dotfiles @ b7ba37aa4661415ed26ac8a72b52be95b71a4804

A nix/flake.lock

···
                
                1
                +{

              
                
                2
                +  "nodes": {

              
                
                3
                +    "actor-typeahead-src": {

              
                
                4
                +      "flake": false,

              
                
                5
                +      "locked": {

              
                
                6
                +        "lastModified": 1762835797,

              
                
                7
                +        "narHash": "sha256-heizoWUKDdar6ymfZTnj3ytcEv/L4d4fzSmtr0HlXsQ=",

              
                
                8
                +        "ref": "refs/heads/main",

              
                
                9
                +        "rev": "677fe7f743050a4e7f09d4a6f87bbf1325a06f6b",

              
                
                10
                +        "revCount": 6,

              
                
                11
                +        "type": "git",

              
                
                12
                +        "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

              
                
                13
                +      },

              
                
                14
                +      "original": {

              
                
                15
                +        "type": "git",

              
                
                16
                +        "url": "https://tangled.org/@jakelazaroff.com/actor-typeahead"

              
                
                17
                +      }

              
                
                18
                +    },

              
                
                19
                +    "agenix": {

              
                
                20
                +      "inputs": {

              
                
                21
                +        "darwin": "darwin",

              
                
                22
                +        "home-manager": "home-manager",

              
                
                23
                +        "nixpkgs": [

              
                
                24
                +          "nixpkgs"

              
                
                25
                +        ],

              
                
                26
                +        "systems": "systems"

              
                
                27
                +      },

              
                
                28
                +      "locked": {

              
                
                29
                +        "lastModified": 1762618334,

              
                
                30
                +        "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",

              
                
                31
                +        "owner": "ryantm",

              
                
                32
                +        "repo": "agenix",

              
                
                33
                +        "rev": "fcdea223397448d35d9b31f798479227e80183f6",

              
                
                34
                +        "type": "github"

              
                
                35
                +      },

              
                
                36
                +      "original": {

              
                
                37
                +        "owner": "ryantm",

              
                
                38
                +        "repo": "agenix",

              
                
                39
                +        "type": "github"

              
                
                40
                +      }

              
                
                41
                +    },

              
                
                42
                +    "darwin": {

              
                
                43
                +      "inputs": {

              
                
                44
                +        "nixpkgs": [

              
                
                45
                +          "agenix",

              
                
                46
                +          "nixpkgs"

              
                
                47
                +        ]

              
                
                48
                +      },

              
                
                49
                +      "locked": {

              
                
                50
                +        "lastModified": 1744478979,

              
                
                51
                +        "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",

              
                
                52
                +        "owner": "lnl7",

              
                
                53
                +        "repo": "nix-darwin",

              
                
                54
                +        "rev": "43975d782b418ebf4969e9ccba82466728c2851b",

              
                
                55
                +        "type": "github"

              
                
                56
                +      },

              
                
                57
                +      "original": {

              
                
                58
                +        "owner": "lnl7",

              
                
                59
                +        "ref": "master",

              
                
                60
                +        "repo": "nix-darwin",

              
                
                61
                +        "type": "github"

              
                
                62
                +      }

              
                
                63
                +    },

              
                
                64
                +    "disko": {

              
                
                65
                +      "inputs": {

              
                
                66
                +        "nixpkgs": [

              
                
                67
                +          "nixpkgs"

              
                
                68
                +        ]

              
                
                69
                +      },

              
                
                70
                +      "locked": {

              
                
                71
                +        "lastModified": 1766150702,

              
                
                72
                +        "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=",

              
                
                73
                +        "owner": "nix-community",

              
                
                74
                +        "repo": "disko",

              
                
                75
                +        "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378",

              
                
                76
                +        "type": "github"

              
                
                77
                +      },

              
                
                78
                +      "original": {

              
                
                79
                +        "owner": "nix-community",

              
                
                80
                +        "repo": "disko",

              
                
                81
                +        "type": "github"

              
                
                82
                +      }

              
                
                83
                +    },

              
                
                84
                +    "flake-compat": {

              
                
                85
                +      "flake": false,

              
                
                86
                +      "locked": {

              
                
                87
                +        "lastModified": 1751685974,

              
                
                88
                +        "narHash": "sha256-NKw96t+BgHIYzHUjkTK95FqYRVKB8DHpVhefWSz/kTw=",

              
                
                89
                +        "rev": "549f2762aebeff29a2e5ece7a7dc0f955281a1d1",

              
                
                90
                +        "type": "tarball",

              
                
                91
                +        "url": "https://git.lix.systems/api/v1/repos/lix-project/flake-compat/archive/549f2762aebeff29a2e5ece7a7dc0f955281a1d1.tar.gz?rev=549f2762aebeff29a2e5ece7a7dc0f955281a1d1"

              
                
                92
                +      },

              
                
                93
                +      "original": {

              
                
                94
                +        "type": "tarball",

              
                
                95
                +        "url": "https://git.lix.systems/lix-project/flake-compat/archive/main.tar.gz"

              
                
                96
                +      }

              
                
                97
                +    },

              
                
                98
                +    "flake-utils": {

              
                
                99
                +      "inputs": {

              
                
                100
                +        "systems": "systems_2"

              
                
                101
                +      },

              
                
                102
                +      "locked": {

              
                
                103
                +        "lastModified": 1694529238,

              
                
                104
                +        "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",

              
                
                105
                +        "owner": "numtide",

              
                
                106
                +        "repo": "flake-utils",

              
                
