, add obs : ) 2025-11-07 03:54:32 -06:00
blake
10488b90c9 adjust default packages 2025-11-07 03:38:03 -06:00
blake
bcb1b88861 add motd alias 2025-11-07 03:13:49 -06:00
blake
e27be65861 explain gcc import 2025-11-07 03:10:34 -06:00
blake
0e0e58b909 slippi sucess! 2025-11-07 02:59:34 -06:00
blake
4e3a31cf87 more config shullfing, browsers moved, slippi added WOOO 2025-11-07 02:17:58 -06:00
blake
58e68a003a cleaning up my mess so hopefully this shit builds 2025-11-07 01:41:48 -06:00
blake
82d61d54eb add even more programs 2025-11-07 01:34:30 -06:00
blake
fa981032d4 add even more programs 2025-11-07 01:34:26 -06:00
blake
5090fa9cd4 add even more programs 2025-11-07 01:34:06 -06:00
blake
125d639f9f add even more programs 2025-11-07 01:33:20 -06:00
blake
9ad80827ee add a whole shit ton of programs 2025-11-07 01:14:38 -06:00
blake
f0fa2540b5 remove icon for non urgent messages 2025-11-07 00:35:21 -06:00
blake
0bfe74abb7 fix icon paths 2025-11-07 00:33:56 -06:00
blake
766e20ffc4 update icon paths 2025-11-07 00:29:47 -06:00
blake
178fba9c84 remove unused scripts, renamed the rest, updated zsh conf to reflect this 2025-11-07 00:22:42 -06:00
blake
eef41bbca8 fucking with tofi 2025-11-06 23:53:44 -06:00
blake
a0c728f147 tofi adjustments 2025-11-06 23:48:15 -06:00
blake
35645a3e9c fixed launch option comment 2025-11-06 23:29:40 -06:00
blake
67002a94dd finally figured out the cursors, needed to use the setcursor commadn in hyprctl 2025-11-06 23:11:37 -06:00
blake
6beb28477f add hypr specific? 2025-11-06 22:42:07 -06:00
blake
dc03836ac0 with the right name this time 2025-11-06 22:40:12 -06:00
blake
646ba6d63f try w/o pointer cursor just vars 2025-11-06 22:39:19 -06:00
blake
e34b5161d4 this is the one, add the links 2025-11-06 22:38:15 -06:00
blake
81c59857e5 this is the one I swear the env vars will work 2025-11-06 22:36:24 -06:00
blake
7576364d43 happy middle ground 2025-11-06 22:30:22 -06:00
blake
f31eefe6eb fuck this custom cursor shit 2025-11-06 22:26:01 -06:00
blake
788155194f finished troubleshooting a ghost 2025-11-06 22:15:37 -06:00
blake
777c4f3192 fix paths... again 2025-11-06 22:10:49 -06:00
blake
e7ed3e584d fix paths 2025-11-06 22:07:53 -06:00
blake
af9d2553d5 try and add cursors 2025-11-06 22:04:43 -06:00
blake
14c67a8bb3 test failed, large sad 2025-11-06 00:26:41 -06:00
blake
97d2610240 fprintd test 2025-11-06 00:22:37 -06:00
2684 changed files with 5840 additions and 410 deletions
Expand all files Collapse all files

99
bin/borg_lf.sh
View File

@@ -1,99 +0,0 @@
#!/usr/bin/env bash
set -euo pipefail
# --- SUDO CHECK ---
if [ "$EUID" -ne 0 ]; then
echo "This script requires root privileges. Re-running with sudo..."
exec sudo "$0" "$@"
fi
# --- HANDLE OPTIONS ---
BORG_PASSPHRASE=""
SHOW_FOLDERS_ONLY=false
SHOW_FILES=false # Default to showing files and directories
while getopts "k:fp" opt; do
case "$opt" in
k)
BORG_PASSPHRASE=$(<"$OPTARG")
if [ -z "$BORG_PASSPHRASE" ]; then
echo "Error: The key file is empty."
exit 1
fi
echo "Using passphrase from key file: $OPTARG"
;;
f)
SHOW_FOLDERS_ONLY=true
echo "Only directories will be shown in fzf by default."
SHOW_FILES=false
;;
p)
SHOW_FILES=true
echo "Both files and directories will be shown in fzf."
;;
*)
echo "Usage: $0 [-k passphrase_file] [-f] [-p] <repo>"
exit 1
;;
esac
done
shift $((OPTIND - 1))
# --- FALLBACK TO /run/secrets/borg_passwd IF NO KEY FILE ---
if [ -z "$BORG_PASSPHRASE" ]; then
if [ $# -eq 0 ]; then
BORG_PASSPHRASE=$(<"/run/secrets/borg_passwd")
echo "Using passphrase from /run/secrets/borg_passwd"
else
# Prompt user for passphrase if neither -k nor /run/secrets/borg_passwd is available
read -s -p "Enter Borg repository passphrase: " BORG_PASSPHRASE
echo
fi
fi
export BORG_PASSPHRASE
# --- DEFAULT REPO ---
REPO="${1:-/holocron/archives/servers/snowbelle}"
# --- CHECK REQUIRED COMMANDS ---
for cmd in borg fzf find tree cp mkdir; do
command -v "$cmd" >/dev/null || { echo "Error: '$cmd' is required but not installed."; exit 1; }
done
# --- LIST ARCHIVES (sorted, newest last) ---
mapfile -t archives < <(borg list --format="{archive}{NL}" "$REPO" | sort -r)
if [ ${#archives[@]} -eq 0 ]; then
echo "No archives found in $REPO"
exit 1
fi
# --- FZF ARCHIVE SELECT ---
selected=$(printf '%s\n' "${archives[@]}" | fzf --prompt="Select archive: " --height=40% --border)
if [ -z "$selected" ]; then
echo "No archive selected."
exit 1
fi
echo "Selected archive: $selected"
# --- GENERATE A UNIQUE, SHORTER MOUNT POINT ---
MOUNT_POINT="/tmp/$(uuidgen | sha256sum | head -c 2)-restore-${selected}"
mkdir -p "$MOUNT_POINT"
# --- MOUNT ARCHIVE ---
echo "Mounting '$selected' to $MOUNT_POINT..."
borg mount "$REPO::$selected" "$MOUNT_POINT"
cleanup() {
echo "Unmounting archive..."
borg umount "$MOUNT_POINT" >/dev/null 2>&1 || true
rmdir "$MOUNT_POINT" >/dev/null 2>&1 || true
}
trap cleanup EXIT INT TERM
if [ ! -d "$MOUNT_POINT" ]; then
echo "Error: mount failed."
exit 1
fi
lf $MOUNT_POINT

0
bin/perms.sh → bin/fix-perms
View File

2
bin/rebuild.sh → bin/rebuild
View File

@@ -26,6 +26,8 @@ echo "files:"
git status --short git status --short
read -rp "commit message: " commit_msg read -rp "commit message: " commit_msg
echo "rebuilding nixos with flake.nix..." echo "rebuilding nixos with flake.nix..."
#if ! sudo nixos-rebuild switch --flake .#"$hostname" 2>&1 | tee "$logfile"; then
#if ! nh os switch 2>&1 | tee "$logfile"; then
if ! sudo nixos-rebuild switch --flake .#"$hostname" 2>&1 | tee "$logfile"; then if ! sudo nixos-rebuild switch --flake .#"$hostname" 2>&1 | tee "$logfile"; then
echo "rebuild failed; exited with no commit" echo "rebuild failed; exited with no commit"
exit 1 exit 1

26
bin/rebuild_legacy.sh
View File

@@ -1,26 +0,0 @@
#!/usr/bin/env bash
set -e
pushd ~/.nix
# nvim flake.nix
# alejandra . &>/dev/null
# git diff -U0 *.nix
# add generation comment to flake.nix
gen=$(nixos-rebuild list-generations | grep current)
if sed -n '3p' flake.nix | grep -q '^# generation:'; then
# replace the comment on line 3
sed -i "3s/^# generation:.*/# generation: $gen/" flake.nix
else
# insert comment on line 3
sed -i "3i# generation: $gen" flake.nix
fi
git diff -U0 $(find . -name '*.nix')
echo "nixos rebuilding..."
#sudo nixos-rebuild switch --flake ~/.nix#snowbelle &>.nixos-switch-log || (
# cat .nixos-switch-log | grep --color error && false)
sudo nixos-rebuild switch --flake ~/.nix#snowbelle 2>&1 | tee .nixos-switch-log | grep --color=always -E "error|$" && true
git commit -am "$gen"
popd

1010
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

40
flake.nix
View File

@@ -4,14 +4,14 @@
{ {
description = "blakes nix config"; description = "blakes nix config";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-25.05"; nixpkgs.url = "nixpkgs/nixos-25.11";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable";
nix-darwin = { nix-darwin = {
url = "github:LnL7/nix-darwin"; url = "github:nix-darwin/nix-darwin/master";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-25.05"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
home-manager-unstable = { home-manager-unstable = {
@@ -19,6 +19,7 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
nix-homebrew.url = "github:zhaofengli/nix-homebrew"; nix-homebrew.url = "github:zhaofengli/nix-homebrew";
nix-flatpak.url = "github:gmodena/nix-flatpak/?ref=latest";
sops-nix = { sops-nix = {
url = "github:Mic92/sops-nix"; url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -27,6 +28,14 @@
url = "github:nix-community/disko/latest"; url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.3";
inputs.nixpkgs.follows = "nixpkgs";
};
watershot = {
url = "github:Kirottu/watershot";
inputs.nixpkgs.follows = "nixpkgs";
};
vpn-confinement = { vpn-confinement = {
url = "github:Maroka-chan/VPN-Confinement"; url = "github:Maroka-chan/VPN-Confinement";
}; };
@@ -35,7 +44,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
autoaspm = { autoaspm = {
url = "github:notthebee/AutoASPM"; url = "git+https://git.notthebe.ee/notthebee/AutoASPM.git";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
stylix = { stylix = {
@@ -43,6 +52,10 @@
inputs.nixpkgs.follows = "nixpkgs-unstable"; inputs.nixpkgs.follows = "nixpkgs-unstable";
}; };
copyparty.url = "github:9001/copyparty"; copyparty.url = "github:9001/copyparty";
slippi = {
url = "github:lytedev/slippi-nix";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
}; };
outputs = { outputs = {
self, self,
@@ -74,9 +87,19 @@
specialArgs = {inherit inputs stable_pkgs unstable_pkgs;}; specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
modules = [ modules = [
./hosts/nixos/yveltal/configuration.nix ./hosts/nixos/yveltal/configuration.nix
./hosts/nixos/yveltal/disko.nix
inputs.home-manager-unstable.nixosModules.default
inputs.disko.nixosModules.disko
];
};
mew = nixpkgs-unstable.lib.nixosSystem {
system = systems.x86_64;
specialArgs = {inherit inputs stable_pkgs unstable_pkgs;};
modules = [
./hosts/nixos/mew/configuration.nix
./hosts/nixos/mew/disko.nix
inputs.home-manager-unstable.nixosModules.default inputs.home-manager-unstable.nixosModules.default
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
./hosts/nixos/yveltal/disko.nix
]; ];
}; };
vaniville = nixpkgs.lib.nixosSystem { vaniville = nixpkgs.lib.nixosSystem {
@@ -93,14 +116,15 @@
system = systems.darwin; system = systems.darwin;
specialArgs = {inherit inputs stable_pkgs unstable_pkgs nix-homebrew;}; specialArgs = {inherit inputs stable_pkgs unstable_pkgs nix-homebrew;};
modules = [ modules = [
./hosts/darwin/cen-it-07/configuration.nix #./hosts/darwin/cen-it-07/configuration.nix
inputs.home-manager.darwinModules.default inputs.home-manager.darwinModules.default
nix-homebrew.darwinModules.nix-homebrew nix-homebrew.darwinModules.nix-homebrew
{ {
nix-homebrew = { nix-homebrew = {
enable = true; # install homebrew enable = true; # install homebrew
enableRosetta = true; # install homebrew for rosetta as well enableRosetta = true; # install homebrew for rosetta as well
user = "blake"; # user owning homebrew prefix autoMigrate = true;
user = "bhelderman"; # user owning homebrew prefix
}; };
} }
]; ];

