diff options
| author | Dylan <boss@tehbox.org> | 2026-04-29 23:15:45 +1200 |
|---|---|---|
| committer | Dylan <boss@tehbox.org> | 2026-04-29 23:19:15 +1200 |
| commit | f96e43f992211290e3287facc505bea0bc1a3931 (patch) | |
| tree | 02860a965002f0418847cedad2fac2e71208b443 | |
| parent | da3a4174ae0a287871e36899893abe9c858ad7e5 (diff) | |
| download | nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.tar.gz nixos-configuration-f96e43f992211290e3287facc505bea0bc1a3931.zip | |
Lots of updates
| -rw-r--r-- | computers/nixnode.nix | 129 | ||||
| -rw-r--r-- | computers/nixy.nix | 33 | ||||
| -rw-r--r-- | flake.nix | 13 | ||||
| -rw-r--r-- | hardware-setups/tuf.nix | 88 | ||||
| -rw-r--r-- | home-manager/YATwm/default.nix | 40 | ||||
| -rw-r--r-- | home-manager/emacs/default.nix | 5 | ||||
| -rw-r--r-- | home-manager/home.nix | 30 | ||||
| -rw-r--r-- | home-manager/i3/config | 2 | ||||
| -rw-r--r-- | home-manager/i3/default.nix | 4 | ||||
| -rwxr-xr-x | home-manager/i3/scripts/image_upload.sh | 2 | ||||
| -rwxr-xr-x | home-manager/i3/scripts/rofi-passmenu | 27 | ||||
| -rw-r--r-- | home-manager/rofi/default.nix | 2 | ||||
| -rw-r--r-- | modules/cgit.nix | 20 | ||||
| -rw-r--r-- | modules/nvidia.nix | 3 | ||||
| -rw-r--r-- | modules/xorg.nix | 2 | ||||
| -rw-r--r-- | secrets/general.yaml | 10 |
16 files changed, 299 insertions, 111 deletions
diff --git a/computers/nixnode.nix b/computers/nixnode.nix index 40d99b1..552bafb 100644 --- a/computers/nixnode.nix +++ b/computers/nixnode.nix @@ -6,9 +6,13 @@ { imports = - [ # Include the results of the hardware scan. + [ inputs.STK.nixosModules.default inputs.sops.nixosModules.sops + (builtins.fetchTarball { + url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/nixos-25.11/nixos-mailserver-nixos-25.11.tar.gz"; + sha256 = "0f1mq2gdmx9wd0k89f6w61sbfzpd1wwz857l2xvyp1x0msmd2z20"; + }) ]; teh-nix.nix.enable = true; @@ -27,7 +31,7 @@ networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. - # time.timeZone = "Europe/Amsterdam"; + time.timeZone = "NZ"; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -38,7 +42,7 @@ # console = { # font = "Lat2-Terminus16"; # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. + # useXkbConfcpfig = true; # use xkb.options in tty. # }; # Enable the X11 windowing system. @@ -54,6 +58,11 @@ sops.secrets = { #"wg/nixy/pub" = { }; "wg/nixnode/priv" = { }; + "acme/linode" = { + owner = "acme"; + mode = "440"; + }; + "mail/boss" = { }; }; networking.firewall = { @@ -62,6 +71,23 @@ allowedUDPPorts = [ 51820 ]; }; + security.acme.acceptTerms = true; + # security.acme.useRoot = true; + security.acme.defaults.email = "boss@tehbox.org"; + # security.acme.certs = { + # "tehbox.org" = + # { + # webroot = "/var/lib/acme/acme-challenge/"; + # email = "boss@tehbox.org"; + # extraDomainNames = (map (sub: sub + ".tehbox.org" ) [ "www" "git" ]); + # #dnsProvider = "linode"; + # # dnsResolver = "92.123.94.2"; + # # dnsPropagationCheck = false; + # #environmentFile = environmentFile; + # }; + # }; + users.groups.acme.members = [ "nginx" ]; + # Wireguard networking = { nat = { @@ -93,20 +119,70 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j }; }; - # services.nginx = { - # enable = true; - # virtualHosts."172.105.172.191" = { - # documentRoot = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; - # }; - # }; + services.nginx = { + enable = true; + virtualHosts = { + "tehbox.org" = { + root = "${inputs.self.packages.x86_64-linux.teh-website}/srv/www"; + serverAliases = [ "www.tehbox.org" ]; + enableACME = true; + forceSSL = true; + }; + "files.tehbox.org" = { + root = "/srv/files"; + enableACME = true; + forceSSL = true; + }; + "stk.lug.ac" = { + root = "${inputs.self.packages.x86_64-linux.stk-installers}/srv/www"; + enableACME = true; + forceSSL = true; + locations."/".extraConfig = "autoindex on;\n"; + }; + "_" = { + globalRedirect = "tehbox.org"; + }; + }; + }; teh-nix.services.cgit = { enable = true; authorizedKeys = config.users.users.boss.openssh.authorizedKeys.keys; authorizedUsers = [ "boss" ]; - domain = "172.105.172.191"; + domain = "git.tehbox.org"; + enableACME = true; + # useACMEHost = "tehbox.org"; + forceSSL = true; + # onlySSL = true; }; - + + services.znc = { + enable = true; + mutable = true; + useLegacyConfig = false; + openFirewall = true; + config = { + SSLCertFile = "/var/lib/acme/tehbox.org/key.pem"; + LoadModule = [ "webadmin" ]; + User.boss = { + Admin = true; + Pass.password = { + Method = "sha256"; + Hash = "401e8fed9a3ab1f93047b7465fd7cc6b0ca5aaed6b1c0482f0f4331ebdca8647"; + Salt = "*F_-,pqOdiJi;p)JoMnm"; + }; + }; + User.komodo = { + Admin = false; + Pass.password = { + Method = "sha256"; + Hash = "2c624debe3e2672383346230b6acad82192e40df05666481f792a9dd97d935cc"; + Salt = "q9At0+KZvmofZil(3us1"; + }; + }; + }; + }; + services.openssh = { enable = true; settings.PermitRootLogin = "no"; @@ -115,14 +191,36 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j services.superTuxKarts = { enable = true; - port = 2757; + port = 2759; + package = pkgs.superTuxKart; serverOptions = { server-name = "LUG STK server"; - server-mode = 0; + server-mode = 3; server-difficulty = 3; + server-max-players = 16; + track-voting = false; + voting-timeout = 15; private-server-password = "lug@uoa"; - motd = "Server for LUG@UoA\nChampionship coming soon!"; + motd = "Server for LUG@UoA\nChampionship coming now!"; + live-spectate = true; + server-configurable = true; + }; + }; + + mailserver = { + enable = true; + stateVersion = 3; + fqdn = "tehbox.org"; + domains = [ "tehbox.org" ]; + + loginAccounts = { + "boss@tehbox.org" = { + hashedPasswordFile = config.sops.secrets."mail/boss".path; + aliases = ["postmaster@tehbox.org"]; + }; }; + + certificateScheme = "acme"; }; users.users.boss = { @@ -131,6 +229,8 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j home = "/home/boss"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJOukEKExoF6vr3vciQN8pBdd4FtZtRzqIGFJrUvllOY boss@nixy" ]; }; + users.groups.files.members = [ "boss" "nginx" ]; + users.groups.nginx.members = [ "nginx" "znc" ]; environment.systemPackages = with pkgs; [ vim @@ -140,6 +240,7 @@ ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.100.0.0/24 -o eth0 -j sysstat git inputs.self.packages.x86_64-linux.teh-website + inputs.self.packages.x86_64-linux.stk-installers ]; diff --git a/computers/nixy.nix b/computers/nixy.nix index 50e4f22..bcdf3aa 100644 --- a/computers/nixy.nix +++ b/computers/nixy.nix @@ -113,7 +113,7 @@ }; programs.hyprland = { - enable = true; + enable = false; #package = inputs.hyprland.packages.${pkgs.system}.hyprland; #portalPackage = inputs.hyprland.packages.${pkgs.system}.xdg-desktop-portal-hyprland; }; @@ -133,13 +133,12 @@ # Enable sound. #sound.enable = true; - services.pipewire = - { - enable = true; - alsa.enable = false; - alsa.support32Bit = false; - pulse.enable = true; - }; + services.pipewire = { + enable = true; + alsa.enable = false; + alsa.support32Bit = false; + pulse.enable = true; + }; services.upower.enable = true; @@ -180,6 +179,15 @@ hardware.graphics.enable32Bit = true; programs.steam = { enable = true; + package = pkgs.steam.override { + extraEnv = { + __NV_PRIME_RENDER_OFFLOAD=1; + __NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0"; + __GLX_VENDOR_LIBRARY_NAME="nvidia"; + __VK_LAYER_NV_optimus="NVIDIA_only"; + }; + }; + extraCompatPackages = with pkgs; [ proton-ge-bin ]; @@ -204,16 +212,21 @@ "f /var/lib/systemd/linger/boss" # enables lingering ]; + # programs.dconf.enable = true; + services.ratbagd.enable = true; + # xdg.portal.enable = true; + # services.flatpak.enable = true; + stylix = { enable = true; base16Scheme = "${pkgs.base16-schemes}/share/themes/material-palenight.yaml"; image = ../wallpaper.png; - targets.grub.useImage = true; + targets.grub.useWallpaper = true; opacity = { terminal = 0.8; @@ -238,7 +251,7 @@ }; emoji = { - package = pkgs.noto-fonts-emoji; + package = pkgs.noto-fonts-color-emoji; name = "Noto Color Emoji"; }; @@ -2,13 +2,13 @@ description = "My nixos configuration"; inputs = { - nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.11"; home-manager = { - url = "github:nix-community/home-manager/release-25.05"; + url = "github:nix-community/home-manager/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; stylix = { - url = "github:danth/stylix/release-25.05"; + url = "github:danth/stylix/release-25.11"; inputs.nixpkgs.follows = "nixpkgs"; }; spicetify-nix = { @@ -16,7 +16,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; YATwm = { - #url = "git+https://git.tehbox.org/cgit/boss/YATwm.git"; + #url = "git+https://git.tehbox.org/boss/YATwm.git"; #url = "github:BossCode45/YATwm"; url = "git+file:///home/boss/Documents/Coding/WM/YATwm"; inputs.nixpkgs.follows = "nixpkgs"; @@ -53,6 +53,10 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + # hytale-launcher = { + # url = "github:TNAZEP/HytaleLauncherFlake"; + # inputs.nixpkgs.follows = "nixpkgs"; + # }; }; outputs = inputs@{self, nixpkgs, ... }: { @@ -91,6 +95,7 @@ }; packages.x86_64-linux.teh-website = (nixpkgs.legacyPackages.x86_64-linux.callPackage ./website { }); + packages.x86_64-linux.stk-installers = (nixpkgs.legacyPackages.x86_64-linux.callPackage ./my-pkgs/stk-installers.nix { }); }; } diff --git a/hardware-setups/tuf.nix b/hardware-setups/tuf.nix index 0b0e135..20cc5f9 100644 --- a/hardware-setups/tuf.nix +++ b/hardware-setups/tuf.nix @@ -4,50 +4,50 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" "cryptd"]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - boot.initrd.luks.devices.cryptroot = { - device = "/dev/disk/by-uuid/18e2ffad-9ffb-4c3a-a82f-dd8098171427"; - preLVM = true; - }; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/db909240-4006-4ca8-a03a-3e3fc60cba17"; - fsType = "ext4"; + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" "cryptd"]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + boot.initrd.luks.devices.cryptroot = { + device = "/dev/disk/by-uuid/18e2ffad-9ffb-4c3a-a82f-dd8098171427"; + preLVM = true; }; - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9ef8fad1-08cb-4c7a-9db1-3a37097544b0"; - fsType = "ext4"; - neededForBoot = true; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6FC0-9F1C"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/e1e972c8-3bb9-4131-a77f-fdea9f086a4d"; } - ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; - # networking.interfaces.enp5s0f3u1.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - hardware.enableAllFirmware = true; + fileSystems."/" = + { device = "/dev/disk/by-uuid/db909240-4006-4ca8-a03a-3e3fc60cba17"; + fsType = "ext4"; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/9ef8fad1-08cb-4c7a-9db1-3a37097544b0"; + fsType = "ext4"; + neededForBoot = true; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6FC0-9F1C"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/e1e972c8-3bb9-4131-a77f-fdea9f086a4d"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0f3u1.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.enableAllFirmware = true; } diff --git a/home-manager/YATwm/default.nix b/home-manager/YATwm/default.nix index 6c5e5f3..f63c8ca 100644 --- a/home-manager/YATwm/default.nix +++ b/home-manager/YATwm/default.nix @@ -1,6 +1,7 @@ { pkgs, inputs, + lib, ... } : { imports = [ @@ -32,6 +33,11 @@ right = "l"; up = "k"; down = "j"; + wsBind = key: ws: { + "s-${key}" = "changeWS ${ws}"; + "s-S-${key}" = "wToWS ${ws}"; + }; + wsBinds = workspaces: lib.attrsets.concatMapAttrs (key: ws: wsBind key ws) workspaces; in { # Important "s-E" = "exit"; @@ -63,32 +69,22 @@ # Sound "s-[" = "spawn playerctl -p firefox play-pause"; "s-]" = "spawn playerctl -p spotify play-pause"; - - # Workspaces - "s-1" = "changeWS 1"; - "s-S-1" = "wToWS 1"; - "s-2" = "changeWS 2"; - "s-S-2" = "wToWS 2"; - "s-3" = "changeWS 3"; - "s-S-3" = "wToWS 3"; - "s-4" = "changeWS 4"; - "s-S-4" = "wToWS 4"; - "s-5" = "changeWS 5"; - "s-S-5" = "wToWS 5"; - "s-6" = "changeWS 6"; - "s-S-6" = "wToWS 6"; - "s-7" = "changeWS 7"; - "s-S-7" = "wToWS 7"; - "s-8" = "changeWS 8"; - "s-S-8" = "wToWS 8"; - "s-9" = "changeWS 9"; - "s-S-9" = "wToWS 9"; - "s-0" = "changeWS 10"; - "s-S-0" = "wToWS 10"; # Special workspaces "s-p