                107
                +        "rev": "ff7b65b44d01cf9ba6a71320833626af21126384",

              
                
                108
                +        "type": "github"

              
                
                109
                +      },

              
                
                110
                +      "original": {

              
                
                111
                +        "owner": "numtide",

              
                
                112
                +        "repo": "flake-utils",

              
                
                113
                +        "type": "github"

              
                
                114
                +      }

              
                
                115
                +    },

              
                
                116
                +    "gomod2nix": {

              
                
                117
                +      "inputs": {

              
                
                118
                +        "flake-utils": "flake-utils",

              
                
                119
                +        "nixpkgs": [

              
                
                120
                +          "tangled",

              
                
                121
                +          "nixpkgs"

              
                
                122
                +        ]

              
                
                123
                +      },

              
                
                124
                +      "locked": {

              
                
                125
                +        "lastModified": 1754078208,

              
                
                126
                +        "narHash": "sha256-YVoIFDCDpYuU3riaDEJ3xiGdPOtsx4sR5eTzHTytPV8=",

              
                
                127
                +        "owner": "nix-community",

              
                
                128
                +        "repo": "gomod2nix",

              
                
                129
                +        "rev": "7f963246a71626c7fc70b431a315c4388a0c95cf",

              
                
                130
                +        "type": "github"

              
                
                131
                +      },

              
                
                132
                +      "original": {

              
                
                133
                +        "owner": "nix-community",

              
                
                134
                +        "repo": "gomod2nix",

              
                
                135
                +        "type": "github"

              
                
                136
                +      }

              
                
                137
                +    },

              
                
                138
                +    "home-manager": {

              
                
                139
                +      "inputs": {

              
                
                140
                +        "nixpkgs": [

              
                
                141
                +          "agenix",

              
                
                142
                +          "nixpkgs"

              
                
                143
                +        ]

              
                
                144
                +      },

              
                
                145
                +      "locked": {

              
                
                146
                +        "lastModified": 1745494811,

              
                
                147
                +        "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",

              
                
                148
                +        "owner": "nix-community",

              
                
                149
                +        "repo": "home-manager",

              
                
                150
                +        "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be",

              
                
                151
                +        "type": "github"

              
                
                152
                +      },

              
                
                153
                +      "original": {

              
                
                154
                +        "owner": "nix-community",

              
                
                155
                +        "repo": "home-manager",

              
                
                156
                +        "type": "github"

              
                
                157
                +      }

              
                
                158
                +    },

              
                
                159
                +    "htmx-src": {

              
                
                160
                +      "flake": false,

              
                
                161
                +      "locked": {

              
                
                162
                +        "narHash": "sha256-nm6avZuEBg67SSyyZUhjpXVNstHHgUxrtBHqJgowU08=",

              
                
                163
                +        "type": "file",

              
                
                164
                +        "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

              
                
                165
                +      },

              
                
                166
                +      "original": {

              
                
                167
                +        "type": "file",

              
                
                168
                +        "url": "https://unpkg.com/htmx.org@2.0.4/dist/htmx.min.js"

              
                
                169
                +      }

              
                
                170
                +    },

              
                
                171
                +    "htmx-ws-src": {

              
                
                172
                +      "flake": false,

              
                
                173
                +      "locked": {

              
                
                174
                +        "narHash": "sha256-2fg6KyEJoO24q0fQqbz9RMaYNPQrMwpZh29tkSqdqGY=",

              
                
                175
                +        "type": "file",

              
                
                176
                +        "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"

              
                
                177
                +      },

              
                
                178
                +      "original": {

              
                
                179
                +        "type": "file",

              
                
                180
                +        "url": "https://cdn.jsdelivr.net/npm/htmx-ext-ws@2.0.2"

              
                
                181
                +      }

              
                
                182
                +    },

              
                
                183
                +    "ibm-plex-mono-src": {

              
                
                184
                +      "flake": false,

              
                
                185
                +      "locked": {

              
                
                186
                +        "lastModified": 1731402384,

              
                
                187
                +        "narHash": "sha256-OwUmrPfEehLDz0fl2ChYLK8FQM2p0G1+EMrGsYEq+6g=",

              
                
                188
                +        "type": "tarball",

              
                
                189
                +        "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"

              
                
                190
                +      },

              
                
                191
                +      "original": {

              
                
                192
                +        "type": "tarball",

              
                
                193
                +        "url": "https://github.com/IBM/plex/releases/download/@ibm%2Fplex-mono@1.1.0/ibm-plex-mono.zip"

              
                
                194
                +      }

              
                
                195
                +    },

              
                
                196
                +    "indigo": {

              
                
                197
                +      "flake": false,

              
                
                198
                +      "locked": {

              
                
                199
                +        "lastModified": 1753693716,

              
                
                200
                +        "narHash": "sha256-DMIKnCJRODQXEHUxA+7mLzRALmnZhkkbHlFT2rCQYrE=",

              
                
                201
                +        "owner": "oppiliappan",

              
                
                202
                +        "repo": "indigo",

              
                
                203
                +        "rev": "5f170569da9360f57add450a278d73538092d8ca",

              
                
                204
                +        "type": "github"

              
                
                205
                +      },

              
                
                206
                +      "original": {

              
                
                207
                +        "owner": "oppiliappan",

              
                
                208
                +        "repo": "indigo",

              
                
                209
                +        "type": "github"

              
                
                210
                +      }

              
                
                211
                +    },

              
                
                212
                +    "inter-fonts-src": {

              
                
                213
                +      "flake": false,

              
                
                214
                +      "locked": {

              
                
