caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-31 11:34:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: caperren:d0fe4b0a3bd71f44a47e4de0f6e539df12060e95
Branches Tags
caperren:main caperren:working-branch caperren:cluster-config caperren:sops-testing
...
compare: caperren:working-branch
Branches Tags
caperren:working-branch caperren:main caperren:cluster-config caperren:sops-testing

159 Commits
d0fe4b0a3b ... working-br

Author SHA1 Message Date
Corwin Perren
f6ffd58cf7 Skip keepalive for now 2025-12-31 00:11:41 -08:00
Corwin Perren
e933161b1b Pkgs path for screen on keepalive 2025-12-31 00:09:48 -08:00
Corwin Perren
c894684414 Remove wrong sleep import 2025-12-31 00:07:27 -08:00
Corwin Perren
ecdb021563 Sleep comes from coreutils 2025-12-31 00:06:35 -08:00
Corwin Perren
0cc3d6483c Keepalive only after main service started, delay before starting silent fans 2025-12-31 00:05:51 -08:00
Corwin Perren
df8fcec4d9 Make fan service restart after secrets decryption, undo temp changes 2025-12-30 23:48:34 -08:00
Corwin Perren
469d44f967 Make multi-user wantedBy instead of after to start at boot 2025-12-30 23:36:01 -08:00
Corwin Perren
1b517f56fc Allow n02 to decrypt 2025-12-30 23:33:09 -08:00
Corwin Perren
d4bd57c2fb Enable fan script at boot 2025-12-30 23:21:01 -08:00
Corwin Perren
c5b0bad486 Working version of ilo fan control script 2025-12-30 23:09:14 -08:00
Corwin Perren
434d760397 Added cap-apollo-n02 2025-12-30 20:57:18 -08:00
Corwin Perren
7483d0fc6c Add state version to apollo and cluster 2025-12-30 20:57:18 -08:00
Corwin Perren
bb368c5521 Enable apollo virtualization 2025-12-30 20:57:18 -08:00
Corwin Perren
72d33db2f9 Add apollo admin account 2025-12-30 20:57:18 -08:00
Corwin Perren
537f8494d4 Fix import paths, for real 2025-12-30 20:57:18 -08:00
Corwin Perren
5c327a7ced Fix import paths 2025-12-30 20:57:18 -08:00
Corwin Perren
8c04af52e6 Fix caperren reference 2025-12-30 20:57:18 -08:00
Corwin Perren
444b5894c6 Added cap-apollo-n01 2025-12-30 20:57:18 -08:00
Corwin Perren
6ba1828944 Changed monitoring url for new streamdeck 2025-12-30 20:57:18 -08:00
Corwin Perren
935f3b6575 Added new streamdeck 2025-12-30 20:57:18 -08:00
Corwin Perren
d862884042 Merge pull request #25 from caperren/working-branch 
Swapped out for amd gpu on nr200p
 2025-12-21 20:25:55 -08:00
Corwin Perren
a7a3f1dd4e Swapped out for amd gpu on nr200p 2025-12-21 20:25:22 -08:00
Corwin Perren
4b886de443 Merge pull request #24 from caperren/working-branch 
Remove home-manager ssh config for now due to bad default permissions
 2025-12-13 16:35:03 -08:00
Corwin Perren
6d8ec5e01c Remove home-manager ssh config for now 2025-12-13 16:34:13 -08:00
Corwin Perren
4dd1207568 Merge pull request #23 from caperren/sops-testing 
sops-nix functional, and providing encrypted token for test cluster
 2025-12-13 16:22:29 -08:00
Corwin Perren
1fe9c9c9cf Secondaries need to inherit secondary config 2025-12-13 15:56:29 -08:00
Corwin Perren
d72c3d4e56 Re-enable secondaries 2025-12-13 15:28:48 -08:00
Corwin Perren
307cf5108c Re-enable nix rebuild service for cluster 2025-12-13 15:23:24 -08:00
Corwin Perren
b110daed58 Re-enable primary server 2025-12-13 15:09:38 -08:00
Corwin Perren
180d6cf1b0 Reset cluster for change to sops-nix managed token 2025-12-13 15:06:11 -08:00
Corwin Perren
b3fd29faef Fixed home manager inputs, and got sops-nix working for all current hosts 2025-12-13 14:54:15 -08:00
Corwin Perren
a3837016ae Fixed sops config 2025-12-13 03:03:38 -08:00
Corwin Perren
d40951b6a8 Actually commit default.yaml 2025-12-13 02:36:59 -08:00
Corwin Perren
ade7bdd892 Add default.yaml for sops and set as such 2025-12-13 02:36:20 -08:00
Corwin Perren
420513c859 Had to run sops updatekeys to add new hosts 2025-12-13 02:31:36 -08:00
Corwin Perren
35c0153da9 Temporarily remove git autorebuild 2025-12-13 02:26:00 -08:00
Corwin Perren
154a177a51 Huh, guess it has to be relative 2025-12-13 02:21:29 -08:00
Corwin Perren
439d48d1bf Absolute secrets path 2025-12-13 02:19:41 -08:00
Corwin Perren
71b9956ecd Remove home manager sops for now 2025-12-13 02:17:15 -08:00
Corwin Perren
2b77870bda Add config import 2025-12-13 02:05:26 -08:00
Corwin Perren
c65056be55 Import config for home manager settings 2025-12-13 01:59:07 -08:00
Corwin Perren
353135a2d9 Initial keys, and basic token file for sops cluster testing 2025-12-13 01:55:25 -08:00
Corwin Perren
c360755253 Add mesa-demos for glx testing, tweak to streamdeck for btop 2025-12-11 17:15:41 -08:00
Corwin Perren
8681caca01 Some comments 2025-12-10 10:37:04 -08:00
Corwin Perren
80e3eccd32 Small webcam privacy warning for laptop 2025-12-10 10:17:47 -08:00
Corwin Perren
3ceb749239 Start testing k3s 2025-12-10 10:17:44 -08:00
Corwin Perren
b16e7664b0 Merge pull request #22 from caperren/working-branch 
Added changes for homelab cube cluster, no longer using unstable branch for packages, improved sudoers entries
 2025-12-07 21:38:03 -08:00
Corwin Perren
81d7174bdf Put ncdu back, and enable ssh agent 2025-12-07 21:29:46 -08:00
Corwin Perren
8c284cc708 Final test 2025-12-07 21:15:01 -08:00
Corwin Perren
1fa619b95f Revert to using system config path 2025-12-07 21:09:20 -08:00
Corwin Perren
0bfc3792be Try current system path instead 2025-12-07 21:04:33 -08:00
Corwin Perren
df2327bfc0 Missing config import 2025-12-07 21:00:59 -08:00
Corwin Perren
28fbea14f6 Use system path config for sudoers changes 2025-12-07 20:59:19 -08:00
Corwin Perren
7611e586c8 Just make auto-rebuild passwordless for the cluster-admin 2025-12-07 20:54:39 -08:00
Corwin Perren
a8e001ebb1 Testing service 2025-12-07 20:45:18 -08:00
Corwin Perren
8d6736598e Remove escape char 2025-12-07 20:40:41 -08:00
Corwin Perren
3fc2f34991 Switch to system config rebuild 2025-12-07 20:38:59 -08:00
Corwin Perren
0d9db0fd89 Add more paths 2025-12-07 20:35:41 -08:00
Corwin Perren
6e6ba6c71f Flip quote styles 2025-12-07 20:31:32 -08:00
Corwin Perren
e797745a62 Copy settings from nix auto-upgrade 2025-12-07 20:26:55 -08:00
Corwin Perren
b2cfd98331 Remove double single-quote 2025-12-07 20:12:07 -08:00
Corwin Perren
4b0011d221 Command, not commands 2025-12-07 20:11:03 -08:00
Corwin Perren
6f852032c9 Seperate commands 2025-12-07 20:10:06 -08:00
Corwin Perren
90a55fab87 Double single quote 2025-12-07 20:08:26 -08:00
Corwin Perren
89b373db53 Allow git-auto-rebuild without password for admins 2025-12-07 20:06:26 -08:00
Corwin Perren
5d041ac5c7 Switch to packages definition 2025-12-07 19:58:48 -08:00
Corwin Perren
54bb3cb054 No auto-start 2025-12-07 19:54:46 -08:00
Corwin Perren
4b9374f753 Full paths for everything 2025-12-07 19:52:33 -08:00
Corwin Perren
9cd5470c55 Missing cd 2025-12-07 19:51:25 -08:00
Corwin Perren
561c632289 Switch to shell command and add git pull 2025-12-07 19:49:33 -08:00
Corwin Perren
40b6bde6a4 Misspelling 2025-12-07 19:47:58 -08:00
Corwin Perren
8c4de5f015 Testing git auto-rebuild for cluster 2025-12-07 19:45:59 -08:00
Corwin Perren
0d65e64e34 Remove kdenlive for build failure 2025-12-07 18:39:19 -08:00
Corwin Perren
9191d2c954 Add slim7 pubkey for ssh 2025-12-07 18:36:52 -08:00
Corwin Perren
f6387b341f Fix clust-09 hardware 2025-12-07 18:20:20 -08:00
Corwin Perren
246c71dc43 Fix clust-08 hardware 2025-12-07 18:16:17 -08:00
Corwin Perren
1c944019f4 Add configs for other cluster hosts 2025-12-07 17:44:32 -08:00
Corwin Perren
dbd85672a3 Deduplicate cluster config 2025-12-07 17:28:12 -08:00
Corwin Perren
6cbde55575 Add cap-clust-01 to test 2025-12-07 17:04:34 -08:00
Corwin Perren
4fe3ce49e6 Add pubkeys for ssh on caperren and cluster admin from caperren account 2025-12-07 16:58:02 -08:00
Corwin Perren
e717edc177 Add cluster host definitions, cluster utilities, and admin, switch nixpkgs to stable 2025-12-07 16:46:54 -08:00
Corwin Perren
af7b1d1b63 Add solaar autostart 2025-12-07 15:49:10 -08:00
Corwin Perren
23cf49aec7 Merge pull request #21 from caperren/working-branch 
Virtualization configs, no waydroid, new work desk monitor, itch for games, new camera dashboard url, utils
 2025-12-05 01:14:06 -08:00
Corwin Perren
c23b3eae53 Comments 2025-12-05 01:13:14 -08:00
Corwin Perren
b6a769c4fa Replaced old broken lg monitor with equivalent and working dell 2025-12-05 01:09:26 -08:00
Corwin Perren
447ad9e125 Re-enable pcb2gcode, make itch window autoclose after startup since the application setting for it doesn't work, update monitoring dashboard url for streamdeck 2025-12-04 14:11:26 -08:00
Corwin Perren
1f27c34b09 Add dmidecode 2025-11-19 23:18:54 -08:00
Corwin Perren
379f039591 Autolaunch itch 2025-11-16 12:10:42 -08:00
Corwin Perren
05b706e37f Switched to docker for virtualization, added itch games launcher 2025-11-14 15:17:27 -08:00
Corwin Perren
3392366413 Added virtualization container policy config 2025-11-07 15:41:57 -08:00
Corwin Perren
85e1ecd46a Removed waydroid, enabled docker socket compat and added self to group, default to shutting phone screen off on rdp disconnect 2025-11-07 15:23:10 -08:00
Corwin Perren
b1376e1cea Merge pull request #20 from caperren/working-branch 
Working branch
 2025-11-07 15:04:45 -08:00
Corwin Perren
3f83fc9d57 Also make phone stay awake in rdp mode 2025-11-07 15:04:14 -08:00
Corwin Perren
f536cea5c3 Skip fullscreen option on phonerdp 2025-11-07 14:59:57 -08:00
Corwin Perren
3d5c6a443b Added phonerdp desktop entry 2025-11-07 14:58:10 -08:00
Corwin Perren
283f9ad213 Re-enabled nvtop, nopasswd for nvtop, properly enable kitty with remote control, streamdeck now uses alltop, alltop desktop entry, j4-dmenu-desktop as wrapper for bemenu so that desktop entries show, fixed desktop entry location 2025-11-07 14:55:22 -08:00
Corwin Perren
513cf526d8 Added pinta for quick cropping and rotating of images 2025-11-06 17:40:00 -08:00
Corwin Perren
069de41562 Added quick command and desktop file to start an abd screen mirroring session for my android phone 2025-11-05 11:48:16 -08:00
Corwin Perren
5bf0216460 Switched flameshot for custom grim/wl-copy/swappy pipeline, new printscr shortcuts, minor refactoring of some modules, spotify_player swap for streamdeck, new area for hyprland scripts 2025-11-03 20:58:20 -08:00
Corwin Perren
62a324a746 Merge pull request #19 from caperren/working-branch 
Fix kitty accidentally launching glances
 2025-10-31 20:06:19 -07:00
Corwin Perren
e380f07018 Fix kitty accidentally launching glances 2025-10-31 20:05:23 -07:00
Corwin Perren
424a74773f Merge pull request #18 from caperren/working-branch 
General cleanup and refactoring, added glances with config, managed streamdeck config and created new ui for it
 2025-10-31 19:59:53 -07:00
Corwin Perren
064a996b73 Added gimp, removed glances desktop, created new managed streamdeck config with logos 2025-10-31 19:58:39 -07:00
Corwin Perren
20e338c380 Added streamdeck config and icons to home-manager, moved jetbrains toolbox desktop entry to dotfiles 2025-10-31 16:23:55 -07:00
Corwin Perren
57b5471d58 Added glances as all-in-one system monitor, initial config, desktop entry 2025-10-31 14:51:27 -07:00
Corwin Perren
c53b236d5b Merge pull request #17 from caperren/working-branch 
Revert nrs alias usage, add imv viewer and set as default
 2025-10-31 12:43:27 -07:00
Corwin Perren
aa5037b107 Add imv viewer, set as default 2025-10-31 12:41:25 -07:00
Corwin Perren
1de9399021 Reverted nrs alias usage 2025-10-31 01:34:28 -07:00
Corwin Perren
5748f4b2e7 Merge pull request #16 from caperren/working-branch 
Trace versions of rebuild and update commands, fixes, firefox as default web handler
 2025-10-30 11:01:52 -07:00
Corwin Perren
8a573b1726 Added trace versions of nix rebuild and update, fixed a font name that was changed, commented nvtop for failing build, switched btop to cuda variant 2025-10-30 10:57:17 -07:00
Corwin Perren
6d59c86b02 Make firefox default web link application, added new potential background 2025-10-29 20:49:37 -07:00
Corwin Perren
f3843fd686 Merge pull request #15 from caperren/working-branch 
Added qt5ct, xev, added theming to bemenu, new background (unused), b…
 2025-10-28 10:00:17 -07:00
Corwin Perren
e71e9c7a1d Added qt5ct, xev, added theming to bemenu, new background (unused), background folder refactor 2025-10-28 09:59:30 -07:00
Corwin Perren
5e44c0e28c Merge pull request #14 from caperren/working-branch 
Added okular as default pdf, full texlive environment for resumes
 2025-10-27 23:06:55 -07:00
Corwin Perren
6b43a528f9 Added okular as default pdf, full texlive environment for resumes 2025-10-27 15:31:20 -07:00
Corwin Perren
cdb9b3f2f8 Merge pull request #13 from caperren/working-branch 
Removed slack autostart, changes to spotify and glava, bemenu over wofi app launcher
 2025-10-27 12:53:09 -07:00
Corwin Perren
8f05b33391 Move spotify and create glava desktop entries within home manager, switch to bemenu from wofi, add official spotify client 2025-10-27 12:51:33 -07:00
Corwin Perren
b7ba045305 Remove slack autostart 2025-10-25 23:07:13 -07:00
Corwin Perren
c631417ec5 Merge pull request #12 from caperren/working-branch 
Added inav-configurator, removed deadbeef and davinci resolve, temp r…
 2025-10-25 11:08:21 -07:00
Corwin Perren
702907d454 Added inav-configurator, removed deadbeef and davinci resolve, temp removal of rpi-imager for build failure, new git user syntax 2025-10-25 11:07:00 -07:00
Corwin Perren
f15568d031 Merge pull request #11 from caperren/working-branch 
More tools for rc hobby, programming, and starting slack by default on the laptop
 2025-09-16 15:24:18 -07:00
Corwin Perren
76405677a0 More rc tools to hobby rc 2025-09-16 15:15:06 -07:00
Corwin Perren
ffdbf536b5 Add slack to startup app on laptop 2025-09-16 15:04:06 -07:00
Corwin Perren
cce655e475 Added more tools for rc hobby programming and config. 2025-09-14 21:32:46 -07:00
Corwin Perren
f536023a14 Merge pull request #10 from caperren/working-branch 
Removed abandoned workspace_swipe hyprland option.
 2025-09-14 21:24:03 -07:00
Corwin Perren
e8357a95ee Removed abandoned workspace_swipe hyprland option. 2025-09-14 21:23:22 -07:00
Corwin Perren
cb1249357d Merge pull request #9 from caperren/working-branch 
Updates to programming packages, rofi, and new hobby rc group
 2025-09-14 21:13:48 -07:00
Corwin Perren
5aa036def8 Updated to current rofi package naming, and py314 without "Full" suffix 2025-09-14 21:12:01 -07:00
Corwin Perren
1b45ef06f1 Added ground station software for hobby rc flying 2025-09-04 21:21:12 -07:00
Corwin Perren
692558b7b8 Add gnumake 2025-09-04 12:22:04 -07:00
Corwin Perren
ae61c718e6 Merge pull request #8 from caperren/waybar-wallpaper-misc-tweaks 
Waybar wallpaper misc tweaks
 2025-09-04 12:21:33 -07:00
Corwin Perren
fcf8b46e38 Add and cleanup media creation 2025-09-04 12:20:45 -07:00
Corwin Perren
88366d7dbe Media creation and desktop tweaks 2025-09-04 12:11:07 -07:00
Corwin Perren
972ca7186a Merge pull request #7 from caperren/waybar-wallpaper-misc-tweaks 
Waybar wallpaper misc tweaks
 2025-09-03 19:42:34 -07:00
Corwin Perren
7943950c79 Removed nwg-displays 2025-09-03 19:41:28 -07:00
Corwin Perren
b3a27173eb Commented out failing builds 2025-09-03 18:09:39 -07:00
Corwin Perren
f6087ae017 Added slack, buildable netextender, default jetbrains mono font 2025-09-03 18:09:28 -07:00
Corwin Perren
c18257042d Tweaked waybar config for a prettier setup, added hyprpaper and black default background, improved nus/nrs 2025-09-03 18:09:26 -07:00
Corwin Perren
93ac73b583 Cleanup, added more radio items, tweaks to displaylink 2025-09-02 22:38:25 -07:00
Corwin Perren
56c18519b3 Merge pull request #5 from caperren/jetbrains-thunar-waybar 
Better theming, lock and idle control, wofi desktop launchers, brightness and volume defaults
 2025-07-02 01:12:27 -07:00
Corwin Perren
17495207aa Default brightness for screen and keyboard on laptop, default audio volume level for all systems 2025-07-01 23:57:51 -07:00
Corwin Perren
b138866194 Add desktop file for spotify-player, jetbrains-toolbox, autostart hypridle, dotfiles for hypridle, idle_inhibitor configs, gtk app dark theme 2025-07-01 23:50:29 -07:00
Corwin Perren
37398fccac Merge pull request #4 from caperren/nr200p-fix 
Fix bad comment in hyprland conf file
 2025-07-01 04:13:20 -07:00
Corwin Perren
994e2b18cd Fix bad comment in hyprland conf file 2025-07-01 04:12:30 -07:00
Corwin Perren
7bc49c9ba3 Merge pull request #3 from caperren/dotfiles 
Managed dotfiles with home-manager, minor application group tweaks/cleanup
 2025-07-01 03:07:03 -07:00
Corwin Perren
78a9be43cb Minimal hyprland config de-duplication 2025-07-01 02:53:48 -07:00
Corwin Perren
dd2068166a Shorter aliases for nix-specific bash commands 2025-07-01 02:25:43 -07:00
Corwin Perren
366d238141 Added unused ai application group, btop, better hyprtop and hypridle, automatic nix garbage collection, and un-deduplicated hyprland configs 2025-07-01 02:20:40 -07:00
Corwin Perren
6216d108a9 Kanshi config for cap-nr200p 2025-07-01 01:40:33 -07:00
Corwin Perren
69522943d7 spotify-player dotfile, snuck in stress application for s-tui stress testing 2025-07-01 00:34:00 -07:00
Corwin Perren
03cd45aac4 Waybar configs and crestline account home manager template 2025-07-01 00:16:31 -07:00
Corwin Perren
5cd18d4fcb Home manager global settings, user settings for caperren, and dotfiles for kanshi and wlogout 2025-06-30 23:39:41 -07:00
Corwin Perren
dab6ad4f42 Merge pull request #2 from caperren/config-deduplication 
Config de-duplication
 2025-06-25 22:10:43 -07:00
Corwin Perren
287febcf99 Make branch name the hostname on initial setup 2025-06-25 22:09:17 -07:00
Corwin Perren
4d7f3000cd Move shell aliases to appropriate modules 2025-06-25 22:06:53 -07:00
Corwin Perren
eb1666f310 Deduplicate all applications and system settings 2025-06-25 21:59:36 -07:00
Corwin Perren
c110357818 Deduplicate firefox, thunar, xfce, internationalization settings, nix-settings, and pipewire 2025-06-25 05:55:49 -07:00
Corwin Perren
98f47d6c6a Deduplicate steam 2025-06-25 05:28:37 -07:00
Corwin Perren
2a8f6f3ded Merge pull request #1 from caperren/playground 
Complete initial consolidation
 2025-06-25 04:53:20 -07:00
137 changed files with 6620 additions and 996 deletions
Expand all files Collapse all files

