Compare commits
8 Commits
9f2f82a214
...
b153b908ed
| Author | SHA1 | Date | |
|---|---|---|---|
b153b908ed
|
|||
|
74691538c4
|
|||
|
c60d1f1ea8
|
|||
|
0127bbebfd
|
|||
|
bd4fb8e6b7
|
|||
|
61dabbe07a
|
|||
|
ec0d44dd65
|
|||
|
3da51481c2
|
269
flake.lock
generated
269
flake.lock
generated
@ -41,11 +41,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738456976,
|
||||
"narHash": "sha256-cufyHbOMnSt9V4w4OVSzNcpJ+8DwzRZRJaca2Q89KVI=",
|
||||
"lastModified": 1739103745,
|
||||
"narHash": "sha256-c53dcRaw0F4Os9WD05HwIRs9kTDZw4Mxe1XK4edEALo=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "aquamarine",
|
||||
"rev": "257b2050790ab3b1eb389e0f8bdc400eb9510139",
|
||||
"rev": "a3dda0d10ce9aa1d1dfb7a6c139ea8c2872c74bd",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -61,11 +61,11 @@
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738238125,
|
||||
"narHash": "sha256-zBtIvbR0Iqt6j7cTH2Q8Zm0a6IqXrwYv385hMUClGVQ=",
|
||||
"lastModified": 1739288283,
|
||||
"narHash": "sha256-/tEGehxzK9czlWqlED8lJF9V54jIAYHw7nGuFDkciFI=",
|
||||
"owner": "AtaraxiaSjel",
|
||||
"repo": "nur",
|
||||
"rev": "f22ed3758ec797f2c08108e66ca5982a37489959",
|
||||
"rev": "06d4603876e16cfe6fc41f9b44162be02a8b5d54",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -229,11 +229,11 @@
|
||||
"nixpkgs": "nixpkgs_7"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1737579274,
|
||||
"narHash": "sha256-8kBIYfn8TI9jbffhDNS12SdbQHb9ITXflwcgIJBeGqw=",
|
||||
"lastModified": 1739283129,
|
||||
"narHash": "sha256-GXJllf1wY7tOF6uei9S3PnSEghFbnJP1vkxM0kkMOoI=",
|
||||
"owner": "catppuccin",
|
||||
"repo": "nix",
|
||||
"rev": "06f0ea19334bcc8112e6d671fd53e61f9e3ad63a",
|
||||
"rev": "d4e258e29075a86a82dacaf4f5e0985935ae4658",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -247,11 +247,11 @@
|
||||
"nixpkgs": "nixpkgs_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1733066065,
|
||||
"narHash": "sha256-H4BKe79KqrbaegHR4YIjIAsY4AXzVH+MpFxJdHRzllE=",
|
||||
"lastModified": 1739527968,
|
||||
"narHash": "sha256-4ApAOtFIbqhtHpC59nEC1SdNX75D1dipDiB6rUhyqTY=",
|
||||
"owner": "catppuccin",
|
||||
"repo": "vscode",
|
||||
"rev": "7b0ff73aa9e9718cbe418a3f90f771aa14a655b8",
|
||||
"rev": "b8e5951a8ad03268854ef29780ce93fe9ea14294",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -269,11 +269,11 @@
|
||||
"nixpkgs": "nixpkgs_9"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738552004,
|
||||
"narHash": "sha256-eYE+8F0ZrSIYvlVkgTjTBlnM1COqUdSs4GKyWnel6I4=",
|
||||
"lastModified": 1739541414,
|
||||
"narHash": "sha256-F3HAp7k9/ZCvD1642D5Q3jbP35jjOmyBAfTli9yc2oU=",
|
||||
"owner": "chaotic-cx",
|
||||
"repo": "nyx",
|
||||
"rev": "894d1db77131a4a449d1993c7ba314ee15dd4e36",
|
||||
"rev": "946e012ae9ce4d3da5ff51b6e8f7bfbe8864db34",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -427,11 +427,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738148035,
|
||||
"narHash": "sha256-KYOATYEwaKysL3HdHdS5kbQMXvzS4iPJzJrML+3TKAo=",
|
||||
"lastModified": 1739634831,
|
||||
"narHash": "sha256-xFnU+uUl48Icas2wPQ+ZzlL2O3n8f6J2LrzNK9f2nng=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "18d0a984cc2bc82cf61df19523a34ad463aa7f54",
|
||||
"rev": "fa5746ecea1772cf59b3f34c5816ab3531478142",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -449,11 +449,11 @@
|
||||
"rust-analyzer-src": "rust-analyzer-src"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738477724,
|
||||
"narHash": "sha256-S1x0F7q9cJ6EEmZsakse2Ps6Adi7NadxRtGiuWUlwT0=",
|
||||
"lastModified": 1739342042,
|
||||
"narHash": "sha256-oi6joJyRviczLJeN8TEI1XVKVb+E/UCnMTtdIn/6fhg=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "1936bb37b1d8597273e3611873dc09dd61b09818",
|
||||
"rev": "2d0149540591393c61dfd29f6883ba712d24e04f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -876,24 +876,6 @@
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_7": {
|
||||
"inputs": {
|
||||
"systems": "systems_6"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
@ -976,11 +958,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738448366,
|
||||
"narHash": "sha256-4ATtQqBlgsGqkHTemta0ydY6f7JBRXz4Hf574NHQpkg=",
|
||||
"lastModified": 1739381933,
|
||||
"narHash": "sha256-4gvobxITgcrNGfwsVG5a46QzQCX89btIYw23p0ilbcc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "18fa9f323d8adbb0b7b8b98a8488db308210ed93",
|
||||
"rev": "15b59d4191b993ebdfcb1f61b834fced217882ba",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -996,11 +978,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738610386,
|
||||
"narHash": "sha256-yb6a5efA1e8xze1vcdN2HBxqYr340EsxFMrDUHL3WZM=",
|
||||
"lastModified": 1739676861,
|
||||
"narHash": "sha256-X86ptHMNVuu1Z9leL0YV2E/oxD2IgPYrYANPcvFYpNo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "066ba0c5cfddbc9e0dddaec73b1561ad38aa8abe",
|
||||
"rev": "eb44c1601ed99896525e983bc9b15eb8b4d5879e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1025,11 +1007,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738178255,
|
||||
"narHash": "sha256-+D6Nu2ewXbMTFzx/Q4jDOo+LAOUPr0cxQJg5k33daIE=",
|
||||
"lastModified": 1738664950,
|
||||
"narHash": "sha256-xIeGNM+iivwVHkv9tHwOqoUP5dDrtees34bbFKKMZYs=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprcursor",
|
||||
"rev": "dcadd3398abe146d60c67e0d9ee6e27b301cae82",
|
||||
"rev": "7c6d165e1eb9045a996551eb9f121b6d1b30adc3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1054,11 +1036,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738437059,
|
||||
"narHash": "sha256-J+8ecqaP3zD9GHeN8Y4hUapoELSoggp0IZI8laTFt/0=",
|
||||
"lastModified": 1739049071,
|
||||
"narHash": "sha256-3+7TpXMrbsUXSwgr5VAKAnmkzMb6JO+Rvc9XRb5NMg4=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprgraphics",
|
||||
"rev": "5ac80e3686a4dfa55d2bd15c81a266b89594a295",
|
||||
"rev": "175c6b29b6ff82100539e7c4363a35a02c74dd73",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1083,11 +1065,11 @@
|
||||
"xdph": "xdph"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738612394,
|
||||
"narHash": "sha256-MDoY6eOZPxhHNsLUfeJ07YnUEPHLQdqEik3ql+ePjwI=",
|
||||
"lastModified": 1739665242,
|
||||
"narHash": "sha256-iY4DtNDebYHt0uuN0EWWeNQ8K/SYix8KeUe2tcFzW0A=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "Hyprland",
|
||||
"rev": "70cfc7cc9c4ecadbb9dd9a75f096fc70177a8ca5",
|
||||
"rev": "897ee276dc0a8a6b11a8102b225a9e969faac0bf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1176,11 +1158,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1737981711,
|
||||
"narHash": "sha256-lh6cL5D8nPplB3WovCQjLUZ7k7MViiBrMlpkfm4R7/c=",
|
||||
"lastModified": 1739048983,
|
||||
"narHash": "sha256-REhTcXq4qs3B3cCDtLlYDz0GZvmsBSh947Ub6pQWGTQ=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprland-qtutils",
|
||||
"rev": "96bf0677fa9cd13508294e3d4559dfbbc8beff73",
|
||||
"rev": "3504a293c8f8db4127cb0f7cfc1a318ffb4316f8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1205,11 +1187,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1737634606,
|
||||
"narHash": "sha256-W7W87Cv6wqZ9PHegI6rH1+ve3zJPiyevMFf0/HwdbCQ=",
|
||||
"lastModified": 1739048914,
|
||||
"narHash": "sha256-vd5rJBTmp2w7SDgfv23Zcd84ktI5eDA7e5UBzx+pKrU=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprlang",
|
||||
"rev": "f41271d35cc0f370d300413d756c2677f386af9d",
|
||||
"rev": "a7334904d591f38757c46fbe2ab68651877d9099",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1230,11 +1212,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1737978343,
|
||||
"narHash": "sha256-TfFS0HCEJh63Kahrkp1h9hVDMdLU8a37Zz+IFucxyfA=",
|
||||
"lastModified": 1739048933,
|
||||
"narHash": "sha256-ck6MaoYvISBQKqZR+HcxXnx0wOhyCauxfVMaV5zhJxQ=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprutils",
|
||||
"rev": "6a8bc9d2a4451df12f5179dc0b1d2d46518a90ab",
|
||||
"rev": "e4e018a2ca6f5a9c33511973454199e1c7c85499",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1255,11 +1237,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1735493474,
|
||||
"narHash": "sha256-fktzv4NaqKm94VAkAoVqO/nqQlw+X0/tJJNAeCSfzK4=",
|
||||
"lastModified": 1739049028,
|
||||
"narHash": "sha256-RleJp7LYbr6s+M1xgbmhtBs+fYa3ZdIiF7+QalJ4D1g=",
|
||||
"owner": "hyprwm",
|
||||
"repo": "hyprwayland-scanner",
|
||||
"rev": "de913476b59ee88685fdc018e77b8f6637a2ae0b",
|
||||
"rev": "04146df74a8d5ec0b579657307be01f1e241125f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1292,11 +1274,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738478597,
|
||||
"narHash": "sha256-it7lc+HRSQiLV+3CcA+c6fkr2355HyT2GGUowHdfa/E=",
|
||||
"lastModified": 1739364465,
|
||||
"narHash": "sha256-LhyeVj5plHO3/3QV7SzOSOnvl0sehOjE4h6LHaiiJqU=",
|
||||
"owner": "Jovian-Experiments",
|
||||
"repo": "Jovian-NixOS",
|
||||
"rev": "77fb0818cb42ca0db98839d47bbc6a317c286282",
|
||||
"rev": "3dab95e02b5eeb9aec44a161bbed2b16b3d03aac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1441,19 +1423,17 @@
|
||||
"nix-alien": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_8",
|
||||
"flake-utils": "flake-utils_6",
|
||||
"nix-filter": "nix-filter",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1736952083,
|
||||
"narHash": "sha256-zLhLqxc2JKvUtr0mSRRvOeKXN5dl5bn1e99z7EOp3bI=",
|
||||
"lastModified": 1739614676,
|
||||
"narHash": "sha256-iDX6hXrO0J79hY3MqwU7t8b95j8DbqwdOug/Xdz4g6E=",
|
||||
"owner": "thiagokokada",
|
||||
"repo": "nix-alien",
|
||||
"rev": "7e687663d2054fa1708284bd42731c6be62b1667",
|
||||
