Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:dev
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:03f5bbf2c01ba5fee871878ee06e0e8dcec8ed2c
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

2 Commits
dev ... 03f5bbf2c0

Author SHA1 Message Date
andromeda
03f5bbf2c0 Merge commit 'caf1394' into development 2026-01-10 15:42:13 +01:00
andromeda
caf139425f update remote keys 2026-01-10 15:40:07 +01:00
32 changed files with 73 additions and 782 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,5 +1,3 @@
see TODO.md for my aspirations
## usage ## usage
### install ### install

20
TODO.md
View File

@@ -1,20 +0,0 @@
- add other remote
- fully automate remote provisioning (remote keys)
- fix ipv6 on remotes
- modularize home manager
- add services?
- 0x0
- forgejo
- matrix homeserver
- matrix webclient
- radicale
- tor relay
- wireguard as vpn
- add home functionality
- better term emulator
- switch browser?
- chromium: much better sandboxing
- ladybird: be an early tester, contribute
- glide: sexier tridactyl implementation
- browsh: the GOAT
- get mouse out of here

5
deploy.sh
View File

@@ -1,5 +0,0 @@
# usage:
# $ ./deploy.sh <hostname> <ip>
# example usage:
# $ ./deply.sh 109-199-104-83 109.199.104.83
nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./hardware-configuration.nix --flake .?ref=411ee0c#$1 --target-host root@$2

159
flake.lock generated
View File

@@ -385,27 +385,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -454,57 +433,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": [
"nix-on-droid",
"nmd"
],
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd"
},
"locked": {
"lastModified": 1765031149,
"narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-zulip": { "nix-zulip": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -560,38 +488,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1764242076, "lastModified": 1764242076,
@@ -608,44 +504,6 @@
"type": "github" "type": "github"
} }
}, },
"nmd": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"noshell": { "noshell": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -763,7 +621,6 @@
"disko": "disko", "disko": "disko",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"impermanence": "impermanence", "impermanence": "impermanence",
"nix-on-droid": "nix-on-droid",
"nix-zulip": "nix-zulip", "nix-zulip": "nix-zulip",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
@@ -774,22 +631,6 @@
"stylix": "stylix" "stylix": "stylix"
} }
}, },
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",

19
flake.nix
View File

@@ -18,10 +18,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-zulip = { nix-zulip = {
url = "git+https://git.afnix.fr/nix-zulip/nix-zulip"; url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
flake = false; flake = false;
@@ -54,7 +50,6 @@
impermanence, impermanence,
nixos-mailserver, nixos-mailserver,
nixpkgs, nixpkgs,
nix-on-droid,
nix-zulip, nix-zulip,
noshell, noshell,
nur, nur,
@@ -122,19 +117,5 @@
builtins.mapAttrs builtins.mapAttrs
(hostname: value: configurationWithHomeManager value) (hostname: value: configurationWithHomeManager value)
machines; machines;
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {system = "aarch64-linux";};
modules = [
./modules/nix-on-droid/nix-on-droid.nix
{
home-manager.useGlobalPkgs = true;
home-manager.users."andromeda" = {
imports = [
./modules/nix-on-droid/home.nix
];
};
}
];
};
}; };
} }

24
hardware-configuration.nix
View File

@@ -1,24 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

22
machines.nix
View File

@@ -19,9 +19,6 @@
# networking # networking
./modules/nixos/laptop.nix ./modules/nixos/laptop.nix
# vpn
./modules/nixos/openvpn-client.nix
# ly display manager # ly display manager
./modules/nixos/ly.nix ./modules/nixos/ly.nix
@@ -30,9 +27,6 @@
# apps # apps
./modules/nixos/steam.nix ./modules/nixos/steam.nix
# substitutors
./substitutors.nix
]; ];
}; };
"109-199-104-83" = { "109-199-104-83" = {
@@ -64,6 +58,8 @@
./modules/nixos/networking/ssh-as-root.nix ./modules/nixos/networking/ssh-as-root.nix
({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];}) ({config, ...}: {users.users.root.openssh.authorizedKeys.keys = [config.pub-keys.ssh.andromeda];})
# TODO add Impermanence to the following services
# simple-nixos-mailserver email server # simple-nixos-mailserver email server
# mail.domain # mail.domain
./modules/nixos/mailserver.nix ./modules/nixos/mailserver.nix
@@ -72,22 +68,16 @@
# webmail.domain # webmail.domain
./modules/nixos/roundcube.nix ./modules/nixos/roundcube.nix
# matrix homeserver
# matrix.domain
# ./modules/nixos/matrix-conduit.nix
# matrix homeserver
./modules/nixos/matrix-synapse.nix
# BROKEN
# forgejo # forgejo
# git.domain # git.domain
# ./modules/nixos/forgejo.nix ./modules/nixos/forgejo.nix
# BROKEN # BROKEN
# zulip chat client # zulip chat client
# chat.domain # chat.domain
./modules/nixos/zulip.nix # zulip chat server
# zulip.domain
# ./modules/nixos/zulip.nix
]; ];
}; };
} }

