caperren/nixos-configs
1
0
Fork 0
mirror of https://github.com/caperren/nixos-configs.git synced 2025-12-31 11:34:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: caperren:working-branch
Branches Tags
caperren:main caperren:working-branch caperren:cluster-config caperren:sops-testing
..
compare: caperren:4512c2f340bf8d8696bd1931f72c92d976627352
Branches Tags
caperren:working-branch caperren:main caperren:cluster-config caperren:sops-testing

5 Commits
working-br ... 4512c2f340

Author SHA1 Message Date
Corwin Perren
4512c2f340 Flake update 2024-08-01 23:05:15 -07:00
Corwin Perren
f5d084dbd3 Added podman, probably other bits 2024-08-01 23:03:37 -07:00
Corwin Perren
a808f58b6e Formatting 2024-07-28 03:00:57 -07:00
Corwin Perren
8777df84f3 Closer to the daily driver setup that's without annoyances, if barebones 2024-07-28 02:57:54 -07:00
Corwin Perren
e5926f8e7e Added initial_setup.sh for setup bootstrapping 2024-06-02 17:49:36 -07:00
139 changed files with 349 additions and 6732 deletions
Expand all files Collapse all files

7
.gitignore vendored
View File

@@ -1,2 +1,5 @@
/.idea
flake.lock
/.idea/inspectionProfiles/profiles_settings.xml
/.idea/.gitignore
/.idea/modules.xml
/.idea/nixos.iml
/.idea/vcs.xml

65
.sops.yaml
View File

@@ -1,65 +0,0 @@
keys:
- &admin_users:
- &caperren age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
- &systems:
- &personal:
- &cap_slim7 age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
- &cap_nr200p age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
- &apollo:
- &cap_apollo_n01 age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
- &cap_apollo_n02 age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
- &cluster:
- &cap_clust_01 age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
- &cap_clust_02 age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
- &cap_clust_03 age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
- &cap_clust_04 age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
- &cap_clust_05 age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
- &cap_clust_06 age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
- &cap_clust_07 age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
- &cap_clust_08 age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
- &cap_clust_09 age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
creation_rules:
- path_regex: users/caperren/secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- path_regex: secrets/default.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_apollo_n01
- *cap_apollo_n02
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/cluster.yaml$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p
- *cap_clust_01
- *cap_clust_02
- *cap_clust_03
- *cap_clust_04
- *cap_clust_05
- *cap_clust_06
- *cap_clust_07
- *cap_clust_08
- *cap_clust_09
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *caperren
- *cap_slim7
- *cap_nr200p

9
README.md
View File

@@ -1,9 +0,0 @@
# nixos-configs
## Miscellaneous Notes
- To generate the sops age key for a new host
- `nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age'`
- Update keys after adding new host or personal key
- `sops updatekeys <file>`
## Misc references used
* https://github.com/XNM1/linux-nixos-hyprland-config-dotfiles/tree/main

48
flake.lock generated Normal file
View File

@@ -0,0 +1,48 @@
{
"nodes": {
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1722462338,
"narHash": "sha256-ss0G8t8RJVDewA3MyqgAlV951cWRK6EtVhVKEZ7J5LU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6e090576c4824b16e8759ebca3958c5b09659ee8",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1722421184,
"narHash": "sha256-/DJBI6trCeVnasdjUo9pbnodCLZcFqnVZiLUfqLH4jA=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9f918d616c5321ad374ae6cb5ea89c9e04bf3e58",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

140
flake.nix
View File

@@ -2,149 +2,25 @@
description = "Nixos config flake";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self, nixpkgs, ... }@inputs:
{
self,
nixpkgs,
sops-nix,
home-manager,
nixos-hardware,
...
}@inputs:
{
nixosConfigurations.cap-clust-01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-03 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-03/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-04 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-04/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-05 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-05/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-06 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-06/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-07 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-07/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-08 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-08/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-clust-09 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-clust-09/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n01 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n01/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-apollo-n02 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-apollo-n02/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
];
};
nixosConfigurations.cap-slim7 = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
modules = [
./hosts/cap-slim7/configuration.nix
sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.default
nixos-hardware.nixosModules.lenovo-legion-16arha7
];
};
nixosConfigurations.cap-nr200p = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = { inherit inputs; };
nixosConfigurations.default = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs;
};
modules = [
./hosts/cap-nr200p/configuration.nix
./modules/nixos/hyprland.nix
inputs.home-manager.nixosModules.default
sops-nix.nixosModules.sops
];
};
};

28
hosts/cap-apollo-n01/configuration.nix
View File

@@ -1,28 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
networking.hostName = "cap-apollo-n01";
}

31
hosts/cap-apollo-n01/hardware-configuration.nix
View File

@@ -1,31 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/1fa744fd-82d2-4997-a757-28ae96461a96";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/F57E-AA2D";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

13
hosts/cap-apollo-n02/configuration.nix
View File

@@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/apollo-2000.nix
];
networking.hostName = "cap-apollo-n02";
}

31
hosts/cap-apollo-n02/hardware-configuration.nix
View File

@@ -1,31 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/71e4a38f-1e1e-4ebb-8e7a-a9489aa61f55";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4A99-55C6";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-01/configuration.nix
View File

@@ -1,15 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-primary.nix
];
networking.hostName = "cap-clust-01";
}

52
hosts/cap-clust-01/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/0028a3af-8470-46c2-81ca-6d9be16a6236";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C389-7B6B";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/2b063ac4-54ee-4b16-b766-9c470733995c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-02/configuration.nix
View File

@@ -1,15 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-02";
}

52
hosts/cap-clust-02/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/9fcf291d-2576-44b4-bcba-98e40305e531";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7727-439F";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/56f2d727-03c5-4aef-9871-217bf98cdbb4"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

15
hosts/cap-clust-03/configuration.nix
View File

@@ -1,15 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
# Application Groups
../../modules/application-groups/k3s-secondary.nix
];
networking.hostName = "cap-clust-03";
}

52
hosts/cap-clust-03/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/c2cfd56f-0090-45eb-a239-068fdadd2fd4";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/C3CF-3854";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e60a5ced-d01e-4613-afba-9b445bc43097"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-04/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-04";
}

52
hosts/cap-clust-04/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/b9c79a2f-8c6a-4f86-8562-b2f882992e95";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/EF0B-C66E";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/9a123c08-cc9b-4516-a158-b274e9b399c3"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-05/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-05";
}

52
hosts/cap-clust-05/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/51ce9236-fe8c-49bc-bb90-1e582d163d04";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/FF5C-EB30";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/1d24fd7d-c958-44ad-bb28-c394f3d56a6b"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-06/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-06";
}

52
hosts/cap-clust-06/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/8cf14e41-2af7-4bbd-89e2-90f5d04601b8";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/33C3-BB59";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/262fa61f-4beb-4822-ace6-bb15c62b2cca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-07/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-07";
}

52
hosts/cap-clust-07/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/ad88a1b0-c98e-4a95-9fb3-3299169c952b";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/73CA-8E6D";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/c6139db9-2a9d-400a-b8a8-c8f77c5713ca"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-08/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-08";
}

52
hosts/cap-clust-08/hardware-configuration.nix
View File

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-amd"
"amdgpu"
];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/deed37a4-4d5a-465c-93e6-1b7b216e0a1c";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3ABB-C794";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6a99a895-a58c-43d2-8b62-02e3c915f46c"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

14
hosts/cap-clust-09/configuration.nix
View File

@@ -1,14 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Host Groups
../../modules/host-groups/cluster.nix
];
networking.hostName = "cap-clust-09";
}

33
hosts/cap-clust-09/hardware-configuration.nix
View File

@@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "amdgpu" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/affec1c2-bf7c-499e-80a6-6615fd163e1a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/9E1A-C3DA";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a17f3a16-78fb-494d-8319-89e31e1defae"; }
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

259
hosts/cap-nr200p/configuration.nix
View File

@@ -1,60 +1,226 @@
# Edit this configuration file to define what should be installed on your system.
# Help is available in the configuration.nix(5) man page and in the NixOS manual
# (accessible by running nixos-help).
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
lib,
pkgs,
...
}:
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
# Include the results of the hardware scan.
./hardware-configuration.nix
# Users
../../users/caperren/caperren.nix
# System Configuration
../../modules/system/cpu-amd.nix
../../modules/system/desktop.nix
../../modules/system/fonts.nix
../../modules/system/gpu-amd.nix
../../modules/system/home-manager-settings.nix
../../modules/system/hyprland.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/pipewire.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/3d-design.nix
../../modules/application-groups/android.nix
../../modules/application-groups/downloads.nix
../../modules/application-groups/gaming.nix
../../modules/application-groups/hobby-rc.nix
../../modules/application-groups/homelab.nix
../../modules/application-groups/media.nix
../../modules/application-groups/media-creation.nix
../../modules/application-groups/pcb-design.nix
../../modules/application-groups/productivity.nix
../../modules/application-groups/programming.nix
../../modules/application-groups/radio.nix
../../modules/application-groups/social.nix
../../modules/application-groups/system-utilities.nix
../../modules/application-groups/virtualization.nix
../../modules/application-groups/web.nix
];
networking.hostName = "cap-nr200p"; # Define your hostname.
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "cap-nr200p"; # Define your hostname. #-#
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
]; # -#
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Enable the XFCE Desktop Environment.
# services.xserver.displayManager.lightdm.enable = true;
# services.xserver.desktopManager.xfce.enable = true;
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.caperren = {
isNormalUser = true;
description = "Corwin Perren";
extraGroups = [
"networkmanager"
"wheel"
"input"
];
packages = with pkgs; [
# thunderbird
];
};
# Install firefox.
programs.firefox.enable = true; # -#
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
lf
git
wofi
nvtopPackages.full
htop
iftop
iotop
pulsemixer
arandr
util-linux
usbutils
telegram-desktop
discord
# spotify
pavucontrol
networkmanagerapplet
pasystray
glava
spotify-player
hyprpicker
unetbootin
lf
dnsutils
unzip
playerctl
google-chrome
killall
jetbrains.pycharm-professional
wget
jq
rofi-bluetooth
wl-clipboard
networkmanager
alsaUtils
nixfmt-rfc-style
mako
podman
];
fonts.fontDir.enable = true;
fonts.fontconfig.enable = true;
fonts.fontconfig.antialias = true;
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-emoji
liberation_ttf
fira-code
fira-code-symbols
jetbrains-mono
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
font-awesome
nerdfonts
];
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.tumbler.enable = true; # Thumbnail support for images
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
security.sudo = {
enable = true;
extraRules = [
{
commands = [
{
command = "${pkgs.systemd}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${pkgs.systemd}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
groups = [ "wheel" ];
}
];
};
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true; # -#
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@@ -62,4 +228,5 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

