diff --git a/aspects/ai.nix b/aspects/ai.nix index 30c7342..6befeae 100644 --- a/aspects/ai.nix +++ b/aspects/ai.nix @@ -1,34 +1,12 @@ { ... }: { - flake.modules = { - nixos.ai = - { inputs, pkgs, ... }: - { - environment.systemPackages = - (with pkgs; [ ]) - ++ (with inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}; [ - ccusage-opencode - opencode - ]); - - nix.settings = { - extra-substituters = [ "https://cache.numtide.com" ]; - extra-trusted-public-keys = [ - "niks3.numtide.com-1:DTx8wZduET09hRmMtKdQDxNNthLQETkc/yaX7M4qK0g=" - ]; - }; - }; - homeManager.ai = - { inputs, pkgs, ... }: - { - programs.opencode = { - enable = true; - package = inputs.nix-ai-tools.packages.${pkgs.stdenv.hostPlatform.system}.opencode; - settings = { - theme = "system"; - autoupdate = false; - }; - }; - }; + flake.modules.nixos.ai = { inputs, pkgs, ... }: { + environment.systemPackages = + (with pkgs; [claude-desktop]) ++ + (with inputs.nix-ai-tools.packages.${pkgs.system}; [ + claude-code + claudebox + opencode + ]); }; } diff --git a/aspects/base/bash.nix b/aspects/base/bash.nix deleted file mode 100644 index 6ba97ef..0000000 --- a/aspects/base/bash.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ ... }: -{ - flake.modules.homeManager.bash = - { - config, - lib, - pkgs, - ... - }: - { - programs.bash = { - enable = true; - historyFile = "~/.cache/bash_history"; - }; - }; -} diff --git a/aspects/base/boot.nix b/aspects/base/boot.nix deleted file mode 100644 index ec8593d..0000000 --- a/aspects/base/boot.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.boot = - { pkgs, ... }: - { - boot = { - loader = { - timeout = 1; - efi.canTouchEfiVariables = true; - systemd-boot = { - enable = true; - editor = false; - consoleMode = "max"; - sortKey = "aa"; - netbootxyz = { - enable = true; - sortKey = "zz"; - }; - }; - }; - }; - }; -} diff --git a/aspects/base/console.nix b/aspects/base/console.nix deleted file mode 100644 index 6bb7be4..0000000 --- a/aspects/base/console.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.console = - { ... }: - { - console = { - useXkbConfig = true; - earlySetup = true; - }; - }; -} diff --git a/aspects/base/firewall.nix b/aspects/base/firewall.nix deleted file mode 100644 index 68ffa6e..0000000 --- a/aspects/base/firewall.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.firewall = - { ... }: - { - networking = { - firewall.enable = true; - nftables.enable = true; - }; - }; -} diff --git a/aspects/base/fish.nix b/aspects/base/fish.nix deleted file mode 100644 index 8ed326a..0000000 --- a/aspects/base/fish.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ ... }: -{ - flake.modules = { - nixos.fish = - { ... }: - { - programs.fish.enable = true; - }; - homeManager.fish = - { - config, - lib, - pkgs, - ... - }: - { - programs.fish = { - enable = true; - interactiveShellInit = '' - set fish_greeting - ${lib.getExe pkgs.nix-your-shell} fish | source - ''; - loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; - plugins = [ - { - name = "bang-bang"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-bang-bang"; - rev = "f969c618301163273d0a03d002614d9a81952c1e"; - sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; - }; - } - { - name = "z"; - src = pkgs.fetchFromGitHub { - owner = "jethrokuan"; - repo = "z"; - rev = "067e867debee59aee231e789fc4631f80fa5788e"; - sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; - }; - } - ]; - }; - }; - }; -} diff --git a/aspects/base/locale.nix b/aspects/base/locale.nix deleted file mode 100644 index 4d0c716..0000000 --- a/aspects/base/locale.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.locale = - { ... }: - { - time.timeZone = "America/Bahia"; - - i18n = { - defaultLocale = "en_US.UTF-8"; - extraLocaleSettings = { - LC_ADDRESS = "pt_BR.utf8"; - LC_COLLATE = "pt_BR.utf8"; - LC_IDENTIFICATION = "pt_BR.utf8"; - LC_MEASUREMENT = "pt_BR.utf8"; - LC_MONETARY = "pt_BR.utf8"; - LC_NAME = "pt_BR.utf8"; - LC_NUMERIC = "pt_BR.utf8"; - LC_PAPER = "pt_BR.utf8"; - LC_TELEPHONE = "pt_BR.utf8"; - LC_TIME = "en_IE.utf8"; - }; - }; - }; -} diff --git a/aspects/base/nix.nix b/aspects/base/nix.nix deleted file mode 100644 index 0cfe285..0000000 --- a/aspects/base/nix.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ ... }: -{ - flake.modules.nixos.nix = - { - inputs, - pkgs, - lib, - ... - }: - { - imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; - - nix = { - settings = { - auto-optimise-store = true; - connect-timeout = 10; - log-lines = 25; - min-free = 128000000; - max-free = 1000000000; - trusted-users = [ "@wheel" ]; - }; - extraOptions = "experimental-features = nix-command flakes"; - gc = { - automatic = true; - options = "--delete-older-than 8d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - enableParallelBuilding = true; - buildManPages = false; - buildDocs = false; - }; - - services.nixos-cli = { - enable = true; - config = { - ignore_dirty_tree = true; - apply = { - reexec_as_root = true; - use_nom = true; - }; - confirmation.empty = "default-yes"; - differ = { - command = [ - "${lib.getExe pkgs.nvd}" - "diff" - ]; - tool = "command"; - }; - }; - }; - - environment.systemPackages = with pkgs; [ - nix-output-monitor - ]; - - documentation.nixos.enable = false; - - system.stateVersion = "22.11"; - }; -} diff --git a/aspects/base/ssh.nix b/aspects/base/ssh.nix deleted file mode 100644 index 6569bf0..0000000 --- a/aspects/base/ssh.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.ssh = - { ... }: - { - services.openssh = { - enable = true; - settings.PermitRootLogin = "no"; - extraConfig = '' - PrintLastLog no - ''; - }; - programs = { - bash.interactiveShellInit = '' - if [ -n "$SSH_CONNECTION" ] && [ -z "$IN_NIX_SHELL" ] && [ -z "$TMUX" ]; then - export TERM=xterm-256color - clear - fastfetch - fi - ''; - fish.interactiveShellInit = '' - set fish_greeting - if set -q SSH_CONNECTION; and not set -q IN_NIX_SHELL; and not set -q TMUX - export TERM=xterm-256color - clear - fastfetch - end - ''; - }; - }; -} diff --git a/aspects/base/zsh.nix b/aspects/base/zsh.nix deleted file mode 100644 index 18d7ff6..0000000 --- a/aspects/base/zsh.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ ... }: -{ - flake.modules = { - nixos.zsh = - { ... }: - { - programs.zsh.enable = true; - }; - homeManager.zsh = - { - config, - lib, - pkgs, - ... - }: - { - programs.zsh = { - enable = true; - dotDir = "${config.xdg.configHome}/zsh"; - autosuggestion = { - enable = true; - strategy = [ - "match_prev_cmd" - "completion" - ]; - }; - enableCompletion = true; - syntaxHighlighting.enable = true; - initExtra = '' - unsetopt beep - ${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin - # Expand !! and !$ on space (Fish-style) - bindkey ' ' magic-space - setopt HIST_VERIFY - # Fish-style Ctrl+Backspace: delete one path segment at a time - function backward-kill-path-component() { - if [[ "$LBUFFER" == */ ]]; then - LBUFFER="''${LBUFFER%/}" - fi - - if [[ "$LBUFFER" == */* ]]; then - LBUFFER="''${LBUFFER%/*}/" - else - zle backward-kill-word - fi - } - zle -N backward-kill-path-component - bindkey '^H' backward-kill-path-component - # Ctrl+Arrow Keys to move back and forward by a word - bindkey "^[[1;5D" backward-word - bindkey "^[[1;5C" forward-word - ''; - loginExtra = "${lib.getExe pkgs.nix-your-shell} zsh | source /dev/stdin"; - history = { - size = 10000; - save = 10000; - share = true; - }; - initExtraBeforeCompInit = '' - zstyle ':completion:*' menu select - zstyle ':completion:*' matcher-list 'm:{a-zA-Z}={A-Za-z}' - ''; - }; - }; - }; -} diff --git a/aspects/bluetooth.nix b/aspects/bluetooth.nix index 6c7b2d8..222bdf2 100644 --- a/aspects/bluetooth.nix +++ b/aspects/bluetooth.nix @@ -1,16 +1,6 @@ { ... }: { - flake.modules.nixos.bluetooth = - { - config, - lib, - pkgs, - ... - }: - { - hardware.bluetooth = { - enable = true; - powerOnBoot = false; - }; - }; + flake.modules.nixos.bluetooth = { config, lib, pkgs, ... }: { + hardware.bluetooth.enable = true; + }; } diff --git a/aspects/cli/btop.nix b/aspects/cli/btop.nix index 220a462..09a815e 100644 --- a/aspects/cli/btop.nix +++ b/aspects/cli/btop.nix @@ -1,28 +1,13 @@ { ... }: { - flake.modules = { - nixos.btop = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ btop ]; - }; - - homeManager.btop = - { - config, - lib, - pkgs, - ... - }: - { - programs.btop = { - enable = true; - settings = { - theme_background = false; - proc_sorting = "cpu direct"; - update_ms = 500; - }; - }; + flake.modules.homeManager.cli-btop = { config, lib, pkgs, ... }: { + programs.btop = { + enable = true; + settings = { + theme_background = false; + proc_sorting = "cpu direct"; + update_ms = 500; }; + }; }; } diff --git a/aspects/cli/comma.nix b/aspects/cli/comma.nix index 169144f..b8e6c2a 100644 --- a/aspects/cli/comma.nix +++ b/aspects/cli/comma.nix @@ -1,16 +1,8 @@ { ... }: { - flake.modules.homeManager.comma = - { - config, - lib, - pkgs, - inputs, - ... - }: - { - imports = [ inputs.nix-index-database.homeModules.nix-index ]; + flake.modules.homeManager.cli-comma = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.nix-index-database.homeModules.nix-index ]; - programs.nix-index-database.comma.enable = true; - }; + programs.nix-index-database.comma.enable = true; + }; } diff --git a/aspects/cli/direnv.nix b/aspects/cli/direnv.nix index 2cfb2ef..4399283 100644 --- a/aspects/cli/direnv.nix +++ b/aspects/cli/direnv.nix @@ -1,16 +1,9 @@ { ... }: { - flake.modules.homeManager.direnv = - { - config, - lib, - pkgs, - ... - }: - { - programs.direnv = { - enable = true; - nix-direnv.enable = true; - }; + flake.modules.homeManager.cli-direnv = { config, lib, pkgs, ... }: { + programs.direnv = { + enable = true; + nix-direnv.enable = true; }; + }; } diff --git a/aspects/cli/helix.nix b/aspects/cli/helix.nix index 5735d6f..1fa2baf 100644 --- a/aspects/cli/helix.nix +++ b/aspects/cli/helix.nix @@ -1,74 +1,50 @@ { ... }: { - flake.modules = { - nixos.helix = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - helix - ]; - }; + flake.modules.homeManager.cli-helix = { config, lib, pkgs, ... }: { + home.sessionVariables = { + EDITOR = "hx"; + }; - homeManager.helix = - { - config, - lib, - pkgs, - ... - }: - { - home.sessionVariables = { - EDITOR = "hx"; + programs.helix = { + enable = true; + settings = { + editor = { + file-picker.hidden = false; + idle-timeout = 0; + line-number = "relative"; + cursor-shape = { + normal = "underline"; + insert = "bar"; + select = "underline"; + }; + soft-wrap.enable = true; + auto-format = true; + indent-guides.render = true; }; - - programs.helix = { - enable = true; - themes = { - base16_terminal_transparent = { - inherits = "base16_terminal"; - "ui.background" = { }; - }; - }; - settings = { - theme = "base16_terminal_transparent"; - editor = { - file-picker.hidden = false; - idle-timeout = 0; - line-number = "relative"; - cursor-shape = { - normal = "underline"; - insert = "bar"; - select = "underline"; - }; - soft-wrap.enable = true; - auto-format = true; - indent-guides.render = true; - }; - keys.normal = { - space = { - o = "file_picker_in_current_buffer_directory"; - esc = [ - "collapse_selection" - "keep_primary_selection" - ]; - }; - }; - }; - languages = { - language = [ - { - name = "nix"; - auto-format = true; - formatter.command = "nixfmt"; - } - { - name = "typst"; - auto-format = true; - formatter.command = "typstyle -c 1000 -i"; - } + keys.normal = { + space = { + o = "file_picker_in_current_buffer_directory"; + esc = [ + "collapse_selection" + "keep_primary_selection" ]; }; }; }; + languages = { + language = [ + { + name = "nix"; + auto-format = true; + formatter.command = "nixfmt"; + } + { + name = "typst"; + auto-format = true; + formatter.command = "typstyle -c 1000 -i"; + } + ]; + }; + }; }; } diff --git a/aspects/cli/hm-cli.nix b/aspects/cli/hm-cli.nix index 97d79e4..acee59d 100644 --- a/aspects/cli/hm-cli.nix +++ b/aspects/cli/hm-cli.nix @@ -1,18 +1,11 @@ { ... }: { - flake.modules.homeManager.hm-cli = - { - config, - lib, - pkgs, - ... - }: - { - home = { - packages = with pkgs; [ hm-cli ]; - sessionVariables = { - HM_PATH = "/etc/nixos"; - }; + flake.modules.homeManager.cli-base = { config, lib, pkgs, ... }: { + home = { + packages = with pkgs; [ hm-cli ]; + sessionVariables = { + HM_PATH = "/etc/nixos"; }; }; + }; } diff --git a/aspects/cli/starship.nix b/aspects/cli/starship.nix index 3ac5e4f..e9884a7 100644 --- a/aspects/cli/starship.nix +++ b/aspects/cli/starship.nix @@ -1,48 +1,41 @@ { ... }: { - flake.modules.homeManager.starship = - { - config, - lib, - pkgs, - ... - }: - { - programs.starship = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - settings = { - add_newline = false; - format = '' - $hostname$directory$git_branch$git_status$nix_shell - [ ❯ ](bold green) - ''; - right_format = "$cmd_duration$character"; - hostname = { - ssh_symbol = "󰖟 "; - }; - character = { - error_symbol = "[](red)"; - success_symbol = "[󱐋](green)"; - }; - cmd_duration = { - format = "[󰄉 $duration ]($style)"; - style = "yellow"; - min_time = 500; - }; - git_branch = { - symbol = " "; - style = "purple"; - }; - git_status.style = "red"; - nix_shell = { - format = "via [$symbol$state]($style)"; - heuristic = true; - style = "blue"; - symbol = "󱄅 "; - }; + flake.modules.homeManager.cli-starship = { config, lib, pkgs, ... }: { + programs.starship = { + enable = true; + enableBashIntegration = true; + enableFishIntegration = true; + settings = { + add_newline = false; + format = '' + $hostname$directory$git_branch$git_status$nix_shell + [ ❯ ](bold green) + ''; + right_format = "$cmd_duration$character"; + hostname = { + ssh_symbol = "󰖟 "; + }; + character = { + error_symbol = "[](red)"; + success_symbol = "[󱐋](green)"; + }; + cmd_duration = { + format = "[󰄉 $duration ]($style)"; + style = "yellow"; + min_time = 500; + }; + git_branch = { + symbol = " "; + style = "purple"; + }; + git_status.style = "red"; + nix_shell = { + format = "via [$symbol$state]($style)"; + heuristic = true; + style = "blue"; + symbol = "󱄅 "; }; }; }; + }; } diff --git a/aspects/cli/tmux.nix b/aspects/cli/tmux.nix index 4937574..078a6aa 100644 --- a/aspects/cli/tmux.nix +++ b/aspects/cli/tmux.nix @@ -1,29 +1,12 @@ { ... }: { - flake.modules = { - nixos.tmux = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - tmux - ]; - }; - - homeManager.tmux = - { - config, - lib, - pkgs, - ... - }: - { - programs.tmux = { - enable = true; - clock24 = true; - terminal = "xterm-256color"; - mouse = true; - keyMode = "vi"; - }; - }; + flake.modules.homeManager.cli-tmux = { config, lib, pkgs, ... }: { + programs.tmux = { + enable = true; + clock24 = true; + terminal = "xterm-256color"; + mouse = true; + keyMode = "vi"; + }; }; } diff --git a/aspects/common/boot.nix b/aspects/common/boot.nix new file mode 100644 index 0000000..109d6f2 --- /dev/null +++ b/aspects/common/boot.nix @@ -0,0 +1,21 @@ +{ ... }: +{ + flake.modules.nixos.common-boot = { pkgs, ... }: { + boot = { + loader = { + timeout = 1; + efi.canTouchEfiVariables = true; + systemd-boot = { + enable = true; + editor = false; + consoleMode = "max"; + sortKey = "aa"; + netbootxyz = { + enable = true; + sortKey = "zz"; + }; + }; + }; + }; + }; +} diff --git a/aspects/common/console.nix b/aspects/common/console.nix new file mode 100644 index 0000000..6f6be9f --- /dev/null +++ b/aspects/common/console.