                215
                +        "lastModified": 1731687360,

              
                
                216
                +        "narHash": "sha256-5vdKKvHAeZi6igrfpbOdhZlDX2/5+UvzlnCQV6DdqoQ=",

              
                
                217
                +        "type": "tarball",

              
                
                218
                +        "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"

              
                
                219
                +      },

              
                
                220
                +      "original": {

              
                
                221
                +        "type": "tarball",

              
                
                222
                +        "url": "https://github.com/rsms/inter/releases/download/v4.1/Inter-4.1.zip"

              
                
                223
                +      }

              
                
                224
                +    },

              
                
                225
                +    "lucide-src": {

              
                
                226
                +      "flake": false,

              
                
                227
                +      "locked": {

              
                
                228
                +        "lastModified": 1754044466,

              
                
                229
                +        "narHash": "sha256-+exBR2OToB1iv7ZQI2S4B0lXA/QRvC9n6U99UxGpJGs=",

              
                
                230
                +        "type": "tarball",

              
                
                231
                +        "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"

              
                
                232
                +      },

              
                
                233
                +      "original": {

              
                
                234
                +        "type": "tarball",

              
                
                235
                +        "url": "https://github.com/lucide-icons/lucide/releases/download/0.536.0/lucide-icons-0.536.0.zip"

              
                
                236
                +      }

              
                
                237
                +    },

              
                
                238
                +    "nixpkgs": {

              
                
                239
                +      "locked": {

              
                
                240
                +        "lastModified": 1768323494,

              
                
                241
                +        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",

              
                
                242
                +        "owner": "NixOS",

              
                
                243
                +        "repo": "nixpkgs",

              
                
                244
                +        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",

              
                
                245
                +        "type": "github"

              
                
                246
                +      },

              
                
                247
                +      "original": {

              
                
                248
                +        "owner": "NixOS",

              
                
                249
                +        "ref": "nixos-25.11",

              
                
                250
                +        "repo": "nixpkgs",

              
                
                251
                +        "type": "github"

              
                
                252
                +      }

              
                
                253
                +    },

              
                
                254
                +    "root": {

              
                
                255
                +      "inputs": {

              
                
                256
                +        "agenix": "agenix",

              
                
                257
                +        "disko": "disko",

              
                
                258
                +        "nixpkgs": "nixpkgs",

              
                
                259
                +        "tangled": "tangled"

              
                
                260
                +      }

              
                
                261
                +    },

              
                
                262
                +    "sqlite-lib-src": {

              
                
                263
                +      "flake": false,

              
                
                264
                +      "locked": {

              
                
                265
                +        "lastModified": 1706631843,

              
                
                266
                +        "narHash": "sha256-bJoMjirsBjm2Qk9KPiy3yV3+8b/POlYe76/FQbciHro=",

              
                
                267
                +        "type": "tarball",

              
                
                268
                +        "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip"

              
                
                269
                +      },

              
                
                270
                +      "original": {

              
                
                271
                +        "type": "tarball",

              
                
                272
                +        "url": "https://sqlite.org/2024/sqlite-amalgamation-3450100.zip"

              
                
                273
                +      }

              
                
                274
                +    },

              
                
                275
                +    "systems": {

              
                
                276
                +      "locked": {

              
                
                277
                +        "lastModified": 1681028828,

              
                
                278
                +        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

              
                
                279
                +        "owner": "nix-systems",

              
                
                280
                +        "repo": "default",

              
                
                281
                +        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

              
                
                282
                +        "type": "github"

              
                
                283
                +      },

              
                
                284
                +      "original": {

              
                
                285
                +        "owner": "nix-systems",

              
                
                286
                +        "repo": "default",

              
                
                287
                +        "type": "github"

              
                
                288
                +      }

              
                
                289
                +    },

              
                
                290
                +    "systems_2": {

              
                
                291
                +      "locked": {

              
                
                292
                +        "lastModified": 1681028828,

              
                
                293
                +        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",

              
                
                294
                +        "owner": "nix-systems",

              
                
                295
                +        "repo": "default",

              
                
                296
                +        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",

              
                
                297
                +        "type": "github"

              
                
                298
                +      },

              
                
                299
                +      "original": {

              
                
                300
                +        "owner": "nix-systems",

              
                
                301
                +        "repo": "default",

              
                
                302
                +        "type": "github"

              
                
                303
                +      }

              
                
                304
                +    },

              
                
                305
                +    "tangled": {

              
                
                306
                +      "inputs": {

              
                
                307
                +        "actor-typeahead-src": "actor-typeahead-src",

              
                
                308
                +        "flake-compat": "flake-compat",

              
                
                309
                +        "gomod2nix": "gomod2nix",

              
                
                310
                +        "htmx-src": "htmx-src",

              
                
                311
                +        "htmx-ws-src": "htmx-ws-src",

              
                
                312
                +        "ibm-plex-mono-src": "ibm-plex-mono-src",

              
                
                313
                +        "indigo": "indigo",

              
                
                314
                +        "inter-fonts-src": "inter-fonts-src",

              
                
                315
                +        "lucide-src": "lucide-src",

              
                
                316
                +        "nixpkgs": [

              
                
                317
                +          "nixpkgs"

              
                
                318
                +        ],

              
                
                319
                +        "sqlite-lib-src": "sqlite-lib-src"

              
                
                320
                +      },

              
                
                321
                +      "locked": {

              
                
                322
                +        "lastModified": 1763627666,

              
                
                323
                +        "narHash": "sha256-t8UQ85/bPXrbFs3V/paFtQvv4lSrr2lszrdcgspuAaA=",

