lukas/puter
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

pluh 🗣

Browse source
This commit is contained in:
Lukas Wurzinger 2025-03-09 16:37:21 +01:00
parent 668140531b
commit 516b647ed4
No known key found for this signature in database
35 changed files with 204 additions and 119 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
classes/headful/codium.nix Normal file
View file

@ -0,0 +1,6 @@
{pkgs, ...}: {
# TODO: wrap
environment.systemPackages = [
pkgs.vscodium
];
}

6
classes/headful/flatpak.nix
View file

@ -1,3 +1,7 @@
{
{inputs, ...}: {
imports = [
inputs.flatpak.nixosModules.nix-flatpak
];
services.flatpak.enable = true;
}

2
classes/headful/gtk.nix
View file

@ -1,4 +1,4 @@
{
{pkgs, ...}: {
xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
programs.dconf.enable = true;

10
classes/headful/hardware.nix
View file

@ -1,16 +1,10 @@
{pkgs, ...}: {
{
hardware = {
bluetooth.enable = true;
steam-hardware.enable = true;
xone.enable = true;
xpadneo.enable = true;
opentabletdriver.enable = true;
graphics = {
enable = true;
extraPackages = [
pkgs.libvdpau-va-gl
pkgs.vaapiVdpau
];
};
graphics.enable = true;
};
}

26
classes/headless/grafana.nix
View file

@ -1,20 +1,24 @@
{
config,
lib,
...
}: {
services.grafana = {
enable = true;
domain = "grafana.pele";
port = 9010;
addr = "127.0.0.1";
# WARNING: this should match nginx setup!
# prevents "Request origin is not authorized"
rootUrl = "http://192.168.1.10:8010"; # helps with nginx / ws / live
settings.server = {
domain = "grafana.pele";
http_port = 9010;
http_addr = "127.0.0.1";
root_url = "http://192.168.1.10:8010"; # TODO
protocol = "http";
};
protocol = "http";
analytics.reporting.enable = false;
provision = {
enable = true;
datasources = [
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
@ -31,11 +35,11 @@
};
};
services.nginx.virtualHosts.${config.services.grafana.domain} = {
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
locations."/" = {
proxyPass = "http://${lib.formatHostPort {
host = config.services.grafana.addr;
inherit (config.services.grafana) port;
host = config.services.grafana.settings.server.http_addr;
port = config.services.grafana.settings.server.http_port;
}}";
proxyWebsockets = true;
};

17
classes/headless/loki.nix
View file

@ -1,4 +1,4 @@
{
{config, ...}: {
services.loki = {
enable = true;
configuration = {
@ -25,10 +25,10 @@
schema_config = {
configs = [
{
from = "2022-06-06";
store = "boltdb-shipper";
from = "2022-06-06"; #TODO
store = "tsdb";
object_store = "filesystem";
schema = "v12";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
@ -38,9 +38,9 @@
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
tsdb_shipper = {
active_index_directory = "${config.services.loki.dataDir}/tsdb-shipper-active";
cache_location = "${config.services.loki.dataDir}/tsdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
@ -65,7 +65,7 @@
};
compactor = {
working_directory = "/var/lib/loki";
working_directory = config.services.loki.dataDir;
shared_store = "filesystem";
compactor_ring = {
kvstore = {
@ -74,6 +74,5 @@
};
};
};
# user, group, dataDir, extraFlags, (configFile)
};
}

3
classes/headless/prometheus.nix
View file

@ -10,6 +10,7 @@
exporters = {
node = {
enable = true;
listenAddress = "127.0.0.1";
port = 3021;
enabledCollectors = ["systemd"];
};
@ -22,7 +23,7 @@
{
targets = let
target = lib.formatHostPort {
host = config.services.prometheus.exporters.node.listenAddr;
host = config.services.prometheus.exporters.node.listenAddress;
inherit (config.services.prometheus.exporters.node) port;
};
in [target];

1
classes/headless/promtail.nix
View file

@ -37,6 +37,5 @@
}
];
};
# extraFlags
};
}

12
classes/headless/tailscale.nix Normal file
View file

@ -0,0 +1,12 @@
{
services.tailscale = {
enable = true;
openFirewall = true; #TODO
};
networking.firewall = {
checkReversePath = "loose";
trustedInterfaces = ["tailscale0"];
allowedUDPPorts = [config.services.tailscale.port];
};
}

1
classes/kiosk/cosmic.nix
View file

@ -1,5 +1,6 @@
{
config,
lib,
inputs,
pkgs,
...

