Merge branch 'main' of https://github.com/deltathetawastaken/dotfiles

2025-12-06 07:16:37 +03:00 · 2024-06-10 22:35:48 +03:00 · 2024-06-10 22:35:48 +03:00 · 0b0d8f4aaf
parent 1475a46e8e c016a23c7e
commit 0b0d8f4aaf
7 changed files with 119 additions and 27 deletions
--- a/hosts/huanan/services.nix
+++ b/hosts/huanan/services.nix
@ -0,0 +1,23 @@
 { pkgs, lib, inputs, ... }:
 {
  services.tailscale.enable = true;
  services.syncthing.enable = true;
  services.blueman.enable = true;
  services.tumbler.enable = true;
  services.gvfs.enable = true;
  services.flatpak.enable = true;
  services.printing.enable = true;
  services.pcscd.enable = true;
  services.udev.packages = [ 
    pkgs.gnome.gnome-settings-daemon
    pkgs.android-udev-rules
    pkgs.yubikey-personalization
  ];
  users.groups.cloudflared = { };
  users.users.cloudflared = {
    group = "cloudflared";
    isSystemUser = true;
  };
 }
--- a/hosts/huanan/system.nix
+++ b/hosts/huanan/system.nix
@ -3,9 +3,13 @@
 {
  imports = [ 
    ./hardware.nix
-    "${self}/pkgs/gnome.nix"
+    ./services.nix
    ../dlaptop/xorg.nix
    "${self}/pkgs/apps.nix"
    "${self}/pkgs/socks.nix"
    "${self}/pkgs/scripts.nix"
    "${self}/pkgs/work.nix"
    inputs.secrets.nixosModules.dlaptop
    inputs.home-manager.nixosModules.home-manager homeSettings
  ];
@ -27,6 +31,30 @@
    excludePackages = [ pkgs.xterm ];
  };
  systemd.services.NetworkManager-wait-online.enable = false; #just makes boot time longer
  networking = {
    hostName = "huanan";
    nameservers = [ "192.168.3.53" ];
    networkmanager.dns = "none"; 
    networkmanager.enable = true;
    useDHCP = lib.mkDefault true;
    iproute2.enable = true;
    firewall = {
      enable = false;
    };
  };
  security = {
    sudo.wheelNeedsPassword = false;
    pam.loginLimits = [{ #needed for swaylock
      domain = "@users";
      item = "rtprio";
      type = "-";
      value = 1;
    }];
    pam.services.swaylock = { };
  };
  hardware.nvidia = {
    modesetting.enable = true;
    powerManagement.enable = false;
@ -34,12 +62,6 @@
    nvidiaSettings = true;
  };
  networking = {
    hostName = "huanan";
    networkmanager.enable = true;
    firewall.enable = false;
  };
  sound.enable = true;
  hardware.pulseaudio.enable = false;
  services.pipewire = {
@ -49,6 +71,53 @@
    pulse.enable = true;
  };
  virtualisation = {
    podman = {
      enable = true;
      dockerCompat = true;
    };
    spiceUSBRedirection.enable = true;
    libvirtd.enable = true;
  };
  environment.systemPackages = with pkgs; [
    multipath-tools #ZFS in LUKS mount
    openvpn
    any-nix-shell
    comma
    #work scripts
    openconnect
    oath-toolkit
    expect
    # Thunar stuff
    ffmpegthumbnailer
    webp-pixbuf-loader
    freetype
    poppler
    f3d
    nufraw-thumbnailer
    android-tools
    tor-browser
    #inputs.anyrun.packages.${pkgs.system}.anyrun
    sops
    yubikey-manager-qt
    yubico-piv-tool
    yubioath-flutter
    yubikey-personalization
    yubikey-personalization-gui
    age-plugin-yubikey
    age
    rage
    lua5_4
    nodePackages_latest.nodejs
    rocmPackages.rocm-smi #gpu support in btop
  ];
  services.openssh.enable = true;
-  system.stateVersion = "23.11"; # Did you read the comment?
