Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:dev
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:03f5bbf2c01ba5fee871878ee06e0e8dcec8ed2c
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

2 Commits
dev ... 03f5bbf2c0

Author SHA1 Message Date
andromeda
03f5bbf2c0 Merge commit 'caf1394' into development 2026-01-10 15:42:13 +01:00
andromeda
caf139425f update remote keys 2026-01-10 15:40:07 +01:00
36 changed files with 95 additions and 894 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,5 +1,3 @@
see TODO.md for my aspirations
## usage
### install

20
TODO.md
View File

@@ -1,20 +0,0 @@
- add other remote
- fully automate remote provisioning (remote keys)
- fix ipv6 on remotes
- modularize home manager
- add services?
- 0x0
- forgejo
- matrix homeserver
- matrix webclient
- radicale
- tor relay
- wireguard as vpn
- add home functionality
- better term emulator
- switch browser?
- chromium: much better sandboxing
- ladybird: be an early tester, contribute
- glide: sexier tridactyl implementation
- browsh: the GOAT
- get mouse out of here

5
deploy.sh
View File

@@ -1,5 +0,0 @@
# usage:
# $ ./deploy.sh <hostname> <ip>
# example usage:
# $ ./deply.sh 109-199-104-83 109.199.104.83
nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .?ref=411ee0c#$1 --target-host root@$2

336
flake.lock generated
View File

@@ -23,27 +23,6 @@
"type": "github"
}
},
"androidPkgs": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1750710155,
"narHash": "sha256-2lBEwXgclOrSsrhubSfifU91+sXqikC8qbiZ6yFeaEY=",
"owner": "tadfisher",
"repo": "android-nixpkgs",
"rev": "0846fab1f060f646e1017053077ad38dedc5207b",
"type": "github"
},
"original": {
"owner": "tadfisher",
"ref": "stable",
"repo": "android-nixpkgs",
"type": "github"
}
},
"base16": {
"inputs": {
"fromYaml": "fromYaml"
@@ -150,28 +129,6 @@
"type": "github"
}
},
"devshell": {
"inputs": {
"nixpkgs": [
"robotnix",
"androidPkgs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1741473158,
"narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=",
"owner": "numtide",
"repo": "devshell",
"rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -241,21 +198,6 @@
"url": "https://git.lix.systems/lix-project/flake-compat.git"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1746162366,
"narHash": "sha256-5SSSZ/oQkwfcAz/o/6TlejlVGqeK08wyREBQ5qFFPhM=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "0f158086a2ecdbb138cd0429410e44994f1b7e4b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
@@ -319,24 +261,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"fromYaml": {
"flake": false,
"locked": {
@@ -461,27 +385,6 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@@ -530,57 +433,6 @@
"type": "github"
}
},
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": [
"nix-on-droid",
"nmd"
],
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd"
},
"locked": {
"lastModified": 1765031149,
"narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-zulip": {
"flake": false,
"locked": {
@@ -622,11 +474,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"type": "github"
},
"original": {
@@ -636,38 +488,6 @@
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764242076,
@@ -684,76 +504,6 @@
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1750506804,
"narHash": "sha256-VLFNc4egNjovYVxDGyBYTrvVCgDYgENp5bVi9fPTDYc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4206c4cb56751df534751b058295ea61357bbbaa",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1767313136,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nmd": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"noshell": {
"inputs": {
"nixpkgs": [
@@ -845,24 +595,23 @@
"type": "github"
}
},
"robotnix": {
"phoenix": {
"inputs": {
"androidPkgs": "androidPkgs",
"flake-compat": "flake-compat_3",
"nixpkgs": "nixpkgs_4",
"treefmt-nix": "treefmt-nix"
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1768481330,
"narHash": "sha256-hYKnwFBPI0IyH8YbW3kqci8AS6ZtV7QSEa0E5Wt401M=",
"owner": "nix-community",
"repo": "robotnix",
"rev": "4ee0f9c86c3ae076bcbc41cbeebff054fe3d11a8",
"lastModified": 1766543224,
"narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
"owner": "celenityy",
"repo": "Phoenix",
"rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "robotnix",
"owner": "celenityy",
"repo": "Phoenix",
"type": "github"
}
},
@@ -872,33 +621,16 @@
"disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-on-droid": "nix-on-droid",
"nix-zulip": "nix-zulip",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
"noshell": "noshell",
"nur": "nur",
"nvf": "nvf",
"robotnix": "robotnix",
"phoenix": "phoenix",
"stylix": "stylix"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",
@@ -912,7 +644,7 @@
"nixpkgs"
],
"nur": "nur_2",
"systems": "systems_4",
"systems": "systems_3",
"tinted-foot": "tinted-foot",
"tinted-kitty": "tinted-kitty",
"tinted-schemes": "tinted-schemes",
@@ -978,21 +710,6 @@
"type": "github"
}
},
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tinted-foot": {
"flake": false,
"locked": {
@@ -1073,27 +790,6 @@
"repo": "base16-zed",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"robotnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1766000401,
"narHash": "sha256-+cqN4PJz9y0JQXfAK5J1drd0U05D5fcAGhzhfVrDlsI=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "42d96e75aa56a3f70cab7e7dc4a32868db28e8fd",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",

