From 99ad3058a35caefdd2ca44ccd18b4872bfffb7e1 Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 11 Mar 2026 19:24:17 +0700 Subject: [PATCH 001/261] integrate sops-nix for secret management --- .sops.yaml | 25 +++++++++++++ modules/system/homelab/auth.nix | 4 +- modules/system/homelab/dash.nix | 4 +- modules/system/homelab/pass.nix | 4 +- modules/system/homelab/proxy.nix | 7 ++-- modules/system/homelab/sops.nix | 59 ++++++++++++++++++++++++++++++ modules/system/homelab/tunnels.nix | 8 ++-- modules/system/server.nix | 5 ++- scripts/check-sops.sh | 30 +++++++++++++++ secrets/homelab.yaml | 11 ++++++ 10 files changed, 141 insertions(+), 16 deletions(-) create mode 100644 .sops.yaml create mode 100644 modules/system/homelab/sops.nix create mode 100755 scripts/check-sops.sh create mode 100644 secrets/homelab.yaml diff --git a/.sops.yaml b/.sops.yaml new file mode 100644 index 0000000..a2c7b59 --- /dev/null +++ b/.sops.yaml @@ -0,0 +1,25 @@ +# To set up sops-nix: +# 1. Generate an age key on each host: +# mkdir -p ~/.config/sops/age +# age-keygen -o ~/.config/sops/age/keys.txt +# Or derive from the host SSH key: +# nix-shell -p ssh-to-age --run 'cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age' +# +# 2. Replace the placeholder age keys below with the actual public keys. +# +# 3. Encrypt secret files: +# sops secrets/homelab.yaml +# +# 4. To re-key after changing keys: +# sops updatekeys secrets/homelab.yaml + +keys: + - &homelab age1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # replace with: ssh-to-age < /etc/ssh/ssh_host_ed25519_key.pub + - &admin age1XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX # replace with: age-keygen output from your admin machine + +creation_rules: + - path_regex: secrets/homelab\.yaml$ + key_groups: + - age: + - *homelab + - *admin \ No newline at end of file diff --git a/modules/system/homelab/auth.nix b/modules/system/homelab/auth.nix index 57823b9..62e4f39 100644 --- a/modules/system/homelab/auth.nix +++ b/modules/system/homelab/auth.nix @@ -1,7 +1,7 @@ -{ homelab, ... }: { +{ config, homelab, ... }: { services.pocket-id = { enable = true; - credentials.ENCRYPTION_KEY = "/mnt/data/pocketid/encryption-key"; + credentials.ENCRYPTION_KEY = config.sops.secrets.pocketid_encryption_key.path; dataDir = "/mnt/data/pocketid/data"; settings = { PORT = "1411"; diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 3923242..a27e591 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -1,4 +1,4 @@ -{ timezone, homelab, ... }: let +{ config, timezone, homelab, ... }: let rss = [ "https://www.raspberrypi.com/news/feed/" "https://www.jeffgeerling.com/blog.xml" @@ -96,7 +96,7 @@ in { }; services.glance = { enable = true; - environmentFile = "/var/lib/glance/.env"; + environmentFile = config.sops.secrets.glance_env.path; settings = { server = { host = "127.0.0.1"; diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 89ea489..d3f5805 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -1,9 +1,9 @@ -{ homelab, ... }: { +{ config, homelab, ... }: { services.vaultwarden = { enable = true; domain = "pass.proxy.${homelab.domain}"; backupDir = "/mnt/data/vaultwarden/backups"; - environmentFile = "/mnt/data/vaultwarden/.env"; + environmentFile = config.sops.secrets.vaultwarden_env.path; config = { ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 85671a5..37909e7 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,4 +1,4 @@ -{ homelab, lib, ... }: let +{ config, homelab, lib, ... }: let base = "proxy.${homelab.domain}"; hosts = { "server" = { dest = "https://server.dns.${homelab.domain}:8006"; auth = false; }; @@ -45,8 +45,7 @@ in { domain = "*.${base}"; extraDomainNames = [ base ]; dnsProvider = "cloudflare"; - environmentFile = "/var/lib/acme/cloudflare.env"; - # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX + environmentFile = config.sops.templates."cloudflare.env".path; }; }; @@ -81,7 +80,7 @@ in { locations."/" = { proxyPass = cfg.dest; proxyWebsockets = true; - basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; + basicAuthFile = if cfg.auth then config.sops.secrets.nginx_htpasswd.path else null; extraConfig = exta-conf; }; }) hosts; diff --git a/modules/system/homelab/sops.nix b/modules/system/homelab/sops.nix new file mode 100644 index 0000000..4ce61b7 --- /dev/null +++ b/modules/system/homelab/sops.nix @@ -0,0 +1,59 @@ +{ config, ... }: { + sops = { + defaultSopsFile = ../../../secrets/homelab.yaml; + age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + + secrets = { + cloudflare_dns_api_token = { + owner = "acme"; + group = "acme"; + }; + + cloudflared_tunnel_credentials = { + owner = "cloudflared"; + group = "cloudflared"; + }; + + cloudflared_cert = { + owner = "cloudflared"; + group = "cloudflared"; + }; + + vaultwarden_env = { + owner = "vaultwarden"; + group = "vaultwarden"; + restartUnits = [ "vaultwarden.service" ]; + }; + + glance_env = { + owner = "glance"; + group = "glance"; + restartUnits = [ "glance.service" ]; + }; + + pocketid_encryption_key = { + owner = "root"; + group = "root"; + restartUnits = [ "pocket-id.service" ]; + }; + + tailscale_authkey = { + owner = "root"; + group = "root"; + restartUnits = [ "tailscaled.service" ]; + }; + + nginx_htpasswd = { + owner = "nginx"; + group = "nginx"; + restartUnits = [ "nginx.service" ]; + }; + }; + + templates."cloudflare.env" = { + owner = "acme"; + group = "acme"; + content = "CLOUDFLARE_DNS_API_TOKEN=${config.sops.placeholder.cloudflare_dns_api_token}"; + }; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index 8cf0fb6..4c5402a 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, homelab, ... }: let +{ config, pkgs, lib, homelab, ... }: let routes = { "git.${homelab.domain}" = "http://localhost:5080"; "auth.${homelab.domain}" = "http://localhost:1411"; @@ -10,8 +10,8 @@ in { services.cloudflared = { enable = true; tunnels.homelab = { - credentialsFile = "/mnt/data/cloudflared/homelab.json"; - certificateFile = "/mnt/data/cloudflared/cert.pem"; + credentialsFile = config.sops.secrets.cloudflared_tunnel_credentials.path; + certificateFile = config.sops.secrets.cloudflared_cert.path; default = "http_status:404"; ingress = routes; }; @@ -31,7 +31,7 @@ in { script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." - ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true + ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert ${config.sops.secrets.cloudflared_cert.path} route dns ${homelab.cf-tunnel-id} ${domain} || true '') (builtins.attrNames routes); }; } diff --git a/modules/system/server.nix b/modules/system/server.nix index fc7e686..0b1e3d9 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -1,4 +1,4 @@ -{ lib, homelab, ... }: let +{ config, lib, homelab, ... }: let ts-flags = [ "--advertise-exit-node" "--advertise-routes=10.3.14.0/24,192.168.1.0/24" @@ -20,6 +20,7 @@ in { ./homelab/dns.nix ./homelab/git.nix ./homelab/ai.nix + ./homelab/sops.nix ./core/swapfile.nix ./core/oom.nix @@ -29,7 +30,7 @@ in { services.tailscale = { enable = true; - authKeyFile = "/mnt/data/tailscale/authkey"; + authKeyFile = config.sops.secrets.tailscale_authkey.path; useRoutingFeatures = "server"; extraUpFlags = ts-flags; extraSetFlags = ts-flags; diff --git a/scripts/check-sops.sh b/scripts/check-sops.sh new file mode 100755 index 0000000..dd4daf2 --- /dev/null +++ b/scripts/check-sops.sh @@ -0,0 +1,30 @@ +#!/usr/bin/env bash +# Pre-commit hook: block commits containing unencrypted sops secret files. +# Install with: ln -sf ../../scripts/check-sops.sh .git/hooks/pre-commit + +set -euo pipefail + +staged_secrets=$(git diff --cached --name-only --diff-filter=ACM -- 'secrets/*.yaml' 'secrets/*.yml' 'secrets/*.json') + +if [ -z "$staged_secrets" ]; then + exit 0 +fi + +failed=0 + +for file in $staged_secrets; do + # sops-encrypted YAML/JSON files always contain a top-level "sops" key with metadata + if ! git show ":$file" | grep -q '"sops"\|sops:'; then + echo "ERROR: $file is not encrypted with sops! Encrypt it first:" + echo " sops $file" + echo + echo "hint: bypass with: git commit --no-verify" + failed=1 + fi +done + +if [ "$failed" -ne 0 ]; then + echo "" + echo "Commit aborted. Encrypt secret files before committing." + exit 1 +fi \ No newline at end of file diff --git a/secrets/homelab.yaml b/secrets/homelab.yaml new file mode 100644 index 0000000..93cb53a --- /dev/null +++ b/secrets/homelab.yaml @@ -0,0 +1,11 @@ +# This file should be encrypted with sops before committing. +# Run: sops secrets/homelab.yaml +# All values below are placeholders. Replace them with actual values. +cloudflare_dns_api_token: REPLACE_ME +cloudflared_tunnel_credentials: REPLACE_ME +cloudflared_cert: REPLACE_ME +vaultwarden_env: REPLACE_ME +glance_env: REPLACE_ME +pocketid_encryption_key: REPLACE_ME +tailscale_authkey: REPLACE_ME +nginx_htpasswd: REPLACE_ME From 65bffeaa79dc83a5e49a5508d7e382cfa14d478d Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 11 Mar 2026 22:52:02 +0700 Subject: [PATCH 002/261] update bar macro --- modules/home/rice/waybar.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/rice/waybar.nix b/modules/home/rice/waybar.nix index 461bdac..27a04dd 100644 --- a/modules/home/rice/waybar.nix +++ b/modules/home/rice/waybar.nix @@ -45,8 +45,8 @@ interval = 1; format = " {usage:2}% {avg_frequency}GHz"; on-click = "auto-cpufreq-gtk"; - on-click-right = "pkexec tlp power-saver && notify-send ${hostname} \"TLP set to: $(tlp-stat -s | grep 'Power profile' | awk -F '=' '{print $2}' | xargs)\""; - on-click-middle = "pkexec tlp start && notify-send ${hostname} \"TLP set to: $(tlp-stat -s | grep 'Power profile' | awk -F '=' '{print $2}' | xargs)\""; + on-click-right = "pkexec auto-cpufreq --force powersave && notify-send ${hostname} \"CPU Governor Powersave Overide\""; + on-click-middle = "pkexec auto-cpufreq --force reset && notify-send ${hostname} \"CPU Governor Overide Reset\""; }; "memory" = { states = { From ea698f46b5ff899d64a4bc55b7b70f7fa24e776a Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 11 Mar 2026 22:58:40 +0700 Subject: [PATCH 003/261] use zen kernel --- modules/hardware/thinkpad.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hardware/thinkpad.nix b/modules/hardware/thinkpad.nix index c52765d..f7e193a 100644 --- a/modules/hardware/thinkpad.nix +++ b/modules/hardware/thinkpad.nix @@ -12,7 +12,7 @@ ]; boot = { - kernelPackages = pkgs.linuxPackages; + kernelPackages = pkgs.linuxPackages_zen; kernel.sysctl."vm.laptop_mode" = 5; initrd.availableKernelModules = [ "thinkpad_acpi" ]; kernelParams = [ From 4bc1e961a2b007cd13289236f4239a981c437115 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 15:15:55 +0700 Subject: [PATCH 004/261] remove proton mail --- modules/home/core/apps.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/core/apps.nix b/modules/home/core/apps.nix index 13146b3..e08ee37 100644 --- a/modules/home/core/apps.nix +++ b/modules/home/core/apps.nix @@ -8,7 +8,7 @@ slack discord - protonmail-desktop + # protonmail-desktop # https://www.reddit.com/r/NixOS/comments/1rm9alf/protonmail_in_nixos/ vlc brave From 9708e59cf4e6425d4aecd74dfc5cc4d92c2d634d Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 16:02:22 +0700 Subject: [PATCH 005/261] tweaks and fixes --- modules/home/core/zsh.nix | 2 +- modules/home/rice/hyprland.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/home/core/zsh.nix b/modules/home/core/zsh.nix index a1c27ae..ca4bd4f 100644 --- a/modules/home/core/zsh.nix +++ b/modules/home/core/zsh.nix @@ -66,7 +66,7 @@ "gh-author-setup" = "git config user.name $(gh api -H \"Accept: application/vnd.github+json\" -H \"X-GitHub-Api-Version: 2022-11-28\" /user | jq -r .login) && git config user.email $(gh api -H \"Accept: application/vnd.github+json\" -H \"X-GitHub-Api-Version: 2022-11-28\" /user/emails | jq -r \".[1].email\")"; "convert-pdf" = "libreoffice --headless --convert-to pdf"; - "mcl" = "portablemc start -l $(cat .minecraft/portablemc-launch-params.json | jq -r .email) $(cat .minecraft/portablemc-launch-params.json | jq -r .version)"; + "mcl" = "portablemc start -l $(cat ~/.minecraft/portablemc-launch-params.json | jq -r .email) $(cat ~/.minecraft/portablemc-launch-params.json | jq -r .version)"; "mc" = "ferium upgrade; mcl"; }; initContent = '' diff --git a/modules/home/rice/hyprland.nix b/modules/home/rice/hyprland.nix index 2db9add..b701605 100644 --- a/modules/home/rice/hyprland.nix +++ b/modules/home/rice/hyprland.nix @@ -155,7 +155,8 @@ "stay_focused on, suppress_event fullscreen maximize, dim_around on, float on, match:title ^(Hyprland Polkit Agent|Unlock Login Keyring|KeePassXC -.*)$" "float on, match:title ^(Open|Print|Save|Rename|Move|Copy|Confirm).*" "float on, match:title ^(Preferences|Settings|Options|About|Passbolt).*" - "float on, match:title ^(MainPicker|Volume Control|File Operation Progress|Network Connections|Choose an Application| )$" + "float on, match:title ^(MainPicker|Volume Control|File Operation Progress|Network Connections|Choose an Application)$" + "float on, match:title ^(Please wait)$" ]; }; }; From bfd72420f17eeb4895acaa21d296d5e190dcf811 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 17:05:03 +0700 Subject: [PATCH 006/261] add modrinth handler and some other tweaks --- modules/home/core/xdg.nix | 1 - modules/home/core/zed.nix | 8 +++++++- modules/home/desktop.nix | 1 + modules/home/misc/scheme-handlers.nix | 18 ++++++++++++++++++ modules/home/rice/keybinds.nix | 4 +--- 5 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 modules/home/misc/scheme-handlers.nix diff --git a/modules/home/core/xdg.nix b/modules/home/core/xdg.nix index 141e9c0..ffc2a13 100644 --- a/modules/home/core/xdg.nix +++ b/modules/home/core/xdg.nix @@ -9,7 +9,6 @@ "application/pdf" = "brave-browser.desktop"; "x-scheme-handler/http" = "brave-browser.desktop"; "x-scheme-handler/https" = "brave-browser.desktop"; - "x-scheme-handler/terminal" = "kitty.desktop"; "x-terminal-emulator" = "kitty.desktop"; "inode/directory" = "pcmanfm-qt.desktop"; "audio/mpeg" = "vlc.desktop"; diff --git a/modules/home/core/zed.nix b/modules/home/core/zed.nix index 8c6ff8e..99bb706 100644 --- a/modules/home/core/zed.nix +++ b/modules/home/core/zed.nix @@ -5,7 +5,6 @@ extensions = [ "nix" ]; userSettings = { format_on_save = "off"; - features.edit_prediction_provider = "copilot"; vim_mode = true; git.inline_blame.enabled = true; gutter.line_numbers = true; @@ -19,6 +18,13 @@ file_types.tailwindcss = [ "*.css" ]; auto_install_extensions.catppuccin-icons = true; icon_theme = "Catppuccin Mocha"; + agent = { + tool_permissions.default = "allow"; + default_model = { + provider = "copilot_chat"; + model = "claude-opus-4.6"; + }; + }; theme = { mode = "dark"; light = "Catppuccin Mocha (sapphire)"; diff --git a/modules/home/desktop.nix b/modules/home/desktop.nix index 3c71de0..a7a0bc1 100644 --- a/modules/home/desktop.nix +++ b/modules/home/desktop.nix @@ -10,6 +10,7 @@ ./rice/cursor.nix ./rice/theme.nix ./rice/keybinds.nix + ./misc/scheme-handlers.nix ./misc/kde-connect.nix ./core/apps.nix ./core/zed.nix diff --git a/modules/home/misc/scheme-handlers.nix b/modules/home/misc/scheme-handlers.nix new file mode 100644 index 0000000..dc7c0e8 --- /dev/null +++ b/modules/home/misc/scheme-handlers.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: +let + ferium-installer-script = pkgs.writeShellScript "ferium-installer" '' + mod=$(echo "$1" | awk -F'/' '{print $NF}') + ${pkgs.kitty}/bin/kitty sh -c "ferium add $mod; read" + ''; +in +{ + xdg.desktopEntries."ferium-installer" = { + name = "Intercept Modrinth Links to Ferium"; + exec = "${ferium-installer-script} %u"; + mimeType = [ "x-scheme-handler/modrinth" ]; + }; + + xdg.mimeApps.defaultApplications = { + "x-scheme-handler/modrinth" = "ferium-installer.desktop"; + }; +} \ No newline at end of file diff --git a/modules/home/rice/keybinds.nix b/modules/home/rice/keybinds.nix index d84ed78..d0c4d97 100644 --- a/modules/home/rice/keybinds.nix +++ b/modules/home/rice/keybinds.nix @@ -106,9 +106,7 @@ ", PRINT, exec, hyprshot -zm region -o ~/Pictures/Screenshots; killall -9 hyprpicker hyprshot" "SUPER, R, exec, rofi -show drun -show-icons -display-drun '' -run-command \"uwsm app -- {cmd}\"" - "SUPER, RETURN, exec, rofi -show window -show-icons -drun-display '' -window-format '{c} {t}'" - "SUPER CTRL, RETURN, exec, rofi rofi -dmenu -p 'run nixpkgs' -lines 0 < /dev/null | xargs -r -I {} kitty -- nix run 'nixpkgs#{}'" - "SUPER ALT, RETURN, exec, rofi rofi -dmenu -p 'shell nixpkgs' -lines 0 < /dev/null | xargs -r -I {} kitty -- nde`ix shell 'nixpkgs#{}'" + "SUPER, RETURN, exec, ls ~/Projects | rofi -dmenu -p \"Open Project\" | xargs -I {} sh -c 'mkdir -p ~/Projects/\"{}\" && zeditor ~/Projects/\"{}\"'" "SUPER, V, exec, rofi -modi clipboard:cliphist-rofi-img -show clipboard -show-icons" # "SUPER, B, exec, rofi -show calc -modi calc -no-show-match -no-sort" From a36bd9d945a22279737c140227576230072d473d Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 21:23:10 +0700 Subject: [PATCH 007/261] enable push to create --- modules/system/homelab/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 68aa3d9..e5a48ca 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -42,6 +42,7 @@ repository = { DISABLE_STARS = true; DISABLE_FORKS = true; + ENABLE_PUSH_CREATE_USER = true; }; }; }; From 188c8309dd0a4167d710de10db41281fc5e727df Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 21:50:30 +0700 Subject: [PATCH 008/261] fix monitor not found --- modules/system/homelab/dash.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 3923242..b739573 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -70,7 +70,7 @@ [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] - [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "http://localhost:81/dashboard/" ] + [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ] [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] [ "Jellyfin" "jellyfin" "https://media.proxy.${homelab.domain}" "http://localhost:8096/" ] [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ] From 62591b1d5ab09e9a62aab41ef3d40957b5863467 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 21:54:33 +0700 Subject: [PATCH 009/261] unauthorized is good --- modules/system/homelab/dash.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index b739573..fd8c9f0 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -255,6 +255,7 @@ in { title = builtins.elemAt e 0; icon = "si:${builtins.elemAt e 1}"; url = builtins.elemAt e 2; + alt-status-codes = [ 401 ]; }) bookmarks; } ]; From 6ca1d51cba2089387e6353b1351590a0a634a985 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 12 Mar 2026 22:01:23 +0700 Subject: [PATCH 010/261] add usermap --- modules/system/homelab/remote.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/remote.nix b/modules/system/homelab/remote.nix index 2eae11e..c8b6671 100644 --- a/modules/system/homelab/remote.nix +++ b/modules/system/homelab/remote.nix @@ -8,6 +8,7 @@ guacamole-client = { enable = true; enableWebserver = true; + userMappingXml = "/mnt/data/guacamole/user-mapping.xml"; settings = { guacd-hostname = "127.0.0.1"; guacd-port = 4822; From 556fce950df53d2721f9ee747dd48ba715ee6142 Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 10:35:09 +0700 Subject: [PATCH 011/261] error lens and keybind fix --- modules/home/core/zed.nix | 11 +++++++++++ modules/home/rice/keybinds.nix | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/modules/home/core/zed.nix b/modules/home/core/zed.nix index 99bb706..67342c3 100644 --- a/modules/home/core/zed.nix +++ b/modules/home/core/zed.nix @@ -18,6 +18,17 @@ file_types.tailwindcss = [ "*.css" ]; auto_install_extensions.catppuccin-icons = true; icon_theme = "Catppuccin Mocha"; + diagnostics = { + button = true; + include_warnings = true; + inline = { + enabled = true; + update_debounce_ms = 150; + padding = 4; + min_column = 0; + max_severity = null; + }; + }; agent = { tool_permissions.default = "allow"; default_model = { diff --git a/modules/home/rice/keybinds.nix b/modules/home/rice/keybinds.nix index d0c4d97..4fdf413 100644 --- a/modules/home/rice/keybinds.nix +++ b/modules/home/rice/keybinds.nix @@ -124,7 +124,7 @@ "SUPER, W, fullscreen, 1" "SUPER, S, fullscreen, 0" "SUPER, F, togglefloating," - "SUPER, G, togglesplit," + "SUPER, G, layoutmsg, togglesplit" "SUPER, L, exec, loginctl lock-session" "SUPER, down, togglespecialworkspace, hidden" From da966f152278fee5ce569eb3cf9299f66948f12a Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 10:38:05 +0700 Subject: [PATCH 012/261] enable git tree view --- modules/home/core/zed.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/core/zed.nix b/modules/home/core/zed.nix index 67342c3..9060a36 100644 --- a/modules/home/core/zed.nix +++ b/modules/home/core/zed.nix @@ -18,6 +18,7 @@ file_types.tailwindcss = [ "*.css" ]; auto_install_extensions.catppuccin-icons = true; icon_theme = "Catppuccin Mocha"; + git_panel.tree_view = true; diagnostics = { button = true; include_warnings = true; From 95dfaa9888ff2f3cbf48dbf3ae29a1e4021d1332 Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 11:05:21 +0700 Subject: [PATCH 013/261] add ntfy and searxng along with other tweaks --- modules/system/homelab/dash.nix | 2 ++ modules/system/homelab/notify.nix | 9 +++++++++ modules/system/homelab/proxy.nix | 2 ++ modules/system/homelab/search.nix | 19 +++++++++++++++++++ modules/system/server.nix | 4 +++- 5 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 modules/system/homelab/notify.nix create mode 100644 modules/system/homelab/search.nix diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index fd8c9f0..97ddade 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -75,6 +75,8 @@ [ "Jellyfin" "jellyfin" "https://media.proxy.${homelab.domain}" "http://localhost:8096/" ] [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ] [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] + [ "Ntfy" "ntfy" "https://notify.proxy.${homelab.domain}" "http://localhost:8067/" ] + [ "SearXNG" "searxng" "https://search.proxy.${homelab.domain}" "http://localhost:8091/" ] [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}/guacamole" "http://localhost:8085/guacamole/" ] ]; diff --git a/modules/system/homelab/notify.nix b/modules/system/homelab/notify.nix new file mode 100644 index 0000000..48fbd12 --- /dev/null +++ b/modules/system/homelab/notify.nix @@ -0,0 +1,9 @@ +{ homelab, ... }: { + services.ntfy-sh = { + enable = true; + settings = { + listen-http = "127.0.0.1:8067"; + base-url = "https://ntfy.proxy.${homelab.domain}"; + }; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 85671a5..206abed 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -55,6 +55,8 @@ in { enable = true; recommendedProxySettings = true; recommendedTlsSettings = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; virtualHosts = { "_" = { default = true; diff --git a/modules/system/homelab/search.nix b/modules/system/homelab/search.nix new file mode 100644 index 0000000..3c41aed --- /dev/null +++ b/modules/system/homelab/search.nix @@ -0,0 +1,19 @@ +{ ... }: { + services.searx = { + enable = true; + redisCreateLocally = true; + settings = { + server = { + bind_address = "127.0.0.1"; + port = 8091; + }; + general = { + debug = false; + donation_url = false; + contact_url = false; + privacy_policy_url = false; + enable_metrics = true; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix index fc7e686..e86d6fa 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -2,7 +2,7 @@ ts-flags = [ "--advertise-exit-node" "--advertise-routes=10.3.14.0/24,192.168.1.0/24" - "--ssh" # "--webclient" + "--ssh" "--webclient" ]; in { imports = [ @@ -12,6 +12,8 @@ in { ./homelab/gallery.nix ./homelab/tunnels.nix ./homelab/remote.nix + ./homelab/notify.nix + ./homelab/search.nix ./homelab/media.nix ./homelab/proxy.nix ./homelab/auth.nix From fba19b47cc93edcae5c1b4986df1ed03327371ad Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 11:08:27 +0700 Subject: [PATCH 014/261] add proxy entries --- modules/system/homelab/proxy.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 206abed..b8a9054 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -11,6 +11,8 @@ "containers" = { dest = "http://localhost:5001"; auth = false; }; "gallery" = { dest = "http://localhost:2283"; auth = false; }; "remote" = { dest = "http://localhost:8085"; auth = false; }; + "search" = { dest = "http://localhost:8091"; auth = false; }; + "notify" = { dest = "http://localhost:8067"; auth = false; }; "media" = { dest = "http://localhost:8096"; auth = false; }; "pass" = { dest = "http://localhost:8060"; auth = false; }; "auth" = { dest = "http://localhost:1411"; auth = false; }; From 946f4dc081f6e1493c825716087ec02f7e52ae8c Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 11:14:42 +0700 Subject: [PATCH 015/261] fix add secret key --- modules/system/homelab/search.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/homelab/search.nix b/modules/system/homelab/search.nix index 3c41aed..30d3118 100644 --- a/modules/system/homelab/search.nix +++ b/modules/system/homelab/search.nix @@ -2,10 +2,12 @@ services.searx = { enable = true; redisCreateLocally = true; + environmentFile = "/mnt/data/searxng/.env"; settings = { server = { bind_address = "127.0.0.1"; port = 8091; + secret_key = "$SECRET_KEY"; }; general = { debug = false; From 6f8090c1df7ab6f1addf22c1afa919dbe0d1d62c Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 13 Mar 2026 11:21:58 +0700 Subject: [PATCH 016/261] rm unused setting --- modules/system/homelab/proxy.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index b8a9054..de27f58 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -111,7 +111,6 @@ in { providers.docker = { endpoint = "unix:///var/run/docker.sock"; exposedByDefault = false; - defaultRule = "Host(`ct-{{ normalize .Name }}.${base}`)"; }; }; }; From bb6e8105843912ae8cb521156f3aaa0d22380a41 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 08:17:08 +0700 Subject: [PATCH 017/261] add shell alias --- lib/options.nix | 2 ++ modules/home/core/zsh.nix | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index b865080..c25e663 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -62,6 +62,8 @@ }; git = { # setup your git author + username = "satr14"; # forgejo username + server = "https://git.satr14.my.id"; # forgejo server url user = "Satria"; email = "admin@satr14.my.id"; }; diff --git a/modules/home/core/zsh.nix b/modules/home/core/zsh.nix index ca4bd4f..8ce99d3 100644 --- a/modules/home/core/zsh.nix +++ b/modules/home/core/zsh.nix @@ -1,4 +1,4 @@ -{ hostname, flake-path, zsh-theme, ... }: { +{ git, hostname, flake-path, zsh-theme, ... }: { programs = { pay-respects = { enable = true; @@ -64,6 +64,7 @@ "wm-disp" = "wm-ctl dispatch dpms"; "gh-author-setup" = "git config user.name $(gh api -H \"Accept: application/vnd.github+json\" -H \"X-GitHub-Api-Version: 2022-11-28\" /user | jq -r .login) && git config user.email $(gh api -H \"Accept: application/vnd.github+json\" -H \"X-GitHub-Api-Version: 2022-11-28\" /user/emails | jq -r \".[1].email\")"; + "fg-create-repo" = "git remote add origin ${git.server}/${git.username}/$(basename $PWDw).git && git push"; "convert-pdf" = "libreoffice --headless --convert-to pdf"; "mcl" = "portablemc start -l $(cat ~/.minecraft/portablemc-launch-params.json | jq -r .email) $(cat ~/.minecraft/portablemc-launch-params.json | jq -r .version)"; From 20608300ae47e0267ac424bd736d4c71de0a4497 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 08:17:25 +0700 Subject: [PATCH 018/261] env file change --- modules/system/homelab/proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index de27f58..3edaf2a 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -47,7 +47,7 @@ in { domain = "*.${base}"; extraDomainNames = [ base ]; dnsProvider = "cloudflare"; - environmentFile = "/var/lib/acme/cloudflare.env"; + environmentFile = "/mnt/data/acme/.env"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX }; }; From 814aec297f8190b8a4025985d7ec91596bbebc27 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 08:19:28 +0700 Subject: [PATCH 019/261] add openwebui env file --- modules/system/homelab/ai.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/ai.nix b/modules/system/homelab/ai.nix index ba83a32..cdd6793 100644 --- a/modules/system/homelab/ai.nix +++ b/modules/system/homelab/ai.nix @@ -14,6 +14,7 @@ open-webui = { enable = true; port = 8080; + environmentFile = "/mnt/data/ollama/.env"; environment = { OLLAMA_BASE_URL = "http://localhost:11434"; # WEBUI_AUTH = "False"; From 7072841f27eb5e7b92af9ee066eab0f2b2178e88 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 08:34:05 +0700 Subject: [PATCH 020/261] remove env var --- modules/system/homelab/pass.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 89ea489..192208d 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -8,7 +8,6 @@ ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; - SIGNUPS_ALLOWED = true; }; }; } \ No newline at end of file From f5d8213a7dd1f748962206816fef9def3a1db471 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 09:20:06 +0700 Subject: [PATCH 021/261] forgejo runner for nixos rebuild --- modules/system/homelab/git.nix | 103 +++++++++++++++++++-------------- 1 file changed, 60 insertions(+), 43 deletions(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index e5a48ca..212beda 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,48 +1,65 @@ { pkgs, homelab, ... }: { - services.forgejo = { - enable = true; - lfs.enable = true; - stateDir = "/mnt/data/forgejo"; - package = pkgs.forgejo; - #secrets = { - # oauth2.JWT_SECRET = "/mnt/data/forgejo/custom/conf/oauth2_jwt_secret"; - # server.LFS_JWT_SECRET = "/mnt/data/forgejo/custom/conf/lfs_jwt_secret"; - # security = { - # INTERNAL_TOKEN = "/mnt/data/forgejo/custom/conf/internal_token"; - # SECRET_KEY = "/mnt/data/forgejo/custom/conf/secret_key"; - # }; - #}; - settings = { - server = { - DISABLE_SSH = false; - START_SSH_SERVER = true; - SSH_DOMAIN = "main.dns.${homelab.domain}"; - SSH_LISTEN_HOST = "0.0.0.0"; - SSH_LISTEN_PORT = 5822; - SSH_PORT = 5822; - DOMAIN = "git.${homelab.domain}"; - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 5080; - PROTOCOL = "http"; - ROOT_URL = "https://git.${homelab.domain}"; - LANDING_PAGE = "explore"; + security.sudo.extraRules = [{ # for configuration activation on push to git + users = [ "gitea-runner" ]; + commands = [{ + command = "/run/current-system/sw/bin/nixos-rebuild"; + options = [ "NOPASSWD" ]; + }]; + }]; + services = { + forgejo = { + enable = true; + lfs.enable = true; + stateDir = "/mnt/data/forgejo"; + package = pkgs.forgejo; + #secrets = { + # oauth2.JWT_SECRET = "/mnt/data/forgejo/custom/conf/oauth2_jwt_secret"; + # server.LFS_JWT_SECRET = "/mnt/data/forgejo/custom/conf/lfs_jwt_secret"; + # security = { + # INTERNAL_TOKEN = "/mnt/data/forgejo/custom/conf/internal_token"; + # SECRET_KEY = "/mnt/data/forgejo/custom/conf/secret_key"; + # }; + #}; + settings = { + server = { + DISABLE_SSH = false; + START_SSH_SERVER = true; + SSH_DOMAIN = "main.dns.${homelab.domain}"; + SSH_LISTEN_HOST = "0.0.0.0"; + SSH_LISTEN_PORT = 5822; + SSH_PORT = 5822; + DOMAIN = "git.${homelab.domain}"; + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 5080; + PROTOCOL = "http"; + ROOT_URL = "https://git.${homelab.domain}"; + LANDING_PAGE = "explore"; + }; + oauth2_client.ENABLE_AUTO_REGISTRATION=true; + service = { + DISABLE_REGISTRATION = true; + ENABLE_OPENID_SIGNIN = false; + ENABLE_OPENID_SIGNUP = false; + ENABLE_INTERNAL_SIGNIN = true; + SHOW_REGISTRATION_BUTTON = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = true; + ALLOW_ONLY_INTERNAL_REGISTRATION = false; + REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true; + }; + user.ENABLE_FOLLOWING = false; + repository = { + DISABLE_STARS = true; + DISABLE_FORKS = true; + ENABLE_PUSH_CREATE_USER = true; + }; }; - oauth2_client.ENABLE_AUTO_REGISTRATION=true; - service = { - DISABLE_REGISTRATION = true; - ENABLE_OPENID_SIGNIN = false; - ENABLE_OPENID_SIGNUP = false; - ENABLE_INTERNAL_SIGNIN = true; # TODO: set false after migration complete - SHOW_REGISTRATION_BUTTON = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - ALLOW_ONLY_INTERNAL_REGISTRATION = false; - REQUIRE_EXTERNAL_REGISTRATION_PASSWORD = true; - }; - user.ENABLE_FOLLOWING = false; - repository = { - DISABLE_STARS = true; - DISABLE_FORKS = true; - ENABLE_PUSH_CREATE_USER = true; + gitea-actions-runner.instances.nixos-deploy = { + enable = true; + name = "nixos-server-runner"; + url = "https://git.proxy.${homelab.domain}"; + tokenFile = "/mnt/data/forgejo/runner/nixos_deploy_runner_token"; + labels = [ "nixos-server" ]; + hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; }; From 6d46ec1d54e50ab959fda7f09e818d9f765f44b8 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 09:21:30 +0700 Subject: [PATCH 022/261] fix scope error --- modules/system/homelab/git.nix | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 212beda..d94756d 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -53,14 +53,14 @@ ENABLE_PUSH_CREATE_USER = true; }; }; - gitea-actions-runner.instances.nixos-deploy = { - enable = true; - name = "nixos-server-runner"; - url = "https://git.proxy.${homelab.domain}"; - tokenFile = "/mnt/data/forgejo/runner/nixos_deploy_runner_token"; - labels = [ "nixos-server" ]; - hostPackages = with pkgs; [ bash coreutils git nix ]; - }; + }; + gitea-actions-runner.instances.nixos-deploy = { + enable = true; + name = "nixos-server-runner"; + url = "https://git.proxy.${homelab.domain}"; + tokenFile = "/mnt/data/forgejo/runner/nixos_deploy_runner_token"; + labels = [ "nixos-server" ]; + hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; } From b1406939d21b78427276e2115673aa7ebd7fff55 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 09:34:53 +0700 Subject: [PATCH 023/261] change token path and add workflow file --- .forgejo/workflows/activate.yml | 13 +++++++++++++ modules/system/homelab/git.nix | 2 +- 2 files changed, 14 insertions(+), 1 deletion(-) create mode 100644 .forgejo/workflows/activate.yml diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml new file mode 100644 index 0000000..4b7c1d2 --- /dev/null +++ b/.forgejo/workflows/activate.yml @@ -0,0 +1,13 @@ +name: Activate NixOS Configuration On Push +on: + push: + branches: + - main +jobs: + deploy: + runs-on: nixos-server + steps: + - name: Checkout code + uses: actions/checkout@v4 + - name: Build and activate system + run: sudo nixos-rebuild switch --flake .#homelab \ No newline at end of file diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index d94756d..c0d0ff1 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -58,7 +58,7 @@ enable = true; name = "nixos-server-runner"; url = "https://git.proxy.${homelab.domain}"; - tokenFile = "/mnt/data/forgejo/runner/nixos_deploy_runner_token"; + tokenFile = "/root/forgejo-token-runner"; labels = [ "nixos-server" ]; hostPackages = with pkgs; [ bash coreutils git nix ]; }; From 129db0f841dbae790778a6b7cd398bca0381616d Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:08:48 +0700 Subject: [PATCH 024/261] add nodejs to runner --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index c0d0ff1..360f002 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -60,7 +60,7 @@ url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; labels = [ "nixos-server" ]; - hostPackages = with pkgs; [ bash coreutils git nix ]; + hostPackages = with pkgs; [ bash coreutils git nix nodejs ]; }; }; } From 6d7e88f08211af15dcb4cf0002413e12208fa6a9 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:10:01 +0700 Subject: [PATCH 025/261] name changes --- .forgejo/workflows/activate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 4b7c1d2..cb11874 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,10 +1,10 @@ -name: Activate NixOS Configuration On Push +name: Activate NixOS Homelab Configuration On Push on: push: branches: - main jobs: - deploy: + build-and-activate: runs-on: nixos-server steps: - name: Checkout code From 39f5b1b4f8ebf705f81df4e830bd46aed8c127fa Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:17:39 +0700 Subject: [PATCH 026/261] fix runner --- .forgejo/workflows/activate.