TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-11 09:44:08 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

starting

Browse source
This commit is contained in:
TheWanderingCrow 2025-05-18 20:24:35 -04:00
parent bc81713c7d
commit 2b95839d67
92 changed files with 7 additions and 4495 deletions
Download patch file Download diff file Expand all files Collapse all files

53
modules/core.nix
View file

@ -1,53 +0,0 @@
{
inputs,
config,
pkgs,
...
}: {
config = {
system.stateVersion = "24.05";
time.timeZone = "America/New_York";
nix.settings = {
experimental-features = ["flakes" "nix-command"];
trusted-users = ["@wheel"];
#substituters = [" https://cache.wanderingcrow.net/wce-cache"];
#trusted-public-keys = ["wce-cache:s5otDeH048aZEGwQ2EQn6UfFJn6YgP71bcOok1jX1Q0="];
};
users.mutableUsers = false;
users.users.root.hashedPassword = "$y$j9T$pEz.3JBh6Ft3FIYrp14Ti1$RQsOWum40HbwEb7t69LGjUCh6E9w/ANi7lNIopGsu0A";
environment.variables = {
EDITOR = "nvim";
VISUAL = "nvim";
NIXPKGS_ALLOW_UNFREE = 1;
};
fonts.packages = with pkgs; [
font-awesome
nerd-fonts.noto
nerd-fonts.hack
nerd-fonts.jetbrains-mono
];
nixpkgs = {
config = {
allowUnfree = true;
permittedInsecurePackages =
[
"SDL_ttf-2.0.11"
]
++ (
if config.module.gaming.enable
then [
"dotnet-runtime-wrapped-7.0.20"
"dotnet-runtime-7.0.20"
]
else []
);
};
overlays = [
];
};
};
}

11
modules/default.nix
View file

@ -1,11 +0,0 @@
{
imports = [
./core.nix
./options.nix
./users
./desktops
./hardware
./software
./security
];
}

11
modules/desktops/default.nix
View file

@ -1,11 +0,0 @@
{
lib,
config,
...
}: {
imports = [
# Wayland desktops here
./sway.nix
./kde.nix
];
}

17
modules/desktops/kde.nix
View file

@ -1,17 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}:
lib.mkIf config.desktop.kde.enable {
services.desktopManager.plasma6 = {
enable = true;
};
services.displayManager.sddm = {
enable = true;
wayland.enable = true;
};
}

41
modules/desktops/sway.nix
View file

@ -1,41 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}: {
config = {
programs.sway = lib.mkIf config.desktop.sway.enable {
enable = true;
xwayland.enable = true;
extraPackages = with pkgs; [
foot
wofi
swaynotificationcenter
udiskie
polkit_gnome
swayidle
sway-audio-idle-inhibit
swaylock-effects
sway-contrib.grimshot
waybar
wl-clipboard
xorg.xrandr
hyprlock
grim
slurp
swappy
wljoywake
];
};
programs.dconf.enable = true;
environment = lib.mkIf config.desktop.sway.enable {
sessionVariables = {
NIXOS_OZONE_WL = "1";
WLR_NO_HARDWARE_CURSORS = "1";
};
};
};
}

9
modules/hardware/audio.nix
View file

@ -1,9 +0,0 @@
{
services.pulseaudio.support32Bit = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
}

13
modules/hardware/default.nix
View file

@ -1,13 +0,0 @@
{
lib,
config,
...
}: {
imports = [
./network.nix
./audio.nix
./graphics.nix
];
hardware.uinput.enable = true;
}

3
modules/hardware/graphics.nix
View file

@ -1,3 +0,0 @@
{config, ...}: {
hardware.graphics.enable32Bit = config.module.gaming.enable;
}

3
modules/hardware/network.nix
View file

@ -1,3 +0,0 @@
{
config.networking.networkmanager.enable = true;
}

114
modules/options.nix
View file

@ -1,114 +0,0 @@
{
config,
lib,
...
}: {
# Start definitions for mkEnableOptions
options = {
module = {
enable = lib.mkEnableOption "enables packages";
core.enable = lib.mkEnableOption "enables required packages";
gui.enable = lib.mkEnableOption "enables gui+DE packages";
programming.enable = lib.mkEnableOption "enables programming packages";
hacking.enable = lib.mkEnableOption "enables hacking packages";
mudding.enable = lib.mkEnableOption "enables mudding packages";
gaming.enable = lib.mkEnableOption "enables gaming packages";
os-gaming.enable = lib.mkEnableOption "enables some neat but obscure open-source games";
appdevel.enable = lib.mkEnableOption "enables app development in flutter";
vr.enable = lib.mkEnableOption "enables VR utilities";
art.enable = lib.mkEnableOption "enabled graphical art stuff";
hobbies.enable = lib.mkEnableOption "some misc packages related to hobbies";
};
software = {
keyd.enable = lib.mkEnableOption "enabled keyd overrides (useful for non-QMK enabled devices)";
usershell.enable = lib.mkEnableOption "opinionated usershell";
docker.enable = lib.mkEnableOption "enable rootless docker";
};
user = {
enable = lib.mkEnableOption "enables users";
crow = {
enable = lib.mkEnableOption "enable crow";
home.enable = lib.mkEnableOption "enable home configuration";
};
dragneel = {
enable = lib.mkEnableOption "enable dragneel";
home.enable = lib.mkEnableOption "enable home configuration";
};
overseer = {
enable = lib.mkEnableOption "enable container overseer user";
};
live = {
enable = lib.mkEnableOption "enable live disk user";
};
};
desktop = {
sway.enable = lib.mkEnableOption "enables sway";
swayfx.enable = lib.mkEnableOption "enable sway with eye candy";
niri.enable = lib.mkEnableOption "enable niri window manager";
kde.enable = lib.mkEnableOption "KDE with Plasma6";
};
ricing = {
basic.enable = lib.mkEnableOption "enable basic ricing";
wasteland.enable = lib.mkEnableOption "post-collapse themed rice";
};
};
# Set default option states in config
config = {
module = {
enable = lib.mkDefault true;
core.enable = lib.mkDefault true;
gui.enable = lib.mkDefault false;
programming.enable = lib.mkDefault false;
hacking.enable = lib.mkDefault false;
mudding.enable = lib.mkDefault false;
gaming.enable = lib.mkDefault false;
os-gaming.enable = lib.mkDefault false;
appdevel.enable = lib.mkDefault false;
vr.enable = lib.mkDefault false;
art.enable = lib.mkDefault false;
hobbies.enable = lib.mkDefault false;
};
software = {
keyd.enable = lib.mkDefault false;
usershell.enable = lib.mkDefault true;
docker.enable = lib.mkDefault false;
};
user = {
enable = lib.mkDefault true;
crow = {
enable = lib.mkDefault false;
home.enable = lib.mkDefault config.user.crow.enable;
};
dragneel = {
enable = lib.mkDefault false;
home.enable = lib.mkDefault config.user.dragneel.enable;
};
overseer = {
enable = lib.mkDefault false;
};
live = {
enable = lib.mkDefault false;
};
};
# Desktop options are declared in their relevant modules in module/desktops
desktop = {
sway.enable = lib.mkDefault false;
swayfx.enable = lib.mkDefault false;
niri.enable = lib.mkDefault false;
kde.enable = lib.mkDefault false;
};
ricing = {
basic.enable = lib.mkDefault true;
wasteland.enable = lib.mkDefault false;
};
};
}

6
modules/security/default.nix
View file

@ -1,6 +0,0 @@
{
imports = [
./users.nix
./ssh.nix
];
}

15
modules/security/ssh.nix
View file

@ -1,15 +0,0 @@
{
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "prohibit-password";
PasswordAuthentication = false;
};
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
};
}

3
modules/security/users.nix
View file

@ -1,3 +0,0 @@
{
security.sudo.wheelNeedsPassword = false;
}

9
modules/software/default.nix
View file

@ -1,9 +0,0 @@
{
imports = [
./docker.nix
./programs.nix
./keyd.nix
./usershell.nix
./xdg.nix
];
}

13
modules/software/docker.nix
View file

@ -1,13 +0,0 @@
{
config,
lib,
...
}: {
virtualisation.docker = lib.mkIf config.software.docker.enable {
enable = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
}

35
modules/software/keyd.nix
View file

@ -1,35 +0,0 @@
{
lib,
config,
...
}: {
config.services.keyd = lib.mkIf config.software.keyd.enable {
enable = true;
keyboards.default = {
ids = ["*"];
settings = {
main = {
capslock = "layer(standardL2)";
};
standardL2 = {
w = "up";
s = "down";
a = "left";
d = "right";
b = "C-b";
space = "playpause";
"." = "nextsong";
"," = "previoussong";
"[" = "delete";
"]" = "end";
escape = "~";
home = "end";
};
};
};
};
}