29
flake.nix
View File

@@ -18,10 +18,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-zulip = {
url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
flake = false;
@@ -38,7 +34,10 @@
url = "github:notashelf/nvf";
inputs.nixpkgs.follows = "nixpkgs";
};
robotnix.url = "github:nix-community/robotnix";
phoenix = {
url = "github:celenityy/Phoenix";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
url = "github:nix-community/stylix";
inputs.nixpkgs.follows = "nixpkgs";
@@ -51,12 +50,11 @@
impermanence,
nixos-mailserver,
nixpkgs,
nix-on-droid,
nix-zulip,
noshell,
nur,
nvf,
robotnix,
phoenix,
stylix,
...
}: let
@@ -77,6 +75,7 @@
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default
nix-zulip'.nixosModules.zulip
{
nixpkgs.overlays = [
@@ -94,7 +93,6 @@
{
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = {inherit machine;};
home-manager.backupFileExtension = "bak";
home-manager.users =
builtins.mapAttrs
(name: value: value)
@@ -119,20 +117,5 @@
builtins.mapAttrs
(hostname: value: configurationWithHomeManager value)
machines;
robotnixConfigurations.payton = robotnix.lib.robotnixSystem ./robotnix/payton.nix;
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {system = "aarch64-linux";};
modules = [
./modules/nix-on-droid/nix-on-droid.nix
{
home-manager.useGlobalPkgs = true;
home-manager.users."andromeda" = {
imports = [
./modules/nix-on-droid/home.nix
];
};
}
];
};
};
}

24
hardware-configuration.nix
View File

@@ -1,24 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

20
machines.nix
View File

@@ -11,7 +11,6 @@
# hardware configuration
# includes `system.stateVersion`
./modules/nixos/machines/lenovo.nix
./modules/nixos/zram.nix
# boot process
# systemd-boot
@@ -20,9 +19,6 @@
# networking
./modules/nixos/laptop.nix
# vpn
# ./modules/nixos/openvpn-client.nix
# ly display manager
./modules/nixos/ly.nix
@@ -31,10 +27,6 @@
# apps
./modules/nixos/steam.nix
./modules/nixos/phoenix.nix
# substitutors
./substitutors.nix
];
};
"109-199-104-83" = {
@@ -66,6 +58,8 @@
./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
# TODO add Impermanence to the following services
# simple-nixos-mailserver email server
# mail.domain
./modules/nixos/mailserver.nix
@@ -74,17 +68,15 @@
# webmail.domain
./modules/nixos/roundcube.nix
# matrix homeserver
# matrix.domain
./modules/nixos/matrix-continuwuity.nix
# BROKEN
# forgejo
# git.domain
# ./modules/nixos/forgejo.nix
./modules/nixos/forgejo.nix
# BROKEN
# zulip chat client
# chat.domain
# zulip chat server
# zulip.domain
# ./modules/nixos/zulip.nix
];
};

