DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Compare commits

base: DerGrumpf/cyper-nix:c49a0f14207dd87478fdf4b080a4026f15bf6123
Branches Tags
DerGrumpf/cyper-nix:main
DerGrumpf/cyper-nix:iso-20260623-003446
..
compare: DerGrumpf/cyper-nix:main
Branches Tags
DerGrumpf/cyper-nix:main
DerGrumpf/cyper-nix:iso-20260623-003446

11 Commits
c49a0f1420 .. main

Author SHA1 Message Date
DerGrumpf d122263dfa Added workflow for automatic iso builds
CI / check (push) Successful in 3m55s
Details
2026-06-22 22:56:47 +02:00
DerGrumpf 86e020936c Changed Workflow for not including darwin build due to catppuccin evaluation
CI / check (push) Successful in 4m1s
Details
2026-06-22 22:48:08 +02:00
DerGrumpf c00b9dc204 Fixed workflow; removed unnecessary stuff; add iso builder
CI / check (push) Successful in 5m51s
Details
2026-06-22 22:33:33 +02:00
DerGrumpf 2505485996 Aligned flake with workflow
CI / check (push) Failing after 2m41s
Details
2026-06-22 22:16:53 +02:00
DerGrumpf f41ef34361 Nonsense on top of Nonsense!
CI / check (push) Failing after 57s
Details
2026-06-22 21:16:47 +02:00
DerGrumpf 4cacb69c9c Nonsense on top of Nonsense!
CI / check (push) Failing after 24s
Details
2026-06-22 21:14:33 +02:00
DerGrumpf 9880ba23aa Fixed gitea-runner user
CI / check (push) Failing after 0s
Details
2026-06-22 21:03:17 +02:00
DerGrumpf 628dfaba31 Fixed gitea-runner user
CI / check (push) Failing after 0s
Details
2026-06-22 21:01:28 +02:00
DerGrumpf 9a93834dbb Fixed activation ids
CI / check (push) Failing after 1s
Details
2026-06-22 20:49:38 +02:00
DerGrumpf 81cfe4ff2b Merged
CI / check (push) Failing after 1s
Details
2026-06-22 20:44:45 +02:00
DerGrumpf 7f3b6be59b Fixed CI Workflow 2026-06-22 20:43:56 +02:00
23 changed files with 251 additions and 281 deletions
Expand all files Collapse all files
.gitea/workflows/ci.yml
+9 -10
View File
@@ -8,17 +8,18 @@ on:
jobs:
check:
runs-on: nix
env:
PATH: "/run/wrappers/bin:/nix/var/nix/profiles/default/bin:/run/current-system/sw/bin:/usr/bin:/bin"
NIXPKGS_ALLOW_UNFREE: "1"
steps:
- uses: actions/checkout@v4
- name: Setup PATH
run: echo "/nix/var/nix/profiles/default/bin" >> $GITHUB_PATH
- name: Nix flake check
run: nix flake check --no-build
- name: Checkout
run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
- name: Format check
run: nix fmt -- --check .
run: nix fmt -- --ci
- name: Nix flake check
run: nix flake check --impure
- name: Build NixOS configs (dry-run)
run: |
@@ -28,5 +29,3 @@ jobs:
nix build .#nixosConfigurations.cyper-node-1.config.system.build.toplevel --dry-run
nix build .#nixosConfigurations.cyper-node-2.config.system.build.toplevel --dry-run
- name: Eval darwin config (Linux-safe)
run: nix eval .#darwinConfigurations.cyper-mac.system
.gitea/workflows/release.yml
+47
View File
@@ -0,0 +1,47 @@
name: Release ISOs
on:
workflow_run:
workflows: ["CI"]
types:
- completed
branches: ["main"]
jobs:
build-isos:
runs-on: nix
if: ${{ github.event.workflow_run.conclusion == 'success' }}
env:
NIXPKGS_ALLOW_UNFREE: "1"
steps:
- name: Checkout
run: git clone https://git.cyperpunk.de/DerGrumpf/cyper-nix.git .