"rev": "6255ffad7785bf04c7cff222f440de576c63363f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1469,11 +1449,11 @@
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1737108329,
|
||||
"narHash": "sha256-ExqalgsgqaJhtX7VyjVPgASI2sFIcZ679/FDbMT6AYc=",
|
||||
"lastModified": 1739583861,
|
||||
"narHash": "sha256-IOWna75ou7OGQwFRZ+5VOYECPlCmk0kq5WoGMvlQj+o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-direnv",
|
||||
"rev": "38883833413a601fb64f51cd33e4fa0ffbc33320",
|
||||
"rev": "2e82170f0689000d50ba5409fb139863f59ffd92",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1519,21 +1499,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-filter_2": {
|
||||
"locked": {
|
||||
"lastModified": 1731533336,
|
||||
"narHash": "sha256-oRam5PS1vcrr5UPgALW0eo1m/5/pls27Z/pabHNy2Ms=",
|
||||
"owner": "numtide",
|
||||
"repo": "nix-filter",
|
||||
"rev": "f7653272fd234696ae94229839a99b73c9ab7de0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "nix-filter",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-github-actions": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -1613,11 +1578,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1736652904,
|
||||
"narHash": "sha256-8uolHABgroXqzs03QdulHp8H9e5kWQZnnhcda1MKbBM=",
|
||||
"lastModified": 1739071773,
|
||||
"narHash": "sha256-/Ak+Quinhmdxa9m3shjm4lwwwqmzG8zzGhhhhgR1k9I=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "271e5bd7c57e1f001693799518b10a02d1123b12",
|
||||
"rev": "895d81b6228bbd50a6ef22f5a58a504ca99763ea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1629,17 +1594,17 @@
|
||||
"nix-vscode-marketplace": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_9",
|
||||
"flake-utils": "flake-utils_7",
|
||||
"flake-utils": "flake-utils_6",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738547248,
|
||||
"narHash": "sha256-ALPkA9L4G0j7piorEyeQ7zf6fW4vii4ULxRZBXmeKYM=",
|
||||
"lastModified": 1739670916,
|
||||
"narHash": "sha256-Tdzu06QlI8DsYdXNe96c9eu0clj9Wkd1cKo6em/0xPU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-vscode-extensions",
|
||||
"rev": "bfacd5e2786caf61da0ad956728559dd6c1e8037",
|
||||
"rev": "370af219cf4ad7660e3ad4577849fb0478edb33c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1824,11 +1789,11 @@
|
||||
},
|
||||
"nixpkgs-master": {
|
||||
"locked": {
|
||||
"lastModified": 1738616884,
|
||||
"narHash": "sha256-6oeyCodT5uP0u/YdKOpzx/sVDyYHXjJ5DzgU6jIE0C8=",
|
||||
"lastModified": 1739709408,
|
||||
"narHash": "sha256-D5kCBeD25UG+pV1gh8TTixzM1sVwv+E/QQQYKxAtcsA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "68392b6bc4c42a2ee585e36b9ed26fd16400bb9f",
|
||||
"rev": "e3dcb8103396d6303e6e46dd3ebeab2ce97bfbc0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1936,11 +1901,11 @@
|
||||
},
|
||||
"nixpkgs-stable_3": {
|
||||
"locked": {
|
||||
"lastModified": 1738435198,
|
||||
"narHash": "sha256-5+Hmo4nbqw8FrW85FlNm4IIrRnZ7bn0cmXlScNsNRLo=",
|
||||
"lastModified": 1739484910,
|
||||
"narHash": "sha256-wjWLzdM7PIq4ZAe7k3vyjtgVJn6b0UeodtRFlM/6W5U=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "f6687779bf4c396250831aa5a32cbfeb85bb07a3",
|
||||
"rev": "0b73e36b1962620a8ac551a37229dd8662dac5c8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -1968,11 +1933,11 @@
|
||||
},
|
||||
"nixpkgs_11": {
|
||||
"locked": {
|
||||
"lastModified": 1738410390,
|
||||
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
|
||||
"lastModified": 1739020877,
|
||||
"narHash": "sha256-mIvECo/NNdJJ/bXjNqIh8yeoSjVLAuDuTUzAo7dzs8Y=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
|
||||
"rev": "a79cfe0ebd24952b580b1cf08cd906354996d547",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2032,11 +1997,11 @@
|
||||
},
|
||||
"nixpkgs_15": {
|
||||
"locked": {
|
||||
"lastModified": 1738546358,
|
||||
"narHash": "sha256-nLivjIygCiqLp5QcL7l56Tca/elVqM9FG1hGd9ZSsrg=",
|
||||
"lastModified": 1739446958,
|
||||
"narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c6e957d81b96751a3d5967a0fd73694f303cc914",
|
||||
"rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2062,22 +2027,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_17": {
|
||||
"locked": {
|
||||
"lastModified": 1738136902,
|
||||
"narHash": "sha256-pUvLijVGARw4u793APze3j6mU1Zwdtz7hGkGGkD87qw=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9a5db3142ce450045840cc8d832b13b8a2018e0c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1717432640,
|
||||
@ -2192,11 +2141,11 @@
|
||||
},
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1738410390,
|
||||
"narHash": "sha256-xvTo0Aw0+veek7hvEVLzErmJyQkEcRk6PSR4zsRQFEc=",
|
||||
"lastModified": 1739446958,
|
||||
"narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3a228057f5b619feb3186e986dbe76278d707b6e",
|
||||
"rev": "2ff53fe64443980e139eaa286017f53f88336dd0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2330,7 +2279,7 @@
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_10",
|
||||
"libnbtplusplus": "libnbtplusplus",
|
||||
"nix-filter": "nix-filter_2",
|
||||
"nix-filter": "nix-filter",
|
||||
"nixpkgs": "nixpkgs_16"
|
||||
},
|
||||
"locked": {
|
||||
@ -2378,18 +2327,17 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable_3",
|
||||
"prismlauncher": "prismlauncher",
|
||||
"sops-nix": "sops-nix",
|
||||
"srvos": "srvos",
|
||||
"umu": "umu"
|
||||
"srvos": "srvos"
|
||||
}
|
||||
},
|
||||
"rust-analyzer-src": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1738433753,
|
||||
"narHash": "sha256-lyhEsEf5FQzV+KHVkfxIApMOFWHqyls5+llcQ/uhV6Y=",
|
||||
"lastModified": 1739305728,
|
||||
"narHash": "sha256-ZYZ6xYhvWcVvbIazMFEUPPkJFkjIa0tmdUFlbuZfcOM=",
|
||||
"owner": "rust-lang",
|
||||
"repo": "rust-analyzer",
|
||||
"rev": "88b901878e684e4f68f104fdbc48749f41bcccd3",
|
||||
"rev": "f63e4761a9f73ddfc04a3e198f77e5e8825d0136",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2406,11 +2354,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738291974,
|
||||
"narHash": "sha256-wkwYJc8cKmmQWUloyS9KwttBnja2ONRuJQDEsmef320=",
|
||||
"lastModified": 1739262228,
|
||||
"narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "4c1251904d8a08c86ac6bc0d72cc09975e89aef7",
|
||||
"rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2426,11 +2374,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1738198321,
|
||||
"narHash": "sha256-lhnHBXO9Y8xEn92JqxjancdL8Gh16ONuxZp60iZfmX4=",
|
||||
"lastModified": 1739438633,
|
||||
"narHash": "sha256-7nTfMqYkc7WQwmB6m2zo2m2DEmNqrfyE+Pdisr7cTTI=",
|
||||
"owner": "nix-community",
|
||||
"repo": "srvos",
|
||||
"rev": "7d5a4aaadac9ff63f9ed4347df95175aceee5079",
|
||||
"rev": "54aae80b7526d234658632d251e9bf278b58b7ef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -2514,21 +2462,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_6": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -2571,28 +2504,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"umu": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_17"
|
||||
},
|
||||
"locked": {
|
||||
"dir": "packaging/nix",
|
||||
"lastModified": 1738306689,
|
||||
"narHash": "sha256-DE1+O2XSuqkTLihIhk7geI2M6tjcsrFztLiSfcDpo0A=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "7a71163b79e56222fe3f3097d1e71208a91a1a3b",
|
||||
"revCount": 917,
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
|
||||
},
|
||||
"original": {
|
||||
"dir": "packaging/nix",
|
||||
"submodules": true,
|
||||
"type": "git",
|
||||
"url": "https://github.com/Open-Wine-Components/umu-launcher/"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
|
||||
@ -74,10 +74,6 @@
|
||||
url = "github:nix-community/srvos";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
umu = {
|
||||
url = "git+https://github.com/Open-Wine-Components/umu-launcher/?dir=packaging\/nix&submodules=1";
|
||||
# inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable";
|
||||
};
|
||||
|
||||
@ -77,7 +77,7 @@
|
||||
fileSystems = {
|
||||
"/media/win-sys" = {
|
||||
fsType = "ntfs";
|
||||
device = "/dev/disk/by-partuuid/5b47cea7-465c-4051-a6ba-76d0eaf42929";
|
||||
device = "/dev/disk/by-partuuid/4fba33e7-6b47-4e3b-b18b-882a58032673";
|
||||
options = [
|
||||
"nofail"
|
||||
"uid=${toString config.users.users.${config.mainuser}.uid}"
|
||||
@ -99,7 +99,7 @@
|
||||
networking.firewall.allowedTCPPorts = [ 8000 5900 52736 3456 1080 ];
|
||||
networking.nameservers = [ "10.10.10.1" ];
|
||||
networking.defaultGateway = "10.10.10.1";
|
||||
networking.bridges.br0.interfaces = [ "enp9s0" ];
|
||||
networking.bridges.br0.interfaces = [ "enp8s0" ];
|
||||
networking.interfaces.br0 = {
|
||||
useDHCP = false;
|
||||
ipv4.addresses = [{
|
||||
|
||||
@ -56,9 +56,7 @@ in {
|
||||
kernelParams = [
|
||||
"zfs.zfs_arc_max=${zfs_arc_max}"
|
||||
"zswap.enabled=0"
|
||||
"quiet"
|
||||
"scsi_mod.use_blk_mq=1"
|
||||
"modeset"
|
||||
"nofb"
|
||||
"pti=off"
|
||||
"spectre_v2=off"
|
||||
|
||||
@ -238,7 +238,7 @@
|
||||
podman.enable = true;
|
||||
podman.dockerSocket.enable = true;
|
||||
containers.registries.search = [
|
||||
"docker.io" "gcr.io" "quay.io"
|
||||
"docker.io" "ghcr.io" "quay.io"
|
||||
];
|
||||
containers.storage.settings = {
|
||||
storage = {
|
||||
|
||||
@ -35,7 +35,8 @@ in {
|
||||
virtualisation.oci-containers.containers = {
|
||||
marzban = {
|
||||
autoStart = true;
|
||||
image = "ghcr.io/gozargah/marzban:v0.7.0";
|
||||
# Tags: v0.8.4
|
||||
image = "ghcr.io/gozargah/marzban@sha256:8e422c21997e5d2e3fa231eeff73c0a19193c20fc02fa4958e9368abb9623b8d";
