adriangl/nix-dotfiles
1
2
Fork 0
mirror of https://github.com/adrlau/nix-dotfiles.git synced 2026-04-16 12:20:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: adriangl:2e1c26ef7a2da105ae9700e48d13ed4f71b044a9
Branches Tags
adriangl:main adriangl:2411 adriangl:sway-fixes
..
compare: adriangl:main
Branches Tags
adriangl:main adriangl:2411 adriangl:sway-fixes

22 Commits
2e1c26ef7a ... main

Author SHA1 Message Date
Adrian Gunnar Lauterer
34f84a18b3 needed new stuff 2025-09-28 22:54:21 +02:00
Adrian Gunnar Lauterer
ac36f0adf2 jupyter qbit 2025-09-28 22:54:21 +02:00
Adrian G L
e50397c2e3 add jupyter to routers 2025-09-24 11:56:16 +02:00
Adrian G L
4634d35eb2 moved miniflux 2025-09-24 09:34:30 +02:00
Adrian Gunnar Lauterer
c5d4cac1a0 update ollama models 2025-09-14 22:58:48 +02:00
Adrian Gunnar Lauterer
a172fe7ff7 owui update 2025-09-14 22:45:24 +02:00
Adrian G L
4c65e43fd1 just my builders 2025-09-10 14:03:40 +02:00
Adrian Gunnar Lauterer
f5d8296ff0 ollama 2025-09-10 13:39:02 +02:00
Adrian G L
07455cb132 elrond 2025-09-10 13:38:10 +02:00
Adrian G L
df5eee8d84 elrond ollama webui 2025-06-23 22:09:15 +02:00
Adrian G L
6614903852 cleanup README.md 2025-06-03 15:23:10 +02:00
Adrian G L
fdafcea4f7 Update README.md 2025-06-03 15:07:23 +02:00
Adrian Gunnar Lauterer
84734df417 small changes 2025-05-29 10:11:23 +02:00
Adrian Gunnar Lauterer (aider)
9627cd0786 feat: add floating window rule for onboard app-id in niri.nix configuration 2025-05-29 00:35:04 +02:00
Adrian Gunnar Lauterer (aider)
b6468bd29e feat: add on-screen keyboard button to waybar's left modules 2025-05-29 00:31:49 +02:00
Adrian Gunnar Lauterer
2a04bb07b0 style: increase tray spacing from 8 to 12 in waybar config 2025-05-29 00:31:48 +02:00
Adrian Gunnar Lauterer
4871559257 foot niri updates 2025-05-26 16:28:43 +02:00
Adrian Gunnar Lauterer (aider)
d8dbcce967 fix: use 0x prefix for colors in foot.nix to fix RGB format errors 2025-05-26 14:38:29 +02:00
Adrian Gunnar Lauterer (aider)
c5dbbfb933 fix: move trayAllOutputs to JSON config and add tray-position for Waybar tray 2025-05-26 11:07:20 +02:00
Adrian Gunnar Lauterer (aider)
771ea038ec fix: escape newline in power-profiles-daemon tooltip and remove unused format-alt-click 2025-05-26 11:05:59 +02:00
Adrian Gunnar Lauterer (aider)
c1a21e9a4d feat: set waybar package to waybarFull and enable tray on all outputs 2025-05-26 10:57:24 +02:00
Adrian Gunnar Lauterer
b1e26c04b7 style: increase opacity and add hover effect for niri-workspaces in waybar styles 2025-05-26 10:56:04 +02:00
21 changed files with 629 additions and 277 deletions
Expand all files Collapse all files

83
README.md
View File

@@ -1,20 +1,87 @@
# nix-dotfiles
My nix dotfiles. Will not guarrante it to work as it is always a work in progress.
# NixOS Configuration Repository
**Work-in-progress setup**
## Repository Structure
This repository contains my NixOS configuration files organized into several directories:
* `home/`: Home manager
* `machines/`: Machine-specific configurations
* `packages/`: Custom package definitions and configs.
* `profiles/`: System profiles (desktop, development, etc.)
* `services/`: Service configurations (nginx, mysql, etc.)
* `secrets/`: Encrypted secrets
## Quick Start
### Build Configuration
```bash
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.galadriel.config.system.build.toplevel"
```
nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://github.com/adrlau/nix-dotfiles.git --upgrade
### Rebuild and Switch
The primary rebuild command is:
```bash
sudo nixos-rebuild switch --flake .# --no-write-lock-file -L --impure
```
This command:
* Uses the current flake
* Disables lock file writing
* Enables debug logging (-L)
* Allows impure derivations
#### Alternative Rebuild Methods
1. **Remote Flake**:
```bash
sudo nixos-rebuild switch \
--update-input nixpkgs \
--update-input unstable \
--no-write-lock-file \
--refresh \
--flake git+https://github.com/adrlau/nix-dotfiles.git \
--upgrade
```
2. **Standard Local Rebuild**:
```bash
sudo nixos-rebuild switch --flake .#
```
## Dependency Inspection
Check package relationships using:
```bash
nix why-depends /run/current-system /nix/store/...
nix why-depends .#nixosConfigurations.galadriel nixpkgs#python312Packages.botorch
nix why-depends .#nixosConfigurations.eowyn.config.system.build.toplevel pkgs.python3.12-libarcus-4.12.0 --impure
```
show flake attrs
```nix flake show .#```
## Troubleshooting
### Fix Broken Store
After aborted rebuilds:
```bash
nix-store --query --referrers-closure \
$(find /nix/store -maxdepth 1 -type f -name '*.drv' -size 0) |
xargs sudo nix-store --delete --ignore-liveness
sudo nix store gc
sudo nix store verify --repair --all
```
why depends:
```nix why-depends /run/current-system /nix/store/...```
```nix why-depends .#```
```nix why-depends .#nixosConfigurations.galadriel nixpkgs#python312Packages.botorch```
```nix why-depends .\#nixosConfigurations.eowyn.config.system.build.toplevel pkgs.python3.12-libarcus-4.12.0 --impure```
### Viewing Logs
Check home-manager logs:
```bash
journalctl -eu home-manager-gunalx
```
## Maintenance
Clean old generations:
```bash
sudo nix-collect-garbage --delete-older-than 4d
```
## Notes
* This configuration is constantly evolving
* Refer to specific machine configurations in `machines/` for details
* Service configurations are located in `services/`
* Custom packages are defined in `packages/`

9
flake.nix
View File

@@ -49,9 +49,8 @@
, unstable
, ... }@inputs:
let
overlay-unstable = final: prev: {
unstable = unstable.legacyPackages.${prev.system};
};
overlay-unstable = final: prev: { unstable = inputs.unstable.legacyPackages.${prev.system}; };
overlays = [ overlay-unstable ];
in
{
nixosConfigurations = {
@@ -152,8 +151,8 @@
./machines/elrond/configuration.nix
({ config, pkgs, ... }: { nixpkgs.overlays = [ overlay-unstable ]; })
sops-nix.nixosModules.sops
inputs.ozai.nixosModules.ozai
inputs.ozai-webui.nixosModules.ozai-webui
#inputs.ozai.nixosModules.ozai
#inputs.ozai-webui.nixosModules.ozai-webui
];
};
};

3
home/gunalx/base.nix
View File

@@ -7,6 +7,7 @@
];
programs.nix-index = {
enableBashIntegration = true;
enable = true;
};
@@ -14,7 +15,7 @@
programs.bash = {
enable = true;
shellAliases = {
"rebuild" = "sudo nixos-rebuild switch -no-write-lock-file --flake git+https://github.com/adrlau/nix-dotfiles.git -L --impure";
"rebuild" = "sudo nixos-rebuild switch --no-write-lock-file --flake git+https://github.com/adrlau/nix-dotfiles.git -L --impure";
"nixedit" = "sudo vim /etc/nixos/nix-dotfiles/.";
"nixdir" = "cd /etc/nixos/nix-dotfiles";

44
home/gunalx/foot.nix
View File

@@ -9,7 +9,7 @@
main = {
term = "xterm-256color";
font = "0xproto:size=12";
font = "0xproto:size=14";
#dpi-aware = "yes";
};
mouse = {
@@ -19,30 +19,28 @@
colors = {
alpha = "0.7";
#set based on https://github.com/tinted-theming/base16-foot/blob/main/colors/base16-apathy.ini and https://github.com/tinted-theming/base16-schemes/blob/main/apathy.yaml
foreground = "${config.colorScheme.palette.base05}";
background = "${config.colorScheme.palette.base00}";
