tristan/nix
1
0
Fork 0
Code Projects Releases Packages Activity

Compare commits

base: tristan:aedd86fee7d00d755fd0ae9815215a4ec529a68d
Branches Tags
tristan:zenix/master
tristan:alpine/master
tristan:framework/master
..
compare: tristan:4500bace9c25b0d6d8bfb63f5f69cfd5599e3847
Branches Tags
tristan:alpine/master
tristan:zenix/master
tristan:framework/master

No commits in common. "aedd86fee7d00d755fd0ae9815215a4ec529a68d" and "4500bace9c25b0d6d8bfb63f5f69cfd5599e3847" have entirely different histories.
aedd86fee7 ... 4500bace9c

14 changed files with 111 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

78
flake.lock generated
View file

@ -136,11 +136,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754091436, "lastModified": 1749398372,
"narHash": "sha256-XKqDMN1/Qj1DKivQvscI4vmHfDfvYR2pfuFOJiCeewM=", "narHash": "sha256-tYBdgS56eXYaWVW3fsnPQ/nFlgWi/Z2Ymhyu21zVM98=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "67df8c627c2c39c41dbec76a1f201929929ab0bd", "rev": "9305fe4e5c2a6fcf5ba6a3ff155720fbe4076569",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -228,11 +228,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753592768, "lastModified": 1752544374,
"narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "narHash": "sha256-ReX0NG6nIAEtQQjLqeu1vUU2jjZuMlpymNtb4VQYeus=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "fc3add429f21450359369af74c2375cb34a2d204", "rev": "2e00ed310c218127e02ffcf28ddd4e0f669fde3e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -300,11 +300,11 @@
"xwayland-satellite-unstable": "xwayland-satellite-unstable" "xwayland-satellite-unstable": "xwayland-satellite-unstable"
}, },
"locked": { "locked": {
"lastModified": 1754744872, "lastModified": 1752659960,
"narHash": "sha256-rcMHMs+dFWaDXev092gfxTfxHEWcUY/6SRV+cseNevQ=", "narHash": "sha256-AP/Gds8b1hhU50prgLjYSv5qpy9D8E6Xre/r/gb3K8M=",
"owner": "sodiboo", "owner": "sodiboo",
"repo": "niri-flake", "repo": "niri-flake",
"rev": "346fc31bcc4d2dbcc3e8ce8dbb622e4255ff54b7", "rev": "8e3f7bbada0cf637d23de4200c6e1a5a157de9cc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +333,11 @@
"niri-unstable": { "niri-unstable": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1754742008, "lastModified": 1752656275,
"narHash": "sha256-Tp0FG7VpLudVEC622d91z2hbdfPLCXxw0Nv43iNN4O0=", "narHash": "sha256-tTRMyGxqHF5IkYcnvHbwCgRBRUBhvRapxtuUfrN/8Ic=",
"owner": "YaLTeR", "owner": "YaLTeR",
"repo": "niri", "repo": "niri",
"rev": "67361f88fd01974ebee4cf80f0e29c87d805cc39", "rev": "7b065f8618f63b7cf761ebe05a2cebd556113a6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -364,11 +364,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1754689972, "lastModified": 1752436162,
"narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -380,11 +380,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1754689972, "lastModified": 1752436162,
"narHash": "sha256-eogqv6FqZXHgqrbZzHnq43GalnRbLTkbBbFtEfm1RSc=", "narHash": "sha256-Kt1UIPi7kZqkSc5HVj6UY5YLHHEzPBkgpNUByuyxtlw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "fc756aa6f5d3e2e5666efcf865d190701fef150a", "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -395,11 +395,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1754214453, "lastModified": 1751984180,