|
||||
environmentFiles = [ marzban-env ];
|
||||
extraOptions = [ "--network=host" ];
|
||||
volumes = [
|
||||
@ -44,7 +45,8 @@ in {
|
||||
};
|
||||
nginx = {
|
||||
autoStart = true;
|
||||
image = "docker.io/nginx:latest";
|
||||
# Tags: mainline-alpine3.21, mainline-alpine, alpine3.21
|
||||
image = "docker.io/nginx@sha256:e4efffc3236305ae53fb54e5cd76c9ccac0cebf7a23d436a8f91bce6402c2665";
|
||||
extraOptions = [ "--network=host" ];
|
||||
volumes = [
|
||||
"${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
|
||||
|
||||
@ -1,283 +0,0 @@
|
||||
{ modulesPath, self, inputs, lib, pkgs, config, ... }: {
|
||||
disabledModules = [ "${self}/modules/pass-store.nix" ];
|
||||
imports = with inputs.self; [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
(modulesPath + "/profiles/minimal.nix")
|
||||
inputs.disko.nixosModules.disko
|
||||
|
||||
./disk-config.nix
|
||||
./network.nix
|
||||
customModules.devices
|
||||
customModules.libvirt-guests
|
||||
customModules.persist
|
||||
customModules.users
|
||||
|
||||
# customProfiles.hardened
|
||||
customProfiles.nix
|
||||
./services/backups.nix
|
||||
./services/dns.nix
|
||||
./services/tailscale.nix
|
||||
./services/tor-bridge.nix
|
||||
# ./services/wireguard.nix
|
||||
./services/xtls.nix
|
||||
|
||||
customProfiles.authentik
|
||||
customProfiles.hoyolab
|
||||
# customProfiles.radicale
|
||||
# customProfiles.vaultwarden
|
||||
(import customProfiles.headscale {
|
||||
inherit (import ./dns-mapping.nix) headscale-list;
|
||||
})
|
||||
];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages_latest;
|
||||
services.qemuGuest.enable = lib.mkForce true;
|
||||
|
||||
# Impermanence
|
||||
boot.initrd = {
|
||||
# hardware
|
||||
availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||
# reset rootfs on reboot
|
||||
postDeviceCommands = pkgs.lib.mkBefore ''
|
||||
mkdir -p /mnt
|
||||
mount -o subvol=/ /dev/sda4 /mnt
|
||||
|
||||
btrfs subvolume list -o /mnt/rootfs |
|
||||
cut -f9 -d' ' |
|
||||
while read subvolume; do
|
||||
echo "deleting /$subvolume subvolume..."
|
||||
btrfs subvolume delete "/mnt/$subvolume"
|
||||
done &&
|
||||
|
||||
echo "deleting /root subvolume..."
|
||||
btrfs subvolume delete /mnt/rootfs
|
||||
echo "restoring blank /root subvolume..."
|
||||
btrfs subvolume snapshot /mnt/snapshots/rootfs-blank /mnt/rootfs
|
||||
umount /mnt
|
||||
'';
|
||||
};
|
||||
fileSystems."/home".neededForBoot = true;
|
||||
fileSystems."/persist".neededForBoot = true;
|
||||
persist = {
|
||||
enable = true;
|
||||
cache.clean.enable = true;
|
||||
state = {
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
"/etc/ssh/ssh_host_rsa_key"
|
||||
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||
];
|
||||
directories = [
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/systemd"
|
||||
"/var/lib/postgresql"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: write all needed modules in boot.kernelModules
|
||||
security.lockKernelModules = lib.mkForce false;
|
||||
# Misc
|
||||
boot = {
|
||||
supportedFilesystems = [ "vfat" "btrfs" ];
|
||||
kernelModules = [
|
||||
"kvm-intel" "tcp_bbr" "veth"
|
||||
# podman
|
||||
"nft_chain_nat" "xt_addrtype" "xt_comment" "xt_mark" "xt_MASQUERADE"
|
||||
];
|
||||
kernelParams = [
|
||||
"scsi_mod.use_blk_mq=1"
|
||||
"kvm.ignore_msrs=1"
|
||||
"kvm.report_ignored_msrs=0"
|
||||
];
|
||||
kernel.sysctl = {
|
||||
"vm.swappiness" = 50;
|
||||
"vm.vfs_cache_pressure" = 200;
|
||||
"vm.dirty_background_ratio" = 1;
|
||||
"vm.dirty_ratio" = 40;
|
||||
"vm.page-cluster" = 0;
|
||||
# proxy tuning
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
"net.ipv4.tcp_slow_start_after_idle" = 0;
|
||||
"net.core.default_qdisc" = "cake";
|
||||
"net.core.rmem_max" = 67108864;
|
||||
"net.core.wmem_max" = 67108864;
|
||||
"net.core.netdev_max_backlog" = 10000;
|
||||
"net.core.somaxconn" = 4096;
|
||||
"net.ipv4.tcp_syncookies" = 1;
|
||||
"net.ipv4.tcp_tw_reuse" = 1;
|
||||
"net.ipv4.tcp_fin_timeout" = 30;
|
||||
"net.ipv4.tcp_keepalive_time" = 1200;
|
||||
"net.ipv4.tcp_keepalive_probes" = 5;
|
||||
"net.ipv4.tcp_keepalive_intvl" = 30;
|
||||
"net.ipv4.tcp_max_syn_backlog" = 8192;
|
||||
"net.ipv4.tcp_max_tw_buckets" = 5000;
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
"net.ipv4.tcp_mem" = "25600 51200 102400";
|
||||
"net.ipv4.udp_mem" = "25600 51200 102400";
|
||||
"net.ipv4.tcp_rmem" = "4096 87380 67108864";
|
||||
"net.ipv4.tcp_wmem" = "4096 65536 67108864";
|
||||
"net.ipv4.tcp_mtu_probing" = 1;
|
||||
};
|
||||
loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
};
|
||||
zramSwap = {
|
||||
enable = true;
|
||||
algorithm = "zstd";
|
||||
memoryPercent = 100;
|
||||
};
|
||||
|
||||
environment.memoryAllocator.provider = lib.mkForce "libc";
|
||||
deviceSpecific.isServer = true;
|
||||
services.journald.extraConfig = "Compress=false";
|
||||
nix.optimise.automatic = false;
|
||||
nix.distributedBuilds = lib.mkForce false;
|
||||
fonts.enableDefaultPackages = lib.mkForce false;
|
||||
security.polkit.enable = true;
|
||||
# security.pam.enableSSHAgentAuth = true;
|
||||
environment.systemPackages = with pkgs; [
|
||||
bat
|
||||
bottom
|
||||
comma
|
||||
git
|
||||
kitty
|
||||
micro
|
||||
pwgen
|
||||
inputs.nix-alien.packages.${pkgs.hostPlatform.system}.nix-index-update
|
||||
rsync
|
||||
];
|
||||
|
||||
# Locale
|
||||
i18n.defaultLocale = "en_IE.UTF-8";
|
||||
i18n.extraLocaleSettings = {
|
||||
LANGUAGE = "en_IE:en_US:en:C:ru_RU";
|
||||
LC_TIME = "en_DK.UTF-8";
|
||||
LC_ADDRESS = "ru_RU.UTF-8";
|
||||
LC_MONETARY = "ru_RU.UTF-8";
|
||||
LC_NUMERIC = "ru_RU.UTF-8";
|
||||
LC_PAPER = "ru_RU.UTF-8";
|
||||
LC_TELEPHONE = "ru_RU.UTF-8";
|
||||
};
|
||||
i18n.supportedLocales = [
|
||||
"C.UTF-8/UTF-8"
|
||||
"en_DK.UTF-8/UTF-8"
|
||||
"en_GB.UTF-8/UTF-8"
|
||||
"en_IE.UTF-8/UTF-8"
|
||||
"en_US.UTF-8/UTF-8"
|
||||
"ru_RU.UTF-8/UTF-8"
|
||||
];
|
||||
time.timeZone = "Etc/UTC";
|
||||
environment.sessionVariables = {
|
||||
XKB_DEFAULT_LAYOUT = "us,ru";
|
||||
XKB_DEFAULT_OPTIONS = "grp:win_space_toggle";
|
||||
};
|
||||
|
||||
# Hardened
|
||||
networking.firewall = {
|
||||
enable = true;
|
||||
allowPing = false;
|
||||
allowedTCPPorts = lib.mkDefault [ ];
|
||||
allowedUDPPorts = lib.mkDefault [ ];
|
||||
};
|
||||
systemd.coredump.enable = false;
|
||||
|
||||
# Users
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
settings.PasswordAuthentication = false;
|
||||
settings.PermitRootLogin = lib.mkForce "prohibit-password";
|
||||
settings.X11Forwarding = false;
|
||||
extraConfig = "StreamLocalBindUnlink yes";
|
||||
ports = [ 22 ];
|
||||
};
|
||||
users.mutableUsers = false;
|
||||
users.users = {
|
||||
${config.mainuser} = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "disk" "systemd-journal" "wheel" "qemu-libvirtd" "libvirtd" ];
|
||||
uid = 1000;
|
||||
hashedPassword =
|
||||
"$y$j9T$ZC44T3XYOPapB26cyPsA4.$8wlYEbwXFszC9nrg0vafqBZFLMPabXdhnzlT3DhUit6";
|
||||
shell = pkgs.bash;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC+xd8ClJPvJuAdYC9HlNnjiubEtYfvnKjYr9ROV+UmPVvI3ZITF24OaMI+fxgR0EqGfcUzSGom8528IB53Q3aFMIAaA0vKjW+jrByyB2l/k/+ttpLbH75c9WyOpAcUDTen8BhHKPyXOHoJ1jLu7GFmtPZ+mZo8thFB/VIRrwECHd8DnF0drsSCorkRp1bZC7bAHgztaYHNBUoAVGgJ7nLwW7DotlgbUEDiPJHXOxd/c/ZlXIB/cfUUqF+L5ThbMPhMcwRMspLy+nQdmHhih9k6SkvYqJoNqHT5/XeShb0RkIzvUWT2CYTPop5kAY5mMnatVTOY1FZPhHzk3G8MhOQ3r/elM/ecZxmjL8uozMN9kRGf1IL4DgQZfVqQRILdNSQGb0tfeiyirNZe1RlDw9UvMnZJOw0EkiC9lSSRhBWXXxAmxRrbNFTPQSp+/kiIGDmp2AsGhD11CfTDEU3wcLEUPBUqp1FYSzHncJyEKGy2Dpa5xaUJ0cuyGL4W3WHDXa4sTfY+AIXbQTD88Ujdsbfzyd6lrikG4D/crCurXissrh7q9DuYKWRI24cp5bw9lG33U1EXisnZqFyZNwMAmSj2QEGsHCwSevn0FgyRa2WYXgpZ9hfgY4le+ZSMo2JTosQ6DjGyxMDyQAHJ/ismTTzL67Q2p6U+73toYm62Qqdspw== (none)"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDP0/DReYSAfkucroMTdELzTORsGhhbEa+W0FDFBnwViHuoqoKvetCOkW657icexc5v/j6Ghy3+Li9twbHnEDzUJVtNtauhGMjOcUYt6pTbeJ09CGSAh+orxzeY4vXp7ANb91xW8yRn/EE4ALxqbLsc/D7TUMl11fmf0UW+kLgU5TcUYVSLMjQqBpD1Lo7lXLrImloDxe5fwoBDT09E59r9tq6+/3aHz8mpKRLsIQIV0Av00BRJ+/OVmZuBd9WS35rfkpUYmpEVInSJy3G4O6kCvY/zc9Bnh67l4kALZZ0+6W23kBGrzaRfaOtCEcscwfIu+6GXiHOL33rrMNNinF0T2942jGc18feL6P/LZCzqz8bGdFNxT43jAGPeDDcrJEWAJZFO3vVTP65dTRTHQG2KlQMzS7tcif6YUlY2JLJIb61ZfLoShH/ini/tqsGT0Be1f3ndOFt48h4XMW1oIF+EXaHYeO2UJ6855m8Wpxs4bP/jX6vMV38IvvnHy4tWD50= alukard@AMD-Workstation"
|
||||
];
|
||||
};
|
||||
deploy = {
|
||||
description = "The administrator account for the servers.";
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" ];
|
||||
openssh.authorizedKeys.keys =
|
||||
config.users.users.${config.mainuser}.openssh.authorizedKeys.keys;
|
||||
};
|
||||
root.openssh.authorizedKeys.keys =
|
||||
config.users.users.${config.mainuser}.openssh.authorizedKeys.keys;
|
||||
};
|
||||
# Passwordless sudo for deploy user
|
||||
security.sudo = {
|
||||
extraRules = [{
|
||||
users = [ "deploy" ];
|
||||
commands = [{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
extraConfig = ''
|
||||
Defaults lecture = never
|
||||
'';
|
||||
};
|
||||
|
||||
# Podman
|
||||
virtualisation = {
|
||||
oci-containers.backend = lib.mkForce "podman";
|
||||
podman.enable = true;
|
||||
podman.dockerSocket.enable = true;
|
||||
containers.registries.search = [
|
||||
"docker.io" "gcr.io" "quay.io"
|
||||
];
|
||||
containers.storage.settings = {
|
||||
storage = {
|
||||
driver = "overlay";
|
||||
graphroot = "/var/lib/podman/storage";
|
||||
