toph/dot.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: toph:eb4b3ddcbedc8cd3650e977ef452587231210f9d
Branches Tags
toph:main
toph:user-expansion
..
compare: toph:947f902192ed52ac86221fa74ef77b69a9ade544
Branches Tags
toph:main
toph:user-expansion

No commits in common. "eb4b3ddcbedc8cd3650e977ef452587231210f9d" and "947f902192ed52ac86221fa74ef77b69a9ade544" have entirely different histories.
eb4b3ddcbe ... 947f902192

23 changed files with 79 additions and 268 deletions
Show stats Expand all files Collapse all files

68
flake.lock generated
View file

@ -180,11 +180,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"lastModified": 1743550720,
"narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"rev": "c621e8422220273271f52058f618c94e405bb0f5",
"type": "github"
},
"original": {
@ -402,11 +402,11 @@
},
"hardware": {
"locked": {
"lastModified": 1749195551,
"narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=",
"lastModified": 1748634340,
"narHash": "sha256-pZH4bqbOd8S+si6UcfjHovWDiWKiIGRNRMpmRWaDIms=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "4602f7e1d3f197b3cb540d5accf5669121629628",
"rev": "daa628a725ab4948e0e2b795e8fb6f4c3e289a7a",
"type": "github"
},
"original": {
@ -443,11 +443,11 @@
]
},
"locked": {
"lastModified": 1749483884,
"narHash": "sha256-HdyfdVx0NbgrVtLY4lXdX9X/YE3PZjGZFnSyoAy1GJc=",
"lastModified": 1748830238,
"narHash": "sha256-EB+LzYHK0D5aqxZiYoPeoZoOzSAs8eqBDxm3R+6wMKU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "74d196c9943a67908d1883f61154e594d03863e5",
"rev": "c7fdb7e90bff1a51b79c1eed458fb39e6649a82a",
"type": "github"
},
"original": {
@ -529,11 +529,11 @@
]
},
"locked": {
"lastModified": 1749348095,
"narHash": "sha256-4KaUocEPNoU6gpFE6WPLMvMK5tmvJyc0qf84Mp8Chlw=",
"lastModified": 1748743761,
"narHash": "sha256-wodNEYzhBzsdfp5ggAsuJaTCLo3S9cwH7Svni1lgvwo=",
"owner": "fufexan",
"repo": "nix-gaming",
"rev": "4221d80488883c40003f0704af78699a583f0c9f",
"rev": "0f75191a5c244a38192c7587da7c3f04d35c5938",
"type": "github"
},
"original": {
@ -583,11 +583,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1748740939,
"narHash": "sha256-rQaysilft1aVMwF14xIdGS3sj1yHlI6oKQNBRTF40cc=",
"lastModified": 1743296961,
"narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "656a64127e9d791a334452c6b6606d17539476e2",
"rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa",
"type": "github"
},
"original": {
@ -598,11 +598,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1749173751,
"narHash": "sha256-ENY3y3v6S9ZmLDDLI3LUT8MXmfXg/fSt2eA4GCnMVCE=",
"lastModified": 1748421225,
"narHash": "sha256-XXILOc80tvlvEQgYpYFnze8MkQQmp3eQxFbTzb3m/R0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ed29f002b6d6e5e7e32590deb065c34a31dc3e91",
"rev": "78add7b7abb61689e34fc23070a8f55e1d26185b",
"type": "github"
},
"original": {
@ -614,11 +614,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"lastModified": 1748693115,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github"
},
"original": {
@ -630,11 +630,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1749285348,
"narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
"lastModified": 1748693115,
"narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
"rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
"type": "github"
},
"original": {
@ -884,11 +884,11 @@
"tinted-zed": "tinted-zed"
},
"locked": {
"lastModified": 1749481862,
"narHash": "sha256-CXZL1Kt4rP1SAQhT4wCM207pcjkTeZMza9iIVFKV71c=",
"lastModified": 1748887638,
"narHash": "sha256-AExfT8rMb6Ya37Gm3dimm+e4eeLGzya55JS6VWb3nfQ=",
"owner": "danth",
"repo": "stylix",
"rev": "d73d8f6a4834716496bf8930a492b115cc3d7d17",
"rev": "3ca2c4478a1e984d2007c57467c6986bcdcb2629",
"type": "github"
},
"original": {
@ -1152,11 +1152,11 @@
]
},
"locked": {
"lastModified": 1748932406,
"narHash": "sha256-KcZKPfLL7Bcjps60+JJEsiJLkOkes3wdR+bJxR27I3s=",
"lastModified": 1748849057,
"narHash": "sha256-ih5wxfFGg+0FDTFcoNftV4WaKQwtSEgrCo6widpbazk=",
"ref": "refs/heads/main",
"rev": "71ffb0166eaa71df9149fe9a293cf75d238bbe30",
"revCount": 14,
"rev": "05b214e6cd8721b14db8cd93272fc81965212b6d",
"revCount": 13,
"type": "git",
"url": "https://git.ryot.foo/toph/yay.nix.git"
},
@ -1172,11 +1172,11 @@
]
},
"locked": {
"lastModified": 1748971473,
"narHash": "sha256-0Xh6sZI86Ops6u7wyDQlVvV+MvRRXIDb1r3sMnLNk9M=",
"lastModified": 1748837535,
"narHash": "sha256-fn9n5rHrnV83v5y7DCS3uRWIdOab2hkAhfFTrjSg/gg=",
"owner": "youwen5",
"repo": "zen-browser-flake",
"rev": "5cc269976ca876674d8ccc7f40debb61e05583ab",
"rev": "9a3d6741f1324f47c27fb6aede05fbcbdefeadc9",
"type": "github"
},
"original": {