2
classes/kiosk/gtk.nix
View file

@ -1,4 +1,4 @@
{
{pkgs, ...}: {
xdg.portal.extraPortals = [pkgs.xdg-desktop-portal-gtk];
programs.dconf.enable = true;

11
classes/kiosk/hardware.nix
View file

@ -1,16 +1,9 @@
{pkgs, ...}: {
{
hardware = {
bluetooth.enable = true;
steam-hardware.enable = true;
xone.enable = true;
xpadneo.enable = true;
opentabletdriver.enable = true;
graphics = {
enable = true;
extraPackages = [
pkgs.libvdpau-va-gl
pkgs.vaapiVdpau
];
};
graphics.enable = true;
};
}

6
classes/kiosk/mullvad.nix
View file

@ -1,6 +0,0 @@
{pkgs, ...}: {
services.mullvad-vpn = {
enable = true;
package = pkgs.mullvad-vpn;
};
}

6
classes/kiosk/wayland.nix
View file

@ -1,6 +0,0 @@
{
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
SDL_VIDEODRIVER = "wayland";
};
}

117
flake.lock
View file

@ -95,11 +95,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1740678151,
"narHash": "sha256-q0tKL+Yny0wkLCHRBHQ97YhjorNLnbnyjc+FnQZyKkM=",
"lastModified": 1741348424,
"narHash": "sha256-nPwbJpX8AxmzbgRd2m6KHIbyN1xavq1BaBdJzO/lkW0=",
"owner": "cachix",
"repo": "devenv",
"rev": "af151da5e3d7391fe778050da00d8e7cefa2d087",
"rev": "8f8c96bb1e0c6a59a97592328dc61b9fdbe7474b",
"type": "github"
},
"original": {
@ -153,6 +153,22 @@
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1717312683,
"narHash": "sha256-FrlieJH50AuvagamEvWMIE6D2OAnERuDboFDYAED/dE=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "38fd3954cf65ce6faf3d0d45cd26059e059f07ea",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1733328505,
@ -195,11 +211,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1738453229,
"narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=",
"lastModified": 1741352980,
"narHash": "sha256-+u2UunDA4Cl5Fci3m7S643HzKmIDAe+fiXrLqYsR2fs=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd",
"rev": "f4330d22f1c5d2ba72d3d22df5597d123fdb60a9",
"type": "github"
},
"original": {
@ -257,11 +273,11 @@
]
},
"locked": {
"lastModified": 1737465171,
"narHash": "sha256-R10v2hoJRLq8jcL4syVFag7nIGE7m13qO48wRIukWNg=",
"lastModified": 1740849354,
"narHash": "sha256-oy33+t09FraucSZ2rZ6qnD1Y1c8azKKmQuCvF2ytUko=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "9364dc02281ce2d37a1f55b6e51f7c0f65a75f17",
"rev": "4a709a8ce9f8c08fa7ddb86761fe488ff7858a07",
"type": "github"
},
"original": {
@ -316,11 +332,11 @@
},
"hardware": {
"locked": {
"lastModified": 1740646007,
"narHash": "sha256-dMReDQobS3kqoiUCQIYI9c0imPXRZnBubX20yX/G5LE=",
"lastModified": 1741325094,
"narHash": "sha256-RUAdT8dZ6k/486vnu3tiNRrNW6+Q8uSD2Mq7gTX4jlo=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "009b764ac98a3602d41fc68072eeec5d24fc0e49",
"rev": "b48cc4dab0f9711af296fc367b6108cf7b8ccb16",
"type": "github"
},
"original": {
@ -423,6 +439,26 @@
"type": "github"
}
},
"nixos-cosmic": {
"inputs": {
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_6",
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1741532023,
"narHash": "sha256-wPoRT99r7dMQiXWzDe9v/2OSXOmGOWad/0q9norshvs=",
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"rev": "364761eb5ba3f1514446b6a0eb8e8651c5bc4c67",
"type": "github"
},
"original": {
"owner": "lilyinstarlight",
"repo": "nixos-cosmic",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
@ -441,14 +477,17 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1738452942,