runroot = "/run/containers/storage";
|
||||
};
|
||||
};
|
||||
libvirtd = {
|
||||
enable = true;
|
||||
qemu = {
|
||||
ovmf.enable = true;
|
||||
ovmf.packages = [ pkgs.OVMFFull.fd ];
|
||||
runAsRoot = false;
|
||||
};
|
||||
onBoot = "ignore";
|
||||
onShutdown = "shutdown";
|
||||
};
|
||||
};
|
||||
programs.virt-manager.enable = true;
|
||||
networking.firewall.trustedInterfaces = [ "podman*" "vnet*" "virbr*" ];
|
||||
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
|
||||
security.unprivilegedUsernsClone = true;
|
||||
|
||||
nixpkgs.overlays = let
|
||||
unstable = import self.unstable-nixpkgs {
|
||||
config = config.nixpkgs.config;
|
||||
localSystem = { system = pkgs.hostPlatform.system; };
|
||||
};
|
||||
in [
|
||||
inputs.ataraxiasjel-nur.overlays.default
|
||||
(final: prev: {
|
||||
authentik = unstable.authentik;
|
||||
authentik-outposts = unstable.authentik-outposts;
|
||||
})
|
||||
];
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
nixpkgs.hostPlatform = lib.mkForce "x86_64-linux";
|
||||
}
|
||||
@ -1,100 +0,0 @@
|
||||
{ lib, ... }: {
|
||||
disko.devices.disk.disk1 = {
|
||||
device = lib.mkDefault "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
name = "ESP";
|
||||
size = "512M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
swap = {
|
||||
name = "swap";
|
||||
size = "2G";
|
||||
content = {
|
||||
type = "swap";
|
||||
randomEncryption = true;
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "btrfs";
|
||||
extraArgs = [ "-f" ];
|
||||
postCreateHook = ''
|
||||
mount -t btrfs /dev/sda4 /mnt
|
||||
btrfs subvolume snapshot -r /mnt/rootfs /mnt/snapshots/rootfs-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/home /mnt/snapshots/home-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/docker /mnt/snapshots/docker-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/podman /mnt/snapshots/podman-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/containers /mnt/snapshots/containers-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/libvirt /mnt/snapshots/libvirt-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/log /mnt/snapshots/log-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/impermanence /mnt/snapshots/impermanence-blank
|
||||
btrfs subvolume snapshot -r /mnt/persistent/srv /mnt/snapshots/srv-blank
|
||||
umount /mnt
|
||||
'';
|
||||
subvolumes = {
|
||||
"/snapshots" = { };
|
||||
"/rootfs" = {
|
||||
mountpoint = "/";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent" = { };
|
||||
"/persistent/nix" = {
|
||||
mountpoint = "/nix";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/home" = {
|
||||
mountpoint = "/home";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/srv" = {
|
||||
mountpoint = "/srv";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/docker" = {
|
||||
mountpoint = "/var/lib/docker";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/podman" = {
|
||||
mountpoint = "/var/lib/podman";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/containers" = {
|
||||
mountpoint = "/var/lib/containers";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/libvirt" = {
|
||||
mountpoint = "/var/lib/libvirt";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/log" = {
|
||||
mountpoint = "/var/log";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
"/persistent/impermanence" = {
|
||||
mountpoint = "/persist";
|
||||
mountOptions = [ "compress=zstd" "noatime" "autodefrag" "ssd" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -1,101 +0,0 @@
|
||||
{
|
||||
headscale-list = [
|
||||
{ name = "ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "api.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
# { name = "auth.ataraxiadev.com"; type = "A"; value = "100.64.0.1"; }
|
||||
{ name = "cache.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "cal.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "home.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "jackett.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "jellyfin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "joplin.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "kavita.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "ldap.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "lib.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "matrix.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "medusa.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "net.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "openbooks.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "pdf.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "qbit.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "radarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "restic.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "s3.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "sonarr.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "stats.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "tools.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "turn.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "vault.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "vw.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
{ name = "wiki.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
|
||||
|
||||
{ name = "ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "api.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
# { name = "auth.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::1"; }
|
||||
{ name = "cache.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "cal.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "home.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "jackett.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "jellyfin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "joplin.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "kavita.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "ldap.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "lib.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "matrix.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "medusa.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "net.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "openbooks.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "pdf.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "qbit.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "radarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "restic.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "s3.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "sonarr.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "stats.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "tools.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "turn.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "vault.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "vw.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
{ name = "wiki.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
|
||||
];
|
||||
dnsmasq-list = [
|
||||
"/api.ataraxiadev.com/10.10.10.10"
|
||||
"/cache.ataraxiadev.com/10.10.10.10"
|
||||
"/cal.ataraxiadev.com/10.10.10.10"
|
||||
"/code.ataraxiadev.com/10.10.10.10"
|
||||
"/docs.ataraxiadev.com/10.10.10.10"
|
||||
"/element.ataraxiadev.com/10.10.10.10"
|
||||
"/file.ataraxiadev.com/10.10.10.10"
|
||||
"/home.ataraxiadev.com/10.10.10.10"
|
||||
"/jackett.ataraxiadev.com/10.10.10.10"
|
||||
"/jellyfin.ataraxiadev.com/10.10.10.10"
|
||||
"/joplin.ataraxiadev.com/10.10.10.10"
|
||||
"/kavita.ataraxiadev.com/10.10.10.10"
|
||||
"/ldap.ataraxiadev.com/10.10.10.10"
|
||||
"/lib.ataraxiadev.com/10.10.10.10"
|
||||
"/matrix.ataraxiadev.com/10.10.10.10"
|
||||
"/medusa.ataraxiadev.com/10.10.10.10"
|
||||
"/net.ataraxiadev.com/10.10.10.10"
|
||||
"/openbooks.ataraxiadev.com/10.10.10.10"
|
||||
"/pdf.ataraxiadev.com/10.10.10.10"
|
||||
"/qbit.ataraxiadev.com/10.10.10.10"
|
||||
"/radarr.ataraxiadev.com/10.10.10.10"
|
||||
"/restic.ataraxiadev.com/10.10.10.10"
|
||||
"/s3.ataraxiadev.com/10.10.10.10"
|
||||
"/sonarr.ataraxiadev.com/10.10.10.10"
|
||||
"/stats.ataraxiadev.com/10.10.10.10"
|
||||
"/tools.ataraxiadev.com/10.10.10.10"
|
||||
"/turn.ataraxiadev.com/10.10.10.10"
|
||||
"/vault.ataraxiadev.com/10.10.10.10"
|
||||
"/vw.ataraxiadev.com/10.10.10.10"
|
||||
"/wiki.ataraxiadev.com/10.10.10.10"
|
||||
];
|
||||
}
|
||||
@ -1,97 +0,0 @@
|
||||
rec {
|
||||
privateIPv6Prefix = "fd3a:900e:8e74:ffff";
|
||||
domain = "wg.ataraxiadev.com";
|
||||
hasIPv6 = false;
|
||||
|
||||
interfaces = {
|
||||
# This is the public-facing interface. Any interface name with a prime
|
||||
# symbol means it's a public-facing interface.
|
||||
main' = {
|
||||
mac = "bc:24:11:79:81:d7";
|
||||
bridgeName = "br0";
|
||||
ifname = "enp0s18";
|
||||
IPv4 = {
|
||||
address = "45.135.180.193/32";
|
||||
gateway = "45.135.180.1";
|
||||
dns = [ "9.9.9.9" "149.112.112.112" ];
|
||||
};
|
||||
IPv6 = {
|
||||
address = "";
|
||||
gateway = "";
|
||||
dns = [ ];
|
||||
};
|
||||
};
|
||||
|
||||
wireguard0 = {
|
||||
ifname = "wg0";
|
||||
dns = [ "${privateIPv6Prefix}::0:53" ];
|
||||
IPv4 = {
|
||||
address = "10.100.0.1";
|
||||
subnet = "10.100.0.0/16";
|
||||
};
|
||||
IPv6 = {
|
||||
address = "${privateIPv6Prefix}::1";
|
||||
subnet = "${privateIPv6Prefix}::0/64";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Wireguard-related things.