0
home/global/core/fastfetch/host/komo.txt → home/global/core/fastfetch/host/komodo.txt
View file

23
hosts/global/common/docker.nix
View file

@ -1,26 +1,4 @@
{ pkgs, ... }:
let
update-containers = pkgs.writeShellScriptBin "update-containers" ''
SUDO=""
if [[ $(id -u) -ne 0 ]]; then
SUDO="sudo"
fi
# Get all unique images from running and stopped containers
images=$($SUDO ${pkgs.docker}/bin/docker ps -a --format="{{.Image}}" | sort -u)
echo "Found images to update:"
echo "$images"
for image in $images
do
echo "Pulling $image..."
$SUDO ${pkgs.docker}/bin/docker pull $image
done
echo "Container image updates complete!"
'';
in
{
virtualisation = {
docker = {
@ -32,6 +10,5 @@ in
environment.systemPackages = with pkgs; [
lazydocker # Simple TUI
update-containers
];
}

6
hosts/global/common/system/pool.nix
View file

@ -45,10 +45,6 @@ in
"noatime"
"nofail"
"sec=sys"
"noac" # Disable attribute caching
"lookupcache=none" # Disable lookup caching
"intr" # Allow interruption
"hard" # Hard mount (retry on failure)
];
};
};
@ -59,7 +55,7 @@ in
services.nfs.idmapd.settings = {
General = {
Domain = "ryot.local"; # Must match on server and client
Domain = "local"; # Must match on server and client
Verbosity = 0;
};
};

11
hosts/global/core/networking.nix
View file

@ -12,5 +12,16 @@
useDHCP = lib.mkDefault true;
useHostResolvConf = false;
usePredictableInterfaceNames = true;
hosts = {
"104.40.3.1" = [ "opn" ];
"104.40.3.3" = [ "pve" ];
"104.40.3.24" = [ "cloud" ];
"104.40.3.34" = [ "proxy" ];
"104.40.3.44" = [ "komodo" ];
"104.40.3.54" = [ "nix" ];
"104.40.4.1" = [ "opn" ];
"104.40.4.7" = [ "rune" ];
};
};
}

