feat: flake · devins.page/flake@c08466b

+346

flake.lock

··· 1 + { 2 + "nodes": { 3 + "agenix": { 4 + "inputs": { 5 + "darwin": "darwin", 6 + "home-manager": "home-manager", 7 + "nixpkgs": "nixpkgs", 8 + "systems": "systems" 9 + }, 10 + "locked": { 11 + "lastModified": 1762618334, 12 + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", 13 + "owner": "ryantm", 14 + "repo": "agenix", 15 + "rev": "fcdea223397448d35d9b31f798479227e80183f6", 16 + "type": "github" 17 + }, 18 + "original": { 19 + "owner": "ryantm", 20 + "repo": "agenix", 21 + "type": "github" 22 + } 23 + }, 24 + "cl-nix-lite": { 25 + "locked": { 26 + "lastModified": 1728174978, 27 + "narHash": "sha256-Grqqg+xuicANB85j0gNEXxi9SBKY7bzGeTuyi95eGcY=", 28 + "owner": "hraban", 29 + "repo": "cl-nix-lite", 30 + "rev": "31cfe6275c341eb3120a99f4b1c8516c49a29d87", 31 + "type": "github" 32 + }, 33 + "original": { 34 + "owner": "hraban", 35 + "repo": "cl-nix-lite", 36 + "type": "github" 37 + } 38 + }, 39 + "darwin": { 40 + "inputs": { 41 + "nixpkgs": [ 42 + "agenix", 43 + "nixpkgs" 44 + ] 45 + }, 46 + "locked": { 47 + "lastModified": 1744478979, 48 + "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", 49 + "owner": "lnl7", 50 + "repo": "nix-darwin", 51 + "rev": "43975d782b418ebf4969e9ccba82466728c2851b", 52 + "type": "github" 53 + }, 54 + "original": { 55 + "owner": "lnl7", 56 + "ref": "master", 57 + "repo": "nix-darwin", 58 + "type": "github" 59 + } 60 + }, 61 + "flake-compat": { 62 + "flake": false, 63 + "locked": { 64 + "lastModified": 1730663653, 65 + "narHash": "sha256-kFCUWettiFHDIqxCWWQ9qY8pVh+Lj+XL0Giyy/kdomg=", 66 + "owner": "hraban", 67 + "repo": "flake-compat", 68 + "rev": "e5b16676185cb7548581c852f51ce7f3a49bba5e", 69 + "type": "github" 70 + }, 71 + "original": { 72 + "owner": "hraban", 73 + "ref": "fixed-output", 74 + "repo": "flake-compat", 75 + "type": "github" 76 + } 77 + }, 78 + "flake-utils": { 79 + "inputs": { 80 + "systems": [ 81 + "mac-app-util", 82 + "systems" 83 + ] 84 + }, 85 + "locked": { 86 + "lastModified": 1731533236, 87 + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", 88 + "owner": "numtide", 89 + "repo": "flake-utils", 90 + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", 91 + "type": "github" 92 + }, 93 + "original": { 94 + "id": "flake-utils", 95 + "type": "indirect" 96 + } 97 + }, 98 + "home-manager": { 99 + "inputs": { 100 + "nixpkgs": [ 101 + "agenix", 102 + "nixpkgs" 103 + ] 104 + }, 105 + "locked": { 106 + "lastModified": 1745494811, 107 + "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", 108 + "owner": "nix-community", 109 + "repo": "home-manager", 110 + "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", 111 + "type": "github" 112 + }, 113 + "original": { 114 + "owner": "nix-community", 115 + "repo": "home-manager", 116 + "type": "github" 117 + } 118 + }, 119 + "home-manager-stable": { 120 + "inputs": { 121 + "nixpkgs": [ 122 + "nixpkgs-stable" 123 + ] 124 + }, 125 + "locked": { 126 + "lastModified": 1764866045, 127 + "narHash": "sha256-0GsEtXV9OquDQ1VclQfP16cU5VZh7NEVIOjSH4UaJuM=", 128 + "owner": "nix-community", 129 + "repo": "home-manager", 130 + "rev": "f63d0fe9d81d36e5fc95497217a72e02b8b7bcab", 131 + "type": "github" 132 + }, 133 + "original": { 134 + "owner": "nix-community", 135 + "ref": "release-25.11", 136 + "repo": "home-manager", 137 + "type": "github" 138 + } 139 + }, 140 + "home-manager_2": { 141 + "inputs": { 142 + "nixpkgs": [ 143 + "nixpkgs" 144 + ] 145 + }, 146 + "locked": { 147 + "lastModified": 1764872372, 148 + "narHash": "sha256-uZuXRz9CzeCHsRbc2MQvKomwoX6GcFC5BUMEk3ouSFU=", 149 + "owner": "nix-community", 150 + "repo": "home-manager", 151 + "rev": "05a56dbf24f195c62286e3273a2671d3b4904b00", 152 + "type": "github" 153 + }, 154 + "original": { 155 + "owner": "nix-community", 156 + "repo": "home-manager", 157 + "type": "github" 158 + } 159 + }, 160 + "mac-app-util": { 161 + "inputs": { 162 + "cl-nix-lite": "cl-nix-lite", 163 + "flake-compat": "flake-compat", 164 + "flake-utils": "flake-utils", 165 + "nixpkgs": "nixpkgs_2", 166 + "systems": "systems_2", 167 + "treefmt-nix": "treefmt-nix" 168 + }, 169 + "locked": { 170 + "lastModified": 1756057867, 171 + "narHash": "sha256-ziR5eQGqRWhW8tf8r0TIplaqNt+HXu1G1X41LUr4IYo=", 172 + "owner": "hraban", 173 + "repo": "mac-app-util", 174 + "rev": "8414fa1e2cb775b17793104a9095aabeeada63ef", 175 + "type": "github" 176 + }, 177 + "original": { 