153
modules/software/programs.nix
View file

@ -1,153 +0,0 @@
{
inputs,
pkgs,
lib,
config,
...
}: {
environment.systemPackages = with pkgs;
(
# Core packages
if config.module.core.enable
then [
vim
wget
screen
git
curl
tmux
pulseaudio
ouch
restic
file
usbutils
fastfetch
rclone
]
else []
)
++ (
if config.module.gui.enable
then [
# Writing
hunspellDicts.en-us
libreoffice
hunspell
# Audio
pavucontrol
pulsemixer
noisetorch
easyeffects
# Communication
mattermost-desktop
slack
zoom-us
vesktop
discord
signal-desktop
teamspeak_client
# Music
spotify
# Utilities
gimp
pulseaudio-ctl
playerctl
brightnessctl
calibre
freecad-wayland
]
else []
)
++ (
if config.module.programming.enable
then [
inputs.nvix.packages.${pkgs.system}.default
jwt-cli
jq
cloc
meld
]
else []
)
++ (
if config.module.hacking.enable
then [
metasploit
exploitdb
ghidra
wireshark
termshark
nmap
hashcat
dirstalk
rtl-sdr
]
else []
)
++ (
if config.module.mudding.enable
then [
mudlet
]
else []
)
++ (
if config.module.appdevel.enable
then [
flutter
waydroid
ungoogled-chromium
]
else []
)
++ (
if config.module.gaming.enable
then [
obs-studio
olive-editor
steam
protontricks
protonup-qt
steamtinkerlaunch
prismlauncher
mudlet
gamescope
gamemode
r2modman
vintagestory
]
else []
)
++ (
if config.module.os-gaming.enable
then [
widelands
wesnoth
ufoai
cataclysm-dda
# redeclipse
megaglest
# savagexr if it existed
superTuxKart
# openra but it's insecure
openttd
xonotic
supermariowar
]
else []
)
++ (
if config.module.hobbies.enable
then [
python312Packages.meshtastic
brewtarget
krita
pureref
]
else []
);
}

89
modules/software/usershell.nix
View file

@ -1,89 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
config = lib.mkIf config.software.usershell.enable {
programs.zsh = {
enable = true;
autosuggestions = {
enable = true;
async = true;
};
syntaxHighlighting = {
enable = true;
};
shellAliases = {
lah = "ls -lah";
set-nixpkgs-upstream = "git remote add upstream https://github.com/NixOS/nixpkgs.git";
nup = "sudo nixos-rebuild switch --flake .";
};
};
programs.starship = let
raisin_black = "#262932";
blood_red = "#710000";
rich_lemon = "#FDF500";
keppel = "#1AC5B0";
electric_blue = "#36EBF3";
blushing_purple = "#9370DB";
frostbite = "#E455AE";
steel_pink = "#CB1DCD";
pale_silver = "#D1C5C0";
in {
enable = true;
settings = {
format = "[ ](${rich_lemon})[ CrOS](bg:${rich_lemon} fg:${raisin_black})$username$hostname[ ](fg:${rich_lemon} bg:${blushing_purple})$directory[ ](fg:${blushing_purple} bg:${frostbite})$git_branch$git_status[ ](fg:${frostbite} bg:${steel_pink})$nix_shell[ ](${steel_pink})";
right_format = "[ ](${rich_lemon})$time[ ](${rich_lemon})";
# Left Modules
username = {
disabled = false;
format = "[ $user]($style)";
style_user = "fg:${keppel} bg:${rich_lemon}";
style_root = "fg:${blood_red} bg:${rich_lemon}";
};
hostname = {
disabled = false;
format = "[@$hostname ]($style)";
style = "fg:${keppel} bg:${rich_lemon}";
ssh_only = false;
ssh_symbol = "";
};
directory = {
disabled = false;
format = "[ $path ]($style)";
style = "bg:${blushing_purple} fg:${raisin_black}";
truncation_length = 3;
truncation_symbol = "/";
};
git_branch = {
disabled = false;
format = "[ $symbol $branch ]($style)";
symbol = "";
style = "fg:${raisin_black} bg:${frostbite}";
};
git_status = {
disabled = false;
format = "[$all_status$ahead_behind]($style)";
style = "fg:${raisin_black} bg:${frostbite}";
};
nix_shell = {
disabled = false;
format = "[$symbol $name]($style)";
style = "bg:${steel_pink} fg:${electric_blue}";
symbol = "";
};
# Right Modules
time = {
disabled = false;
format = "[$time]($style)";
style = "fg:${raisin_black} bg:${rich_lemon}";
};
};
};
users.defaultUserShell = pkgs.zsh;
};
}

19
modules/software/xdg.nix
View file

@ -1,19 +0,0 @@
{pkgs, ...}: {
config.xdg.portal = {
xdgOpenUsePortal = true;
enable = true;
wlr.enable = true;
wlr.settings.screencast = {
output_name = "DP-1";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
lxqt.enable = true;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
pkgs.kdePackages.xdg-desktop-portal-kde
];
config.common.default = "*";
};
}

8
modules/users/crow/configs/direnv.nix
View file

@ -1,8 +0,0 @@
{
programs = {
direnv = {
enable = true;
nix-direnv.enable = true;
};
};
}

64
modules/users/crow/configs/firefox.nix
View file

@ -1,64 +0,0 @@
{
programs.firefox = {
enable = true;
policies = {
BlockAboutConfig = true;
DisableFirefoxStudies = true;
DisableFormHistory = true;
DisablePasswordReveal = true;
DisablePocket = true;
DisableProfileImport = true;
DontCheckDefaultBrowser = true;
EnableTrackingProtection = {
Value = true;
Locked = true;
Cryptomining = true;
Fingerprinting = true;
};
Homepage = {
URL = "https://home.wanderingcrow.net";
StartPage = "homepage";
};
OfferToSaveLogins = false;
PasswordManagerEnabled = false;
ExtensionSettings = {
#"*".installation_mode = "blocked";
"*".blocked_install_message = "Please manage extensions through your NixOS config";
# Bitwarden
"{446900e4-71c2-419f-a6a7-df9c091e268b}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/{446900e4-71c2-419f-a6a7-df9c091e268b}/latest.xpl";
default_area = "navbar";
};
"uBlock0@raymondhill.net" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/uBlock0@raymondhill.net/latest.xpl";
default_area = "menupanel";
};
# Vimium
"{d7742d87-e61d-4b78-b8a1-b469842139fa}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/{d7742d87-e61d-4b78-b8a1-b469842139fa}/latest.xpl";
default_area = "menupanel";
};
# Cookie CURL Dumper
"{12cf650b-1822-40aa-bff0-996df6948878}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/{12cf650b-1822-40aa-bff0-996df6948878}/latest.xpl";
default_area = "menupanel";
};
# Violentmonkey
"{aecec67f-0d10-4fa7-b7c7-609a2db280cf}" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/{aecec67f-0d10-4fa7-b7c7-609a2db280cf}/latest.xpl";
default_area = "menupanel";
};
"sponsorBlocker@ajay.app" = {
installation_mode = "force_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/sponsorBlocker@ajay.app/latest.xpl";
default_area = "menupanel";
};
};
};
};
}

16
modules/users/crow/configs/git.nix
View file

@ -1,16 +0,0 @@
{
programs.git = {
enable = true;
userName = "TheWanderingCrow";
userEmail = "contact@wanderingcrow.net";
extraConfig = {
init = {
defaultBranch = "main";
};
};
lfs = {
enable = true;
skipSmudge = true;
};
};
}