foreground = "#${config.colorScheme.palette.base05}";
background = "#${config.colorScheme.palette.base00}";
regular0 = "#${config.colorScheme.palette.base00}";
regular1 = "#${config.colorScheme.palette.base08}";
regular2 = "#${config.colorScheme.palette.base0B}";
regular3 = "#${config.colorScheme.palette.base0A}";
regular4 = "#${config.colorScheme.palette.base0D}";
regular5 = "#${config.colorScheme.palette.base0E}";
regular6 = "#${config.colorScheme.palette.base0C}";
regular7 = "#${config.colorScheme.palette.base05}";
regular0 = "${config.colorScheme.palette.base00}";
regular1 = "${config.colorScheme.palette.base08}";
regular2 = "${config.colorScheme.palette.base0B}";
regular3 = "${config.colorScheme.palette.base0A}";
regular4 = "${config.colorScheme.palette.base0D}";
regular5 = "${config.colorScheme.palette.base0E}";
regular6 = "${config.colorScheme.palette.base0C}";
regular7 = "${config.colorScheme.palette.base05}";
bright0 = "#${config.colorScheme.palette.base03}";
bright1 = "#${config.colorScheme.palette.base08}";
bright2 = "#${config.colorScheme.palette.base0B}";
bright3 = "#${config.colorScheme.palette.base0A}";
bright4 = "#${config.colorScheme.palette.base0D}";
bright5 = "#${config.colorScheme.palette.base0E}";
bright6 = "#${config.colorScheme.palette.base0C}";
bright7 = "#${config.colorScheme.palette.base07}";
selection-foreground = "#${config.colorScheme.palette.base00}";
selection-background = "#${config.colorScheme.palette.base0A}";
bright0 = "${config.colorScheme.palette.base03}";
bright1 = "${config.colorScheme.palette.base08}";
bright2 = "${config.colorScheme.palette.base0B}";
bright3 = "${config.colorScheme.palette.base0A}";
bright4 = "${config.colorScheme.palette.base0D}";
bright5 = "${config.colorScheme.palette.base0E}";
bright6 = "${config.colorScheme.palette.base0C}";
bright7 = "${config.colorScheme.palette.base07}";
selection-foreground = "${config.colorScheme.palette.base00}";
selection-background = "${config.colorScheme.palette.base0A}";
};

134
home/gunalx/niri.nix
View File

@@ -63,8 +63,8 @@ let
switch-events {
lid-close { spawn "swaylock"; }
//lid-open { spawn "notify-send" "The laptop lid is open!"; }
tablet-mode-on { spawn "bash" "-c" "gsettings set org.gnome.desktop.a11y.applications screen-keyboard-enabled true"; }
tablet-mode-off { spawn "bash" "-c" "gsettings set org.gnome.desktop.a11y.applications screen-keyboard-enabled false"; }
tablet-mode-on { spawn "bash" "-c" "wvkbd-mobintl"; }
tablet-mode-off { spawn "bash" "-c" "pkill wvkbd-mobintl"; }
}
@@ -214,6 +214,11 @@ layout {
}
}
overview {
zoom 0.5
backdrop-color "#${palette.base00}"
}
// Add lines like this to spawn processes at startup.
// Note that running niri as a session supports xdg-desktop-autostart,
// which may be more convenient to use.
@@ -247,63 +252,67 @@ animations {
// Slow down all animations by this factor. Values below 1 speed them up instead.
// slowdown 0.3
}
layer-rule {
match namespace="^notifications$"
block-out-from "screencast"
}
// Window rules let you adjust behavior for individual windows.
// Find more information on the wiki:
// https://github.com/YaLTeR/niri/wiki/Configuration:-Window-Rules
// Work around WezTerm's initial configure bug
// by setting an empty default-column-width.
window-rule {
// This regular expression is intentionally made as specific as possible,
// since this is the default config, and we want no false positives.
// You can get away with just app-id="wezterm" if you want.
match app-id=r#"^org\.wezfurlong\.wezterm$"#
default-column-width {}
}
// Floating Bitwarden extension popup windows only
window-rule {
match app-id=r#"^firefox$"# title=r#"^Extension: \(Bitwarden Password Manager\) - Bitwarden Mozilla Firefox$"#
open-floating true
}
// Floating the native Bitwarden desktop app
window-rule {
match title=r#"^Extension: \(Bitwarden Password Manager\) - Bitwarden Mozilla Firefox$"#
match title="^Extension: (Bitwarden Password Manager) - Bitwarden Mozilla Firefox$"
match app-id=r#"(?i)^bitwarden$"#
open-floating true
default-column-width { proportion 0.3;}
default-floating-position x=0 y=0 relative-to="top-left"
opacity 0.9
block-out-from "screen-capture"
}
// dropdown terminal
window-rule {
match title="^dropdown$"
open-focused true
open-floating true
default-floating-position x=0 y=0 relative-to="top"
default-window-height { proportion 0.5; }
// 80% of the screen wide.
default-column-width { proportion 0.8; }
// block-out-from "screencast"
block-out-from "screen-capture"
}
//fix steam notifications to bottom rigth
window-rule {
match app-id="steam" title=r#"^notificationtoasts_\d+_desktop$"#
default-floating-position x=10 y=10 relative-to="bottom-right"
}
// Example: block out two password managers from screen capture.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
match app-id=r#"^org\.keepassxc\.KeePassXC$"#
match app-id=r#"^org\.gnome\.World\.Secrets$"#
match title=r#"^Bitwarden$"#
//block-out-from "screencast"
block-out-from "screen-capture"
// Use this instead if you want them visible on third-party screenshot tools.
// block-out-from "screencast"
}
// Example: enable rounded corners for all windows.
// (This example rule is commented out with a "/-" in front.)
/-window-rule {
window-rule {
geometry-corner-radius 12
clip-to-geometry true
}
window-rule {
geometry-corner-radius 12
clip-to-geometry true
match app-id="onboard"
match app-id="Onboard"
open-floating true
default-window-height { proportion 0.2; }
default-column-width { proportion 0.8; }
block-out-from "screen-capture"
}
binds {
@@ -324,9 +333,10 @@ binds {
// Suggested binds for running programs: terminal, app launcher, screen locker.
Mod+Return { spawn "footclient"; }
Mod+T { spawn "sh" "-c" "if pgrep -f '^foot -T dropdown$' >/dev/null; then pkill -f '^foot -T dropdown$'; else exec foot -T dropdown; fi"; }
Mod+D { spawn "fuzzel"; }
Super+M { spawn "swaylock"; }
Mod+M { spawn "swaylock" "--grace" "0"; }
Mod+O { toggle-window-rule-opacity; }
// You can also use a shell. Do this if you need pipes, multiple commands, etc.
// Note: the entire command goes as a single argument in the end.
@@ -341,14 +351,14 @@ binds {
Mod+Shift+Q { close-window; }
Mod+Left { focus-column-left; }
Mod+Down { focus-window-down; }
Mod+Up { focus-window-up; }
Mod+Right { focus-column-right; }
Mod+H { focus-column-left; }
Mod+J { focus-window-down; }
Mod+K { focus-window-up; }
Mod+L { focus-column-right; }
Mod+Left { focus-column-or-monitor-left; }
Mod+Down { focus-window-or-monitor-down; }
Mod+Up { focus-window-or-monitor-up; }
Mod+Right { focus-column-or-monitor-right; }
Mod+H { focus-column-or-monitor-left; }
Mod+J { focus-window-or-monitor-down; }
Mod+K { focus-window-or-monitor-up; }
Mod+L { focus-column-or-monitor-right; }
Alt+Tab { focus-window-previous; }
@@ -408,9 +418,6 @@ binds {
Mod+Ctrl+U { move-column-to-workspace-down; }
Mod+Ctrl+I { move-column-to-workspace-up; }
// Alternatively, there are commands to move just a single window:
// Mod+Ctrl+Page_Down { move-window-to-workspace-down; }
// ...