165
modules/nix-on-droid/home.nix
View File

@@ -1,165 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
home = {
username = "andromeda";
homeDirectory = "/home/${config.home.username}";
stateVersion = "26.05";
packages = [
pkgs.brush
pkgs.dust
pkgs.fzf
pkgs.glow
pkgs.nix-output-monitor
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
pkgs.tree
pkgs.zoxide
];
};
programs = {
bash = {
enable = true;
shellAliases = {
neofetch = "fastfetch";
ls = lib.mkForce "lsd";
ll = lib.mkForce "lsd -l";
l = "lsd -la";
cd = "z";
gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
md = "glow";
};
bashrcExtra = ''
PS1="\u@\h:\w$"
eval "$(zoxide init bash)"
'';
};
btop = {
enable = true;
settings = {
theme_background = false;
vim_keys = true;
rounded_corners = false;
graph_symbol = "braille";
update_ms = 150;
proc_sorting = "cpu lazy";
proc_gradient = false;
proc_left = true;
cpu_single_graph = true;
cpu_bottom = true;
clock_format = "/user@/host:/uptime@%H:%M";
background_update = true;
mem_graphs = false;
mem_below_net = true;
show_swap = false;
only_physical = true;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
};
};
fastfetch.enable = true;
git = {
enable = true;
settings = {
user = {
name = config.home.username;
email = "${config.home.username}@android";
};
init.defaultBranch = "master";
};
};
home-manager.enable = true;
lsd.enable = true;
nvf = {
enable = true;
settings.vim = {
autocomplete.nvim-cmp.enable = false;
formatter.conform-nvim = {
enable = true;
setupOpts.format_on_save = {
lsp_format = "fallback";
timeout_ms = 5000;
};
};
lsp.otter-nvim.enable = true;
git.enable = true;
keymaps = [
{
key = "<Down>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Up>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Left>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Right>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "jj";
mode = ["i"];
action = "<Esc>";
}
{
key = "kk";
mode = ["i"];
action = "<Esc>";
}
{
key = "jk";
mode = ["i"];
action = "<Esc>";
}
{
key = "kj";
mode = ["i"];
action = "<Esc>";
}
{
key = "<Esc>";
mode = ["i"];
action = "<Nop>";
}
];
languages = {
nix = {
enable = true;
format.enable = true;
lsp.enable = true;
};
haskell = {
enable = true;
lsp.enable = true;
};
};
lineNumberMode = "relative";
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smarttab = true;
foldmethod = "indent";
number = true;
colorcolumn = "80";
};
statusline.lualine.enable = true;
syntaxHighlighting = true;
};
};
ssh.enable = true;
};
}

5
modules/nix-on-droid/nix-on-droid.nix
View File

@@ -1,5 +0,0 @@
{pkgs, ...}: {
environment.packages = [pkgs.git];
system.stateVersion = "26.05";
nix.settings.experimentalFeatures = ["nix-command" "flakes"];
}

28
modules/nixos/mailserver.nix
View File

@@ -2,14 +2,10 @@
mailserver = {
enable = true;
stateVersion = 3;
# domain bs
fqdn = "mail.${config.networking.domain}";
domains = ["${config.networking.domain}"];
x509.useACMEHost = config.mailserver.fqdn;
loginAccounts = {
# test acc
"test@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
};
@@ -19,17 +15,6 @@
};
};
};
# put dkim key into /etc for declarability
mailserver.dkimKeyDirectory = "/etc/dkim";
environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
mode = "600";
user = config.services.rspamd.user;
group = config.services.rspamd.group;
};
# does acme for me
services.nginx = {
enable = true;
virtualHosts = {
@@ -37,26 +22,15 @@
forceSSL = true;
enableACME = true;
};
"matrix.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
"${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
};
};
};
security.acme = {
acceptTerms = true;
defaults.email = "mtgmonket@gmail.com";
};
# persist directories per the backup guidelines
environment.persistence."/persist" = {
directories = [
# not needed bc the dkim dir is declared
# "/var/dkim"
"/var/dkim"
"/var/vmail"
"/var/lib/redis-rspamd"
"/var/lib/acme"