"narHash": "sha256-vJzFZGaCpnmo7I6i416HaBLpC+hvcURh/BQwROcGIp8=",
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
"lastModified": 1740877520,
"narHash": "sha256-oiwv/ZK/2FhGxrCkQkB83i7GnWXPPLzoqFHpDD3uYpk=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "147dee35aab2193b174e4c0868bd80ead5ce755c",
"type": "github"
},
"original": {
"type": "tarball",
"url": "https://github.com/NixOS/nixpkgs/archive/072a6db25e947df2f31aab9eccd0ab75d5b2da11.tar.gz"
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-stable": {
@ -467,6 +506,22 @@
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1741332913,
"narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "20755fa05115c84be00b04690630cb38f0a203ad",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1733212471,
@ -533,11 +588,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1740695751,
"narHash": "sha256-D+R+kFxy1KsheiIzkkx/6L63wEHBYX21OIwlFV8JvDs=",
"lastModified": 1741379970,
"narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "6313551cd05425cd5b3e63fe47dbc324eabb15e4",
"rev": "36fd87baa9083f34f7f5027900b62ee6d09b1f2f",
"type": "github"
},
"original": {
@ -549,11 +604,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1740019556,
"narHash": "sha256-vn285HxnnlHLWnv59Og7muqECNMS33mWLM14soFIv2g=",
"lastModified": 1741310760,
"narHash": "sha256-aizILFrPgq/W53Jw8i0a1h1GZAAKtlYOrG/A5r46gVM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dad564433178067be1fbdfcce23b546254b6d641",
"rev": "de0fe301211c267807afd11b12613f5511ff7433",
"type": "github"
},
"original": {
@ -565,16 +620,16 @@
},
"phps": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"nixpkgs": "nixpkgs_7",
"utils": "utils"
},
"locked": {
"lastModified": 1740296995,
"narHash": "sha256-M0bsnyYP5DqO7EKL9ujwXCWKwwlg9F2xUklpMvbd/0s=",
"lastModified": 1741496686,
"narHash": "sha256-dJJ6n2w4OIemUWwfOy3yufKhggE0ncNOklbKgfa8CRY=",
"owner": "fossar",
"repo": "nix-phps",
"rev": "6a6be7dd7f86f305deab7799a17af50aff0e3218",
"rev": "f40909d5223656db01879d3325a8306883bcc668",
"type": "github"
},
"original": {
@ -619,7 +674,11 @@
"flatpak": "flatpak",
"hardware": "hardware",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs_6",
"nixos-cosmic": "nixos-cosmic",
"nixpkgs": [
"nixos-cosmic",
"nixpkgs"
],
"phps": "phps"
}
},

14
flake.nix
View file

@ -14,6 +14,8 @@
phps.url = "github:fossar/nix-phps";
lanzaboote.url = "github:nix-community/lanzaboote/v0.4.2";
flatpak.url = "github:gmodena/nix-flatpak?ref=latest";
nixpkgs.follows = "nixos-cosmic/nixpkgs";
nixos-cosmic.url = "github:lilyinstarlight/nixos-cosmic";
};
outputs = {
@ -57,14 +59,10 @@
];
};
packages =
self.lib.genAttrs [
"puter"
"disk"
"musicomp"
] (
name: pkgs.callPackage ./packages/${name} {}
);
packages = self.lib.packagesFromDirectoryRecursive {
inherit (pkgs) callPackage;
directory = ./packages;
};
};
};
}

5
hosts/headful/flamingo/librewolf.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.flatpak.packages = [
"io.gitlab.librewolf-community"
];
}

5
hosts/headful/glacier/librewolf.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.flatpak.packages = [
"io.gitlab.librewolf-community"
];
}

2
hosts/kiosk/insomniac/firefox.nix → hosts/headful/glacier/steam.nix
View file

@ -1,5 +1,5 @@
{
services.flatpak.packages = [
"org.mozilla.firefox"
"com.valvesoftware.Steam"
];
}