165
modules/nix-on-droid/home.nix
View File

@@ -1,165 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
home = {
username = "andromeda";
homeDirectory = "/home/${config.home.username}";
stateVersion = "26.05";
packages = [
pkgs.brush
pkgs.dust
pkgs.fzf
pkgs.glow
pkgs.nix-output-monitor
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
pkgs.tree
pkgs.zoxide
];
};
programs = {
bash = {
enable = true;
shellAliases = {
neofetch = "fastfetch";
ls = lib.mkForce "lsd";
ll = lib.mkForce "lsd -l";
l = "lsd -la";
cd = "z";
gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
md = "glow";
};
bashrcExtra = ''
PS1="\u@\h:\w$"
eval "$(zoxide init bash)"
'';
};
btop = {
enable = true;
settings = {
theme_background = false;
vim_keys = true;
rounded_corners = false;
graph_symbol = "braille";
update_ms = 150;
proc_sorting = "cpu lazy";
proc_gradient = false;
proc_left = true;
cpu_single_graph = true;
cpu_bottom = true;
clock_format = "/user@/host:/uptime@%H:%M";
background_update = true;
mem_graphs = false;
mem_below_net = true;
show_swap = false;
only_physical = true;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
};
};
fastfetch.enable = true;
git = {
enable = true;
settings = {
user = {
name = config.home.username;
email = "${config.home.username}@android";
};
init.defaultBranch = "master";
};
};
home-manager.enable = true;
lsd.enable = true;
nvf = {
enable = true;
settings.vim = {
autocomplete.nvim-cmp.enable = false;
formatter.conform-nvim = {
enable = true;
setupOpts.format_on_save = {
lsp_format = "fallback";
timeout_ms = 5000;
};
};
lsp.otter-nvim.enable = true;
git.enable = true;
keymaps = [
{
key = "<Down>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Up>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Left>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Right>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "jj";
mode = ["i"];
action = "<Esc>";
}
{
key = "kk";
mode = ["i"];
action = "<Esc>";
}
{
key = "jk";
mode = ["i"];
action = "<Esc>";
}
{
key = "kj";
mode = ["i"];
action = "<Esc>";
}
{
key = "<Esc>";
mode = ["i"];
action = "<Nop>";
}
];
languages = {
nix = {
enable = true;
format.enable = true;
lsp.enable = true;
};
haskell = {
enable = true;
lsp.enable = true;
};
};
lineNumberMode = "relative";
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smarttab = true;
foldmethod = "indent";
number = true;
colorcolumn = "80";
};
statusline.lualine.enable = true;
syntaxHighlighting = true;
};
};
ssh.enable = true;
};
}

5
modules/nix-on-droid/nix-on-droid.nix
View File

@@ -1,5 +0,0 @@
{pkgs, ...}: {
environment.packages = [pkgs.git];
system.stateVersion = "26.05";
nix.settings.experimentalFeatures = ["nix-command" "flakes"];
}