26
modules/nixos/matrix-continuwuity.nix
View File

@@ -1,26 +0,0 @@
{config, ...}: {
services = {
matrix-continuwuity = {
enable = true;
settings = {
global = {
server_name = "${config.networking.domain}";
address = ["127.0.0.1"];
port = [6167];
well_known = {
server = "matrix.${config.networking.domain}";
client = "https://matrix.${config.networking.domain}";
};
};
};
};
nginx = {
upstreams.matrix.servers."127.0.0.1:6167" = {};
virtualHosts = {
"matrix.${config.networking.domain}".locations."/".proxyPass = "http://matrix";
"${config.networking.domain}".locations."/.well-known/matrix".proxyPass = "http://matrix";
};
};
};
}

11
modules/nixos/openvpn-client.nix
View File

@@ -1,11 +0,0 @@
{
services.openvpn.servers = {
"173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
};
environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
# turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
# networking.enableIPv6 = lib.mkForce false;
# workaround; NetworkManager reenables ipv6 without the following
# boot.kernelParams = ["ipv6.disable=1"];
}

45
modules/nixos/phoenix.nix
View File

@@ -1,45 +0,0 @@
{
pkgs,
config,
lib,
...
}: {
options.programs.firefox.phoenix = {
enable =
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
// {
default = true;
};
firefoxPackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["firefox"];
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
};
};
config = let
cfg = config.programs.firefox.phoenix;
in
lib.mkIf cfg.enable {
assertions = [
{
assertion = !pkgs.stdenv.isDarwin;
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
}
];
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
programs.firefox.policies =
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
nixpkgs.overlays = [
(import ../../overlays/phoenix.nix)
(
final: prev:
builtins.listToAttrs (
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
)
)
];
};
}

8
modules/nixos/zram.nix
View File

@@ -1,8 +0,0 @@
{
zramSwap = {
enable = true;
priority = 100;
algorithm = "zstd";
memoryPercent = 75;
};
}

38
modules/nixos/zulip.nix
View File

@@ -8,47 +8,25 @@
# host domain
host = "chat.${config.networking.domain}";
# secrets; head rolled on keyboard for all :)
# secrets
camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
# TODO check for parity with `mailserver-acc-admin-pw.age`
extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
extraSecrets = {
email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
};
# settings
zulipSettings = rec {
# email users
ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
EMAIL_HOST_USER = ZULIP_ADMINISTRATOR;
# configure mailserver port
EMAIL_HOST = config.mailserver.fqdn;
EMAIL_USE_SSL = true;
EMAIL_PORT = 465;
# setting to allow realm creation; probably unsafe, might delete later :3
OPEN_REALM_CREATION = true;
# send all noreply emails from `admin@galaxious.de`
# TODO configure admin to send from any address
EMAIL_USE_TLS = true;
EMAIL_PORT = 587;
ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;
# domain name
OPEN_REALM_CREATION = true;
EXTERNAL_HOST = config.services.zulip.host;
ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
};
};
# persist
environment.persistence."/persist".directories = [
# messages
"/var/lib/rabbitmq"
# uploads
"/var/lib/zulip"
# contrived, but in the store a couple layers down
# "/var/lib/redis-zulip"
];
}

21
overlays/phoenix.nix
View File

@@ -1,21 +0,0 @@
final: prev: let
phoenix-src = prev.fetchFromGitHub {
owner = "celenityy";
repo = "Phoenix";
rev = "07d9be8cbf938962f9847b0970274b885ff48792";
hash = "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=";
};
in {
phoenix = (final.callPackage (import "${phoenix-src}/nix/package.nix")
{
}).overrideAttrs {
patches = [
../patches/0001-autoDisableScopes-unlocked.patch
];
};
withPhoenix = firefoxPackage:
firefoxPackage.override {
extraPoliciesFiles = ["${final.phoenix}/policies.json"];
extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
};
}

