caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-31 11:34:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: caperren:20e338c38008bf9a2b8653ba45649a4020597c37
Branches Tags
caperren:main caperren:working-branch caperren:cluster-config caperren:sops-testing
...
compare: caperren:working-branch
Branches Tags
caperren:working-branch caperren:main caperren:cluster-config caperren:sops-testing

103 Commits
20e338c380 ... working-br

Author SHA1 Message Date
Corwin Perren
f6ffd58cf7 Skip keepalive for now 2025-12-31 00:11:41 -08:00
Corwin Perren
e933161b1b Pkgs path for screen on keepalive 2025-12-31 00:09:48 -08:00
Corwin Perren
c894684414 Remove wrong sleep import 2025-12-31 00:07:27 -08:00
Corwin Perren
ecdb021563 Sleep comes from coreutils 2025-12-31 00:06:35 -08:00
Corwin Perren
0cc3d6483c Keepalive only after main service started, delay before starting silent fans 2025-12-31 00:05:51 -08:00
Corwin Perren
df8fcec4d9 Make fan service restart after secrets decryption, undo temp changes 2025-12-30 23:48:34 -08:00
Corwin Perren
469d44f967 Make multi-user wantedBy instead of after to start at boot 2025-12-30 23:36:01 -08:00
Corwin Perren
1b517f56fc Allow n02 to decrypt 2025-12-30 23:33:09 -08:00
Corwin Perren
d4bd57c2fb Enable fan script at boot 2025-12-30 23:21:01 -08:00
Corwin Perren
c5b0bad486 Working version of ilo fan control script 2025-12-30 23:09:14 -08:00
Corwin Perren
434d760397 Added cap-apollo-n02 2025-12-30 20:57:18 -08:00
Corwin Perren
7483d0fc6c Add state version to apollo and cluster 2025-12-30 20:57:18 -08:00
Corwin Perren
bb368c5521 Enable apollo virtualization 2025-12-30 20:57:18 -08:00
Corwin Perren
72d33db2f9 Add apollo admin account 2025-12-30 20:57:18 -08:00
Corwin Perren
537f8494d4 Fix import paths, for real 2025-12-30 20:57:18 -08:00
Corwin Perren
5c327a7ced Fix import paths 2025-12-30 20:57:18 -08:00
Corwin Perren
8c04af52e6 Fix caperren reference 2025-12-30 20:57:18 -08:00
Corwin Perren
444b5894c6 Added cap-apollo-n01 2025-12-30 20:57:18 -08:00
Corwin Perren
6ba1828944 Changed monitoring url for new streamdeck 2025-12-30 20:57:18 -08:00
Corwin Perren
935f3b6575 Added new streamdeck 2025-12-30 20:57:18 -08:00
Corwin Perren
d862884042 Merge pull request #25 from caperren/working-branch 
Swapped out for amd gpu on nr200p
 2025-12-21 20:25:55 -08:00
Corwin Perren
a7a3f1dd4e Swapped out for amd gpu on nr200p 2025-12-21 20:25:22 -08:00
Corwin Perren
4b886de443 Merge pull request #24 from caperren/working-branch 
Remove home-manager ssh config for now due to bad default permissions
 2025-12-13 16:35:03 -08:00
Corwin Perren
6d8ec5e01c Remove home-manager ssh config for now 2025-12-13 16:34:13 -08:00
Corwin Perren
4dd1207568 Merge pull request #23 from caperren/sops-testing 
sops-nix functional, and providing encrypted token for test cluster
 2025-12-13 16:22:29 -08:00
Corwin Perren
1fe9c9c9cf Secondaries need to inherit secondary config 2025-12-13 15:56:29 -08:00
Corwin Perren
d72c3d4e56 Re-enable secondaries 2025-12-13 15:28:48 -08:00
Corwin Perren
307cf5108c Re-enable nix rebuild service for cluster 2025-12-13 15:23:24 -08:00
Corwin Perren
b110daed58 Re-enable primary server 2025-12-13 15:09:38 -08:00
Corwin Perren
180d6cf1b0 Reset cluster for change to sops-nix managed token 2025-12-13 15:06:11 -08:00
Corwin Perren
b3fd29faef Fixed home manager inputs, and got sops-nix working for all current hosts 2025-12-13 14:54:15 -08:00
Corwin Perren
a3837016ae Fixed sops config 2025-12-13 03:03:38 -08:00
Corwin Perren
d40951b6a8 Actually commit default.yaml 2025-12-13 02:36:59 -08:00
Corwin Perren
ade7bdd892 Add default.yaml for sops and set as such 2025-12-13 02:36:20 -08:00
Corwin Perren
420513c859 Had to run sops updatekeys to add new hosts 2025-12-13 02:31:36 -08:00
Corwin Perren
35c0153da9 Temporarily remove git autorebuild 2025-12-13 02:26:00 -08:00
Corwin Perren
154a177a51 Huh, guess it has to be relative 2025-12-13 02:21:29 -08:00
Corwin Perren
439d48d1bf Absolute secrets path 2025-12-13 02:19:41 -08:00
Corwin Perren
71b9956ecd Remove home manager sops for now 2025-12-13 02:17:15 -08:00
Corwin Perren
2b77870bda Add config import 2025-12-13 02:05:26 -08:00
Corwin Perren
c65056be55 Import config for home manager settings 2025-12-13 01:59:07 -08:00
Corwin Perren
353135a2d9 Initial keys, and basic token file for sops cluster testing 2025-12-13 01:55:25 -08:00
Corwin Perren
c360755253 Add mesa-demos for glx testing, tweak to streamdeck for btop 2025-12-11 17:15:41 -08:00
Corwin Perren
8681caca01 Some comments 2025-12-10 10:37:04 -08:00
Corwin Perren
80e3eccd32 Small webcam privacy warning for laptop 2025-12-10 10:17:47 -08:00
Corwin Perren
3ceb749239 Start testing k3s 2025-12-10 10:17:44 -08:00
Corwin Perren
b16e7664b0 Merge pull request #22 from caperren/working-branch 
Added changes for homelab cube cluster, no longer using unstable branch for packages, improved sudoers entries
 2025-12-07 21:38:03 -08:00
Corwin Perren
81d7174bdf Put ncdu back, and enable ssh agent 2025-12-07 21:29:46 -08:00
Corwin Perren
8c284cc708 Final test 2025-12-07 21:15:01 -08:00
Corwin Perren
1fa619b95f Revert to using system config path 2025-12-07 21:09:20 -08:00
Corwin Perren
0bfc3792be Try current system path instead 2025-12-07 21:04:33 -08:00
Corwin Perren
df2327bfc0 Missing config import 2025-12-07 21:00:59 -08:00
Corwin Perren
28fbea14f6 Use system path config for sudoers changes 2025-12-07 20:59:19 -08:00
Corwin Perren
7611e586c8 Just make auto-rebuild passwordless for the cluster-admin 2025-12-07 20:54:39 -08:00
Corwin Perren
a8e001ebb1 Testing service 2025-12-07 20:45:18 -08:00
Corwin Perren
8d6736598e Remove escape char 2025-12-07 20:40:41 -08:00
Corwin Perren
3fc2f34991 Switch to system config rebuild 2025-12-07 20:38:59 -08:00
Corwin Perren
0d9db0fd89 Add more paths 2025-12-07 20:35:41 -08:00
Corwin Perren
6e6ba6c71f Flip quote styles 2025-12-07 20:31:32 -08:00
Corwin Perren
e797745a62 Copy settings from nix auto-upgrade 2025-12-07 20:26:55 -08:00
Corwin Perren
b2cfd98331 Remove double single-quote 2025-12-07 20:12:07 -08:00
Corwin Perren
4b0011d221 Command, not commands 2025-12-07 20:11:03 -08:00
Corwin Perren
6f852032c9 Seperate commands 2025-12-07 20:10:06 -08:00
Corwin Perren
90a55fab87 Double single quote 2025-12-07 20:08:26 -08:00
Corwin Perren
89b373db53 Allow git-auto-rebuild without password for admins 2025-12-07 20:06:26 -08:00
Corwin Perren
5d041ac5c7 Switch to packages definition 2025-12-07 19:58:48 -08:00
Corwin Perren
54bb3cb054 No auto-start 2025-12-07 19:54:46 -08:00
Corwin Perren
4b9374f753 Full paths for everything 2025-12-07 19:52:33 -08:00
Corwin Perren
9cd5470c55 Missing cd 2025-12-07 19:51:25 -08:00
Corwin Perren
561c632289 Switch to shell command and add git pull 2025-12-07 19:49:33 -08:00
Corwin Perren
40b6bde6a4 Misspelling 2025-12-07 19:47:58 -08:00
Corwin Perren
8c4de5f015 Testing git auto-rebuild for cluster 2025-12-07 19:45:59 -08:00
Corwin Perren
0d65e64e34 Remove kdenlive for build failure 2025-12-07 18:39:19 -08:00
Corwin Perren
9191d2c954 Add slim7 pubkey for ssh 2025-12-07 18:36:52 -08:00
Corwin Perren
f6387b341f Fix clust-09 hardware 2025-12-07 18:20:20 -08:00
Corwin Perren
246c71dc43 Fix clust-08 hardware 2025-12-07 18:16:17 -08:00
Corwin Perren
1c944019f4 Add configs for other cluster hosts 2025-12-07 17:44:32 -08:00
Corwin Perren
dbd85672a3 Deduplicate cluster config 2025-12-07 17:28:12 -08:00
Corwin Perren
6cbde55575 Add cap-clust-01 to test 2025-12-07 17:04:34 -08:00
Corwin Perren
4fe3ce49e6 Add pubkeys for ssh on caperren and cluster admin from caperren account 2025-12-07 16:58:02 -08:00
Corwin Perren
e717edc177 Add cluster host definitions, cluster utilities, and admin, switch nixpkgs to stable 2025-12-07 16:46:54 -08:00
Corwin Perren
af7b1d1b63 Add solaar autostart 2025-12-07 15:49:10 -08:00
Corwin Perren
23cf49aec7 Merge pull request #21 from caperren/working-branch 
Virtualization configs, no waydroid, new work desk monitor, itch for games, new camera dashboard url, utils
 2025-12-05 01:14:06 -08:00
Corwin Perren
c23b3eae53 Comments 2025-12-05 01:13:14 -08:00
Corwin Perren
b6a769c4fa Replaced old broken lg monitor with equivalent and working dell 2025-12-05 01:09:26 -08:00
Corwin Perren
447ad9e125 Re-enable pcb2gcode, make itch window autoclose after startup since the application setting for it doesn't work, update monitoring dashboard url for streamdeck 2025-12-04 14:11:26 -08:00
Corwin Perren
1f27c34b09 Add dmidecode 2025-11-19 23:18:54 -08:00
Corwin Perren
379f039591 Autolaunch itch 2025-11-16 12:10:42 -08:00
Corwin Perren
05b706e37f Switched to docker for virtualization, added itch games launcher 2025-11-14 15:17:27 -08:00
Corwin Perren
3392366413 Added virtualization container policy config 2025-11-07 15:41:57 -08:00
Corwin Perren
85e1ecd46a Removed waydroid, enabled docker socket compat and added self to group, default to shutting phone screen off on rdp disconnect 2025-11-07 15:23:10 -08:00
Corwin Perren
b1376e1cea Merge pull request #20 from caperren/working-branch 
Working branch
 2025-11-07 15:04:45 -08:00
Corwin Perren
3f83fc9d57 Also make phone stay awake in rdp mode 2025-11-07 15:04:14 -08:00
Corwin Perren
f536cea5c3 Skip fullscreen option on phonerdp 2025-11-07 14:59:57 -08:00
Corwin Perren
3d5c6a443b Added phonerdp desktop entry 2025-11-07 14:58:10 -08:00
Corwin Perren
283f9ad213 Re-enabled nvtop, nopasswd for nvtop, properly enable kitty with remote control, streamdeck now uses alltop, alltop desktop entry, j4-dmenu-desktop as wrapper for bemenu so that desktop entries show, fixed desktop entry location 2025-11-07 14:55:22 -08:00
Corwin Perren
513cf526d8 Added pinta for quick cropping and rotating of images 2025-11-06 17:40:00 -08:00
Corwin Perren
069de41562 Added quick command and desktop file to start an abd screen mirroring session for my android phone 2025-11-05 11:48:16 -08:00
Corwin Perren
5bf0216460 Switched flameshot for custom grim/wl-copy/swappy pipeline, new printscr shortcuts, minor refactoring of some modules, spotify_player swap for streamdeck, new area for hyprland scripts 2025-11-03 20:58:20 -08:00
Corwin Perren
62a324a746 Merge pull request #19 from caperren/working-branch 
Fix kitty accidentally launching glances
 2025-10-31 20:06:19 -07:00
Corwin Perren
e380f07018 Fix kitty accidentally launching glances 2025-10-31 20:05:23 -07:00
Corwin Perren
424a74773f Merge pull request #18 from caperren/working-branch 
General cleanup and refactoring, added glances with config, managed streamdeck config and created new ui for it
 2025-10-31 19:59:53 -07:00
Corwin Perren
064a996b73 Added gimp, removed glances desktop, created new managed streamdeck config with logos 2025-10-31 19:58:39 -07:00
79 changed files with 4099 additions and 1174 deletions
Expand all files Collapse all files