20
modules/nixos/mailserver.nix
View File

@@ -2,14 +2,10 @@
mailserver = { mailserver = {
enable = true; enable = true;
stateVersion = 3; stateVersion = 3;
# domain bs
fqdn = "mail.${config.networking.domain}"; fqdn = "mail.${config.networking.domain}";
domains = ["${config.networking.domain}"]; domains = ["${config.networking.domain}"];
x509.useACMEHost = config.mailserver.fqdn; x509.useACMEHost = config.mailserver.fqdn;
loginAccounts = { loginAccounts = {
# test acc
"test@${config.networking.domain}" = { "test@${config.networking.domain}" = {
hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path; hashedPasswordFile = builtins.toString config.age.secrets.mailserver-acc-test-pw.path;
}; };
@@ -19,17 +15,6 @@
}; };
}; };
}; };
# put dkim key into /etc for declarability
mailserver.dkimKeyDirectory = "/etc/dkim";
environment.etc."dkim/${config.networking.domain}.${config.mailserver.dkimSelector}.key" = {
source = config.age.secrets."dkim-${config.networking.domain}.${config.mailserver.dkimSelector}.key".path;
mode = "600";
user = config.services.rspamd.user;
group = config.services.rspamd.group;
};
# does acme for me
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts = { virtualHosts = {
@@ -43,12 +28,9 @@
acceptTerms = true; acceptTerms = true;
defaults.email = "mtgmonket@gmail.com"; defaults.email = "mtgmonket@gmail.com";
}; };
# persist directories per the backup guidelines
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ directories = [
# not needed bc the dkim dir is declared "/var/dkim"
# "/var/dkim"
"/var/vmail" "/var/vmail"
"/var/lib/redis-rspamd" "/var/lib/redis-rspamd"
"/var/lib/acme" "/var/lib/acme"

82
modules/nixos/matrix-conduit.nix
View File

@@ -1,82 +0,0 @@
{
config,
pkgs,
...
}: let
well_known_server = pkgs.writeText "well-known-matrix-server" ''
{
"m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
"m.homeserver": {
"base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
in {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = "${config.networking.domain}";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"matrix.${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {
proxyPass = "http://backend_conduit$request_uri";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
"${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server/" = {
alias = "${well_known_server}";
extraConfig = ''
default_type application/json;
'';
};
locations."/.well-known/matrix/client/" = {
alias = "${well_known_client}";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "";
'';
};
};
};
upstreams = {
backend-conduit = {
servers = {
"localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {};
};
};
};
};
networking.firewall.allowedTCPPorts = [8448];
networking.firewall.allowedUDPPorts = [8448];
}

65
modules/nixos/matrix-synapse.nix
View File

@@ -1,65 +0,0 @@
{
pkgs,
lib,
config,
...
}: let
fqdn = "${config.networking.hostName}.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
services.postgresql.enable = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
return 404;
'';
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
};
};
};
services.matrix-synapse = {
enable = true;
settings.server_name = config.networking.domain;
settings.public_baseurl = baseUrl;
settings.listeners = [
{
port = 8008;
bind_addresses = ["::1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
}

11
modules/nixos/openvpn-client.nix
View File

@@ -1,11 +0,0 @@
{
services.openvpn.servers = {
"173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
};
environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
# turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
# networking.enableIPv6 = lib.mkForce false;
# workaround; NetworkManager reenables ipv6 without the following
# boot.kernelParams = ["ipv6.disable=1"];
}

38
modules/nixos/zulip.nix
View File

@@ -8,47 +8,25 @@
# host domain # host domain
host = "chat.${config.networking.domain}"; host = "chat.${config.networking.domain}";
# secrets; head rolled on keyboard for all :) # secrets
camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path; camoKeyFile = builtins.toString config.age.secrets.zulip-camoKey.path;
rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path; rabbitmqPasswordFile = builtins.toString config.age.secrets.zulip-rabbitmqPassword.path;
secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path; secretKeyFile = builtins.toString config.age.secrets.zulip-secretKey.path;
sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path; sharedSecretKeyFile = builtins.toString config.age.secrets.zulip-sharedSecretKey.path;
avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path; avatarSaltKeyFile = builtins.toString config.age.secrets.zulip-avatarSaltKey.path;
extraSecrets = {
# TODO check for parity with `mailserver-acc-admin-pw.age` email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path;
extraSecrets.email_password = builtins.toString config.age.secrets.zulip-extraSecrets-email_password.path; };
# settings # settings
zulipSettings = rec { zulipSettings = rec {
# email users EMAIL_USE_TLS = true;
ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}"; EMAIL_PORT = 587;
EMAIL_HOST_USER = ZULIP_ADMINISTRATOR;
# configure mailserver port
EMAIL_HOST = config.mailserver.fqdn;
EMAIL_USE_SSL = true;
EMAIL_PORT = 465;
# setting to allow realm creation; probably unsafe, might delete later :3
OPEN_REALM_CREATION = true;
# send all noreply emails from `admin@galaxious.de`
# TODO configure admin to send from any address
ADD_TOKENS_TO_NOREPLY_ADDRESS = false; ADD_TOKENS_TO_NOREPLY_ADDRESS = false;
NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR; NOREPLY_EMAIL_ADDRESS = ZULIP_ADMINISTRATOR;
OPEN_REALM_CREATION = true;
# domain name
EXTERNAL_HOST = config.services.zulip.host; EXTERNAL_HOST = config.services.zulip.host;
ZULIP_ADMINISTRATOR = "admin@${config.networking.domain}";
}; };
}; };
# persist
environment.persistence."/persist".directories = [
# messages
"/var/lib/rabbitmq"
# uploads
"/var/lib/zulip"
# contrived, but in the store a couple layers down
# "/var/lib/redis-zulip"
];
} }

