caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-31 11:34:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: caperren:20e338c38008bf9a2b8653ba45649a4020597c37
Branches Tags
caperren:main caperren:working-branch caperren:cluster-config caperren:sops-testing
...
compare: caperren:sops-testing
Branches Tags
caperren:working-branch caperren:main caperren:cluster-config caperren:sops-testing

78 Commits
20e338c380 ... sops-testi

Author SHA1 Message Date
Corwin Perren
1fe9c9c9cf Secondaries need to inherit secondary config 2025-12-13 15:56:29 -08:00
Corwin Perren
d72c3d4e56 Re-enable secondaries 2025-12-13 15:28:48 -08:00
Corwin Perren
307cf5108c Re-enable nix rebuild service for cluster 2025-12-13 15:23:24 -08:00
Corwin Perren
b110daed58 Re-enable primary server 2025-12-13 15:09:38 -08:00
Corwin Perren
180d6cf1b0 Reset cluster for change to sops-nix managed token 2025-12-13 15:06:11 -08:00
Corwin Perren
b3fd29faef Fixed home manager inputs, and got sops-nix working for all current hosts 2025-12-13 14:54:15 -08:00
Corwin Perren
a3837016ae Fixed sops config 2025-12-13 03:03:38 -08:00
Corwin Perren
d40951b6a8 Actually commit default.yaml 2025-12-13 02:36:59 -08:00
Corwin Perren
ade7bdd892 Add default.yaml for sops and set as such 2025-12-13 02:36:20 -08:00
Corwin Perren
420513c859 Had to run sops updatekeys to add new hosts 2025-12-13 02:31:36 -08:00
Corwin Perren
35c0153da9 Temporarily remove git autorebuild 2025-12-13 02:26:00 -08:00
Corwin Perren
154a177a51 Huh, guess it has to be relative 2025-12-13 02:21:29 -08:00
Corwin Perren
439d48d1bf Absolute secrets path 2025-12-13 02:19:41 -08:00
Corwin Perren
71b9956ecd Remove home manager sops for now 2025-12-13 02:17:15 -08:00
Corwin Perren
2b77870bda Add config import 2025-12-13 02:05:26 -08:00
Corwin Perren
c65056be55 Import config for home manager settings 2025-12-13 01:59:07 -08:00
Corwin Perren
353135a2d9 Initial keys, and basic token file for sops cluster testing 2025-12-13 01:55:25 -08:00
Corwin Perren
c360755253 Add mesa-demos for glx testing, tweak to streamdeck for btop 2025-12-11 17:15:41 -08:00
Corwin Perren
8681caca01 Some comments 2025-12-10 10:37:04 -08:00
Corwin Perren
80e3eccd32 Small webcam privacy warning for laptop 2025-12-10 10:17:47 -08:00
Corwin Perren
3ceb749239 Start testing k3s 2025-12-10 10:17:44 -08:00
Corwin Perren
b16e7664b0 Merge pull request #22 from caperren/working-branch 
Added changes for homelab cube cluster, no longer using unstable branch for packages, improved sudoers entries
 2025-12-07 21:38:03 -08:00
Corwin Perren
81d7174bdf Put ncdu back, and enable ssh agent 2025-12-07 21:29:46 -08:00
Corwin Perren
8c284cc708 Final test 2025-12-07 21:15:01 -08:00
Corwin Perren
1fa619b95f Revert to using system config path 2025-12-07 21:09:20 -08:00
Corwin Perren
0bfc3792be Try current system path instead 2025-12-07 21:04:33 -08:00
Corwin Perren
df2327bfc0 Missing config import 2025-12-07 21:00:59 -08:00
Corwin Perren
28fbea14f6 Use system path config for sudoers changes 2025-12-07 20:59:19 -08:00
Corwin Perren
7611e586c8 Just make auto-rebuild passwordless for the cluster-admin 2025-12-07 20:54:39 -08:00
Corwin Perren
a8e001ebb1 Testing service 2025-12-07 20:45:18 -08:00
Corwin Perren
8d6736598e Remove escape char 2025-12-07 20:40:41 -08:00
Corwin Perren
3fc2f34991 Switch to system config rebuild 2025-12-07 20:38:59 -08:00
Corwin Perren
0d9db0fd89 Add more paths 2025-12-07 20:35:41 -08:00
Corwin Perren
6e6ba6c71f Flip quote styles 2025-12-07 20:31:32 -08:00
Corwin Perren
e797745a62 Copy settings from nix auto-upgrade 2025-12-07 20:26:55 -08:00
Corwin Perren
b2cfd98331 Remove double single-quote 2025-12-07 20:12:07 -08:00
Corwin Perren
4b0011d221 Command, not commands 2025-12-07 20:11:03 -08:00
Corwin Perren
6f852032c9 Seperate commands 2025-12-07 20:10:06 -08:00
Corwin Perren
90a55fab87 Double single quote 2025-12-07 20:08:26 -08:00
Corwin Perren
89b373db53 Allow git-auto-rebuild without password for admins 2025-12-07 20:06:26 -08:00
Corwin Perren
5d041ac5c7 Switch to packages definition 2025-12-07 19:58:48 -08:00
Corwin Perren
54bb3cb054 No auto-start 2025-12-07 19:54:46 -08:00
Corwin Perren
4b9374f753 Full paths for everything 2025-12-07 19:52:33 -08:00