25
patches/0001-autoDisableScopes-unlocked.patch
View File

@@ -1,25 +0,0 @@
From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Sun, 25 Jan 2026 10:41:03 +0100
Subject: [PATCH] autoDisableScopes unlocked
---
build/phoenix-unified.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
index e183890e..fd58b176 100644
--- a/build/phoenix-unified.js
+++ b/build/phoenix-unified.js
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
// https://archive.is/DYjAM
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
-pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
+pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
pref("extensions.enabledScopes", 5); // [HIDDEN]
pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
pref("extensions.sideloadScopes", 0); // [HIDDEN]
--
2.52.0

6
pub-keys.nix
View File

@@ -1,12 +1,10 @@
{
age.secrets = {
andromeda-pw.file = ./secrets/andromeda-pw.age;
conduit-secretFile.file = ./secrets/conduit-secretFile.age;
"dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
"mailserver-acc-zulip+admin-pw".file = "${./secrets}/mailserver-acc-zulip+admin-pw.age";
"mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
zulip-camoKey.file = ./secrets/zulip-camoKey.age;
zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age;
@@ -18,7 +16,7 @@
ssh = {
andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
_109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH5TA6Br8K4xTjD5YcXQDh4UQSvuE0lEs1UxUytDiAn root@109-199-104-83";
_109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjbjFrGZD98tAb8tnayeGjkcsJ17nAdREugZub3AWz root@109-199-104-83";
};
};
}

13
robotnix/payton.nix
View File

@@ -1,13 +0,0 @@
{...}: {
flavor = "lineageos";
# motorola moto x4 (payton)
device = "payton";
# latest supported version:
# check https://download.lineageos.org/devices/payton/builds
flavorVersion = "22.2";
apps.fdroid.enable = true;
microg.enable = true;
}

13
secrets/andromeda-pw.age
View File

@@ -1,8 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg ixFM7swaItfNnTRVSdTm1wZJ8lHUv7tDOgSXo1OpgCc
lf8/ChfcpgYkK8mTS9Zk++toOu0KNh88S+Lqu4a0UIw
-> ssh-ed25519 UHxfvA hbsRwdzU1IP3K/gH0btUOQ8hZer8Kgq+RqzcEVrCqTE
iSVh+yeypHoalRhaRM2XMlBvtO8HCyatDnWgUyC3GWU
--- hcs6DJZRvjoKDPI/cjUXRfM7+06PNJvWqjkvJof/bSs
Boƒp‡Qlg-§\§=Æ™ Ú¼ ðÛÒÙsv½Ì~×ÚOÔí{Rx×IErôs§1„¯v¹÷Ü:<
i¶Ÿ×1¾v»„KùÑýé¦*Ú |£ ¶´Ÿñ5[{­
-> ssh-ed25519 mT2fyg lpbWxTU6p0TLqdrqEAJLZp9lMuGZiTwZviuMBSq8dAI
hapEREw5ZqDrUsGYFbVy3ZybfxKv7cKtgsCIRUJNMeQ
-> ssh-ed25519 UHxfvA SrK+1CTq/fkEj/KlSHM+9iQq7AcNFjDwwwEVenbKSCs
zVNGyZbWQCrgmQ/uNCv23O6i6GfDdOoYHPN0E7A0XbE
--- KpfV8+Snrp9R69h5TVphgzvxEsDgaXI1Wva8iq5Y0Mk
<ivÆÞj¯/zíë—¹mÂ…ÿ?±û½ÿù~\£=Õ 5žL˜M”¤D¬ù¬Ãêûã(H$‰Ëã^<5E>f¾9º;ÀjˆaV8Èq“wµeô료<C2A3>%Û‡ªU

9
secrets/conduit-secretFile.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
-> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
-> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
--- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
^P%ÔϦ‚Û}ÌÝM¤Ñù&ߢهóQ¬?d^ØYú Ã~øTuÃï±oÍfž´·7¬nÙ'!'͓ㆆµ]d͇0>vÆÇŸ¸Ü.Ÿ€E]˜šÔ‡|‰>d— *wDÉ<44>¿­à<C2AD>­)cH<63>êÁ@W<>v*šWk<57>õéN¤ÎRßF I@¶ê;9=u¬Í¬°°Ï„Œ,—‘©)Ÿ>bÁÝ:O«Jð=´W

BIN
secrets/dkim-galaxious.de.mail.key.age
View File

Binary file not shown.