62
hosts/cap-slim7/configuration.nix
View File

@@ -1,62 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports = [
# Hardware Scan
./hardware-configuration.nix
# Users
../../users/caperren/caperren.nix
# System Configuration
../../modules/system/cpu-amd.nix
../../modules/system/displaylink.nix
../../modules/system/fonts.nix
../../modules/system/gpu-amd.nix
../../modules/system/home-manager-settings.nix
../../modules/system/hyprland.nix
../../modules/system/internationalization.nix
../../modules/system/laptop.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/pipewire.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/3d-design.nix
../../modules/application-groups/android.nix
../../modules/application-groups/downloads.nix
../../modules/application-groups/gaming.nix
../../modules/application-groups/hobby-rc.nix
../../modules/application-groups/homelab.nix
../../modules/application-groups/media.nix
../../modules/application-groups/media-creation.nix
../../modules/application-groups/pcb-design.nix
../../modules/application-groups/productivity.nix
../../modules/application-groups/programming.nix
../../modules/application-groups/radio.nix
../../modules/application-groups/social.nix
../../modules/application-groups/system-utilities.nix
../../modules/application-groups/virtualization.nix
../../modules/application-groups/web.nix
];
networking.hostName = "cap-slim7";
# Set your time zone.
time.timeZone = "America/Los_Angeles";
# time.timeZone = "Pacific/Honolulu";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

57
hosts/cap-slim7/hardware-configuration.nix
View File

@@ -1,57 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"usbhid"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/93e767dd-ab7d-4d00-8518-711775be8dbb";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/F741-591C";
fsType = "vfat";
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/e9f31987-118e-4ccc-98dd-ebc127faf1a5"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp8s0f4u1u1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

2
initial_setup.sh
View File

@@ -6,7 +6,7 @@ set -e
SCRIPT_DIR=$(dirname "$(readlink -f "${BASH_SOURCE[0]}")")
GIT_REPO_NAME="nixos-configs"
GIT_RELEASE_BRANCH="$(hostname)"
GIT_RELEASE_BRANCH="playground"
GIT_REPO_URL="git@github.com:caperren/$GIT_REPO_NAME.git"
NIXOS_REPO_CONFIG_PARENT_PATH="/opt"

8
modules/application-groups/3d-design.nix
View File

@@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
prusa-slicer
freecad
];
}

39
modules/application-groups/ai.nix
View File

@@ -1,39 +0,0 @@
{ pkgs, config, ... }:
{
services.ollama = {
enable = true;
loadModels = [
"llama3.2:3b"
"phi4-reasoning:14b"
"dolphin3:8b"
"smallthinker:3b"
"gemma3:4b"
"gemma3:12b"
"gemma3:27b"
"deepcoder:14b"
"qwen3:14b"
"nomic-embed-text"
];
acceleration = "cuda";
};
services.open-webui = {
enable = true;
port = 8888;
host = "127.0.0.1";
};
environment.systemPackages = with pkgs; [
oterm
alpaca
aichat
fabric-ai
aider-chat
# tgpt
# smartcat
# nextjs-ollama-llm-ui
# open-webui
];
}

4
modules/application-groups/android.nix
View File

@@ -1,4 +0,0 @@
{ config, pkgs, ... }:
{
programs.adb.enable = true;
}

8
modules/application-groups/downloads.nix
View File

@@ -1,8 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gallery-dl
transmission_4-qt
yt-dlp
];
}

33
modules/application-groups/gaming.nix
View File

@@ -1,33 +0,0 @@
{ pkgs, ... }:
{
# Support steam hardware like the index and steam controller
hardware.steam-hardware.enable = true;
# Steam
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
gamescopeSession.enable = true;
};
# Valve's micro-compositor
programs.gamescope = {
enable = true;
capSysNice = true;
};
# Open source OpenXR runtime for VR
services.monado = {
enable = true;
defaultRuntime = true;
highPriority = true;
};
environment.systemPackages = with pkgs; [
bs-manager
heroic
itch
monado
];
}

9
modules/application-groups/hobby-rc.nix
View File

@@ -1,9 +0,0 @@
{ config, pkgs, ... }:
{
programs.qgroundcontrol.enable = true;
environment.systemPackages = with pkgs; [
inav-configurator
mission-planner
];
}

4
modules/application-groups/homelab.nix
View File

@@ -1,4 +0,0 @@
{ pkgs, ... }:
{
services.meshcentral.enable = true;
}

11
modules/application-groups/k3s-primary.nix
View File

@@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server";
tokenFile = config.sops.secrets.k3s_token.path;
clusterInit = true;
};
}

11
modules/application-groups/k3s-secondary.nix
View File

@@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
sops.secrets.k3s_token.sopsFile = ../../secrets/cluster.yaml;
services.k3s = {
enable = true;
role = "server"; # Or "agent" for worker only nodes
tokenFile = config.sops.secrets.k3s_token.path;
serverAddr = "https://cap-clust-01:6443";
};
}

11
modules/application-groups/media-creation.nix
View File

@@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
audacity
darktable
inkscape
# kdePackages.kdenlive # <- Build Failure
obs-studio
pinta
];
}

40
modules/application-groups/media.nix
View File

@@ -1,40 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
# Make v4l2loopback kernel module available to NixOS.
extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
];
# Activate kernel module(s).
kernelModules = [
# Virtual camera.
"v4l2loopback"
# Virtual Microphone. Custom DroidCam v4l2loopback driver needed for audio.
# "snd-aloop"
];
};
boot.extraModprobeConfig = ''
# exclusive_caps: Skype, Zoom, Teams etc. will only show device when actually streaming
# card_label: Name of virtual camera, how it'll show up in Skype, Zoom, Teams
# https://github.com/umlaeute/v4l2loopback
options v4l2loopback exclusive_caps=1 card_label="Virtual Camera"
'';
programs.bash.shellAliases = {
scrwebcam = "sudo pkill scrcpy ; sudo modprobe -r v4l2loopback ; sudo modprobe v4l2loopback && nohup scrcpy --camera-facing=back --video-source=camera --v4l2-sink=/dev/video0 --no-window --no-audio-playback 2>&1 1>/dev/null";
};
environment.systemPackages = with pkgs; [
glava
gimp
imv
plex-desktop
projectm_3
sox
spotify
spotify-player
vlc
];
}

8
modules/application-groups/pcb-design.nix
View File

@@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
kicad
pcb2gcode
];
}

8
modules/application-groups/productivity.nix
View File

@@ -1,8 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
obsidian
kdePackages.okular
texliveFull
];
}

42
modules/application-groups/programming.nix
View File

@@ -1,42 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
arduino-ide
dfu-util
gcc
gnumake
jetbrains-toolbox
nix-update
nixfmt-rfc-style
nixos-generators
nodejs
# platformio
python314
stm32cubemx
stm32flash
teensy-udev-rules
vscode-with-extensions
];
services.udev.extraRules = ''
# ST-LINK V2
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3748", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2_%n"
# ST-LINK V2.1
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374b", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3752", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv2-1_%n"
# ST-LINK V3
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374d", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3loader_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374e", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="374f", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="3753", MODE="600", TAG+="uaccess", SYMLINK+="stlinkv3_%n"
# CP2101 - CP 2104
SUBSYSTEMS=="usb", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="ea60", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_%n"
# ATEN UC-232A
SUBSYSTEMS=="usb", ATTRS{idVendor}=="0557", ATTRS{idProduct}=="2008", MODE="600", TAG+="uaccess", SYMLINK+="usb2ser_aten_%n"
'';
}

11
modules/application-groups/radio.nix
View File

@@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
hardware.rtl-sdr.enable = true;
environment.systemPackages = with pkgs; [
chirp
soapysdr
soapyrtlsdr
];
}

8
modules/application-groups/social.nix
View File

@@ -1,8 +0,0 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
discord
slack
telegram-desktop
];
}

27
modules/application-groups/system-utilities-cluster.nix
View File

@@ -1,27 +0,0 @@
{ config, pkgs, ... }:
{
services.glances.enable = true;
services.openssh.enable = true;
environment.systemPackages = with pkgs; [
btop
dnsutils
git
htop
iftop
iotop
killall
kitty
ncdu
networkmanager
nmap
nvtopPackages.full
pciutils
screen
unzip
usbutils
util-linux
wget
];
}

67
modules/application-groups/system-utilities.nix
View File

@@ -1,67 +0,0 @@
{ config, pkgs, ... }:
{
hardware.keyboard.qmk.enable = true;
hardware.logitech.wireless.enable = true;
hardware.logitech.wireless.enableGraphical = true;
programs.ssh.startAgent = true;
programs.thunar.enable = true;
programs.thunar.plugins = with pkgs.xfce; [
thunar-archive-plugin
thunar-volman
];
programs.ydotool.enable = true;
services.glances.enable = true;
services.gvfs.enable = true; # Mount, trash, and other functionalities
services.hardware.openrgb.enable = true;
services.openssh.enable = true;
services.printing.enable = true;
services.tumbler.enable = true; # Thumbnail support for images
environment.systemPackages = with pkgs; [
btop-cuda
desktop-file-utils
dmidecode
dnsutils
ffmpeg-full
git
gparted
htop
iftop
imagemagick
iotop
jq
k3s
kdePackages.qt6ct
killall
kitty
swappy
lf
mesa-demos
minicom
ncdu
networkmanager
networkmanagerapplet
nmap
nvtopPackages.full
openrgb-with-all-plugins
pciutils
rofi-bluetooth
# rpi-imager # <- Build Failure
rpiboot
s-tui
scrcpy
screen
speedcrunch
streamdeck-ui
stress
unzip
usbutils
util-linux
wget
xev
xfce.mousepad
];
}

10
modules/application-groups/virtualization.nix
View File

@@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
virtualisation.containers.policy = {
default = [ { type = "insecureAcceptAnything"; } ];
};
}

8
modules/application-groups/web.nix
View File

@@ -1,8 +0,0 @@
{ config, pkgs, ... }:
{
programs.firefox.enable = true;
environment.systemPackages = with pkgs; [
google-chrome
];
}

71
modules/applications/netextender/flake.nix
View File

@@ -1,71 +0,0 @@
# TODO: This was hacked together until it worked...Clean it up before merging
{
description = "SonicWall NetExtender Flake";
outputs =
{ self, nixpkgs, ... }:
let
systems = [ "x86_64-linux" ];
neVersion = "10.3.0-21";
neUrl = "https://software.sonicwall.com/NetExtender/NetExtender-linux-amd64-${neVersion}.tar.gz";
# ✅ Define the overlay function directly
overlay = final: prev: {
netextender = prev.stdenv.mkDerivation rec {
pname = "netextender";
version = neVersion;
src = prev.fetchurl {
url = neUrl;
sha256 = "sha256-pnF/KRQMAcPnTj0Ni+sKKkw+H72WHf2iYVkWsWNCndc=";
};
nativeBuildInputs = [
prev.autoPatchelfHook
prev.makeWrapper
];
buildInputs = [
prev.openssl_3
prev.zlib
prev.gtk2
prev.pango
prev.cairo
prev.xorg.libX11
];
unpackPhase = "tar -xzf $src";
installPhase = ''
mkdir -p $out/bin
BIN_CLI=$(find . -type f -iname nxcli -perm -111 | head -n1)
BIN_SVC=$(find . -type f -iname neservice -perm -111 | head -n1)
install -Dm755 "$BIN_CLI" $out/bin/nxcli
install -Dm755 "$BIN_SVC" $out/bin/neservice
ln -sf nxcli $out/bin/netextender
ln -sf neservice $out/bin/nxservice
for exe in nxcli neservice; do
wrapProgram $out/bin/$exe \
--prefix LD_LIBRARY_PATH : ${prev.lib.makeLibraryPath buildInputs}
done
'';
};
};
in
{
overlays = {
x86_64-linux = overlay;
};
packages = {
x86_64-linux =
let
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [ overlay ];
};
in
{
default = pkgs.netextender;
netextender = pkgs.netextender;
};
};
};
}