4
hosts/nixos/cloud/config/nfs.nix
View file

@ -5,7 +5,7 @@
exports = ''
# Pool export - seen as root '/' by the client
/pool *(rw,insecure,no_subtree_check,no_root_squash,fsid=0,anonuid=1000,anongid=1004,async,no_wdelay)
/pool *(rw,insecure,no_subtree_check,no_root_squash,fsid=0,anonuid=1000,anongid=1004)
'';
extraNfsdConfig = "vers=4,4.1,4.2";
@ -15,7 +15,7 @@
# services.rpcbind.enable = true;
services.nfs.idmapd.settings = {
General = {
Domain = "ryot.local";
Domain = "local";
Verbosity = 0;
};
};

1
hosts/nixos/cloud/hardware.nix
View file

@ -28,7 +28,6 @@ in
"allow_other"
"minfreespace=50G"
"fsname=mergerfs"
"func.getattr=newest"
"category.create=mfs"
"nfsopenhack=all"
"nonempty"

0
hosts/nixos/komo/config/authentik/compose.yaml → hosts/nixos/komodo/config/authentik/compose.yaml
View file

6
hosts/nixos/komo/config/authentik/default.nix → hosts/nixos/komodo/config/authentik/default.nix
View file

@ -6,7 +6,7 @@
...
}:
let
# Only available in the Komo LXC
# Only available in the Komodo LXC
DockerStorage = "/mnt/DockerStorage/komodo/stacks/authentik";
env = config.secretsSpec.docker.authentik;
in
@ -94,7 +94,7 @@ in
];
};
virtualisation.oci-containers.containers."authentik-server" = {
image = "ghcr.io/goauthentik/server:2025.6.1";
image = "ghcr.io/goauthentik/server:2024.12.2";
environment = env;
volumes = [
"${DockerStorage}/custom-templates:/templates:rw"
@ -136,7 +136,7 @@ in
];
};
virtualisation.oci-containers.containers."authentik-worker" = {
image = "ghcr.io/goauthentik/server:2025.6.1";
image = "ghcr.io/goauthentik/server:2024.12.2";
environment = env;
volumes = [
"${DockerStorage}/certs:/certs:rw"

14
hosts/nixos/komo/config/caddy.nix → hosts/nixos/komodo/config/caddy.nix
View file

@ -64,6 +64,13 @@
'';
};
"mail.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9002
'';
};
"map.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
@ -84,6 +91,13 @@
reverse_proxy localhost:3000
'';
};
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
};
};
}

0
hosts/nixos/komo/config/default.nix → hosts/nixos/komodo/config/default.nix
View file

0
hosts/nixos/komo/config/komodo/compose.yaml → hosts/nixos/komodo/config/komodo/compose.yaml
View file

0
hosts/nixos/komo/config/komodo/default.nix → hosts/nixos/komodo/config/komodo/default.nix
View file

8
hosts/nixos/komo/default.nix → hosts/nixos/komodo/default.nix
View file

@ -1,6 +1,6 @@
###############################################################
#
# Komo - LXC Container
# Komodo - LXC Container
# NixOS container, Ryzen 5 5600G (12 Cores), 30GB/2GB RAM/SWAP
#
# Docker Environment, Managed by with Komodo
@ -16,11 +16,11 @@
let
username = "toph";
user = config.secretsSpec.users.${username};
firewall = config.secretsSpec.firewall.komo;
firewall = config.secretsSpec.firewall.komodo;
in
{
imports = lib.flatten [
## Komo Only ##
## Komodo Only ##
./config
## Hardware ##
@ -38,7 +38,7 @@ in
## Host Specifications ##
hostSpec = {
hostName = "komo";
hostName = "komodo";
username = username;
hashedPassword = user.hashedPassword;
email = user.email;

