diff options
| author | spl3g <spleefer6@yandex.ru> | 2025-10-27 23:49:28 +0300 |
|---|---|---|
| committer | spl3g <spleefer6@yandex.ru> | 2025-10-27 23:50:34 +0300 |
| commit | 0ae0f7489fb94bc122c3634107872c9b9437eda3 (patch) | |
| tree | 50f53fbc8d4bb8af54cc8aaf1e52a647c43a33a7 | |
| parent | 9e4302359f6ca93174339f46fdccfa85edcb3607 (diff) | |
feat: move servers to nixos-stable
| -rw-r--r-- | flake.lock | 262 | ||||
| -rw-r--r-- | flake.nix | 228 | ||||
| -rw-r--r-- | nixos/server/configuration.nix | 84 | ||||
| -rw-r--r-- | nixos/tw/configuration.nix | 76 |
4 files changed, 410 insertions, 240 deletions
@@ -116,6 +116,27 @@ "type": "github" } }, + "crowdsec": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs-stable" + ] + }, + "locked": { + "lastModified": 1752497357, + "narHash": "sha256-9epXn1+T6U4Kfyw8B9zMzbERxDB3VfaPXhVebtai6CE=", + "ref": "refs/heads/main", + "rev": "84db7dcea77f7f477d79e69e35fb0bb560232667", + "revCount": 42, + "type": "git", + "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/kampka/nix-flake-crowdsec.git" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -123,11 +144,11 @@ ] }, "locked": { - "lastModified": 1756733629, - "narHash": "sha256-dwWGlDhcO5SMIvMSTB4mjQ5Pvo2vtxvpIknhVnSz2I8=", + "lastModified": 1758287904, + "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "owner": "nix-community", "repo": "disko", - "rev": "a5c4f2ab72e3d1ab43e3e65aa421c6f2bd2e12a1", + "rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "type": "github" }, "original": { @@ -139,11 +160,11 @@ "firefox-gnome-theme": { "flake": false, "locked": { - "lastModified": 1756083905, - "narHash": "sha256-UqYGTBgI5ypGh0Kf6zZjom/vABg7HQocB4gmxzl12uo=", + "lastModified": 1758112371, + "narHash": "sha256-lizRM2pj6PHrR25yimjyFn04OS4wcdbc38DCdBVa2rk=", "owner": "rafaelmardojai", "repo": "firefox-gnome-theme", - "rev": "b655eaf16d4cbec9c3472f62eee285d4b419a808", + "rev": "0909cfe4a2af8d358ad13b20246a350e14c2473d", "type": "github" }, "original": { @@ -210,6 +231,23 @@ "type": "github" } }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "id": "flake-utils", + "type": "indirect" + } + }, "fromYaml": { "flake": false, "locked": { @@ -272,11 +310,11 @@ ] }, "locked": { - "lastModified": 1757075491, - "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=", + "lastModified": 1759261733, + "narHash": "sha256-G104PUPKBgJmcu4NWs0LUaPpSOTD4jiq4mamLWu3Oc0=", "owner": "nix-community", "repo": "home-manager", - "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf", + "rev": "5a21f4819ee1be645f46d6b255d49f4271ef6723", "type": "github" }, "original": { @@ -352,11 +390,11 @@ ] }, "locked": { - "lastModified": 1755678602, - "narHash": "sha256-uEC5O/NIUNs1zmc1aH1+G3GRACbODjk2iS0ET5hXtuk=", + "lastModified": 1758192433, + "narHash": "sha256-CR6RnqEJSTiFgA6KQY4TTLUWbZ8RBnb+hxQqesuQNzQ=", "owner": "hyprwm", "repo": "hyprgraphics", - "rev": "157cc52065a104fc3b8fa542ae648b992421d1c7", + "rev": "c44e749dd611521dee940d00f7c444ee0ae4cfb7", "type": "github" }, "original": { @@ -377,15 +415,15 @@ "hyprwayland-scanner": "hyprwayland-scanner", "nixpkgs": "nixpkgs", "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems", + "systems": "systems_2", "xdph": "xdph" }, "locked": { - "lastModified": 