65
.sops.yaml Normal file
View File

@@ -0,0 +1,65 @@
keys:
- &admin_users:
- &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
- &systems:
- &personal:
- &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
- &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
- &apollo:
- &cap_apollo_n01 age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
- &cap_apollo_n02 age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
- &cluster:
- &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
- &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
- &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
- &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
- &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
- &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
- &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules:
- path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- path_regex: secrets/default.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_apollo_n01
- *cap_apollo_n02
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/cluster.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p

5
README.md
View File

@@ -1,4 +1,9 @@
# nixos-configs # nixos-configs
## Miscellaneous Notes
- To generate the sops age key for a new host
- `nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
- Update keys after adding new host or personal key
- `sops updatekeys <file>`
## Misc references used ## Misc references used
* https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/tree/main * https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/tree/main

117
flake.nix
View File

@@ -2,11 +2,16 @@
description = "Nixos config flake"; description = "Nixos config flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -15,19 +20,119 @@
{ {
self, self,
nixpkgs, nixpkgs,
sops-nix,
home-manager, home-manager,
nixos-hardware, nixos-hardware,
... ...
}@inputs: }@inputs:
{ {
nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-03/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-04/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-05/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-06/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-07/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-08/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-09/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { inherit inputs; };
inherit inputs;
};
modules = [ modules = [
./hosts/cap-slim7/configuration.nix ./hosts/cap-slim7/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.lenovo-legion-16arha7
]; ];
@@ -35,9 +140,11 @@
nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ modules = [
./hosts/cap-nr200p/configuration.nix ./hosts/cap-nr200p/configuration.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
sops-nix.nixosModules.sops
]; ];
}; };
}; };