178 + "owner": "hraban", 179 + "repo": "mac-app-util", 180 + "type": "github" 181 + } 182 + }, 183 + "nix-darwin": { 184 + "inputs": { 185 + "nixpkgs": [ 186 + "nixpkgs" 187 + ] 188 + }, 189 + "locked": { 190 + "lastModified": 1764161084, 191 + "narHash": "sha256-HN84sByg9FhJnojkGGDSrcjcbeioFWoNXfuyYfJ1kBE=", 192 + "owner": "nix-darwin", 193 + "repo": "nix-darwin", 194 + "rev": "e95de00a471d07435e0527ff4db092c84998698e", 195 + "type": "github" 196 + }, 197 + "original": { 198 + "owner": "nix-darwin", 199 + "ref": "master", 200 + "repo": "nix-darwin", 201 + "type": "github" 202 + } 203 + }, 204 + "nixpkgs": { 205 + "locked": { 206 + "lastModified": 1754028485, 207 + "narHash": "sha256-IiiXB3BDTi6UqzAZcf2S797hWEPCRZOwyNThJIYhUfk=", 208 + "owner": "NixOS", 209 + "repo": "nixpkgs", 210 + "rev": "59e69648d345d6e8fef86158c555730fa12af9de", 211 + "type": "github" 212 + }, 213 + "original": { 214 + "owner": "NixOS", 215 + "ref": "nixos-25.05", 216 + "repo": "nixpkgs", 217 + "type": "github" 218 + } 219 + }, 220 + "nixpkgs-stable": { 221 + "locked": { 222 + "lastModified": 1764677808, 223 + "narHash": "sha256-H3lC7knbXOBrHI9hITQ7modLuX20mYJVhZORL5ioms0=", 224 + "owner": "NixOS", 225 + "repo": "nixpkgs", 226 + "rev": "1aab89277eb2d87823d5b69bae631a2496cff57a", 227 + "type": "github" 228 + }, 229 + "original": { 230 + "owner": "NixOS", 231 + "ref": "nixos-25.11", 232 + "repo": "nixpkgs", 233 + "type": "github" 234 + } 235 + }, 236 + "nixpkgs_2": { 237 + "locked": { 238 + "lastModified": 1732617236, 239 + "narHash": "sha256-PYkz6U0bSEaEB1al7O1XsqVNeSNS+s3NVclJw7YC43w=", 240 + "owner": "NixOS", 241 + "repo": "nixpkgs", 242 + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", 243 + "type": "github" 244 + }, 245 + "original": { 246 + "owner": "NixOS", 247 + "repo": "nixpkgs", 248 + "rev": "af51545ec9a44eadf3fe3547610a5cdd882bc34e", 249 + "type": "github" 250 + } 251 + }, 252 + "nixpkgs_3": { 253 + "locked": { 254 + "lastModified": 1754340878, 255 + "narHash": "sha256-lgmUyVQL9tSnvvIvBp7x1euhkkCho7n3TMzgjdvgPoU=", 256 + "owner": "nixos", 257 + "repo": "nixpkgs", 258 + "rev": "cab778239e705082fe97bb4990e0d24c50924c04", 259 + "type": "github" 260 + }, 261 + "original": { 262 + "owner": "nixos", 263 + "ref": "nixpkgs-unstable", 264 + "repo": "nixpkgs", 265 + "type": "github" 266 + } 267 + }, 268 + "nixpkgs_4": { 269 + "locked": { 270 + "lastModified": 1764794580, 271 + "narHash": "sha256-UMVihg0OQ980YqmOAPz+zkuCEb9hpE5Xj2v+ZGNjQ+M=", 272 + "owner": "NixOS", 273 + "repo": "nixpkgs", 274 + "rev": "ebc94f855ef25347c314258c10393a92794e7ab9", 275 + "type": "github" 276 + }, 277 + "original": { 278 + "owner": "NixOS", 279 + "ref": "nixpkgs-unstable", 280 + "repo": "nixpkgs", 281 + "type": "github" 282 + } 283 + }, 284 + "root": { 285 + "inputs": { 286 + "agenix": "agenix", 287 + "home-manager": "home-manager_2", 288 + "home-manager-stable": "home-manager-stable", 289 + "mac-app-util": "mac-app-util", 290 + "nix-darwin": "nix-darwin", 291 + "nixpkgs": "nixpkgs_4", 292 + "nixpkgs-stable": "nixpkgs-stable" 293 + } 294 + }, 295 + "systems": { 296 + "locked": { 297 + "lastModified": 1681028828, 298 + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", 299 + "owner": "nix-systems", 300 + "repo": "default", 301 + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", 302 + "type": "github" 303 + }, 304 + "original": { 305 + "owner": "nix-systems", 306 + "repo": "default", 307 + "type": "github" 308 + } 309 + }, 310 + "systems_2": { 311 + "locked": { 312 + "lastModified": 1689347925, 313 + "narHash": "sha256-ozenz5bFe1UUqOn7f60HRmgc01BgTGIKZ4Xl+HbocGQ=", 314 + "owner": "nix-systems", 315 + "repo": "default-darwin", 316 + "rev": "2235d7e6cc29ae99878133c95e9fe5e157661ffb", 317 + "type": "github" 318 + }, 319 + "original": { 320 + "owner": "nix-systems", 321 + "repo": "default-darwin", 322 + "type": "github" 323 + } 324 + }, 325 + "treefmt-nix": { 326 + "inputs": { 327 + "nixpkgs": "nixpkgs_3" 328 + }, 329 + "locked": { 330 + "lastModified": 1755934250, 331 + "narHash": "sha256-CsDojnMgYsfshQw3t4zjRUkmMmUdZGthl16bXVWgRYU=", 332 + "owner": "numtide", 333 + "repo": "treefmt-nix", 334 + "rev": "74e1a52d5bd9430312f8d1b8b0354c92c17453e5", 335 + "type": "github" 336 + }, 337 + "original": { 338 + "owner": "numtide", 339 + "repo": "treefmt-nix", 340 + "type": "github" 341 + } 342 + } 343 + }, 344 + "root": "root", 345 + "version": 7 346 + }