91
hosts/nixos/default.nix
View File

@@ -5,47 +5,78 @@
inputs, inputs,
... ...
}: { }: {
imports = [ imports = [
inputs.autoaspm.nixosModules.default inputs.autoaspm.nixosModules.default
]; ];
# set timezone
time.timeZone = "America/Chicago";
nix = {
# garbage collect & remove builds older then 14 days
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 14d";
persistent = true;
};
# optimise nix store, dedupe and such
optimise = {
automatic = true;
dates = [ "daily" ];
};
# the goats
settings = {
substituters = [
"https://cache.nixos.org"
];
trusted-public-keys = [
];
experimental-features = lib.mkDefault [
"nix-command"
"flakes"
];
};
};
# allow proprietary packages
nixpkgs = {
config = {
allowUnfree = true;
allowUnfreePredicate = _: true;
};
};
# power management
services.autoaspm.enable = true;
powerManagement.powertop.enable = true;
# things are better this way
users.defaultUserShell = pkgs.zsh;
# base system package install list # base system package install list
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
curl curl
dig dig
nmap
rsync rsync
iperf3
jq
git git
age age
fzf
cifs-utils
neofetch
usbutils
pciutils
python3
vim vim
lf ncdu
btop btop
powertop powertop
dig iotop
cifs-utils
usbutils
pciutils
lm_sensors
]; ];
# set timezone # nice to have passwordless sudo
time.timeZone = "America/Chicago";
# allow proprietary packages
nixpkgs.config.allowUnfree = true;
# power management
services.autoaspm.enable = true;
powerManagement.powertop.enable = true;
# enable flakes
nix.settings.experimental-features = ["nix-command" "flakes"];
users.defaultUserShell = pkgs.zsh;
# passwordless rebuild
security.sudo = { security.sudo = {
extraRules = [ extraRules = [
{ {
@@ -67,6 +98,18 @@
command = "/run/current-system/sw/bin/tailscale"; command = "/run/current-system/sw/bin/tailscale";
options = ["NOPASSWD"]; options = ["NOPASSWD"];
} }
{
command = "/etc/profiles/per-user/blake/bin/nom";
options = ["NOPASSWD"];
}
{
command = "/etc/profiles/per-user/blake/bin/nom-build";
options = ["NOPASSWD"];
}
{
command = "/etc/profiles/per-user/blake/bin/nom-shell";
options = ["NOPASSWD"];
}
]; ];
} }
]; ];

70
hosts/nixos/froakie/disko.nix Normal file
View File

@@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = ""; # disk id here
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

113
hosts/nixos/mew/configuration.nix Normal file
View File

@@ -0,0 +1,113 @@
{
pkgs,
config,
lib,
modulesPath,
inputs,
stable_pkgs,
unstable_pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
(modulesPath + "/installer/scan/not-detected.nix")
#./hardware-configuration.nix
../../nixos
../../../users/blake
../../../modules/desktop
../../../modules/system
];
# home grown nixos modules
system = {
secure_boot.enable = false;
cifs_mounts.enable = true;
udiskie.enable = true;
ssh.enable = true;
sops.enable = true;
japanese.enable = true;
yubikey.enable = true;
yubikey.lock_on_remove = false;
tailscale.enable = true;
syncthing.enable = true;
flatpak.enable = true;
graphics = {
enable = true;
vendor = "amd";
};
};
desktop = {
pipewire.enable = true;
hypr.enable = true;
greetd.enable = true;
};
gaming = {
steam.enable = true;
lutris.enable = true;
proton_ge.enable = true;
gamemode.enable = true;
mangohud.enable = true;
};
# import home grown host specific home-manager modules
home-manager.users.blake.imports = [
../../../users/blake/hosts/yveltal.nix
];
# fix power buttons
# move this to a laptops file at some point
services.logind.settings.Login = {
HandlePowerKey = "suspend-then-hibernate";
HandleLidSwitch = "suspend-then-hibernate";
};
# sets the delay before hibernation for ^
systemd.sleep.extraConfig = ''
HibernateDelaySec=1800
'';
# boot (systemd is growing on me)
boot = {
kernelModules = [ "kvm-amd" ];
extraModulePackages = [];
loader = {
systemd-boot.enable = true; # systemd your pretty cool ya know
efi.canTouchEfiVariables = true;
};
initrd = {
systemd.enable = true; # better logging
availableKernelModules = ["xhci_pci" "thunderbolt" "vmd" "nvme" "usb_storage" "sd_mod" "ahci"];
kernelModules = [];
};
};
# setup hostname and networking stack
networking = {
hostName = "mew"; # hostname
useDHCP = lib.mkDefault true;
interfaces = {
wlp7s0.useDHCP = lib.mkDefault true;
};
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [51820]; # wireguard
};
networkmanager = {
enable = true; # the goat
dns = "systemd-resolved"; # the backup dancer!
};
};
services.resolved = {
enable = true;
fallbackDns = ["1.1.1.1" "9.9.9.9"];
dnsovertls = "opportunistic";
};
hardware.bluetooth.enable = true;
system.stateVersion = "25.05"; # stays here : )
# hardware shit
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

70
hosts/nixos/mew/disko.nix Normal file
View File

@@ -0,0 +1,70 @@
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/disk/by-id/nvme-MTFDHBA512TDV-1AZ1AABHA_UJUND0170FW7O0"; # disk id here
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
allowDiscards = true;
#keyFile = "/tmp/secret.key";
};
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"@root" = {
mountpoint = "/";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@home" = {
mountpoint = "/home";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@nix" = {
mountpoint = "/nix";
mountOptions = [
"compress=zstd"
"noatime"
];
};
"@swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

8
hosts/nixos/snowbelle/configuration.nix
View File

@@ -14,11 +14,12 @@ in
../../../modules/holocron ../../../modules/holocron
../../../modules/homelab ../../../modules/homelab
../../../modules/gameservers/minecraft_recpro ../../../modules/gameservers/minecraft_recpro
../../../modules/gameservers/minecraft_modded
]; ];
# home-manager.users.blake.imports = [ home-manager.users.blake.imports = [
# ../../../users/blake/hosts/snowbelle.nix ../../../users/blake/hosts/snowbelle.nix
# ]; ];
system = { system = {
ssh.enable = true; ssh.enable = true;
@@ -66,6 +67,7 @@ in
}; };
gameservers = { gameservers = {
minecraft_recpro.enable = true; minecraft_recpro.enable = true;
minecraft_modded.enable = true;
}; };
# boot (systemd is going on me) # boot (systemd is going on me)

59
hosts/nixos/yveltal/configuration.nix
View File

@@ -1,8 +1,15 @@
{ config, lib, modulesPath, inputs, stable_pkgs, unstable_pkgs, ... }:
{ {
imports = pkgs,
[ # Include the results of the hardware scan. config,
lib,
modulesPath,
inputs,
stable_pkgs,
unstable_pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
#./hardware-configuration.nix #./hardware-configuration.nix
../../nixos ../../nixos
@@ -11,28 +18,28 @@
../../../modules/system ../../../modules/system
]; ];
home-manager.users.blake.imports = [ # home grown nixos modules
../../../users/blake/hosts/yveltal.nix
];
system = { system = {
secure_boot.enable = true;
cifs_mounts.enable = true;
udiskie.enable = true;
ssh.enable = true; ssh.enable = true;
sops.enable = true; sops.enable = true;
yubikey.enable = true; yubikey.enable = true;
yubikey.lock_on_remove = true;
tailscale.enable = true; tailscale.enable = true;
syncthing.enable = true; syncthing.enable = true;
flatpak.enable = true;
graphics = { graphics = {
enable = true; enable = true;
vendor = "intel"; vendor = "intel";
}; };
}; };
desktop = { desktop = {
pipewire.enable = true; pipewire.enable = true;
hypr.enable = true; hypr.enable = true;
greetd.enable = true; greetd.enable = true;
}; };
gaming = { gaming = {
steam.enable = true; steam.enable = true;
lutris.enable = true; lutris.enable = true;
@@ -41,7 +48,13 @@
mangohud.enable = true; mangohud.enable = true;
}; };
# import home grown host specific home-manager modules
home-manager.users.blake.imports = [
../../../users/blake/hosts/yveltal.nix
];
# fix power buttons # fix power buttons
# move this to a laptops file at some point
services.logind.settings.Login = { services.logind.settings.Login = {
HandlePowerKey = "suspend-then-hibernate"; HandlePowerKey = "suspend-then-hibernate";
HandleLidSwitch = "suspend-then-hibernate"; HandleLidSwitch = "suspend-then-hibernate";
@@ -67,39 +80,33 @@
}; };
# setup hostname and networking stack # setup hostname and networking stack
services.resolved = {
enable = true;
fallbackDns = [ "1.1.1.1" "9.9.9.9" ];
dnsovertls = "opportunistic";
};
networking = { networking = {
hostName = "yveltal"; # hostname hostName = "yveltal"; # hostname
useDHCP = lib.mkDefault true; useDHCP = lib.mkDefault true;
interfaces = { interfaces = {
wlp0s20f3.useDHCP = lib.mkDefault true; wlp0s20f3.useDHCP = lib.mkDefault true;
}; };
firewall = {
enable = true;
allowedTCPPorts = [22];
allowedUDPPorts = [51820]; # wireguard
};
networkmanager = { networkmanager = {
enable = true; # the goat enable = true; # the goat
dns = "systemd-resolved"; # the backup dancer! dns = "systemd-resolved"; # the backup dancer!
}; };
}; };
services.resolved = {
enable = true;
fallbackDns = ["1.1.1.1" "9.9.9.9"];
dnsovertls = "opportunistic";
};
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22
];
networking.firewall.allowedUDPPorts = [ 51820 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
system.stateVersion = "25.05"; # stays here : ) system.stateVersion = "25.05"; # stays here : )
# hardware shit # hardware shit
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