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index cb11874..95ef84b 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -7,7 +7,11 @@ jobs: build-and-activate: runs-on: nixos-server steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Build and activate system - run: sudo nixos-rebuild switch --flake .#homelab \ No newline at end of file + - name: Clone + run: git clone http://localhost:5080/satr14/nix-flake.git src + - name: Build + run: nixos-rebuild build --flake ./src#homelab + - name: Activate + run: sudo nixos-rebuild switch --flake ./src#homelab + - name: Clean + run: rm -rf src \ No newline at end of file From a008b0e806b081de8f81ba2318bea07ee44a08f9 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:21:58 +0700 Subject: [PATCH 027/261] add shell fix --- .forgejo/workflows/activate.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 95ef84b..d63013b 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -8,10 +8,14 @@ jobs: runs-on: nixos-server steps: - name: Clone + shell: /bin/sh -e {0} run: git clone http://localhost:5080/satr14/nix-flake.git src - name: Build + shell: /bin/sh -e {0} run: nixos-rebuild build --flake ./src#homelab - name: Activate + shell: /bin/sh -e {0} run: sudo nixos-rebuild switch --flake ./src#homelab - name: Clean + shell: /bin/sh -e {0} run: rm -rf src \ No newline at end of file From 0bfffe7acb3ce11dd3d22f8b97f2f0993ccc2425 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:27:29 +0700 Subject: [PATCH 028/261] path fixes --- .forgejo/workflows/activate.yml | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index d63013b..420d2b2 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -3,19 +3,22 @@ on: push: branches: - main + +env: + PATH: /run/current-system/sw/bin:/run/wrappers/bin + jobs: build-and-activate: runs-on: nixos-server + defaults: + run: + shell: /bin/sh -e {0} steps: - name: Clone - shell: /bin/sh -e {0} run: git clone http://localhost:5080/satr14/nix-flake.git src - name: Build - shell: /bin/sh -e {0} run: nixos-rebuild build --flake ./src#homelab - name: Activate - shell: /bin/sh -e {0} run: sudo nixos-rebuild switch --flake ./src#homelab - name: Clean - shell: /bin/sh -e {0} run: rm -rf src \ No newline at end of file From 6024695830f9054fe5b03554ada09b77ab4ead3a Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:33:04 +0700 Subject: [PATCH 029/261] workflow verbosity and sudo fix --- .forgejo/workflows/activate.yml | 8 ++++---- modules/system/homelab/git.nix | 8 +++++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 420d2b2..6bbb687 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -15,10 +15,10 @@ jobs: shell: /bin/sh -e {0} steps: - name: Clone - run: git clone http://localhost:5080/satr14/nix-flake.git src + run: git clone -v http://localhost:5080/satr14/nix-flake.git src - name: Build - run: nixos-rebuild build --flake ./src#homelab + run: nixos-rebuild build --flake ./src#homelab -L --show-trace -v - name: Activate - run: sudo nixos-rebuild switch --flake ./src#homelab + run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v - name: Clean - run: rm -rf src \ No newline at end of file + run: rm -rfv src \ No newline at end of file diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 360f002..2af435c 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,4 +1,4 @@ -{ pkgs, homelab, ... }: { +{ lib, pkgs, homelab, ... }: { security.sudo.extraRules = [{ # for configuration activation on push to git users = [ "gitea-runner" ]; commands = [{ @@ -63,4 +63,10 @@ hostPackages = with pkgs; [ bash coreutils git nix nodejs ]; }; }; + systemd.services."gitea-runner-nixos-deploy".serviceConfig = { + # Force systemd to allow privilege escalation (sudo) for this service + NoNewPrivileges = lib.mkForce false; + RestrictSUIDSGID = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; } From 7f7611cec92bc35cb8d922d53e5c79cf35d04984 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:35:20 +0700 Subject: [PATCH 030/261] remove unused code --- modules/system/homelab/git.nix | 9 --------- 1 file changed, 9 deletions(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 2af435c..81f7251 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -12,14 +12,6 @@ lfs.enable = true; stateDir = "/mnt/data/forgejo"; package = pkgs.forgejo; - #secrets = { - # oauth2.JWT_SECRET = "/mnt/data/forgejo/custom/conf/oauth2_jwt_secret"; - # server.LFS_JWT_SECRET = "/mnt/data/forgejo/custom/conf/lfs_jwt_secret"; - # security = { - # INTERNAL_TOKEN = "/mnt/data/forgejo/custom/conf/internal_token"; - # SECRET_KEY = "/mnt/data/forgejo/custom/conf/secret_key"; - # }; - #}; settings = { server = { DISABLE_SSH = false; @@ -64,7 +56,6 @@ }; }; systemd.services."gitea-runner-nixos-deploy".serviceConfig = { - # Force systemd to allow privilege escalation (sudo) for this service NoNewPrivileges = lib.mkForce false; RestrictSUIDSGID = lib.mkForce false; PrivateUsers = lib.mkForce false; From 04700f6f657da9fad4ce59ce7d8c60152dc1d323 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 10:50:19 +0700 Subject: [PATCH 031/261] disable sandbox --- modules/system/homelab/git.nix | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 81f7251..1903a4f 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -52,12 +52,16 @@ url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; labels = [ "nixos-server" ]; - hostPackages = with pkgs; [ bash coreutils git nix nodejs ]; + hostPackages = with pkgs; [ bash coreutils git nix nodejs sudo ]; + container.enable = false; }; }; - systemd.services."gitea-runner-nixos-deploy".serviceConfig = { - NoNewPrivileges = lib.mkForce false; - RestrictSUIDSGID = lib.mkForce false; - PrivateUsers = lib.mkForce false; + systemd.services."gitea-runner-nixos-deploy" = { + restartIfChanged = false; + serviceConfig = { + NoNewPrivileges = lib.mkForce false; + RestrictSUIDSGID = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; }; } From 6e8692e44e3ef865fede7ee61f1753a29d2dee35 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:25:23 +0700 Subject: [PATCH 032/261] use ssh instead of sudo --- .forgejo/workflows/activate.yml | 27 +++++++++++++++++---------- lib/options.nix | 3 +++ modules/system/homelab/git.nix | 21 +++------------------ modules/system/server.nix | 2 ++ 4 files changed, 25 insertions(+), 28 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 6bbb687..edec26a 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -6,19 +6,26 @@ on: env: PATH: /run/current-system/sw/bin:/run/wrappers/bin - + jobs: - build-and-activate: + deploy: runs-on: nixos-server defaults: run: shell: /bin/sh -e {0} + steps: - - name: Clone - run: git clone -v http://localhost:5080/satr14/nix-flake.git src - - name: Build - run: nixos-rebuild build --flake ./src#homelab -L --show-trace -v - - name: Activate - run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v - - name: Clean - run: rm -rfv src \ No newline at end of file + - name: 1. Clone Repository + run: | + rm -rf src + git clone https://git.satr14.my.id/satr14/nix-flake.git src + + - name: 2. Setup SSH Key + run: | + mkdir -p ~/.ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 + chmod 600 ~/.ssh/id_ed25519 + ssh-keyscan -H localhost >> ~/.ssh/known_hosts + + - name: 3. Deploy System over SSH + run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file diff --git a/lib/options.nix b/lib/options.nix index c25e663..0c497a0 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -16,6 +16,9 @@ homelab = rec { domain = "satr14.my.id"; # root domain for dns, ssl certs, reverse proxy, etc. cf-tunnel-id = "26318288-cdd7-4e58-904b-c45f10d3e40a"; + ssh-keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" + ]; disks = { gallery = "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 1903a4f..4ea9bc1 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,11 +1,4 @@ { lib, pkgs, homelab, ... }: { - security.sudo.extraRules = [{ # for configuration activation on push to git - users = [ "gitea-runner" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; services = { forgejo = { enable = true; @@ -51,17 +44,9 @@ name = "nixos-server-runner"; url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; - labels = [ "nixos-server" ]; - hostPackages = with pkgs; [ bash coreutils git nix nodejs sudo ]; - container.enable = false; - }; - }; - systemd.services."gitea-runner-nixos-deploy" = { - restartIfChanged = false; - serviceConfig = { - NoNewPrivileges = lib.mkForce false; - RestrictSUIDSGID = lib.mkForce false; - PrivateUsers = lib.mkForce false; + labels = [ "nixos-server:host" ]; + hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; + systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; } diff --git a/modules/system/server.nix b/modules/system/server.nix index e86d6fa..fd10d22 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -29,6 +29,8 @@ in { ./base.nix ]; + users.users.root.openssh.authorizedKeys.keys = homelab.ssh-keys; + services.tailscale = { enable = true; authKeyFile = "/mnt/data/tailscale/authkey"; From be24bb6bd3b96d6385f9287fc18522dfc19f6dd9 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:25:54 +0700 Subject: [PATCH 033/261] remove numbering --- .forgejo/workflows/activate.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index edec26a..b9a40c2 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -15,17 +15,17 @@ jobs: shell: /bin/sh -e {0} steps: - - name: 1. Clone Repository + - name: Clone Repository run: | rm -rf src git clone https://git.satr14.my.id/satr14/nix-flake.git src - - name: 2. Setup SSH Key + - name: Setup SSH Key run: | mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 ssh-keyscan -H localhost >> ~/.ssh/known_hosts - - name: 3. Deploy System over SSH + - name: Deploy System over SSH run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file From 79aed28d47ab3c252dbcab758a49abe6d944f7b9 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:35:16 +0700 Subject: [PATCH 034/261] add manual trigger --- .forgejo/workflows/activate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index b9a40c2..992794d 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,5 +1,6 @@ name: Activate NixOS Homelab Configuration On Push on: + workflow_dispatch: push: branches: - main From 334b9e2fb91efc565c7c80c05a102acfa1d401d9 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:46:32 +0700 Subject: [PATCH 035/261] fix ssh key not connecting --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 992794d..8f501b6 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -26,7 +26,7 @@ jobs: mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan -H localhost >> ~/.ssh/known_hosts + ssh-keyscan -H localhost 127.0.0.1 ::1 >> ~/.ssh/known_hosts - name: Deploy System over SSH run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file From ccb6ea4f90cddf1fa6ce0fddeed48d8f3ebb52e3 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:49:58 +0700 Subject: [PATCH 036/261] skip host key check --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 8f501b6..469f04f 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -26,7 +26,7 @@ jobs: mkdir -p ~/.ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan -H localhost 127.0.0.1 ::1 >> ~/.ssh/known_hosts + printf '%s\n' 'Host localhost 127.0.0.1 ::1' ' StrictHostKeyChecking no' ' UserKnownHostsFile /dev/null' >> ~/.ssh/config - name: Deploy System over SSH run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file From c5056ea3743cd08b5ee06af67f00b70aceeba9dd Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 11:54:38 +0700 Subject: [PATCH 037/261] setup ssh with uses --- .forgejo/workflows/activate.yml | 31 ++++++++++++++++++++----------- 1 file changed, 20 insertions(+), 11 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 469f04f..2f39882 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -16,17 +16,26 @@ jobs: shell: /bin/sh -e {0} steps: - - name: Clone Repository - run: | - rm -rf src - git clone https://git.satr14.my.id/satr14/nix-flake.git src - - - name: Setup SSH Key - run: | - mkdir -p ~/.ssh - echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - printf '%s\n' 'Host localhost 127.0.0.1 ::1' ' StrictHostKeyChecking no' ' UserKnownHostsFile /dev/null' >> ~/.ssh/config + # - name: Clone Repository + # run: | + # rm -rf src + # git clone https://git.satr14.my.id/satr14/nix-flake.git src + # - name: Setup SSH Key + # run: | + # mkdir -p ~/.ssh + # echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 + # chmod 600 ~/.ssh/id_ed25519 + # printf '%s\n' 'Host localhost 127.0.0.1 ::1' ' StrictHostKeyChecking no' ' UserKnownHostsFile /dev/null' >> ~/.ssh/config + + - name: Checkout repository + uses: actions/checkout@v5 + + - name: Setup SSH + id: setupssh + uses: actions/setup-ssh@v1 + with: + ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} + - name: Deploy System over SSH run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file From 21c7809cb6e07021f4e5ea4a12a4ca5f4d067231 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 20:53:28 +0700 Subject: [PATCH 038/261] Revert "disable sandbox" This reverts commit 04700f6f657da9fad4ce59ce7d8c60152dc1d323. --- modules/system/homelab/git.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 4ea9bc1..792246c 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,5 +48,10 @@ hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; + systemd.services."gitea-runner-nixos-deploy".serviceConfig = { + NoNewPrivileges = lib.mkForce false; + RestrictSUIDSGID = lib.mkForce false; + PrivateUsers = lib.mkForce false; + }; systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; } From 22ac4b4b5e66f643b2b5e9d627c83d4fdfde10d3 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 20:59:04 +0700 Subject: [PATCH 039/261] update workflow and sudo perms --- .forgejo/workflows/activate.yml | 5 +++-- modules/system/homelab/git.nix | 7 +++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 2f39882..d1ef9f1 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -10,7 +10,7 @@ env: jobs: deploy: - runs-on: nixos-server + runs-on: nixos-server:host defaults: run: shell: /bin/sh -e {0} @@ -38,4 +38,5 @@ jobs: ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - name: Deploy System over SSH - run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace \ No newline at end of file + run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace + diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 792246c..59359d1 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,4 +1,11 @@ { lib, pkgs, homelab, ... }: { + security.sudo.extraRules = [{ + users = [ "gitea-runner" ]; + commands = [{ + command = "/run/current-system/sw/bin/nixos-rebuild"; + options = [ "NOPASSWD" ]; + }]; + }]; services = { forgejo = { enable = true; From 8fa6ca28b114b151e32f7f4a01ebded33aee9ffc Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:24:14 +0700 Subject: [PATCH 040/261] use diff labels --- .forgejo/workflows/activate.yml | 2 +- modules/system/homelab/git.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index d1ef9f1..c95d089 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -10,7 +10,7 @@ env: jobs: deploy: - runs-on: nixos-server:host + runs-on: self-hosted:host defaults: run: shell: /bin/sh -e {0} diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 59359d1..e39f8d6 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -51,7 +51,7 @@ name = "nixos-server-runner"; url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; - labels = [ "nixos-server:host" ]; + labels = [ "self-hosted:host" "docker" ]; hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; From 59d1b62395401c05eec2f137cff53c31312091a4 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:33:08 +0700 Subject: [PATCH 041/261] fix label workflow --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index c95d089..ca4ea57 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -10,7 +10,7 @@ env: jobs: deploy: - runs-on: self-hosted:host + runs-on: self-hosted defaults: run: shell: /bin/sh -e {0} From 719548c778e28401bbc4f70d2360ee88b9e8abe6 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:38:43 +0700 Subject: [PATCH 042/261] change workflow to use she commands --- .forgejo/workflows/activate.yml | 38 +++++++++------------------------ 1 file changed, 10 insertions(+), 28 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index ca4ea57..9b162e4 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,42 +1,24 @@ name: Activate NixOS Homelab Configuration On Push on: - workflow_dispatch: push: branches: - main env: PATH: /run/current-system/sw/bin:/run/wrappers/bin - + jobs: - deploy: + build-and-activate: runs-on: self-hosted defaults: run: shell: /bin/sh -e {0} - steps: - # - name: Clone Repository - # run: | - # rm -rf src - # git clone https://git.satr14.my.id/satr14/nix-flake.git src - - # - name: Setup SSH Key - # run: | - # mkdir -p ~/.ssh - # echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_ed25519 - # chmod 600 ~/.ssh/id_ed25519 - # printf '%s\n' 'Host localhost 127.0.0.1 ::1' ' StrictHostKeyChecking no' ' UserKnownHostsFile /dev/null' >> ~/.ssh/config - - - name: Checkout repository - uses: actions/checkout@v5 - - - name: Setup SSH - id: setupssh - uses: actions/setup-ssh@v1 - with: - ssh-private-key: ${{ secrets.DEPLOY_SSH_KEY }} - - - name: Deploy System over SSH - run: nixos-rebuild switch --flake ./src#homelab --target-host root@localhost -L --show-trace - + - name: Clone + run: git clone -v http://localhost:5080/satr14/nix-flake.git src + - name: Build + run: nixos-rebuild build --flake ./src#homelab -L --show-trace -v + - name: Activate + run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v + - name: Clean + run: rm -rfv src From c2512306ace779af2e3dd2e77a4c00772c42209d Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:43:56 +0700 Subject: [PATCH 043/261] verbosity fix --- .forgejo/workflows/activate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 9b162e4..caa3857 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -15,9 +15,9 @@ jobs: shell: /bin/sh -e {0} steps: - name: Clone - run: git clone -v http://localhost:5080/satr14/nix-flake.git src + run: git clone http://localhost:5080/satr14/nix-flake.git src - name: Build - run: nixos-rebuild build --flake ./src#homelab -L --show-trace -v + run: nixos-rebuild build --flake ./src#homelab -L --show-trace - name: Activate run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v - name: Clean From 389b38628edc0a64f6822ff10e8008d66a83e714 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:46:29 +0700 Subject: [PATCH 044/261] force runner as root --- .forgejo/workflows/activate.yml | 2 +- modules/system/homelab/git.nix | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index caa3857..7cd9dcc 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -19,6 +19,6 @@ jobs: - name: Build run: nixos-rebuild build --flake ./src#homelab -L --show-trace - name: Activate - run: sudo nixos-rebuild switch --flake ./src#homelab -L --show-trace -v + run: nixos-rebuild switch --flake ./src#homelab -L --show-trace -v - name: Clean run: rm -rfv src diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index e39f8d6..92b4982 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -59,6 +59,9 @@ NoNewPrivileges = lib.mkForce false; RestrictSUIDSGID = lib.mkForce false; PrivateUsers = lib.mkForce false; + User = lib.mkForce "root"; + ProtectSystem = lib.mkForce false; + ProtectHome = lib.mkForce false; }; systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; } From 374efdd33a92ed370c7c949e5fbedfb9248adfdb Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:48:57 +0700 Subject: [PATCH 045/261] verbose fix --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 7cd9dcc..aa00711 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -19,6 +19,6 @@ jobs: - name: Build run: nixos-rebuild build --flake ./src#homelab -L --show-trace - name: Activate - run: nixos-rebuild switch --flake ./src#homelab -L --show-trace -v + run: nixos-rebuild switch --flake ./src#homelab -L --show-trace - name: Clean run: rm -rfv src From c63a9c8b6a0875e60b934eeec6b262de2f5b39ff Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 14 Mar 2026 21:53:55 +0700 Subject: [PATCH 046/261] fix mount issue --- modules/system/homelab/git.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 92b4982..7e34e3c 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -62,6 +62,7 @@ User = lib.mkForce "root"; ProtectSystem = lib.mkForce false; ProtectHome = lib.mkForce false; + ReadWritePaths = lib.mkForce [ "/" ]; }; systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; } From c0f955598fa616275c03d33ee6af85e055c82da8 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 08:44:19 +0700 Subject: [PATCH 047/261] add my own ssh keys --- lib/options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index 0c497a0..792167e 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -17,7 +17,7 @@ domain = "satr14.my.id"; # root domain for dns, ssl certs, reverse proxy, etc. cf-tunnel-id = "26318288-cdd7-4e58-904b-c45f10d3e40a"; ssh-keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESvQFXoUBafatqnxTd6qk3WEOcfwb3AIWVTstR3lHzX forgejo" ]; disks = { gallery = "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery From afc2575c4d5f0a5d31f617560a0d9a8524b3fbdc Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 08:50:24 +0700 Subject: [PATCH 048/261] retry sudo and fix workflow --- .forgejo/workflows/activate.yml | 26 +++++++++++------ modules/system/homelab/git.nix | 51 ++++++++++++++++++++++----------- 2 files changed, 52 insertions(+), 25 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index aa00711..bb38a85 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -3,10 +3,10 @@ on: push: branches: - main - + env: - PATH: /run/current-system/sw/bin:/run/wrappers/bin - + PATH: /run/current-system/sw/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin + jobs: build-and-activate: runs-on: self-hosted @@ -15,10 +15,18 @@ jobs: shell: /bin/sh -e {0} steps: - name: Clone - run: git clone http://localhost:5080/satr14/nix-flake.git src - - name: Build - run: nixos-rebuild build --flake ./src#homelab -L --show-trace + run: git clone --depth 1 http://localhost:5080/satr14/nix-flake.git src + - name: Activate - run: nixos-rebuild switch --flake ./src#homelab -L --show-trace - - name: Clean - run: rm -rfv src + run: sudo nixos-rebuild switch --flake ./src#homelab -L + + - name: Rollback on failure + if: failure() + run: sudo nixos-rebuild --rollback + + - name: Show generation + run: nixos-version + + - name: Clean up + if: always() + run: rm -rf src \ No newline at end of file diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 7e34e3c..a1a8b4e 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,11 +1,4 @@ { lib, pkgs, homelab, ... }: { - security.sudo.extraRules = [{ - users = [ "gitea-runner" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; services = { forgejo = { enable = true; @@ -55,14 +48,40 @@ hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; - systemd.services."gitea-runner-nixos-deploy".serviceConfig = { - NoNewPrivileges = lib.mkForce false; - RestrictSUIDSGID = lib.mkForce false; - PrivateUsers = lib.mkForce false; - User = lib.mkForce "root"; - ProtectSystem = lib.mkForce false; - ProtectHome = lib.mkForce false; - ReadWritePaths = lib.mkForce [ "/" ]; + systemd.services."gitea-runner-nixos-deploy" = { + restartIfChanged = true; + serviceConfig = { + # User = lib.mkForce "root"; + # Group = lib.mkForce "root"; + + NoNewPrivileges = lib.mkForce false; + RestrictSUIDSGID = lib.mkForce false; + PrivateUsers = lib.mkForce false; + # PrivateTmp = lib.mkForce false; + # PrivateDevices = lib.mkForce false; + # ProtectSystem = lib.mkForce false; + # ProtectHome = lib.mkForce false; + # ProtectKernelTunables = lib.mkForce false; + # ProtectKernelModules = lib.mkForce false; + # ProtectKernelLogs = lib.mkForce false; + # ProtectControlGroups = lib.mkForce false; + # RestrictNamespaces = lib.mkForce false; + # RestrictRealtime = lib.mkForce false; + # LockPersonality = lib.mkForce false; + # MemoryDenyWriteExecute = lib.mkForce false; + # ProtectProc = lib.mkForce "default"; + # SystemCallArchitectures = lib.mkForce ""; + # SystemCallFilter = lib.mkForce []; + # ReadWritePaths = lib.mkForce []; + # ReadOnlyPaths = lib.mkForce []; + # InaccessiblePaths = lib.mkForce []; + }; }; - systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; + security.sudo.extraRules = [{ + users = [ "gitea-runner" ]; + commands = [{ + command = "/run/current-system/sw/bin/nixos-rebuild"; + options = [ "NOPASSWD" ]; + }]; + }]; } From c5f129375917adef1bb033f69a4928713ce367b7 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 08:52:55 +0700 Subject: [PATCH 049/261] add manual trigger --- .forgejo/workflows/activate.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index bb38a85..8184d36 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,5 +1,6 @@ name: Activate NixOS Homelab Configuration On Push on: + workflow_dispatch: push: branches: - main From a48b426cc002596c64df611ad68bb2b97583a954 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:06:28 +0700 Subject: [PATCH 050/261] sandbox bypass run as root --- .forgejo/workflows/activate.yml | 4 ++-- modules/system/homelab/git.nix | 40 ++++++++++++++++----------------- 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 8184d36..903a7f4 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -19,11 +19,11 @@ jobs: run: git clone --depth 1 http://localhost:5080/satr14/nix-flake.git src - name: Activate - run: sudo nixos-rebuild switch --flake ./src#homelab -L + run: nixos-rebuild switch --flake ./src#homelab -L - name: Rollback on failure if: failure() - run: sudo nixos-rebuild --rollback + run: nixos-rebuild --rollback - name: Show generation run: nixos-version diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index a1a8b4e..8638803 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -51,30 +51,30 @@ systemd.services."gitea-runner-nixos-deploy" = { restartIfChanged = true; serviceConfig = { - # User = lib.mkForce "root"; - # Group = lib.mkForce "root"; + User = lib.mkForce "root"; + Group = lib.mkForce "root"; NoNewPrivileges = lib.mkForce false; RestrictSUIDSGID = lib.mkForce false; PrivateUsers = lib.mkForce false; - # PrivateTmp = lib.mkForce false; - # PrivateDevices = lib.mkForce false; - # ProtectSystem = lib.mkForce false; - # ProtectHome = lib.mkForce false; - # ProtectKernelTunables = lib.mkForce false; - # ProtectKernelModules = lib.mkForce false; - # ProtectKernelLogs = lib.mkForce false; - # ProtectControlGroups = lib.mkForce false; - # RestrictNamespaces = lib.mkForce false; - # RestrictRealtime = lib.mkForce false; - # LockPersonality = lib.mkForce false; - # MemoryDenyWriteExecute = lib.mkForce false; - # ProtectProc = lib.mkForce "default"; - # SystemCallArchitectures = lib.mkForce ""; - # SystemCallFilter = lib.mkForce []; - # ReadWritePaths = lib.mkForce []; - # ReadOnlyPaths = lib.mkForce []; - # InaccessiblePaths = lib.mkForce []; + PrivateTmp = lib.mkForce false; + PrivateDevices = lib.mkForce false; + ProtectSystem = lib.mkForce false; + ProtectHome = lib.mkForce false; + ProtectKernelTunables = lib.mkForce false; + ProtectKernelModules = lib.mkForce false; + ProtectKernelLogs = lib.mkForce false; + ProtectControlGroups = lib.mkForce false; + RestrictNamespaces = lib.mkForce false; + RestrictRealtime = lib.mkForce false; + LockPersonality = lib.mkForce false; + MemoryDenyWriteExecute = lib.mkForce false; + ProtectProc = lib.mkForce "default"; + SystemCallArchitectures = lib.mkForce ""; + SystemCallFilter = lib.mkForce []; + ReadWritePaths = lib.mkForce []; + ReadOnlyPaths = lib.mkForce []; + InaccessiblePaths = lib.mkForce []; }; }; security.sudo.extraRules = [{ From 60341e7c0ba3eafb516158b98dabfef0580da439 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:25:32 +0700 Subject: [PATCH 051/261] simpler method --- .forgejo/workflows/activate.yml | 6 +-- modules/system/homelab/git.nix | 65 +++++++++++++++++---------------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 903a7f4..3a0f83a 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -6,7 +6,7 @@ on: - main env: - PATH: /run/current-system/sw/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin + PATH: /current-system/sw/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin jobs: build-and-activate: @@ -19,11 +19,11 @@ jobs: run: git clone --depth 1 http://localhost:5080/satr14/nix-flake.git src - name: Activate - run: nixos-rebuild switch --flake ./src#homelab -L + run: sudo nixos-rebuild switch --flake ./src#homelab -L - name: Rollback on failure if: failure() - run: nixos-rebuild --rollback + run: sudo nixos-rebuild --rollback - name: Show generation run: nixos-version diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 8638803..fe9bad2 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,40 +48,41 @@ hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; + users.users.gitea-runner.isSystemUser = true; systemd.services."gitea-runner-nixos-deploy" = { restartIfChanged = true; - serviceConfig = { - User = lib.mkForce "root"; - Group = lib.mkForce "root"; + # serviceConfig = { + # User = lib.mkForce "root"; + # Group = lib.mkForce "root"; - NoNewPrivileges = lib.mkForce false; - RestrictSUIDSGID = lib.mkForce false; - PrivateUsers = lib.mkForce false; - PrivateTmp = lib.mkForce false; - PrivateDevices = lib.mkForce false; - ProtectSystem = lib.mkForce false; - ProtectHome = lib.mkForce false; - ProtectKernelTunables = lib.mkForce false; - ProtectKernelModules = lib.mkForce false; - ProtectKernelLogs = lib.mkForce false; - ProtectControlGroups = lib.mkForce false; - RestrictNamespaces = lib.mkForce false; - RestrictRealtime = lib.mkForce false; - LockPersonality = lib.mkForce false; - MemoryDenyWriteExecute = lib.mkForce false; - ProtectProc = lib.mkForce "default"; - SystemCallArchitectures = lib.mkForce ""; - SystemCallFilter = lib.mkForce []; - ReadWritePaths = lib.mkForce []; - ReadOnlyPaths = lib.mkForce []; - InaccessiblePaths = lib.mkForce []; - }; + # NoNewPrivileges = lib.mkForce false; + # RestrictSUIDSGID = lib.mkForce false; + # PrivateUsers = lib.mkForce false; + # PrivateTmp = lib.mkForce false; + # PrivateDevices = lib.mkForce false; + # ProtectSystem = lib.mkForce false; + # ProtectHome = lib.mkForce false; + # ProtectKernelTunables = lib.mkForce false; + # ProtectKernelModules = lib.mkForce false; + # ProtectKernelLogs = lib.mkForce false; + # ProtectControlGroups = lib.mkForce false; + # RestrictNamespaces = lib.mkForce false; + # RestrictRealtime = lib.mkForce false; + # LockPersonality = lib.mkForce false; + # MemoryDenyWriteExecute = lib.mkForce false; + # ProtectProc = lib.mkForce "default"; + # SystemCallArchitectures = lib.mkForce ""; + # SystemCallFilter = lib.mkForce []; + # ReadWritePaths = lib.mkForce []; + # ReadOnlyPaths = lib.mkForce []; + # InaccessiblePaths = lib.mkForce []; + # }; }; - security.sudo.extraRules = [{ - users = [ "gitea-runner" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; + # security.sudo.extraRules = [{ + # users = [ "gitea-runner" ]; + # commands = [{ + # command = "/run/current-system/sw/bin/nixos-rebuild"; + # options = [ "NOPASSWD" ]; + # }]; + # }]; } From 056ec34d909a2e4ee528fc4d3c9732f2f389686f Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:28:19 +0700 Subject: [PATCH 052/261] create group fix --- modules/system/homelab/git.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index fe9bad2..aaaf885 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,7 +48,11 @@ hostPackages = with pkgs; [ bash coreutils git nix ]; }; }; - users.users.gitea-runner.isSystemUser = true; + users.users.gitea-runner = { + isSystemUser = true; + group = "gitea-runner"; + }; + users.groups.gitea-runner = {}; systemd.services."gitea-runner-nixos-deploy" = { restartIfChanged = true; # serviceConfig = { From 50c5788e6bc4394956585d0cb603885918af8c63 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:49:32 +0700 Subject: [PATCH 053/261] uses ssh instead --- .forgejo/workflows/activate.yml | 46 ++++++++++++++++----------------- lib/options.nix | 1 + modules/system/homelab/git.nix | 41 ++--------------------------- 3 files changed, 25 insertions(+), 63 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 3a0f83a..5aa6dbe 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,33 +1,31 @@ -name: Activate NixOS Homelab Configuration On Push -on: - workflow_dispatch: - push: - branches: - - main +name: NixOS Rebuild -env: - PATH: /current-system/sw/bin:/run/wrappers/bin:/nix/var/nix/profiles/default/bin +on: + push: + branches: [ main ] + workflow_dispatch: jobs: - build-and-activate: + rebuild: runs-on: self-hosted - defaults: - run: - shell: /bin/sh -e {0} steps: - - name: Clone - run: git clone --depth 1 http://localhost:5080/satr14/nix-flake.git src + - name: Setup SSH key + run: | + mkdir -p ./ssh + echo "${{ secrets.DEPLOY_SSH_KEY }}" > ./ssh/deploy_key + chmod 600 ./ssh/deploy_key + echo "StrictHostKeyChecking no" > ./ssh/config - - name: Activate - run: sudo nixos-rebuild switch --flake ./src#homelab -L - - - name: Rollback on failure - if: failure() - run: sudo nixos-rebuild --rollback + - name: Rebuild (${{ github.event.inputs.action || 'switch' }}) + run: | + ssh -i ./ssh/deploy_key root@localhost \ + "nixos-rebuild switch \ + --flake git+http://localhost:5080/satr14/nix-flake#homelab -L" - name: Show generation - run: nixos-version - - - name: Clean up if: always() - run: rm -rf src \ No newline at end of file + run: ssh -i ./ssh/deploy_key root@localhost "nixos-version" + + - name: Clean Up + if: always() + run: rm -f ./ssh/deploy_key \ No newline at end of file diff --git a/lib/options.nix b/lib/options.nix index 792167e..882af83 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -18,6 +18,7 @@ cf-tunnel-id = "26318288-cdd7-4e58-904b-c45f10d3e40a"; ssh-keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESvQFXoUBafatqnxTd6qk3WEOcfwb3AIWVTstR3lHzX forgejo" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" ]; disks = { gallery = "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index aaaf885..7ca738c 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -45,48 +45,11 @@ url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; labels = [ "self-hosted:host" "docker" ]; - hostPackages = with pkgs; [ bash coreutils git nix ]; + hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; }; - users.users.gitea-runner = { - isSystemUser = true; - group = "gitea-runner"; - }; users.groups.gitea-runner = {}; systemd.services."gitea-runner-nixos-deploy" = { - restartIfChanged = true; - # serviceConfig = { - # User = lib.mkForce "root"; - # Group = lib.mkForce "root"; - - # NoNewPrivileges = lib.mkForce false; - # RestrictSUIDSGID = lib.mkForce false; - # PrivateUsers = lib.mkForce false; - # PrivateTmp = lib.mkForce false; - # PrivateDevices = lib.mkForce false; - # ProtectSystem = lib.mkForce false; - # ProtectHome = lib.mkForce false; - # ProtectKernelTunables = lib.mkForce false; - # ProtectKernelModules = lib.mkForce false; - # ProtectKernelLogs = lib.mkForce false; - # ProtectControlGroups = lib.mkForce false; - # RestrictNamespaces = lib.mkForce false; - # RestrictRealtime = lib.mkForce false; - # LockPersonality = lib.mkForce false; - # MemoryDenyWriteExecute = lib.mkForce false; - # ProtectProc = lib.mkForce "default"; - # SystemCallArchitectures = lib.mkForce ""; - # SystemCallFilter = lib.mkForce []; - # ReadWritePaths = lib.mkForce []; - # ReadOnlyPaths = lib.mkForce []; - # InaccessiblePaths = lib.mkForce []; - # }; + restartIfChanged = false; }; - # security.sudo.extraRules = [{ - # users = [ "gitea-runner" ]; - # commands = [{ - # command = "/run/current-system/sw/bin/nixos-rebuild"; - # options = [ "NOPASSWD" ]; - # }]; - # }]; } From 30daa0b3cc547435987b3fab19bb3fc89fa73ffb Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:55:55 +0700 Subject: [PATCH 054/261] re-order --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 5aa6dbe..804f386 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,9 +1,9 @@ name: NixOS Rebuild on: + workflow_dispatch: push: branches: [ main ] - workflow_dispatch: jobs: rebuild: From f3fd07c743b926b9378ef0157228e2c931858b81 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:57:31 +0700 Subject: [PATCH 055/261] path fix --- .forgejo/workflows/activate.