28
hosts/cap-apollo-n01/configuration.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
networking.hostName = "cap-apollo-n01";
}

31
hosts/cap-apollo-n01/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1fa744fd-82d2-4997-a757-28ae96461a96";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F57E-AA2D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/cap-apollo-n02/configuration.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/apollo-2000.nix
];
networking.hostName = "cap-apollo-n02";
}

31
hosts/cap-apollo-n02/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/71e4a38f-1e1e-4ebb-8e7a-a9489aa61f55";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4A99-55C6";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-01/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-primary.nix
];
networking.hostName = "cap-clust-01";
}

52
hosts/cap-clust-01/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0028a3af-8470-46c2-81ca-6d9be16a6236";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C389-7B6B";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b063ac4-54ee-4b16-b766-9c470733995c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-02/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-02";
}

52
hosts/cap-clust-02/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9fcf291d-2576-44b4-bcba-98e40305e531";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7727-439F";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/56f2d727-03c5-4aef-9871-217bf98cdbb4"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-03/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-03";
}

52
hosts/cap-clust-03/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c2cfd56f-0090-45eb-a239-068fdadd2fd4";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3CF-3854";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e60a5ced-d01e-4613-afba-9b445bc43097"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-04/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-04";
}

52
hosts/cap-clust-04/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b9c79a2f-8c6a-4f86-8562-b2f882992e95";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EF0B-C66E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/9a123c08-cc9b-4516-a158-b274e9b399c3"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-05/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-05";
}

52
hosts/cap-clust-05/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/51ce9236-fe8c-49bc-bb90-1e582d163d04";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FF5C-EB30";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/1d24fd7d-c958-44ad-bb28-c394f3d56a6b"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-06/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-06";
}

52
hosts/cap-clust-06/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8cf14e41-2af7-4bbd-89e2-90f5d04601b8";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/33C3-BB59";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/262fa61f-4beb-4822-ace6-bb15c62b2cca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-07/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-07";
}

52
hosts/cap-clust-07/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ad88a1b0-c98e-4a95-9fb3-3299169c952b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/73CA-8E6D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/c6139db9-2a9d-400a-b8a8-c8f77c5713ca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-08/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-08";
}

52
hosts/cap-clust-08/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/deed37a4-4d5a-465c-93e6-1b7b216e0a1c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3ABB-C794";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6a99a895-a58c-43d2-8b62-02e3c915f46c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-09/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-09";
}

33
hosts/cap-clust-09/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "amdgpu" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/affec1c2-bf7c-499e-80a6-6615fd163e1a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9E1A-C3DA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a17f3a16-78fb-494d-8319-89e31e1defae"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
hosts/cap-nr200p/configuration.nix
View File

@@ -21,7 +21,7 @@
../../modules/system/cpu-amd.nix ../../modules/system/cpu-amd.nix
../../modules/system/desktop.nix ../../modules/system/desktop.nix
../../modules/system/fonts.nix ../../modules/system/fonts.nix
../../modules/system/gpu-nvidia.nix ../../modules/system/gpu-amd.nix
../../modules/system/home-manager-settings.nix ../../modules/system/home-manager-settings.nix
../../modules/system/hyprland.nix ../../modules/system/hyprland.nix
../../modules/system/internationalization.nix ../../modules/system/internationalization.nix

1
modules/application-groups/android.nix
View File

@@ -1,5 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
programs.adb.enable = true; programs.adb.enable = true;
virtualisation.waydroid.enable = true;
} }

1
modules/application-groups/gaming.nix
View File

@@ -27,6 +27,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bs-manager bs-manager
heroic heroic
itch
monado monado
]; ];
} }

11
modules/application-groups/k3s-primary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server";
tokenFile = config.sops.secrets.k3s_token.path;
clusterInit = true;
};
}

11
modules/application-groups/k3s-secondary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server"; # Or "agent" for worker only nodes
tokenFile = config.sops.secrets.k3s_token.path;
serverAddr = "https://cap-clust-01:6443";
};
}

3
modules/application-groups/media-creation.nix
View File

@@ -4,7 +4,8 @@
audacity audacity
darktable darktable
inkscape inkscape
kdePackages.kdenlive # kdePackages.kdenlive # <- Build Failure
obs-studio obs-studio
pinta
]; ];
} }

1
modules/application-groups/media.nix
View File

@@ -27,6 +27,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
glava glava
gimp
imv imv
plex-desktop plex-desktop
projectm_3 projectm_3

2
modules/application-groups/pcb-design.nix
View File

@@ -2,7 +2,7 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kicad kicad
#pcb2gcode pcb2gcode
]; ];
} }

27
modules/application-groups/system-utilities-cluster.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
services.glances.enable = true;
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
btop
dnsutils
git
htop
iftop
iotop
killall
kitty
ncdu
networkmanager
nmap
nvtopPackages.full
pciutils
screen
unzip
usbutils
util-linux
wget
];
}

8
modules/application-groups/system-utilities.nix
View File

@@ -4,6 +4,7 @@
hardware.logitech.wireless.enable = true; hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true; hardware.logitech.wireless.enableGraphical = true;
programs.ssh.startAgent = true;
programs.thunar.enable = true; programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [ programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin thunar-archive-plugin
@@ -21,6 +22,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
btop-cuda btop-cuda
desktop-file-utils desktop-file-utils
dmidecode
dnsutils dnsutils
ffmpeg-full ffmpeg-full
git git
@@ -30,16 +32,19 @@
imagemagick imagemagick
iotop iotop
jq jq
k3s
kdePackages.qt6ct kdePackages.qt6ct
killall killall
kitty kitty
swappy
lf lf
mesa-demos
minicom minicom
ncdu ncdu
networkmanager networkmanager
networkmanagerapplet networkmanagerapplet
nmap nmap
# nvtopPackages.full # <- Build failure: https://github.com/nixos/nixpkgs/issues/456928 nvtopPackages.full
openrgb-with-all-plugins openrgb-with-all-plugins
pciutils pciutils
rofi-bluetooth rofi-bluetooth
@@ -47,6 +52,7 @@
rpiboot rpiboot
s-tui s-tui
scrcpy scrcpy
screen
speedcrunch speedcrunch
streamdeck-ui streamdeck-ui
stress stress

12
modules/application-groups/virtualization.nix
View File

@@ -1,12 +1,10 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
virtualisation.podman = {
enable = true; virtualisation.docker.enable = true;
dockerCompat = true; virtualisation.containers.policy = {
default = [ { type = "insecureAcceptAnything"; } ];
}; };
environment.systemPackages = with pkgs; [
distrobox
];
} }

