Initialize sanitized repo for tracking nix config changes.
This commit is contained in:
commit
41e150734e
5
.gitignore
vendored
Normal file
5
.gitignore
vendored
Normal file
@ -0,0 +1,5 @@
|
||||
.stfolder
|
||||
secrets.nix
|
||||
archive/
|
||||
glance/config.yaml
|
||||
litellm.yaml
|
536
litten.brenise.dev/configuration.nix
Normal file
536
litten.brenise.dev/configuration.nix
Normal file
@ -0,0 +1,536 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
# Add nixpkgs-unstable channel with the following command:
|
||||
# nix-channel --add https://nixos.org/channels/nixpkgs-unstable nixpkgs-unstable && nix-channel --update
|
||||
unstable = import <nixpkgs-unstable> { config = config.nixpkgs.config; };
|
||||
host_name = "litten";
|
||||
host_fqdn = "${host_name}.brenise.dev";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
nixpkgs = {
|
||||
config.permittedInsecurePackages = [
|
||||
"electron-27.3.11" # logseq
|
||||
];
|
||||
config.allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"obsidian" # https://github.com/obsidianmd/obsidian-releases
|
||||
"packer"
|
||||
"vscode"
|
||||
"terraform"
|
||||
"zoom"
|
||||
];
|
||||
overlays = [
|
||||
(self: super: {
|
||||
ansible = super.ansible.overrideAttrs (oldAttrs: {
|
||||
propagatedBuildInputs = oldAttrs.propagatedBuildInputs ++ [ super.python311Packages.jmespath ];
|
||||
});
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
systemd-boot.configurationLimit = 20;
|
||||
efi.canTouchEfiVariables = true;
|
||||
};
|
||||
};
|
||||
|
||||
hardware = {
|
||||
bluetooth.enable = true;
|
||||
keyboard.qmk.enable = true;
|
||||
|
||||
opengl = { # https://wiki.nixos.org/wiki/Accelerated_Video_Playback
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
intel-media-driver
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
networking = {
|
||||
hostName = "${host_name}";
|
||||
# networkmanager.enable = true;
|
||||
firewall.enable = false;
|
||||
interfaces = {
|
||||
enp100s0.ipv4.addresses = [{
|
||||
address = "192.168.1.35";
|
||||
prefixLength = 24;
|
||||
}];
|
||||
};
|
||||
defaultGateway = {
|
||||
address = "192.168.1.1";
|
||||
interface = "enp100s0";
|
||||
};
|
||||
# TODO https://nixos.wiki/wiki/Encrypted_DNS
|
||||
nameservers = [ "1.1.1.1" "8.8.8.8" ];
|
||||
extraHosts = ''
|
||||
192.168.1.1 shinx.brenise.dev
|
||||
'';
|
||||
};
|
||||
|
||||
time.timeZone = "America/Los_Angeles";
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "Lat2-Terminus16";
|
||||
# keyMap = "us";
|
||||
useXkbConfig = true; # use xkbOptions in tty.
|
||||
};
|
||||
|
||||
users = {
|
||||
groups.glance = {};
|
||||
users = {
|
||||
|
||||
root = {
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
/etc/nixos/ssh/authorized_keys
|
||||
];
|
||||
};
|
||||
|
||||
blee = {
|
||||
openssh.authorizedKeys.keyFiles = [
|
||||
/etc/nixos/ssh/authorized_keys
|
||||
];
|
||||
isNormalUser = true;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"glance"
|
||||
];
|
||||
packages = with pkgs; [
|
||||
chromium
|
||||
coreutils # base64
|
||||
element-desktop
|
||||
firefox
|
||||
gimp
|
||||
jellyfin-media-player
|
||||
kate # kwrite
|
||||
kdenlive
|
||||
libsForQt5.kcalc
|
||||
|
||||
logseq # 0.10.9 # uses insecure electron version 27.3.11 https://github.com/NixOS/nixpkgs/pull/340427
|
||||
#unstable.logseq # 0.10.9 BUG: https://github.com/logseq/logseq/issues/10851
|
||||
|
||||
moonlight-qt
|