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 804f386..8dd1442 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -5,6 +5,9 @@ on: push: branches: [ main ] +env: + PATH: /run/current-system/sw/bin:/run/wrappers/bin + jobs: rebuild: runs-on: self-hosted @@ -16,7 +19,7 @@ jobs: chmod 600 ./ssh/deploy_key echo "StrictHostKeyChecking no" > ./ssh/config - - name: Rebuild (${{ github.event.inputs.action || 'switch' }}) + - name: Rebuild run: | ssh -i ./ssh/deploy_key root@localhost \ "nixos-rebuild switch \ From 349d5d026a4b030b93a2e89db33e314e87000d14 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 09:59:35 +0700 Subject: [PATCH 056/261] fix strict checking --- .forgejo/workflows/activate.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 8dd1442..da09f8f 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -17,17 +17,15 @@ jobs: mkdir -p ./ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ./ssh/deploy_key chmod 600 ./ssh/deploy_key - echo "StrictHostKeyChecking no" > ./ssh/config - name: Rebuild run: | - ssh -i ./ssh/deploy_key root@localhost \ - "nixos-rebuild switch \ - --flake git+http://localhost:5080/satr14/nix-flake#homelab -L" + ssh -i ./ssh/deploy_key -o StrictHostKeyChecking=no root@localhost \ + "nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L" - name: Show generation if: always() - run: ssh -i ./ssh/deploy_key root@localhost "nixos-version" + run: ssh -i ./ssh/deploy_key -o StrictHostKeyChecking=no root@localhost "nixos-version" - name: Clean Up if: always() From d525c8b04d005d11c4bb1287521479594331741b Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:06:06 +0700 Subject: [PATCH 057/261] fix known host checks --- .forgejo/workflows/activate.yml | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index da09f8f..4a6e341 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -17,15 +17,22 @@ jobs: mkdir -p ./ssh echo "${{ secrets.DEPLOY_SSH_KEY }}" > ./ssh/deploy_key chmod 600 ./ssh/deploy_key - + - name: Rebuild run: | - ssh -i ./ssh/deploy_key -o StrictHostKeyChecking=no root@localhost \ + ssh -i ./ssh/deploy_key \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + root@localhost \ "nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L" - name: Show generation if: always() - run: ssh -i ./ssh/deploy_key -o StrictHostKeyChecking=no root@localhost "nixos-version" + run: | + ssh -i ./ssh/deploy_key \ + -o StrictHostKeyChecking=no \ + -o UserKnownHostsFile=/dev/null \ + root@localhost "nixos-version" - name: Clean Up if: always() From b129aab03d2cf097c3c369b6a8d21d3cf4d8c069 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:12:21 +0700 Subject: [PATCH 058/261] propper path fix --- .forgejo/workflows/activate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 4a6e341..78561f1 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -24,7 +24,7 @@ jobs: -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ root@localhost \ - "nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L" + "bash -lc 'nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L'" - name: Show generation if: always() @@ -32,7 +32,7 @@ jobs: ssh -i ./ssh/deploy_key \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ - root@localhost "nixos-version" + root@localhost "bash -lc 'nixos-version'" - name: Clean Up if: always() From 4d9b826d39f65ed590aa7c3429fe6968ecf004a6 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:33:25 +0700 Subject: [PATCH 059/261] disable root password auth --- .forgejo/workflows/activate.yml | 2 ++ hosts/bootstrap/config.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 78561f1..8d1ad80 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -21,6 +21,7 @@ jobs: - name: Rebuild run: | ssh -i ./ssh/deploy_key \ + -o PasswordAuthentication=no \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ root@localhost \ @@ -30,6 +31,7 @@ jobs: if: always() run: | ssh -i ./ssh/deploy_key \ + -o PasswordAuthentication=no \ -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ root@localhost "bash -lc 'nixos-version'" diff --git a/hosts/bootstrap/config.nix b/hosts/bootstrap/config.nix index 7eeca52..0e549ca 100644 --- a/hosts/bootstrap/config.nix +++ b/hosts/bootstrap/config.nix @@ -21,7 +21,7 @@ tailscale.enable = true; openssh = { enable = true; - settings.PermitRootLogin = "yes"; + settings.PermitRootLogin = "prohibit-password"; }; }; users.users."${username}" = { From 3daa0c438b9ae127dc6a2f876d4749af1ffd24dc Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:43:27 +0700 Subject: [PATCH 060/261] remove unused group --- modules/system/homelab/git.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 7ca738c..aefa420 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,7 +48,6 @@ hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; }; - users.groups.gitea-runner = {}; systemd.services."gitea-runner-nixos-deploy" = { restartIfChanged = false; }; From 6e025358342eb0c282bc86059b180e8158934164 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:53:23 +0700 Subject: [PATCH 061/261] cleanup --- modules/system/homelab/git.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index aefa420..80fb950 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,7 +48,5 @@ hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; }; - systemd.services."gitea-runner-nixos-deploy" = { - restartIfChanged = false; - }; + systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; } From cdf5828fc84b5cdb02569183af5e3b83f19c10da Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 10:53:33 +0700 Subject: [PATCH 062/261] cpu hotplug --- modules/hardware/homelab.nix | 12 ++++++++++-- modules/hardware/misc/cpu-hotplug.nix | 5 +++++ 2 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 modules/hardware/misc/cpu-hotplug.nix diff --git a/modules/hardware/homelab.nix b/modules/hardware/homelab.nix index 08bfec3..ac3cb0c 100644 --- a/modules/hardware/homelab.nix +++ b/modules/hardware/homelab.nix @@ -2,11 +2,19 @@ imports = [ ./core/firmware.nix ./core/igpu.nix - ./misc/disks.nix + ./misc/cpu-hotplug.nix ./misc/serial.nix + ./misc/disks.nix ]; - boot.initrd.availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "virtio_console" ]; + boot.initrd.availableKernelModules = [ + "virtio_net" + "virtio_pci" + "virtio_mmio" + "virtio_blk" + "virtio_scsi" + "virtio_console" + ]; services = { qemuGuest.enable = true; spice-vdagentd.enable = true; diff --git a/modules/hardware/misc/cpu-hotplug.nix b/modules/hardware/misc/cpu-hotplug.nix new file mode 100644 index 0000000..64cd3f9 --- /dev/null +++ b/modules/hardware/misc/cpu-hotplug.nix @@ -0,0 +1,5 @@ +{ ... }: { + services.udev.extraRules = '' + SUBSYSTEM=="cpu", ACTION=="add", TEST=="online", ATTR{online}=="0", ATTR{online}="1" + ''; +} \ No newline at end of file From b4bfacdc44c9fe0a349bb4d4e35cc5dd2c8a46e8 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 11:06:50 +0700 Subject: [PATCH 063/261] enable auth on dockge --- modules/system/homelab/proxy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 3edaf2a..0eb1e49 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -5,10 +5,10 @@ "router" = { dest = "http://router.dns.${homelab.domain}:80"; auth = false; }; "home" = { dest = "http://home.dns.${homelab.domain}:8123"; auth = false; }; - "dynamic" = { dest = "http://127.0.0.1:8082"; auth = true; }; + "containers" = { dest = "http://localhost:5001"; auth = true; }; + "dynamic" = { dest = "http://localhost:8082"; auth = true; }; "dns" = { dest = "http://localhost:8088"; auth = true; }; - "containers" = { dest = "http://localhost:5001"; auth = false; }; "gallery" = { dest = "http://localhost:2283"; auth = false; }; "remote" = { dest = "http://localhost:8085"; auth = false; }; "search" = { dest = "http://localhost:8091"; auth = false; }; From e6805c0e6b3dbcb7b9d572c00d54e171930ec3a5 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 11:34:34 +0700 Subject: [PATCH 064/261] remove docker label --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 80fb950..39f2961 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -44,7 +44,7 @@ name = "nixos-server-runner"; url = "https://git.proxy.${homelab.domain}"; tokenFile = "/root/forgejo-token-runner"; - labels = [ "self-hosted:host" "docker" ]; + labels = [ "self-hosted:host" ]; hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; }; From 00a759d8fe7d714fac22ee3ce20ac83da1d53fb0 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 15 Mar 2026 13:22:56 +0700 Subject: [PATCH 065/261] add refresh flag --- .forgejo/workflows/activate.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index 8d1ad80..abbd723 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -25,7 +25,7 @@ jobs: -o StrictHostKeyChecking=no \ -o UserKnownHostsFile=/dev/null \ root@localhost \ - "bash -lc 'nixos-rebuild switch --flake git+http://localhost:5080/satr14/nix-flake#homelab -L'" + "bash -lc 'nixos-rebuild switch --refresh --flake git+http://localhost:5080/satr14/nix-flake#homelab -L'" - name: Show generation if: always() From a945955835e1bdd7f828c96e6a77a240bddcf0cf Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 18 Mar 2026 11:29:14 +0700 Subject: [PATCH 066/261] update name --- .forgejo/workflows/activate.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.forgejo/workflows/activate.yml b/.forgejo/workflows/activate.yml index abbd723..869f0f4 100644 --- a/.forgejo/workflows/activate.yml +++ b/.forgejo/workflows/activate.yml @@ -1,4 +1,4 @@ -name: NixOS Rebuild +name: Activate Homelab Configuration on: workflow_dispatch: @@ -18,7 +18,7 @@ jobs: echo "${{ secrets.DEPLOY_SSH_KEY }}" > ./ssh/deploy_key chmod 600 ./ssh/deploy_key - - name: Rebuild + - name: Rebuild and switch run: | ssh -i ./ssh/deploy_key \ -o PasswordAuthentication=no \ From ac542840a0ecba7c61e11b2c199c5baf15136a28 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 19 Mar 2026 21:19:46 +0700 Subject: [PATCH 067/261] fix broken dest --- modules/system/homelab/proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 0eb1e49..de38a69 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -74,7 +74,7 @@ in { } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${base}" { useACMEHost = base; forceSSL = true; - locations."/".return = "301 ${base}"; + locations."/".return = "301 ${cfg.dest}"; }) redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { useACMEHost = base; forceSSL = true; From 1b40da95a7ffedc4225c912d3f37e8fe2e5a16fc Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 19 Mar 2026 21:20:09 +0700 Subject: [PATCH 068/261] disable forgejo internal sign in --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 39f2961..3d436ca 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -25,7 +25,7 @@ DISABLE_REGISTRATION = true; ENABLE_OPENID_SIGNIN = false; ENABLE_OPENID_SIGNUP = false; - ENABLE_INTERNAL_SIGNIN = true; + ENABLE_INTERNAL_SIGNIN = false; SHOW_REGISTRATION_BUTTON = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; ALLOW_ONLY_INTERNAL_REGISTRATION = false; From 2890b8b5030ec472956d9fc248639ba5b067da51 Mon Sep 17 00:00:00 2001 From: Satria Date: Thu, 19 Mar 2026 21:46:11 +0700 Subject: [PATCH 069/261] preinstall extensions --- modules/home/core/zed.nix | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/modules/home/core/zed.nix b/modules/home/core/zed.nix index 9060a36..b3d3dc2 100644 --- a/modules/home/core/zed.nix +++ b/modules/home/core/zed.nix @@ -2,7 +2,14 @@ programs.zed-editor = { enable = true; package = pkgs.zed-editor; - extensions = [ "nix" ]; + extensions = [ + "html" "html-snippets" + "svelte" "svelte-snippets" + "wakatime" "discord-presence" + "catppuccin" "catppuccin-icons" + "git-firefly" + "nix" + ]; userSettings = { format_on_save = "off"; vim_mode = true; From 028a3702996273b4983c94fb24985d43c53ab3f6 Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 20 Mar 2026 06:49:51 +0700 Subject: [PATCH 070/261] battery notifier --- modules/hardware/misc/battery-power.nix | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/hardware/misc/battery-power.nix b/modules/hardware/misc/battery-power.nix index bd8ee20..a8dbc96 100644 --- a/modules/hardware/misc/battery-power.nix +++ b/modules/hardware/misc/battery-power.nix @@ -1,4 +1,4 @@ -{ pkgs, resume-dev, ... }: { +{ pkgs, username, resume-dev, ... }: { powerManagement.powertop.enable = true; services = { @@ -10,6 +10,18 @@ echo 85 > /sys/class/power_supply/BAT*/charge_control_end_threshold || true ''}" ''; + cron = { + enable = true; + systemCronJobs = [ + "* * * * * ${username} bash -x ${pkgs.writeShellScript "low-battery-notifier" '' + BAT_PCT=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '[0-9]+(?=%)'` + BAT_STA=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '\w+(?=,)'` + echo "`date` battery status:$BAT_STA percentage:$BAT_PCT" + test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u normal "Low Battery" "\$\{BAT_PCT}% remaining." + test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u critical "Low Battery" "Shutdown at 10%." + ''} > /tmp/cron.batt.log 2>&1" + ]; + }; upower = { enable = true; percentageCritical = 15; From fb22490bd8afa7dc0b62857cfd4195357b9d5b48 Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 20 Mar 2026 07:39:12 +0700 Subject: [PATCH 071/261] fix build error and typos --- modules/system/homelab/proxy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index de38a69..e3b533a 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -23,7 +23,7 @@ redirects = { "www" = "https://proxy.${homelab.domain}"; "dash" = "https://${homelab.domain}"; - "immich" = "https://gallery.proxy${homelab.domain}"; + "immich" = "https://gallery.proxy.${homelab.domain}"; }; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; @@ -74,7 +74,7 @@ in { } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${base}" { useACMEHost = base; forceSSL = true; - locations."/".return = "301 ${cfg.dest}"; + locations."/".return = "301 ${cfg}"; }) redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { useACMEHost = base; forceSSL = true; From 836d36b8d4c4e1a01c6c0673a3aeb38b76894897 Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 20 Mar 2026 07:46:44 +0700 Subject: [PATCH 072/261] change redirect --- modules/system/homelab/proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index e3b533a..b363758 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -22,7 +22,7 @@ }; redirects = { "www" = "https://proxy.${homelab.domain}"; - "dash" = "https://${homelab.domain}"; + "dash" = "https://proxy.${homelab.domain}"; "immich" = "https://gallery.proxy.${homelab.domain}"; }; exta-conf = '' From fa2e98a353cc7d665662ef7ec3aee8ac25d18b2c Mon Sep 17 00:00:00 2001 From: Satria Date: Fri, 20 Mar 2026 13:19:18 +0700 Subject: [PATCH 073/261] remove prismlauncher --- modules/home/core/apps.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/core/apps.nix b/modules/home/core/apps.nix index e08ee37..657bc7e 100644 --- a/modules/home/core/apps.nix +++ b/modules/home/core/apps.nix @@ -37,7 +37,6 @@ ferium portablemc - prismlauncher steamguard-cli # modrinth-app ]; From 5e2c8dfa6e4e74ccae53607f58af6d9eec58b300 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 22 Mar 2026 20:37:26 +0700 Subject: [PATCH 074/261] add redirect --- modules/system/homelab/proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index b363758..90978c2 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -24,6 +24,7 @@ "www" = "https://proxy.${homelab.domain}"; "dash" = "https://proxy.${homelab.domain}"; "immich" = "https://gallery.proxy.${homelab.domain}"; + "2fa" = "https://2fa.${homelab.domain}" }; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; From dd7d994cc9975bf9ee45a515e67bd4cde1077dc4 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 22 Mar 2026 20:44:23 +0700 Subject: [PATCH 075/261] forgot a semicolon --- modules/system/homelab/proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 90978c2..6117f91 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -24,7 +24,7 @@ "www" = "https://proxy.${homelab.domain}"; "dash" = "https://proxy.${homelab.domain}"; "immich" = "https://gallery.proxy.${homelab.domain}"; - "2fa" = "https://2fa.${homelab.domain}" + "2fa" = "https://2fa.${homelab.domain}"; }; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; From 6b2553b3e9add59e402537c3605f7ff0fa3d7cf6 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 24 Mar 2026 08:35:05 +0700 Subject: [PATCH 076/261] disable trafik's auth and new helper functions --- modules/system/homelab/proxy.nix | 35 +++++++++++++++++--------------- 1 file changed, 19 insertions(+), 16 deletions(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 6117f91..02e8fa0 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,24 +1,27 @@ { homelab, lib, ... }: let + d = domain: { dest = d; auth = false; }; + da = domain: { dest = d; auth = true; }; + base = "proxy.${homelab.domain}"; hosts = { - "server" = { dest = "https://server.dns.${homelab.domain}:8006"; auth = false; }; - "router" = { dest = "http://router.dns.${homelab.domain}:80"; auth = false; }; - "home" = { dest = "http://home.dns.${homelab.domain}:8123"; auth = false; }; + "server" = d "https://server.dns.${homelab.domain}:8006"; + "router" = d "http://router.dns.${homelab.domain}:80"; + "home" = d "http://home.dns.${homelab.domain}:8123"; - "containers" = { dest = "http://localhost:5001"; auth = true; }; - "dynamic" = { dest = "http://localhost:8082"; auth = true; }; - "dns" = { dest = "http://localhost:8088"; auth = true; }; + "containers" = da "http://localhost:5001"; + "dns" = da "http://localhost:8088"; - "gallery" = { dest = "http://localhost:2283"; auth = false; }; - "remote" = { dest = "http://localhost:8085"; auth = false; }; - "search" = { dest = "http://localhost:8091"; auth = false; }; - "notify" = { dest = "http://localhost:8067"; auth = false; }; - "media" = { dest = "http://localhost:8096"; auth = false; }; - "pass" = { dest = "http://localhost:8060"; auth = false; }; - "auth" = { dest = "http://localhost:1411"; auth = false; }; - "git" = { dest = "http://localhost:5080"; auth = false; }; - "ai" = { dest = "http://localhost:8080"; auth = false; }; - "@" = { dest = "http://localhost:5070"; auth = false; }; + "gallery" = d "http://localhost:2283"; + "dynamic" = d "http://localhost:8082"; + "remote" = d "http://localhost:8085"; + "search" = d "http://localhost:8091"; + "notify" = d "http://localhost:8067"; + "media" = d "http://localhost:8096"; + "pass" = d "http://localhost:8060"; + "auth" = d "http://localhost:1411"; + "git" = d "http://localhost:5080"; + "ai" = d "http://localhost:8080"; + "@" = d "http://localhost:5070"; }; redirects = { "www" = "https://proxy.${homelab.domain}"; From 4d854b12f0ec24f1d17d055ecc27a32efe889215 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 24 Mar 2026 08:36:41 +0700 Subject: [PATCH 077/261] fix helper --- modules/system/homelab/proxy.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 02e8fa0..083a86f 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,6 +1,6 @@ { homelab, lib, ... }: let - d = domain: { dest = d; auth = false; }; - da = domain: { dest = d; auth = true; }; + d = dest: { inherit dest; auth = false; }; + da = dest: { inherit dest; auth = true; }; base = "proxy.${homelab.domain}"; hosts = { From a0f980ef310133eb7230777205eb8913f719b82a Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 24 Mar 2026 08:39:50 +0700 Subject: [PATCH 078/261] add auth middleware --- modules/system/homelab/proxy.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 083a86f..0486260 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -104,6 +104,7 @@ in { forwardedHeaders.trustedIPs = [ "127.0.0.1/32" ]; }; }; + http.middlewares.auth.basicAuth.usersFile = "/var/lib/nginx/.htpasswd"; api = { dashboard = true; insecure = true; From 706e789ce03e090d291dcebbbb2687a0752156e1 Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 24 Mar 2026 08:55:29 +0700 Subject: [PATCH 079/261] move to dynamic config --- modules/system/homelab/proxy.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 0486260..10a6a32 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -96,6 +96,9 @@ in { }; traefik = { enable = true; + dynamicConfigOptions = { + http.middlewares.auth.basicAuth.usersFile = "/var/lib/nginx/.htpasswd"; + }; staticConfigOptions = { entryPoints = { traefik.address = "127.0.0.1:8082"; @@ -104,7 +107,6 @@ in { forwardedHeaders.trustedIPs = [ "127.0.0.1/32" ]; }; }; - http.middlewares.auth.basicAuth.usersFile = "/var/lib/nginx/.htpasswd"; api = { dashboard = true; insecure = true; From 0f75aa474ae8ddd6fc0a35c579b995ec7061215c Mon Sep 17 00:00:00 2001 From: Satria Date: Tue, 24 Mar 2026 09:59:38 +0700 Subject: [PATCH 080/261] add qwen cloud --- modules/system/homelab/ai.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/ai.nix b/modules/system/homelab/ai.nix index cdd6793..a731d14 100644 --- a/modules/system/homelab/ai.nix +++ b/modules/system/homelab/ai.nix @@ -8,7 +8,7 @@ home = "/mnt/data/ollama"; loadModels = [ "gemma3n:e4b" # "gemma3n:e2b" - # "codellama:7b" "starcoder:3b" + "qwen3-coder-next:cloud" # "codellama:7b" "starcoder:3b" ]; }; open-webui = { From d2574636d6da1796551f3298dd71c97ff91952ad Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Mar 2026 16:24:04 +0700 Subject: [PATCH 081/261] small cleanup --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 3d436ca..72c6050 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, homelab, ... }: { +{ pkgs, homelab, ... }: { services = { forgejo = { enable = true; From 1cfee15d258791bb03295b954ec565be7952aa60 Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Mar 2026 16:36:02 +0700 Subject: [PATCH 082/261] remove unused services --- modules/system/homelab/dash.nix | 1 - modules/system/homelab/proxy.nix | 1 - modules/system/homelab/remote.nix | 19 ----------------- modules/system/homelab/share.nix | 34 ------------------------------- modules/system/server.nix | 1 - 5 files changed, 56 deletions(-) delete mode 100644 modules/system/homelab/remote.nix delete mode 100644 modules/system/homelab/share.nix diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 97ddade..727faf4 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -78,7 +78,6 @@ [ "Ntfy" "ntfy" "https://notify.proxy.${homelab.domain}" "http://localhost:8067/" ] [ "SearXNG" "searxng" "https://search.proxy.${homelab.domain}" "http://localhost:8091/" ] [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] - [ "Guacamole" "apacheguacamole" "https://remote.proxy.${homelab.domain}/guacamole" "http://localhost:8085/guacamole/" ] ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 10a6a32..f831f17 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -13,7 +13,6 @@ "gallery" = d "http://localhost:2283"; "dynamic" = d "http://localhost:8082"; - "remote" = d "http://localhost:8085"; "search" = d "http://localhost:8091"; "notify" = d "http://localhost:8067"; "media" = d "http://localhost:8096"; diff --git a/modules/system/homelab/remote.nix b/modules/system/homelab/remote.nix deleted file mode 100644 index c8b6671..0000000 --- a/modules/system/homelab/remote.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ ... }: { - services = { - guacamole-server = { - enable = true; - host = "127.0.0.1"; - port = 4822; - }; - guacamole-client = { - enable = true; - enableWebserver = true; - userMappingXml = "/mnt/data/guacamole/user-mapping.xml"; - settings = { - guacd-hostname = "127.0.0.1"; - guacd-port = 4822; - }; - }; - tomcat.port = 8085; - }; -} \ No newline at end of file diff --git a/modules/system/homelab/share.nix b/modules/system/homelab/share.nix deleted file mode 100644 index 6a01a39..0000000 --- a/modules/system/homelab/share.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ ... }: { - services = { - httpd = { - enable = true; - virtualHosts."cdn" = { - listen = [{ ip = "127.0.0.1"; port = 3000; }]; - documentRoot = "/mnt/share"; - }; - }; - - samba = { - enable = true; - settings = { - global = { - workgroup = "WORKGROUP"; - "disable netbios" = "yes"; - "allow insecure wide links" = "yes"; - "server min protocol" = "SMB2_02"; - }; - "NAS" = { - path = "/mnt/share"; - browseable = "yes"; - "read only" = "no"; - "create mask" = "0664"; - "force create mode" = "0664"; - "directory mask" = "0775"; - "force directory mode" = "0775"; - "follow symlinks" = "yes"; - "wide links" = "yes"; - }; - }; - }; - }; -} \ No newline at end of file diff --git a/modules/system/server.nix b/modules/system/server.nix index fd10d22..daa3747 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -11,7 +11,6 @@ in { ./homelab/containers.nix ./homelab/gallery.nix ./homelab/tunnels.nix - ./homelab/remote.nix ./homelab/notify.nix ./homelab/search.nix ./homelab/media.nix From 78444c3b83b0bedfb16a1a255b9a67919d1b1799 Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Mar 2026 16:36:14 +0700 Subject: [PATCH 083/261] add credits and hosts --- README.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 76cad4e..1c27513 100644 --- a/README.md +++ b/README.md @@ -2,4 +2,11 @@ rewrite of my nixos flake with hopefully better structuring and modularity > [!WARNING] -> this flake is ment for personal use. code is not well documented and is not ment to be used by others. use at your own risk. \ No newline at end of file +> this flake is ment for personal use. code is not well documented and is not ment to be used by others. use at your own risk. + +## hosts +- `thinkpad` - my thinkpad t480 with an i5 8350u, 16gb of ram, and 256gb nvme ssd (140 allocated for nixos, rest for windows 11) +- `homelab` - my homelab server in a vm on a proxmox host with an i7 8700t, 32gb of ram, and 512gb boot drive (with hotplug enabled for cpu and ram) + +## credits +- [orangc's flake](https://git.orangc.net/c/dots) \ No newline at end of file From c71da4411975e06e1643cdff0c6329845e5f642a Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Mar 2026 16:38:00 +0700 Subject: [PATCH 084/261] remove unused sops --- flake.lock | 37 +------------------------------------ flake.nix | 3 --- 2 files changed, 1 insertion(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index cc8baa0..c00515b 100644 --- a/flake.lock +++ b/flake.lock @@ -123,47 +123,12 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1772736753, - "narHash": "sha256-au/m3+EuBLoSzWUCb64a/MZq6QUtOV8oC0D9tY2scPQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "917fec990948658ef1ccd07cef2a1ef060786846", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "ctp": "ctp", "gl": "gl", "hm": "hm", - "nixpkgs": "nixpkgs_3", - "sops": "sops" - } - }, - "sops": { - "inputs": { - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1773096132, - "narHash": "sha256-M3zEnq9OElB7zqc+mjgPlByPm1O5t2fbUrH3t/Hm5Ag=", - "owner": "Mic92", - "repo": "sops-nix", - "rev": "d1ff3b1034d5bab5d7d8086a7803c5a5968cd784", - "type": "github" - }, - "original": { - "owner": "Mic92", - "repo": "sops-nix", - "type": "github" + "nixpkgs": "nixpkgs_3" } }, "systems": { diff --git a/flake.nix b/flake.nix index 692ca4d..8130e57 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - sops.url = "github:Mic92/sops-nix"; gl.url = "github:nix-community/nixGL"; ctp.url = "github:catppuccin/nix"; }; @@ -31,7 +30,6 @@ modules = [ ./hosts/${host}/config.nix inputs.ctp.nixosModules.catppuccin - inputs.sops.nixosModules.sops ]; }; @@ -41,7 +39,6 @@ modules = [ ./hosts/${host}/config.nix inputs.ctp.nixosModules.catppuccin - inputs.sops.nixosModules.sops inputs.hm.nixosModules.home-manager { home-manager = { From ee28bb7c42ddddc9b9ee953deceb5435325eea08 Mon Sep 17 00:00:00 2001 From: Satria Date: Wed, 25 Mar 2026 18:34:03 +0700 Subject: [PATCH 085/261] cleanup and rename --- modules/home/core/apps.nix | 94 ++++++++++++------- modules/home/core/{zed.nix => code.nix} | 0 modules/home/core/{zsh.nix => shell.nix} | 0 modules/home/core/xdg.nix | 25 ----- modules/home/default.nix | 2 +- modules/home/desktop.nix | 23 +++-- .../{scheme-handlers.nix => handlers.nix} | 0 .../home/misc/{kde-connect.nix => phone.nix} | 0 modules/home/rice/{waybar.nix => bar.nix} | 0 .../rice/{hyprland.nix => compositor.nix} | 0 modules/home/rice/{hypridle.nix => idle.nix} | 0 .../rice/{hyprlock.nix => lockscreen.nix} | 0 modules/home/rice/{wlogout.nix => logout.nix} | 0 modules/home/rice/{rofi.nix => menu.nix} | 0 modules/home/rice/{dunst.nix => notifs.nix} | 0 15 files changed, 71 insertions(+), 73 deletions(-) rename modules/home/core/{zed.nix => code.nix} (100%) rename modules/home/core/{zsh.nix => shell.nix} (100%) delete mode 100644 modules/home/core/xdg.nix rename modules/home/misc/{scheme-handlers.nix => handlers.nix} (100%) rename modules/home/misc/{kde-connect.nix => phone.nix} (100%) rename modules/home/rice/{waybar.nix => bar.nix} (100%) rename modules/home/rice/{hyprland.nix => compositor.nix} (100%) rename modules/home/rice/{hypridle.nix => idle.nix} (100%) rename modules/home/rice/{hyprlock.nix => lockscreen.nix} (100%) rename modules/home/rice/{wlogout.nix => logout.nix} (100%) rename modules/home/rice/{rofi.nix => menu.nix} (100%) rename modules/home/rice/{dunst.nix => notifs.nix} (100%) diff --git a/modules/home/core/apps.nix b/modules/home/core/apps.nix index 657bc7e..99fb001 100644 --- a/modules/home/core/apps.nix +++ b/modules/home/core/apps.nix @@ -1,43 +1,67 @@ { pkgs, ... }: { nixpkgs.config.allowUnfree = true; + xdg = { + autostart.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/plain" = "nvim.desktop"; + "text/html" = "brave-browser.desktop"; + "application/pdf" = "brave-browser.desktop"; + "x-scheme-handler/http" = "brave-browser.desktop"; + "x-scheme-handler/https" = "brave-browser.desktop"; + "x-terminal-emulator" = "kitty.desktop"; + "inode/directory" = "pcmanfm-qt.desktop"; + "audio/mpeg" = "vlc.desktop"; + "audio/mp3" = "vlc.desktop"; + "audio/wav" = "vlc.desktop"; + "audio/flac" = "vlc.desktop"; + "video/mp4" = "vlc.desktop"; + "video/x-matroska" = "vlc.desktop"; + "video/webm" = "vlc.desktop"; + "video/x-msvideo" = "vlc.desktop"; + }; + }; + }; + home.packages = with pkgs; [ - zed-editor - # kicad-small - # arduino-ide + zed-editor + # kicad-small + # arduino-ide - slack - discord - # protonmail-desktop # https://www.reddit.com/r/NixOS/comments/1rm9alf/protonmail_in_nixos/ - - vlc - brave - libreoffice - appimage-run - # keepassxc + slack + discord + # protonmail-desktop # https://www.reddit.com/r/NixOS/comments/1rm9alf/protonmail_in_nixos/ + + vlc + brave + libreoffice + appimage-run + # keepassxc - virt-manager - # winboat - - remmina - moonlight-qt - # rustdesk - - - # inkscape - # davinci-resolve - # kdePackages.kdenlive - (wrapOBS { - plugins = with obs-studio-plugins; [ - wlrobs - obs-backgroundremoval - obs-pipewire-audio-capture - ]; - }) + virt-manager + # winboat + + remmina + moonlight-qt + # rustdesk + + + # inkscape + # davinci-resolve + # kdePackages.kdenlive + (wrapOBS { + plugins = with obs-studio-plugins; [ + wlrobs + obs-backgroundremoval + obs-pipewire-audio-capture + ]; + }) - ferium - portablemc - steamguard-cli - # modrinth-app - ]; + ferium + portablemc + steamguard-cli + # modrinth-app + ]; } diff --git a/modules/home/core/zed.nix b/modules/home/core/code.nix similarity index 100% rename from modules/home/core/zed.nix rename to modules/home/core/code.nix diff --git a/modules/home/core/zsh.nix b/modules/home/core/shell.nix similarity index 100% rename from modules/home/core/zsh.nix rename to modules/home/core/shell.nix diff --git a/modules/home/core/xdg.nix b/modules/home/core/xdg.nix deleted file mode 100644 index ffc2a13..0000000 --- a/modules/home/core/xdg.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ ... }: { - xdg = { - autostart.enable = true; - mimeApps = { - enable = true; - defaultApplications = { - "text/plain" = "nvim.desktop"; - "text/html" = "brave-browser.desktop"; - "application/pdf" = "brave-browser.desktop"; - "x-scheme-handler/http" = "brave-browser.desktop"; - "x-scheme-handler/https" = "brave-browser.desktop"; - "x-terminal-emulator" = "kitty.desktop"; - "inode/directory" = "pcmanfm-qt.desktop"; - "audio/mpeg" = "vlc.desktop"; - "audio/mp3" = "vlc.desktop"; - "audio/wav" = "vlc.desktop"; - "audio/flac" = "vlc.desktop"; - "video/mp4" = "vlc.desktop"; - "video/x-matroska" = "vlc.desktop"; - "video/webm" = "vlc.desktop"; - "video/x-msvideo" = "vlc.desktop"; - }; - }; - }; -} \ No newline at end of file diff --git a/modules/home/default.nix b/modules/home/default.nix index 23334fd..8fa2337 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,7 +1,7 @@ { username, ... }: { imports = [ + ./core/shell.nix ./core/cli.nix - ./core/zsh.nix ]; home = { diff --git a/modules/home/desktop.nix b/modules/home/desktop.nix index a7a0bc1..3fbd229 100644 --- a/modules/home/desktop.nix +++ b/modules/home/desktop.nix @@ -1,20 +1,19 @@ { pkgs, ... }: { imports = [ - ./rice/hyprland.nix - ./rice/hyprlock.nix - ./rice/waybar.nix - ./rice/rofi.nix - ./rice/wlogout.nix - ./rice/hypridle.nix - ./rice/dunst.nix + ./rice/compositor.nix + ./rice/lockscreen.nix + ./rice/keybinds.nix + ./rice/logout.nix + ./rice/notifs.nix ./rice/cursor.nix ./rice/theme.nix - ./rice/keybinds.nix - ./misc/scheme-handlers.nix - ./misc/kde-connect.nix + ./rice/menu.nix + ./rice/idle.nix + ./rice/bar.nix + ./misc/handlers.nix + ./misc/phone.nix ./core/apps.nix - ./core/zed.nix - ./core/xdg.nix + ./core/code.nix ]; services = { diff --git a/modules/home/misc/scheme-handlers.nix b/modules/home/misc/handlers.nix similarity index 100% rename from modules/home/misc/scheme-handlers.nix rename to modules/home/misc/handlers.nix diff --git a/modules/home/misc/kde-connect.nix b/modules/home/misc/phone.nix similarity index 100% rename from modules/home/misc/kde-connect.nix rename to modules/home/misc/phone.nix diff --git a/modules/home/rice/waybar.nix b/modules/home/rice/bar.nix similarity index 100% rename from modules/home/rice/waybar.nix rename to modules/home/rice/bar.nix diff --git a/modules/home/rice/hyprland.nix b/modules/home/rice/compositor.nix similarity index 100% rename from modules/home/rice/hyprland.nix rename to modules/home/rice/compositor.nix diff --git a/modules/home/rice/hypridle.nix b/modules/home/rice/idle.nix similarity index 100% rename from modules/home/rice/hypridle.nix rename to modules/home/rice/idle.nix diff --git a/modules/home/rice/hyprlock.nix b/modules/home/rice/lockscreen.nix similarity index 100% rename from modules/home/rice/hyprlock.nix rename to modules/home/rice/lockscreen.nix diff --git a/modules/home/rice/wlogout.nix b/modules/home/rice/logout.nix similarity index 100% rename from modules/home/rice/wlogout.nix rename to modules/home/rice/logout.nix diff --git a/modules/home/rice/rofi.nix b/modules/home/rice/menu.nix similarity index 100% rename from modules/home/rice/rofi.nix rename to modules/home/rice/menu.nix diff --git a/modules/home/rice/dunst.nix b/modules/home/rice/notifs.nix similarity index 100% rename from modules/home/rice/dunst.nix rename to modules/home/rice/notifs.nix From 1d5efe00995504e44901a05f7ed4ae0f2c2fc82e Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 28 Mar 2026 09:32:21 +0700 Subject: [PATCH 086/261] use angie --- modules/system/homelab/proxy.