+58

flake.nix

··· 1 + { 2 + description = "Darwin and NixOS system configurations"; 3 + 4 + inputs = { 5 + agenix.url = "github:ryantm/agenix"; 6 + home-manager.url = "github:nix-community/home-manager"; 7 + home-manager-stable.url = "github:nix-community/home-manager/release-25.11"; 8 + mac-app-util.url = "github:hraban/mac-app-util"; 9 + nix-darwin.url = "github:nix-darwin/nix-darwin/master"; 10 + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; 11 + nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.11"; 12 + 13 + home-manager.inputs.nixpkgs.follows = "nixpkgs"; 14 + home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; 15 + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; 16 + }; 17 + 18 + outputs = inputs: { 19 + darwinConfigurations.coolbook = inputs.nix-darwin.lib.darwinSystem { 20 + specialArgs = inputs; 21 + modules = [ 22 + ./modules/common 23 + ./modules/darwin 24 + ./hosts/coolbook 25 + inputs.home-manager.darwinModules.home-manager 26 + inputs.mac-app-util.darwinModules.default 27 + { 28 + home-manager = { 29 + sharedModules = [inputs.mac-app-util.homeManagerModules.default]; 30 + }; 31 + } 32 + ]; 33 + }; 34 + 35 + nixosConfigurations.bluepill = inputs.nixpkgs-stable.lib.nixosSystem { 36 + specialArgs = inputs; 37 + modules = [ 38 + ./modules/common 39 + ./modules/nixos 40 + ./hosts/bluepill 41 + inputs.agenix.nixosModules.default 42 + inputs.home-manager-stable.nixosModules.home-manager 43 + { 44 + nixpkgs.overlays = [ 45 + (final: prev: { 46 + tailscale = inputs.nixpkgs.legacyPackages.${prev.system}.tailscale; 47 + }) 48 + ]; 49 + } 50 + ]; 51 + }; 52 + 53 + formatter = { 54 + aarch64-darwin = inputs.nixpkgs.legacyPackages.aarch64-darwin.alejandra; 55 + x86_64-linux = inputs.nixpkgs.legacyPackages.x86_64-linux.alejandra; 56 + }; 57 + }; 58 + }

