muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2025-12-06 08:07:45 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: muon:0245d1a8a6d6d019db3894c7e2ed28df71d76a7c
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy
..
compare: muon:33473bba66822490007007374de3f59021aa8f1e
Branches Tags
muon:main
muon:homelab
muon:vps
muon:container
muon:fresh
muon:i3
muon:hyprland
muon:refactor
muon:legacy

10 commits
0245d1a8a6 ... 33473bba66

Author SHA1 Message Date
muon
33473bba66 Add nvr to nginx 2025-08-01 12:02:44 +00:00
muon
8c3ce29b0d Add atuin home 2025-08-01 11:33:55 +00:00
muon
ee1f5b7408 Enable atuin 2025-08-01 10:03:48 +00:00
muon
ac9947806a Add atuin 2025-08-01 10:02:25 +00:00
muon
20d2ccd622 Update nix 2025-08-01 09:49:07 +00:00
muon
23b5409067 Merge branch 'main' of ssh://codeberg.org/muon/home 2025-08-01 09:06:16 +00:00
muon
34bd5d9293 Fix mkdir 2025-08-01 09:05:43 +00:00
muon
efd1b556a8 Merge branch 'main' of codeberg.org:muon/home 2025-08-01 09:00:49 +00:00
muon
d3097eb3a2 Remove redundant persist 2025-08-01 09:00:26 +00:00
muon
124ee0001b Update murk hardware 2025-08-01 08:34:39 +00:00
14 changed files with 71 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -11,17 +11,12 @@ cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configur
rbw config set email admin@muon.host rbw config set email admin@muon.host
rbw config set base_url https://vault.muon.host rbw config set base_url https://vault.muon.host
rbw login rbw login
sudo mkdir -p /mnt/etc/ssh
nix-shell -p jq --run "rbw get --raw sopsssh | jq -r '.data.password' | sudo tee /mnt/etc/ssh/ssh_host_ed25519_key.pub"
nix-shell -p jq --run "rbw get --raw sopsssh | jq -r '.notes' | sudo tee /mnt/etc/ssh/ssh_host_ed25519_key"
sudo mkdir -p /mnt{,/persist}/var/lib/sops-nix sudo mkdir -p /mnt{,/persist}/var/lib/sops-nix
sudo chown muon:users /mnt/var/lib/sops-nix -R
sudo chown muon:users /mnt/persist/var/lib/sops-nix -R sudo chown muon:users /mnt/persist/var/lib/sops-nix -R
rbw get sops > /mnt/var/lib/sops-nix/key.txt rbw get sops > /mnt/var/lib/sops-nix/key.txt
sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt
sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname) sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
sudo cp -r /mnt/var/lib/nixos/* /mnt/persist/var/lib/nixos/ sudo cp -r /mnt/var/lib/nixos/* /mnt/persist/var/lib/nixos/
sudo cp -r /mnt/etc/ssh/ssh_host* /mnt/persist/etc/ssh/
sudo cp {/mnt,/mnt/persist}/etc/machine-id sudo cp {/mnt,/mnt/persist}/etc/machine-id
``` ```

18
flake.lock generated
View file

@ -193,11 +193,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1753595562, "lastModified": 1753983724,
"narHash": "sha256-Ci88mAdtiP5RQkYmVhRUq69iYPMM7/lS9/mw+FnC7DE=", "narHash": "sha256-2vlAOJv4lBrE+P1uOGhZ1symyjXTRdn/mz0tZ6faQcg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "710771af3d1c8c3f86a9e5d562616973ed5f3f21", "rev": "7035020a507ed616e2b20c61491ae3eaa8e5462c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -316,11 +316,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1753429684, "lastModified": 1753694789,
"narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", "narHash": "sha256-cKgvtz6fKuK1Xr5LQW/zOUiAC0oSQoA9nOISB0pJZqM=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", "rev": "dc9637876d0dcc8c9e5e22986b857632effeb727",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -443,11 +443,11 @@
"tinted-zed": "tinted-zed" "tinted-zed": "tinted-zed"
}, },
