xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: xyno:e459484bca4a60b6217c1360a2976cfcded5f0a4
Branches Tags
xyno:main
...
compare: xyno:33ee2f5760b6134553ef4d26ce7180765a9a3e7f
Branches Tags
xyno:main

2 commits
e459484bca ... 33ee2f5760

Author SHA1 Message Date
Lucy Hochkamp
33ee2f5760
meow
Some checks failed
ci/woodpecker/push/build-cache Pipeline failed
Details
ci/woodpecker/cron/dependency-pr Pipeline was successful
Details
2025-10-16 12:18:36 +02:00
Lucy Hochkamp
350885960e
flake update 2025-10-14 14:24:58 +02:00
14 changed files with 10965 additions and 63 deletions
Download patch file Download diff file Expand all files Collapse all files

51
flake.lock generated
View file

@ -222,11 +222,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1759850138,
"narHash": "sha256-fYHIxjTvVIAEDWzenUROuzDPxy1rBCXZNPgh4b1dfgo=",
"lastModified": 1760323106,
"narHash": "sha256-HqVZwIwpDviDB1daJY/pPzkMKAC+dj5y0rDWEJbuKsE=",
"owner": "helix-editor",
"repo": "helix",
"rev": "5b0563419eeeaf0595c848865c46be4abad246a7",
"rev": "10c6a100c6e93b0dc175bf2f8b5a1afd66aebe2a",
"type": "github"
},
"original": {
@ -242,11 +242,11 @@
]
},
"locked": {
"lastModified": 1760103600,
"narHash": "sha256-R4cltQFceN3POiPhBu7aTKsrwqTiwo6zjzmitrHD80E=",
"lastModified": 1760312644,
"narHash": "sha256-U9SkK45314urw9P7MmjhEgiQwwD/BTj+T3HTuz1JU1Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "bcccb01d0a353c028cc8cb3254cac7ebae32929e",
"rev": "e121f3773fa596ecaba5b22e518936a632d72a90",
"type": "github"
},
"original": {
@ -456,6 +456,26 @@
"url": "https://git.xyno.systems/xyno/nix-ci"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1760241904,
"narHash": "sha256-OD7QnaGEVNdukYEbJbUNWPsvnDrpbZOZxVIk6Pt9Jhw=",
"owner": "nix-community",
"repo": "nix-index-database",
"rev": "c9f5ea45f25652ec2f771f9426ccacb21cbbaeaa",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1760106635,
@ -505,11 +525,11 @@
},
"nixpkgs-master": {
"locked": {
"lastModified": 1760116522,
"narHash": "sha256-UlZbPVN6Ee3iBk5y4f2rTJke5w84vLF81ioB1QF+SxI=",
"lastModified": 1760353201,
"narHash": "sha256-lApR6u9s3ymKIAXofVPS+eo/y6HO8OrUp8Hl0S30tOE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "10ad44f66fdaededd60d6eb5af562e569cabb4e4",
"rev": "d559772cb55d806536aef3cf4ba3f7ce25fe4be9",
"type": "github"
},
"original": {
@ -625,6 +645,7 @@
"nheko": "nheko",
"niri": "niri",
"nix-ci": "nix-ci",
"nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-master": "nixpkgs-master",
@ -746,11 +767,11 @@
]
},
"locked": {
"lastModified": 1759635238,
"narHash": "sha256-UvzKi02LMFP74csFfwLPAZ0mrE7k6EiYaKecplyX9Qk=",
"lastModified": 1760240450,
"narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "6e5a38e08a2c31ae687504196a230ae00ea95133",
"rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
"type": "github"
},
"original": {
@ -881,11 +902,11 @@
]
},
"locked": {
"lastModified": 1759965431,
"narHash": "sha256-HvXr+rOkSZeseOYCruuMKMAUedcDkHOuYpFbnlIPs8Y=",
"lastModified": 1760329437,
"narHash": "sha256-TbTTbn2pr0urylodXUi0r9sUB/AjvaZuLclG4b0wLp8=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "391a133511ad7e09651b9c3939d8cf8d379766b1",
"rev": "df8f0729adfcb72b1e6bb2751f92dec0f54283c3",
"type": "github"
},
"original": {