2
modules/desktop/gaming/default.nix
View File

@@ -1,10 +1,12 @@
{ {
pkgs, pkgs,
config, config,
inputs,
lib, lib,
... ...
}: { }: {
imports = [ imports = [
inputs.slippi.nixosModules.default # gcc drivers
./steam ./steam
./lutris ./lutris
./proton_ge ./proton_ge

1
modules/desktop/gaming/lutris/default.nix
View File

@@ -13,6 +13,7 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
lutris lutris
wine
]; ];
}; };
} }

3
modules/desktop/gaming/steam/default.nix
View File

@@ -13,9 +13,10 @@ in {
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.steam = { programs.steam = {
enable = true; enable = true;
gamescopeSession.enable = true; # requires setting launch option `gamescope %command%` gamescopeSession.enable = true; # requires setting launch option `gamescope <options> -- %command%`
remotePlay.openFirewall = true; # open ports for remote play remotePlay.openFirewall = true; # open ports for remote play
#dedicatedServer.openFirewall = true; # open ports for source dedicated server #dedicatedServer.openFirewall = true; # open ports for source dedicated server
protontricks.enable = true;
}; };
}; };
} }

4
modules/desktop/hypr/default.nix
View File

@@ -15,6 +15,8 @@ in {
programs.hyprland.enable = true; programs.hyprland.enable = true;
# give hyprlock perms to unlock # give hyprlock perms to unlock
security.pam.services.hyprlock = {}; security.pam.services.hyprlock = {
enable = true;
};
}; };
} }

156
modules/gameservers/minecraft_modded/default.nix Normal file
View File

@@ -0,0 +1,156 @@
{
pkgs,
config,
lib,
...
}: let
service = "minecraft_modded";
cfg = config.gameservers.${service};
sec = config.sops.secrets;
servers = {
cobblemon = {
data_dir = "/var/lib/gameservers/minecraft_modded/cobblemon";
start_file = "start.sh";
};
};
in {
options.gameservers.${service} = {
enable = lib.mkEnableOption "enables ${service}";
url = lib.mkOption {
type = lib.types.str;
default = "mc.recoil.pro";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/gameservers/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = 25565;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = false;
description = "enable backups for ${service}";
};
motd = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = "velocity";
};
backup_repo = lib.mkOption {
type = lib.types.path;
default = "/holocron/archives/gameservers/minecraft/modded";
description = "path to take hourly backups to with borg!";
};
};
config = lib.mkIf cfg.enable {
# declare ${service} user
users.users.minecraft = lib.mkDefault {
description = "minecraft server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
shell = pkgs.bash;
group = "minecraft";
extraGroups = [];
};
systemd.tmpfiles.rules =
lib.attrsets.mapAttrsToList (
name: cfg: "d ${cfg.data_dir} 0770 minecraft minecraft -"
)
servers;
# Create a systemd service per server running in tmux
systemd.services =
lib.attrsets.mapAttrs (name: srv: {
description = "minecraft_recpro: ${name}";
after = ["network.target"];
wants = ["network.target"];
serviceConfig = {
User = "minecraft";
Group = "minecraft";
WorkingDirectory = srv.data_dir;
UMask = "0007";
ExecStart = "${pkgs.openjdk21}/bin/java -Xms4G -Xmx12G -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+AlwaysPreTouch -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true @libraries/net/neoforged/neoforge/21.1.211/unix_args.txt";
#ExecStart = "${srv.data_dir}/${srv.start_file}";
Restart = "on-failure";
KillMode = "process";
};
wantedBy = ["multi-user.target"];
})
servers;
environment.systemPackages = with pkgs; [openjdk21 mcrcon];
# services.mysql = {
# enable = true;
# package = pkgs.mariadb;
# ensureDatabases = ["minecraft_recpro_db"];
# ensureUsers = [
# {
# name = "minecraft";
# ensurePermissions = {"minecraft_recpro_db.*" = "ALL PRIVILEGES";};
# }
# ];
# initialScript = pkgs.writeText "minecraft_recpro-init.sql" ''
# CREATE USER IF NOT EXISTS 'minecraft_recpro'@'localhost' IDENTIFIED BY 'IKNOWTHISISBADIJUSTNEEDTHISTOWORKRNPLS';
# GRANT ALL PRIVILEGES ON minecraft_recpro_db.* TO 'minecraft_recpro'@'localhost';
# FLUSH PRIVILEGES;
# '';
# };
# open firewall
networking.firewall.allowedTCPPorts = [25778];
# sops.secrets = {
# "velocity_forwarding" = {
# owner = "minecraft";
# group = "minecraft";
# path = "/var/lib/gameservers/minecraft_recpro/velocity/forwarding.secret";
# mode = "0400";
# };
# "minecraft_recpro_db_passwd" = {
# owner = "mysql";
# group = "mysql";
# };
# };
# backups minecraft_recpro with borg!
services.borgbackup.jobs.${service} = {
archiveBaseName = service;
repo = cfg.backup_repo;
paths = lib.flatten (
lib.attrValues (
lib.mapAttrs (_: srv:
[srv.data_dir]
++ (
if builtins.hasAttr "db_dump" srv
then [srv.db_dump]
else []
))
servers
)
);
compression = "auto,zstd";
#preHook = "systemctl start mysql-backup.service";
startAt = "*-*-* *:00:00";
group = "archives";
encryption.mode = "repokey-blake2";
encryption.passCommand = "cat ${config.sops.secrets."borg_passwd".path}";
extraArgs = ["--verbose" "--show-rc" "--umask" "0007"];
extraCreateArgs = ["--list" "--stats" "--filter" "AME"];
prune.keep = {
within = "1d"; # Keep all archives from the last day
hourly = 24;
daily = 7;
weekly = 12;
monthly = -1; # Keep at least one archive for each month
};
};
};
}

5
modules/holocron/syncthing/default.nix
View File

@@ -22,7 +22,7 @@ in {
dataDir = "/var/lib/syncthing"; dataDir = "/var/lib/syncthing";
guiAddress = "0.0.0.0:2222"; guiAddress = "0.0.0.0:2222";
openDefaultPorts = true; openDefaultPorts = true;
extraFlags = ["--no-default-folder"]; #extraFlags = ["--no-default-folder"];
key = sec."${service}/snowbelle/key".path; key = sec."${service}/snowbelle/key".path;
cert = sec."${service}/snowbelle/cert".path; cert = sec."${service}/snowbelle/cert".path;
settings = { settings = {
@@ -31,11 +31,12 @@ in {
"zygarde" = {id = "UYLTF52-VVKUR7F-JN33HQZ-RFNWGL3-JER52LA-GZD2LPJ-QIFEE7K-MNMZRQ5";}; "zygarde" = {id = "UYLTF52-VVKUR7F-JN33HQZ-RFNWGL3-JER52LA-GZD2LPJ-QIFEE7K-MNMZRQ5";};
"yveltal" = {id = "ZVSQ4WJ-7OICYOZ-3ECES4X-KH37IPB-TKHKUJG-BSEGXVM-AHYY5C3-VKG44AX";}; "yveltal" = {id = "ZVSQ4WJ-7OICYOZ-3ECES4X-KH37IPB-TKHKUJG-BSEGXVM-AHYY5C3-VKG44AX";};
"CEN-IT-07" = {id = "DPYKA4Z-3PX7JB2-FBEOXXX-SC7TLT2-QC5P2IR-SXOPJGX-QO3DMII-5B7UCA4";}; "CEN-IT-07" = {id = "DPYKA4Z-3PX7JB2-FBEOXXX-SC7TLT2-QC5P2IR-SXOPJGX-QO3DMII-5B7UCA4";};
"CEN-IT-00007" = {id = "XBPXGYU-DUJSLDH-6BDNF4D-CO2COC3-N3FM6W5-IHZOJBM-Z2N77RI-IVAV5AH";};
}; };
folders = { folders = {
"holocron" = { "holocron" = {
path = "/holocron/users/blake/holocron"; path = "/holocron/users/blake/holocron";
devices = ["lugia" "zygarde" "CEN-IT-07" "yveltal"]; devices = ["lugia" "zygarde" "CEN-IT-07" "CEN-IT-00007" "yveltal"];
id = "5voxg-c3he2"; id = "5voxg-c3he2";
versioning = { versioning = {
type = "staggered"; type = "staggered";

2
modules/homelab/arr/bazarr/default.nix
View File

@@ -78,7 +78,7 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/arr/flaresolverr/default.nix
View File

@@ -74,7 +74,7 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/arr/prowlarr/default.nix
View File

@@ -80,7 +80,7 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

2
modules/homelab/arr/radarr/default.nix
View File

@@ -86,7 +86,7 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

3
modules/homelab/arr/sonarr/default.nix
View File

@@ -83,8 +83,9 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
# tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

1
modules/homelab/dnsmasq/default.nix
View File

@@ -24,6 +24,7 @@ in {
enable = true; enable = true;
settings = { settings = {
listen-address = "10.10.0.10"; # your LAN IP listen-address = "10.10.0.10"; # your LAN IP
#interface = "enp89s0";
bind-interfaces = true; bind-interfaces = true;
address = "/snowbelle.lan/10.10.0.10"; address = "/snowbelle.lan/10.10.0.10";
server = [ # upstream dns server = [ # upstream dns