1757180583, - "narHash": "sha256-PcHIK+FlH9EiP59ikyTOr66wvdMvxCieW8UVKLLgA5c=", + "lastModified": 1759169434, + "narHash": "sha256-1u6kq88ICeE9IiJPditYa248ZoEqo00kz6iUR+jLvBQ=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "bce43f74eb8e4570d0d043f5fc8257eef7a57399", + "rev": "38c1e72c9d81fcdad8f173e06102a5da18836230", "type": "github" }, "original": { @@ -474,11 +512,11 @@ ] }, "locked": { - "lastModified": 1753819801, - "narHash": "sha256-tHe6XeNeVeKapkNM3tcjW4RuD+tB2iwwoogWJOtsqTI=", + "lastModified": 1757694755, + "narHash": "sha256-j+w5QUUr2QT/jkxgVKecGYV8J7fpzXCMgzEEr6LG9ug=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "b308a818b9dcaa7ab8ccab891c1b84ebde2152bc", + "rev": "5ffdfc13ed03df1dae5084468d935f0a3f2c9a4c", "type": "github" }, "original": { @@ -503,11 +541,11 @@ ] }, "locked": { - "lastModified": 1753622892, - "narHash": "sha256-0K+A+gmOI8IklSg5It1nyRNv0kCNL51duwnhUO/B8JA=", + "lastModified": 1756810301, + "narHash": "sha256-wgZ3VW4VVtjK5dr0EiK9zKdJ/SOqGIBXVG85C3LVxQA=", "owner": "hyprwm", "repo": "hyprlang", - "rev": "23f0debd2003f17bd65f851cd3f930cff8a8c809", + "rev": "3d63fb4a42c819f198deabd18c0c2c1ded1de931", "type": "github" }, "original": { @@ -573,11 +611,11 @@ ] }, "locked": { - "lastModified": 1757153783, - "narHash": "sha256-HtnGRQX7BCze1eNlcc5ejAMExPk4DSqBPh6j2Byov7E=", + "lastModified": 1759134674, + "narHash": "sha256-7NaMOQpxRFjjUGOLZmoAwb/5dDQQTFn3NuzfZHJZzJ8=", "owner": "viperML", "repo": "nh", - "rev": "036c141e2f14fb481f12c4d1498bc5d03d9e1865", + "rev": "f3920fd9354902815db2b51c7b3c698f65b62e95", "type": "github" }, "original": { @@ -596,11 +634,11 @@ "xwayland-satellite-unstable": "xwayland-satellite-unstable" }, "locked": { - "lastModified": 1757183725, - "narHash": "sha256-oZaONTM5A7AhRaXvGr8PNyVL7qbFNIZpMXpsYdTOPmc=", + "lastModified": 1759207481, + "narHash": "sha256-xhUr1oMQwL/8h8xnPi5QxUHRFDHoCofhw8Jy7qTD4BY=", "owner": "sodiboo", "repo": "niri-flake", - "rev": "32d7f54892a516be2060a1e106cde7b47a733c62", + "rev": "d425163158a96a26924597574316a627d2e982aa", "type": "github" }, "original": { @@ -629,11 +667,11 @@ "niri-unstable": { "flake": false, "locked": { - "lastModified": 1756926064, - "narHash": "sha256-5/1vyFRLvJWxhBgpPaV2orC0pjSgIny6JM6+joLyZok=", + "lastModified": 1758691861, + "narHash": "sha256-CYgoGrY/Fx+hjzp8graTxJw1M7mn1f2jBkK26M04T0s=", "owner": "YaLTeR", "repo": "niri", - "rev": "c69464c1288789020d9a086f86c970a7dc49b8c7", + "rev": "e837e39623457dc5ad29c34a5ce4d4616e5fbf1e", "type": "github" }, "original": { @@ -642,13 +680,33 @@ "type": "github" } }, + "nix-index-database": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1760241904, + "narHash": "sha256-OD7QnaGEVNdukYEbJbUNWPsvnDrpbZOZxVIk6Pt9Jhw=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "c9f5ea45f25652ec2f771f9426ccacb21cbbaeaa", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, "nixpkgs": { "locked": { - "lastModified": 1756266583, - "narHash": "sha256-cr748nSmpfvnhqSXPiCfUPxRz2FJnvf/RjJGvFfaCsM=", + "lastModified": 1758198701, + "narHash": "sha256-7To75JlpekfUmdkUZewnT6MoBANS0XVypW6kjUOXQwc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a6d5427d99ec71c64f0b93d45778c889005d9c2", + "rev": "0147c2f1d54b30b5dd6d4a8c8542e8d7edf93b5d", "type": "github" }, "original": { @@ -660,11 +718,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1757050802, - "narHash": "sha256-JemPHwGhQT/y4dEEeZYVvB+WiHAsPz9mn8dCLtQFBrM=", + "lastModified": 1759240490, + "narHash": "sha256-RPoiXImMd8sEYqOFd71pis08RheOgrd859E+5CIp6Sw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bdcc888361c30db87c2d99f7795ac2a91c9aa11", + "rev": "b6f6c613838dd776620c34e8f15fe4d8a9cdf9c0", "type": "github" }, "original": { @@ -676,11 +734,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1757020766, - "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=", + "lastModified": 1759143472, + "narHash": "sha256-TvODmeR2W7yX/JmOCmP+lAFNkTT7hAxYcF3Kz8SZV3w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a", + "rev": "5ed4e25ab58fd4c028b59d5611e14ea64de51d23", "type": "github" }, "original": { @@ -690,13 +748,29 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1761173472, + "narHash": "sha256-m9W0dYXflzeGgKNravKJvTMR4Qqa2MVD11AwlGMufeE=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c8aa8cc00a5cb57fada0851a038d35c08a36a2bb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-25.05", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -708,11 +782,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1756787288, - "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", + "lastModified": 1759036355, + "narHash": "sha256-0m27AKv6ka+q270dw48KflE0LwQYrO7Fm4/2//KCVWg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", + "rev": "e9f00bd893984bc8ce46c895c3bf7cac95331127", "type": "github" }, "original": { @@ -724,11 +798,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1756819007, - "narHash": "sha256-12V64nKG/O/guxSYnr5/nq1EfqwJCdD2+cIGmhz3nrE=", + "lastModified": 1758690382, + "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aaff8c16d7fc04991cac6245bee1baa31f72b1e1", + "rev": "e643668fd71b949c53f8626614b21ff71a07379d", "type": "github" }, "original": { @@ -750,11 +824,11 @@ ] }, "locked": { - "lastModified": 1756961635, - "narHash": "sha256-hETvQcILTg5kChjYNns1fD5ELdsYB/VVgVmBtqKQj9A=", + "lastModified": 1758998580, + "narHash": "sha256-VLx0z396gDCGSiowLMFz5XRO/XuNV+4EnDYjdJhHvUk=", "owner": "nix-community", "repo": "NUR", - "rev": "6ca27b2654ac55e3f6e0ca434c1b4589ae22b370", + "rev": "ba8d9c98f5f4630bcb0e815ab456afd90c930728", "type": "github" }, "original": { @@ -771,11 +845,11 @@ ] }, "locked": { - "lastModified": 1757187795, - "narHash": "sha256-2uK7hr8H5zuN3ZiNfHea5xZDcNH7/1H4ZvbgncIeWWk=", + "lastModified": 1759306765, + "narHash": "sha256-L/rTRSo7zBlHflwAhjYxFHvW3Z6AXFKmZg85vu2HwS4=", "owner": "nix-community", "repo": "NUR", - "rev": "0b567e06e3fb68ce9995f81892201387d5e752e7", + "rev": "d45b542c49e55d1246a25374692b079e448cb701", "type": "github" }, "original": { @@ -794,11 +868,11 @@ ] }, "locked": { - "lastModified": 1755960406, - "narHash": "sha256-RF7j6C1TmSTK9tYWO6CdEMtg6XZaUKcvZwOCD2SICZs=", + "lastModified": 1758108966, + "narHash": "sha256-ytw7ROXaWZ7OfwHrQ9xvjpUWeGVm86pwnEd1QhzawIo=", "owner": "cachix", "repo": "git-hooks.nix", - "rev": "e891a93b193fcaf2fc8012d890dc7f0befe86ec2", + "rev": "54df955a695a84cd47d4a43e08e1feaf90b1fd9b", "type": "github" }, "original": { @@ -810,13 +884,16 @@ "root": { "inputs": { "betterfox": "betterfox", + "crowdsec": "crowdsec", "disko": "disko", "home-manager": "home-manager", "hyprland": "hyprland", "nh": "nh", "niri": "niri", + "nix-index-database": "nix-index-database", "nixpkgs": "nixpkgs_3", "nixpkgs-small": "nixpkgs-small", + "nixpkgs-stable": "nixpkgs-stable_2", "nurpkgs": "nurpkgs", "shimmer": "shimmer", "sops-nix": "sops-nix", @@ -827,11 +904,11 @@ "shimmer": { "flake": false, "locked": { - "lastModified": 1753554711, - "narHash": "sha256-wbk4W0cgK7SKcJLX+/wAnBLpfsUlhglI8lJ8rVDInN4=", + "lastModified": 1759261526, + "narHash": "sha256-hN9tqH7gwdkr/5eRqqItMGeoISE5cwy3HB8PRilnREw=", "owner": "nuclearcodecat", "repo": "shimmer", - "rev": "3c4ccc4acff91c61a4b376c12e27edae880c1572", + "rev": "dfb34a0a1f322157fc3ce085f2016060fa7b1d57", "type": "github" }, "original": { @@ -843,15 +920,15 @@ "sops-nix": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1754988908, - "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "lastModified": 1759188042, + "narHash": "sha256-f9QC2KKiNReZDG2yyKAtDZh0rSK2Xp1wkPzKbHeQVRU=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "rev": "9fcfabe085281dd793589bdc770a2e577a3caa5d", "type": "github" }, "original": { @@ -871,7 +948,7 @@ "gnome-shell": "gnome-shell", "nixpkgs": "nixpkgs_4", "nur": "nur", - "systems": "systems_2", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -879,11 +956,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1757172691, - "narHash": "sha256-VOn/s24rb+iO6auhmGfT5kyr0ixRK6weBsNCKkGo2yY=", + "lastModified": 1759305203, + "narHash": "sha256-Mj3VQcpE5CVqfhi0Yp2B5qn5EcUwiPD4nCngxUiBHMg=", "owner": "danth", "repo": "stylix", - "rev": "9991299fe9aad330fb6b96bb58def37033271177", + "rev": "126e6c7625620e949d86578046fe97f418478c42", "type": "github" }, "original": { @@ -894,6 +971,21 @@ }, "systems": { "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { "lastModified": 1689347949, "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", "owner": "nix-systems", @@ -907,7 +999,7 @@ "type": "github" } }, - "systems_2": { + "systems_3": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -958,11 +1050,11 @@ "tinted-schemes": { "flake": false, "locked": { - "lastModified": 1754779259, - "narHash": "sha256-8KG2lXGaXLUE0F/JVwLQe7kOVm21IDfNEo0gfga5P4M=", + "lastModified": 1757716333, + "narHash": "sha256-d4km8W7w2zCUEmPAPUoLk1NlYrGODuVa3P7St+UrqkM=", "owner": "tinted-theming", "repo": "schemes", - "rev": "097d751b9e3c8b97ce158e7d141e5a292545b502", + "rev": "317a5e10c35825a6c905d912e480dfe8e71c7559", "type": "github" }, "original": { @@ -974,11 +1066,11 @@ "tinted-tmux": { "flake": false, "locked": { - "lastModified": 1754788770, - "narHash": "sha256-LAu5nBr7pM/jD9jwFc6/kyFY4h7Us4bZz7dvVvehuwo=", + "lastModified": 1757811970, + "narHash": "sha256-n5ZJgmzGZXOD9pZdAl1OnBu3PIqD+X3vEBUGbTi4JiI=", "owner": "tinted-theming", "repo": "tinted-tmux", - "rev": "fb2175accef8935f6955503ec9dd3c973eec385c", + "rev": "d217ba31c846006e9e0ae70775b0ee0f00aa6b1e", "type": "github" }, "original": { @@ -990,11 +1082,11 @@ "tinted-zed": { "flake": false, "locked": { - "lastModified": 1755613540, - "narHash": "sha256-zBFrrTxHLDMDX/OYxkCwGGbAhPXLi8FrnLhYLsSOKeY=", + "lastModified": 1757811247, + "narHash": "sha256-4EFOUyLj85NRL3OacHoLGEo0wjiRJzfsXtR4CZWAn6w=", "owner": "tinted-theming", "repo": "base16-zed", - "rev": "937bada16cd3200bdbd3a2f5776fc3b686d5cba0", + "rev": "824fe0aacf82b3c26690d14e8d2cedd56e18404e", "type": "github" }, "original": { @@ -1064,11 +1156,11 @@ "xwayland-satellite-unstable": { "flake": false, "locked": { - "lastModified": 1757179758, - "narHash": "sha256-TIvyWzRt1miQj6Cf5Wy8Qz43XIZX7c4vTVwRLAT5S4Y=", + "lastModified": 1758577423, + "narHash": "sha256-sB2GAOjhjoWnjU6A/uHNJiY6O3UeztV5pJAN2g1FkXU=", "owner": "Supreeeme", "repo": "xwayland-satellite", - "rev": "970728d0d9d1eada342bb8860af214b601139e58", + "rev": "03368548ba745e17a85bd631613a59cb2d8469a4", "type": "github" }, "original": { @@ -1085,11 +1177,11 @@ ] }, "locked": { - "lastModified": 1757188300, - "narHash": "sha256-LBdC9dbb6/fWMwGKSyNmuzkyOFFFLyOyveBj5HwEs8s=", + "lastModified": 1759292536, + "narHash": "sha256-fWTojLEpXgqwtKZb+qJ5gn9y8N6MAKM35yu0k+4yWmo=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "4ca47f098b4710e827180798bdc8b5f53d6d2e5a", + "rev": "d11cff279fb1d879cd72d6fb3bbd1ae7b584674b", "type": "github" }, "original": { @@ -4,6 +4,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05"; # Nix replacement because why not # lix-module = { @@ -15,7 +16,7 @@ url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # Nix User Repo nurpkgs = { url = "github:/nix-community/NUR"; @@ -31,7 +32,7 @@ url = "github:viperML/nh"; inputs.nixpkgs.follows = "nixpkgs"; }; - + # Styling for (almost) everything stylix.url = "github:danth/stylix"; @@ -43,9 +44,18 @@ # Secrets sops-nix = { url = "github:Mic92/sops-nix"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-stable"; }; + crowdsec = { + url = "git+https://codeberg.org/kampka/nix-flake-crowdsec.git"; + inputs.nixpkgs.follows = "nixpkgs-stable"; + }; + + nix-index-database = { + url = "github:nix-community/nix-index-database"; + inputs.nixpkgs.follows = "nixpkgs"; + }; zen-browser = { url = "github:0xc000022070/zen-browser-flake"; @@ -58,113 +68,125 @@ url = "github:nuclearcodecat/shimmer"; flake = false; }; - + betterfox = { url = "github:yokoffing/Betterfox"; flake = false; }; }; - outputs = { self - , nixpkgs - , home-manager - , nurpkgs - , hyprland - , disko - , sops-nix - , ... }@inputs: - let - inherit (self) outputs; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - "i686-linux" - "x86_64-linux" - ]; - in - { - packages = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in import ./pkgs { inherit pkgs; } - ); - # Devshell for bootstrapping - # Acessible through 'nix develop' or 'nix-shell' (legacy) - devShells = forAllSystems (system: - let pkgs = nixpkgs.legacyPackages.${system}; - in import ./shell.nix { inherit pkgs; } - ); - - # Your custom packages and modifications, exported as overlays - overlays = import ./overlays { inherit inputs outputs; }; - # Reusable nixos modules you might want to export - # These are usually stuff you would upstream into nixpkgs - nixosModules = import ./modules/nixos; - # Reusable home-manager modules you might want to export - # These are usually stuff you would upstream into home-manager - homeManagerModules = import ./modules/home-manager; - - # NixOS configuration entrypoint - # Available through 'nixos-rebuild --flake .