              
                
                324
                +        "ref": "refs/tags/v1.11.0-alpha",

              
                
                325
                +        "rev": "12ef7f8f63ee4a14a552ebed603802c79e4d72f8",

              
                
                326
                +        "revCount": 1678,

              
                
                327
                +        "type": "git",

              
                
                328
                +        "url": "https://tangled.org/@tangled.org/core"

              
                
                329
                +      },

              
                
                330
                +      "original": {

              
                
                331
                +        "ref": "refs/tags/v1.11.0-alpha",

              
                
                332
                +        "type": "git",

              
                
                333
                +        "url": "https://tangled.org/@tangled.org/core"

              
                
                334
                +      }

              
                
                335
                +    }

              
                
                336
                +  },

              
                
                337
                +  "root": "root",

              
                
                338
                +  "version": 7

              
                
                339
                +}

              

A nix/flake.nix

···
                
                1
                +{

              
                
                2
                +  description = "my nix";

              
                
                3
                +  inputs = {

              
                
                4
                +    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11";

              
                
                5
                +    agenix = {

              
                
                6
                +      url = "github:ryantm/agenix";

              
                
                7
                +      inputs.nixpkgs.follows = "nixpkgs";

              
                
                8
                +    };

              
                
                9
                +    disko = {

              
                
                10
                +      url = "github:nix-community/disko";

              
                
                11
                +      inputs.nixpkgs.follows = "nixpkgs";

              
                
                12
                +    };

              
                
                13
                +    tangled = {

              
                
                14
                +      url = "git+https://tangled.org/@tangled.org/core?ref=refs/tags/v1.11.0-alpha";

              
                
                15
                +      inputs.nixpkgs.follows = "nixpkgs";

              
                
                16
                +    };

              
                
                17
                +  };

              
                
                18
                +

              
                
                19
                +  outputs =

              
                
                20
                +    {

              
                
                21
                +      nixpkgs,

              
                
                22
                +      agenix,

              
                
                23
                +      disko,

              
                
                24
                +      tangled,

              
                
                25
                +      ...

              
                
                26
                +    }:

              
                
                27
                +    {

              
                
                28
                +      nixosConfigurations."thought" = nixpkgs.lib.nixosSystem {

              
                
                29
                +        system = "x86_64-linux";

              
                
                30
                +        modules = [

              
                
                31
                +          ./hosts/thought

              
                
                32
                +          agenix.nixosModules.default

              
                
                33
                +          disko.nixosModules.disko

              
                
                34
                +          tangled.nixosModules.knot

              
                
                35
                +          tangled.nixosModules.spindle

              
                
                36
                +        ];

              
                
                37
                +      };

              
                
                38
                +    };

              
                
                39
                +}

              

A nix/hosts/thought/configuration.nix

···
                
                1
                +{ pkgs, ... }:

              
                
                2
                +{

              
                
                3
                +  imports = [

              
                
                4
                +    ./disko-config.nix

              
                
                5
                +    ./hardware-configuration.nix

              
                
                6
                +  ];

              
                
                7
                +

              
                
                8
                +  system.stateVersion = "24.05";

              
                
                9
                +

              
                
                10
                +  swapDevices = [

              
                
                11
                +    {

              
                
                12
                +      device = "/swapfile";

              
                
                13
                +      size = 2048; # MB

              
                
                14
                +    }

              
                
                15
                +  ];

              
                
                16
                +

              
                
                17
                +  boot.loader.grub = {

              
                
                18
                +    efiSupport = true;

              
                
                19
                +    efiInstallAsRemovable = true;

              
                
                20
                +  };

              
                
                21
                +

              
                
                22
                +  time.timeZone = "Europe/Kyiv";

              
                
                23
                +  i18n.defaultLocale = "en_US.UTF-8";

              
                
                24
                +

              
                
                25
                +  networking = {

              
                
                26
                +    hostName = "vps";

              
                
                27
                +    useDHCP = true;

              
                
                28
                +    # Interface names will be auto-detected in hardware-configuration.nix

              
                
                29
                +    # Using generic DHCP setting

              
                
                30
                +    interfaces = { };

              
                
                31
                +    firewall = {

              
                
                32
                +      enable = true;

              
                
                33
                +      allowedTCPPorts = [

              
                
                34
                +        80

              
                
                35
                +        443

              
                
                36
                +        2222

              
                
                37
                +      ];

              
                
                38
                +    };

              
                
                39
                +  };

              
                
                40
                +

              
                
                41
                +  environment.systemPackages = with pkgs; [

              
                
                42
                +    neovim

              
                
                43
                +    git

              
                
                44
                +    htop

              
                
                45
                +    tmux

              
                
                46
                +  ];

              
                
                47
                +

              
                
                48
                +  age.identityPaths = [ "/keys.txt" ]; # TODO: i dont like that i overwrites literally everything

              
                
                49
                +

              
                
                50
                +  services = {

              
                
                51
                +    caddy = {

              
                
                52
                +      enable = true;

              
                
                53
                +      package = pkgs.caddy.withPlugins {

              
                
                54
                +        plugins = [ "github.com/mholt/caddy-l4@v0.0.0-20260116154418-93f52b6a03ba" ];

              
                
                55
                +        hash = "sha256-s8D9p8k/Gote8s4fk0pv35R7aIwRi5ze7gbBHj+Fm8U=";

              
                
                56
                +      };

              
                
                57
                +    };

              
                
                58
                +    openssh = {

              
                
                59
                +      enable = true;

              
                