BIN
secrets/mailserver-acc-admin-pw.age
View File

Binary file not shown.

16
secrets/mailserver-acc-test-pw.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg at6Q9eK1o8Mk0+fJh+mnIVrvV1tASV+PGuV8MXuwR2c
cm3wvsLAemeeTFok7yBocNlfwewKruPnymG+wsT5g+Y
-> ssh-ed25519 UHxfvA aaQqfrUfUnLzwUVT6nCRPIAVlIhIWAJcPyeg3J6BQUI
4sh8ZV14csafSs8yAtFZIccSkiz6YnseV3DJcuhw7dQ
-> ssh-ed25519 yXDKAA KmwRbJURujQhlqOIVxzlVjyvaYRfyuJAVGWMZdkFaAE
mX083o2XdnnYgqLs5NeppwMbFHDHTucMiHHZuYdzLvo
--- Ay/SP2CXGOhSzO4KoiXFQhJMMdHaecxXOtNkGBK/RO0
Zÿ? áˆæFØ9_N`¶È8Õ÷å&<26>Îï@ëŽ)q€7aìO
-> ssh-ed25519 mT2fyg BHPXb0yAMGIMJoEFJFzq5YQrlj7C0IyXcIKHtEbQmiw
0ilGBqIPjzYe0l6N/PXdTWW3spJZIsIBC0B62wdutNc
-> ssh-ed25519 UHxfvA 4KodpMUl2mkRcsKY7EzoMgIeWQ0yqyW+NqQheyHd6w0
JMei4drWd0VG/qHDAlucoFtYlDAv/whTKrs23q9YX+c
-> ssh-ed25519 EL/Tyg Ip6g9rPqiKDUlmrBO+Bfu+VAi6rx90zUBxzbKupXHXE
AK9id0HQqWPzNrK3AVox4vUO4mQlI/uZY7+ez8992K4
--- rhCvXjaEy9bzdG5UTR6HcQvHfioEJi4H0BFjyrQopLc
ÞñÙ ŸJl¼O¹Wñ¿u­1ú•Ê€…÷ŽË±¬XÊd1 “[²éƒ||Bt‡\µ ™h¾#ŒÝÑ£'åb£™Aðîz"n1\Áõq0£—a<E28094>:Ñ®­T¢ëEGÑ Cy÷†7UáW

18
secrets/mailserver-acc-zulip+admin-pw.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg sRu0FIphSJVMBcC02mo1YuZdy3i2+/jMeN3ROvxp4kM
sEwx23t3IAauISKesq+110ZKRKxQv3Zesd0AJufYOLs
-> ssh-ed25519 UHxfvA +YaJGPRT7nX2CqVzw1ixNLpW7MfzEnj44pSwj4iUwhI
E2U6Q+4uesNCWK7uVSztrA84TU/n/xLFm3PJH0hO/EM
-> ssh-ed25519 yXDKAA V2kygl0BK/oYpKnnheslBO2YqXFdQWFgtqfmDNdgolc
NpJNN4nfrbgOav8Y38C9DwKFZH+QTRp/US/8kyo9m0o
--- LdqtfywtHOAy3AZ7AexZU0TJMU/ugq+ZYN07706rNxY
±
U$âApµnG NeÉ•£u y`!<21>ʤ®•Øf;ipvÙYˆ°V_3»ºN+±éªk#¨{û…ŽÊêWÑ*Ÿn(ÅËÎúÕ»G6ÒÉ Ýˆyc`<60>éqµ:$K]?Í—b=§'ü^Ï9
-> ssh-ed25519 mT2fyg /YSp9eYFPJT5Vj1lkw19CfDCW8bauZ2b1BiMtdZKTnY
sJL2tL8nmh7q/8raA6Nnha2J9witk3994fxyvGcmBoA
-> ssh-ed25519 UHxfvA 68lyvttT185FSxrJLdAv2Qdb9/50Dn8zL5K5v7knz2A
hrT93PeA+zX+ilXUjVuNQQi3nHED/ksmY82x89gJxj0
-> ssh-ed25519 EL/Tyg RDA+VpzH1QetDunca2R3KyzvBs0c1Hyp/BCDSGB+DQc
o9k3z0FO/VXubhug6eeSDRwed2zvu+pbWeed6cKOun0
--- 8dCuX7j1i7EiXtF6jILoMUt8RxxBXnMgDqvqp2uMSOk
€‚××ýÓ.ãÚg5†ˆT<CB86>oek'—nέ-7:±šàXEúa£ú¢÷pbíRéådQš¢±çåª<þ)n^q·yõEJ·
ˬë૳a<18>e9u·ë*N$€èXõVÉÈmgŒ(ʆ& 