"narHash": "sha256-Q/I2xJn/j1wpkGhWkQnm20nShYnG7TI99foDBpXm1SY=", "narHash": "sha256-LwWRsENAZJKUdD3SpLluwDmdXY9F45ZEgCb0X+xgOL0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5b09dc45f24cf32316283e62aec81ffee3c3e376", "rev": "9807714d6944a957c2e036f84b0ff8caf9930bc0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -419,11 +419,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1754262585, "lastModified": 1752010420,
"narHash": "sha256-Yz5dJ0VzGRzSRHdHldsWQbuFYmtP3NWNreCvPfCi9CI=", "narHash": "sha256-fboKrq2WeEC2Y4LaZNiiH2dptUYHtSbYhzE0FTN/u+M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixvim", "repo": "nixvim",
"rev": "ab1b5962e1ca90b42de47e1172e0d24ca80e6256", "rev": "a11133507a930dfd235324cdf776bdb5e6ddd717",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -469,11 +469,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753771532, "lastModified": 1749730855,
"narHash": "sha256-Pmpke0JtLRzgdlwDC5a+aiLVZ11JPUO5Bcqkj0nHE/k=", "narHash": "sha256-L3x2nSlFkXkM6tQPLJP3oCBMIsRifhIDPMQQdHO5xWo=",
"owner": "NuschtOS", "owner": "NuschtOS",
"repo": "search", "repo": "search",
"rev": "2a65adaf2c0c428efb0f4a2bc406aab466e96a06", "rev": "8dfe5879dd009ff4742b668d9c699bc4b9761742",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -502,11 +502,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1754328224, "lastModified": 1752544651,
"narHash": "sha256-glPK8DF329/dXtosV7YSzRlF4n35WDjaVwdOMEoEXHA=", "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "49021900e69812ba7ddb9e40f9170218a7eca9f4", "rev": "2c8def626f54708a9c38a5861866660395bb3461",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -536,11 +536,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1754599117, "lastModified": 1752599753,
"narHash": "sha256-AzAYdZlat002vCjCKWdFpGi2xUaiOU4DtIPnv1nomD8=", "narHash": "sha256-8ppgjqbFc/697OXgMntMhk+kAQF4BHBog73oP6Xds8Y=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "312dec38b2231b21f36903d1bdce96daa11548ff", "rev": "a35db84c7568c75f3ec665fdcd962cc9c52b6c0a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -718,11 +718,11 @@
"xwayland-satellite-unstable": { "xwayland-satellite-unstable": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1754533920, "lastModified": 1752338000,
"narHash": "sha256-fCZ68Yud1sUCq6UNXj0SDyiBgVA8gJUE+14ZFGsFJG8=", "narHash": "sha256-Fxlp/yKtynug0jyuauAmvZU2SzHCfwlwWf85j+IvQ0U=",
"owner": "Supreeeme", "owner": "Supreeeme",
"repo": "xwayland-satellite", "repo": "xwayland-satellite",
"rev": "e0d1dad25a158551ab58547b2ece4b7d5a19929c", "rev": "ba78881a68182ce338041846164cbfed0d70935c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -736,11 +736,11 @@
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
}, },
"locked": { "locked": {
"lastModified": 1754540523, "lastModified": 1752293576,
"narHash": "sha256-Wgv2qVckt8q11/xErY7hYdLAPcoOnZ0BkMLqyXegCzQ=", "narHash": "sha256-84tAzrC/kioWRmG0jLt1HWRP/wHON7zjLtXCwWRNI/g=",
"owner": "youwen5", "owner": "youwen5",
"repo": "zen-browser-flake", "repo": "zen-browser-flake",
"rev": "451454de40a4433174153e823994fe2ecd3c869e", "rev": "1a40cdcb093a0025631ef692caa53130f821dd77",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
flake.nix
View file