Corwin Perren
9cd5470c55 Missing cd 2025-12-07 19:51:25 -08:00
Corwin Perren
561c632289 Switch to shell command and add git pull 2025-12-07 19:49:33 -08:00
Corwin Perren
40b6bde6a4 Misspelling 2025-12-07 19:47:58 -08:00
Corwin Perren
8c4de5f015 Testing git auto-rebuild for cluster 2025-12-07 19:45:59 -08:00
Corwin Perren
0d65e64e34 Remove kdenlive for build failure 2025-12-07 18:39:19 -08:00
Corwin Perren
9191d2c954 Add slim7 pubkey for ssh 2025-12-07 18:36:52 -08:00
Corwin Perren
f6387b341f Fix clust-09 hardware 2025-12-07 18:20:20 -08:00
Corwin Perren
246c71dc43 Fix clust-08 hardware 2025-12-07 18:16:17 -08:00
Corwin Perren
1c944019f4 Add configs for other cluster hosts 2025-12-07 17:44:32 -08:00
Corwin Perren
dbd85672a3 Deduplicate cluster config 2025-12-07 17:28:12 -08:00
Corwin Perren
6cbde55575 Add cap-clust-01 to test 2025-12-07 17:04:34 -08:00
Corwin Perren
4fe3ce49e6 Add pubkeys for ssh on caperren and cluster admin from caperren account 2025-12-07 16:58:02 -08:00
Corwin Perren
e717edc177 Add cluster host definitions, cluster utilities, and admin, switch nixpkgs to stable 2025-12-07 16:46:54 -08:00
Corwin Perren
af7b1d1b63 Add solaar autostart 2025-12-07 15:49:10 -08:00
Corwin Perren
23cf49aec7 Merge pull request #21 from caperren/working-branch 
Virtualization configs, no waydroid, new work desk monitor, itch for games, new camera dashboard url, utils
 2025-12-05 01:14:06 -08:00
Corwin Perren
c23b3eae53 Comments 2025-12-05 01:13:14 -08:00
Corwin Perren
b6a769c4fa Replaced old broken lg monitor with equivalent and working dell 2025-12-05 01:09:26 -08:00
Corwin Perren
447ad9e125 Re-enable pcb2gcode, make itch window autoclose after startup since the application setting for it doesn't work, update monitoring dashboard url for streamdeck 2025-12-04 14:11:26 -08:00
Corwin Perren
1f27c34b09 Add dmidecode 2025-11-19 23:18:54 -08:00
Corwin Perren
379f039591 Autolaunch itch 2025-11-16 12:10:42 -08:00
Corwin Perren
05b706e37f Switched to docker for virtualization, added itch games launcher 2025-11-14 15:17:27 -08:00
Corwin Perren
3392366413 Added virtualization container policy config 2025-11-07 15:41:57 -08:00
Corwin Perren
85e1ecd46a Removed waydroid, enabled docker socket compat and added self to group, default to shutting phone screen off on rdp disconnect 2025-11-07 15:23:10 -08:00
Corwin Perren
b1376e1cea Merge pull request #20 from caperren/working-branch 
Working branch
 2025-11-07 15:04:45 -08:00
Corwin Perren
3f83fc9d57 Also make phone stay awake in rdp mode 2025-11-07 15:04:14 -08:00
Corwin Perren
f536cea5c3 Skip fullscreen option on phonerdp 2025-11-07 14:59:57 -08:00
Corwin Perren
3d5c6a443b Added phonerdp desktop entry 2025-11-07 14:58:10 -08:00
Corwin Perren
283f9ad213 Re-enabled nvtop, nopasswd for nvtop, properly enable kitty with remote control, streamdeck now uses alltop, alltop desktop entry, j4-dmenu-desktop as wrapper for bemenu so that desktop entries show, fixed desktop entry location 2025-11-07 14:55:22 -08:00
Corwin Perren
513cf526d8 Added pinta for quick cropping and rotating of images 2025-11-06 17:40:00 -08:00
Corwin Perren
069de41562 Added quick command and desktop file to start an abd screen mirroring session for my android phone 2025-11-05 11:48:16 -08:00
Corwin Perren
5bf0216460 Switched flameshot for custom grim/wl-copy/swappy pipeline, new printscr shortcuts, minor refactoring of some modules, spotify_player swap for streamdeck, new area for hyprland scripts 2025-11-03 20:58:20 -08:00
Corwin Perren
62a324a746 Merge pull request #19 from caperren/working-branch 
Fix kitty accidentally launching glances
 2025-10-31 20:06:19 -07:00
Corwin Perren
e380f07018 Fix kitty accidentally launching glances 2025-10-31 20:05:23 -07:00
Corwin Perren
424a74773f Merge pull request #18 from caperren/working-branch 
General cleanup and refactoring, added glances with config, managed streamdeck config and created new ui for it
 2025-10-31 19:59:53 -07:00
Corwin Perren
064a996b73 Added gimp, removed glances desktop, created new managed streamdeck config with logos 2025-10-31 19:58:39 -07:00
70 changed files with 2161 additions and 1172 deletions
Expand all files Collapse all files