"locked": { "locked": {
"lastModified": 1753553562, "lastModified": 1753978157,
"narHash": "sha256-CpTwdsrPU3UFy95Btg56RcVMgNpnw3C0DYTznE5aRq4=", "narHash": "sha256-sVy8hb71VawSOIsLv/hMGzpvbbWszdP9aSKI5Drbt6Q=",
"owner": "danth", "owner": "danth",
"repo": "stylix", "repo": "stylix",
"rev": "af85565aba0f4749cb18b118a7333a0745920950", "rev": "ded4f29a023e0f14506ec16b0e32d129e56341cc",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/muho/configuration.nix
View file

@ -44,6 +44,7 @@ in {
mods.server.ntfy.enable = true; mods.server.ntfy.enable = true;
mods.server.lemmy.enable = true; mods.server.lemmy.enable = true;
mods.server.audio.enable = true; mods.server.audio.enable = true;
mods.server.atuin.enable = true;
mods.server.dash.enable = false; mods.server.dash.enable = false;
mods.server.nginx.ports.dash = 3009; mods.server.nginx.ports.dash = 3009;

5
hosts/mups/configuration.nix
View file

@ -55,6 +55,11 @@ in {
default = true; default = true;
locations."/" = { proxyPass = "http://localhost:8008"; }; locations."/" = { proxyPass = "http://localhost:8008"; };
}; };
"nvr.muon.host" = {
enableACME = true;
forceSSL = true;
locations."/" = { proxyPass = "http://10.0.0.2:8095"; };
};
"tetterodesportcomplex.nl" = { "tetterodesportcomplex.nl" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

59
hosts/murk/hardware-configuration.nix
View file

@ -4,64 +4,15 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
[ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=root" ];
};
boot.initrd.luks.devices."crypted".device =
"/dev/disk/by-uuid/1ca0c5f6-3cb3-4f86-94a5-4376461da227";
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4BD8-A887";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
fileSystems."/home" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=home" "compress=zstd" "noatime" ];
};
fileSystems."/nix" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=nix" "compress=zstd" "noatime" ];
};
fileSystems."/persist" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=persist" "compress=zstd" "noatime" ];
neededForBoot = true;
};
fileSystems."/swap" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=swap" ];
};
fileSystems."/var/log" = {
device = "/dev/mapper/crypted";
fsType = "btrfs";
options = [ "subvol=log" "compress=zstd" "noatime" ];
neededForBoot = true;
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

1
hosts/ports.nix
View file

@ -18,6 +18,7 @@
# dash = 3009; # dash = 3009;
ntfy = 3010; ntfy = 3010;
audio = 3011; audio = 3011;
atuin = 3012;
search = 8081; search = 8081;
videos = 8082; videos = 8082;

2
modules/home/impermanence.nix
View file

@ -8,7 +8,7 @@ let
# fs-diff.sh # fs-diff.sh
set -euo pipefail set -euo pipefail
sudo mkdir /btrfs_tmp sudo mkdir -p /btrfs_tmp
sudo mount -o subvol=/ /dev/mapper/crypted /btrfs_tmp sudo mount -o subvol=/ /dev/mapper/crypted /btrfs_tmp
OLD_TRANSID=$(sudo btrfs subvolume find-new /btrfs_tmp/root-blank 9999999) OLD_TRANSID=$(sudo btrfs subvolume find-new /btrfs_tmp/root-blank 9999999)

1
modules/home/sops/default.nix
View file

@ -6,5 +6,6 @@ in with lib; {
age.keyFile = "/persist/var/lib/sops-nix/key.txt"; age.keyFile = "/persist/var/lib/sops-nix/key.txt";
defaultSopsFile = ./secrets.yaml; defaultSopsFile = ./secrets.yaml;
secrets.zipline-auth = { }; secrets.zipline-auth = { };
secrets.atuin-auth = { };
}; };
} }

12
modules/home/sops/secrets.yaml
View file

@ -1,9 +1,6 @@
zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str] zipline-auth: ENC[AES256_GCM,data:RkJI6GuH7RzdcSlKn32gMGojjB6rkdDcnNUvsi/BTfJk2slzoktAaJPzQA==,iv:LIiB3tyqXf/D64aIDSo0AyG3imvI6ZE893KBPlYFr28=,tag:wl8spMBwzfvuKA+Y6JnVyQ==,type:str]
atuin-auth: ENC[AES256_GCM,data:LDkiXWIwxor8Ro383gonJCyqu+nyxS7DrI2J8uo4Cqu2X61rBUlnpNR6YirUZS/lYAnWYJhZM7sR0G7ZNh9EgQ==,iv:UEs2KW8ImMnaQrSLrIGbVXEq86QiVPAPNIXBZpa3jFI=,tag:N0rhnPbasFzkoI3CJ9CV+Q==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc - recipient: age1m97a3eptxwpdd7h5kkqe9gkmhg6rquc64qjmlsfqfhfqv8q72crqrylhgc
enc: | enc: |
@ -32,8 +29,7 @@ sops:
cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts cThxTVpmcEMrcG9Lczd3dkdyQ0paSHMKUfkx9jh7zIqBkUjxaH3dVKvNJG3Mipts
OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA== OjmJ5aVVIR5U8MhgSgECb22mGlOgW8SU/x4gxcWgafZwbv2vbON6OA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-01-19T20:01:35Z" lastmodified: "2025-08-01T11:06:26Z"
mac: ENC[AES256_GCM,data:jG/1PmWEk8EMvor/QCEhxDzkRufVWCLdDnsfomVy9hbiOl9ndzCFjvMR2OXkxGsTHl8bGaYJ+DqAjtLvgZZW5l+F6HQmQcene1vNFH3DsrtiQ7TC3Lmov6PBND1XCkj3urwaT3zKoydHIuIdIWyo2/RSxyz8G8mQrn8QrKv5SJw=,iv:PIle2A4sd2hVarMIgYu9/obShMe8NnDbfe9FUL/p8HI=,tag:I/2Bt2L+a8ybJUc6Pv3yZw==,type:str] mac: ENC[AES256_GCM,data:bcCDmG+460Y+hUYHg6yVl2E6Oyw2MQcHVLp7sfhJDwWAHCwEPeYKlQLp8yumOTyQQxw6uSgj+vso7JmiAsnJvk/v9BIx6SNmfKK+rz9cwIJY1d8Da99Yn7WUVAjXQyWqxNckrELS+CKSsGXl7nr/PKYM1w87Fpbq9F7x4bp/V28=,iv:/XrjK+qaJCPrqoSEZ+hJQa7jvjWgzJQJXRXn+7Y1m8I=,tag:BruzsbUBC61Hzsx/3k8Vcg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.10.2

18
modules/home/terminal/tools.nix
View file

@ -29,7 +29,23 @@ in with lib; {
"htop" "htop"
"vifm" "vifm"
"rbw" "rbw"
]); ]) // {
atuin = {
enable = true;
enableZshIntegration = true;
flags = [ "--disable-up-arrow" ];
settings = {
sync_frequency = "5m";
sync_address = "https://atuin.muon.host";
key_path = config.sops.secrets.atuin-auth.path;
keymap_mode = "vim-insert";
keymap_cursor = {
vim_insert = "blink-bar";
vim_normal = "steady-block";
};
};
};
};
home.packages = with pkgs; [ home.packages = with pkgs; [
# libraries # libraries

2
modules/nixos/impermanence.nix
View file

@ -4,7 +4,7 @@ with lib; {
config = mkIf config.mods.impermanence.enable { config = mkIf config.mods.impermanence.enable {
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/ssh" ]; directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" ];
files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ]; files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ];
}; };

24
modules/nixos/server/atuin.nix Normal file
View file

@ -0,0 +1,24 @@
{ pkgs, lib, config, ... }:
let
cfg = config.mods.server.atuin;
port = config.mods.server.nginx.ports.atuin;
in with lib; {
options.mods.server = {
atuin = {
enable = mkEnableOption {
default = false;
description = "enables atuin server";
};
};
};
config = mkIf cfg.enable {
services.atuin = {
inherit port;
enable = true;
host = "0.0.0.0";
openRegistration = true;
};
};
}

1
modules/nixos/server/default.nix
View file

@ -24,5 +24,6 @@
./ntfy.nix ./ntfy.nix
./lemmy.nix ./lemmy.nix
./audio.nix ./audio.nix
./atuin.nix
]; ];
} }

2
modules/nixos/server/nvr.nix
View file

@ -13,9 +13,9 @@ in with lib; {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 8095 ];
services.zoneminder = { services.zoneminder = {
enable = true; enable = true;
openFirewall = true;
database = { database = {
createLocally = true; createLocally = true;
username = "zoneminder"; username = "zoneminder";