130
modules/host-groups/apollo-2000.nix
View File

@@ -1,130 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/apollo-admin/apollo-admin.nix
# System Configuration
../../modules/system/cpu-intel.nix
../../modules/system/fonts.nix
../../modules/system/home-manager-settings.nix
../../modules/system/internationalization.nix
../../modules/system/networking.nix
../../modules/system/nix-settings.nix
../../modules/system/security.nix
../../modules/system/systemd-boot.nix
# Application Groups
../../modules/application-groups/system-utilities-cluster.nix
../../modules/application-groups/virtualization.nix
];
time.timeZone = "America/Los_Angeles";
sops.secrets = {
"ssh/ilouser/id_rsa" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa";
restartUnits = [ "hpe-silent-fans.service" ];
};
"ssh/ilouser/id_rsa_pub" = {
sopsFile = ../../secrets/default.yaml;
path = "/root/.ssh/ilo_id_rsa.pub";
};
};
systemd = {
# services.hpe-ilo-keepalive = {
# enable = true;
# after = [
# "network.target"
# "hpe-silent-fans.service"
# ];
# wantedBy = [ "multi-user.target" ];
# description = "Maintains ilo ssh session via sending periodic command";
#
# serviceConfig = {
# Type = "simple";
# ExecStart = ''${pkgs.screen}/bin/screen -S ilofansession -X stuff "fan info^M"'';
# };
#
# path = with pkgs; [
# bash
# config.programs.ssh.package
# screen
# ];
#
# startAt = "*:0/5";
# };
services.hpe-silent-fans = {
enable = true;
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
description = "Lowers fan speeds by using ilo over ssh to manually set fan parameters";
serviceConfig = {
Type = "simple";
ExecStartPre = ''${pkgs.coreutils}/bin/sleep 30'';
ExecStart = "${pkgs.writeShellScript "hpe-silent-fans.sh" ''
set -e
SCREEN_NAME=ilofansession
SSH_USER=ilouser
SSH_HOST=cap-apollo-ilo02
SSH_KEY=/root/.ssh/ilo_id_rsa
SSH_OPTIONS="-o KexAlgorithms=diffie-hellman-group14-sha1,diffie-hellman-group1-sha1 -o PubkeyAcceptedKeyTypes=+ssh-rsa -o HostKeyAlgorithms=ssh-rsa -o StrictHostKeyChecking=no"
# Create screen session
screen -dmS $SCREEN_NAME
# Make initial iLO connection
screen -S $SCREEN_NAME -X stuff "ssh -i $SSH_KEY -t $SSH_USER@$SSH_HOST $SSH_OPTIONS^M"
sleep 5
##### Tune pid for all non-segmented fans
for sensor in 1 2 3 4 5 6 7 9 10 11 12 13 14 15 16 17 18 19 20 21 26 28 29 30 31 32 38 40 41; do
screen -S $SCREEN_NAME -X stuff "fan pid $sensor lo 1600^M"
sleep 0.5
done
##### Tune pid for segmented fans
for sensor in 8 22 23 24 25 27 39; do
screen -S $SCREEN_NAME -X stuff "fan a $sensor 0 0 16 41 16 25^M"
sleep 0.5
done
##### Set minimum for fan group
screen -S $SCREEN_NAME -X stuff "fan p 0 min 16^M"
''}";
};
path = with pkgs; [
bash
config.programs.ssh.package
coreutils
screen
];
};
# timers.hpe-ilo-keepalive = {
# wantedBy = [ "timers.target" ];
# timerConfig = {
# OnBootSec = "5m";
# OnCalendar = "*-*-* *:0/5:00";
# Unit = "hpe-ilo-keepalive.service";
# };
# };
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

33
modules/host-groups/cluster.nix
View File

@@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
# Users
../../users/cluster-admin/cluster-admin.nix
# System Configuration
../system/cpu-amd.nix
../system/fonts.nix
../system/git-auto-rebuild.nix
../system/gpu-amd.nix
../system/home-manager-settings.nix
../system/internationalization.nix
../system/networking.nix
../system/nix-settings.nix
../system/security.nix
../system/systemd-boot.nix
# Application Groups
../application-groups/system-utilities-cluster.nix
];
time.timeZone = "America/Los_Angeles";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "25.11"; # Did you read the comment?
}

74
modules/nixos/hyprland.nix Normal file
View File

@@ -0,0 +1,74 @@
{ pkgs, config, ... }:
{
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
environment.sessionVariables = {
# If your cursor becomes invisible
WLR_NO_HARDWARE_CURSORS = "1";
# Hint electron apps to use wayland
NIXOS_OZONE_WL = "1";
};
services.xserver = {
enable = true;
videoDrivers = [ "nvidia" ];
displayManager.gdm = {
enable = true;
wayland = true;
};
};
services.displayManager.autoLogin = {
enable = true;
user = "caperren";
};
hardware.graphics = {
enable = true;
enable32Bit = true;
};
hardware.nvidia = {
# Enable modesetting for Wayland compositors (hyprland)
modesetting.enable = true;
# Use the open source version of the kernel module (for driver 515.43.04+)
# open = true;
# Enable the Nvidia settings menu
nvidiaSettings = true;
# Select the appropriate driver version for your specific GPU
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
environment.systemPackages = [
pkgs.hyprland
pkgs.kitty
pkgs.waybar
pkgs.dunst
pkgs.libnotify
pkgs.rofi-wayland
pkgs.nwg-look
pkgs.desktop-file-utils
pkgs.grim
pkgs.slurp
pkgs.nwg-displays
(pkgs.waybar.overrideAttrs (oldAttrs: {
mesonFlags = oldAttrs.mesonFlags ++ [ "-Dexperimental=true" ];
}))
];
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}

4
modules/system/cpu-amd.nix
View File

@@ -1,4 +0,0 @@
{ config, lib, ... }:
{
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

4
modules/system/cpu-intel.nix
View File

@@ -1,4 +0,0 @@
{ config, lib, ... }:
{
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

10
modules/system/desktop.nix
View File

@@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
];
}

17
modules/system/displaylink.nix
View File

@@ -1,17 +0,0 @@
{ config, pkgs, ... }:
{
boot = {
extraModulePackages = [ config.boot.kernelPackages.evdi ];
initrd = {
# List of modules that are always loaded by the initrd.
kernelModules = [
"evdi"
];
};
};
services.xserver.videoDrivers = [
"displaylink"
"modesetting"
];
}

28
modules/system/fonts.nix
View File

@@ -1,28 +0,0 @@
{ config, pkgs, ... }:
{
fonts.fontDir.enable = true;
fonts.fontconfig = {
enable = true;
antialias = true;
defaultFonts = {
monospace = [ "JetBrains Mono" ];
sansSerif = [ "JetBrains Mono" ];
serif = [ "JetBrains Mono" ];
};
};
fonts.packages = with pkgs; [
noto-fonts
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
jetbrains-mono
mplus-outline-fonts.githubRelease
dina-font
proggyfonts
font-awesome
nerd-fonts.symbols-only
nerd-fonts.jetbrains-mono
];
}

33
modules/system/git-auto-rebuild.nix
View File

@@ -1,33 +0,0 @@
{ config, pkgs, ... }:
{
systemd.services.git-auto-rebuild = {
enable = true;
after = [ "network.target" ];
description = "Rebuilds the git repo at /etc/nixos if there are changes in the currently checked out branch";
# startAt = "*:0/1";
serviceConfig = {
Type = "oneshot";
ExecStart = ''${pkgs.bash}/bin/bash -c "cd /etc/nixos && ${pkgs.git}/bin/git pull && ${config.system.build.nixos-rebuild}/bin/nixos-rebuild switch --flake #$(${pkgs.hostname}/bin/hostname)"'';
};
environment =
config.nix.envVars
// {
inherit (config.environment.sessionVariables) NIX_PATH;
HOME = "/root";
}
// config.networking.proxy.envVars;
path = with pkgs; [
bash
coreutils
gnutar
hostname
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
];
};
}

11
modules/system/gpu-amd.nix
View File

@@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
nixpkgs.config.rocmSupport = true;
services.xserver.videoDrivers = [ "amdgpu" ];
}

26
modules/system/gpu-nvidia.nix
View File

@@ -1,26 +0,0 @@
{ config, pkgs, ... }:
{
environment.sessionVariables = {
# If your cursor becomes invisible
WLR_NO_HARDWARE_CURSORS = "1";
# Hint electron apps to use wayland
NIXOS_OZONE_WL = "1";
# Fix waiting on vsync
__GL_SYNC_TO_VBLANK = "0";
};
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
# Enable modesetting for Wayland compositors (hyprland)
modesetting.enable = true;
# Use the open source version of the kernel module (for driver 515.43.04+)
# Actually, just overridden to false for now
open = false;
# Enable the Nvidia settings menu
nvidiaSettings = true;
# Select the appropriate driver version for your specific GPU
package = config.boot.kernelPackages.nvidiaPackages.stable;
};
}

11
modules/system/home-manager-settings.nix
View File

@@ -1,11 +0,0 @@
{ inputs, ... }:
{
home-manager = {
useGlobalPkgs = true;
backupFileExtension = "bkp";
sharedModules = [
inputs.sops-nix.homeManagerModules.sops
];
};
}

46
modules/system/hyprland.nix
View File

@@ -1,46 +0,0 @@
{ config, pkgs, ... }:
{
hardware.graphics = {
enable = true;
enable32Bit = true;
};
programs.hyprland = {
enable = true;
xwayland.enable = true;
};
programs.hyprlock.enable = true;
programs.waybar.enable = true;
services.displayManager.gdm = {
enable = true;
wayland = true;
};
services.hypridle.enable = true;
services.xserver.enable = true;
xdg.portal.enable = true;
xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
environment.systemPackages = with pkgs; [
arandr
bemenu
dunst
grim
hyprpaper
hyprpicker
j4-dmenu-desktop
kanshi
libnotify
mako
nwg-look
rofi
slurp
swayimg
wl-clipboard
wlogout
];
}

24
modules/system/internationalization.nix
View File

@@ -1,24 +0,0 @@
{ config, pkgs, ... }:
{
# Select internationalisation properties.
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US.UTF-8";
LC_IDENTIFICATION = "en_US.UTF-8";
LC_MEASUREMENT = "en_US.UTF-8";
LC_MONETARY = "en_US.UTF-8";
LC_NAME = "en_US.UTF-8";
LC_NUMERIC = "en_US.UTF-8";
LC_PAPER = "en_US.UTF-8";
LC_TELEPHONE = "en_US.UTF-8";
LC_TIME = "en_US.UTF-8";
};
# Configure keymap in X11
services.xserver.xkb = {
layout = "us";
variant = "";
};
}