6
pub-keys.nix
View File

@@ -1,12 +1,10 @@
{ {
age.secrets = { age.secrets = {
andromeda-pw.file = ./secrets/andromeda-pw.age; andromeda-pw.file = ./secrets/andromeda-pw.age;
conduit-secretFile.file = ./secrets/conduit-secretFile.age;
"dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age; mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age; mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;
mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age; mailserver-acc-admin-pw.file = ./secrets/mailserver-acc-admin-pw.age;
"mailserver-acc-zulip+admin-pw".file = "${./secrets}/mailserver-acc-zulip+admin-pw.age"; "mailserver-acc-zulip+admin-pw".file = ./secrets + "/mailserver-acc-zulip+admin-pw.age";
zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age; zulip-avatarSaltKey.file = ./secrets/zulip-avatarSaltKey.age;
zulip-camoKey.file = ./secrets/zulip-camoKey.age; zulip-camoKey.file = ./secrets/zulip-camoKey.age;
zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age; zulip-extraSecrets-email_password.file = ./secrets/zulip-extraSecrets-email_password.age;
@@ -18,7 +16,7 @@
ssh = { ssh = {
andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo"; andromeda = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJy2VD362wUcu0lKj2d6OIU8dbAna0Lu/NaAYIj8gdIA andromeda@lenovo";
lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo"; lenovo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHG4eqsLTq2os2mxfwhys3BpVnowcJrqt2CbRFzN2pJb root@lenovo";
_109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH5TA6Br8K4xTjD5YcXQDh4UQSvuE0lEs1UxUytDiAn root@109-199-104-83"; _109-199-104-83 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDqjbjFrGZD98tAb8tnayeGjkcsJ17nAdREugZub3AWz root@109-199-104-83";
}; };
}; };
} }

13
secrets/andromeda-pw.age
View File

@@ -1,8 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg ixFM7swaItfNnTRVSdTm1wZJ8lHUv7tDOgSXo1OpgCc -> ssh-ed25519 mT2fyg lpbWxTU6p0TLqdrqEAJLZp9lMuGZiTwZviuMBSq8dAI
lf8/ChfcpgYkK8mTS9Zk++toOu0KNh88S+Lqu4a0UIw hapEREw5ZqDrUsGYFbVy3ZybfxKv7cKtgsCIRUJNMeQ
-> ssh-ed25519 UHxfvA hbsRwdzU1IP3K/gH0btUOQ8hZer8Kgq+RqzcEVrCqTE -> ssh-ed25519 UHxfvA SrK+1CTq/fkEj/KlSHM+9iQq7AcNFjDwwwEVenbKSCs
iSVh+yeypHoalRhaRM2XMlBvtO8HCyatDnWgUyC3GWU zVNGyZbWQCrgmQ/uNCv23O6i6GfDdOoYHPN0E7A0XbE
--- hcs6DJZRvjoKDPI/cjUXRfM7+06PNJvWqjkvJof/bSs --- KpfV8+Snrp9R69h5TVphgzvxEsDgaXI1Wva8iq5Y0Mk
Bo<1A>p<EFBFBD>Qlg-<2D>\<5C>=ƙ ڼ <0B><><1E><>sv<13><>~<7E><>O<EFBFBD><4F>{Rx<1E>IErô<>s<EFBFBD>1<1F><>v<EFBFBD><76><EFBFBD>:<<3C> <iv<69><07><>j<EFBFBD>/z<12>뗹m…<6D>?<3F><><EFBFBD><EFBFBD><EFBFBD>~\<>=<3D> 5<>L<EFBFBD>M<08><>D<EFBFBD><44><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>(H$<24><><EFBFBD>^<5E>f<>9<EFBFBD><39>;<3B>j<>aV8<56>q<06>w<EFBFBD>e<EFBFBD><EFBFBD><>U
i<EFBFBD><EFBFBD><EFBFBD>1<EFBFBD>v<0E><03>K<EFBFBD><4B><07><16><>*<2A> |<7C> <20><><EFBFBD><EFBFBD><EFBFBD>5[{<7B>\<5C>

