DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: DerGrumpf/cyper-nix:81cfe4ff2b1ceb9f8e653931a3041ab4a91b4d26
Branches Tags
DerGrumpf/cyper-nix:main
DerGrumpf/cyper-nix:iso-20260623-003446
...
compare: DerGrumpf/cyper-nix:main
Branches Tags
DerGrumpf/cyper-nix:main
DerGrumpf/cyper-nix:iso-20260623-003446

9 Commits
81cfe4ff2b ... main

Author SHA1 Message Date
DerGrumpf d122263dfa Added workflow for automatic iso builds
CI / check (push) Successful in 3m55s
Details
2026-06-22 22:56:47 +02:00
DerGrumpf 86e020936c Changed Workflow for not including darwin build due to catppuccin evaluation
CI / check (push) Successful in 4m1s
Details
2026-06-22 22:48:08 +02:00
DerGrumpf c00b9dc204 Fixed workflow; removed unnecessary stuff; add iso builder
CI / check (push) Successful in 5m51s
Details
2026-06-22 22:33:33 +02:00
DerGrumpf 2505485996 Aligned flake with workflow
CI / check (push) Failing after 2m41s
Details
2026-06-22 22:16:53 +02:00
DerGrumpf f41ef34361 Nonsense on top of Nonsense!
CI / check (push) Failing after 57s
Details
2026-06-22 21:16:47 +02:00
DerGrumpf 4cacb69c9c Nonsense on top of Nonsense!
CI / check (push) Failing after 24s
Details
2026-06-22 21:14:33 +02:00
DerGrumpf 9880ba23aa Fixed gitea-runner user
CI / check (push) Failing after 0s
Details
2026-06-22 21:03:17 +02:00
DerGrumpf 628dfaba31 Fixed gitea-runner user
CI / check (push) Failing after 0s
Details
2026-06-22 21:01:28 +02:00
DerGrumpf 9a93834dbb Fixed activation ids
CI / check (push) Failing after 1s
Details
2026-06-22 20:49:38 +02:00
23 changed files with 250 additions and 279 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yml
+8 -8
View File
@@ -9,15 +9,17 @@ jobs:
check: check:
runs-on: nix runs-on: nix
env: env:
PATH: "/nix/var/nix/profiles/default/bin:/nix/var/nix/profiles/default/sbin:/run/current-system/sw/bin:/usr/bin:/bin" PATH: "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"
NIXPKGS_ALLOW_UNFREE: "1"
steps: steps:
- uses: actions/checkout@v4 - name: Checkout
run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
- name: Nix flake check
run: nix flake check --no-build
- name: Format check - name: Format check
run: nix fmt -- --check . run: nix fmt -- --ci
- name: Nix flake check
run: nix flake check --impure
- name: Build NixOS configs (dry-run) - name: Build NixOS configs (dry-run)
run: | run: |
@@ -27,5 +29,3 @@ jobs:
nix build .#nixosConfigurations.cyper-node-1.config.system.build.toplevel --dry-run nix build .#nixosConfigurations.cyper-node-1.config.system.build.toplevel --dry-run
nix build .#nixosConfigurations.cyper-node-2.config.system.build.toplevel --dry-run nix build .#nixosConfigurations.cyper-node-2.config.system.build.toplevel --dry-run
- name: Eval darwin config (Linux-safe)
run: nix eval .#darwinConfigurations.cyper-mac.system
.gitea/workflows/release.yml
+47
View File
@@ -0,0 +1,47 @@
name: Release ISOs
on:
workflow_run:
workflows: ["CI"]
types:
- completed
branches: ["main"]
jobs:
build-isos:
runs-on: nix
if: ${{ github.event.workflow_run.conclusion == 'success' }}
env:
NIXPKGS_ALLOW_UNFREE: "1"
steps:
- name: Checkout
run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
- name: Build ISOs
run: |
nix build .#packages.x86_64-linux.cyper-desktop-iso --out-link result-desktop
nix build .#packages.x86_64-linux.cyper-controller-iso --out-link result-controller
nix build .#packages.x86_64-linux.cyper-proxy-iso --out-link result-proxy
nix build .#packages.x86_64-linux.cyper-node-1-iso --out-link result-node-1
nix build .#packages.x86_64-linux.cyper-node-2-iso --out-link result-node-2