65
.sops.yaml Normal file
View File

@@ -0,0 +1,65 @@
keys:
- &admin_users:
- &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
- &systems:
- &personal:
- &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
- &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
- &apollo:
- &cap_apollo_n01 age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
- &cap_apollo_n02 age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
- &cluster:
- &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
- &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
- &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
- &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
- &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
- &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
- &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules:
- path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- path_regex: secrets/default.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_apollo_n01
- *cap_apollo_n02
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/cluster.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p

9
README.md Normal file
View File

@@ -0,0 +1,9 @@
# nixos-configs
## Miscellaneous Notes
- To generate the sops age key for a new host
- `nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
- Update keys after adding new host or personal key
- `sops updatekeys <file>`
## Misc references used
* https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/tree/main

142
flake.nix
View File

@@ -2,11 +2,16 @@
description = "Nixos config flake"; description = "Nixos config flake";
inputs = { inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -15,20 +20,119 @@
{ {
self, self,
nixpkgs, nixpkgs,
sops-nix,
home-manager, home-manager,
nixos-hardware, nixos-hardware,
... ...
}@inputs: }@inputs:
{ {
nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-03/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-04/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-05/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-06/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-07/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-08/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-09/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = { inherit inputs; };
inherit inputs;
};
modules = [ modules = [
./hosts/cap-slim7/configuration.nix ./hosts/cap-slim7/configuration.nix
./modules/nixos/hyprland-amd.nix sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.lenovo-legion-16arha7 nixos-hardware.nixosModules.lenovo-legion-16arha7
]; ];
@@ -36,34 +140,12 @@
nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem { nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [ modules = [
./hosts/cap-nr200p/configuration.nix ./hosts/cap-nr200p/configuration.nix
./modules/nixos/hyprland.nix
inputs.home-manager.nixosModules.default inputs.home-manager.nixosModules.default
sops-nix.nixosModules.sops
]; ];
}; };
homeConfigurations = {
"caperren@cap-slim7" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraModules = [
./home/caperren/common.nix
./home/caperren/laptop.nix
];
username = "caperren";
homeDirectory = "/home/caperren";
};
"caperren@cap-nr200p" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraModules = [
./home/caperren/common.nix
./home/caperren/desktop1.nix
];
username = "caperren";
homeDirectory = "/home/caperren";
};
};
}; };
} }