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-console = { ... }: { + console = { + useXkbConfig = true; + earlySetup = true; + }; + }; +} diff --git a/aspects/common/firewall.nix b/aspects/common/firewall.nix new file mode 100644 index 0000000..af1a8f7 --- /dev/null +++ b/aspects/common/firewall.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-firewall = { ... }: { + networking = { + firewall.enable = true; + nftables.enable = true; + }; + }; +} diff --git a/aspects/common/locale.nix b/aspects/common/locale.nix new file mode 100644 index 0000000..2b91759 --- /dev/null +++ b/aspects/common/locale.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + flake.modules.nixos.common-locale = { ... }: { + time.timeZone = "America/Bahia"; + + i18n = { + defaultLocale = "en_US.UTF-8"; + extraLocaleSettings = { + LC_ADDRESS = "pt_BR.utf8"; + LC_COLLATE = "pt_BR.utf8"; + LC_IDENTIFICATION = "pt_BR.utf8"; + LC_MEASUREMENT = "pt_BR.utf8"; + LC_MONETARY = "pt_BR.utf8"; + LC_NAME = "pt_BR.utf8"; + LC_NUMERIC = "pt_BR.utf8"; + LC_PAPER = "pt_BR.utf8"; + LC_TELEPHONE = "pt_BR.utf8"; + LC_TIME = "en_IE.utf8"; + }; + }; + }; +} diff --git a/aspects/common/nix.nix b/aspects/common/nix.nix new file mode 100644 index 0000000..414c315 --- /dev/null +++ b/aspects/common/nix.nix @@ -0,0 +1,39 @@ +{ ... }: +{ + flake.modules.nixos.common-nix = { inputs, ... }: { + imports = [ inputs.nixos-cli.nixosModules.nixos-cli ]; + + nix = { + settings = { + auto-optimise-store = true; + connect-timeout = 10; + log-lines = 25; + min-free = 128000000; + max-free = 1000000000; + trusted-users = [ "@wheel" ]; + }; + extraOptions = "experimental-features = nix-command flakes"; + gc = { + automatic = true; + options = "--delete-older-than 8d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + enableParallelBuilding = true; + buildManPages = false; + buildDocs = false; + }; + + services.nixos-cli = { + enable = true; + config = { + use_nvd = true; + ignore_dirty_tree = true; + }; + }; + + system.stateVersion = "22.11"; + }; +} diff --git a/aspects/common/openssh.nix b/aspects/common/openssh.nix new file mode 100644 index 0000000..c515d81 --- /dev/null +++ b/aspects/common/openssh.nix @@ -0,0 +1,12 @@ +{ ... }: +{ + flake.modules.nixos.common-openssh = { ... }: { + services.openssh = { + enable = true; + settings.PermitRootLogin = "no"; + extraConfig = '' + PrintLastLog no + ''; + }; + }; +} diff --git a/aspects/common/programs.nix b/aspects/common/programs.nix new file mode 100644 index 0000000..7d12f09 --- /dev/null +++ b/aspects/common/programs.nix @@ -0,0 +1,43 @@ +{ ... }: +{ + flake.modules.nixos.common-programs = + { lib, pkgs, ... }: + { + environment = { + systemPackages = with pkgs; [ + ### Dev Tools ### + git + ### System Utilities ### + btop + fastfetch + helix + nixos-firewall-tool + nvd + sysz + tmux + wget + yazi + ]; + shellAliases = { + cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; + ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; + tree = "ls --tree"; + }; + }; + + programs = { + command-not-found.enable = false; + fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + if set -q SSH_CONNECTION + export TERM=xterm-256color + clear + fastfetch + end + ''; + }; + }; + }; +} diff --git a/aspects/base/security.nix b/aspects/common/security.nix similarity index 81% rename from aspects/base/security.nix rename to aspects/common/security.nix index 310e345..2ad04a0 100644 --- a/aspects/base/security.nix +++ b/aspects/common/security.nix @@ -1,6 +1,6 @@ { ... }: { - flake.modules.nixos.security = + flake.modules.nixos.common-security = { ... }: { security.sudo = { diff --git a/aspects/common/services.nix b/aspects/common/services.nix new file mode 100644 index 0000000..befdbb9 --- /dev/null +++ b/aspects/common/services.nix @@ -0,0 +1,10 @@ +{ ... }: +{ + flake.modules.nixos.common-services = { ... }: { + services = { + dbus.implementation = "broker"; + irqbalance.enable = true; + fstrim.enable = true; + }; + }; +} diff --git a/aspects/common/tailscale.nix b/aspects/common/tailscale.nix new file mode 100644 index 0000000..13eb82a --- /dev/null +++ b/aspects/common/tailscale.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.nixos.common-tailscale = { ... }: { + services.tailscale = { + enable = true; + extraUpFlags = [ "--operator=user" ]; + }; + }; +} diff --git a/aspects/constants.nix b/aspects/constants.nix index 5a82660..2d980e1 100644 --- a/aspects/constants.nix +++ b/aspects/constants.nix @@ -1,9 +1,4 @@ -{ - inputs, - lib, - config, - ... -}: +{ lib, config, ... }: let # Host submodule type @@ -59,15 +54,12 @@ let sharedData = import ../data/services.nix; # Enrich services with host IP information - enrichServices = - hosts: services: - map ( - svc: + enrichServices = hosts: services: + map (svc: let - hostInfo = hosts.${svc.host} or { }; + hostInfo = hosts.${svc.host} or {}; in - svc - // { + svc // { lanIP = hostInfo.lanIP or null; tailscaleIP = hostInfo.tailscaleIP or null; } @@ -78,19 +70,19 @@ in options.flake = { hosts = lib.mkOption { type = lib.types.attrsOf hostType; - default = { }; + default = {}; description = "Host definitions with IP addresses"; }; services = lib.mkOption { type = lib.types.listOf serviceType; - default = [ ]; + default = []; description = "Service definitions with enriched host information"; }; lib = lib.mkOption { type = lib.types.attrsOf lib.types.raw; - default = { }; + default = {}; description = "Utility functions for flake configuration"; }; }; @@ -102,11 +94,9 @@ in lib = { # Nginx virtual host utilities - mkNginxVHosts = - { domains }: + mkNginxVHosts = { domains }: let - mkVHostConfig = - domain: vhostConfig: + mkVHostConfig = domain: vhostConfig: lib.recursiveUpdate { useACMEHost = domain; forceSSL = true; @@ -117,8 +107,7 @@ in # Split DNS utilities for unbound # Generates unbound view config from a list of DNS entries - mkSplitDNS = - entries: + mkSplitDNS = entries: let tailscaleData = map (e: ''"${e.domain}. IN A ${e.tailscaleIP}"'') entries; lanData = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') entries; @@ -137,81 +126,6 @@ in local-data = lanData; } ]; - # Generates flake.homeConfigurations - mkHomeConfiguration = - { - user, - hostname, - system ? "x86_64-linux", - stateVersion ? "22.05", - nixpkgs ? inputs.nixpkgs, # override with e.g. inputs.nixpkgs-stable - userModules ? [ ], - overlays ? [ inputs.self.overlays.default ], - homeManagerModules ? with inputs.self.modules.homeManager; [ - base - cli - ], - userDirectory ? "/home/${user}", - }: - inputs.home-manager.lib.homeManagerConfiguration { - pkgs = nixpkgs.legacyPackages.${system}; - - extraSpecialArgs = { - inherit inputs hostname; - }; - - modules = [ - { nixpkgs.overlays = overlays; } - { - home = { - username = user; - homeDirectory = userDirectory; - inherit stateVersion; - }; - } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) - "/${inputs.self}/aspects/users/_${user}" - ) - ] - ++ homeManagerModules - ++ userModules; - }; - # Generates flake.nixosConfigurations - mkHost = - { - hostname, - system ? "x86_64-linux", - nixpkgs ? inputs.nixpkgs, - overlays ? [ - inputs.agenix.overlays.default - inputs.self.overlays.default - ], - ephemeralRootDev ? null, # pass rootDevice string to enable, e.g. ephemeralephemeralRootDev = "/dev/mapper/cryptroot" - nixosModules ? with inputs.self.modules.nixos; [ - base - cli - user - root - ], - extraModules ? [ ], - }: - nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { inherit inputs; }; - modules = [ - inputs.agenix.nixosModules.default - { networking.hostName = hostname; } - { nixpkgs.overlays = overlays; } - ((inputs.import-tree.initFilter (p: lib.hasSuffix ".nix" p)) - "${inputs.self}/aspects/hosts/_${hostname}" - ) - ] - ++ (lib.optional (ephemeralRootDev != null) ( - inputs.self.factory.ephemeral { rootDevice = ephemeralRootDev; } - )) - ++ nixosModules - ++ extraModules; - }; }; }; } diff --git a/aspects/desktop/boot.nix b/aspects/desktop/boot.nix new file mode 100644 index 0000000..48f879d --- /dev/null +++ b/aspects/desktop/boot.nix @@ -0,0 +1,27 @@ +{ ... }: +{ + flake.modules.nixos.desktop-boot = { config, lib, pkgs, ... }: { + boot = { + plymouth.enable = true; + initrd.systemd.enable = true; + loader.efi.efiSysMountPoint = "/boot/efi"; + kernelPackages = pkgs.linuxPackages_xanmod_latest; + extraModprobeConfig = '' + options bluetooth disable_ertm=1 + ''; + kernel.sysctl = { + "net.ipv4.tcp_mtu_probing" = 1; + }; + kernelParams = [ + "quiet" + "splash" + "i2c-dev" + "i2c-piix4" + "loglevel=3" + "udev.log_priority=3" + "rd.udev.log_level=3" + "rd.systemd.show_status=false" + ]; + }; + }; +} diff --git a/aspects/desktop/desktop.nix b/aspects/desktop/desktop.nix new file mode 100644 index 0000000..f2298e7 --- /dev/null +++ b/aspects/desktop/desktop.nix @@ -0,0 +1,292 @@ +{ + inputs, + ... +}: +{ + flake.modules = { + nixos.desktop-desktop = { config, lib, pkgs, ... }: { + imports = [ + inputs.niri-flake.nixosModules.niri + inputs.nix-flatpak.nixosModules.nix-flatpak + ]; + + environment = { + sessionVariables = { + KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir + NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland + }; + systemPackages = with pkgs; [ + ### Web ### + bitwarden-desktop + fragments + nextcloud-client + tor-browser + vesktop + inputs.zen-browser.packages."${system}".default + ### Office & Productivity ### + aspell + aspellDicts.de + aspellDicts.en + aspellDicts.en-computers + aspellDicts.pt_BR + papers + presenterm + rnote + ### Graphics & Design ### + gimp + inkscape + plasticity + ### System Utilities ### + adwaita-icon-theme + ghostty + gnome-disk-utility + junction + libfido2 + mission-center + nautilus + p7zip + rclone + toggleaudiosink + unrar + ### Media ### + decibels + loupe + obs-studio + showtime + ]; + }; + + services = { + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + wireplumber.enable = true; + }; + greetd = { + enable = true; + settings = { + default_session = { + command = "${lib.getExe pkgs.tuigreet} --user-menu --time --remember --asterisks --cmd ${config.programs.niri.package}/bin/niri-session"; + user = "greeter"; + }; + } + // lib.optionalAttrs (config.networking.hostName == "io") { + initial_session = { + command = "${config.programs.niri.package}/bin/niri-session"; + user = "user"; + }; + }; + }; + flatpak = { + enable = true; + packages = [ + ### Office & Productivity ### + "com.collabora.Office" + ### Graphics & Design ### + "com.boxy_svg.BoxySVG" + rec { + appId = "io.github.softfever.OrcaSlicer"; + sha256 = "0hdx5sg6fknj1pfnfxvlfwb5h6y1vjr6fyajbsnjph5gkp97c6p1"; + bundle = "${pkgs.fetchurl { + url = "https://github.com/SoftFever/OrcaSlicer/releases/download/v2.3.0/OrcaSlicer-Linux-flatpak_V2.3.0_x86_64.flatpak"; + inherit sha256; + }}"; + } + ### System Utilities ### + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + uninstallUnmanaged = true; + update.auto.enable = true; + }; + gvfs.enable = true; + }; + + security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority + + users = { + users.greeter = { + isSystemUser = true; + group = "greeter"; + }; + groups.greeter = { }; + }; + + programs = { + niri = { + enable = true; + package = inputs.niri.packages.${pkgs.system}.niri; + }; + kdeconnect = { + enable = true; + package = pkgs.valent; + }; + dconf.enable = true; + appimage = { + enable = true; + binfmt = true; + }; + }; + + niri-flake.cache.enable = false; + + fonts = { + fontDir.enable = true; + packages = with pkgs; [ + corefonts + inter + nerd-fonts.fira-code + noto-fonts-cjk-sans + noto-fonts-color-emoji + roboto + ]; + }; + + xdg.portal = { + extraPortals = with pkgs; [ + xdg-desktop-portal-gnome + xdg-desktop-portal-gtk + ]; + config = { + common.default = "*"; + niri.default = [ + "gtk" + "gnome" + ]; + }; + }; + }; + + homeManager.desktop-desktop = { config, lib, pkgs, inputs, ... }: { + imports = [ inputs.vicinae.homeManagerModules.default ]; + + fonts.fontconfig.enable = true; + + home.packages = with pkgs; [ xwayland-satellite ]; + + services.vicinae = { + enable = true; + systemd = { + enable = true; + autoStart = true; + }; + }; + + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + xdg = { + enable = true; + userDirs.enable = true; + mimeApps = { + enable = true; + defaultApplications = { + "text/html" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/http" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/https" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/about" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "x-scheme-handler/unknown" = [ + "re.sonny.Junction.desktop" + "zen-browser.desktop" + "torbrowser.desktop" + ]; + "image/jpeg" = "org.gnome.Loupe.desktop"; + "image/png" = "org.gnome.Loupe.desktop"; + "image/gif" = "org.gnome.Loupe.desktop"; + "image/webp" = "org.gnome.Loupe.desktop"; + "image/bmp" = "org.gnome.Loupe.desktop"; + "image/svg+xml" = "org.gnome.Loupe.desktop"; + "image/tiff" = "org.gnome.Loupe.desktop"; + "video/mp4" = "io.bassi.Showtime.desktop"; + "video/x-matroska" = "io.bassi.Showtime.desktop"; + "video/webm" = "io.bassi.Showtime.desktop"; + "video/mpeg" = "io.bassi.Showtime.desktop"; + "video/x-msvideo" = "io.bassi.Showtime.desktop"; + "video/quicktime" = "io.bassi.Showtime.desktop"; + "video/x-flv" = "io.bassi.Showtime.desktop"; + "audio/mpeg" = "io.bassi.Showtime.desktop"; + "audio/flac" = "io.bassi.Showtime.desktop"; + "audio/ogg" = "io.bassi.Showtime.desktop"; + "audio/wav" = "io.bassi.Showtime.desktop"; + "audio/mp4" = "io.bassi.Showtime.desktop"; + "audio/x-opus+ogg" = "io.bassi.Showtime.desktop"; + "application/pdf" = [ + "org.gnome.Papers.desktop" + "zen-browser.desktop" + ]; + "text/plain" = "Helix.desktop"; + "text/markdown" = "Helix.desktop"; + "text/x-log" = "Helix.desktop"; + "application/x-shellscript" = "Helix.desktop"; + "application/vnd.openxmlformats-officedocument.wordprocessingml.document" = + "com.collabora.Office.desktop"; # DOCX + "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" = + "com.collabora.Office.desktop"; # XLSX + "application/vnd.openxmlformats-officedocument.presentationml.presentation" = + "com.collabora.Office.desktop"; # PPTX + "application/vnd.oasis.opendocument.text" = "com.collabora.Office.desktop"; # ODT + "application/vnd.oasis.opendocument.spreadsheet" = "com.collabora.Office.desktop"; # ODS + "application/vnd.oasis.opendocument.presentation" = "com.collabora.Office.desktop"; # ODP + "application/msword" = "com.collabora.Office.desktop"; # DOC + "application/vnd.ms-excel" = "com.collabora.Office.desktop"; # XLS + "application/vnd.ms-powerpoint" = "com.collabora.Office.desktop"; # PPT + "application/zip" = "org.gnome.FileRoller.desktop"; + "application/x-tar" = "org.gnome.FileRoller.desktop"; + "application/x-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-bzip-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-xz-compressed-tar" = "org.gnome.FileRoller.desktop"; + "application/x-7z-compressed" = "org.gnome.FileRoller.desktop"; + "application/x-rar" = "org.gnome.FileRoller.desktop"; + "application/gzip" = "org.gnome.FileRoller.desktop"; + "application/x-bzip" = "org.gnome.FileRoller.desktop"; + "inode/directory" = "org.gnome.Nautilus.desktop"; + }; + }; + }; + + # Set Ghostty as default terminal + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/desktop/kde.nix b/aspects/desktop/kde.nix deleted file mode 100644 index 2fde5be..0000000 --- a/aspects/desktop/kde.