9
secrets/conduit-secretFile.age
View File

@@ -1,9 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
-> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
-> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
--- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
^P%<25>Ϧ<EFBFBD><CFA6>}<7D><>M<EFBFBD><4D><EFBFBD>ه<DFA2>Q<>?d^<04>Y<EFBFBD> <09>~<7E>Tu<54><75><EFBFBD>o<EFBFBD>f<EFBFBD><66><EFBFBD>7<>n<1D>'!'͓<><10><><EFBFBD>]d͇0>v<>ǟ<EFBFBD><12>.<2E><>E]<1D><>ԇ|<7C>>d<><64>*wDɏ<44><1A><><EFBFBD><EFBFBD><0E><>)cH<63><48><EFBFBD>@W<>v*<2A>Wk<57><6B><EFBFBD>N<EFBFBD><4E>R<EFBFBD>F I@<40><>;9=u<><75><EFBFBD><EFBFBD><7F><EFBFBD><EFBFBD>τ<EFBFBD>,<01><><EFBFBD>)<29>>b<><03>:O<>J<EFBFBD>=<3D>W

BIN
secrets/dkim-galaxious.de.mail.key.age
View File

Binary file not shown.

BIN
secrets/mailserver-acc-admin-pw.age
View File

Binary file not shown.

16
secrets/mailserver-acc-test-pw.age
View File

@@ -1,9 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg at6Q9eK1o8Mk0+fJh+mnIVrvV1tASV+PGuV8MXuwR2c -> ssh-ed25519 mT2fyg BHPXb0yAMGIMJoEFJFzq5YQrlj7C0IyXcIKHtEbQmiw
cm3wvsLAemeeTFok7yBocNlfwewKruPnymG+wsT5g+Y 0ilGBqIPjzYe0l6N/PXdTWW3spJZIsIBC0B62wdutNc
-> ssh-ed25519 UHxfvA aaQqfrUfUnLzwUVT6nCRPIAVlIhIWAJcPyeg3J6BQUI -> ssh-ed25519 UHxfvA 4KodpMUl2mkRcsKY7EzoMgIeWQ0yqyW+NqQheyHd6w0
4sh8ZV14csafSs8yAtFZIccSkiz6YnseV3DJcuhw7dQ JMei4drWd0VG/qHDAlucoFtYlDAv/whTKrs23q9YX+c
-> ssh-ed25519 yXDKAA KmwRbJURujQhlqOIVxzlVjyvaYRfyuJAVGWMZdkFaAE -> ssh-ed25519 EL/Tyg Ip6g9rPqiKDUlmrBO+Bfu+VAi6rx90zUBxzbKupXHXE
mX083o2XdnnYgqLs5NeppwMbFHDHTucMiHHZuYdzLvo AK9id0HQqWPzNrK3AVox4vUO4mQlI/uZY7+ez8992K4
--- Ay/SP2CXGOhSzO4KoiXFQhJMMdHaecxXOtNkGBK/RO0 --- rhCvXjaEy9bzdG5UTR6HcQvHfioEJi4H0BFjyrQopLc
Z<11>?<14><0E><1A><><EFBFBD>B<EFBFBD><1E>F<EFBFBD>9_N`<60><>8<EFBFBD><38><EFBFBD>&<26><><1D>@<40><>)q<>7<EFBFBD>a<11>O <04><>٠<EFBFBD>Jl<4A>O<EFBFBD>W<EFBFBD><57>u<EFBFBD>1<EFBFBD><31>ʀ<EFBFBD><CA80><EFBFBD>˱<EFBFBD>X<EFBFBD>d1 <09>[<15><><EFBFBD>||Bt<42>\<5C> <20>h<EFBFBD>#<23><>ѣ'<27>b<EFBFBD><62>A<EFBFBD><41>z"n1\<5C><>q0<71><30>a<EFBFBD><>T<EFBFBD><54><EFBFBD>EG<45> b<><62>Cy<43><79>7U<37><1E>W