28
hosts/cap-apollo-n01/configuration.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
networking.hostName = "cap-apollo-n01";
}

31
hosts/cap-apollo-n01/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1fa744fd-82d2-4997-a757-28ae96461a96";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F57E-AA2D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/cap-apollo-n02/configuration.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/apollo-2000.nix
];
networking.hostName = "cap-apollo-n02";
}

31
hosts/cap-apollo-n02/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/71e4a38f-1e1e-4ebb-8e7a-a9489aa61f55";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4A99-55C6";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-01/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-primary.nix
];
networking.hostName = "cap-clust-01";
}

52
hosts/cap-clust-01/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0028a3af-8470-46c2-81ca-6d9be16a6236";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C389-7B6B";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b063ac4-54ee-4b16-b766-9c470733995c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-02/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-02";
}

52
hosts/cap-clust-02/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9fcf291d-2576-44b4-bcba-98e40305e531";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7727-439F";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/56f2d727-03c5-4aef-9871-217bf98cdbb4"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-03/configuration.nix Normal file
View File

@@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-03";
}

52
hosts/cap-clust-03/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c2cfd56f-0090-45eb-a239-068fdadd2fd4";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3CF-3854";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e60a5ced-d01e-4613-afba-9b445bc43097"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-04/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-04";
}

52
hosts/cap-clust-04/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b9c79a2f-8c6a-4f86-8562-b2f882992e95";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EF0B-C66E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/9a123c08-cc9b-4516-a158-b274e9b399c3"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-05/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-05";
}

52
hosts/cap-clust-05/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/51ce9236-fe8c-49bc-bb90-1e582d163d04";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FF5C-EB30";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/1d24fd7d-c958-44ad-bb28-c394f3d56a6b"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-06/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-06";
}

52
hosts/cap-clust-06/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8cf14e41-2af7-4bbd-89e2-90f5d04601b8";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/33C3-BB59";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/262fa61f-4beb-4822-ace6-bb15c62b2cca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-07/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-07";
}

52
hosts/cap-clust-07/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ad88a1b0-c98e-4a95-9fb3-3299169c952b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/73CA-8E6D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/c6139db9-2a9d-400a-b8a8-c8f77c5713ca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-08/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-08";
}

52
hosts/cap-clust-08/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,52 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/deed37a4-4d5a-465c-93e6-1b7b216e0a1c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3ABB-C794";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6a99a895-a58c-43d2-8b62-02e3c915f46c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-09/configuration.nix Normal file
View File

@@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-09";
}

33
hosts/cap-clust-09/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "amdgpu" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/affec1c2-bf7c-499e-80a6-6615fd163e1a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9E1A-C3DA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a17f3a16-78fb-494d-8319-89e31e1defae"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

438
hosts/cap-nr200p/configuration.nix
View File

@@ -11,413 +11,50 @@
{ {
imports = [ imports = [
# Include the results of the hardware scan. # Hardware Scan
./hardware-configuration.nix ./hardware-configuration.nix
# Users
../../users/caperren/caperren.nix
# System Configuration
../../modules/system/cpu-amd.nix
../../modules/system/desktop.nix
../../modules/system/fonts.nix
../../modules/system/gpu-amd.nix
../../modules/system/home-manager-settings.nix
../../modules/system/hyprland.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/pipewire.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/3d-design.nix
../../modules/application-groups/android.nix
../../modules/application-groups/downloads.nix
../../modules/application-groups/gaming.nix
../../modules/application-groups/hobby-rc.nix
../../modules/application-groups/homelab.nix
../../modules/application-groups/media.nix
../../modules/application-groups/media-creation.nix
../../modules/application-groups/pcb-design.nix
../../modules/application-groups/productivity.nix
../../modules/application-groups/programming.nix
../../modules/application-groups/radio.nix
../../modules/application-groups/social.nix
../../modules/application-groups/system-utilities.nix
../../modules/application-groups/virtualization.nix
../../modules/application-groups/web.nix
]; ];
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; networking.hostName = "cap-nr200p"; # Define your hostname.
boot = {
# Make v4l2loopback kernel module available to NixOS.
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
# Activate kernel module(s).
kernelModules = [
# Virtual camera.
"v4l2loopback"
# Virtual Microphone. Custom DroidCam v4l2loopback driver needed for audio.
# "snd-aloop"
];
};
boot.extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
#
nix.settings.download-buffer-size = 524288000;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "cap-nr200p"; # Define your hostname. #-#
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# hardware.u2f.enable = true;
services.flatpak.enable = true;
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
]; # -#
# Set your time zone. # Set your time zone.
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the XFCE Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
# services.xserver.desktopManager.xfce.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.caperren = {
isNormalUser = true;
description = "Corwin Perren";
extraGroups = [
"networkmanager"
"wheel"
"input"
"dialout"
"plugdev"
"adbusers"
];
packages = with pkgs; [
# thunderbird
];
};
# users.users.crestline = {
# isNormalUser = true;
# description = "Crestline";
# extraGroups = [
# "networkmanager"
# "wheel"
# "input"
# "dialout"
# ];
# packages = with pkgs; [
# # thunderbird
# ];
# };
#services.displayManager.autoLogin = {
# enable = true;
# user = "crestline";
#};
#services.xserver.displayManager.gdm.autoLogin.delay = 60;
# Install firefox.
programs.firefox.enable = true; # -#
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
lf
git
wofi
nvtopPackages.full
htop
iftop
iotop
pulsemixer
arandr
util-linux
usbutils
telegram-desktop
discord
# spotify
vscode-with-extensions
swayimg
pavucontrol
networkmanagerapplet
pasystray
glava
spotify-player
hyprpicker
unetbootin
lf
dnsutils
unzip
playerctl
google-chrome
killall
#jetbrains.pycharm-professional
wget
jq
rofi-bluetooth
wl-clipboard
networkmanager
alsa-utils
nixfmt-rfc-style
mako
podman
kicad
obsidian
speedcrunch
deadbeef
vlc
sox
audacity
platformio
# flatcam
pcb2gcode
jetbrains-toolbox
arduino-ide
# python311Full
gcc
stm32cubemx
stm32flash
easyeffects
ncspot
#yubikey-personalization-gui
#yubikey-manager-qt
#zoom-us
mangohud
distrobox
# plex-desktop
rpi-imager
rpiboot
imagemagick
prusa-slicer
freecad
wlogout
gparted
nix-update
ffmpeg-full
projectm_3
heroic
flameshot
krename
xfce.mousepad
yt-dlp
soapysdr
soapyrtlsdr
# sdrpp
# brave
python3
#nodejs_23
streamdeck-ui
scrcpy
kanshi
#wsmancli
#realvnc-vnc-viewer
ncdu
hyprlock
openrgb-with-all-plugins
swayidle
transmission_4-qt
nixos-generators
openwsman
wsmancli
bs-manager
];
services.monado = {
enable = true;
defaultRuntime = true;
highPriority = true;
};
services.hardware.openrgb.enable = true;
services.meshcentral.enable = true;
programs.ydotool.enable = true;
programs.adb.enable = true;
hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true;
services.sunshine = {
enable = true;
autoStart = true;
capSysAdmin = true;
openFirewall = true;
};
programs.bash.shellAliases = {
nixrebuild = "pushd /etc/nixos && { trap 'popd' EXIT; sudo nixos-rebuild switch --flake .#$(hostname); }";
nixupdate = "cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --flake .#$(hostname)";
nixedit = "sudo nano /etc/nixos/hosts/$(hostname)/configuration.nix";
nixlimitfive = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system | head -n -5 | cut -d ' ' -f2 | xargs -I {} sudo nix-env --delete-generations --profile /nix/var/nix/profiles/system {}";
scrwebcam = "sudo pkill scrcpy ; sudo modprobe -r v4l2loopback ; sudo modprobe v4l2loopback && nohup scrcpy --camera-facing=back --video-source=camera --v4l2-sink=/dev/video0 --no-window --no-audio-playback 2>&1 1>/dev/null";
};
virtualisation.waydroid.enable = true;
hardware.steam-hardware.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
};
services.udev.extraRules = ''
# ST-LINK V2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
# ST-LINK V2.1
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
# ST-LINK V3
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
# CP2101 - CP 2104
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_%n"
# ATEN UC-232A
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0557", ATTRS{idProduct}=="2008", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_aten_%n"
'';
fonts.fontDir.enable = true;
fonts.fontconfig.enable = true;
fonts.fontconfig.antialias = true;
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
jetbrains-mono
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
font-awesome
nerd-fonts.symbols-only
nerd-fonts.jetbrains-mono
];
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
hardware.rtl-sdr.enable = true;
security.sudo = {
enable = true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
programs.gamescope = {
enable = true;
capSysNice = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true; # -#
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
@@ -425,5 +62,4 @@
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment? system.stateVersion = "23.11"; # Did you read the comment?
} }