Mod+Shift+Page_Down { move-workspace-down; }
Mod+Shift+Page_Up { move-workspace-up; }
@@ -423,22 +430,23 @@ binds {
// To avoid scrolling through workspaces really fast, you can use
// the cooldown-ms property. The bind will be rate-limited to this value.
// You can set a cooldown on any bind, but it's most useful for the wheel.
Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+Shift+WheelScrollDown cooldown-ms=150 { focus-workspace-down; }
Mod+Shift+WheelScrollUp cooldown-ms=150 { focus-workspace-up; }
Mod+Shift+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; }
Mod+Ctrl+Shift+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; }
Mod+WheelScrollRight { focus-column-right; }
Mod+WheelScrollLeft { focus-column-left; }
Mod+Ctrl+WheelScrollRight { move-column-right; }
Mod+Ctrl+WheelScrollLeft { move-column-left; }
Mod+WheelScrollRight cooldown-ms=150 { focus-column-right; }
Mod+WheelScrollLeft cooldown-ms=150 { focus-column-left; }
Mod+Ctrl+WheelScrollRight cooldown-ms=150 { move-column-right; }
Mod+Ctrl+WheelScrollLeft cooldown-ms=150 { move-column-left; }
// Usually scrolling up and down with Shift in applications results in
// horizontal scrolling; these binds replicate that.
Mod+Shift+WheelScrollDown { focus-column-right; }
Mod+Shift+WheelScrollUp { focus-column-left; }
Mod+Ctrl+Shift+WheelScrollDown { move-column-right; }
Mod+Ctrl+Shift+WheelScrollUp { move-column-left; }
// horizontal scrolling; these binds replicate that.
// But i found it impractical. workspaces i can graphically cahnge. and probably more rarly, so i swapped it
Mod+WheelScrollDown cooldown-ms=150 { focus-column-right; }
Mod+WheelScrollUp cooldown-ms=150 { focus-column-left; }
Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-right; }
Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-left; }
// Similarly, you can bind touchpad scroll "ticks".
// Touchpad scrolling is continuous, so for these binds it is split into
@@ -516,10 +524,12 @@ binds {
// set-column-width "100" will make the column occupy 200 physical screen pixels.
Mod+Minus { set-column-width "-10%"; }
Mod+Equal { set-column-width "+10%"; }
Mod+0 { set-column-width "+10%"; }
// Finer height adjustments when in column with other windows.
Mod+Shift+Minus { set-window-height "-10%"; }
Mod+Shift+Equal { set-window-height "+10%"; }
Mod+Shift+0 { set-window-height "+10%"; }
// Move the focused window between the floating and the tiling layout.
Mod+V { toggle-window-floating; }
@@ -593,6 +603,8 @@ in
#term
foot
alacritty
wdisplays
swww
@@ -618,6 +630,8 @@ in
emote
wvkbd
xdg-desktop-portal-gtk

29
home/gunalx/waybar.nix
View File

@@ -11,16 +11,27 @@ let
in "rgba(${rgb},${alpha})";
in
{
home.packages = with pkgs; [
fuzzel
wvkbd
];
programs.waybar = {
enable = true;
package = pkgs.waybar;
# Single-bar JSON config
settings = [
(builtins.fromJSON ''
{
"layer": "top",
"height": 36,
"spacing": 2,
"modules-left": ["custom/overview", "custom/launcher", "sway/workspaces", "niri/workspaces"],
"tray-position": "right",
"tray-all-outputs": true,
"modules-left": ["custom/overview", "custom/launcher", "custom/keyboard", "sway/workspaces", "niri/workspaces"],
"modules-center": ["niri/window"],
"modules-right": [
"idle_inhibitor", "backlight", "pulseaudio", "keyboard-state",
@@ -60,6 +71,11 @@ in
"tooltip": "Toggle Overview",
"on-click": "niri msg action toggle-overview"
},
"custom/keyboard": {
"format": "",
"tooltip": "On-Screen Keyboard",
"on-click": "pkill wvkbd-mobintl || wvkbd-mobintl"
},
"niri/window": {
@@ -95,7 +111,6 @@ in
"format-ethernet": " {ipaddr}",
"format-disconnected": " Disconnected",
"format-alt": " {ipaddr}/{cidr}",
"format-alt-click": "click",
"tooltip": true,
"tooltip-format-wifi": "<span color='#${palette.base0C}'></span> <span color='#${palette.base05}'>WiFi</span>\n<span color='#${palette.base0A}'>SSID:</span> <span color='#${palette.base06}'>{essid}</span>\n<span color='#${palette.base0A}'>Interface:</span> <span color='#${palette.base04}'>{ifname}</span>\n<span color='#${palette.base0A}'>IP:</span> <span color='#${palette.base06}'>{ipaddr}</span>\n<span color='#${palette.base0A}'>IPv6:</span> <span color='#${palette.base04}'>{ipaddr6}</span>\n<span color='#${palette.base0A}'>Gateway:</span> <span color='#${palette.base04}'>{gwaddr}</span>\n<span color='#${palette.base0A}'>Frequency:</span> <span color='#${palette.base04}'>{frequency} MHz</span>\n<span color='#${palette.base0A}'>Signal:</span> <span color='#${palette.base0B}'>{signalStrength}%</span> <span color='#${palette.base04}'>({signaldBm} dBm)</span>",
@@ -126,7 +141,7 @@ in
"power-profiles-daemon": {
"format": "{icon}",
"tooltip-format": "Power profile: {profile}nDriver: {driver}",
"tooltip-format": "Power profile: {profile}\\nDriver: {driver}",
"tooltip": true,
"format-icons": {
"default": "",
@@ -162,7 +177,7 @@ in
},
"tray": {
"spacing": 8
"spacing": 12
},
"custom/power": {
@@ -194,18 +209,18 @@ in
#idle_inhibitor,#backlight,#pulseaudio,#keyboard-state,
#network,#cpu,#memory,#temperature,#battery,
#power-profiles-daemon,#clock,#tray,#custom-power,#custom-launcher,#custom-overview,#niri-window {
background-color: ${toRGBA palette.base01 "0.7"};
background-color: ${toRGBA palette.base01 "0.9"};
border-radius: 8px;
margin: 0 6px;
padding: 0 10px;
border: 1px solid ${toRGBA palette.base03 "0.6"};
border: 1px solid ${toRGBA palette.base03 "0.9"};
}
/* Hover effect */
#idle_inhibitor:hover,#backlight:hover,#pulseaudio:hover,
#keyboard-state:hover,#network:hover,#cpu:hover,#memory:hover,
#temperature:hover,#battery:hover,#power-profiles-daemon:hover,
#clock:hover,#tray:hover,#custom-power:hover,#custom-launcher:hover,#custom-overview:hover,#niri-window:hover {
#clock:hover,#tray:hover,#custom-power:hover,#custom-launcher:hover,#custom-overview:hover,#niri-window:hover,#niri-workspaces:hover {
background-color: ${toRGBA palette.base02 "0.7"};
}

1
machines/elrond/configuration.nix
View File

@@ -10,6 +10,7 @@
../../profiles/webhost.nix
../../profiles/base.nix
#../../services/ozai.nix
#../../services/ollamaWebui.nix
./routes.nix
];

26
machines/elrond/routes.nix
View File

@@ -81,14 +81,22 @@
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
virtualHosts."jupyter.lauterer.it" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.84.215.84:8771";
};
#basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
virtualHosts."rss.lauterer.it" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.84.215.84:8081";
proxyPass = "http://100.84.215.84:8089";
};
#basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
@@ -105,6 +113,20 @@
};
virtualHosts."chat.lauterer.it" = {
forceSSL = true;
useACMEHost = config.networking.domain;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://100.84.215.84:11111";
};
#basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
#virtualHosts."azul.256.no" = {
# forceSSL = true;
# useACMEHost = config.networking.domain;

3
machines/galadriel/configuration.nix
View File

@@ -20,11 +20,14 @@
#../../services/smb.nix
#../../services/wordpress.nix # lets not
../../services/bitwarden.nix
../../services/torrent.nix
../../services/jupyterhub.nix
#../../services/ozai.nix
#../../services/stableDiffusion.nix
../../services/rss.nix
../../services/shiori.nix
../../services/mealie.nix
];