- name: Create release and upload ISOs
run: |
TAG="iso-$(date +%Y%m%d-%H%M%S)"
COMMIT=$(git -C . rev-parse --short HEAD)
RELEASE=$(curl -s -X POST \
-H "Authorization: token ${{ secrets.CI_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"${TAG}\",\"name\":\"ISOs ${TAG}\",\"body\":\"Automated ISO build from commit ${COMMIT}\"}" \
"https://git.cyperpunk.de/api/v1/repos/DerGrumpf/cyper-nix/releases")
RELEASE_ID=$(echo $RELEASE | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
for result in result-desktop result-controller result-proxy result-node-1 result-node-2; do
iso=$(find $result -name "*.iso" | head -1)
curl -s -X POST \
-H "Authorization: token ${{ secrets.CI_TOKEN }}" \
-F "attachment=@${iso};filename=${result}.iso" \
"https://git.cyperpunk.de/api/v1/repos/DerGrumpf/cyper-nix/releases/${RELEASE_ID}/assets"
done
flake.nix
+71 -28
View File
@@ -95,6 +95,61 @@
}@inputs: }@inputs:
let let
primaryUser = "phil"; primaryUser = "phil";
mkIso =
{
hostName,
isDarwin ? false,
isServer ? false,
}:
nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "iso";
specialArgs = {
inherit
inputs
primaryUser
self
hostName
isDarwin
isServer
;
};
modules = [
{
nixpkgs.overlays = [
inputs.nur.overlays.default
(import ./overlays { inherit (inputs) nur; })
];
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.hostPlatform = "x86_64-linux"; }
{ networking.hostName = hostName; }
./hosts/${hostName}/configuration.nix
./nixos
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit
inputs
primaryUser
self
hostName
isDarwin
isServer
;
};
users.${primaryUser} = import ./home;
backupFileExtension = "backup";
useGlobalPkgs = true;
useUserPackages = true;
};
}
];
};
mkSystem = mkSystem =
{ {
hostName, hostName,
@@ -196,38 +251,26 @@
isDarwin = true; isDarwin = true;
}; };
# NEW: flashable image for cyper-controller packages.x86_64-linux = {
packages.x86_64-linux.cyper-controller-image = nixos-generators.nixosGenerate { cyper-desktop-iso = mkIso { hostName = "cyper-desktop"; };
system = "x86_64-linux"; cyper-controller-iso = mkIso {
format = "raw-efi";
specialArgs = {
inherit inputs primaryUser self;
hostName = "cyper-controller"; hostName = "cyper-controller";
isDarwin = false;
isServer = true; isServer = true;
}; };
modules = [ cyper-proxy-iso = mkIso {
{ nixpkgs.hostPlatform = "x86_64-linux"; } hostName = "cyper-proxy";
{ networking.hostName = "cyper-controller"; } isServer = true;
./hosts/cyper-controller/configuration.nix };
./nixos cyper-node-1-iso = mkIso {
inputs.sops-nix.nixosModules.sops hostName = "cyper-node-1";
inputs.home-manager.nixosModules.home-manager isServer = true;
{ };
home-manager = { cyper-node-2-iso = mkIso {
extraSpecialArgs = { hostName = "cyper-node-2";
inherit inputs primaryUser self; isServer = true;
hostName = "cyper-controller"; };
isDarwin = false;
isServer = true;
};
users.${primaryUser} = import ./home;
backupFileExtension = "backup";
};
}
];
}; };
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style; formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree;
}; };
} }
home/desktop/niri/default.nix
View File
home/desktop/niri/swayidle.nix
View File
home/desktop/niri/swaylock.nix
View File
home/desktop/niri/swaync.nix
-110
View File
@@ -1,110 +0,0 @@
{ ... }:
{
services.swaync = {
enable = true;
settings = {
positionX = "center";
positionY = "center";
layer = "overlay";
control-center-layer = "top";
layer-shell = true;
cssPriority = "user";
control-center-margin-top = 100;
control-center-margin-bottom = 200;
control-center-margin-right = 0;
control-center-margin-left = 0;
notification-2fa-action = true;