||||
nmap
|
||||
obs-studio
|
||||
obsidian
|
||||
qbittorrent
|
||||
rtorrent
|
||||
spek # beat saber mapping
|
||||
synergy
|
||||
tenacity
|
||||
thunderbird
|
||||
tor-browser
|
||||
via
|
||||
vlc
|
||||
vscode
|
||||
xcaddy # warning: absolute dumpster fire
|
||||
yt-dlp
|
||||
zoom-us
|
||||
|
||||
# Build vim huge with clipboard support
|
||||
(vim_configurable.overrideAttrs (oldAttrs: {
|
||||
features = "huge";
|
||||
}))
|
||||
|
||||
awscli2
|
||||
#aws-sam-cli # broken, fails to init. use pip install aws-sam-cli
|
||||
#unstable.aws-sam-cli
|
||||
packer
|
||||
terraform
|
||||
ansible
|
||||
python3
|
||||
python311Packages.pip
|
||||
python311Packages.ipython
|
||||
libreoffice-qt
|
||||
hunspell
|
||||
hunspellDicts.uk_UA
|
||||
hunspellDicts.th_TH
|
||||
nodejs_20
|
||||
yarn
|
||||
deno
|
||||
];
|
||||
};
|
||||
|
||||
glance = {
|
||||
isSystemUser = true;
|
||||
group = "glance";
|
||||
home = "/var/lib/glance";
|
||||
createHome = true;
|
||||
description = "Glance service user";
|
||||
# shell = pkgs.bash;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
# GPU tools
|
||||
android-tools
|
||||
arp-scan
|
||||
cryptsetup
|
||||
curl
|
||||
difftastic
|
||||
dig
|
||||
dnscontrol
|
||||
dnsutils
|
||||
doas
|
||||
exiftool
|
||||
ffmpeg
|
||||
file
|
||||
fzf
|
||||
git
|
||||
go
|
||||
htop
|
||||
iftop
|
||||
imagemagick
|
||||
iperf
|
||||
jq
|
||||
lego
|
||||
libressl
|
||||
mediainfo
|
||||
net-snmp # snmpwalk
|
||||
netcat
|
||||
nettools
|
||||
parted
|
||||
pass
|
||||
pciutils # lspci
|
||||
psmisc
|
||||
qrencode
|
||||
rsync
|
||||
screen
|
||||
tcpdump
|
||||
tmux
|
||||
tree
|
||||
unzip
|
||||
vim
|
||||
vulkan-tools
|
||||
wget
|
||||
whois
|
||||
wireguard-tools
|
||||
zbar
|
||||
zip
|
||||
];
|
||||
|
||||
shellInit = ''
|
||||
pheonix() {
|
||||
systemctl restart "$1"
|
||||
journalctl -fu "$1"
|
||||
}
|
||||
'';
|
||||
|
||||
plasma5.excludePackages = with pkgs.libsForQt5; [
|
||||
plasma-browser-integration
|
||||
];
|
||||
|
||||
etc = lib.mkMerge [
|
||||
|
||||
# Generate KDE config files
|
||||
(lib.attrsets.mapAttrs' (name: value:
|
||||
lib.attrsets.nameValuePair
|
||||
( "xdg/${name}" )
|
||||
{
|
||||
source = (pkgs.formats.ini {}).generate name value;
|
||||
}
|
||||
) {
|
||||
"baloofilerc" = {
|
||||
"Basic Settings" = {
|
||||
"Indexing-Enabled" = false;
|
||||
};
|
||||
};
|
||||
})
|
||||
|
||||
{ # normal environment.etc block
|
||||
gitconfig = {
|
||||
text = ''
|
||||
[init]
|
||||
defaultBranch = main
|
||||
'';
|
||||
};
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
|
||||
programs = {
|
||||
appimage = {
|
||||
enable = true;
|
||||
binfmt = true;
|
||||
package = pkgs.appimage-run.override {
|
||||
extraPkgs = pkgs: [
|
||||
pkgs.libthai # lume
|
||||
];
|
||||
};
|
||||
};
|
||||
fish.enable = true;
|
||||
vim.defaultEditor = true;
|
||||
bash = {
|
||||
shellAliases = {
|
||||
ll = "ls -lAF --classify --group-directories-first";
|
||||
l = "ls -lF --classify --group-directories-first";
|
||||
};
|
||||
# https://nixos.wiki/wiki/Fish
|
||||
interactiveShellInit = ''
|
||||
if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
|
||||
then
|
||||
shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
|
||||
exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
|
||||
fi
|
||||
'';
|
||||
};
|
||||
mtr.enable = true;
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