256
modules/users/crow/configs/hypr/hyprland.conf
View file

@ -1,256 +0,0 @@
################
### MONITORS ###
################
# See https://wiki.hyprland.org/Configuring/Monitors/
source = /home/crow/.config/hypr/monitors.conf
###################
### MY PROGRAMS ###
###################
# See https://wiki.hyprland.org/Configuring/Keywords/
# Set programs that you use
$terminal = foot
$menu = wofi --show run
#################
### AUTOSTART ###
#################
# Autostart necessary processes (like notifications daemons, status bars, etc.)
# Or execute your favorite apps at launch like this:
# exec-once = $terminal
# exec-once = nm-applet &
# exec-once = waybar & hyprpaper & firefox
# exec-once = mpvpaper -o "--loop-file=inf --hwdec=auto --no-audio" '*' .config/hypr/dedsec.mp4
exec-once = waybar
exec-once = swaync
exec-once = udiskie
exec-once = /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
###################
### IDLE CONFIG ###
###################
exec-once = swayidle -w timeout 300 'swaylock --screenshots --effect-blur 10x7 --effect-pixelate 20 --clock --indicator --indicator-thickness 6 --ring-color 6F6AB5' timeout 600 'hyprctl dispatch dpms off' resume 'hyprctl dispatch dpms on' before-sleep 'swaylock --screenshots --effect-blur 10x7 --effect-pixelate 20 --clock --indicator --indicator-thickness 6 --ring-color 6F6AB5'
#############################
### ENVIRONMENT VARIABLES ###
#############################
# See https://wiki.hyprland.org/Configuring/Environment-variables/
env = XCURSOR_SIZE,24
env = HYPRCURSOR_SIZE,24
#####################
### LOOK AND FEEL ###
#####################
# Refer to https://wiki.hyprland.org/Configuring/Variables/
# https://wiki.hyprland.org/Configuring/Variables/#general
general {
gaps_in = 5
gaps_out = 20
border_size = 2
# https://wiki.hyprland.org/Configuring/Variables/#variable-types for info about colors
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
col.inactive_border = rgba(595959aa)
# Set to true enable resizing windows by clicking and dragging on borders and gaps
resize_on_border = false
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
layout = dwindle
}
# https://wiki.hyprland.org/Configuring/Variables/#decoration
decoration {
rounding = 10
# Change transparency of focused and unfocused windows
active_opacity = 1.0
inactive_opacity = 1.0
drop_shadow = true
shadow_range = 4
shadow_render_power = 3
col.shadow = rgba(1a1a1aee)
# https://wiki.hyprland.org/Configuring/Variables/#blur
blur {
enabled = true
size = 3
passes = 1
vibrancy = 0.1696
}
}
# https://wiki.hyprland.org/Configuring/Variables/#animations
animations {
enabled = true
# Default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
dwindle {
pseudotile = true # Master switch for pseudotiling. Enabling is bound to mod + P in the keybinds section below
preserve_split = true # You probably want this
}
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
master {
new_status = master
}
# https://wiki.hyprland.org/Configuring/Variables/#misc
misc {
force_default_wallpaper = 2 # Set to 0 or 1 to disable the anime mascot wallpapers
disable_hyprland_logo = false # If true disables the random hyprland logo / anime girl background. :(
}
#############
### INPUT ###
#############
# https://wiki.hyprland.org/Configuring/Variables/#input
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
touchpad {
natural_scroll = false
}
}
# https://wiki.hyprland.org/Configuring/Variables/#gestures
gestures {
workspace_swipe = false
}
# Example per-device config
# See https://wiki.hyprland.org/Configuring/Keywords/#per-device-input-configs for more
device {
name = epic-mouse-v1
sensitivity = -0.5
}
####################
### KEYBINDINGSS ###
####################
# See https://wiki.hyprland.org/Configuring/Keywords/
$mod = SUPER # Sets "Windows" key as main modifier
bind = $mod SHIFT, Q, killactive
bind = $mod, Return, exec, $terminal
bind = $mod SHIFT, E, exit
bind = $mod SHIFT, N, exec, networkmanager_dmenu
bind = $mod, N, exec, swaync-client -t sw
bind = $mod, D, exec, $menu
bind = $mod SHIFT, D, exec, UDISKIE_DMENU_LAUNCHER="wofi" udiskie-dmenu -matching regex -dmenu -i -no-custom -multi-select
bind = $mod, P, pseudo
bind = $mod, J, togglesplit
bind = $mod, F, fullscreen
bind = $mod, Space, togglefloating
bind = $mod SHIFT, Z, exec, swaylock --screenshots --effect-blur 10x7 --effect-pixelate 20 --clock --indicator --indicator-thickness 6 --ring-color 6F6AB5
# lock on lid closed
bindl=,switch:Lid Switch, exec, swaylock --screenshots --effect-blur 10x7 --effect-pixelate 20 --clock --indicator --indicator-thickness 6 --ring-color 6F6AB5
# Move focus with mod + arrow keys
bind = $mod, left, movefocus, l
bind = $mod, right, movefocus, r
bind = $mod, up, movefocus, u
bind = $mod, down, movefocus, d
# Switch workspaces with mod + [0-9]
bind = $mod, 1, workspace, 1
bind = $mod, 2, workspace, 2
bind = $mod, 3, workspace, 3
bind = $mod, 4, workspace, 4
bind = $mod, 5, workspace, 5
bind = $mod, 6, workspace, 6
bind = $mod, 7, workspace, 7
bind = $mod, 8, workspace, 8
bind = $mod, 9, workspace, 9
bind = $mod, 0, workspace, 10
# Move active window to a workspace with mod + SHIFT + [0-9]
bind = $mod SHIFT, 1, movetoworkspacesilent, 1
bind = $mod SHIFT, 2, movetoworkspacesilent, 2
bind = $mod SHIFT, 3, movetoworkspacesilent, 3
bind = $mod SHIFT, 4, movetoworkspacesilent, 4
bind = $mod SHIFT, 5, movetoworkspacesilent, 5
bind = $mod SHIFT, 6, movetoworkspacesilent, 6
bind = $mod SHIFT, 7, movetoworkspacesilent, 7
bind = $mod SHIFT, 8, movetoworkspacesilent, 8
bind = $mod SHIFT, 9, movetoworkspacesilent, 9
bind = $mod SHIFT, 0, movetoworkspacesilent, 10
# Example special workspace (scratchpad)
bind = $mod, Minus, togglespecialworkspace, magic
bind = $mod SHIFT, Minus, movetoworkspacesilent, special:magic
# Scroll through existing workspaces with mod + scroll
bind = $mod, mouse_down, workspace, e+1
bind = $mod, mouse_up, workspace, e-1
# Move/resize windows with mod + LMB/RMB and dragging
bindm = $mod, mouse:272, movewindow
bindm = $mod, mouse:273, resizewindow
# Media controls:
bind = , XF86AudioRaiseVolume,exec, pulseaudio-ctl up
bind = , XF86AudioLowerVolume, exec, pulseaudio-ctl down
bind = , XF86AudioMute, exec, pulseaudio-ctl mute
bind = , XF86AudioMicMute, exec, pulseaudio-ctl mute-input
bind = , XF86AudioPlay, exec, playerctl play-pause
bind = , XF86AudioNext, exec, playerctl next
bind = , XF86AudioPrev, exec, playerctl previous
bind = , XF86MonBrightnessUp, exec, brightnessctl s +5%
bind = , XF86MonBrightnessDown, exec, brightnessctl s 5%-
bind = , Print, exec, grimshot --cursor copy area
##############################
### WINDOWS AND WORKSPACES ###
##############################
# See https://wiki.hyprland.org/Configuring/Window-Rules/ for more
# See https://wiki.hyprland.org/Configuring/Workspace-Rules/ for workspace rules
# Example windowrule v1
# windowrule = float, ^(kitty)$
# Example windowrule v2
# windowrulev2 = float,class:^(kitty)$,title:^(kitty)$
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.

58
modules/users/crow/configs/hypr/hyprlock.conf
View file

@ -1,58 +0,0 @@
# Colors
$white = rgba(255,255,255,1)
$transparent = rgba(0,0,0,0.2)
$black = rgba(0,0,0,1)
$error = rgba(255,0,0,1)
$warning = rgba(255,193,7,1)
# BACGROUND
background {
monitor =
path = ~/.config/hypr/lockscreen-1
contrast = 1
brightness = 0.5
vibrancy = 0.2
vibrancy_darkness = 0.2
}
general {
no_fade_in = true
no_fade_out = true
hide_cursor = false
grace = 0
disable_loading_bar = true
}
# TIME
label {
monitor =
text = cmd[update:1000] echo "$(date +"%-I:%M")"
color = $white
font_size = 95
font_family = JetBrains Mono Extrabold
position = 0, 200
halign = center
valign = center
}
# PASSWORD
input-field {
monitor =
size = 250, 60
outline_thickness = 2
dots_size = 0.2
dots_spacing = 0.35
dots_center = true
outer_color = $transparent
inner_color = $transparent
font_color = $white
fade_on_empty = false
rounding = -1
placeholder_text = <span>Password for $USER:</span>
hide_input = false
position = 0, -200
halign = center
valign = center
}

2
modules/users/crow/configs/hypr/parzival-monitors.conf
View file

@ -1,2 +0,0 @@
monitor=HDMI-A-1,1920x1080@74.97,0x0,1.0,transform,1
monitor=DP-2,2560x1440@169.83,1080x215,1.0

0
modules/users/crow/configs/hypr/parzival_mobile-monitors.conf
View file

15
modules/users/crow/configs/ssh.nix
View file

@ -1,15 +0,0 @@
{
programs.ssh = {
enable = true;
extraConfig = ''
Host github.com
User git
PreferredAuthentications publickey
IdentityFile /home/crow/.ssh/id_ed25519
Host Overseer
User overseer
HostName 192.168.0.30
IdentityFile /home/crow/.ssh/wanderingcrow
'';
};
}