# Bootloader.

6
packages/vim.nix
View File

@@ -20,9 +20,9 @@
'';
packages.myplugins = with pkgs.vimPlugins; {
start = [
vim-nix
vim-lastplace
vim-yaml
vim-nix
#vim-lastplace
#vim-yaml
#coc-rust-analyzer
#neovim-fuzzy
#LanguageClient-neovim

39
profiles/base.nix
View File

@@ -19,16 +19,15 @@ imports =
wget
rsync
ripgrep
neofetch
htop
#neofetch
#htop
bottom
killall
foot.terminfo
tailscale
sops
atuin
upower
nvtopPackages.full
#upower
];
#just allow unfree, im fine with it.
@@ -39,6 +38,8 @@ imports =
memoryPercent = 25;
};
#boot.plymouth.enable = true;
# Set your time zone.
time.timeZone = "Europe/Oslo";
@@ -169,25 +170,7 @@ imports =
};
buildMachines = [
{ hostName = "bolle.pbsds.net";
system = "x86_64-linux";
maxJobs = 6;
speedFactor = 12857;
}
{ hostName = "garp.pbsds.net";
system = "x86_64-linux";
maxJobs = 4;
# i7-6700
speedFactor = 8088;
}
{ hostName = "localhost";
system = "x86_64-linux";
maxJobs = 4;
#speedFactor = 8066;
speedFactor = 8000;
supportedFeatures = [ ];
mandatoryFeatures = [ ];
}
{ hostName = "aragon";
system = "x86_64-linux";
# if the builder supports building for multiple architectures,
@@ -207,7 +190,15 @@ imports =
supportedFeatures = [ "cuda" ];
mandatoryFeatures = [ ];
}
# {
{ hostName = "localhost";
system = "x86_64-linux";
maxJobs = 4;
#speedFactor = 8066;
speedFactor = 2000;
supportedFeatures = [ ];
mandatoryFeatures = [ ];
}
# {
# hostName = "isvegg.pvv.ntnu.no";
# system = "x86_64-linux";
# maxJobs = 4;

4
profiles/desktop.nix
View File

@@ -22,10 +22,10 @@ imports =
#libsForQt5.qt5ct
#qt6Packages.qt6ct
where-is-my-sddm-theme
where-is-my-sddm-theme
swww
nvtopPackages.full
];
fonts.packages = with pkgs; [

13
secrets/secrets.yaml
View File

@@ -10,6 +10,8 @@ qbittorrent:
interfaceAddress: ENC[AES256_GCM,data:GsDv+UB07bQGh/DISw==,iv:Hn1zGJweLj5jy8sk4aN9rob/6kfzo7iLXPgaLBIMSVs=,tag:fbKSrAIOqTsnCCI1DBUZkA==,type:str]
miniflux:
adminCredentialsFile: ENC[AES256_GCM,data:FPcdTiJqbI6MloU9JqAYPABoD/odegXks+JyEeCri8hOV0dPMd0TNDV8fN1bbIiJ4llzaclZbjl0HKM=,iv:5fd3O008aP34+7lGlG8vBPAIdmEjFPoneH+rJ6d9TI0=,tag:HKOHjGLiAIDBR54HJv9teA==,type:str]
vaultwarden:
environmentFile: ENC[AES256_GCM,data:5AvlU42RmYip4TKTtbvTq/eiLrYbNNYbUddq4z5B6N6XKa2KKolVXeNiVC2v/GSq2iRYXBUOOgTHXwoBSA40mh4ui3Yy3BKuiMEITmEbSxFDW+6KGbMNrPm5Xu5SEnjRMKiKUkL78QT7YVe72pcwVWIasZumzrHw1i39aCe2hDD1/2HraG4Y7e3ZD0TH0kyIdnj2kOmS46BuZQg+3KHi8Fg5ar4zVh6WTW4T//cfkb+Y2611TbXmo+w5j7Gt+ARKmsLFzer73Ut7+xNyqEbEgL06gsI3jj0/QzGV7nrZUste0VVqB5kM7iG6OugH8zoJRnhM0LvaU12vYXcQ7DxPEKBzuQIhhpaLu7PJgVYuDueyDYpRiYnV568BAlGLpTrfJCFT4YsGGetK2ktOsu9M2QjoDD2GfrS8j/RZfZawFY5q7qzg8gKXxeZ4pGUnX/k2+TBLMuYTdu+aF4aML7TcQZw7Ai/aneH6JNrfzFaFhKYAzx1pcF500QdZUXp6XdOOhDNXLkcYzM1Ovz6gg9QRKWQ0SsTYIlprdWOaWoGcHtYdo83oTFGz/uCga9NAcIjVJRQI989Oak6rAxtW98En+/wlIoEOW4Q/irRdBQ6gYeyC9LBOXDzKfwDtvG7LEsDj63CITv8hUbYvPEUG2wy5WAmfaC6vrtRg52G/GHxfjMlY23clRXKQB9AYw5ywrUTrMzqHGqYevQR97yhzx7qi0DUlhj3bBh0RsnxbbIA2vqyhg+l6Rp3oYb8NRqm9hHjyDfBvdomU5s7mrxxz4H/mjOURF7+iUuK7N4oDQM/pF+Dh+3hE/0WzgdY0pK/hWKbol8EbfLGuy8QCCrcXwTkwYfgnwNQEnEx+MvA67il4aKhI/eDPXU9d2Lt7lFEteTkPXQYgcIM7KV7y3hwSUIudUc5I84uHa058FMg1HnRcFxpBhN9twCAOmI3Ec+qEz0vJIEmda+ZPrAG0drOJix/VmtyD5LG7G6hAQ8vFGz4/9oz/xmkzdh6vU7R/D7onUAzPy8t6uP2LDP4lT7uETJYMbbU4XGk0dHE4WICmGzcodxFN92A1gshl74DikLIgH+hTbWyRbKB9v5/p676IXWfEqfH3ymOaQkEUC+Y6bqXWSpbprG6VQPbtdiNuKYLgNqY8w8sVvjqNrsVVtBCyzm35PMc0xomUBtH/s37dmXPwiNKxr91BVGnsr5ASb4vL5UpnGhk7QedO4JOsqj20Oj0OMFZcGQ+roTBr9hUI6FwB9pGiRmot28LvqjMxYZDYSRcGI551FoAYycZKj7jGHs47BXNxaVlSzVipWGryYyvLzMXLBXqlft4azIIZ6UUT3MSAauRt13BXuyLEIDSgA08YNP0B9dIJ0cHXXachLNn/Jl4Y4po0Ua4CnnqmXBS2CCDCJY4032+jYYl8GzmcjQ43cT8cWFuZzSjCHOymFCvt4ZrVvXE9btNASveLekv17KGRCw7jiC0oIoNIh5C1ImZCxn6KgJaRFSUeS4bplGoZEMQ5Q0RjJeZW7LXRPdWdQ8uYo7bWQnJLn5fVXhIFXkC1xcpP/gtWy2NvdFx1W8fg/eIsIHjZY50YiybmbGHBpBm58Du7qLUB0eu+dE1sGCKFNaSdVUYK42Q3TjuF40moZWBBxAkrdAoFUiS363i1e+cW7mD/fbPJ+m3BYC/fo9OZfVxDsRMrs8T+OXP/LnrxdgGTnbim/hmyTIuPGzX+xrjDo2yCFQRwdZ/QGaiMN93CJeHMMtO7FCT5+RlOmMFLzk09Z/OTEqM2vHlURHZclBA99zt7TZ5S1ep3zv/nHy0DvXzNJL956KKP2T0SD1/EhToulER+P+dryeO8eX1nCVJO/pitv6nzNOvoE9CaGTkwn0c0flJi8EeKm9dbuIOVVYPnNStUu6YuAiHrBNVQeYawuK9T7nqe4MgWPf3qAM25uGLODZv8gZessJao65H9j8uOogN678iGPTnLKQZ2+5JgqpemmD3MLpBKAFgVJrGrMWtk670Hl4N11PIHT2hVUFc=,iv:jSlHx+PODfAcsYTZOju5z8mawPXAV+TKvj89nrdCYkE=,tag:j+4gdsBV4COe/FduaejI2A==,type:str]
openvpn:
galadriel:
config: ENC[AES256_GCM,data:f9uDYNLHP63oee5lGMPsmZ76f80n51eYxd3hvF5ZhPGtCspBEOMLHRonTSEril1wKCT3i1DWR967lWTdjJs6KOpoX5JqKz2Qj9tkpXS5jnHZAf0JQg1l7jmf9/a2OKJparVCFJyNPTN5mzl3gGOyDGe0TIT+ZtP8/PCWsQNjB89Crd/kHSSAmIUb2fcNXEkxs6XwgsBAlhbR69e+06NYaRyX5ydVV/kDekx+ixpx2bIqMQqIdEk358RLCauP3wAh1FoqTTJ2eqLcDhuPySFol9cLCInWnColNdyb/0+czrEa4DiLrbFVXx7bUVwjd9rb+eoajC1e09d41aJkVHG1LxlSRjq1sBlI3v3E1vaUBJWegZBROEpqEOCKfHSagkmaanaBv/KMq1MFmXJ1MzyskDJb9MdNFKRQBjQLwBXnURts/Yj9ChrT51z+/bwItxt8XmlwIEgL65F/8h1+bUJGOi27ZAvfkixflff0ELYSPvQI+N1vFlF9QP6AmIFxF2SdmOSlYzTYIz0+LMejLltCEUdU2qdlZ0a9DuYlsxvnZ75JgWXviw==,iv:C2Zb1DLTMlsEqQ5/UUrpT9k5Z51YYGu3SUcu1F20ydc=,tag:wGkQ7LWgCfy0K3zM38JxHQ==,type:str]