60
.sops.yaml Normal file
View File

@@ -0,0 +1,60 @@
keys:
- &admin_users:
- &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
- &systems:
- &personal:
- &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
- &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
- &cluster:
- &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
- &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
- &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
- &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
- &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
- &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
- &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules:
- path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- path_regex: secrets/default.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/cluster.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p

98
flake.nix
View File

@@ -2,11 +2,16 @@
description = "Nixos config flake"; description = "Nixos config flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -15,19 +20,100 @@
{ {
self, self,
nixpkgs, nixpkgs,
sops-nix,
home-manager, home-manager,
nixos-hardware, nixos-hardware,
... ...
}@inputs: }@inputs:
{ {
nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-03/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-04/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-05/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-06/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-07/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-08/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-09/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { inherit inputs; };
inherit inputs;
};
modules = [ modules = [
./hosts/cap-slim7/configuration.nix ./hosts/cap-slim7/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.lenovo-legion-16arha7
]; ];
@@ -35,9 +121,11 @@
nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ modules = [
./hosts/cap-nr200p/configuration.nix ./hosts/cap-nr200p/configuration.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
sops-nix.nixosModules.sops
]; ];
}; };
}; };

17
hosts/cap-clust-01/configuration.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-primary.nix
];
# sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
networking.hostName = "cap-clust-01";
}

52
hosts/cap-clust-01/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0028a3af-8470-46c2-81ca-6d9be16a6236";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C389-7B6B";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b063ac4-54ee-4b16-b766-9c470733995c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-02/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-02";
}

52
hosts/cap-clust-02/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9fcf291d-2576-44b4-bcba-98e40305e531";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7727-439F";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/56f2d727-03c5-4aef-9871-217bf98cdbb4"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-03/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-03";
}

52
hosts/cap-clust-03/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c2cfd56f-0090-45eb-a239-068fdadd2fd4";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3CF-3854";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e60a5ced-d01e-4613-afba-9b445bc43097"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-04/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-04";
}

52
hosts/cap-clust-04/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b9c79a2f-8c6a-4f86-8562-b2f882992e95";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EF0B-C66E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/9a123c08-cc9b-4516-a158-b274e9b399c3"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-05/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-05";
}

52
hosts/cap-clust-05/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/51ce9236-fe8c-49bc-bb90-1e582d163d04";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FF5C-EB30";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/1d24fd7d-c958-44ad-bb28-c394f3d56a6b"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-06/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-06";
}

52
hosts/cap-clust-06/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8cf14e41-2af7-4bbd-89e2-90f5d04601b8";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/33C3-BB59";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/262fa61f-4beb-4822-ace6-bb15c62b2cca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-07/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-07";
}

52
hosts/cap-clust-07/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ad88a1b0-c98e-4a95-9fb3-3299169c952b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/73CA-8E6D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/c6139db9-2a9d-400a-b8a8-c8f77c5713ca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-08/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-08";
}

52
hosts/cap-clust-08/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/deed37a4-4d5a-465c-93e6-1b7b216e0a1c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3ABB-C794";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6a99a895-a58c-43d2-8b62-02e3c915f46c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

12
hosts/cap-clust-09/configuration.nix Normal file
View File

@@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-09";
}

33
hosts/cap-clust-09/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "amdgpu" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/affec1c2-bf7c-499e-80a6-6615fd163e1a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9E1A-C3DA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a17f3a16-78fb-494d-8319-89e31e1defae"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
modules/application-groups/android.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
programs.adb.enable = true; programs.adb.enable = true;
virtualisation.waydroid.enable = true;
} }

1
modules/application-groups/gaming.nix
View File

@@ -27,6 +27,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bs-manager bs-manager
heroic heroic
itch
monado monado
]; ];
} }

11
modules/application-groups/k3s-primary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server";
tokenFile = config.sops.secrets.k3s_token.path;
clusterInit = true;
};
}

11
modules/application-groups/k3s-secondary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server"; # Or "agent" for worker only nodes
tokenFile = config.sops.secrets.k3s_token.path;
serverAddr = "https://cap-clust-01:6443";
};
}

3
modules/application-groups/media-creation.nix
View File

@@ -4,7 +4,8 @@
audacity audacity
darktable darktable
inkscape inkscape
kdePackages.kdenlive # kdePackages.kdenlive # <- Build Failure
obs-studio obs-studio
pinta
]; ];
} }

1
modules/application-groups/media.nix
View File

@@ -27,6 +27,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
glava glava
gimp
imv imv
plex-desktop plex-desktop
projectm_3 projectm_3

2
modules/application-groups/pcb-design.nix
View File

@@ -2,7 +2,7 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kicad kicad
#pcb2gcode pcb2gcode
]; ];
} }

26
modules/application-groups/system-utilities-cluster.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
services.glances.enable = true;
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
btop
dnsutils
git
htop
iftop
iotop
killall
kitty
ncdu
networkmanager
nmap
nvtopPackages.full
pciutils
unzip
usbutils
util-linux
wget
];
}