@ -84,7 +84,6 @@
alpine = mkConf { alpine = mkConf {
nixos-modules = [ nixos-modules = [
./hardware/alpine.nix ./hardware/alpine.nix
./nixos/services/fail2ban.nix
./nixos/services/anki.nix ./nixos/services/anki.nix
./nixos/services/forgejo.nix ./nixos/services/forgejo.nix
./nixos/services/vaultwarden.nix ./nixos/services/vaultwarden.nix

1
home/default.nix
View file

@ -6,6 +6,7 @@
}: { }: {
imports = [ imports = [
./programs/neovim/. ./programs/neovim/.
./programs/helix.nix
./programs/git.nix ./programs/git.nix
./programs/lf/. ./programs/lf/.
./programs/zsh.nix ./programs/zsh.nix

3
home/desktop/niri/default.nix
View file

@ -42,9 +42,6 @@
input.focus-follows-mouse = { input.focus-follows-mouse = {
enable = true; enable = true;
}; };
input.touchpad = {
dwt = true; # disable when typing
};
prefer-no-csd = true; prefer-no-csd = true;
spawn-at-startup = [ spawn-at-startup = [
{command = [(lib.getExe pkgs.xwayland-satellite)];} {command = [(lib.getExe pkgs.xwayland-satellite)];}

14
home/programs/graphical.nix
View file

@ -1,11 +1,7 @@
{ {pkgs, inputs, user, ...}: {
pkgs,
inputs,
user,
...
}: {
imports = [ imports = [
./mpv.nix ./mpv.nix
./vscode.nix
]; ];
home.packages = with pkgs; [ home.packages = with pkgs; [
@ -18,10 +14,15 @@
# tools # tools
inkscape inkscape
kdePackages.okular
gimp3 gimp3
libreoffice libreoffice
dbeaver-bin
zed-editor
insomnia
# entertainment # entertainment
kdePackages.kasts
shortwave shortwave
youtube-music youtube-music
transmission_4-gtk transmission_4-gtk
@ -72,4 +73,5 @@
enable = true; enable = true;
package = pkgs.brave; package = pkgs.brave;
}; };
} }

3
home/programs/work.nix
View file

@ -5,9 +5,6 @@
}: let }: let
modifier = config.windowManager.modifierKey; modifier = config.windowManager.modifierKey;
in { in {
imports = [
./vscode.nix
];
roles.email = { roles.email = {
enable = true; enable = true;
email = "tristan.beedell@cryoserver.com"; email = "tristan.beedell@cryoserver.com";

2
nixos/services/authentik.nix
View file

@ -10,7 +10,7 @@
}; };
authentik-config = { authentik-config = {
autoStart = true; autoStart = true;
image = "ghcr.io/goauthentik/server:2025.6.3"; image = "ghcr.io/goauthentik/server:2025.6.0";
volumes = ["/home/tristan/pods/authentik/media:/media"]; volumes = ["/home/tristan/pods/authentik/media:/media"];
environment = { environment = {
AUTHENTIK_POSTGRESQL__USER = postgres.user; AUTHENTIK_POSTGRESQL__USER = postgres.user;

5
nixos/services/fail2ban.nix
View file

@ -1,5 +0,0 @@
{...}: {
services.fail2ban = {
enable = true;
};
}

2
nixos/services/grafana.nix
View file

@ -48,7 +48,7 @@ in {
{ {
name = "synapse"; name = "synapse";
url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json"; url = "https://raw.githubusercontent.com/element-hq/synapse/refs/heads/master/contrib/grafana/synapse.json";
sha256 = "sha256:16fl81sx1by0wldw4vda0zr1pvbq1dpih1fikzwlvmk63mpc80kb"; sha256 = "sha256:07qlr0waw9phmyd38bv22bn5v303w3397b89l44l3lzwhpnhs16s";
} }
]; ];
}]; }];