                60
                +      settings = {

              
                
                61
                +        PasswordAuthentication = false;

              
                
                62
                +        PermitRootLogin = "no";

              
                
                63
                +      };

              
                
                64
                +    };

              
                
                65
                +  };

              
                
                66
                +

              
                
                67
                +  nix = {

              
                
                68
                +    gc = {

              
                
                69
                +      automatic = true;

              
                
                70
                +      dates = "weekly";

              
                
                71
                +      options = "--delete-older-than 30d";

              
                
                72
                +    };

              
                
                73
                +    settings = {

              
                
                74
                +      auto-optimise-store = true;

              
                
                75
                +      experimental-features = [

              
                
                76
                +        "nix-command"

              
                
                77
                +        "flakes"

              
                
                78
                +      ];

              
                
                79
                +    };

              
                
                80
                +  };

              
                
                81
                +}

              

A nix/hosts/thought/default.nix

···
                
                1
                +{ ... }:

              
                
                2
                +{

              
                
                3
                +  imports = [

              
                
                4
                +    ./digitalocean.nix

              
                
                5
                +    ./configuration.nix

              
                
                6
                +    ./hardware-configuration.nix

              
                
                7
                +

              
                
                8
                +    ../../users/q.nix

              
                
                9
                +

              
                
                10
                +    ../../modules/freshrss.nix

              
                
                11
                +    ../../modules/tangled.nix

              
                
                12
                +    ../../modules/moviefeed.nix

              
                
                13
                +    ../../modules/wireguard.nix

              
                
                14
                +    ../../modules/soju.nix

              
                
                15
                +  ];

              
                
                16
                +}

              

A nix/hosts/thought/digitalocean.nix

···
                
                1
                +{ lib, modulesPath, ... }:

              
                
                2
                +{

              
                
                3
                +  imports = [

              
                
                4
                +    "${modulesPath}/virtualisation/digital-ocean-config.nix"

              
                
                5
                +  ];

              
                
                6
                +

              
                
                7
                +  # do not use DHCP, as DigitalOcean provisions IPs using cloud-init

              
                
                8
                +  networking.useDHCP = lib.mkForce false;

              
                
                9
                +

              
                
                10
                +  # Disables all modules that do not work with NixOS

              
                
                11
                +  services.cloud-init = {

              
                
                12
                +    enable = true;

              
                
                13
                +    network.enable = true;

              
                
                14
                +    settings = {

              
                
                15
                +      datasource_list = [

              
                
                16
                +        "ConfigDrive"

              
                
                17
                +        "Digitalocean"

              
                
                18
                +      ];

              
                
                19
                +      datasource.ConfigDrive = { };

              
                
                20
                +      datasource.Digitalocean = { };

              
                
                21
                +      # Based on https://github.com/canonical/cloud-init/blob/main/config/cloud.cfg.tmpl

              
                
                22
                +      cloud_init_modules = [

              
                
                23
                +        "seed_random"

              
                
                24
                +        "bootcmd"

              
                
                25
                +        "write_files"

              
                
                26
                +        "growpart"

              
                
                27
                +        "resizefs"

              
                
                28
                +        "set_hostname"

              
                
                29
                +        "update_hostname"

              
                
                30
                +        # Not support on NixOS

              
                
                31
                +        #"update_etc_hosts"

              
                
                32
                +        # throws error

              
                
                33
                +        #"users-groups"

              
                
                34
                +        # tries to edit /etc/ssh/sshd_config

              
                
                35
                +        #"ssh"

              
                
                36
                +        "set_password"

              
                
                37
                +      ];

              
                
                38
                +      cloud_config_modules = [

              
                
                39
                +        "ssh-import-id"

              
                
                40
                +        "keyboard"

              
                
                41
                +        # doesn't work with nixos

              
                
                42
                +        #"locale"

              
                
                43
                +        "runcmd"

              
                
                44
                +        "disable_ec2_metadata"

              
                
                45
                +      ];

              
                
                46
                +      ## The modules that run in the 'final' stage

              
                
                47
                +      cloud_final_modules = [

              
                
                48
                +        "write_files_deferred"

              
                
                49
                +        "puppet"

              
                
                50
                +        "chef"

              
                
                51
                +        "ansible"

              
                
                52
                +        "mcollective"

              
                
                53
                +        "salt_minion"

              
                
                54
                +        "reset_rmc"

              
                
                55
                +        # install dotty agent fails

              
                
                56
                +        #"scripts_vendor"

              
                
                57
                +        "scripts_per_once"

              
                
                58
                +        "scripts_per_boot"

              
                
                59
                +        # /var/lib/cloud/scripts/per-instance/machine_id.sh has broken shebang

              
                
                60
                +        #"scripts_per_instance"

              
                
                61
                +        "scripts_user"

              
                
                62
                +        "ssh_authkey_fingerprints"

              
                
                63
                +        "keys_to_console"

              
                
                64
                +        "install_hotplug"

              
                
                65
                +        "phone_home"

              
                
                66
                +        "final_message"

              
                
                67
                +      ];

              
                
                68
                +    };

              
                
                69
                +  };

              
                
                70
                +}

              

A nix/hosts/thought/disko-config.nix

···
                
                1
                +{ lib, ... }:

              
                
                2
                +{

              
                
                3
                +  disko.devices = {

              
                
                4
                +    disk.disk1 = {

              
                
                5
                +      device = lib.mkDefault "/dev/vda";

              
                
                6
                +      type = "disk";

              
                
                7
                +      content = {

              
                
                8
                +        type = "gpt";

              
                