7
modules/application-groups/system-utilities.nix
View File

@@ -4,6 +4,7 @@
hardware.logitech.wireless.enable = true; hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true; hardware.logitech.wireless.enableGraphical = true;
programs.ssh.startAgent = true;
programs.thunar.enable = true; programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [ programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin thunar-archive-plugin
@@ -21,6 +22,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop-cuda btop-cuda
desktop-file-utils desktop-file-utils
dmidecode
dnsutils dnsutils
ffmpeg-full ffmpeg-full
git git
@@ -30,16 +32,19 @@
imagemagick imagemagick
iotop iotop
jq jq
k3s
kdePackages.qt6ct kdePackages.qt6ct
killall killall
kitty kitty
swappy
lf lf
mesa-demos
minicom minicom
ncdu ncdu
networkmanager networkmanager
networkmanagerapplet networkmanagerapplet
nmap nmap
# nvtopPackages.full # <- Build failure: https://github.com/nixos/nixpkgs/issues/456928 nvtopPackages.full
openrgb-with-all-plugins openrgb-with-all-plugins
pciutils pciutils
rofi-bluetooth rofi-bluetooth

12
modules/application-groups/virtualization.nix
View File

@@ -1,12 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
virtualisation.podman = {
enable = true; virtualisation.docker.enable = true;
dockerCompat = true; virtualisation.containers.policy = {
default = [ { type = "insecureAcceptAnything"; } ];
}; };
environment.systemPackages = with pkgs; [
distrobox
];
} }

33
modules/host-groups/cluster.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/cluster-admin/cluster-admin.nix
# System Configuration
../system/cpu-amd.nix
../system/fonts.nix
../system/git-auto-rebuild.nix
../system/gpu-amd.nix
../system/home-manager-settings.nix
../system/internationalization.nix
../system/networking.nix
../system/nix-settings.nix
../system/security.nix
../system/systemd-boot.nix
# Application Groups
../application-groups/system-utilities-cluster.nix
];
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

33
modules/system/git-auto-rebuild.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
systemd.services.git-auto-rebuild = {
enable = true;
after = [ "network.target" ];
description = "Rebuilds the git repo at /etc/nixos if there are changes in the currently checked out branch";
# startAt = "*:0/1";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.bash}/bin/bash -c "cd /etc/nixos && ${pkgs.git}/bin/git pull && ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake #$(${pkgs.hostname}/bin/hostname)"'';
};
environment =
config.nix.envVars
// {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
}
// config.networking.proxy.envVars;
path = with pkgs; [
bash
coreutils
gnutar
hostname
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
};
}

8
modules/system/gpu-amd.nix
View File

@@ -1,5 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.xserver.videoDrivers = [ "amdgpu" ]; hardware.graphics = {
enable = true;
enable32Bit = true;
};
nixpkgs.config.rocmSupport = true;
services.xserver.videoDrivers = [ "amdgpu" ];
} }

12
modules/system/home-manager-settings.nix
View File

@@ -1,5 +1,11 @@
{ config, pkgs, ... }: { inputs, ... }:
{ {
home-manager.useGlobalPkgs = true; home-manager = {
home-manager.backupFileExtension = "bkp"; useGlobalPkgs = true;
backupFileExtension = "bkp";
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
};
} }

35
modules/system/hyprland.nix
View File

@@ -1,35 +1,32 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.xserver = {
enable = true;
};
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.hypridle.enable = true;
services.xserver.enable = true;
xdg.portal.enable = true; xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.hypridle.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
arandr arandr
bemenu
dunst dunst
flameshot
grim grim
hyprpaper hyprpaper
hyprpicker hyprpicker
@@ -43,7 +40,7 @@
swayimg swayimg
wl-clipboard wl-clipboard
wlogout wlogout
bemenu
]; ];
} }

45
modules/system/security.nix
View File

@@ -1,20 +1,57 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = { security.sudo = {
enable = true; enable = true;
extraRules = [ extraRules = [
{ {
groups = [ "wheel" ];
commands = [ commands = [
{ {
command = "${pkgs.systemd}/bin/reboot"; command = "${config.system.path}/bin/reboot";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
{ {
command = "${pkgs.systemd}/bin/poweroff"; command = "${config.system.path}/bin/poweroff";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];
groups = [ "wheel" ]; }
{
users = [ "cluster-admin" ];
commands = [
{
command = "${config.system.path}/bin/systemctl start git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/systemctl stop git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "caperren" ];
commands = [
{
command = "${config.system.path}/bin/nvtop";
options = [
"NOPASSWD"
"SETENV"
];
}
];
} }
]; ];
}; };

115
secrets/cluster.yaml Normal file
View File

@@ -0,0 +1,115 @@
k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T09:05:22Z"
mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

