xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

changes

Browse source
This commit is contained in:
Lucy Hochkamp 2025-06-26 09:38:46 +02:00
parent a62aae0d45
commit 1ca1890e33
No known key found for this signature in database
10 changed files with 314 additions and 76 deletions
Download patch file Download diff file Expand all files Collapse all files

234
flake.lock generated
View file

@ -10,11 +10,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1745630506,
"narHash": "sha256-bHCFgGeu8XjWlVuaWzi3QONjDW3coZDqSHvnd4l7xus=",
"lastModified": 1750173260,
"narHash": "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=",
"owner": "ryantm",
"repo": "agenix",
"rev": "96e078c646b711aee04b82ba01aefbff87004ded",
"rev": "531beac616433bac6f9e2a19feb8e99a22a66baf",
"type": "github"
},
"original": {
@ -24,6 +24,52 @@
"type": "github"
}
},
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1748532342,
"narHash": "sha256-CvaKOUq8G10sghKpZhEB2UYjJoWhEkrDFggDgi7piUI=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "ce9373715fe3fac7a174a65a7e6d6baeba8cb4f9",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722960479,
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
"owner": "ipetkov",
"repo": "crane",
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
@ -53,11 +99,11 @@
]
},
"locked": {
"lastModified": 1746254942,
"narHash": "sha256-Y062AuRx6l+TJNX8wxZcT59SSLsqD9EedAY0mqgTtQE=",
"lastModified": 1750618568,
"narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "760a11c87009155afa0140d55c40e7c336d62d7a",
"rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5",
"type": "github"
},
"original": {
@ -67,7 +113,44 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
@ -89,24 +172,6 @@
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@ -138,16 +203,15 @@
},
"helix": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1746085551,
"narHash": "sha256-WSIUg4DFP8wCDYvefjTzbEKQY1qFtk7DS3p9dJBi8ZU=",
"lastModified": 1750572170,
"narHash": "sha256-8sM1/Nn3IGkPGC+1lu903az6JezwJebLbIzSsqyyJHE=",
"owner": "SofusA",
"repo": "helix-pull-diagnostics",
"rev": "c156c945f6a43489168880a18b6cf3057f35cae9",
"rev": "50982f9f3a9c5ae3fabc65e358272276a4e10f3d",
"type": "github"
},
"original": {
@ -185,11 +249,11 @@
]
},
"locked": {
"lastModified": 1746171682,
"narHash": "sha256-EyXUNSa+H+YvGVuQJP1nZskXAowxKYp79RNUsNdQTj4=",
"lastModified": 1747688870,
"narHash": "sha256-ypL9WAZfmJr5V70jEVzqGjjQzF0uCkz+AFQF7n9NmNc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "50eee705bbdbac942074a8c120e8194185633675",
"rev": "d5f1f641b289553927b3801580598d200a501863",
"type": "github"
},
"original": {
@ -274,7 +338,7 @@
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils",
"flakey-profile": "flakey-profile",
"lix": "lix",
"nixpkgs": [
@ -309,13 +373,34 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"attic",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1745955289,
"narHash": "sha256-mmV2oPhQN+YF2wmnJzXX8tqgYmUYXUj3uUUBSTmYN5o=",
"lastModified": 1750837715,
"narHash": "sha256-2m1ceZjbmgrJCZ2PuQZaK4in3gcg3o6rZ7WK6dr5vAA=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "72081c9fbbef63765ae82bff9727ea79cc86bd5b",
"rev": "98236410ea0fe204d0447149537a924fb71a6d4f",
"type": "github"
},
"original": {
@ -371,11 +456,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1746285430,
"narHash": "sha256-2Kxw5SNKpU8X7doQaMYVhBtqmq9oZI1ki9kcY7R+meo=",
"lastModified": 1750919644,
"narHash": "sha256-hg9VD07cm6h3O/0XzsUFE7kxQ/AwQg2RfeXVL0R5FyQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cba47ec8b1b7c7c9b907741d0d4584a3b54a032e",
"rev": "140884500627ccdb4a9a700e9d6bc11ce3f6016b",
"type": "github"
},
"original": {
@ -385,13 +470,29 @@
"type": "github"
}
},
"nixpkgs_2": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1746183838,
"narHash": "sha256-kwaaguGkAqTZ1oK0yXeQ3ayYjs8u/W7eEfrFpFfIDFA=",
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "bf3287dac860542719fe7554e21e686108716879",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1750646418,
"narHash": "sha256-4UAN+W0Lp4xnUiHYXUXAPX18t+bn6c4Btry2RqM9JHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1f426f65ac4e6bf808923eb6f8b8c2bfba3d18c5",
"type": "github"
},
"original": {
@ -436,11 +537,11 @@
"pandoc-latex-template": {
"flake": false,
"locked": {
"lastModified": 1745688227,
"narHash": "sha256-N1F9l8eAdtB1RoPFIrQRkwUvzxgWHwfVnOEP2QMLQTQ=",
"lastModified": 1750533038,
"narHash": "sha256-EBfgEPUmV0yoKZrnbYWi9BvBGxeYxs3KKVDJD63iQgQ=",
"owner": "Wandmalfarbe",
"repo": "pandoc-latex-template",
"rev": "62377f36a0ce5b48281e5ee51cb4eef364162037",
"rev": "41daecb19b5e7cf2af13174857d3ec8bc4e6586b",
"type": "github"
},
"original": {
@ -450,17 +551,12 @@
}
},
"quadlet-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1743361017,
"narHash": "sha256-RELV9YxfhwjuN4edtVmpupVvHUiWu/KuF4mqzU+neYE=",
"lastModified": 1749099346,
"narHash": "sha256-5gi/YaLVsFztGvVH45eB6jsBmZf+HnvDeSA9RXUqbcY=",
"owner": "SEIAROTg",
"repo": "quadlet-nix",
"rev": "971479231c7dd2433954dd26c240e1bdc5bd9849",
"rev": "d4119a3423f938427252ba8bbdbe8ce040751864",
"type": "github"
},
"original": {
@ -472,6 +568,7 @@
"root": {
"inputs": {
"agenix": "agenix",
"attic": "attic",
"darwin": "darwin_2",
"helix": "helix",
"home-manager": "home-manager_2",
@ -535,11 +632,11 @@
"spoons": {
"flake": false,
"locked": {
"lastModified": 1740689981,
"narHash": "sha256-NCKuBg7opn8BeP1FTpG0cchYdjlea6sbAaVpX6OApxg=",
"lastModified": 1747090751,
"narHash": "sha256-ZRSRb2QW8hrTkdCg5xezF09DntPocE842rc4ZKt7aHY=",
"owner": "Hammerspoon",
"repo": "Spoons",
"rev": "95958fc6091491e8269ec2dfc6b97d4a91af9205",
"rev": "e5b871250346c3fe93bac0d431fc75f6f0e2f92a",
"type": "github"
},
"original": {
@ -593,24 +690,9 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": {
"inputs": {
"systems": "systems_4"
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
@ -628,7 +710,7 @@
},
"wired": {
"inputs": {
"flake-parts": "flake-parts",
"flake-parts": "flake-parts_2",
"nixpkgs": [
"nixpkgs"
],
@ -694,11 +776,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1746285501,
"narHash": "sha256-fcluUtvf3OPS3qi0TzC2HH+KXTHvjpRTR9sgx29RDRg=",
"lastModified": 1750907909,
"narHash": "sha256-2WzRZLFUlu13iRGsP+tsaJhCOUESmL8gKtT7zY14TzE=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "de1d2504a615e890a4e9bd3ce35f6293185ba2d9",
"rev": "ac0fcd7e963dce814b69cbedc4d510a95094cc15",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -33,6 +33,8 @@
wired.inputs.nixpkgs.follows = "nixpkgs";
wired.url = "github:Toqozz/wired-notify";
zen-browser.url = "github:0xc000022070/zen-browser-flake";
attic.url = "github:zhaofengli/attic";
attic.inputs.nixpkgs.follows = "nixpkgs";
kmonad = {

