tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

Compare commits

base: tristan:2219fb8619a0e3ed56aba590546e284195ca8da3
Branches Tags
tristan:zenix/master
tristan:alpine/master
tristan:framework/master
..
compare: tristan:aedd86fee7d00d755fd0ae9815215a4ec529a68d
Branches Tags
tristan:alpine/master
tristan:zenix/master
tristan:framework/master

No commits in common. "2219fb8619a0e3ed56aba590546e284195ca8da3" and "aedd86fee7d00d755fd0ae9815215a4ec529a68d" have entirely different histories.
2219fb8619 ... aedd86fee7

19 changed files with 116 additions and 169 deletions
Download patch file Download diff file Expand all files Collapse all files

8
home/default.nix
View file

@ -7,6 +7,7 @@
imports = [ imports = [
./programs/neovim/. ./programs/neovim/.
./programs/git.nix ./programs/git.nix
./programs/lf/.
./programs/zsh.nix ./programs/zsh.nix
./programs/tmux/. ./programs/tmux/.
]; ];
@ -39,8 +40,6 @@
ytfzf ytfzf
]; ];
programs.yazi.enable = true;
programs.zoxide.enable = true; programs.zoxide.enable = true;
programs.rbw = { programs.rbw = {
@ -66,7 +65,10 @@
}; };
}; };
programs.fzf.enable = true; programs.fzf = {
enable = true;
enableZshIntegration = true;
};
programs.direnv.enable = true; programs.direnv.enable = true;
} }

3
home/desktop/niri/default.nix
View file

@ -136,9 +136,6 @@
"XF86AudioMute".action.spawn = ["wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"]; "XF86AudioMute".action.spawn = ["wpctl" "set-mute" "@DEFAULT_AUDIO_SINK@" "toggle"];
"XF86AudioMicMute".action.spawn = ["wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"]; "XF86AudioMicMute".action.spawn = ["wpctl" "set-mute" "@DEFAULT_AUDIO_SOURCE@" "toggle"];
"XF86AudioNext".action.spawn = ["playerctl" "next"];
"XF86AudioPrev".action.spawn = ["playerctl" "previous"];
"XF86AudioPlay".action.spawn = ["playerctl" "play-pause"];
"XF86MonBrightnessUp".action.spawn = ["brightness" "+10%"]; "XF86MonBrightnessUp".action.spawn = ["brightness" "+10%"];
"XF86MonBrightnessDown".action.spawn = ["brightness" "10%-"]; "XF86MonBrightnessDown".action.spawn = ["brightness" "10%-"];

4
home/desktop/utils/waybar.nix
View file

@ -42,8 +42,8 @@
on-click = "${pkgs.pavucontrol}/bin/pavucontrol"; on-click = "${pkgs.pavucontrol}/bin/pavucontrol";
}; };
mpris = { mpris = {
format = "{player_icon} {title}"; format = "{player_icon} {dynamic}";
format-paused = " {player_icon} {title}"; format-paused = " {player_icon} {dynamic}";
player-icons = { player-icons = {
default = ""; default = "";
mpd = "🎵"; mpd = "🎵";

10
home/programs/graphical.nix
View file

@ -1,6 +1,7 @@
{ {
pkgs, pkgs,
inputs, inputs,
user,
... ...
}: { }: {
imports = [ imports = [
@ -25,7 +26,6 @@
youtube-music youtube-music
transmission_4-gtk transmission_4-gtk
feishin feishin
grayjay
# other # other
element-desktop element-desktop
@ -68,12 +68,8 @@
]; ];
}; };
programs.zed-editor = { programs.chromium = {
enable = true; enable = true;
extensions = ["tsgo" "nix" "ansible" "helm"]; package = pkgs.brave;
userSettings = {
vim_mode = true;
};
extraPackages = [pkgs.nixd pkgs.vtsls];
}; };
} }

1
home/programs/zsh.nix
View file

@ -3,7 +3,6 @@
config, config,
... ...
}: { }: {
home.shell.enableZshIntegration = true;
programs.starship.enable = true; programs.starship.enable = true;
programs.zsh = { programs.zsh = {
enable = true; enable = true;

BIN
images/demonslayer.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 1.5 MiB

BIN
images/nier.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 MiB

BIN
images/nier2.jpg Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.8 MiB

BIN
images/nix-soft.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 840 KiB

1
lib/mkconf.nix
View file

@ -20,7 +20,6 @@ in
++ [ ++ [
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
../nixos/modules/predicate.nix
{ {
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;