#your-hostname' - nixosConfigurations = { - ltrr-mini = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - ./nixos/laptop/configuration.nix - disko.nixosModules.disko - ]; - }; - - ltrr = nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs outputs; }; - modules = [ - ./nixos/pc/configuration.nix - ]; - }; - - ltrr-tw = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - sops-nix.nixosModules.sops - ./nixos/tw/configuration.nix - ]; - }; - - ltrr-vpn = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - ./nixos/vpn/configuration.nix - ]; - }; - - ltrr-home = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - disko.nixosModules.disko - sops-nix.nixosModules.sops - ./nixos/server/configuration.nix - ]; - }; + outputs = { + self, + nixpkgs, + nixpkgs-stable, + home-manager, + nurpkgs, + hyprland, + disko, + sops-nix, + crowdsec, + nix-index-database, + ... + } @ inputs: let + inherit (self) outputs; + forAllSystems = nixpkgs.lib.genAttrs [ + "aarch64-linux" + "i686-linux" + "x86_64-linux" + ]; + in { + packages = forAllSystems ( + system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + import ./pkgs {inherit pkgs;} + ); + # Devshell for bootstrapping + # Acessible through 'nix develop' or 'nix-shell' (legacy) + devShells = forAllSystems ( + system: let + pkgs = nixpkgs.legacyPackages.${system}; + in + import ./shell.nix {inherit pkgs;} + ); + + # Your custom packages and modifications, exported as overlays + overlays = import ./overlays {inherit inputs outputs;}; + # Reusable nixos modules you might want to export + # These are usually stuff you would upstream into nixpkgs + nixosModules = import ./modules/nixos; + # Reusable home-manager modules you might want to export + # These are usually stuff you would upstream into home-manager + homeManagerModules = import ./modules/home-manager; + + # NixOS configuration entrypoint + # Available through 'nixos-rebuild --flake .#your-hostname' + nixosConfigurations = { + ltrr-mini = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + modules = [ + ./nixos/laptop/configuration.nix + disko.nixosModules.disko + ]; }; - - homeConfigurations = { - "jerpo@ltrr-mini" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home-manager/laptop.nix - nurpkgs.modules.homeManager.default - ]; - }; - - "jerpo@ltrr" = home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.x86_64-linux; - extraSpecialArgs = { inherit inputs outputs; }; - modules = [ - ./home-manager/pc.nix - nurpkgs.modules.homeManager.default - ]; - }; + + ltrr = nixpkgs.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + modules = [ + ./nixos/pc/configuration.nix + ]; + }; + + ltrr-tw = nixpkgs-stable.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + sops-nix.nixosModules.sops + crowdsec.nixosModules.crowdsec + ./nixos/tw/configuration.nix + ]; + }; + + ltrr-vpn = nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + ./nixos/vpn/configuration.nix + ]; + }; + + ltrr-home = nixpkgs-stable.lib.nixosSystem { + specialArgs = {inherit inputs outputs;}; + system = "x86_64-linux"; + modules = [ + disko.nixosModules.disko + sops-nix.nixosModules.sops + ./nixos/server/configuration.nix + ]; + }; + }; + + homeConfigurations = { + "jerpo@ltrr-mini" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = {inherit inputs outputs;}; + modules = [ + ./home-manager/laptop.nix + nurpkgs.modules.homeManager.default + nix-index-database.homeModules.nix-index + ]; + }; + + "jerpo@ltrr" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = {inherit inputs