50
hosts/ds9/attic.nix Normal file
View file

@ -0,0 +1,50 @@
{
config,
pkgs,
lib,
inputs,
...
}:
{
# imports = [ inputs.attic.nixosModules.atticd ];
ragon.agenix.secrets.ds9AtticEnv = { };
ragon.persist.extraDirectories = [
"/var/lib/atticd"
];
services.atticd = {
enable = true;
# Replace with absolute path to your environment file
environmentFile = config.age.secrets.ds9AtticEnv.path;
settings = {
listen = "[::]:8089";
jwt = { };
# Data chunking
#
# Warning: If you change any of the values here, it will be
# difficult to reuse existing chunks for newly-uploaded NARs
# since the cutpoints will be different. As a result, the
# deduplication ratio will suffer for a while after the change.
chunking = {
# The minimum NAR size to trigger chunking
#
# If 0, chunking is disabled entirely for newly-uploaded NARs.
# If 1, all NARs are chunked.
nar-size-threshold = 64 * 1024; # 64 KiB
# The preferred minimum size of a chunk, in bytes
min-size = 16 * 1024; # 16 KiB
# The preferred average size of a chunk, in bytes
avg-size = 64 * 1024; # 64 KiB
# The preferred maximum size of a chunk, in bytes
max-size = 256 * 1024; # 256 KiB
};
};
};
}