enableSSHSupport = true;
|
||||
};
|
||||
kdeconnect.enable = true;
|
||||
chromium = {
|
||||
enable = true;
|
||||
extraOpts = {
|
||||
"SpellcheckEnabled" = false;
|
||||
"DefaultSearchProviderEnabled" = true;
|
||||
"DefaultSearchProviderName" = "Kagi";
|
||||
"DefaultSearchProviderSearchURL" = "https://kagi.com/search?q={searchTerms}";
|
||||
"SearchSuggestEnabled" = false;
|
||||
"DefaultSearchProviderSuggestURL" = "";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo.enable = false;
|
||||
doas = {
|
||||
enable = true;
|
||||
extraRules = [
|
||||
{
|
||||
users = [ "blee" ];
|
||||
persist = true;
|
||||
}
|
||||
];
|
||||
};
|
||||
# pki.certificateFiles = [ # self-signed CA trust for start9
|
||||
# "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"
|
||||
# # "/etc/ssl/certs/dotted-turbans.pem"
|
||||
# ];
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
openssh.enable = true;
|
||||
udev.packages = [ pkgs.via ];
|
||||
|
||||
# https://discourse.nixos.org/t/bluetooth-a2dp-sink-not-showing-up-in-pulseaudio-on-nixos/32447/4?u=bleetube
|
||||
pipewire = {
|
||||
enable = true;
|
||||
pulse.enable = true;
|
||||
};
|
||||
# avahi = { # for resolving start9 hostname
|
||||
# enable = true;
|
||||
# nssmdns4 = true; # Enable NSS support for mDNS
|
||||
# };
|
||||
|
||||
syncthing = {
|
||||
enable = true;
|
||||
user = "blee";
|
||||
dataDir = "/home/blee/Documents";
|
||||
};
|
||||
journald.extraConfig = "MaxRetentionSec=30day";
|
||||
|
||||
# https://github.com/NixOS/nixpkgs/blob/nixos-23.05/nixos/modules/services/monitoring/prometheus/exporters.nix
|
||||
prometheus.exporters.node = {
|
||||
enable = true;
|
||||
port = 8030;
|
||||
enabledCollectors = [
|
||||
"cpu.info"
|
||||
"interrupts"
|
||||
"netstat"
|
||||
"vmstat"
|
||||
"systemd"
|
||||
"tcpstat"
|
||||
"processes"
|
||||
];
|
||||
};
|
||||
|
||||
caddy = {
|
||||
enable = true;
|
||||
logFormat = "output discard";
|
||||
extraConfig = let
|
||||
tlsConfig = ''
|
||||
tls {
|
||||
dns namecheap {
|
||||
api_key {env.NAMECHEAP_API_KEY}
|
||||
user {env.NAMECHEAP_API_USER}
|
||||
api_endpoint https://api.namecheap.com/xml.response
|
||||
}
|
||||
}
|
||||
'';
|
||||
in ''
|
||||
${host_fqdn} { # open-webui
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8080
|
||||
|
||||
# BUG: assets are all on root path
|
||||
# handle /changedetection/* {
|
||||
# uri strip_prefix /changedetection
|
||||
# reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
|
||||
# }
|
||||
|
||||
# handle /files/* {
|
||||
# root /mnt/usb/
|
||||
# file_server browse
|
||||
# }
|
||||
}
|
||||
|
||||
${host_fqdn}:4430 { # node_exporter
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8030
|
||||
}
|
||||
|
||||
${host_fqdn}:4431 { # litellm
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8031
|
||||
}
|
||||
|
||||
${host_fqdn}:4432 { # glance
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8032
|
||||
}
|
||||
|
||||
# BUG: POST messages throw missing referrer error
|
||||
${host_fqdn}:4433 { # changedetection-io
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:${toString config.services.changedetection-io.port}
|
||||
header Referrer-Policy "strict-origin-when-cross-origin"
|
||||
}
|
||||
|
||||
${host_fqdn}:4434 { # home-assistant
|
||||
${tlsConfig}
|
||||
reverse_proxy http://127.0.0.1:8034
|
||||
}
|
||||
|
||||
'';
|
||||
};
|
||||
|
||||
changedetection-io = {
|
||||