443
hosts/cap-slim7/configuration.nix
View File

@@ -6,418 +6,51 @@
{ {
imports = [ imports = [
# Include the results of the hardware scan. # Hardware Scan
./hardware-configuration.nix ./hardware-configuration.nix
# Users
../../users/caperren/caperren.nix
# System Configuration
../../modules/system/cpu-amd.nix
../../modules/system/displaylink.nix
../../modules/system/fonts.nix
../../modules/system/gpu-amd.nix
../../modules/system/home-manager-settings.nix
../../modules/system/hyprland.nix
../../modules/system/internationalization.nix
../../modules/system/laptop.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/pipewire.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/3d-design.nix
../../modules/application-groups/android.nix
../../modules/application-groups/downloads.nix
../../modules/application-groups/gaming.nix
../../modules/application-groups/hobby-rc.nix
../../modules/application-groups/homelab.nix
../../modules/application-groups/media.nix
../../modules/application-groups/media-creation.nix
../../modules/application-groups/pcb-design.nix
../../modules/application-groups/productivity.nix
../../modules/application-groups/programming.nix
../../modules/application-groups/radio.nix
../../modules/application-groups/social.nix
../../modules/application-groups/system-utilities.nix
../../modules/application-groups/virtualization.nix
../../modules/application-groups/web.nix
]; ];
#boot.kernelPackages = pkgs.linuxPackages_latest; networking.hostName = "cap-slim7";
#
nix.settings.download-buffer-size = 524288000;
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.configurationLimit = 8;
networking.hostName = "cap-slim7"; # Define your hostname. #-#
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
#security.sudo.extraConfig = ''
# Defaults timestamp_timeout=15
#'';
# security.polkit.extraConfig = ''
# polkit.addRule(function(action, subject) {
# if ((action.id == "org.freedesktop.login1.reboot" ||
# action.id == "org.freedesktop.login1.poweroff") &&
# subject.isInGroup("powerusers")) {
# return polkit.Result.YES;
# }
# });
# '';
# Enable networking
networking.networkmanager.enable = true;
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
]; # -#
# Set your time zone. # Set your time zone.
time.timeZone = "America/Los_Angeles"; time.timeZone = "America/Los_Angeles";
# time.timeZone = "Pacific/Honolulu"; # time.timeZone = "Pacific/Honolulu";
#time.timeZone = "Europe/Oslo";
# services.tzupdate.enable = true;
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the XFCE Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
# services.xserver.desktopManager.xfce.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.caperren = {
isNormalUser = true;
description = "Corwin Perren";
extraGroups = [
"networkmanager"
"wheel"
"input"
"dialout"
"plugdev"
"adbusers"
];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true; # -#
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# droidcam-obs
# teensyduino
# ];
# plugins = with obs-studio-plugins; [
# PKGS END
# bottles
# lenovo-legion
obs-studio
#(wrapOBS {
#arduino-ide
#audacity
#deadbeef
#dolphin-emu
#dualsensectl
#easyeffects
#flameshot
#gcc
#glmark2
#heroic
#jetbrains.pycharm-professional
#lf
#lf
#librewolf
#lutris
#meshcentral
#pcb2gcode
#projectm_3
#python311Full
#qemu
#quickemu
#rofi-bluetooth
#s-tui
#scrcpy
#sox
#stm32cubemx
#stm32flash
#teensy-udev-rules
#transmission_4-qt
#via
#vlc
#vscode
#winetricks
#})
vlc
alsa-utils
arandr
brightnessctl
discord
dnsutils
git
glava
google-chrome
htop
hyprpicker
iftop
iotop
jetbrains-toolbox
flameshot
jq
kanshi
killall
mako
ncdu
networkmanager
networkmanagerapplet
nixfmt-rfc-style
nodejs
nvtopPackages.full
obsidian
pasystray
pavucontrol
playerctl
podman
powertop
pulsemixer
speedcrunch
spotify-player
streamdeck-ui
telegram-desktop
unetbootin
unzip
usbutils
util-linux
wget
wl-clipboard
wlogout
wofi
xfce.mousepad
imagemagick
hyprlock
# plex-desktop
darktable
arduino
yt-dlp
nmap
signal-desktop
swayidle
hyprlock
pciutils
s-tui
woeusb
gparted
];
hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true;
#programs.adb.enable = true;
services.meshcentral.enable = true;
services.xserver.videoDrivers = [
"displaylink"
"modesetting"
];
programs.ydotool.enable = true;
#boot.extraModulePackages = with config.boot.kernelPackages; [
# v4l2loopback
#];
#boot.extraModprobeConfig = ''
# options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1
#'';
#programs.virt-manager.enable = true;
#users.groups.libvirtd.members = [ "caperren" ];
#virtualisation.libvirtd.enable = true;
#virtualisation.spiceUSBRedirection.enable = true;
#services.spice-vdagentd.enable = true;
# services.automatic-timezoned.enable = true;
programs.bash.shellAliases = {
nixrebuild = "pushd /etc/nixos && { trap 'popd' EXIT; sudo nixos-rebuild switch --flake .#$(hostname); }";
nixupdate = "cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --flake .#$(hostname)";
nixedit = "sudo nano /etc/nixos/hosts/$(hostname)/configuration.nix";
nixlimitfive = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system | head -n -5 | cut -d ' ' -f2 | xargs -I {} sudo nix-env --delete-generations --profile /nix/var/nix/profiles/system {}";
};
#programs.appimage = {
# enable = true;
# binfmt = true;
#};
# services.power-profiles-daemon.enable = true;
services.tlp = {
enable = true;
settings = {
##### Defaults ######
# WIFI
WIFI_PWR_ON_AC = "off";
WIFI_PWR_ON_BAT = "off";
# AC
CPU_MIN_PERF_ON_AC = 0;
# BATT
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 35;
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
START_CHARGE_THRESH_BAT0 = 1; # On non-thinkpad lenovo, this sets conservation mode to 0
STOP_CHARGE_THRESH_BAT0 = 1; # ..., but to 1
###### Airplane Settings #####
# AC
# CPU_MAX_PERF_ON_AC = 35;
# CPU_SCALING_GOVERNOR_ON_AC = "powersave";
# CPU_ENERGY_PERF_POLICY_ON_AC = "power";
###### Normal Settings ######
# AC
CPU_MAX_PERF_ON_AC = 100;
CPU_SCALING_GOVERNOR_ON_AC = "performanc";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
# BATT
##### Special Overrides #####
#Optional helps save long term battery health
# START_CHARGE_THRESH_BAT0 = 0; # On non-thinkpad lenovo, this sets conservation mode to 0
# STOP_CHARGE_THRESH_BAT0 = 0; # ..., but to 1
};
};
#hardware.keyboard.qmk.enable = true;
#services.udev.packages = [ pkgs.via ];
services.udev.extraRules = ''
# ST-LINK V2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
# ST-LINK V2.1
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
# ST-LINK V3
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
# CP2101 - CP 2104
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_%n"
# ATEN UC-232A
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0557", ATTRS{idProduct}=="2008", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_aten_%n"
'';
fonts.fontDir.enable = true;
fonts.fontconfig.enable = true;
fonts.fontconfig.antialias = true;
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
jetbrains-mono
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
font-awesome
nerd-fonts.symbols-only
nerd-fonts.jetbrains-mono
];
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
security.sudo = {
enable = true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true; # -#
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions

2
initial_setup.sh
View File

@@ -6,7 +6,7 @@ set -e
SCRIPT_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")") SCRIPT_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")
GIT_REPO_NAME="nixos-configs" GIT_REPO_NAME="nixos-configs"
GIT_RELEASE_BRANCH="playground" GIT_RELEASE_BRANCH="$(hostname)"
GIT_REPO_URL="git@github.com:caperren/$GIT_REPO_NAME.git" GIT_REPO_URL="git@github.com:caperren/$GIT_REPO_NAME.git"
NIXOS_REPO_CONFIG_PARENT_PATH="/opt" NIXOS_REPO_CONFIG_PARENT_PATH="/opt"

8
modules/application-groups/3d-design.nix Normal file
View File

@@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
prusa-slicer
freecad
];
}

39
modules/application-groups/ai.nix Normal file
View File

@@ -0,0 +1,39 @@
{ pkgs, config, ... }:
{
services.ollama = {
enable = true;
loadModels = [
"llama3.2:3b"
"phi4-reasoning:14b"
"dolphin3:8b"
"smallthinker:3b"
"gemma3:4b"
"gemma3:12b"
"gemma3:27b"
"deepcoder:14b"
"qwen3:14b"
"nomic-embed-text"
];
acceleration = "cuda";
};
services.open-webui = {
enable = true;
port = 8888;
host = "127.0.0.1";
};
environment.systemPackages = with pkgs; [
oterm
alpaca
aichat
fabric-ai
aider-chat
# tgpt
# smartcat
# nextjs-ollama-llm-ui
# open-webui
];
}

4
modules/application-groups/android.nix Normal file
View File

@@ -0,0 +1,4 @@
{ config, pkgs, ... }:
{
programs.adb.enable = true;
}

8
modules/application-groups/downloads.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gallery-dl
transmission_4-qt
yt-dlp
];
}

33
modules/application-groups/gaming.nix Normal file
View File

@@ -0,0 +1,33 @@
{ pkgs, ... }:
{
# Support steam hardware like the index and steam controller
hardware.steam-hardware.enable = true;
# Steam
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
# Valve's micro-compositor
programs.gamescope = {
enable = true;
capSysNice = true;
};
# Open source OpenXR runtime for VR
services.monado = {
enable = true;
defaultRuntime = true;
highPriority = true;
};
environment.systemPackages = with pkgs; [
bs-manager
heroic
itch
monado
];
}

9
modules/application-groups/hobby-rc.nix Normal file
View File

@@ -0,0 +1,9 @@
{ config, pkgs, ... }:
{
programs.qgroundcontrol.enable = true;
environment.systemPackages = with pkgs; [
inav-configurator
mission-planner
];
}

4
modules/application-groups/homelab.nix Normal file
View File

@@ -0,0 +1,4 @@
{ pkgs, ... }:
{
services.meshcentral.enable = true;
}

11
modules/application-groups/k3s-primary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server";
tokenFile = config.sops.secrets.k3s_token.path;
clusterInit = true;
};
}

11
modules/application-groups/k3s-secondary.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server"; # Or "agent" for worker only nodes
tokenFile = config.sops.secrets.k3s_token.path;
serverAddr = "https://cap-clust-01:6443";
};
}

11
modules/application-groups/media-creation.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
audacity
darktable
inkscape
# kdePackages.kdenlive # <- Build Failure
obs-studio
pinta
];
}

40
modules/application-groups/media.nix Normal file
View File

@@ -0,0 +1,40 @@
{ config, pkgs, ... }:
{
boot = {
# Make v4l2loopback kernel module available to NixOS.
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
# Activate kernel module(s).
kernelModules = [
# Virtual camera.
"v4l2loopback"
# Virtual Microphone. Custom DroidCam v4l2loopback driver needed for audio.
# "snd-aloop"
];
};
boot.extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
programs.bash.shellAliases = {
scrwebcam = "sudo pkill scrcpy ; sudo modprobe -r v4l2loopback ; sudo modprobe v4l2loopback && nohup scrcpy --camera-facing=back --video-source=camera --v4l2-sink=/dev/video0 --no-window --no-audio-playback 2>&1 1>/dev/null";
};
environment.systemPackages = with pkgs; [
glava
gimp
imv
plex-desktop
projectm_3
sox
spotify
spotify-player
vlc
];
}

8
modules/application-groups/pcb-design.nix Normal file
View File

@@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
kicad
pcb2gcode
];
}

8
modules/application-groups/productivity.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
obsidian
kdePackages.okular
texliveFull
];
}

42
modules/application-groups/programming.nix Normal file
View File

@@ -0,0 +1,42 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
arduino-ide
dfu-util
gcc
gnumake
jetbrains-toolbox
nix-update
nixfmt-rfc-style
nixos-generators
nodejs
# platformio
python314
stm32cubemx
stm32flash
teensy-udev-rules
vscode-with-extensions
];
services.udev.extraRules = ''
# ST-LINK V2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
# ST-LINK V2.1
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
# ST-LINK V3
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
# CP2101 - CP 2104
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_%n"
# ATEN UC-232A
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0557", ATTRS{idProduct}=="2008", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_aten_%n"
'';
}

11
modules/application-groups/radio.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
hardware.rtl-sdr.enable = true;
environment.systemPackages = with pkgs; [
chirp
soapysdr
soapyrtlsdr
];
}

8
modules/application-groups/social.nix Normal file
View File

@@ -0,0 +1,8 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
discord
slack
telegram-desktop
];
}

27
modules/application-groups/system-utilities-cluster.nix Normal file
View File

@@ -0,0 +1,27 @@
{ config, pkgs, ... }:
{
services.glances.enable = true;
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
btop
dnsutils
git
htop
iftop
iotop
killall
kitty
ncdu
networkmanager
nmap
nvtopPackages.full
pciutils
screen
unzip
usbutils
util-linux
wget
];
}

67
modules/application-groups/system-utilities.nix Normal file
View File

@@ -0,0 +1,67 @@
{ config, pkgs, ... }:
{
hardware.keyboard.qmk.enable = true;
hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true;
programs.ssh.startAgent = true;
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
programs.ydotool.enable = true;
services.glances.enable = true;
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.hardware.openrgb.enable = true;
services.openssh.enable = true;
services.printing.enable = true;
services.tumbler.enable = true; # Thumbnail support for images
environment.systemPackages = with pkgs; [
btop-cuda
desktop-file-utils
dmidecode
dnsutils
ffmpeg-full
git
gparted
htop
iftop
imagemagick
iotop
jq
k3s
kdePackages.qt6ct
killall
kitty
swappy
lf
mesa-demos
minicom
ncdu
networkmanager
networkmanagerapplet
nmap
nvtopPackages.full
openrgb-with-all-plugins
pciutils
rofi-bluetooth
# rpi-imager # <- Build Failure
rpiboot
s-tui
scrcpy
screen
speedcrunch
streamdeck-ui
stress
unzip
usbutils
util-linux
wget
xev
xfce.mousepad
];
}

10
modules/application-groups/virtualization.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.containers.policy = {
default = [ { type = "insecureAcceptAnything"; } ];
};
}

8
modules/application-groups/web.nix Normal file
View File

@@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
google-chrome
];
}

71
modules/applications/netextender/flake.nix Normal file
View File

@@ -0,0 +1,71 @@
# TODO: This was hacked together until it worked...Clean it up before merging
{
description = "SonicWall NetExtender Flake";
outputs =
{ self, nixpkgs, ... }:
let
systems = [ "x86_64-linux" ];
neVersion = "10.3.0-21";
neUrl = "https://software.sonicwall.com/NetExtender/NetExtender-linux-amd64-${neVersion}.tar.gz";
# ✅ Define the overlay function directly
overlay = final: prev: {
netextender = prev.stdenv.mkDerivation rec {
pname = "netextender";
version = neVersion;
src = prev.fetchurl {
url = neUrl;
sha256 = "sha256-pnF/KRQMAcPnTj0Ni+sKKkw+H72WHf2iYVkWsWNCndc=";
};
nativeBuildInputs = [
prev.autoPatchelfHook
prev.makeWrapper
];
buildInputs = [
prev.openssl_3
prev.zlib
prev.gtk2
prev.pango
prev.cairo
prev.xorg.libX11
];
unpackPhase = "tar -xzf $src";
installPhase = ''
mkdir -p $out/bin
BIN_CLI=$(find . -type f -iname nxcli -perm -111 | head -n1)
BIN_SVC=$(find . -type f -iname neservice -perm -111 | head -n1)
install -Dm755 "$BIN_CLI" $out/bin/nxcli
install -Dm755 "$BIN_SVC" $out/bin/neservice
ln -sf nxcli $out/bin/netextender
ln -sf neservice $out/bin/nxservice
for exe in nxcli neservice; do
wrapProgram $out/bin/$exe \
--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath buildInputs}
done
'';
};
};
in
{
overlays = {
x86_64-linux = overlay;
};
packages = {
x86_64-linux =
let
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ overlay ];
};
in
{
default = pkgs.netextender;
netextender = pkgs.netextender;
};
};
};
}