19
modules/users/crow/configs/sway/parzival-monitors.conf
View file

@ -1,19 +0,0 @@
output HDMI-A-1 mode 1920x1080@74.973Hz
output HDMI-A-1 pos 0 0
output HDMI-A-1 transform 270
output DP-1 mode 2560x1440@169.831Hz
output DP-1 pos 1080 215
# Backgrounds
output HDMI-A-1 background /home/crow/.config/sway/background-2 fill
output DP-1 background /home/crow/.config/sway/background-1 fill
# Assign specific workspaces to specific outputs
workspace 1 output HDMI-A-1 # Firefox
workspace 2 output HDMI-A-1 # Comms
workspace 3 output DP-1 # Terminal
workspace 5 output DP-1 # Mudlet
# Assign wacom tablet to primary monitor
input type:tablet_tool map_to_output DP-1

14
modules/users/crow/configs/sway/parzival_framework-monitors.conf
View file

@ -1,14 +0,0 @@
output eDP-1 mode 2256x1504@59.999Hz
output eDP-1 pos 0 0
output "Lenovo Group Limited L15 U133NKFT" mode 1920x1080@60.000Hz
output "Lenovo Group Limited L15 U133NKFT" pos -1920 0
# Backgrounds
output * background /home/crow/.config/sway/background-3 fill
# Assign specific workspaces to specific outputs
workspace 1 output "Lenovo Group Limited L15 U133NKFT" # Firefox
workspace 2 output eDP-1 # Comms
workspace 3 output eDP-1 # Terminal
workspace 5 output "Lenovo Group Limited L15 U133NKFT" # Mudlet

1
modules/users/crow/configs/sway/parzival_mobile-monitors.conf
View file

@ -1 +0,0 @@
output * background /home/crow/.config/sway/background-3 fill

168
modules/users/crow/configs/sway/sway.conf
View file

@ -1,168 +0,0 @@
set $mod Mod4
###########################
### Systemd Integration ###
###########################
exec systemctl --user import-environment XDG_SESSION_TYPE XDG_CURRENT_DESKTOP
exec dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
################
### MONITORS ###
################
include /home/crow/.config/sway/monitors.conf
###################
### MY PROGRAMS ###
###################
set $term foot
set $menu wofi --show run | xargs swaymsg exec --
exec waybar
exec swaync
exec udiskie
exec /usr/lib/polkit-gnome/polkit-gnome-authentication-agent-1
###################
### IDLE CONFIG ###
###################
exec swayidle -w timeout 300 'hyprlock'
exec wljoywake # prevent screen sleep on joystick input
set $lock 'hyprlock'
bindswitch --reload --locked lid:on exec $lock
for_window [app_id="firefox"] inhibit_idle fullscreen
bindsym $mod+Shift+z exec $lock
### Input configuration
#
# Example configuration:
#
# input "2:14:SynPS/2_Synaptics_TouchPad" {
# dwt enabled
# tap enabled
# natural_scroll enabled
# middle_emulation enabled
# }
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.
###################
### KEYBINDINGS ###
###################
bindsym $mod+Return exec $term
bindsym $mod+Shift+q kill
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -B 'Yes, exit sway' 'swaymsg exit'
bindsym $mod+Shift+n exec networkmanager_dmenu
bindsym $mod+n exec swaync-client -t -sw
bindsym $mod+d exec $menu
bindsym $mod+Shift+d exec UDISKIE_DMENU_LAUNCHER="wofi" udiskie-dmenu -matching regex -dmenu -i -no-custom -multi-select
# Reload the configuration file
bindsym $mod+Shift+c reload
floating_modifier $mod normal
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
##################
### WORKSPACES ###
##################
bindsym $mod+1 workspace number 1
bindsym $mod+2 workspace number 2
bindsym $mod+3 workspace number 3
bindsym $mod+4 workspace number 4
bindsym $mod+5 workspace number 5
bindsym $mod+6 workspace number 6
bindsym $mod+7 workspace number 7
bindsym $mod+8 workspace number 8
bindsym $mod+9 workspace number 9
bindsym $mod+0 workspace number 10
# Move focused container to workspace
bindsym $mod+Shift+1 move container to workspace number 1
bindsym $mod+Shift+2 move container to workspace number 2
bindsym $mod+Shift+3 move container to workspace number 3
bindsym $mod+Shift+4 move container to workspace number 4
bindsym $mod+Shift+5 move container to workspace number 5
bindsym $mod+Shift+6 move container to workspace number 6
bindsym $mod+Shift+7 move container to workspace number 7
bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 10
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+b splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Move focus to the parent container
bindsym $mod+a focus parent
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# Return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
# Media controls:
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle
bindsym XF86AudioMicMute exec pulseaudio-ctl mute-input
bindsym XF86AudioPlay exec playerctl play-pause
bindsym XF86AudioNext exec playerctl next
bindsym XF86AudioPrev exec playerctl previous
bindsym XF86MonBrightnessUp exec brightnessctl s +5%
bindsym XF86MonBrightnessDown exec brightnessctl s 5%-
bindsym Print exec grim -g "$(slurp)" - | swappy -f -

17
modules/users/crow/configs/tmux.nix
View file

@ -1,17 +0,0 @@
{
programs.tmux = {
enable = true;
keyMode = "vi";
extraConfig = ''
bind | split-window -h
bind - split-window -v
unbind '"'
unbind %
bind -n M-Left select-pane -L
bind -n M-Right select-pane -R
bind -n M-Up select-pane -U
bind -n M-Down select-pane -D
'';
};
}

BIN
modules/users/crow/configs/wallpapers/cyber_defiance.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 1.5 MiB

BIN
modules/users/crow/configs/wallpapers/cyber_skyscrapers.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 571 KiB

BIN
modules/users/crow/configs/wallpapers/kali_lol.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 16 KiB

BIN
modules/users/crow/configs/wallpapers/wrecked_ship.jpg
View file

Binary file not shown.
Side by side

Before

Width:  |  Height:  |  Size: 4.5 MiB

235
modules/users/crow/configs/waybar.nix
View file

@ -1,235 +0,0 @@
{osConfig, ...}: let
# screenshots/og_waybar.jpg
og_waybar = {
jsonc = {
mainBar = {
layer = "top";
position = "top";
height = 30;
spacing = 4;
mode = "dock";
margin = "10";
modules-left = ["sway/workspaces"];
modules-center = ["clock"];
modules-right = ["network" "battery" "backlight" "pulseaudio" "tray"];
tray = {
spacing = 10;
};
"sway/workspaces" = {
format = "{icon}";
format-icons = {
"1" = "󰈹";
"2" = "";
"3" = "";
"4" = "󰎆";
"5" = "󰓥";
"urgent" = "";
"active" = "";
"default" = "";
};
sort-by-number = true;
persistent-workspaces = {
"1" = ["HDMI-A-1"];
"2" = ["HDMI-A-1"];
"3" = ["DP-1"];
};
};
clock = {
tooltip-format = "<big>{:%Y %B}</big>\n<tt><small>{calendar}</small></tt>";
format-alt = "{:%m-%d-%Y}";
};
network = {
format-wifi = "{essid} ({signalStrength}%) ";
format-ethernet = "{ipaddr}/{cidr} ";
tooltip-format = "{ifname} via {gwaddr} ";
format-linked = "{ifname} (No IP) ";
format-disconnected = "Disconnected ";
format-alt = "{ifname}: {ipaddr}/{cidr}";
};
battery = {
states = {
warning = 30;
critical = 15;
};
format = "{capacity}% {icon}";
format-full = "{capacity}% {icon}";
format-charging = "{capacity}% ";
format-plugged = "{capacity}% ";
format-alt = "{time} {icon}";
format-icons = ["" "" "" "" ""];
interval = 30;
};
backlight = {
format = "{percent}% {icon}";
format-icons = ["󰃞" "󰃟" "󰃠"];
};
pulseaudio = {
format = "{volume}% {icon} {format_source}";
format-bluetooth = "{volume}% {icon} {format_source}";
format-bluetooth-muted = " {icon} {format_source}";
format-muted = " {format_source}";
format-source = "{volume}% ";
format-source-muted = "";
format-icons = {
headphone = "";
hands-free = "";
headset = "";
phone = "";
portable = "";
car = "";
default = ["" "" ""];
};
on-click = "pavucontrol";
};
};
};
style = ''
@define-color fg #AAB775;
@define-color bg #060617;
@define-color disabled #a5a5a5;
@define-color alert #f53c3c;
@define-color activegreen #8fb666;
* {
min-height: 0;
font-family: "JetBrainsMono Nerd Font", "Hack Nerd Font", "Font Awesome 6 Free Regular", "Font Awesome 6 Free Solid", "Font Awesome 6 Brands";
font-size: 14px;
}
window#waybar {
color: @fg;
background: @bg;
transition-property: background-color;
border-radius: 25px;
transition-duration: 0.5s;
}
window#waybar.empty {
opacity: 0.3;
}
button {
/* Use box-shadow instead of border so the text isn't offset */
box-shadow: inset 0 -3px transparent;
/* Avoid rounded borders under each button name */
border: none;
border-radius: 0;
}
/* https://github.com/Alexays/Waybar/wiki/FAQ#the-workspace-buttons-have-a-strange-hover-effect */
button:hover {
background: inherit;
box-shadow: inset 0 -3px transparent;
}
#workspaces button {
color: @fg;
/* padding : 0px 5px; */
}
#workspaces button.urgent {
color: @alert;
}
#workspaces button.empty {
color: @disabled;
}
#workspaces button.active {
border-bottom: 2px solid #DCAA9B;
border-radius: 0;
margin-top: 2px;
color: #DCAA9B;
transition: none;
}
/* If workspaces is the leftmost module, omit left margin */
.modules-left > widget:first-child > #workspaces {
margin-left: 0;
}
/* If workspaces is the rightmost module, omit right margin */
.modules-right > widget:last-child > #workspaces {
margin-right: 0;
}
#clock,
#battery,
#cpu,
#memory,
#disk,
#temperature,
#language,
#backlight,
#backlight-slider,
#network,
#pulseaudio,
#wireplumber,
#custom-media,
#taskbar,
#tray,
#tray menu,
#tray > .needs-attention,
#tray > .passive,
#tray > .active,
#mode,
#idle_inhibitor,
#scratchpad,
#custom-power,
#window,
#mpd {
padding: 0px 5px;
padding-right: 10px;
margin: 3px 3px;
color: @fg;
}
#custom-power {
color: @fg;
padding-left: 10px;
}
#custom-separator {
color: @disabled;
}
#network.disconnected,
#pulseaudio.muted,
#wireplumber.muted {
color: @alert;
}
#battery.charging,
#battery.plugged {
color: #26a65b;
}
label:focus {
background-color: #333333;
}
#battery.critical:not(.charging) {
background-color: @alert;
color: @fg;
animation-name: blink;
animation-duration: 0.5s;
animation-timing-function: linear;
animation-iteration-count: infinite;
animation-direction: alternate;
}
'';
};
in {
programs.waybar = {
enable = true;
settings =
if osConfig.ricing.basic.enable
then og_waybar.jsonc
else {};
style =
if osConfig.ricing.basic.enable
then og_waybar.style
else "";
};
}