0
hosts/nixos/komo/hardware.nix → hosts/nixos/komodo/hardware.nix
View file

52
hosts/nixos/proxy/config/caddy.nix
View file

@ -8,58 +8,6 @@
reverse_proxy localhost:14333
'';
};
## openWRT ##
"wrt.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy http://104.40.3.1 {
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
## PROXMOX NODES ##
"ochre.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy https://104.40.3.2:8006 {
transport http {
tls_insecure_skip_verify
# optional: tls_server_name 104.40.3.2
}
# ensure Proxmox sees the right Host
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
"pve.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy https://104.40.3.3:8006 {
transport http {
tls_insecure_skip_verify
# optional: tls_server_name 104.40.3.3
}
header_up Host {host}
header_up X-Real-IP {remote}
header_up X-Forwarded-For {remote}
header_up X-Forwarded-Proto {scheme}
header_up X-Forwarded-Port {server_port}
}
'';
};
};
};
}

65
hosts/nixos/proxy/config/dnsmasq.nix
View file

@ -1,65 +0,0 @@
{
services.dnsmasq = {
enable = true;
settings = {
# Listen on eth0 for external clients and lo for local host
interface = [
"eth0"
"lo"
];
no-hosts = true;
no-resolv = true;
server = [
"104.40.3.1" # Query openWRT first for non-ryot.foo domains
"1.1.1.1" # Fallback public DNS
"1.0.0.1" # Fallback public DNS
"8.8.8.8" # Fallback public DNS
];
address = [
## CLOUD ##
"/drive.ryot.foo/104.40.3.24"
## PROXY ##
"/cloudflared.ryot.foo/104.40.3.34"
"/ochre.ryot.foo/104.40.3.34"
"/pve.ryot.foo/104.40.3.34"
"/wrt.ryot.foo/104.40.3.34"
## KOMO ##
"/auth.ryot.foo/104.40.3.44"
"/frp.ryot.foo/104.40.3.44"
"/git.ryot.foo/104.40.3.44"
"/grafana.ryot.foo/104.40.3.44"
"/home.ryot.foo/104.40.3.44"
"/influx.ryot.foo/104.40.3.44"
"/komodo.ryot.foo/104.40.3.44"
"/mail.ryot.foo/104.40.3.44"
"/map.ryot.foo/104.40.3.44"
"/outline.ryot.foo/104.40.3.44"
"/plane.ryot.foo/104.40.3.44"
## SOCK ##
"/upsnap.ryot.foo/104.40.3.54"
"/sock.ryot.foo/104.40.3.54"
];
cache-size = 1000;
# Log queries for debugging (optional)'
# log-queries = true;
};
};
networking = {
# Open DNS port in firewall
firewall = {
allowedTCPPorts = [ 53 ];
allowedUDPPorts = [ 53 ];
};
};
}

3
hosts/nixos/proxy/default.nix
View file

@ -52,7 +52,6 @@ in
networking = {
enableIPv6 = false;
firewall.allowedTCPPorts = firewall.allowedTCPPorts;
firewall.allowedUDPPorts = firewall.allowedUDPPorts;
};
## System-wide packages ##
@ -68,5 +67,5 @@ in
};
# https://wiki.nixos.org/wiki/FAQ/When_do_I_update_stateVersion
system.stateVersion = "25.05";
system.stateVersion = "24.11";
}

20
hosts/nixos/sock/config/caddy.nix
View file

@ -1,20 +0,0 @@
{
services.caddy = {
enable = true;
virtualHosts = {
"upsnap.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:8090
'';
};
"sock.ryot.foo" = {
useACMEHost = "ryot.foo";
extraConfig = ''
reverse_proxy localhost:9120
'';
};
};
};
}

14
hosts/nixos/sock/config/komodo.nix → hosts/nixos/sock/config/komodo/default.nix
View file