outputs;}; + modules = [ + ./home-manager/pc.nix + nurpkgs.modules.homeManager.default + nix-index-database.homeModules.nix-index + ]; }; }; + }; } diff --git a/nixos/server/configuration.nix b/nixos/server/configuration.nix index 4fdb3ec..3ae272c 100644 --- a/nixos/server/configuration.nix +++ b/nixos/server/configuration.nix @@ -3,6 +3,8 @@ lib, pkgs, config, + inputs, + outputs, ... }: let domain = "kcu.su"; @@ -10,18 +12,23 @@ in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") + "${inputs.nixpkgs}/nixos/modules/services/web-apps/filebrowser.nix" ./disk-config.nix ../serverModules/nginx.nix - ../serverModules/files.nix - ../serverModules/gonic.nix + ../serverModules/directories.nix ]; - nixpkgs.config.allowUnfree = true; - + nixpkgs = { + overlays = [ + outputs.overlays.unstable-packages + ]; + config.allowUnfree = true; + }; + sops = { defaultSopsFile = ../../secrets/ltrr-home/secrets.yaml; defaultSopsFormat = "yaml"; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; }; boot.loader.grub = { @@ -29,7 +36,10 @@ in { efiInstallAsRemovable = true; }; - services.openssh.enable = true; + services.openssh = { + enable = true; + settings.PasswordAuthentication = false; + }; environment.systemPackages = with pkgs; [ curl @@ -39,28 +49,31 @@ in { users.users = { root = { - openssh.authorizedKeys.keys = - [ - # change this to your ssh key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" - ]; - hashedPassword = "$y$j9T$v3n61T5.hOGZUgzeHKOp41$qli1X0.ewVopbLcMrqUX/rKggtvsYAKz2VwsSE/7pAA"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDJ8UW1BXDGDmlaiARO3a9boTG8wknUyITMz0Z0OJpHx spleefer6@yandex.ru" + ]; }; }; - filesDir = { - enable = true; - subPaths = [ - { - path = "music"; - group = "music"; - } - { - path = "images"; - group = "images"; - } + users.files = { + isNormalUser = true; + group = "files"; + extraGroups = [ + "music" + "images" ]; }; + createPaths = { + "/srv/files" = { + owner = "files"; + permissions = "0770"; + group = "files"; + subPaths = { + "music".group = "music"; + "images".group = "images"; + }; + }; + }; networking.hostName = "ltrr-home"; networking.firewall = { @@ -99,6 +112,7 @@ in { "navidrome".proxyPass = "http://127.0.0.1:4533"; "files".proxyPass = "http://127.0.0.1:${toString config.services.filebrowser.settings.port}"; "track".proxyPass = "http://127.0.0.1:7093"; + "tube".proxyPass = "http://127.0.0.1:5410"; }; }; @@ -160,6 +174,7 @@ in { users.users.navidrome.extraGroups = ["files" "music"]; services.navidrome = { enable = true; + package = pkgs.unstable.navidrome; settings = { BaseUrl = "https://navidrome.${domain}"; MusicFolder = "/srv/files/music"; @@ -170,6 +185,29 @@ in { environmentFile = config.sops.secrets.navidrome-env.path; }; + sops.secrets.xray-config = { + restartUnits = ["xray.service"]; + }; + services.xray = { + enable = true; + settingsFile = config.sops.secrets.xray-config.path; + }; + + services.invidious = { + enable = true; + address = "127.0.0.1"; + port = 5410; + domain = "tube.