130
modules/host-groups/apollo-2000.nix Normal file
View File

@@ -0,0 +1,130 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
time.timeZone = "America/Los_Angeles";
sops.secrets = {
"ssh/ilouser/id_rsa" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa";
restartUnits = [ "hpe-silent-fans.service" ];
};
"ssh/ilouser/id_rsa_pub" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa.pub";
};
};
systemd = {
# services.hpe-ilo-keepalive = {
# enable = true;
# after = [
# "network.target"
# "hpe-silent-fans.service"
# ];
# wantedBy = [ "multi-user.target" ];
# description = "Maintains ilo ssh session via sending periodic command";
#
# serviceConfig = {
# Type = "simple";
# ExecStart = ''${pkgs.screen}/bin/screen -S ilofansession -X stuff "fan info^M"'';
# };
#
# path = with pkgs; [
# bash
# config.programs.ssh.package
# screen
# ];
#
# startAt = "*:0/5";
# };
services.hpe-silent-fans = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
description = "Lowers fan speeds by using ilo over ssh to manually set fan parameters";
serviceConfig = {
Type = "simple";
ExecStartPre = ''${pkgs.coreutils}/bin/sleep 30'';
ExecStart = "${pkgs.writeShellScript "hpe-silent-fans.sh" ''
set -e
SCREEN_NAME=ilofansession
SSH_USER=ilouser
SSH_HOST=cap-apollo-ilo02
SSH_KEY=/root/.ssh/ilo_id_rsa
SSH_OPTIONS="-o KexAlgorithms=diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -o StrictHostKeyChecking=no"
# Create screen session
screen -dmS $SCREEN_NAME
# Make initial iLO connection
screen -S $SCREEN_NAME -X stuff "ssh -i $SSH_KEY -t $SSH_USER@$SSH_HOST $SSH_OPTIONS^M"
sleep 5
##### Tune pid for all non-segmented fans
for sensor in 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 26 28 29 30 31 32 38 40 41; do
screen -S $SCREEN_NAME -X stuff "fan pid $sensor lo 1600^M"
sleep 0.5
done
##### Tune pid for segmented fans
for sensor in 8 22 23 24 25 27 39; do
screen -S $SCREEN_NAME -X stuff "fan a $sensor 0 0 16 41 16 25^M"
sleep 0.5
done
##### Set minimum for fan group
screen -S $SCREEN_NAME -X stuff "fan p 0 min 16^M"
''}";
};
path = with pkgs; [
bash
config.programs.ssh.package
coreutils
screen
];
};
# timers.hpe-ilo-keepalive = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnBootSec = "5m";
# OnCalendar = "*-*-* *:0/5:00";
# Unit = "hpe-ilo-keepalive.service";
# };
# };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

33
modules/host-groups/cluster.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/cluster-admin/cluster-admin.nix
# System Configuration
../system/cpu-amd.nix
../system/fonts.nix
../system/git-auto-rebuild.nix
../system/gpu-amd.nix
../system/home-manager-settings.nix
../system/internationalization.nix
../system/networking.nix
../system/nix-settings.nix
../system/security.nix
../system/systemd-boot.nix
# Application Groups
../application-groups/system-utilities-cluster.nix
];
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

4
modules/system/cpu-intel.nix Normal file
View File

@@ -0,0 +1,4 @@
{ config, lib, ... }:
{
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

33
modules/system/git-auto-rebuild.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
systemd.services.git-auto-rebuild = {
enable = true;
after = [ "network.target" ];
description = "Rebuilds the git repo at /etc/nixos if there are changes in the currently checked out branch";
# startAt = "*:0/1";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.bash}/bin/bash -c "cd /etc/nixos && ${pkgs.git}/bin/git pull && ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake #$(${pkgs.hostname}/bin/hostname)"'';
};
environment =
config.nix.envVars
// {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
}
// config.networking.proxy.envVars;
path = with pkgs; [
bash
coreutils
gnutar
hostname
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
};
}

8
modules/system/gpu-amd.nix
View File

@@ -1,5 +1,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
services.xserver.videoDrivers = [ "amdgpu" ]; hardware.graphics = {
enable = true;
enable32Bit = true;
};
nixpkgs.config.rocmSupport = true;
services.xserver.videoDrivers = [ "amdgpu" ];
} }

12
modules/system/home-manager-settings.nix
View File

@@ -1,5 +1,11 @@
{ config, pkgs, ... }: { inputs, ... }:
{ {
home-manager.useGlobalPkgs = true; home-manager = {
home-manager.backupFileExtension = "bkp"; useGlobalPkgs = true;
backupFileExtension = "bkp";
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
};
} }

35
modules/system/hyprland.nix
View File

@@ -1,35 +1,32 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.xserver = {
enable = true;
};
hardware.graphics = { hardware.graphics = {
enable = true; enable = true;
enable32Bit = true; enable32Bit = true;
}; };
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.hypridle.enable = true;
services.xserver.enable = true;
xdg.portal.enable = true; xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.hypridle.enable = true;
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
arandr arandr
bemenu
dunst dunst
flameshot
grim grim
hyprpaper hyprpaper
hyprpicker hyprpicker
@@ -43,7 +40,7 @@
swayimg swayimg
wl-clipboard wl-clipboard
wlogout wlogout
bemenu
]; ];
} }

45
modules/system/security.nix
View File

@@ -1,20 +1,57 @@
{ pkgs, ... }: { pkgs, config, ... }:
{ {
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = { security.sudo = {
enable = true; enable = true;
extraRules = [ extraRules = [
{ {
groups = [ "wheel" ];
commands = [ commands = [
{ {
command = "${pkgs.systemd}/bin/reboot"; command = "${config.system.path}/bin/reboot";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
{ {
command = "${pkgs.systemd}/bin/poweroff"; command = "${config.system.path}/bin/poweroff";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];
groups = [ "wheel" ]; }
{
users = [ "cluster-admin" ];
commands = [
{
command = "${config.system.path}/bin/systemctl start git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/systemctl stop git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "caperren" ];
commands = [
{
command = "${config.system.path}/bin/nvtop";
options = [
"NOPASSWD"
"SETENV"
];
}
];
} }
]; ];
}; };

115
secrets/cluster.yaml Normal file
View File

@@ -0,0 +1,115 @@
k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T09:05:22Z"
mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