32
modules/homelab/gitea/default.nix
View File

@@ -1,4 +1,4 @@
{ pkgs, config, lib, ... }: { pkgs, nixpkgs-unstable, config, lib, ... }:
let let
service = "gitea"; service = "gitea";
@@ -62,6 +62,10 @@ in
createHome = true; createHome = true;
group = service; group = service;
extraGroups = []; extraGroups = [];
# if you wanna attempt system ssh again
#openssh.authorizedKeys.keyFiles = [
# "${cfg.data_dir}/.ssh/authorized_keys"
#];
}; };
# declare the gitea service # declare the gitea service
@@ -73,16 +77,26 @@ in
appName = "gitea"; appName = "gitea";
settings = { settings = {
server = { server = {
# http config
ROOT_URL = "https://git.blakedheld.xyz"; ROOT_URL = "https://git.blakedheld.xyz";
DOMAIN = "git.blakedheld.xyz"; DOMAIN = "git.blakedheld.xyz";
HTTP_PORT = cfg.port; HTTP_PORT = cfg.port;
SSH_PORT = cfg.ssh_port; # local network config
START_SSH_SERVER = true; #LOCAL_ROOT_URL = "https://git.snowbelle.lan";
ENABLE_PUSH_CREATE_USER = true;
ALLOW_LOCALNETWORKS = true; ALLOW_LOCALNETWORKS = true;
ALLOWED_DOMAINS = "10.10.0.10"; ALLOWED_DOMAINS = "10.10.0.10";
SKIP_TLS_VERIFY = true; SKIP_TLS_VERIFY = true;
# configure for system ssh (trying to use the systms on nix sucks)
SSH_PORT = cfg.ssh_port;
START_SSH_SERVER = true;
# SSH_PORT = 22;
# START_SSH_SERVER = false;
# SSH_ROOT_PATH = "${cfg.data_dir}/.ssh";
# SSH_CREATE_AUTHORIZED_KEYS_FILE = true;
# actual git config
DEFAULT_BRANCH = "trunk";
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_PUSH_CREATE_PRIVATE = true;
}; };
}; };
database = { database = {
@@ -99,8 +113,13 @@ in
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ]; networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."git.${homelab.public_domain}" = {
extraConfig = ''
reverse_proxy localhost:${toString cfg.port} {
}
'';
};
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "git.${homelab.public_domain}" ];
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy localhost:${toString cfg.port} { reverse_proxy localhost:${toString cfg.port} {
@@ -108,6 +127,7 @@ in
''; '';
}; };
# add to glance # add to glance
homelab.glance.links.services = [{ homelab.glance.links.services = [{
title = service; title = service;

7
modules/homelab/glance/default.nix
View File

@@ -242,6 +242,13 @@ in
cache = "5s"; cache = "5s";
template = "<div style=\"display:flex; align-items:center; gap:12px;\">\n <div style=\"width:40px; height:40px; flex-shrink:0; border-radius:4px; display:flex; justify-content:center; align-items:center; overflow:hidden;\">\n {{ if .JSON.Bool \"online\" }}\n <img src=\"{{ .JSON.String \"icon\" | safeURL }}\" width=\"64\" height=\"64\" style=\"object-fit:contain;\">\n {{ else }}\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\" fill=\"currentColor\" style=\"width:32px; height:32px; opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M1 5.25A2.25 2.25 0 0 1 3.25 3h13.5A2.25 2.25 0 0 1 19 5.25v9.5A2.25 2.25 0 0 1 16.75 17H3.25A2.25 2.25 0 0 1 1 14.75v-9.5Zm1.5 5.81v3.69c0 .414.336.75.75.75h13.5a.75.75 0 0 0 .75-.75v-2.69l-2.22-2.219a.75.75 0 0 0-1.06 0l-1.91 1.909.47.47a.75.75 0 1 1-1.06 1.06L6.53 8.091a.75.75 0 0 0-1.06 0l-2.97 2.97ZM12 7a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ end }}\n </div>\n\n <div style=\"flex-grow:1; min-width:0;\">\n <a class=\"size-h4 block text-truncate color-highlight\">\n {{ .JSON.String \"host\" }}\n {{ if .JSON.Bool \"online\" }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-positive); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Online\"\n ></span>\n {{ else }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-negative); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Offline\"\n ></span>\n {{ end }}\n </a>\n\n <ul class=\"list-horizontal-text\">\n <li>\n {{ if .JSON.Bool \"online\" }}\n <span>{{ .JSON.String \"version.name_clean\" }}</span>\n {{ else }}\n <span>Offline</span>\n {{ end }}\n </li>\n {{ if .JSON.Bool \"online\" }}\n <li data-popover-type=\"html\">\n <div data-popover-html>\n {{ range .JSON.Array \"players.list\" }}{{ .String \"name_clean\" }}<br>{{ end }}\n </div>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ .JSON.Int \"players.online\" | formatNumber }}/{{ .JSON.Int \"players.max\" | formatNumber }} players\n </p>\n </li>\n {{ else }}\n <li>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n 0 players\n </p>\n </li>\n {{ end }}\n </ul>\n </div>\n</div>"; template = "<div style=\"display:flex; align-items:center; gap:12px;\">\n <div style=\"width:40px; height:40px; flex-shrink:0; border-radius:4px; display:flex; justify-content:center; align-items:center; overflow:hidden;\">\n {{ if .JSON.Bool \"online\" }}\n <img src=\"{{ .JSON.String \"icon\" | safeURL }}\" width=\"64\" height=\"64\" style=\"object-fit:contain;\">\n {{ else }}\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\" fill=\"currentColor\" style=\"width:32px; height:32px; opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M1 5.25A2.25 2.25 0 0 1 3.25 3h13.5A2.25 2.25 0 0 1 19 5.25v9.5A2.25 2.25 0 0 1 16.75 17H3.25A2.25 2.25 0 0 1 1 14.75v-9.5Zm1.5 5.81v3.69c0 .414.336.75.75.75h13.5a.75.75 0 0 0 .75-.75v-2.69l-2.22-2.219a.75.75 0 0 0-1.06 0l-1.91 1.909.47.47a.75.75 0 1 1-1.06 1.06L6.53 8.091a.75.75 0 0 0-1.06 0l-2.97 2.97ZM12 7a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ end }}\n </div>\n\n <div style=\"flex-grow:1; min-width:0;\">\n <a class=\"size-h4 block text-truncate color-highlight\">\n {{ .JSON.String \"host\" }}\n {{ if .JSON.Bool \"online\" }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-positive); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Online\"\n ></span>\n {{ else }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-negative); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Offline\"\n ></span>\n {{ end }}\n </a>\n\n <ul class=\"list-horizontal-text\">\n <li>\n {{ if .JSON.Bool \"online\" }}\n <span>{{ .JSON.String \"version.name_clean\" }}</span>\n {{ else }}\n <span>Offline</span>\n {{ end }}\n </li>\n {{ if .JSON.Bool \"online\" }}\n <li data-popover-type=\"html\">\n <div data-popover-html>\n {{ range .JSON.Array \"players.list\" }}{{ .String \"name_clean\" }}<br>{{ end }}\n </div>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ .JSON.Int \"players.online\" | formatNumber }}/{{ .JSON.Int \"players.max\" | formatNumber }} players\n </p>\n </li>\n {{ else }}\n <li>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n 0 players\n </p>\n </li>\n {{ end }}\n </ul>\n </div>\n</div>";
} }
{
type = "custom-api";
title = "cobblemon";
url = "https://api.mcstatus.io/v2/status/java/cobblemon.recoil.pro";
cache = "5s";
template = "<div style=\"display:flex; align-items:center; gap:12px;\">\n <div style=\"width:40px; height:40px; flex-shrink:0; border-radius:4px; display:flex; justify-content:center; align-items:center; overflow:hidden;\">\n {{ if .JSON.Bool \"online\" }}\n <img src=\"{{ .JSON.String \"icon\" | safeURL }}\" width=\"64\" height=\"64\" style=\"object-fit:contain;\">\n {{ else }}\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\" fill=\"currentColor\" style=\"width:32px; height:32px; opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M1 5.25A2.25 2.25 0 0 1 3.25 3h13.5A2.25 2.25 0 0 1 19 5.25v9.5A2.25 2.25 0 0 1 16.75 17H3.25A2.25 2.25 0 0 1 1 14.75v-9.5Zm1.5 5.81v3.69c0 .414.336.75.75.75h13.5a.75.75 0 0 0 .75-.75v-2.69l-2.22-2.219a.75.75 0 0 0-1.06 0l-1.91 1.909.47.47a.75.75 0 1 1-1.06 1.06L6.53 8.091a.75.75 0 0 0-1.06 0l-2.97 2.97ZM12 7a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ end }}\n </div>\n\n <div style=\"flex-grow:1; min-width:0;\">\n <a class=\"size-h4 block text-truncate color-highlight\">\n {{ .JSON.String \"host\" }}\n {{ if .JSON.Bool \"online\" }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-positive); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Online\"\n ></span>\n {{ else }}\n <span\n style=\"width: 8px; height: 8px; border-radius: 50%; background-color: var(--color-negative); display: inline-block; vertical-align: middle;\"\n data-popover-type=\"text\"\n data-popover-text=\"Offline\"\n ></span>\n {{ end }}\n </a>\n\n <ul class=\"list-horizontal-text\">\n <li>\n {{ if .JSON.Bool \"online\" }}\n <span>{{ .JSON.String \"version.name_clean\" }}</span>\n {{ else }}\n <span>Offline</span>\n {{ end }}\n </li>\n {{ if .JSON.Bool \"online\" }}\n <li data-popover-type=\"html\">\n <div data-popover-html>\n {{ range .JSON.Array \"players.list\" }}{{ .String \"name_clean\" }}<br>{{ end }}\n </div>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n {{ .JSON.Int \"players.online\" | formatNumber }}/{{ .JSON.Int \"players.max\" | formatNumber }} players\n </p>\n </li>\n {{ else }}\n <li>\n <p style=\"display:inline-flex;align-items:center;\">\n <svg xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 24 24\" fill=\"currentColor\" class=\"size-6\" style=\"height:1em;vertical-align:middle;margin-right:0.5em;opacity:0.5;\">\n <path fill-rule=\"evenodd\" d=\"M7.5 6a4.5 4.5 0 1 1 9 0 4.5 4.5 0 0 1-9 0ZM3.751 20.105a8.25 8.25 0 0 1 16.498 0 .75.75 0 0 1-.437.695A18.683 18.683 0 0 1 12 22.5c-2.786 0-5.433-.608-7.812-1.7a.75.75 0 0 1-.437-.695Z\" clip-rule=\"evenodd\" />\n </svg>\n 0 players\n </p>\n </li>\n {{ end }}\n </ul>\n </div>\n</div>";
}
]; ];
} }
{ {

2
modules/homelab/motd/default.nix
View File

@@ -78,7 +78,7 @@ in {
# --- gameservers --- # --- gameservers ---
echo -e "''${headings}gameservers:''${reset}" echo -e "''${headings}gameservers:''${reset}"
for service in velocity smp superflat bento; do for service in velocity smp superflat bento cobblemon; do
status=$(systemctl is-active $service 2>/dev/null) status=$(systemctl is-active $service 2>/dev/null)
if [ "$status" = "active" ]; then if [ "$status" = "active" ]; then
printf "%-32s%s\n" " ''${active}[$service]''${reset}" "running" printf "%-32s%s\n" " ''${active}[$service]''${reset}" "running"