12
lib/nixvim.nix
View file

@ -28,7 +28,6 @@ in {
scrolloff = 4; scrolloff = 4;
smoothscroll = true; smoothscroll = true;
ignorecase = true; ignorecase = true;
winborder = "rounded";
undofile = true; undofile = true;
undodir = lua ''vim.fn.expand("$HOME/.local/share/nvim/undo")''; undodir = lua ''vim.fn.expand("$HOME/.local/share/nvim/undo")'';
@ -73,10 +72,10 @@ in {
options.desc = "copy to clipboard"; options.desc = "copy to clipboard";
} }
{ {
mode = "n"; key = "<leader>ca";
options.desc = "LSP Format"; action = ''
key = "<leader>cf"; require("actions-preview").code_actions
action = luaFunc "vim.lsp.buf.format({async = true;})"; '';
} }
{ {
key = "<C-Tab>"; key = "<C-Tab>";
@ -284,6 +283,9 @@ in {
inlayHints = true; inlayHints = true;
servers = { servers = {
ts_ls.enable = true; ts_ls.enable = true;
eslint = {
enable = true;
};
nixd = { nixd = {
enable = true; enable = true;
settings = { settings = {

16
nixos/modules/predicate.nix
View file

@ -1,16 +0,0 @@
{
lib,
config,
...
}: {
options = {
allowUnfreePkgNames = lib.mkOption {
type = lib.types.listOf lib.types.str;
};
};
config = {
nixpkgs.config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) config.allowUnfreePkgNames;
};
}

15
nixos/modules/work.nix
View file

@ -6,13 +6,14 @@
}: let }: let
user = config.user; user = config.user;
in { in {
allowUnfreePkgNames = [ nixpkgs.config.allowUnfreePredicate = pkg:
# nonfree vscode required for dev containers builtins.elem (lib.getName pkg) [
"vscode" # nonfree vscode required for dev containers
"steam-run" "vscode"
"postman" "steam-run"
"drawio" # the creator had a hissyfit over a negative review: https://github.com/jgraph/drawio/discussions/4623 "postman"
]; "drawio" # the creator had a hissyfit over a negative review: https://github.com/jgraph/drawio/discussions/4623
];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1w" # required for mongodb "openssl-1.1.1w" # required for mongodb

21
nixos/programs/gamer.nix
View file

@ -1,11 +1,16 @@
{...}: { {
allowUnfreePkgNames = [ lib,
"steam" pkgs,
"steam-unwrapped" ...
"steam-run" }: {
"steam-original" nixpkgs.config.allowUnfreePredicate = pkg:
"osu-lazer" builtins.elem (lib.getName pkg) [
]; "steam"
"steam-unwrapped"
"steam-run"
"steam-original"
"osu-lazer"
];
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;