s" = "changeWS 11"; "s-S-p s" = "wToWS 11"; + } // + wsBinds { + "1" = "1"; + "2" = "2"; + "3" = "3"; + "4" = "4"; + "5" = "5"; + "6" = "6"; + "7" = "7"; + "8" = "8"; + "9" = "9"; + "0" = "10"; }; workspaces = [ {name = "1: A";} diff --git a/home-manager/emacs/default.nix b/home-manager/emacs/default.nix index 746e084..6bb1dc6 100644 --- a/home-manager/emacs/default.nix +++ b/home-manager/emacs/default.nix @@ -3,8 +3,10 @@ let tex = (pkgs.texlive.combine { inherit (pkgs.texlive) scheme-medium dvisvgm dvipng # for preview and export as html + # svg transparent etoolbox subfiles + enumitem wrapfig amsmath ulem hyperref capt-of; }); myEmacs = (pkgs.emacsPackagesFor pkgs.emacs30).emacsWithPackages (epkgs: with epkgs; [ @@ -23,9 +25,10 @@ in emacsPackages.mu4e isync ispell - poppler_utils + poppler-utils tex ghostscript + haskell-language-server myEmacs ]; } diff --git a/home-manager/home.nix b/home-manager/home.nix index 9f468a6..3611afc 100644 --- a/home-manager/home.nix +++ b/home-manager/home.nix @@ -24,7 +24,7 @@ home.packages = with pkgs; [ feh pass - spotify + # spotify playerctl libqalculate libreoffice @@ -50,19 +50,27 @@ # plover-controller # ])) pavucontrol - unzip + unzip zip appimage-run lunar-client libnotify xclip (python3.withPackages (ps: with ps; [ python-lsp-server + numpy + matplotlib + jupyter + jupytext + pandas + pydot ])) + graphviz alacritty nyxt wireguard-tools brightnessctl - inputs.nil.packages.${system}.default + # inputs.nil.packages.${system}.default + nil #inputs.polymc.packages.${system}.default jre8 #inputs.zen-browser.packages."${system}".default @@ -72,7 +80,12 @@ superTuxKart typst sops + ffmpeg + ghc + # hytale-launcher + # inputs.hytale-launcher.packages.${pkgs.system}.default #adom + flatpak ]; nix = { @@ -122,6 +135,8 @@ input-overlay ]; }; + + # services.easyeffects.enable = true; programs.firefox.enable = true; @@ -131,7 +146,7 @@ # }; - stylix.targets.spicetify.enable = false; + stylix.targets.spicetify.enable = true; stylix.targets.firefox.profileNames = [ "default"]; # stylix.targets.nixcord.enable = true; @@ -140,18 +155,19 @@ spicePkgs = inputs.spicetify-nix.legacyPackages.${pkgs.system}; in { - enable = false; + enable = true; enabledExtensions = with spicePkgs.extensions; [ fullAppDisplay powerBar - addToQueueTop + # addToQueueTop + loopyLoop ]; enabledCustomApps = with spicePkgs.apps; [ newReleases lyricsPlus betterLibrary ]; - theme = spicePkgs.themes.nightlight; + # theme = spicePkgs.themes.nightlight; }; diff --git a/home-manager/i3/config b/home-manager/i3/config index 59116ba..d58db13 100644 --- a/home-manager/i3/config +++ b/home-manager/i3/config @@ -133,7 +133,7 @@ bindsym $mod+Shift+d exec --no-startup-id "prime-run rofi -i -show drun -disable #bindsym $mod+d exec dmenu_run -i -nb '#303239' -nf '#f3f4f5' -sb '#bf00f6' -sf '#f3f4f5' # Password menu -bindsym $mod+g exec --no-startup-id "~/bin/rofi-passmenu" +bindsym $mod+g exec --no-startup-id "rofi-passmenu" # i3 command runner bindsym $mod+Shift+semicolon exec --no-startup-id "i3-msg $(echo | rofi -l 0 -dmenu -p 'i3 command')" diff --git a/home-manager/i3/default.nix b/home-manager/i3/default.nix index 087415c..5fba6e1 100644 --- a/home-manager/i3/default.nix +++ b/home-manager/i3/default.nix @@ -21,12 +21,12 @@ xsession.enable = true; xsession.windowManager.i3 = { enable = true; - package = pkgs.i3-gaps; + package = pkgs.i3; }; xdg.configFile."i3/config".enable = false; home.file.".config/i3/config" = { source = ./config; - onChange = "${pkgs.i3-gaps}/bin/i3-msg restart"; + onChange = "${pkgs.i3}/bin/i3-msg restart"; }; home.packages = with pkgs; [ i3lock diff --git a/home-manager/i3/scripts/image_upload.sh b/home-manager/i3/scripts/image_upload.sh index 896f23f..ea327ad 100755 --- a/home-manager/i3/scripts/image_upload.sh +++ b/home-manager/i3/scripts/image_upload.sh @@ -2,6 +2,6 @@ image_name=$(rofi -dmenu -l 0 -p "Image name") xclip -selection clipboard -t image/png -o > ~/Documents/tehbox-files/$image_name eval $(ssh-agent) -rsync ~/Documents/tehbox-files/$image_name files@tehbox.org:/srv/files +rsync ~/Documents/tehbox-files/$image_name boss@tehbox.org:/srv/files notify-send "uploaded https://files.tehbox.org/$image_name" echo -n "https://files.tehbox.org/$image_name" | xclip -i -selection clipboard diff --git a/home-manager/i3/scripts/rofi-passmenu b/home-manager/i3/scripts/rofi-passmenu new file mode 100755 index 0000000..798961b --- /dev/null +++ b/home-manager/i3/scripts/rofi-passmenu @@ -0,0 +1,27 @@ +#!/usr/bin/env bash + +shopt -s nullglob globstar + +typeit=1 + +if [[ -n $WAYLAND_DISPLAY ]]; then + rofi=rofi-wl + xdotool="ydotool type --file -" +elif [[ -n $DISPLAY ]]; then + rofi=rofi + xdotool="xdotool type --clearmodifiers --file -" +else + echo "Error: No Wayland or X11 display detected" >&2 + exit 1 +fi + +prefix=${PASSWORD_STORE_DIR-~/.password-store} +password_files=( "$prefix"/**/*.gpg ) +password_files=( "${password_files[@]#"$prefix"/}" ) +password_files=( "${password_files[@]%.gpg}" ) + +password=$(printf '%s\n' "${password_files[@]}" | "$rofi" -dmenu "$@") + +[[ -n $password ]] || exit + +pass show "$password" | { IFS= read -r pass; printf %s "$pass"; } | $xdotool diff --git a/home-manager/rofi/default.nix b/home-manager/rofi/default.nix index 678fd71..5e900c3 100644 --- a/home-manager/rofi/default.nix +++ b/home-manager/rofi/default.nix @@ -8,6 +8,6 @@ recursive = true; }; home.packages = [ - pkgs.rofi-wayland + pkgs.rofi ]; } diff --git a/modules/cgit.nix b/modules/cgit.nix index 1e62631..af4ecf2 100644 --- a/modules/cgit.nix +++ b/modules/cgit.nix @@ -74,6 +74,22 @@ in default = "git.example.com"; description = "Domain to host it on"; }; + useACMEHost = mkOption { + type = types.str; + default = ""; + description = "SSL cert to use if already aquired using security.acme.certs"; + }; + enableACME = mkEnableOption "Enable ACME with nginx"; + onlySSL = mkOption { + type = types.bool; + default = false; + description = "Only allow ssl connections"; + }; + forceSSL = mkOption { + type = types.bool; + default = true; + description = "Force ssl