130
modules/host-groups/apollo-2000.nix Normal file
View File

@@ -0,0 +1,130 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
time.timeZone = "America/Los_Angeles";
sops.secrets = {
"ssh/ilouser/id_rsa" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa";
restartUnits = [ "hpe-silent-fans.service" ];
};
"ssh/ilouser/id_rsa_pub" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa.pub";
};
};
systemd = {
# services.hpe-ilo-keepalive = {
# enable = true;
# after = [
# "network.target"
# "hpe-silent-fans.service"
# ];
# wantedBy = [ "multi-user.target" ];
# description = "Maintains ilo ssh session via sending periodic command";
#
# serviceConfig = {
# Type = "simple";
# ExecStart = ''${pkgs.screen}/bin/screen -S ilofansession -X stuff "fan info^M"'';
# };
#
# path = with pkgs; [
# bash
# config.programs.ssh.package
# screen
# ];
#
# startAt = "*:0/5";
# };
services.hpe-silent-fans = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
description = "Lowers fan speeds by using ilo over ssh to manually set fan parameters";
serviceConfig = {
Type = "simple";
ExecStartPre = ''${pkgs.coreutils}/bin/sleep 30'';
ExecStart = "${pkgs.writeShellScript "hpe-silent-fans.sh" ''
set -e
SCREEN_NAME=ilofansession
SSH_USER=ilouser
SSH_HOST=cap-apollo-ilo02
SSH_KEY=/root/.ssh/ilo_id_rsa
SSH_OPTIONS="-o KexAlgorithms=diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -o StrictHostKeyChecking=no"
# Create screen session
screen -dmS $SCREEN_NAME
# Make initial iLO connection
screen -S $SCREEN_NAME -X stuff "ssh -i $SSH_KEY -t $SSH_USER@$SSH_HOST $SSH_OPTIONS^M"
sleep 5
##### Tune pid for all non-segmented fans
for sensor in 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 26 28 29 30 31 32 38 40 41; do
screen -S $SCREEN_NAME -X stuff "fan pid $sensor lo 1600^M"
sleep 0.5
done
##### Tune pid for segmented fans
for sensor in 8 22 23 24 25 27 39; do
screen -S $SCREEN_NAME -X stuff "fan a $sensor 0 0 16 41 16 25^M"
sleep 0.5
done
##### Set minimum for fan group
screen -S $SCREEN_NAME -X stuff "fan p 0 min 16^M"
''}";
};
path = with pkgs; [
bash
config.programs.ssh.package
coreutils
screen
];
};
# timers.hpe-ilo-keepalive = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnBootSec = "5m";
# OnCalendar = "*-*-* *:0/5:00";
# Unit = "hpe-ilo-keepalive.service";
# };
# };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

33
modules/host-groups/cluster.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/cluster-admin/cluster-admin.nix
# System Configuration
../system/cpu-amd.nix
../system/fonts.nix
../system/git-auto-rebuild.nix
../system/gpu-amd.nix
../system/home-manager-settings.nix
../system/internationalization.nix
../system/networking.nix
../system/nix-settings.nix
../system/security.nix
../system/systemd-boot.nix
# Application Groups
../application-groups/system-utilities-cluster.nix
];
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

82
modules/nixos/hyprland-amd.nix
View File

@@ -1,82 +0,0 @@
{ pkgs, config, ... }:
{
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
# programs.waybar = {
# enable = true;
## systemd.enable = true;
# };
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# environment.sessionVariables = {
# If your cursor becomes invisible
# WLR_NO_HARDWARE_CURSORS = "1";
# Hint electron apps to use wayland
# NIXOS_OZONE_WL = "1";
# Fix waiting on vsync
# __GL_SYNC_TO_VBLANK = "0";
# };
services.xserver = {
enable = true;
videoDrivers = [ "amdgpu" ];
};
services.displayManager.gdm = {
enable = true;
wayland = true;
};
# services.displayManager.autoLogin = {
# enable = true;
# user = "caperren";
# };
hardware.graphics = {
enable = true;
enable32Bit = true;
};
# hardware.nvidia = {
# Enable modesetting for Wayland compositors (hyprland)
# modesetting.enable = true;
# Use the open source version of the kernel module (for driver 515.43.04+)
# Actually, just overridden to false for now
# open = false;
# Enable the Nvidia settings menu
# nvidiaSettings = true;
# Select the appropriate driver version for your specific GPU
# package = config.boot.kernelPackages.nvidiaPackages.stable;
# };
environment.systemPackages = [
pkgs.hyprland
pkgs.kitty
pkgs.waybar
pkgs.dunst
pkgs.libnotify
pkgs.rofi-wayland
pkgs.nwg-look
pkgs.desktop-file-utils
pkgs.grim
pkgs.slurp
pkgs.nwg-displays
(pkgs.waybar.overrideAttrs (oldAttrs: {
mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
}))
];
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}

77
modules/nixos/hyprland.nix
View File

@@ -1,77 +0,0 @@
{ pkgs, config, ... }:
{
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
environment.sessionVariables = {
# If your cursor becomes invisible
WLR_NO_HARDWARE_CURSORS = "1";
# Hint electron apps to use wayland
NIXOS_OZONE_WL = "1";
# Fix waiting on vsync
__GL_SYNC_TO_VBLANK = "0";
};
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
};
services.displayManager.gdm = {
enable = true;
wayland = true;
};
# services.displayManager.autoLogin = {
# enable = true;
# user = "caperren";
# };
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Enable modesetting for Wayland compositors (hyprland)
modesetting.enable = true;
# Use the open source version of the kernel module (for driver 515.43.04+)
# Actually, just overridden to false for now
open = false;
# Enable the Nvidia settings menu
nvidiaSettings = true;
# Select the appropriate driver version for your specific GPU
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
environment.systemPackages = [
pkgs.hyprland
pkgs.kitty
pkgs.waybar
pkgs.dunst
pkgs.libnotify
pkgs.rofi-wayland
pkgs.nwg-look
pkgs.desktop-file-utils
pkgs.grim
pkgs.slurp
pkgs.nwg-displays
(pkgs.waybar.overrideAttrs (oldAttrs: {
mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
}))
];
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}

4
modules/system/cpu-amd.nix Normal file
View File

@@ -0,0 +1,4 @@
{ config, lib, ... }:
{
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
modules/system/cpu-intel.nix Normal file
View File

@@ -0,0 +1,4 @@
{ config, lib, ... }:
{
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
modules/system/desktop.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
];
}

17
modules/system/displaylink.nix Normal file
View File

@@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
boot = {
extraModulePackages = [ config.boot.kernelPackages.evdi ];
initrd = {
# List of modules that are always loaded by the initrd.
kernelModules = [
"evdi"
];
};
};
services.xserver.videoDrivers = [
"displaylink"
"modesetting"
];
}

28
modules/system/fonts.nix Normal file
View File

@@ -0,0 +1,28 @@
{ config, pkgs, ... }:
{
fonts.fontDir.enable = true;
fonts.fontconfig = {
enable = true;
antialias = true;
defaultFonts = {
monospace = [ "JetBrains Mono" ];
sansSerif = [ "JetBrains Mono" ];
serif = [ "JetBrains Mono" ];
};
};
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
jetbrains-mono
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
font-awesome
nerd-fonts.symbols-only
nerd-fonts.jetbrains-mono
];
}

33
modules/system/git-auto-rebuild.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, ... }:
{
systemd.services.git-auto-rebuild = {
enable = true;
after = [ "network.target" ];
description = "Rebuilds the git repo at /etc/nixos if there are changes in the currently checked out branch";
# startAt = "*:0/1";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.bash}/bin/bash -c "cd /etc/nixos && ${pkgs.git}/bin/git pull && ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake #$(${pkgs.hostname}/bin/hostname)"'';
};
environment =
config.nix.envVars
// {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
}
// config.networking.proxy.envVars;
path = with pkgs; [
bash
coreutils
gnutar
hostname
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
};
}

11
modules/system/gpu-amd.nix Normal file
View File

@@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
nixpkgs.config.rocmSupport = true;
services.xserver.videoDrivers = [ "amdgpu" ];
}

26
modules/system/gpu-nvidia.nix Normal file
View File

@@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
environment.sessionVariables = {
# If your cursor becomes invisible
WLR_NO_HARDWARE_CURSORS = "1";
# Hint electron apps to use wayland
NIXOS_OZONE_WL = "1";
# Fix waiting on vsync
__GL_SYNC_TO_VBLANK = "0";
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Enable modesetting for Wayland compositors (hyprland)
modesetting.enable = true;
# Use the open source version of the kernel module (for driver 515.43.04+)
# Actually, just overridden to false for now
open = false;
# Enable the Nvidia settings menu
nvidiaSettings = true;
# Select the appropriate driver version for your specific GPU
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

11
modules/system/home-manager-settings.nix Normal file
View File

@@ -0,0 +1,11 @@
{ inputs, ... }:
{
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bkp";
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
};
}

46
modules/system/hyprland.nix Normal file
View File

@@ -0,0 +1,46 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.hypridle.enable = true;
services.xserver.enable = true;
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
environment.systemPackages = with pkgs; [
arandr
bemenu
dunst
grim
hyprpaper
hyprpicker
j4-dmenu-desktop
kanshi
libnotify
mako
nwg-look
rofi
slurp
swayimg
wl-clipboard
wlogout
];
}

24
modules/system/internationalization.nix Normal file
View File

@@ -0,0 +1,24 @@
{ config, pkgs, ... }:
{
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
}

56
modules/system/laptop.nix Normal file
View File

@@ -0,0 +1,56 @@
{ config, pkgs, ... }:
{
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
brightnessctl
powertop
];
services.tlp = {
enable = true;
settings = {
##### Defaults ######
# WIFI
WIFI_PWR_ON_AC = "off";
WIFI_PWR_ON_BAT = "off";
# AC
CPU_MIN_PERF_ON_AC = 0;
# BATT
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 35;
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
START_CHARGE_THRESH_BAT0 = 1; # On non-thinkpad lenovo, this sets conservation mode to 0
STOP_CHARGE_THRESH_BAT0 = 1; # ..., but to 1
###### Airplane Settings #####
# AC
# CPU_MAX_PERF_ON_AC = 35;
# CPU_SCALING_GOVERNOR_ON_AC = "powersave";
# CPU_ENERGY_PERF_POLICY_ON_AC = "power";
###### Normal Settings ######
# AC
CPU_MAX_PERF_ON_AC = 100;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
# BATT
##### Special Overrides #####
#Optional helps save long term battery health
# START_CHARGE_THRESH_BAT0 = 0; # On non-thinkpad lenovo, this sets conservation mode to 0
# STOP_CHARGE_THRESH_BAT0 = 0; # ..., but to 1
};
};
}

13
modules/system/networking.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, pkgs, ... }:
{
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
}

39
modules/system/nix-settings.nix Normal file
View File

@@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Generally want a larger download buffer
nix.settings.download-buffer-size = 524288000;
nix.settings.auto-optimise-store = true;
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
programs.bash.shellAliases = {
# Nix rebuild, switch
nrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
# with tracing
tnrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";
# Nix flake update, rebuild, switch
nus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
# with tracing
tnus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";
# Special cleanup, needed when efi partition runs out of space. Deletes all but the last five generations.
# Remember to make that partition bigger in the future...
neficlean = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system | head -n -5 | cut -d ' ' -f2 | xargs -I {} sudo nix-env --delete-generations --profile /nix/var/nix/profiles/system {}";
};
}