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index f831f17..84cf723 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,4 +1,4 @@ -{ homelab, lib, ... }: let +{ pkgs, homelab, lib, ... }: let d = dest: { inherit dest; auth = false; }; da = dest: { inherit dest; auth = true; }; @@ -58,6 +58,7 @@ in { services = { nginx = { enable = true; + package = pkgs.angie; recommendedProxySettings = true; recommendedTlsSettings = true; recommendedGzipSettings = true; From dd2757013767ebd90aa5e2458e9c5f7ad0cdf933 Mon Sep 17 00:00:00 2001 From: Satria Date: Sat, 28 Mar 2026 19:47:22 +0700 Subject: [PATCH 087/261] add code-server --- modules/system/homelab/code.nix | 12 ++++++++++++ modules/system/homelab/dash.nix | 1 + modules/system/homelab/proxy.nix | 3 ++- modules/system/server.nix | 1 + 4 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 modules/system/homelab/code.nix diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix new file mode 100644 index 0000000..52d5d7d --- /dev/null +++ b/modules/system/homelab/code.nix @@ -0,0 +1,12 @@ +{ pkgs, username, ... }: { + services.code-server = { + enable = true; + host = "127.0.0.1"; + port = 8443; + user = username; + disableTelemetry = true; + extensionsDir = "/mnt/data/code-server/extensions"; + userDataDit = "/mnt/data/code-server/user-data"; + extraPackages = with pkgs; []; + }; +} diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 727faf4..9a32422 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -69,6 +69,7 @@ services = [ [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] + [ "CodeServer" "coder" "https://code.${homelab.domain}" "http://localhost:8443/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ] [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 84cf723..7afecfa 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -9,6 +9,7 @@ "home" = d "http://home.dns.${homelab.domain}:8123"; "containers" = da "http://localhost:5001"; + "code" = da "http://localhost:8443"; "dns" = da "http://localhost:8088"; "gallery" = d "http://localhost:2283"; @@ -122,4 +123,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/modules/system/server.nix b/modules/system/server.nix index daa3747..da48085 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -18,6 +18,7 @@ in { ./homelab/auth.nix ./homelab/pass.nix ./homelab/dash.nix + ./homelab/code.nix ./homelab/dns.nix ./homelab/git.nix ./homelab/ai.nix From d2f3f3a9adb393ea2202ede329b0bb3ec047dcaf Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 28 Mar 2026 19:53:44 +0700 Subject: [PATCH 088/261] typo fix Signed-off-by: satr14 --- modules/system/homelab/code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 52d5d7d..93b9df1 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -6,7 +6,7 @@ user = username; disableTelemetry = true; extensionsDir = "/mnt/data/code-server/extensions"; - userDataDit = "/mnt/data/code-server/user-data"; + userDataDir = "/mnt/data/code-server/user-data"; extraPackages = with pkgs; []; }; } From 08ea39b54b0795eda4aa7f7c6147c2a281e02aef Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 28 Mar 2026 19:56:29 +0700 Subject: [PATCH 089/261] change git username --- lib/options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index 882af83..05563c4 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -68,7 +68,7 @@ git = { # setup your git author username = "satr14"; # forgejo username server = "https://git.satr14.my.id"; # forgejo server url - user = "Satria"; + user = "satr14"; email = "admin@satr14.my.id"; }; } From 8190825296ed79061e6ef60782fa52c0b983339e Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 28 Mar 2026 19:59:04 +0700 Subject: [PATCH 090/261] add proxy prefix --- modules/system/homelab/dash.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 9a32422..c3f3fba 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -69,7 +69,7 @@ services = [ [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] - [ "CodeServer" "coder" "https://code.${homelab.domain}" "http://localhost:8443/" ] + [ "CodeServer" "coder" "https://code.proxy.${homelab.domain}" "http://localhost:8443/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ] [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] From 0442180b59a9ac52d34b5d7c5cf475c8b07bad6f Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 28 Mar 2026 20:05:38 +0700 Subject: [PATCH 091/261] disable internal auth --- modules/system/homelab/code.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 93b9df1..3c560e7 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -4,6 +4,7 @@ host = "127.0.0.1"; port = 8443; user = username; + auth = "none"; disableTelemetry = true; extensionsDir = "/mnt/data/code-server/extensions"; userDataDir = "/mnt/data/code-server/user-data"; From 0ce7ecf71d0e80b0f4fe61bf20b36ad105d585cb Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 29 Mar 2026 09:13:38 +0700 Subject: [PATCH 092/261] move some configs to options.nix --- lib/options.nix | 48 +++++++++++++++++++++++++++++++- modules/system/homelab/dash.nix | 17 +---------- modules/system/homelab/proxy.nix | 48 ++++++-------------------------- 3 files changed, 57 insertions(+), 56 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 05563c4..8409c21 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -1,4 +1,7 @@ -{ +let + d = dest: { inherit dest; auth = false; }; + da = dest: { inherit dest; auth = true; }; +in { flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path username = "satr14"; @@ -25,6 +28,49 @@ data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data host = "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) }; + dash = [ + [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] + [ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ] + [ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ] + [ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ] + [ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ] + [ "Immich" "immich" "https://gallery.proxy.${domain}" "http://localhost:2283/" ] + [ "Jellyfin" "jellyfin" "https://media.proxy.${domain}" "http://localhost:8096/" ] + [ "VaultWarden" "vaultwarden" "https://pass.proxy.${domain}" "http://localhost:8060/" ] + [ "Ollama" "ollama" "https://ai.proxy.${domain}" "http://localhost:8080/" ] + [ "Ntfy" "ntfy" "https://notify.proxy.${domain}" "http://localhost:8067/" ] + [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ] + [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] + ]; + proxy = { + base = "proxy.${domain}"; + hosts = { + "server" = d "https://server.dns.${domain}:8006"; + "router" = d "http://router.dns.${domain}:80"; + "home" = d "http://home.dns.${domain}:8123"; + + "containers" = da "http://localhost:5001"; + "code" = da "http://localhost:8443"; + "dns" = da "http://localhost:8088"; + + "gallery" = d "http://localhost:2283"; + "dynamic" = d "http://localhost:8082"; + "search" = d "http://localhost:8091"; + "notify" = d "http://localhost:8067"; + "media" = d "http://localhost:8096"; + "pass" = d "http://localhost:8060"; + "auth" = d "http://localhost:1411"; + "git" = d "http://localhost:5080"; + "ai" = d "http://localhost:8080"; + "@" = d "http://localhost:5070"; + }; + redirects = { + "www" = "https://${proxy.base}"; + "dash" = "https://${proxy.base}"; + "immich" = "https://gallery.${proxy.base}"; + "2fa" = "https://2fa.${domain}"; + }; + }; records = [ [ "server.dns.${domain}" "10.3.14.69" ] [ "router.dns.${domain}" "10.3.14.1" ] diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index c3f3fba..7839729 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -56,7 +56,6 @@ [ "Hypervisor" "https://10.3.14.69:8006/" ] [ "Router" "http://10.3.14.1:80/" ] [ "DNS" "http://localhost:8088/" ] - [ "CDN" "http://nas.local:3000/" ] [ "Proxy" "https://proxy.${homelab.domain}/" ] ]; external = [ @@ -66,20 +65,6 @@ [ "OpenMediaVault" "openmediavault" "https://nas.local:80" "http://nas.local:80/" ] [ "ApacheHTTPD" "apache" "https://nas.local:3000" "http://nas.local:3000/" ] ]; - services = [ - [ "PocketID" "authentik" "https://auth.${homelab.domain}" "http://localhost:1411/" ] - [ "Forgejo" "forgejo" "https://git.${homelab.domain}" "http://localhost:5080/" ] - [ "CodeServer" "coder" "https://code.proxy.${homelab.domain}" "http://localhost:8443/" ] - [ "AdGuardHome" "adguard" "https://dns.proxy.${homelab.domain}" "http://localhost:8088/" ] - [ "Traefik" "traefikproxy" "https://dynamic.proxy.${homelab.domain}/dashboard/" "" ] - [ "Immich" "immich" "https://gallery.proxy.${homelab.domain}" "http://localhost:2283/" ] - [ "Jellyfin" "jellyfin" "https://media.proxy.${homelab.domain}" "http://localhost:8096/" ] - [ "VaultWarden" "vaultwarden" "https://pass.proxy.${homelab.domain}" "http://localhost:8060/" ] - [ "Ollama" "ollama" "https://ai.proxy.${homelab.domain}" "http://localhost:8080/" ] - [ "Ntfy" "ntfy" "https://notify.proxy.${homelab.domain}" "http://localhost:8067/" ] - [ "SearXNG" "searxng" "https://search.proxy.${homelab.domain}" "http://localhost:8091/" ] - [ "Dockge" "docker" "https://containers.proxy.${homelab.domain}" "http://localhost:5001/" ] - ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Cloudflare" "cloudflare" "https://dash.cloudflare.com/" ] @@ -302,7 +287,7 @@ in { icon = "si:${builtins.elemAt e 1}"; url = builtins.elemAt e 2; check-url = builtins.elemAt e 3; - }) services; + }) homelab.dash; } { type = "docker-containers"; diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 7afecfa..4977a68 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,34 +1,4 @@ { pkgs, homelab, lib, ... }: let - d = dest: { inherit dest; auth = false; }; - da = dest: { inherit dest; auth = true; }; - - base = "proxy.${homelab.domain}"; - hosts = { - "server" = d "https://server.dns.${homelab.domain}:8006"; - "router" = d "http://router.dns.${homelab.domain}:80"; - "home" = d "http://home.dns.${homelab.domain}:8123"; - - "containers" = da "http://localhost:5001"; - "code" = da "http://localhost:8443"; - "dns" = da "http://localhost:8088"; - - "gallery" = d "http://localhost:2283"; - "dynamic" = d "http://localhost:8082"; - "search" = d "http://localhost:8091"; - "notify" = d "http://localhost:8067"; - "media" = d "http://localhost:8096"; - "pass" = d "http://localhost:8060"; - "auth" = d "http://localhost:1411"; - "git" = d "http://localhost:5080"; - "ai" = d "http://localhost:8080"; - "@" = d "http://localhost:5070"; - }; - redirects = { - "www" = "https://proxy.${homelab.domain}"; - "dash" = "https://proxy.${homelab.domain}"; - "immich" = "https://gallery.proxy.${homelab.domain}"; - "2fa" = "https://2fa.${homelab.domain}"; - }; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; proxy_read_timeout 600s; @@ -47,9 +17,9 @@ in { security.acme = { acceptTerms = true; defaults.email = "admin@${homelab.domain}"; - certs."${base}" = { - domain = "*.${base}"; - extraDomainNames = [ base ]; + certs."${homelab.proxy.base}" = { + domain = "*.${homelab.proxy.base}"; + extraDomainNames = [ homelab.proxy.base ]; dnsProvider = "cloudflare"; environmentFile = "/mnt/data/acme/.env"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX @@ -68,7 +38,7 @@ in { "_" = { default = true; forceSSL = true; - useACMEHost = base; + useACMEHost = homelab.proxy.base; # locations."/".return = "404"; locations."/" = { proxyPass = "http://127.0.0.1:81"; # traefik for docker container dynamic proxy @@ -76,12 +46,12 @@ in { extraConfig = exta-conf; }; }; - } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${base}" { - useACMEHost = base; + } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair "${subdomain}.${homelab.proxy.base}" { + useACMEHost = homelab.proxy.base; forceSSL = true; locations."/".return = "301 ${cfg}"; - }) redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { - useACMEHost = base; + }) homelab.proxy.redirects // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then homelab.proxy.base else "${subdomain}.${homelab.proxy.base}") { + useACMEHost = homelab.proxy.base; forceSSL = true; extraConfig = '' access_log /var/log/nginx/${subdomain}.access.log; @@ -93,7 +63,7 @@ in { basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; extraConfig = exta-conf; }; - }) hosts; + }) homelab.proxy.hosts; }; traefik = { enable = true; From 609cf85814221a2ad55d19eff4d227b136f6adc7 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 29 Mar 2026 09:18:24 +0700 Subject: [PATCH 093/261] update flake --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index c00515b..d8728c4 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1773146250, - "narHash": "sha256-azzOjRqTxAqByzRP87jUUsmfOQ85i7h/YkrgTX0jZgg=", + "lastModified": 1774616169, + "narHash": "sha256-fP4bU3SOH5sefSl6EagqULFs+bXoo3h3VLQCCyJplo4=", "owner": "catppuccin", "repo": "nix", - "rev": "0fa0d06dd3cd09f37f76d19b389d7ff947dfd7e8", + "rev": "e616c61cd9f7b05b32af266bc005fa266860dacf", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1773179137, - "narHash": "sha256-EdW2bwzlfme0vbMOcStnNmKlOAA05Bp6su2O8VLGT0k=", + "lastModified": 1774738535, + "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "3f98e2bbc661ec0aaf558d8a283d6955f05f1d09", + "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1772773019, - "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=", + "lastModified": 1773821835, + "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "aca4d95fce4914b3892661bcb80b8087293536c6", + "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", "type": "github" }, "original": { @@ -109,11 +109,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1772963539, - "narHash": "sha256-9jVDGZnvCckTGdYT53d/EfznygLskyLQXYwJLKMPsZs=", + "lastModified": 1774386573, + "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9dcb002ca1690658be4a04645215baea8b95f31d", + "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", "type": "github" }, "original": { From 6c96c4ca0fdd2e58b420a8c73367562bec620bb0 Mon Sep 17 00:00:00 2001 From: Satria Date: Sun, 29 Mar 2026 09:46:51 +0700 Subject: [PATCH 094/261] disable forgejo restart on update --- modules/system/homelab/git.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 72c6050..8e6b25d 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -48,5 +48,8 @@ hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; }; - systemd.services."gitea-runner-nixos-deploy".restartIfChanged = false; + systemd.services = { + "gitea-runner-nixos-deploy".restartIfChanged = false; + "forgejo".restartIfChanged = false; + }; } From 8c76b31111cfd4cb7df436ee0515f7c9a24e2c07 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 29 Mar 2026 10:47:54 +0700 Subject: [PATCH 095/261] disable reload after sleep --- modules/home/rice/idle.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/home/rice/idle.nix b/modules/home/rice/idle.nix index 18d162d..80434de 100644 --- a/modules/home/rice/idle.nix +++ b/modules/home/rice/idle.nix @@ -6,7 +6,7 @@ lock_cmd = "hyprlock"; unlock_cmd = "pkill -USR1 hyprlock"; before_sleep_cmd = "hyprctl dispatch dpms off && hyprlock"; - after_sleep_cmd = "hyprctl dispatch dpms on && pkill -USR2 hyprlock"; + after_sleep_cmd = "hyprctl dispatch dpms on"; }; listener = [ { From 78731e97baa7712538cd14324fa1884a52f92ad3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 29 Mar 2026 11:00:42 +0700 Subject: [PATCH 096/261] add new share mount --- lib/options.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/options.nix b/lib/options.nix index 8409c21..d73ebb0 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -25,6 +25,7 @@ in { ]; disks = { gallery = "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery + share = "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for media collection (named host for backwards compatibility) data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data host = "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) }; From 7716d6e599001c0cdbc26c48d1229681374acd9d Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 29 Mar 2026 11:22:50 +0700 Subject: [PATCH 097/261] make mount optional --- lib/options.nix | 11 +++++++---- modules/hardware/misc/disks.nix | 10 ++++++++-- 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index d73ebb0..aa12642 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -1,6 +1,9 @@ let d = dest: { inherit dest; auth = false; }; da = dest: { inherit dest; auth = true; }; + + o = path: { inherit path; required = false; }; + r = path: { inherit path; required = true; }; in { flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path @@ -24,10 +27,10 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" ]; disks = { - gallery = "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery - share = "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for media collection (named host for backwards compatibility) - data = "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data - host = "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) + share = o "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for file share and storage + gallery = r "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery + data = r "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data + host = r "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) }; dash = [ [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] diff --git a/modules/hardware/misc/disks.nix b/modules/hardware/misc/disks.nix index ea0948a..9479fe1 100644 --- a/modules/hardware/misc/disks.nix +++ b/modules/hardware/misc/disks.nix @@ -7,7 +7,13 @@ in { fileSystems = { "/".autoResize = true; - } // lib.mapAttrs' (name: device: - lib.nameValuePair "/mnt/${name}" (globalOpts // { inherit device; }) + } // lib.mapAttrs' (name: dev: + lib.nameValuePair "/mnt/${name}" (globalOpts // { + device = dev.path; + options = if dev.required == false then [ + "nofail" + "x-systemd.automount" + ] else []; + }) ) homelab.disks; } \ No newline at end of file From 5d082a11c3117abad8090ab83fb5ce85fdc8269a Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 29 Mar 2026 11:26:11 +0700 Subject: [PATCH 098/261] fix build error --- modules/hardware/misc/disks.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/hardware/misc/disks.nix b/modules/hardware/misc/disks.nix index 9479fe1..0988ea9 100644 --- a/modules/hardware/misc/disks.nix +++ b/modules/hardware/misc/disks.nix @@ -13,7 +13,7 @@ in { options = if dev.required == false then [ "nofail" "x-systemd.automount" - ] else []; + ] else [ "defaults" ]; }) ) homelab.disks; } \ No newline at end of file From 9e5f99b718ff9fa15146646c5a7d8cec14bcb9b9 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 29 Mar 2026 11:30:08 +0700 Subject: [PATCH 099/261] fix fstype --- lib/options.nix | 12 ++++++------ modules/hardware/misc/disks.nix | 6 +----- 2 files changed, 7 insertions(+), 11 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index aa12642..a421e5c 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -2,8 +2,8 @@ let d = dest: { inherit dest; auth = false; }; da = dest: { inherit dest; auth = true; }; - o = path: { inherit path; required = false; }; - r = path: { inherit path; required = true; }; + ext4 = path: { inherit path; type = "ext4"; }; + btrfs = path: { inherit path; type = "btrfs"; }; in { flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path @@ -27,10 +27,10 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" ]; disks = { - share = o "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for file share and storage - gallery = r "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery - data = r "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data - host = r "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) + share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for file share and storage + gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery + data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data + host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) }; dash = [ [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] diff --git a/modules/hardware/misc/disks.nix b/modules/hardware/misc/disks.nix index 0988ea9..b874ff7 100644 --- a/modules/hardware/misc/disks.nix +++ b/modules/hardware/misc/disks.nix @@ -1,6 +1,5 @@ { lib, homelab, ... }: let globalOpts = { - fsType = "ext4"; autoFormat = true; autoResize = true; }; @@ -10,10 +9,7 @@ in { } // lib.mapAttrs' (name: dev: lib.nameValuePair "/mnt/${name}" (globalOpts // { device = dev.path; - options = if dev.required == false then [ - "nofail" - "x-systemd.automount" - ] else [ "defaults" ]; + fsType = dev.type; }) ) homelab.disks; } \ No newline at end of file From 16bba9d9f3de789edc1e80c8e1d6048c28ab85d5 Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 7 Apr 2026 17:14:16 +0700 Subject: [PATCH 100/261] fix bat pct and cpu overheating; add vim line numbers and cli themes to default --- modules/hardware/misc/battery-power.nix | 2 +- modules/hardware/misc/cpu-freq.nix | 2 +- modules/home/core/cli.nix | 1 + modules/home/default.nix | 1 + modules/home/desktop.nix | 1 - 5 files changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/hardware/misc/battery-power.nix b/modules/hardware/misc/battery-power.nix index a8dbc96..12043dd 100644 --- a/modules/hardware/misc/battery-power.nix +++ b/modules/hardware/misc/battery-power.nix @@ -17,7 +17,7 @@ BAT_PCT=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '[0-9]+(?=%)'` BAT_STA=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '\w+(?=,)'` echo "`date` battery status:$BAT_STA percentage:$BAT_PCT" - test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u normal "Low Battery" "\$\{BAT_PCT}% remaining." + test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u normal "Low Battery" "Battery remaining: $BAT_PCT%." test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u critical "Low Battery" "Shutdown at 10%." ''} > /tmp/cron.batt.log 2>&1" ]; diff --git a/modules/hardware/misc/cpu-freq.nix b/modules/hardware/misc/cpu-freq.nix index 2b6476a..ad87022 100644 --- a/modules/hardware/misc/cpu-freq.nix +++ b/modules/hardware/misc/cpu-freq.nix @@ -51,7 +51,7 @@ enable = true; # wait for fix: https://github.com/AdnanHodzic/auto-cpufreq/issues/906 settings = { charger = { - governor = "performance"; + governor = "powersave"; # "performance"; energy_performance_preference = "performance"; turbo = "always"; platform_profile = "performance"; diff --git a/modules/home/core/cli.nix b/modules/home/core/cli.nix index 4d5cd63..b3a6372 100644 --- a/modules/home/core/cli.nix +++ b/modules/home/core/cli.nix @@ -51,6 +51,7 @@ vim.api.nvim_create_autocmd("VimEnter", { callback = function() -- vim.cmd("NvimTreeOpen") + vim.cmd("set nu") vim.cmd.wincmd 'p' end, }) diff --git a/modules/home/default.nix b/modules/home/default.nix index 8fa2337..590e901 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,5 +1,6 @@ { username, ... }: { imports = [ + ./rice/theme.nix ./core/shell.nix ./core/cli.nix ]; diff --git a/modules/home/desktop.nix b/modules/home/desktop.nix index 3fbd229..cafb780 100644 --- a/modules/home/desktop.nix +++ b/modules/home/desktop.nix @@ -6,7 +6,6 @@ ./rice/logout.nix ./rice/notifs.nix ./rice/cursor.nix - ./rice/theme.nix ./rice/menu.nix ./rice/idle.nix ./rice/bar.nix From 1328b445aa9ba5f3e8f95f3d46b811f98f4667a0 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 8 Apr 2026 17:58:59 +0700 Subject: [PATCH 101/261] update --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index d8728c4..fb30067 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1774616169, - "narHash": "sha256-fP4bU3SOH5sefSl6EagqULFs+bXoo3h3VLQCCyJplo4=", + "lastModified": 1775213373, + "narHash": "sha256-wJHsijC2l/E+ovmlpPGha8pXA6RHSwHWmBV97gvkmyI=", "owner": "catppuccin", "repo": "nix", - "rev": "e616c61cd9f7b05b32af266bc005fa266860dacf", + "rev": "ba73719e673e7c2d89ac2f8df0bc0d48983e4907", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1774738535, - "narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=", + "lastModified": 1775622785, + "narHash": "sha256-/yFxO+7oS1SymDfJ2iVO7K5vJKcYfe9XGIJ+quLqz0Q=", "owner": "nix-community", "repo": "home-manager", - "rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a", + "rev": "527e47b78fe67213072f706bf933a9705a8c4974", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773821835, - "narHash": "sha256-TJ3lSQtW0E2JrznGVm8hOQGVpXjJyXY2guAxku2O9A4=", + "lastModified": 1775036866, + "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b40629efe5d6ec48dd1efba650c797ddbd39ace0", + "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", "type": "github" }, "original": { @@ -109,11 +109,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1775423009, + "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", "type": "github" }, "original": { From d15920c908da430ccfb576a4e42f14c14c366d0d Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 8 Apr 2026 20:16:41 +0700 Subject: [PATCH 102/261] screen hide lock --- modules/home/rice/keybinds.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/rice/keybinds.nix b/modules/home/rice/keybinds.nix index 4fdf413..ad2cfc5 100644 --- a/modules/home/rice/keybinds.nix +++ b/modules/home/rice/keybinds.nix @@ -126,6 +126,7 @@ "SUPER, F, togglefloating," "SUPER, G, layoutmsg, togglesplit" "SUPER, L, exec, loginctl lock-session" + "SUPER SHIFT, L, exec, hyprctl dispatch dpms off && loginctl lock-session && sleep 1 && hyprctl dispatch dpms on" "SUPER, down, togglespecialworkspace, hidden" "SUPER SHIFT, down, movetoworkspace, special:hidden" From a880332346f8b964be9180ae6f0f8cc4643135d1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 8 Apr 2026 20:17:35 +0700 Subject: [PATCH 103/261] fix eval warnings --- modules/home/core/cli.nix | 3 +++ modules/home/core/shell.nix | 2 +- modules/home/desktop.nix | 2 +- modules/home/rice/compositor.nix | 4 ++-- modules/home/rice/keybinds.nix | 4 ++-- modules/home/rice/theme.nix | 1 + 6 files changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/home/core/cli.nix b/modules/home/core/cli.nix index b3a6372..3cd45ea 100644 --- a/modules/home/core/cli.nix +++ b/modules/home/core/cli.nix @@ -44,6 +44,8 @@ enable = true; defaultEditor = true; vimAlias = true; + withRuby = false; + withPython3 = false; initLua = '' vim.opt.clipboard = "unnamedplus" vim.opt.termguicolors = true @@ -81,6 +83,7 @@ }; git = { enable = true; + signing.format = null; settings = { pull.rebase = "true"; credential.helper = "cache --timeout=3600"; diff --git a/modules/home/core/shell.nix b/modules/home/core/shell.nix index 8ce99d3..2a23a42 100644 --- a/modules/home/core/shell.nix +++ b/modules/home/core/shell.nix @@ -32,7 +32,7 @@ ''; shellAliases = { "cd-gvfs" = "cd /run/user/$(id -u)/gvfs"; - "wlp-set" = "swww img --transition-type=grow --transition-duration=1"; + "wlp-set" = "awww img --transition-type=grow --transition-duration=1"; "ssh" = "TERM=xterm-256color ssh"; "cd" = "z"; diff --git a/modules/home/desktop.nix b/modules/home/desktop.nix index cafb780..aa51784 100644 --- a/modules/home/desktop.nix +++ b/modules/home/desktop.nix @@ -16,7 +16,7 @@ ]; services = { - swww.enable = true; + awww.enable = true; hyprpolkitagent.enable = true; }; diff --git a/modules/home/rice/compositor.nix b/modules/home/rice/compositor.nix index b701605..1c84e92 100644 --- a/modules/home/rice/compositor.nix +++ b/modules/home/rice/compositor.nix @@ -30,7 +30,7 @@ #"dunst &" #"hypridle &" - #"swww-daemon &" + #"awww-daemon &" "uwsm app -s s -- waybar &" "uwsm app -s b -- sunshine &" @@ -140,7 +140,7 @@ layerrule = [ "no_anim on, match:namespace selection" # hyprshot overlay "no_anim on, match:namespace hyprpicker" - "animation fade, match:namespace swww-daemon" + "animation fade, match:namespace awww-daemon" "animation fade, match:namespace logout_dialog" "animation fade, match:namespace hyprshutdown" "above_lock 2, match:namespace notifications" diff --git a/modules/home/rice/keybinds.nix b/modules/home/rice/keybinds.nix index ad2cfc5..c0d4634 100644 --- a/modules/home/rice/keybinds.nix +++ b/modules/home/rice/keybinds.nix @@ -95,10 +95,10 @@ "SUPER, N, exec, uwsm app -- rofi-network-manager" "SUPER, J, exec, notify-send -u critical ${hostname} 'Caffein Mode' && notify-send '(SUPER+X to reset)' && systemctl --user stop hypridle" - "SUPER, K, exec, notify-send -u critical ${hostname} 'Focus Mode' && notify-send '(SUPER+X to reset)' && systemctl --user stop swww && pkill -SIGUSR1 waybar && hyprctl --batch 'keyword decoration:inactive_opacity 1.0; keyword decoration:blur:enabled 0; keyword general:gaps_in 0; keyword general:gaps_out 0; keyword general:border_size 1; keyword decoration:rounding 0; keyword decoration:shadow:enabled false'" + "SUPER, K, exec, notify-send -u critical ${hostname} 'Focus Mode' && notify-send '(SUPER+X to reset)' && systemctl --user stop awww && pkill -SIGUSR1 waybar && hyprctl --batch 'keyword decoration:inactive_opacity 1.0; keyword decoration:blur:enabled 0; keyword general:gaps_in 0; keyword general:gaps_out 0; keyword general:border_size 1; keyword decoration:rounding 0; keyword decoration:shadow:enabled false'" "SUPER, B, submap, disabled-all-keybinds" "SUPER, H, exec, notify-send ${hostname} 'Animations Off' && hyprctl keyword animations:enabled 0" - "SUPER, X, exec, dunstctl close-all && hyprctl reload && hyprctl dispatch submap reset && pkill -SIGUSR2 waybar && systemctl --user restart swww hypridle fusuma" + "SUPER, X, exec, dunstctl close-all && hyprctl reload && hyprctl dispatch submap reset && pkill -SIGUSR2 waybar && systemctl --user restart awww hypridle fusuma" "SUPER, Z, exec, dunstctl close-all" "SUPER SHIFT, S, exec, hyprshot -zm region -o ~/Pictures/Screenshots; killall -9 hyprpicker hyprshot" diff --git a/modules/home/rice/theme.nix b/modules/home/rice/theme.nix index 0b994c5..71120dc 100644 --- a/modules/home/rice/theme.nix +++ b/modules/home/rice/theme.nix @@ -18,6 +18,7 @@ gtk = { enable = true; gtk3.extraConfig.gtk-application-prefer-dark-theme = 1; + gtk4.theme = null; iconTheme = { name = "Papirus-Dark"; package = lib.mkForce pkgs.papirus-icon-theme; From 3e3bcd95844bc785961e5b206a5c091d8282ca88 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 9 Apr 2026 12:15:33 +0700 Subject: [PATCH 104/261] add dns record --- lib/options.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/options.nix b/lib/options.nix index a421e5c..dd3f22a 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -79,6 +79,7 @@ in { [ "server.dns.${domain}" "10.3.14.69" ] [ "router.dns.${domain}" "10.3.14.1" ] [ "home.dns.${domain}" "10.3.14.235" ] + [ "games.dns.${domain}" "10.3.14.37" ] [ "workspace.dns.${domain}" "10.3.14.57" ] [ "old-main.dns.${domain}" "10.3.14.42" ] # old main machine for connecting while migrating From 74754554e85a9af337eab8f0205fb6e7885603e3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 13 Apr 2026 08:03:22 +0700 Subject: [PATCH 105/261] move tunnels to options.nix --- lib/options.nix | 7 +++++++ modules/system/homelab/tunnels.nix | 14 +++----------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index dd3f22a..65e2f7e 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -46,6 +46,13 @@ in { [ "SearXNG" "searxng" "https://search.proxy.${domain}" "http://localhost:8091/" ] [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] ]; + routes = { + "git.${domain}" = "http://localhost:5080"; + "auth.${domain}" = "http://localhost:1411"; + "dash.${domain}" = "http://localhost:5070"; + "media.${domain}" = "http://localhost:8096"; + "gallery.${domain}" = "http://localhost:2284"; + }; proxy = { base = "proxy.${domain}"; hosts = { diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index 8cf0fb6..c1a9c8d 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -1,19 +1,11 @@ -{ pkgs, lib, homelab, ... }: let - routes = { - "git.${homelab.domain}" = "http://localhost:5080"; - "auth.${homelab.domain}" = "http://localhost:1411"; - "dash.${homelab.domain}" = "http://localhost:5070"; - "media.${homelab.domain}" = "http://localhost:8096"; - "gallery.${homelab.domain}" = "http://localhost:2284"; - }; -in { +{ pkgs, lib, homelab, ... }: { services.cloudflared = { enable = true; tunnels.homelab = { credentialsFile = "/mnt/data/cloudflared/homelab.json"; certificateFile = "/mnt/data/cloudflared/cert.pem"; default = "http_status:404"; - ingress = routes; + ingress = homelab.routes; }; }; @@ -32,6 +24,6 @@ in { script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true - '') (builtins.attrNames routes); + '') (builtins.attrNames homelab.routes); }; } From 4b2c7464f066b9ea16e4ff8b4e60a995c194a659 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 13 Apr 2026 08:16:16 +0700 Subject: [PATCH 106/261] cryptpad and copyparty --- lib/options.nix | 5 +++++ modules/system/homelab/cdn.nix | 5 +++++ modules/system/homelab/docs.nix | 15 +++++++++++++++ 3 files changed, 25 insertions(+) create mode 100644 modules/system/homelab/cdn.nix create mode 100644 modules/system/homelab/docs.nix diff --git a/lib/options.nix b/lib/options.nix index 65e2f7e..18a0ca1 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -35,6 +35,8 @@ in { dash = [ [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] [ "Forgejo" "forgejo" "https://git.${domain}" "http://localhost:5080/" ] + [ "Copyparty" "files" "https://cdn.${domain}" "http://localhost:3923/" ] + [ "CryptPad" "cryptpad" "https://docs.${domain}" "http://localhost:7090/" ] [ "CodeServer" "coder" "https://code.proxy.${domain}" "http://localhost:8443/" ] [ "AdGuardHome" "adguard" "https://dns.proxy.${domain}" "http://localhost:8088/" ] [ "Traefik" "traefikproxy" "https://dynamic.proxy.${domain}/dashboard/" "" ] @@ -48,6 +50,8 @@ in { ]; routes = { "git.${domain}" = "http://localhost:5080"; + "cdn.${domain}" = "http://localhost:3923"; + "docs.${domain}" = "http://localhost:7090"; "auth.${domain}" = "http://localhost:1411"; "dash.${domain}" = "http://localhost:5070"; "media.${domain}" = "http://localhost:8096"; @@ -72,6 +76,7 @@ in { "pass" = d "http://localhost:8060"; "auth" = d "http://localhost:1411"; "git" = d "http://localhost:5080"; + "cdn" = d "http://localhost:3923"; "ai" = d "http://localhost:8080"; "@" = d "http://localhost:5070"; }; diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix new file mode 100644 index 0000000..a481800 --- /dev/null +++ b/modules/system/homelab/cdn.nix @@ -0,0 +1,5 @@ +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ copyparty-most ]; + + # TODO: systemd service +} diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix new file mode 100644 index 0000000..849e23d --- /dev/null +++ b/modules/system/homelab/docs.nix @@ -0,0 +1,15 @@ +{ homelab, ... }: let + domain = "docs.${homelab.domain}"; +in { + services.cryptpad = { + enable = true; + settings = { + httpPort = 7090; + websocketPort = 7080; + httpUnsafeOrigin = "https://${domain}"; + httpSafeOrigin = "https://${domain}"; + blockDailyCheck = true; + disableIntegratedEviction = true; + }; + }; +} \ No newline at end of file From d66e964bd97e735dd626a967897d0c17d108bf8c Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 10:25:28 +0700 Subject: [PATCH 107/261] add disk --- lib/options.