115
secrets/default.yaml Normal file
View File

@@ -0,0 +1,115 @@
default: ENC[AES256_GCM,data:hblL4UM//g==,iv:pu+XlfdZl8XZFk16iwV5juImHosUfOhZJ54UAzi9iwo=,tag:8h2ybkmNoqUT85L2JfXLrA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJWUtjYmxwWVJtekY5RTcz
Yno1M0Z6RnRYRkowRmVWMWVTNWRTc0RWWWprCjlRZ0dVYnkzaU1CTmljR2VxVDZX
a1lzNUNCb0FrdGhvcUV1NTUxa0RRMG8KLS0tIG9PVWMzbHA4Q2YrbTQ2cWFpTU1F
NE9TN3QyNEZEM1BoeFFSRHZqUmF0TlkKSvm5PXarwX2/034Y2LThEVQWgGm4emWU
abvCD566vlA+MZdRx0CUo1S8xqXDse9inAwroPs3nZ2TabtvCAqNGA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4Y2J5a1V5Q1U0eVZPOGlB
R2dBcElMQ0kwQUJCTkJuT0J2Tm9ETVlNcUYwCm0wbndXdFBZUllRZm5zdEVEczl4
b1NYVXFqVlhTb0R5YTZSUnBlMGNYSkUKLS0tIGJXOUNYV0NNZUlnd3I2OUhjSCs0
QzA3SXcwQmI4WE5qTElVWFhmRVhyN28KE2br0ZBj8dUep8O6hf0W1mrOXTDhTq/X
xR6zx93tpGdqg+jT0BS+7GMaxj4jM5VMmrTYQrIZc0g9ah34AbFT6g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyQzl1MWtYczd5aEpacFNZ
elpwaC90d2xTWUFJeGdMTjkxSVhZTUU4a3hnCnFOZ1ViS0hqbW45aU0vajh5NjVv
VmNYcmNGT21lMDl4QnljOS9oSHNpTjAKLS0tIGpndTNQU21PSVU1UzErTjFtOVYw
ZU1IRWdacUtKeEloQjM0TFU3Q1A0OUkKiFY+UfTgGtPuQBuHfmRKEVV6nyi7ggLT
x81Gl5COm0zCuXJuQw5FQutFXnYRC/9ndlNpO1HmrDHnEDp1osdNqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSUnFJVWNYYlNLSk1xbFYy
WGlBYzZHYVc5USt2eXNKdzlabWhYMWExZTFvCmZTeTJxWVhISWt5cjBwT3gvcnJ6
QzNRL0lFUGcraURLVnBGQXpXUzFiVG8KLS0tIEpobkwvaHBRU0FjQ3NIWDc2bWRj
ZWpwYURSc2dGTzJGaWgrWDRKZlRDZzQK0BZeC4JAbP8sHVy48O5rTyojRIkL8SUe
JPTYEa/wIDWOgp9Kkxa6QwVMr061pdEnIF6pal2efJjtvS0Q8JaegQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQVzUwSkQrTGhBQ1VVR25D
ZU5BY1NnUVVhVTJ2VUxPTWpqVXNhQWhpc0dnCk5EQ3JYdmUvQWo3QzdqcXVaN2Q4
ODFIeVhZWFAwV0hvUm5UTyt3VEZ3NFUKLS0tIElZL2NqQTY0dGJzVjJNWEh2U0pp
Nk94MldCTnZQRG00S1NGZWlsbmxLencKkeUHuYFIwQYdAAwfBcJ4F/1oR8mQfK9t
ka9WdGJZ+w2UDU0zOdkaD01lnqHenV/MhkzQ+SYnFEETDNLWt+OkwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWdktET3FCUmw2TVhSWXcv
MTlHYlR2KzhPS2ZrdHA5ekcxZVZSc1JNM3lVCndQZUFKTFJFZG1GVWJvWllobGJU
eERoSmFMZWh5ZmZHM3Z3UWc5aVpab0EKLS0tIFIrdkdyaHg1NFVpM1JGWlBSWWpu
N0Q4YzZCbmd6bUc0U3FaZ3lLNUJOTXMKHC/emqz88i9dq+rWaw7Lh92pdu2D1aDD
K7G4d5AgRuSZxPWxwQMGTsCS3arsex0KrxdWE2ksZYTwVdi5CU3zTA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrM1BWd08zNFNPdTlUa1Vt
TzBJcDNIbHl3aXFUMXpkMmE1ajVwVFcrUVZBCkFDUnEyRktNRDlLdmFZT3Y0cVNT
UCtQQmhjT2hvbWdSOGh1WkMxcFFBWGMKLS0tIE1NQ3AraGVxVUxvZUVDOC9NY2xE
UHJZOWp6RmU2SFR4bU5hTDJnbHo5Rk0K/6Loz0GabBTy1VxePYwiuDtFCiDniGTv
RP7SKgMbN0SUjeaXwTmksC9DmfhWzXwDJqh/n/cNrtE2yuKR2AGzQA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6d1lFaGxEOElxYjBVV2w5
dVJyUnNveklTbXJQSzA4UlVHYTlWZUUyVlIwCnRwS1RTejAzNllHdWVaYU5tZXhq
bzZVcnpjYXBhWFFnWjY1cFhQZ0JuZ3cKLS0tIE1zYWlJTTV2VWRma2JjWlRZZ2Ro
NitqbEFuUENKaDZWY2dVRU9tWUF4b1kKAZAVyohLFZPMC0O6AF7GUXaE/8Q9bF2s
o1rS/8Cg0KqmalQ992wSMjUj1Z0y+najuaF6Kp9r2Q+6b9IVe7HQFA==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzN01Db01QMVdudC9idjBm
N3B4a3hUR2ZNYUQzL3RVVlQvelFFNUZFTlhFCnpaMDFpcVpkcThFanJRcEVxOFNP
cC9xL29MVTd0R1FUQzMzazVoNDUvMkkKLS0tIEVYRTlZSkVUcmZIVWJ2dmlBVGxq
R0E2MmdSZDFPTG9WMmhzT0dRYWRkclkK6Hg6rNuEhWb1PLA8z5l2YPDBMXxo0VwA
GrpQjbrcFKXTxOpi9FU5m1Dy0HSkEkUnmcFiVr98g6xJwWQjp9Xduw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBoQ0tJRDYzMDQvdVBDZ1ZD
NjJyc2x4NFhhd3oycjRxSFZhaHZTN25kc1NFCldvMy9IWUNadzRNWFh0QVQrczhB
aFhyd1d3cWlad3RCWVN0VWQzNkU5eWsKLS0tIDZSbmxLbnNTYmJhL0l6L1JwRWFN
ZUQ4cVlyL3VYQ0RFdHgvalFnWnU1Z1EKTkQZ14qvVykxfkD1smBd7aXzqji4sUGi
dI0PoKWAy4rqVbNMsNTOutNk8KMxJG+d9Qw947W2O7fA2XIY7/hnug==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiQnNCR2w4YjlzUSt5bDE3
c0VMWmQ4M00zMVErd21DYnlPb0JtelFDeml3CjNGV1ZJMVZOTFNpT1RSc3FXV0No
d25GUGVzTi9WWlVDeWRzd3BDOXNHb1UKLS0tIHFVdVRRb2l4YjlaY0NlUFpiRmxs
aE91WkxSYittL2Y5aWZBUFpYS0tzR28KK7B4TLpgtcRj8zttl/oHaYuedm2r8LDd
6C/cMrD+hQEb45OiDcn4V1L444vwbAZJvzgoiQWem6+1Wvepqe+P0A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmbjJKSGlLbFBCd011bHBG
emM4MVJCKy9UejY3M0E4VWFKTDFUeGZQQkVFCk1ZTkpUYm5adVZOU1hpR0xqOUdi
ZXppQ3lFdlBxQWdRdW9TbUFkcDJFbG8KLS0tIEhycFp1WGRCVUxBVzJRamptYnli
dW1YMTBIa202Tkp3WC9KRUhTckFCMUEKgUhihP1CN+kNOcbtfsr/gofI0tVzMVwo
4aQPOxmvp3gyKdvPtUUTxJ3QrZ3laAHcVmsxPjEPnaAjfmGSUZh/YQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T11:02:46Z"
mac: ENC[AES256_GCM,data:roAByCemPPNz6kkAX1nOL/TU3p2Jv67paQKlouek40FEf5cwVRMmygKDhs1vV8ZO4Ot0xGjXwiq+ylD0aSzbzvdcD/gG+cZ67XpqcW7CQMMtCrQ3Rt+U7q4rxyUeR55VxJdusjwtPp8qPVutKNJlebOUdBgaSKzDzwbnRppDUxk=,iv:PZVwlU3uUO+hHisHaoQAAfcBR2jlB0UHSU7ZFRXYfPo=,tag:0hPLfuSoSLRR1LiOWHFpfQ==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

