Andromeda/conf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Andromeda:master
Branches Tags
Andromeda:master Andromeda:dev Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere
..
compare: Andromeda:e1c510fc641825d51da12aa1dce7885dd5aee0de
Branches Tags
Andromeda:dev Andromeda:master Andromeda:phoenix Andromeda:flake-parts Andromeda:r0-persist
Andromeda:nixos-anywhere

16 Commits
master ... e1c510fc64

Author SHA1 Message Date
andromeda
e1c510fc64 remove npins fr 2026-01-25 11:00:30 +01:00
andromeda
e4305c15ac failed to npins, patch phoenix 2026-01-25 10:59:20 +01:00
andromeda
5c99e52e09 patch phoenix to allow user to auto enable extensions 2026-01-25 10:58:15 +01:00
andromeda
ad7e25dce3 init npins? 2026-01-22 05:38:05 +01:00
andromeda
1a62299225 update nixpkgs 2026-01-22 05:37:51 +01:00
andromeda
6e7e52aecf init npins? 2026-01-22 05:35:49 +01:00
andromeda
a0fa657600 update nixpkgs 2026-01-22 05:13:18 +01:00
andromeda
580cbd1851 init nix-on-droid 2026-01-14 22:57:40 +01:00
andromeda
6fdcd13627 adjust brightness, disable touchpad sometimes 2026-01-14 20:18:25 +01:00
andromeda
6fb816f27c reenable ipv6; reconfigure browser 2026-01-14 05:31:48 +01:00
andromeda
c0e92a4ef3 typo 2026-01-13 10:55:24 +01:00
andromeda
b754a3d53f matrix-synapse? 2026-01-13 10:48:56 +01:00
andromeda
19d45ebd05 edit TODO.md 2026-01-13 06:29:18 +01:00
andromeda
312ee02d9e fix alias traversal 2026-01-13 06:21:08 +01:00
andromeda
c377598d5c conduit setup? 2026-01-13 06:16:27 +01:00
andromeda
dcb82ed361 add README, conduit 2026-01-13 05:53:57 +01:00
18 changed files with 672 additions and 85 deletions
Expand all files Collapse all files

2
README.md
View File

@@ -1,3 +1,5 @@
see TODO.md for my aspirations
## usage
### install

20
TODO.md Normal file
View File

@@ -0,0 +1,20 @@
- add other remote
- fully automate remote provisioning (remote keys)
- fix ipv6 on remotes
- modularize home manager
- add services?
- 0x0
- forgejo
- matrix homeserver
- matrix webclient
- radicale
- tor relay
- wireguard as vpn
- add home functionality
- better term emulator
- switch browser?
- chromium: much better sandboxing
- ladybird: be an early tester, contribute
- glide: sexier tridactyl implementation
- browsh: the GOAT
- get mouse out of here