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ ... }: - -{ - flake.modules = { - nixos.kde = - { pkgs, ... }: - { - services = { - displayManager = { - autoLogin = { - enable = true; - user = "user"; - }; - plasma-login-manager.enable = true; - }; - desktopManager.plasma6.enable = true; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - }; - xdg.portal = { - enable = true; - xdgOpenUsePortal = true; - extraPortals = with pkgs; [ - kdePackages.xdg-desktop-portal-kde - xdg-desktop-portal-gtk - xdg-desktop-portal-gnome - ]; - config.common.default = "*"; - }; - environment = { - systemPackages = with pkgs; [ - kara - kdePackages.karousel - kde-rounded-corners - ]; - plasma6.excludePackages = with pkgs.kdePackages; [ - elisa - gwenview - kate - khelpcenter - ]; - }; - programs = { - kdeconnect.enable = true; - partition-manager.enable = true; - }; - }; - - homeManager.kde = - { pkgs, ... }: - { - }; - }; -} diff --git a/aspects/desktop/niri.nix b/aspects/desktop/niri.nix new file mode 100644 index 0000000..6458ab0 --- /dev/null +++ b/aspects/desktop/niri.nix @@ -0,0 +1,220 @@ +{ ... }: +{ + flake.modules.homeManager.desktop-niri = { config, lib, pkgs, inputs, hostname ? null, ... }: + let + isRotterdam = hostname == "rotterdam"; + in + { + imports = [ inputs.noctalia.homeModules.default ]; + + services.kanshi = { + enable = true; + settings = [ + { + profile.name = "default"; + profile.outputs = [ + { + criteria = "*"; + scale = 1.0; + } + ]; + } + ]; + }; + + home = { + packages = with pkgs; [ + xwayland-satellite + inputs.noctalia.packages.${pkgs.system}.default + ]; + sessionVariables.QT_QPA_PLATFORMTHEME = "gtk3"; + }; + + xdg.configFile."niri/config.kdl".text = '' + input { + keyboard { + xkb { + layout "us" + variant "altgr-intl" + } + } + touchpad { + tap + dwt + drag true + drag-lock + natural-scroll + accel-speed 0.2 + accel-profile "flat" + scroll-method "two-finger" + middle-emulation + } + mouse { + natural-scroll + accel-speed 0.2 + accel-profile "flat" + } + warp-mouse-to-focus mode="center-xy" + focus-follows-mouse + } + + layout { + gaps 8 + center-focused-column "never" + auto-center-when-space-available + preset-column-widths { + ${ + if isRotterdam then + '' + proportion 0.33333 + proportion 0.5 + proportion 0.66667 + '' + else + '' + proportion 0.5 + proportion 1.0 + '' + } + } + default-column-width { proportion ${if isRotterdam then "0.33333" else "0.5"}; } + focus-ring { + off + } + border { + width 4 + active-color "#ffc87f" + inactive-color "#505050" + urgent-color "#9b0000" + } + tab-indicator { + width 4 + gap 4 + place-within-column + } + } + + overview { + zoom 0.65 + } + + spawn-at-startup "noctalia-shell" "-d" + layer-rule { + match namespace="^noctalia-overview*" + place-within-backdrop true + } + + hotkey-overlay { + skip-at-startup + } + + prefer-no-csd + screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png" + + animations { + slowdown 0.3 + } + + window-rule { + match app-id="zen" + default-column-width { proportion ${if isRotterdam then "0.5" else "1.0"}; } + } + + window-rule { + geometry-corner-radius 12 + clip-to-geometry true + } + + config-notification { + disable-failed + } + + binds { + Alt+Space repeat=false { spawn "vicinae" "toggle"; } + XF86AudioRaiseVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "increase"; } + XF86AudioLowerVolume allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "decrease"; } + XF86AudioMute allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "volume" "muteOutput"; } + XF86MonBrightnessUp allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "increase"; } + XF86MonBrightnessDown allow-when-locked=true { spawn "noctalia-shell" "ipc" "call" "brightness" "decrease"; } + XF86AudioPlay allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "play-pause"; } + XF86AudioStop allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "stop"; } + XF86AudioPrev allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "previous"; } + XF86AudioNext allow-when-locked=true { spawn "${lib.getExe pkgs.playerctl}" "next"; } + Mod+V repeat=false { spawn "vicinae" "vicinae://extensions/vicinae/clipboard/history"; } + Mod+Shift+L repeat=false { spawn "noctalia-shell" "ipc" "call" "lockScreen" "lock"; } + Mod+Return { spawn "ghostty"; } + Ctrl+Alt+Shift+A allow-when-locked=true { spawn "toggleaudiosink"; } + Mod+W repeat=false { toggle-overview; } + Mod+Q { close-window; } + Alt+Shift+Q { close-window;} + Mod+Shift+Q { close-window; } + Alt+F4 { close-window; } + Mod+Left { focus-column-left; } + Mod+Down { focus-window-or-workspace-down; } + Mod+Up { focus-window-or-workspace-up; } + Mod+Right { focus-column-right; } + Mod+H { focus-column-left; } + Mod+L { focus-column-right; } + Mod+J { focus-window-or-workspace-down; } + Mod+K { focus-window-or-workspace-up; } + Mod+Ctrl+Left { move-column-left; } + Mod+Ctrl+Down { move-window-down-or-to-workspace-down; } + Mod+Ctrl+Up { move-window-up-or-to-workspace-up; } + Mod+Ctrl+Right { move-column-right; } + Mod+Ctrl+H { move-column-left; } + Mod+Ctrl+J { move-window-down-or-to-workspace-down; } + Mod+Ctrl+K { move-window-up-or-to-workspace-up; } + Mod+Ctrl+L { move-column-right; } + Mod+Home { focus-column-first; } + Mod+End { focus-column-last; } + Mod+Ctrl+Home { move-column-to-first; } + Mod+Ctrl+End { move-column-to-last; } + Mod+Alt+Left { focus-monitor-left; } + Mod+Alt+Down { focus-monitor-down; } + Mod+Alt+Up { focus-monitor-up; } + Mod+Alt+Right { focus-monitor-right; } + Mod+Alt+H { focus-monitor-left; } + Mod+Alt+J { focus-monitor-down; } + Mod+Alt+K { focus-monitor-up; } + Mod+Alt+L { focus-monitor-right; } + Mod+Alt+Ctrl+Left { move-column-to-monitor-left; } + Mod+Alt+Ctrl+Down { move-column-to-monitor-down; } + Mod+Alt+Ctrl+Up { move-column-to-monitor-up; } + Mod+Alt+Ctrl+Right { move-column-to-monitor-right; } + Mod+Alt+Ctrl+H { move-column-to-monitor-left; } + Mod+Alt+Ctrl+J { move-column-to-monitor-down; } + Mod+Alt+Ctrl+K { move-column-to-monitor-up; } + Mod+Alt+Ctrl+L { move-column-to-monitor-right; } + Mod+Ctrl+U { move-workspace-down; } + Mod+Ctrl+I { move-workspace-up; } + Mod+WheelScrollDown cooldown-ms=150 { focus-workspace-down; } + Mod+WheelScrollUp cooldown-ms=150 { focus-workspace-up; } + Mod+Ctrl+WheelScrollDown cooldown-ms=150 { move-column-to-workspace-down; } + Mod+Ctrl+WheelScrollUp cooldown-ms=150 { move-column-to-workspace-up; } + Mod+Shift+WheelScrollDown { focus-column-right; } + Mod+Shift+WheelScrollUp { focus-column-left; } + Mod+Ctrl+Shift+WheelScrollDown { move-column-right; } + Mod+Ctrl+Shift+WheelScrollUp { move-column-left; } + Mod+BracketLeft { consume-or-expel-window-left; } + Mod+BracketRight { consume-or-expel-window-right; } + Mod+Comma { consume-window-into-column; } + Mod+Period { expel-window-from-column; } + Mod+R { switch-preset-column-width; } + Mod+F { maximize-column; } + Mod+Ctrl+F { fullscreen-window; } + Mod+C { center-visible-columns; } + Mod+Ctrl+C { center-column; } + Mod+Space { toggle-window-floating; } + Mod+Ctrl+Space { switch-focus-between-floating-and-tiling; } + Mod+T { toggle-column-tabbed-display; } + Print { screenshot-screen; } + Mod+Print { screenshot; } + Ctrl+Print { screenshot-window; } + Mod+Backspace allow-inhibiting=false { toggle-keyboard-shortcuts-inhibit; } + Mod+Alt+E { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Ctrl+Alt+Delete { spawn "noctalia-shell" "ipc" "call" "sessionMenu" "toggle"; } + Mod+Ctrl+P { power-off-monitors; } + } + ''; + }; +} diff --git a/aspects/desktop/nix.nix b/aspects/desktop/nix.nix new file mode 100644 index 0000000..a3aa421 --- /dev/null +++ b/aspects/desktop/nix.nix @@ -0,0 +1,14 @@ +{ inputs, ... }: +{ + flake.modules.nixos.desktop-nix = { config, lib, pkgs, ... }: { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs; + nixPath = [ + "nixpkgs=${inputs.nixpkgs}" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/desktop/services.nix b/aspects/desktop/services.nix new file mode 100644 index 0000000..8ebbb6b --- /dev/null +++ b/aspects/desktop/services.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + flake.modules.nixos.desktop-services = { config, lib, pkgs, ... }: { + services = { + printing.enable = true; + udev.packages = with pkgs; [ yubikey-personalization ]; + keyd = { + enable = true; + keyboards.all = { + ids = [ "*" ]; + settings.main.capslock = "overload(meta, esc)"; + }; + }; + }; + }; +} diff --git a/aspects/dev.nix b/aspects/dev.nix index afe9edc..cc84646 100644 --- a/aspects/dev.nix +++ b/aspects/dev.nix @@ -1,23 +1,19 @@ { ... }: { - flake.modules.nixos.dev = - { - config, - lib, - pkgs, - ... - }: - { - environment.systemPackages = with pkgs; [ - android-tools - lazygit - fd - fzf - nixfmt - nix-init - ripgrep - ]; + flake.modules.nixos.dev = { config, lib, pkgs, ... }: { + environment.systemPackages = with pkgs; [ + android-tools + bat + lazygit + fd + fzf + glow + nixfmt + nix-init + nix-output-monitor + ripgrep + ]; - users.users.user.extraGroups = [ "adbusers" ]; - }; + users.users.user.extraGroups = [ "adbusers" ]; + }; } diff --git a/aspects/ephemeral.nix b/aspects/ephemeral.nix index 90c03c6..724f931 100644 --- a/aspects/ephemeral.nix +++ b/aspects/ephemeral.nix @@ -3,8 +3,7 @@ { inputs, ... }: { # Base module with options (for external flakes or direct use) - flake.modules.nixos.ephemeral = - { lib, config, ... }: + flake.modules.nixos.ephemeral = { lib, config, ... }: let cfg = config.ephemeral; in @@ -90,19 +89,18 @@ # Factory function that generates configured modules flake.factory.ephemeral = - { - rootDevice, - rootSubvolume ? "@root", - retentionDays ? 30, - persistentStoragePath ? "/persistent", - persistentFiles ? [ + { rootDevice + , rootSubvolume ? "@root" + , retentionDays ? 30 + , persistentStoragePath ? "/persistent" + , persistentFiles ? [ "/etc/machine-id" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" - ], - persistentDirectories ? [ + ] + , persistentDirectories ? [ "/etc/NetworkManager/system-connections" "/etc/nixos" "/var/lib/bluetooth" @@ -113,10 +111,9 @@ "/var/lib/systemd/timers" "/var/lib/tailscale" "/var/log" - ], + ] }: - { ... }: - { + { ... }: { imports = [ inputs.impermanence.nixosModules.impermanence inputs.self.modules.nixos.ephemeral diff --git a/aspects/fwupd.nix b/aspects/fwupd.nix index 217f1eb..746f1d0 100644 --- a/aspects/fwupd.nix +++ b/aspects/fwupd.nix @@ -1,13 +1,6 @@ { ... }: { - flake.modules.nixos.fwupd = - { - config, - lib, - pkgs, - ... - }: - { - services.fwupd.enable = true; - }; + flake.modules.nixos.fwupd = { config, lib, pkgs, ... }: { + services.fwupd.enable = true; + }; } diff --git a/aspects/gaming/flatpak.nix b/aspects/gaming/flatpak.nix new file mode 100644 index 0000000..ad50c7c --- /dev/null +++ b/aspects/gaming/flatpak.nix @@ -0,0 +1,23 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-flatpak = { pkgs, ... }: { + services.flatpak.packages = [ + "com.github.k4zmu2a.spacecadetpinball" + "com.steamgriddb.SGDBoop" + "io.github.Foldex.AdwSteamGtk" + "io.itch.itch" + "io.mrarm.mcpelauncher" + "net.retrodeck.retrodeck" + "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" + rec { + appId = "com.hypixel.HytaleLauncher"; + sha256 = "01307s44bklc1ldcigcn9n4lm8hf8q793v9fv7w4w04xd5zyh4rv"; + bundle = "${pkgs.fetchurl { + url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; + inherit sha256; + }}"; + } + ]; + }; +} diff --git a/aspects/gaming/hardware.nix b/aspects/gaming/hardware.nix new file mode 100644 index 0000000..f1bd75b --- /dev/null +++ b/aspects/gaming/hardware.