9
hosts/headless/abacus/headscale.nix Normal file
View file

@ -0,0 +1,9 @@
{
services.headscale = {
enable = true;
address = "127.0.0.1";
port = 3122; # TODO
settings = {
};
};
}

5
hosts/kiosk/insomniac/librewolf.nix Normal file
View file

@ -0,0 +1,5 @@
{
services.flatpak.packages = [
"io.gitlab.librewolf-community"
];
}

4
hosts/kiosk/insomniac/users.nix
View file

@ -6,7 +6,7 @@
inherit (config.users) mainUser;
in {
users = {
mainUser = lib.mkForce "user";
users.${mainUser}.description = lib.mkForce "User";
mainUser = lib.mkForce "insomniac";
users.${mainUser}.description = lib.mkForce "Insomniac";
};
}

3
lib.nix
View file

@ -67,7 +67,8 @@ lib: _: {
};
dirsIn = dir:
lib.pipe (builtins.readDir dir) [
lib.pipe dir [
builtins.readDir
(lib.filterAttrs (_: type: type == "directory"))
builtins.attrNames
];

4
packages/disk/disk.bash
View file

@ -54,8 +54,8 @@ bootlbl=BOOT
mainlbl=main
cryptmainlbl=cryptmain
mapping=main
bootflags=
mainflags=
bootflags=()
mainflags=()
fatflags=()
ext4flags=()
skips=()

2
packages/puter/puter.bash
View file

@ -29,7 +29,7 @@ args=$(
eval set -- "$args"
if [[ -n $PUTER_FLAKEREF ]]; then
if [[ -v PUTER_FLAKEREF && -n $PUTER_FLAKEREF ]]; then
flakeref=$PUTER_FLAKEREF
fi
flags=(

BIN
secrets/forgejo-admin.age
View file

Binary file not shown.

BIN
secrets/forgejo-mailer.age
View file

Binary file not shown.

BIN
secrets/microbin.age
View file

Binary file not shown.

21
secrets/miniflux.age
View file

@ -1,11 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw ftLkHrbUjgc35OAhuE3+E3V7hLCv23gzHTVqUWIsmiw
JNUkQKzmX0s2xrcjIppqy0bx3lnlciXdNXzomfs3YNg
-> ssh-ed25519 S+dwQQ vd73NCcRI3GayDfyg+qsI4TVjV1o7yqdaA0TBDiLghQ
iKnkpBuM6iDTSCgoufxmaVpKfYEAAPVXjImxWFo9Hr4
-> ssh-ed25519 bPbvlw cWnTTG7zTMkR66awD2o7RF8YlXqkhOh0mYwih4Q2CSE
Lgw50YqS35S5rtOPQA5pEnfClx2tDK8Wpf5vq7iq+w8
-> ssh-ed25519 ffmsLw QjN349CibGpB9HMcc1qprvxgOfLrid5EMAGcdja3gwM
6RS4vZAvsUjqLtyeZJdLsuPXsHK5fZPA6pesfJxA9NQ
--- IWwGdacyhMgpnjPvdxPGMlyjAyWOp20Rjv6V9OoIGY0
üJR°jþð¯ÿ¾)ü€N[è%`31üÚµƒÄqλίg™hÙÒe€ƒ—¡ÏDF,Ã~ËJ «oYç<>@X“~e K<ÐÙšØ8Ë4(¨<>ÁÎIÒÙO€òö
-> ssh-ed25519 SFHVrw Yo23v7ejgzBUv+EmyQHALyOhSKxFvVnhDFWJyiReuWc
jbPVHR+HK02tExnubKCqoGN7Hm32ER4SqogwGNQ/R98
-> ssh-ed25519 S+dwQQ AGE5B27dUQ98FBCy/sFEki4G1ZbIiUjAJIr1kOdBDg4
OzbdTrqlgcl+IxGWmZbSInlJ3jzHE542DMPWZznedD0
-> ssh-ed25519 bPbvlw KpvCpS6iMAt0Acagp111b57c2JSN3S9jQRGWNosrfRA
O+CJBJN5RC0Ft01fWHgXCpy2SeUdgxGW7MNPdZvz4YE
-> ssh-ed25519 ffmsLw vVNUoviY5cG67VdILPhON1DDFOzpAaSZq/s9R5AICGE
0WMV/lM+oQtn8m45TMBEuBQV3/JUqzVW4kDtf3y+6TU
--- SdYB9uVHXKT9B/+kKAkpnZt6rbqv8m1danRSXbz1NPk
Šç5Êس A¿dvŽjìä×Áboâ¶$;K“­ÜJ.«øb ”¶ z<>·ÿ|sÚqÃ}óíGŽ@­;µ€ø¥¬!þ?
Õçÿ(Pø¥nö,PKáôÞJ§ÿ8étƒ