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index 18a0ca1..b08e852 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -27,10 +27,14 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" ]; disks = { - share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # disk for file share and storage gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) + # ^^ virtual disks + + apps = ext4 "/dev/disk/by-uuid/aa453135-4b7a-4b12-8efc-f3dda093d2b7"; # app data + # achive = ext4 "/dev/disk/by-uuid/"; # long term archival + share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # file share }; dash = [ [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] From 52a06a539fa9841531de33855bbc4dcdbc0822ff Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 13:09:17 +0700 Subject: [PATCH 108/261] seperate ctp theming from that file --- modules/home/default.nix | 10 +++++++++- modules/home/rice/theme.nix | 7 ------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/home/default.nix b/modules/home/default.nix index 590e901..a998633 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,9 +1,17 @@ -{ username, ... }: { +{ username, ctp-opt, ... }: { imports = [ ./rice/theme.nix ./core/shell.nix ./core/cli.nix ]; + + catppuccin = { + enable = true; + hyprlock.useDefaultConfig = false; + + flavor = ctp-opt.flavor; + accent = ctp-opt.accent; + }; home = { stateVersion = "24.11"; diff --git a/modules/home/rice/theme.nix b/modules/home/rice/theme.nix index 71120dc..83e5a2e 100644 --- a/modules/home/rice/theme.nix +++ b/modules/home/rice/theme.nix @@ -1,11 +1,4 @@ { lib, pkgs, ctp-opt, rice, ... }: { - catppuccin = { - enable = true; - hyprlock.useDefaultConfig = false; - - flavor = ctp-opt.flavor; - accent = ctp-opt.accent; - }; dconf = { enable = true; From 021c7f72000f7c08067bd70090e6be90a3aa0ebe Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 13:13:54 +0700 Subject: [PATCH 109/261] remove theme import --- modules/hardware/homelab.nix | 19 +++++-------------- modules/home/core/apps.nix | 1 + modules/home/default.nix | 1 - 3 files changed, 6 insertions(+), 15 deletions(-) diff --git a/modules/hardware/homelab.nix b/modules/hardware/homelab.nix index ac3cb0c..906b24b 100644 --- a/modules/hardware/homelab.nix +++ b/modules/hardware/homelab.nix @@ -1,22 +1,13 @@ { ... }: { imports = [ + # ./misc/cpu-hotplug.nix + # ./misc/serial.nix + # ./misc/qemu-virtio.nix + # ^^ only used if vm + ./core/firmware.nix ./core/igpu.nix - ./misc/cpu-hotplug.nix - ./misc/serial.nix ./misc/disks.nix ]; - boot.initrd.availableKernelModules = [ - "virtio_net" - "virtio_pci" - "virtio_mmio" - "virtio_blk" - "virtio_scsi" - "virtio_console" - ]; - services = { - qemuGuest.enable = true; - spice-vdagentd.enable = true; - }; } diff --git a/modules/home/core/apps.nix b/modules/home/core/apps.nix index 99fb001..c20f566 100644 --- a/modules/home/core/apps.nix +++ b/modules/home/core/apps.nix @@ -36,6 +36,7 @@ vlc brave + flameshot libreoffice appimage-run # keepassxc diff --git a/modules/home/default.nix b/modules/home/default.nix index a998633..00bbbb6 100644 --- a/modules/home/default.nix +++ b/modules/home/default.nix @@ -1,6 +1,5 @@ { username, ctp-opt, ... }: { imports = [ - ./rice/theme.nix ./core/shell.nix ./core/cli.nix ]; From 4050b28ee3d79287a7331da510a350a837eb02b0 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 13:14:23 +0700 Subject: [PATCH 110/261] seperate qemu settings --- modules/hardware/homelab.nix | 6 +++--- modules/hardware/misc/qemu-virtio.nix | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 modules/hardware/misc/qemu-virtio.nix diff --git a/modules/hardware/homelab.nix b/modules/hardware/homelab.nix index 906b24b..ba76f66 100644 --- a/modules/hardware/homelab.nix +++ b/modules/hardware/homelab.nix @@ -1,8 +1,8 @@ { ... }: { imports = [ - # ./misc/cpu-hotplug.nix - # ./misc/serial.nix - # ./misc/qemu-virtio.nix + ./misc/cpu-hotplug.nix + ./misc/serial.nix + ./misc/qemu-virtio.nix # ^^ only used if vm ./core/firmware.nix diff --git a/modules/hardware/misc/qemu-virtio.nix b/modules/hardware/misc/qemu-virtio.nix new file mode 100644 index 0000000..fef199b --- /dev/null +++ b/modules/hardware/misc/qemu-virtio.nix @@ -0,0 +1,14 @@ +{ ... }: { + boot.initrd.availableKernelModules = [ + "virtio_net" + "virtio_pci" + "virtio_mmio" + "virtio_blk" + "virtio_scsi" + "virtio_console" + ]; + services = { + qemuGuest.enable = true; + spice-vdagentd.enable = true; + }; +} \ No newline at end of file From e187cecb794bd0789503058f42cf293ff2b56d17 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 20:05:36 +0700 Subject: [PATCH 111/261] change disks paths --- lib/options.nix | 10 +++++----- modules/system/homelab/ai.nix | 4 ++-- modules/system/homelab/auth.nix | 4 ++-- modules/system/homelab/code.nix | 4 ++-- modules/system/homelab/containers.nix | 5 +++-- modules/system/homelab/gallery.nix | 2 +- modules/system/homelab/git.nix | 2 +- modules/system/homelab/pass.nix | 4 ++-- modules/system/homelab/proxy.nix | 2 +- modules/system/homelab/search.nix | 2 +- modules/system/homelab/tunnels.nix | 6 +++--- modules/system/server.nix | 2 +- 12 files changed, 24 insertions(+), 23 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index b08e852..6205a07 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -27,14 +27,14 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" ]; disks = { - gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery - data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data - host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) + # gallery = ext4 "/dev/disk/by-uuid/834f51c1-90ee-4601-ba76-ef0419198d67"; # disk for photo gallery + # data = ext4 "/dev/disk/by-uuid/a5752dd6-092d-484c-969c-2fdc7cb4a5f0"; # disk for app data + # host = ext4 "/dev/disk/by-uuid/968f14a4-631e-4325-8cd1-f9aec0da9e4d"; # disk for media collection (named host for backwards compatibility) # ^^ virtual disks - apps = ext4 "/dev/disk/by-uuid/aa453135-4b7a-4b12-8efc-f3dda093d2b7"; # app data # achive = ext4 "/dev/disk/by-uuid/"; # long term archival - share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # file share + data = ext4 "/dev/disk/by-uuid/aa453135-4b7a-4b12-8efc-f3dda093d2b7"; # app data + share = btrfs "/dev/disk/by-uuid/f1ee1d17-e852-4e02-ae86-eaf6116a2aeb"; # file server }; dash = [ [ "PocketID" "authentik" "https://auth.${domain}" "http://localhost:1411/" ] diff --git a/modules/system/homelab/ai.nix b/modules/system/homelab/ai.nix index a731d14..34dde0b 100644 --- a/modules/system/homelab/ai.nix +++ b/modules/system/homelab/ai.nix @@ -5,7 +5,7 @@ host = "127.0.0.1"; port = 11434; user = "ollama"; - home = "/mnt/data/ollama"; + home = "/mnt/data/apps/ollama"; loadModels = [ "gemma3n:e4b" # "gemma3n:e2b" "qwen3-coder-next:cloud" # "codellama:7b" "starcoder:3b" @@ -14,7 +14,7 @@ open-webui = { enable = true; port = 8080; - environmentFile = "/mnt/data/ollama/.env"; + environmentFile = "/mnt/data/apps/ollama/.env"; environment = { OLLAMA_BASE_URL = "http://localhost:11434"; # WEBUI_AUTH = "False"; diff --git a/modules/system/homelab/auth.nix b/modules/system/homelab/auth.nix index 57823b9..a93350b 100644 --- a/modules/system/homelab/auth.nix +++ b/modules/system/homelab/auth.nix @@ -1,8 +1,8 @@ { homelab, ... }: { services.pocket-id = { enable = true; - credentials.ENCRYPTION_KEY = "/mnt/data/pocketid/encryption-key"; - dataDir = "/mnt/data/pocketid/data"; + credentials.ENCRYPTION_KEY = "/mnt/data/apps/pocketid/encryption-key"; + dataDir = "/mnt/data/apps/pocketid/data"; settings = { PORT = "1411"; HOST = "127.0.0.1"; diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 3c560e7..779e069 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -6,8 +6,8 @@ user = username; auth = "none"; disableTelemetry = true; - extensionsDir = "/mnt/data/code-server/extensions"; - userDataDir = "/mnt/data/code-server/user-data"; + extensionsDir = "/mnt/data/apps/code-server/extensions"; + userDataDir = "/mnt/data/apps/code-server/user-data"; extraPackages = with pkgs; []; }; } diff --git a/modules/system/homelab/containers.nix b/modules/system/homelab/containers.nix index abff513..2ca748c 100644 --- a/modules/system/homelab/containers.nix +++ b/modules/system/homelab/containers.nix @@ -1,5 +1,6 @@ { homelab, lib, ... }: let - stacks-dir = "/mnt/data/dockge/stacks"; + dockge-dir = "/mnt/data/apps/dockge"; + stacks-dir = "${dockge-dir}/stacks"; in { virtualisation.oci-containers.containers."dockge" = { image = "louislam/dockge:nightly"; @@ -8,7 +9,7 @@ in { }; volumes = [ "${stacks-dir}:${stacks-dir}:rw" - "/mnt/data/dockge/data:/app/data:rw" + "${dockge-dir}/data:/app/data:rw" "/var/run/docker.sock:/var/run/docker.sock:rw" ]; ports = [ diff --git a/modules/system/homelab/gallery.nix b/modules/system/homelab/gallery.nix index ef890f6..c38787e 100644 --- a/modules/system/homelab/gallery.nix +++ b/modules/system/homelab/gallery.nix @@ -6,7 +6,7 @@ enable = true; port = 2283; host = "127.0.0.1"; - mediaLocation = "/mnt/gallery"; + mediaLocation = "/mnt/data/gallery"; accelerationDevices = null; environment.DB_URL = lib.mkForce "postgresql:///immich?host=/var/run/postgresql&user=immich"; # https://github.com/immich-app/immich/issues/26140 machine-learning.enable = true; diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 8e6b25d..4ea36f7 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -3,7 +3,7 @@ forgejo = { enable = true; lfs.enable = true; - stateDir = "/mnt/data/forgejo"; + stateDir = "/mnt/data/apps/forgejo"; package = pkgs.forgejo; settings = { server = { diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 192208d..7c4e85d 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -2,8 +2,8 @@ services.vaultwarden = { enable = true; domain = "pass.proxy.${homelab.domain}"; - backupDir = "/mnt/data/vaultwarden/backups"; - environmentFile = "/mnt/data/vaultwarden/.env"; + backupDir = "/mnt/data/apps/vaultwarden/backups"; + environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 4977a68..2900e1f 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -21,7 +21,7 @@ in { domain = "*.${homelab.proxy.base}"; extraDomainNames = [ homelab.proxy.base ]; dnsProvider = "cloudflare"; - environmentFile = "/mnt/data/acme/.env"; + environmentFile = "/mnt/data/apps/acme/.env"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX }; }; diff --git a/modules/system/homelab/search.nix b/modules/system/homelab/search.nix index 30d3118..ba46b70 100644 --- a/modules/system/homelab/search.nix +++ b/modules/system/homelab/search.nix @@ -2,7 +2,7 @@ services.searx = { enable = true; redisCreateLocally = true; - environmentFile = "/mnt/data/searxng/.env"; + environmentFile = "/mnt/data/apps/searxng/.env"; settings = { server = { bind_address = "127.0.0.1"; diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index c1a9c8d..adc75a7 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -2,8 +2,8 @@ services.cloudflared = { enable = true; tunnels.homelab = { - credentialsFile = "/mnt/data/cloudflared/homelab.json"; - certificateFile = "/mnt/data/cloudflared/cert.pem"; + credentialsFile = "/mnt/data/apps/cloudflared/homelab.json"; + certificateFile = "/mnt/data/apps/cloudflared/cert.pem"; default = "http_status:404"; ingress = homelab.routes; }; @@ -23,7 +23,7 @@ script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." - ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true + ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true '') (builtins.attrNames homelab.routes); }; } diff --git a/modules/system/server.nix b/modules/system/server.nix index da48085..b87b355 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -33,7 +33,7 @@ in { services.tailscale = { enable = true; - authKeyFile = "/mnt/data/tailscale/authkey"; + authKeyFile = "/mnt/data/apps/tailscale/authkey"; useRoutingFeatures = "server"; extraUpFlags = ts-flags; extraSetFlags = ts-flags; From ffb5b1c54628e83f5b943e60508dca33e7171669 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 20:42:02 +0700 Subject: [PATCH 112/261] move from dotfile --- modules/system/homelab/proxy.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 2900e1f..8ca2d5f 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -21,7 +21,7 @@ in { domain = "*.${homelab.proxy.base}"; extraDomainNames = [ homelab.proxy.base ]; dnsProvider = "cloudflare"; - environmentFile = "/mnt/data/apps/acme/.env"; + environmentFile = "/mnt/data/apps/acme/cf-api.env"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX }; }; From ec196f085e69ee9f497d31b9883d756c9cdaa03c Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 20:45:52 +0700 Subject: [PATCH 113/261] dns overwrite --- modules/system/homelab/tunnels.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index adc75a7..c28f51d 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -23,7 +23,7 @@ script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." - ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns ${homelab.cf-tunnel-id} ${domain} || true + ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns ${homelab.cf-tunnel-id} ${domain} || true '') (builtins.attrNames homelab.routes); }; } From a9326bf3943a300c846c14e5c9c5d4d6dca03930 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 21:33:48 +0700 Subject: [PATCH 114/261] fix cf tunnel dns issue --- lib/options.nix | 1 - modules/system/homelab/tunnels.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 6205a07..d628f9b 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -21,7 +21,6 @@ in { homelab = rec { domain = "satr14.my.id"; # root domain for dns, ssl certs, reverse proxy, etc. - cf-tunnel-id = "26318288-cdd7-4e58-904b-c45f10d3e40a"; ssh-keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIESvQFXoUBafatqnxTd6qk3WEOcfwb3AIWVTstR3lHzX forgejo" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtdH1YqRH9xhuHMivezLvj/hpH77yfH3HUCaRboB/hb forgejo-deploy-runner" diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index c28f51d..1b83bd5 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -23,7 +23,7 @@ script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." - ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns ${homelab.cf-tunnel-id} ${domain} || true + ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns $(cat /mnt/data/apps/cloudflared/homelab.json | jq -r .TunnelID) ${domain} || true '') (builtins.attrNames homelab.routes); }; } From 8e320469ff987170e96c17c265f9a0781a58a906 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 15 Apr 2026 21:36:01 +0700 Subject: [PATCH 115/261] fix path err --- modules/system/homelab/tunnels.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/tunnels.nix b/modules/system/homelab/tunnels.nix index 1b83bd5..1ad43f7 100644 --- a/modules/system/homelab/tunnels.nix +++ b/modules/system/homelab/tunnels.nix @@ -23,7 +23,7 @@ script = lib.concatMapStringsSep "\n" (domain: '' echo "Ensuring DNS route for ${domain}..." - ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns $(cat /mnt/data/apps/cloudflared/homelab.json | jq -r .TunnelID) ${domain} || true + ${pkgs.cloudflared}/bin/cloudflared tunnel --origincert /mnt/data/apps/cloudflared/cert.pem route dns --overwrite-dns $(cat /mnt/data/apps/cloudflared/homelab.json | ${pkgs.jq}/bin/jq -r .TunnelID) ${domain} || true '') (builtins.attrNames homelab.routes); }; } From ba1064ed43839639d0306b97ce133627586c7178 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 13:05:18 +0700 Subject: [PATCH 116/261] cleanup and add https --- lib/options.nix | 2 +- modules/system/homelab/gallery.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index d628f9b..24869c5 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -53,7 +53,7 @@ in { ]; routes = { "git.${domain}" = "http://localhost:5080"; - "cdn.${domain}" = "http://localhost:3923"; + "cdn.${domain}" = "https://localhost:3923"; "docs.${domain}" = "http://localhost:7090"; "auth.${domain}" = "http://localhost:1411"; "dash.${domain}" = "http://localhost:5070"; diff --git a/modules/system/homelab/gallery.nix b/modules/system/homelab/gallery.nix index c38787e..1b52208 100644 --- a/modules/system/homelab/gallery.nix +++ b/modules/system/homelab/gallery.nix @@ -1,4 +1,4 @@ -{ lib, homelab, ... }: { +{ lib, ... }: { users.users.immich.extraGroups = [ "video" "render" ]; services = { From 2f37165d19e5f17ff355917a899ba9f55237dee4 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 13:53:28 +0700 Subject: [PATCH 117/261] self signed certs --- lib/options.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index 24869c5..45f0188 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -4,6 +4,8 @@ let ext4 = path: { inherit path; type = "ext4"; }; btrfs = path: { inherit path; type = "btrfs"; }; + + selfSigned = service: { inherit service; originRequest.noTLSVerify = true; }; in { flake-path = "~/Projects/nix-flake"; # set this to the cloned repo path @@ -52,8 +54,8 @@ in { [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] ]; routes = { + "cdn.${domain}" = selfSigned "https://localhost:3923"; "git.${domain}" = "http://localhost:5080"; - "cdn.${domain}" = "https://localhost:3923"; "docs.${domain}" = "http://localhost:7090"; "auth.${domain}" = "http://localhost:1411"; "dash.${domain}" = "http://localhost:5070"; From e4d1fdc40d222301022f587dbc5b2f928080fe8b Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 19:48:06 +0700 Subject: [PATCH 118/261] copyparty service --- modules/system/homelab/cdn.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix index a481800..8710072 100644 --- a/modules/system/homelab/cdn.nix +++ b/modules/system/homelab/cdn.nix @@ -1,5 +1,14 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ copyparty-most ]; - # TODO: systemd service + systemd.services.copyparty = { + description = "File Sharing Service"; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + ExecStart = "${pkgs.copyparty-most}/bin/copyparty -c /mnt/share/cfg/files.conf"; + Restart = "on-failure"; + User = "nobody"; + }; + }; } From a6c8935bf2677e20d0c9b3c2395ee1263cb3ad6a Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 19:48:28 +0700 Subject: [PATCH 119/261] move data to data drive --- modules/system/homelab/db.nix | 7 +++++++ modules/system/homelab/pass.nix | 1 + modules/system/server.nix | 1 + 3 files changed, 9 insertions(+) create mode 100644 modules/system/homelab/db.nix diff --git a/modules/system/homelab/db.nix b/modules/system/homelab/db.nix new file mode 100644 index 0000000..11cfedc --- /dev/null +++ b/modules/system/homelab/db.nix @@ -0,0 +1,7 @@ +{ pkgs, ... }: { + services.postgresql = { + enable = true; + dataDir = "/mnt/data/apps/postgresql"; + package = pkgs.postgresql_16; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 7c4e85d..028f99d 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -5,6 +5,7 @@ backupDir = "/mnt/data/apps/vaultwarden/backups"; environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { + DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; diff --git a/modules/system/server.nix b/modules/system/server.nix index b87b355..460c46a 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -22,6 +22,7 @@ in { ./homelab/dns.nix ./homelab/git.nix ./homelab/ai.nix + ./homelab/db.nix ./core/swapfile.nix ./core/oom.nix From 65aa2759d0191b737edfae60cfdbb8d2730e5f82 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 19:57:02 +0700 Subject: [PATCH 120/261] cleanup --- modules/system/homelab/code.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 779e069..3d79fc7 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -1,4 +1,4 @@ -{ pkgs, username, ... }: { +{ username, ... }: { services.code-server = { enable = true; host = "127.0.0.1"; @@ -8,6 +8,5 @@ disableTelemetry = true; extensionsDir = "/mnt/data/apps/code-server/extensions"; userDataDir = "/mnt/data/apps/code-server/user-data"; - extraPackages = with pkgs; []; }; } From a6020b2dbed53325cbdbfc6b0b8380674083805b Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 19:57:10 +0700 Subject: [PATCH 121/261] enable service --- modules/system/homelab/cdn.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix index 8710072..22a3b52 100644 --- a/modules/system/homelab/cdn.nix +++ b/modules/system/homelab/cdn.nix @@ -3,6 +3,7 @@ systemd.services.copyparty = { description = "File Sharing Service"; + enable = true; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig = { From a1cd1172199e757b26f7806428542b8aa98f64c1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 19:59:46 +0700 Subject: [PATCH 122/261] fix user --- modules/system/homelab/cdn.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/cdn.nix b/modules/system/homelab/cdn.nix index 22a3b52..a2bd042 100644 --- a/modules/system/homelab/cdn.nix +++ b/modules/system/homelab/cdn.nix @@ -9,7 +9,6 @@ serviceConfig = { ExecStart = "${pkgs.copyparty-most}/bin/copyparty -c /mnt/share/cfg/files.conf"; Restart = "on-failure"; - User = "nobody"; }; }; } From 99c5fade9bbafafb3b0b0b8184b306f06931f1d3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 21:37:26 +0700 Subject: [PATCH 123/261] revert because of error --- modules/system/homelab/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 028f99d..e854d9a 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -5,7 +5,7 @@ backupDir = "/mnt/data/apps/vaultwarden/backups"; environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { - DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; + # DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; # [vaultwarden][ERROR] Error creating private key '/mnt/data/apps/vaultwarden/data/rsa_key.pem' ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; From db140f48990dd19e2197500d43f3a847f2bcf475 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 21:44:54 +0700 Subject: [PATCH 124/261] dashboard changes --- modules/system/homelab/dash.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 7839729..27ba4e9 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -83,7 +83,6 @@ in { }; services.glance = { enable = true; - environmentFile = "/var/lib/glance/.env"; settings = { server = { host = "127.0.0.1"; @@ -260,7 +259,7 @@ in { type = "server-stats"; servers = [{ type = "local"; - mountpoints."/nix/store".hide = true; + # mountpoints."/nix/store".hide = true; }]; } { From c36733605b3fce051a0d843355a8e942d5f9937b Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 21:46:37 +0700 Subject: [PATCH 125/261] change key location --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 4ea36f7..39f4de1 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -43,7 +43,7 @@ enable = true; name = "nixos-server-runner"; url = "https://git.proxy.${homelab.domain}"; - tokenFile = "/root/forgejo-token-runner"; + tokenFile = "/mnt/data/apps/forgejo/token-runner"; labels = [ "self-hosted:host" ]; hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; }; From eb090161b8172568f251dcd40af079dae664892d Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 21:51:10 +0700 Subject: [PATCH 126/261] move config files to drive --- modules/system/homelab/media.nix | 3 ++- modules/system/homelab/proxy.nix | 5 +++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/media.nix b/modules/system/homelab/media.nix index 2393ccf..0c7a17f 100644 --- a/modules/system/homelab/media.nix +++ b/modules/system/homelab/media.nix @@ -5,6 +5,7 @@ services = { jellyfin = { enable = true; + dataDir = "/mnt/data/apps/jellyfin"; hardwareAcceleration = { enable = true; device = "/dev/dri/renderD128"; @@ -43,4 +44,4 @@ # port = 8191; # }; }; -} \ No newline at end of file +} diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 8ca2d5f..ee3930e 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,4 +1,5 @@ { pkgs, homelab, lib, ... }: let + htpasswd = "/mnt/data/apps/nginx/htpasswd"; exta-conf = '' # proxy_set_header X-Auth-User $remote_user; proxy_read_timeout 600s; @@ -60,7 +61,7 @@ in { locations."/" = { proxyPass = cfg.dest; proxyWebsockets = true; - basicAuthFile = if cfg.auth then "/var/lib/nginx/.htpasswd" else null; + basicAuthFile = if cfg.auth then htpasswd else null; extraConfig = exta-conf; }; }) homelab.proxy.hosts; @@ -68,7 +69,7 @@ in { traefik = { enable = true; dynamicConfigOptions = { - http.middlewares.auth.basicAuth.usersFile = "/var/lib/nginx/.htpasswd"; + http.middlewares.auth.basicAuth.usersFile = htpasswd; }; staticConfigOptions = { entryPoints = { From 50e0af48e679a3bf0d8565fc1d01d5f94ad7bb23 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 16 Apr 2026 22:14:56 +0700 Subject: [PATCH 127/261] add cdn import --- modules/system/server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/server.nix b/modules/system/server.nix index 460c46a..d4289d3 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -21,6 +21,7 @@ in { ./homelab/code.nix ./homelab/dns.nix ./homelab/git.nix + ./homelab/cdn.nix ./homelab/ai.nix ./homelab/db.nix From 41b53dca9fddf2201e1a516f1658127ae317013b Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 17 Apr 2026 09:05:31 +0700 Subject: [PATCH 128/261] remove unused links --- modules/system/homelab/dash.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 27ba4e9..ff6656d 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -61,9 +61,6 @@ external = [ [ "Proxmox" "proxmox" "https://server.proxy.${homelab.domain}" "http://server.dns.${homelab.domain}:8006/" ] [ "OpenWRT" "openwrt" "https://router.proxy.${homelab.domain}" "http://router.dns.${homelab.domain}:80/" ] - [ "HomeAssistant" "homeassistant" "https://home.proxy.${homelab.domain}" "http://home.dns.${homelab.domain}:8123/" ] - [ "OpenMediaVault" "openmediavault" "https://nas.local:80" "http://nas.local:80/" ] - [ "ApacheHTTPD" "apache" "https://nas.local:3000" "http://nas.local:3000/" ] ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] From f72ab504f47a853c16079b2674a50af9d32b18f3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 18 Apr 2026 06:32:28 +0700 Subject: [PATCH 129/261] add cf and cloud utils --- modules/system/misc/utilities.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/misc/utilities.nix b/modules/system/misc/utilities.nix index 8f5be3a..c43144a 100644 --- a/modules/system/misc/utilities.nix +++ b/modules/system/misc/utilities.nix @@ -29,6 +29,8 @@ blueman shared-mime-info usbutils + cloudflared + cloud-utils hplipWithPlugin From 7dbb09ebff7681ab9b0b48c69c1de5e320023a3b Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 29 Apr 2026 18:50:48 +0700 Subject: [PATCH 130/261] organization --- modules/system/misc/utilities.nix | 90 ++++++++++++++++++------------- 1 file changed, 54 insertions(+), 36 deletions(-) diff --git a/modules/system/misc/utilities.nix b/modules/system/misc/utilities.nix index c43144a..29c4c6f 100644 --- a/modules/system/misc/utilities.nix +++ b/modules/system/misc/utilities.nix @@ -1,62 +1,80 @@ { pkgs, ... }: { environment.systemPackages = with pkgs; [ + # Disk & Storage baobab - file-roller - gnome-network-displays gnome-disk-utility - - parted - smartmontools - lm_sensors - ntfs3g - virt-viewer - dconf2nix - pciutils gparted + parted + ntfs3g exfatprogs - pavucontrol - jq + smartmontools + ncdu + ventoy-full-qt + + # System Monitoring & Hardware + htop + sysstat powertop + lm_sensors fastfetch + pciutils + usbutils + stress + stress-ng + + # Networking + gnome-network-displays ethtool dig dnslookup - lsof - gucharmap - ncdu - zip - unzip - blueman - shared-mime-info - usbutils + nmap + netcat + traceroute + wakeonlan cloudflared cloud-utils - - hplipWithPlugin - android-tools - scrcpy + # Archives & Compression + file-roller + zip + unzip + p7zip + + # GUI Utilities + pavucontrol + gucharmap + lxappearance + blueman + shared-mime-info + + # Virtualization & Containers + virt-viewer distrobox - ventoy-full-qt + # Android + android-tools + scrcpy + + # Remote Access + freerdp + + # Media ffmpeg + + # Printing + hplipWithPlugin + + # CLI Essentials vim wget curl openssl_3 - htop - nmap - sysstat - netcat - p7zip - stress - stress-ng - wakeonlan coreutils-full - traceroute - lxappearance - freerdp + jq + lsof + # Nix & Development + dconf2nix home-manager nix-index nixd From bd7e1766714f4c25a34a1a121ba1ef0b8887840b Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 29 Apr 2026 19:00:06 +0700 Subject: [PATCH 131/261] cryptpad config --- modules/system/homelab/docs.nix | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 849e23d..a82219c 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -1,15 +1,30 @@ { homelab, ... }: let domain = "docs.${homelab.domain}"; + sandbox = "docs-sandbox.${homelab.domain}"; + data-dir = "/mnt/data/apps/cryptpad"; in { services.cryptpad = { enable = true; settings = { httpPort = 7090; - websocketPort = 7080; + httpAddress = "127.0.0.1"; httpUnsafeOrigin = "https://${domain}"; - httpSafeOrigin = "https://${domain}"; + httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; + archivePath = "${data-dir}/archive"; + pinPath = "${data-dir}/pins"; + taskPath = "${data-dir}/tasks"; + blockPath = "${data-dir}/block"; + blobPath = "${data-dir}/blob"; + blobStagingPath = "${data-dir}/blobstage"; + decreePath = "${data-dir}/decrees"; + logPath = "${data-dir}/logs"; }; }; + + systemd.services.cryptpad.serviceConfig = { + ReadWritePaths = [ data-dir ]; + ProtectMountPoints = false; + }; } \ No newline at end of file From a694fe1f9bccb634e27f86fcb10948875b643b71 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 29 Apr 2026 20:27:15 +0700 Subject: [PATCH 132/261] enable cryptpad --- lib/options.nix | 3 ++- modules/system/server.nix | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index 45f0188..96a2002 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -54,9 +54,10 @@ in { [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] ]; routes = { + "docs-sandbox.${domain}" = "http://localhost:7090"; + "docs.${domain}" = "http://localhost:7090"; "cdn.${domain}" = selfSigned "https://localhost:3923"; "git.${domain}" = "http://localhost:5080"; - "docs.${domain}" = "http://localhost:7090"; "auth.${domain}" = "http://localhost:1411"; "dash.${domain}" = "http://localhost:5070"; "media.${domain}" = "http://localhost:8096"; diff --git a/modules/system/server.nix b/modules/system/server.nix index d4289d3..7df13d2 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -19,6 +19,7 @@ in { ./homelab/pass.nix ./homelab/dash.nix ./homelab/code.nix + ./homelab/docs.nix ./homelab/dns.nix ./homelab/git.nix ./homelab/cdn.nix From 5af8c832ef5f0b858ffbfc315913b3f07d39b761 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 30 Apr 2026 17:38:19 +0700 Subject: [PATCH 133/261] notif tweaks --- modules/hardware/misc/battery-power.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/hardware/misc/battery-power.nix b/modules/hardware/misc/battery-power.nix index 12043dd..3a2ca6b 100644 --- a/modules/hardware/misc/battery-power.nix +++ b/modules/hardware/misc/battery-power.nix @@ -17,8 +17,8 @@ BAT_PCT=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '[0-9]+(?=%)'` BAT_STA=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '\w+(?=,)'` echo "`date` battery status:$BAT_STA percentage:$BAT_PCT" - test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u normal "Low Battery" "Battery remaining: $BAT_PCT%." - test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -c device -u critical "Low Battery" "Shutdown at 10%." + test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send "Low Battery" "Battery remaining: $BAT_PCT%." + test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -u critical "Low Battery" "Shutdown at 10%." ''} > /tmp/cron.batt.log 2>&1" ]; }; From bd07e04d51faf40345aa5fce76487c893f8e9645 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:36:39 +0700 Subject: [PATCH 134/261] change acme dir --- modules/system/homelab/proxy.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index ee3930e..c5cfc80 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -21,8 +21,9 @@ in { certs."${homelab.proxy.base}" = { domain = "*.${homelab.proxy.base}"; extraDomainNames = [ homelab.proxy.base ]; - dnsProvider = "cloudflare"; + directory = "/mnt/data/apps/acme/${homelab.proxy.base}"; environmentFile = "/mnt/data/apps/acme/cf-api.env"; + dnsProvider = "cloudflare"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX }; }; From 9dbaf614846afc51ce9c58023d0dc6ad1104ffb8 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:42:44 +0700 Subject: [PATCH 135/261] change data dir --- modules/system/homelab/pass.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index e854d9a..028f99d 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -5,7 +5,7 @@ backupDir = "/mnt/data/apps/vaultwarden/backups"; environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { - # DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; # [vaultwarden][ERROR] Error creating private key '/mnt/data/apps/vaultwarden/data/rsa_key.pem' + DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; From 19c95a7d7013c7007ff01d233d08b61defb731a7 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:50:17 +0700 Subject: [PATCH 136/261] fix perms error --- modules/system/homelab/docs.nix | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index a82219c..2d9ff74 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -3,6 +3,10 @@ sandbox = "docs-sandbox.${homelab.domain}"; data-dir = "/mnt/data/apps/cryptpad"; in { + systemd.tmpfiles.rules = [ + "d ${data-dir} 0750 cryptpad cryptpad -" + ]; + services.cryptpad = { enable = true; settings = { @@ -22,9 +26,6 @@ in { logPath = "${data-dir}/logs"; }; }; - - systemd.services.cryptpad.serviceConfig = { - ReadWritePaths = [ data-dir ]; - ProtectMountPoints = false; - }; -} \ No newline at end of file + + systemd.services.cryptpad.serviceConfig.ReadWritePaths = [ data-dir ]; +} From 853e5a3d99cc89795a8bdb5fe1d0a8f2cf26d6d3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:50:23 +0700 Subject: [PATCH 137/261] revert dir set --- modules/system/homelab/proxy.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index c5cfc80..7f46967 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -21,7 +21,6 @@ in { certs."${homelab.proxy.base}" = { domain = "*.${homelab.proxy.base}"; extraDomainNames = [ homelab.proxy.base ]; - directory = "/mnt/data/apps/acme/${homelab.proxy.base}"; environmentFile = "/mnt/data/apps/acme/cf-api.env"; dnsProvider = "cloudflare"; # ^^^contents: CLOUDFLARE_DNS_API_TOKEN=XXXXX From 14a65b8c7e5b17d25960f3f013b36b3b9a574401 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 07:58:04 +0700 Subject: [PATCH 138/261] revert not working fix --- modules/system/homelab/docs.nix | 6 ------ 1 file changed, 6 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 2d9ff74..caa5c9c 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -3,10 +3,6 @@ sandbox = "docs-sandbox.${homelab.domain}"; data-dir = "/mnt/data/apps/cryptpad"; in { - systemd.tmpfiles.rules = [ - "d ${data-dir} 0750 cryptpad cryptpad -" - ]; - services.cryptpad = { enable = true; settings = { @@ -26,6 +22,4 @@ in { logPath = "${data-dir}/logs"; }; }; - - systemd.services.cryptpad.serviceConfig.ReadWritePaths = [ data-dir ]; } From d4de48420f06c77dc06ea6694b5c093ea2685491 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:05:02 +0700 Subject: [PATCH 139/261] bind mount loophole --- modules/system/homelab/docs.nix | 14 ++++++-------- modules/system/homelab/pass.nix | 7 ++++++- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index caa5c9c..fad718c 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -12,14 +12,12 @@ in { httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; - archivePath = "${data-dir}/archive"; - pinPath = "${data-dir}/pins"; - taskPath = "${data-dir}/tasks"; - blockPath = "${data-dir}/block"; - blobPath = "${data-dir}/blob"; - blobStagingPath = "${data-dir}/blobstage"; - decreePath = "${data-dir}/decrees"; - logPath = "${data-dir}/logs"; }; }; + + fileSystems."/var/lib/cryptpad" = { + device = "/mnt/data/apps/cryptpad"; + dependsOn = [ "/mnt/data" ]; + options = [ "bind" "nofail" ]; + }; } diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 028f99d..86a4707 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -5,10 +5,15 @@ backupDir = "/mnt/data/apps/vaultwarden/backups"; environmentFile = "/mnt/data/apps/vaultwarden/.env"; config = { - DATA_FOLDER = "/mnt/data/apps/vaultwarden/data"; ROCKET_PORT = 8060; ROCKET_ADDRESS = "127.0.0.1"; ROCKET_LOG = "critical"; }; }; + + fileSystems."/var/lib/vaultwarden" = { + device = "/mnt/data/apps/vaultwarden/data"; + dependsOn = [ "/mnt/data" ]; + options = [ "bind" "nofail" ]; + }; } \ No newline at end of file From ac8e025f67dfa706e7d8e00a05f3a8c016f4de48 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:10:22 +0700 Subject: [PATCH 140/261] fix option name --- modules/system/homelab/docs.nix | 2 +- modules/system/homelab/pass.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index fad718c..aa355c5 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -17,7 +17,7 @@ in { fileSystems."/var/lib/cryptpad" = { device = "/mnt/data/apps/cryptpad"; - dependsOn = [ "/mnt/data" ]; + depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; }; } diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index 86a4707..ec2c43c 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -13,7 +13,7 @@ fileSystems."/var/lib/vaultwarden" = { device = "/mnt/data/apps/vaultwarden/data"; - dependsOn = [ "/mnt/data" ]; + depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; }; } \ No newline at end of file From 4924eebbc2c402718a26e349176b3704749979d2 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:13:10 +0700 Subject: [PATCH 141/261] bind mount for cert storage --- modules/system/homelab/proxy.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 7f46967..446197e 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -27,6 +27,12 @@ in { }; }; + fileSystems."/var/lib/acme/${homelab.proxy.base}" = { + device = "/mnt/data/apps/acme/${homelab.proxy.base}"; + depends = [ "/mnt/data" ]; + options = [ "bind" "nofail" ]; + }; + services = { nginx = { enable = true; From b135e301f1b2baceb9700048e1ced54bc1e66401 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:18:29 +0700 Subject: [PATCH 142/261] fix cryptpad websocket port --- modules/system/homelab/docs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index aa355c5..a8126b0 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -1,11 +1,11 @@ { homelab, ... }: let domain = "docs.