73
nixos/services/arr.nix
View file

@ -1,20 +1,20 @@
{ {config, lib, user, ...}: let
config,
lib,
user,
...
}: let
inherit (config) sops; inherit (config) sops;
inherit (sops) templates placeholder; inherit (sops) templates placeholder;
in { in {
nixpkgs.config.permittedInsecurePackages = [
"aspnetcore-runtime-6.0.36"
"aspnetcore-runtime-wrapped-6.0.36"
"dotnet-sdk-6.0.428"
"dotnet-sdk-wrapped-6.0.428"
];
users.users.${user}.extraGroups = ["media"]; users.users.${user}.extraGroups = ["media"];
users.groups.media = { users.groups.media = {
gid = 979; gid = 979;
}; };
services.prowlarr = { services.jackett = {
enable = true; enable = true;
}; };
services.flaresolverr.enable = true;
services.lidarr = { services.lidarr = {
enable = true; enable = true;
group = "media"; group = "media";
@ -27,13 +27,21 @@ in {
enable = true; enable = true;
group = "media"; group = "media";
}; };
services.bazarr = {
enable = true;
group = "media";
};
services.jellyseerr.enable = true; services.jellyseerr.enable = true;
sops.secrets.sonarr-sslkey = {
sopsFile = ../../certs/alpine.prawn-justice.ts.net.key;
format = "binary";
owner = "nginx";
};
# this was fun to figure out, but pointless atm.
services.nginx.virtualHosts."alpine.prawn-justice.ts.net" = {
forceSSL = true;
sslCertificateKey = config.sops.secrets.sonarr-sslkey.path;
sslCertificate = ../../certs/alpine.prawn-justice.ts.net.crt;
};
# probably easier if i just put this in a nixos-container # probably easier if i just put this in a nixos-container
virtualisation.oci-containers.containers.transmission = { virtualisation.oci-containers.containers.transmission = {
autoStart = false;
image = "docker.io/haugene/transmission-openvpn:5.3.2"; image = "docker.io/haugene/transmission-openvpn:5.3.2";
ports = ["9091:9091"]; ports = ["9091:9091"];
volumes = [ volumes = [
@ -41,7 +49,7 @@ in {
"/home/tristan/pods/transmission/config:/config" "/home/tristan/pods/transmission/config:/config"
"/mnt/storage/media/unsorted:/data/completed" "/mnt/storage/media/unsorted:/data/completed"
]; ];
environmentFiles = [templates."transmission/env".path]; environmentFiles = [ templates."transmission/env".path ];
environment = { environment = {
PUID = "1000"; PUID = "1000";
PGID = toString config.users.groups.media.gid; PGID = toString config.users.groups.media.gid;
@ -71,43 +79,4 @@ in {
OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"} OPENVPN_PASSWORD=${placeholder."transmission/auth/OPENVPN_PASSWORD"}
''; '';
}; };
sops.secrets."sonarr/api_key" = {};
sops.secrets."radarr/api_key" = {};
sops.secrets."prowlarr/api_key" = {};
services.prometheus.exporters.exportarr-sonarr = {
enable = true;
url = "http://localhost:${toString config.services.sonarr.settings.server.port}/sonarr";
port = 9708;
apiKeyFile = config.sops.secrets."sonarr/api_key".path;
};
services.prometheus.exporters.exportarr-radarr = {
enable = true;
url = "http://localhost:${toString config.services.radarr.settings.server.port}";
port = 9709;
apiKeyFile = config.sops.secrets."radarr/api_key".path;
};
services.prometheus.exporters.exportarr-prowlarr = {
enable = true;
url = "http://localhost:${toString config.services.prowlarr.settings.server.port}";
port = 9710;
apiKeyFile = config.sops.secrets."prowlarr/api_key".path;
};
services.prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "exportarr";
static_configs = [
{
targets = [
"localhost:${toString config.services.prometheus.exporters.exportarr-radarr.port}"
"localhost:${toString config.services.prometheus.exporters.exportarr-sonarr.port}"
"localhost:${toString config.services.prometheus.exporters.exportarr-prowlarr.port}"
];
}
];
}
];
};
} }

98
nixos/services/prometheus.nix
View file

@ -29,34 +29,28 @@ in {
]; ];
rules = [ rules = [
(builtins.toJSON { (builtins.toJSON {
groups = [ groups = [{
{ name = "node";
name = "node"; rules = [
rules = [ {
{ alert = "io error";
alert = "io error"; expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0''; }
} {
{ alert = "disk full";
alert = "disk full"; expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}''; }
} ];
]; }];
}
];
}) })
]; ];
alertmanagers = [ alertmanagers = [ {
{ static_configs = [ {
static_configs = [ targets = [
{ "localhost:9093"
targets = [
"localhost:9093"
];
}
]; ];
} } ];
]; } ];
exporters = { exporters = {
postgres = { postgres = {
enable = true; enable = true;
@ -64,35 +58,39 @@ in {
}; };
}; };
alertmanager = { alertmanager = {
enable = false; enable = true;
configuration = { configuration = {
route = { receivers = [{
receiver = "alertmanager-ntfy"; name = "ntfy";
routes = [{ webhook_configs = [{
matchers = [ url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
''node_filesystem_device_error != 0''
];
}]; }];
}];
route = {
receiver = "ntfy";
# routes = [{
# matchers = [
# ''node_filesystem_device_error != 0''
# ];
# }];
}; };
}; };
}; };
alertmanager-ntfy = { # alertmanager-ntfy = {
enable = false; # enable = true;
settings = { # settings = {
ntfy = { # ntfy = {
baseurl = "https://up.tristans.cloud"; # baseurl = "https://up.tristans.cloud";
notification = { # notification = {
topic = "alert"; # topic = "alert";
}; # };
}; # };
}; # };
}; # };
}; };
services.grafana.provision.datasources.settings.datasources = [ services.grafana.provision.datasources.settings.datasources = [{
{ name = "Prometheus";
name = "Prometheus"; type = "prometheus";
type = "prometheus"; url = "http://localhost:${toString prometheus.port}";
url = "http://localhost:${toString prometheus.port}"; }];
}
];
} }

2
nixos/services/samba.nix
View file

@ -21,7 +21,7 @@
"map to guest" = "bad user"; "map to guest" = "bad user";
}; };
"Music" = { "Music" = {
"path" = "/mnt/storage/media/Music"; "path" = "/mnt/storage/media/Public/";
"browseable" = "yes"; "browseable" = "yes";
"read only" = "no"; "read only" = "no";
"guest ok" = "yes"; "guest ok" = "yes";