21
secrets/restic-abacus.age
View file

@ -1,11 +1,12 @@
age-encryption.org/v1
-> ssh-ed25519 SFHVrw /OTVcIQd3fJVTG7aEwQCY/x6lfTd+EZpn7Jc4MeEcE4
31r1WrTF9ZnrL5za6p57fafVJfQAj5iyY6lLQriIwaY
-> ssh-ed25519 S+dwQQ TmWs92CYRNXJVaJCCsfQc7wWek38gofuVzaZiTchcRA
+zEDzASCzZbWn6weWXoBrCfDRLsOzKncFLLuXOTD/bc
-> ssh-ed25519 bPbvlw UuI6fU6RpT5aZBUZjgypR/q7N24usjkTxdu+hemcH2Q
AaqzU+V02ezyLuBLFpjiobv0qL87JaAI+CVur0nyuZ4
-> ssh-ed25519 ffmsLw 41XX4wfkbdkgcOGV/QobtwxXjfyYEkpYrUSGjhg1wBw
YZFSenGSwenFCuVxlmFQSLUACP1XUewZlKtRGYTuzRE
--- FwFDJ/HQQyHH1Ik5HdCF4ZHihlNCvD9BYGxgM4KOims
F=Δ\*—%]8³×l»Tp•$Ó–š4mõ>;y¿Ï9ð½µâÀ<C3A2>gvÍ!
-> ssh-ed25519 SFHVrw piOZebIDKWjodO0VC2tlgc7gF0Dc1j7Pl/iJ18WhgCs
4LB/K71GW6t9VWO0bQD1i12wux6FxmSucFo/v+4GBxg
-> ssh-ed25519 S+dwQQ 0nz4PbGQjOFHkDDKWpC4Heg7ORRUl+LTqgU9dRq5njY
3wuRZk4/qdTgMBg8UK8ELc1vBbkXSyFwNiA0elPcIi4
-> ssh-ed25519 bPbvlw mfwxdgOF2PKM88ZL0vbKWaeWpdD1TZ/+AeRYKfkIGDA
tKQarSGNY0Rdp0C+lLv2q0eFtRwewTB1Xn2MYUzldFs
-> ssh-ed25519 ffmsLw tswVSO8AEvvTHlXtU7hlcQD8f5wFHbq6ikMGPpVcHX8
zNFK1TD5Feiq4G/LsJWI5hTZs7tCR4U9E76v1mno2FM
--- 8h7d7RCoKBPqA6xGX0W1XT85J6VSRu6X6QHDStN4/mA
ç7euDœ<tÔ<74>²ã<>(ªkq#Ä è<>”<bò°P çmí—Ü—;¨‰
²ãl%ý

BIN
secrets/restic-vessel.age
View file

Binary file not shown.

2
secrets/secrets.nix
View file

@ -1,6 +1,6 @@
with import ../pubkeys.nix; {
"user-lukas.age".publicKeys = (builtins.attrValues users) ++ (builtins.attrValues (builtins.removeAttrs hosts ["insomniac"]));
"user-user.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
"user-insomniac.age".publicKeys = (builtins.attrValues users) ++ [hosts.insomniac];
"microbin.age".publicKeys = (builtins.attrValues users) ++ [hosts.abacus];

BIN
secrets/user-insomniac.age Normal file
View file

Binary file not shown.

BIN
secrets/user-lukas.age
View file

Binary file not shown.

BIN
secrets/vaultwarden.age
View file

Binary file not shown.