enable = true;
|
||||
port = 8033;
|
||||
behindProxy = true;
|
||||
# baseURL = "https://${host_fqdn}/changedetection/";
|
||||
baseURL = "https://${host_fqdn}:4433/";
|
||||
environmentFile = "/var/src/env_vars/changedetection-io";
|
||||
};
|
||||
|
||||
displayManager = {
|
||||
sddm.enable = true;
|
||||
#defaultSession = "plasmawayland";
|
||||
};
|
||||
xserver = {
|
||||
enable = true;
|
||||
desktopManager.plasma5.enable = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services = {
|
||||
caddy = {
|
||||
serviceConfig = {
|
||||
EnvironmentFile = "/var/src/secrets/namecheap";
|
||||
ExecStart = [
|
||||
"" # This empty string clears the existing ExecStart commands
|
||||
"/opt/bin/caddy run --config /etc/caddy/caddy_config --adapter caddyfile"
|
||||
];
|
||||
ExecReload = [
|
||||
"" # This empty string clears the existing ExecReload commands
|
||||
"/opt/bin/caddy reload --config /etc/caddy/caddy_config --adapter caddyfile --force"
|
||||
];
|
||||
};
|
||||
};
|
||||
glance = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network-online.target" ];
|
||||
wants = [ "network-online.target" ];
|
||||
serviceConfig = {
|
||||
User = "glance";
|
||||
Group = "glance";
|
||||
WorkingDirectory = "/var/lib/glance";
|
||||
# Environment = "LOG_LEVEL=debug"; # https://github.com/glanceapp/glance/issues/196
|
||||
ExecStart = "${pkgs.glance}/bin/glance --config config.yaml";
|
||||
};
|
||||
};
|
||||
|
||||
open-webui = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
after = [ "network.target" ];
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
User = "blee";
|
||||
WorkingDirectory = "/opt/open-webui";
|
||||
Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
|
||||
ExecStart = "${pkgs.nix}/bin/nix-shell";
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# TODO: fix errors
|
||||
# systemd.services.nightly-backups = {
|
||||
# description = "Nightly Backup Service";
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# after = [ "network.target" ];
|
||||
# # enable = false; # testing
|
||||
# serviceConfig = {
|
||||
# User = "blee";
|
||||
# Type = "oneshot";
|
||||
# Environment = "NIX_PATH=nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos:nixos-config=/etc/nixos/configuration.nix:/nix/var/nix/profiles/per-user/root/channels";
|
||||
# WorkingDirectory = "/home/blee/ops/brenise.dev/scripts/backups";
|
||||
# # batch.sh calls other shell scripts which leads to nix environment hell.
|
||||
# # As a workaround, I think we could add multiple ExecStart lines for other backup scripts.
|
||||
# # ExecStart = "${pkgs.bash}/bin/bash /home/blee/ops/brenise.dev/scripts/backups/batch.sh";
|
||||
# ExecStart = "${pkgs.bash}/bin/bash /home/blee/ops/brenise.dev/scripts/backups/hosts/litten.brenise.dev.sh";
|
||||
# # Path = [
|
||||
# # "${pkgs.openssh}/bin"
|
||||
# # "${pkgs.coreutils}/bin"
|
||||
# # "${pkgs.gnugrep}/bin"
|
||||
# # "${pkgs.gnused}/bin"
|
||||
# # ];
|
||||
# };
|
||||
# };
|
||||
|
||||
# systemd.timers.nightly-backups = {
|
||||
# wantedBy = [ "timers.target" ];
|
||||
# partOf = [ "nightly-backups.service" ];
|
||||
# timerConfig = {
|
||||
# OnCalendar = "daily";
|
||||
# nCalendar = "*-*-* 03:00:00";
|
||||
# # Persistent = true;
|
||||
# Unit = "nightly-backups.service";
|
||||
# };
|
||||
# };
|
||||
|
||||
};
|
||||
|
||||
# virtualisation.oci-containers = {
|
||||
# backend = "podman"; # systemctl status podman-homeassistant
|