52
users/caperren/caperren.nix
View File

@@ -2,6 +2,8 @@
let let
hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}"; hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}";
kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}"; kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}";
sshDesktopPubkey = builtins.readFile ./pubkeys/cap-nr200p.pub;
sshLaptopPubkey = builtins.readFile ./pubkeys/cap-slim7.pub;
spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml; spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml;
spotifyPlayerAppTomlText = spotifyPlayerAppTomlText =
builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ] builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ]
@@ -13,12 +15,18 @@ in
isNormalUser = true; isNormalUser = true;
description = "Corwin Perren"; description = "Corwin Perren";
extraGroups = [ extraGroups = [
"networkmanager"
"wheel"
"input"
"dialout"
"plugdev"
"adbusers" "adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"plugdev"
"podman"
"wheel"
];
openssh.authorizedKeys.keys = [
sshDesktopPubkey
sshLaptopPubkey
]; ];
}; };
@@ -43,13 +51,21 @@ in
programs.bemenu.enable = true; programs.bemenu.enable = true;
programs.kitty = { programs.kitty = {
enable = true;
font.name = "JetBrains Mono"; font.name = "JetBrains Mono";
settings = {
allow_remote_control = true;
};
}; };
# Assets programs.ssh.enable = true;
# Assets/scripts
home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons; home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;
# Application config files # Application config files
home.file.".config/containers/policy.json".source = ./dotfiles/.config/containers/policy.json;
home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf; home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf;
home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf; home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf;
home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf; home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf;
@@ -73,18 +89,25 @@ in
home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout; home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout;
# Desktop entry files so bemenu can find them # Desktop entry files so bemenu can find them
home.file.".local/share/glances-bemenu.desktop".source = home.file.".local/share/applications/alltop.desktop".source =
./dotfiles/.local/share/glances-bemenu.desktop; ./dotfiles/.local/share/applications/alltop.desktop;
home.file.".local/share/glava.desktop".source = ./dotfiles/.local/share/glava.desktop; home.file.".local/share/applications/glava.desktop".source =
home.file.".local/share/jetbrains-toolbox.desktop".source = ./dotfiles/.local/share/applications/glava.desktop;
./dotfiles/.local/share/jetbrains-toolbox.desktop; home.file.".local/share/applications/phonerdp.desktop".source =
home.file.".local/share/spotify-player.desktop".source = ./dotfiles/.local/share/applications/phonerdp.desktop;
./dotfiles/.local/share/spotify-player.desktop; home.file.".local/share/applications/spotify-player.desktop".source =
./dotfiles/.local/share/applications/spotify-player.desktop;
# Custom bash aliases # Custom bash aliases
home.shellAliases = { home.shellAliases = {
# Phone remote desktop over usb (adb), with some default flags I want
phonerdp = "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close";
# Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo # Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo
savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json"; savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json";
# Nice to have an alias if I ever want to launch this from cmdline, or see the dbus help string
screenshot = "~/.config/hypr/scripts/screenshot.sh";
}; };
# Theming # Theming
@@ -109,6 +132,9 @@ in
font.name = "JetBrains Mono 11"; font.name = "JetBrains Mono 11";
}; };
home.sessionPath = [
"$HOME/.local/share"
];
home.sessionVariables = { home.sessionVariables = {
GTK_THEME = "Adwaita-dark"; GTK_THEME = "Adwaita-dark";
}; };