171
flake.lock generated
View File

@@ -385,6 +385,27 @@
"type": "github"
}
},
"home-manager_3": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@@ -433,6 +454,57 @@
"type": "github"
}
},
"nix-formatter-pack": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs"
],
"nmd": [
"nix-on-droid",
"nmd"
],
"nmt": "nmt"
},
"locked": {
"lastModified": 1705252799,
"narHash": "sha256-HgSTREh7VoXjGgNDwKQUYcYo13rPkltW7IitHrTPA5c=",
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"rev": "2de39dedd79aab14c01b9e2934842051a160ffa5",
"type": "github"
},
"original": {
"owner": "Gerschtli",
"repo": "nix-formatter-pack",
"type": "github"
}
},
"nix-on-droid": {
"inputs": {
"home-manager": "home-manager_3",
"nix-formatter-pack": "nix-formatter-pack",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-docs": "nixpkgs-docs",
"nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap",
"nmd": "nmd"
},
"locked": {
"lastModified": 1765031149,
"narHash": "sha256-4ZtlnCp4blhsjGnQIxAXDAj7nCJKy7tozoBRtklmwcU=",
"owner": "nix-community",
"repo": "nix-on-droid",
"rev": "55b6449b4582a4ba3ce712543c973360a026db7d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-on-droid",
"type": "github"
}
},
"nix-zulip": {
"flake": false,
"locked": {
@@ -474,11 +546,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1766651565,
"narHash": "sha256-QEhk0eXgyIqTpJ/ehZKg9IKS7EtlWxF3N7DXy42zPfU=",
"lastModified": 1768305791,
"narHash": "sha256-AIdl6WAn9aymeaH/NvBj0H9qM+XuAuYbGMZaP0zcXAQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "3e2499d5539c16d0d173ba53552a4ff8547f4539",
"rev": "1412caf7bf9e660f2f962917c14b1ea1c3bc695e",
"type": "github"
},
"original": {
@@ -488,6 +560,38 @@
"type": "github"
}
},
"nixpkgs-docs": {
"locked": {
"lastModified": 1705957679,
"narHash": "sha256-Q8LJaVZGJ9wo33wBafvZSzapYsjOaNjP/pOnSiKVGHY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9a333eaa80901efe01df07eade2c16d183761fa3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-for-bootstrap": {
"locked": {
"lastModified": 1720244366,
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764242076,
@@ -504,6 +608,44 @@
"type": "github"
}
},
"nmd": {
"inputs": {
"nixpkgs": [
"nix-on-droid",
"nixpkgs-docs"
],
"scss-reset": "scss-reset"
},
"locked": {
"lastModified": 1705050560,
"narHash": "sha256-x3zzcdvhJpodsmdjqB4t5mkVW22V3wqHLOun0KRBzUI=",
"owner": "~rycee",
"repo": "nmd",
"rev": "66d9334933119c36f91a78d565c152a4fdc8d3d3",
"type": "sourcehut"
},
"original": {
"owner": "~rycee",
"repo": "nmd",
"type": "sourcehut"
}
},
"nmt": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"noshell": {
"inputs": {
"nixpkgs": [
@@ -602,11 +744,11 @@
]
},
"locked": {
"lastModified": 1766543224,
"narHash": "sha256-96PBoNqh3sPU9t+IXxcB1OjjuQ8HOv42OOh9UtwFHbU=",
"lastModified": 1769035606,
"narHash": "sha256-I9pKhfhAz3JsGBLIqr9MNycTEQn0Bc3jzf0mKeWLlsE=",
"owner": "celenityy",
"repo": "Phoenix",
"rev": "f09568c8a71af4fe42dd43c6f711c67daf605f1e",
"rev": "07d9be8cbf938962f9847b0970274b885ff48792",
"type": "github"
},
"original": {
@@ -621,6 +763,7 @@
"disko": "disko",
"home-manager": "home-manager_2",
"impermanence": "impermanence",
"nix-on-droid": "nix-on-droid",
"nix-zulip": "nix-zulip",
"nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs",
@@ -631,6 +774,22 @@
"stylix": "stylix"
}
},
"scss-reset": {
"flake": false,
"locked": {
"lastModified": 1631450058,
"narHash": "sha256-muDlZJPtXDIGevSEWkicPP0HQ6VtucbkMNygpGlBEUM=",
"owner": "andreymatin",
"repo": "scss-reset",
"rev": "0cf50e27a4e95e9bb5b1715eedf9c54dee1a5a91",
"type": "github"
},
"original": {
"owner": "andreymatin",
"repo": "scss-reset",
"type": "github"
}
},
"stylix": {
"inputs": {
"base16": "base16",

23
flake.nix
View File

@@ -18,6 +18,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nix-on-droid = {
url = "github:nix-community/nix-on-droid";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-zulip = {
url = "git+https://git.afnix.fr/nix-zulip/nix-zulip";
flake = false;
@@ -50,6 +54,7 @@
impermanence,
nixos-mailserver,
nixpkgs,
nix-on-droid,
nix-zulip,
noshell,
nur,
@@ -58,6 +63,7 @@
stylix,
...
}: let
phoenix' = (import ./modules/nixos/phoenix.nix) {inherit phoenix;};
nix-zulip' = (import "${nix-zulip}/nix/default.nix" {}).output;
machines = import ./machines.nix;
configuration = machine: modules:
@@ -75,7 +81,7 @@
impermanence.nixosModules.impermanence
nixos-mailserver.nixosModule
noshell.nixosModules.default
phoenix.nixosModules.default
phoenix'.phoenixModule
nix-zulip'.nixosModules.zulip
{
nixpkgs.overlays = [
@@ -93,6 +99,7 @@
{
home-manager.useGlobalPkgs = true;
home-manager.extraSpecialArgs = {inherit machine;};
home-manager.backupFileExtension = "bak";
home-manager.users =
builtins.mapAttrs
(name: value: value)
@@ -117,5 +124,19 @@
builtins.mapAttrs
(hostname: value: configurationWithHomeManager value)
machines;
nixOnDroidConfigurations.default = nix-on-droid.lib.nixOnDroidConfiguration {
pkgs = import nixpkgs {system = "aarch64-linux";};
modules = [
./modules/nix-on-droid/nix-on-droid.nix
{
home-manager.useGlobalPkgs = true;
home-manager.users."andromeda" = {
imports = [
./modules/nix-on-droid/home.nix
];
};
}
];
};
};
}