@@ -18,10 +20,6 @@ openvpn:
userkey: ENC[AES256_GCM,data:qaJIx3uJPnRf/ZN3PUj8CdbIDZYwfDHG4APWlQTUBHtJqYZbP+sLVFmpvgCD+yFgomghLeeDCt+Hm7ti+XYjLRciDPZQb/CAlsdgQW7JbsGA2Sdfj5wwn+vF0F0BLO0hORcB4VW2cY62yuf3koS6IbgXeHRVmLe4hmTftZ2ILZm/nPdjsG2sktLklORG26h/zaLX8fe/+2E9kFu8swyFxI3b+2xDkbm8/jsYSN08sL6L/kCaRlmITISMzVOodrms2FYv7oYnKsyq8ABBnpYECRJheukWNIzcFiJ6+QQwqJUCiJvdJ2Hu60LHgSP20plm5SJ631KBEK8NelwRUhpWe0WBiTfilcmwGJUhADtOIaDIO5r6Ou/OfZupPUEQtg0XhElwWiwqnnnMA//POUxMRQ7mxbhZU9XA2BAHv+RH2SUq7IEgTYkOps4zEWk48yyCI7338hB6DOZs2lR/yWkfR/JtDF3HM8RqLVDB3b9BypkWwfXh/M1RlK4XHid0gv575rQXe507mCAb4KJ82RJSbQ213974e8jXRdMtERM4ZujcP0hfeqxj5vrKLRqVgyLDH3Lz7c9eYhUVS/JN2HC3t/BPdN5J9LJud4r1VLYR01Ru5U+IDqOi71T5jiASndrc+QQa1mulEGLIWj/2c8oe2S0p2EU+P6V5RSrqLRuYGpvCcMOs7ydzKBd3oHBMY/VDhpbKlZEw/Kofbs+Easuz5zBlLlPxc0O+AttNlfsSgxuTD5/NiUKT9+TsToSrBZQiBDKvgDpQjZsq2Clw7ZAvFNrPNTiu0sU7YCe4xO9gQ7RIcXzI6S1B1eoHAbnfv7lKE0VvxRCsfngK8Kp/NccXIsNfDCZ/1x7/WHmq9wr5XmWqY41rf1LFeouQFwydjI5iPp4jHwUzPkiGBkkaOdkb8Ovjjy4urMekTiyO5JKJUJCmtZiSj2DHCOBWm6nRQOFCenLHD6ls2NeUpqqsA2wna5DVn0EPvpaPIkmrdIqHh8d85+N9C8UbYDwAnEFvqcAIlFDWj/tUWVUyfWLRl0JSc1wQFzXavJUaLhhLfP0Gh3n5/ayALGLrLwAeUWQz+tLu7oTs27PaEbQknyPvBczG4I/usAzpdlzr4VfdKWfvdjWST1c5ZCPl4qS8T9+/5jOE1+g/y3kcZED9qjFXdnVpoSJfLx+3cY59inv2LMAnavY++zEV1SWIwKFgAgJoYR4hCKANySWY8kBxCDcRjdBno2rAM3xLfU6I1sLb0lm+6LBswOEqHTb9E20u8RXum9JUI/6iauhJHmfoyMLVvhD5XQyolbQ5n/r1qq5LOjsKWGMvo/AeosBwcAY3u67xyvNnNgrd29SBwOYyGYNKG0jyhg7HDfHFIpSDzfAI4IOyhs44cPGFoN759+Y0BNLjW1mqDiWpErvSaNc4zH2cr2fSCaGpEBbf6q3hMh4tRQJayxVSEeD2emO69UNBd4jCkHo4vaK6D9aSBEcpWR2SQM0c968zDcdmOTajsLzPYoIyaOgWFAIs+9A6f8eyqlhDfWIxp6e1fVY8sCFotZaDXRqb9/umCy0IqNQChuKYcB5oB/hvwwMMuTE+4Q4Dd7RXfW8ZMAZz3Z1bqimVhFeVXDkyT+8DXMf2166bLxxwxpxSCPd3XmmOSUiNKysTHykh5MKaPjEyTl7xgvbhqZ16k0pvkh+z5Op1NcU2tm6W+/FL1JV83KnsjC1jAdwMEeFn+0MAFXTBARAG+qAb3pGowYz/wNSsvf93a3JTANA609opK/7MK84h5n7M6TulRBw5Phnw0HUdio5SJ7DBRPr4kYGgVTMwWzxfOY3lDF/fnsqTOjGWxUoLrRXrZ8aaAHWaUYFzx52SW3J3rczRBWTC0jUUEVs7cslfR7N7VGvEXV9p9TuJOsfAyvFyseRIh66Uwi9Pwq+QBOadUttcT+iBgz72BEPwuIAcKre+ShoxE9cHGrtpvlgi7eDSlI1bZ7km+8j0TWryzKLK8P9N4MhspwRO/zGXiErAOoBe4MaBvMvjGCgCRFgnLypoDoeHeoLO1WvgskKUhHXIZV/02nBhhnxPUmJjzsqp722aDztxWKU1VX6lHooRFgpMRzOymD7XVxfZNyDrxuf0VJluIzZlFCzGpswgGnxocs0hFgTMePzhoMx2XnU9d6NM3hl1fOCCwV7Be8KjahNRc5qGChPS4kLzEyvsWHD7EiKK2gCYS0ysiPTNxKrcC9JFXqR7iX1QSQ8W5Sy5IBWYZWuBNj0STJ4J9VXImEaOnWnkNLcncwQh1Ty8OTDX15jeC7/ltfQ6KVjPj3iPs8cEADnOW7ez91vtXOg4dFhjuLAylipQYFIaUpjJOwNQuEcp121LKR1YXHeLRI4y2Cvw9ZL9HXZbB8yQR5/NNba2PScDjfg05ZhFb4yFfcrT+OOrvO6ej1mX4qPzK4X4Sxzi+c632Xi98I/L6rKE5WCLg0dXPUhy4YwD495ZoCFfT5hzNHrNjeCGG03mVC4qLTcopwyn4TlcN+SnZEzI9kVvTwOhtW2J9ol1GNjiGsmfDq9I/+jOfALFQgA/nFVyqBi14pui9yhno6WDyPGifDeKsoNBoZq63lQ/exxGzTH/sPRqeumAUWU81n3/4FLcknH1ssucMC73scO5S4+lzpF89PFCV5Qnkcghzu+vEC5/Z0roU+jQL+wPpjnq1QAuX94TX0iLVozSmcPfFwv4PyzqiCRK7dbk8TtTQlqdM+elzKzKbQkUQXvY2vGTyKnZxJjrwHx71QuEYMfu3QqO7v5XUJSayON1o/RcfQdwfxenLaLOzXYPVod2eylalY7vXKtJOclz0OsCHVL/IAs2p+qvnBhDi2LcBKFgYRgI9ZrOFWGBvk2hzNjieQtM/a9BAcAjzR8jNTgBYqTQWIuloJEjd+KtRC7S4qFVSwp5E+2eFD3QpBaf+TFuDCvSteWpHZSXIrrLEGAichsWVHK09KKGsFPb//S2bEIrHeMYwPbDZ4JFR5YzUJTnfuHFCAGxsL4qali4ZA8BlTEp675TwJ47FWpS349/10di0DbIm7+eeQUVv4obn9sk0st1tDHS5kWsWQq587t52OFuqwXZv+GdEMn/jfo4F4dEF61DbkXtMzMs0/DU9x60m0pp41LvJQsm7GyGjvtUV0ltD5n8lF40pmVZnrcrQb/VSd2mLZbkTl8K+1J2rDnel2vf5DcUSysTha8o+g0X4fqMeGnIot71ZS7bqtzYzACQukMYkSxqE/vnalxN2G4cmP0RCSwb4YhOdgsKjqUwEr560xv5M58RSMW92cFC59CHtu4G7rPyvuA9Bp6lJnxsRAfPB57QF4aqYg0VpBTpP4MHdeVuG7v7REATjyexnjuli5BSx9540nHgjrcMVcSVkcNcIykAJsHVk4PJZ01o5Ycmubvw3fHvt9OKyxY2Y7CLQpVcSwgfp4KOLnUe3+88fLfMUfg3V4rVjiriivqHVKx0aMKqkW1Od6fT5nZAd6h5rMxLWDU2U++wUcc/lfRK+J2GgY+r6MmBb1qRajW8VS3ms7e/RylxzHpaU/meUTFiFxop4iCCwBn3IjgFtZWcn+8eERkQQ0wZfuz8u5Lfy0uPQoaRhoHPXtBZQEWuQd/MIGKaetHU85XRu/1HYvQ4V5+Elu12D8idTCennGv6gqIOFZBhS1CCKbPtzTmYuV9JlmbMNhQthwuxKKbZoXhI+GNDggPMxkkmhxGChj4X2NymV7u3Yqrr1FnNGTMcuBJ10+BDeNNY9KV4MZCKH//rRjUxVEgiln0EEGFTeA/WSyG8wu72maDu2OvcfoNH3KkYYJ7JqSzvZ8raVMiWSx9nkAN18xRWxWIz4wNndrk963Ol4rwxymVcXDE9/Qrz27MAZmNhrEaF4qsut7VDLxWvnrcWCIXddNPFcqgU1IQVF48U7WAGgTFDJdDEp+Q33FNIbo70koN0KLE8ot0jIqWuwBFhA5fI7NSv5cEIOueTcD2p3J2snBebQbRtsDtu8mJBunYPqcvP3YH9xiDJkdiij/g21Wtb7FY/WPP1uVt8RJu51kxTw9VZJLLQqisk1usn3kAKM+m3gQAKpbgiFmfjb3pif3nHTCi+tRAM4hGX2VWHY8F/iaTCAZpSyd34SD6OqYIzh83nchwyaMOU9QrrOIG7Vbrd923/AMBcFVaZnQB4eGNIe6fnEiet67kb6g0yxHNKyORM0+fg9INbywzT1MzjbjozvNw5JEHm49C2J/oWcyGDW13XtQXw8uvCBVEqXpz4baNng7Xzge5WwBLTlF2+hh136npAE62aHkNZyy0E3Fa1V6ludI//BcnZ4jqYEO0/w5SA9wYFT6Aun9ltRpq60VZnYc1Jr2A=,iv:kR5g0wvCQ3NGAqviN1jvqscgAYrGzHLqhooIljtJ+gg=,tag:Z+U5Wn4U5ADIxjdfI37cBA==,type:str]
