sprechtl/dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: first helix conf

Browse source
This commit is contained in:
s-prechtl 2025-07-23 01:28:18 +02:00
parent aefc04445b
commit efd564b11c
4 changed files with 64 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

2
hosts/goingmerry/configuration.nix
View file

@ -323,7 +323,7 @@
{ {
publicKey = "GEX4m+MaTgiFJIusY8lAWkKji5WjzKmyMsSbCmBmHSQ="; publicKey = "GEX4m+MaTgiFJIusY8lAWkKji5WjzKmyMsSbCmBmHSQ=";
presharedKeyFile = "/home/sprechtl/.wg-keys/psk"; presharedKeyFile = "/home/sprechtl/.wg-keys/psk";
allowedIPs = [ "10.0.0.0/24" ]; allowedIPs = ["10.0.0.0/24"];
endpoint = "sprechtl.me:51820"; endpoint = "sprechtl.me:51820";
persistentKeepalive = 25; persistentKeepalive = 25;
} }

25
hosts/goingmerry/home.nix
View file

@ -4,21 +4,22 @@
... ...
}: { }: {
imports = [ imports = [
inputs.zen-browser.homeModules.twilight ../../modules/home-manager/alacritty.nix
../../modules/home-manager/hyprland.nix ../../modules/home-manager/blueman.nix
../../modules/home-manager/pass.nix
../../modules/home-manager/btop.nix ../../modules/home-manager/btop.nix
../../modules/home-manager/dunst.nix ../../modules/home-manager/dunst.nix
../../modules/home-manager/blueman.nix
../../modules/home-manager/git.nix
../../modules/home-manager/wofi.nix
../../modules/home-manager/rofi.nix
../../modules/home-manager/waybar.nix
../../modules/home-manager/alacritty.nix
../../modules/home-manager/nextcloud.nix
../../modules/home-manager/zsh.nix
../../modules/home-manager/tmux.nix
../../modules/home-manager/fastfetch.nix ../../modules/home-manager/fastfetch.nix
../../modules/home-manager/git.nix
../../modules/home-manager/helix.nix
../../modules/home-manager/hyprland.nix
../../modules/home-manager/nextcloud.nix
../../modules/home-manager/pass.nix
../../modules/home-manager/rofi.nix
../../modules/home-manager/tmux.nix
../../modules/home-manager/waybar.nix
../../modules/home-manager/wofi.nix
../../modules/home-manager/zsh.nix
inputs.zen-browser.homeModules.twilight
]; ];
home.username = "sprechtl"; home.username = "sprechtl";
home.homeDirectory = "/home/sprechtl"; home.homeDirectory = "/home/sprechtl";

69
hosts/hitsugibune/matrix.nix
View file

@ -1,5 +1,9 @@
{ pkgs, lib, config, ... }: {
let pkgs,
lib,
config,
...
}: let
fqdn = "matrix.sprechtl.me"; fqdn = "matrix.sprechtl.me";
baseUrl = "https://${fqdn}"; baseUrl = "https://${fqdn}";
clientConfig."m.homeserver".base_url = baseUrl; clientConfig."m.homeserver".base_url = baseUrl;
@ -9,7 +13,7 @@ let
add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON data}'; return 200 '${builtins.toJSON data}';
''; '';
turn = config.services.coturn; turn = config.services.coturn;
in { in {
age.secrets.matrix = { age.secrets.matrix = {
file = ../../secrets/matrix.age; file = ../../secrets/matrix.age;
@ -40,32 +44,32 @@ in {
# Coturn Ports # Coturn Ports
networking.firewall = { networking.firewall = {
interfaces.enp0s31f6 = let interfaces.enp0s31f6 = let
range = with config.services.coturn; lib.singleton { range = with config.services.coturn;
from = min-port; lib.singleton {
to = max-port; from = min-port;
}; to = max-port;
in };
{ in {
allowedUDPPortRanges = range; allowedUDPPortRanges = range;
allowedUDPPorts = [ 3478 5349 ]; allowedUDPPorts = [3478 5349];
allowedTCPPortRanges = [ ]; allowedTCPPortRanges = [];
allowedTCPPorts = [ 3478 5349 ]; allowedTCPPorts = [3478 5349];
}; };
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
# Make certificate readable # Make certificate readable
users.users.nginx.extraGroups = [ "turnserver" ]; users.users.nginx.extraGroups = ["turnserver"];
services.nginx.virtualHosts.${turn.realm} = { services.nginx.virtualHosts.${turn.realm} = {
addSSL = true; addSSL = true;
enableACME = false; # well do ACME ourselves enableACME = false; # well do ACME ourselves
forceSSL = false; forceSSL = false;
sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem"; sslCertificate = "${config.security.acme.certs.${turn.realm}.directory}/full.pem";
sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem"; sslCertificateKey = "${config.security.acme.certs.${turn.realm}.directory}/key.pem";
locations."/.well-known/acme-challenge/" = { locations."/.well-known/acme-challenge/" = {
root = "/var/lib/acme/acme-challenges"; root = "/var/lib/acme/acme-challenges";
};
}; };
};
security.acme.certs.${turn.realm} = { security.acme.certs.${turn.realm} = {
email = "stefan@tague.at"; email = "stefan@tague.at";
@ -76,7 +80,7 @@ in {
services.postgresql.enable = true; services.postgresql.enable = true;
services.coturn = rec { services.coturn = rec {
enable = true; enable = true;
no-cli = true; no-cli = true;
no-tcp-relay = true; no-tcp-relay = true;
@ -174,26 +178,29 @@ in {
settings.enable_registration = false; settings.enable_registration = false;
enableRegistrationScript = true; enableRegistrationScript = true;
settings.listeners = [ settings.listeners = [
{ port = 8008; {
bind_addresses = [ "::1" ]; port = 8008;
bind_addresses = ["::1"];
type = "http"; type = "http";
tls = false; tls = false;
x_forwarded = true; x_forwarded = true;
resources = [ { resources = [
names = [ "client" "federation" ]; {
compress = true; names = ["client" "federation"];
} ]; compress = true;
}
];
} }
]; ];
extraConfigFiles = [ config.age.secrets.matrix.path ]; extraConfigFiles = [config.age.secrets.matrix.path];
settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"]; settings.turn_uris = ["turn:${turn.realm}:3478?transport=udp" "turn:${turn.realm}:3478?transport=tcp"];
settings.turn_user_lifetime = "1h"; settings.turn_user_lifetime = "1h";
}; };
# WARN: Remove once mautrix is updated # WARN: Remove once mautrix is updated
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"olm-3.2.16" "olm-3.2.16"
]; ];
services.mautrix-signal = { services.mautrix-signal = {

12
modules/home-manager/helix.nix Normal file
View file

@ -0,0 +1,12 @@
{...}: {
programs.helix = {
enable = true;
settings = {
theme = "gruvbox";
editor = {
line-number = "relative";
lsp.display-messages = true;
};
};
};
}