12
machines.nix
View File

@@ -20,7 +20,7 @@
./modules/nixos/laptop.nix
# vpn
./modules/nixos/openvpn-client.nix
# ./modules/nixos/openvpn-client.nix
# ly display manager
./modules/nixos/ly.nix
@@ -30,6 +30,9 @@
# apps
./modules/nixos/steam.nix
# substitutors
./substitutors.nix
];
};
"109-199-104-83" = {
@@ -69,6 +72,13 @@
# webmail.domain
./modules/nixos/roundcube.nix
# matrix homeserver
# matrix.domain
# ./modules/nixos/matrix-conduit.nix
# matrix homeserver
./modules/nixos/matrix-synapse.nix
# BROKEN
# forgejo
# git.domain

165
modules/nix-on-droid/home.nix Normal file
View File

@@ -0,0 +1,165 @@
{
config,
lib,
pkgs,
...
}: {
home = {
username = "andromeda";
homeDirectory = "/home/${config.home.username}";
stateVersion = "26.05";
packages = [
pkgs.brush
pkgs.dust
pkgs.fzf
pkgs.glow
pkgs.nix-output-monitor
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
pkgs.tree
pkgs.zoxide
];
};
programs = {
bash = {
enable = true;
shellAliases = {
neofetch = "fastfetch";
ls = lib.mkForce "lsd";
ll = lib.mkForce "lsd -l";
l = "lsd -la";
cd = "z";
gg = "git log --oneline --abbrev-commit --all --graph --decorate --color";
md = "glow";
};
bashrcExtra = ''
PS1="\u@\h:\w$"
eval "$(zoxide init bash)"
'';
};
btop = {
enable = true;
settings = {
theme_background = false;
vim_keys = true;
rounded_corners = false;
graph_symbol = "braille";
update_ms = 150;
proc_sorting = "cpu lazy";
proc_gradient = false;
proc_left = true;
cpu_single_graph = true;
cpu_bottom = true;
clock_format = "/user@/host:/uptime@%H:%M";
background_update = true;
mem_graphs = false;
mem_below_net = true;
show_swap = false;
only_physical = true;
show_io_stat = true;
io_mode = false;
io_graph_combined = false;
};
};
fastfetch.enable = true;
git = {
enable = true;
settings = {
user = {
name = config.home.username;
email = "${config.home.username}@android";
};
init.defaultBranch = "master";
};
};
home-manager.enable = true;
lsd.enable = true;
nvf = {
enable = true;
settings.vim = {
autocomplete.nvim-cmp.enable = false;
formatter.conform-nvim = {
enable = true;
setupOpts.format_on_save = {
lsp_format = "fallback";
timeout_ms = 5000;
};
};
lsp.otter-nvim.enable = true;
git.enable = true;
keymaps = [
{
key = "<Down>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Up>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Left>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "<Right>";
mode = ["i" "n" "v" "c"];
action = "<NOP>";
}
{
key = "jj";
mode = ["i"];
action = "<Esc>";
}
{
key = "kk";
mode = ["i"];
action = "<Esc>";
}
{
key = "jk";
mode = ["i"];
action = "<Esc>";
}
{
key = "kj";
mode = ["i"];
action = "<Esc>";
}
{
key = "<Esc>";
mode = ["i"];
action = "<Nop>";
}
];
languages = {
nix = {
enable = true;
format.enable = true;
lsp.enable = true;
};
haskell = {
enable = true;
lsp.enable = true;
};
};
lineNumberMode = "relative";
options = {
tabstop = 2;
shiftwidth = 2;
expandtab = true;
smarttab = true;
foldmethod = "indent";
number = true;
colorcolumn = "80";
};
statusline.lualine.enable = true;
syntaxHighlighting = true;
};
};
ssh.enable = true;
};
}

5
modules/nix-on-droid/nix-on-droid.nix Normal file
View File

@@ -0,0 +1,5 @@
{pkgs, ...}: {
environment.packages = [pkgs.git];
system.stateVersion = "26.05";
nix.settings.experimentalFeatures = ["nix-command" "flakes"];
}