7
users/caperren/dotfiles/.config/containers/policy.json Normal file
View File

@@ -0,0 +1,7 @@
{
"default": [
{
"type": "insecureAcceptAnything"
}
]
}

116
users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh Executable file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
# Unashamedly taken from: https://www.reddit.com/r/hyprland/comments/13ivh0c/comment/jkgk65k
# Small edits made for my particular needs
# Flags:
# r: region
# s: screen
#
# c: clipboard
# f: file
# i: interactive
# p: pixel
# Example hyprland bindings
#bind = CTRL, SUPER, ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh
#bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
#bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
#bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
#bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
#bind = SUPER SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
#bind = CTRL SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
#bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
screenshotPath=~/Pictures/screenshots
hyprpicker_launch(){
# Start hyprpicker with screen render (freeze), no fancy, no zoom
# We're just using this to lock the screen in place for grim ingest
hyprpicker -r -n -z -d >/dev/null 2>&1 &
sleep 0.5
}
hyprpicker_kill(){
killall hyprpicker >/dev/null 2>&1
}
trap hyprpicker_kill EXIT
generate_filename(){
# Make sure screenshots path exists first
if [ ! -d "$screenshotPath" ]; then
mkdir -p "$screenshotPath"
fi
echo "$screenshotPath/$(date +%Y-%m-%d_%H-%M-%S).png"
}
active_screen_grim_region(){
hyprctl -j monitors | jq -r '.[] | select(.focused) | "\(.x),\(.y) \(.width)x\(.height)"' -
}
grim_from_region() {
local filename="${1:-}"
local region="${2:-}"
hyprpicker_launch
# Get region of screen to capture, if not passed in
if [ -z "$region" ]; then
region=$(slurp -b '#000000b0' -c '#00000000') || exit 1
fi
# Start grim while screen is still frozen, kill hyprpicker, and pass through data
if [ -z "$filename" ]; then
grim -g "$region" - | {
hyprpicker_kill || true
cat
}
else
grim -g "$region" "$filename" | {
hyprpicker_kill || true
cat
}
fi
}
if [[ $1 == rc ]]; then
grim_from_region | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == rf ]]; then
grim_from_region "$(generate_filename)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == ri ]]; then
grim_from_region | swappy -f - -o "$(generate_filename)"
elif [[ $1 == sc ]]; then
grim_from_region "" "$(active_screen_grim_region)" | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == sf ]]; then
grim_from_region "$(generate_filename)" "$(active_screen_grim_region)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == si ]]; then
grim_from_region "" "$(active_screen_grim_region)" | swappy -f - -o "$(generate_filename)"
elif [[ $1 == p ]]; then
color=$(hyprpicker -a -r)
wl-copy "$color"
notify-send 'Copied to Clipboard' "$color"
else
notify-send 'Screenshot Shortcuts' "Print:\t\t\tRegion to clip
Super+Print:\t\tRegion to file
Ctrl+Print:\t\tRegion to editor
Shift+Print:\t\t\Screen to clip
Shift+Super+Print:\tScreen to file
Ctrl+Shift+Print:\tScreen to editor
Alt+Print:\t\tColor picker to clip" -t 20000
fi

7
users/caperren/dotfiles/.local/share/applications/alltop.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=All Top
Exec=bash -c "kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'"
Icon=alltop
Terminal=false
Categories=Utilities;

0
users/caperren/dotfiles/.local/share/glava.desktop → users/caperren/dotfiles/.local/share/applications/glava.desktop
View File

7
users/caperren/dotfiles/.local/share/applications/phonerdp.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=Phone RDP
Exec=bash -c "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close"
Icon=phonerdp
Terminal=false
Categories=Utilities;

0
users/caperren/dotfiles/.local/share/spotify-player.desktop → users/caperren/dotfiles/.local/share/applications/spotify-player.desktop
View File

7
users/caperren/dotfiles/.local/share/glances-bemenu.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=Glances Bemenu
Exec=kitty -e glances
Icon=glances
Terminal=false
Categories=Media;

7
users/caperren/dotfiles/.local/share/jetbrains-toolbox.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=JetBrains Toolbox
Exec=jetbrains-toolbox
Icon=jetbrains-toolbox
Terminal=false
Categories=Development;IDE;