8
modules/homelab/postfix/default.nix
View File

@@ -60,13 +60,11 @@ in {
# enable the ${service} service # enable the ${service} service
services.postfix = { services.postfix = {
enable = true; enable = true;
relayHost = "smtp.gmail.com"; settings.main = {
relayPort = cfg.port; relayhost = ["smtp.gmail.com:${toString cfg.port}"];
config = {
#smtp_use_tls = "yes";
smtp_tls_security_level = "may"; smtp_tls_security_level = "may";
smtp_sasl_auth_enable = "yes"; smtp_sasl_auth_enable = "yes";
smtp_sasl_security_options = ""; smtp_sasl_security_options = "noanonymous";
smtp_sasl_password_maps = "texthash:${config.sops.secrets."postfix_passwd".path}"; smtp_sasl_password_maps = "texthash:${config.sops.secrets."postfix_passwd".path}";
# optional: Forward mails to root (e.g. from cron jobs, smartd) # optional: Forward mails to root (e.g. from cron jobs, smartd)
# to me privately and to my work email: # to me privately and to my work email:

2
modules/homelab/qbittorrent/default.nix
View File

@@ -117,7 +117,7 @@ in
# add to caddy for reverse proxy # add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = { services.caddy.virtualHosts."${cfg.url}" = {
extraConfig = '' extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} tls internal
reverse_proxy 127.0.0.1:${toString cfg.port} reverse_proxy 127.0.0.1:${toString cfg.port}
''; '';
}; };

72
modules/system/cifs_mounts/default.nix Normal file
View File

@@ -0,0 +1,72 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.system.cifs_mounts;
sec = config.sops.secrets;
in {
options.system.cifs_mounts = {
enable = lib.mkEnableOption "enables mounting holocron fileshare on the client side";
};
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [
cifs-utils
];
fileSystems."/media/holocron/blake" = {
device = "//10.10.0.10/users/blake";
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"_netdev"
"credentials=${sec."holocron_creds".path}"
"uid=1000"
"gid=1000"
"file_mode=0664"
"dir_mode=0775"
];
};
fileSystems."/media/holocron/archives" = {
device = "//10.10.0.10/archives";
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"_netdev"
"credentials=${sec."holocron_creds".path}"
"uid=1000"
"gid=1000"
"file_mode=0664"
"dir_mode=0775"
];
};
fileSystems."/media/holocron/media" = {
device = "//10.10.0.10/media";
fsType = "cifs";
options = [
"x-systemd.automount"
"noauto"
"_netdev"
"credentials=${sec."holocron_creds".path}"
"uid=1000"
"gid=1000"
"file_mode=0664"
"dir_mode=0775"
];
};
# manage secrets with sops
sops.secrets = {
"holocron_creds" = {
owner = "blake";
group = "blake";
};
};
};
}

5
modules/system/default.nix
View File

@@ -11,10 +11,15 @@
./podman ./podman
./yubikey ./yubikey
./tailscale ./tailscale
./japanese
./vpns ./vpns
./vpn-confinement ./vpn-confinement
./syncthing ./syncthing
./graphics ./graphics
./flatpak
./secure_boot
./cifs_mounts
./udiskie
]; ];
system.ssh.enable = lib.mkDefault true; system.ssh.enable = lib.mkDefault true;

19
modules/system/flatpak/default.nix Normal file
View File

@@ -0,0 +1,19 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.system.flatpak;
in {
options.system.flatpak = {
enable = lib.mkEnableOption "enables nix-flatpak on nixos side";
};
imports = [inputs.nix-flatpak.nixosModules.nix-flatpak];
config = lib.mkIf cfg.enable {
services.flatpak.enable = true;
};
}

2
modules/system/graphics/default.nix
View File

@@ -57,12 +57,10 @@ in {
# enable amd vulkan (program will choose this or regular) # enable amd vulkan (program will choose this or regular)
hardware.graphics.extraPackages = with pkgs; [ hardware.graphics.extraPackages = with pkgs; [
amdvlk
rocmPackages.clr.icd # enable open cl (compute framework like cuda) rocmPackages.clr.icd # enable open cl (compute framework like cuda)
]; ];
# ^ but 32 bit # ^ but 32 bit
hardware.graphics.extraPackages32 = with pkgs; [ hardware.graphics.extraPackages32 = with pkgs; [
driversi686Linux.amdvlk
]; ];
# make hip work (extension on cli.icd ^) # make hip work (extension on cli.icd ^)

52
modules/system/japanese/default.nix Normal file
View File

@@ -0,0 +1,52 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.system.japanese;
in {
options.system.japanese = {
enable = lib.mkEnableOption "enables japanese tools";
};
config = lib.mkIf cfg.enable {
# japanese input
i18n.inputMethod = {
enabled = "fcitx5";
fcitx5.addons = with pkgs; [
fcitx5-mozc
fcitx5-gtk
fcitx5-qt
];
};
environment.systemPackages = with pkgs; [
fcitx5
fcitx5-configtool
];
# fonts for japanese
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
source-han-sans
source-han-serif
];
fontconfig = {
defaultFonts = {
serif = [ "Noto Serif CJK JP" ];
sansSerif = [ "Noto Sans CJK JP" ];
monospace = [ "Noto Sans Mono CJK JP" ];
};
};
};
};
}

43
modules/system/secure_boot/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
pkgs,
inputs,
config,
lib,
...
}: let
cfg = config.system.secure_boot;
in {
options.system.secure_boot = {
enable = lib.mkEnableOption "enables secureboot with lanzaboote";
};
imports = [inputs.lanzaboote.nixosModules.lanzaboote];
config = lib.mkIf cfg.enable {
# install userspace secureboot tools
environment.systemPackages = with pkgs; [
sbctl
e2fsprogs
];
# force disable systemd-boot so lanzaboote can be used
boot.loader.systemd-boot.enable = lib.mkForce false;
/*
this uses the project lanzaboote for secureboot (extension on systemd)
setup guide can be found here: https://github.com/nix-community/lanzaboote/blob/master/docs/QUICK_START.md
tldr:
while currently using systemd-boot
generate keys with `nix-shell -p --run "sudo sbctl create-keys"`
rebuild with this module enabled then check `sudo sbctl verify`
reboot and enable secureboot setup mode in bios
check that setup mode is enabled with `sudo sbctl status`
enroll keys with `sudo sbctl enroll-keys` use the `--microsoft` flag to incude their keys for compatibality
reboot (disable secureboot setup mode if not done automatically) then check secure boot status with `sudo bootctl status`
*/
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
};
}

2
modules/system/ssh/default.nix
View File

@@ -13,7 +13,7 @@ in
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {
PasswordAuthentication = true; PasswordAuthentication = false;
PermitRootLogin = "no"; PermitRootLogin = "no";
X11Forwarding = false; X11Forwarding = false;
}; };

4
modules/system/syncthing/default.nix
View File

@@ -34,13 +34,15 @@ in {
"snowbelle" = {id = "6WQ6ATA-5AT4RUM-NW67PAL-N62CPNV-ALRFG3P-5BDRO22-HWFC2Q4-5S5BDA5";}; "snowbelle" = {id = "6WQ6ATA-5AT4RUM-NW67PAL-N62CPNV-ALRFG3P-5BDRO22-HWFC2Q4-5S5BDA5";};
"lugia" = {id = "BKKSFPH-YEOVVAB-DTT7KK3-UDKAEJ2-PC6ECG7-Y76ZIVP-JRYMMXS-RTZYVQ3";}; "lugia" = {id = "BKKSFPH-YEOVVAB-DTT7KK3-UDKAEJ2-PC6ECG7-Y76ZIVP-JRYMMXS-RTZYVQ3";};
"zygarde" = {id = "UYLTF52-VVKUR7F-JN33HQZ-RFNWGL3-JER52LA-GZD2LPJ-QIFEE7K-MNMZRQ5";}; "zygarde" = {id = "UYLTF52-VVKUR7F-JN33HQZ-RFNWGL3-JER52LA-GZD2LPJ-QIFEE7K-MNMZRQ5";};
"mew" = {id = "7ZC2NAS-QONQKAL-Z54NPMB-7TRXM6M-K7Z6PZD-FG4AI4H-V7SMFJN-JOYBHQO";};
"yveltal" = {id = "ZVSQ4WJ-7OICYOZ-3ECES4X-KH37IPB-TKHKUJG-BSEGXVM-AHYY5C3-VKG44AX";}; "yveltal" = {id = "ZVSQ4WJ-7OICYOZ-3ECES4X-KH37IPB-TKHKUJG-BSEGXVM-AHYY5C3-VKG44AX";};
"CEN-IT-07" = {id = "DPYKA4Z-3PX7JB2-FBEOXXX-SC7TLT2-QC5P2IR-SXOPJGX-QO3DMII-5B7UCA4";}; "CEN-IT-07" = {id = "DPYKA4Z-3PX7JB2-FBEOXXX-SC7TLT2-QC5P2IR-SXOPJGX-QO3DMII-5B7UCA4";};
"CEN-IT-00007" = {id = "XBPXGYU-DUJSLDH-6BDNF4D-CO2COC3-N3FM6W5-IHZOJBM-Z2N77RI-IVAV5AH";};
}; };
folders = { folders = {
"holocron" = { "holocron" = {
path = "/home/blake/holocron"; path = "/home/blake/holocron";
devices = ["lugia" "zygarde" "CEN-IT-07" "snowbelle"]; devices = ["lugia" "zygarde" "mew" "yveltal" "CEN-IT-07" "CEN-IT-00007" "snowbelle"];
id = "5voxg-c3he2"; id = "5voxg-c3he2";
versioning = { versioning = {
type = "staggered"; type = "staggered";

3
modules/system/tailscale/default.nix
View File

@@ -21,6 +21,9 @@ in {
"--accept-dns=true" # explicitly allow resolved "--accept-dns=true" # explicitly allow resolved
]; ];
}; };
systemd.services.tailscaled = {
after = [ "remote-fs.target" ]; # keep tailscale up until remote mounts are unmounted
};
# network config # network config
networking.firewall.trustedInterfaces = ["tailscale0"]; networking.firewall.trustedInterfaces = ["tailscale0"];

16
modules/system/udiskie/default.nix Normal file
View File

@@ -0,0 +1,16 @@
{
pkgs,
lib,
config,
...
}: let
cfg = config.system.udiskie;
in {
options.system.udiskie = {
enable = lib.mkEnableOption "enable udiskie for automount on nixos side";
};
config = lib.mkIf cfg.enable {
services.udisks2.enable = true;
};
}