notification-inline-replies = false;
notification-icon-size = 64;
notification-body-image-height = 100;
notification-body-image-width = 200;
widgets = [
"mpris"
"volume"
"inhibitors"
"title"
"dnd"
"notifications"
];
widget-config = {
mpris = {
blacklist = [ ];
autohide = false;
show-album-art = "always";
loop-carousel = false;
image-size = 96;
image-radius = 12;
};
volume = {
label = "gain";
show-per-app = false;
empty-list-label = "Nothin' is playin'";
expand-button-label = "";
collaps-button-label = "";
};
title = {
text = "Hollerin'";
clear-all-button = true;
button-text = "Sheriff's Pardon";
};
dnd = {
text = "Let'er rest";
};
menubar = {
"menu#power" = {
label = "Power";
position = "right";
animation-type = "slide_down";
animation-duration = 250;
actions = [
{
label = "Bolt It";
command = "hyprlock";
}
{
label = "Ride Out";
command = "hyprctl dispatch exit";
}
{
label = "Circle Back";
command = "systemctl reboot";
}
{
label = "Bet Down the Horses";
command = "systemctl poweroff";
}
];
};
"buttons#media" = {
position = "left";
actions = [
{
label = "Play/Pause";
command = "playerctl play-pause";
}
{
label = "Next";
command = "playerctl next";
}
{
label = "Previous";
command = "playerctl previous";
}
];
};
};
notifications = {
vexpand = true;
};
};
};
};
}
home/desktop/rofi/default.nix
+7 -2
View File
@@ -1,6 +1,11 @@
{ pkgs, lib, ... }: { { pkgs, lib, ... }: {
home.packages = home.packages = lib.mkIf (!pkgs.stdenv.isDarwin) (
lib.mkIf (!pkgs.stdenv.isDarwin) (with pkgs; [ rofi-power-menu rofi-calc ]); with pkgs;
[
rofi-power-menu
rofi-calc
]
);
programs.rofi = lib.mkIf (!pkgs.stdenv.isDarwin) { programs.rofi = lib.mkIf (!pkgs.stdenv.isDarwin) {
enable = true; enable = true;
home/desktop/sketchybar/default.nix
+7 -1
View File
@@ -1,4 +1,10 @@
{ pkgs, lib, isDarwin, ... }: { {
pkgs,
lib,
isDarwin,
...
}:
{
programs.sketchybar = lib.mkIf isDarwin { programs.sketchybar = lib.mkIf isDarwin {
enable = true; enable = true;
configType = "lua"; configType = "lua";
home/desktop/waybar/default.nix
+14 -5
View File
@@ -1,8 +1,17 @@
{ pkgs, lib, compositor ? "hyprland", ... }: { {
programs.waybar = lib.mkIf (!pkgs.stdenv.isDarwin) ({ pkgs,
enable = true; lib,
package = pkgs.waybar; compositor ? "hyprland",
} // (import ./dual.nix { inherit compositor; })); ...
}:
{
programs.waybar = lib.mkIf (!pkgs.stdenv.isDarwin) (
{
enable = true;
package = pkgs.waybar;
}
// (import ./dual.nix { inherit compositor; })
);
home.packages = lib.mkIf (!pkgs.stdenv.isDarwin) (with pkgs; [ cava ]); home.packages = lib.mkIf (!pkgs.stdenv.isDarwin) (with pkgs; [ cava ]);
home/neovim/alpha.nix
+37 -8
View File
@@ -46,10 +46,14 @@
{ {
type = "button"; type = "button";
val = "[+] New file"; val = "[+] New file";
on_press.__raw = on_press.__raw = "function() vim.cmd[[ene]] vim.cmd[[startinsert]] end";
"function() vim.cmd[[ene]] vim.cmd[[startinsert]] end";
opts = { opts = {
keymap = [ "n" "e" ":ene <BAR> startinsert <CR>" { } ]; keymap = [
"n"
"e"
":ene <BAR> startinsert <CR>"
{ }
];
shortcut = "e"; shortcut = "e";
position = "center"; position = "center";
cursor = 3; cursor = 3;
@@ -63,7 +67,12 @@
val = "[?] Find file"; val = "[?] Find file";
on_press.__raw = "function() vim.cmd[[Telescope find_files]] end"; on_press.__raw = "function() vim.cmd[[Telescope find_files]] end";
opts = { opts = {
keymap = [ "n" "f" ":Telescope find_files <CR>" { } ]; keymap = [
"n"
"f"
":Telescope find_files <CR>"
{ }
];
shortcut = "f"; shortcut = "f";
position = "center"; position = "center";
cursor = 3; cursor = 3;
@@ -77,7 +86,12 @@
val = "[~] Recent files"; val = "[~] Recent files";