|
||||
wireguardPort = 40820;
|
||||
wireguardIPv4Prefix = "10.100.0";
|
||||
wireguardIPv6Prefix = "${privateIPv6Prefix}::0";
|
||||
wireguardPeers = {
|
||||
server = with interfaces.wireguard0; {
|
||||
IPv4 = IPv4.address;
|
||||
IPv6 = IPv6.address;
|
||||
};
|
||||
ataraxia = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.2";
|
||||
IPv6 = "${wireguardIPv6Prefix}:2";
|
||||
};
|
||||
hypervisor = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.3";
|
||||
IPv6 = "${wireguardIPv6Prefix}:3";
|
||||
};
|
||||
mikrotik = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.4";
|
||||
IPv6 = "${wireguardIPv6Prefix}:4";
|
||||
};
|
||||
poco = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.5";
|
||||
IPv6 = "${wireguardIPv6Prefix}:5";
|
||||
};
|
||||
kpoxa = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.6";
|
||||
IPv6 = "${wireguardIPv6Prefix}:6";
|
||||
};
|
||||
kpoxa2 = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.7";
|
||||
IPv6 = "${wireguardIPv6Prefix}:7";
|
||||
};
|
||||
faysss = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.8";
|
||||
IPv6 = "${wireguardIPv6Prefix}:8";
|
||||
};
|
||||
faysss2 = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.9";
|
||||
IPv6 = "${wireguardIPv6Prefix}:9";
|
||||
};
|
||||
faysss3 = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.10";
|
||||
IPv6 = "${wireguardIPv6Prefix}:a";
|
||||
};
|
||||
doste = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.11";
|
||||
IPv6 = "${wireguardIPv6Prefix}:b";
|
||||
};
|
||||
dell = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.12";
|
||||
IPv6 = "${wireguardIPv6Prefix}:c";
|
||||
};
|
||||
hypervisor-dns = {
|
||||
IPv4 = "${wireguardIPv4Prefix}.13";
|
||||
IPv6 = "${wireguardIPv6Prefix}:d";
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -1,67 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import ./hardware/networks.nix) interfaces domain hasIPv6;
|
||||
in {
|
||||
services.resolved.enable = true;
|
||||
networking = {
|
||||
enableIPv6 = lib.mkForce hasIPv6;
|
||||
usePredictableInterfaceNames = lib.mkForce true;
|
||||
useDHCP = false;
|
||||
dhcpcd.enable = false;
|
||||
nftables.enable = false; # incompatible with tailscale and docker
|
||||
hostName = config.device;
|
||||
domain = domain;
|
||||
nameservers = with interfaces.main'; IPv4.dns ++ lib.optionals hasIPv6 IPv6.dns;
|
||||
};
|
||||
|
||||
systemd.network = with interfaces.main'; {
|
||||
enable = true;
|
||||
wait-online.ignoredInterfaces = [ "lo" ];
|
||||
networks = {
|
||||
"40-${ifname}" = {
|
||||
matchConfig.Name = ifname;
|
||||
linkConfig.RequiredForOnline = "enslaved";
|
||||
networkConfig.Bridge = bridgeName;
|
||||
networkConfig.DHCP = "no";
|
||||
};
|
||||
"60-${bridgeName}" = {
|
||||
matchConfig.Name = bridgeName;
|
||||
address = [
|
||||
IPv4.address
|
||||
"192.168.0.1/24"
|
||||
] ++ lib.optionals hasIPv6 [
|
||||
IPv6.address
|
||||
"fc00::1/64"
|
||||
];
|
||||
linkConfig.RequiredForOnline = "routable";
|
||||
routes = [{
|
||||
routeConfig.Gateway = IPv4.gateway;
|
||||
routeConfig.GatewayOnLink = true;
|
||||
}] ++ lib.optionals hasIPv6 [{
|
||||
routeConfig.Gateway = IPv6.gateway;
|
||||
routeConfig.GatewayOnLink = true;
|
||||
}];
|
||||
dhcpServerConfig = {
|
||||
ServerAddress = "192.168.0.1/24";
|
||||
PoolOffset = 100;
|
||||
PoolSize = 100;
|
||||
};
|
||||
};
|
||||
};
|
||||
netdevs = {
|
||||
"60-${bridgeName}" = {
|
||||
netdevConfig = {
|
||||
Kind = "bridge";
|
||||
Name = bridgeName;
|
||||
MACAddress = mac;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
system.activationScripts.udp-gro-forwarding = {
|
||||
text = with interfaces.main'; ''
|
||||
${pkgs.ethtool}/bin/ethtool -K ${bridgeName} rx-udp-gro-forwarding on rx-gro-list off
|
||||
'';
|
||||
};
|
||||
}
|
||||
@ -1,65 +0,0 @@
|
||||
{ config, lib, inputs, ... }: {
|
||||
imports = [ inputs.ataraxiasjel-nur.nixosModules.rustic ];
|
||||
backups.postgresql.authentik.proxyAddress = lib.mkForce null;
|
||||
|
||||
sops.secrets.rustic-vps-pass.sopsFile = inputs.self.secretsDir + /rustic.yaml;
|
||||
sops.secrets.rustic-backups-s3-env.sopsFile = inputs.self.secretsDir + /rustic.yaml;
|
||||
services.rustic.backups = rec {
|
||||
vps-backup = {
|
||||
backup = true;
|
||||
prune = false;
|
||||
initialize = false;
|
||||
pruneOpts = [ "--repack-cacheable-only=false" ];
|
||||
environmentFile = config.sops.secrets.rustic-backups-s3-env.path;
|
||||
timerConfig = {
|
||||
OnCalendar = "01:00";
|
||||
Persistent = true;
|
||||
};
|
||||
settings = let
|
||||
label = "vps-containers";
|
||||
in {
|
||||
repository = {
|
||||
repository = "opendal:s3";
|
||||
password-file = config.sops.secrets.rustic-vps-pass.path;
|
||||
options = {
|
||||
root = label;
|
||||
bucket = "ataraxia-rustic-backups";
|
||||
region = "eu-central-003";
|
||||
endpoint = "https://s3.eu-central-003.backblazeb2.com";
|
||||
};
|
||||
};
|
||||
repository.options = {
|
||||
timeout = "5min";
|
||||
retry = "10";
|
||||
};
|
||||
backup = {
|
||||
host = config.device;
|
||||
label = label;
|
||||
ignore-devid = true;
|
||||
group-by = "label";
|
||||
skip-identical-parent = true;
|
||||
snapshots = [{
|
||||
sources = [ "/srv/marzban" ];
|
||||
}];
|
||||
};
|
||||
forget = {
|
||||
filter-labels = [ label ];
|
||||
group-by = "label";
|
||||
prune = true;
|
||||
keep-daily = 4;
|
||||
keep-weekly = 2;
|
||||
keep-monthly = 1;
|
||||
};
|
||||
};
|
||||
};
|
||||
vps-prune = vps-backup // {
|
||||
backup = false;
|
||||
prune = true;
|
||||
createWrapper = false;
|
||||
timerConfig = {
|
||||
OnCalendar = "Mon, 02:00";
|
||||
Persistent = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -1,239 +0,0 @@
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import ../hardware/networks.nix) interfaces;
|
||||
wg = interfaces.wireguard0;
|
||||
wgIfname = wg.ifname;
|
||||
brIfname = interfaces.main'.bridgeName;
|
||||
tailscaleIfname = config.services.tailscale.interfaceName;
|
||||
in {
|
||||
networking.extraHosts = ''
|
||||
192.0.46.9 www.internic.net
|
||||
'';
|
||||
# For debugging purposes
|
||||
environment.systemPackages = with pkgs; [ tcpdump dnsutils ];
|
||||
services.resolved.extraConfig = ''
|
||||
DNSStubListener=off
|
||||
'';
|
||||
systemd.network.networks."20-${brIfname}".networkConfig.DNS = lib.mkForce "127.0.0.1";
|
||||
systemd.network.networks."90-${wgIfname}".networkConfig.DNS = lib.mkForce "127.0.0.1";
|
||||
|
||||
networking.firewall.interfaces = let
|
||||
ports = {
|
||||
allowedTCPPorts = [
|
||||
config.services.blocky.settings.ports.dns
|
||||
# config.services.grafana.settings.server.http_port
|
||||
];
|
||||
allowedUDPPorts = [
|
||||
config.services.blocky.settings.ports.dns
|
||||
];
|
||||
};
|
||||
in {
|
||||
${wgIfname} = ports;
|
||||
${tailscaleIfname} = ports;
|
||||
};
|
||||
|
||||
# TODO: DoH (https://unbound.docs.nlnetlabs.nl/en/latest/topics/privacy/dns-over-https.html)
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
package = pkgs.unbound-full;
|
||||
settings = {
|
||||
server = {
|
||||
root-hints = "${config.services.unbound.stateDir}/root.hints";
|
||||
port = "553";
|
||||
interface = [
|
||||
"127.0.0.1"
|
||||
"::1"
|
||||
];
|
||||
access-control = [
|
||||
"0.0.0.0/0 refuse"
|
||||
"127.0.0.0/8 allow"
|
||||
"::0/0 refuse"
|
||||
"::1 allow"
|
||||
];
|
||||
private-address = [
|
||||
"127.0.0.0/8"
|
||||
"::1"
|
||||
];
|
||||
hide-version = "yes";
|
||||
aggressive-nsec = "yes";
|
||||
cache-max-ttl = "86400";
|
||||
cache-min-ttl = "600";
|
||||
deny-any = "yes";
|
||||
do-ip4 = "yes";
|
||||
do-ip6 = "yes";
|
||||
do-tcp = "yes";
|
||||
do-udp = "yes";
|
||||
harden-algo-downgrade = "yes";
|
||||
harden-dnssec-stripped = "yes";
|
||||
harden-glue = "yes";
|
||||
harden-large-queries = "yes";
|
||||
harden-referral-path = "yes";
|
||||
harden-short-bufsize = "yes";
|
||||
hide-identity = "yes";
|
||||
minimal-responses = "yes";
|
||||
msg-cache-size = "128m";
|
||||
neg-cache-size = "4m";
|
||||
prefer-ip6 = "no";
|
||||
prefetch = "yes";
|
||||
prefetch-key = "yes";
|
||||
qname-minimisation = "yes";
|
||||
rrset-cache-size = "256m";
|
||||
rrset-roundrobin = "yes";
|
||||
serve-expired = "yes";
|
||||
so-rcvbuf = "4m";
|
||||
so-reuseport = "yes";
|
||||
so-sndbuf = "4m";
|
||||
unwanted-reply-threshold = "100000";
|
||||
use-caps-for-id = "yes";
|
||||
};
|
||||
cachedb = {
|
||||
backend = "redis";
|
||||
redis-server-host = "127.0.0.1";
|
||||
redis-server-port = toString config.services.redis.servers.unbound.port;
|
||||
redis-timeout = "300";
|
||||
redis-expire-records = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
services.redis.vmOverCommit = true;
|
||||
services.redis.servers.unbound = {
|
||||
enable = true;
|
||||
port = 7379;
|
||||
databases = 1;
|
||||
save = [ [ 3600 1 ] [ 1800 10 ] [ 600 100 ] ];
|
||||
settings = {
|
||||
maxmemory = "16mb";
|
||||
protected-mode = true;
|
||||
rdbchecksum = false;
|
||||
stop-writes-on-bgsave-error = false;
|
||||
tcp-keepalive = 300;
|
||||
timeout = 0;
|
||||
};
|
||||
};