                9
                +        partitions = {

              
                
                10
                +          boot = {

              
                
                11
                +            name = "boot";

              
                
                12
                +            size = "1M";

              
                
                13
                +            type = "EF02";

              
                
                14
                +          };

              
                
                15
                +          esp = {

              
                
                16
                +            name = "ESP";

              
                
                17
                +            size = "500M";

              
                
                18
                +            type = "EF00";

              
                
                19
                +            content = {

              
                
                20
                +              type = "filesystem";

              
                
                21
                +              format = "vfat";

              
                
                22
                +              mountpoint = "/boot";

              
                
                23
                +            };

              
                
                24
                +          };

              
                
                25
                +          root = {

              
                
                26
                +            name = "root";

              
                
                27
                +            size = "100%";

              
                
                28
                +            content = {

              
                
                29
                +              type = "lvm_pv";

              
                
                30
                +              vg = "pool";

              
                
                31
                +            };

              
                
                32
                +          };

              
                
                33
                +        };

              
                
                34
                +      };

              
                
                35
                +    };

              
                
                36
                +    lvm_vg = {

              
                
                37
                +      pool = {

              
                
                38
                +        type = "lvm_vg";

              
                
                39
                +        lvs = {

              
                
                40
                +          root = {

              
                
                41
                +            size = "100%FREE";

              
                
                42
                +            content = {

              
                
                43
                +              type = "filesystem";

              
                
                44
                +              format = "ext4";

              
                
                45
                +              mountpoint = "/";

              
                
                46
                +              mountOptions = [

              
                
                47
                +                "defaults"

              
                
                48
                +              ];

              
                
                49
                +            };

              
                
                50
                +          };

              
                
                51
                +        };

              
                
                52
                +      };

              
                
                53
                +    };

              
                
                54
                +  };

              
                
                55
                +}

              

A nix/hosts/thought/hardware-configuration.nix

···
                
                1
                +# Do not modify this file!  It was generated by ‘nixos-generate-config’

              
                
                2
                +# and may be overwritten by future invocations.  Please make changes

              
                
                3
                +# to /etc/nixos/configuration.nix instead.

              
                
                4
                +{ config, lib, pkgs, modulesPath, ... }:

              
                
                5
                +

              
                
                6
                +{

              
                
                7
                +  imports =

              
                
                8
                +    [ (modulesPath + "/profiles/qemu-guest.nix")

              
                
                9
                +    ];

              
                
                10
                +

              
                
                11
                +  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "virtio_blk" ];

              
                
                12
                +  boot.initrd.kernelModules = [ ];

              
                
                13
                +  boot.kernelModules = [ "kvm-intel" ];

              
                
                14
                +  boot.extraModulePackages = [ ];

              
                
                15
                +

              
                
                16
                +  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

              
                
                17
                +  # (the default) this is the recommended approach. When using systemd-networkd it's

              
                
                18
                +  # still possible to use this option, but it's recommended to use it in conjunction

              
                
                19
                +  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

              
                
                20
                +  networking.useDHCP = lib.mkDefault true;

              
                
                21
                +  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;

              
                
                22
                +  # networking.interfaces.ens4.useDHCP = lib.mkDefault true;

              
                
                23
                +

              
                
                24
                +  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

              
                
                25
                +}

              

A nix/modules/freshrss.nix

···
                
                1
                +{ config, pkgs, ... }:

              
                
                2
                +{

              
                
                3
                +  age.secrets.freshrss-olex = {

              
                
                4
                +    file = ../secrets/freshrss-olex.age;

              
                
                5
                +    owner = "freshrss";

              
                
                6
                +    group = "freshrss";

              
                
                7
                +  };

              
                
                8
                +

              
                
                9
                +  services.freshrss = {

              
                
                10
                +    enable = true;

              
                
                11
                +    defaultUser = "olex";

              
                
                12
                +    passwordFile = config.age.secrets.freshrss-olex.path;

              
                
                13
                +    webserver = "caddy";

              
                
                14
                +    virtualHost = "rss.olexsmir.xyz";

              
                
                15
                +    baseUrl = "https://rss.olexsmir.xyz";

              
                
                16
                +    extensions = [

              
                
                17
                +      pkgs.freshrss-extensions.reddit-image

              
                
                18
                +      (pkgs.stdenv.mkDerivation {

              
                
                19
                +        pname = "freshrss-official-extensions";

              
                
                20
                +        version = "unstable-2025-01-16";

              
                
                21
                +        src = pkgs.fetchFromGitHub {

              
                
                22
                +          owner = "FreshRSS";

              
                
                23
                +          repo = "Extensions";

              
                
                24
                +          rev = "3605f65b65e13ad818d4acbe337f7147feeb0970";

              
                
                25
                +          hash = "sha256-1c0d0szF21JHm/Sw16iSLPik3HIv2xjxKmvuAkLKqM0=";

              
                
                26
                +        };

              
                
                27
                +        installPhase = ''

              
                
                28
                +          mkdir -p $out/share/freshrss/extensions

              
                
                29
                +          cp -r xExtension-* $out/share/freshrss/extensions/

              
                
                30
                +        '';

              
                
                31
                +      })

              
                
                32
                +    ];

              
                
                33
                +  };

              
                
                34
                +}

              

A nix/modules/moviefeed.nix

···
                
                1
                +{ pkgs, ... }:

              
                
                2
                +let

              
                
                3
                +  configFile = "/home/q/moviedfeed.yml";

              
                
                4
                +  version = "2bda86db";

              
                
                5
                +  moviefeed = pkgs.buildGoModule {

              
                