on_press.__raw = "function() vim.cmd[[Telescope oldfiles]] end"; on_press.__raw = "function() vim.cmd[[Telescope oldfiles]] end";
opts = { opts = {
keymap = [ "n" "r" ":Telescope oldfiles <CR>" { } ]; keymap = [
"n"
"r"
":Telescope oldfiles <CR>"
{ }
];
shortcut = "r"; shortcut = "r";
position = "center"; position = "center";
cursor = 3; cursor = 3;
@@ -91,7 +105,12 @@
val = "[Y] Yazi"; val = "[Y] Yazi";
on_press.__raw = "function() require('yazi').yazi() end"; on_press.__raw = "function() require('yazi').yazi() end";
opts = { opts = {
keymap = [ "n" "y" ":Yazi<CR>" { } ]; keymap = [
"n"
"y"
":Yazi<CR>"
{ }
];
shortcut = "y"; shortcut = "y";
position = "center"; position = "center";
cursor = 3; cursor = 3;
@@ -105,7 +124,12 @@
val = "[A] Open Prompt"; val = "[A] Open Prompt";
#on_press.__raw = "function() require('yazi').yazi() end"; #on_press.__raw = "function() require('yazi').yazi() end";
opts = { opts = {
keymap = [ "n" "a" ":AvanteChatNew<CR>" { } ]; keymap = [
"n"
"a"
":AvanteChatNew<CR>"
{ }
];
shortcut = "a"; shortcut = "a";
position = "center"; position = "center";
cursor = 3; cursor = 3;
@@ -119,7 +143,12 @@
val = "[X] Quit"; val = "[X] Quit";
on_press.__raw = "function() vim.cmd[[qa]] end"; on_press.__raw = "function() vim.cmd[[qa]] end";
opts = { opts = {
keymap = [ "n" "q" ":qa<CR>" { } ]; keymap = [
"n"
"q"
":qa<CR>"
{ }
];
shortcut = "q"; shortcut = "q";
position = "center"; position = "center";
cursor = 3; cursor = 3;
home/neovim/molten.nix
+2 -2
View File
@@ -2,8 +2,8 @@
programs.nixvim = lib.mkIf (!isDarwin) { programs.nixvim = lib.mkIf (!isDarwin) {
plugins.molten = { plugins.molten = {
enable = true; enable = true;
python3Dependencies = p: python3Dependencies =
with p; [ p: with p; [
pynvim pynvim
jupyter-client jupyter-client
cairosvg cairosvg
home/onlyoffice.nix
+1 -2
View File
@@ -1,4 +1,3 @@
{ pkgs, ... }: { { pkgs, ... }: {
programs.onlyoffice = programs.onlyoffice = pkgs.lib.mkIf (!pkgs.stdenv.isDarwin) { enable = true; };
pkgs.lib.mkIf (!pkgs.stdenv.isDarwin) { enable = true; };
} }
home/shell.nix
-51
View File
@@ -74,57 +74,6 @@
}; };
}; };
# Doenst work
iamb = {
enable = false;
settings = {
default_profile = "personal";
settings = {
notifications.enabled = true;
image_preview.protocol = {
type = "kitty";
size = {
height = 10;
width = 66;
};
};
};
};
};
newsboat = {
enable = true;
autoReload = true;
browser = if isDarwin then "open" else "xdg-open";
urls = [
{
url = "https://www.tagesschau.de/xml/rss2";
tags = [
"news"
"de"
];
}
{
url = "https://www.spiegel.de/schlagzeilen/index.rss";
tags = [
"news"
"de"
];
}
{
url = "https://www.focus.de/rss";
tags = [
"news"
"de"
];
}
{
url = "https://feeds.feedburner.com/blogspot/rkEL";
tags = [ "blog" ];
}
];
};
cava = lib.mkIf (!isDarwin) { enable = true; }; cava = lib.mkIf (!isDarwin) { enable = true; };
yazi = { yazi = {
hosts/cyper-node-1/configuration.nix
-5
View File
@@ -1,11 +1,6 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../nixos/roles/monitoring.nix
../../nixos/roles/matrix.nix
../../nixos/roles/postgresql.nix
../../nixos/roles/wyl.nix
../../nixos/roles/adguard.nix
]; ];
networking = { networking = {
hosts/cyper-node-2/configuration.nix
-2
View File
@@ -1,8 +1,6 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../nixos/roles/gitea.nix
../../nixos/roles/filebrowser.nix
]; ];
networking = { networking = {
hosts/cyper-proxy/hardware-configuration.nix
+30 -27
View File
@@ -5,38 +5,41 @@
]; ];
boot = { boot = {
loader.grub = { loader.grub = {
enable = true; enable = true;
device = "/dev/vda"; device = "/dev/vda";