||||
# containers.homeassistant = {
|
||||
# volumes = [ "home-assistant:/config" ];
|
||||
# environment.TZ = "US/Pacific";
|
||||
# # Note: The image will not be updated on rebuilds, unless the version label changes
|
||||
# image = "ghcr.io/home-assistant/home-assistant:stable";
|
||||
# ports = [ "8123:8034" ];
|
||||
# extraOptions = [
|
||||
# "--network=host"
|
||||
# "--cap-add=NET_ADMIN"
|
||||
# "--cap-add=NET_RAW"
|
||||
# ];
|
||||
# };
|
||||
# };
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
1
litten.brenise.dev/glance/assets/gitea.svg
Normal file
1
litten.brenise.dev/glance/assets/gitea.svg
Normal file
@ -0,0 +1 @@
|
||||
<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" style="enable-background:new 0 0 640 640;" xml:space="preserve" viewBox="5.67 143.05 628.65 387.55"> <g> <path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8 c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4 c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"></path> <g> <g> <path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2 c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5 c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5 c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3 c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1 C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4 c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7 S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55 c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8 l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"></path> <path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4 c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1 c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9 c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3 c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3 c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29 c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8 C343.2,346.5,335,363.3,326.8,380.1z"></path> </g> </g> </g> </svg>
|
After Width: | Height: | Size: 2.5 KiB |
BIN
litten.brenise.dev/glance/assets/jellyfin.png
Normal file
BIN
litten.brenise.dev/glance/assets/jellyfin.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 38 KiB |
BIN
litten.brenise.dev/glance/assets/vaultwarden.png
Normal file
BIN
litten.brenise.dev/glance/assets/vaultwarden.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 4.9 KiB |
97
litten.brenise.dev/glance/config.yaml
Normal file
97
litten.brenise.dev/glance/config.yaml
Normal file
@ -0,0 +1,97 @@
|
||||
# https://github.com/glanceapp/glance/blob/main/docs/configuration.md
|
||||
server:
|
||||
host: 127.0.0.1
|
||||
port: 8032
|
||||
assets-path: /var/lib/glance/assets
|
||||
pages:
|
||||
- name: Home
|
||||
columns:
|
||||
- size: small
|
||||
widgets:
|
||||
- type: calendar
|
||||
|
||||
- type: rss
|
||||
limit: 10
|
||||
collapse-after: 3
|
||||
cache: 1d
|
||||
feeds:
|
||||
- url: https://distrowatch.com/news/distro/debian.xml
|
||||
- url: https://distrowatch.com/news/distro/nixos.xml
|
||||
- url: https://distrowatch.com/news/distro/qubes.xml
|
||||
|
||||
- type: twitch-channels
|
||||
channels:
|
||||
- frivvifox
|
||||
- asmr_divinity
|
||||
- thrilluwu
|
||||
- demonbenny
|
||||
|
||||
- size: full
|
||||
widgets:
|
||||
- type: videos
|
||||
channels:
|
||||
- UCTrQ7HXWRRxr7OsOtodr2_w # Channel4News
|
||||