5
modules/users/crow/configs/zsh.nix
View file

@ -1,5 +0,0 @@
{
programs.zsh = {
enable = true;
};
}

10
modules/users/crow/default.nix
View file

@ -1,10 +0,0 @@
{
lib,
config,
...
}: {
imports = [
./user.nix
./secrets.nix
];
}

56
modules/users/crow/home.nix
View file

@ -1,56 +0,0 @@
{
osConfig,
config,
inputs,
pkgs,
lib,
...
}: let
hyprMonitorConfig =
if osConfig.networking.hostName == "Parzival"
then ./configs/hypr/parzival-monitors.conf
else if osConfig.networking.hostName == "Parzival-Mobile" || osConfig.networking.hostName == "Parzival-Framework"
then ./configs/hypr/parzival_mobile-monitors.conf
else null;
swayMonitorConfig =
if osConfig.networking.hostName == "Parzival"
then ./configs/sway/parzival-monitors.conf
else if osConfig.networking.hostName == "Parzival-Mobile"
then ./configs/sway/parzival_mobile-monitors.conf
else if osConfig.networking.hostName == "Parzival-Framework"
then ./configs/sway/parzival_framework-monitors.conf
else null;
in {
imports = [
./configs/firefox.nix
./configs/waybar.nix
./configs/tmux.nix
./configs/git.nix
./configs/ssh.nix
./configs/zsh.nix
./configs/direnv.nix
];
home = {
username = "crow";
homeDirectory = "/home/crow";
stateVersion = "24.05";
# Hyprland
file.".config/hypr/hyprland.conf".source = ./configs/hypr/hyprland.conf;
file.".config/hypr/monitors.conf".source = lib.mkIf (hyprMonitorConfig != null) hyprMonitorConfig;
file.".config/hypr/hyprlock.conf".source = ./configs/hypr/hyprlock.conf;
# Sway
file.".config/sway/config".source = ./configs/sway/sway.conf;
file.".config/sway/monitors.conf".source = lib.mkIf (swayMonitorConfig != null) swayMonitorConfig;
file.".config/sway/background-1".source = ./configs/wallpapers/cyber_defiance.jpg;
file.".config/sway/background-2".source = ./configs/wallpapers/cyber_skyscrapers.jpg;
file.".config/sway/background-3".source = ./configs/wallpapers/kali_lol.jpg;
file.".config/hypr/lockscreen-1".source = ./configs/wallpapers/wrecked_ship.jpg;
};
xdg = {
configHome = "/home/crow/.config";
enable = true;
};
}

71
modules/users/crow/secrets.nix
View file

@ -1,71 +0,0 @@
{
lib,
inputs,
config,
...
}:
lib.mkIf config.user.crow.enable {
sops = {
defaultSopsFile = inputs.nix-secrets.secrets.parzival;
age.keyFile = "/var/lib/sops-nix/key.txt";
age.generateKey = true;
};
#######
# AWS #
#######
sops.secrets."aws/wce/access_key" = {};
sops.secrets."aws/wce/secret_key" = {};
sops.secrets."aws/work/access_key" = {};
sops.secrets."aws/work/secret_key" = {};
sops.templates."aws_shared_config" = {
owner = config.users.users.crow.name;
content = ''
[default]
aws_access_key_id=${config.sops.placeholder."aws/work/access_key"}
aws_secret_access_key=${config.sops.placeholder."aws/work/secret_key"}
[wce]
aws_access_key_id=${config.sops.placeholder."aws/wce/access_key"}
aws_secret_access_key=${config.sops.placeholder."aws/wce/secret_key"}
'';
};
system.userActivationScripts.link_aws_secrets.text = ''
rm -rf /home/crow/.aws
mkdir -p /home/crow/.aws
ln -s ${config.sops.templates."aws_shared_config".path} /home/crow/.aws/credentials
'';
################
# DigitalOcean #
################
sops.secrets."digitalocean/token" = {
owner = config.users.users.crow.name;
};
##############
# Cloudflare #
##############
sops.secrets."cloudflare/token" = {
owner = config.users.users.crow.name;
};
sops.secrets."backblaze/id" = {
owner = config.users.users.crow.name;
};
sops.secrets."backblaze/key" = {
owner = config.users.users.crow.name;
};
sops.secrets."restic/wce-media-backup/endpoint" = {
owner = config.users.users.crow.name;
};
sops.secrets."restic/wce-media-backup/password" = {
owner = config.users.users.crow.name;
};
}

17
modules/users/crow/user.nix
View file

@ -1,17 +0,0 @@
{
inputs,
lib,
config,
...
}: {
users.users.crow = lib.mkIf config.user.crow.enable {
isNormalUser = true;
hashedPassword = "$y$j9T$wDC7wMJxCLNvdf8L8s6jZ.$U06F381x07fzu.updEsoegiWtbFvsrRJ7DLN9gR7un0";
extraGroups = ["wheel" "networkmanager" "audio" "plugdev" "dialout" "input" "uinput" "docker" "podman"];
openssh.authorizedKeys.keyFiles = [
inputs.nix-secrets.keys.default
];
};
home-manager.users.crow = lib.mkIf config.user.crow.home.enable ./home.nix;
}

12
modules/users/default.nix
View file

@ -1,12 +0,0 @@
{config, ...}: {
imports = [
./crow
./overseer
];
config.home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
backupFileExtension = "backup";
};
}

9
modules/users/dragneel/default.nix
View file

@ -1,9 +0,0 @@
{
lib,
config,
...
}: {
imports = [
./user.nix
];
}

20
modules/users/dragneel/home.nix
View file

@ -1,20 +0,0 @@
{
osConfig,
config,
inputs,
pkgs,
lib,
...
}: {
imports = [];
home = {
username = "dragneel";
homeDirectory = "/home/dragneel";
stateVersion = "24.05";
};
xdg = {
configHome = "/home/dragneel/.config";
enable = true;
};
}

19
modules/users/dragneel/user.nix
View file

@ -1,19 +0,0 @@
{
inputs,
lib,
config,
...
}:
lib.mkIf config.user.dragneel.enable {
users.users.dragneel = {
isNormalUser = true;
hashedPassword = "$y$j9T$QA39xfvBrwChIi7CBsLgn.$jyWUKiP6QGY4rMtFTcBZgw7s1IJdiaIK6ZUwnU3Wmj7";
group = "wheel";
extraGroups = ["wheel" "networkmanager" "audio" "plugdev"];
openssh.authorizedKeys.keyFiles = [
inputs.nix-secrets.keys.default
];
};
home-manager.users.dragneel = ./home.nix;
}