${domain}"; + settings = { + http_proxy = { + host = "127.0.0.1"; + port = 10801; + user = ""; + password = ""; + }; + }; + }; + virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.containers = { aonsoku = { diff --git a/nixos/tw/configuration.nix b/nixos/tw/configuration.nix index f851d12..4078ba1 100644 --- a/nixos/tw/configuration.nix +++ b/nixos/tw/configuration.nix @@ -1,17 +1,34 @@ -{ modulesPath, config, lib, pkgs, ... }: { +{ + modulesPath, + config, + lib, + pkgs, + outputs, + inputs, + ... +}: let + domain = "kcu.su"; +in { imports = [ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/profiles/qemu-guest.nix") + "${inputs.nixpkgs}/nixos/modules/services/networking/headscale.nix" # replacing the options with ones for a newer version ./disk-config.nix ../serverModules/nginx.nix ]; + disabledModules = ["services/networking/headscale.nix"]; + + nixpkgs.overlays = [ + outputs.overlays.unstable-packages + ]; + sops = { defaultSopsFile = ../../secrets/ltrr-tw/secrets.yaml; defaultSopsFormat = "yaml"; - age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; }; - + boot.loader.grub = { efiSupport = true; efiInstallAsRemovable = true; @@ -19,10 +36,12 @@ networking = { interfaces.ens3 = { - ipv4.addresses = [{ - address = "77.232.139.132"; - prefixLength = 24; - }]; + ipv4.addresses = [ + { + address = "77.232.139.132"; + prefixLength = 24; + } + ]; }; defaultGateway = { address = "77.232.139.1"; @@ -30,7 +49,7 @@ }; }; - networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; + networking.nameservers = ["8.8.8.8" "1.1.1.1"]; networking.useDHCP = lib.mkDefault false; @@ -39,7 +58,7 @@ services.openssh = { enable = true; }; - + environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal @@ -63,22 +82,22 @@ networking.nat = { enable = true; externalInterface = "ens3"; - internalInterfaces = [ "wg0" ]; + internalInterfaces = ["wg0"]; }; - sops.secrets.wg_private_key = {}; + sops.secrets.wg-private-key = {}; networking.wg-quick = { interfaces.wg0 = { - address = [ "10.1.1.1/32" ]; + address = ["10.1.1.1/32"]; listenPort = 51820; - privateKeyFile = config.sops.secrets.wg_private_key.path; + privateKeyFile = config.sops.secrets.wg-private-key.path; preUp = "sysctl -w net.ipv4.ip_forward=1"; peers = [ { - allowedIPs = [ "10.1.1.2/32" ]; + allowedIPs = ["10.1.1.2/32"]; publicKey = "kzXzxJu1AdcRI5UwtGOrN6WuTZYqJo++PYRrXdOu/lY="; persistentKeepalive = 25; } @@ -86,9 +105,9 @@ }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; - + networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedUDPPorts = [51820]; + security.acme = { acceptTerms = true; defaults.email = "notspl3g+acme@duck.com"; @@ -98,7 +117,7 @@ enable = true; acme.enable = true; - domain = "kcu.su"; + inherit domain; subdomains = { "headscale" = { proxyPass = "http://127.0.0.1:8768"; @@ -115,24 +134,23 @@ }; }; - home = - let - homeConfig = import ../server/configuration.nix { inherit modulesPath config lib pkgs; }; - in { - subdomains = homeConfig.nginx.subdomains; - url = "http://10.1.1.2"; - }; + home = let + homeConfig = import ../server/configuration.nix {inherit modulesPath config lib pkgs;}; + in { + subdomains = homeConfig.nginx.subdomains; + url = "http://10.1.1.2"; + }; }; - services.headscale = { enable = true; + package = pkgs.unstable.headscale; port = 8768; settings = { - server_url = "https://headscale.kcu.su:443"; + server_url = "https://headscale.${domain}:443"; dns = { - base_domain = "tailnet.kcu.su"; - nameservers.global = [ "8.8.8.8" ]; + base_domain = "tailnet.${domain}"; + nameservers.global = ["8.8.8.8"]; }; }; }; |