|
||||
# TODO: maybe set internic ip address to hosts?
|
||||
systemd.services.root-hints = {
|
||||
script = ''
|
||||
${pkgs.wget}/bin/wget -O ${config.services.unbound.stateDir}/root.hints https://www.internic.net/domain/named.root
|
||||
'';
|
||||
serviceConfig.Type = "oneshot";
|
||||
startAt = "weekly";
|
||||
};
|
||||
# systemd.services.unbound = {
|
||||
# after = [ "root-hints.service" ];
|
||||
# };
|
||||
# Blocky + prometheus + grafana
|
||||
services.blocky = {
|
||||
enable = true;
|
||||
settings = {
|
||||
upstream.default = [ "127.0.0.1:553" "[::1]:553" ];
|
||||
upstreamTimeout = "10s";
|
||||
bootstrapDns = [{
|
||||
upstream = "https://dns.quad9.net/dns-query";
|
||||
ips = [ "9.9.9.9" "149.112.112.112" ];
|
||||
}];
|
||||
blocking = {
|
||||
blackLists = {
|
||||
ads = [
|
||||
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
|
||||
"https://github.com/RPiList/specials/raw/master/Blocklisten/malware"
|
||||
];
|
||||
telemetry = [
|
||||
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
|
||||
"https://github.com/RPiList/specials/raw/master/Blocklisten/MS-Office-Telemetry"
|
||||
"https://github.com/RPiList/specials/raw/master/Blocklisten/Win10Telemetry"
|
||||
../../../misc/telemetry.hosts
|
||||
];
|
||||
};
|
||||
clientGroupsBlock.default = [ "ads" "telemetry" ];
|
||||
};
|
||||
# disable caching (use unbound)
|
||||
caching = {
|
||||
minTime = -1;
|
||||
maxTime = -1;
|
||||
cacheTimeNegative = -1;
|
||||
prefetching = false;
|
||||
};
|
||||
ports = {
|
||||
dns = 53;
|
||||
http = "127.0.0.1:4000";
|
||||
};
|
||||
prometheus.enable = true;
|
||||
queryLog = {
|
||||
type = "console";
|
||||
};
|
||||
};
|
||||
};
|
||||
# services.prometheus = {
|
||||
# enable = true;
|
||||
# listenAddress = "127.0.0.1";
|
||||
# globalConfig.scrape_interval = "15s";
|
||||
# globalConfig.evaluation_interval = "15s";
|
||||
# scrapeConfigs = [{
|
||||
# job_name = "blocky";
|
||||
# static_configs = [{
|
||||
# targets = [ config.services.blocky.settings.ports.http ];
|
||||
# }];
|
||||
# }];
|
||||
# };
|
||||
# services.grafana = {
|
||||
# enable = true;
|
||||
# settings = {
|
||||
# analytics.reporting_enabled = false;
|
||||
# server = {
|
||||
# enable_gzip = true;
|
||||
# domain = "localhost";
|
||||
# http_addr = "0.0.0.0";
|
||||
# http_port = 3000;
|
||||
# };
|
||||
# # Grafana can be accessed only through wireguard, so it's secure enough
|
||||
# security = {
|
||||
# admin_user = "admin";
|
||||
# admin_password = "admin";
|
||||
# };
|
||||
# panels.disable_sanitize_html = true;
|
||||
# };
|
||||
# provision = {
|
||||
# enable = true;
|
||||
# datasources.settings = {
|
||||
# datasources = [{
|
||||
# name = "Prometheus";
|
||||
# type = "prometheus";
|
||||
# access = "proxy";
|
||||
# orgId = 1;
|
||||
# uid = "Y4SSG429DWCGDQ3R";
|
||||
# url = "http://127.0.0.1:${toString config.services.prometheus.port}";
|
||||
# isDefault = true;
|
||||
# jsonData = {
|
||||
# graphiteVersion = "1.1";
|
||||
# tlsAuth = false;
|
||||
# tlsAuthWithCACert = false;
|
||||
# };
|
||||
# version = 1;
|
||||
# editable = true;
|
||||
# }];
|
||||
# };
|
||||
# dashboards = {
|
||||
# settings = {
|
||||
# providers = [{
|
||||
# name = "My Dashboards";
|
||||
# options.path = "/etc/grafana-dashboards";
|
||||
# }];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# environment.etc = {
|
||||
# "grafana-dashboards/blocky_rev3.json" = {
|
||||
# source = ../../../misc/grafana_blocky_rev3.json;
|
||||
# group = "grafana";
|
||||
# user = "grafana";
|
||||
# };
|
||||
# };
|
||||
|
||||
persist.state.directories = [
|
||||
"/var/lib/grafana"
|
||||
"/var/lib/prometheus2"
|
||||
"/var/lib/redis-unbound"
|
||||
"/var/lib/unbound"
|
||||
];
|
||||
}
|
||||
@ -1,38 +0,0 @@
|
||||
{ config, inputs, ... }:
|
||||
let
|
||||
bridgeName = (import ../hardware/networks.nix).interfaces.main'.bridgeName;
|
||||
tailscalePort = config.services.tailscale.port;
|
||||
tailscaleIfname = config.services.tailscale.interfaceName;
|
||||
ssPort1 = 2234;
|
||||
ssPort2 = 2235;
|
||||
in {
|
||||
imports = [ inputs.ataraxiasjel-nur.nixosModules.rinetd ];
|
||||
|
||||
networking.firewall.trustedInterfaces = [ tailscaleIfname ];
|
||||
networking.firewall.interfaces.${bridgeName} = {
|
||||
allowedUDPPorts = [ tailscalePort ];
|
||||
allowedTCPPorts = [ ssPort1 ssPort2 ];
|
||||
};
|
||||
|
||||
systemd.network.networks."50-tailscale" = {
|
||||
matchConfig.Name = tailscaleIfname;
|
||||
linkConfig.Unmanaged = true;
|
||||
linkConfig.ActivationPolicy = "manual";
|
||||
};
|
||||
|
||||
services.tailscale = {
|
||||
enable = true;
|
||||
port = 18491;
|
||||
useRoutingFeatures = "both";
|
||||
};
|
||||
|
||||
persist.state.directories = [ "/var/lib/tailscale" ];
|
||||
|
||||
services.rinetd = {
|
||||
enable = true;
|
||||
settings = ''
|
||||
0.0.0.0 ${toString ssPort1} 100.64.0.2 ${toString ssPort1}
|
||||
0.0.0.0 ${toString ssPort2} 100.64.0.3 ${toString ssPort2}
|
||||
'';
|
||||
};
|
||||
}
|
||||
@ -1,46 +0,0 @@
|
||||
{ pkgs, ... }:
|
||||
let
|
||||
inherit (import ../hardware/networks.nix) interfaces;
|
||||
bridgeName = interfaces.main'.bridgeName;
|
||||
obfs4Port = 18371;
|
||||
orPort = 17429;
|
||||
in {
|
||||
networking.firewall.interfaces.${bridgeName} = {
|
||||
allowedTCPPorts = [ obfs4Port orPort ];
|
||||
};
|
||||
|
||||
# We can get bridge cert from file: /var/lib/tor/pt_state/obfs4_bridgeline.txt
|
||||
# Fingerprint can be obtained from tor.service logs
|
||||
services.tor = {
|
||||
enable = true;
|
||||
enableGeoIP = true;
|
||||
client.enable = false;
|
||||
relay.enable = true;
|
||||
relay.role = "private-bridge";
|
||||
settings = {
|
||||
BridgeDistribution = "none";
|
||||
BridgeRelay = true;
|
||||
ContactInfo = "admin@ataraxiadev.com";
|
||||
ORPort = [ orPort ];
|
||||
ServerTransportListenAddr = "obfs4 0.0.0.0:${toString obfs4Port}";
|
||||
Nickname = "Ataraxia";
|
||||
};
|
||||
};
|
||||
|
||||
services.networkd-dispatcher = {
|
||||
enable = true;
|
||||
rules."restart-tor" = {
|
||||
onState = [ "routable" "off" ];
|
||||
script = ''
|
||||
#!${pkgs.runtimeShell}
|
||||
if [[ $IFACE == "${bridgeName}" && $AdministrativeState == "configured" ]]; then
|
||||
echo "Restarting Tor ..."