12
secrets/mtgmonkey-pw.age
View File

@@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg WZNwnBmikWIb4rlH89iIQHouM7cw07/E/KXz/AVv3V8
FxLaO1zM0aGztJAsq+lgrM8gFogKY76Wcs1vYxhA19g
-> ssh-ed25519 UHxfvA YIpS5r25kHVJtG3+kDVUvAPyTKDsRPG/jHwXmiD44SA
FKAmC669aQzSbjBjbQbzCixdqnCXnb/JJRQo2MgEZgw
--- xvwJ5oYHR3T1D44fl/aeAVjZglnKhq0JKZr9YecC3EE
 owÌMÆÍÀ·{Œ8ãm€$/Ì1Åö0øts®ÞX±ýˆå¡ñ±Cד‡´ƒÏ\hõ-}¹•E,É ŽÑ¦,dxdX¥TAkäÄ
-> ssh-ed25519 mT2fyg OF0H3FW/+6+6efi3cniowSGshtKoTSgk3pgz9ct16Vw
RBSPPnJG1UtnOEpkPqwpB+xcQCBTmzVNpGH+2eJpYfM
-> ssh-ed25519 UHxfvA 1WcauG5gNnszYp/iAiFNLMvhPXAZ3qAd4F4t41U4bjY
ERntLA7C/KtbyQzc3REwCSo/i2Yygk8khJTeULUaZ0o
--- 9eUxYn/d3qTHY5AMjJk85iJINxrt6eHyBbx7NbY3s0E
ã6<EFBFBD>hM)Ì'ÚÔˉ3Õ´„Éeàý†

8
secrets/secrets.nix
View File

@@ -8,14 +8,6 @@ in {
"andromeda-pw.age".publicKeys = [andromeda lenovo];
"mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
# contains the following env
# CONDUIT_JWT_SECRET
# CONDUIT_TURN_SECRET
"conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
# dkim private keys
"dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];
# mail account passwords
"mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
"mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];

BIN
secrets/zulip-avatarSaltKey.age
View File

Binary file not shown.

17
secrets/zulip-camoKey.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg 5ADzKAtycqfFpqW/dp71FTaK2gchzdWFNqxPyZ6deSY
+aISA4YwF1l9S0fmE84wOvAJpM221bwPDYvXELTVv9k
-> ssh-ed25519 UHxfvA uKYcpPbaXA4r1OmlkuiIu/EqQ3IiHR7JpItnVgTaW2g
LjySgI4mTlaZY81IJc6DmBh43l2qeGlQnZi+rOlbtb8
-> ssh-ed25519 yXDKAA TMwoM06ZJsjkZ7eLguxqYB05jcRn+tTgVzE7WQIf0mw
vKwCkWsywGsgVv6Y278Mi28MhCYBRRUnfg4+EouOw+0
--- CScrim9wya9AhElXBtKBR3XBZDL83/g3MTfdF258GJ8
K#Ð>8}cã§Ï}8‡ÅL¹(Ëôcò¶
Üw1ª"O“Ù
-> ssh-ed25519 mT2fyg F5X75uA03GCdN5hiq4K6GPkjZOEGNxmZ71X8Gx0VeFY
nURLjoD+R284PtDudfVRVwByEP836e+rhQyggmZG5Jg
-> ssh-ed25519 UHxfvA 6hSu9W0aRzw6lzOg8VtnR19/byrMv3Ioc3dY/HQD3Qc
bTaLokq4Gn/tpCM7b10ME5MPR0oR3QyAKmlhXlrhLJw
-> ssh-ed25519 EL/Tyg 4k+vFxHeqISiWexGj5IAvXRpWdheKDJ/8b9dy8EYVHU
eRBAnmIxuXtgi7dVTHfH0Q9h8KsyrVD0tTK0PlXO0EE
--- ZLCSwwY0oD0L1nwBKhZlRmDG4dj6MdjXZFQoITaECDg
èoÓˆÏÀŽNq«[ïªJ)&7¯`:Þ¸`©×†ÿDµë/JåÙ±Fö[<12>©Aù#Z»ÇÁLÿy²)"gtßÍ*%4ôᘨÍO¢9Îv