+41

hosts/bluepill/default.nix

··· 1 + {pkgs, ...}: { 2 + imports = [ 3 + ./hardware.nix 4 + ./services/homepage.nix 5 + ./services/jellyfin.nix 6 + ./services/navidrome.nix 7 + ./services/restic.nix 8 + ./services/samba.nix 9 + ./services/slskd.nix 10 + ./services/ssh.nix 11 + ./services/tailscale.nix 12 + ./services/transmission.nix 13 + ]; 14 + 15 + networking.hostName = "bluepill"; 16 + environment.systemPackages = with pkgs; [ 17 + age 18 + beets 19 + (ffmpeg.override { 20 + withFdkAac = true; 21 + withUnfree = true; 22 + }) 23 + imagemagick 24 + restic 25 + ]; 26 + age.identityPaths = ["/etc/age.key"]; 27 + 28 + users.groups.share-general.members = ["transmission" "devin"]; 29 + system.activationScripts.generalShare.text = '' 30 + mkdir -p /srv/general 31 + chown -R root:share-general /srv/general 32 + chmod -R 775 /srv/general 33 + ''; 34 + 35 + users.groups.share-media.members = ["jellyfin" "navidrome" "slskd" "transmission" "devin"]; 36 + system.activationScripts.mediaShare.text = '' 37 + mkdir -p /srv/media 38 + chown -R root:share-media /srv/media 39 + chmod -R 775 /srv/media 40 + ''; 41 + }

+48

hosts/bluepill/hardware.nix

··· 1 + # Do not modify this file! It was generated by ‘nixos-generate-config’ 2 + # and may be overwritten by future invocations. Please make changes 3 + # to /etc/nixos/configuration.nix instead. 4 + { 5 + config, 6 + lib, 7 + pkgs, 8 + modulesPath, 9 + ... 10 + }: { 11 + imports = [ 12 + (modulesPath + "/installer/scan/not-detected.nix") 13 + ]; 14 + 15 + boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "xhci_pci_renesas" "usbhid" "sd_mod"]; 16 + boot.initrd.kernelModules = []; 17 + boot.kernelModules = []; 18 + boot.extraModulePackages = []; 19 + 20 + fileSystems."/" = { 21 + device = "/dev/disk/by-uuid/649b9c36-dd13-4cb7-9561-dff01fa3641b"; 22 + fsType = "ext4"; 23 + }; 24 + 25 + fileSystems."/boot" = { 26 + device = "/dev/disk/by-uuid/8865-CA84"; 27 + fsType = "vfat"; 28 + options = ["fmask=0077" "dmask=0077"]; 29 + }; 30 + 31 + fileSystems."/mnt/backup" = { 32 + device = "/dev/disk/by-uuid/ec387aee-c588-4e84-9ddc-3be935c43257"; 33 + fsType = "ext4"; 34 + options = [ 35 + "defaults" 36 + "noatime" 37 + "nofail" 38 + "noauto" 39 + "x-systemd.automount" 40 + "x-systemd.idle-timeout=600" 41 + ]; 42 + }; 43 + 44 + swapDevices = []; 45 + 46 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 47 + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; 48 + }

+38

hosts/bluepill/services/homepage.nix

··· 1 + {...}: { 2 + services.homepage-dashboard = { 3 + enable = true; 4 + openFirewall = true; 5 + allowedHosts = "*"; 6 + widgets = [ 7 + { 8 + resources = { 9 + label = "Statistics"; 10 + cpu = true; 11 + memory = true; 12 + cputemp = true; 13 + uptime = true; 14 + units = "imperial"; 15 + network = true; 16 + }; 17 + } 18 + { 19 + resources = { 20 + label = "Internal"; 21 + disk = "/"; 22 + }; 23 + } 24 + { 25 + resources = { 26 + label = "Backups"; 27 + disk = "/mnt/backup"; 28 + }; 29 + } 30 + { 31 + search = { 32 + provider = "duckduckgo"; 33 + target = "_blank"; 34 + }; 35 + } 36 + ]; 37 + }; 38 + }