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-hardware = { ... }: { + hardware = { + xpadneo.enable = true; + steam-hardware.enable = true; # Allow steam client to manage controllers + graphics.enable32Bit = true; # For OpenGL games + }; + }; +} diff --git a/aspects/gaming/launchers.nix b/aspects/gaming/launchers.nix new file mode 100644 index 0000000..5684f9f --- /dev/null +++ b/aspects/gaming/launchers.nix @@ -0,0 +1,11 @@ +{ ... }: + +{ + flake.modules.nixos.gaming-launchers = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + clonehero + heroic + prismlauncher + ]; + }; +} diff --git a/aspects/gaming/mangohud.nix b/aspects/gaming/mangohud.nix index 14a3df6..7f83644 100644 --- a/aspects/gaming/mangohud.nix +++ b/aspects/gaming/mangohud.nix @@ -2,46 +2,42 @@ { flake.modules = { - nixos.mangohud = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - mangohud - ]; - }; + nixos.gaming-mangohud = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + mangohud + ]; + }; - homeManager.mangohud = - { config, ... }: - { - programs.mangohud = { - enable = true; - enableSessionWide = true; - settings = { - position = "top-left"; - fps = true; - frametime = false; - frame_timing = false; - gpu_stats = true; - gpu_temp = true; - gpu_power = true; - cpu_stats = true; - cpu_temp = true; - cpu_power = true; - ram = true; - vram = true; - gamemode = false; - vkbasalt = false; - version = false; - engine_version = false; - vulkan_driver = false; - wine = false; - time = false; - fps_sampling_period = 500; - toggle_hud = "Shift_L+F12"; - toggle_logging = "Ctrl_L+F2"; - output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; - }; + homeManager.gaming-mangohud = { config, ... }: { + programs.mangohud = { + enable = true; + enableSessionWide = true; + settings = { + position = "top-left"; + fps = true; + frametime = false; + frame_timing = false; + gpu_stats = true; + gpu_temp = true; + gpu_power = true; + cpu_stats = true; + cpu_temp = true; + cpu_power = true; + ram = true; + vram = true; + gamemode = false; + vkbasalt = false; + version = false; + engine_version = false; + vulkan_driver = false; + wine = false; + time = false; + fps_sampling_period = 500; + toggle_hud = "Shift_L+F12"; + toggle_logging = "Ctrl_L+F2"; + output_folder = "${config.home.homeDirectory}/.local/share/mangohud"; }; }; + }; }; } diff --git a/aspects/gaming/steam.nix b/aspects/gaming/steam.nix index a10d0e4..e0ab9a8 100644 --- a/aspects/gaming/steam.nix +++ b/aspects/gaming/steam.nix @@ -1,24 +1,17 @@ { ... }: { - flake.modules.nixos.steam = - { pkgs, ... }: - { - environment.systemPackages = with pkgs; [ - steam-run - ]; + flake.modules.nixos.gaming-steam = { pkgs, ... }: { + environment.systemPackages = with pkgs; [ + steam-run + ]; - programs = { - steam = { - enable = true; - extraCompatPackages = [ pkgs.proton-ge-bin ]; - }; - gamemode.enable = true; + programs = { + steam = { + enable = true; + extraCompatPackages = [ pkgs.proton-ge-bin ]; }; - - services.flatpak.packages = [ - "com.steamgriddb.SGDBoop" - "io.github.Foldex.AdwSteamGtk" - ]; + gamemode.enable = true; }; + }; } diff --git a/aspects/hosts/_alexandria/kanidm.nix b/aspects/hosts/_alexandria/kanidm.nix new file mode 100644 index 0000000..35e08c8 --- /dev/null +++ b/aspects/hosts/_alexandria/kanidm.nix @@ -0,0 +1,82 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: + +let + mkNginxVHosts = inputs.self.lib.mkNginxVHosts; + kanidmCertDir = "/var/lib/kanidm/certs"; +in + +{ + services.kanidm = { + enableServer = true; + enableClient = true; + package = pkgs.kanidm; + + serverSettings = { + domain = "auth.baduhai.dev"; + origin = "https://auth.baduhai.dev"; + bindaddress = "127.0.0.1:8443"; + ldapbindaddress = "127.0.0.1:636"; + trust_x_forward_for = true; + # Use self-signed certificates for internal TLS + tls_chain = "${kanidmCertDir}/cert.pem"; + tls_key = "${kanidmCertDir}/key.pem"; + }; + + clientSettings = { + uri = "https://auth.baduhai.dev"; + }; + }; + + services.nginx.virtualHosts = mkNginxVHosts { + domains."auth.baduhai.dev" = { + locations."/" = { + proxyPass = "https://127.0.0.1:8443"; + extraConfig = '' + proxy_ssl_verify off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + ''; + }; + }; + }; + + networking.firewall.allowedTCPPorts = [ 636 ]; + + # Generate self-signed certificates for kanidm's internal TLS + systemd.services.kanidm-generate-certs = { + description = "Generate self-signed TLS certificates for Kanidm"; + wantedBy = [ "multi-user.target" ]; + before = [ "kanidm.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + mkdir -p ${kanidmCertDir} + if [ ! -f ${kanidmCertDir}/key.pem ]; then + ${pkgs.openssl}/bin/openssl req -x509 -newkey rsa:4096 \ + -keyout ${kanidmCertDir}/key.pem \ + -out ${kanidmCertDir}/cert.pem \ + -days 3650 -nodes \ + -subj "/CN=localhost" \ + -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" + chown -R kanidm:kanidm ${kanidmCertDir} + chmod 600 ${kanidmCertDir}/key.pem + chmod 644 ${kanidmCertDir}/cert.pem + fi + ''; + }; + + # Ensure certificate generation runs before kanidm starts + systemd.services.kanidm = { + after = [ "kanidm-generate-certs.service" ]; + wants = [ "kanidm-generate-certs.service" ]; + }; +} diff --git a/aspects/hosts/_alexandria/miniflux.nix b/aspects/hosts/_alexandria/miniflux.nix deleted file mode 100644 index 951bcb5..0000000 --- a/aspects/hosts/_alexandria/miniflux.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, inputs, ... }: - -let - mkNginxVHosts = inputs.self.lib.mkNginxVHosts; -in - -{ - services = { - miniflux = { - enable = true; - config = { - LISTEN_ADDR = "localhost:8080"; - CREATE_ADMIN = 1; - }; - adminCredentialsFile = config.age.secrets.miniflux-admincreds.path; - createDatabaseLocally = true; - }; - - nginx.virtualHosts = mkNginxVHosts { - domains."rss.baduhai.dev" = { - locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}/"; - }; - }; - }; - - age.secrets.miniflux-admincreds = { - file = "${inputs.self}/secrets/miniflux-admincreds.age"; - owner = "miniflux"; - group = "miniflux"; - }; -} diff --git a/aspects/hosts/_alexandria/nextcloud.nix b/aspects/hosts/_alexandria/nextcloud.nix index cb9f2ac..c4a9669 100644 --- a/aspects/hosts/_alexandria/nextcloud.nix +++ b/aspects/hosts/_alexandria/nextcloud.nix @@ -1,7 +1,8 @@ { + lib, config, - inputs, pkgs, + inputs, ... }: @@ -82,12 +83,12 @@ in age.secrets = { "nextcloud-secrets.json" = { - file = "${inputs.self}/secrets/nextcloud-secrets.json.age"; + file = ../../../secrets/nextcloud-secrets.json.age; owner = "nextcloud"; group = "nextcloud"; }; nextcloud-adminpass = { - file = "${inputs.self}/secrets/nextcloud-adminpass.age"; + file = ../../../secrets/nextcloud-adminpass.age; owner = "nextcloud"; group = "nextcloud"; }; diff --git a/aspects/hosts/_alexandria/nginx.nix b/aspects/hosts/_alexandria/nginx.nix index 087faf4..26a7ba1 100644 --- a/aspects/hosts/_alexandria/nginx.nix +++ b/aspects/hosts/_alexandria/nginx.nix @@ -51,7 +51,7 @@ in ]; age.secrets.cloudflare = { - file = "${inputs.self}/secrets/cloudflare.age"; + file = ../../../secrets/cloudflare.age; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/_alexandria/unbound.nix b/aspects/hosts/_alexandria/unbound.nix index 8aedc37..07c8850 100644 --- a/aspects/hosts/_alexandria/unbound.nix +++ b/aspects/hosts/_alexandria/unbound.nix @@ -34,7 +34,8 @@ in # LAN-only DNS records local-zone = ''"baduhai.dev." transparent''; - local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') (lib.filter (e: e.lanIP != null) services); + local-data = map (e: ''"${e.domain}. IN A ${e.lanIP}"'') + (lib.filter (e: e.lanIP != null) services); }; forward-zone = [ diff --git a/aspects/hosts/_rotterdam/services.nix b/aspects/hosts/_rotterdam/services.nix new file mode 100644 index 0000000..0bf276f --- /dev/null +++ b/aspects/hosts/_rotterdam/services.nix @@ -0,0 +1,11 @@ +{ + services.keyd = { + enable = true; + keyboards.main = { + ids = [ "5653:0001" ]; + settings.main = { + esc = "overload(meta, esc)"; + }; + }; + }; +} diff --git a/aspects/hosts/_trantor/forgejo.nix b/aspects/hosts/_trantor/forgejo.nix index 6d702e2..1112622 100644 --- a/aspects/hosts/_trantor/forgejo.nix +++ b/aspects/hosts/_trantor/forgejo.nix @@ -21,8 +21,6 @@ in ROOT_URL = "https://git.baduhai.dev"; OFFLINE_MODE = true; # disable use of CDNs SSH_DOMAIN = "git.baduhai.dev"; - SSH_USER = "forgejo"; - SSH_PORT = lib.head config.services.openssh.ports; }; log.LEVEL = "Warn"; mailer.ENABLED = false; @@ -69,8 +67,5 @@ in }; # Disable PrivateMounts to allow LoadCredential to work with bind-mounted directories - systemd.services.forgejo.serviceConfig = { - PrivateMounts = lib.mkForce false; - ProtectSystem = lib.mkForce false; - }; + systemd.services.forgejo.serviceConfig.PrivateMounts = lib.mkForce false; } diff --git a/aspects/hosts/_trantor/nginx.nix b/aspects/hosts/_trantor/nginx.nix index 24f96c3..5522e24 100644 --- a/aspects/hosts/_trantor/nginx.nix +++ b/aspects/hosts/_trantor/nginx.nix @@ -8,8 +8,12 @@ let services = inputs.self.services; - localDomains = lib.unique (map (s: s.domain) (lib.filter (s: s.host == "trantor") services)); + # Get all unique domains from shared services on trantor (host = "trantor") + localDomains = lib.unique ( + map (s: s.domain) (lib.filter (s: s.host == "trantor") services) + ); + # Generate ACME cert configs for all local domains acmeCerts = lib.genAttrs localDomains (domain: { group = "nginx"; }); @@ -49,7 +53,7 @@ in ]; age.secrets.cloudflare = { - file = "${inputs.self}/secrets/cloudflare.age"; + file = ../../../secrets/cloudflare.age; owner = "nginx"; group = "nginx"; }; diff --git a/aspects/hosts/alexandria.nix b/aspects/hosts/alexandria.nix index e4ce7bf..28c333e 100644 --- a/aspects/hosts/alexandria.nix +++ b/aspects/hosts/alexandria.nix @@ -1,19 +1,50 @@ -{ inputs, ... }: - -let - mkHost = inputs.self.lib.mkHost; -in - +{ inputs, self, ... }: { - flake.nixosConfigurations.alexandria = mkHost { - hostname = "alexandria"; - nixpkgs = inputs.nixpkgs-stable; - extraModules = with inputs.self.modules.nixos; [ - # base aspects - server - # other aspects - fwupd - podman + flake.nixosConfigurations.alexandria = inputs.nixpkgs-stable.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "alexandria"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Other aspects based on tags + inputs.self.modules.nixos.fwupd + + # Host-specific files (from _alexandria/) + ./_alexandria/hardware-configuration.nix + ./_alexandria/jellyfin.nix + ./_alexandria/kanidm.nix + ./_alexandria/nextcloud.nix + ./_alexandria/nginx.nix + ./_alexandria/unbound.nix + ./_alexandria/vaultwarden.nix ]; }; } diff --git a/aspects/hosts/io.nix b/aspects/hosts/io.nix index 238c889..c6c3dbf 100644 --- a/aspects/hosts/io.nix +++ b/aspects/hosts/io.nix @@ -1,23 +1,59 @@ -{ inputs, ... }: - -let - mkHost = inputs.self.lib.mkHost; -in - +{ inputs, self, ... }: { - flake.nixosConfigurations.io = mkHost { - hostname = "io"; - ephemeralRootDev = "/dev/mapper/cryptroot"; - extraModules = with inputs.self.modules.nixos; [ - # base aspects - desktop - # other aspects - ai - bluetooth - dev - kde - networkmanager - podman + flake.nixosConfigurations.io = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "io"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _io/) + ./_io/hardware-configuration.nix + ./_io/disko.nix + ./_io/boot.nix + ./_io/programs.nix + ./_io/services.nix ]; }; } diff --git a/aspects/hosts/rotterdam.nix b/aspects/hosts/rotterdam.nix index 568d161..76ffbb0 100644 --- a/aspects/hosts/rotterdam.nix +++ b/aspects/hosts/rotterdam.nix @@ -1,25 +1,64 @@ { inputs, ... }: - -let - mkHost = inputs.self.lib.mkHost; -in - { - flake.nixosConfigurations.rotterdam = mkHost { - hostname = "rotterdam"; - ephemeralRootDev = "/dev/mapper/cryptroot"; - extraModules = with inputs.self.modules.nixos; [ - # base aspects - desktop - gaming - # other aspects - ai - bluetooth - dev - fwupd - kde - networkmanager - podman + flake.nixosConfigurations.rotterdam = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "rotterdam"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root + + # Desktop aspects + inputs.self.modules.nixos.desktop-boot + inputs.self.modules.nixos.desktop-desktop + inputs.self.modules.nixos.desktop-nix + inputs.self.modules.nixos.desktop-services + + # Other aspects based on tags + inputs.self.modules.nixos.ai + inputs.self.modules.nixos.bluetooth + inputs.self.modules.nixos.dev + inputs.self.modules.nixos.fwupd + inputs.self.modules.nixos.gaming-steam + inputs.self.modules.nixos.gaming-hardware + inputs.self.modules.nixos.gaming-flatpak + inputs.self.modules.nixos.gaming-launchers + inputs.self.modules.nixos.libvirtd + inputs.self.modules.nixos.networkmanager + inputs.self.modules.nixos.podman + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/mapper/cryptroot"; + }) + + # Host-specific files (from _rotterdam/) + ./_rotterdam/hardware-configuration.nix + ./_rotterdam/boot.nix + ./_rotterdam/hardware.nix + ./_rotterdam/programs.nix + ./_rotterdam/services.nix ]; }; } diff --git a/aspects/hosts/trantor.nix b/aspects/hosts/trantor.nix index 14f9dd7..3de68a9 100644 --- a/aspects/hosts/trantor.nix +++ b/aspects/hosts/trantor.nix @@ -1,18 +1,54 @@ -{ inputs, ... }: - -let - mkHost = inputs.self.lib.mkHost; -in - +{ inputs, self, ... }: { - flake.nixosConfigurations.trantor = mkHost { - hostname = "trantor"; + flake.nixosConfigurations.trantor = inputs.nixpkgs-stable.lib.nixosSystem { system = "aarch64-linux"; - nixpkgs = inputs.nixpkgs-stable; - ephemeralRootDev = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; - extraModules = with inputs.self.modules.nixos; [ - # base aspects - server + specialArgs = { inherit inputs; }; + modules = [ + inputs.agenix.nixosModules.default + { networking.hostName = "trantor"; } + { + nixpkgs.overlays = [ + inputs.agenix.overlays.default + inputs.self.overlays.default + ]; + } + + # Common aspects (always included) + inputs.self.modules.nixos.common-boot + inputs.self.modules.nixos.common-console + inputs.self.modules.nixos.common-firewall + inputs.self.modules.nixos.common-locale + inputs.self.modules.nixos.common-nix + inputs.self.modules.nixos.common-openssh + inputs.self.modules.nixos.common-programs + inputs.self.modules.nixos.common-security + inputs.self.modules.nixos.common-services + inputs.self.modules.nixos.common-tailscale + + # User aspects + inputs.self.modules.nixos.user + inputs.self.modules.nixos.root + + # Server aspects + inputs.self.modules.nixos.server-boot + inputs.self.modules.nixos.server-nix + inputs.self.modules.nixos.server-tailscale + + # Factory-generated ephemeral module + (inputs.self.factory.ephemeral { + rootDevice = "/dev/disk/by-id/scsi-360b207ed25d84372a95d1ecf842f8e20-part2"; + }) + + # Host-specific files (from _trantor/) + ./_trantor/hardware-configuration.nix + ./_trantor/disko.nix + ./_trantor/boot.nix + ./_trantor/fail2ban.nix + ./_trantor/forgejo.nix + ./_trantor/networking.nix + ./_trantor/nginx.nix + ./_trantor/openssh.nix + ./_trantor/unbound.nix ]; }; } diff --git a/aspects/libvirtd.nix b/aspects/libvirtd.nix index 1135306..6487999 100644 --- a/aspects/libvirtd.nix +++ b/aspects/libvirtd.nix @@ -1,25 +1,18 @@ { ... }: { - flake.modules.nixos.libvirtd = - { - config, - lib, - pkgs, - ... - }: - { - virtualisation = { - libvirtd.enable = true; - spiceUSBRedirection.enable = true; - }; - - programs.virt-manager.enable = true; - - networking.firewall.trustedInterfaces = [ "virbr0" ]; - - users.users.user.extraGroups = [ - "libvirt" - "libvirtd" - ]; + flake.modules.nixos.libvirtd = { config, lib, pkgs, ... }: { + virtualisation = { + libvirtd.enable = true; + spiceUSBRedirection.enable = true; }; + + programs.virt-manager.enable = true; + + networking.firewall.trustedInterfaces = [ "virbr0" ]; + + users.users.user.extraGroups = [ + "libvirt" + "libvirtd" + ]; + }; } diff --git a/aspects/lxc.nix b/aspects/lxc.nix deleted file mode 100644 index 4225e0c..0000000 --- a/aspects/lxc.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: - -{ - flake.modules.nixos.lxc = - { - config, - lib, - pkgs, - ... - }: - { - virtualisation = { - lxc = { - enable = true; - unprivilegedContainers = true; - }; - incus.enable = true; - }; - - users.users.user.extraGroups = [ "incus-admin" ]; - }; -} diff --git a/aspects/networkmanager.nix b/aspects/networkmanager.nix index 82cb965..74c9260 100644 --- a/aspects/networkmanager.nix +++ b/aspects/networkmanager.nix @@ -1,15 +1,11 @@ { ... }: { - flake.modules.nixos.networkmanager = - { - config, - lib, - pkgs, - ... - }: - { - networking.networkmanager.enable = true; - - users.users.user.extraGroups = [ "networkmanager" ]; + flake.modules.nixos.networkmanager = { config, lib, pkgs, ... }: { + networking.networkmanager = { + enable = true; + wifi.backend = "iwd"; }; + + users.users.user.extraGroups = [ "networkmanager" ]; + }; } diff --git a/aspects/desktop/graphics.nix b/aspects/programs/graphics.nix similarity index 93% rename from aspects/desktop/graphics.nix rename to aspects/programs/graphics.nix index 7d1ed6d..4b7a16b 100644 --- a/aspects/desktop/graphics.nix +++ b/aspects/programs/graphics.