136
secrets/default.yaml Normal file
View File

@@ -0,0 +1,136 @@
ssh:
ilouser:
id_rsa: ENC[AES256_GCM,data:BuoM1E1pf9srSfWWV+bIy9H/JAQIMsucJv8T+Sky6HgSsR1WLdOX8pYJSVukuMMisSBG8DJiGy7PgzqeZohrFbkaHpc7gI0S3+803pZQjILzs9kEIrpTzqb+i5UgGPNn7Q9Rk2Etm7UlQAaUSLZg1XfCWV421YeTDFnM42bLy8Lhpb5J/GyP4iYJN5osmlQdjUbzR4wWaYIofWHjTqbNo0yNdMTDPf/bVDw+/34Xx/Xcvc90KtbO/k/gWpOam/Mq/jMoaA0IcZu7p6pu3WWFlilkeBtLefLo8nDEGi13hT2KxrB89npTNWWXf4sejQxkZgp8x1FxA8LH9v6vRunvdBRNTw/JjmtxaF8vKfjd2oxaKztLA8NROYQRpavqv6/NGlyBCU+yncq/E5dl51t7BwDwpSUvYvVEP20qH1JBKtiyuHlLOTOwTJtigOE3EuNxuEViz56Q0tVpQOcPQuSRmwdOg8hMZx/HnaDv52JVxeQHdF8jpzz3E3noB1AbRIAb84XXWVo2QLxFb8W8t5ta5cdOq/Pqte5PNXfT+2pjBIOlfg5mzA9kjH4QOZaO7zBbMj/ZD480gZY+kUMgeXgOtoLSZCPvdBbSjd7Lsd7xYbZSk6m4jOtvbTzpaFX8ZIT4ompC/+G84t3HyxE+UUeBip7mTeOJBCc1WjguKSzdBMmYZUxJAGMmWJ+TQDZSFu2m7bMmLGTgya5isqtcqGN5cGcICxIfOVfuoJ5T6vO3t2ZdUuV2U4+gfCYhtEZbsT/lhgRC0NlMWBhowCRpzhowYLHHGqmUfl5M+JTCAOS1QDmZvaGVc8BC0WWkc+162NGME1D+GRolHF44TfB5IuTQ1cfrv+VvK4DIsEslleAMCxqHPPQPGpCTcCNfe/3Yylkl/Pmogas2P8Q1fyGVTZCsS2G5wugptt8AdfdM+tvmqzlyponw3lNKe+mj1ehunJ8V93ea95cdmVikM6OLykzSrbxsejX8EgIQ0BChAFly38ot7YcmqgfqABCGeiYwOnL/90EuRmYRaMuUihbiRVzGPd5oc0OKDj5xdM2Eq/VRaODCFuhmwK5eLHB3tGab2Bin/8VGZkpWjQsd3H/UYRfPpJqjnhI3/dxD619ouZPfsTfQCVnBaZMYVKzpmeb3geNMeV1h8cDxNsAk85nAnG6RUF7xlqmgF6yUZ/vFtjUq/vCoNHsKvS5sSy73LPXljrVvZyG2K9P6dfTR4n8yYGJCoj95ahCAD4djsr9ylRzj1YTFQ7XdZGxw3GML7rmzuMS/Kk0qMKNYSlS9ru0yIL2baZmntjUKjcl0qigzO74bi3TxyoylmxXA2/80AcRU/fWi0t9g9aTJmuVztPiRQpCLsDzSS/xTjriwThx6v7tgmVwO05SdlBQ5Fk6R1nOsC+4X35l2f6pWJ91nlkfimJM3mY/MZDxWusfgXcS3SBswj59n7zX7AwykcX6/XHVWg91EfB6sRUZyHWsMxwn+i/P5aoIiO43leCD9KX5T0KjRAxa0DG092zM6pRaKEJWeBXTgcFTS5AQdMLVlt5GBHBHw2Slr6SMsUo7A1ycJqP7nw+YdLje86h4edfvbAtowhaBT3WPFoxbtAoBWqkYPgTGs/AiKRsfjecypuCm52bz8VTiw8laRkYFO0nqyYZBm4u2BbVODS6Ji9ZxNpjN/NIDh/5ffhQ611iwL2xgob/yFrjqaRyzPx1DXseMO+Lc0TMEhdSVGG9i8fTJXN8VasDDHxWCQD/ZSyERGCqIDc1+pZBjwABiECsDtQy3DI+oQ3UEPLOFHGS95Kc5+KKij3ptvf61o2J6XKEUY0jqv+puNvmjz7jqsNBY+S524G+06zzcvXsUnWQ3o1lOseFDSl4ZV+a2GiRA+AHj5gSKXTNVUMDsEu7E+4Sg1WVFKLw4KgZ0KubHYQYz56QLojv2TUL3NrK1mUfdn9jeJ01L+CIMTVjz+4UjVI/AZJA370Le01pl0ZMxaFRa0fep1Pa6MikTS7SO8NBtTtbOI2Dt/hBrXpzbicfRU/2pNJ8hEn9in0eXkZ3h0/nHm5J/OrrbVOdvQK9RkF9J0sdgmLtnAxdQjKK7r8Tg17q4vefFRtTEFPz1hV8sOrNXJZc3GRnvINE/7CVYdBQZuq7Bqze9WS+Yqzo2Z7T+cgpLTThBWlL7uGRsNcOdxQOctvoHCDFMV+9+QSH9Cc55Jdbd1T/clludubmyCJLvd5+25haXtRNSivJ/qB/ZbaZq/1PrJw2rl9XuiTczVrG/5Gwpz7a7PVrP8ydIEoTAglMdr9WICKl2cqHo1+k7HOFZluJAugNTV5aRwCvb6roKXsENH6TE68RuiYI8GXD/AzrY86TADCZroeQ+arLW+UuDqQfsnJ6MM02NcSOriAqTbwikGSzNIwkOiuZmwc5Y1pVqe1pyVDf5gN6Q=,iv:IDe6vkBvgAzfxee+/odkLk1TLZRghVEf8hqH2r3+V9I=,tag:OFCA57fQjQxc+CT9DOq+VA==,type:str]
id_rsa_pub: ENC[AES256_GCM,data:hYdf7KifFqkHDa8UF1zvhirc2AkrYpL2VrmV2IJjHzzgbrJxshdA629mTXwXwXORbLwNcMpRR7DFLyHCRDu5cWsxluZ04rNU9sJFmL+6pPUonaa4Wc+9z5VysV8UItY/BZ/5mOMQ2ph/wMQ3pkFnBD58vOFOYsmZ7OCir5dQZfm8GdGDX76bOlOI/CAg/LtwFveHK4trY3EUkxbJQ1soZdpm7ML/7bDN52klaS/EEgwk+FJrNAcm8M+N3kMSZoJyJW7c1OG81d4G84tryt2fa7s2HGT79IX6h4wI0GGu+bl87MgmFC48KdvjPdWowfh2QxkphSLduYQ4ss4EQYgJrmkQznQtt67acCFxNrEyE5psSMQPXtgAbwV94xeqtc+QHzmjHAwICTzk7Q4sFF85cDV54ZyoQDYdfubjpJ6mdE65dftN2eYD/5ywdTq09vRpnlh24PTrp7nn4H+Yddakv5KGhQOnj0p6JHNytXEClmiqxANrsYyhKvZe9gS+5w1RIcrsv9dHr5uL7Q==,iv:PQiVjFf2LlOKa6i7V/DcxYU54m/AbJGwTwUmA9asKI4=,tag:y27R0sMuOno0Al9iD3+MsQ==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OURyTktBK0tLUFNvK3JV
cGZ0a1BNOUgyZHgvZlNEM091Z01pdlNWcHdrCjRyV2Vlamk1SGNGa2lOZjFZUlZW
NXlSaFRuUkVkV2ZWcm51N1ozbGp1Zk0KLS0tIFA3TmNueE5hSGxwZVlXeW9mOXZG
bWxNZVphblFnV3J2RnBnRjhIV1psTUkKvuHFAmPg7AgSgpSv3cRDDSYRRiG2pWIv
qs3gUknD2QAuo1dBGol6p3lzvuGNYaBLML9tgCgN60Y66RVHR1zEVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1a2FqYXZpWmRrVEhhazF2
akl3RjErZDc1TVZNZnBCQ3F1a2szUTB1bUVzCkJSV2F1RUNvR3FldmxnbEsyejB6
QU9xTTlud1BrVW1WQ0RCbFRhVCtiRW8KLS0tIG9UeTg3d0pUOUswaUdWdGVscHNM
NEZFUS9sNVJXSllNdXhRWDFYKzg0ZFkK1jEL736B5stLQw6BLxJmm8Z98uvD2qGZ
O98ByT6SrjQnYnr/8u0qY7dQ71ThzB5v3LSrk8/x06CzLmpAYgc6IQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbjh3YkhPd1o3M0h4bkhY
dS9QV203STh5OTF0Y3k2VEdFaFYwQmJNL3lBCkg4UnN2NW82a2F0a28zQ2h6Tng2
ckkrb1AyMUZ0UDM3ZDgvd2FWSTlCTmsKLS0tIGc0ckd1NW1Tc04zOUZhRjlwYmMx