56
modules/system/laptop.nix
View File

@@ -1,56 +0,0 @@
{ config, pkgs, ... }:
{
hardware.bluetooth.enable = true; # enables support for Bluetooth
hardware.bluetooth.powerOnBoot = false; # powers up the default Bluetooth controller on boot
services.blueman.enable = true;
environment.systemPackages = with pkgs; [
brightnessctl
powertop
];
services.tlp = {
enable = true;
settings = {
##### Defaults ######
# WIFI
WIFI_PWR_ON_AC = "off";
WIFI_PWR_ON_BAT = "off";
# AC
CPU_MIN_PERF_ON_AC = 0;
# BATT
CPU_MIN_PERF_ON_BAT = 0;
CPU_MAX_PERF_ON_BAT = 35;
CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
START_CHARGE_THRESH_BAT0 = 1; # On non-thinkpad lenovo, this sets conservation mode to 0
STOP_CHARGE_THRESH_BAT0 = 1; # ..., but to 1
###### Airplane Settings #####
# AC
# CPU_MAX_PERF_ON_AC = 35;
# CPU_SCALING_GOVERNOR_ON_AC = "powersave";
# CPU_ENERGY_PERF_POLICY_ON_AC = "power";
###### Normal Settings ######
# AC
CPU_MAX_PERF_ON_AC = 100;
CPU_SCALING_GOVERNOR_ON_AC = "performance";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
# BATT
##### Special Overrides #####
#Optional helps save long term battery health
# START_CHARGE_THRESH_BAT0 = 0; # On non-thinkpad lenovo, this sets conservation mode to 0
# STOP_CHARGE_THRESH_BAT0 = 0; # ..., but to 1
};
};
}

13
modules/system/networking.nix
View File

@@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
# Enable networking
networking.networkmanager.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false;
}

39
modules/system/nix-settings.nix
View File

@@ -1,39 +0,0 @@
{ config, pkgs, ... }:
{
# Enable flakes
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Generally want a larger download buffer
nix.settings.download-buffer-size = 524288000;
nix.settings.auto-optimise-store = true;
nix.optimise.automatic = true;
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 14d";
};
programs.bash.shellAliases = {
# Nix rebuild, switch
nrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
# with tracing
tnrs = "bash -c \"cd /etc/nixos && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";
# Nix flake update, rebuild, switch
nus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --flake .#$(hostname) ; exit\"";
# with tracing
tnus = "bash -c \"cd /etc/nixos && sudo nix flake update && sudo nixos-rebuild switch --show-trace --flake .#$(hostname) ; exit\"";
# Special cleanup, needed when efi partition runs out of space. Deletes all but the last five generations.
# Remember to make that partition bigger in the future...
neficlean = "sudo nix-env --list-generations --profile /nix/var/nix/profiles/system | head -n -5 | cut -d ' ' -f2 | xargs -I {} sudo nix-env --delete-generations --profile /nix/var/nix/profiles/system {}";
};
}

20
modules/system/pipewire.nix
View File

@@ -1,20 +0,0 @@
{ config, pkgs, ... }:
{
services.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
environment.systemPackages = with pkgs; [
pavucontrol
pasystray
alsa-utils
pulsemixer
easyeffects
];
}

58
modules/system/security.nix
View File

@@ -1,58 +0,0 @@
{ pkgs, config, ... }:
{
environment.systemPackages = with pkgs; [
sops
age
];
sops = {
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ../../secrets/default.yaml;
};
security.sudo = {
enable = true;
extraRules = [
{
groups = [ "wheel" ];
commands = [
{
command = "${config.system.path}/bin/reboot";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/poweroff";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "cluster-admin" ];
commands = [
{
command = "${config.system.path}/bin/systemctl start git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
{
command = "${config.system.path}/bin/systemctl stop git-auto-rebuild.service";
options = [ "NOPASSWD" ];
}
];
}
{
users = [ "caperren" ];
commands = [
{
command = "${config.system.path}/bin/nvtop";
options = [
"NOPASSWD"
"SETENV"
];
}
];
}
];
};
}

7
modules/system/systemd-boot.nix
View File

@@ -1,7 +0,0 @@
{ pkgs, ... }:
{
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.configurationLimit = 8;
}

10
modules/system/xfce.nix
View File

@@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
# Enable the X11 windowing system.
services.xserver.enable = true;
# Enable the XFCE Desktop Environment.
services.xserver.displayManager.lightdm.enable = true;
services.xserver.desktopManager.xfce.enable = true;
}

115
secrets/cluster.yaml
View File

@@ -1,115 +0,0 @@
k3s_token: ENC[AES256_GCM,data:UANQ7DzasppB8ZPtGY9wR9lhU+VpTjJE,iv:cvEiUt7zG4Joyd1gkaqi848ES7aPf7VoYc4zDwLKEDQ=,tag:j4EU/srhEL0+nQGhETuerA==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSTWNzM0RMMXpDZnZHSEFz
U01jN1FPTFJ6YzBMQlhQMEpSZ0NTNCtteWk4CmhyU1ZTeE1wMzAxRWszS0NKeVpL
dmw3TGlvdG80TVVXUWVTYTVHMzcwajgKLS0tIFMraXVmTS9zSkFzRGZjZlhzR1lj
eDRubW5hWnQzdjVzRytWTW44Y2xoU2MKA2yvOK0DfKSj6U7094a9+4t7E6nFGD+5
p8XlMAkroS8RhdwBi//xn5I05/iJMKJikaeclvsNlvLV5b/GkCE3nw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5RzZSTFNPMkprTk00SjBv
WTdvcVFuU0hPZ2hteWsrOXp3TTlGdXBvb1FRCjlCbitacFJpV1l3YXMvU0xMMm5Q
TjJwR3JtQk9Rbmc1S2J5OVF0WXBRQ1EKLS0tIHBHdzFlN21FZHFoRjc3cHlSZ2FK
YnBOOU5Bejl6MjB6MDliZWpPeTdFRncKRXH8gKhKVcSxja+dhIrPBNeeV8rJatSJ
+ZlHQL3109Ya/V6Aq9AtEypmLld9Ech7AGMCePNLYvc6DYkDE9bJDA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eFE4bWRPQitrVDN4Y21J
TUJyd214L1JMazNiUzJEb29FTmRORkJmR1QwCjIrVzZ5WllDbGNCd1c0Q09XVDFm
UjhudDNCZ1BWSmpmbHkvWjROMnpkb3cKLS0tIFhzdlpiTFRPMFM5Nm1DcVN3djVB
SWZtVWNvRVdweWVxZVlQL1k1QVdESXMKc6OdFAyEvxhf5xyBFfiZajgUkwlfMMMJ
4KqoZGTmh+4GTedJDAKClKce1TEQTKrf1ePP+5HhcSKOoPTolMh/Sw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpUUt4ZCtrU2djKzRkN2h2
bHpVSk15M2lTVjRrTi9aVmpETjV3UUN6TWlrCk5rdytrYWoxTmJDQmJITVRMa0ZV
UGc3dzhsQlM3T29BenY4VlRqbmdvd2sKLS0tIE9HVmxBMnZOMnUvdFcyNGRjTm1o
V29UVXRKWUhERkYwZ0NsOUZna1ErcWsK3ya1FW0WPKrZ4gMVx9M1eAgj6lQiv++M
TSZmVJfUMyV1OATtg3MSDFqsppN/i7+aQAP2D0G1fzG30/1qYwCsHA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUVpUW5CTEFGUVlSeVJa
QVNpUE9uaFV0eWxyQjhjcUFXOTVqN1JwTm1vCmE5dmVuZnFpeWRXbnh4V0J6eHF2
R3l5ZFhTSitzSnFYbXEvbGoyY2R6WFEKLS0tIEwwWWcydmhPdW1wL083NVJncmF3
U3lPYm9EZFRUWVhualFNZHhVU1JlQzgKsc4y+hfdGB3WW+NpzvA0RH54Zc46j3zt
2Pak/SdxiMnHfF0cw9EP/xrGJ15IUUWvDmRu+om0fEMjg+OBOKLXXQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmamp3Uk40ZGRJQW1MUVJS
SUlabWx3Zkd1b0xLMFQ5Y3hUelk1RU1HYW5FCnQ4bG5qRnhQRnlmTm13WXdYUWg5
ZUVvRlRaN0NSSWhJV002N2pBL28yQXcKLS0tIEQ3bmJnUHNEUThvM2MvQUlDaUV3
ZXd2T1RmM0l4YzZKaGkrRXc4VXBRVnMKnCp42FU0vQOb9VN/+DbsmNHvZc8lH+Rh
skZvMvTHgpMWTdhHYFWub+CIXZfUrJfy/vSWBvDw6c81r4p1l+Jyfw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZNHNsYjJoTlhRcUJ5UnZw
eU9tVW9zVW5XRFR2ZUNaKzlieUNmdDNCS1JFCjVJaGoxdFArU09GMXpYMVdZaVk0
TXpKUHo1cEdXZnpCNXpyRHJnYmRldWMKLS0tIFBnSktZWmp3M2NJbVAwTy94bnVx
YVlwaEZ0Z09aNFo0OCt1dUxpYzdiZEUKDHKAZYVC9ON48i9p5DZDopgm9afSg069
m3mq5d+aBZIrnSdwgIuvyPJH+L8clIUXcJ47QH9ML/4MsFk+d4xvpA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0bm15TmhpRXg5V05qWmRn
UExicGhXZ0ZWNUxPTUM3OEV2U1JveGRUQ1RVCkpaMXZwVUxiT0pQRkFFSjBMRnFw
RnJJalBrSTR5V3IvUnU2a2hWSmM0ajAKLS0tIDJ6ZWpiVlBBdDBxWnhZT2lyRi81
dCtqV1ZwQVlHWFgvTkN4eTZmSG5XMzgKKAPm8crJXBvCAIgTCcpLBi74Fq/AT7Uo
SREKHWpC3pLtNyfgHuEhm3lCYmyZyxTsZFd/2ezAjqtQZAf29EEUjg==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvbVhvQlZDWXhmMXpnaDBk
YUFwMkhwRDlkMXhjS1NJSVR3QWhBNDY2c0VFCklMaTBaKzQvRjdLQjFlelpkY2Ra
R0E3NjNVV1pPOG02WnhLdHhqRytPdlkKLS0tIFBFQlpWL0FEUWNGOThzNW1RdG9S
V2lSdVpweWZKM3VYZ01hclV4ZENZbTQKMQ3/EZk82q4oGnFJb49+X5uQzuTji8qV
K61/vy40g/1f8wgpJwjvGCHx7VyzsBp4lhXiLODMIW6ubp5kAU4r9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVVJSRmZucDc1Vk5HZ0py
NS9BcDlLRkpyYitmd0hZdlVOaFgxS3JyR1ZJCkVBajVBTjlWamNMNFYza2xWaitx
V2loazBmaE5kVWRoVWwvR2NQa3Mwb1EKLS0tIFZYNGNRc00rUGlDT2tGUFlCcDc3
aFB3SmpjVFVBc3lPWmMyM29URHpaUzQKguiKNjvJayezQ2tAqmFSgA8tY/6tx1Pb
OeB5cBtSyXfdZhL8HGYAqiIph9zbO3NId7icJsZ11YTW6XHHr1P7gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1aDJ5UkM1WENoUDZOUld3
ZXpTdWJjQzVhNEI4RGs4UlhyVytBcmcwbUdBCkxhNnlzSm5yS21zVVNoSmc3VmJF
REE1YXpFSWtPcVhzMnFGckpLZUxQR2cKLS0tIE5DWGFKNUxRZnpFNGpMS0xxVVhq
OWIwRXBXMmxHN09pZVcyNElQZVhFWUUKAN0Yd2/RB0ZjE0BGZnVY+bCSEQXVpZrS
DwsxXlldtJLVebLxthPaXcPI4UmUFYSPFYWDPijjxQ7gbRYnOsV1eA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNaVNQeVd3c0JKakhEWWE0
ZDNjUitGaUVxM3h0UjF4Z2ZVR0w2L2xKTlRzCjhVVERodmpFVXF6Tnp5N011Tk9J
TVR2akpwRlBKOEs0T3loa0p1cGU5c1EKLS0tIEh5TGYrZ0c3MjQ0bDlsb3J6UGls
VWRsQy9BeU1rTmUxd0xwZHA2MjMrZmcKPI2g7B4Ylmbq1Z6WHAhdDx43oB/OeIKY
MKpwZ985JUrxwwiM0UC9DfNYaM9ScUf4l3qHFPHjh+N899rf7nW3zA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-13T09:05:22Z"
mac: ENC[AES256_GCM,data:Jg/J4ulZtAI7Kfeb8/ccmG3hV+2TF/5kTcwNRr6llVORVBZ0cGeJz5TvhqwHsSf3TRwgzS50RHWtbJ//TadWrYbf+EInV92mT+ybVO/p6ek0jiqRV9Kto697YnjjtMG1uJcIazWhShT4UTg6PNlAtRzBA3759tnw2aj0hCNH9QE=,iv:hu1m3GdLiwyVZDrlh/p63hGCaJgXIHuVnxzPKskj9Io=,tag:NW+d9m+eTgkb9Uea5aurSw==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