82
modules/nixos/matrix-conduit.nix Normal file
View File

@@ -0,0 +1,82 @@
{
config,
pkgs,
...
}: let
well_known_server = pkgs.writeText "well-known-matrix-server" ''
{
"m.server": "matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
well_known_client = pkgs.writeText "well-known-matrix-client" ''
{
"m.homeserver": {
"base_url": "https://matrix.${config.services.matrix-conduit.settings.global.server_name}"
}
'';
in {
services.matrix-conduit = {
enable = true;
settings.global = {
server_name = "${config.networking.domain}";
};
};
services.nginx = {
enable = true;
virtualHosts = {
"matrix.${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
{
addr = "0.0.0.0";
port = 8448;
ssl = true;
}
];
locations."/_matrix/" = {
proxyPass = "http://backend_conduit$request_uri";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header Host $host;
proxy_buffering off;
'';
};
extraConfig = ''
merge_slashes off;
'';
};
"${config.services.matrix-conduit.settings.global.server_name}" = {
forceSSL = true;
enableACME = true;
locations."/.well-known/matrix/server/" = {
alias = "${well_known_server}";
extraConfig = ''
default_type application/json;
'';
};
locations."/.well-known/matrix/client/" = {
alias = "${well_known_client}";
extraConfig = ''
default_type application/json;
add_header Access-Control-Allow-Origin "";
'';
};
};
};
upstreams = {
backend-conduit = {
servers = {
"localhost:${builtins.toString config.services.matrix-conduit.settings.global.port}" = {};
};
};
};
};
networking.firewall.allowedTCPPorts = [8448];
networking.firewall.allowedUDPPorts = [8448];
}

65
modules/nixos/matrix-synapse.nix Normal file
View File

@@ -0,0 +1,65 @@
{
pkgs,
lib,
config,
...
}: let
fqdn = "${config.networking.hostName}.${config.networking.domain}";
baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl;
serverConfig."m.server" = "${fqdn}:443";
mkWellKnown = data: ''
default_type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}';
'';
in {
services.postgresql.enable = true;
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.networking.domain}" = {
enableACME = true;
forceSSL = true;
locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
};
"${fqdn}" = {
enableACME = true;
forceSSL = true;
locations."/".extraConfig = ''
return 404;
'';
locations."/_matrix".proxyPass = "http://[::1]:8008";
locations."/_synapse/client".proxyPass = "http://[::1]:8008";
};
};
};
services.matrix-synapse = {
enable = true;
settings.server_name = config.networking.domain;
settings.public_baseurl = baseUrl;
settings.listeners = [
{
port = 8008;
bind_addresses = ["::1"];
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = [
"client"
"federation"
];
compress = true;
}
];
}
];
};
}

9
modules/nixos/openvpn-client.nix
View File

@@ -1,8 +1,11 @@
{lib, ...}: {
{
services.openvpn.servers = {
"173.249.5.230" = {config = ''config /etc/openvpn-confs/173.249.5.230.ovpn'';};
};
networking.enableIPv6 = lib.mkForce false;
environment.persistence."/persist".directories = ["/etc/openvpn-confs"];
boot.kernelParams = ["ipv6.disable=1"];
# turns out disabling ipv6 is a bad idea; I'm just going to enable v6 on the remote xD
# networking.enableIPv6 = lib.mkForce false;
# workaround; NetworkManager reenables ipv6 without the following
# boot.kernelParams = ["ipv6.disable=1"];
}