tlscrypt: ENC[AES256_GCM,data:zG12fAsc9/LcxO0eGx4ytjHm07BMnf5aBHlfTtif4noCXcPAx5xunhJCOaWEoTobwOEpdgXoZzQcJa7EW6N/4kEnGzk8gfSl+BFswO6LEoqzYJb4sfy2qJJQrjUNxsI9yib+OCgb4DQ94apdvVG/dVypdMQrw+x+xg8K+hdZ5LZWdZLKKcBxHKeHoZ+lt/gJNv3BbtQP6Vy+1biWxjdHy1YfvLm+iqaJfi3/9HV8YAi/iePoY+rNNtc8GlaUp/HrHfmCFF4EBWuFr2knQ5t8bx7sHGlhdcTIyHJwNQdCUIsyVqckhxDulLM8luuGJZsiulkdK2f4NSpa6CPYZPWPHQ2BfSnugBEjbWrF2RQT3eOLAEJBS9YSV1/nvHA/lU2ymf0PBzzXhE9Ms0twecrS8Ql/qRbWSqiQNzHv/P7k5i5E8iw4zqaUtir7gpu3AkC2GxMVuQfowiruZGPi6i2YbDzgaBi5fZJAosWQHvZXnVApqFqzWXCzw4ACXlMI6MZ1rb3Ut9wEDXHGMRhhcWmHDsCO6I4/EphDfLiexYeVHKB++MLilXaUa6wXN0yGefj+NC3Am5YQRwR3rd4KrjXOrbKWELoIkyYrGWkZ5w5O5fC4Z+h8jxPjng/lNM3JAzREgKcw+0IcY5q3/bRXWGMScVm5qqc9LXozhWU9gghQOhbcb4NYFob8yczTJT8IdA6D72N4pAm+524DMjTPRiAi1KQInICeZp2mILvT5aUgTEXtj+iwyqyo+io3ffOjQdHa9HU2IrZKmoapkvEOsFHm3L63uY1T92/Han8=,iv:cjIKuwyLtXT5Wg/VzinC2Lf5EysoxsgnEsHei/+Yum8=,tag:b5LKO8urIBC7BJgyfs5kWw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age14cpm59h7hx8gr54hrn4uxu4xnrp9wy3f2kdxvy6xwuyxsfg8g9zs8z5e77
enc: |
@@ -32,8 +30,7 @@ sops:
OHNBdXMzZTN0VEVTYkVSbUVRYmo3eUUKvRiPgmrCCK1F5QoSHlV89C2MPl5FvU5i
z61NMJu68UEDsDu8qNRaW3aqpT+1GYsr1evi5imzNwr0qTM2oRwkFQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-15T01:14:16Z"
mac: ENC[AES256_GCM,data:4hqXQvlmPKuPkQEcUIpTEUudVknNVNjXjP8pB2UPnPmnr79nLWy/ZOzAcpSob1XNHyB7We5neBUEDYO56PjOM9C022XdZfaqXUC931uqLqo1iLQupApCphf/HR5bwDayv63Mr1Ys9MBdhCrYtlfy4iPiEdlpfDhLuD268EM8x0w=,iv:rgzgkB+5r/xDrN4i8O1f6CXyGxF7Peo+24kkQf96yf4=,tag:TZPaNEEYxFZ0m1CRbPQ0kA==,type:str]
pgp: []
lastmodified: "2025-09-28T20:50:07Z"
mac: ENC[AES256_GCM,data:RL8OmwcGAfFC/x5MZq6zC+wlLoyyma+ZTK5uq4Qe80SJlAJP8Sep1zp82fCuBe2ogl7h0UjrBcpOtwOPxoEs7ez2qaDpHyhmK+IFahvnLiodoP95JCSgpHLhTPK3Fxt3bPhO6T52HoLq/coiKO8YQhRdMPtat9+KF0SbcrH1uAE=,iv:tsieRtJTf00Haa8Elc+CyWB73qiMChLY1SC6HMVC84s=,tag:f+jjKdYfmr/ef/FJbCU1Dg==,type:str]
unencrypted_suffix: _unencrypted
version: 3.8.1
version: 3.10.2

24
services/bitwarden.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, pkgs, lib, ... }:
{
# environment.systemPackages = [
# pkgs.sendmail
# ];
sops.secrets."vaultwarden/environmentFile" = {
restartUnits = [ "vaultwarden.service" ];
owner = "vaultwarden";
mode = "0755";
};
services.vaultwarden = {
enable = true;
environmentFile = config.sops.secrets."vaultwarden/environmentFile".path;
dbBackend = "sqlite";
backupDir = "/var/backup/vaultwarden";
};
}

99
services/jupyterhub.nix Normal file
View File

@@ -0,0 +1,99 @@
{ config, pkgs, lib, ... }:
let
myPython = pkgs.python3;
myJupyterHubEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterhub-systemdspawner
ipython
jupyterlab
notebook
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
myJupyterLabEnv = myPython.withPackages (ps: with ps; [
jupyterhub
jupyterlab
ipykernel
numpy
scipy
pandas
matplotlib
seaborn
scikit-learn
]);
in
{
environment.systemPackages = with pkgs; [
python3Packages.numpy
python3Packages.scipy
python3Packages.pandas
python3Packages.matplotlib
python3Packages.seaborn
python3Packages.scikit-learn
];
users.users.tdt4117 = {
isNormalUser = true;
home = "/home/tdt4117";
description = "Alice Foobar";
extraGroups = [ ];
# openssh.authorizedKeys.keys = [ "ssh-dss AAAAB3Nza... " ];
};
services.jupyterhub = {
jupyterhubEnv = myJupyterHubEnv;
jupyterlabEnv = myJupyterLabEnv;
enable = true;
port = 8770;
host = "0.0.0.0";
extraConfig = ''
c.Authenticator.allow_all = True
c.ConfigurableHTTPProxy.api_url = 'http://0.0.0.0:8770'
c.JupyterHub.bind_url = 'http://0.0.0.0:8771'
'';
kernels = {
python3 = let
env = (pkgs.python3.withPackages (pythonPackages: with pythonPackages; [
ipykernel
pandas
scikit-learn
seaborn
pandas
huggingface-hub
datasets
matplotlib
tqdm
numpy
scipy
]));
in {
displayName = "Python 3 for machine learning";
argv = [
"${env.interpreter}"
"-m"
"ipykernel_launcher"
"-f"
"{connection_file}"
];
language = "python";
logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
};
};
};
}

11
services/mealie.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, lib, ... }:
{
services.mealie = {
enable = true;
settings = {
ALLOW_SIGNUP = "true";
};
database.createLocally = true;
};
}

13
services/ollama.nix
View File

@@ -20,22 +20,19 @@ in
# Preloaded models
loadModels = [
"gemma3:1b"
"qwen3:8b"
"qwen3:latest"
"qwen3:4b"
"qwen3:0.6b"
"llama3.1"
"moondream"
"minicpm-v"
"qwen2.5vl:3b"
"gemma3:4b"
"qwen2.5vl:3b"
"granite3.2-vision"
"zylonai/multilingual-e5-large"
"nomic-embed-text"
"snowflake-arctic-embed2"
"gpt-oss:20b"
];
# Acceleration settings
acceleration = "cuda";
};
# NGINX reverse proxy configuration
services.nginx.virtualHosts."ollama.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;

36
services/ollamaWebui.nix
View File

@@ -1,21 +1,22 @@
{ config, pkgs, lib, ... }:
{
environment.systemPackages = [
pkgs.unstable.open-webui
pkgs.gvisor
#pkgs.open-webui
#pkgs.unstable.open-webui #needed stable one to hoefulle be able to take a backup from ui.
pkgs.bash
pkgs.unstable.tika
pkgs.ffmpeg