${homelab.domain}"; sandbox = "docs-sandbox.${homelab.domain}"; - data-dir = "/mnt/data/apps/cryptpad"; in { services.cryptpad = { enable = true; settings = { + websocketPort = 7091; httpPort = 7090; httpAddress = "127.0.0.1"; httpUnsafeOrigin = "https://${domain}"; From 54d2d8a6c6bf0f6fe4c982cc6d488af972a16849 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 08:56:54 +0700 Subject: [PATCH 143/261] dns cleanup --- lib/options.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 96a2002..f0282ee 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -96,12 +96,8 @@ in { records = [ [ "server.dns.${domain}" "10.3.14.69" ] [ "router.dns.${domain}" "10.3.14.1" ] - [ "home.dns.${domain}" "10.3.14.235" ] - [ "games.dns.${domain}" "10.3.14.37" ] - [ "workspace.dns.${domain}" "10.3.14.57" ] - [ "old-main.dns.${domain}" "10.3.14.42" ] # old main machine for connecting while migrating - [ "main.dns.${domain}" "10.3.14.215" ] # this machine + [ "main.dns.${domain}" "homelab.axolotl-chameleon.ts.net" ] # this machine [ "proxy.${domain}" "main.dns.${domain}" ] [ "*.proxy.${domain}" "proxy.${domain}" ] From 994fcf66bc76dc0bbbdaca374f1a92a1757ba2c9 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 10:22:42 +0700 Subject: [PATCH 144/261] update and migrate --- flake.lock | 24 ++++++++++++------------ modules/hardware/homelab.nix | 6 +++--- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index fb30067..e972eea 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1775213373, - "narHash": "sha256-wJHsijC2l/E+ovmlpPGha8pXA6RHSwHWmBV97gvkmyI=", + "lastModified": 1777505151, + "narHash": "sha256-ul1iRBfVX2vc971tHHhVtxX2hycU3nVwgO005OcOKnw=", "owner": "catppuccin", "repo": "nix", - "rev": "ba73719e673e7c2d89ac2f8df0bc0d48983e4907", + "rev": "e82c195f2276825b0a08024fdaff80f965edcd69", "type": "github" }, "original": { @@ -62,11 +62,11 @@ ] }, "locked": { - "lastModified": 1775622785, - "narHash": "sha256-/yFxO+7oS1SymDfJ2iVO7K5vJKcYfe9XGIJ+quLqz0Q=", + "lastModified": 1777518431, + "narHash": "sha256-SwgiG2T5pbyo33Vz7/vUCAhEMgwCK8Pa2nDSx5a6/WE=", "owner": "nix-community", "repo": "home-manager", - "rev": "527e47b78fe67213072f706bf933a9705a8c4974", + "rev": "2e54a938cdd4c8e414b2518edc3d82308027c670", "type": "github" }, "original": { @@ -78,11 +78,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1775036866, - "narHash": "sha256-ZojAnPuCdy657PbTq5V0Y+AHKhZAIwSIT2cb8UgAz/U=", + "lastModified": 1776548001, + "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6201e203d09599479a3b3450ed24fa81537ebc4e", + "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc", "type": "github" }, "original": { @@ -109,11 +109,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1775423009, - "narHash": "sha256-vPKLpjhIVWdDrfiUM8atW6YkIggCEKdSAlJPzzhkQlw=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "68d8aa3d661f0e6bd5862291b5bb263b2a6595c9", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { diff --git a/modules/hardware/homelab.nix b/modules/hardware/homelab.nix index ba76f66..906b24b 100644 --- a/modules/hardware/homelab.nix +++ b/modules/hardware/homelab.nix @@ -1,8 +1,8 @@ { ... }: { imports = [ - ./misc/cpu-hotplug.nix - ./misc/serial.nix - ./misc/qemu-virtio.nix + # ./misc/cpu-hotplug.nix + # ./misc/serial.nix + # ./misc/qemu-virtio.nix # ^^ only used if vm ./core/firmware.nix From 5c72b53939fd454775c024d1004346fa4119dc36 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 15:15:07 +0700 Subject: [PATCH 145/261] fix fstype checks --- modules/system/homelab/docs.nix | 1 + modules/system/homelab/pass.nix | 1 + modules/system/homelab/proxy.nix | 1 + 3 files changed, 3 insertions(+) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index a8126b0..58784a3 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -19,5 +19,6 @@ in { device = "/mnt/data/apps/cryptpad"; depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; + fsType = "none"; }; } diff --git a/modules/system/homelab/pass.nix b/modules/system/homelab/pass.nix index ec2c43c..85b22e2 100644 --- a/modules/system/homelab/pass.nix +++ b/modules/system/homelab/pass.nix @@ -15,5 +15,6 @@ device = "/mnt/data/apps/vaultwarden/data"; depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; + fsType = "none"; }; } \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index 446197e..d977892 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -31,6 +31,7 @@ in { device = "/mnt/data/apps/acme/${homelab.proxy.base}"; depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; + fsType = "none"; }; services = { From 3906d680da6d03eac1e118f78fc845dc5fe9d5f6 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 15:20:43 +0700 Subject: [PATCH 146/261] update hardware config --- modules/scans/homelab.nix | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) diff --git a/modules/scans/homelab.nix b/modules/scans/homelab.nix index ae9dcbc..97b2ba6 100644 --- a/modules/scans/homelab.nix +++ b/modules/scans/homelab.nix @@ -5,26 +5,35 @@ { imports = - [ (modulesPath + "/profiles/qemu-guest.nix") + [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "uas" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/e33ab472-e518-4b4d-89d1-d75cfecb9f06"; + { device = "/dev/disk/by-uuid/e5a7d45d-b9e9-43e7-ba5f-f4e67821bd0b"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/880C-9F0A"; + { device = "/dev/disk/by-uuid/EC01-36B5"; fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; + options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = [ ]; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; -} \ No newline at end of file + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} \ No newline at end of file From 678676793a3b7bcc62a4c922bf5e5d52d15e806e Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 16:05:12 +0700 Subject: [PATCH 147/261] fix ventoy warning --- flake.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 8130e57..0c8d584 100644 --- a/flake.nix +++ b/flake.nix @@ -6,18 +6,18 @@ url = "github:nix-community/home-manager/master"; inputs.nixpkgs.follows = "nixpkgs"; }; - + gl.url = "github:nix-community/nixGL"; ctp.url = "github:catppuccin/nix"; }; - outputs = inputs: let + outputs = inputs: let pkgs = import inputs.nixpkgs { system = "x86_64-linux"; overlays = [ inputs.gl.overlay ]; config = { allowUnfree = true; - permittedInsecurePackages = [ "ventoy-qt5-1.1.10" ]; + permittedInsecurePackages = [ "ventoy-qt5-1.1.12" ]; }; }; args = { @@ -32,7 +32,7 @@ inputs.ctp.nixosModules.catppuccin ]; }; - + nixosConfigWithHome = host: inputs.nixpkgs.lib.nixosSystem { inherit pkgs; specialArgs = args // { hostname = host; }; @@ -50,7 +50,7 @@ } ]; }; - + homeConfig = host: inputs.hm.lib.homeManagerConfiguration { extraSpecialArgs = args // { hostname = host; }; inherit pkgs; From 3133e2bc51e8804b9d2575b7b283db67d4d1134b Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 16:36:29 +0700 Subject: [PATCH 148/261] remove flag --- modules/system/server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/server.nix b/modules/system/server.nix index 7df13d2..019d474 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -2,7 +2,7 @@ ts-flags = [ "--advertise-exit-node" "--advertise-routes=10.3.14.0/24,192.168.1.0/24" - "--ssh" "--webclient" + "--ssh" ]; in { imports = [ From 1a35ba2ecfacec60ca4f359cd120c20247d02597 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 16:45:01 +0700 Subject: [PATCH 149/261] use tsip --- lib/options.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/options.nix b/lib/options.nix index f0282ee..1bb94e7 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -97,7 +97,7 @@ in { [ "server.dns.${domain}" "10.3.14.69" ] [ "router.dns.${domain}" "10.3.14.1" ] - [ "main.dns.${domain}" "homelab.axolotl-chameleon.ts.net" ] # this machine + [ "main.dns.${domain}" "100.113.147.93" ] # this machine [ "proxy.${domain}" "main.dns.${domain}" ] [ "*.proxy.${domain}" "proxy.${domain}" ] From 086b6f826e2e9aecfeb801e378669d80beb5761a Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 16:57:25 +0700 Subject: [PATCH 150/261] remove deps on other stuff --- lib/options.nix | 7 ------- modules/system/homelab/dash.nix | 17 ----------------- modules/system/homelab/git.nix | 2 +- 3 files changed, 1 insertion(+), 25 deletions(-) diff --git a/lib/options.nix b/lib/options.nix index 1bb94e7..3a81736 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -66,10 +66,6 @@ in { proxy = { base = "proxy.${domain}"; hosts = { - "server" = d "https://server.dns.${domain}:8006"; - "router" = d "http://router.dns.${domain}:80"; - "home" = d "http://home.dns.${domain}:8123"; - "containers" = da "http://localhost:5001"; "code" = da "http://localhost:8443"; "dns" = da "http://localhost:8088"; @@ -94,9 +90,6 @@ in { }; }; records = [ - [ "server.dns.${domain}" "10.3.14.69" ] - [ "router.dns.${domain}" "10.3.14.1" ] - [ "main.dns.${domain}" "100.113.147.93" ] # this machine [ "proxy.${domain}" "main.dns.${domain}" ] [ "*.proxy.${domain}" "proxy.${domain}" ] diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index ff6656d..9f55182 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -58,10 +58,6 @@ [ "DNS" "http://localhost:8088/" ] [ "Proxy" "https://proxy.${homelab.domain}/" ] ]; - external = [ - [ "Proxmox" "proxmox" "https://server.proxy.${homelab.domain}" "http://server.dns.${homelab.domain}:8006/" ] - [ "OpenWRT" "openwrt" "https://router.proxy.${homelab.domain}" "http://router.dns.${homelab.domain}:80/" ] - ]; bookmarks = [ [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] [ "Cloudflare" "cloudflare" "https://dash.cloudflare.com/" ] @@ -259,19 +255,6 @@ in { # mountpoints."/nix/store".hide = true; }]; } - { - type = "monitor"; - cache = "1m"; - title = "External"; - sites = map (e: { - same-tab = true; - allow-insecure = true; - title = builtins.elemAt e 0; - icon = "si:${builtins.elemAt e 1}"; - url = builtins.elemAt e 2; - check-url = builtins.elemAt e 3; - }) external; - } { type = "monitor"; cache = "1m"; diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index 39f4de1..ddf6df2 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -42,7 +42,7 @@ gitea-actions-runner.instances.nixos-deploy = { enable = true; name = "nixos-server-runner"; - url = "https://git.proxy.${homelab.domain}"; + url = "https://localhost:5080"; #"https://git.proxy.${homelab.domain}"; tokenFile = "/mnt/data/apps/forgejo/token-runner"; labels = [ "self-hosted:host" ]; hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; From afb46f4d86efbd3d7fd20b47481e121f9159e51e Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:00:48 +0700 Subject: [PATCH 151/261] fix https warning --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index ddf6df2..db30c7a 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -42,7 +42,7 @@ gitea-actions-runner.instances.nixos-deploy = { enable = true; name = "nixos-server-runner"; - url = "https://localhost:5080"; #"https://git.proxy.${homelab.domain}"; + url = "http://localhost:5080"; #"https://git.proxy.${homelab.domain}"; tokenFile = "/mnt/data/apps/forgejo/token-runner"; labels = [ "self-hosted:host" ]; hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; From 2eb33f25266d52a92a76cca0aaa1dc85347b2f00 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:03:55 +0700 Subject: [PATCH 152/261] remove unused monitor --- modules/system/homelab/dash.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 9f55182..f419efb 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -53,8 +53,6 @@ [ "Google Web Results Only" "!s" "https://google.com/search?udm=14&q={QUERY}" ] ]; monitor = [ - [ "Hypervisor" "https://10.3.14.69:8006/" ] - [ "Router" "http://10.3.14.1:80/" ] [ "DNS" "http://localhost:8088/" ] [ "Proxy" "https://proxy.${homelab.domain}/" ] ]; From 5a3783628aa45be4f884c7b48750881d14a2b517 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:08:40 +0700 Subject: [PATCH 153/261] cryptpad fix --- modules/system/homelab/docs.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 58784a3..ebc729a 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -1,7 +1,9 @@ -{ homelab, ... }: let +{ lib, homelab, ... }: let domain = "docs.${homelab.domain}"; sandbox = "docs-sandbox.${homelab.domain}"; in { + systemd.services.cryptpad.confinement.enable = lib.mkForce false; + services.cryptpad = { enable = true; settings = { From 2b04bb766891f5a0294886c4841561bf52e559b2 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:13:25 +0700 Subject: [PATCH 154/261] hide duplicate mountpoints --- modules/system/homelab/dash.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index f419efb..4c25bf9 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -250,7 +250,12 @@ in { type = "server-stats"; servers = [{ type = "local"; - # mountpoints."/nix/store".hide = true; + mountpoints = { + "/nix/store".hide = true; + "/var/lib/cryptpad".hide = true; + "/var/lib/vaultwarden".hide = true; + "/var/lib/acme/proxy.satr14.my.id".hide = true; + }; }]; } { From 83e174cc6b1744282680ef842b36ad54037b2a62 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:22:52 +0700 Subject: [PATCH 155/261] fix 2: point to private --- modules/system/homelab/docs.nix | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index ebc729a..077f95b 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -1,9 +1,7 @@ -{ lib, homelab, ... }: let +{ homelab, ... }: let domain = "docs.${homelab.domain}"; sandbox = "docs-sandbox.${homelab.domain}"; in { - systemd.services.cryptpad.confinement.enable = lib.mkForce false; - services.cryptpad = { enable = true; settings = { @@ -17,7 +15,7 @@ in { }; }; - fileSystems."/var/lib/cryptpad" = { + fileSystems."/var/lib/private/cryptpad" = { device = "/mnt/data/apps/cryptpad"; depends = [ "/mnt/data" ]; options = [ "bind" "nofail" ]; From 7e4905561c0eab2ce4f2b245f7ecb87aac8fd754 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:26:44 +0700 Subject: [PATCH 156/261] switch to private --- modules/system/homelab/dash.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 4c25bf9..78b68f4 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -252,8 +252,8 @@ in { type = "local"; mountpoints = { "/nix/store".hide = true; - "/var/lib/cryptpad".hide = true; "/var/lib/vaultwarden".hide = true; + "/var/lib/private/cryptpad".hide = true; "/var/lib/acme/proxy.satr14.my.id".hide = true; }; }]; From e6fcd6bb41754ce786e029305c998e7c4b59140f Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 1 May 2026 17:37:17 +0700 Subject: [PATCH 157/261] add my key --- modules/system/homelab/docs.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 077f95b..2cae519 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -12,6 +12,9 @@ in { httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; + adminKeys = [ + "[satr14@docs.satr14.my.id/f1A82fmBuqQka2bNqrCb1WbB9r2ex5A3rdys5xLX3Hc=]" + ]; }; }; From 33688e44964149796639c6aa9177e84939a567cc Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 17:50:59 +0700 Subject: [PATCH 158/261] disable guest usage --- modules/system/homelab/docs.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 2cae519..9682a0e 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -12,6 +12,8 @@ in { httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; + disableAnonymousStore = true; + disableAnonymousPadCreation = true; adminKeys = [ "[satr14@docs.satr14.my.id/f1A82fmBuqQka2bNqrCb1WbB9r2ex5A3rdys5xLX3Hc=]" ]; From 2940656cf158fbd388d8b227334229fd6db9bb38 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 18:41:49 +0700 Subject: [PATCH 159/261] mc server --- flake.lock | 70 ++++++++++++++++++++++++++++- flake.nix | 2 + lib/options.nix | 4 ++ modules/system/homelab/mc.nix | 73 +++++++++++++++++++++++++++++++ modules/system/misc/utilities.nix | 1 + modules/system/server.nix | 1 + 6 files changed, 150 insertions(+), 1 deletion(-) create mode 100644 modules/system/homelab/mc.nix diff --git a/flake.lock b/flake.lock index e972eea..5970bab 100644 --- a/flake.lock +++ b/flake.lock @@ -18,6 +18,22 @@ "type": "github" } }, + "flake-compat": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "inputs": { "systems": "systems" @@ -76,6 +92,26 @@ "type": "github" } }, + "mc": { + "inputs": { + "flake-compat": "flake-compat", + "nixpkgs": "nixpkgs_3", + "systems": "systems_2" + }, + "locked": { + "lastModified": 1777692910, + "narHash": "sha256-rPszOFTm7gP9n/JGiFH4SeuEALC8FBJtXu5owvHVjaQ=", + "owner": "Infinidoge", + "repo": "nix-minecraft", + "rev": "0707737282f65e25ed8e6e73f8767872659b7fb8", + "type": "github" + }, + "original": { + "owner": "Infinidoge", + "repo": "nix-minecraft", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1776548001, @@ -108,6 +144,22 @@ } }, "nixpkgs_3": { + "locked": { + "lastModified": 1769461804, + "narHash": "sha256-msG8SU5WsBUfVVa/9RPLaymvi5bI8edTavbIq3vRlhI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "bfc1b8a4574108ceef22f02bafcf6611380c100d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { "locked": { "lastModified": 1777268161, "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", @@ -128,7 +180,8 @@ "ctp": "ctp", "gl": "gl", "hm": "hm", - "nixpkgs": "nixpkgs_3" + "mc": "mc", + "nixpkgs": "nixpkgs_4" } }, "systems": { @@ -145,6 +198,21 @@ "repo": "default", "type": "github" } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index 0c8d584..3ccbd5c 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,8 @@ gl.url = "github:nix-community/nixGL"; ctp.url = "github:catppuccin/nix"; + + mc.url = "github:Infinidoge/nix-minecraft"; }; outputs = inputs: let diff --git a/lib/options.nix b/lib/options.nix index 3a81736..9cc0282 100644 --- a/lib/options.nix +++ b/lib/options.nix @@ -54,9 +54,13 @@ in { [ "Dockge" "docker" "https://containers.proxy.${domain}" "http://localhost:5001/" ] ]; routes = { + "mc0.${domain}" = "tcp://localhost:25565"; + "docs-sandbox.${domain}" = "http://localhost:7090"; "docs.${domain}" = "http://localhost:7090"; + "cdn.${domain}" = selfSigned "https://localhost:3923"; + "git.${domain}" = "http://localhost:5080"; "auth.${domain}" = "http://localhost:1411"; "dash.${domain}" = "http://localhost:5070"; diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix new file mode 100644 index 0000000..7ebfffd --- /dev/null +++ b/modules/system/homelab/mc.nix @@ -0,0 +1,73 @@ +{ inputs, pkgs, ... }: let + ram-allocation = "10240M"; + auth-server = "https://mc.satr14.my.id"; + # modpack = pkgs.fetchPackwizModpack { + # url = ""; + # packHash = ""; + # }; +in { + imports = [ inputs.mc.nixosModules.minecraft-servers ]; + nixpkgs.overlays = [ inputs.mc.overlay ]; + + services.minecraft-servers = { + enable = true; + eula = true; + + servers.mc0-explorers-creativity = { + enable = true; + autoStart = true; + restart = "always"; + enableReload = true; + + package = pkgs.fabricServers.fabric-26_1.override { loaderVersion = "0.19.2"; }; + jvmOpts = let + authlib-injector = pkgs.fetchurl { + url = "https://github.com/yushijinhun/authlib-injector/releases/download/v1.2.7/authlib-injector-1.2.7.jar"; + sha256 = "0av58bz0fn7wn9bf7sib62cn4vgkk4mr9mavpn2xiizzmk2lpwga"; + }; + in '' + -Xms${ram-allocation} -Xmx${ram-allocation} -javaagent:${authlib-injector}=${auth-server} + + -add-modules=jdk.incubator.vector -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 + ''; + + serverProperties = { + server-port = 25565; + server-name = "Digit Association"; + motd = "\u00a7lSeason 3\u00a7r - \u00a7dExplorers Creativity \ud83d\udd25"; + + difficulty = "normal"; + gamemode = "survival"; + max-world-size = 25000; + spawn-protection = 0; + pvp = true; + + online-mode = true; + enforce-secure-profile = false; + pevent-proxy-connections = false; + allow-flight = false; + player-idle-timeout = 0; + + # resource-pack = "https://cdn.satr14.my.id/public/fullslide-1.21.11.zip"; + # resource-pack-sha1 = "e0958dcef5755286f390c22280700c471ec34a65"; + # resource-pack-enforce = false; + + simulation-distance = 16; + view-distance = 4; + + enable-rcon = true; + sync-chunk-writes = false; + "rcon.password" = "howdy"; + "rcon.port" = 25575; + }; + + symlinks = { + # "resources/datapack/required" = "${modpack}/datapacks"; + # "mods" = "${modpack}/mods"; + + # "server-icon.png" = "${modpack}/server-icon.png"; + # "config" = ""; + }; + }; + }; +} \ No newline at end of file diff --git a/modules/system/misc/utilities.nix b/modules/system/misc/utilities.nix index 29c4c6f..de5d35e 100644 --- a/modules/system/misc/utilities.nix +++ b/modules/system/misc/utilities.nix @@ -74,6 +74,7 @@ lsof # Nix & Development + rcon-cli dconf2nix home-manager nix-index diff --git a/modules/system/server.nix b/modules/system/server.nix index 019d474..57a3ff0 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -25,6 +25,7 @@ in { ./homelab/cdn.nix ./homelab/ai.nix ./homelab/db.nix + ./homelab/mc.nix ./core/swapfile.nix ./core/oom.nix From cbafaefb34a2dc20efed6b909db5ec98b41cf320 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 18:50:46 +0700 Subject: [PATCH 160/261] fix flags error --- modules/system/homelab/mc.nix | 36 +++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 7ebfffd..ccc9f62 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,4 +1,4 @@ -{ inputs, pkgs, ... }: let +{ inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # modpack = pkgs.fetchPackwizModpack { @@ -25,11 +25,35 @@ in { url = "https://github.com/yushijinhun/authlib-injector/releases/download/v1.2.7/authlib-injector-1.2.7.jar"; sha256 = "0av58bz0fn7wn9bf7sib62cn4vgkk4mr9mavpn2xiizzmk2lpwga"; }; - in '' - -Xms${ram-allocation} -Xmx${ram-allocation} -javaagent:${authlib-injector}=${auth-server} - - -add-modules=jdk.incubator.vector -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 -XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 -XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 -XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem -XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true -XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M -XX:G1ReservePercent=20 - ''; + flags = [ + "-Xms${ram-allocation}" + "-Xmx${ram-allocation}" + "-javaagent:${authlib-injector}=${auth-server}" + "--add-modules=jdk.incubator.vector" + + # Aikar's GC flags + "-XX:+UseG1GC" + "-XX:+ParallelRefProcEnabled" + "-XX:MaxGCPauseMillis=200" + "-XX:+UnlockExperimentalVMOptions" + "-XX:+DisableExplicitGC" + "-XX:+AlwaysPreTouch" + "-XX:G1HeapWastePercent=5" + "-XX:G1MixedGCCountTarget=4" + "-XX:InitiatingHeapOccupancyPercent=15" + "-XX:G1MixedGCLiveThresholdPercent=90" + "-XX:G1RSetUpdatingPauseTimePercent=5" + "-XX:SurvivorRatio=32" + "-XX:+PerfDisableSharedMem" + "-XX:MaxTenuringThreshold=1" + "-Dusing.aikars.flags=https://mcflags.emc.gs" + "-Daikars.new.flags=true" + "-XX:G1NewSizePercent=30" + "-XX:G1MaxNewSizePercent=40" + "-XX:G1HeapRegionSize=8M" + "-XX:G1ReservePercent=20" + ]; + in lib.concatStringsSep " " flags; serverProperties = { server-port = 25565; From f831c98840d00cb0976f9792ed88edc5a543f0db Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 18:56:38 +0700 Subject: [PATCH 161/261] fix error --- modules/system/homelab/mc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index ccc9f62..4a21456 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -19,6 +19,7 @@ in { restart = "always"; enableReload = true; + managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID package = pkgs.fabricServers.fabric-26_1.override { loaderVersion = "0.19.2"; }; jvmOpts = let authlib-injector = pkgs.fetchurl { From b1a1913b5179b014d5793a4d6ccbef872103c6ff Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:01:34 +0700 Subject: [PATCH 162/261] fix error 2 --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 4a21456..d342f14 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -12,6 +12,7 @@ in { services.minecraft-servers = { enable = true; eula = true; + managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID servers.mc0-explorers-creativity = { enable = true; @@ -19,7 +20,6 @@ in { restart = "always"; enableReload = true; - managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID package = pkgs.fabricServers.fabric-26_1.override { loaderVersion = "0.19.2"; }; jvmOpts = let authlib-injector = pkgs.fetchurl { From 9e28753c9afb3ef749cbb7a140c18383d0a57498 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:03:49 +0700 Subject: [PATCH 163/261] [skip ci] ref issue --- modules/system/homelab/mc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index d342f14..50065e5 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -13,6 +13,7 @@ in { enable = true; eula = true; managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID + # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 servers.mc0-explorers-creativity = { enable = true; From 5d6c14ffa7c7ab065949fdf1bade0de16dc8a267 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:22:03 +0700 Subject: [PATCH 164/261] fix jre missmatch --- modules/system/homelab/mc.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 50065e5..19f173d 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -21,7 +21,11 @@ in { restart = "always"; enableReload = true; - package = pkgs.fabricServers.fabric-26_1.override { loaderVersion = "0.19.2"; }; + package = pkgs.fabricServers.fabric-26_1.override { + loaderVersion = "0.19.2"; + jre_headless = pkgs.javaPackages.compiler.temurin-bin.jre-25; + }; + jvmOpts = let authlib-injector = pkgs.fetchurl { url = "https://github.com/yushijinhun/authlib-injector/releases/download/v1.2.7/authlib-injector-1.2.7.jar"; From cafbb5453d13a56c5fd7133a50332289597a9108 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:53:49 +0700 Subject: [PATCH 165/261] 1.21.11 downgrade --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 19f173d..9caa3b2 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -21,7 +21,7 @@ in { restart = "always"; enableReload = true; - package = pkgs.fabricServers.fabric-26_1.override { + package = pkgs.fabricServers.fabric-1_21_11.override { loaderVersion = "0.19.2"; jre_headless = pkgs.javaPackages.compiler.temurin-bin.jre-25; }; From 78e626156cf020448af5ed4d0a9b10656f5a426c Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:57:13 +0700 Subject: [PATCH 166/261] temp disable --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9caa3b2..18ff72f 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -10,13 +10,13 @@ in { nixpkgs.overlays = [ inputs.mc.overlay ]; services.minecraft-servers = { - enable = true; + enable = false; eula = true; managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 servers.mc0-explorers-creativity = { - enable = true; + enable = false; autoStart = true; restart = "always"; enableReload = true; From 52464e7afe751e948e7f01e1be28113021d5a008 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 19:59:29 +0700 Subject: [PATCH 167/261] reenable --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 18ff72f..9caa3b2 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -10,13 +10,13 @@ in { nixpkgs.overlays = [ inputs.mc.overlay ]; services.minecraft-servers = { - enable = false; + enable = true; eula = true; managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 servers.mc0-explorers-creativity = { - enable = false; + enable = true; autoStart = true; restart = "always"; enableReload = true; From ae4c4702b2680f3a5a9d21fd2deac3ebcff81600 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 2 May 2026 20:02:56 +0700 Subject: [PATCH 168/261] fix motd --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9caa3b2..7920048 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -64,7 +64,7 @@ in { serverProperties = { server-port = 25565; server-name = "Digit Association"; - motd = "\u00a7lSeason 3\u00a7r - \u00a7dExplorers Creativity \ud83d\udd25"; + motd = "§lSeason 3§r - §dExplorers Creativity 🔥"; difficulty = "normal"; gamemode = "survival"; From 112fd500874efb3a1e02a1e70f40d649ca717a5a Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 05:18:00 +0700 Subject: [PATCH 169/261] temp disable --- modules/system/homelab/code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 3d79fc7..6fc9254 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -1,6 +1,6 @@ { username, ... }: { services.code-server = { - enable = true; + enable = false; host = "127.0.0.1"; port = 8443; user = username; From 0d28d1e48cccd3502098e9f9b2d7a415f0e7b5dc Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 06:17:07 +0700 Subject: [PATCH 170/261] Update modules/system/homelab/code.nix --- modules/system/homelab/code.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/code.nix b/modules/system/homelab/code.nix index 6fc9254..3d79fc7 100644 --- a/modules/system/homelab/code.nix +++ b/modules/system/homelab/code.nix @@ -1,6 +1,6 @@ { username, ... }: { services.code-server = { - enable = false; + enable = true; host = "127.0.0.1"; port = 8443; user = username; From 352908c0f326fe1a6c946f68fe2750a45714aa61 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 07:16:59 +0700 Subject: [PATCH 171/261] [skip ci] vsc config --- .vscode/settings.json | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 .vscode/settings.json diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..a5a5a12 --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,3 @@ +{ + "nixEnvSelector.suggestion": false +} \ No newline at end of file From 7bb998d022a95ee0659e383b5b604bc3ec05cec1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 07:22:10 +0700 Subject: [PATCH 172/261] install modpack mods --- modules/system/homelab/mc.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 7920048..b00b4fb 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,10 +1,10 @@ { inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; - # modpack = pkgs.fetchPackwizModpack { - # url = ""; - # packHash = ""; - # }; + modpack = pkgs.fetchPackwizModpack { + url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/a1372bf1b044fd178d5ca29a8b01805f56c9ee4f/pack.toml"; + packHash = "sha256-TCBGa4W+hi6iMzaI9GkapgaQGib0mvhnOObTdEgO/Rs="; + }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; @@ -93,7 +93,7 @@ in { symlinks = { # "resources/datapack/required" = "${modpack}/datapacks"; - # "mods" = "${modpack}/mods"; + "mods" = "${modpack}/mods"; # "server-icon.png" = "${modpack}/server-icon.png"; # "config" = ""; From 0f2bc17be007804161eac73dfc9516f89a37c0d1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 09:10:25 +0700 Subject: [PATCH 173/261] readme update --- README.md | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 1c27513..ee0d382 100644 --- a/README.md +++ b/README.md @@ -1,12 +1,11 @@ ![nix-flake](ss.png) -rewrite of my nixos flake with hopefully better structuring and modularity > [!WARNING] -> this flake is ment for personal use. code is not well documented and is not ment to be used by others. use at your own risk. +> This flake is ment for personal use. The code is not well documented nor structured and is not ment to be used by others. **Use at your own risk.** -## hosts -- `thinkpad` - my thinkpad t480 with an i5 8350u, 16gb of ram, and 256gb nvme ssd (140 allocated for nixos, rest for windows 11) -- `homelab` - my homelab server in a vm on a proxmox host with an i7 8700t, 32gb of ram, and 512gb boot drive (with hotplug enabled for cpu and ram) +## Hosts +- `thinkpad` - Thinkpad T480, i5 8350U, 16GB RAM, 256GB NVME +- `homelab` - i7 8700T, 32GB RAM, 512GB NVME, 1TB 2.5" SATA -## credits +## Credits - [orangc's flake](https://git.orangc.net/c/dots) \ No newline at end of file From 7693a23c84331f88367306c72995a917af9e453e Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 12:17:20 +0700 Subject: [PATCH 174/261] enable query --- modules/system/homelab/mc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index b00b4fb..2f0d710 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -73,6 +73,7 @@ in { pvp = true; online-mode = true; + enable-query = true; enforce-secure-profile = false; pevent-proxy-connections = false; allow-flight = false; From f1d468f26be0a0939ddbc90e75dc899450fa2369 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:03:25 +0700 Subject: [PATCH 175/261] use built in flags instead of authlib injector --- modules/system/homelab/mc.nix | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 2f0d710..cfa2a7b 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,6 +1,6 @@ { inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; - auth-server = "https://mc.satr14.my.id"; + auth-server = "https://mc.satr14.my.id"; # self hosted drasl server modpack = pkgs.fetchPackwizModpack { url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/a1372bf1b044fd178d5ca29a8b01805f56c9ee4f/pack.toml"; packHash = "sha256-TCBGa4W+hi6iMzaI9GkapgaQGib0mvhnOObTdEgO/Rs="; @@ -27,15 +27,18 @@ in { }; jvmOpts = let - authlib-injector = pkgs.fetchurl { - url = "https://github.com/yushijinhun/authlib-injector/releases/download/v1.2.7/authlib-injector-1.2.7.jar"; - sha256 = "0av58bz0fn7wn9bf7sib62cn4vgkk4mr9mavpn2xiizzmk2lpwga"; - }; flags = [ "-Xms${ram-allocation}" "-Xmx${ram-allocation}" - "-javaagent:${authlib-injector}=${auth-server}" "--add-modules=jdk.incubator.vector" + + # Custom auth server + "-Dminecraft.api.env=custom" + "-Dminecraft.api.auth.host=${auth-server}/auth" + "-Dminecraft.api.account.host=${auth-server}/account" + "-Dminecraft.api.profiles.host=${auth-server}/account" + "-Dminecraft.api.session.host=${auth-server}/session" + "-Dminecraft.api.services.host=${auth-server}/services" # Aikar's GC flags "-XX:+UseG1GC" From e9400208dcd446d64117ddd69acebaa3bed98b9d Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:15:03 +0700 Subject: [PATCH 176/261] update modpack --- modules/system/homelab/mc.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index cfa2a7b..acdb803 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,9 +1,9 @@ { inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; - auth-server = "https://mc.satr14.my.id"; # self hosted drasl server + auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = pkgs.fetchPackwizModpack { - url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/a1372bf1b044fd178d5ca29a8b01805f56c9ee4f/pack.toml"; - packHash = "sha256-TCBGa4W+hi6iMzaI9GkapgaQGib0mvhnOObTdEgO/Rs="; + url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/e8a47c7f6dbf26cf436d40d68eed17ac4a98decc/pack.toml"; + packHash = ""; }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; From 75d033c63cbb5bfd4254f4c8bb4446a966c72f45 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:18:33 +0700 Subject: [PATCH 177/261] code cleanup and dev changes --- modules/system/homelab/mc.