+22

hosts/bluepill/services/jellyfin.nix

··· 1 + { 2 + config, 3 + pkgs, 4 + ... 5 + }: { 6 + services.jellyfin = { 7 + enable = true; 8 + openFirewall = true; 9 + }; 10 + 11 + # enable nvidia shit 12 + hardware.graphics.enable = true; 13 + services.xserver.videoDrivers = ["nvidia"]; 14 + hardware.nvidia = { 15 + open = false; 16 + nvidiaSettings = true; 17 + package = config.boot.kernelPackages.nvidiaPackages.stable; 18 + modesetting.enable = false; 19 + powerManagement.enable = false; 20 + powerManagement.finegrained = false; 21 + }; 22 + }

+19

hosts/bluepill/services/navidrome.nix

··· 1 + {...}: { 2 + age.secrets.navidrome = { 3 + file = ../../../secrets/navidrome.age; 4 + owner = "navidrome"; 5 + group = "navidrome"; 6 + path = "/etc/secrets/navidrome"; 7 + }; 8 + 9 + services.navidrome = { 10 + enable = true; 11 + openFirewall = true; 12 + environmentFile = "/etc/secrets/navidrome"; 13 + settings = { 14 + MusicFolder = "/srv/media/music"; 15 + Address = "0.0.0.0"; 16 + CoverArtPriority = "cover.*, folder.*, front.*, embedded"; 17 + }; 18 + }; 19 + }

+49

hosts/bluepill/services/nbseven.nix

··· 1 + {...}: { 2 + networking.firewall = { 3 + allowedTCPPorts = [25565]; 4 + allowedUDPPorts = [24454]; # for vc 5 + }; 6 + 7 + virtualisation = { 8 + docker.enable = true; 9 + oci-containers = { 10 + backend = "docker"; 11 + containers = { 12 + minecraft-server = { 13 + image = "itzg/minecraft-server:latest"; 14 + ports = [ 15 + "25565:25565" 16 + "24454:24454/udp" # for vc 17 + ]; 18 + volumes = [ 19 + "/srv/nbseven:/data" 20 + ]; 21 + environment = { 22 + EULA = "TRUE"; 23 + TYPE = "FABRIC"; 24 + VERSION = "1.21.7"; 25 + MEMORY = "12G"; 26 + DIFFICULTY = "hard"; 27 + MOTD = "welcoem to NEW BEGINNINGS SERVER 7"; 28 + ENABLE_COMMAND_BLOCK = "true"; 29 + VIEW_DISTANCE = "12"; 30 + SIMULATION_DISTANCE = "6"; 31 + SEED = "-8024242352340898148"; 32 + SYNC_CHUNK_WRITES = "false"; 33 + USE_AIKAR_FLAGS = "true"; 34 + ALLOW_FLIGHT = "true"; 35 + PACKWIZ_URL = "https://intergrav.github.io/private-modpacks/nb7/pack.toml"; 36 + VANILLATWEAKS_SHARECODE = "KHhik4, DjYDGd"; 37 + }; 38 + autoStart = true; 39 + }; 40 + }; 41 + }; 42 + }; 43 + 44 + system.activationScripts.minecraft.text = '' 45 + mkdir -p /srv/nbseven 46 + chown -R 1000:1000 /srv/nbseven 47 + chmod -R 775 /srv/nbseven 48 + ''; 49 + }

+39

hosts/bluepill/services/restic.nix

··· 1 + {...}: { 2 + age.secrets.restic = { 3 + file = ../../../secrets/restic.age; 4 + owner = "root"; 5 + group = "root"; 6 + path = "/etc/secrets/restic"; 7 + }; 8 + 9 + services.restic = { 10 + server = { 11 + enable = true; 12 + dataDir = "/mnt/backup/restic"; 13 + extraFlags = ["--no-auth"]; 14 + }; 15 + backups = { 16 + "bluepill" = { 17 + repository = "/mnt/backup/restic/bluepill"; 18 + passwordFile = "/etc/secrets/restic"; 19 + initialize = true; 20 + timerConfig = { 21 + OnCalendar = "hourly"; 22 + Persistent = true; 23 + }; 24 + paths = [ 25 + "/etc/secrets" 26 + "/etc/age.key" 27 + "/home" 28 + "/srv" 29 + "/var/lib" 30 + ]; 31 + exclude = [ 32 + "/var/lib/transmission" 33 + ]; 34 + extraBackupArgs = ["--skip-if-unchanged" "--no-scan" "--one-file-system" "--exclude-caches" "--tag scheduled"]; 35 + pruneOpts = ["--keep-hourly 24" "--keep-daily 14" "--keep-weekly 4" "--keep-monthly 6" "--keep-yearly 2"]; 36 + }; 37 + }; 38 + }; 39 + }