18
modules/system/yubikey/default.nix
View File

@@ -5,7 +5,7 @@
... ...
}: }:
/* /*
# to enroll a yubikey (works like .ssh/known_hosts) # to enroll a yubikey with pam (works like .ssh/known_hosts)
nix-shell -p pam_u2f nix-shell -p pam_u2f
mkdir -p ~/.config/Yubico mkdir -p ~/.config/Yubico
pamu2fcfg > ~/.config/Yubico/u2f_keys pamu2fcfg > ~/.config/Yubico/u2f_keys
@@ -15,6 +15,9 @@ pamu2fcfg -n >> ~/.config/Yubico/u2f_keys (to add additional yubikeys)
nix-shell -p pamtester nix-shell -p pamtester
pamtester login <username> authenticate pamtester login <username> authenticate
pamtester sudo <username> authenticate pamtester sudo <username> authenticate
# to enroll yubikey with luks
`sudo systemd-cryptenroll --fido2-device=auto /dev/<disk>`
*/ */
let let
service = "yubikey"; service = "yubikey";
@@ -43,9 +46,18 @@ in {
yubikey-manager yubikey-manager
]; ];
# enable smartcard
services.pcscd.enable = true;
# enables it for everything
security.pam.u2f = lib.mkIf (cfg.mode == "u2f") {
enable = true;
};
# selectivlt edit what u2f is enabled for
security.pam.services = lib.mkIf (cfg.mode == "u2f") { security.pam.services = lib.mkIf (cfg.mode == "u2f") {
login.u2fAuth = true; #login.u2fAuth = true;
sudo.u2fAuth = true; #sudo.u2fAuth = true;
}; };
security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") { security.pam.yubico = lib.mkIf (cfg.mode == "challenge-response") {