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.graphics = + flake.modules.nixos.programs-graphics = { pkgs, ... }: { environment.systemPackages = with pkgs; [ diff --git a/aspects/desktop/media.nix b/aspects/programs/media.nix similarity index 79% rename from aspects/desktop/media.nix rename to aspects/programs/media.nix index 03ee54d..7daaa87 100644 --- a/aspects/desktop/media.nix +++ b/aspects/programs/media.nix @@ -2,17 +2,18 @@ { flake.modules = { - nixos.media = + nixos.programs-media = { pkgs, ... }: { environment.systemPackages = with pkgs; [ - mpv + decibels + loupe obs-studio - qview + showtime ]; }; - homeManager.media = + homeManager.programs-media = { pkgs, ... }: { programs.obs-studio = { diff --git a/aspects/desktop/office.nix b/aspects/programs/office.nix similarity index 84% rename from aspects/desktop/office.nix rename to aspects/programs/office.nix index 643812a..c3349f3 100644 --- a/aspects/desktop/office.nix +++ b/aspects/programs/office.nix @@ -1,7 +1,7 @@ { ... }: { - flake.modules.nixos.office = + flake.modules.nixos.programs-office = { pkgs, ... }: { environment.systemPackages = with pkgs; [ @@ -10,8 +10,7 @@ aspellDicts.en aspellDicts.en-computers aspellDicts.pt_BR - glow - kwrite + papers presenterm rnote ]; diff --git a/aspects/programs/utilities.nix b/aspects/programs/utilities.nix new file mode 100644 index 0000000..4a207af --- /dev/null +++ b/aspects/programs/utilities.nix @@ -0,0 +1,62 @@ +{ ... }: + +{ + flake.modules = { + nixos.programs-utilities = + { pkgs, ... }: + { + environment.systemPackages = with pkgs; [ + ghostty + gnome-disk-utility + mission-center + nautilus + p7zip + rclone + unrar + # Desktop Integration + adwaita-icon-theme + junction + libfido2 + toggleaudiosink + # Xwayland Support + xwayland-satellite + ]; + + services.flatpak.packages = [ + "com.github.tchx84.Flatseal" + "com.rustdesk.RustDesk" + ]; + }; + + homeManager.programs-utilities = + { pkgs, ... }: + { + programs = { + ghostty = { + enable = true; + settings = { + cursor-style = "block"; + shell-integration-features = "no-cursor"; + cursor-style-blink = false; + custom-shader = "${builtins.fetchurl { + url = "https://raw.githubusercontent.com/hackr-sh/ghostty-shaders/cb6eb4b0d1a3101c869c62e458b25a826f9dcde3/cursor_blaze.glsl"; + sha256 = "sha256:0g2lgqjdrn3c51glry7x2z30y7ml0y61arl5ykmf4yj0p85s5f41"; + }}"; + bell-features = ""; + gtk-titlebar-style = "tabs"; + keybind = [ "shift+enter=text:\\x1b\\r" ]; + }; + }; + + password-store = { + enable = true; + package = pkgs.pass-wayland; + }; + }; + + home.sessionVariables = { + TERMINAL = "ghostty"; + }; + }; + }; +} diff --git a/aspects/desktop/web.nix b/aspects/programs/web.nix similarity index 54% rename from aspects/desktop/web.nix rename to aspects/programs/web.nix index 0284e5e..a11ca57 100644 --- a/aspects/desktop/web.nix +++ b/aspects/programs/web.nix @@ -1,20 +1,20 @@ { ... }: { - flake.modules.nixos.web = + flake.modules.nixos.programs-web = { inputs, pkgs, + system, ... }: { environment.systemPackages = with pkgs; [ - inputs.zen-browser.packages."${pkgs.stdenv.hostPlatform.system}".default - amnesiac-brave - beeper + inputs.zen-browser.packages."${system}".default bitwarden-desktop - qbittorrent + fragments nextcloud-client + tor-browser vesktop ]; }; diff --git a/aspects/server/boot.nix b/aspects/server/boot.nix new file mode 100644 index 0000000..ff5ef25 --- /dev/null +++ b/aspects/server/boot.nix @@ -0,0 +1,7 @@ +# aspects/server/boot.nix +{ ... }: +{ + flake.modules.nixos.server-boot = { config, lib, pkgs, ... }: { + boot.kernelPackages = pkgs.linuxPackages_hardened; + }; +} diff --git a/aspects/server/nix.nix b/aspects/server/nix.nix new file mode 100644 index 0000000..84bec67 --- /dev/null +++ b/aspects/server/nix.nix @@ -0,0 +1,15 @@ +# aspects/server/nix.nix +{ inputs, ... }: +{ + flake.modules.nixos.server-nix = { config, lib, pkgs, ... }: { + environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; + + nix = { + registry.nixpkgs.flake = inputs.nixpkgs-stable; + nixPath = [ + "nixpkgs=/etc/channels/nixpkgs" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + }; + }; +} diff --git a/aspects/server/tailscale.nix b/aspects/server/tailscale.nix new file mode 100644 index 0000000..5a48799 --- /dev/null +++ b/aspects/server/tailscale.nix @@ -0,0 +1,15 @@ +# aspects/server/tailscale.nix +{ ... }: +{ + flake.modules.nixos.server-tailscale = { config, lib, pkgs, ... }: { + services.tailscale = { + extraSetFlags = [ "--advertise-exit-node" ]; + useRoutingFeatures = "server"; + }; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; +} diff --git a/aspects/shell/bash.nix b/aspects/shell/bash.nix new file mode 100644 index 0000000..3ec7237 --- /dev/null +++ b/aspects/shell/bash.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + flake.modules.homeManager.shell-bash = { config, lib, pkgs, ... }: { + programs.bash = { + enable = true; + historyFile = "~/.cache/bash_history"; + }; + }; +} diff --git a/aspects/shell/fish.nix b/aspects/shell/fish.nix new file mode 100644 index 0000000..e2ae9cf --- /dev/null +++ b/aspects/shell/fish.nix @@ -0,0 +1,33 @@ +{ ... }: +{ + flake.modules.homeManager.shell-fish = { config, lib, pkgs, ... }: { + programs.fish = { + enable = true; + interactiveShellInit = '' + set fish_greeting + ${lib.getExe pkgs.nix-your-shell} fish | source + ''; + loginShellInit = "${lib.getExe pkgs.nix-your-shell} fish | source"; + plugins = [ + { + name = "bang-bang"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-bang-bang"; + rev = "f969c618301163273d0a03d002614d9a81952c1e"; + sha256 = "sha256-A8ydBX4LORk+nutjHurqNNWFmW6LIiBPQcxS3x4nbeQ="; + }; + } + { + name = "z"; + src = pkgs.fetchFromGitHub { + owner = "jethrokuan"; + repo = "z"; + rev = "067e867debee59aee231e789fc4631f80fa5788e"; + sha256 = "sha256-emmjTsqt8bdI5qpx1bAzhVACkg0MNB/uffaRjjeuFxU="; + }; + } + ]; + }; + }; +} diff --git a/aspects/stylix.nix b/aspects/stylix.nix index f7eb9fa..ec3fd42 100644 --- a/aspects/stylix.nix +++ b/aspects/stylix.nix @@ -1,5 +1,4 @@ { ... }: - { flake.modules = { nixos.stylix = @@ -16,7 +15,10 @@ ... }: { - imports = [ inputs.stylix.homeModules.stylix ]; + imports = [ + inputs.stylix.homeModules.stylix + inputs.zen-browser.homeModules.beta + ]; stylix = { enable = true; @@ -63,6 +65,15 @@ terminal = 12; }; }; + targets.zen-browser = { + enable = true; + profileNames = [ "william" ]; + }; + }; + + programs.zen-browser = { + enable = true; + profiles.william = { }; }; }; }; diff --git a/aspects/systems/base.nix b/aspects/systems/base.nix deleted file mode 100644 index a3ce1cd..0000000 --- a/aspects/systems/base.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ inputs, ... }: -{ - flake.modules = { - nixos.base = - { lib, pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - boot - console - firewall - fish - locale - nix - security - ssh - zsh - ]; - environment = { - systemPackages = with pkgs; [ - git - fastfetch - nixos-firewall-tool - sysz - wget - ]; - shellAliases = { - cat = "${lib.getExe pkgs.bat} --paging=never --style=plain"; - ls = "${lib.getExe pkgs.eza} --git --icons --group-directories-first"; - la = "ls -hal"; - tree = "ls --tree"; - }; - }; - - programs.command-not-found.enable = false; - - services = { - dbus.implementation = "broker"; - irqbalance.enable = true; - fstrim.enable = true; - tailscale = { - enable = true; - extraUpFlags = [ "--operator=user" ]; - }; - }; - }; - - homeManager.base = - { ... }: - { - imports = with inputs.self.modules.homeManager; [ - bash - fish - zsh - ]; - }; - }; -} diff --git a/aspects/systems/cli.nix b/aspects/systems/cli.nix deleted file mode 100644 index a9a4a32..0000000 --- a/aspects/systems/cli.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ inputs, ... }: - -{ - flake.modules = { - nixos.cli = - { pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - btop - helix - tmux - ]; - - environment.systemPackages = with pkgs; [ - p7zip - rclone - ]; - }; - homeManager.cli = - { ... }: - { - imports = with inputs.self.modules.homeManager; [ - btop - comma - direnv - helix - hm-cli - starship - tmux - ]; - programs.zoxide = { - enable = true; - enableBashIntegration = true; - enableZshIntegration = true; - }; - }; - }; -} diff --git a/aspects/systems/desktop.nix b/aspects/systems/desktop.nix deleted file mode 100644 index 9aefbed..0000000 --- a/aspects/systems/desktop.nix +++ /dev/null @@ -1,165 +0,0 @@ -{ - inputs, - ... -}: -{ - flake.modules = { - nixos.desktop = - { - config, - lib, - pkgs, - ... - }: - { - imports = [ - inputs.nix-flatpak.nixosModules.nix-flatpak - ] - ++ (with inputs.self.modules.nixos; [ - graphics - media - office - web - ]); - - boot = { - plymouth.enable = true; - initrd.systemd.enable = true; - loader.efi.efiSysMountPoint = "/boot/efi"; - kernelPackages = pkgs.linuxPackages_xanmod_latest; - extraModprobeConfig = '' - options bluetooth disable_ertm=1 - ''; - kernel.sysctl = { - "net.ipv4.tcp_mtu_probing" = 1; - }; - kernelParams = [ - "quiet" - "splash" - "i2c-dev" - "i2c-piix4" - "loglevel=3" - "udev.log_priority=3" - "rd.udev.log_level=3" - "rd.systemd.show_status=false" - ]; - }; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs; - nixPath = [ - "nixpkgs=${inputs.nixpkgs}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - - environment = { - etc."channels/nixpkgs".source = inputs.nixpkgs.outPath; - sessionVariables = { - KDEHOME = "$XDG_CONFIG_HOME/kde4"; # Stops kde from placing a .kde4 folder in the home dir - NIXOS_OZONE_WL = "1"; # Forces chromium and most electron apps to run in wayland - }; - systemPackages = with pkgs; [ - libfido2 - mission-center - toggleaudiosink - unrar - ]; - }; - - services = { - printing.enable = true; - udev.packages = with pkgs; [ yubikey-personalization ]; - keyd = { - enable = true; - keyboards = { - all = { - ids = [ "*" ]; - settings.main.capslock = "overload(meta, esc)"; - }; - corne = { - ids = [ "5653:0001" ]; - settings.main = { - esc = "overload(meta, esc)"; - }; - }; - }; - }; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - wireplumber.enable = true; - }; - displayManager.autoLogin = { - enable = true; - user = "user"; - }; - flatpak = { - enable = true; - packages = [ - "com.github.tchx84.Flatseal" - "com.rustdesk.RustDesk" - ]; - uninstallUnmanaged = true; - update.auto.enable = true; - }; - gvfs.enable = true; - }; - - security.rtkit.enable = true; # Needed for pipewire to acquire realtime priority - - programs = { - dconf.enable = true; - appimage = { - enable = true; - binfmt = true; - }; - }; - - fonts = { - fontDir.enable = true; - packages = with pkgs; [ - corefonts - inter - nerd-fonts.fira-code - noto-fonts-cjk-sans - noto-fonts-color-emoji - roboto - ]; - }; - }; - - homeManager.desktop = - { - config, - lib, - pkgs, - inputs, - ... - }: - { - imports = [ - inputs.vicinae.homeManagerModules.default - ] - ++ (with inputs.self.modules.homeManager; [ media ]); - - fonts.fontconfig.enable = true; - - services.vicinae = { - enable = true; - systemd = { - enable = true; - autoStart = true; - }; - }; - - xdg = { - enable = true; - userDirs.enable = true; - }; - }; - }; -} diff --git a/aspects/systems/gaming.nix b/aspects/systems/gaming.nix deleted file mode 100644 index 087773e..0000000 --- a/aspects/systems/gaming.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ inputs, ... }: - -{ - flake.modules = { - nixos.gaming = - { pkgs, ... }: - { - imports = with inputs.self.modules.nixos; [ - mangohud - steam - ]; - hardware = { - xpadneo.enable = true; - steam-hardware.enable = true; # Allow steam client to manage controllers - graphics.enable32Bit = true; # For OpenGL games - }; - - services.flatpak.packages = [ - "com.github.k4zmu2a.spacecadetpinball" - "io.itch.itch" - "io.mrarm.mcpelauncher" - "net.retrodeck.retrodeck" - "org.freedesktop.Platform.VulkanLayer.MangoHud/x86_64/25.08" - rec { - appId = "com.hypixel.HytaleLauncher"; - sha256 = "uu7FA36M4wSqDXRF1fFNla8S5MjL1N1kZi4gwbpw1oY="; - bundle = "${pkgs.fetchurl { - url = "https://launcher.hytale.com/builds/release/linux/amd64/hytale-launcher-latest.flatpak"; - inherit sha256; - }}"; - } - ]; - - environment.systemPackages = with pkgs; [ - clonehero - heroic - prismlauncher - ]; - }; - homeManager.gaming = - { ... }: - { - imports = with inputs.self.modules.homeManager; [ - mangohud - ]; - }; - }; -} diff --git a/aspects/systems/server.nix b/aspects/systems/server.nix deleted file mode 100644 index c3c24f0..0000000 --- a/aspects/systems/server.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ inputs, ... }: - -{ - flake.modules.nixos.server = - { - config, - lib, - pkgs, - ... - }: - { - boot = { - kernelPackages = pkgs.linuxPackages_hardened; - kernel.sysctl = { - "net.ipv4.ip_forward" = 1; - "net.ipv6.conf.all.forwarding" = 1; - }; - }; - - environment.etc."channels/nixpkgs".source = inputs.nixpkgs-stable.outPath; - - nix = { - registry.nixpkgs.flake = inputs.nixpkgs-stable; - nixPath = [ - "nixpkgs=/etc/channels/nixpkgs" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - - services.tailscale = { - extraSetFlags = [ "--advertise-exit-node" ]; - useRoutingFeatures = "server"; - }; - - }; -} diff --git a/aspects/users/_user/git.nix b/aspects/users/_user/git.nix index 40a5714..9c1fb20 100644 --- a/aspects/users/_user/git.nix +++ b/aspects/users/_user/git.