20
modules/system/pipewire.nix Normal file
View File

@@ -0,0 +1,20 @@
{ config, pkgs, ... }:
{
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
pasystray
alsa-utils
pulsemixer
easyeffects
];
}

58
modules/system/security.nix Normal file
View File

@@ -0,0 +1,58 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
commands = [
{
command = "${config.system.path}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "cluster-admin" ];
commands = [
{
command = "${config.system.path}/bin/systemctl start git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/systemctl stop git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "caperren" ];
commands = [
{
command = "${config.system.path}/bin/nvtop";
options = [
"NOPASSWD"
"SETENV"
];
}
];
}
];
};
}

7
modules/system/systemd-boot.nix Normal file
View File

@@ -0,0 +1,7 @@
{ pkgs, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.configurationLimit = 8;
}

10
modules/system/xfce.nix Normal file
View File

@@ -0,0 +1,10 @@
{ config, pkgs, ... }:
{
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the XFCE Desktop Environment.
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.xfce.enable = true;
}

115
secrets/cluster.yaml Normal file
View File

@@ -0,0 +1,115 @@
k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T09:05:22Z"
mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

136
secrets/default.yaml Normal file
View File

@@ -0,0 +1,136 @@
ssh:
ilouser:
id_rsa: ENC[AES256_GCM,data:BuoM1E1pf9srSfWWV+bIy9H/JAQIMsucJv8T+Sky6HgSsR1WLdOX8pYJSVukuMMisSBG8DJiGy7PgzqeZohrFbkaHpc7gI0S3+803pZQjILzs9kEIrpTzqb+i5UgGPNn7Q9Rk2Etm7UlQAaUSLZg1XfCWV421YeTDFnM42bLy8Lhpb5J/GyP4iYJN5osmlQdjUbzR4wWaYIofWHjTqbNo0yNdMTDPf/bVDw+/34Xx/Xcvc90KtbO/k/gWpOam/Mq/jMoaA0IcZu7p6pu3WWFlilkeBtLefLo8nDEGi13hT2KxrB89npTNWWXf4sejQxkZgp8x1FxA8LH9v6vRunvdBRNTw/JjmtxaF8vKfjd2oxaKztLA8NROYQRpavqv6/NGlyBCU+yncq/E5dl51t7BwDwpSUvYvVEP20qH1JBKtiyuHlLOTOwTJtigOE3EuNxuEViz56Q0tVpQOcPQuSRmwdOg8hMZx/HnaDv52JVxeQHdF8jpzz3E3noB1AbRIAb84XXWVo2QLxFb8W8t5ta5cdOq/Pqte5PNXfT+2pjBIOlfg5mzA9kjH4QOZaO7zBbMj/ZD480gZY+kUMgeXgOtoLSZCPvdBbSjd7Lsd7xYbZSk6m4jOtvbTzpaFX8ZIT4ompC/+G84t3HyxE+UUeBip7mTeOJBCc1WjguKSzdBMmYZUxJAGMmWJ+TQDZSFu2m7bMmLGTgya5isqtcqGN5cGcICxIfOVfuoJ5T6vO3t2ZdUuV2U4+gfCYhtEZbsT/lhgRC0NlMWBhowCRpzhowYLHHGqmUfl5M+JTCAOS1QDmZvaGVc8BC0WWkc+162NGME1D+GRolHF44TfB5IuTQ1cfrv+VvK4DIsEslleAMCxqHPPQPGpCTcCNfe/3Yylkl/Pmogas2P8Q1fyGVTZCsS2G5wugptt8AdfdM+tvmqzlyponw3lNKe+mj1ehunJ8V93ea95cdmVikM6OLykzSrbxsejX8EgIQ0BChAFly38ot7YcmqgfqABCGeiYwOnL/90EuRmYRaMuUihbiRVzGPd5oc0OKDj5xdM2Eq/VRaODCFuhmwK5eLHB3tGab2Bin/8VGZkpWjQsd3H/UYRfPpJqjnhI3/dxD619ouZPfsTfQCVnBaZMYVKzpmeb3geNMeV1h8cDxNsAk85nAnG6RUF7xlqmgF6yUZ/vFtjUq/vCoNHsKvS5sSy73LPXljrVvZyG2K9P6dfTR4n8yYGJCoj95ahCAD4djsr9ylRzj1YTFQ7XdZGxw3GML7rmzuMS/Kk0qMKNYSlS9ru0yIL2baZmntjUKjcl0qigzO74bi3TxyoylmxXA2/80AcRU/fWi0t9g9aTJmuVztPiRQpCLsDzSS/xTjriwThx6v7tgmVwO05SdlBQ5Fk6R1nOsC+4X35l2f6pWJ91nlkfimJM3mY/MZDxWusfgXcS3SBswj59n7zX7AwykcX6/XHVWg91EfB6sRUZyHWsMxwn+i/P5aoIiO43leCD9KX5T0KjRAxa0DG092zM6pRaKEJWeBXTgcFTS5AQdMLVlt5GBHBHw2Slr6SMsUo7A1ycJqP7nw+YdLje86h4edfvbAtowhaBT3WPFoxbtAoBWqkYPgTGs/AiKRsfjecypuCm52bz8VTiw8laRkYFO0nqyYZBm4u2BbVODS6Ji9ZxNpjN/NIDh/5ffhQ611iwL2xgob/yFrjqaRyzPx1DXseMO+Lc0TMEhdSVGG9i8fTJXN8VasDDHxWCQD/ZSyERGCqIDc1+pZBjwABiECsDtQy3DI+oQ3UEPLOFHGS95Kc5+KKij3ptvf61o2J6XKEUY0jqv+puNvmjz7jqsNBY+S524G+06zzcvXsUnWQ3o1lOseFDSl4ZV+a2GiRA+AHj5gSKXTNVUMDsEu7E+4Sg1WVFKLw4KgZ0KubHYQYz56QLojv2TUL3NrK1mUfdn9jeJ01L+CIMTVjz+4UjVI/AZJA370Le01pl0ZMxaFRa0fep1Pa6MikTS7SO8NBtTtbOI2Dt/hBrXpzbicfRU/2pNJ8hEn9in0eXkZ3h0/nHm5J/OrrbVOdvQK9RkF9J0sdgmLtnAxdQjKK7r8Tg17q4vefFRtTEFPz1hV8sOrNXJZc3GRnvINE/7CVYdBQZuq7Bqze9WS+Yqzo2Z7T+cgpLTThBWlL7uGRsNcOdxQOctvoHCDFMV+9+QSH9Cc55Jdbd1T/clludubmyCJLvd5+25haXtRNSivJ/qB/ZbaZq/1PrJw2rl9XuiTczVrG/5Gwpz7a7PVrP8ydIEoTAglMdr9WICKl2cqHo1+k7HOFZluJAugNTV5aRwCvb6roKXsENH6TE68RuiYI8GXD/AzrY86TADCZroeQ+arLW+UuDqQfsnJ6MM02NcSOriAqTbwikGSzNIwkOiuZmwc5Y1pVqe1pyVDf5gN6Q=,iv:IDe6vkBvgAzfxee+/odkLk1TLZRghVEf8hqH2r3+V9I=,tag:OFCA57fQjQxc+CT9DOq+VA==,type:str]
id_rsa_pub: ENC[AES256_GCM,data:hYdf7KifFqkHDa8UF1zvhirc2AkrYpL2VrmV2IJjHzzgbrJxshdA629mTXwXwXORbLwNcMpRR7DFLyHCRDu5cWsxluZ04rNU9sJFmL+6pPUonaa4Wc+9z5VysV8UItY/BZ/5mOMQ2ph/wMQ3pkFnBD58vOFOYsmZ7OCir5dQZfm8GdGDX76bOlOI/CAg/LtwFveHK4trY3EUkxbJQ1soZdpm7ML/7bDN52klaS/EEgwk+FJrNAcm8M+N3kMSZoJyJW7c1OG81d4G84tryt2fa7s2HGT79IX6h4wI0GGu+bl87MgmFC48KdvjPdWowfh2QxkphSLduYQ4ss4EQYgJrmkQznQtt67acCFxNrEyE5psSMQPXtgAbwV94xeqtc+QHzmjHAwICTzk7Q4sFF85cDV54ZyoQDYdfubjpJ6mdE65dftN2eYD/5ywdTq09vRpnlh24PTrp7nn4H+Yddakv5KGhQOnj0p6JHNytXEClmiqxANrsYyhKvZe9gS+5w1RIcrsv9dHr5uL7Q==,iv:PQiVjFf2LlOKa6i7V/DcxYU54m/AbJGwTwUmA9asKI4=,tag:y27R0sMuOno0Al9iD3+MsQ==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OURyTktBK0tLUFNvK3JV
cGZ0a1BNOUgyZHgvZlNEM091Z01pdlNWcHdrCjRyV2Vlamk1SGNGa2lOZjFZUlZW
NXlSaFRuUkVkV2ZWcm51N1ozbGp1Zk0KLS0tIFA3TmNueE5hSGxwZVlXeW9mOXZG
bWxNZVphblFnV3J2RnBnRjhIV1psTUkKvuHFAmPg7AgSgpSv3cRDDSYRRiG2pWIv
qs3gUknD2QAuo1dBGol6p3lzvuGNYaBLML9tgCgN60Y66RVHR1zEVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1a2FqYXZpWmRrVEhhazF2
akl3RjErZDc1TVZNZnBCQ3F1a2szUTB1bUVzCkJSV2F1RUNvR3FldmxnbEsyejB6
QU9xTTlud1BrVW1WQ0RCbFRhVCtiRW8KLS0tIG9UeTg3d0pUOUswaUdWdGVscHNM
NEZFUS9sNVJXSllNdXhRWDFYKzg0ZFkK1jEL736B5stLQw6BLxJmm8Z98uvD2qGZ
O98ByT6SrjQnYnr/8u0qY7dQ71ThzB5v3LSrk8/x06CzLmpAYgc6IQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbjh3YkhPd1o3M0h4bkhY
dS9QV203STh5OTF0Y3k2VEdFaFYwQmJNL3lBCkg4UnN2NW82a2F0a28zQ2h6Tng2
ckkrb1AyMUZ0UDM3ZDgvd2FWSTlCTmsKLS0tIGc0ckd1NW1Tc04zOUZhRjlwYmMx
NktCNXd3WE04VzgyczdNVVZ4Z0FIbk0K3999tMUUAerQhWeIST5W9v9sahnl/bub
Wh2wQPSC6pN6t60CMrs4N5NgXhXG6KADiWi9oMwR18RAqwQTRVKRzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2ZIQlpNRmZaczlGMWFT
aVZWYmJ4RWxJYkJ1YkJhYkV4c1pKZGVESzFvCjh0d0RPUHNSQThLQ29vTzloRGJI
cnNQMXpTVUs3NjUzeGtGbTFDMUE3azgKLS0tIHM4cS9GUi9XUXNITTJsakxxOXhk
U3hNMjNQNHhhTTRTZk9EV05FMEtlSlEK3zLfM19AjFadzWzcTbvmUwQnL0yG8A6K
JMNzwbUvPqLIBxniTuSNRHceCcyPvs4vnCRDQPeEIHV6r1dGMV90Gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TWN6WEM4WkFqKzFoVkZi
K2hnd2JzczY2YStKcDZjd1RPNGlRVklQL1U0Cmo1VTNkWnVQY2tSNzRBY3JrMW9x
Smx4STlKMzJGQUdrMmpXVCtYekZmWU0KLS0tIE1ycnR1MTVvMUgvcko2VlM0NEUy
Nk1vSWtQWlJWVlNIZEUyOEc5ZS80QjgKqyFL4+3Oqx92nDGJ/D8/+RkPmHZ5R9Yv
HXlyUrO+tmbSU5JkBO7tSZ9Ho89Imwf8b6r76ZozHOjpmhSL5RBvfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0pSVFdiMzBFaFZReEhY
eVFWNzc4eno5Zm1ScEpSUHNmeWVkaTdjQnlzCnZoS3hjeGlyUmd3U1lnc0xOUGVP
OXFweG5YTGV0NDZucWpuZ1lybG43dEEKLS0tIDk2NVZHUEtScklSQlZBQ0ZCMFZ4
N21xTTZpRm81cGM5elVWNnk5NU5PTGcKhfvVyHzhH9A1NDoyHwBAxHy5Dj8brkt5
280NVHI33SQ+R3mgdAcFB34jJW25ntq9Jd7f8V0FeqelGCzHttMy1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVHhXYnhkTjdPT0xqbE1D
LzliRGZzQWpiUFdmbE9LZktLN21GbUp5Y0U0CnAwTFlRN3M5OFpKNUNJNTlERVl0
MysvREhWdkZLOWdPODh2dXZlclRHMlUKLS0tIDF6c3pUUEh6bk5YeDJob0Rham1S
TlF5ZVp1Z21DU0hUdFJLMGNIRnVxZE0KGl0PT9mmCu+8yf2K7ADpeALk4xNG/Xld
IG1zlOPvAmmApoNKOx4FOlBVO8MAX922WsUgX6OSyw8U0PjdRn4rKQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MGJTd2cxRG5MNkJSdXBo
bXNuZXdPUDZjZC84S0g3N1ZENzIvWWVOaFN3Cmxpb08wSExqaTNQQ1RROGU4bk9h
K2lXMDhuVGpWa0NXOGlXMkxaMzZyWkEKLS0tIDUvckRYWXFhdW1wdUZlL083ZFhH
TFJtcEdFS2pPcHN4bjd1a3QwcktXTzgKy7mTdf495H9solOwE8qJgQQXg+4HYYoF
6ytA/0bA+UlDeziHS4opnlooXcyQ6isMUoi9+F3GlrDaS9NZx+v5vA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeEVoR2dscEg3Mlk5WlBP
UHFvR2RUTTh2Zm1UcStncEUxVnRwamM4eXdvCkdWbWcwajFXdkI3S1pkT01sZkoz
U2pYdDJ1Wmw3V1prWUh5TVhCSUtlK1kKLS0tIG5XUjhMak45UzlXek5vTDZMN3Nv
d1JJc3FvZjJadTVUSXJzWVQ3ckxQSVUKQ8Bw9tQdlgrH+e4QrkFhx9AVz7F6asDZ
rblgfXuYh+rnoDsuMh6gUciA9WDXBmlPgs09ny4T29T9uGwLjPnitw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TndrMmZMOG5tT1FnWmgr
OGlxek5ndGxFOFdmbXhKTFZidzRGS1NVWWhVCjNFK2U5bTM1OXhKcTV0Q3F6bG5U
T0xnYTloZStMbTBFTFovdHlBU2s2eTQKLS0tIEY2emp4ZVVDbzhLbGxuOUx5VG1G
R1B1VldGM3BONUoxUVpDeGhBK1orQXcKPHvqPhOE7j687dBQlfuTdsLIr7t8HzX+
IWOkgUe9Lu+ruHmx0FbDsLlqJZbZOVisaWGD7CEm4Ku1ZnOSejFZcw==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2x6VWx5TUJTcDdEbExr
V0t2VkdOV3NuUC9nUStZM3JwdmRqdThyUWtzCnFlTm13OFVlL205L0dPVzVrRlVh
b3BTTEFwcHlrL204alNlU2N0aExjVW8KLS0tIEQ5ZWpCeTMwNmpjcGl1WmtQdkNU
TVJBMjlNaWtHMlMzd3ViaGVpMERPVncKh7czaPxra9mRidJgrfaT0QWFU7d1li4e
60tD8Gkaoshs0KjQt6Vs2OrW5cJhMkBnUv7kulEEvn+ouukZOz4jTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbnFqcnE2bjNqVmJlVmNR
b2huRnVITTJOU3J2bE43d1V3VzZiRUc0cVZnCmRoTU5YZWQ3TmdZN3A0WUQxZHJr
Tjd4d3FkNHpPSThBemc5STR4VXEvRG8KLS0tIGdSZFgvL2c4MTB2eml0dWtWQVVV
YkJJT294RWRsaHlrYThuQ2RMa3pERkkK0G9ShhLOZVVjGinlUyk/sc9OjWmukLgR
JNTFWAePS/k1O/bO4Myxc9wX4R9UrZOpG/Q6v66ilNOApWD7i/2eBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUUJzYVBzLzlWc2QzUitS
M3JrSGUxcXV2NlA4Q2lDVGpCU0NnZTY2Q0RVCmZ0Tmp0M2FMUVcvY1JrQmoyNk9B
VDFqUUlQMVJ3L3JoaE5ISDV0YU5ydTQKLS0tIGRjM2ZxUzRMRGxzL0ZBR0F2Ti9Y
Tnp0djVFV0hPTkJGYXJSTWRHdkUzWVEK2bWcz9/qrHjAO0FWzjwsuBnZMm42XzKl
h1tQwqF7A3jdcezZXYmOn5R1nJX5NTXLySgPZapvOhrPmuHZk4UULQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUHlzOEtpUnFoU0VmNmpl
TDgwdVAzeENBd3dvY2U3TFVkSy96Mi8rVERjCmhaU0hpeUR2cjh3ckNKVWNtaTRG
STRpaHFGWmU5TjRFWEhabWZTaC9FMk0KLS0tIHBsN3BxNXRIQ2ptNHZjQ0tlZ2Ro
YWttOHNEeDFTemh2OFEvNGNOZmkzeEUKL9yGY1L35y+ZIFyTFKyvgIirWSGe5lkT
jYAPmt/RJmskzNBQdo3KGnPKqpVK5nEBUwmzKVre4AOOSTYJ4ER+0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-31T05:09:48Z"
mac: ENC[AES256_GCM,data:VP4URW/zRZFa4A3Q0gVzs06Zre+GzT3DNcrYxOcktgR1ooyvCjPE6l5t3Jf2LvVanSuBfIQMP7w67OcBar89QqGjn38E6V/U5Lyj7hHF9AtqNd/3l3P91xt+69UBOEqhZI0oASrTA3MKAZVeg6kWtU7YWajPH0PVxOsxMHeD9g4=,iv:LciFXM9JdXwmR56dgO6OskfcGauy8Q5gYIKZH2sES90=,tag:VJbexnwD+N1mGzADfXhp7g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