- name: Build ISOs
run: |
nix build .#packages.x86_64-linux.cyper-desktop-iso --out-link result-desktop
nix build .#packages.x86_64-linux.cyper-controller-iso --out-link result-controller
nix build .#packages.x86_64-linux.cyper-proxy-iso --out-link result-proxy
nix build .#packages.x86_64-linux.cyper-node-1-iso --out-link result-node-1
nix build .#packages.x86_64-linux.cyper-node-2-iso --out-link result-node-2
- name: Create release and upload ISOs
run: |
TAG="iso-$(date +%Y%m%d-%H%M%S)"
COMMIT=$(git -C . rev-parse --short HEAD)
RELEASE=$(curl -s -X POST \
-H "Authorization: token ${{ secrets.CI_TOKEN }}" \
-H "Content-Type: application/json" \
-d "{\"tag_name\":\"${TAG}\",\"name\":\"ISOs ${TAG}\",\"body\":\"Automated ISO build from commit ${COMMIT}\"}" \
"https://git.cyperpunk.de/api/v1/repos/DerGrumpf/cyper-nix/releases")
RELEASE_ID=$(echo $RELEASE | grep -o '"id":[0-9]*' | head -1 | cut -d: -f2)
for result in result-desktop result-controller result-proxy result-node-1 result-node-2; do
iso=$(find $result -name "*.iso" | head -1)
curl -s -X POST \
-H "Authorization: token ${{ secrets.CI_TOKEN }}" \
-F "attachment=@${iso};filename=${result}.iso" \
"https://git.cyperpunk.de/api/v1/repos/DerGrumpf/cyper-nix/releases/${RELEASE_ID}/assets"
done
flake.nix
+71 -28
View File
@@ -95,6 +95,61 @@
}@inputs:
let
primaryUser = "phil";
mkIso =
{
hostName,
isDarwin ? false,
isServer ? false,
}:
nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "iso";
specialArgs = {
inherit
inputs
primaryUser
self
hostName
isDarwin
isServer
;
};
modules = [
{
nixpkgs.overlays = [
inputs.nur.overlays.default
(import ./overlays { inherit (inputs) nur; })
];
}
{ nixpkgs.config.allowUnfree = true; }
{ nixpkgs.hostPlatform = "x86_64-linux"; }
{ networking.hostName = hostName; }
./hosts/${hostName}/configuration.nix
./nixos
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit
inputs
primaryUser
self
hostName
isDarwin
isServer
;
};
users.${primaryUser} = import ./home;
backupFileExtension = "backup";
useGlobalPkgs = true;
useUserPackages = true;
};
}
];
};
mkSystem =
{
hostName,
@@ -196,38 +251,26 @@
isDarwin = true;
};
# NEW: flashable image for cyper-controller
packages.x86_64-linux.cyper-controller-image = nixos-generators.nixosGenerate {
system = "x86_64-linux";
format = "raw-efi";
specialArgs = {
inherit inputs primaryUser self;
packages.x86_64-linux = {
cyper-desktop-iso = mkIso { hostName = "cyper-desktop"; };
cyper-controller-iso = mkIso {
hostName = "cyper-controller";
isDarwin = false;
isServer = true;
};
modules = [
{ nixpkgs.hostPlatform = "x86_64-linux"; }
{ networking.hostName = "cyper-controller"; }
./hosts/cyper-controller/configuration.nix
./nixos
inputs.sops-nix.nixosModules.sops
inputs.home-manager.nixosModules.home-manager
{
home-manager = {
extraSpecialArgs = {
inherit inputs primaryUser self;
hostName = "cyper-controller";
isDarwin = false;
isServer = true;
};
users.${primaryUser} = import ./home;
backupFileExtension = "backup";