4
nixos/workstation.nix
View file

@ -102,8 +102,4 @@
services.udev.extraRules = '' services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e60", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="3434", ATTRS{idProduct}=="0e60", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
''; '';
allowUnfreePkgNames = [
"grayjay"
];
} }

17
secrets/secrets.yaml
View file

@ -33,13 +33,11 @@ transmission:
OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str] OPENVPN_USERNAME: ENC[AES256_GCM,data:RQ+hGLE6YEgN/aaa2TLpkg==,iv:oG794WxGe0t1ZI0PyC45ZgCPA0Ar2m/dSVDdMYBKJvY=,tag:CGnEu8ds0s4aH4ImCrNWNQ==,type:str]
OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str] OPENVPN_PASSWORD: ENC[AES256_GCM,data:Jw==,iv:uGAaXFWfpSaeqY7yC9cR9iqblH3E3hudnrnIlOvdRCg=,tag:P1XJ2SBY82z9YZP9J/n5SA==,type:str]
namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str] namecheap: ENC[AES256_GCM,data:PTEQK8+G1FfmvRk9IxrAZjCAhiKdV0AA+JxaJRZvbHU=,iv:xTrJzPooM0xzs9xgkNGWKRzRHeIIhMGa8EYW2/41ZvA=,tag:KHdLKuip439QNeAiBwreqg==,type:str]
sonarr:
api_key: ENC[AES256_GCM,data:mBq+ndbhDtErh/sytTybutes7btHMIkg6wT9C7t4M9I=,iv:JicYavIQJpnmYbFpO+AVOTwrp2DeOB5xWBROwSYNF4Y=,tag:xmlaKpdn8A9s/HpdsBR+0g==,type:str]
radarr:
api_key: ENC[AES256_GCM,data:iHDX/wLjde/6dj6+ORJaAnFCzXn82DXUWy3yh6fkmiQ=,iv:NcgRPa6Cy9tKLKYJ4OGr2cdW5smvpHbiXtBYJlEqOfw=,tag:BJ1YeMLXrhuDrZKsB5Z4YQ==,type:str]
prowlarr:
api_key: ENC[AES256_GCM,data:p1KRHilxv8qSy8NEKQlBy8ppXDxmQDeZXAzRYyc7psA=,iv:HyK3YEKLvE01fLCkxR89G96uViAegIPi7Xb43mFeWlQ=,tag:B8pNOT9+2rPUqVL+rTDRHg==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q - recipient: age106vffwu4y8cx90y0rtzajgpafl8jq7ty5hf6pur2gjsuq3g2lf5qjmdq0q
enc: | enc: |
@ -50,7 +48,8 @@ sops:
S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x S3ZwcHhkdEEvY0pINDloand5S0NycHcKEpIt5EeIKhLQK7f74sWVN/x5gzh/Jq7x
UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ== UUN5QtysRbWVGnWRxdNB8LIMjDJY9jRojycdQfSNebaz5ZLjEp8dZQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-19T18:47:49Z" lastmodified: "2025-01-18T02:00:29Z"
mac: ENC[AES256_GCM,data:xgsPA3TDBZ4C6aQVYoamOz2fi2iEaiUtT2eOFUnldBB4Wt+YNM4b4RVavXnlND1vOat9FtRzjmvI1rlkxoPV95tZz4B4QDfH/LUBWCwiOnZdLwrd4W0VWJLSxcX/hAmZ7qnGMpA7/G/0d45A2y0yMHJ3KGfqTsCikE/MPwrQbkg=,iv:1GEIIYygolYOGfS2LG1CmZCnacLaeOfBw+TGeh713DQ=,tag:E7mrU7xK2Zppq9QCwKdveQ==,type:str] mac: ENC[AES256_GCM,data:x3J0tRfNynM2qlB4YUUAUMYI/94opN1kJ1j0kOyeZ1GZHx+EA4dQZif4nPQOERo+5xRt8C4YXVDZEnCjD1TpQE6LYik0n0iY+84sY5fSr2SYiXzq2P72Tk7BzBklI9/zjndeJLJbydTJDMzOCvdEWIfHYZsHODnKXBO9pYwjAqU=,iv:z+QD93t72S2w0CqMV5sQk9oK9LMnQAxyaiExmqEcSp0=,tag:dbtyHUQ+n2EQvHEkQa7zrw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.9.2