45
users/apollo-admin/apollo-admin.nix Normal file
View File

@@ -0,0 +1,45 @@
{ config, pkgs, ... }:
let
sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
in
{
users.users.apollo-admin = {
initialPassword = "changeme";
isNormalUser = true;
description = "Cluster Admin";
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
sshCaperrenDesktopPubkey
sshCaperrenLaptopPubkey
];
};
home-manager.users.apollo-admin = {
home.username = "apollo-admin";
home.homeDirectory = "/home/apollo-admin";
home.stateVersion = "25.05";
home.packages = with pkgs; [ ];
programs.bash.enable = true;
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
};
};
}

155
users/caperren/caperren.nix Normal file
View File

@@ -0,0 +1,155 @@
{ config, pkgs, ... }:
let
hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}";
kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}";
sshDesktopPubkey = builtins.readFile ./pubkeys/cap-nr200p.pub;
sshLaptopPubkey = builtins.readFile ./pubkeys/cap-slim7.pub;
spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml;
spotifyPlayerAppTomlText =
builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ]
spotifyPlayerAppTomlTextTemplate;
waybarConfigPath = ./. + "/dotfiles/waybar/${config.networking.hostName}";
in
{
users.users.caperren = {
isNormalUser = true;
description = "Corwin Perren";
extraGroups = [
"adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"plugdev"
"podman"
"wheel"
];
openssh.authorizedKeys.keys = [
sshDesktopPubkey
sshLaptopPubkey
];
};
home-manager.users.caperren = {
home.username = "caperren";
home.homeDirectory = "/home/caperren";
home.stateVersion = "25.05";
home.packages = with pkgs; [
obsidian
];
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.bash.enable = true;
programs.bemenu.enable = true;
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
settings = {
allow_remote_control = true;
};
};
# Assets/scripts
home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;
# Application config files
home.file.".config/containers/policy.json".source = ./dotfiles/.config/containers/policy.json;
home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf;
home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf;
home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf;
home.file.".config/hypr/backgrounds/black.png".source = ./dotfiles/hyprpaper/backgrounds/black.png;
home.file.".config/hypr/hyprland-common.conf".source = ./dotfiles/hyprland/hyprland-common.conf;
home.file.".config/hypr/hyprland.conf".source = hyprlandConfigPath + "/hyprland.conf";
home.file.".config/kanshi/config".source = kanshiConfigPath + "/config";
home.file.".config/streamdeck-ui/.streamdeck_ui_link.json" = {
source = ./dotfiles/streamdeck/.streamdeck_ui.json;
# Copy the symlinked version to its final location, otherwise it has no write permissions
# on the config file, which breaks the entire app
onChange = ''
cat ~/.config/streamdeck-ui/.streamdeck_ui_link.json > ~/.streamdeck_ui.json
chmod 600 ~/.streamdeck_ui.json
'';
force = true;
};
home.file.".config/spotify-player/app.toml".text = spotifyPlayerAppTomlText;
home.file.".config/waybar/config".source = waybarConfigPath + "/config";
home.file.".config/waybar/style.css".source = ./dotfiles/waybar/style.css;
home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout;
# Desktop entry files so bemenu can find them
home.file.".local/share/applications/alltop.desktop".source =
./dotfiles/.local/share/applications/alltop.desktop;
home.file.".local/share/applications/glava.desktop".source =
./dotfiles/.local/share/applications/glava.desktop;
home.file.".local/share/applications/phonerdp.desktop".source =
./dotfiles/.local/share/applications/phonerdp.desktop;
home.file.".local/share/applications/spotify-player.desktop".source =
./dotfiles/.local/share/applications/spotify-player.desktop;
# Custom bash aliases
home.shellAliases = {
# Phone remote desktop over usb (adb), with some default flags I want
phonerdp = "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close";
# Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo
savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json";
# Nice to have an alias if I ever want to launch this from cmdline, or see the dbus help string
screenshot = "~/.config/hypr/scripts/screenshot.sh";
};
# Theming
gtk = {
enable = true;
theme = {
name = "Adwaita-dark"; # Or another dark theme
package = pkgs.gnome-themes-extra;
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
cursorTheme = {
name = "Bibata-Modern-Ice";
package = pkgs.bibata-cursors;
};
font.name = "JetBrains Mono 11";
};
home.sessionPath = [
"$HOME/.local/share"
];
home.sessionVariables = {
GTK_THEME = "Adwaita-dark";
};
xdg.mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"text/html" = [ "firefox.desktop" ];
"image/*" = [ "imv.desktop" ];
};
};
xresources.properties = {
"Xft.font" = "JetBrains Mono";
};
};
}

7
users/caperren/dotfiles/.config/containers/policy.json Normal file
View File

@@ -0,0 +1,7 @@
{
"default": [
{
"type": "insecureAcceptAnything"
}
]
}

44
users/caperren/dotfiles/.config/glances/glances.conf Normal file
View File

@@ -0,0 +1,44 @@
##############################################################################
# Custom Glances Configuration Overrides
##############################################################################
[global]
# Managed by NixOS configs
check_update=false
[percpu]
# All of my systems are 16 core
max_cpu_display=16
[ip]
# Useful for validating vpn connectivity
public_disabled=False
public_refresh_interval=300
public_api=https://ipv4.ipleak.net/json/
public_field=ip
public_template={continent_code}/{country_code}/{region_code}/{city_name}/{isp_name}
[diskio]
# Don't care about loop devices
hide=loop.*,/dev/loop.*
[smart]
disable=False
[fs]
# Nix store is duplicate of / on NixOS
hide=/nix/store
# Leaving this all commented for now as it doesn't like large number of files
#[folders]
# Home overview is helpful
#folder_1_path=/home/caperren
#folder_1_refresh=120
# Steam is normally the largest
#folder_2_path=/home/caperren/.local/share/Steam
#folder_2_refresh=120
# Then Downloads next
#folder_3_path=/home/caperren/Downloads
#folder_3_refresh=120
# With code generally coming last
#folder_4_path=/home/caperren/code
#folder_4_refresh=120