10
secrets/secrets.yaml
View File

@@ -6,6 +6,8 @@ klefki_auth_map: ENC[AES256_GCM,data:u8OBLtT/,iv:THW21BDyhyFIjcwixsAnaAODofxbuQZ
tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str] tailscale_authkey: ENC[AES256_GCM,data:SU0k3asrJd+WZ86VbC4w8TDJp+MqsbyagrzCfDcgTzO5yvBjpWAKbJ7A+VxgQvdu4+S2jMYbdrONPp3YbQ==,iv:VMYmGVk5GpUQApKKQYhdOw/cYCXrXxEZJJwHfQL4MjQ=,tag:7ruaoCDxuFQ7tE/JLJ37Xw==,type:str]
#ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment] #ENC[AES256_GCM,data:bEbCic+ZDAA5ieNedCbiVbJrse17,iv:UwRYlis6NPB/RUcv+YnPxrGdbIcF4hrNiZt19YvWZNQ=,tag:m6PVlzPNnahX7X7KzMUj7A==,type:comment]
borg_passwd: ENC[AES256_GCM,data:XOMJtr+DRs7xn5Iclc49iTzK9cFJyc/fSXJjhdKa9jdN,iv:YB8z7zNYjh6NpSxQb1TfPxAYUdzThdVfNZIe6tO5grA=,tag:bO6kZ3cLJDL4IQoWmGvRdg==,type:str] borg_passwd: ENC[AES256_GCM,data:XOMJtr+DRs7xn5Iclc49iTzK9cFJyc/fSXJjhdKa9jdN,iv:YB8z7zNYjh6NpSxQb1TfPxAYUdzThdVfNZIe6tO5grA=,tag:bO6kZ3cLJDL4IQoWmGvRdg==,type:str]
#ENC[AES256_GCM,data:ztRwuY0mTMDmwV5HqVR7Dmc+dCWcrVRtWZGEL1abE/WUcA==,iv:mmaWfHRiENJUGNhyUBFo1z7PdzVPH1OUZrVhkce6KV0=,tag:GKEvT0qkzTtimQXDueKPdw==,type:comment]
holocron_creds: ENC[AES256_GCM,data:2QXtXrN5w0UFn70GZOsYFPdtPwjLcuUdtkEam5aZ83N6LEDqPWJi,iv:kUS9pq5CX19vqHumc6QjY+Xpd4N+Ge7oCcQYtMFh+WM=,tag:IUA1ZVThF91EdHrwmS624g==,type:str]
#ENC[AES256_GCM,data:VdbMrwGKUKNJHw==,iv:OLwBh6KQXR/H8eRgp/hH8k3QfIkK/ydL735kx/dpc8E=,tag:N+v+ym6RMbvW4IckbiLK8Q==,type:comment] #ENC[AES256_GCM,data:VdbMrwGKUKNJHw==,iv:OLwBh6KQXR/H8eRgp/hH8k3QfIkK/ydL735kx/dpc8E=,tag:N+v+ym6RMbvW4IckbiLK8Q==,type:comment]
syncthing: syncthing:
gui_passwd: ENC[AES256_GCM,data:CicGIe5dT8lJVchCcE4wg3E8va3RYR8d53MISkE=,iv:8ziDDyQvU8ABaKKwYlcHmvm8Qybk4G+q5F0Ghqluu9w=,tag:YlyNPE04KD3detL1QUTrgQ==,type:str] gui_passwd: ENC[AES256_GCM,data:CicGIe5dT8lJVchCcE4wg3E8va3RYR8d53MISkE=,iv:8ziDDyQvU8ABaKKwYlcHmvm8Qybk4G+q5F0Ghqluu9w=,tag:YlyNPE04KD3detL1QUTrgQ==,type:str]
@@ -15,6 +17,9 @@ syncthing:
yveltal: yveltal:
key: ENC[AES256_GCM,data:unUnEeDhCqHUZCJtGCbj5rmrLx+9GiUTl75K3HdkI94YfCLNYCBACYu2v/7FbNIEsjVoQEA5/gKEcUHzVq6LaHM2w9GSo6tjkegdzTUgbHBJf4ssJ38z5rQkMc7tbzsA0NUHBPklz1eyjkW96HQPD0REcwA3CIc=,iv:PZ7vfhIpwPpMz4P04bewNhRuahmpukasgYb8fL/EJBE=,tag:G1HDyPAVSdm/fwqTXTT3PQ==,type:str] key: ENC[AES256_GCM,data:unUnEeDhCqHUZCJtGCbj5rmrLx+9GiUTl75K3HdkI94YfCLNYCBACYu2v/7FbNIEsjVoQEA5/gKEcUHzVq6LaHM2w9GSo6tjkegdzTUgbHBJf4ssJ38z5rQkMc7tbzsA0NUHBPklz1eyjkW96HQPD0REcwA3CIc=,iv:PZ7vfhIpwPpMz4P04bewNhRuahmpukasgYb8fL/EJBE=,tag:G1HDyPAVSdm/fwqTXTT3PQ==,type:str]
cert: ENC[AES256_GCM,data:yLq2dNjdMiRj4reyZWsSqZ+1rw4DTwKBZoQHzeKb8YBn63ub4TZPlnOjSTt2DwOQwrJDNhsaeGscZ6J7rLxF/rtH6YnR8XxQuOu/NNIcZ4m9EqhsXyznSx4Q+0gamUXujRgGRVH5FNrfiFoqP3VuNghoX+NLxfX0BcVruEjbmLUWVVzY0yS0ufzxegM8WFAxuKhcr1NlhBU65TxKUtbj4vcByzWHkfLGIb5ICnGeF/p9/FvpFSavw3nLdybDLJ6EKEeaxy6t984fkuotAvk54kLbF4yt0q5mjDxy0U6xtn1hg3x03IRAPjKDRdpDmzYf4XxykEb74JX9q2zjUhb2l1ORWcZu/uKvEiuZWDJRmJ4ypOiyZOCqTvY6s2iDhEjmMKxlNr2mhuz9Hn6b3KoQjePIEd1eS/VEmo09pEuUlhlAEziVcdnpeRyWlN2xpv4ps90gLxJ1Mj9nAZwRqFOQl0V4N5OBHEqMBE1nQv4afMpGX5QF2UotTpNfka+LdKwc1iHHtpHZYmG1/LVwz3jDv4XnVLdDWojFA/8eJIWVq1BsUTYSy+Q27bsoTX4iL0Y/OAHRzXZTqYc4aiAWJoaNTNgmagZ9C03SA6qePlGe/5azI3f54rC2m1/JDUtYW3IABHSFUaVnTdWnD4GDNSYRJIknyUwXR4sE3pRD979prmgtepOyETOAVgEeUVKz1leJZ2HyyhjFU41TL0IN/sl+YPD9bC3Nmw7OsxMFGPC4l5vn64DVp7HHRSKyJvZ5fG8s4nSzyZAKomkocOpKHEuQPyyerZpL1lne/m2B/y7/W2ouAGxcawZOSU6f74mn5wM=,iv:Ggag5SNUFkhMWS0u1kwkD5tGjiMv4i041bCESl5XOdc=,tag:pPISz0eBWzHcPHsC8dVG3g==,type:str] cert: ENC[AES256_GCM,data:yLq2dNjdMiRj4reyZWsSqZ+1rw4DTwKBZoQHzeKb8YBn63ub4TZPlnOjSTt2DwOQwrJDNhsaeGscZ6J7rLxF/rtH6YnR8XxQuOu/NNIcZ4m9EqhsXyznSx4Q+0gamUXujRgGRVH5FNrfiFoqP3VuNghoX+NLxfX0BcVruEjbmLUWVVzY0yS0ufzxegM8WFAxuKhcr1NlhBU65TxKUtbj4vcByzWHkfLGIb5ICnGeF/p9/FvpFSavw3nLdybDLJ6EKEeaxy6t984fkuotAvk54kLbF4yt0q5mjDxy0U6xtn1hg3x03IRAPjKDRdpDmzYf4XxykEb74JX9q2zjUhb2l1ORWcZu/uKvEiuZWDJRmJ4ypOiyZOCqTvY6s2iDhEjmMKxlNr2mhuz9Hn6b3KoQjePIEd1eS/VEmo09pEuUlhlAEziVcdnpeRyWlN2xpv4ps90gLxJ1Mj9nAZwRqFOQl0V4N5OBHEqMBE1nQv4afMpGX5QF2UotTpNfka+LdKwc1iHHtpHZYmG1/LVwz3jDv4XnVLdDWojFA/8eJIWVq1BsUTYSy+Q27bsoTX4iL0Y/OAHRzXZTqYc4aiAWJoaNTNgmagZ9C03SA6qePlGe/5azI3f54rC2m1/JDUtYW3IABHSFUaVnTdWnD4GDNSYRJIknyUwXR4sE3pRD979prmgtepOyETOAVgEeUVKz1leJZ2HyyhjFU41TL0IN/sl+YPD9bC3Nmw7OsxMFGPC4l5vn64DVp7HHRSKyJvZ5fG8s4nSzyZAKomkocOpKHEuQPyyerZpL1lne/m2B/y7/W2ouAGxcawZOSU6f74mn5wM=,iv:Ggag5SNUFkhMWS0u1kwkD5tGjiMv4i041bCESl5XOdc=,tag:pPISz0eBWzHcPHsC8dVG3g==,type:str]
mew:
key: ENC[AES256_GCM,data:8i2thp667lKEXR0cIaEOLHPXWlhFS38FvbtHgni3i0dTBx9DYtJbGogNaWMlA8r2HzBHkG3Jg0nJs7IOrJWugnGLNLbvhdsxBswEndOBaed4vq+SSN6ssxdjjyFd38wlIZNZsytjPFhyRgDLJ+0rftcIQXPjBhU=,iv:IZ3zWD/ZpalOzSAJQubo/y4LcEzHMEcl+C4GB3Q/nac=,tag:IKEwIkuvHE6qrUoCEqI2Ug==,type:str]
cert: ENC[AES256_GCM,data:uvNZYmQnexXTr/Sz7vLQIJK93MmsoiJfCAL8/rLVQH0D+1nVaM472lqR5pP0qhLKuYhFUESxhAotVtqLpOWK1MfAxuk2RHv8mvbtIJkheRmsIWw7dAAABIkmgnelI03P2Tk2129I95vMM1lybu4W6m9VslwJF8X/4rCxshdbuz9mcjwxBpUEDr1V76DO3bgQUuPwizx17ON8gNd+NtRqPPaXlGrfLCFv1Fib3YFd7+WRkERki9ZO7Q0quY75G4Jseb28QaiM2BT7jfECJo4x7rMePMV303sIrF9paaUKTuSiCUsamLsi5Hwr907y2lHB9Gocwio7tnSRSRhHHcWLI8dQktzW7Flqs8+MZGZ1oJBQO7kQDefF1q4mddADimoqD9F1NsOiOmqqZRRB37alLGmRjeYBIlA6q/FgN9BAj9h0cG3oN1MUXPRGzDfggg5TLjBM2FbG/N3xgncZ2AzTPOcLtrtc0I2PYk3FFxgzpHWnjS2t7CQo/JxqdXbdy9nTHIqbrnKIQ/FtS7/p+cgQcU815UMsJm3qP+hPLCyNuziYq3Vt/X7C3eTnrqemXjEeJ/SJxb+Oul5GS1OL14dNsJllFNuj33Zep/hyQvHnf/HW7kXAfDqIP9zn85EFriAZEuaKwbHB2pkvbWKFxrpXJFhjnPFDKxGOjAmsLmil4paFKdt5hK7rp0mmoIMN+mMFbYx333llik0qk27yYTQwOR3eeCGqHODUU+izUT8NuQBezyxsEmEYu/YBcpatcYylwKgIFcC058oltsxlbxRg5Rrdk5FOqj7Uui0qwFXvYesz6Tiq/rGmcOPlcE5xw14=,iv:LePpzWGDTV1ONwt1uHUptMW1dO1SwwUKrtCEerc/DEc=,tag:a5B/7hmIxvLXU90Stcq7zA==,type:str]
#ENC[AES256_GCM,data:A0ITyGOGMIoyVOcn5JOi1RAtqUM=,iv:+wWpmFbeLiX/Ae53pj0QmnYY3MEzOMib4cqbePUKtGI=,tag:JHXvrN4bOH+oD3Q70pUuew==,type:comment] #ENC[AES256_GCM,data:A0ITyGOGMIoyVOcn5JOi1RAtqUM=,iv:+wWpmFbeLiX/Ae53pj0QmnYY3MEzOMib4cqbePUKtGI=,tag:JHXvrN4bOH+oD3Q70pUuew==,type:comment]
pia_auth: ENC[AES256_GCM,data:rwAu4f5XVS4v4FCLj2zXAegIZeRPLIzUVv6TCrdfg9RGSDJYHgVAX0aFXCBQsDQju9RDycXmc9Id8IuyYN8=,iv:kEA4ADQyUI+zlQoZOKi81dw5BLE1oesqhVf6bfiLgB4=,tag:VHT2uPNW27F3KRM7ZhWdCw==,type:str] pia_auth: ENC[AES256_GCM,data:rwAu4f5XVS4v4FCLj2zXAegIZeRPLIzUVv6TCrdfg9RGSDJYHgVAX0aFXCBQsDQju9RDycXmc9Id8IuyYN8=,iv:kEA4ADQyUI+zlQoZOKi81dw5BLE1oesqhVf6bfiLgB4=,tag:VHT2uPNW27F3KRM7ZhWdCw==,type:str]
#ENC[AES256_GCM,data:mbIgMJBhL8nWJzl8q2dFL8XtO1Xa1Q==,iv:caYHYp1boK9wRgCcQe40HTWT/HxAIvYe+HyaruI53Vc=,tag:S6wowhAHObEcs7z8FimZ1g==,type:comment] #ENC[AES256_GCM,data:mbIgMJBhL8nWJzl8q2dFL8XtO1Xa1Q==,iv:caYHYp1boK9wRgCcQe40HTWT/HxAIvYe+HyaruI53Vc=,tag:S6wowhAHObEcs7z8FimZ1g==,type:comment]
@@ -30,6 +35,7 @@ minecraft_recpro_db_passwd: ENC[AES256_GCM,data:dPAkdEX0hBigo/lND2r3ShxnS4Jc5wTI
mosquitto_hashed_passwd: ENC[AES256_GCM,data:k1Lnr8ZTDpzXMoRmRH61X41boX/D8Rm1KPh7x3/IHFo+XKIOUQns53iA+7e7Ohp8uWSthDlOk4SlRvTXdUNiEz7Zmw9LYwy7BHbwpNo2pFApAye1ORPrMrhMUkUfgBgc8oqPPyRXmmrOAFp6GBbRhg==,iv:D8wQL9iF0rqOte5X24kDTVjYUJXbZSLz0Ykbp0HqmYo=,tag:RUCgO1uKPIdumSo563cg1Q==,type:str] mosquitto_hashed_passwd: ENC[AES256_GCM,data:k1Lnr8ZTDpzXMoRmRH61X41boX/D8Rm1KPh7x3/IHFo+XKIOUQns53iA+7e7Ohp8uWSthDlOk4SlRvTXdUNiEz7Zmw9LYwy7BHbwpNo2pFApAye1ORPrMrhMUkUfgBgc8oqPPyRXmmrOAFp6GBbRhg==,iv:D8wQL9iF0rqOte5X24kDTVjYUJXbZSLz0Ykbp0HqmYo=,tag:RUCgO1uKPIdumSo563cg1Q==,type:str]
mosquitto_passwd.yaml: ENC[AES256_GCM,data:9xwHiUaQ6zG/4rkRemXtbRJ/KEV4yajqyYlcXRR1eAQ2XijYOzitPjt53h3FPqp5rxl6dJerXNH5CiZZK3t1l339NxNseJFGVmIHitWJxNmGJMlG3M8r8Q==,iv:C6WWZuVkYaasB2pol3uf4Mc3d/lDEgt2pKX+dHl/Cr4=,tag:jYTC6RKF2TzDSwSUh6D8zQ==,type:str] mosquitto_passwd.yaml: ENC[AES256_GCM,data:9xwHiUaQ6zG/4rkRemXtbRJ/KEV4yajqyYlcXRR1eAQ2XijYOzitPjt53h3FPqp5rxl6dJerXNH5CiZZK3t1l339NxNseJFGVmIHitWJxNmGJMlG3M8r8Q==,iv:C6WWZuVkYaasB2pol3uf4Mc3d/lDEgt2pKX+dHl/Cr4=,tag:jYTC6RKF2TzDSwSUh6D8zQ==,type:str]
#ENC[AES256_GCM,data:zmSByl0De3a39qLbS99oce7ORe2BBoPa+3I05/YYxL7iBeWCP3ZK,iv:6nUTBUFpNK7Mttckqu6Wk/QJ5cP4+iL+EH4ldaIuu9s=,tag:pc5UtjbNPsVOEMCdLKgGMA==,type:comment] #ENC[AES256_GCM,data:zmSByl0De3a39qLbS99oce7ORe2BBoPa+3I05/YYxL7iBeWCP3ZK,iv:6nUTBUFpNK7Mttckqu6Wk/QJ5cP4+iL+EH4ldaIuu9s=,tag:pc5UtjbNPsVOEMCdLKgGMA==,type:comment]
#ENC[AES256_GCM,data:ZWlAWAthigdTlfHrQl1x8eSj+gv4Gj1poZfPViu1mVz/ZmUJFZyCSkdIg0CPdNNF38TE0iabBk+o7aHkFmIFz18hjVYAk4M2E034qg==,iv:jU+2E+XAILgFNyMkGZ1CMJ83q7V/yyEJwHXWw05RlHo=,tag:n8w0/ktmum5P31vMWJVxgA==,type:comment]
postfix_passwd: ENC[AES256_GCM,data:3ndIsTGPyAQELM8lptBK241a3p77fNijXma4souFKnyrkLBpZ4OP6KWuldFlWySpSG7Yme0by5gOzg==,iv:nYuJKeY4H3OfQleLo7gvheT5JHgXW3hGQvjHeEEN260=,tag:q952E/0QLC49O5Rwua0RWQ==,type:str] postfix_passwd: ENC[AES256_GCM,data:3ndIsTGPyAQELM8lptBK241a3p77fNijXma4souFKnyrkLBpZ4OP6KWuldFlWySpSG7Yme0by5gOzg==,iv:nYuJKeY4H3OfQleLo7gvheT5JHgXW3hGQvjHeEEN260=,tag:q952E/0QLC49O5Rwua0RWQ==,type:str]
#ENC[AES256_GCM,data:UcpnHZj5xr8P64PzhWVKbFy8pvFM9GCz2mDoW/6iRVqgLTL0FSn6KXep/kfLEnYiqv5ZpsVZjjXsbI5VRJfBo7w4kzX661oDU8323DfQHDkbo2g=,iv:nEApgutl5kjfZkwi9WTOwatraM3+TQqFgk5gEMw0rwA=,tag:Q4gndL+6q7jHN02QCpJDjw==,type:comment] #ENC[AES256_GCM,data:UcpnHZj5xr8P64PzhWVKbFy8pvFM9GCz2mDoW/6iRVqgLTL0FSn6KXep/kfLEnYiqv5ZpsVZjjXsbI5VRJfBo7w4kzX661oDU8323DfQHDkbo2g=,iv:nEApgutl5kjfZkwi9WTOwatraM3+TQqFgk5gEMw0rwA=,tag:Q4gndL+6q7jHN02QCpJDjw==,type:comment]
#ENC[AES256_GCM,data:3oMbbBSrbjrqsdiON1ENB8JeKW0=,iv:+/eL/51OA+VHbkWWSNzQId5BlxnMm+5NBA0uKw010Tk=,tag:vBJpCYmvFivBYIKatDWgHw==,type:comment] #ENC[AES256_GCM,data:3oMbbBSrbjrqsdiON1ENB8JeKW0=,iv:+/eL/51OA+VHbkWWSNzQId5BlxnMm+5NBA0uKw010Tk=,tag:vBJpCYmvFivBYIKatDWgHw==,type:comment]
@@ -60,7 +66,7 @@ sops:
U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg U0tmdFBuZnJES3piOTZNV0VKQmQ0eVUKCWRQ/flLzmpC64WyLoipklZBmrkpYiUg
PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA== PRu+itNolpPTHm96pe+P93g2iP0wgekG0cX21wkiU2xaLF3dY2FEIA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-11-05T05:51:29Z" lastmodified: "2026-01-28T21:02:05Z"
mac: ENC[AES256_GCM,data:y4KF/ImqWzga34UIjn8ohvR4Ktu785vNgyxLDxJZOvqZNsShlgSBQ+EnJ6TgG3Ghyo6n3frcMBaZJLP4QJVqsoigUMqqOdhp3xxLRQSV5c5GbmKscW2q/xdkKqnqbANDWxQ4FWd7n/CfH+FDxtRoWgkptRzhpqYEdXxFRjzR5jo=,iv:KJYp8BmuXyuDkpRH/ZjahT8tG4NoG7Y4XFJ9Q4GntLg=,tag:sr9HQCuynFXwYT7Ulbyerg==,type:str] mac: ENC[AES256_GCM,data:b9aX43ViObNX29DkVNHtwkQRm26PRe2rZYhDnL1ZYLLWyaO3OGP9+rM4vHT0lyuowQ6+Ur3IMPVpUSziXYLh3mtxr0hyYy5Y1miBuIxXYLBi3oLRTW1TgZdklzFDVL3c1GT4lXEh4q9KG3dP64r9/8dvjO2iRIosZ93/l0pIi3A=,iv:/gdNfVy8UiQsIRAHh2jiha5fL+wmfgp0srxt17Ry4Xs=,tag:YdVbvpBnQSaIarGIfiTzKQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.11.0 version: 3.11.0