10
hosts/ds9/default.nix
View file

@ -19,6 +19,8 @@ in
./samba.nix
./paperless.nix
./maubot.nix
./woodpecker.nix
./attic.nix
../../nixos-modules/networking/tailscale.nix
../../nixos-modules/services/docker.nix
@ -236,6 +238,14 @@ in
handle @mautrix-signal {
import podmanRedir http://mautrix-signal:29328
}
@woodpecker host woodpecker.hailsatan.eu
handle @woodpecker {
import podmanRedir http://woodpecker-server:8000
}
@attic host attic.hailsatan.eu
handle @attic {
reverse_proxy http://[::1]:8089
}
@auth host auth.hailsatan.eu
handle @auth {
import podmanRedir http://authentik-server:9000

56
hosts/ds9/woodpecker.nix Normal file
View file

@ -0,0 +1,56 @@
{
config,
pkgs,
lib,
...
}:
{
virtualisation.podman.dockerSocket.enable = true;
ragon.agenix.secrets.ds9WoodpeckerEnv = { };
ragon.agenix.secrets.ds9WoodpeckerAgentSecretEnv = { };
virtualisation.quadlet = {
containers = {
woodpecker-server = {
containerConfig.image = "woodpeckerci/woodpecker-server:v3";
containerConfig.volumes = [
"woodpecker-server-data:/var/lib/woodpecker"
];
containerConfig.networks = [
"woodpecker-net"
"podman"
];
containerConfig.environments = {
WOODPECKER_HOST = "https://woodpecker.hailsatan.eu";
WOODPECKER_OPEN = "false";
};
containerConfig.environmentFiles = [
config.age.secrets.ds9WoodpeckerEnv.path
config.age.secrets.ds9WoodpeckerAgentSecretEnv.path
];
};
woodpecker-agent = {
containerConfig.environmentFiles = [
config.age.secrets.ds9WoodpeckerAgentSecretEnv.path
];
containerConfig.image = "woodpeckerci/woodpecker-agent:v3";
containerConfig.volumes = [
"woodpecker-agent-config:/etc/woodpecker"
"/var/run/docker.sock:/var/run/docker.sock"
];
containerConfig.environments = {
WOODPECKER_SERVER = "woodpecker-server:9000";
};
containerConfig.networks = [
"woodpecker-net"
];
};
};
networks = {
woodpecker.networkConfig = {
ipv6 = true;
name = "woodpecker-net";
internal = false;
};
};
};
}

1
hosts/picard/xynospace-matrix.nix
View file

@ -79,6 +79,7 @@ in
settings.database.args.password = "synapse";
settings.app_service_config_files = [
"/var/lib/signalbot.yaml"
"/var/lib/doublepuppet.yaml"
];
settings.listeners = [
{

BIN
secrets/ds9AtticEnv.age Normal file
View file

Binary file not shown.