NktCNXd3WE04VzgyczdNVVZ4Z0FIbk0K3999tMUUAerQhWeIST5W9v9sahnl/bub
Wh2wQPSC6pN6t60CMrs4N5NgXhXG6KADiWi9oMwR18RAqwQTRVKRzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2ZIQlpNRmZaczlGMWFT
aVZWYmJ4RWxJYkJ1YkJhYkV4c1pKZGVESzFvCjh0d0RPUHNSQThLQ29vTzloRGJI
cnNQMXpTVUs3NjUzeGtGbTFDMUE3azgKLS0tIHM4cS9GUi9XUXNITTJsakxxOXhk
U3hNMjNQNHhhTTRTZk9EV05FMEtlSlEK3zLfM19AjFadzWzcTbvmUwQnL0yG8A6K
JMNzwbUvPqLIBxniTuSNRHceCcyPvs4vnCRDQPeEIHV6r1dGMV90Gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TWN6WEM4WkFqKzFoVkZi
K2hnd2JzczY2YStKcDZjd1RPNGlRVklQL1U0Cmo1VTNkWnVQY2tSNzRBY3JrMW9x
Smx4STlKMzJGQUdrMmpXVCtYekZmWU0KLS0tIE1ycnR1MTVvMUgvcko2VlM0NEUy
Nk1vSWtQWlJWVlNIZEUyOEc5ZS80QjgKqyFL4+3Oqx92nDGJ/D8/+RkPmHZ5R9Yv
HXlyUrO+tmbSU5JkBO7tSZ9Ho89Imwf8b6r76ZozHOjpmhSL5RBvfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0pSVFdiMzBFaFZReEhY
eVFWNzc4eno5Zm1ScEpSUHNmeWVkaTdjQnlzCnZoS3hjeGlyUmd3U1lnc0xOUGVP
OXFweG5YTGV0NDZucWpuZ1lybG43dEEKLS0tIDk2NVZHUEtScklSQlZBQ0ZCMFZ4
N21xTTZpRm81cGM5elVWNnk5NU5PTGcKhfvVyHzhH9A1NDoyHwBAxHy5Dj8brkt5
280NVHI33SQ+R3mgdAcFB34jJW25ntq9Jd7f8V0FeqelGCzHttMy1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVHhXYnhkTjdPT0xqbE1D
LzliRGZzQWpiUFdmbE9LZktLN21GbUp5Y0U0CnAwTFlRN3M5OFpKNUNJNTlERVl0
MysvREhWdkZLOWdPODh2dXZlclRHMlUKLS0tIDF6c3pUUEh6bk5YeDJob0Rham1S
TlF5ZVp1Z21DU0hUdFJLMGNIRnVxZE0KGl0PT9mmCu+8yf2K7ADpeALk4xNG/Xld
IG1zlOPvAmmApoNKOx4FOlBVO8MAX922WsUgX6OSyw8U0PjdRn4rKQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MGJTd2cxRG5MNkJSdXBo
bXNuZXdPUDZjZC84S0g3N1ZENzIvWWVOaFN3Cmxpb08wSExqaTNQQ1RROGU4bk9h
K2lXMDhuVGpWa0NXOGlXMkxaMzZyWkEKLS0tIDUvckRYWXFhdW1wdUZlL083ZFhH
TFJtcEdFS2pPcHN4bjd1a3QwcktXTzgKy7mTdf495H9solOwE8qJgQQXg+4HYYoF
6ytA/0bA+UlDeziHS4opnlooXcyQ6isMUoi9+F3GlrDaS9NZx+v5vA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeEVoR2dscEg3Mlk5WlBP
UHFvR2RUTTh2Zm1UcStncEUxVnRwamM4eXdvCkdWbWcwajFXdkI3S1pkT01sZkoz
U2pYdDJ1Wmw3V1prWUh5TVhCSUtlK1kKLS0tIG5XUjhMak45UzlXek5vTDZMN3Nv
d1JJc3FvZjJadTVUSXJzWVQ3ckxQSVUKQ8Bw9tQdlgrH+e4QrkFhx9AVz7F6asDZ
rblgfXuYh+rnoDsuMh6gUciA9WDXBmlPgs09ny4T29T9uGwLjPnitw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TndrMmZMOG5tT1FnWmgr
OGlxek5ndGxFOFdmbXhKTFZidzRGS1NVWWhVCjNFK2U5bTM1OXhKcTV0Q3F6bG5U
T0xnYTloZStMbTBFTFovdHlBU2s2eTQKLS0tIEY2emp4ZVVDbzhLbGxuOUx5VG1G
R1B1VldGM3BONUoxUVpDeGhBK1orQXcKPHvqPhOE7j687dBQlfuTdsLIr7t8HzX+
IWOkgUe9Lu+ruHmx0FbDsLlqJZbZOVisaWGD7CEm4Ku1ZnOSejFZcw==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2x6VWx5TUJTcDdEbExr
V0t2VkdOV3NuUC9nUStZM3JwdmRqdThyUWtzCnFlTm13OFVlL205L0dPVzVrRlVh
b3BTTEFwcHlrL204alNlU2N0aExjVW8KLS0tIEQ5ZWpCeTMwNmpjcGl1WmtQdkNU
TVJBMjlNaWtHMlMzd3ViaGVpMERPVncKh7czaPxra9mRidJgrfaT0QWFU7d1li4e
60tD8Gkaoshs0KjQt6Vs2OrW5cJhMkBnUv7kulEEvn+ouukZOz4jTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbnFqcnE2bjNqVmJlVmNR
b2huRnVITTJOU3J2bE43d1V3VzZiRUc0cVZnCmRoTU5YZWQ3TmdZN3A0WUQxZHJr
Tjd4d3FkNHpPSThBemc5STR4VXEvRG8KLS0tIGdSZFgvL2c4MTB2eml0dWtWQVVV
YkJJT294RWRsaHlrYThuQ2RMa3pERkkK0G9ShhLOZVVjGinlUyk/sc9OjWmukLgR
JNTFWAePS/k1O/bO4Myxc9wX4R9UrZOpG/Q6v66ilNOApWD7i/2eBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUUJzYVBzLzlWc2QzUitS
M3JrSGUxcXV2NlA4Q2lDVGpCU0NnZTY2Q0RVCmZ0Tmp0M2FMUVcvY1JrQmoyNk9B
VDFqUUlQMVJ3L3JoaE5ISDV0YU5ydTQKLS0tIGRjM2ZxUzRMRGxzL0ZBR0F2Ti9Y
Tnp0djVFV0hPTkJGYXJSTWRHdkUzWVEK2bWcz9/qrHjAO0FWzjwsuBnZMm42XzKl
h1tQwqF7A3jdcezZXYmOn5R1nJX5NTXLySgPZapvOhrPmuHZk4UULQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUHlzOEtpUnFoU0VmNmpl
TDgwdVAzeENBd3dvY2U3TFVkSy96Mi8rVERjCmhaU0hpeUR2cjh3ckNKVWNtaTRG
STRpaHFGWmU5TjRFWEhabWZTaC9FMk0KLS0tIHBsN3BxNXRIQ2ptNHZjQ0tlZ2Ro
YWttOHNEeDFTemh2OFEvNGNOZmkzeEUKL9yGY1L35y+ZIFyTFKyvgIirWSGe5lkT
jYAPmt/RJmskzNBQdo3KGnPKqpVK5nEBUwmzKVre4AOOSTYJ4ER+0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-31T05:09:48Z"
mac: ENC[AES256_GCM,data:VP4URW/zRZFa4A3Q0gVzs06Zre+GzT3DNcrYxOcktgR1ooyvCjPE6l5t3Jf2LvVanSuBfIQMP7w67OcBar89QqGjn38E6V/U5Lyj7hHF9AtqNd/3l3P91xt+69UBOEqhZI0oASrTA3MKAZVeg6kWtU7YWajPH0PVxOsxMHeD9g4=,iv:LciFXM9JdXwmR56dgO6OskfcGauy8Q5gYIKZH2sES90=,tag:VJbexnwD+N1mGzADfXhp7g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