+  system.stateVersion = "23.11";
 }
--- a/hosts/intelnuc/nginx-work.nix
+++ b/hosts/intelnuc/nginx-work.nix
@ -4,8 +4,8 @@
  services.nginx.virtualHosts."grafana" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -31,8 +31,8 @@
  services.nginx.virtualHosts."keycloak" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -50,8 +50,8 @@
  services.nginx.virtualHosts."kibana" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -68,8 +68,8 @@
  services.nginx.virtualHosts."zabbix" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -87,8 +87,8 @@
  services.nginx.virtualHosts."prox-1" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -113,8 +113,8 @@
  services.nginx.virtualHosts."prox-2" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
@ -139,8 +139,8 @@
  services.nginx.virtualHosts."prox-3" = {
    forceSSL = false;
    listen = [
-      {port = 80; addr = "0.0.0.0"; ssl = false;} # Listen on port 80 for HTTP
+      {port = 80; addr = "100.92.15.128"; ssl = false;} # Listen on port 80 for HTTP
-      {port = 443; addr = "0.0.0.0"; ssl = true;} # Listen on port 443 for HTTPS
+      {port = 443; addr = "100.92.15.128"; ssl = true;} # Listen on port 443 for HTTPS
    ];
    extraConfig = ''
      ssl_certificate /run/secrets/cert;
--- a/pkgs/apps.nix
+++ b/pkgs/apps.nix
@ -67,7 +67,7 @@ in {
    wlogout
    nom
    localsend
-    trayscale
+    ktailctl
    fishPlugins.done
    monero-gui
    translate-shell
@ -116,7 +116,6 @@ in {
    element-desktop
    qrtool
    appimage-run
    trayscale
    lf
    (pkgs.writeScriptBin "reboot" ''read -p "Do you REALLY want to reboot? (y/N) " answer; [[ $answer == [Yy]* ]] && ${pkgs.systemd}/bin/reboot'')
  ]);
--- a/pkgs/hyprland/hypr/hyprland.conf
+++ b/pkgs/hyprland/hypr/hyprland.conf
@ -50,7 +50,7 @@ exec-once = foot -s
 exec-once = thunar --daemon
 exec-once = hypridle
 exec-once = hyprctl setcursor Bibata-Modern-Classic 16
-exec-once = trayscale --hide-window
+# exec-once = trayscale --hide-window # change tp ktailctl later
 # exec-once = hyprctl dispatch -- exec [workspace special:hdrop silent] "QT_QPA_PLATFORM=xcb telegram-desktop"
 exec-once = /home/delta/.config/hypr/hdrop -b -g '30' -h '60' -f 'keepassxc_lite' --class org.keepassxc.KeePassXC
 exec-once = dropbox
@ -401,7 +401,7 @@ bind =  ALT, SPACE, exec, pypr shift_monitors +1 # K R A S I V O
 bind = $mainMod, P, pseudo, # dwindle
 #bind = $mainMod, J, togglesplit, # dwindle
 #bind = $mainMod, S, exec, grim -g "$(slurp)" - | tee >(swappy -f -) | wl-copy # take a screenshot
-bind = $mainMod, S, exec,XCURSOR_SIZE=16 grimblast --freeze copy area # take a screenshot
+bind = $mainMod, S, exec, grimblast --freeze copy area # take a screenshot
 bind = $mainMod SHIFT, S, exec, grim -g "$(slurp)" - | qrtool decode | tee >(wl-copy) >(notify-send --icon=clipboard "QR Code Content" "$(cat)")
 bind = $mainMod, Print, exec, /home/delta/.config/hypr/grimblast.sh # take a screenshot
 # bind = $mainMod, Print, exec, /home/delta/scripts/screenshoter.sh # take a screenshot
--- a/pkgs/socks.nix
+++ b/pkgs/socks.nix
@ -1,6 +1,7 @@
 { pkgs, lib, inputs, ... }:
 let
  nixpkgs2305 = import inputs.nixpkgs2305 { system = "${pkgs.system}"; config = { allowUnfree = true; }; };
  socksBuilder = { name, script, autostart ? true, socketConfig ? null }:
    {
      inherit name;
--- a/pkgs/waybar/style.css
+++ b/pkgs/waybar/style.css
@ -1,7 +1,7 @@
 * {
    border: none;
    border-radius: 0;
-    font-family: "IosevkaDiosevka";
+    font-family: "Iosevka Comfy Wide Duo";
    font-weight: bold;
    font-size: 16px;
    min-height: 0;