0
users/blake/assets/icons/critical_128px.png → users/blake/assets/icons/alert/critical_128px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.5 KiB

After

Width:  |  Height:  |  Size: 2.5 KiB

0
users/blake/assets/icons/critical_32px.png → users/blake/assets/icons/alert/critical_32px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 723 B

After

Width:  |  Height:  |  Size: 723 B

0
users/blake/assets/icons/critical_64px.png → users/blake/assets/icons/alert/critical_64px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 KiB

After

Width:  |  Height:  |  Size: 1.3 KiB

0
users/blake/assets/icons/normal_128px.png → users/blake/assets/icons/alert/normal_128px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 2.4 KiB

After

Width:  |  Height:  |  Size: 2.4 KiB

0
users/blake/assets/icons/normal_32px.png → users/blake/assets/icons/alert/normal_32px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 693 B

After

Width:  |  Height:  |  Size: 693 B

0
users/blake/assets/icons/normal_64px.png → users/blake/assets/icons/alert/normal_64px.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 1.3 KiB

After

Width:  |  Height:  |  Size: 1.3 KiB

1
users/blake/assets/icons/cursors/posy_dark/cursors/00000000000000020006000e7e9ffc3f Symbolic link
View File

@@ -0,0 +1 @@
background

1
users/blake/assets/icons/cursors/posy_dark/cursors/00008160000006810000408080010102 Symbolic link
View File

@@ -0,0 +1 @@
size_NS

1
users/blake/assets/icons/cursors/posy_dark/cursors/028006030e0e7ebffc7f7070c0600140 Symbolic link
View File

@@ -0,0 +1 @@
size_EW

1
users/blake/assets/icons/cursors/posy_dark/cursors/03b6e0fcb3499374a867c041f52298f0 Symbolic link
View File

@@ -0,0 +1 @@
forbidden

1
users/blake/assets/icons/cursors/posy_dark/cursors/08e8e1c95fe2fc01f976f1e063a24ccd Symbolic link
View File

@@ -0,0 +1 @@
background

1
users/blake/assets/icons/cursors/posy_dark/cursors/1081e37283d90000800003c07f3ef6bf Symbolic link
View File

@@ -0,0 +1 @@
default

1
users/blake/assets/icons/cursors/posy_dark/cursors/14fef782d02440884392942c11205230 Symbolic link
View File

@@ -0,0 +1 @@
size_EW

1
users/blake/assets/icons/cursors/posy_dark/cursors/2870a09082c103050810ffdffffe0204 Symbolic link
View File

@@ -0,0 +1 @@
size_NS

1
users/blake/assets/icons/cursors/posy_dark/cursors/3085a0e285430894940527032f8b26df Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/3ecb610c1bf2410f44200f48c40d3599 Symbolic link
View File

@@ -0,0 +1 @@
background

1
users/blake/assets/icons/cursors/posy_dark/cursors/4498f0e0c1937ffe01fd06f973665830 Symbolic link
View File

@@ -0,0 +1 @@
hand

1
users/blake/assets/icons/cursors/posy_dark/cursors/5c6cd98b3f3ebcb1f9c7f1c204630408 Symbolic link
View File

@@ -0,0 +1 @@
help

1
users/blake/assets/icons/cursors/posy_dark/cursors/6407b0e94181790501fd1e167b474872 Symbolic link
View File

@@ -0,0 +1 @@
default

1
users/blake/assets/icons/cursors/posy_dark/cursors/640fb0e74195791501fd1ed57b41487f Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/9081237383d90e509aa00f00170e968f Symbolic link
View File

@@ -0,0 +1 @@
hand

1
users/blake/assets/icons/cursors/posy_dark/cursors/9d800788f1b08800ae810202380a0822 Symbolic link
View File

@@ -0,0 +1 @@
hand

1
users/blake/assets/icons/cursors/posy_dark/cursors/X_cursor Symbolic link
View File

@@ -0,0 +1 @@
forbidden

1
users/blake/assets/icons/cursors/posy_dark/cursors/aero_busy Symbolic link
View File

@@ -0,0 +1 @@
wait

1
users/blake/assets/icons/cursors/posy_dark/cursors/aero_working Symbolic link
View File

@@ -0,0 +1 @@
background

1
users/blake/assets/icons/cursors/posy_dark/cursors/alias Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/all-scroll Symbolic link
View File

@@ -0,0 +1 @@
move

BIN
users/blake/assets/icons/cursors/posy_dark/cursors/alt Normal file
View File

Binary file not shown.

1
users/blake/assets/icons/cursors/posy_dark/cursors/arrow Symbolic link
View File

@@ -0,0 +1 @@
default

BIN
users/blake/assets/icons/cursors/posy_dark/cursors/background Normal file
View File

Binary file not shown.

1
users/blake/assets/icons/cursors/posy_dark/cursors/bd_double_arrow Symbolic link
View File

@@ -0,0 +1 @@
size_NeSw

BIN
users/blake/assets/icons/cursors/posy_dark/cursors/beam Normal file
View File

Binary file not shown.

1
users/blake/assets/icons/cursors/posy_dark/cursors/bottom_left_corner Symbolic link
View File

@@ -0,0 +1 @@
size_NeSw

1
users/blake/assets/icons/cursors/posy_dark/cursors/bottom_right_corner Symbolic link
View File

@@ -0,0 +1 @@
size_NwSe

1
users/blake/assets/icons/cursors/posy_dark/cursors/bottom_side Symbolic link
View File

@@ -0,0 +1 @@
size_NS

1
users/blake/assets/icons/cursors/posy_dark/cursors/bottom_tee Symbolic link
View File

@@ -0,0 +1 @@
size_NS

1
users/blake/assets/icons/cursors/posy_dark/cursors/c7088f0f3e6c8088236ef8e1e3e70000 Symbolic link
View File

@@ -0,0 +1 @@
size_NeSw

1
users/blake/assets/icons/cursors/posy_dark/cursors/cell Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/center_ptr Symbolic link
View File

@@ -0,0 +1 @@
alt

1
users/blake/assets/icons/cursors/posy_dark/cursors/circle Symbolic link
View File

@@ -0,0 +1 @@
forbidden

1
users/blake/assets/icons/cursors/posy_dark/cursors/closedhand Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/col-resize Symbolic link
View File

@@ -0,0 +1 @@
size_EW

1
users/blake/assets/icons/cursors/posy_dark/cursors/color-picker Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/context-menu Symbolic link
View File

@@ -0,0 +1 @@
default

1
users/blake/assets/icons/cursors/posy_dark/cursors/copy Symbolic link
View File

@@ -0,0 +1 @@
default

1
users/blake/assets/icons/cursors/posy_dark/cursors/cross Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/cross_reverse Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/crossed_circle Symbolic link
View File

@@ -0,0 +1 @@
forbidden

1
users/blake/assets/icons/cursors/posy_dark/cursors/crosshair Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/cursor Symbolic link
View File

@@ -0,0 +1 @@
default

1
users/blake/assets/icons/cursors/posy_dark/cursors/d9ce0ab605698f320427677b458ad60b Symbolic link
View File

@@ -0,0 +1 @@
help

BIN
users/blake/assets/icons/cursors/posy_dark/cursors/default Normal file
View File

Binary file not shown.

1
users/blake/assets/icons/cursors/posy_dark/cursors/diamond_cross Symbolic link
View File

@@ -0,0 +1 @@
precise

1
users/blake/assets/icons/cursors/posy_dark/cursors/dnd-ask Symbolic link
View File

@@ -0,0 +1 @@
help

1
users/blake/assets/icons/cursors/posy_dark/cursors/dnd-link Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/dnd-move Symbolic link
View File

@@ -0,0 +1 @@
move

1
users/blake/assets/icons/cursors/posy_dark/cursors/dnd-none Symbolic link
View File

@@ -0,0 +1 @@
link

1
users/blake/assets/icons/cursors/posy_dark/cursors/dnd_no_drop Symbolic link
View File

@@ -0,0 +1 @@
forbidden

1
users/blake/assets/icons/cursors/posy_dark/cursors/dot_box_mask Symbolic link
View File

@@ -0,0 +1 @@
default

Some files were not shown because too many files have changed in this diff Show More