}; };
initrd = { initrd = {
availableKernelModules = [ availableKernelModules = [
"ata_piix" "ata_piix"
"virtio_pci" "virtio_pci"
"virtio_scsi" "virtio_scsi"
"virtio_blk" "virtio_blk"
"xhci_pci" "xhci_pci"
"sr_mod" "sr_mod"
]; ];
kernelModules = [ ]; kernelModules = [ ];
}; };
kernelModules = [ ]; kernelModules = [ ];
extraModulePackages = [ ]; extraModulePackages = [ ];
}; };
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "/dev/disk/by-label/NIXROOT"; device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4"; fsType = "ext4";
}; };
"/boot" = { "/boot" = {
device = "/dev/disk/by-label/NIXBOOT"; device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat"; fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ]; options = [
"fmask=0022"
"dmask=0022"
];
};
}; };
};
swapDevices = [ ]; swapDevices = [ ];
nixos/catppuccin.nix
-4
View File
@@ -12,9 +12,5 @@
enable = true; enable = true;
accent = "sapphire"; accent = "sapphire";
}; };
fcitx5.enable = false;
forgejo.enable = false;
gitea.enable = false;
sddm.enable = false;
}; };
} }
nixos/default.nix
+7
View File
@@ -57,6 +57,11 @@
}; };
}; };
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" ];
};
documentation = { documentation = {
enable = true; enable = true;
doc.enable = false; doc.enable = false;
@@ -80,6 +85,8 @@
}; };
}; };
environment.systemPackages = with pkgs; [ git ];
security = lib.mkIf (!isServer) { security = lib.mkIf (!isServer) {
pam.services.swaylock = { }; pam.services.swaylock = { };
polkit.enable = true; polkit.enable = true;
nixos/plymouth.nix
+2 -2
View File
@@ -1,4 +1,4 @@
{ ... }: { lib, ... }:
{ {
boot = { boot = {
plymouth = { plymouth = {
@@ -15,6 +15,6 @@
"udev.log_priority=3" "udev.log_priority=3"
"rd.systemd.show_status=auto" "rd.systemd.show_status=auto"
]; ];
loader.timeout = 0; loader.timeout = lib.mkDefault 0;
}; };
} }
nixos/roles/gitea.nix
+17 -18
View File
@@ -209,24 +209,20 @@ in
url = "https://git.cyperpunk.de"; url = "https://git.cyperpunk.de";
tokenFile = config.sops.secrets."gitea/runnerToken".path; tokenFile = config.sops.secrets."gitea/runnerToken".path;
name = "cyper-controller"; name = "cyper-controller";
labels = [ labels = [ "nix:host" ];
"nix:host"
];
settings = {
runner.env_vars = {
PATH = "/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:$PATH";
};
};
};
};
system.activationScripts.gitea-runner-age-key = { hostPackages = with pkgs; [
text = '' bash
mkdir -p /var/lib/gitea-runner/.config/sops/age coreutils
cp /home/${primaryUser}/.config/nix/secrets/keys.txt /var/lib/gitea-runner/.config/sops/age/keys.txt curl
chmod 600 /var/lib/gitea-runner/.config/sops/age/keys.txt gawk
chown -R gitea-runner:gitea-runner /var/lib/gitea-runner/.config gitMinimal
''; gnused
nodejs
wget
nix
];
};
}; };
users = { users = {
@@ -237,9 +233,12 @@ in
home = "/var/lib/gitea"; home = "/var/lib/gitea";
createHome = true; createHome = true;
}; };
postgres.extraGroups = [ "gitea" ]; postgres.extraGroups = [ "gitea" ];
}; };
groups.gitea = { }; groups = {
gitea = { };
};
}; };
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
nixos/roles/matrix/discord-bridge.nix
-2
View File
@@ -1,7 +1,5 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
sops.secrets = { sops.secrets = {
discord_bot_token = { discord_bot_token = {
owner = "mautrix-discord"; owner = "mautrix-discord";
nixos/roles/unifi.nix
-2
View File
@@ -1,8 +1,6 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
nixpkgs.config.allowUnfree = true;
services.unifi = { services.unifi = {
enable = true; enable = true;
unifiPackage = pkgs.unifi; unifiPackage = pkgs.unifi;