9
modules/users/live/default.nix
View file

@ -1,9 +0,0 @@
{
lib,
config,
...
}: {
imports = [
./user.nix
];
}

16
modules/users/live/user.nix
View file

@ -1,16 +0,0 @@
{
inputs,
lib,
config,
...
}:
lib.mkIf config.user.live.enable {
config.users.users.live = {
isNormalUser = true;
initialPassword = "live";
extraGroups = ["wheel" "networkmanager" "audio" "plugdev"];
openssh.authorizedKeys.keyFiles = [
inputs.nix-secrets.keys.default
];
};
}

54
modules/users/overseer/acme.nix
View file

@ -1,54 +0,0 @@
{
lib,
pkgs,
config,
...
}:
lib.mkIf config.user.overseer.enable {
sops = {
secrets = {
"aws/access_key" = {};
"aws/secret_key" = {};
"aws/region" = {};
};
templates = {
"aws_shared_credentials".content = ''
[default]
aws_access_key_id=${config.sops.placeholder."aws/access_key"}
aws_secret_access_key=${config.sops.placeholder."aws/secret_key"}
'';
"aws_env".content = ''
AWS_REGION=${config.sops.placeholder."aws/region"}
'';
};
};
security.acme = {
acceptTerms = true;
defaults = {
email = "infrastructure@wanderingcrow.net";
group = config.services.nginx.group;
dnsProvider = "route53";
credentialFiles = {
"AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path;
};
environmentFile = config.sops.templates."aws_env".path;
};
certs = {
"wanderingcrow.net" = {};
"umami.wanderingcrow.net" = {};
"garage.wanderingcrow.net" = {};
"bar.wanderingcrow.net" = {};
"home.wanderingcrow.net" = {};
"homebox.wanderingcrow.net" = {};
"cache.wanderingcrow.net" = {};
"openhab.wanderingcrow.net" = {};
"frigate.wanderingcrow.net" = {};
"notes.wanderingcrow.net" = {};
"grocy.wanderingcrow.net" = {};
"barcodebuddy.grocy.wanderingcrow.net" = {};
"budget.wanderingcrow.net" = {};
"matrix.wanderingcrow.net" = {};
};
};
}

49
modules/users/overseer/backups.nix
View file

@ -1,49 +0,0 @@
let
volumePath = "/overseer/services";
restic-default = {
user = "root";
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
paths = [
# bar-assistant.nix
"${volumePath}/bar-assistant"
"${volumePath}/meilisearch"
# homebox.nix
"/var/lib/homebox/data"
# lubelogger.nix
"${volumePath}/lubelogger"
# trilium.nix
"/var/lib/trilium/backup"
# grocy
"/var/lib/grocy"
# actualbudget
"${volumePath}/actualbudget"
];
};
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
# Restic secrets
sops.secrets."restic/borg-base/url" = {};
sops.secrets."restic/borg-base/key" = {};
services.restic.backups = {
borg-base =
restic-default
// {
repositoryFile = config.sops.secrets."restic/borg-base/url".path;
passwordFile = config.sops.secrets."restic/borg-base/key".path;
};
};
}

10
modules/users/overseer/default.nix
View file

@ -1,10 +0,0 @@
{
imports = [
./user.nix
./setup.nix
./secrets.nix
./acme.nix
./backups.nix
./services
];
}

14
modules/users/overseer/secrets.nix
View file

@ -1,14 +0,0 @@
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
sops = {
defaultSopsFile = inputs.nix-secrets.secrets.overseer;
age.keyFile = "/var/lib/sops-nix/key.txt";
age.generateKey = true;
};
}

41
modules/users/overseer/services/actualbudget.nix
View file

@ -1,41 +0,0 @@
{
lib,
config,
...
}: let
volumePath = "/overseer/services";
in
lib.mkIf config.user.overseer.enable {
systemd.tmpfiles.rules = [
"d ${volumePath}/actualbudget"
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"budget.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "budget.wanderingcrow.net";
locations = {
"/" = {
proxyPass = "http://10.88.0.12";
};
};
};
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
"actualbudget" = {
image = "actualbudget/actual-server:latest";
volumes = ["${volumePath}/actualbudget:/data"];
extraOptions = ["--ip=10.88.0.12"];
environment = {
ACTUAL_PORT = "80";
};
};
};
};
}

58
modules/users/overseer/services/attic.nix
View file

@ -1,58 +0,0 @@
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
sops = {
secrets."attic/server_token" = {};
secrets."cloudflare/r2/access_key" = {};
secrets."cloudflare/r2/secret_key" = {};
templates."attic-env".content = ''
ATTIC_SERVER_TOKEN_RS256_SECRET_BASE64=${config.sops.placeholder."attic/server_token"}
AWS_ACCESS_KEY_ID=${config.sops.placeholder."cloudflare/r2/access_key"}
AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."cloudflare/r2/secret_key"}
'';
};
services = {
atticd = {
enable = true;
mode = "monolithic";
environmentFile = config.sops.templates."attic-env".path;
settings = {
listen = "[::]:8080";
api-endpoint = "https://cache.wanderingcrow.net/";
jwt = {};
chunking = {
nar-size-threshold = 64 * 1024; # 64 KiB
min-size = 16 * 1024; # 16 KiB
avg-size = 64 * 1024; # 64 KiB
max-size = 256 * 1024; # 256 KiB
};
storage = {
type = "s3";
region = "";
bucket = "wce-attic-cache";
endpoint = "https://68c4b3ab47c1a97037ab5a938f772d69.r2.cloudflarestorage.com";
};
};
};
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"cache.wanderingcrow.net" = {
forceSSL = true;
extraConfig = ''
client_max_body_size 0;
'';
useACMEHost = "cache.wanderingcrow.net";
locations."/" = {
proxyPass = "http://localhost:8080";
proxyWebsockets = true;
};
};
};
};
};
}

109
modules/users/overseer/services/bar-assistant.nix
View file

@ -1,109 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
###########
# SECRETS #
###########
sops = {
# Meilisearch secrets
secrets."meilisearch/masterkey" = {};
templates."meilisearch-environment".content = ''
MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
# Bar Assistant secrets
templates."bar_assistant-env".content = ''
MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
};
systemd.tmpfiles.rules = [
"d ${volumePath}/bar-assistant 770 33 33"
"d ${volumePath}/meilisearch"
];
###########
# Routing #
###########
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"bar.wanderingcrow.net" = {
extraConfig = ''
allow 192.168.0.0/16;
allow 10.8.0.0/24;
allow 172.220.132.255;
deny all;
'';
forceSSL = true;
useACMEHost = "bar.wanderingcrow.net";
locations = {
"/search/" = {
proxyPass = "http://10.88.0.3:7700/";
priority = 1;
};
"/api/" = {
proxyPass = "http://10.88.0.4:8080/";
priority = 1;
};
"/" = {
proxyPass = "http://10.88.0.5:8080/";
};
};
};
};
};
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers = {
"meilisearch" = {
image = "getmeili/meilisearch:v1.8";
volumes = ["${volumePath}/meilisearch:/meili_data"];
extraOptions = ["--ip=10.88.0.3"];
environmentFiles = [config.sops.templates."meilisearch-environment".path];
environment = {
MEILI_ENV = "production";
MEILI_NO_ANALYTICS = "true";
};
};
"bar-assistant" = {
image = "barassistant/server:v4";
volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"];
dependsOn = ["meilisearch"];
extraOptions = ["--ip=10.88.0.4"];
environmentFiles = [config.sops.templates."bar_assistant-env".path];
environment = {
APP_URL = "https://bar.wanderingcrow.net/api";
MEILISEARCH_HOST = "https://bar.wanderingcrow.net/search";
CACHE_DRIVER = "file";
SESSION_DRIVER = "file";
ALLOW_REGISTRATION = "true";
};
};
"salt-rim" = {
image = "barassistant/salt-rim:v3";
dependsOn = ["bar-assistant"];
extraOptions = ["--ip=10.88.0.5"];
ports = ["3001:8080"];
environment = {
API_URL = "https://bar.wanderingcrow.net/api";
MEILIESEARCH_URL = "https://bar.wanderingcrow.net/search";
};
};
};
};
}

10
modules/users/overseer/services/calibre.nix
View file

@ -1,10 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf config.user.overseer.enable {
services.calibre-web = {
enable = true;
};
}

17
modules/users/overseer/services/default.nix
View file

@ -1,17 +0,0 @@
{
imports = [
./bar-assistant.nix
./homebox.nix
./homepage.nix
./the-nest.nix
./umami.nix
./lubelogger.nix
./openhab.nix
./frigate.nix
./trilium.nix
./grocy.nix
./actualbudget.nix
./glances.nix
./matrix.nix
];
}