                6
                +    pname = "moviefeed";

              
                
                7
                +    inherit version;

              
                
                8
                +    vendorHash = "sha256-FWkYhhX/cZhF+ctgbYPhPRYcQZSLIL3zoaxqrbWZCcU=";

              
                
                9
                +    src = pkgs.fetchFromGitHub {

              
                
                10
                +      owner = "olexsmir";

              
                
                11
                +      repo = "moviefeed";

              
                
                12
                +      rev = version;

              
                
                13
                +      hash = "sha256-g05iqKH3g6Q536AF3Xb2zYx3jiLXybaavM7UB9Hu5Dg=";

              
                
                14
                +    };

              
                
                15
                +  };

              
                
                16
                +in

              
                
                17
                +{

              
                
                18
                +  services.caddy.virtualHosts."moviefeed.olexsmir.xyz".extraConfig = ''

              
                
                19
                +    reverse_proxy localhost:8000

              
                
                20
                +  '';

              
                
                21
                +

              
                
                22
                +  systemd.services.moviefeed = {

              
                
                23
                +    description = "moviefeed API server";

              
                
                24
                +    wantedBy = [ "multi-user.target" ];

              
                
                25
                +    after = [ "network-online.target" ];

              
                
                26
                +    wants = [ "network-online.target" ];

              
                
                27
                +

              
                
                28
                +    serviceConfig = {

              
                
                29
                +      Type = "simple";

              
                
                30
                +      User = "q";

              
                
                31
                +      Restart = "on-failure";

              
                
                32
                +      RestartSec = 2;

              
                
                33
                +      ExecStart = "${moviefeed}/bin/moviefeed --config ${configFile}";

              
                
                34
                +      NoNewPrivileges = true;

              
                
                35
                +      ProtectSystem = "strict";

              
                
                36
                +      ReadOnlyPaths = [ configFile ];

              
                
                37
                +    };

              
                
                38
                +  };

              
                
                39
                +}

              

A nix/modules/soju.nix

···
                
                1
                +{ ... }:

              
                
                2
                +let

              
                
                3
                +  domain = "irc.olexsmir.xyz";

              
                
                4
                +in

              
                
                5
                +{

              
                
                6
                +  networking.firewall.allowedTCPPorts = [ 6697 ];

              
                
                7
                +  services.caddy = {

              
                
                8
                +    virtualHosts.${domain}.extraConfig = ''

              
                
                9
                +      respond "irc bouncer"

              
                
                10
                +    '';

              
                
                11
                +    globalConfig = ''

              
                
                12
                +      layer4 {

              
                
                13
                +        :6697 {

              
                
                14
                +          route {

              
                
                15
                +            tls

              
                
                16
                +            proxy {

              
                
                17
                +              proxy_protocol v2

              
                
                18
                +              upstream localhost:6667

              
                
                19
                +            }

              
                
                20
                +          }

              
                
                21
                +        }

              
                
                22
                +      }

              
                
                23
                +    '';

              
                
                24
                +  };

              
                
                25
                +

              
                
                26
                +  services.soju = {

              
                
                27
                +    enable = true;

              
                
                28
                +    hostName = domain;

              
                
                29
                +    listen = [ "irc+insecure://localhost:6667" ];

              
                
                30
                +    acceptProxyIP = [ "localhost" ];

              
                
                31
                +  };

              
                
                32
                +}

              

A nix/modules/tangled.nix

···
                
                1
                +{ ... }:

              
                
                2
                +{

              
                
                3
                +  services.caddy.virtualHosts."knot.olexsmir.xyz".extraConfig = ''

              
                
                4
                +    reverse_proxy localhost:5555

              
                
                5
                +  '';

              
                
                6
                +

              
                
                7
                +  services.tangled.knot = {

              
                
                8
                +    enable = true;

              
                
                9
                +    openFirewall = false;

              
                
                10
                +    motd = "i use arch btw\n";

              
                
                11
                +    server = {

              
                
                12
                +      owner = "did:plc:slhnamqkslwa5e5e5hrznbxr";

              
                
                13
                +      hostname = "knot.olexsmir.xyz";

              
                
                14
                +    };

              
                
                15
                +  };

              
                
                16
                +}

              

A nix/modules/wireguard.nix

···
                
                1
                +{ config, pkgs, ... }:

              
                
                2
                +{

              
                
                3
                +  boot.kernel.sysctl = {

              
                
                4
                +    "net.ipv4.ip_forward" = 1;

              
                
                5
                +  };

              
                
                6
                +

              
                
                7
                +  networking.firewall.allowedUDPPorts = [ 51820 ];

              
                
                8
                +  networking.nat = {

              
                
                9
                +    enable = true;

              
                
                10
                +    externalInterface = "ens3";

              
                
                11
                +    internalInterfaces = [ "wg0" ];

              
                
                12
                +  };

              
                
                13
                +

              
                
                14
                +  age.secrets.wg-private-key = {

              
                
                15
                +    file = ../secrets/wg-private-key.age;

              
                
                16
                +  };

              
                
                17
                +

              
                
                18
                +  networking.wireguard.interfaces.wg0 = {

              
                
                19
                +    ips = [ "10.100.0.1/24" ];

              
                
                20
                +    listenPort = 51820;

              
                
                21
                +    privateKeyFile = config.age.secrets.wg-private-key.path;

              
                
                22
                +

              
                
                23
                +    # This allows the wireguard server to route your traffic to the internet and hence be like a VPN

              
                
                24
                +    # For this to work you have to set the dnsserver IP of your router (or dnsserver of choice) in your clients