3
users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
View File

@@ -7,3 +7,6 @@ source = ~/.config/hypr/hyprland-common.conf
# Application launch # Application launch
exec-once = brightnessctl -sd platform::kbd_backlight set 1 exec-once = brightnessctl -sd platform::kbd_backlight set 1
exec-once = brightnessctl -s set 30% exec-once = brightnessctl -s set 30%
# Privacy
exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000

26
users/caperren/dotfiles/hyprland/hyprland-common.conf
View File

@@ -4,7 +4,7 @@ monitor=,preferred,auto,1
# Set programs that you use # Set programs that you use
$terminal = kitty $terminal = kitty
$fileManager = thunar $fileManager = thunar
$menu = bemenu-run --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25" $menu = j4-dmenu-desktop --dmenu='bemenu --ignorecase --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25"' --term='kitty'
# Some default env vars # Some default env vars
env = XCURSOR_SIZE,24 env = XCURSOR_SIZE,24
@@ -83,14 +83,13 @@ windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
$mainMod = SUPER $mainMod = SUPER
bind = $mainMod, T, exec, $terminal
bind = $mainMod, C, killactive,
# Launch terminal # Launch terminal
bind = $mainMod, T, exec, $terminal
bind = SHIFT_SUPER, Return, exec, $terminal bind = SHIFT_SUPER, Return, exec, $terminal
# Close active window # Close active window
bind = $mainMod, Shift+q, killactive, bind = $mainMod, Shift+q, killactive,
bind = $mainMod, C, killactive,
bind = $mainMod, M, exit, bind = $mainMod, M, exit,
bind = $mainMod, E, exec, $fileManager bind = $mainMod, E, exec, $fileManager
@@ -157,6 +156,20 @@ bindl=, XF86AudioNext, exec, playerctl next
bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%- bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%-
bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1% bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1%
# Screenshots
bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
bind = SUPER_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
bind = CTRL_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
# Jetbrains window rules
# Prevent initial focus for JetBrains popups
windowrulev2 = noinitialfocus, class:^jetbrains-.*$, floating:1, title:^$|^\s$|^win\d+$
# Application launch # Application launch
exec-once = kanshi # Automatically handles display configurations exec-once = kanshi # Automatically handles display configurations
exec-once = ydotoold # Autoclicker/autokeyboard for automation exec-once = ydotoold # Autoclicker/autokeyboard for automation
@@ -170,4 +183,9 @@ exec-once = waybar # Wayland specific status bar
exec-once = sleep 5 && nm-applet # Traditional notifications area exec-once = sleep 5 && nm-applet # Traditional notifications area
exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool
exec-once = sleep 5 && streamdeck -n # Streamdeck management tool exec-once = sleep 5 && streamdeck -n # Streamdeck management tool
exec-once = sleep 5 && solaar --window=hide # Logitech device management and battery
exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps
exec-once = sleep 10 && itch # More fun games
exec-once = sleep 15 && hyprctl dispatch closewindow 'title:itch' # Hacky solution to single-shot "windowrule"

15
users/caperren/dotfiles/kanshi/cap-slim7/config
View File

@@ -5,22 +5,17 @@ profile builtin_only {
} }
profile bedroom_desk { profile bedroom_desk {
# Top left to right ##### Top left to right
output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280 output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90 output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
output "DLOGIC Ltd. No Monitor USB_601e-21H1" enable position 3000,1280 output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280
# output "DLOGIC Ltd. No Monitor USB_601e-21H1" mode --custom 1920x1080@60Hz enable position 3000,1280
# Bottom left to right ##### Bottom left to right
output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360 output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
# Primary monitor, which wayland doesn't have a concept of
output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560 output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360 output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360
# Far bottom right (laptop itself) ##### Far bottom right (laptop itself)
output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
} }
profile scotts_apartment_tv {
output "BOE 0x0A9B Unknown" enable mode 2560x1600@165Hz position 0,0 adaptive_sync on
output "Hisense Electric Co., Ltd. HISENSE 0x00000001" enable mode 1920x1080@60Hz position 2560,0
}

1833
users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
View File

File diff suppressed because it is too large Load Diff

BIN
users/caperren/dotfiles/streamdeck/icons/btop-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/firefox-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/glances-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/glava-standin-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/jetbrains-toolbox-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/kitty-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/obsidian-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-arrow-down-long-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-arrow-up-long-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.6 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/spotify-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/thunar-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/unifi-camera-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 679 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/unifi-protect-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/video-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

1
users/caperren/pubkeys/cap-nr200p.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILb5YZG6wCmqoevSHsP9f9eix3iugntBFy9hf/gkGb5v caperren@cap-nr200p

1
users/caperren/pubkeys/cap-slim7.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn/grpCtACdsrw1ocTBsf2Mc6hUZHNwvuZPk8K4UJ3p caperren@cap-slim7

44
users/cluster-admin/cluster-admin.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, pkgs, ... }:
let
sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
in
{
users.users.cluster-admin = {
initialPassword = "changeme";
isNormalUser = true;
description = "Cluster Admin";
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
sshCaperrenDesktopPubkey
sshCaperrenLaptopPubkey
];
};
home-manager.users.cluster-admin = {
home.username = "cluster-admin";
home.homeDirectory = "/home/cluster-admin";
home.stateVersion = "25.05";
home.packages = with pkgs; [ ];
programs.bash.enable = true;
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
};
};
}