192
modules/users/overseer/services/frigate.nix
View file

@ -1,192 +0,0 @@
let
volumePath = "/overseer/services";
in
{
pkgs,
lib,
config,
...
}: let
frigateConfig = pkgs.writeText "config.yaml" (lib.generators.toYAML {} {
auth.reset_admin_password = true; # roll the admin password every restart, depend on user accounts for long-lived access
tls.enabled = false; # off because we're doing ssl through nginx
mqtt = {
# TODO: add mqtt broker
enabled = false;
};
notifications = {
enabled = true;
email = "frigate@wanderingcrow.net";
};
###################
# go2rtc restream #
###################
go2rtc = {
streams = {
wce-0001 = [
"rtsp://thingino:thingino@192.168.150.1:554/ch0"
];
wce-0001_sub = [
"rtsp://thingino:thingino@192.168.150.1:554/ch1"
];
wce-0002 = [
"rtsp://thingino:thingino@192.168.150.2:554/ch0"
];
wce-0002_sub = [
"rtsp://thingino:thingino@192.168.150.2:554/ch1"
];
};
};
#############
# Detectors #
#############
detectors = {
ov_0 = {
type = "openvino";
device = "CPU";
};
};
model = {
width = 300;
height = 300;
input_tensor = "nhwc";
input_pixel_format = "bgr";
path = "/openvino-model/ssdlite_mobilenet_v2.xml";
labelmap_path = "/openvino-model/coco_91cl_bkgr.txt";
};
objects = {
track = [
"person"
"cat"
"car"
"dog"
];
};
review = {
alerts = {
labels = [
"person"
"cat"
];
};
};
####################
# Data Persistence #
####################
record = {
enabled = true;
retain.days = 0; # as per official documentation
alerts = {
retain.days = 14;
};
detections = {
retain.days = 14;
};
};
#################
# Camera config #
#################
cameras = {
wce-0001 = {
ffmpeg = {
inputs = [
{
path = "rtsp://127.0.0.1:8554/wce-0001";
roles = ["record"];
}
{
path = "rtsp://127.0.0.1:8554/wce-0001_sub";
roles = ["detect"];
}
];
};
live.stream_name = "wce-0001_sub";
motion = {
enabled = true;
mask = [
"0,0,0.196,0.002,0.195,0.045,0,0.043" # timestamp
"0.898,0,0.896,0.045,1,0.048,0.999,0.002" # uptime
];
};
detect.enabled = true;
};
wce-0002 = {
ffmpeg = {
inputs = [
{
path = "rtsp://127.0.0.1:8554/wce-0002";
roles = ["record"];
}
{
path = "rtsp://127.0.0.1:8554/wce-0002_sub";
roles = ["detect"];
}
];
};
live.stream_name = "wce-0002_sub";
motion = {
enabled = true;
mask = [
"0,0,0.196,0.002,0.195,0.045,0,0.043" # timestamp
"0.898,0,0.896,0.045,1,0.048,0.999,0.002" # uptime
];
};
detect.enabled = true;
};
};
});
in
lib.mkIf config.user.overseer.enable {
sops = {
templates."frigate_env".content = ''
FRIGATE_JWT_SECRET=${config.sops.placeholder."frigate/jwt"}
'';
secrets = {
"frigate/jwt" = {};
};
};
systemd.tmpfiles.rules = [
"d ${volumePath}/frigate"
"d ${volumePath}/frigate/media/frigate"
"d ${volumePath}/frigate/db"
"f ${volumePath}/frigate/db/frigate.db"
];
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers = {
"frigate" = {
image = "ghcr.io/blakeblackshear/frigate:stable";
environmentFiles = [config.sops.templates."frigate_env".path];
volumes = [
"/etc/localtime:/etc/localtime:ro"
"${volumePath}/frigate/media/frigate:/media/frigate"
"${frigateConfig}:/config/config.yaml:ro"
"${volumePath}/frigate/db/frigate.db:/config/frigate.db"
];
extraOptions = [
"--shm-size=612m"
"--ip=10.88.0.10"
];
};
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"frigate.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "frigate.wanderingcrow.net";
locations."/" = {
proxyPass = "http://10.88.0.10:8971";
proxyWebsockets = true;
};
};
};
};
}

10
modules/users/overseer/services/glances.nix
View file

@ -1,10 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf config.user.overseer.enable {
services.glances = {
enable = true;
};
}

43
modules/users/overseer/services/grocy.nix
View file

@ -1,43 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
systemd.tmpfiles.rules = [
"d ${volumePath}/barcodebuddy"
];
services.nginx.virtualHosts = {
"grocy.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "grocy.wanderingcrow.net";
};
"barcodebuddy.grocy.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "barcodebuddy.grocy.wanderingcrow.net";
locations."/" = {
proxyPass = "http://10.88.0.11:80";
proxyWebsockets = true;
};
};
};
services.grocy = {
enable = true;
hostName = "grocy.wanderingcrow.net";
nginx.enableSSL = false;
};
virtualisation.oci-containers.containers = {
barcodebuddy = {
image = "f0rc3/barcodebuddy:latest";
volumes = ["${volumePath}/barcodebuddy:/config"];
extraOptions = ["--ip=10.88.0.11"];
};
};
}

36
modules/users/overseer/services/homebox.nix
View file

@ -1,36 +0,0 @@
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"homebox.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "homebox.wanderingcrow.net";
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16;
allow 10.8.0.0/24;
allow 172.220.132.255;
deny all;
'';
proxyPass = "http://localhost:7745";
proxyWebsockets = true;
};
};
};
};
homebox = {
enable = true;
settings = {
HBOX_OPTIONS_ALLOW_REGISTRATION = "true";
};
};
};
}

258
modules/users/overseer/services/homepage.nix
View file

@ -1,258 +0,0 @@
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
# Homepage.dev secrets
sops = {
secrets = {
"homepage/openmeteo/lat" = {};
"homepage/openmeteo/long" = {};
"lubelogger/user" = {};
"lubelogger/pass" = {};
};
templates."homepage-environment".content = ''
HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"}
HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"}
HOMEPAGE_VAR_LUBELOGGERUSER = ${config.sops.placeholder."lubelogger/user"}
HOMEPAGE_VAR_LUBELOGGERPASS = ${config.sops.placeholder."lubelogger/pass"}
HOMEPAGE_ALLOWED_HOSTS = home.wanderingcrow.net
'';
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"home.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "home.wanderingcrow.net";
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16;
allow 10.8.0.0/24;
allow 172.220.132.255;
deny all;
'';
proxyPass = "http://localhost:8089";
proxyWebsockets = true;
};
};
};
};
services = {
homepage-dashboard = {
enable = true;
listenPort = 8089;
environmentFile = config.sops.templates."homepage-environment".path;
settings = {
theme = "dark";
};
services = [
{
"Services" = [
{
"Garage" = {
icon = "https://garage.wanderingcrow.net/favicon.ico";
href = "https://garage.wanderingcrow.net";
description = "Vehicle management";
widget = {
type = "lubelogger";
url = "https://garage.wanderingcrow.net";
username = "{{HOMEPAGE_VAR_LUBELOGGERUSER}}";
password = "{{HOMEPAGE_VAR_LUBELOGGERPASS}}";
};
};
}
];
}
];
widgets = [
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
{
openmeteo = {
timezone = "America/New_York";
units = "imperial";
cache = "5";
latitude = "{{HOMEPAGE_VAR_LAT}}";
longitude = "{{HOMEPAGE_VAR_LONG}}";
};
}
{
glances = {
url = "http://localhost:61208";
version = 4;
disk = "/";
label = "Overseer";
};
}
];
bookmarks = [
{
WCE = [
{
Grocy = [
{
icon = "grocy.svg";
href = "https://grocy.wanderingcrow.net";
}
];
}
{
Homebox = [
{
icon = "https://homebox.wanderingcrow.net/favicon.svg";
href = "https://homebox.wanderingcrow.net";
}
];
}
{
Bar = [
{
icon = "https://bar.wanderingcrow.net/favicon.svg";
href = "https://bar.wanderingcrow.net";
}
];
}
];
}
{
"Day to Day" = [
{
Messages = [
{
icon = "google-messages.svg";
href = "https://messages.google.com/web";
}
];
}
{
YouTube = [
{
icon = "youtube.svg";
href = "https://youtube.com";
}
];
}
{
"Proton Mail" = [
{
icon = "proton-mail.svg";
href = "https://mail.proton.me";
}
];
}
{
Crunchyroll = [
{
icon = "https://www.crunchyroll.com/build/assets/img/favicons/favicon-v2-32x32.png";
href = "https://crunchyroll.com";
}
];
}
{
Instagram = [
{
icon = "instagram.svg";
href = "https://instagram.com";
}
];
}
{
Aetolia = [
{
icon = "https://aetolia.com/wp-content/uploads/2020/04/favicon.ico";
href = "https://aetolia.com";
}
];
}
{
Amazon = [
{
icon = "amazon.svg";
href = "https://amazon.com";
}
];
}
];
}
{
Work = [
{
Jira = [
{
icon = "jira.svg";
href = "https://home.atlassian.com/";
}
];
}
{
AWS = [
{
icon = "aws.svg";
href = "https://console.aws.amazon.com/";
}
];
}
{
Email = [
{
icon = "gmail.svg";
href = "https://mail.google.com/mail/u/1/#inbox";
}
];
}
{
Groups = [
{
icon = "https://www.gstatic.com/images/branding/product/1x/groups_32dp.png";
href = "https://groups.google.com/u/1/";
}
];
}
];
}
{
Nix = [
{
Search = [
{
icon = "https://search.nixos.org/images/nix-logo.png";
href = "https://search.nixos.org";
}
];
}
{
"PR Tracker" = [
{
href = "https://nixpk.gs/pr-tracker.html";
}
];
}
{
"Home Manager Options" = [
{
href = "https://home-manager-options.extranix.com/";
}
];
}
{
"Nixpkgs Versions" = [
{
href = "https://lazamar.co.uk/nix-versions/";
}
];
}
];
}
];
};
};
}