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { programs = { diff --git a/aspects/users/user.nix b/aspects/users/user.nix index e17cc59..ad1b8ca 100644 --- a/aspects/users/user.nix +++ b/aspects/users/user.nix @@ -1,8 +1,4 @@ -{ inputs, ... }: - -let - mkHomeConfiguration = inputs.self.lib.mkHomeConfiguration; -in +{ inputs, self, ... }: { flake = { @@ -11,7 +7,7 @@ in { users.users.user = { isNormalUser = true; - shell = pkgs.zsh; + shell = pkgs.fish; extraGroups = [ "networkmanager" "wheel" @@ -24,30 +20,97 @@ in hashedPassword = "$6$Pj7v/CpstyuWQQV0$cNujVDhfMBdwlGVEnnd8t71.kZPixbo0u25cd.874iaqLTH4V5fa1f98V5zGapjQCz5JyZmsR94xi00sUrntT0"; }; }; - homeConfigurations = { - "user@rotterdam" = mkHomeConfiguration { - user = "user"; - hostname = "rotterdam"; - userModules = with inputs.self.modules.homeManager; [ - # system aspects - desktop - gaming - # other aspects - ai - kde + homeConfigurations = { + "user@rotterdam" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "rotterdam"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Gaming + inputs.self.modules.homeManager.gaming-mangohud + + # Programs + inputs.self.modules.homeManager.programs-media # for obs-studio + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } ]; }; - "user@io" = mkHomeConfiguration { - user = "user"; - hostname = "io"; - userModules = with inputs.self.modules.homeManager; [ - # system aspects - desktop - # other aspects - ai - kde + "user@io" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs; + hostname = "io"; + }; + modules = [ + { nixpkgs.overlays = [ inputs.self.overlays.default ]; } + + # CLI aspects (common module included) + inputs.self.modules.homeManager.cli-base + inputs.self.modules.homeManager.cli-btop + inputs.self.modules.homeManager.cli-comma + inputs.self.modules.homeManager.cli-direnv + inputs.self.modules.homeManager.cli-helix + inputs.self.modules.homeManager.cli-starship + inputs.self.modules.homeManager.cli-tmux + + # Shell + inputs.self.modules.homeManager.shell-fish + inputs.self.modules.homeManager.shell-bash + + # Desktop + inputs.self.modules.homeManager.desktop-desktop + inputs.self.modules.homeManager.desktop-niri + + # Stylix + inputs.self.modules.homeManager.stylix + + # User-specific (from _user/) + ./_user/git.nix + + # Home configuration + { + home = { + username = "user"; + homeDirectory = "/home/user"; + stateVersion = "22.05"; + }; + } ]; }; }; diff --git a/data/services.nix b/data/services.nix index 9f04d89..ae7395c 100644 --- a/data/services.nix +++ b/data/services.nix @@ -12,6 +12,11 @@ }; services = [ + { + name = "kanidm"; + domain = "auth.baduhai.dev"; + host = "alexandria"; + } { name = "vaultwarden"; domain = "pass.baduhai.dev"; @@ -33,10 +38,5 @@ domain = "jellyfin.baduhai.dev"; host = "alexandria"; } - { - name = "miniflux"; - domain = "rss.baduhai.dev"; - host = "alexandria"; - } ]; } diff --git a/flake.lock b/flake.lock index e1d9f54..05b233b 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1770165109, - "narHash": "sha256-9VnK6Oqai65puVJ4WYtCTvlJeXxMzAp/69HhQuTdl/I=", + "lastModified": 1762618334, + "narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "owner": "ryantm", "repo": "agenix", - "rev": "b027ee29d959fda4b60b57566d64c98a202e0feb", + "rev": "fcdea223397448d35d9b31f798479227e80183f6", "type": "github" }, "original": { @@ -97,17 +97,14 @@ "nix-ai-tools", "nixpkgs" ], - "systems": [ - "nix-ai-tools", - "systems" - ] + "systems": "systems_2" }, "locked": { - "lastModified": 1771437256, - "narHash": "sha256-bLqwib+rtyBRRVBWhMuBXPCL/OThfokA+j6+uH7jDGU=", + "lastModified": 1767386128, + "narHash": "sha256-BJDu7dIMauO2nYRSL4aI8wDNtEm2KOb7lDKP3hxdrpo=", "owner": "numtide", "repo": "blueprint", - "rev": "06ee7190dc2620ea98af9eb225aa9627b68b0e33", + "rev": "0ed984d51a3031065925ab08812a5434f40b93d4", "type": "github" }, "original": { @@ -116,40 +113,6 @@ "type": "github" } }, - "bun2nix": { - "inputs": { - "flake-parts": [ - "nix-ai-tools", - "flake-parts" - ], - "import-tree": "import-tree_2", - "nixpkgs": [ - "nix-ai-tools", - "nixpkgs" - ], - "systems": [ - "nix-ai-tools", - "systems" - ], - "treefmt-nix": [ - "nix-ai-tools", - "treefmt-nix" - ] - }, - "locked": { - "lastModified": 1770895533, - "narHash": "sha256-v3QaK9ugy9bN9RXDnjw0i2OifKmz2NnKM82agtqm/UY=", - "owner": "nix-community", - "repo": "bun2nix", - "rev": "c843f477b15f51151f8c6bcc886954699440a6e1", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "bun2nix", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -177,11 +140,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1773889306, - "narHash": "sha256-PAqwnsBSI9SVC2QugvQ3xeYCB0otOwCacB1ueQj2tgw=", + "lastModified": 1768923567, + "narHash": "sha256-GVJ0jKsyXLuBzRMXCDY6D5J8wVdwP1DuQmmvYL/Vw/Q=", "owner": "nix-community", "repo": "disko", - "rev": "5ad85c82cc52264f4beddc934ba57f3789f28347", + "rev": "00395d188e3594a1507f214a2f15d4ce5c07cb28", "type": "github" }, "original": { @@ -222,16 +185,32 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1747046372, + "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -242,17 +221,14 @@ }, "flake-parts_2": { "inputs": { - "nixpkgs-lib": [ - "nix-ai-tools", - "nixpkgs" - ] + "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", + "lastModified": 1765835352, + "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", + "rev": "a34fae9c08a15ad73f295041fec82323541400a9", "type": "github" }, "original": { @@ -262,24 +238,6 @@ } }, "flake-parts_3": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib_2" - }, - "locked": { - "lastModified": 1772408722, - "narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "stylix", @@ -300,7 +258,7 @@ "type": "github" } }, - "flake-parts_5": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": [ "terranix", @@ -384,11 +342,11 @@ ] }, "locked": { - "lastModified": 1774561634, - "narHash": "sha256-3q1xsREjqdVIIwQQDZQ9y0YdBzP8gAxdwKoKnZSzJtU=", + "lastModified": 1768927746, + "narHash": "sha256-zyMpWHqcpKVmRc1W2NEK7DAuyVJZV62Jdjqudg70b1k=", "owner": "nix-community", "repo": "home-manager", - "rev": "7c046c63ac3b467c1d589b99d531da5b6520825a", + "rev": "63a87808f5f9b6e4195a1d33f6ea25d23f4aa0df", "type": "github" }, "original": { @@ -427,11 +385,11 @@ ] }, "locked": { - "lastModified": 1773422513, - "narHash": "sha256-MPjR48roW7CUMU6lu0+qQGqj92Kuh3paIulMWFZy+NQ=", + "lastModified": 1768434960, + "narHash": "sha256-cJbFn17oyg6qAraLr+NVeNJrXsrzJdrudkzI4H2iTcg=", "owner": "nix-community", "repo": "home-manager", - "rev": "ef12a9a2b0f77c8fa3dda1e7e494fca668909056", + "rev": "b4d88c9ac42ae1a745283f6547701da43b6e9f9b", "type": "github" }, "original": { @@ -446,11 +404,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1769548169, - "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", + "lastModified": 1768835187, + "narHash": "sha256-6nY0ixjGjPQCL+/sUC1B1MRiO1LOI3AkRSIywm3i3bE=", "owner": "nix-community", "repo": "impermanence", - "rev": "7b1d382faf603b6d264f58627330f9faa5cba149", + "rev": "0d633a69480bb3a3e2f18c080d34a8fa81da6395", "type": "github" }, "original": { @@ -460,21 +418,6 @@ } }, "import-tree": { - "locked": { - "lastModified": 1773693634, - "narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=", - "owner": "vic", - "repo": "import-tree", - "rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1", - "type": "github" - }, - "original": { - "owner": "vic", - "repo": "import-tree", - "type": "github" - } - }, - "import-tree_2": { "locked": { "lastModified": 1763762820, "narHash": "sha256-ZvYKbFib3AEwiNMLsejb/CWs/OL/srFQ8AogkebEPF0=", @@ -489,21 +432,94 @@ "type": "github" } }, + "niri": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1760963745, + "narHash": "sha256-FVf9YFw2wQnMAxvMxEk+vFakXhPQUSapDpGmlLzAxjg=", + "owner": "baduhai", + "repo": "niri", + "rev": "dd3e3d1009991ecd87ab7253c9e7696acf2bc943", + "type": "github" + }, + "original": { + "owner": "baduhai", + "ref": "auto-center-when-space-available", + "repo": "niri", + "type": "github" + } + }, + "niri-flake": { + "inputs": { + "niri-stable": "niri-stable", + "niri-unstable": "niri-unstable", + "nixpkgs": "nixpkgs_4", + "nixpkgs-stable": "nixpkgs-stable", + "xwayland-satellite-stable": "xwayland-satellite-stable", + "xwayland-satellite-unstable": "xwayland-satellite-unstable" + }, + "locked": { + "lastModified": 1768877436, + "narHash": "sha256-ct4qxmFJeJbaJKiOnXOZmRmVmk7TpT+lohuTgTr+kYQ=", + "owner": "sodiboo", + "repo": "niri-flake", + "rev": "6581f5458309233622c1b73c8902dcaea7be16eb", + "type": "github" + }, + "original": { + "owner": "sodiboo", + "repo": "niri-flake", + "type": "github" + } + }, + "niri-stable": { + "flake": false, + "locked": { + "lastModified": 1756556321, + "narHash": "sha256-RLD89dfjN0RVO86C/Mot0T7aduCygPGaYbog566F0Qo=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "01be0e65f4eb91a9cd624ac0b76aaeab765c7294", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "ref": "v25.08", + "repo": "niri", + "type": "github" + } + }, + "niri-unstable": { + "flake": false, + "locked": { + "lastModified": 1768678265, + "narHash": "sha256-Ub8eed4DsfIDWyg30xEe+8bSxL/z5Af/gCjmvJ0V/Hs=", + "owner": "YaLTeR", + "repo": "niri", + "rev": "d7184a04b904e07113f4623610775ae78d32394c", + "type": "github" + }, + "original": { + "owner": "YaLTeR", + "repo": "niri", + "type": "github" + } + }, "nix-ai-tools": { "inputs": { "blueprint": "blueprint", - "bun2nix": "bun2nix", - "flake-parts": "flake-parts_2", - "nixpkgs": "nixpkgs_3", - "systems": "systems_2", + "nixpkgs": "nixpkgs_5", "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1774551325, - "narHash": "sha256-Q2dh3zBu3oixlEWAbtXGL44O6jtEP/Tog0P44qu0RJY=", + "lastModified": 1768922080, + "narHash": "sha256-gFoGvnW2YDWsxKD56kdiXbhh9vBPAU3yusssbXF0UMo=", "owner": "numtide", "repo": "llm-agents.nix", - "rev": "8348bf988abbbafa5f105f819a6153f1dbe22a2e", + "rev": "78f3fdc13ef903475aa5bfc0f85eeefaa36af837", "type": "github" }, "original": { @@ -535,11 +551,11 @@ ] }, "locked": { - "lastModified": 1774156144, - "narHash": "sha256-gdYe9wTPl4ignDyXUl1LlICWj41+S0GB5lG1fKP17+A=", + "lastModified": 1765267181, + "narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "55b588747fa3d7fc351a11831c4b874dab992862", + "rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f", "type": "github" }, "original": { @@ -551,16 +567,16 @@ "nixos-cli": { "inputs": { "flake-compat": "flake-compat", - "flake-parts": "flake-parts_3", - "nixpkgs": "nixpkgs_4", + "flake-parts": "flake-parts_2", + "nixpkgs": "nixpkgs_6", "optnix": "optnix" }, "locked": { - "lastModified": 1774427328, - "narHash": "sha256-KtGThScvwNbCm+6XwUKRfpTjJVKV9SHswm29px3m4pw=", + "lastModified": 1768778579, + "narHash": "sha256-6w1Mhg6+46LlaheCa1O/jIk02ukerZ7DdUf9GlQVGxc=", "owner": "nix-community", "repo": "nixos-cli", - "rev": "23e7540706eb5271f4ab37b9e52532637d57c63b", + "rev": "5e79001c7a8b556c3c61d4ef38f0f0fa1187ee90", "type": "github" }, "original": { @@ -571,11 +587,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1773628058, - "narHash": "sha256-hpXH0z3K9xv0fHaje136KY872VT2T5uwxtezlAskQgY=", + "lastModified": 1768661221, + "narHash": "sha256-MJwOjrIISfOpdI9x4C+5WFQXvHtOuj5mqLZ4TMEtk1M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f8573b9c935cfaa162dd62cc9e75ae2db86f85df", + "rev": "3327b113f2ef698d380df83fbccefad7e83d7769", "type": "github" }, "original": { @@ -587,11 +603,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -602,11 +618,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1772328832, - "narHash": "sha256-e+/T/pmEkLP6BHhYjx6GmwP5ivonQQn0bJdH9YrRB+Q=", + "lastModified": 1765674936, + "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c185c7a5e5dd8f9add5b2f8ebeff00888b070742", + "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", "type": "github" }, "original": { @@ -617,11 +633,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1774388614, - "narHash": "sha256-tFwzTI0DdDzovdE9+Ras6CUss0yn8P9XV4Ja6RjA+nU=", + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-25.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1768773494, + "narHash": "sha256-XsM7GP3jHlephymxhDE+/TKKO1Q16phz/vQiLBGhpF4=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1073dad219cb244572b74da2b20c7fe39cb3fa9e", + "rev": "77ef7a29d276c6d8303aece3444d61118ef71ac2", "type": "github" }, "original": { @@ -631,6 +663,38 @@ "type": "github" } }, + "nixpkgs_10": { + "locked": { + "lastModified": 1762111121, + "narHash": "sha256-4vhDuZ7OZaZmKKrnDpxLZZpGIJvAeMtK6FKLJYUtAdw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b3d51a0365f6695e7dd5cdf3e180604530ed33b4", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_11": { + "locked": { + "lastModified": 1768127708, + "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs_2": { "locked": { "lastModified": 1768564909, @@ -649,11 +713,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1774273680, - "narHash": "sha256-a++tZ1RQsDb1I0NHrFwdGuRlR5TORvCEUksM459wKUA=", + "lastModified": 1757967192, + "narHash": "sha256-/aA9A/OBmnuOMgwfzdsXRusqzUpd8rQnQY8jtrHK+To=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "fdc7b8f7b30fdbedec91b71ed82f36e1637483ed", + "rev": "0d7c15863b251a7a50265e57c1dca1a7add2e291", "type": "github" }, "original": { @@ -665,11 +729,27 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1772956932, - "narHash": "sha256-M0yS4AafhKxPPmOHGqIV0iKxgNO8bHDWdl1kOwGBwRY=", + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "608d0cadfed240589a7eea422407a547ad626a14", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1768783163, + "narHash": "sha256-tLj4KcRDLakrlpvboTJDKsrp6z2XLwyQ4Zmo+w8KsY4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "bde09022887110deb780067364a0818e89258968", "type": "github" }, "original": { @@ -679,13 +759,45 @@ "type": "github" } }, - "nixpkgs_5": { + "nixpkgs_6": { "locked": { - "lastModified": 1774386573, - "narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=", + "lastModified": 1767151656, + "narHash": "sha256-ujL2AoYBnJBN262HD95yer7QYUmYp5kFZGYbyCCKxq8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f665af0cdb70ed27e1bd8f9fdfecaf451260fc55", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_7": { + "locked": { + "lastModified": 1759070547, + "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "647e5c14cbd5067f44ac86b74f014962df460840", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_8": { + "locked": { + "lastModified": 1768564909, + "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9", + "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "type": "github" }, "original": { @@ -695,7 +807,7 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_9": { "locked": { "lastModified": 1767767207, "narHash": "sha256-Mj3d3PfwltLmukFal5i3fFt27L6NiKXdBezC1EBuZs4=", @@ -711,51 +823,18 @@ "type": "github" } }, - "nixpkgs_7": { - "locked": { - "lastModified": 1772542754, - "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_8": { - "locked": { - "lastModified": 1773389992, - "narHash": "sha256-wvfdLLWJ2I9oEpDd9PfMA8osfIZicoQ5MT1jIwNs9Tk=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "c06b4ae3d6599a672a6210b7021d699c351eebda", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "noctalia": { "inputs": { "nixpkgs": [ "nixpkgs" - ], - "noctalia-qs": "noctalia-qs" + ] }, "locked": { - "lastModified": 1774574060, - "narHash": "sha256-1aPBtIO74L/S4ymQ//qgWJfjknjpAlKEPULOL833wOc=", + "lastModified": 1768924718, + "narHash": "sha256-T4H/VMjGwBuHEIrPYWfXQ73XV0foCuFGgH7k3SNSJDo=", "owner": "noctalia-dev", "repo": "noctalia-shell", - "rev": "f19a19cfc6dcf2cd73b1d9d11460cbe363b0c967", + "rev": "1ef5c0eb307e8a4f30dfa6bcc75cf90ae8c6af46", "type": "github" }, "original": { @@ -764,29 +843,6 @@ "type": "github" } }, - "noctalia-qs": { - "inputs": { - "nixpkgs": [ - "noctalia", - "nixpkgs" - ], - "systems": "systems_3", - "treefmt-nix": "treefmt-nix_2" - }, - "locked": { - "lastModified": 1774556355, - "narHash": "sha256-N131zILQ06ZNEvtgtjjFZ0N5qEI70rKKhCZsBcZoDH8=", - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "rev": "070340934ca374bc770fd500a0fd7b3210f06b1c", - "type": "github" - }, - "original": { - "owner": "noctalia-dev", - "repo": "noctalia-qs", - "type": "github" - } - }, "nur": { "inputs": { "flake-parts": [ @@ -814,21 +870,15 @@ }, "optnix": { "inputs": { - "flake-compat": [ - "nixos-cli", - "flake-compat" - ], - "nixpkgs": [ - "nixos-cli", - "nixpkgs" - ] + "flake-compat": "flake-compat_2", + "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1770000117, - "narHash": "sha256-kZ1eLvCxfN+6RYQdcWUdIf+2WuiNiAfbJq+VetT+kos=", + "lastModified": 1765418479, + "narHash": "sha256-33VCCXiEnEL9N2wVxo9FHLwL8KWH6qk+MNRcSThOPWs=", "owner": "water-sucks", "repo": "optnix", - "rev": "e3a8a63d8a9dcad01f499b2ece87db3545443f05", + "rev": "01facc3de860bf479723bf19535586564e59fe73", "type": "github" }, "original": { @@ -845,12 +895,14 @@ "home-manager": "home-manager_2", "impermanence": "impermanence", "import-tree": "import-tree", + "niri": "niri", + "niri-flake": "niri-flake", "nix-ai-tools": "nix-ai-tools", "nix-flatpak": "nix-flatpak", "nix-index-database": "nix-index-database", "nixos-cli": "nixos-cli", - "nixpkgs": "nixpkgs_5", - "nixpkgs-stable": "nixpkgs-stable", + "nixpkgs": "nixpkgs_8", + "nixpkgs-stable": "nixpkgs-stable_2", "noctalia": "noctalia", "stylix": "stylix", "terranix": "terranix", @@ -858,6 +910,27 @@ "zen-browser": "zen-browser" } }, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "niri", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1757989933, + "narHash": "sha256-9cpKYWWPCFhgwQTww8S94rTXgg8Q8ydFv9fXM6I8xQM=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "8249aa3442fb9b45e615a35f39eca2fe5510d7c3", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "stylix": { "inputs": { "base16": "base16", @@ -865,11 +938,11 @@ "base16-helix": "base16-helix", "base16-vim": "base16-vim", "firefox-gnome-theme": "firefox-gnome-theme", - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_3", "gnome-shell": "gnome-shell", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_9", "nur": "nur", - "systems": "systems_4", + "systems": "systems_3", "tinted-foot": "tinted-foot", "tinted-kitty": "tinted-kitty", "tinted-schemes": "tinted-schemes", @@ -877,11 +950,11 @@ "tinted-zed": "tinted-zed" }, "locked": { - "lastModified": 1774124764, - "narHash": "sha256-Poz9WTjiRlqZIf197CrMMJfTifZhrZpbHFv0eU1Nhtg=", + "lastModified": 1768744881, + "narHash": "sha256-3+h7OxqfrPIB/tRsiZXWE9sCbTm7NQN5Ie428p+S6BA=", "owner": "danth", "repo": "stylix", - "rev": "e31c79f571c5595a155f84b9d77ce53a84745494", + "rev": "06684f00cfbee14da96fd4307b966884de272d3a", "type": "github" }, "original": { @@ -922,16 +995,16 @@ }, "systems_3": { "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { "owner": "nix-systems", - "repo": "default-linux", + "repo": "default", "type": "github" } }, @@ -965,35 +1038,20 @@ "type": "github" } }, - "systems_6": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { - "flake-parts": "flake-parts_5", + "flake-parts": "flake-parts_4", "nixpkgs": [ "nixpkgs" ], - "systems": "systems_5" + "systems": "systems_4" }, "locked": { - "lastModified": 1773700838, - "narHash": "sha256-6KFxpxyXjcqhOexc7ZeaXVWdDtGb6zO8HtjBEci9DfU=", + "lastModified": 1762472226, + "narHash": "sha256-iVS4sxVgGn+T74rGJjEJbzx+kjsuaP3wdQVXBNJ79A0=", "owner": "terranix", "repo": "terranix", - "rev": "306ce146bf0324dc3b3c45c095036b6f0e26bf35", + "rev": "3b5947a48da5694094b301a3b1ef7b22ec8b19fc", "type": "github" }, "original": { @@ -1091,33 +1149,11 @@ ] }, "locked": { - "lastModified": 1773297127, - "narHash": "sha256-6E/yhXP7Oy/NbXtf1ktzmU8SdVqJQ09HC/48ebEGBpk=", + "lastModified": 1768158989, + "narHash": "sha256-67vyT1+xClLldnumAzCTBvU0jLZ1YBcf4vANRWP3+Ak=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "71b125cd05fbfd78cab3e070b73544abe24c5016", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, - "treefmt-nix_2": { - "inputs": { - "nixpkgs": [ - "noctalia", - "noctalia-qs", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1772660329, - "narHash": "sha256-IjU1FxYqm+VDe5qIOxoW+pISBlGvVApRjiw/Y/ttJzY=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "3710e0e1218041bbad640352a0440114b1e10428", + "rev": "e96d59dff5c0d7fddb9d113ba108f03c3ef99eca", "type": "github" }, "original": { @@ -1128,15 +1164,15 @@ }, "vicinae": { "inputs": { - "nixpkgs": "nixpkgs_7", - "systems": "systems_6" + "nixpkgs": "nixpkgs_10", + "systems": "systems_5" }, "locked": { - "lastModified": 1774444959, - "narHash": "sha256-QsfXRSRyptJ91/rXobWpmZRC/TBT69Stmok1sXqDpa0=", + "lastModified": 1768856963, + "narHash": "sha256-u5bWDuwk6oieTnvm1YjNotcYK8iJSddH5+S68+X4TSc=", "owner": "vicinaehq", "repo": "vicinae", - "rev": "5f7d3d62bb2c38181e0289fa0e3b43dfec206bfd", + "rev": "934bc0ad47be6dbd6498a0dac655c4613fd0ab27", "type": "github" }, "original": { @@ -1145,17 +1181,50 @@ "type": "github" } }, + "xwayland-satellite-stable": { + "flake": false, + "locked": { + "lastModified": 1755491097, + "narHash": "sha256-m+9tUfsmBeF2Gn4HWa6vSITZ4Gz1eA1F5Kh62B0N4oE=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "388d291e82ffbc73be18169d39470f340707edaa", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "ref": "v0.7", + "repo": "xwayland-satellite", + "type": "github" + } + }, + "xwayland-satellite-unstable": { + "flake": false, + "locked": { + "lastModified": 1768765571, + "narHash": "sha256-C1JbyJ3ftogmN3vmLNfyPtnJw2wY64TiUTIhFtk1Leg=", + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "rev": "ed1cef792b4def3321ff9ab5479df09609f17a69", + "type": "github" + }, + "original": { + "owner": "Supreeeme", + "repo": "xwayland-satellite", + "type": "github" + } + }, "zen-browser": { "inputs": { "home-manager": "home-manager_4", - "nixpkgs": "nixpkgs_8" + "nixpkgs": "nixpkgs_11" }, "locked": { - "lastModified": 1774478219, - "narHash": "sha256-WyPQoYBde7TSCR45ZgofzBqvVo/MpH3Vkh8YMj9OZC0=", + "lastModified": 1768919538, + "narHash": "sha256-w10iy/aqd5LtD78NDWWG+eKGzkb+cGhAAo7PVciLbWE=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "2e49c5278af6ef5f1e17e0fd27c2e22b1a7edc38", + "rev": "37149a5b77e8fd2b5332e8cec9edf39ca5b8e8bc", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 2036828..6026fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -26,6 +26,7 @@ stylix.url = "github:danth/stylix"; # nixos/hm program modules + niri-flake.url = "github:sodiboo/niri-flake"; nix-ai-tools.url = "github:numtide/llm-agents.nix"; nix-index-database = { url = "github:nix-community/nix-index-database"; @@ -43,6 +44,9 @@ url = "github:terranix/terranix"; inputs.nixpkgs.follows = "nixpkgs"; }; + + # others + niri.url = "github:baduhai/niri/auto-center-when-space-available"; }; outputs = diff --git a/packages/amnesiac-brave.nix b/packages/amnesiac-brave.nix deleted file mode 100644 index a81b255..0000000 --- a/packages/amnesiac-brave.nix +++ /dev/null @@ -1,188 +0,0 @@ -{ ... }: -{ - perSystem = - { - pkgs, - lib, - ... - }: - let - # Managed policy (enforced, user cannot override) - brave-policy = pkgs.writeTextFile { - name = "brave-managed-policy.json"; - destination = "/etc/brave/policies/managed/policy.json"; - text = builtins.toJSON { - # ── Startup / UI ──────────────────────────────────────────────── - DefaultBrowserSettingEnabled = false; # Never ask to set as default - PromotionalTabsEnabled = false; # No welcome/promo pages - RestoreOnStartup = 5; # Open new tab on startup - NewTabPageLocation = "about:blank"; # New tab = blank page - BookmarkBarEnabled = false; # Never show bookmarks bar - # ── Search engine ─────────────────────────────────────────────── - DefaultSearchProviderEnabled = true; - DefaultSearchProviderName = "Google"; - DefaultSearchProviderSearchURL = "https://www.google.com/search?q={searchTerms}"; - DefaultSearchProviderSuggestURL = "https://www.google.com/complete/search?client=chrome&q={searchTerms}"; - # ── HTTPS ──────────────────────────────────────────────────────── - HttpsOnlyMode = "force_enabled"; # Strict HTTPS upgrade - # ── Cookies ────────────────────────────────────────────────────── - DefaultCookiesSetting = 1; # Allow all cookies - # ── Passwords / Autofill ───────────────────────────────────────── - PasswordManagerEnabled = false; - AutofillAddressEnabled = false; - AutofillCreditCardEnabled = false; - PaymentMethodQueryEnabled = false; - # ── Background running ─────────────────────────────────────────── - BackgroundModeEnabled = false; - # ── Clear data on exit ─────────────────────────────────────────── - ClearBrowsingDataOnExitList = [ - "browsing_history" - "download_history" - "cookies_and_other_site_data" - "cached_images_and_files" - "password_signin" - "autofill" - "site_settings" - "hosted_app_data" - ]; - # ── Brave data collection / telemetry ──────────────────────────── - BraveP3AEnabled = false; # Product analytics - BraveStatsPingEnabled = false; # Usage ping - BraveWebDiscoveryEnabled = false; # Web discovery project - MetricsReportingEnabled = false; # Chromium UMA metrics - SafeBrowsingEnabled = false; - SafeBrowsingExtendedReportingEnabled = false; - SafeBrowsingDeepScanningEnabled = false; - SearchSuggestEnabled = false; - # ── Web3 / Crypto ──────────────────────────────────────────────── - BraveWalletDisabled = true; - BraveRewardsDisabled = true; - BraveVPNDisabled = true; - TorDisabled = true; - # ── Leo / AI ───────────────────────────────────────────────────── - BraveAIChatEnabled = false; - # ── Other Brave features ───────────────────────────────────────── - BraveTalkDisabled = true; - # ── Privacy Sandbox (Chromium) ─────────────────────────────────── - PrivacySandboxPromptEnabled = false; - PrivacySandboxAdTopicsEnabled = false; - PrivacySandboxSiteEnabledAdsEnabled = false; - PrivacySandboxAdMeasurementEnabled = false; - # ── Misc Chromium ──────────────────────────────────────────────── - WebRtcEventLogCollectionAllowed = false; - EnableMediaRouter = false; - }; - }; - - # Seeded Preferences (first-run defaults, user can override) - # These keys have no policy or CLI equivalent. Brave writes over this - # file at runtime so this only sets the initial state on a fresh profile. - brave-prefs = pkgs.writeText "brave-initial-prefs.json" ( - builtins.toJSON { - brave = { - tabs.vertical_tabs_enabled = true; - sidebar.sidebar_show_option = 3; - window_closing_confirm = false; - }; - browser.custom_chrome_frame = true; - tab_hover_cards.tab_hover_card_images_enabled = true; - } - ); - - brave-launcher = pkgs.writeShellScriptBin "brave" '' - RUNTIME_DIR="/tmp/brave-$$" - CONFIG_DIR="$RUNTIME_DIR/config/BraveSoftware" - CACHE_DIR="$RUNTIME_DIR/cache/BraveSoftware" - POLICY="${brave-policy}/etc/brave/policies/managed/policy.json" - - mkdir -p "$CONFIG_DIR/Brave-Browser/Default" - mkdir -p "$CACHE_DIR" - cp ${brave-prefs} "$CONFIG_DIR/Brave-Browser/Default/Preferences" - chmod 600 "$CONFIG_DIR/Brave-Browser/Default/Preferences" - - trap 'rm -rf "$RUNTIME_DIR"' EXIT - - ${pkgs.bubblewrap}/bin/bwrap \ - --ro-bind /nix/store /nix/store \ - --ro-bind /etc/fonts /etc/fonts \ - --bind "$CONFIG_DIR" "$HOME/.config/BraveSoftware" \ - --bind "$CACHE_DIR" "$HOME/.cache/BraveSoftware" \ - --ro-bind "$POLICY" /etc/brave/policies/managed/policy.json \ - --dev /dev \ - --proc /proc \ - --tmpfs /tmp \ - --bind /run /run \ - --die-with-parent \ - -- ${pkgs.brave}/bin/brave --no-first-run "$@" - ''; - - brave-desktop = pkgs.writeTextFile { - name = "amnesiac-brave.desktop"; - destination = "/share/applications/amnesiac-brave.desktop"; - text = "[Desktop Entry] -Version=1.0 -Name=Amnesiac Brave -GenericName=Amnesiac Web Browser -Comment=Access the internet, leave no trace on your system -Exec=@BRAVE_WRAPPER@ %U -StartupNotify=true -Icon=amnesiac-brave -Type=Application -Categories=Network;WebBrowser; -MimeType=application/pdf;application/rdf+xml;application/rss+xml;application/xhtml+xml;application/xhtml_xml;application/xml;image/gif;image/jpeg;image/png;image/webp;text/html;text/xml;x-scheme-handler/http;x-scheme-handler/https;x-scheme-handler/chromium; -Actions=new-window - -[Desktop Action new-window] -Name=New Window -Exec=@BRAVE_WRAPPER@ %U -"; - }; - - amnesiac-brave-icon = - pkgs.runCommand "amnesiac-brave-icon" - { - nativeBuildInputs = [ pkgs.imagemagick ]; - } - '' - mkdir -p "$out/share/icons/hicolor/256x256/apps" - convert ${pkgs.brave}/share/icons/hicolor/256x256/apps/brave-browser.png \ - -modulate 100,100,270 \ - "$out/share/icons/hicolor/256x256/apps/amnesiac-brave.png" - for size in 16 24 32 48 64; do - mkdir -p "$out/share/icons/hicolor/''${size}x''${size}/apps" - convert ${pkgs.brave}/share/icons/hicolor/''${size}x''${size}/apps/brave-browser.png \ - -modulate 100,100,270 \ - "$out/share/icons/hicolor/''${size}x''${size}/apps/amnesiac-brave.png" - done - ''; - - in - { - packages.amnesiac-brave = pkgs.symlinkJoin { - name = "amnesiac-brave"; - paths = [ - brave-launcher - brave-policy - brave-desktop - amnesiac-brave-icon - pkgs.brave - ]; - postBuild = '' - brave_bin="$(readlink -f "$out/bin/brave")" - - amnesiac_desktop="$out/share/applications/amnesiac-brave.desktop" - if [ -L "$amnesiac_desktop" ]; then - cp --remove-destination "$(readlink "$amnesiac_desktop")" "$amnesiac_desktop" - fi - sed -i \ - "s|@BRAVE_WRAPPER@|$brave_bin|g" \ - "$amnesiac_desktop" - - rm -f "$out/share/applications/brave-browser.desktop" - rm -f "$out/share/applications/com.brave.Browser.desktop" - - rm -f "$out/share/icons/hicolor/"*/apps/brave-browser.png - ''; - }; - }; -} diff --git a/packages/claude-desktop.nix b/packages/claude-desktop.nix new file mode 100644 index 0000000..e93f3af --- /dev/null +++ b/packages/claude-desktop.nix @@ -0,0 +1,215 @@ +{ inputs, ... }: + +{ + perSystem = + { system, ... }: + let + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; + }; + + pname = "claude-desktop"; + version = "1.0.1768"; + + srcs.x86_64-linux = pkgs.fetchurl { + url = "https://downloads.claude.ai/releases/win32/x64/1.0.1768/Claude-67d01376d0e9d08b328455f6db9e63b0d603506a.exe"; + hash = "sha256-x76Qav38ya3ObpWIq3dDowo79LgvVquMfaZeH8M1LUk=;"; + }; + + src = + srcs.