17
secrets/ds9WoodpeckerAgentSecretEnv.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 IbXxfw SjzxHVWvKSnbW83QZzp5i2il5n0LLvPDTyJD2SVIU2c
j6sZUs1Eo1sjhUT4ZHmSIeL8QdOK8opjDoiewnZmdyI
-> ssh-ed25519 ugHWWw akRT2dK4KjtgzvG/xLYXVC5U8YWDgYEQuwLYncTKk2s
DGVW7rQgD722uAiryOA+kpTsOVRgdrjXmAoBJuWBGVQ
-> ssh-ed25519 UU9RSA JmAk3ffD6a8zDRmp/FtPVmpHutsQvdL8iVIzK5HdUEY
BWD5ca7hRpkprARNoGrTpWkM1eRiCPBCNabS4gdqhU4
-> ssh-ed25519 RJI3BA qa4O8TgwhLJdLe5Igf87xmpeO6Rq2Gxd140nkfZCZnQ
FszThW4+tCudV7PV7wONjmrNgWWvdDn5KJ7HXPBDR88
-> ssh-ed25519 XnvJKw /LX96f7WoqTMsIHKRLBLA5s5+Y8Dko3wtU0n1OAFO0U
e9Y46hS+988H+CHrKlbU6nqsCxz10zJVGtK1qVtKbxY
-> ssh-ed25519 7NL5Ng 43FauFz7tPtAcCdAZHFVEPvhi0UDnwUk2w1QVp147CE
37m19iWIYG7d/ETzWM57I8vDsXLMuuDvDnKhF0WnNH0
-> ssh-ed25519 5Sll2Q tuTKruUoFDBX2AEyDzQw16c/73GIUC7PttpfyZiEzQ8
a+TfCkc0/khVSB94xKch38NYMV+JHLlweKxkcP49s14
--- A4gf6A8kypnziBO/rVhywNnJQO8jdhD8WxVDfn42Wlk
¸<EFBFBD>»•'AFòÕù'_®.(ùË°ãri㘸«¤BáÚÍÌøÞ²÷eÑŠ©ÏÎb]6óûØRñF"[æï¯<C3AF>T"2`šÅ2m9ê¢mhÜ5/=iÿC1(8ÎÛ8µùõ1Ë©ˆ-pøµr♡eg$¯˜¢&

17
secrets/ds9WoodpeckerEnv.age Normal file
View file

@ -0,0 +1,17 @@
age-encryption.org/v1
-> ssh-ed25519 IbXxfw bst8nu5qPfJsRonQbkfvLT6CXfTxTidFzdDOeHTSTEc
y5lD9I45fTwlrm8aKOX0Vxu8cdrQpXH7SF3jw6MRblQ
-> ssh-ed25519 ugHWWw m4B+pX2D7/BxwRg2AHVQW8m7MQa7COhHoD7SHvV8PgA
CtLxr9HLw28EhqT6F8h9TMGGH7pTTY4ZBj1MS2b4EUg
-> ssh-ed25519 UU9RSA 1J8vGSpd5ohxjdLEXMQAC242lKs/tv2h06ma8Y4rJ14
Sj43KHSI/ZLJuSPx2jMr2hTIMt9WhngH8sxZW3JwYas
-> ssh-ed25519 RJI3BA 3+M0ALiSX9Oyr8FmhisxabGagnjq+11J4mjABgRxljg
J9ElH2kMobFXT71Z5IAAZWvxxzgeex20k4UJMirUp4M
-> ssh-ed25519 XnvJKw PnzDy4O22UR76vjvAEY2edJ/8PPgiMq8YOX4eJH91DU
3EUYb22GYa4+srs2xsoiNum2Q6UBilVJCiIOXbfK3MY
-> ssh-ed25519 7NL5Ng W/khHlFSgF6Gej/JwoeWXfz/3RcVu8ZD6R3Z/W7Y9xc
7vfzgvHq3UcpBjbcJ8MrMgYulsXvnN4M6cesQydrw0A
-> ssh-ed25519 5Sll2Q 8ggz1M9F0+wtPG7tLKXmVWSM86Sd7JbKBS+77eicY0M
SYEfYMxCVOaqOczKxSRWZqufqOoG7WERSRF3M5/pVzA
--- AtKAPGRKe7K9srcRpuG86C55PDQhQhKZJcTnEo9J/og
qŽ3Àáô6ˆ•Ò<E280A2>rmy<6D>ea\àǶ² EÖ%µ›·~îX2&ŸÙúuñ ˜ðùœÄÙki!K³Yv&]ôð’]ÿBóÉ×Ê?À–”Ç7Õb=ŠBÜ0Rhíâ~£û™ž{T·†Ç/B¤™ºsèx'æZ¶½ÐºE‡wÓs [#/-%‘ü&,¯¯<C2AF>IkG<0E>4©ç´œzಓ²È” dÓr+2…äŠí¨¾EÇ·ãi³f\]ÊÏÍÓþ®7_Žz²òQþ#÷ªð«8¤ðH³b¶Þò…ŠÊ/Ê°"Í€–Û ¯ ¹^!J<>?Ùöžþ

3
secrets/secrets.nix
View file

@ -21,6 +21,9 @@ in
"ds9PostgresEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9ImmichEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9WoodpeckerEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AtticEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9WoodpeckerAgentSecretEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9PartDbEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"ds9AuthentikLdapEnv.age".publicKeys = pubkeys.ragon.host "ds9";
"gatebridgeHostKeys.age".publicKeys = pubkeys.ragon.server;