61
modules/nixos/phoenix.nix Normal file
View File

@@ -0,0 +1,61 @@
{phoenix, ...}: rec {
phoenixOverlay = final: prev: {
phoenix = (final.callPackage (import "${phoenix}/nix/package.nix")
{
}).overrideAttrs {
patches = [
../../patches/0001-autoDisableScopes-unlocked.patch
];
};
withPhoenix = firefoxPackage:
firefoxPackage.override {
extraPoliciesFiles = ["${final.phoenix}/policies.json"];
extraPrefsFiles = ["${final.phoenix}/phoenix.cfg"];
};
};
phoenixModule = {
pkgs,
config,
lib,
...
}: {
options.programs.firefox.phoenix = {
enable =
lib.mkEnableOption "Enable privacy & security hardening of Firefox using the Phoenix configs"
// {
default = true;
};
firefoxPackages = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = ["firefox"];
description = "The name of Firefox packages of current pkgs to patch with phoenix config and policy.";
};
};
config = let
cfg = config.programs.firefox.phoenix;
in
lib.mkIf cfg.enable {
assertions = [
{
assertion = !pkgs.stdenv.isDarwin;
message = "Phoenix module has not been ported to nix-darwin yet. Contributions welcomed.";
}
];
environment.etc."firefox/defaults/pref/phoenix-desktop.js".source = "${pkgs.phoenix}/pref/phoenix-desktop.js";
environment.etc."firefox/phoenix/userjs".source = "${pkgs.phoenix}/userjs";
environment.etc."firefox/phoenix/configs".source = "${pkgs.phoenix}/configs";
environment.etc."firefox/phoenix/assets".source = "${pkgs.phoenix}/assets";
programs.firefox.policies =
(builtins.fromJSON (builtins.readFile "${pkgs.phoenix}/policies.json")).policies;
nixpkgs.overlays = [
phoenixOverlay
(
final: prev:
builtins.listToAttrs (
map (p: lib.nameValuePair p (final.withPhoenix prev.${p})) cfg.firefoxPackages
)
)
];
};
};
}

25
patches/0001-autoDisableScopes-unlocked.patch Normal file
View File

@@ -0,0 +1,25 @@
From 1eeab7cf3b5d41e3e10959ef2ff5298eac86c9fa Mon Sep 17 00:00:00 2001
From: andromeda <andromeda@lenovo>
Date: Sun, 25 Jan 2026 10:41:03 +0100
Subject: [PATCH] autoDisableScopes unlocked
---
build/phoenix-unified.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/build/phoenix-unified.js b/build/phoenix-unified.js
index e183890e..fd58b176 100644
--- a/build/phoenix-unified.js
+++ b/build/phoenix-unified.js
@@ -2204,7 +2204,7 @@ pref("xpinstall.whitelist.add.NoScript.PBM", "https://noscript.net^privateBrowsi
// https://archive.is/DYjAM
// https://support.mozilla.org/kb/deploying-firefox-with-extensions
// https://searchfox.org/firefox-main/rev/82e2435f/toolkit/mozapps/extensions/internal/AddonSettings.sys.mjs#125
-pref("extensions.autoDisableScopes", 15, locked); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
+pref("extensions.autoDisableScopes", 15); // [DEFAULT - non-Thunderbird] Defense in depth, ensures sideloaded extensions are always disabled by default...
pref("extensions.enabledScopes", 5); // [HIDDEN]
pref("extensions.installDistroAddons", false); // [HIDDEN - non-Android] [DEFAULT - Android]
pref("extensions.sideloadScopes", 0); // [HIDDEN]
--
2.52.0

1
pub-keys.nix
View File

@@ -1,6 +1,7 @@
{
age.secrets = {
andromeda-pw.file = ./secrets/andromeda-pw.age;
conduit-secretFile.file = ./secrets/conduit-secretFile.age;
"dkim-galaxious.de.mail.key".file = ./secrets/dkim-galaxious.de.mail.key.age;
mtgmonkey-pw.file = ./secrets/mtgmonkey-pw.age;
mailserver-acc-test-pw.file = ./secrets/mailserver-acc-test-pw.age;

9
secrets/conduit-secretFile.age Normal file
View File

@@ -0,0 +1,9 @@
age-encryption.org/v1
-> ssh-ed25519 mT2fyg x0n1JToeD7bRsDYJpv0HFzQYB9YxxiSqt+dG6elG1Eg
vspLec9Vm6fvJnlDGjzezThc1qeIYyWncBxYwsE/6rg
-> ssh-ed25519 UHxfvA nOlZo53SINXJs8tt/vdoiGjMnIW/lYZVdI8TJfAFqxE
XlxvrHDFlm8c7odfNbBw0/QeYuCj5e4VValql5JNNgg
-> ssh-ed25519 yXDKAA Rf+obXBUKxOcMqrb6rlOSfZGyjkj1PnRvHUSDToj6Tw
XV/3FmC48Wcg9r3C5soRKBwOcBgat2ueAa8pU1MUYLE
--- l/eEq13iyiddR9Rgf47Mv8JxPfjINwCnU4pd3KyxMVQ
^P%ÔϦ‚Û}ÌÝM¤Ñù&ߢهóQ¬?d^ØYú Ã~øTuÃï±oÍfž´·7¬nÙ'!'͓ㆆµ]d͇0>vÆÇŸ¸Ü.Ÿ€E]˜šÔ‡|‰>d— *wDÉ<44>¿­à<C2AD>­)cH<63>êÁ@W<>v*šWk<57>õéN¤ÎRßF I@¶ê;9=u¬Í¬°°Ï„Œ,—‘©)Ÿ>bÁÝ:O«Jð=´W