45
users/apollo-admin/apollo-admin.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let
sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
in
{
users.users.apollo-admin = {
initialPassword = "changeme";
isNormalUser = true;
description = "Cluster Admin";
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
sshCaperrenDesktopPubkey
sshCaperrenLaptopPubkey
];
};
home-manager.users.apollo-admin = {
home.username = "apollo-admin";
home.homeDirectory = "/home/apollo-admin";
home.stateVersion = "25.05";
home.packages = with pkgs; [ ];
programs.bash.enable = true;
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
};
};
}

50
users/caperren/caperren.nix
View File

@@ -2,6 +2,8 @@
let let
hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}"; hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}";
kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}"; kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}";
sshDesktopPubkey = builtins.readFile ./pubkeys/cap-nr200p.pub;
sshLaptopPubkey = builtins.readFile ./pubkeys/cap-slim7.pub;
spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml; spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml;
spotifyPlayerAppTomlText = spotifyPlayerAppTomlText =
builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ] builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ]
@@ -13,12 +15,18 @@ in
isNormalUser = true; isNormalUser = true;
description = "Corwin Perren"; description = "Corwin Perren";
extraGroups = [ extraGroups = [
"networkmanager"
"wheel"
"input"
"dialout"
"plugdev"
"adbusers" "adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"plugdev"
"podman"
"wheel"
];
openssh.authorizedKeys.keys = [
sshDesktopPubkey
sshLaptopPubkey
]; ];
}; };
@@ -43,13 +51,19 @@ in
programs.bemenu.enable = true; programs.bemenu.enable = true;
programs.kitty = { programs.kitty = {
enable = true;
font.name = "JetBrains Mono"; font.name = "JetBrains Mono";
settings = {
allow_remote_control = true;
};
}; };
# Assets # Assets/scripts
home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons; home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;
# Application config files # Application config files
home.file.".config/containers/policy.json".source = ./dotfiles/.config/containers/policy.json;
home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf; home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf;
home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf; home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf;
home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf; home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf;
@@ -73,18 +87,25 @@ in
home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout; home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout;
# Desktop entry files so bemenu can find them # Desktop entry files so bemenu can find them
home.file.".local/share/glances-bemenu.desktop".source = home.file.".local/share/applications/alltop.desktop".source =
./dotfiles/.local/share/glances-bemenu.desktop; ./dotfiles/.local/share/applications/alltop.desktop;
home.file.".local/share/glava.desktop".source = ./dotfiles/.local/share/glava.desktop; home.file.".local/share/applications/glava.desktop".source =
home.file.".local/share/jetbrains-toolbox.desktop".source = ./dotfiles/.local/share/applications/glava.desktop;
./dotfiles/.local/share/jetbrains-toolbox.desktop; home.file.".local/share/applications/phonerdp.desktop".source =
home.file.".local/share/spotify-player.desktop".source = ./dotfiles/.local/share/applications/phonerdp.desktop;
./dotfiles/.local/share/spotify-player.desktop; home.file.".local/share/applications/spotify-player.desktop".source =
./dotfiles/.local/share/applications/spotify-player.desktop;
# Custom bash aliases # Custom bash aliases
home.shellAliases = { home.shellAliases = {
# Phone remote desktop over usb (adb), with some default flags I want
phonerdp = "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close";
# Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo # Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo
savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json"; savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json";
# Nice to have an alias if I ever want to launch this from cmdline, or see the dbus help string
screenshot = "~/.config/hypr/scripts/screenshot.sh";
}; };
# Theming # Theming
@@ -109,6 +130,9 @@ in
font.name = "JetBrains Mono 11"; font.name = "JetBrains Mono 11";
}; };
home.sessionPath = [
"$HOME/.local/share"
];
home.sessionVariables = { home.sessionVariables = {
GTK_THEME = "Adwaita-dark"; GTK_THEME = "Adwaita-dark";
}; };

7
users/caperren/dotfiles/.config/containers/policy.json Normal file
View File

@@ -0,0 +1,7 @@
{
"default": [
{
"type": "insecureAcceptAnything"
}
]
}

116
users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh Executable file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
# Unashamedly taken from: https://www.reddit.com/r/hyprland/comments/13ivh0c/comment/jkgk65k
# Small edits made for my particular needs
# Flags:
# r: region
# s: screen
#
# c: clipboard
# f: file
# i: interactive
# p: pixel
# Example hyprland bindings
#bind = CTRL, SUPER, ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh
#bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
#bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
#bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
#bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
#bind = SUPER SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
#bind = CTRL SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
#bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
screenshotPath=~/Pictures/screenshots
hyprpicker_launch(){
# Start hyprpicker with screen render (freeze), no fancy, no zoom
# We're just using this to lock the screen in place for grim ingest
hyprpicker -r -n -z -d >/dev/null 2>&1 &
sleep 0.5
}
hyprpicker_kill(){
killall hyprpicker >/dev/null 2>&1
}
trap hyprpicker_kill EXIT
generate_filename(){
# Make sure screenshots path exists first
if [ ! -d "$screenshotPath" ]; then
mkdir -p "$screenshotPath"
fi
echo "$screenshotPath/$(date +%Y-%m-%d_%H-%M-%S).png"
}
active_screen_grim_region(){
hyprctl -j monitors | jq -r '.[] | select(.focused) | "\(.x),\(.y) \(.width)x\(.height)"' -
}
grim_from_region() {
local filename="${1:-}"
local region="${2:-}"
hyprpicker_launch
# Get region of screen to capture, if not passed in
if [ -z "$region" ]; then
region=$(slurp -b '#000000b0' -c '#00000000') || exit 1
fi
# Start grim while screen is still frozen, kill hyprpicker, and pass through data
if [ -z "$filename" ]; then
grim -g "$region" - | {
hyprpicker_kill || true
cat
}
else
grim -g "$region" "$filename" | {
hyprpicker_kill || true
cat
}
fi
}
if [[ $1 == rc ]]; then
grim_from_region | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == rf ]]; then
grim_from_region "$(generate_filename)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == ri ]]; then
grim_from_region | swappy -f - -o "$(generate_filename)"
elif [[ $1 == sc ]]; then
grim_from_region "" "$(active_screen_grim_region)" | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == sf ]]; then
grim_from_region "$(generate_filename)" "$(active_screen_grim_region)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == si ]]; then
grim_from_region "" "$(active_screen_grim_region)" | swappy -f - -o "$(generate_filename)"
elif [[ $1 == p ]]; then
color=$(hyprpicker -a -r)
wl-copy "$color"
notify-send 'Copied to Clipboard' "$color"
else
notify-send 'Screenshot Shortcuts' "Print:\t\t\tRegion to clip
Super+Print:\t\tRegion to file
Ctrl+Print:\t\tRegion to editor
Shift+Print:\t\t\Screen to clip
Shift+Super+Print:\tScreen to file
Ctrl+Shift+Print:\tScreen to editor
Alt+Print:\t\tColor picker to clip" -t 20000
fi