connections"; + }; package = mkPackageOption pkgs "cgit" { }; extraConfig = mkOption { type = types.str; @@ -132,6 +148,10 @@ fastcgi_param HTTP_HOST $server_name; fastcgi_pass unix:${config.services.fcgiwrap.instances.cgit.socket.address}; ''; }; + enableACME = cfg.enableACME; + forceSSL = cfg.forceSSL; + } // lib.optionalAttrs (cfg.useACMEHost != "") { + useACMEHost = "${cfg.useACMEHost}"; }; }; } diff --git a/modules/nvidia.nix b/modules/nvidia.nix index e8db8b7..d315238 100644 --- a/modules/nvidia.nix +++ b/modules/nvidia.nix @@ -17,9 +17,12 @@ in nixpkgs.config.allowUnfree = true; hardware.graphics.enable = true; hardware.nvidia.modesetting.enable = true; + # hardware.nvidia.dynamicBoost.enable = true; hardware.nvidia.open = true; hardware.nvidia.prime = { + # sync.enable = true; offload.enable = true; + # offload.offloadCmdMainProgram = "prime-run"; nvidiaBusId = "PCI:1:0:0"; intelBusId = "PCI:5:0:0"; diff --git a/modules/xorg.nix b/modules/xorg.nix index dbf2a77..e196e3d 100644 --- a/modules/xorg.nix +++ b/modules/xorg.nix @@ -33,7 +33,7 @@ windowManager.i3 = { enable = true; - package = pkgs.i3-gaps; + package = pkgs.i3; }; windowManager.YATwm = { diff --git a/secrets/general.yaml b/secrets/general.yaml index d39a976..cd251d2 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -5,6 +5,10 @@ wg: nixnode: pub: ENC[AES256_GCM,data:BBc/KL60kv3uFDT3GwyxuRkvdAUA1tG+9XC0ib2loiaEtPeztob37JwZgTM=,iv:dBw+5jYZ7sGyoOlJtmiDBo+sZquasMq8+z6H9hQMHSA=,tag:qClUQ0CeTcJc+OJoxfe4tw==,type:str] priv: ENC[AES256_GCM,data:ZvdDkGiMTVcQiP6sVbRu+tNL864zhsKsRFyCcFMo/pTM35us8gPm1j4T2Do=,iv:jtHCfnSuyH+srlNCTqyfM0Fc0HBt55Z1nO4yhqVKUzY=,tag:aQIq8iYjYq7HKKnk1YjSYQ==,type:str] +acme: + linode: ENC[AES256_GCM,data:/iD40XK3SlAkIJ+zTYwXzLCFx+7Apm9lUN77LOj9joqzn7jkKpl3hMjekBlsMl5kumKYg97bkC2/swrEQZtFZQ==,iv:d70Eh3EiWY1uZEXHMxZrxHuLkpjJQ/WtEnhyHTyaYcs=,tag:AAKppdYGrDu1NygZE5pz1Q==,type:str] +mail: + boss: ENC[AES256_GCM,data:S/C+LZXa3ONvbd2DlDGUq1BCQbDsKG7kkLs7tWCLzgvmoioLZRmg02vcm0p2mwEMgNkkcvFHiDt4Auzz,iv:sRqFVhKuSQCWB31xWvf43msh5YLUxBahmFatetH0OZU=,tag:/6e2O5mNExQ18j7TBS8yMA==,type:str] sops: age: - recipient: age1p3sw8q030a7zgawu4ccxm6sgsp88349nuxkd4kale0ruy9klypssdh7c9s @@ -25,7 +29,7 @@ sops: RU9OZlIyTzRzSmVUVkhCQWpwUHFEekEKGv24Ilg2BYWTX9wAmXn8mA0E9CZP7xvf FOnUh9TQH7evO9n76w/xG9y/vDYJ1i9ljEO7ljGtEtIlGgKRx4xLjA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-16T06:21:44Z" - mac: ENC[AES256_GCM,data:IdMkWzNzfj1osTGPP/keTGRX4ZmnLDL1xdnvlWV4IZNwaaWAp3ve7PdWX+ZP9B4kbiI3+3JRS/7OihhJDtwFWLeZf7E8Ps04gbCzNb5r861eDvpVJNWxgruE7SA5ZcT4t18nUz/PRjZTqZctB+0Vps8SLH2gKx0+VJQ8umtD9nQ=,iv:WEUyAmr30HRIW4mSK3yQqBLeJdQMgCS93IhFR/1wQ/k=,tag:TDtw/5kGve/5i/rZQOzMaw==,type:str] + lastmodified: "2025-10-28T01:42:06Z" + mac: ENC[AES256_GCM,data:QwSEX+OkmZIg/CbviARMIuhIfkhGbmv9xYmiNsve+0JleUYvkDwqhsi/JIzizim6jVC5OksH/cGbE1FSJvly9FGXHD9CKIwHVS/fsogMgVvk/5gnbEryHhtMCwC5B09No6Ur1Bx8VtnFsXcPqDgdZXKGVGVSkzTCJ+C4Pvl03Mc=,iv:cnjjPjs6nE/hHP9KerN3n2/wx9wrbNZ3wLY4PCSZn4A=,tag:dlNrpJUgKa2y0Da4N+Fgjw==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.11.0 |