+61

hosts/bluepill/services/samba.nix

··· 1 + {...}: { 2 + services.avahi = { 3 + enable = true; 4 + nssmdns4 = true; 5 + publish = { 6 + enable = true; 7 + userServices = true; 8 + hinfo = true; 9 + }; 10 + }; 11 + 12 + services.samba-wsdd = { 13 + enable = true; 14 + openFirewall = true; 15 + }; 16 + 17 + services.samba = { 18 + enable = true; 19 + openFirewall = true; 20 + settings = { 21 + global = { 22 + # https://wiki.samba.org/index.php/Configure_Samba_to_Work_Better_with_Mac_OS_X 23 + "vfs objects" = "catia fruit streams_xattr"; # added catia 24 + "fruit:metadata" = "stream"; 25 + "fruit:model" = "Macmini"; 26 + "fruit:veto_appledouble" = "no"; 27 + "fruit:nfs_aces" = "no"; 28 + "fruit:wipe_intentionally_left_blank_rfork" = "yes"; 29 + "fruit:delete_empty_adfiles" = "yes"; 30 + "fruit:posix_rename" = "yes"; 31 + }; 32 + "timemachine" = { 33 + "fruit:time machine" = "yes"; 34 + "fruit:time machine max size" = "2T"; 35 + "path" = "/mnt/backup/timemachine"; 36 + "comment" = "os x time machine backups"; 37 + "writeable" = "yes"; 38 + }; 39 + "transmission" = { 40 + "path" = "/var/lib/transmission"; 41 + "comment" = "transmission daemon directory"; 42 + "writeable" = "yes"; 43 + }; 44 + "slskd" = { 45 + "path" = "/var/lib/slskd"; 46 + "comment" = "soulseek daemon directory"; 47 + "writeable" = "yes"; 48 + }; 49 + "general" = { 50 + "path" = "/srv/general"; 51 + "comment" = "general miscellaneous stuff, like docs and downloads and other archival things"; 52 + "writeable" = "yes"; 53 + }; 54 + "media" = { 55 + "path" = "/srv/media"; 56 + "comment" = "devin's music, tv (mostly anime), movies, and more"; 57 + "writeable" = "yes"; 58 + }; 59 + }; 60 + }; 61 + }

+21

hosts/bluepill/services/slskd.nix

··· 1 + {...}: { 2 + networking.firewall.allowedTCPPorts = [5030]; 3 + 4 + age.secrets.slskd = { 5 + file = ../../../secrets/slskd.age; 6 + owner = "slskd"; 7 + group = "slskd"; 8 + path = "/etc/secrets/slskd"; 9 + }; 10 + 11 + services.slskd = { 12 + enable = true; 13 + openFirewall = true; 14 + domain = null; 15 + environmentFile = "/etc/secrets/slskd"; 16 + settings = { 17 + shares.directories = ["/srv/media/music"]; 18 + soulseek.description = "\n- running on NixOS and slskd\n- all files are compressed from FLAC/WAV to AAC with `fdk-aac -vbr 5` (essentially the best and most transparent AAC you can possibly get)\n- tagged and organized with beets\n\nthey/he | feel free to say hi, i don't check my messages super often though. enjoy the shares, and remember to try and support artists if you can :)"; 19 + }; 20 + }; 21 + }

+10

hosts/bluepill/services/ssh.nix

··· 1 + {...}: { 2 + services = { 3 + openssh = { 4 + enable = true; 5 + settings.PasswordAuthentication = false; 6 + }; 7 + 8 + fail2ban.enable = true; 9 + }; 10 + }