@ -7,7 +7,7 @@
}:
let
# Only available in the Sock LXC
OchreStorage = "/OchreStorage/komodo";
DockerStorage = "/OchreStorage/komodo";
env = config.secretsSpec.docker.komodo-sock;
in
{
@ -16,7 +16,7 @@ in
image = "ghcr.io/moghtech/komodo-core:latest";
environment = env;
volumes = [
"${OchreStorage}/cache:/repo-cache:rw"
"${DockerStorage}/cache:/repo-cache:rw"
];
ports = [
"9120:9120/tcp"
@ -62,8 +62,8 @@ in
image = "mongo";
environment = env;
volumes = [
"${OchreStorage}/mongo/config:/data/configdb:rw"
"${OchreStorage}/mongo/data:/data/db:rw"
"${DockerStorage}/mongo/config:/data/configdb:rw"
"${DockerStorage}/mongo/data:/data/db:rw"
];
cmd = [
"--quiet"
@ -111,9 +111,9 @@ in
volumes = [
"/proc:/proc:rw"
"/var/run/docker.sock:/var/run/docker.sock:rw"
"${OchreStorage}/repos:/etc/komodo/repos:rw"
"${OchreStorage}/ssl:/etc/komodo/ssl:rw"
"${OchreStorage}/stacks:${OchreStorage}/stacks:rw"
"${DockerStorage}/repos:/etc/komodo/repos:rw"
"${DockerStorage}/ssl:/etc/komodo/ssl:rw"
"${DockerStorage}/stacks:${DockerStorage}/stacks:rw"
];
ports = [
"8120:8120/tcp"

33
hosts/nixos/sock/hardware.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
pkgs,
...
}:
let
@ -16,35 +15,7 @@ in
];
# Ochre has no access to PVE DockerStorage, so sock will have its own storage
systemd.tmpfiles.rules = [
# Create directory with setgid bit and proper ownership
"d /OchreStorage 2775 1000 1004 -"
systemd.user.tmpfiles.rules = [
"d /OchreStorage 2775 ${username} ryot -"
];
# Use systemd service to ensure proper permissions with ACLs
systemd.services.ochre-storage-permissions = {
description = "Set proper permissions for OchreStorage";
wantedBy = [ "multi-user.target" ];
after = [ "local-fs.target" ];
path = with pkgs; [
acl
coreutils
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
# Ensure directory exists and has correct ownership/permissions
mkdir -p /OchreStorage
chown 1000:1004 /OchreStorage
chmod 2775 /OchreStorage
# Set default ACLs to ensure all new files/folders inherit 1000:1004
setfacl -d -m u:1000:rwx /OchreStorage
setfacl -d -m g:1004:rwx /OchreStorage
'';
};
environment.systemPackages = with pkgs; [ acl ];
}

19
pkgs/microsoft-edit/package.nix
View file

@ -1,11 +1,9 @@
{
lib,
stdenv,
rustPlatform,
fetchFromGitHub,
versionCheckHook,
nix-update-script,
icu,
}:
rustPlatform.buildRustPackage (finalAttrs: {
pname = "microsoft-edit";
@ -28,22 +26,6 @@ rustPlatform.buildRustPackage (finalAttrs: {
./write-filled-fix.patch
];
buildInputs = [
icu
];
postFixup =
let
rpathAppend = lib.makeLibraryPath [ icu ];
in
lib.optionalString stdenv.hostPlatform.isElf ''
patchelf $out/bin/edit \
--add-rpath ${rpathAppend}
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
${stdenv.cc.targetPrefix}install_name_tool -add_rpath ${rpathAppend} $out/bin/edit
'';
# Disabled for now, microsoft/edit#194
doInstallCheck = false;
nativeInstallCheckInputs = [ versionCheckHook ];
@ -65,6 +47,5 @@ rustPlatform.buildRustPackage (finalAttrs: {
changelog = "https://github.com/microsoft/edit/releases/tag/v${finalAttrs.version}";
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ RossSmyth ]; # https://github.com/NixOS/nixpkgs/pull/409075
platforms = lib.platforms.all;
};
})

BIN
secrets.nix
View file

Binary file not shown.