116
users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh Executable file
View File

@@ -0,0 +1,116 @@
#!/usr/bin/env bash
# Unashamedly taken from: https://www.reddit.com/r/hyprland/comments/13ivh0c/comment/jkgk65k
# Small edits made for my particular needs
# Flags:
# r: region
# s: screen
#
# c: clipboard
# f: file
# i: interactive
# p: pixel
# Example hyprland bindings
#bind = CTRL, SUPER, ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh
#bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
#bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
#bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
#bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
#bind = SUPER SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
#bind = CTRL SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
#bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
screenshotPath=~/Pictures/screenshots
hyprpicker_launch(){
# Start hyprpicker with screen render (freeze), no fancy, no zoom
# We're just using this to lock the screen in place for grim ingest
hyprpicker -r -n -z -d >/dev/null 2>&1 &
sleep 0.5
}
hyprpicker_kill(){
killall hyprpicker >/dev/null 2>&1
}
trap hyprpicker_kill EXIT
generate_filename(){
# Make sure screenshots path exists first
if [ ! -d "$screenshotPath" ]; then
mkdir -p "$screenshotPath"
fi
echo "$screenshotPath/$(date +%Y-%m-%d_%H-%M-%S).png"
}
active_screen_grim_region(){
hyprctl -j monitors | jq -r '.[] | select(.focused) | "\(.x),\(.y) \(.width)x\(.height)"' -
}
grim_from_region() {
local filename="${1:-}"
local region="${2:-}"
hyprpicker_launch
# Get region of screen to capture, if not passed in
if [ -z "$region" ]; then
region=$(slurp -b '#000000b0' -c '#00000000') || exit 1
fi
# Start grim while screen is still frozen, kill hyprpicker, and pass through data
if [ -z "$filename" ]; then
grim -g "$region" - | {
hyprpicker_kill || true
cat
}
else
grim -g "$region" "$filename" | {
hyprpicker_kill || true
cat
}
fi
}
if [[ $1 == rc ]]; then
grim_from_region | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == rf ]]; then
grim_from_region "$(generate_filename)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == ri ]]; then
grim_from_region | swappy -f - -o "$(generate_filename)"
elif [[ $1 == sc ]]; then
grim_from_region "" "$(active_screen_grim_region)" | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == sf ]]; then
grim_from_region "$(generate_filename)" "$(active_screen_grim_region)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == si ]]; then
grim_from_region "" "$(active_screen_grim_region)" | swappy -f - -o "$(generate_filename)"
elif [[ $1 == p ]]; then
color=$(hyprpicker -a -r)
wl-copy "$color"
notify-send 'Copied to Clipboard' "$color"
else
notify-send 'Screenshot Shortcuts' "Print:\t\t\tRegion to clip
Super+Print:\t\tRegion to file
Ctrl+Print:\t\tRegion to editor
Shift+Print:\t\t\Screen to clip
Shift+Super+Print:\tScreen to file
Ctrl+Shift+Print:\tScreen to editor
Alt+Print:\t\tColor picker to clip" -t 20000
fi

7
users/caperren/dotfiles/.local/share/applications/alltop.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=All Top
Exec=bash -c "kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'"
Icon=alltop
Terminal=false
Categories=Utilities;

7
users/caperren/dotfiles/.local/share/applications/glava.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=Glava
Exec=glava
Icon=glava
Terminal=false
Categories=Media;

7
users/caperren/dotfiles/.local/share/applications/phonerdp.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=Phone RDP
Exec=bash -c "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close"
Icon=phonerdp
Terminal=false
Categories=Utilities;

7
users/caperren/dotfiles/.local/share/applications/spotify-player.desktop Normal file
View File

@@ -0,0 +1,7 @@
[Desktop Entry]
Type=Application
Name=Spotify Player
Exec=kitty -e spotify_player
Icon=spotify_player
Terminal=false
Categories=Media;

33
users/caperren/dotfiles/hypridle/hypridle.conf Normal file
View File

@@ -0,0 +1,33 @@
general {
lock_cmd = pidof hyprlock || hyprlock # Avoid starting multiple hyprlock instances
before_sleep_cmd = loginctl lock-session # Lock before suspend
after_sleep_cmd = hyprctl dispatch dpms on # To avoid having to press a key twice to turn on the display
}
listener {
timeout = 60 # 1 minute
on-timeout = brightnessctl -sd platform::kbd_backlight set 0 # Turn off keyboard backlight
on-resume = brightnessctl -rd platform::kbd_backlight # Turn on keyboard backlight
}
listener {
timeout = 180 # 3 minutes
on-timeout = brightnessctl -s set 1% # Set monitor backlight to minimum
on-resume = brightnessctl -r # monitor backlight restore
}
listener {
timeout = 600 # 10 minutes
on-timeout = loginctl lock-session # Lock screen when timeout has passed
}
listener {
timeout = 610 # 10 minutes, 10 seconds
on-timeout = hyprctl dispatch dpms off # Screen off when timeout has passed
on-resume = hyprctl dispatch dpms on # Screen on when activity is detected after timeout has fired
}
# listener {
# timeout = 1200 # 20 minutes
# on-timeout = systemctl suspend # Suspend pc
# }

9
users/caperren/dotfiles/hyprland/cap-nr200p/hyprland.conf Normal file
View File

@@ -0,0 +1,9 @@
# Unfortunate legacy config needed because hyprland can't hot switch variable refresh rate
monitor=DP-2,3440x1440@144,auto,1,vrr,1
# Source configs
source = ~/.config/hypr/hyprland-common.conf
# Application launch
exec-once = sleep 10 && steam -silent
#exec-once = swayidle -w timeout 600 "hyprlock" before-sleep "hyprlock" &

12
users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf Normal file
View File

@@ -0,0 +1,12 @@
# Unfortunate legacy config needed because hyprland can't hot switch variable refresh rate
monitor = eDP-2,2560x1600@165,auto,1,vrr,1
# Source configs
source = ~/.config/hypr/hyprland-common.conf
# Application launch
exec-once = brightnessctl -sd platform::kbd_backlight set 1
exec-once = brightnessctl -s set 30%
# Privacy
exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000

191
users/caperren/dotfiles/hyprland/hyprland-common.conf Normal file
View File

@@ -0,0 +1,191 @@
# Always enable new monitors in automatic mode, for when kanshi doesn't know about the setup
monitor=,preferred,auto,1
# Set programs that you use
$terminal = kitty
$fileManager = thunar
$menu = j4-dmenu-desktop --dmenu='bemenu --ignorecase --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25"' --term='kitty'
# Some default env vars
env = XCURSOR_SIZE,24
env = QT_QPA_PLATFORMTHEME,qt6ct
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 to 1.0, 0 means no modification.
numlock_by_default = 1
}
general {
gaps_in = 5
gaps_out = 5
border_size = 2
col.active_border = rgba(0D8A1EFF)
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
shadow {
enabled = true
range = 4
render_power = 3
color = rgba(1a1a1aee)
}
}
animations {
enabled = yes
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
misc {
force_default_wallpaper = 1 # Set to 0 or 1 to disable the anime mascot wallpapers
}
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
$mainMod = SUPER
# Launch terminal
bind = $mainMod, T, exec, $terminal
bind = SHIFT_SUPER, Return, exec, $terminal
# Close active window
bind = $mainMod, Shift+q, killactive,
bind = $mainMod, C, killactive,
bind = $mainMod, M, exit,
bind = $mainMod, E, exec, $fileManager
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, $menu
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
bind = $mainMod, F, fullscreen
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
# Volume Keys
bindl=, XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 2%+
bindl=, XF86AudioLowerVolume, exec, wpctl set-volume -l 0.0 @DEFAULT_AUDIO_SINK@ 2%-
bindl=, XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
# Media Controls
bindl=, XF86AudioPlay, exec, playerctl play-pause
bindl=, XF86AudioPrev, exec, playerctl previous
bindl=, XF86AudioNext, exec, playerctl next
# Brightness Controls
bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%-
bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1%
# Screenshots
bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
bind = SUPER_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
bind = CTRL_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
# Jetbrains window rules
# Prevent initial focus for JetBrains popups
windowrulev2 = noinitialfocus, class:^jetbrains-.*$, floating:1, title:^$|^\s$|^win\d+$
# Application launch
exec-once = kanshi # Automatically handles display configurations
exec-once = ydotoold # Autoclicker/autokeyboard for automation
exec-once = hypridle # Hyprland/wayland specific idle lock tool
exec-once = hyprpaper # Hyprland/wayland specific wallpaper tool
exec-once = wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 10% # Keep eardrums intact on reboot
exec-once = waybar # Wayland specific status bar
exec-once = sleep 5 && nm-applet # Traditional notifications area
exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool
exec-once = sleep 5 && streamdeck -n # Streamdeck management tool
exec-once = sleep 5 && solaar --window=hide # Logitech device management and battery
exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps
exec-once = sleep 10 && itch # More fun games
exec-once = sleep 15 && hyprctl dispatch closewindow 'title:itch' # Hacky solution to single-shot "windowrule"

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/1.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 708 KiB

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/2.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 912 KiB

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/black.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 KiB

5
users/caperren/dotfiles/hyprpaper/hyprpaper.conf Normal file
View File

@@ -0,0 +1,5 @@
preload = ~/.config/hypr/backgrounds/black.png
wallpaper = ,~/.config/hypr/backgrounds/black.png
ipc = off
splash = false

7
users/caperren/dotfiles/kanshi/cap-nr200p/config Normal file
View File

@@ -0,0 +1,7 @@
# `hyprctl monitors list` for all outputs
profile office_desk {
output "Hewlett Packard HP Z27n CNK7311FCY" enable position 0,0
output "LG Electronics LG ULTRAGEAR 104NTVS1N751" enable mode 3440x1440@143.92Hz position -440,1440 adaptive_sync on
output "BOE Display 0x00000060" enable position 950,2880 scale 1.0
}

21
users/caperren/dotfiles/kanshi/cap-slim7/config Normal file
View File

@@ -0,0 +1,21 @@
# `hyprctl monitors list` for all outputs
profile builtin_only {
output "BOE 0x0A9B Unknown" enable mode 2560x1600@165Hz position 0,0 adaptive_sync on
}
profile bedroom_desk {
##### Top left to right
output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280
##### Bottom left to right
output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
# Primary monitor, which wayland doesn't have a concept of
output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360
##### Far bottom right (laptop itself)
output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
}

49
users/caperren/dotfiles/spotify-player/app.toml Normal file
View File

@@ -0,0 +1,49 @@
theme = "dracula"
client_id = "65b708073fc0480ea92a077233ca87bd"
client_port = 8080
login_redirect_uri = "http://127.0.0.1:8989/login"
playback_format = """
{status} {track} • {artists}
{album}
{metadata}"""
notify_timeout_in_secs = 0
tracks_playback_limit = 1000
app_refresh_duration_in_ms = 32
playback_refresh_duration_in_ms = 0
page_size_in_rows = 20
play_icon = "▶"
pause_icon = "▌▌"
liked_icon = "♥"
border_type = "Plain"
progress_bar_type = "Rectangle"
cover_img_length = 9
cover_img_width = 5
cover_img_scale = 1.0
enable_media_control = true
enable_streaming = "Always"
enable_notify = true
enable_cover_image_cache = true
default_device = "{{hostname}}"
notify_streaming_only = false
seek_duration_secs = 5
[notify_format]
summary = "{track} • {artists}"
body = "{album}"
[layout]
playback_window_position = "Top"
playback_window_height = 6
[layout.library]
playlist_percent = 40
album_percent = 40
[device]
name = "{{hostname}}"
device_type = "speaker"
volume = 100
bitrate = 320
audio_cache = false
normalization = false
autoplay = false

3193
users/caperren/dotfiles/streamdeck/.streamdeck_ui.json Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
users/caperren/dotfiles/streamdeck/icons/btop-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 3.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/cogs-solid.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/discord-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 13 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/expand-solid.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 10 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/firefox-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 58 KiB

Some files were not shown because too many files have changed in this diff Show More