|
||||
systemctl restart tor
|
||||
fi
|
||||
exit 0
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
persist.state.directories = [ "/var/lib/tor" ];
|
||||
}
|
||||
@ -1,132 +0,0 @@
|
||||
{ lib, pkgs, ... }:
|
||||
let
|
||||
inherit (import ../hardware/networks.nix) interfaces wireguardPort wireguardPeers hasIPv6;
|
||||
wireguardIFName = interfaces.wireguard0.ifname;
|
||||
in {
|
||||
# Sometimes we need to disable checksum validation
|
||||
# ethtool -K br0 tx off rx off
|
||||
# ethtool -K enp0s1 tx off rx off
|
||||
environment.systemPackages = [ pkgs.wireguard-tools ];
|
||||
|
||||
networking.firewall = {
|
||||
allowedUDPPorts = [ wireguardPort ];
|
||||
checkReversePath = lib.mkForce false;
|
||||
};
|
||||
|
||||
boot.kernelModules = [ "wireguard" ];
|
||||
systemd.network = {
|
||||
wait-online.ignoredInterfaces = [ wireguardIFName ];
|
||||
|
||||
networks."90-${wireguardIFName}" = with interfaces.wireguard0; {
|
||||
matchConfig.Name = wireguardIFName;
|
||||
address = [
|
||||
"${IPv4.address}/16"
|
||||
] ++ lib.optionals hasIPv6 [
|
||||
"${IPv6.address}/64"
|
||||
];
|
||||
DHCP = "no";
|
||||
networkConfig = {
|
||||
IPForward = true;
|
||||
IPMasquerade = "both";
|
||||
DNS = interfaces.main'.IPv4.dns ++ lib.optionals hasIPv6 interfaces.main'.IPv6.dns;
|
||||
};
|
||||
};
|
||||
|
||||
netdevs."90-${wireguardIFName}" = {
|
||||
netdevConfig = {
|
||||
Name = wireguardIFName;
|
||||
Kind = "wireguard";
|
||||
};
|
||||
wireguardConfig = {
|
||||
PrivateKeyFile = "/srv/wireguard/private";
|
||||
ListenPort = wireguardPort;
|
||||
};
|
||||
wireguardPeers = [
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.ataraxia; {
|
||||
PublicKey = "qjkV4V0on7H3hXG7udKOv4Qu/IUBrsDcXNZt3MupP3o=";
|
||||
PresharedKeyFile = "/srv/wireguard/ataraxia/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.hypervisor; {
|
||||
PublicKey = "oKQ3HXZ1wwWyVgmA4RoCXscImohqB8hdMzP1FRArw0o=";
|
||||
PresharedKeyFile = "/srv/wireguard/hypervisor/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.mikrotik; {
|
||||
PublicKey = "amReLTZgu6pwtKCnk1q8EG5uZSgUNxRoh5m3w1D3rQo=";
|
||||
PresharedKeyFile = "/srv/wireguard/mikrotik/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.poco; {
|
||||
PublicKey = "ZbBJziuMjyHJNcgrLYIQtio7l3fEOJ4GXW4ST+N9V34=";
|
||||
PresharedKeyFile = "/srv/wireguard/poco/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.kpoxa; {
|
||||
PublicKey = "U1wtbS8/yQGkBnBQUZs7KxxmvAajKb9jh83dDd2LdgE=";
|
||||
PresharedKeyFile = "/srv/wireguard/kpoxa/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.kpoxa2; {
|
||||
PublicKey = "ghU3Puwz5PeXmnDlxyh+IeuwFK44V3rXlMiFGs5YnwI=";
|
||||
PresharedKeyFile = "/srv/wireguard/kpoxa2/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.faysss; {
|
||||
PublicKey = "JLvKyFwI7b9MsiZsnNAt3qs5ob18b3mrOZKR5HZCORY=";
|
||||
PresharedKeyFile = "/srv/wireguard/faysss/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.faysss2; {
|
||||
PublicKey = "S6k9l0K5/YmO5BPETQludC1CBHsKLsk9+n6kwSjx4n8=";
|
||||
PresharedKeyFile = "/srv/wireguard/faysss2/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.faysss3; {
|
||||
PublicKey = "ka42gE67gShu88Ko7iQ/pK8zusod6bNIrIN8fkxVkC4=";
|
||||
PresharedKeyFile = "/srv/wireguard/faysss3/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.doste; {
|
||||
PublicKey = "KVbEaO4DSpTb941zxOPQLWq2Glm9CDgK/9MwW95WuC0=";
|
||||
PresharedKeyFile = "/srv/wireguard/doste/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.dell; {
|
||||
PublicKey = "//ss9UEHRFEZL4LbZaA1HiRUrMrn97kc7CmblUORXTc=";
|
||||
PresharedKeyFile = "/srv/wireguard/dell/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
wireguardPeerConfig = with wireguardPeers.hypervisor-dns; {
|
||||
PublicKey = "x4uavQEEfhdqNC4FCOPfKlEDRJiwOz4dy2W1KhJtnwc=";
|
||||
PresharedKeyFile = "/srv/wireguard/hypervisor-dns/preshared";
|
||||
AllowedIPs = [ "${IPv4}/32" "${IPv6}/128" ];
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
@ -1,96 +0,0 @@
|
||||
{ config, pkgs, inputs, modulesPath, ... }:
|
||||
let
|
||||
inherit (pkgs.hostPlatform) system;
|
||||
cert-key = config.sops.secrets."cert.key".path;
|
||||
cert-pem = config.sops.secrets."cert.pem".path;
|
||||
nginx-conf = config.sops.secrets."nginx.conf".path;
|
||||
marzban-env = config.sops.secrets.marzban.path;
|
||||
fqdn = "wg.ataraxiadev.com";
|
||||
in {
|
||||
disabledModules = [ "${modulesPath}/services/web-apps/ocis.nix" ];
|
||||
imports = [ inputs.ataraxiasjel-nur.nixosModules.ocis ];
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
sops.secrets = let
|
||||
nginx = {
|
||||
sopsFile = inputs.self.secretsDir + /nixos-vps/nginx.yaml;
|
||||
restartUnits = [ "podman-nginx.service" ];
|
||||
};
|
||||
marzban = {
|
||||
format = "dotenv";
|
||||
sopsFile = inputs.self.secretsDir + /nixos-vps/marzban.env;
|
||||
restartUnits = [ "podman-marzban.service" ];
|
||||
};
|
||||
cf-dns-api = {
|
||||
sopsFile = inputs.self.secretsDir + /misc.yaml;
|
||||
owner = "acme";
|
||||
};
|
||||
in {
|
||||
"cert.key" = nginx;
|
||||
"cert.pem" = nginx;
|
||||
"nginx.conf" = nginx;
|
||||
inherit cf-dns-api marzban;
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
marzban = {
|
||||
autoStart = true;
|
||||
image = "ghcr.io/gozargah/marzban:v0.7.0";
|
||||
environmentFiles = [ marzban-env ];
|
||||
extraOptions = [ "--network=host" ];
|
||||
volumes = [
|
||||
"/srv/marzban:/var/lib/marzban"
|
||||
];
|
||||
};
|
||||
nginx = {
|
||||
autoStart = true;
|
||||
image = "docker.io/nginx:latest";
|
||||
extraOptions = [ "--network=host" ];
|
||||
volumes = [
|
||||
"${cert-key}:/etc/ssl/certs/cf-cert.key:ro"
|
||||
"${cert-pem}:/etc/ssl/certs/cf-cert.pem:ro"
|
||||
"${config.security.acme.certs.${fqdn}.directory}/fullchain.pem:/etc/ssl/certs/cert.pem:ro"
|
||||
"${config.security.acme.certs.${fqdn}.directory}/key.pem:/etc/ssl/certs/cert.key:ro"
|
||||
"${nginx-conf}:/etc/nginx/nginx.conf:ro"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.ocis = {
|
||||
enable = true;
|
||||
package = inputs.ataraxiasjel-nur.packages.${system}.ocis-bin;
|
||||
configDir = "/srv/ocis/config";
|
||||
baseDataPath = "/srv/ocis/data";
|
||||
environment = {
|
||||
OCIS_INSECURE = "false";
|
||||
OCIS_URL = "https://cloud.ataraxiadev.com";
|
||||
PROXY_HTTP_ADDR = "127.0.0.1:9200";
|
||||
PROXY_TLS = "false";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /srv/marzban 0755 root root -"
|
||||
];
|
||||
|
||||
# OpenConnect
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.server = "https://acme-v02.api.letsencrypt.org/directory"; # production
|
||||
defaults.email = "admin@ataraxiadev.com";
|
||||
defaults.renewInterval = "weekly";
|
||||
certs = {
|
||||
${fqdn} = {
|
||||
extraDomainNames = [
|
||||
"auth.ataraxiadev.com"
|
||||
"doh.ataraxiadev.com"
|
||||
];
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialFiles."CF_DNS_API_TOKEN_FILE" = config.sops.secrets.cf-dns-api.path;
|
||||
reloadServices = [ "podman-nginx.service" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
persist.state.directories = [ "/var/lib/acme" ];
|
||||
}
|
||||
@ -1 +0,0 @@
|
||||
x86_64-linux
|
||||
@ -6,7 +6,7 @@
|
||||
pkgs.osu-lazer-bin
|
||||
pkgs.protonup-qt
|
||||
pkgs.realrtcw
|
||||
# pkgs.umu-launcher
|
||||
pkgs.umu-launcher
|
||||
pkgs.wine
|
||||
];
|
||||
persist.state.homeDirectories = [
|
||||
|
||||
@ -35,7 +35,7 @@ with config.deviceSpecific; {
|
||||
};
|
||||
|
||||
kernelParams =
|
||||
[ "zswap.enabled=0" "quiet" "scsi_mod.use_blk_mq=1" "modeset" "nofb" ]
|
||||
[ "zswap.enabled=0" "scsi_mod.use_blk_mq=1" "nofb" ]
|
||||
++ lib.optionals (pkgs.hostPlatform.system == "x86_64-linux") [
|
||||
"rd.systemd.show_status=auto"
|
||||
"rd.udev.log_priority=3"
|
||||
|
||||
@ -37,7 +37,7 @@
|
||||
"lockdown=confidentiality"
|
||||
"module.sig_enforce=1"
|
||||
"oops=panic"
|
||||
"quiet" "loglevel=0"
|
||||
"loglevel=0"
|
||||
"slab_nomerge"
|
||||
"vsyscall=none"
|
||||
];
|
||||
|
||||
@ -20,7 +20,7 @@ with lib; {
|
||||
attic-client = inputs.attic.packages.${system}.attic;
|
||||
attic-server = inputs.attic.packages.${system}.attic-server;
|
||||
cassowary-py = inputs.cassowary.packages.${system}.cassowary;