119
nixos/services/loki.nix
View file

@ -21,77 +21,78 @@ in {
storage_config."filesystem".directory = "/tmp/loki/chunks"; storage_config."filesystem".directory = "/tmp/loki/chunks";
common = { common = {
ring = { ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmemory"; kvstore.store = "inmemory";
}; };
replication_factor = 1; replication_factor = 1;
path_prefix = "/tmp/loki"; path_prefix = "/tmp/loki";
}; };
# https://grafana.com/docs/loki/latest/configure/#limits_config
limits_config = { limits_config = {
ingestion_rate_strategy = "local"; ingestion_rate_strategy = "local";
ingestion_rate_mb = 128; ingestion_rate_mb = 24;
ingestion_burst_size_mb = 256; ingestion_burst_size_mb = 36;
max_streams_per_user = 0;
max_global_streams_per_user = 0;
}; };
}; };
}; };
services.prometheus.scrapeConfigs = [ services.prometheus.scrapeConfigs = [{
{ job_name = "loki";
job_name = "loki"; static_configs = [
static_configs = [ {
targets = ["localhost:3100"];
}
];
}];
services.promtail = {
enable = true;
# https://grafana.com/docs/loki/latest/send-data/promtail/configuration/
configuration = {
server = {
http_listen_port = 9080;
grpc_listen_port = 0;
};
clients = [
{url = "http://localhost:3100/loki/api/v1/push";}
];
scrape_configs = [
{ {
targets = ["localhost:3100"]; job_name = "system";
journal = {
path = "/var/log/journal/";
};
relabel_configs = [
{
source_labels = ["__journal_message"];
target_label = "message";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_unit"];
target_label = "systemd_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__systemd_user_unit"];
target_label = "systemd_user_unit";
regex = "(.+)";
}
{
source_labels = ["__journal__transport"];
target_label = "transport";
regex = "(.+)";
}
{
source_labels = ["__journal__priority_keyword"];
target_label = "severity";
regex = "(.+)";
}
];
} }
]; ];
} };
];
services.alloy = {
enable = true;
extraFlags = [
"--server.http.listen-addr=100.106.241.122:12345"
];
}; };
environment.etc."alloy/config.alloy" = { services.grafana.provision.datasources.settings.datasources = [{
text = '' name = "Loki";
discovery.relabel "system" { type = "loki";
targets = [] url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
}];
rule {
source_labels = ["__journal__systemd_unit", "__journal__systemd_user_unit"]
regex = "(.+)"
target_label = "systemd_unit"
}
rule {
source_labels = ["__journal__priority_keyword"]
regex = "(.+)"
target_label = "severity"
}
}
loki.source.journal "system" {
max_age = "1h0m0s"
path = "/var/log/journal/"
relabel_rules = discovery.relabel.system.rules
forward_to = [loki.write.default.receiver]
labels = {}
}
loki.write "default" {
endpoint {
url = "http://localhost:3100/loki/api/v1/push"
}
max_streams = 64
}
'';
};
services.grafana.provision.datasources.settings.datasources = [
{
name = "Loki";
type = "loki";
url = "http://localhost:${toString loki.configuration.server.http_listen_port}";
}
];
} }

13
nixos/services/nfs.nix
View file

@ -1,13 +0,0 @@
{config, ...}: {
services.nfs = {
settings = {
mountd.manage-gids = true;
};
server = {
enable = true;
exports = ''
/mnt/storage/media 100.106.241.122/8(rw,fsid=root)
'';
};
};
}

52
nixos/services/samba.nix
View file

@ -1,52 +0,0 @@
{...}: {
users.users.guest = {
extraGroups = ["media"];
isNormalUser = true;
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "Tristan's Media Server";
"netbios name" = "alpine";
"security" = "user";
#"use sendfile" = "yes";
#"max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.1. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "guest";
"map to guest" = "bad user";
};
"Music" = {
"path" = "/mnt/storage/media/Public/";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"guest only" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
publish.enable = true;
publish.userServices = true;
# ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
nssmdns4 = true;
# ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
enable = true;
openFirewall = true;
};
networking.firewall.enable = true;
networking.firewall.allowPing = true;
}

1
nixos/services/synapse/default.nix
View file

@ -63,7 +63,6 @@ in {
services.matrix-synapse = { services.matrix-synapse = {
enable = true; enable = true;
extraConfigFiles = [templates."synapse/secrets.yaml".path]; extraConfigFiles = [templates."synapse/secrets.yaml".path];
# https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html
settings = { settings = {
signing_key_path = secrets."synapse/signing_key".path; signing_key_path = secrets."synapse/signing_key".path;
server_name = domain; server_name = domain;

2
pkgs/mpv-skipsilence.nix
View file

@ -10,7 +10,7 @@ buildLua {
src = fetchgit { src = fetchgit {
url = "https://codeberg.org/ferreum/mpv-skipsilence.git"; url = "https://codeberg.org/ferreum/mpv-skipsilence.git";
hash = "sha256-+sOMWFFumJUk5gFE1iCTvWub3PWzYOkulXJLCGS4fYA="; hash = "sha256-fg8vfeb68nr0bTBIvr0FnRnoB48/kV957pn22tWcz1g=";
}; };
passthru.updateScript = gitUpdater {}; passthru.updateScript = gitUpdater {};