67
modules/users/overseer/services/lubelogger.nix
View file

@ -1,67 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
systemd.tmpfiles.rules = [
"d ${volumePath}/lubelogger"
"d ${volumePath}/lubelogger/data"
"d ${volumePath}/lubelogger/keys"
];
###########
# Service #
###########
sops = {
secrets = {
"lubelogger/user_hash" = {};
"lubelogger/pass_hash" = {};
};
templates."lubelogger-env".content = ''
LC_ALL=en_US.UTF-8
LANG=en_US.UTF-8
MailConfig__EmailServer=""
MailConfig__EmailFrom=""
MailConfig__Port=587
MailConfig__Username=""
MailConfig__Password=""
UserNameHash="${config.sops.placeholder."lubelogger/user_hash"}"
UserPasswordHash="${config.sops.placeholder."lubelogger/pass_hash"}"
LUBELOGGER_CUSTOM_WIDGETS=true
'';
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"garage.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "garage.wanderingcrow.net";
locations."/" = {
proxyPass = "http://10.88.0.8:8080";
proxyWebsockets = true;
};
};
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
"lubelogger" = {
image = "ghcr.io/hargata/lubelogger:latest";
extraOptions = ["--ip=10.88.0.8"];
environmentFiles = [config.sops.templates."lubelogger-env".path];
volumes = [
"${volumePath}/lubelogger/data:/App/data"
"${volumePath}/lubelogger/keys:/root/.aspnet/DataProtection-Keys"
];
};
};
};
}

87
modules/users/overseer/services/matrix.nix
View file

@ -1,87 +0,0 @@
{
lib,
config,
...
}: let
fqdn = "matrix.wanderingcrow.net";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in
lib.mkIf config.user.overseer.enable {
############
# Database #
############
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "matrix-synapse";
ensureDBOwnership = true;
}
];
ensureDatabases = ["matrix-synapse"];
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"wanderingcrow.net" = {
forceSSL = lib.mkDefault true;
useACMEHost = lib.mkDefault "wanderingcrow.net";
locations = {
"= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
"= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
};
"${fqdn}" = {
forceSSL = true;
useACMEHost = "${fqdn}";
locations = {
"/".extraConfig = ''return 404;'';
"/_matrix".proxyPass = "http://localhost:8008";
"/_synapse/client".proxyPass = "http://localhost:8008";
};
};
};
};
services.matrix-synapse = {
enable = true;
settings = {
server_name = "wanderingcrow.net";
public_baseurl = baseUrl;
listeners = [
{
port = 8008;
bind_addresses = ["::1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
compress = true;
}
];
}
];
database = {
name = "psycopg2";
args = {
user = "matrix-synapse";
database = "matrix-synapse";
};
};
};
};
}

52
modules/users/overseer/services/openhab.nix
View file

@ -1,52 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
systemd.tmpfiles.rules = [
"d ${volumePath}/openhab openhab"
"d ${volumePath}/openhab/conf openhab"
"d ${volumePath}/openhab/userdata openhab"
"d ${volumePath}/openhab/addons openhab"
];
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers."openhab" = {
image = "openhab/openhab:5.0.0.M1";
extraOptions = ["--ip=10.88.0.9"];
volumes = [
"${volumePath}/openhab/conf:/openhab/conf"
"${volumePath}/openhab/userdata:/openhab/userdata"
"${volumePath}/openhab/addons:/openhab/addons"
];
};
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"openhab.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "openhab.wanderingcrow.net";
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16;
allow 10.8.0.0/24;
allow 172.220.132.255;
deny all;
'';
proxyPass = "http://10.88.0.9:8080";
};
};
};
};
}

24
modules/users/overseer/services/the-nest.nix
View file

@ -1,24 +0,0 @@
{
lib,
config,
inputs,
...
}:
lib.mkIf config.user.overseer.enable {
services = {
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"wanderingcrow.net" = {
default = true;
forceSSL = true;
useACMEHost = "wanderingcrow.net";
locations."/" = {
root = inputs.the-nest.outputs.packages.x86_64-linux.default;
};
};
};
};
};
}

31
modules/users/overseer/services/trilium.nix
View file

@ -1,31 +0,0 @@
{
lib,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
services = {
trilium-server = {
enable = true;
package = pkgs.trilium-next-server;
instanceName = "WanderingCrow";
port = 8090;
};
nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"notes.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "notes.wanderingcrow.net";
locations."/" = {
proxyPass = "http://127.0.0.1:8090";
proxyWebsockets = true;
};
};
};
};
};
}

72
modules/users/overseer/services/umami.nix
View file

@ -1,72 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
config,
...
}:
lib.mkIf config.user.overseer.enable {
systemd.tmpfiles.rules = [
"d ${volumePath}/umami"
];
###########
# Service #
###########
sops = {
secrets = {
"umami/secret" = {};
"umami/db_url" = {};
"umami/db_pass" = {};
};
templates."umami-env".content = ''
APP_SECRET=${config.sops.placeholder."umami/secret"}
DATABASE_TYPE=postgresql
DATABASE_URL=${config.sops.placeholder."umami/db_url"}
'';
templates."umami-db".content = ''
POSTGRES_DB=umami
POSTGRES_USER=umami
POSTGRES_PASSWORD=${config.sops.placeholder."umami/db_pass"}
'';
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"umami.wanderingcrow.net" = {
forceSSL = true;
useACMEHost = "umami.wanderingcrow.net";
locations."/" = {
proxyPass = "http://10.88.0.6:3000";
proxyWebsockets = true;
};
locations."/script.js" = {
extraConfig = ''
deny 172.220.132.255;
'';
};
};
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
"umami" = {
image = "ghcr.io/umami-software/umami:postgresql-latest";
dependsOn = ["umami-db"];
extraOptions = ["--ip=10.88.0.6"];
environmentFiles = [config.sops.templates."umami-env".path];
};
"umami-db" = {
image = "postgres:15-alpine";
volumes = ["${volumePath}/umami:/var/lib/postgresql/data"];
extraOptions = ["--ip=10.88.0.7"];
environmentFiles = [config.sops.templates."umami-db".path];
};
};
};
}

30
modules/users/overseer/services/vintagestory-server.nix
View file

@ -1,30 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
modsPath = lib.mkDefault "";
firstAdmin = lib.mkDefault "";
serverDir = lib.mkDefault "/var/lib/vintagestory-server";
in {
environment.systemPackages = [
pkgs.vintagestory
];
systemd.services."vintagestory-server" = {
enable = lib.mkDefault true;
description = "Vintage Story Server";
after = ["network.target"];
wantedBy = ["multi-user.target"];
path = ["${pkgs.vintagestory}"];
serviceConfig = {
WorkingDirectory = "${serverDir}";
Restart = "always";
RestartSec = "30";
StandardOutput = "syslog";
StandardError = "syslog";
SyslogIdentifier = "VSSRV";
};
};
}

26
modules/users/overseer/setup.nix
View file

@ -1,26 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
# Base dir
systemd.tmpfiles.rules = [
"d ${volumePath}"
"D ${volumePath}/tmp - - - 30m"
];
# NGINX Ports
networking.firewall.allowedTCPPorts = [
443
80
];
# Pin virtualisation backend to podman
virtualisation.oci-containers.backend = "podman";
}

16
modules/users/overseer/user.nix
View file

@ -1,16 +0,0 @@
{
inputs,
lib,
config,
...
}: {
config.users.users.overseer = lib.mkIf config.user.overseer.enable {
isNormalUser = true;
initialPassword = "changeme";
extraGroups = ["wheel" "libvirtd"];
openssh.authorizedKeys.keyFiles = [
inputs.nix-secrets.keys.default
inputs.nix-secrets.keys.overseer
];
};
}