+3

hosts/bluepill/services/tailscale.nix

··· 1 + {...}: { 2 + services.tailscale.enable = true; 3 + }

+27

hosts/bluepill/services/transmission.nix

··· 1 + {pkgs, ...}: { 2 + age.secrets.transmission = { 3 + file = ../../../secrets/transmission.age; 4 + owner = "transmission"; 5 + group = "transmission"; 6 + path = "/etc/secrets/transmission.json"; 7 + }; 8 + 9 + services.transmission = { 10 + enable = true; 11 + openRPCPort = true; 12 + openPeerPorts = true; 13 + package = pkgs.transmission_4; 14 + credentialsFile = "/etc/secrets/transmission.json"; 15 + settings = { 16 + incomplete-dir-enabled = false; 17 + umask = "000"; 18 + rpc-bind-address = "0.0.0.0"; 19 + rpc-whitelist-enabled = false; 20 + rpc-authentication-required = true; 21 + rpc-username = "devin"; 22 + performanceNetParameters = true; 23 + }; 24 + }; 25 + 26 + users.groups.transmission.members = ["devin"]; 27 + }

+42

hosts/coolbook/default.nix

··· 1 + {pkgs, ...}: { 2 + networking.hostName = "coolbook"; 3 + 4 + homebrew = { 5 + taps = ["mhaeuser/mhaeuser"]; 6 + casks = [ 7 + "affinity" 8 + "bambu-studio" 9 + "battery-toolkit" 10 + "discord" 11 + "font-sf-compact" 12 + "font-sf-mono" 13 + "font-sf-pro" 14 + "ghostty" 15 + "iina" 16 + "inkscape" 17 + "keka" 18 + "meshlab" 19 + "mos" 20 + "musescore" 21 + "netnewswire" 22 + "obsidian" 23 + "omnidisksweeper" 24 + "onyx" 25 + "prismlauncher" 26 + "rnnoise" 27 + "rockboxutility" 28 + "signal" 29 + "steam" 30 + "tailscale-app" 31 + "utm" 32 + "valhalla-freq-echo" 33 + "valhalla-space-modulator" 34 + "valhalla-supermassive" 35 + "visual-studio-code" 36 + ]; 37 + }; 38 + 39 + environment.systemPackages = with pkgs; [ 40 + cinny-desktop 41 + ]; 42 + }

+22

justfile

··· 1 + # update flake 2 + up: 3 + nix flake update --flake . --commit-lock-file 4 + 5 + # switch to flake 6 + sw: 7 + #!/usr/bin/env bash 8 + if [[ "$(uname -s)" == "Darwin" ]]; then 9 + echo "detected darwin, running morlana..." 10 + nix run github:ryanccn/morlana -- switch --flake . 11 + elif [[ "$(uname -s)" == "Linux" ]]; then 12 + echo "detected linux, running sudo nixos-rebuild..." 13 + sudo nixos-rebuild switch --flake . 14 + else 15 + echo "unsupported os" 16 + exit 1 17 + fi 18 + 19 + # garbage collection/cleanup 20 + gc: 21 + sudo nix-collect-garbage -d && sudo nix-store --optimise 22 + nix-collect-garbage -d && nix-store --optimise

+16

modules/common/default.nix

··· 1 + {...}: { 2 + imports = [../users/devin.nix]; 3 + 4 + nix = { 5 + gc = { 6 + automatic = true; 7 + options = "--delete-older-than 7d"; 8 + }; 9 + optimise.automatic = true; 10 + settings.experimental-features = ["flakes" "nix-command"]; 11 + }; 12 + 13 + nixpkgs.config.allowUnfree = true; 14 + 15 + programs.fish.enable = true; 16 + }

+18

modules/darwin/default.nix

··· 1 + {lib, ...}: { 2 + system = { 3 + stateVersion = 6; 4 + configurationRevision = null; 5 + primaryUser = "devin"; 6 + }; 7 + 8 + nixpkgs.hostPlatform = lib.mkDefault "aarch64-darwin"; 9 + 10 + homebrew = { 11 + enable = true; 12 + onActivation = { 13 + autoUpdate = true; 14 + cleanup = "zap"; 15 + upgrade = true; 16 + }; 17 + }; 18 + }

+14

modules/nixos/default.nix

··· 1 + {lib, ...}: { 2 + system.stateVersion = lib.mkDefault "24.11"; 3 + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; 4 + 5 + boot.loader = { 6 + systemd-boot.enable = true; 7 + efi.canTouchEfiVariables = true; 8 + }; 9 + 10 + networking.networkmanager.enable = true; 11 + zramSwap.enable = true; 12 + time.timeZone = lib.mkDefault "America/Nassau"; 13 + i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; 14 + }