17
secrets/zulip-extraSecrets-email_password.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg IOcD4r19Gx2AvjusnnJDHQXr/U4Ti6qKr01I9lNQDQE
fCwouMQPvhkyzehszuv0YhSfNh9zGKaFNDKaTZT0rD0
-> ssh-ed25519 UHxfvA e95raPehUz6T2FR/eT8kzfrxt/Ou6kKsqi7z/3BkfwU
uHymqnY3t7IwpxWkN8xen3Vsy6R7VMoj+fR0zPnPinY
-> ssh-ed25519 yXDKAA nlR1prGysW+k8gq2npEiboFqoo9jKQ5ISxRiiCFlb0s
kaGOvlQgO0nOAl12mMKvafa9ezmy8XdUC2tVPuBG4iw
--- MRFAGURoyediqNSjGxr57a0w6n9lH2zVjfyrUZcyAYw
zä0
-> ssh-ed25519 mT2fyg 6o7tjdOI24SQ/wAIw6DhF59ZSCY+5weRUxCqQso6PnI
1OdvoW2M8etjWYM87ZW2muKpNUV+iOFY8NCd1Wopjkk
-> ssh-ed25519 UHxfvA ksk6McR1jrkxTmGqMnkhM0b41+AZc26LoainR5CGmC8
AZTynapDNQ8aLFx7Rcu3dLVxJnuKcb8Emak9SjEOQcU
-> ssh-ed25519 EL/Tyg ZQaWIGPt41SwnQpGFnAadZmC/bVuTJx2v15GMmqjlU4
3/S32mze090ThCPZF/lDs3xvsaAKNgfrM7I09WUGtsk
--- aRUPFhqwkRAzL2sQW4UJPPhV/EEvWCmXLE7PjHMLtnU
Ûàš×ØßmÑa_VX#!Ü[ dà[ÁüÐ ö£®×s½M”!©/þb[ãJÄÝ[

BIN
secrets/zulip-rabbitmqPassword.age
View File

Binary file not shown.

BIN
secrets/zulip-secretKey.age
View File

Binary file not shown.

BIN
secrets/zulip-sharedSecretKey.age
View File

Binary file not shown.

8
substitutors.nix
View File

@@ -1,8 +0,0 @@
{
# spectrum
nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
];
}

34
users/andromeda/home.nix
View File

@@ -39,7 +39,6 @@ in {
pkgs.grim
pkgs.jmtpfs
pkgs.nix-output-monitor
pkgs.npins
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
@@ -92,30 +91,6 @@ in {
};
};
fastfetch.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username} = {
extensions = {
force = true;
packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
};
search = {
default = "DuckDuckGo (HTML)";
privateDefault = "DuckDuckGo (HTML)";
order = [
"DuckDuckGo (HTML)"
];
};
settings = {
"extensions.autoDisableScopes" = 0;
};
};
};
git = {
enable = true;
settings = {
@@ -128,6 +103,15 @@ in {
};
gh.enable = true;
home-manager.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username}.extensions.packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
};
lsd.enable = true;
nvf = {
enable = true;

10
users/andromeda/sway_config
View File

@@ -55,12 +55,6 @@ bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 0
seat * hide_cursor 100
input type:touchpad events disabled
bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
bindsym $mod+f fullscreen
bindsym $mod+Shift+space floating toggle
bindsym $mod+Shift+minus move scratchpad
@@ -70,8 +64,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
default_border none
font pango:monospace 0.001