# pkgs.unstable.tika
];
services.tika = {
enable=true;
package = pkgs.unstable.tika;
openFirewall=true;
listenAddress = "0.0.0.0";
port = 9998;
enableOcr = true;
};
# services.tika = {
# enable=true;
# package = pkgs.unstable.tika;
# openFirewall=true;
# listenAddress = "0.0.0.0";
# port = 9998;
# enableOcr = true;
# };
services.open-webui = {
enable = true;
@@ -24,11 +25,22 @@
port = 11111;
host = "0.0.0.0";
openFirewall = true;
stateDir = "/var/lib/open-webui";
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
FRONTEND_BUILD_DIR = "${config.services.open-webui.stateDir}/build";
DATA_DIR = "${config.services.open-webui.stateDir}/data";
STATIC_DIR = "${config.services.open-webui.stateDir}/static";
WEBUI_AUTH = "True";
#ENABLE_SIGNUP = "True";
ENABLE_SIGNUP_PASSWORD_CONFIRMATION = "True";
#DEFAULT_USER_ROLE = "admin";
ENV = "prod";
};
};

139
services/qbittorrent-old.nix Normal file
View File

@@ -0,0 +1,139 @@
{ config, lib, pkgs, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
configurationFile = ''
[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
MemoryWorkingSetLimit=8192
[BitTorrent]
Session\AddExtensionToIncompleteFiles=true
Session\AlternativeGlobalDLSpeedLimit=1000
Session\AlternativeGlobalUPSpeedLimit=1000
Session\AnonymousModeEnabled=false
Session\BTProtocol=Both
Session\BandwidthSchedulerEnabled=false
Session\DefaultSavePath=/Main/Data/media/Downloads
Session\Encryption=1
Session\ExcludedFileNames=
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
Session\GlobalDLSpeedLimit=0
Session\GlobalMaxRatio=1.5
Session\GlobalUPSpeedLimit=0
Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true
Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0
Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15
Session\MaxRatioAction=1
Session\Port=44183
Session\Preallocation=true
Session\QueueingSystemEnabled=false
Session\SubcategoriesEnabled=true
Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true
Session\TorrentContentLayout=Subfolder
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false
[Core]
AutoDeleteAddedTorrentFile=Never
[LegalNotice]
Accepted=true
[Meta]
MigrationVersion=6
[Network]
PortForwardingEnabled=true
[Preferences]
General\Locale=en
MailNotification\req_auth=true
Scheduler\days=Weekday
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\Port=${toString port}
WebUI\UseUPnP=false
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\EnableProcessing=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
Session\EnableProcessing=true
'';
in
{
imports = [
../profiles/sops.nix
];
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
owner = "qbittorrent";
mode = "0755";
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
#path = "${path}/.config/qBittorrent/qBittorrent.conf"; #did not seem to work
owner = "qbittorrent";
mode = "0755";
};
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "media";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = {
after = [ "network.target" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${config.sops.templates."qbittorrent/configuration".path} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.unstable.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent";
Group = "media";
Restart = "on-failure";
ProtectKernelModules = true;
NoNewPrivileges = true;
};
};
services.nginx.virtualHosts."qbittorrent.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;
#useACMEHost = config.networking.domain; #not sure if this will work, unless
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${port}";
};
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
};
}

2
services/rss.nix
View File

@@ -18,7 +18,7 @@
services.miniflux.enable = true;
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8081";
services.miniflux.config.LISTEN_ADDR = "0.0.0.0:8089";
services.miniflux.adminCredentialsFile = config.sops.secrets."miniflux/adminCredentialsFile".path;
}

188
services/torrent.nix
View File

@@ -1,85 +1,6 @@
{ config, lib, pkgs, ... }:
let
port = 8090;
torrentPort = 44183;
savePath = "/Main/Data/media/Downloads/";
path = "/var/lib/qbittorrent";
configurationFile = ''
[Application]
FileLogger\Age=1
FileLogger\AgeType=1
FileLogger\Backup=true
FileLogger\DeleteOld=true
FileLogger\Enabled=true
FileLogger\MaxSizeBytes=66560
FileLogger\Path=/Main/Data/media/.qbittorrent/logs
MemoryWorkingSetLimit=8192
[BitTorrent]
Session\AddExtensionToIncompleteFiles=true
Session\AlternativeGlobalDLSpeedLimit=1000
Session\AlternativeGlobalUPSpeedLimit=1000
Session\AnonymousModeEnabled=false
Session\BTProtocol=Both
Session\BandwidthSchedulerEnabled=false
Session\DefaultSavePath=/Main/Data/media/Downloads
Session\Encryption=1
Session\ExcludedFileNames=
Session\FinishedTorrentExportDirectory=/Main/Data/media/Downloads/torrents-complete
Session\GlobalDLSpeedLimit=0