${pkgs.stdenv.hostPlatform.system} or (throw "Unsupported system: ${pkgs.stdenv.hostPlatform.system}"); + + claudeNativeStub = '' + // Stub implementation of claude-native using KeyboardKey enum values + const KeyboardKey = { + Backspace: 43, Tab: 280, Enter: 261, Shift: 272, Control: 61, Alt: 40, + CapsLock: 56, Escape: 85, Space: 276, PageUp: 251, PageDown: 250, + End: 83, Home: 154, LeftArrow: 175, UpArrow: 282, RightArrow: 262, + DownArrow: 81, Delete: 79, Meta: 187 + }; + Object.freeze(KeyboardKey); + module.exports = { + getWindowsVersion: () => "10.0.0", + setWindowEffect: () => {}, + removeWindowEffect: () => {}, + getIsMaximized: () => false, + flashFrame: () => {}, + clearFlashFrame: () => {}, + showNotification: () => {}, + setProgressBar: () => {}, + clearProgressBar: () => {}, + setOverlayIcon: () => {}, + clearOverlayIcon: () => {}, + KeyboardKey + }; + ''; + in + { + packages.claude-desktop = pkgs.stdenv.mkDerivation rec { + inherit pname version src; + + nativeBuildInputs = with pkgs; [ + makeWrapper + copyDesktopItems + p7zip + unzip + nodejs + graphicsmagick + ]; + + buildInputs = [ pkgs.electron ]; + + desktopItems = [ + (pkgs.makeDesktopItem { + name = "claude-desktop"; + desktopName = "Claude"; + comment = "AI assistant from Anthropic"; + exec = "claude-desktop %u"; + icon = "claude-desktop"; + categories = [ + "Network" + "Chat" + "Office" + ]; + mimeTypes = [ "x-scheme-handler/claude" ]; + startupNotify = true; + startupWMClass = "Claude"; + }) + ]; + + unpackPhase = '' + runHook preUnpack + + # Extract the Windows installer - use -y to auto-overwrite + 7z x -y $src -o./extracted + + # The installer contains a NuGet package + if [ -f ./extracted/AnthropicClaude-*-full.nupkg ]; then + echo "Found NuGet package, extracting..." + # NuGet packages are just zip files + unzip -q ./extracted/AnthropicClaude-*-full.nupkg -d ./nupkg + + # Extract app.asar to modify it + if [ -f ./nupkg/lib/net45/resources/app.asar ]; then + echo "Extracting app.asar..." + ${pkgs.asar}/bin/asar extract ./nupkg/lib/net45/resources/app.asar ./app + + # Also copy the unpacked resources + if [ -d ./nupkg/lib/net45/resources/app.asar.unpacked ]; then + cp -r ./nupkg/lib/net45/resources/app.asar.unpacked/* ./app/ + fi + + # Copy additional resources + mkdir -p ./app/resources + mkdir -p ./app/resources/i18n + cp ./nupkg/lib/net45/resources/Tray* ./app/resources/ || true + cp ./nupkg/lib/net45/resources/*-*.json ./app/resources/i18n/ || true + fi + else + echo "NuGet package not found" + ls -la ./extracted/ + exit 1 + fi + + runHook postUnpack + ''; + + buildPhase = '' + runHook preBuild + + # Replace the Windows-specific claude-native module with a stub + if [ -d ./app/node_modules/claude-native ]; then + echo "Replacing claude-native module with Linux stub..." + rm -rf ./app/node_modules/claude-native/*.node + cat > ./app/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + fi + + # Fix the title bar detection (from aaddrick script) + echo "Fixing title bar detection..." + SEARCH_BASE="./app/.vite/renderer/main_window/assets" + if [ -d "$SEARCH_BASE" ]; then + TARGET_FILE=$(find "$SEARCH_BASE" -type f -name "MainWindowPage-*.js" | head -1) + if [ -n "$TARGET_FILE" ]; then + echo "Found target file: $TARGET_FILE" + # Replace patterns like 'if(!VAR1 && VAR2)' with 'if(VAR1 && VAR2)' + sed -i -E 's/if\(!([a-zA-Z]+)[[:space:]]*&&[[:space:]]*([a-zA-Z]+)\)/if(\1 \&\& \2)/g' "$TARGET_FILE" + echo "Title bar fix applied" + fi + fi + + runHook postBuild + ''; + + installPhase = '' + runHook preInstall + + mkdir -p $out/lib/claude-desktop + + # Repack the modified app as app.asar + cd ./app + ${pkgs.asar}/bin/asar pack . ../app.asar + cd .. + + # Copy resources + mkdir -p $out/lib/claude-desktop/resources + cp ./app.asar $out/lib/claude-desktop/resources/ + + # Create app.asar.unpacked directory with the stub + mkdir -p $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native + cat > $out/lib/claude-desktop/resources/app.asar.unpacked/node_modules/claude-native/index.js << 'EOF' + ${claudeNativeStub} + EOF + + # Copy other resources + if [ -d ./nupkg/lib/net45/resources ]; then + cp ./nupkg/lib/net45/resources/*.png $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.ico $out/lib/claude-desktop/resources/ 2>/dev/null || true + cp ./nupkg/lib/net45/resources/*.json $out/lib/claude-desktop/resources/ 2>/dev/null || true + fi + + # Create wrapper script + makeWrapper ${pkgs.electron}/bin/electron $out/bin/claude-desktop \ + --add-flags "$out/lib/claude-desktop/resources/app.asar" \ + --set DISABLE_AUTOUPDATER 1 \ + --set NODE_ENV production + + # Extract and install icons in multiple sizes + if [ -f ./extracted/setupIcon.ico ]; then + echo "Converting and installing icons..." + # Count frames in the ICO file and extract each one + frame_count=$(gm identify ./extracted/setupIcon.ico | wc -l) + for i in $(seq 0 $((frame_count - 1))); do + gm convert "./extracted/setupIcon.ico[$i]" "./extracted/setupIcon-$i.png" 2>/dev/null || true + done + + # Loop through converted icons and install them by size + for img in ./extracted/setupIcon-*.png; do + if [ -f "$img" ]; then + size=$(gm identify -format "%wx%h" "$img") + # Skip smallest icons (16x16 and 32x32) as they're too low quality + if [ "$size" != "16x16" ] && [ "$size" != "32x32" ]; then + mkdir -p "$out/share/icons/hicolor/$size/apps" + cp "$img" "$out/share/icons/hicolor/$size/apps/claude-desktop.png" + fi + fi + done + fi + + runHook postInstall + ''; + + meta = with pkgs.lib; { + description = "Claude Desktop - AI assistant from Anthropic"; + homepage = "https://claude.ai"; + license = licenses.unfree; + sourceProvenance = with sourceTypes; [ binaryNativeCode ]; + maintainers = [ ]; + platforms = [ "x86_64-linux" ]; + mainProgram = "claude-desktop"; + }; + }; + }; +} diff --git a/packages/fastfetch.nix b/packages/fastfetch.nix index 524e565..aa8d616 100644 --- a/packages/fastfetch.nix +++ b/packages/fastfetch.nix @@ -36,10 +36,6 @@ type = "cpu"; keyWidth = 11; } - { - type = "gpu"; - keyWidth = 11; - } { type = "memory"; keyWidth = 11; @@ -83,6 +79,6 @@ ); in { - packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type auto --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; + packages.fastfetch = pkgs.writeShellScriptBin "fastfetch" ''exec ${lib.getExe pkgs.fastfetch} --config ${fastfetch-config} --logo-type kitty --logo ${fastfetch-logo} --logo-padding-right 1 --logo-width 36 "$@" ''; }; } diff --git a/packages/hm-cli.nix b/packages/hm-cli.nix index 59f4b4f..94dae66 100644 --- a/packages/hm-cli.nix +++ b/packages/hm-cli.nix @@ -5,6 +5,8 @@ { pkgs, ... }: { packages.hm-cli = pkgs.writeShellScriptBin "hm" '' + set -e + HM="${pkgs.lib.getExe pkgs.home-manager}" FLAKE_PATH="''${HM_PATH:-$HOME/.config/home-manager}" FLAKE_OUTPUT="''${HM_USER:-$(whoami)@$(hostname)}" diff --git a/packages/overlays.nix b/packages/overlays.nix index 169a67b..a36ed60 100644 --- a/packages/overlays.nix +++ b/packages/overlays.nix @@ -4,20 +4,19 @@ let packageDir = builtins.readDir ./.; # Filter to .nix files, excluding overlays.nix - isPackageFile = name: name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; + isPackageFile = name: + name != "overlays.nix" && builtins.match ".*\\.nix$" name != null; # Extract package name from filename (e.g., "foo-bar.nix" -> "foo-bar") - toPackageName = filename: builtins.head (builtins.match "(.+)\\.nix$" filename); + toPackageName = filename: + builtins.head (builtins.match "(.+)\\.nix$" filename); packageNames = map toPackageName (builtins.filter isPackageFile (builtins.attrNames packageDir)); in { - flake.overlays.default = - final: prev: - builtins.listToAttrs ( - map (name: { - inherit name; - value = inputs.self.packages.${final.system}.${name}; - }) packageNames - ); + flake.overlays.default = final: prev: + builtins.listToAttrs (map (name: { + inherit name; + value = inputs.self.packages.${final.system}.${name}; + }) packageNames); } diff --git a/readme.md b/readme.md index e36ccec..a2b815f 100644 --- a/readme.md +++ b/readme.md @@ -1,73 +1,87 @@ -# NixOS Flake Configuration +# Nix Configuration -Modular NixOS configuration using flake-parts with the [dendritic](https://github.com/gytis-ivaskevicius/dendritic) pattern. - -## Structure - -``` -. -├── aspects/ # Reusable NixOS/home-manager modules (dendritic) -│ ├── base/ # Base system configuration -│ ├── hosts/ # Host-specific configurations -│ │ ├── _alexandria/ -│ │ ├── _io/ -│ │ ├── _rotterdam/ -│ │ └── _trantor/ -│ ├── systems/ # System type modules (desktop, server, cli, gaming) -│ └── users/ # User account configurations -├── data/ # Shared host/service definitions -├── packages/ # Custom packages and overlays -├── shells/ # Shell configurations -└── terranix/ # Terraform configurations for cloud resources -``` +My personal Nix configuration for multiple NixOS hosts, home-manager users, miscellaneous resources... too many things to list. If I could put my life in a flake I would. ## Hosts -| Host | Architecture | Type | Description | -|------|--------------|------|-------------| -| trantor | aarch64-linux | server | ARM server running Forgejo | -| alexandria | x86_64-linux | server | x86 server (Kanidm, Vaultwarden, Nextcloud, Jellyfin) | -| rotterdam | x86_64-linux | desktop | Main workstation setup for gaming | -| io | x86_64-linux | desktop | Workstation | +### Desktop Systems +- **rotterdam** - Main desktop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Gaming, Virtualization (libvirtd), Podman + - Storage: Ephemeral root with LUKS encryption + +- **io** - Laptop workstation (x86_64) + - Features: Desktop, AI tools, Bluetooth, Dev environment, Podman + - Storage: Ephemeral root with LUKS encryption + +### Servers +- **alexandria** - Home server (x86_64) + - Hosts: Nextcloud, Vaultwarden, Jellyfin, Kanidm + +- **trantor** - Cloud server (aarch64) + - Hosts: Forgejo + - Cloud provider: Oracle Cloud Infrastructure + - Storage: Ephemeral root with btrfs + +## Home Manager Configurations + +- **user@rotterdam** - Full desktop setup with gaming, OBS, and complete development environment +- **user@io** - Lightweight desktop setup + +Both configurations include: +- btop, direnv, helix, starship, tmux +- Stylix theme management +- Fish shell with custom configurations + +## Terranix Configurations + +Infrastructure as code using Terranix (NixOS + Terraform/OpenTofu): + +- **oci-trantor** - Oracle Cloud Infrastructure provisioning for Trantor server +- **cloudflare-baduhaidev** - DNS and CDN configuration for baduhai.dev domain +- **tailscale-tailnet** - Tailscale network ACL and device management ## Services -- **git.baduhai.dev** (Forgejo) - Publicly accessible on trantor +All services are accessible via custom domains under baduhai.dev: -Other services (LAN/Tailscale only): Vaultwarden, Nextcloud, Jellyfin +- **Kanidm** (auth.baduhai.dev) - Identity and access management +- **Vaultwarden** (pass.baduhai.dev) - Password manager +- **Forgejo** (git.baduhai.dev) - Git forge (publicly accessible) +- **Nextcloud** (cloud.baduhai.dev) - File sync and collaboration +- **Jellyfin** (jellyfin.baduhai.dev) - Media server -## Features +Services are accessible via: +- LAN for alexandria-hosted services +- Tailscale VPN for all services +- Public internet for Forgejo only -- **Ephemeral root**: Automatic btrfs subvolume rollover with impermanence -- **Secrets**: Managed via agenix with age encryption -- **Disk management**: disko for declarative disk partitioning -- **Modular architecture**: Each aspect is a separate module imported via import-tree -- **Dendritic pattern**: Aspects are imported as a unified flake module +## Notable Features -## Building +### Ephemeral Root +Rotterdam, io, and trantor use an ephemeral root filesystem that resets on every boot: +- Root filesystem is automatically rolled back using btrfs snapshots +- Old snapshots retained for 30 days +- Persistent data stored in dedicated subvolumes +- Implements truly stateless systems -```bash -# Build specific host -nix build .#nixosConfigurations.trantor.config.system.build.toplevel +### Custom DNS Architecture +- Unbound DNS servers on both alexandria and trantor +- Service routing based on visibility flags (public/LAN/Tailscale) +- Split-horizon DNS for optimal access paths -# Rebuild host (if using nixos-cli on the host) -sudo nixos apply -``` +### Security +- LUKS full-disk encryption on desktop systems +- Fail2ban on public-facing servers +- agenix for secrets management +- Tailscale for secure remote access -## Terranix +### Desktop Environment +- Custom Niri window manager (Wayland compositor) +- Using forked version with auto-centering feature +- Stylix for consistent theming -Terraform configurations for cloud infrastructure managed via terranix: - -- baduhai.dev DNS on CloudFlare -- VPS provisioning on OCI -- Tailscale subnet routers - -## Key Dependencies - -- nixpkgs (nixos-unstable for workstations, nixos for servers) -- home-manager -- agenix -- disko -- impermanence -- nix-flatpak -- nixos-cli +### Development Setup +- Nix flakes for reproducible builds +- deploy-rs for automated deployments +- Podman for containerization +- Complete AI tooling integration diff --git a/secrets/miniflux-admincreds.age b/secrets/miniflux-admincreds.age deleted file mode 100644 index f5269f0..0000000 --- a/secrets/miniflux-admincreds.age +++ /dev/null @@ -1,9 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 Kfdnog QEq4A011oVny6vo1+wOcQNnpkf77216PZXJqK4rGTGY -FPeASmXRirxeF2T2jXhA/tEaO0p1CZJ6D3lv3p2KTX0 --> ssh-ed25519 8YSAiw gxuXAt2nG6qXhWwAAiFwNCNYJV2VGKnDNkjU61NOJ2o -xncp+M4lVixiTmXQU5QrtdQ860t/1JpvOcO4YXAy3to --> ssh-ed25519 J6tVTA Mr0XrEFP/o7nFWBKal+ehzMiejWpVDIBiiMqWzdOzEM -0DTqm2LyMMlVZlTk67Y3hTiVjcJG9gprnXj6QjYxrJw ---- FXUNp6O7vuibJj0RI3SZN3IBK1Hx5ouUij2ah05lCYA -X*0B3jb͏SVbBciD.5\`&`越-Ui"gХȊ`O Gc'=@qn[ \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d052896..a90cd74 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -32,9 +32,4 @@ in rotterdam-user trantor ]; - "miniflux-admincreds.age".publicKeys = [ - io-user - rotterdam-user - alexandria - ]; } diff --git a/shells/default.nix b/shells/default.nix index d9eb50b..a7cda20 100644 --- a/shells/default.nix +++ b/shells/default.nix @@ -6,7 +6,7 @@ { devShells.default = pkgs.mkShell { packages = with pkgs; [ - inputs.agenix.packages.${stdenv.hostPlatform.system}.default + inputs.agenix.packages.${system}.default nil nixfmt ]; diff --git a/terranix/kernelpanic.space.nix b/terranix/kernelpanic.space.nix index 91b615e..01e5c08 100644 --- a/terranix/kernelpanic.space.nix +++ b/terranix/kernelpanic.space.nix @@ -8,12 +8,9 @@ terranix.terranixConfigurations.cloudflare-kernelpanicspace = { terraformWrapper.package = pkgs.opentofu; modules = [ - ( - { config, ... }: - { - # Terraform config goes here - } - ) + ({ config, ... }: { + # Terraform config goes here + }) ]; }; }; diff --git a/terranix/terminus.nix b/terranix/terminus.nix index d7689f9..7a0fa5b 100644 --- a/terranix/terminus.nix +++ b/terranix/terminus.nix @@ -8,12 +8,9 @@ terranix.terranixConfigurations.oci-terminus = { terraformWrapper.package = pkgs.opentofu; modules = [ - ( - { config, ... }: - { - # Terraform config goes here - } - ) + ({ config, ... }: { + # Terraform config goes here + }) ]; }; };