7
users/caperren/dotfiles/.local/share/applications/alltop.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=All Top
Exec=bash -c "kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'"
Icon=alltop
Terminal=false
Categories=Utilities;

0
users/caperren/dotfiles/.local/share/glava.desktop → users/caperren/dotfiles/.local/share/applications/glava.desktop
View File

7
users/caperren/dotfiles/.local/share/applications/phonerdp.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=Phone RDP
Exec=bash -c "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close"
Icon=phonerdp
Terminal=false
Categories=Utilities;

0
users/caperren/dotfiles/.local/share/spotify-player.desktop → users/caperren/dotfiles/.local/share/applications/spotify-player.desktop
View File

7
users/caperren/dotfiles/.local/share/glances-bemenu.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=Glances Bemenu
Exec=kitty -e glances
Icon=glances
Terminal=false
Categories=Media;

7
users/caperren/dotfiles/.local/share/jetbrains-toolbox.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=JetBrains Toolbox
Exec=jetbrains-toolbox
Icon=jetbrains-toolbox
Terminal=false
Categories=Development;IDE;

3
users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
View File

@@ -7,3 +7,6 @@ source = ~/.config/hypr/hyprland-common.conf
# Application launch # Application launch
exec-once = brightnessctl -sd platform::kbd_backlight set 1 exec-once = brightnessctl -sd platform::kbd_backlight set 1
exec-once = brightnessctl -s set 30% exec-once = brightnessctl -s set 30%
# Privacy
exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000

26
users/caperren/dotfiles/hyprland/hyprland-common.conf
View File

@@ -4,7 +4,7 @@ monitor=,preferred,auto,1
# Set programs that you use # Set programs that you use
$terminal = kitty $terminal = kitty
$fileManager = thunar $fileManager = thunar
$menu = bemenu-run --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25" $menu = j4-dmenu-desktop --dmenu='bemenu --ignorecase --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25"' --term='kitty'
# Some default env vars # Some default env vars
env = XCURSOR_SIZE,24 env = XCURSOR_SIZE,24
@@ -83,14 +83,13 @@ windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
$mainMod = SUPER $mainMod = SUPER
bind = $mainMod, T, exec, $terminal
bind = $mainMod, C, killactive,
# Launch terminal # Launch terminal
bind = $mainMod, T, exec, $terminal
bind = SHIFT_SUPER, Return, exec, $terminal bind = SHIFT_SUPER, Return, exec, $terminal
# Close active window # Close active window
bind = $mainMod, Shift+q, killactive, bind = $mainMod, Shift+q, killactive,
bind = $mainMod, C, killactive,
bind = $mainMod, M, exit, bind = $mainMod, M, exit,
bind = $mainMod, E, exec, $fileManager bind = $mainMod, E, exec, $fileManager
@@ -157,6 +156,20 @@ bindl=, XF86AudioNext, exec, playerctl next
bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%- bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%-
bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1% bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1%
# Screenshots
bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
bind = SUPER_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
bind = CTRL_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
# Jetbrains window rules
# Prevent initial focus for JetBrains popups
windowrulev2 = noinitialfocus, class:^jetbrains-.*$, floating:1, title:^$|^\s$|^win\d+$
# Application launch # Application launch
exec-once = kanshi # Automatically handles display configurations exec-once = kanshi # Automatically handles display configurations
exec-once = ydotoold # Autoclicker/autokeyboard for automation exec-once = ydotoold # Autoclicker/autokeyboard for automation
@@ -170,4 +183,9 @@ exec-once = waybar # Wayland specific status bar
exec-once = sleep 5 && nm-applet # Traditional notifications area exec-once = sleep 5 && nm-applet # Traditional notifications area
exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool
exec-once = sleep 5 && streamdeck -n # Streamdeck management tool exec-once = sleep 5 && streamdeck -n # Streamdeck management tool
exec-once = sleep 5 && solaar --window=hide # Logitech device management and battery
exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps
exec-once = sleep 10 && itch # More fun games
exec-once = sleep 15 && hyprctl dispatch closewindow 'title:itch' # Hacky solution to single-shot "windowrule"

15
users/caperren/dotfiles/kanshi/cap-slim7/config
View File

@@ -5,22 +5,17 @@ profile builtin_only {
} }
profile bedroom_desk { profile bedroom_desk {
# Top left to right ##### Top left to right
output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280 output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90 output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
output "DLOGIC Ltd. No Monitor USB_601e-21H1" enable position 3000,1280 output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280
# output "DLOGIC Ltd. No Monitor USB_601e-21H1" mode --custom 1920x1080@60Hz enable position 3000,1280
# Bottom left to right ##### Bottom left to right
output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360 output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
# Primary monitor, which wayland doesn't have a concept of
output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560 output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360 output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360
# Far bottom right (laptop itself) ##### Far bottom right (laptop itself)
output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
} }
profile scotts_apartment_tv {
output "BOE 0x0A9B Unknown" enable mode 2560x1600@165Hz position 0,0 adaptive_sync on
output "Hisense Electric Co., Ltd. HISENSE 0x00000001" enable mode 1920x1080@60Hz position 2560,0
}

3427
users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
View File

File diff suppressed because it is too large Load Diff

BIN
users/caperren/dotfiles/streamdeck/icons/btop-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/firefox-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/glances-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 17 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/glava-standin-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/jetbrains-toolbox-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/kitty-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 7.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/obsidian-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-arrow-down-long-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-arrow-up-long-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 11 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/slash-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.6 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/spotify-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/thunar-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 19 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/unifi-camera-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 679 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/unifi-protect-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 145 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/video-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

1
users/caperren/pubkeys/cap-nr200p.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILb5YZG6wCmqoevSHsP9f9eix3iugntBFy9hf/gkGb5v caperren@cap-nr200p

1
users/caperren/pubkeys/cap-slim7.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKn/grpCtACdsrw1ocTBsf2Mc6hUZHNwvuZPk8K4UJ3p caperren@cap-slim7

44
users/cluster-admin/cluster-admin.nix Normal file
View File

@@ -0,0 +1,44 @@
{ config, pkgs, ... }:
let
sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
in
{
users.users.cluster-admin = {
initialPassword = "changeme";
isNormalUser = true;
description = "Cluster Admin";
extraGroups = [
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
sshCaperrenDesktopPubkey
sshCaperrenLaptopPubkey
];
};
home-manager.users.cluster-admin = {
home.username = "cluster-admin";
home.homeDirectory = "/home/cluster-admin";
home.stateVersion = "25.05";
home.packages = with pkgs; [ ];
programs.bash.enable = true;
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
};
};
}