Session\GlobalMaxRatio=1.5
Session\GlobalUPSpeedLimit=0
Session\I2P\Enabled=true
Session\IgnoreLimitsOnLAN=true
Session\IncludeOverheadInLimits=true
Session\Interface=tun0
Session\InterfaceAddress=${config.sops.placeholder."qbittorrent/interfaceAddress"}
Session\InterfaceName=tun0
Session\LSDEnabled=true
Session\MaxActiveCheckingTorrents=15
Session\MaxRatioAction=1
Session\Port=44183
Session\Preallocation=true
Session\QueueingSystemEnabled=false
Session\SubcategoriesEnabled=true
Session\Tags=movie, anime
Session\TempPath=/Main/Data/media/Downloads/temp
Session\TempPathEnabled=true
Session\TorrentContentLayout=Subfolder
Session\TorrentExportDirectory=/Main/Data/media/Downloads/torrents
Session\UseAlternativeGlobalSpeedLimit=false
[Core]
AutoDeleteAddedTorrentFile=Never
[LegalNotice]
Accepted=true
[Meta]
MigrationVersion=6
[Network]
PortForwardingEnabled=true
[Preferences]
General\Locale=en
MailNotification\req_auth=true
Scheduler\days=Weekday
Scheduler\end_time=@Variant(\0\0\0\xf\x5%q\xa0)
WebUI\AuthSubnetWhitelist=192.168.1.0/24, 100.0.0.0/8
WebUI\AuthSubnetWhitelistEnabled=true
WebUI\Port=${toString port}
WebUI\UseUPnP=false
[RSS]
AutoDownloader\DownloadRepacks=true
AutoDownloader\EnableProcessing=true
AutoDownloader\SmartEpisodeFilter=s(\\d+)e(\\d+), (\\d+)x(\\d+), "(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})", "(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})"
Session\EnableProcessing=true
'';
interfaceaddress = builtins.readFile config.sops.secrets."qbittorrent/interfaceAddress".path;
in
{
@@ -87,8 +8,6 @@ in
../profiles/sops.nix
];
networking.firewall.allowedTCPPorts = [ port torrentPort];
networking.firewall.allowedUDPPorts = [ port torrentPort];
sops.secrets."qbittorrent/interfaceAddress" = {
restartUnits = [ "qbittorrent-nox.service" ];
@@ -96,44 +15,87 @@ in
mode = "0755";
};
sops.templates."qbittorrent/configuration" = {
content = configurationFile;
#path = "${path}/.config/qBittorrent/qBittorrent.conf"; #did not seem to work
owner = "qbittorrent";
mode = "0755";
};
users.users.qbittorrent = {
isNormalUser = true; #make this a normal user to be able to make files
home = path;
group = "media";
group = lib.mkForce "media";
};
users.groups.qbittorrent = {};
systemd.services."qbittorrent-nox" = {
after = [ "network.target" ];
wants = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStartPre = "${pkgs.bash}/bin/bash -c '${pkgs.coreutils}/bin/mkdir -p ${path} && ${pkgs.coreutils}/bin/chmod -R 755 ${path} && ${pkgs.coreutils}/bin/cp ${config.sops.templates."qbittorrent/configuration".path} ${path}/.config/qBittorrent/qBittorrent.conf'";
ExecStart = "${pkgs.unstable.qbittorrent-nox}/bin/qbittorrent-nox";
User = "qbittorrent";
Group = "media";
Restart = "on-failure";
ProtectKernelModules = true;
NoNewPrivileges = true;
};
};
services.nginx.virtualHosts."qbittorrent.${config.networking.hostName}.${config.networking.domain}" = {
forceSSL = true;
#useACMEHost = config.networking.domain; #not sure if this will work, unless
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://localhost:${port}";
services.qbittorrent = {
enable = true;
extraArgs = [
"--confirm-legal-notice"
];
webuiPort = 8090;
torrentingPort = 44183;
serverConfig = {
LegalNotice.Accepted = true;
Meta.MigrationVersion=6;
Network.PortForwardingEnabled=true;
Preferences = {
WebUI = {
AuthSubnetWhitelist="192.168.1.0/24, 100.0.0.0/8";
AuthSubnetWhitelistEnabled=true;
UseUPnP=false;
};
BitTorrent = {
Session = {
AddExtensionToIncompleteFiles=true;
AlternativeGlobalDLSpeedLimit=1000;
AlternativeGlobalUPSpeedLimit=1000;
AnonymousModeEnabled=false;
BTProtocol="Both";
BandwidthSchedulerEnabled=false;
DefaultSavePath="/Main/Data/media/Downloads";
Encryption=1;
FinishedTorrentExportDirectory="/Main/Data/media/Downloads/torrents-complete";
GlobalDLSpeedLimit=0;
GlobalMaxRatio=1.5;
GlobalUPSpeedLimit=0;
I2P.Enabled=true;
IgnoreLimitsOnLAN=true;
IncludeOverheadInLimits=true;
Interface="tun0";
#InterfaceAddress="${config.sops.placeholder."qbittorrent/interfaceAddress"}";
InterfaceAddress="${interfaceaddress}";
InterfaceName="tun0";
LSDEnabled="true";
MaxActiveCheckingTorrents=15;
MaxRatioAction=1;
Port=44183;
Preallocation=true;
QueueingSystemEnabled=false;
SubcategoriesEnabled=true;
Tags="movie, anime";
TempPath="/Main/Data/media/Downloads/temp";
TempPathEnabled=true;
TorrentContentLayout="Subfolder";
TorrentExportDirectory="/Main/Data/media/Downloads/torrents";
UseAlternativeGlobalSpeedLimit=false;
};
};
basicAuthFile = config.sops.secrets."nginx/defaultpass".path;
RSS = {
AutoDownloader = {
DownloadRepacks=true;
EnableProcessing=true;
SmartEpisodeFilter="s(\\d+)e(\\d+), (\\d+)x(\\d+), \"(\\d{4}[.\\-]\\d{1,2}[.\\-]\\d{1,2})\", \"(\\d{1,2}[.\\-]\\d{1,2}[.\\-]\\d{4})\"";
};
Session.EnableProcessing=true;
};
General.Locale = "en";
};
};
};
}