};
}
];
cyper-proxy-iso = mkIso {
hostName = "cyper-proxy";
isServer = true;
};
cyper-node-1-iso = mkIso {
hostName = "cyper-node-1";
isServer = true;
};
cyper-node-2-iso = mkIso {
hostName = "cyper-node-2";
isServer = true;
};
};
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-tree;
};
}
home/desktop/niri/default.nix
View File
home/desktop/niri/swayidle.nix
View File
home/desktop/niri/swaylock.nix
View File
home/desktop/niri/swaync.nix
-110
View File
@@ -1,110 +0,0 @@
{ ... }:
{
services.swaync = {
enable = true;
settings = {
positionX = "center";
positionY = "center";
layer = "overlay";
control-center-layer = "top";
layer-shell = true;
cssPriority = "user";
control-center-margin-top = 100;
control-center-margin-bottom = 200;
control-center-margin-right = 0;
control-center-margin-left = 0;
notification-2fa-action = true;
notification-inline-replies = false;
notification-icon-size = 64;
notification-body-image-height = 100;
notification-body-image-width = 200;
widgets = [
"mpris"
"volume"
"inhibitors"
"title"
"dnd"
"notifications"
];
widget-config = {
mpris = {
blacklist = [ ];
autohide = false;
show-album-art = "always";
loop-carousel = false;
image-size = 96;
image-radius = 12;
};
volume = {
label = "gain";
show-per-app = false;
empty-list-label = "Nothin' is playin'";
expand-button-label = "";
collaps-button-label = "";
};
title = {
text = "Hollerin'";
clear-all-button = true;
button-text = "Sheriff's Pardon";
};
dnd = {
text = "Let'er rest";
};
menubar = {
"menu#power" = {
label = "Power";
position = "right";
animation-type = "slide_down";
animation-duration = 250;
actions = [
{
label = "Bolt It";
command = "hyprlock";
}
{
label = "Ride Out";
command = "hyprctl dispatch exit";
}
{
label = "Circle Back";
command = "systemctl reboot";
}
{
label = "Bet Down the Horses";
command = "systemctl poweroff";
}
];
};
"buttons#media" = {
position = "left";
actions = [
{
label = "Play/Pause";
command = "playerctl play-pause";
}
{
label = "Next";
command = "playerctl next";
}
{
label = "Previous";
command = "playerctl previous";
}
];
};
};
notifications = {
vexpand = true;
};
};
};
};
}
home/desktop/rofi/default.nix
+7 -2
View File
@@ -1,6 +1,11 @@
{ pkgs, lib, ... }: {
home.packages =
lib.mkIf (!pkgs.stdenv.isDarwin) (with pkgs; [ rofi-power-menu rofi-calc ]);
home.packages = lib.mkIf (!pkgs.stdenv.isDarwin) (
with pkgs;
[
rofi-power-menu
rofi-calc
]
);
programs.rofi = lib.mkIf (!pkgs.stdenv.isDarwin) {
enable = true;
home/desktop/sketchybar/default.nix
+7 -1
View File
@@ -1,4 +1,10 @@
{ pkgs, lib, isDarwin, ... }: {
{
pkgs,
lib,
isDarwin,
...
}:
{
programs.sketchybar = lib.mkIf isDarwin {
enable = true;
configType = "lua";
home/desktop/waybar/default.nix
+14 -5
View File
@@ -1,8 +1,17 @@
{ pkgs, lib, compositor ? "hyprland", ... }: {
programs.waybar = lib.mkIf (!pkgs.stdenv.isDarwin) ({
enable = true;
package = pkgs.waybar;
} // (import ./dual.nix { inherit compositor; }));
{
pkgs,
lib,
compositor ? "hyprland",
...