4
flake.nix
View file

@ -37,6 +37,9 @@
mtxclient.flake = false;
nix-ci.url = "git+https://git.xyno.systems/xyno/nix-ci";
nix-ci.inputs.nixpkgs.follows = "nixpkgs";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
# helix
helix.url = "github:helix-editor/helix";
@ -96,6 +99,7 @@
inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence
inputs.authentik.nixosModules.default
inputs.nix-index-database.nixosModules.nix-index
]
++ (import ./modules/module-list.nix);
in

13
hm-modules/helix.nix
View file

@ -22,6 +22,7 @@ in
# nodePackages_latest.prettier
dprint
markdown-oxide
codebook
## python
# ruff-lsp
# nodePackages_latest.pyright
@ -32,8 +33,8 @@ in
nodePackages_latest.typescript-language-server
nodePackages_latest.vscode-langservers-extracted
typescript
jsonnet-language-server
jsonnet
# jsonnet-language-server
# jsonnet
lazygit
]);
@ -142,6 +143,10 @@ in
language-server.csharp = {
command = "csharp-language-server";
};
language-server.codebook = {
command = "codebook-lsp";
args = ["serve"];
};
language = flatten [
(map
(x: {
@ -173,6 +178,10 @@ in
"ruff"
];
}
{
name = "markdown";
language-servers = ["codebook"];
}
{
name = "c-sharp";
language-servers = [ "csharp" ];

3
instances/theseus/configuration.nix
View file

@ -54,9 +54,6 @@ in
gimp3
anytype
monero-gui
orca-slicer
unstable.kicad
dune3d
pencil2d
python311Packages.brother-ql
ptouch-print

27
modules/desktop/wpaperd.nix
View file

@ -50,6 +50,7 @@ in
unitConfig.Requisite = "graphical-session.target";
serviceConfig.Restart = "on-failure";
wantedBy = [ "swww-daemon.service" ];
path = with pkgs;[ coreutils findutils cfg.package gnused];
script = ''
set -eox
export DEFAULT_INTERVAL=300 # In seconds
@ -61,23 +62,21 @@ in
export SWWW_TRANSITION="fade"
export SWWW_TRANSITION_DURATION="1"
# export SWWW_TRANSITION_STEP="90"
images=( ) # array of randomized images
while true; do
find "''$DIR" -type f \
| while read -r img; do
echo "''$(</dev/urandom tr -dc a-zA-Z0-9 | head -c 8):''$img"
done \
| sort -n | cut -d':' -f2- \
| while read -r img; do
for d in ''$(${cfg.package}/bin/swww query | grep -Po "^[^:]+"); do # see ${cfg.package}/bin/swww-query(1)
# Get next random image for this display, or re-shuffle images
# and pick again if no more unused images are remaining
[ -z "''$img" ] && if read -r img; then true; else break 2; fi
${cfg.package}/bin/swww img --resize "''$RESIZE_TYPE" --outputs "''$d" "''$img"
unset -v img # Each image should only be used once per loop
done
sleep "''${DEFAULT_INTERVAL}"
for d in ''$(swww query | sed -nE 's/^: ([^:]+).*/\1/p'); do # see swww-query(1)
if [[ ''${#images[@]} == 0 ]]; then
images=( $(find $DIR -regextype posix-extended -type f -regex '.*\.(jpg|jpeg|gif|png|bmp|dds|exr|ico|tga|tiff|webp)$' | shuf) ) # fill queue if arr empty (rust image crate supported formats)
fi
swww img --resize "''$RESIZE_TYPE" --outputs "''$d" "''${images[0]}" # show first image of arr
images=("''${images[@]:1}") # pop first image of arr
done
sleep "''${DEFAULT_INTERVAL}" || true # pkill sleep for next wallpaper xd
done
'';
# restartTriggers = [wpaperdConf];