18
secrets/mailserver-acc-zulip+admin-pw.age
View File

@@ -1,10 +1,10 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg sRu0FIphSJVMBcC02mo1YuZdy3i2+/jMeN3ROvxp4kM -> ssh-ed25519 mT2fyg /YSp9eYFPJT5Vj1lkw19CfDCW8bauZ2b1BiMtdZKTnY
sEwx23t3IAauISKesq+110ZKRKxQv3Zesd0AJufYOLs sJL2tL8nmh7q/8raA6Nnha2J9witk3994fxyvGcmBoA
-> ssh-ed25519 UHxfvA +YaJGPRT7nX2CqVzw1ixNLpW7MfzEnj44pSwj4iUwhI -> ssh-ed25519 UHxfvA 68lyvttT185FSxrJLdAv2Qdb9/50Dn8zL5K5v7knz2A
E2U6Q+4uesNCWK7uVSztrA84TU/n/xLFm3PJH0hO/EM hrT93PeA+zX+ilXUjVuNQQi3nHED/ksmY82x89gJxj0
-> ssh-ed25519 yXDKAA V2kygl0BK/oYpKnnheslBO2YqXFdQWFgtqfmDNdgolc -> ssh-ed25519 EL/Tyg RDA+VpzH1QetDunca2R3KyzvBs0c1Hyp/BCDSGB+DQc
NpJNN4nfrbgOav8Y38C9DwKFZH+QTRp/US/8kyo9m0o o9k3z0FO/VXubhug6eeSDRwed2zvu+pbWeed6cKOun0
--- LdqtfywtHOAy3AZ7AexZU0TJMU/ugq+ZYN07706rNxY --- 8dCuX7j1i7EiXtF6jILoMUt8RxxBXnMgDqvqp2uMSOk
<EFBFBD> <EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.<1E><><EFBFBD>g5<67><35>T<EFBFBD>oek'<27>nέ-7:<3A><><EFBFBD>XE<58>a<EFBFBD><61><EFBFBD><EFBFBD>pb<70>R<EFBFBD><52>dQ<1F><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><<04>)n^q<>y<EFBFBD>EJ<45>
U$<24>Ap<>nG<6E>Neɕ<65>u<EFBFBD>y`!<21>ʤ<EFBFBD><CAA4><EFBFBD>f;ipv<70>Y<EFBFBD><59>V_3<5F><33>N+<06><><EFBFBD>k#<23>{<7B><><EFBFBD><EFBFBD><EFBFBD>W<EFBFBD>*<2A>n(<28><0F><03><><14><>ջG6<47><36> ݈yc`<60><>q<EFBFBD>:$K]?͗b=<3D>'<27>^<5E>9 ˬ<EFBFBD>૳a<18>e9u<39><75><EFBFBD>*N$<24><>X<EFBFBD>V<EFBFBD><56>mg<><>&<26>