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index acdb803..ab2de9b 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -19,11 +19,11 @@ in { enable = true; autoStart = true; restart = "always"; - enableReload = true; + enableReload = false; # NOTE: development phase, disable in production package = pkgs.fabricServers.fabric-1_21_11.override { - loaderVersion = "0.19.2"; jre_headless = pkgs.javaPackages.compiler.temurin-bin.jre-25; + loaderVersion = "0.19.2"; }; jvmOpts = let @@ -67,7 +67,7 @@ in { serverProperties = { server-port = 25565; server-name = "Digit Association"; - motd = "§lSeason 3§r - §dExplorers Creativity 🔥"; + motd = "§lSeason 3 TESTING§r - §dExplorers Creativity 🔥"; difficulty = "normal"; gamemode = "survival"; From 6b13c4bf509b987965fe732a2357d998465ab216 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:20:17 +0700 Subject: [PATCH 178/261] hash update --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index ab2de9b..4491759 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -3,7 +3,7 @@ auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = pkgs.fetchPackwizModpack { url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/e8a47c7f6dbf26cf436d40d68eed17ac4a98decc/pack.toml"; - packHash = ""; + packHash = "sha256-VJ018vTOASlS9Ndp+dI2N5bla2lQcDxY+MPS2qXYufE="; }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; From ae5521f823e62ce5c4aaa11a60c578e0ba000e52 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:49:21 +0700 Subject: [PATCH 179/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 4491759..75df76f 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,8 +2,8 @@ ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = pkgs.fetchPackwizModpack { - url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/e8a47c7f6dbf26cf436d40d68eed17ac4a98decc/pack.toml"; - packHash = "sha256-VJ018vTOASlS9Ndp+dI2N5bla2lQcDxY+MPS2qXYufE="; + url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/ffd94a9909407a5d1ca2c1a2c35b19b048815dbd/pack.toml"; + packHash = ""; }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; From 60926ab38d8545eb372a2a491d12e10fba7b1b7f Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 19:52:26 +0700 Subject: [PATCH 180/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 75df76f..9d36ea8 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -3,7 +3,7 @@ auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = pkgs.fetchPackwizModpack { url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/ffd94a9909407a5d1ca2c1a2c35b19b048815dbd/pack.toml"; - packHash = ""; + packHash = "sha256-ipG+TlkQDKODpybJ+Obwpvq8DALc6YaGCBGsn7ayLi0="; }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; From aa133738f317aad4dd71004ade37a61ddc9299e9 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 3 May 2026 20:13:09 +0700 Subject: [PATCH 181/261] [skip ci] some formating --- modules/system/homelab/mc.nix | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9d36ea8..15c595d 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,9 +1,11 @@ { inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server - modpack = pkgs.fetchPackwizModpack { - url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/ffd94a9909407a5d1ca2c1a2c35b19b048815dbd/pack.toml"; + modpack = let + commit = "ffd94a9909407a5d1ca2c1a2c35b19b048815dbd"; + in pkgs.fetchPackwizModpack { packHash = "sha256-ipG+TlkQDKODpybJ+Obwpvq8DALc6YaGCBGsn7ayLi0="; + url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; @@ -40,7 +42,7 @@ in { "-Dminecraft.api.session.host=${auth-server}/session" "-Dminecraft.api.services.host=${auth-server}/services" - # Aikar's GC flags + # Aikar's GC flags (tuned for 10GB) "-XX:+UseG1GC" "-XX:+ParallelRefProcEnabled" "-XX:MaxGCPauseMillis=200" From 0e1357d07bf51ae458ffdb643e8ac4b547405918 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:16:32 +0700 Subject: [PATCH 182/261] [skip ci] desktop theme fix --- modules/home/desktop.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/desktop.nix b/modules/home/desktop.nix index aa51784..9e34895 100644 --- a/modules/home/desktop.nix +++ b/modules/home/desktop.nix @@ -6,6 +6,7 @@ ./rice/logout.nix ./rice/notifs.nix ./rice/cursor.nix + ./rice/theme.nix ./rice/menu.nix ./rice/idle.nix ./rice/bar.nix From 5979fe81290327e5bf063a2a3b55993c406d996d Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:16:49 +0700 Subject: [PATCH 183/261] [skip ci] update modpack --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 15c595d..257c805 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,7 +2,7 @@ ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "ffd94a9909407a5d1ca2c1a2c35b19b048815dbd"; + commit = "664e8130a15ac597a1d7e889f599205ff6147c06"; in pkgs.fetchPackwizModpack { packHash = "sha256-ipG+TlkQDKODpybJ+Obwpvq8DALc6YaGCBGsn7ayLi0="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; From 5fb4f3c661074e1b9f9a8550eeb663a48fbef0d3 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:18:03 +0700 Subject: [PATCH 184/261] [skip ci] add packwiz --- modules/home/core/apps.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/home/core/apps.nix b/modules/home/core/apps.nix index c20f566..14d3701 100644 --- a/modules/home/core/apps.nix +++ b/modules/home/core/apps.nix @@ -61,6 +61,7 @@ }) ferium + packwiz portablemc steamguard-cli # modrinth-app From 1d2711e59f06868359ce0c31c0471a488dbac56a Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:29:15 +0700 Subject: [PATCH 185/261] commit change --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 257c805..7e7fe08 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "664e8130a15ac597a1d7e889f599205ff6147c06"; in pkgs.fetchPackwizModpack { - packHash = "sha256-ipG+TlkQDKODpybJ+Obwpvq8DALc6YaGCBGsn7ayLi0="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 2f710301008c22b09dbb6268a7dd54c28006432c Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:32:16 +0700 Subject: [PATCH 186/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 7e7fe08..50a750d 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "664e8130a15ac597a1d7e889f599205ff6147c06"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-OYYOd33ouwPpHGlZznBZ+9wGOzr+J00Ln7yYInSVmtY="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From ede2c6e2e440aaef93a6aa7c2d9d7b32b3dc67fd Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:54:02 +0700 Subject: [PATCH 187/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 50a750d..a599d51 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "664e8130a15ac597a1d7e889f599205ff6147c06"; + commit = "9e2538b25a2e6f81c45062c8f6ea3234676a9c8e"; in pkgs.fetchPackwizModpack { - packHash = "sha256-OYYOd33ouwPpHGlZznBZ+9wGOzr+J00Ln7yYInSVmtY="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 5e317059099ada1a1dde7b7208a47bd7544e4702 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 11:57:18 +0700 Subject: [PATCH 188/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index a599d51..c5c84ec 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "9e2538b25a2e6f81c45062c8f6ea3234676a9c8e"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-GPMiCg2S9IQ4my5NPjet7MJNjgc+jf64a59fDbjEGVI="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From a6b4d41da1abbbcb76a7a419aef2ce47ac95dac2 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 20:50:10 +0700 Subject: [PATCH 189/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index c5c84ec..6c491ff 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation = "10240M"; auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "9e2538b25a2e6f81c45062c8f6ea3234676a9c8e"; + commit = "c76c7fc2037c4f9d6870d49c9444d33dd9480014"; in pkgs.fetchPackwizModpack { - packHash = "sha256-GPMiCg2S9IQ4my5NPjet7MJNjgc+jf64a59fDbjEGVI="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 2426cdea08f8a3f324ea070885a8a443a8306dd1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 21:25:03 +0700 Subject: [PATCH 190/261] disable guest storage --- modules/system/homelab/docs.nix | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 9682a0e..adfa357 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -1,4 +1,4 @@ -{ homelab, ... }: let +{ lib, pkgs, homelab, ... }: let domain = "docs.${homelab.domain}"; sandbox = "docs-sandbox.${homelab.domain}"; in { @@ -12,14 +12,31 @@ in { httpSafeOrigin = "https://${sandbox}"; blockDailyCheck = true; disableIntegratedEviction = true; - disableAnonymousStore = true; - disableAnonymousPadCreation = true; adminKeys = [ "[satr14@docs.satr14.my.id/f1A82fmBuqQka2bNqrCb1WbB9r2ex5A3rdys5xLX3Hc=]" ]; }; }; + systemd.tmpfiles.rules = lib.singleton "f /var/lib/cryptpad/customize/application_config.js 0644 root root - ${pkgs.writeText "cryptpad-application-config.js" '' + (() => { + const factory = (AppConfig) => { + AppConfig.disableAnonymousPadCreation = true; + AppConfig.disableAnonymousStore = true; + AppConfig.defaultDarkTheme = 'true'; + return AppConfig; + }; + + if (typeof(module) !== 'undefined' && module.exports) { + module.exports = factory( + require('../www/common/application_config_internal.js') + ); + } else if ((typeof(define) !== 'undefined' && define !== null) && (define.amd !== null)) { + define(['/common/application_config_internal.js'], factory); + } + })(); + ''}"; + fileSystems."/var/lib/private/cryptpad" = { device = "/mnt/data/apps/cryptpad"; depends = [ "/mnt/data" ]; From a2315ae2bb7e51234e3ed59d9cfc7e8bb83f7ebf Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 21:27:34 +0700 Subject: [PATCH 191/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 6c491ff..3118249 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "c76c7fc2037c4f9d6870d49c9444d33dd9480014"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-ZTzI6hhpqkirkbwcqV7ufC0XB2qSmiNYec+z/kr/HpE="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 801fac269c7a55589b9a27d81afc000ca6703c75 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 4 May 2026 21:43:00 +0700 Subject: [PATCH 192/261] [skip ci] zed tweaks --- modules/home/core/code.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/modules/home/core/code.nix b/modules/home/core/code.nix index b3d3dc2..21268ff 100644 --- a/modules/home/core/code.nix +++ b/modules/home/core/code.nix @@ -11,6 +11,8 @@ "nix" ]; userSettings = { + diff_view_style = "unified"; + cli_default_open_behavior = "existing_window"; format_on_save = "off"; vim_mode = true; git.inline_blame.enabled = true; @@ -41,7 +43,9 @@ tool_permissions.default = "allow"; default_model = { provider = "copilot_chat"; - model = "claude-opus-4.6"; + model = "claude-sonnet-4.6"; + effort = "high"; + enable_thinking = false; }; }; theme = { From cf9f6b8882a9980e6d891649603bbba4cf6d3084 Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 09:21:06 +0700 Subject: [PATCH 193/261] remove variable --- modules/system/homelab/docs.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index adfa357..960cbc8 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -23,7 +23,6 @@ in { const factory = (AppConfig) => { AppConfig.disableAnonymousPadCreation = true; AppConfig.disableAnonymousStore = true; - AppConfig.defaultDarkTheme = 'true'; return AppConfig; }; From b5b13a63bf48d59a23f80f29a2bd9cb2629aa594 Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 14:01:27 +0700 Subject: [PATCH 194/261] update modpack with auth server support --- modules/system/homelab/mc.nix | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 3118249..540c264 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,10 +1,10 @@ { inputs, lib, pkgs, ... }: let ram-allocation = "10240M"; - auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server + # auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "c76c7fc2037c4f9d6870d49c9444d33dd9480014"; + commit = "3ce321be116ec909aa2f2188b6d3e9351806dd7e"; in pkgs.fetchPackwizModpack { - packHash = "sha256-ZTzI6hhpqkirkbwcqV7ufC0XB2qSmiNYec+z/kr/HpE="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { @@ -35,12 +35,12 @@ in { "--add-modules=jdk.incubator.vector" # Custom auth server - "-Dminecraft.api.env=custom" - "-Dminecraft.api.auth.host=${auth-server}/auth" - "-Dminecraft.api.account.host=${auth-server}/account" - "-Dminecraft.api.profiles.host=${auth-server}/account" - "-Dminecraft.api.session.host=${auth-server}/session" - "-Dminecraft.api.services.host=${auth-server}/services" + # "-Dminecraft.api.env=custom" + # "-Dminecraft.api.auth.host=${auth-server}/auth" + # "-Dminecraft.api.account.host=${auth-server}/account" + # "-Dminecraft.api.profiles.host=${auth-server}/account" + # "-Dminecraft.api.session.host=${auth-server}/session" + # "-Dminecraft.api.services.host=${auth-server}/services" # Aikar's GC flags (tuned for 10GB) "-XX:+UseG1GC" From 7635987ea0d41c038e6b270e55de87b59f8aba0b Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 14:03:43 +0700 Subject: [PATCH 195/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 540c264..3ba3dc0 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "3ce321be116ec909aa2f2188b6d3e9351806dd7e"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-RJjaUNHLWrgb43PbKIDO9SWV6Lo/o1uSEDiMDpokSU8="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From df8a2680d62133bd7ad9762dd608ff842cc54175 Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 17:51:40 +0700 Subject: [PATCH 196/261] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'ctp': 'github:catppuccin/nix/e82c195f2276825b0a08024fdaff80f965edcd69?narHash=sha256-ul1iRBfVX2vc971tHHhVtxX2hycU3nVwgO005OcOKnw%3D' (2026-04-29) → 'github:catppuccin/nix/e68cf5deaf1a7afed2e548835dba2ae99f5a3ccb?narHash=sha256-kbIhdhDPaTP6gxAPkcRYeB%2BcqPFDpTM/bnw%2Bm%2B26vkI%3D' (2026-05-02) • Updated input 'ctp/nixpkgs': 'github:NixOS/nixpkgs/b12141ef619e0a9c1c84dc8c684040326f27cdcc?narHash=sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24%3D' (2026-04-18) → 'github:NixOS/nixpkgs/1c3fe55ad329cbcb28471bb30f05c9827f724c76?narHash=sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M%2BC8yzzIRYbE%3D' (2026-04-27) • Updated input 'hm': 'github:nix-community/home-manager/2e54a938cdd4c8e414b2518edc3d82308027c670?narHash=sha256-SwgiG2T5pbyo33Vz7/vUCAhEMgwCK8Pa2nDSx5a6/WE%3D' (2026-04-30) → 'github:nix-community/home-manager/7ef1c04d11f7ef69fd946b118c768c32de0b89a5?narHash=sha256-8ceIdvijN2tm9fIAUgnIZ8BM8TlsFx7pRYKRoxNsi1k%3D' (2026-05-05) • Updated input 'mc': 'github:Infinidoge/nix-minecraft/0707737282f65e25ed8e6e73f8767872659b7fb8?narHash=sha256-rPszOFTm7gP9n/JGiFH4SeuEALC8FBJtXu5owvHVjaQ%3D' (2026-05-02) → 'github:Infinidoge/nix-minecraft/34a46e4de360c5004ee1866f5e3de78bf5e8b289?narHash=sha256-8dQ/DOUvQI8x5i6MZ309/xZLLVfV1CgWbD2%2BJiQ7Hd4%3D' (2026-05-05) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/1c3fe55ad329cbcb28471bb30f05c9827f724c76?narHash=sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M%2BC8yzzIRYbE%3D' (2026-04-27) → 'github:nixos/nixpkgs/15f4ee454b1dce334612fa6843b3e05cf546efab?narHash=sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM%2BZ4%3D' (2026-04-30) --- flake.lock | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/flake.lock b/flake.lock index 5970bab..5ab99ba 100644 --- a/flake.lock +++ b/flake.lock @@ -5,11 +5,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1777505151, - "narHash": "sha256-ul1iRBfVX2vc971tHHhVtxX2hycU3nVwgO005OcOKnw=", + "lastModified": 1777734189, + "narHash": "sha256-kbIhdhDPaTP6gxAPkcRYeB+cqPFDpTM/bnw+m+26vkI=", "owner": "catppuccin", "repo": "nix", - "rev": "e82c195f2276825b0a08024fdaff80f965edcd69", + "rev": "e68cf5deaf1a7afed2e548835dba2ae99f5a3ccb", "type": "github" }, "original": { @@ -78,11 +78,11 @@ ] }, "locked": { - "lastModified": 1777518431, - "narHash": "sha256-SwgiG2T5pbyo33Vz7/vUCAhEMgwCK8Pa2nDSx5a6/WE=", + "lastModified": 1777977606, + "narHash": "sha256-8ceIdvijN2tm9fIAUgnIZ8BM8TlsFx7pRYKRoxNsi1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "2e54a938cdd4c8e414b2518edc3d82308027c670", + "rev": "7ef1c04d11f7ef69fd946b118c768c32de0b89a5", "type": "github" }, "original": { @@ -99,11 +99,11 @@ "systems": "systems_2" }, "locked": { - "lastModified": 1777692910, - "narHash": "sha256-rPszOFTm7gP9n/JGiFH4SeuEALC8FBJtXu5owvHVjaQ=", + "lastModified": 1777952170, + "narHash": "sha256-8dQ/DOUvQI8x5i6MZ309/xZLLVfV1CgWbD2+JiQ7Hd4=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "0707737282f65e25ed8e6e73f8767872659b7fb8", + "rev": "34a46e4de360c5004ee1866f5e3de78bf5e8b289", "type": "github" }, "original": { @@ -114,11 +114,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1776548001, - "narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=", + "lastModified": 1777268161, + "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc", + "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "type": "github" }, "original": { @@ -161,11 +161,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1777268161, - "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", + "lastModified": 1777578337, + "narHash": "sha256-Ad49moKWeXtKBJNy2ebiTQUEgdLyvGmTeykAQ9xM+Z4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", + "rev": "15f4ee454b1dce334612fa6843b3e05cf546efab", "type": "github" }, "original": { From 4ea96369890e1f14cc6fdc9a0463fe0c96b0989f Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 17:59:37 +0700 Subject: [PATCH 197/261] fix cryptpad error --- modules/system/homelab/docs.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index 960cbc8..eee4911 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -23,6 +23,7 @@ in { const factory = (AppConfig) => { AppConfig.disableAnonymousPadCreation = true; AppConfig.disableAnonymousStore = true; + AppConfig.defaultDarkTheme = true; return AppConfig; }; From 6d3f4f33b56d8cd0e7aaef8f779ef01da54343fe Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 5 May 2026 19:10:06 +0700 Subject: [PATCH 198/261] fix qt theme --- modules/home/rice/compositor.nix | 1 + modules/home/rice/theme.nix | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/modules/home/rice/compositor.nix b/modules/home/rice/compositor.nix index 1c84e92..00f19e0 100644 --- a/modules/home/rice/compositor.nix +++ b/modules/home/rice/compositor.nix @@ -51,6 +51,7 @@ "GTK_APPLICATION_PREFER_DARK_THEME,1" "GTK_THEME,Adwaita:dark" "QT_QPA_PLATFORMTHEME,kvantum" + "QT_STYLE_OVERRIDE,kvantum" ]; general = { diff --git a/modules/home/rice/theme.nix b/modules/home/rice/theme.nix index 83e5a2e..7946bf5 100644 --- a/modules/home/rice/theme.nix +++ b/modules/home/rice/theme.nix @@ -1,10 +1,9 @@ { lib, pkgs, ctp-opt, rice, ... }: { - dconf = { enable = true; settings."org/gnome/desktop/interface" = { color-scheme = "prefer-dark"; - gtk-theme = "Adwaita-dark"; + gtk-theme = lib.mkForce "Adwaita-dark"; }; }; @@ -24,6 +23,11 @@ qt = { enable = true; + kvantum = { + enable = true; + themes = with pkgs; [ catppuccin-kvantum ]; + settings.General.theme = "catppuccin-${ctp-opt.flavor}-${ctp-opt.accent}"; + }; platformTheme.name = "kvantum"; style = { name = "kvantum"; From b150f36224ec4e5d00a01d47aa569c8e2a35226d Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 6 May 2026 10:25:34 +0700 Subject: [PATCH 199/261] unfree license fix --- modules/home/core/cli.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/home/core/cli.nix b/modules/home/core/cli.nix index 3cd45ea..86b3c08 100644 --- a/modules/home/core/cli.nix +++ b/modules/home/core/cli.nix @@ -66,7 +66,6 @@ telescope-file-browser-nvim nvim-tree-lua nvim-cmp - barbar-nvim indent-blankline-nvim markdown-preview-nvim ]; From 3a52bd329a3297f42a2f552a2cad53bb6ec5d909 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 6 May 2026 13:27:01 +0700 Subject: [PATCH 200/261] fix to symlink --- modules/system/homelab/docs.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/docs.nix b/modules/system/homelab/docs.nix index eee4911..58d6738 100644 --- a/modules/system/homelab/docs.nix +++ b/modules/system/homelab/docs.nix @@ -18,7 +18,7 @@ in { }; }; - systemd.tmpfiles.rules = lib.singleton "f /var/lib/cryptpad/customize/application_config.js 0644 root root - ${pkgs.writeText "cryptpad-application-config.js" '' + systemd.tmpfiles.rules = lib.singleton "L+ /var/lib/cryptpad/customize/application_config.js - - - - ${pkgs.writeText "cryptpad-application-config.js" '' (() => { const factory = (AppConfig) => { AppConfig.disableAnonymousPadCreation = true; From eca24f7e0797e29777d6c38fe45c960998edddae Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 7 May 2026 05:11:16 +0700 Subject: [PATCH 201/261] hide boot partition --- modules/system/homelab/dash.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index 78b68f4..d973699 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -251,6 +251,7 @@ in { servers = [{ type = "local"; mountpoints = { + "/boot".hide = true; "/nix/store".hide = true; "/var/lib/vaultwarden".hide = true; "/var/lib/private/cryptpad".hide = true; From e9e66d75f98528746aecd0a1190977a8adbc75ae Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 7 May 2026 21:23:53 +0700 Subject: [PATCH 202/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 3ba3dc0..cf598ba 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation = "10240M"; # auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "3ce321be116ec909aa2f2188b6d3e9351806dd7e"; + commit = "5123157952be9149f429c694388d003b0acaa61b"; in pkgs.fetchPackwizModpack { - packHash = "sha256-RJjaUNHLWrgb43PbKIDO9SWV6Lo/o1uSEDiMDpokSU8="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 760007425269055f9838eef2dde8bd03c147da0e Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 7 May 2026 21:47:27 +0700 Subject: [PATCH 203/261] update modpack --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index cf598ba..f1c4d74 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,7 +2,7 @@ ram-allocation = "10240M"; # auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server modpack = let - commit = "5123157952be9149f429c694388d003b0acaa61b"; + commit = "667aadf36aac9b0689289f4988a76b924bbb9cbc"; in pkgs.fetchPackwizModpack { packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; From 6b13eb332304d81c53b9b4dcb15403d418a74ecd Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 7 May 2026 22:07:55 +0700 Subject: [PATCH 204/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index f1c4d74..276ab69 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "667aadf36aac9b0689289f4988a76b924bbb9cbc"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-sNWuqTIpqnwxhoof5PkJXrvVE5x/wnhc3LoqomjYBNs="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 37867492a9856725f69720c91aeb1c4a94a5d22d Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 16:33:02 +0700 Subject: [PATCH 205/261] performance tweaks (zgc, sysctl, jvmopts, etc) --- modules/system/homelab/mc.nix | 69 ++++++++++++++--------------------- 1 file changed, 27 insertions(+), 42 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 276ab69..4e45400 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,6 +1,5 @@ { inputs, lib, pkgs, ... }: let - ram-allocation = "10240M"; - # auth-server = "https://mc.satr14.my.id"; # TODO: self hosted drasl server + ram-allocation-mb = 12288; modpack = let commit = "667aadf36aac9b0689289f4988a76b924bbb9cbc"; in pkgs.fetchPackwizModpack { @@ -11,6 +10,12 @@ in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; + powerManagement.cpuFreqGovernor = "schedutil"; + boot.kernel.sysctl = { + "vm.nr_hugepages" = 6656; + "vm.swappiness" = 10; + }; + services.minecraft-servers = { enable = true; eula = true; @@ -21,54 +26,34 @@ in { enable = true; autoStart = true; restart = "always"; - enableReload = false; # NOTE: development phase, disable in production + enableReload = true; # NOTE: development phase, disable in production package = pkgs.fabricServers.fabric-1_21_11.override { - jre_headless = pkgs.javaPackages.compiler.temurin-bin.jre-25; + jre_headless = pkgs.javaPackages.compiler.temurin-bin.jdk-25; loaderVersion = "0.19.2"; }; - jvmOpts = let - flags = [ - "-Xms${ram-allocation}" - "-Xmx${ram-allocation}" - "--add-modules=jdk.incubator.vector" - - # Custom auth server - # "-Dminecraft.api.env=custom" - # "-Dminecraft.api.auth.host=${auth-server}/auth" - # "-Dminecraft.api.account.host=${auth-server}/account" - # "-Dminecraft.api.profiles.host=${auth-server}/account" - # "-Dminecraft.api.session.host=${auth-server}/session" - # "-Dminecraft.api.services.host=${auth-server}/services" + jvmOpts = let flags = [ + "-Xms${toString ram-allocation-mb}M" + "-Xmx${toString ram-allocation-mb}M" - # Aikar's GC flags (tuned for 10GB) - "-XX:+UseG1GC" - "-XX:+ParallelRefProcEnabled" - "-XX:MaxGCPauseMillis=200" - "-XX:+UnlockExperimentalVMOptions" - "-XX:+DisableExplicitGC" - "-XX:+AlwaysPreTouch" - "-XX:G1HeapWastePercent=5" - "-XX:G1MixedGCCountTarget=4" - "-XX:InitiatingHeapOccupancyPercent=15" - "-XX:G1MixedGCLiveThresholdPercent=90" - "-XX:G1RSetUpdatingPauseTimePercent=5" - "-XX:SurvivorRatio=32" - "-XX:+PerfDisableSharedMem" - "-XX:MaxTenuringThreshold=1" - "-Dusing.aikars.flags=https://mcflags.emc.gs" - "-Daikars.new.flags=true" - "-XX:G1NewSizePercent=30" - "-XX:G1MaxNewSizePercent=40" - "-XX:G1HeapRegionSize=8M" - "-XX:G1ReservePercent=20" - ]; - in lib.concatStringsSep " " flags; + # Exposes SIMD instructions (requires full JDK, useful with performance mods) + "--add-modules=jdk.incubator.vector" + + # ZGC flags (requires Java v25+, 8+ CPU cores, 10GB+ RAM) + "-XX:+UseZGC" + "-XX:+UseLargePages" + "-XX:+AlwaysPreTouch" + "-XX:+DisableExplicitGC" + "-XX:+PerfDisableSharedMem" + "-XX:+UseCompactObjectHeaders" + "-XX:ZAllocationSpikeTolerance=5" + "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" + ]; in lib.concatStringsSep " " flags; serverProperties = { server-port = 25565; - server-name = "Digit Association"; + server-name = "Minecraft Server"; motd = "§lSeason 3 TESTING§r - §dExplorers Creativity 🔥"; difficulty = "normal"; @@ -88,7 +73,7 @@ in { # resource-pack-sha1 = "e0958dcef5755286f390c22280700c471ec34a65"; # resource-pack-enforce = false; - simulation-distance = 16; + simulation-distance = 12; view-distance = 4; enable-rcon = true; From 02c4edc9084d91fd8b69efd25562b9f4b76450cd Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 19:04:56 +0700 Subject: [PATCH 206/261] add rclone --- modules/system/misc/utilities.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/misc/utilities.nix b/modules/system/misc/utilities.nix index de5d35e..a637e8d 100644 --- a/modules/system/misc/utilities.nix +++ b/modules/system/misc/utilities.nix @@ -8,6 +8,7 @@ ntfs3g exfatprogs smartmontools + rclone ncdu ventoy-full-qt From 3afe1f226f41f91d5fe82621b0bfd55ca831aee7 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 21:09:20 +0700 Subject: [PATCH 207/261] update modpack and add credits to readme --- README.md | 3 ++- modules/system/homelab/mc.nix | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index ee0d382..2eb43c0 100644 --- a/README.md +++ b/README.md @@ -8,4 +8,5 @@ - `homelab` - i7 8700T, 32GB RAM, 512GB NVME, 1TB 2.5" SATA ## Credits -- [orangc's flake](https://git.orangc.net/c/dots) \ No newline at end of file +- [orangc's flake](https://git.orangc.net/c/dots) +- [vimjoyer's tutorials](https://www.youtube.com/@vimjoyer) \ No newline at end of file diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 4e45400..eb11851 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,9 +1,9 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; modpack = let - commit = "667aadf36aac9b0689289f4988a76b924bbb9cbc"; + commit = "c82e271f5e8a8067ed62af6e870307459580e812"; in pkgs.fetchPackwizModpack { - packHash = "sha256-sNWuqTIpqnwxhoof5PkJXrvVE5x/wnhc3LoqomjYBNs="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 73428f1501f29b3b24ae48fe1216734d13a00704 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 21:12:56 +0700 Subject: [PATCH 208/261] update fix --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index eb11851..4b3adc6 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,7 +1,7 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; modpack = let - commit = "c82e271f5e8a8067ed62af6e870307459580e812"; + commit = "2465b8364a9dd8166921dbe854c5cc7d530cdc7c"; in pkgs.fetchPackwizModpack { packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; From 05f27f292734a2ff3bdc59581a888a612a5c7324 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 21:15:37 +0700 Subject: [PATCH 209/261] update fix 2 --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 4b3adc6..57a23b0 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,7 +1,7 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; modpack = let - commit = "2465b8364a9dd8166921dbe854c5cc7d530cdc7c"; + commit = "d1c0e4d6813e912a861345aa172eb52b83f93da9"; in pkgs.fetchPackwizModpack { packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; From 21f3df0cb42c39e2b71281c4ec8a46511d70fbdc Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 8 May 2026 21:16:40 +0700 Subject: [PATCH 210/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 57a23b0..1e0affc 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -3,7 +3,7 @@ modpack = let commit = "d1c0e4d6813e912a861345aa172eb52b83f93da9"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-qeiJlkMBkTW+WQemGt9W0N+iTgG6TKsq/5YiJuph1Sk="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From e3202701ef094ee3c0db015625b09420983b3ae0 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 14:21:30 +0700 Subject: [PATCH 211/261] wp source --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 2eb43c0..9172fc5 100644 --- a/README.md +++ b/README.md @@ -9,4 +9,5 @@ ## Credits - [orangc's flake](https://git.orangc.net/c/dots) -- [vimjoyer's tutorials](https://www.youtube.com/@vimjoyer) \ No newline at end of file +- [vimjoyer's tutorials](https://www.youtube.com/@vimjoyer) +- [wallpaper source](https://github.com/er2de2/catppuccin_walls/blob/master/wallpapers_png/autumn_2.0.png) \ No newline at end of file From 0cdce64701ad540db7ccdbc0f9db29582db95926 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 14:21:45 +0700 Subject: [PATCH 212/261] dynamic large pages and update modpack --- modules/system/homelab/mc.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 1e0affc..8bb9344 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,9 +1,9 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; modpack = let - commit = "d1c0e4d6813e912a861345aa172eb52b83f93da9"; + commit = "476d4e5c08caded28ef0e24193249bec75cf52e6"; in pkgs.fetchPackwizModpack { - packHash = "sha256-qeiJlkMBkTW+WQemGt9W0N+iTgG6TKsq/5YiJuph1Sk="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { @@ -12,7 +12,7 @@ in { powerManagement.cpuFreqGovernor = "schedutil"; boot.kernel.sysctl = { - "vm.nr_hugepages" = 6656; + "vm.nr_hugepages" = (ram-allocation-mb / 2) + 512; # (heap_mb / 2MB per page) + 512 pages (1GB) for ZGC off-heap overhead "vm.swappiness" = 10; }; From 81bf3f71187d93a4b3e6746b200e452c12a21e81 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 14:23:15 +0700 Subject: [PATCH 213/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 8bb9344..a017ca8 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -3,7 +3,7 @@ modpack = let commit = "476d4e5c08caded28ef0e24193249bec75cf52e6"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-zO7r8nXsK5Z3EnkUZNVDmPU1xqLI6qbZfS2tw0LLi0Q="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 59163a8f067fc66cb4fea8699a1833195384426d Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 19:49:35 +0700 Subject: [PATCH 214/261] update modpack include worldgen --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index a017ca8..adbdcf0 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,9 +1,9 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; modpack = let - commit = "476d4e5c08caded28ef0e24193249bec75cf52e6"; + commit = "9241d6b4642239a6dfb5629ddb822a127bf93dff"; in pkgs.fetchPackwizModpack { - packHash = "sha256-zO7r8nXsK5Z3EnkUZNVDmPU1xqLI6qbZfS2tw0LLi0Q="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 48c4c03b738191211c6a61357b09af9ce3acd34f Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 19:56:01 +0700 Subject: [PATCH 215/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index adbdcf0..9149da2 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -3,7 +3,7 @@ modpack = let commit = "9241d6b4642239a6dfb5629ddb822a127bf93dff"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-GwXJf81iXuEEQeg97nKxzGG/dYl9l8xMW0+mOHRiSAQ="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; in { From 2844bce5a33a83220a8282dffec98b3846545bdb Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 20:40:07 +0700 Subject: [PATCH 216/261] add mc group and gamerule --- modules/system/homelab/mc.nix | 18 ++++++++++++++---- modules/system/user.nix | 1 + 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9149da2..42e1e2e 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,11 +1,13 @@ { inputs, lib, pkgs, ... }: let ram-allocation-mb = 12288; + rcon-pass = "howdy"; modpack = let commit = "9241d6b4642239a6dfb5629ddb822a127bf93dff"; in pkgs.fetchPackwizModpack { packHash = "sha256-GwXJf81iXuEEQeg97nKxzGG/dYl9l8xMW0+mOHRiSAQ="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; + in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; @@ -50,6 +52,16 @@ in { "-XX:ZAllocationSpikeTolerance=5" "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" ]; in lib.concatStringsSep " " flags; + + extraStartPost = let gamerules = { + "locator_bar" = false; + "mob_explosion_drop_decay" = false; + # "reduced_debug_info" = false; + # "global_sound_events" = false; + }; in lib.concatStringsSep "\n" (map + (rule: "rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") + (lib.attrNames gamerules) + ); serverProperties = { server-port = 25565; @@ -78,16 +90,14 @@ in { enable-rcon = true; sync-chunk-writes = false; - "rcon.password" = "howdy"; + "rcon.password" = rcon-pass; "rcon.port" = 25575; }; symlinks = { + # "server-icon.png" = "${modpack}/server-icon.png"; # "resources/datapack/required" = "${modpack}/datapacks"; "mods" = "${modpack}/mods"; - - # "server-icon.png" = "${modpack}/server-icon.png"; - # "config" = ""; }; }; }; diff --git a/modules/system/user.nix b/modules/system/user.nix index 44910e9..5f50a54 100644 --- a/modules/system/user.nix +++ b/modules/system/user.nix @@ -7,6 +7,7 @@ shell = pkgs.zsh; extraGroups = [ "networkmanager" + "minecraft" "wheel" "dialout" "libvirtd" From 51ea85202650d2e21eed01a51198fb331d638268 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:31:50 +0700 Subject: [PATCH 217/261] update modpack and include datapacks --- modules/system/homelab/mc.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 42e1e2e..cc64bb7 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "9241d6b4642239a6dfb5629ddb822a127bf93dff"; + commit = "c204d7f5891543b9f15b5d6ba9a7904bab93bfde"; in pkgs.fetchPackwizModpack { - packHash = "sha256-GwXJf81iXuEEQeg97nKxzGG/dYl9l8xMW0+mOHRiSAQ="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; @@ -96,7 +96,7 @@ in { symlinks = { # "server-icon.png" = "${modpack}/server-icon.png"; - # "resources/datapack/required" = "${modpack}/datapacks"; + "world/datapacks" = "${modpack}/datapacks"; "mods" = "${modpack}/mods"; }; }; From c48283a6e237a017b4c69525c12893e36e7f0597 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:35:23 +0700 Subject: [PATCH 218/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index cc64bb7..409b5a3 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "c204d7f5891543b9f15b5d6ba9a7904bab93bfde"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-mzUO3/jVS0kLmSEa1MVaVG7+kDwMiOorwGJw0IVCRMk="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From b2ecd770c8e55d82961754665f07298571a52050 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:40:13 +0700 Subject: [PATCH 219/261] fix rcon-cli path --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 409b5a3..0c778cb 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -59,7 +59,7 @@ in { # "reduced_debug_info" = false; # "global_sound_events" = false; }; in lib.concatStringsSep "\n" (map - (rule: "rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") + (rule: "${pkgs.rcon-cli} --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") (lib.attrNames gamerules) ); From 68455e7ce4f7d3400daba6e6ebea5b76797ad6cc Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:41:18 +0700 Subject: [PATCH 220/261] fix bin path --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 0c778cb..9fc0966 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -59,7 +59,7 @@ in { # "reduced_debug_info" = false; # "global_sound_events" = false; }; in lib.concatStringsSep "\n" (map - (rule: "${pkgs.rcon-cli} --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") + (rule: "${pkgs.rcon-cli}/bin/rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") (lib.attrNames gamerules) ); From 7d2be949cad00463c08b81289bc80f52861bdc23 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:43:30 +0700 Subject: [PATCH 221/261] startpost remove --- modules/system/homelab/mc.