4
modules/module-list.nix
View file

@ -23,8 +23,8 @@
./presets/gui.nix
./presets/server.nix
./presets/home-manager.nix
./services/authentik.nix
./services/caddy.nix
./services/authentik
./services/caddy
./services/monitoring.nix
./services/wireguard.nix
./system/impermanence.nix

3
modules/presets/cli.nix
View file

@ -11,6 +11,8 @@ in
options.xyno.presets.cli.enable =
lib.mkEnableOption "enables xynos cli config with fish and helix and stuff";
config = lib.mkIf cfg.enable {
programs.nix-index-database.comma.enable = true;
home-manager.users.${config.xyno.system.user.name} =
lib.mkIf config.xyno.presets.home-manager.enable
(
@ -117,7 +119,6 @@ in
bottom
curl
croc
comma
dig
fd
ffmpeg

6
modules/presets/development.nix
View file

@ -10,7 +10,7 @@ let
in
{
options.xyno.presets.development.enable =
mkEnableOption "enables xynos configs for a development machine";
mkEnableOption "enables xynos configs for a development/workstation machine";
config = mkIf cfg.enable {
home-manager.users.${config.xyno.system.user.name} = mkIf config.xyno.presets.home-manager.enable (
{ ... }:
@ -25,6 +25,10 @@ in
virtualisation.podman.enable = true;
environment.systemPackages = with pkgs; [
orca-slicer
unstable.kicad
freecad
dune3d
jetbrains.rider
# android-studio
nixpkgs-manual

2
modules/presets/gui.nix
View file

@ -41,7 +41,7 @@ in
qt = {
enable = true;
style = "breeze";
platformTheme = "gnome";
# platformTheme = "gnome";
};
programs.yazi = {

4
modules/services/authentik.nix → modules/services/authentik/default.nix
View file

@ -45,7 +45,7 @@ let
terranixConfig = inputs.terranix.lib.terranixConfiguration {
system = pkgs.system;
modules = [
./authentik/provider.nix
./provider.nix
{
inherit (cfg)
oauthApps
@ -192,7 +192,7 @@ in
};
sops.secrets."authentik/env" = {
sopsFile = ../../instances/${config.networking.hostName}/secrets/authentik.yaml;
sopsFile = ../../../instances/${config.networking.hostName}/secrets/authentik.yaml;
};
services.caddy.extraConfig = ''

5
modules/services/caddy/caddy-config.nix Normal file
View file

@ -0,0 +1,5 @@
{ json, lib, ...}: with lib;
types.submodule {
freeformType = json.type;
}

10711
modules/services/caddy/caddy_schema.json Normal file
View file

File diff suppressed because one or more lines are too long

51
modules/services/caddy.nix → modules/services/caddy/default.nix
View file

@ -30,9 +30,14 @@ let
genVHostsFromWildcard = mapAttrs' (
n: v: nameValuePair "*.${n}" (genOneWildcard n v)
) cfg.wildcardHosts;
schema = import ./json-schema.nix { inherit pkgs lib; schema = builtins.fromJSON (builtins.readFile ./caddy_schema.json); };
in
{
options.xyno.services.caddy.enable = mkEnableOption "enables caddy with the desec plugin";
options.xyno.services.caddy.config = mkOption {
default = {};
type = schema.type;
};
options.xyno.services.caddy.wildcardHosts = mkOption {
example = {
"hailsatan.eu" = {
@ -77,29 +82,31 @@ in
services.caddy = {
enable = true;
package = pkgs.caddy-desec;
virtualHosts = genVHostsFromWildcard;
email = mkDefault "ssl@xyno.systems";
acmeCA = mkDefault "https://acme-v02.api.letsencrypt.org/directory";
globalConfig = ''
metrics {
per_host
}
'';
extraConfig = ''
(blockBots) {
@botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
adapter = "json";
configFile = json.generate "caddy-config.json" cfg.config;
# virtualHosts = genVHostsFromWildcard;
# email = mkDefault "ssl@xyno.systems";
# acmeCA = mkDefault "https://acme-v02.api.letsencrypt.org/directory";
# globalConfig = ''
# metrics {
# per_host
# }
# '';
# extraConfig = ''
# (blockBots) {
# @botForbidden header_regexp User-Agent "(?i)AdsBot-Google|Amazonbot|anthropic-ai|Applebot|Applebot-Extended|AwarioRssBot|AwarioSmartBot|Bytespider|CCBot|ChatGPT|ChatGPT-User|Claude-Web|ClaudeBot|cohere-ai|DataForSeoBot|Diffbot|FacebookBot|Google-Extended|GPTBot|ImagesiftBot|magpie-crawler|omgili|Omgilibot|peer39_crawler|PerplexityBot|YouBot"
handle @botForbidden {
redir https://hil-speed.hetzner.com/10GB.bin
}
handle /robots.txt {
respond <<TXT
User-Agent: *
Disallow: /
TXT 200
}
}
'';
# handle @botForbidden {
# redir https://hil-speed.hetzner.com/10GB.bin
# }
# handle /robots.txt {
# respond <<TXT
# User-Agent: *
# Disallow: /
# TXT 200
# }
# }
# '';
};
xyno.services.monitoring.exporters.caddy = 2019;