12
secrets/mtgmonkey-pw.age
View File

@@ -1,7 +1,7 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg WZNwnBmikWIb4rlH89iIQHouM7cw07/E/KXz/AVv3V8 -> ssh-ed25519 mT2fyg OF0H3FW/+6+6efi3cniowSGshtKoTSgk3pgz9ct16Vw
FxLaO1zM0aGztJAsq+lgrM8gFogKY76Wcs1vYxhA19g RBSPPnJG1UtnOEpkPqwpB+xcQCBTmzVNpGH+2eJpYfM
-> ssh-ed25519 UHxfvA YIpS5r25kHVJtG3+kDVUvAPyTKDsRPG/jHwXmiD44SA -> ssh-ed25519 UHxfvA 1WcauG5gNnszYp/iAiFNLMvhPXAZ3qAd4F4t41U4bjY
FKAmC669aQzSbjBjbQbzCixdqnCXnb/JJRQo2MgEZgw ERntLA7C/KtbyQzc3REwCSo/i2Yygk8khJTeULUaZ0o
--- xvwJ5oYHR3T1D44fl/aeAVjZglnKhq0JKZr9YecC3EE --- 9eUxYn/d3qTHY5AMjJk85iJINxrt6eHyBbx7NbY3s0E
<EFBFBD>ow<6F>M<EFBFBD><4D><EFBFBD><EFBFBD>{<7B>8<EFBFBD>m<EFBFBD>$/<2F>1<EFBFBD><1A>0<EFBFBD>ts<74><73><EFBFBD>X<EFBFBD><58><1D><><EFBFBD><EFBFBD><EFBFBD><43><D793><EFBFBD><EFBFBD>\<13>h<>-}<7D><>E,<2C> <20><><1E>,dxdX<>TAk<EFBFBD><EFBFBD><EFBFBD> <EFBFBD>6<EFBFBD>hM)<29>'<27><>ˉ3մ<33><D5B4>e<EFBFBD><EFBFBD><EFBFBD>

8
secrets/secrets.nix
View File

@@ -8,14 +8,6 @@ in {
"andromeda-pw.age".publicKeys = [andromeda lenovo]; "andromeda-pw.age".publicKeys = [andromeda lenovo];
"mtgmonkey-pw.age".publicKeys = [andromeda lenovo]; "mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
# contains the following env
# CONDUIT_JWT_SECRET
# CONDUIT_TURN_SECRET
"conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
# dkim private keys
"dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];
# mail account passwords # mail account passwords
"mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-test-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];
"mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83]; "mailserver-acc-admin-pw.age".publicKeys = [andromeda lenovo _109-199-104-83];

BIN
secrets/zulip-avatarSaltKey.age
View File

Binary file not shown.

17
secrets/zulip-camoKey.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg 5ADzKAtycqfFpqW/dp71FTaK2gchzdWFNqxPyZ6deSY -> ssh-ed25519 mT2fyg F5X75uA03GCdN5hiq4K6GPkjZOEGNxmZ71X8Gx0VeFY
+aISA4YwF1l9S0fmE84wOvAJpM221bwPDYvXELTVv9k nURLjoD+R284PtDudfVRVwByEP836e+rhQyggmZG5Jg
-> ssh-ed25519 UHxfvA uKYcpPbaXA4r1OmlkuiIu/EqQ3IiHR7JpItnVgTaW2g -> ssh-ed25519 UHxfvA 6hSu9W0aRzw6lzOg8VtnR19/byrMv3Ioc3dY/HQD3Qc
LjySgI4mTlaZY81IJc6DmBh43l2qeGlQnZi+rOlbtb8 bTaLokq4Gn/tpCM7b10ME5MPR0oR3QyAKmlhXlrhLJw
-> ssh-ed25519 yXDKAA TMwoM06ZJsjkZ7eLguxqYB05jcRn+tTgVzE7WQIf0mw -> ssh-ed25519 EL/Tyg 4k+vFxHeqISiWexGj5IAvXRpWdheKDJ/8b9dy8EYVHU
vKwCkWsywGsgVv6Y278Mi28MhCYBRRUnfg4+EouOw+0 eRBAnmIxuXtgi7dVTHfH0Q9h8KsyrVD0tTK0PlXO0EE
--- CScrim9wya9AhElXBtKBR3XBZDL83/g3MTfdF258GJ8 --- ZLCSwwY0oD0L1nwBKhZlRmDG4dj6MdjXZFQoITaECDg
K#<23>>8}c<><EFBFBD><7F>}8<><38>L<04>(<28><>c<EFBFBD><63> <EFBFBD><1F>l<7F><13><>Nq<>[<5B><>J)&7<>`:޸`<60>׆<EFBFBD>D<EFBFBD><44>/J<>ٱF<D9B1>[<12><>A<EFBFBD>#<23>Z<EFBFBD><5A><EFBFBD>L<EFBFBD>y<EFBFBD>)"gt<1F><>*%4<><EFBFBD>O<EFBFBD>9Αv
<EFBFBD>w1<EFBFBD>"O<><4F>