}:
{
programs.waybar = lib.mkIf (!pkgs.stdenv.isDarwin) (
{
enable = true;
package = pkgs.waybar;
}
// (import ./dual.nix { inherit compositor; })
);
home.packages = lib.mkIf (!pkgs.stdenv.isDarwin) (with pkgs; [ cava ]);
home/neovim/alpha.nix
+37 -8
View File
@@ -46,10 +46,14 @@
{
type = "button";
val = "[+] New file";
on_press.__raw =
"function() vim.cmd[[ene]] vim.cmd[[startinsert]] end";
on_press.__raw = "function() vim.cmd[[ene]] vim.cmd[[startinsert]] end";
opts = {
keymap = [ "n" "e" ":ene <BAR> startinsert <CR>" { } ];
keymap = [
"n"
"e"
":ene <BAR> startinsert <CR>"
{ }
];
shortcut = "e";
position = "center";
cursor = 3;
@@ -63,7 +67,12 @@
val = "[?] Find file";
on_press.__raw = "function() vim.cmd[[Telescope find_files]] end";
opts = {
keymap = [ "n" "f" ":Telescope find_files <CR>" { } ];
keymap = [
"n"
"f"
":Telescope find_files <CR>"
{ }
];
shortcut = "f";
position = "center";
cursor = 3;
@@ -77,7 +86,12 @@
val = "[~] Recent files";
on_press.__raw = "function() vim.cmd[[Telescope oldfiles]] end";
opts = {
keymap = [ "n" "r" ":Telescope oldfiles <CR>" { } ];
keymap = [
"n"
"r"
":Telescope oldfiles <CR>"
{ }
];
shortcut = "r";
position = "center";
cursor = 3;
@@ -91,7 +105,12 @@
val = "[Y] Yazi";
on_press.__raw = "function() require('yazi').yazi() end";
opts = {
keymap = [ "n" "y" ":Yazi<CR>" { } ];
keymap = [
"n"
"y"
":Yazi<CR>"
{ }
];
shortcut = "y";
position = "center";
cursor = 3;
@@ -105,7 +124,12 @@
val = "[A] Open Prompt";
#on_press.__raw = "function() require('yazi').yazi() end";
opts = {
keymap = [ "n" "a" ":AvanteChatNew<CR>" { } ];
keymap = [
"n"
"a"
":AvanteChatNew<CR>"
{ }
];
shortcut = "a";
position = "center";
cursor = 3;
@@ -119,7 +143,12 @@
val = "[X] Quit";
on_press.__raw = "function() vim.cmd[[qa]] end";
opts = {
keymap = [ "n" "q" ":qa<CR>" { } ];
keymap = [
"n"
"q"
":qa<CR>"
{ }
];
shortcut = "q";
position = "center";
cursor = 3;
home/neovim/molten.nix
+2 -2
View File
@@ -2,8 +2,8 @@
programs.nixvim = lib.mkIf (!isDarwin) {
plugins.molten = {
enable = true;
python3Dependencies = p:
with p; [
python3Dependencies =
p: with p; [
pynvim
jupyter-client
cairosvg
home/onlyoffice.nix
+1 -2
View File
@@ -1,4 +1,3 @@
{ pkgs, ... }: {
programs.onlyoffice =
pkgs.lib.mkIf (!pkgs.stdenv.isDarwin) { enable = true; };
programs.onlyoffice = pkgs.lib.mkIf (!pkgs.stdenv.isDarwin) { enable = true; };
}
home/shell.nix
-51
View File
@@ -74,57 +74,6 @@
};
};
# Doenst work
iamb = {
enable = false;
settings = {
default_profile = "personal";
settings = {
notifications.enabled = true;
image_preview.protocol = {
type = "kitty";
size = {
height = 10;
width = 66;
};
};
};
};
};
newsboat = {
enable = true;
autoReload = true;
browser = if isDarwin then "open" else "xdg-open";
urls = [
{
url = "https://www.tagesschau.de/xml/rss2";
tags = [
"news"
"de"
];
}
{
url = "https://www.spiegel.de/schlagzeilen/index.rss";
tags = [
"news"
"de"
];
}
{
url = "https://www.focus.de/rss";
tags = [
"news"
"de"
];
}
{
url = "https://feeds.feedburner.com/blogspot/rkEL";
tags = [ "blog" ];
}
];
};
cava = lib.mkIf (!isDarwin) { enable = true; };
yazi = {
hosts/cyper-node-1/configuration.nix
-5
View File
@@ -1,11 +1,6 @@
{
imports = [
./hardware-configuration.nix
../../nixos/roles/monitoring.nix
../../nixos/roles/matrix.nix