|
||||
# heroic = (prev.heroic.override { extraPkgs = pkgs: [ final.umu-launcher ]; });
|
||||
heroic = (prev.heroic.override { extraPkgs = pkgs: [ final.umu-launcher ]; });
|
||||
nix-alien = inputs.nix-alien.packages.${system}.nix-alien;
|
||||
nix-fast-build = inputs.nix-fast-build.packages.${system}.default;
|
||||
nix-index-update = inputs.nix-alien.packages.${system}.nix-index-update;
|
||||
@ -37,7 +37,6 @@ with lib; {
|
||||
steam = prev.steam.override {
|
||||
extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
|
||||
};
|
||||
# umu-launcher = inputs.umu.packages.${system}.umu;
|
||||
wine = prev.wineWow64Packages.stagingFull;
|
||||
intel-vaapi-driver = prev.intel-vaapi-driver.override { enableHybridCodec = true; };
|
||||
|
||||
|
||||
@ -15,7 +15,8 @@
|
||||
|
||||
virtualisation.oci-containers.containers.docker-proxy = {
|
||||
autoStart = true;
|
||||
image = "ghcr.io/tecnativa/docker-socket-proxy:0.1.1";
|
||||
# Tags: 0.3, 0.3.0, 0
|
||||
image = "ghcr.io/tecnativa/docker-socket-proxy@sha256:9e4b9e7517a6b660f2cc903a19b257b1852d5b3344794e3ea334ff00ae677ac2";
|
||||
environment = {
|
||||
CONTAINERS = "1";
|
||||
SERVICES = "0";
|
||||
|
||||
@ -3,7 +3,8 @@
|
||||
in {
|
||||
virtualisation.oci-containers.containers.inpx-web = {
|
||||
autoStart = true;
|
||||
image = "docker.io/ataraxiadev/inpx-web:latest";
|
||||
# Tags: latest
|
||||
image = "docker.io/ataraxiadev/inpx-web@sha256:d906c3832e2894595fdbee6778d403f4f58769a334e0c94b27a26db93e1085b7";
|
||||
ports = [ "127.0.0.1:8072:12380/tcp" ];
|
||||
user = "1000:100";
|
||||
volumes = [
|
||||
|
||||
@ -1,7 +1,8 @@
|
||||
{ ... }: {
|
||||
virtualisation.oci-containers.containers.it-tools = {
|
||||
autoStart = true;
|
||||
image = "docker.io/corentinth/it-tools:2024.10.22-7ca5933";
|
||||
# Tags: 2024.10.22-7ca5933
|
||||
image = "docker.io/corentinth/it-tools@sha256:8b8128748339583ca951af03dfe02a9a4d7363f61a216226fc28030731a5a61f";
|
||||
ports = [ "127.0.0.1:8070:80/tcp" ];
|
||||
};
|
||||
}
|
||||
@ -34,7 +34,8 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.media-caddy = {
|
||||
autoStart = true;
|
||||
image = "ghcr.io/hotio/caddy:release-2.8.4";
|
||||
# Tags: release-4938bf1, release-2.9.1, release
|
||||
image = "ghcr.io/hotio/caddy@sha256:beabf74742cb6771e8f5bbd76d046bc06cb3fa59699ffb7712701a5cfa097cc1";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
|
||||
@ -11,7 +11,8 @@ in {
|
||||
TZ = "Europe/Moscow";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
image = "docker.io/linuxserver/jackett:0.22.932";
|
||||
# Tags: 0.22.1433, version-v0.22.1433, v0.22.1433-ls679
|
||||
image = "docker.io/linuxserver/jackett@sha256:26ac30423b9808e0716dcde7791841296beacd95e820cfbfc4d50666ea0d1fb8";
|
||||
volumes = [
|
||||
"${nas-path}/configs/jackett:/config"
|
||||
];
|
||||
|
||||
@ -11,7 +11,8 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.jellyfin = {
|
||||
autoStart = true;
|
||||
image = "docker.io/linuxserver/jellyfin:10.10.3ubu2404-ls45";
|
||||
# Tags: 10.10.5, version-10.10.5ubu2404, 10.10.5ubu2404-ls52
|
||||
image = "docker.io/linuxserver/jellyfin@sha256:7cdcd4b6b60765290af7a2740960ce30c1f5548313ae60f7e23f6995ed4d147e";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
|
||||
@ -4,18 +4,22 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.kavita = {
|
||||
autoStart = true;
|
||||
image = "docker.io/jvmilazz0/kavita:0.8.3";
|
||||
# Tags: 0.8.4, version-v0.8.4.2, v0.8.4.2-ls63
|
||||
image = "docker.io/linuxserver/kavita@sha256:03b68c3137f986dc8a9b126c9e0fd7f356e0e9c9e83ffa8fa6356cd028288c8a";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
TZ = "Europe/Moscow";
|
||||
DOTNET_SYSTEM_GLOBALIZATION_INVARIANT = "true";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
volumes = [
|
||||
"/etc/localtime:/etc/localtime:ro"
|
||||
"${nas-path}/configs/kavita:/kavita/config"
|
||||
"${nas-path}/media/manga:/manga/manga"
|
||||
"${nas-path}/media/books:/manga/books"
|
||||
"${nas-path}/media/comics:/manga/comics"
|
||||
"${nas-path}/configs/kavita:/config"
|
||||
"${nas-path}/media/books:/data/books"
|
||||
"${nas-path}/media/comics:/data/comics"
|
||||
"${nas-path}/media/fanfics:/data/fanfics"
|
||||
"${nas-path}/media/manga:/data/manga"
|
||||
"${nas-path}/media/novels:/data/novels"
|
||||
];
|
||||
};
|
||||
}
|
||||
@ -10,7 +10,8 @@ in {
|
||||
TZ = "Europe/Moscow";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
image = "docker.io/linuxserver/lidarr:version-2.7.1.4417";
|
||||
# Tags: 2.9.6, version-2.9.6.4552, 2.9.6.4552-ls30
|
||||
image = "docker.io/linuxserver/lidarr@sha256:c3aae1e32f7e2b76c6aa0e546a16f3feb570455882a5c9d51c8aec9e53328d66";
|
||||
volumes = [
|
||||
"${nas-path}/configs/lidarr/config:/config"
|
||||
"${nas-path}/configs/lidarr/custom-services.d:/custom-services.d"
|
||||
|
||||
@ -4,7 +4,8 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.medusa = {
|
||||
autoStart = true;
|
||||
image = "docker.io/linuxserver/medusa:v1.0.21-ls202";
|
||||
# Tags: 1.0.22, version-v1.0.22, v1.0.22-ls211
|
||||
image = "docker.io/linuxserver/medusa@sha256:397636cc7e421ee284d4fb8d9b07874ce41155b419b3e8419dce389fcdb465a7";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
|
||||
@ -7,7 +7,8 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.qbittorrent = {
|
||||
autoStart = true;
|
||||
image = "docker.io/linuxserver/qbittorrent:5.0.1-r0-ls363";
|
||||
# Tags: 5.0.3, version-5.0.3-r0, 5.0.3-r0-ls380
|
||||
image = "docker.io/linuxserver/qbittorrent@sha256:308d768672fb9e86e800a73504c439176aabe5977bcdf8b99f7561bb603d9b6e";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
|
||||
@ -11,7 +11,8 @@ in {
|
||||
TZ = "Europe/Moscow";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
image = "docker.io/linuxserver/radarr:version-5.14.0.9383";
|
||||
# Tags: 5.18.4, version-5.18.4.9674, 5.18.4.9674-ls259
|
||||
image = "docker.io/linuxserver/radarr@sha256:f4c9c64c42e84a3c03590afd9da2e420c69b5e936b4549778c5d4c00d907ba33";
|
||||
volumes = [
|
||||
"${nas-path}/configs/radarr:/config"
|
||||
"${nas-path}:/data"
|
||||
|
||||
@ -9,7 +9,8 @@ in {
|
||||
TZ = "Europe/Moscow";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
image = "ghcr.io/recyclarr/recyclarr:7.4.0";
|
||||
# Tags: 7.4.1, 7.4, 7
|
||||
image = "ghcr.io/recyclarr/recyclarr@sha256:759540877f95453eca8a26c1a93593e783a7a824c324fbd57523deffb67f48e1";
|
||||
volumes = [
|
||||
"${nas-path}/configs/recyclarr:/config"
|
||||
];
|
||||
|
||||
@ -11,7 +11,8 @@ in {
|
||||
TZ = "Europe/Moscow";
|
||||
};
|
||||
extraOptions = [ "--pod=media-stack" ];
|
||||
image = "docker.io/linuxserver/sonarr:version-4.0.10.2544";
|
||||
# Tags: 4.0.13, version-4.0.13.2932, 4.0.13.2932-ls271
|
||||
image = "docker.io/linuxserver/sonarr@sha256:28d9dcbc846aed74bd47dc90305e016183443ddc3dfa3e8bcac268fc653a6e5e";
|
||||
volumes = [
|
||||
"${nas-path}/configs/sonarr:/config"
|
||||
"${nas-path}:/data"
|
||||
|
||||
@ -4,7 +4,8 @@ let
|
||||
in {
|
||||
virtualisation.oci-containers.containers.openbooks = {
|
||||
autoStart = true;
|
||||
image = "docker.io/evanbuss/openbooks:4.5.0";
|
||||
# Tags: 4.5.0
|
||||
image = "ghcr.io/evan-buss/openbooks@sha256:5a1640d297d5bdcb6ebbb7e164141a8f25f0264c1ab0fc2a3115e834a94a35e0";
|
||||
cmd = [
|
||||
"--name" "AtaraxiaDev" "--persist" "--searchbot" "searchook" "--tls"
|
||||
];
|
||||
|
||||
@ -3,7 +3,8 @@
|
||||
in {
|
||||
virtualisation.oci-containers.containers.spdf = {
|
||||
autoStart = true;
|
||||
image = "docker.io/frooodle/s-pdf:0.26.1-fat";
|
||||
# Tags: latest-fat, 0.41.0-fat
|
||||
image = "docker.io/stirlingtools/stirling-pdf@sha256:e791d48580806f6dade7c9774b7137d40ebbf1f35b86c592877d32eae2cbf0ad";
|
||||
environment = {
|
||||
PUID = "1000";
|
||||
PGID = "100";
|
||||
|
||||
@ -16,7 +16,7 @@ with config.deviceSpecific; {
|
||||
dockerSocket.enable = !config.virtualisation.docker.enable;
|
||||
};
|
||||
containers.registries.search = [
|
||||
"docker.io" "gcr.io" "quay.io"
|
||||
"docker.io" "ghcr.io" "quay.io"
|
||||
];
|
||||
containers.storage.settings = {
|
||||
storage = {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user