- UCawZsQWqfGSbCI5yjkdVkTA # matthew_berman
|
||||
- type: hacker-news
|
||||
sort-by: best
|
||||
- type: rss
|
||||
title: News Minimalist
|
||||
# collapse-after: 5
|
||||
cache: 1d
|
||||
feeds:
|
||||
- url: https://rss.beehiiv.com/feeds/4aF2pGVAEN.xml
|
||||
- type: rss
|
||||
title: Communities
|
||||
# collapse-after: 5
|
||||
cache: 1d
|
||||
feeds:
|
||||
- url: https://discourse.nixos.org/top.rss?period=weekly
|
||||
title: NixOS Discourse
|
||||
- type: videos
|
||||
channels:
|
||||
- UCoNfsDH8sZe13u7rSxaEBkw # FrivolousFoxASMR
|
||||
- UC_n9r4yRVXusIa6Cabl4wDw # ASMRDivinity
|
||||
- UCshObcm-nLhbu8MY50EZ5Ng # BennJordan
|
||||
|
||||
- size: small
|
||||
widgets:
|
||||
- type: weather
|
||||
location: Long Beach, California, United States
|
||||
units: imperial
|
||||
|
||||
- type: monitor
|
||||
cache: 1m
|
||||
title: Services
|
||||
sites:
|
||||
- title: Gitea
|
||||
url: https://git.satstack.dev
|
||||
icon: /assets/gitea.svg
|
||||
- title: Jellyfin
|
||||
url: https://raichu.satstack.dev:4445
|
||||
icon: /assets/jellyfin.png
|
||||
- title: Vaultwarden
|
||||
url: https://raichu.satstack.dev:4435
|
||||
icon: /assets/vaultwarden.png
|
||||
# - title: Immich
|
||||
# url: https://immich.yourdomain.com
|
||||
# icon: /assets/immich-logo.png
|
||||
|
||||
# - type: markets
|
||||
# markets:
|
||||
- type: stocks
|
||||
stocks:
|
||||
- symbol: SPY
|
||||
name: S&P 500
|
||||
- symbol: BTC-USD
|
||||
name: Bitcoin
|
||||
chart-link: https://www.tradingview.com/chart/?symbol=INDEX:BTCUSD
|
||||
- symbol: DCR-BTC
|
||||
name: Testnet
|
||||
chart-link: https://www.binance.com/en/trade/DCR_BTC?type=spot
|
||||
|
||||
# - type: releases
|
||||
# repositories:
|
||||
# - immich-app/immich
|
||||
# - go-gitea/gitea
|
||||
# - dani-garcia/vaultwarden
|
||||
# - jellyfin/jellyfin
|
42
litten.brenise.dev/install.sh
Executable file
42
litten.brenise.dev/install.sh
Executable file
@ -0,0 +1,42 @@
|
||||
#!/bin/bash
|
||||
set -e
|
||||
set -x
|
||||
|
||||
# Requires ssh access to target machine: ssh root@${TARGET}
|
||||
TARGET=litten
|
||||
TARGET_DOMAIN=brenise.dev
|
||||
|
||||
FORMAT_DISK ()
|
||||
{
|
||||
# dd if=/dev/zero count=1 bs=2M of=/dev/nvmen1
|
||||
parted /dev/nvme0n1 -- mklabel gpt
|
||||
parted /dev/nvme0n1 -- mkpart primary 512MB 100%
|
||||
parted /dev/nvme0n1 -- mkpart ESP fat32 1MB 512MB
|
||||
parted /dev/nvme0n1 -- set 2 esp on
|
||||
mkfs.ext4 -L nixos /dev/nvme0n1p1
|
||||
mkfs.fat -F 32 -n boot /dev/nvme0n1p2
|
||||
mount /dev/disk/by-label/nixos /mnt
|
||||
mkdir -p /mnt/boot
|
||||
mount /dev/disk/by-label/boot /mnt/boot
|
||||
nixos-generate-config --root /mnt
|
||||
}
|
||||
|
||||
echo "Install NixOS on ${TARGET}? Press enter to continue or ctrl+c to quit."
|
||||
read
|
||||
|
||||
ssh root@${TARGET} "$(typeset -f FORMAT_DISK); FORMAT_DISK"
|
||||
|
||||
rsync -tv configuration.nix root@${TARGET}:/mnt/etc/nixos/
|
||||
|
||||
# ssh
|
||||
if [ -f ~/.ssh/ansible_root_keys ]; then
|
||||
rsync -v ~/.ssh/ansible_root_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
|
||||
else
|
||||
rsync -v ~/.ssh/authorized_keys root@${TARGET}:/etc/nixos/ssh/authorized_keys
|
||||
fi
|
||||
|
||||
ssh root@${TARGET} nixos-install
|
||||
|
||||
# Don't forget to set your passwd
|
||||
# To chroot:
|
||||
#nixos-enter --root /mnt
|
@ -0,0 +1,257 @@
|
||||
{
|
||||
"name": "Keychron K4 Pro ANSI White",
|
||||
"vendorId": "0x3434",
|
||||