../../nixos/roles/postgresql.nix
../../nixos/roles/wyl.nix
../../nixos/roles/adguard.nix
];
networking = {
hosts/cyper-node-2/configuration.nix
-2
View File
@@ -1,8 +1,6 @@
{
imports = [
./hardware-configuration.nix
../../nixos/roles/gitea.nix
../../nixos/roles/filebrowser.nix
];
networking = {
hosts/cyper-proxy/hardware-configuration.nix
+30 -27
View File
@@ -5,38 +5,41 @@
];
boot = {
loader.grub = {
enable = true;
device = "/dev/vda";
};
loader.grub = {
enable = true;
device = "/dev/vda";
};
initrd = {
availableKernelModules = [
"ata_piix"
"virtio_pci"
"virtio_scsi"
"virtio_blk"
"xhci_pci"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
initrd = {
availableKernelModules = [
"ata_piix"
"virtio_pci"
"virtio_scsi"
"virtio_blk"
"xhci_pci"
"sr_mod"
];
kernelModules = [ ];
};
kernelModules = [ ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
"/" = {
device = "/dev/disk/by-label/NIXROOT";
fsType = "ext4";
};
"/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
"/boot" = {
device = "/dev/disk/by-label/NIXBOOT";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
};
};
swapDevices = [ ];
nixos/catppuccin.nix
-4
View File
@@ -12,9 +12,5 @@
enable = true;
accent = "sapphire";
};
fcitx5.enable = false;
forgejo.enable = false;
gitea.enable = false;
sddm.enable = false;
};
}
nixos/default.nix
+7
View File
@@ -57,6 +57,11 @@
};
};
nixpkgs.config = {
allowUnfree = true;
permittedInsecurePackages = [ "olm-3.2.16" ];
};
documentation = {
enable = true;
doc.enable = false;
@@ -80,6 +85,8 @@
};
};
environment.systemPackages = with pkgs; [ git ];
security = lib.mkIf (!isServer) {
pam.services.swaylock = { };
polkit.enable = true;
nixos/plymouth.nix
+2 -2
View File
@@ -1,4 +1,4 @@
{ ... }:
{ lib, ... }:
{
boot = {
plymouth = {
@@ -15,6 +15,6 @@
"udev.log_priority=3"
"rd.systemd.show_status=auto"
];
loader.timeout = 0;
loader.timeout = lib.mkDefault 0;
};
}
nixos/roles/gitea.nix
+17 -18
View File
@@ -209,24 +209,20 @@ in
url = "https://git.cyperpunk.de";
tokenFile = config.sops.secrets."gitea/runnerToken".path;
name = "cyper-controller";
labels = [
"nix:host"
];
settings = {
runner.env_vars = {
PATH = "/run/current-system/sw/bin:/nix/var/nix/profiles/default/bin:$PATH";
};
};
};
};
labels = [ "nix:host" ];
system.activationScripts.gitea-runner-age-key = {
text = ''
mkdir -p /var/lib/gitea-runner/.config/sops/age
cp /home/${primaryUser}/.config/nix/secrets/keys.txt /var/lib/gitea-runner/.config/sops/age/keys.txt
chmod 600 /var/lib/gitea-runner/.config/sops/age/keys.txt
chown -R gitea-runner:gitea-runner /var/lib/gitea-runner/.config
'';
hostPackages = with pkgs; [
bash
coreutils
curl
gawk
gitMinimal
gnused
nodejs
wget
nix
];
};
};
users = {
@@ -237,9 +233,12 @@ in
home = "/var/lib/gitea";
createHome = true;
};
postgres.extraGroups = [ "gitea" ];
};
groups.gitea = { };
groups = {
gitea = { };
};
};
networking.firewall.allowedTCPPorts = [
nixos/roles/matrix/discord-bridge.nix
-2
View File
@@ -1,7 +1,5 @@
{ config, lib, ... }:
{
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
sops.secrets = {
discord_bot_token = {
owner = "mautrix-discord";
nixos/roles/unifi.nix
-2
View File
@@ -1,8 +1,6 @@
{ pkgs, ... }:
{
nixpkgs.config.allowUnfree = true;
services.unifi = {
enable = true;
unifiPackage = pkgs.unifi;