              
                
                25
                +    postSetup = ''

              
                
                26
                +      ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE

              
                
                27
                +    '';

              
                
                28
                +    postShutdown = ''

              
                
                29
                +      ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o ens3 -j MASQUERADE

              
                
                30
                +    '';

              
                
                31
                +

              
                
                32
                +    peers = [

              
                
                33
                +      {

              
                
                34
                +        # laptop

              
                
                35
                +        publicKey = "cF0abpqZiMrofQUgFHS4D+FuXq3ZoCPBQUlr6WuvBwM=";

              
                
                36
                +        allowedIPs = [ "10.100.0.2/32" ];

              
                
                37
                +      }

              
                
                38
                +      {

              
                
                39
                +        # phone

              
                
                40
                +        publicKey = "GodHMXUBh/0aEyz+XBJID7pm/Hi8xnZv6YzkQbl/Uwc=";

              
                
                41
                +        allowedIPs = [ "10.100.0.3/32" ];

              
                
                42
                +      }

              
                
                43
                +    ];

              
                
                44
                +  };

              
                
                45
                +}

              

A nix/readme.txt

···
                
                1
                +nix

              
                
                2
                +---

              
                
                3
                +

              
                
                4
                +install:

              
                
                5
                +  nix run github:nix-community/nixos-anywhere -- ./hosts/thought/hardware-configuration.nix --flake .#thought --target-host root@<IP>

              
                
                6
                +  ssh q@IP

              
                
                7
                +  git clone https://github.com/olexsmir/dotfiles.git

              
                
                8
                +  cd dotfiles/nix

              
                
                9
                +  sudo nixos-rebuild switch --flake .#thought

              

A nix/secrets/freshrss-olex.age

···
                
                1
                +age-encryption.org/v1

              
                
                2
                +-> ssh-ed25519 jgjvUw dIOnVUmbf9R0pl92JrlTDWa/htZQEUUPdTbNCKTa+S4

              
                
                3
                +R4unw/VGqtrNG/otzW3HjvgMtZK+RT7tqs6dZkLh3pc

              
                
                4
                +-> X25519 E3+gKkjH6LkkYhnwE+9QbPiSYOEF3GJhbVXy2+mCDTM

              
                
                5
                +IcwPmVZ8IOLhzJNUeMicC0cPmDym0TjFb7P8MHBwDNI

              
                
                6
                +--- JF/k9Wyj6kIEX7F1SjkqiFlv8UFngZ4lJvVwWQ8425c

              
                
                7
                +��m��r8��M�}2�;�	-�D����~vMa9"�T

              
                
                8
                +:ڔV�9�
              

A nix/secrets/q-password.age

···
                
                1
                +age-encryption.org/v1

              
                
                2
                +-> ssh-ed25519 jgjvUw Yy4VmBRoL5acIbY+GMmg5qW9iTp9U/XZSvx12r3SzRU

              
                
                3
                +rNNYDN0ikwrSJf8kKi0uLczMY39rg0Xi3MSvR9fAzYU

              
                
                4
                +-> X25519 t9640/amrr9kdgjY9ALE0n6yoaqMGTCjjk0OxPmHwwM

              
                
                5
                +x6nm6fXvrrRngMJVY8oGh8QJU0K5TBkl7S+v5E3k8iw

              
                
                6
                +--- kM18cW1nk37CnZlFmdS0XAuCt6gHzazZ83X9iNuzb5w

              
                
                7
                +���X�O�b^����Y�e]�y��G-��d�����M�
              

A nix/secrets/secrets.nix

···
                
                1
                +let

              
                
                2
                +  laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLLJdkVYKZgsayw+sHanKPKZbI0RMS2CakqBCEi5Trz";

              
                
                3
                +  infra = "age1k4e6mm0whyjzfaqlhahu2pst4vxvzul53xs3ff0tk8uty459zgzqk3965k";

              
                
                4
                +  allKeys = [

              
                
                5
                +    laptop

              
                
                6
                +    infra

              
                
                7
                +  ];

              
                
                8
                +in

              
                
                9
                +{

              
                
                10
                +  "q-password.age".publicKeys = allKeys;

              
                
                11
                +  "freshrss-olex.age".publicKeys = allKeys;

              
                
                12
                +  "wg-private-key.age".publicKeys = allKeys;

              
                
                13
                +}

              

A nix/secrets/wg-private-key.age

Not showing binary file.

A nix/users/_sshkeys.nix

···
                
                1
                +[

              
                
                2
                +  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLLJdkVYKZgsayw+sHanKPKZbI0RMS2CakqBCEi5Trz" # laptop

              
                
                3
                +  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINeXccmMQ9jfLG2Z8CITaZZ+pUgYVNVYDFtmdkBHd3xk u0_a930@localhost" # phone

              
                
                4
                +]

              

A nix/users/q.nix

···
                
                1
                +{ config, ... }:

              
                
                2
                +{

              
                
                3
                +  age.secrets.q-password.file = ../secrets/q-password.age;

              
                
                4
                +

              
                
                5
                +  users.users.q = {

              
                
                6
                +    isNormalUser = true;

              
                
                7
                +    extraGroups = [

              
                
                8
                +      "wheel"

              
                
                9
                +      "headscale"

              
                
                10
                +    ];

              
                
                11
                +    hashedPasswordFile = config.age.secrets.q-password.path;

              
                
                12
                +    openssh.authorizedKeys.keys = import ./_sshkeys.nix;

              
                
                13
                +  };

              
                
                14
                +}