+96

modules/users/devin.nix

··· 1 + { 2 + lib, 3 + pkgs, 4 + ... 5 + }: let 6 + homeDir = 7 + if pkgs.stdenv.isDarwin 8 + then "/Users/devin" 9 + else "/home/devin"; 10 + in { 11 + users.users.devin = 12 + { 13 + home = homeDir; 14 + shell = pkgs.fish; 15 + } 16 + // lib.optionalAttrs (!pkgs.stdenv.isDarwin) { 17 + isNormalUser = true; 18 + extraGroups = ["networkmanager" "wheel"]; 19 + }; 20 + 21 + home-manager.users.devin = {pkgs, ...}: { 22 + home = { 23 + username = "devin"; 24 + homeDirectory = homeDir; 25 + stateVersion = "23.11"; 26 + packages = with pkgs; [ 27 + alejandra 28 + bun 29 + coreutils 30 + gh 31 + git 32 + just 33 + nixd 34 + packwiz 35 + rsync 36 + starship 37 + xz 38 + ]; 39 + }; 40 + 41 + programs = { 42 + home-manager.enable = true; 43 + 44 + fish = { 45 + enable = true; 46 + interactiveShellInit = '' 47 + if test "$TERM" = "xterm-ghostty" 48 + set -x TERM xterm-256color 49 + end 50 + starship init fish | source 51 + fish_add_path /opt/homebrew/bin 52 + ''; 53 + }; 54 + 55 + git = { 56 + enable = true; 57 + userName = "intergrav"; 58 + userEmail = "devin@devins.page"; 59 + extraConfig = { 60 + credential.helper = "!gh auth git-credential"; 61 + pull.rebase = true; 62 + rebase.autoStash = true; 63 + }; 64 + }; 65 + 66 + neovim = { 67 + enable = true; 68 + plugins = with pkgs.vimPlugins; [ 69 + lualine-nvim 70 + nvim-tree-lua 71 + nvim-treesitter 72 + nvim-treesitter-parsers.nix 73 + plenary-nvim 74 + telescope-nvim 75 + vim-commentary 76 + ]; 77 + extraLuaConfig = '' 78 + vim.opt.termguicolors = false 79 + require('lualine').setup() 80 + require('nvim-tree').setup() 81 + require('telescope').setup() 82 + require('nvim-treesitter.configs').setup({highlight = {enable = true}}) 83 + vim.g.mapleader = " " 84 + vim.keymap.set('n', '<leader>e', '<cmd>NvimTreeToggle<CR>') 85 + vim.keymap.set('n', '<leader>f', '<cmd>Telescope find_files<CR>') 86 + vim.keymap.set('n', '<leader>g', '<cmd>Telescope live_grep<CR>') 87 + ''; 88 + }; 89 + 90 + tmux = { 91 + enable = true; 92 + plugins = with pkgs.tmuxPlugins; [sensible]; 93 + }; 94 + }; 95 + }; 96 + }

secrets/navidrome.age

This is a binary file and will not be displayed.

+5

secrets/restic.age

··· 1 + age-encryption.org/v1 2 + -> X25519 IEBmsHlN+80/bfSx0MwAeLgr3Jeu1iqLm2wontZxETo 3 + F+SgkLYon/FCdXM5X7CTqJpw79Iins/zrHyD5Jz3oog 4 + --- DXRo1RI+r+weo9qCSLtLBQMDyDad5j4U2s/Ocp7K3ig 5 + ,x-/��I��.�軔��|:B�<�^��H��sv

+5

secrets/slskd.age

··· 1 + age-encryption.org/v1 2 + -> X25519 lSmaQbiOLyiAWO7jqzIxzcv0zoW6mTYqstkfv0f48lE 3 + gFaLcE2vynFdWzUJO3cHDtKTFzYJC1Z1jYRwohaxwzg 4 + --- hz4OZCHorUXWokMShmrOd2HFpJQbniocxRlvOtEGJIY 5 + �r�T�g��|�[&x��Y$�m�v��o��eKm��Â6l)P��?��ڃUŨM~ƅe��y� Ui!ѭ6 �YF�S}��'�b@;�fP��[��i\䦃uz�u��g�Z��g��F��`�>�HNKE��

+5

secrets/transmission.age

··· 1 + age-encryption.org/v1 2 + -> X25519 iuvOLhc35vZF2aZ9w9/icEGyxxUGz5x2c/nGqc5LEDM 3 + AzzJagWjPx10PCck2CZ0JMKO2XfK1+gB+RmwVA4pZJQ 4 + --- XR40sB3/KQKj7G7H+ZXOtUZvmw7OYaQFOmoE2KPDcEM 5 + keԡP�D@�=u��[?��c-�6i��Q�c��ۺW�U+ۆ��9�Κ��R�=B��