"productId": "0x0243",
|
||||
"keycodes": ["qmk_lighting"],
|
||||
"customKeycodes": [
|
||||
{"name": "Left Option", "title": "Left Option", "shortName": "LOpt"},
|
||||
{"name": "Right Option", "title": "Right Option", "shortName": "ROpt"},
|
||||
{"name": "Left Cmd", "title": "Left Command", "shortName": "LCmd"},
|
||||
{"name": "Right Cmd", "title": "Right Command", "shortName": "RCmd"},
|
||||
{"name": "Task View", "title": "Task View in Windows", "shortName": "Task"},
|
||||
{"name": "File Explorer", "title": "File Explorer in Windows", "shortName": "File"},
|
||||
{"name": "Screen shot", "title": "Screenshot in macOS", "shortName": "SShot"},
|
||||
{"name": "Cortana", "title": "Cortana in Windows", "shortName": "Cortana"},
|
||||
{"name": "Siri", "title": "Siri in macOS", "shortName": "Siri"},
|
||||
{"name": "Bluetooth Host 1", "title": "Bluetooth Host 1", "shortName": "BTH1"},
|
||||
{"name": "Bluetooth Host 2", "title": "Bluetooth Host 2", "shortName": "BTH2"},
|
||||
{"name": "Bluetooth Host 3", "title": "Bluetooth Host 3", "shortName": "BTH3"},
|
||||
{"name": "Battery Level", "title": "Show battery level", "shortName": "Batt"}
|
||||
],
|
||||
"matrix": {"rows": 6, "cols": 18},
|
||||
"layouts": {
|
||||
"keymap": [
|
||||
[
|
||||
{
|
||||
"c": "#777777"
|
||||
},
|
||||
"0,0",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"0,1",
|
||||
"0,2",
|
||||
"0,3",
|
||||
"0,4",
|
||||
{
|
||||
"c": "#aaaaaa"
|
||||
},
|
||||
"0,5",
|
||||
"0,6",
|
||||
"0,7",
|
||||
"0,8",
|
||||
"0,9",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"0,10",
|
||||
"0,11",
|
||||
"0,12",
|
||||
{
|
||||
"c": "#aaaaaa"
|
||||
},
|
||||
"0,13",
|
||||
"0,14",
|
||||
{
|
||||
"x": 0.5500000000000007
|
||||
},
|
||||
"0,15",
|
||||
"0,16",
|
||||
"0,17",
|
||||
"3,17"
|
||||
],
|
||||
[
|
||||
{
|
||||
"y": 0.26
|
||||
},
|
||||
"1,0",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"1,1",
|
||||
"1,2",
|
||||
"1,3",
|
||||
"1,4",
|
||||
"1,5",
|
||||
"1,6",
|
||||
"1,7",
|
||||
"1,8",
|
||||
"1,9",
|
||||
"1,10",
|
||||
"1,11",
|
||||
"1,12",
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 2
|
||||
},
|
||||
"1,13",
|
||||
{
|
||||
"x": 0.5500000000000007,
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"1,14",
|
||||
"1,15",
|
||||
"1,16",
|
||||
"1,17"
|
||||
],
|
||||
[
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 1.5
|
||||
},
|
||||
"2,0",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"2,1",
|
||||
"2,2",
|
||||
"2,3",
|
||||
"2,4",
|
||||
"2,5",
|
||||
"2,6",
|
||||
"2,7",
|
||||
"2,8",
|
||||
"2,9",
|
||||
"2,10",
|
||||
"2,11",
|
||||
"2,12",
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 1.5
|
||||
},
|
||||
"2,13",
|
||||
{
|
||||
"x": 0.5600000000000005,
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"2,14",
|
||||
"2,15",
|
||||
"2,16",
|
||||
{
|
||||
"h": 2
|
||||
},
|
||||
"2,17"
|
||||
],
|
||||
[
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 1.75
|
||||
},
|
||||
"3,0",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"3,1",
|
||||
"3,2",
|
||||
"3,3",
|
||||
"3,4",
|
||||
"3,5",
|
||||
"3,6",
|
||||
"3,7",
|
||||
"3,8",
|
||||
"3,9",
|
||||
"3,10",
|
||||
"3,11",
|
||||
{
|
||||
"c": "#777777",
|
||||
"w": 2.25
|
||||
},
|
||||
"3,13",
|
||||
{
|
||||
"x": 0.5600000000000005,
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"3,14",
|
||||
"3,15",
|
||||
"3,16"
|
||||
],
|
||||
[