136
secrets/default.yaml
View File

@@ -1,136 +0,0 @@
ssh:
ilouser:
id_rsa: ENC[AES256_GCM,data:BuoM1E1pf9srSfWWV+bIy9H/JAQIMsucJv8T+Sky6HgSsR1WLdOX8pYJSVukuMMisSBG8DJiGy7PgzqeZohrFbkaHpc7gI0S3+803pZQjILzs9kEIrpTzqb+i5UgGPNn7Q9Rk2Etm7UlQAaUSLZg1XfCWV421YeTDFnM42bLy8Lhpb5J/GyP4iYJN5osmlQdjUbzR4wWaYIofWHjTqbNo0yNdMTDPf/bVDw+/34Xx/Xcvc90KtbO/k/gWpOam/Mq/jMoaA0IcZu7p6pu3WWFlilkeBtLefLo8nDEGi13hT2KxrB89npTNWWXf4sejQxkZgp8x1FxA8LH9v6vRunvdBRNTw/JjmtxaF8vKfjd2oxaKztLA8NROYQRpavqv6/NGlyBCU+yncq/E5dl51t7BwDwpSUvYvVEP20qH1JBKtiyuHlLOTOwTJtigOE3EuNxuEViz56Q0tVpQOcPQuSRmwdOg8hMZx/HnaDv52JVxeQHdF8jpzz3E3noB1AbRIAb84XXWVo2QLxFb8W8t5ta5cdOq/Pqte5PNXfT+2pjBIOlfg5mzA9kjH4QOZaO7zBbMj/ZD480gZY+kUMgeXgOtoLSZCPvdBbSjd7Lsd7xYbZSk6m4jOtvbTzpaFX8ZIT4ompC/+G84t3HyxE+UUeBip7mTeOJBCc1WjguKSzdBMmYZUxJAGMmWJ+TQDZSFu2m7bMmLGTgya5isqtcqGN5cGcICxIfOVfuoJ5T6vO3t2ZdUuV2U4+gfCYhtEZbsT/lhgRC0NlMWBhowCRpzhowYLHHGqmUfl5M+JTCAOS1QDmZvaGVc8BC0WWkc+162NGME1D+GRolHF44TfB5IuTQ1cfrv+VvK4DIsEslleAMCxqHPPQPGpCTcCNfe/3Yylkl/Pmogas2P8Q1fyGVTZCsS2G5wugptt8AdfdM+tvmqzlyponw3lNKe+mj1ehunJ8V93ea95cdmVikM6OLykzSrbxsejX8EgIQ0BChAFly38ot7YcmqgfqABCGeiYwOnL/90EuRmYRaMuUihbiRVzGPd5oc0OKDj5xdM2Eq/VRaODCFuhmwK5eLHB3tGab2Bin/8VGZkpWjQsd3H/UYRfPpJqjnhI3/dxD619ouZPfsTfQCVnBaZMYVKzpmeb3geNMeV1h8cDxNsAk85nAnG6RUF7xlqmgF6yUZ/vFtjUq/vCoNHsKvS5sSy73LPXljrVvZyG2K9P6dfTR4n8yYGJCoj95ahCAD4djsr9ylRzj1YTFQ7XdZGxw3GML7rmzuMS/Kk0qMKNYSlS9ru0yIL2baZmntjUKjcl0qigzO74bi3TxyoylmxXA2/80AcRU/fWi0t9g9aTJmuVztPiRQpCLsDzSS/xTjriwThx6v7tgmVwO05SdlBQ5Fk6R1nOsC+4X35l2f6pWJ91nlkfimJM3mY/MZDxWusfgXcS3SBswj59n7zX7AwykcX6/XHVWg91EfB6sRUZyHWsMxwn+i/P5aoIiO43leCD9KX5T0KjRAxa0DG092zM6pRaKEJWeBXTgcFTS5AQdMLVlt5GBHBHw2Slr6SMsUo7A1ycJqP7nw+YdLje86h4edfvbAtowhaBT3WPFoxbtAoBWqkYPgTGs/AiKRsfjecypuCm52bz8VTiw8laRkYFO0nqyYZBm4u2BbVODS6Ji9ZxNpjN/NIDh/5ffhQ611iwL2xgob/yFrjqaRyzPx1DXseMO+Lc0TMEhdSVGG9i8fTJXN8VasDDHxWCQD/ZSyERGCqIDc1+pZBjwABiECsDtQy3DI+oQ3UEPLOFHGS95Kc5+KKij3ptvf61o2J6XKEUY0jqv+puNvmjz7jqsNBY+S524G+06zzcvXsUnWQ3o1lOseFDSl4ZV+a2GiRA+AHj5gSKXTNVUMDsEu7E+4Sg1WVFKLw4KgZ0KubHYQYz56QLojv2TUL3NrK1mUfdn9jeJ01L+CIMTVjz+4UjVI/AZJA370Le01pl0ZMxaFRa0fep1Pa6MikTS7SO8NBtTtbOI2Dt/hBrXpzbicfRU/2pNJ8hEn9in0eXkZ3h0/nHm5J/OrrbVOdvQK9RkF9J0sdgmLtnAxdQjKK7r8Tg17q4vefFRtTEFPz1hV8sOrNXJZc3GRnvINE/7CVYdBQZuq7Bqze9WS+Yqzo2Z7T+cgpLTThBWlL7uGRsNcOdxQOctvoHCDFMV+9+QSH9Cc55Jdbd1T/clludubmyCJLvd5+25haXtRNSivJ/qB/ZbaZq/1PrJw2rl9XuiTczVrG/5Gwpz7a7PVrP8ydIEoTAglMdr9WICKl2cqHo1+k7HOFZluJAugNTV5aRwCvb6roKXsENH6TE68RuiYI8GXD/AzrY86TADCZroeQ+arLW+UuDqQfsnJ6MM02NcSOriAqTbwikGSzNIwkOiuZmwc5Y1pVqe1pyVDf5gN6Q=,iv:IDe6vkBvgAzfxee+/odkLk1TLZRghVEf8hqH2r3+V9I=,tag:OFCA57fQjQxc+CT9DOq+VA==,type:str]
id_rsa_pub: ENC[AES256_GCM,data:hYdf7KifFqkHDa8UF1zvhirc2AkrYpL2VrmV2IJjHzzgbrJxshdA629mTXwXwXORbLwNcMpRR7DFLyHCRDu5cWsxluZ04rNU9sJFmL+6pPUonaa4Wc+9z5VysV8UItY/BZ/5mOMQ2ph/wMQ3pkFnBD58vOFOYsmZ7OCir5dQZfm8GdGDX76bOlOI/CAg/LtwFveHK4trY3EUkxbJQ1soZdpm7ML/7bDN52klaS/EEgwk+FJrNAcm8M+N3kMSZoJyJW7c1OG81d4G84tryt2fa7s2HGT79IX6h4wI0GGu+bl87MgmFC48KdvjPdWowfh2QxkphSLduYQ4ss4EQYgJrmkQznQtt67acCFxNrEyE5psSMQPXtgAbwV94xeqtc+QHzmjHAwICTzk7Q4sFF85cDV54ZyoQDYdfubjpJ6mdE65dftN2eYD/5ywdTq09vRpnlh24PTrp7nn4H+Yddakv5KGhQOnj0p6JHNytXEClmiqxANrsYyhKvZe9gS+5w1RIcrsv9dHr5uL7Q==,iv:PQiVjFf2LlOKa6i7V/DcxYU54m/AbJGwTwUmA9asKI4=,tag:y27R0sMuOno0Al9iD3+MsQ==,type:str]
sops:
age:
- recipient: age1xjnkqv32a5nqftw6pqthapnzmgjl4lnqfpxy9utqm56yzm2mvfhqzch648
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5OURyTktBK0tLUFNvK3JV
cGZ0a1BNOUgyZHgvZlNEM091Z01pdlNWcHdrCjRyV2Vlamk1SGNGa2lOZjFZUlZW
NXlSaFRuUkVkV2ZWcm51N1ozbGp1Zk0KLS0tIFA3TmNueE5hSGxwZVlXeW9mOXZG
bWxNZVphblFnV3J2RnBnRjhIV1psTUkKvuHFAmPg7AgSgpSv3cRDDSYRRiG2pWIv
qs3gUknD2QAuo1dBGol6p3lzvuGNYaBLML9tgCgN60Y66RVHR1zEVA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a5aqj3jr3rqpjet9a7y077ak0ymstjjdnyfgn5m2ad4l2yuxr4aqym7d3d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1a2FqYXZpWmRrVEhhazF2
akl3RjErZDc1TVZNZnBCQ3F1a2szUTB1bUVzCkJSV2F1RUNvR3FldmxnbEsyejB6
QU9xTTlud1BrVW1WQ0RCbFRhVCtiRW8KLS0tIG9UeTg3d0pUOUswaUdWdGVscHNM
NEZFUS9sNVJXSllNdXhRWDFYKzg0ZFkK1jEL736B5stLQw6BLxJmm8Z98uvD2qGZ
O98ByT6SrjQnYnr/8u0qY7dQ71ThzB5v3LSrk8/x06CzLmpAYgc6IQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1g45zy9m5g4e20cjejgd3x40722rlddgkmhtddrl8wyf63kt5kg7s9ke390
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFbjh3YkhPd1o3M0h4bkhY
dS9QV203STh5OTF0Y3k2VEdFaFYwQmJNL3lBCkg4UnN2NW82a2F0a28zQ2h6Tng2
ckkrb1AyMUZ0UDM3ZDgvd2FWSTlCTmsKLS0tIGc0ckd1NW1Tc04zOUZhRjlwYmMx
NktCNXd3WE04VzgyczdNVVZ4Z0FIbk0K3999tMUUAerQhWeIST5W9v9sahnl/bub
Wh2wQPSC6pN6t60CMrs4N5NgXhXG6KADiWi9oMwR18RAqwQTRVKRzg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ljcy90uwlfngc7vqwlf2x2ckgsdfg90c0r9yvjzpl90jkwf9g48q2leudt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmb2ZIQlpNRmZaczlGMWFT
aVZWYmJ4RWxJYkJ1YkJhYkV4c1pKZGVESzFvCjh0d0RPUHNSQThLQ29vTzloRGJI
cnNQMXpTVUs3NjUzeGtGbTFDMUE3azgKLS0tIHM4cS9GUi9XUXNITTJsakxxOXhk