17
secrets/zulip-extraSecrets-email_password.age
View File

@@ -1,10 +1,9 @@
age-encryption.org/v1 age-encryption.org/v1
-> ssh-ed25519 mT2fyg IOcD4r19Gx2AvjusnnJDHQXr/U4Ti6qKr01I9lNQDQE -> ssh-ed25519 mT2fyg 6o7tjdOI24SQ/wAIw6DhF59ZSCY+5weRUxCqQso6PnI
fCwouMQPvhkyzehszuv0YhSfNh9zGKaFNDKaTZT0rD0 1OdvoW2M8etjWYM87ZW2muKpNUV+iOFY8NCd1Wopjkk
-> ssh-ed25519 UHxfvA e95raPehUz6T2FR/eT8kzfrxt/Ou6kKsqi7z/3BkfwU -> ssh-ed25519 UHxfvA ksk6McR1jrkxTmGqMnkhM0b41+AZc26LoainR5CGmC8
uHymqnY3t7IwpxWkN8xen3Vsy6R7VMoj+fR0zPnPinY AZTynapDNQ8aLFx7Rcu3dLVxJnuKcb8Emak9SjEOQcU
-> ssh-ed25519 yXDKAA nlR1prGysW+k8gq2npEiboFqoo9jKQ5ISxRiiCFlb0s -> ssh-ed25519 EL/Tyg ZQaWIGPt41SwnQpGFnAadZmC/bVuTJx2v15GMmqjlU4
kaGOvlQgO0nOAl12mMKvafa9ezmy8XdUC2tVPuBG4iw 3/S32mze090ThCPZF/lDs3xvsaAKNgfrM7I09WUGtsk
--- MRFAGURoyediqNSjGxr57a0w6n9lH2zVjfyrUZcyAYw --- aRUPFhqwkRAzL2sQW4UJPPhV/EEvWCmXLE7PjHMLtnU
<13><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>m<EFBFBD>a_VX#!<21>[ d<>[<5B><><EFBFBD> <0C><><EFBFBD><EFBFBD>s<EFBFBD>M<EFBFBD>!<21>/<2F>b[<5B>J<EFBFBD><4A>[
z<EFBFBD>0

BIN
secrets/zulip-rabbitmqPassword.age
View File

Binary file not shown.

BIN
secrets/zulip-secretKey.age
View File

Binary file not shown.

BIN
secrets/zulip-sharedSecretKey.age
View File

Binary file not shown.

8
substitutors.nix
View File

@@ -1,8 +0,0 @@
{
# spectrum
nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
];
}

84
users/andromeda/home.nix
View File

@@ -91,81 +91,6 @@ in {
}; };
}; };
fastfetch.enable = true; fastfetch.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username} = {
extensions.packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
search = {
default = "ddghtml";
privateDefault = "ddghtml";
order = [
"wiki"
"options"
"packages"
"repos"
];
engines = {
"packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"wiki" = {
urls = [
{
template = "https://wiki.nixos.org/w/index.php";
params = [
{
name = "search";
value = "{searchTerms}";
}
];
}
];
};
};
};
settings = {
"extensions.autoDisableScopes" = 0;
};
};
};
git = { git = {
enable = true; enable = true;
settings = { settings = {
@@ -178,6 +103,15 @@ in {
}; };
gh.enable = true; gh.enable = true;
home-manager.enable = true; home-manager.enable = true;
firefox = {
enable = true;
package = pkgs.firefox.override {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username}.extensions.packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
};
lsd.enable = true; lsd.enable = true;
nvf = { nvf = {
enable = true; enable = true;

10
users/andromeda/sway_config
View File

@@ -55,12 +55,6 @@ bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9 bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 0 bindsym $mod+Shift+0 move container to workspace number 0
seat * hide_cursor 100
input type:touchpad events disabled
bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
bindsym $mod+f fullscreen bindsym $mod+f fullscreen
bindsym $mod+Shift+space floating toggle bindsym $mod+Shift+space floating toggle
bindsym $mod+Shift+minus move scratchpad bindsym $mod+Shift+minus move scratchpad
@@ -70,8 +64,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5% bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5% bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%- bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+ bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
default_border none default_border none
font pango:monospace 0.001 font pango:monospace 0.001