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9fc0966..51444c4 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -53,15 +53,16 @@ in { "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" ]; in lib.concatStringsSep " " flags; - extraStartPost = let gamerules = { - "locator_bar" = false; - "mob_explosion_drop_decay" = false; - # "reduced_debug_info" = false; - # "global_sound_events" = false; - }; in lib.concatStringsSep "\n" (map - (rule: "${pkgs.rcon-cli}/bin/rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") - (lib.attrNames gamerules) - ); + # extraStartPost = let gamerules = { + # "locator_bar" = false; + # "mob_explosion_drop_decay" = false; + # # "reduced_debug_info" = false; + # # "global_sound_events" = false; + # }; in lib.concatStringsSep "\n" (map + # (rule: "${pkgs.rcon-cli}/bin/rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") + # (lib.attrNames gamerules) + # ); + # TODO: figure out how to set gamerules on start (script above runs **before** server ready) serverProperties = { server-port = 25565; From 2740bb817587c5a04b5db9c30bbf9becc4e43922 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:46:33 +0700 Subject: [PATCH 222/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 51444c4..50a7865 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "c204d7f5891543b9f15b5d6ba9a7904bab93bfde"; + commit = "d2b9f6d5059ec68df3323328dab70a918195e487"; in pkgs.fetchPackwizModpack { - packHash = "sha256-mzUO3/jVS0kLmSEa1MVaVG7+kDwMiOorwGJw0IVCRMk="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From b917409d106facc8d0ce66b80b52bd7968530e77 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:49:38 +0700 Subject: [PATCH 223/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 50a7865..0edebbb 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "d2b9f6d5059ec68df3323328dab70a918195e487"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-p2Lg2VldNcujIcI2DsmwZtZeF6rdAIQzcf0QaEPn15A="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From acf495fae239919577c3701351b7b4b3eb9774ab Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:54:44 +0700 Subject: [PATCH 224/261] update modpack --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 0edebbb..9e77ee5 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,7 +2,7 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "d2b9f6d5059ec68df3323328dab70a918195e487"; + commit = "4da142e626638de11e454db604251dce6cc14c58"; in pkgs.fetchPackwizModpack { packHash = "sha256-p2Lg2VldNcujIcI2DsmwZtZeF6rdAIQzcf0QaEPn15A="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; From 4b6a8a6fa28d534681b43feb80b55818e53355d1 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:56:17 +0700 Subject: [PATCH 225/261] refresh hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 9e77ee5..29fb169 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "4da142e626638de11e454db604251dce6cc14c58"; in pkgs.fetchPackwizModpack { - packHash = "sha256-p2Lg2VldNcujIcI2DsmwZtZeF6rdAIQzcf0QaEPn15A="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From c03567baa351aae858aa28ee28d435795495fb00 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 9 May 2026 23:57:24 +0700 Subject: [PATCH 226/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 29fb169..096c885 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "4da142e626638de11e454db604251dce6cc14c58"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-xpVxreoFVF5e3VidtlqgiIWZYcBy8OY9vrSv3dgV/u8="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From e9306f35153be41bd24ae1db242f7a232951b0dd Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 00:03:51 +0700 Subject: [PATCH 227/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 096c885..913cc36 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "4da142e626638de11e454db604251dce6cc14c58"; + commit = "a52f65c1234b9f2dbe1392c471cb32a0614c5073"; in pkgs.fetchPackwizModpack { - packHash = "sha256-xpVxreoFVF5e3VidtlqgiIWZYcBy8OY9vrSv3dgV/u8="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 13041a04a5a31aa0145c304075c26d7a908a9533 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 00:06:31 +0700 Subject: [PATCH 228/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 913cc36..fc641c7 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "a52f65c1234b9f2dbe1392c471cb32a0614c5073"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-WplCmvuCmA8TNeRVBKMwkvizmYlBcU9PDugXXSKTBaA="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 0b2ef091ee9c7dd8a7cd9ab1981da47d5c682d59 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 10:43:02 +0700 Subject: [PATCH 229/261] got some things mixed up :p --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index fc641c7..d47f5db 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -86,8 +86,8 @@ in { # resource-pack-sha1 = "e0958dcef5755286f390c22280700c471ec34a65"; # resource-pack-enforce = false; - simulation-distance = 12; - view-distance = 4; + view-distance = 12; + simulation-distance = 4; enable-rcon = true; sync-chunk-writes = false; From 6e02ff9c9c1de4a695ea8c2d6b32e1e0a58fa4f6 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 10:49:39 +0700 Subject: [PATCH 230/261] remove datapacks --- modules/system/homelab/mc.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index d47f5db..505c34f 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -97,7 +97,6 @@ in { symlinks = { # "server-icon.png" = "${modpack}/server-icon.png"; - "world/datapacks" = "${modpack}/datapacks"; "mods" = "${modpack}/mods"; }; }; From 3dc56278c9e83efbbce8206634c14c9d81f08ffa Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 10:50:02 +0700 Subject: [PATCH 231/261] zgc lag from pause fix --- modules/system/homelab/mc.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 505c34f..531253a 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -51,6 +51,10 @@ in { "-XX:+UseCompactObjectHeaders" "-XX:ZAllocationSpikeTolerance=5" "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" + + # High MSPT due to ZGC pauses + "-XX:ZUncommitDelay=300" + "-XX:ZCollectionInterval=5" ]; in lib.concatStringsSep " " flags; # extraStartPost = let gamerules = { From 90ed03a7aeb3cb8d3cde86e261531e02d41bef25 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 11:20:55 +0700 Subject: [PATCH 232/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 531253a..03171a9 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "a52f65c1234b9f2dbe1392c471cb32a0614c5073"; + commit = "ac9278758cf96b97fbb4f816aca0fb2f94ccf3a2"; in pkgs.fetchPackwizModpack { - packHash = "sha256-WplCmvuCmA8TNeRVBKMwkvizmYlBcU9PDugXXSKTBaA="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 7e2c4b5169971e46a296d9a3428eebffa5fa857f Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 11:27:44 +0700 Subject: [PATCH 233/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 03171a9..18a49a9 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "ac9278758cf96b97fbb4f816aca0fb2f94ccf3a2"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-X9CTYHfGRx6caCHfe+KS6/jhXV5fPCZ9hr8O2tlXus0="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 51b83d617ed394ed0b5533293353f040dae84989 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 18:52:32 +0700 Subject: [PATCH 234/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 18a49a9..182a82f 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "ac9278758cf96b97fbb4f816aca0fb2f94ccf3a2"; + commit = "918b281754d4c289a3567cca083774087b2a2ec0"; in pkgs.fetchPackwizModpack { - packHash = "sha256-X9CTYHfGRx6caCHfe+KS6/jhXV5fPCZ9hr8O2tlXus0="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From b8b5084352287158eb9011d9b6d9eb57d27e13f5 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 10 May 2026 18:54:43 +0700 Subject: [PATCH 235/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 182a82f..70c9dc0 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "918b281754d4c289a3567cca083774087b2a2ec0"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-HmTDQac9FCQXBPWiZIxu9zmHyl2vqMVQpZpDHp+2lBA="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 35185583ee71deb26f0bad0a45cbd25e8544ddff Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 11 May 2026 16:12:48 +0700 Subject: [PATCH 236/261] fix battery notif --- modules/hardware/misc/battery-power.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/hardware/misc/battery-power.nix b/modules/hardware/misc/battery-power.nix index 3a2ca6b..8c529e1 100644 --- a/modules/hardware/misc/battery-power.nix +++ b/modules/hardware/misc/battery-power.nix @@ -17,8 +17,10 @@ BAT_PCT=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '[0-9]+(?=%)'` BAT_STA=`${pkgs.acpi}/bin/acpi -b | ${pkgs.gnugrep}/bin/grep -P -o '\w+(?=,)'` echo "`date` battery status:$BAT_STA percentage:$BAT_PCT" - test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send "Low Battery" "Battery remaining: $BAT_PCT%." - test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && DISPLAY=:0.0 ${pkgs.libnotify}/bin/notify-send -u critical "Low Battery" "Shutdown at 10%." + export DISPLAY=:0 + export DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$(id -u)/bus + test $BAT_PCT -le 30 && test $BAT_PCT -gt 15 && test $BAT_STA = "Discharging" && ${pkgs.libnotify}/bin/notify-send "Low Battery" "Battery remaining: $BAT_PCT%." + test $BAT_PCT -le 15 && test $BAT_STA = "Discharging" && ${pkgs.libnotify}/bin/notify-send -u critical "Low Battery" "Shutdown at 10%." ''} > /tmp/cron.batt.log 2>&1" ]; }; From 23d4592783c0fc2991375912b8b1b890ddd7bf81 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 11 May 2026 16:26:43 +0700 Subject: [PATCH 237/261] cleanup flag config and update modpack --- modules/system/homelab/mc.nix | 32 +++++++++++++------------------- 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 70c9dc0..d545f0b 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "918b281754d4c289a3567cca083774087b2a2ec0"; + commit = "506050af820a4cf370c6f2021c5991d665ba902a"; in pkgs.fetchPackwizModpack { - packHash = "sha256-HmTDQac9FCQXBPWiZIxu9zmHyl2vqMVQpZpDHp+2lBA="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; @@ -38,23 +38,17 @@ in { jvmOpts = let flags = [ "-Xms${toString ram-allocation-mb}M" "-Xmx${toString ram-allocation-mb}M" - - # Exposes SIMD instructions (requires full JDK, useful with performance mods) - "--add-modules=jdk.incubator.vector" - - # ZGC flags (requires Java v25+, 8+ CPU cores, 10GB+ RAM) - "-XX:+UseZGC" - "-XX:+UseLargePages" - "-XX:+AlwaysPreTouch" - "-XX:+DisableExplicitGC" - "-XX:+PerfDisableSharedMem" - "-XX:+UseCompactObjectHeaders" - "-XX:ZAllocationSpikeTolerance=5" - "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" - - # High MSPT due to ZGC pauses - "-XX:ZUncommitDelay=300" - "-XX:ZCollectionInterval=5" + + "-XX:+UseZGC" # Use ZGC (requires Java v25+, 8+ CPU cores, 10GB+ RAM) + "-XX:+UseCompactObjectHeaders" # Use compact object headers (requires Java v16+, saves a couple of bits per object) + + "--add-modules=jdk.incubator.vector" # Exposes SIMD instructions (requires full JDK, useful with performance mods) + "-XX:+UseLargePages" # Large pages support (requires hugepages configured on the system) + "-XX:+AlwaysPreTouch" # Pre-allocates memory on startup, OS claims it immediately for JVM instead of negotiating it + "-XX:+DisableExplicitGC" # Disables mods from manually invoking the GC + "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics + "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players (causes unnecessary GC load at idle) + "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom for off-heap memory (native code, mods, and ZGC overhead) ]; in lib.concatStringsSep " " flags; # extraStartPost = let gamerules = { From 33f323d1ec2ede8aeb11f98e9818a2a31ae55ea8 Mon Sep 17 00:00:00 2001 From: satr14 Date: Mon, 11 May 2026 16:39:50 +0700 Subject: [PATCH 238/261] cleanup config, use new dir, update hash --- modules/system/homelab/mc.nix | 87 +++++++++++++++-------------------- 1 file changed, 36 insertions(+), 51 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index d545f0b..cc44d20 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "506050af820a4cf370c6f2021c5991d665ba902a"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-Haonn1K74z0aREXCfb/t88DtYD6Kboq23kS6wxqKc3Y="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; @@ -21,14 +21,46 @@ in { services.minecraft-servers = { enable = true; eula = true; - managementSystem.systemd-socket.enable = true; # Referenced but unset environment variable evaluates to an empty string: MAINPID + managementSystem.systemd-socket.enable = true; # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 + + # TODO: figure out how to set gamerules on start (script above runs **before** server ready) + # gamerules to disable: locator_bar, mob_explosion_drop_decay - servers.mc0-explorers-creativity = { + servers.da-s3 = { enable = true; autoStart = true; restart = "always"; - enableReload = true; # NOTE: development phase, disable in production + enableReload = false; + + serverProperties = { + server-port = 25565; + server-name = "Minecraft Server"; + motd = "§lSeason 3§r - §dExplorers Creativity 🔥"; + + difficulty = "normal"; + gamemode = "survival"; + max-world-size = 25000; + spawn-protection = 0; + pvp = true; + + online-mode = true; + enable-query = true; + enforce-secure-profile = false; + pevent-proxy-connections = false; + allow-flight = false; + player-idle-timeout = 0; + + view-distance = 12; + simulation-distance = 4; + + enable-rcon = true; + sync-chunk-writes = false; + "rcon.password" = rcon-pass; + "rcon.port" = 25575; + }; + + symlinks."mods" = "${modpack}/mods"; package = pkgs.fabricServers.fabric-1_21_11.override { jre_headless = pkgs.javaPackages.compiler.temurin-bin.jdk-25; @@ -50,53 +82,6 @@ in { "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players (causes unnecessary GC load at idle) "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom for off-heap memory (native code, mods, and ZGC overhead) ]; in lib.concatStringsSep " " flags; - - # extraStartPost = let gamerules = { - # "locator_bar" = false; - # "mob_explosion_drop_decay" = false; - # # "reduced_debug_info" = false; - # # "global_sound_events" = false; - # }; in lib.concatStringsSep "\n" (map - # (rule: "${pkgs.rcon-cli}/bin/rcon-cli --password ${rcon-pass} gamerule ${rule} ${toString (gamerules.${rule})}") - # (lib.attrNames gamerules) - # ); - # TODO: figure out how to set gamerules on start (script above runs **before** server ready) - - serverProperties = { - server-port = 25565; - server-name = "Minecraft Server"; - motd = "§lSeason 3 TESTING§r - §dExplorers Creativity 🔥"; - - difficulty = "normal"; - gamemode = "survival"; - max-world-size = 25000; - spawn-protection = 0; - pvp = true; - - online-mode = true; - enable-query = true; - enforce-secure-profile = false; - pevent-proxy-connections = false; - allow-flight = false; - player-idle-timeout = 0; - - # resource-pack = "https://cdn.satr14.my.id/public/fullslide-1.21.11.zip"; - # resource-pack-sha1 = "e0958dcef5755286f390c22280700c471ec34a65"; - # resource-pack-enforce = false; - - view-distance = 12; - simulation-distance = 4; - - enable-rcon = true; - sync-chunk-writes = false; - "rcon.password" = rcon-pass; - "rcon.port" = 25575; - }; - - symlinks = { - # "server-icon.png" = "${modpack}/server-icon.png"; - "mods" = "${modpack}/mods"; - }; }; }; } \ No newline at end of file From 3ac6b06f434621f34edfae825e13768708595244 Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 12 May 2026 21:28:06 +0700 Subject: [PATCH 239/261] fix luckperms error --- modules/system/homelab/mc.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index cc44d20..ece3dec 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -60,7 +60,9 @@ in { "rcon.port" = 25575; }; - symlinks."mods" = "${modpack}/mods"; + symlinks = lib.mapAttrs' + (name: _: lib.nameValuePair "mods/${name}" "${modpack}/mods/${name}") + (builtins.readDir "${modpack}/mods"); package = pkgs.fabricServers.fabric-1_21_11.override { jre_headless = pkgs.javaPackages.compiler.temurin-bin.jdk-25; From c2924a2a58d45cb6b22087944f2d9d363077cfeb Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 13 May 2026 15:15:01 +0700 Subject: [PATCH 240/261] enable jstat --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index ece3dec..7c35d85 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -80,7 +80,7 @@ in { "-XX:+UseLargePages" # Large pages support (requires hugepages configured on the system) "-XX:+AlwaysPreTouch" # Pre-allocates memory on startup, OS claims it immediately for JVM instead of negotiating it "-XX:+DisableExplicitGC" # Disables mods from manually invoking the GC - "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics + # "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players (causes unnecessary GC load at idle) "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom for off-heap memory (native code, mods, and ZGC overhead) ]; in lib.concatStringsSep " " flags; From 7791a235909caf9a3670184872f25927ba1bfa38 Mon Sep 17 00:00:00 2001 From: satr14 Date: Wed, 13 May 2026 15:18:29 +0700 Subject: [PATCH 241/261] shorten journal output --- modules/home/core/shell.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/home/core/shell.nix b/modules/home/core/shell.nix index 2a23a42..7c69e47 100644 --- a/modules/home/core/shell.nix +++ b/modules/home/core/shell.nix @@ -37,9 +37,9 @@ "cd" = "z"; "sys" = "sudo systemctl --runtime"; - "sys-log" = "journalctl -f -b -u"; + "sys-log" = "journalctl -o cat -f -b -u"; "user" = "systemctl --user --runtime"; - "user-log" = "journalctl -f -b --user-unit"; + "user-log" = "journalctl -o cat -f -b --user-unit"; "ts" = "sudo tailscale"; "tsip" = "tailscale ip -4"; From d97d291c981753666b7925ba32c506f6aa2fe680 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 14 May 2026 09:08:05 +0700 Subject: [PATCH 242/261] set to perf overclock --- modules/system/homelab/mc.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 7c35d85..0834b82 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -12,7 +12,7 @@ in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; - powerManagement.cpuFreqGovernor = "schedutil"; + powerManagement.cpuFreqGovernor = "performance"; boot.kernel.sysctl = { "vm.nr_hugepages" = (ram-allocation-mb / 2) + 512; # (heap_mb / 2MB per page) + 512 pages (1GB) for ZGC off-heap overhead "vm.swappiness" = 10; @@ -83,6 +83,8 @@ in { # "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players (causes unnecessary GC load at idle) "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom for off-heap memory (native code, mods, and ZGC overhead) + "-XX:ZCollectionInterval=1" # Force a GC cycle at minimum every 1s — prevents allocation stalls when ZGC falls behind Minecraft's bursty allocation + "-XX:ConcGCThreads=4" # Threads ZGC uses for concurrent work; default (cpu/8+1) is often just 2, too slow to keep up with allocation rate ]; in lib.concatStringsSep " " flags; }; }; From c3db68fad698a12efb507bbf5ef3189bcb15ef5c Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 14 May 2026 09:21:54 +0700 Subject: [PATCH 243/261] try powersave --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 0834b82..8682e1d 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -12,7 +12,7 @@ in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; - powerManagement.cpuFreqGovernor = "performance"; + powerManagement.cpuFreqGovernor = "powersave"; boot.kernel.sysctl = { "vm.nr_hugepages" = (ram-allocation-mb / 2) + 512; # (heap_mb / 2MB per page) + 512 pages (1GB) for ZGC off-heap overhead "vm.swappiness" = 10; From 0ebe87c5c376ff4f0b6927611c79f227dbc57a1f Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 15 May 2026 21:01:29 +0700 Subject: [PATCH 244/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 8682e1d..2362e61 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "506050af820a4cf370c6f2021c5991d665ba902a"; + commit = "c7d1a2d8d181104707dd549fc65fffda956b8f40"; in pkgs.fetchPackwizModpack { - packHash = "sha256-Haonn1K74z0aREXCfb/t88DtYD6Kboq23kS6wxqKc3Y="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 05b6c5f45074bdc262a6a5b6c9f0cb0e68c0a0d6 Mon Sep 17 00:00:00 2001 From: satr14 Date: Fri, 15 May 2026 21:02:56 +0700 Subject: [PATCH 245/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 2362e61..20b8b5f 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "c7d1a2d8d181104707dd549fc65fffda956b8f40"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-h/hQalxd8C5D5LADgsok3bMeQSb2Bgpg6UIbZWM0fw8="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 6a106d606c28cdffe6e0d82aed9f1b93a25776b9 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:23:54 +0700 Subject: [PATCH 246/261] add clipboard support --- modules/home/core/cli.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/home/core/cli.nix b/modules/home/core/cli.nix index 86b3c08..4f2dbf6 100644 --- a/modules/home/core/cli.nix +++ b/modules/home/core/cli.nix @@ -49,10 +49,20 @@ initLua = '' vim.opt.clipboard = "unnamedplus" vim.opt.termguicolors = true + vim.g.clipboard = { + name = "OSC 52", + copy = { + ["+"] = require("vim.ui.clipboard.osc52").copy("+"), + ["*"] = require("vim.ui.clipboard.osc52").copy("*"), + }, + paste = { + ["+"] = require("vim.ui.clipboard.osc52").paste("+"), + ["*"] = require("vim.ui.clipboard.osc52").paste("*"), + }, + } require("nvim-tree").setup() vim.api.nvim_create_autocmd("VimEnter", { callback = function() - -- vim.cmd("NvimTreeOpen") vim.cmd("set nu") vim.cmd.wincmd 'p' end, From 70fa5793315a4202dcf3fe2d4e794967d8cc0289 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:35:48 +0700 Subject: [PATCH 247/261] update modpack and add me as an op --- modules/system/homelab/mc.nix | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 20b8b5f..be0d461 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "c7d1a2d8d181104707dd549fc65fffda956b8f40"; + commit = "81067d9cea4e3c48acceb42c8c62c252ab1bd3b2"; in pkgs.fetchPackwizModpack { - packHash = "sha256-h/hQalxd8C5D5LADgsok3bMeQSb2Bgpg6UIbZWM0fw8="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; @@ -33,6 +33,13 @@ in { restart = "always"; enableReload = false; + operators."satr14" = { + uuid = "54441a30-fe73-46e7-adca-c476bd4fc6d2"; + bypassesPlayerLimit = true; + level = 4; + }; + # ^^ DISABLE ON PROD + serverProperties = { server-port = 25565; server-name = "Minecraft Server"; From 9993ed52a750e83df48070c918ea4e74dcbce83e Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:36:43 +0700 Subject: [PATCH 248/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index be0d461..2c85010 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "81067d9cea4e3c48acceb42c8c62c252ab1bd3b2"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-D34uF8LUPNM1LTvOM3V8tvo4yfG++UODxW2qH2tXs/8="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From df27e80f4a0d51202150f8ab6afe550986492da7 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:37:57 +0700 Subject: [PATCH 249/261] [skip ci] small note --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 2c85010..ca92440 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -12,7 +12,7 @@ in { imports = [ inputs.mc.nixosModules.minecraft-servers ]; nixpkgs.overlays = [ inputs.mc.overlay ]; - powerManagement.cpuFreqGovernor = "powersave"; + powerManagement.cpuFreqGovernor = "powersave"; # performance governor causes overheating and thermal throttling, works fine with powesave boot.kernel.sysctl = { "vm.nr_hugepages" = (ram-allocation-mb / 2) + 512; # (heap_mb / 2MB per page) + 512 pages (1GB) for ZGC off-heap overhead "vm.swappiness" = 10; From 858e77735fe3cdf1cec7543212f2dd94914c30be Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:51:20 +0700 Subject: [PATCH 250/261] [skip ci] add extra notes --- modules/system/homelab/mc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index ca92440..6a0cdf3 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -26,6 +26,7 @@ in { # TODO: figure out how to set gamerules on start (script above runs **before** server ready) # gamerules to disable: locator_bar, mob_explosion_drop_decay + # gamerules to enable (temporarily): noend:disable_end servers.da-s3 = { enable = true; From 3db7568fa65f527a0e2264b9cb47e2b92f426e5f Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:51:48 +0700 Subject: [PATCH 251/261] [skip ci] fix comment --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 6a0cdf3..944ea4a 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -24,7 +24,7 @@ in { managementSystem.systemd-socket.enable = true; # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 - # TODO: figure out how to set gamerules on start (script above runs **before** server ready) + # TODO: figure out how to set gamerules on start # gamerules to disable: locator_bar, mob_explosion_drop_decay # gamerules to enable (temporarily): noend:disable_end From 180521963ab5ed0dc27d6ecd1ffb37393e05f00e Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:53:54 +0700 Subject: [PATCH 252/261] [skip ci] todo comments --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 944ea4a..0baf6cc 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -25,7 +25,7 @@ in { # ^^^ https://github.com/Infinidoge/nix-minecraft/issues/119 # TODO: figure out how to set gamerules on start - # gamerules to disable: locator_bar, mob_explosion_drop_decay + # gamerules to disable: locator_bar, mob_explosion_drop_decay, (and possibly) reduced_debug_info, global_sound_events # gamerules to enable (temporarily): noend:disable_end servers.da-s3 = { From 287458eec01d0e12beec8d386959a051d59be691 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 07:59:29 +0700 Subject: [PATCH 253/261] disable ip logging --- modules/system/homelab/mc.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 0baf6cc..f63a1fb 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -42,9 +42,11 @@ in { # ^^ DISABLE ON PROD serverProperties = { + # server-ip = "localhost"; server-port = 25565; server-name = "Minecraft Server"; motd = "§lSeason 3§r - §dExplorers Creativity 🔥"; + log-ips = false; # TODO: figure out how to get ips from cloudflared tunnel difficulty = "normal"; gamemode = "survival"; From 092883606a36dca791e9a69582dc40ec3659a562 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 08:57:32 +0700 Subject: [PATCH 254/261] switch dashboard to be main page --- modules/system/homelab/dash.nix | 190 ++++++++++++++++---------------- 1 file changed, 95 insertions(+), 95 deletions(-) diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix index d973699..e7d62bf 100644 --- a/modules/system/homelab/dash.nix +++ b/modules/system/homelab/dash.nix @@ -89,6 +89,101 @@ in { }; pages = [ + { + name = "Dashboard"; + show-mobile-header = true; + width = "slim"; + columns = [ + { + size = "small"; + widgets = [ + { + type = "monitor"; + title = "Critical Systems"; + cache = "15s"; + style = "compact"; + show-failing-only = true; + sites = map (e: { + same-tab = true; + allow-insecure = true; + title = builtins.elemAt e 0; + url = builtins.elemAt e 1; + }) monitor; + } + { + type = "dns-stats"; + title = "DNS Stats"; + service = "adguard"; + url = "http://localhost:8088/"; + hour-format = "12h"; + } + { + type = "bookmarks"; + groups = [ + { + links = [{ + same-tab = true; + title = "NixFlake"; + icon = "si:nixos"; + url = "https://flake.satr14.my.id"; + }]; + } + { + links = map (e: { + same-tab = true; + title = builtins.elemAt e 0; + icon = "si:${builtins.elemAt e 1}"; + url = builtins.elemAt e 2; + alt-status-codes = [ 401 ]; + }) bookmarks; + } + ]; + } + { + type = "to-do"; + id = "tasks"; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "server-stats"; + servers = [{ + type = "local"; + mountpoints = { + "/boot".hide = true; + "/nix/store".hide = true; + "/var/lib/vaultwarden".hide = true; + "/var/lib/private/cryptpad".hide = true; + "/var/lib/acme/proxy.satr14.my.id".hide = true; + }; + }]; + } + { + type = "monitor"; + cache = "1m"; + title = "Services"; + sites = map (e: { + same-tab = true; + allow-insecure = true; + title = builtins.elemAt e 0; + icon = "si:${builtins.elemAt e 1}"; + url = builtins.elemAt e 2; + check-url = builtins.elemAt e 3; + }) homelab.dash; + } + { + type = "docker-containers"; + title = "Containers"; + format-container-names = true; + hide-by-default = true; + } + ]; + } + ]; + } { name = "Home"; show-mobile-header = true; @@ -187,101 +282,6 @@ in { } ]; } - { - name = "Dashboard"; - show-mobile-header = true; - width = "slim"; - columns = [ - { - size = "small"; - widgets = [ - { - type = "monitor"; - title = "Critical Systems"; - cache = "15s"; - style = "compact"; - show-failing-only = true; - sites = map (e: { - same-tab = true; - allow-insecure = true; - title = builtins.elemAt e 0; - url = builtins.elemAt e 1; - }) monitor; - } - { - type = "dns-stats"; - title = "DNS Stats"; - service = "adguard"; - url = "http://localhost:8088/"; - hour-format = "12h"; - } - { - type = "bookmarks"; - groups = [ - { - links = [{ - same-tab = true; - title = "NixFlake"; - icon = "si:nixos"; - url = "https://flake.satr14.my.id"; - }]; - } - { - links = map (e: { - same-tab = true; - title = builtins.elemAt e 0; - icon = "si:${builtins.elemAt e 1}"; - url = builtins.elemAt e 2; - alt-status-codes = [ 401 ]; - }) bookmarks; - } - ]; - } - { - type = "to-do"; - id = "tasks"; - } - ]; - } - { - size = "full"; - widgets = [ - { - type = "server-stats"; - servers = [{ - type = "local"; - mountpoints = { - "/boot".hide = true; - "/nix/store".hide = true; - "/var/lib/vaultwarden".hide = true; - "/var/lib/private/cryptpad".hide = true; - "/var/lib/acme/proxy.satr14.my.id".hide = true; - }; - }]; - } - { - type = "monitor"; - cache = "1m"; - title = "Services"; - sites = map (e: { - same-tab = true; - allow-insecure = true; - title = builtins.elemAt e 0; - icon = "si:${builtins.elemAt e 1}"; - url = builtins.elemAt e 2; - check-url = builtins.elemAt e 3; - }) homelab.dash; - } - { - type = "docker-containers"; - title = "Containers"; - format-container-names = true; - hide-by-default = true; - } - ]; - } - ]; - } ]; }; }; From b349172b599782b41da2fc54961d2794511d2319 Mon Sep 17 00:00:00 2001 From: satr14 Date: Sun, 17 May 2026 13:11:18 +0700 Subject: [PATCH 255/261] jvm tuning --- modules/system/homelab/mc.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index f63a1fb..3923e3a 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -90,11 +90,11 @@ in { "-XX:+UseLargePages" # Large pages support (requires hugepages configured on the system) "-XX:+AlwaysPreTouch" # Pre-allocates memory on startup, OS claims it immediately for JVM instead of negotiating it "-XX:+DisableExplicitGC" # Disables mods from manually invoking the GC - # "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics - "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players (causes unnecessary GC load at idle) - "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom for off-heap memory (native code, mods, and ZGC overhead) - "-XX:ZCollectionInterval=1" # Force a GC cycle at minimum every 1s — prevents allocation stalls when ZGC falls behind Minecraft's bursty allocation - "-XX:ConcGCThreads=4" # Threads ZGC uses for concurrent work; default (cpu/8+1) is often just 2, too slow to keep up with allocation rate + "-XX:+PerfDisableSharedMem" # Disables constant /tmp writes for JVM metrics + "-XX:ZAllocationSpikeTolerance=5" # Helps when server is active with many players + "-XX:SoftMaxHeapSize=${toString (ram-allocation-mb - 2048)}M" # Leave 2GB headroom + "-XX:ZCollectionInterval=1" # Force a GC cycle at minimum every second + "-XX:ConcGCThreads=8" # Threads ZGC uses for concurrent work ]; in lib.concatStringsSep " " flags; }; }; From 79fd698e12845f87c0231fcd2d00b057d686c61f Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 19 May 2026 17:28:15 +0700 Subject: [PATCH 256/261] update modpack --- modules/system/homelab/mc.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 3923e3a..cf6b40c 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -2,9 +2,9 @@ ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let - commit = "81067d9cea4e3c48acceb42c8c62c252ab1bd3b2"; + commit = "8523f89493ace13087eb68cd9fe3b5eb4f669440"; in pkgs.fetchPackwizModpack { - packHash = "sha256-D34uF8LUPNM1LTvOM3V8tvo4yfG++UODxW2qH2tXs/8="; + packHash = ""; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 8745a66a2a00828c358a3899f9247751dd8a0c4b Mon Sep 17 00:00:00 2001 From: satr14 Date: Tue, 19 May 2026 17:37:50 +0700 Subject: [PATCH 257/261] update hash --- modules/system/homelab/mc.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index cf6b40c..2084d2e 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -4,7 +4,7 @@ modpack = let commit = "8523f89493ace13087eb68cd9fe3b5eb4f669440"; in pkgs.fetchPackwizModpack { - packHash = ""; + packHash = "sha256-xB9Oc/aneogSQ9r7L42vyVM6xwq+QkoTaXYNuUzeo6M="; url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; }; From 89931de313b72ff38235ea8f82d261cf11cf5a5c Mon Sep 17 00:00:00 2001 From: satr14 Date: Sat, 30 May 2026 18:29:01 +0700 Subject: [PATCH 258/261] enable netbird --- modules/system/server.nix | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/modules/system/server.nix b/modules/system/server.nix index 57a3ff0..a2cef9f 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -35,14 +35,17 @@ in { users.users.root.openssh.authorizedKeys.keys = homelab.ssh-keys; - services.tailscale = { - enable = true; - authKeyFile = "/mnt/data/apps/tailscale/authkey"; - useRoutingFeatures = "server"; - extraUpFlags = ts-flags; - extraSetFlags = ts-flags; + services = { + netbird.enable = true; + tailscale = { + enable = true; + authKeyFile = "/mnt/data/apps/tailscale/authkey"; + useRoutingFeatures = "server"; + extraUpFlags = ts-flags; + extraSetFlags = ts-flags; + }; }; - + virtualisation = { oci-containers.backend = "docker"; docker = { From dced4e3a58e48f5387d0deebb3321b919f3211d8 Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 4 Jun 2026 13:51:24 +0700 Subject: [PATCH 259/261] add bun --- modules/system/homelab/git.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/system/homelab/git.nix b/modules/system/homelab/git.nix index db30c7a..2544f90 100644 --- a/modules/system/homelab/git.nix +++ b/modules/system/homelab/git.nix @@ -45,7 +45,7 @@ url = "http://localhost:5080"; #"https://git.proxy.${homelab.domain}"; tokenFile = "/mnt/data/apps/forgejo/token-runner"; labels = [ "self-hosted:host" ]; - hostPackages = with pkgs; [ bash coreutils git nix openssh nodejs ]; + hostPackages = with pkgs; [ bash coreutils git nix openssh bun ]; }; }; systemd.services = { From cabd26d2323b6b8a733a11c4d89ef06324cc9d4a Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 4 Jun 2026 13:51:57 +0700 Subject: [PATCH 260/261] prod toggle --- modules/system/homelab/mc.nix | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/modules/system/homelab/mc.nix b/modules/system/homelab/mc.nix index 2084d2e..90e2e76 100644 --- a/modules/system/homelab/mc.nix +++ b/modules/system/homelab/mc.nix @@ -1,11 +1,13 @@ { inputs, lib, pkgs, ... }: let + production = true; ram-allocation-mb = 12288; rcon-pass = "howdy"; modpack = let commit = "8523f89493ace13087eb68cd9fe3b5eb4f669440"; + path = if production then "commit/${commit}" else "branch/main"; in pkgs.fetchPackwizModpack { packHash = "sha256-xB9Oc/aneogSQ9r7L42vyVM6xwq+QkoTaXYNuUzeo6M="; - url = "https://git.satr14.my.id/satr14/server-modpack/raw/commit/${commit}/pack.toml"; + url = "https://git.satr14.my.id/satr14/server-modpack/raw/${path}/pack.toml"; }; in { @@ -32,14 +34,25 @@ in { enable = true; autoStart = true; restart = "always"; - enableReload = false; + enableReload = production; + # extraReload = '' + # function rcon() { + # ${pkgs.rcon-cli}/bin/rcon-cli -p ${rcon-pass} $@ + # } + + # rcon "gamerule locator_bar false" + # rcon "gamerule mob_explosion_drop_decay false" + # rcon "gamerule reduced_debug_info false" + # rcon "gamerule global_sound_events false" + # ''; - operators."satr14" = { - uuid = "54441a30-fe73-46e7-adca-c476bd4fc6d2"; - bypassesPlayerLimit = true; - level = 4; + operators = lib.mkIf (!production) { + "satr14" = { + uuid = "54441a30-fe73-46e7-adca-c476bd4fc6d2"; + bypassesPlayerLimit = true; + level = 4; + }; }; - # ^^ DISABLE ON PROD serverProperties = { # server-ip = "localhost"; From 598737859c3473fb72e52a303ba72a0438e3ff0b Mon Sep 17 00:00:00 2001 From: satr14 Date: Thu, 4 Jun 2026 13:52:20 +0700 Subject: [PATCH 261/261] todo --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 9172fc5..f8496c7 100644 --- a/README.md +++ b/README.md @@ -7,6 +7,11 @@ - `thinkpad` - Thinkpad T480, i5 8350U, 16GB RAM, 256GB NVME - `homelab` - i7 8700T, 32GB RAM, 512GB NVME, 1TB 2.5" SATA +## Todo +- Automatic backups to external drives. +- Better documentation and code structure. +- Use NixOS modules system. + ## Credits - [orangc's flake](https://git.orangc.net/c/dots) - [vimjoyer's tutorials](https://www.youtube.com/@vimjoyer)