U3hNMjNQNHhhTTRTZk9EV05FMEtlSlEK3zLfM19AjFadzWzcTbvmUwQnL0yG8A6K
JMNzwbUvPqLIBxniTuSNRHceCcyPvs4vnCRDQPeEIHV6r1dGMV90Gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vl9q7u0jkzjpdqrmg4flvz2f7gyn05luv4ka60hu5l8yn4m6rujquhyc2p
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3TWN6WEM4WkFqKzFoVkZi
K2hnd2JzczY2YStKcDZjd1RPNGlRVklQL1U0Cmo1VTNkWnVQY2tSNzRBY3JrMW9x
Smx4STlKMzJGQUdrMmpXVCtYekZmWU0KLS0tIE1ycnR1MTVvMUgvcko2VlM0NEUy
Nk1vSWtQWlJWVlNIZEUyOEc5ZS80QjgKqyFL4+3Oqx92nDGJ/D8/+RkPmHZ5R9Yv
HXlyUrO+tmbSU5JkBO7tSZ9Ho89Imwf8b6r76ZozHOjpmhSL5RBvfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1649y4antwgfe4fu02eppnx5gr0yc3g4lj4kwd6v9guxgxgj06y9qk7l4wl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3S0pSVFdiMzBFaFZReEhY
eVFWNzc4eno5Zm1ScEpSUHNmeWVkaTdjQnlzCnZoS3hjeGlyUmd3U1lnc0xOUGVP
OXFweG5YTGV0NDZucWpuZ1lybG43dEEKLS0tIDk2NVZHUEtScklSQlZBQ0ZCMFZ4
N21xTTZpRm81cGM5elVWNnk5NU5PTGcKhfvVyHzhH9A1NDoyHwBAxHy5Dj8brkt5
280NVHI33SQ+R3mgdAcFB34jJW25ntq9Jd7f8V0FeqelGCzHttMy1A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1k085uuy4fv9rfpy0ne6zl9fq0j05a4fykqe26psx2ngxqrcxcu5sksxa9u
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaVHhXYnhkTjdPT0xqbE1D
LzliRGZzQWpiUFdmbE9LZktLN21GbUp5Y0U0CnAwTFlRN3M5OFpKNUNJNTlERVl0
MysvREhWdkZLOWdPODh2dXZlclRHMlUKLS0tIDF6c3pUUEh6bk5YeDJob0Rham1S
TlF5ZVp1Z21DU0hUdFJLMGNIRnVxZE0KGl0PT9mmCu+8yf2K7ADpeALk4xNG/Xld
IG1zlOPvAmmApoNKOx4FOlBVO8MAX922WsUgX6OSyw8U0PjdRn4rKQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tpeqfhc4n7swpgzx6qfdfxanx0uqh7nksr7eksnvjea70n8vaf5sntxu2l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3MGJTd2cxRG5MNkJSdXBo
bXNuZXdPUDZjZC84S0g3N1ZENzIvWWVOaFN3Cmxpb08wSExqaTNQQ1RROGU4bk9h
K2lXMDhuVGpWa0NXOGlXMkxaMzZyWkEKLS0tIDUvckRYWXFhdW1wdUZlL083ZFhH
TFJtcEdFS2pPcHN4bjd1a3QwcktXTzgKy7mTdf495H9solOwE8qJgQQXg+4HYYoF
6ytA/0bA+UlDeziHS4opnlooXcyQ6isMUoi9+F3GlrDaS9NZx+v5vA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1pux20jlyzdexztdmm3lelzn2mslxhuahae4wjy74hkxfytslsfpqj708e2
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZeEVoR2dscEg3Mlk5WlBP
UHFvR2RUTTh2Zm1UcStncEUxVnRwamM4eXdvCkdWbWcwajFXdkI3S1pkT01sZkoz
U2pYdDJ1Wmw3V1prWUh5TVhCSUtlK1kKLS0tIG5XUjhMak45UzlXek5vTDZMN3Nv
d1JJc3FvZjJadTVUSXJzWVQ3ckxQSVUKQ8Bw9tQdlgrH+e4QrkFhx9AVz7F6asDZ
rblgfXuYh+rnoDsuMh6gUciA9WDXBmlPgs09ny4T29T9uGwLjPnitw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1f5039syajzz75s9lkdzwnv2dsvlcp69puuaucgwt05sqjdl7hels25nsfr
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1TndrMmZMOG5tT1FnWmgr
OGlxek5ndGxFOFdmbXhKTFZidzRGS1NVWWhVCjNFK2U5bTM1OXhKcTV0Q3F6bG5U
T0xnYTloZStMbTBFTFovdHlBU2s2eTQKLS0tIEY2emp4ZVVDbzhLbGxuOUx5VG1G
R1B1VldGM3BONUoxUVpDeGhBK1orQXcKPHvqPhOE7j687dBQlfuTdsLIr7t8HzX+
IWOkgUe9Lu+ruHmx0FbDsLlqJZbZOVisaWGD7CEm4Ku1ZnOSejFZcw==
-----END AGE ENCRYPTED FILE-----
- recipient: age19m6f3xtkdf3gwxqxgp9w9gyla4hk24f85l2tyjx6dxu0akzux3cs657dhz
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1K2x6VWx5TUJTcDdEbExr
V0t2VkdOV3NuUC9nUStZM3JwdmRqdThyUWtzCnFlTm13OFVlL205L0dPVzVrRlVh
b3BTTEFwcHlrL204alNlU2N0aExjVW8KLS0tIEQ5ZWpCeTMwNmpjcGl1WmtQdkNU
TVJBMjlNaWtHMlMzd3ViaGVpMERPVncKh7czaPxra9mRidJgrfaT0QWFU7d1li4e
60tD8Gkaoshs0KjQt6Vs2OrW5cJhMkBnUv7kulEEvn+ouukZOz4jTw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1en6vdtxspam9s3nmsyfrcrxzrzu4t9v72ztqyekpzsc35rd06a2sza7ehw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsbnFqcnE2bjNqVmJlVmNR
b2huRnVITTJOU3J2bE43d1V3VzZiRUc0cVZnCmRoTU5YZWQ3TmdZN3A0WUQxZHJr
Tjd4d3FkNHpPSThBemc5STR4VXEvRG8KLS0tIGdSZFgvL2c4MTB2eml0dWtWQVVV
YkJJT294RWRsaHlrYThuQ2RMa3pERkkK0G9ShhLOZVVjGinlUyk/sc9OjWmukLgR
JNTFWAePS/k1O/bO4Myxc9wX4R9UrZOpG/Q6v66ilNOApWD7i/2eBw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1vujvq5rdzppkkdhkwyhnl6xhuvm8s5yf2wc8ke05m8jwrdwsdf0qfx5w4r
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaUUJzYVBzLzlWc2QzUitS
M3JrSGUxcXV2NlA4Q2lDVGpCU0NnZTY2Q0RVCmZ0Tmp0M2FMUVcvY1JrQmoyNk9B
VDFqUUlQMVJ3L3JoaE5ISDV0YU5ydTQKLS0tIGRjM2ZxUzRMRGxzL0ZBR0F2Ti9Y
Tnp0djVFV0hPTkJGYXJSTWRHdkUzWVEK2bWcz9/qrHjAO0FWzjwsuBnZMm42XzKl
h1tQwqF7A3jdcezZXYmOn5R1nJX5NTXLySgPZapvOhrPmuHZk4UULQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1uyuudfya8etgztlt6hlssr9hkstyyhg65wdq3pj9rud2czzkaqqssg7yvp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJUHlzOEtpUnFoU0VmNmpl
TDgwdVAzeENBd3dvY2U3TFVkSy96Mi8rVERjCmhaU0hpeUR2cjh3ckNKVWNtaTRG
STRpaHFGWmU5TjRFWEhabWZTaC9FMk0KLS0tIHBsN3BxNXRIQ2ptNHZjQ0tlZ2Ro
YWttOHNEeDFTemh2OFEvNGNOZmkzeEUKL9yGY1L35y+ZIFyTFKyvgIirWSGe5lkT
jYAPmt/RJmskzNBQdo3KGnPKqpVK5nEBUwmzKVre4AOOSTYJ4ER+0g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-12-31T05:09:48Z"
mac: ENC[AES256_GCM,data:VP4URW/zRZFa4A3Q0gVzs06Zre+GzT3DNcrYxOcktgR1ooyvCjPE6l5t3Jf2LvVanSuBfIQMP7w67OcBar89QqGjn38E6V/U5Lyj7hHF9AtqNd/3l3P91xt+69UBOEqhZI0oASrTA3MKAZVeg6kWtU7YWajPH0PVxOsxMHeD9g4=,iv:LciFXM9JdXwmR56dgO6OskfcGauy8Q5gYIKZH2sES90=,tag:VJbexnwD+N1mGzADfXhp7g==,type:str]
unencrypted_suffix: _unencrypted
version: 3.11.0