5
secrets/secrets.nix
View File

@@ -8,6 +8,11 @@ in {
"andromeda-pw.age".publicKeys = [andromeda lenovo];
"mtgmonkey-pw.age".publicKeys = [andromeda lenovo];
# contains the following env
# CONDUIT_JWT_SECRET
# CONDUIT_TURN_SECRET
"conduit-secretFile.age".publicKeys = [andromeda lenovo _109-199-104-83];
# dkim private keys
"dkim-galaxious.de.mail.key.age".publicKeys = [andromeda lenovo _109-199-104-83];

8
substitutors.nix Normal file
View File

@@ -0,0 +1,8 @@
{
# spectrum
nix.settings.substituters = ["https://cache.dataaturservice.se/spectrum/"];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"spectrum-os.org-2:foQk3r7t2VpRx92CaXb5ROyy/NBdRJQG2uX2XJMYZfU="
];
}

84
users/andromeda/home.nix
View File

@@ -39,6 +39,7 @@ in {
pkgs.grim
pkgs.jmtpfs
pkgs.nix-output-monitor
pkgs.npins
pkgs.ranger
pkgs.rip2
pkgs.ripgrep
@@ -97,79 +98,18 @@ in {
cfg.enableTridactylNative = true;
};
profiles.${config.home.username} = {
extensions.packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
search = {
default = "repos";
privateDefault = "ddghtml";
order = [
"wiki"
"options"
"packages"
"repos"
extensions = {
force = true;
packages = [
pkgs.nur.repos.rycee.firefox-addons.tridactyl
];
};
search = {
default = "DuckDuckGo (HTML)";
privateDefault = "DuckDuckGo (HTML)";
order = [
"DuckDuckGo (HTML)"
];
engines = {
"packages" = {
urls = [
{
template = "https://search.nixos.org/packages";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"options" = {
urls = [
{
template = "https://search.nixos.org/options";
params = [
{
name = "channel";
value = "unstable";
}
{
name = "query";
value = "{searchTerms}";
}
];
}
];
};
"wiki" = {
urls = [
{
template = "https://wiki.nixos.org/w/index.php";
params = [
{
name = "search";
value = "{searchTerms}";
}
];
}
];
};
"repos" = {
template = "https://html.duckduckgo.com/html/";
params = [
{
name = "q";
value = "{searchTerms}+(site:*.gitlab.org OR site:github.com OR site:git.mtgmonkey.net OR site:sr.ht)";
}
];
};
};
};
settings = {
"extensions.autoDisableScopes" = 0;

10
users/andromeda/sway_config
View File

@@ -55,6 +55,12 @@ bindsym $mod+Shift+8 move container to workspace number 8
bindsym $mod+Shift+9 move container to workspace number 9
bindsym $mod+Shift+0 move container to workspace number 0
seat * hide_cursor 100
input type:touchpad events disabled
bindsym $mod+r exec 'swaymsg "seat * hide_cursor 100"; swaymsg "input type:touchpad events disabled"'
bindsym $mod+t exec 'swaymsg "seat * hide_cursor 0"; swaymsg "input type:touchpad events enabled"'
bindsym $mod+f fullscreen
bindsym $mod+Shift+space floating toggle
bindsym $mod+Shift+minus move scratchpad
@@ -64,8 +70,8 @@ bindsym --locked XF86AudioMute exec pactl set-sink-mute \@DEFAULT_SINK@ toggle
bindsym --locked XF86AudioLowerVolume exec pactl set-sink-volume \@DEFAULT_SINK@ -5%
bindsym --locked XF86AudioRaiseVolume exec pactl set-sink-volume \@DEFAULT_SINK@ +5%
bindsym --locked XF86AudioMicMute exec pact set-source-mute \@DEFAULT_SOURCE@ toggle
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 5%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 5%+
bindsym --locked XF86MonBrightnessDown exec brightnessctl set 2%-
bindsym --locked XF86MonbrightnessUp exec brightnessctl set 2%+
default_border none
font pango:monospace 0.001