144
modules/services/caddy/json-schema.nix Normal file
View file

@ -0,0 +1,144 @@
{
pkgs,
lib,
schema,
...
}:
with lib;
let
json = pkgs.formats.json { };
submoduleOptions =
{
spec,
depth,
extraRequires ? [ ],
...
}:
let
isRequired = n: any (x: x == n) (extraRequires ++ (optionals (spec ? required) spec.required));
in
if spec ? "$ref" then
submoduleOptions (getRef x."$ref")
else
mapAttrs (
n: v:
buildOption {
inherit depth;
spec = v;
required = isRequired n;
}
) (if spec ? properties then spec.properties else { });
getRef =
x:
let
path = splitString "/" (traceVal x);
result = attrByPath (tail path) (throw "ref ${x} not found") schema;
in
result;
deref = x: if x ? "$ref" then getRef x."$ref" else x;
buildOptionType =
{
spec,
depth ? 0,
...
}:
let
strType = if spec ? enum then types.enum spec.enum else types.str;
objType = types.submodule {
freeformType = json.type;
options = submoduleOptions { inherit spec depth; };
};
arrType = types.listOf (
if spec ? items then
buildOptionType {
inherit depth;
spec = spec.items;
}
else
types.anything
);
allOfType =
let
resolve = x: if x ? "if" then x."then" else x; # just ignore conditionals for now
resolved = map (x: deref (resolve x)) spec.allOf;
# mergedDesc = concatStringsSep "\n" (
# map (x: if x ? markdownDescription then x.markdownDescription else "") resolved
# );
combined = foldl (x: c: recursiveUpdate c x) { } resolved;
# options = map (
# x:
# submoduleOptions {
# spec = x;
# extraRequires = if spec ? required then spec.required else [ ];
# }
# ) (traceValSeqN 4 resolved);
in
buildOptionType {
depth = depth + 1;
spec = combined;
};
type =
if depth > 3 then
types.deferredModule
else if spec ? "$ref" then
buildOptionType {
depth = depth + 1;
spec = getRef spec."$ref";
}
else if spec ? allOf then
allOfType
else if !spec ? type then
json.type
else if isList spec.type then
types.oneOf (map (x: buildOptionType x) spec.type)
else if spec.type == "string" then
strType
else if spec.type == "boolean" then
types.bool
else if spec.type == "number" then
types.number
else if spec.type == "array" then
arrType
else if spec.type == "object" then
objType
else
(throw "unknown json schema type: ${spec.type}");
in
type;
buildOption =
{
spec,
depth,
required ? false,
...
}:
let
type = buildOptionType { inherit spec depth; };
in
mkOption {
type = if required then type else types.nullOr type;
description = if spec ? markdownDescription then spec.markdownDescription else "no description qwq";
default =
if required then
if spec.type == "object" then
{ }
else if spec.type == "array" then
[ ]
else
null
else
null;
};
in
{
generate = json.generate;
type = buildOptionType {
depth = 0;
spec = schema;
};
}