45
users/apollo-admin/apollo-admin.nix
View File

@@ -1,45 +0,0 @@
{ config, pkgs, ... }:
let
sshCaperrenDesktopPubkey = builtins.readFile ../caperren/pubkeys/cap-nr200p.pub;
sshCaperrenLaptopPubkey = builtins.readFile ../caperren/pubkeys/cap-slim7.pub;
in
{
users.users.apollo-admin = {
initialPassword = "changeme";
isNormalUser = true;
description = "Cluster Admin";
extraGroups = [
"docker"
"networkmanager"
"wheel"
];
openssh.authorizedKeys.keys = [
sshCaperrenDesktopPubkey
sshCaperrenLaptopPubkey
];
};
home-manager.users.apollo-admin = {
home.username = "apollo-admin";
home.homeDirectory = "/home/apollo-admin";
home.stateVersion = "25.05";
home.packages = with pkgs; [ ];
programs.bash.enable = true;
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
};
};
}

155
users/caperren/caperren.nix
View File

@@ -1,155 +0,0 @@
{ config, pkgs, ... }:
let
hyprlandConfigPath = ./. + "/dotfiles/hyprland/${config.networking.hostName}";
kanshiConfigPath = ./. + "/dotfiles/kanshi/${config.networking.hostName}";
sshDesktopPubkey = builtins.readFile ./pubkeys/cap-nr200p.pub;
sshLaptopPubkey = builtins.readFile ./pubkeys/cap-slim7.pub;
spotifyPlayerAppTomlTextTemplate = builtins.readFile ./dotfiles/spotify-player/app.toml;
spotifyPlayerAppTomlText =
builtins.replaceStrings [ "{{hostname}}" ] [ config.networking.hostName ]
spotifyPlayerAppTomlTextTemplate;
waybarConfigPath = ./. + "/dotfiles/waybar/${config.networking.hostName}";
in
{
users.users.caperren = {
isNormalUser = true;
description = "Corwin Perren";
extraGroups = [
"adbusers"
"dialout"
"docker"
"input"
"networkmanager"
"plugdev"
"podman"
"wheel"
];
openssh.authorizedKeys.keys = [
sshDesktopPubkey
sshLaptopPubkey
];
};
home-manager.users.caperren = {
home.username = "caperren";
home.homeDirectory = "/home/caperren";
home.stateVersion = "25.05";
home.packages = with pkgs; [
obsidian
];
programs.git = {
enable = true;
settings.user = {
name = "Corwin Perren";
email = "caperren@gmail.com";
};
};
programs.bash.enable = true;
programs.bemenu.enable = true;
programs.kitty = {
enable = true;
font.name = "JetBrains Mono";
settings = {
allow_remote_control = true;
};
};
# Assets/scripts
home.file.".config/streamdeck-ui/icons".source = ./dotfiles/streamdeck/icons;
home.file.".config/hypr/scripts".source = ./dotfiles/.config/hypr/scripts;
# Application config files
home.file.".config/containers/policy.json".source = ./dotfiles/.config/containers/policy.json;
home.file.".config/glances/glances.conf".source = ./dotfiles/.config/glances/glances.conf;
home.file.".config/hypr/hypridle.conf".source = ./dotfiles/hypridle/hypridle.conf;
home.file.".config/hypr/hyprpaper.conf".source = ./dotfiles/hyprpaper/hyprpaper.conf;
home.file.".config/hypr/backgrounds/black.png".source = ./dotfiles/hyprpaper/backgrounds/black.png;
home.file.".config/hypr/hyprland-common.conf".source = ./dotfiles/hyprland/hyprland-common.conf;
home.file.".config/hypr/hyprland.conf".source = hyprlandConfigPath + "/hyprland.conf";
home.file.".config/kanshi/config".source = kanshiConfigPath + "/config";
home.file.".config/streamdeck-ui/.streamdeck_ui_link.json" = {
source = ./dotfiles/streamdeck/.streamdeck_ui.json;
# Copy the symlinked version to its final location, otherwise it has no write permissions
# on the config file, which breaks the entire app
onChange = ''
cat ~/.config/streamdeck-ui/.streamdeck_ui_link.json > ~/.streamdeck_ui.json
chmod 600 ~/.streamdeck_ui.json
'';
force = true;
};
home.file.".config/spotify-player/app.toml".text = spotifyPlayerAppTomlText;
home.file.".config/waybar/config".source = waybarConfigPath + "/config";
home.file.".config/waybar/style.css".source = ./dotfiles/waybar/style.css;
home.file.".config/wlogout/layout".source = ./dotfiles/wlogout/layout;
# Desktop entry files so bemenu can find them
home.file.".local/share/applications/alltop.desktop".source =
./dotfiles/.local/share/applications/alltop.desktop;
home.file.".local/share/applications/glava.desktop".source =
./dotfiles/.local/share/applications/glava.desktop;
home.file.".local/share/applications/phonerdp.desktop".source =
./dotfiles/.local/share/applications/phonerdp.desktop;
home.file.".local/share/applications/spotify-player.desktop".source =
./dotfiles/.local/share/applications/spotify-player.desktop;
# Custom bash aliases
home.shellAliases = {
# Phone remote desktop over usb (adb), with some default flags I want
phonerdp = "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close";
# Streamdeck isn't easy to manually edit, so make a save command to copy any updates to the repo
savestreamdeck = "cp ~/.streamdeck_ui.json ~/.nixos-configs/users/caperren/dotfiles/streamdeck/.streamdeck_ui.json";
# Nice to have an alias if I ever want to launch this from cmdline, or see the dbus help string
screenshot = "~/.config/hypr/scripts/screenshot.sh";
};
# Theming
gtk = {
enable = true;
theme = {
name = "Adwaita-dark"; # Or another dark theme
package = pkgs.gnome-themes-extra;
};
iconTheme = {
name = "Papirus-Dark";
package = pkgs.papirus-icon-theme;
};
cursorTheme = {
name = "Bibata-Modern-Ice";
package = pkgs.bibata-cursors;
};
font.name = "JetBrains Mono 11";
};
home.sessionPath = [
"$HOME/.local/share"
];
home.sessionVariables = {
GTK_THEME = "Adwaita-dark";
};
xdg.mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = [ "okularApplication_pdf.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"text/html" = [ "firefox.desktop" ];
"image/*" = [ "imv.desktop" ];
};
};
xresources.properties = {
"Xft.font" = "JetBrains Mono";
};
};
}

7
users/caperren/dotfiles/.config/containers/policy.json
View File

@@ -1,7 +0,0 @@
{
"default": [
{
"type": "insecureAcceptAnything"
}
]
}

44
users/caperren/dotfiles/.config/glances/glances.conf
View File

@@ -1,44 +0,0 @@
##############################################################################
# Custom Glances Configuration Overrides
##############################################################################
[global]
# Managed by NixOS configs
check_update=false
[percpu]
# All of my systems are 16 core
max_cpu_display=16
[ip]
# Useful for validating vpn connectivity
public_disabled=False
public_refresh_interval=300
public_api=https://ipv4.ipleak.net/json/
public_field=ip
public_template={continent_code}/{country_code}/{region_code}/{city_name}/{isp_name}
[diskio]
# Don't care about loop devices
hide=loop.*,/dev/loop.*
[smart]
disable=False
[fs]
# Nix store is duplicate of / on NixOS
hide=/nix/store
# Leaving this all commented for now as it doesn't like large number of files
#[folders]
# Home overview is helpful
#folder_1_path=/home/caperren
#folder_1_refresh=120
# Steam is normally the largest
#folder_2_path=/home/caperren/.local/share/Steam
#folder_2_refresh=120
# Then Downloads next
#folder_3_path=/home/caperren/Downloads
#folder_3_refresh=120
# With code generally coming last
#folder_4_path=/home/caperren/code
#folder_4_refresh=120

116
users/caperren/dotfiles/.config/hypr/scripts/screenshot.sh
View File

@@ -1,116 +0,0 @@
#!/usr/bin/env bash
# Unashamedly taken from: https://www.reddit.com/r/hyprland/comments/13ivh0c/comment/jkgk65k
# Small edits made for my particular needs
# Flags:
# r: region
# s: screen
#
# c: clipboard
# f: file
# i: interactive
# p: pixel
# Example hyprland bindings
#bind = CTRL, SUPER, ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh
#bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
#bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
#bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
#bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
#bind = SUPER SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
#bind = CTRL SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
#bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
screenshotPath=~/Pictures/screenshots
hyprpicker_launch(){
# Start hyprpicker with screen render (freeze), no fancy, no zoom
# We're just using this to lock the screen in place for grim ingest
hyprpicker -r -n -z -d >/dev/null 2>&1 &
sleep 0.5
}
hyprpicker_kill(){
killall hyprpicker >/dev/null 2>&1
}
trap hyprpicker_kill EXIT
generate_filename(){
# Make sure screenshots path exists first
if [ ! -d "$screenshotPath" ]; then
mkdir -p "$screenshotPath"
fi
echo "$screenshotPath/$(date +%Y-%m-%d_%H-%M-%S).png"
}
active_screen_grim_region(){
hyprctl -j monitors | jq -r '.[] | select(.focused) | "\(.x),\(.y) \(.width)x\(.height)"' -
}
grim_from_region() {
local filename="${1:-}"
local region="${2:-}"
hyprpicker_launch
# Get region of screen to capture, if not passed in
if [ -z "$region" ]; then
region=$(slurp -b '#000000b0' -c '#00000000') || exit 1
fi
# Start grim while screen is still frozen, kill hyprpicker, and pass through data
if [ -z "$filename" ]; then
grim -g "$region" - | {
hyprpicker_kill || true
cat
}
else
grim -g "$region" "$filename" | {
hyprpicker_kill || true
cat
}
fi
}
if [[ $1 == rc ]]; then
grim_from_region | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == rf ]]; then
grim_from_region "$(generate_filename)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == ri ]]; then
grim_from_region | swappy -f - -o "$(generate_filename)"
elif [[ $1 == sc ]]; then
grim_from_region "" "$(active_screen_grim_region)" | wl-copy
notify-send 'Copied to Clipboard' Screenshot
elif [[ $1 == sf ]]; then
grim_from_region "$(generate_filename)" "$(active_screen_grim_region)"
notify-send 'Screenshot Taken' "$filename"
elif [[ $1 == si ]]; then
grim_from_region "" "$(active_screen_grim_region)" | swappy -f - -o "$(generate_filename)"
elif [[ $1 == p ]]; then
color=$(hyprpicker -a -r)
wl-copy "$color"
notify-send 'Copied to Clipboard' "$color"
else
notify-send 'Screenshot Shortcuts' "Print:\t\t\tRegion to clip
Super+Print:\t\tRegion to file
Ctrl+Print:\t\tRegion to editor
Shift+Print:\t\t\Screen to clip
Shift+Super+Print:\tScreen to file
Ctrl+Shift+Print:\tScreen to editor
Alt+Print:\t\tColor picker to clip" -t 20000
fi

7
users/caperren/dotfiles/.local/share/applications/alltop.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=All Top
Exec=bash -c "kitty --single-instance --detach bash -c 'kitten @ launch --type=window --title btop btop ; kitten @ launch --type=window --title nvtop nvtop'"
Icon=alltop
Terminal=false
Categories=Utilities;

7
users/caperren/dotfiles/.local/share/applications/glava.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=Glava
Exec=glava
Icon=glava
Terminal=false
Categories=Media;

7
users/caperren/dotfiles/.local/share/applications/phonerdp.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=Phone RDP
Exec=bash -c "scrcpy --no-audio --orientation=0 --turn-screen-off --stay-awake --power-off-on-close"
Icon=phonerdp
Terminal=false
Categories=Utilities;

7
users/caperren/dotfiles/.local/share/applications/spotify-player.desktop
View File

@@ -1,7 +0,0 @@
[Desktop Entry]
Type=Application
Name=Spotify Player
Exec=kitty -e spotify_player
Icon=spotify_player
Terminal=false
Categories=Media;

33
users/caperren/dotfiles/hypridle/hypridle.conf
View File

@@ -1,33 +0,0 @@
general {
lock_cmd = pidof hyprlock || hyprlock # Avoid starting multiple hyprlock instances
before_sleep_cmd = loginctl lock-session # Lock before suspend
after_sleep_cmd = hyprctl dispatch dpms on # To avoid having to press a key twice to turn on the display
}
listener {
timeout = 60 # 1 minute
on-timeout = brightnessctl -sd platform::kbd_backlight set 0 # Turn off keyboard backlight
on-resume = brightnessctl -rd platform::kbd_backlight # Turn on keyboard backlight
}
listener {
timeout = 180 # 3 minutes
on-timeout = brightnessctl -s set 1% # Set monitor backlight to minimum
on-resume = brightnessctl -r # monitor backlight restore
}
listener {
timeout = 600 # 10 minutes
on-timeout = loginctl lock-session # Lock screen when timeout has passed
}
listener {
timeout = 610 # 10 minutes, 10 seconds
on-timeout = hyprctl dispatch dpms off # Screen off when timeout has passed
on-resume = hyprctl dispatch dpms on # Screen on when activity is detected after timeout has fired
}
# listener {
# timeout = 1200 # 20 minutes
# on-timeout = systemctl suspend # Suspend pc
# }