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 2.25
|
||||
},
|
||||
"4,0",
|
||||
{
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"4,2",
|
||||
"4,3",
|
||||
"4,4",
|
||||
"4,5",
|
||||
"4,6",
|
||||
"4,7",
|
||||
"4,8",
|
||||
"4,9",
|
||||
"4,10",
|
||||
"4,11",
|
||||
{
|
||||
"c": "#aaaaaa",
|
||||
"w": 1.75
|
||||
},
|
||||
"4,12",
|
||||
{
|
||||
"x": 1.5599999999999987,
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"4,14",
|
||||
"4,15",
|
||||
"4,16",
|
||||
{
|
||||
"h": 2
|
||||
},
|
||||
"4,17"
|
||||
],
|
||||
[
|
||||
{
|
||||
"y": -0.75,
|
||||
"x": 14.28,
|
||||
"c": "#777777"
|
||||
},
|
||||
"4,13"
|
||||
],
|
||||
[
|
||||
{
|
||||
"y": -0.25,
|
||||
"c": "#aaaaaa",
|
||||
"w": 1.25
|
||||
},
|
||||
"5,0",
|
||||
{
|
||||
"w": 1.25
|
||||
},
|
||||
"5,1",
|
||||
{
|
||||
"w": 1.25
|
||||
},
|
||||
"5,2",
|
||||
{
|
||||
"c": "#cccccc",
|
||||
"w": 6.25
|
||||
},
|
||||
"5,6",
|
||||
{
|
||||
"c": "#aaaaaa"
|
||||
},
|
||||
"5,10",
|
||||
"5,11",
|
||||
"5,12",
|
||||
{
|
||||
"x": 3.5600000000000023,
|
||||
"c": "#cccccc"
|
||||
},
|
||||
"5,16",
|
||||
"5,17"
|
||||
],
|
||||
[
|
||||
{
|
||||
"y": -0.75,
|
||||
"x": 13.28,
|
||||
"c": "#777777"
|
||||
},
|
||||
"5,13",
|
||||
"5,14",
|
||||
"5,15"
|
||||
]
|
||||
]
|
||||
}
|
||||
}
|
BIN
litten.brenise.dev/keychron/k4p-g1-default-layout.png
Normal file
BIN
litten.brenise.dev/keychron/k4p-g1-default-layout.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 110 KiB |
37
litten.brenise.dev/opt/open-webui/run-open-webui.sh
Executable file
37
litten.brenise.dev/opt/open-webui/run-open-webui.sh
Executable file
@ -0,0 +1,37 @@
|
||||
#!/usr/bin/env bash
|
||||
|
||||
# Exit on error, undefined variables, and print commands
|
||||
set -e
|
||||
|
||||
# Default values (can be overridden by command-line arguments)
|
||||
SESSION_NAME="${1:-textgen}"
|
||||
LITELLM_PORT="${2:-8031}"
|
||||
|
||||
if tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
|
||||
echo "Session '$SESSION_NAME' already exists. No action taken."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Activate virtual environment
|
||||
source .venv/bin/activate
|
||||
|
||||
# Source the password forr litellm
|
||||
source .env
|
||||
|
||||
# Check if session already exists
|
||||
if ! tmux has-session -t "$SESSION_NAME" 2>/dev/null; then
|
||||
# Create new detached session
|
||||
tmux new-session -d -s "$SESSION_NAME"
|
||||
|
||||
# Start the open-webui server
|
||||
tmux send-keys -t "$SESSION_NAME" "open-webui serve" C-m
|
||||
|
||||
# Start litellm in a new pane
|
||||
tmux split-window -v -t "$SESSION_NAME"
|
||||
tmux send-keys -t "$SESSION_NAME" "source .env && litellm --telemetry False --config ./litellm.yaml --host 127.0.0.1 --port $LITELLM_PORT" C-m
|
||||
|
||||
echo "Session '$SESSION_NAME' created and configured. To connect, type: tmux att -t $SESSION_NAME"
|
||||
else
|
||||
echo "Session '$SESSION_NAME' already exists. Exiting."
|
||||
exit 1
|
||||
fi
|
11
litten.brenise.dev/opt/open-webui/shell.nix
Normal file
11
litten.brenise.dev/opt/open-webui/shell.nix
Normal file
@ -0,0 +1,11 @@
|
||||
{ pkgs ? import <nixpkgs> {} }:
|
||||
(pkgs.buildFHSEnv {
|
||||
name = "open-webui-fhs-env";
|
||||
targetPkgs = pkgs: with pkgs; [
|
||||
tmux
|
||||
# bash
|
||||
# python311
|
||||
];
|
||||
runScript = "./run-open-webui.sh";
|
||||
}).env
|
||||
|
Loading…
x
Reference in New Issue
Block a user