9
users/caperren/dotfiles/hyprland/cap-nr200p/hyprland.conf
View File

@@ -1,9 +0,0 @@
# Unfortunate legacy config needed because hyprland can't hot switch variable refresh rate
monitor=DP-2,3440x1440@144,auto,1,vrr,1
# Source configs
source = ~/.config/hypr/hyprland-common.conf
# Application launch
exec-once = sleep 10 && steam -silent
#exec-once = swayidle -w timeout 600 "hyprlock" before-sleep "hyprlock" &

12
users/caperren/dotfiles/hyprland/cap-slim7/hyprland.conf
View File

@@ -1,12 +0,0 @@
# Unfortunate legacy config needed because hyprland can't hot switch variable refresh rate
monitor = eDP-2,2560x1600@165,auto,1,vrr,1
# Source configs
source = ~/.config/hypr/hyprland-common.conf
# Application launch
exec-once = brightnessctl -sd platform::kbd_backlight set 1
exec-once = brightnessctl -s set 30%
# Privacy
exec-once = sleep 10 && ls /dev/video1 &> /dev/null && notify-send "Laptop Webcam Enabled" "Please disable if not being used." -t 20000

191
users/caperren/dotfiles/hyprland/hyprland-common.conf
View File

@@ -1,191 +0,0 @@
# Always enable new monitors in automatic mode, for when kanshi doesn't know about the setup
monitor=,preferred,auto,1
# Set programs that you use
$terminal = kitty
$fileManager = thunar
$menu = j4-dmenu-desktop --dmenu='bemenu --ignorecase --line-height 22 --hf "##10AC25" --ff "##10AC25" --tf "##10AC25"' --term='kitty'
# Some default env vars
env = XCURSOR_SIZE,24
env = QT_QPA_PLATFORMTHEME,qt6ct
input {
kb_layout = us
kb_variant =
kb_model =
kb_options =
kb_rules =
follow_mouse = 1
touchpad {
natural_scroll = no
}
sensitivity = 0 # -1.0 to 1.0, 0 means no modification.
numlock_by_default = 1
}
general {
gaps_in = 5
gaps_out = 5
border_size = 2
col.active_border = rgba(0D8A1EFF)
col.inactive_border = rgba(595959aa)
layout = dwindle
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
allow_tearing = false
}
decoration {
rounding = 10
blur {
enabled = true
size = 3
passes = 1
}
shadow {
enabled = true
range = 4
render_power = 3
color = rgba(1a1a1aee)
}
}
animations {
enabled = yes
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
animation = windows, 1, 7, myBezier
animation = windowsOut, 1, 7, default, popin 80%
animation = border, 1, 10, default
animation = borderangle, 1, 8, default
animation = fade, 1, 7, default
animation = workspaces, 1, 6, default
}
dwindle {
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
preserve_split = yes # you probably want this
}
misc {
force_default_wallpaper = 1 # Set to 0 or 1 to disable the anime mascot wallpapers
}
windowrulev2 = suppressevent maximize, class:.* # You'll probably like this.
$mainMod = SUPER
# Launch terminal
bind = $mainMod, T, exec, $terminal
bind = SHIFT_SUPER, Return, exec, $terminal
# Close active window
bind = $mainMod, Shift+q, killactive,
bind = $mainMod, C, killactive,
bind = $mainMod, M, exit,
bind = $mainMod, E, exec, $fileManager
bind = $mainMod, V, togglefloating,
bind = $mainMod, R, exec, $menu
bind = $mainMod, P, pseudo, # dwindle
bind = $mainMod, J, togglesplit, # dwindle
bind = $mainMod, F, fullscreen
# Move focus with mainMod + arrow keys
bind = $mainMod, left, movefocus, l
bind = $mainMod, right, movefocus, r
bind = $mainMod, up, movefocus, u
bind = $mainMod, down, movefocus, d
# Switch workspaces with mainMod + [0-9]
bind = $mainMod, 1, workspace, 1
bind = $mainMod, 2, workspace, 2
bind = $mainMod, 3, workspace, 3
bind = $mainMod, 4, workspace, 4
bind = $mainMod, 5, workspace, 5
bind = $mainMod, 6, workspace, 6
bind = $mainMod, 7, workspace, 7
bind = $mainMod, 8, workspace, 8
bind = $mainMod, 9, workspace, 9
bind = $mainMod, 0, workspace, 10
# Move active window to a workspace with mainMod + SHIFT + [0-9]
bind = $mainMod SHIFT, 1, movetoworkspace, 1
bind = $mainMod SHIFT, 2, movetoworkspace, 2
bind = $mainMod SHIFT, 3, movetoworkspace, 3
bind = $mainMod SHIFT, 4, movetoworkspace, 4
bind = $mainMod SHIFT, 5, movetoworkspace, 5
bind = $mainMod SHIFT, 6, movetoworkspace, 6
bind = $mainMod SHIFT, 7, movetoworkspace, 7
bind = $mainMod SHIFT, 8, movetoworkspace, 8
bind = $mainMod SHIFT, 9, movetoworkspace, 9
bind = $mainMod SHIFT, 0, movetoworkspace, 10
# Example special workspace (scratchpad)
bind = $mainMod, S, togglespecialworkspace, magic
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
# Scroll through existing workspaces with mainMod + scroll
bind = $mainMod, mouse_down, workspace, e+1
bind = $mainMod, mouse_up, workspace, e-1
# Move/resize windows with mainMod + LMB/RMB and dragging
bindm = $mainMod, mouse:272, movewindow
bindm = $mainMod, mouse:273, resizewindow
# Volume Keys
bindl=, XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 2%+
bindl=, XF86AudioLowerVolume, exec, wpctl set-volume -l 0.0 @DEFAULT_AUDIO_SINK@ 2%-
bindl=, XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle
# Media Controls
bindl=, XF86AudioPlay, exec, playerctl play-pause
bindl=, XF86AudioPrev, exec, playerctl previous
bindl=, XF86AudioNext, exec, playerctl next
# Brightness Controls
bind = ,XF86MonBrightnessDown, exec, brightnessctl s 1%-
bind = ,XF86MonBrightnessUp, exec, brightnessctl s +1%
# Screenshots
bind = , PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rc
bind = SUPER, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh rf
bind = CTRL, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh ri
bind = SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sc
bind = SUPER_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh sf
bind = CTRL_SHIFT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh si
bind = ALT, PRINT, exec, ~/.config/hypr/scripts/screenshot.sh p
# Jetbrains window rules
# Prevent initial focus for JetBrains popups
windowrulev2 = noinitialfocus, class:^jetbrains-.*$, floating:1, title:^$|^\s$|^win\d+$
# Application launch
exec-once = kanshi # Automatically handles display configurations
exec-once = ydotoold # Autoclicker/autokeyboard for automation
exec-once = hypridle # Hyprland/wayland specific idle lock tool
exec-once = hyprpaper # Hyprland/wayland specific wallpaper tool
exec-once = wpctl set-volume -l 1.0 @DEFAULT_AUDIO_SINK@ 10% # Keep eardrums intact on reboot
exec-once = waybar # Wayland specific status bar
exec-once = sleep 5 && nm-applet # Traditional notifications area
exec-once = sleep 5 && blueman-applet # Traditional bluetooth management tool
exec-once = sleep 5 && streamdeck -n # Streamdeck management tool
exec-once = sleep 5 && solaar --window=hide # Logitech device management and battery
exec-once = sleep 5 && Telegram -startintray # Gotta keep in touch with peeps
exec-once = sleep 10 && itch # More fun games
exec-once = sleep 15 && hyprctl dispatch closewindow 'title:itch' # Hacky solution to single-shot "windowrule"

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/1.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 708 KiB

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/2.jpg
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 912 KiB

BIN
users/caperren/dotfiles/hyprpaper/backgrounds/black.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 1.1 KiB

5
users/caperren/dotfiles/hyprpaper/hyprpaper.conf
View File

@@ -1,5 +0,0 @@
preload = ~/.config/hypr/backgrounds/black.png
wallpaper = ,~/.config/hypr/backgrounds/black.png
ipc = off
splash = false

7
users/caperren/dotfiles/kanshi/cap-nr200p/config
View File

@@ -1,7 +0,0 @@
# `hyprctl monitors list` for all outputs
profile office_desk {
output "Hewlett Packard HP Z27n CNK7311FCY" enable position 0,0
output "LG Electronics LG ULTRAGEAR 104NTVS1N751" enable mode 3440x1440@143.92Hz position -440,1440 adaptive_sync on
output "BOE Display 0x00000060" enable position 950,2880 scale 1.0
}

21
users/caperren/dotfiles/kanshi/cap-slim7/config
View File

@@ -1,21 +0,0 @@
# `hyprctl monitors list` for all outputs
profile builtin_only {
output "BOE 0x0A9B Unknown" enable mode 2560x1600@165Hz position 0,0 adaptive_sync on
}
profile bedroom_desk {
##### Top left to right
output "Dell Inc. DELL P2411H F8NDP11G0DVU" enable position 0,1280
output "Acer Technologies CB292CU 2217018D42410" enable position 1920,0 transform 90
output "Dell Inc. DELL P2411H F8NDP097114U" enable position 3000,1280
##### Bottom left to right
output "Aculab Ltd Digital Unknown" enable transform 270 position 0,2360
# Primary monitor, which wayland doesn't have a concept of
output "Hewlett Packard HP Z27n CNK7311DRR" enable position 1440,2560
output "Aculab Ltd QHD270 Unknown" enable transform 90 position 4000,2360
##### Far bottom right (laptop itself)
output "BOE 0x0A9B Unknown" enable position 5440,2360 adaptive_sync on
}

49
users/caperren/dotfiles/spotify-player/app.toml
View File

@@ -1,49 +0,0 @@
theme = "dracula"
client_id = "65b708073fc0480ea92a077233ca87bd"
client_port = 8080
login_redirect_uri = "http://127.0.0.1:8989/login"
playback_format = """
{status} {track} • {artists}
{album}
{metadata}"""
notify_timeout_in_secs = 0
tracks_playback_limit = 1000
app_refresh_duration_in_ms = 32
playback_refresh_duration_in_ms = 0
page_size_in_rows = 20
play_icon = "▶"
pause_icon = "▌▌"
liked_icon = "♥"
border_type = "Plain"
progress_bar_type = "Rectangle"
cover_img_length = 9
cover_img_width = 5
cover_img_scale = 1.0
enable_media_control = true
enable_streaming = "Always"
enable_notify = true
enable_cover_image_cache = true
default_device = "{{hostname}}"
notify_streaming_only = false
seek_duration_secs = 5
[notify_format]
summary = "{track} • {artists}"
body = "{album}"
[layout]
playback_window_position = "Top"
playback_window_height = 6
[layout.library]
playlist_percent = 40
album_percent = 40
[device]
name = "{{hostname}}"
device_type = "speaker"
volume = 100
bitrate = 320
audio_cache = false
normalization = false
autoplay = false

3193
users/caperren/dotfiles/streamdeck/.streamdeck_ui.json
View File

File diff suppressed because it is too large Load Diff

BIN
users/caperren/dotfiles/streamdeck/icons/btop-logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 2.8 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/chart-simple-solid-full.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 3.0 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/cogs-solid.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 24 KiB

BIN
users/caperren/dotfiles/streamdeck/icons/discord-logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 13 KiB

Some files were not shown because too many files have changed in this diff Show More